From 921a7db2bc0c6374ec8fe85fe43a31cf33a0c177 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 1 Sep 2020 12:09:08 +0530 Subject: [PATCH 001/540] Update bcd-settings-and-bitlocker.md --- .../bitlocker/bcd-settings-and-bitlocker.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 876cf87f79..03ddda7058 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -29,9 +29,10 @@ When protecting data at rest on an operating system volume, during the boot proc ## BitLocker and BCD Settings -In Windows 7 and Windows Server 2008 R2, BitLocker validated nearly all BCD settings with the winload, winresume, and memtest prefixes. However, this high degree of validation caused BitLocker to go into recovery mode for benign setting changes, for example, when applying a language pack BitLocker would enter recovery. +In Windows 7 and Windows Server 2008 R2, BitLocker validated BCD settings with the winload, winresume, and memtest prefixes to a large degree. However, this high degree of validation caused BitLocker to go into recovery mode for benign setting changes, for example, when applying a language pack BitLocker would enter recovery mode. -In Windows 8, Windows Server 2012, and later operating systems BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile, you can increase BCD validation coverage to suit your validation preferences. Alternatively, if a default BCD setting is persistently triggering recovery for benign changes, then you can exclude that BCD setting from the validation profile. +In Windows 8, Windows Server 2012, and subsequent versions, BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile—Include that BCD setting in the BCD validation coverage to suit your validation preferences. +If a default BCD setting is found to persistently trigger a recovery for benign changes—Exclude that BCD setting from the validation coverage. ### When secure boot is enabled @@ -43,20 +44,21 @@ One of the benefits of using Secure Boot is that it can correct BCD settings dur To modify the BCD settings BitLocker validates the IT Pro will add or exclude BCD settings from the platform validation profile by enabling and configuring the **Use enhanced Boot Configuration Data validation profile** Group Policy setting. -For the purposes of BitLocker validation, BCD settings are associated with a specific set of Microsoft boot applications. BCD settings are either associated with a specific boot application or can apply to all boot applications by associating a prefix to the BCD setting entered in the Group Policy setting. Prefix values include: +For the purposes of BitLocker validation, BCD settings are associated with a specific set of Microsoft boot applications, by default. In addition to this default association with a specific set of boot applications (or a specific boot application), BCD settings extend coverage to all boot applications by attaching any of the following prefixes: - winload - winresume - memtest -- all +- all of the above +**Note:** The inclusion of prefix(es) is done when the BCD settings are being entered in the Group Policy setting. All BCD settings are specified by combining the prefix value with either a hexadecimal (hex) value or a “friendly name.” -The BCD setting hex value is reported when BitLocker enters recovery mode and is stored in the event log (event ID 523). The hex value uniquely identifies which BCD setting caused the recovery event. +The BCD setting hex value is reported when BitLocker enters recovery mode and is stored in the event log (event ID 523). The hex value uniquely identifies the BCD setting that caused the recovery event. You can quickly obtain the friendly name for the BCD settings on your computer by using the command “`bcdedit.exe /enum all`”. -Not all BCD settings have friendly names, for those settings the hex value is the only way to configure an exclusion policy. +Not all BCD settings have friendly names; for those settings without a friendly name, the hex value is the only way to configure an exclusion policy. When specifying BCD values in the **Use enhanced Boot Configuration Data validation profile** Group Policy setting, use the following syntax: @@ -67,13 +69,13 @@ When specifying BCD values in the **Use enhanced Boot Configuration Data validat For example, either “`winload:hypervisordebugport`” or “`winload:0x250000f4`” yield the same value. -Setting that applies to all boot applications may be applied only to an individual application, however the reverse is not true. For example, one can specify either: “`all:locale`” or “`winresume:locale`”, but as the bcd setting “`win-pe`” does not apply to all boot applications, “`winload:winpe`” is valid, but “`all:winpe`” is not valid. The setting that controls boot debugging (“`bootdebug`” or 0x16000010) will always be validated and will have no effect if it is included in the provided fields. +A setting that applies to all boot applications may be applied only to an individual application; however, the reverse is not true. For example, one can specify either “`all:locale`” or “`winresume:locale`”, but as the bcd setting “`win-pe`” does not apply to all boot applications, “`winload:winpe`” is valid, but “`all:winpe`” is not valid. The setting that controls boot debugging (“`bootdebug`” or 0x16000010) will always be validated and will have no effect if it is included in the provided fields. -> **Note:**  Take care when configuring BCD entries in the Group Policy setting. The Local Group Policy Editor does not validate the correctness of the BCD entry. BitLocker will fail to be enabled if the Group Policy setting specified is invalid. +> **Note:**  Take care when configuring BCD entries in the Group Policy setting. The Local Group Policy Editor does not validate the correctness of the BCD entry. BitLocker will fail to be enabled if the specified Group Policy setting is invalid.   ### Default BCD validation profile -The following table contains the default BCD validation profile used by BitLocker in Windows 8, Windows Server 2012, and later operating systems: +The following table contains the default BCD validation profile used by BitLocker in Windows 8, Windows Server 2012, and subsequent versions: | Hex Value | Prefix | Friendly Name | | - | - | - | From f6c9500400eb5b8bf353c4772d4ee43885d2ba78 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 1 Sep 2020 12:19:42 +0530 Subject: [PATCH 002/540] Update bcd-settings-and-bitlocker.md --- .../bitlocker/bcd-settings-and-bitlocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 03ddda7058..ceda6cd84a 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -69,7 +69,7 @@ When specifying BCD values in the **Use enhanced Boot Configuration Data validat For example, either “`winload:hypervisordebugport`” or “`winload:0x250000f4`” yield the same value. -A setting that applies to all boot applications may be applied only to an individual application; however, the reverse is not true. For example, one can specify either “`all:locale`” or “`winresume:locale`”, but as the bcd setting “`win-pe`” does not apply to all boot applications, “`winload:winpe`” is valid, but “`all:winpe`” is not valid. The setting that controls boot debugging (“`bootdebug`” or 0x16000010) will always be validated and will have no effect if it is included in the provided fields. +A setting that applies to all boot applications may be applied only to an individual application; however, the reverse is not true. For example, one can specify either “`all:locale`” or “`winresume:locale`”, but as the BCD setting “`win-pe`” does not apply to all boot applications, “`winload:winpe`” is valid, but “`all:winpe`” is not valid. The setting that controls boot debugging (“`bootdebug`” or 0x16000010) will always be validated and will have no effect if it is included in the provided fields. > **Note:**  Take care when configuring BCD entries in the Group Policy setting. The Local Group Policy Editor does not validate the correctness of the BCD entry. BitLocker will fail to be enabled if the specified Group Policy setting is invalid.   From b68de39d2a5be0ca950a805a263dc67c07c45c0f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 1 Sep 2020 19:00:02 +0530 Subject: [PATCH 003/540] Update bitlocker-basic-deployment.md - 4318240 --- .../bitlocker/bitlocker-basic-deployment.md | 73 +++++++++---------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1167e9121a..2f5b74fefd 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -27,9 +27,9 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This partition is automatically created during a new installation of both client and server operating systems. -In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. +In the event that the drive was prepared as a single contiguous space, BitLocker requires a new partition to hold the boot files. BdeHdCfg.exe can create these volumes. > **Note:**  For more info about using this tool, see [Bdehdcfg](https://technet.microsoft.com/library/ee732026.aspx) in the Command-Line Reference. @@ -42,12 +42,12 @@ BitLocker encryption can be done using the following methods: ### Encrypting volumes using the BitLocker control panel -Encrypting volumes with the BitLocker control panel (click **Start**, type **bitlocker**, click **Manage BitLocker**) is how many users will utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data and removable data volumes. The BitLocker control panel will organize available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters will appear properly in the BitLocker control panel applet. +Encrypting volumes with the BitLocker control panel (click **Start**, type **bitlocker**, click **Manage BitLocker**) is the mechanism implemented by many users to utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data- and removable data volumes. The BitLocker control panel will organize available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters will appear properly in the BitLocker control panel applet. To start encryption for a volume, select **Turn on BitLocker** for the appropriate drive to initialize the BitLocker Drive Encryption Wizard. BitLocker Drive Encryption Wizard options vary based on volume type (operating system volume or data volume). ### Operating system volume -Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets the BitLocker system requirements for encrypting an operating system volume. By default, the system requirements are: +Upon launch, the BitLocker Drive Encryption Wizard verifies whether the computer meets the BitLocker system requirements for encrypting an operating system volume. By default, the system requirements are: @@ -97,14 +97,13 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. +You should store the recovery key by printing it; saving it on a removable media; or saving it as a file in a network folder, on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot store it on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on a removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive. There are two options: + Encrypt used disk space only—Encrypts only disk space that contains data + Encrypt entire drive—Encrypts the entire volume including free space -- Encrypt used disk space only - Encrypts only disk space that contains data -- Encrypt entire drive - Encrypts the entire volume including free space - -It is recommended that drives with little to no data utilize the **used disk space only** encryption option and that drives with data or an operating system utilize the **encrypt entire drive** option. +It is recommended that drives with little-to-no data utilize the **used disk space only** encryption option and that drives with data or an operating system utilize the **encrypt entire drive** option. > **Note:**  Deleted files appear as free space to the file system, which is not encrypted by **used disk space only**. Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools. @@ -116,13 +115,13 @@ Until encryption is completed, the only available options for managing BitLocker ### Data volume -Encrypting data volumes using the BitLocker control panel interface works in a similar fashion to encryption of the operating system volumes. Users select **Turn on BitLocker** within the control panel to begin the BitLocker Drive Encryption wizard. +Encrypting data volumes using the BitLocker control panel interface works in a fashion similar to encryption of the operating system volumes. Users select **Turn on BitLocker** within the control panel to launch the BitLocker Drive Encryption wizard. Unlike for operating system volumes, data volumes are not required to pass any configuration tests for the wizard to proceed. Upon launching the wizard, a choice of authentication methods to unlock the drive appears. The available options are **password** and **smart card** and **automatically unlock this drive on this computer**. Disabled by default, the latter option will unlock the data volume without user input when the operating system volume is unlocked. After selecting the desired authentication method and choosing **Next**, the wizard presents options for storage of the recovery key. These options are the same as for operating system volumes. -With the recovery key saved, selecting **Next** in the wizard will show available options for encryption. These options are the same as for operating system volumes; **used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended that used space only encryption is selected. +With the recovery key saved, selecting **Next** in the wizard will show available options for encryption. These options are the same as for operating system volumes—**used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended that **used disk space only** is selected. -With an encryption method chosen, a final confirmation screen displays before beginning the encryption process. Selecting **Start encrypting** will begin encryption. +With an encryption method chosen, a final confirmation screen is displayed before the encryption process begins. Selecting **Start encrypting** will begin encryption. Encryption status displays in the notification area or within the BitLocker control panel. @@ -130,7 +129,7 @@ Encryption status displays in the notification area or within the BitLocker cont There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers are not members of a domain and that the user is using a Microsoft Account. Local accounts do not give the option to utilize OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that are not joined to a domain. -Users can verify the recovery key was saved properly by checking their OneDrive for the BitLocker folder which is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive, +Users can verify whether the recovery key was saved properly by checking their OneDrive for the BitLocker folder which is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. ### Using BitLocker within Windows Explorer @@ -139,7 +138,7 @@ Windows Explorer allows users to launch the BitLocker Drive Encryption wizard by ## Down-level compatibility -The following table shows the compatibility matrix for systems that have been BitLocker enabled then presented to a different version of Windows. +The following table shows the compatibility matrix for systems that have been BitLocker-enabled and then presented to a different version of Windows. Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes @@ -188,7 +187,7 @@ Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Window ## Encrypting volumes using the manage-bde command line interface Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx). -Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. +Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and, possibly later, customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed, because an authentication method needs to be added to the volume for it to be fully protected. Command line users need to determine the appropriate syntax for a given situation. The following section covers general encryption for operating system volumes and data volumes. ### Operating system volume @@ -205,7 +204,7 @@ This command returns the volumes on the target, current encryption status and vo **Enabling BitLocker without a TPM** -For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. +For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option, save it to the USB drive on E: and begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. ```powershell manage-bde –protectors -add C: -startupkey E: @@ -218,17 +217,17 @@ It is possible to encrypt the operating system volume without any defined protec `manage-bde -on C:` -This will encrypt the drive using the TPM as the protector. If a user is unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information with the command: +This will encrypt the drive using the TPM as the protector. If users are unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information by executing the following command: `manage-bde -protectors -get ` **Provisioning BitLocker with two protectors** -Another example is a user on non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user adds the protectors first. This is done with the command: +Another example is a user on a non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user adds the protectors first. This is done with the command: `manage-bde -protectors -add C: -pw -sid ` -This command will require the user to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on. +This command will require the user to enter and then confirm the password protectors before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on. ### Data volume @@ -374,15 +373,15 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. -A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLocker volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information. +A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLocker volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status and other useful information. Occasionally, all protectors may not be shown when using Get-BitLockerVolume due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors. > **Note:**  In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID. `Get-BitLockerVolume C: | fl` -If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. -A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below: +If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. +A simple script can pipe out the values of each **Get-BitLockerVolume** return to another variable as seen below: ```powershell $vol = Get-BitLockerVolume $keyprotectors = $vol.KeyProtector @@ -392,12 +391,12 @@ Using this information, we can then remove the key protector for a specific volu ```powershell Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" ``` -> **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command. +> **Note:**  The BitLocker cmdlet requires the key protector GUID (enclosed in quotation marks) to execute. Ensure the entire GUID, with braces, is included in the command. ### Operating system volume Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell. -To enable BitLocker with just the TPM protector. This can be done using the command: +To enable BitLocker with just the TPM protector, execute the following command: ```powershell Enable-BitLocker C: @@ -409,16 +408,16 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTes ``` ### Data volume -Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins. +Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user-defined password. Last, encryption begins. ```powershell $pw = Read-Host -AsSecureString Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw ``` -### Using a SID based protector in Windows PowerShell +### Using an SID-based protector in Windows PowerShell -The ADAccountOrGroup protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and be unlocked to any member computer of the cluster. +The ADAccountOrGroup protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for association with a domain account or group. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and be unlocked to any member computer of the cluster. >**Warning:**  The SID-based protector requires the use of an additional protector (such as TPM, PIN, recovery key, etc.) when used on operating system volumes. @@ -434,14 +433,14 @@ get-aduser -filter {samaccountname -eq "administrator"} ``` > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature. > -> **Tip:**  In addition to the Windows PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features. +> **Tip:**  In addition to the Windows PowerShell command above, information about the locally logged-on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features. -In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command: +In the example below, the user wishes to add a domain SID-based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command: ```powershell Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "" ``` -> **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes. +> **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster-enabled volumes. ## Checking BitLocker status @@ -458,7 +457,7 @@ Checking BitLocker status with the control panel is the most common method used | **Suspended** | BitLocker is suspended and not actively protecting the volume | | **Waiting for Activation**| BitLocker is enabled with a clear protector key and requires further action to be fully protected| -If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on the volume. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. +If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on the volume. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to it before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. Using the control panel, administrators can choose **Turn on BitLocker** to start the BitLocker Drive Encryption wizard and add a protector, like PIN for an operating system volume (or password if no TPM exists), or a password or smart card protector to a data volume. The drive security window displays prior to changing the volume status. Selecting **Activate BitLocker** will complete the encryption process. @@ -488,7 +487,7 @@ This command will display information about the encryption method, volume type, ### Provisioning BitLocker during operating system deployment -Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation Environment. This is done with a randomly generated clear key protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. If the encryption uses the Used Disk Space Only option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes. +Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation environment. This is done with a randomly generated clear key protector applied to the formatted volume and by encrypting the volume prior to running the Windows setup process. If the encryption uses the **Used Disk Space Only** option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes. ### Decrypting BitLocker volumes @@ -496,12 +495,12 @@ Decrypting volumes removes BitLocker and any associated protectors from the volu ### Decrypting volumes using the BitLocker control panel applet -BitLocker decryption using the control panel is done using a Wizard. The control panel can be called from Windows Explorer or by opening the directly. After opening the BitLocker control panel, users will select the Turn off BitLocker option to begin the process. -Once selected, the user chooses to continue by clicking the confirmation dialog. With Turn off BitLocker confirmed, the drive decryption process will begin and report status to the control panel. +BitLocker decryption using the control panel is done using a wizard. The control panel can be called from Windows Explorer or by opening it directly. After opening the BitLocker control panel, users will select the **Turn off BitLocker** option to begin the process. +Once selected, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process will begin and report status to the control panel. The control panel does not report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress. -Once decryption is complete, the drive will update its status in the control panel and is available for encryption. +Once decryption is complete, the drive will update its status in the control panel and becomes available for encryption. ### Decrypting volumes using the manage-bde command line interface @@ -510,14 +509,14 @@ Decrypting volumes using manage-bde is very straightforward. Decryption with man ```powershell manage-bde -off C: ``` -This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If a user wishes to check the status of the decryption, they can use the following command: +This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If users wish to check the status of the decryption, they can use the following command: ```powershell manage-bde -status C: ``` ### Decrypting volumes using the BitLocker Windows PowerShell cmdlets -Decryption with Windows PowerShell cmdlets is straightforward, similar to manage-bde. The additional advantage Windows PowerShell offers is the ability to decrypt multiple drives in one pass. In the example below, the user has three encrypted volumes, which they wish to decrypt. +Decryption with Windows PowerShell cmdlets is straightforward, similar to manage-bde. The additional advantage Windows PowerShell offers is the ability to decrypt multiple drives in one pass. In the example below, the users have three encrypted volumes, which they wish to decrypt. Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is: From 45a769a21f858b33d4ae4598710b0eae4a0139b3 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 2 Sep 2020 10:56:49 +0530 Subject: [PATCH 004/540] Update bcd-settings-and-bitlocker-4318240 Made changes to terms based on convention and consistency --- .../bitlocker/bcd-settings-and-bitlocker.md | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index ceda6cd84a..842360aa41 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -29,28 +29,27 @@ When protecting data at rest on an operating system volume, during the boot proc ## BitLocker and BCD Settings -In Windows 7 and Windows Server 2008 R2, BitLocker validated BCD settings with the winload, winresume, and memtest prefixes to a large degree. However, this high degree of validation caused BitLocker to go into recovery mode for benign setting changes, for example, when applying a language pack BitLocker would enter recovery mode. +In Windows 7 and Windows Server 2008 R2, BitLocker validated BCD settings with the winload, winresume, and memtest prefixes to a large degree. However, this high degree of validation caused BitLocker to go into recovery mode for benign setting changes, for example, when applying a language pack, BitLocker would enter recovery mode. -In Windows 8, Windows Server 2012, and subsequent versions, BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile—Include that BCD setting in the BCD validation coverage to suit your validation preferences. -If a default BCD setting is found to persistently trigger a recovery for benign changes—Exclude that BCD setting from the validation coverage. +In Windows 8, Windows Server 2012, and subsequent versions, BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile, include that BCD setting in the BCD validation coverage to suit your validation preferences. +If a default BCD setting is found to persistently trigger a recovery for benign changes, exclude that BCD setting from the validation coverage. ### When secure boot is enabled -Computers with UEFI firmware can use Secure Boot to provide enhanced boot security. When BitLocker is able to use Secure Boot for platform and BCD integrity validation, as defined by the **Allow Secure Boot for integrity validation** group policy setting, the **Use enhanced Boot Configuration Data validation profile** group policy is ignored. +Computers with UEFI firmware can use secure boot to provide enhanced boot security. When BitLocker is able to use secure boot for platform and BCD integrity validation, as defined by the **Allow Secure Boot for integrity validation** group policy setting, the **Use enhanced Boot Configuration Data validation profile** group policy is ignored. -One of the benefits of using Secure Boot is that it can correct BCD settings during boot without triggering recovery events. Secure Boot enforces the same BCD settings as BitLocker. Secure Boot BCD enforcement is not configurable from within the operating system. +One of the benefits of using secure boot is that it can correct BCD settings during boot without triggering recovery events. Secure boot enforces the same BCD settings as BitLocker. Secure boot BCD enforcement is not configurable from within the operating system. ## Customizing BCD validation settings -To modify the BCD settings BitLocker validates the IT Pro will add or exclude BCD settings from the platform validation profile by enabling and configuring the **Use enhanced Boot Configuration Data validation profile** Group Policy setting. +To modify the BCD settings that are validated by BitLocker, the administrator will add or exclude BCD settings from the platform validation profile by enabling and configuring the **Use enhanced Boot Configuration Data validation profile** group policy setting. -For the purposes of BitLocker validation, BCD settings are associated with a specific set of Microsoft boot applications, by default. In addition to this default association with a specific set of boot applications (or a specific boot application), BCD settings extend coverage to all boot applications by attaching any of the following prefixes: +For the purposes of BitLocker validation, BCD settings are associated with a specific set of Microsoft boot applications. These BCD settings can also be applied to the other Microsoft boot applications that are not part of the set to which the BCD settings are already applicable to. This can be done by attaching any of the following prefixes to the BCD settings which are being entered in the group policy settings dialog: - winload - winresume - memtest - all of the above -**Note:** The inclusion of prefix(es) is done when the BCD settings are being entered in the Group Policy setting. All BCD settings are specified by combining the prefix value with either a hexadecimal (hex) value or a “friendly name.” @@ -60,18 +59,18 @@ You can quickly obtain the friendly name for the BCD settings on your computer b Not all BCD settings have friendly names; for those settings without a friendly name, the hex value is the only way to configure an exclusion policy. -When specifying BCD values in the **Use enhanced Boot Configuration Data validation profile** Group Policy setting, use the following syntax: +When specifying BCD values in the **Use enhanced Boot Configuration Data validation profile** group policy setting, use the following syntax: - Prefix the setting with the boot application prefix - Append a colon ‘:’ - Append either the hex value or the friendly name - If entering more than one BCD setting, you will need to enter each BCD setting on a new line -For example, either “`winload:hypervisordebugport`” or “`winload:0x250000f4`” yield the same value. +For example, either “`winload:hypervisordebugport`” or “`winload:0x250000f4`” yields the same value. A setting that applies to all boot applications may be applied only to an individual application; however, the reverse is not true. For example, one can specify either “`all:locale`” or “`winresume:locale`”, but as the BCD setting “`win-pe`” does not apply to all boot applications, “`winload:winpe`” is valid, but “`all:winpe`” is not valid. The setting that controls boot debugging (“`bootdebug`” or 0x16000010) will always be validated and will have no effect if it is included in the provided fields. -> **Note:**  Take care when configuring BCD entries in the Group Policy setting. The Local Group Policy Editor does not validate the correctness of the BCD entry. BitLocker will fail to be enabled if the specified Group Policy setting is invalid. +> **Note:**  Take care when configuring BCD entries in the group policy setting. The Local Group Policy Editor does not validate the correctness of the BCD entry. BitLocker will fail to be enabled if the specified group policy setting is invalid.   ### Default BCD validation profile @@ -107,7 +106,7 @@ The following table contains the default BCD validation profile used by BitLocke ### Full list of friendly names for ignored BCD settings -This following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked. +The following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked. > **Note:**  Additional BCD settings exist that have hex values but do not have friendly names. These settings are not included in this list. | Hex Value | Prefix | Friendly Name | From f0ae34d710c4b7172cc34c2354ff678384f1a867 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 2 Sep 2020 15:56:22 +0530 Subject: [PATCH 005/540] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 981252ffbf..4bef840b55 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -23,12 +23,12 @@ ms.custom: bitlocker **Applies to** - Windows 10 -Windows uses technologies including Trusted Platform Module (TPM), Secure Boot, and Measured Boot to help protect BitLocker encryption keys against attacks. +Windows uses technologies including trusted platform module (TPM), secure boot, and measured boot to help protect BitLocker encryption keys against attacks. BitLocker is part of a strategic approach to securing data against offline attacks through encryption technology. Data on a lost or stolen computer is vulnerable. -For example, there could be unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. +For example, there could be unauthorized access, either by running a software attack tool against the computer or by transferring the computer’s hard disk to a different computer. -BitLocker helps mitigate unauthorized data access on lost or stolen computers before the authorized operating system is started by: +BitLocker helps mitigate unauthorized data access on lost or stolen computers before the authorized operating system is started. This mitigation is done by: - **Encrypting volumes on your computer.** For example, you can turn on BitLocker for your operating system volume, or a volume on a fixed or removable data drive (such as a USB flash drive, SD card, and so on). Turning on BitLocker for your operating system volume encrypts all system files on the volume, including the paging files and hibernation files. The only exception is for the System partition, which includes the Windows Boot Manager and minimal boot collateral required for decryption of the operating system volume after the key is unsealed. - **Ensuring the integrity of early boot components and boot configuration data.** On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability. @@ -39,7 +39,7 @@ For more information about how to enable the best overall security configuration ## Protection before startup -Before Windows starts, you must rely on security features implemented as part of the device hardware and firmware, including TPM and Secure Boot. Fortunately, many modern computers feature a TPM and Secure Boot. +Before Windows starts, you must rely on security features implemented as part of the device hardware and firmware, including TPM and secure boot. Fortunately, many modern computers feature a TPM and secure boot. ### Trusted Platform Module @@ -48,14 +48,14 @@ On some platforms, TPM can alternatively be implemented as a part of secure firm BitLocker binds encryption keys with the TPM to ensure that a computer has not been tampered with while the system was offline. For more info about TPM, see [Trusted Platform Module](https://docs.microsoft.com/windows/device-security/tpm/trusted-platform-module-overview). -### UEFI and Secure Boot +### UEFI and secure boot Unified Extensible Firmware Interface (UEFI) is a programmable boot environment that initializes devices and starts the operating system’s bootloader. The UEFI specification defines a firmware execution authentication process called [Secure Boot](https://docs.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). -Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system. +Secure boot blocks untrusted firmware and bootloaders (signed or unsigned) from being started on the system. -By default, BitLocker provides integrity protection for Secure Boot by utilizing the TPM PCR[7] measurement. +By default, BitLocker provides integrity protection for secure boot by utilizing the TPM PCR[7] measurement. An unauthorized EFI firmware, EFI boot application, or bootloader cannot run and acquire the BitLocker key. ### BitLocker and reset attacks @@ -71,8 +71,8 @@ The next sections cover pre-boot authentication and DMA policies that can provid ### Pre-boot authentication -Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. -The Group Policy setting is [Require additional authentication at startup](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) and the corresponding setting in the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication. +Pre-boot authentication with BitLocker is a policy setting that requires the use of either of the user input, such as a PIN, or a startup key, or both to authenticate prior to making the contents of the system drive accessible. +The group policy setting is [Require additional authentication at startup](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) and the corresponding setting in the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication. BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. If Windows can’t access the encryption keys, the device can’t read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key. @@ -82,19 +82,19 @@ This helps mitigate DMA and memory remanence attacks. On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways: -- **TPM-only.** Using TPM-only validation does not require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign in experience is the same as a standard logon. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor. +- **TPM-only.** Using TPM-only validation does not require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard logon. If the TPM is missing, changed, or if BitLocker detects changes to the BIOS, UEFI code or configuration, the critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options which require an additional authentication factor. - **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume cannot be accessed without the startup key. - **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume cannot be accessed without entering the PIN. TPMs also have [anti-hammering protection](https://docs.microsoft.com/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN. - **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it cannot be used for access to the drive, because the correct PIN is also required. -In the following Group Policy example, TPM + PIN is required to unlock an operating system drive: +In the following group policy example, TPM + PIN is required to unlock an operating system drive: ![Pre-boot authentication setting in Group Policy](images/pre-boot-authentication-group-policy.png) Pre-boot authentication with a PIN can mitigate an attack vector for devices that use a bootable eDrive because an exposed eDrive bus can allow an attacker to capture the BitLocker encryption key during startup. Pre-boot authentication with a PIN can also mitigate DMA port attacks during the window of time between when BitLocker unlocks the drive and Windows boots to the point that Windows can set any port-related policies that have been configured. -On the other hand, Pre-boot authentication prompts can be inconvenient to users. +On the other hand, Pre-boot authentication-prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization’s support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation. @@ -112,9 +112,9 @@ You can use the System Information desktop app (MSINFO32) to check if a device h ![Kernel DMA protection](images/kernel-dma-protection.png) -If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports: +If kernel DMA protection is *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports: -1. Require a password for BIOS changes +1. Require a password for BIOS changes. 2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) 3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607): @@ -130,12 +130,12 @@ This section covers countermeasures for specific types of attacks. ### Bootkits and rootkits -A physically-present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. +A physically present attacker might attempt to install a bootkit- or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. The TPM should observe this installation via PCR measurements, and the BitLocker key will not be released. This is the default configuration. A BIOS password is recommended for defense-in-depth in case a BIOS exposes settings that may weaken the BitLocker security promise. -Intel Boot Guard and AMD Hardware Verified Boot support stronger implementations of Secure Boot that provide additional resilience against malware and physical attacks. +Intel Boot Guard and AMD Hardware Verified Boot support stronger implementations of secure boot that provides additional resilience against malware and physical attacks. Intel Boot Guard and AMD Hardware Verified Boot are part of platform boot verification [standards for a highly secure Windows 10 device](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-highly-secure). ### Brute force attacks against a PIN @@ -151,7 +151,7 @@ It also blocks automatic or manual attempts to move the paging file. ### Memory remanence -Enable Secure Boot and require a password to change BIOS settings. +Enable secure boot and mandatorily prompt a password to change BIOS settings. For customers requiring protection against these advanced attacks, configure a TPM+PIN protector, disable Standby power management, and shut down or hibernate the device before it leaves the control of an authorized user. ## Attacker countermeasures @@ -190,7 +190,7 @@ Computer Configuration|Administrative Templates|Windows Components|BitLocker Dri This setting is **Not configured** by default. -For secure administrative workstations, Microsoft recommends TPM with PIN protector and disable Standby power management and shut down or hibernate the device. +For secure administrative workstations, Microsoft recommends a TPM with PIN protector and to disable Standby power management and shut down or hibernate the device. ## See also From e09888e69a905743a2fd017d5ef61688672082ef Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 2 Sep 2020 17:14:28 +0530 Subject: [PATCH 006/540] Update bcd-settings-and-bitlocker.md --- .../bitlocker/bcd-settings-and-bitlocker.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 842360aa41..c8dcba43f2 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -25,13 +25,13 @@ ms.custom: bitlocker This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker. -When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. +When protecting data at rest on an operating system volume, during the boot process, BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. ## BitLocker and BCD Settings In Windows 7 and Windows Server 2008 R2, BitLocker validated BCD settings with the winload, winresume, and memtest prefixes to a large degree. However, this high degree of validation caused BitLocker to go into recovery mode for benign setting changes, for example, when applying a language pack, BitLocker would enter recovery mode. -In Windows 8, Windows Server 2012, and subsequent versions, BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile, include that BCD setting in the BCD validation coverage to suit your validation preferences. +In Windows 8, Windows Server 2012, and later operating systems, BitLocker narrows the set of BCD settings validated to reduce the chance of benign changes causing a BCD validation problem. If you believe that there is a risk in excluding a particular BCD setting from the validation profile, include that BCD setting in the BCD validation coverage to suit your validation preferences. If a default BCD setting is found to persistently trigger a recovery for benign changes, exclude that BCD setting from the validation coverage. ### When secure boot is enabled From b08648c65d83aa2d97b1d783d38305161ffe795d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 2 Sep 2020 18:06:28 +0530 Subject: [PATCH 007/540] Update bitlocker-deployment-and-administration-faq-4318240 Made changes to render sentences as unambiguous --- ...ocker-deployment-and-administration-faq.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index ea8ab3bf7a..050fe48e62 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -29,7 +29,7 @@ Yes, you can automate the deployment and configuration of BitLocker and the TPM ## Can BitLocker encrypt more than just the operating system drive? -Yes. +Yes. BitLocker can encrypt non-system drives and removable storage devices with BitLocker To Go, as well. ## Is there a noticeable performance impact when BitLocker is enabled on a computer? @@ -39,7 +39,7 @@ Generally it imposes a single-digit percentage performance overhead. Although BitLocker encryption occurs in the background while you continue to work, and the system remains usable, encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If you are encrypting very large drives, you may want to set encryption to occur during times when you will not be using the drive. -You can also choose whether or not BitLocker should encrypt the entire drive or just the used space on the drive when you turn on BitLocker. On a new hard drive, encrypting just the used spaced can be considerably faster than encrypting the entire drive. When this encryption option is selected, BitLocker automatically encrypts data as it is saved, ensuring that no data is stored unencrypted. +You can also choose whether BitLocker should encrypt the entire drive or just the used space on the drive when you turn on BitLocker. On a new hard drive, encrypting just the used spaced can be considerably faster than encrypting the entire drive. When this encryption option is selected, BitLocker automatically encrypts data as it is saved, ensuring that no data is stored unencrypted. ## What happens if the computer is turned off during encryption or decryption? @@ -51,12 +51,12 @@ No, BitLocker does not encrypt and decrypt the entire drive when reading and wri ## How can I prevent users on a network from storing data on an unencrypted drive? -You can configure Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). +You can configure group policy settings to make it mandatory for data drives to become BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only. ## What is Used Disk Space Only encryption? -BitLocker in Windows 10 lets users choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on how much data that needs to be encrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption). +BitLocker in Windows 10 allows the users to choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on the amount of data that needs to be encrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption). ## What system changes would cause the integrity check on my operating system drive to fail? @@ -78,24 +78,24 @@ For example: - Removing, inserting, or completely depleting the charge on a smart battery on a portable computer. In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. -The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. +The TPM is not involved in any recovery scenarios; therefore, recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. ## What can prevent BitLocker from binding to PCR 7? -This happens if a non-Windows OS booted prior to Windows, or if Secure Boot is not available to the device, either because it has been disabled or the hardware does not support it. +This happens if a non-Windows OS was booted prior to Windows, or if Secure Boot is not available to the device, either because it has been disabled or the hardware does not support it. ## Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive? -Yes, you can swap multiple hard disks on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and operating system drive, so if you want to prepare a backup operating system or data drive for use in case of disk failure, you need to make sure that they were matched with the correct TPM. You can also configure different hard drives for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts. +Yes, you can swap multiple hard disks on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and operating system drive; therefore, if you want to prepare a backup operating system or data drive for use in case of disk a failure, you need to make sure that they were matched with the correct TPM. You can also configure different hard drives for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts. ## Can I access my BitLocker-protected drive if I insert the hard disk into a different computer? -Yes, if the drive is a data drive, you can unlock it from the **BitLocker Drive Encryption** Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key. +Yes, if the drive is a data drive, you can unlock it from the **BitLocker Drive Encryption** Control Panel item just as you would unlock any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or by using the recovery key. ## Why is "Turn BitLocker on" not available when I right-click a drive? -Some drives cannot be encrypted with BitLocker. Reasons a drive cannot be encrypted include insufficient disk size, an incompatible file system, if the drive is a dynamic disk, or a drive is designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it is not created as a hidden drive when the operating system was installed due to a custom installation process, that drive might be displayed but cannot be encrypted. +Some drives cannot be encrypted with BitLocker. The reasons include insufficient disk size, an incompatible file system, the drive being a dynamic disk, or a drive being designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it is not created as a hidden drive during the installation of the operating system was installed, due to a custom installation process, that drive might be displayed but cannot be encrypted. -## What type of disk configurations are supported by BitLocker? -Any number of internal, fixed data drives can be protected with BitLocker. On some versions ATA and SATA-based, direct-attached storage devices are also supported. +## What types of disk configurations are supported by BitLocker? +Any number of internal, fixed data drives can be protected with BitLocker. On some versions, ATA and SATA-based, direct-attached storage devices are also supported. From c4711cfa4c43027a7b592cace736ee46d2fdd240 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 2 Sep 2020 18:16:56 +0530 Subject: [PATCH 008/540] Update bitlocker-deployment-and-administration-faq.md --- .../bitlocker/bitlocker-deployment-and-administration-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index 050fe48e62..eaae8a3519 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -96,6 +96,6 @@ Yes, if the drive is a data drive, you can unlock it from the **BitLocker Drive Some drives cannot be encrypted with BitLocker. The reasons include insufficient disk size, an incompatible file system, the drive being a dynamic disk, or a drive being designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it is not created as a hidden drive during the installation of the operating system was installed, due to a custom installation process, that drive might be displayed but cannot be encrypted. ## What types of disk configurations are supported by BitLocker? -Any number of internal, fixed data drives can be protected with BitLocker. On some versions, ATA and SATA-based, direct-attached storage devices are also supported. +Any number of internal, fixed data drives can be protected with BitLocker. On some versions, ATA and SATA-based, and direct-attached storage devices are also supported. From 6fbe9b882f19675ef5ba65330626fa90626798b8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 3 Sep 2020 19:01:26 +0530 Subject: [PATCH 009/540] Update bitlocker-group-policy-settings-4318240 --- .../bitlocker-group-policy-settings.md | 142 +++++++++--------- 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 8b7918f1f7..6ee33fd3bb 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -18,26 +18,26 @@ ms.date: 04/17/2019 ms.custom: bitlocker --- -# BitLocker Group Policy settings +# BitLocker group policy settings **Applies to** - Windows 10 -This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. +This topic for IT professionals describes the function, location, and effect of each group policy setting that is used to manage BitLocker Drive Encryption. -To control what drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use Group Policy administrative templates or local computer policy settings. How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed. +To control what drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use group policy administrative templates or local computer policy settings. How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed. ->**Note:** A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see [Trusted Platform Module Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings). +>**Note:** A separate set of group policy settings supports the use of the trusted platform module (TPM). For details about those settings, see [Trusted Platform Module Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings). -BitLocker Group Policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. -Most of the BitLocker Group Policy settings are applied when BitLocker is initially turned on for a drive. If a computer is not compliant with existing Group Policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state. When a drive is out of compliance with Group Policy settings (for example, if a Group Policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives), no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance. +BitLocker group policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. +Most of the BitLocker group policy settings are applied when BitLocker is initially turned on for a drive. If a computer is not compliant with existing group policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state. When a drive is out of compliance with group policy settings (for example, if a group policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives), no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance. -If multiple changes are necessary to bring the drive into compliance, you must suspend BitLocker protection, make the necessary changes, and then resume protection. This situation could occur, for example, if a removable drive was initially configured to be unlocked with a password and then Group -Policy settings are changed to disallow passwords and require smart cards. In this situation, you need to suspend BitLocker protection by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool, delete the password unlock method, and add the smart card method. After this is complete, BitLocker is compliant with the Group Policy setting and BitLocker protection on the drive can be resumed. +If multiple changes are necessary to bring the drive into compliance, you must suspend BitLocker protection, make the necessary changes, and then resume protection. This situation could occur, for example, if a removable drive was initially configured to be unlocked with a password and then group +policy settings are changed to disallow passwords and make smart cards mandatory. In this situation, you need to suspend BitLocker protection by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool, delete the password unlock method, and add the smart card method. After this is complete, BitLocker is compliant with the group policy setting and BitLocker protection on the drive can be resumed. -## BitLocker Group Policy settings +## BitLocker group policy settings -The following sections provide a comprehensive list of BitLocker Group Policy settings that are organized by usage. BitLocker Group Policy settings include settings for specific drive types (operating system drives, fixed data drives, and removable data drives) and settings that are applied to all drives. +The following sections provide a comprehensive list of BitLocker group policy settings that are organized by usage. BitLocker group policy settings include settings for specific drive types (operating system drives, fixed data drives, and removable data drives) and settings that are applied to all drives. The following policy settings can be used to determine how a BitLocker-protected drive can be unlocked. @@ -96,9 +96,9 @@ The following policies are used to support customized deployment scenarios in yo - [Allow access to BitLocker-protected fixed data drives from earlier versions of Windows](#bkmk-depopt4) - [Allow access to BitLocker-protected removable data drives from earlier versions of Windows](#bkmk-depopt5) -### Allow devices with Secure Boot and protected DMA ports to opt out of preboot PIN +### Allow devices with secure boot and protected DMA ports to opt out of preboot PIN -This policy setting allows users on devices that are compliant with Modern Standby or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication. +This policy setting allows users of devices that are compliant with Modern Standby or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication. @@ -130,7 +130,7 @@ This policy setting allows users on devices that are compliant with Modern Stand - + @@ -189,15 +189,15 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock Reference -To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock. +To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the group policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer; therefore, computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock feature. >**Note:** For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or cannot connect to the domain controller at startup. -For more information about Network Unlock, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). +For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). ### Require additional authentication at startup -This policy setting is used to control which unlock options are available for operating system drives. +This policy setting is used to determine which unlock options are available for operating system drives.

When enabled

Users on Modern Standby and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication.

Users of Modern Standby- and HSTI-compliant devices will have the choice to turn on BitLocker without preboot authentication.

When disabled or not configured

@@ -224,7 +224,7 @@ This policy setting is used to control which unlock options are available for op +

Use of BitLocker with a TPM startup key with/without a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.

@@ -352,7 +352,7 @@ This policy setting is used to set a minimum PIN length when you use an unlock m - + @@ -366,8 +366,8 @@ This policy setting is used to set a minimum PIN length when you use an unlock m This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. -Originally, BitLocker allowed from 4 to 20 characters for a PIN. -Windows Hello has its own PIN for logon, which can be 4 to 127 characters. +Originally, BitLocker allowed a length from 4 to 20 characters for a PIN. +Windows Hello has its own PIN for logon, length of which can be 4 to 127 characters. Both BitLocker and Windows Hello use the TPM to prevent PIN brute-force attacks. The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings)) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made. @@ -382,12 +382,12 @@ Increasing the PIN length requires a greater number of guesses for an attacker. In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection. Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello. -To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters. -If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended. +To help organizations with the transition, beginning with Windows 10, version 1709, and Windows 10, version 1703, with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters. +If the minimum PIN length is reduced from the default of 6 characters, then the TPM 2.0 lockout period will be extended. ### Disable new DMA devices when this computer is locked -This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI ports until a user signs in to Windows. +This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI ports until a user signs-in to Windows. | | | | - | - | @@ -396,8 +396,8 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | **Drive type** | Operating system drives | | **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| | **Conflicts** | None | -| **When enabled** | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs in again. | -| **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.| +| **When enabled** | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs-in again. | +| **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed-in.| **Reference** @@ -451,7 +451,7 @@ To change the PIN or password, the user must be able to provide the current PIN ### Configure use of passwords for operating system drives -This policy controls how non-TPM based systems utilize the password protector. Used in conjunction with the **Password must meet complexity requirements** policy, this policy allows administrators to require password length and complexity for using the password protector. By default, passwords must be eight characters in length. Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators should choose **Require password complexity** because it requires domain connectivity, and it requires that the BitLocker password meets the same password complexity requirements as domain sign-in passwords. +This policy controls how non-TPM based systems utilize the password protector. Used in conjunction with the **Password must meet complexity requirements** policy, this policy allows administrators to make password length and complexity mandatory for using the password protector. By default, passwords must be eight characters in length. Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators should choose **Require password complexity** because it requires domain connectivity, and it requires the BitLocker password to meet the same password complexity requirements as domain sign-in passwords.

Conflicts

If one authentication method is required, the other methods cannot be allowed.

-

Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.

When enabled

When enabled

You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.

You can require that startup PINs set by users must have a minimum length that is between 4 and 20 digits, which the users can choose.

When disabled or not configured

@@ -479,7 +479,7 @@ This policy controls how non-TPM based systems utilize the password protector. U - + @@ -1497,7 +1497,7 @@ In **Configure user storage of BitLocker recovery information**, select whether Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting. -In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select **Store recovery password and key packages**, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select **Store recovery password only**, only the recovery password is stored in AD DS. +In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select **Store recovery password and key packages**, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports the recovery of data from a drive that is physically corrupted. If you select **Store recovery password only**, only the recovery password is stored in AD DS. Select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. From f6043d6b595f9d770c69496eefeeafd713e817f4 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Fri, 4 Sep 2020 00:53:29 +0530 Subject: [PATCH 010/540] Update bitlocker-basic-deployment-AshaReviewed.md Following changes have been done: - Edited some portions for better read. - Embedded questions for clarifications. --- .../bitlocker/bitlocker-basic-deployment.md | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 2f5b74fefd..103e801ef5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -23,7 +23,7 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. +This topic explains how to use BitLocker features to protect your data through drive encryption. ## Using BitLocker to encrypt volumes @@ -42,7 +42,7 @@ BitLocker encryption can be done using the following methods: ### Encrypting volumes using the BitLocker control panel -Encrypting volumes with the BitLocker control panel (click **Start**, type **bitlocker**, click **Manage BitLocker**) is the mechanism implemented by many users to utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data- and removable data volumes. The BitLocker control panel will organize available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters will appear properly in the BitLocker control panel applet. +Encrypting volumes with the BitLocker control panel (click **Start**, type **bitlocker**, click **Manage BitLocker**) is the mechanism implemented by many users to utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data, and removable data volumes. The BitLocker control panel organizes available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters appear properly in the BitLocker control panel applet. To start encryption for a volume, select **Turn on BitLocker** for the appropriate drive to initialize the BitLocker Drive Encryption Wizard. BitLocker Drive Encryption Wizard options vary based on volume type (operating system volume or data volume). ### Operating system volume @@ -97,9 +97,9 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies whether the computer Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it; saving it on a removable media; or saving it as a file in a network folder, on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot store it on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on a removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. +You should store the recovery key by printing it; saving it on a removable media; or saving it as a file in a network folder, on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot store it on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on a removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies.(Please check if this para can be put in as an Important note, as this information is critical). -When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive. There are two options: +Once the recovery key has been properly stored, the BitLocker Drive Encryption Wizard prompts the user to choose from one of the following options to encrypt the drive: Encrypt used disk space only—Encrypts only disk space that contains data Encrypt entire drive—Encrypts the entire volume including free space @@ -107,9 +107,11 @@ It is recommended that drives with little-to-no data utilize the **used disk spa > **Note:**  Deleted files appear as free space to the file system, which is not encrypted by **used disk space only**. Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools. -Selecting an encryption type and choosing **Next** will give the user the option of running a BitLocker system check (selected by default) which will ensure that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows. +Selecting an encryption type and choosing **Next** gives user the option of running a BitLocker system check (selected by default) which ensures that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows. -After completing the system check (if selected), the BitLocker Drive Encryption Wizard will restart the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. +**Question - In the previous para, the BitLocker system check is selected by default. The following paragraph, states if system check has been selected. Is there an option for the user to deselect system check. Under what circumstance they would deselect the system check, what would be the repercussions of that?** + +After completing the system check (if selected), the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. @@ -119,15 +121,15 @@ Encrypting data volumes using the BitLocker control panel interface works in a f Unlike for operating system volumes, data volumes are not required to pass any configuration tests for the wizard to proceed. Upon launching the wizard, a choice of authentication methods to unlock the drive appears. The available options are **password** and **smart card** and **automatically unlock this drive on this computer**. Disabled by default, the latter option will unlock the data volume without user input when the operating system volume is unlocked. After selecting the desired authentication method and choosing **Next**, the wizard presents options for storage of the recovery key. These options are the same as for operating system volumes. -With the recovery key saved, selecting **Next** in the wizard will show available options for encryption. These options are the same as for operating system volumes—**used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended that **used disk space only** is selected. +With the recovery key saved, selecting **Next** in the wizard displays available options for encryption. These options are the same as for operating system volumes—**used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended to selecte **used disk space only** option. -With an encryption method chosen, a final confirmation screen is displayed before the encryption process begins. Selecting **Start encrypting** will begin encryption. +With an encryption method chosen, a final confirmation screen is displayed before the encryption process begins. Selecting **Start encrypting** begins encryption. Encryption status displays in the notification area or within the BitLocker control panel. ### OneDrive option -There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers are not members of a domain and that the user is using a Microsoft Account. Local accounts do not give the option to utilize OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that are not joined to a domain. +There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers are not members of a domain and that the user is using a Microsoft account. Local accounts do not give the option to utilize OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that are not joined to a domain. Users can verify whether the recovery key was saved properly by checking their OneDrive for the BitLocker folder which is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. @@ -200,7 +202,7 @@ A good practice when using manage-bde is to determine the volume status on the t `manage-bde -status` -This command returns the volumes on the target, current encryption status and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment. +This command returns the volumes on the target, current encryption statu, and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment. **Enabling BitLocker without a TPM** @@ -227,7 +229,7 @@ Another example is a user on a non-TPM hardware who wishes to add a password and `manage-bde -protectors -add C: -pw -sid ` -This command will require the user to enter and then confirm the password protectors before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on. +This command requires the user to enter and then confirm the password protectors before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on. ### Data volume @@ -478,12 +480,12 @@ manage-bde -status Windows PowerShell commands offer another way to query BitLocker status for volumes. Like manage-bde, Windows PowerShell includes the advantage of being able to check the status of a volume on a remote computer. -Using the Get-BitLockerVolume cmdlet, each volume on the system will display its current BitLocker status. To get information that is more detailed on a specific volume, use the following command: +Using the Get-BitLockerVolume cmdlet, each volume on the system displays its current BitLocker status. To get information that is more detailed on a specific volume, use the following command: ```powershell Get-BitLockerVolume -Verbose | fl ``` -This command will display information about the encryption method, volume type, key protectors, etc. +This command displays information about the encryption method, volume type, key protectors, etc. ### Provisioning BitLocker during operating system deployment @@ -496,11 +498,11 @@ Decrypting volumes removes BitLocker and any associated protectors from the volu ### Decrypting volumes using the BitLocker control panel applet BitLocker decryption using the control panel is done using a wizard. The control panel can be called from Windows Explorer or by opening it directly. After opening the BitLocker control panel, users will select the **Turn off BitLocker** option to begin the process. -Once selected, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process will begin and report status to the control panel. +Once selected, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins and reports status to the control panel. -The control panel does not report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress. +The control panel does not report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon opens a modal dialog with progress. -Once decryption is complete, the drive will update its status in the control panel and becomes available for encryption. +Once decryption is complete, the drive updates its status in the control panel and becomes available for encryption. ### Decrypting volumes using the manage-bde command line interface From b494c69405e91268e820240f764f8869f1a2a0b8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 4 Sep 2020 12:05:04 +0530 Subject: [PATCH 011/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 103e801ef5..55afaec728 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -95,24 +95,26 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies whether the computer

Conflicts

Passwords cannot be used if FIPS-compliance is enabled.

-Note

The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.

+Note

The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, specifies whether FIPS-compliance is enabled.

@@ -499,22 +499,22 @@ This policy controls how non-TPM based systems utilize the password protector. U **Reference** -If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\** must be also enabled. +If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective, the group policy setting **Password must meet complexity requirements**, which is located at **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\**, must be also enabled. >**Note:** These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker allows unlocking a drive with any of the protectors that are available on the drive. -When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to **Allow complexity**, a connection to a domain controller is attempted to validate that the complexity adheres to the rules set by the policy. If no domain controllers are found, the password will be accepted regardless of actual password complexity, and the drive will be encrypted by using that password as a protector. When set to **Do not allow complexity**, there is no password complexity validation. +When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity of the password. When set to **Allow complexity**, a connection to a domain controller is attempted to validate the adherence of the complexity to the rules set by the policy. If no domain controllers are found, the password will be accepted regardless of actual password complexity, and the drive will be encrypted by using that password as a protector. When set to **Do not allow complexity**, there is no password complexity validation. Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the **Minimum password length** box. When this policy setting is enabled, you can set the option **Configure password complexity for operating system drives** to: - Allow password complexity -- Do not allow password complexity +- Deny password complexity - Require password complexity ### Require additional authentication at startup (Windows Server 2008 and Windows Vista) -This policy setting is used to control what unlock options are available for computers running Windows Server 2008 or Windows Vista. +This policy setting is used to determine the unlock options that would be made available for computers running Windows Server 2008 or Windows Vista. @@ -540,7 +540,7 @@ This policy setting is used to control what unlock options are available for com - + @@ -555,7 +555,7 @@ This policy setting is used to control what unlock options are available for com Reference -On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN. +On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can prompt users to insert a USB drive that contains a startup key. It can also prompt users to enter a startup PIN with a length between 6 and 20 digits. A USB drive that contains a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material that is on this USB drive. @@ -608,7 +608,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi - + @@ -623,7 +623,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi Reference ->**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive. +>**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive which is done by using any of the protectors that are available on the drive. ### Configure use of passwords on fixed data drives @@ -657,7 +657,7 @@ This policy setting is used to require, allow, or deny the use of passwords with - + @@ -682,10 +682,10 @@ Passwords must be at least 8 characters. To configure a greater minimum length f >**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive. -For the complexity requirement setting to be effective, the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Password must meet complexity requirements** must also be enabled. +For the complexity requirement setting to be effective, the group policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Password must meet complexity requirements** must also be enabled. This policy setting is configured on a per-computer basis. This means that it applies to local user accounts and domain user accounts. Because the password filter that is used to validate password complexity is located on the domain controllers, local user accounts cannot access the password filter because they are not authenticated for domain access. When this policy setting is enabled, if you sign in with a local user account, and you attempt to encrypt a drive or change a password on an existing BitLocker-protected drive, an "Access denied" error message is displayed. In this situation, the password key protector cannot be added to the drive. -Enabling this policy setting requires that connectivity to a domain be established before adding a password key protector to a BitLocker-protected drive. Users who work remotely and have periods of time in which they cannot connect to the domain should be made aware of this requirement so that they can schedule a time when they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive. +Enabling this policy setting requires a connectivity to be established to a domain before adding a password key protector to a BitLocker-protected drive. Users who work remotely and have periods of time in which they cannot connect to the domain should be made aware of this requirement so that they can schedule a time during which they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive. >**Important:** Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled. @@ -721,7 +721,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi - + @@ -766,11 +766,11 @@ This policy setting is used to require, allow, or deny the use of passwords with - + - + @@ -785,14 +785,14 @@ This policy setting is used to require, allow, or deny the use of passwords with Reference -If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at -**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** must also be enabled. +If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the group policy setting **Password must meet complexity requirements**, which is located at +**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**, must also be enabled. >**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive. Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the **Minimum password length** box. -When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. +When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity of the password. When set to **Allow complexity**, a connection to a domain controller will be attempted to validate that the complexity adheres to the rules set by the policy. However, if no domain controllers are found, the password will still be accepted regardless of actual password complexity and the drive will be encrypted by using that password as a protector. @@ -804,7 +804,7 @@ For information about this setting, see [System cryptography: Use FIPS-compliant ### Validate smart card certificate usage rule compliance -This policy setting is used to determine what certificate to use with BitLocker. +This policy setting is used to determine the certificate that is to be used with BitLocker.

Conflicts

If you choose to require an additional authentication method, other authentication methods cannot be allowed.

If you choose to make an additional authentication method mandatory, other authentication methods cannot be allowed.

When enabled

When enabled

Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on fixed data drives check box.

Smart cards can be used to authenticate user access to the drive. You can make smart card authentication mandatory by selecting the Require use of smart cards on fixed data drives check box.

When disabled

When enabled

Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for fixed data drive. To enforce complexity requirements on the password, select Require complexity.

Users can configure a password that meets the requirements you define. To make the use of a password mandatory, select Require password for fixed data drive. To enforce complexity requirements on the password, select Require complexity.

When disabled

When enabled

Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on removable data drives check box.

Smart cards can be used to authenticate user access to the drive. You can make smart card authentication mandatory by selecting the Require use of smart cards on removable data drives check box.

When disabled or not configured

Conflicts

To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy must also be enabled.

To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy, must also be enabled.

When enabled

Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for removable data drive. To enforce complexity requirements on the password, select Require complexity.

Users can configure a password that meets the requirements you define. To make the use of a password mandatory, select Require password for removable data drive. To enforce complexity requirements on the password, select Require complexity.

When disabled

@@ -851,7 +851,7 @@ The object identifier is specified in the enhanced key usage (EKU) of a certific The default object identifier is 1.3.6.1.4.1.311.67.1.1. ->**Note:** BitLocker does not require that a certificate have an EKU attribute; however, if one is configured for the certificate, it must be set to an object identifier that matches the object identifier configured for BitLocker. +>**Note:** BitLocker does not make it mandatory for a certificate to have an EKU attribute; however, if one is configured for the certificate, it must be set to an object identifier that matches the object identifier configured for BitLocker. ### Enable use of BitLocker authentication requiring preboot keyboard input on slates @@ -889,14 +889,14 @@ This policy setting allows users to enable authentication options that require u - +

When disabled or not configured

The Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.

The Windows Recovery Environment must be enabled on tablets to support keying in of the BitLocker recovery password.
Reference -The Windows touch keyboard (such as used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password. +The Windows touch keyboard (used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password. It is recommended that administrators enable this policy only for devices that are verified to have an alternative means of preboot input, such as attaching a USB keyboard. @@ -910,7 +910,7 @@ If you do not enable this policy setting, the following options in the **Require ### Deny write access to fixed drives not protected by BitLocker -This policy setting is used to require encryption of fixed drives prior to granting Write access. +This policy setting is used to make encryption of fixed drives mandatory prior to granting Write access. @@ -965,7 +965,7 @@ Conflict considerations include: ### Deny write access to removable drives not protected by BitLocker -This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access. +This policy setting is used to make it mandatory for removable drives to be encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.
@@ -1118,9 +1118,9 @@ This policy setting is used to control the encryption method and cipher strength The values of this policy determine the strength of the cipher that BitLocker uses for encryption. Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128). -If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. +If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives, individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. -For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later. +For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511, or later. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored. @@ -1140,7 +1140,7 @@ This policy controls how BitLocker reacts to systems that are equipped with encr - + @@ -1164,7 +1164,7 @@ This policy controls how BitLocker reacts to systems that are equipped with encr - + @@ -1219,7 +1219,7 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper - + @@ -1230,11 +1230,11 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper Reference -If hardware-based encryption is not available, BitLocker software-based encryption is used instead. +If hardware-based encryption is not available, BitLocker software-based encryption is used, instead. >**Note:** The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption. -The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID), for example: +The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OIDs), for example: - Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42 @@ -1275,7 +1275,7 @@ This policy controls how BitLocker reacts to encrypted drives when they are used - + @@ -1286,18 +1286,18 @@ This policy controls how BitLocker reacts to encrypted drives when they are used Reference -If hardware-based encryption is not available, BitLocker software-based encryption is used instead. +If hardware-based encryption is not available, BitLocker software-based encryption is used, instead. >**Note:** The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption. -The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID), for example: +The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OIDs), for example: - Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42 ### Enforce drive encryption type on fixed data drives -This policy controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so no encryption selection displays to the user. +This policy controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so that no encryption selection displays to the user.

Policy description

With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and to specify which encryption algorithms BitLocker can use with hardware-based encryption.

With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and specify which encryption algorithms BitLocker can use with hardware-based encryption.

Introduced

When disabled

BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.

BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive is encrypted.

When not configured

When disabled

BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive in encrypted.

BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive is encrypted.

When not configured

When disabled

BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.

BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive is encrypted.

When not configured

@@ -1331,14 +1331,14 @@ This policy controls whether fixed data drives utilize Used Space Only encryptio - +

When disabled or not configured

The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.

The BitLocker Setup Wizard asks the users to select the encryption type before they can turn on BitLocker.
Reference -This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on. +This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to make it mandatory for the entire drive to be encrypted when BitLocker is turned on. Choose Used Space Only encryption to make it mandatory to encrypt only that portion of the drive that is used to store data when BitLocker is turned on. >**Note:** This policy is ignored when you are shrinking or expanding a volume and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space. @@ -1346,7 +1346,7 @@ For more information about the tool to manage BitLocker, see [Manage-bde](https: ### Enforce drive encryption type on operating system drives -This policy controls whether operating system drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user. +This policy controls whether operating system drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so that no encryption selection displays to the user. @@ -1380,14 +1380,14 @@ This policy controls whether operating system drives utilize Full encryption or - +

When disabled or not configured

The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.

The BitLocker Setup Wizard asks the users to select the encryption type before they can turn on BitLocker.
Reference -This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on. +This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to make it mandatory for the entire drive to be encrypted when BitLocker is turned on. Choose Used Space Only encryption to make it mandatory to encrypt only that portion of the drive that is used to store data when BitLocker is turned on. >**Note:** This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space. @@ -1395,7 +1395,7 @@ For more information about the tool to manage BitLocker, see [Manage-bde](https: ### Enforce drive encryption type on removable data drives -This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user. +This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so that no encryption selection displays to the user. @@ -1429,14 +1429,14 @@ This policy controls whether fixed data drives utilize Full encryption or Used S - +

When disabled or not configured

The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.

The BitLocker Setup Wizard asks the users to select the encryption type before they can turn on BitLocker.
Reference -This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on. +This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to make it mandatory for the entire drive to be encrypted when BitLocker is turned on. Choose Used Space Only encryption to make it mandatory to encrypt only that portion of the drive that is used to store data when BitLocker is turned on. >**Note:** This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full Encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space. @@ -1475,7 +1475,7 @@ This policy setting is used to configure recovery methods for operating system d

When enabled

You can control the methods that are available to users to recover data from BitLocker-protected operating system drives.

You can control the methods that are available for users to recover data from BitLocker-protected operating system drives.

When disabled or not configured

Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. -Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. +Once a strong password has been created for the volume, a recovery key is generated. The BitLocker Drive Encryption Wizard prompts for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it; saving it on a removable media; or saving it as a file in a network folder, on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot store it on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on a removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies.(Please check if this para can be put in as an Important note, as this information is critical). +**Note:** You should store the recovery key by printing it; saving it on a removable media; or saving it as a file in a network folder, on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot store it on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on a removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. Once the recovery key has been properly stored, the BitLocker Drive Encryption Wizard prompts the user to choose from one of the following options to encrypt the drive: Encrypt used disk space only—Encrypts only disk space that contains data Encrypt entire drive—Encrypts the entire volume including free space -It is recommended that drives with little-to-no data utilize the **used disk space only** encryption option and that drives with data or an operating system utilize the **encrypt entire drive** option. +It is recommended that drives with little-to-no data utilize the **used disk space only** encryption option and that the drives with data or an operating system utilize the **encrypt entire drive** option. > **Note:**  Deleted files appear as free space to the file system, which is not encrypted by **used disk space only**. Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools. -Selecting an encryption type and choosing **Next** gives user the option of running a BitLocker system check (selected by default) which ensures that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows. +Selecting an encryption type and choosing **Next** gives user the option of running a BitLocker system check (selected by default) which ensures that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user needs to provide the recovery key to start Windows. **Question - In the previous para, the BitLocker system check is selected by default. The following paragraph, states if system check has been selected. Is there an option for the user to deselect system check. Under what circumstance they would deselect the system check, what would be the repercussions of that?** After completing the system check (if selected), the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. +**Question - Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons ? ** + Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. ### Data volume @@ -121,7 +123,7 @@ Encrypting data volumes using the BitLocker control panel interface works in a f Unlike for operating system volumes, data volumes are not required to pass any configuration tests for the wizard to proceed. Upon launching the wizard, a choice of authentication methods to unlock the drive appears. The available options are **password** and **smart card** and **automatically unlock this drive on this computer**. Disabled by default, the latter option will unlock the data volume without user input when the operating system volume is unlocked. After selecting the desired authentication method and choosing **Next**, the wizard presents options for storage of the recovery key. These options are the same as for operating system volumes. -With the recovery key saved, selecting **Next** in the wizard displays available options for encryption. These options are the same as for operating system volumes—**used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended to selecte **used disk space only** option. +With the recovery key saved, selecting **Next** in the wizard displays available options for encryption. These options are the same as for operating system volumes—**used disk space only** and **full drive encryption**. If the volume being encrypted is new or empty, it is recommended to select **used disk space only** option. With an encryption method chosen, a final confirmation screen is displayed before the encryption process begins. Selecting **Start encrypting** begins encryption. @@ -194,7 +196,7 @@ Command line users need to determine the appropriate syntax for a given situatio ### Operating system volume -Listed below are examples of basic valid commands for operating system volumes. In general, using only the `manage-bde -on ` command will encrypt the operating system volume with a TPM-only protector and no recovery key. However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. +Listed below are examples of basic valid commands for operating system volumes. In general, using only the `manage-bde -on ` command encrypts the operating system volume with a TPM-only protector and no recovery key. However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. **Determining volume status** @@ -202,7 +204,7 @@ A good practice when using manage-bde is to determine the volume status on the t `manage-bde -status` -This command returns the volumes on the target, current encryption statu, and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment. +This command returns the volumes on the target, current encryption status, and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment. **Enabling BitLocker without a TPM** @@ -450,7 +452,7 @@ To check the BitLocker status of a particular volume, administrators can look at ### Checking BitLocker status with the control panel -Checking BitLocker status with the control panel is the most common method used by most users. Once opened, the status for each volume will display next to the volume description and drive letter. Available status return values with the control panel include: +Checking BitLocker status with the control panel is the most common method used by most users. Once opened, the status for each volume is displayed next to the volume description and drive letter. Available status return values with the control panel include: | Status | Description | | - | - | @@ -491,6 +493,8 @@ This command displays information about the encryption method, volume type, key Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation environment. This is done with a randomly generated clear key protector applied to the formatted volume and by encrypting the volume prior to running the Windows setup process. If the encryption uses the **Used Disk Space Only** option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes. +**Question: Is the clear key protector automatically generated or manually generated?** + ### Decrypting BitLocker volumes Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption should not occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We will discuss each method further below. @@ -498,7 +502,7 @@ Decrypting volumes removes BitLocker and any associated protectors from the volu ### Decrypting volumes using the BitLocker control panel applet BitLocker decryption using the control panel is done using a wizard. The control panel can be called from Windows Explorer or by opening it directly. After opening the BitLocker control panel, users will select the **Turn off BitLocker** option to begin the process. -Once selected, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins and reports status to the control panel. +After selecting the **Turn off BitLocker** option, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins and reports status to the control panel. The control panel does not report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon opens a modal dialog with progress. From df6cf6e4c647d69428c0cd697049a819e5bb98f8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 4 Sep 2020 17:44:53 +0530 Subject: [PATCH 012/540] Update bitlocker-group-policy-settings.md --- .../bitlocker-group-policy-settings.md | 116 +++++++++--------- 1 file changed, 59 insertions(+), 57 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 6ee33fd3bb..025e4bd12a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -1550,7 +1550,7 @@ This policy is only applicable to computers running Windows Server 2008 or Windo Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. Users can type a 48-digit numerical recovery password, or they can insert a USB drive that contains a 256-bit recovery key. -Saving the recovery password to a USB drive stores the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving it to a folder stores the 48-digit recovery password as a text file. Printing it sends the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password prevents users from printing or saving recovery information to a folder. +Saving the recovery password to a USB drive stores the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving the recovery password to a folder stores the 48-digit recovery password as a text file. Printing the recovery password sends the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password prevents users from printing or saving recovery information to a folder. > **Important:** If TPM initialization is performed during the BitLocker setup, TPM owner information is saved or printed with the BitLocker recovery information. > The 48-digit recovery password is not available in FIPS-compliance mode. @@ -1695,7 +1695,7 @@ This policy setting is used to configure recovery methods for fixed data drives.

When enabled

-

You can control the methods that are available to users to recover data from BitLocker-protected fixed data drives.

+

You can control the methods that are available for users to recover data from BitLocker-protected fixed data drives.

When disabled or not configured

@@ -1710,12 +1710,12 @@ This policy setting is applied when you turn on BitLocker. The **Allow data recovery agent** check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from **Public Key Policies**, which is located in the Group Policy Management Console (GPMC) or in the Local Group Policy Editor. -In **Configure user storage of BitLocker recovery information**, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. +In **Configure user storage of BitLocker recovery information**, select whether users can be allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting. -In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. -Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS. +In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information is to be stored in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. +Storing the key package supports recovery of data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS. For more information about the BitLocker repair tool, see [Repair-bde](https://technet.microsoft.com/library/ff829851.aspx). @@ -1756,7 +1756,7 @@ This policy setting is used to configure recovery methods for removable data dri

When enabled

-

You can control the methods that are available to users to recover data from BitLocker-protected removable data drives.

+

You can control the methods that are available for users to recover data from BitLocker-protected removable data drives.

When disabled or not configured

@@ -1771,11 +1771,11 @@ This policy setting is applied when you turn on BitLocker. The **Allow data recovery agent** check box is used to specify whether a data recovery agent can be used with BitLocker-protected removable data drives. Before a data recovery agent can be used, it must be added from **Public Key Policies** , which is accessed using the GPMC or the Local Group Policy Editor. -In **Configure user storage of BitLocker recovery information**, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password. +In **Configure user storage of BitLocker recovery information**, select whether users can be allowed, required, or not allowed to generate a 48-digit recovery password. Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting. -In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for removable data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. If you select **Backup recovery password only**, only the recovery password is stored in AD DS. +In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information is to be stored in AD DS for removable data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. If you select **Backup recovery password only**, only the recovery password is stored in AD DS. Select the **Do not enable BitLocker until recovery information is stored in AD DS for removable data drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. @@ -1817,7 +1817,7 @@ This policy setting is used to configure the entire recovery message and to repl

When disabled or not configured

-

If the setting has not been previously enabled the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting previously was enabled and is subsequently disabled the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.

+

If the setting has not been previously enabled, the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting was previously enabled and is subsequently disabled, the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.

@@ -1826,19 +1826,19 @@ This policy setting is used to configure the entire recovery message and to repl Enabling the **Configure the pre-boot recovery message and URL** policy setting allows you to customize the default recovery screen message and URL to assist customers in recovering their key. -Once you enable the setting you have three options: +Once you enable the setting, you have three options: - If you select the **Use default recovery message and URL** option, the default BitLocker recovery message and URL will be displayed on the pre-boot recovery screen. - If you select the **Use custom recovery message** option, type the custom message in the **Custom recovery message option** text box. The message that you type in the **Custom recovery message option** text box will be displayed on the pre-boot recovery screen. If a recovery URL is available, include it in the message. - If you select the **Use custom recovery URL** option, type the custom message URL in the **Custom recovery URL option** text box. The URL that you type in the **Custom recovery URL option** text box replaces the default URL in the default recovery message, which will be displayed on the pre-boot recovery screen. -> **Important:** Not all characters and languages are supported in the pre-boot environment. We strongly recommended that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen. +> **Important:** Not all characters and languages are supported in the pre-boot environment. We strongly recommend that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen. > -> **Important:** Because you can alter the BCDEdit commands manually before you have set Group Policy settings, you cannot return the policy setting to the default setting by selecting the **Not Configured** option after you have configured this policy setting. To return to the default pre-boot recovery screen leave the policy setting enabled and select the **Use default message** options from the **Choose an option for the pre-boot recovery message** drop-down list box. +> **Important:** Because you can alter the BCDEdit commands manually before you have set group policy settings, you cannot return the policy setting to the default setting by selecting the **Not Configured** option after you have configured this policy setting. To return to the default pre-boot recovery screen, leave the policy setting enabled and select the **Use default message** options from the **Choose an option for the pre-boot recovery message** drop-down list box. -### Allow Secure Boot for integrity validation +### Allow secure boot for integrity validation -This policy controls how BitLocker-enabled system volumes are handled in conjunction with the Secure Boot feature. Enabling this feature forces Secure Boot validation during the boot process and verifies Boot Configuration Data (BCD) settings according to the Secure Boot policy. +This policy controls how BitLocker-enabled system volumes are handled in conjunction with the secure boot feature. Enabling this feature forces secure boot validation during the boot process and verifies Boot Configuration Data (BCD) settings according to the secure boot policy. @@ -1848,7 +1848,7 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc - + @@ -1864,24 +1864,24 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc - - + - +

Policy description

With this policy setting, you can configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.

With this policy setting, you can configure whether secure boot will be allowed as the platform integrity provider for BitLocker operating system drives.

Introduced

Conflicts

If you enable Allow Secure Boot for integrity validation, make sure the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.

+

If you enable Allow Secure Boot for integrity validation, make sure the Configure TPM platform validation profile for native UEFI firmware configurations group policy setting is not enabled or include PCR 7 to allow BitLocker to use secure boot for platform or BCD integrity validation.

For more information about PCR 7, see Platform Configuration Register (PCR) in this topic.

When enabled or not configured

BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.

BitLocker uses secure boot for platform integrity if the platform is capable of secure boot-based integrity validation.

When disabled

BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.

BitLocker uses legacy platform integrity validation even on systems that are capable of secure boot-based integrity validation.
Reference -Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8. -When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker. +Secure boot ensures that the computer's pre-boot environment loads only firmware that is digitally signed by authorized software publishers. Secure boot also started providing more flexibility for managing pre-boot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8. +When this policy is enabled and the hardware is capable of using secure boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** group policy setting is ignored, and secure boot verifies BCD settings according to the secure boot policy setting, which is configured separately from BitLocker. >**Warning:** Disabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates. @@ -1913,7 +1913,7 @@ This policy setting is used to establish an identifier that is applied to all dr

Conflicts

-

Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and it is identical to the value that is configured on the computer.

+

Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and its value is identical to the value that is configured on the computer.

When enabled

@@ -1930,7 +1930,7 @@ This policy setting is used to establish an identifier that is applied to all dr These identifiers are stored as the identification field and the allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool. -An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field on the drive matches the value that is configured for the identification field. +An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field's value on the drive matches the value that is configured for the identification field. For more information about the tool to manage BitLocker, see [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx). @@ -1938,9 +1938,9 @@ The allowed identification field is used in combination with the **Deny write ac You can configure the identification fields on existing drives by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool. -When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an outside organization. +When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an external organization. -Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value up to 260 characters. +Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value upto 260 characters. ### Prevent memory overwrite on restart @@ -1989,7 +1989,7 @@ This policy setting is applied when you turn on BitLocker. BitLocker secrets inc ### Configure TPM platform validation profile for BIOS-based firmware configurations -This policy setting determines what values the TPM measures when it validates early boot components before it unlocks an operating system drive on a computer with a BIOS configuration or with UEFI firmware that has the Compatibility Support Module (CSM) enabled. +This policy setting determines the values that are measured by TPM when it validates early boot components before it unlocks an operating system drive on a computer with a BIOS configuration or with UEFI firmware that has the Compatibility Support Module (CSM) enabled. @@ -2019,7 +2019,7 @@ This policy setting determines what values the TPM measures when it validates ea - + @@ -2032,7 +2032,7 @@ This policy setting determines what values the TPM measures when it validates ea This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ->**Important:** This Group Policy setting only applies to computers with BIOS configurations or to computers with UEFI firmware with the CSM enabled. Computers that use a native UEFI firmware configuration store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for native UEFI firmware configurations** Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware. +>**Important:** This group policy setting only applies to computers with BIOS configurations or to computers with UEFI firmware with the CSM enabled. Computers that use a native UEFI firmware configuration store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for native UEFI firmware configurations** group policy setting to configure the TPM PCR profile for computers that use native UEFI firmware. A platform validation profile consists of a set of PCR indices that range from 0 to 23. The default platform validation profile secures the encryption key against changes to the following: @@ -2046,9 +2046,9 @@ A platform validation profile consists of a set of PCR indices that range from 0 >**Note:** Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker’s sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs. -The following list identifies all of the PCRs available: +The following list identifies all of the available PCRs: -- PCR 0: Core root-of-trust for measurement, BIOS, and Platform extensions +- PCR 0: Core root-of-trust for measurement, BIOS, and platform extensions - PCR 1: Platform and motherboard configuration and data. - PCR 2: Option ROM code - PCR 3: Option ROM data and configuration @@ -2064,7 +2064,7 @@ The following list identifies all of the PCRs available: ### Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2) -This policy setting determines what values the TPM measures when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server 2008, or Windows 7. +This policy setting determines the values that are measured by the TPM when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server 2008, or Windows 7.

When enabled

You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.

You can configure the boot components that are validated by the TPM before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and makes it mandatory to provide the recovery password or the recovery key to unlock the drive.

When disabled or not configured

@@ -2094,7 +2094,7 @@ This policy setting determines what values the TPM measures when it validates ea - + @@ -2119,7 +2119,7 @@ A platform validation profile consists of a set of PCR indices that range from 0 >**Note:** The default TPM validation profile PCR settings for computers that use an Extensible Firmware Interface (EFI) are the PCRs 0, 2, 4, and 11 only. -The following list identifies all of the PCRs available: +The following list identifies all of the available PCRs: - PCR 0: Core root-of-trust for measurement, EFI boot and run-time services, EFI drivers embedded in system ROM, ACPI static tables, embedded SMM code, and BIOS code - PCR 1: Platform and motherboard configuration and data. Hand-off tables and EFI variables that affect system configuration @@ -2139,7 +2139,7 @@ The following list identifies all of the PCRs available: ### Configure TPM platform validation profile for native UEFI firmware configurations -This policy setting determines what values the TPM measures when it validates early boot components before unlocking an operating system drive on a computer with native UEFI firmware configurations. +This policy setting determines the values to be measured by the TPM when it validates early boot components before unlocking an operating system drive on a computer with native UEFI firmware configurations.

When enabled

You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.

You can configure the boot components that are validated by the TPM before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and makes it mandatory to provide the recovery password or the recovery key to unlock the drive.

When disabled or not configured

@@ -2149,7 +2149,7 @@ This policy setting determines what values the TPM measures when it validates ea - + @@ -2165,13 +2165,13 @@ This policy setting determines what values the TPM measures when it validates ea - - + @@ -2184,11 +2184,11 @@ This policy setting determines what values the TPM measures when it validates ea This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection. ->**Important:** This Group Policy setting only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Support Module (CSM) enabled store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for BIOS-based firmware configurations** Group Policy setting to configure the TPM PCR profile for computers with BIOS configurations or for computers with UEFI firmware with a CSM enabled. +>**Important:** This group policy setting only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Support Module (CSM) enabled store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for BIOS-based firmware configurations** group policy setting to configure the TPM PCR profile for computers with BIOS configurations or for computers with UEFI firmware with a CSM enabled. -A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access control (PCR 11). +A platform validation profile consists of a set of PCR indices ranging from 0 to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access control (PCR 11). -The following list identifies all of the PCRs available: +The following list identifies all of the available PCRs: - PCR 0: Core System Firmware executable code - PCR 1: Core System Firmware data @@ -2214,7 +2214,7 @@ The following list identifies all of the PCRs available: ### Reset platform validation data after BitLocker recovery -This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery. A platform validation data profile consists of the values in a set of Platform Configuration Register (PCR) indices that range from 0 to 23. +This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery. A platform validation data profile consists of the values in a set of PCR indices that range from 0 to 23.

Policy description

With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.

With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.

Introduced

Conflicts

Setting this policy with PCR 7 omitted, overrides the Allow Secure Boot for integrity validation Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.

-

If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.

+

Setting this policy with PCR 7 omitted results in an override of the Allow Secure Boot for integrity validation group policy setting, and this new setting prevents BitLocker from using secure boot for platform or Boot Configuration Data (BCD) integrity validation.

+

If your environments use TPM and secure boot for platform integrity checks, this policy should not be configured.

For more information about PCR 7, see Platform Configuration Register (PCR) in this topic.

When enabled

Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.

Before you turn on BitLocker, you can configure the boot components that are to be validated by the TPM before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and makes it mandatory to provide the recovery password or the recovery key to unlock the drive.

When disabled or not configured

@@ -2263,7 +2263,7 @@ For more information about the recovery process, see the [BitLocker recovery gui ### Use enhanced Boot Configuration Data validation profile -This policy setting determines specific Boot Configuration Data (BCD) settings to verify during platform validation. A platform validation uses the data in the platform validation profile, which consists of a set of Platform Configuration Register (PCR) indices that range from 0 to 23. +This policy setting determines specific Boot Configuration Data (BCD) settings to be verified during platform validation. A platform validation uses the data in the platform validation profile, which consists of a set of PCR indices that range from 0 to 23.
@@ -2273,7 +2273,7 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t - + @@ -2289,7 +2289,7 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t - + @@ -2308,11 +2308,11 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t Reference ->**Note:** The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or the exclusion list. +>**Note:** The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or exclusion list. ### Allow access to BitLocker-protected fixed data drives from earlier versions of Windows -This policy setting is used to control whether access to drives is allowed by using the BitLocker To Go Reader, and if the application is installed on the drive. +This policy setting is used to control whether access to drives is allowed by using the BitLocker To Go Reader, and whether BitLocker To Go Reader can be installed on the drive.

Policy description

With this policy setting, you can specify Boot Configuration Data (BCD) settings to verify during platform validation.

With this policy setting, you can specify Boot Configuration Data (BCD) settings to be verified during platform validation.

Introduced

Conflicts

When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the Use enhanced Boot Configuration Data validation profile Group Policy setting is ignored (as defined by the Allow Secure Boot for integrity validation Group Policy setting).

When BitLocker is using Secure Boot for platform and BCD integrity validation, the Use enhanced Boot Configuration Data validation profile group policy setting is ignored (as defined by the Allow Secure Boot for integrity validation group policy setting).

When enabled

@@ -2357,6 +2357,8 @@ This policy setting is used to control whether access to drives is allowed by us When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted fixed drives** check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user is prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. +**Question**: "If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting". Does this sentence indicate that "BitLocker To Go Reader" may also be present on a dtive that has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting? + ### Allow access to BitLocker-protected removable data drives from earlier versions of Windows This policy setting controls access to removable data drives that are using the BitLocker To Go Reader and whether the BitLocker To Go Reader can be installed on the drive. @@ -2393,7 +2395,7 @@ This policy setting controls access to removable data drives that are using the - +

When disabled

Removable data drives that are formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.

Removable data drives that are formatted with the FAT file system and are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.
@@ -2432,11 +2434,11 @@ You can configure the Federal Information Processing Standard (FIPS) setting for

Conflicts

-

Some applications, such as Terminal Services, do not support FIPS-140 on all operating systems.

+

Some applications, such as terminal services, do not support FIPS-140 on all operating systems.

When enabled

-

Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.

+

Users will be unable to save a recovery password to any location, including AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.

When disabled or not configured

@@ -2447,21 +2449,21 @@ You can configure the Federal Information Processing Standard (FIPS) setting for Reference -This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords, so recovery keys should be used instead. +This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords; therefore, recovery keys should be used, instead. -You can save the optional recovery key to a USB drive. Because recovery passwords cannot be saved to AD DS when FIPS is enabled, an error is caused if AD DS backup is required by Group Policy. +You can save the optional recovery key to a USB drive. Because recovery passwords cannot be saved to AD DS when FIPS is enabled, an error is caused if AD DS backup is required by group policy. You can edit the FIPS setting by using the Security Policy Editor (Secpol.msc) or by editing the Windows registry. You must be an administrator to perform these procedures. For more information about setting this policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://technet.microsoft.com/library/jj852197.aspx). -## Power management Group Policy settings: Sleep and Hibernate +## Power management group policy settings: Sleep and Hibernate PCs default power settings for a computer will cause the computer to enter Sleep mode frequently to conserve power when idle and to help extend the system’s battery life. When a computer transitions to Sleep, open programs and documents are persisted in memory. When a computer resumes from Sleep, users are not required to re-authenticate with a PIN or USB startup key to access encrypted data. This might lead to conditions where data security is compromised. -However, when a computer hibernates the drive is locked, and when it resumes from hibernation the drive is unlocked, which means that users will need to provide a PIN or a startup key if using multifactor authentication with BitLocker. Therefore, organizations that use BitLocker may want to use Hibernate instead of Sleep for improved security. This setting does not have an impact on TPM-only mode, because it provides a transparent user experience at startup and when resuming from the Hibernate states. +However, when a computer hibernates, the drive is locked, and when the computer resumes from hibernation the drive is unlocked, which means that users will need to provide a PIN or a startup key if using multifactor authentication with BitLocker. Therefore, organizations that use BitLocker may want to use Hibernate instead of Sleep for improved security. This setting does not have an impact on TPM-only mode, because it provides a transparent user experience at startup and when resuming from the Hibernate states. -You can use disable the following Group Policy settings, which are located in **Computer Configuration\\Administrative Templates\\System\\Power Management** to disable all available sleep states: +You can use disable the following group policy settings, which are located in **Computer Configuration\\Administrative Templates\\System\\Power Management**, to disable all available sleep states: - Allow Standby States (S1-S3) When Sleeping (Plugged In) - Allow Standby States (S1-S3) When Sleeping (Battery) @@ -2474,12 +2476,12 @@ Changing from the default platform validation profile affects the security and m **About PCR 7** -PCR 7 measures the state of Secure Boot. With PCR 7, BitLocker can leverage Secure Boot for integrity validation. Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. PCR 7 measurements indicate whether Secure Boot is on and which keys are trusted on the platform. If Secure Boot is on and the firmware measures PCR 7 correctly per the UEFI specification, BitLocker can bind to this information rather than to PCRs 0, 2, and 4 which have the measurements of the exact firmware and Bootmgr images loaded. This -reduces the likelihood of BitLocker starting in recovery mode as a result of firmware and image updates, and it provides you with greater flexibility to manage the preboot configuration. +PCR 7 measures the state of secure boot. With PCR 7, BitLocker can leverage secure boot for integrity validation. Secure boot ensures that the computer's pre-boot environment loads only firmware that is digitally signed by authorized software publishers. PCR 7 measurements indicate whether secure boot is on and which keys are trusted on the platform. If secure boot is on and the firmware measures PCR 7 correctly per the UEFI specification, BitLocker can bind to this information rather than to PCRs 0, 2, and 4 which have the measurements of the exact firmware and Bootmgr images loaded. This +reduces the likelihood of BitLocker starting in recovery mode as a result of firmware and image updates, and it provides you with greater flexibility to manage the pre-boot configuration. PCR 7 measurements must follow the guidance that is described in [Appendix A Trusted Execution Environment EFI Protocol](https://msdn.microsoft.com/library/windows/hardware/jj923068.aspx). -PCR 7 measurements are a mandatory logo requirement for systems that support Modern Standby (also known as Always On, Always Connected PCs), such as the Microsoft Surface RT. On such systems, if the TPM with PCR 7 measurement and Secure Boot are correctly configured, BitLocker binds to PCR 7 and PCR 11 by default. +PCR 7 measurements are a mandatory logo requirement for systems that support Modern Standby (also known as Always On, Always Connected PCs), such as the Microsoft Surface RT. On such systems, if the TPM with PCR 7 measurement and secure boot are correctly configured, BitLocker binds to PCR 7 and PCR 11 by default. ## See also - [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview) From c50a8559a08ceb3ac84aed6b7e902e4b490ae2f4 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 4 Sep 2020 17:54:11 +0530 Subject: [PATCH 013/540] Update bitlocker-group-policy-settings.md --- .../bitlocker/bitlocker-group-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 025e4bd12a..6392d2431c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -2357,7 +2357,7 @@ This policy setting is used to control whether access to drives is allowed by us When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted fixed drives** check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user is prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. -**Question**: "If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting". Does this sentence indicate that "BitLocker To Go Reader" may also be present on a dtive that has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting? +**Question**: "If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting". Does this sentence indicate that "BitLocker To Go Reader" may also be present on a drive that has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting? ### Allow access to BitLocker-protected removable data drives from earlier versions of Windows From 6861638c999165bd54b4d1d85decd6ca27d713ce Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 4 Sep 2020 18:15:41 +0530 Subject: [PATCH 014/540] Update bitlocker-group-policy-settings.md --- .../bitlocker-group-policy-settings.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 6392d2431c..502fcf5b27 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -23,7 +23,7 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for IT professionals describes the function, location, and effect of each group policy setting that is used to manage BitLocker Drive Encryption. +This topic describes the function, location, and effect of each group policy setting that is used to manage BitLocker Drive Encryption. To control what drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use group policy administrative templates or local computer policy settings. How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed. @@ -130,7 +130,7 @@ This policy setting allows users of devices that are compliant with Modern Stand

When enabled

-

Users of Modern Standby- and HSTI-compliant devices will have the choice to turn on BitLocker without preboot authentication.

+

Users of Modern Standby- and HSTI-compliant devices will have the choice to turn on BitLocker without pre-boot authentication.

When disabled or not configured

@@ -318,7 +318,7 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth Enhanced startup PINs permit the use of characters (including uppercase and lowercase letters, symbols, numbers, and spaces). This policy setting is applied when you turn on BitLocker. ->**Important:** Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used. +>**Important:** Not all computers support enhanced PIN characters in the pre-boot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used. ### Configure minimum PIN length for startup @@ -383,7 +383,7 @@ In that case, the lockout duration between each guess can be shortened to allow Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello. To help organizations with the transition, beginning with Windows 10, version 1709, and Windows 10, version 1703, with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters. -If the minimum PIN length is reduced from the default of 6 characters, then the TPM 2.0 lockout period will be extended. +If the minimum PIN length is reduced from the default of 6 characters, then the TPM 2.0 lockout period is extended. ### Disable new DMA devices when this computer is locked @@ -396,7 +396,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | **Drive type** | Operating system drives | | **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| | **Conflicts** | None | -| **When enabled** | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs-in again. | +| **When enabled** | Every time the user locks the screen, DMA is blocked on hot pluggable PCI ports until the user signs-in again. | | **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed-in.| **Reference** @@ -794,9 +794,9 @@ Passwords must be at least 8 characters. To configure a greater minimum length f When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity of the password. -When set to **Allow complexity**, a connection to a domain controller will be attempted to validate that the complexity adheres to the rules set by the policy. However, if no domain controllers are found, the password will still be accepted regardless of actual password complexity and the drive will be encrypted by using that password as a protector. +When set to **Allow complexity**, a connection to a domain controller is be attempted to validate that the complexity adheres to the rules set by the policy. However, if no domain controllers are found, the password is still be accepted regardless of actual password complexity and the drive is encrypted by using that password as a protector. -When set to **Do not allow complexity**, no password complexity validation will be done. +When set to **Do not allow complexity**, no password complexity validation is done. >**Note:** Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled. @@ -853,9 +853,9 @@ The default object identifier is 1.3.6.1.4.1.311.67.1.1. >**Note:** BitLocker does not make it mandatory for a certificate to have an EKU attribute; however, if one is configured for the certificate, it must be set to an object identifier that matches the object identifier configured for BitLocker. -### Enable use of BitLocker authentication requiring preboot keyboard input on slates +### Enable use of BitLocker authentication requiring pre-boot keyboard input on slates -This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. +This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates a lack of pre-boot input capability. @@ -865,7 +865,7 @@ This policy setting allows users to enable authentication options that require u - + @@ -885,7 +885,7 @@ This policy setting allows users to enable authentication options that require u - + @@ -896,9 +896,9 @@ This policy setting allows users to enable authentication options that require u Reference -The Windows touch keyboard (used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password. +The Windows touch keyboard (used by tablets) is not available in the pre-boot environment where BitLocker requires additional information, such as a PIN or password. -It is recommended that administrators enable this policy only for devices that are verified to have an alternative means of preboot input, such as attaching a USB keyboard. +It is recommended that administrators enable this policy only for devices that are verified to have an alternative means of pre-boot input, such as attaching a USB keyboard. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard. @@ -1829,8 +1829,8 @@ Enabling the **Configure the pre-boot recovery message and URL** policy setting Once you enable the setting, you have three options: - If you select the **Use default recovery message and URL** option, the default BitLocker recovery message and URL will be displayed on the pre-boot recovery screen. -- If you select the **Use custom recovery message** option, type the custom message in the **Custom recovery message option** text box. The message that you type in the **Custom recovery message option** text box will be displayed on the pre-boot recovery screen. If a recovery URL is available, include it in the message. -- If you select the **Use custom recovery URL** option, type the custom message URL in the **Custom recovery URL option** text box. The URL that you type in the **Custom recovery URL option** text box replaces the default URL in the default recovery message, which will be displayed on the pre-boot recovery screen. +- If you select the **Use custom recovery message** option, type the custom message in the **Custom recovery message option** text box. The message that you type in the **Custom recovery message option** text box is displayed on the pre-boot recovery screen. If a recovery URL is available, include it in the message. +- If you select the **Use custom recovery URL** option, type the custom message URL in the **Custom recovery URL option** text box. The URL that you type in the **Custom recovery URL option** text box replaces the default URL in the default recovery message, which is displayed on the pre-boot recovery screen. > **Important:** Not all characters and languages are supported in the pre-boot environment. We strongly recommend that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen. > @@ -2459,9 +2459,9 @@ For more information about setting this policy, see [System cryptography: Use FI ## Power management group policy settings: Sleep and Hibernate -PCs default power settings for a computer will cause the computer to enter Sleep mode frequently to conserve power when idle and to help extend the system’s battery life. When a computer transitions to Sleep, open programs and documents are persisted in memory. When a computer resumes from Sleep, users are not required to re-authenticate with a PIN or USB startup key to access encrypted data. This might lead to conditions where data security is compromised. +PCs default power settings for a computer causes the computer to enter Sleep mode frequently to conserve power when idle and to help extend the system’s battery life. When a computer transitions to Sleep, open programs and documents are persisted in memory. When a computer resumes from Sleep, users are not required to re-authenticate with a PIN or USB startup key to access encrypted data. This might lead to conditions where data security is compromised. -However, when a computer hibernates, the drive is locked, and when the computer resumes from hibernation the drive is unlocked, which means that users will need to provide a PIN or a startup key if using multifactor authentication with BitLocker. Therefore, organizations that use BitLocker may want to use Hibernate instead of Sleep for improved security. This setting does not have an impact on TPM-only mode, because it provides a transparent user experience at startup and when resuming from the Hibernate states. +However, when a computer hibernates, the drive is locked, and when the computer resumes from hibernation the drive is unlocked, which means that users need to provide a PIN or a startup key if using multifactor authentication with BitLocker. Therefore, organizations that use BitLocker may want to use Hibernate instead of Sleep for improved security. This setting does not have an impact on TPM-only mode, because it provides a transparent user experience at startup and when resuming from the Hibernate states. You can use disable the following group policy settings, which are located in **Computer Configuration\\Administrative Templates\\System\\Power Management**, to disable all available sleep states: From 8373aba86bc051de07e25609a28b74e566fd9218 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 11:57:22 +0530 Subject: [PATCH 015/540] Update-bitlocker-deployment-on-win-4318240 --- ...tlocker-how-to-deploy-on-windows-server.md | 40 ++++++++++--------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 4ba7629cc0..de37702230 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -22,24 +22,27 @@ ms.custom: bitlocker > Applies to: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 -This topic for the IT professional explains how to deploy BitLocker on Windows Server 2012 and later. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server to install. +This topic explains how to deploy BitLocker on Windows Server 2012 and later versions. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server on which it is to be installed. ## Installing BitLocker -### To install BitLocker using Server Manager +### To install BitLocker using server manager -1. Open Server Manager by selecting the Server Manager icon or running servermanager.exe. +1. Open server manager by selecting the server manager icon or running servermanager.exe. 2. Select **Manage** from the **Server Manager Navigation** bar and select **Add Roles and Features** to start the **Add Roles and Features Wizard.** -3. With the **Add Roles and Features Wizard** open, select **Next** at the **Before you begin** pane (if shown). -4. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features Wizard** pane and select **Next** to continue. -5. Select the **Select a server from the server pool option** in the **Server Selection** pane and confirm the server for the BitLocker feature install. -6. Server roles and features install using the same wizard in Server Manager. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. -7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features Wizard**. The wizard will show the additional management features available for BitLocker. If you do not want to install these features, deselect the **Include management tools option** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. +3. With the **Add Roles and Features** wizard open, select **Next** at the **Before you begin** pane (if shown). +**Question: Which is the icon to click if the "Before you begin" pane is not shown?** +4. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features** wizard and select **Next** to continue. +5. Select the **Select a server from the server pool option** in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. +**Question: Can "Option"be unbolded?** +6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. + **Note**: Server roles and features are installed by using the same wizard in Server Manager. +7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you do not want to install these features, deselect the **Include management tools option** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. - > **Note:**   The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for Encrypted Hard Drives on capable systems. + > **Note:**   The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems.   -8. Select **Install** on the **Confirmation** pane of the **Add Roles and Features Wizard** to begin BitLocker feature installation. The BitLocker feature requires a restart to complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane will force a restart of the computer after installation is complete. -9. If the **Restart the destination server automatically if required** check box is not selected, the **Results pane** of the **Add Roles and Features Wizard** will display the success or failure of the BitLocker feature installation. If required, a notification of additional action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. +8. Select **Install** on the **Confirmation** pane of the **Add Roles and Features** wizard to begin BitLocker feature installation. The BitLocker feature requires a restart for its installation to be complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the computer after installation is complete. +9. If the **Restart the destination server automatically if required** check box is not selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If required, a notification of additional action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. ### To install BitLocker using Windows PowerShell @@ -51,20 +54,20 @@ Windows PowerShell offers administrators another option for BitLocker feature in The `servermanager` Windows PowerShell module can use either the `Install-WindowsFeature` or `Add-WindowsFeature` to install the BitLocker feature. The `Add-WindowsFeature` cmdlet is merely a stub to the `Install-WindowsFeature`. This example uses the `Install-WindowsFeature` cmdlet. The feature name for BitLocker in the `servermanager` module is `BitLocker`. -By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell. +By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the installation process. This can be seen using the `-WhatIf` option in Windows PowerShell. ```powershell Install-WindowsFeature BitLocker -WhatIf ``` -The results of this command show that only the BitLocker Drive Encryption feature installs using this command. +The results of this command show that only the BitLocker Drive Encryption feature is installed using this command. -To see what would be installed with the BitLocker feature including all available management tools and sub-features, use the following command: +To see what would be installed with the BitLocker feature, including all available management tools and sub-features, use the following command: ```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl ``` -The result of this command displays the following list of all the administration tools for BitLocker that would be installed along with the feature, including tools for use with Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). +The result of this command displays the following list of all the administration tools for BitLocker which would be installed along with the feature, including tools for use with Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). - BitLocker Drive Encryption - BitLocker Drive Encryption Tools @@ -74,7 +77,7 @@ The result of this command displays the following list of all the administration - AD DS Tools - AD DS and AD LDS Tools -The command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion is: +The command to complete a full installation of the BitLocker feature with all available sub-features and then to reboot the server at completion is: ```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart @@ -85,12 +88,13 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools - ### Using the dism module to install BitLocker The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. +**Question: The phrase "The Bitlocker feature name for BitLockwer is 'BitLocker'" needs clarification. ```powershell Get-WindowsOptionalFeature -Online | ft ``` -From this output, we can see that there are three BitLocker related optional feature names: BitLocker, BitLocker-Utilities and BitLocker-NetworkUnlock. To install the BitLocker feature, the BitLocker and BitLocker-Utilities features are the only required items. +From this output, we can see that there are three BitLocker-related optional feature names: BitLocker, BitLocker-Utilities and BitLocker-NetworkUnlock. To install the BitLocker feature, the BitLocker and BitLocker-Utilities features are the only required items. To install BitLocker using the `dism` module, use the following command: @@ -98,7 +102,7 @@ To install BitLocker using the `dism` module, use the following command: Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All ``` -This command will prompt the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: +This command prompts the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: ```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All From f8efbcba802503e41a94d56bb988b2125a247c28 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 17:10:11 +0530 Subject: [PATCH 016/540] enable-network-unlock-4318240 --- .../bitlocker-how-to-enable-network-unlock.md | 132 +++++++++--------- 1 file changed, 67 insertions(+), 65 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index d8cb2c79de..abc71ef558 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -23,12 +23,12 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. +This topic describes how BitLocker Network Unlock works and how to configure it. -Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. +Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers. -Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. +Network Unlock allows BitLocker-enabled systems that have a TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. This topic contains: @@ -43,25 +43,25 @@ This topic contains: ## Network Unlock core requirements -Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain joined systems. These requirements include: +Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain-joined systems. These requirements include: -- You must be running at least Windows 8 or Windows Server 2012. -- Any supported operating system with UEFI DHCP drivers can be Network Unlock clients. -- Network Unlock clients must have a TPM chip and at least one TPM protector. +- Windows 8 or Windows Server 2012 as the current operating system. +- Any supported operating system with UEFI DHCP drivers that can serve as Network Unlock clients. +- Network Unlock clients with a TPM chip and at least one TPM protector. - A server running the Windows Deployment Services (WDS) role on any supported server operating system. - BitLocker Network Unlock optional feature installed on any supported server operating system. - A DHCP server, separate from the WDS server. - Properly configured public/private key pairing. -- Network Unlock Group Policy settings configured. +- Network Unlock group policy settings configured. -The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus, so you need to confirm that the network stack has been enabled in the BIOS before starting the computer. +The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus; therefore, you need to confirm that the network stack has been enabled in the BIOS before starting the computer. > [!NOTE] > To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled. -For Network Unlock to work reliably on computers running Windows 8 and later, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock will fail. +For Network Unlock to work reliably on computers running Windows 8 and later versions, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and must be used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock fails. -The Network Unlock server component installs on supported versions of Windows Server 2012 and later as a Windows feature using Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement. +The Network Unlock server component is installed on supported versions of Windows Server 2012 and later as a Windows feature that uses Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement. Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service needs to be running on the server. @@ -69,11 +69,11 @@ The network key is stored on the system drive along with an AES 256 session key, ## Network Unlock sequence -The unlock sequence starts on the client side, when the Windows boot manager detects the existence of Network Unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. +The unlock sequence starts on the client side when the Windows boot manager detects the existence of Network Unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet in order to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. -The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and for the public key certificate to be distributed to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM). +The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and distributing the public key certificate to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM). ![bitlocker network unlock sequence](images/bitlockernetworkunlocksequence.png) @@ -82,7 +82,7 @@ The server side configuration to enable Network Unlock also requires provisionin 1. The Windows boot manager detects that a Network Unlock protector exists in the BitLocker configuration. 2. The client computer uses its DHCP driver in the UEFI to obtain a valid IPv4 IP address. 3. The client computer broadcasts a vendor-specific DHCP request that contains: - 1. A Network Key (a 256-bit intermediate key) encrypted using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. + 1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. 2. An AES-256 session key for the reply. 4. The Network Unlock provider on the WDS server recognizes the vendor-specific request. 5. The provider decrypts it with the WDS server’s BitLocker Network Unlock certificate RSA private key. @@ -97,7 +97,7 @@ The following steps allow an administrator to configure Network Unlock in a doma ### Install the WDS Server role -The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. +The BitLocker Network Unlock feature installs the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock, you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. To install the role using Windows PowerShell, use the following command: @@ -105,13 +105,14 @@ To install the role using Windows PowerShell, use the following command: Install-WindowsFeature WDS-Deployment ``` -You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Domain Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. +You must configure the WDS server so that it can communicate with DHCP (and optionally AD DS) and the client computer. You can configure using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. ### Confirm the WDS Service is running -To confirm the WDS service is running, use the Services Management Console or Windows PowerShell. To confirm the service is running in Services Management Console, open the console using **services.msc** and check the status of the Windows Deployment Services service. +To confirm that the WDS service is running, use the Services Management Console or Windows PowerShell. To confirm that the service is running in Services Management Console, open the console using **services.msc** and check the status of the Windows Deployment Services service. +**Question: Is "Windows Deployment" a service or is the service name itself "Windows Deployment Services"? -To confirm the service is running using Windows PowerShell, use the following command: +To confirm that the service is running using Windows PowerShell, use the following command: ```powershell Get-Service WDSServer @@ -131,23 +132,23 @@ A properly configured Active Directory Services Certification Authority can use 1. Open the Certificates Template snap-in (certtmpl.msc). 2. Locate the User template. Right-click the template name and select **Duplicate Template**. -3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8 respectively. Ensure the **Show resulting changes** dialog box is selected. +3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8, respectively. Ensure that the **Show resulting changes** dialog box is selected. 4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the checkbox for the **Publish certificate in Active Directory** option. -5. Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop down menu. Ensure the **Allow private key to be exported** option is selected. -6. Select the **Cryptography** tab. Set the **Minimum key size** to 2048. (Any Microsoft cryptographic provider that supports RSA can be used for this template, but for simplicity and forward compatibility we recommend using the **Microsoft Software Key Storage Provider**.) -7. Select the **Requests must use one of the following providers** option and clear all options except for the cryptography provider you selected, such as the **Microsoft Software Key Storage Provider**. +5. Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop-down menu. Ensure that the **Allow private key to be exported** option is selected. +6. Select the **Cryptography** tab. Set the **Minimum key size** to 2048. (Any Microsoft cryptographic provider that supports RSA can be used for this template, but for simplicity and forward compatibility, we recommend using **Microsoft Software Key Storage Provider**.) +7. Select the **Requests must use one of the following providers** option and clear all options except for the cryptography provider you selected, such as **Microsoft Software Key Storage Provider**. 8. Select the **Subject Name** tab. Select **Supply in the request**. Select **OK** if the certificate templates pop-up dialog appears. 9. Select the **Issuance Requirements** tab. Select both **CA certificate manager approval** and **Valid existing certificate** options. 10. Select the **Extensions** tab. Select **Application Policies** and choose **Edit…**. 11. In the **Edit Application Policies Extension** options dialog box, select **Client Authentication**, **Encrypting File System**, **and Secure Email** and choose **Remove**. 12. On the **Edit Application Policies Extension** dialog box, select **Add**. -13. On the **Add Application Policy** dialog box, select **New**. In the **New Application Policy** dialog box enter the following information in the space provided and then click **OK** to create the BitLocker Network Unlock application policy: +13. On the **Add Application Policy** dialog box, select **New**. In the **New Application Policy** dialog box, enter the following information in the space provided and then click **OK** to create the BitLocker Network Unlock application policy: - **Name:** **BitLocker Network Unlock** - **Object Identifier:** **1.3.6.1.4.1.311.67.1.1** 14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**. -15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog, select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option. +15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog. Select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option. 16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission. 17. Select **OK** to complete configuration of the template. @@ -161,26 +162,26 @@ Network Unlock can use imported certificates from an existing PKI infrastructure To enroll a certificate from an existing certification authority (CA), do the following: -1. Open Certificate Manager on the WDS server using **certmgr.msc** -2. Under the Certificates - Current User item, right-click Personal -3. Select All Tasks, then **Request New Certificate** -4. Select **Next** when the Certificate Enrollment wizard opens -5. Select Active Directory Enrollment Policy +1. Open Certificate Manager on the WDS server using **certmgr.msc**. +2. Under the Certificates - Current User item, right-click **Personal**. +3. Select **All Tasks**; then select **Request New Certificate** +4. Select **Next** when the Certificate Enrollment wizard opens. +5. Select **Active Directory Enrollment Policy**. 6. Choose the certificate template created for Network Unlock on the Domain controller and select **Enroll**. When prompted for more information, add the following attribute to the certificate: - Select the **Subject Name** pane and provide a friendly name value. It is suggested that this friendly name include information for the domain or organizational unit for the certificate. For example "BitLocker Network Unlock Certificate for Contoso domain" -7. Create the certificate. Ensure the certificate appears in the Personal folder. -8. Export the public key certificate for Network Unlock +7. Create the certificate. Ensure that the certificate appears in the Personal folder. +8. Export the public key certificate for Network Unlock. - 1. Create a .cer file by right-clicking the previously created certificate, choosing **All Tasks**, then **Export**. + 1. Create a .cer file by right-clicking the previously created certificate, selecting **All Tasks**, and then selecting **Export**. 2. Select **No, do not export the private key**. 3. Select **DER encoded binary X.509** and complete exporting the certificate to a file. 4. Give the file a name such as BitLocker-NetworkUnlock.cer. -9. Export the public key with a private key for Network Unlock +9. Export the public key with a private key for Network Unlock. - 1. Create a .pfx file by right-clicking the previously created certificate, choosing **All Tasks**, then **Export**. + 1. Create a .pfx file by right-clicking the previously created certificate, selecting **All Tasks**, and then selecting **Export**. 2. Select **Yes, export the private key**. 3. Complete the wizard to create the .pfx file. @@ -194,7 +195,7 @@ New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN= Certreq example: -1. Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf. +1. Create a text file with an .inf extension, for example, notepad.exe BitLocker-NetworkUnlock.inf. 2. Add the following contents to the previously created file: ```ini @@ -222,33 +223,33 @@ Certreq example: certreq -new BitLocker-NetworkUnlock.inf BitLocker-NetworkUnlock.cer ``` -4. Verify the previous command properly created the certificate by confirming the .cer file exists. +4. Verify that certificate was properly created by the previous command by confirming that the .cer file exists. 5. Launch Certificates - Local Machine by running **certlm.msc**. -6. Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file. +6. Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, and then selecting **Export**. Follow through the wizard to create the .pfx file. ### Deploy the private key and certificate to the WDS server With the certificate and key created, deploy them to the infrastructure to properly unlock systems. To deploy the certificates, do the following: 1. On the WDS server, open a new MMC and add the certificates snap-in. Select the computer account and local computer when given the options. -2. Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**. +2. Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item -, select **All Tasks**, and then select **Import**. 3. In the **File to Import** dialog, choose the .pfx file created previously. 4. Enter the password used to create the .pfx and complete the wizard. -### Configure Group Policy settings for Network Unlock +### Configure group policy settings for Network Unlock -With certificate and key deployed to the WDS server for Network Unlock, the final step is to use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group Policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console. +With certificate and key deployed to the WDS server for Network Unlock, the final step is to use group policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console. -The following steps describe how to enable the Group Policy setting that is a requirement for configuring Network Unlock. +The following steps describe how to enable the group policy setting that is a requirement for configuring Network Unlock. 1. Open Group Policy Management Console (gpmc.msc). 2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** or **Allow startup PIN with TPM** option. 3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. -The following steps describe how to deploy the required Group Policy setting: +The following steps describe how to deploy the required group policy setting: > [!NOTE] -> The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012. +> The group policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012. 1. Copy the .cer file created for Network Unlock to the domain controller. 2. On the domain controller, launch Group Policy Management Console (gpmc.msc). @@ -256,23 +257,23 @@ The following steps describe how to deploy the required Group Policy setting: 4. Deploy the public certificate to clients: 1. Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**. - 2. Right-click the folder and choose **Add Network Unlock Certificate**. + 2. Right-click the folder and select **Add Network Unlock Certificate**. 3. Follow the wizard steps and import the .cer file that was copied earlier. > [!NOTE] -> Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. +> Only one Network Unlock Certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. 5. Reboot the clients after deploying the group policy. > [!NOTE] - > The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store. + > The **Network (Certificate Based)** protector will be added only after a reboot, with the policy enabled and a valid certificate present in the FVE_NKP store. ### Subnet policy configuration files on WDS Server (Optional) -By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which subnet(s) Network Unlock clients can use to unlock. +By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which are the subnet(s) the Network Unlock clients can use to unlock. -The configuration file, called bde-network-unlock.ini, must be located in the same directory as the Network Unlock provider DLL (%windir%\System32\Nkpprov.dll) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider will fail and stop responding to requests. +The configuration file, called bde-network-unlock.ini, must be located in the same directory as the Network Unlock provider DLL (%windir%\System32\Nkpprov.dll) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider fails and stops responding to requests. -The subnet policy configuration file must use a “\[SUBNETS\]” section to identify the specific subnets. The named subnets may then be used to specify restrictions in certificate subsections. Subnets are defined as simple name-value pairs, in the common INI format, where each subnet has its own line, with the name on the left of the equals sign, and the subnet identified on the right of the equal sign as a Classless Inter-Domain Routing (CIDR) address or range. The key word “ENABLED” is disallowed for subnet names. +The subnet policy configuration file must use a “\[SUBNETS\]” section to identify the specific subnets. The named subnets may then be used to specify restrictions in certificate subsections. Subnets are defined as simple name–value pairs, in the common INI format, where each subnet has its own line, with the name on the left of the equal-sign, and the subnet identified on the right of the equal-sign as a Classless Inter-Domain Routing (CIDR) address or range. The key word “ENABLED” is disallowed for subnet names. ```ini [SUBNETS] @@ -281,12 +282,13 @@ SUBNET2=10.185.252.200/28 SUBNET3= 2001:4898:a:2::/64 ; an IPv6 subnet SUBNET4=2001:4898:a:3::/64; in production, the admin would likely give more useful names, like BUILDING9-EXCEPT-RECEP. ``` -Following the \[SUBNETS\] section, there can be sections for each Network Unlock certificate, identified by the certificate thumbprint formatted without any spaces, which define subnets clients can be unlocked from with that certificate. +Following the \[SUBNETS\] section, there can be sections for each Network Unlock certificate, identified by the certificate thumbprint formatted without any spaces, which define the subnets clients that can be unlocked from that certificate. +**Question: Is the above phrase implying the intended technical meaning? > [!NOTE] -> When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint the subnet configuration will fail because the thumbprint will not be recognized as valid. +> When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint, the subnet configuration fails because the thumbprint will not be recognized as valid. -Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnet is listed in a certificate section, then only those subnets listed are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section. +Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnets are listed in a certificate section, then only those subnets are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section. Subnet lists are created by putting the name of a subnet from the \[SUBNETS\] section on its own line below the certificate section header. Then, the server will only unlock clients with this certificate on the subnet(s) specified as in the list. For troubleshooting, a subnet can be quickly excluded without deleting it from the section by simply commenting it out with a prepended semi-colon. ```ini [‎2158a767e1c14e88e27a4c0aee111d2de2eafe60] @@ -301,26 +303,26 @@ To disallow the use of a certificate altogether, its subnet list may contain the ## Turning off Network Unlock -To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors the **Allow Network Unlock at startup** Group Policy setting should be disabled. When this policy setting is updated to disabled on client computers any Network Unlock key protectors on the computer will be deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. +To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors, the **Allow Network Unlock at startup** group policy setting should be disabled. When this policy setting is updated to **disabled** on client computers, any Network Unlock key protector on the computer is deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. > [!NOTE] > Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. ## Update Network Unlock certificates -To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller. +To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate group policy setting on the domain controller. ## Troubleshoot Network Unlock Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue will be the root cause of the failure. Items to verify include: -- Verify client hardware is UEFI-based and is on firmware version is 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. -- All required roles and services are installed and started +- Verify that the client hardware is UEFI-based and is on firmware version 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. +- All required roles and services are installed and started. - Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer. - Group policy for Network Unlock is enabled and linked to the appropriate domains. -- Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. -- Verify the clients were rebooted after applying the policy. -- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the local computer: +- Verify whether group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. +- Verify whether the clients were rebooted after applying the policy. +- Verify whether the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For exampley, the following command will list the key protectors currently configured on the C: drive of the local computer: ```powershell manage-bde -protectors -get C: @@ -330,9 +332,9 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many Files to gather when troubleshooting BitLocker Network Unlock include: -1. The Windows event logs. Specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log +1. The Windows event logs, specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log - Debug logging is turned off by default for the WDS server role, so you will need to enable it first. You can use either of the following two methods to turn on WDS debug logging. + Debug logging is turned off by default for the WDS server role; therefore, you will need to enable it first. You can use either of the following two methods to turn on WDS debug logging. 1. Start an elevated command prompt and run the following command: @@ -346,12 +348,12 @@ Files to gather when troubleshooting BitLocker Network Unlock include: In the right pane, click **Enable Log**. 2. The DHCP subnet configuration file (if one exists). -3. The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell. +3. The output of the BitLocker status on the volume. This can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell. 4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address. ## Configure Network Unlock Group Policy settings on earlier versions -Network Unlock and the accompanying Group Policy settings were introduced in Windows Server 2012 but can be deployed using operating systems running Windows Server 2008 R2 and Windows Server 2008. +Network Unlock and the accompanying group policy settings were introduced in Windows Server 2012 but can be deployed using operating systems running Windows Server 2008 R2 and Windows Server 2008. **Requirements** @@ -379,8 +381,8 @@ The following steps can be used to configure Network Unlock on these older syste reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 2 /f ``` -7. Set up a TPM protector on the clients -8. Reboot the clients to add the Network (Certificate Based) protector +7. Set up a TPM protector on the clients. +8. Reboot the clients to add the Network (certificate based) protector. ## See also From bf3cc259c0ccacf40efecd6de726620d3a9f539c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 17:24:50 +0530 Subject: [PATCH 017/540] Update bitlocker-how-to-enable-network-unlock.md --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index abc71ef558..5abfa6d063 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -322,7 +322,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Group policy for Network Unlock is enabled and linked to the appropriate domains. - Verify whether group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. - Verify whether the clients were rebooted after applying the policy. -- Verify whether the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For exampley, the following command will list the key protectors currently configured on the C: drive of the local computer: +- Verify whether the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example, the following command will list the key protectors currently configured on the C: drive of the local computer: ```powershell manage-bde -protectors -get C: From 1f3800ffb76a1079b4c2d6c16cd95fe7ce25b88e Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 17:32:51 +0530 Subject: [PATCH 018/540] Update bcd-settings-and-bitlocker.md --- .../bitlocker/bcd-settings-and-bitlocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index c8dcba43f2..58b43c969a 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -23,7 +23,7 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker. +This topic describes the Boot Configuration Data (BCD) settings that are used by BitLocker. When protecting data at rest on an operating system volume, during the boot process, BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. From 49a0e659efff649a31d0b7e686a4454f68adb1cd Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 18:21:37 +0530 Subject: [PATCH 019/540] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 4bef840b55..c11eb7f811 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -71,7 +71,7 @@ The next sections cover pre-boot authentication and DMA policies that can provid ### Pre-boot authentication -Pre-boot authentication with BitLocker is a policy setting that requires the use of either of the user input, such as a PIN, or a startup key, or both to authenticate prior to making the contents of the system drive accessible. +Pre-boot authentication with BitLocker is a policy setting that requires the use of user input, such as a PIN, or a startup key, or both to authenticate prior to making the contents of the system drive accessible. The group policy setting is [Require additional authentication at startup](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) and the corresponding setting in the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication. BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. @@ -112,9 +112,10 @@ You can use the System Information desktop app (MSINFO32) to check if a device h ![Kernel DMA protection](images/kernel-dma-protection.png) -If kernel DMA protection is *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports: +If kernel DMA protection is *not* enabled, follow these steps to protect Thunderbolt™ 3-enabled ports: 1. Require a password for BIOS changes. +**Question: What is the source from which the user can get this password?** 2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) 3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607): From 8cee9b13680f6d062dda67e59ad19a7078f0706f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 18:57:01 +0530 Subject: [PATCH 020/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 55afaec728..2bf5b19a16 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -113,7 +113,7 @@ Selecting an encryption type and choosing **Next** gives user the option of runn After completing the system check (if selected), the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. -**Question - Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons ? ** +**Question - Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons ?** Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. From 7d919bc61053881dbdaad116b00c2f8a18e50f71 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 7 Sep 2020 19:03:33 +0530 Subject: [PATCH 021/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 2bf5b19a16..bde3cb8841 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -113,7 +113,7 @@ Selecting an encryption type and choosing **Next** gives user the option of runn After completing the system check (if selected), the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. -**Question - Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons ?** +**Question: Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons?** Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. From d7cc8168cffa1bd9f6263bf07caf6eace33a0700 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 8 Sep 2020 09:44:04 +0530 Subject: [PATCH 022/540] Update bitlocker-how-to-deploy-on-windows-server.md --- .../bitlocker-how-to-deploy-on-windows-server.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index de37702230..840377a1ae 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -33,11 +33,11 @@ This topic explains how to deploy BitLocker on Windows Server 2012 and later ver 3. With the **Add Roles and Features** wizard open, select **Next** at the **Before you begin** pane (if shown). **Question: Which is the icon to click if the "Before you begin" pane is not shown?** 4. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features** wizard and select **Next** to continue. -5. Select the **Select a server from the server pool option** in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. -**Question: Can "Option"be unbolded?** +5. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. 6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. **Note**: Server roles and features are installed by using the same wizard in Server Manager. -7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you do not want to install these features, deselect the **Include management tools option** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. +7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you do not want to install these features, deselect the **Include management tools +** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. > **Note:**   The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems.   @@ -88,7 +88,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools - ### Using the dism module to install BitLocker The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. -**Question: The phrase "The Bitlocker feature name for BitLockwer is 'BitLocker'" needs clarification. +**Question: The phrase "The Bitlocker feature name for BitLocker is 'BitLocker'" needs clarification. ```powershell Get-WindowsOptionalFeature -Online | ft From a5f1a448b97e0ebf4cd262313a04731b4808f509 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Tue, 8 Sep 2020 11:04:08 +0530 Subject: [PATCH 023/540] Reviewed bitlocker-deployment-and-administration-faq.md (#3725) Reviewed the content and made minor changes. --- .../bitlocker-deployment-and-administration-faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index eaae8a3519..b51fa27c9f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -25,7 +25,7 @@ ms.custom: bitlocker ## Can BitLocker deployment be automated in an enterprise environment? -Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/bitlocker/index?view=win10-ps). +Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more information about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more information about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/bitlocker/index?view=win10-ps). ## Can BitLocker encrypt more than just the operating system drive? @@ -33,7 +33,7 @@ Yes. BitLocker can encrypt non-system drives and removable storage devices with ## Is there a noticeable performance impact when BitLocker is enabled on a computer? -Generally it imposes a single-digit percentage performance overhead. +Generally, it imposes a single-digit percentage performance overhead. ## How long will initial encryption take when BitLocker is turned on? @@ -51,7 +51,7 @@ No, BitLocker does not encrypt and decrypt the entire drive when reading and wri ## How can I prevent users on a network from storing data on an unencrypted drive? -You can configure group policy settings to make it mandatory for data drives to become BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). +You can configure group policy settings to make it mandatory for data drives to become BitLocker-protected before a BitLocker-protected computer can write data to them. For more information, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only. ## What is Used Disk Space Only encryption? From 0fbbb8a97293f0a17ced921d460d3f67c04653e8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 8 Sep 2020 13:09:02 +0530 Subject: [PATCH 024/540] Update bl-kymgmt-4318240 --- .../bitlocker/bitlocker-key-management-faq.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index d7338589c5..62a57fcec3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -25,7 +25,7 @@ ms.custom: bitlocker ## How can I authenticate or unlock my removable data drive? -You can unlock removable data drives by using a password, a smart card, or you can configure a SID protector to unlock a drive by using your domain credentials. After you've started encryption, the drive can also be automatically unlocked on a specific computer for a specific user account. System administrators can configure which options are available for users, as well as password complexity and minimum length requirements. To unlock by using a SID protector, use Manage-bde: +You can unlock removable data drives by using a password, a smart card, or configuration of an SID protector through your domain credentials. After you've started encryption, the drive can also be automatically unlocked on a specific computer for a specific user account. System administrators can configure the options that would be made available for users, as well as password complexity and minimum length requirements. To unlock by using an SID protector, use Manage-bde: Manage-bde -protectors -add e: -sid domain\username @@ -35,13 +35,13 @@ For tables that list and describe elements such as a recovery password, recovery ## How can the recovery password and recovery key be stored? -The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to your Microsoft Account, or printed. +The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to your Microsoft account, or printed. -For removable data drives, the recovery password and recovery key can be saved to a folder, saved to your Microsoft Account, or printed. By default, you cannot store a recovery key for a removable drive on a removable drive. +For removable data drives, the recovery password and recovery key can be saved to a folder, saved to your Microsoft account, or printed. By default, you cannot store a recovery key for a removable drive on a removable drive. -A domain administrator can additionally configure Group Policy to automatically generate recovery passwords and store them in Active Directory Domain Services (AD DS) for any BitLocker-protected drive. +A domain administrator can additionally configure group policy to automatically generate recovery passwords and store them in Active Directory Domain Services (AD DS) for any BitLocker-protected drive. -## Is it possible to add an additional method of authentication without decrypting the drive if I only have the TPM authentication method enabled? +## Is it possible to add an additional method of authentication without decrypting the drive if I have only the TPM authentication method enabled? You can use the Manage-bde.exe command-line tool to replace your TPM-only authentication mode with a multifactor authentication mode. For example, if BitLocker is enabled with TPM authentication only and you want to add PIN authentication, use the following commands from an elevated command prompt, replacing *4-20 digit numeric PIN* with the numeric PIN you want to use: @@ -52,7 +52,7 @@ You can use the Manage-bde.exe command-line tool to replace your TPM-only authen ## When should an additional method of authentication be considered? -New hardware that meets [Windows Hardware Compatibility Program](https://docs.microsoft.com/windows-hardware/design/compatibility/) requirements make a PIN less critical as a mitigation, and having a TPM-only protector is likely sufficient when combined with policies like device lockout. For example, Surface Pro and Surface Book do not have external DMA ports to attack. +New hardware that meets [Windows Hardware Compatibility Program](https://docs.microsoft.com/windows-hardware/design/compatibility/) requirements make a PIN less critical as a mitigation, and renders a TPM-only protector combined with policies like device lockout as sufficient. For example, Surface Pro and Surface Book do not have external DMA ports to attack. For older hardware, where a PIN may be needed, it’s recommended to enable [enhanced PINs](bitlocker-group-policy-settings.md#bkmk-unlockpol2) that allow non-numeric characters such as letters and punctuation marks, and to set the PIN length based on your risk tolerance and the hardware anti-hammering capabilities available to the TPMs in your computers. ## If I lose my recovery information, will the BitLocker-protected data be unrecoverable? @@ -60,15 +60,15 @@ For older hardware, where a PIN may be needed, it’s recommended to enable [enh BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive. > [!IMPORTANT] -> Store the recovery information in AD DS, along with your Microsoft Account, or another safe location. +> Store the recovery information in AD DS, along with your Microsoft account, or in another safe location. ## Can the USB flash drive that is used as the startup key also be used to store the recovery key? -While this is technically possible, it is not a best practice to use one USB flash drive to store both keys. If the USB flash drive that contains your startup key is lost or stolen, you also lose access to your recovery key. In addition, inserting this key would cause your computer to automatically boot from the recovery key even if TPM-measured files have changed, which circumvents the TPM's system integrity check. +While this is technically possible, it is not a best practice to use one USB flash drive to store both keys. If the USB flash drive that contains your startup key is lost or stolen, you also lose access to your recovery key. In addition, inserting this key causes your computer to automatically boot from the recovery key even if TPM-measured files have changed, which circumvents the TPM's system integrity check. ## Can I save the startup key on multiple USB flash drives? -Yes, you can save a computer's startup key on multiple USB flash drives. Right-clicking a BitLocker-protected drive and selecting **Manage BitLocker** will provide you the options to duplicate the recovery keys as needed. +Yes, you can save a computer's startup key on multiple USB flash drives. Right-clicking a BitLocker-protected drive and selecting **Manage BitLocker** provides you the options to duplicate the recovery keys as needed. ## Can I save multiple (different) startup keys on the same USB flash drive? @@ -84,23 +84,23 @@ You cannot generate multiple PIN combinations. ## What encryption keys are used in BitLocker? How do they work together? -Raw data is encrypted with the full volume encryption key, which is then encrypted with the volume master key. The volume master key is in turn encrypted by one of several possible methods depending on your authentication (that is, key protectors or TPM) and recovery scenarios. +Raw data is encrypted with the full volume encryption key which is then encrypted with the volume master key. The volume master key is in turn encrypted by one of several possible methods depending on your authentication (that is, key protectors or TPM) and recovery scenarios. ## Where are the encryption keys stored? -The full volume encryption key is encrypted by the volume master key and stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and stored in the encrypted drive. If BitLocker has been suspended, the clear key that is used to encrypt the volume master key is also stored in the encrypted drive, along with the encrypted volume master key. +The full volume encryption key is encrypted by the volume master key and is stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and is stored in the encrypted drive. If BitLocker has been suspended, the clear key that is used to encrypt the volume master key is also stored in the encrypted drive, along with the encrypted volume master key. This storage process ensures that the volume master key is never stored unencrypted and is protected unless you disable BitLocker. The keys are also saved to two additional locations on the drive for redundancy. The keys can be read and processed by the boot manager. ## Why do I have to use the function keys to enter the PIN or the 48-character recovery password? -The F1 through F10 keys are universally mapped scan codes available in the pre-boot environment on all computers and in all languages. The numeric keys 0 through 9 are not usable in the pre-boot environment on all keyboards. +The F1–F10 keys are universally mapped scan codes available in the pre-boot environment on all computers and in all languages. The numeric keys 0–9 are not usable in the pre-boot environment on all keyboards. When using an enhanced PIN, users should run the optional system check during the BitLocker setup process to ensure that the PIN can be entered correctly in the pre-boot environment. ## How does BitLocker help prevent an attacker from discovering the PIN that unlocks my operating system drive? -It is possible that a personal identification number (PIN) can be discovered by an attacker performing a brute force attack. A brute force attack occurs when an attacker uses an automated tool to try different PIN combinations until the correct one is discovered. For BitLocker-protected computers, this type of attack, also known as a dictionary attack, requires that the attacker have physical access to the computer. +It is possible that a personal identification number (PIN) can be discovered by an attacker performing a brute force attack. A brute force attack occurs when an attacker uses an automated tool to try different PIN combinations until the correct one is discovered. For BitLocker-protected computers, this type of attack, also known as a dictionary attack, requires the attacker to have physical access to the computer. The TPM has the built-in ability to detect and react to these types of attacks. Because different manufacturers' TPMs may support different PIN and attack mitigations, contact your TPM's manufacturer to determine how your computer's TPM mitigates PIN brute force attacks. After you have determined your TPM's manufacturer, contact the manufacturer to gather the TPM's vendor-specific information. Most manufacturers use the PIN authentication failure count to exponentially increase lockout time to the PIN interface. However, each manufacturer has different policies regarding when and how the failure counter is decreased or reset. @@ -119,7 +119,7 @@ The following questions can assist you when asking a TPM manufacturer about the ## Can PIN length and complexity be managed with Group Policy? -Yes and No. You can configure the minimum personal identification number (PIN) length by using the **Configure minimum PIN length for startup** Group Policy setting and allow the use of alphanumeric PINs by enabling the **Allow enhanced PINs for startup** Group Policy setting. However, you cannot require PIN complexity by Group Policy. +Yes and No. You can configure the minimum personal identification number (PIN) length by using the **Configure minimum PIN length for startup** group policy setting and allow the use of alphanumeric PINs by enabling the **Allow enhanced PINs for startup** group policy setting. However, you cannot require PIN complexity by group policy. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). From 6012dcb057be1b62ec1bf5c78cd1d3681cf68e99 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 8 Sep 2020 18:11:04 +0530 Subject: [PATCH 025/540] Update blnw-unlck-4318240 --- .../bitlocker/bitlocker-network-unlock-faq.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index 264ee0242a..863edab626 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -24,12 +24,12 @@ ms.custom: bitlocker BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer that is connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method. -To use Network Unlock you must also have a PIN configured for your computer. When your computer is not connected to the network you will need to provide the PIN to unlock it. +To use Network Unlock, you must also have a PIN configured for your computer. When your computer is not connected to the network, you will need to provide the PIN to unlock it. -BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it. +BitLocker Network Unlock has software and hardware requirements for client computers, Windows Deployment services, and domain controllers, which must be met before you can use it. -Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is -not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network. +Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector, it prompts you to enter your PIN. If the PIN is +not available, you will need to use the recovery key to unlock the computer if it cannot be connected to the network. For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). From 4f42121d60ed4b1f2cc852ef6e04de451d53193b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 9 Sep 2020 11:52:28 +0530 Subject: [PATCH 026/540] updated content based on IR comments --- .../bitlocker-group-policy-settings.md | 110 +++++++++--------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 502fcf5b27..2d79a22931 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -120,7 +120,7 @@ This policy setting allows users of devices that are compliant with Modern Stand - + @@ -170,7 +170,7 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock - + @@ -191,7 +191,7 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the group policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer; therefore, computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock feature. ->**Note:** For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or cannot connect to the domain controller at startup. +>**Note:** For reliability and security, computers must also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or cannot connect to the domain controller at startup. For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). @@ -219,7 +219,7 @@ This policy setting is used to determine which unlock options are available for - + @@ -296,7 +296,7 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth - + @@ -394,7 +394,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | **Policy description** | This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys. | | **Introduced** | Windows 10, version 1703 | | **Drive type** | Operating system drives | -| **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +| **Policy path** | **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**| | **Conflicts** | None | | **When enabled** | Every time the user locks the screen, DMA is blocked on hot pluggable PCI ports until the user signs-in again. | | **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed-in.| @@ -451,7 +451,7 @@ To change the PIN or password, the user must be able to provide the current PIN ### Configure use of passwords for operating system drives -This policy controls how non-TPM based systems utilize the password protector. Used in conjunction with the **Password must meet complexity requirements** policy, this policy allows administrators to make password length and complexity mandatory for using the password protector. By default, passwords must be eight characters in length. Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators should choose **Require password complexity** because it requires domain connectivity, and it requires the BitLocker password to meet the same password complexity requirements as domain sign-in passwords. +This policy controls how non-TPM based systems utilize the password protector. Used in conjunction with the **Password must meet complexity requirements** policy, this policy allows administrators to make password length and complexity mandatory for using the password protector. By default, passwords must be eight characters in length. Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators must choose **Require password complexity** because it requires domain connectivity, and it requires the BitLocker password to meet the same password complexity requirements as domain sign-in passwords.

Policy description

With this policy setting, you can allow users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.

With this policy setting, you can allow users to enable authentication options that require user input from the pre-boot environment, even if the platform indicates a lack of pre-boot input capability.

Introduced

When enabled

Devices must have an alternative means of preboot input (such as an attached USB keyboard).

Devices must have an alternative means of pre-boot input (such as an attached USB keyboard).

When disabled or not configured

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

@@ -473,13 +473,13 @@ This policy controls how non-TPM based systems utilize the password protector. U - + - + @@ -600,11 +600,11 @@ This policy setting is used to require, allow, or deny the use of smart cards wi - + - + @@ -649,11 +649,11 @@ This policy setting is used to require, allow, or deny the use of passwords with - + - + @@ -685,9 +685,9 @@ Passwords must be at least 8 characters. To configure a greater minimum length f For the complexity requirement setting to be effective, the group policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Password must meet complexity requirements** must also be enabled. This policy setting is configured on a per-computer basis. This means that it applies to local user accounts and domain user accounts. Because the password filter that is used to validate password complexity is located on the domain controllers, local user accounts cannot access the password filter because they are not authenticated for domain access. When this policy setting is enabled, if you sign in with a local user account, and you attempt to encrypt a drive or change a password on an existing BitLocker-protected drive, an "Access denied" error message is displayed. In this situation, the password key protector cannot be added to the drive. -Enabling this policy setting requires a connectivity to be established to a domain before adding a password key protector to a BitLocker-protected drive. Users who work remotely and have periods of time in which they cannot connect to the domain should be made aware of this requirement so that they can schedule a time during which they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive. +Enabling this policy setting requires a connectivity to be established to a domain before adding a password key protector to a BitLocker-protected drive. Users who work remotely and have periods of time in which they cannot connect to the domain must be made aware of this requirement so that they can schedule a time during which they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive. ->**Important:** Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled. +>**Important:** Passwords cannot be used if FIPS-compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS-compliance is enabled. ### Configure use of smart cards on removable data drives @@ -713,7 +713,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi - + @@ -762,11 +762,11 @@ This policy setting is used to require, allow, or deny the use of passwords with - + - + @@ -798,7 +798,7 @@ When set to **Allow complexity**, a connection to a domain controller is be atte When set to **Do not allow complexity**, no password complexity validation is done. ->**Note:** Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled. +>**Note:** Passwords cannot be used if FIPS-compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS-compliance is enabled. For information about this setting, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://technet.microsoft.com/library/jj852211.aspx). @@ -826,7 +826,7 @@ This policy setting is used to determine the certificate that is to be used with - + @@ -877,7 +877,7 @@ This policy setting allows users to enable authentication options that require u - + @@ -932,7 +932,7 @@ This policy setting is used to make encryption of fixed drives mandatory prior t - + @@ -961,7 +961,7 @@ Conflict considerations include: - If you attempted to shrink the drive and create the system drive, the drive size is successfully reduced and a raw partition is created. However, the raw partition is not formatted. The following error message is displayed: "The new active drive cannot be formatted. You may need to manually prepare your drive for BitLocker." - If you attempt to use unallocated space to create the system drive, a raw partition will be created. However, the raw partition will not be formatted. The following error message is displayed: "The new active drive cannot be formatted. You may need to manually prepare your drive for BitLocker." - If you attempt to merge an existing drive into the system drive, the tool fails to copy the required boot file onto the target drive to create the system drive. The following error message is displayed: "BitLocker setup failed to copy boot files. You may need to manually prepare your drive for BitLocker." -3. If this policy setting is enforced, a hard drive cannot be repartitioned because the drive is protected. If you are upgrading computers in your organization from a previous version of Windows, and those computers were configured with a single partition, you should create the required BitLocker system partition before you apply this policy setting to the computers. +3. If this policy setting is enforced, a hard drive cannot be repartitioned because the drive is protected. If you are upgrading computers in your organization from a previous version of Windows, and those computers were configured with a single partition, you must create the required BitLocker system partition before you apply this policy setting to the computers. ### Deny write access to removable drives not protected by BitLocker @@ -987,7 +987,7 @@ This policy setting is used to make it mandatory for removable drives to be encr - + @@ -1040,7 +1040,7 @@ This policy setting is used to prevent users from turning BitLocker on or off on - + @@ -1096,7 +1096,7 @@ This policy setting is used to control the encryption method and cipher strength - + @@ -1120,7 +1120,7 @@ Enterprises may want to control the encryption level for increased security (AES If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives, individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. -For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511, or later. +For removable drives, you must use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511, or later. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored. @@ -1152,7 +1152,7 @@ This policy controls how BitLocker reacts to systems that are equipped with encr - + @@ -1207,7 +1207,7 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper - + @@ -1263,7 +1263,7 @@ This policy controls how BitLocker reacts to encrypted drives when they are used - + @@ -1319,7 +1319,7 @@ This policy controls whether fixed data drives utilize Used Space Only encryptio - + @@ -1368,7 +1368,7 @@ This policy controls whether operating system drives utilize Full encryption or - + @@ -1417,7 +1417,7 @@ This policy controls whether fixed data drives utilize Full encryption or Used S - + @@ -1466,7 +1466,7 @@ This policy setting is used to configure recovery methods for operating system d - + @@ -1527,7 +1527,7 @@ This policy setting is used to configure recovery methods for BitLocker-protecte - + @@ -1581,7 +1581,7 @@ This policy setting is used to configure the storage of BitLocker recovery infor - + @@ -1639,7 +1639,7 @@ This policy setting is used to configure the default folder for recovery passwor - + @@ -1686,7 +1686,7 @@ This policy setting is used to configure recovery methods for fixed data drives. - + @@ -1747,7 +1747,7 @@ This policy setting is used to configure recovery methods for removable data dri - + @@ -1805,7 +1805,7 @@ This policy setting is used to configure the entire recovery message and to repl - + @@ -1860,7 +1860,7 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc - + @@ -1909,7 +1909,7 @@ This policy setting is used to establish an identifier that is applied to all dr - + @@ -1966,7 +1966,7 @@ This policy setting is used to control whether the computer's memory will be ove - + @@ -2011,7 +2011,7 @@ This policy setting determines the values that are measured by TPM when it valid - + @@ -2086,7 +2086,7 @@ This policy setting determines the values that are measured by the TPM when it v - + @@ -2161,12 +2161,12 @@ This policy setting determines the values to be measured by the TPM when it vali - + @@ -2236,7 +2236,7 @@ This policy setting determines if you want platform validation data to refresh w - + @@ -2285,7 +2285,7 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t - + @@ -2334,7 +2334,7 @@ This policy setting is used to control whether access to drives is allowed by us - + @@ -2383,7 +2383,7 @@ This policy setting controls access to removable data drives that are using the - + @@ -2408,7 +2408,7 @@ When this policy setting is enabled, select the **Do not install BitLocker To Go ## FIPS setting -You can configure the Federal Information Processing Standard (FIPS) setting for FIPS compliance. As an effect of FIPS compliance, users cannot create or save a BitLocker password for recovery or as a key protector. The use of a recovery key is permitted. +You can configure the Federal Information Processing Standard (FIPS) setting for FIPS-compliance. As an effect of FIPS-compliance, users cannot create or save a BitLocker password for recovery or as a key protector. The use of a recovery key is permitted.

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Passwords cannot be used if FIPS-compliance is enabled.

-Note

The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, specifies whether FIPS-compliance is enabled.

+Note

The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options, specifies whether FIPS-compliance is enabled.

@@ -536,7 +536,7 @@ This policy setting is used to determine the unlock options that would be made a

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.

To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\\Administrative Templates\\BitLocker Drive Encryption\\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.

When enabled

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

To use password complexity, the Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements policy setting must also be enabled.

To use password complexity, the Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Password must meet complexity requirements policy setting must also be enabled.

When enabled

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives/b>

Conflicts

To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy, must also be enabled.

To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy, must also be enabled.

When enabled

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drive

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

Policy path

Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Configure pre-boot recovery message and URL

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Setting this policy with PCR 7 omitted results in an override of the Allow Secure Boot for integrity validation group policy setting, and this new setting prevents BitLocker from using secure boot for platform or Boot Configuration Data (BCD) integrity validation.

-

If your environments use TPM and secure boot for platform integrity checks, this policy should not be configured.

+

If your environments use TPM and secure boot for platform integrity checks, this policy must not be configured.

For more information about PCR 7, see Platform Configuration Register (PCR) in this topic.

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Fixed Data Drives

Conflicts

Policy path

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives

Conflicts

@@ -2430,7 +2430,7 @@ You can configure the Federal Information Processing Standard (FIPS) setting for - + @@ -2449,7 +2449,7 @@ You can configure the Federal Information Processing Standard (FIPS) setting for Reference -This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords; therefore, recovery keys should be used, instead. +This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords; therefore, recovery keys must be used, instead. You can save the optional recovery key to a USB drive. Because recovery passwords cannot be saved to AD DS when FIPS is enabled, an error is caused if AD DS backup is required by group policy. From 6cc5d49b5b57ecf583e72273c08b6bc977c49727 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 9 Sep 2020 14:51:12 +0530 Subject: [PATCH 027/540] Update bl-ovw-req-4318240 Made minor changes - 4318240 --- ...bitlocker-overview-and-requirements-faq.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 7f9715b9c0..13b28c1fb9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -25,50 +25,50 @@ ms.custom: bitlocker ## How does BitLocker work? -**How BitLocker works with operating system drives** +**How does BitLocker work with operating system drives** -You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data. +You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). -**How BitLocker works with fixed and removable data drives** +**How does BitLocker work with fixed and removable data drives** -You can use BitLocker to encrypt the entire contents of a data drive. You can use Group Policy to require that BitLocker be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock methods for data drives, and a data drive supports multiple unlock methods. +You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. ## Does BitLocker support multifactor authentication? -Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later, you can use additional forms of authentication with the TPM protection. +Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later versions, you can use additional forms of authentication with the TPM protection. ## What are the BitLocker hardware and software requirements? For requirements, see [System requirements](bitlocker-overview.md#system-requirements). > [!NOTE] -> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it cannot be protected by BitLocker. +> Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. ## Why are two partitions required? Why does the system drive have to be so large? -Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive. +Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a partition that is separate from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive. -## Which Trusted Platform Modules (TPMs) does BitLocker support? +## Which trusted platform modules (TPMs) does BitLocker support? -BitLocker supports TPM version 1.2 or higher. BitLocker support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device. +BitLocker supports TPM version 1.2 or higher. BitLocker's support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device. > [!NOTE] -> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature. +> TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature. -> Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](https://docs.microsoft.com/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI. +> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](https://docs.microsoft.com/windows/deployment/mbr-to-gpt) before changing the BIOS mode which prepares the OS and the disk to support UEFI. ## How can I tell if a TPM is on my computer? Beginning with Windows 10, version 1803, you can check TPM status in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. -## Can I use BitLocker on an operating system drive without a TPM? +## Can I use BitLocker on an operating system drive that does not have a TPM? -Yes, you can enable BitLocker on an operating system drive without a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide. +Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker provides. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. ## How do I obtain BIOS support for the TPM on my computer? -Contact the computer manufacturer to request a Trusted Computing Group (TCG)-compliant BIOS or UEFI boot firmware that meets the following requirements: +Contact the computer manufacturer to request a trusted computing group (TCG)-compliant BIOS or UEFI boot firmware that meets the following requirements: - It is compliant with the TCG standards for a client computer. - It has a secure update mechanism to help prevent a malicious BIOS or boot firmware from being installed on the computer. @@ -79,4 +79,4 @@ To turn on, turn off, or change configurations of BitLocker on operating system ## What is the recommended boot order for computers that are going to be BitLocker-protected? -You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.  +You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first in the order and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order prompts you for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.  From 4d837887e0268751ab2db805e3a3da08266bd34f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 9 Sep 2020 15:53:46 +0530 Subject: [PATCH 028/540] Update bitlocker-overview-and-requirements-faq.md --- .../bitlocker-overview-and-requirements-faq.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 13b28c1fb9..eef3b2f226 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -27,19 +27,19 @@ ms.custom: bitlocker **How does BitLocker work with operating system drives** -You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). +You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). For further information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption). **How does BitLocker work with fixed and removable data drives** -You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. +You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-deviceencryption-overview.md). ## Does BitLocker support multifactor authentication? -Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later versions, you can use additional forms of authentication with the TPM protection. +Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later versions, you can use additional forms of authentication with the TPM protection. This includes the use of a password, a PIN, or a removable storage device. ## What are the BitLocker hardware and software requirements? -For requirements, see [System requirements](bitlocker-overview.md#system-requirements). +For requirements, see [System requirements](bitlocker-deviceencryption-overview.md#system-requirements-BitLocker). > [!NOTE] > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. @@ -63,8 +63,12 @@ Beginning with Windows 10, version 1803, you can check TPM status in **Windows D ## Can I use BitLocker on an operating system drive that does not have a TPM? -Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker provides. -To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. +Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, which can be done through the following options: +- If the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment, you can use a removable disk. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. + +- You can use a password or a PIN to unlock the encrypted disk–This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. + +- In addition to the above two options, the volume master key can be encrypted with a password or a PIN so that it can be displayed in a decrypted version when the user keys in the password. ## How do I obtain BIOS support for the TPM on my computer? From 59f6cf679e593b709efa18a603c29e464b1e3166 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Thu, 10 Sep 2020 09:19:33 +0530 Subject: [PATCH 029/540] Reviewed bitlocker-how-to-enable-network-unlock.md (#3745) --- .../bitlocker-how-to-enable-network-unlock.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 5abfa6d063..dc75483d25 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -63,15 +63,15 @@ For Network Unlock to work reliably on computers running Windows 8 and later ver The Network Unlock server component is installed on supported versions of Windows Server 2012 and later as a Windows feature that uses Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement. -Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service needs to be running on the server. +Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service must be running on the server. -The network key is stored on the system drive along with an AES 256 session key, and encrypted with the 2048-bit RSA public key of the unlock server's certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. +The network key is stored on the system drive along with an AES 256 session key and encrypted with the 2048-bit RSA public key of the unlock server's (**should this be "unlocked server's certificate or Unlock server certificate**) certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. ## Network Unlock sequence The unlock sequence starts on the client side when the Windows boot manager detects the existence of Network Unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. -On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet in order to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. +On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. You can also configure the provider with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and distributing the public key certificate to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM). @@ -105,7 +105,7 @@ To install the role using Windows PowerShell, use the following command: Install-WindowsFeature WDS-Deployment ``` -You must configure the WDS server so that it can communicate with DHCP (and optionally AD DS) and the client computer. You can configure using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. +You must configure the WDS server so that it can communicate with DHCP (and optionally AD DS) and the client computer. You can configure using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration wizard. ### Confirm the WDS Service is running @@ -131,13 +131,13 @@ Install-WindowsFeature BitLocker-NetworkUnlock A properly configured Active Directory Services Certification Authority can use this certificate template to create and issue Network Unlock certificates. 1. Open the Certificates Template snap-in (certtmpl.msc). -2. Locate the User template. Right-click the template name and select **Duplicate Template**. +2. Locate the User template, right-click the template name and select **Duplicate Template**. 3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8, respectively. Ensure that the **Show resulting changes** dialog box is selected. -4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the checkbox for the **Publish certificate in Active Directory** option. +4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the check box for the **Publish certificate in Active Directory** option. 5. Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop-down menu. Ensure that the **Allow private key to be exported** option is selected. 6. Select the **Cryptography** tab. Set the **Minimum key size** to 2048. (Any Microsoft cryptographic provider that supports RSA can be used for this template, but for simplicity and forward compatibility, we recommend using **Microsoft Software Key Storage Provider**.) 7. Select the **Requests must use one of the following providers** option and clear all options except for the cryptography provider you selected, such as **Microsoft Software Key Storage Provider**. -8. Select the **Subject Name** tab. Select **Supply in the request**. Select **OK** if the certificate templates pop-up dialog appears. +8. Select the **Subject Name** tab. Select **Supply in the request**. Click **OK** if the certificate templates pop-up dialog appears. 9. Select the **Issuance Requirements** tab. Select both **CA certificate manager approval** and **Valid existing certificate** options. 10. Select the **Extensions** tab. Select **Application Policies** and choose **Edit…**. 11. In the **Edit Application Policies Extension** options dialog box, select **Client Authentication**, **Encrypting File System**, **and Secure Email** and choose **Remove**. @@ -147,10 +147,10 @@ A properly configured Active Directory Services Certification Authority can use - **Name:** **BitLocker Network Unlock** - **Object Identifier:** **1.3.6.1.4.1.311.67.1.1** -14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**. +14. Select the newly created **BitLocker Network Unlock** application policy and click **OK**. 15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog. Select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option. 16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission. -17. Select **OK** to complete configuration of the template. +17. Click **OK** to complete configuration of the template. To add the Network Unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate. @@ -165,7 +165,7 @@ To enroll a certificate from an existing certification authority (CA), do the fo 1. Open Certificate Manager on the WDS server using **certmgr.msc**. 2. Under the Certificates - Current User item, right-click **Personal**. 3. Select **All Tasks**; then select **Request New Certificate** -4. Select **Next** when the Certificate Enrollment wizard opens. +4. Click **Next** when the Certificate Enrollment wizard opens. 5. Select **Active Directory Enrollment Policy**. 6. Choose the certificate template created for Network Unlock on the Domain controller and select **Enroll**. When prompted for more information, add the following attribute to the certificate: @@ -314,7 +314,7 @@ To update the certificates used by Network Unlock, administrators need to import ## Troubleshoot Network Unlock -Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue will be the root cause of the failure. Items to verify include: +Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue can be the root cause of the failure. Items to verify include: - Verify that the client hardware is UEFI-based and is on firmware version 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. - All required roles and services are installed and started. From 1325902eebca15da7ac1364ca872c19144ee8595 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 10 Sep 2020 09:51:38 +0530 Subject: [PATCH 030/540] Update bitlocker-how-to-enable-network-unlock.md --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index dc75483d25..d50ec8b8a7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -65,7 +65,7 @@ The Network Unlock server component is installed on supported versions of Window Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service must be running on the server. -The network key is stored on the system drive along with an AES 256 session key and encrypted with the 2048-bit RSA public key of the unlock server's (**should this be "unlocked server's certificate or Unlock server certificate**) certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. +The network key is stored on the system drive along with an AES 256 session key and encrypted with the 2048-bit RSA public key of the Unlock server certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. ## Network Unlock sequence From a7003de5279a780bd392b6a79c351ebecdc4fcbd Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 10 Sep 2020 13:00:05 +0530 Subject: [PATCH 031/540] Update-bl-rcvy-lpbrk-4457208 --- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index f06b11a197..6d996b7090 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -24,7 +24,7 @@ Sometimes, following a crash, you might be unable to successfully boot into your If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. > [!NOTE] -> Only try these steps after you have restarted your device at least once. +> Try these steps only after you have restarted your device at least once. 1. On the initial recovery screen, don't enter your recovery key. Instead, select **Skip this drive**. From 654145f5313c9e4549c1809af8b61ab2f6eaeb33 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 10 Sep 2020 16:17:49 +0530 Subject: [PATCH 032/540] Update bl-rcvpwdvw-4457208 --- .../bitlocker-use-bitlocker-recovery-password-viewer.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 1bc4358ba0..1ac97c6ce1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -23,7 +23,7 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. +This topic describes how to use the BitLocker Recovery Password Viewer. The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. You can also search for a password by password identifier (ID). @@ -33,7 +33,7 @@ To complete the procedures in this scenario: - You must have domain administrator credentials. - Your test computers must be joined to the domain. -- On the test computers, BitLocker must have been turned on after joining the domain. +- On the domain-joined test computers, BitLocker must have been turned on. The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer. From b55cfce226423c26399879e637f70429b818d08a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 10 Sep 2020 17:19:05 +0530 Subject: [PATCH 033/540] Update bitlocker-group-policy-settings.md --- .../bitlocker/bitlocker-group-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 2d79a22931..2cf771d7d9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -344,7 +344,7 @@ This policy setting is used to set a minimum PIN length when you use an unlock m - + @@ -427,7 +427,7 @@ This policy setting allows you to configure whether standard users are allowed t - + From 8179cd4746b48cb2bdd803736d040c9024d05030 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Fri, 11 Sep 2020 15:20:53 +0530 Subject: [PATCH 034/540] Reviewed bitlocker-network-unlock-faq.md (#3769) Made minor change --- .../bitlocker/bitlocker-network-unlock-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index 863edab626..a66f7b9ec9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -22,7 +22,7 @@ ms.custom: bitlocker **Applies to** - Windows 10 -BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer that is connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method. +BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method. To use Network Unlock, you must also have a PIN configured for your computer. When your computer is not connected to the network, you will need to provide the PIN to unlock it. From 2c8dcf81f0ed4cf8cbb7ddee524adade05e03203 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 23 Sep 2020 19:54:34 +0530 Subject: [PATCH 035/540] Update ts-bitlocker-cannot-encrypt-issues.md --- .../ts-bitlocker-cannot-encrypt-issues.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index 03b1c67188..8bebf9546b 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -18,20 +18,20 @@ ms.custom: bitlocker # BitLocker cannot encrypt a drive: known issues -This article describes common issues that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. +This article describes common issues that prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. > [!NOTE] -> If you have determined that your BitLocker issue involves the Trusted Platform Module (TPM), see [BitLocker cannot encrypt a drive: known TPM issues](ts-bitlocker-cannot-encrypt-tpm-issues.md). +> If you have determined that your BitLocker issue involves the trusted platform module (TPM), see [BitLocker cannot encrypt a drive: known TPM issues](ts-bitlocker-cannot-encrypt-tpm-issues.md). -## Error 0x80310059: BitLocker Drive Encryption is already performing an operation on this drive +## Error 0x80310059: BitLocker drive encryption is already performing an operation on this drive -When you turn on BitLocker Drive Encryption on a computer that is running Windows 10 Professional, you receive a message that resembles the following: +When you turn on BitLocker drive encryption on a computer that is running Windows 10 Professional, you receive a message that resembles the following: > **ERROR:** An error occurred (code 0x80310059):BitLocker Drive Encryption is already performing an operation on this drive. Please complete all operations before continuing.NOTE: If the -on switch has failed to add key protectors or start encryption,you may need to call manage-bde -off before attempting -on again. ### Cause -This issue may be caused by settings that are controlled by Group Policy Objects (GPOs). +This issue may be caused by settings that are controlled by group policy objects (GPOs). ### Resolution @@ -40,7 +40,7 @@ This issue may be caused by settings that are controlled by Group Policy Objects To resolve this issue, follow these steps: -1. Start Registry Editor, and navigate to the following subkey: +1. Start registry editor, and navigate to the following subkey: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE** 1. Delete the following entries: @@ -48,7 +48,7 @@ To resolve this issue, follow these steps: - **OSPlatformValidation\_UEFI** - **PlatformValidation** -1. Exit Registry Editor, and turn on BitLocker Drive Encryption again. +1. Exit registry editor, and turn on BitLocker drive encryption again. ## "Access is denied" message when you try to encrypt removable drives @@ -64,7 +64,7 @@ You receive this message on any computer that runs Windows 10 version 1709 or ve ### Cause -The security descriptor of the BitLocker Drive Encryption service (BDESvc) has an incorrect entry. Instead of NT AUTHORITY\Authenticated Users, the security descriptor uses NT AUTHORITY\INTERACTIVE. +The security descriptor of the BitLocker drive encryption service (BDESvc) has an incorrect entry. Instead of NT AUTHORITY\Authenticated Users, the security descriptor uses NT AUTHORITY\INTERACTIVE. To verify that this issue has occurred, follow these steps: @@ -84,7 +84,7 @@ To verify that this issue has occurred, follow these steps: ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\INTERACTIVE](./images/ts-bitlocker-usb-sddl.png) - If you see NT AUTHORITY\INTERACTIVE (as highlighted), in the output of this command, this is the cause of the issue. Under typical conditions, the output should resemble the following: + If you see NT AUTHORITY\INTERACTIVE (as highlighted) in the output of this command, this is the cause of the issue. Under typical conditions, the output should resemble the following: ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\Authenticated Users](./images/ts-bitlocker-usb-default-sddl.png) From f0d0dd71a9b87b60afad96a4051dee187a34657f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 11:31:06 +0530 Subject: [PATCH 036/540] Update ts-bitlocker-cannot-encrypt-tpm-issues.md --- .../ts-bitlocker-cannot-encrypt-tpm-issues.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index c112d898f7..93e95c46e6 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -19,14 +19,14 @@ ms.custom: bitlocker # BitLocker cannot encrypt a drive: known TPM issues -This article describes common issues that affect the Trusted Platform Module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. +This article describes common issues that affect the trusted platform module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. > [!NOTE] > If you have determined that your BitLocker issue does not involve the TPM, see [BitLocker cannot encrypt a drive: known issues](ts-bitlocker-cannot-encrypt-issues.md). ## The TPM is locked and you see "The TPM is defending against dictionary attacks and is in a time-out period" -When you turn on BitLocker Drive Encryption, it does not start. Instead, you receive a message that resembles "The TPM is defending against dictionary attacks and is in a time-out period." +When you turn on BitLocker drive encryption, it does not start. Instead, you receive a message that resembles "The TPM is defending against dictionary attacks and is in a time-out period." ### Cause @@ -42,12 +42,12 @@ To resolve this issue, follow these steps: $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} ``` -1. Restart the computer. If you are prompted at the restart screen, press F12 to agree. -1. Try again to start BitLocker Drive Encryption. +2. Restart the computer. If you are prompted at the restart screen, press F12 to agree. +3. Retry starting BitLocker drive encryption. ## You cannot prepare the TPM, and you see "The TPM is defending against dictionary attacks and is in a time-out period" -You cannot turn on BitLocker Drive Encryption on a device. You use the TPM management console (tpm.msc) to prepare the TPM on a device. The operation fails and you receive a message that resembles "The TPM is defending against dictionary attacks and is in a time-out period." +You cannot turn on BitLocker drive encryption on a device. You use the TPM management console (tpm.msc) to prepare the TPM on a device. The operation fails and you receive a message that resembles "The TPM is defending against dictionary attacks and is in a time-out period." ### Cause @@ -58,11 +58,11 @@ The TPM is locked out. To resolve this issue, disable and re-enable the TPM. To do this, follow these steps: 1. Restart the device, and change the BIOS configuration to disable the TPM. -1. Restart the device again, and return to the TPM management console. You should receive a message that resembles the following: +2. Restart the device again, and return to the TPM management console. You should receive a message that resembles the following: > Compatible Trusted Platform Module (TPM) cannot be found on this computer. Verify that this computer has 1.2 TPM and it is turned on in the BIOS. -1. Restart the device, and change the BIOS configuration to enable the TPM. -1. Restart the device, and return to the TPM management console. +3. Restart the device, and change the BIOS configuration to enable the TPM. +4. Restart the device, and return to the TPM management console. If you still cannot prepare the TPM, clear the existing TPM keys. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](https://docs.microsoft.com/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm). @@ -71,11 +71,11 @@ If you still cannot prepare the TPM, clear the existing TPM keys. To do this, fo ## Access Denied: Failed to backup TPM Owner Authorization information to Active Directory Domain Services. Errorcode: 0x80070005 -You have an environment that enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. You try to turn on BitLocker Drive Encryption on a computer that runs Windows 7, but the operation fails. You receive a message that resembles "Access Denied" or "Insufficient Rights." +You have an environment that enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. You try to turn on BitLocker drive encryption on a computer that runs Windows 7, but the operation fails. You receive a message that resembles "Access Denied" or "Insufficient Rights." ### Cause -The TPM did not have sufficient permissions on the TPM Devices container in Active Directory Domain Services (AD DS). Therefore, the BitLocker recovery information could not be backed up to AD DS, and BitLocker Drive Encryption could not run. +The TPM did not have sufficient permissions on the TPM devices container in Active Directory Domain Services (AD DS). Therefore, the BitLocker recovery information could not be backed up to AD DS, and BitLocker drive encryption could not run. This issue appears to be limited to computers that run versions of Windows that are earlier than Windows 10. @@ -83,7 +83,7 @@ This issue appears to be limited to computers that run versions of Windows that To verify that you have correctly identified this issue, use one of the following methods: -- Disable the policy or remove the computer from the domain. Then try to turn on BitLocker Drive Encryption again. The operation should now succeed. +- Disable the policy or remove the computer from the domain. Then try to turn on BitLocker drive encryption again. The operation should now succeed. - Use LDAP and network trace tools to examine the LDAP exchanges between the client and the AD DS domain controller to identify the cause of the "Access Denied" or "Insufficient Rights" error. In this case, you should see the error when the client tries to access its object in the "CN=TPM Devices,DC=\<*domain*>,DC=com" container. 1. To review the TPM information for the affected computer, open an elevated Windows PowerShell window and run the following command: @@ -98,9 +98,9 @@ To verify that you have correctly identified this issue, use one of the followin ## Cannot prepare the TPM, error 0x80072030: "There is no such object on the server" -Your domain controllers were upgraded from Windows Server 2008 R2to Windows Server 2012 R2. A Group Policy Object (GPO) enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. +Your domain controllers were upgraded from Windows Server 2008 R2 to Windows Server 2012 R2. A group policy object (GPO) enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. -You cannot turn on BitLocker Drive Encryption on a device. You use the TPM management console (tpm.msc) to prepare the TPM on a device. The operation fails and you see a message that resembles the following: +You cannot turn on BitLocker drive encryption on a device. You use the TPM management console (tpm.msc) to prepare the TPM on a device. The operation fails and you see a message that resembles the following: > 0x80072030 There is no such object on the server when a policy to back up TPM information to active directory is enabled From 9864d7efd7360f9182243bceac6b7be674d24c67 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 12:25:44 +0530 Subject: [PATCH 037/540] Update ts-bitlocker-config-issues.md --- .../bitlocker/ts-bitlocker-config-issues.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index e3c4f3f6d4..af153f4d11 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -18,13 +18,13 @@ ms.custom: bitlocker # BitLocker configuration: known issues -This article describes common issues that affect your BitLocker configuration and BitLocker's general functionality. This article also provides guidance to address these issues. +This article describes common issues that affect your BitLocker's configuration and general functionality. This article also provides guidance to address these issues. ## BitLocker encryption is slower in Windows 10 -In both Windows 10 and Windows 7, BitLocker runs in the background to encrypt drives. However, in Windows 10, BitLocker is less aggressive about requesting resources. This behavior reduces the chance that BitLocker will affect the computer's performance. +In both Windows 10 and Windows 7, BitLocker runs in the background to encrypt drives. However, in Windows 10, BitLocker is less aggressive about requesting resources. This behavior reduces the chance of BitLocker affecting the computer's performance. -To compensate for these changes, BitLocker uses a new conversion model. This model, (referred to as Encrypt-On-Write), makes sure that any new disk writes on all client SKUs and any internal drives are always encrypted *as soon as you turn on BitLocker*. +To compensate for these changes, BitLocker uses a new conversion model. This model, (referred to as Encrypt-On-Write), makes sure that any new disk writes on all client SKUs and that any internal drives are always encrypted *as soon as you turn on BitLocker*. > [!IMPORTANT] > To preserve backward compatibility, BitLocker uses the previous conversion model to encrypt removable drives. @@ -41,7 +41,7 @@ After Windows 7 was released, several other areas of BitLocker were improved: - **New encryption algorithm, XTS-AES**. The new algorithm provides additional protection from a class of attacks on encrypted data that rely on manipulating cipher text to cause predictable changes in plain text. - By default, this algorithm complies with the Federal Information Processing Standards (FIPS). FIPS are United States Government standards that provide a benchmark for implementing cryptographic software. + By default, this algorithm complies with the Federal Information Processing Standards (FIPS). FIPS is a United States Government standard that provides a benchmark for implementing cryptographic software. - **Improved administration features**. You can manage BitLocker on PCs or other devices by using the following interfaces: - BitLocker Wizard @@ -57,7 +57,7 @@ After Windows 7 was released, several other areas of BitLocker were improved: - **[BitLocker Network Unlock](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock)**. If your BitLocker-enabled desktop or server computer is connected to a wired corporate network in a domain environment, you can automatically unlock its operating system volume during a system restart. -- **Support for [Encrypted Hard Drives](https://docs.microsoft.com/windows/security/information-protection/encrypted-hard-drive)**. Encrypted Hard Drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. By taking on that workload, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. +- **Support for [Encrypted Hard Drives](https://docs.microsoft.com/windows/security/information-protection/encrypted-hard-drive)**. Encrypted hard drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. By taking on that workload, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. - **Support for classes of HDD/SSD hybrid disks**. BitLocker can encrypt a disk that uses a small SSD as a non-volatile cache in front of the HDD, such as Intel Rapid Storage Technology. @@ -90,12 +90,12 @@ This issue occurs regardless of any of the following variations in the environme - Whether the VMs are generation 1 or generation 2. - Whether the guest operating system is Windows Server 2019, 2016 or 2012 R2. -In the domain controller Application log, the VSS event source records event ID 8229: +In the domain controller application log, the VSS event source records event ID 8229: > ID: 8229 > Level: Warning > ‎Source: VSS -> Message: A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error. If the backup process is retried, the error is likely to reoccur. +> Message: A VSS writer has rejected an event with error 0x800423f4. The writer experienced a non-transient error. If the backup process is retried, the error is likely to reoccur. > > Changes that the writer made to the writer components while handling the event will not be available to the requester. > From 30c0c15ff56689ca8ebf030116472141ba4d5c69 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 12:58:01 +0530 Subject: [PATCH 038/540] Update ts-bitlocker-decode-measured-boot-logs.md --- .../ts-bitlocker-decode-measured-boot-logs.md | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index 3e2cdad741..61a705e835 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -16,25 +16,25 @@ ms.date: 10/17/2019 ms.custom: bitlocker --- -# Decode Measured Boot logs to track PCR changes +# Decode measured boot logs to track PCR changes -Platform Configuration Registers (PCRs) are memory locations in the Trusted Platform Module (TPM). BitLocker and its related technologies depend on specific PCR configurations. Additionally, specific change in PCRs can cause a device or computer to enter BitLocker recovery mode. +Platform configuration registers (PCRs) are memory locations in the trusted platform module (TPM). BitLocker and its related technologies depend on specific PCR configurations. Additionally, specific changes in PCRs can cause a device or computer to enter BitLocker recovery mode. -By tracking changes in the PCRs, and identifying when they changed, you can gain insight into issues that occur or learn why a device or computer entered BitLocker recovery mode. The Measured Boot logs record PCR changes and other information. These logs are located in the C:\\Windows\\Logs\\MeasuredBoot\\ folder. +By tracking changes in the PCRs, and identifying when they changed, you can gain insight into issues that occur or can learn why a device or computer entered BitLocker recovery mode. The measured boot logs record PCR changes and other information. These logs are located in the C:\\Windows\\Logs\\MeasuredBoot\\ folder. This article describes tools that you can use to decode these logs: TBSLogGenerator and PCPTool. -For more information about Measured Boot and PCRs, see the following articles: +For more information about measured boot and PCRs, see the following articles: - [TPM fundamentals: Measured Boot with support for attestation](https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-fundamentals#measured-boot-with-support-for-attestation) - [Understanding PCR banks on TPM 2.0 devices](https://docs.microsoft.com/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices) -## Use TBSLogGenerator to decode Measured Boot logs +## Use TBSLogGenerator to decode measured boot logs -Use TBSLogGenerator to decode Measured Boot logs that you have collected from Windows 10 and earlier versions. You can install this tool on the following systems: +Use TBSLogGenerator to decode measured boot logs that you have collected from Windows 10 and earlier versions. You can install this tool on the following systems: - A computer that is running Windows Server 2016 and that has a TPM enabled -- A Gen 2 virtual machine (running on Hyper-V) that is running Windows Server 2016 (you can use the virtual TPM) +- A gen-2 virtual machine (running on Hyper-V) that is running Windows Server 2016 (you can use the virtual TPM) To install the tool, follow these steps: @@ -43,15 +43,15 @@ To install the tool, follow these steps: - [Windows Hardware Lab Kit](https://docs.microsoft.com/windows-hardware/test/hlk/) - Direct download link for Windows Server 2016: [Windows HLK, version 1607](https://go.microsoft.com/fwlink/p/?LinkID=404112) -1. Accept the default installation path. +2. Accept the default installation path. ![Specify Location page of the Windows Hardware Lab Kit installation wizard](./images/ts-tpm-1.png) -1. Under **Select the features you want to install**, select **Windows Hardware Lab Kit—Controller + Studio**. +3. Under **Select the features you want to install**, select **Windows Hardware Lab Kit—Controller + Studio**. ![Select features page of the Windows Hardware Lab Kit installation wizard](./images/ts-tpm-2.png) -1. Finish the installation. +4. Finish the installation. To use TBSLogGenerator, follow these steps: @@ -67,12 +67,12 @@ To use TBSLogGenerator, follow these steps: TBSLogGenerator.exe -LF \.log > \.txt ``` where the variables represent the following values: - - \<*LogFolderName*> = the name of the folder that contains the file to be decoded - - \<*LogFileName*> = the name of the file to be decoded - - \<*DestinationFolderName*> = the name of the folder for the decoded text file - - \<*DecodedFileName*> = the name of the decoded text file + - \<*LogFolderName*> = The name of the folder that contains the file to be decoded + - \<*LogFileName*> = The name of the file to be decoded + - \<*DestinationFolderName*> = The name of the folder for the decoded text file + - \<*DecodedFileName*> = The name of the decoded text file - For example, the following figure shows Measured Boot logs that were collected from a Windows 10 computer and put into the C:\\MeasuredBoot\\ folder. The figure also shows a Command Prompt window and the command to decode the **0000000005-0000000000.log** file: + For example, the following figure shows measured boot logs that were collected from a Windows 10 computer and put into the C:\\MeasuredBoot\\ folder. The figure also shows a Command Prompt window and the command to decode the **0000000005-0000000000.log** file: ```cmd TBSLogGenerator.exe -LF C:\MeasuredBoot\0000000005-0000000000.log > C:\MeasuredBoot\0000000005-0000000000.txt @@ -92,9 +92,9 @@ To find the PCR information, go to the end of the file. ![View of NotePad that shows the PCR information at the end of the text file](./images/ts-tpm-7.png) -## Use PCPTool to decode Measured Boot logs +## Use PCPTool to decode measured boot logs -PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file. +PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a measured boot log file and converts it into an XML file. To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions. @@ -104,10 +104,10 @@ PCPTool.exe decodelog \.log > = the path to the folder that contains the file to be decoded -- \<*LogFileName*> = the name of the file to be decoded -- \<*DestinationFolderName*> = the name of the folder for the decoded text file -- \<*DecodedFileName*> = the name of the decoded text file +- \<*LogFolderPath*> = The path to the folder that contains the file to be decoded +- \<*LogFileName*> = The name of the file to be decoded +- \<*DestinationFolderName*> = The name of the folder for the decoded text file +- \<*DecodedFileName*> = The name of the decoded text file The content of the XML file resembles the following. From 78f2669a0ea26c1355f904132484eff0d749a44a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 16:00:21 +0530 Subject: [PATCH 039/540] Update ts-bitlocker-intune-issues.md --- .../bitlocker/ts-bitlocker-intune-issues.md | 89 ++++++++++--------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index 895c4eec13..8c24276e8f 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -37,7 +37,7 @@ If you do not have a clear trail of events or error messages to follow, other ar - [Review the hardware requirements for using Intune to manage BitLocker on devices](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-bitlocker#bitlocker-automatic-device-encryption-hardware-requirements) - [Review your BitLocker policy configuration](#policy) -For information about how to verify that Intune policies are enforcing BitLocker correctly, see [Verifying that BitLocker is operating correctly](#verifying-that-bitlocker-is-operating-correctly). +For information about the procedure to verify whether Intune policies are enforcing BitLocker correctly, see [Verifying that BitLocker is operating correctly](#verifying-that-bitlocker-is-operating-correctly). ## Event ID 853: Error: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer @@ -47,7 +47,7 @@ Event ID 853 can carry different error messages, depending on the context. In th ### Cause -The device that you are trying to secure may not have a TPM chip, or the device BIOS might be configured to disable the TPM. +The device that you are trying to secure may not have a TPM chip, or the device BIOS might have been configured to disable the TPM. ### Resolution @@ -68,9 +68,9 @@ In this case, you see event ID 853, and the error message in the event indicates ### Cause -During the provisioning process, BitLocker Drive Encryption records the configuration of the device to establish a baseline. If the device configuration changes later (for example, if you remove the media), BitLocker recovery mode automatically starts. +During the provisioning process, BitLocker drive encryption records the configuration of the device to establish a baseline. If the device configuration changes later (for example, if you remove the media), BitLocker recovery mode automatically starts. -To avoid this situation, the provisioning process stops if it detects removable bootable media. +To avoid this situation, the provisioning process stops if it detects a removable bootable media. ### Resolution @@ -88,7 +88,7 @@ The event information resembles the following: Windows Recovery Environment (WinRE) is a minimal Windows operating system that is based on Windows Preinstallation Environment (Windows PE). WinRE includes several tools that an administrator can use to recover or reset Windows and diagnose Windows issues. If a device cannot start the regular Windows operating system, the device tries to start WinRE. -The provisioning process enables BitLocker Drive Encryption on the operating system drive during the Windows PE phase of provisioning. This action makes sure that the drive is protected before the full operating system is installed. The provisioning process also creates a system partition for WinRE to use if the system crashes. +The provisioning process enables BitLocker drive encryption on the operating system drive during the Windows PE phase of provisioning. This action makes sure that the drive is protected before the full operating system is installed. The provisioning process also creates a system partition for WinRE to use if the system crashes. If WinRE is not available on the device, provisioning stops. @@ -98,11 +98,11 @@ You can resolve this issue by verifying the configuration of the disk partitions #### Step 1: Verify the configuration of the disk partitions -The procedures described in this section depend on the default disk partitions that Windows configures during installation. Windows 10 automatically creates a recovery partition that contains the Winre.wim file. The partition configuration resembles the following. +The procedures described in this section depend on the default disk partitions that Windows configures during installation. Windows 10 automatically creates a recovery partition that contains the Winre.wim file. The partition configuration resembles the following: ![Default disk partitions, including the recovery partition](./images/4509194-en-1.png) -To verify the configuration of the disk partitions, open an elevated Command Prompt window, and run the following commands: +To verify the configuration of the disk partitions, open an elevated Command Prompt window and run the following commands: ``` diskpart @@ -110,7 +110,7 @@ list volume ``` ![Output of the list volume command in the Diskpart app](./images/4509195-en-1.png) -If the status of any of the volumes is not healthy or if the recovery partition is missing, you may have to reinstall Windows. Before you do this, check the configuration of the Windows image that you are using for provisioning. Make sure that the image uses the correct disk configuration. The image configuration should resemble the following (this example is from Microsoft Endpoint Configuration Manager). +If the status of any of the volumes is not healthy or if the recovery partition is missing, you may have to reinstall Windows. Before you do this, check the configuration of the Windows image that you are using for provisioning. Make sure that the image uses the correct disk configuration. The image configuration should resemble the following (this example is from Microsoft Endpoint Configuration Manager): ![Windows image configuration in Microsoft Endpoint Configuration Manager](./images/configmgr-imageconfig.jpg) @@ -121,7 +121,7 @@ To verify the status of WinRE on the device, open an elevated Command Prompt win ```cmd reagentc /info ``` -The output of this command resembles the following. +The output of this command resembles the following: ![Output of the reagentc /info command](./images/4509193-en-1.png) @@ -133,13 +133,13 @@ reagentc /enable #### Step 3: Verify the Windows Boot Loader configuration -If the partition status is healthy, but the **reagentc /enable** command results in an error, verify that Windows Boot Loader contains the recovery sequence GUID. To do this, run the following command in an elevated Command Prompt window: +If the partition status is healthy, but the **reagentc /enable** command results in an error, verify whether the Windows Boot Loader contains the recovery sequence GUID. To do this, run the following command in an elevated Command Prompt window: ```cmd bcdedit /enum all ``` -The output of this command resembles the following. +The output of this command resembles the following: ![Output of the bcdedit /enum all command](./images/4509196-en-1.png) @@ -155,18 +155,18 @@ The event information resembles the following: ### Cause -The device must have Unified Extensible Firmware Interface (UEFI) BIOS. Silent BitLocker Drive Encryption does not support legacy BIOS. +The device must have Unified Extensible Firmware Interface (UEFI) BIOS. Silent BitLocker drive encryption does not support legacy BIOS. ### Resolution -To verify the BIOS mode, use the System Information app. To do this, follow these steps: +To verify the BIOS mode, use the System Information application. To do this, follow these steps: 1. Select **Start**, and enter **msinfo32** in the **Search** box. -1. Verify that the **BIOS Mode** setting is **UEFI** and not **Legacy**. +2. Verify that the **BIOS Mode** setting is **UEFI** and not **Legacy**. ![System Information app, showing the BIOS Mode setting](./images/4509198-en-1.png) -1. If the **BIOS Mode** setting is **Legacy**, you have to switch the BIOS into **UEFI** or **EFI** mode. The steps for doing this are specific to the device. +3. If the **BIOS Mode** setting is **Legacy**, you have to switch the BIOS into **UEFI** or **EFI** mode. The steps for doing this are specific to the device. > [!NOTE] - > If the device supports only Legacy mode, you cannot use Intune to manage BitLocker Device Encryption on the device. + > If the device supports only Legacy mode, you cannot use Intune to manage BitLocker device encryption on the device. ## Error message: The UEFI variable 'SecureBoot' could not be read @@ -176,11 +176,11 @@ You receive an error message that resembles the following: ### Cause -A Platform Configuration Register (PCR) is a memory location in the TPM. In particular, PCR 7 measures the state of Secure Boot. Silent BitLocker Drive Encryption requires that Secure Boot is turned on. +A platform configuration register (PCR) is a memory location in the TPM. In particular, PCR 7 measures the state of secure boot. Silent BitLocker drive encryption requires the secure boot to be turned on. ### Resolution -You can resolve this issue by verifying the PCR validation profile of the TPM and the Secure Boot state. To do this, follow these steps: +You can resolve this issue by verifying the PCR validation profile of the TPM and the secure boot state. To do this, follow these steps: #### Step 1: Verify the PCR validation profile of the TPM @@ -190,40 +190,41 @@ To verify that PCR 7 is in use, open an elevated Command Prompt window and run t Manage-bde -protectors -get %systemdrive% ``` -In the TPM section of the output of this command, verify that the **PCR Validation Profile** setting includes **7**, as follows. +In the TPM section of the output of this command, verify whether the **PCR Validation Profile** setting includes **7**, as follows: ![Output of the manage-bde command](./images/4509199-en-1.png) -If **PCR Validation Profile** doesn't include **7** (for example, the values include **0**, **2**, **4**, and **11**, but not **7**), then Secure Boot is not turned on. +If **PCR Validation Profile** doesn't include **7** (for example, the values include **0**, **2**, **4**, and **11**, but not **7**), then secure boot is not turned on. ![Output of the manage-bde command when PCR 7 is not present](./images/4509200-en-1.png) -#### 2. Verify the Secure Boot state +#### 2. Verify the secure boot state -To verify the Secure Boot state, use the System Information app. To do this, follow these steps: +To verify the secure boot state, use the System Information application. To do this, follow these steps: 1. Select **Start**, and enter **msinfo32** in the **Search** box. -1. Verify that the **Secure Boot State** setting is **On**, as follows: +2. Verify that the **Secure Boot State** setting is **On**, as follows: ![System Information app, showing a supported Secure Boot State](./images/4509201-en-1.png) -1. If the **Secure Boot State** setting is **Unsupported**, you cannot use Silent BitLocker Encryption on this device. +> [!NOTE] +> If the **Secure Boot State** setting is **Unsupported**, you cannot use Silent BitLocker encryption on this device. ![System Information app, showing a unsupported Secure Boot State](./images/4509202-en-1.png) > [!NOTE] -> You can also use the [Confirm-SecureBootUEFI](https://docs.microsoft.com/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps) cmdlet to verify the Secure Boot state. To do this, open an elevated PowerShell window and run the following command: +> You can also use the [Confirm-SecureBootUEFI](https://docs.microsoft.com/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps) cmdlet to verify the secure boot state. To do this, open an elevated PowerShell window and run the following command: > ```ps > PS C:\> Confirm-SecureBootUEFI > ``` -> If the computer supports Secure Boot and Secure Boot is enabled, this cmdlet returns "True." +> If the computer supports secure boot and secure boot is enabled, this cmdlet returns "True." > -> If the computer supports Secure Boot and Secure Boot is disabled, this cmdlet returns "False." +> If the computer supports secure boot and secure boot is disabled, this cmdlet returns "False." > > If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, this cmdlet returns "Cmdlet not supported on this platform." ## Event ID 846, 778, and 851: Error 0x80072f9a -In this case, you are deploying Intune policy to encrypt a Windows 10, version 1809 device and store the recovery password in Azure Active Directory (Azure AD). As part of the policy configuration, you have selected the **Allow standard users to enable encryption during Azure AD Join** option. +In this case, you are deploying Intune policy to encrypt a Windows 10, version 1809, device and store the recovery password in Azure Active Directory (Azure AD). As part of the policy configuration, you have selected the **Allow standard users to enable encryption during Azure AD Join** option. -The policy deployment fails and generates the following events (visible in Event Viewer in the **Applications and Services Logs\\Microsoft\\Windows\\BitLocker API** folder): +The policy deployment fails and the failure generates the following events (visible in Event Viewer in the **Applications and Services Logs\\Microsoft\\Windows\\BitLocker API** folder): > Event ID:846 > @@ -250,13 +251,13 @@ These events refer to Error code 0x80072f9a. These events indicate that the signed-in user does not have permission to read the private key on the certificate that is generated as part of the provisioning and enrollment process. Therefore, the BitLocker MDM policy refresh fails. -The issue affects Windows 10 version 1809. +The issue affects Windows 10, version 1809. ### Resolution To resolve this issue, install the [May 21, 2019](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934) update. -## Error message: There are conflicting Group Policy settings for recovery options on operating system drives +## Error message: There are conflicting group policy settings for recovery options on operating system drives You receive a message that resembles the following: @@ -264,13 +265,13 @@ You receive a message that resembles the following: ### Resolution -To resolve this issue, review your Group Policy Object (GPO) settings for conflicts. For further guidance, see the next section, [Review your BitLocker policy configuration](#policy). +To resolve this issue, review your group policy object (GPO) settings for conflicts. For further guidance, see the next section, [Review your BitLocker policy configuration](#policy). For more information about GPOs and BitLocker, see [BitLocker Group Policy Reference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/ee706521(v=ws.10)?redirectedfrom=MSDN). ## Review your BitLocker policy configuration -For information about how to use policy together with BitLocker and Intune, see the following resources: +For information about the procedure to use policy together with BitLocker and Intune, see the following resources: - [BitLocker management for enterprises: Managing devices joined to Azure Active Directory](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises#managing-devices-joined-to-azure-active-directory) - [BitLocker Group Policy Reference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/ee706521(v=ws.10)?redirectedfrom=MSDN) @@ -282,13 +283,13 @@ For information about how to use policy together with BitLocker and Intune, see Intune offers the following enforcement types for BitLocker: -- **Automatic** (Enforced when the device joins Azure AD during the provisioning process. This option is available in Windows 10 version 1703 and later.) -- **Silent** (Endpoint protection policy. This option is available in Windows 10 version 1803 and later.) -- **Interactive** (Endpoint policy for Windows versions that are older than Windows 10 version 1803.) +- **Automatic** (Enforced when the device joins Azure AD during the provisioning process. This option is available in Windows 10, version 1703, and later versions.) +- **Silent** (Endpoint protection policy. This option is available in Windows 10, version 1803, and later versions.) +- **Interactive** (Endpoint policy for Windows versions that are older than Windows 10, version 1803.) -If your device runs Windows 10 version 1703 or later, supports Modern Standby (also known as Instant Go) and is HSTI-compliant, joining the device to Azure AD triggers automatic device encryption. A separate endpoint protection policy is not required to enforce device encryption. +If your device runs Windows 10, version 1703, or later versions; supports Modern Standby (also known as Instant Go); and is HSTI-compliant, joining the device to Azure AD triggers an automatic device encryption. A separate endpoint protection policy is not required to enforce device encryption. -If your device is HSTI-compliant but does not support Modern Standby, you have to configure an endpoint protection policy to enforce silent BitLocker Drive Encryption. The settings for this policy should resemble the following: +If your device is HSTI-compliant but does not support Modern Standby, you have to configure an endpoint protection policy to enforce silent BitLocker drive encryption. The settings for this policy should resemble the following: ![Intune policy settings](./images/4509186-en-1.png) @@ -303,18 +304,18 @@ The OMA-URI references for these settings are as follows: Value: **0** (0 = Blocked, 1 = Allowed) > [!NOTE] -> Because of an update to the BitLocker Policy CSP, if the device uses Windows 10 version 1809 or later, you can use an endpoint protection policy to enforce silent BitLocker Device Encryption even if the device is not HSTI-compliant. +> Because of an update to the BitLocker Policy CSP, if the device uses Windows 10, version 1809, or later versions, you can use an endpoint protection policy to enforce silent BitLocker device encryption even if the device is not HSTI-compliant. > [!NOTE] -> If the **Warning for other disk encryption** setting is set to **Not configured**, you have to manually start the BitLocker Drive Encryption wizard. +> If the **Warning for other disk encryption** setting is set to **Not configured**, you have to manually start the BitLocker drive encryption wizard. -If the device does not support Modern Standby but is HSTI-compliant, and it uses a version of Windows that is earlier than Windows 10, version 1803, an endpoint protection policy that has the settings that are described in this article delivers the policy configuration to the device. However, Windows then notifies the user to manually enable BitLocker Drive Encryption. To do this, the user selects the notification. This action starts the BitLocker Drive Encryption wizard. +If the device does not support Modern Standby but is HSTI-compliant, and it uses a version of Windows that is earlier than Windows 10, version 1803, an endpoint protection policy that has the settings that are described in this article delivers the policy configuration to the device. However, Windows then notifies the user to manually enable BitLocker drive encryption. To do this, the user selects the notification. This action launches the BitLocker drive encryption wizard. The Intune 1901 release provides settings that you can use to configure automatic device encryption for Autopilot devices for standard users. Each device must meet the following requirements: - Be HSTI-compliant - Support Modern Standby -- Use Windows 10 version 1803 or later +- Use Windows 10, version 1803, or later versions ![Intune policy setting](./images/4509188-en-1.png) @@ -325,11 +326,11 @@ The OMA-URI references for these settings are as follows: Value: **1** > [!NOTE] -> This node works together with the **RequireDeviceEncryption** and **AllowWarningForOtherDiskEncryption** nodes. For this reason, when you set **RequireDeviceEncryption** to **1**, **AllowStandardUserEncryption** to **1**, and **AllowWarningForOtherDiskEncryption** to **0**. Intune can enforce silent BitLocker encryption for Autopilot devices that have standard user profiles. +> This node works together with the **RequireDeviceEncryption** and **AllowWarningForOtherDiskEncryption** nodes. For this reason, when you set **RequireDeviceEncryption** to **1**, **AllowStandardUserEncryption** to **1**, and **AllowWarningForOtherDiskEncryption** to **0**, Intune enforces silent BitLocker encryption for Autopilot devices that have standard user profiles. ## Verifying that BitLocker is operating correctly -During regular operations, BitLocker Drive Encryption generates events such as Event ID 796 and Event ID 845. +During regular operations, BitLocker drive encryption generates events such as Event ID 796 and Event ID 845. ![Event ID 796, as shown in Event Viewer](./images/4509203-en-1.png) From fdbc304e6491fd28919ebcdbf618523fb382bcdb Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 17:16:50 +0530 Subject: [PATCH 040/540] Update ts-bitlocker-network-unlock-issues.md --- .../ts-bitlocker-network-unlock-issues.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index b5882849d0..1751050bc3 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -18,20 +18,20 @@ ms.custom: bitlocker # BitLocker Network Unlock: known issues -By using the BitLocker Network Unlock feature, you can manage computers remotely without having to enter a BitLocker PIN when each computer starts up. To do this, You have to configure your environment to meet the following requirements: +By using the BitLocker network unlock feature, you can manage computers remotely without having to enter a BitLocker PIN when each computer starts up. To do this, you have to configure your environment to meet the following requirements: - Each computer belongs to a domain - Each computer has a wired connection to the corporate network - The corporate network uses DHCP to manage IP addresses - Each computer has a DHCP driver implemented in its Unified Extensible Firmware Interface (UEFI) firmware -For general guidelines about how to troubleshoot Network Unlock, see [How to enable Network Unlock: Troubleshoot Network Unlock](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock#troubleshoot-network-unlock). +For general guidelines about the procedure to troubleshoot network unlock, see [How to enable Network Unlock: Troubleshoot Network Unlock](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock#troubleshoot-network-unlock). -This article describes several known issues that you may encounter when you use Network Unlock, and provides guidance to address these issues. +This article describes several known issues that you may encounter when you use network unlock feature, and provides guidance to address these issues. -## Tip: Detect whether BitLocker Network Unlock is enabled on a specific computer +## Tip: Detect whether BitLocker network unlock is enabled on a specific computer -You can use the following steps on computers that have either x64 or x32 UEFI systems. You can also script these commands. +You can use the following steps on computers that have either x64 or x32 UEFI systems. You can also script these commands: 1. Open an elevated Command Prompt window and run the following command: @@ -40,15 +40,15 @@ You can use the following steps on computers that have either x64 or x32 UEFI sy ``` where \<*Drive*> is the drive letter, followed by a colon (:), of the bootable drive. - If the output of this command includes a key protector of type **TpmCertificate (9)**, the configuration is correct for BitLocker Network Unlock. + If the output of this command includes a key protector of type **TpmCertificate (9)**, the configuration is correct for BitLocker network unlock. 1. Start Registry Editor, and verify the following settings: - Entry **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE: OSManageNKP** is set to **1** - - Subkey **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP\\Certificates** has an entry whose name matches the name of the certificate thumbprint of the Network Unlock key protector that you found in step 1. + - Subkey **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP\\Certificates** has an entry whose name matches the name of the certificate thumbprint of the network unlock key protector that you found in step 1. -## On a Surface Pro 4 device, BitLocker Network Unlock does not work because the UEFI network stack is incorrectly configured +## On a Surface Pro 4 device, BitLocker network unlock does not work because the UEFI network stack is incorrectly configured -You have configured BitLocker Network Unlock as described in [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock). You have configured the UEFI of the device to use DHCP. However, when you restart the device, it still prompts you for the BitLocker PIN. +You have configured BitLocker network unlock as described in [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock). You have configured the UEFI of the device to use DHCP. However, when you restart the device, it still prompts you for the BitLocker PIN. You test another device, such as a different type of tablet or laptop PC, that is configured to use the same infrastructure. The device restarts as expected, without prompting for the BitLocker PIN. You conclude that the infrastructure is correctly configured, and the issue is specific to the device. @@ -61,28 +61,28 @@ The UEFI network stack on the device was incorrectly configured. To correctly configure the UEFI network stack of the Surface Pro 4, you have to use Microsoft Surface Enterprise Management Mode (SEMM). For information about SEMM, see [Enroll and configure Surface devices with SEMM](https://docs.microsoft.com/surface/enroll-and-configure-surface-devices-with-semm). > [!NOTE] -> If you cannot use SEMM, you may be able to configure the Surface Pro 4 to use BitLocker Network Unlock by configuring the device to use the network as its first boot option. +> If you cannot use SEMM, you may be able to configure the Surface Pro 4 to use BitLocker network unlock by configuring the device to use the network as its first boot option. -## Unable to use BitLocker Network Unlock feature on a Windows client computer +## Unable to use BitLocker network unlock feature on a Windows client computer -You have configured BitLocker Network Unlock as described in [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock). You have a Windows 8-based client computer that is connected to the corporate LAN by using an Ethernet Cable. However, when you restart the computer, it still prompts you for the BitLocker PIN. +You have configured BitLocker network unlock as described in [BitLocker: How to enable Network Unlock](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock). You have a Windows 8-based client computer that is connected to the corporate LAN by using an Ethernet cable. However, when you restart the computer, it still prompts you for the BitLocker PIN. ### Cause -A Windows 8-based or Windows Server 2012-based client computer sometimes does not receive or use the Network Unlock protector, depending on whether the client receives unrelated BOOTP replies from a DHCP server or WDS server. +A Windows 8-based or Windows Server 2012-based client computer sometimes does not receive or use the network unlock protector, depending on whether the client receives unrelated BOOTP replies from a DHCP or WDS server. DHCP servers may send any DHCP options to a BOOTP client as allowed by the DHCP options and BOOTP vendor extensions. This means that because a DHCP server supports BOOTP clients, the DHCP server replies to BOOTP requests. The manner in which a DHCP server handles an incoming message depends in part on whether the message uses the Message Type option: -- The first two messages that the BitLocker Network Unlock client sends are DHCP DISCOVER\REQUEST messages. They use the Message Type option, so the DHCP server treats them as DHCP messages. -- The third message that the BitLocker Network Unlock client sends does not have the Message Type option. The DHCP server treats the message as a BOOTP request. +- The first two messages that the BitLocker network unlock client sends are DHCP DISCOVER\REQUEST messages. These messages use the Message Type option; therefore, the DHCP server treats them as DHCP messages. +- The third message that the BitLocker network unlock client sends does not have the Message Type option. The DHCP server treats the message as a BOOTP request. A DHCP server that supports BOOTP clients must interact with those clients according to the BOOTP protocol. The server must create a BOOTP BOOTREPLY message instead of a DHCP DHCPOFFER message. (In other words, the server must not include the DHCP message option type and must not exceed the size limit for BOOTREPLY messages.) After the server sends the BOOTP BOOTREPLY message, the server marks a binding for a BOOTP client as BOUND. A non-DHCP client does not send a DHCPREQUEST message, nor does that client expect a DHCPACK message. If a DHCP server that is not configured to support BOOTP clients receives a BOOTREQUEST message from a BOOTP client, that server silently discards the BOOTREQUEST message. -For more information about DHCP and BitLocker Network Unlock, see [BitLocker: How to enable Network Unlock: Network Unlock sequence](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock#network-unlock-sequence) +For more information about DHCP and BitLocker network unlock, see [BitLocker: How to enable Network Unlock: Network Unlock sequence](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock#network-unlock-sequence) ### Resolution From 15fafb67b421cad79c666afbfba2f0f8876c6484 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 18:46:24 +0530 Subject: [PATCH 041/540] Update ts-bitlocker-recovery-issues.md --- .../bitlocker/ts-bitlocker-recovery-issues.md | 112 +++++++++--------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index b9d677c092..cc10bde567 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -18,7 +18,7 @@ ms.custom: bitlocker # BitLocker recovery: known issues -This article describes common issues that may prevent BitLocker from behaving as expected when you recover a drive, or that may cause BitLocker to start recovery unexpectedly. The article provides guidance to address these issues. +This article describes common issues that may prevent BitLocker from behaving as expected when you recover a drive, or that may cause BitLocker to start recovery unexpectedly. The article also provides guidance to address these issues. > [!NOTE] > In this article, "recovery password" refers to the 48-digit recovery password and "recovery key" refers to 32-digit recovery key. For more information, see [BitLocker key protectors](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bitlocker-key-protectors). @@ -29,14 +29,14 @@ Windows 10 prompts you for a BitLocker recovery password. However, you did not c ### Resolution -The BitLocker and Active Directory Domain Services (AD DS) FAQ addresses situations that may produce this symptom, and provides information about how to resolve the issue: +The BitLocker and Active Directory Domain Services (AD DS) FAQ address situations that may produce this symptom, and provides information about the procedure to resolve the issue: - [What if BitLocker is enabled on a computer before the computer has joined the domain?](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain) - [What happens if the backup initially fails? Will BitLocker retry the backup?](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq#what-happens-if-the-backup-initially-fails-will-bitlocker-retry-the-backup) ## The recovery password for a laptop was not backed up, and the laptop is locked -You have a Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker Driver Encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. +You have a Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker driver encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. ### Resolution @@ -57,7 +57,7 @@ You can use either of the following methods to manually back up or synchronize a ## Tablet devices do not support using Manage-bde -forcerecovery to test recovery mode -You have a tablet or slate device, and you try to test BitLocker Recovery by running the following command: +You have a tablet or slate device, and you try to test BitLocker recovery by running the following command: ```cmd Manage-bde -forcerecovery @@ -70,7 +70,7 @@ However, after you enter the recovery password, the device cannot start. > [!IMPORTANT] > Tablet devices do not support the **manage-bde -forcerecovery** command. -This issue occurs because the Windows Boot Manager cannot process touch input during the pre-boot phase of startup. If Boot Manager detects that the device is a tablet, it redirects the startup process to the Windows Recovery Environment (WinRE), which can process touch input. +This issue occurs because the Windows Boot Manager cannot process touch-input during the pre-boot phase of startup. If Boot Manager detects that the device is a tablet, it redirects the startup process to the Windows Recovery Environment (WinRE), which can process touch-input. If WindowsRE detects the TPM protector on the hard disk, it does a PCR reseal. However, the **manage-bde -forcerecovery** command deletes the TPM protectors on the hard disk. Therefore, WinRE cannot reseal the PCRs. This failure triggers an infinite BitLocker recovery cycle and prevents Windows from starting. @@ -80,20 +80,20 @@ This behavior is by design for all versions of Windows. To resolve the restart loop, follow these steps: -1. On the BitLocker Recovery screen, select **Skip this drive**. -1. Select **Troubleshoot** \> **Advanced Options** \> **Command Prompt**. -1. In the Command Prompt window, run the following commands : +1. On the **BitLocker Recovery** screen, select **Skip this drive**. +2. Select **Troubleshoot** \> **Advanced Options** \> **Command Prompt**. +3. In the Command Prompt window, run the following commands : ```cmd manage-bde –unlock C: -rp <48-digit BitLocker recovery password> manage-bde -protectors -disable C: ``` -1. Close the Command Prompt window. -1. Shut down the device. -1. Start the device. Windows should start as usual. +4. Close the Command Prompt window. +5. Shut down the device. +6. Start the device. Windows should start as usual. ## After you install UEFI or TPM firmware updates on Surface, BitLocker prompts for the recovery password -You have a Surface device that has BitLocker Drive Encryption turned on. You update the firmware of the device TPM or install an update that changes the signature of the system firmware. For example, you install the Surface TPM (IFX) update. +You have a Surface device that has BitLocker drive encryption turned on. You update the firmware of the device TPM or install an update that changes the signature of the system firmware. For example, you install the Surface TPM (IFX) update. You experience one or more of the following symptoms on the Surface device: @@ -105,14 +105,14 @@ You experience one or more of the following symptoms on the Surface device: This issue occurs if the Surface device TPM is configured to use Platform Configuration Register (PCR) values other than the default values of PCR 7 and PCR 11. For example, the following settings can configure the TPM this way: -- Secure Boot is turned off. -- PCR values have been explicitly defined, such as by Group Policy. +- Secure boot is turned off. +- PCR values have been explicitly defined, such as by group policy. -Devices that support Connected Standby (also known as *InstantGO* or *Always On, Always Connected PCs*), including Surface devices, must use PCR 7 of the TPM. In its default configuration on such systems, BitLocker binds to PCR 7 and PCR 11 if PCR 7 and Secure Boot are correctly configured. For more information, see "About the Platform Configuration Register (PCR)" at [BitLocker Group Policy Settings](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj679890(v=ws.11)#about-the-platform-configuration-register-pcr)). +Devices that support Connected Standby (also known as *InstantGO* or *Always On, Always Connected PCs*), including Surface devices, must use PCR 7 of the TPM. In its default configuration on such systems, BitLocker binds to PCR 7 and PCR 11 if PCR 7 and secure boot are correctly configured. For more information, see "About the Platform Configuration Register (PCR)" at [BitLocker Group Policy Settings](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj679890(v=ws.11)#about-the-platform-configuration-register-pcr)). ### Resolution -To verify the PCR values that are in use on a device, open and elevated Command Prompt window and run the following command: +To verify the PCR values that are in use on a device, open an elevated Command Prompt window and run the following command: ```cmd manage-bde.exe -protectors -get : @@ -129,25 +129,25 @@ If you have installed a TPM or UEFI update and your device cannot start, even if To do this, follow these steps: 1. Obtain your BitLocker recovery password from [your Microsoft.com account](https://account.microsoft.com/devices/recoverykey). If BitLocker is managed by a different method, such as Microsoft BitLocker Administration and Monitoring (MBAM), contact your administrator for help. -1. Use another computer to download the Surface recovery image from [Download a recovery image for your Surface](https://support.microsoft.com/surfacerecoveryimage). Use the downloaded image to create a USB recovery drive. -1. Insert the USB Surface recovery image drive into the Surface device, and start the device. -1. When you are prompted, select the following items: +2. Use another computer to download the Surface recovery image from [Download a recovery image for your Surface](https://support.microsoft.com/surfacerecoveryimage). Use the downloaded image to create a USB recovery drive. +3. Insert the USB Surface recovery image drive into the Surface device, and start the device. +4. When you are prompted, select the following items: 1. Your operating system language. - 1. Your keyboard layout. -1. Select **Troubleshoot** > **Advanced Options** > **Command Prompt**. -1. In the Command Prompt window, run the following commands: + 2. Your keyboard layout. +5. Select **Troubleshoot** > **Advanced Options** > **Command Prompt**. +6. In the Command Prompt window, run the following commands: ```cmd manage-bde -unlock -recoverypassword : manage-bde -protectors -disable : ``` In these commands, \<*Password*\> is the BitLocker recovery password that you obtained in step 1, and \<*DriveLetter*> is the drive letter that is assigned to your operating system drive. > [!NOTE] - > For more information about how to use this command, see [manage-bde: unlock](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-unlock). -1. Restart the computer. -1. When you are prompted, enter the BitLocker recovery password that you obtained in step 1. + > For more information about the procedure to use this command, see [manage-bde: unlock](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-unlock). +7. Restart the computer. +8. When you are prompted, enter the BitLocker recovery password that you obtained in step 1. > [!NOTE] -> After you disable the TPM protectors, BitLocker Drive Encryption no longer protects your device. To re-enable BitLocker Drive Encryption, select **Start**, type **Manage BitLocker**, and then press Enter. Follow the steps to encrypt your drive. +> After you disable the TPM protectors, BitLocker drive encryption no longer protects your device. To re-enable BitLocker drive encryption, select **Start**, type **Manage BitLocker**, and then press Enter. Follow the steps to encrypt your drive. #### Step 2: Use Surface BMR to recover data and reset your device @@ -158,41 +158,41 @@ To recover data from your Surface device if you cannot start Windows, follow ste manage-bde -unlock -recoverypassword : ``` In this command, \<*Password*\> is the BitLocker recovery password that you obtained in step 1 of [Step 1](#step-1), and \<*DriveLetter*> is the drive letter that is assigned to your operating system drive. -1. After the drive is unlocked, use the **copy** or **xcopy** command to copy the user data to another drive. +2. After the drive is unlocked, use the **copy** or **xcopy** command to copy the user data to another drive. > [!NOTE] - > For more information about the these commands, see the [Windows commands](https://docs.microsoft.com/windows-server/administration/windows-commands/windows-commands). + > For more information about these commands, see the [Windows commands](https://docs.microsoft.com/windows-server/administration/windows-commands/windows-commands). 1. To reset your device by using a Surface recovery image, follow the instructions in the "How to reset your Surface using your USB recovery drive" section in [Creating and using a USB recovery drive](https://support.microsoft.com/help/4023512). #### Step 3: Restore the default PCR values -To prevent this issue from recurring, we strongly recommend that you restore the default configuration of Secure Boot and the PCR values. +To prevent this issue from recurring, we strongly recommend that you restore the default configuration of secure boot and the PCR values. -To enable Secure Boot on a Surface device, follow these steps: +To enable secure boot on a Surface device, follow these steps: -1. Suspend BitLocker. to do this, open an elevated Windows PowerShell window, and run the following cmdlet: +1. Suspend BitLocker. To do this, open an elevated Windows PowerShell window and run the following cmdlet: ```ps Suspend-BitLocker -MountPoint ":" -RebootCount 0 ``` In this command, <*DriveLetter*> is the letter that is assigned to your drive. -1. Restart the device, and then edit the BIOS to set the **Secure Boot** option to **Microsoft Only**. -1. Restart the device. -1. Open an elevated PowerShell window, and run the following cmdlet: +2. Restart the device, and then edit the BIOS to set the **Secure Boot** option to **Microsoft Only**. +3. Restart the device. +1. Open an elevated PowerShell window and run the following cmdlet: ```ps Resume-BitLocker -MountPoint ":" ``` To reset the PCR settings on the TPM, follow these steps: -1. Disable any Group Policy Objects that configure the PCR settings, or remove the device from any groups that enforce such policies. +1. Disable any group policy objects (GPOs) that configure the PCR settings, or remove the device from any groups that enforce such policies. For more information, see [BitLocker Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings). -1. Suspend BitLocker. To do this, open an elevated Windows PowerShell window, and run the following cmdlet: +2. Suspend BitLocker. To do this, open an elevated Windows PowerShell window and run the following cmdlet: ```ps Suspend-BitLocker -MountPoint ":" -RebootCount 0 ``` where <*DriveLetter*> is the letter assigned to your drive. -1. Run the following cmdlet: +3. Run the following cmdlet: ```ps Resume-BitLocker -MountPoint ":" @@ -201,38 +201,38 @@ To reset the PCR settings on the TPM, follow these steps: You can avoid this scenario when you install updates to system firmware or TPM firmware by temporarily suspending BitLocker before you apply such updates. > [!IMPORTANT] -> TPM and UEFI firmware updates may require multiple restarts while they install. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps) and set the **Reboot Count** parameter to either of the following values: -> - **2** or greater: This value sets the number of times the device can restart before BitLocker Device Encryption resumes. -> - **0**: This value suspends BitLocker Drive Encryption indefinitely, until you use [Resume-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps) or another mechanism to resume protection. +> TPM and UEFI firmware updates may require multiple restarts while they are being installed. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps) and set the **Reboot Count** parameter to either of the following values: +> - **2** or greater: This value sets the number of times the device can restart before BitLocker device encryption resumes. +> - **0**: This value suspends BitLocker drive encryption indefinitely, until you use [Resume-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps) or another mechanism to resume protection. To suspend BitLocker while you install TPM or UEFI firmware updates: -1. Open an elevated Windows PowerShell window, and run the following cmdlet: +1. Open an elevated Windows PowerShell window and run the following cmdlet: ```ps Suspend-BitLocker -MountPoint ":" -RebootCount 0 ``` - In this cmdlet <*DriveLetter*> is the letter that is assigned to your drive. -1. Install the Surface device driver and firmware updates. -1. After you install the firmware updates, restart the computer, open an elevated PowerShell window, and then run the following cmdlet: + In this cmdlet, <*DriveLetter*> is the letter that is assigned to your drive. +2. Install the Surface device driver and firmware updates. +3. After you install the firmware updates, restart the computer, open an elevated PowerShell window and then run the following cmdlet: ```ps Resume-BitLocker -MountPoint ":" ``` -To re-enable BitLocker Drive Encryption, select **Start**, type **Manage BitLocker**, and then press Enter. Follow the steps to encrypt your drive. +To re-enable BitLocker drive encryption, select **Start**, type **Manage BitLocker**, and then press Enter. Follow the steps to encrypt your drive. ## After you install an update to a Hyper V-enabled computer, BitLocker prompts for the recovery password and returns error 0xC0210000 -You have a device that runs Windows 10, version 1703, Windows 10, version 1607, or Windows Server 2016. Also, Hyper-V is enabled on the device. After you install an affected update and restart the device, the device enters BitLocker Recovery mode and you see error code 0xC0210000. +You have a device that runs Windows 10, version 1703; Windows 10, version 1607; or Windows Server 2016. Also, Hyper-V is enabled on the device. After you install an affected update and restart the device, the device enters BitLocker recovery mode and you see error code 0xC0210000. ### Workaround If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE). To do this, follow these steps: -1. Retrieve the 48-digit BitLocker recovery password for the operating system drive from your organization's portal or from wherever the password was stored when BitLocker Drive Encryption was first turned on. -1. On the Recovery screen, press Enter. When you are prompted, enter the recovery password. -1. If your device starts in the (WinRE) and prompts you for the recovery password again, select **Skip the drive**. -1. Select **Advanced options** > **Troubleshoot** > **Advanced options** > **Command Prompt**. -1. In the Command Prompt window, run the following commands: +1. Retrieve the 48-digit BitLocker recovery password for the operating system drive from your organization's portal or from wherever the password was stored when BitLocker drive encryption was first turned on. +2. On the Recovery screen, press Enter. When you are prompted, enter the recovery password. +3. If your device starts in WinRE and prompts you for the recovery password again, select **Skip the drive**. +4. Select **Advanced options** > **Troubleshoot** > **Advanced options** > **Command Prompt**. +5. In the Command Prompt window, run the following commands: ```cmd Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group> Manage-bde -protectors -disable c: @@ -243,7 +243,7 @@ If your device is already in this state, you can successfully start Windows afte > [!NOTE] > These commands suspend BitLocker for one restart of the device. The **-rc 1** option works only inside the operating system and does not work in the recovery environment. 1. Select **Continue**. Windows should start. -1. After Windows has started, open an elevated Command Prompt window and run the following command: +2. After Windows has started, open an elevated Command Prompt window and run the following command: ```cmd Manage-bde -protectors -enable c: ``` @@ -262,11 +262,11 @@ Manage-bde -protectors -disable c: -rc 1 To resolve this issue, install the appropriate update on the affected device: - For Windows 10, version 1703: [July 9, 2019—KB4507450 (OS Build 15063.1928)](https://support.microsoft.com/help/4507450/windows-10-update-kb4507450) -- For Windows 10, version 1607 and Windows Server 2016: [July 9, 2019—KB4507460 (OS Build 14393.3085)](https://support.microsoft.com/help/4507460/windows-10-update-kb4507460) +- For Windows 10, version 1607, and Windows Server 2016: [July 9, 2019—KB4507460 (OS Build 14393.3085)](https://support.microsoft.com/help/4507460/windows-10-update-kb4507460) ## Credential Guard/Device Guard on TPM 1.2: At every restart, BitLocker prompts for the recovery password and returns error 0xC0210000 -You have a device that uses TPM 1.2 and runs Windows 10, version 1809. Also, the device uses [Virtualization-based Security](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-vbs) features such as [Device Guard and Credential Guard](https://docs.microsoft.com/windows-hardware/drivers/bringup/device-guard-and-credential-guard). Every time that you start the device, the device enters BitLocker Recovery mode and you see error code 0xc0210000, and a message that resembles the following. +You have a device that uses TPM 1.2 and runs Windows 10, version 1809. Also, the device uses [Virtualization-based Security](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-vbs) features such as [Device Guard and Credential Guard](https://docs.microsoft.com/windows-hardware/drivers/bringup/device-guard-and-credential-guard). Every time you start the device, the device enters BitLocker recovery mode and you see error code 0xc0210000, and a message that resembles the following: > Recovery > @@ -279,7 +279,7 @@ You have a device that uses TPM 1.2 and runs Windows 10, version 1809. Also, the ### Cause -TPM 1.2 does not support Secure Launch. For more information, see [System Guard Secure Launch and SMM protection: Requirements Met by System Guard Enabled Machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection\#requirements-met-by-system-guard-enabled-machines) +TPM 1.2 does not support secure launch. For more information, see [System Guard Secure Launch and SMM protection: Requirements Met by System Guard Enabled Machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection\#requirements-met-by-system-guard-enabled-machines) For more information about this technology, see [Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) @@ -287,5 +287,5 @@ For more information about this technology, see [Windows Defender System Guard: To resolve this issue, do one of the following: -- Remove any device that uses TPM 1.2 from any group that is subject to Group Policy Objects (GPOs) that enforce Secure Launch. +- Remove any device that uses TPM 1.2 from any group that is subject to GPOs that enforce secure launch. - Edit the **Turn On Virtualization Based Security** GPO to set **Secure Launch Configuration** to **Disabled**. From 7dc85e1513cfc6ab7208fbda699257d14fb9676d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 19:21:30 +0530 Subject: [PATCH 042/540] Update ts-bitlocker-tpm-issues.md --- .../bitlocker/ts-bitlocker-tpm-issues.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 9e19de9f72..d9f36860e7 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -18,7 +18,7 @@ ms.custom: bitlocker # BitLocker and TPM: other known issues -This article describes common issues that relate directly to the Trusted Platform Module (TPM), and provides guidance to address these issues. +This article describes common issues that relate directly to the trusted platform module (TPM), and provides guidance to address these issues. ## Azure AD: Windows Hello for Business and single sign-on do not work @@ -52,21 +52,21 @@ Additionally, the behavior indicates that the client computer cannot obtain a [P ### Resolution -To verify the status of the PRT, use the [dsregcmd /status command](https://docs.microsoft.com/azure/active-directory/devices/troubleshoot-device-dsregcmd) to collect information. In the tool output, verify that either **User state** or **SSO state** contains the **AzureAdPrt** attribute. If the value of this attribute is **No**, the PRT was not issued. This may indicate that the computer could not present its certificate for authentication. +To verify the status of the PRT, use the [dsregcmd /status command](https://docs.microsoft.com/azure/active-directory/devices/troubleshoot-device-dsregcmd) to collect information. In the tool output, verify that either **User state** or **SSO state** contains the **AzureAdPrt** attribute. If the value of this attribute is **No**, the PRT was not issued. This indicates that the computer could not present its certificate for authentication. To resolve this issue, follow these steps to troubleshoot the TPM: -1. Open the TPM management console (tpm.msc). To do this, select **Start**, and enter **tpm.msc** in the **Search** box. -1. If you see a notice to either unlock the TPM or reset the lockout, follow those instructions. -1. If you do not see such a notice, review the BIOS settings of the computer for any setting that you can use to reset or disable the lockout. -1. Contact the hardware vendor to determine whether there is a known fix for the issue. -1. If you still cannot resolve the issue, clear and re-initialize the TPM. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](https://docs.microsoft.com/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm). +1. Select **Start**, and enter **tpm.msc** in the **Search** box to open the TPM management console (tpm.msc). +2. If you see a notice to either unlock the TPM or reset the lockout, follow those instructions. +3. If you do not see such a notice, review the BIOS settings of the computer for any setting that you can use to reset or disable the lockout. +4. Contact the hardware vendor to determine whether there is a known fix for the issue. +5. If you still cannot resolve the issue, clear and re-initialize the TPM. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](https://docs.microsoft.com/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm). > [!WARNING] > Clearing the TPM can cause data loss. ## TPM 1.2 Error: Loading the management console failed. The device that is required by the cryptographic provider is not ready for use -You have a Windows 10 version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive a message that resembles the following: +You have a Windows 10, version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive a message that resembles the following: > Loading the management console failed. The device that is required by the cryptographic provider is not ready for use. > HRESULT 0x800900300x80090030 - NTE\_DEVICE\_NOT\_READY @@ -89,12 +89,12 @@ If this does not resolve the issue, consider replacing the device motherboard. A You have a device that you are trying to join to a hybrid Azure AD. However, the join operation appears to fail. -To verify that the join succeeded, use the [dsregcmd /status command](https://docs.microsoft.com/azure/active-directory/devices/troubleshoot-device-dsregcmd). In the tool output, the following attributes indicate that the join succeeded: +To verify whether the join operation succeeded, use the [dsregcmd /status command](https://docs.microsoft.com/azure/active-directory/devices/troubleshoot-device-dsregcmd). In the tool output, the following attributes indicate that the join operation succeeded: - **AzureAdJoined: YES** - **DomainName: \<*on-prem Domain name*\>** -If the value of **AzureADJoined** is **No**, the join failed. +If the value of **AzureADJoined** is **No**, the join operation failed. ### Causes and Resolutions From 0edbd26dbcf994230aba8089d971f8850c79991d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 24 Sep 2020 19:57:41 +0530 Subject: [PATCH 043/540] Update encrypted-hard-drive.md --- .../encrypted-hard-drive.md | 77 +++++++++---------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index d9b80efe97..b61ec76f2e 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -20,91 +20,90 @@ ms.date: 04/02/2019 - Windows Server 2019 - Windows Server 2016 -Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. +Encrypted hard drive uses the rapid encryption that is provided by BitLocker drive encryption to enhance data security and management. -By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. +By offloading the cryptographic operations to a hardware, Encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. -Encrypted Hard Drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. You can install Windows to Encrypted Hard Drives without additional modification beginning with Windows 8 and Windows Server 2012. +Encrypted hard drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. You can install Windows to encrypted hard drives without additional modification, beginning with Windows 8 and Windows Server 2012. -Encrypted Hard Drives provide: +Encrypted hard drives provide: - **Better performance**: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation. -- **Strong security based in hardware**: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system -- **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive. -- **Lower cost of ownership**: There is no need for new infrastructure to manage encryption keys, since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process. +- **Strong security based in hardware**: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it unlocks, independent of the operating system. +- **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using an on-board encryption key; there is no need to re-encrypt data on the drive. +- **Lower cost of ownership**: There is no need for new infrastructure to manage encryption keys since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process. -Encrypted Hard Drives are supported natively in the operating system through the following mechanisms: +Encrypted hard drives are supported natively in the operating system through the following mechanisms: -- **Identification**: The operating system can identify that the drive is an Encrypted Hard Drive device type -- **Activation**: The operating system disk management utility can activate, create and map volumes to ranges/bands as appropriate -- **Configuration**: The operating system can create and map volumes to ranges/bands as appropriate -- **API**: API support for applications to manage Encrypted Hard Drives independently of BitLocker Drive Encryption (BDE) -- **BitLocker support**: Integration with the BitLocker Control Panel provides a seamless BitLocker end user experience. +- **Identification**: The operating system identifies that the drive is an Encrypted hard drive device type. +- **Activation**: The operating system disk management utility activates, creates and maps volumes to ranges/bands as appropriate. +- **Configuration**: The operating system creates and maps volumes to ranges/bands as appropriate. +- **API**: API support for applications to manage Encrypted hard drives independent of BitLocker drive encryption (BDE). +- **BitLocker support**: Integration with the BitLocker Control Panel provides a seamless BitLocker end-user experience. >[!WARNING] ->Self-Encrypting Hard Drives and Encrypted Hard Drives for Windows are not the same type of device. Encrypted Hard Drives for Windows require compliance for specific TCG protocols as well as IEEE 1667 compliance; Self-Encrypting Hard Drives do not have these requirements. It is important to confirm the device type is an Encrypted Hard Drive for Windows when planning for deployment. +>Self-encrypting hard drives and encrypted hard drives for Windows are not the same type of devices. Encrypted hard drives for Windows require compliance for specific TCG protocols as well as IEEE 1667 compliance; Self-encrypting hard drives do not have these requirements. It is important to confirm that the device type is an encrypted hard drive for Windows when planning for deployment. -If you are a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](https://msdn.microsoft.com/library/windows/hardware/dn653989.aspx). +If you are a storage device vendor who is looking for more information on the procedure to implement encrypted hard drive, see the [Encrypted Hard Drive Device Guide](https://msdn.microsoft.com/library/windows/hardware/dn653989.aspx). ## System Requirements -To use Encrypted Hard Drives, the following system requirements apply: +To use encrypted hard drives, the following system requirements apply: -For an Encrypted Hard Drive used as a **data drive**: +For an encrypted hard drive used as a **data drive**: - The drive must be in an uninitialized state. - The drive must be in a security inactive state. -For an Encrypted Hard Drive used as a **startup drive**: +For an encrypted hard drive used as a **startup drive**: - The drive must be in an uninitialized state. - The drive must be in a security inactive state. - The computer must be UEFI 2.3.1 based and have the EFI\_STORAGE\_SECURITY\_COMMAND\_PROTOCOL defined. (This protocol is used to allow programs running in the EFI boot services environment to send security protocol commands to the drive). -- The computer must have the Compatibility Support Module (CSM) disabled in UEFI. +- The computer must have the compatibility support module (CSM) disabled in UEFI. - The computer must always boot natively from UEFI. >[!WARNING] ->All Encrypted Hard Drives must be attached to non-RAID controllers to function properly. +>All encrypted hard drives must be attached to non-RAID controllers to function properly. ## Technical overview -Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering significantly improved performance. In versions of Windows earlier than Windows Server 2012, BitLocker required a two-step process to complete read/write requests. In Windows Server 2012, Windows 8, or later, Encrypted Hard Drives offload the cryptographic operations to the drive controller for much greater efficiency. When the operating system identifies an Encrypted Hard Drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. This media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. +Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering significantly improved performance. In versions of Windows earlier than Windows Server 2012, BitLocker required a two-step process to complete read/write requests. In Windows Server 2012, Windows 8, or later versions, encrypted hard drives offload the cryptographic operations to the drive controller for much greater efficiency. When the operating system identifies an encrypted hard drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. This media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. -## Configuring Encrypted Hard Drives as Startup drives +## Configuring encrypted hard drives as startup drives -Configuration of Encrypted Hard Drives as startup drives is done using the same methods as standard hard drives. These methods include: +Configuration of encrypted hard drives as startup drives is done using the same methods as standard hard drives. These methods include: -- **Deploy from media**: Configuration of Encrypted Hard Drives happens automatically through the installation process. -- **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component is not present, configuration of Encrypted Hard Drives will not work. -- **Deploy from server**: This deployment method involves PXE booting a client with Encrypted Hard Drives present. Configuration of Encrypted Hard Drives happens automatically in this environment when the Enhanced Storage component is added to the PXE boot image. During deployment, the [TCGSecurityActivationDisabled](https://msdn.microsoft.com/library/windows/hardware/dn923247.aspx) setting in unattend.xml controls the encryption behavior of Encrypted Hard Drives. -- **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators will not work. +- **Deploy from media**: Configuration of encrypted hard drives happens automatically through the installation process. +- **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the enhanced storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component is not present, configuration of encrypted hard drives does not work. +- **Deploy from server**: This deployment method involves PXE booting a client with encrypted hard drives present. Configuration of encrypted hard drives happens automatically in this environment when the Enhanced Storage component is added to the PXE boot image. During deployment, the [TCGSecurityActivationDisabled](https://msdn.microsoft.com/library/windows/hardware/dn923247.aspx) setting in unattend.xml controls the encryption behavior of encrypted hard drives. +- **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an encrypted hard drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators will not work. -## Configuring hardware-based encryption with Group Policy +## Configuring hardware-based encryption with group policy -There are three related Group Policy settings that help you manage how BitLocker uses hardware-based envryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: +There are three related group policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: - [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#bkmk-hdefxd) - [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives) - [Configure use of hardware-based encryption for operating system drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives) -## Encrypted Hard Drive Architecture +## Encrypted hard drive architecture -Encrypted Hard Drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These are the Data Encryption Key (DEK) and the Authentication Key (AK). +Encrypted hard drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These are the data encryption key (DEK) and the authentication key (AK). -The Data Encryption Key is the key used to encrypt all of the data on the drive. The drive generates the DEK and it never leaves the device. It is stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable. +The DEK is the key used to encrypt all of the data on the drive. The drive generates the DEK that never leaves the device. It is stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable. -The Authentication Key is the key used to unlock data on the drive. A hash of the key is stored on drive and requires confirmation to decrypt the DEK. +The AK is the key used to unlock data on the drive. A hash of the key is stored on the drive and requires confirmation to decrypt the DEK. -When a computer with an Encrypted Hard Drive is in a powered off state, the drive locks automatically. As a computer powers on, the device remains in a locked state and is only unlocked after the Authentication Key decrypts the Data Encryption Key. Once the Authentication Key decrypts the Data -Encryption Key, read-write operations can take place on the device. +When a computer with an encrypted hard drive is in a powered-off state, the drive locks automatically. As a computer powers on, the device remains in a locked state and is only unlocked after the AK decrypts the DEK. Once the AK decrypts the DEK, read-write operations can take place on the device. -When writing data to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive does not need to be re-encrypted. A new Authentication Key needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK and read-writes to the volume can continue. +When writing data to the drive, the data passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive does not need to be re-encrypted. A new AK needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK, and read-writes to the volume can continue. -## Re-configuring Encrypted Hard Drives +## Re-configuring encrypted hard drives -Many Encrypted Hard Drive devices come pre-configured for use. If reconfiguration of the drive is required, use the following procedure after removing all available volumes and reverting the drive to an uninitialized state: +Many encrypted hard drive devices come pre-configured for use. If reconfiguration of the drive is required, use the following procedure after removing all available volumes and reverting the drive to an uninitialized state: 1. Open Disk Management (diskmgmt.msc) 2. Initialize the disk and select the appropriate partition style (MBR or GPT) 3. Create one or more volumes on the disk. -4. Use the BitLocker setup wizard to enable BitLocker on the volume. \ No newline at end of file +4. Use the BitLocker setup wizard to enable BitLocker on the volume. From 9cc0799c0a036c371b9e7f3e1ffd17afda973611 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 25 Sep 2020 17:54:42 +0530 Subject: [PATCH 044/540] Update bitlocker-to-go-faq.md --- .../information-protection/bitlocker/bitlocker-to-go-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index c34ddf46f1..5589a47dfc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -25,7 +25,7 @@ ms.custom: bitlocker ## What is BitLocker To Go? -BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements). +BitLocker To Go is BitLocker drive encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements). As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. From 874ba7ef2f3af87afa2d3dcdca1a5acc79d5a85e Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 25 Sep 2020 20:25:49 +0530 Subject: [PATCH 045/540] Update bitlocker-device-encryption-overview-windows-10.md --- ...r-device-encryption-overview-windows-10.md | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 34008453ad..4474893bc0 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -17,15 +17,15 @@ ms.reviewer: ms.custom: bitlocker --- -# Overview of BitLocker Device Encryption in Windows 10 +# Overview of BitLocker device encryption in Windows 10 **Applies to** - Windows 10 -This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10. +This topic explains how BitLocker device encryption can help protect data on devices running Windows 10. For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). -When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies. +When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and providing new strategies. Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7. @@ -33,17 +33,17 @@ Table 2 lists specific data-protection concerns and how they are addressed in Wi | Windows 7 | Windows 10 | |---|---| -| When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.

Network Unlock allows PCs to start automatically when connected to the internal network. | +| When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker device encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.

Network unlock allows PCs to start automatically when connected to the internal network. | | When BitLocker is enabled, the provisioning process can take several hours. | BitLocker pre-provisioning, encrypting hard drives, and Used Space Only encryption allow administrators to enable BitLocker quickly on new computers. | | There is no support for using BitLocker with self-encrypting drives (SEDs). | BitLocker supports offloading encryption to encrypted hard drives. | | Administrators have to use separate tools to manage encrypted hard drives. | BitLocker supports encrypted hard drives with onboard encryption hardware built in, which allows administrators to use the familiar BitLocker administrative tools to manage them. | | Encrypting a new flash drive can take more than 20 minutes. | Used Space Only encryption in BitLocker To Go allows users to encrypt removable data drives in seconds. | -| BitLocker could require users to enter a recovery key when system configuration changes occur. | BitLocker requires the user to enter a recovery key only when disk corruption occurs or when he or she loses the PIN or password. | -| Users need to enter a PIN to start the PC, and then their password to sign in to Windows. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to help protect the BitLocker encryption keys from cold boot attacks. | +| BitLocker could require users to enter a recovery key when system configuration changes occur. | BitLocker requires the users to enter a recovery key only when disk corruption occurs or when they lose the PIN or password. | +| Users need to enter a PIN to start the PC, and then their password to sign in to Windows. | Modern Windows devices are increasingly protected with BitLocker device encryption out of the box and support SSO to help protect the BitLocker encryption keys from cold boot attacks. | ## Prepare for drive and file encryption -The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid. +The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is a strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid. Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth. ### TPM pre-provisioning @@ -53,26 +53,26 @@ In Windows 7, preparing the TPM for use offered a couple of challenges: * You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows. * When you enable the TPM, it may require one or more restarts. -Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled. +Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled. **Question: In the "but if you wanted..." phrase, does "you" refer to the users themselves who would have called IT for support"?** Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated. ## Deploy hard drive encryption BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker. -With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10. +With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.**Question:In the phrase, "Although this process could be automated...", could it be mentioned that the process was not automated because BitLocker needed to encrypt the drive"?** -## BitLocker Device Encryption +## BitLocker device encryption Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition. -Microsoft expects that most devices in the future will pass the testing requirements, which makes BitLocker Device Encryption pervasive across modern Windows devices. BitLocker Device Encryption further protects the system by transparently implementing device-wide data encryption. +Microsoft expects that most devices in the future will pass the testing requirements, which makes BitLocker device encryption pervasive across modern Windows devices. BitLocker device encryption further protects the system by transparently implementing device-wide data encryption. -Unlike a standard BitLocker implementation, BitLocker Device Encryption is enabled automatically so that the device is always protected. The following list outlines how this happens: +Unlike a standard BitLocker implementation, BitLocker device encryption is enabled automatically so that the device is always protected. The following list outlines how this happens: -* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points. -* If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials. -* If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed. +* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points. +* If the device is not domain-joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the users will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using their Microsoft account credentials. +* If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** group policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed. * Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed. Microsoft recommends that BitLocker Device Encryption be enabled on any systems that support it, but the automatic BitLocker Device Encryption process can be prevented by changing the following registry setting: @@ -80,13 +80,13 @@ Microsoft recommends that BitLocker Device Encryption be enabled on any systems - **Value**: PreventDeviceEncryption equal to True (1) - **Type**: REG\_DWORD -Administrators can manage domain-joined devices that have BitLocker Device Encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, BitLocker Device Encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required. +Administrators can manage domain-joined devices that have BitLocker device encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, BitLocker device encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required. ## Used Disk Space Only encryption BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused. But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent. -Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk. +Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume significantly decreases deployment time without the security risk because all new data is encrypted as it is written to the disk. ## Encrypted hard drive support @@ -98,36 +98,36 @@ For more information about encrypted hard drives, see [Encrypted Hard Drive](../ An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it. It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided. -Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md). +Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and the TPM can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities secures the key and prevents unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration, the countermeasures may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md). ## Manage passwords and PINs -When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files. +When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to make it mandatory for users to type a PIN before BitLocker unlocks the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files. -Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis. +Requiring a PIN at startup is a useful security feature because the PIN acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant cost is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis. Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system. For more information about how startup security works and the countermeasures that Windows 10 provides, see [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md). ## Configure Network Unlock -Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary. +Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, the policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary. -Network Unlock enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows Deployment Services runs. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled). -Network Unlock requires the following infrastructure: +Network unlock feature enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows deployment services run. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled). +Network unlock feature requires the following infrastructure: * Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP) -* A server running at least Windows Server 2012 with the Windows Deployment Services role +* A server running at least Windows Server 2012 with the Windows deployment services role * A server with the DHCP server role installed -For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). +For more information about how to configure Network unlock feature, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). -## Microsoft BitLocker Administration and Monitoring +## Microsoft BitLocker administration and monitoring -Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features: +Being a part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features: * Enables administrators to automate the process of encrypting volumes on client computers across the enterprise. * Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself. -* Provides centralized reporting and hardware management with Microsoft Microsoft Endpoint Configuration Manager. +* Provides centralized reporting and hardware management with Microsoft Endpoint Configuration Manager. * Reduces the workload on the help desk to assist end users with BitLocker recovery requests. * Enables end users to recover encrypted devices independently by using the Self-Service Portal. * Enables security officers to easily audit access to recovery key information. From f0d80c4d7242d052745545b9bf403136eadb9f53 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Mon, 28 Sep 2020 12:08:30 +0530 Subject: [PATCH 046/540] Reviewed_bitlocker-use-bitlocker-recovery-password-viewer.md Made a minor change, hence committing directly back to the same branch. --- .../bitlocker-use-bitlocker-recovery-password-viewer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 1ac97c6ce1..0ef2f9bfe1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -25,7 +25,7 @@ ms.custom: bitlocker This topic describes how to use the BitLocker Recovery Password Viewer. -The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. You can also search for a password by password identifier (ID). +The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory. You can also search for a password by password identifier (ID). ## Before you start From fce80b34486031ad2f77a7e0b7b8260197fba65d Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Mon, 28 Sep 2020 15:12:35 +0530 Subject: [PATCH 047/540] Reviewed-PR3755 (#3873) Made a few changes. --- .../bitlocker/bitlocker-recovery-loop-break.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 6d996b7090..862c89585a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -26,16 +26,12 @@ If you've entered the correct Bitlocker recovery key multiple times, and are sti > [!NOTE] > Try these steps only after you have restarted your device at least once. -1. On the initial recovery screen, don't enter your recovery key. Instead, select **Skip this drive**. +1. On the initial recovery screen, don't enter your recovery key, instead, select **Skip this drive**. -1. On the next screen, select **Troubleshoot**. +2. Navigate to **Troubleshoot** > **Advanced options**, and select **Command prompt**. -1. On the Troubleshoot screen, select **Advanced options**. +3. From the WinRE command prompt, manually unlock your drive: `manage-bde.exe -unlock C: -rp ` -1. On the Advanced options screen, select **Command prompt**. +4. Suspend operating system drive protection: `manage-bde.exe -protectors -disable C:` -1. From the WinRE command prompt, manually unlock your drive: `manage-bde.exe -unlock C: -rp ` - -1. Suspend operating system drive protection: `manage-bde.exe -protectors -disable C:` - -1. Once the last command is run, you can safely exit the command prompt and continue to boot into your operating system +5. Once the last command is run, you can exit the command prompt and continue to boot into your operating system. From 455f1d4f9e93bfcb7634b71170f2baf1e50effb7 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 29 Sep 2020 12:40:08 +0530 Subject: [PATCH 048/540] Update bitlocker-how-to-enable-network-unlock.md --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 44d61a42d3..c3f893db23 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -110,7 +110,6 @@ You must configure the WDS server so that it can communicate with DHCP (and opti ### Confirm the WDS Service is running To confirm that the WDS service is running, use the Services Management Console or Windows PowerShell. To confirm that the service is running in Services Management Console, open the console using **services.msc** and check the status of the Windows Deployment Services service. -**Question: Is "Windows Deployment" a service or is the service name itself "Windows Deployment Services"? To confirm that the service is running using Windows PowerShell, use the following command: From 28ce946dab57018fd1b8369f30e9009e2cf5b149 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Tue, 29 Sep 2020 12:58:07 +0530 Subject: [PATCH 049/540] Reviewed_bitlocker-overview-and-requirements-faq.md (#3883) --- .../bitlocker/bitlocker-overview-and-requirements-faq.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index eef3b2f226..2894fbd5ab 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -27,7 +27,11 @@ ms.custom: bitlocker **How does BitLocker work with operating system drives** -You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). For further information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption). +You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by: +- Encrypting all user files and system files (including the swap files and hibernation files) on the operating system drive. +- Checking the integrity of early boot components and Boot Configuration Data (BCD). + +For more information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption). **How does BitLocker work with fixed and removable data drives** @@ -43,6 +47,7 @@ For requirements, see [System requirements](bitlocker-deviceencryption-overview. > [!NOTE] > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. +**Question - The above statement is not clear**. ## Why are two partitions required? Why does the system drive have to be so large? @@ -66,7 +71,7 @@ Beginning with Windows 10, version 1803, you can check TPM status in **Windows D Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, which can be done through the following options: - If the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment, you can use a removable disk. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. -- You can use a password or a PIN to unlock the encrypted disk–This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. +- You can use a password or a PIN to unlock the encrypted disk. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. - In addition to the above two options, the volume master key can be encrypted with a password or a PIN so that it can be displayed in a decrypted version when the user keys in the password. From 53e561c58de49752ffcbfd6e0b71c4b95b9d8f37 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 29 Sep 2020 16:40:59 +0530 Subject: [PATCH 050/540] Update bitlocker-overview-and-requirements-faq.md --- .../bitlocker/bitlocker-overview-and-requirements-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 2894fbd5ab..67965a1d33 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -35,7 +35,7 @@ For more information, see [BitLocker overview] (bitlocker-deviceencryption-overv **How does BitLocker work with fixed and removable data drives** -You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-deviceencryption-overview.md). +You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-device-encryption-overview-windows-10.md). ## Does BitLocker support multifactor authentication? @@ -43,7 +43,7 @@ Yes, BitLocker supports multifactor authentication for operating system drives. ## What are the BitLocker hardware and software requirements? -For requirements, see [System requirements](bitlocker-deviceencryption-overview.md#system-requirements-BitLocker). +For requirements, see [System requirements](bitlocker-device-encryption-overview-windows-10.md#system-requirements-BitLocker). > [!NOTE] > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. From c3d11725fd1158e6b8c9bb3f98091b8e2391980c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 29 Sep 2020 17:16:41 +0530 Subject: [PATCH 051/540] Update bitlocker-overview-and-requirements-faq.md --- .../bitlocker/bitlocker-overview-and-requirements-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 67965a1d33..0a750974a7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -35,7 +35,7 @@ For more information, see [BitLocker overview] (bitlocker-deviceencryption-overv **How does BitLocker work with fixed and removable data drives** -You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-device-encryption-overview-windows-10.md). +You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-overview.md). ## Does BitLocker support multifactor authentication? @@ -43,7 +43,7 @@ Yes, BitLocker supports multifactor authentication for operating system drives. ## What are the BitLocker hardware and software requirements? -For requirements, see [System requirements](bitlocker-device-encryption-overview-windows-10.md#system-requirements-BitLocker). +For requirements, see [System requirements](bitlocker-overview.md#system-requirements). > [!NOTE] > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. From 0d5c816685fc98d9b5f56a152fd3919a475e91b0 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 29 Sep 2020 17:26:51 +0530 Subject: [PATCH 052/540] Update bitlocker-overview-and-requirements-faq.md --- .../bitlocker/bitlocker-overview-and-requirements-faq.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 0a750974a7..92b832954b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -47,7 +47,6 @@ For requirements, see [System requirements](bitlocker-overview.md#system-require > [!NOTE] > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. -**Question - The above statement is not clear**. ## Why are two partitions required? Why does the system drive have to be so large? From cd68c0ce90d44af9aa6f5ea28a3e4d379991380b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 29 Sep 2020 18:14:56 +0530 Subject: [PATCH 053/540] Update bitlocker-how-to-enable-network-unlock.md --- .../bitlocker-how-to-enable-network-unlock.md | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index c3f893db23..5bc6c7d0be 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -18,17 +18,17 @@ ms.date: 02/28/2019 ms.custom: bitlocker --- -# BitLocker: How to enable Network Unlock +# BitLocker: How to enable network unlock **Applies to** - Windows 10 -This topic describes how BitLocker Network Unlock works and how to configure it. +This topic describes how BitLocker network unlock works and how to configure it. -Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. +Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers. -Network Unlock allows BitLocker-enabled systems that have a TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. +Network unlock allows BitLocker-enabled systems that have a TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. This topic contains: @@ -41,7 +41,7 @@ This topic contains: - [Troubleshoot Network Unlock](#bkmk-troubleshoot) - [Configure Network Unlock on unsupported systems](#bkmk-unsupportedsystems) -## Network Unlock core requirements +## Network unlock core requirements Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain-joined systems. These requirements include: @@ -59,19 +59,19 @@ The network stack must be enabled to use the Network Unlock feature. Equipment m > [!NOTE] > To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled. -For Network Unlock to work reliably on computers running Windows 8 and later versions, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and must be used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock fails. +For network unlock to work reliably on computers running Windows 8 and later versions, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and must be used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because network unlock stops enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock fails. The Network Unlock server component is installed on supported versions of Windows Server 2012 and later as a Windows feature that uses Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement. -Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service must be running on the server. +Network unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service must be running on the server. The network key is stored on the system drive along with an AES 256 session key and encrypted with the 2048-bit RSA public key of the Unlock server certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. ## Network Unlock sequence -The unlock sequence starts on the client side when the Windows boot manager detects the existence of Network Unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. +The unlock sequence starts on the client side when the Windows boot manager detects the existence of network unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. -On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. You can also configure the provider with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. +On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming network unlock requests. You can also configure the provider with subnet restrictions, which would require that the IP address provided by the client in the network unlock request belong to a permitted subnet to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and distributing the public key certificate to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM). @@ -82,7 +82,7 @@ The server side configuration to enable Network Unlock also requires provisionin 1. The Windows boot manager detects that a Network Unlock protector exists in the BitLocker configuration. 2. The client computer uses its DHCP driver in the UEFI to obtain a valid IPv4 IP address. 3. The client computer broadcasts a vendor-specific DHCP request that contains: - 1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. + 1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the network unlock certificate from the WDS server. 2. An AES-256 session key for the reply. 4. The Network Unlock provider on the WDS server recognizes the vendor-specific request. 5. The provider decrypts it with the WDS server’s BitLocker Network Unlock certificate RSA private key. @@ -91,13 +91,13 @@ The server side configuration to enable Network Unlock also requires provisionin 8. This combined key is used to create an AES-256 key that unlocks the volume. 9. Windows continues the boot sequence. -## Configure Network Unlock +## Configure network unlock -The following steps allow an administrator to configure Network Unlock in a domain where the Domain Functional Level is at least Windows Server 2012. +The following steps allow an administrator to configure network unlock in a domain where the Domain Functional Level is at least Windows Server 2012. ### Install the WDS Server role -The BitLocker Network Unlock feature installs the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock, you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. +The BitLocker network unlock feature installs the WDS role if it is not already installed. If you want to install it separately before you install BitLocker network unlock, you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. To install the role using Windows PowerShell, use the following command: @@ -118,7 +118,7 @@ Get-Service WDSServer ``` ### Install the Network Unlock feature -To install the Network Unlock feature, use Server Manager or Windows PowerShell. To install the feature using Server Manager, select the **BitLocker Network Unlock** feature in the Server Manager console. +To install the network unlock feature, use Server Manager or Windows PowerShell. To install the feature using Server Manager, select the **BitLocker Network Unlock** feature in the Server Manager console. To install the feature using Windows PowerShell, use the following command: @@ -151,13 +151,13 @@ A properly configured Active Directory Services Certification Authority can use 16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission. 17. Click **OK** to complete configuration of the template. -To add the Network Unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate. +To add the network unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker network unlock certificate. -After adding the Network Unlock template to the Certification Authority, this certificate can be used to configure BitLocker Network Unlock. +After adding the Network Unlock template to the Certification Authority, this certificate can be used to configure BitLocker network unlock. ### Create the Network Unlock certificate -Network Unlock can use imported certificates from an existing PKI infrastructure, or you can use a self-signed certificate. +Network unlock can use imported certificates from an existing PKI infrastructure, or you can use a self-signed certificate. To enroll a certificate from an existing certification authority (CA), do the following: @@ -235,11 +235,11 @@ With the certificate and key created, deploy them to the infrastructure to prope 3. In the **File to Import** dialog, choose the .pfx file created previously. 4. Enter the password used to create the .pfx and complete the wizard. -### Configure group policy settings for Network Unlock +### Configure group policy settings for network unlock With certificate and key deployed to the WDS server for Network Unlock, the final step is to use group policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console. -The following steps describe how to enable the group policy setting that is a requirement for configuring Network Unlock. +The following steps describe how to enable the group policy setting that is a requirement for configuring network unlock. 1. Open Group Policy Management Console (gpmc.msc). 2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** or **Allow startup PIN with TPM** option. @@ -255,12 +255,12 @@ The following steps describe how to deploy the required group policy setting: 3. Create a new Group Policy Object or modify an existing object to enable the **Allow network unlock at startup** setting. 4. Deploy the public certificate to clients: - 1. Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**. + 1. Within group policy management console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**. 2. Right-click the folder and select **Add Network Unlock Certificate**. 3. Follow the wizard steps and import the .cer file that was copied earlier. > [!NOTE] -> Only one Network Unlock Certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. +> Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. 5. Reboot the clients after deploying the group policy. > [!NOTE] @@ -268,9 +268,9 @@ The following steps describe how to deploy the required group policy setting: ### Subnet policy configuration files on WDS Server (Optional) -By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which are the subnet(s) the Network Unlock clients can use to unlock. +By default, all clients with the correct network unlock certificate and valid Network Unlock protectors that have wired access to a network unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which are the subnet(s) the network unlock clients can use to unlock. -The configuration file, called bde-network-unlock.ini, must be located in the same directory as the Network Unlock provider DLL (%windir%\System32\Nkpprov.dll) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider fails and stops responding to requests. +The configuration file, called bde-network-unlock.ini, must be located in the same directory as the network unlock provider DLL (%windir%\System32\Nkpprov.dll) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider fails and stops responding to requests. The subnet policy configuration file must use a “\[SUBNETS\]” section to identify the specific subnets. The named subnets may then be used to specify restrictions in certificate subsections. Subnets are defined as simple name–value pairs, in the common INI format, where each subnet has its own line, with the name on the left of the equal-sign, and the subnet identified on the right of the equal-sign as a Classless Inter-Domain Routing (CIDR) address or range. The key word “ENABLED” is disallowed for subnet names. @@ -287,7 +287,7 @@ Following the \[SUBNETS\] section, there can be sections for each Network Unlock > [!NOTE] > When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint, the subnet configuration fails because the thumbprint will not be recognized as valid. -Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnets are listed in a certificate section, then only those subnets are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section. +Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnets are listed in a certificate section, then only those subnets are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every network unlock certificate on the server, and an explicit allowed list set for each certificate section. Subnet lists are created by putting the name of a subnet from the \[SUBNETS\] section on its own line below the certificate section header. Then, the server will only unlock clients with this certificate on the subnet(s) specified as in the list. For troubleshooting, a subnet can be quickly excluded without deleting it from the section by simply commenting it out with a prepended semi-colon. ```ini @@ -303,26 +303,26 @@ To disallow the use of a certificate altogether, its subnet list may contain the ## Turning off Network Unlock -To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors, the **Allow Network Unlock at startup** group policy setting should be disabled. When this policy setting is updated to **disabled** on client computers, any Network Unlock key protector on the computer is deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. +To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating network unlock protectors, the **Allow Network Unlock at startup** group policy setting should be disabled. When this policy setting is updated to **disabled** on client computers, any Network Unlock key protector on the computer is deleted. Alternatively, the BitLocker network unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. > [!NOTE] -> Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. +> Removing the FVE_NKP certificate store that contains the network unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the network unlock server. ## Update Network Unlock certificates -To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate group policy setting on the domain controller. +To update the certificates used by network unlock, administrators need to import or generate the new certificate for the server and then update the network unlock certificate group policy setting on the domain controller. > [!NOTE] > Servers that do not receive the Group Policy Object (GPO) will require a PIN when booting. In such cases, the reason why the server did not receive the GPO to update the certificate needs to be investigated. ## Troubleshoot Network Unlock -Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue can be the root cause of the failure. Items to verify include: +Troubleshooting network unlock issues begins by verifying the environment. Many times, a small configuration issue can be the root cause of the failure. Items to verify include: - Verify that the client hardware is UEFI-based and is on firmware version 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. - All required roles and services are installed and started. -- Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer. -- Group policy for Network Unlock is enabled and linked to the appropriate domains. +- Public and private certificates have been published and are in the proper certificate containers. The presence of the network unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer. +- Group policy for network unlock is enabled and linked to the appropriate domains. - Verify whether group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. - Verify whether the clients were rebooted after applying the policy. - Verify whether the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example, the following command will list the key protectors currently configured on the C: drive of the local computer: @@ -331,9 +331,9 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many manage-bde -protectors -get C: ``` > [!NOTE] - > Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock + > Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for network unlock -Files to gather when troubleshooting BitLocker Network Unlock include: +Files to gather when troubleshooting BitLocker network unlock include: 1. The Windows event logs, specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log @@ -356,7 +356,7 @@ Files to gather when troubleshooting BitLocker Network Unlock include: ## Configure Network Unlock Group Policy settings on earlier versions -Network Unlock and the accompanying group policy settings were introduced in Windows Server 2012 but can be deployed using operating systems running Windows Server 2008 R2 and Windows Server 2008. +Network unlock and the accompanying group policy settings were introduced in Windows Server 2012 but can be deployed using operating systems running Windows Server 2008 R2 and Windows Server 2008. **Requirements** @@ -370,7 +370,7 @@ The following steps can be used to configure Network Unlock on these older syste 3. [Install the Network Unlock feature](#bkmk-installnufeature) 4. [Create the Network Unlock certificate](#bkmk-createcert) 5. [Deploy the private key and certificate to the WDS server](#bkmk-deploycert) -6. Configure registry settings for Network Unlock: +6. Configure registry settings for network unlock: Apply the registry settings by running the following certutil script (assuming your network unlock certificate file is called **BitLocker-NetworkUnlock.cer**) on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. ```console From 66e05a311a4983beb85f1d00217a4e4b00b6c25c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 14 Oct 2020 22:41:19 +0530 Subject: [PATCH 054/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index d3cf8244bd..cf983de7d7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker ----g +--- # BitLocker basic deployment From 87035a9e6918aed61740f66bea9a637c0da915b7 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 10:15:19 +0530 Subject: [PATCH 055/540] Updated URL --- .../bitlocker/bitlocker-deployment-and-administration-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index b51fa27c9f..eb934812d1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -25,7 +25,7 @@ ms.custom: bitlocker ## Can BitLocker deployment be automated in an enterprise environment? -Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more information about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more information about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/bitlocker/index?view=win10-ps). +Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more information about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more information about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/bitlocker/index?view=win10-ps&preserve-view=true). ## Can BitLocker encrypt more than just the operating system drive? From 5879d55060a2bd6bdc9a2c5d9f0dd4454b6e1986 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 10:28:14 +0530 Subject: [PATCH 056/540] Updated formatting for header --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index cf983de7d7..93273b51f8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -146,9 +146,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From a8236c15b87cfb90d9229f9375d90316eba7c272 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 12:16:55 +0530 Subject: [PATCH 057/540] Update ts-bitlocker-intune-issues.md --- .../bitlocker/ts-bitlocker-intune-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index 8c24276e8f..2f62005f82 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -210,7 +210,7 @@ To verify the secure boot state, use the System Information application. To do t ![System Information app, showing a unsupported Secure Boot State](./images/4509202-en-1.png) > [!NOTE] -> You can also use the [Confirm-SecureBootUEFI](https://docs.microsoft.com/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps) cmdlet to verify the secure boot state. To do this, open an elevated PowerShell window and run the following command: +> You can also use the [Confirm-SecureBootUEFI](https://docs.microsoft.com/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps&preserve-view=true) cmdlet to verify the secure boot state. To do this, open an elevated PowerShell window and run the following command: > ```ps > PS C:\> Confirm-SecureBootUEFI > ``` From 7ed055f997bcb462e7ac621641c8b2353d31c040 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 12:29:18 +0530 Subject: [PATCH 058/540] Update ts-bitlocker-recovery-issues.md --- .../bitlocker/ts-bitlocker-recovery-issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index cc10bde567..37adca3971 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -201,9 +201,9 @@ To reset the PCR settings on the TPM, follow these steps: You can avoid this scenario when you install updates to system firmware or TPM firmware by temporarily suspending BitLocker before you apply such updates. > [!IMPORTANT] -> TPM and UEFI firmware updates may require multiple restarts while they are being installed. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps) and set the **Reboot Count** parameter to either of the following values: +> TPM and UEFI firmware updates may require multiple restarts while they are being installed. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps&preserve-view=true) and set the **Reboot Count** parameter to either of the following values: > - **2** or greater: This value sets the number of times the device can restart before BitLocker device encryption resumes. -> - **0**: This value suspends BitLocker drive encryption indefinitely, until you use [Resume-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps) or another mechanism to resume protection. +> - **0**: This value suspends BitLocker drive encryption indefinitely, until you use [Resume-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps&preserve-view=true) or another mechanism to resume protection. To suspend BitLocker while you install TPM or UEFI firmware updates: From a6680085dde2f1a4d1f20abd0532eb394d793a77 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 12:56:51 +0530 Subject: [PATCH 059/540] Update ts-bitlocker-cannot-encrypt-issues.md --- .../bitlocker/ts-bitlocker-cannot-encrypt-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index 8bebf9546b..e5f6993574 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -80,7 +80,7 @@ To verify that this issue has occurred, follow these steps: > D:(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCSWRPLORC;;;BU)(A;;CCLCSWRPLORC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD) -1. Copy this output, and use it as part of the [**ConvertFrom-SddlString**](https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring?view=powershell-6) command in the PowerShell window, as follows. +1. Copy this output, and use it as part of the [**ConvertFrom-SddlString**](https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring?view=powershell-6&preserve-view=true) command in the PowerShell window, as follows. ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\INTERACTIVE](./images/ts-bitlocker-usb-sddl.png) From 8ea73725e7a950a549d4fa92116812114e84dc2d Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Fri, 16 Oct 2020 14:50:58 +0530 Subject: [PATCH 060/540] Reviewed ts-bitlocker-decode-measured-boot-logs.md --- .../ts-bitlocker-decode-measured-boot-logs.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index 61a705e835..a0f7da5771 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -24,12 +24,12 @@ By tracking changes in the PCRs, and identifying when they changed, you can gain This article describes tools that you can use to decode these logs: TBSLogGenerator and PCPTool. -For more information about measured boot and PCRs, see the following articles: +For more information about MeasuredBoot and PCRs, see the following articles: -- [TPM fundamentals: Measured Boot with support for attestation](https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-fundamentals#measured-boot-with-support-for-attestation) +- [TPM fundamentals: MeasuredBoot with support for attestation](https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-fundamentals#measured-boot-with-support-for-attestation) - [Understanding PCR banks on TPM 2.0 devices](https://docs.microsoft.com/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices) -## Use TBSLogGenerator to decode measured boot logs +## Use TBSLogGenerator to decode MeasureBoot logs Use TBSLogGenerator to decode measured boot logs that you have collected from Windows 10 and earlier versions. You can install this tool on the following systems: @@ -72,7 +72,7 @@ To use TBSLogGenerator, follow these steps: - \<*DestinationFolderName*> = The name of the folder for the decoded text file - \<*DecodedFileName*> = The name of the decoded text file - For example, the following figure shows measured boot logs that were collected from a Windows 10 computer and put into the C:\\MeasuredBoot\\ folder. The figure also shows a Command Prompt window and the command to decode the **0000000005-0000000000.log** file: + For example, the following figure shows MeasuredBoot logs that were collected from a Windows 10 computer and put into the C:\\MeasuredBoot\\ folder. The figure also shows a Command Prompt window and the command to decode the **0000000005-0000000000.log** file: ```cmd TBSLogGenerator.exe -LF C:\MeasuredBoot\0000000005-0000000000.log > C:\MeasuredBoot\0000000005-0000000000.txt @@ -92,9 +92,9 @@ To find the PCR information, go to the end of the file. ![View of NotePad that shows the PCR information at the end of the text file](./images/ts-tpm-7.png) -## Use PCPTool to decode measured boot logs +## Use PCPTool to decode MeasuredBoot logs -PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a measured boot log file and converts it into an XML file. +PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a MeasuredBoot log file and converts it into an XML file. To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions. From 98936b6e624f620127515aadb9c8ca2f267a6c33 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Fri, 16 Oct 2020 18:13:52 +0530 Subject: [PATCH 061/540] Reviewed ts-bitlocker-cannot-encrypt-tpm-issues.md (#3998) Made minor changes --- .../ts-bitlocker-cannot-encrypt-tpm-issues.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 93e95c46e6..2c7e7eecb9 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -19,7 +19,7 @@ ms.custom: bitlocker # BitLocker cannot encrypt a drive: known TPM issues -This article describes common issues that affect the trusted platform module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. +This article describes common issues that affect the Trusted Platform Module (TPM) that might prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. > [!NOTE] > If you have determined that your BitLocker issue does not involve the TPM, see [BitLocker cannot encrypt a drive: known issues](ts-bitlocker-cannot-encrypt-issues.md). @@ -41,8 +41,7 @@ To resolve this issue, follow these steps: ```ps $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} ``` - -2. Restart the computer. If you are prompted at the restart screen, press F12 to agree. +2. Restart the computer. If you are prompted at the restart screen, press F12 to agree.8 3. Retry starting BitLocker drive encryption. ## You cannot prepare the TPM, and you see "The TPM is defending against dictionary attacks and is in a time-out period" @@ -58,7 +57,7 @@ The TPM is locked out. To resolve this issue, disable and re-enable the TPM. To do this, follow these steps: 1. Restart the device, and change the BIOS configuration to disable the TPM. -2. Restart the device again, and return to the TPM management console. You should receive a message that resembles the following: +2. Restart the device again, and return to the TPM management console. Following message is displayed: > Compatible Trusted Platform Module (TPM) cannot be found on this computer. Verify that this computer has 1.2 TPM and it is turned on in the BIOS. 3. Restart the device, and change the BIOS configuration to enable the TPM. @@ -94,7 +93,7 @@ To verify that you have correctly identified this issue, use one of the followin In this command, *ComputerName* is the name of the affected computer. -1. To resolve the issue, use a tool such as dsacls.exe to make sure that the access control list of msTPM-TPMInformationForComputer grants both Read and Write permissions to NTAUTHORITY/SELF. +1. To resolve the issue, use a tool such as dsacls.exe to ensure that the access control list of msTPM-TPMInformationForComputer grants both Read and Write permissions to NTAUTHORITY/SELF. ## Cannot prepare the TPM, error 0x80072030: "There is no such object on the server" @@ -108,16 +107,16 @@ You have confirmed that the **ms-TPM-OwnerInformation** and **msTPM-TpmInformati ### Cause -The domain and forest functional level of the environment may still be set to Windows 2008 R2. Additionally, the permissions in AD DS may not be correctly set. +The domain and forest functional level of the environment may still be set to Windows 2008 R2. Additionally, the permissions in AD DS might not be correctly set. ### Resolution To resolve this issue, follow these steps: 1. Upgrade the functional level of the domain and forest to Windows Server 2012 R2. -1. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133). -1. In the script, modify the value of **strPathToDomain** to your domain name. -1. Open an elevated PowerShell window, and run the following command: +2. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133). +3. In the script, modify the value of **strPathToDomain** to your domain name. +4. Open an elevated PowerShell window, and run the following command: ```ps cscript Add-TPMSelfWriteACE.vbs From 049479f485a0197496983274ab181e04a168eaa9 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 13:56:49 +0530 Subject: [PATCH 062/540] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index c11eb7f811..208613647c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -115,7 +115,6 @@ You can use the System Information desktop app (MSINFO32) to check if a device h If kernel DMA protection is *not* enabled, follow these steps to protect Thunderbolt™ 3-enabled ports: 1. Require a password for BIOS changes. -**Question: What is the source from which the user can get this password?** 2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) 3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607): From 419aafbd713d833e19a425ce1c4647fea3ac5b88 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 14:04:44 +0530 Subject: [PATCH 063/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 93273b51f8..fe718408ed 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -113,8 +113,6 @@ Selecting an encryption type and choosing **Next** will give the user the option After completing the system check (if selected), the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. -**Question: Can "password chosen to boot into the operating system volume" be rephrased? The rephrase depends on the response for the query "at what stage is the password chosen; is that password only for the purpose of booting into the operating system volume; and are there different passwords for different types of logons?** - Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. ### Data volume From ac61b8dba1b301b07161f71147e02be7c63f48a1 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 14:51:36 +0530 Subject: [PATCH 064/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index fe718408ed..827ff95e8d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -476,8 +476,6 @@ This command displays information about the encryption method, volume type, key Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation environment. This is done with a randomly generated clear key protector applied to the formatted volume and by encrypting the volume prior to running the Windows setup process. If the encryption uses the **Used Disk Space Only** option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes. -**Question: Is the clear key protector automatically generated or manually generated?** - ### Decrypting BitLocker volumes Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption should not occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We will discuss each method further below. From f7b0ef3324c9d8672acdc4303234007a6937d924 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 15:01:04 +0530 Subject: [PATCH 065/540] Update bitlocker-how-to-deploy-on-windows-server.md --- .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 840377a1ae..5106205aa9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -31,7 +31,6 @@ This topic explains how to deploy BitLocker on Windows Server 2012 and later ver 1. Open server manager by selecting the server manager icon or running servermanager.exe. 2. Select **Manage** from the **Server Manager Navigation** bar and select **Add Roles and Features** to start the **Add Roles and Features Wizard.** 3. With the **Add Roles and Features** wizard open, select **Next** at the **Before you begin** pane (if shown). -**Question: Which is the icon to click if the "Before you begin" pane is not shown?** 4. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features** wizard and select **Next** to continue. 5. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. 6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. @@ -88,7 +87,6 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools - ### Using the dism module to install BitLocker The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. -**Question: The phrase "The Bitlocker feature name for BitLocker is 'BitLocker'" needs clarification. ```powershell Get-WindowsOptionalFeature -Online | ft From a3d7e7b0c9467ff45ae4eccaa6c4e69af24addae Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 16:17:30 +0530 Subject: [PATCH 066/540] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 4474893bc0..464ee235e4 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -53,14 +53,14 @@ In Windows 7, preparing the TPM for use offered a couple of challenges: * You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows. * When you enable the TPM, it may require one or more restarts. -Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled. **Question: In the "but if you wanted..." phrase, does "you" refer to the users themselves who would have called IT for support"?** +Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled. Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated. ## Deploy hard drive encryption BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker. -With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.**Question:In the phrase, "Although this process could be automated...", could it be mentioned that the process was not automated because BitLocker needed to encrypt the drive"?** +With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10. ## BitLocker device encryption From b34e0f6dd855356e1be2e3ffbf54491ce1e58270 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 22 Oct 2020 16:26:29 +0530 Subject: [PATCH 067/540] Update bitlocker-group-policy-settings.md --- .../bitlocker/bitlocker-group-policy-settings.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 33f111cc81..d08e1824b0 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -1224,8 +1224,6 @@ This policy setting is used to control whether access to drives is allowed by us When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted fixed drives** check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user is prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. -**Question**: "If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting". Does this sentence indicate that "BitLocker To Go Reader" may also be present on a drive that has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting? - ### Allow access to BitLocker-protected removable data drives from earlier versions of Windows This policy setting controls access to removable data drives that are using the BitLocker To Go Reader and whether the BitLocker To Go Reader can be installed on the drive. From cbbe6cce414e02a9b308fe1b018ca4b003c0679d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 3 Nov 2020 10:02:34 +0530 Subject: [PATCH 068/540] Update bitlocker-group-policy-settings.md --- .../bitlocker/bitlocker-group-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index d08e1824b0..57fc2cc791 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -400,7 +400,7 @@ Enabling this policy setting requires a connectivity to be established to a doma This policy setting is used to require, allow, or deny the use of smart cards with removable data drives. -||| +|**Parameter**|**Description**| |--- |--- | |Policy description|With this policy setting, you can specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.| |Introduced|Windows Server 2008 R2 and Windows 7| @@ -1207,7 +1207,7 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t This policy setting is used to control whether access to drives is allowed by using the BitLocker To Go Reader, and whether BitLocker To Go Reader can be installed on the drive. -||| +|**Component of Setting**|**Definition**| |--- |--- | |Policy description|With this policy setting, you can configure whether fixed data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2).| |Introduced|Windows Server 2008 R2 and Windows 7| From 9b61c2e883b2c8840e6a9a8c36630602e14629e9 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 18 Nov 2020 07:41:09 -0800 Subject: [PATCH 069/540] Update ts-bitlocker-recovery-issues.md --- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index 37adca3971..f7f20840c5 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -36,7 +36,7 @@ The BitLocker and Active Directory Domain Services (AD DS) FAQ address situation ## The recovery password for a laptop was not backed up, and the laptop is locked -You have a Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker driver encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. +You have a Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker drive encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. ### Resolution From 4da61f0ace99320d7ae559edb0315660d09378ff Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 09:56:42 +0530 Subject: [PATCH 070/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 88aabd32bf8ebc994247517e34a63868852446d2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:03:10 +0530 Subject: [PATCH 071/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 89710dc7e7a3009482c46ce2fe8a27b136267a12 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:09:01 +0530 Subject: [PATCH 072/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 696e55d78b343158e8af3c9181be5b8d5873eeb2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:23:14 +0530 Subject: [PATCH 073/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From ae5936aa3076b87b3e6bf9fe1a91de5cd6d92aaa Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:38:52 +0530 Subject: [PATCH 074/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From de7b847792b57aaa51278e47f26143199fc0cf2d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:43:43 +0530 Subject: [PATCH 075/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From a6732e6caec9fc6611eb25aa9a878bc6dbf1d97d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:49:02 +0530 Subject: [PATCH 076/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 0ff921bb2c9e3ae38ad6c98a72b2b1bb95dbfd2e Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 10:55:11 +0530 Subject: [PATCH 077/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 14c59a88b18c920b0f52c972a2f0ff172c4c5329 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 11:03:32 +0530 Subject: [PATCH 078/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 226064fd5d8e1d5cb61afbd6cc8df3269698da0f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 11:09:17 +0530 Subject: [PATCH 079/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From e7d192319b2ec964e46d279bc0e474908ee120b9 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 12:04:54 +0530 Subject: [PATCH 080/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 11ffe284b0d74316c9fd3d4d06fea5fa5c421496 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 12:18:26 +0530 Subject: [PATCH 081/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 68325db07d6e3a981113e3594ccc3d0af1c929dc Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 12:55:28 +0530 Subject: [PATCH 082/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 79101cf25e1782746a96cdb077db3b02d26c6db2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 12:57:50 +0530 Subject: [PATCH 083/540] Update bitlocker-overview-and-requirements-faq.md --- .../bitlocker/bitlocker-overview-and-requirements-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 92b832954b..f1bfd48c66 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -78,8 +78,8 @@ Yes, you can enable BitLocker on an operating system drive that does not have a Contact the computer manufacturer to request a trusted computing group (TCG)-compliant BIOS or UEFI boot firmware that meets the following requirements: -- It is compliant with the TCG standards for a client computer. -- It has a secure update mechanism to help prevent a malicious BIOS or boot firmware from being installed on the computer. +- It is compliant with the TCG standards for a client computer. +- It has a secure update mechanism to help prevent a malicious BIOS or boot firmware from being installed on the computer. ## What credentials are required to use BitLocker? From 044c7399cd55e66b95f666501036dfec2cb7aac0 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 13:02:40 +0530 Subject: [PATCH 084/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From b47ff0db64f62e0dd72720db216420ac2c005cd2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 13:08:02 +0530 Subject: [PATCH 085/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From bff2b307abccbf82d62bb03cee86988e1eaecd03 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 14:20:19 +0530 Subject: [PATCH 086/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 21b620640cfc2e60b8e6f48b71b0aebc51a9d33e Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 14:31:22 +0530 Subject: [PATCH 087/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From fbc2618aa5c8ae8daf08d5b8b82618db7c21a294 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 14:39:55 +0530 Subject: [PATCH 088/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From b53f8146eaa9849a304f507fd4bf8fcc528eefcf Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 14:48:46 +0530 Subject: [PATCH 089/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 139d1f326faa90f45ae8a46ccffa9a65f500c56b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 14:51:02 +0530 Subject: [PATCH 090/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 55300bf513aadbf954d449445a7e95e28ab0981a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 16:06:12 +0530 Subject: [PATCH 091/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From e90b4b05b0f65abff9d4902720a564a396faa2ef Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 5 Mar 2021 12:40:42 +0530 Subject: [PATCH 092/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index fcf11cf7d8..1ec467c8da 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -121,7 +121,7 @@ Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Window Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). -Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. +Manage-bde offers a multitude of wider options for configuring BitLocker. This provision means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. Command line users need to determine the appropriate syntax for a given situation. The following section covers general encryption for operating system volumes and data volumes. @@ -148,25 +148,25 @@ manage-bde -on C: **Enabling BitLocker with a TPM only** -It is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is: +It is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this action is: `manage-bde -on C:` -This will encrypt the drive using the TPM as the protector. If a user is unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information with the command: +This command will encrypt the drive using the TPM as the protector. If a user is unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information with the command: `manage-bde -protectors -get ` **Provisioning BitLocker with two protectors** -Another example is a user on non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user adds the protectors first. This is done with the command: +Another example is a user on non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user first adds the protectors through the following command: `manage-bde -protectors -add C: -pw -sid ` -This command will require the user to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on. +This command will require the user to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn on BitLocker. ### Data volume -Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. It is recommended that at least one primary protector and a recovery protector be added to a data volume. +Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend adding at least one primary protector and a recovery protector to a data volume. **Enabling BitLocker with a password** From d1e654ca1ef8fae87a0b5e1ebac7ac9d3787c294 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 10:00:54 +0530 Subject: [PATCH 093/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index fcf11cf7d8..89d05f6ae6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -28,9 +28,9 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, and for fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. -In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. +If the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. > [!NOTE] > For more info about using this tool, see [Bdehdcfg](/windows-server/administration/windows-commands/bdehdcfg) in the Command-Line Reference. @@ -54,8 +54,10 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t |Requirement|Description| |--- |--- | |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.| -|Operating system|BitLocker is an optional feature which can be installed by Server Manager on Windows Server 2012 and later.| -|Hardware TPM|TPM version 1.2 or 2.0.

A TPM is not required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.| +|Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.| +|Hardware TPM|TPM version 1.2 or 2.0.

A TPM is not required for BitLocker; however, only a computer with a TPM can provide the following: +- the extra security needed for verifying the integrity of a system before it is booted +- multifactor authentication| |BIOS configuration|

  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  • The boot order must be set to start first from the hard disk, and not the USB or CD drives.
  • The firmware must be able to read from a USB flash drive during startup.
    • | |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive.
    For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
    For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.| |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.| @@ -63,7 +65,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. +You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make more copies. When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive. There are two options: @@ -79,7 +81,7 @@ Selecting an encryption type and choosing **Next** will give the user the option After completing the system check (if selected), the BitLocker Drive Encryption Wizard will restart the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel. -Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off. +Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning off BitLocker. ### Data volume From 0ed72a76a0e48087f6c32ea1eb60feafd9fcfded Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:33:28 +0530 Subject: [PATCH 094/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index cebb9f44ed..78430f4b86 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -55,9 +55,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t |--- |--- | |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.| |Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.| -|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide the following: -- the extra security needed for verifying the integrity of a system before it is booted -- multifactor authentication| +|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide the extra security in the form of

  • verifying the integrity of a system before it is booted
  • multifactor authentication
    • | |BIOS configuration|
  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  • The boot order must be set to start first from the hard disk, and not the USB or CD drives.
  • The firmware must be able to read from a USB flash drive during startup.
    • | |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive.
    For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
    For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.| |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.| From 2fa61a8e6563897667f2a1a68c3115d1204c7b5a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:35:24 +0530 Subject: [PATCH 095/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 78430f4b86..493d06a06c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -55,7 +55,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t |--- |--- | |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.| |Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.| -|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide the extra security in the form of

  • verifying the integrity of a system before it is booted
  • multifactor authentication
    • | +|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide the extra security in the form of:

  • verifying the integrity of a system before it is booted
  • multifactor authentication
    • | |BIOS configuration|
  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  • The boot order must be set to start first from the hard disk, and not the USB or CD drives.
  • The firmware must be able to read from a USB flash drive during startup.
    • | |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive.
    For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
    For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.| |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.| From 4edd51fd12fd56be688f4f9eb47d7541ca224e7f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:51:07 +0530 Subject: [PATCH 096/540] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index fcf11cf7d8..afa9fc6c53 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -28,9 +28,9 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, and for fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. -In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. +If the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. > [!NOTE] > For more info about using this tool, see [Bdehdcfg](/windows-server/administration/windows-commands/bdehdcfg) in the Command-Line Reference. @@ -54,8 +54,8 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t |Requirement|Description| |--- |--- | |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.| -|Operating system|BitLocker is an optional feature which can be installed by Server Manager on Windows Server 2012 and later.| -|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.| +|Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.| +|Hardware TPM|TPM version 1.2 or 2.0.

    A TPM is not required for BitLocker; however, only a computer with a TPM can provide extra security in the form of:

  • pre-startup system integrity verification
  • multifactor authentication
    • | |BIOS configuration|
  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  • The boot order must be set to start first from the hard disk, and not the USB or CD drives.
  • The firmware must be able to read from a USB flash drive during startup.
    • | |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive.
    For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
    For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.| |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.| @@ -63,7 +63,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. +You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make more copies. When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive. There are two options: From aafc2f81c3a02c4997dd94fe986ed66ae3d651de Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:58:49 +0530 Subject: [PATCH 097/540] Update bitlocker-recovery-loop-break.md --- .../bitlocker/bitlocker-recovery-loop-break.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 862c89585a..785916eded 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -19,9 +19,9 @@ ms.custom: bitlocker # Breaking out of a Bitlocker recovery loop -Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This can be very frustrating. +Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This scenario can be very frustrating. -If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. +If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to come out of the loop. > [!NOTE] > Try these steps only after you have restarted your device at least once. From 4d5074fb0acd5a80ae950d32cf875fb8e0d430bf Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 12:02:07 +0530 Subject: [PATCH 098/540] Update bitlocker-recovery-loop-break.md --- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index e7d617e0c7..62f0ae35dc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -19,7 +19,7 @@ ms.custom: bitlocker # Breaking out of a Bitlocker recovery loop -Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This scenario can be very frustrating. +After a crash, you might be unable to successfully boot into your operating system when the recovery screen repeatedly prompts you to enter your recovery key. This scenario can be very frustrating. If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to come out of the loop. From 51810533ba9ce266c97013899dac64b4c34e4468 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 19 Apr 2022 15:30:03 -0700 Subject: [PATCH 099/540] UCV2-TP --- windows/deployment/TOC.yml | 2 - .../waas-delivery-optimization-monitor.md | 122 ++++++++++++++++++ .../do/waas-delivery-optimization-setup.md | 110 +--------------- ...update-compliance-delivery-optimization.md | 8 +- 4 files changed, 131 insertions(+), 111 deletions(-) create mode 100644 windows/deployment/do/includes/waas-delivery-optimization-monitor.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 0e700e4349..82bdc1ef3c 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -184,8 +184,6 @@ href: update/deploy-updates-intune.md - name: Monitor Windows client updates items: - - name: Monitor Delivery Optimization - href: do/waas-delivery-optimization-setup.md#monitor-delivery-optimization - name: Monitor Windows Updates items: - name: Monitor Windows Updates with Update Compliance diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md new file mode 100644 index 0000000000..573b0fe218 --- /dev/null +++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md @@ -0,0 +1,122 @@ +--- +author: mestew +ms.author: mstewart +manager: dougeby +ms.prod: w10 +ms.collection: M365-modern-desktop +ms.mktglfcycl: deploy +audience: itpro +ms.topic: include +ms.date: 04/06/2022 +ms.localizationpriority: medium +--- + + +## Monitor Delivery Optimization + +[//]: # (How to tell if it's working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%) + +### Windows PowerShell cmdlets + +**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization. + +#### Analyze usage + +`Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs. + +| Key | Value | +| --- | --- | +| File ID | A GUID that identifies the file being processed | +| Priority | Priority of the download; values are **foreground** or **background** | +| FileSize | Size of the file | +| TotalBytesDownloaded | The number of bytes from any source downloaded so far | +| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP | +| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) | +| BytesfromHTTP | Total number of bytes received over HTTP | +| DownloadDuration | Total download time in seconds | +| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) | +| NumPeers | Indicates the total number of peers returned from the service. | +| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. | +| ExpireOn | The target expiration date and time for the file. | +| Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | + +`Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: + +- Number of files downloaded +- Number of files uploaded +- Total bytes downloaded +- Total bytes uploaded +- Average transfer size (download); that is, the number bytes downloaded divided by the number of files +- Average transfer size (upload); the number of bytes uploaded divided by the number of files +- Peer efficiency; same as PercentPeerCaching + +Using the `-Verbose` option returns additional information: + +- Bytes from peers (per type) +- Bytes from CDN (the number of bytes received over HTTP) +- Average number of peer connections per download + +**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. + +Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month. + +#### Manage the Delivery Optimization cache + +**Starting in Windows 10, version 1903:** + +`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time. + +`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache. + +You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3. + +`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation. + +`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation. + +`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet: + +- `-FileID` specifies a particular file to delete. +- `-IncludePinnedFiles` deletes all files that are pinned. +- `-Force` deletes the cache with no prompts. + +#### Work with Delivery Optimization logs + +**Starting in Windows 10, version 2004:** + +- `Enable-DeliveryOptimizationVerboseLogs` +- `Disable-DeliveryOptimizationVerboseLogs` + +- `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` + +With no options, this cmdlet returns these data: + +- total number of files +- number of foreground files +- minimum file size for it to be cached +- number of eligible files +- number of files with peers +- number of peering files [how different from the above?] +- overall efficiency +- efficiency in the peered files + +Using the `-ListConnections` option returns these details about peers: + +- destination IP address +- peer type +- status code +- bytes sent +- bytes received +- file ID + +**Starting in Windows 10, version 1803:** + +`Get-DeliveryOptimizationLog [-Path ] [-Flush]` + +If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs. + +Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content ` or something similar. + +[//]: # (section on what to look for in logs, list of peers, connection failures) + +[//]: # (possibly move to Troubleshooting) diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index 2f0fd3dee0..b5e86d5df2 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -106,114 +106,8 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** [//]: # (material about "preferred" devices; remove MinQos/MaxCacheAge; table format?) -## Monitor Delivery Optimization - -[//]: # (How to tell if it's working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%) - -### Windows PowerShell cmdlets - -**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization. - -#### Analyze usage - -`Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs. - -| Key | Value | -| --- | --- | -| File ID | A GUID that identifies the file being processed | -| Priority | Priority of the download; values are **foreground** or **background** | -| FileSize | Size of the file | -| TotalBytesDownloaded | The number of bytes from any source downloaded so far | -| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP | -| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) | -| BytesfromHTTP | Total number of bytes received over HTTP | -| DownloadDuration | Total download time in seconds | -| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) | -| NumPeers | Indicates the total number of peers returned from the service. | -| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. | -| ExpireOn | The target expiration date and time for the file. | -| Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | - -`Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: - -- Number of files downloaded -- Number of files uploaded -- Total bytes downloaded -- Total bytes uploaded -- Average transfer size (download); that is, the number bytes downloaded divided by the number of files -- Average transfer size (upload); the number of bytes uploaded divided by the number of files -- Peer efficiency; same as PercentPeerCaching - -Using the `-Verbose` option returns additional information: - -- Bytes from peers (per type) -- Bytes from CDN (the number of bytes received over HTTP) -- Average number of peer connections per download - -**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. - -Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month. - -#### Manage the Delivery Optimization cache - -**Starting in Windows 10, version 1903:** - -`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time. - -`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache. - -You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3. - -`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation. - -`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation. - -`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet: - -- `-FileID` specifies a particular file to delete. -- `-IncludePinnedFiles` deletes all files that are pinned. -- `-Force` deletes the cache with no prompts. - -#### Work with Delivery Optimization logs - -**Starting in Windows 10, version 2004:** - -- `Enable-DeliveryOptimizationVerboseLogs` -- `Disable-DeliveryOptimizationVerboseLogs` - -- `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` - -With no options, this cmdlet returns these data: - -- total number of files -- number of foreground files -- minimum file size for it to be cached -- number of eligible files -- number of files with peers -- number of peering files [how different from the above?] -- overall efficiency -- efficiency in the peered files - -Using the `-ListConnections` option returns these details about peers: - -- destination IP address -- peer type -- status code -- bytes sent -- bytes received -- file ID - -**Starting in Windows 10, version 1803:** - -`Get-DeliveryOptimizationLog [-Path ] [-Flush]` - -If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs. - -Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content ` or something similar. - -[//]: # (section on what to look for in logs, list of peers, connection failures) - -[//]: # (possibly move to Troubleshooting) + +[!INCLUDE [Monitor Delivery Optimization](includes/waas-delivery-optimization-monitor.md)] ### Monitor with Update Compliance diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index bc2ce23a6f..6ac4bd6dc1 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -49,4 +49,10 @@ The table breaks down the number of bytes from each download source into specifi The download sources that could be included are: - LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used) -- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. +- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. + + +[!INCLUDE [Monitor Delivery Optimization](../do/includes/waas-delivery-optimization-monitor.md)] + +For more information on Delivery Optimization, see [Set up Delivery Optimization for Windows](../do/waas-delivery-optimization-setup.md). + From c46da727cd7ead0744dc9185584c8a8de1a38d9e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 19 Apr 2022 15:45:29 -0700 Subject: [PATCH 100/540] add files from other draft branch --- windows/deployment/TOC.yml | 115 +++++++++++------- .../deployment/update-compliance-v2-enable.md | 52 ++++++++ .../update-compliance-v2-overview.md | 54 ++++++++ .../update-compliance-v2-prerequisites.md | 114 +++++++++++++++++ .../update-compliance-v2-schema-ucclient.md | 76 ++++++++++++ ...mpliance-v2-schema-ucclientupdatestatus.md | 59 +++++++++ ...date-compliance-v2-schema-ucdevicealert.md | 76 ++++++++++++ ...pliance-v2-schema-ucserviceupdatestatus.md | 41 +++++++ ...date-compliance-v2-schema-ucupdatealert.md | 52 ++++++++ .../deployment/update-compliance-v2-schema.md | 43 +++++++ .../deployment/update-status-admin-center.md | 46 +++++++ ...37063317-update-compliance-kusto-query.png | Bin 0 -> 514649 bytes .../37063317-update-compliance-overview.png | Bin 0 -> 436660 bytes .../37063317-update-compliance-workbooks.png | Bin 0 -> 215394 bytes 14 files changed, 686 insertions(+), 42 deletions(-) create mode 100644 windows/deployment/update-compliance-v2-enable.md create mode 100644 windows/deployment/update-compliance-v2-overview.md create mode 100644 windows/deployment/update-compliance-v2-prerequisites.md create mode 100644 windows/deployment/update-compliance-v2-schema-ucclient.md create mode 100644 windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md create mode 100644 windows/deployment/update-compliance-v2-schema-ucdevicealert.md create mode 100644 windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md create mode 100644 windows/deployment/update-compliance-v2-schema-ucupdatealert.md create mode 100644 windows/deployment/update-compliance-v2-schema.md create mode 100644 windows/deployment/update-status-admin-center.md create mode 100644 windows/deployment/update/media/37063317-update-compliance-kusto-query.png create mode 100644 windows/deployment/update/media/37063317-update-compliance-overview.png create mode 100644 windows/deployment/update/media/37063317-update-compliance-workbooks.png diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 82bdc1ef3c..d873d6e484 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -184,49 +184,80 @@ href: update/deploy-updates-intune.md - name: Monitor Windows client updates items: - - name: Monitor Windows Updates + - name: Monitor with Update Compliance (preview version) + href: update/update-compliance-v2-overview.md + items: + - name: Enable Update Compliance (preview) + items: + - name: Update Compliance prerequisites + href: update/update-compliance-v2-prerequisites.md + - name: Enable the Update Compliance solution + href: update/update-compliance-v2-enable.md + - name: Configure clients with a script + href: update/update-compliance-configuration-script.md + - name: Configure clients manually + href: update/update-compliance-configuration-manual.md + - name: Configure clients with Microsoft Endpoint Manager + href: update/update-compliance-configuration-mem.md + - name: Software updates in the Microsoft admin center (preview) + href: update/update-status-admin-center.md + - name: Schema reference (preview) items: - - name: Monitor Windows Updates with Update Compliance - href: update/update-compliance-monitor.md - - name: Get started - items: - - name: Get started with Update Compliance - href: update/update-compliance-get-started.md - - name: Update Compliance configuration script - href: update/update-compliance-configuration-script.md - - name: Manually configuring devices for Update Compliance - href: update/update-compliance-configuration-manual.md - - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager - href: update/update-compliance-configuration-mem.md - - name: Update Compliance monitoring - items: - - name: Use Update Compliance - href: update/update-compliance-using.md - - name: Need attention report - href: update/update-compliance-need-attention.md - - name: Security update status report - href: update/update-compliance-security-update-status.md - - name: Feature update status report - href: update/update-compliance-feature-update-status.md - - name: Safeguard holds report - href: update/update-compliance-safeguard-holds.md - - name: Delivery Optimization in Update Compliance - href: update/update-compliance-delivery-optimization.md - - name: Data handling and privacy in Update Compliance - href: update/update-compliance-privacy.md - - name: Update Compliance schema reference - href: update/update-compliance-schema.md - items: - - name: WaaSUpdateStatus - href: update/update-compliance-schema-waasupdatestatus.md - - name: WaaSInsiderStatus - href: update/update-compliance-schema-waasinsiderstatus.md - - name: WaaSDepoymentStatus - href: update/update-compliance-schema-waasdeploymentstatus.md - - name: WUDOStatus - href: update/update-compliance-schema-wudostatus.md - - name: WUDOAggregatedStatus - href: update/update-compliance-schema-wudoaggregatedstatus.md + - name: Update Compliance schema reference + href: update/update-compliance-v2-schema.md + - name: UCClient + href: update/update-compliance-v2-schema-ucclient.md + - name: UCClientUpdateStatus + href: update/update-compliance-v2-schema-ucclientupdatestatus.md + - name: UCServiceUpdateStatus + href: update/update-compliance-v2-schema-ucserviceupdatestatus.md + - name: UCUpdateAlert + href: update/update-compliance-v2-schema-ucupdatealert.md + - name: UCDeviceAlert + href: update/update-compliance-v2-schema-ucdevicealert.md + - name: Monitor updates with Update Compliance (GA) + href: update/update-compliance-monitor.md + items: + - name: Get started (GA) + items: + - name: Get started with Update Compliance + href: update/update-compliance-get-started.md + - name: Update Compliance configuration script + href: update/update-compliance-configuration-script.md + - name: Manually configuring devices for Update Compliance + href: update/update-compliance-configuration-manual.md + - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager + href: update/update-compliance-configuration-mem.md + - name: Update Compliance monitoring (GA) + items: + - name: Use Update Compliance + href: update/update-compliance-using.md + - name: Need attention report + href: update/update-compliance-need-attention.md + - name: Security update status report + href: update/update-compliance-security-update-status.md + - name: Feature update status report + href: update/update-compliance-feature-update-status.md + - name: Safeguard holds report + href: update/update-compliance-safeguard-holds.md + - name: Delivery Optimization in Update Compliance + href: update/update-compliance-delivery-optimization.md + - name: Data handling and privacy in Update Compliance + href: update/update-compliance-privacy.md + - name: Schema reference (GA) + items: + - name: Update Compliance schema reference + href: update/update-compliance-schema.md + - name: WaaSUpdateStatus + href: update/update-compliance-schema-waasupdatestatus.md + - name: WaaSInsiderStatus + href: update/update-compliance-schema-waasinsiderstatus.md + - name: WaaSDepoymentStatus + href: update/update-compliance-schema-waasdeploymentstatus.md + - name: WUDOStatus + href: update/update-compliance-schema-wudostatus.md + - name: WUDOAggregatedStatus + href: update/update-compliance-schema-wudoaggregatedstatus.md - name: Troubleshooting items: - name: Resolve upgrade errors diff --git a/windows/deployment/update-compliance-v2-enable.md b/windows/deployment/update-compliance-v2-enable.md new file mode 100644 index 0000000000..dc5b217013 --- /dev/null +++ b/windows/deployment/update-compliance-v2-enable.md @@ -0,0 +1,52 @@ +--- +title: Enable the Update Compliance solution +ms.reviewer: +manager: dougeby +description: How to enable the Update Compliance through the Azure portal +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: article +--- + +# Enable Update Compliance + +Update Compliance is offered as an Azure Marketplace application that's is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution. + +## Add Update Compliance to your Azure subscription + +To add Update Compliance to your Azure subscription, follow these steps: + +### Select or create a new Log Analytics workspace + +1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com). +1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input. +1. Select **Log Analytics workspaces**. +1. If you already have a Log Analytics workspace, determine which Log Analytics workspace you'd like to use for Update Compliance. Ensure the workspace is in a **Compatible Log Analytics region** from the table listed in the [prerequisites](update-compliance-v2-prerequisites.md#log-analytics-regions). + - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. +1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspaces, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions). + +### +1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this. +1. Select **Get it now**. +1. + + +> [!Note] +> The `CommercialID` for the Log Analytics workspace is no longer required when configuring your clients. + + +## Next steps + +Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods: + +- [Configure clients with a script](update-compliance-configuration-script.md) +- [Configure clients manually](update-compliance-configuration-manual.md) +- [Configure clients with Microsoft Endpoint Manager](update-compliance-configuration-mem.md) diff --git a/windows/deployment/update-compliance-v2-overview.md b/windows/deployment/update-compliance-v2-overview.md new file mode 100644 index 0000000000..95bacbaf2c --- /dev/null +++ b/windows/deployment/update-compliance-v2-overview.md @@ -0,0 +1,54 @@ +--- +title: Update Compliance overview +ms.reviewer: +manager: dougeby +description: Overview of Update Compliance to explain what it's used for and the cloud services it relies on. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: article +--- + +# Update Compliance overview + +***(Applies to: Windows 11 & Windows 10)*** + +Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you: + +- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices +- Report on devices with update compliance issues +- Review [Delivery Optimization](../do/waas-delivery-optimization.md) bandwidth savings across multiple content types + +:::image type="content" source="media/37063317-update-compliance-overview.png" alt-text="Screenshot showing Update Compliance dashboard in the Azure portal" lightbox="media/37063317-update-compliance-overview.png"::: + +## How Update Compliance works + +You'll set up Update Compliance by enrolling into the solution from the Azure portal. You'll then configure your Azure AD joined devices to send Windows client diagnostic data to the solution. Update Compliance uses the diagnostic data the clients send for all of its reporting. It collects system data such as: + +- Update deployment progress +- Delivery Optimization usage data +- Windows Update for Business configuration data + +Update Compliance sends this client diagnostic data to an [Azure Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-overview) that you own. It sorts and analyzes the data then presents it to you using rich visual reports within the Azure portal. The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Update Compliance data. + +## Use your Update Compliance data + +Since the data from your clients is stored in a Log Analytics workspace, you can go beyond the standard reports to analyze and display your data in multiple ways. Some of the ways you could display your data include: + +- Using the built-in or [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview) + :::image type="content" source="media/37063317-update-compliance-workbooks.png" alt-text="Screenshot showing a a list of the built-in workbooks that come with the Update Compliance solution." lightbox="media/37063317-update-compliance-workbooks.png"::: +- Using the built-in Kusto (KQL) queries or [custom queries](/azure/azure-monitor/logs/log-query-overview) + :::image type="content" source="media/37063317-update-compliance-kusto-query.png" alt-text="Screenshot showing a built-in Kusto query being run against the Update Compliance data." lightbox="media/37063317-update-compliance-kusto-query.png"::: +- Developing your own custom views by integrating the [Log Analytics data](/azure/azure-monitor/visualize/tutorial-logs-dashboards) into other tools such as: + - [Operations Management Suite](/azure/azure-monitor/agents/om-agents) + - [Power BI](/azure/azure-monitor/logs/log-powerbi) + - Other tools for [querying the data](/azure/azure-monitor/logs/log-query-overview) + +## Next steps + +- Review the [Update Compliance prerequisites](update-compliance-v2-prerequisites.md) + diff --git a/windows/deployment/update-compliance-v2-prerequisites.md b/windows/deployment/update-compliance-v2-prerequisites.md new file mode 100644 index 0000000000..d5a378c86b --- /dev/null +++ b/windows/deployment/update-compliance-v2-prerequisites.md @@ -0,0 +1,114 @@ +--- +title: Update Compliance prerequisites +ms.reviewer: +manager: dougeby +description: Prerequisites for Update Compliance +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: article +--- + +# Update Compliance prerequisites + +***(Applies to: Windows 11 & Windows 10)*** + +> [!IMPORTANT] +> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. +## Update Compliance prerequisites + +Before you begin the process to add Update Compliance to your Azure subscription, ensure you can meet the prerequisites. + +### Azure and Azure Active Directory + +- An Azure subscription with [Azure Active Directory](/azure/active-directory/) +- You must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the Update Compliance solution. +- Devices must be Azure Active Directory joined and meet the below OS, diagnostic, and endpoint access requirements + - Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance + +### Operating systems and editions + +- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions +- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions + +Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions. + +### Windows client servicing channels + +Update Compliance supports Windows client devices on the following channels: + +- General Availability Channel +- Long-term Servicing Channel (LTSC). +- Update Compliance *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them. + +### Diagnostic data requirements + +At minimum, Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at the following levels: + +- *Optional* level (previously *Full*) for Windows 11 devices +- *Enhanced* level for Windows 10 devices + + > [!Note] + > Device names don't appear in Update Compliance unless you individually opt-in devices by using policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names: + > - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) + > - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds** + +For more information about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319). + +### Data transmission requirements + + +[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-endpoints.md)] + +> [!NOTE] +> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription. + +## Log Analytics prerequisites + +### Permissions + +- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role. + +- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role. + +### Log Analytics regions + +Update Compliance can use a Log Analytics workspace in the following regions: + +|Compatible Log Analytics regions | +| ------------------------------- | +|Australia Central | +|Australia East | +|Australia Southeast | +|Brazil South | +|Canada Central | +|Central India | +|Central US | +|East Asia | +|East US | +|East US 2 | +|Eastus2euap(canary) | +|France Central | +|Japan East | +|Korea Central | +|North Central US | +|North Europe | +|South Africa North | +|South Central US | +|Southeast Asia | +|Switzerland North | +|Switzerland West | +|UK West | +|UK south | +|West Central US | +|West Europe | +|West US | +|West US 2 | + +## Next steps + +- [Enable the Update Compliance solution](update-compliance-v2-enable.md) in the Azure portal diff --git a/windows/deployment/update-compliance-v2-schema-ucclient.md b/windows/deployment/update-compliance-v2-schema-ucclient.md new file mode 100644 index 0000000000..1ffac11b35 --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema-ucclient.md @@ -0,0 +1,76 @@ +--- +title: Update Compliance Data Schema - UCClient +ms.reviewer: +manager: dougeby +description: UCClient schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# UCClient + +UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS Edition, and active hours (quantitative). + +|Field |Type |Example |Description | +|---|---|---|---| +| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID | +| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Azure AD Tenant ID | +| **City** | [string](/azure/kusto/query/scalar-data-types/string) | `Redmond` | The last-reported location of device (city), based on IP address. | +| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country), based on IP address. Shown as country code. | +| **DeviceFamily** | [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone | +| **DeviceFormFactor** | [string](/azure/kusto/query/scalar-data-types/string) | `Notebook` | The device form factor such as Notebook, Desktop, Phone | +| **DeviceManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Hewlett-Packard` | The device OEM Manufacturer such as Hewlett-Packard | +| **DeviceModel** | [string](/azure/kusto/query/scalar-data-types/string) | `HP7420 Workstation` | The device's OEM model such as HP7420 Workstation | +| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name | +| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier. | +| **IsVirtual** | [bool](/azure/kusto/query/scalar-data-types/bool) | `TRUE` | Whether device is a Virtual Device | +| **LastCensusScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Census Scan, if any. | +| **LastWUScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful WU Scan, if any. | +| **OSArchitecture** | [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the OS (not the device) this device is currently on. | +| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full OS build installed on this device, such as Major.Minor.Build.Revision | +| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `da` | The Major, in int format, this device is on | +| **OSEdition** | [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows SKU/Edition | +| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest Feature Update being Offered by WUfB DS, else NotApplicable. | +| **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the Feature Update currently installed on the device. | +| **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the Feature Update currently installed on the device. | +| **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available Feature Update, for its Feature Update. | +| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest Quality Update being Offered by WUfB DS, else NotApplicable. | +| **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the Quality Update currently installed on the device. | +| **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available Quality Update, for its Feature Update. | +| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. | +| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest Security update (QU, Classification=Security) being offered by WUfB DS, else NotApplicable. | +| **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available Security Update, for its Feature Update. | +| **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 Servicing Channel of the device. | +| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Win10 OS Version (such as 19H2, 20H1, 20H2) currently installed on the device. | +| **PrimaryDiskFreeCapacityMb** | [int](/azure/kusto/query/scalar-data-types/int) | `1132` | Free disk capacity of the primary disk in megabytes. | +| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | +| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. | +| **UpdateConnectivityLevel** | [string](/azure/kusto/query/scalar-data-types/string) | `Insufficient` | Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. | +| **WUAutomaticUpdates** | [int](/azure/kusto/query/scalar-data-types/int) | `5` | CSP: AllowAutoUpdate &'AuOptions' Enables the IT admin to manage automatic update behavior to scan, download, and install updates. | +| **WUDeadlineNoAutoRestart** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP:ConfigureDeadlineNoAutoReboot. Devices won't automatically restart outside of active hours until the deadline is reached, 1 is Enabled, 0 is Disabled (default)| +| **WUDODownloadMode** | [string](/azure/kusto/query/scalar-data-types/string) | `Simple (99)` | The WU DO DownloadMode configuration, brought over from Update Compliance. | +| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdatesThe WU Feature Update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the deadline in days. | +| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The WU Feature Update Deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the policy setting. | +| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The WU grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the Grace Period in days. | +| **WUFeaturePauseEndTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesEndTimeThe time WU Feature Update Pause will end, if activated, else null. | +| **WUFeaturePauseStartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP: PauseFeatureUpdatesStartTime. The time WU Feature Update Pause was activated, if activated, else null. Feature Updates will be paused for 35 days from the specified start date. | +| **WUFeaturePauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for FU, possible values are Paused, NotPaused, NotConfigured. | +| **WUNotificationLevel** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: UpdateNotificationLevel. This policy allows you to define what Windows Update notifications users see.

    0 - Use the default Windows Update notifications (default)
    1 - Turn off all notifications, excluding restart warnings
    2 - Turn off all notifications, including restart warnings | +| **WUPauseUXDisabled** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: SetDisablePauseUXAccess. This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature. Supported values 0, 1. | +| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates The WU Quality Update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. | +| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdatesThe WU Quality Update Deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. | +| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The WU grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the Grace Period in days. | +| **WUQualityPauseEndTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesEndTimeThe time WU Quality Update Pause will end, if activated, else null. | +| **WUQualityPauseStartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesStartTime The time WU Quality Update Pause was activated; if activated; else null. | +| **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for QU, possible values are Paused, NotPaused, NotConfigured. | +| **WURestartNotification** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP: AutoRestartRequiredNotificationDismissal. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. The following list shows the supported values:

    1 is Auto Dismissal (default)

    2 is User Dismissal. | +| **WUServiceURLConfigured** | [string](/azure/kusto/query/scalar-data-types/string) | `http://abcd-srv:8530` | CSP:UpdateServiceUrl. The following list shows the supported values:

    Not configured: The device checks for updates from Microsoft Update.

    Set to a URL, such as `http://abcd-srv:8530`: The device checks for updates from the WSUS server at the specified URL.| +| **WUUXDisabled** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP:SetDisableUXWUAccess.This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. Default is 0. Supported values 0, 1. | + diff --git a/windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md new file mode 100644 index 0000000000..3da1a79c79 --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md @@ -0,0 +1,59 @@ +--- +title: Update Compliance Data Schema - UCClientUpdateStatus +ms.reviewer: +manager: dougeby +description: UCClientUpdateStatus schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# UCClientUpdateStatus + +Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. + +| Field | Type | Example | Description | +|---|---|---|---| +| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | A string corresponding to the Azure AD Tenant to which the device belongs. | +| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A string corresponding to this device's Azure AD Device ID | +| **ClientState** | [string](/azure/kusto/query/scalar-data-types/string) | `Installing` | Higher-level bucket of ClientSubstate. | +| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | Last-known state of this update relative to the device, from the client (the device's WDD). | +| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Ranking of Client Substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. | +| **ClientSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of last Client Substate transition | +| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The identifier of the Deployment that is targeting this update to this device, else empty. | +| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Device's given name | +| **EventData** | [string](/azure/kusto/query/scalar-data-types/string) {json} | `{}` | Json to fill with arbitrary K/V pairs. Used to populate contextual data that would otherwise be sparsely populated if elevated to a field always present in the schema. | +| **FurthestClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadComplete` | Furthest clientSubstate | +| **FurthestClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2400` | Ranking of furthest clientSubstate | +| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal Global Device Identifier | +| **IsUpdateHealthy** | bool | `TRUE` | True: No issues preventing this device from updating to this update have been found. False: There's something that may prevent this device from updating. | +| **OfferReceivedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when device last reported entering OfferReceived, else empty. | +| **RestartRequiredTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when device first reported entering RebootRequired (or RebootPending), else empty. | +| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. | +| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this would correspond to the full build (10.0.14393.385). | +| **TargetBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `18363` | Integer of the Major portion of Build. | +| **TargetKBNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `4524570` | KB Article. | +| **TargetRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | Integer or the Minor (or Revision) portion of Build. | +| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The target OS Version such as 1909. | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | +| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceUpdateEvent` | The EntityType | +| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | +| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an Upgrade (FU), Security (QU), NonSecurity (QU) | +| **UpdateConnectivityLevel** | [string](/azure/kusto/query/scalar-data-types/string) | `Sufficient-Medium` | Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. | +| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (FU/QU) | +| **UpdateHealthGroupL1** | [string](/azure/kusto/query/scalar-data-types/string) | `Policy preventing update` | Grouping design to describe the current update installation's "health", L1 (highest-level) | +| **UpdateHealthGroupL2** | [string](/azure/kusto/query/scalar-data-types/string) | `Policy configured to not update` | Second grouping, subset of L1, more detailed | +| **UpdateHealthGroupL3** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows Update Services stopped or disabled` | Third grouping, subset of L3, more detailed | +| **UpdateHealthGroupRankL1** | [int](/azure/kusto/query/scalar-data-types/int) | `0100` | Integer for ranking the L1 UpdateHealthGroup | +| **UpdateHealthGroupRankL2** | [int](/azure/kusto/query/scalar-data-types/int) | `0010` | Integer for ranking the L2 UpdateHealthGroup | +| **UpdateHealthGroupRankL3** | [int](/azure/kusto/query/scalar-data-types/int) | `0001` | Integer for ranking the L3 UpdateHealthGroup | +| **UpdateInstalledTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when event transitioned to UpdateInstalled, else empty. | +| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for WU FU/QU, for D&F name of driver manufacturer such as NVIDIA | +| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update | +| **UpdateSource** | [string](/azure/kusto/query/scalar-data-types/string) | `UUP` | The source of the update - UUP, MUv6, Media | + diff --git a/windows/deployment/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update-compliance-v2-schema-ucdevicealert.md new file mode 100644 index 0000000000..0349003050 --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema-ucdevicealert.md @@ -0,0 +1,76 @@ +--- +title: Update Compliance Data Schema - UCDeviceAlert +ms.reviewer: +manager: dougeby +description: UCDeviceAlert schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# UCDeviceAlert + +These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in WUfB DS will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. + +|Field |Type |Example |Description | +|---|---|---|---| +| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID | +| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Azure AD Tenant ID | +| **City** | [string](/azure/kusto/query/scalar-data-types/string) | `Redmond` | The last-reported location of device (city), based on IP address. | +| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country), based on IP address. Shown as country code. | +| **DeviceFamily** | [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone | +| **DeviceFormFactor** | [string](/azure/kusto/query/scalar-data-types/string) | `Notebook` | The device form factor such as Notebook, Desktop, Phone | +| **DeviceManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Hewlett-Packard` | The device OEM Manufacturer such as Hewlett-Packard | +| **DeviceModel** | [string](/azure/kusto/query/scalar-data-types/string) | `HP7420 Workstation` | The device's OEM model such as HP7420 Workstation | +| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name | +| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier. | +| **IsVirtual** | [bool](/azure/kusto/query/scalar-data-types/bool) | `TRUE` | Whether device is a Virtual Device | +| **LastCensusScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Census Scan, if any. | +| **LastWUScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful WU Scan, if any. | +| **OSArchitecture** | [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the OS (not the device) this device is currently on. | +| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full OS build installed on this device, for example, Major.Minor.Build.Revision | +| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `da` | The Major, in int format, this device is on | +| **OSEdition** | [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows SKU/Edition | +| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Compliant` | Whether or not the device is on the latest Feature Update being Offered by WUfB DS, else NotApplicable. | +| **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the Feature Update currently installed on the device. | +| **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the Feature Update currently installed on the device. | +| **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available Feature Update, for its Feature Update. | +| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest Quality Update being Offered by WUfB DS, else NotApplicable. | +| **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the Quality Update currently installed on the device. | +| **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Latest;NotLatest` | Whether or not the device is on the latest available Quality Update, for its Feature Update. | +| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. | +| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest Security update (QU, Classification=Security) being offered by WUfB DS, else NotApplicable. | +| **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available Security Update, for its Feature Update. | +| **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 Servicing Channel of the device. | +| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Win10 OS Version (such as 19H2, 20H1, 20H2) currently installed on the device. | +| **PrimaryDiskFreeCapacityMb** | [int](/azure/kusto/query/scalar-data-types/int) | `1132` | Free disk capacity of the primary disk in megabytes. | +| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | +| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. | +| **UpdateConnectivityLevel** | [string](/azure/kusto/query/scalar-data-types/string) | `Insufficient` | Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. | +| **WUAutomaticUpdates** | [int](/azure/kusto/query/scalar-data-types/int) | `5` | CSP: AllowAutoUpdate &'AuOptions' Enables the IT admin to manage automatic update behavior to scan, download, and install updates. | +| **WUDeadlineNoAutoRestart** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP:ConfigureDeadlineNoAutoReboot. Devices won't automatically restart outside of active hours until the deadline is reached, 1 is Enabled, 0 is Disabled (default) | +| **WUDODownloadMode** | [string](/azure/kusto/query/scalar-data-types/string) | `Simple (99)` | The WU DO DownloadMode configuration, brought over from Update Compliance. | +| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdatesThe WU Feature Update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the deadline in days. | +| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The WU Feature Update Deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the policy setting. | +| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The WU grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the Grace Period in days. | +| **WUFeaturePauseEndTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesEndTimeThe time WU Feature Update Pause will end, if activated, else null. | +| **WUFeaturePauseStartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP: PauseFeatureUpdatesStartTime. The time WU Feature Update Pause was activated, if activated, else null. Feature Updates will be paused for 35 days from the specified start date. | +| **WUFeaturePauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for FU, possible values are Paused, NotPaused, NotConfigured. | +| **WUNotificationLevel** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: UpdateNotificationLevel. This policy allows you to define what Windows Update notifications users see.
    0 - Use the default Windows Update notifications (default)
    1 - Turn off all notifications, excluding restart warnings
    2 - Turn off all notifications, including restart warnings | +| **WUPauseUXDisabled** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: SetDisablePauseUXAccess. This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature. Supported values 0, 1. | +| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates The WU Quality Update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the deadline in days. | +| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdatesThe WU Quality Update Deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the policy setting. | +| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The WU grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the Grace Period in days. | +| **WUQualityPauseEndTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesEndTimeThe time WU Quality Update Pause will end, if activated, else null. | +| **WUQualityPauseStartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | CSP:PauseQualityUpdatesStartTime The time WU Quality Update Pause was activated; if activated; else null. | +| **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for QU, possible values are Paused, NotPaused, NotConfigured. | +| **WURestartNotification** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP: AutoRestartRequiredNotificationDismissal. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. The following list shows the supported values:
    1 is Auto Dismissal. (default)
    2 is User Dismissal. | +| **WUServiceURLConfigured** | [string](/azure/kusto/query/scalar-data-types/string) | `http://abcd-srv:8530` | CSP:UpdateServiceUrl. The following list shows the supported values:

    Not configured. The device checks for updates from Microsoft Update.

    Set to a URL, such as `http://abcd-srv:8530`, the device checks for updates from the WSUS server at the specified URL.| +| **WUUXDisabled** | [int](/azure/kusto/query/scalar-data-types/int) | `1` | CSP:SetDisableUXWUAccess.This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. Default is 0. Supported values 0, 1. | + diff --git a/windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md new file mode 100644 index 0000000000..97f922e4e1 --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -0,0 +1,41 @@ +--- +title: Update Compliance Data Schema - UCServiceUpdateStatus +ms.reviewer: +manager: dougeby +description: UCServiceUpdateStatus schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# UCServiceUpdateStatus + +Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real-time. + +| Field | Type | Example | Description | +|---|---|---|---| +| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | If this DeviceUpdateEvent is from content deployed by a DSS policy, this GUID will map to that policy, otherwise it will be empty. | +| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A GUID corresponding to the Azure AD Tenant to which the device belongs. | +| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a DSS policy, this GUID will map to that policy, otherwise it will be empty. | +| **DeploymentIsExpedited** | [bool](/azure/kusto/query/scalar-data-types/bool) | `FALSE` | Whether this content is being expedited by WUfB DS. | +| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal Global Device Identifier | +| **OfferReadyTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of OfferReady transition. If empty, not yet been Offered. | +| **ProjectedOfferReadyTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Projected time update will be Offered to device. If empty, unknown. | +| **ServiceState** | [string](/azure/kusto/query/scalar-data-types/string) | `Offering` | High-level state of update's status relative to device, service-side. | +| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | Low-level state of update's status relative to device, service-side. | +| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `100` | Ranking of Substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. | +| **ServiceSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of last ServiceSubstate transition. | +| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build for the content this event is tracking. For Windows 10, this string corresponds to "10.0.Build.Revision" | +| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The version of content this DeviceUpdateEvent is tracking. For Windows 10 updates, this number would correspond to the YR/MO version format used (1903). | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Time snapshot ran; OR same as EventDateTimeUTC in the case of NRT (future) | +| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `ServiceUpdateEvent` | The EntityType | +| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | +| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an Upgrade (FU), Security (QU), NonSecurity (QU) | +| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `2022-04 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5012599)` | Friendly update display name. For Windows OS updates, there's a naming convention. For D&F, it's DriverFileName | +| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for WU FU/QU, for D&F name of driver manufacturer such as NVIDIA | +| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of update's release date. | diff --git a/windows/deployment/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update-compliance-v2-schema-ucupdatealert.md new file mode 100644 index 0000000000..b0cc95b2af --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema-ucupdatealert.md @@ -0,0 +1,52 @@ +--- +title: Update Compliance Data Schema - UCUpdateAlert +ms.reviewer: +manager: dougeby +description: UCUpdateAlert schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# UCUpdateAlert + +Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. + + +|Field |Type |Example |Description | +|---|---|---|---| +| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this Alert is an Error, a Warning, or Informational. | +| **AlertData** | [string](/azure/kusto/query/scalar-data-types/string) {json} | `{ "freeDiskCapacityMb": 3213, "contentSizeMb": 4381}` | An optional string formatted as a json payload containing metadata for the alert. | +| **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this Alert. | +| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of Alert for prioritization during troubleshooting | +| **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this Alert is Active, Resolved, or Deleted. | +| **AlertSubtype** | [string](/azure/kusto/query/scalar-data-types/string) | `DiskFull` | The Subtype of Alert. | +| **AlertType** | [string](/azure/kusto/query/scalar-data-types/string) | `ClientUpdateAlert` | The type of Alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields will be present. | +| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID of the device, if available. | +| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Azure AD Tenant ID of the device. | +| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | If the Alert is from the Client, the ClientSubstate at the time this Alert was activated or updated, else Empty. | +| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Rank of ClientSubstate | +| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The Deployment this Alert is relative to, if there's one. | +| **Description** | [string](/azure/kusto/query/scalar-data-types/string) | `Disk full` | A localized string translated from a combination of other Alert fields + language preference that describes the issue in detail. | +| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | The given device's name | +| **ErrorCode** | [string](/azure/kusto/query/scalar-data-types/string) | `0x8326CFA2D_C3FD` | The Error Code, if any, that triggered this Alert. In the case of Client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. | +| **ErrorSymName** | [string](/azure/kusto/query/scalar-data-types/string) | `WU_E_DISK_FULL` | The symbolic name that maps to the Error Code, if any. Otherwise empty. | +| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft Global identifier, if available. | +| **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of Alert) that provides a recommended action. | +| **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. | +| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | SCCM Client ID of the device, if available. | +| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the Alert is from the Service, the ServiceSubstate at the time this Alert was activated or updated, else Empty. | +| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `100` | Rank of ServiceSubstate | +| **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. | +| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `18363.836` | The Windows 10 Major.Revision this UpdateAlert is relative to. | +| **TargetVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 Build this UpdateAlert is relative to. | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | +| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. | +| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | +| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an Upgrade (FU), Security (QU), NonSecurity (QU) | +| **URL** | [string](/azure/kusto/query/scalar-data-types/string) | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. | diff --git a/windows/deployment/update-compliance-v2-schema.md b/windows/deployment/update-compliance-v2-schema.md new file mode 100644 index 0000000000..a1cfd4ac52 --- /dev/null +++ b/windows/deployment/update-compliance-v2-schema.md @@ -0,0 +1,43 @@ +--- +title: Update Compliance version 2 Data Schema +ms.reviewer: +manager: dougeby +description: An overview of Update Compliance version 2data schema +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: reference +--- + +# Update Compliance version 2 schema + +When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more. + +The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries). + +> [!NOTE] +> Data is collected daily. The TimeGenerated field shows the time data was collected. It's added by Log Analytics when data is collected. Device data from the past 28 days is collected, even if no new data has been generated since the last time. LastScan is a clearer indicator of data freshness (that is, the last time the values were updated), while TimeGenerated indicates the freshness of data within Log Analytics. + +|Table |Category |Description | +|--|--|--| +| [**UCClient**](update-compliance-v2-schema-ucclient.md) | Device record | UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS Edition, and active hours (quantitative). | +| [**UCClientUpdateStatus**](update-compliance-v2-schema-ucclientupdatestatus.md) | Device record | Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. | +| [**UCServiceUpdateStatus**](update-compliance-v2-schema-ucserviceupdatestatus.md) | Service record | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real-time. | +| [**UCUpdateAlert**](update-compliance-v2-schema-ucupdatealert.md) | Service and device records | Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. | +| [**UCDeviceAlert**] (update-compliance-v2-schema-ucdevicealert.md)| Service and device record | These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in WUfB DS will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. | + +## Schema used by earlier version of Update Compliance + +You may notice that you can also access the schema used by an earlier version of Update Compliance. The table below is provided as a + +|Table |Category |Description | +|--|--|--| +|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. | +|[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. | +|[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. | +|[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). | +|[**WUDOAggregatedStatus**](update-compliance-schema-wudoaggregatedstatus.md) |Delivery Optimization record |This table aggregates all individual WUDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to Delivery Optimization. | diff --git a/windows/deployment/update-status-admin-center.md b/windows/deployment/update-status-admin-center.md new file mode 100644 index 0000000000..0b644d4fe1 --- /dev/null +++ b/windows/deployment/update-status-admin-center.md @@ -0,0 +1,46 @@ +--- +title: Microsoft admin center software updates page +manager: dougeby +description: Microsoft admin center populates Update Compliance data into the software updates page. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.localizationpriority: medium +ms.collection: + - M365-analytics + - highpri +ms.topic: article +ms.date: 04/10/2022 +--- + +# Microsoft admin center software updates page + +**Applies to** + +- Windows 10 +- Windows 11 +- Update compliance +- Microsoft admin center + +The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) is a high-level overview of the status of updates in your environment. The **Software updates** page has following three tab to help you monitor your clients: + +- **Microsoft 365 Apps**: Displays update status for Microsoft 365 Apps. + - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). +- **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about this tab. +- **Exchange Server**: Displays update status for Exchange servers. + - For more information about the **Microsoft 365 Apps** tab, see [Exchange updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). + + +**Insert awesome picture here** + + +## Windows updates in the admin center + +The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-get-started.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The **Devices by update status** chart gives you a visual representation of how many devices are in the following states for the monthly cumulative updates: + +- Up to date +- Missing security updates +- Un-supported operating system diff --git a/windows/deployment/update/media/37063317-update-compliance-kusto-query.png b/windows/deployment/update/media/37063317-update-compliance-kusto-query.png new file mode 100644 index 0000000000000000000000000000000000000000..4696c2b2aec4dc8f8786bb442772455ca3aca564 GIT binary patch literal 514649 zcmeFZc|4Tu|28fqm89iHCA2G9+E9d2Qn^tW`;vq#V{9{)u|&z8vXrE(DcQyt>kP)& zT7-~gW-!c-Ws-40h3J6F)TmRW)`*B~mfWX@4+c&P62G}tNwm&w2uQkrJ?~g$jJDb0J zjV`!%v`OOC75PMoJ7w{ESFF4Dq2={&zaZ(|LFPSGy&Zik%OmnyOo(jD{?g?so`1Wv z|M#?*`kw){t81K8-%yuIdODI#@Z~Iq7+I9WfzSW*aaCTZ`rMy~z^iRKgEAWrKHj~p zfAhwJy9L9M8;=R-9QG31c<}1BE$mGj4{i&u)7*GW;K=R@;f)6mZxQ5eJSOn;>i@mS z|2ZiCheq`terLdagye_7Sz;zRaW7 z2W=;fe)@C^uKIp`M828gozXLI%!j|n5UT@yY3Iz%0|F|n)A#A5Wu(s1qGU-YWdEn|`1IQ~8-!-uos zGp>em8O!#*3VtvLev^Ih5cmE2qKEnxbl;ZY*B1kk5h5ha3!_=9>l&qAn`}+1Kd2`u zkZ8&e06)k>da|QCubUE zAi=@aEH9{N(GMjm+t-($IB~*lv^jB!kEy+gJJ;cUxx2629Zn8}F^Cdvi>7^la}9{m+b^UW3BRb~2;qSER=-CL`AdMuK(%LZ$lULxlzNY<}w zf^CPW4f9V(%r2EM7EvRGcjlzhy{6l@YmQtVn3*MP4+{Je3b(^rUtf!9x%eR?<7bMR z(J{R%`_6mNiX4s+W}8vTTq5}(_s6Hn&e8K}NOq;?BN8*%)_-8WFl4d}b8%*X=SK~s z=UugEgIjFluv&D=B?gUPMWaGHvO<3*96f6K@y7W4=IeIbC@EPZ523x)Cr)^XrT*AD zpm~=QwgSP;v4(4w|M+GCS6BU86meA_2ts2>8(%o~{8Mb<=&lvWY?RY!57;bpF!Zas zNb6JwPeUO!mAR^oA8yA<-=%*>Ui8)hNf5kL`jd zPM8yGu7&uG|wRBL(Z5_r2pEG(&b{W!uiaH z+crBODc`Z>ArB!nBK?ggPomnRHG^CnQ_ag)e?+;g4&+3U*}nX?xPp%>U;U{a$tv#E z61Bg-y>K5d((_vsH?J7f6c{EoOK!xo#_0WtPagr^Z%uYqh@nilrstnKixMy9)>O2w+t*O(%)!f@1PN~PAthuQ70I)mudKu= zxxpQpS7A(ISGjOon2k;9vz>v5NB5`8Uie<_@}0X@FFb_`s|`KP$JM9DX<{t3S94eR zJfwSuMa{ypZ_J@{Ixgvf*=+@uUFCbK{w&mkU;p~C`}^0ghh87q`IH6i{qgG4t}|fK z84Rx0qIlzETj8vSs9Rxk&)RWJvWC=fwO%Vce&nUVCCA{A`e{eB{VAknz#} z)IbVB0z?z)+Y3oNSrer&;u+Ub*>xgl?0wEW1y<`yF0}Q0&kF1Ks9Q+jCz_8lFtyF3 zn%1^7jrs2Bp{guLVKpq{Tv3=~dt*8|&41UgGsE8l(Q>yX8 z16H`TX_O=VoUAZ&birW9YK7s=?diMd(uI@@p_-U~~ji|-cEZwQf zM7oF3SvWYa4qsAcbV!ST_D}%XHfSiaI8Xh;yYo)XxmM+F)c$KC63f{sNLrS1?ecm3 z`UNNjI}y&G(&wF%H!oziE@I-MWP0LSp5=Pgk2>MsC(>7>PaBg{T$+1_;f;{CFyxtwd5})6V9!!}FvJ38u zv!+9KCKx--L?zq4l$JGx{V+&NV{FK3yzf0c0y;kl{}jZlv7}#g{hhxijO4_q&5b4{ zT;GbV&Ct>u(Neq`(xHnc=D_T6Fb$e3PwH;LqjN+}hJu=f+&};Pvkmq;|{7W9Y`#vH5WDP%ktc?$`596S=AfK@8|= zdPf8YB=}(pB0a^Zok~E?_m_TBas0j$qwCgF^vW(MFm-JCJX!NQ-TrSx9B*vxJKl*~ zRXf{!X+<@x2B*8kyj1XDB^YLlw4JJ5+q80)qZgt*EF3aBk@aS{cB+OCsRYq$`zt@rSSi1Fvd$L`aO=rC%SF^lV zcg$Tr`(`ff)!>nCb=6?31FR<32j(zZmT!6)GBh+qwOLj3XDbJ}H(2LI%&a4`mf`P< zeKZn4V&mMNDFkHR9jhWO<@qpc1D(s&*Y-S z%xCtVs8*T9-Mu#7D1)?VzjC1=jSS1O3>2bocW_KheSWY}tJ zuPrB}U>PGFda_;O=5~1rMq0h)@9SpldkOd{_2paiirDt=D} z`c8nsXFMn2+FLy-2WVka)Gtqh?ce-aa0b8L{}!YdduV7jNwue}TsrTHY{i<#u-)m) zz4i|M-wStyOjoNJzHbj$Y=PgIh{_)ApKiVEbfG`=wI)JFLQ*nE^oY)P-528X*|W8_ z8vc_k91XE)Q9xu;i`Tzj#kJFP9RR#YMfABIoUPl9GpuV)Jfp&=X8^$5YK?vLEn1wK zYX3q)v73PO7ne8v;ePoCwOehTjnsIIJGP$VCq z%+URa>ruP9@Kc10V}$jl_&*+3*)ErLTJ~9;B%hB`wV-OmpS!X*P|Hgj#@9M=;-q}9 zT7|ce(2H!wLddo zS2xcf1xrn(rCu&IiR2~(lW%{VI=Ee8&%Ij?@3+*WO!IUGwO;Hxbm;@8c2$0~8do)b zv>ZwyK_c3tzsE?SOzs|D}hLqvOV>ho1x77-bvGmz*tv%s5pZCk7e@UjdD|pZrJM~q3x*y>NKHFA3wOI=& z9cD5#sIQLQ3{cGL9S3rx>v0SZ__uXL43iE5JOS3CM}Cxc(p@sVZgVO#{2Ef25eSZZgR zDyea^)p`BC7j{CUqM{hgp!w>{wJPqUNBmf6YHF=u;D?}~$C0y=N;ZQ*ErUOxv>ID| z31#kB7D((>cDF5^FvGf%+Ddp(3A|Hn2P}ALr@Z<*`*(Y z<|ozp%u+(-oVfg7ulD|oi;X2!2XYK67+-a`g|AmCye*fE^`)?~s?0sG+iZ|7d4;dn zzCNDbVXdRe;p(lm(MYKPK^oSpzlcDQOUBE@nI?&o#|eE(x~q^Oi7)jchj@e8Du;rzkjX=q>By|raNCPm4}I&KipYQq_w!rHFWhVh>P3H=I8$kRX6gig*_D`|DCMF47lp)i;Q!gx z4Bn8~M!`qax`Gni+a#AQ2Q#mriBDl}!RnpN;Z!wltF|%z<#&=Y{n;Ao-emmfk;c<4 zgf!u&Jz@FYGG@7Vk0dHulTtJu+5S|A$%mCj&spOS+4_AO9hhs=fc=YdjUP6~vNZYw z)ts8&v>6v^qJJb9nXT7=%Ig{_Us*JaL5gaiZ|8(d>X5;x0_tZNpS5CKD2X@JS{Mw0 zPx?KV33>Q#bzxY{U+>wn63X6~`g9Y2q&umm7z&le zD*w5R3{62+5-M&<=q&H_~QFDLM@t-YXOxnt+K43KVu=878!F1=ZgrtTlF+{oA%YQPGdMZvXO zM-*(^)hKytH(RP?&0FGLZam)LRuF>Sp9lVm^fd;Yg<2wqsUGP3^_Gf9&ky%kzlVoG z!aqJg8Tdqr)o&>qwtTOq*05yhvvUi_xMu?iH}aDCl(jkbxL-!jW}cE%#v5h?uYS0! zQ>oo66~XzNtUWigOK+$l5|SA#1Y>^)L6*vngI@HB8vJfC$X$8eIuNE^bwKe0(r9oZ z|DOcI&TrC6W*Idhr5Cf%yD}t+XlwIfTJnd`l_gZb%x^n)H;MdE024vr%r61jfnb*U zkAj~zJJI|iH&W7AXsQ)t&bhC{ag1aXrjyyL&DRR@87q}jD^V`LK-j^~tm(G0^?S9t z#88Iq`g2NBPkoO;_Bx4Z*aziNL#9>~B3YXSGm&6f&#=Efr@nqUI#U<&dTK4?`h!Vt z`KG44xAs;u4@C>^S#55g6Rq)%>x#~?N>}xkbz7?+wt5v=trBMgk`*EE$u2q5Dn#o+ z*yM*<@m->v6gOgiUbdu%Xis%uY0b)5$|20EU75wX`EhTwCt)6|AS!zB;vDu0qRqAQ zM!TlkP34+7A8Zt8gOSMF=v%LjR^|D_)*)cbA(cMOo4Mp5z-m**|7Y8F;bF9zft2Rt<21&8P(#&{Gy&ktx2cR~?>}2-s|auhe*DswGuwuP%In?qhb#Lre>80%1xjsO$l(E#5Tqf#asJd&l(tWvKL5O#mqc zxm+HtM#lv&`at{3no=}^3O-#2u{7WRjxKhYM{;=34m$iposQxB+}u-YQ1S#|)%yJq z9z8|%ke6y$%;4_Y;$8az{GJ=ja%y?&jLKievMA!x(yUf#ExdliI%dsD4?Q^=RNTDm z>)ej$TGaLG(VBL8;_0$Qf6%c5Z$%S>*WEu}eVt58>16sSXiooGj5=_kL_A+>FKFSrKqG+k4Si0^JN6gxVt(!neJ0;~*bXsl?O92*-auG;&5gv?t&D96DY~fC@&pZ2 z_)FRbuGK4*GiEIp5SVbn8NG{T)*rdvUsYdl5DO{7-Qi9YJCW_fLh`45>V9jlb;HTrUs9Ob^v`EYBj2I# zERWy&ROU`M#HjGpb8aVG*C7ozt{M4`{cJNH*E%_7A2PE@2c<>>!Td!+TLUb$h#Bf8 zKSX#~)Y@rq>H@V67JPY1u-_q}Fh1t8vhXR}XiZ5UlTyrUPD+r&yHcVEMn{hx?GL_c zVe#&uid*XJ{+1-guAGd}$wJOg3%x{tTH1K)=*t8{bpUAIOpndRt@r8mnMmtKE#*H~ zk3cNeW>1B=#XGfEy5aMii4%k)m(NQ7EWy>cBy=f=dF-=DH|ra{b{*gRjgaVLn1Y4c z>MoUq+E?5)xAU%KSNlHJT3f!bGTWl;Su}CYU#uH4fawO5J)vBzYB~ChjS&Cm8^8}k zN--A2AIUy<0efs0;84(44*e9m;^`kg*IOE9czLUcdM&pPHA%x{^kH4mGGrTcWX*7^ zTOxNj4EwiL$Xq5MiRfeK>(6b^^ybZ_ zCs~&BRH1zpt|(KOv?en(n`MzeqJ^!Yhm5p_?A*I%Uh8+~-aDq2_7;)|^R5@7re0hP zTkA5VIX?W0Nds+b`oYzQZ&4Hq-*x8qxAzE%o)V{0i3K~_k49y*(3 z(mna{y2i;36LCni@|agfDl;Nm)#8@M*)(c3tbw9%`g33K^q>y+bV0;Iy_4(pdC!dc z7D9+dP1B%L{q=hFxVLeYx-faAD35K2LVSvhdQx#DiH zRg9DxiD+)0-~i{}7nM@&{1m4tao!KcJU8|;ofR=AQ7Crk30yE>;+v%Hqf5K*x1C}3 z&jA8P!@QnZS+hK=??x*`SK0Jgs`Yz?G<$jT5j9wS+r}q%>6&$Rn8A=M%e1KeYEj-! znSxkpC6Z&D<|Ij^h)i&7)VDdoDJ%HMKcLb!J+>=(nq&<)Nqt))0l%)rfVy+1yuDw+ zGb|M^b=54Yr>Dns3NUXk@_DTxrsZxBH5i%pL~K`wCT}Og-)dXo4H#t|X2T;YhL#w{ z4bx!RS9w;?ob(U9UK~A%h}l9-;3jJ?{WvSxvj%d9aU>u8>5HChXf6YTZ-e}r0_1$T zCu?eV{40P%C$goGuG53pmYmuSu?FyD>)(UyVaj#bj~}`*Z9(HMWiQMZC?iN^M&W8P;Gx zxTK~)@R7vaj!#{pH7>fKX}-9emjiD;ofDvF=?D@Trutw>b7-g&{n3wjVF<6FwEAuL zg9i`F7TUEku24y#67RzP1+(|R^JsVt#fwm%SjMzhAZ~3u^?Qs> z)E36{?(tI&n8ge2FK=yU=Fk;rLA-&rt9Qn!Z9E_sWfdmD?45~n*RpGXNYvR(^tmCwJ1(XDI_~n>wA~NG)iqYSuJ`uH@ zAwD0&`k5<>>b}b!#9;T>zL1i`#Mvg4Dr#)u^63_uE%pd;)-yr!vw}81t?~$urkMY- z4dwMnXekw>bsRPM1A72typA79KP?6P$A38l`7D?eTCEP{+EkW&zp_?+GxpHu3vIbW z<<4o+fY*?=nV+ft=vM9)gqSPsRi|O8px4i(j1E-4eX`@PQ}Lr3BKwg9d*q5Je6qVq zh|y)z>YwVrv*N;t^lrn4a0ZFkq8ul(xMaETFSDJR0r#xP))UiQTejf!xqP=v0IA4* zB)3C-zT1RAdQxB&I>_F|UBFK1$%H7hOx5e`iQILWJ*R%Jr+oIezA`@ca$s6o`+Chw z*?=T}gfzSksh${i{{1^7h^+RIr~-eH8wCsC;>v3rVldwXo4FTbS1S+`4}xkrz49`z z=65f@Dyd^JdrRlPygUGyVW<3QFQD$3j&_?6iyW?(yTM;gcIPFaKlnQrJoy5I9~DlN z>_udo$G2rZEWZ&q=wmuRneYAmK%v#bW%@;LVuSDO{t|h0bu0h5DSE8hhyT*<^1X%{ z?DWT&!C|}sTn+t-$qUJ~_j|K;g%+Zfs%`-~ZoNnBFS(1DqM`#iV^#U1VHk@{&`2B0 zqbLk#zWP)@r@O>SUk!R>rN9d3nFeUANawcYYhi0EI1v}?ZMB{QrGA#=7Ml~x#{xyi z+A}aUA)bgXLeN02#@3x)U6+Rz&pFPmYlf{(M$VX=kW?tZW&_vi+W0$YfnwF6h&Fd( zAsP#%64}HT3u7M%6{Y*k)!V2xkE@rWz(FtG}Am|C&|vZ7caU# z#c6$XHOZ-h!fGnxJn<_CP$O9MoDAm)ASMvqXyqRMx@QpsfEzVP>l!&^8|*EdHiTa- z@kRfcO#}v~N2BXjC}C`(Mi?_uoQwU`Z&Y}i3c^;?k{NkxF^Zy^OT`idt|P@wS=!2NT~(+8h?vUtUkTr zTq8o2$GtKNva*h!IC+Bq>_ag|^Q>(3mAh|f(4=>{BTsLv^{6e-6O3`PL$ipSL{e0e zit&JnAtFvhz;X}4E%D>0PXm5{hcT@Q4piG9-#@NCLN={1niIV(QGhEJn&|o|tjwF` zV(SjBB#wu4HQB+J-UO;?EsrJ|#s11wh0g`$EXmvDe&Br&h_9@uxMYx~N=!*;yHc9H zjw)L>RNTYLKS1`D%r)9^Z%8Yx7!7-!K)5qkcs`_|e#gAtr7+KLdk+$^v19!`#sdsf zM4XU-rISBxVTpm6W2w;s6pbkemTB3edmEcwfxv4PB`2=Ol?qAy9*BpCp1Dym^hA4& z$PZf`E|;mP8jVKX$V~8ad;W3q?x*T#es=i2-gV=}Itg86j*)^lKHlWHbYq^1oXT?} zc6FCcRPGQH<5^wTzjLS4yeoTRA}6D>&=zk)32aTCXp&1eU5}hA8|G#9831;|@%Y^p zMy&r@_<6IVXL6A|cGU+b{WL%~t50M-N%MW+=ve-6=7B-5|3_y4Hp%jk0t?Xk#2U9+ zl~+q_IO~XbA9oxh)oB88Xgg*A#ea-8LPuy z8MYGG^^(&KBy!BU9qKkvd9F4#AtBfAid26XfNEERH4xIWR4t{T21@O%@=36Va5>$*!EZJ4vU9H;DcMhcTxIW8zQ` zY4IccjISdP)eL7>;-qrkiz)C{Y8{8~wscXbyfuM%Xqq~_Q!+u05jIRSUMIFM8zkrc zoqRZ?+>O{>1(y;xns#tjGNes| zI5^eQnbz&6hoHC%UGtmQU$U_qa_2-Wjn!s`u`674n#OWhV+J^%N&;=zXms>5Xp}c;BQe&L+t7Ecf$o z>XrR>e?Jk9L|x4&I8GbH+{~D%M$1;)_Ki-og7MyXGH{{Cyr!g$@u&yVzZZ2LOa zMNvANHIQDhLH`F|3gx3aNR1rcmymcraeQCGviOA90a+VQhHO9k*XRUPwns^M;r9#W z?i?f86)pv4r_biiG|DnEqhvY<{Ap;*Qs+Q)qnV#y+18!=2ixooOUWO@)>e}*dH>!X zf_wTYFm^*6Kkh&753YKsPpRwF26ytYXK;e7!iC9U>wes|_C|Fk%kYKW+8p zgH`!C%R_?1Z_q<-fk9uM+axYOvMzT^T(4fBMxw4g*}BA|g_U~`--NkR9n!X}E^~|k z?LOeX@r+&{0fyvPjqaF0+2y$2FYP=S5c(^=Z8lwwZFo#S)ldeChc* zkvlvuaeiJ9myu!j{cp2`*`c4!L>A6{le8b_v}=>0xPk1OF$V+DnU)YP5Fx3e6fD$t z)56{pcg9nF+d7<*Y_pH*MhCddl))Khzn+v& z7hntE%$^SPzDsn(-`qp%ZFD-_Ky4ta#HpnU-dREiQ*BZ1Iba10Nj$5Sn$;!ukcFYB zs-;QP!0;A;g!DjD;zK{>waN+r`bf5s_KN8`rMGwQ-oN(j$plMeJo-%GE%>h1Gnnd+ ziD%3wL8gXdl5Af9sje%8H$YFf&*j`_P>Lm#Y%GAC!W^(91MY6p%GrOv|IH4#&v9+n zpLQoJ;}2%$J?O$fi={UIN#p}M8*RT}?JqI@NM!;0|w{X<-w?Y*F|yxeVKR2g3) z^cwFs@w=f(LMvS>q)GUDAm6p1IJ z%-dV7;ry+l2P^LLfbef)ed=G#HAz{L=r6R!6_N^VQRf`LS3ox-m_3=mfod4GJQL+c zE@U;dleX8Bith(bSGo3bfPKQG{9)7Hf8#*&N5hDO*195s`UxBU@#7XyQUDB8LxeL+ z+tgbkhr1l<g`))`@%-q zuqy-jJv}phoRUUtd{EGeuOLu_fBgc@uuVrvJTYx_<*x_W zJb({)-wps|$xU^IYREN)@AE>WZe1)XJQ^~% z*n7#VKteU+f=jG*V;?g>f$5p}8?9Jzr!wscutMP{SEbecyc+Mvxn4tP;LO5lGVN_S zni*w$RqnFlT~BEtK>3Wyvng60Qb^V$88byH-OU5}8_q!EvQvGnJ%?Z-A95teaXT0i z&bT5RK?_mv-OfZLEeY62A{ngUE$oLyk2;P@zQHw~HZM%oa2EMUaS!GV_~YH{1xFEj zf|MLIti3munBOBsp~~08dP}~s8s$k8hP(8R&U9goT7={##+LgGOMGv+dlEH-XX{Un z0FJ)KG)YGFeR6i1ETj9rAiuQjfLUt|;JKA{!oCPe+6+caBg_TxQW5aJ_h8qq!|u=;lZ^~k=NFb)GPJ|587Cat1tAFe&IS`!qePEUI^E2t!H|p zyRLe86p(+rWcrE}=QMI%j=)e6FbI1yNGk7zxX=uQ;(n2L*5k`>Obos0H1#b%(={n+ z*HMBQ+~R`0E4q@lBX-9aUY>e}FZDT6GySWl-EMgrBRva!_g*!S3Wb#;qI0fy-- zDyN7S1y?WHu^fIk>@lk=Jqe!wW88Dgh5`K%wymG;AaN2aPy}J_f*cuWXqKqJ!98sE zZG#HSm*qHZVwTl&Ut0V#Apgr+oPXa;rN6I0eG!zBYEn0|xN~c_q6L(~?k$yr+@eHK z5KN%y6$2}bE`Ty2LCoUDUE7PI9za-V-*6}_aVRFTUa<};J}hJmM^rO{JU)f~fS?}w2>b*xK@w_uIZ+lbbq0UC`GcDPv4?{@AY&&<(QM5yBs z2bAK<_3KzKX=f`5V`jSA@5(KOmI0NiNlF3cIGIoWQ`Ec$FqS9;tB)OU^X2}bHh&$R z2;AIV($F!}Mq$)%*!4d52AMEYf#pH%&}x~mWpB|#m+oG0X`6eyWa+Y7ghp}qn2MUS zXxxK;tF=6ReSV@#j(8t3gKnrHv>`S)zXZH~1IQos?d#VH@0-M4^hf^>ofXB?tHinW$c*e{UG4{EDQK=k zuN;Upu$Z~tnO<)A4hDDG92n2b@q_ghHTtZKIa7#dtJ?;SCMx}0?bKJEVB@DqKpMq><`RZ}!YtgD z*)t;)HOfj(KJOF_DrDC7eJ3m0wjvZQiAel)ouaxl>GOD!;M57mKM(xRY*Vqwi5?u@ zumrEJ>J4g%l|~PKkC-}8Jm`D))S+#6g#{N}KckPPzk;C5CNjcSy~TU33%!9B6;(uj zA)~G7&_qoM!L{*EaW)n;038GGl#9y4AG_z7yHAsQJw>U zTxiv`xq?fhZ%k~62-IxG0aO_*+?SF1tJqObax0F0A#61m7W0d_Q1B#N8YA?Dl}hm~ zY7-21GRqubpS&;56OmM6vOVtKd2?!LjHMzMzf=*`KN1yqISyW z2N4DW>q*G5_bxV3n^7fe!0_Y-rmyhW)uJ-aCWI%e(sG)*RbV12*CuQ!$)CwNQ%U7TIWsO}oN7s9+*PQDA_8mm5@eUUFa#S z5$Y0*$SeI4O8|{VVg52`6)^2ue1(VO)E@YQ_Ii1~wNt1@`qlYGffTWFf@Tf~g?z9i z*@t>;#TA~yq?IBxw)eo@)AmFpDp+8g&Kgo`=_k$T-(e zg0G1e;1*bx+HBLR%U1jWJ>r4dB9l9}4ovW8xgcZt-@4S>@Ew?JP4e#|gMcZf5LjX= zqJNtWX=zGq#hv8eBcjD>=$3zZVy((=Dcxk%aHQz{w^_>j_E(Mz(lnBQA;x=*aC9_PLogA|N zDtxW;vpy<#aW+}Qzi<`cEnc-?i$Z*8+hux%#+Klvi5w*h*`GRW?d9nw6ddaUz9487 z^cYj>O2O;sOBHI>41d&4PWL~HEJSE-u_NCno&HjoFv#eMMb3^iv4H_2>$$r~Dn`*7 zTjBlKcFI*l%i)clv^TVMe6wcSSHx>K?nV;#86-gTQJ>QIIZ@`?z~I&n!IK3U<$0N{%ZTx^qq z-4Z=w&f#7nH?8mX$9}`&hKmoELmkCgtiVvvzeGnz`_LN&>1Iv?7FQ{4y1B!+54bdQ z3RQ5z%!w*b6D~c=tAaCZD%8DJ6}NbX`yiQRd~Dq!Xw1fR`bd`b*iy%$#`o&*d?X9V zH9+4)o7)9`OA|(sJn3!fJA2$6{I?a+tSM9BF0|2k zlc$I_a9C|knF)eMwo5paTmarC8c*EBuke(PynJ# zE!7a71raroqbwUMcp#-VvhF&IB121mAvDX16*QZmwxL***kVvg*~P5+;uTAAxCp^o zcOKvX%k_?%`{o=aL#U6X;?|WNqoKA55$f??(+scyCW@sjX0^3=ut+Wi?$r25d|C0G zXJb4U{=;yP+QV>?mRI=TNhhaIy?05U&|x6bdKu1XdzgKdBd_)SdYzI!A9B1OX7+q- zy(8Y{2C8ba3bKZiyDEC4z1D74K6qqg_aDczB)*K8Wh)4+*1wTU%X=h z5i5xKlqL!AxFf@wuR^vNZgUvizo9;QJ=ms?%~BdH{)L4+s0CfRZLUUb@f}V^@a%I> zJWEyb!}l2%>C-pkWLWC=Y=R~}+nw2XhGl6hs+61pO3RZ-M$ZO-ew;vB{*q6!juJ#! zWDxUbH~fQuq0JVy(OEv1)df1lg7u9VilK;4PXGlo2?7HG%ncBrO~P)k&a7`304aW* z5rKTXu^l76@l-k@;ObQj_e)gBUT}VChPE1wmq#km4)muM0A97KIUx5*NMw(;B;hjwWm0%y(?(KLK)~`^d?%d` z4gVX}_kVY9{>Nnh|8*bi)1rr1<-yVD^+_FdOL!9gBA%xY+8s6HVOuh!H49&FA7H1JJ8t)2Ay&%MQu4?*gr zHVZu77Z1VWib8JKysm}tr;>Edt)%`6ue}+?ftKsrheK?xaJmz!=u|$TGPT$%BsHDyijpXN;oEgW zBnoxybHk*SoUx``6F3YTzVN?vL%EkdtxF>>pa+XD zUMt;Kt!fncBO<8CQE1-XqQU+4nR^8l|bBY%`Me{k`Rb38PiZn1qYtzfHRFp{K>$h$p&ukGSSi za~wmMs>Q=2Dg~yu?y2aX&i9&@)Q$K}f|1+T*u>69v@-I+f{|YFZam@~ObOQHAI{ID zd3F{}siNGP61q{|x6AYG{zl3=M|k+AL2>Eh^=obT>IcZHmQ zNsD$2Iz46(`9mj&jy+YbByRcv!4HZ#RBLcdHQN&R7^YQm)VJO%hUJ~VG}>|hxWJ*( zo%L<#2N<=Cx*{ruZA4 z%z-kKeR?Y>_b$KYJE(bA-T5A3;$P)U_M*vu);o9oKr3^5lh*l)o$PJ-4; z@606^4RbFCei`EHiOE7`)kn)Pjk5c76PNc^+5eYXplDfg1MfeDfd0#tYwy#d&O_S>x-zo#o2k`Z-6JC12O_5$v(6r+aTpleEbJNp&hxP z!Eo#N7-@y|$ZLr7%`W{~yt5wwxhZzBx<9+%vwl()78s-R9(8>5Jop0xNTSfECYwg& zg0uhM9`tY+CC|ui!8~b=kx}|#_=BNSchwzljImF|?+1?a9CIl+XZeP%wMlqHkW1Zx z)nD}QVSbz*+n@pY-;&$9KBzjWRNT&zzhNbF=AJha;X3i!HhFf~Q*%60!CFn}lQJgv za5F{lhkNYpXZIP}Rfw-j26F~W+6gU_uYHPxrt_dd1XFLt{a*R<$D!n}F64>69-XB{ zs#`w6HG#V56D4DvQXndy8z)RQ#hqUrkT&Y@HJeN*r@nkWPw8Aq-Y=PbL|Xqe{3g}E zzlArR_H8El^~wA8_~0Y+D09>DmZyP=p&F|_g)NeDD4_3FVH@h5%G=nrCrv@z8lF3MPHBr>fyFuT)5c#Tzmp3rKV4|MbbZ|)i~V8EeDYmz3ZN>JJmb&R zq+^ali|Yh8kgg#>Ei#F0Wd*mrzn}*UsHqZ)RwHc=pnO>80M~L~O$eSLa2HUort~?0 zeLJ3R-)DnFXs8v~*V@&tE}`5=1ryIcodB{`!bt<4_KD^*7{4^p8a`Vi5^MngTAAn0 z5%bIQ2jV_8YKfeIEkZIA~J-WoxpVNsv*Orf)t>WKh z8Ljr9U!a&BMdr&6d}pE&iHtKNmzNuonj!^-OhPC(|GM|B`2?}V(sf?p5UMgvZnAOS zTOLwg)~4(ma9QK9hQc)edpku1>AmzNcJF7%rwZJr_;AP9M@}VwkgjEu=)^m&w==px zKt44+YfRT;cl-MCCZ{yF%g>S#^ZYZnaekTx1fw%q4JVEg%WiwCEcvHU@0|KL#L|~{ zF|N{c?)^DmHObo&La2XsW5pq@^sho|{Ea;Q`CGb>OP5k@aW4xAMehouY3MleNmqXd z8m}`ZXL2-Fy!)d3e3j~(z7ohW^Aql0*f(HntC@zaK5mw6n!$xhuo|JLQ2cF8sl=bg z#3dJH^kDvg^{q88%LP6_sa`}H0QR?I4qY}j(wu)Il^(VlI1n%#W2$WA2qb@YHGKTn zwG(#^G1(6ska+#Nb*8gneqDjkhyqGonMQ^x_V8*s*$(;RatwgX0F?A=`JBOvG}wcU zO+Z@G2jzbqz^~s~!XQJ-c5RgbR}=Cw)m)wqQ&}V16Dpq+th{K~=8bt(v;O{@L`f0L zC1&7>PP(Z9M8WC|`!@#e81fn&UMb9YjdJ=-q~ZClB+d(Plbg zs=L~1*_{z8HTM#AqG#1c_L_Cnl-1y?DxPKKyUFT=Kgb^_D{8|{{Mc6BHjQk;zz2TU zgd~xAx~iXDIc~p&?NZS9NkwDVc%g(PK1ZjiVMr-e+ts^({5nKGNeO;rYJI!l-|xHQ ztUp}cv@Xa3)$J`gVqqbmHTALykZtch*(zFXrY$lASiOevC&FT+%k@O* zX!*Y0>(x>}T>3zfJu)P$;>0)EA|cPz)OWc7G`-QTHRe4rni%SwJ2$}kKlVp?9lg~Z z0Ygkg9?#QheLZP@>{C&2ym8`O&w!Ik!wZ~>2L7cM+syDp>6?Q)%}r4zb0371a8n(_ z+EZM$j8m$HosVyd5*I3U?Vh*{ol@bJi!B7B$X?Y@VwOg5WACFkorhdyBnrt(rd?cN zV=;ZJr&VmViO3=S?y+spB;O+O5f5r*v&~}KAaUlBr>XAOof{zdpr?P~?Df@x4BDEi zvUn4x$uPeudHD%NZ`CPcySH)eWF-qBDrB02&@C^tw}A&6oykcoFzv@pMZ3MRe5Wnh zEE&!xQp75}&GIS2WdJg0-;fQxudK?QZdd|rK{Alrp6xvF5tO?sH+G!%YQUYx+KQ;y z)kzd)5-7{28CoI6B>S4>Uq*|7*U{Y!JaG^jG)(Nu^kd{puzxhjeSy_ee0`ssq2CaK zk|V0B2~ssIrn_JVf1RCibeUT?0K6G78igkflC$!S!L1gw4BnsD1>4(RcQOPj+Fre!ETY#1%ehJrG>`ON^@1?Py z-UZDx*xDOt^^Fhs#z&ypV7IE^wqQK z@Smb`MMqzKGd@(n9?m5c(Zq&Qp;aCBlMR-s?Umqq3shZ zZ};K(=P?6Z@4h0$6Rr1E#!u`mvL)a8W{%uk1U9>snu{l1JS&v)mPuE_k<`Mq8!MUdtgy8*~8ZLodQb{nl>xaF-P zhx9iTutQ4mHGv#w-X%opCW+P6sjxK^@QknDngPKt%LF)yeW|l#aP^-($7~>6-*!!N zP^A5a76G2JM44l_q~=s<6l4{1@6$6N2J%bl+j1g1ODBI`X!mP``b%yT6Z5Bk8`!J8d?{G<$C?9;zDVW^K)T&Q3MgWVA1NLH!TZ{c{Ar!3C1I5ieg zN{V~BV-oGM2JIQrD!LK3L^kMBWnBILQr3VELUC?;zy7+3vT=#$0VS&TG#e8vT zmwkKGwNXUY6Y;_ip-D~`Jf@!KTU(%^558;~{k!?J@jbX(p7TGM%vZWgUOM?7ju??3 zvwL=4pA5pQADxL_^(wL|XJ>CRs=-W1y^yVLYnd{h<4rO0C>o3g#?6VGejnebyN@ad zSzHL^>+a)sb3*!n7OOH!zhtoHU%R!vKaXR-q^B!mm2GUY4{RtpH(zM|!&=!llJS=0 zF8-OEv-+th$}Io4zBPRD=cSlswR>?ZCAZnfWDn@~qg2k2ALZ0K^M@#SOMNoi)EVCd zqJL}RvTYLLtCQv}g4ci+L^1HST2hF_TWz2j&VeM#0MsV9DNiXtxZdVDz&&!4LvJ?+ z?&Y~3$KuAvQeY$?#1ux!1l`c$GCea?`@yOJ+Cq}Ga$UqE zEtHSeFhm`KF)S@;u}$g+dWK!T0dr8$@b3P!%Du;_> zw@Ey#o$J&eScaI}Cgw-f6c^Q|$pL2w{Y!qoEHHqqtV8oa>k2KjiIFDc)vH%ll|G-z zf`@Z9psVbvlXluKtVApHNq+|;?tkz5xR3tP9OSqp z*L7akd7jVL^Z9uF_KhP@#B*>6>%kMW!_`%i(~$?n_rIoy?b@2>#R#vT-wbC=`Hmt! z6l6!u#(CeT8#kgsDOOq+A6oiXBQAV(I3E#-%i=O)+siJHOSAi1wS-Aq*_!i@5FS$@ zp=Awr@HT74L8Y9B znHtrFWoQ?TF_e)(C0$6=BcPdg&3n!EJI2t@#^rP~waWRZ_ zXQBKUvx3|}t{w}uwZHfGw`Q&GQ-MODwvnFPOF;YuYANZK9b~|a=Lcj{Zc>^UM27*# zlfF@us9xp=hB#LKII{Kq>KLG)RtGh|FE@JZIVu+cyzibf?+MlnDL}!MByv9#aDuHC zRrGErWCMzQ^qEFmuR{IMW3k_^T!XR~@UzUW(oPsyBf#t)`8^#e`wd&?5#Ad$v4IkA z+0wFldi#!-W*-?jkl07X0CAvp53o!4GoI*R10Dj=i?p%gQzM{1BGjhi>r4t%abN0ta)&FMRQpN z#8XMlt*P5{TmuZVV#;SQl*2(ZwlY7{#n2ED?daqNue1%qI}+bH5qYYfV+b}y5AeE+ z%MHY)cVhey1{?{N(JoR5({%Z+-}%{7Io0L`3Odnnv?BrH{czpdFh0{IKaNljI&%4t z_9Uer#V{eCA_a>D`MDhi_g-dK$+8Ov(6d?xz#+Mm*O2EH0^O~{pDMU!e|<> z@c~jMw>*HlOlc@B169&1OS1HLYZMyw!0dM?ioyZqIjESe;$|?gnVOXPab|JI?_|ek zBS=h4jQ>P-@v8>A_Dk4t8`BDMn56rM2PSStvPpS;|%<{T86YpmI`lP*||7kk2 z$H1ame3n8G57?Boj zB<_;m7G=H?p^zo!9(Xn^P_h?TH4zOdEY%@ORVxyvS$V<+ZjdrX#E~#E6TC?tFk?{S z^T5<^F)g)4FCyJJ5F5EcY00o9Usxi@N=iM8-s+n-z##y=GU?L*2XAmr9=*w>&K7@t z`=gKGxmY}=1$PcigXO1X^J-#U$%KMW=~yoFb7m2`%^$_5FMoZCt{k_qKA7Vq+B7(MQq;(;Lku};IPI%L&)X>N(>jklRHkEMn5m zsweMuPChrvx3Wy+G!H%al`WejyCrIL_!2HR#a806F&?QqoEAW&P1~f(d!hV3Aitl| z_-+t0KKQ*>rs`%E@z+&H>)f~ROLQ^K=W%%#CTuc~PL=4+4zjhb@2F2tJq>a`V{*=a zdXACp;|6O<%up0hTg{uJSi>47<8pg-z=&X=BX^LUBnc`3v{zTaGe@Hn@*<+2ylS$A(ANDV=V> zp8>~Z#|Tf~eA zH_&m$LM^Ip?IhniaB#HxXH7Ew!9b(OWmHPRAc4DErjdYMJ43ND+SGKpZg3`awk)>B zNM07FwGQIRNxzy53rbJMP{vszEFUN+l`IzwFfjF4xKo{LN|pj5RcLp`4`M)6Ic#Cz zoF$6-TO8@NmZ_w;yTxFm8`BM44Xrhd?SYeuLo1MyWAK6)utCh?!fQ^Xj%k7Vdy#=R zq*q3T-Hd?Fm4Z|rYM1{dSi+H`?0jm2LA8LY)x6snXE3~AE>oQh#s!9nb&oWxLzQ{1 z27bYAOG02!gp3%O5)T{hZO|gfSs590U;n1w9vOh2#Xa#&C`8J6to6XmhAqDG-Cf-( zm>6C_4L8q6Dlyv&6>B2XOBBr5L`r_$5gg!DT(hL^M}aICAz=5oFw55g-^VSdnk38A zh8A-~R)S6UR94?BxMODDl86-N#C>?Ib`|pu^*#=Az?JkJd952ERJV?+MT+nwp3p!Fh2(k`t2P>|u(wV$#N^XgkU24Lm+F zLdeHqvXsv#GZhwG@msetQL>S<)Y3G+Zn(=cF-)oR)m9wj7EVPQ$B2@&+6mY`!N-T! z-}TvsZ7|*W7v?Nv@ULm{nAbBrMP%ipov{m`R|1d(tNx>`8;G@X=~yy8J|4yUgzs`a zqOobr2JnPwe3jM>KLQ-fx)rZ`2DysZ>&jr8012uDSOn#0ilPkd+P(~Q#NIiMRxbf= z7#&GZkkOEEM`{9B%$W)Iz_%yc_Z)OIG`!z-=?WNb(%68Q_9IC-_Hu(LyeSah8@_yq z1Xh4UVS9iKx@Ne3%x*&%xkR#x`f-W6rT&qYviA+4v&SE&*HmL%na*SLu+g)2^LqiU zd@PxkSzK>fU%CKKYw!!t$wRLepHlJ|OoY?3<*FUC><&~`d@1SI6k!oY6-PLA?3+bQ%@otOik#n_>uqyIfnjF@ zu|KrfRX?iQwrr|3?eS@61$~DQ? z3DG@lUXe7+FL@!Xp)RUVbRG0mr8?w^;i;)ey&W3mxlK%{;wjK--UPjDh9qAM7L3Ux z?!C9Gy1&mulGGk7m6Z}Lsss{0yXwnV_=r2pP?~h8dV{Nq`8`x zut1h7enNHz>Y%HX>RMVLlsdNKQtk$OM0UgnW^MFO=%K-U^6(({x?k;sE9W6|D6znr z%@riI6(k2d+7JrO?sxn+Skhid`k0Ne~CkNa1AOR^Cgf$ zjD|SF{-cp-Urq}7GLSuhUWMlq$eMwodqb!@@&jKAsD|=7;G=W;cQkCKOtc9pBB-67 zdl>E`#J!U7S>fFl(BLYbS4~`VnW*ickJrn1_7Jn-3!5t7hXTcc*LfG#_*~jy;_Od@ zt5$+%Wn%Nvi+D*G-3E3u!4ha@xAD@^1Atlv=u9-p&`%6Q4S~uI!u318RyT}Z0OG%1 zfo=D7KiVrv)BdTZeIRr!C16W=Q(F1}z^3#YiQ52}mc0$4zY)XfZdVK}C)oqZkIMk+ zh90topFzyq!u>eF!)D@sq-M$so@n2|)x`vg69F?sZGWASw@!EOH({G{`*4Q*#j}7j z7IVDCSOGiZkW~!57K@*z_kOQ3|LG+F&VQq7H!}c>f(0B(;5VZcjzF?Vgsc49={L=) zOLC-%z~3YjyI1exNbP3u2g=tknq+w5(|OOM<)y#H8A=JMJ2ZVWdhpP?6W!O%WoHnfDQ2ua)st zUQIwQHVaL$i^`94WX%uVb5iR|Z~ow3tj@@d+;tlN4r3vk_4#H`qa zB(_N18Qfj=b>}p0iTRPH_-R%}P0MUVS{iRE6miy?ZN90KKVoF42Rfm)I)(Mutd~ev zCdd|~8|s`QAT{&~PNJ^BuoW@pf+{?Ro)1np5GP2)M(YCNd!78%0&BZxKUvUJU*c=U zNYOFX7!nB9;R$ctk~OCB`3CXwlfRj1Fw08S6++TY+LE8-zrIuG#|>YqQYc$$aUf6E z7DR|b;#Ho;?j6{_!rf)u5TEoHF<;6kBNZHEF#Rl4PEE`efPS8d6PW6%eYUnB>@oRN z=GI&9cuY&1pfQ(OMthXO?)d%0_2 zp5zqId1UMYMK2dX?12D#H3RAUa}Imt=c=l8(X1l_w`BdIT3TCcZ#Lip>7Mo8_D!eo zPLMJPGLL_REen63y~b&f%e2003(rsl@6Sxz$jhwB43G|f*7uR1w(IKQ7jz21=?0m^ zzf`#MK^gx!&ljV`NRPEA8h}UeB~Rh9j&-p$o8dtp;#g5-Nd;zey`()=KRJ$9;_gn8 zxSh$nJr-OU8jGeD-@87l9t&u$&-z&PO^l>suRpO`mvOv|WV$rr?@^pIR>yzkpHc1k zjz7Z#+Pzfv3a!q7i?Is)E`S4`K7>MWrz*v26s_3$ji`-H5lUq)$d|4%e7vqJcR#Fd zPL=f|$lHuTIjkc^#W;VCf}j3MzTHE9FokFg9j;HpUN5qDs1?>f*;_`2_6p%^vZN)L zQjenY&1`y5%euFv#f^G&14lQ_Vg9k8`VD_!Ee>DpFD8HDYLoV67$94njVoSOl2u6O zcNV(_zF#F+{l!KE8kk=av@8xF9gb=y znbKI^Oku*3mCxV4Pme#ufzoB70Z{o1vxA#EA0<3g(| z0^kp=13KXRF_Y0k^oLO;4Uh~fLFw}0_6k7^uPi)eYPRc)!jISVSFcr&_^)$wmoSLd z_iO2-NDXk=JP7*2Z;%_{^Q2p#Em6>lh#PE)*3Mlu>7)V56&6_YQ~@4!rFRD` zFVY{{eM}J6gcfoIS&uxl1;8KH-CGD?*^X6jlD=x+@(#U+O!w~M|Ktm!`}+7Cjz_+3 zkI%*9Pe_jyE8GSeT6NKg4*wEvt|{_Uhq zBIQta=T1GL@3(|H{ng=;T|Kqsk`M)@w!B)Dg>}`e3}b~wYhcA5k0>AnXs7pW<5}E} z>VJ}#!dHzR&#OY}6B?2hj3Im}YRb7sLyw?^4MYBd7x))G=^?8o#38=9;%N8@t~%%6 znm$#$UJ2-A|C6D;*{sMuqAkT#x$kFT;LnSZBL~J-q@WImf=|j3Ph#=<{|xaCwlF~_ zwe+hitmkkRITTJtT#zk=bQr%b_?;id4=ofBP&N2yMZ_cUn3l@s_wLs_;B6kCy_Ekh z$c`NJYwSw|+#&|Py=b}iy46(3ed+=Dd{szR8f0R`;_@9Di$$eFG03p8T>Hr%mkBL_ zJez@f-OuBNTY^(q+4Wwd#8r=huZwb+qSmqqmr)f-8)xPXgGhXNE0<%{_So{$W}OO& zkcBY8>Jt)Gu2##dbQxCb1|?m(_H*odR-i;QEXBKrCt8?;s{R!LIuGuVG^AvV6g-cJ zR<}@XNFZb=Deo$E?@{z(U8tdOn7Hx7s%c-)Zk{3QqYoLL_<`~^TYHz!AH zfI^o@0H_gSfvpY&QeV43W^VZ{J-4T=cj0MJ*LVJ`<6xR>?{PH*DT?0DJfh%f$5;aa z>-riCQ5iQN$qXqtHbDVk&KB7c*&{#}UEBlA<1~otf)K+ulRfI&GAP9lYkO0eVUDys z)XtS2who|Z^l)IT760OJFCo=`ssI2KFMjnOlifQu zm(#z~h<|ic=s+bC$5BCu%*;a@Bwcj$vzn=m%_~Cva>rFnmbq-LvQG9R&6JOQV|jcb zlZEZ*i7eHIv0}cE(LyHL-bvCH{r6Hwc-*&3N3lOj{nM|K)(zf1ppk4FYn~&buO2E; zN}=aH+qaHI$7Ux^opd!L#hU}QYa=e0Y^M{INf-II|x7FTeYg62W;LgxNM#Y|fL z_0v3;jJ0H!+S?7}&+vI6Tn4%56UEW4E-;JFJsg3aW-+8oZA(KHhs^^?3EM=rj0Gh; zrW=|B^S=3#hr1yElK*O`9UR*T%D#b;B^war#rCtGObsxg{Q5E%FNwHLI(=seTyL!I z{rT$_!rwp;gfhkf<8{lYN_-vk;c^UfgZ;aW<&o{_!;~2pmdf5Jo?Pk-J3Kw@X-)ms zDLlVsENQ!H7+7RMd{$mW)&6nqeo<8dX*-(jh^r0lUsv6 zyZ3cPl2_#Wrak6JX9(@S_@6OpgxS@6cI%4fo)sJ)b%tziZTUoQiUw*Dm-%QZ>QGai z!0H)o^yex*f1KY8z74(mchSWcK9gi!UdRmz%3bIq8(+h7=e5%lhrnD+J<+Wjn>3C9 z`{yG{1NvZ0At?NlLy{cyCxhCeGJ~8&rbP2&Zfnzx;uH?UqK$@YP4zhnVV56Qi;vUD zzWF}(wT)Ct@mC)<@!Cf%Ror5gQg9byNM~P$1YqqK}^7$)n)LmRo;k|i#8>VLz1qlE6Ayi%*qVPt@od}yhf+yI)6jq zOm@4IIuEp2?Pi};Zdg*cHscTYkPvqEepxFYmXMu^;iWG1^DA|Gnh)m7QSq}jGKOB ziLMWS?P2!DD3$;yu3b;ciKkLIz4ZYGJP_B@s|3$6#OT)2&4wqifuomOif4j5S>}Eh39>R<}5Pi0u3yQE(%EZx4WrUE&|ur_yqPp{_C&NK*itGb17u)0@V9M z2BoG|5JO)7RSLzsz@VH>d-rt3>-V2nfhq3PK^~FqBWm3XhtRjRf3?77`9%GX64qDb z@Z^Lz>#JG9%c<2+N>yv}MThPwt0_Zsi>h8;xL~0hKlayt;L!1Yr`g@V&^7hXoujvl zJSg$3J8FXZ?qqrRCv%nikYFC%w#w8+iS~8%k=;}_CK-KI^=SCE*6?39d_d=Etqb;w zkK%3=6XdG9cHDgxz7_eAKAX6Gwp5<)(t^_JjKn8CB1f1m;W#+W5OHn|Jg1uO7}ho# zAxTky+OV>NELjNY2`b4`>FdmjrOb2qu1jtuS!b4pa9bMOF;6t=RJuBvgQ3VPW88F7 zkWt%E5jdkEQb%`^OoRll8Ozr2y|{Dal0X`a2`pI6l*Ba2nCe!*d^S4F!Wh4 zlXWAm^Jf;q(dKtlzIaZU8u=Bz1lf`*Z8rcu`>}a1OEt!Cb-czPPrC$ymMvjqF=Q&8 z1**?4J~9sp`-Zl$Io4<#`qfw46ncgZX-U??$S2s=ySazBCt!UOJDm~08nwr$76GI+ z1c)b$armZ1W8749XSA?q@W|`#lm2w)N~7r$Exp5Kj4iOz(x-dvfI_EbvJsJqw_?5# z@TBAd)Paq!+SeP4?B0N1mhL#MI@$xpPBMT`uri{3**i}c_!BImvCY_cHSW^c)oXig z{9d#Z>o}B&3G|>&gz_pj?pqw7K~ok=^xI<=1z+P>5L2w(*qVby#N&+ald5h^eNvyk77Pa7O z$~hA}Li&#BuJUasU-Lsyl7XXttDM%j*tetPg?I+G<+KiM-!Ake7bKp-Obh>z^YcK; z@5%>2@hkRrB$;~5#8GWDaK;dwix*vqB9y?gU0y(#LnJuUIz4Lwf=c{$>8_qi@3$yQj`w_3f_!bpqAfv z^?!^AeecilXOQRZ-vBm&tQE)6hC2=L<)hFR`RBVS{9XB9$=d}!OjF`=qtUfwk6h4X z33?@vX2?~CX;|QQU}BULO_#(aU(nAhKvGn?<@dF_D|X^Oniyka)0Z+51~bcK#rJpW z$pj4GR^32qgghdaqOJ0OH=mUap}h*@YTOK1VsA2=lUanq^*<0?0w}R%Y^drd z`+G+y^`!V-c=H61EC*Kv3fvl}1bn)Yjs2gkfQ?t2FFQomiOU2oHR_Ngc2xIECPNjbOjlf-=Ub1BhtNZ0Y~$#B{7FEo5q15E_{5V_BMZMRAD zR+`Oo2Jku$Z!xfcRp}iZ5$ogIi^1+HXawA3WWdR9!Ac5Q;OQT&vx3ln3Nt800>9#T zn}*5fKE|CvS#jllUhsEKVdk=wRgkoneDN*e!?|ZIDz4)lX)DAy0uttjI-01k)(~k8 zhvh98b8ZivcYY*bytH`&bwdE5zax( z1WPN037(Ri5b;w+&t%U#dyJI^=UI=65anp!l?tctOlYJ8h98O219P~}nGF+={4bg0 z#9MCZsu;M94G`1qXSE5=0HT7B;)C~L^2JE1I$vsbuGag)Q#@Vo4vt&Mj90rSJM#w9 zb#xb1Lz7ODG+s!Leogt2-BLq6`icTc^B=td>Uyk;HVaY3xVEgmp!hbMMFL$vfyE)G6b zrrFIFlc{{6I#YmsZt1!tFSRnDfHHsrw-Wee=VVe0XSwFOq}w`9uc&d2(CU z!Dij&Q@eV8E~>J-FICTMuo_k@UPGcf8|&y(`z=S0=-qY2Q-jQcQmx1@!1Zg2M*S{S z#ijqC$E6;{GK=3eT9Pv#LO2Th@*tj?C+d6|+Rc78iiTxIKL}2FeA^J-cWuSWfV^DR z>wvc{pm&H9pGu~D63qQ_RB)18bb$yPJ~i62!boL4L^Sg9i5#tNwuut_K}?vQQCni zy?~?w!lLa6*y-s8M^&-f=cq#UhlI(DUVla=NQw?KrlJsG>>?f{2XCKH79gW!hS63! zjBLyD=)4V=!aZ4=4yk6{%Cxi5P}82sHW#vz|A$Lr9;Zt2X&0IoB#~PQ;5v`N|i{ zAB+1t=AAu2x|{YG4}Goo$n*`4%;Bt%pGwmHqmG_=pArSvGI)`}lNV5Ot|;sDG82Xi z*Y#s^`GQ<;Av%B=g$-J`Jl4DM`h3TGz?bU_AYlXmJNz-W;_BeupU&nY4JxDLNrSduJKFDA%e)<@C0~)yLDPDLEV8rYSEf zFOYx&B)NDy3^wQ$8HWKj*wbO_{+f25Ix zRJ^9vZb=jmJ_QYiNYw{uDT#adde(T=Bkr5ppAuI;0Ha?t(AFt$IqGzGCf$Dr%Nv{9 zWRl}274fs8KA0Ul<3HPdg<(m<-HM-15fbc96e3J*W_I19&KqWtB4NSy^4`@)kFm+y zW~6tJ)2ZLuq97~oAU&0&VOgBNgkrevw_d-xhkccVLnHd5ePf=}AGIIhn@KhwR&aYI_Zk8a(!+5JP^Z;~-1B&q)$e|! z<@wG#m|K{$S72j4^`X?qr&b%_>3btsC{KOf+r`)0plv-9*FTQ4zEuA1-Je_&GI;)6 zb5+J*uZVk73AvEK4}{t;Jn$fygG*~z61DG6ZuJJlzy7TCkKWl2CdQxm(8H>I70 zm)wTg&?CIN+pi6s`od&XU2|TczDd+R9_nH}+%zgH4zXRibm5>Ku%AFtxsDE|Xj$rH zd+dc6LsZ(VnB7VM02_+RjA(H>h;#7xJf&w$6m?mF8>0_}8AF%*>sWqtS*f`Ey@o9W z*WS>oz*3scB0#JMHiHitoUq5#f!xO zAIga#U-UUF;QfkP-m9owriIo*^>i;Xx%qM`<96I z{c@u9k)(pxtr2`0llLv#PU9qs6l9@*58Q_$1^Lh&hpP4`K}UxNE|WE7l8HVN1g$}t zNdF+80wX~^T`hr+s{;g+0AaRB0jmzl>my-C-G#wrcN$PS=8N}y;`6G{ z)+CwosVD;~!dGxy5e5Hl%|i&AdXKe|(ue{jO(#8`r!>mZv}sI9OQezkW*v&)xXA{s zL=GgT+!IU*#~QIeUX)XQiq}P;?KG2DGCFDTAHgG832ShlbU6qG_6NkpEU&4P>i_*35(BhfQ->R4)RYkM)oE`X74gCNxdi$ebWa93HARzJM~2e z=99llTmYeY)X)XP>uj21j`w2X&A-SkjhX2L`m-(_9g40Xvy&kKh)GwuU5lvYII?`1 zy^#v`O!<9ODYUex=o_Qz>SJNq4e5bK(tq-go|did{j+zfR~lu}%df(SJE@pqq3wQ) z&O>fTE^}vUy>4F zd)JdJ=Ac=_t{kr$)?}^o8Ehci3hsURug+lLwl%qb#^KAnx5fTe-bJCM6f~(-rb;U# zB@uESR!u=dIf3$v9>H2C>E3Xfbdda~Yng8=UJ}=29p+cQGh8vVeCyLEbIfqJ)k^L~ zQni#4z!!Z2RJ{K@udcI+@!v##*+>OHa7#CaX>4B+xhqFQ_f`6h_C}Lz6 zpG#>5EMoa-1Y1|k>QaKbPgU^1ZDCT^l8J|v{7xw<+zB>fLJtn40&7U}B#(-YV8~1% zM3~o&Fj1+*A+DZx2kQIB7}V9`(yan|6r~ueFmRNKUF`|H)%!^@n+MjX<^ZnGjgl0G zK3Ej)Aq#CDjxWU}JfDk6=OWLq3Y}hlFNh13wPC}*|BpNG*~bee{a+g$c7ISU2*){> zNtYgNgTdrdS?`9s&?n#=m5{HH8x+U<>x9k~Kd>`2F+Rhf9 z6qVpHKA$cb772ikX0KJt8!9Mcgo~~)DqR$3fPo+4cc#AmYGkQKVEo%$H+haqp%vv< z*sr?C;62q_Cw&Fu*JcW@0=;5uj3zEE?TJdd_9J9`vDk^>&=nS9a=G#;^f-)lVPmlO zRHw(mZ&0=CroW6Y0u;PxGGRGk61tchbWRyYq{(Jn`ibjZ`I3vg?~odRqINvcGA}pU zdTa5fwO!!#38SoHLWEF?a z=RRW1xQC-+7N~%Squ=lgHg9UPp&nUFMuLR6e|UB_+Qi>=y*RQCy$b| z-tpVdL-YnKh-&ZXYC+{%6jC1=%2T-&g+C zd}BYAEY5$NT+_T)vqkKj+J4Db=tqrkNsZ5V%@2@_r9E!D7ElZx zqyByXHt3fW!Y;YFeT)D46^Yn7+CRM>CG$%PzyD0}W@=jZcegAG_eQ`2DQ=Ab zS@3%3gOL)aC>`2!o zxl9#>yZyS?gL1Bbyz_8h$D^rM=>qpqm(DxVR8RHoSTD`XxapU59_h3Vynhl6FeOOH?HSfo|`+XUS?i8A}M10Oj%#RX9N4L53#ycFkV2FDR#O^e*>=HHxZ=_Oj(9-6FHeqJ_GWyZ+b+DyIkhs+bLpZJi25yeO!9(ZOJ0m6#HbIx}lE)8G zG4816Hk4@Ud5ue$TL)5+Zjx$Dh(8a!;rW8;{g16O>uZZ5bWuLikfE&zM1Ro0h>Q2f z24z@@d82~=P)7KQL-74i`IGa3S|LXe%%39t1_QJB?(Fp;E0x4uv~@_XlB5B; zSG;*29P0f6dG-@2=3Nq32@~uu!C+Sa>=xJa?KJ1deC^p?@4PkifBeR8?0$!Bbh|uf z!&ioF*btlcsx+N1*apoRhea0H+qWsryqiKk^C)fiA4`ZAD8l7LFo_!Ec?~2zTD2is zd@Xvd)s;_jo&m_GD`od=lTa^{ReH_ySlfgRh@XJ8Zk7IeIhx51FXtU&FDnO59@^4Zm|Y>R;ISqhyz zx{I)W<5CWoU#W^Jwf^@QWq%_M=?%XmJ8 z+P9jOtl!#{+QCkYhwXs7$r0Ps;&s*xbE0{`P)JXotEXxFM7LOj#kD-0kz^&f$*Qy- zP!F7CNQ)Vv_un1J!nXwMgj`|V7^(5{FI0N}=*Z=OH*1(&?M2=XkA`iGsHx^iK$e<8 z)EJAQiIM$kc;EmaSdZ!W`sgwrHtQEu2RG>H8*T)KujHgCO)rH%%_>MrX+&NBXZU{A zWERO&prZOwF$@znChENEj6m<<&qco!{4p3ZrE7V%fMdT`i;^NY2rRS2M`HG$y#yax(W4oV|X;aYV)0;wL?a6W? zDoLIgkIRXA0?|IX#6Wy3gqKwD6Nl!`c-yIwMcp6_Bb?Gj@b7=Wq3y){Fmz&YX zcD)??_}`ajAg#b=87DUVZ8(0zCpD@lv>d=;L;n+8;L^JMP~B7!>wG>OO-H8J^=SPCTN(B9u+zd4gY99n(C@`laxUI^lLz;-GzOV&)mAm#((3qsw2=2^KW1)dzx=;r1b{=`%wyhc z`)B0;`^C+3|L;ROj{o@SlcazD$$$R;@ND`&lFchAn9sekz2@A}v4bBg~z`;PyQ z7vgfl+N{?93|{*&83uo+mOsU0XmiL`I_uY1z#)r)>#DuCNEoPM)PNMXAA`gyorms8 z9z)aiHgJVNK%1ABH_(;t*_0uW+*W@6JRd+>96MG3YiqIhd{^y1C#Hk@e+R6N*o*4`i7QfK|?MeVhwINQ^X}^&1-|$V3I%ZJ#;(q~c zkI(=6SZalDB>yKn7B~v@WIz?zy)Tu$ge|N0JNETB59K-oXdo9n8U=JpQ3jrV!D|(p zKx)nqz>-#mP$48U=k%ZLU1djg|7v#dW_ObVs7KqM`S(3CCvyz_I!5aqpZRCY{CO#V zg-_6({w{1`3~1J6921VYP``ht6yFU0`-Zz|V+O$G7ykUr0(cksKqy8)_YLjzS-R!2 zz7C)%<0{}S@J~u$*6*?*}v=#%nMpPjN#$o=D_)vBX278 zq|*w4c7ZSenFs?o8!q^xSKyUNGoVT6)<|!%kSA?zX@Cs01K6G0%(HC0Lr3S`)Z1bY zEfZFl9U%;%PtI5u+I)x;{}p_zN{G8eBW#K99NjY&Ax?jx(84fW!)Wr!a?yiMA8f;R+*Ve5Y9!=;#90biOkA-&>szB{`XR|47!+Rx^D2?SjDavv*BR z4EO(#P|icGkE|}M2!@eL&QavtLRh{&ukD5U%l5B47{2F%u$|- z7U;l+@rE)LSAWia{?;b(EttTEjac_%YS%O4xuoCF+E-UrF!vonJE%JwZ$tuDu~{rN z$L+Sn>^n}GquqW2(XPTmc&!THAKhdk0nK3mD!VDbHLtXA?0C<#GN@U1|H~sufaGPV z7`MAkmWsmH=!EZ~e#}vy=>L}IV&N{CYZ*p_RBl2kaeT`SMv?iSi-EaT|H-XWq+-G4 z)Eal>-l7!zL}2T{xycC}J!yR+4`6Ku3e&y0^U$%ElNliI1D!rM&Aoepn{mEceU;eT z#04pWK8Y8&T0+TnH$3>puySPVU{v#R?}$UmQn5TOrOb@OpU)}a)Al%8RF5eHrH+-j zUyz72-W@p^T>_8`FC$ew>}j?Bz^GT=m$QrXS=0x%H`n*;I;0!4tyxybkJ3>Tx-Ylf zXX%b&40+GLTY4U;eOXv4GjT{+UK}Ee_UTIXAzSTE1$8fT4m4d6zwL7F_J_;2-l>7` zPYJ#E>XNmx<2DaBtYvhC5ygF8=Jx+0SJybfF?VulP(vJclh$K4Q)d?R4N@1 zy*_Z=5q`0n&l~Z&R5m;+yfNH=W^_}?)V|pfc-IZ3Db6LLo%88v!HC#pi%;ne4+;2& zPl<`F0C7N=WD9%>a(*k;k8 zA3EIRd)qE1*Rd$ri}kzqF{D6t)w$mRAIt7b*={5M8U1iTvfuFK#I3FMSG(8Utr%JC zPGq9eUu;R11Wm66tDHWs|NAKY@#|kk-7J4I!X!jkMSi_z6g-?=x=+&EBtqW;2#ZYh zS)LXO6hgYHl{+M66c`kgWi=sTTJ6i<)ZAR=)qHli(1Ly_l%_S@3$*V%!6Iz=*-2O- z>Q-apkIkKc-Sr`hKav^C{ku-cq^UEfUjl7iod)WE{s5XnNxuSmAK$J>83bBOv^WB7 zqJx@f#Iq+!x<**Z_;*2pZ{^^?bH{Fr^eyJ|rI^bKySp%< zGQ9yW+(SLREo#optJ}<>paABJ2%YnNR>xO|5;89#*}6S5KVzH7YV6(cMWPX1-!Yi> z>rct&-|3pK0+%AQjB{ zQIP>a+X&@y?gir#!}G?*;?I9k@^sQ)zI^$HEFp3G2Q{~@?y2F^3-20&53T~V=(iB! zYGlau?2wJgC%elyjzke_#X3LvSN*>lA3W-cE-<)fH`~T&{(dnlGqV)j%~E7qW_fyE zRlT|2m!EPJ#o-Y^+DLtBU%%LwJ_~e8bDGQ!&wuds`h{$srvaBaNoxw%oC7Gglyr*% zyo9XEPwy=BDyXS_zEPqUn|a>=SsCz5Y4sVi(aT@YLN1grozn%SPQP6|^&#w2mIg+^ zn+N!2W@F`x>6g`sCD}XXFP>)yU^;WN_AR6x!|UwyGp2(g*U0%lCFzB-4T?J;I?ZYh z-3(}j;}i0bam-h*5q8<*h3I=|kCyE%Qm^OkGf~ByXY{o@i!B|Oay)ad(BneS^T>x> zXFlkT7v%fb9c0~=C>p~mYW>+x*lw*m)52cT`eVizIj=*0^@Ow=vGI^L)ifq}<0w6| z<-zw0E-!nY{uEeBOM9>PDi>gQ{?E8E_ASwK|L~)%=tDJL79sz#y@%<6#GkW}VYNqg z{nU0Qo(CRlrla812*aEy^1>81f--m#Ey3KUl z9{GkM;?NT(#Qdi`&#C6iGqzDwT0n+<_|^MB+GJAF`H9cGB4BBpzGL;Y0b1DcR3Bir zn3|ja1uTzV3d-1P@d;LMRd5(gsIMt(Dotx+QV0KYDH#s z#;0omRU#_V1kYAbl};UcHzEF0X4l?L0P>QXR18lHTSUA zm8}vF5;(hF23@$_n<~o@y(f5LHFN8sA{(1;`e?NlR^=Msi_2J*hYvYN{|qZX*KF9D zQvSW86%Y|&qniy>K4sA5_w$;8Q&v{lX?TKk{W-S4H|?(G!KBKoQIYvSzyRy<{yg*O z*EJ(l3E=kTsSe=d%URCz7-y2plVF*^k33GGx@YqdJ|_jHBQ zWChAGv|%{U3oWhrTg*ebZlr^q`EMdq@Ow37>TL6rqupy7--QZTp4xPevj=X^HDUx! zh9Aw+pE)ywoB$6O8?feR#3xW(7XNxH*f;S=y}Sw76K|8k_EXyA#aPU!%k*ccOTR(@ z7<@ZGwwa!v=VdDBc&@rL3In_TNM^kpPxsx)`u-{uNMhOEE(RSxIq;FcE_;<^7VYWT zUilpUMbS`ADpRq!wTdohL4P+!UUGT$^)-U3CN-=1&X%0iRsU1_Gmq?qR+05P+`jkZ zfA>myGqsr}p~xhD4dIZtXLN2qn^9H?^nRrn^C;kz&1KY|>&?Mzwm(o?!YR)8^1(8K z$~FmJOGn`=vf;Z|Jp+8-eacf$;O+W4b#BrcdyVKK)>PWOLJGQJ;NxREx%YUX6cQO@ zX6$>pzK_s&cwTlO^KCsy%;}@`HI}B%$7Hw#RUNIhqqjx}^E36Jm321`U zptc-5U0*m~EQ+Vk*=GOU@?a(l_2nWm@3h8jdrb4b*X-tIMxN8mkLu2oXa3BrK(y@3 z7d38vagggy5K*qHc7M(=i)V1S?ADMT(nKK<=FvhAuh$12&hT;W9Dd-gOLJ7~m(56^ z33n&5E?(++<+Sf!d2xTChvQG`V~*94l6Xq#m*+DNk{b7n!97}-+ReXlepiNnQ{qu4zvy4Gf35XKNa>XW@z?qw@n==+%||xdC*x-ux*pg zj))3ZPmDCU@Es0FS?8u2mN!I5M)ntKeYY~tJ<2O0++CVgoviUvI$fH0Ur&G60ASpT z+~7$5{L-(7Be|-$Sg-m8+W|aa_W@EP9yaKU+uXp()WUB+=5&Y$^_QOTo>Qy;d$MPd zQBu+?>;GcvEyJqp+Adt_lw5QQ(%s$N-AGDFceiv&ceCi0ZlolnrCYkY7P0T={f=Yr z{ofyo+;h%rTw|Q0*9N6OVnNFVb8Os@xl4^ z4Z0_&I(vS|fvI5ch`$w>M->=O9m;Getye|8gM;le7)(9xqb)luoNkW&ElFry*A3tI zoKL4=4=dQLM+0PMRVL_ZBOB54hpWk9~nP|*lN1aQOOgyT}%%X z2Z*U1VY#VH1uxXZ@y4>0Qttt` zbP#}C8TD`0KvPJS!H4AGA0C^it%l&+nup(Pd?LVgGp@~{(ylec@qANd0)Ax@BgR&Q z{hz-B$$poh8@vKSyL^^1=J>lsQoFj8M6rjg)t2j(asYI=)Z|QAYt&7T{_LV$2t(P#`T^aHg;N|cJ$wd76 zfTpMEzS4jYl=RXTC8vjT5=)dFe!=DWI)t)+BUf+! zy@os}J0einNIJ4I55sptkOmnxk|&;2-L1*YCbR(IuIPP%(^?=2n#j>LEsw?Zg+3~p zF=tHRzSx5*?G1Z#W%|ZMmdeQFS?By%<973q@4`SjjhCZUZ{?0q-v_NT&+Y5D8{Ku` zSB?vgv_$Bf{lY~Ma>m23OuKPocSl%go|{Q!w6^(y$=w*2x?cF^^WX3Wd~#^K_YCNf z-Ous~_rv{Kz9nqBmZBrN9c0QQhG`9ld?B5Xk01tZ)b)<#Pre>^+O9{-;y?HQfH&Wy z_JsAwgp$3EP8gD|OW@$bA&-LCb$WkCF7ab|Z;?HXB23j*#WQXtgz=BSr-TO*UQNF> z74>2SG&#d90wkVt=L=D1Zci(0ep*^j7np|hJ$G4JT0i_t_%_wugV%Lt`7vcHCWN#C z44=lvo9(h74V4qv$~|>i;G4z{s3Au#4h03an|Lf3*vVW!M^v3&JAYVry@9C4$|CWb zO&|jzI5N%RE1_rRCC=#Hu%;L535apgQhz902$wh`eN7bcNXQm=wBNt|?^*Df+Vw7`AY-}S<7D-;n zF&*p0aVo=(Sw1~xn~|$jx6j=mJGE5iQGQy*dk~cVL4^EBeC`hWo<>;c@!!gS?Fk9x z#G*W=w8j24`U}4kIcNZ-iz)o(`Wg#w6P1<4!mVgS1}ZLbT}PiRau4LwjC=q z@$s_s3o2!2vGx)GPOaKhCDm!5QRtV0bqwtd zc0TOuL3r=;*@w&Jp#opVnu|iy(ompy!upu+~ z#YV?~7r_BerSLnqvD57q;l>}n%BR@#0hH)#V_*;-$4Ki=-`=fY%2==Csy;BEa z{BZgc#SA(e9JbGTy=k}C#Vpm?a-I;GAjYUWARUzB5=%ZD=jP;0mwB?Vy;8>o_5uIX z+b0llQVMtLJlYK3x0m*%dIu(GXmy>Rnfn)y4S{T~!(_bPzvz~ulGwA)&M%xNI1r1E zGfj1K1!Zmge?6Ga9CnW2$&kUCy1jNiR=M|s5Ke88KYo;|U!!pTHvO2*V=o@F|7Wm8 zVs$zSo2CgqpUO%=`}+P~8hB*Y+a0MV5`X&_{;^!A6|MCBEnD9N&#|)_$X`>e9tXcd zdRGfZVuzPge)ddYxLvqxhwz>Y@V?}l7=yinwV4b|CQp~0N4)so=DdR@5kRh@BOd(2 zf#-%2)`b7f9Ep@Nk*)}Fb8jOay3OCHHf;FvXxt|Y2g7fT7MXL0{OmTmv_u-U@!LsQoQ|@Rw=!Mb+f6CYuL4M}gyKeYtM6=g03u#^|QpH&Dov_n;xK zXaC!^R|>uU`*CKtf^jr5x78~{K+ZDZWJtz-zh$Ow^tbwa69T8!=7ibxe);Kqt#$%! z4{cB7X!rLZcP0fvHq+;bRsMMvRGB0Qxy&`dp~8aN)8MBED|{5(zKe9D3LB z-)Ma#&25Asch$iXHBG@7_Lx*Uk(dw zk12Mco2|J6uQWYQBL5IazQptT&EWN@oc~*E*_@#c8y%uY*8~m<#fws}x`Wv77q1&# zK|6m?Z=mpaVt>7alKoJ&|Hzsa_5I)Q0ODi+hdF*6X|X@P7t1b1A@*`j+s_5D79>z) ztj_C{nrkE<4n%!ei(z8aEtlA887G^#!otkTHLFx>D8#MGQ}Sbq(r>YsAaWmk92GbB zS-UPEg%3=r5q3~e_%EW)+%2>w^hUirDQcQ}qxo$2si{9l_K`lCl$~0YqES zhX~VCSvFzk_7a;=Z&x(eY`Ir{+TZ?&5G)Z9|M+mI*6g1ep9*<6!&@xs_IXgAE<%Ru zN+9GD|4MwmQ5+GO>h-{kp+Wr~4Md)(+cwnlh=vo0BG4~3W44c8L~G78;2Qcv5vY6u zradMLpN?n23?0kMQTTBH+AZoxt*|7lLTu3l7}fC(;P<>Kz`?no@-A}-x1nb@wLTo9 zVM#r&rv)6Kv6-~q@SQ&N4rXsz-t*$GqB^@w z_HuiBCT7EKQW4x{jtV{9zX-#id7~CXJue?&S@%*@`$L(EnwpwNw&&?N>~t1m@l<*( zwRUwX@5n(l48J3Futv&JK8RUeQa{b5&GjH&cLA6iird`!l@23lwd4z)3Kicqu?-1g zfxj)|%?*0=P*;^{h9?!smHE2~(8xF;c!%WrhSD#Rup0!4l$C^wAm^rjleW^7r7e<> zNK}$>wkg8HWeOKd*@@^?woZ98km1SpVk*lg@ouzwQEJ$|8EK&NzdE1`1RWj+xza3} zmfP!PSi>(6WffGPsa6viX`J`tkNf?)5^i>uWb1FcxW*5)S`VH4TA|n-(PG=RP5k3m zga%!nGUrCGR}_vdX~CQ0HLrR_?wp$~ouPo3NT(;~4 zHHp#%kwGG51?r+Irn{<8T$qFH0xLgqmmdetj9JqJap3KL8-Y2JTNZ8@g1NXmfkN4Z zMr*tp^{?{s7nJM66l`ze6)2Hjei%0pF031&edAOcsmGoBZJZ2#alQoghO^jrCO)*( zp~#14^5JRLV)T&Gq8`7vY4=~^ykP4m&EfWT)vKrLChSPGpp!H@`~|%RV&{L~a%X@? zl~T%nD`xoX%@gVw0kuQ-gJcYR6QjD#G-`K}ejd4_VaZ;Cfv0x)Vh7C|kIr-Lu2$_D zx4{c0*>szKfuMhdwZpjn9;;|kT*L{*)x*4GpZi}yUU?COnA_~2ey-h(qwPB`yNm)u z$LqK4tiiWW_O2TTtu}g#voBOF#&oSx6|sEP_V{~mR5)>GT2CbN)og?a#tK5vB~K)U zOO`}+#ocPu_EW9s3J`I!JAcO|M+T?F;c;@eYOwiv>)?U^XKf?z2r4`nbxmtxLZ0F# z`$e>~lE#2n{#blr!!;QlcnsTQCIfC@i-i9E=8O8%Y6?@%NjiZbbdNzh+6rqVH+}@J zEv1o`Do=_Q`?9=9+mofuP!#y6RDmk6nS_ve+P;J9z446q#ZBEVuc(Z-T{?}1fB|W? z31HW+PApnHw$?=sk4gxuFn&!zpehfYt_71uXF6j7`9y16D4vEo%=gNR-)a=rzrl|# zzduv92J(9Qg!OZ(M@%n5<~P@?Fg>GR?7e}%B!TO0>Jq6x*p!`qDQ~(*L~#Y}W_L8y z*?eTD?&(HK)!b#eMXkz`36Sk^DW&5K1i?TsLQvQYo#oW0y8({fvnHH zmB`G{$75)fS%aOMExfzC+q&ED?pW*b@e|*J*u2`XZ6#`vT}3cE8le7vY1%4~j2iq; z_yC&7sJtu{ag=BwTo&95Yx^loF+jbX#(8qvAUoDvml}q%{Aa67#6NZHl&&Tw1zz!M z4HCX?*6+oE-B)*7Wwew1Nznl?#c zq~n1w6yMB1NA$8?1-{1!OsZt?Vj8sCO90Iz4OR~h&0GHbJa(%sI6&^Uzpht#IIU)N zuswXZ_zI6jkD}!Ufa+TdX5NK4^!Q4VuN55l{= z|ELq!R}+>i9?>XhW??F+Of0@Q7hREv2r?U9wpMpzW^G$$Jqv@a71|F znfFP{nHiZIu*>Q4N_bge}^sSthqT~m$53rTaD)FQ6ihH<-D*un{w{f+Eg(O4EIy8M{8 zfFm=yfx0A)w`1-Zz=4# zU5jB`Gh2oL!CKuOMNLLksc{uO8BPxA>5eMhhN9nx7k&$R^W|J=rG=U`KJJh5c$X;_ z-vf97=(bZXu<9M(DIs%Vn`wwlf;mntG6VIOKwVcQsp&Rx#=AL0sR~XzXmGk(_&$4m zLn=MLL-?ln>zPkTjr%F?59=^H3AS!3xS9hq!+lrlI<#Q`y596jL-U1)INgQdSN|9y zn#JAL8Fol1N_YK@J67;krMh4)M%zW;cVq@=wlNw)TrhashL}NOUi5R<(OY5Srxn#+ zWFL$K?`!DO+5+E1U{su(<+oUr480+dbyduQwxa3%GwWRc)^8q#; zpE?d1r&KNk8y+7fWi)dhc%$5LDgPul#VbqpmzS7zAw2~XsYs}9imiIhcwOA<`dpAm zcYm;Bpxv*CGXj;qo+NO0zBXwRn{4J3c{i9FdapgsfN()q1lVzq^Ey@Ya6I@;b<`yN zhxJ|HLohNMN~ZlT*Lx)6!5pG@w1FiJ>S7tqWkg#?AB}~2$iKVd#=Sd=^?rxzpDm?h zR3N0-+9#bjT}EfPkR;#P7e_thgNx|887Qq8gLnwl_iN;ZS6UnMD%r#sX|(k3`3Gp) zu9DOor$LjFjuc`3nRXwwKblB$*=9jEGkYg+>Y_v#93nA;adHwDKz%e9%IW^7*5+Wl z)Lios#cRNO9CUl!3f-FgD7yKRqht>PGh&=3e&R5Dof$CzIptP76CsRO*$dVT6YPVB zSeiZMX z!L0+>zPnQbSh@H1T7F7;N|;Ld3wdA(7bZ+Bhm!BTYzgg$QyDrC8f;2_^Lk=KR+8Tv zye)llE~qnu6!-aI;b%Gb-^-_bN`>yBMM^FHM~eCR-_~X80y%*ez!8$ETB!NU-Z^_y z4wxe@z3)*SH+xbcrFH_^Qd9Y~$+l5RRDXMXH#{=wp97xJ@o7Wi<4Htn?{u^9kw2Hk zF2?)b7sw@3Q=qUmtM<5!VohWV(A2UM3XL;To-s5j1w5A+sXf2FLMXhVLr%C_(UG^n zX;MkaeiQ5KU%q}WwQ)aRlbTTYlhrJ#?ck$b^VA+Ccg}9(;@%xjmrN65H3OO`r8!$2 z9W8y~EBsWb+hkqH+oKBaOn(&DbK`n288z_-uxnru{RK0HTSGIML|p*Aba_9*fnSn#j#~zYBPBR$tcXBVHh9Qm-8WKRn+I&p z3Db+^op?vJZ;Upaa(Zcs|Y+)2!4@$nA79 z(0TW_=?ni6UP{U&13+<;x!R$U+~WP>XzdU>l0b%igU=kd*?OU3Mv8*N91DkrR>Xz4 zcLz1p4hBnMcl2b5IM%kEBPQ1RmvgZ^3kJUP;0stbJ$C0Cr7-EKQiU9rTQ{HqlRI^8 z!iDK$z3D7h?loF2zy0FZd3jPM7OjqXj~X|~y}eq0WWc`)(q2H%GDxF?J{Qnr9qGbN zBT(mducZ%^e=a6M2ozw%AXq;7YP(v};6`x~l^<}-AYYZnRFeEx)me@A-;@X#MaN=b z6iKVK5sRj3AObyR|04>nqSuTpS3_WuavKPLv%(w!=mn7ZYF;pPzElXK&1hWfk(g-c zeX}nG^e{U=-`aEqoF#nrW=Nr#|+uY({U#dkJF) zvUr~|Y?K8It8L?}DhVZzF7AZ}wmO81Ae&6=7M5pbhMc{!nB9E!ZEB?pp^z#un zBO53lZ1j|Q`nNM&QUBhMXZA>;ZM|ks@h0en7yYxHC~fRjh6LQ3V5-UFy`rw?BY`@o zn`SjLODup4m44AB5$2sxe=~DHsvG|A`fU;aMIJ$;6E}3EjXlFehY?zm#5#E<`i<*6vnmQ$6MMlhi2I|<+zvmx$e*L`!9QY;9sibXNQxU;o~MIo#x zZx96b@|BmFp$iOw6CKzwA!*)QSGIZ+NoCyuSyV>u6L5bG#YeO7KEb9x%(_5#6N0`+ za55oy2M`aZj=Yjem*Y_~o$!;j*+RTsSunac_Xm@Y_8PiWUcAz?P6`V+H@=6~%`-rE zc?XO64s0vkaB1}Z>i&uTnVwXmAz$$`76Y-sz3L@MBs_DxDJKRKh%ks%vU0m zA3ma;7pd@jV@9f-bg`X9HId=(^?l!f!+{WwtGbbW&pMp^MqCyf;+bE}+Zy=Ma>}i5 z^7X*k%LV3$#L+He1N~LzOl;ex@*;n@G@wb!+k6if`B@t$cy(OH{J6qt>7@~cCgJ?o zab~aCy?h1aky-KE*AEv=8uj7^s?JFiTV4L2Lf{?x`E)$n)}2OX@2|w1q%EY)?q;gm z82yJQQ(akY_6bjg+(Er^`4MF&4I6ZcCL9+vkFNU$OMFIsqhHW6IQ8^GqL7dMY*_TpNN?%6=rMR!A*h7^d=Rg@L>MBxAqO&J)GA^lEY~^~u&^McG-UB}) z`dR+R;$pupq+k7TzFPzjFXMRe$yQrMk(rG_>p8EyPx-gG?KvZIHmh0le8y|-U6n#g zCtXd#w&VWfH5^hR^ptb6AHcUl#H$T5X!mu|@Y+%HvdGT;MOUjO?c70sc9H6pS`9)b zGeqo#D6;4lh?pRc`(vsBj&{awqR)yrGn)P8oGmf8@9_0@cN~_EDGTdYuS=W^x00+>mt#KMQKMU5pa-85>@2u_roR zZRMFE*HTazZyO_$PjRX=!4lILU5`&KAANc^~V_s(cNh}k|_qfSshi|_^gJ!7ymN7Zc=9@Nk;p@O_I1#<}IFN~zLbo4wH&-Jcw~+@_RVP(${3&PicRt}G}> zpg4JK+6)-sT0G%>zF^ZV*S-3=oRU0n*TG;0wnZ(&rWtZX({H)Gzdh1OY-rDG`Z)bu z96OmJmZiT{AleQDHomr7iGXCQz3r3It|cmRcn>jQ>w*w5?Rv|<^t+)vs2nGKyA!yYu0L71O$XD?3MUJkfUgDnvqJ^P6$K3 z9E8RKscg&NUM!fC1i65dl@r8<`oD`Gl$DCp(#U5o66|9@5q{gF{JW4@Pk(M6G?^&-UA zc-11?*X&ux-P9`Wm?L_F?*&%CFI;V3+MnzOlWlS5T!{mSR+Ucie+q8^sfc!+mk|)c zndt~^bVte>0a)}gThFdmQ_;~~-|6v6Tcog`yOkP(5YS0Mi}I^2j(9gUUARwIBlkr( z#kV`VZiY?wQYS{sD;bS&_$woeHD8MF9->=p8-b`yu|sZ0(N5VuuN#x^-k3$AQ~G3n zEZcqeZxGZ&+LMc=_2_R~c;pV__HQ`2Oh$~2h+RHUSP$nLL&Xv3QcUe~y>HR42x!sS zJ}UvIbTeV>>yc52=rWW?&^kBpW9RhYc;2OuT)~vwdc35G2rB(Ja zW3sZLTOj#+TkN3a_OrK$lX(Vp*ebSxB`N?lFEv0mS0vC#(63N@eV(NOK@Jr$E>c|g zD=1`u@}K-y&DcYk!wCIYx5>f+zbVgtuS;f0*g1{q?uSnDHFQL2Ny!rY^DowIkB}h< z`IWgQUc=H#feOS&3y!|{PgH7Rz6u>SH_U`1CF#*mz_@Y( zB?Mx$2yf$UOPN4{yV{I_i_S8UGT?|iI;QY!PFhkm)?e7dIPC;eVF*j3qrJ-ai8Jx_ zGBeu6m`JJhUD(hv4@rHK{&!uWvc%FYQf1B-_cRvlV;{#R%iqe_dlxnfX=E9z3{dk@ zWQp6;4*#v>De~)A!%ZaKHDf?9PK6`R69+}T$-97I{D)ZNy`lJhy3yk#Y;SfQN?|={ zp`1lKXI6&D`e%YUfhwyf=GkRZf7R8^{Iuu4=lgqnWQH78nR z3W@LTjG2siIJbT8O7E%9YyaS3p*j4QE8JbgH?p3XM(6JIarV0AUFKNL<+J7c0-==V zffV6XV?@*1deen1X6-8LyB}=jTjPghLK|4`Y@WVHXA&?P9&etOL2(p&%M*^TW6sE? zJ@(XeUPH;voadho*jN|4d~^)AZ#B?}idu5H4OnDYfMx zdq%A*uMdj@*OR79HIz1+j7bL1!XHa6%5}Y)lETR}zg&4p7ns+469qxok@1)r^Vn3k z`~mv96#4EuwX!P8e#xmj;8K&wUZ}aed35IW-hoB^h&t1uM5I}pQ{NJMtv3i*^_}~N z#mGc{-DNQVc@fGGP>KS%-FSmeC4&VKavu z5T*Q%S~VZvs`i&_VoXKFS?2*gk9X{D=*Dub#GT~(5ijXJ^M>4 z1z}}M;mD&}a)_46=XtlCDFu{%labnBRa^)#S5epe^4TErBgyeLL?V_k=5DNY>))m_QrLB z;^LG-KJ3wJRYhBMu^9OQb$!4MN{_5rifjNXuRbI2&{w5`1@Z?{|l#RyNCIr*JfLtq593@gl#tbwnaS1d4S@BiLd(qS^C0i3|cEv^Jx@iF&>p6 z$9=(}POlwRvi!0&8q*D0L@SnxO3jP2;MdOv+;{e=^n|X*0I9>VQ_*Bdb~{^8YEo^sIMH^lDe;L_iU(N! zwl#=Jc`q+Ul#=}D`z++7mo`#SY&Ig(6SR5ynyp2mYM6#-~xF{$)A@~y}nP5${#{LK34 zhwGiKD?Q35rRHVIX2P>DT3-uJ-{<)WUenaSJZK)ZDJ(kd=>MRn{5I>MBz;l~xKN6q z2PNXha_fwHhXI@Ge1(CIVm1(8!t;v|B$*!l0ezfaryKn9;0+sHjM=z7`i_V@@|0t~ zY2rZDUa&IN^De8ZJSrFe*;$qVU%OhDPB>KfyI4854V}O z%UJ+maK_Erhx3cp4n?~k+(fpBh{Kag9)H|snF<~r^$O{rDpP-Mr$>zVdgbli9h?1% zqZz*&W*@$}F^UkVkjyQsJikT1S25T@&UPa`zEr@dap@3WG9rv2h5dZeX?OhmBbmd;;pSDQz0VvF+N4T~u-Tgg5aEu7hR1CzmOEzFEd5^8^*?(CHg z6Oh0EVT3Y$yT=~&+cQ~TxgNq63%c^!!pGqkBDiUrQ42%i9mEKm-T~8e%E|VPkti{X zy`ZJBLzX+&wPs>-shx3s{LYj&?UXk|?_7U{TSe2=X2Co~&H*2VFIy74K6Sp)>I`{1 zJ<`y)y}qWveSp@;zKBRl(?Oe(UK>%oUDGjVlelx_1!o??$)e5WI-m`q@>{{-8I(OT z&t>Tz3NK-QEi*CN@Rf-se?xLd8ALd(nvn{-UKVSW;1Qg~LNumDIJQ;lOGeS&JKQ&g zUHf;Q*%QnGn61XqR(Fokmti&h6ET;jSOf`}FzOkLt&L9cbx3&vIJGnzBcq1>A9Tvu z{;~NO&n^XXhzE(3t{09`@R#e9u~O4M(|@P0jdIDhRLOYVn1IDyNmgk1JS{}Kbq~Q=A zSvkUSpf=W=qWqP5ec@udBNzK$26u57TPBS^UvRk1r2Vg?_b%&nh5JeaX{PCb5aJT2 z2JBN+OwftmSmnkClB~~5|6pOpznK{cIf}@AHR2%R&@I>2j5H5Y-%HIrBJ0y3_>k9$ z$e0pEj&3*5KQ&?kuETKTRX+O8)`??~Csur<%U)8sU_bV->0RUk>%!T0J4*7GLAyi` z6ZO2fL4`n5DwNu#waMync!(LH?@rL(xkO+XeUZJFuhQ)DN9i@0l~X@gcPpul5NB2> zc)+$eawP&!%yjR@Y_Y~k@nK4d5N^%N?E|7h4#i~vdq5_q+}ADe7Mz7DIo1Ahi#x;V zS;SWF4W6Xa+a?+sJ}VH6z*Wd#%RGOdyFo>M_Pdo$T%Up*X{_C}rIY_-fD@a$Oj%c1 zHtcCp{|p!WH$Pc(>$;V+-tJpT49R*-wB0>mp_d=0>P`I4f@4=FPvF)2^+>(RdIrna z<6^-For_AngM@*Az+#c`Wqj4)dByn#W|-toLG9_RMC2u;$Z6ZAe&Inx=e$SxJ?)UT zK9{{w!((o)OofWTP-&9@4g;`2Gc(I&(2oV#r%j=<beRcRUM z;no*x40Qb7x_v#R>hZjvW_7+2mVRKcUv1##Tt`4ZADD4Y_+6yPRQI3br0bvLkM53YNTO(Is;L_IDOz4O$2Je=arv70U0XtZCtp zy3s7Zrh=kt(e>+W>ykD)`Ll`J%V5GdH(fS20PW@XFQC-*~Gb zJsr_-aiIgY8Ce?1c5dLOmCBGKM~A~4Zk25CRg~7e;%Qbj5cM$gH}3J1t0}tc_Ihl~!>Wntk)>j=As++Gp5fHMCQ4!fc zN*qm3Z@VZXLnMJaLA^}GX-XkA(nZnGE&o^@3g(^N@FoYfj2Ts?tO-=}hrM9QX5nCdEZN*KgT6fS`3PAc*{w+((?+>jeI9MMS z{E))}5@n@`-xt%`X!C`!I@j~Q++^ygf{bR4XtuEBZS>0clVMon!cl&N7we=A5tx>I zA%I0=`EIly9k=~@f{x#O3`Ni1gS~o~zSFgc4xuyQwNh4mk#puS_QJ14^x_^5yNlDT zvn}a`>;>a&g5}u88k2E2)(mjx(vBuj!}i*oLUUGXeU(fK8u{p8`yux*M_kaW2$fc8 z(JZg^x$yo^Y8~o|Q7iS2hHDCvAG#bnwzkr6boo3feD02-aKBj6(w9&VcL>UV>#pWW z!ZkdP#STv2X!4U%{lgv=d!V0RCejbXM#-G9tiS4$C~xa+6dFQ1$TuE|csYD_gV5mr z7kMIo8oS$vTcT6MaMx4oP+KZH_*xo=q9y{(ecEhIkT>r^TJ`0oA@=GT)$;x*_Nfdc zwmtl(%=`lSEch0a2hXgU^Br>*-h?Mm%x~e<%{->^_@ft;>oTwa7^m0MBwNSa@o(|%KbL#eC5-DbO(q`Y zLVL0gjOT+eHz;_M#Xz!=!bu#*g0@UF!}3q|2v>StjbAO&YsxHc+so|YLpE9qi@9Zx ztAu=!j=RQJg?$SDI1^tj5bAP;s}-i=%dVWC^hJvNnMV$2!(%Red=7)L9sfsB<0Kcx z#Xynsg?rn7N0^_;XVh?c2IRrx+2$%lfGlg1j0mrQN@7kI6bYRMB!RQG_-9K4gm_6r z;vX(xuC_yq>{U59IGl<97jY1wOTumY(#yuY`(El582yjtV)tDk( zpXtdZ#ZM~o9UK(9cm^)5$kAY%;oJ%XrrRmz`cO{}dE zbA4O*-r3oyA7<8(f7w2U2`DE_J2LJ69eWhC5Jj^jp9^2@B~7v~^j{Mga_KE(4x*Q5 z8oDs;q6zv0JJA9d4WLER=;A%p)jURU_BLlvGFB`a%H6fr@E3@&PxSi+BOOzy6dv7k z^!Cx4PGU=uuKfxN1|y!I29hveFujh+G>fS zhuyOaPx@vu+P@05oMp@VG;bx-j3MMWiwerWz=sa1+raza~k|!yVIlu4t!2L_irvM>E7NuFM45dTG?dPiMua;t4K@qPZLNtpgploA~8<5RIIquxnE6V|$Z z%hlV=_fo1~TE3PVaG)xc6u{+T>;LWwcCLs;@&GHI&3A~In2>t_dpWLcG=K(y*~>wj zZS@WXgVhvYzz906t^OfhL$6t!Op(QmFEx-XwFJO&c7!s+aPHG+iU zjswvwqH=jW(PA5|M)sKuoQIzn0kJO@37aN5nrbu=IErQ$d4AWYIk@ajEFt^5oyVrc zbENot)^~R=Sd{)3f5D8*(jz!LE^sqC@-&XW?L?P_8p9^q9{_gkz2D%NsrZe6hB+)e zL&NDZ6=PJwYD8p3J7a$!TIR5+-J%RW2i(A3S37W(@{kgCuOIrJ1!I%|GGLKk=-KZf zn+KCRceNZ#*Rq(P{?zRSzf}3@E*o7l;FS(J-5>N&*bKLxEh}=*ctb!z{+Un=lK}7Q z3lpt+N%<1GA#+D$wCsxD?Jekl&h}&lsdjw!*mpf#goc72*XV*`>xo+M%YW(TNB>JM zwIOiRqdHTxV8Dy+*Ty>41`0G{!SC2KDyF~=9$&~Zwh2Abl6Ow3PhjYkr_$udOv*`* z*2#i?oo5Qz5AJU4{&RyZJ3sEy3OCLOJij!Cv9YmXrw0z;MZ#VL4y1db?V$fS4UCvs zdWM=*cN-6}A^682&S`zdo8wQ$XfU@w>1&!_7M8H8R&}Bok_l6SzYGKreA)XvqCpckQ)9DT^qhEv#({!ZVB`u{?!ou zE}VHNnCOjeB4}*sK@=VLj}n{KamNcMY(R7#ZHkKXzq$}DImLR0Tx$Z&Pe<9xz(cG5 zB|0ML0j5{9phApv-u4Up`(*uK)ns^mT-0!R4a+v8NVfcF7l>YTV0h>6$me+W!UhV} zWqAXOs!06L_jGj|>f}Gskm>(X|G8C5H2N4jtuWpZ%OWKu?VlD#APb=xqLGs7Ti%0{ z|Kk2Bi(K4=34MdBH;H~ExS?#2z5E*qJpiu+|u7u@Rv~P%t!~LGpfO z=cAP3!%e7?FFYtZmotX-yLy@)+?U83YvP!f`X351cXs@{c78@h zP&{4)>7V$QM!EfxlY)1YxXLO2IP5rYh(~ClKQ{e$+y(> z&N=z&iQ~Yt=6s81(c+;5UvDi!BJeJd&>a&fT}6K_cm2v$P5dn()w2m96HEv<{g59K z142(M7JOzD2v>rs`lUNgmkVnsQjD*?(+ws&w)wh2STA*zr>_84j7~9dOtZ&89H?~p z9M`mfjY){Mmsl3*j2tpmlV#Gf#8W?J+&4Dm}b0`*(A zGgs@OuENNg8p z^rB3UpJfq2z$V^RGwRW&&VPAAQI_9hH~IS2jj=TU zeuShqw*4M#Z~Y%jWl84-QWg;Z&KtcYg}fnOGw(1Ww{6ekpNVf7>do8@O7-J&FHBdG zfxZ3a`|di#3Ih`eZ2Fk>HF(_)$tT|*^4D~7g9{7Gb0n8Fd>_t>o5Nt~Vc^j~kRbKH zmC+362zlsRkZUmFZl!v2^r6i1DH9Wu6!%?UpC^F0!KBxzWQ4vG8M*0)Nz8mJ%YQBe zVmw8&TJm6zOm<3sneZ^GIxvTZhKAZUSazG@a5FIIzq71L=R%Q$Rl6|gQ*A75m>v^n zR+AEC)i3GCV!h!1-c)&B-lne|&4<&4Fy9uc>F6Vt+*N#x*PCt2meMt6Hf^=*#DO24 zssfc$Ug=`_47!=mNIVJlh!qvT%9@kwz`hdEOp}d91Av=9OLp^@O7+I7`khS536o|+ z(6cAHhet*+V=>|i1eABurJq=oC?&vfx9g)eXVg2w)k7(|kMO_X0a+htp{03} z03goi+5zkJ8KEcu2{SIiI=u7{`aiZ&gQV&`_j7P@&9pCLA)d$N%O2O5>9T&a2^I+3!%k=Fg%W!)em;pbLkvqYIlWV&POF-Y>+w(`nUbd@9F$Hcyzv-AdUxO8FCy zG#m31BGVSwK>kGt)YK9bnu>;j9Y1d5asir95L1v)6(AC*?Zp(kLy{VRDC6f8hHj)b z5hId?Z6&oFXtTXJ^{{jkTF3wpeWR4WOVLHbFu%4Y-S>K&8!iK|f;M8v3Xgipc79@8 z6~LX4idtO@X|6Fm$dW_PX?sVSHnIfJ+0V)6vpV0H?>?R7d8t@cB3v{2g-6Za3jhV6 zzCoqT*9GDqvL*}O5(Ou8hsZDZvd-pvWulA65v~tILm&Lx#wuLBNNdOT@>W^U`qN=tiwa|iIz`JbIP{)D zu}{TtZCeG&U1&Z6Ce8k~noKtE=6p*6jK>^eBpt)`*7JBjTXRN6E!Ou6TpaC|+&^6v zT&G00#ibTo{_em3$ZB(g8{0biqD3%&xG#gLW}xD-frE~vS0jdQSor%0Zb>&SsS`kr z*dPV?pMTV8=TLI{s9NG96Km{8_|Er+Or+NS85&QABr?11R&qpl%t#tI+Lq(eO`Uum zkuC<*)dpxtyoGNi>+*!At1FnE?~mgCXJh&=4C(j8?smF_X}{WxJ)mx4g1uV0)Bk!n zQ{2$k4+T&uhE)6^J5M(UH!W;EQtVou7Eq%vN=Z*yHmSqF&V4w*BwYp$l2Vn$^nnA`(5sf4&Znw z2S89o0ITY7`fa4`tU;$P&-&e5pv|Z=T&;MdK#{=tmvU;8-AL57eL7WGh*_uG5j}gJ z<60ADoe}j5lhmrJ%~9Lq?J`FL3AN5Pg_LTGAs>LTkkO=|(=2C=#$#aKD7Nob2akC@ z0%^$gPMXFohR`b!naux(wYLnbYiqU!aR?gRA%PIw-66QUI|K`E!8N!Bx8NS!H||dG z;O_3O-y-Ln_uPBCZ+HLb{NULTm}}aaRkLc;7`XA8e)1wayQ%C;TWv83^Tzj@h)77? zTo>2ZvZwC!x0B>9uDsDNl6cVP@w94K>FFqM-+s4?N7q;wgDyAJ=9yXx_R5S2#%ciBl}&CY{D5La?!SRnY2r zDlsp57=)-|A?TOS`*~M>s;aJcnBO#bZP!C+1E_>k9X2xG^I-cjwfkAcUm>s1!z2Wt ze+k_KWRLRQw})}>mM$@|D`?WRb_p(cp%&!Kf9NT*Y1|tLhR1su{e)S94HVtjE@l|N z|5gbe#J@EhkDx-O=39KgDxJ=xq5X2W+@jSiwh*avbG&}jeSdW@meZ65I#xX9_RL)& zQizVeHJ->tEVX=UvFsYiD=#M1Y@SdBXJjQSuc7xik{T(Q$c7`s$}G76a27ES6k|Lq zjjmG9)JJCC*$&frQiYot0&=8<9t-;W8+vVGhU5D@HW zQ_?Zp3pB>mWy^7W9@3&9T8GDo1JbDIROS>Gg@rXi#`^~z$DX1ufMT*4q z0>y;if1p7#n6UUfmFW51syM}ZvKwRj((Qzm&x0<_-33Ru#6(xAaOn%J67JL9)gz;} z2i1LUutY>U4wpyabT(W0Kpuh!ncsA5g;gRcK`ccZ`^+t>b~}ua+K;aIgP_Vs?=*R~ zZd?mdHqne8>mNtyo??9ZFS7Im7k9x7zuM1|^g+bW!O)7Psa2e)&Ilk&UFl&IP*Y3K zp;m{z942@`C|FWN*s0O|r>J<-+lBE}2vR+@Gm$G270s{kAoDv?+Rnvq6EeekMR-Z)ZN=Z)@xskIN+h|56lQ3-d?0$Y|dhC>zJwrER5SDM-LJ)yK82I6!*_;3i&P-L`e!K-5?MCVl zWH!(JaP$L8WndL!>ZK`oDzd%S+xPAj_Cw$N56Cy!rpx2Mnc6!BmDUd0V^KgG6A8=+ z(cwLOhSI*VlDhG6`Ns51U#gaEU?>Xrd?CV5pHg5?>z8eL&9UaYd#=`Y<~_GNi!6r} z9d_=^-El~0_#|pSrjzA>m14C*)lx3iGR+7|rGocjk+=EF0D0^;PKOR zNCHuSd-d$$a_<#c$)o(~vb|Y$sgdMD|63r^RDMyY-?>`3?zd-1nBYuh_`roKSLW>O z?9-iL4IB=$?>wJ-v%r4%euK&R6c9=x5Y*$2|D%%pr858_tX)V8IBIR?iHiJ#055GSRMfWA)3sNT-4q<#s(6PAK&Mt}@P*uZkD9^Y-`oS(n%u;@;*!EQj5?f4`Yr z@@_nZeyd*FGs(p@|I1@+CUj=mQlmkKUx3Te4IaQ%)RPy6Ez;91GjZ1X^~k@}XZ&gu zAZq6`_hJo4Pv@d8YU_t<;Sj7!%N~G^%6U#Wd{rM3mF`VSg-dNPcH4I!30{ z3SF{DNIN)HY<+*9O7mhu7zj7UK&yaFYTs9IU7CN=WWqKx1?eiBL z%rX~<7&ihD*)VsJR|L~v_ucS3>iZ&WG~92tRO5`n-zAf#2r<#aD#mP~#6+c@F!F9%e%PmBPz}=~TB-4hU9TKx z?eRo`6us}2rfkCkMHJ9!Y>MzKKZokJ$S{c0V@-bL7wKsuGDyk6#u7JPUw5b2JVhRg zjo0DLn;Z{N>H9RRh5_>6f9smh-(Gk$xJI1WIsNvwXjzJR=#7@7|Mfa)V~HCL(hW}a zsJBV)<4Vr@57@#szd$wF1^gCXUpE!|90zTL4a($1ZL`Ty#OiS0w2^Z8FA3xydu6m3 z50Q*W4~Z3NS{1)hNs-ogo+D$LQ1rQnFEgiSKc}gmEpf1@dW%~t7rj-L7kyUCkpB`0 z3uB||G3|F0HKuwmOPwAnfb+sM(l~N2{xGN{-5kFqWUhe+5WCQHF~^yhz)UYOrlT1x zCkMUI+6wxZEb92vYtPX7Pg>laurT{b7`Qq0CR6V>j6>2%UQ|5#7J_}(4fo#l6;wvO zTGy6dbiw~})t(J$Yu8~m>^$=vA~HYUMHf^9|D5a-(nMSsCAG}o-l4G|aCaX|Dz4dD z#)@Y!%fFYw^m3GAVcU}3;-VzeK+t<8xDBhSzlEs>)q?VA?80J}p^+HN)m#I%Jj!Sv z6u{x4#Aqq(=zqB%wtzp=p+MA~t;$-soyp!$L_By50s={VNIoaOu524gZ=~aD($ZAR z1{4|K8jGAXFnYM@idzNOepZxeagQsiSXz7_rYYHcRte2LV9PHOUwE@is^-<&@{{;p zZVrYVMKh@Nl&1}r8FtR7NxQP$q>5L0<46I7hetszJITlCfTEq}gmd}GMqql?l>})s z!EjPvnYDsp$$t_7cIGL$aQy)0!d=?+^}dpd(M(Uqy5*gx0vH~lMKzPBPVix(mQAx* zu7?~6b9T@yM)+Nu-baI|9DvTrAz%T?`3H{^o;No~rfeG5`dTZM+p3%|{DSjgIDP^| zI3>b4z@}(>xne}pmG<$T20l06j>{2XK>bZuo}3KV&groU)Uuz)19fPIWSVuBlvHmj z;_fhrzO{|C^#EiB=5*NUUy4f7B6lCGemB<6KF6)_$9q1Y1h;nrD%fFG5-LCiWb9%Y zP}3T#-z2^FReEVEDnA~`gJ>uMu%B;$qZ#(D7=;*ZnK;Ym)?ngV2=|k_c-Iq~RZ2gE zbaJu#^{#J*H&IkD+!dI^Jn>JpV!DyExV7{~l^ay948>k2a&q$Man=S*Nh;N!P(Z|O zw$7>eR@<0u{f%OM)hB8DT$5xz@*>MYb3s8{fC^Tan!76qsb|Ieg)E=fvHz_?NWQ}k z-TC(nvA(>F`{xf32i#7FJ^;H$@K*lt2qCv)d+62>I#h0DO%BbOBcfV5cMT?253t8Dx^jAX9}NZ@AMw?Dc%xn1u@*4wOP%B0qvkDZz6S<&kh$hSWqYE&~A zpKpRJ1Yq|X`*j;XP6%&|UB%Wp$!!2=PElo-%oROK71jHZFH)0B&92MuXSQ zy#fLVN`~hZ-xw&6jPZ%W!i5D31}pEXIwk$sO7}bJ>NM)M9j~l}LyGVX@uf3tmF)He zS1z-mZdvZxuZ3OB*-e(Oz-KF8By*b0j*ZBEv+5F9vB!>|1`qbEMXtZu*rdmf@8LUG zktNbtkM}TIU?+P%|LJ~-wjr23q*k^pnKq@8h8}yqW+Y%M!L8!g8yAn@0Ool8ckY5h zCH2&ZQENT=S$9%{%{bF9ieL{vceCVep-h^B46>E!dT{g&7a%|@oXHxRid<=yu4Aq) z5G;t7m`6LEj;(8d6+?JYR6OJL}3A&9VQGX zqm!XvNd;8oQZ^v|uAzrgojVH3I%*O`o~ovXb>=p2JqH^}4;{64!3g=3=deBuirFo} zGw-iT@PW(qo~0i8LUAz-FhvN9W}d{9K_709_*z-FyWg1A+-BjrMI`x&IFM(njhX;N zKZJp$G1qa9Qe|pHghA{+;2xEp!pt?hoTwLj)m-eK!X)a)+|Ebsa9bw>1XU1qZ>cTq zg;%f7z04MynFF8LP?W?jF^0IdB_T_aCv_N0%0ySSBVlmbJQ!&5?C76=D}^subn?*L zTNNg)q}1^;PEt0gm_XW|of7ROp+n86n8pz1W@x8#=j+b~XK4-z!XL9)2OnSCXBzZd zS>lW%M_A!!*#%{(@6Djb29ggiixv5&s(g=Vf-f-KB?99>mybgAL>-25)bU z!vuPtv`5`99?cE}VZBbG2xp#}S?N~Hj%lA3@^U|m4HHeUELFcuR{kCuItcsBIV>KF zzY`=ALZEI>3D(BdGBPE2bGU$wg&CH{&aXevshf#(-=LjaKU?<#&eR zo;n!_b!v)8jqDSX9pNU>`YIHasRQB0$Tv@23eH>TaeB8LI)j;>^dg2$!&Et%7!q>I zsCH}FJ!Z2N?|+Q`KrJ=c8jgmPN~A?E#W0VZ$C4?W*fQL!1}gfx`gW4dJj0mwl%!~< z_Js{+SRG|JotHh%Tz5v&FfVX$QQzxej|ArBU0bMYme+Wh^A$Oj|4L;KaeA4U!3Lx& zHIz@~WK8Y}I32RBm)x@Bn|ozaJg!cn0JtDln)+`xG2l#M#4=s$46sl9$}hz)p46CH z-Z^eJDm7k8s$KP@4oxeDW0Igxq|-su*k^JhhU4JDqkXpZ{Y6|*S>w50>tsz|+37t#odZX_zTl>!~b@Dou9hm=sSXT2Gw~Gej*LZ0dZrFO;lvz zPfm|)Ya@jSui41fS;q}i<@kp$@SrLrgc)n!i(g>E?KoI6UY)smFkN`CjQLlH+BM0M zu|r(FrgGkC;x8N-8m&GHw%Sb)kp&pID@en|oppWUkBbFt!^bpnWn1;&Pj&59B?+7f zy}Te#YJxPn_KR9L)}Ul#C-wUMu#PnRc9LY&L2z00apOVOxQu4#VpfRXN?Z9nD;cQu zyuz>@7b}?RHFrtt+#^=t3&__v1}k_U3osY*=TA{5*ea#wKg#m9L!xjNdmuBbtCmKv z@g9zM^g{G%YA!~(co0ylmUd-Tvmloi2jZM1LUMgfUe#_``XDy3kU+J?2mYZ-=YwPe zuR{IxsM7JM@Btq-q0hpLbw`~}-|D)=0;iSp)_A6Z*zDB-)Inzm{}04-p5S{e6q6O&WGF7go#zQ~r{exfZ<4PJ5Ci*92vUxSE9ko{`?r zft-R_^ED-2;^07^Xs>!>j%5qEEJw&7+E3cdiV`W-S+B1M4v&lNht)G|$|2Y3-W)$M zSvnI3tw&pRaG&t6ri&R^7EUp2zVWAyztfmk-}W;qH|#fWcm3K1t+CcDx|ZjDeb^C- zIaCQK&M22j%akzzX@a1?(*(Bdo`XwXn1Rq=X(gx@5akW|$2B=mv3|6Ayl4t*)8NyFGNFRTg778#ZH>j*vMS zDx|)wz}qEvn|D{ZU{%E8Y5wDDU17`xYUqta_gEa6fMIy$=7!J1=(>-4LVT`sJFl^` zqrLs7hwCGe{P)*sb~?c+La}fl)9^e=TU&-m0!}~GQqA|y$BXtWmuIXH$01C+&&~CP zmEX$(fB(5RD*-L_s*A4sJlIHm@dGqnZGa_+rwVRH3CkDT-uuL#8d-=q5--z=1Wf%k zK&AZ1<3#|EMdOd_{XB59ifgn&iwr!Du@~)?`rqMPf#SFgS@8G=j0-WE?;h)9hiZgzPpl5fYFnKl>sPwYXupx9dG$SyuSq4nFFAQlhjM?50Sf_N(GE@CWF@g-pxZ!QH7c^7$_&F>(R9kjI#O z%UnLcw7wd=XmHN9324kt)d{8^3ysg!ajaiVcy}*-YpOW7ZL{Uuhaui4qjgUewHhzd zldBo;|6ac7@F*wk!~wPg`#fqdB#nHifyFxVce_@$qr>dTUxXtHoew1gvbquE29{ z;Lo1^$>sxn0Bn^p$$$D24hJHS16*gJ(vp%*zQa`Pb-z1W(JsbZN)vAGOqKhOYbJ+H zPJnI#Kzb5(c#Z4(4fmDWvlsjZSgjaR3Lco(>thQVr+mxzXfuM;%5q=toT_rlYM8|g zAVXVkvlKY$K&;*1feS!BJ1W+?4D>U_LH#&JD>;_u)UQO>ueKBTqM>;-U%R%q_Xa>B zG@uOKTN^#ZS=oBxzJDoQzXDR&tl*LFeFC23Dz^09dnbAT4zyPSe>>?{%@Lr9%5X!= zBqY*^-Y1*303SzU0+@W+oI?e!9zmU^@Co+@YR}q(I73ic}D>p{D5oFNC605EwVq^T?+sj8g+Jof21yq$sY0JUpqO_@z*2&8uBdr zHwa;i-#-J;$z|I|N9B%(s>*)iG<)NIbh3aCJ8V6@bjhSRx#(y-(toTwW4V6r0J@(S zG*hm(F;%3rj*}7%eE*;613sy%cKulub&^8Vq+IydX`Q{177JQ%H7U9vt4jmQ_p*R% zJWx{ivbwiNd1I^*Z#Mu_k$UKp_AuIY6xfu_aniS+OgdiK$g~CQGTP&nwy0Nb1|xDp zAwU?WvSuv4>@I9)I!FV#4D&T_@Yl@Se3PXSLu3L*rAez^A#gll-Rb|v9{aE7_kAhC zwr+)weKDlD`-#ou_mDJku7?Y7Njif7n)E8;p+JDd@*RK*e%+_N;=pTBrq@P?hA>s8 zgAe3);#Xc}BmQ|5kg-7fYxVy8L_Ji-vRflhW8Y)IDhNVMtM*F(1T_3A5FRDjcnU%x z-gL$V7&NcWHpHUGpSwfQ8Q9se`y`R;UJsgoo2=PDeBI0HBphA5uYFdZ_`2wU5_AC$ z+QOz|+F(k+AtWSJrZ%JSJ91YWrM-Eo0u~$v_{ZaUk0BC@AqdEm$=8@E;Nal&zowe& zX#uqyKvlvgDhdT4um^ZIq_P3-fc~_H1A@d?eVzY2yRyXZKj!Aoqk*@AXmI}#KsoSu zKNAQF3X(i{W_=3yPAZ1HIh@Q~#sI7_76Czt>f__%>d6U;k&%(YTA^~0BEZKO9c1!f zng)iU$g!FZJWC1+cJYs_3gfjEfJ{h(6UbA8??!p^1{F8c$k1@}Jpl5t7)+o|HS73B zg|49Qx!mk30!`}n_j~nsZ`B814<6togZt~8{&)KR{nTnRx2g7@!TmeTe?Jwi{s9&J zw|@Tn_c%t<2>*NQe}1p#|EC6MP%A4dC9wXt&U!BVHFy7YvHl$e@M-d|h5K(m`)|KY z>u5-34^Trf_9}C5aP;fU%lzO_I3C1XTwL6w``;c*2K(1ih1^a<{5hMhkKVj_6WxS1 z7)=_q*z;d!>hCFZc6P>~*VTTezN;E2|6ivS_>Wokf$nZ76B83ky1z`o|JrqPzykk2 zwUmVQ|JFbjI(2jtbA-dqQzq$CqAJ<>mhix1!zMug5ndT*XKVYtsV0@fF8i+mT|4>v z`}ga-+3JrLIyU^jJ~#=GgnH$deu?);rdw@&NeR0>>9Dx8NIDNtaJrb|Ca`ypoIT=y zRXzb)|2v3p4A|ROJNG{ZNjA!kYRhk(S`1gm&s_^`zr*nTAwOLPs7*&yrmG&p%h%o#= zuS+G%|A!8(9JRwXP+K*|v-|5nlm2;B!pFb*UpXB4=YaSh^f7^CZvP{40e%-&Oe%^=Gl0P(8LTPhnxG?O$nOfF{uTj2?MTYFgT(Y;U&y9shGu zBtQuyWen!%~9UN(LxGlqIF|0yrLvUcQqIvu#rIC z0RFN!oG1Vg9qO2GWP83ppifFl89d4V1tj%_uK}qocjaWy`I-B z3NFcwjNa?i4h{ePf+rKgE}B~Zm)&B_`|md^bnqZ{cJ{;<$yUpAi~P5kgkif$IKt%T zDT_BoMw@TE1QY3XIsuZlagYQ$sA;8r$^B;2dE)r)kHe#(IYQs0pTXzZ*%OA1iiP#@ zRg>wTSO4%~wX&5{v(7BCcF#E#2qgTs-Rfx!6D zySTb$Iqm_*dmyohX_2~WN=n3wHbV}@DHP{}#!sxVD12Q`uVL)6Pp5$S0< z`}f}xlX|Yq3kwUk4-C9{)oR;dF@J;vH2x?PjDZ*D%fWwJn^|Y7OLRVw!KK$plBzBo zd*?6O@BJ!e@n_anzDr}-qI7rn`mGo4v2vPGY@H6CwSAuOf~RxlbAaJ=*c5Q0rpCd= z%~HrAK0Tac1~up;21)MDO%~vAIl`Gdp20dgU5%CNc>{aZ&+Y191Hc3sHj+uky#?yK zH~X%SdRBBA9YxBt8-)2~wzszn6{@NCpu@x~06c|4#k|lYWEr{Gj11ye#g6T7+vKdf+&s?51a3F`A)f9xk{9wi z9$qtLORG=aT2M>nI!zx1+xbf1{cbx~7o*w#@kSj}S zW^Hzd?B+8~sWolS7MGK7gS*uD!4bdbmY398Dnk&eR6dHD^Xhg|D`-N!(u;n^JeV2) zOg$62g7wa--K@>JfY_`9Q)zQOFR~Vyt5-Le|33RGSq2?(k8_MDY<17@&~U@lGO}Z7 zh&wTpk5u{|VsMWsL67Sq*tKBSgYnc|ot+SL*xEHF$uGBSkk9uI^gK6bKqft`!urWA z9ETGPfL-;y*3f0OKLK>=!fm}WcwuK=kCiRA?(OZqzzExR3ncXPh$Fns!htK^D!{$I z$i565cfhSC1R!N&U;ymR&m8kfQ^$WfI{6aef5igMNdLCnq$>rc%+1LPc07!wRch#+ zLv0BK-stN!c{l5;6IymD5X;uWN_raqR=qKu}Q^>9qDzBuQyk4 z;Sh_pJ`9igIs!f4ldfF{ zS0E+t+bVy@M!)?q0Ux$$Tl-CH_KCo6F%$ybYjV+Hr-Zt~aI7~O7pV+3=kE?1$!`n~ zixpJsq9s?-PA9Nv@_2M*obDkW#6-_K))daGB#i?s>=mmE&T+0qq9}{v6O0tzS*N#s zlo3R`$2rzbwxPW9_%3419vHbx5pFpr0()7#qvZHj=T0STEQs9JIYv_8F3Qu+XwIPd zG7(l>4b{cngw;B74;+Q_l;tAS=Y+|eua8D#_jgb*D?MxrydtG(_-qi0-~dQ{8~yH* zhQ}nlJ3c}$Q&iaT?V}uBPeiNL=BoM6@H6UTqLyzc5>N_#qRrhyITJ2V?)@8-eeu^V zZOrJL=djV8drD0u9jYqiJ0yRLGeo`)f^Q|cAX{v zbEc9eQ>~^$Y{i3L02!;@$`jhg6VDu%CGxf}cUqjy_K)<*YtKN6^AyliNNaT3fS5(V zqJhItg#p=L!4vVieYh`b^w@$g({2sV>I&QlBKGo$j9lOGbgQJ%Bf_Ls?FKl4rXZdH zEgd_6spX8wxKs{da9hsz4xrXn9AY9yMfH`!rVkx0l+W@5JO(p2433wz4KV;whz#6n zqE{69lbOjyBZvZG$Y^cXyF)<69xuU`Ofod!i9e?=Q(n9Qisn zx@CVjT?pcBe8-W}E3fa`GqLv@t1jF*wpAR!a=#62BGKoODB=n995<5ulDDNE2aD8* zA|Qe;(B?>8Q#D9>GYWO<@x6A7?c2J2*@sJqu*lEBJ|`)ypt&1osI)K?ikUZV!KX*n zXTxRm$IFr@C(LlZVr=g(f3h=qHaE`jyRE#H^O#Zeu?#=2Uv}K^;FSQVF zHOl`54D97nLRe7Qy-C)EO$qPhS*yn-8v_-Sv-3vhQ$@m=;-`WiNYd~MGh|Rp()Sd5 z&U+PRzX^}CdFQR>M5A=CrJ^KS3&2R(gXLlS|hsY&%7cgkN53m}Xy3QC@jkB{Ntf=A_n zdukMb{u~$3tXphQa<2EAKFH~dl3$p|GaibIe)u_*I)kY4Q?;WjD4isg{|t~$?bFpQ z)M;Xqmfo|Do3}erT&|14ovCKXB=*@m7|G=<112 zWzCmhm*alS4d@|J@ozgTU5c&uBsS zJs+=(+e@$dZ9zZas^@k`lKyZTylOvKXl;_OE7fM7Ckc>B`xdK}t-iYOdheJ>Abd}j zLwsyEv~e#c(;%MlpH3kmARz&aoX#=AVv{q9O|Gl?Y=uG!h7Kep0pR8L*jo4MX%6?bOq;Cb>$lNsYV}zyegS(w78Ny?I7c9FRZ-VYnrb^qh znM&k6VJB-O=%x4c?%mLkH4VQDbD-|maqzTUO$PWD{{rO1Tx0|s`df5kDZFmjxC6W# z+ZPdv*-in(owh4CCTcsc)JrKW*|(OXtu|{jU)PTU;4(MC;%;+z&x?2zrkTrO_ zA#||t&vC!2SK;!Yn54_=GyTW;lorZ=1H^Jm`7~KATJ|l%*I7AFlvX`ObB25AuytMq z{w!Bok!njVvP_VQK@+(WM$rSyU0smu){Ec!AOJY!+uLW}@bK`=SlSI$e&fIbpBF$y zJ|z4M6&01_mcOXvj8X*3FQ%#l74yfE)Qav zlIbWlB`Nqn!Jw52D&7hQS=cGcTO{ZoD)he1_62XB-tbw=&OXl2PaSR}L9Uq7%Z$^@9m-RH6g(^!&~cywZnD9MhSXHxFe~<(%_ZL}8fZo-v3N z50{U4*Ahbo1O>)nvK7R&VC0)O=)sZxD?+A!+z`b54^fi@IxtUuu8}jV*iIGcEREi#uF%A^yHg2fg z8tDX3jQQiMuG818RH6Y1IPcG#CXsmlbb|&>$ep=u*PT~+z3ivGZzk9CO@l=2$)Y_s z;-8cUmB|a~^I)e#Zvc;2lVZl%@9gtLWAh#dc5L86md@hNm@^*%vz$qX_V#l=P69vi zIr~5aw|#l{?FqY(m-+0-f_=ZI^4@xvCprzDQD6!SZ&3|yEG+h8Y$ySf|7h~!ZLJ)i za!g<4-seD(mu=0#j+98o)6r`ZzC}Q2= zjm+lRRl^S`-&@b8Eds9Ro+>ut+(Z2oG5g{wcgF=QJ!=nWt+Wo(*5Z||D7mI}=fYe! z;urEfe(*lvWT0{Lp>Mgw{=R8KMM&EOM>|_2lvR#yZ+=gONgXN47Me@iSH2_zDgmr; z-c=Gw^O;ZVAft|}bVHF@E(`dt3*X7A+mo!JcjlhD6< z_;Zk*PPkAW(z34VB{E+2VS%D@pA>ARAj(?pwlnB?R{l9W5HxY4w#a+;HcNt#S!EA* zkPw&ra_!Ax+7z~$W?@Mf@k6K6@R!>Ua0#+K&hPp+2A(i8=7gSk%v%uc+DXfAS5G+x zPi&Ic_t(096M{H%BY1R~wUcY!w4Na;l7Bxx5%A>exgGL~pF#SybK>GcE#u>#gS~jS)o@j63#I?+2iV~|EMk|O5x=T?gzjD{!Uk80N z%l2x$la!{Av7e@#Abe+P#1`9}c*807cPG$#YG}mbUI=+YwQdy6$027-4}Ihe59E!s zLeASFADCe_B#rPg>f-ZUu0J*BsSI92nrrcJ@p*B?+utPc2qNC+HPxpITOpP>ezDh?&*dyH`^i-?G%P$>Vt83j?e5EPce7@l`mRb~~z?QGpO zGouy<97V6#3qWqJfJb?L^H(Z1>z65@n4TK~0^;=X&H-RAhy=jAK&0FX1sur694|5e zEZsFw0<;ijIdG>an3&jRgs}iQLC6fdO$~pGLgcG<@E?cO6Sd*uQ@5%IoY*4sOTUG> zV26PN{fA+y4V$?1~m60wtg82@BHJU z)Ci36sHo@&bX!o_V`cj?BFj1sLecZDh$3Ahu}?>oQ${CTg)6oVf&_6YdxWIgEkAf5 z%ZNk?Dpjg#wyFhAa2Vc!Wd!ks)PFeDC%unI3BwelYbP(sG$h!o?#yV~IJ_^KaJN{^ zavOS=nrw)p5Gph-n#Fe>_j+{A?>_~(>0cBsb0?bq&Ef9Q#S+;cdQ_&&Wg|Nd)I%`z^#o}`839qu}}HzIb1^SO_P zxUZS|#DNZ>e+W^C`*vynmX<7@SnQ~Q(kvTO`wwO=ig6CCX)K=uIvq!AL%&H)HL0%z zght^hyqC7!gu1YfFajb@bs%?>oZUdFGzz3Vi7yJjwYO zD##=5!834WkAFNWk`h}lOPbkS?`R1V>HMyv$Bs_)G9A8P=G^CJ_LJ>bYrWZ*Rv5Zx zcXjt5AkAHh=9V^X6s@3JYY?~LExRey^Z09F z4KeEUQ|MXz4gixRKlWEMtWRHYZ`T`YIeMPuS=}#wXL=1p1@ZO_SXG?xcTS`{djr&*#q&$W@EgH=oF_KBMZg+;d?JL z(x=0Q-=}*_M7o-O6-xJng$<7w8M;}%#yUYTzVvkVaMZq!L{X*ysst}uU=r2z4jv!v2Dn7p=V_K2vy9cSW%T+0n z3U|?Q+Mwnmgs_oQhZ$6wMrGHHrM4P0B>lxgNk3JBPMgxerX~I6B`?B8wiW{}TQGao zr{I1gskH|ql*N|#{;!{!o7d=ji9>Gs(nCFUDoYRBhxppMw4_Q?l#gKN@=lbt9wNBw zJVXzRt3h+cNFFcuuxsT=-E}2uBZw|;gjqwPojEg>E=t?pR?AWk9n$kCs-!%C>=D-l zJAuf@&!p?=5@gifG3` zek2QWZjFw6Xn@>VSe8(b!D^2gLgoX#r- zRp336B?No66OOCiWX=0pReYmj>)_A@glum;?;Ra?#}tl>SMOHAMI-P+-U|hGwvT~n zvDx$jB*6+mj?@({pgVsJ$V-e*+|p{*b?!16ZMNu;FX)*{ANbadjQDfoDb3eosFImY~x0cO$Z&+n7E4QH+I(AXXxvdiZw`l zu7^-OJX*L=r)ENM?#Yf7Qc&2(-m4=>`$+uhgXP)6^MIKEqn+j@R|L( zFfwi^0_Cc;0Kb;#CPkN(jX6R5mXr_E?@;Nc{Vw^B%V&}2#66k@k8xRMDw?S8ZuhqF z!e5N(J#w?etaTwc`9y*p$k%WqS;)E;f$BJrCu6 z6?AlL==6I=z1L4IGS_#l)Gu@Dkbiy!SzgrV0DPg)pHBtL{M&~^-V zV2a3>oDL9L^ga7|j$Vy_P9gQO%4K>fxDz~I8LM3;*$QXC1JSS^7XPOnAU5e z@ev^mM*V%FsI6*lP3vVW?o_Pe;1P@KP!if)rH#BSA~!+U?|O(a5o3Hc)8NTAoSdDH z`n_}YI10)4Tbr3o_Kz>Z$1}-w`aB zZk(`thxecdm2IG1nsvy*#Y7G>#^R0C<@+XMof^ZFp*Nc-Fv)=sr{)QLyY^AL_S@+A zY^yF&=k4>*S=kDe3HCHmOK`y$XM?1a)#kfZSYF;TAaj?R({-NO?SnyPCSv*t&k z&lKGdWAiSP&PBNrkrGCXvwHGewP}ADJwA35&Qwe7v|3Fx$Zdi0z4&&0G%iFtG}Fb} zNR`HI=2$ZqDN3}K-+QG-#7-DR=YNiTIfK}~dO|nNbF$*Kr}VN?`}nMWDav*8NR{TE z4hfxiV%@UO$bZZu!P1*|(P6vi@h;7Kev~gTdYWp5I0L0-#Qn<%tnUuC{?84gyYgI? zp297it-I(1_cM$`=@GLCQKLK^zdUi@L>HE9^yNlyPBmQ-m8(8}Dx%IDBRvlnXq@tv z(81q@#Ky$L;qNX*?S8K+kPVjceTJ2{p`!YN^dZl3GnD4$Y;qWkcw}8PNDr0h3)oW# zzI>4b=jX(>CW;rSQygBR4mt2Nz5@jZN6g9>`MN{U;ciBJ|9Qbw5ISgl-Pzx?Jj!DM zJFBFZv}`sQPIympD6?)U@0wdavLJKPno2UlA_@Y7nTQZ-CI0$!?ifiqIoST7sY9AE ziKO}_s(MQ@6=n<{1h)k<<45^RsiuZjWHBunMl$tEikQ{nO$Ng-m@q%aY@bq$V+;xu^KSOH9o(Yvda{ zBJ0lh)?(D+Yu=(^{-R0zI~XUCfx!UQ){RS4Y8@NxBe{z)qyTzp;Wxi&uIZnBEwEvQ zjT5&|!h7v+GuoY+R`NDd18Op?x@eXZ*9t@@q8=Op>LzP_?D`r)H+2NEEjhC4Hw@q#kg zh=hdC`Y8mBtipZ^ezB!^+1BwDr%1#bT2XNeE92%Cx}Y4V!cP{8NgoNMYF6#Xp@EBs zP(%u=fpyvW)GjlCJA%>C(Sd@2={4S+`K(a&fl8&sU#UQDt#QE#$fS#ZK9xhbmo^sh zH=DVM95vMmMy<@W@1;wctX-;>P;b*Gzs0tcvsXEZ(2Xb@ zf}A=2=~YJ@X;Ux=e{aTrgmR_to}EE0m?=kqpygOpjA|)&&Musou9`i$;lyR!>*+#} zS}wj)bqDsyB|vr>vsu;YgG!j|70uz^3H`<5I?NlkXS}_uPq8`jVBLl z2ipk9{!s<%t@39R#^_LLG2!raqw1&>bm#WF?K^q9@3U6#Uz2?Fk-eptmbdQ|D|@qD zz{iCmuFBVDS=9i#{7>U$>|~Yy8}h-1(-egNeyh#_RP_cjNRSYnQmr{di8sRIxd7vt^|t~x*=m`5KZi5mG%sh5URDDL ze68oLqe(Vuw5gs|^)6>#j*>LJMI?gs0VrgtnG>0_3XX+qcb?H{!@G^C@x5w@-}wNM zhVTrIh!zq6)X%tW*FGGuXO6fDV87Za1y_@!U^;X*_v^$PT61=+EtJk>zLZl|d{ak0 zXMrrVW{n~54FQfl6=h&YG26N(9H&bHyMS)4ML8!DeZ{}OFLZU#Lk}W`%2=TDJ1R1i zz~B@2%-<{K^3;#j{-3J1dkgKP@M@dTZrD&Ya_f+Y;#i!46KS0RWY# z&`1TSsW7!7v*wRCPwJt~qXMn1tpKv|C!9$^=5?-enYPAfMdz07(9EdNrt-Ka&-E9t z4nUxp!E99k$h5%#Bto4Ku&|B?^O%YB#iqv;YGnlHJEQb1FYK?9&e4P~bIcK`r<(HZ z-T*w-ZtL6_7173G0ptE&f(JA%kf8yvdp|$j6!uTG0eb5{I7#PC!;K69wMMU7L1h8k z23v5a{b@|_3v-bJtIqD1wUIRL-ML5qm)JG+R1yNnarX6Z{E%vU5l^SD3b zDdO|1XDeGZP#eb(&_`jqjqv*9EIfC9H^GcXh=yyf!Vc?Q$Qs&A10{nqdg+Lwh&V-L zDv4)kX9beLE&tw$cfo|6idB}vq4MU25Q1Xc+(U-jLP(k4?G!nqT z+s15}(h$yK^9=N6J~#Bx*(dL3O?$)GCYyR@`6DX7N?n!(`*&81|p~#__C+jktV7X_|Dqn zVpol!J`Me`GpFLLpqDWBa0}V>{vcH+mFj!yy&V5M5A7R|+**6EG!&{YWr?6r<&4u1 zKan9NMq5P=py4tO~art3*8DWnMW}cd*x^h049L*2INH#xoDw*%0EhN5n?LZ*iTXupbShKz+bZ>U;Hz_!^28>9h3vY_a zN?X5o_G$Ji@8&rWu0+MPAD!GhV7I=zj|j&FOV!d3859Cxyoml&VKdw=Fz9)ifUD%m ziljOGduYU5gnVu|9X28q@58WEv8~mM%SOVEvmF|8S*Di{aM zBSOvG(knU!Nh}lvXGDxX<~^F()DvAw2Mw5JQJu_9Sw6jYD*uPK_l|1nTi1o{C>B&i z1O-$C1VluN(iNolj-g2}p+o2)3L*ju0@8aYgwR7zf*_#un$U}M0-+{>gusoz{hf37 z*>`;R&pXE;gf$jxtToqs>wMqmkqy7s%u!JJ(ZX5wbBjqGW3C!HPhi(EurwWcd$%Sh zI_ctI@hz@_;DIvt5JGO2S!{xg*yCxzXa6lDJxTL2++t$AC#F;wQINb8zZ8IfRt$Y!S@gG{Y@&s|xSlW;pp%sw(E{}7bG{9yb1m{& z6s!vIocyT5h;89So@Hl@NPF?!gwmGw{y_DTAP4VrHh|3><2&_~uD^w+^40#pyTgM&bV=ZnNl1`5 zuHf_2{QyRErNXD*)4@;2V7BSKCh0rIQz1cDWD_>9<(cM;<(LB9)WV6s`;)iLHgNzb zn;3y#U!HOOqV&0>@`(!jb0I%F=%>7fXtOi_t;&EI?K{Dr#^otdM z^SH&#w2|-DZKU?7xyE@S#56v%pKb@$yZ8F(okzGzjZ+V+ZK{^FK3~79EpUf>;#t*s z&&brzLk$c5is{$merMl)@y5=o98`Eth1_)UD{6O~1 z7e5%+Xyd+l>l`qmEazx|#QSieOlWvP@)w=7t&g|C`H4KkfZFHZbPL03Y|5~IsP-sX zGwWNp+tr>ZO!<#A9{zziv*5;~svo5B37yX$bsQ@c? zHdad}=I3RlFQ)Sk7q^}KN>z-5%$7D6mP~%u$>w(%$NsR;LkLCQet5gisJ!{Gofvxm z&98);Un3nci`viMJBl~ReW+8ts#x%oc=o^cPoJE%ExST`s0MaUwcuTq;RIDzhtdEL zcF5x2H^E2!vJ2~?MkD3r4n$q3`+VyiQ6~}2ObLNPrE=$cMr zQpz#G%&^rM9d8ony3;(2 z{JgV9!U$~Vj;sm)2(ICJmwf`Q6+mV;`<+mOUhc0T*C;2Z$h-ivuFnCdpSotfPreu% zt8JkreNS)zbXC#YH8eOc_(!v?WF=53NIXd4+B)VTVu33=?Q%id6)$tRB^uLfLUjdHvO9Krl98(zEXUcTtN^o_jolgVBo z5x1z^zx7J5nBiLg`bVE>I?JQ2%N1gXz2rgfy_SG6zI)S^^yp~(`wQ(?Zmfb%Q|<+S z0Iz5!`~T#L{gRoIW{EP6J*2LBMb->=B2MzLT{^~6dgQ$dc1@kc!x)Lk_ms#%Ws$xY z1${Pc`z(!sZdB9mv$fUeJYs*U4Ch_V?lzk*Ar+fr*Xz+2lw5;dFYmOxMQqBV9{Kk) zZ3s=++c*;NG_=YX^Wstb=1|ry9I^QKjnJY9Jks|-- zVM5wlMQIOOy1s;#FX1W5wT)W-{TQg9D12R04?%PDOSNzlzv;k-03mggS5Vz=f~{}n zT&Ryi3ad*lzTpjxLGLoEwGB;cFB~|2H<4f}bSZho(|R|yGqJTCa<`sn7HMyhBlF(e z)g>06rFVzS%PO!JM8|8Ds8v=z7jfN1;PkJMtU&&dWn9A1#uhzQ4xw$iEcTrembs#e z9=u2VV=FPuF#6XUpMc0S%;%ZLueBkn|I`-@&s3#lcEHo@cN!+zzmVPSK#!DQ zFBa%IU6j;E*&=+Hk%LD~R`cnm6KPrx*FrZw0mARX# z_9%og%HDt|n8^&-CGqe*-p}w8a45McU_)Cw`|EqxB7H?a2FD3^0zZ3qPIz?B@9J=1 z&L+O=en0?uTIm@1w|M84AF#t>CJT?nFLgQBsN#7=E4S{CKJ@TfcvkxI|j}#Z%_?Z90zMeA3N2f;VvlI!DgVi4Kl+octCS6fw&-#M(9U}pr#)s2V2#ZeThtgBmHQAWfIb&*BjV(N8wNf8c zMbMuqVZn+XJ~SOMd8Yhun82J5yizT(spCNo7?Jim&4kf>L-ZUv{4;;8*)&LOaO*J` z9UAkQ2?whn_UzJjvg3rmrM(t>S|xQkn2tu4bF<;i=Kkst+s}s=-2~0zj-OtM4_Ka*otT3-G{qsz^CySM!CE)`o#%7VCW%}D>$g^xOF%fy=qA*)I&No8YlZi$qB;`aWj!l&ZV zlM|EJ3q2+aZuX8QvjpK%y?CkU%Kp!O&2-iPkvHWAbvgd$u6mk%E(6`Q>anCXf>M@0 z&*7BcNHvFFEz;Vg_C0z4or+o4Quedl{%Q% zYET*FBBT=fE1^rLAyVJ-<04;dwOTl5{$*aHTRIQ1+)CpZ1ntzfPr4zfy)=#{TpiF? zAkn=4#QIoxkJ{VgW=A`m<=4OB3tj#**b6jGFysgVWB{4@31@6fxU(OhRd2E{JZ+EhV=u?5+>;lpmS&4&}y#CO~9p|kM6PM0@FM`O-OeU$t3Knc&om)h z;orGL`V@Lu)UUosG8rUmYK0G1ad#>+boDA+Q0bH2$hDc)!|VJGuxozJ|H5px-?|I0 z@LNZ@oj*<365M}O(Y}Wi@-9FLrL;WhO$V+6{!s2m^9OM(7Vm^`Yxwb8YU3n^etRl@ zYrnb3R_e+!yH|o|qT4F{#M5K_dCASfdMl#iN>Bgh?<)+3dYXZJwVRQVkUVKZlUR%= z%|1=0hgbG-5#6^9cuOZkd)hQ8-d2NK?BxZQA;-lKb;Q<_7{1QYtiF+i8MX0lsgf%B zfci`mlcOdndyL);U8d>SVOn&WS6n$1UxRj!TkdJhvYlmLH`K#NLFzotQd+2j14R$Z z{Ww%uAhzWzZdw^B4cbalQv2?fCvt4$DbrcfS~OpoZTzG4FEBpT(PF}MrZSU%i3kWh zlXP4d+6fOfchX1;CLT=dsLK!`hQ{6SrVm`MaYy3H*EnqXfx)=n>rHOK10I2VnG3L6 zI~gg(C6ah_1pB$ur)XnpXh?l-MnCt(=$gj68FrJsMDOR)XxT;!HB1V$vgWqf%wJGQTiAuoi4wC(F;-dE^cgUT?ds~R z1%vFAsan!ggF4q~gMyMnUgc9Q35WcCLxBM=`UccM=|%>*8J{{JNU!W)B{Qb2E71c{ zd##VQ?q5w7*E`EDARz0TqZFRx_CAEtKf=rz3Wq&ZA8tZshtXv)pFS1w+>$b*^<|)> z*umvw9|-@F5I{S^la*;V{WcG=9&d}eQCxL@Lx9@qod2E?JbJEfC zUAwI%#HU(K$H3WnnPD|Pma#_6{NnNI`XyGOrT5YHk8l}f44D7CJi%v}%Tmc=zPm$ZNUDRY|Mo1rS-m1bU! zZeLG(B|MWYh>l<~rus(N5jWu}IhWcijz>Ry?CVCSAuPY9{3;H?HszMel@Q3!#vv>o+Vz$ony|ZKJ0i?kwKkCA2XXW3Q)_}W$!C={*D46@Vw~;3PlJb~ zVsZ!}CG4hy61!)~o^$TKl)c@{hZ}>_0Lj3VKT`#lM+Wk^--EX=U%ex4l(PfNG|9@# z3&gB;bNrc^bQ9#r|FrB?N7U;z2CsRM+*VBqTStjv%THFxOfh3bmjMPJ5A6E-p29}S zLS^{)x+4VD=QOI=-&t-9uBWr0MKTb8mW_2_DBcT8Qrq=lnY ze74|8J%nR_NAfbg-#4T~du$$Phk>xWIX zQdosph&k_@Em&!R>7*oq*hG)s9cJO3D>$Q(Rdu$5xsYL$BdYDs{(J*6s>ZRU3G*U@ zV2?MWBeMC>eVHs_`@PADME7+Z$uL1mKX#<-DU2 zBC>o$cw6-(dv*H?yTm5 z+X`l#KD^Fuyi>XhGOKw`ya&2pBUM+6?v~c=Yi^vIJ`+q)uB*G~VRv)zke52S(h)?A zxhI~R7e!gC)bXKLrw@8v{Yh-3owkM2uzvXSoRLC6f?mI)TX7Br75Ines{<)D_*u^3 z6LJ0g_n;5y&mTy|+ccTk^4}Wi0GZqx3#>JFyUuT#7)Q7!sDC2n<_H%}5i-(YYOZf^ zU_0`v+t@Ho%yl|weMKm}A$TpoDV(N{oIP_ z7SQaP;9Ib^AQSn1;y?=9$dWbBA}}jUjWpb7Haplx)H+xH(;S0@oNSEee@lpjp5p=NKpz;pVI(B5#9zA{>A9Jv<}GY$IESNXP+u&u|$ zB;oN%tmEX1aaJ_xu2hj=ug%6ngP(?pk#VRIL2;{oD*-TtU2C&WEcQ|<5@Ldb`HNU% z+%=3i*b2%g#7X-V8&2jzp}|%5eZb{ti2l~Kzz)x*j>WE0%g90B@R+VXcn8ts+LDtE z=*@67d7*6~GG2?!llBR*Gn71QTHO$3p)ItMS&i%TCK585W*w-B?Wzkrcl!0+Td)ALJkueBO*!A2K}0di12bxAVS zER$bGkBAX=pD@F37&yt4knN;Bwln}d{sMH&{hI1tF)*tYMq0#goeW{p9 zU*`Vy_P|(z*^u4$4geLr)69wwq}YofP|IVf2?F@=6BZdIKC3)W1Guh(kZCnu3*@!FU5k zIwedBvQ(R=^_kI%R+7h|m=`$faDYbri)mySsIpAAvdDXjA0b_yq~5tq8o@k}ZL-5} z8(r8_qc0-jrZnSsNxGkkxS{*QB;I&nMEAWq%&ZkW%cI4&5&e7gL?fREPx=gDe@c9v zNcm2ss_+GG74*l&R>>TgrSXHjsb|7KGS3ZRd~Uc@8Q-}V3e@c;Lhz;Zc=^5k$ z4gTfoqcGlT#Gn`Cq&QwS^`vTFr|^TGL77Le(SUT~cfyB2Ss35S3u|w!D*66c`nv;T zjSvYe0vv1_ulwE;WotGJ9mue+4KDp=KRYT;ks#_c{yF?ULl!1A$eQu)duu2@&USOL zjUi0mkwL}zOhSHaK5?r{l`YvC36t+THe7#j66^Bx1XK#UC4*`t%;3X?c5%^KD8q=C zvqhB(xPcWxe(&$YzLiAM5X#U1ztvH!yy4})18~d>K@-1a4F_@YQtrKZ?0m2%Q8k@{ zFm3d0z}r5(YB0x$3zG2aNYPlR$=NF^dk?v7QNX`(w`fbBB+A6G`zjsPhDSp<=GGmVD3FsI62K>t3 zoWIxeZ7?%Fisd0x490 z1kPNkB$4Ls5kAk}P6L5I!IKMv%~G4ngoVebvKp`rNIEK=f(-1bu3bf;(y;aQ_$X`U z$4_$7YrLLjdI-A7Fu((Vi*=K?aMr#!@%mTNtRvcRiBUq2(Y)ru(nHi{St_V>iPc+c z5i8azTBHU7nuzM}ohO0k$&Kumfm8Q97g74)+BZv89`f%F`Ju#icZH66h*~_nk*ppp zpMguLz=)R&$of9sKgi%S*>e1vE@r|x8E{Rh&;hxjU{L4JmVm4)rgusLvIQO}`OcV_ zX*4m6(q*9*#K-JI@Od($$ulvJicOUjsQKli42ow^0! zgiUr2CQ7b*2SNlavGu0TJ#cngbS%csvXq3wm_{~veE7Y!^668p(~hDuAE&gq2^7>3 zJvJoQhjSb0?I=b~y_K8s^oD_Nz}!8UeDkk1^g}!)%0LaWO)N{Ghze+8NQWNjO8;hLL|=dnqx#E#MZ*H07xNEmOqG<{a0tg;su{$CwQz!hb77tJXMtB1(8Op^YMLh zNj6tD3LV?BYG$`KEP*M;U~GdEs{X-f6kh+*O7r5&yEwm6VB_aeh;(NUhVBKhen|J% ztQp->2>Z220^QjY2WeAm%2SZJzb@yd!<4@q7=36oi)79dLp-HH)q0cHlzmX#y`P*g;bkP=INX;#nWlZM+O9In7_&zk5&AHNlna># zFJ0l*cde5oIbz)pv)DCe8)D$u>0Ta>^1y;sXth7#n|hI3p(l%^50~td{8l8HScVi+ z@QCBKcPm*Eb)X{s?Ao9U>V^?4N#UDc)eQn*KkMzkLn{dO+42|(Nv+573+%gT(i#Oo z?)ll@_+q%Hg{EO&Eh6D*9l>S4$lt>L%J~vLAUrT3$Gy;a<;VUHYS$3>3!ZAXYik*}uug6{8W&Z!M^p4W zWy!`oMpW1pM3z3@adz$aXP?S#Ao7Oo@XnD%hwAt&}B$3<+ zzB}nmDEg^)YeTwWH0?ZelW!_8?jt>kJGpUPvNuyw3HZWUZ%k--mGh+QHGS~Wc?A3( z zOGI(m<}UnQ*fxs^CA=xLfkSiH7ws}a4CS6#=bE(|HK=n@BGeEc@DA?R2x^Y#U=!$U zoU;GYCG8YS_pcXL@t9A})s)%UiRCN6w95XbrrAl<3yb3{G3+-c%`1n0KqGDFL?yj^xJf7JGbm`VGU>z`R=f2@e=iP{8LS^P9AS9Wt%`|ipP=q61f7|v9YiBP88?mIDPhMusKJdR+Ka~wH0+fpwh)c zK$w)gam;7fx6b?)`xQLvL1>zd`>`%#n|6!Im6U)q4PMFmc2>eE=%lfXD*Az<7>ei` z7J3urpc}49c5ec?yrgm%-v`jT%sgC%8_}aI&-L7n1znNPNcOoC*}U}TvdV(N5V>}~ z(Q1;%T6r08lD{IxPTh(3WQ_CxNA0LVluc(Wn=@s%v^*c;NUL!yLTEOOkZogYcs*4t zMg#mm01M|IQ(u;rvB`eM4I#Ugw~v_`^r=q7L|~<2fY;%(QI&OdQu6 z!lowyi(e-V0#-lzUadxkS!WrBDk(W^wu8Neeym^UZ8F(HcU+phI~X~J(ywNAZL0s8 zW>Md|F|>7>&r8cwxA=Hh(7t1E;&vjdXkH%E^PDEKfOwvhVDHGELtz5`n+&VO?^N?= zdV<((-Ldbe)cV0`W)FpvXBuufeIBldX2Y{cIvE! zN#V^!EPL>^q>x2~S1K8D-4hyj@I#!{v6UD$xi&r44ME7EdmvgMx6%DQP|Z3VmCCrC zcw6w0hN4=&zcBToWZ4C5ZjUTex3L4;K zEo6g5_1sWHN^Ss3lV1bKG-j5M;mB`UZ_k5JI?taa^;IO>3&da<*rxP4gRaDqo#RmK zUU9T2V?E?h->CEW>tfop(Wtqf>FYX&G4_9y%)dTN1JB`UE2Tt&ZGmf+)lAfzMwU|V z946h9HZlmk%?{tR<^ftZf1_~mi&jm(3;SM+Ia%cwFyBs)VP7`K0s`CLeLWI`KG<@A z2jn$;dLm?L2szL2{KKdPp}T8~&|Z;f7-hR+zrNEkr1pR;odrc-GE7@*6%gHrZ4nln zfEl(JiFoqkm;GOlKj21g!5Jw%FN>Pv4)=bgJb%duwd}{T3UjHO$Dj&yV%jO^&t{!M ztYS3UZAI^zW=j@K^sM#rh5MHJj*ShpH0DV2k^Xs2&C2Z2S7i;)ig zqW20(f3~vPi;_WXU!8dc!`9l?D)C&EA2~{jbCxq1n+EE&6hIrM*i6%d$wFhS&&T5# z%VoY2O@yB)zQ^M{pmV)vCa(F+2+;+HYI>I(a+&AI;e*lqyQ^jua#7*uyJdg0H!scx zCEqq7ZF#tq&4$u{-25k{^{=;CPqu9lh4C`%TLQE1u(+8N* zB_P_OujXT}w0_YB?Dbu*Y4j-odN0SY@Ucp*6$bF2c zJ$hc%#S3kj=vf zCY^Q0LGpF*3og@LSLoB;O(pxXSO++DUKn=*$5ks#p9{sCC)|aFH6$iF>wYdWnWW{= zR_6hGye^2e2(XgXc>?l#Z*X1$pte;)aZ3N<-yeU}&z^d3{C`R3xeuLP zy{iOk)f?XU?G%c_))(SMIYo*BrLR`1eWpOW_Yc>#TZ11YDhuFDi1dF5q7`+}Rxn^*(y$wn1gF+U!3my$WzKC>4_|w6M-b`SBYEv&*&A zUGTLq9C?4Z#rqOHoPG}P6};2@_Te(fDD*Xd0a338|EG>WRp3;B?;ZH2PMp?~PXNkGO%&CyWnQ;|T)lmxL0_JgK%*?Lt;55l?W2t*t@^Cr zNEWWe-p-?0sM&W&abWhkU!zNbw*Gf&A-jJd&q~B2)5|oPFpt9Pvx&b6qh7W9+sRz( zrbCYBhVGQeAM)6|uA+Vr8Tu zEHtU21>hw#2wK>?A0d6FLpt*`HJXnqc6YHrzN(&0DHb}LX^5-sHR!%n$5R%q%Iw9x zupJ9oJ7q7SK5x`hrm(ujrU_jub_{r4kwH+g^V?T7`>SJ zEXUD4lgiSDtVry$1;CGy&tW&PEv2U_anS`WwjL`y#0vYFybURslQx4->r>RR8N@l4N=#J|<8QlHXDmgaJ z9OG2IO=(T^mxMT779`Ho)YFzs0-0cBprT3hqo?&rX@vh0yQ%B{Sfllbh=G#IO#}Yo z2!QVzES5tZv+ss=pd>!a*zw_`n!heQN8f3)*SDt5hDqV)W@=-yGwRVQ+&{hkjLLu2 z0soOZuXN!s=wpCLc@Dsg8|d;8IU>+%)Xvw$Zk3F*(HLsW3dA`4xDDJeQ~ID_rt!%r z@w-Bn@FW#nCvhzc$}-G&cfzbx7h;f(>qb+bF>KxNbqLG?zBLKpU;<7kaR|Q65uCvn zd?MNE{)~(WSf0nHT8CGiv{l*ASfZ|5!1q(q`&S}>?0`NSX1W+dn_RbBIbff)-TQ|t z)pyIxGb7ixi6npwB=SNHL!6uUXFCR`0v?|0BbrUk`s8umfbw`8h11#GP5Olml;1mR zMhkS|3wD6KEW-ld9 zd$D)TTuXlAebC>%iKNbVpkHI20iKa5^h58@FEFKdx@u-in|fus<~}IA85ki$whB-a zM})=Wjgt*~sjuRTo@oCPDuTN!fu&$DRi4f94>en~bc}FZK(I+7LP|yM>RnvwFVnkr1s}f;sJ%f-@(6PJ0EQ655;r5fzAJ7(!3+; zI7OWy=3QNXi*fwY28MSu6$WP&^KJ6*H~!-(;|=tcV+_ZN1XpA03{_*Iv4Z928sz5c z&XMe&|6ho7b5HFq zhGbL3u>ZTdpqxB&gNbQL-K=kNGT7!+LA625ipOqaAxxCXQ4N#8;Mw9Gg=MB~_dUSD8r%}JF- z@DK}wIoWy6-k6p%QrKPkwN~Pec8ag{|3y_iLFvlA9EP^OQ2vTDSpai5tXJ7&9(omJ zMC5Ply!+aSd1)G7B&bmllV=1e8pn79N*gMDz^+3tDSYyP(iWY-E;U4d(lCFmL z<`2<=n*SazSk916oqE)AbWz>v>{DOv9}k-b0R*ajpSP8v6S=gzEqo9rGn_0?=2%|% zn!esj0VtU8)IOxDLsuiylj%dpKB@$B|5r-vL#=7mL1mm2h`s!@Xmfr>7F4O4m|F8t zJ$5H#Ymg!*LLnFi*bJ!Rq{y(%kLD$}(GH#;o|mM}vbv>Y3wgDfxkUe(<$;kVfg9V7 zLFOL>M)zcZe@Hh1cHjw-pE(+1u3;w_6oEONbV9l=0I- zSt@i{P#S!_0bC$QG@IF)M>n!R+~#Nd<_Fp}$uMF`sBD|_5?Kxv^(fDhzAUnf==XkU z5amoM)|`ySB;0|Ag-QZ@BK@=?f4*^|tXwW-kLDsx(~B%{$kj-*F!&sdY!yEZgLk`I zT1aoslfO(Irv#vnQgV@@A{AhT7_8s!NB*B}_S!lR0F6`XBL*HNle6b8PXD`?#Q)%L zV5u9CRF%?#sPrk3Nv+ek(fN?c-#u-)dB&WI0-39QPimFj%I7gZQ3v`eKKASv6G$I2 zfj2>xKi*J-*+=Dv0l@20W!E&Hi8`wWB7!Yb4O3iF!Bw9=XFLEL9A1>(`%z%*`m+u^ zYQ1qUY@;$UqGm>Df_3ZCV0czN$L(#S_M3IaH4@0IkXf>-d>Y*^{w@j3N*c`Yo%pB| zjhTJ2RyQ=;vt%eAsThptT|aAa9xbgP-5s#{VgIxf7F`fjT40Er`DuRAei}?rhXptd z97`s!QxgF%qdH<|ECfC==w)me%J#08T@b}VK}jf9;i+|B;51)C+G>h#YyOqKU1-b6 zpk-MF%>P%m4wt9{p@xhUl@m-|fWKAIXj1>8=OPZ1i zjhQH1>o>thtfet4IxJp>?<-STouq?c)%l!|?Db?iNutIGBj$J5baqg^)h%^GjeDuQ&eV3;j#d=9U%a{`x_2r_RgXUHmxTCStG6FIuc8 zk6=X%eG3yO1eGTe`6GbPB#V;bigLx(lx2cG>@7dxZqvv_>U^Gr{3ob_E=)2o!7%Ak z+5Ng3#5M=Qvq=$(&DE=^bw+5KKjgAeawHTB5VftybhZ=FtB&K-ukG*|^<@m**IjeP zP?$ji0ct|?{l~(HpkrF3Vqw%yPkHRQBIYt%rE$ZYmfvZLWxXvdeK$wEzYhD&-;zBv z$2@_u+D!_8TG~Q>10dsdY6RcJfB^r(OKbLCiM#h9oJes9szVy9{GlNa0VbT$I0=Fh zGkzCj6VDQMLUx>zQ~Sk}7uXJw%SadEsMg>l)?vOV%W)hf-1QckaUp0Q*+JbJx=WsN zGfRrWB%qIdh?_iYzx8zl%>A{ZWVZ^2pa3M5+n~On1N>aw1xWXc$1@ER+|)vLo`(Cx zqlW7X71G0WlPsto$W}iBeP$0bD$B4OGQ%4d4BfEwwKn2&w6%Lg7C^nCtZm}B%X`3- zwzc-NlShSN>oLUa>cLSUSgJT<{Z<8@3y;%lAKh-)!N{oVgx^$|(7ky8+o3gwfl~C8 zO8aN4`imUrYlRz|e3Y(cIGQDCP}7&(y(&;IGSdoTF8vQd*HioNaOlgOd3AqGkrs#j zI{MKY>#jPixA0q+?AtL6hDZ0jf3E*#74k_mbdAxjsVi5-x|TofuhW~$94y%$5eZCj z3RQO>LE8O~5{RUu9KJ9r|bs zTM2GCU=g~2fw^puyIQNT*SXqT;k@V-!@LQmr7dT%fLYbvVEa@Qg_a*oBh~u-lYYDl zGYfxbz#nu-Ik7ih@fe+)9--*zt(osaXO*@HZoCX;XHI?QoFJD4^pMNwIPbJE+i_9^P zXd3a=nTu0rlcJ180n-+lg`3>7Yi0npjxUBuEhA548BW#ZI=Ez!5SscxXt!&M&^$mC z4EK~_Ew$qP)yeobi2tu~-;s8mQ{TG&e!j1XZuxgBrxHKZLUrl8^Izxw_wS!_f5q}Y z2E*S={KuF({ehNe{*NJb|6i%Xe?R=5?yqb9A7lId-`lxV?>;Y=`yZFCN8I@Lr})=D zww(QImH%V-z50K1ulF_1<6{&ujLNkbaQI9~kVzAIBj<3ELRi4)_1*lBn>uyMl*5tR z-K~`f`m{MZc{ygyLH~=>1sk1|kQ5R7X|xZ8M>fMf@!uV^f37e$p(gx+k~z!(TqqNE zvXD+|?Kr@N2m3m<4TJzNq^HyK;Izzulluw(=VW3v8ZY0rCw~$e-P{V27%6jblOyh= z@R53FXWYVfWbx^pj^|I!O|XhNCkrpVokf8&pe9C*M#t`j*C)f~xiWZ9opLQLE`Dsk z?m06v(|7CNp6KG$s|K+T71A5>)fk!Z8n%I)^>T)R_blAQCO3Eb+Uz%l{_W&{eZ>M& zY0Kq=i$<}n7q+`3Lc{tlqQ!3iW4r=<$A`41pe%jZ#bHf>czyVvw>70(W|}xISy$-- zi8f*hnBYvV_hK&+b%}_M#(bV{+q@3Sk||#uye*J!^uAtw4&_x89RQkpB?`Q~QDdHR zSRB09E2VL`$cWroeoWyJ(9Dv7Kae*co{Ddx61_hH5Sn z-1=tPt6#d0|58*$#9)1;wJ4Y@BI-P%eD*?f35@~;_bZljoubN-P_F$tLjq(--e1cQ zeP81?R$BV)%{N3=9^;fOVJTMTQ&BBY@WsL127ZAOXL;J z$U11HwSWPj)qw{tQ}sVG%^SU;G`Lt-Elw8`bTG2fXVbHCYp9Bbf4Vm9J2P6{@1sHt zmoC7r(BQWbR_&gW8xXF)Rk2#KaQEe>zf**ZXz<9ThqFP}vd;fwx@mvVV!bzWGY1E2 zQjKjCF(h(3nSTGG-r;c*$hSO$IHupiaWIhKbN*;doie7-DRO{=Y*-%F>hS z2~J%n(!k^^&XU8gHLwS$e7>|O2&mDf(LeC%7k?WLP@xqbY>+aaFEO$!{)d8S(ctVo zhp!GSG8#aZy#gN$dimH=GQ#^O_TCB?=%vV|Y&h1@MCGqEZtl#LKitS64j_GA&6WmA zr+nLCkUh?(;G4AICI~|so!CBZeKay6!XxoiSs!t8lCW1|5K!#zMWbzygwymOZdkug z&|qCA3_q5`)Gb(U$}vfchW8g3WQ(l|RCfsk5I|5RO9q)Ldbzfa5Ji~zkEw0xy{~Z& zukq>_pJ_?y^hOuN3xWTc{z7Fx)yk}7Jxs93^g_pP4% z7>Sk2B;htM1{&;$f&JJFj=wPyA7;$TM>&g5$RIf^QrEch2sD=n_)n-WJ0>)Yd#JfL*Z;j&087hfIg-Fv$F*t&zVilB> zB-KoJwcdQ3@wbmd3RIWAE$Z(UG?~2Uo9M2x?inEtIc_#Hn=W0Mc_B>WVaj5|M{kZ* zTBl0bMzRCPTh06KRf`ipMq5uef{30plBUZ3Q63IR=>-CA+-3Q|2oA7Cqto8@H4`W1 zeh`CJG}$%}xle$l6&25#dcX7@9e6Bw(?~ea(f<4j^5v)8bY-Qi1wWFKX{ z(#lKAZg&9MTE^DZ=`0;Jy#<7F=8?+cJ)c)60q)^B)d7Jp=LXNNbn$AZkz%M>laJ$c z<7|4t(>maarZm;t{wlkO^4hSyHif8FthdrvqKhaYZj3V)k^OX&knZy#!ACnv2$x|+ z*>dt*jZ~@PYitq#%6A1S8I>C&Lw?rhBQGyMT4_z!d%PiR0M%`uvD4NDQOP(bwwLZL zZ~4}`xw!fGRNauGsx)?IZDr-pNH;sl-ZWWfqj$3YyZP1mHU4{B0qehcHr}JNva)Ee zyLPkGCA})fdKD+XvFY!5Fkp$?w{nA1UEry*M-}Y;i#I4a@6DyN>L|Z^KcahmG%Q#c z#9W;EWskNw8>z&}O|d%K+a3Qvj$q^&J5Bb&hmI|KRb~_Ard{v>R{D+Z0 z^#VYC{nutadq5^7v0=AwixZ5QIEqBedRT^`o`XH92nk*Ek-y^kAmLS9=HVvsVArny zUCc_EEcAKUbKd*tBxwjdd2X8~D@Bwo2K{($jqftx0NdYj3NWLS++U2b^z`()9bZ^7 z3e41B9U>l-^Llq)yLwkfZaQ#ZyFHR=(?!4Be472ajXRr?XX12&SJ8$2EqkO7x}#az z5P=)f$wq9Plv3kBB{I}~y=h+yN69;`A!FQcP%e{(8p$tp7^Fw0X6)F28HEgDqinuY z58T|g9tkGh*}LCz1&7oKJLsIO!xrnfK?Alx=+w>bbtk}w-?`4)Z z>qg6_7nqZPn9>x`oi!04=E-y>!6$*&#Bgn>q3rZ9!)%bS7Ua0W3=XK%>CcpAx??;j zAuFn%`$k3JWJf7O>ae_o&cH}fP;jX?t$zkjGXaR8Lr(&pnoHyREAd?F;-y`iD5kMQ zK0gaCTCE-=%AcljD`TPrk)@3w-1y3o6A57l2hd-6<-4Sd$Aw~SpcZ+iShIpCXzv2TZ# zG%YNaY7#}`8cnU#wF76G8%hkCYRza{9EIwA{7ICZaE=Z7)nz}80ZB2h;K^E`efVn9 zQ>yvjodolS{Gc%U5~K1=*QU)Of({L4-T-c>K`RU&uw=lQ{!SDy8NuWg+Fzg#(S zB8ft;-FsQwgAwme;7=Nk^X6@kSr7(0vp?UiX@<_o`r=I~ucLLj)Fj}Sx-HF=mR}wp z?P>iVewK2RtKVEO&5rY#Jexn|<6KyUjD3KVR{eHq#e#v``G^|F#b;QWY{oL(du~dj zMV#EjLfs#xmz=}fo!Ow3C&Z%BXfqb^$_lV&;#VmTIUKgUj+oa>&%{S_xjZSGb={pj zX=Xb|Ul10BHv=jIqa10ho~c3$dQ_TR_QiQ{ff{}~Pu6NQ`E2UuDSq9gDt{KA*@U>F zH-b8r7Z$APRyE#9N(GhEoPoiI3W9+QURV7077;K)mMmn(QKK>P!-vKq2Oax9E>WT= zRNXdskN-?cwT%ZLj++Zx#IxK8GeV=NEge+_YMXnjc4rQ_KhG9>aN0%@zA4G|gq~e~ zshKIYR`YM`>z}WV*sBavg1Eq>jv5WX5?+R(QS~58Ce81a-vX%E*==JSX>#|4tMyZ^qt(C7R`0fOX5MR-=5q2 z%1#$w$jm$V>$B3_O5VWedtGtL^;6i1Xy_sbqnE#*4B8^to{x|mxt;Rd-e=iV*V-c9 z$)cVhGycDLd+(^Gwsvn6E8Bu>3lK1KcNG<+x6q4#fDq{fBoMHIf)u6K&;x-G zr1zkR2nYxv2`v!rdx4) zBV!7W%C#QeblW`(fZ-2|ydwD2TE^9=Orug6`oGG!QB;ckwSBo z9db+gO=&QS#A15_!ML@G#kpF8G3bj8WaCY9!EI`SK2hB$q$a6+X+l=5;u1_+OP#Qq z6UmPml^QR38Y8WClB0rBAjsp=-F#*J^iA7Ecas7fr4qaE5Jz`&k~erNsf7V7t~MPDk;H z4Q2+~Kp$J5GYCEJ3-L9oNC@pkRaXT$%%s~0=v|KlNzquoo6`o3WVyD~p~&2=5+pYD zG?HbgMOKTy*f~zUz3RXrps$iBxt;RxFWKDI%6%se{Yds6%mt1xm#Xp)1jGu!EYq7n{Meo@ zhv9M`z5O6yl$r|U`Q{ynwuti?>FJu6^V0oQu^nIHYzn~ouO&10HX4PL3#W0?mCiq~ z-OYHrv-e z0?o554;%8sdf%N9Mc;nO>bdgmXf0#5Iu@cNxn2V-ZK=J*O(~L}CX!{nr#DuY=r#Sg z?fU{C!>e?kC@YWe9y>M~z#yZ|tHZ|IlQY1=y~4-$)#o1FD_~=xDP$dzT>nJLrCCQXP*K9B z2Ef6*`_+NbQV-HK0yzJJmFsO$ThtJAWUBu89)ZWnlK&X3bC~Mf-HdEBBH7AU9IXCi z8D9&qKJZ)^cSmrhpj2x@(s((QbNgj)%FoK7A34jTL~X zZf$LuRNG<9d;7t>uI^rMj0L+ScM4p!L!P8GSGOKE$SJNGuCVyVe|5~>SNfuKt3i(T z?eKEnfg?o469ei%PhMT|#I@KiLCWfL<8aM^+JN~_>+oMA<8;dG7@Rg^%leT^+%X^Y zi@WSo`6aGpG8yS_0!|T*U*3#3lF`w?av1gCI6vA0rO8Pf=aTWBO{#q|Gm5A&H?94V zhuTcBTLt~!`taPcUPXiD?`t;*RbatJ3mRUd#0_?X@@mZ{J?;|3SF(Uq2VRZxzI?{b z=&{J3%#p27TD!jqr$K6-y7|iFs;dlLZ~8|}Wyyp|Y77r@mr2?jFJb2z#fHmH=*)eU zUiNF4pm|T54CWd51o3vUIH=&S^{Uu&Mgy8S^D|ARk9{3VuNc zhth#)5JdGd?$>5Lf4Sed|9h&I!m1HS4~TVO$=! zHmxRmdTZ8quD2;J2|fMxs!2&st(LU=K(4WK?V|$a)&+Z*JjBsy{&aK%7=k^EizyC2USyT@FMy(x);G`xn+5j_MGHCXF&jE5Z4ANmC zGWnd9$JOL{iPPkdG*HmlT%&pHEa(`*Sx)`u*Pm^F`0?Y%rBhtt)a)ErMXwPZSx|8B zBVKwC}=zIcsZcW+{y0igtZL#BV<3 ze=f~3aM(GxezQL$tamgV*$xelL_bMWhtEErS#zUYl`Ui+$iHddp5Md+%@W6Lp`#Ty ze}OAXI1l7x4FzCPGM*7wmoA=!e-u$zoJ+)bDS02PeKi4%cwyt%%Q3i`CRfl)y8EBp2=lOJN)=+mobeTda|^@1h+7h_z)+L06Ce z_j)h$qV?l-GKy3lc^&yg{0Bd~P2M%~*!O=v5R0p=gTnu;FxQ9vUn&IuE?Vz+ZOpGc znbi;7vH=rP2nai?Kz((4Ycn}_I|W2}M^FNlfiLIaceC8;12v^19H4tH*gL#ToXvG~ zblSVeYHDkl)z^Q2{^sOFGe^(kfifs^fGs?wc1Cr+Qv0YN|j^kZxXZ)M== zxS|{TS*cWzb)iArEBBjB`Csb$=N_or`W`Rqh!x=lvYlHAHg$>Ly`xqOZVnm$`)9!y z!Ch~w@ZS1LctL?MO)Lk6XEFueXI_~nYh@|FaN#5ny3$6M+wCEgR#s5bewJG;tKE>;^8Q>+suw2- zQ{b0mx8vfj(BA;NbE=AP;&n6V9B+!T#<0*y1KcT#-`$5?{lyEVUj|6 z^0V+wj^Bps;8T~6>jpePu(EgdObM1yqKf}!8CLAT-WRD|H4uTc&WY{#jc2Aun1g!^ zn3TP~%bNK@e#oKkv)Ocyw2}YY*Hm&BYYtgW81}S92=mUfPq#OX_vZF(y4@sb7m8ZB<+b^E{}Vj?c)5=A%2)gLLI@Amm_y3$@b3xQZDze*LPs3_Woi= zZc@A7ho`G~MyV&t6hAwt$XAy+5w6h4X7om zm!xaSMCQ(PH>=nSRJKncX&z#3Pc3VgyVQt34EHo?5Q4Qk`ejdjG*&}}6C$?kdW~A= z>Dn#ZTcX*wqGZ+*CAHQLtSBpK0isY4a_0-%FmE>YReVZ7Eu`DZSo96QHfwz!v< z=KHQ9h>MY59k-nAKdu}RCalk0>pH^U5J0biK1u4MzrKH%J5R*FH!Hv|xT?&7ZC7PJ z;Rp{brs|hjk6$Q!$-}8l`z|AXY|*5@2U@#bJ=g!qpXJsu?!%pEj`Ih@-N$#lntEaW z&2u55Y(P|KT<2E_VkpQ9Kn#r;3fMMhkiC(j-msdvH$>jKc5P1@Q2^QMQ1jy3<OVv2&|g-kf^PPOH14=7zC-C8JuKReq6S6Ial_OOFUnQ%U>eq)I%~`LGJtaMR|5 zJR1bra$13Gn4Ruu(1zNCk{p(Jm7}mGXU6I(u-lXMoh+p@eFiW=qt>ce5l=Hg(wz3> zlpoqsro1@6bTi^|pXc>RP32drS;(%XjuQPy*6F-=zVAmBDVqn>V7L6y3r}3+`*YHv zi9~I_LbPM-I~*qR;5sE~H*z*hlQvf#D`=RNeemq2G1uqq&bre9gllf7;{7ZG1G-DH zl$)JUvBdyxvFSwVwVUV~9_%H#;ozoEnYP9T}y1zv5L1tw7 z+Ke|6=9SNXa8Xgu=p8;LE=N2;&MJ2UdC(v=79WEy%F(9`P7kE!__gzPB^YOPGYC3s z)|-lpM)O-6cETH55m6a|FSZT8naIWnWi4xSD^7LWVYcxO#rr0opB(eF-)~Q(rm%3_ z7~R7P^Lf7-aH60JK7AXC`-v%c>byXeadD!(Z+Fy{YUjE14W;W^V=HA;b}|igX*+xr~b^%B+i09JrP7>sIg07O)rFR*@SPe`bSy7r?Ogua=l(z1cg<^ z6ess(t&Xmt=O!8AONkt7n^@Q6HXW5+&v(7uJBWyq_1^ff5;Ga#`7=tq{k_tI?X--6 zmSlYVUKTTM-hk+96cOZdyWEb^uNWKf1l6h{Ud9&-TJA~oC-zrUo6hUkj*O=CWFP{P z-I$2AgK5c~K?f{KQ7Yr)93qc*qP@E{t3kX{?KtFs5Xz*@G#8ekiq@`7;hBcMs(Vr;acS~I0Y)C71n+nn?I&u zJgB4Qy=+)zwl1Elb~??Mr5;lKn+u`a!ci7redkwJA>xTe-J*!8&U5h>`j{f|Ya{$v zuG1yBUs3G|FX-jA-Hl0pY3TxwLbrO$sMdt_yWAn3`$mgx^=dL=@||AEL_Ro``iuqY z>4zb1jXCa!wqUd}QxY$@B8_^s23AF@uru;4(TaJ_YDmq>#lf_O?Xz7BUJ%K_-#IjK ze5OnGl(`I&HrhsHY+umalJr*CmrCgs;%EL&O)t3Lj7oQmX}>^C#)h8^GF59lUa6#p z+cFMHGPY%OCfjY0;7(GuWd9!Gu)d>hc2ARd2r_ z19k4a=ZJO3;UDKYfAXv`2tE6%JzG#oJTAtwKoJQ=cQ=HilVDdyhQbMXFPo+_j77!q zoY|V3>2*qjq;zxCHQ_mk1*Fyf{^Mi~0P4eM6(2I(; zQk5E(hv)LnM`riUDK2H`Ov^4`#JsJT0Yr#f=)yWu_A(&z*NP+5O7J@ikIv!_GOhtx zg`4L0ZlWK^^3r?@YK!i#wX9cQQyfUT(G>glhU)K%^`{eMy~6~eL}D|oHY(iOO;}hq zVzV|2YjrZ)FQRqO5$;3pb?n2H1-cHuM`g~u)}Q^<&N;6t7~S$yXeK5r%A~eS8G}C2 zl`NCvM3H>_Qv6BCx9oIr(_HV^ssc2X1iH3(ch3_zB9Uj9j9-TEd+UmKfL3e zISWr+GfJ8g8&kFNRoq?{fJjG*P5@;cxG>z+I^2p zBVtTtJs!AuFcnPYDZc{jFDqvn)DnzqaWS0i@u|B?5y^ClpnyP2d{t6;dHEk3=6|@* zU5|#hRIS$iUgPubKHSedzuGa#qqsW_V`GV$PL?&6zFTtWt4aZoymp9w(d{GlZP13j z)S$yY8orDfLXX>M6ktG1aDY2}S6^%2%qDVw>$(w}MNj5Q-ZtHiA`9l}nKW3+Hh}u` zRHTv+wSU&dJq1i8lG_`TyaVHm@DtIp z_Ff2i7{=ec#5B@kQ^%Vejd#Ws-?FnmB>A-tu`Xuy`KdUf@GY2gD1m6fsjO4JPyphz zA9Dk&0Vv4o9s9FOYyGGu;5w5%N5hxKX%M&V&n9B9 zYCq>{rF$U*w&g=AO<~-4LB!f*t4N(Ta24;)^{^KYSg`_38J!N=WPwwEnT%T1-Fx>O ze!Ur)CNVhHjgU`&K9FB~e299uKlc=z)=hlc%4L_FhGp-pH)Ori&+R?g49uKDP71>S zBjNRvzF$H+Q>ovRStU&DD03JGCAWPzgwABdc@(J9Z%lwAG^6H>WddVi!C=AnkbqW- ztVo^zMRLrwQP;XqdYkLuW zS?wgMG3(az-2z615r9eJ!aB#M#}?4}dEddq`8g6!ecxI^*I~&nloob4h({L;c5;l` z5nhEy+;h_8u?Z9?Fi2yHNDKzUdwj=||JT>%_k3V;cE)KW^RHdC>{Q$3anU!$qs3dR z#GJ5|q(@e$9F<)h=&7%@;^DjgX$?4FIe@?hUz=)oT$sGrSF`F(B^MilCKY9|huDYm zxYN?mMjz9;yTd!0nv_9nc(?Iul@lqx(ZZ$@h~)+4zEThS7wjV7IB&92unW{y{S0@E z%(LzYJAr{FcCvjd!k{uZsVuJ>DNjKgAP3w=ZuXw&xrD5(<&xS8Cm z-;^3aUjMw8b_^6u+<$#b0})Ef18lAu%Eo&fL@OzhCv{_T>L5nGU0$49>{#0=$Aq%^k<%8po)Y~B7 z8^SjY$~-1Coyb)XC5|%embD z4|c6o+Z7$@So7qqnMx1h-;w!lAM0hYzC8*zjEn6cWlwrbtVZ{9EBN&|M2GPz7EIx@ zuTKAZfNE^)=+J`X8Q_CCT1%fUSSJH0+~=N*$M`$DwuCHdf0?v!EO-mbD9vQ|aWnPd zt(CWpyuuX=tat6=Tb`7?*i}NGQZ-_To~M_N|o4|3dz~L zn5H8?kh1n@QsP6z=h2_h9#a9_voNB%EHfI>wdB$aEvE8{?K5c2{Jfxi77eHO+SA^N zKWb0vHD3I%d*8uH>J67XfGhXa`o=13xEA@ZSj8volhhmX-;_7V6M+;(2^bcnTLze8 z*arhFkpT*((jMd8QMr1w;g=e}vC;?s9JgD#S#-td2>WFe3 zcXqPxNFe}TXvtW(;xfI*ttDBu9882^lhb04BSgn~qb&dhyMhQhoG0bBGN&|j);Z8H~oq!#kef!!+1*WIQJ$E?l@UGX?m<$&+rs13V&}(wcRp~%tKV9I3qVQCte2eIwRcue+0(ORlQkMZ z4t*nQOcKbh1rQ+w0RZpiI@<%bybx`pyITVe6yyuiAc# z_~gUE;wpGyCpvShD^tu>OB&z|5!33!>xnLPoxR2OVBN8!b+c4~YtJ5!u(nExiGd_v zJZm=C(|3NZDly6ZnP|Wx>w!@7AbHvK^|x%>5(qx~NFmY_;{%Bb*AZ50;1Iau6XC~v zpDOj>(T;KdZ3u=1@T%;PiGX>h)2YCA9r1AO^YYs%F1+%N{|QjhGA}akyCC6!`}TYT zJK+3605q0lkjas)r9Kp=aKZD>`1Ko|VKFNO5V3&EV2yxY_B;HGlCR65Qy1}nF0E&o zzf151EeYb#C~>F(I8N`vD`#WXk$=v`f_J~C?MJ|vy?6I+4j3NILtQd>!|V?Ap+Eof z7!w&{$@~VUNQv9%eMpY>Cx=gMpO@pOWbr|NKGmz=uk>n>&ypP(MlxqcD*WQm$(v;*B@dYgv^3jNZfJEI0RV}osY?}E%G z-X7DZjO`=-OVR#czjVvwF7tLSnS!APjeW9@T~?J6ZiZ>1$h&6rxiw|`wRU-blSuo- zT^D+!GYB*xRLyhf;~90VIul)Xm=GeBdZfWiAm~h;%uliG+fAQKrk9QalN}F2 zRSzS&JC%T+X0)Hhkk3pBz2TaE_-6ba6+;9L=^K7TAkY&DGfyqNV*f|=;9T^7Ai26V zG>FMiZ0)!@@Nxy21ixmIHuK%a{E|sc!`{uoiN?ZjQYJ?3={Lr!ojhLQ0>s9%(99#z zn@L}dcE2EGl@XkGGpMo-MO9OgQ&fGST8gdS$X4@J>hi*xg#gu2b;*B|W@y_QqXAM| zZwA0o1 z`E=*>q;9R&nv0xK_Hx#Hb->+_E2nYv`l_-U{$+1uviS>`EO`r} zmR3Us%QdW;GRt_Kv^$Cl%1(F;9qMC>pbNIXU6jRb zn`Ve%h1cgzJD#rtTWqfqzJNGAYTb0)_=^>0W(W@N-8niJQDdAR_b^b)u2`1R_OTM< zBO4pBefd%pkc%w^spdd$*z;vse=dEZ;tjkb)D>vH4g(&-5E+1crC;PTISO?4?E@W%Eyzl0x zv-~MT`W=P>5=B8wR{1d66ixxk4#T5ml0~_058;UFU(fiqgl!qkaEQ`4nYG)lQyQA6 zATUv*)c1ET=8z)3D49QLwWM)5ZAuM~lDspBW;}L49=pm@AoIkfSD}%kjNzhqFGRVl zTJDKUCgX$4$T`?b$15s6yO2$dgHI9WM_(+g9Wj*#rL>*P^OoH2Q1xu}Xxx{;Z2>(F zdCNM#b~9CHl9|jl?DThYJt-`)?X+v{4!i1^OI<1x@k-6KTHCksDA6yTt5rbfy4?Pw>mqLASd+ zoBi>s*}qb@_r|Hx?8rB`k^`lFrUX?5Rq5 zi-<~yOQ`YblOly@*X1*)=ov2-N&iCGed?A83bjWydF3)~6X~d@J@Dw)s|~T=yKegA z-b?(ts5U2-{q4Z(nxO|BHO2S6Ql!VDKHI-$FA8RgJE%pR(ox=SyWl)c_MxFFurDV^LA851358mtS-X;l#K6 zvWV~&YvrxXIfe4CY+Sh}UQoYBiNq)22FvtZlWMZX1)W`EJVkIpv&f?#2mQX4I`=y&^wFu0 z}7No&jTjBCR@l|!CyWxTtB za{sOhAG~R-rP%oZi>MQR&MLm+MX)#vF#*?e#?0f*Os|HCgm|W$Cz2@GzaAs8t2YL1 zxBHs_CQ$Q7xl(Agh=DG<(2If>KbMj2Cx#5|hpd7cK;$WUD> z|JMTjSGoJSWqXqEWQ%AZ2mfl?T2Y4CXZfu-VvEyGy!|nkr_MbebV6UDx0E{CC#j5& z(eJKU#W|AK*i0l9j0%)>(@W{evz(Q8(DW`tlMTX^+KnfMu#bVULt7RhLs0(hoM_H2 zVevaZoRPWS*z2Xq)pvN=r)+VCv4&rv3p2pxiyH%RQSZK~XRgrvp}3Ys{E1~BXFzr| z&oRdPyjaIHpZYWh*lJv0lI;n7qMAjc%+;J%wJPZ~0*o$S>Ly36bzuTAz=XHph@oft z1oeK>wwhl{S;EksPPduF$>8Vv0>tC8H9R%TvihND|WprFQ-478g$s`yWCB?MAYCEk$qaLISQ zlQk)K{Yy1|lt!8v_uq7!+KZ@`GwI`yP>@o-Xql3+A>x}c6FGhfR0fd45a&E9v}nNXsiyCHe0c;-y(MVPPLud zote!0IIQWz{MDnF)Y!nQ70*N|F^Wb?>!ebJ`a>n281o>-w;#&oaV?>?7Z}Bc`EMEZ zDwzfdT>V-_xqim23H3~dVMw??K}57a*XV=4RlQnPwMOT=+n)qZ*4~e-64PnpBhyBv z_xh)e1SW0kKjiLT?i9p$3_z4D|N7vv;h}fVC?jxR|Ac?vu@0Qk-vgM$-8MmM`1PwR zZ)51vamS0=2wsr~~AgZEI*|P2Cj-8k#!r))D8h43Ej<0&$M=;@U5JCVOV)iyyWZoygQz&qx(4^eDw{GYRT)G~$_eE6D?17!m zTF(*>{O0lqfwL3IsoXq7@s63aXFyv6{r+l`S@h&68|B0n1&SHe+tSLOSg&!+ZawYxLckNY8)WZEGy)Ad*W3`GfGp`ik zDUV#Ex6eXe26&;!kstht#B1d);ctD{ui9H*UM`-{w}M8&&p!?r)0!NKSmwKsY}QOp z2}cv4k3tpkEkGdR%u;loL zW$ia|Kx;RK!DyRuod3cfJ7Z`gCodGKg3PM=^*_(cWU7TCJLrte2%v;C9 zKlbXQpuEdr>wOMim*YJ=n@`^l~ z;Wv-fk=EwYP^-aJUx))eKSv<{Un8(UrxTka`I9T5jcXT!QHohcPR2>i ziKf@aZbsKJHZwJR&4eX`f3Mv^CjlKfjMrN@^x7+_4_zGR_Uk^2x;_?>1J|St5%x;tCVnzQ18scH8k#y`O?S64UE$` z>FBZLQiB4<+3Q1f@aO3mVUjR)uH@1^)v}4KdcNd*Lj`u#;LoI+;`h{kBQtZjL92OXVFFXzC43Q@Kv4p<|eM zfnG*>!I-f|$}1(tA2?Ng+f4S60bU^R0(2GwAlcIgGAO1nn+MLA#emZ^6XtlsUe3w2~yuimv8OvspDN$Ugt3Q0x!N84vgAFXvQPlZO5 zPs^M1q3#9;6*MNXW$D8e_u+186KXI^X>0|omUibjU~Q>RSxwG8mL%-^-6mN)q8`BUF<4_nG^ioX7`6}^kHBxC>M zoUn(TNaUb+pZB@6o&Y%u4vvi|T!}~enubxvx0R-9`{(=Fx79me%c9MbOOBU&SIYf! z-px4o0X=LtDc@KR)P~AXT1irAsj25=U4eY`k?gDO9-DB0JbJWqf+S5G^koyc@DqOb zlgmB@U~PNX^VDQ%tny=ejWnmI*K_VnhCsgtwwz(O9Q?`AWZNOsZ$ebq?1nOaXgZId zBB_I8OUVmH0RnKg)^_nCD|BE+=ioK3`_LgD6AeK_-IoTK?kbFE39x;S#%vi`0~7=0 zewot5;-`<=W}VhnH=)6g1IwNM>4~=qkJv6Ev8er2en-=fVQ?3ti;Yveu)&V&x)C+$ z297Er2GfifWBZb|QY;G9z(aZ_(eBPusvoo_NK?;%Pv4Lu`pU~|SoKmICj~#b4N-!1 zD{7Z_q45&8*1Sr-<}d2Hh8D%LVi=gt7onZOgImuH__Aa+-ZPIGfXI@craZ7|6L>$m z+p~T*x5Pw|X`|6xO=mtqPW>B843bhn7FOlx~J9QCf#+W zy+@q!bm0Q4p?EWaC0rQie5c=L(W6xKiPXH2v?N4Cq>n-C-z7rm~@QUJshwVJJ|wA!uM)INLrf^y_`>i*K=E z<=$4o+$24t`Fm`C%XjQBW(1v}jnRG`Ay4SHE2AEN{Y_2y_erR}O_01VL=>TS-D-V! z_#set-@>D`%3m^^K?~i^<63f7TEJ4`HqgneO&|lhv(!!j{$r~%DDLL2G3Mq#H=s2N z7IXuWKXg(^8;E-fthCoF?A{ILN%$aOX)ufGvDh;KIn&SkOL2zhD@|NWfzUh?6y|ev zGVW`(in~9J<>5i7vNH~9Q_M6I$LfomTFNhdjRziX{W1Eu5AELrEdI+mh_Jvn9p zI^`Hd4PxVpdD!E>x;W<5!^GSGG*o`_npqAA^?g_n>hlaMT&>o9PfAMSgR(`i;iqf2 zKAj{a`+kd$UEI&n-C6fqPp(G$d+*;}sh|U(yvcb1Od0J!|F->6Ku-V9r~Fx>fNKEL zVPK*0l$W@e3pt`dZm1rfGhaz~~`SG4nb0$Pa+B74ZTanqh-cfYm*F#^MA-m=2Zqy^#83J5DSBAL5Q*ZGp2@R{)rjFgkx2ujA z{^1Pd+BTs7e0_f2)%Wb_(~rYL!6f#*u1;GAlD9kud^Wx2Kz|}B_>_oqhvgx@Oaq~F zw=SziS4ja-JH@vk$fWG4J`fK7WI}h5PBH*w5uWi~6}7&MKK6#J zI@#_j!w2T4d0ZwTDn7}VBixw<@J9bPM=Ko9WL{KM#|I%@K3GyM;Eb2xKuGohoZ=#ov4f%P?xv|{UsiyVqm z(S~bGYzCfYsD&}FCK>~;BvTMk&*+yuF$OWW{XfO^3doAU(~bQY(;>C2HeOW)FHQz!wrx=+ z#sVxxKt`s|Sm0W5fRbgv=1OeM&NwwrOc@>PFXOlCy+LY|$JzHm zzrNFgf#qy}H5LTQJWE`iql@`PKms7}25eYi?ZaAU8cZ|pPa)s@Wj|H%eLW5#+B9b| zIJ3^&{Vspt&z)#qZVP0i5GKZAMN;^I-3jT*sOonZ@E?h!BDPj1kjcb~GME1BHQKb} z_sLGCJB*14ck$GzrMg)g&6f45#=0%_fH?mfo1+S0-h=Uvwq@@6eN+@REq8`A9pRp_ z>8WsgS^TOM@Tc-Swtn-cYBfCA;uOp`TSX37kesvU>fAZ7g+A2!@t06Zu1b{pFgS305N%z@=WW_47)BSJYyJ+64{gKziqu zx(?hsfQ89>AR?QoIToAy6$zjyrqG`Zphtkkp#j+Lf-4&*S#kgeh)}L=Alds>*ss3g zyE1RJ2DGM-ifw;Ffu3@fYE0K0F6c3Rrb8bn9yx^czgZC5_AVePo#tSb8H6T?Q(=C7 zeqylc6VyXPD5anyzzt+phl#j|o2C79sf$Meh{$oRB=_LZsRENy$0_H406^*Ll<^)i z!h2I@f!CC{nS{%hd50n+$$w>pHCo76m&PSl$Pf`*c0nwxKH-*gt%oC9S^yQkI1svB zCAa>Lmcpu!^WOt0(7ku&<|C$4ilfQgl!Djs-IC8AdI+)R+j2=f$qD8VoSGlGxVDU+ zqOStdPmO%tvEprnrO&-e_p!2akAUILU>R780#*l=K7;Ud;rFsknCi?>Hl5SceEyt+ z8nN`@atMtShSQh7q7rXS^U&9i8uYWt$)xG@22M-aZf{TKzylE;8O;X%t|dbiXZ-G+-J_laQN(I*5F zOH&S5d{xA%ofIJg(~3N3xpPab2$F1fXI{yYmuViO%{VET&6@8)iB-ha0iALk-z@v# zZXly}5J^1EpxMVDmuQA2rS8#=CM4(A2MrYOC3krb`9m$C0IZJ&q{w1oR)_jW>s_4E z))fG_vtylXtL$*02CZ{Wch)8XvXix?VyPpED1UG6Bk$82$nzJsV7~^Pb)c2!v20}> z)y5+AaNecD?*PruXZIMO9jju!#E_9-*ArTql^ttOHf_aFsRNaIfZe9e6aoU%B_eDg zPZg*+1`+mMjY}sUl3BM_Y>H1_GfLesP#p4|s|EB_5A!3S`)j1)%B_3BCrcGG7=s?z z&G}I8lXFsxU1mU!-#eS`p_Pw#swUY8I&CWH2gf>OEV}X!1_87iSeiKn(Q< zEDc!pwNvZ3)*XQp?BlO1BR_bAinOuL0=D1*#8R8&G!c_%;Y$S~?-o9dgvOMTu ze=QeG7dtIfOy>Ssw&PWjy9WA!Ur?p(@?ufHJkZWRl>%NF)xo#}M~4CeQn@48&=%&n z0t-w)eprD4CV~4ei6cC6senP$J3@XiSCgmA>tu!1tA(@4-csD|Up;te-4tMkOQ$Qg zmpZ79gsM-KqXeAUKW&3YL3mN-Rj{+1F`>0LhLzupK~b6@wYF^Vm4 zLw#FD>z|(22XoMHd>S)_#Zyh|vx40GDk%{e%G;eb7?V7(Y`x+JYM6pp*v#aO^^qV) z!i#Gu9^RG-4?W(&wwh|>@3V2rJ;Zs-Lz97myf>|XajezSujkV%G|&JGGL4?5dp<@6 z)@)S)(JkC9z(vhFk+v2~Z#enjzyLo@E}kLI{^1?3q(OMO3-;*6`)H;~P7w?<29lku zXu*K4X#x(Y>!0)%_4YG7YZLs}Jl4H{B~^pJcEe1b>7z%P3LBG3W6hCGTd=q4z||tU zTZ0BWJ{^FVye_}=U6d{&6$kx#m@gIQJvS&tvcEGxLLLZ62-5zERKyRBOL;u%a9c3B z`Q85O-X?Z#nVkDXA8zq!Vc1873BD&T8{C{|L)K-I`M!gXKfikGc=GHMBv&yNkRyu} zL|AEKrz|IDt49^ot;?Y8yyKph!eMC&mxZjI}0yaclJVM5EB?1I%2gdu4 zUR0BHlj&Z{zV%bL2bvbNm&WNYk3aBP*%SMBg_g|mVF~sMr}A0Bp#1f5b8qrk&5M#@ zLyCeuPr}WBBMa_zBtVbe|A%klB@NX*3^z3s)D3WqBqm9FEYB2ofGytA+eAdt`paKz zyb1$636d_(hQ71?p?rwZ%%4(oy2wkEbSr!!1@tq@@n2oFM-fEl@{J*t?i`yS zukd;!Uj~fA`kG9u4V>0V$KCaB% z5lT^z^6s9?#TzbKqxU{U)HsQ9qf7R)C(|UPg-N z&ef;j-m4eV{l5ETbwmsnxFb&-J$lp&vH=_x4CUdTh9SzlVB8Po(=XET9D%uy9^dKY zyK4$KMb*M}fQ8Tt!5r5uQPHV}!=H@rdS2tR*tg40&u!@XTMxPVkFSDAvZWyyl-KDzK`}XZgANxl`{>#0n%zUtK;xq7>wBtqi74=%p zzA8J4GN&GE}BYIr&sp_Zqm$>3p%%2X~dcDo5PE#xANbIAH?6Zl|w30YWD=Q zJ}!sl&jv|aFP-2N-?fJG0&RPV3PXA&Ie1P|viI6_T^FMlH}lZ{<9UfC?R(%n_48FX z`QV8wsh^4VSC{90NU_&^@fIh!-Jn>E`4@g}GgG#c9j|Ru_+p2S9(+#?lS1l^g7mC3 zpm#VUT(PSlSvGR{*};gu@3ozN+aNn@*&@7-xCj_RiA*HoNk_7qzEte4=Q}a*(S~2PVso79B4PgderCJ) zT1?M{?M*}eFkaHn#*h>G7&H((oU+d`MU`=%le|4PDF{3q>z_6TkHHI@x4S=81!il; zr|)59@56a&<8JS<&us;T>WiB97QdX8g{$lEYYAu#suAX~_jNn)&-buW8Ew&kUga)* ze6S;d=2d;ccLw;2@qIBL*;+64->eF`?Q@*d64;;szpWD})s0VkSZ5ZBJLC|?+i@eM zpI%Z)>{6|l@7)30R4oc8?3^>yw#jnWk3WA?;StT_2!;0UfWE8dl}zV2r$IO6f%@vi z)qQXJkM$sX3dTXZYFoO9ga?na+8lhY2Y2Uv9C${`>p>Am;11$AxN#mf-P5@xXErr* z=&9W-|64YdIG_26PprHpSc*&C>R11WpkM|mMY?I+EYZWcy>@DkKl#tau6wNwBt5q4 zSM{=UfI$_fJiG)CuLQ>}3blO5;N^a{8C5#q4VCO6@ae})9ZaKBoPb@O7i95*_oDHKxKji3@rnj&L0!>?_%0SNGgYRMQSNzRUaG}6B;{)py!93eXAWd(@UKmAa%W7 znmCS`Nj|N&>Nila0H3R6K++#QsQ$Up(8k*Z{F87-5b~>K4UWx!`brtf5y24~7$b$m zUP;4Fd?%zgs?9KF2Qz|p+d!V+IFD}M?Xl6@r%-xnOzv`NRe)|hrBgp&5~n)PJlQ%~ z0e7Bo;Q%v(dxJIQ##&v!6uXvb$wQt@`=GT^kW>WR+YWZdBBPDM^Q}yGy{- z$vl63YL;Bxy|g+(80)pC1~ckuj|!GRzKZq%yS9i(J}4z@wM#sA^}tHt9$N9JR(Cbr zu1J!$A0LSKc-)>PjT#?F@OaW*%A_`0QWSarSY`E?YrumT=`((&x(Jad;UwlYV+2fz zur-UpeClzj+naL%3G%*W_ymb~bk|Tj5}Q9bh_=WG#81cPn$^K+B3_LPG2!yr{aEeN z!BFM-1gxMSpdujM3eszc)QBiZ@1YYLqDWDZUIpnSp|=n~r6^ShB-GGrNT?w|2%Hu6 z`#i7g^Ss~q#yDeq)Wnkz5=5_lHh zOR30tCa>VTnkOIHwr@-;Npn^1!k8)um^~Vvi%w@DDJ>EnD|ST;wSAU8P~8IXmOnCp z+gcx;fzuM!FVjB5`HptzXgW96YbwQzvCc=Ymj{MMt%jqG&D4>%(yxKDM&D;0y?n(> z%`XM3q+NTf*B|;bzH)d}N4IIt2D1LSB&{+<;9#;)0RL4840Eul;9EhfXVuiSFxI1DRu`phs@u&Dp@ z_2WM$;$vK`T0cuiO~l8#+P3CP6Bg#2cf7V|pO}g#fcSu2t)cg9e#3R=k-Ol%iD8#N z61^sQfh%0!@J3OyeiDO%nPb|+uqZCSr&Q4$COO+g4RYH)j2394S#kCQ1$8m5S0k#H z#+$65f`fpGi}U^ofEA!1P+|aME={$@m?5()UD_qU=Q{%s1f(-F0bREraAa;Y4xYF; zRb&R#+kzR!tmT6KDUhu}Pmh_{T*+ z4=R*JzHI_!jf%Dkr54FMz`zawS_5K$5UvBfn&S<)mZVu(S)C_Ft|g%XT$t?^Q}9-y z_I)hD+2(4}Kzd6ofV=DQ*hfAu*x&9Vyz{y;&O{!@8zZPSd)cSXkm&8cv{HwG*fS?z z?wED|2y{^3Uah!L%dtN4PHg$dxv(ifcn5B#gdC_Cc59Pv)1DHb08FMcB*<6I$L8m; z%mn&1J5M%P+-4RU`e6CJWzhQI#u%^~K?COoNJSMwj%~o;6^x=LfVf5U0d~y=M@L7$ z#RX*<&-rIdLGQAj%F_!CTl>3mfP*aXR%BLnW&rxKyxeAfknp z5fe0p@tCW+oXqPr^2$`BUtdE?{YvG({Kl+I_X=ty7WEA@uW*T(eUbNBxgo+Terth2 zr`ZDQCayt3FmUV5x-ck~KZ%aa`U6&MQ@mB^AvQ1Hg*eqPD9YA!_uP{YIs(=K{jp<- z#+QGJD3LB6~)2A!k%#{0I+#0 z@HNc&R820*mNH6u=)R!_=*`w%l;doi@JP(k69>K?%7nn1PLmnuYjlHR8wsRoVSUwb z?Ww3*IIv%S8!nK27x=w_^Z@5$K2h;!=KL!-x%UZw60?04NCqz@{^_*EV9$J17ZfYu zn$9@?daTa|wI;?T>Q*lrf*G}H#g^}HF4itIK&qiS>{h<(4@%XC@P?0&zUF$&e9Bt4 z9aI1*F@fxD)wX%QuGqeQ5aIYyHS%&+1D{XxwEG;02>`>FUDLbROy`sKuC3CkmD@pS zW6tj=0X@V!T-6!%VsE{6qP{f)aK;mepDNs@9|g`PAvV_zyUUk9zbfs2r7)TEx1` z#a*|~R^04Hg84sqSf@e!`LbBGNv5DMM7KTVUIKCHqhp-;iwYX&Jna;dP8R zZ~j28nTOO@(ovCOuyjx{>6NCn|eu4Am>5; zBkzSegB7;D^}P4WlQJclcwcb4o)fwT`kZvx9aM(Jf+iBfM+6<7)7EvDOzl8Cg*&^ zuUD8u>+3dZt0(+crZd)^8DVgiu z0EmW?y6KOJQvJP$U0Z<->lyTHPZxS?*LWc+%9E>4S)A`gi6&D*qL-e_ece;?p8EzM z2R9LVCnfMyht_JZ*sqC-Tb-{%c&@unsE3@o3NjMTsxQe1;E0$v?7D8VaF*0-=rGp+ zOw}ZOSDgT+YT%PZ>dXpv5;;jhHPuooNTTDd;mS#VD_QPrEVh%O32=yqD_acJp{KwQ zUEQt*Ow}HLvy|p&U&$3Vdm+V}neRW{DL-SQ$370SOb2(_N1N41pRPR*{lKU)W zJ;)<}X@cVEOD7At7bv)n(B$n*qti9wEKO5MR9y_*d+dYq$5~lXI}rLbo3PoC92pU& z+wSP{G)_}EP0efMcgvw=#EYjHOg7M7mj zjpbVXP|1j9#OAc1&nlyI(2Zc~MV-k(Tepv(nHojlyj&MU9{~dxxb6oU3W`U8FlizC z$?iqT7KzYi|EqsrHQ2eNU$v<3y=BL7EpfA5S;pR;P`1EvT>JA2@yRZoboG-h@znf8 zM`Ax}Lw@Zg`*IyuQs1pv8W3(F`-)U_e-6H?)d)a*e?@HBNMG~?wsR7evp49kpL<$L z7gqK}9SAy}?|Amg5>QQ*0^BJUtH^TjxYLBDDM)4|Y?d+JBX0$ZTmU%Z+3#TA03_V{ z8^a^5CQwnt=7u-Ho4-&DOy0nB&4d(C#mM%5=tre2S;h*z%^1HC1sc=^VN}}0jwVhNMk5J;#yyY zWwz}=Me$1h+BzwXY0(@?Zh*g0EUxkT4%BrZG$0k>b0tyqGuJy&uN7N*m0iiOpd5Ez z7;1!_6ADmmj+KFZTPoMz9HT|Ls$?Y~+Whyi`3_F$&-xZ{NY)~X@)}wu2Fw8g^gI!KVY{GV zH~2+`H_c|+bAC?7K%t4-5@4`KE<4y_;C)>8kzwCyjx z`~;`228{z&Nb{iG#4!dap+i7*MgpS%B18jtWL?Ru`bGF}TI+}L(NkAMF~*)67A=pTpF4zb?fKOEZ6q&oiN=>JdcWqAI_ zi_Cfx5`rE2$2lDA|Ht3|=WqUBc~k%CB2RPX=jU^s+WDgzWC&AJ_K)NL&Nuacbdk^W zYngMQ=824#Nnk3v#c45k=^um4gyrNTl|T3F8p4BZ2BoN(Mh- zV?vmWA$jll!&dutJ=@x~W89l?GyiL{ZPs?vdt1EsuX8?Ab1i>P4`v!V)=)htxwuty zkgik4F(HV{r*8>-eG@tcFjjZ7zsB88vz9gpMpyuAjo%LFwjE{Jtw%+ct#JA3*<|s= z&UBXQ%$d9*HjWb6Loku8SHhmUj@bU9*v6>q<_@-*9XG{j3CU^IcV)$QPHYDV^QLOp zjsTOmS^TK61@&iRb^mLM>qJXRZ$O9SDv@&8H?394nlT2?))&6NS5T}y^1IiVac<^D z^Ltum$>qcpg%&|Qm7P2V2j}h6y2BOh5T$D>wcG|3tON8&;at9u4$00cg5j!ae2BhN zSg*I2ZnO)*=ML@!5*K@+koxnoRW#Pbwu*k+0(NQa@^5zyzAS@m3w#I!7+qr1%33=d zbG@UF8!@HH(3USWK*?rGv^y8}-|x%t=&0!uUE8lg5M=N)DJBJqUpOiTV<}?$R4smR z$0^Gs{_BkLwCPd*fUe08tEYYTuNjoX5ZK|IMKeu8$f8!BKycXmJ?qx$%82r}y)gaG ziH9MSc6|wZq%CL5vfC8=)=cz;pf}Ez_s{zV$7F=RXz@`Fur?S> zel;#6F_qP>c5W;vP9m$Yy|>EklbOAd#(0a*r^`9q8pyRfsqrU|y(OlnS$JogN0d<` z(VSltaNm!+<751@Hd�#fg^1jrC;c&mfy_i%*dhCrrSOn{hJT4qSvJPlvgScV*}pxAc*lcd{V}Cz&gR z?ol2dpRc=1V=vmnFfHDGN}Q_c*b=|77n?J3g14(Q>aE*Trn&o5U-nja+#1*qY}XI1 zU#bzmT`03cX#C!~C+eKunc}1}6WhpO90^}Rrn1K%!(`S~jg>EX=7__NnR65EU;8SH z5v1m-%*Ak34M#KzOY*&LU3%n=Xz8ak+c+bWvW9a^7ZLWF1#3~Ha2bVGlM~P~0XN?C zUl?xN*%#y7eZmetW(bdR1rqF*k^If?T$rpkNe2g^M1s^{0xZm{O)DM#9?d!`_J_yB zj!nZe(mQ4de@4y><;ydZ!;VGZE3v}rg-QYU*JPeLg&kbfG~-o7BrE;N`sq>R(}{vF zkP+P2@Xcb;Npf)fB(&fK6|Hs@QE{jY^GWdOn~I1PmwMjB%^Atem%hh8vwWUVdU>OL zOR1N0?%jmeag@|Gub*?9OLM%%ZUvU)CGAwc0nYb!;l49&+HtPB1rGpWdf&s#mWiR!Td~K%A`d`6%Vv24A)zDifz!-v*07M*Yy} zJ67@&^Wfx~5qe1}RCh{&1M4BEN`k(AfDVDA#m8Ydu8n^vHB^}rO&ed?L#VPhs&+#O zXmY1RJ<@5%}V~b3Jq_-kvCVYd;8|^tLYO9%!wnnq*HYj_w(*B9@QJ^e;4? z^O@<@D>3@%M1uaf>nFitg+M2e;-a9SJe~>YsFozzUy*@_` z5`vXxnNj3bzvh%)>@6+I-X~EaytC_GO~~yb1-8v@tg*dOX~_Ymy;$in$F<|v(ZZY# zfj`9(nmEZts58)LrRpo{!mj(X=W@Gxj}(|BHG9Ke`nYK?8KuW>bdBm+y{a-@3#hNs zg_P4Sw@;zi^i$V%A^RtrPe*C;mY7vGW$J)vkT9ctYpwryjaFkCbu{kjYC-?OSw-VP z6fDEhvJLOE7n9?sZI9_y*b#dAFHQ?NRfD>W-#mcIHhsk-MD%)5?`_OlRsj*oZGG9= zs+GrLDYB)v$U0R%S`x(aV!30#9`FTqzPM-ZBJCIT4Rce+R{GM}nVTkovZz#N5+Gbm zY6uh7BVxJEb@`@Y_Pq0w#zu`iGZBopbkX?`bOpWUB3#Gqx-OJV{==`tu2^9j0x>K( zKeITaepS`GipcrwX_;db-SV>xs+yj^*$) z?|rW4^zQBlAS1fpCh4gJnh_*2W!}KGp+3>lti{vQv#d2y-j-&HVhV~2wG<(NhsniW zO9B~ES%5V-lTaFH3);HLfHqAyp2^`r26LY+zdH01&I8<=jpS6N3`zsjeuM>DuNIU& zUAwR#jJ&C3O|RtaO>7JkMp4fkEHTT`zZ`z8-=8%lb)-blBk_}(Bdof^y1YsGC&K*6PXS{e;f;aJ+VRV;NuaQi+VU0cg;|K)#h zK3IF6q(NOAyK=8W*d1}>_UG`IoRr|k)ZjhFYpNK*%(m4l_XODo<_uGI-=$+2hlw=#aFLqrrJ{*!v(`Y?+%nzl6@vfEup|ZrU+(>&rXB(mO=rp zpTKkiMSbvn&b^?c$Z{eWzpg^oN1GUSJ?+(RiIu(cGDrxL_FP7*cl`2^2C=8{`=K=5 z+GTjQj?{fWCCy*8Dje4<9N!Cd%^}mSLL@wW53FSvscwFgQzaOXUZk)43wDuZE}IWX zaJNJ`YA1_F$#QmXcv*Wgg1qzRGVk_Xzxi1x8~;*9php0@y06Q#!01~ghhT_qlEE$R zs;)b`(Grme0jv7T=iYt~AztLftSH+HiHK+!LP4k@{iMuLv-d5&C;B-^bdh7ajAEb4 z_ZAtY75qDQo{OuSCn|m=?wA-g#gX8_EEHI^iHf05wRWey4ernR`f`7k64gcsQt)a9 zv_uE8o=#wP9xwd`po(2cJ!7^c`{e4)^(Kl>mOYP;Kh7~dj7JvFC&f7*lBO1UacE%? zo)lwg*PZv3PwJ(0gDl98Ul^6BN7Fj9^w!71!@7oIZerRhMZsLOY7-FS5(eCrR#e#_ zYCuiMIK8MbN;rpzCFYfi`^Pm`wD_Da0r4k)X^`*$E%dem3UQ}$ISRY} zpca%==z+-|iy+JOpi_*~F!`ww4ulv$U1WFG~I4Sny&Zd|Kp~$RQU*9~|3TZL1c%PFj zV~mqA(1Tlv?wHtRN3Ycy#jmg}O;>t>)}NUJ4!CsCM$Gygd)T2UghU*pMQZSA_pdW> z_l+@7vPlD|-6ao7KRmfgui-GOIlY!rKFJrtqj>9G)yB0mc1it*#40m26J-0&_;7Se zDMZWF`Lln2HH>+HL#$ip0QA&AlyFJ*VbTL&Fw`{(ppj)9_0yR<`!Q|%<`v^*AfQPW z9)Ml5Ri2=5g-`JCwq>ke;S}4FcF`}S?wGKmOWy$TvQ=&)-4Y*>;}-YzEz z&{fbDfEj?s)@QwYT5mP_n76Yx3)S?R=5wzEO<)s#;eSLo$iZ+UCbSWeqp$J@I&R*p zPtv}~vW4A2_*(;gIwR@Ww-phi68-yA?7ex;;S!?HCg0gw-iD5D5SmPZ7t7GP`G>K#R-==%r#f0Atk?Y#hT_ zJKMHK-kpz_X_0J=mj0e-F#J|QS(CRQP)k9km>rWk(we$Q({+6T7kSz4rPXoJHUPNv^e`4o zM5B1kq|E865yE|tg~BIImRdeT&kuA`#-X$Dr%&H(Zqgkwe%Mt`k!&K?hg9`~#l6qI zGz%16yeZ{MD@CBNHZzFW%nfF`u??j#dg-vP(|R#)|#kc#JgqG6e|&T?MdTUaGL0X!tt^>1v*tXy2g)$ zx7P>D{=Iwmdg!oX)hBHHlIp-(({<-2pLrD~S#F$VVOD!c<4uYvl{st%00?{i0EMb+ zq9u+De*~x%op7VX<7f`$CZa8IQqVRj z+ic(?#0&@Xu*tzE;gWWzGHNO{ci#GGjgBWn3W*sR88cn%MSbZ;j7`Q?FBwQ=1oS^R z0zxWqT8)`G0=u9n-&bxCh?AKE?*r^-UWrHQg4agfSZbk;r`+Qfx6ECfY;%M*^Gm^l z-Q!neU3aV)%)1k1wp&Y*^I}?Wb}WoGBqV-GNli__dwDI6>3lfr50||@=2KT&+f6RI z0W7j`E^X?He(Ocza4M5X%mQYlL*T2|Q&S(#!DWd+L68P|J;_>RiA(Y60}d|>3-)1H z9H0iyMi1=F5Sb6Q%1vk3za^G`S^c3OmPS0!0QF`Wu)=_HQBF^iZ^{|K&|T^WO@J3^ zh+2oZMw*s9^%Jw%3aGytSrB=Vpdw%l(6tpe4l^kR7?ybr18bB%N4;159CT_F>^L7E z3QRp|d1zFYHY|T69PUGom59A!UddbFQEswc=RJ38?*W_1)`XSi+Ga@*5)NU4{5CdY zpE261H|$E8lrl8f6Ye~mo^;$BBEAU<>KJ2J&caO zm`WE{H4xj{-yw~9$V~jZ*tV;~B26`0|K~B#L-nIK&HGM6=mlhGl9Z#F{OZH27)BTL z9eHgApM?agGp6k#wc7&zehX}KX8N;IRTT|XN9#k~)6L|WJbFOZ)Gu`~_358|*%P@q z-k5!FX%cCVRRh#tTP?L&6T93OFJD5Ivbb64^v89Avq!1|0|U9GtZkreJI5OHMa1y% zm9@o6z?=4N zgfNVlICy1vV{x3H@T_!ywoR7}944oCvKox~m5PzcYGFq+*@ygSP#&J4SNm6hj#9JE zg$n3XW^lTVc;Au|nz$laSDoZVZZFL6rg`D~=f;|^0b8-om+T7Bc>@Xx3h)~Ud~O&7 zXx7d*?8Ml>l{ZzP@4-eKpcs(d$pq;o)I!DR{2`7Q>_Nlp=GiO+VECWZG3_6~@=n}be05PAq*vUsC znmmM_|EkusK2QbSy}>&D1{5+zm%*MjBT?Q*Muesm{MT?1_ydPv;7ghj@ezas(6Q#f z4_OaN(YwzXoSYQLWYC;u3TRH4UGc_;hs|kETH_7b6;_i$?K|5m$zN%Q@_+jj4o8GQ z8vFhr^WSI7p*zY9Cfv;L{^M}s+{WT|ez)fTFDC4KAVBV?^!fplg&=9yJp^7~*)<@t zaWR4dm6UvZq|Z6!P`BTQA`XYM{w**+1AFLf(6a?>;W5KZz@|f(2~(fOZX4nK>!WJY z%KK~llz_?gKaOW43UhPrG^1}%to%8xqWB*wI1YbslpyA?D$H1D=0k-91O!OybsX3M zj&Gm#8A(*ZPSIlB%}0*e?s#Q70dYNe4ViBd|`ur~Ie#hM7Ug!Sf$InYRCEDApOQ3ZP+| z9$OzfkBmMrR_yw9=FT$MjCX(b0nTy>N6&HGra7`rp@9;tw+W`jd=k4HR7CBQh$`Dy zvk*w^E_Y1tcrMRKBw(1Z4jAa<5=G0F87zxjpzR20@fKdydw#WU6&Cm+h^4 zFL=)%09jEMO#Kk<@uK$*8yvZ<#rrRIp42csq|w)Hy4l(-VofuVu)U(*m!OjsNnCSy zlkF*;3Z#*@|Bh_`7*0;3ymFq}=0I}n5+T(1@q*gNJU@^Ia2{WN;om=>T4G1c1--?l zLd>v`R3$dx7I_OSs~I5vrGbu_w*lkX1s^TRj5B*TtnUSY;rPt>16BOVi43n>sEhY< z+3>Yhw`K}&2%&cRFro^WMN|pfE*GAXxt=9RvCrBQEMr9$G+WjWQl)|7Khx_^RMrl0 zVS9k~2Q4b5Zc(!@IO_G^$f)LKn|q&9;n&%bC4%TmIZ_C3z(9Fv zl~nwFnW?aU|M@#8j5r==4&)&`=P#{6yZ$e1mtIpAJuJ)Jy?)T7Nr5d#Y!OgR0;$U{ ze)FzL#+Xa&j#D}zO)uKuA5+A*V;jfq)-hFQ9&}^YEzY9ICVhX&wT6r8?J5q(oG$sQZx>bcIK(Wd z%J%HIj-Ow9U4BgezL@TsPjbpKr+dD=Lz7aiVDDEH_fD!}P+z@B{PFqa92Y+QD@##! z8+Ik~Jn^j{6Vdyk)gPtY5 zYinDEDXkg@o<6y~OP(_j`t%`=$d%wo3=HQSE<#7Vk+$!$^BsvhtQ!UM7zxy z$*PjmVI+|qgU?BPetB7cPQlTpzS%J9R7sc>aK2U!!GFr)2TdqvH0P+{sJ%3PKZO3E zy{viQOa}H7R9ZgV0d+EIPy}{+ir5TZ^83?n&ul(j{;d1+b?c$F1K-mwFJ|FP0glm8 zdM2*O+@gP;oGW#FXu3J&ehb|p4p*`Yfh;}J?0ax3-TrMh#*yw^g}auW4Zr7@LGD|y6o30Ub&+UuNc3CEkF#cgnpmD&x~P_mkq}zC!^By{N%*M#6Vs60oX7* zd83ltc+2<;m-8s|&6(C@3f#M29M|G&QC;;Q>j8*rj~DSBq`k(OmRI?`yi`$BPw&n3 zq}waI{wPfr534J-h-z(E_JdS7=w#TxHO!*Q#+Q^>GYak&59L51H#IZJ2XT$kZ_~#~ z$zT2Uj&msv;FNdEzs~eiu#bXOIxh1S;gCDHe>)ajjIeE-ZZ~h}^(3?=6r5`YTi9R^AWtIB- zE$_N16XCFzhGCD#M=EMv%F|yt9zhOg-do((jVEF>7?T9U1p9!vM-#mMGJWRcuTb6# z5i-0zo|K!ZN{yQtU%^U{xUBX|`8KgMwpqs=Tosm-9(?KH*dFBPtdVM2d{FgG&D^`r z6B*Vyvtrd_Qnr>tUs6~hqas(2_PW>nJ8osy^u2Yq{<$zUTh8W$9)E1~>e@&Y z2G0~<1G2kt<`Xqu1@$L>U{93x%zxc-RKWheWH54)+&t8=GJPw%&*qsWGU)xK8VV#Y zb3;f9w0jBRe4p9jdyqx=;=Fl=eNWXzbpaQCPQDbfvuR{~Hsf(h&{E(z4voUctuxn; zE#(OVI(fer%HbaUOUm)`KI`-k%H@>x%v3}{+-{Sg-paeFeFR7d(UtS)sN0U2`S(iz zH$&)8T;rA$FcI~sy(1BLnNSLA#tWVs)TTpwvxCs`XE+rOW|HQLM5v$wBkoH45IJQ)$VM_3`Y=$nrMzx>E``=)P2j9gskWN+^KI?cWxv^TyS z_IT>}g(SLPe96(2Um6qAyP{gpB~|ai1pl&X!dnm5N-k>YV-+9aB=1Sv@3@ltVcRZS zTbBuMYlj!EApZ<`-?VSY^us~k9%Bw#orVfz^I$eL4_ET4H8E8?L!_-fJK{?vwk|a| z`?^YJspE_F;6HU9``)8}?>jE{IC|njw$mKlq)RO`2;o&($q_h>B*RKfKKyjpH80GS zS?h{Cwfs>@EJRzs-(vTdLeYD3tkC&r9i#OyoE7U99W0|t zziq$4&cX8L(54I%iLg{pLJ5TMWPy~O31^%6p1BWzpNJ;TBqOy;Yc7^o$aU{HqN?4+ zfPYGauzVI!jZK9OU=qxF=B$W>%IcobRr@u-8w1U9c9l`R=<**gs#A2QlJ^V2de_a2 zQ7DzWJq zq0i|92Q*0-d%;=rrlgG7D#gR`DpQzW4=2Q%T^9V}w%!;kd(Y#vjJsy)xPXbrU1oa% zvYJ?y*V2igx6+>#us+uF$ar49G*YWO-Hb1-%et8B?Yxztg%j-OkLl7F9CjSZI8srONvke?xa>gAnZ^`Lci%I z7aIfie51H4B^|@iYBrV#REN@)#Ux?9o)G?&TWlWdyl?8cY0-aDm+ zbaGW#mExes=daCH(c>fZ5rT6nd9WImsuWVt7oMTs{zE4fbl^Z|>P@!BO4~+)vT6=+ z1+gafm#gfFXSP)Wxdk)90XRb@lX=?|V_svtmptTWbN1Xh3D5b{7zV!Pxe#cmF(4`F zNVJ2N&f&3vL_d#UY!#opk4w?r3qoN3|Jy@Q5dQ=KxEt=Y@R_q zvo+fsP=o9@q7SA;ZY-Id)}AxeM+%A&tmdjdD@D9(lx^48WybO@yV2G0=`7cs&JVswJ=g9LQS!^S=@FE3ym zE42(L__nKkbD2P(-fH4};_@GO>jgP^ z^tgrYZ}(DG4qzj3m7_~)5h&2whD4~L2L&#V05W&)W*>ZQZ4H3;$21*v1y0Y+&7pzR zU*p3EA958CI$3{z%_ao!J@2u0wcI@0w}6`rz&#ZSJ4fIQa1=nuclb5w+K5?V!k6rw zWqk1Qr!^~boe&Nado|m}o4QA607fP1qYb*5VLlK0MbfR zj2nJ0yIit@<4Od;0mUZhl7U+M&OikmLWi2=3lo2f zS15p*(XtwN7*v-@0=0`E98dfdi8QfqvzU-*DzkV&Ki8mHFv%lp9i*8kGp_!3)FqOAfEMk57&}NfJI^1w|8?`TlkPjew}%mX(`97eThtZb zQz&6k?*^y=_?Vf*o_cR8DaQcWyG|}8Gm*;Q`>;8s@p+X+^HIf6K9ts+UM)zMed!Z; zdc4(o^L25po(9#-v2*OQdLJuC4XhDftWJa@Dn58`AN2vL`lOqx!JK#<<< z7~T^n(xvFj2EYn|53%7aul?nXCPq^j=&CUu%H5pP#>EZ^V~Tg0v#x$#2j%$QQQ-0d z0o6M9si9kbz~jW`*N~z6On*=m&%CywHC7=IE<`-$0pm zfRC1zR>tqW;Y7LqD-`{9W4rz{6aMj=;u~ZhhZ-&&?kii#Lh{iq)8)Q{o8Gqpe31_E zqquv6HUx3N0po@U4H(jm{y!n_QNpJCDd-abX?iBSO`QMYv5f})>nh4hIv{{g|7`gc zlO}k7ZU+kMWdFp??6<)1_aEInyW zlfl>jZ|U#P4#~I+7;K%AwO~(Yz&mrbT%nPCq#AG2U{+<1xGc7m?>`hij>RkRP@tRU)zb-G2iz78ccl2E|r% zO;^9Yhvt4r)-sfcJ0%*0iz1q~OIIGpUCbCgThgXqc<_S$H1z@=3cMKqebkJz_VA{PAd>Vk*UI(Jdz{Fib#OMj$Mr_G zrVSo0E3zRtXV50LWdZ$rOb+rI832kw*Zi+T_ku_73`ptZaS>XFIcM~$6O_ zJJ;6^F1iTpnAlqv^7A_uc^k&PjFli*MGSzV1it9Bob8FAuc#Z9FO{{%7aDjU+E&jv z?B+Z8lxVu?Vom&UvezF!tyy0TFL)iOs&LC5B8$eo-OA1U^-v__Lw2P!%)-ZAo6dKq zbIROmM58&!MbQuAoS*oE4XF*u*p@D0^+zy*JP0m5o_j+h5fu z*3Ul$Zca~Oz2xaZx@>(rA zIN%jm;A7%nE9YAO=gMMxM(gzT?KPr2z;So+h3)6VnQ~qc}ldW z+1#8XC29K1I)p{gw{Uy4ptbDld8N{4>toL3*Y-Uo&#eS}Uw(uvXsz0Bz52~Qs4D){ zu;TDRKAc`lynBR@p$?l*a7PEPD1Zr>a+77EcloWlca9#9EHP1`9XT2~S(S#ZGNNKD z30YK~*5&JOjJkjN&v9kMejLXZcgk4OrF~M;v$L~ za}{k#D%V~8OFYRHY1DVUSb3vhqBlN;>VPsojjW(e0YN>nFc9SZGt=JGPtvZI%p3|3 zmT`by6ff=QpvYJb?=3~t9ga^@@avss%z@2Yek3E&TiOgq zy(86ZV@AVlAKAa>sxtyMm zWmirAWzG4+E6$<%h3eY$b`J-qLksT_+6N%{M#2qAXczv4y8A7?f-IGIgEaY(b-Sxa zV+pCT+;HBsU)6`Q3;-kDp6$6mo%0&DG`4Hz%R}38(umy`gB8bQZsh)_cmehZe*p($ zAU4rZpu??UBbU1-bXI(q{C^^|+ZtL3l_n>A;&`gAL62s=p7gM`o|Ex5U(s13*jgho zkwJ+E36+}~)RATTR=Fr4lT=$4>!FOe2uw<`sE@Jm4~qdX4>}E&;If4mPH>>!w%C%! zuc{TbeU!`~SG%iG=chKt6W3#J7%PR0lv;Yt{5T=*A;~t=aIU=f zV`;2W_YyRsZFo+C)S$+iDY#^nCqtO~a%82v@J5!>QQ76- z@Hp=-f)+7hh?dAP?Bgf6>!4uiQ*}mconFlc$wJzF(n|LFTW754iA|NyPd``dQ~Xmm zWPieS?=H>p9KKQt-hS_RhJ8?F_e@JZWx${i?sGAD>jo8>SaNy_l_pPhBbCdn{}RW0 z*?f)-Fg>{C_AHh~LuKLak?+M`FJk5UG*h{he`L5E@-gO#P)NJ*GIolERH4S`t$ZfD z(d^E+QP-QEXq1G>_OqAFp8EU)!m+$qh%H{s6X$S>2|D4Y4Gb8I0}p~8qg8%e8C=H2 z1sO5F7yyOX4Bt&Pe(Rhh>{QSVkhLywMKV#zI7NrT!mU#(5Y&<#*v1oO>j2=vG{+H0# zA;ErlBjv{N!?mq*PpMIVoy62ltBlO8FN@eD6nWaLT@ z1;=xhhF;50m6YaP7%9D!tZs+%Ak^_`RBqn4jg?lo@Vfr>dBs1tiY~x650G>nNF_g4 zoQ0zvZE4lL{__%tN2TH*X<54U)El;we5G5IP!g&~glyd=FbKCzz*u?&i&%*fuEIA5 zHE9=m7bz@}YPhRJPFb3lt8ZZa>$DrMtLrthEHrW~OqDgmT26Ts4zxXJkYDSI@8OZH zR_o87VT8D|37$ZR!bnH^aF=Vp0OlLt=o8)ddV-2NL2${DmuFam1v*@n2p zO<*-s%O~yI9rMv2fK+EoJm$<+Bunku&#nN4d+VngmWrdap4lyg3ZSXlr3nhxD{wp* zR4BEUfHz0$qa%3EY?{Q9{~Mw}MN)kpJ#t;yk|_DwtZ1PXuQ0i6CPRpE%@^~nkdh?D zDK?<`y_%=7YdXUqd(?k0C@6O0G-J{B*DVQojR^Y5SnBjXk&p!-023LH`Wf@JTO7ur z82TxjMi>&PQV|N{F-yac68P?=4TN*X+e}k)#^#S{oa8?vzww%y$T^naDLdeGLmSz2 zq4SZ}(7#k@=>|gdlkQKAmCW7}lEk#_6UBWLVa6p5?xx%b79)~sKGOfm@rT$l_^j?n z7+$Hny?+Oe@tjxIU>?+#fwZfT6C>wUL;wuK{9o)xDMakX|XMu)p*AWu{s# zq7|s+{57#-9*D+K4|CCRR_+vswD7LfQX-}=`7pjc=+}#1wOWtnb#9uH%4|`$KO#c- z4!3_y!*ed0kiTdZmpvmVg@)2||5DHmp;QMoblt#cEY)BB&{UYO^r!XZ!CEcOvWrpQ z8cHFP(nlBBVsno=D4<2}J!}Y7b$Qz2zH-~b$Moy4N|MvjVqerm-F*o0R7%Z;rd6dc zgz60~g(11%bxGx-oPIyoFRKblq+D;7#F`3#DkDcoKW&h$#16D)X zM4US$`!Op7wfu$X$#A#tTgmB5;$r7l$UO;M=+~B7^h?yOeNGn6c3-uawO#<&P)SCN zIY5^+=e$6@Hye29$@}$p=W9C7j1XwR7(z2_8UJiI>zsLdgRJw&E5N)?mP8uo_?8!} zEOU3|^eibWnbqUeI(F*~_^%Z_k?~&6j0M&pOlt@|(J*NxeuSJFTOzCa4F!JSYeEyW zLcRR)1IxtQyS_N5zOryYJqO-3jpM3oF;=ZvF%9u_KzDmu`^IC|wH?%Pr~nr2!Hu+y zEAwlpJ+Mkrzydp670iEIs+FAz>ko%KXZN!HidLqMquVv-(&+0ni&!pyed@b$?X^AD z2k(EeWg;atNI@$|vE8^ZIWDC=T>U*36MNu%h=-D6Uy2i{SO=S}dSXsvi2eYw_9Jab zL*;uW)OdM)uDHV+*;85KD|VtJ%mbhH1NIFNby#C>6lKIpI3}wiEqlXnpVMXiF2C|7 zsA5eT-%uJ1l$sf>^&uGnwu6#Lm<*IdkPVm95(gx}r(3RZ-1fM@8l)T;c&XDHX^4D5 zA0@9P^GRm)jKN=7LxPJ#*o4kw&Ci+%z}BMRy-;KB(0ovMU6dj;&a~jGC+%UpcD#WH zvtd`APXmb^)Yz5N_Onpdz~!N}H+yW1(8hO)x=e#sZ#S8tU{$4e@M$EdlMk==KtkKP z)O5>!VqN2pbyZyDht%U0ZKn5SMC9}fO>{C6f|II+jKx0S36Dm;59?vyW&{0$LEr^x z3TOlL0H&v4qc^Z`QLIif;BsE8bydkh^%X;B$m|=;!nX`a@}7=m%$UkO(b>;%oJO~Q zg~Id*!qD6&E12)njO9qIJtJ4*RmOTZI z$2$wss#Zr_Wv6%@0VmsrI&z3xe8Q9g8f-8-tPeOwGA82C?m)Wdv!Nv8H1w>(jq+tT zgAUBILRih`LDDAsX$#2U`bMRA3K=9q;50B9Yqv;4&mIT_HgvYXlAp%{V;k?h2Uh`c z*{r?2omf}e3j<0cWsOW?JaPGH+bEfA9~SqOuIWfuI{L5O#;zfkfyhfQE1>fR z#MziG_jZ^O@6l29@-hv&X7<2_Ut^3&su|*1X@O;x)APbORzv_OWR#w-78vOI(OS2b z=~Zf#ivTG=!(BzcPqH+YksN8)rn@oy$N8|?hwt8du;u+@lG6DoQ>7f<+?CVSlx?;I zh+LLcxBWvS9p7f#EX8M4`R}e$P_=DY(677ult|))R5|Ej`+Yuvt*lOwqcw!pW>)e| z9NsT@QpTy~Foml*P7pOJqq20h6{bN&@_LAvWQi;gnhXVNO|d1}6YlH5Q}@ZeR@f6i zkp0f`4xX1v3!8tI$yw^MuYD;?N9!*SI(N+w*n@I9;vYFVNIpm^t5{%&T({g7x8=0D zH)ZQ;JGL0{ex7P7^ZNek+tR@J_3)-oUDoHr3t!m8@Ng)wwXda2wI4JsJ`37mmK~mY zCM`%aPGWVIhjxvdHDF%)u`f=BdGNx!iRm-5mzI0$hJpzc(()}5mRtL(3dhTM4f?01JbDT`gl}X!;Ak#*Ly}axpnK`+lr!yihzQEii&_V0qLNipj0U#NR{53 zbV9%aB1jRC-lezDYk-JI?;Qe!-U&Sf2qFKK{XFOFecmx%J~-UlF+}dHd#$y-^2f7ZYUin{P9t5OL$aFmj zD@f%eq}v<}0J%76@AZr48p*z=s%QzQRsjpT~hsF5h$XOc+sf>m-9f`tp2N4tVE{YTqM z0$y+J&g~}`*aOv=P^tM^-N(rx$!u5M@)eVxBtF`_OBo`+7@274H}=~+Xd_VcPH$UA zbs%dRk>n~vmW``c0+H(x7>MDH?mzieU?T3M`}_bc5zT3rcWhOmx>k`x%@z1i$&N61 zE7czAomyO|0ojmH5U8;RLP5!AoJt>val2}Mp1}pie9*hw0R$h-|q|8o=!nDe*GCXmfGQf3Hl2tdF8%Z9RO+Ho3*!FN*8arjDp5ryGb7o;}jZD@X zJGBZV!5xJbsz@{uFxl4cAY<{BQ?s8&ac9opfRUAa@u?wamH?V!wo^3sMcR%+zx=nQ z9DuJpOfYrxG_keU1xs>o4osfcRCKVGK!iI~3aE(6_Vxg#vWkIi4w0EzX`yH--AQLf z3nIWpf!h`|oRN)N4ujm(%%j&CTN1+n9Cx88@IMJz9PjM*DBIt5QWCI4YmAj9OYML0 zu##?KOCBVA+$fhIEy@J{*dlP`J?zGc<|#HI|cR@5l4B7 ze0r8b0bi3u)BfKrOV=x!X0%aiyGH48h0f4-#f*E6Ih=}|OIqXFrJrktIXQUNDAvAh zZwrDE8T*r=PONJ66_KtNwU_?9%w#=zZTmd>Cl9d=5mNvbEafnsKmY z8bP}J^m*2l`lx z#Cx2VUv4e~RHc#suY4z?P2#zpwuNs}71vZPb&xG*o-^>(`*|5l3lz=aY62QW=@$8D zQCi8bb0l)6-%BnbhRnGgB7+!2`j3KOW6YlW%cL+KyvdxE%9VcRcVlTnJaHPB?y>tH&qVKEw2TTsDgV48J66~x0XEv2HN>CL zwtqTSh{S^;;+IyMRXz4ly0S+pT#1__mona4Ej^FcKM+vEUm+?n+n*Sbmr4az%Cu)! zp^^aEe9oiS=ntFXT@iJ#=NK&%y+&UoB(oE^zqnc7k}t{6wVv+0b8w5u;QEH2f|UNc z?rAQxk(OcHDR_TFc=j>)?pIsJQJ)kabGUEgb2J%4wFr?F9dfu1S{KjD)C)y4sPXa+ zr2|3FaZhV`bd2qGsXk8`*Y+%D{Ze#PxhIdFdi{x=^iL{kFWK{g| zwQkDdK0JGl!vmwwk=u{U?>1PpGPR;tIQEA4NN1?qHJ7U%TpKFWA1=IvI;K31t)0i~ zO4X@OTG>id4f{d6EYbdmw^i;);Kdry;OX74W2(%h zY+X@A-G2#b7ImW+XM_IKx+PemU(utJip}vGRiD|ma8rVz{Jh)%ydfm*hIgbr@9Q=l zzYQU|F;Tj06{=ScH%j?zxk>!=Rea*&;)D5b`NiHO3)|So$ggB_RBwYj2QZ<(2)_#~ z<=QnS0TRUZ*iun?Mr&x8&rX}X>l8>2N?q&`Qjg|Nq-D5n1npFzR*WRHM{5fSqx-^SH z$SNI}2*sSLqNRMi#bW*uxa(TCHSWXn=KE}8pFA=M>5Lohl_TwK57e3+4iz6Ka)j~Z zNyJpF@DFr~n_+YyHB=LY;&)x7?gUHR#>Y*f`&Fwm+Pi6xU2DtY{a8&@tmNMJ!3B3S z(_EiqPbIi6l|FZ7i#6?F@_2}~Q6WpY+frZEIk2vR{??oM>ngzVdg$3@>icxEmJ2Ey z7gUQspZ+G2_>|``lDD{zx9dni+|u34py=qb_DoRv^9HmP4T{U@p4!=d*68lRcAr_a zKE@G(gciJF&~?Mc>GFUt zu5Gqr`28-1DZ{~BAfOgPYr({5%ak$G)-y2n$S;J&6q<&L<0jpNWjil4?|h9d{JsK` zVs=!Cfg7J1hrMv)?a*t(JvnJVjvbb5(xa|0m~n094R_^b*5=H}3%~sZ_dy1T!z5Ch zA6C`pqs9v_zO+~0+M|_ENDal*DXF%dng0g@k-@&l?H770b6TSN6|g;wK zTbC}BA=;`b5AVIWt0OVE99zaLM14+Rc{(A&kW$Gz?U{2`rnbRmbXVG^(_%+|^C?=t z-)QOd!gP+W235^KYLLx)fJ`*WKZL;fS~J(+3oQ{U(TjBwl1;c3G#@mr#h|&kYQ0By z`sm=@&JEkqs@Hj%@H{#$9rWD;kSMg$NS(F1K9+7!2E#ujrPK)1#64ZZPWgPOt*ayF zULga$!R2HS%zU&<7yX@8mFlg^tvua2Z;CD3+Mvr+i6tiy4$+@W;lQmX5^VEBQ5u5w$<7v-hM<*S_)r~r# z4e|duFoC96%?g4*4NO10_r!(J@R5(bCBB7gemv$C1yuK`J`!HjIrAkIQ3gd*kJn0=|Q zS$>DcUS6h1m8C8xPcTkDTFBtASJt$aVt0O{2eIl^Z)8*IePMkQQyyn^R;l+X>ZzyC zD=rT)g+IGF12SEgi6t^p{c>X{X3=hNPyeD3}Ae-y(%k{&q0&zT3DbLIi)}3iVR^_v|=?)ICAM^kR4Ni5`})-GBUP*u&{WzuO?JU(JlH^@5`g26wVFtbGTs( z!suo7rJC{~Cj$i>921M^rxiH8LFY5wcJY%hX3e zlz8@;Tu$6I3iBitLUY@HIa-k%0zEgN_v_ma+Mn~}^t@UlehKMUTQa)>#tc)gU%?_T zB}FFLZ+jZ-zs3HbT24A9@ryjoD;0nvbwPN0Gp-k6wV%f=F9y(A&d>`e zf6jxk8-c&?k}t56TCpxldewP3a~l z`X`~TSP8_z7LuJTk2}vHvTnOgr0!$ImdDH)(Q{;Fl|q6QZhNDeEqNduNM5WdaO#Yi zJu!yBQ?K}j07g@L3qP9}M6Al>e>}3pZ;qA9)xmINi5YfV!Es|k#JcL}6x_-9+2Ky; z+Ah!HxX@jV+}qG?N#GU)$pe4C0l=80`H`?O0OY;p#w}N}@MtmM2M2CxIY4pAmGKYJ zt~bgUMqC=0@Yvn!{(5bAI~cb5PYK|VrYk?nyu#~Xe_}BqvUDiFzuj&UdEQe&s(SX* zzLZX3V*Vksd{jmb3^~Xd?YuW=2|H$<8joyZ%?n|AuXZ@n3Iu4NTO%}vrRCK8+o?`4 zGhud;bZ&j8bTWM=i=wK=2t-f(xkw}6ynHoL+@pWx+y};A0|r=gc!niWC)+uyi!w?4 zr8-+rZ=eq|B<*CN+(MJ$5GK0&(2Q%uc89R4*T(Arf>MvSc8i1ZGEZ9WL2&RttyS>2z96!>|cV&3tw ztjWaXX8fcqt#tW61QEo%__4MHdTFt$$)0ed>yk?wshnr;bu^orUbjZ|rWm~9JO$+M z8%#&-)Ng}@A(I5U;L94Rc|?I+PLbwCGv6ig`9MeZ=`kxumD8{MR1&WpnKcNz{0e-))MNc)T({1RE!Ay zAJ_`djh}ePGq?|-ig5N^?w%s@zSw1L)AdPw0tXcKmzbBJQE)k$XWHK$YFZ`#)R zv^W{M|IlF?UKNyu`21e#`aWj0Tf}dWn_q|wi4d#^DAdiP$TkeMzEy+&ZtxvS}g-rL5+ zpCK!50b$2-)t_axp0H6G+64Tb^|O@QLZ70eqdB0tHk*wtEIl=LB=b_3n=b&X45mCk zbFOad6No`Iof^E#vv?rrZSs%P-QkokmPhZ)=-yW6&I?Saa5|O0N-pWMhckz|8QeoR zch;ACQMTpW#@r$1VR`#C=#2M5K-DTfE2JrVJe-Roc}hp(bl|c{=i9mg&j{v6u`){f zT(gfoaIv}j#x21hNWyfz<#(vJTM${iXujI@;NCsyL{ZmXb(JBFtnS1_{pnQ^G8Gr> zlXZuikg0l-IvK3Q{_Lo~*jNtenm|A&&`3|qev6?=|6(tfLtKC9O6#I4GoF>LKX9?# z&MwMwcFlQKHXz`&MA6zx8`EX_l6TLGi0Pt@8csr|cK^@;n8!zZsv;S5<}ADiYEa&I z@GzeUSSFSLLL>I|r2A`_t1#*PAClc3Fd0AqKi+pLRPhxdGJ1S$SHN~yak9pxQfBLm z$kONY^%;N-foArZ@uR2lb`ug3pf1bg(kpq<^i3+C&$#8G#;6eRWT!-&Kuy z0v7KodFGAQYTw=#cklHM{~%(o6!)~8vpZ|S+9aWTiUlsvg)KMw!!rJ7sZkHG4T$vy zDAEdGYwe-Di5e(im0i|duM0YGsk9hV)2ne-x<3EEij=>&zZAjI=}1a^^Or`py}dXo zL3j%=H4zgw+V6M0rmGOTr`&>zpN3QP3@{vZ(M1y9Wq6O$EOZ)j?GgSesQx_dSvU=|qWRY^9c6+A3kxL_@h$vVIcPYBJklO$9 z;`rRKS#B>BDBzK{zYp_Jgl@Z~s<|se@FPny8i34T1|3ur6)Dh4Wl9k$T$DWqgM)_} z%|eABl3?Hqi%;1Z0-%nms;X-5Er3Ucg~FIo_q;C(v62%3JpsFBy`s8-REK|P2~x24 zYvF|YoXvb&zRhIKw29vaavwGWTshgFEWt){b#6sm0d2rYj3!s30<;LR}}DH+Cf z;%<+wWpAUosGKO80isMsTS)I?vYDwCo`ARHMC)ZEYvlqs*^lC0ov=DYS zEr_n`KcY6pevWJkXDN$hh&!H}Tp#&}QA2j}X%~q|OA%ojPCjTFp*}~B#e`ul(d_ZM zlGe>)u>?$>{Rl!2UE`8Rbl>q0q=$k~f&tJA83xUch0Ym$lX-nA27zAfjn_aXBi)s3 zZwAdKfMyA#QrQ;yGgfRPN~gv-huE_9M=|5*02gCv0Fsu^_nbv{#6bCz++z<8870Sm zVO-Ufx;m}T(=dNEkK)_J&t7^?wjF_+$l+&F2Jg5rrsZ}e2r+oeBwAJpjJ}?N1c@$| zq+slL8gmwj%NXyOAZ(xVX=a{@upp(;rx*4S^Nr!8$Gf>3lQp* zl0~8bUY{&Q=f`_IwBQ9Ue?iNM)}#>|CqVod^SR@OPq{E){`=}S;k*0EpYiVr9-HOX z!=t-#rnC5_e9l9{ef^$>>_-5-|GS>M^GO}7F3h2pY|a6LtB336@xuk`lXi{yoZH8X zo_wK`LM@zpG?L2$S(Rj+S*nbGc!EkPlNqeDW;WK?VzEFwqeQQvPvg~P_u5(_bB^97 z`1t4-)eh1P&to<=vn|hgQC+dQ^ZyaQm8qEku8;4bgNI33q_Nr z`pRCblci$&wL+}B_fPM>_(aZK1yhXu&B@Sco~-6zh8)ulx_uFkpVA+QgQ!;cu=yly z4e5kJqudH&J68Kvi9txShgo9Jswc^_#*PVlKy+Kf&)qTaF5@3*m7$g}fv(%zCCWG@ z0fn4Llh8k>2@v>>p6r;c+B>3GeuF&;dlxf+cVF3s%L#gqJU=uEgoM_<)p(+FULty- zY|(Z!2cb~0yqq)OS^J@KkytkJR^C$_B>!=XWo5VW=MHcu@67kiDpuDhJ`hm9g$1F@4LN{osWF+EU4GN&Dq+uG5gz;C8FQr`+c z!cP%h1(5*RBC7C*_z~la?t1S-!c~$5ctFZwMLId-dQ;T6IcT3HxGT@_cb7u_k-XcK zQziV&GY}{XV!N^_SiE|#;DB-E74Vsmxmf5>W})#!5p}akD1f-b3qc}AE)-QyJlG-U zZ-FL3F=rhW(-STAhbo#ggiR=pK~Q7<WlpwYvS)ymo_>4{)!}wB2YP13OgD+^JLTQC#t*6;(t5pR%WSU1-!U zWWQ-RVXeveg~#=0c;@dJw8%Bu&lG6wf-|=! z#NKx=ukM!CS$xLV~tAKc!imEv8 zhUEHYq1WM#i1jz)Pg~&dE$8IX%+u_WOhOD~;SSA{SHS8o>2|F4{ops2Jd}qjZKThX zuo`@{rW^HUrQdWN{sxX`{Y7VbU5P`|!bw;`k2>WBFKK?RKDqiHV zHLy1u|FHMRi^<>>2(kw1>1oez+M23N#caN<8{DyOEO&}R2I-w(rStq2JIVo$` zktBwlZF6l#$7h5J`@tg?s1>Fc<7wS3%fx*%+fCNxO`Elw3V;7}8LrgR%5L%99o}kNDpG}__T#*45pb=i;dc!KH2VkLal|e zmNFq?EbVH9hPIRrFvlUoAf0rfGq&RdK9#@OC#P`#n46g-h6b@zBI6?d zN$Dh;a#E4ETu_;hJ^#3c^i1XsGIm5`noKy6=(4FqkywZ8%Ruu?FOu*?`eY?I$Jrpu zPA`&Mz4?R`0k)mxP$^ey6b^|51R?n-4$~<`;9I%`6HhusUEcLMpQFdQjY?*dWC6ih zQ>jji?UwW+ydCjV$?<|PeGqS1>C^Ib(U2@C1%6X3zxDx z37lnkiwTy}jwQTi=!bh&!sfy6P1^D+GAMIeD-zJ9+v&&cp1D>X6Z>8x(jexB>4T8Z z2k$f}4+|R1e<333-lvbZI;KvcW+e5)$RnhBa@kwWE&V}6<{lv@pnFeku3N@D!fy%^-j{o zGx-oh{v=9N`HDa&^ewdL&48}Ftka=aQP6sMBh^gEpUH^1BlK~D6K8=)Tr$CNH z>y@4se#qWY{b44t<$#1+%R0iHNn|hK9HPD@t|bAh&pqEG8NVgBb6{*-uj^0cql4*w z`e*aoA#1%y@}HItT^bMt{Y#P!6lY0=^;Q(y!GhM_y) zwMMl3*pi9}R5ZLRMtV8`6)4o^c&0xd2&sWP2PEr}!Ac`K01%Tq4)fC$Awu}GKi3HH zu-fnVL6rdiy(>lpni^lhK3lZ19d2LzgwkSAjce_|DSzPFu9KTpIEnjTocRNLQP0%` z2A>kS4%gePHa@pz)tXm+rJ}mWK3^PUR(BD&Cp;NsHFrLay%sq}ujr+1*w8bS0?GJp%$fO~1Y!DiF7`NQtTaO@y_HD<>z{hZ3 zES0(*=ImU=x4fA8R)prrlShy4f^PX6*U1_cPL+)b%1b)tJ@GMbm-u_cBZ}a%fP$iWto%Een(}AiLAIsLqgsB93xB6FqJm8VT$Qku;db z^|Tym`_o$}(ti9TJ&(W3W5vJ39Y-;($xFD;^*vhw^>31RQ*E||Nc3!2+LBl?op4$ z=C9L-yV!T0VALF;kn3 z((Z57w|-3=gBsC6&|~Cwsvx6~Wn=pa!|fNNCsw=O0&gZ|yNAs=3yf_-cAJNeY=$qm ziI3$t>V&~Ajk!O`m?WLro2z;1r#nG{|TY6c_ zE1<4myZ9@EN`2Q8gIZsli*V{`WZZW zzXDr9#hc>WRHvJx)3qKG1YnE?JEhpzX0dbI^*quCrWm14R-(`00zHhSGnlF^ z*4UuTq8%<2S|ro~xsd(c2zeP~uoLRtHkq@QYC#>w`x4hK?lx&Ubv&~K6-d43Ew0`t z2}S6N!kW=4OSj`VP8fx3-h|zIsR8Ju>-B%cOH9Jt?CdLB25MD6Mo&WVuHv*5D6Q>! zZjojVp&Iq49J;eUv^;T^ zNYjxhrV_YywD6>11N7U63Q@;D&r>Aj=0dsaa;#=Wr65l|EL7ZIv zTt8}xqya98IQXuTpReySkaFNU`Ki<# zPEV1VCR1rW@7If#s-qNN;=cD@CG*J0IZd(sp${&yftB$Zh_%LMOx0s0lh*bu#k3MR z&6PomVr->OnC8#Zp=}lpeO+601!O#0|Gk(-o+g*lni40?1VX10L52Wh#hiP=tvJkW`YG=P2+v#CS$E^h-zRa?1 z$D{WqS2uBo^t(9Fe`8L00GN?^NB`R(Y8HHZN-2iBXCi6DBb= zL%=hV>PytA0cBqqi=t9cW?TmOJKWnpN^K+bZYcX zIaq+e$*4rTzys;rp3_FU2FpwA#{j0N5ycA6eef~5_L8O>WO6i5q-GX{C*k{-srBLE%R_OzslLF$r|q@pZe-?{L@C@pl2svqyLRnAV0ca1#8U|8$Ns= zVJjFT$H-rGPs}yMrgV==yiN_(jdyG)*i5zYi+V37STQ}$$H=wkZmo#z$srndEWKni zI)OgM9wdZjm~|g%ffqrM50D=qv>f880P{Hnrq6~v z=BH;K4%$Rbf(X~i=$M=Yl;y4&^1Zjw!?VO^VH9O>!c#GmB>fmh%GII5LXe%ULnzY& zg|b)e!x*1(@V`!Ens28!lF3hn%Rp&$(O%78h*|EWm6ZA;qkE2GBsNco64 zweUsGE_Ef&1tpq)!U$T4XAmi_EEDmV($9+lv9?D*l36JKhI}~(=+cNQO!9A2C-X_5 z%LGm@{+_TjIp?KBH+0Lq=M$lOG5Cox5B2aO66lZ%ST8CfMTwC+MIrEw2@JZ#qx2rl zx#ceP3yWQe@ecei#c6a4b#qGK#{j~UG_Mh`UI!q1Aa{OqgG zeh^>$)2byuTY%P(sG0dlNWhy67RxM^5&Z|0Rn$luqIvzO3533($I!z+I@B-C2K4G< z1=tB@SdQ&V$(1+#2n!#H|4L+-;bp!%^pB?ZYM{05j!3J+qas|Or03uUQ0>K_%WU(w zbSko6&owiMniOGR_Tfi+D+OQ#ob&v%IhNy~Es_Hw4?^zCKI3}M4vzqb!TN%1$j#JW zM>s*lVpY3r20Lr*yX8W848$A*R};ZJpe!>oIz}>u#>)I&$vBwfdhhl z<^yQE>$rHl<=9U@_!;TyorOe^p1iF;G@d{M3&#x^NsJVw)&+^^1HeFW6jNFSPu+Z{ zM^bfL!{c48m41eU;lHejU08eo>gnoWPC+o^(@~)px}0QEc1K}ZW!`$cHUEitJeIcw z4B748S0lvl_`vqpJ*y5HwNa9ab)NW=!ZZ;lHH^hS#)BOVMl$!-bXxE!lkV-@%bEpQ9CVGDLg8yt9|A$K*UPP+5#Q3r0bnxYdGz zEWM-UG)qbcyJd2pXn7qSOIxTTC zh?`jae&V#$S!{21Q_Aq?@o^xz{}!_F^%^U7&If21U_P1P&bj|mHdhC~;fX6B0leUu zPB<=h7n-Haq*RJ%0j)Up`|~h@csvoloa(acQ5)1(M8#xB*{`E7`eU)=Z)Cl_|bM{fdoAU zk*s38n3KqT*E_c=lNLIn*Ki~H<@QOuLtCfPRX|(YO?v|%MEWdGjf}pvZoM&b_OCm| zf0K~=o9wRs`{kvN=2ly0e#@V&+xR$lh&?{;O1*?(Hu_=S@#$HPX%aMsz%pE*!#0wm z?uvs=cmfu`_XVmU3H$_WGHlZYC?2XlFe#Kdhmw;}CMpu^w(B^cPX7LpQ>z_=<%;C4P9b@co4WmHI40}LzSnDsmWUmbXR`kCioJsbvx zbYMSDq;ueUX`#P+o*^kOx&9XYBl|2+H=-C$K1kdWFZJN>o7 z_>rKa`s0%rWZ+jXU0g*mNbLN8;1wD&(XQV_Db2=uL zT_z<3bGAxLX!#}HR$8pD^$zDk+g)m7Pzk9%|Lhzl^`%6aR=vHkdNcGU+@ zbR13hdG3YU@vK!?)gK$~X-+5XmWrXGtY_?__xv64437wIjrN~7T+Dpt5H8q>2P5_< z9r$p0J(pc>K2d5;K;1NVM?{I1>*pxH`H$@rE45U@j|ONv$S&m%`$aSrVaVwpexnG3 z5JDw1TUa=}gzdsz8rt#S2Wmfj)m`HGlPI!TdeT+MgrCftdVjD?e`o;@sj?)!9N~6g z!Izu*WNIz7mER9G(79*;efgs}+r#4-v)?6l^}B1ZV8LlRV*|Es!HBK5kJmg8yS#%V zj?KRh#w05xWE#S`%>@cyCY2!Wt_|tRJQ)dFsg2boZbBEUOe#VYntwaCd@d~DG(pS_ zO73!RA9dLzrn%oLaJny%(pgT)KBokm%v48ewwHH$F>!^6$!*kouNTtqO0*uGsORNA z*+yPLy!g54w7)r=*>gffJHAYwaZH}_`ZD(=ki>kDeCYF^n2zuIWLU}_+Or$>$}`6D z%S|h^gKllY=P>IZ2|k~Os)s2de1!MzfvbX(8Hgz=Rod%#AuZo-Zi7^sH2SrKcqxq* z3h1mfXVk&3$OkJd86=szbOh>?kb{cD#$|iuDy-Vcbh5OgNA1|_F*M|EQ23S6kF_^C zSsD_}q;Ec!>~*(%UR1`;-LtvKY3+GXQxf9e!Jvlnm}lTTNqI7a$gy!jPxa4y%)4GC z#gN$m8(z+t^l8Pv`F#%775nC-`xEURT#|cbt!u&Imlw38u-t+aR%X++vodWgLh=cn7z8_s*$k>~lI}Sch zH94p8eb=aP8r9>>PQ6&5+{RT;0FT@0vN%Bm_!@NOi{)L>XXn@1N8 zTCN>A*b?p$^{AD#IAMa)?=R*TnveKyh+4vvrbf5093LrKv7YuYB+K zCf3&~9NJeuGqZfD!v;>83E*7ubD`o2b&&Kgw7+?nTO_lT_ya3C(b<5{i|_Q=BMfz| zukWyn@_AP2LJ!wCozn0wFpA%uyi=Q+TFG-L00Nb;%xTAgEE?v_oT)6#0lqa$LDM#XLbHLi>`p$^UaT8C! z%ho2U+ZZ@DMN*om=!6PnH`ltuAPHgC54hLgbDf5a1d-Nij2+{xndQgI*Nz|oD#*GT z+tD|Z^(OxONmmXbBRTYO%YWwZqD;}2h2@2Jo#u<5NLSjbv=CrdD0=iVh^V(j|9XQ-j(x-s z)*gpkG%#PXqUzliLJTjRv7_wnaURnIQ4|(S9MVmHIwAR#Z-YH$Bu!X$)&phO#h4nL`CS%HZF%*XIZRhvYZph$@uB| z3z@x&QiDkD>n@$ae{QK3Simi`LziyRc6qdGbB}6sYjcds4lFu<_bDlnMKC!H?fMy# z%r}*%e?FQL{y@4R{X$%gQwhrxWBzJ35*qvU;k(S3825~y?$JhSfqFk*2bcxQ8=2_` z1epC?{1{8|kUenmZN4d8RAqMAr;{ZQH@aw3dRIew*Qh1J;bSo|WXDE#E&rw%e-EK{ zG}Ow12XkgZwDc6CPwna2E#~@w)c|e35F-tl@)g!v+zFk=ZRFWxs{I#DpH86rwCg12 z#}94)I&IGV%a=X~cm2^b?^Adm?C-teh@x%rH^n(T`j+aK7A#I&X!j>qgAV!O85wtx zY0?uvMy?*FG0?8LezB()x)xNZCu~yC(EJrT%Ehwv+q&?13cAeYE5c1Tob4lS zROqRnpP^J;EabE{9X8FJd;DiOEMj5!3;&UJ6h*@CZ&7v8Yn*-@4{(tZ>?gKLXsO3@ zeRtO5DOY2fS|?0Cr-j|PW{Tn&pL-ze(id_yU3x!6AY16cE9{7Ll3UnG*4pta;YjE4 zZ#}G!k_3BLd7Ez<2l0VlIz6xBnS9;+XIEbJoWg_u6?5&jL!n~zlgy>IAOuyF+b8u# z{g}FG+t#+Z=cm@kGY<_{p9b3<`w3 z#^1Yk7ZOls4Qr%CsRhH+PV>GWLRm;1T6cPPagFeHR)#OVd(}#ry&BT6>e675O%t5@ z)}a3=yPv_ZBf}+X7tC0k3Sal+^g6s3*Hj>t9^`yqnWA+Qwop|KyzPwQzbxb-a7OH1 z@ZA}#N%EV=tbdK(Y_c0s6Tui;ZC!P{S}J(s&7#ev27|zd6t`u6%z9S8dG4!gz^<8- zUAV5`s>n0(^-*jM)OjnsBCLO6tO4_8sRTK|M@_gF0U?@`E%%l9cQ)V@SlXoYwVf1K_ zFj|KA+OU6ERnAIxspm{mL>lFVifG-@4}N*vr}Z!`m+Ria)QX2*cwI+d5JsJ4jMzPS zsLc{At2lVEf=zkL%l0Z-LEZdH68BDtAPdDfCq(lF)MUN0jw+t}+AXiJ3FSYm{Fy}y zzpm!k3>HVgrFFlS1-A}leEj*@U^c9ePciqwrJp&a!lRf9lZ^hOywLd6;x}1s{ILO# zdiBw+8ALl-%PSRZKX2otGuuqRu5mVT(BdNDs{T>BMG|e`aWbCtzh4rSozXD*;T!L= zIw#w5^-2X#8BLY3CfxG17juKR){*$>|14PW7}u#NCiubH&A+kwL9^#(D^z2EsbId% zA8|*-G1+;F9%FmCwq=G-Bh3U&7;sSK&$8fnDm@M3@7q1H)U7t2-bLuWC~3Ue={`kY zo*&h|K^N{b@nDi*l;YD6``bQI@_gXR#r3{hqI0L`XNODpt)2%5vu7=c)FhO72lYuk8GUOMlgiq{4kyyM7~@&YB|j z;au3YxJN3CQB3?{YmXVDXzAH0Fl_g9l3I4cqP|{UeWr#!gLO*1Bdsnr!HW78agb#rRNZ{LKp1%I$iRr~3@_l;7| zyK_ug%hri3>BXv7gbVtC@yRN^6r0E& z(kAy1GS9;j1P7{Kn0#HY-;v2oD|4-%Ig(f1DJWc*a}5eUJHGTCT`RNdMErRZ9kf4D z-6@)W)Gt+WQ%vN&&cun<;=h*x&3~3b(1JoR38CONq|NH!&imz7oy)I?!$0xytS&v; zDWTNjOzA2l7cR`|$?2La2Y-!ozfut`m-UyVFXn8DqxZ3!+3{FG$cy|K=xiMU3|dYV z_T-1|(%!#rbay_Ex3sL{QF%fLqb;to7&|{;Iz zQ3WZY4^{^(YPEbbD; zRb5uQEswKEjro6njynJO9QmROwcYy_YLNX`F|5t+_8u8m)^7>iW%T-3qQdGy(Yq@m zq&u;H>eK0^>75UU?u84MUcH4ZiyNqOJyG?-rH5DZ-PrX`x_tDSO=%FkL!P!C^hX{rMDn43!v}6%%gK^fJ%}pK+I_tgYWDtSyoG(mU~(Sn?tD z61?3-#J&px&+$8F%*6Vyhs_wU2z`06^N73Y0e8B4#W~5)cUgh1%pb`|(BF%A|J#|3 zTjbyFK&XQ2tX|^-UP+|I8beSUjg>ytbF(9#`&jQ$)pxiVjrCqxrmHz0Z(bq&K88j5 zx?KZyp6~xf6JadwtUuGt#kQ6o z_5p?{yg}Z(UXN#deP@Zgy3uPYrtzj_@Apv1-P;xhrw3(zAL#zYS@ttQ?%n^qmodcI z4>0nNI7ZLbo`U!t$rhX9?J8UECqW)m**x+6S8eAQyS z+m3YAWqJ15-1TU>Z`kZKq;vpFN7zvAgCpX*=`hNyxExIrjXZvYm@7OtjxNM$@K2>(ccy?dTx#iobh(9G+BXadCpAnza9BT}Djm(aI_o{GM z-dUWBDIZ6k;QL+tQ|v@8@M~`TSnSZc~tKPhKdaS4hJbEf3!t zUUL1>Wh;i*!X zaz}T=kev6s)^1*1rt3UX?_8VsFGtdR>YCDv`uRk4df#xZ-^j7l_dCwPVlrM|r@QrRXr(SE!=N`+{7apFs{ zfuF>`K1id;s?9sKVr5}0Z|Tje%>O=mY5l4{HA3N(_U1P!#-pE{Gkb{(c(LHnU1S}t z)ShWzl;;?gB=J5FRg8P&ywB%mRJ>#t76oHvO21+{NZug=)BhWzA z+%->tNXjzg=0jSZ=JMnWE*vq7<h+P4Dqwl8=C@_r}%YbUJx?@q|4 zd9~P+nL(^m*tqNh7zxn)Gu5l7OcX)5+5;8e?T?={81D33@m?B1c#dZaV)9}&#t6X zM+Sn28hJ1AUk`PXefQZt6>=@C*wPxty1?EDl(vsm_?mA#;Gz=}LtDGPHlu9W!e*KV z3f||sc56;Lr6TLvb#aO5!B!UK`V9w%k;n8{_=!gAFctcB1oHsV-ttYd1Vw`6H^Pr= z-Lg@Tuwi7#dZJ;K#C=Q%{w}k_Sm~*5%8Lo={=;%#63_99erZXO{wj2PzU3vGZM>M< z%*Mnk0@^K-vK`ILrQp}u8&IXb`sr4NsEF6?cAa-D;0Lt@_1;*C@%sG;5tr|;E^yPX zb$X^BwV^meW3pbIa>%$My_06tv~;%AA{)hG&N29nX(_Hl|w2OuC4R4tZJO2 zpz1%#YZ3mjd5??Dty28?=d!{!<#9iP4oy0->*7Lms2cNaOVaZ>(fkqwoe#^`NC)hH|j?-6+^Y7Fqzson-s%W`6&_wXecb<4O}xbI{wQSY-nn0I;Yervm%K6}RG%)T6&o6*3PJm*%9@^O*!Nu&J3OmE zh^I30QTI@}oFGnHo0us(yP@n+bL0J1-@3J)_`35RmTP=&sR>7;#>I z-*?V+{(@cC_U?I~`+n~DgSr27O5lfE?&4cB{eEmIBgwSLq$S#H`cyO%DYgT*#t=r% zV=aj@fnSF&YHK6z>AuqOt7g@I4sW!jOSK5@NHH1aW(-V8M(>Lu{KJV&gjpT=#)+Tw zd#7Bk7<{j(x-Y3%fsTilE~||IJ%CM#ap{`Tu*P$@l!nr~p7U zL1lI6g8-(RvDD8xYc2dBlD1VskTQexBcSj`RDOgIN+&%(AF&uzxctRZEYk69-|y9O z*xndk$)@!t*0-|hAn?m$($aE7Wt?|hppSi>50UAwk6pbZn1V!_1GNjbeBbSUcjb8F zHV!pNTX@p|-@Ti@(R}DZt()5$>vee4@H}Y8(0XXcFaK>imRUpi%Dl-xCUByc=R~ohSaVF(w$l==+y0QP-ng; z6Z^igfuf*!seY|3**xuG5TT)Y_gsE>zj4Qfj=_DwW%sMePdN30ACHYp_`Hb?PFa2S9Lu^6Jyo-ZqQe7hIBvbjF> z2^t36YY~7!*mNjm+zP(MSN-5!>B@MrRA&qQ3zV*JXbCTf>@8bSwOWmf>(_NSQYQ*9 z_@C=&P^LO9K>exc>1B>rF{n1C24OWCZ#HB19!T-=Wfc_SjjRpk=jXL+y*`SIORwyV z6M9x!|2Q>N7;}@(g&)jkhaH(dui)JKEnby>$)>5%jJRBS+~zd!R*_YkjS8r9NxmIu z9kNF43jhYax#F??-MV^h=vezVn zEIONp*e{HCULmDWiu{`M?RVZi4o3eAoBzrOA5gsL`&mr-WMs`xwTj|;?l{=;Nrn$t zh^7>HxNOZ?-R!>HmHQ}}9x&PdjG~X&TEl@Lz%VSc?X#vn zb9$T$vOe{~L5l1b1A_^aJXi{7s4vsM5*s~E@&pO;O#cEtirAk&(J(MDAfA;kLtHZQ3LFT=(&Cd+&=7f2cCxc!S9)`=%uKmy zVzLz&r>F(0{VgKoNn(UrLN9`f{c!U@^Yq=rKu^6cw{03x5(G&>oMCcAVoV} z_%mN)9s%+<@@x9!gHePHI8Hh+j-YgbS0FY$JyzR6HOB;rUk~f+v!-)nZ+U_8b-`J$ z``a^RpSugP+l&k*7}1u?1ml1=GXk(wCML})pVIs--v-R?5-#U~8OWByCW*A7r<8;q zfH;K5v)MVSg+;R}MLZb03!X_*lEzjTClX{_&zX2`e8Z<95M z5}(zK*FO!aQ&&$5AIJ;gl!`O#@as&v*w4TylPAM5)J67WiZ#T7ysOvHjO!Kzy81^# zAPtF3fJ>>Wv$A_}uFmfH2S#2w8_LgQIf(6u-=^CvC#d$ta|#O?sa(_`YgcFPYo+bxFGmOnlPG3#9`RoH#rF*3?3dNog<9>s*p+tutFA0WE24h8H{&W%OkBr4mbJ&I z>@S!XTVJqQ`t<=KXzef~wRXQoyB6pax}DuiGT1&eA6=3KBzH3nByv)cwce*Yd_CV$ zy^d>BeLE>48Htv|lxBJ&uiE*QAqlKW;PG&lOhx^x)#=Y+h2qqc%vRM3-H(E^MNxuU zz}Z1NsBVNtknd~29LYp;!I$F8C0~;M{{GWiyiO&;E7`}VfTZk?UVK;VZ}YOb7&SfL z)jv`m%}bM~WzPFs`w@2-KfhkdVj>UWG1f=zboaf0cPsicqt@0_N1|tlNuc8;h#L%F z^M62P3ntIkr1RK^ol24Jy{PE&JQMD^gu7GQFY@%L<6ItgEhvjf4X1sS;`nx*JzVSc zY!T=WMq_QCd%;4)kOPLhskP*1+eZS3=_B6EIc(>hvMs1F@F^! z1v05_tY(<1+tlH{15>3Y%gR+KUXE8UUZgv_j>z$UeNP5#c6lL#Lq+T=Kd4#J z-5wBV1`dypC&=>8%`dvUSa3F>%9TPX>DoKAvbSr$%7}$e_^qb9?n{1H{`opMNJrDe zfiTH_*841(XG>K5#!tn6mC5BQ;}g4jMR^es-gxx zg%l@SYs?jdr#PYD5ke_nC~X^R$vcnv{A`tGuEv$o(D&jqd-lxsQk!=VmuZL!T&Km? z#-Yd6u=)L7{hu6D0z^$N_u#jHC#yRSC*ICdlZC<3t+vDCkuzO(~8_013DztLV2P_pN~darc`hK`h-}3VL3L_zt%3N zD-HCXZu=Z}hFZ-GDflH4HMJz~5lASh)~nN{=DEc$X}=DkT{6S~v>UHzoDst9hM{2opq_1hn4 zgir-Ehu5irM4N3%8(Ui;bXg?<8ygaH=ZFSRX{s+nYJLl~GG>)@RTulAQV}HiwzJ9I zNG0&)QkzlFX_e+mVY1CiWtMzn% z(PU}K*V}P_hM67A=;PxfiHhK_R$crh6%fXiw&MW3*R_N103~WP(rLNh{v6oB?cdhk zT1UGRhmSCgdU$;4|EXQwrgHb`f@^wK!vPAkcIQzRQ-d+nifb$m>)o|%9%u(?idyGN zuRWD0*BTgfo@K@O2Rj;6dNVrbm5%ZBMW zW+t7_tB-x(Hx=wJQo69S=EAIMl zU=(JO4{-maBO0g{>$iW+loMsp$VJu(iQJ;qH#ca z;+VWs=w?0z^I_)MSWGa zkx~)rX{jO9=elMd4%GJCZ4RcbOp+-J2ApmVMp$dM>KhoSR-4eWD_#hg4ms^KCc_B6 zkFZXJvGwfkW!f>JuKBs|oe1C~7GKVG^|U>X8T^_O!dos6O^2(=ueKVu_?mq^ulSLf z(4cY@?(d5s=982yMwXTPIjN80Jcd2pFSW2*{kL0euTG1xPk7D1C&;k>IWcg*N4$}T zpv-|u98CD8An&T9xWn-)_a++Dn~h;!{M-627olfPjan83ta)KYa9KQ)^9N_dZ-b<8 z58#1G@^*DG>pvW1u8h;65IbCk#v~-rq}gSVF@2zmW&hMu#&ZyZ`pvTv_knn90Q&7Q#f83n%9b1m1f(tB9tYue{|6eV3Ub}( zC9>_m9sfg=XNz}t-N92p)JKFb({R4;DDdg5_t|b#`HNKJLguWK6!%D&zIRzwLgMP& znqAIWeci_eC_(S#0Xv^n7Mkxufp1?DQ0)VrwTd+rLC=(hg_;k zCHk4dz6@H6;t#fJRv^D*_}mT9?!0!lC-YU)Z-{BwYa1U_>k*N}+;cu|DkJsio%v4w z!OVMm1AV12XX7!XBp7dEDxaRAvH6E}qC72(P9v+NEl;7LeE8vj)6@RY?Pc3CA%yu; z=4mu&bhOT%7C8wByqOT*17IGz;zRs>1F?_{DOcS# zNlBz?TdU2qyedh&^Y%zCT*2Vw;X|0cXA$zF?*o7zHt4&)!_cd%6`Z0GrTRFYzHIdl z4~Bx-%ib@1iyIs3)`ZRty(sRgs*+eq;L$9L;1IMhAQ<3#Y%KnoFQn>0@WWp#HWfEb z?q-+WAAoT$;*6D1vl4H)f;xD=gUV#nZ+_dUqWVQ66Y@O_ z$jyU3_!&NJBp9$U0=7zauxy)`^7hlaq9RIyPCJNE>9(QrkU&C4q>u&Vj#a<$TbIZK zQ{aJ+P&UyegteIlOd#@*k+J=-(-35pJ;B4KlE93(4^|O~;5b8iG_`mz*EN)2tLaS1 zWaqXRsLe;D36b-hOT#7>rFXoo8fx*of_lz0ii{8x)P@q9>Ma#%x|MY$in5t_E-}_S z?qkCH6NL(EXS>c2IG%6&;pK#pbhAqX#o|#(OLm?wVsE;v+ns{nMRp|2v?xo!qKMO@ z)$}R4HQ=TRwW0Sh)gea?-Z>(p#L*g1wmBQoa5C#3AUU1vMH;ch+lkPA-AD!$`O6u1K`Y5Bp!>-EXKp!Z1Qy}FnD zte0K5A{$dE*qx-8msdLiU4q516@Mt%0a6(|Sk$Ir~LJ%HY(p(kTjD z^h<5&@iLAVW-*;`)E&*DN|ntar;UQQ2z^$*9@LU?(D~yI`>@u6E0ON^RGrJXROZFg zrYgO~$IDS3Z=!5?w}$?^r6Xl_Z6f_wmfyIQi(4~es3;x*fW!BDGZl<1L+UEs zkzu=y&fC$qd!akxjyv5i=J2RkS$>a)vwMkTKFweKO0+rk!7&f&xc+zT?OhR&*B(Le zR~Le9rPKOw@4Z&Qllzu_w|n&*w|IS~BHhH${@?!UB%RXqpx5v2S510&LA0PcPK=g< zfVRua$%!5RHeL&SY_Q>TvwO4l^bVk$*xiP#-qX|KO>pEJI5920DJ&FroXBvH=>x;xX~?m>q~wfwi+;Tte(zr0jn_T z9jId}!i?)y;H9%NymRk!*(c1kFd#!pzZ|6lyU+64^M9wuIz7#(RoMY|2o0!tw3it%7HT^MDD)pPz`tAUT1G&ODK*idTvwTyA+w*=rIUbygLNhNCy4Hs;8T3 zzuley-fdt=XsYJoO2+TS4>8xZ_C})(LZz-pS-J;jT0R$vAh?biX`WL;Z0xtURZx~a z;sNdX0yzS~(>|KHHUa$P3;w8`{L4vhHjgn&*)7TN8PmeE=Nj#c8<9o+hF9tb>7duw zg~`p~o~TPi*Vx-C)BPmoD*)ql3#zMr8<{AqHj%vp7II=><+Nn$YN{LK7KNjsZ;ZPs zQj}RejUUgKUh4>Wa$1&Bcl&l0?7BCFpWnODo3SKceNGXur0_VTE2p z*s=te$cw6u)x?C@bg4L-47@+)HEuyvY_8l(K4TVMA6NMVc(bk3zz%nLCjGw6oTZHC zJMp98s}BYUW5NJyO-#XhRqF*ar=r&lE&hrUX+1g5IK(tE*Daj8Be`b5Hb}coz?~Ql zx}#zcD5}4Uk?);8_b21F3!|g-*MFnuEtp?wSz2!U0DW7moJpKX=zsT_zv$-xaa5XE z_T^+}kcaOvH4|zrBIA)Nti1$#!uDdD* zuR@;fUU>U2FxD&E<{!zS-s|E_?QXZ9lVf@xrfiO0okSbE7Bv3?mcP7=`|E9V_R$P* zOuZ2%tV*Nw=iH%{$S1KwE--fDs9e1GNhj(k!q=@!I!cnS$VoJycGW4B7Cy{I3G-oRxf zR+y8)rhcbm4*Kv2k|4mp#|fcO`zANbmIpR zw)Q8Yf(jRB6<;3ARU5dlj9Cuf(J`j*!7YskV+u+6NyN>oext~IHAt-C-<9Q1e}Q=p zA9COcRYYINRvP^yvuwHHt>?Idb0{lN)-s{!O?7#*u6=CtQBZF`F5{ZnMqssyT<6$U zUwGT~KV?X{%Yd++T34rchq>Qx(#H$~m^XvWkCcQ@3&Jz-oVnmK=uvpWKaXd`e+OGmBgTlTax)O7z6pze2}%NDA#Ho4Q6^ z97+}?JXWK7bEOY-{MDayoOgNJKk{K?{KQ$??vlY{WiAtNKibd_o7u+WP-4GOozcN* z9L+tB{y{q$ypm6vEw> zSfuOhEmp#>6nCc2h#VgekAXODKtapaIp)A&$_x&;`swXAb*`riS5m-`YSVGq?Nn+$d+zZQ_U2FqDKbEu2;Ohvc_ zWi5_vhD^>Q56kV-Q<|4)JXaU9?DtVT-R#fJ9~UA23@+YDZ9#7Xwd=u)KadF64^ya8 zrXk_umyaK}o%A1os;L-R2uo@=&R$nDt2|TYcgy2Y?p1qBBeNR1*s`g`VLNW2RHf4S zc`E+8+JeugdL1i|h8`W&2IO7Ie;}0uxGR4!#fWbMLI@DjRf6SI_@(% zzDNMG>iewWK3(+7c5P%ZZ{=@d1xOTRhsXb7+Nl*_u1rYBqhL1Y4?AxLiX5QBo-w7H zq9W8kq-jfZFH{d=qX%)QJX2OPQV)>`Y)2y~W49M{qY}tE5e21gcXa;b7gC`k0Ujdpx8a%XEognu^A3JEpcC{bPG+2O3em9?azs(#2ZmC_}FC|PAo?PsCwy+nUVzZbw=13aJj z`)zs+_G`{1l_FP@Z-?&A)pr}V>}iP2ANoJ#Q*=sR77ddbr648~PEF+(H3>sTf>n;a zjgcRlODGGGC#}lcKjJF;6job3vsXx9fo~V@^^Yv>u)2iXpIoO2LL{H%8 z>C$I?%w+rhS?VOko_Q~!tIViyy^z*_vo+~Ibz$||#%p1W5eo}e*OFP$EVUGI^Y(LT zPb@PEM#z-&Z^;Jz&}Z_9_ql`#6xF{oIfoGECZuk9AJ(>LYTu7^&YQYGwI~by38z3tE{(D9#$+ zz$+QLrh9dH<&b8uv(nc|U#;B+!4t`sahq!~SpH#lJ}?4TU$iIV#mZEU0YPX_@3k6O z#3ks$BLYG^yX5HeD>Ia8Wf#q<2;Z>T(~x!{>f3KN=~Rt`PeeF^Tz$=}wOR{9tI47YkK5j(rrI5R z%mY$Rw~W3CS-5#RH+W^ccs_c!iD$`!Kw0P_;mU|oF+DGTiu>KKvu!Er%u;YE;~+Qa zSCFOg2oIr%9#*qIVRZCgcziRc!+5QGEW=kAe_mp9!*HsyphHc3^Jk#={%jR1CAm0w z`s(FLUb(8?bc=w@f}Yk%rc6!^m(|!8pXvhzd|p{lSS-gw+nJko07}YWD%bS9M3vVI za)qX5ElEA#rI^}8r<}zUomnz8>6aE=x|8yAURWVf0<$JMg`I%)a_8;HTRhAR_=o9y z!rzOmAlavAHkT32;C+ey(Ac=R$GEt-_|GM`-?%(+q~F<}8_&->Eb1^oJg|L7CKjmm z$bWV8oO=;4Kwn35>I~x3dHQ7Bwiw`xi`3xXkdx=$t*vPhz5o6srVxH!n;_9$SKwEB1t+M>ERvDTQO*C$2M2+@ zDYEmvT)ybbh) z8(O}cB)&~+=u;i9P1&8{+*@vzQj1U}Ef}Fpcpf-FJADGVFL^Quga#MZ!@I`iL0{6) zimf$5I;(I;b{l2P*Mmt6MW0v;6y_i%)!GV_p>OaRpcQ(yFnkfJd!093csG7>av0s0 zIqR2zsab!Br~4;7oPL&j$4k~^jpbw!f_j74R@M6gfeh{5X7X8Oi&DH<@;@@j2ZJOA zV}!SddFXO9D`0%6SGsglmG7pa*$BDp2964D1pItk=azP_OIIhIghQhhj68Dlc}4O^ zby3QiY|ag%f0C#aI9*r@KqxYBXi^e$TG!|-$+FK`RElzbv+M4}=TGo~|JnU)Kf5zW zxEnfs^w^)R5#-p6yin&C`9UQ;`={BoVeEMQY|e+_NqXpXcV%4N@wM{o$q~YP%@sDw zsfqWiq{Ln5C66Mx;DvNv)-l)9zh|TFcoO`&`zv!vV-9|2Q9O8a+n@7EAN>7%{ z_&WGz8JFO#eGp*_^7aKenVpC~TO$OjdsOFSf9qAN_~az;=wE(MZ36$3m4&=|A+BoI zn~Ij%k-4)r>f}&0kDws8+I!C5FYJHsb0ELKZ10jMHw#T>U7t1bCz|Afl-So}^UF!4 z;`IXr+1Z<_36%zypPFSEwY9J9v&Q5Y$V~1nmbBI3kc&)xXlAq)J%400v@$u>SO|boP*bU@EA5sw|HW!_x&p|UFl@gNH2s$A8JI$prkQy@%scbxCQ<3OFe#FD=ICQ238mu0Wb189uv#U~z@}ZiWO3nMTb%5Luy! zElPS+`cf3tamx>i14<-*e93O}_9vV@;IW^h4s2J9GfMpcaVYi`M4% zV>Bxm(2#vVLJ#d>RBne4rg)xcJ#at@|I{&~GF2bPax0*5-}Xp zyme+V3zU+G78qWy9`Y6l78!csL#q)Toz2Tq)Nc;w{7Cq~o(XD*D*Z?u+gxyBX@Z)-wHL z92(J(EdN#XYA~gUpZ+hp(Fjk%9eLo}v`6kvNcoVMGBstUIDywIr`mI={qvxsZy``C zJ8C=wlBiR0uoGg3n^Pn$7)Th17{TMTklfgnwXnM$zfXcWO-0|B?5h3ahM%Hebdj(3 z_E)hDB`nKbT8?JnpMmxpA{3V5KAr10KlF21nLS3h3L(HLkW7OAZ%F-vr4U@}`Cml9 z>F>u=9hj3HBXsdiJ?U4YTqd&VuUsBwcUJQmkr#KZ41fA_u`M1vh#HQ}*CRIeuaIWX z>@6(Tll|`pJu{IOijcLsHjbH|#G=|`WN=70IgeZ9PN_`SD)+@kb^pIHr1@H^?-%0G zK0V5%%rWTfsk!A~&GMIzoQ1USI3XnVGo>+QuylV`v+no0A9$yPUMC{IclIZIXtsQ$ zkF@(%wuE;)gtjIgTdkhOf`d$3G*qk4`XKv5>4T~pKABsB{m7;h?zJr4UL6Ue^>bY^ zznQV95d9fwSW%49!XB67RnHNc%0*;h9wxpGN|z zMS_M=W_AO{<2J9gD4xHj0Pf^<-s1Wts4MmKI7PyH9H=Sd@I=<~k#yg;Jln2Flk?86 zsFE*)a3xeaIxDa5WX7K=n1Z^f*R7)f0WpH=jd{d zcJ5Oc+Sl0Pw27$?bu-|9TA9pwH3Qm zvyOq%f9(ak?^-g!Gntp;V`k*6Cq8CGSqa41_cyZ(B|@e9aWWaFPk)XH`=6(@0J#(|P>7ns9TIX^9GS2>SrmT9iavFqw7@K4Ymo3Vfj60z6(IsP9#y+(9CW2d zA2n$FD)x!ow8BYN>>G{r_Z;ub!*^fZ`nR(qa>()onlW6>cp$ii>3#KvMUit_!hov7 ziX`K9lSIG8O>qi0;W*mGqg^6E%mfUt?MR#-E#W10dv~7nS+c zhr#3HYfS(q4;v4}b}Wtc)|+LPxfvxj-QmrsS<)2CCf9ZHA?vud5T5rOxwZt zi85r0-D6(Gdgz(sCSkcw1yXSF$)c>hTA0}!G#Wd~BEH`GY z5qk*Q&MyB;^H|)>^Q06Rl$cG#4oCg1UmQ&63C1}|xbNp~5v zkvPw|umJ`$JhIVsIZT=o7#Bq@=H&eZJp~0dHpvC=0MJFM!!duzlvtryn*T~W5_50N zuo1@o)O}59W8@&s3vDk9Z=qxoD>dmko-1yM?H@M{Lurzsiy$VU71;nJpuDvaH|w_# zax?reGu0wt# zGUR%mZJFG3+~4uKv$#_SRz^n7gdxFC6{9bIs=9sRve>QgM<_yttg+FxR4fK41l-@A zt}Az=K)i_@IrfV-x}%Kanww|OKV-^$9m(`*{tAqRW3Guot!|k7W_4qPz`zW5J5<2! zyrl0y4n%NA6SFa*`zxZ7ru|%vCyp;I5YSv+QeCIssy@=}`H|Rto=x(=#8xu+6GUE< zi!cAFe{0}JNZ>5Qd=mwRpH{e6=-|*lZ#PnjEh(mNbVDH#o&(*nZzWzHO6(%X%XQXn zI8HpaNIg71k_0qb7LuE96dozfX6Qjcjc1JLt#x2H&i*>j%HXEaDj;3!z6B14DFW`% za`2F9jtX!44zkCVkOd>}itL?FvSMBW?gz2is>B1Y?IKGzzv+xT+-qqaFg^#TU-!HN za`LM90!|Zx4MpI!!VG00uzTRz$>Evs%myRPX(&e_J$P9&MZNN9d6c-bs=g%0xpzo# zi{i*kw)cr%HvmrXLSDm>ktgTpLobBed^Vj%o^yPcHr4-44O{UlCO0qSA*#cGR28eT z?708auYg~W35BBlP*i;d56`_D@ZFtbti{V0Pyx)M&~$!2!tY6wYf@NJ81gpCh-*jI z`lGpU)^_cXoSgg9GN!JvI$VpEPxHbNwYP-9w3i=s<*yMp^0)jQg?hNhsE@-4WE%(Q zXyY4dVs>IAAAZq-iyIY4hw7B&N{Y>(*Fncw|iX zC(au@i3>pELZGG=z0%E^W|%K88SDw2(guwX@YR3w!p;(T5CAx~_aR5s?lz^5k(0_I z;TQk;tgtX6=}k1jJiJNGVs8KR0Sm_MVA)dgL{Soh_eVb>8wpNLP5*gpZiojW51(OB zHGgS;{FyalvI#6oiwU`;@6pkYP_TJ_NGy|t$~0D+|5=Ps;c00cCF$SHv%uc>MEwpgoIG zJ5v$!7PRHH&YE?4Dj-gDP!|L1qYARl_y!i6029(n*PDHKL)G&=c(XYc@(4~RayAye zPS@SDXPN#{V*Rh8Q;kmP0}5A*#Rz|LCe~k%0pFb_0g@%O!XZtNV2lN#o>+#qXdfk{ zI^J8JNlMH3LI8Z(Yq~t{f?cYi_980dE8~M%q($z^M=B~RCf!zTmyNudOrIUP`~VKZ z-zNzf3$h6k)@h?Ogg%tH`cS2>^Q0TG!`YgvSed|V<0tE- zvdW`((4Cvr(a?{bi$h+(MUTFkm6p~3XMfg#I`F)IfXHaI^*mJr$9A@qc?$uDjuz|> z5a!JNa%E)C1cbLHbf6vJ0%L^d8d3`KXajU{9!G7LCnE`^CWZrXG-^#eettRCZxTLb zU!#t;dmt=`rpGqq+KjtzXfLt$L`2KWHV2{IM*f@r_q}BB`qG_RmiyEefj84|41a!5 zQR!jcouu)=}qV^JU~6GUEUOgO7&BgvI$kr~Od)Z8cDZy2{OrQ4b^otoY5Y zi;`O=WY*uMkAFXf-Mb2407?E>{wa71WrMKoXa&yN82614mUh4Py!enNIHhY*?)&Nx z*ki&k{sJ_Y`#|6qjWqPPS?YT(HJs_V1lOBn0=n)dHwIJI)-hG4_*-pLf&Q3Dni$!O zgb(dUfDp(t>4J*n9uL~3Z++_eRJXkdLSh9~pm~G0Cz}hO?|-%Z)*6DYyZpVu*__Q1 z1+loUmK2!OMUkl`EZc{J%YMt>`iyAxU;Y+v&xC3|t1CfMYmeU%f{((%hB1iha%!7oUejd@R z8jevmjp&-ph~*z^l#!ULH>rQi2m6y}KdYMee&S-J))nd&Pdx-1(C>UVzGJ#%FdKn4XcRhC3;SNzYf&y3YhJ($7sLfKF3ztt3SceP>al%ASdJKqvO3{Ij_>}JYIfzk|65!RYv73DMR zH}BD$K_yC51{pNPN?F~(SR~!&09kR;Q^P9x!N9h^iaD{(gAzMb1`Z-0u&?^uU~drl z{0090B_JeveR_k(KJd5>T-qj%s0$~cTbTqX=9=*~cPd`R`Y#(Tr3GswwKwZN@OboG zY9`EY<1Y;h9}1)5^02!8O3M}@WCi|UCU%({9WeRQSoIA7Z`r;Ld`*EE(fu;zFFAdW zJ^^aB2R{M38qna>Oi_+LzXiFlp!QR8RgC3T8gZweZsrT^QDRRpR{rq@9h?-i;|L%( zGb}QL_8tSB?xXc-q(>XOi%=@Z3z^|8W;C1~XHXDm98q5FhL{DKy%k~p{5S=lzMbFX zSt-LUq97E-HuWGUAd1BhfK61j813vYSVgUYs@{JZ0)MuJFp9pp~zKd>7% zjOT{~jUk4g$k#SEY5Cuep@5!d`smbM-f#7sn18Z4>ExL#G07mB9YS}0dkIqEWb~r( zGXcW34)CHpbFsniBk5yKdHm5Zc?~Um-Aj#7)h{(oz-wF+sDBu5YbkQZVSYGS|7$#& zC6w1zC{)br(zidseuQfxq>74!S?dDs8^GrC#Zmbv_wK1HM7L(c86Wfs0`@0slYt8t zBQ)WB3M7eVNz8iT9lE+lp^7^>QkgDoZEem2_=qDG!&~*GzqKdMPEJZ4H6OX$ ztNiOzLC}kAKV8V?`Q_&K`cjS317Dg%3};mVKxbZWl74M}=6?0rCV~sRN6()?RPY-v zXFM)kqL^N9!vEHoQ?p8!Rybxrm;&W{d(vw$T{@)`*Uni%B|bR2Sg{iHRUVWBUVn2V zH;JF#{-h!(r6;2MHZNx+a;lOVk_o_9-K_6^tQ3=JEk|Ew%tw$q38(o+4fqNToE1PI z)z&@o)=$ro;l!5VL9SOiaWJ{FBPrU`-ZzbY{ilwuZkp9oRnr4fTwDmy7pCD7qQtPD z_t#Xi+hy06Vmz;jmyD*=1{*N2Bkq5m9VP!1l6Be=zvFuuLVd3Pe`3-0OMZ*#Pi zPbiy9L0 z6P;xdUgLz-d*T53rX#yec~a!`6px@3#7SrAyMWG2m-wb6d1b0p9gvey|AV0Cn)we3 z%kfLfbmf%;M7ZPa?X~W78N7~f;Pv)WC^vA=w$<$8j~VC5LBs}xIT3J}xxz9y4ic0n z{S)b}LL(bdWKAh#X+`+hG+Sypcm|i5ivNUI&@Sal5kf=rH;KSEnVkP6F=BiB(%UsT z_t1Sd&(nz6D0=qh*^f)>!Ed=vvM&Av%&azJwzC3>Mr5jD?%V(3SakHOpPHg~e0=*F z-H7AMU*7LS0SeXV0?#^1Wohtt7^3oD$pS8Q_<>z4-B-(ux+iry)v{6Dh?Iq1d*V80 z_QN^XSUtXlxM+p^e3F$!O4f*V&gN`BQ)#6~WCl#R1d1+?8Gkz%Io4z;S^1tizK7L; zX`+jD>#cA^jEoMJ+VnDFS+RRuc%Vh%qN1!P>AMXLo|PY$JWK^SIPAlVt##UFs;IJj zkvfiI-Z!CCVVhIG%(1>lz7DWo^ce@3`xD)+|8xk}>y@mp1CpEF#7MG7{^>>jF^$_I z@`Y+b1K6DXZJ(w*PzF~nNMe*O|K;Yo={=BmLhB&8JVC~8edOj>RW53WRpxreEe!!j z1Oz?X)W2eQUZ+!HFd^-g{gzNrUM!H1Npw4Lw~p1#=P@+_%3+32#FUdH?~y-8Y318IZ_QumXa}rb-nL6TM{YcqP7TDP+G<@$1Wk2Ql{RGBqMQ zAuq0Fq?uUBt;!?p#O$SshZmT8bbHCbmP8_!{e(-< zM0?> zWFPpVi27(_I|iQW!^3~A7!V8;7LrID?N7FG&o+NnaIA<7B;OUvjb9234gElmj&5{) zeH{VbNzn-LzVMN14MpZAGHS)$H+=X~^?Rq~B?b4VTYs45?!zSa#7XeB6!Opg9oYS~ zzqgv&<`^C((*aSAoS{TO4q@wbKb%}51c&HM^Pd8XN&{zirgSnwyU9r^YroYs%L{Wj z%`?0)w4mV0@u>|?j3p+{4IMo_{SH!1%aPf0EGNJuZ6sNRuW;QD{J~P9gys*qLwjle z5aXR6zeUj*8YFYP&ebM#%!!iECPABfMm+Pkp}%if3Hi%vWIg!TKUctq2`|zQ6-K&B z8ojDQN}I7TrF*AuJoKOVz9dP^ua;6wHyqinu}_l{(6!RT^qRK`t;w%ef^en&&G%*y z_j|ijy)_|7_VMKz5$TDwue!HB99c}wgSnJ{Do68o_koJp-Q7JdA>jbtqWtt1aRIo+ z?X`eg#?>;R-o*N5vQ(P{+)B3Zxqg$)bzGIz`?wE^X<^HJt^)#j<+i4-L-ex{gP3Gw zF(H98YJ>i$HPbmd38_WsUnnGk>LySQQ*G-5)NkS1An?IUSF_WLi$Ol_JYI6$XXl=T z#pZ|AaVP5(gBb!W2u$Zz33wUHKl=E_ABc{9g?Qv8)RSi&bOz)>r`9?YG2IZ*h5X=; z8TjdDq_m$^PtTx--os2LzFg=Vy4~ZDhktOm(Ec);#o+XoMPg`PiK%CHRM|&FHw)4> zzO6c6YznnZ6Qq$w^^Jy7`B1l0EoL2!8Twe>98P&sbGiJ~9zoAl!W0;hShD_32Q(wKy>;9ZzZq%%yhSi{sDn_kT0zFRHQE6@spitz&2>_|G5X zL*+}_z$uCAwnr~bk`Nepqd-3AuNJf-G~N<%&zk$A%Kb=7iq&fmU7DnH*LysQn@l`v zgA{-AWT|Dc`MDV+kJF(FweQhGij?=XCF134kZ|T2R*<{hoW$RlFau?IM|f8%^Gioqkz+eaoYJ^ zUE5Yk^_VowqZD5PV@Jb!;wW$Q#461{>GNIyueDl9W1~Tx&BtnCL%${rzqz}hlJ8h8 z68*U5961+?ofnYxp^+J`qv-QbxLsot}Q$CuYB1`h?GF;hP`Hg7l@^fozrG z%#L(=4b5&7M)bVW1HqQIja2-d(|gofU@a1jbs+w!5c-fX;ar4Ldh}UcIY0 z9P2nMD{IZ{Rjz4`mf>!Azp=42>l!So7`AD4oNq2Q$Z~*a7;if3T2gm$vPT|(9G8NU zFqr8ETG{=@AkSZe^k#&cdlDV{^ens-dS@fqyKI(6q~QYYQf`&kSi~tV_k&yvf;V*^ zT2dBI%Z+RV2+JB^o_YnM^E+^}z)riQ>s;GsfJB0GjwN?xye~!s-<7w2pg9yUJFPEX zE)h_?tmyxuwwJ;w-D;~lH104D#%)d^i~_1AHeF*YR3H>EzKm5!pN;@YdCFRg;yMOG~2 zoRa^;qy>J_9Tqy9N|QDfRO~5~6iZ`D3N8=y{~ZtCTzD?6@9#(87R%%~nhx*aX+-x% zQN_f@z0K1nM)w^lt3q~WG-YqyJal%2t`qFe{fMsCKKUK&B)j9v+BT(lFj>NhN}Epm zR1NU()Vi=))i2b(bmHd0fpbM|sI2EV<5I4y=8e;P3r)3hk8Qip<}G_1+FkdPo~IS# z%YpQc*HT{NGpdX^YhndpNHw9#TZE3G;O;x$nzH?VG^q)Rg8lb8oWDHyod_lxWB%d^ z30wj;6Z)bUDrF)^DnQ%L^<_nr>0ytt+F;+0#HOsy{w~AAP7dN(w6Ej7{ORK3 zwC9vt{w%)k14KFJNd7S_SPZI~-Wq~LKfhBn-*YpeC)}5%c(K8lG@K4NV&iNF(Xjn zuP&hVf2exPuq?N)>sx6_>5x!Ry1P51ySux)L+O?fkPvCO+c3zi&(8vEUV`2Ig&7y4|I@3JZ)5J32akMV8?mRGvlMJ7v}X1!c6`$KAR9s@tPcc#guA3L(G`7$0--8yrZ;`8E!AUyole72q@eY zu5}5P6qvV_hR1v}mUqsJ{w6K)(%Xr?SobXoKD!^#{QAE_7aFUzT~3A6uyC6=c5$R~ z`*@JX4 z{1iXxkO5l6I3=5D6pA9YjEDXR-pIypzQ4=Of5&`WIpToVedCSH@JIbKqn-6)gYsNx zefZL6kUZC4%`KC`8wf;AVd24Z#{vU(H(zzbR@^ve1v^kJHm`W922Ms0e7A0on2SED z%@}EY?f)G-kr%$4D`Ko?ZdJ5nFN~DjUfPJnw!#PM#r;s-K%6=8uttM=SG z1yhu6t1b{%0K750Pg+dz7=}{sT!L2jUhhLmv(s?Fs)lP{tGt_NEnH*d;sT-5IWYnA z0lB?VyMb>^Ou3n0onvP7#xk!bGcShl(3)qUyT4n+f2e$iRh|kIzZKfiaIwz}n;c@Q zpC4);@KqLc=Mmq`!C3h`0R-fOnvR4zR<4yR^Dlhk?J>SuBj5PC)@m=V_k2J3n6rc$ zcyc&w6W>g$iu}4rc#sJ18j6YyM1ZfRdTH0JS4uE|>9(L9QX}{1>_m+&dF~*RIny8TuS}F;?;#sN6+PpSMkgrzk(`h@yq+k zt}j25!oBAppT=%42$jz_ohvOv?-_~5GTPz|iw{I~aPZTvCo2N6H^fF8`C5QO9T)UuT*Q%7wHc#PWaS|2Iv z@(QK^Zh)jk=uo5DA)w&ZgRNq~Aw?m#@m%TEp9uqYHbd~kD|$+wOb9fpEh68QqV!>E z$(YSX`mRf#z5yNfnC&gB-*n_;GwE{M!GsFX5(2k9(L`Ujv4%k)k3W&iaZszT>-Eje z=H3UX3?{SDx8W#PqG>FIo(J|&P*5A{gy2&p_G{m1Eq|JlSCo}49|nMg0Pfn8ovZN} zd?gp>PlvA(UhYNS-=EXzO_!t@JnUL7{eT9RSO;&hJ$}I~?t2ggay{MV`HV*kKgE58 zO=VPHJBd&$vGuy5y&?Gsq6bqm=G%k9yFzjS)Ph%aUrA->Kd`ZDI4dE|>)(KW;N6Ig zEMC3icQ`{Vd5_E5srC!yReNva5%@I!*(1Pr75yMPpIoIaM@2ECv$kQm7!~}X18Mlx ze6d3bshA#OMrAp!*Z;9?RJ@|_c_S)KN5VQwp(8&6dQa|}-yQLH>aBQ@W{}N&a(4D* z+X7;R;)U+RvhPgeRgc!o6Xp$EXb(j@PNYl=IHZXjKH=r!Z*2A(y{HUcb5DC3?TBINgW6 z!rlN<%9XEit!;UgvL*a(LgaP#_s6YShCNZD!AV))Jv9=^WbmLIfpY|%#*sZx3@e6qfJzd-zbJX z5m+M+r*}kaEoJ!!=^UPL5`Nb`!dw&0Zhr_N;va=-7^OX1tyxV}P^}K$-uT=j4`d(@c%vjj8 zTD_qhS#C0TFE7`la}1w~sGClHAz;ZS4d75Uv#+$k(cYiJMiEM*;?5K*7m|)lo`CTl zD*h92j?^=HFDn+>AA+rcUq_zqgq^RJkx|&?8r0Zg!Iy`CJF8lv30UC7JE;(D6r;MT z7kkmTNTaN(>)ny4oVzrsobG5q%TCYDj>Gp@ML5@AW{pbF(a6|@O&Z3%iEx^??7CF?uX zJ$82m3hw>+8~Y+QE%fW_-FemhSec9 z29Mw5v8OF>*=&|Dt~UD<(64UBMt<8`=954h-_adgabGWto7HpRs<}Kp-qD$OGouf0 z4y=PYu)gY=&9kicvrGyUsE;>PF^3=vVg&{M!pPTdgn#T+_z9XexFSXfY<~X8UO&K; zgjwHCVF5{rt?zAaKK1Q_wub8&(3ybz7fc)W_5xp*y!H(ieCL`~dy(*8wn>4U)0kd& zL^8YA`w!c!Hur8f>YkfH6_Fd_-SC|km{dt;j2YOF;m#`Ms9deV=DVM)f(@gGbKcr% zdEOJLY*<}Q@jli9W~Ch5f16
  • @i>@$>&AtYBo#XaKsL$IVZ?1_r!6PkU3C=U}d> zsf-PaXs!;;lTq;521#qISzaWdl3E@5jBOzeWV6WR8^*O45!SmLSftvgzgYs!<&xLsEK(GggK z4)(R#+1@5kRUe~%D-6^YAL6iKZzhjVp4hj>R@=Z&E8 zLDH{R?~sVA{LK5UgwOb>G=~m}%~X-c0Ta~jJi?(AcD99R-ZdytRQk)fas9%CVAfQ& zS5X8NZoU*d`jcmeBv*qoojI>q-4)qa*TN{dTUd&b zbkn3ZqnhY>p|WY+5x9tzpa#o+4b{Q2s)y8Tnj1oq(gr{i;eXw|>Xv}9 z^^8!;mwQ>-e2Mq3XhRqc4}6p@QplR~y zGGx*HP0eg=WWg3J!}fDR6T9anH4HNTXG|*9)xuJhjry)`T9IJnk@YtJhih;YcHNN+ zxdUEJm#1vT@Hfs##_c?O9!iLMXL)G(Rsru+4o3|{cLS*x1_^KDZmtqom1>uLgbG!PpCLlMj^Sd5bI!uSeh+t- zq5AU|5B94l_h$oiXIa7dhWyae@Yh0==(hwIW)B&$iCOg}T9fgiVCJi|U^({0<-siC zqr_ZQ!o!^swwdN}ki^Ya8xetc?{#g;4O}PO%G(s~wBXb+$pT0V{OXs=6fs=fFQU?K z+ZPDOn_kpW&qwuR?*v%Wn^x0_AEj8iD${-3H&jpBpq}e>*3e2m9T$eOW^K` zKZZJr2&eI?5g5iAlt_hF4Yj>0$LY4EHMmldgU8NOq3-t) zFy49K(Ch&N%?*w~vDq;S^82}JOOE85>Yb;3Q?|V6g*tagP`Y6byyuGsVV2hf&y)6p z0pohcn~5_Huj{hj-!eZ{OQVLO17kXUkyxxuERqa*Zjtp0Iw9lul>(nq)YinC_^?{7ca5D_^jATN&P(ylw z>;pkB=DjcQidluQrIzOvDPa-d6WDE@VKV#-pqQ(%41NL`e`%{I&(?92iuC#&o(2RJ(W^VrWUJ8)Ce-}_CG#I6qk0pSr& zeSHh^!u`PjIJE6nhex+vjA#hs_!%_7qw5YmhJdy5`0(RN20qMo^!qzBG}iTI*X6GJ z5#Ejx?Z!?=kW?0wVaq0kfP$UTOwWmD+j1HNS8;^-+K*ECXUH_J5CJko&hkQ~sVr*D zl4L{PvFy|S5ZiLwjy#DY#I3XLn>UTZ8Y=!Ar8&kddi=gdi;cmc<3~KxS|`u%4!VO3 zw=ZZQZy)C_#*V9}<%%_&-8@|rbst_kn|zml`OI+vsKBJNVJ?nV^Gh46vrXXHy6|HT%J2WwHsMUn_1M2 zDu|fv{H~vXflw3%8Ru>8r%%Bh)6=Rxuz#8b2zxzJ)jrBWq&1Y$~hGW{RPMItaG_NfwKqjluyxq2Nk9_H2ECB)sF-lzzI zt^S|uF1Yim(X!&&`QBW5r?$i!pSV0)U>zA5ua`JAIv%fj7v`moRz$_svb^JEfNdFQf!o z%?-@RIb9AyIy<#PqIFS#PCXqd+LU`VS6UO~4ho#k?oV}vO8psVy@jW1T@Zrm!~Xo} zJ2QW*ca)d$V_4DoHFho5K+81*n=Rn-5y^;6AK2svA>f876E$ma(0 zE5wI@0K1J7{UWtfOv0p5{ZIW5VF`t!zHKjJH`9HX5>WTlD%eRyvud*vFm}(ukTv^Q{OLpTn$w%P2!xl*7qtg%t3O!vKdGJ-*~t zqB%i~jy!3+a)HVT1CnqtC;?p3{@c_U5+##i(cBw4t=UsTBYPM(#ex>)OjoZHGz~bb z*0a{qQ*Xo~-AlQnG@lm5&Siaj>gk7|d*4}3oMuVHF+9}PCfLiLb%w6vuvlP-M&r>0 zWF|8{tB>^cWl^KZ{*93Lv_ zxsQ|B=x1gB4?-CWE=2(#ltokTzxPsKHCu%<)*24H^4kymh;!tVs`;EYLmv1tqDJY6 zrcqi`UJvo7sQUm4_0ZJSDhkJQV~ObIC3<`<5ra38xwn?Cy>|kUr*$4~3|9Cz0+M2; z@lc?-CynSNsluOd0ZeA7e8mK<#CR>*c*W)IHQb>7SMB&twqLKg1y|#L+=l-3Nk0Dp zE%6^yc_5c@fvsdUL{xUew@^8U`beSMV^`%$UM#{!6FOlaA&^ruF8P}W%BZ78^0?RG zeuCdEA6T!la!*$oy*?xHR5Ub5phpt?t&yuAn;s3qaFBJ3m!tI!Qy|_R*V%gzRf1-e zX%)}aL5-i}388L&_P&zjv=@#gvni)*&7}ZA$B4D>3octRp z{6ceKUsI_w@R8pG*%F{hKmgMmAri;RQm(Oy$r=#K*`KauoTUao0;$g6w<`eYscY-$ zfi>=rkIm4JC?DU#s*%DCj`ZzAp;_I*2N>NCHtTHKv8DjUI+)N}ddcb>Y*LjDkrp9> zvUn9W5BK5TpgSot3_+k{rQUk;t6m0#L0|AZE+Uo2G-kt_n3 z?}^K`>LM$WtY0wG7`T32V8%_IYFj$xe=pjQUxINX)Pv(S}Uj=fug^o z>coy(rwQ(y?+)=3402ocsN8S&J&Fh-Ho}sUk~6NPVot|PM8Ja*1hZM{h$yUmMyEBX zKS&3V${Kj2QiviQL6IA(OxI8%XLMTop)J055 zokkuuqo85tQgX-vbHWxWUj{5sEfW^*W3%0)M7xQ)>5X80vjR$Ne@f;`M3r!XR3JH1 zN4^L%zq+gYmxQLYaC1~-T(`SE z837z(_|(+YlR+lJol^-Er`>T(022MGJ7hKc+;q6UzL-f%3OU~f?jb+{6d|*ksu_Ni5?6iuOCw`PNqS zjEj8ITx)FOI--aK=G`@@JT8m;)zC8AuOwwrZvOgv-XT^@$o4Ty>%`65QOucFWLXyl;H9QFHF!O4CPq*HGTBxlzRUh|4e$Tvw!ZVs0TT;vFnyE z`QY$(Px{uURPs;qf8|uw_=F zjE6$Ah8p;2*R#|s%e;GJ@Oi%kWPjp&=d!EtXXg|iL{z~+|Bfc$de)MMTzq6p$#n;t z1dgG{kzKAQw+=#er!Xb!(Fh;<1dtZJF1M9s70jXp0G7er`t~u!bfYbfG!t&7bc2GJ zuJ&+F8GZun()v>eeO6(DpWk2PwS8ruNmqY4ty*vIt-PmZ9FLAt7s0>+_Zw;Wykmu& zPXQ~(xPJSApi%^=e@73_{^yoql}7vzI5t->s44WRk;r=a`ie!Gt9Skcl5nSw=vbTal|ai#=vDOza+~IPji58^$F#f~U78fhR;uMEMFIjZFP1o8n)bx?ls@j^ z;||eNEfU0?agD+L=-W~yD=niHSMlZJL7E$pdad?u`?+IoSmM6<93eHlITUTK(WdQD z=N*hr0=8?D_WO}|+sYE{qjSMo5yQmw#hs=A`ZWog$y$P5mnORBXGy^<_gU``S|2<^PF%a>5 z3h0Dcw#zN~nzgimo$*N`fwCR!@L&MIFr3Qq2^NL0w{&XdpST~)Ry4SV)(T(b053>- zpCy&|8TAm=+`8Vo%xKd?zdr8P?{d-hJ6_yZW7;+oH@l9}rq;i2J#T;y9mrdmd^tAb zD#kQ`G0Al){2f8M0JZi(Zun}{*`x{eJC?4G|hRoh?H63Fq zHLB`atXQfg8JU^y#4NQk96*EP5OyB!90I1tPV7y*?mdYjYf~ke-Z|Vl~(B2c^JzzI> zwx*IgAq5B1eL)sU><3v*nHQ<>lLGy3N(LY{%md{m67Q-URn(TdIt|j0|7J)1yRTpf z`>wRTblUs<>f!dH17NgHe=Evn0wuWFd<{*BPIFjU8GV(-B>ZvHd6ZkxzmR?^T-VEY zj0PkTpX)TIlGQ#(X!G_8gQ5x>w0jMQH*JE_xga;ky1 zKbGoy^|o}z1kuC`HTqC5GHEZQbm@Io)lTNC9U&D()lZ=%F<= z*1&rh{kbcN0i(?YB=>3gcYKP~Ht@MeF}`*QQ#d@1^?x4Iu1!`waYhe_6KT~8-G|?@ zT>46-5$`nAnTIX9zKo2RUb021xdg?&Y*R|?KS*8_J z<0s(=fBSHZ!f=*`5~G!u=f->GP#0Jy5|sE!iM2aOZx^>q@=Kk z8J*T4jzNM|w@TOSA+F)z8ORXBC6m>RF}&{mW%~0f^t0u6?qc%(e=EAM|L&;3hnn&L zy3TO$@V~(PxZI!%{_n(S>6r^@0}AE#9LcZr)^p6%>J?A`<&F_8o(y}-as0eOND+y6 zwbB_QD3w)WsAkxQK`Pz=iZeUQn@@DuPy_8pChVNBG(jb=;|`aXLq|N6&?maJg%?(i zLbzonY;aDxrjtgguRhpS|KamGJg4DpMtm&}9O&RYk!@CXS z{QPeQf9^F9UnN0HAE>}e&2tj*WV}W(DoC35qE{I=y1Od#_K{WM!VM>c{2}t9_G*ym zRGjTFPdua67i%smtIbi@tHPADi3-n+PufyjK|py7$>w%I-Wx7<>0L;c42<+rHyhRF zcc*t(9tD$pFw387d~k61{WpXlH;heI*f6)4oHHDE!$)dbA}>*VYnDv$)M_~f245`_ zyBdgMFS0@YEQMX4j5eonBR-hlge%HQF4ffOw4J4XNF>_~zTKP<(b)QyW2__MlM3QF zb$5dU4c-SKCzTuWHtc%kXwH+ac2P8DQ?NzophxQ?v7EE~o_QKO$7ziUIK4BlUz<0} z(Qdo(A=^z`hFTr`yb-{qIfDbDX!0@6%Hk7vDUEJjy9jci9p*m2sM86d_OkmT4elpt zujO6o6IEgFTS%d%H^e?1j&(tvw(^`o=Gg7~?H_8aiiW4ug{SluQH)IA-r2IR+bVIS zMu?#t2yu+{D(3Fn7PsAOfy}v>^DT3;s=cQBkFTuEiR_@9?}h?vZU)qBYLs==zc}x; zGGzR%ilkXV0rNjU z^!V(P|92)Nk2DIsai{d%9?9tOdkGnnkPv7*keCVZfoDwa@@5Z5i;WCUJ9168dxc31 zhA{s`6?WUTHGjZCuA_4*<6&T1c^nswxO#Z8M)fB-I@^^wxyP|F&|05PZx1f4b1@?3?(+I^m%6&_ycK=~r}4dSmv=5u}J|! za}L(dyX(v_+L~GXZ-B0F;{B)rb=8Q<60fw$x^tqz*FwF#dE&Se_s_r94+H*hqfiVG z$)HQfE6UT4GnGQF11R=_UM*0-NVs`od-2Bo+6QgYz`i&#LokgbryBXoo}|JOfv=&9 zXq{kgzx;BU9vP_>QVlNS9A+@cky0u7`S?O~ zC;iIKS#9C&!!Zm*f1!$8V>;ChMqYu>)im$lVSloBjZiQ9#0d1v7my1i6_=MBnAYVT zNH>4Lj9KAIDoC@)DAW-n!1kn5m+V*=UFa;;wCSNsH}v$yCi(0MJEO}u_Wz!`VZ`q9 zpf#363^chusT6DUIi9Nmnz+-^0`3U+Ibx0N^6)=7!wkPAX+S$bw;Xm}l6+Kipg8e# z;Uq!p=YV2^|0MRQY8dyfvgEL!EiUG~Q_z;fy?N1sy@pi5rS0dB78gdcPQ88E>3kQZ zmJHQ*=R0`xIP1$9pK>Iph)*}n!EK7hmWpQkm)BNTcnb9yza{rg9k)4S+R7!dor6x6}2>k4a>)liB)%J$ol493b`x zyyCU?atgjL;Zg!oouCT0MY*t%Doo12dt2 zGj84Dh0AyfRL=ETF9x2LzT}-XxNlc*DEEk?=e=DmW5EJp`@jqFTFY4aRuZ!t5I2s__zJZayrEIa(7aqC;m;IZZ4Re2$HZ$}Ru9Bn0#^!1)o zl5)c|k?JamJLgxz{#kb4&vxng`l`P9>n%9%#M60Go(R{XvZOs(;yj~^21gT~-oZayZCaw^%h#U`e$5(dLcp?;M;p{)n4QoLQFZ}{em<-9^wA^$4 zx8*XZSg^CRhYVii{+I^7B*LfrbCiFc(%`KG<&2J75mr^-8oHtkZvC|4Z zbAM>I4`OwCBH0rsQbIfbX*j#La5{51x`s1RNneVuDUFMFIl}Uz2nuJGE%t=NuI_9r z>im&eF0633o*J8M9gjRJrUdEVgv77?c0Ix2+fjXrw}c&r&YOL4 zee8xVZ7rDWAC0p@xtnz<-y}-KCAz#!*c5;M{Sz2L))+YXI>^B-M6z7L#S^M+cI^&W zZ)M?P@)F(?CNrdNF5w+LnQ#rTc$yZ;_<6%I5;M>4C43GzITn^<^@49Z4*Z*|Y(H!K zw`uzPN2O_0R8+oNIdMg0<>^X0q1v%6oUyzXP1 zHfL5dYoU+88NwNFE6OtIz(k@_??@5ISDpKie0_tK-7j#*afC0JTIGf07?7uG>OObk zLGEMYR+F{BuvYpZMCP?+G{A?XU(lqW#)EXafoHaF(*5YstK}B7yfe+ruk)zgSN0?4zP?viVVP{zZ>w9S&aG|DlR7dn9*0;k;m`#s*82mI15E)*Z<+LcsIXb8_a%=S7gPweZg- z?oLLIdXzWV((QjfQ~e?CRx|(Nf~@}Ba83RUu>AoXb|IK_C8cTwnSxsjZtimxsb0mC z@?n(=OayroXG6YvEOY#KQSa)|O=SfxMYGfWJm8?0g5SkK{=Go|^DZ8Qefk6ml8J&q znAZACx#8JDKu&hH-u7^s*>nlPzprF}5e|!!$s|SuK7qkW&1us;aj0TtXcG3UBD$0B zHb`Lj7VuqFr!BnnPsepM>l&i5X6ZN{I&ZXKE!mC;=TE0@PlT$McNVFk8G*4cdDog1 zu?Yk(+9l~5qunaxES%kuIKFOc-~PJN_jrI%KDgG9dEIbpMlCvSd*<_!M^tS6jOth~ z;_DWNB;~!S%4gSWG{n)Ct3grWC}e)s<0H5fw8#xgNK~fE(k*eJRBi^3b}6@k*(c@3 zZ9VQ{*xkzADHc8YTp!RmxlKMV-hHJzIE>pY5cyk~NH661A>+~`PkgoNYW?7#ocetD zg|)X|f@P@9g}ol7d}{*R)+d%;1vBh0QUyXlJ=?rpq;PB!6Zt*83r_2pvZ-twwo(7z z#@2YY;5hP*n;Rd<6uCglna{n%{tuqVVU_vB37Eq>{u8|-5v-xT)WN3t)o^ZQ*zEc< zYyRS^Njw+P6)uLEDjFEb6dYuiJiiBHOA`ZrGB%F8rY-L*?4wRLTepHC*2`}rw^x5A8>@@lNMXxL#Vm0NX~521 zaq^78EoB*$c`pjPsf-UY?TLfZ#E=ZDbv0ZCsgMUhv@Hh@ujaI??8@+DXml-7)Xstx zrm)t+N3o-U^FwCX8$6f2@UmpflXPDecT&T_?_hXmq+v!#zCV_Pa)7JI2(BbK0kHTy zIp6L>%GZpW4=$rtNgN|%Ox^p397>lcWar?5J&-miayY~9%+HJ%3AZBZ$RMo-_fc92NXyh;95>^x5Ce${n`Vm+2wb>e7;fvT0eJ8@5u8PCM9NP zSH^9uW@S~x-6g>Wise7}-KAOP|CC+f82-8*1y>`2^Y)fqPPM&63|W%9S~0T>PWqbe zxEuH#wOI-wCe$J0;(=06B`W=?=F0~a2M359lkcWp9gL6D)^fQr3wbUq^C0cTe(Pke zbpB`Xb9B~$miuptEtN_XI2B%R4z&x4WH;3)zR;o**5LR!E!?H1Yi=x=;oi}o(MR1? zvsWlsslh>4vY9oyj;OgWr-FFLWl2@CPHOXJ%edKiWE&NJfOh2nr6{_XjcrSAQtX@0 zY~Z@Nnvw7^4uL}X6lh6Ez(fL+s{kb5nJ*EA-^=(+d;y#<)Y< z*d-nL75V89K|Ip%j;(hh^2EwpCk8BUtrw{m0SNsrDae4+wjmb5Fu(OO&v;%w^wVMT z;((?u$F=Z}GsX`l2PP6ZOBTg%_hHC2snbvwPClZbxN8U~kl0TrRxC75tKO5pQ8!gS zi^n`fT-Wo2tRN;OuEY_;`7b#e$8ahxKK^~cJ|raMX&+g}+js9?g3N|C00jL^tKF~y z(oWB)&i~DnEf-WIaUP@YH2;Foah`y@vLF$d#oO>AR=1D^CFN51t|3LdJL!TQWH=gw zz||HzWMyYt&un*3gB3Kwx6PtH<(LV@roNuTf5#$It2n&ldL~Bj4ZhjGJLx?@?xQGW zp^{AwW1|#h=^0bREVKFYeuF8bmUrD`uY`{Hq$-BfF&;TznWvU+LOzIM(V%i;Kglt8 zQ}8P@yp?z$(!++jVsjU5`>5nTT;G0Kh}Y8K1Muf>qJBi=^5+^0J#*RxktzQz-drQF zk#>B3g}$<}@t$#E!t4x04f2bM!m!#dAy#Wdp04+--`|{{aXGC2(`_vG$}uo+doNrv zAGVQ2sa5ZTP)l17bGt4&NO1V+-M}WIp)7Kz*^@?!xryA~mlsVJV;WXmN$`^&%sF&g zAtuMXXV~eWw1Z3hOvI;t`IR?kw?;5nq9y+`WJ_dgtY~B&S$s46E_U2<=a)NTYLQF( z0%TOz7u?@18`xSauNm7PQT|lF9C){+pq_)PkbDu_Ph~1)!aB?VCUrU9rRc|3Y80`$ z-kZ#%gO89SAQjbqZ|9>?-$dfp%y*nmJPCNzHj3&;i(wz&W*UaqT39NJj{k`W9vIjo zAhaUN_@BtzFYrY^!}@us+2#-T-iW#^!LtjtPMOABc`G(@JZ2Sk1b}CWhuj>cQW}?Wh@Oyz9<7Vk0G*d@h`fIs9y}f z3moX)1v>LH>;ayA$CH9t_~9+p8b`K9o*7pStOCX09Y-Pcj%`sKs&|CM=w`~p7PiU@ z>SHS4V{tg0*3MI3fzQVcJ|CI-Hy2FJx9%>3UYjOUHObUhm*tDZKi@ ztk?fXm!rtruO%z+2MBG*6>}rF+1OHKN1o0{_~Z)D(-SuTZ}D?vP9b# z$>UzZApF#io$Z~=k<5=vW%5Bsw;r}*_RAr>X8T0~(#OwpbF+tvB=#MAh{ zd!7p+axQPHJS=~3D}#&I;dlR3kSwh-ORHSxtC4Ob_5WMx1a?kN!d+pQv9Yo5Mi{7D zw>dz(@!vbcw|4CMWM>Xma*vg~i6k)H$Z|frNX$#h;rJ|7R$0{k(k_y+u8I9`YP|{s zHw*5e$an7$HdqJ-lHoO8*M>g*K9@l2mD_$S3{BDN-)=@u2VsTIdzzarS%z>&owEW{ zr=Sl|75I?u>CH8>oa*NxWj1sQd8_MS-yGM>e_e$pFNCjG36zz&f}J-a9@ zLOsq<4@c`NRcI1QTGSJ{$}}QLO}E~4>o!bXjrfR?o22Q118kYBF`G+^i?p;M#(%Zg zbN}MPW_s;z>8@$K8UFMvz89VjKwpcW?#Q(E;qV4MzSP-SG?M=t-pTRqok z@QID|*0Bdp>5p!mv~=iu)U=L2h*|5J$=Wb7OmXB#30AY|GtN4^6 z&>bMwD`{;;!h2JN6KK#_x)K-DlY2603Xk-S8lN6Rf z=n5gu%bh{>@5Mu=@3juz=J%SbXPeIkJk5oiGP$l*+>a(MK1qL&WiUSR%K~zcUxsqY zjI#p*m&3gHY6D3k@in($b<=bnqxuZ=IV}x_V>0Nu2M|&Q9T`iz!VzCuXnQh<{@@ zaVl~9ab!{%+TO^B;32nEnZQ=P7`Zip!kH0}i#5gRzw4cVE?A2aW$}}`$*jnJ+aC^r zPy*G=o1a~#z@)8=AFrwBvR^2Kznfw7k1 zG=oom=!OB&_eMH(xsD*=%FL!@z@T&J1N{r*2Ik5<581zb$QK z#-HrqQP7{FA6+N2QRweSBJ-Oz4daPsaicEGcyQ~I(b&nSr0M4-r9SN{}}t z72rFOvQ`^ku#DWE@t&AR(kEp$J@uCI6_bU;evt|9%UQ8?h8@3OV&n{YEe2DSfEICb z8h=>fPkr?_vliYo(s-8;ahsT6eU=SOIPrJ1jr!T6V_LZ2oAsEuX(H-zlb1b@IYs#~QnXSNj>Lg+0v%WvQb}Ot6Au zm;-a1l|&%E+>8+yUHj0YU-IM! z6|f>j!jD$fG^db|k8JGDPO;dweG*2E)bVfGt9ruNx>tik*UMV=C%=gn#&UtKZ$;M5Z)!$Bnrb%qkZ5UAfnaOR92#D?#kn#_$PV z1Kv|_sR8TW&dZ{_egEBk`?g*m8Rz>KQ`)UTm1l+@*7&6~zyIwxq|B1`JNOEx)4t=S zqiC?ck8$aIG2jpuRvx!$sPE5US1p=H$s4Ul_>AFb%gssJ*rp|*k`}x#Jv-pua4~O# z$WMU@b=kGrb>px8!IyF^BWRG$e{nxw4jrhS?3C(ugHhu}?CrBoy2HmdW|p_lJ-$BH zYGNvUFeH5Lld=wdSgyiVkY;m$<2QGDwC1h6!Y1#t9O7cvV#hPWAWDlHs`i1Phf!!e z$AOrjXGBUk_p4S3FEam7yjg^I3&U+GgO&n(Gi~;lTAw}z_Y{WiqEA=ygFbSeQF9^f zY6*x{Z$56iQ+B%vRDI*5>&r9zxb^ZqZDA-w7DSn`w1K}hpO%bpUF{o-n#1UmW>@*j z0j2UoDFP89(rSbzOM`BKn`)qpON`n9(cFVEM2S@qifWXHg@o1z(dBPsUKZb4?k&~c z%bzbpeTHRjFIzjh_OfFURLwS=`E_xIcqhO0GH{y-ToS0Gfe)`wF^ERHANC%!93`J; zYx$dE5^Fdu1POu?_T6V7miz$c)i;@{{bxa7A_C07vo95uY(s3T{P@gZ^H9x}XQ|#% zEWLlAt4m}7+gLjx|5v>F2di*!AyR&B-%*5E%;Q&%O!Iqqa1}L_5eigq<{|bj5FoQ1 z(`k$J}>lb8j1)zpk(R5_z*lP7JxR~*xhJ2Lh{LMO-j+Xo}5ZA6pf#>H|X7)mA%+TYz4e&RA>_Oszcuh;N9H~wa8N#cR|AX!1{35Hc ze9zW4;*_Rkoqp)JHEPDO@w-fwkCk=@=|~%x2H(Wm1KM~`9`$%wldm9!v!*D? z-)WfvZj^^31KQ2E4j%SVrsLNBP);%3T5dp}qy181bHN1hmzel~jSsv`-}&c60e3L_ z(`*$_dQVfD-Aqwtgd9D%D2duq4U^k4$+xWMX+&!9&?BCIDg!0x7_c15G#8cfS^uMe z+r57(qVCV*AE;?ZWC^d*^qdsf;NnOl=;Y4DQ%Iw&V2Lx{aDHLa%n#k#`@nvsqt%6HbE%=yo(u` zb;_w{^aeo#>p2`6w)j=^+^R26T}y?hFRA|c51KlY(;bCjn^OF{(TcFlftaqIXX+t{ zLpJ)X!8^bMyhABvz=yz*Gv{J;D|Y&E(EI>nAu3WgQIC0|fTAZf*(`z~808_Efp_vI2mG@gH;aB8b7NtW z%_?qL@?QNuLV2Y2HQtfq;qDR-m)f4QenM%2%<3|Dl0U@~gO{>381}{!Kh@gK`Uv*K>)T zHx+2|(9v7-h5WkGzl-Q(H6q{(c{7JmP;sUT{Fs8o;)J^gAJgVGo7EJW37YOcUQvD7 z@Jn=hZ@mcN^vdsQ!a$T(XXHv0={+&Shl~Zc278(z3|howp|SK z$cYA9L?BO9)6Y3vvs!>Z%iqt!p_cs$mtnw8NI?r!(dG#mvf(>RcR8UU)x$mBv zW6A^HN-+laGxqa|t7>Lv2{%!s=r!5y$t}GE-3=O3F1REEw=|i_P>S--w;`y7FTmu|Bp1jWH$1`L!l@#$HIp6c0ih<&xa2~sA) z(Do+rZGw1ZJbWE@X&>SxZe=NrHI1v9>g>F@` z9=mrRyMPeK$j=o@XcD1pWEpKNCM8K4-=mtW96F=z$&xqI$wf>VnHi-FRPypv(WpFy~@DigDbQQn8!h5Tb{ew^g3?v($TOTe9XB(px%?Kq)+%c%L)`{(=5VDgEYj%|TM0a(qeKnT{W_hBkmJ))v?6_fkle6K z$W!Vq{C`xvV|d(s)GgfDY-}`5lQe8>+qN6qMw7;D?8bH)n~iPTnHUqj|K8_0*K^*l z^J%V`-`3h|uT{%Sr>b2z!*AkZ-;i*^R(oO1E_9gt4c%YZ-6jfnU+LL7reuobFiQF} z&iYDRu6gPQF;X+$Run!Q9m9n3d~7#Kz>TG-4*6(DavNc$FmSQAO;o1O#e`>25- zziJxkb5>dn(e^Lmg*0A&`D2&$V=Jo@E8J6A)nEw1a#g;X8Qa9m(K?)2tduw)EVeMe zyRs+M^nky&!P!tMRcLblm@$U_iXqE-zPg|&QQL87E3y{O>lWRop=mU zcuh@>@TLvL)?4*g!zn7mwXWnYlwS+qUj6@1Z-G~z{NK)^Fr1L&*hpXTr^zD`XB%)R zB>!(K^*3y`C}C8>ikF2uM2KGCD>fqblA^M-MB~=GTX6n6wOv@M0PG-a_BcJvRgSGt zwEK@O4ZZB|5LQ%n@cuxvz}-#vceUVqil?HNFE>+#49`tS9s3E;n|vW_>p1QEkaTh-zP6{P)8On@aG%ZtR^$dz# zqLM)d>d4rnOc$Acw1nP3AFoyO{NSu~#00~4Wz?!)>dN*F)}Pn^Tn9C&>SM;9>ibAa zjOZg`o#!}1D9>rAThnQ-*p3NgCR5jFd^99mx96kyBkz(WJc4>`_nTuSX?CpEvuyJ6 z;E}%jCRY=?3lWJQHDI;$j)MO>&9C*Nl-PbA<^f%et{IDhT#o%>7~8FOzp1 ztM9y6u4QGX3^bUhH$H*aM)`64dBE6r$EzRpA>?Mm;nr>i?{(3lsfgC%kVm|Aay1Z6 z;$v;Z0rC0|O0O(o`K+lkYtbzQaZLWFtHuKaZ*<%rQCZh62#yX9fC~bwDyoL!REK%$ zUtCfHSKp`45o1o0(57`>BHg=ei>HzCe-poPBp$AuNxm8%)33m-?7A+5j z+sdQk}W4 z@z<3+X{B&C$kEi0wb!8WC=NcV*7#Sa8Q$6}#eaxKr)F&MJknIx6^$qiTcAPq#Ks><=p9W%YBE}Acl6p>;FQ=o%Yfcj z{^PA52L_w>xVX)Wm*^DpO4|lr<5|HA1^vJ9+-2h>z_6XE^-|<<$!^AyO2=D-EQxD2 zL$X4?66ZOmnJVtUm;-u~1*#KUxZ=1v$<};lF>(16mO-18Rl!obTbLc{P)dFUbE`gC z0XTIieV4b}EVA+1G*D{hO{pKnvl6#FmDF8T{B-b*s~^%Jzrn|>A$y@BjX2dVP%oG< zq-Rx&I|Rw%$6$~;A@9Y&o#@!nPV^BH8`GJ|vA4pF#Q2^Cbkns+qEGh3^0LdTDtOic_vk&##F}hwIoF^6sVu`K{<6 z|H<7=)|H8u5U8seZK5T0XQ8d*gG+1JPZyG2&34}u zcDfOd{SrCS56_kgz-0=2o-2b-o<^QvFQUKLx8=R@l{D~2l=Ce-jbu^}!lTs^HDX@p zsfQVnugw(lS_WOwDLb)-uR|v2b9C?~8|l$%LkdQ+{I$Qz*!s{f?J!sT@M44A_s*o% zR*aW)a^ZU&Kkin#zF1(d7jQW@x+HFH92$oLh|-cSv7$APp&fj^FWS0+_o6kFA949Qf)Efl%{&x3eGR1t(_|8B z5t20%2Q@d&CExHRe@NTkx^83llX~p^VCs6n13cnwDkA6_fr6~h-s_is(XQ+#za>&7 zwjv6vOpWPSBN_5}#L~)!D%c-Iw~NOwim9&Tuhmp080~C=w8ap-GapQ()dqBkBC~Y) z2y;asw-)V@&4$h~h5V#QWrnh^M@iBHrz+nh!!n|oUw;%dx_)&#kN%l+J94SN0WX2& zw$Drbr>$vZa)5YhIkcq4#l^ou99_M1reL>M5&5*xwsT(u85}bpktBQDDsH+EQ`Z^?7V+JX`Bv9gC_KgVtqKx|%68I|dV!9^az0eR>&j2jn zHGN~*_%$Y*1DggpgJ|Y&O?bzeMST^{hIW_vH^up{g)~yDZ(N5ep?`AAnQ2QbShs2S zm9n!r@aI8qVf>`QODfdyHB7=~n;jTTpCFMMGy8`pg95N$nccKDtnse$&39MYifc}t z0qtp!=BJ7bTH@+YQs=)!m4-AdzsdRx)pp)iu5Sr&tF|xVtatg70)tc^AkK@tam3{n z&7T3^{2xsi*cC0DnaNJC1u69ee+`M*UR7cni4f@qA&ZC`v1Am9?=-Sc4Jpq|EZcp^ znv`r_@=5jvHb1rcfm&jDWOKM>7|!-Q)-ckDAP;ICbU1kVs|sn#knP4 z7tmxzf=wcxZVF<*oeE$*J=8*KwRN^W=~QhwjhM|c2-3ozqHcxVkMvD{s`zyQS+Kab zlCI4kIlxXDeF2fO_)PhMX6aYOZ1N);M!EZAkNq`Mln^g!0dM=*uk3c1a6DL0WAd82 zX4)?07yqa97r}DGGQ8mh8GNkOe^^{7TpZ_kW^UAeyogmWg>i)Y1}g7-2eXuRkz`Kb zBQbYM)rI;H=PE%`Y8r50&4BTj?nLd8d}rOrqQan2m(XOXUuuTL6e+JO0qV@!JKvr3 zRq2zeq;3klz@`H-AxuAr@A{JBFh^>sPQ<)`kU3&RK+-P0tvtPMK;W!fu{YBTOtC4% zWFxf2NoOW&4x zkNHUdWz(cm)>Ij;59M2&q5w%TrU?c)Bp(HOh6f^o{k-5zn+ba5EJ8f@R=DhIWbgEX zWLqGb5{Et3y&a$S%(f1-ru?Dl*(_cZ-L z8F4FdKfX!CqHNi!S)&*@&nRpuceC;Cd!7-^PcmCBS02cj0X!OC! zF*nsfMv!RUaAiJ3?U*+3@&!-QzR*w3E*}59SMN%rq@zOu&RE&f*{nm#)XMX`?oMFs zfsNirp$9O~opwegDMX|k+QIzKMul#K-@5m5*DazBPhB4emRg|$>0rjB_!3Wb!+D|% z|2RO@6nQvHW{5}&Bhr?F(DaJQ|MAUO!|I0tZMVB!$#EcDN|WK8#PKB|>4$aRpr7{* zIe(b|`Z>-uFQGf5EzJ)dwxI%lZxdh4@7xmt(EH#R2NyfKj{DkW&R;~4A7u0zMrHfK zTr?%jE2JA{Vm)g~plC}tj&;t63P^o}E;9(NE+9@Wh93rbK_R+a=i{%uBpu404DVm( zrywj2?=GR+H8S32HZ4AVwr1chiJ_(--ng_bG-#zYGBFeSSr)A1JKsqE(z-XX!uaFF z5^pnke7Y+3)*5itP4oTYaPn8bv}0z7@O)3U>EPCrM#@~mMI3Zo9)D}@hZ}XVv(kxw zq|kE@I_t%$|8YJ{ld1iA9pzSphtkyqo6#QQZ}VG!AJR&d2HhSirqReh(G#9oM_Mkb z_wDM8KS4PzDZlcFUkhMY+^#10B7)(|QbzvX=v%zCt19DA?S$!?Ru>ZqwyS!z>sa1P zuw{c{e-j+T>%20a9e-h<%cEm)8$pu}v+##u=rOxdF30AfHlTxb%m|#M{PMv2BjfZP zJ&x$7R06e>tFPy+L26hbR7TjLRqM%o08E2P#@uv6kg9brMr$t$#sLwvw&a1OO6;Ey zqnVOMFXG*@ZhO(-xjdO38v?oDOoQml@Hq%Z#9SDnCT2c-0KTDWaxOmS=Y z%`2;mi=U3MsS1^kJ{_wg7e%9Q#;x2~C4Nh-Ow8Kwjl0P;-_~Qk@NfPrtb)C&X|ewGtG_sC0Q#{!XZET|_$9PrisD3A_lf=`SzM(0`TR zWABe~`Pf-+`*@IH&t%*W5AY&BCVZCbt5|k8FTyJuK%WSw&w@ha1TYwlE=UB5YVhY?X(->by(#JBz$q=_+ zHv^GX21+)j2{Bq4P40XwNPJxcY3`CnC3K#~H@XW!^xUM|1Vpzn{Jhzt}5 zQ#y*Yrydre!0X3DV@St&LWf6w5ZG)?pZF9}TFrYUZlRN@y+nF`k{H^ysVNGY9cIcg zVH-q6kidjwvI!1EzJp=@4)59$D%|>4UjBafSb!wHI8C|qkfB@dV@May?6Yrucg0oep1fu8ttd>v9vVKIu3%%I}x4pw-UDx>cj#8Fdb#a>LI>j zY$c(=Ns8vi>-UQg$S8mI&S4nV#Oy)=>mi_TS(xt1W}8jkKfB z2GWXB)AGv^toG+3l=O%-_NLYtZ%P=08Zvs>fM8}DJ}>jY?QEL6T&#LtZ)PvWuXdCo|k zmL~UdcJT)r$xwD;j8`EXkJPfS2%BQjr$rBw+Iq_-`JXe@Mb7m2rhQAJ@a+COgF+wm zyz98kZxV+l5E#Cj^rSLbgiui~ZxddobG`*P8u4Mo7YmmqFRCm|yc28UR%A-0<%uI3 z$2X3AO<*JM-?eBG{VgM7@K|mf*G`E<)l~l5iyyVr`BC3KnsH^7m$@EvA^Cbo$>md- z#G$T)FP09g_3lt%`fOzLE?f{iNZEJ9A|=%bEA{edKaAdBvw%DSI9afKuGKK|l$1OA<$Q+DsidvxCzEWsIHc<#AF~r#{a7 z+^G^}W%uR4nY5we!c?wxPx}XEJ<^gBzQE+24RBpD2MG|q7a z_^svUO2stjWmLUTP*Bf5-sp|iy)Xff*gJIpy;aJsI=Gg zNRq*6`VJ2$`?xJL=x%TzR3Yi_H4QlF^!VM-*okiM-SbPj{d|lhA!aQE*H$XRDP-QA z(j%~VZ)zkn#dJhy;0kqwI=6nPI&|o3QsJ{tAcDVdX3OvajKS>H=y*i|SQ#dd@%z7{ zKisQ$R_vL0J249QHeuiK@H;BG$0pmBs$*F>rux<@Zx38$q~fvj>2c^~aO3qBe2OS(&Hua1!G`n%%K z9+|X=SOPu~fhl-EREZz(mtD_^HdTi!hx63N6Owt9lN#Jk5aZ0mfE%cVmL=W`t)V}7 zHs$=~{)tjGIV6l(CEii^wsG;i;_G%bZuQcmP+7!wNai&g=-6JLEc?8B$isrko4!-o znVq3;Tt`>KzeLkF&p$$xxjbj~H~jS?+=(Ozn}RJPlx~m08>(DG{F2Zp$^}_)ugt~N zv}5USwp&t&Oi%cokDZC<%e;E~ZnAX5`Xj8VvVg8LF*!#@R{d~d5`K_1Zwwy;@tyE= zKDwpMlbkiLVR_^*m+{?UxNGq`R*0Z0?VhzY_af%d<+8T=j=IP}P} z2X`D2qc1drumqHyL+=}fzEc!KZFExd>9PG+%n$3QzhGKyxBVT5M8xRB^BVX{*5dK!S$2a1o(<3b@Wg*5#?xLGldeSEnQ(DE< z%%kg92e2d(vt1~N59)hE+8~f$jCgAz|N1-{$HxOZ9Fk!r`g4#=51oe=(#o2+{zt?XA7x1mHMZ7;s}0H5h6Z>weu_bkS^oVA)u@ z;n06Sz&!BrMQD@PP1+dcR*OjEiDcd_r)Yoqj-mgu!zeq>8%lF*e${*Ezw>nNPqs5F zaJkm_&BM)_e6SG5@QfM;ul~tB>g|!Wx9KegNkb3!%n#6}Zcj-JM!$ov(7LI*EeX8f z^V-_b@0jX*m6KF>CyK!5sqO@00@OMR`Amn~6civ3gVARkc&Xa(YYW7dA*Q8I z)Yj`~5a43ias#}7Kh+qD{L*aNVdH}w7xS*v~3dhy@CGeZ)2d~ALOMxp#`nd(D1eO(z6VTTwoTmoC7`j zYzauB;Qfdg$1*o3`x)Jb9&mQ~2!^HzM#*lZ936@M(=uiHLcbEugLrCBBFz};kAB)D z5_Cq~BKh4{7`)W!xwj^;R^JKU4lh;Puk|4ExZcoh?68iTqehk{F;slgXJEOv%;hT) z%8j;pyEsQ5dGw{H_u0b5`Z))vg#W^(_<7!kBe3g&DmHT=8k{XDc$tc4QE|50I6UqA z$$Pnb1eQ?X9t$)}hQd-(U>gD_)B2$DGwjt=%sm$r(@=)&e{gRuwg0oMy4h2P;s@rV z%BRP1hEr^KLYptnOWwQK;0*5=(vYI5W)hZN4k(Uj%=74hKrv3z0VvPY(9zhg%(EAC ziI^ST@G44HtQ1`d&Wyl{_1?`@!fUcwXTSmSz|&aoYHNH7 z3)(OB=UzBlmbGV}09hvSO}*F3${!j1g*x1%93qYpHJls8Wl0D#8@oXTpG@U=)o`l?r4ZQffiFG^~3;gaM&sro$rmh^QeZLGxv6rDj1^4xm^&{l%^rb9f|3 zwdEJu4*ULHdL`;h!4m%Gub_iTX$E!u^V&O~WnI&&zDTn8hSGS;={%T~Mq6t(=Z=mw zV0X~}Y9FjAUTw6pGx^!Cg5j;xF^M{J_QUc%aWtYH@S0&>0XW?J^FJdtkeum@k zeq9m1#dqTm#WI(hDjEf5jMkmJZycyu({LajLjV5mUYJ@*NzL#r>g?`&K%uaBRiH1F z)GjVPmcxE9#o)Xf=wluA>dkgks@!k?D!n+pG~a#^`7hvhXpV-|cdRH3%cdRV)w%f& z`962On48NbAi0JIG_}Ft+-3hv77_Ed#Xj5(6Y23qDc1=*9=IG&azWq>hD}z_f-mOvSW_Acy>fD$ z3AxrMiX2w@E9@XmPvum^ajV96{LQmo$?qtuAmv6=L6duZDaTr=*In$cqO0$`o4g3P z3rpbbxwMn*$I()+9{26~ysV|rD$1qLRg}6TA~R7ApZ?}y2uwE@RRhYG{vV8URC+^S zkx~u4>@3za1r#dU)+RCI0>6mHG=MBtsJ~!Mv!ED1F?S6=eWEKq91x@&vCMhf{uhC= z2+1+)`$8&(7ng7H>G%rN>!xU;a;mGYb|#=!L5-w+?h>2c?wrVw04CoiEn*pX$8Yqv zLs~14v)>ATbzFsMQE=;ad&fm2aR|<|YnrASIP=B-Nd3vhJGTU#q*UNYBRUxI$ux(B zFF66roYK;hfXrmbdC(p0=e*OFq7*67@shx$pd-dtztXuW+ar1uaun)6GV41zR}L?IGXXQC z8~dt0x)}m*csc%WT%Y;hdG)<**|}X?^}Gt=nE~(GD8=&Wi$Ov$(*L4QSTg@t4%#B0 zO61bcnqc`Lj;P|d>c3icNo>snDk3KUbG^-$Gr8+6^~k{=yK4ypTCMk6BThPu!-AZn z8Iup_D7;2v7o%&B&opC*x3$!y)W@rmH3vUAAE!lUc{GRMlNO;otCaTu)$k6otnC8w z+h~PpV3SY=HDoZT{4>*@Dgi|+TM$S^>hH&n5B6USWCcAIS%YDah5B`08^(y{KL$Gg zf!8BIx;r;ktg^;4#-&qY5Mj?t3mijR_ET@?L6=EU&iuu~HHjGd=04B(bLUhG$7vtsy9Xg~)@Xf`5 z8OxCe068~Ts%EG^7@bksS`#qI{`|0OJB{dGUL7&WI6z4(7Wx|x4|Vx1NwY;LBu=QP z5a63;tP-Df(4TdDFi+aMJH1_Xj%!d0YPf4BLg$PLj-hF^wJty~yh@2t!vP!E zH}>Pg`^#@*(lI^Wj~Ft_adi}s2s=Z@In=vx?2I3l?NI_ZeT`CEJ|S49(MWo*A@jXz zdOEQam1g8=`W}rLO6@R^w7WBT*@g)!h%psS$O%fD5&Sxk7ppPA4L&~#U#fIeOgr~( z=S4`_H{LHZ{W}*}G$gI8mESY6Z;1oKHm~D8bTpj zJ}APr@0VkSXOfB2ICng2_Yi&UbNiC~ zE$M}kM8qe9{8Ft?&i3cj!S&5=-h#@K6?gjd5oh{Ao$%Dk+Bkc|p%+Abg&QMd^ju`o zC0H(sMRBd<*?xwfLrw+AO`bX*zb*=WPw0`>4P1aBmy5A+z@zZoYFo*fr#|Dgw8q>q zKoOce?w(V#VopS=xi+Ki+Nc*G>3O(1l@UL*fS{XpHmcxf+Q0)sJDz6aV_-Lrb{+KxOWNSqfh$1%&a&E1`MPU7GBu;9tbCROf%o+VOSyKO>|+ z^iDgu^Y&g?PY&YtPH06B9*%-b)$0^6gx9isbcry75aT-*N9+}R^Wriw5jmYu#)i-$ z$nIOcXnU6(1xJctG;98pv2HCIf9s40xmG4HqxIb$J+xW00)BHnwqJD*2mK|F3Z&7Y#(7TGLWl4$Fs!)=>Lt#@(0@jjmfWPC#2Ww zns3Y=(sdSXkUo4r+F-RUm5k0ETQ2@q)~%Iq^9^%(VvZp3nG-e@uYH}6?fD^$O(DTa zC#eEEzoyzBeHr9-Dm&)GhPvz@*0iQOAi-?o^~9RN_KbpyBjd3KUz0=s&AKoAvk0Bv zAm^`0)i3DmOB>&l6P3U7DgWk)8=uv{jC7~QBTrE|Z37sJb2z`>&$ zeGu=?{EB6vPSLLr*`Ps*o`)!6W5%3VKO5i0h+(Ckt?2eFe)2$A`xL3#k4hV8wyqjn zDvVxB1J}8m5TDdG3T8hfhTrE@f2{}mpVWMqR*4%SXar%8pz}{PR6QIM#+3S^>>`LS zIiaA!Mb(U9F2G9)Jtz@O?;|e6bRBGK&+7%)70%&vJaHrGNmzWC=!$VLuEx2hDV<@q z_dv7WPdwjUs^Eh7%#pUxgn8WX1qvbQxhkpXT31E^agQ@~WJK{_&QW$~zEM41GNk%W zTGhew%4IcZRljdPvzHFNG~G&85Pn?JJ96gIFCRzlj=-a!%ouR+3v)O}OyeC|l$uEw z6n>%;aQpN^L=QV`?oHv=1Un5uKcHAt5=9Xmid^>dSki}z=sMYkR5PzSWp?RFehbU3 zN;^)?waQC3C{gyFTMOYm9re1E7K1w~3s5J9mD>+5;duEBv|hgE*E^D5;v$2ez*kft zlU>4;uv-()u(wdWO!S?>J$M5=xOzIZq&<^g@k1w4&((popl2o|N0avWff%UXgQDGt zmJ>^oo#3=DX0r$m&In?1id?uc4?IFGw1 zYd?m#?)Y%&PajpcYSavumP~Dvb}mwS2@=}ydf=0iJQD6#7;t%4x3~X5fm+b(A-JOD zr$jNqi|IIdR@)ji2laL|t&#b5)!Rr*^{m=6_SH3Q3K{+$@XcVq+PVYM!uH&-iii1= z6Ae@+Gl_$Mt<@(T%UF|@NXCfHILKx54lts2qs>opk&xf684H~EHDt-5Z~V(tY_R8_d-eix^F&GGCkZaUMaAT!~RLLyEt2} z_jtW)S<1*l`PobQ_VzY24zcO?Ob-Z%Q>|wy>8sn-F+8&Pem6^O=;H++KVC0nV`>GJEapbSQ*UgARXm)i>TAt`(Kx|T|^%`c$8 zn19Vi>98SEXVVz=gm|8bwX_x|o!`1WV>Z40N&hr9cU*B=$yz%RS|DN+PPCXVN;@cH zCn*oA+2^UwqJFLno9D1JCL@t&VvT{%(x25JCAmRT*;Od`E4CP@bUS@>^28{^71KP$ zpk?%BI|o1frMj1J--I~>F?Qupu4MXPkHRCo3as&drm;Y}R)5C8m^;Vs)^h#Y+zTQ?_hM7XBD62@Qy zH}4{vns}Wr*D}*X>?AHZnVC`lesg{=yZG(So9OXc(PdbBWUFY;pcTWnKHDp&u7w$I z6Oi>!DiPnB+v$6c47SlAZo|SdD0LVBpjB||Un#Z|nh~%c@b0r8c(%f44}PS0GH5cI z{kwX3btKP#(0CYlAQ7{-ebELI2NwNe28-JeSUT+XAt2i(qu1wC3^wP_`W{9sJ1Go( zE3V;y_In2_5n9OMtEb^p^!bX>?NM>z#ncoN%~JNJPJCJ#4NPUM{{g-Y_-JhPigY|l{66^D7m8-`9{XHtb=NjC{^6ybPQ6ML0Lf~s)FAmi-hJ8SWUf}u zEM&u@`cK?9lh}Dl68&EunXl+$%FkVHy1lZ`-~FHOjV9I>m+Q2t<#2QE?`*VRz3%&C zpC2M~?;gz?{lTRTV^6m?p4+==q=b=kbF4H=IsZY<*t|5Og=#3-rAbTqO1$A@0vJ^C zZ}DrM4PR~oy7#3;3uTc9vn9q05|D>HGr$k>m-LlI>Eb??Hn24T{V9(nXv{jU0hv^$Ik;OwvMkbifujar6zAg3QrJF1&A!5Nwd4D79dIM)1 zoi?w?KiGG@hP z5pB%Q=XC^fa$OGGjLy)u=zNSLj}*6vJMBHssMsMgwN)Z_Vfwk65aI;?9mR7^^e$<) zq|*tCK-V(NW~#%x$2yUqa-mv?aAEE7PD5>c*rd6%G5YF3l^yJOl%ZuYFgQANK2Vek zW8eRYO+VCuONerX5R%SXeaxzT^huC_L0}C9cfmr}UB3B7kHgnVnXw_lC577cXxcRx zymzpO@qhnJ^d08^0h>hqJTa<4PlVO}Hyp;DEx|CGdcQVSy>1ado8uS_#u)!E*2@WC zy@yQ4H}$EH%Q<0>w`j6UZm^R!d_j(-F!0ZN?orDxJmU8J(E)7K4%aVi$8DK~iE!U@ z_(Jdb`IXUI0ngBN0zbaj%X7e6;n_TA`((a+hj<9Mr4IYp^%eo7XuNZ~cBNakfuO~G zCoUkJe1QQIw(Z97d}V3pu-|BBv3Tu#_R3G&mWS(!^X;mrxIg{fI6Dq?iG+xV&T06e zz5S~{X4{oGsmr+;I2h92-rl9Fm?s7(KZ%K^$AgIfWwXWEyxu#78K+vn#mAZ{+GyP~ zW~M}9oi(5@2*viVZ0rT@qjI&C2TRya644Q&aqcY+Upi;8*}|=oQ6U5Ic9p*cxg$+k zPzF|6H9<@U?{HaX{c2N~Rz6yZ!e#{fRpb_*DgxsID~O`ns=wxs@e5y4v>y@pGvtO% zyU&{K5^KY5H2lJ0&l4|M4%`k0H%iuirwp|A5Nq$gRl!%cU;L}D^3>+^lM4Mm5iZi# z{RrCEX_?Yvj7~o4Ns#^5ZU1|Y_5Xv@=S3gZnxAtMzcI`oYK`!#jd)8(zYQ=|U+y)2zOXH?2{CHFtVm0bMR3El)05T3KhktG5?l=S8+fdvV^!4Qwl(b^p4% zKKrnvrRnQw)cL2yzwvndKAh}6kK`dJ#6O;HHu@QdVr60@{`=;RDD)!)J+c0UX((yY zHMt&3taOSt=}Rq|QPMyc#Nb-$h`sx%e&zW+64wFA{{{$pr@( z8f+QcEm6EFIEQT5{Q`I12_vW+RN zi{w1KWAQA7bW)3bkBSHs{WE)AYXXQ{wsPM*$)3(^vLgi zP;dGHlT)q5bRGdAf94<4bvq0P`wIMLxNNF*PLR^FPJoX=dk|F*5hRFg{b! z_Q5D*Bd$7ssnf4#YaKffXCaLNJjsu3%PuBFpnN<(gwoYh-CrEk3l7_V`0#!!B`Tzv z7*KX?;D=+&u=iu=i6e)#Qm78r8-|Mq_^s{qor0)?Je2Vde%R)Ca8Gs`)!IB)!LAmS zb~+)?YoHhyBz>MUAp@1LS$tD%@czLd?J;CO5FJfJ=PhF15=yi|XV!B!$?gUPH{)<@ zMB*U;nX+JErDSKVM8F1lxZIMyy77144G<7+jZqZf-Q$M*KPy(?MW4XMiflC6621Y> zM2kz8+Z6-!ZF=1u;g=eCeR$}(cHijn2ij0((K`TglN))Q z_|~PGT-;trxAQ4wHNj zhTA&tLSA05B>pds#|I&|lLELR|B5ynXFUodnC|j}{l?XnB$;xM^AfvUh536Slinz z#>yuOgBQO{Ya4h?3d@+o)qCo0Av%Upn=gE-+CF}M33So5{=LOkR!t;$r`G3e>1OO~ z)e!F9B)fEP$!|%wGWYPd&4QA%PohULW!ItY!U_S0n#<~jIk7n{N9seG6gHEkov1VF zHwjJx$%;zN!N0f;<=ecw9C8m3*ROtaA?~^3J^FwDA_+hRqSkWuGfjMx=M6BB{8Nzo z7w!ucT9hb5p&W-e5D!fat*9LJA+yv4_94%9E&3-U3j>6e9ZTM4D84M-zA@grvX5YY z@B^*)joraLVYNiHPKQ{^&F#fHAru^n@CkK}B$77beG?QK?4i)M|JxHaP}`}&>f2g3 zo^c*>7wtFlve_&!`W$Nkqz@om-}1%M*>h#|r>0HcNF>0np|i-3-wW%Xsv!9OJoL1B zu{!8qY<0fg^Arfaf;wLpPUJAUvR+UGUT+hQ>duQ$iJ7jRq?%8w+8mCiglL+9228S# ztI0PV-cH?6>yMhDYv5GD#E6We*E@Sf`Zt7JAvE=>1h_=2VEMFYwN8%A9zHcI|?zugtGItzTS2CH>(Djx0r`8Sc!5la|Xa|+Up0)d?Xq0%zn*=+a~0w z*nC2WbXcy0I)`x|vzwf9g2OXiVHdYF|gvk#Os-s%~@yp1BWWU@v~0_)H{v4&w1~JyEoZP*fnt$(UGuc;U08jUJqCi zrm|2eYeU$#^W&awdZVQ<=wX7?w}tL>W@l)j20WQO9=uz3$I^t)madYd$T-pP3~ny0 zrquu)L+Gy8`wTI~_W>l_f~dzPAhK_#cZCjk%b#KD$1aF@+)N1v6wkgBiaI&fiETXs z^~hxYL{0I_3*eD$Fx|90@7CJpdQQuSVfcKn0HFErY+8PY%izbjbE20)IFo;rV!$p- zQOPLX{A8vu5*W!?>^k>xnp!Y`@ksKcnjgkW2k+D?zG$(|25@K20Js`GnZRwA9&U&# zgC97(221Q17Iuy{WIuIWA@lQo0kdiG{f;;ZZLFxYeaBb4n|ol>=rn^NSUmR$b$Hsw zko$C`9~nWJHy@N}#_rH4$&*x#A9%wsAz8eLM4yQnyq&fxQpkXDS=AIk!PcIcMW1@r zU;H!Cc60u>)+(QM8r$`j=?>E*l6t)=&a)j95ghPp1j?$B3CcQYqrI?FPOmOJtH~zE z>yE9Sp!nqE5P&og z)~U930Ja7*7A`sM(Xt;VZJ8`sMBb%bzB9}l_4SNCUUqLjZVh$S`n^-Nr+6cTbK%y; zuvz;z2e`kxlaxPX4V8f+Yp=ToG;5pSL8iFd=Vx7Uw<5K-d{quW#Wm^aZJIjI_Ku6I z!4ydh`e#-eMJga~1(eOpqng|$pit08{pf(BOY+zXgsZVT*KU8@VQqiDuxkI~08u2D zh4_aXy0f#>SdtHbE2uxi?hb|+4P5Uh^-ZRI40;B2kpe&imdMHaW^pW5*gJTQYv$6v zt3wv?(SD%i>8H||a4s67Y#(o5*~UW1t2jG=oy zzd6D0@$XcAof&!{Zh{sympAs2G^h4S z=Am<#(jZ8tXZ^%}^N2X=H0w&l^Nk^KVf22h_3Ng-kk#~oHodXFgV4PueU`Va*9&lgfbGvj&l`GvLIjJ1BF5M|Y8;&(~$uqD+VAv-d6tvPK6u#sRY ziO4}LqE1gto?@(X6meA0EgQ+}UQp49^(zI3o;^@VsCe)GpF*;Riq>!_)#mxb?q6bg zpIv5Y_um5eQm+yMdOfXcU4;)D<1N7`A%@SSo;9yxpRPY2LN2_4csJII(Ha$)fNN_M zv_^ybbpsFIMbf|Eai_tofyqg<(*-IDzhjnvQzKBCVFie}gYzX~egiV^9>;|#wJysn zkB_Qi*;i5L_7fSg7*=ek@3#qw#P9vpT|3bno1$9*5XL36yi?D>NSd<3VYfyGbMg*2 z7lfs9Vt~FHko)G;!jbx*J0En$%*ju@wz6~YE zr%nvapH1a=y+@-tdQb?2S(~)#>M@`(&#_Rmo$Yf%Lu5D_<^P$31CFudh2?X{C1krD zQ^(#&{i4A2U&`j=BGjbaNAT&pNsd2ec(~Mz91f7IGeK+HloqMF=lvLk&nY{FTC2a& za_@!R?@lG3z=S?^R^&wrG5uH@?Kq(dZazVY93i`AuiJ37(vdT4l$VRplapgstK^CD z9$2_}m`W>}_3I#)8`4Z$X^~+9j&^(sgP>nu8Vz`POS2&%?zDN?pyg?*u4Cs#aQG&E z#@>*Eh51Y`Rr|buA(3<#*h3UdECf88_)$pnG8l59q~!5ZwtaT2ocW@z5#|=_Ziq1f zH(A!TO9i|bV8ks2S5|w}@J%Yp67A;(w$Fdb>K>7p-f&2?xM71?_fAx@o*LA%|DAgZ zKe2!O|IVoD@>$$JC;6X|o7S9=fbp&xo_&@XKt3)5o;mK1pw6D=66*#0h|^8BDQ&M# zs&1D2i?H^wxm9aIy42Zin#D>8hOJJeB!HqH4s1blfQK{hnL0_3o`jQaf*TGe@l zO&kZ4v0~*5l>)^XnF~ZVF=gn8R1pbpiHoB1fpd*be=hfovX^zgM zm7&g*$Yb9Eb-D?o)rQ>EcVc_e&^xYgiq+v86E=O3LiWN0uir?wLQ^tX?_XuEx}6CN z79i};`mc-6w5;S6{h*~NhYaTte9b|_88v3cXyBgZ>GP;}^yXce#KDE3-O6>D$PFux zYE9^B@kEFU)-oMF^L3Xh9A<;uEIPCE^)2r1)IE5N+5ltC9*=dc zw)%~L&E~V3ta@GVZ&M{~%{2Nn+?mBb;^7PU_NC&>7p^RAfH0CeZ z@Z^!Dd>)zKSA{BzwQb8ip)1Y@mqE-a_|7|wmXM#AP>%xBXecgQr?Z?J!}1{U1Qp@w zwXKa8AUb-CVdtGGxrmXOU#t7S^C>|a;N%g;zWDTN!<-299LcZ>h=2wIN*g$K;Z4=Cg&Xsr0&=j@QldL#cQaK*i5=6PwHS$g4VnUw{#QW z#U8}lt>1nO>SzW_G$xV8n21%}U-q#`_9u0Cp;5Dz$kr?$DT##HK+>#*bDk%Hx@M{irRsc%-$ z;0;<7v-yGiG)dhy)SQcj9g6m;+)4DP9HO7K?iZ!ZTW>qz_VF#2gpKFVBoa@YX^mOW zM%@B^%qBJhHGR3#gEzL(^IOl65|;zs;g6S*e4JiIs$&U=yE!>wLv2miP|JrqG0PsN z>P4MFmDT6=XcEQRZ(g2u@9aL!+a^9K-q0(?8^u84hZBC9^N1o`fU>Rht$qR{!rt3P z4VA^ZZGXsUYRn2XTr008Z|~BCHSZi6OhR~cc!0=kvuV%=YukN?+fXv>g=@DZJ20*4 zzHHR?sbzo&&$;+jG)9q<1b*|Dt}wHI&llK1-Bx{>RLj%4r}Q$ZdlF~7>46+ z%@=O_|E^3J#I)&IkSIT9?Dn>Jt&F|)K^b|9re2+0BkL=#hb(7pc9HNk)2T|gD~4NZ zV?}S{p>6Dlz2*@sp7n{ud8_WupFDa|{i2W^ggAYy+*P}ON1&tcnYXI)Bq#QyV^rb* zz876vu^(>sdz7A@)^rWM*oRMyC51mUXs85T|4Opus-j)>6S=9GZl0j}jz6!#-cr|T ze5c~9F3@6@wbGZgYVGT=&%ceTtHsX!TWU@udrWP=DSN#w5ScSbFD z-tznTpsRsdbB||K@gna3ZG9zQX}I0h8(LyIARhjIi1thn8h=>Rh8I#S?{(O`hjG)S z18LU-X6G1VpwxlabSm7+%>~QucK>sRgi6SBQ3=q7{-bq>grEu)%Qr=KdI3!-;fBYq z>x&R>4Q0H8FUDK^W`FX+{&% z$$>Fh#cN2_J%a?5jUPRO#%@RoYQS{xXUG~KB3gyG)n7N?dX3(l(u4NkA#m__G=Tgp zr_ird?wD!=)_;a~q}+FdP16rHyBG1;NAg`P!G0g8fcOKi&`~jPz>(9FM-0wDs<=A& z82+Fk{=3aHs^kjLYlPb8m}Pn=yrG%|P8de_-2}$Pulo?U31HeY~~pFI_z(d(#bU`1MPflj>%6?97-+cYKbL<5t}B`tPlRvp*>D z;q!4?Q%`{ATX`L9+b5kGb8{<>{S(=6ZFRSC!C^CwHC*dT+;-!l-2G1@Zkt$%^>xSg z>g;S;W4$)d`dwJInI0;-A`2P}LU(FVj&8mKC&g@_ynd8y$b&y`c&mq^q0~l)IVnYQ zPC*%3r&9K8?b$nrU(bAgCdJ?RAq%EmtS7gD`hdozwaDv#0U=AoHJUzOF|nVC>)Bn} zHvm!mAJzN_sOn~u+0lS;Rit|vt8-|8x1FMH}{T()HsJUGE6 zXmFR{?t$R$?gIpO2<{pP?(ROgySonV?yhgL&$;jJ_kJ+{>94!j>Z)2*;k*S`f)Ipm zk4D96>uMa;_dMTE&FB7nxj)dd+cNqg{|@`o;9SX%rvA3)y5e(;)abqk$37s}OG7QM z6Gfdmjk>1uB#MNrKi6p%^R>?r#$adxA={Boh`-1GE_f?}@#cCS_|Dn-QU~wl(a@I< z`5bdOr3hFlMd`hFHz(ou;Td%FVA9mnEpL@~4~MVa6DKa};WGBV!1|N_WorFlvV`bq z?Um1)?n~5REh$s)KAUsfduEA~+j>X!tN#?Lw2UI=&-G7N<33wANHjk(dGR3gES|Aa z*WXZpp&wpk0Xp8@^Coiz`c3Jppbx%3GDaSKjc>C_{N_SvIjPl0Rl2;tO`i)aKreeE zN|!^P>0n?SynMhxVu0po-(cB?Eo_z}&K+UvoZ*)AnqH@~w{Vy#^Uwkldh?gEjm3Gs z$FvIs=iq^~m?N+QtJh|quN>9-9Hh1(kY<7 zdyeBf`hTf7lE`o#=oL_IVxv z?K@?X2wl;kK^z9WS^O;aH2sl8(X~Erp?P_tWm+v*l(K1pi;LBgvP%I2gdP!o;BAapwS>gt|6dysh=@QQ!GOw|19{nVCl@}e5A zI|=(N&7G6m({*=3dq+X62`07pZn)#rMmsNpA6i|6?}LMkp5TFqMAH+Zha8_4oz*St zOK$81Ml~L}#cvP4j?EM$B_w?lY;}9|IC&7DhNAV8#-xqBO zoBrdLV|RNcBrTK7>_<{UUrAAYo?^$&&y#xB1bhE($+# zt*fzJRv_-0xEc)!qjm7`K683uO(L+q(0(@bA0BD-`#;bh4C57XArGDz#X`-Z#HHE= z9eB))(5aKvPp@%XLECb)>u$xDP22RjN3SbXR>P*(>q1}A0^cU5>rQ)V?>pxN@YH_l zl=Hr*l0mfE?dQ|m_gfW_5^FD&@!D$GTI*^0<3f=feq3K^o_eRnbM5awvi6%%Hk<;! zey8MHoEyUN;x|RGU=Z=__?t8Tx0uEh4_MHQQ-FB>_`h5AaZgWACUAt7CzxDlbXCY? zn*|eyE9hJB4Xe)hU}M~%*}C!v5=u2oSDy2Mbudw`*s;RAsCzYwD0;{Io;-^HIg3uq znr+LY@3^p=?DcS$WlqF}mfIY5C#8FU&w@Nh9&HQKh(ey9R$kjwO9*|xudU+sEbU6x z8C=Y^{c>>v=g2`MK`Y>>cAzEQaPF^jABUBW$$>q)7W;04+4aiD^t!uwV9c*G#$)hs z9klC(mw8rhIxHR)G@OTb{;S>pIn+5L(3>}&KgZu{4bm$()ERi2&QGgZj`Mb;CcH3cmRsxR?%f8= zv!~cHOFaJ_TLrln(lJU$X?`|iR>EPA#!;`8yXa~yEB?jq`XXx>p=3{f@NJiOeO#r` zcP5lxs~z9FJ!HBPkUg1=*f122Zw;*UBJkCP-bUWB@TmlFO`5j@;Gb07ZmEtu ztM&quBHe1^p0xgJV{c#<@bnN#x_^E^v8pV;MbUM?YqiKuZX=viGxfPcs94u_?<_|& z^|#f=ZZAs+=XkpR=^?l9wo>B15T8p#wF>Pna9pPEwBiUL4dbUA7^;YI-voBu{a9bK zKh_x9;nSB)({;a^DA~C8^YohzA@&agOaz=d1 z_k_Xk1JxU{S+BP-W1u|Hj;3TM+2U+msZ1&QYqew@6^61zLj zH)tMc*0;(L30Pm7`nRvrFC@Bzm+;>^0X>@qDIW!=obj+LLR1l6f9k1~TA^Q^1x?gC zshWEY2k9(@AB*wW&5~%#77YLboM(=Fh!blh3bG?=B-lyYHolEsW+8fY2JqORxKZi7 zkV>@(L|V1TaZ+EbC2RQ4UDzuE_1lqM|Lhf@8LN&I{<;7RqsVpdQfQeTCgOwNtn6SJ zfsHYn0@ibdmt3LYN<%xC(meT^*3px^)C2w|uHWX=G~+K$#xqhPb&TcqL8s7W>r7i8 zyn;>&YGmegU)M*=MN@AoCry__M?u4*EP za(;RItpkl|Jg^`KUHVqBRNP8u72nlFXgGJprON_AUW1Y8W7r_OkqA~78~O1nysbU2LX;n>zN z7)#oE!UL(GFm{RRYLKMT?p(8FxptjBHm!VA3)NM&4ZDwp3#x|KRngwD@n0VxtI7B_PC`rHUC*wHXDh5&r=( ziAc7_*~MCFP_d)mvjAVb3xDsP-Di*u`mw-4MnZTz2}rlhb4g)cEpz80Y&{I$i0Yu7zsabI4=hdFA!z+y z5d-SIqOx)T7}4FT9w4k;{wt=sxW4um&-Inc7X|_UR7?D4tD`2`yH~X-2-e*-IOL3l zUFnthwZb}9f7#JVXMI$ep+AQbG4}!?tE@ZU$!WPQmfEq!(*H){lt*-RB8t+mwe5Bu z;}~2^3@2*W305$yT0Yp&x;5JV+l!-co$y$*v+C<wlu zb=MT17XjIwR&&WVhW6q9-M-G^#6QqcI_Y&x^?vF-reNAQT`Tr*2aL?%5mUv@#=<0~ z=x5cmNwHe0(`InJY-%X$eIv!Xof~(-Uq@F%rt5wzdh+DP<`K{k-_0Q#_O3Yp z<Xvk!Hm|yjpC{Av6;lZ1?Q3D|BCFuL2E53h zkpBg-gm@fHW<$0=Y#|&ta+i(;B4EcPCx>Q>1aCDTmj%x&b@Kh?R<(N(te>NL;v!RH z6qV3f^Ok?PqU*qJWj2J~`Ab(Hkd>Rrk2l#?)4dr@b)b_5sbmhk-oO%VAzTX{+tUNf zU)3FN`UL~0Fr3fBH_LCz3k4)Qf$O)Y3Bz(mTGKF~F5!G&Pe_CSYEJ zJxIm$VZDJFE%iRrbS5=)tflV@B;XM-lUH8AhTl3jqpRi=cCqf#?qZKE%DWb+)U+d% zaa=O9>NmE#T*N?GFrq_#ACRNJ%A~v>!Qqe8h;GLV<)&T_q3{7d=%P?zqgid;E+La% zCNna|Lb_T;a}AJuIw3k;$DH&Y$v-O2&phntwvao`XlgY55?y`X%Vm*n-toONp!(gH z-=-fSH-ku_=|$$-K;@0J`ldS&hx`8V*fPgRLyres%yBsOv(F#THI0#+ zWr6xZcQW7m7;iBaCE)C|=+CM@W60jBV1g@wu!`4QBWrEq>yKNOV%_WPa4Jxn(v9E3 zQ{_*k=2RG7rKR-;1?PWCw`yG3LlIdb?}y+(pqnS=Ci?g&BCPGdqv<` zS1b-O%Z^n;N9bf$@CDp6-~b=@;Ni-uh+RCu?BSelS+2^$`|J~YTkU1JK|wNd*QGjZ zb+C5|BT;8RM~1;n|3FtNCF;{vDtLR)mF)~v>e6zF_Z1rWYI<_0mG!mXAWhdSFutE> z)9=~3Zo+Kq38%VrUj!2AOA)(_=VkEx_vQzt#SG_M_s5% zeFlHgUP!m>X9uE<(mKqfZ}xD_F6{8d_p!OQKcV(o8_?ey%-MEGtJ*ZJVGW*OQ<=<+ zZ5>g28ctVGqC4tfGHoM7ZLQY3AP2WuFV3We4!la?y7#sTA8pIt9ifBPi_cBw%7xT3 znqib+?oqd|g@gHplG-UCM>0!DXv*AB0xGrq54#FxmbbCC1%EQ$WVC+Lv(^l$1`ya2 zO{H3ZnqcDrc-R0>$R1lvzAs&S&zDIu4^P+Nhp{2*lk>Sg2EjVkRR*9*#`DXuz`8&6 zedroY`9s}#FQx57=l1Ka3Wsor6HtF!_7Emi7U_XjH5JxO|FvL&xg^@4eUbOp?ATNV zMv-FSCs`*F$_DA{FI}q}ND4bH@Wp%zZD}Of=OAEGqCdCnL0YSLD4|fhl(C#ODF0#Um^7Shyp%=5|6^xDbYL zCDU5EkO`9`F|0CwdfF#LZ2?zW{MF6N3oy-D`N<;3pN;*mVmgvcAby{6tGg#$o`Re2 zH<;L9us0;mPB%%LxwoLvI@K$vD=WDXF0E`(>}(szwq9(u1e%ppmSsJabS2TxOc&WS z)@eAhu^?V*AuO$W1V`=w$yFYc%Q6BdWp% zx0JI-wPlq5gCgVQ{=aNT#qxIcjh^QvG`sb30J-#^jd?A4|6r<~e=0H@iEOTD>OUP6 z>79ITBo7$A(`lY+wki`Zw|kMeV$k7z3s`#8@X)|*XfHUKX`8eRti87&*W`{VZ)C1{ zrzWl|L)7f01LHfR|h&BxY4O{DdKX5Rj^u& z<*WRQ8NYKMC&kQNu4ujbJ*FBgjsvky(oXw-Yfbh425W|!qb6PF_WniE@~Zw#ojb^l z&H-!eC1qv*KwOOdx9-7_jL(uooVM#iGP?ip9CI(7+Osk}WqB{U z3;X(l(UJ^Zy<+ea>TB7YTBMWPq7PYG?VFJRO*bHFV0@X&w-;xl3YIY2M0z1Ct za+#FYiVf=~w!`V#{P9|(jmwaqT%08z`G)cY*p2mN^lp3`d1OHN`5U5n%+F6VA|;TW z0bX}@TMpI2orCqVCJvT}OR6I(MgPmJ7CkhjQdL{w@1DPE3f#F~TLOb!8Wh30Lhaj? zr!d&|ma{$SlFFm#)2EV4lh=FAiQ&SaL09clnXfVg9kI`O&*@s+IggWYhj`sGWiRG) z7)KpzZFydY6mp~Hw$R{x=XqeE@ju&6a;CR-Ig`ubFPAB*p^?^EC~}7D*HN z$?sk>4E)`&o)C zD;U*I1yrv(pQN}c98ES_z_)#cs)N^@YeuV~>y~KG>g=4cZBgxaV~KqZ`*423=mes* zvbXJBmF*FCu$vm!zBrI*HNL%G=$^a~Jk=N}onA@ypD*F3b6RT#KaE4_EI3u75ju7%CsxXx<@c)gJ2yr_0 zZSU8!ROF601tH-03s*ow;w>s?My1dYvg*C-0gDy06jEgt_D?VLPxIsjt`}GJ0hm;` zJE;;6%!<+ab#O<1$1ROVrlK5Wl_^h1EXsPHcz-_VytIu%{()RqD{OflBLTE*aeVz2 zh~JDq@|ce<>6DF6G;&$E?8bMCQ$e&>!aWWNRx+XNmi+IPAUU%u`~Pu$@xs}iU}e+g z%k@OA$NgDOB{h8G-@6@<1?~|g+eQ|0(l|OiL#H!+!^lpeVP7~wIWCOa3)_TsaPEi; zF0r|8UQiKn;=Z=$Di3!Pde;iEZaHTt?+nfCa@T_fG0ehTq(&pG4ehK5%m|2)GeXJIV0{{jos}>227xZ>N8M zVFm3ItgdSpV{6G4t*p7NP8<6JL!5Y%=zXxISZ7uNpxqk~*UtWy|e=1X49p zi?r9Svur-`P81Vy{)b{C;~X=uDWdD^TgAP-uB5wJwWaG+lAqwXOUEfV)Yp?9|MMmL zpNaS}OY9(FKy8M*QlcZnPzt;=zXrwJvH8QUCjN9Y>h3<1+v`fqLD$W3o57KYh{pMH z>L48R?$AHmFGf6HXrlD*EwpvVuuEdH_TxbSo6)`TFT*-6`0*aRt|3T&5f(efEeX*# zBkuDTa-w_zqHXI4{-kbYYaes$kA?|nT~2&A*7Rp?hzqM@ny#HV9@(Alij|@tV&8%= zs>f2HimI($l$lz|@F|Y-Eq?vpl<*#3^O|y9XFYLQ-N5WM6<^*jgS7-#{@4-NDjHAH zxF`rn-B&m}xslDjXX#xEJpn~nDORzip?QVCc9}}qkI{Q3lqeV-66>VUpfDDt_{=}{ zXq6WOqpy}lBUY^hiY(YnD z;l{<)s#%KrxbxbB_6D|$0ULNp;0brM-gMEabkRON?cp)(5OpVCf$SC%SQ}-JY#FQ5 z9P=MqE?m-Hj}folU@B~Vu*1YVexacV1ULhDIEwY)zey$~{@VFsF~~pO+yW!WM~BF| zFGiY`>y2vE7d#zP6_1ozETl_9e4H`WIYFd{-i3kg9XO6qKY5r6jJpR8R*BA(!5DN(0yJE5Mt$?7Gc2Sfu_A%ljJS6x zZr|X0boM~=*&{Gp@2+dih#W(+2d)CKPPON%(asEZZ&shWo7@sX7wdig%=$>F{2sty zn5~niql(>3}aGYXJw{@d2#L}!;tr@tQ(;`N9vR=e!7 z?pTAyM3!4UZV;UUF#`vzf|sZq>(aH?Qu9Z{S_IV9^(t#z-DEw*i-iG<$_k<9{t+Vm-OKynOOf+|tRq%IpRy6o=G9m{oCM0CtF=bD zYO{3Jat?)a+#_C#OlBRmC?cOFjY@n@*9e0x03N9gve4(s;50>9v}n>O4}zvB`9>bX z*a(JFdop6{vFqBw5k)RAq7uea-aQv% z5w)4<8K$&eFb_->-oS@%@xFHWvqgq0shbf{$EPuQaV_VKWb%`#y8!q7O--*(5|=2X z>I+|N1CP*+!wk>PI$(Q9%Pc< zlkPg8FHZ6O|Gf5Ot3C@o^&8N%bFu+f0Zjnt8F2ltrR7_FwN4} zgV<_N$MrG5>-H4MI?NXygd^Xv*60wZjj8&Iq^Us_SNj`nSwo^|LQYZro3kpPb$PFOzSEge>#qLXfoA)-rt2l>ydjU1Ww? z7P;cH*S>%yY+@^G-svbnnz5uAlu{#EAVH zII@WXSqs=iE-cAEN1qD2s!h!#!4*sdo_6Y=2BA9QW(E~iRuJ1Hxy&FnHl)^{CMQTN z(;4sY36nuv3}vN(Q!V-|2dxnIO7Zt$R?s~#eb_NiGo^mnTk|{1)TzSb`LTWMnk=c-Cs+6lHC(4G;Yku{b|^AK8v1XNB;a+UA^I5AR42 z5oQo{%hJc+7?YKv#5@ce3m$A+Fhh%gFFdfHd(efC^h`SW$c*-X4J>kHMXskEecO0b zB#hHV6o;ZMeURCdQdKQ}Q9pgA< z1>*Ty8xEKK*T3TuQ`nsDH&iSvd3vsYJx(3Z0NcUfA@09)9;)mmO8O6qnU9t_SKp^VL9{96>4@+;+7$;~ z7u?I|4)A=3U1GZ0X^E(}dhCPADitiYF zcjU)gY=4Y~?PhkGR;@eF~0AO#pBG>Aj^Pay3E@go<{ zCu^KnBPR`PF~&2)KMa5F&wHNm<%0aTX_pCy<}-g_rx-TJBOR-xE6z-BEY>Y9GKL{j z91Vbc@+&M6(0Wjmj^a+54jm@EvkFb6cI`2((D75Uw@L87#1cGPOD+T%JhyXfdiqZf#1iWwd zWx6gGI6Y~Oqa;QHO8|9`5$fq1jJ%`nd}}D~$H9c=MvKMs3OvGO^f)Dq> zgA2R`GrPOHO|47ylv)u@?rN2~b26FyI`=2F6GvdF>DQ+tM}fD8-0_JCIiIMp6!7a% z{vMn}9quB-b+=>t&-?$MAD8(Oj)Je{BCakQEq!uEdlH)QVGSz^n+58lyl8=oO};sD zPGPat1|Q-5Nwe9g;LOgT6f8W?9PU#m4LLM zaCVqAx+yLrPq5)0B6Jn`r^D&(0PCXt%Y+kIu@zk)0hV~OX_YnluR*mX=XwE{Vh@^y z5`S<3adLtH?HQqgJyNHtbZ6!ZYqKpU3e_6DTfz0*gg^6DMZVhZYq@l}H-Tp|<5(am z8zRkAX>rW0iqMcQ`rVH5X-fjwYDWYT3W_x5G{pjd6J975zav6rfQIJ~C3$1jnm923P*}t4-~68OxL^$~Or zQ=M)rjb%^g!oPE}8SS7-cEP{=DEWoc@nu)N?d*U#sQ9ySWt5PgU!+yefmq15R#`lP zaIl%ij_tev?lAXj6KWZtBWQcEyJ0%3n9latnZRno&G6F;Y7_65N4FMKj+(*)D@uup z`o(w(aJtFepz&8mWlhft%|b;~9+B`OH|8=^(m%%XGRXD3SbHX`Cz3#x&oLgNH@{~M zbmEQ43~V4?_WNqCg@xhlplNa?jTA%5M%h$VrNllcZ0q9gHnh|jdQa4#Dh$H*9GBN4HzJ-Ci z07)UaXOpC-_~~IWABXmfQwmL_J2SFkR5*MB^T)?1U->BGO8lBJ2%fS_p=Zl;8YVLn z&7&XTJLE5W!Ri4h6$TcZZ0mu8Zke)iFd%T*CU;aFjs^Lm8Sg<~@8}KW zVbmF5Gux$#maMMc5v}IBF4Kp_#VN7~vg_=X{2_cTfm7#`SrdWvzi7at*NRwh+$W66zR;h2!}( zk>0KS?6s`SNYR5|z8xoAQiJ5P>cY<+xJ!Ba2iQxZyWg?a3jCO4W^#D6R$wbktnOy? ztR=Jd>s=BTSdT+=I01Y)35q{lz!WSUvh;KYWHeC33-7u)K(Yo=eoCMAcQ^W)dOztpCy?Ni|GgL81L47auadX+wm z_5YqjCalFIGcv%K7VkGQmG_v6UL4ssrKQcCKlV!~EzL#sSMQBDUb-3Af+M;02lw!U z@gYhU!95moCd6)Sh)TiGRmfcNWC?>hDe#dAj5Kd_gv=+63TGspNX3-z;VdXlnls!c{r!%l=5?MDu#O@zrJ+_$|jD zdU68LZu}{PsPcdDM{q|m{m|$&>Gg>%yeD>&3z^yIBs_lM?7Ij|HyZnB`{tL}#L|z( zvGOzkop@TI`KYfLcgdere5Oh@HQC!v@^j@(CL8Y5k>Rt0d^oJOV}!hkJg9jQts}c; z0w)QL8NFIh;a>LX3iB%frVRoKK_NC{8>K&r5c!<}?e(0kfo(SpgoFN|T}4&Nu}cUq z7q93E2rVG5lzD)_&b;^l|M`S2{B<25g%ftbWs7NgQTkWrZKlPpPJVW*i`2S~mRcSF z1n;Vq9GoE+BrOLW0xGM%+}31>!=n6%-i>CsOX1fq_i@)1T5G6ykOkq1eyLCh!b5M4 zePSAh1G;?to5KL@A;#fC15Hw7w|WLoTj&_yz|e$|PHZ&QtTD!;9j zssh7bFE7l_9~oIYpnVgbE3eMOi=TW|eyqnldq(zSMgz>g=ARb@xD$Acjf!PF-fPe$ zl7u8>2DM6WdHsbhRDYNp7lwO3r8o&~6ctOBo>Ak+eKwvzG46RL1$@z3GkpDq5E8p4 zgMfKGg7^D&6oW{r$8SF9x8S2;&ZNI-c|lj7hY1tnV~;M zOwT`nk1}kL5r#i;Kt1rWDb~R9P)Z3ZzZbMDxLH{8^KbZjuE;ElZ&XUKHRq@i_q9^} zBTZ0lTG+}AX6*tpI+<3FJMgjqo~|J4)bfE4@}>FUZ&haN+rFtv56`USP&7NFx?O8Z zy=wEJFyuU@H4_h{rVS4RfO3MY=9GI6X;N-)qf;dAP7*Z~R&9{?x=BMH3m@ z7q^b_Py+`wi3Yg6GY+)pC+h88C~Irxo{*U4sF%>fFXrrf$B<1VJbM)amkI6`Zg}&7 z#}ETcTqlV1r2AssQ_)~YNg?LCWbnKR4XVz=Whp1&{(i$=aMjZF<1<3c*m8Zc%D}k} z1S#r!IZg^uC1Wu+C7ats8sz>Q*jTn-3`W4at>h=Us?ATjG}RU|T#K5YP#0e@BRqdn z#Rq<$RL?775XS;FAec;r5C};~2e`(A=0bEv$01nBm}a_Iy4$Vvm()AgTgZNJH}q)Us)UPGmS_47f(TTlc(1;@Q6nQXI|a|$>1esPBMHEN>7 zuEUt36_GWst7fb*SE?k+j3uWjYjJIOc~}seJrJ}+L^`g1divLa<$ypMTm?O93EST=exko-ibmoIGI zP=lR}Qnp_jFEY-0gg-6B#o6BddwSAbF9FaS@Ph#fX|`@mSsG!C0yt_+0*4{smwZqp z{J;whzb+*dl(3<5IE3P15<*yLKYh3BhVk)b2&!pt(d?;5_-t)wc$en5)Gw}_c1&p7 z06w-Qc)tOq^yOoXcpn}ePJw9mcie95LQ*?fCeM3vVm~jRR<}Rr=+to6$DuJzcn?t_ zB8HkYh7yCZ9BQE#x50ga1$CJ+Vp->?KUNhW-kC!s=c?>}D0h3vAqt;ei!4$wzw-Oa z%a~TGvOFI{A}(5)B7>SELL;`eUjm^q_TKwSao~8=k;5W z8Sw2Lg`^9df^VWQ1y`5e>RFis5yrhxkAkcmP<+Akf;PKn6=K5<@Q7~AkT@8DJ9Wlo z+GRn!jF@h7Fg4fu9_-N$_3{iqM5aXrTpMCV>N%0^eydEQhS^PpY_FCnD9`hd59(kc zc03DL*=Hh_EDcGT%>d&nYs;0GdpS@M?lc+0>r%V3T=^0BkIXH&#IGmHOpjTJAuOC) zNe0SqKZ%Bn4g-M#_(MVX8a61uEO9`fI|6px0wy&wJ{{7s4lfB3K{Pf%8;zPdi3d1s z;9QLCVUOS|?>>WhKhXTr@gLIiH*N**u*C)#2|LuxM)%hYl>Kh_KV zU`G?}JIqcmha`1Xb0dT*Y#nX%ML^DxrF35t;4^As!q@S!V3h434%S=~X>fzV0+p4Y z@G9_ANZq}9G>*Z*xYm;DT=1M;!bs(xV?XQq?~LNaX4(*j8F_KBsB+4U)C4-p)suB_ zqB|bNl5!eD<1W{zM9VW*uG;ou+;Z@`dQg4g)h8=l1Xt+alei@N#!IjA9NI#>_~B9$ zN7upw)-^8I-bbU#3Aif@Si;!&!$LoWoa%+dU;5&(kbPP@xhOY%(KLcFM(@2Pswn-O z-2-2(AKniT7!*0PyfbW66@|N`y0R;?L4=srjjVpg%X?kuG?u?OF02eZni%sVrL8P1 z$s2_V9NhlS3E-7!)O>lWay(^#BoC8U?Kl@c^4OGjuXW&bl6#1ht9DLI3D;vR}b7dhGb!FR!@_n}^=qK4Jo^buy35r8zGCEsfIH zeEl+rF@H#Cw8#~fBj0bA$strW9 zIVe;Uy+@hI=Xd|&4nhCm4kb#x1=#}6XK&Tb1i6)CDFXx8BL$P(uPk8TLF=Y!PqUrD zE$s)aMiIkYe+`R)k>=5kdX8*g0V{90QKn)=PKyxaz6Vw9TZa3_2^4T+hhK434#zE=fp?^G!!>o`>0Q1-ny{ItC_qndd`?fKZ&BgRQ43@5+0ho7SlJq{b>uI-Z}U2vY)VpV}Ucdt@+ud$%p8NDj5+2Q?UE3xJr%Mn^DP_5IS z-I7I0iHf?U0a`#4Y?T3R!?jm+*;=*geDxvgQ<+=x@669MUJSoZVXjTWcw7ohOA;bREL1p^$Bj1=ZQfz1$WPc)v1wxA;jC1Bjs8nM96BsVu7-f zS}SgL(%vL*k7{7LuEF``Rs0u@f}}6#ctE$@t3uU*>UvJOGGk8Fk`cS2F$a1(0uEA5 z?2)xZB;*A##;BP-`l$Ipl=;NtKezmqR*N29IZhfuHEsP49}Vf=MZABQcxNc4I&~dO zdh<^JbBDLLQij3FCN0#1>c!Ih=5C(l0_WfO#-|ocULI1?DZx*AyEJ7tWO8?D#B-I5 z9*3w5H6>gzJZfj%6kZ)_o!SpO+;g-;%{_Z9xz#J2>3(yYQ+PAwIzBcw&R(my13v>| zo{X$BO`cmFk)}`Z8s;3hBr1LF*hfAo=q=ktE-I_MW+a*E(&|lp(Jk!&T3u;{7~q|> zv)gjNySceB*gBsUp9PC4fk$~J`M~q$;9&t?q5BPglp|y!e!8`}L-5dbK0dE&mCbk> zS947b%Txor$v>3nKfQqDw!`BG)j&DXX$AexQX-Nw3$E5)EhOpicxr=?bAs>ywNtNA zBXFF_*X+r!wK`uMm6c7qLsHQ{J$5C)oz0_@(AqC0l}!oPl0znC`PCGhJW)La8YhP1{8Z0S5Lax_F#_!2_YW)wlT)5N!byQ=mwNYVRpLbnw zGCgwh1UMpl`TK8Q16_210bLEr{4JWbru0*~{7|g-gJ=nV0(W8oq}GRceixqv`%k`_ zN4UiO^Tut-e3>+Ndlnh0ZL6Fo9;ot++9x&=K;;_LEAxPcm;>P24hct*BqYWM;>*_> zoUEl%^hz!*M!KOO3gOV=BfJ-u52v*WAbm;(tkOk@nVU^bWXXKU*%J$mqM2?-!Zh3u z>Y3ohx5gI;m`EDhBZd5wc~}cO3==45ow4-Z2t&=IEZ>F~C7DM;+dyNh0gfmzM@2UI zmE?W+9T}SHVWw=ydJ{6U`D_b#A}79rr3yP5RhJ}j{+10#)DOH~ZHoB}Ot|Fz4uGG) zx?})!61fdCC1_5cf@ChJ)_ij=lG#QYb^Yi1hbJDIT-HpV} ziu~Z%@W)Kw*rcI5PiG5Jd${G>o&x2wmf z*d5Fr3k&L-^SS3{h}#^U7AGiCxW9I~k_lf^1gp{zX?l$&;G|w%6p8KKo=bSYKj&z3 z)II9VqfsX`CU!6R^|3k(rX&j|p!SN&T25AFzEf#waM2*%qK)LPt)TbQfS&WhaoQy_ zjE{R4XU3O=1gGtt97>Y$t;k=8q&*hq#O^`kqAzi-y&ZT#8Qzuzs$#X<5CbaK=k;82 zjyaYS^-}WPwU{ik*kMg9~=Qf zvw=P=4JXVbE`RW0X85i~-Ys6W(4Fz*K;@;^R&mmrq35s?OUsumzjfjE?XT^%;eLL$ zvQorTkE-}2+SAk3) z0!w?)T5_MlW03VA9iT;C`5Cb``9>#r+cr7uC`@aN{35`%;d0LP&&#c;Enp9$iy_KP zeXwDwq@-l$-dO79{yyazG`G_cRHV4S+x1>H_%Fv6^FQ3$e-HB(c%p~*f*3{teHYpsGt^t*s-wdtBv9?|U9#qtN^HgMmJMT`BCkMNU4G@2Emj#a6Z z3`PV(IL6(9!2XV0*!niOhIVW2kKkZ=FJB_TcVSUIpV61!UOsmWqW6{jP<`zd#etuZ z6chJ^*~xLFf^+l<(#~t}g3k9wwns`7CbnBBbggl}23MLVaB{b^Tw01u@RaD`B|HU? zF8{0@+Decd9~AO+#@-U2#faaBoNF{6gvTZ(uccX3^YP^+*py?x&Eh9|K-nTO9U8 z7bqHdt-3xxrb72&lG^Io+(vJlqQhZ&42{hl4LEpwQ11CK7Iji`dG)xreu?4(6=m$u zLMgE_s2q{TXVEE14$&7WT_a=wmw-v??a4%{YD|1y*51LY)70Cb=Cu1(p~ujaRLr#E zYPjMk)Qik6ANpWW6b)bf>Km~iOl<58Un8e-?>~i!;nniN0Ibug*BSgtwU{v?0#2ms zK1vqEcgl?xrY^6Y6)_bsAA#7kbxMB}MC%l3S$eYXs&T^R4->R#`g)Ej;2XMO{~KT9 z2}*GJ84zT&t~yZwvMhAo)s<(4t%G^uuJoxiLQS;gESUDqP|OhX(i4r7L;h;MfnL?$4^Qd>jE^T$~Jc z0~gonp}Hrw)XVZE+fjdIU=6HowYvL+at4==xz&FJpHRE2L(H(o2u}=SO46EIai7{P zidrj-tz~9i1(M0u&*!=Eeu^{fd1|Y?YyA>F{7N%!C?vg+ZX(R|gi~JdXz!MEHH@Ka zSe6b*W!!5QdmJOx4&y1_NGt`F>k0BGK$UwM)CX|#P9|jelIWs`^%}b4!Q@A!_<3`X+?*HGkgcs zKe455$AHxi!Z4r|Q!g0)4vF6zua?MHK#4A@eqfvnzITgYMnajEJ2Yj@qMly(=+JVx zQua-F=Vq4j&bfw$$VIEyjG`8~2TN6!yl=7`ObGus2lMv6XgUi@fOZNUU8lia4im}_ zvm&_H#deBbZ2qAA;gs-hdP;(bYHQ=66(lL5rM>u#ikBM6+DG`srYp&^acL((G605} zxc0hs&0i#Ml;Qia;;lefx{OFSSdcJ^5L{9~DZuuzrk#drNi`;AOd1tUdyNv+TYO2O z?Hoar%43dT>+$L@!O#<=umtx9D9iBMJE$zyn6ww(qc#i6%e<^3YAxT zt`?05VZLtJ({MPc3GW~H^((SUX2;0J9g6G{$4Z;|NOKV_p9H@%TWffg?V zEFwRfAbh>WKaQ;Np>amFg#i+t@C`BKZ=E(8b5bkEb^$;17-}{5Og$34tnc`M_ejVl zCg7U**3DNeiQoTJeI=?#h->qK#$ZNxn$X($7{{#pEooK-Ug0?SFfb)7jIY*f1@p|K!>Sh?S#TN}8;Aajc z%)RQ@1OW@fA2@71aj_>CNUkyjKEi`l86ks8Bq}4v)K<53kjH*=)znI}AwqQ1s#B4Y z0j}Jqf8ZP~4iS7*5aV2ovv-^^l_v&BoRHU#%P++|QiFHqzPPE`z5JsnVHBCJJ?$-Njd;qn00yYSXv|lmy0vhJY^VZt8B1l>xaCM#XX94J&DA` z+eshQ?}WUs2r0LLU?9qXuf_XQ&3>s}=EcstFltE9!EquznH* zskj)psrXN*9EwP-Hc}H@W8L_hMREFPu$lxG3_R@!1S}3^KeE3J+E0rATq@=@UktBN zo7<)zn>&B#6qXf3vCK2L$rT0f8C<}W(LKwBG^6nT(Wo*UiNCH;ntK-6Qbc>$%Lu#GBEqP zBxwpNagWi!5gPa)S|KIzmH=Vgh7Gg6$_#g@WZ3ndhWgMVfJ?i?!p_iPl79OL`znEJ z!&^Q5gK1cl3L2AQ`(lWcU_8WsOC6#B`AQ_IZ$`d5wv`MwyM|3PA~`GqJ*T0~#?0iC zPn&CB9db?g7EG4qeDWLYS6f##Ef-gAt{4ABytPcG^u6-=#XUAx$&?R=|-bKGG9ulYAaRe?eww4F+n+1NGKl@IaZCrD)lI9;{@%v-}= zl|$9<4Q$(PT z2V>c;o8jt`PX&3@W^H|0Z+XxtteQZ$$fzzb+y+hryVlLZSpp{&ot-1QUD0Kb;&`Os zJ9n%f(_27{O(+sld!lGy*D>#XCV>bkyvsR&32N`tgWcegZxq;z*kcMe^G zlyrA@_s|TDbayj!H}ApguIG8~_n#p@Gw1Am*4k_Bz1Hu`t}dqKuzmd}ihN^==5>s9 z!x{^-K`?r?#!g~ZOQR#^KqaguY2B7IEjY`V3HwGJdG!K;Lg!=ptzH&7a0pcxe^n9>seBsMbff;OZ)c7kiOG^q5nt7+8{a&g#xiHOd6jgS(AQ7 zs=Ch(FK*Y{A`b)*y0>f=YJpqv29z_&|0lBf8*HCVjz?cT6NH!igMz2Rt+@0ITuihz z@*TN0Z-|mI{T^-(@KdawlQ3lSQ6gyZM5plKp~9t9r0iu)3ky)*!FNoU4T~huZ4_L^ z9MRDu7b7y;egfS*068j&XUWO^T2snG?B{b=d;Ml9&n z>?|I8g{6~8!~+fr9bCt4QXC!$Lp(|qDON$Tj5y&ud-#OEl`-ETi;3{1ncbX5sOlC2 z=LQ1b!#=Z;C#o)h$Qv)-qqZbk?OJb(y4tEd(Dcpb)0I8_%eVi^HnKtn@jw6>p=e<1 zh*qf0k7Iu>3LXOmo0Uhewbt2jwvRcIHbi*eukd08h{8zbooq`2%I2mz;5-E6#D^CB zDO8E&XZXxdn5DO6KORU6@BDy)3IE~U)6Zv_^nq8bG7h=ey!=F8=7bMfJ&P%Suns4+ zW^peo(Jrz(>o$P0UD-lE7am?$QuNgj7>Tm}!}`k^0#gZ3J9xqXi#v5y6s58zy`!_( zyDzHL%-K3ll4K3H5BUt^Yv#|?iU%ANWz2C z-cxGk5JaP&08RKD)2Kq!3J!z-lI7Gr<;ML8bHp@8;x%yFBK-SrKefW<+?8_jt)ej zXXiV3sl~a=pGRnn9=J;73Z-#qhV6W-qS2&D@9Z_u^xpZF^EvKOtFd$?afjvClWx9r z4_}@%L9hUsiszdRBnZ@=@7d_3Wj6g#Vs= z=oY_mfe$iX&b))jd46oxxIE&WUXCGp!{Y5&`B25p6u#s{!HhGyUF8g_XmwwsEROvP zM7ytd>Oeh-=0Z-0UgwF$u)(ah!MvX5j={RTRGkPMB(7DddrKrEWJ#Y3YRlHT)K5wu6DDIg}$aCq`qSQc4S!VWTCW3tBw76ztjV76TD`A0{ z3iTNb8hbnQ1SUryBcd z2AUT*H2;E<8s^2 zC!yJ>o1#H8hM_uv#o5U5=#uroWkx`#JXzV=F-52ywli{@KrdGN6JwwE%&;B9B0PHP zOPg5}4K$gAZLyd~z;pffclpw+@eH5wZ31;;XVEpAky(U; ztq@qI95k{8HgMoa8<-WnDd6{DT+;5Ycs1Xuyp>?#*{p?KynOYwzfbMZ?e{SSF4A!2i!PP}nou;E27QIxIX0#gqn5vE;_4LYhg4>j(~{ zVrm4f1l6z}XpIX?F=Jetkzflu2>%3un~WacD&$Qy>*zX>n^1NvMKUf%>^w0*z=qEj~eRZ}Bl-T*uLD%Xz7itre_Z3*eW&nBo|H=b|)Xe^FW+B4~NKv1>cJc(Yt zug~Su^!#AtswwB`-g}wSF4wr>J2ku;Vt<2E(bxsbj6xk_*ylLve~O5E&7}F+6I_;* zGBCM?t0LD(_bc4awsDj7TkffIdXXAdUWG@gVnj;5dV;Pqy%-jGjCMw&@R=Dvn5`2` z*u4-DD;r|&*{=M@E+^w7V|z{F34d{$m8|jU0MJ9as{6*>Hc{1uHGgl}Z3lUWcX07^ z@*My;q3H?5BcCgtFZa$v2DE8_-*5m_X-tb)wVLl_bBPgaAru#;P{)LW1G#!i7;wht z(>?{iB|6tw6I4<{pPx9Ky)OR7F@UrP=CK%k_*c>PE!k9kh&Zvl=naW^IH4fKzw^mx zsq9}>$ZA}_;)-MwUS0mF!);?Pf&W2ToKxA`{ZiYrt5@(H{$BWHW*KLiz$*L^J)b8P z@;hIl2>UNTj(<>H*Sto!BqQ<|!0^j8Aa?nwyYDZKcN7wV%!5}@`8{#)LY8#z%VVkU zxO}pA!GUjNO*HNN?j^1IpK{)jsmRz8QuXj_th2boIQXH<OTW5lrZL%qnYcdp-Md0GE5y;-$HD=vMMU9| z8SWO7@Ii7VA-P3;@9q>|TGiDQt2VGzZK8IaUF!bmeWF^heOhYzYv`pOYEp@iz31qW z0)pTn{405c2(F%cb&=Uxe+z!D+6V00-~)MJ9TlKZctI;y&W-;DuNq#RAS_w#9p>^g z>$&YWI=Z8w;RrUy%UA9;Wa_@vQg3>7?!N6$*|SOIs%!KeV)w>;k(aM3P)97xO`x1* zM5Bd}3n}$34X}a24F?A)T=uHnqG~QiAfSmA0*vH`+WtX~{pR*Byy{WBhM_ zDVQ6BehzRe#U2e9&1b{T@(9U4iGM5$7cxN^Xvy-U)h1I1&zkq0fg~_i0%P+kBVziX zK7VCne)Q!p{;Y!_H${;hw3`Tw6|q5vzcOf%(#IUUBjJg#8~RTSiA zRYy3rc^~-{zm3W2XdFryA}4(ZpGoyGxs0TO!e@#wAwF-Xpkes>D#j(rBwd&fmwH(= zi+JH}HLu}M^dV)*tJs(s;tMH$)@QEMZy*&)fSY<}=$sg{E<3RP2B_RSM}nZL6{KDU z(sMud4j621TXK@rk?ZG-mMbZ`@l4xeSibQ+%16)t1Q9T`dv{x5k-w+WG7QZuNUK9# zGaat9JGh%^sI_;;4`ryG{|>~BZR2n0y)Ji%%dQI-s{)D(O*_-Nx;DE4iu5lavv>3e$u3WyQtx{5xK@p zE`ZjK@-eQM_qM0uPe0)2 ztdOJ9kN%77h*P`OwmLGat*2yiBzZo$&WIRzS4RG*-O(wev#eCZ zA~NJR3LTWmOGeF+tp0T)*uP;BodfxWt&AKhG8F<;4sR$caPg;-Au^>bM@=zZDHzg~ z))owYTwAFQDz3L_xE)SBDL%R9&XlUOR{_fA3}a(?6Y{xfToo(Lz(wdLYxb)To42M% zxao-6%>$>qFqSM}pxL4^pZp=){HuGDe9JGOlG)AvGIV4`&D(N%?YRFyX^DTqs1_4i zxJ*x@$nG9V=kU_L@Tz$86eG>7Qgx>AQhifRy&+75&4BG^4bArZTF=ufX!NQU!z>-~ z^y{xdlR2k@yp!&P^yK>F6y4xXTrg-@a>{Ua&RN*ernlJO4T}L$rF^UwXRIY7!No>Q zqo(M3LnXa*p1~1ZvtIJWqNodmk3MD_=SHatKY?NX{5e<&$NnU0=1cZ}MVP~BF}l_PakD6(#2e|nB48mXYi z-|@^K4Gt<;lM@g>RQ8-rNV(!&b1;6Z(SvDAsB^=)6 z3lAPh_=}-o#c(nSndGV%?>QjqwZVQW6(7hG!Zg_Zg(bE(5nz^E92v%`{e`8)NC@5( zdotN60X1RYB4vQn9eIC*MsopM?rnu`7ISeloXAb%`BkRmcwd^XUT))5T-w^v_Ruhz+KN*gOZ4x%pKmE-tQXW z-(xhF?KbGn0zHkgFZSnvf9CP(O*J4r3Jc#Pa zJX-L@7d`zQSc^VLKprP2c**ne?+s{G;-L4BcSqOvRU^kk?Aq%1NvT_4$}=o56HqCPKO^H-7hd44;OxVFKRAL^C$M(?}PEw0uy+5lS}&(Te_!*?%AUs3ft$lKNKAbD_{dWsHBk3mPX zTGM@y)rKFVckL;RL(jj9)lnZ&*1KL%ElElU2D!pa6}wQD$_Dqe*Bc3 z=NZ-=g8AhksgnQc9?gnY!^^>JI+zbR1a8V|q5OpmOi{T(pB_5KgTLj~0%=K|+YA&S zw&q+U#Meu!0T%cllfEEAZI6G;lS()jQ}gGp{`JSwO-!6a8N!Bul8|6IH7y^hrZrSf z8?NBskci4n5F<>wJb?bi3RufZ9;mmiz=i`4c{x?dqod!4{i2S=c{tq9XnWO; zPi`qpzYM*w;&?amv3`f&Y87b5fWX(_qJ8?>W>M$B)EA(oq49GO7dZe4#|NM)P~5Wd zs+C}l=ZZcHwLz+}w9!F$u-aB{-cX;6=1Mu=pFkMNn8x&4V&dY~uTR#mpIe?-U0Ir2 zS^y>Yh+Mya+uy%*fc|~chXG6rP2wW2t#`*D_owDpsGFpkvmi%^I=9!c z2&cx^BT}yK3dzNG;26&4BQ=saQ|OV8g4GeO&&?mN^(kjO*3L%OYo?8|zU9qJ`P6a( zSX@f%R!X?}CbUl1_4Z5mmZ2m?KlmRqQZ zUjQ=2Sj*YQ_aGj`r_n62lRawYcfX$mcJ1!Z?%l4haPC$E3A1fHZg<&6Arrxy11G}e z68$D4C(26?WvHwO2nffIchH;>^*ey3Any)P1!K;-^LW`D!IPW1JgLpiJi>l~lH)C& zo~76wjpKPT`T(BAtYr!5tP|pSv8UJ^7yXg8YI=J(GI!al&hu<&I_PIINz2Igb^&=> z8$gyjo^G%Mcn)E7%B8i?i1qQdJb#%eUDY#-Ncw-^)&JA${c{F_Qj=g7USVwV><}Es zp>#jg@dkiX(mEoR^i|P5wOm54{-T=kGBlr2Z@Lg@YI^b>v;sqJf|YjG_-8U*WFKCt z)x>@2RR6(VTGcW;dks9}CtXo8ocHk_1oPbxGfFe@AseWc|_r;t0&K>nyMm_F<+U2xeyv661IN}E|r!zHn^-f**EpDVj(_DK4hM8&(EK|SS((_z3uRPYQpmO_t&HN4`=kh zW+g}+X5kFxd{e#+^tykbt4P&J!=}+1Gv(1~KAvMvX6A1QQv^?g%robskf20PH2P)+97If-u0TAtOwiqBka{I{ zp0uiwBftAK!{t*wVUbd6h$%go0_51;AG0%2fTmO;(FS+a8h)MgKaii54M%e|h>&nX zv}Jk!5yz4wYo7cY;se9;^XiFl$as9wu~)5654e2S*1pxL*Z0Ra zu6HR;vViJkj^w&c`+mWzn$2FWjq$pNahYco3e)+O&Xd(`NDm1s>(It0c)=j>U}@?9 zSjhfkdc@ba2yhNvNMFxD)7QN(?k9_rP`cFQdH^tB2D}S5e@9u0DxEg!2t1@)b(aWx((SV?P#h5Ps@GR zkP?w|M9s2PBm~p>c9#(Vq9h3urUODm^0}u#U*D_3m6iU_j$y_&%5QOk2RxrbwLKrC z&PzI&YXZf-M)#Qggv*g})vaW~7YqCF4y3tWx9lP0db~# z$lIrSPkz7`32V178zb194b^=vQBtQ7Ged$7<$>I)4WOlT*P$ruJ>d{d^I1F@D-RDo zzNdX=7&v}!&$onOK#fg^6A|)stLI-NpQO8qYSWS| z_lPc->kEY7?DuEn?EmKy`%lmF=ebYZT_6%UvI;CE;oK_TskB_#spTMndw-?Xw)@~_ ztvqi8?F^J=CX1@y#PVR7`y~MdhI^Y1Oky-}_{el8&xNk{%oshR?0@c(3w| zSZ@BtoT>{t-RO&FazW_v3kU}1I%dw9NVBvp+w+?}8r$Jvacgj?Ns9fFo}EW1`qH6;swKPLzpM zHU}ynAD?WRgXEecrdqulTlbqyER_nT7q*=0x;{!phRYZ~fK{pavRoO;z6Ae$QiIIoD6dhFk1g6D$tg47QKnfYyAlTM3ttKbeDeK+}QpCcFlbfayq1?za49?n`Z>D6QuX~f0Bbno5nUw9p3pgq%i z@KC4<_o)%jN|%?LQ2Low>m$|cRy^aRvLD1mZlh~t*j)DcJ7)c;zdi5p>-2|{8;&n8 zOFwKEMCHwJ#C1X-Vn`*%v=oc!jb3i*%Mew>Urr)z4{l$+h>NRGHkv1~^J4;NZFz3O zk;{WLJu*BQAXLouU@b6hIr)6u9fB1?S6hXJF3!%af>`f)y&A|!`aSmxtXtT~!0pwv z{>9$p&Los?bUL~!*34p>7^U||xVjHevHj&NPrd*Z7dL>;Y1!ge2_U)j;wsybr3h{1 z-njF;jh`IFd-uQ*7_6YX*9+Rz)Mys}9JqhG@x(&yFhVSg((&_`hbS7|flqv-HD?8k zKW;GIU7`3d1$AnAO{#9^{B`{Z0eq`rlweb5^w1C_6oOZ`8kloDgEx6Y? z;CNzU;`^(j5=H~NJg+;dBIS|}VBZ$?!##}Up3dEt|Kr157T{JVEX{Z(SD~SBm!3eF z=vV@@kmXzQaq!VoCdn^wt)vzK^0YQe@hz>7y!%Tn>U#vdx2DYuF1Effo2YB0fI`?r z50mF>zJrBVbqQE`aWd;WZ$2+op*0KBH;Jd=g#o0W-|FWiz?~v3(Ed|S>_1#2Jg05f z4W;DJq;cDW!&;5N?o4a2t$1i@W})VHDq&B2H$y2Lv(?ZmTBr0*&@1YsFwui%)1^Yq z&2pZdr37cpV~+;{;oZri>(-|`{^+=>H`U+rr0X&OXLx-U&M!}$zD(4kl5YHG^0QrguDpVe~Eg9l!{x96ikK|Uu zx7%qU#K0_1bn|ap3igXu8PT<7eCOCoyecb*ncX=<5jrKm zWq;=KcsE9N3A)J~@NilN)t#rnp%9e2aZV|v@qri&dQqPP?d!b(`V>Asu%#71LUadK zZYAH9n`_&vBeA~8BIgytCsYu$Rs&x%aLaP<_Y1VNG{0wVJ&OCw`aPR?19`kT0Q2*4<(qCkJ#nXfC` zfpQrd8ajJExN+F!%AT(ds0FsTRaMw@!ahq~?<}=6Im6XoDB*A|J79rtZp}8fm0x?G z(d+}JQEs(-l^IT%DwkpmrKh5*jNdNRZ2Gdky1u^7io(GUx<%)k2W#3-N);)Upb{{? zW3Rekuv$uDo5nkGIxMpTMwQ3pAtR8WCoj!XNK_P->Y5Z6hEJQ5|DK4}is1a{=Vm`= z<=ZmNrT{c@>G-c$PP=0w8en%E_GR0U0jpCYpsL-`U~ycfHqGa7ap^G!$Wz*p$dz6wq2tarK(j%&uQax#N5^8;0#D*bV0gT7oC(zxm?+L!jOdk zYPqw+6wQMDxYU@j#t%5XWtVA9b1u>K5`V<(UFVz4xMKkP_a$Mjvy*h?;D9z@YMFuI z*U&nUY%|{Ye^IG4U{oUes51tri>+KOXD9^*5lfvMHEyRKipxBGC>u!$!5D~p#!Qa6 z-QV3fUo*Hj)0ZD@F8Aea=EQ0Fxpu)Pb2&)hPT^d;s@LvYEVxE{*4MNc5y!4Jm}LgVA{3?UBJ4S2O$^B-|qt~io$v{5hXkezkT_II$G zABMS)TMpRVPx~+dY>868CBMrlda>d1G=Sq{tTxm1Y{AlU)@6Epm^0sBe#&COcL_vU zpM8UNeAr}0lj{qo4+n&JE@%2S1GIH3SyD;m7V}Cx$Kh}cq~AXQlxFe(mhNpAQ3dp8 z0E-DrQ$%cRFuFgNr98BU|&mT8^u%JG0@%BA^Sf4{PFb>M5Kos&KzS zpd=&^A zinO-2mZSS~(y_tzIhW!E*i`VAjRiuRj#n4cPl4oVu76;GLjc)zjDvME{jQPwYEj;g zDy_|r9hj=kBt{~dm#b)y)f0lY$nzX$ViQUl!HW@4h~eM7(ypF`q8$#M4|iW-dSLG= zPz?2Eqcft1{-Kxop9>t29IRa??rOw5F22TmTIQsAOf(kS#Hn}Kw_?7GlkvD%OyjeI zgSEHpyM5>T>(~3iG=7vk>C_JHfw-gv)XzMxN`wS8toCOrGKU&N@z{ge)`p)2VEs^p z;WmKoB(eAEbLSm@gv-l`4ayV1BIJG&DC2=nrhdf<_onBD{^a~W_$D-Foz4;z&iq_?c)cFSZs zremf^u4cppt%~O#ft_qSAcqj-zn#`Z-T#z^rJJ@5LAtv9#k2tRvQ2GB zZIQs)KiF}!2>Y`sR%<1=Hv!_((c>}ENnts=@&Rw7ugd9pj z>wCaiCcR_!!Cbqvdu!SmP*ob7y?>E=&W>2So#>YF%`;2Kjosna^T)N`lSp)s<^P(x zzkd`TUzdAv1;7$DsLQPDN9CFUdD;lI6%_A+QsUJ93xTT^AreNzN>wylez$FppKM3k z-$+5F#2S7^2l5}%C-Opd1mA36hozIojO7+JnS)xdkqs(Hz^962bwN}<2>`J1%aPQzmlG)DM&S0SjuZdCt|bwo16eN*=NEq?8SA7!Jy~UuJ%JCcr1t@GKq%O7H z4<#%}_pdT;I1+a~7=qStCx;HNJkspL;~!T5jr!ex_nkccVj`KXEa|WMmm9G*5s{^2 zni}t}T|=yhV3(GbRLXUT`L2(JuCK3yz+F+lxjy z{owP)eS*7q+V{y}Z=#1ejz9~mp{`nK=HtF?LLGq#6Q0N4);~cO$Y58i4;$p~EB437 z^;AfgX}jIxj91P=5g9=Ss04(ZuMmGJ>Fis0UA9=vko%m^U*d#PMv*ekr8)IwxPOx0 zOJ#C_=lb#omHvMxArV31K^hq7h+Hv*T2K7`d13Yw8nL>ymLo3R{tcUmy7vz-WqhOz zh2+*NO|Lk}ZxwMm_?S`g6GNm+75VcgQoIKE1@D@6{y$;o%fHKkvrP*Eb?#)gLj`tJ zs*IM{E{E9$ng4#SA6;tD3!ch$wfDygX|rWwV#HHQZ4YymN!e3%OYQzjyTP3-taLyo5L9+M}#$xnJ_e=4dN!h=X$& z82yJ~bKTMr=82d&+%Am@RKKt|+V_#(cerXNy(PFbnSY~sUAYMQOY8!qu~vPlep!bG z%Y*NI{DUnqu(3^&-xeGvkITvc7^tHN@vjNyQ+^90OAUlsLwC~? z;%P-CZ+9jVT2s4cL*!AQ9s>}k{T!ir$6L!%=;!+=+M;n&91dBk+sS-5*vBfg<2yEk z{kl7$w@_;_{@sg5Pc>Do03!n{P%Y@cx)=C@SO2(zb>;B(%fnnqi_pySSMzz0^m3;l zC3yaZ(G5Qc+!87{k#yB|ybbrV)vB#|5^hHJa`#aI26lzz+2UTsiO7&Q-6*AAJh6az zb!3)2{y!ha`_B*C8n^d7XsAU&hU6=?IfX2@ZDqxp9?E#0V8&Wd`cLs^}2;8*`^WZfhEAhS6m{@C?BwY8}=_=`Dgob(_b5*>E>R9e#Gb5yGg+BnmVD7T^ z+`UC*2>P?PJjcVHCQw!jX6LON-C(Ag zS&pA(n+V%-``tY6t#Ug%bn2uRngZJr)cf>ArdxLYN-P$G6a{6btkeODGjIl=G)qbnj?)=pn9AfOcD)@fu zsq1|$-$7ld^O&os)@P>6c7&N&DTu?-LHpk9)f#sXVMewO{WpJY%%L8q8&{8062Ul$ zwqtHtlgKdBi>ssV@U()CVfIV?5k#omDF=Tp|9VHwX)~5UO3z3ir2>D;ha{~<-?&(- zBbN%GalCis?2&-yrsYodzA}z#5s)kXagdG7*%?4=94JE|aNFPFiXDJV?W<1k=_4C^ zzsdq$ZK5F3-@BR0EL6(R`o>Q?@%&%a}JZNk>*%_x_xrjrsfrz_oS(8r2UkvcC4VCZ*a&lvE$cM*W zpQ<~q<7cmD7~;(~&Yqs`|5}yZj$Lov({2lPQH>8$YS!HxP|%k_v^KsRDQ|y-qly1G zvINHq$re@DWc6rpf2Y)1PDtnhB2d4=UGVhfSr@@hZNRS0Bkbuy*^@gvXLcTC|B$t5 z3Ya`>#>Pp!GvZU>0I9N0jvERUOLK?bTXXVFIY#FxLmd?f%4820;c^*}b?HF+wJMwN zUBf_K9Ri~9E<>uav;Ly9#fyH&IudYrqkRWo9IbJ_H#@_YCU^gqw3u3OH8}dqxLo;M z*p%HV(rOoo#_MpZ?S7VG>7C&nA9*3>hW!Zlz7oDIrb0XZ=1_~@RSx@Uc;H&CzQc*a zhp!v;3Byhn6dnx7lxu7~LhN-fhlM>ln%-_L82t2v>Q zy2%GS)9`#iFShHrD&T2QwtYQPE{#CQR!>?x&+OU570y%2?!gh)f9Hgu_>p!CQdFQ* zpu)1Rae5v9K1&dI;0%tT#A)oyhc7Y1dh~Tc?ge9$Vw^l7Cp%4?D)nLhyHOJC@J!Jh zai?af-od`7@UIUid88x+W?#4n!*D(kLu8)jG2&By`RwAYOI^Xs{hmdbU)xO2)+NH0wr?-K)&U2YTmuih2924glm+_g9Lc5|` zo<7GjxS<2AMOfjUx`+?kb$auiJg34B)e!WRnac@F{A^sZ(E#=2phUn%mXG52C)Z`w zH~!>-9Ap34`L&^;>s4+Yv@?yx8{*W!o z^c<_~EJ)~{*TQwhDLUP@J!hoKO;dT{K!jMta6G=9t z3J16OPjY^IqU_vk)o{!D<%Gr^mSuIkmekuHZQd=(hE-3ZJy8{%S!uU6@ z;{srraT zfK2MZCLO7>8d!Z(;Hp0PhwgYel_4u$XqhNCtQbJQ{@POLA*5LP1!3wu$WIxXdUV8* z{}iVuoQor>Pu0ar;E-+Vf*Q@OV*p0ynp`m4W?gPO|F79S3v|>x@uj|>WB0ml#dAJtMU6dyRBk==EDCU>K zI+WGrZa!D?C<%~2hMb)+bZ(1r?WLGIlVgIRBefkBIk3_cAL@QdHuLf$D$g=Yu6{5S z9!2AFJe*&31;4!1S5sM#jy4DgDD0};_6Hr>Z*rM-0>7nyIqyA1C* zzc$2|7?+}8G+c4D(co5t;^zZOkZBSq1BZ?257FD(o`n*>cWOQpy23|>O%mNrz2vxF z-v5Bueqsl2M}r-(Kjf-FXyNDL!^4DK_O*;M01h|WEm1C-E*xcTG1d1Zd{*w<2&>=t z;}48O2T^jQFe3${?jU6>QXbl-ObUPFSOOPKYd0Qif))O?!gS9hk@3|if&stmTNTjXzTjEZ4Yw*I67zU_}ghi;3y`?a>b~!=w>1Wk#)vzTi_u!+f39*Npv!OZYCo z6U_e_fM8ZJB-{Sll$@sC*6()P$W@3x9qQG&u}Qw@XvhkVnT|f|)sTs2Pq(hsfPLS2 zdeLi#ez9P7SG132#mO{!(C0#H0~*2? z2Omgn<#W!cQr2aKYc;9{n?}M(hRoH{X**Gaj@^TxA1^r^XO7r8ta-05i|4oY@@D1cbNgw z#A3k)W?M-Mwy1iUIb_;X>@R1owCY;aDhryY*rk%zC2Q-f8SC>ZH9Xa^;dsi`HOThAiGZ!s+kx)ap&TlG*n-Z&u7IhA%?5=<21)2PeLUWJp z(ig+`#ab@W#RnoD+RAUphF87{`MCTH8QlI=q~KPfv*jXyX*t;tBX~pd=oD=`YsyBS zBtuC!&CYU@BE{UgC+*C%SZP(TM!XFKKPc8PTp7(?g zCc_|&XCX;A3`8OE@dK5KM}>yT&w3sUAJ()yPqmEGavmz8cIf!z$C&n-0o<4~e7}gI zZ_&0F-Pt&6%tSE~jr?*6-heWZ9es?BtK90Ygjk5IMR@P11KPj>m6DNZO#e3H0I60i zR(xAWOFxl{N-A}IJn8QHxfINd#xDdP{WJ)?-IhO8T{o*&b>yIGlgZz{^GxL{EH!Fx z?4mK57HyzEHU2oB?e3XTqPlY}OhB03sgFU0A57Nrf)u}1E1!=FzNDn&)e`HW-GDlQ zv$oD__CFE(n9M|ilfG@M)Au0c+voH<+lln3%_otTVHvi$=JFkS>wfoZmoc4h{~6 zMM)BkV1}I|UCqcx_b1O@(kFDOZ+)+LC#pi^1}{fjMtl!hZ&UI$p+*Dhvgl)p`tPgH zLUfIw^fgVcd@f~cw0OAz)wca)hM1Z5eB4fWye2V_AMa=5JXV&~eaBoeBw{zZEmJ7k z*Dt|J{#0q+{y)lN=OGEQ%_^_<3kC44KuiEImiK8%Et*hgTUScXq$oD4nnI($W3pX- z;t+acZlX7Tmg#7Rfp~_gVicIV+2&AVRitlsp?P{>WZDF`Z|zTLocjW{HZ+m8rlPKW zR{f?YXM;Jf080qNJBumxqQ(1;y7B%5paOcnqiHz?$W(Hgg$@p#SBQsD(%dpr5 zr~iQe1q2BC557ak0We?qlamm1zs0nH`+iO=spTDoSIP)(_QKRT^*|1V+JfrA)ln-I zC?aqCgvb)_Np?u-!f|uEyMMPKZ?BgBj`)3X($QFneyBlRY$n(W$j1^#(vb`uH_6ph zBH$F!tTeC-((w~&TsVHNLG8ZD7$FnsD_|Iz=zX=ywYs4Bdh#W2HQEKk&~e+`N@Sk@ zS*Fp8Cj{&#J$ZZyz#vY!#lOf(QG4Gcoe~jmRN5|n_cH_|q)v+DJFBm@Yj|>v2hTaM zT2osF#N;TQ(Bl_%m*p!CPZ6mSho>c53hF8uxLB@`=?fe9ICf_tJR>@uH!lR?anwqq zC9aG=l+)C9)`PKUPwrnj6l1c^|E2HYDE=Bn(UP^8`s;74!Lv#;v7nadjU8?hC0DNe zjt;mB1eAx)9HLF7n-MQx%ZY2RX4A&rO~_9Ah~dM*;ctoa;9oYN!8xK;^vlgm7hO$= zwnupzPf1)=0f(A zI{Xyj-+rrF2_=kpbtG_!GwxC`5evCfdIuH+r6F@CtIEhpvb3Sak%OK&emU^lr-e2+{&Mu1hgl7#>Xvb#@d?{*%?r@VvZ2* zUUJM*uGRRqKo=wJ&6jA$FZfhgIO&IE{7~*Wnk8!c0trgK*0QQ4BV{Koh6)~0B%2Mp zKE-__(n1R|2E$9O_|rS?E)N5;O_%|4?Tx2wqL1R0l^F*(gh(=pLfQ;pRPGJaJSfF_ z7E)oqw4lcbKRE6ym&0`E3if1o_3A@hKwWV;3KR)e+4o$4+ro-8a%RKIK*x;U%F_gm zDD|dq#)XW%QO@Jt^>Ro8QbLniFWg%VULL5~s)CB#wiyOR3EWR8HHp^OPku_)L2Sd;+^KG(x$0uol2*~iMI_>Dt}<)y5lM^w$KCbVfH)}T9urFzHWm(Xgz$`9+{^F9P+-|_EX=Kn#&D0J6VNRXZxX$v~ysK2*0{I7`<%SLwN3d;9CNjvs?{>0a(hooZEe#Ll;YDzskG?#)g=h^cUf|`jIP*c zs;x`DQ^yw~$#J_BDi&f;P8Zj}iK**W6lfs2Jg!#-3TIl>=Im6KKB`cy z`@~47wX*{PiU!X(7db}3SP-__=wSb+!W&lunAcwlF5DfDQVWxhLbadbKziSnQb*443658`0K1xBcCPZSH{9o6eEvlY=%bvB*Jqg zC6EaI%dm;`4D$z1($zulyXiQ+H8%^fCECvHH$w1=|CVy={oO^q__Sxb;EU*NcCeoR z9hXP(@BuleS3NJlP+wO@q%NMP+{*fM%^-}>2mWBl!1AuYoBoSREc=Y(o6H^Pp{2ub z?CHl_6b?D)t3hV_#kBBC{B4w(4mDe(%+xk&)tgl;YJQ0IuM#(`bjIDgW_qkVw6KGg zYD@mYZ9^}=u)Az!^GQWJQ1k^XRh+-FO4GzVbj#O?9a`|qriF#%C+_#9OpkQVe3-gz zZsOrkXjZj-fqaPFs}}!+_-5-vo$aqNuTt(wRe~5{DEipX zzg;(;npEEpzz}dG3VNy>e<*iMQ+^Ik_SHCrsPb=CW+C%+BhbeemC7m7(L=wp_WTgG zYHISeB15BdsnE+Wl>O>XK??!R6D%9W_9TWzoP`H9<%0@Y4mku{7PO~dGn&h2{pbw2 zFxjpn8Jloxq-#T6Tt6OAiwtKgY#c;f@vFjhx=$&a%xV|vwB23|(b&I^Qb!+|7J_88 zakBSU&OBP23i6KosJXHBcUv^9AeUV)k$({%KfcyNl(Bw&v;LN5V;)qY$t445WdQeEmD6zOvav|M=8Qq1hLk z)xAxmD2e16;%u=&+ZBHFRSBAs7BBX(ZUl$ZV@rj?B#4Xg?K^RuBR7p`k(gD?=cnH@ zg^#SGw*q35INEeDJ6=(m$`7LS3Nq1Ij%IHvt;|Iy7m%v2@WzhqRU)WrXBa;DN~_$|`@UrfY(XEpEsdTE!tjLUIgB*9 z1|=yI+tdW)hP~%kOL8XoMAXg`;8TCr;MZj)NFbqXy6Wt60lhI3|GA8K7v)cJxhvP# zFEM)N>tRpeRAtYMhd6?nX=G}$GWb8p#ws+2LW zs3TV_MWwc)P$G&vpRS0qrjePF9gzRV-1J20AK+YyA{oNF&o`p&am!NOL0gtwq=FNO z%0%SOJ&0{p-sV#B)?eLB&bY{6b5ThlevIU7J(I2?Il86fRU$cU@xFP$tuu0P92M6t;jF5!2d`y(!!ug;F}>B z*S%fCtycx-Io+#fy(;89JtMUAA;`tyi$1Uo==N1|W~z ze&jFG(YWIgxAC;+s`{TljBG_sz}gT>p5ADg>8L5uNnuOCJO_&uiM(!(gJI8so4rr&^Io^@pQ&N z(tSiJu6ju`ZQo#i{#>eP5(g2sR-dVz;jxY5nkSjSN8bNYSz7|jR;HTIOB)`P<9i_V zN!=+|#N@47i5bRns{cU-)9#1Q<@KBIB=}6xif^c1P({h&ZEE-jRnlW^n$+m%+?m!o z^^)pI?$pbuye7SyHwkgPaBT(0Il7&mE6UYyFVbtILx2!SNWOSK=Q-y-zw^9b{>;wadu6RzYi6#Qxdsxn_952aL~;DO zsZcYlGbeXwDw7L)g&kA45TY!n#KxioQg;W``EG)Ga z+4!-RUqMve&+JZVf@(qG5krnZ?f$UY?vT!{7RM{!dR&)Y(Ur@xotA#iMWN#F$S!(ozb_Re*iP-yYy3Hfi zo3oze%lWR&np~?huXP?h^MYv0(xs?sAdJH5)i=g!;seHyL&Ib8iq&k5yGFoy8uT9H z88Z&Ejrj-e926uGDw~_h6ThEJ4I}y0y4HAN)Hnd95ytfO2UdVeTjGKCBVO)h*j%&1 z_|F^bre<=YyG6<3U-x}v$mW&9EECtP9#(AoEwH=YE}T(4?-EE2j52>B;zZd!ms9m? zUPhEJfqFE;Ux2N%5MvmNTL$DkOoJWpY;U;U5#K2lB znp|X$p<&I1F-n$bJ-_%~02eIE_uz1;1pDps6CquYGFI_omT;3=SD<@2e(?S{dE>y;^Z@|kVfNVz061`Q8Q8>47^|SS>!9CqRquCU(z)&UKHkbhbt?C4d_R30=?qB2@sZTznWthqfm{{ zTKpS#)t>3u5RNxLz zlSdGqSk*8eH(_Z~l2X$oLn`ezLqWo=R(Q*|vk%CH_(Titcr^lK_ERr1m|Sl*2=N5| z%wyg!foUx{Bz^L))&yjP=q4XpoPQ*EjPUeiyI`N2WC%Z*JB*H)?-b8WjRbP6)kslZbR%Plurggr~ zCWlWh(7lHU^*?>`5RmZ6RW>bA$s-yV`qOAT#O=0AR28*n{fG1t(E{`}-CpVY4E@^M zA3*O-e)@|77;A(BwJ1v!w$2LPVSQiI@+1f-89DIxr_tm^dTvV3kJkMBYZ(Pd-luFK zxyksoMqRtjQC+k`gRqfp=CmVHb<-vl%I()D0FWC- z_E1;s*lV<=rzCB#jopwzTGzA-zTr`PWyx_*zbQw~-SH?A_=JYTxbiJv=!lg|ap~TW zP&LM`TkIACpMKM1T|0FJA%fI@ooN@Dm@38G(?UBB4lfA;UufXE4DSrp0qCAOm^nq3 zeeqZ5OL>&NI6rN>I`0@>#D+?W2+a+m2<^BENFm;eTIC3PTsX|DEIe>eLTr}3eec0} z?FCyr&);Rne`7Z9Z5irP_I<3nwP>95U`R*mI!zuvWr_8V`wT$5&Q7-3?+dp89gZDJ zzcFMhT_q=l(4iJ+MNszRyS&G8<@qM*!{J)5XSTkgdOti9*MWUQD;lINBq)>oP-wHk ze|kXkdieRVU45W8yQ+xg%)=-b;AO|5(!MX1Hd#$xLK~U+UBH35-xvHejVY8bT&=ZD zeIxMMyQ!C-@H8CFZR(qWGrh+BXc+wd2CQb_TCdxbFMd5PvaV_)+fsB$;zV(RCOn0za^UMJ z_3pKF;S3*ZI~QwB0vG(5mj^!zq%rTeTQ>#UaAus(1sThDAY;@@zxxP%_x}dsVU*3q)y{|tsaK64?{P>ak4x3tx1MqM zYk1%6Q~6jFqR00+?)K|SV;1BiwPretJ+e@^CBJLU^RnE${Y}%mk7a1>!_p44v;pze zjZ6}76#!oszA0WtF@g<(34hl&f9eihlB)8i{PUl#?MHN9}PF3~09%+euO(a*>ad`_8Aevem_)k*%xbXb^y z^=yGoJh@*KpC_eJ&Y6SPN$b19YrGhxF~mNHgJw;WartwLc}7$D3K#g>uH!U?Vnv(s zp0nM|vDTDLqD}6$XrF*Vt{e!(Kt!#`_&w|kDXRX9fxytjAjEm+I~PS-u({iTM=D){ zO7EKOv3kU0z^j+)S>z&K!3FwGpJRY@87bVvfB-1DyJXiKj{1Y-}bRH(f1 zvmsOCz*e!PiS*eESIDK-U*exjo?9lj))s}%E5 zpxhxUPwmzJ$)r_;Kdf{VtpD}?gMv#f%FrB;e*WXZB)M&o>5_dIaVmrC?DP>GDEMM^ z!GKcTSNKEmi+RLbP|gscsi8w+T^&OOgpTc7yi-G=Ce|}ZH%zzT@jl#SZ@EfUm)s>= zJ=gGKYPn(Ee%W4;f{H(8Tn`sOnSAk#EATmQ!nTP5oFCt3A;+>gRtRC{FE3%BmBAYS z+W$%AnV{tN*8=6C>@;H%pHAy*SHD*U-A(K)dpFTcBVzgF6V|R-?(zpp=5;6HzQ1kJd z@y_ncVQ(KlAK6C6EJqf_elT0y)=bi`px9- zmRa~cx{hcp$qzff-y*;_oSu4CSI;EC-JDiUS7HCnN4335PLLtkzmD# zib@#}9WA=4Q>3mMB9MEwIn7f%r9y`Yf*;2KLzz{G35 zp>4Y#%MB1Z6oVs^ntI_W*U|OF+#(g7=c(6zJ@-&PyOJST)7<>!Tv)0}*;Z=)FQn0f#C-PbLjuQP=r zGHe^9qN*|DKVE1s^C@b^3cflg>^cwoLS*iDua?o$(?&7U?F&~CN%oMU z1P^U5t!`b`@8>ZEOc@0_`VykFKGYRTndVMaU4=CTW+(-T_<@3T&!=i?AiSgAZ<&|! z-DJ;&E5Do)Y2E#7u_RsTVgLSpHLw3@(3a(gO=Kh{nKa|OuMf*bSo)1at7BE`ZNLmI z|AD7hs80Hx(E?eaq*mEg_8!hL;t8)}={NSbWUYT~1o=s~yc^sQ?7G3w*Qj#YM>ONW zr}X+w5=4g(2v5)7An3CjV9D5JTz(tV6TL?sS=z%5;bteum3>M2Tc2KOEcd6O@@1yi zlCyPCylwI{3Z|0}i^=E-$w4bJ9o!fv5zTAavvnx#U?zgddv zOO)OGskSqUd&Ow%GM)c{R;9!ksb6@?&h<95jO<9GW)CdNw*h;WfwiJ zWu)d`Cfu0`hMGW4Y{!tYiIj5zdHr@HHyc!s-CWg*8XJE z6;NqU?dj7PA7Jxmp+kAsQt!3P-l-ORmCd6gLCf2sg7hl{O%^1$B{0Y7a|eN61Vi^~ z-h{N;1r=CNuuQxZJZEwUnxHQb#pB}r3P+^o+J0caiv8wQAjHfqG=~v)KPL+FaO0Ww zH-&PRs!YoTH9aj)kfkBMI_i3%fZ&T{55gE_8pNGt6ZV0A2Lfjyd#_$ zPf*>9N(tGaC$Og8NG2Oh$yrYaKx90P|xwgr` zxtD1Gens66V-&yT;Sk+}c*$a(QpBCB()VeN#1;AXKggm3ByeP`m*cMcI> z3;WS7OB5p@IY3UP_HHjG#w@1x8qHY+!IKB2^F(yf2 z5bwPEFUdbU#@U<>A7mJ}N9;dKUV(l%K!q6o02+_^^t3|Go(8iryY*2$&x+>|rIjr9 zSFhxp){DEJ=zkd5TWIs78ts44ymgW+fjYEiCr$gdVqkyU4~>ZMbCm0)<|a@NjSfKpayK^)p_)`G1xU2UXkq-bWOC%(Y01Gn5iMpzm4RVsP%74ncuD5 z^Y3IdA|IuY^f)-?@n>ec7uY*dXkQeqQN6kr<)ltF!9!Fv6pXyeqjhbS?(d2ANo~4p zWRX3OA;ePX9afACJ_f5H9}T9wNcuuhb6w4GdcC@Vnu?|O9ToTEt;G_krG`4PIt#zw zO#b#ULx)bHi#M>gO1HUKGJm`X6=XrT#>8c!bI%|M^G?ul*TA=&M`@L))9&+We$dE) z(o}nC6(s28L>9)eN>n1xhwoI44L3YID$&6K6x4n4&SZYZV~}b&h=<13gG;7k4Sw+9 zelU*-$D1K)aHt!fpbnP0wI#OLWRq4Fn>K;6Z8Nw^GSQ40|~=# zNiCIKCAS_D7{u_a(eUf*z01coU-a95-6m6yQB3^=tLc)-xHCSo0Vr*dDW7!zdcA0O zBk0;_+6T`CyWSg$-L+#m0#w-fxY4awu;kvvf$$VzvFVNgk^CFnOX3bw_xhcle4|Y6LYoOY9)@ppMMaUbd-c;3jlAJE$+6E9aMruDD{DMSs?sKK5hGe+=rXv^ z&T2W+H&8hy;qzYN0==VEw(38%FyZUE03W(oHAtg?X>lrV(B-*)Aa$*$jprA2jj!#P z(ingD$s*Blq@m?6DNBmx;_8#kl>T9`wDE{uN8s>{viS#I?RRHc5a(aJ%$^@FQ40xh zhsKA^#}`meI=U&e^%EmVotRQwEPBW|gtyYx!`R!HhH~-~NhcQvs;}!DIWCl)6y|QDyv8!D;G@2iJQ;)8pju8W0Kg$!e^4%Uz*a={uLj7)yIUf z28HEz=t~;=>Ht{M%|_#&W0s_}oz5S*gfI-%l0KS7EPf)%{&{oxMk;Dh?0Lx>`Ly}l zn0OuuegB%hN=ppQgEg$5THf@`k<_|=V@sP&E(2ImSQ%g))(uEM-$(A z0dehy%*6Bi7!0aIv^LK(nc)Y;l#o{mC(;vNcOzAEuQmH;5Vu|eIcW3hR6(YMF3u=U zuQNe0+m)}8Wv-P&=Dy;|-9@ac0CUi`MHrJzX@Xc66HX-C0+2NFG zlFW1E(A9`&Xs|3*Ed?3sI)BpY>h72Azld_JMh--!Vm3UZ?3z88Bo<>I1j^Z*KkRuX zb6^RT>L!iIA+XL@>qj)ltKLU%2ey!NC#ik<3=D34r3s<*IJqu};tUM9exc&x4LW%4 zAk*S~pu-zsrSK9j1?&Hnq;Fs}2&`=!uF*GbAkx8znE8}5_>d{&a`L2%J^m2LUB1Vs znKPY6NLwvo_#ox^L)M5bt-Q1&tmGEsfRQtN{jRFI>#sD?;bOd z67u(cZ+?k*oXBznWj{HMk|QE3SMMj;u=PKB@UEYKg2}05j7~S8h#bC6VwXlv$CRhelLJC6a?m+Fu*JZ%dVeWv- zVsIO{_}(SAJk>JEUC7@>P>C-I1?4aQcNBM{f86;g=||0~oJ18NX0NA=HiS52Kl|F+ zUA~VWjmt&_5^hhsHR^KZy3o|!n+5pG>Xd%XefL;fnjPV6T4p|>7TPO7sIl=eYV%Mw znr)Ugys>*XB(ZdDLPueT=tc0EYXm^}DlP8YTIQVqaZ-(QU z!0IlSxl#10QiYi{LigxS;$jXE|NVIRVT7)|y-)ZEipW`%vGTj3Q> zNLL}BrUO@>AKOt4mxz>Msu{M)p|q{Ba+g$inE7#%dPC!;`9Y|TP>mb)b`)2YiJB6Y z{C1iK*)K`Dy!sRld*NyL#H#_OHYRUonB*EtvZRmoFM{ z(`?xji!K)f)K|l$^7z-jZtM#5PEdBzrYh_2@weqhuqpMcRITS~@+-v!K&1svBPD}&`wr#96gFi8U*wl0-G;Xv_|+2r&7xhLDwkWha{GTB z4bfhLj`Idw_leHIEMmoHEWq_4%g3Jy_|${#b~-}=vd)tt#$Z@=GPJ501~Z5lwGgCg zDcL4I`Mfi`{iaXG@U0wsmuqtCbA9@kBPl2MRxLKc_vTsDbB*@sIsyENBuNPYI!=Q~ zd4G7IXCw>dCI*RZ&T-&IWLtW7?(WQ=eL9#3I^si=StbkKX1f|3IH{6x8|^?sDkp-l zAX{JRirDGw@W&DrhlEgUF~isZd8n~Hb2(POt()(6$U)}L>%e7l-ZGX7x>JAOBN?eu zu{__KKs`c;Th_frt*Vk@*a5Y{rkFE#M?oOLG{?u|B$>=mn36Y*|6brtuU{O=BdHT? zVlGjNY%;%X@9osng>9S^*_dvUZt4^ly!d9)Gu|+-^TGFCh2ubXBSK|B@diTE(8!3S z)nS4D*wwW|gX~Yn?Ms@;f0bR_l(r`@8YCH2XiVi>mIX^X`F&44rF7GSFsfV;OC_-vvAcb=~sOPz5CH<&>=l@ocs{p>epeBF!z2@(N z5P~6PO!-e2=zZexUS+VN&h>ZGo8O$5Z^Ka{=o(V<*J&yg9N9yz`yw6B;!5ZL6kPs! zWRnPJ;YWuEk%#v3zj1JZ81w7w_&0>>i4SXSMpE%w^_FnT3&B5kBo3@&FHVraPs;I3 z-2bxTL?+Q@nJK{l{jv6m8!3R)f9EOxd3@i>AFkC4NYDxH%iG^2@B0;r{u%rJ*AV_| zZvN{&8jXLXuKxXKFvdo-T$70zwZ;c_OB|@f4=X3J&^0`-&xZyX@Vbi@BObU z|F}h@?w?rXKQ8>&{IDr?T0vZwcQ7<6`5rdI0Rkhme(fjp-%`x~{eyom%s=07<&fUd z2L{sl%u5M5-tX`ZKI=GtB9xURd%gGcF?JaW4&Q{}o?7^tH9m8Arlm7e!$x>oAs#?z z`%18oO#?5i{-4wRzh7%CMc~r=gnuA$n7bVss9FqoRwdvUhKX>HeUFdUL2PE6F6wL_ zhs1vBn~Hs|hT%kqt>;ot5W(cc{Tb}If$!G|qfW#r(jL45N{H*_;cH{=9ba8c2e%-39d781G|AE zIC@;bsrLqQloMb0K*8E0f%7}{qJq85 z$UmHukIkxd8qcqw6G-6yo!m;@Y;c09Tr1RAhxULKbl~x|?egH}9uce-DtWiKr9BjO z2oBzacq+f9B8T`qWJq$pd{mA5~rI8D~tqvjLm^M`=(jvHBoyV#K4x+>|g{UfoCB+^<*^Z?P%fBcy5ubn-4( zmXW9z4X|IQtc07me**Pfvk4^-zoQm%% z2Y%A4AZeGnB#S022^RWM5f7s9Jj5%oJOIHWsNhcbIM)~(mX{XYAW)nXZe1>?8&>;a zY+)f52ZF4gZcl)$-!Rkz@T~xAvp8mHv5m&-ixj}7Ye00D6_wQ0+K@P2?pTUhF3|YT zxZi(ka>WH>=@}-`F~kfH0Dc-QPp)=gdi2#NEw}t+6IK3$@Dql=_F>N9%?uu0=34dk zJARZ|%fTPW81QEB;-Jy4Q3BXeRPKR4#0N4Gxcp-2feTBEQ@^~|q4-8B0tYHw4tGpN z!yicc=FJ=A-2m@{1%e3I8uMhu>cP;->JSpF-@HM-Q`7q!~LQ8OV0E8t|7yFH~{7n;8asC--y{#6>^xup5&lBsh zv+c8Yl`C2e9<0uj-!#$k&H{l=UfB|@ZZJp>-Oit5{=;{l9`BJ+k%U zG5W?bBGBk!TW2lDtp*VIZi#rmAa_hD$0?a$$rj1kxzlum zbN3fHCzV%LmV5Mnh&=x95=X7p=ruwvCJY?o#+hZVq9hXVwY9V0tqao@{Q0q_8}8$P z$#zaAz(*wTbp68C&Q9Lly%wO0yg=l_*6n&n0x#da#tb*~q)I@g*JT}-T3=Ia;d!6?H3DIF2P+=E%*AK?m(x~5_jd0Ws!r?LweCsO1X>SMvBDW$TG?3q8siwnA`x-9 z(CKMin)IPH5fUojZaaTwtTEEPe}tcva*vU49Oi}dES^t&Z?@Rr`$c&OrC$+;;BVut zz?4=m!t{l}!u?`%$3PNOxXV^t3L>=)n848#b2J_mCFJ7Ed~j1bu+~@DsQ8Y0MIa^A z0e#POQTt={Oy7x$C(!|Zll7P$F_NdAs$!zR+O8A!xoO~7xqN!(DGPOi+Rm)x+$Blt zg|X};f@(EQ4oqCKF?X|Q)w`p0UETGt5AM`v8q>Mk)v227EE!y#AQyorC3TRim<WTSTYdgK(4x5pZQ|^f2@svNCCs$Ke__3h~L|$#NHbr zrohiEH+TEsmf_%@_KA`6U&qlGs{-Cd7;{+os?qW#otBo?=;W!5KQij{?lr_Qs9SZV zRiSY#J;X;H5Y%#T`6RH#iBY%Wl9<5O&N&P>8W{O`aqWZ6P*m@6q4C1}=Jr{d}6(gq{h_hTfP0n;yc;O={=DhGwH}Oz?#@L;L#piu}BbBu2QV{rN z+hfI2l-(%@_I_94xw;c9)b3nt|U)%YP=T9PC)DMv5UcJB zvfEy6|1A(WxpO=#Iev|PlY=mWs{x0dL& zrn8uS>;p=aI`a};k^s>K`bd}-a0+(6YuZbI9j>(X?Qw70s4QT6!nwIXr_QnQw;aS* zSk`G49#TdB!pCMbD@x1@8m!ma2CUN(_U=2D|H#XyI7BdF@Y{&o^`z(La|kwAF0Z&p zP8DHm<1Tk0a0>BQdH6CuUOm{*0zaOnYys<4-2+`%@%bWOVbSoDY67*j5Eys8x(Bp$ z9pJqlCvGvk&;&xSsvHRdaU#z$$lXkrib@>1eHtNwXJsHajM}W0NgQ!l*xIR0?p2Du z0UnAv=)vO-@%`?o+)S5th6EX$BGW0TdwN^av>Lye<{g7Y@uygU%Oaofkyzs``k{W#7g za`)DKS$~OkH;nk`(o#HuVEPa_i!Q(H5p>lHf0BgvdI)BTeMzDc)#Ew!94*R&f zgD=cYhO-^}vq2L6{w~>#3s$bE5nKQD>)~>rsbDi3Zf#OA#cgMeLP+zCW!CXxP%iVO z=m_{I8c#aR(#Z%F=%qT>*Mc7LB`id_`O&+5lgqabaO(-FA2k_@2ur96?L>c80LDo{oEA{WnPg00+A1TH zMw$5D{RS0}8542i97PfPNv>)Rj3qpN^~a1Utx>~BINBWlnwD z^o0qG$G5iK>|v*x$LWQa3c;tUgjvN#F* zM@v?1AJ6M$;}7}GFqln@2KrRlE0DFzi8&60Qn?8*px55S*1ns4*F6k_oD(G>%zH9& z*SWn+osnYsqK(#<7mA=%;JQi4*LD|S>73k7z=^Xl!iU63UQj1?n%<(P4YnGvssb|8 z6kU>HDYCxoJ5KL{SfZHMR%ZQJQy~u54))rs95W3PEJexmb}$PK?ymlBXf-j=> zT~1unDrNf~tWgE~8OGcQG)=o$I=WJt?K|=1I#xCGzv2?TB~z)_oHI%2qoU>5$hOu}l`pUjQ>z zoIBt5!+I$gkJ1{Jds}@@x}(vmpOYYPD0TqarKp;k z?=a6(=5+s^)b;a$o^w6aO zK7A5%e5vMer0q<1Fk%v0lMx3xeM0x3{y;v-m@~lR61Fx&%tBY2X8)U&%HPdQsyEvG zhFu^-rkLIHc7kJ#2J7+Afyc|a>jr%ALK6}b%hVdH-xj=9C(jUD`r9E->T+wiKIN&su-=4q( z`GMp07;|9ih+6j#co@k3j0{w(71vM>PPK_$Hlm$sJi15X=s;&VeKp>WL(TbnQMP`= z1^jL|mC%pkNMT*eBfx1_0jHhZ;}-!x<7v-pJY{N&FxY%6s=y04*(l^Y%mwY!m}}B< zAqNYe!G8<}ryUB=9NTdF456 z&amZCfm($_{5!0*!?F!&$bD7KByO?$Kl6;EhQNq2%H;*ttU=kdrMLgWZS zu%pBDnpw$H_L~T2-U=Fj1w}U;}J~#=V<(rV~6{QOu`Fw*{GjMoCEF@Os1N+UPz!0)^DTl z6MBsvQ<9N=bb+ua!n8LND8dy?KRhH1w>i%5)-DgdC317NUbd=eRb#L0WBJ1)Fe0)Q-Ok+8FGb6WhK)4oiX zlOH|Lz}?Npp1;*dY|d9x=-!(`*h zyg#_jR+>G*a>-#fUa^r#omM8ax)Tm3R|iIxeAo<98szE@_EYrsLcb?!CqT_Jil(Qn z*_fJU&_9qapTA486Z4OIlg<+?=S^^{g7EQI5m|HfSO%T ze`fbt-~7s=b#XE@fk1_Bl#0KcfySG|d<~%seO>5$#jOc!Mvl?ZgvN84er2Mas&l*8DYc}j_Z$K55VuDKe? zgT7*ULLHuvc%qT}vaK(t@R zbDq7EhNBGuvE$Y*S)fGNIj)gJ(5bRZFvc48zLmbX|44P2HGc}$yZDUO`{s|yB}<7X zftJx&Z*1>Uv99g+E9Hd_b-e-ZQ-7we7;ki^C?DMWQT!XC{d~RIZZfol#<9%4Y&!f} z#I$TYE8drivJH|Y*t%+TbKxoSx)<)$ExEOdbqQ2CGIJ1qp$G2BM8ye}fMbh+a`BQW z5eiVII}x>Ts?|7?aXqp?>~BYZ@iP6^K%xqD_yT}2bz9zig*QK34fSG?Qp58$`opnf+^@-!almL=^?>4M*M z@@L;?L|^g))8Karz^JBia6bwP6lE+{fi>&+%_hs})5^9tyfr>})HX#o`M}2`$z|Iv z+y8V1ZppWMD8sa{;+TW6UB~5n@(E977m20tWUC}5VF=_d* zZCw1XN{0CAFJYjAIsaIhcIGnETNN8ut9aiY9P=D0=GWq4)Cy`xp7EQpc0C&)0Oa3Qso{5RA9mBzqjLwbMmI*Fd;`gbwKQJ2MAm5bq z`@74*etiXcg(w%GY&a4`6HcK{pqMk~`&U+W>6t>r%QlGZGMTmM^+n70OSvrehZlRDr+MiW+5GN7ly+mdN$tSZd&5Fo4Kj?iYjl1Q2MLEk8 z*o%^3rCM}nyp*0pBQBmIf#w2R>Hi5UdkJkJsCT&wW3xp>^wkIvEqo4Ky|s>a1F~KW zshQ5J{hqCaJ}(L6+dESpSQ6_J8f zQ&a0cyV~Hy2ldA>y5aFnz${Kp(WxmmIPGsbI=Z#)sC#PwCoqPwv;mMnfXSA#00vCr z1V0RbJz}>#zc@k;NGq6ft$?g9A+-Sk8>RYg7Z~!)qQh9b2J~5ptK`(BAT$fcI8bKh?Sqhfh6>(P&FAS-r?z%oHT2M-G2X z<-eM3+`ZT|}W)V7;ec)uFWL-Am6qxb82kkteJ)5l+Hw;@R1MN~ls&F)~ z+u6COJcpD3r`ZgX+?vHJdi z9OYykYlL)>aNgV1Y&=VcyXR2c{mkA=uw&OJrQOh4|CY<8>)5TcxOCCaVLjrgv#eS( z7a`DsPT^+T^ax04*d!>pto(vx%w_4BQ%Jkf75mxrM6Tf<6?f*#;$TC zci7JBr9$Ws>VH-Sgni~vJNC^cav!ob_FnWvF37YaQy^wPdV(WZd~Zc8`H;-lJHN28 z;mo<3f*kK3`m5yd(m?89ONO6&9bzg`cq|-iu*}U_1tWbqG$7 z!(XT)^?%YsB?!IkkNvTZb03%hXi7pr3Sektcm$JlKgwJNL>#Zf2i#GAn!iyimRI7a5r6S;g^m2^j7H*PpWM$5TUI=h*e!u-mLh@qb)zk7uZ;4jHK^PUk z-`6S$*XfuBG3X;*O8S6(Htgv(_x(VB>A?3mViXtu>6`%wuOF5jvAKGKBG<8_V9$`{ z@(gT|a7t+w`Od{L;)KX&<&m*?MuYfaPegRetmS?2d+IX7sR6qTSSZ#L_=zssRlKpMlW$x^0 z!zyz0xrXIsId{i}-qFAixOc83I?ldxJsUZj8f zhM*<+E(MiTmSRik(X?BUs~4$X-~jMR6Vbba#C8FW2gg>&YS-Z-S*hV6#_;7&XE~i; zR`!u+SbLdZS^YcjCEEGu*EAAnje9-x;Ob__?xvj;SUzN6iAb-Gwey zUHkd7RhO0knwwI|VXLrdHF~D2w30u~ynlxQR|aF%^yYALaCY9eXd_N8z+)EG8Z?^ulBeuxXx?8hU&$Q5#q(8Mwl@VEMNGt?ni_@sau4W*G?qMq*la^}&%cF$XYvER&0~|1EhP$P3o?=3C1FzTob9K_;}i zzu&bOM1vI@7`2E-2GurNzG<&xW!>vcGJtj%B|twyu@PM<+m1><&!dl(MdrPw=eX^U?o*!ybvg!!7VJKNU*c~>5o)GU{EPp{?l(TagFgC@m`Fu*C zP{&_mWQmn98W(X1Gr4EV-PRX51#W%lgvYhGozKYjO6Oe7zH4B$IWhg{*A5VePRE=p z%2`T1ad@&mV3T9x#*k?y`@oVq(6K<@?o>Z^jVCao?K?Rk2 zxFXU2Yb|bQNql&}0^Pv>ciPHsO@ph8DxQAfsqvj zaoU#Cg7`@B1{~AYp7#Go-CKpl^{iXJ0RkjA!99fF9)dRzT!RI7cXubay9Rf6cXyZI z?rx1V&S~;rd+lZWJKyu1eRFR6V)mRht7=xgHO6nmfOE@2NHIsbNkBzjmB}ip|zS>TmIy+hSmw#!i@ZFQj{k zv{YjvD2dMc#oM2u)707sU6IrSN^)sJxlqyh`c?w+Pa9EJVLVnmKBxMiB3Ev?XEs-H zvEGLVFi@XBCOMS%AEpn?Id<_q=CRal-VsEIY#fi_arZ?vo#?PF-QDmo?xywXu)%|y z6R{mn>gi@L@!B%~yf0pJJ%K*G>l}3|XNk}gVky3oVR%e?bb5HW9`n|!8q#s+S}Gw zQ!X)*|2bR12j9$xrC-P|;U}CP0X(OUTQf~B$m$;LfE_B}-|75VSlcq-jX_`*Sn!R2 z=bu8r?fmwD8g!_Q%~FD3;hY#bzf7TPZ8>iO$M{#BOKq}1?T;8t3Czo@`>INa4Teen zk)Db0xEM{_-hOX)WXg=6lL9ve1rGOP2zGK-7gpOjbSOTf?6IbObieKbt#!Js~w4sCltw?1jdw8_p)T)g*#0+RmKOIe9=IaZ<?)UAN_ckT|;MQuF=l9NLJkFPpBgR|9@4w!r4rlB!pVs&3q{ z(k+;I19{>^`IwhO>{^IeD&w==yRC~xLGDo3Rp;d5=s`soWzC8Q&nmQ5@4MBc6hC~L zmY%>#eM2VO(GXm5WT>hB^T5lhs~dwFBt%U_>PEYL-LJ|5POR}jbs$1XKPYv$NxHE+ zrHkCnPp}*OxVfb2vzg&)xsGFhY?u$u1`r3`9GiQQAGBU{J9dz*?lq?eT<&pIV`c>d zWqj2<{sn`7>v4HRpDK*Md1kz_1NV#|m_Bgk`7{W>1jz-gLvG#s4VF2oeGwHErJz>z z!P0O;9UL44DuKs|o{@~hh`9_Re4+HpVVr=q)X!6QS~mHc1Yx6&UQx>Rc?yH9G#o9Q@xkMcPUubBajS zm<6i8d}?s?tpZ-wJ;%bT&P?XHIikM&NaCTd#lRr*J9#)B5dVcV%+2$~K>RX(T*Axn zl5d}Er_(_#jsD}Ldr&_`9o+?h(vkEImn8)N6Tmkeb`U@@?dCi7dI=EF&XuvO10f;e%QB_ zse_4;T0!I^F);Z96%^qpIM7y^>K6gnpKqf+A>UKhEPk{RZ_rhcD`~#>xSbj|e8IQN zxJ&$szmWl7`&e^pvJo6T=8W9j1NY$k3&0)K;OA?INxy5#uvr2tFRq-}CKz@Qve5eR zG(mPCj!f5t_+bu8_(zT01XO~0s9S-(aN#%47Wv?WI~D0;68CtkXX?ramn`Q{tJM|e zf~Xg=&m0<+g)qJT7bPWf2(C45-#1be)>+Qcxh_BqtCCPks}87 z*n4%PKZIhXACNlc%kN0-N7`joCm2Q?Yt;DJSn4rs+_9$#)BLP`Ke2OpuIA0B5V$*D zkZ&1up%b_Uy;p~hKE~Qr*}Y)8ifoudF;g6sHOha`Mwc@}fx3m{xe6|eV;<_ZN=v4G%W^svQ!x2Gc0Jymq{qq@?HmD=+ASj=gwcvX~5ljP&mxLaYnh;4^|7Pyki zIx|G#kK* z3F|7o{ib~V^>gpz>M-jZGn>Gsg5lXx6*(*p+D`XIr&sD4=bZA)aryiQj?-y-zRX|( z%{FGcR*hmUovmz*rH^3Cu`ISwo}g7~oUpZ_y0>41l;M_-BT46peT&LKS-Kd*0^hjJ zdK0dBYbs*+iFmBjq;-SJqJ=^31RCG=o#8$-*HQAxMka&or3xaaLRiMeaH-9pZa|wu za+DwCJHK+O^z6F5>y(PEAvj zpX8R3cf3S&eyR2X`AcQ*0K2x1^usZd>mV~9Ep5=}9MwrfB1qt&f6$5}5GX2%gW3o%(TV82^>ZZ&(ZtE|mxkAeseBpL347h) z_7#;kOf30NJ`u=nPX_-*esAYUKr|{TEiX8{7Fe>vxKzyl7aL0z<6q z#FK2-^!)rd!FIG-Q*Z(aeDD{aEFLKY9n zY=i3e)>K1)P{)80N^gf)Kr~*i;D#(_8B%z_eS;;l?BFzmjX2z2meKXkK+zpppUjNu(mX1!c{a{U()am*5I~u6HT?tcB+OV z_zisS)ty^l@VRE?oW#euTQ{}oc#jFns~V^u_S+p82-tO(FR}Es_#nt_gZg2}lN5Z{ zUn5Y5kU_h$a>ny@yMx*9WV+5or)eshmL}_}!SOG-lTkTUDCk|5ABm1!`;ZJBU0lI^ z+-WGtBPYv>pI}i1PbMvyEFx@rw4{WY>6k6?cL~73@QukD;!^e7O&3ES0)1}3hG8)W zS?3x2(QW{E%@m;B=e)eJ9o4+(9JXnhq6o_@>{8p&n;UKtK%`7dHx)29nl3acl zk@R!U6C!*!_kQn`ssM98GqoVV*dKP*-{_8r-UM?yV>cyeNAyU#>-4fy%8vAZV!(4Q z+6H;pr6D7sOjMl_G{kd=ySIWUj zM}d+nJ83^Z-R zkt2R{$2f-Fv4-O~GN-t_5EK6&A@DF7$|A22cx2AY$HjaqHQg!4!3iE?-prwZqS4kC z2EH{j$!6XPBjx)>R5?Z(%&hnvF>?tdA@LJG@k`vg zI~N%Co(SfrtGriI*d;y*0kZMME}IF|mcGp!(SZBGO`qiKQvChLNcFiJjg+POnOHYg zTtrxPN`bm;z>pwJ!NX-MWuuMIVxp5GF3w!**=&`ky-2fsX3FOTVZeh5rRNm2Le=`5 zZZy>xTyfM~mt&3cNcNE|20tx)KuP@qhA>VFSZDvaZ9kiD&`q~X-)(&NQ*4*_)MHKY z*#aC+&7+MB$Hrj|IYEWR5A6*ET0H6M#|Xl->sl+Sl7h=xxY#PUY-@MH9(WtDIb#rX zaLqtd?k&0_bRc%LL%oDw!gs(y^tG6(3s>_KRM0GpB1;!dBe%9yiF)Y!!g`xSqz zHjg90jtnHDt~~}BU9&;R6JI46A@4j|G5_vJ&_LkN15lCCFKL2NRLklIORhCI+}Kf> zau<+P1>}`!<Y)tYL?yrj&f*$c9@-}Qb2+D zjn>mR=^~4JT1;12YmOL=9!`7$QGF}_6PP+i!BgfeU0ny0s4EoSCH|H_9p=9O>+z?# zE)0c(xwUNpjAV<%62U&XN)8m z436otsP+*&e;7r{{uSS^lZae|SE-%K7!ZKcI0Jd+-;nDgd= z#2jXZPCI~gyuAE~63t%%KH*#AV)fh*aC3-WqR*}bCO4#&LQOtU0E<*_y&!TZUGa`e zrje`iux1s8`k0ETrX>nah->t1YdOqVAXyRThK}`8J{9lAh#140-H`@($^52!Q?ihEQp{_45DK+t~H)Y*<+`u(xKJaDg#Qe+w{!^}}{^;4AL zB{&Oi^IlfMt^8!5SwHcs_B*g?>aQ9Mco~nA! z^t-~0=D2VlGY0ks5vd^lmlifj#3AgnB>gfTd}M0|yx%yMpe6_h)@=M%%W3ML!0@FP zcj1??W|V=mfo(33FO_S^?Mip-{xN1N&2Pd)*Y?~S*;1{{&T{P^WVq;|KHDvmx9S{u zCmm&%uu3=5v~2d|u4=FnwKOYB#f2W_qH6z^zQnwS8s#Nz;97fcZK1{^h98>ozeI*d zh8^GXF(k5F<1T-I9ni4nkYVAEC_kO62S6GTAnEmI8ZJk$@uUrWH7oXk*Q)$e$-wrskleDuHDP!Xg=MIHr_hWM2hMM+ zpUq-65OmO3NF&%1qrWmeF8GxYoFij`JsY3x*2bH{|Nj*X&)*2C+=RqVkM;Ewq5*d(A~;MRze0VV06evQ{E%_S4QSV{^m1K`NpGHJc@Z1fE{ zDWs%1{@qp1oIRxge-y)E*J|XeU5h4GZq-WwQW7g3rqXlwi+@7q(B9cX;+Vj{krg>= zmQ^89c*Hqx5N7Lb(c%MLzrDofZBfO{>d@tz0TzQ+C1Bo+=L0#UPbaRvcB~Ci7lHOo zxmhl3ba>eJbU{n9dgG;j+U^)|TO-Moz4nDI8+^kuxepH1N!=QCB-%>K1CBl6Q?R22 z?iu*D~~iRyQkbe--M!c^)*D)?{xXa2j1KlfmetS+uBQ8i_}>y|T1dJaqAgHrT3 zNCj%T%Eq`$`qS&SUqHsf!r~vf0X?V7jka9@M9=EygfE&KX9NVBY+Y{uUK7xFtdpUT z<((+8dan*Fa7dPU6Y72K3-~0FP%R+MOA_n4jVjal7XIVMIjWjr-A@g)W~yd{jpC{1 zsE6S&Hv-D9^?lXJW zPP8D*ri@QuAtA)3Munl`>FW~bHfkj)c(N(+j(Re$5o~s8)m#II!a3g;6{w<>H1a;g ztlzkVV0l&GySqb(^-q%8IpO&M)tFTS#28KxG=%3Lfy}IC=4kmh`zR)R6?ap^eg@VJ z^_PqS_LX15h(M1V4nmMgen2}G3(@S9vBB=nxo_6<zQl#$Nai9aEj3gpHPu78O4k z&3~P#>ZogY&8!<8pMon^B*d_aS0_)StI+4`3U^DDznkG3R(4kFSisCo%I9KuHzS-Y zBYTS=m9XGoSaH2e<*Q!j!KLcCQ9SirfA*DkwBWLoZ;2deq}@yp4-J+b~lnKG5^Frmsj(x|SWno49F7 z^E1!xVidXf5;=RtbsE(mIQY7+J3C3kjqiUK*&TDyo960Z=}f}sExI8{nc`4s4B*ng z6H--5V?f#UnM&v0(S4AXJjNWLCXGfu8Pgn8H;B@@_RU{m6reVRo*nLM?wY!;!^(Ao z>>ae?0;v{G!wJ%}2=4}E1v$_*%{yIa5d0!X+K$_V(*zsP%T{D4m5_yZ%X4ikjgqKV zhMk_1z!YffPweTx{|WJK(zwi1El^PbXfa7rrchR;i!G-`9huIt`6)5Go(g6?)a?&k+)r0oNv?#rV?J3D^n zyo6MJ%F?x8SH}VO8zu!_^jygIPO4tv`k{Hvq@h3zKWU;eftym}frWi-RoP8H+XSdY z-Jfmsv)2(zl?>tmQ%nZGPbs{}HsYP-I%iN?34xqMs#U0{6qRhHOiJ6*V&D=AMi*E96{pezsFOuAl=} zNuwEg_OD2&OZ<+?7MQVh5u4X+G89k(k$*`J!oIWVS#qioQcAk+s1^QOxO{_wISr`P zsMIZWy05TFzz?b$Frj8?4Z71QvX#s?TB1K}BKxO=)|OVm$YW%1cHDT`C@#Fj*0wbS zI2BJt{xk9w$`%VkMafqZ<`(8fnL-A7Is@U2Z!@N{M_xsR>^)BDQiO5k zS4s|SLx?T;%1aQB^jV5hfH9=L%@E&;a&6iF=Vv{Mozhmt&INQf5&EPfW$e^)VShJ> zoO0>60m8`3OUm?$0ig{f={ULK-74^g{|jLF-Zd~7zKrZC@+J78Z47#k@pcX#=zLT_ zQ#!0TO!EGKUUY(+wBE{Oig;8mG}s=aKq)DpMvg=Ufs{rwvLWq!HNj?65YEj@=r~wO z%u+aw3}YIL(|c-;LZ|mS`8!4ZuM7@pxKuJcc*UyAnlf~F#4SdTAGnxw(R(Dk(HUcK zY9Ti0m4MKvN`#!lkPSAv@ekiiOrv^$t^dubr)pkT=*X0C@`puYcL0!~r&p(;kn zTOzrf!(nprNZAP?QJI;^aAKq;ALP$^?*cCDxN9cK`A7GOkyY4mdG5}yqqa*>h&8C4 z1fUmiX(7q6Wt+NuQVru6)2)riPcnxXPt^@%pmOHHi>Y3b4WRMZhdk zGf`O!ob6UX*M|tV2fVO?k??W05@|5cJN$R>ro3OLfl4DKUbVz!2Eg~kiotdcma5r) zmen}%{`1JhVCD!53M2?5kC{mBp8$x7yMT-58NFuHEjVAJkLsLHgUNBXL9_vs9PVbBL(@a(+Vuw zanlW#sW+E&ez4D*P;3}tz;3EVzXLOhUORIn6H6Ll+aJuK!920{gHJ|w($v3QZ-@$c zJGT+g(+!RsS+hPfIbg)z-sB=bO8zbbeXIS5cR$~ZLe{zUT$6BT`F-PhSf`<9=|SLB zm`Oei{Z2|IYw2i*Age}ICq2yKfGpNdk*dgdW-`>ll4Qv6MuCzZ$N%v|ft!BC3`p)K zjxaJ=+hg6N{C7fVXkklLIEKYtfNh~oBPz#tsiMrm5#5&?a9kUqLl-O;Ld;f+N2o!x z3Ne8gxJp$rw;n?k%+#iU1)%BuZ5mttUDiZMDVL2%B^gl3)0tf6<8=)nEU!s@UE97% zK|D=60dDOc-5S8yH69y*n1|`V*k?JX6AaAoleahIBqhPd3Ifn4TyaAGTJh@)s|&(Wk9F0p5~A0rUUcmCm{2%~%yb%!&YT1mtsJ``b~F;uL^E?- zv?w7D@OTZz4fAX0iO%tbx_g~Fl|V~k8eKEhv@VN#=j8L1o=>R<2lq2#CP3}o1_t!n zd=$oWS|A(ot*L+mxd*zMmDe)OtKj0(s0EX3Zy9Lo6$yz&c!P;oR}ET*hN3*m93%;! zPSr~{$2>`GG$S}8Ho&pO<>C>^(v?&tkT}Fo`mva#h_nUjabeqeaOm{32F6G4w#{v_ z$aub|km}1R9by?eo&8|H&>=O|Mv8?`h|OMH@egMm-FIQZa~>CP#o=sgC`&UJJZcj| z&vTJ!Zo=+8Iyn!g_CBipul4fVDLDiu1nV*x~iZ)ofZN{%|I*h?l{-dh{4nT%Z z2r&1Fvij}Vtcp@q^oB-%S?@nU?E?%7jcO7o-xK?UuE9#RBFaDZ{%V|7ek6(r?M0Q} z(BsGv%6U(+-G@~p5;EXAymRRDe0s%mVPpRjr}wf}TOXu{owiQD<{~|&iLyJ^D03l4 z*>ZF?mk4A;+|>#yzL%at9OPM{kE(R4l{*`!etYqF*>cWJX# zpjQZ(R&4~QMg@}cRu@2$9&pRi)ONT_5)x$6k9X*3>r*{f;Zxh*+?Yx;96Xl=SgX{y zmcul`DxGODwPkvv{$u`wV#BuQ-IwR_tFv{onK_07yuyalrlW02#Y|qc1r4*> z!EN7FgOl1WCx$aq<^r4vvDTIuICvT+w~EpY+Vi(yG;1|}+Lg|>L`dCu>Ny}e?DyI1 zM`L3q6-`<`X@Vv23ikF0vJ|e=LUb{rdA>c0=f)MBufbjWhE}=OXi0HFeCG~4uFD@E z@F^~hr5}GP5KcGyhO0hD^?Cq?vPCsHRg|RAG@{4{{t&N0A~mobC+DZSt&D@Reo1fZ z6TXV2aBg;5{5h6g>N9~v$(dV1eZuP*#NaNYKp{=3MCk`l z|Km9Hu^Ew|hefB2m0p)Y5+@Abf*xZpxC67Ndo_3I;wNr4$E9BD!*71;Cl-|7uUWer zaTxTV<*nKl-W_RUQ5lkT-s!PSSxE3E6(Zb_OcvFXQdxz&QmHsaR33G0h8inN!55*b z$EyUFi{duQg13svz>H@7w|#h+Stg$2;^bUrN^JS)7TDSze3^dtt0`Amzd*tfk#(g4 z77+8~b&`aiAN|rkk|-rHZ4c6W+#Wynf5Cj{8QQ_!m-V5dAj_7SOCX3&_s#!c+QiOj%UZV=%GgUCHA!>aVbS zQD?FChbf#g`<%q+5(}KoMvl!QdxYnCuMv_HBouot_Nb#PYi?yu>t(I;!A)3sHBvLg z$#Mz2`tEBkezPT<^RZhR&eR9~IT?`w0InKfWR_Roh;&}dY&rZ5Fi%yWwD6W`;Yr#U z=Wa(;lX`sZg1#BM^OU2)GAn^}FitSeSco(vU@9SkYW-c)_lFh9-{+5OO$XShlM}o! z!OrZpt1x?v)(-L7VqQrJt{O2zSH6+dzbRP zd|~c#DDaW@@wOu1q&re)6S?ttpxF<3uVYqSc@ch(4wj++&C^eXLwOR~m}_s9stNj(_U_;kE#iREGQ?$aX@RR4T5VRYi+A|bQLrrPGOT4W{bs+%SvX)nv{ssD z4RQ~L|ce!1zQs;;HNf!9sk-+xR{}E?*(}93Na#lZj^?0 zk>q zwAwE1C>RsO!P&)4zf#|TC1RVS@W8q7w1D(o!Cy{BI0X|t;-Ekd4*7|Ln!fM9L|UH} zp?Ut%pL}vgU>(+6Qd;c_lRXIxbgQ!<)yzQWux^l0ONo5mwXXh>EVj0yWA(VPGS_dj z`ArlYh&xVSlg*T)-{(PPntIXE2p(rs6vzYtIjXs{*-PWlYw7pJ%ST>E%$R2Rd48)T z;P2abB`!^hyw5hNz0pe!Vi~KcOk;4uO6bJ$VmS|h%Fo(8axY&{s7U8X6_tkU zm{mOYIiSrK1MwfCNz1Gr`vZ>3@WRViouJC_xD$&KHTis6s<`sUWSs`+z-pxy4xx-0 zZK&T~u*$F}1x1SBL|*RaKtg(Y6{Lz)1Pt%R9znxaM15}XX*uvIWP8oj%Q}~c^dY5U zB(ODL5SJkIJkuea&y~wi&C1Ns@T0VH_!bXElG#M-zPG)GNjWk$+Cl>NMYX#cEcomd z)$`#dh_D`pgQOX#5=jkn>5K~~(ATw@g3U9Zjb8mox!{w-~K`&_M$?unv} z)YRk7A`!3oabtVjOBLBk$;mN`47^qUMrvT41RG99-x82|-fJ?-BMN&1$EJ6&xbAK_V9g!bDqy zoVb;;kT1b+Js0$oVVtKSg-7$a@}e|O*=Hg1>4i+6p9nx@eD8PKKQxt-NB2wfW=FOo z+4(8E1%1m+IG^Vg;bGhQHtK?0BaX!|yZ8>%oUT$j^RMut$5?h|+#768Iw3 zutMMvhtGOOqhdJMW7Oepl@ zY}#uh_u|1|ux$fxhUyO*ZeifO%Vvau17oOJ!Brt#14guYe#$)K`n_#kI^i8Z9&pMRoF>nk8__yf>)vN zz|PI2Fp=O%8ArYYe8_2|s!~n%_gf`Gds5?i9Ow=TC8+@t0d>BuFL6JwY%-Mzr#Ta} zAl`1j>aHXrz|tMl)K{P?cFu`lOoq-dj(Mke?fV&JGj&@NKO|>~0;Eg}?qu%lq){AX z2Y~qe#rf9NP_}@&w`rWh&!Nx1VF)}gT@aJ&MU0N4g?nQ6+pc(H1OdXYny0Y+51bYo zuVI`^lOS)+a3B?=W^dzU$tOPn%4-#?C;IydM|XM7M#*;tBC0ApkW%IVZCF~I>^ zk-3IXe3_DzMGd)5dMSmmyMyz9M|{;~AcJEU751GCv9a8@X06ekxt^}FpC!fM^vjJe zts(`Sv=Q*@+UDL=Uq)YHpDdDbnzS`3asAM4Q)Eh)$}O^$TX3rBrWjKBwBGvf;pa^G zf0$aUa3}ZONL6#&sVE8y>n(GrQzzbWS2&@lmz*z?)-+Q?U%vI=R(iAwFwYF3O&-gu zwEOtgJ+fwj+OMgDnSF`aPGFfH%%*K~lWuV+-CR0k2dN+5Ut9)Cu+TjMs%%TNr@O|X z=Ppb#oxax$I(q1RB^gW7${8-QT;pH}~UcF~SvlZw4XYkWG4Or2VH;kvE2SGv= zB|64ZP8y;q1|Mil=b!z)AA!?3qdts#lG^=I*$6su2#V0iIt4`w%h=Qj7VI9#xrp|- zm-7HChjs*@ZEy)Kxoe!s#ceSxum~P<9vb{h^9|4L^Gjwf41yXgwnCs3beg{~&%n(D z#L@YuylCG^D1v(T(@iI5RA}Q{KMm>mM)DTA=LfC8e@r~l&Q1HaKz+=O%5|14?Ql9P zwPWIpBhNkD?iWk0yM07baTP%{Cx36|hd_41x8iToY0tM|fzu#WEY_5+4m;E@XxZ1+ zEH>W4pH3}y$B*flhw)w^*9~GAs)n70&prkq@~#oEN#R)AIxr0xmod6+%~e7(2VU_J z*z*yu?LIbD?4?JaK6bp#mOhp95SuzJ!=xhcG9Kk?O!WBWdw6c>7<#3eNp*FnlQq8k zYrV?M)b!}5W7vbYrv$cA_bm@iCpmaXiX<+pt+uGxH9MR{zq}$Z!G8)iZ_~eE7=w8V zKuyJ{vFe6MfXhU!84>dT1f}m;!p+Cif1Dm}RH!-odcorGdiWma-Qr%zu#+5RO+qvW zai)P+bl5sUSL9>w1F>S>L0HUtQwl9o>6qb?C;J1FFg8~&Lr$MBh!SdUSht&0in%+5 zlHPMF+}oJFfIUCJISryP+v_HeO78g3dvMp=-a+e#d!9&~cg$fGx3JAHz3cnetbGV> z=1%tmJFSiD1*=lSy_>?@u~J7@q&}X$vZw_0Y-`|v74TvvSE2i^s4@R~y&)p`vb&lN z&p%f(bbyv`V;g=A3fK$73c{Z(+TFV)U^^hhv%gYmo~^7 zTQa4U*^0}!jvKaiSPU4bU{Lr^Yf)l5nq>!k`wW8+v_F}dMq9TnCa;r0-=j^7RZc?o z!Vlkx2@?AL8*!}%`ek-GN*83e&`V|5^Z;iTow%L#endL&)D64HWb@O7LjP$}I} zn9z<4&kap!k!k5oDhsr_1^F>&(Yn^fU{!PY$q%Ez%QIR(6-^QrlR7I$*KuwpaE^Vb z(+FH##CO{O$*qGngD@g?raOmuWwySq%TwInHHXbxVJ|0edOXshWsgE^N-7k&IW}zK z$dYGDDy!QD+EedYEr}_sQD)6|7`}&w5_mXxTpvF+E&STE9?JOM8yG{^aCq1HEo9Mw z`nDgg=O|JW_HqQ@s1{dk?LhnT+)kjkEUfwg(4dIyW1+v_2m&8cJ0mM}rs81c?>yix zK_y}(XG+;*@vDY)Sq7smG+mjgTNGHZ5}z^NfKI$j4fu~Jm`w1Bw2vjFwvV2T-_vBz zJ9EZB{U{^EIUjmB@N>n-v2Bzl*!ct|pf)x&hG%rKYzzT*; z7fZyE4bY0mKtEMHTHJtfgE}!$QEYl-_z%QxH?%7g%9}b@6Rnj=IDj-#K-i9L^W}C> zpS?o7YZn6fuuq{fyKl_Ur;?Gz(39?@Z)yI4+b!iB;Bv9C$-!fqg%INSOUF;(y$X6R zET7osL78hR5_7(7Bvt&2Yu87h@-GWC>S^eN)_24{(>MyVX+1-WI?qjSooRl7ng|LO z6Cj3lM+a0M*iO&b75^JN2L1W7bSQq6_z?V3;-l?l5FxULMK4L}IlPSE3zUpP|v* z*1!8?tiYpEPb+YvhPgH$$ua$|8zD6@;cy`hE+K_Snx0G zJavs5aosk-Z!xLQugH1SQVqMBceA80#Bue}&~cIXKV^rxxM;EZkDF9Kh+1iGD_9S6 zO=+Du6<@d!kP?^L39!jf*U^-^WT+TL3EPJpHMrJr4ny1KsVsutt8}*1F#?a?`WU$q z1eEekLKW(mN&wVw;*~H|M-c)|T_MtI;KNKuS2h$xTw+WlVO|dN#?^J!EK?hxxile|tNG3l{9qf_jvQq{wM) zuWXjJ36Rr^OT4L7)}vIh0>m=oI=;aRz!@9QO*RFdVDBlyh4C&Om{4I|nKe0xS{0wk zOmWt=B&KmLqN{SkO|DYNjUneCPgS`s*$ex`15R`rIvWW_eV4gr&V}uvi-7>%^vTyl@596w{{*3`DN)IL~)*iO^yzJHC5oK^bW~pU*LibN6#*;HAN0AfjOVLQX`+s zt~{O63LN#R5vqxzU)<9ClZy2!Ht5mFIdB~iEE{t5v?B8d3qSDjZ;WTX3V6$nG^~pN zL_D%*clkOio}7VFg#wew${D8v)i=jKj_wta#;b7#3h3o5)RVzm0E}-IT$EzNM}OCK zy>1NX%1MO%75?C%|NeU;pZm>%;qAK5G#K1zp5n4b9zm*D1J1ZUg1CfA*t31`s7GVw zMg$rlw1UYc(FVm!Q0`@ERDTD%|J|ABBKY6B;YjM`SAQUFyZig(x|W}%^rt^xwjy>Y zx5aiA)S&~4-sY7I%dE7ag`eo3>tl2!(na8kaU^dn>i;yxm9KwYF#VI`@#>%J+)~_k z=xxZ7TbJWJ{dZ+_l~QG9Nu;AFi?kEugCul?df4@FDEPaX3y^MA5OI72BWT*@2Kzk&yDh@jjoXY@8Ixr^NCRwbF~SEtLFqxa&yNS#)X1-o1@Y&hg1>?(BY&ae z|M6mABIgvlP0oucn63XJL4Nh)%TA`(U)>^-0&M0y2r*>(di&H6)Iix1zIFG*>5MHy z5-(%}SkMqS%;jr78e$y)2nJvA{a;A^f4OTIyuTh+jr8?e@ERM0s$5P~>V&9PR$Qk^ zAwAS%AbWQ3Ju3QjDr~I2T=f5Eu6uv01~@4I%%TUs-$>q{RLjVSSYw(U=TYx#DLrKh zy4;C^`Wp!%s8Ttnn!yy#!4l0ke+=v`yo93f8gUWo;6Qua!EHSM+DpM3cqDSE$MVOy zj=uzz;NgpL8sN|0&XRSpM88#dB@WITvyyLkL2<=g37ENMUtPXM$x`T!r#5ZBzJr8-LR_mjUt2Dxy#Bxu7n`5WKUvHF@SX(jGic8$oHV zdyR$?4_aj#K?E76OGNydA|3l}ET-FE)}KGuwQwMal4>hOf;ehCJ~c9*1EIaR&P*5_ zp&Th9|~pO64IGGwarSuJ=`Ai3!LKitF$Z;8eHIN9)^Ra?SO0 z=QCnvVnQ@>3BkiDz@zOP`R(xSn2yqmzJat4dhZp~du{pp^qxJEFF zUbVerH`jXKtrdH%l#}5$b^L<9d&hX?d3#Lab69c^ZNETQ?fN_tO)4{t=pA|7bBNWK z7xT~NPw$_im2oK4LZF$h!q{#K(f4eOx_{E!>Sr@VHrOvexbo9{(2P`eFbrbyZ|-;k#Yjj1zUP3D0x*L^f{x z!y6s^U*_EV=UedzH13`x2mz9n#xA^^bP(l&SA4J+vYmsYF&Eo-oUw$QEJqs#?gW%a zYedy>30nK=pJcXKS8ri4ks-tsTKpVmRqDM;#|NAw2v%Sn8(aoEjgwuq_kCHyuu>H=|lxen_a+YkaZRKu5?OgxFJRyD)FFWo*a zZib&ip>UHCUii#7?0`c>@=@Zf@t>kEE9T{?K?R~x9#SeE12qd-JT32V1-RoH(zfyMGzy2|aD@4?UW+d;3ASMh_qiciLAThv)hT^6haBbS_VdQDyje zIz1Q`^zK6NY_-+;sI)$~4W@p@0q_3mfaHE4?qI6M&QtK=#?(xki2niF8OLn=*9CLB zk%%YY_v6`@c}^AIMqMFd<7sO10b5xx}k>>17>sNMyZ^7{{|FufZy&X?yyXsMNF<0MhH+R$p| zz(KcoBF~|3qD$P^jJkxF?Ti@wGX^EDy0I%P+3r|ZdrNEr?-|b?_b+vlx6UI+g%mB^ z(R77Jd-Bk@&PxF8qVJAwNoPkwzx}S_ayXiB-v)%Xz2H0KRcKQZX^%59c0?%-ulfjX z=rSanSYD&WFdU6vo}1Wt);xVeqZb_W%@hjlyP4p3Ta0>INYi!kpBpcJamSLO7_Zv7 z1lF}h(|S_L?zQ^QYr9*;9GJ>AMA-jF_PnCkFyWu+xkiC14i2q=H4UV?M_iJP9rVx3!@q``S{%jt^M~8rxV#I9J zS>Zv4|B{#GIIU|nxKrf`rEq*48ib~kVL?CTTgThY@CjwU+BU)#{^FhP^i@B>T!==Q zJJJ3p4k*KR|GNT_W`VIM7Q%9%{!&vLluHB-GVPf5N*z6(O6ZzqAhWBN27SAKCJXO= z)lDl(`gzNKrDJ~wHp0oN^gy}dR%ZV#OR|hLUyif3rw69PDnZ0;lt};<)ne9M^>{Yt zjaENlfSP4_-^6z9t=-8H_GHXS!nNfmDmV093+oF$Uts`6d&E#ei?U3IJK9CZT~5v~?8`3rg2F=7LU1dW35^3T z5isdBXdE9cZ7?EzPBa5MNG`5%YV6|5Rqf>0sv;Ispmjrp5OX2x znDZ=zD?5-RMb7IpNn<&rZ}R-Rul+fv^s~HZJ}V>5)=i}3xkE59+?+nF@V%5}@xI*u z9mR2f|DecbE&dX2*&z|lLa9frPk=<`NEpdwUx~?Wh;g0mFS9mp=5%pxK0f6Dw9>(f z6FFD7@Nx+dOD_PDeh@`WkNcjK*)-Jh=8cC6)0cWhv8Y?g(f>a!Qj_9Yd-K`j$p45m z_%1yH&Ws=Cve>4heykETzT0!=waCDB)f(~chfnpb)UVY+@xBC~DVc@-{HNY3%a3#W zfMfmW4iBm8@#)v7Y_$o+j{C;vj&9;vt;& zLA*p8zNRXMAyGB1JDbPb5a$1xBhs{;~|1QHpgg|*DI-xuH4n&-dD%SIUC`Po(K!2Crodef>(nA z{EuI-s{cE{9@B!1!x@ru)!QKAWxV#MULvhh#bUEVQzA3;y8&{y(jgRi_p(7%cM^*_ zfAu69iM<5*6tJ8S4-6-a&0M$+@32Wtn|FMa@+ z&iOjUV;d!>a9Ym1Bq~h=%m_#TRRBmzA4|LROz1n+Rdu-IPX~mZkVdu+yG+DCI%S3~ zB6|pecOh8LKIkg9dS0%g`hf4JqoXjx*&t%;^$%Nxpn(kPuzXDGF96Aohq#vkdT%#D zmPW?sDYgYpQJ#~pSW;!cV&A96yR0eyKOU`N9q#Uegnh(qetzNOv`{Z!qMiGrqApkL z!ScT>1=_4h=?J;_=1CSuha#mtCC&5sPk!#u%0Locb4yU;mfe;y2l==oCu;@7OtfXb zsXo7u5j^k5c1_G=)j5)oTwH1(?Kb|Bq#M2B!1G^vz;96~b+jSC^v(**;IeS&!sLT{ zpa;y=#Ov|0HNG~6UH@!Tt8ECjD1ry@-HWMu8)jPxmUqaj zdXOu8*u`)uAt+7gGxq=u?9Iot_Xk)k#Ymw>XjPjw;k_Ee{SL9&rtQ&dj*Q*`gYJJU zXnNYD?w>P?hS}7(AolN}M5sL2auU7~Je>nucpn!!*_}VfO1jUsN16+=EUxudz5bsr zkt81Nvd7JG!B}Y=Yell&0a`iVO6%M#pLYZ!ZWhZP^ZgP{tVtz6#q}*11Gn%MHwt@` zEn3jnNEK|>LasyXr=U$sPalyh<+G7#(e7}FIhe2W4ZP$_MpMgqQ48wm|C(v6@)6P3Nik6n=2h-Gm^3Ky#$!j z6c0&-wAJc8CfHnrOzpIzikEITuEbk_JI^3eCaQ@H$|?gX*MJkJm_#6_3$Uzx1K^yi z0{}>DSXsjk=Q|cz2V7-z^5kxiN7UAHxV2t%jgIroM=bEm!opGI_wUn}Pw85+D{D`q zX?mqZL`1GEXSm}6g2JU47crZaIcKL0fHU?u3~swbfGqv$iim^3<_<8J%9@LA2O@>_ z2@2|@QS3fj{KQ=$z!4yA9;C0YXX;D=Jj$Xrf2}vEH9a#EGySj;9LBdO4Li$~*c1UU zo+R8JHuK8L0wET+t$HgQ5M`A?Ou&2qefgDVfLR5Y?lxfOu<39Bx5!+X|6_Ha!_@jj zKFtKfoWw0r`Qi~>xmgR0kM~0`u~U>B$uh2*Xto}7$h!D!l4TeVX4Dhy>EG(&dgaZ3 zqegs?u`EJa)j7fFL{c%pXuaB}Vn|^o{@`rqyHS(j`OR-97kZVtz?PlmrkV-mV;@+? zj36C_4E1_3aqj%BZH}jxeRC&%{V#tm0ai2sUt6+KI`|7o?GEoJ)FeTb^vHmR&6&cd z4Dl_9@vB+h5hb>3>%Oi?3$f3OCOk)~iYn~hk}5Hb%h5g=hl(Z>COY@)7#rpUHkS~D zjS%I;U)e5rt6z39ZWarCdRYW{9(?%bD1hwZUx);9c%bRJ1~X> z+lu#Dj+`*no4)B;P#F`3qqf$hDSw>+{Ge}@2vEM-t#0g(qs+Z!xt1um64%v*Uu}DV|6BS)445&P&TRV2!Ab`$FyK_^rj4K#x6jq;3G{5E z`+~=?vMb5~$}GxHjN>X9NeHw6gRUQIX4-C40M1;YX50X?V4Ntr9xKqj6&DWmQm6gdLi7q5~zWZ`ZoReB&zY5*cLr-XQ{S4x6&1 zxfpJ*_jv$|*B3{L2|@H9g{fHTE##I0k;}i!%531?)Xp6+g8<~RkMH$&yW=_Q#C$u5 zxo@?d&XW5G->Kg}kvr=pfP8pl_-_g1=;W#^WOufKRzp*>#+lybJN4hsp)hK(^3G3- zsKX}wi4K2~_OnZqIh+nf$BCWR*BKevMt#ppdVzmn0zGQt1;zRx`c|79yIDFIalzW> zTML(fC~wv+afYpJPofj}6+}7~pYebT|7@oY<8?i1-?Fslsra|XT2&}rk4j&E+p7PY zBf8Sx2fe!1y*rw5n^<8|=)ddl^t-8id=N+j%;|MMv^;=LQbE zMRWL715PdiuGXX6rrwARfnImtZkNNpAaW$i(Yas>9YTfGB+{jYd^{``$v4+-%mr<< ziLJWH=uud@EL+^dIG7cuU--K6n#>0Jf)9OO*f>8~lrw|99D>^4>;SEym1gdsizTL2R6Z;(4Vqg8$&>Nl zf-NGX6b93e=CIbga;V7%i${J(GHdghqy^-U4X9XFR__yHtRK;BEXX+Qdm4zXM9FsB zeY{%axMDR-Tna{jCpPh`ch2Gmwf!mfTKrub{pnV+k#q>}a&9vpT0iOQ`;rV;n(R|K zWrT%C^#vU7H#&$>%i>wJ^E$1s%wg5lCkqlndT2=y#u<*i-{UN{nHnE4_oI#6;nuk) zgk{zG7Rn|V(EP|lkIHfey!sPdeX{G6tF|&OvkOb|0eAY6WOoJ)2HjMF2uSd`7wh+W z>9VjsRCbV@-jLkj-hJgNE5rhUFPcQs6DGe<`{95GeFwPd*0<~TQ`Y$RvPJaFEqcX% zz6oVf5qMV)C>L!e@m(#a2@g|}2!6BZeFwKK_82it)p&dH<|?lOI?ESq z4VY#S%R!0Bnt|?DRUC#>Tf6k`sI1jYNS-&pXE1YH1Ox!j9(#Ys#vcW@-YprH?J|T$ zLM4B*fmCyRroqlNb%uX^Pw84KjxQA(eQu2$6$74tZ#OKbTmhVN`~(F z3dfe7dqBvnfyWBo{~)cdNV;u=<236WNfZ2wKxA}h#*E5F@@OU*iRHHZtij=;ROD+B zdSKIxOVC-iZLSyzLmsa1O`wwv^`RDs1OkCH8*xpeV_{i1%IQPv(=;yT_x2OnP21ym z5f<1f9$y?9Z$GRb@cOuHs)R{gJd2Ox!J$iwvbIkSHAy36WK8+P!aXHr)y<+z_Q8-r zgZ74FKxwI(R!(H};NbP^0P`dOd@TS8!i)zjxq<23C0*vRIs%|L+`4QM4}HC@7lCCi zo%6Btb+$t{4wvw%&3U`1Z%maZUM6TnoBN$h;5;rG-?fUK+{Xww&gV*=c*{QxFaz)) zj|3opNDdmWFW2PT(WjK?>&mt*bT!eItj9LtN)Vh6#~WBp{vk=CL-?FElCvV08n-~c z33M15gu%C*tN!SXI@=_Xvs{#GS|8%LCBf~4uTy(~i*h{pNL5)R-Nq)zQ1`ZUmF)E{ zi^Q5NzjHg<9d|1ia;?tNb(lMI-HuBg^`*pV{hrY%s}GpFIqKlR?*m~6vfZmCfQ(=Z zwXBS+uV1@fkNyx@+>E8Ab78xk0^QQ*=jS(@9lSyeCbMK+4+H-m`he=PNme_by|Vjx zuzKtLp^*hHeKqpbV|zT^g4H!*r?>b`wxG{=w(rMLnv$13Yh8C+4o>e}M#N&{{1I=p zZPBpEOylnzJ1hRC&Sn1zl>v;W8CNKw9LXa-Px$N`?H$yx#XVyz_QoB>@boELiOI>H z?|j`dbru)ne8FIE}WaUKskhGCmbNQEN1OKOZ{k-z$x72Ko z%^@*walULbz{iz#QV%Se>~gyLkm$!Zq=9r|WZ4ssb;?T@vxIUHN7|854TpVasG@iy znSRge{eKcO@`h^uY-M2IDPVzEmxS(HGd0-S)dxzpRC4LkH|g`T+6}4R=xv35oGRF? zDBmj$teNlWm8#x_5Y(uTf}lw!Syv@Ap7TRZ&$8Y(-&b_nm~QdF7qgmJiZE(IQZ8C_ z91o|wrb_AwJ@$DpcMa|7R~I@bA$)O`q~yW|)4I_fOYD700DI+HK6NoBvOw zHH5`>OIIR#HF?pdE?^}UNkvt`*~4HEw74?E$YP#{LmZYQJ(GUuFi_qDGWX_W;s7aK zE`1-o&f&{GOeJ$E?oM6u5tmMBcf1)~M@%$a_{W~PLQK8{pN&a0U(7~sD_5M|+8&wnnx`<~ z(|RMa&c+rkNeR_4)7JGtI@;(r{jhS_Ih`7qR zDCUh^Z1_5$_1SfjEhv3G#&fO%*5skMB25EeW|1xQOZIiAP-SRu1qv|r=1?#g8-U9} zEMjV&;!5J4@~uyF(!O2%gNv<@tDqoQdg+CLjH|Q`pbSZSdYW^uH*mdD`ZRFVqC86! z^IrNEedZi?SOM?0AXLNQpRjljqnXAN80GkPdik1`_FpoJuP6ldOdB3Q=Sl5VjZ2#1 zXJ5-ZQZ!t&95XRDPf4+xKeX_7N(kmN5g|9o{3%D1#k}I`*Mc(+fp}YYO?G|4+MIx1V~i8hpu{iJ&D}u9{khx z&b=BX075hC9j2$HSx)ps@P{3?9Cb>C*Veu~KZ35>W9eMX@^;3OS)yRrsS=%$P2|Bm zg;}d-@|5GrYr92*ecIlp{F|dz>su_w{iiH2SpWD=3LZYmPo1Nc-PxI9z2V zaizj8mi3GVCv^q|9=giiqF?c_SPXY><2@vFrFDdy1oq;sFa~XrNmFjoFnvh`ExGQt z9c|5?n!)hECiy!fFuafM$?sm2y%9C(z?Au5vnmac#O2YL|QW@T#rB#E#f2 zYxMb)jup|Ili9B-nl4eLaSP1NQYgEv8o&BN3>WCL+xc&II-J7V|Gf2F23<7Y z_VM$A%g=vxC^YF8tq`n~Bk3ytd+5LJ3SVzl{A8zv7w%4*kj-ejfflE~#c#OdaNaH? zPR#~vp55~9-~SEw-j;%iK#_m1q$SJ}a`qIJATz&a?k}Bn9k=n<%U@kIiJFvL!z2Nn z6*6m`T!^+K*?*NErvOhc?qkiPcW7*aV4!12I1%XFZG@BkRb)6C{r<|`Rmz2EwTA7o zctZfkoPqQ#kjV9Ph2Xu_)&2VW_gnW7bUVz?L0!^ceO{Jqm$2hkQC1$}D_N98fl^O*s+`;2V9%*mN!lB32M2ddw?Pf?gZ@}* z92qjj!kk79s~m8N^4{8Z>I$tFj-!_%MlSg$(r9*{RkRkXn0sf#r5X37aiJy{s}NR_ zaokdtuk4F0yBA9>(CvTJk=TXL(Dg&4jO>{Zp&#aXi|N19)wgV;zDO_GFAZP1eFvI3ce5XAt6RWlwCS|qeFq6nDJlXSUHpgDHyT_`A|pz-H$=RAc*d+^BtDQXclS z@z|ZTsq4-NK&bgGbJtY9{;(=>oc4$ljht_YdZ9=$apayArZWHaq*7I6pLWjFTk$yc&R?gaqx zSpu8XT)V|HfvM=^R!vrMvI`QofZ4$G1i|3oaK4kvcGc(}TTBLc1EqK5HO2`UzY{@raUu~p1@Dcez~`GIVt(UEmwI=dY5TSiW*BJ5+a z`yqYpWe_4YO}S&lvM0QJq*n09F33?T*D z)~l;}jg_syc81C+PF$a2EIeMa*cDJslvQ;~b^Q~gjZN4+|$iu&p?b{m* zk?~v)`X9P*o22#%9JiSmbhCUUcvR7p47B*#9fm&=GKK;MFb^D;{{k{1cBj>yD{`9_ z5KmUYUS19Et^gCUiZv-oz$vSSMyJvog^uN55>tHRK@da+ISd3RGG@xr8$-LvZXblT zwn|D1eNGxdH+jp;KNpH{Xn&6~Ym4)}N>)8a<7O;k$?}df34M7mxQCuW_h<-55a+o< zd7Wp04bc5xankW!Fz(k)-iXTt0)u6vaPaVXc&6A7y+;0r76L27fwtRv<+mpM41S!C zVpjvHEdov=Xu|%5J)8@tY`;oCQJ2Zmc#}@;Y0>mPv3|Lr}g)jhzxEryz1qdLp%iN8!$uH79FPED!!x-DkFn zUZ~n) z)X7FNf&Hj9ZyvSwcDUKT7ya>r=;M5uU&$V7adt3xtM8_PsDK2})JI(iZEhZM_4AHR zfKR}@^FX^SaknGwMTsKWNT!HpY&HP}S+QHqa;518Y^KKjY4Kyl4ewy3q} z6Ea?E%P`YF0Va9R0Gpv?G)1arYUL?McrGf~bHUF8ux0^x<$Yx)b#u8DHp{`>_vHaf zENK;OWfxmo1RiFfrH$R640{BX9Ri*86m!9C1iF5@dp@;oG%eC5ye*vG9(k{DmlNLQ zuN%K0Q5CwmbUSZTt-ovA`s|;y?QE{iMS6;B9YUZ2MM*qwj=%a|f*wC$LyU*AQ|=7m zGrGq+-`gcg=K9qB<+b_6 zH=tEMbuGQpXn9z7bN6ij^ZiJUo;AvY0JjUHDg=d2+AqtyCPA-X6i`1~>hwI^QX{rP z)i^wU9WL(u%l}8RR6nNmJ5)vSS8lkeL6pwuP(;ud&VAA57O_nv%X&z3&e)M^ZBlk- zM6`eUjdq0?G8alo;BNj2a3TNnUL>1n8c#+O0s#(KpmucGjbo0DXobt_B=#jq zHdZN;9fu|&^}|Uw*sx0_v1lzwRcAuhr4{D_eWm@@^R7zekV!s8{>dFa~qNQl7|(;k3fRW0- zG&tGTkeJ-SgtSfAkkwSVaHPDrSmhdh27w_kW3+|N9_CJs2@r^+OJ~mZI};P0u^b6S zKPGmSKb4hKrIqjBy;D>4T%X+VS$)d&t*Y}{>2P@ ztv6DZ#|NK;A#JKWflh*1S%ollC18_iuLKxGUWzbo+Plr8V}(E`P-iIh zWCM)MSLf?e4rgO=eoXdGEMMnR#NOWIW}*!D;e4HH;X<9!pTf7lR3x3s%B1Vvn=G1_ z+k7-JH^{n0(Ci5X1$p5syYWH$#&Y;tb9;wBa`0?;_ya%YbVPu8#wS4L>iRga51G#A zkSED6rCODFeIBH=aJ^T;+%J*`K3fGWS~Hknkf7Ui6;)Mr9FsRG$koFX2Oy%eKxFWl zD1BqaTx}*!hCdb>?IA$ZvyOXi`D+igDt$+M6x4V z9cI5*6^$kb&S8`p?N1k;l%BNVmdn4>fD@<}>8ZaCFO=g=S^h1;s?PnnP&if1^3SQ2 z@$)&{n2VL$4@$@_LuKZlK36F=W4#YCn;vmrxPqTsbYcR`N{#ZZH~TeOz{(0S<{GcW z1xlGYG|Wqq`fZq%-?j>dzhPu9qH#J}|5CIeA#G+2G*1_>*-EQvs55lXN>-R_f1i4G z7=>!)r>;^Meqslp&+EsYj+PwC<_Ywd&0Y5I9_~2IYQE)NKJ098v(GF^`*{8)`I}A* zE8<;ETF+FNQS0HCtLFCou@lGJ(!$?#I0Op<8l5xX9%c>S*lzy4l3m2xL#v%;)Sk;O=U65CU6c*SSlT?%L)$_D?@l@!Wi3pPc)YRSyG{vD z^ny0$mja04MUR@`(+e#E5YxkTD=zEu4=V!NU}FN#yj~=u)VMN8H7d5S{;?#N_i}pH zQAHeQZ`PVCU%g~f|G34$9D%!q!4+y|>SXby5~?F|Jk?N!5pL0G1`RB?7EgiGaT`Ev zH~swcn4x)pOt}pBS(2uEUlrC5p+O}54??r`n2T#?* zOH)p%cQl^L#hRC$5~_odrJD^a;J~-J)FY=$$`a_W(9QRH0o_IA__$^eZf8W9gJ#-} zH`77uF8rBFr}ybKt=#Q|44(aiv>o#U$?Fi04)s6$skNsX%89Q~c_#e`#o_cDk3`7w z*unKmIu!1y_oNNv-Z@s9{)doD&md-(E!>o0)?szd2nA@eHK>W*#OdZh~|ouQ?odqr{gbdbO?o%x`OG_SAA3u&26zJ~S7 zoEb}}{Qd+;NBVtS^;fYZ#vv;QZ%4UTsw}s9^*X$=Eog0h{>t3{DelYaQQKD8yGI26 z_fRO{&!0cLxPotePFY2r7C4(a$4_S0@nvOo^Pu=;2J8RI07>wf%gyDXd6NbNgNsb! zp1Vm??zpNJ2fTx9j9c73$I&owYt1{=Uk=@k8yAJX|9 zgZ)(pS?7TlV_^7E=Z$uuFils+P4+7K;XhX`+vW1xy9baaojL5*4RGgV%{4ct^Yes4 zqjvh~s)2Oy>Dd_!B;~cwnptM1!gB7{F;&I%uO%ac-{eU=I}I+1QI)>NoyJ5wtUnlg z#&|GSv&_$^p`o#bw%2Zdie(H!lgZVNQ?0HXfo@mq<#MbxbFBeG!O36$JJ)&8*7KpY zsr-%nM*jW6QR1gudDA~Fy|{VTPof`@t1kgwOQ|Mq{CTpaO&kGI^WIA~VwK+D@GD3E z^k>fq{GsdDrO!jnzQxD?^@|FnXRgvD%Ud;?-{dkx)4#}*2WKamm#6;@TjkzuIg59^ zrer;DaLNPGE3mUNXN<{7R5j-p@uU-<{JJ-{Fz)~rV;G_^THzDQH!U0rFwV5qZQ`RH zir{8_6Kn9{#s>^O6b;Ua(TYt-kKw#QtuRLPl|Hu&6g^#TY#sWS)HsbOFYsrOoRO1S z;TXS7kuQQIc?{c9liND-F)vp$>{Jl7S_a$tNiTfH9i^*$VNplcb!;ryqQEWcpp@7Do^kd@s?2}tqekFE%a35)JzS&e)$5p-KfEo zZzhgrKGWR~IPTWdyMs4ZBleX(03Q1m_k(;-fA*WW*PnGHuLhNmOR=y;uVtuYWQQb8 zCL4=>Z-$6DE7`^q5Id1p$cjb0wt}odwjwHFXa}+y0m<2QuV}AUu~*$m z)>ap7>e24)j4{!X4^?O`MR#)N)3qNgZ$0|$LfT;<;~C8`AS;%2FdXA@Q}D3g1Xd$7 zR6{3AAM5KKIgTDiRQ|w?C8a#Oo*xnGG zbC`4|B8>^+KOySTflBA(3jAdo&SYxee}>vS-1ew}O zvC5M+ok5zS5a4FugH3A6h%46}J25^8iI^1dZ>4Vq^BNY7I&+7fL^kevn}BWMSLpIH zZ^B9^{#z6zNGnJDu0T8K<}}6{ZXjeZvLQcKrIpK#ZwkW9wqJksWKfa`=zApH6A8&Z zV>gd}7LRLn+!P2lj{MiX_fjcpG8jVuHG}FBUX#$g(9zdTN?eD?M4i_Q1JH7qJsXL+ zKy<9YHz8WEg{KkDD3_*w_EwG&D{+xt>VE9y+f0n>93r#E`&VJP?&SK^x=~qnhoY{| zfYdYi$#S?6FEzECNL&E0+B$<+8@Rh;&{uvqP0AMF>*`u9-6@7>-Xtc()oyrm9R1)C zK<|#&mn}8V-M{k0X-)ljC~I@yyUYIPNoQyMC!00Guk`Z}5m_{-2a(ayYC_(4SY|~> z$DDSjU_X>i`}rgzZ13tCgmZ+HaP&78(Yxn}dJv3?a5{3R`zVz|Cj&audVph*|8h}_ zrm5?eK`w>$;hLha&+YpXXgLHRqN{NORzkLl44IkfLpO1mWU>g8Gd&@zE05n-mnHz| zPKZi%prGfj?k5{QyBq6pX*pSbpzZnY=bT%VomTM0`=y|p!&6~8fkcS(O*wi)0VitP zj%U4 z0m51l|5K=N69GK4>Excl1$Vgg&q!+o$rRgB5BDwkYYp#_2`L_Q8W|EnLW2w_75KLS z^F(4JjMyNAp%Ss*LPbxZT|Ga;wbW@82;(GDy%_CCKq@0R4Y=0M|4VEKEQ`OCKj%l~ z{{lBXp=&Y9jJ1snx*LpQdQgK$J46I*T)b!f@vb1}y@g8mQ2Md2YQHVNc5gAghLHRGbK*q$$t?gSjeE7I}2&oAWZWciPx$sR;}_0F1=%~C3s|9qe4+=S>jjeg}A6a`tn z6B|fN+9ezOxp?<$kJi>9l|BD7<@Sr2p0Essd^&Y#Qf2q4=HqrPi9jbK{cjr=j<@y& z`J3H1!gm<*yV3YrAmf@9V`}kPn7780jrUZa_#L()$lN3JSj2OJYpS9q_R#ObCJzAz zre*TyFR<;B6p`fMuqrxs?1i!}=RJg>-XnW+{(TEsb7)|hwfJ0aO!)lk;e*fjMeA>r zqU-#blhRYee|N?&X&H}l!gdyuUT1nynJ402ZMdXiWB-8t06?0Te2mXhy>!KP{Pmf| zS*lYpTJZfpFi3W8sF>+$_RPtl)u!Z3yc9}57vjK+^bJD3n}1M#-6*iH>+>VHwOR87 zzKgO6RCr|nZ5c4Q6|b)qeT)il`H=DTQ{f8<_TvTrMuiW26G41!1=qW3ch7m=X9-7x z-Ei&Pl@azI`3d=L-<`QhrWkh!S$&i&*u~}~@r1$xRCjG{nKf*bP8~5Y|I1b>iXj5t zzoY6tp95m*3k_y^FjdaYWT|a(;aoDI`)#p%J7=5SmwfX*GA_&6O<%A_E}d@s<2em3 zOdUnXcXpW+^AxN$gaa@aP?i{ zpY**5IO*pH{Od8HI)_6^9A;qb3J9_}j#OD%X5>{?x# z<(q)@-4*|%ejqjGncF6K^X3So=^Z)yaeNGrBFXrwmv@@A4&b zIiT~5#Vz+ys)UEWApdNekEfR;{dUKNH>Pu4;5n{&$r@)<_d?$2Dgk8!kD>1w2L%X@ zE&Ub)vc=u3Fy7p-&(SHFyj8eHoiwn>^LY2Kfu5fA(hOjWthL3P9iP>R+hrfm&ctG|D zvHj&4_iz7N63u6$@eg%OEVt!0sHVqbyMo67X8ak8vxkXWOqC|IR}Qb>VTpl@&aZ}N z>k>OF@c^!g&)efQd%L-dZuJBpk4H=x*o1j$z8J<@Pn{K$@xp8ywQ~|jq~1kJUy_lp zT|0d6G6XoLiLE4rs5ZDeEIx1cr3~*Xv4&YZP&2V}J%jytJbzXfQd1M{c|zVjql0%y z@VqhAm%9i29)3`@RKHM=%8IL7b4KIPGC?I^ic-ml#xzs?IEnO zsva9nb7}lpp=A@DbIL~O=5eOWkN;_2+$H4W5Nl&_D<>RUOrW5urI1%*F`qQkEiRT8 zf0Vcj;|29&9Vk+GNycKy7e^%9Fr(7}sZrBzA0M3?MmFtHeH)DVF38D2MoYC7XW6T| zHMm1P(&*V|3{8b?l8VMpoUr{Ui?e;~{U`t9dsS=4-XqQQ;N(2w zl|BCsTpG&w?h7iwB*-XjkR56r2-0!X_VSON_lv5&&c^ta34cIk=6pj+My6!xj*59Y z-no}{pZyM#^?a*~fbw_6<$}l=lC!yV4&k*)m&K<$^{1y_9<}8yB8XNmBfia0Z`Hir zHVR%ei!;3>!{LbM!joppA8z+(X+0^bBG}sYRz(+i?Cv zU=&R@6iO|;M6p2RvDF*cV4t0r8*d5{+?(ijWYrO23DTAh$W2Si_@!_s*xY95^}v_a z9{Vwqi$VQ<=5R5+?%((-@(x3h-K8=6&nfGy7Yj5L(1L#$$=sD&IPP(s&6`<%q$3ZM zR`taZQlj6<9;|#ut&rED>I`fG;B`_#%ObUHVOMXNI)jn0^Cc)_$bxvGvumZv)v4o3 zt*BleFqqN;F0Hf*59B?1s@OU@o-4(H^Jmri`}_H3Pf%wt(#aIxXW3Fd3Bq5t&L(TD z!Aji!rPYMj=irp1=EG=9t|WGc&_c_xJNE0Daxr})RhLuu)gwr`iV6)7Rl_k!UmvLl z8zH>%-)Rtp7XEn4%BA0|&s%hdJQ7~SoxGv$*d(0Gj%J{m?W|5t$Pj3PIE8cfUxs~iYPt-(VJYxU_`_sD@=5(eiQAvTC7KKiwWM#3I*yf>Wt>uE zniqN+7U_lbKvo+VOvAX&iml=sgr%<~C+k8lOBHvC^xG2?bQJg*5fn?X@b+KB} z#Z7_2B)B?|bH^gG5MsSKrjt~_@ae2>UTjzbEXsH#M8PazC{<-NKf7MU1JkdJ|g!*r*FEpeQL-?{lYRWt=dQcHUg(&dk`I%V^z<`Nwkx>k;AFpf6Di< zGbK^oQR4K{(+2Eh4Nc>D&O;#WLO1dwKL=(KqRWydm28TRi(OqEPlpv=3eU)qk&NY))QgSjtK- zRkdjD_H-8RAD#BD%VAKuRAD%GbaDuD-m`Zr0>2B9~THNqF4e83{f7*n42 z={p+g2a;uel5enPkSQU{1IuDjs#SAotcsx9?hIu2ut=yG6w5Rc^8tixqy=pr^foz)G-t8z? z^%jz*-~<80ST4dv3D6|V!yI1ktc^6AJ)(M^CvVi!mU)JKW)zVI0RqRP_40foz)(4z zv6rW>Vtn~G&IuO?W_NlIt}C;S#tdoew!E~ytwT11 z^`_&5OWWJq``Zc*6G)zzjN6bjb8LNayE^`8Klj(J==&=>wT6awPyc%zMZL6P$mMK; zpj~IiOV!KdP?5mGAqSp90}AKhKWZAf@{^kBY0llVq7zg znkxt5<%n@C_LAOtcf95!YW7HqI7hU%SE$T%XU@}6PLltvq&X|wNno)?EkHui5ywI) zMPfp{+!9Y zb;NZ9*B2L^AC{0Lnkjll^yWdvhQx&R0Apx>U;(<86*M~|@T2+MkTVk1Y2L0LTE43)QCH^B=K;XlH78#vr zco8)u`cTAlwQiWcYPdmf{${w&tnEl)|A@XLP}Bv4sl2z9-PV?N7YVJ=!0naL3^oBV z;1YHaDwdmB`2>{8ffFq7($mu)G14V?R|bXQNQnQ*(Fcn>yh$zjPey*OAB#Y|B zH(LFL*{F>7eJ)%DhK}y7U`MU#zctzRl2Z~@Ts>Qeom3C2N7-wL@i6RnJfoT9BTd%S z;twYNQC0Ub@UEZ%z7t3C)_A_O))Nxt(-@Coc^;ic zG#}lpTG-|>0pIvxugL!7oqF^WBn8)4cdvJw`vioZ|KxOTBj86^;)uh}VPkn>B zM%2k!Mb(Rjys0cX$&e7^+L(gyj8{4^`e|t^O4x`$)NT5y>b|Ew^G`B$XrXuaUu{d^ z2q9;~HUyV*9z5K@zaJY|g%bouHZS@)8?ZeG&MfB#ETQq67Zbvw&xVM>=55&IXxkl? z5kuQ|F~SGqindIPVrP1!ULdu)R+0OUJ;;@G@KAG+#9VdOWUggu^{pazYV;}Q4Jcon zS*PX{J|~TNl%=a{b(Y$VPc%6HC(PN8cOyBF9mqFR})#$Tg-!*XO`}>GLo5Xf2 zwCFXTny6-}whJ{ANafvEo4JiOW~-ci#8$9??8m2xcNKzoUdLJJn;z8T11(_G=QnqHimB#uEGoWOW{vHe*6~GWWki@NlAU@?l1f!m#^}^t ztT+X0S1e}6H_N*T62>Wi(3bs1*fRKoDx?)wjuq~oL05Sl{v>Wf#0s-kOKPnUbU*sb zUa*!#QZxSp&$$QwzxG^r?{AfOHn{4bGJnIwnOC5A;73h@hT*$%v-XSM zUy%4c|0AwCNo{N8d*oyauTnF*pxhv!mEuW5Y_pw&Ys0UwP(2WOivAg^9y*-zEvF~a(gJoDz-tBUoDI81lS+S$%G&!#X_3Rz z4I_IrBb*~59QbSgmMElqyW^qJ&xp#V%$vlC^LK6HB&c2x?akbmxA*#=X##|_4&q8@ znpeaQ?}gHbZt!vn2;B{1{&~oqLiZp-0W7Plr6udr15ExL%_kvvo+!qZjPiEu1 ze>!2umxw=NX>4#aWo_5EK9N&Tq4J&z-6bFpX431)v?$m*D>5W#4sed{|`&@m=H_ z@yodnQG`|=^B=l~i*jBxW~V3LeGUuwbaqcSzLW;Qn_1tHPS-*SUTGMHUuOzHy{h0e zUV^pPUZ?q-g%Gz#FIWm&mY#R6y2~wt*xn;QFCtwI8fj{L8=6@xqaCP00{SN&swDL*IgJYxCbp zHlqq?%)_FOSq;Px&b~TpttqDIlVWi-9{i&1ig6cT)UkmaEU38VhCxA%XO{TK(4N|p z+82R-PvV>{K06J+64Y79rw=wxSoRRTbV}lbU02#5$qb>ilQ14oX-yg(ZcxN!4-%+AGAJy26?35AoBwTTJc;ZBdu3`%bUvhI>5T*5Dew z)&NJdMWy?V)GuZV1At=*ew#r?@9Er%SoEsXBla2mr~NG4rg-U@Q;oDVTulcl9nyv< zy#pnNmnGRhzf%yHS%c87M7kHV@*^7ZmB~PPC077W?sp7|DKLZRD%I%pinVu06U3Pi zInw23TiQdXxls;-DqJvAqTniI{Il(ggWe-shS0SP>Cxv& z+x7+_UiSz$YU!zF9gM;XL&gw>1q^+UhXvuO5v<S$b#D6od@dY8aV^7A#YRkhwW}h(j zTdc{~sJkkq8|uZNlxf88HP}>dOVddy^74et`bF1!r8g3wtM79(Yb0&V`4dfWvB6u* z=HW+nJ6_x&Z{ay&tXBN4s;pITujSr)4{vR5Nk+f9XSF{=iBc)lc#3~84T|mxM~Oc* zsU3o^jzT|sJ%&eTE^2&haLB_+6FETh;FwSGqmxOB3yPoMX8L%)ypR(+ zdv0P?gDV!+>De&-vlJF~-OlriyG3aC{$Wmh|1f_fC@9#%{266(!*0JDM18JWh@32V z`&g>K|J(vnW=s7ytftRsJOrq}Xz}O6ixLdlTiLH@MZL~Ge^&;?0tc@sqm)SLEdu_m z^+TVW6k$$*Jf>A^cLfJK%*`HYH2e zfVgh^oLTY_W;O-e{d!iE@z);cN5xwNQ%vj4q%-(9y93Qa5?TQT=0N+?gJ`)~i<@Yp z^5mr|N+@#$`i}2I>GtO!N0*h%T}QSzg^X%LG=^-GrUoLnCEbj$Nf*^u9Tqt$R?Jr zD4UIyOyHU*r)@2oNzUn0iZjCVF%aA$c|(iDsCK+wuFm;T8;Y-0OF>noX^-B{kjr>NVFX^w9?(@a9`RLx-U*t`VLl3x5fA7c?e6IIWZH)h=1y|(hw-} zEE77&Z|qCx+?%J!*jz7LcQ|lwFMkPk|Mpqs-I)*+sa=~pNN0FNzFCd9)c2;gTsB!= z#m?|^Al;2!*x@I?8ag1&#qn9Yv~fp`oYV>v1>t0Vm03C3K^ei@rTK3(DiZ8ucD@`f zI*%-{+w&pWdbsluFKnsJxM=XFv6Pud-Ulo|pO?zIKUt3_6+!B*0>A%+OLyXBMFS2r zlb_w7?QOK7&&v4C==*}xO8fpfQ-t9jiVW#v6A^wH;JhC%>Y&4`QV(|GhF)BiSE3?W_ zCNo*)lIjOoHBT+CH|?tB1&Je^@|~QpIs7wbmq?qX9Ri&zmmLoaYTCZGQYUJwCB_Nb%}K)>o61a z3ptp%XeElZPG9i6_`I?&oH%B1|KpkE{yQOO1Y21#NqP0i&T#$wa+}=Y_BG5#Vegq?YVqz!%)Ks=C@B@ChP-b!#%#as8p?Qv|j2d_1zxRP|vbVvFB|P11 zI`Aa-ZCr>h@*JY|ugsw?nA{J-g#uprfh|FEEBhBPRnjwm-Ph1dRgVDXNW%f;a( zZYL0ALcH@YLO8|8&-5MGH8Oy6HyfRM>dvG6Ag?s{pZ3u9cu<9E6F!buFjf}RvzY`L z?XFHD#3Cs_M$(3I*{?n89mqdv;L{gcU_Iq#cxVzHMyS^85`1V!rSzfmAR9j}=;i&kP7lCc~Ksc^u)c4SGc* z6?H`8Sq-1F2G{SzqkWR%sUsRLG2je9t=0)q6n>VdYMQ>g2JAkSqhi1JtQw6l?#WeF zP2on|lvMY`|Uey-#EgNx)O4A-RIQrzTcHo??f<|D_XjETmY1X%l zn(w*t)sA&FO$B8mkHm1xjM5Jj+lt?H7Z6Ecc50;_J?2CMuL4I>u=~7Tfz)~Kfg<4G z3U)>1zw;y5kYY%Ma$E8gx#%e80WUDCirEJS@FhQ?6Csv2Ue`8$Unh>~%OGYAXq7DL1-` zfKgsnvG=-vaw*a8Bs%gbULa!Hi;2V+8-b*l)-7zi`?S?T-oZVMe^wZdcqVBSn$t2F z?hXun42U~>Tvu9Totk5mURJI|kAA`OBb>j!H+pdO{aSVMQNE&ACBKf?yf^V8J`@ca zp^N*3t~YJor7E~L%~oJclGbjjvA42}3OzJhalP`y4sY_)%JlgyAq+5k7^1 z&}5#FH}?^B&$MUKwoSVn68w`V9$C*6(32$ewhdzJA zp=;tQMb{0;<0b@SoZw?=s6j7h&J^F(qsH5X!DXK1w%yg0g+?8=dDT#pl=6opTPGi; zE+VWT9DwMh=G8~V+ZFo4^NLWOBcanYxdRni>O(%F*q^BF9n6 z(xa8}t8=~~z$+AKWd*#%q}0Q~yLixMk+_>9G2QfGwz{(_C=|-DfMZdA!O}oGO&Jt=c0e6x_#oeSMTQpSZL{(NL?;xI6#puB7^WSKOap}&&rC>$GV;Rnkm%?&m&Ve9|H9O)Evn=9Ly?fUOw35Op71o%h3l{O=WUxy!os} z8N`BYli76=(~zcJZ=Veg{IppP2|VbwS-uoYFuRt~hj)6(xiBF3LT%;{zYrvoFQrw+ z%Rt}uMcY0`^c?g%qa=g(Q4_@u3{hC_HK~-s@ z94(z&rE4tiiR_(wv>e`f?xK5=;lO@-*2P6g^PRO*W?XKU!@z{u_S6L;k${ebJK@HWY_S*|ABUdcp`w$h|+~G>1e_p29U{^jNFi*J301sKT1&7Rck9Un9 z2NHH{y2^y%$Bf_@S?<#Jc&u5yh7h;B2aM5bSIX2nG z^13vq*ef2-1~;MOmE z>q7C@RV}9CQNtX~Ds-CU;an~*n5Yf~m(ao->}SA<=HVg5QroiocV3tq_hP!YIxPR! zqhoGbMd`Gg+WO0%R0s6ox?Y4Ms!~`KTj{tGrPYZ&mxrYduZQ~jLAI)D>FB(RO7h=Z z`GL>+`(aroUxu(#3TQ(bp5+vbgc_OfK!j~9gPC&Y9`}6Q8;%<{C#gDMny)p)%Av<) z(CuSznXMULeNSH;HL^*r<&c<@o>zRAMYd$3%5cW+p1E9E>{YS3+JqOUVguK_HH+nt zXX)R~%*1kfxSygrJD)KS`KtT$qmMW=19BlY(*9vIBwn>um5G{Dl8H^dcMwL@s=Qscuck{O-}qFc zqRnqoLk=Nt0mkuNKQuH)^)WZDSa zY8#?*T>3kr5z1X3ZUPNs!%lObQ`5m|0Zb;>gA7*hLotxU}3;&m#TsCDkw;V5k6sHviE*NFt$fgz?7!yDiJ0);e z+xGFSy~rTT1i41ALM<@#fC660fMX2?|5X2JK)vJ3_aM5Qu=q7<1ZbR3TkxWeJ{&|* z;^3@MKTfD^6|w3vf5UM@(0k+{=7Y^Us$q;H?0Cc<%K$7370;>*Asnt@)Bx1|vrb^G zj<2(|R)Dhm+=)XL_oLm$yhT;6l5)PVKx4(zvJ)T=fTQs9S%htB|1Qrk{3{wn0aJ9Z z4AImLM{$x&fC;x9P5mSNCTvz`RV>v`BmRbs5RmXKFSiYbf9YSCZ%qM%zlY<>n4B;% z2TDpIGL9fk;3&3rdiWm>y%|375OGM1W6Q=JB&2?*91I-OdTby3~ex z7hy#3_tQnBjM*5RhU3L;w%FEs9;%f%)HmrMoI-~?@rGjQwIWj@&!gxGeVPP~kZ}`& zDCZMqhG*i|`h0W(Vg4F9fWM(JS}l^TgLG^(+f*A{nIi7bDd_JQr6jz&eWmhnVhQ(+Btep=3u+u4FuP@fX_uIU_@A4*rFY+E@1lgMVY|c^ynR2`Y|N(^-pc zF83$i`S*Z)YJv^KUj9041^!gSnunT5BTr3EcWvu8``7v1UzH=OF-eNpmL05f`7GJ7uO$ULh(!+l(O;*05pwxGnnSY;r!N_{4~h(zqJ@J zbjJR<+p5GQ4SbGq1lg+YL8?A8A;03QY1AH-FjpD{KQ5ksez5;m&uCNm_=S{?$(DUp z%+%WpJx%Q!bWj>ZKUhiuKy@a}__PT1 zN4!D5WH#nN&JtG=CA_oG%PlqhG0#Hmabs->e|Ft`c-k2MuO3=118eV<3u*sfw*dH2 ztN7OGumQk^5&iGGTV^V~#CiuD@XhOnJv@8u#Mrf_s%m(r{+m-&uFGU^d51-JwhN&3 z`OX&vnCA$r7tJJzTo)N$OslP@>aN1yU0Fx>23(%}c(a$MZx5EiJ@;&Uv8hhO;eUCRCHwM+B=)5P(olS{IhJZ*q!2yCPw%~>_IBkekVv*FVWz6qQn z0Qi-1GN61y*J*^^H%C~Q{KZcN5xezm2Aq%EX7zW#AG4_3kSvq-Ta>=vd{Jd0(E^B` zlTbGXal{)fg#38#9Tn4?KEZeL_*L2S{0hw^>#y`uD|G3jr*?$GZvf}h<_tO)fhz#C^)L*nr;PCdPWnxtsx?m(Ktm6np|3g zAu`u^k?8ZQgKs>T*(+YCr@IFidky~QJoRTpHCFxElavXA@^Y`<%oH*y)If=5!oPX% zGDb}fHJPPLIHh!sR6UCtU;1?`LN6Wkef0+cAJMfNA2%IlXkEe%!ml$XuMkwXXVXR$ zKZK!|ET^4LOrLHD>K4V?ePfydqH&f(B7vV@L`Mydo3%7b{o&{N?T=YBPDnEXKS}x5 zaB+Wa+$f``%$k3P$kO`c17?!uVCN5J)oFV#JKR-J>UjX<*VI03vK)f(nf`Ekn$Xid zuwXDi4;%a$uH7v$=iRtG&_aT?&ZPd&4gU9xEK>3Zyab_Pn;hyF3N~ctP;kHEsH=#` zyzv=Tkuvc-L(1T~Dws3uk)jq;X*`krM$Cbg{Nea}HQT!W0bvZr@G?D z$7TQ1xA6a(o!4gU@8s$G5<(V;MFlJE4&AD+r%&TwKCid3UVeRmWM@vf;Nn2J`=PHh zzj%E)Zh3j*>^+K(_9c1=QFeff3lAsB%hiQN(synMamCLnU_O%7bZ4xFt|dwM)o@=6NXR#}FIBl-Y}i z0u3f~wgPO+y1B3DJ=f9fpRUZ}M!$1(lci!)99vd<7E42BbMPdx#7$0sfY^kdlItj5V3}E_eg6srWi0)eMEXP8wrDBumyt5O7wn~3= z{y@|2nw~T~Z`E8%3FMf@QKB>k;g*ZMcthv&>C0 zf99|{5@#+tsi4=D?Lp*o?7e#vkj3Vx_Y*c!I^Jyiw*|nl@_OlMi&Bqx)lKb#VttKc zyQic7ePVMC{A-nDyVD@bFk4Kz5pjD%)CAzupZ)>8Yv-im?7zxsK5IoS{o&M5{@mGZ zZ}xOo>4k>KG-#FcQpB@Qv8{qDnAM2L}I{4;DPm-5aN7FJ<+pW9rHO2R){&pv{Xwo>^JrIAgqmcS@ zFx@ck)LrVBRSw)}a6Vf*<-4&+2rs zOCG8u>`O;VR?M_wphrAXiT@zR6txzY_u+MHj@f>+0MT=SWTevOgu@qg-vrBgmYf76 zw#Zn<{XP0T9kJsnp1e7lsv->4s<*K{`owq9gZ9la4*lfA59TA}_p_`I3Io_t;x)6% zyLto#{2SvA`Yx!@=Aj2I-w$a%&6%QTA0q1PAZ@$D&l0NkILviUTCT^1__>)>XUjoT zr?*0BL^%{zd$BejRi{ML)w9AG&w;l;lCT{pWeJS zK3iXoNO*xAo>t&p=cPLasVeaQt*6tvVN?L%-@jJ9nNPjQIW2h$soru2rrw2P9RK+e98;$BrJZJG|L*GX9BwsL>8ObgCofMuj%zxLT_cO(SgzfzeM~t^-NO8cxPhNaO_Fv}@cBDV!abkFH20-HR@bO?%&OG9UwR<~U z$pIwvIL(EQtP|L%oFb4O$SNNT{Ut zz)o{BMB3kgJ3GBcXZdOty0FZ$F|=Ms<3UNs6!fY1dE8W0(bEs*Xj+SpX2#3~;Lj^; zWH9Tnp$HH-lch)rIU(g&c-X!HzZ-XWtE8%wMglt8l(i zwGfq}wBo4QDee5ixtr#+*dvZBd>5yw(rNwv*m*M#jW2!Zt$OzH|7^bgxq(1CZ2!GJ zFl`mrZT@jub$W9kEspZb*l8(ML2jvEA=uei{Z)J(xJw2zVkI$=P+^)MZLf8X^n?B~ z#HnZ0g>+>?m`mSlAvwr(TY-?YJgZ|(R9B{xiL?o7lzq>2e9a7Clz`UVSLxBb26h zc$}#;>{z0i=5OwSNoTp`I|g7sUz@Fr6}RF|E4Xopw;XW`Xdmzx1U`On^{g^LuHF4n zn>a?mh+4<`a2{^<>`V-}7i<1<=dJgm2=A>!3H>#~o7cxbh#AjhHIH4n(bE}ILw=lj zg@z3-ijSu+h)#~gG`OK?PR?1+k@wWtm7{^tc>G^g<}J z{YBe@X{+Hb88%#lRaMxinI5`5M)pOO<$5Y1^!v$=2)Xyo!V_1n;q+V*^GD0Sy=B%iwoX1tKFR0tP`E>f-?z!I1a^CSpB|tZt3vp|AY$u z-O*+wznud{QeYC%$`SiPP=e{jm5x_JpSs0bkP0+r?G9jGSYa~WnQeAUzIQ+VYxj6R zTur$DkG=b!jjM_Hy0$LBTyDOY3nuZH_;vUec_G_V-#Le4)|^?sN(1n?}YN}rjApdwVP5crTuP@Mj3qja+Tt- zMmytc2dMNt(x0N%XlJpWbdiM5xgX(L>WIhv+-;kcz-GCF>0S->yRrMkj^I8dX9&Eo zh!zCjU0F%U{?~5FH6lzYl7yF!v%|btQ5-0KOu9Trc}_8AB#JiYF>f>-A1p;FGUkue zQduS=Nu@RcCk7W6I&_z0xDSpOIBGe0 z5J+ZInhe!M=}W;=7qm>a%nV9NK+Zng=nDqJ$MFuJnJwmWsa)Q^ZRT7`N3v)y(vkhz zTfQ+qB?h7SGA-%@<#v@GaRMV6W!ISJ?oR^EHGk1`t-q-G< z2!k1nhiPc3iUPKJ_8OL*=RcmO5WcrA{l5rAe9i&wOC(V7`rs5C7Q+R(;t64L_!e3W zd(kl{&qLAd(#8}sm{>~!Ck-Os-Ia6paPOxQ4X}?I%vOZSilqheR1GcTEe}2=1Sxsl z8BLU&3Fyp8T-NZ(kYqtE94A}~a9taBRC%oiGWi|bYshhIG~hQlysD;gN9lta`buXJ z?p^{pZ76+bFgsNHaB9DX$u2wb;efYB?ygdx8j5&}X~~*GB=vL!H%~_mq|WzH_2tO8 zg~`ubded=~kj5?eyB0KVgBPsz7l#?~7~>RM?M#QgIT8H2WAtW})6Q+bHkovW+Ym0U zYM9|?G@NIMptcc9@exsmELB|(aG~bM?;c7%JEe@Oqc;FII0U!n`XNwC(l-XT*(IvY zz7OL4?u1&lJ8t?0r?y>=?T0?Q@Vc$2b#lFtG)%F={FO8v`gbeAO;3CIpuJ1S-x< z9)N)YrZC979H|hHayvH8zpU3_7Rs4U@enKtzQ-5j$spQPV2lU*KDh3TtZGI3ksWLE zGvK1L#{7kdn>c0fLExRcHm=p&z&bT72F^$;-YKp~E`{AN?W z>(FR;d}X~u)XzlAy#5Wy*~Otm%ip9UvSFSS)BW;d>?w_$guNWGq7yfW?w*#j(4hBN zd{Y7UMe*9z_v9!+eiQ;-Un`%iNUCzuy%)@DBXlYPS(pQp^AoPNdH#)Mx|TNf@)5^~ zkOf@b8RYHu`?RfsW8P_?jyR1WUJJXK8=QFda`55Rn8(F|Xv=5Sv}qd_Vc%rA#7OSc zxJ|c-r^y3lh&t`DB4zA99<5B@y~2)d;C-GXpYod2y^o^_IYUsnj0nU+o{=4)Rf7ek zQNsYLD1=0rSQ}8Mx-L@m+N!^iN*)GJW+ZGSo8X2WfRW>nU-* zaL`u6{|yL4HPj(Q4Rd^9tIp5K@*4NDFtcEG>GHPg{ADv&vat}a<4Altq}qO?fgeB0 za;q;zYkk@V`$G6*C;#ZLr;pW&wj+wyo6ZhS1;!!J)bf}JZrS(IRj7`s0rSG#N3OHw z8VjIz5_$Cq7!Erbi}B0a^3Q1h5M% zkun!qLF0s|WG9>meOpk+!MpU^l&iE~?Ue+%05sP&{HHQ{MN{!_58#fX8d@ zShj`7{5Xa)_EBqgoY`It`MzM;9B!A+mTt~;oUh-+%Pz)Y9As6@!Z@|7Jtf6_!DQ%e zB}bg1>^ve%7uP+;&q2q%jUltHP9=%kF5p0TUH!179dN}&Wxe&fZDGGltsWcU20%umUVTU*D<@4Cu=s(nxds>u&Hp^l;x+(w znPu}oygz=W-@L!g*HLq>andFprl?ZU&j@ITsa_-$wW!5E;cV3i zQA>H%ebgQZ)RD8yeUOTeRarSV&jONtdO%i!x~g<48&l5rHQQ10S)g&05t*XC;AjZ# zC!0h`pl%vP|7V~iZI4D&$AomZopV!BtOYtk%Ec%g+HlvPz zEY8Rw4`1jFG*NEWgHJa^wQ?tPY!(bD0cEK*&3c%vjx);9c5Wn7;LHjH@P4Gv-9ILa zw`?W=N=04m_-4K6Xz6-?1GXsgE9aJ`ni{wni_SjN4(=qAbHrk>+>(_7NiUTy;kl#g zo9?KyDq%UxKZj{w7OJ)vr94&1BkQ(uOqIadGlL&>pR^gk(vj)G_oeV@!^5x&oe=Bh z52dMBheH!2jPa~JMbMiS`;^+RE8OmPm8)9EZuSk5(#aVy1`zGwi-mz8)^EsY5Ru|X z>f6`d;jLt6M*iu#{KV}H?_w9tHuzi^Xj02l>@xo1^;K=!l7=?L&`FQ;y5lGxJZvv3 z&Y|+P$oTaW8~!QWVN%jnO{xxfowNKHjzve zqkirdMjo?VU*l330YpF*f!*|(7f=$uPvTK~^rtKe=7475tW&aL19?O23osT8s1NUBq3fiP@c z)XF^!4WY34B=v5_a8-ZX+x@l=dny)%Iq5Io_zyYRX|I7LpU|D$-oySbjiW5HXL3NS z&$JdcYw?V(Y859RN&$n|>Y(gPvjTl1v^M1B?tHDeuG4bt95;{38R>!QBLRSZPTES( zFu!Qsi5e6f{KKl*u{$L0jrDfInU&u?=UuJp6AK^(S?RcVj>oo+?!4Q$42VR%3_E0) zGIMf7zajHY9SMK)IuPSK9)0)4Ymfm?z`$?r&dc`>y}rgO0uT;m6%{>O^t>uf5V6_% zMeBZ2UT%GR?c&}#+eTXm@NqDWjEtVTFFmy1o>KTwU8baEP7eS`Z=AOZ^P$k=-JeMJ z3M>HVxjM+y9^31Xo3kb}l)~~T5S_Hg|2ghH@LRw!aNg8*Gs)*NUEY5C#MAEX#vo|# zoaew{w$bkOEueQ9gby8ceW4cz5XX4%m3pv>wl?ug`h*C;A2)E74mLjCz$2lf(q8|^CL*ZsYuh8hMGyT%uTgHu*s zvpC$`u0u)u&joMyeepv7tdGkORMlk8;%jLo`C`AuPG?ed#}HtbeDJ5{Bf%7=2Fb!I5JHV6#Z3%By04|F zt&Se6QGDLe`4?CNVo5_ly6zK)*{Ue50+I2WFS)f|PVRG-N4<%CH5+P)K~?E{Hwuy| zMGq&9DHoN@0`FHLv$j!nq0r8j$9_`+3k@8P4}PjQ&ZK^u+d=@6Joi+}ARfPGX$44XJeGhMaxV@yQ`|bW0xwCB3 z#*anZ#(zjKejrA`Xn#wJ0~M1bB%x8%o=OcI5)tBJLR3K0MJzNtcbND2b%I(tccszW z(BR70`1!zW{5$qW*vA4j+=x-$xKFC4-=6GqIvMKPm-KF7z*lZX**G5(V>bZ@+&GmU>v;ifMbH4q*C_ z3SN=3^xQV)3^6^Z>}1dCRX{}{WX((}5R*h_$a<2PvADGkflb-O@Uy&_&d*lUCL@(9 z88NyNRsDa*^d0Dxai{)`=?j>b84eaYF6}jzVA)I$VvMZwC<%*#TpO zbPAu%i-!*%o}ab1-l?W%ov@@~Z`W12ReDs+LoD{|+)7J6&0#UwLTbVCGx=yFCkoIs9 zP#1Mud0lB4?FDuc79s7sw-yW7+f{+;hz>MKldW5;hv9e%@=w16n(X){ zeIoD^uMlaUcpx{ujC$vGK8IRC6G20`eH8dP1dV1$bip!eT|`zNO_7183;nsjEtU4W zrYD0;)cdT^<63=L+7L+fO@45IB_7-f2d@Q8g>?1h$>WBp-ki`e!k~Db7$5Pi zpQnJZ5Uha~I{*n8eV}UW?x}4|Iv4_n`?O84@a<=%$&~4ziITl}jjZ57*q&HatVD2T zi>7#baJwdcn=ZH=Lep zxwe-Xz5~6D(v4RnHxYR}0YN4YYYwstFi}T{j`CSc_-?ibBmmZmHsEUYG`ia6Jh+Ub zdryGf;reS74boA=jQa$at?1${algM%SBHH*ZVZrW81w%F$^+B`cWnn=hsF}^b!vo} zk7w=f1XTQ*NST&iPad>4CZ&h3Tp2=bFVQDBnD6%EQf_zdq}L9dFTL;RO5Kkx_Ad@D zYzMo6;hY`8A7GqL90JgGpXz#E_)9uO)Hk)+bUryIWqz>CL;P3lZvM`3%dZa>F!*Ei z-uhgaHh%)w&2~H6wGBPVm*Z;DtFXEg;3ngx-$uRL8)?uC{yFUyrFaYkZ$ z2S{Neuj)@W=9|%bZuRLc4LZ#aKo9a-u3tAAxf-pE6;I4qL{PS+a4k9$ zuZKKq;WT_j;$D%DH_i?lN$mu79lGbm${W^ZNKr-S9D}%m2fwxq>cI-LbruJ|e#)($ z^6p~LK5M&cy4iJlYkMx~0fZztdU+(mLZWq_Rhllg@u%q<#oh6AF0{Id{Y|0L64US) z^&mz$GK_NZB8Zl7Im>NwaU*$#5xOBfd`-=#WXbxV$oUJ$F3G?|rn4C*y>Rg8362y= z;`C)z#0Sq4;l=ewxfNsxKjyU<-XU^$vFp*=ec2qtc|LTl!dZ}t>wTAU)TBjUUphlJrdwRq*M{HDHchi8due^c#3_2Kv={+xT`XOYuub3Jo<3hfqA z>yw{CS3UtdYg*X6k8dX9@FM#I;I4sW&R>aMZert^Gt%mD7l?cck`2{sRvgQdCCvH1 z382eP9zKwI%|Kx=Wt@o&1?nsZKz|8U43jxv49xV2U8i!mMmIC|!W%(SeMiS{2&;JT zU;$MJH<+y{(E2Ga3z2AOri+4so4Rp*dSa5*VI&VDiudin{vYwm6DXBIr%wu|`FRl0 z#kIk7eE3_qYn3}uM;;4Lo2Xsf7|OTL5($Wn;(=AKJh?@%NWNjn7QBdU8Prel&85-n z&8DM>9e!8AKe9EwZbv-8l`{!r6HI$m%Fcafi}-qA1jB6l^A(Gw_t;5;$^wy_IT|9? z#l9%6_cK5>GsP_Hdc!eRWNAi`+(X(w+a=22vWLF+;vmRW3S}OIIOxLhb~$vw z)Lp!EVJf#A*(aCFlOEHL+lW#%ja{f^_7L4Wv?M}$S?=I0;ILphKzBIh9AzbeZyxMw|&W84x(xnLh zz-~o2pK#o@0ONbQsyb_ApNZ)2yZ^-P==j1<@FS zB^T*H>_uagAAkvyKE&=JAM3UAa{_<=CJF7_4U2E5{9%4u@)3XWaywktDQugO!&5nE z@6781*y9GXAne`N6Ihc!6L_7$j1qcrA#qSU^6t3RBKDzb)cxdV(6`e7RkaxN$awaA zL@SW3on}+p%7sW!&9eu+cckCT&Xa3COcUPJw+Tt#dVEqIyC~gQugxsO`#OIS;A(U| zaS?F$bZ>LNU7fboAV6;m4+-x{P36&thTzy{)VyBwaFRp|-&-sfv}~QYi1Q$+@c?!| zMBD(g(YZ&n(QC;Y$!1CLE=sc&=1g`8X>RZFM(mFZBu_n;+~|d1b4X z>olA#xIt?Sd+FaE1KQo~%3kZ)a!=}f?v;lNEfbf3KjjU0adM}Ak~G;Fr1!vad&+y5)ax4nOP4~abgG<%q21y5fCa8l_FB(y z-zT!-Qw9hIGWh$`-}qe{bayvQIj9sWH=MOyiRwOTD|a5eZ21Ocx8BEL`#uIE&EH+1 z9(QtYrwBetq%M8E)@EtOnuS{sRYlcCJ~~W^b@&ojh=cMO4^tcVnTmE8eh;+`9&6>x zgT2=c=}sQSzL+|tR`ZOHY#D^MGe$4dBkG7&(5HwrY-=)i2YgGmoElxZGFRZ*1h{%EW1q5H=J@5Prs+tm0D=qfmB7{+u6!R%ypx(Gus2fE#hS zrt3MCE28+VEO7u5CxO-BmH6Gy=fxG%%lFO4Cl^IqrM~eyZ+x}CCL!kSw0K-?Tr!an zel!%?B4c1hFTTe(s8PetF~8jmFLfs!5VjX0qcA315~N2}cWIQw&lA5eXE0EW z502VS6ioAzzhizsqX8&n)cZIpjJ`p#=1)I~o}vgHYgFEPW{%40r88=rsv@9F8SB%& z(XJB>U18DiJAAhUgrb+tZ{m|ON#cFxTIh572k8PD)jdmUi4i!iox%S7oI_%F4ZTVFmpz$>!bO)dloPhlo!D%9OfWceAK*nk@JJ)UKcdWF1dBEH_Ac;ErCF?+ zv(+3OM)C_h*s=Whj!O{L1j{*r;td;%lq3M!`}s@PX-iLo{qaM7$|!{_AIm(F3-fu_ zbAefAWc}Mrz*Tdp^$7^!4u^K{he}2tu>eS%Z##pLZ`ZWfo^zLK$kR}KWE_|Qh)9#T z>buC^mKeML4fy;>dp%`Wu`oGC$Sem)qBX0&5u#;Hm#1q z(+6HEj$M)<(Wx)~WB)jdg;hEgZ)32!6*rRMZIL`!-v&_?ni#!zfhPDMJoj zq=6A|@8@?%@UNh?TOMIVuh?EyXJ?^7sawztp@zhrh~@A`Kj&gI_Gp-2#*)~ndY|q) zgRP;y*8g;p)^lJShA1C~1NLet0~qgBWDc!Amfz9@n&4km z+_U$z6n?R6&)|)iPX3H(^?b5#pYMsQQ&h7Q49(m)r@l+3Jh2kgX^gf=*wh*W?#yclCv%X=+Qj6pMQ)M^I8!9!f)! zWU0`Yx)gz{@}>?qqf|Z<&8G2|XC$vguNNQvt?Bn(-rH5o3o8Ns^azJE_uJvpe?_>J z0db}x4iHhQ{FQ%3IexFEO%?Q7*lEzLw~X`Q5Ds&cVPosY4(Z-&d-ErHO_BQpIB=q7 zx{8q#h`NgSQVLXH>C; z*{(y~3cMQ<0mJ%p#5-WWK7?OStUuz;U=+UHxm$QC83R#~6bxP)+yyE@GkkIqKho1W zSw}0!VUa(?j9$2i3M`q7q$?@xk0IRNZHG@6o6?#8Io3dmL?EOgo2N``nhGSDS&eB@qB=ZM&f& z-stS8+P0RsRM7P>cog)gtX00No*T`d>^muD4nC8N*7ag-iX9Q3;!CObB{J;)!ZfH zTwG=xU`%cYY#5%^Rkt7ESz7PG*IEo8-S~7H>A+>&>8jl<+T(oUF^l5DSGu zDu-`6Md#{N&nIT%b}E^0Rg-}dV*>DN4)O`*gJ;Ogi zcv$K*aUJ$nJ#Mnn0-+!AS=UbL9i_1B6(2Ms#lz>h>omvT&w9q0v=DKQxay!Ls%|Oc z9(vvd@myC>(fVsg+*4MmT#^99YKE<>lRAvjkG;9b2SutK(&$+_cQykFEP;^ZALSP~ zK^ETye@b*vyW!`9!95&)j^N|$9T|sjr>M4n>)G=5(=ym@Q@#sP@%;R-fO?+2Re8N> zE1x-6ioj7;mURl`2wj+4zG%w7dMzReU)@SD>TS738DGY)AKc^o!$V|WCiyUF?E$89 zYN3Nj8|}RTJMOeSuPpP0fY*2G+y9_L)7sR`bwI8DZXev(nAKYfzTDy`oCxOnU!HQ! zzj6xaacGdZp7@yDM{ZYQ(wu{$0o=^+UQqShmEQgL$XL z<;;wLS2=UFD0`)ZR_1S*z^Q2Uj*$@m`l4GXZnHd~1PjpOyA6Ht{}A?;VQqBZ`tVaI z&=v_4_ZCWlLXqMQMM`lB#ogWA-L*(@E$+qLrML%zy9BoYA>>UTJHK2Ie2UbS?*ReX~RKkPoYWM`%p>Jk`QR?ob<1#jPNPRP9c=knRZy}ATOTnSO^Ur ziH5DF|ILqt!Va3KI`wmf)3L5N8~-pZgD)E9P6q#AycoU@q!{k~ai;JlJ52lp^v2A~ zCiN4_@~cNDWy6miVsv?ps8q(HoKz&O#~u65_G5LgaZyU&hy`<*mT6KnEG4-Rwz47u z*H-p|W8H&0^_MQ1^PhUN8`tSvx$^UQF~XPTB!?J6e7H3~yS7MBxiBiQu#uuJ1#bW5 zmgoWN`ZQV8qlY9n-gF@1$(D~~jN;ukuY8277a+f5RQx)Kpt7ZsjswH8@Ke%3aK5?K z&t;O<3KtkP&e(W#a@8p2d(+eZ8_99~w(LbC>MIuus-*}dBcJj*isIi$j)TcC07+c! zSG1KYwLWSX zwJ3Pan)0Uh{LwLQa3kWR+6c))knz@#o$5eLy^6E=d)Kjl&04P zMJmo5|0j0i8~BIZ(LJce+63{x;EdO^{||7+FbO?jqL*AvR&e6Niihuje&+JU$={&~ z6V5Bmc8j;!*bW8%3C=hnPvPZ*I{&g92;rd*JKk_Bn#6jtg&RL~_!K4bGQ($a4s3d< z+N^?OH_?pV0ui@-*02Yvw+u~5A)Kr+{PY{3@vIjh6!!W?`Q1)r+b0U2r_Al_-PT-o zIa}0b5Svbz%hlnWG*)RdY^+qk27<_%d3a>_{5RVc!n>_X zA=zKPvsp%DBe};zS{+Z8c^)1vd6vB{$C@7R!Q!Q^m93SSS)MlB1Bj@&yx`r_)Kp?b zxV@anV*nfRQBW(8^Bme`q&JY^My^r04CcbUp9V_4%U+;UJ3UWCo^H{Cb8S zE_RY>PWS%T$Dk4BVG_@CK|BjW`w3_0PaGg0QTX8EL$tW$A($tiuhrQ+fEU?;FfAvI z`>Do6*?QODvEbU!?Fu3*nu>-{T$}0{n#i+fgucUG+NdSRgGne-?f-U*NAZ3AAsm#9J z7KHM&w!YR_#6A4irTiJ{|1XH-Q@8ow@pKlgNQLvwZx+JrdCCMoI$56DOTR$yK%{e2 zfo9s;BxWg3r8-jLifcOD43?ZlmQ^^vWZoLkNronN2zN*7hh?NAZ{f)663yj#e0rDX zUJZ+)!n?(@nn=p`qJioGQx&*?5<<}`tESCs++MjAFT|@yym!%LpZQjf->9N*TU%}v zJx{t6@09jJc^fcttYh^2g}>L8`p8!I2O_oHIjk4v+ZqPcbbnY7GOyf~-LekE7+X@D zveo31g<;fmSZ(E4=7@HAkmb9YFruMD*8G>-uX>jC3nVe*#r%7D#9?)GvE>PYX@JDn3_pkxdJN81) zQ#D=zgPMQ>hI!&33^%gx`D?6eJD1oiD&P3=Aoj6YsW~)FFq7Jqj!<&dVdIW zYDf$tlSn4_xIWvoFL3H1z6b(}U;L(T-w^fe!8~N&I%ZRj^FT8A);xE+Lw)>KY`92# zV3u^g(aSi*c2z)d4PrSrhh7Wwke;RJfHn73Cp=Q<@jP~+6+$kPV#n8UkyKT@b#2fZ zg4s$2?Qe30-`c3M_;d}$14{(9PnYX)DF@sX)_t)k`rr{eXv|#1AKV@`Lapf-Gop2E zKtbPiJZj3&?mOOiLbKUinL>Q7%iK(3;Y%GI%bkwdJ`o7tvUHFc0bWZhm-BwSiuBFa z#|&Jm-&>xD;U8#AW$m2m+AMR6o)|=cUGIE?dKk$pgJ%WZr#n2#LzN*4w*cp!YYQ6w zE$KKeo_S8!u1hDT=}yhaMDYqU&vqga)&}h_m2t7?b>aukBULcT+FMcrBbuSrJDG#v zg>0qRUcUJ&?8*3rhAWjlEZTQosENylvmsZEC9wGpBYU!Nd&_AcmV0Bjo%qp}qdu@` zWmW(ijB3Z%#@DwLrtG_J{0%JK{4tYvbHK*$6agc-Nxr$380qf+sx4T&dY33i+HN)R zm%GITQ$6?)rW=uIm*WwS7Glhq;(5OlD(zRlT#o@}&r&9qVgQl+q_P^7888GR7 zx2k$1F}VZ)ZaQ} zlW5rpt9U5Tc@GmA;fJ|aG)lpdSy5AH-zZi!(ZAodM=ap{-v4zsO)S>i_9AP@JE0

    hTb5BPX1v>as5e-oFc_nWF8YDJ%J%Pi|!)EAGK(4LoJYhwwe0Ohp z#(br9Px(YeB@9W`1o>~yQ7M~qj^W=nBv!uAR#%ht<5)Kl;-C zUjPNYoaxrcB;!jaOMn(^KaE-dw8Q672bujZvE3fCX}hnZA79l7mu@f3g?}d&oWd$jw-g~B-f$BvZ}iT4 zBKO_AmjnT%-HD-uVmfL4O|B8W{^CQ+JJRo;oSfqPUoOg7mj^POS$-%npB&+xBz@!* zz|sCu$&zPf%`1rM+c94?JR}J2SK$kCCz7I-L7>X;_z4j^Uf6Rt%<7)9;Xk0t$o~$X@FH1x< zX<+UO`IJL7kL3IAb-Z`*9}eVwr$d5Tjy}N8lSS^rn-unf!hUc2d0c*h$25Z$#8Gs% zeX%cE7X_c1tGFkO_&2CW>Q$#< zx4XjRn!cyU*R11Nb%w(WIvxiY&l`CpUNr$$Idv7{lCoWuIzW8ckHIiI0n70Ha~9>z zrD?uQvsD$8{fj)bz`nRyAG8jmMMCPPBQ;X3%`qqG7PuoGp^G<2c78 z#&PqfoSbzz*wfktp9in`*Rs!gM_4lyn{DjkSxKGZx->2HGBuwOw8%u5q}RkT>TQ37&W#vatPlDjfX> z-jBX^7po&LrSNy!oH$ih!QA)+EQ_se zgmjJ%?KiGr;9BI63=H3#7+$8cKjP3%qBo^jWd)z%{t&vPxc-JVW*dgbY98fM`K{cr z4?jOkIuYZ}E~V|E--BBQoyv(KQpXnabz#!4rAx(E;)TM#2^mX~H*U4Db0`InM;mAm zxa#`aWR1S(lZ|p1Snn4aC;PFb@Ok6?p_%zHSEH(y_15J15%zVNXnhJ-K0ygO>Ez>q zK0CaS!ZP_+Lpn-G`aLt8X01}LZB%kaJMtkw$jd?Qs(xH); zbjr^m7^mUWjzF@78`dpac*uLLbcXc=2ztJ=-7DQ#O?^M~IZdREYt)qTpR%^0j$E1y zVuZDc^v1=R`GKDH#7F+279X!JDAZ(1hSCghPv?rQWpc<%&(|nVx)v!SGls@%hHSe~ zmZiHzAig+Bjqn*!vIa8dq6E~B)!tpz`n`I!_?yzYBmoVai>@+si=?nCVz#r2=eX5g ziwSPk>reP0N42*QU){**>HeWHj{NIRxaKION16?}kPapl{9u~q@M?np(n)e+PZtgX z+Fg!u8LD0~{q~*?_xutQ@s=;fG=B$<M@MYe`J)^I z#Q=&lcvgasulDnYjP@hBtBi6Hcmzgz!{rDRQIX4!XDR&6mSb^Xx)V*ESPHqYxnZIl)>%riaD&)K*;Z(DEPy^q_7^VbO- zn?$oQI=0VgQKTJ6hw^lFMZ#M9m+;5~?)$_)8Ir&AGQpFLqrl7ffQoNLILZ++UM6Kn6fsmB9rM$|TLiFr5t zJ~*tpNPWfR5|NLRJKpO$ZWW+vZ&lzEq%0K1uH_v^Mqs0^dNbW_Uhih-1=_37q`Ay? zVQ>v23DvA=e%QB=d%oO4l{j%I2r%bOB@|yhf3t{wU|b?OK`+r>^t_*!@=%N-=9Xj+ zmBFGB*yZtqq?v7GU8=kaCz`_0=(L_xd=YzVBrAsCJ9j>BO7Be6QN6&SJcs8b=tLePg1i=t1E1U_AbY+a5HLFvT6Q!O((2%Dzk@ih=Iem5f%C%x139`l zQVlUU@>d>AieDu5AFlV*0HMDwB-;9+G^I=i8pOP2)6PYbzC7Brl~anztId=Z7b5+( z&hS#{&PMN^tGRols;Zw^X5=fGt_dryFM!X1FVKg1rKj2|9@;2oWBG;Xhgd*j>WqhG z+TB4SbxyW&@;?~g=B<9~RM^2gbthnRdJVvJjc6#ey1I(}%ebJY#=wC{wCalI*)VP6 z-3i5-V#c6;h!;e@y9h#$so(V0XMNYp$MvjDC9xP1&+oi)H^@@^l;FJNsODW${_5JR zyhzb^qmgC$b3BSoO<1d8X!9PP0LF${GSXr3)J-*osFtUE!c%LBxvQU?j>4RM)mn?v za6vo-&ZKcqAm1?3;J>~K-_31`xw>{yB>mPYGk`=rsGs86Eh+__n*tQ?^No&Cw6Hzv?tmTJ8vdHj-dt{$pF3DuS~@R4up^U# z0Z-xcjc?aS2Pw-=FC43DwgyUjjTC(BSbY32f^@YsLQH+m(SK-rzDKwqV``8dbPM@I z$KBC>bg%`B#Vnom;UzT$UL?;SZoBFbN%9H~*6qZZlJ=(B=3H|IY9GRxJKGdjR$W)! z(GZmITZ9vWMU}KU%#aByPQ!jBq24vv%GctuT10iG&L=rJtmMb5B1ze3ox^3ft!RVn z?5?k>Fmj(}bKIMVV+^6ejsH?1bk1Z0{`tsU3pyXhBODU6J;z4kbrrzze5yVT-Nl^r zd>bD1FSE{RhSHY_aryAA53n{s zT5`=q5l44EV|)i_y#qdnfTU&*%jwcr$*K0;^GW3J^36P`bXRGc-?yJv3WaeW{IT%{ zvcz3WW-^=ipx&55H5AXQTzS*g)Pt(jMw&_J=H22Mp-_IAVt7f?RnE6=Tzbag_z;Y+$Y?tvPl+tI(NN=K{kSra2%5b0-|+Ijj$f{i&vxl{c)+x zk1cv@uL5iGg^D)-7?q;1LKW6%M6B_VCxAX-ly2@x{mAeJ2H=6fyuwP{Qf#u|JnLmV zg8WWXg_O7pmP+VcChlI&@Nr6@+xQz?1Ub7m_>g=~zY}$nau1{!+G5Q_M1cV-h#QZI zndE;}pi_XFaKHq%=9z!Kc4C1?@>8Kfb368Z5(^rNc7e>WQfH7o6I0|pO_XaSohx!@ z%()^OZ%-AWYS?iC8WYX^O+i#cu8TBJR4YTAx4if^VZVW(J4Rc_q~Q1t;p}bz)xH=0 z=4~q#W%a??ciN#S7lCq#yP1<}ciyRn1}#|0%_JD~ievQ|2gJHOcmxekb~wySQr6S2 z#HLpJICqh%@ZkHhYyR_jGJ8xyV9p`3KE0L}VQF&YB~hWPyZkmwe3o;EN7H=71K~q; zWKJ>%)!Ll3OAkJ0rSAnrX6!g}Jsm>znM;={;5k)(D>HnfIYA@!MT%fFFDCk{aWRP4 zrQn82R^9gH`^l&U{H z3_+i~c^-ds&tI%VLL(FbcAqn-A=9o|faIj9eL?s=yjphrJAvkvm;*r`IWi{?KX%o` z+d;t&>I9*q`2{<4Kr^aCLk;q|C5rjOMeX39UqPWhlj$zbJ;npkyJ4RBD^*@YYc@fw zYw%QK3~zlg(yeBVrdaX1S94&K{)f##E&&zO3Qd_%e1zU`DT&^)_={9&PkwnNrkvKHwk|GHYI z2=mA(S0)>CFF>V^2?J{;YB2i6-OR|$v6=52$xZ)vfHT{4Tqia8JQC@L%J^Qn?$&m! zxo91tJ+7|D@@D8;P_D-Is&W|nApNXNBti0?h`0vou#-xn2Af?HC%e|+8&a!O(8C}Z zT}DPIC|0I=jFZ}%dvf(lbm^F>euZU-w~5}dAUB1K=&HmWZd>63*Nuc`9rNn9KcRwFq2i;nst-CYdcmEW=s-*VEnZsM5G+Ebn@FI$l;} zZN~j^Sb5jyLT}K@#G}zsnhYQ0ozK%^XyzyVdI6{B;C>+0G=^p%dD#8-tH#B4F{nxNK3_5Ed) zfDy_%(LLO)<=ic!W?QwX@HTS?flWHHmj~|B?=6;OwC@TpkKb*tDh1S{$l68xoYehh zabV?T=T19(LC`3fz|>?6_?#+UZCf1V>|}JZk2eT>6H}#0=AK$KI^d+`Q%*bArTTq!cj9Iby&+~qM?nnU$cJ#_=G@l)hzGQOc;nM?b#hQ;b*_&lCZqOFxXY># zgZLf(W>e-+pmWP};xmh-gJ2&OfwXx|CV%Eo-t`Pmd4eI0>)1YaIkdp*H9;x3cH*Q`wE-V zonVvewB!vy+yeLBs4q%;(^dHtnL+O#zp*qo$Y0%y zHMw2y7%h2&e$IYa>7=~P!LPsYV5$^R9JvaDz^1X8$vv{hg$Du{*)uedYx$RLRbN?u zB%XdD6)(iOyC^b$)D;N(m7OgNn_5cBlFzMB)Z%Ld=NB1M9ct2wX?m8MS(aT}#skIi zN5C$KWB}?grIq;O@+35T3S{P^;Z0wDd_?H2Web|y(={>MnJw_J4MvR^=-=A z)HxR!&ve{z2||$9Kn|2zXEyCqZgmZjtSN(jgsMG{a^z9^iyHX(TQ}9G6z`72mO|Wz zyw$e3&Oc|H`>W6L&G9M%@15vu%|DfR0D{9humzSc&(IUmF5pAF-WQNAq>)P?@&$&V zo01h>=Dhdu@q$W78ydrG47XEbN?iIDbCsNX`UYrM;gnEQ*E-a@g;PEUMsrB8%d>ee zNRMuwX#g6#pcr19Y^az`_q-HYb2stAJ1(-lpNG=&>ZK7mUA7DT^7H)DHKL+wx%GND zA7s^avNx})rSlW7p`1f~Rz$|hI$A#4R)i@jS^EWxF2zO_RR6kL?zl|#-JTjA!d4>T z$z;-I9ebx@p%t&xSjirCULZB2ZY})OT3euv(OG{)uwJ)@nVsQ)mq(}Q$C^_40wi-< z0=16e<{*9~!tK4~e4)I9=JHMi7HYxt7JQ+$R%+&BbJUlbLhhJ(22Oh`XUHrav|dE} zCFs=VxKgS=xddVhjh5(d`1#o!u1reI;y3SVk*!VNL90!s%GxQZx*P0bj3~>YY3T5i zUrH)WYN&K7o2a8tQk=H3I=>YE;Wm@~<?^(n8d`)v2r(m^|5Y?I`a$3 z?rjlkxy@WiFwUJ)4700cc0s;NKUIi$B5i4x#|ZU>sbou#4(s?k)x#yRTmn<~pBaqV z#?u!uZojUYM=RL}rT9(L6Aci(;s6^iK`lUlO{gblc~`wQ5J={+Of1Z~&af^~mN96v z*H7Sfc)~i&$J(ip#Rou>B^C8d_-P`S<8?N{09-lKnarSMk2FWvH=DP?Nz`K_+qXmB zLRzL@V_R*061i%S(q&lV?!6hzhB!BdSuP7&2NkZ=OVFp;C|@~bg4o3;IO#&EU8ML< zEd&J$*h7l75x2J4L%74wDXytNHrZg?nedR*fvyYr=y3~w zQ7%-=!g=quYTfwymXY>n9BD7TEr?Ca? zJ!=hgiM4=7m7*cbwXgG-B>)iq7Poi!`Dvl~jqejW&~8L(zwjtAg!a`HjMMFOm-I^Y z-fzZvbilJzjT3K5?JPRKbjl>!HtyG5yj59J33D8a{TlkLGQY0A{u)|l{;6-Q+ozY} zB>XR%h3U%?qHcD^qhfMyYt}3hZZqr zNu26*6Q%CP)RpDJfzC`gzqhF_yY;U1!;MF25Z|9)AYL%>LbdGJks3S=VB5a%L#I{+ zFxxBN;dS(e?;>f|HUOC!S&W9?e~8H8MD{)b94ca5zCm5W{quZp93ne;vA;I)x{mpfIAaZPae81aY`X!IK z4_kcl@vn9e4Gkgqj_cr5n53LC&{#wVm{p(W+DMRG=zoHisqEL~{@o^G$Ie2=Z6^$^ zg17nRAs2?Hf{Gsd|LwHD&Aoqjd3pfI?^C^p>KjPB;aisLQ|a^*XnR4a4m?WU7gif8c!7o{S%9e=w>~!CK+t>|LROC>SYf1{HA} z3d?%dzs>#m29@Nme^8Y9uucIMaI?J1V^jWX#e>eSp{qM&# zmE&|W%5yCA=QH?kFL~R4wT4=c3_cm0@g#DR#~b?v+}mo1x?8v>wEpA2-w)zb@Lw%q zI_R`LoE4Bb`M%WLBeh$4sMze}e*B3aYZ7+gQ=>|X-QT>m0KKtQ(Y_EjF^7t-mpP+EpwIpGfu()7XD)L<}v5YT=1ri#i-=BG5 zxDblo{}o*OuM5wUMne8A)%!2)=+RcPI}x~|y%sH`wOI>c$!x&&n1_!GCWPyiQ(gWc zbGQ2A7C}KFooiviN*#feg7qk;di;gs1T%YkdhDRHUFJu8=Hr<{>WGko(Er};VPU9o zuOo6`zr~Y%{|FZRq*iBEP&gKC9{w^mnzGdU#8cjs=nRCJZ-2~UE!>s5#qB0$)twSA zX>ok$rBsva{A9p9@FlIMG8`*;tLS#jQOUlZlRe-_QDE=$k;lIH10?n%(4j5&>78`i z*{|D={F;KKxRsbo_l|>8Us`c>Gaa)Vyg|GIxHU#Ijwv4PywxKIfmM3IW~d!d&AN+b z=V9WLF5lg~mlx!@-sgO7Rb3$J+hZ~;&TFFfPr0%_8H?j2SPj$2D>T5h=C z3e+RHUf;W6Ypea`zpz`W-S!v5VLO4iAm87D{a>3?39s`{cqg9^TntSHm#tnN7Ww42 z?6VgKqb^IsNS&CGPawMl20is4KR?LYM{8s|;L#H67t%y*=MK%z6hA0+m0t3WDYxC8 z{CQbv3DKRgwHrSz>G^(Qzga4bYT5CgOYLEkO%3^^9tQe4IpRd}=HO~36io22)8BW= zPa#G)FO1&w_lW-I>GRsH``zfmn-L)--Rafe%76*ywkV9q{?{G<^$r>1Z{eDS zi$Dn5XKZs1#vF+}e4mW|y1Ig0Pc>a@tS|36FL)@ECWlSP=k4_Ory$DKmXr0ntly&h zG#OEA$XRT)4pEHt-`;8V`|jDD_21o|h@Ic9k=Q%g0(`wNc~_<{4>=3 z&OG14Yt9hcM+R3w;`5K}pn2Gxxf{G1r@#>zYU9Vc_xj=C8krl`%o+X4^ZxtRLuW`0 z?ucWZvGGu-+yl}~@t{zT&NcA84OCq3(1zAEv=W~E9v(5x6>Dku_ayW05Hia#{8J@q z=e4=HFOt+{%nN=ghI^ygMl_bVMhz;!ZtA@pRxXv?3~ z;MS7Qo@JP~y|uxBd0@l8Rl-u#fUmKLWIiL6Zlw*4`os%cNavg^`C(sh+5Xy|41o3W zbf+QvI{>nI5K7TgR%F{B7^zac#Bp+j)z)_F^Psn~8kPgys+t&dHDwwY$+C=NgVGkO z)%?Ljy>vDTh&Z42oC-XFRNi5k2-M)y+OX&EhwmwzyFEF%J;dS{0!B?+ucYoC+6PyU z5e)8V+?kV|q`eo41ZL*9%*cKjq&vS#7;2H{WE|*xNFUl0wH=HaR9#=BCD1Efja1D} z30G%!5lUgbI;AbWT;)*lAqnR@0VZ=mRkSMPruZ%v)&yKRTsB!hHmwk?52{T`x0(SlI4Be=yr3CB-74@#ulMkJko^BcfK8ID}J-=V?)c?@$i+u z;Q(-Zssea~HkUM!cr2g8?7N`g_2nX2!n3<4O*(>qEVE)R0xf$D4$OKIE-mcNEKzPD z63w#WDfU1y8Smm}vG09x8qPsZ?JGBzSBINLeuKV|E%@kXUF|#utv&&!zQY&}teY;jp$Eg1Vsr?ZUK2OF%x{V+#%c;9YT z9-u2IY6cVcj&Fyd}bC}iGc17O>A;_lRc<2+!-dC-5H z(fzKm*mF}bs#mA})A_03*_%}iEY$CEr(F!p6rtuiI493er5-fcPDW71+gAflI)*sj z^RXDLz8G!dxe5=DS2_uOzIS$b3b7DnM|0h*hdfcTafua3_FOCPPB)b>uyF?fjILY| z7(4B;xpZE=9sDnqC{v^3H`Q!cc6`-7@-|uLgUaBD;5F;T2uOHr^8E5_!Rc5u#eOD| zWdjTf_0w-O=*isl2I`YR00-*Kv5GwhMQEz>OkK0p>;cSRd$3US({VTZ+aS*JY%eNb z?{3IzxgY^X7B9C8z)$S|A(&Hyfq%{>PUg*jbl+6HPk#`$psBM@vW`p&x+ z%ys4PUh+-}u36>f&TZ2Hp5yjfO^6!PmbhJFy%x3)AvPkVmEl}%ORU5%wT+yUT^mp#>e7Y7%WDe;6@`o7ON}XKfkizTKEFZodcg@7v1FKE~$t zMz-5_1ndDTB@VRW2^>2DgB?N>>;(tu;;$0I90%>s0Gj6)Ad81KwWH7-IW^#$hoLTa zqUfVV552Vs7RyHqs})DGy}ZX^&-IFS8~_egB%)t!JOu|nE_Qlx49LRi59bMmeNAYStIR*DO5SF}+G}D* z-UnH`lmjc`+oxlR!*TQl8lae=<{)n(4-<5)3XMKkbK_*w9hrn6J3g+*k=g_IDkO{x z_AKfQ5LN$Tfe~Bi-21sRmM3sLXv(O&{K9#m8SJga<3cs+SbDaA zXZ`Kz^*s?vWP*>!Z_5Ur;m%bKZy?chJ?;+$M(}f7+AD9z&KK^>i?Z5`GoP2?qY&+R zql{2?kPgrTaokP59uGhFc8@26mi|yVHp%M};`a3z#hHK0oi)$UB?c=7dy{kR7 zoQ2Z=8f9Grf5u-(9+>p1VZv

    5H4T)D1SV_^X~+tv=8Qx9qUzTOm-i&$<-RC9yJ3 zSJ%RfEg=KX-kucb>&`vmR1$}$_ot7{%)5ebFSt`ENuFD+h9^4~)zpd{t*Nn{H0h91 z0y&88qI0`^XfyPu=$V*t<1aS+lQS2981{g!dw^ZYhqh;_7=oHoCdoD`Y?earqweqF?=^YyaNoJwdQx z{I*=13Upc!*54Ulk--3q9&niU?67;tW-hk#4lirf3rn)eiWLm$ zU%VB$QxQug=RWSQtgkBeA1m!--`E-RwC9&{x;{uIJilPl+i%B3&|*Dcu60N8`8jqz z5SMCFsoHtyV(P3Ec}w<;DZQ{`)A7ILpiNtSD#JGR{5p@x^G)^{Y;iJDz@z05-)+Jy zFdxxv*%NoqxSL!!8bX9H>>OybbZ4GwY5HY6_h&lk?~v(`f3WVkv~=A>cuIO>=Rn_( zJ$Pdo--C?>;hjzfMkIsK4c!o+jG7)PCMh9cx?f39x#HfucL=o9X-|G$= zACmqr9c3qqCj$NL^qQT;``5f~*Mw9d+}kb>00n6k=Cg%bl12dxD>H3Bdr(f$l}pE~ zy}l3S0NWr!QTyw$ggEaairxvb!BuU(DTi(LkX5ZPc=7w5CVdb__qf~nVFF-dZ^>x# z!fv09b~C1i`uuA~2n5jCKORVHZ=?2_^9b*9-s|tRY z%#q&Db%0QVEMkK!Hc|UaZAf>9JD-Ht1=i|fJ&GpWjs%7Ik#IL=uCV{JRVJLAaZvs| zeXnrS!rJV|mfLl1>-p8x#^xU>=jCA9{Rq+1m!9f_y4kV5?gq5u1u?za&1>C3&po=J zSXd|4Jz+>_R{odivklPed#_@1ed(fl?1>SVTvxkfqt!A!$GQUknU#b!*Ap{mGsI{LEicukZ^;T#ksbi^>$)Z? zy?j>eC&Qh91c@w(B^z2DK1a&O<9phgWu|d`H4pxdyVuLmSsjdtHh|+PN%Yog)n+&4 z&TXvuhrwdP1KQmdzBC07*XOJJY-G5Fg!-jJX`up4Z6F7>$M+MFJ74vo?=zNQY!5Tb zs(;v*zc5*iVQ|eJXu?MUb!7Ff>MqBsGe@u$k&igl>4zFJ$Z15_T_SSZBY^fW_@mc8SW{|eG| z6*3x@8T>jMBJb42&Z-2R?flCwnhixY=xRS?w%yp_sJH8AM?-^CwE`e$o_nKS*nr)b z-Z=sOL_3EGm9{Ty&w!PU>t8*O=L7oRE3s}>hEJBYN1&_npMi;wp(6B!OpJXJSmzQ|RG#QfY5)kTXmHLu=?OCGu!L=uf-sCI%qbiS~ zVerOzj&Lx|MTbZ>olZG6x* zI}C$gsQncG;po8G&U~cP(1Vo%cP3lMw5yzu8u{e>?sHwaFH!;X3ErSo#wk=)uQxAz zbJX&sfJFOeq4RlfC)z9@6AqoFlYVnnBdyAXQ(uOzV(lr2ChDB0u5PsPL|Z^R`DR9x zt{+^@m+}gv25-sgnTa7kY`}!wbITz3P$^m=?4@iJFVLHWqT87TgZFeVg(Rn(V<_K= zZ6r<+`8=U~n%Di80{xFknSJu_IF-S-ClF>!I3$zq$+*+O^A}CAZaINrOzM9cG5?{6 z^ZY~pRKj9-39b-L?p)ZKYi0MojJK=phLgDg!dDdU{x?l)Qi2Xm$_~#cKaaJ*$I{4pS>pqnOVjc2vr(|yk=FDSj z&|e8%qEhcS|8WBdCkp+v%O4r!3)_R?lC#K;&I(>L-~1cCB98hBF)%(e1ePh0Vjrn7mj6R7cSSP-@D2nB6qMlz8@E&*<%UMpFY4?7* z;q>K;H}B)2mc=g%)EGC_h96Q0XkU5C~6o+ zJ*83V$ARG#6E=HF6TvUXEdNpgkRRRhh;eFSNW==r@0kWnbR;{|R`oUCd(6cN8jTa2 zI~rZM)J02{5jl0=bF>$8cei@jGy{$8FWkBMEx(6fwH6=+4=6rfrE{V-M;=ZRuzk*w z7vKzcG5CadR7S3IMK8Y@X_iIu>e{GgsqSf>L@bU!Q&_4o@IW<@c)esZF(#_>O8b|` zN|bx?>SC|r@lNwT_O-RMhu|Nd#9-mZc$icj$Mtm2EiRuP%ATKQy7bg9=%S6TU^gYK zCdl2o085U`DtR?>bgDC*>GGJhfDm!>6o|wFLz=BpRti(i>BGI$;FBWIzz9~I(2f9} z(uXzpH4XFOZdzQY{n<*9$-i-7?T3))-er(;^@`Uy%8IK^ZT<(jE-gB)j52}Av9Vx! zand)=_v@<)0n1nHM$8UQD7~K+wEfwYc(lG7=b9PQyi-l?@k&BBPG)6ccFiBu)E&&I zw*7+0+AK~ws3My+n zmiX2TY-aG=s1N$;Snv=w)C^9C&e>c^^HytBEx<}N5f-zHR8^()qs&T_Q_AH>H`ShQ zYV1|RyX{zxd;?dbQYjm69d3&8E}}B>Oo?=OlY9pmX5>$Owg;U#OI#YpHv*Aftb=|d@}3Iql0Oc>*F!q5Dp8&bC4MAKkNPaWS%o&9tX7bN zHipG96-BxN-?yCnl{pAUxC z@B|93?zO@aRXby7sBx~DlNH(BhVC=UsR?>kk&N(%uCyYkroxi13y+-bDKHMKLM%l| zB6ii*m$wgVPC{{+5>u}v*>>}-2GxJa(to{-X;7e5OGbn8W)ASW@)lw(0u8yr@4h;*&?Qk= z`%RuyhwEcsg7HUclceGwd|R~5fdiptC5rDf<;*FOS3~WTzA7t?@;j`)fZ>uwXMwQzkm z!}4JyX?F(n>cFY?3sYz;VQ(N8^{?wpk9Nrnp-h7cbb(?2ON$clftjR%ronck64c@W zJf@ZJRD^APPye?6&8l_GnKDs{bAiZFnF#C9T{4HIC|c(YZ=|G>LWEANPZU!^-u1n73x=xcTWdHIeOt^EyH_m?&> zq1-S?2~5VTI6*M;Rzq&8pr~D^ro{YdgwH)mfkVfGkVot28bO3ir@u$}$@yEwtrHiY z>xHbP@CpVP&~sl#>iqBv-1+s?1;=7TvRy;J&^X-<+ag0KNHG4cW)RkaSI>Ysv6KYc zK;uxDKcE8t+H+)@bt=h3*NF|^Z|gHtt&Pg-?(J<@C4^>7@uDod z^I`vvuahFv`s)$8b%ecf6gba{OD6ePBL9mrur%XdnUrEXaj>%7UT482#TPCsHRc&H zJwHExT2)AHV?73o75FpvhnU-^*6ri3olcjOW4=-M)9I!aV1^eVk4NL5?cjBP&>?-} zjhd3YIJN9UbbVPHSBM#NsL6@v%kUM79rxn0o%8%e1nhb4(R|i*UXI%`SiurIiRz6= z9Q@)v7UhDCzDx|Wb~-(Cg8W=K_z06~Oz9-+Pwig0Eb8JeddgYz@ZpoAtGp^NVkJmn zWCeQCH}#;OJevywdkE?cnWWK%EB|rC9Ar70>!jb&*$7wrwrqP!I#+y?DxOvy!UREO zkRl-R8>=@9TLc%{`2&H??G#C^{q|~#7+d%t;e!{{5d`5*^+g!hd@WFBX@stwt*Rg} z?;zV@6ODCPZ{y`;zgiYmCM#)NcmS^)3p?KWn55|wfQz+NDSgQ=QmSsc^u|KfNu5e2 zWm$UPtd_afNg%>pXb?_9z0r@!Lupv7vVHPEmxi8tl{Wd2j~;F&MLM6G<+j_eE6g+u z{A>+bOFeGgx6lt$NNFrHx%;yq6WQDoyY!ph73dZ5seldwS}kmM+iyc&>FHA>sdtkt z`5JASaU991vE!m&uB)~y!N2BNKRWlcH(<=6)>JNnUgeo>bC^5u9G$q3`P4sC2i~H6 zx@Zi>rh%az)^rq+**PaQ?y1Jg{>WSicfu1`^6RyhEzS^>AWh3LTGB9(K9(L?&$0>i z4yHHgXo{K3_3|g|9~tgT3a2{I%QB2EM<4lVV;|2=Ja4RIJ&t(Pr-PAqa_0vD3-9^ z@lpXA|8@2=slq#uYPYKs>`P9%){CXa-$EU1(eW$bf``{FnK1wGSPepRKNQY6TU8p& zcWA-8p5R!lC_M># zPCHD?NP>~%s8EQOpy~T;K;tKjDRYOG|??NthQBGeFF$3 z_Hs6d=Eu+aK-X=Ykdzo%R*JEn>8B*3k!#txZ}RgZWN~j%ogw)fAc6IQ`-dD$H`VH~ zE!w!nH!$CBNG%SFEStD{akn31q~z6-R+uaI%XpVetrqkS+{X!RtRLNH#l&XiA%?M> zj0n6tUgg_Sy0l~zU%8f`<&<2(#8)%QeZY|4g$In|*{>;g%{LwEy4H~??6-HCb(KJtQ@%agX}I#~!M(l@=sg|$e! zRKC%MPKtg_q_f=3kdZ0->aS)kT<$d?wWk^%THA%c=GjT)gQz`p6iOnoOcgjoRw;Vo3c|9neQ$&7(8mYovh8M)VyjIopeh1Gvd5N%|Zkj+B#a{Y%!Td z`h(dswiFp?{)pg{Em>2UZ_j?-NPd=k_nlp+lGkV_$I{c0eb2fKro4>^hL{k~OcNKp zBI{Hf9bB(eooDCkmg+9HG0fE-WgJggb=pl*w^Mx*igfK0|DT(D$ zSy2qB_!%P64|L;M{fd60jGZV%WJ5-f#_0F^)j^In?XTLY4(^tx+p;!_+PdY<>o($+ zYNNGR&7ZIJMSJANrqlg>irmkSf@*tLEy$aoT?^MSPoKcE`)qjiSb?>|+ahanV$r4r z$EZT`wyn*xtr|@xl9-$AE}qqDA7;{B;X7!}Ezj3y`{~jxh(@Kfk`si*nr`Ns3=^~7 z&bS#1ldKOVklkBp-bd_Dn)7eN7q!f$mTS;Igj8S}9hc{~qAK1LF!sb-kxiBqJu{t) zCfK6zYae+u;g9U_{a}m)|6*Zo{e3l|U5dVV&s$C=Hp+Li3+uR2ia`QKic$KFjPH#5 zUa1^T3(55EN7Dvw*1_&aZ=% z_Hh;jxl655C@hSk@9m$FfRT$cJ3~Ai7c=Pg3=t_%S6z5+C%NdWEf{5eQ^herz4~Z? zED^t|grN?ap?r%)qmJ4I%tWzS8wlfJnWNJ_7Fm#*zy31fWiQCBkd&$fJ0fO7)nMOl z#{#QysU+J2MzAMxDL~0Q%kwwHhD^%6d`0uHP_;e}e7$FDG;0%Ajq*adE`6Ef3?qfyx zheNUiVm!x1$c^O!w#-)ZXZVFL(Cw_@An*>tW^}gVjqs?G>m*c0fOI6=)&L_j&Ksux*x(XWrFk9E;S} z3D^r9d_8tx9Hgoe^-inoM7wed=t~CTBOLX5buVAg?x&o!-{n!K9~~_oy>G@Wll#4Y zdt<(W<>AkaUd}f*vqC4P!Z((WEZplL%LHUcC}KUEnRgxn9l;A*kc8V8=}%Da!NN-c zyE=v*N2GR>)BtZ@r}UYbZWJ*7X^xD<1&jeQIzR?NS`wwM7g|wrvD9`6xMlT|FO^5X zh%sG1>!|)n!mdMBQ3Ys!AO5bhX7JI9vWvasi)B^NjX^C&_OopvX*~jReg%b9_jR|a<{+y!J}5<-9B->I!6Jm9Rc4ysgNRNQITa$zs(l z)x4nR?~mr@BE3nhI#L+&^N4hh8n0{>ZWC$Zt_hvQlRZ#sYWvFc^O=xiCZ&}1%DL`t zZfxeVlE1Wz&d^C9O3RfrY7e2YPiYV>j|eOn=X}#s&+-bKIT2Zrq*52RZ7>*v>fTV% zNZ^7=9DSdMlc4glu``mBk$JRsDwEmvP2;Z;`wK z9i2q>9g}Wg$$>nrfWi(XB2}NR+SS*!mhzvi;XF&S`5AOr#iVi=sf&-8itjx6!2XFj zd*6X6_PhvhXI%YxuZK`Hds@WE`xF*w&4rCX!IL)wE|Lkk!HYFUpgsgWNs!!I$^+k~>O%I^x3!$Mm z#613`gv6E=rA-GcL%qeDqLZ#FkrEYO@(BB&y3q|OJh+COX$PxlLCq;N(F&AYF=Zq( z!oJ!4K+hc9ve$_V$bdl1^R%eu8*TC`B14Lz3Wp1hvKG;E_1&wqtCDR-$@3+CzpXS^ ztIoG+?m+OU0F_}55+8)qBY^xxwy`RWzYyoGP~hAY-N;4yaXXVSATK~mWyO;Q%*mIY zn7su5X3Npe*Bul(R8r3{w?OVsS{U}nx>XJG2C@hI!lAI$ zCQf+419z!(otM*a!j*H6yGhC zR9T5p)(vzwbaBixdYjgdpXln#WbijFGv!p%L&(jM)_JLGD3qD_E43}qHLcIt>RTMk z1IBKm9>+M=a=rPbfXR6IB>73QYJQYM(fh91xbrjJ2t)h@3#X)U*cEh{Z;Hw|1goDp{4_$CA=qFRTv(Vnis7mi{+3CqZGw|uft6~1y7K+dnsko^G_%oQd1_T_W7V-sOb*+<5ms*(1c zH~U_GuDW9VPneHHV*I;@N1NPSrSc75Z8#%l0;x$qTRL`KWE7PFt3@B@c6)r^@jo|T^1|{R1hny3(NN)MlWUHjG>*SA5Rx8@*IrB;A>8oLY3ecyM=GRtIN1a(` zlT?4<_iyNBaXclhnw~;tEvh?EzY#{s?cF_>0AwO<)#cSPy&Nc{1jP1xkvi&jRglMf zbmzr@p9}w(=hS9m%u14F13#;oD4W+iLniTQe>+}7-7j=~Zjx5C=e?ZywL1?)?WP0X z`}O*B@AJ{|A6wbSR;~&zR2llP3vA}(6ub>%4~G2+7Xz0Lkzbe$AWzk(BMJU;nY0pT zA;@Tg4RbLWcd-gR!G_BZ8|l4%>1;=ne8a>;zzkI>^h}egCjy}Q3&{i+W%C%-^_p5E z7u7EJVq3e(x(@?tW9UmR&MBd2E*$w4?_P z<0HY+;TbzC>O0>T>?;E6?tVeT-vK>Gf6NI)=+EFJLE|$#5n$ zd{TG1t(Yn1fs)Gg-y9D<(@j;^`6Tnf(VITxcwpNr3;pz}gv+>Zt4=yK;ybA)F8?os zR2D9_IO22t#AiGNGaYzIA2FsfU6HV1TS20X)JQaQ3s6l0O{Cr(MaCrHmyC}@^Yz?s z1}Gy>w@s^%8_qrf*N~YEe|>eDC}OMTzSO73IgbYPORg*|AE#7a@hC3Q4G)Dns@shQ zKGQZ3KdmrClsh=>I>XPhxw3+;B!Loq)@agQx;#qvfvr~}OIZTy9l%TB&G$=O?1N#} zbbd%fDaSqoUd-}!`u@N3Y+7$+FpkXOZ;CdXneg&=61$D&jHI?q9njUaam%CVe}10L z33hH-LaOep88H_AXo#ke^gY!t7-3DOReC7OiqMPQSD4nty**d%nFj>zhAOqp;{GI) zOi-kZr1!$Jw?;d_8H@KF&;GpI+3!0UB0-0BGkq0wK+E#+^%%1NFLTCb_*8>0s@E`IV2Oe8UPno9FBU=1aR%j}s73=H6_i^osr z+l`lMO0^uQ&;#Tvr0_&N;LCisOca{;|IHbzx?Qu`Qm1xtI;mJ6@80*-!0R8W&jwuAg~X> zDfn*tP~#Jou97J(OdPEliCiaXtCyaJS146bTf#?9tbeq6<=uB^zUtic`o?Z$uo9=p zeIxE%P6#NmVGKVhu1@#Tx=W1yxPo+m>3aaJaGaG4sufU<7HWJ-ogu&KHH~#TQ1W6W zk$m$%y+?6z|A8;)HSxYECUnbrQa2ObAt+=?_8G_YdMnQ$%jS~hw*m3)%v%0|-nxgN z_TX))p)#9D$4SU@qX z;{_4jjR@1q(%139YYMs$8ySFegJSDE($b=K!uL?WkB+Uv2L`u^SieMCjywmpNvFXk_>X$$c*IU78DZwZmb^h2X}-qdJMwJGY=ta=M~G zZxJ{K{l=Y7nENskJ#UE&O@p+c>x<;twxV(Ajg#+;x5HYOeA^#L4ElZ^@BMZZ-i1#| z(Fcu3yZ&%r*gi)IMQf=sbr%n@U=tVSrr#qn5Ool$s&-$8KLuYiC3GkDZa_+R_^1Yz zAI)&NU3qT#448N^B56!?FCUvvks0rc9AKclTl&g$)K0yW<)!W-q#~FQ*0Gah&c8;! z96#*ycA_wwu@xE>hC&^PfW)+yD$y;{(CkmP5WcpP^q^VwdQ0pvaIh+b4@S$ZF(YJEh_Ifm#zkKUyQ&6mlT@Io!&qpgk+4^46`hWpvtvf@+^vCZL^8tg-uMKgft* zG3#~3}TT}>G$>_;#R*557#uYjlK9Tl*k%nCVmUhoH?!% zlAi=?V{8&3VJ>{FcaT+Y^9G!y%vx^XmdDu0e`A??Jns|6!S;I<5ambqX#a$xlOpoF zg&#av8}anzOV`0-2VDf$_#|l;GkkPhyFv?03?3VcdvBpqN!K1p-B)O5)u^N!D}~T$ z0iev}94a&}qFP zZ!3K7fO*7)ifA5Nl0Rq_mHV7HGWSl^T?(F#bR!5ff}fG?MDhB~DvaMY>>_%67DZwZ z1_yLc9<9kn$&j=617NI*Xfh>&M(qQy_Fz^l7rSDe=3Hf~&dVGf(l)kGj6&--}4LM820wW`_tIiFztlI^4!D?Wz`6C%$10Ou; zUZ`Sq9?5Z3RXdg^f;*Lho7ESzC7xKBYv=EGQwpY0r|E6Dd>!o)<-Rb1YBwwS_JKV0 zKkAKSNIbK;N7cXg{ql#GjoRGbfr+d0j%Lzy=d2`n`*W`qYu{hC;S}MNs4=b)>G?JN zF0YweLDIW*v-(z%hi6ktKtTh?nxOQQzqI{{qU=d=xih(O z63Hp}bcD8sxp}I-GXypDG4&N;HHDyzWotD+gG9=3@z+JQQL8)qSCq4-^<@VWw)P8zf@{UKJ7_|+!*ALo-P zI+in2&{kajH4z9U=F0)=cUKn!nDLL6p0dkQ;!QT1yvTSKA2sscQxTj;Z&ay|2QG0l z0eJ}3)z)`$Y!kMRkL|ha&qNEJd=JL7!|Q3#jf(K>NrDMxQ^MO= zk1?uF$gp=LHi-^4d{GoKnj9}+cfSlr{ZJ#!fkNaOGkTFq+Yc@5`_YfJe1nOq$lOe2 zg4o$Xw<#p&8LBOqt&6S4=2c{0ye+|-q8;SBFaAY*!+*}g{f1GHPM_E0Wd&+i--(5cc*WnWD#tFs~tc?e9ei2E#P ziIXllE;7alDzVSi9(}BE_dDxqxdsRN-q41b)OlUg-@*`{F;!d@l<#Fj+1ju7E8!>R z3@-oSN8vASAwODQv6;L?T^P)}>OWAaI&j9`d9Q7Bu&t>W=*W|@=4iR1fCWLj>xBz(=Wh)i!4nYncuoiB3LCoXya*iE3S;h-YKB*J7Kc@;!v1?naJTli!jjB2_>6773Uq2Fhez#=Q z``RJgf52`D9R@>TH+@Pb5OVelZxSc{wTgK!EHk%kMdL*$a4LbDp7aK*HPF!CJCXEr zGExBhPP+%9X`go>u0gq?kc!@nEP-|UNHNK28~%j;8NEX(DFMGAn`0Nz@`m^U1#_Li zI$yTG!S|1elE61KzpXSfK1uKbk|ScT_~Zlbo1DRCx@m)_SMw_rB_kMwj%;_neEW56 zNFooBC1W?o%^TTh*dQ=Isq4>1ZN5>R#C?POB=aI2yDpj1$gn1Z8J$?%EdpMdoLB0x zm@$;Y?gAl9a`(J~R3y8@5J!-Oi+inFOr68-r_=N! zIc4D;n@}HXmXA{V(Et#|X3p!w6?`zodDn=H&LmqqxykNh_2ZQ z=66iWMlQ8r&152pF+QH?(%#~X$ldplI1%^e$25i36ANpLLzi@8-ApFZM3y_dtGe3A zz}0jFp|1%AUzwpIXSNH-X-SM@hcG+DbX&EKl8`svQQz$Sdj_rH`oCCSg#XR*GC~GG z&;gfVd^=_5=leJWq!BK8CqI=q#PFF;(tV_2V4m_E zo%Kp2z9MBwZ(9|srYR1xO=rz=uiX7vf77cw$ZcvLw?) z6o}!6`w9dy8hhpmR@c1HquZbnd<*f^+fv_u{h?MYfe5ewU9zvhGRh zylbVh+z2dtcRJr9y=>_5ShYUwXdHQ_*R*`6?EG%HKzt(db%IHo`6}%tQ09__KliDv z4pzUJOKK2D@?aPx*gYe#w8vG0VcaQH32gDcd^m{jTM$)CPknpn{1ImvS-#})AX{C= z=IQJOA-hhK4X%k;H~`3}sl6V)uaBX?UNLi-Cp>j1S{c5dXy_+U?f! zwRYr_%)W2wcbGwa7UJ_Ol*qvco}kSZT?iymJs+y(_n(w_r8W6NDJl#K?aKC<#>E5no&9bEhIxKR7}hFQ1&O z=?F|hjYL`Zu@4_ffRqD0$;Zm6rtb}oQY_`o5o8AOzeKqiVdK5zAd+*J-@GjnKS8}m z{daOfu?kh91V0c{C{NUJp-MJi_KU_Z>g3z6rL$Fu$1DFS4mKdhISz8 zRhnp^fn*zl%+dKSbd};64>&W>U4!54XjQ`IEn;Q{A8M#5?e^8SdyVg>X@sm&0NL%{97@Mx^2_#`*;! z5+uns9BVH%_$<|!99yE<7}9jg72Ma9-#cCtYiSuPrmCX7FxKNB|TWa!mIfA-5s z+PaobA)3fb@MV%4YgC_8`gxM-r7&PZy@-RoFZe>2=~6Y`=(Fs);H`@^iP%qC@#V0e z@fq9fM?AfB!uOE))w_ZzQgN8>1b!TB)5V}d7#tAu1M%#^&brcK05~QJ?m8by%~bml z#4R-98EBK#x9_F@>FtTR^Ge`G2{(7;Wr{m_wtk`-$Un`-nrUvy>y@;ll}wLa3z-)C zVP*9~b4gn5&6&}M`#18uq%5}H$JjYjQK6t8tG{={oUrl~bTf|dGs5H$8~`O#v2xxH zO+nupwOJQR*Ckr%g?btC>W5e@ZM=j-Kr54jJi;*oV=;F$)^#fP$eu=aHwVA$l;ivpKz0cV+cgxAE@DfD=PY~-I@cg~KR?T0v zLcdnoT|Kc)a;4S32A#(wwg-Q*&x5`Nq7&!byS>=siEzsAMA06(3^}ps7yE@*MqV5Q z;j_`tMKigz<{_xca7jN@Wx%pk=}Xm3v3+15%=OB@BHuU7q5w(p6+PoJ)}{(d_HzT0 z77#bT8@Bs$ufg7M`$bSCY%vk_+crTwM!QofSB^`t=aPKpSL=i z`T_=W2{O&!zqW5cA9ks>Us8?ug{=HT3hUOX-v-;6eFBk>1IB#8f)UY_3u z72}~TaQ0N%(EC#^imEBQbd4UyKnJC9h%<0skk)dhK22}>qHi;3YglLng6$ zEm4acu0wUwvyu^%{dpx}cCUQRxf+cua*3?eHbrI~PZu_FbptNl$jc-2yyaa9SS450 zFkQHMikq@fMUl(N5?z1FPg7%}3H#|IKO<$%Bue2}JBwEfxWCr=@qWsQ6tiz;y@^R2WyyU(_ni;Cd4vKFnwUZe&LzA&~d@CjIj|HiDv__xi z(xKf`=f@5Apv1dnFxfeTaqRhNT}H=fJcR~It4m33N6I^R$*o^EbbpKY=(m>b-Rk`{ zwn$g{OmebzfdW({B8d46y-aSvf6Tm1m6VJ%f=SAGeX*_~(jPIc)85IO#xrF ztYhyyt8&%B(R#G-gjklIC5df1ZC7jmLpjqA^*G`Nt)f1V;vGn4HEAmS2$guhcB*Y$ zHN|}AzVcIy9!2Crh=6)-V)WzEnq=Kwv#CsrX6j2$dv+#78Dzw_#LoTam|$2WThMSQagWUn<+KhzX&5#))vPaQZT zkBi@D7AwW1EC_EmuA4ORHFY1Yd+Eo=&`FAD8eh zX&!oEmWgH~WHfq@1+W~-RGd{0GhMOOOVEf0T=8_y8FA$L;p&H~bo7_~?US`3o# z!AZUNiJy>bED8YcxfUw~oyEDv6kI6=@1kMlE=@5jlJ&u<7UF)dAfYjh=wbG;U$4rQ zr#ow2Ro5D65uK40eHlR6wPmH??$y&xJ_~i-;R^C>oxQc>Kb)xch@1?$6&KnUU+NH$ z(q5r8p(s|CZPZvM7kX$+zb3=9EWO-b_EOa1+Q>8)_MWI+79M*%(Uq16zW<2c_&2;o zzAEJi3D8g{eo%iB(@7KfGxpb2)#Ddqp1z@DI7j*35a}(FFhdofa9p!`7GsV^x3pYL z3Scs&$=`D?B&)bENKL$yAor5-GQgBt=koirkl&{sRM5)Dl^}9No<^=EE86)*vtg2I$>cx^aGgmZ?#EW8 ztmZNn;HOahTED zINE;so^>J*EibI8v{6EP z?GSv!^ODjx1?QN^|>a{Rn1&~K&qt->@&fU11p zchlr1>?3 zV8;+5Lb_k}iCu!FknU`TVj&R^+E3YyU1!FiYnkk1Ah#<>OnGbAW#JYu>RAyr6(@5` zHj6SOy(L>rf;|z(ml=bSi-8Dc!|=2eJ+@kRRP$$-l<>X&2cfA4)EvoYvsj~j!6$A{ zO05}n;eBuTCrk(-6`G{Fv=>gWX#Tvr?_k+1aWHlLWM370OMp2tLDXl?6uR8Vg@vW_ zv}*Z>;YE}DKRPVEA|w=K#QOP*h4M$WCyi&*FB7Y5i3)TE?>P8B@tFRjk0oRMn>l3u z<A_P`+tN$ZZkwW}*j#LF%3$LT+;HG}k63 z+i>6J!618lVI*mo$3;i+4}S-7MV|ZxT*$#Zokl}bLL>ex=*V9(8HoMY?|;BrwS9r2 zt#1DQF?*S~vRd1E&kVcnb#p*iH)*@hnbfTz3qD|mHyT%G-ke&?2;`3vAm) z2YOYH2`XEyyEBQ91#WLY{@;+AAi0lm>;b?nEhVMM{e4c$==)fN{{s1)KK`_d+J+hg zqp7R}87(x-0l_G?aC*>KKn~j)pr;opGMu}xw>87ut2Gb&8V7UH#oBwrQm!|lPQB$< zkSX=+FVEmixv_vB&xExru$T>e4}l=(c(J)~WS1s1GcZs9C4<&FN@HYxFk zRr#+Ma^zzydpN=sdLuhtx2qI%Zv{C=*#1S_dZKI#-_nKmFzrG-7hM-@`bI#Hi1mDk zDouwv;sakQ}SkZMLI3- z-sR@5dWM2|T<<*r#|?}qJ3f2w(S9)eeb@hbGxmk`&68t<>1mXj&y5TO4)z8EuTK@o zdRKJ3t8aN1A1o(Ee$a08x87^neBhpAhb7vzglGu6KVNC_eiHt3MN(-@y9qL_rHCt$ z*blCrsVQg3_|gHR=U%CwX96e@NQ>w6?(PoFMPkJu+QPx=ytRi5;=H6*=sH%G}cO)6O>lkpO%mTgHC9>xB(NE4$fnT0y}lM5}cG zK@4;G?b83|-sM0y_;~}Sdu2J+K)hf`>s@!QJQdPac8?@2nYXi$b_q?AfX63Nns~-q zvtdk7a9kX|3nAjhCP$$WIK$^FewGQny40*u4WA1&S?dIP=AV0uMm9ZA7OppkQ`glF zLf@^;r_Tq!5tB0PNP@nThw`{5OD-gqwz+JIA#hT>*FnWRK2lsXOZNOU@+jI1ZlTrQ z?ee5woSbl)%&JEI`x=SI=TY<%EPCJmj1unoPHlp)H}MIwGc#S^5!MS?>kP6o!lCk? zU{ou9?|ol-f(bvtbYK5%LdfsRBy@kFJUKm?mSaj459&sF2K>|mu&r>C{o9<|Hjcq$Bc1rAezfIRYa??&KVP9uVa!&JTZ z6TqX3i36RZ;!;G4S(7P0%;5GFQ7D#Zz>#pltr>tSdRo$hP zi1oW*qw5Hy*@kU;ft4}>+L1?{c6~ip;Anz9a%Ym0`O3caWUNhVd9nP!??c)v5t*$7nzw?PJ&XCVZu+q?%S zsg=C}PnXC+-a@dgkYt{CPkvKb?zPWKf|d(gT~-UFU01ouodcKYSdXt@M6)0779=2eJ6NEPf%T(g-f7nsFJep+bemK6f^}0D z_2`7hSHFve?ITmXPYc~|(_gz!rJp4&1>soLuD9(Wxu3`LJ9t@RSpS4E6B~HFV(+27 zl2H+#gd=PIEjIbjG46|mQU$*q33yot|9&a-<_>b+N+|$?16LZ+|J+I0zH{MBREau^gOI+&6XqFo_~J_+#oMAsMqcl zU*zBbZ1j#F5FbCYr~nVpyhLe#6}utIX9(bV8~3R8>60JD;w8hmN$dOUs@ z6mNogQz3O{eh^)1RoaZN_nJ*Sk*|eHDpG%I1XOZ-#Stdqowr&XSE~e`eWGQM&V`3q zAdq_E9K)$!&l1`Q*M0Yvdlhkg9RCAAn++>&yu*C@0j1UkSFC5PeEknnWt!>kwTHWP z!zIOF-JV3kE11_tnHKAs{AtU^O32M5QJG7=v9l)B%O+ya8$hRJRzhytxg?14qQCI0u8-| zRhN3BD+od=^AHy%*XNR58zIgulwbHENES731bf*3rO0m7?mC6{7Lz;SsTq2J_&bCmwN!ARZqKam@iT+W5B3SCZ5ucZS!Ji^S`Lo zEk#FV#m#KxRe}nKVgN2%ZctP78eeBSnRWa+CuQ6||79!boLdMl7k}o3G`XDJG+-$bypr#_@PJ(X_lwnQ z4dEHX%8v6>GV>NBH^kR;+CzMOpa(DTk?%rmtA(Oh;N~kbSRFiSezfH(3Vt2+VAEuO zILqoTKt>mu5wRy&&-4*_4uy;)TIhC{s_A~k&gubRlsBUNMISm7H}nz&^Z(xG11%>V>S4ayFnc<`9R|r>i|A**AIS3NB*uoFKqlLir1kO2hfk&K4 zyc^&EU7{_^$aDCX6_%uJ6G`FOpPEffyAECFA$8*^=T6t1 zZq)H^zJpK#tN;01Dbc0vIeRVmc?#60fJmj@QF;8VjpEYi<$za4O+cQWT z$bLccu=~TJ1L$Jaec_NK9A~2W))QwvnNJlk4d%w}1j0A|_nM6VipXLC-W$X#Z3X=d zgfEHq&7yMgva`dKPDEO68R%IgGbi$qH!(^1aOvse3nxCdKZYJ19l0N_z|eoLwCEgB zTwK0b>F{PZUBzsLBf&gV1jh#;LT9D$&;{E@baJ2T^jrP5tPr=ngP$kG3-(|^w~bge zpPwq=yV|8oW|x&MpV)YSTCLkUsm3h4SJ?29D#~0LvD=M#G>RaOv$`g_$0PsZ;Ck9! za94J(NLnxXj3cfW@8RtcP%5O`EvtPMxa0WvcvU`PY40{^x9LNDO|O%cS&azG zthR96A^OI8d%Y`Os0wyMLFp4<|C<8@M02WMxcxhSPzQ9~`Yz3jF=G%T>C$j!Uad?G zn%BTfj2VtM;B)#y;6A8N1U><^EVGVCFgko9i#H+RWPfC7Em+|FoTnaVq}1X`3A4!X zSCN@RF;;^!?{zyI#Dmhp4GwCJeOK$ov)iN~Z_bqEQt#)ixM~F> zRN~O;M}ie*vQLMb{8CH3(Q-R$9_LDS ziy+Jf>Ux;?OJbH9k?R2z!KgGOKtN2Gk};C7>p z|6~)s=*4L79lhgwtYY`_1KwXOmb_ICS==$fzY@-zd9GKKInuvBvUM)e$ zEt^O&O9asMKBKtvN_^Q!hT**}zR2qOwk34p1h!T?>v8gS7@e^zFxk)tPT~W$>&|3P z=_+A2EFre-C3Oq$>@yHO&oa$i-;!R$^U77 zLScPf!wE1vzFvKE`@{XbcS4b&#$k7eH^JcN*M(NkC;U19!-Le^wOn?LG-v9vhwKww zK*hcc8O~Pudf6b;K@H}ez;VVg@5+BV{}Xy*HzORfb?Fyu>Oa1zobh2k{9*1Z+U>F>jMN_Z8XDBR(XEEkr{0oEYUqd)NE z;fuYty{G$PZW}w$K%k73HjdpdPoI94{ZI67OrDonMyOLzF04yt@Jeds2oeGZ{}8Q0muH@zailcMLXxfc2fQ)UFAw z_TSb6=4nLMf{W~b6zKCXe}93-SHq$5j~|9R=@|aTg#9N866ySNfGzZQBLeL=3Ip@c z=sV|-byh3*zkc|W?;U>+xc#-e{ta21)O#pr$Kd|&@BDv*to_YEbN=>EN8_*fjbpUz zk5%-)_VNcN^`rkWqPmM1VVH0Icho2D{Z9ei`4k9ZBx{E9)7@mpiz0BIxGVoZUG4w# zbTv;}*zNcJ14AIm0NOXwSv!v;aekKk%Wi6Uo2xJ*0_JGWd?$*9fIl#6Lj^Xas65!r zQX#>fGR?X13#y;ZW@WcZ=5p5{N2?un?~=ZV z?#sU?xcAl0E!i^}+(6D!y2QSn?#a*iNnEe41ROU04jgffFtN@NVAU~Pxq-w+BFRIb zRVA(oO+kjz+tAjQO$o%%<{39e3v}`yy?xk9nL~nBBSuXkpd}4DY~!lZ^CAIlE6}ML zrJ=t5UADP@mOS|)qIRE{5_l*PS)zaa9HEgiWe7T`V8Sgf65s0olu+uJKFEf=y=8mh zesGY0bNPT;A@IDpIYP~f8WOWfB-?)G=n-2+jtJY8uQ}d7O ze>*Q7l=9TVJL~yG{9mPT?FU&BzeGbnv<4roNgMVL`x+@GU|D0 zYWuE&nWy8WCg@E@#W1Tfb4+*cZ6jIv7ur~u&rMxA`D8MuL`v4b zM?kp=Wj|!M<1GF5n`52ld9pI-IuE@%qo{#Fkl?(g>M_pQ{mgPe{Re28=sj%2H68TL z)QvQh`&J*=qD%ZPnC`E=*;(oKdLzoHg++tBHB)5;)cD9ua5}>=!j^vxb@+Y;%8&lyTG=UNOj~ks>)rdVQ+r_3`Km1zq}^ z{Gpz&pmV)$qaj|WQOd#_gtIz~BYe;?`=*NP1K(0n%)r`4_sQxILiL*ae=+w~QEh!+ z`)^wcw8e@QciLh>+TvcUxVu}?;K72F(&ApUI24!QuEo7r0tB~U!Cg=K{mJ`||G7Em zT%CQflMBX3*jaO}IoF!c=P}|SKqwdJ?0)=x%Ot9cBDQ;F^ljG_$QM0It#1eJ>BmNDA?R;{8k-IC*>Ac+Ov*i;}HVR-1v( z%!KyQA`*kR-tOs<9vVe5wW9!{G=gRQ$J|EuNE*HC)^CFY;v56l+Agp&#$D2tDS=?6 zsp_7Z&_s2&Z5xQTy)Ah_PG*~QQ5wfX^dkF7{df9F$1Lg+aEt6zLvy;Za2>+kY*+5# zj9TD_T1(TEzu^|>YOd?=h(^kFRi6#6pt^J)1MP^a=X-Tv>^nJi2#YIXKsqBF!`Qf} zCWz)x9Y?NG;bN_a5BL&ab;7KsWUTJ;08Z8e;+j1+YIV2Wpn+q5czJmM4!xe2SKTj9 zn}ba8nHkGY^VBQVNX*?LPZ};3T62`Vb4y_<2`m+UJ6U3!0O9lt^~8n|f|Hm`1VpGepsQ`CnIrZY1&l zYz8+?po9bO4N)M$_+k3^5&XV=e!RIF(_)LdJUllCh?H(FZXVXjUF%(6+`1olsZhFh zjBVl@w_78xj%roMBl~hGiD4t&@2IBcQRG?SJRqto%#0NB2SZMqRJG>QuM%O)!lm&A ze_fZ|lN>)_?WdCsrc5&Lcr?UxWp*}#I%oA$YtN?ffdl5xu8a4R*ws2R$foPd-IzX~ zT1*T(k>R;4`R@*2$=)0pwdQimae)4+(jJ+=s*;4dh1k&hHPuxUm!mAB^jZqk@^vyHr?shYuxA@<8d+{jaAJ`dMM-KZO*7B`LS-p;XhW3tvkshke|rCUQxcdcEC5LZC;h=GvSRdB_%Dw?cVnE$Zn-yxm&Xsln!aG1cIBW&WZCwz~0WF|8U#r4%7&Ik9@2h+(L>+gyM<5O+Wmaa+}E~ ztHE0lSe{eELFES#xr!A^M;&c|UI;A2M_rH?ua-tvD!t}$-l_nNj|_|hy=fq?!dL$0 zlcaIsW-1#~W^SOB7gzCO6v#LyI?Y<*u2`=jw>+P)-11dC5SBZS{QWZp<5v)BpidoX z5p77;(Ony}ut&4~VfX%@ETnV8?0J*uisaQ3OtupFnACn=mEaxK=EoI8>p@RhcJpB! zZQU={uI4$K_gu~Z0PgdkLUCoVTe1g)c~J4e$>vkD>arOl5m zU9llGyXzB%hv|p@`!2LNK{6v^=G>Iv8dFub576x2R?_1&Y?rPRuh)CA&$6GU{&~le0ILazTzBOF18Nn#1vZXA9Bs4-k?-J$oqY2%^&6_q5(m!1mHJ)+K!E7XrHO? zqEZzBWr2bv;%iaTj{(BWzcT$XAK;-qq2pS0j9;MtGu5RqwSP##22>2g8MZ_m=z~d{ z=EK@Grjp|ZR^p0=%%v&9AM$;SY6g#?d~a;irJ&}PUhv!UhZC=9b3*&K zWu@Lr$J#f4kbDOOsH!J+(wKt=&`pfg1eOg{vHMP0;@1uGaO5@OkVduk3KD7hk0d1r z;A>*Fdue7-ueW*HtbkmDDp6Hmxsn!JiODMjYV+MDR%-szc>kC#66IcI1=}<|&zL@Q zlG0V_qtIj`Jd+;UVbPftdE3NvDboC6vuC2Oct2p5=G|E<5b}8j+e)CV_dUbF>N16vG3HcwV3oc+AhA-pj|rUE0jf z9sGv_ey0Y}j%X|p`=rhLfh+y1J%=Kw`vZ4RZ8?I=C6M=HB;LOG-IWQdA1B{sMb`;% z`3HHP)Oz*s$jX)<^!xF3r*a8j!)mT6ri;eihaVd2M~hp56fp#rG`;gEYaQaOV@>S{ z4wz7(p)S^N6&=T*#M8jc$N88ztBkN*ezvXp>YnemT#G`TArZ2+Iu?>974<#LQCYZN zy;;x6nW7-!f0ObYXPyB zr9HbGPi@ab&eYpFu!9jyNMfRw_GaY;-y)8lOfU-S)F7og(UZYq5#mgy94z{kcJNNh z#mjQRxWX2mB+LV_Hq>;wkSaK3P^cgZxsb-2`<+DMY*3}zFdtACU32s}^J>}KA%jme z_ZH4;K~(j5IFMlxVqYk*VwCYZUs>W_z`3RNgtuEKKMJH%dq)h3Ibn1AFYB8|^xq`! zA>)vzC^y6)Qqf!`fUys}M1^!l$(ho%M`-^r*cyZEFFK*ir_dufj~ki9fXz?FNnUj; zKG58i&p-8|pg&qbK2ay=4PPecxyWd`HC$~RlxFGov%Zt?YKS;4(cJ~jMnA3Zx90xV zBnD&Lg$3=Z0e>5#T-H}iO$@G4m1&S7Hp)wxep6Or)*YCS5+(i$MMV~h?S$$9O(v-g zmtRg-kD~WmQSjZU9=$xnOg92J!lP`Nt6*m{>+nzn!UvWlslUtc(3LFh>>K8%QRu4A zZ*O;2Xkbswy>9V(avvyBlB~ts_YM2i4@r_xTu+J;E=TEC(gW8eS~N*W_#sOvxRKKM zasA~Ie8$k9#*$5PS_x>YYivBd@CKWVggw-~)~eZXswY>JlMI%v7Y{hhvDU?pOHU|# z*ot94(7uA2jP$PmwrPd$Ic?c<4l1!cy|Z9dXwz$;Zz|jutL}%37&3?D8-_H|;Gd=Z zKLxtwS^xh6=(f}P$3t?_Bzz$-<6fF9XChRI`;tG(+-x@Wap3gSE|6aol^X43d)%-# z(O`VCZIAYv&OqR3_vkp#Htbbba9FXQUN>DXFVHW#6@@H5^ zY&Zvv-yC+#5?uFuwW@F3ZPRjy0fl| znp@r_7OEEcvGTU~(5NkXicZuQ`#7;FhNp~xJIXs=c`_GR^t=w|rZ)7W*HUtDX^s6b z92y#t!d>VQ3L562vy>q_?#*ZL|50~Wq{}&mf1v7pet}6Ea?z_5+w|2&IE*AY=5=)k zim$L9f&?#O-PO2E3EHX@m6wn$9(G(9$##+k4j-HyKE>>(aW=~^IFLu)`?}4kCjNK< zn-GdfQG2Yc?S7H7Z;Dn$1A6i!%+zD1@^c>gb)9!j4~|7r=eZe8lDDbeiWqXw?UzAz zuonu!j!2$n#zxO8jL+;D`U6_n{)X5#Ky3qb{d`3=9FDYp39pmRs0N(Gq$hq4TNodr zKgjnXrM8hS&eIT%%5%x6T{R%bTHzbRbit@O((Rv=lC=ZRS71_GG>$$yA&P~&@8PBN zBAkob*<&+PbO2BJ(3AKe`G}T3!fK({XLmhRP!-Ay~YFX9Y zud@H}qMsg>rv`tFCY}!GSg?D4hNi2Wz@@VP=lDZbb=fS<)9h`aFwd3y>J|Ue+3P7N z0SLVG7;|vHHv2w9PGhX?CDW=WQ@YGjV&Zm&3j-GzJ3T8O?uyDQg$8@??` zWg26X&Lz(*=b!;D%u<(0&p0}$i94qi9>lVn+<)D$Q#z+KxZw06NM=Y1K8tY|s~4~E zF5F!+bq>mEFDrHbu9;N(+bQ8(Lw(ndmTYZ_)ZGX}osa&Rs~rnJDezBweiKgcwVqqw~^EIiG>kHsm3 z?0WQbds;c)%*cDAM*f zlu0e3rHjq3Ig=*Du!}cSkowMe`Z>l#u223I?6%FkvEUPC@9L(=Jam^5oC*=6Z5poR z|Fd}iba_dYcYO~}!0!5wVzbk@;jbVPH_TMF+C__E%E(IfQMj3CG0rnrsAln&i3$tK zOd95hScZ&NLX&BCuPxKN7kIZI%zbQ+b z6v504EIfHW=Y_+JRa1keiu+1X;$(4_DlbetVp5n|C&^8xXaIjQyz2MVlCp?GA~Lk$nx@~K~*bfPdPEBC<_=GCN?XCoU_P>RjNJHCcB(UD+?!+W9q z4hhlA9p>=ymg6U`ZwX7x$PH)Ht`*|o++*k zqs60EL|3$CysPWF4xiX%&D?8#^v2W3(1U9m#zN*h0`Vak5BMKrkmxlq=2gY3$JK`SGj+; z&RPrXY;~v@#N?F|lbRs2!qbru7&q z3eHuKkwnvOc8xS!BGGL>uLn!)@&^b(ejpiv$#NxcLABX6oy8puk5{-fqQqc8u!%|l67GjXXLh?jPjXS4wgcVJTf|E3jFGe5!YWe z&zh#KP(qma6q&qXcG1ET4_0x_YvupX} zB18gYyks}`8!~8>aK~|ZfDG~>A(#pJb}$mW@2{_~-`@Vyz5B+j(y{WtCn4lMqkBCk zb+d)S&*m$)k_ualqqFA3I1Y|*Vpf()2$b^u$C@;lD)?#4Zq+YR6y^nFb z^0IEmJO~EGJ1>o^CQ9w?YSk)!X1cQxtKiVx{qDa54cq$*5B?K=}wOlvXBC56*(>Ai@nExWB@WaXBr)K_nFEyK` z8TGN$>=qafUvNFA#w@1jY1CE4-Nl)!_`({&WTaK4GQ6(gS=vKq@1#52~S;{{$JwW7;fO2;Q53DgcvOquG_XhHDSIp+fBndYZwckEW0gpj}3BQl1?FC=m_p{KgA+c>W)>G3B zv7K)E_z<66@L=fX7D>H0Ejrl`3&#T#`TME+L^xDBRvM8Ulb!zP0iyD>Kn8D~q6dD; zX2FxD0iK8pKu5=d{J)RZ_L3I)0!Jr zRW1g>VccP5<`l_4bFv-zO=|bNSW7e8R#l|;mwv^P0m}~hz^>9ktIgYt=o16uXfI*( zYs#__W}}|fpL?F1XxsS&e9_iFR7eiqq&_5JK>s4%GKkfmY?M3rTr@JJ=LREY4I;=> zgLi}j>*7#m+5ex>ZXP-6=ME^#9UNZ%KbytkSHI1OIM`$&OK@hdAg#u@y>vQD>)3A3PR7Nq^;3AzO1!_qSfi zA0<&#g0`9E;@b8Vt+x_Q*wQs7dI4miffNp(HSI&h#290abYIb@qYaE%Fr05bi-+(B zq=hP?;}M&vHoqLE_z`fd82b)m0IQZsmkMo-@G~hdaWe)r%_s2~Il68qA&W9mEQQ)Ny zmrnq^kT;BlImq>cR%g?ul!n> zj&wRsTwXCmTv_cAGAeh@@Fa_u{dfPK+^@*G&xNbnfiFJ@KGQ9jd|56MF)?*++gy6X zV!Rjb0y1t8%&_x#lht*{9P*HbF~Bg_RV6?qobhNPYJ;x#zP5h$1;0t_L;w`cR;vQF_#7Btw@M7wosw=7ca91_OQ{9 zSNbdT#yT;6{&?Njyz7LZHakT#at2k}0+=u!w|oSBy(XQaiXQm_+Szx!@p&*JI7>xuJ8CQmL*1@wdXU0ZO{mtv<^qFzYw{M{<&)TNX zC{0*hUEDpyCMvu-(uCI8-3dQ%*xc~6_%*|=cRvi(wa)V~pQnhtxC#$f5s}$^49r9- zeN^?LpBFw=Yro$gEdzc}OgfQj%*{wLIIg1|HGEF>G1d&;);Ebi_x_dV$wK@hXv1XJVCfr@%Lq<`j)VR1r&0G$aI;KWTRVt zT98V8F7|dLckphQcbMO#22aK3?--vUFd(D5dPYZeQFJ@i=va}@bcpS$Tn znYghjSN)_`9|;IhJZu1!dADNqoi^7~^FmJt-oUx8j`vS~ua#O={78v;0{Y3^LDD-=5KMM)$ zg$rGc<>C2a%TL?-dvSzZ?G*InDusnKnCDt1Co#9q^*`NP+Ubz?`#E!uk?ZTMxa%3( z*ZrKIQrcF&9Y-emye?$^r1mvio&G(Q(OjwR-t^sDXumeAV5~xk+3$rxx!Fdp=guZ|&e=tDO++iU=9)24OWH?Vc)qt$v`$ZCQTf|WHt znW#0boT>gv-)m-FcE~Yk6X@r@(0hfo?t?A2PI;y0kGJsiHmIulIwY=^R_%FwUuANE z2%C~_WwT%5pnzg)PP^fGSHg#Io(?MDQq!JHG(@^??OjxzU!;9-FDfj9*RJ4t4gyKx z8**B1U3^gFYW|)ZIE}k4y=>B!&!}vp3gOZ$@&G;P+oS^5y?g7B$}L(v#PyLibJ|n@ zNG2)#Iq|ZrY_HA+S}Bv^rTuV>Y}wbRT9eH8+3>1JuG{siNmR!{Jj?0TIgx)qO4Ur* za}aR`xxaYb&U+y+9>9xGQ#?UsIxzf$&g>p}k?Lxrw3p5NltjY{9 z!(%-e>W9wo@Tqo^29(u$WBbPM5k6`}(L$id32$w$r|Zb>JEdIMoBdsq^Ic;#wTT_W zMTcl!2K{+Z4(GqQ0`yJShMfSo{H#18TdeN<?@=BU;?G?^lg`)M zvTZry;Xfdny+&#^9?Q$3bN>D!*8IE>z!796{;-LkoD?kKAIQ@II7rI#vW;zjkN!uB zw%c&Xh#D0D_mBS!+0fL5&^e^B1n8bdcwp$YH#>VF3S_eEt1RlJ)-`xp*!bw**nfDc zckw;?iX8;>|Ul~G~|Hy zRdx@)ij=CDdezw?N6E567qt;I`e^MLFs+z=-O>HM64uedT;KJ|*ILA?LZf=dv^a-x znXzUdx!qSQ!@J#!M!zgsHh-4k?>Xy241+@>7|9rVa6+|UO$$2XHueXx$L}PKaA-EC zpeitv?y}*|(4Q{rkkF4E&Hb7!VCP2QuJdQp(n09*rwu8Xv>r-aX(88M;p6z zr?+!HDbUS+yM#Ns)h_DdjAIFv=uL6Gkh~L6p8~w#F~p(LgJYE~2`r29y)C{u?IJIP)6S&? zXT$PH-wM7HyQ8k`Oia?-YPvWVvEBXAGfyI^-L|%!%)>)3UYrR&V z4_i1@^NDBA#jY(fLpeZd>JLTsN$^9Pf@B%V#+-<%%D#64#?yxJ&bVr-#h%FB92vVr|3{@9!-Yw4X=Uac%-CK2(lQ?mYrKG%2S z)1`MIUY{~^Bs%B4`uWOV3s`Rob4K6dzoVBvRgZ03xC0dkLT|b>3vH_UpMUXxi)7$8 z`L8a^@UHyO1T0Ilx%s9U`dWI(2^)lAYrz0&R>J1xK8W5js$T9F8K=mu zZp&9wuN5W?XHf{D03?lRBFh=SiE4*;FMMWiyOC6oF zCnPKXK&1ZJorH79Br(HPs~b{0nN-r#6S-3>1FshxVe(YQNJ3K$OdrAlaOy-=SCi_} zzc%}V2$o@&67%3cuul$Oct}}Nvwy|kpF!;%XyA85QSbi}A9uZE$ez4VSd1Qrliv1G zOeI8T-Q)cPrevozmYG&CF+=^ICqt(1Sum1ct~0mS!00^9-W|IabTXnz*EjR~`O+DW zh`xS|-o(eKXg`DZSip-d%)DR*cv)=4d&$7bMy=c96#~2>Wmvn4pq7b^REGYiNc3z141|h_7tTw=ptPV6=A7ZM-m+m)&Cz5?- z=uYJ7GDt4LNMaDsp^S|xMG^I!B^Q_I3A(*nxue?7uf<5EM743;Jv8<0g`>znoXil~ zREW&G-aZ>9K1a~K1^Dh62Kp5HU%44w~o^o&xzgkcQISAO2BRPek5#sGvz9sW5HOtjA zxk1aoZcwcjbm?cfKrP8M>@tCb( zOYY5a0kT2JT>6}4Jd-%u0?~_Ozp(oBOhnE3bJvkMY0?*`Bj92L5m7^HySSt_rhoEg zKD}B}_)KF;MT1ZUbRKMyaTVM{D;v)|`+hBU+Y*iGIzxQNw|j3PV;|4%LZge4qK{rs zPyVl6{ol(i;p%!9BJ2)Js{#z3(gntEQz$VlS<7k@UO@ICs>hpKK0bN&=8!x#Z5QY| z)5emmF*41QRn2!HZ;h2snaRe~OpmZys3pe;Y`GEg0S^-9{swB5crIWYp7^U+^_b)- z>mMl=U3U~uVv4pmQu}!QhBtM6x9Wq0XuJT9wQnuI`jmGtHGR zINAi2oeM=9*GO*4b72d-9^VskM0&us?8Y|iTsPdgz7J^6fjtv|0cU(KXprT@lOfLQ zJW5smSfvn1S=oR(fn^)zOUQZ}bi&@ksM!#qw@Lh#wUb_vBt4(f*)Q*|er|UkWY(IN zpVTgvI4LVP!4?Zi;!A|?R9JHHY00`-FBWe`$_nR9NlhXG_r zC;f<*U>MN;Wmj7Lca27X(!$$L*JFb*{sgnejgmP`cqSh3#_(2}(lx5RNHwZ7-fLJr z!^T|FFPdbx80$T=^tgwA1_4}!ns9aI#FMR2c(ew&mwj6UHQtNXF59P#Iv{?nbfug@ z5~Lq39PCn+(w9*y#Kk0wB{{ohpsf}x#UdNtbIgxpcV8(}?gRNJh-#x&0$ll}rbr!) zAO~5f?DNe~(c@5dL~CMUUsJo1n*?hYM=kY^pPvZz?sr|eIa6K)J^adGD)l(k2;>4b zI(IhqNzDDV(ZtLQL}(iy3*h@Y4)RKctr5#9)J>xNIp&78b>i}2s@jO;-m&5|*tIWothM67irtWJntZsMh5|13RrE}mVxTswN z#p|hjFJv^}q#aEF`a;+!E2o!zo)FSTV`Siw?kS&$F7Vp3LI|3^10QL`)JnONSGm6PCEo^6JQj42DW>u4QZS#1m^PpAe+S0zY+v?SMKUekZ z*RSd3mW6YF1#3g(x_?f`e-Kk8!&fJWTIF&9_q{^jrXUT?+|l+EVpvrxFAI+(EiFO+ zB^y?3y=`di=i$j*2CNF7fPnZHwMV^*uHG%t9PVvhE*R`6x)IM=f# z-F(g8Rjh7$pzt(W)?3UCe+fe z@WRE1O^_D_RrrEJPqq;eAu0ABO{}t7IEk54?Ovv&L`OK+HEPq|96gdOO)85er$`*o zJ#gw4WemPa2-sS}tLyGhq!mtuo)%LtaMZCEM8_2TXRZZpt}Mt|xG#WORA zKKSn@4tSomHu6y@$ULQXvmNzmuUoBZ zwT=EDMWSxuLdqB1Xe%*ox*%dc+#eflrp^F*>7lETGADy|1Yr9U2N#rvx0WW)WL@HU zVd$ttITKbH3ZplMG4mIr$HDf}Ya-&w?8k{^K8sRCX$wbKZmyQSaqdhTy4lc>`5+Nx z2yVe~Y`b9w*4J3gjK^11Pe7uQ2-?qXPrnA@G!zx z>pjn4UYh-ArPYw~wo6g|=iK?We^7c;$IGcd4>*TY&7)hUBbu_J5ul|V()~u(f)Js~ zO%goI?KYxsExJ)5VygZL_8=WedZ4y|S=v}LKqVRkPTz{s3bJZ03T}cZHz59*ne+^m zXkG>PuXyiX7KF#Jk0CheyuhzkF+bF9uHU!pt+oBhkA*S*V zMr+2K9M(B9=duND1G|#5T}jDMvqiO-@TmpyPu?xhRMr1gm0rL`wf2L#5lwUMBQ`}G zU>4OX!>M|Y?N&CA@*^;-8+s)b$rry0{9e;HPs6Saykyy3>QhzK@a;YPyT7`r<8?bk z%NQxXi-^<&MHMjASg}P74+L6Ps+QnEb1aY_BGMS6c#jlC`6%=8>HZ9Xo6b%q>53{S zLwAIU=&y}FxGYR}Xi@i%mBSL-me8sd$Mo<*I5j#ZL@+{gDMnj01rcHkD3G{ zNy$C~AS{5@CReLE?{+>Hb^dp~*6sW$%sYgt{X`(FNg`)Inpa=H=yC0T_VRDQ=_RM@XOe)JPjTG{$(dOzSZ~$JOK&?I3 z@^i~TueDGp$71*$b3j!B+g5x>@O{;%_9yE@{! zpf%`aegO|}trmX|-@YCSwYR2@+y3j-J~!?af%j`qv$(j|`ujE(-c@M|Kdq;tsKy6w z8)+p5F5b-?_V6rb4=oSVDyog~sb>Hu#xP+e`ZU_+uNt#`=uz8g&r@ z57$+_XF$e9O7J=WZzEP6p$5J7G`c_~2@!z#9~|Vsm3y7UN&Z2m!J^XMleO1S^994V zP1B#`!}oUy_Zu@aqx+f+5Zp&{!%q5C3gsRR1ogi{fl^WP8A-kX57q>R*@5yacP;WU zu%tFccxl&Mlx3?K!5Qp!a(@W<%5KGI@^*J8XhYL~vR{~4CIdni!d@@ue3#6_D$OM@ zWoJS4XIt+~=jU}VzcN5YP$2tPWXzDI$WYQemrJ%-s@QKEhqIn zG9;uw2ryr7*aN|!vo3n>mB>g6w+l^DB(8e9@GT_lLs~yD5YVB$VK%2Q|MK8(~O zM|F}|&iww54KGRwo={p=>ooRHTW8Lz8n*r~9?ciMfKjd}#E{b|W7feWj-Otf_S913 z@41|mt%BF6e{PoZAFW}z;(uF+|DHd^{TmS|gaYK~s7H{Y)jUl_lXr$OUQ+Wd%`c%o ziu+$$JvZS0_yGUw3!u*%7o7c_aprzCoq*=v<_sx_u;E*DRH4mz{7V*SOD7=dpq9ls z^Phfv)E~2>{UbzFP1S0;=3*0c!ogU`oDb=zMceOVd0^ zE5V2qZ5^2;1(aNGxtFFrFj8}cZNv@noQg>Ha`Z&yj@mhY@=g6B5GCQkK~46+NT3bu z$sW6^kV;iG45KR9TrD~T*WUTy?b9TEu@sb3^;M+^{?{z|Klei7e?6NyKCHzIH`F)s zIEenEFX=BshwG(twj*&!lJ)M?{5J)Vt_J`}m8c)=6wz;Zll&G0`k!+(#@+9&@!zj5wmJ?y4~ z$N+|0Nq;;!0F+1u#CJOGzMSZ=6(mG?Tc5a>MHK8Fx(LYLT3Yxyp|^uu+R-wdx5cx9 zbL(rxb6?~1CSNJEi$;xSIne(WXDHZXy4NiSPpXtuIf}KJ3~Nd3^La3nr$5!_hz5L_ zYQ$>nWf^u;d)#z_S)crKPm41;K&R3I-LFykuJKIiHRXrPm;Snqr0>_;GJZr1BOkgk z{jqySc&*opcbq;TEQenx2c{NX?d>gUFe?2Fr!uyF{!bzNziw_LrvGd*88WaN|G8_% z>ZNmOQLi^CA*~|DN}EjGnOfpjK4_K+e;A6<-g~opZ^nF%c(kxj9kO58Ri2{;{F43y zGxnl!3-2J<2pX@Yu2-STwyn|~Me}VGW*5o>^XQB@%s$ME^ljI_HoaY?yk#z?*b(u0 z&N@Q<^RVE+*pk_W7t!frbmMTaFt)0f1e6A)#}tjc9O)OA^z4Pr8~ou%QK1) zOv#6>#XvqgMO!ByQTKGrpa{~)`}#+gn}KG#e8nQ}FJ+`20{jA?-=G>+3vX*lri_Lf z+TLUI4tJnY?N+QI4dQJE+=v@5ai-Ebd5Qi~9{=|>e(~)eLZw@z&0W@wAHH+4Ku=Nl z7Dv!&U+(C(B53E}XVD4mx51E`)*I(PMFAf2&eVf1g97fZO_!gEF85PY-hQMgEbhvV zt_#0c;fgYxTs5Zr4TTZBBy-2xfAKD4-$;lcGw5URk}bPd*YS!sqY_S^hn@&;e(66d!|mC>;>IS9lJVW75Oo# zkI-q0o8N~S7iFq0Q@=`lv($}>?KP3jx0S%CeVs7fHTy}fW!@EKdgledG?31N?cQY| zWyTjOO})4u5|9C3Q{LMSHIVlZZpc_Bva`w)ctg>}We4gy9ov`hDm?^GJEsTpmxwgA znhJ$xYqorap!iv|OC zFRbbJ!c3E;U=%$zq^+G)+8-pD09w2m-&hw!`t-wvk>@ywTli~W+Y?#%K1=J1Ffn|p$?nD9k&7gOL>NmEbg6-hm1tkPIVyY%_N z-LH_5MI}(We2Af++Qou*>{!}y*Ol5Y<-ND?(75~Hp@P`zI%uUH54Vf< z=59-U236!z_Ww4e$xFHa4~u(>ip^#_NJ!3svc?uI@l9WN%k9FcG$6K!VrzB zL@T{%SJ-Qpk)$p^q4`$CArxLIak}NxD$p-JTdvWfuNOIy7CCd%*q{3YQ#@S{W*S00 ziRWUwxH+(cMp4fNVR;L<#_t@PKH z4MhghNbRBBjTaq1je6zSsdcADG!rSa9)5xtv&%F9?G+L;CaL!LEB`}F`k%EhWJ^!; zEYB`534lC#ugQr^RqAVJ_)p4^!!zRA(fUW2++UBE5RD>y_k29zl~eQ&3VgErccY5% zFTlD-7dt|X_X3X-XJ`9;6pSAhgiH-3{y>_SR$lUy6-#Xq2L9<`Uv6|b7`i-jgMB%y zZibp)0CG8tlNK=AtUL2%S3EbC#&vG+DwWOyCP~I}oJI_W^=fIR4<(YoZ_UTkbg*wz zc;*8jk1wJE#zAJyBJTzw===?WMd$4Y?-O2z4)#M0b)3x{nu3T&i| z)vazjbC?})WcJj7qV)n>Uh5w=O86B@ti+jm?xZ`A-dx+>nue^!WfH@WWh((g)L^uS zWZ{1Deg~{#-iGoLZc=|N>9YAqQEccdtyB&H+@4!Si1`!%x_%Ax*C`EtpuJrIdUSPP zBf+oE#tePvpnyFoS`mr?Rqtl8TY*YNYC`z0_xFeU0uil>@^vE=5?to$FM5|255ueW zwmtc5@UBO^Xzco?9P_Td_CPO`>OJZ>aYFq+NtqHaUsPv@_}-&;W4qVGYJ+9Z!)`Y= zlaIKS^)8xcqToGsE`z~snDcgcmDsuw?d=5lB9Bbe4Gn`w(<$nRV>!xe{;U4^_ac=u zF`4Cx4;p36dJZfE&j)UC3+!#8R$k+4R&FvOn&L@qQyOMM85= z9${0`Pk8M2soK35MKw2x+?aaC7_y#j1y`z51|na#`=OZ<-L)pZv-_GqbZFhz@p;=@ z`1+xV!fEj<;d6X|9C9#Enapem z9~VtQ7IL?_^TX#Foi+ed4G>!}*H3hWdu*QPg)?Ed0M%kx>)YB7%EiYO+vx(Aktv~M zN}cCwNp#L3RCMP(g8G#Odh(|f-&9?$!S%EU?*WRa0thZWweXHC*IpT8W}AnuoG#0V z0PffCh#86p`XkCUX_?$)T!EQa7eP-sBHOj7zxwhb*|(x~J=m|^m#Ee085p-wBz7Js zmnKosItA=z5~95hj?(WYxXd5w(7CliEFBgwON=*q<7p|i;sz_6c)Ir| zsIic>YaFkB6{%U|`Pz??zUx40{Y77g4~Zznw`9?K92$%EsN}~>S%D4% zjMI};rvkGcip~U0I>j411QDye;u!NAQ|QV|Oc>A=iX_?x@vWsvUz3`)F_j~K=E369 zC1C;GC)Hb#P1<&?i&9pntuh!ri0mnL&vqEv_*SsQOxu_PToc*pUP*oT=392sq{K_L zrTuqb7FBO3N?oZg<&maXf`-k5HSc^h&F|Rt!#S8=o!kf!$D$e5Pa3Xp=+pdhI^q1* z?3H^mvc+EpcJxlg3I09w|NCN#qb=ES7iC_cU#nhoWl(}LNjK+a+F9_Zw`E48F;r9a+_>CFy#)rM-^hI-Lcck#Jv!JyyD z*n*x45w4X)H?ESaXlUbOA}qJJsKwU<&yP^#F-Q4qpm65Hv%8>VPSBA;?RT)1CI9ow zk!4K$t6??!1@JTDg?B^}eIuPYOgCC5!n^anO!?)by|>^y6V%z&?m`XUQcX2qLp@Q0 zCG8X7&22a#6ncLXMEBXHw6DBf9_`e7eszwib?_i~zYCF`ekW>oaugZqh!f`V;<6pc z^!xfr@Zy5{L;lwtUoXyFn%@}B&mBmb7U%nSDg3g|C^RvKjK&FXfTgKO^WC8Pd5|G_ z`bFMOXOCR-wcV%bg0gIpM-%@wxc%Ue&>X|HF;3WE2>i(4Y5l zLPCOGaqiBJtwOp0dbH%X+|oUlnqpbhiCJW`0sua=e3mVd)+A`LyW)N7qU2bt?(bo9 zdyUhLmeanL8(1jl_0lU7O#%b&i^L~4$UW(6?;XCr3v-wk!g)uf!R*~cH16*R9GV=H z8w`tlq3|O094^~W91ZppV?1Vyw?enp3hzXiZeRL)-Qci=MR!ecnQoOl#PYWVgJ-X9z#mt4J#253OgvU(AmJ7T``(|D3JI zn7CPy<^_zvcL_`uGC{_?(?P%e2jyT6vtoiqv?h%`Ss;U zwlD|V`Y9ahqRS`*vxozCDaMg21Ej3imOXigELJrd8K=?<+SH5v%b0g)?<;+7M2{}^ zU|hBJ=z>OI0=!;=6 zwm*Yqtry|n^~BtJPW@BcEWF+kdW04n;x{UujEC%0J?;JDrv$=lzb9qNJ>KAx!OOv3 z_|u+r$Co#AqC~~XNMzcY_M}v_I!ooo+O^IT4>$DwutLSn`PoNE*Ff$~?U;xyeey!j zm4pt@TjInhQ_s&4hFF`hr3eRK$%n3w@jS#A`^&U!4+Xw%Dv`fi!IJ(pGoPVE(SD0) zF50Mw>W~nt<0*@h7$4i#4Ik~TB!yQJIi||@@GJ!)gYP)q-3r$N2?0Bw=jRPiMV2B1 zGj-L=Kf#s?eXR}T5d-X^_4~B)DXA(~Yk4sonAQwIuDoJ^qI3xIxFJN>RI5t8RapuYsk~*J-wZVIMvh;S&cP~%BT`i@_9Z&!s}%g zc$bzBv%BVA%4DVseCKGtCGc2uE)ZZx)deV5B2s&Q%blau*W>aW> zg7j4MvbuE(NZs zZrHB(kZ-lQ;bLC>@M2~4S#|)2QrBxt%Egcb8a;!HSe3+9@>I$8r5Hc@VEE;V%uctY z2q+^t+Dome(v|n99o?#=bcyPz4o${P^R{CJ9}S^ndC=}n$&L#09hImX(!2V)=nls= z`v3gJ$~mk)C-ihCJXS`USYAlRkAL^8U4SAd#kXjyRPk91Zf2X=?(#DkQ5dm z-QC>{(%s!DDGegsEP6>vceCj3?)?5<_x(KI6YtKu^}4|!J9xMlbIvi&F~;xA{1OV# zXLDZsU>c7apo31QTb(vJo`6I5W+5}A^IYF z_j2Kie0)1ea81*FeBc-~_rs|VVrBsXNUrDP&uGtp4Yb;MNs%&!1fkac-5)EXc_%zp zWHcwZAxE+G;uH?U-k50hyNSd`Ul?YP&o7ST%+bkHr`tBfcLbqD+e|$JD#hv?FA}`0 z>w@%;=(y*dhCotDFq=h%W?`t!{XC#z=>9VX6Vil$CZ~y9J9l%z*%pWgs~tGe66J+` zadH)ClBxc&8Z(Bm5Ck2{pFP-5d5p>3Ae$n3TG%cEI zi4I#L@gaBb^k#&4L@WAiiDB;ZQqV)TJ02aUU9T=nxms2e+6{jbv6(3SA1lm5&CSZ4 zP=7R8QShkR#`h0}mVUncdRk96@hg57;^{eJOQB5bYZ!9t-&G9td>TL46%F+WSKGah z^!5<(^UU%3)3CVNWz_P9NJL*`I2C+EN)>CR7eKF}rM z>F1d(rr3xY0p5$!4e`l?5TQJuvU1o!BTOo7)JTv|x#f`WK|(#MOhOANtfP@vSuMIY zRC-rzn1($K9cw8Vv=?!6v0pf}V#A4qOq&TY&;6r6Z?w5lE;o;&)Zg(pm7v}uB^qp^ zRQ|8P5l3yb3voGGAmieK<6Qg}xRB6hJ-)oWV`9Q}y;lT`up9bytTs?RR<_?uz8!$% zj}qP9+3?RQmY0;2oX#{myB&^KH_`#HcKEm5-77M`fw_NqwH^Ga%d=jR(v7x+7pvMDwcOau|WSu$FS+-6;e)-#28VsIw)@I3s;CM+IW%;&YM zt-*RMx`!uVgA|9hzkk1G;BF}Mf_`9daQbYsUAx|r>X^hno5#mmItpqtH8Gj!H7^#u z1-ZQZ>^zsX)KXtf^mGGx5!r0)ty=BDsmCJEOP;mk4Lni-qji3p|Jug9Z|mBz`1R%) zak^m|*7e2}iTH%wfM{j}N$8}6w*bP7Q`u@Hs1~36_zexH5uS6^>(-p3NR~eoX6T8o zFDheYkwmDejdnBFzi|+IBGwAMOY9nh406&8Ys6koTg+XKtL^d_e@r%e0VIM3w33F4 zJ7Vki8v|#PYL&e)6Lza+ZdkszMjX%WckWTmOG1c`S4+&Fw(R<}38QmY4m+TgZDB<_ zj6E|#oaENmJgqN5s0%JLc)1W?gfyk*+{?_AxZ6%e>rdB#XE%1MPv8weJ!zNOpF?Bg zczNr4?@i=mmXQ9r|#bhbOU7RZ#*Nr#)g$hy|d+`PLx8MFP@m6VbC6`MecG} zPHN9O2GZPe9w61u^>ZnstzmU-X7+?bDkklW((i88xvh7QPH*A`+!H2zS&AF*$4bup;`PvOC;M2m}$)w!VFLfA|01xaY zV`QfF&?qbE5q?y78znaH1_vsV<%?vea;u@Wp%!k#W>cT4MsvBI>ZWzri!)2u9s8%e z>zu`Zf$RE``~_7+Ez&ugzi=Boa(lG?R{hIxMkxFLJUY7%W3p#hYhHK^^WLxdpK?ij zaGdCBK+dSruGn*hu=h@TyVGvq$5RC6wkwQl5Jr@XriWC#f9L4qv&HR-6Q-`a2@;R1 zEn?ezTv|B0)kL+S$S29z!WG?i(nL-)hV;0(>bG9gZY|5TrTstg*@M_6utF8 zG?4s`0l!WE^%qB7;;7u*{ac5p^YiDQ6^@bvilIl8Pdl3uL%z14=c|6|t3juwtJ&O| z8buoos@<`xtPzdcX6_`%}% zQ87WU$908v|8c9i{pHzn-z%|)qxqnsrLMUC@zQJQ@3~(4vt|kMz0D0}W&?GYKwpmR ze7i_YM?2}HbbGvSmWqJqQfDdo4W1u+Pb!OmR24Vr0Q4U%^Bc~85iE_4RD@e^wR$`b&zGg+=jo@s*d)Pvk$j zf%SIf2NB4PzO4|~;n4woD?8P&&>iHUm7h~50&_n)6nL+5|Jhv-y&BRg)btxRX^pP8SWoQO+q zz@IGQk4Az#=seX~!;C`kK!lk-w?fjGU3Tqvrp~FGgx_8OH2bQYuV(O26e=a<&{sFW zEr9g0+NgJm^z1=2N*;FJX0N8_=H&tMA_TTwIt?Uw%<g?WIg8ZOA74)yt2L8z z*4_ggU^q>wx=Za~)SC}u8v#S2X{RP)l1ISLpbL(bd2xHHSSgiz1Mdn3R!gAea{A>t zl-qG2Ij@ViY9; zbc8+LYS2hc3c{c`c6FZryeRgsZUSuEwLvC`ves1tx94>kzQAIU9EsEZ6cX6!;3qr{3AY2>&Pb+GZ#>L! zVIh?zdR@C18oSK>Lxqkd%9b36y@za0_x$3b>vq>1mB6KPVd6H8&8&{>Esz50pJU2# z;5X6-R?SxE1cGPEySgP32?0FpKhOE&iHj6x=p}Fh-YvDbR-z3wG<{opZD>gS1r90& zdE8=}zKZj|xkiZAjzu8x=p&2M+Fz(IZO$}4ZALW))6RkAYzlQ`ORM!g?-s>nM;`Xi zc|itW0mX@OcB2DSbwIhp{>a&NmYDr0{Ps8n zO=T`%gDQ>s{`x2q(~y6*5vjzY`0ua9dU1;%Z4 zP(6Bd=rjMa7~yd}E^AnRE>2ChW?9tu_N}U!H#%N$&uX@;W0N}T_h!Ew7hICm`3id?G`)s})zSRXdRN3BEL((mmqTU;v|C;>Y@3mAn6$fHZHe*C_x9Xt0pq3t z-wraeeJyn3$oq4Dw2Z%*7?<~U)IGX{5#T|yYne~NiwLXLIvKb&JzF7!=U8n$4P^Vi zsFj2>MqU%2FE1wH|5smEq15pA6V>g!oNozyAIaS;Wa^bMp0u{Q`mdi)l1>Szl*t`8 z*9>dE*YjqUgC{_RNWB2ItNhuI-Npa%==k?lVyNy`6Z(oiXz>5KCXGoS-k1UBF4Hki?2-@JPprn)^z1Fw#@-cK~ z^Qa$tt+Hi=B~BB*rBeNjN7?{Qe>=+Tv_tPDg5b$kIJJLsqT~ha?EDK0dL(9epZUdk zLUE}Sd+_1!{R2FwbRqAMI&=i#Lm8*I2(!H$)ZaE%T9L0V&)SS>JLvJ$+SVS}125Pe zVbHST&vk7!*=|LPytZ~3{F&4_1KP_X7%dR~o$x5sPHhs1#lFA`&(rJu ztGS0^<{@?PJ2rUch5s^J@E_6IwEp_| zW(jtB)g4dxWm-*dZ7er%*Rhw#a&V1<^;Q>t4XWA6@3#8t(Y6)C`+*&fiEhQa2!2T~ zB8K0|dTBAuI$n=a&0ZlM-|e_RM=&t1&4h0Iy5@Q?1DEO>8Q3;S~1@pzd6cLxV#*KQ#%(e2(3C4zrASo?I~*9MbMD3xK0|T#%Y7?;j@L$XJJ{O8Y~{<@;g2RD;Qn4j z&yME>9Nj8KvYF@@XNb=U-=mX~3b}xcN--hP{{GU!29*vkicyQsb;tLmRI&F2xH<2i z9%uE8R@z@LI^Qh0T~_x_xqlY5o%Qqc`v?xF)S6EzKXPp;Bmf-L!rk_ZX>D8j`e-U) zTicf4v-*-RO{~t;F!gTY!5-I##h_CK`MAnxdjn<~ zmwS^4{P*Lrbu2mXBrEPk&Od|@&@78%{)!5*pl3wa%O+TU$kC2wi5>hq!mu8uwxH2x zptoqQ@P6b6cm7-Z6CkhCZcfqw>%WQI5&VTK8D)$ zJdTv0k@Uq}N3!@z3mZ`7psT>* zff$e+PQCJSz2Lpeepv-x(5ZGEA|Q=hPC(OnG`;?+X6V7UX3~=I^?dSJ^gL@?vWa`V zDMWvvrT@>7jekB*o#KixzXx3%-?&no3W3R)E>Q^koKb^fTG zDIK>pCU$MQXx_2J3vuw^We>Xdro*aQHNLzayz6Eozq6m~kSm$=Vs_6qrbnx*6EU!{ ze?H~88=qeE#iJRn7f8&h$@|R$Zm9RKoblxO914nkmTNL-L4*3fc)Kqb*e4$j<2m+0>YJAH8t zWf3Q&`|D&l9V++tXutiJ_mU-<%Ji>E(EoU1>x2F_AuOo_cTCXRKL5>Ha+cEm`6Lx9 zm)ph*rEsolYXt-04W6KQVfg&IHe0&z4rXR%#gi|S1a_n!Ic5q?9=GErQ@QNl6K6BS zG&OOnpAQWFy|-*zjyQO4SB0)FbZ>U}OUvgV*9#83XWfa67tbANkEc^gN~gf}2YA2b z+-D?Eh@G~CV*-KH=1(k(hMg+?k=|#|;sQ%Aw;dk7~&onNrwmoPCDHh>ZSJe@DX*5+$Um_h5o)XPAVJD?7$CU-_}NA1q@2t>&TE5*rukYXdHJ&6o_MER6o(t)hm;a zwm%$yG3g3jzFf}lt#$<8UhGozKjjF!w9;o)1#6s0m1Om-;HB_Hn=NQ1>#axlF@@Afg= zIL|pwpF3xbZ?VeeZ~}BGhZ4sM$##<|&Llxr;?vlBZSyO%quVlCY1Js6OhfHso2FSp z&F8j|fqpChlPe~Y(F4#73*nCuMZ>9;>L27MNg0XXPoV@YjF@+vUnIiu%D~%tIyr{v z-*XAiQmL2}c zt-xFMl8p>{{T@rHTqZro9~&&$ZbS-y*_Ccwcu5PVJiJx(#A>HehRTF6yifLDbPJT$8`ynB=|)j;Hr#JG zA<2pw3HiDkcs8@y=fnfw^q!w*6J%-d#tpfhL<|4DT|{i>*TD66iZ`VPs0!mQo;`8B zM)fau&!iZ>|C1^F3U)dSE#51|m_(Ut*{m)tDSTMS#1jYQcv~pKIHX_;aXM2*&ET|a zOsnST+q@QqhbMJ%;h@*7iS&*{*Ov~s3qkK@kPtmj5KgsaHPUq>NyWy_Q6(78S8D20 zM+p*(4Z5#@#A1_G*}+XnT`~_RO-hMMGsj(M!`(-z2L(9pSK|Mm`(R1?n)@yeD^#Kc z-QqmmZxQQaPQrlzR_Ev?7cVpV(}dpL=RVAt*L4jSguhq@{*vPEQ%|lJjQ=&h>dULO z^Bbu=boGRQU+o|17k1K1y)v@j%qIqnQM1ChOv#YcrmUVSVkcY0;7`cC)}9I!55;$?{K9t87zUic;$KMQ~7XTD)KC@%J+BA6ASH z_CnkGvGolUA;NE2#hcY<_3loC5Jw4hS6(M-YMxwf<)_%Lv^`^EPPCMb>{u1onJt$Rvuj5`(N{36~1>a{|w0w)ld=bEtrvyS}IgC5h48~ zUe~0Bna|p1Z+IkVf1TVOKjT={NL*DG`!%}?E_KvAf4Zg4qfBi!+)Og=p(NE;pG25} zEmCnss$JL0!kDi;^#04sy%Fdx9KG(PtmMq9-_g`K>_FY2=<6n?JrQIsN;5FIGC7DM zhwH;+$QyFYz=t0bhu&lkx-*u^QNmNr>Y@rzvIEDO7~IIHucVZk+dIPD;gRMVcE~zQ zeNd?7g@G=CUnA{W-;%y<&2cE3=@8pK20CG|dy5r1Gr0nv%jOetpNBt-fHthf#{2P` zve(6OlpTvdAl&sKj#T0}Cet$h6f8DUNX*Ow9>2p%`lzkfvb^lqI^UQ8_T>XP{;qT_{EzZde+{|;XP2$NdnK;J&HI|oOo|Bz zLgRbJk(e@I7X>3(WhYsNg@KtIoARJgCOOshO*1)$MVz0s{lO!%XWu1b7Fb<37`7y- zXHvV}SR|9nr@J~)spe%4c&J$^rcID_eT1c|KWXCA`;e4TewYKdYv%)Z(jI*8>t7K8wxLC1I}th;gv+OKw4MxQ)&10)!e=ezQkNB}+ZS#M5QpoQz7P*pN5X z2Su@FJb5g0#|=zO@_Itp-w=jWkkOE7DkF?9=P5Tt~7X;j?uj#Pa-9SY6%#4CgOs(pw63R{X7O-+7EjjeF)V@W}z?#8Q z#-0afflvx_D~0RYc(9N7Jc3@2;ERtIf>xuQqgUBKv05FoCSC5hE6k@AHHdxOpLkAB zB|1zYe`%yj(?7Xob~9@-V?{RmXjR&~zr7ib?;0po+RNdcsb1GTGtjOOu9t4k$K>(YCGaV@co!XMkQ1tWR0l-ibE7Ke%$wzgc3)ll`PsH=CA3Y45$| zk*1UnJO)X1Uyta3y$%4@iUG~zwoE4#`L?35>BXl=Frz0RSKQRTRUATA;MXDE%W%4HZ|SR}eP z$MbkRHIexrI? zW)0Z9c2UDlxCuY1;v(+ItP?I)VqQ0m^m5iGu5sb4)7yqV()Ve8|8(y4KH(3ytqIg; zST|$R2}L3L6vFn0XT^KI&sBG{<6~+!?}VBeI|!|5I0d^49q&zIvQzok+s_>|_r)!d zi*<@>{sEb$q+D=h>tjRM8_E_!`_q3hB9~&Jq+@sbMWzd8r{550IczW=3T ze4cE2ps>BSiLcmf37=CJCWa&U?|QS^9bZ@cXOYnL;4|^NzDe(JY=@t48kIlue;-*} z8t9_OxVK!2e_}T3;evg%8-t%eBS8;uWS;fpEFUEy(nhH(B?cU`eobq)e#6M%u<5Rr zi(R`J-ScZ_UX(p6|I^+0cm4y- zEEavKB;l)4O?oau2=zFtC+>n%IYqEM(w=j>+dm<-ui!4HKnsL40v>PB*?GIKZghn7 z2`TOmP=37rvUt`j6Ae;X9U89DW<_Du{f@>@NoMMXsnu0MgMS)9^-l2Ap z=LF(yuZt2BH4a_SEhjSmeE-I%>cHic#9X*>*UZZpS_&FDQHF5E-s^<=3a20dVQ6GoFJ+P4Wg)jkZdCqmQWP$d$pg0+SE2PYiYX^% zi3ii03*j~vFAHRHcW+rIm0ykDFr^)pFpBAZx9+gELp&=H6j@HDk#VsLxY*l;%fn%A zrs#pOqF%s_zWTTvyt>jyvaz>tEufD3+yp^yf`TbnS&=!H-SRnt{*}dk*Etissb^*i z7qq-F9wOM$DQGou<#50V{DrX`eG-{q$d(fsIKH~~Q=8%3^=H1Jz-#Hi`T|jn?(+y; zwU_%GyTNL5Wl};xzNKLy1aH0ZQm)rhi5-(4stB>$V2;`lA5*kbwiMm1m!6e53_Tl! z{8;Kiw{zgDhSfgPae_lo90GWMT9s_Lcd&eg>E=;8%!V#MNEAWv#MWi~MlerJ!4PAR z@{S9VC>F=y(cypmB3%m6AtInEDqG1Y6}7Q}`d!=3}$a!aHjD++Lz<*Nlo~N zvxI%SKo^9X`JLGZ&h=~bxgy_}Gkm5{LFIglDmuo@PCr4#Jg1mS*O2oLqr-(E;7BV7 z80Rn;2OYIIeZs^bXD|%xlh~1rYh%VHBR>IK;rM~j|Uh&AmiYe>`x>Ac0r4TK~% zd}+$j2l?3Zo;ikZuODA@jw)Ep5D56t_ykT(kffG!6sNK5UW`Fco z(P|%ShjF=(6cm*DEV(irc4|Jpq8s&oXRpaRMZTMHNVK2Zrg1nJIaM$Fx!Fm0G ze_Zus+|ryDhjKlQIxhJiG=VA0>bCl)Sw^=kp3h$twe-fh56yD-6Rqjfu_8b)Giyg4 zA*6cFVqD?TuJ7Vw*lMG*m-2v>Bvr*bqOVphAN`{lD zx-FY(5+gl^Z~PU}oV{77i$6YvQa2(g(}+e0qOuiCWnfzw}RJQ6E+KaBq) z^E6m=(Ol__>WN)2D&uD&`F{Nt!OW5t$C99ufA`YTUF$q8nIc0c_UehJ+N23G^J)1z z*?{T|+V9UlUCiDas_w<}aw<;U_NjeHCO?C0I7>R-yorglnoGm(W(W(cPfj*xZ8*F|d^0LcTm zH6*0ERaURnDR0$90hVOhtH{kNXx@~S6fgBjy=E_XsU>k|>2)7C<;}x0m?`C<9cI@k zswa=3!Wl*Hcv#IkOuh&Qoi>GsKmlA|`_5eGuW#eO{@5gafBT2dl~U zc^{3qhk2;P7R+wozh1&ui8|bB8XFD|DlSc)dTm)sPvgdiO;I#MdOYklItfaQ97_45 z@4>TJx>depCaU@dosGQU`D*+F_14>lS8g7*dcG~F3dJJj_>YTWN`?y=FhT{@^Mei+ zC2=k7;WI~H*x`NwOtT_-%fX9~3|{G3Y;Bj0y;!ysPoJw#`oPRJk8h)0r6O9JwZh5_ zVG@vE-%1k^a5^hOngLIMYX6_-()skvcIZ%P9DnqqSp9d+>FBk;{UTCW;}1T%sd-;? zfr#Gc%P=HCDnKFnccuY`o7g0cs?{`&CTpwtb8KB_Uk{4Lx#F8QP z&z)gYqfTKO3Bh%D6d3ZU5$Y^YSUalia;D^;s?f-@*eLX!SSM;~<34M~CIA!;4NqZ$ z{`jpn3q&Nup1RC>MEsNx`r6c9V~T~7tkAG_fKisi0P#hXRuW#38GN331q+-?N{1A_ za*;E0im#hw-zr{3c6Oha*9q|RAZg57h^y{=M~ie^^{lNEBMIbPu9deYA@ya&ncVbR z`2?;ovW4FczUzAYSH-@5-?bDlBmo};%0xkp6ccrUSEWY^ZKp(`iiWQl)c3588P(9& z{t4Hzc=)#u0C)V1Rc%${{X_A`dXoU;q&`tD-d34Lh4besj}u0m z`Vet@pHZQibX;6$q*dc72+@mo^2oW8^JW`*AhXZd2Mey~$|J|gbjv#)aZf%Tw3p`If?IA7?!!W9G;? zL?q8&#dFZf(e2coTtECiI)Sr+@Fcy_T=u6y*l;9@ZA)JY2i~U1;p$;208kJdekP(3 zZ!n%w3eIIm2iFkw6o3s5wM(v63+N49EGPY_v_SZvQL zQri`z`E4_t?*=(Vn(x|9Z3-3V&E2;c`CE20D=d3AQ$H{ss8cj}R^fs{**G7=FJfA1 zWa+b)>@o*`V5Y_Ip9J*Suh!s46V}dL{J71Wiyd)PmffKZcgWs*|Go7--0~oAlJgf2xC``;v`XB87U$h7pNz8Rb;)g)4 zQ0jCd$Cj&w#l2?_sj0QF-E(`_p$H@0HiSK=Sm;sxkII|hl(AbuF721=#MSvB7oM8o z7aC2X+~+^9mMgkezFGsDCvEP%S4_0D7FUdRu13D<)*66R_V1SQLe@oS6{{(*U-DYW z6cV`EdwDtu?+u~v`+*;vbSxpBd30n&Yy}WPi9Wnzfa(NPgxn`HC+zeJ`ntUly*>;K zn~m)Gu~_{dkkaCrD>+jmO?AZW%y7Y(5Mf*|+cYtR#T;)ZRh6iuQ*_~@!@vTDJw%9# z)Xio>N>AH5Lvi0U6*+4emDZA_aoduGZ!w)?+77kp&Lo!C4?R!2SrbRB*9#h2YF4uq zu(lJS}WFDAVR!dVbhJtz{ z<2+x55nvY_dBT3}?BQ7c5lgP6q-#mHDA0)8dysFj&Rfs!;&~J*N-CKY{eeUSUvmT$ z7d>@kxI!=c)!3C`_$Q!c;B;H*;s5I8kQVn~g!dmQA9q0(9vXtH#%>b#9$oOru~mob z%+$K(w-w!%#gwi!LJzgx#Nn*dQdLMrVKdZ6ok`a7P88xEko)qzmGidiMG?(j?wv8I zdo35jP_&~)?{y#r2HV%o3!NT$0_zr1sKk3Ix1WkWwG_#tLRM`xZ+hbTq<3*PyLeYp z)bOnA-i`NASX7L&^Eh2ZX8sHYDI_PZY&D>`mx7n}Gex*WFt;R{kV4alyKW3)u*xRhUBYnvGk@aLk+wz;Bx=5h=GW|29azc{wB+&iz)R zb{&JC4#{Hs{pQd_?rIZP!9tsRcMaK}1;v*Vcf@OXJ5srlDe!X;udOJ_T?1+80oKZm z$WgmUm`5IBd|H3Sl_7bvA|)!)`y>Di$^2_mUZpaWMeJio)ru-Vu!y;DSu#3 zGW7|qul^B|Z`DdR{l!jUWx?X4B-XjBgcTKg;GG+O<_X_-TO+Eyedk?z#fSG(%)?^m+#BtFaprdB7bofa@P<&CJ!!me1ms9uFT=q5ryl9ip#y@b(+@^o z6MFO1N^Lvt=$1fqR?)JfWAY=xpP#UfM&SS8V&w5P77$;bz zU^&wNh_CD0ss)x}d5_wFAa~e89JWL&S~C62{P}lKL5ILGW^R~zYIuNB^i#(#`0t+B zWRmdE(SD%{IbgR8NpdD4i)%EG=S>T zKE5T}cj=!idP0&$VRUtiGZA2(${$T8i6!yZFxK1%Tm3jf5YED3r~6@3u7$IP^iTG-j!HzCLsQlNm{V; z5Kf`NMPN#jZ6g2SS3aDR!>6a#p_AceS!=RoJ*ys41Ia2S9qFmW>^L-~4-^`pQ>x6N z?$)$(m{zQAPWvTM*^%$0-iqh}rmE!RUr5{?d8dn87jbrw<5-P|>Bnis@q2;nwnRG;K$$y4>dFeUGv_SNOZX7sU9BlXePM)Sg9qgmI{!3sZJLMz(xxJQdpU1 zS5b2A8@K_K3G~?|Yj1V?z)3#jqh%J;H1u_^_ayqtfr_=WJD+)Zm-|;d_$H^E(J*v6 z7P^@E-h{(`ievqP^k%2d7zbcD&ZJ(OGm#`?&i;^jV(-hkdbAb3{U*1g3;UJ$eH*Mu z6&FJg7)V!n{&T=r0c!sS0a{wlA(Cz|G-S@IznHZJkgdU%@|D*0R-8-5#A zVsFdz(-6n`g{@^J&o8{zTYcIy=Wjuzg036j7->~{Q{OcTglDLN%Le4OBVS;(HDw#D z)8LKt>0^RS*1C^B$iR(yg6W4Q`e)n`FwNl}i|Z_r?#!9(Y%+@BmY0{jck)+q!n93QfajXYOKeMaL`O+Dv~Re@z{ z)G_xv=yeyxRI&~rv}?T3xO^liu8lNMM~78Xvh!(#--S=t$7%vRy^~2bzuozv!!6Xu zEVSDpl8dZ7hFddLzJBv%*pM(WRNvy}lILnPPNrttk?(cuGAFh=M`V^S0$#vsJkJnz z9OF+rLZdpXddTZ-hIz~MWo-1;_TQR6X8^SxnK^j=4c7{OOjOsMI!iO(kX)>Ab_VPi zwF5?t6ak9$O|T6CC!D5wOym=JOj;i|a0C~f3_K3b7M63~e1Ok4Ho^L8d*Da>(?Wb{ z@^nlhP+B^J3+)Y}*bt_z<}bSeT9gQ5h$F&5>(aR9s|tB7YVgLRKy2o_ydjH=It2bt zHCrTu)*V~$L2wIi=)os}apvQ*nx%ChbR$2D9JH&5EEr;NEuU2r{Rk_kXUkEB<6(Hd zom&BoBfjQQa)AqKfj67|e^-}Ni`a++90e`d@8n=J*PP@E;VI|yk1G3#Aw)HhSt zl^wXi%Bdw*s5(uHzIHJg=PT`>N5iEM7t%fMZ|=Jv*0&^z`?@@BCFOB>@t`|-b*Vo2 z9glrQhk3Qn@xJOpm+}Xyb+_+!>9{y=F2YcaZy#SRv&*)V84HtiC#S}l#P86$?pTmq z2XpnB0u&owN-|F>5@GV@1r3hgJh9MMaB16QMrI&OJNAxCVb+@M!TjaSSBsm~lFRDD zE&eC7)Aaef3poUYfgjen>e}yU-ZZ&@B>;S(c*+$-O=!HMFgK8tvhQH(D29hbGFm}Jr(y#dvZB)u``qb$a1RKI=89UYk#{+8+-#`C zunbq=(6E;aKDYq2--?PbQOp973JQR>Kt{=na?ct2yOo#FgJE@o@4s^Ig`df~r9kE2 zqgeV-KDd<3{|>!hnp(2K;GT{~Mu`bSB6#aRew`E0jAJ!|AQ);sD`~U$kP+=`?VM>7ii)6xiNVul*taKjD69;aPu79U4e& z+Z^t~fKehCjK_7ZK^3$4vFjWCKaKr?EgKq^zPU7iaUEcXQ%2}mf?-|@98n{DU1~)* zDrnot`)aBWRQn85{J-G#vjKxTBmV~5*C7~s@us*B>Lpz$Mi&`XmQ3tjO$>jzwl;~W zpML&i?=uoYM&F13EB{?B-z(*)fU9+B7EKVMQPKZ3&|ZDTu5O$Wbmn!f-3Xc0B)A(e5yxPZMBI zUmKG)e(m7&kCBA4f2#W;{y}5?6;_?DS~>x8iFay7#-U~kE<+cKb@{uD9Pm;f&)?F8 zhh=e-#jV&x{hM+2ZuD43g^aec&1iQXGUmGI;FhCG3mwwh=rp-K7*B!%U+=505Mrl- zf7z1l!U1<;?BbOn%3Qz}a@f0WQa{@gjAgLh$$y@0ZOV2&`U~k@gsVw7ZBGZ+*u_j^>&1oGSk<@R*vf|mC8RiMhQx2nX&$&BfRKlt zZ+0@|deOUJn98a0N+}A_^8VN{a*Q7NCR(A})7tlsAcfKa$ta!aGN2{J-%qoMp^hzRG? zCLC|4h)Lt?X8p|$>9FsXqAp<+m-nniqDJLcqY==8F7YTl4n*cx*JAlpf=#Q%oSC_I@a8RBpla+m6ndgp(ac|u z7aE4p3CS9w@U}a(*&7MRJJ!RTjJ>&pV<^s_vExZc4$AE>>t_*4%2l^ZI*uzWBg=ag z0!@iM4Q-}!;O?-I?y3egVe>+uGn%NLi~8P;JGU6Abods-kV3#3B2Mm#Df=I52q)&o zVm)YcBl8`K)>!1lxZu?5kxg=M3zh)04Ezer){&E=41jK3?A1JD8Jn|;YtI{T;p8ol zMx+7cu(a~ABnL8#2l6Y$Fs6n!|1j*IOiH@-&i?k4gNF?8`h4l&{iBbKPHsdVD&S|m zdr(oy9`o z`F(dZLafGd1HQr5KEQ*dn5%Z}mL*C`pz)T&P81n=ae0L_uQZVVpWfl1$l;>2x;C-8 z)iGd0^w?z>M>&vmn0D58Sp$RRJxY270zACsZbIulOAKP7jpB)d|E+UWNb31M)%PB! zD>aCufsFq{THLc#%)+a9wI=z;Of#TFv_B(XiJ4S`c0w^dxsnnF`HwNpmZoH&1C^Of zjN)_o_4G(MnEXTLt&ZEzr%Ks>!|anJ8F~~76WByhN#Z~LxeQUy)-d$m^w6xMREbW2 zkgER`6Kk|y@(STuY+Do5@~J)#%$it)bW%DK^w>B;*m*B(+P(wkKoUc}%=~&$2E7Tn z!uvUJOpFfFuJ&m=f3?rZGvh4Bx$9|irgtHEks}U6kwB-qJL6+DBRrKocti0=Uy?hA zy2K}Ir@hb7L^#K8#1QlFp%g=0C&|2d_vHm(V9{!&l7XG1yA;}kWs3F0Mb*2MtEkTx z(<#@DiNoA4TH!DRbW#z11hx;*k zv}(#;UB;yFpxT*7Dm;FWGzNAQe{d9-dF()@+IDH;>poLh{Tzya28A(9r9mJZL@33a zr%NJ)f{H7YKk1C%h)C8vwk_Fb0)lO+0dzL(i5g4+ANhIbh^C=h5Y=%RTXCy_%Q+iv zwBM0$M>%2(dkYEv|0(a@%I8d8%)aRVNW5<=550FOr!se@)2ZVkCfY}cPMRFSFCW$E zs=HTsM9@8sN}j`MxZh;=So-QzPrHIeJ77)2GB2yf*I>m|bP=@E9GhXac17;^jDms>mU`j44{JTn zv*BQ4jU1%_gh8XFJI%Uy9J9ejWP`)EzFX8x&O)m<>XhJ2QzOk6^B zuu`0A_-;8<|4A!%$m4JnWb{Yv(L=;0}1K{gw?X$_KprvG`Ta)EV) zps^{4_0RmauK!^#EPAzWgQ%so`bV?2E{vBr!u^dJ<-b^4ig<{!H56~zMr-gM@zPEE zkRozUEKB#SvRqGAAAbmHh_8uu?a@}Ki3Q<#|8w5d2^TZA(H};@8OcGdsB4iA>Fx_A z24D<-ikzm`ldK*TRFrSpIM;6AZ}^Zx@iL5MoE<3)SkFyfpBwln+OQ}}f22Iz_dC_F zN5r^mI9F$!P|L{Gi$lA3T>ZG>Gj?mgCQGql)hlxB2WUFIrR7c>V?NZ$QW%5I!{aff z%6IdV4cJ?nUqj^!`bH@xzO4u1&Te?Fkk_GPg%-Si6CPM!r<4}f$bj5OFE+!qQ*3Dh zHI4VhiubiH)@-la-LywXQu>CFbTS~g?}3t++?!)=T{d`0PmqWHJ}o=~Dl*SD5)`-k zY6>egzK!fd)4H4FLIOo{KTGfQaXLa9i;m5d^+NJ_hzT~(LC@*hz#CHuGk6ozW!z+^ zt{oXR?f^2RBgDCLm*Sa_in{8RITEAAy_0`!nRgLKH}KU;qGYQU=6WlWW)KBMIO}u1 z!2ieCTSm3jZjIV)DQ?9b3ba^pceg^(wzx}icS&eVk>YL9;_mL2;9A_>HMj)`fiFDI z-tW85bM`pnTR%d=fRW^0x2$`vIj^fOhF1`W%MSCNfC5kgk`keD6H`c}lf z)KFhRBILl-D4W9;hWIC3Jmx0$PV$z{&bMdjo%piZcQ<^N>V<>-js}?N z)Jkr;WptZ3kZGOb>FLxbjbH0i5&uwJh>IfKId{aIG+#1eY|2I$3LW<|%P!H4%WF&Q zJ=pLnglI1IP&SGH+z1xkCJYieV3T`s&m(c03}Rx(zz7a z4_ns*JJL4Ir{K-Z1G;PL^uVgJv4Zw&$c>6iRNr!X!(Z@Cor9-u(V&# zdS8mD4lzaTtqGgbv}$MH+jVb(m5abmQ*yj#tu6Wb5)xEDF$RAWEX&Yl9m^qioC_Bvm!HvOkXaASV+5Pl7WMzuhCX*g&S;(p{b4$NRy0mmCgSy}7#dD5 z5Jztwah3clDN7tL=$%GArwZN<)RY#jfM~-p9vWizcxyXF$aAK6s8PVli;cp4c&XS) zZ+ge7$b{0?>%5h((DW~I*d*PVR++k{ehVzwRVi5<5ATPV7u&*ua8px*U1J5ehm0zSM3_D4AB}{eIG&Pw`urg&x=cG2DMn95p8sNzaCNXTzs=^D=j!aoZ@g_AOF-vw?@n5S9qy$GJ}3(!i1u`b#7<3m9FjJ zcvHxDEWMtlSow6bRHKmYV|4>N?66%4QLr&nPhcQ*UM!lD*(E_(P}lS7JkCZd*tP5Y zpd~qdsD4Xn`Dfy-e=!Z^MrAEAlw5+{fR7)T`;!kZ%qFtA&cAlWu)4H@kFvf;K&;lI zq&Aqf$7N=qQHe6$_4;+KbGb`j!swfJf?u($bFOOi6Th}B#$~fT4?2^N zYuRy9leL~Xu)SzxRvupQfi~Z=I@wRc%*Um?wMiixW~=-uymg z1IG@DcWawSX))16j$@}VlAvBxL1?W?a~`N2J)!h^r7%KqKz#hd(^|%!ZI5qyyum*l zf#c2>*l7@BKd7&Mv*1q^rTuoZ5>W#KXBv@m83UV+{`5Kl{wL$ zK8{5nrsx#mgsSP@zfyy&9&^#htTCazRVl+7@*1j^d}%ZsmDG?U;jvPAJw5kQwQJwf zsWv^Wg}N_V^|qVjol@DCjdt2_p_Z{>Loq1+l^p$!IbD;qt_4-yTB5-BTf2K3=+5_l zG3+0=oR`IfGtoBHW`rBg3tTS|S@<}+?xnu0DgcC~gt&kzRefB(&!)Q(L{%kf+^>V5 z|83zYDNME0ZCJ^z#Y#qYC0f3$nbMkV&aWvR!H=2U^MCD=qJ{I_g}`ko7B!ABHU)v% zk1+JHY~6_~u^?L16?KnQz6dIwEWiC4h;2fzbks7_Ri$CN=+ttuWcsq4x_j{J ziyE;f3x6irMOqA?ZUXsKgXN6nJ^#ye!haV zlME9RJYEPRHk)ba_$fJWf##lq@y=(H0;`zi)$>~a4m zVY_7rc>(jIT;Gbl^rkb)!vA9V5&xqx@pnR$gWleLZ^glrz@t5wt0Dl>Zdgt=4nq8? zPcLUNnvxHG#9{5X!2y~zJ3^*LF6&>kd-n__>aH)`ny*s-=W{(iDZu*|*LL`8J)>cu z6qHebP7}pUt_U&+y*KoI?SxSDr4|%rbN1COmxbyTbdihEN z*SX;3kiP5OS(iy4wi?MR`S{k{)TJMvSDr702Q`a2jvX(}0VqzD?gSSlJ}dxxoJIKp z#4y04@-P2N>9r*Qeont=!1TJj{(k*;s@GqSlTCkr)tS$BoVy^ufN#rmw;~uWeVw-2 zH1pA|XPwJ%!Cl(mmWxr((*P%|!DYLabzEdrpeFHj)f*shF3xtBX}MR zqPvKE64)y4i`**_pd@FGqx4(uI_jsl(Gf%o9OSqc#4t`P<}}|Bwu8S~Ttj~x8MoyQ zPu%zB>FNKT%g_Rk+V{^7c^=P2vfC~n5<}SpNHY4=Zn-_;DR3Sd&!}%0Q19ooIIe-f zyBG&&Gj`)&?4hJ@m)$!OP7@EwO0f0ohZr?0l)#1(o7Mnb7vuPlDbr(R=;~hU(&*v& z1Sx1c-K^OS`Lr+R@+A2LWm=Wu5$KMT6K+)rUBbV> zp|K@Vq}6Xo|6Cs;8jWj2!*gfTk=&d8 zUN&XpG>0vIa8;w0UEax(XfZBESy0YJrs)2OBX{7PZ{oLi%TBuf!d@+EIBT>8b@y7( zEH&^jces@b!6T`P9|G3m+9Y=tJlB-VO%USE^@fj(}6#z-SI9T z00%Fl!tRma&q~ot3x}H|Y&ihSn+n5Tx96Qt@mcW7H*0Svg{?ViFnF=n(Vf`4wCXxZD_c~?8m>KGpUGU@zHlN;y z3odjur7SVljpV>yum;fAZ%sCOH;-w3o;IMXgxwuvCxrucE!8#EX z;gw#n%!=#hExxZdT4veJk2>F%Z>>>uW+$F@nEgrTL|d^?>;3iSKG<#EI%?n9edxKU z;79v(1Zcm3#E9gaD#$3#N9QUBU2UfUy(s}C{w;0-zhbXqQQYHN9&`8ja@H*3*eIm+ z?ON!&`B0f7>d!CkfZ~J*CC90x@l7d3uqbgcFgj_G#&DABl@rvBo0&^arlTCG}3DVXU#ob_=hZ582-}U@9 z`$L+6!1EIiFg~>l|CE&;zZtiEKfJvuFB=SwaGT&aS;$$QuKB;{=u{ZM@}cgfV`sEv zttq;T?^3(2t?{oW4*_K0G!Pz=@ij%f#NvxOfai?w0mzb2{<6xB_8|*7nIUK+EBa5SND!p^!~W?h1kICnWFv4!VGcPQQ9^dy+0iOl&sA=Y5E5b! z`T`~5BLVnM+G1f6N$K5^d<=K2o}z9v_|d%xYJtv0m2uj>?WD&MYrJgsQTQe4aYX<` zy}^Ps%{QN-2V9AuugsU*k=6Btn6HI+e4eeNS*R<088|?bWYH5NQPxRw_3^;h~40niGwmRF6T6PnoHN?beEgY^GV8cExE?SHd zg?k6bXb}d{2#Y*V6d-b@36tBl5M3>QZC7%B6d_^Z)HZv>Ek^;q)?j^D)y1-5<)1Qa zYdtg#>RoP=_=M|4 zP1*yt#Yln&?O>U1;uJyMuxf75xS_g7s?I$ii0Mw7Y#{2mT`Jrl-Ign3&*XUjmtO@? zN^~4|Qi>xll{s&zf=LBI)fE#p8M%GgP92hQQ!O-cx_T!jSnUO&?s-O4+-Yqtl>Hc~Wr)~D^o58njPAC$geOB>ikY$-jcpT+ z4^9pdJswBmgzvSj%S_e%nukTA--mP%{rUlPfAPuw`UUcWz)PMj-O7kZ1qq1( zKg5cH%LzygOGKpBKTWEJJ!PDT@sg!j{bDR2=KKA=4C%-? z@FTQbINpOhiRhw?}KG)s@rw^AXqlqh+u7DI}h#>(vL z5myu|c0F)0d%P)xCSkqcsy2;y5$+>bdl{H_)P}*jPy(oQvvy;-N^_^wex3iY6S*!U zF%$A!PnN2v*dTkk`F4f%9!jU!3R92R$BZpi>R#wg&7-fg+_%%O;kdd$qk2<+Dc@3M zD^YY@G$ztb&hZQwn| zkoGGrUm2#RwHG*4D0lK$n);Sr)BmPDlbt`(o@pBzX`~tVzKpy-Z9a9YbY1YYH>@Z8 zzR}xmpAvXFufuN`9MOS9_4Iu4hxdMNB!YWHuLZhzb!7Y`BAN!l2HQF36{P}leC_O6 zE4)#zbp6N@KNNr;9pU`~Q{s7WO9iR9(?pMh##CRj1Qt~7ceo{_&g?iu|I~B9Kr|^9 z73{aOT3_}0R^Fqt;G5vZego=Y&obk*hgco3fhxI+mqA>REdJDuQ;TB4DB;J5*z@D(Cw}z7uXN6=WSs*r+|%tXB0NUdYd|I+M(x64RJY%9-_rrPeRkD9x9vIyXfSrQ8F zBeqL4vI6?<)ivyEye~LzdE^3ucZt)qMmgZTO>D(&IZ&1#h}$^C5{Rv9!J&Ehtkz#d zVb?~^{iEe+++l>_q~OZA1A!C{G4!u1n)&9TBf^N)T6`9B-(k>l7KLmmr+3yVR>O60 z9bz^XJi`U_){b=ql6`l3ui*`3GBOk+=$zahrMmR9r`lG-k$GTW$>6mT8`sV^olr2& zgv2E2q`?JP19a;8mdS;)A3CG60)~M0zK3$6@IT>-3x346{Rkj%tj6xP-2EwpBK%K@ z0Ov=;nOvRgKbVRzk{7p1?D5g=)ebq3X44M?D>03Nd%-4=N7hJDFH$CzrhDGf>|Vf{ zeyaHbF7@vv@!vluf6g<1y}I$E4Lnp%FgHFpIUISh33g?pW@sCDIo?L`8s zr&hinPjlTHM^jW@)e98y8>XLG&FDZ{&#(ysR?zyII08Hf?O)$M&er-sOf3_-5F#;b0}F&jdChcs_;9*S8FUsg_vgf&xjy|MA8D^|DW7C7`YK zeSQOMad`fiC2+^V#lwtti<8*u3L@d@jw3S`;(Y9X9t_*ORsf8`$YIk7YtT6GZYU=3u&Zy{wY!hSGD^~1nbhS_Jcw?wOCkomdO2a0KzL0i?CgsS8-FqF5X}4FHsmaxsPf7N3iQZ z+GSVCd8@|R395@-Gb6rY;P%wXA{~)~c)4WkslB$KHew2C&Ue`^#xygqYdR=46v-&^ zL$w>ca+R(t3tAj6rSQGq*A~>%3#+you|<$atNwqOAO6`Qh}VWfAn0d5G88AfAtSi` z%m91@)EGK7XO&q{dB$B}bX5Xhgii^=rjYGAFW14h_a28Q;3F!RcD0h;cvQ)F5` zl5qjI7hk%~zHD`&v(>gYy6re`_TgR7a6YMD@=RWcKjAQH30=>M9y<+@kX-=+5Rk6_ zdNgSo2(c~NJ$8=tX`{AeU8_lA$ka5X`-%RWtEzH;XzFyrO1IS*coye+Wkh7X1Gmd| zj^R~Lak@9A%}g29*FYHr-cq1|ZEkR@0_vkn76rIvj_8aeHQ{Vy7BC(`A6yn|lOP zel0G+SSz5~c1y_t3yJ_L1~M}Anq4~qBOhVN>=4?xgamp7)?PR&rT4l((Zk@T?X!sM zjriROO=x&>*lIhp0PJ&}iCSqprR2Z2?eK&jR94LhgC1)qT%Pu3pQis}to;CS?YHT- z8L(N%dx#FWllkum$>n{6%Uvr5+P&=FvSCc@Vha%H3QxKB2jJ_K08Z#r(aTCt*mS1=Q_^;t|1jz zawkX&xJSOr^7G;|yw_6QxY^m>P>{IiVo?44tf zPxx}EoWTB3qFhy3W??~RVJHrU>WH!p5LE;qx{7mhm!0+SPxq2+lR|mS3Y;1Dr;(*b@_l$hIMkp%_ z_1}!OwL`|o@pmtMYcIW$!N>DKfe83~e}3NTun5eyPz%96A*G>;H0?Z+Gg@A8-j47P znfq0`s|H+uyXb#Dq!;#vj1=s7NRF5qQs>A0yk!xHdn0=h#wrj0xgz*#dpl11H3A(f zw^*~+@G|dxLjX7)Bjv?8@Szntxe9*-zH_SF_z9&Vu)C)krnKS+>T(Tj0%-W>yMWW6 zovF(J&tZdvy%ce{u?N7B2-X2K+`QNl|NGWW7JnNU)fbU2V|X_Ek<{Hdf-n$ECqiZoqvu>2o33mqVBc zxS`nIN=u*BX8vV=!}0_`ttz?AnC2GebY3joAN)MxfFh$T{10kn`EQN2o2@9-nkQ=c z!@niCHCDM-f=>gD*rvySYhs?;JKU6IN{&Bo1O*dng!$0b<%&`xk)!vC$9#R+C{c5$ zRry+LGn+cGZmC&wZ+=5uqPTYqj+b~<)Hjj8nEJASjcX(xCW^+4TJu~0gLr_O`APVd z4LW`ud%{uZj_77r2$=1h~|s2 z>Qe|eU;5mBFX_{8P+l4!6vHeS2f7o-lLu{q10$Tsfen zA?m^gNHiC!IWuQCqu4q+=-~uu=?{tOx*U&}3+0AMxp zFiPj(t&Vt22mP)4>4U@f+NhBb_dN{F$~RQ#o|i8d#P)lRQ>QybXMD?@H}#zCcxnq~ z6AGsr_aQP>I6|J}nqD`q+3}%za`2V#XPk$vJtNjc6m(tQpvgTB!;dy)x6m5(g%yp1 zGEDY>R0JTPP+qpw$q!lxe)#OyJ&)E}w*73pTDAD;Rh=qA*yB#J@H7rwQDwL7iO!1OkI8^HF>z5@+ zLAkG&L9g!+iz=mvCswO3R6c>-aFX{1mYq&5S8mj5!bv*GYn3YEB@YI|PYM&Ybdw-s zq?D8;>}uw&uFJjie0H2S-x)c5&IlY4_n{~p8>AfijmiS67aW_hmjX^P?_gcvDPnl; z!`+UAt=*-3wg$F^7eoF8I3VD9$vd0egrl}gc(DF?3+Rr|!w*!o`4NkpSCL{o!)nBM zO+n%oZ@R=V@F7LCaGUvGON6=bRp;czROp_^CGyhD(H}`y`loJD7%|N?q)mnNruOBp z-_{Z_=_G&t@#QI6YU-iTOVbs)=cK<(K(xG%UX z_w=*1G5SpLj{7mX=U0)EzTc_yl3acJL(x%O)50aw@xs+tDg9j#$cH0=P)lBVlNyh^ zf;Rjd*`_2g)-yCTx$z^t=aJP>$)dtfx{LE@bDRjd)oeHBuA5kwcVFe@Ix<2H&1zcG zGi4S(OG2*GuB(>6TDq}*?GpZ!f+-b|GUHD#Y_BF+&_3kbj40OCeslJ*fR+%w8R-Rk z0QeQgm)Fdp`*s~!fU?Gc`WxLCF=jLX9gjK%rTNlPr^rhyPbMr7$_iGfY*v$hRd{b- z@}S&(sC1}~r`I4e5yz10gL8QG2AQJI+ZNX%#LCNT$x@>27R;glO*C67aIB-Wf+MN~`6X zaGh081>))=Q$O2Pi`R)B+%-Ab%~tlzd)`9$SNxG@n*^(wu<1I);nq zd9D7UaXMkktFj^D6@8Xs zfzNjCMz`K2SJR?E)ztI@Rp$S|G~QBglerw4P13&<#5nhyd1>J=D>gYb+n_1$W=8_U+~x+lxlpO$>}lC77*`qjxJ3$5FoPM_YMbp?rgsU{&z zB9;gv0E@BzX^`t92GT}J3GS7=L<1~%PKLsyU+<^^4!9Uo_zMl0L`JsnwfA_np7+j2 z=@5Z@+~nP?+2pm~v`YFUA?8=N7OkN027GhbI`9>lgXJ-IoPToaY{uxl{O^uf1P;04?!fXSO!Vgd_+rVo#i#Zl!aYheWoy78p-Q?%c80oZmj4L_<`TX zG*D~%Wj8w8I~x;Qr1$UCb&$eT;PZU;&#ajlKIriIb8VrTKi#~&ZVg70k;s+48HV_*$j(*Z_!A+BKsT-x# znk~4&bk?7764#VN{VrT(@Y;*EmX8M{=Ps|m@%T2fSMiaN_19Uqd|`BfY3)zA(H@U*Hw-w5KobQWgpC!v5%eR<_7yC#g%Gz$(=pF(fO0w6t(y9QPDOIN<4Zl3Z>5nC%E^!Sap6|@u)_pmYNK&)HULLrI7u9;! z@d?(kYD9%kBTC}@8Dn9>nxVYF;Q9Pd4y|mwM8S4Cg(i@q6XxsV_^G!57>KwyK9~6# z%SmBbKEzn7-YKCE7PckfHpd^>u03`0=}26GP26G9a{n+Z-|Fbkn6UAUePe}jM^rVn zdVR#PglCHK5*JnJW!&)8^@V;}&*Ac*q7A8=%y1Ae{X@lFIF;WI7Wck0M`yzg5aaL)*Y+xQ24#b}HP*#`b#<0ko( z=HA44)l232GqNqvc>eW@M%f_9WTWboF3#Mi3Aa_;W>$UQ4o&&zN6<5Iu#0`-Wbx9N zQlYMr39$pMTJdVTh--h7vwrK4aV=st>0OAeO z9+&}JsJTW!^rLj1%XPj6R~Ls(S5(@~dBUxxTg@}9HR_mm3~A}RzrS2OTL*9?sX_I= zHNPp11Yzjwd@oCN9%3_}VO3eb^!Wq96L^CeVXgaX`p(*RvQy^GRFh&De!#ukpJWm3g449W$E>s>jceSL`|+H;?AniKqzOei;*~Y+pu*>A?~rOXa*P&z zBwPP{ZHn(K@K*{-Tmdy}M}PJEm5T$mu%@1@uEWGm?<(5rKwb#<>?4L`kg;4gX@`7e z<}S<*^#4SQF~=?J)hKLBe<7^iINlF*l5PLiwtw?0BSjxgEE!l?T9%#nCJ7}tsnCA! z>uVLx3~%-YPdh{FpSS4vy77*yh&nEpS}ZwCx32m7?6=OXOCs+$eRx?_cE9F}7=&~n zW0(|^eXO(0n>rm8lU{V`dE6$NgPpoooe)C8!ydUF9X;scdDe-yC}a|A2d?uz*#c=uaISu*D*Ns8k@wD zRCRuvqijsyo~a7r1m^^QyNafW&+T>|u4t>0rt$=+qS3aq(~g`7o9fw0-*VG???uME z83}B%rFc20VCr}Rcq`?~axp=qsZhW#SeNuNIX~Dnmb?jzgq2SNB;FfEao%E|sJ5r0 zn}H!$@`uPaqmY>G}z^;PJ-Oi~FNCPsxX?U^pZ1!7+7P;I_|+C~nrn#e})w1^6KxVfNTS zXu)E8KEK!;4m_cFxDt5WNd&+a6i9D|oXln`L~^)h3tiftEc*0PS=%{8k_!%}-a~C@ zM<4Q%ZMc+ROQHxfCzOlb)L=13<4!O_u8d;*470$BH4prj2EkVF-4KME^!fo`dRa_0N z#rRJh(hBa@Rwbe?6R{d2mgG$qcLYF{roOYG4drlO+M@gX`M&z=KNL?L9JSOxhuF&_ zvySX$w8X+J1+ZS|G53#=$fEhqGs@ft?xP97WpZC`vG1vY0jh~&lEZ`_ua85DGSb@T zlT+HIE)copihrzQ)bZlCem0uwb{hjZr6qEImHrs@^;<2eLn6~FP{0uT%EVwLgMvy~ zM!Lp>K&qE5ed3R!EQniMp!I1X*PE{M-(4w2A3jbbxU!WLGo+%Ne5Ed#Yxy12^F=3_ zo|@U~q)=p4h~2Z^PW6i!2&I6(y-sbPL`uJw=ruJq*2KpbkL1)o_qE*TX?Y#g6m@(V zj&BwM!YHlts*e=Ev=6b<&MI&T@pXtZ7$#s{`qN`^c?iES(o^2jin{ z4rO}!jIJHP&`+1Ml3O0jCDyHK22_jc)yjZqOo639P=8$aN?FEkl<<12=sll{iej-cAP$1{rmnQ2`X zKLGg_Gi)fGwx(zN*^E>pCE4?ENuRbg9*i^htI0g%%Ab%dOzcdmNP6zi@SxeNeXg`X+=!;DVjnvZmL5L@!6Zri&*5}?nQXIse1 zTd!Ey4H{lzM@Ec5+iBovNlD~)BM<%&93V8nUf{phzP^v;GpI{`YdVD?Hr~u(Ry|Pl zrPe_dk&C|m-R+Q*cfSUo_F<{N$y$m%&noM|8flQWW>9Q3bFJR8EY0jclv+7bBVYYO zyyqqNI|R%1o>o%LTu~+Zhxe*@pWepLb+o&k4g?5Ru5{@>5!=V>QYLJElG;CI*0*`A zA+DAoM-Is86GC~Xj}|2}o`8uU!FE(Q3}!Fo=gUyrcpgCaO15lVt1Z{@Q&xV+&*~_X zadG0tL=*PNPjFQ>7Z0P=Iw;@>zD>>}0b!^&b>nTV{l?sm`(#o_J%?vRw+kawAJMEx zHTd2XlVR-Cip0Qgz+?3NqF-9aLdT?{d3m@l18Z*JGkN<}JeqL{>)aa;x89PzPw*;% z>R9(8^tvq{^~#!+a$}5f>OUbjolJ3`YmlP`qvFPNnHCobVN!)5Y|xg2tCb7ox1Ezh zuPXqAoYDLuXEzmcc;nq5?wo4VJv(V*DU+LfI`P)^DAbbiGZm^-e9m%i!R#3ud~l|% zwVQ79d{Ex#UXVjVVV}OE%mlMd!-@|srQP}5JsB;#F&Ix>>?f{%Nx3~*i!-}+<>~vF zbBu-M@q0)nz^3R4&h}(znJ@>K1u2h3em>`u${jgeISeh)`SV z5hVw|IuW!ZX-I9gp4S=&rQV#zg2#yNw=h(dM0D?KhOW$)S*$i);OjzHvxEod*C!ol zUohBXnP)lWbYVhcBl_?AfWN-3r;bPap3TyarA8;gr1?|wrx_Z8&V92iBX)&3cJT3O zlBC)EhYF5NtObKGJz7SEMTiQ`qDg;`ww0+^xJ@bID*iM(yg67D6LM`704@a_66kN< z_$*={1PE!~8Ow)f!lqNd32n<$+2vwksA7LVpqWv{R9^dG45a&Jpz7ePogDKJib3yv z^N}U`9I`MwqUrV0i?V@Aj1*Iwpk+y~AxX5j*{Pl6pq1&%UQB6VU_bfkG+ z4`Kn*invWOm>WuL>Zu_e&(A}zkG=?Lbc8G=(TmczYXZwZQmzCXN2PnE9l5atw~t5>nL*#GEj^%>c=H}z!}22JvBF3zb@j)oYVe)g-}_PI(Y#632rxJx&t zVVbrdft^0_HIiusZ{J>#ALQP5tb9?)0ct)xuHC&6WZ}^g_c~||V2FhIVwvQVCl42I zWu-nm5Y*#RFkm0H1)khA1k5+SN7K?~`FPmA4^)c7Sh?;IsBlb0Pxn9jKB?UmI9u;H z_jRe+b1h^dZ*99A_>uf4X<7#3JN5NFWXwmS^xeL;ayH76)3QCbKF%_H{CJvPOpFSu z^yQq=_y~6Vz`pEjCvxB^!hS~b@|EZ;XstY;`&huS4KX7kjC@|oGEG*gK2P8q50}Q* zYq$ZSkrezUfpe6E?g1COV-@5VH#HA8Ty|~y+F?R1Za8Md)njLyK@3XqxqgQ2th3EGzMrPP<5~__Fw|Xb45LC(a zN=YSwyOEQBRQLDye(c^)bwd_&>Thw|zhX^Eg5NzIanqWmUz8>Q-BoA@XBnsnE;F{KX;QP;a zb^egW7&U>cajh?!rbZslAt)fPxA^0Pci!dS-f&9Zhf>}6gUV||A=dR7f;?nVxpRtx zOkaxO&R(6u3SSD(58F1M>DUv;mQPAAfB2r4_~k%!Hm!6+Q(*FqJ*UKvupB8@YpwV! zcXr(O7B&p^Xt^!Pd|_ATQ6y!2x{6e(k!QYSyvnQvW`kP8(78JQcPbj07EYTjeXT;M zVT_QN5;pugbG(Nk-#U&sp9;fuOrh3!L82;4yzzN)M%H^0-6M7BU+qzKhLKVm-Uc{p z5PTtm^*2FJN}VgbIC_ZE(ZXafLGgm(yMCG2nH@WaCw{d zm4`}uV|HJ7p082xsd5FP@^x{`Kzf~z8?}2dwnCzRe(H|zRSzWC0rWJ8nr~pPR`cR4 zgTz50g>~hR^!;0;KjB{oqmH6k<{p%Cu$|2J>NbL2uWjYk;%JEz_d?!5jbUBHen2zl zpcgH8T%Tnp4I!%1mE5{2uLo5w5AH~q`MRnDbc_znc6{#7CT>rTn6f2*!>psEV(KEHT9Hjdu)geC6rz(46kkV%nydtF5L!qyI#xI$Z%NVp!AT zC>JLa8f3Lkd|KF>Yf2LwTZ-RQc4V8j7VHD0CU;d~O7j#NHu~13cKQvy2c25Ss*uy; z3z@3c(Hk7Fb&rt+A-jZLX2)S6m4RQ7-_O z``*ulo9P-p(Jg!`q?4Bk2NuZ}B(()H7@;e~mZSG}9php`j}A^)+z;-I!UwPqnrQpK zm^qMZTImKJ^WAp4IElY4!;7zEO5mt{*3_N5{u$Ke6|~fJR^Y_slqRtcn=dj4Q7j9t z1(r^Q3=S|v+v-8Jubbb0Y*>W3TR*gvOn`jC|Ovl);u*-)-io0Lt;K#64RMAOruKYuDi0^>7aV^X(y` zyrk@8=64|vj`w%@-z;}JuLU!ks)p|^Mg6ZUCKXa12z-3k1QzNX&J7!!rFKVVV16sD z#yV=^4)1*$)g-K=xg4fnWWgTFx-t*ayU|C0wrQ&2hgonMgCa;CueA&XFuV{Rf+=#XA4zk=Iz3}i;@`RiTPPm?Esj_-2T z2D65Ttdj65MA3)Kt2a8*@aN(me@Rjh|$C0Zbaj z<*xh`P6mbLQoBd?eis^6I%z#KevU*7bdOgsb1nW8eH{uHkU6Ww~!y&#fn&_q$IVhDQqw=MyHX#H^y)TRn)X!=MCH-}4NwnB_z%19bTn=wnx&yR?l@Kx z7z2z1qE~l=g*t58EkHzUx4Nb@vI1w_WpBi;33%|M;rbk+xYNPI`hY+F&U^Vl;*-d@ zt<}zC40o_G$w1?`=lCObTm$K>jD?1ISV~r+(JZC7L+7&V7k4T}YV}zIUV^M|>u!s- z&(=`Vf2jH8OlwzEO==JPewJA>aIWZC_Nymq|7RIsox`{$oC{2>&{%PIpJ!dxlQ2;B zCCIg&&sn9(W(k%!JYl+XcT?mlC!?dwbPuPGTgxZ8i8%0QP0oT6p@W&v_VPn_EmE+dK79d4=z|iuu3j*{*h&3WnrR^R$ZKE2rCQOAlfk<*`oZ)0 zoiSaZn3%x`!vwuFM7=HRlSZ}b(RI5BgA0O2B>;w}Dx2%`e9zN)(an3`5(uNT;xWNq zqGfN3GcNZgwO5xF#rI{TjjU|~!-il2_mq`4zokb8to$Q6!l9mlX+hTsv`2pD?T{6O zTX93>uuKP+xOs-Cd@apEx4j#3yJqZ#vx|tpY7*!T0!ln{@7Q@R zP1dsn)NczY;ki=U@f6cOLQE8n-)uBm(tR%e-nLQ}Y?LAk$7hCJ{pM6k=aK|gQ0jW+ z()yJum*jFqP(+n_n$)4}58I-MnaKe2FuHp$3l%B$YEM&pn|maBh&_|}l^{6Bd&bfZN7EZS zN}A`1%;tNI2IZ({`c$kuv(oZB+!VKSp8?;=qS^vC9|KZ&&;**>k{tH}ABSTImGy~J zx(s&3F%s6ViCjSWXQjcq(`jMe>*6zf+clIL`;><0yt!^^hl4La87%2Twj$GTm#Fxx zj;q^03|$Rj(7Sgc=9a)%CLOJp9_}xq9IQjwTV!2rNJ37r9o7ARAz@?s`}?f zgQpJy`kvZFqWqTgB{h*rEzVx%R%@k-Y9p5q;t;CI*b0wHfd*T=GTx`99umh?s;_cu z!6WGN^c*(Q6>3?u`qn@`*Rkb+G)%1>Fk-@&HnRpDUIA}X;2AHlokF>Y~{t) z3*Dy?2nzR}X#shVeR9Y9XZk9NsiA4^gltn%)IV`wsc~n-P}QgH92A86yF!qD#)v1) zTseNtUIzbknq5$!avF4F<|A2EdnC$syy>ux-GW_;5fzSxy>2>Be3wB6N?B@rrbQuk=}U0+>sX7+TO zx$3OlGh1U2elIoN>&iQ?Ry?I>BB24^O;#3}xgu`D{qY##Y&_i&>s&m77kWL44Jpcs zbo1XhIyPA^C7WYrWOc$>?3gd!lmCB&ePvi&%hGOehu{t&1b4SV0>OiZ;O_1+xI=IV zn&80+?yf_i^L^*s=l)sG1G83luhmu6Z&g>lt;`>zw|#=9WLD#( z>Sd}hsVkt%W^VN3mu*^5|IIgrJFjSz-Rzxh#}71egakPOJOw(Kc}|&#SqcL5iv-S? z=ra=YA}Vg2qKkOJP_xzFRDl|!;AV_b-QttB-1%+_<4Ccmsc~0=tC=WkF}aFaJtX-j z&Z4Nk{)gQL9JN(5iNriusZBm9HU6*4^~#9*s&Mk-TMHraP@}{x=Ai@x3knCPLJc^7 znYtbVDq+>pn-Y0;)tHQfvJ+X{%G@6v-x7{nvesS7oKOsC@!t68WdgG{S9O9i=ty%+ z_NS{nUry;%9jUG!YIBp<<-EeJsvLT&eW-?KAEo)srOWd;96m)j2TNbLQ$;l^3W4!Jub4Q`6be_GQN}NlH?^O^VGDC-|GB^YeBD6CyaF2Od z^P%+Eg*#=tcMPn57C5HO=**>b-266k_ky=9Z}eU-dNTW&eCFM+b%`(x(lAlArSo}2 zLRy6^<{OND%AMVPQJUxvsx`2(928`0?#p&PO%7*3X(IpqY)JGv;2D4y>8k6YcgOkw zYV2f*zRjZ)eshCDV0Wj$w;GcDbiChFWx%Er8wiJl`jq`ul=4h%k;C{0GJP^*n|*Zy zo3zsfm#uG}=;YpX252LA;qF1>A{FZ}H0=3lBUrR200u66$Cd`$b9a=zTlK-X)}dZGC$#VSshmWLV@dd}ypZTa@?vpYJs!pl z{)Ci|vb&VEbY2iZe5JN=F}m&Ifc`N^VO=Zg8_ML_cgG7Bc|st0vF=Hbtvgh8neEb=7Ik}r9<2~gJ%TJL(*bebWx!H4zXAdo=`AU0lKNIj5AnhAFHWM&PN>}8j z#rHzakkQ>KUAy3TxVN`g{G*NQ0OBG^K}oHe-}|W%Be}8)1)DTuOVr=3@yV7P*dD-o zPNa|aHA|opxsRk)@@4n8A1IF++O&Rui+XM=(aTE8E`gDJ zz4h7F8Pk;$YslP;%AuTGLA*-qR?sD~NW<>og4Ldo5EUOns05piJ^0;-+Oq&jVw;;? z@x`%{q9n+fDPzD`m|ZYpvn>gH7?GYeWRcwRC` zqf>*Xp=p!|Z7*i_N`qtUXl{T`QM$1vaqm*ObCF{U<%qZvH+4UL>XD?Kq1o-Kn?@%e zAJ)pExK>qy2HD;XH;26GdXmE|WEBnev7lzuILyuL8RFnV3whNubbvuW!W<&}Mkzrl zaf;d|Bxg^FL?yQjx&l%(Sav5+u_Y9YnRi;)UGeI>qt2T^t&^*#-%mNbayEQenKB^> zxS5uQ(>Hkj45o}~OLFL1s{vscWn}ai2WlfvdD5G@W-#*6mal72X$0?hyVBQFN=4PehHYY28>fv@?Y}=*;~=okL2aj}C?W__wM#D* z)Tf|KV%8sbbzhZ0KIr?L11v?C+y>C=n1);>%?Q2MI1TLk9P$QIvjQH=Mnu3FKeKih zCOujC9$-ykb7B)9WJGah! zvK`TC!yNuu9(H;DT;9YaLpcRMyHcG`uaAZ*!}2OWlTT}Kwz7r zEkme{E>%s@JDok=ra4op8zl2LEY@Pv%LvGys_jy_KXtNB;N{M-s0=3vg8XIT@q2Cd zKNRida@694dn9|{Okl6qxF&m~lG9KipcXL{h-5axHVB$Ls^=z5InFt|!88~+{g|!QNBaVd(d7Q2cOGU`>rnNcc%fGaTf^_4 z&P}6Jyx8|BS8%6%+=Njm$x5Gckb7`Ej5Ysa5r{FvjISo>iTN5KH4eH(l(QC_Kgsw@ zbNK?hl5HH$A|^N{F9L^|{EIFvAnZ6PZERO2!h5}Gb8SfbCmax2T&;)QUraE)!z)ZM zXU-3cY}r;^v|02OF!964hjt9dGU)0I12g7fX(XT-et974I5IB2RL&qXo!m7?##AMY z4Y6Cnw%io?0YVcpca0LVUdFKD+}*nPnlGlJK+TxSFj>cnR4RmI7(z=~xSC*{R{z@H zog-sH{Mj^w&SUs@RI{EWScnfhiaL5}(0a}LJLvzNfG%lo_m z4%t;9M$Je4N!QIOrB)4fg5LC?9H|ObO?(QfvS~K8BqYiOr5P?^lN6H$&1(;Kf;Ovr znr5?KCsN^#&5{%YTd?{rFRqEp^rrDtO$^8NA3~18z%i;-fUn6&!Vv1#?@-)u&ekKG z7FkmHCby~s<)ac44qIaA2_>;7(BuNPIJgt(IFO$LXwy6&*jXI(l&gV2LyevD1^WdkDF9u0ioi zs@+z8 z8_*2K^g&Mf<+l8kUNaIwCRxcN$83Wjw`7YRX(-U2pBT<~^?h@~^L{8_{_A|;+32mC z24Dj+i6|N>z4lPq)BW7$21-+~Fy9&K^w0&ocDZ)DO zXZ_>w`^yAIkiTA%m?PGTLRP>lrUY-7SY@H?$6YCY{h6>?AQ3af?0|&r(0b^Fmivxj zJUx!K!?Q$6unIJG$J5=dedw*)cZv)>p*TOirFDh5Kx)G&FF`@GTn7JEGU!Ua;{$7c zYZyKDElYSvbuJN&`zf8=Yd6l_ZS+mS-6z1 z2T@vpcjsbXnH!}Q;kZ2-9YTYn%;nZ};UU=QAA71QP{YUTa_l8ARow}wg`jM#Sglm& z9@z-HwxmdV>ouFkPr(OqcLsoni4n}=2uEecx^c}3U>$x8NR?iMgUa8T(YePuVy;)! zBv8>@Vr|4{Ax@@!+YM=09{8~HWy3`o-iYl*--5*!T>hIkeE<*L6X&n~Z1gf2s#HR$tX(M2@&}C`%LV z`NIq%?9;jzri~edpiCqVP#nA_Jan(Z;}B3-(m+Y!Fpg9mqj`hjsU|P9uP{7D$LpKL!-93w7fj;st}eb1^2@vLib zQH;c;=)yMXh83~ff@-hVDD8W{DAs124^@Bq6^XR6&Ku7nt{ig>kwQ(uI;LE}v{~@a zeS*zjc{%mZhA=XfuQVGpHDu=twtbDff(k2E`1QPCS>TF4wM{lgp*1mS#lhwaI6jiw z8uc)A7`Lr&(-#QN zk%pZf1HX--&f2(D0TPxDF#6x66v(&P5^KQJcv@45(dtK(H^MTqEW_!L7YngoBX2Ef z{VX&M@bbAXckJuZ?ZJ({aTr_GC5_A(!N3oc{t4?{ny*_Ar%gW+yoX#iT;s7@_4R3h zr!M9U?&{NkD;L z)bWB7jV9Uw#!s11X0d|r1PGj1WyeIA-qBpTNLOR1zhcwkd1{Gbkq3aT&iNNhHhk4> zR71U44PHpgd7PHw)997;!dpdO^@_JIK*ZMPddsN{NsG3_{2RrMXx+PmA8V*N)9##+ zDZ>k%?8=aYDsO*GroK_ahf@qSymi!11(Lb_+NvIylR}o;Fi6;7YqeE-WfAFLzF4J& zda;`&5#tCnp4nSpg{n{uue&|VY7zQfq%sstYQ9c&L6IF){-Ws@3vwnJchF>-OD$fi zcJlm{qdk}Ky3c26XlxR@@YL=doWIJ&T5M&@^P#>9k36rqf@WH`Q1Te#amRzFOAiuY_Mq2Uln*OSOYvcsPezx5tbg8WtPv15nOXt zr|Q{UMrCCs+_||udP+?xOD?oe#`bp&?Y%F2drTos!#|Z?eSILx8Yg6^Groj|rc9#U z9N4L)Lcb#ItR)mn**79?siko-ZRRM|*7+8>S@4ZS?GO0Ok=QmG^`>5Z&7(u%s$ZYE zZrE!8eGNG;=J=V!64sMhSETDsBHjHpTZ+CC>k1GYI6`x&48R~U^ea6)xMMb%lP;1& zwi-VO1VVD`nSP5);@>!Pz6rP!2{=ZiBw+ZJjP@rr7<$Pcw-$=t%WLOb$oeoA>zJr# zeaQuevlgh?yRa8d>WN`yBh!)FB+>YE%&>~BavbQJN1lbu^P!m!Kd%XKVr&ctP8Qx? zt;0ALTa9^kDbXmvPnB%gBb*>Cl(UI|Si&CSxv6V_TKhhHi~GA zu8CRiB7x{#hGT$Z&{27YRS2Rvk%4Os2P|3jH`jW!A$+f5lht3)B*H`mt{kyF@l8}4 z$5Hd54EAzvi4+}XfXt=5t)JYl6sv$3siad(%q}MfR(#m2XqOqMRi9G=37!cy<*r(8 zEYH+k$+YiL#^RU{>oCJo6w%~hNemA5g~*{%3|lf5waBc+AlXD7`p+O0haGhG( zO!|{A30zAu)CW~F$oqyzHepuwSF0+_!PO%#dh5CXvObetCN5od!+4iGFP+j%Qt{_V zknn1QI`OvbY|umyn|7$g*}oizRqUDQ13_QoiO*#U6Z*5bb!bv2C8Hi zRMFm~!yZot1N^gL4HH*=uNr)OdTAu}JMvY$(i(|#S9F3(rsaAl@oLvE>^4B~^G;)w z$~MjzQ1^BL~ zleeBidp}oBkQ-*sLRusp+mT@Xi*r#RBQyB@C>29SCgD&@?Gw>An*j=;9!;+lPsUBn z@z~C;R6Qc9N~3{Hx9{Y!@kYWf#|iSAcD%jk`6vwIN!>52Dsh-h-e^PDu(z^McbJ&; zd!$N((9Zk5t5UPRGQ1y`CeOp71IGzA#I}?gXzh*|^uz;0=giOCEKI>%mX~GdykLkQ>cJ_PY8h zF{8v}*BU7rz=nArlaxZ8k%vOH`kpbbMMu2C3zU)zOrDv9YjM^i_sHT<#dUY6%lirQ z>`t8|V9dA6u@h-DPh>OdNP*TGgg2JHM+lzZUI5=xRHqj8!}|5<#OFq;*kc>K9OzJ0 zJ54I|4#zA|CpYzu%Jr>!ITt5B^fidL>ASokMEUSd$h9KWDbOuJXsEfGZ#fSDv97|A zCNX#TtW1&kjdROJ1l>r{3#;##n&#PBgxDze*UqCSKHs|rA%^1qc<9}m@b-xI#`Qma z9c*OJyDAa!EjupZZ@(>duzD>-2A@y&tIFNvN(m9I8#Yv5{fd;bQy{2(jvHbJl{PZV zvKa~#D@?&BLfeZOF?i&L0@^66T2C-c##e$yX--1)?fnx6>1Cm5ua6wY6D~F2b`UBIF6Z;!&<}9O@U@2g`4Ku^DH+g4K&)Vrq^&76D&*HH^ha>3rolzX(VgI z3@qQrE(LGvJB*>tmoi%t2(TMU!Juz{2uM_bRt1EaG-12(NRkKQwVV27*?B5kjq-Da z+O3bMH9YAk-#Qc97P&&tdZJop3Isdp6Ap2c;GL4aI1z_aV_t3WGY$viBkc?yZUCi- zrOy@0wqJiH+Lj*(_0?q{(M5O*Gjq~uGQ4X7CEQMkWx{al>D|5d+gdW{^EadXS2941oO!4E;azoAaw#mW3x`te;J+UaJ>jXVg zj+q7i`}CDTPnEbZ>C2wN{k06ZU}8;{C%Dt z1QHdzS7}Z=4mJmx=KVS!KEc#7$9pcYTb#3JoiV8c6NEFz!|g&Pn1vmbjTsm6BZdd4orIp~t77Mr>rV|RCN6jNx)9WO~f(-IjjYND>$q=et28Y z4P0*Z*rDEki<^Nf9&2^b)}Qj?9>J?Pk<9X=dY5A*d%S}DXyI$OOD35a~UaS zmInFfx9vS)rG2W4YJvoZAuif2M6V`ADsaLYS?IAaUIC0HV>yxL-U8T6=fz;mfTPwz zjEinjX}GlRC%DZ3Y({lYfypBgD{b*C)(WH!%YZN0 zD(ae-Bu%F0(_{u@Xc@H~hm> z4{$q?_Oi1yF$dLw8;VnTmR zVc9$HSN>>sr*06(fxXUqztV*f_t|pCKMIVY+(S zW!isLK?$d+r)S+v-!Y0Lc>O3Cvw-)3rU%r^_`=pxlwCuMd+w8{7x{evTBShVeeb(CoQy!FA9e49KW!+X$OuwSA8V;HNRCmf}E|c zSzD$^BHC@{MB>Xy?^D29UF%}uQ;!Dbj$Ftv=GQ)$uC-%ISKqWr@~V%rX&0*Fm-D?x zadujiX7s&JuJ1^3nG);N=kA;fCNSu(Q)|#$Jkx5KVy?R*$s1?w0E07aE@mrc8jEzm z@a>h{;$LG}K~C7Lb9dz(LyPBDyksdYaI&2?N~!Z-W4G0xobyk5p|xClk=yj@d@@hs zRojVJe1Zk`r^S6mW=}nrxPks1{Z-ps^m^i_AI5m^8Phcj2~4~I+1z95@&lMQz}g9wBB|YEcx?n z;VkrV#gE@`gj#!3C#Adg>25HP5m9Z7#=U&V4&%n)AuiUR7w+wVI=? zmwG;N@5bqHMLj?}nF((AE4kTV zjyG>eJX2nxH^qr=fk=TPx^zdw`#XvSLbr~oFRCIx`dMnE2eGuV9!h!f;FGWVy!8vP zD>S~$Ng3>NrgW}SCtjvo&NsY|cJZs@d}l~p04=Q?NMF)3;zROApLJCFy=OiZGnda4 zfWZnNKS#0c?wGv;kr|rw!bT@}^%Z>Yq=uF+D&&xyK5&-Ip=!}+^I7K2h%W@UsI@|7 zC5rK@mR>fy+d)y0222SkpPr`@_qSVfEigq`@Oe!rcq&@+<37&sf4zhzG)%0lG+H-x zDq8<_ldOeOb~5Dk@3>rZB$;!UI>xUe$%h^P@k>E+c5ggruDN$N2q07Y^B~A8>}${o z%I{X7P3e+Do!oaY+=&be{}gLgz@s+N{q7@s?r|tjvoNr{oZ&W{O^{uc17jfF^b5OR8s7Io4Tv*#vtoRqJ^$8+?wFimH6mkV^BCP!W>^mfm7>KJ_lu;#(wV>7;{+DL; zN)&f5yzeNzMYH<<2VWz0;IX|A6VwBfu7@pM1mZI_jH%%gC6#M z7oE1^DxP*TsjxDx7Pnt=hBG3*X}E7U+2T-`EUSr{aE3LU^c=~*FBWEvk@++I|N9bA z{4bz=;DXtf({-#-fH`=v5XN_Y-2_qfxYbFl=+fzx-UJ1zVs%buZ*5cCqD+NRr zdLxsP5*S9$FzF-d-(l+9>Toz*2~DiC+}L^$cxOFe?wt{b8D;whGLS-g8lt$1^|(ev zGa}sByY3Y!dT1wO#!hu&!uM^(p9c(j`X3+I@4T#Dcx=Lh+GaykmSiol9`<=wEFdI6 zP#o~0`xhJBImxO2`LTV&x*qmirFVoCOQZZl>FT0+n~r*5WNz(wI9&?>e{vB{GtZZ- z@^-xMOkXeHBDetZ8TZUV`l^wl=iT$((U@oL^^Mc4wOU&E>-m)Vo0GT52Q$CZWjcE> z$cVf+|0u%WBL4S8dg;5k)Lv_hgO7ovGl{e^dcslGf8>0SXXkRpmF;=%&HJxJQ$F%z z;TxwDkW8MQvljE2_UXmv>~C|s1m5s16VX_u0Y!|j%47}8HN8ntG~xTI2-YorZ~qOfO8%=77<6%NvBNX%q04^26CT-Y(m!E z6rMS@FJ9RAw^@iPergvayMH011c%F2XmWhgRTTSVI}9%b{^{p4vV;{ai|>7%U%Lf4 z&mz>$7t+1M=}~Wg<@(zb`%5wZ5&GYMwgmj$Ge!%5XVt(d_^elr!l`o~?pTxobm`J+ zeZj!V;Wt7QJ^l-e`?Mc2UJw{m%YSafW20oe4X+jl0mIn(=e}$iIonu1K%HBO3rAyA zro7hq8Jg(W*@+@~Rd<)gUI9BaGH~&@Jjzdu1J9~7Z2ElGf8^lvlDCYG3>e5ZZcS$B zpZy3F%F4d-rC*-6;8_#K6Sm7(7@lLW^l5+?IdH>&vPmcJA`xM}nqTM@GVs+U(Fg=P zguj0@ks+n=s;RuVgrXLf^^>kFx zbz2w8eukkh;Engxb zA|kgl*Et715lmE0hkgj-oLqWHbz_8YNZ0YmK=ore+pA|kku2~D>f>t*ocrg#kZg0d zz&r&K1?O+pC=?KZ<^HF$Ug{`~jXn#)4XS2Rovh4=#mX8m5>XlN#+QeO-lsz)_LCCS zV*zJR_mQ8z-#K)iX(2b|0~b;FojucB{aXh9iy_~hy~y^0bKl-tIBg)X_^~_ikXbAU zJ{@b&dxB7+JI@jKM5{^a%cm^gZmpU(8Xn_%PKXMk^aA&Pz5nIOXG81T-pL-eQLD}D z??W58aD6&2ZEQohx}8D(GqkL*aO zQgypnaCS!(DbX{0*5<<@3WmMM{5OU-tl9rA%m2uC{OLQG+ux$z%!}cV{C$Yf&_`_d z#CMX#gm%+@Ztd#As2a(`ney=Vg@+PZl#ZqaRJB6CPBi)xy@dDAM`=}p>zy&7O7(K; z%>tsF&9+5;4$=j<`qNS{Xa=r}KAT*N>cyO#g})QQ>cASeg;1|OoUm~?NYT=Yq(vE& z`QmpHVKnhAIK5)Od$>0O7LUZPkG5ki*!1|E++GA{OP2_AF1JPW><1dCIS|b62Zo<7 zY}ErDt}5BFM>RECFtX)LoGorE`jzzEBq03Dh?SLH({Z99NOyuypt!qU|K{plJF6cr zFYIcKl*f4t*S0@!WOx*cMtVXM{Ntjp=%#QNAi7iySULfsZM{XeCIClK19RRdjOKXC zlCH0fu&HSZH{JEXeHys_ZMd?BW&+W>%@0OAQv-YsdmzAL#l5esZpVu_VSW^>5zPP` z7h(!xAi-IO-m<>;Qx(HwqmmfQn~dtaYVLARuKt|iaGh;;z%xXvSVL{oBdWlc=Qb61 zktzE6Otir1pBecdvvdH1_XkJC+r+)JeP${SC24wS+BD%vF5ib5GDrFLF^b}WR-&*H zRE8wKbN=Y;!TWiifVe&pekbU@WUFXle%$AKN0alxl?TV+8`Yu^q~q^e-f=?w3lAv_ z&A?x$@h^{#c8MNVjk>J(Fey{-!Fv8^{h}8*5Va?qy;V^nx^=$IqA$1GMU@nvRJk4s zynk7MH`(-7z%S9`YRv#mwdTvND!hDzfyrm1xzznD<8OI?MLedFxlvEe{tuqw}AuntW#ucWZ45 z{P7#o@ckp~hCUDTm~Y?)j31xM+V>qNhEY~edr~)&Zz&znWVz?D`Zwb3-u|~wC*yJG zu@yD$JGK5>x(}obNbf1940hxMp}4KqAX%`90<*#39}qC{YU2+E2msg--OIOcy?#8U zvbEKO9{*bTjvTltWJ|gdZc#eFmAjmOS}xk(FIsCQ7r1fCXTG(W+{I>_eld7nyKuGQ z!JZv+wY6qoY&-~?4RC(pedw`yzAoAalS&#M$G!c-ig)8e<6=HLlzCUH;nDj@<+)Mm z;vjc*;cV}ym%5#6EW+FTHhyrewuPI zqA|M%D{D1ofVb)Vn!kjOx-d$XzCGk8|an`yRcqSdDQ>Y7cvJHF+RDHDSoB703 zA2mG^(^R>&WdtSbc8eg!(g+$9t*{Q_0z9>Qg3~Kg3wB`uEkATEdz_;L#6K= zd#e?rF>v0ZUG@!>qQaV3jSuW1kc{x2@QPa$TmQoc%?`Rt(7D6&C#zRe9m3u(jwpP| z_Naq7AQuQ}d=kMNjdZSWu%|3CMMk+22N5yb9v$)@*9mhgpZ}OS;6xcF`+L6Z zk7*EA9)brbfe_y$Qyi$yF?=J$=DVeN!GJ!OQ<&>?|Aks zm?H!_KTW@POz+cXbGq+kznFX<9f@}_j*%I?LTvK7>qkrbipCqD#Wmbu*_VqMdxV=#f ztD1otDwB)tzaSs$-(afqVbd=|xQ4Pm8wQsy8Vz%(!<(7Hn8heVg3@sRV8UtaTSo>` z?0R?+UniEujk)Hq-_H~dLM(+gQls>nU+MIIg#>)#^nKnpXWLknogtrL8$`G`Ikf$1 zxmC$3D8s@bM+3)kO4ZNX0osY-YnTEKP+CWzFL;s+5;BkMk7gfB6zE4l=ec`~opINi z{eE32z#1esu*fdbKB^rY>;?D9Tu zfAfQbM#N}A?HC@>Nkc#U*~0${O1&`uLN)nktql#F*%92HM0FdfBoe6tar~fC_8hu z8F)Xv$oujk=b3$QTGM+U#>eOFG5(G%?%{eW#6ER__h_WN@j?S#r0*0iJ5so%_l8f_ z|Hs^8D&JyOI{eM8w2|Wk#I^V2Gvs|2JNOOg8R_o$`NydkUHXw0NzCSbcl>&G_jE+Ij*0Q~$0Z@k+LH`ITqp-Fx&p4yvW*`cG{TW&y?&yUku5JVO+qC@4M^9#P_HBW{wi_2SXRVQYILyJo$;)tRRu<1|j1Vz!Fq zr7YL`-Q^1_nHNtHw+fmXaOmE;!52>jS@9-Yas5^JoZZ)9q}}-2*?oaGHdT6us7VvN z+lZJ1HpOwuF8@i$FrZ;1lVBEEo}A4_vZ9HcB!d+@m#*ZPO4!c#-<{AeJ&= z^R2X4J6w~sU*misq;%r1mqmTOdFHs~$lu<}8{iurQ5ZF@UAhU7ZZq??*9rl3YOXad zoXcmhH?Du4-!xg#htbx$XRu-Xr-g)?$tnE#XXD8pi-OKSp@JAh^vB3+!sgHRq))L;TbV2$_az?ID_}d z*-KsNid*9j9T9NZ)v@7OU2JF1USb88jhp6e;X_NeRohRU+qTcOcdlocw%S@jag@3t zXOM$&es+67zt;*L8_-;+P6uBso-+tcg+KZajAsbx+Hwm)=L!H%>CmD7L2;us&WhbS zo?TGnd0Xjxnuhe^;l#f`obs96|G5dKb)7e_%oKm^{?6;Y56BE}&7+pTX6L?gJ^Z1q zzN-BRldGVQKLs>{D;&1M^xPNRHLK11p~M9*eB3v%7Mh$< z=DZepGc}`bZ{si)G$QP{x)t~~-(})^A79AMRZ1OuI34B@%S`M>R2JUqRs@dAVH;jB0i%; z*L66hy?zeIP4_tKUfbhEZ*wF&Yd`AuS8PJ-*;>7KLw~x%TF`omtz%KzI$x7}1QD`r z>@9+2)<$s#Z_TN$?5)fo=0S(mANj8ro$8)Q`45+3huk{5&(gy-s|{F!v5KWE$)A1cNbAG&YI;hNYxvV3+tX!vpF3zQ!f5KzFqhcS zx3M_S$UHvGg>nY4z>T$P%gPl!=iBW{C-|<2KKM5M6PRuIV(sz>03hA9%hjJa3)%fUw;&IbVz*3YEDGgp^B%ccWwzczPT1Xr_Hihb{|g-76SF% z^qx;d@|}-FKjhmr!*}`~@%M{%Vsti%io+5^d;!82>PnTH zwo~Rjh<4H{?OmR=HJ`+_ji_g@fW!K&q4ov*XtZ;55IqP9wolwB7`hey)enQ|F0_@ zas>2s{s|xddnf-i9*_L{#s2%Ve+C%wcVOxNb<6+1fsInECQ&!+bKU$~#DBW|Z#}wJ ze&mqWe<{w|_YvQ59PS`B zt0{qp&+zuZ&r)E&w=artqt)@P<(Vklz?XkcrR!5Xb0FUv5vF7d1D-mX4KRETQrnmPz|9bMiZoI(+g4G$< z!?%Lx3JpQOX)sYYy*&y)9;GNjI$+$t^!qhm39nd^9>0)5Z#1CaxtnDC*GFkCopk%t zkg>ol{Lwe&lDxAfYuMB5=guR?OR~yQ$T#IYUuoR-htCLtG{U3B?fG`)9}5(tqK?w_@13R+UncTyrM#1r)*r;V>BJ->h{znp?JM%b`X7iuAJskMw`{u{cbMZ>R~Xl2WdL~ z^@s_)n#<6J%nmV>f0=Sw!_4LJfDyq8i=gLTWyybCCd@-M?(eY`}OduNjH-s_P%bVz@qzqr&0+P{GxCVCsY98dQctB?Nr;^LTD z0;E@6F|2vNsvZQ`Mdo-a%%`$Rz*kU7+$l&h!EI8swFz?To&jB|0ea$AnRhB<+HHI4 z^E=VU=Y{+0i4AC%FJq6epWWz^RbR(9%&PedCN$WU9aV>b5IT8v)7P^w`+QHLz3ia- z2dm;uMX9rXS=grsEFP|3Z|m%aaR-W0U1iy}7OkX=#F~Hl#|eVkKd_O>|8Q}blX}j) z9s_PJ+Tagap4|3=pR%Mcjh4O)#%PPn#98|5Cj~u{SC3m}jV{`@-DQE@QX9-$&jIC6 zEkWxNDs-2Rl|s!%nMG1#g&iIUz>n}N&k)M4TrSmDPo4}_B4Z#25hO*uB-(%3)A$an z4WbdQPS~ea4TFjH#{QrwA{dwMjH*iax4djEv4m=P1xA%^grw zXQcS;mAk8I@Culsa)`IYs(CTK?v9NGQ^rF1tB@^SYG3WIQl>ylHF-xAoGl5?50b?z z;Y(A@saf*i$0o$Se^5+%6zfiz3`{!Mx)Uf-pr4jZ>l_HnNGf4Jy?pIk$Zvmejn_1{ zFTo>-G)FxJ^owAX2Ow5kp)4~ve@OanNd420D3vjmQsMQ{Xj9`JRc3kKZW5}ONTtOL zk+R;Wl1Stu@}Fi|*{KEJOCn3?SCU~_o}Y%u@_Cb~Eb0(xyn8=CL{I0+Xo{@iy*ipBND*<)F&?I{5)ha_92#V63=uSayI5*- z)}89b`tX|^BmBoH`@^B~PrfK<-nq)9z-_l6m7%BwtZ0_ZO3)OS5bGWz`$j%mp(L}y zI>W#W!m;klTX}{Z>qL>oE{I3BJ|zpGYwj2=nNP8+6iSZh)EkP_X1R$;=@#bAOAX`w zn|H%Rxhu;f?DGD&IOJHioO#MzL3&L1Jp|>t+e)2F&P~!sKU~;bp+_`8s~63w$c(zj zQq^N)js!1&xX0fY9zRUS*Y;!I6dbV+lucZj%qOCjyB_aFyXQIkU7NW$j0K8k#>uIN zvDK;f)QBORHPFwSKYG34!dR3C-^d^^+Tl;EG3a}gZa1H{6#@-?Kihqu*Nzu#ucFqg zwj(|9V$SvL1{Jztw(@2e{G2kPV&+9dP1bLy{3w%|ym5m^74jou{g#+&Wm?{zjXFi7 zM0{$pL2(S`Soaz=c}>QlXV|4JIt@u)IA>`0pcxs_9eealMah?@KZqSq^M#G;0QC@R*!hn3rtd?@`b(Xu!VYX_oQ4$}J7Fu-w?%g4j8SM`% z-`{xV_YxvA{+q$?TB8YCaVh7oXQD{iCHREP?vMUn_Zm@-GC8l4yV%1y_x+dHDQZq2 zfKfA6UECv_n;!OT%y@9t9j}E%nO*UCz$RGTa`apb^CSu}e}pZ>Dhz=|$2C48&-HF1 zn$t9IW6iV#X&&+6o0@64+*_+IS86ARk)BTi48@P%V3%^s2Ex^oGS%`7<<2vJF9PH& zLLd92W`t+4qffQ-#P4Cde!1pY20h2Xuw@L-Dzn_wK-|cmgx%BJhZ4BB@B`(C;VNf_ zjGMAc#iygb#u}lp4i~uemJtU6)HbU0*g67UN{S!(uEai0Y88)E<(%^94YCghC- zx;ZELl5Sj%DZTFvW&c)Dh&=RG)q%n^F;~1g^~R$H0_l@+^s^JXOt?3snVA#RG_ieN)$yDRTS1(mpUZOR7NpRh{-Hx9bqg0sc~Guk>FBU#=)zdfK>=z@)43yJ2J&!d=a6l*1YePNyaV z%`#cnU*{py+c)a;0gQXuJVVdmna|wyUX>y5YuQz|qb`reJ#A?=e6< zT75JgF~ZM&PrI4}$J$LA#hXf>p=x~cC^%Vf4Xr9{h9MS0BxKmsSBBMT10Qj?mw(Jg z?Y-Vm6`#Im&L6D}&nCT_e{DZ1_0e)MsNA~&5Kg||J#Q|)2vkwMyBSo)R~t@L_N&4S z^UhzJ2VfoB9K{Q2pn)+|*(w%8%4U2PB*t%0PSNx~T)(vYsM+G?0L2CGaJ3#yhFp{9}-aJDk+FSu`(t4@%Y7g?hq+i_5 zTb4+VA)~6Vh8ekH&KqtB(+%UO@=+vVBbM{ot4g}hywD85sEGaaf{uTS{+8(*^gdBR zyzWr$&v#>uOS?xrr#i04dO% zo08;UvmaV?`Ni4xOkyAY4A2(4S6z4<`ZL z*-qu|4%lk8T`qUal|7`BG1Y1b^e7_ko8`n~8Hpet`MTlN>XBx6X{q@Y8Rav1g~TQ- zLe*?^X>q+hCzP9WEi;*Zb-1B7GALGz-##8EOp;megh^_*BKCe5Cq0`q`AC6zl+*|v z-P-u^VYZ>V^or!0u}p_F+n7fshFk8Dz*{(s^l)(U(8ATmGBn8yRS%O}wbCZkwhhsG zj`zg+7r*=R|C2vAdCR9oa*F(TVR<58$pY`(mQhTLE}O5TELK3JX)RX0)bn|&`l;-v z;mHjqcL=4=`ONa>3n36~ZLot4IY|$e2=_5(bpt`^r0aQte7rK4srnDeo}oVfJYjFX z;gy&8p`^^4#|-X1(?#qM&^6$R^aH+~kVWy}0WGhxxtLu6c>$;4_9FlJ~aPNJQoBWx~_iac{kuT?t=z@xk zi7SIlv;6(EL-vPa0ZxlZ#>ZQUkILhQCkkU5ukJs6=6JKGgOK|g%6sI}TNBy&Xc*!r zN2f!bdjsmyvP0smQ;x&)f>(Jz7KV<=ugd|e#(MRr+X|k?cg~4bZnwPz*1xPWvBKJd zE-V8XRT^-I2ZtMmIDycLEBR|4%pXf+7c$MkN~H!b!x0M>6yut6LLEvCi$q(Y#11*0jk$E$QtO3307N z-mQcmKZ;1^5I^S1HDoZ<{Tf_HTHqJ*&N-X_f9~}!T32U|U8lUj{l=lXPi6%AvAbZq zRcYf}nq-shHbphoGI8(+lEK!ib_NE1YCFsGckOHHxx%lQfz+4vUs5XxN%_ib0oWsXyCP^j{mpv2Q#$sf)u-DTRhcK;Uztwu|d zB7X)bjXWiWbI0O*sd!g;T)DTt1t%66*Lqnc%vjxirh+v%wqhKmnGraK6=)uTBKQTj zPo72NbnQq4H&VkhM^l|Z6^wHr+b*)v(dP{#;*SCP$=A*PTI;unJ%bv?=^n!x;U2O9 z-V`hreMbL^urwoH-{*L*TBs6zp}PoPC{8$Lt3Xdtgu#)v}|-$$pW8s?`m|RW^tLamg=m+Pevtu zDL4*S$AOQev1Tr0Fc8orfvG=Gu&o@m;M=@U7-pwKLBlOfekoIH(y3&@qLi4nm$!6mr6y9W;zAV@-x;4Z=4DclMR?(SYVR8cjRulw!k z{{A!9)dw^Cpbj~B*w5Z;KkK*ddlM4R(>tg?Iy;o0|9W?j+0Su!YM+ zA|bb*oH?S8CRSpU;yS{|18z^EespT^4~Z`TpR8Q0nU6l5BW%6T*BD;%2Nn^z+lXx^}P z|9?+yy;LnfcuY-l8e+R6w>ebg3H)Y`R!zScreGtlpVUQ>H>?z;k%t%d<3946M=650 zx5#J%3m@jkO}BXtS7HA@4V8s~!q+>@!3C@kAYtZD?>dNG#@SGZ*2M766Fi?^%e;61 z+KRw^NodHVSz{Jccju9x(_EbR%z!i?Ttt1lTPyb#chm$mYXMGKf92lSQHXQiDob)0 z%6-If&{+$_e&3q7!AF^_VVMf7jW%KQX1wSTYFbs$4nj9}{!4WoDT7m8nWE9X0%UAT zXthpz3Z(=y*uhoEJdr=ymvtYf1}8**&jJC?I$4_Az;Xp|G3-_H=reRuR?gQJ1@9Ul zP1RV*6-9s&3r8t=mw9BLM%2fIQm!wlCPh~QfG$k-UZK?MEqd2Fz}g(;-aYQ9$j`Hs z!Tr5kEy{&($v!E1SEI9KJF`~xU1A0cAxl}%OMVO>hWt%Q_zeZA#^W=Ks^BO;J(0>u zRc$xJjPwX=ndz>kr<(tmYq*yBTBMM-qrasLmr}_UE{#sIa06GBrB3LaACnSS!q*F` zG<^Di#Vo*!A$4^dfz_1m>)~bxm`^SB?K7OeR#m6j+(3=bsma9CoZi0=X5erEFNVIcBiM* zuXn2VD4=xP$+)|2p!qFR%bjF_Oz7pBx%)qrS)@W|TWIq*=E1Uv<+w0n9}wwJN#H8h zi3gSKzQc~b@r5x8i)e_L^qety&R?o($`{+@L!jIh4k2fU)TIZ;&|*XLOSG&uAkf`z z*>q#}COr!I@A$Af`4@*`3GKxAuSjyg1wXD79_^+lIfVZh7lJyjNzbnFygREqoCT4 zyvUMOLC_+(#@W7B9qj3dm$6LWf2`^c*^e(m;7o(4Tg%GOLZ1a zgJ=mqhV4#Ou*n=5Qe6&AD>>sTz!Pxq}|>`xa{bMB7Y3(;%4 zKcli-V!!j2;HA$okVpZo={(drlu*G*6-MJGJ?0(Gi~Hnihw25HMvUGRE+5sz^^hq? z6S*fbQa?G{uCRIobIcdiK`GBwGN<~(Gmg@ru+N`VSR;<26MrU7b(yyAeKRLvT>PGD zfB}B@Zt{kzjwaZdM!)!HA6J&Uf>af9_W0*-QzTn0l1P1#3ZL|VOSjJWqn>tKdu~0X zTSCkZ7OVuQCxJ{bj-v%VR`Rv&gv-R`R!7E+hwov6YaK0Ksj#jK<{F zWXl&N_TlNMi@X%o;dG-5;TGHXQ4#(=-oAuF-a*wed&r`*AF&7=W)g*fWS}ELXp+ zraDVeV8b3QZ<%b!a?RvI{NxUutdI6$-6DqL@2&h?I-7Z+2Pxp@JWdqp+DE5eR5(qzjlobi0H<= z?x4`k3mXU|NoGYa1Oe6e>S)G|@dyYQ1uSKuVGJ!EtW$@-r5@jlHfTZsb{}LoOy~Cc z*j`;R#5UeV&7EGzN;je}lRE0gQBHJ2lzywPatRs@4~fq0F|C(N*m<$DJaiPFsCOUC zS)R`mmp}BS#+!;^SH#wtw$*o7P;z^5RaAT^n0dXoZcYHEJ`S+`*BNCKa?>-$l(NkZ zJ6pt_DL%&i*Mbk*>tn^Ov#5LT$$t|mHnP&Q=9%b*e9`ORGx7dpvtJP6Q!h&=igR_& zBURsx^|<{nw%rXgB~Ndi-jr_*kqmw&Q?@fk^<01sg8T1!wT1qPB=mtZTSJ|QNF&F< zMKRur*gLP7E(rvBSd66dr49ysoTRDbnX_*Ad-h0tZ|=>Zj74X1Bc@tH0{mDYJz+X& zz}Ed!w}1iqnIj#`dQ;xl@xGC1)uA8|9Et#(Zo(Th+OD-vD~mX1&h|b|gnblLnoc{z z6S~uN$Fo1fu3j>EFh>@?YjEv0ruH?)Nl*+n_IQl%bkH69r*$Ls`SUc^nF3vdkNorN zBOD59(FFBFK@(4+1>h}(OX z15ts8nWQ_I+w@i40+!@a{OIM2=dB8i{fdy!npD#+ga_|F=)Jz@(f0oQ-8d4JF;G3y zWq};!4SgfQ`jR(Kr_l?UMMZMd^H@m*g0s>HP$Zt^nxI4nwyO@GQgceLbNd*lH@vgW zp~r3*%d4-b-aWdL{tMX~b8NK!SBJ>N=+m?_RnqUKpLJI)DlOhsYg!1H`&WpuWYi&tdOUVR3y5uZbMjTLR9NlNxcIZI@t6o ztqwHUOM_gdPcE-*mFd`2OY+>5sXj5&B{mL|LFs!Wz>ZvV!{Mn3!lR$28y`QDQ-mgy zP*^OKcZm8*gkKTU6y7IE1M&&rRLDreJ0{K)B>6+CGzzjHn5QujI97eXVMBFJbyMe) zbIapGcoK@~3u-FNBm4vR?quNzKSaL0H^CN%^@$JXp478=oxald!PM(9C!Sdd1_u zveX6Zet$In!p*o*AW_0(I#Op4)~K?>_kx+c;{60)xG^N+jXwbPydlly zvKZ1Z`>Erm{WeWJxa+cg005y+;e<8fNKhZcz~Bvaqi2p{Re0)LTQp&*9;TQ%xl9bw zRl%xiKmTl}^iS)!5E~vJdtx+&lBBg9V*V6kk-K=^4ClIYqFD9Cak0nTb0-+j&ZTXU zrXqSB_FY$z{I;z|Ew~{?+(iL?_tGJ&TWAX>H{V+QPwJ8n(O2*ONQe?)Ou~tJYwPQn z@En5wgSWar5mw6Kr$_4n4}Ng4eyM7I`GE9pUie3$qR}s)h&W$+cyZz;?0HF49Os<3#v&Z(mj3lqwSEycbXk`jl1 z|A(htw-l~!oGx_St?Br4o!4Hl?+A6RPe02bls$}8e1;%1tJknWWC5;@(ug}6q8ieO z8ULNInpo}V&exE~3#NAO)-MRP{!WFwsCIDdJGNcc+=n1Kt6=x|zhtap{~`WzK*{w@H-}%60H^PzBW_x-#YAI>BVNhZSupz(0iQ)C;!|6eDQZLyLLF;yk&>hs zIij4)aP7;0oPR8^eM-NJhCOqXS_d0zyGbPJVTb|~9NWo+sNCW00%Lr&nWtodyDIuM zHE0aDV*)AV-NOR9yWd$UTQx9lhhAL@@5igX84b)5A;M|T2qpuq$T}H8dBwSWbZf zj;;4d2W9Kl+*j|fHq-Lu${NucJLU%?^nFdt_DUYV7YA1=ei4}gaQbqw3#X1N$o+1^ zxuctAI>TEb7C4sx(Fro$*{av%{Wyzd(bcYdZx=|zQ$M0L&Moh2McSW8mGU%T45xN7yUxCYayT~GjOC&d`VJ#O5;pR%U-g;wf3uSpdkq^E1 z-Jid}AYEgxpG&7$C*Kx|sehHyW~c$!;&*M6yYf383wPD~VGzpFx=%^X_A zp4$bVR|_U^KYGjcgs|IAT=Z($+kXzXs-!yk7PC?4hzd-TC92!7nyB zwXD17iRvV5zT!1fe}@M05@~gRHFZI@JLHBI2X&#&`rHmnTld&E*FU@U*Kki+*WV;u z1F-|sKdlI}xhh~!3~ai?**Ecq((ghS!ZvV8PQ?yGQ0#37hgxAI1GawQ0Zd5DKDF9$ zau@_QBFbK_wG^6_UpriWXv|1|*%q;d>)W8OE(8d9D)!tT0bKC!EV`EYAhXU#o^$0W zdt`$ZBh2YorN0s{MC;PLAI641lqW(}_9d4p*mf%$3z%yn>z&>A2~?|>?{h!=XZ)oMf+!i(c7 z1}3I^QsjFXJ$o!QNV|&Ix89k%WzNPvdEcHD?Rxt zPU)?Dsg!0ci3uT;u~xfYCgw0HcYwf*e`*yzXEF?(M@lmW?ZB*|t7PaGuimg9$AgvQ zJ*!|^8wBGj%kf#~N}oiJ)Y&=|M?z1q6CvVPL=E^_(^wPsQ{)pfd#T5#T+?D?dt(PW zSblstf%JUcQ8g<1TFW54wBQPW6YitR!-@iwMnIKF>#S3{32V6VmWeAUEVFqD>20pm z4}O0*a`YC<%nx-oL$b%#rp-WEiYC>=8XrjZtrET^u=SG{_s0q%#O0;k{y)T$BdbtU-X)l;j+TH4^pt>bvI!2|BM@gfT&aCc0!Opg5Mh!PmpoLw&TkZ@}BB;%qQ z?(Do}Y6wtR{HWO3qk+7e-Sxs8Zcj7cw1Pt)$=-gW^tM=- z^!P*~3`GN7j7kOht9?gkQ$n(IgYwxaG^y3cJ|-)G@)q65m0}Im*k+_>mQty!5b8i= zrFtx-o>vqf&^V||r0ly>nSRKY=UO-o$#ryzU}y4T@x?PJ)OcFD|GFfp(=-=KrK3L& z#NS}_jWC0Tc=83_Vt7eZK2r%aErkcU2TNQsl%$n>Cg0S>wtbKIGV@}p*S!X7ZzgFo zEhnPEKr^wJHMCNYtK&@Lq1jC?Hv)_U+XTR!DwMpXk-Wd$LB7fw@{$n>Je9!E;|T}F+knOY#< zl4nnFyp?)8ws&st^9&W?m=ty(jCQ&a2F)Jj_s&> zQ5Q(h^c6&Z^mnhT#D9XO*&9%%)2>y;Np*;4enY6`5Ovvw`E6nPg^K(wAdEO)x7=?* zkjh#~F8LiExHcZqD{vit`%r;V=4aa@yhYYbjt=^&hmaRAf?ES0i-@x)#fQd6Ok^~^ zl>|$7rF^?~6y-F;LEP;;?S9l*5qASFbVX)3w|zV$#$Ix2-YOA)F2kvT3rLYpFZ>=Z z?x6;0RR07|r%P_PP5mdD(oyKH$U$^c&Q15yG4UI_busgo%{xuE%NFAs!kCW+~ zUOFJnTGC(6_tgGDj8KUiZanedGOUt(`l5Zf;UG0P6H^+R^55~URBxmam}O-)|1zYS z@UBwHw|v#n{l>8G2LNnFJ2FPfq;G(cG2*YIHKk6@f`{F?6kL~T83c3{166-7Quh3d zy6lshQ8fEn#F?iKwVbeQy9?fR9q}2B@La&5*C^Xd6YE3)7GL+Dx4GHhzJUjdSZP$>z(XByM=;3j&LrXzauviL)i*Pb~2M?@Ax| z)K=gvQfgFIiKUv7w&IRFXa8GYj#!=dz=KxqKk=PS^NEv+K4**92ZH96&rYWh$1qxM zBaB(xNH|d0y{9!gi@Erk*zD!aZmrLFG~i#Eq3`b_lai||D;&2z)VfRP3K}&2gyoX3 zM{4c3SI;gD!L*J!w} zsNd1~nGxzwP|B|PCo`E0RUDWTL=p-Yd)pG657!cBy z_3UmKr#7w*(I2WlVz0RSy%^AcBSLDZP?*X>J5c zay#wpf=36|ow6hPL)e}GR6^Y*;P!!849y5{ltJD#&z++Im|!4i~T|wlb0NzSfoq~opYJ^7Ta?b`3t=)IfC1m!Ccc+M0 zUf{@MGo_OwWu1~M0T{YW-Oq;M(PMlO3C=~#)@^)b9Ldczidi-yoVpBAhcVu@AH&;4 z9_U*?Nli1?YN<6WA-a}B@vP<#_MZH2>3Hj3Bv}GotrzTVVQi@x* zx(o3a;P-M%IZH0k9*!86B6vj?+uQgex`6XzHVg6-YR~yr2M0*tcxu2Rp)wBVXE%Vh z$HaT76s}8#>DQap6Kn%TqsX={`%A|G?FpR@YEpaE;S(p(Ki^rZePA*HlS?zeBE%2r zZw}uSl2bJIbu1(8(JBvlNv$4@(nIS+9Xb>L)^u(RDmhFZ(yxl)fvC?l+I%>%Ia;{}?>J3!B*do7ZJr#wvKUy})cb z_*qZ4YMGi2QG&iPgdbjZ7+@E<(gD$jQZ!ly32FTmd{%cZySx5isfMSQt!Bii8zS1; z*hFJrBK>axwvuZ90BqywV>o)Oj$#t}-)x5?hT|K$>?zUlaP>Xpa|?Xk{z_ORl4uh_ zb*#%T#CZ*|oWWp9Y*lONB{QsFVrEog9Z%dNLdX6AfhYLz+N{V-3vi3t!!F8O`BU>f zbMOWQk6WC@d}8y+4vCpI_0pp{fLF9*b29H}qMk28tmv=@<01Kxa9WPcp0)8xFDW^^LPjw1;`%+^X|CmN zCOnsm6kKQTBLXl#Q0y;SMKlf~3{-TRoql!vPlWB}Z5Yt`&|Yjm!loM44~;P9zHZ0D zfSCuuMDAmHCc8*@EhlsQ1I}P)++I60-9xo8kNqa#-B)(%4OjL2x*xJfX6x4B?k=ds zDy*o%YGXk|&7mv!hC_nE5|tyo68p?%D;u~}X^a1RgssMAiC4KyDX9){@aTJiOCedC zk~fyk!5d8vc{H1Yh`K#T@yNsF+M#%^lx(YP1%dhc9nMQDV%cGbMK_x@`zSg~-AM}n zh2I~5Cec|7JDe87dC_WJcl?4hr{2CAo{*W2RfUUq zwby-W0z^fI`^5v73^6}_N+b%j4SOt*7Y@tfPfe-yXu*Z|pR>MicFAkl>x!Y72~AAt zUA_ltps<=Cb}`skZ>P?qQ&d@&3XDb*w>dd^{fvwl+Fl!s$T$E8b;4DbA`*~j$x zA}9*pJwQ4Kz=FzLqW*rJ>+0#p%)rFriUtNq0~`+eXB|MIVgj~XUY-8SaIXr5)N=pCk) zWUi2jv#~lqcDnF(iJ~kn{+;_Xb~`%0fCpC$@l|rf*q;fVH@icpO%@WHk_0kDT6B&jVtb(>o8pIq027q-M? zx#mYrxA?+i)dFu!v{8n*M+L;H$xd3nz8!p+b~B^ai9yzpRD0nCzF2gBTy!_`DBKzC zhs8Hl>UC)gn6ivMY>*NPK(fUk59^5p0+AkY*V8-Hm4pw&1RWqgMU{iK6;m?jL)i+`MYcny!OK zAx`zE@E{v$vsSGYnu^AV@-XB+Stb;Pd*MVfQ6r5XHwBel+2FELR4g3 zz7#2b7Rcdc-C4Qy%ECyKhRS4cpirvgw%_Z?Q&6>dZ!ou5b#(`vE=7Z^PePEvUB9Y&jGmK!WO-SvoY5&c&E2gQf4q8PZegJ zr;HJ?qn1r`_+RODFo@cQ0rAe@BY4JJOB~2Mu?rzXntgOf+*JU^`nH(|QOXz%GI58G# z+ylIH7Vs4dlt;crgZJQlDpXy&CaMk|Zol#bP7Y6bJn^cqfJeD8rJN{QR-mWy=X35jsa~XrrvDYDVAN{d%AaKO}X}G;&C=URaiTY?Jr>HFeg| z*T70SsE0ZHi#QPVuEAcl6h%srA}7t zxLAiR#v=*)ekbPa?U&1g<3`4WYB4AXAg%aC$m5B=2_RFF&p!p zYX=2CC@u2Jq@ItX7y^rPVs4Hy&i`*FucS^#BzOh+g*bF_7?YaMe~iDz6tbr4O6@QR zE1B&gpDaBe97K^dvtV%0UEy*jnKhwy*ZXpY?{)Fu?>0o)R|C4Q-mVdTI7_ZSm@pe! z5x(p(5$nc&|32K*|GYTEx%Wdd8VqtEUh4&%&wYbNB>^MmgHpqES#OUn;VmFUr^-r= z)Whw8SSjVl=G80SRgs5s4HI~Exx4IoccXX235Nz=gj{L>n@t4Xc;QRQe=X-(6iaWi zXH^g(BPkvtcibR_`@LD!g+vL@og$bF`_t$6ct#pZT^n*axE8bBKdE zqnZ3~*I9zwgdERNH8B%w4g;j>75N_SI#*PP`dsx;Ld)GLhnV+#RA(B1{yXJ>#y}GT z2;w2}5mGCpcoRpcBsTM<*{L~|wZMCOErlV(`8#W_NM0r$; zTAfiPtB&mHiv*EPN*Rx;P*ux8ePIE0iP!mvl?5^CCo$Zc{7eAW&=D_WLV~+k%WsNH8^ll1CKTn!vS|7QK?j661p&;m3#Z%J@!utuIKpIewKmEk-82caw z46SX$Jf_zYFr=pEx`^aCG_mkoA!uUPv83}?p>dR(<60*B)SEx$n$dS~r-1mtu*O3~?&tLaUuvg9tf4=#$1C9;7 zpKK0b0VxNsaIeU`PyH;XRM93XIUg745Zcs;lrB56bxFe#srWv{-)MTBEie|XtR_yD z6HHscS(ghdqqPV>RcG_f^T^hXtdDeg^UgcSB2FPoH{S4(7k>HZd?WVKz<1YIi-UJIt#1(J5%5+M%n*t^Ualf_e2PY4J=0LZBY{Ay1RQwOJ6?jgv#Q;G z#D|Z^z+2kzcni-lIxKnv(PGBG603+iNo{BpK~S;Wm0|a!V1!h5mXA`Fu)S)yt&tAE zQf4QqAj{mY^7?htLF9?4o&ATs_n>qxlhlY)L2aJl8{BGU`5IQ^zUNTR0H#$hm18t* zp-0(M@gUrcbPoAIp>L$0DHSdNlE-Zj2=COzawGZ1!yv!wGvkb&6LhRLv<9oTJk@IXNVlq6wq_tkjV-#OGg zvUC3^L{3|E@Y-K0Ef7Cw!NI;o{EESId1G@2MFCVos7cc`O}u@5mX`DAaQf?kwWIlt zW|j69%d^fJwd+3C9uCccLu4iSB5Oo4E_DmNFkCm0kgNehsFRW^qj~ zFV#tID?j?a0n^yZVoSp&Vpxe)HYMiBeXrN_PnS*xKd!sL@nT?MGLau(0V*wyrhb|B4p9C#FJJBQZ8cRD?~!~pA6#_?X9^E% zN&FUNRv16|rxg#cvvH)VD)y~^Z*>`fY+={L0l4I1r`rR=eH=B=&Yo6}1J}bTnt)Y^ zo36)`lH6vP)H|%=tH$9V0rK-c=MHEal9sn{7xcE;VsCUqq9lWq==G#S>m(4^2Y*F; z&&psyEVcMcu?pU8N>)JLuN_kO#uxT`00ZE@*+Al>$) zdYq^ffTk)tl5Gs#2Z0z?|5&KW*xdJk?kasZLq7^!&O2}62kx?XZE1FZW5J*>KS0l& ztf?cBDt@c4DS=|2Ryk;fzf?8=zOaXhhJa)ftsX7=bV_@wWnVug0l(aTrO3!1Qp#E#?4!* z{u@1mIm!dd)Gl&=#!70Qx$SNwa-8J0f}fG&>n(Ck?&So^`7P$m-Gl&4E8p&+5HY^} zgq~DhK&bPGcK{hQuh5$j)pT8N6HDQ>XR-Ql@FGm z&iStPAuEKZ_67ZkZrjtfHDue_?!!p5C+m1?`OUL2JPe82Wgz@rpB6;`0PAh>A%wI z2=0kvj}49!O$)ba>WJ~fr=4vJem4E~>zW0sCW30S0prcC7NWVs_Q3Op>c&C2yAs~f zUGz!Ysz5hQ8B?I-J2~ zy*%$qx>Q(8Eo>yct8B~)Ru9FI!YkBWd|?uc3kO~dStVnfAyWr<2X0g#i0Os7n-Jd6 z75$%dp6EQ{SF5qSi#b-~t=Ad`$NP;NV22iL%89UZa2uRW1iANzvAa8*R59Dh9!PToZAb=M&i6N3_V|&ZqeU)+^ouDB4tNzx- zd|c903HnlG_9Mt{gczJ+1PE=Nlx7z ztu)Gax_p*wK@|V70K}MG*qVO*&)L{D;-$ZRn+OdX9|(Sth+AU}+T5U!`B=aXrX_mx zC?0Ck8yRcekYhVJGJ4W}4mcc$hdhr{qIU&PW;m7=Zx3PjgYbH93vz=T2`-nsPsQHe zqF)|?S88lFJ(U#j+xPIPde=&td;Z`E8)YuGqsn-6VOzDqvHJk(`kbZkCw#|`CYx*J zOL$Sje<}C`wjj|h{*4~&pf0itDxp|>7x96%oZh?Kv!ItNIp#Z}jakoLMAU#Mf*`JF zFIb1rLs4`Re1Aqr!QuHcpCo<>;-j0C#_Iz=n*+NI1ws*Bst0?2LA|s#{g_lBx2r3^iN&!e^ zF=pLI{OX|j5)Hs`|E-qkT{%3hmSUp-ByYPA6Aw9a1Rq1L4}b=0p-;JIo-Z68YLuXJ zNc(d`MQ(&?u%-s%9G9Vh^@|93X1dR9xc3W6ZX5L*=wP3|&`nOU{|KJAD7CF-UYb?E!T<8(Az+s_!Kr{9;&7G=BT=oe*6B6-Vh&x*g?IR94hzZbq zu2WD}9;mYd4D!nb;0Hg=Wd3@d`1P*9b?AlZLzcTMScO99RCG-8l$|&$ zt+r*y|NJMg>|$z*gs!crFWdV*Vdr7v10w@fvsdj?!E-QZ8@3~G6&;*bhu^-w7}a%u z)_kNNG4$oZ$fW_35@7bb-eeo_%==00qHl{Y!8GY z_*xxe`6Sh`-GVw&9~1^Dx=s`^+UE%aYh30;(;jEFGb!vP1~pl~!#=H+tpy`_cQ@TD2JF2W~j}~=*s!jGU>xnrdDYyl*;RKlAD1v zVfJ$of(P*V%lYJKU%loHpF)`XI>-P2RK zm~0cye8GEq9ULMtcMrBm-pde>g7Uq#pi)cqnWt<~CzWE@&k;dX?7y2^Pl{%Q)et0< z#LH~l$6l8IjHu!L9TxrWJaH({v?A>Xe6Bc4TWBx{5O~%%*Jguc9rN6H#LfOAxbu@^ zxu;TlJ*Pc|Tz|@2+W&dw1J4|=TT(HPVVM1LM);ScQ_ZTwL4AM~uz}Zw|5>9vi71(> zcow$9(n)E+Js`OXVx*D^#>d4~_Ynk*Zflhu?J3J{2)MI3|Cpd^k~Y z^xZS?b=>iP$k9iE+U!~KzJU-liDkuAhV5_NHZRbLD=J-Ajrd-o)*3p@RZfrCbx9xy1MCwhkqC_u{QxwOC zA9TL1^w&0n{?<%`M4@$nqc$2;F9=z)I}|B0Q~}}XO-8dZ>00%dqw4Hb0b8m}Ml6%! zq)9dq0hsA+jw@n;%C3% zp54pJ+QmxO!Az%bvMK5aoauM_@y$+85j13TF1NwGQghqc)EH$<VEdrwkr zz??|`{oU*N9-lWy)|)L(oFYyG&FAGk!X)8uv&a<0-w=T;K78Io5!hAfDGL-H*a&A#?N71XNI3Kk$zmtKfCk_+W?8HCTkQ{#+S#A*ESIjx`IGaZoq9R5kPVNVuy5Cw zy5F7#fO(^si&5Ww*%Xx)Trv?rzkD5kKhdY9Q<9{$63jSX3rk=-^(-5OaoKp2H7u0b z{qCyOM{Z^zuazb$Dk{*ezOi6M_yP9eQ5vSvw&Os+@|2zu1xM4AcefYI=3F# zv7HfSnkIxKP>;l$jaY4m($uva(}fK|CWZde#1MZJKVZgAeC3rzl;pv`y%q-;XuvfW zc7#$Yjm*^UW>s-kuE;ClgCAu9XY}G}`NV5R6Rsu1*(ulCfWahzqgxHcfe-{^?5{Zg zb4hXk?DdBD!*^uc6I0I}AOdQA>tD@B0m6TJiQ;X3ad7@KjM^EYYKAVT6fEpYcTU1h z@lb*0pD?;%;C5LpEaQVFi-h_Xz?Kf^|M({wFo$2bM!Wz7mlN8$F?ufLl6SsrHW2Tg zza0uKv%tNe?hIJbg(!_#=q%+xUXErhg5wWY2@|#?>9QM1sH&k$`vk`n<}CaPeU#0= zKZ-q>KVT334o2}1zbQbp@rJWlY8{7apCl=RNDg4{wtpd-=U&5O8R&+QvW$0~*JRq& zdZC$uGiC~1DA#*uI7D76S{(feh$%Wz;c_PUq6VNM3QG4J)OwBPZkL0nL3z4CB9HZa8HyN(XUI_g_rm!lJJ>tL%4ss5->wrX#1?r({< z_;WwzFwDo<&w3&FXLpJ3!@pfOji%kA@Rc?)g5$QI$zx0UZgMwlK-zz7Sc$+TK6mPa z?Oc5qnY7T2==4D4e19C?FU@x-7JqbZR=~9+`w+NQk(9_ z=wQ~%9@}@exlcA}tL&%PQV?w9GG=M6fNzJhr~Ob_9|fCC6o-CTUmoRb7hYu}pQ9)p zbP>XY_wr?TiN&o={sy#iu}H)>SIBGi**oN7ExZbVvn3$r@ipH2O@CtS4om<38Arisep5`eB^Q;A5#5VmvPUxhjD4Y?(w|OpD-2@NYMLEr9}87DGSTR z#JAVI>3)Q9mOr&h2Ucy*y50MeAg_CFRcE)ny9*L|9Q`aJ&_dXr&GJQA4AQR8h;8z z{zgi9LM{@tLYc-UG|Ckv-hIa{8TtKr1*a$iRKTd(0zmPiklRg}cj=;9KtUzDn0*Xe zd>YC!hm4S{%%cUHe4C|@b|y3~Kb3OWGbd}(!Fox@U@>OOi>bW$xbI*)Ag_dhcT*Wa zMG`A1@KuLppoIz%`76(sVQJHChO0)PzeGC%3DabA7`(j5_C!fV@%sDzc`9ipccCou zym-(<-XFsP{Swkxb6GQpoL^(T1g2uqiaF3hA*tedH_0zWIEulWffjBnfHFj{Ie2(W zofAVrDjnwjIq=3F9fC+Zhr%||CXA4-!sH@$Sa%}3oo6y!`QXyG4rosjn*aN_S97-| zpjvsLI$hz*Z@A<)C!OK)8*^%Dk&$CfmwNSQgCr*sa%&ECsUF(Fcaa)@igqSSLY3Gcf#Vu=uyGx(nB zg;I-QRFr2$eYe+0_4E;;E~&Zw<6qPNJsyID^8I@Dqloj`S39TB!#ajVqV7`Faa3>j)xc3Z$cKX2!;NrFcF4gpmCQhL(-zx|hjTv#-ydWho}0*>3ID|E9P*Ng1ZEF37+8Y9^4%gg1dXL;7)+x?(XhBxVyUzJ`DOzo_%-s z-Tk)z>6u^8RLxXZ^}XlZTjz$my~UpK2`CyoGA_B^?0dVw`F2{9k|1j|PN@UO{!CQ~ zHD9!z&UGLO@kY_|YXdg76 zx@FsAIdHi=(Prz>sJk+Q=e>UII-GiTWxqzh&+uQEyf>b8`s3bMi?H(XRQd5V4oc*z z!o(|uWaFLLcT5tzCuf~VL&E1n#hilykCdkw!L7;y_f>}BX&X0M@lr}J#j?epx)xbWx)K<(> z+y`4)u>a3F9MbILvEu6Y7yBWonH&?{3{fV8w%EHROnqKNerC|9$1~ZQMT;4xOHBt- zDd3r}DL135tV7MS--ib7pIVlDE3W%+1&8uztA#!S-fFQuyYzRKFCdPik^TW4@}-c$ z2Gp3UfU1?>hpn2g!S43Oi@v;+3+wzyX{Zg4uxnWXHZNJM_PyAV?aOvuoIXFz%$_l; zp8L4AHalW4_HyEVv;KrNVPWAg45gTt|t25KYLijZ|ais zqftg852N)onK7gi>?ghYEan|&SUIDFKLkHEpx8#qL1!NM5jU)=_AoM(hmNf``UGu_IJ-`n$lCn2qesW2Hwyq&j6T* zfj@5LZM)!>?G?$yOU#=dGx=Zvy6*SNL4U5&lFIT1zq;yaT?BnBH+5L5- z{IHR;cqIv5U8)A_bEA?D(S}$Wd);X>`WE5?eLRV80PFoMJ#=bCAgJ0l~IRpcDsD*k!ojK8=yY61cz?xH1&~9>92jM1Kqe-bh zm$#~QNS6`lr#nCUkJwt2O49o``|)T*t<6sZg&k4N2kpi6KriCcB$nQjByIO+DZd`C zC*b9>;$}NFK@$-~0npB7zzXOSKvRNa_~OIGSvk_XL!1};GSzgIN!UoN_-Ew~pYxXB z%)1HMF1eFt0Z5RZAlTQrxR|r$Hn}}kmD#;??$^_~ME_vA%C;8SK^}$_4?YD4xZ7d==ipI zkz2ISs<=K~-Rqioai$L~`@P`URg4eKbO`mVUGdcb%)B^FR-e6CK`yikoZ;uURe|on zyX3302w*NfIbH+_QS|9*v;{>|o!MlmA8hOWiq(AAzdIR!7eH15EsGBl=&PAd_RA~N zNt0Z}HUY%xn=6a*zPyHA1(}OU8MhMz34kZIFNB^^I-zAw8dKd5iAA6{a5jm8MuPoB zk7w9TS4kK*f5s<=*Nj|I|BB2CIjq>%610frwPziwIh{8#B?8~bdJyYW5e8c*miM3f z)$EKswd=&9nFxEs$u?n zr8Zmtr8S^*4A;XmzFO*R#<6y(_`juQ1o^`o_SGp0gl|@?BOM`Kx^91mFBP_cdokd~;q3PPIqy^7t9*}n$mhtMjKMqdxovs>me@m$6RxyY)!xaptK6Trf z1DS=n7>0)lj_6v zC?incr^f9DShI)5H*mEkDCFVSaVZLS+Z29o0Tyt)Ht6ky0)1PrGkJwtb$WNv4D?-_ zeum;4Sv?l=3)#^x%Feh8c;Y_Y62bVN90vqmu|KBsUbW=EeuYdLylFT1*R)4G{jZr( zvrtyV?u;5=FPG}x3wh&fY4V|UZVzM}UAQ}cBpzBYe8rZFHv4N&*9r?=3k#J(47KBH zo>}B_K;mA8KLm_Fh932%^EgSqFig2D!nV@}{?Cbf6wl{=nf!WtcfZV!v^+tlt3jHz?Y*4VsfN0)ntnxb zZ|wOwbkVB(RVhO#x(-tMee_0s8#AqopikTj0P1g!)G+S&G0PU_}#RK1%N_!A_u z;eUyztEdG>(VG7sZT}m%6F`CfOF$IML9Wb2q}%o8j3!@Qr>QSBtcKC>FsVd5u*sx6 zZ;7S2>&Al6((MMWQkmRMZ#2|8{LqW`QkG6_`)!0;;S-7`dh4f?bJW3^)yU$`GHhF! z|MR|irW)Ycvml&o{;O|iSmXa~s_)o4n6_RCEtCJ}H~;HhJL~^$^gl1reSlko5NQ9` z0o(Hr8}RQV{IA!!WdGk_{O7n}!~8QS|JnS%p9B5_2mc>kDWm^0WB!kxC=dgnK>ykH z|2m8O_n-0%8KkK%_4{8Wkv{T&HJi(@X{O5tDgu!`snZ5RZd>uUA=$W@A~Y4w);X9H z=BIeUqgh%~*E>Gtp|fE;kE%&b61IQ((_}Z${L3&(DJE=eDBIxM^3Ta%rYxq%pavhDWl(E_~oO&AhVZ{o6Q_M~3SDs4@rzeGy zJ9ei%Aj?Qgy(aOpm%i{Vd^qhh;TJhG!M3=aj zz}tP!=82LHz5+P+N1wGJDf%<08yiwV+ZM5}r}9YFNOSvb;qPVY_V4C#!c`ctYnb+* z@#jT^?=waFN1nviZ7Z3Mcen`x#%%N%epd?i#F$Z&zEHvb0SvJDFfJhkcw()-_sAN` zv5!eb5Aq4qqmdx@Yf42IuJ9`c*X{R-Qb|aVTbODB1aip;PL+6BN-E^hWRbt=&)o6K za=Sz#l^tS^3@MST{BrTuFC;R{^t4t(rU`Bpj628H!cl zbSu3+^>m^7<-gWvrT1b~e|mhfQRn$6Qmb7_eRg)>PacSdP`SPE7c)_Ct!yebK6rYoDvW>J+k-3&)ts?!6!-z9B9(gsO0KDBPoCrGL zrx0)`NnAiYFB9_3-Z4&h`nyCHS&^|I@1>VO0fp7LH>?aTNy6O1<`BiGO0gXJ;b(n~ zd`W6@J1L}{!nP2m6inEmRC%gsX^CTH7w#DQ#IJ663pC8<&q%yV0X}0B#7~{UnndbVjVqI=aguC*iD5t|EmW z+r@YJcOoiikw%L}jszsZ)OoeV07I@}Wu{;e_)nC|5qL(gN3s~@TT2XxNK2%#0VLKu zrqMX2J*2i*Zc72Z`?180%xxzMv5Gxd*eHw#9TrhCtA965SA2)nGR`B zK4STJL+m@G@llLNTfwH0CfZy?*3YiPlt(RJTS=(TczK zBq)}6BmaHXqjW1yT-tyiJ91*vOJ^RlpcvT$@gsNib*vo$u1Om*_kH$J(+w67ma13!n|w1R_R@(e>ixlvv?oLX=);Mh9B)zPV^ zqwXopm{Ik^D>IR-u)?E$t;sM2;J6(vJuqUTON$rL#f!V(nMIfUncd`NhOu+jMTaUu z8m+~yLvI7z5@Q@Wkx-g8N2RUWkVsoJ6z&Wh_~7J=V)rBTr6^9mpi_6b&M>MV!v^J# zRuVcm*VwPdt20ki=3FY2_Zg-mA5Xt-{*4YtrGMMysUfK;K1B#rU8PfyfjS^Dqi zBlcftuUj5F#IiIX@miF4kJ;bN>t6VG_=DD6PB}wE1G&$b9xR-*DG$qmPj9H5uD$(O@Gw45vci*43IR7qX zNf>j~S0ZX!DJjbjklODO(@V}k?+f1!nE$rFyYcpz?`q?(MrbdcB&U7-Y$74VQ8Hd+ zD%+u!putFdDR>arGG&!jUDeP#Y&fp260Op84`?%S2i=8=e0tUTN|9sm$4>j5b7lAz1eU6C;?s-^Il#>PavDQe3^;qwve909lkIPx4i&zvp|94@=Z{PoClR z-@l+$YB;hb7bRN`7D6ADGM*mW`%W>6ip@}ePcFmJE6!cLpPU$1>0na)RH@vBIlb8D zbdhGEap88FS&kZSxW2Y8b=U=VDQ(fH9pjQi0EnjJ?VtX-x^55-NL1Eg;7C`W?O^9- zoGA?lcnK|Zyn61hR8>}9#QT-HF3s~8dRlM)r_1LV!%$w}wK&NCopfAuBUhZGfHJCh zDHcuB5iYXEGX9Jx+t6CXAAT^YZgQu8pe7N=xvm6jrc;TQ$P+jdS+_W}@5F38WH{A>jTq_8IP~u>~&XV_8`3E5fiAS#+5|3*GAU zhOf5!jZ?1m*EsHjn^>-OHwLf!G8cUh_lmWru=e${OrR}8>C2*1Jro>UOnmYvZ)QmQ zxF&b@mxA7G8hs}AE4U+xCUYs9SdA0CYR#3OLE=>5zED^!(LWa%6Ivwl_=VDXM1;p$@6S{wTo)m{!Bna?wTwVEOECelm`DlXqBmmOJvs@ z+;Lz|%{)%ln;ciExFdo%?tnir%<@RNaaZ0v(R1oKMwXGO1pOoo;f+wg3Ora*G-lOS z*um`=qOS+{3rT$y-}JNuk}Gwtc`Uq181FramJ|K^)7D0M*jH>~SJya%b_`=Ux{3B4 z#ksy9wf+>Ffn-|ewiV$jWQobOUE(kVLym(|RKduztF zGyHNhj8V%zszA3hZ24qilwyNejs!4W??tZp628SUwvj0~_$#I41B!7Px!-XHn*J_I~6*=h-R=8up@Tn*b`54Eg3q2Ii zi0zBNH@G(7T#IT7kTXK#C3GNeSqfb{*Vzj@omZcA32m1=->3e(5EQxBeL5t^g8A|u zsh(j2htz)4*`U|VjQWo7Ur&AgyUN7urv#kgG_zm_2~HZ9eZ1m6Q#x&U{8<_>jJtUu zZr^o20s@|6*I6n=lm64^+WMTpO^+DS+UL8dLwmtrJiyL`(8#uZIS_cl1)FqF4qzhOvQ9q6aJ z;nMN~FaIjP4NYLO{Z>1|dfz1Wy`4mIy21Nsxy*P1m_m%R`tAk0!%itdG(6VJ(nl=#7Cl#>1xu1udJ5}J$p34QmCUtkZ9ZW^W87jD#gm* zZxI2L99MA7 zmw>Yfdw@PgE>a=?QJ%*KBvP_29 zF?=5d#l4p$JJdWRv*r}mM+WoT`)txVg(MmHps>=fOpO51}$xQ9kJlys4Z zPFv&s7&|5Puoz577V2Y&vk7f-&I-#>Q^DXbis?=Cte?#evRdDTjjHPkMXg0pR506h zU{*6?1brUK{F)y1UCXiQDVR+2xZ@QTds?Z8!*-T{v$Tk8Ak*BvKJ;@(PERz3>(Nk| z;SH_DE3^XUnl&etmBC{yoWT5$8{?N@E0QRj;lwAV4~}|g^y2A9c%bq($`83~hGdE? zO)u~oF5q}cagXsb^!teEu_IxDNQ>OIaev;oV_55Cs(hB3+>82^&E0gQ#@~NT-jE$w z4713k(~}Uar0kZJ>bpCsl#xk;=aT#HH9&@05DA&8`TWYNhlew>oGVI(Yf=SK`NTHA zEaNcgKdLZkZRl4!qQ~shemW&8oz0DS6zg^ACVUE*yGt*mxyPo?yQ&hXPB~*2ZsjF* z(NokzM(}8(6BvDU_f|RLtTn;T(nAS)9fUECHQQbpzbW!|RpN&h$4V!LF5k zGkB>z*V8)iMUDn&P0<)Shj)6pmD5MJqpOjnpr;U3ZY3s79WzPFm5eEW-nnoqtZ{3B zopw|iw^Q)WngFwVN7E_u?FwzXRfQ3_Od=gx6l;;PPr^*@&?C8j!+s(BEzq#&0ZC^e zSp5Q1d2->yVI#$N1-X9ome9hVQWI9u2)S?x?V3n(xSYGZlz*?ySx4K z#UR0#=U@l@^Cephvw$-%__%=-cpq9;8|V z6*N-ZEeKwabPVI**t5XTn7!CVJg|Rz5}M3;1ysG0v3z=-Ja(#1hsf5WW%S(pU3Jv| zYn5wq@EpCODHg6*pQrMYFdS&Z|5LF8rLXBh5;KP;5;EBlP zVcq{ePGK+l_>tvDaHgwnM8qI7lO4d8a8&Q7hbRUA`Dsh^DA&@nj^k}E@u#*Xpe$8;jM-RCnlG6T@Zi_j7vo zXR)hIiZ)MBwW?8^dx}$eN2(}efKjFAJu2~eY;t}1uBooyz`O$KsA!Q<3JBuI&R){_ z)lRQ7$28N|e({qxmgP|Qk94H0=nqo}^vBB^qd8!ciwPxek^YDgH5YYqEk)DIs_PtB ze+EQlMPIjR*g3i`Y^2L9l*&zqg)j+Oj7fG4SS$1%bal9S!hbY5(qH|7>zMxd8R?sV ztxMEcAsv5tk4~1ww#Ay>fVDm8CENnCAEJUpHp}Z_Ga)Y0sk%^+fPewZo>Egu^V3nK zMPsryh{)Q4Lmbv)fkxt3xTLrr6EXl%iB%U>6?;ft2NiJ-xRYna2dwYDI-?Sgk?tua zKtV=gqQe6;%5IqHevZTb9s0c91E4q@R68Omk<4e4T8`$q=C+ud|=WQ!vR#TH07 z;IR7I9e-^Ry)xUDB1rg!LkeOW%Q!DvP|M-oIFXw*XTOkF1C|sij@7Q z;}~?_POVj2Vwmt;^jIuRI#u(1Td|poLg%6u)VTcJYm9Xx918b`MwDBx5!QaW(gWQ8m3X3)vqgZ&@o{( zE75ZGV(i%T62}A47(f@FrgFc8-FV@QE~MtfRFf~_2OfpU`T#jRowqlY(%FNKzUDLZ_k20bcX)cE9=HITB@0Ce^5jMTjov_xxhL@T3~?9ovskPVBs60tAGJhOPKH z47bQ6l^6i94xV`dc$wdLZg2SmDx~V>w#wrX3oQrO+2bt|Kk!lmk+ZjAz-B|nr4M@|LW^sF&rbV|rH^2e)G06ceXAi)p3nb{YbS+&9fu4JP< z<%pZ@i|v$BGhx1|wEQ>m#Bt#X1DCnw)!g$`F*G$(JPuwekX0e9IR+=FNxr?Z;<2Wo2N1Dr)F{@jb(0O#4|St+R87 zsO^Q#zF$V}$w}vjvNh`5%<@i?-`|%>wYpplL61o#nNEt`En*dJP5NRbBZ!J!jaKg3 z&5QFVE^moM^or?!MW~)iteAGXO($$qu5%4Em=Jp4lkUiEEN<1ZIgZq6^_;sT1*{0!Iaj%YJL61S;M&fX4q z8YFFn;zI!Q8s+`GuP;mGjSvHu9K3J@$@>X4soNCpx;&^ov3UOpY^ zbQuZZy*(auI#ctD{Eh#3{|Y*dr?vjAjY+JCnPWd)-#*C`;07lCMs;I|f=aKpseJc? zARAb2I+dsKorabIl>gC`&}r+1^Qm(B-D0udqm^^^R7&XFDE^)ez5f+1hd?5dLDCkH zZn#p;h(A5pq_K6r#}gjQA&0@~&mrv(yanvubVG5?MN_9wxrvK;qglSqB54q!T<5!X znem@bxStbq=vgOWKH(;HA7sd&Cg*%7ZhbxoF<_uT^=xSXad6IgHcmnu*)yomg99Z` z1`trXG?-SVd}=W&XAw-u8gAU0p7!J5Q$>we1b$k8nlfjrpmSqWddEhtt9g?O#r1e9wo789^&yNjr;2-~z8;`xr{QYP}D`rt{L7`yhcZZR4^ z3EW8>QzN||xLV_}A?zqzY=Q!--gjSkZwdK(g!idu>-+g0McWQxn4Q6qiVnOUja_XS zTFa)eZ_bS*4kxJgUBSIi?#|tvBF=?06qSHKlaYE|3n}~UiPy1oFM6)r0u}BYD@Hym zu;W-B!vv>74ovb9*V&p~9zkg!`v?+x)fe6SHkZ8jb(N}56Duzwe40^eg4%!oG7$eTF1*xgAdmJYox2GDUmq`ZsMN$Cf(8O0%EBW-L;;lcZ#eI=8Dmhd60v2~J2*o*UEI_cYV56+6 z-Q`0w-h^($=05}tc(9^@y6hu`Z_BN}NAQXa+${X$YI6l|c(b@kKniUynvHWix8lrz zZ(=9H6ss!_DLXd_Jy3{hHbp$f-Z466O3r%7WX$|7Dky;E;Xz{C%?X)WTIz{PjM&PH zx!_ZhffAn_3WGmy;z|P>L?!27!&q*WoLeLPlL!ISHnd40XDcotrOC=y9z1 z`@*}UQpb(=Pfizvdp}Zu=hn{~%$N?ldq%`aXD4Wf7h8^$m@el9zigdLAG!osms&RA z@NQZA-5lN!S}|70_LZ=6e}yR&0Ep?Bn@>u&(Wwg!@Vp_(2}5B8HwU8nQF*(XmxDCD zWW1;$vjSPVm_{k@mOh=I-~3+G%^b{dkWT-!;3`!?a61>eLabp_N)mPwD3|I`!fK&M z=WUKTqp6XtfKcDooT>;IDyw1YYHNysUgn()q}_n<0#(@19v4VM1hHHM#qLxH^m4Ms zLJQL`J3rXZ#-vJ#tlz|OKJ_9tCeP>CW*mjy$eV;ZealyvO^=WnV)Kj~b%oRnl-$6Q%U~6eFQ^qIN|p_1-PpnZSmcx} zWq|gMgSXTeM^}avxIvLj2~;-6$a69(V-PcNq&frC#dTzVn8zrgTQPW_pqCW!dHpaa z)BY5Hd%-EJcgvd|M@B9+&O+#Ct?3W^p$N~hTSn^8YHL}h+JrjgZOuY+pn8nd)rhWs zG&Cuxu!AVa=Y;XZ7GD`BiXx)vTH-d>Nd&R5i_3@;;M zj77EUKF34eH;&=7r{_w%#k!n{4qmDa23{}A?OWZ@%8fMOxu z%aNtAu4>Rc-ivDR?#b=n3?M84?j-|@hLP`qopUo5-OXHwy3}+n`63;TWjG$gX4Rp~iYVawd{y?u#QX<3%7lUa57~1Vkh5wK)%Wa*2FB*3&wzcpWwoAlO;RFC&2$ zms%9My>jw6EZUe8z(0Yr7f9z5H#5rTQ=%FJOWbPyLT#=&-F{U2*m{bxgO(N~uV^&- zjGPkhGUe>B7J5Z53t*;Z`Q74&&1WGo{T|*qVw~0a{vf36C(XvY4sOKJGe?A6xa1)S zzg*@r7m5+a8diBu+0wy}clMi;Es|Wk+Sy(w>iWy~qP3wGTxIDP(6fa7oQsnH1rtW|N36_?ocM2 zEf@XUXvm$Bl>hnmrS@d+%8$Lf9*JqBX8~duie!o8A zMFEQ93j18tG4Hz={aK4PlwCQq89+G+EzFe5|LJ`^iu7foR5CwM*^J^BVO(7!ffN-& zyfe(am6H(>3Dn|HZe(hhoSdVI zEvAgdI9;a1&HL?75*t4zF+L(hIaYF#DGOe_ggNrtmL6#=fE)1Lw;?$J`c~jmZod(` zH0`?ss5yW~$LqUMO*1m%Y&wt-roevt1xY0TUK6%_sEB6K~*( zF@B6c!-DAWOHb=l*|cK>)GsMSrTcu~Zuxnxz1VR3y7G9N{=?!tfq8!eLg7&k5@+<| zWks1n<>rXpI}QpwkLt>ME1Rt1kl9GiZ@-5_Jn{xS7S%!#t5&I)TnT0OkW%&`irZ6D zB1E3}5xqA2T^C_@sQk2&X)o_Gq8U8dAMP7(% zkjKZMH|@<_a$Tsazo$^c#S$-uidlNo_sNF3*|!hCvYTpEIe=!{r4MH3;K+F>NVb2d zK15!2np;?)p!|kM6}${T4HiQ7thE4us$c?H z15Xsrx7!K9QFku~*$hEQAj>5i9)1;2&ah`B4wigI?@BxOK{t)JbJULWEPED!EwJgC zQCQ;Cd4sa*WaL@`AgRjGu`6Fa})6d1lie7M44o z62J0u2^F@-OLwXKN&1vQs2XR^7iLr)h$Gos6?bWotuoNd{LqeB$09x(XL)bq zASTAO_VO|_)5E>^&YB^>C5D^xH@q?Oa0-d7+(yUT6gPfxo z8cBcot<&!uomV!O7-C$9a)KdnFb1-`@ZgCfkwvA{-HMvH&7_2EJqei9AgFs&0Jj`- zb*b%n0ok=l2%l^GW=ke^Qobtb!;@6sLq06LpiQ@b`1>P4X3>LY^L)5^Oq*W?Gw%}y zA=+hsin&W^+~%2b8ROc%j&~krlf5T-cVd*);wKy~EFN+g&5(iXFk*rRED=68=4j^M z;xF*GO*bHx^dX}ebJEt72zNACAo>L4;Cz6MaAg5{j1sw(y+rLiTL&}qOb{36-QMuO z+xzJg$gL_LM;dhH2x0$S5}@bp!YEDjB3r9^%fC6(i3=pt5ncBgUmvr~^%+~D8xPcM z-D!}TXn`+X)9;DmFs4uwhFo(y^QNWD+oM59UH1q;9fm~Kn?)ITYu$Hw%rpXi3LOryJp}QzTlS_PP|0`uH_tjA!8Tcw=eM2|!9w7hcH~%zG9y zEdkcyIbN!TlmoxIt$m&yBu*kU(QeGa=fAyg-%py2* zZ*jUNb4PL~zcXGd0?+ayr68O@#>sZi{bw7;*tD|~NFEz%$Zb8Z_0I(-N~;(giB_1JA0Bsu{7Y|Ra| zyu&dKs7stJKbJlGU3@{{+^LN;f8;1=Si9fFXuTU`nGKZ#p1HP74@E%>g@ z%=#)vgg3_SU(gHUZgPkDq7`&D@7%spkg+TibezX=Hxi?9P#x^H?zKgRx@n)?I>mMp8VmJt1}8`Ulj%LMMW7 ztxL5RqQ7t)%ezsxkh>|y3+fXHLF+y^$>w;A$N&|u5)8C77%2uU>IU^zd~>F9hb&x1 zXpW0Vr{a*ly=zHlUQaA_Lbh@u-r~i2(zpx9R<-oJK>3dScb5C`I6!N^G5~~V5AvwM z(QyX@YI5FD=lYu9_9cY;O{h@jod`Hd9uK{6Rg!amqNx5$xyky9sRthw;-gGG@Dt5b zRC4S`WXe%KpPqc^r%oAoA932+`0hK)Ny`j+g+#xwes{<8z2dLpG^CM_7r+{RGbKfu zXhp?Nev3etsH2HVQGdT(xXj5J>wUrayn2DRqe8Pjy3Tz;jSpT^PlV#mrlCQ`#u)Oc zi1{px!C$ug8!k4Wk(fR&NAfEdY8{&9)JLFXn}-b0gD@)iMAu0*fF(3HU$t^>A$Ing zna*#Gvo2nSCIjGWjD|B3P^dSO6`Al@66|p&Bjl#ipSi+Xt zD4l17SUT4}_pBfuH6VOm!;9v7H-94%z%2sf;|+&B64Fs`wI8@;*L3C4UM3= zoD=(;?%Inmv<)JEMK8->GbOP1R2Z8yD7nc`7SS$(kUy(8yY5&HTe&VFy+}>r)-+72 zi)eJ|$tT<2jJ+?F5+2+l;uqv#i?LsMc#dC0IDO>TdBl>WxM5Ge5lsNu*cH#@A-$9V z(M!C6_M^ky9a-%@zP8!bd-Y$5O@fMIFtqm5-Gb(fy10hP3(P=^hy|6e+oj{qRg9<_ z%wKpJoEDg1W$!_D;#9Z%jC64D_fI&1mM=(Sl0_PqWE-O%@e#XYrH*iF=7z^1zUAv3 z@W`7`k#J#nXx?&{OO76AIjN?>;@7mZsVwlANJ(%D5Rf39X zk>a)+s(Q=51?f&wBdUs1Am>I$?YGda9lI6A14;*4a&f6fzfJZD4Sfn|`n<$hj`3rk zKnaK8sWzU4!~0I=aZeY2&KO^Sjm!j9^&)N*R`Ry0Onbeh21L4C=y`cyp{XrF?>FwS zX1g{PCZBuC^vh4~d+coMHr{nzc{(}{kvcxS!KYf~N9AsPj2w&!8!#PM=|xstV3tX8 zkLk<%v;nY{i;=Kb(}n+CjI)rt{wBKnBs&F^w$*j))+Y%_;t;kinj^}mX4m9UE7XQf zbLd*BHXvH^!)6;+I^o`?KKpP=Mz0qg`E4A`9gxIAa@?%g!hEv@y7Cy>s<#4v4oJYB z@r3C2ID|J0J_?$#n{#{Gj&YMT?u}NoZ$Hl{xIVe-@y|kb@avFXC^v|ji7L>l`+;KH z;(o)s=i0B2n=&`Em`~}+FjPiRqHEg~bBy<3+3k|aTczquTx1Ni7yf8BpKrM&6 zyHqrExpp&2`FX~N@HvXB(c}uE5RM0N#nJp8#Hhz9m$);xUnC?XjQ2|^%o}vLGZgq! z|MiI?5!`IRdiYt^6Dc7T686hWgI_}Y zp!CldC-V{y)rD}2`fkL&kF#EEP6uN@LvZ%aZ+f19-})E`m7av&0v8rEkO?`FXD_-) zg`Sqbd*7sOs)azDjgwTL$&bn|pfY#H`|F@}0YX~l_(k6S=Q)@d0fx)I5Pz438&;LC zC-E22ZnqpMkzGSMVXzN3GgQb*2|nKc+IscPH^NO*;TKSQxuV38-1qr`Gt%Qk(fw7B zEvS~C@Y1LnQici0L;RzXG=jFNqJIxq5*EOx|FUD+y|s=18d#H(^7-R0jKHa;I@MRO z>XPQ`Cj+k{#5PyHX{sW9H%i;5IH=i~A4ZPW)eRPImLMy-jdmP$AZdTe7Yg#fdzVy= zCgjE17q2lf?wrjghJ&^2uNxNCi)s)m;-EdhSNoXh5vrn_zGuuz>e*}Im@*NoUNQ6S_sLFtrhWwtrEPA>e!aN3u$6aE~t6`hf7}c4zb3D z^mL`s#THWJDx_b~G293H1n2GK@wXIS-+f_A$K4ilRZ}@^^nQYomXTOjiS}@44Ce1z zUbS|$_p4j{YMKXRJ+mjqXn(S-IGJ-nTNt5}Ep<6XqP}TJ$QmUtwiW zl{we_N-dWgwTXn{xqbOdP8^QshQZx1VxmHGb}UlUaI`8}TzRfKp53?Uf3f1HV5?#} zuR_Au6!hR9Z72&-62<6XdONumEt*ZrN>eZ9`bSKjA4Gq2Pgaw)%}d54yFwVJn#G0M z?1Wm@7MW~BMzK8vO&Ex9hi;NE6X%XsufGC9f>WIBI8$d!mB>d$-DFBh%xX6FGw1+T zXFDnNJP` z*t1GjKla?zx4oL&jZ|gsE*!+i)G+2pg7)%0i!(EckJZopbgbp`fRM+(hvhhi!aaeG zn)FuvDu6$B3Jr=~m3soM?@k=Pqc||vvnWCoBeBI9?xyaYcxS}dOQm z&ngCeaYgopS1O%B{AJm|KbP2H*sB<~#K{{-3)d#;qzXXqvNCJhdTDjiKW{m3Zp?rt zRBHM<*VJScnDzEvZy%&l41cwUB+RFS_QDn4ZEphY~>bXrIe8l&GS6bLSH3ZYzEp2X#? ziIL}4Nzj7$*ZBASpWU_^Odmkq{Ima$ySt8xvfUp>FQOuXbSVuYAgw43(k0#9-6h@K z4N7-+49$RacSsGLGBg7W!<_Ni&-3iPfBQY}`Mu{|?^+^M5 zKvr~S=A<4S{66giPA0dNb*Iy_2orW{BTGzJ-BAgwe+`f-cLXjrl#->C9&%<`$tg6k zjuPxa9Kypav3qP&su|L}t8GkHTR2Xx(#=*5^s75tn)!KtK8LASr=O%IkRT4s@~Ojs z(>8Xbc-h>AZ96k!rQmEP#d{v##JBK1df3q~_n|w<{BsDD7ASw`iOJ$R06(bVZj3Zr zsM47(x#1~X$sjqnJeaYx9MII%ED*Tg(4dzkWRUrO|Dja>*3n`tZEpHUu$)A`FT2#; z*{ZAL2@u}N-Js>3T@G97WQMB~r3{!CX6S18RESG&Z149S#0l>gsyls`mRKT-tXt ziNI_gS6R{?*H^l_K;2iiKkLj2@>I&-T=ZZvY>j^Zpmk?vl+PVf5XB-V4yMJV#$;fT zF0*KT&*Ywlh^sf2prPsxw%@5L?Y&Biv^5!e-K~R#VVh$LbSe4rOXWVtb>JAS-@%2P);O2I;gWk4M-<@{8nXPcRnmbPWUa3;T` z$K`hw#VN}xrPH9xky-lb)#18cseE!bsio_1ZXql^pZl^TK3&qUo5+gSiV$ZXffFQ) zA4INqt7y8(F&Gi>7Rvz+K3fD*XlCUXaN!%Rw6Oi7%RWNAp!><>!p>PbB(b6M z(liQo^)ae33Vh#+x6YD?V>?a!taDUz<@9T>uTv36W}+2;$QK4bMolx96!;+h4)7F1 z2XQ>-Zcjpml4W4d-Q}Duuaro3eWt$ulQS$Tf?j%D$?hCZB=6vTh<-QjiW1HS1iTT z3j-(ytj$UHB0rP91W_c91sSV*ion1!q}9jG?Mn@N2-l+<5L+SmF8i2FtSL`b=7RdX zctv2M$|uzuafXPBDTi0VZ8x1TPQW`x+PpC6ySt)BCf)B&DQ(%^vDtEWaj)$yr&`f6 z43|@OHA#(g`?RiG>6bf-A=4~1j5ZI=y!!n8Kg$c=Ro}8N;7NE)2^jb!FFKM@4)d^e zDrTvXoW1@Obob6;&RXtvolGsu^>#qlD652^=O&w__xgfCyo_)JhP(iiD3$yPPCLuf zOH89-XrI!!?03U#q&Gd_$=Fkal}<@P7_!H zRLwq3qU_wOlwUAE-tl#VwfgF;cD4_5lCC74yEKBda>e3`nD6P|(o1 zbKW$XEJC_um8GA~%sEP+rz>F>@S1Z{C0CCnjOy+rL$lNb8 z-CP37q(9nX6xGyRhXho39@}E*zSr|agP3X3@HWBFuF|V#Z+z5m7Uble4$%|xo~?@` z17B`IsN(?_bQt&bue^JK8=zYP-B;y(epahvISGY(vjI1+ZZB=8v5)F!zsT)Jn84y%%&KS*GSXlX+U}E(4OZI^f%ha!I$k2bGg%Z>YX6BE1AN=wZh|FvwI-1g8O~;&Ate3rzKzLMWtZ|ZgDNxj&`;b2?qTv z3As#dlLWQhoCqZbc9Z)oMuGURl5o~3PzutE=Nu&>S%ShFMs@`Di(;m$??3<@bP?E?1l%4Tr-3vytdyW4Ld#t?*jd(eNj zjQIFZ9XFFh$-C-3HRn!J$Nxt>;8E6wt1LF0Ts&FW=Qbnz0_9AQi*{Oq7kN%$2!o3Sici;)0oF?C6`;L%LxE6wLouno^27sF55hspmcU+zrCZTfcas#go_#9uf#d6$T z%1vL253iq;8R=7#;qrTfbXFp8MzIGXkC+C)yaiGB=` z=|ZHIeM!f=aDtr^7Nlx+L_H&Gu(t3yej3TQ1YnFk6mcSZFqDA{xgTTA+^Ns9LiEZM z`ODTT+ut0@KQF|=R%9>@YNeheCv;BDoDZJdR_>$r_+%oh2mYXki*EO;`#v+YcGEXz z^FFn5^Ma-`p{-Ky9c+dH9#H`#QS9`*^VQ;x-N{EOcWQN}qNa||;z!d0bo%STEI(a? zR|CaAd`Ox<&DNOG{6m zqeOIJFo#H!I}5z0L3T2QdMkplyun?thl5P-q_b9wF1j~E*pN2+%|2Co*^mrc;x1BG^=EE9U2R4w!>(ri40 z>pYKv?%MB@lVErO@bg}jwqj4U3U+;8kiQQ(>4|@k?YO1$Au8?}y*h8oR8Oc->V&h} z2CKhg$v)|s->Wl_dWc_wGvD);6Mf`gb|lYAhSH2wUZ5SBmGm64LS(KK!X}ywt1_-L zCT5p^c`^^S2Nwx1pIXm5-y2tWdY}%?u=yVIgE)|}5UZpl2arI~n+)MU{4l{s-O@x= z3~q4+JR-N~dRI!ayMFxQ-!<3UeQc(cY^W3txhte%DH%8d+xGJ;ZN&F=`Di$!7rT{R zoSuB5c%ybm~pkeLpft*g&fH;L>7Nm_Ia`-~>@3XU-a#nT9RcJpvQ) zsX901nr1^7J5POjGLn@D9e1&B=ej-o*76R{e>SDUG40*5~Mq?pse9AjX?R0*rlIr3kVWMs@$rgwi_t zP~R|$XWN0Ch@t3Bl!R(=a!f4<^Wn3RS_4?a|N9J~;f$H)8@LDkdA7tr0}nK>-{DCI zY!E?QA|Ao=RTm~D+(y!wKA8)!VHrd!^1>TKWUx zUo^=f!f>;(4+07(D*D7Mj8xDuYUf(_{0MlQ!Ra7G8h~hKGPK`J?kks{8A*Q(bl6s3 zdE45CLFzy|n0B3GN@%}K@_>l}gEKYGp?R1t>{=+|MkL(jdZ>rW?|*N#-e5oN6W*_a2? ziE5R&kLv5UpyYp-qWK!HJlI11u%eS(S^D@Uub&0}wxT_|{{L*F<*BF8dm z#0s#;{MhlKMMBh)uo0xO3!fO@`D0x-W95ZvY{Z@U*VTIP`-k)uWJhu5xnS75o8|{@ zf?f-bx&ougz3u#Nv`^-)yq0Fj+niVHzpnEWB%6hv%%?_d!YW0@5TLdI|x;Nzcym?T;HRgVdjc9sp2-0J#T< zZ*o-=+{)Z<=D_0R^$)K$U*D)^?rw6AUtj0nult5KOUPg#$2ze@B>WRu#7Xs6 z;Oeywm;)Nxv@ulcpi7=P4eNLarEBwbUZ!O@6JT}Nhu9yv-jynKHt2%dUy*yAB8_M9 zl@~R8U(Km4KI{o>1*W~Gk=MacPkl+ki6tos(QjJCi0sR2Fg-aw3B@$JN}HQJ*u)|y zuPzF?K7l`+NZCUHHu#+G=LKmm3P0YY>Utr;iQi!9eI5G<{_Jz&z)jWE;5!k7It*gS z_QlBd1uH&W-)u&*$SZ0G+)eQJ6l6bK252^?rXIj$-8BPT5}V9~g#+uVK)135X;LC0 z&i+aIP>_&s{auF|am)?s=Dn9b?X?eBmg{DNV4a(9Gqe?m%&{56*5f}>Rs$)y@4!ca zw<nlgy!>lInX||W7?kgRM@9R37b=UOrUd(OE?$-%&Jo7Cx?6OHbySam$f|o%0 z=Rnfl`Cze8?+^DBw?+BT)A3!Z3TEvvJw8rS0m<=x9!sF~o>){mCxQ1wdx-UgQ2Tin zu8iZO-z`Z0e(5Odd3M2aan0DQE(F^7X_p>SpdBvjXw^Q)Ftmr264{L-1wFmkpTIjB z@M{i&w=>SXm-1=n-|y?8HTy%_Q6yYA7MOemPbx<4E)N1NAfVWxMB4o38ya4FI6EEz z-a7EX>ZPM2!Dcs#k^}gc2BX`(gBPR?q|$#d7)L40>OPEjKLNkToF2n8+PRou$o>wz zd0GX0;F&y1oTc<0s{A$5eH8q3q}J>9{rv{!LLZeD7@7M{qH}R z@kdqsvPKl{L0#nVW{l;g<n9tn_*`abFxDCDyb;lxxT?FuN6JBAuXWN-J# z!P`|9w1;VUMD7}KMr&lP#c=PU z{Sg8HgA>rIB&n6?SeXVL7yFA?8!yaj8)5~`8{*OLnIS_)wmp4(y_!>aRACSOH|*Qh zgcrV^d}P^fxR&!Qy%Xe&KlnkZ^#A^lB7UX7arL{>THOcDZdmV*zKTl~idj%i5sO(S z(21m%y0q&b)`>=f`8rz#O=lzSgA!_J){Mcf$Jv0%3xMw@S(FNw^;-3h-A2FlLj!%C zW8Ns`#MT0Y!pj+48M_up6XU$i!WouPEW7D&B=+S3Rm3j9W<%#2Jj;xT_RrkH8rdFZ z-nQ9H?Q08lGyD;}Uo9Q^)dodp5Kc}bzF)v=9ZSdq(ceW!e$75s%rJu(qs zaZ^KqUhYu>s#3d8KnBQ3T3Y8NS}ep6TFM}e(q+6+pG;atpANze?`YpsCM4{vcI4? zi0S=bKtml{6ihN@c&qatIs3&agxLCfhgSUnGX1hTxh7RgyQT}^vcdY52akX}$jMlo z2;4zo^4F6TG|`B!m=2Fd|BfXUkrkN#fDGRG{OjQ6wyu+i%aHs!bNKVYGGZQSp({#8 z6BYjh^6dS`mq!m&yRQm@J>=w@uKknUD6JT6FUg85$fbPv(8?j`16%V~K7ue(l$9nQ z0A_mDNN;_z%;dOw?6h8NkT0)q`65|SC`Z?;??D57{Fww>gkO9g@GNyRLR(mlkr9k{ zlXt*^TsPoBj)>FXh1l9Jj-4XR(_c|~o5{W_vG6+Bvop(ofYtBwO56m-Cr?fA;xIvlcP@&udTep9xedMc~whg&{bd?*XLyZhrcBs|!d6<=L z7{=skAVsM(w|w$Ue1GqOTQytwp!LDR{fzSuHFRroXmR37U-%~^GW%EF; z;R;8`^K+vZ@4yD$>eGf%W;mY<%`dsAm(ShQ+)$FmEwKem8O7G_nb=9!!pk6-o3r1M zCRu)l?Ib=Xk8ws>L3F*LB(P~mbHdN-y-RMbNHIula6k>;?v*LYfO5oMYeGsg*gm)F zY#5o?N9P^!lb{bT0;`}n1CWIr(`;UNXY*Jy-bl8@4~lG*XS{;PU4Gp?h{O=Vk_1}^ zU}t`_yRkaLdx3v%eib;d>ZFToD=oHksnG1>iYvw}qjcSu+bH%;m1|1vfCGbrV>Wj; zv(h|`A9JbLCsggRW}U#FNId4}`&sla_uUSh(D5!K+|}484SZkhSM9%KynnUj^JuoC z3EwUwEs6_%=E-YxhS8k5(C0U&_lEKotUy%wG~*+Aj^W5B&Xap4U6zbrO<<8(t*Zt< zC}NUssqeopDN}QYh%HjNuMW4GN*4_NDWlIOSeJONJRIse29E)f+&;ctmTSc|wuCzb zRtuZl0o!JN|L-Ei#loM;cG^7fY$Y2MYIc(4uQvW@Mzu3`VBiUwnLt=Vw(P*+gkShX zd+0r?Pvw9o4=6}DnI-ooIkSXoJqXb!i_w`Kzf)Cc~pnKKrsQ`fi9T zD7FFRtxr?bDane8i?uDYi{gCk4r%WIA7{(7tOnv)AvHhAr~ z>m&EUZ;L^BoVAt6kHNu8QL0%hz_pD(PMf~k2!8aIyapv?|!c*C1(4zzyJ0u!+%n*um7R3Do7y0MTSEV zVXW)OE+T(({2$)xpZIJT-J3lyroAEzy4ix-BW}g^873wovi(n@^v|&LFBdf{}u(rx8+oo?NdoA#nS|)lcEmd9&DTAm~HowHreMQ`owqMeBIda)v zi*qL;r1jK#+a3JUZoPjbcyy-RbbiYNq+B|o(@zs;SvpYu{%P(H6LLN2v3vTJ$#eY$ zdaG-WJS_@iQO@PJv{|HqbI!}~;owS9nbWW1PnXZ}(7&rj$P2i(00=3aG^s)ck?b}< zyrCq$)jFIkxjs>+uE2~uL#MI#P~@+pf^WR(6=^9Z{78kE@LEyAQ;D%Ir_t~H2IB%< z0QD!a@F>Vccq$_aU;ssz78%Z7jRJk$Nu*%X z`&dc|uVyTOy-!d3$^|a8?9^bw0YCWLAB}AL`S03qKjzsQeR>-mrZ_Lkk1?IPyv|*G z4NiK!egJVGCoil)8Ex{uY2Ly3Sor}#ImxGmVWf|8Rm$mw|&ktp+(YC$GLVxgC3SnK- zIDW?qzF)Nzder!kyE~DBi58ECA6$^E!vqOi`BCi~?5>MhAG5JlfPXOT=EWM;+TYlL zMc>2S%8Wa3lHyfBi|#-URABqokb~z!i8+K;IuPQJxu_mG?Jj9^RmzNdp;;dNeysq& zTOHNZOK{HJBis^$-}8a>!}HrE8{BBU%Sg0qm!IG8NP`QW&I9ys9<^Oy7fu8or->LdB6O-c5+d8*wgz$!4i9(7 zl}p9r6c;}>8=Qu72<8PgAJtPD7fqtwp&150E+jg=q=0Xzw>3}{%}f9_oR+&b>XV3! z17`MXolqgAxZAc0iD)UIwHSh48COg#R+<+vAHPeG#79i$AKH^`FiWdl63!?BluqSj z(`3;L1jVcyJa6QGXxMePaFIF~k}?(J8l>!96_CLICe)II#vOqzqZd}#11bs3s6Tn~ z^pghkQX=+Sg$iO=DSTbm74X;YGivxrLWvTeGNGD6zLJA5chC}YJe%1sYstR+e?p>F zXbRSWzc^_pvnB1xc9KT@ZMO;~BBx8m*$`1xCD$3eRH;5A0rsod$FR0cbZ>fewNT=- z4gIWn`lL)xoev%8kwX>Z*erK zo^%$Vo2tr)o+y=5w%6rekyz9D(4lcOj7}W;{eUR7i_s}{;WAW+#NC9Y*7!}HbfgL1 z6`7;AY!!7;k0SD$qM-pNjQ9U{imWE2N0Qj_N>hZUfXY?;L*CnMI(P9-5ORxd&dI(% z;!Ie(Hl4>COaS=PrE_g&m2fy+xouch&?uA3XRk8o3Xd;No@^2W5dNJ75;)N&9pBjf z^y2XS$6UhrKUePkh<|i+Xg78)GT`&EN=3{>Cy=eWiQFm5fLkmJ1E%8GUq?S7q8TZ+ zbbLMrAdy7QR9=_I4e}`0C=iUQPL7%&lz4RxQeslFlNJ>M>Wo z;GOLVErAY^eP}Y6Z*}<$-Pl0JThRZ5b-~gtrqC->Jus zEX16j6y}lv)fBjX9tCUsaXXtLZfC{4$uJK95ukhrPsjUkh@2T!CyYv-+x3pOd(R!_i zIniQQq=696JnOh6d|aGT$ur@*3#Gf7L+?S1G>m8tx=Gc<{UZy}sET41m9zG$GLY%@ z8j13E%qK42JYiRgX9Ee!fA&fII?Q0<1N<@7;P)n?V*r1Cy2HwdtS;7+(oP{SZ94w% z%Afj2$*&lbEC{&d;rTF`j7U-%$!w;n@#?EmpR=%_4gUIlZh5GKc%?R{zIW&2G}VB*&GEfJJ%0D0BaW@VxoS?k#m3D-W?L8%*2E#Zy}C zHS+r+@yNmpd^T?6mij(`*1_k@w4&!`8q5JH2p@g5NO1gK+0_c38`QEkjyPJe{XWd- z$2QMu_gmwM8KiV+d9u1WnT_`o)h3>=UVM!_u3<+*h0Td*z@Hd1Vhzk?X(t_<+W{Hd zZ@ClzMG_ znN+Z#Osl5(=F7=Q+o_l(iptp*{ptoJ)NlzrjhS~LsBSJc(oEJ?BCb+Yd9V*WF4DbB zR40{{qH~Gd&7X{OYZ4cT^;8l5zpj%1GeEoVMz7DOFIcMxR^^!~f3xK~{lG!bEs@=2 z?dYYh(aY-5%o*k7Av}OT*%&V^HB35FCg>a@YvHpu4PDQogfKoO~OTu8!N}80} zIy%DZQUdjqL*)LW$y&wjF()c3hbqnw3KTEV>t+013|cC*zEOS^!zMwQWAA(VE0TaG zf&ib=)*-8z`3+Sop1PQV-KNmhr*cjeGb*03>Id4$s1WxES=eSZHh@WVa&(H?pcz4G zVW__o?l>L@PvD}by zjYu0;puQUNhuAWANL->ZPFA`7a~8wejudLEfQEm&yDE{Iv5}&hk3Y9|NW$;UL4sUP zov9@oqg+~?JtbtM>Y&&;k4l&&4Ck^zJa80xDQJ5KjTD+?y^@RN`l1{p$L&?tr59(?qA#nSGJ+|v-ObyXScyIF(WVblMf$=jB%myLnoFGe z_@#9X7q^@9`umBA+Io>MH28NxUB_6jszVi=naDk^Ex%pxn2Ps(`Ya$yzMcDw6eoH! zr@A3Ge{2e0p=nU5soMon#~ACT+uwcdXCqnzR+tGeUr~+lN=165gtIX&sTQB>Ff5FE z&W3+lZ(zh!#t{iCmJT+ExFKU?y~z=_c6SGfqx>A0^^TvM7!wZZ56=6T$;&FFM#r?7 zutR>$RD+Tv7hSSyfNxTXXs%G~g-|V8-ha>|B}vZ1O%L1e2IJ*LGDyG}MlU?vT+js& zBx>XHL9L{SZ&q{cdHS|&dClx7MN^sDUs^Isl1G+y(x$1{t3Ar z5m2@ABJMJlnLJ&oP*PdX-&?%b#Zyz*@(&zkKV! zq|HiYt6t-7oU4?A_^)>HtfD>@PSIn96RF9yUk?@`I(e*%u1o=FQ!d)Iie_*FX_c!laODDx0#Hdp!%l;-q+gG_H4q+CK2Dz^Nw9k#L*}RA zjFT4#|58p`h92E&1U^}vt7rgJ3X8J&&Mi;whm5@JLgenAd!5s}k-g>!>2)fM87P<(fj-Z#c}6-PIrimB>gE_$1- z%kT)n>7LsfpY4ya{V$A%VFXXOn6L4uWG^E<=i%5-6u>NT#i`2=$mOkGh#4U5yDHD2 zedb9%Ib{9pQ>(k5GvSwy0n#|rsp<-@n#U&&hyZf$n?tU1 z+P*-gGQFPmGFm)XL$;QbHr(OY1LoA_`_{8ks?ZjBQwY!eEQk1h!d6_4v@;6L$u;q= zJ<~f8pIIW@K6b>;q#_#f)mCsdQW&69U_5W@PI$>&bPuH!a*xVVA{jQ zgZb*d`#W=r6BFqIIlE?IdnHtvkE%^4_9dMAZ1aUrPHL*HH(dV94{El+*n&|~W znn-l)j~zz@%j#XN)Y`^kuddxQ?nGte@azX^a+pVe7-tjyKO*icwMKqsJc}!hVYcmmg<}1&gfoS|LqL6=5?4$I5fQ0H&c0j1St5b5Xwf0EZAz#u2h8M}d<+d%JojHFXq{F$NZzD0J$ z=Ytt$qTSbR4ed;AHgrx%yQtwd)v;emlkI9mDV3@3mU11#q|h{z*7q>}r_3tT#L+*P z)t_8Iax-Sg{ZjM#3Ke&n#1p$}MYPJ5yv|~-64t#v1bXtC<5I2j*`#@LuK#$xiG}}^NS2bjlmX@-t==p)+UGPJt7dextr8BxB z!B4D@g^&8?-*3xI<=MuQ?Yf}M`g?JKhD8jOao#g%VR3X2nS5f4)$kBO4F4DoGcT}J zP8E2M9r81exWL5M)z5$5wj5tPm7`JgjGYf>htYm1=H9s0t2}d3c1ZYpBhl00_Ogvj zOs|ua=e_&e_qxwQUH$H-5D)x?cgtEw3_ij3Tk#(Nx~FWo=NslDVA&-83gPLM7y8-+ zjH+m=Odo`_)IwS@kbmyzd)CH8W=yg)<{7K9Q{7n^sH^%R_VOmrb^dpq)vL$kg9lTF zxbbNTeiI*%Rs zRAT(=pee;N3|Pzw7SNE)r}%P&S7=BK96=Y>?R9Ia$d1h2!CA)SqXiS ztD_kdRW*M#7+Jz&hb^vB!Rgy*1GELBIn1Vv%81)&VmqFg3`scCINGoqg;8PxtZ?FM z0q8r0<-J$7q%UOH{I48D>m4)MEp(8boi2JC>t8M9(+rZCVJ)b*3^(d}$h=V`)Di)r zi)1T9z4z6cUL3WiA);*l|Ei^S{-4)Uu@>z6i9`gHUthL1F+g^y8=jfGa+=;QobSFA z@oy8i`>(@WC^sTI6sM5$3piKl4yK~T3s~m1t96u;lM4L{JnJ+qRTB@TqjB_;7_-Yz zef~MaB}kcR2MMPLF}dXYHSyJ{=X;WA^A)ow`%+zoLxI9Jb3M}53e^Jy3v)Q5Ut<#P}^t%VD%hopv z%IvGFAHhmR-$wwW3v;h^_n?sTak*n4=l05*5#{O~R41Rz9khvB5)Tiu?)iKTOMAqG z6s1PP*RO{fhCE;U^przaYOcekn{)z|KPjOTYEjI+1Mw`Abtu=<&1_#~=`aJr#4DAt z7^ZjCN_R5uRz1m|kjlwJ%H=e2$at`J^i_lH)~wdzsSiX1#&EOThyIu${-rA2wpb20}G#RSG0&GraR) zgGF(yj_3i0@Ql4StOI8!4czg6xnVHZXscXo&#E9DEiwW;1Bd{}oYh0PdztzsndcY1s?N8z{AFJjE@*eR|grD{LTxRDx=SdC6L%zQiFSAT9X=Q#LT_960AwFI< zR2D)CzB=P$_DDA^wd`z%eJF6Oj#h0GqMfc=0whD*AZJ8g?dv8D#UzARDYriED%*u5 zTzb%7glxyO+wBPyJIAM>#6vFaFC)bn=pRnpQ@nKxpM+8zjUiY|EUn9nt?1Xs%c>;RgB6b-$7GK6^ z;#s`#c>8#8#4&Ri&Rxg@72+2kUbxugv@9odRqe-7kWe7b0_2CEQ|bAir^B7xV#Xlmu6pUv zRXre)3nx{pSHO-&{9dwWoDZZqP8QGBuF2rl_p#3qS&kXKeB|JMkpk6z3Oi}k zsHT#GTC>gRQNm2y6GAsRd^?8Op(;Xh>1cIgWnFS* zo!!$|vWRRP6{!U2zz7$sjpk6xpPxxeoqoZgkJsbO#W6OjqG<#nVEgp6G|$@Ed*9lQ z%kwwl(%Y$#hBBl7aV+2WaUFqKsUAWmCw{ig^qzVN_;KmKVVf>3GdayEcRl-XiF$a> zVCPsO4nqYdK++^cbj=AcO=6!uP4DBUwS zkl9XAo0R#EJUHs~Jrj0h9?j#e1DDv?eLO{sI7!xJs`MpwKe2SgKGf6UuO4YXB0672 zo8F#R5Y-@w+LWwDJ2p`PaHggrqE1*&o(7S!nz&iA$YSC3ju4>>WYx+ zS~cc~+E&_2^ACq=D3~!Is`!k?V-v!)l^8o0A8S~KKgTbmi)Rpzfm7}lwy7vZI{bw! zl-KSOZ{l9Eoi7J?RVn=d5i+%1#NSCUeJOnEe`QG3YG|JDLBEx+#)p(cuqrmv!{Kvz zE4T3k?t7*rE-W{$D{z)8qafAwB;eA*2I;PtiQo`GXF1i~ExfoxAD^OvI=2UUE4L@Cbb! zS9rfp!yl=Z>jlI`(f#uIN*j4JJ#ghz&9=)TE^(L8e6P6nJ)tBjJzZPrqsEVYtj}P% z6&lAO3D0ffn)gxyX(VD}g|AWBygl(9#au}OrW;KTLI{Y5RXKCMe?Yyf$_@bPKM@ z=5vMCO1{Mf@4yxGiw-qUdA&CXYnRfLU~!Ioe6@Q=?9Jhl^vl(KCI_;e2=u=fs;3P7bld%VB;7=->&8jSSUh0JvUaA7^{g zwid|T4LGK!atR;)TKh}Y_pwsoh&P#WxQt%{ly_ij1Gy$VP*s33H_<6Pb5ci?t)-@bYz zpP&C)wKnmNi}16UbM2+vXW1R3B&MvO z!89RbmO%m&D}jP4K<*nRu~%=(fO-cDeOnz`3*m&43)PLIgISsDYJ|8~+v3}yr6hE5 z{+yKe#1qp1Ff zjOwtPD#x<{i>sCyk9jZ<){sV$!vpE!#_@lCYry3&_VZ`8;M&TbD__)>aHgk=M7x^v z_3V#>CagbXz<y z9RK@D=S0ujix2uz^MW&d4%Gd{bWCkY?aI3k3cm{QMbStmnLhPQ{!AyYdYp!s0J2F( zS3g1%_F9`PJJ`PXBWjd1YX^ObGgE%)< z7`fwN+gL$yNj_PA&TQT=VT~DTM%;v=$%z>WqdJc|Kt-s%g8W08u0GL|rGmkzC0dyg zy;@L%FiKoeo@H`w3$=*R?=3Yw&o8J2HA_xL*=Q|yzJw~Y}`bfJtb=BkuO>@J6c9e98y|J z%a=QO+~u}A&)zERHZ(1rEGaxYdJ_M37#Hzuxj!lqO%fOVT!)03b-tgl*HNyZb`-FY zvCva)G+1dtOekpaJ-sr2nr2Smbw6#S0<89lWP*LKZd3;SR2b*i&m^lJ`+2JM zN}pXEkXhWbNVrL&#XS(Fz1`iKhDn93bC8if!&ab&w~5|TqpX_0Lx7APi|Ty$KEeJM_~bWzQc|r#a7sj)@1CoVLnL8#d*NRKc0#gn)h_7@KiSdd0R3 z!N)c4o0|z@0#rM}?jznZaw2Lah(UZhDNo0;yo_B=-yVQhkkMo!&2P=hnC42*zP5dO z0)cHvTpsNk9&6qL2^wzrKCjJrUUZQDOXg?48^Prrz2G8J=)@N2Ju&qp7x})OuB}?I z_Rd#M&_b)G0T(ca-}MFgQs=?HoTnk|6%)5ElLr0o>7jc8;|1cU^H*B>dWMLxxgUU9 zq2~k6l*mkt!nl3#Im*Y~I`;D|eyH3fZ0}wm2DQ9-J(A;n_Q-mII9COkIq>MN&RGtv zi~$Wv<^|3Uxlk)z#ntuwV4Z-7{m)wNMGiW`+IO0``6xx^94AaGCd7C9^D=JN4bt2$T zAE8-+0ngnYl>~b4J|NLQ#wN|;sdCorrHSNgFMiw@I=6oAcaik0)xpDs=*s^a>x798 zKK-z}hEqxV!s0r_;{d$FC-;5Jwh^e1kzI+HlhuOkf>;?){77o-u*@Rp&jVR?nN8N( z4xKxG$7g&Q+#x!%)zYG?KVnvbe2}hw^@^T9Z;?>$++)bc)v?BCYc`$PU)Dqi-<^RE zcU?AvkM0^%G(($sM8lVnWZraol|O1}6D3%Ui=gy5n%`(v_WtCqGi-&as726vYc=nlc)f|`?oEWEf_l>aLuYSQl$Z$L>;{gp zEQ8?oz2j^)U%;X3NR4H!*Rg4kt$In?LhzrDkmwz47q439fZ~$@LDz(PiaHyo&XT!T zao839$hQ|klC#)0bW5A4)eC}l3DpNoC5vN63V93~y+PVZqw`&ztb_y;!XNot-7y&p zB;LrfM%rRa0bF29e;b$n(MIvae?K?-!wWr#qqj@j6dXV25N#?XF&h>xi;pVz#C}&@ z02U&?!h`FDkv-waZK7rY&vb1z^BlD3&vg*vIO9`U2*J+LA@N{Eo+khGfT;bfH|pMUjHA z?#kpjL7xhjF2K;!(Ru2si?#{E;OjMXV{;NZw{j70tp2DZR!y^$)md*Xi$E9?S2KwO z>9L+|iGTMwYcfVscv8~hBxbC3SV{MJdu2^&r5@CY+uDaI)FO9oXoRI7^)4{1rdU(M zRJi@_QTP{c(q@w;VUm+iNxelvEGR?`S57&3{iu6B#M-2dyX3ioKSm!bAJc^hVh~-m z8v@(5=S}`on#|cK&(*;V-`{3T;wpJ>)|J&=5XV2h9Vz!NZ`{ik*B`NuLZ}%xrme#(c#!&&HUINly&@_`+ zpi+t7ISPE@Aj6^7;oaMAtb9iA$Tq2j`W(*^ydv*6)EmYi4}ZwT#vpMWct z&J$V&`MMweK~F=jkAj%VPq0_pWZUHpbgV=vn7bLz^Eu_3o+i1+k7!P@iCCSHR#NJd zF7ZqGeOFI!AlYdX^!)zrj4$io$Vq#0S8qKL^x3E2K!98b9e(gOIs~$)tE)lP`eVqh zqzr2nFCXc3c4)q4Z)1_yl#@k}ug=)}h$^woo6GHy#82uAVc>g4yc-VN^;^a-^W6_cPGmCmBQRghBvs7hoS@f1v-wH}u|(yoz6#DSb=-d&n~?4*T2EQ7f30+J0}1hN4P++GMVM zY9X=Zd6G@indxaIwx-(=leaeGt6nd}Sf@zJc1}cV4l=!gMWvmG-v}?T=pDT@IxV>q z|8l1!NhD%G_4Ke;Y#-~M>$Yg1I$>r~eUB@BOw#axbwHBZ%*J#n_b_315LxHf?_Syw zK9dq$pWyE0TTE4|Ks}u_(3m11l2U`E^_8M~O@*QB9`#m|zDbr8I(yU4DYs)P08DuQ71eJR4SRjrYnt;#WPw^ z=~?u8+{#pY)N0G_NxEP3IdqIRHK^VdhWi-aIx~1dKXR}?*{#GiNzl-J7LO@(wC`q{ za(Ilef8^ag!|n|r>B99y9IBVNJAQVz>tB0YrQSh)B^Es^rCj$?V89>T^4vK>v<0;< zHF?)B`ksI7HILr~lJ@GW2U79KzUq5LK!8N&WVriil-^09}F~LZg&H);FH4^*e7LIo})$xLDts>?XO}F zE_6S0-Vf?BCy!PbUcxC+pM(Ee=#xc%*m`-7*k8iX)|i@qb__NZ1PD&$zIR}BV0^>& zrcAo5eOFD}j$&k^%}^N;40#s+_XpgU5k9sf3tIsYh`9-By;Svy@D=L?Q1juG?f zFL2$o&a)A8@|QCAh-_H<+}^(Nfrsa1a}g_atEY!6f+tjf^u$qQN@&m+?8YBsnw7&K zoZGNQD2C&5q^Iz^Pc#3miBGMNIHReEZN<<=qe7~y(A~r&NTR0RD^;@^KFuLn2I4FfyVNM zEQkj5m9}pL{+m!C>YkJIB2`Dx-}K#KO31>6Ng4RSA?3QeWXta21Fb@QAm~7ubA^R> z&cM+5a=yjLhdm=JOMfdTsiYKHB&O`uY3%H(mabeZu@T&`d4qy{hcWqOOUt}j zeMMMH>`fQTOZnNPpx@Rm#tyIYTD{(!H!1>R5_NtuQ$PK*S(5UM_O+W@;ZT(+9d0Px?9c+$TYl`W(9`evog<*HAa~hMUfTKm362Gg%c1Cxx~R7|5sX*5)s&ivYg=rj z5q@zVjJr(vz_{4dhemmjn{YyG5cM0H4m;0AF3}=E%!$B2u8Ry$bW&pfM^%eZ;QOAI zM$6;uuQ9b44_j^b-}cWt)41nn_GGMJ+5mHzV%Dsm&Te@IA%!z^aur$*r_CjnZ1vWr zd*_|b*R3j|^&GfvdSES;x7dg;-2jrX-F%2ELmtA#Ski<&0d4+L1GqpGxz&dUiT$b0 zks?IjNEt*u3#N1gzkj>fNggzeB?s-2qPR(ctC2i;M-V?FYvYB6M$^86DMM;0|G@q+cm~ot}3<7-{i(TjEQ5W$OuF=xsVleX69(P8vA1rr9XwR@S2kmb?yG9Yh{Hv z8naqj#8JfL1)RPNAPi6}_xB60pAd(^)zH0OOUC?#hX-^DJamc8ZBJ;s zm;4LO5nP8>+{Q02U%LQI&yv#4@Jzf|)$&LzH}-O8$WFapuQ!xR|GGyO6)m^$6z;kf zwiWk%U$0}x2C@B|t=CIE1}-oY`w#$|-1&mAPwjH8=HAOT^GIi~=Hn)9oL+q=Rs=zQach ziv}$mxs7%@lup21Rweh=<9P<+-cTpP=@NQ zW{S9DVeI-IkzK3j_S6A#-PFIgXwUE=symH0q@$4v_btKO?`jM)t=(S0=6A1zpBtOh z4G+l6EHX=UV~t49$}jwDf`h?E%tt^aL;srMPAW@@{oEQPQ7+I!Vg<7y!^$$d)w}@M zwXQzZKu61}CP@?P3zo=k@z&D7mNNM7k^@y6PX{{3e6-z-4if-a;JHr@-d@I+(?g}^_fgsz6z6hg^B z);Z28_fwDoPR?wSZS>DQkp=IEhVq(|xsbkSDH$(ks=xL*v)heuFX)Op8zX}soDxEM zUs1_Ube-P@Z?mehbB{rR^4unJK_m~%w^c(XYo;hT;k@fvfHu{%ma^(I!SOC;*hbtr zH7GHjlYRC$UZ>iK+xyThxv_xP$ssK#L6O>STE?O$dYD@vS;ag$V0_I;D`Ak; zwn<`n_DAFg^)D?7Tlqb&)|Og^U4R?FAQj!6E7t%k-j+LT4B5?lab~haz4CxQI+6@M z+;Wqy8o_w$(o7P1gCOt-YMp2q4KOgXc<93U;WKfdUS4!hyf5?w}cnR6?)_l!ol zX%@Cl?FK8Pk$PI?`j*t}*NjcFf;-uRlt~nAT4O=f!@vPxC{D8VFf3M2oPmyHr<{l~ zOP`#cLFWk@X;`L>LS+39K`aJ9w~gt~Df@`&?pOZnZU~2IofUnXBk4;kuk5BJ%X%8J zMwaL~8rFqpP7RK;OuD5_iz)2$RV#*JI~ENT4oPBFydoJ_!_20i)ap|i-a=hgCe`*g z__wKQ7i;HayB~qNkmYC_2)KB9W)C?(dbX9E^RCD@EXa1#0+~U=deW?EXM=;h>?_pY z<{i$VUO=5RAs*Dy2jK_As1F0Z6an(~H3y9zJ5Tl2(?V}*LY7$8ki zf0G>HmWdbO(qVSGsnO8wlBA20XE9M^aL67^H(*Ca$XNgBy%|TWg**A)zUWvHH#eIw zrOGd_a*e^3vU z@cV8Zh<$~|LreMsW7F|gB)sp+VNKRZ1tR=97PiUtZK-iL+5Nm%NQ<=4)>dHsw%=Dq zu#JLSU`ale$TJS`$t7)nkI^coHc8;Ru}X|~x`yeJ>pT5LnB=U57(C~T0*TPjp% zSO~m3kR7~}r&+Y}GHZhpTGIjqcN`w*X)F_F+gx~e4x&9k2enJwqg$C&QrcAC1tIdF zdWjV8kXwxfVv~Vhl9$HNQy>Xoyfr0e-odDdr@D*R_?C=b~qX}xq< z6yNvfQ03LU%8^PMEC;Ridrsi`LZ~w>X6TW%>itHtH>u&m|D;c58DX9B=?;@sp z3&5=rL8UN#w1t!cSGLuhPLAX2-ZxD_|H(3VQp1Nm0P#D%-C{wEwysC<4ng2D+BuON zvj%9E<`#fA_L8py5B`gP1eph@H^sbafVRM~AgUmcl{SIQNW?^2`YU&N43*LPJ^4o^ zHFRuYsdqb;>){$ng6km+U$tugFgY z(=?`i8BO8rbT#H9-9A2n@rjAw6^aXzShVuwVh>XVI1E@T3Y>R-S}ZlW{OTDc&hc$h zPx&{Ekp8@PpIK*r^xJQt?1BZN_}nXg@vnRx%>6F0dTnS>*KD16{t?ulv~|*AnfCj! z4OH!FE?EJgnX#8)oGUXYCac`iXb+EbN(#QI-QU{Zshci^IC!T8gNxGka{M(I!S9|ojji`ouz^T5Dr_VSoMnv3KA8zdHIY4sO6Bbb5<9K5I;z)gULRlx-GJqQT+{e`Mzfc~!qZA`n3_F! zSzj9ZoD4wEf(m?pk+G{B^S!j|Y*w2uD>J?;-i7S+%9QQ^(gcG- zclj4#BUdQ`h)v$)EhIf|cJYMNy_9+lxt5U1PnW&vqG}Zh{o-^sK!c+=l6P#$JbiJg zpkX)1O!(p9_J~Bnt~7n*l*eP7MY#`wWa8}~98^EAiOSedDFy2lumV~E_nxR1-M!Id z$6M8Azr@-N>ww^)e&6zuepN_bX$E;)DFiw^r<|goLl3H%?C=ySXT5ci^4+}r`t{|K zY*DM%r3sQZiw>?Zt);9bgyX2UKgVHsN&^O6F1hVqW@eJ}#cp~hP3VmfD^QfeEIjVt z{G(xiU*+wVOoLJH?^~`sA)t7}S}lR3-H8jP+ArQUcHD_?FOdJDi69^#&{%D41;^U- zR1tu-^FJ~u=g2;*U~ryDOY~poCTScajJAhmx#hVY%-;~}md`KL+mgw~MzlB8Svw#Z z@7Iu2Zez1GT-@B_`1ZF4zixI*G`y;BwG6W&dLoI|lG*it^KjxJhf#M3HrQk=Pi1vu zBXCc*R`uX>|08HYUsNwrN)DkU`TJ00KlcToQW+g(w_e>I`FvTZXR~WQ;9m+BBKeH= z2y%Gp2)93Ky0|UdJ7a%R{P^=igP+Te8zrN!9zJq8$})n(?G$& za$|XB3Yjl9T(l=)9lrPW%~xeef|KpvZBKV6%SxWqNg(cc7MX6w%JoI2fIF}p-xpo8 z5iI4uo*>fTICi_viLV}zFEn|oUZ6}tF5!!{(HGt2GGkZ)bt?N@cYHo$SQ5$%pxB)% zDY!)gn46o-{?09axLkDNXj=AU*_{FU(J3Uv*U-pKm6R8b?tCh+Kb?GEYdL||=yll% zfhbHhThEk#S!ok%X>HX&Y_@p7vIJX%U6{+827|tRd%bAig?;sY(yJ)-;h;y*0Lda& ztp8rwkQ9aL8X0}us}NoExm-HNMOTG;A1=C0-7Pk`lyo^WMtb{6jsyb1_e2NXp7yb+ z77dGznC#8_+>?cBQa&lHaMz)2wf^PW_ro*Io)^*!{I*lh@q6(AF_4*$L6$J;i4!cZ zE|thf+6VZ>D=@wOd~Zr?FQ(M%;B(!S=yH{5D3S`{ZUs@a=DI(NPoJn2d?WQ|o^qx~ zl4ItAg%V)c|1)jD<{$2F&l`%JepQkzBW0FRtcfip`#oE3)Yp|JLYaJ8=_mb4Vhj{p zcbC3K$O&2~d5e_#dN8rU@1OM#vndh#t!hn0lLMb5L15M;XDGn@0I8oHbu;>r7zFg4 zUCbnl=`|P1S;E0-KyWm&9>oh_IO1Ubdb@sDXF?@XXS`I0XNtAPlmoHLf`Wqb?fpc4 zvEqEImq51H1!-;T8d}C0#0YAU<3rRVBjfHfPsUuiYyyj+Nab{R;=Aw*KUP8<<-1HP zE1=$vw8eWuNnq`o*g)NXIia)!D@<8lzWr>6$9}J@q4>1A{~KI3x?J^fKliat!Uq0r zFPXdw0>8$*FA2pC^6WXiN_J3%R;eoP%a*%S2(zDVLdReQ_=36ZY8|uX{zB3DXiO>z zB6E?bBChuM5~-?ESHE+awe=Ftm6Sicv)L#6vfR=*TsgQta@EX(piLt+sNXAP=kB^c zHkRU2i@HSemj*UXE=CWfF6S%hDiTbT1^X7hv-3j^Kvcp?HmW=lK2P48vqoJd3muNM zs)yEV_*6>@Zh?0H(CITA@*pr6^j@_wGlr@K(Y6cC5<)OxsHP0+wwa+_7JbS$+Mjhm z-&rw4y;VrQ8Sn*P-0<>FK}yLVcvK{!_bR}YiKZqWpjEUyJ1Uu+k44-Lol|kjwUa@l zXX2Kpfb+^=7No`O`D4D5wDjqc>qs)5J&vIiiQ+arnC1%`_5n$&G_kful4Yc+ z{xQ!M3kLZOuG?X-CvUntZ_mCpLsoV<{>ENMD9kxYkEe?kDtZjUEpB*XGh6vKB|WeM zeB+ol7(hitglvmr;AWZZ<&RxewZj;&2>eJv-$_TkvgL{Wi9;bAVMjTxw3T?Dh|Agk=pL3G$;vZp zARcs#EX}eOmui5l+7_i$**YnySfch_F4s%}I5t}GAt34E;8s^D#aia}0#YUN_SB+8 z;(um}f89F!>LE+wvB^e}_*3~_y)|n-njGMtoo1X5o6z;#p=WWakSTNBbM8tLNyNGw z55N^~UjTxG-v&M_VLiYm<5%A*Cl|DTL?&RTp4JJvJrLOMA5bH$Zf$A#z+C{5Jf1NG zVei#cA72dV;B@pP)YvQ{$c2L}vVG9B^gWUWISncd#5C;G#vJO9^BWhy0{GD-xnm_m z0D*)vj_Su%E<{cWA-BfglYFD6>4G6CpW=C+aGJHtIHs(a5mis)sADN`Tm5mclX#hDHAZMiu(pD8FBy1UR*dS<~qE`h1g zd@g-&=IV9L86XDntdUjJf^h$`oS>JEB1dvEmK~pVr#Q4S*5ITzXioFG75rQ3Noq^n zi?I7v70`d7U?fJ#Q_$$>czUBdC6q#XIEv((BU=&ovwb$boBz?ct>U{}$=jxZp%(xI z5+@cLt#Pznb#kqWBTO@w&ui_NHNL-nWL0mFmoc)KhPDX#7PeCbG};;e$-LlVZ_oKo zs_S>Li*<&d9_cS}x5H-bUq=4VHGy;0bf4?2*ygQ+r$|d2R@)yEBo8~k%k^;P#dCyQ zPiFvg<2CYKF)cbexa|=;T;HdFW{r(b7Ag02agh_n8Y?vB$k`=Maw1{}WOuUYJE+P`qIJtLGa(^>i7RpH zDMnkHFUj4kk@Ft(h*MN+LeKG^E_rhJf85KkFn-{2DOe-RiPYZk6G8%*J`L6c)tp-| zJKmRl#VS8qZf$;U;({crCVeI`wz5CjstgipP|gu&6EAT7#6)`aIxtw`=8E8Ke~zH2 zs0baKB22(ys1hUfYJWmSqw>Dexa(x;vLx$I(AslFHzVH=VVY^uYviDtJW$J=I?Jx#?dZdCDu1=E3Xm6NGc!mA_D ziiUr`ezWV8ZC2XTo1zq!S9~84qv~e8;5>MR@N5H+%D~HoS#)=*>z0bOeXthDiDC9jhom3T-U-a3+6>U&ln&607N1`q?!~}^Qft-|G3d9uv>Dh z>CuIjH3L9L%}3(i@d**}`1n`w(Jc3iGz(70ZuI@dDyasIwwfubzp?j!T?k8zAhml~ z>)8&lo`17k`eJ2ekG|#)`peDDP35tOfg9b@>~O~9Bi$*!a(nU2!D8J4oOC|x2nn}C zR-Sgxl@$;T2M6wqfm4|j(H-)O^$;?<_DL;6sSh8R4_hw{XlcE}zH+pwf+11oC0Z7% zNYH)U4}SRhBpE_|%Mo~NhIVX1@zVC_7h?m8qHh1r?#>*^jGj;Qp!37zCz?!O0NUjZ z_N(pkOx|#*L;A5%Lhn!N+P~DcoPqDGr)}%Dr?;<(cf>wMN!sco$n(tM6 z=63&Oi2uj>;%Dh1ed)HPBr#Q_i{CUby*Slnf9CFQ$4vLM@qko@%)t}3(KMi3CR;eR zy^ppyQ({Q9T=sb_R^mYt+T_xN%(v;zsq<|eJoIsbjWkU*(ko?{%pNn0<;h^$EdF|n zN}mEK1ul}f>`so^rXQ?;spc~Hcj#*%?9EsP1_s5-BL+Q2MWY>o&s@TF0@1L4Uxd_O z-Cqt1+P7zlwN)d%KTN@e#_-zVj-9J;J3=9r-A1*b!STd0wx7`#>A^RZ3 z&{s&DAjNYQ4YO+Q6==9{sU^X_cXkSiMmq9m{sh2$XL`>4x}hww+-N}!;kMxO7v zrQmvfh1r~k{&%S0Ki4DCNS}Y@TRFp_)q$vL+i|zC;?*gCsN&_t^uYr;RjCgen)2QY zUA}benUxXBw8mDqqh;o>>#~OB?sPthjkBHcHOLXN1Tyx+ZI00PcpZzd>-IO$<3CjP z6e6y(wHy>ej@qbk0^rjRghs%DJOt$CeAbk(kdaH^% zPJbgHKn%V+jeNeHyosO!-92V$GssOJo#dO*3-t3_IJv)E3HM}cNQ-ft|3e?iT;e73 z$BWAX5!G4G^yY#d)Nl$UcWr@P2K zV1Ra?3WL`8gj3XypFUCKcOhdS$2$cIYI=I5>1ORdqs^Yw$Up?9_*J|4&7hg-RI!F# zE8#cIvd_N+7`1&s@L|%~8jIK)yElQepFVz^bepp~68D+B)Ztli)n)+bLwiQ04wqZE zy;gkaNDsGK*qM<;%>jBiIQLHSV#i~JYBc&*z7ziBG2{}r&+z_&s{cDeG$iUC*tU;g z!!FrbmCP28m9t%kl6~HNy+4B?Dr=0yVzR!@4Pm=a^Ax?lD-~msU&afpXt*P8jy>!e z`&{;Wjk`H&tnO9r^f?06%5yuQroeK-{LA7mjJBIy1@D`k0(qtP9n~Bu#sdj-?#S6S z?hK4ro42m$=?>@U+T8lt%>B#;BDvxw9AnsUpEoR20e20EfNF zGM0Ix@(z+mUg4#q?@hl;vq$?h z{14#LD7b`<_JJSx@Q^-$WCp*j{eo>nksU3mw9n0?C96RTx{{vz~I+V+&y^Pzppl zAFDEDP^*WS&wuU7`eXQO;tmS(z5S6&R%m2TdbPY=LIi40 z3iJtC+2p^EvBpXe!uP&xmzW^aQ1B6WgWZ2*=0PrO~1ZB zmE((JnG0vaAdbL8c;v+{zh9OdZaX|e*WPD%ygHrjA@bF^@NRyM0@`4`?E;aQ*F|^H zrveSX+9BZ_(DCc?wi_!f-+eAo#2x0Z-Qp5wV)JSdQckeXf~)uCQiC=eJ}SuA6i-@j z=y^hy)UosqO}W8t2@MP!=@nS{Q4}@z=FJ=T)1rd7w6t*W>8VXXwHaqERzzFTgwkxC z7jfJDh3?%AgoF85g4r|R`PX{f{$zk#TU%Rk^OD!a>H@HhsYuJnh$D(Z00-$t_%tFB z>FfJ?yQSkxL(rNCmrYt0;tvFXm~e@B?EWBGIT{gMHE3FoV6lf$xUF-?Le%{bNGn&! z9Tke?x`GZAs9(5hJ>DDn#q)4DB=MddlY3Q99Pc&HJ>=1G^WkpMle$rv_Ev9n$&tj) z&hPRnDq82Z5?85Iq^&7DUueIH4RfhwSF4|*c z`A-d8|Ndtto4<597F?u#5D#8Co=(9wS|gZqv0C)4dCTQS6Lwj`R!y7GLygB5x(#+R zMimBM=Bj_{{yRikjP-BQ#D5e^&Bdt-b#aChuxZbCvIDFznS&w?@M%chPQVDC@4Ml> zW!dOn#Q0BI+r?jxX=J0?`|)YGIC<4mkYv%wV=TC^Qnd|ZMCke(>pzYD>zl@U54br} zU-y>`{n`(goIgz!7a_DT5i@HtD0O6I8O*@L>AHTPaB|0m>t+q1#QhmT43!A7V_Vez zYW)8;h>su7^Jf((;qB!g56K`4;u7u!aO<+WTG8 z*z5gn({CjHuekoc(=q;k2oyh_;BNw(|8fNWb?F%J|D?xM{)h7Mujl*EsUPF-=N#+F zUFD3~tN0&TT0H${^KfT_8&mJ%44J9Ki1BYReEcL^H|m?2LjMP`w5&kl5(A z4^jT@pkL2}{9;+;VBC2Km6f{;O_?^awn$oNt-#IqsjhH)mu8lu48bT*!AE6)_Kd6A zQ>q9ig=)2LAP(Kf2|0L6sH0LbKLMuP`J!W(2dzW*@ZCvFDFz0b+c3M1?BWeol-j!5 z6=G8fN3OdT-tOpq!*RRl`p4T6+&HAS=SQxKLTcEp~kZU4j6|4qfuGeTf6Ew`8@^p3sMR`iGPBdp7yxulR;5Qg?l2A0P zz|8DVWo>wGkXrqjSnzirmFGRHfd~aMX!P4!Q>MX7+We3T)QDWIhm&;mJ^-*ZmQFfe z7pJxW^S^@@sz)H*r_F%pAvX=&9AJZkF*k4OYJK(u3rF(3UJsME{4a9$G#o`W@MHGu z45QLDT$d&re{7K$#CVay%&V0L5*0?}SYcVB9~|DPlo%v$Nvj~6>|0DHK3%k*E=<_^ zEn2~&mreEpKZ|fT-C!l*KB_5SK&WidR;42$7kY6W$F4!+u`<-9U9v$B;oGgQ$ReUS zpo6zH9C;

    >vfTyesVzrRgZ9XK>`<{&Ky|0rrj!Un4x>R>pwj++)tG7P$d0@`BlQ z^vH&3HnaG!ASqL;-(Z(bBUrJZ;phO}BWbXvF90wdmYSF%~ zkMa}JC6&*LN1fG*ln+s_A&q!lA&_G=kY z1eB$m<-Jf;Mi?cojNO=DEI)mRb{^bdV<3Vmo^@ktP%jXWlXxE~^GhO*yGmmIGA#h> zRE_|T(OqHQ)R6#aXi=(@gIb=oBsk!RDC63SHe5nU9LV)XP#)TKM6zPo_P(jz3ZYxCZoiJ`OJ5Umf*6$7dN|haUhlGzMH;jz z_b#M4iME(j>7Ab*1Xq=`;88c{5TWJl@1XC!jAAOGNMXJVNeSF!xce>6`?%*}4Z5>j zL;11yGT?|HygbFlLO7KA!<33I^;m;Pxwd#G-s|1N((I4ZQM54JhS`O5za5~Sr$E~i zxiE>nPw|aYi~B}C!U>yz0fl!>kq3GsAe_5}Q}GIFO@p51T0d(hz-OOX5~T{-b`dE3gp<(wt6XWoacNiW=TZ`XUM%;OEze4Su@(Oxk@8>f%@jnHG$`^cUa9KTT`fzg7nFlKp!OUs|- zJ08j8G`%>uetqQuju($j40%)Jfa+QO8$upYf-frnb~8=C{cDP6%Fpq0Z2KiNPRsuYZR&bo(WtQ2lI#S;)k zvrJMtbFQZt=oPIhv)Z2^{+vWe6&jqgCoo>BEWOz&8U#-Kfyqvd z_Lmvbk3%kP?4CLe2;W5FUsmX1ORVTdk5SnQ#O$o^vP^^>pmhPbNhQPLD;0>FRlgFM zrLJ0co9{e%BY@oY_15{wHfSh{k9za+F@|jU!%}a$JB_PSn_XqUz{lQ!wS|kBv;%mc zjMtj%xVU~LeFt(cFZuXIx2gsMA}zx?TnCB;8fyjPC#wBW_(4tMlfZge$2O|OWzJyt zqOL~cE57Mfq;H07!R!OnTz_QIl}21%aqpY^NtumZ^kv&inoinYplX0E$mvBCa*4rl z`Lj?%7Y|3*Hj(KMs%e?=HD?;xWH+L%=_z|B_v;*)uxktMcLcTt)n;uWw8;W|v}(k} zdom9p?r{6&Vg3&(cuT%Hk~FG!xGMFA&ne85;e;Ez)>ngv^gs8;BMt3L!nE^^q`jfu zuWUgAm4GI}94(Vuo_C5o(j-hYUQb{y)7N)`6Rm`%Jnj6WS6HV>Nvx| zHN&*il3u<(OY|&$2XdHTIy7nVc#`&_H~ZxFB)eDLzt}Udn1Mtrwk6j+XkxeC8N6E< zh|JFDGdw&%>TqvmL5z^%x}a{Y?%2UgeNV^4DEqpo_G3!Ug)j;>u!sZ)PY$LKJ2-hm zdm@sh2j8uTMvlwzYhT9My6X9@2 zi@syWUl%a*-Pzf>>wXlc>wWB|upm7eGxLP1`yjj8{%l(mh=&!p!p+HGlOZ(H@(>`T z_d0e%NmhEdQ55HOUSvchd^e8|y65^}0^U9(l06XFI>}gkILY)cehhcvsG`zebzcN* z0=d@{d0YZ%Tt;kPz~0P3;c)JXW?0z07nz41u}yavoTYCflbS|=tvAf@J6ZVlUFH65 zNKnb%QX9c|R%wMf^g!e;Ik-R>eKSJxzvX8GW6sdCSuzX>jhV=-ALe3s?7NSbM0a1lIpey{U9 zuF3xSX#h3exDN4q2LJZ=81kb_F+av0ACLDayI{xxh*g%1*1}hxb@m`w0d`C*5E-Hb zi~PqVtTaI`l2*+e(DfKPQ>xDNjXym_S;SGT#Kzrn6M&) zm){d76nOO00`R$h%T10X%Qc`&$Kp-cX%bbtq^&FKj|8j(p>I6XFw{0Whvpvi9h_R6 z#ABuO3@Wwh-`UIDfbow^ae zkB_Si=ZZdxmJ{wR-zk=6u12;5$EO;M>_v|jEs>IlFc4l3wSb`A-Z+Oe52Np;@;3%U zTlk8QggTd=VM#y-VQva7aX@(l0YVDzcQ^}G*5ig4@Zv&6vsaXH2??oF9zKjEginze zsmGV^#Z2Sk;v)|tsqua<>h1S?v!gITDz*gqkEQ@Wl5Bu~%mFnlyyy6B_s~n5QG@W= z#|JK!sQN4;bvJX-p{oQh=`XM($7L7N2?0Nf8f1cS8ze$-Wq)-w>JW{;sOdggVhozk zi46+sASRVxu#c%>(X^&ViN*1Evt9Z!#!g~<-;JQt;fI8K!Sf#Nu&6JPn1RWcsbbKp zf@5^8oivrCokJYsIJsVtK7A3#$@hCL-5@Q32Ty~*3@C}cs#kggO?lc;ou4WJOd^Mi(ZS5a;X4Z_M)$aCU-rR7gcTjZtwdMO%GUZ?Ab;n$kr6U!YA*TWKG%g|^7RP5+)-Rx~ z&w{Xat({DlcwbXu5WHIh(a%7vWKvac>OSpP6o+3zElZ^G`e-N@ zn6=pSYTo#G)I>LgmWOnJg)kl{73qU*esyWOy(*S=n2YG`ENG79pau|~b_ZOx| zP`;fPj}Gm{rErw66~9m<&QZjy3?4pSC=x?G>@86+OZ- zK8-x3arQqAF^p@e%JIVrJ^1vPTZ=Bzwv40m=8SmQL0;Dsd}>Bx9egz-^hlg-m`>Uv zC2@m8;BxPf!gN-LDzraba;TfLw&FV^EVGdx?bgVMS2#JJY(^u6?{LbnA@S4AwF^iS!EKm6^w=0&R1;Wlx|&ez&^ z*G0*kwMWPd!b(5LGI!!n7nmG0(}=KObIQE_Ju@ZKXp%(AQ32ORahs4a8^k{+M5KEp zqxisV2Baz9tYQ7E|z-qcRv+2U@#KLlXe>OM8_ zccAO&JB)V2;b$X4GzsBucGNA$39(PqL(?-x&yUH&ELpw>-CTDp%&kga`mP%qxW*JF zZbFY;ZQfO1!HzcW_{-eLrueJfGBQ|7zJNf#JXs|7^LU8`W~w=X^P)!b zf;S=_VXNz~$o7sl6MBX>OYGYX?nYbV42Xgp3;QNql?ve+E8AfuPiGMD(C*7hd-s&ePu$SNwc z6rbjwG)=OqGO*WYfKA@US} zmAg0RyPIZwr91tCWbbz}P^kfNS727mxr=+JRQ6U*XGiX84awxBL=X84z7In=n$Vl6 zFTsAHa&H<-k<^+!{i)=y=P%#Q>T$K6-<7OUmH8^+Ol`1;^TTx*XH%n?RLDLc!N>Ge7{WZ>0s>b=tb?*efp4Jqn9JwnzD5Teg2+9 z#D@)1pBgK*(r>?9E+aE7HWoS=e|lM^{DiQYb4lwCD$)wb`J&chQo7xXIkvJLQ|!1z zGdysTqI>J&7Ryz-Wwfkd8qb47ye(^r7LbAU>R2kpWh<|YRt1juB=Hy*gy@M4^Ku;f z?g2;4ip`$wDYiP$@xzJ{)rW*&XQ4bP?^RQFJnvNr=}8|Adj2^I-Irk-U4SYW#<9@l zhHHnAiLd*V;r?hDEW``mNgG3~zAy^_-PMazyk9qT?;EcVFBE2x9I5_yBxCcWM4U1O z)^HJ8Nt(EI^eGNmMV*yJ%on&N@p1z6+ZM8MF7RO#!`8P3*6ZOiEr4NSy?N(9z-^lq zx(##0<6?Sp==wq3Me#U(rsUMz^y1xRr=^o7?d!RhIH0s2?~V^iBidU$|kkmcw@1Ba?-?Kt)=jIlrmA-$s(%k>}Z%>v00HBYrvV{A}0mKuQQ*A4|L0y2JY=b z1VzF~wvQfKIYRf^48BkazWkIdNU8hF$yWU6`$I9vAh&vY0KK_9KZyx*fajC3C)dl4VdpU&RlT^tC>^OW zHvm5Ma_?={siimGvo0`N5~1wu@N=-ATt%#Ryq5&G8k8}Q1dA;tMh9}O3aYAs@X{|&a67itYFnZcbgKsQ;Fa|O~ z#s_++#f31q?pxx;xbW7FY{%K=2CuzeK56kZo{TWL!j6*rm`>7LDd}DsA&XEJN57Sy zS>buqLDLOlNV^|?jJA%bR;+T?nIP?XhDt42{zQ(OlTLo}D2v?vGV<+5M^Tfh%JFzp zsw)E~$}dMOGncdgooCty@;!_~i>QrI2Sp`G=QxIO`U|;R@lSCY)lIP1Cm4ojuM(f1 zg-O42d}6MG>F?(Hq8fq)Na?sRA!mTTwzuMjV#EFAq<|kP)H^?r?J#7M04IbdE|` z8p4NP%A6kEWMr~h@A1SLAqhJ_gHSH4`3+h zn4{4nG`Q?e=6}uj?#?Y?4&?Ld1z_$*9WakdXb$8BTC1xB zjo&$WSzbDD=r`S(7e6@_)aaEoo3&G6i>NXC=2Ua_16emjm#1#I7OE;4txg1D|PA*Q7n;KIY50Cp9OZHqd zBcoL=5?&ZVd8;4M-Ke?@1xQQa#r(K6#TOW|dv9-T5LUM3_odreq38G8G5ICiWpg5+ zQg0!?Y5al{KlP1+!h7d8{kM$dWdWvfnj(+z;fZkxg1VVU=BA!sy!tjAe#&PtocnN4 zwV9f9H#!NnxD9p9Qg*DjFzaURVe4;%SH8zsZ$Q7=p8=QEiPSspwR|QAn}s*^KciQf zN85q;`4&9({(u9GCXE<+>k!tKvp`#H;2qi%e*cB?#j|JMW}M)0Z*W!y87lblJ9(uI z5%KdV)U_&<`K-z{y13Qxd~$a+dMwDymx#;PRY0sK34L-}SFZp)75-_fEEPFzBv#@A zSP_hk*{@2u3BsHN(}KEs7J?wO6}TnVZbgh2*o3#2N%HAbF_N*o(xJ7XqpQ*duvWrG z{-ZUD(p?fh`RRG$T#nv!(63aIze3y2Z-qV23L&@{av-kt2bYpHm{$qc&G&;|E`9H1 z3Ij{&bfYU}d4ULLHKb?%IEVzJ+1WoUua>b3#gK+yf%w-~yY5G5XtX4aP2F#ioBWc$ z$br1kdP$gcS@|67Ztsl7?0&`9st|vrGn~xL*mi3mp_wRd*h$M;S{}OvK%oVnb(b_dvjTGvI_-Y+f%9GWWt_B@Q^no2mtAN9 zC}-30i)`nkk{cw-J)OpcRPQ%|h(>z9_xF$LSa#za6Ww!?=0=v@8qc(4!#dy%C58%H zWbdVH5~$v}S+%+UC_upp9@T zgcS$r!f(|->yW)8a*Fr3u3ce|T)V)(r&tBd5#HmzypO#a(nBoD5R;Dhuz22*k%>xXf#|bWFCa)7K?zYCH2NH?KZ` znq*#K=v*w=Szq@KzJK_6P@+>lx*)%N$*P`un9_trwTYPd=6)dE( z9)14Ouv9?~C3k*R{hCKD(W?#^z4_G_xjI!L6@unbA8PdHhhb3HnHd%*EIDadY>kU% zDSY?Uk0n040+{2W!P7)NJBG7|>L)W{wn>L88#M=)gEGDOZo@OKwuixAGetDd=35S~ zEG#Uvt}V8TtL<2`_5UjllhbKnxcojLdLs zMwE!gr$=KZc@th$bh7IkSu;+N1o(0^UjBi2Xv|@ zKiYV4EvH!qrfG+~a0z|kT{4g^Tz~F`+e}`-=ls!W#UJI*s6DTCJdPs$@VKIh3uq=1 z1{KWK(B4Ul5E^8JNSD~`Pm4BP%B9ZoL(7JlhBI5mNgW{FEorX;eg9HGsx_Q ze6(7UFN_Fvz4L>k`U00l3`vK7qGzPJ>QPSyB&JaorwEIP13Q^h3^meVWHEi z?54y#ju#^d(g&T>hw5z})-0S(Uj)I@%Gb+FRV4RKs&L(zI*rN2nu4iYVzo!W0}0oz z8om105^kV2n`-J^7`1N2&^Hpibo8V5JMtN;BPCJi8B&VzVIEAs9X!4eg;klPQv;tT zXw7a(55c7-yH(v6Y@dlX%Ndnw1K|crGEMNT1)27zzG8s-OTiyyRZ##O?v!vdXX)2> zXIPxz;7(7Ep?AISPJoh+?wDIngK0cl^y}@b*w3k0>wP^)`>Oya%<@vFB_5ouB!T^h z7h;#P+ubB6yY!fDGh%vVVGmFDd2S)5NxUe}WN7qkViUB?lFhLfv-~FsHPfa?`K?V{Ux-LEB5+ zVnN@#{Qt4{)=^P!@!zk2fJ%vobSo&*AzdP%qBPPVt#o&YNQWR&Qc8D9mvomj!!UFW z-8D1M<{VG{&VBA$&%J-#KQ3#zX1;pP@SX48`?Ei_UvKvH`WdGL%{o_V|0A;C@5yt4 zFJCl0k1w~?z81U^ypYA&f99RD|IRtWShtm4iL&J`!I7{0ta|#^V8Le_Yu(r0n<>xsml#aig0NXa2%S zxL=8EBF&IdL4>vFh_!mzJcRp2e*At!aq8o@dqJy@hcq@InP&{va{LCbCa6Lnw&&#P zs>K^HrZ(ETBt(1`wugUMo4W0b2tn@2xxPZ;hDY9!hJO~rb+mIWi|cWvL!}oVTesGc zUH2wI3&B6iqTd~@D-QEdLnSqH_$gX zZs!L|v!jqt&8S0qd3Uebx~1hmMLFNQG9x#itolP*O)M13be2+bOA*?QFOj3J!~BgO z?-_ULYw}4FA1kS*DuEfMp0|w!v7zh_TLh?Qt|MU4)H6Fj^@yDVoRv_{-w=+*@?p1< zBnee-sqj!-&x!Bs(+HaITEYYwBNv6+FMxtcRX)$exQCB0<=nB}x`b!)4xCQ1_g2I= z>%;`#9?6@tS~a6Pn|BzIF<4kD7EdLq(Fv!^-|x%sY%XpZ2`yq4Rm{VJh3&sqMZ_kB zvy`;q9yp3x3wvB_yr18TsAtUEP}_0B7cV}EjgB^??k`7P+rmgM=)6x=NNGL!k#o_W?% zC$XveP#15r!i!jY=AmPR5l?EejrgG0M- zE{L&G(uuTjPXBmHEFM3?PGsoYPCr^IBJ#<9HCZxpKIPrPcb6ylxYDl&ZhnxLZO+VB z=SjYIhRT#&ZNJw~gp_32r@vLQKV0God;Wpsr3}nRIl`Ei8&uZk`QOaU>c%PY+*s3i z7Dz>Z6d>YDD9A?rknirdM%)^j6wR{;aza(>HrGzgn7}H&R?*cU-TA6K;)`VaauK|D zA6rV)MUp(4Xf~knNI&*ndEHlDAH-kBp6YKCo1Ly4MNmRc$`0;378$%3#EG5KZ@ z_e*%3kFZ+e1cPMrB3#1r3caZY;s~SAglGAv{Y*6GOC;xCF&3HJNF|4&J|} zcCM>;b($SnFz_T?=N_}0CDPz8dU1`5%ED{+=<)|Vcs@bbm#{*$dQLs4msQ^?6!mHn z`o@X6K22oi-cf%jJ(a3%uKL+>g28zdA)hEtLsT=N_Dli|8(L;z)3w{O z5=#El?^kE{`au!JjmS?X>&k~<)LRPUhB{%R{HH{lS8K1uIQ2u)tt4Z5>Jr^s@|yP< zu?0ff#0K2Bt~T8}Ot?p@b0B6T{#A7hDV)yw?3M9M%)41XvSmv%TgIQuSDGYVq4kgZ z)9OnKnjG(oPsKI7flcFVN@mfzmN~jW;)`D_{1gvKEHG#YbYwhe`-z*2pF(TBf3`lC z=X(PYiI5{jFU$*g)s%Mg*taYq9~`f`6^8qP)}ty4_i$-4$@j%6YR_$1Unq_H%1X}0 z;;Rjs)e+tht~a1i0z9CpluG97U7k*NztPxT zWeGl$k)7J{ersbKD%9S2dY_Vx=-bTu){ShH4DvHtqsPKOD@i$UF(BOYgrfu4)U|v; z8A3N3M3?PQ-I9^RdPt_yC=goZyg+bzi$b!a{b;+-t zji9SXaF1;X=~{lB(bnp{mx1?cJ_TaOQnvyKidj2d_nCmxo>GajJR`ZITxrvL2mbA} zPi8pM%rQQlp8;=waTi8WuP{J2?11piAisT{$R#iKa@VV znom(>e3-#c^>%xyiI3-Ie;J&F!O)K5BDqKAWX~d97!Kze{8{_*-ATe0{Y_y4fk{_! z8ogCg;(IG;99KWwZ90d(e40RpZcSygrrict5@>s>$4SL;DD$q4P)Winta6F52aBZ1 zxV9{k5sB$^z{w|M3*u+?^}=pK*<2!5fr-0rl&f&VWD+aXVt>(?5TpTSysWs0?o(WOTXPI5asg|Kt)O3*BnSA9g!bQ8v25gQ`w z8#ik0`s`^epYpgVtprORoybP>wJ)a(^GUZY*t@09E;w8~iNcVgK5?Z-EKj}`$p5h5 z3@fOFWyUOD_<9ksQ9g#=%bAGW@lMS>BAj~xE6>)b7V0++P6$2 zTq^z>IYJJ$QaTSS?(L!G=pmjFMEC?(qB#e8`67g86_*M*xS@)*Qs_KDDC4k-DJOczG8HObsCT1IARSJ zU};2&!p4KME^PgLm8BZzuAGzISa*DTUfEWnbqTOk}0D?3+xp|G0{XO4z4oXHrgb=53gM3o+2ms}Nuh%&jfh=UAU} z-Jy(qKTQOQY!JR)#?)nBdGn;g(Q(mnd0MP!Y}|v(u9eV@>_zg9c2Z!mp8-y}CS{tA zRqb}3B7-<(^>reQ-o7Yq71Jl9&n3M-e2jEo<2SN=MAC&FIebT+@Ou#NAjL!}pp!?|P$cNbr3Co`xMxb#EW>3gTNHgDR<9J?nzgD2G zA8nOgQ(iZ6Yth8=&d)nbXbk9cYRJ)*vgUK-wI^|1!L~M|Pz@H@E^^TOevM(S@u^MlT>d4N*Y^q%xN+C1!WiKUHgS=Q^9U*ggjuR_?lxy);a)p$+m zblT4kuYX7^C*jsZAq~3I=`3I7-eBvX^)8W~;sU@{2w@NMmLlyDT(#uL)#W@61EEq} zn>Np~@1~Ob37$+!LHwB(Mo&lMP4|(?p0+9XG~v;j_gBO6uHOJUUorD z71i2@>c20FS}^ZnqJQe7f8DJ_PbjeeJt8NLj{yg{;43>o#9UYBuCgUu(tSH*;Z8Ni zp?}xj4`=SEH@CD!NSP|j=Tnxx@kc$|x~`3BbK6ikW<$)Ek2%#vHj^JoXrC58(@-P8 zE}Rg5?0p)LMDx1KP^H>K^(0ImpvgM^n}ZM0?S{CW^?0 z4pqX;LXmH3ZC{Y+JhdZ|#HDS0I+20%nci?Igc0L1TdJef;J|>z!9m;9IeIU{F6{H^ z1L>{n&^N~C?-g3^*5Ew*zGYTRNOSj$_ik6`_`Qm~u+N0^$D+HbeZe;uxaC4WQVvk+ zq~9i6i@LyzdmMH*Z+9SZ?%`Az&#OCY@42eAVxOxMrDZC%n)YY;n{S0xmfV{GO*Xqp z5o}Y%pQ2uW04ZqszVEEgHsJxzE*XRmrlNWh`@V~@#I#v)yzu>G5i7+PP>F!P=45M- z9$|)PTF8Iy$!{bq%j}(cYg|CmUu7j`|3#av&62lf?x!vHBr-T^wd--1>(`r5KdX^lnl>lll|L4@|=4>jLD=~^na zPme5>kJacjE(q(gO^78nKMCO){_0{ltgmBYYfu}>@ibqJkyFPT8)q+LYyLHl}KIo7L3lv5$;Q;DlVWX2=Rq7vtLSSGZfV z$>K!>L4$1iP97~zN(UP!Q}*-iQ5})QOXqLQnAOXr+zn6_+ze^Gh#Dq@K8Z&-+#a4# zyD$-BO}`kR9}(X5w#`@&WzrkbvXCF_bMt-^587c$`X`-~jV#<`*bEC};zL5!XBgV5 zzPx`QCcXbe4BAvyhu_~-Rywv_M-;i2pGctxwWZdC{%cbr&-9 zIB8zoNyz9q*llnKig_=i(8-; zU35~%Uu6sa$!eu6(>NN=%>HCP4p^<7OU5({@kOo>T{RvWnqbE))AY#MjVf_U0ZaKX z&iV0GX?j61W}BIEPoL>KakwZeJDp0Q*t}le;)~l1kMW1w1XQ|q#S?BaJnB1D{WKlw zV(65+RQZD8m1X1OFqd<4=l7?&-@1;@QftSTG2!-;8yg$UsC;c>PwsDKe|ng!=u0ev zGkeu{mr(W+SP)q`j0XoVna{8Em#!r!$zd!U__0TQ1i|lEU=pL4qV$u9O43KTfTmi} z^g>Xf8R@T^^TK{dcSV8W`C-o~lW5CXv-T%}nS40h-dD34^11)Ls1B#zed7JjXAx%CMZ5r@D(q#=(;PrYm6BfmF76oB z<}RLIy+za!ZMf6Uccv7x1Y=W@Y*9%|5KPZYam9|XHyp?$$_t_lC~dNe%mN?&N%O&fOg7}

    • )szt|ZLhA)Gx8vM zOW#r zh10Ig>4>E(M>aF>b25;}8Hvf80j>Ju)s@i}XTtSivp6WKtmn2OXBU3k8FuJbxO_r$ z7~6dY@$+xh2A=I52GzbgusVG_7hk`{NOJqF(w#12m5d ztck#>VZF#;VlGM>rMC*dZr9Ls^RI8%l1-pLp=+HW{eX%RHy`Pse7d*^%@!6{F zir0R=V@h}U*e}kZ2>ekhm?9_ezE0sK$IIdLcZRfcX?2T4;%%NBwLbJ)7ChOPE8owy zL~IvZJTfZY%v+>Q20S+N-BlB`#r1qCID0k@w)$Bbz*n$hJ~}Od&5`X5!g8Vw$ynmS zqH$UO9J9Y7w$}w;#4=!%g$G>)w@^t*-iXh7ZnSLHY)`?ydEcNn_#o&!gzddn-fGhE zbuIu>Y>im@#hveo{TUf!?{tQ%E`0PzcS5}1FE!hH(=5~dFm*8*aBW(xOdFS=FrNx~ z(CU9s;EUGLn~qz!x>VepK6T&BmLxN^n=kZ4FIJ&U!lV_^us>}Ot-rrRfk>`!qX#y~ zM_NxK>yPP%MLyx+>{S!4kBERq+G_D@&3k`AotHBi2Zd?=2D zJ})53!zNo!k0reJ{Wq^gL+02C{uY&uG+Dx)*|^{J+qE<3i?_2+Bh0})!KsY#{7l>C z-Kpzp9oOTH`$a`&V}$SIMNO~1qn6*2YRKj^_UNyi?3kH&j_MzK`W*%`db!{^)n6M8 z8Jx)-0+qO3HC6fs(-W=_*u1sg87wK@#yMDzIkg<# z;aLn}nSY*iO(D6t5UP{P)9&H55dU8GCR_#dnQq4AXL$#`d(-}ujz(9s_N@QhdxIY$ zIEcy8umXKA?E0H)z%yuwTl{!Rhf*(KaH8J%<~yzM^0yVu6A)8Ld@r~juexY2j2Vxh zD@BdW13W;<>D-fG6R~(QgBmkF!uJWAT65|khBWT4R+n4yVu)JoK+0$=#v7wR!iQa| zpuaUo$_q~>+JDtTu#ubjOxWK z&|DX}f8jaYeKjJECl~gE0utQXeCs;xsz|xN@alvVxN#uGV*> z$(7+?-@%4=CS%5{-9XwR^h&F{bJ+LKB!zlMKK-sz=>w;>Ytf-uXYiYmy>E_QSL9(9 z(ShZ0y1xvr?x?3dBWpWDN^C-I?(iU9HymRU39XbzI7@$3V9!9M5}rPX)-a>A4;^uC z1VNv?R*Z&B-8jumTW)v#zVP<#{+`C~$7W_?PanA*IZNWX%G`Xlev~HSC1PeiNjMX) z3E_J2O3Vo}UFS0No5HgFR|p}_h09?TfDh?=Ss~K%ct@5}a9oDyBbJR*P4Dqgwy!&G zyY6@NE`EU;>q^LCOqHSca&J?OFzd^0Wz907LL@RpWX~#nOs>> zrqR@hq*#M=CGP&FRPA2*WuKR1iCYMi;Z$-#9|%v(4Lo^y9FaDU1QMM9xG&K(G7MC6 zI^W5L_j0L5aJ#bQMcaHH#5L-HupyTNpR1XmvIqq~jXXyoLmU>=tH$$1d3^RG6m zU!@}6tG{ivPA69?BLbtYC_tfJyQcfqv__cKHDvv{t^V?M>J84lv9^u_Qn^4XX&c&X z|4TE~3_sRdw9S+ub-Oa8k+0g1y!8`C*y^Y1P&zU^!>Iu;@Ix*&dO521I@oHs`PTNJ zn8h@slD}XPtTdl}X)d|kaw*iudu{G?6kKq2{(W*eRzSV|lc`KXxA)R>ps;&wx%|;kXXN(jUo<}mN@BxzGXuRQ`*peeY$Dh)|r&Z2* zR-@Xpt|MRz9DHSBMb^~8zAAPz?`xY(&n-ij+54@cD1DUnnfdInH4n+*+A|jJ z?Sa0SN)L<-vA(ao`Qp{Ky|CrU#(r;aPH*i_`BZZY7(zbOo!brJn`$Bp!iBJY38KME zasW z%LI*fCSiS6c=qN2THntfiPw2buy-}>A7uoE>Zpr?oK}DP_#Q4@xD5YhK?I(=Ai8`# z5}Q-E4i@Gjur|0lE?Q<_NQPJkBLr%fl&2+R9(L3DTvz{;u?QfjG${XF2v_Ywh<_O) zZK*1e5v1gtJ<>q>f=ydVTJ-BA)dh- zfSq+*qyDB`xKN%{$cMpTTn?3sRtQgL;~y8Na~&+-ce0+>VG31V)n-Kmtm>fU<)TUr z5;W%O-Z>;7MaodGh@WtzuF}d>shLSAfAuEmUse=iu*GXV-Q{pSAd`}%ynWJyT1gAX z+yA+xwux_7ar8*p(&ELM0AP{{65n5q*&Oj)T8`oAAxkwWW`-1E%($H2wgu3x7yB3h zR0!os-C{pLkgnO9h1T%>*xoSe*{xdWDG&4{5hT3UKcDUNdrgYR&x0FO| zLG`-bZzgTRYUDhAut=;tVyk zR=%2A&DsULRXliwkl{VXWjfrvSFNp{FyvG}X<;sshf9j6yrt##)hJP>3Gf64*Ih$F zLbjrSBc%P*4%BsxEOjwDrj1}yVCEP(yX$?}x{&KWe5cfV`Srw{nm1-tYVm_RcW?Ur z{fL_fbyfI5=x2-FIDz5WK7$pNNuALo-jy-Jaj+gc2dBu!E%Ps^fK2Z`{#loeoC*;P z&Ak=s+-8Czk{5ExG>3IoXc`TxpPdEXuHO}emESR)ED;`C2uHhi2|in19dFGoqmju; zFR};XaMYzPUI9&;R&danWTsC~{}lHO$-1m>V1x{K{d48PCeIAviaF10dGUzkp%nzVjSy_#1 zF8+!;+jm)6Se?v};O?lpuoJG9c4t_;WN_ScR+>c6E~V#JwQz$LbPms!0?6 z=YmKl-EI!&=CBCxg+SHgP8=-M(p%=N`rSH0%j!BT>6$pEs29nmt6J}TcRJaeyT8=U zhf>YWc`tpL{4k+wo+T;na}$s@UGvbnjP^OvB>F*_z4JMny5z-OgFx)h)HjTT*SCvu zT=`4uqa|77YO)#71KyZyDa-R6Y*s^hm1KU;bK`@R!QrmSk((#?@(3*^-)Sk|k!btU zhWnowUO{tN}39AaEh}0~$M%IWWPRL}; z45}G>!*n127@cY{eY^9q4*I1M@GbsAw(S`k(0HrKFmXc{9T$AiT+tt6GK`LPq>qCJ zRo&GKk|L1We?F8gf+bM28(;SE!qTXB!*zJF_1$fb;1z31b;$WJH-($3qiOMBUzyl*}i6NUaVhzUC}n?UDp?=__$$i|MMN43eWGxX>~h9;)he? zQ%eMkQBv1*y*chwLT6xx;(+1;ebK3itl`ISJzRZLU*f{y^l*SFj2hXM!Yax>!hh&1 z=p7etx~3+4-tJR>{j-TL?Fv6`E26K27ER9-SXy_2uz{PenTccebAAXq6P)Z$QQ-L% zzL3^n5kf0azVV_baBFc~h%dijQ$Ig^O<8)(pe`e|Y)aE`{!h)0sS1yaP zAKV8JPFAIwv%UbFu6a*!*BfV-U$2Wk@AMQ4)0<58Dv^J3-WCNNbjuzT0dbirgr6;a z_FE{kDK;^HtpiM60n`sP;@aYUdgEa#3Y@=D?~_$9qNejqT9Z>`kRVJeTTT%b!^q^! zS=1Yqqx&hy7&|(~eY^W}77q)+?KQdq%J@#8?NfSeCn;Po z2V^*avTu&?C^r}0MeH@WpdZv!7Q?Ed`Q;~Zaift9j9BHG z62=5e)?TUWOB~@;u8~X7@ToVhW#7L8?t*g>zexGArDADa8Q#ak2#Ht}_3+NN6VtRw zxZA2P-9p!n9>C10ycWtI_JcQv!*yo4on$nyp1WtQm2bx9D+G4I_uhe)S3jEs+0H}z`(9ZYT$qsL3L>X!Q zCm0mV;V`bfJ5?#+@a(AP>dUBblMm@}0M3oV1Fe%k&k`XcBz}#Y_ z(xaJjRMnkB!+4-0?1}5MybV=~LOuQhwP4|&S4Acki(1FDgW`-87BiC7(Y)G6NqNhN zKc)$)ow=tZM_k(J>LEDj*&?gWNDS7sOFQ2JhG3NZw)EX&_ znt+8OmkWEO1Z0wJhAi5k8rooFYMM7NwMD1(=Y{8=Ah9G9c0K&pQF*xw%&Rd^*{na{ zEpRg?o<2FR3dj!Qd{ZL_!zrz*F)^W)F|4&mK(#7yh~L6hQ#O&J3~48vsriIzm6b(~ z2dg1v%>qi+QD%<$t%G*?M(Mu;qZcbV=-^29F>%>xSC2Mp>_liSR0NqbC6hTx%*4o= ziZ!v_Wz^g^z+A#HVs95qKRfV=oF{O(C9VAnL6_D_i7tEbJE*sf zVw?WJ0sH-J!H00kDY*K_5hm>`ZM0~d&rOoj^GVq5)r5G753xmZi64XIP=enI#+O5y z>&Juy=_m!@|AwSY(Fq01VdlTiW4*ID`KP@BI8E67Ua`Lo^OLkwhhryZ2v_JpoXLv9 z)u}hhL_b;~+~^sm^|-!&y>&3I>r6wzLPbK>>-t76`Yz0n3fjjoUi)=YDMpi>zc5}o zHblh`oXU0D933+iGvQGgh@-V`+t&%IEyoD+mv+a|DC|2z@N$?~e?w&thw~Hk<+Jg- z*z}JLat-F+KkC4DtGDSb6<2Y53!|>H6N__u3!k^k-r_<0wukA~qNMWdtuAXzVpGJ!WLaQCw_!XUm-9imOg18Zy@XfkYf zlT#`*!*+k%pgaY(yI{?%I^k`rQ^RhVm-~wd@ZaI^{@TaO-_^(LrOT^q{>GRc<1Z_! zJa@Rq=<^KLJjkZMtCXK@X`@94t+A#$zEfY~fR}3bdByn3*SJ|+L+g;_Y?|Qh;rwUb zF^;H9O>0%?V8N3A{f`)KlqyNXBM22#Pwz#)-DkP)Fi`xK(7-`(ikViXeH7zvKc!9c z80u*XQt`dxovy0AFfj6s_O!2t9>JPN5|D`P%un7+a6D@hC0f|3Kl>b+VK2?Z@d4Bp z%XA88=r(;Ioq)W9+UxNhb~z}zrVwLyF2oMUhv_jijB!r5seMb{P}mBLqKviBwC*$Q<_RxhtGJ&DWGYc?8gUElL=F%J_lDI)y}vUpOo-Q`%St zrjEYX_R!f&a68sLAU5n^Vp~m)V|QLnjw(~k5twQJxNRJtVO8ir%q9@X$q!bbCbQ!H zWuL-!Ewq3aBJ?Xx@?~qxExTGi&%NlwFCOosnrRRRft(`dLl8dm@AfhFs#o3T%jqw# z{u4oz50H%j&~)(k3p`K`UA%sO+p&fK-CxR=Jbwoq{Qn_kxA$*wK7EXm@?InKy9NA| M<<;fNWL|{+7YC)=JOBUy literal 180898 zcmeFZcU03^v_FbEwxBW!h@&FTs7MtHMOp$Xq97eYCnBRr2`E({0W64ufQ6#8&|64i zGyy>fqC!Rx0-*#$iGm?O2uMjn5|X?x_x@&_cklb-{oWt%t@YOZuEl}?Ioao&z4zJW z^EnUgZ7sKh_JU+&WVTks>G`NJyl;Fbr6x72ByzpL{!ZzpLV+;OQJ29uu+fy3{ArGZ*W+jlB(>WsJT zz}#84Irz!(O;0XtxqJBY))$|g>m}^``o+NxIxD}%D9hQU5XM0AeI|V3=EH4Qyh1Uf zFK>K%Kbf}A;Qr*~Bp}>BPtP+wJ-s9_QkdzaOcNaV=l8%5vA?a?`1k8w98gtHkooMu z!3HFDWGQC)ruKA+(e~}zZ-%DKD1FKr@Mv)~#fNeFqDWdtF|dmsKI(8Xhtt=|J=!o) z(mXZ9s+{I6!fS|p*3;!T9-_c74x0PrMYymo08%im^z);l&Tp4hIu<E+|E~5b4;kNSN2C_4qqA5mbrz8(#>ortKvVxC1HzX}nv4!@J9>Dx zm$ZFREchu&QDsnIU`qHzfy;@aKMFqEuvZ=q5k9k+9pNT;_c~v$4Z)@j zXxBV*s!rEg5=TSl@;hF$yRvBS>CAQy3?;qLY1S*shhZ0@qskyhmyez zx(D(Z?@+csM~vtCBS>n$nrm%2OVw{*#9$!1twqhI=MoO!jU@T>2nL5PHa$LwBl6=k zb97;~mug4cMhOK2cmzD)$9+y#s9&8)FW!x`5WvASkILf-ym5+OO1Gb&0bHA29vKWr z3}-Suhci1khydk%cR4Otzo0__QY+EI5WcRxy?t;=4USa9oHXXeEs%fCqNgvoUQy$t zYNTGTQS9>6@xcD7!L9BxrsN8ny!W|!LGNE(?WF$_@__e?)6X|eP0uLW<89mAwmH_6IMlF3j>MgB9scs>EL`Xd># zEqwCxbpLZUw<9CiEb01FmpsWGZ*#@u{b3hA>%6)-O?^3wc1_A!nopm;D2|rB%h1=m zCtsO-W6JZ)p0}Q#H}@dbiq0@@ip=pgbTJn6^0R5JhVuFC3V!=rYs zTP^qBJU3u=AIqa!>m=#KFQh8o)zErAZVeMUJ_nZCu->mxx9Gjkx}xR|-EXl&zR7Ki z{n;+)_nHQbT|V$H`t|$sMuj_qzTD4o(mo~_{uO-7(QsXn@vY@v%ZcbFSW7&x1N{@5 zD@?ak{al&AQwfsQH|i@zyEdw;J^v<;S~&+SNwtEr1LZQP+SSY=@4)K4ige@+i|&-+ z_&tTUD5Ce)G#|#^OTGS6Ju8hF#eJ1+5$L!%O%<6b+c3tG@|!>4`Hk0 zN(+%kD#ltBxcz(Wi$6Krlmv$6*}MwubmtK@JvXQ;oWqO!kI9Op6pk;og|c-6L)UO} z!xU-RNCnPQrbUk_Am`WpGj7o#YEjDE{!71OaH~HOim`t1*a7nW?fb^>v491d&fCPaIa#RvfzZTb|V3R%U9)0mP5iLDzU)ef_$Sy45b8SM?p4 z9si6!tCnHPbITvWwS7xgIdJXsa|c__9@B*^mBRLjFIRJth(Wabn%FlbbFB*Aiyd-# zCIcT;pXHg&`!m8hTrt1pr=;(?uh6`sxA#@r;R1|*yxY);>2UyU+BwQ+NG1G*H^zb6 zt1cXMB>FolPK~aD6oe#^YdnEg5Iy!AmL!}B`)NT_hRYf$UO&!-u+woBQx{i*z^iOX zV<~*_&4r_G#>SsOMWR^vI zgBSGPt%KO*+1Hf&F!78lv%l^@%=ahyOqig<^}Ruhpew8Ri*Cp_Yth36n#zSGPKhWiGD6DT7Z93U;Eh2CrC(KT0vw3Z#ANVccn<=a^FgFC;ZgN0K+fVZC<0nB(|)I|91 zH==8U(7s@a0%_5^U>-NBll7${&heoT8`;G&g$MS72>2GwnXmg5+ykUIqT;;P~*bPrtCogv;s2w%3Yu(lOZL@NO{mMc{f>*b8 z@8J~|nBQ>vq7?9WS>bP0yzj2pApJ2%a_Ib{2V_vnn(cqkt{>Ue z2l~VQ@_jB#{knPUPELc0@JfJZLl{$^f4V#_eyPhK8MXTTC^Mh)0a|Y_V>8!iY>iA< z`Jj?MoW8s=k&%3gVsa`!yxZ{Ggo^Z*VZFko;#DU*Q$57EJW7o<7}9!Yqwk0N+lv#V zlHyPXsThwx5dx}tiGd2YH7!%Ezdf}+rp_YR?H&24kVVfYCkZYmZ~gchEc1aE1sGLZ zOn0DPFBic@!?sI*$Vq?Qw0*C0H@u~yqN1nLE{}V}sO&}($QZk<#Fm$~82U=34bA0Y zTdXChrQu-Bkm1I#Gp@ad>!B7sWsQ}zIK*S8t#~++2fy+htIKkLhNq;SY+jX->zoAs#=ZClpFve?=8^%rv}eTeo@tuOW@o z6*nf*4C=7Xy=168KZuVmD!Cief%lc}8!kc&v$QdR2j+%5|F+g;UQ z$ALTQDXQ+9NdaMqQSyCO&V9WWSkJZLmk|LC&@b`a1bfi0_V!88^T&5@x$*e~IWyc! z_e6;NihgVS_`{>^G`LqBhq&O@@AGUKC0%8GNK*3Iv*hf`a`fJ4{$Qi+^)PQP<}>u< z%kb-MTe8$|oQcC|{9eOPk8U~?VwA%h9HbgHZc1}_wra!xq5`EQ#mu5`by(|Gqi7*$ zN7}^+=({@`*C{yIC(adPJ>$Gf@j-oiB5kCr6ls%<%!Br-xKj3@cpx&!s|J0O9pi>- zRE0pZreDl}hs1SXvomM9pPwiNf;apzuQ$he)p3_m8`GSS!*4P}C#Xw3pg(wzR4+aM zm0T^fLPJJXL|STZEX396Lh4f0Q5EN6k$c8v5GCPXXUJuL+O;H5-US=ivI~9HcvQ32 zCCMj_FAz?28vecvzYg+kdH6fx#`$R%m7G<0Lm5f;1@_?jyn{5n>RZj;dkyQ=z&w0L zo1)4x{a2gpecbAU>zV3mW_*jzlq&3EMD4?Hj9byx$O2DXoBfN8VO3t5M^~b93HA7y z{6O^9IO81EuiA;`)BCyTPZ6?z;QdSSYH!Tr3M^@rX6xVT7@^urNLkTeZ*OiVg*ju{ zb&0z+?!G>9p0jMEhynTXDKoJhP7U4FMzPw-qd^TPG*BmPteKLN2j{gawY>@Hf%hp;E-@$ zTpp?S32VdZ6X*$WG8?sDT#@JIPSMI5{h$5d<))|Go4vD(Uwn3BzM0>CF>s^Jo-`+O zc_Z8%3qt)n*)-RQ{t6du>cOpcw9Dp-ps^lPd;0q05pcogNaWPciGL;_}=qCVb3x4{GLOSX~yFcy7f z%h}C2;f;mRJv}gTP|24&yES@$c>{AO+GUeo8JRVB?b#yeiW@P|Wo3i~R)PijUY!PQ zt6Ma0h90xOk#uKYSnEDV^Wimo^avY86H(oAQA&$X@x?RZ%vBm4NT z-j8o*1OxjcYJm;yM}HO?PM19!zxNjNwMbD}>%kdaFlL*BdQb7Lgkuf~dy`d{BIP2s z*QMN>nI74F`m&%TmgW-&-*0Wjadt(!eSUGOGSZ0-#a_U535RzQb|uf%uXkT<#^VEs zPnQi>CIXjh5icLCcZk49yd-bXE0;lWUCBODhm0bSj(GcDV%48=zw0j2D>@@z3BK_@ zouf1O_N}Z=({U`+zSC-5?w_v6=2zdQN;A@NGe6dCE>!JTy!0b26j4f?(@79?{s2z3 z)7e2`J~(6#+Q7LYUhzhe%w}TWxfVL7fmMk2E>Dyr%5$H^DJRpVOqk><`?PL_XGp`5 z?0|eD5|BMyX=pDE{{q?vI@r6X7BlBEH=yRhJiG4bG?I`7SqAM?Mu&2*vW&#beSQL7 z1$*$deb3#(N~{g7T7)%|jf>~)cb0si#Osee^O*9v&fH0K$D#zVqH>g#uhN%`=Vb z8c;j@EX^{d@ChNhsexU~Zys?taO>;s73Fyv4t6~-5R{gdcGG1q9Q5kC-SMnDQ9iNL zB-K-j7mAzjs7KTyWa~~Z{&lF+MrL`p>~5_G zj0K5UM7|6fo+X!?nk)VS)N=lQrgi`s=Mzq=sy)&Fsr-Qy(+5Kz0pDCY^^yhS(*3{!zysK{pq&MD9}CH-;TQVeS*p~pB0YIeeO{3 zYk#!$?q<1Tl|Kh9@(?L`qnC$SRL7to_4ey!@)0~PVbK*j7E8d@n{4+pefeWx6_^mEBW%Q3VsLLCB z;-=m<$1F{T1!}HW|L5OiW@oRMCCNR1X$ArkB^(Bi$9sW_41PO)*=%GuG?63)YA69q z;`*-F1d1J7VAP3RxE$Lg$WQw|2!#AG~!6J+z^T9_**VKi1Mc7SRT_pBlu;Rzp1$VI(Ev7nQ@q1}>G_PhZqlx$Ix zC0Hb2vqZ7970V4;aWpuJwGZitU+FgwHPNpY) zUYtGAiSS10G(xSFI5xT63vi;lG$6iXQ9QZCd2@ky5>_}!41?K;mY1eG+o;(&*{M3G zh?5tIgzt-wI)ax1C^;_(g}7(K)VL!g6PNz;VcfRGKBVjQrXTNR{o! zqb(5)jLgtT1nFX*kHZV55^<^4XDsMl|X%{d*1jxeL<|l(Hz*>`Fg^N^C(nj zu$#6M&FVxHGOUkLzApwkRNFa_>LL(Uo-fMcU~>k{B{2mO)Qh)EWmXq3qVEwWL@>H* z4N%P_XVHIS_|z8Q4nZk70+W^;ufk8vff7el2?9R7l3921BA+x8+EG8>vU2iSMRUo? zPMtuOyXjk19U9oRzN*a^{Ys)K(2yTUR0n*aVIDUhb$SU&V;_Mqoui~qFqR6~=8^Ndp_PFop8g{n@E<%nzqs|IEg_tbQxhn5{@m2{|9nIWZ;9F_4V z#@PPu72XvNLKz=R`pgnEe_y$ah)` z5NO!+{zBZu@B^-=HDsLaTEp(_YaE~tohu3~NRpKJiRe)Hz1>fvptD0`U?*&BtkJQW|lvt0+WF%xdqna?m}|?#f&2y zy8u`_zeT@6zvJ1+txLpk_ZSS9I+0JnI@jn7R#cG|1>36-g@OIaE8!RXDHFqGp1qQ?9f`AZVOc66%~w3DGwLz z4+>(^D<^aU=a>58sesL{#G^S*(8=;hjvMVgzh&|C5soFIu&zYp+7As#2vJ@VGk8A4 zWJr#(C+f=d2$)RwXy8q+q|!yJ1eC6J_E8ceP?VV!6X0z;NcM8g-C>CiXDdB-3oTE0W%!l*!bnw-yJ|47mj>pROs{b~?>Zag09Q^~T zGaX}xj|f5e!7*N zFn%QI@EDr+gZ0Xf?W9#O%yRS8q=A(a9O6(Y-m{9f#gBYXIO^3&9ZV3paW_etMOF`h zj4u%sM_WqjtVH4L=kwA!evRpB!|aey!J5T0931Q*+L2-XW2{PX8Q?Y+#L(f&+RxT( zIv$$@sN78}dd7+g+=7p*!cZk6Mw6lzPII7K!ZG7Ia2vG&nNB1EeY*uEB3}>y2>|>a zqGf=muDL{QjH(Tqp5imqD0S;LY$EVzznv($GSyQIH|qPd=8jr!Zf=L6Osw%nXsu6k zW4?x1E?c;hI&a<~?fG&u*PmnKaV$VZGE|>c5{8;rhvkXCPR_8>(}?(2USg{ldaANW z^aPmi>`(_H?(J?kPp+)of?G?1)P*@|>$o24;7`0XQLf}5O<`m;3}(v6#M)E299ftS z*O}g93Nvs$)?gHsUqR#}j5U{lvyjUaydvl%%(ACEBD=D60+dm<^JzNr}i{zc|jC( zlD&dpcP?EGfJugEy~LSZZ5Y)ETrjo|rfNkClM~;}&DocslS7b8m>srqXrS;jab4Ko zT_MrIwP{(*8P|?JpV=Ws2B6OVWa#AZF!6dHJ}XFm;I$C2EgNE!SA!ZOFWC@JG4B;Ze zot^{XMMhv6uXW}S((Nkw?Kuyr#F4WJ`IF4{iOwUO4=SQMN9VaEQ)bZXpuYwv%KL)+ zt~Lm>770qmJpLiTRKMV}1iUD1dPFdje(rx1=l@&9`A-}7j18?Nx#O=`AT%xg+Y(c5 zPPDhRSpBQFEi?5=vdV(cjue$BfYyK#e?N)PTKn6_SUK)^KaMtMDRpRcYiZvRAh859 zD#duaAZuLPjDqRgObQ=4j9($}W{i->1fs+7 zCeUk4N&Z0hyoe|aFuo|#0y19h0B=pc0L;lidU(caLo27glp{#|+6qz^qd zZAhhLxj{%R`xC|@v;uS3##gy%1r)~7g$evgO+KqODxQHGup7Qe_wOAm3%JPk06a`U z!fYR%8iY5ppd4c^AsJCxU`(^n7IpU`TZ6-PFI3L+SVS1n{Bw1{6xwUTiayB;;W_MC zIKYJ?3KR4jVtvXfFb@N!=n^F$j!};fyGVHwkNqfI5HnYnD*PPYdNI_|p|c1H_@PQh zmU{!l9|&IKG4XU;Dmay=YGds|>p+t1M1H8jY@gJuAlUM%BbdPtC6D*f(eumh&k0y6 zsSq&f>LZlOaAbvGdVqke zJTFrmm8FBpTSQi{2+i}uZVhFu3lP^U|5ZW338;@5~ zr~E)KaAq4(V^)*?bB zDt|&WFjg;L?qV6SqmwW8D6FzAXC!(_CC}#*{x^nZNa2DLWk^l9Se=4x?Ff${$r*Pq zhy&+`A5v=$86`7C@!EFI$-rDDbO+mKf+j>QTsmM#oO~!bomd}UHk*G1PGE^zv>7-a zsXz^5R1)q+nx`$Ei(HY^EBiOP!(@!o6G0Ji`wT)JNly>q-xm#A!8kY0a~^#yWL zGQ^4@nUsfXLTH0DK8NE5*Ym;i29wJn@B4<>k*xgst>T2?^nJ}+oIPtFb%PXfp>&I>g=s=g}c zEFxwnBZEk69zBI8A(8k-XkoT{yztS-j*m1ha*7V$52ejLTxo0oN7Qz8ha!yeCxhmJ zgo)MZ#QPiuM0&+4IQ9qXwD{5zHLMqp*RN9|UYtk&k9hwttzK|urFQcs%8V#X z*^|UA7*2)Mu}VxX4nHTzEif$*kikJ-6yu|i$8DSOi1D~4m=52iDG#IZi-YQKx_Q4n zI?kRH_Tcr6TNXGUJ8GLDyqH2AyDz6YiCiu+&X`9F=3wNkEBU9otUE2p?erm^e${3i zDQzVl(>$PvMzLYF*in@UwxCWOW|`SNDy#V#@MzSiG~k?A7#gDw_MFDgPp^C{l@dM zB!_o4E%D;<`&WSDaG07CBNlSkN^8DAe$4dxJF1nD8E6vDpl{*?!()37_BaUd&aKts zAV1~+Xd*l1fN`fvw5FL^=+++O%ebO6NC*Skyk28vQwest&E@cOwW6QBC^HU0__nLQ z_?-NNrYrVQtHRw)+d*q6obV?gqc1P+Y$XIf9Q*Zn@X*U!Dhgi3q7oU|i0#lSGw*5g zXVS~JbB#eG8~zciY7}T*{tBBe8c>SjxoGI}-$ZffZ+4vxmEN7>vS~??L4yRZ*FOHQ z@Om%Lqi)BGg=F~GudTpBVff}aaPRPjhy;b;+q;1A>&vzr$2b<#;{O?3<~pQ{7|;#( zPsq9pEwew~_OL8kbzZTemV$G!YvL5CIDX68BFF~q`+Fpr#B}__#eyeTZ?u!zg`)bg z4I3@A;v`>QMsae(Y(*HK=2ztztnt9zyPb;@LCvZgx&K*71(F#qy{fRF7s(%0I*_os z@J9Vg5CCcTmbhWZmNmd=!};p&8UQc(c8rS+vt@ljgO?{Nn!&E#z6;}R-|*xEsbup0 z@Jo9P!~Qh+IkCoE)mlB3!K`p+iYebKzh!{Ezm8^tos=VDyc$mKzxi=zWPxQcjs{CG z^${hm+t6XyoO(x{pple-N#@goa7q4!@v2~1(}d=^KkHAtZHr;#S5%OEXID)904Pqi z+v{sKd%%blTXDy8h*UtinU&K`_x)xf1psJ!yG@opht&Y3SROny&hrf$`?kYyv~#2( z{DW_@^6q0myJF9!Vx7#A$MFDWDT#ud3;*_JB3%~f`KCr@@t06ilLNF=(qrDSN~|zU zGV2eKH5j>Z)+A$W-Ljo@+3uS}G_RBMQ-{6%1&hpYYoOE*M4HdOyBdutUBpP{%r*){ zipYoc=VQ7~1n%IL}UhIP%u=6Uz@ODpJ3OYo4H<9`xCB>-N~#*mw&CBQItjD{3fQ`j3|Ow~D+F zjYlQZScS($Dv#H2AKz+UcWbcb+&lu#KyCnpBDmCOEc{0jSRp5kpGKe=WWq3EJp1 zMUN{TKtu1l!eXlP1Fg;Fb3cqmGsN#d%}dc?A)ol6f{>M^a7w#?TYq4AFf7EgG+J5y z{=FXq2b# z@g%j!XZ&d5`I-kOJqylAANLOfRpQ^IzOOEW96TUZLd%~plqrqe49CRVchm>~p0j1< zm5Yq-@5i`>;jbYGX}bYwr|WIn$Tve)exK^|Gdlo?^B|;WtZ4>=ME~GE0pl3bNZ?wwcwhi@w)ZE=^9G-I$r8%dYhlb7zyVB*%<;-- z$cXP-iF+5&ij=2@QF=PwYb5@yqW9 z4?fHB`HZ_!Y?cooen0w&9U3=Q6;0Gxn6Iz z4bn^ZHfv0TqeNaK{pTle{P3xiEOmwH=m8hkq+kuc8&>4^8AdaZ(Ia+w`r32h%W_q!?fw8ZyIUOt z{s929^z)xSX%j z=d*OG;Du%!?~6ZxK^DIHniAWi;)}+up>~-0yD$>W*Tg_`dBC~w^x z_o5QC;mBGx^8ErB+ zvs<{0XmFw2z}~D2;HY#~r?aVw8d^hUDqqL;T>4!YHicW^ngP|_Ne&bHb}psYWi%=N zJ7L?wme z5BlGMT+gt0xe}75S%yL^e)gK*iAi*gzs|5+FI#A%qtzalPy-J& zKt^26+V-(&$xA4gw$=mlq!Sw8IUz}n2pyg*a(XGe(cDZVCGlnjjixICWn)zdUUQ}|DA*;S@xk2UVk)4MW6eDkSYS({sQ4j9(KNC}Wd!^*Dw4*J?YcL|KfdAfHBC`MN7OjEGRv;N-n(>0tstH8z5ObyD@!2y zqr*vN==bFPyT}*!$ar~*IQFx!Wdw!|xUdm{t%HlbWY8z*@^tHDOFSU^{a zA;g~Mp8WjD8-xpqla2}|#cXFO$mh*;Mc#kV81^`qyxXiC6bb4IuddCm-xExKgGXc< zT;rc$mSRHk_^@w4W7ggluID>`Z_(juBg)$}ItVWVGFiC2%Sw|$u~Zu1bOY3zaR34T zFb-4lBMXNpKbu$5T&ILI5A&oRcfd8-{q?oBiwG{pgu|tSWFPkk zR=+oKPh9QDbc5mQd-N(>L8=(s&FTC`ohaLVmc51pKFmP0P=l61s7mX`HT$#_2RV6q zKl5qx&2JXfHk-0Lo*oHbzH*2VNZaJu~aX>ScYqzt2kgBLG)7*m7ro zW?dMiy_^*6RpZaH>5PEs?nnq7NG>Fr`ft3eUUbfH@H8=Co8R_NLgY=d8jXjb^pi z4jd+^A1vDq963k_nfsH`%h@vJQh?U=(M-O%+ALM3e{WH*gYa{iCLa~k&A9)%+ps=g z!$G;Zz4U2d>ppIo=n(jVC2FTA-wkNjMMZn>wfDsddp6t2x1Mw{ZUu#lT;t!8fR)&GN`8Fjm5L}aar?4y@A%YwZ?@h`)t_ZvYAS5A%|8r@eg>_neY zdwI@}`r5Uy8(s9&it=|dn^ncQ07y9D<> z!KyfT8@pr2l$v*R-1WK7cHKcFSIzU+(;J(0zl7#ZHZWEv4ao06UF%ZsXy{6*4#>S| zyRP}S3=;f~#%}4f-M8`_SPB`)C~k(hM%Dz(3>(b7jU9vP)|c6&{yOAUF_%|(JL`ql z=p5F1gT}{fLjgb_8WUn)jC}`kB*Y^Rs$NCsrwC%VWT+Yg9jsD9{>Cj2o|p5En=WwS z#opnVYo5Oa3K@Fod)9COEL^xSP29h`=;j(Wf8fY6T~79u+N;a0clL}tkqmub)O&$@ z7>}7Px`+@DY1%35KM4NIj6gTgsaAu{;Z-n<2 zPnH`MpFf#=D14cvbF6WyWT<|w+^6e`z=HMqgwjT2{~5TrnYX;HFAjkA@5{r#+m6?7 zVE-KmU-qvoN?D^HVdQ5D?`SF5`=%RCJ|BccAvr|a75lcvNcNS+L(4T8*xc|wl}AB} z_cPbaE9hR%1JLQK*z&iFE-KWap`p2;cpx)UAy-3w;0|wZ`a#y{<2|%PlyqHNs>c{+7Qu{k8RI{;vu9 zjb2$L#UEC%FIM>++pF{n{Rh)T+qcxUbxP&sm>I=R)AcX&&B_We&60!Z%PQmj09Exp zkjlc=;t|(_Nl@jU8rfK45+Yr>n_T8CXKUT;8 zhfO?{7Php_0^ssp58>nJs02l9KOGGu#oE61xhE8SFDVi0<4C}r$3oopDXcz60 zn2diYv~tKu*1^cMpeG{^K*hgoSy?}faWQy zi>nkJZak_%*;uJC4Jleg8(m_MkROU#@4m0E$LOv0~C6tL){pX|G-&q0vcjOT9y zBiD7^l*~o9q=wg@Z`~T7w5ePVbv?l%Jv88z3%%Img{~@?ORnn-hJF};QmJicLygX~WTDrm* zRhnBB6nwkAQSP3lN{ntu$6MB1-23L1hI*S{FLl2&zdPZxZjW%=PWxWNVeO(bT2qqS!o)%#Fg@|uoOWgB1>+Rbs<0Sc_bAQZ!CCl}mKUGc82jb<+KHTnV-YtRE4wYZ~&xBj?P zV5D~-t^twvopw(O@ayC^Y``{5=7t4Sdp(;2qWcg;m99~76D4e^wMlU{? z0+iAW4g~2G#4wX5M}pZY1K;3db()j1#%DE8^*8RiTgi5Kd=ERF$5_2)!qeoUy_RaC zx?+`+5;*sCT;nvYm-@h2m6$=p3EvM(=v4OWlA^5}?WVF$SSY+JHUeSQgoy2XO%Bf~ zKEHyKn33W97oo_Pv*MGnSI^s($W=irdhS(_PLJN6t0cVx>Qz#O4M#M3|7?P82F`PO z72MSQ-m~~2wuN*{z^B7vKNq;?n;X8jW~wXc;@D&>h0n(UVtZK4xft-Sn~UE+;nPbf z3Oxtk&c3pKbiuh0Hf=6wghY?rvDylRKzeF$ zHr(L#3;;x0BEG*b~Aw3q~^8B)4KDuX<_d8lcHp^VMnH z>U3B32iA11;%rf(Of@&(qqudE8t#KwXj|}5_+CW0-=TH+cUlXbf`YUVRYv8~F2+QK z>VYkcYarqSYD4C?_dG4MV}jmW-7W0r|M>Qyvzi)Njp5CBE`Qc~^Rc}=eE5ws7EC?C zZUWWW7gEoYYbFF?c<|pPF0+6V&vlBqsf|2(&_sUf2Y028qd$P$|)BcN=nng8u6-mxx)J={K#aW z0A^cE607j%f(h^LPSzR+C2w*rk|^jFf88oB5(9+YM=_w_o>zLpb+a9pe-*#{q6CX; zS=~9KWM3Rl&^X^1VejzIrpXwcN84P#8Y)}%0}F(UZ%$gILw~0YIsncycw1EuXhZJ7 z`4n3Gtz1~Y6+hQctHe;P`Pc_2XHFwG93ke?CTbR%xmk*A8ctT{SR82_Z5&u$RPZ6= zw8^Z|wP4_~gB$sk109N>_Af8|WPqxBz27>;l)Zfv{?^ z(KHUY8A1;3Q4I`ua4qf#?eV$29&~aV1I2j#HYXJ$7hDcnXhN@Bq=d00C3{DWM&{8_*KMKv^X3Kst?AlTP%_Z8 zH%^JC#ywg-gj1_p<1t{Z_x-alGR>nwxaQp~`f`UX#=iA%%)`mw;ml2#{-U_or?Bls zhVC14*2X)BlAjdTTbONZR7S>d?_zacLaTdnZUOBTMBU#`M<#J^lSIfqQS=^qrKe*< z)B9rWE^`mF+oPzlc$C8FVw-jA=|C53y_JI79h3DMJ=y^AROOO55##+Ogir=U5G)j(Ff@8mBIj_PIfap@=kwzGn=u^2(xxSBw zj%!FvKny)JcQ=Yv&Kv~OT6CL>V{qP-f%{H>0Lk{EuOL2gk6Iv|14A{qhrl` z3FSq14xA|GhA{!wOQpCXU?IlGBZLz!7QND?q^He)=qPs-XAWosT$DZK%_YKs=KT!Z zMT$RlbtFcsppGATX>R}1K^xI$F6tE+;n~6m)|zI!ivLb+XIWz*>NBN|aZc4L3o!vL z;DW&=@po#4<31fsj%Ixm!GvRAlS%==6hSC9Bc~id@F7&7$FgQBYeRa$u4FZi;(#5S zxe{*^3w}1q>h_x^0AQIg)?-2l-5)E>sgKH2MsId)Uoz|Uw@qL696CLe(UV{Ybp6gF;=le1ptK&Onc5}ib zA5ncA!~~!8d0H9kR6zWkNj3mRHd2k=agkktoD|x*tB^2^I1=m=ac6>717Sh%lx>$H ztm+?gp0Pyu&~bLdc%M=G*tQS%->h%CqaGXyLf@^6km|$f3I-eZsloYg4Dgi1Ne?1E z@FIN8dH)G<2CjVC>&#tN2S# zgeM|ku9-&zNcb=St2yE2*~yOtpq%Fd-X8Od+1tX)uGEj+0e~*r>t8Pg%x7ReFFq=; z7L0d(*OnuaIf)BL`${~fFutNZa@G)pV&2cm@*1d zce3+T)G=nNjyxl0W-nSNN_lXQK7?NpJ{??OT6vzeC&ynE%PZmyLf-*6sn2-Jck!~Ra_Y+F#v%k3VrHY${9$lMZ$apq(=^@G){*kL zq782)qHzKO83-j@ds7=GD;toJO9LnuhJIaW0) zUtDtnAa;TPxLUc^20cG&spSq(9RA;YdUdpoD|v9>0q%UM=T1i#0ztC0f@W3t@rqhQ z-SS#2(d*mH)a4w}*x?%Q7l7oJ71~k+R9!_}2T(X9R{(kD9}3{)FZ7KzypcoS4uzDu zm7_=fEv?-gJEzG8R-LIJcbJvcqOd+imSEXXb5GR3ZDlaIH^M1L%9LiFSApC-BLzO1Q)&KEh^%LEKAS!iY zz?Ja8y=GyQdd`(F61^36J4Fs1KR=rIDb-p70tw9;8Ceg7ItHV)A;z5~J=lG;IOa|; z-W*Ej^911v9qAXW@Lg|;4BfAG)*6!w%M+FiF9JL+bU9jCqzM4e2Tapz9Fxbi)^W?^ z5OfQ`r|1UAyeJF=-6HD79m?8a7ExsTsB`26OIWd7H+4ou#&`@sL}smElF627;$?tR zSd&HVjykXg$*QC{_vyNdq$PY_|J>#N_`w3ov#J*Fw@81D@+9j)wI#a+3D^7h>8bW4>cAq!dLNXbE8AS4osHQmd!2yisZ98gsXD>v_4U$Xl?O9qx4)VO7) z7Ds{m@0O{ndQmWl{)~S#ShZp>fJX2wG2UK)go^Z6iHFP81)$N};H8k^$#s}`$9iZM zIx}H7npPbO=eb67wO-oc`JwW$%fI|v;xNe)JpmdE6$K{!6p`-gxolLtVdsOL2SjCM zV0o{zw02kDg5AW|QF2_kw9H)T!wpu^Odu&Mot}3y zYlkyev)3e1;ncjUIlb*hed_smP}w_#9ocR>%hUNwZ7_ht4hk zWKY&86fLKbcwSB`u>b*Z0?CC-GF9k5-DkQr$=Vi##82Cr@I;x6zPf&IkCg&ga6{O+ zZ*^$j@(S(10`%>QzDL1mIDP!Qu{8}=(`bhe?85(~m9^tbDzuedwe=Tltk)=rg#6%< z>j?jI2v3-h0X-C$p?%1+)1SSkUz!pLow_&GZ5buIPHoc35I zX`LZQ+=1R*2t~&y_(J8Dy1OYLR{$>P=+9^XQJj2W=G_|%fOclpSLbGIdy{M}-Z20s z04qdGktXZ=*4;X(FxKZ(Xg~tWP@Q*XV;9y{qw;@xDUr&WOiw^^?)69=IIaMOM#{ND zjf0uhOC=u0yF9B-nUt)ul}`K6Ow9G<-np@P)jH|`y4eQvde)ktW{%5hGKEOuoPmL< z4J-qc(59`SWE7g>aA9c!2D>>1?b^t4H}>CQrmpX5mHL4R*E$G`%Y6jicij+ zJUC24Tyo2qHm=$wsCeL9 zPejp7#V#|p1|f+^bt^&<-8@6_0Iw;)X6T~SQk%gT&95d5bjLdEz`A31253ntxwc;c zv(K8m@RoJ(ivfLgpcZV4Alw>CS%HT={+~Ws5y7@#pP!NK0h!GM_ZGVO{LE>55sbWI zLx2sXPv7)?H-g-1K-7fwHvj-@g!W9g+YaBeM~kNd(6;Pj56^b;0Z^jE)ilOHJ=9DMvkWTq6SdoLl z0f^@xNmGM?-ThEP$t|bhQK8cK|>v3S8`kZdykR?Q_eD>#5x19Hw)RHKga$}P*y zabeuMBFl<2Y}(mflbQ=Qyp#2R?d1qh0O8LJ)&hxl_r_R0BaEjppOijE^qkw$84j`lDkT)6z+<|%Jqo~ z*2u|NSjp5RKXL-b8tJr2!8 z`+*OhIe51jYIn#0_Xbd;{m&6noRv9X1C;;mKK`?pw)e-Er~d^yWn(+7tMl*6>O6bG z^`A?yJ^ABbnv=lqIscnz?7x*(*x3FQK5@}zbay#e;)1PN?_PVV#jKUI7aA1%ZHrw18h1fn;oS`M$ji(8wDgDhvdD%d72zDWatU0UW)kC z^k)5u*pH$j#ppFX;jWT|8Mx@)<6=AN9So;FI0i_(-P<}SPV#P}MS&(Y3e)$qWvAU) zZ8v~(Pkrvxv!qOq*mHfaRF0_W)(fJP97zF>*K&_?R$ke=$`j?n1o0!Y>FO20X>4pJ za?uR38SyL|TO;S;!eS+pTw}*WO`;}N4f~68ryA(iV2E)9SWb@1fw+;ALuApYZrq0P zh7N=Cu(rktUS8|1bm1$k9O4Oz8B##zw?-!R;I9VM!R@s=7J*WE+j_qE0k!Up9sB9qxjgNtP;dW;Sa~m4e6crUwk0rRpMlr;*LsE*KuDoTq6fiW6PgDA_+A1t3 zII%>*malpJUtNk-Kxz}JEP@_?Kh^4H(8XyFVmDQ^g+G|z7*i{-kC~k{4b#(eSseVa z1-nv`pTAb6ab*x5`llk(@8Ka(YKm_Y$G>~k-Z@t%MhW@mxVz!F(~Y;Vjw$a!?-5$E z_qqM2AMIRF3}dZa$=YEZ6IOoAu!%bbz7$7rr&e}9f8{Wmt?S^$Vmb_nHAVNgaYR04 z&^qpc;u82R`>ERCW5Su~kgmmp|JDwDl5sQA{`n4^l{z)T-WMeTr~LIcaG|O7xh|vY z+>07yGGFCoa*JH7tJf@RJYe(M_Buj} zK_;V)yQA3Va}fu&@Rt|WA6S;$@%0T=dTw6q(zrB$ovYHgwWA^Q?=f9@`Fmwy=*vLr zj9f%?X0WX0#(JsOYQ!DlczcL>@#yz>(ba3JNS1pJ3!mER(X@O_*otY4Tp#sa+?Gc> zS+CJz8 zz74NWj|9_4U=9$5gO$Y;)X#0lGR6~0_Y_w6DhqmsLCy%5d!FxL5Wj4#Y5tMX@cQX7xB z5TsXD&6)K4E#~Ltq&8Fw2Y^Ns+ijneUD|S&9zzlj^jrP{U1G;%Lzu~4%*9{_S`k{{ zViWUv!Hh8+WD_=M>+s!eH}dzu*0I3;$#^btpu5D~aMa1m##LvtF|pMmY*D8%%4||o zv4{1gU4EsfrK>@rC$kEg9tfVp9*u-A5;CNpU-4b$vqO2-uOX?2x}C+2cx->H_Xw8d zNt_U4t|p1JN~?X7<=>h! zwF0K@cx|tBMkellTXXQsik|{>QMr)_;G3(o#mU2C-6lAFMZmM1mk|aods7uYB$xf* zDkg>FKJAk9lU5DllN{n%(Nx0Ifh&B>AKnFWW%#XjKBc|6XNx|?Vk)FFi7SyM^mx7v z7V+#QSNk?b6PW;3Uz z)8K*+S$*QI;}E8F#obrKsF}$t*{5S-6U9U?V#vg|=v{pg+I0rG5+iz>B zKejuWS}!V`C+{C`9cKr%<|8k19mmw3zfHquwUWtcGrnm<8M6Zx7kLaZ8ON17^>4k` z1NND%6I7yeWV144W$88Kkw}~!mF8~n!iK}w%f^wM3|!PnaZRmF5ykVHqN8}%y$BjfwJXYXYp5r__n^0t zR#(1Sp9#nZ_f0^;1g`tKJYGD0kau2O*>mz3jk+W@mq-`}q4Y<+{g!C>Jl3 z+k>kJGdEvJj(}a6SJ8azdTM9@C2?D0+1;VFILBca@9)5fiqEOaL3Qabun0bxU>@DW z5bmH&I-tRd^w=i=8gb`Mdhn(vHzgXsrKL`jC&!lD5Z3ZD7H3N~bldUTylQpp;noYs zkWG>>N217)y!ZSC1+eSin?iZTtgRK_ll)TyS#d(6LP*%;N$b=>(1+po6C8gL0pDb=K}`7ouM4JC8F~&8EzJ!%i8|rpLW#7HGl5z`Hta0~Qt?r(X@b zjWIDVeziVZVsbb6z>Ko{%7CE!TnAsA z8)8oCt8<@_$ig$R&a&RP;^$lF*!q$g$EGr0C49o%Xo4s?M z{XxWl*T7MZH@-23X&(Z)pU)SQ;eL?%-NL2^KRTS?{^yj(wScn@Yq@L5A~Ndbd>DL?Y%$A#29Cbx;m@F;%^-(~}BlswV_& z-E^GM%$uEBzW<@t#&miveZ}sBWP0citR;1%dW%aX)ZV5cA3Bh}gh&*`FwJ8{T*Shr zi#?8*RQb5N1i|iehnf6no0a{x$K>Lk$MGNJJ9R|aeex7!fu6wVjGmc9UEhvv<2}^L zB6>Tl&aXMN#Sr&`j7V9}avl*2G(U}3Sj;G-uixPYOH$vy9W5*(5`Ll-OX4S0dlCvO z9cDVP&TA6|8=lS@VXjX+t{P16s|BolBIebiggeLCyR9K^1B2&}{MG)X!)xZ5fOqms z->^!>S?lc22q*e9O?4(S)|7NR&9Qd~5I=S4zf$#0q55E>A?{{0R zKjoRUhwbWP?#j_?gr@~hVwP^;ycZ|+T0cP`r!4ZYWeSQIX{(wmp8VK{@IR2l(uHvH zyZT3wco&Zk8hydv8aId|Wa(TeRx}@^|9G-lO;MS`*|elAQx2Vp7jjal_jFYC#Y;HQ zGzz2i2w_1&3XlGp$B-u-w#AZK#~U_Uwe5m!gEpu1b4pxwgzDxprH5&_tq-m)^OURa5yW^iRA|%R)m6Q@Nuy z>@x@AiUN7tb_Rwz7kQVJF0Lt_N>n&|Fa?~#g~GPf$ik9u2ddC<$f#KOP<6**#`tDS<(7l2iyew_mogPg{abwb&q@spQWQ*V(zh=8f?m2E=j z4Cp3mI*PQ7OR{0j(DA5^A!L{D-0#(-SnAu(z4Xo@8G$x@RfrxdMOJkkY&DXnkta$x_%Cj z_~zt+3Ae2}gty{(MDz%S9jj|p@#D%W5%Sr$?^=c}(iDs|PR43J(C%tBmz-BjI_9*9ny$Q1TzQ%mMBV z`lu)a^ju`h-1&-?2NG3h7>B!V5fm@`t|iX-}~H_IEwc&AJb+{ zNp5R7tH=VSedBY*cS5QSDrLfPxS`m|rlBu$IdbCo;oUnhs2KBP*#)gccyF#xfkB^x z+gPr`Y;k5yb#2%p8sfg-EY%`egHs}QxH_uSv9A=CAl=OquyDcMZ9Eidki-c1e zPNo;&(|vN$_X+6BDPN!I_jP8+fLI$ARSE2|>CEJnNO9&?B4P>Eo>QdYYIrsI#ePsJ z``;8wzjsHW5ijV=;*!gk^3z}SV@FLrk*4zcS%p5cTX{PB8M@TheT#y-w~kw#gp}Qz z=WD1DU55(-5x+v?x8~H@Rz*SRTB2QCuvYvxK2nYBgl?P2a$-1;m|(!LD`t+4^MmUr zzoSajxKCkK(l5=}PHkc|WYc}8)TXqg82X1qa5Z-y^M3PeK0)I>b&SR{rnGrdRVG4K z;;~h=Ox&qae%^6dkkAm4*znmt2Al)OpmU6~Ix3wEe7n)cF5{KzK!!SIJ+WT~Z*-$> zyg|9PaBRfwW|P2?NB4Ph%H|Ij-ekrmc!<2q2k14=YF+~oWi8Kslgh|58IlR(w6>fZ z#pkjzPKDnnT)O<{DNPT1ZpHq;>RfVd-TCdaPxG_Cv4j@PWvNKdiVh4czc~>7S?3Lh zc9n6O95Xy?ylC@474>CM;4lWla|JnKqTS^=*e69zSaKANM{0gWz-}80^LN4nx_8cn z=~}N3(oJ71zn~4?;s+lh{!CGL9=7TyW>}x)^AS6;md`s0vo8-^9mP*#^27YTIg2aH z*j0xK$$spFFE38ciy1#ExeVruaFb#hD;C*ad321bC<3CQ4{E;7tI=CSj+jd(Zn znJ8L=l_Nj%1z`H%S5PyB5$~MQpz*b_&Ne!Fdr28|Ouq2Aa0K#|K+i7>-6Hviw7yts=4IgtXo3=@I5xec%Y~_xbz9l;GW|pN`q(Xfv zu!E~zWP_RS2+%~PxsJ!j8|E0BIl3$!Z^ctYS{p6wxM0f45m9KpHkt+VlsURm@dBJ= zJoSk%DQ>R0*0kECx6!uF0Y8zVy_L4wlgAf*G(4@fp~&d4wXovG#P|S2&*jmAaoIh^ zTEEg^8DM!TlH$1QGQIm+yyXZGn|FDUzV!jA>ca^D6#{Eh!h|V_iNLb^7<~m*-_B`= zIz)#(S4x4NK*sBef=h26pSwhTO7w=rqwC+>jQrdt2Db2DvttI0OTw0n9X`_#WlGPV zo#0m}xKR?Ff<7umQwm1t{4t!hU8C=fgqF$08d{Q(ET!*=(|p7Id^+X0f#~*om%ET7 ztBiTdpO2i6FD6;7Q*K{{7C6`K9$FX{o~zwG{la|N1l@7}#WRkS(1$*j;0?p6jubMc znW#pt5xYj!r(W&b{$#u;D)oKlPv(8-XYqaF&+U)zSY)A~<ujJm+Nq%6LkU1y;fy<2CW93$1Cf7CnFKR(Du4iRfrEm=h zZ900+jrguR_S_Mfu$a(`m!LKb+&U_Q^WPyS?i2c|kz)k*3JO(F;mR6uz=)RsJt|$=3n+zgUJb&WjRPwYHlH7F>IWLSfdP;<_950@flO4t7a? z#HpMo>@8f5cwJ~G;xhkG_K&EO*PEq#8W(z%k%aoWsdL`q7FFjxr^7`Qjas(!knB}! zGWMnq_QOpBvfwS8D<`ol1fY}-eCxkhC`JuZ;k%)&0>zO%bVXq_E7AzbDk}sM9 z%kw)1*`iHaMN3f33LoHuKNEG4*?)MfnWUSv`zTM~OaSUTHKil_rPwmd0LLOJu^Vn0gQqgOp(BWP5om8OiS)n#vH9* zNFV3qj;iz13`1<{{n=F~UU=qFULc=qiD-Y~YrBG1GVBJ5sDrO9Uq+kH%Ewfg>O?EY z-=8zjcvPlZoQY7(y(fbD5Sj3KIjQCSmA>m#yWN(rcWj#ynZD}eic~8)j_)0}xFrKr zAnrlF&XCEz@imCU-*bfNXGAg#27bhk zd|mcw2>Vk}R}`|g`tIvk`D!-K@_Ck}U>ZN}78gyoM9MJTtsrio>rlZxLDZ#Z?D9cY zpZ=UAr-)bj!h!VXyOv;biFR6?#gE7i1euCdx(Srlo}Ma5zQp?+WNo?nyb5aBy`jLx zzjnc;og)KvokkKmY*YN#tsP&dr-!9sC$1vzxiY(+BGQ=sFBOlRYbmtqIK8zq64;j2 zX~%i_4Ci^*J{VBk)ZhS&qq23&u8ptpIY%cpQ{C5;PFiVAcd=;qEP-5UDkia6rANJb z$?XzJ_o)C^02ZWtwKIu2e(s?4wtL5z!PDb`yUS}rL*CyZ;>Rr-N8x=4q$%i9zz|mG z)Lva5NV;hK&AGGt2ep3;+e|A_(ZX}*Jhj}A^{t__=%Gi0*mCX76*Z)dY|A|duX=A? zs`b7w>@q##PFr-%Zqqi0)-@0{hgKAO@}d5K$0@dCH_r3=mdquShJS{D{;JL@ZR zO5i~rYgu|hj*dd=E;^%g2s)5At!-604R&CQ;H*j?BH6)L53`zbKr)&kxddQ`d+Va} z5;PT?XTFq7EmkvS(tV~C96BJUL?^?h=>`Wzdk+=gn9oqp#kq~%;tP~3arckel6l`= zf#M1;&alhL7C5EofRIaic1Wh>(wSs*SbpYaUOq14dCJgHIGCkZ1P~C}8HZ+z6SPua zoV~U0s9Lr2q8R*wz{?!m{dut(DWO7*>eF$LvUnJdxo$>vA@C^wMBlk!my-tf4zN9W z0DjwQ?p_?vHS{6I(!w3!LRo*$l~N6&?(;TM;yJy*Tf3;Bq`0+o9H=yYaDr-ai)sG3DUMaS zJ?R`e+U%rfiS}^{^7w8rrDA;XumNlLijZ2lr|PCwbYzrPRK&L?9aIyX)^fW5n^B!v{iIqF4qrQ9~pHo4WW@g%5O{@fbFt zCyTlio{yX>j$}WPUnXyveU*k|Zp~yDJZ?7+w=@-7k>;r7sl>M6BAO9*@5D|W02%)f z1o%KWTrxmk<#zx*yba>G|2(Wm67^UH9-_Y%!*}BC+GfnObI$O|t4}3ElAl*xhQ&wO z)=``{%bPAYsVvmTBOc_E)BJJWV~+z?G`hir5IfsoF`!0D|M^V1@x7h2&j3q9C4KYr zKp`%0Tj0ErhQ}>cKZ18v?@skx&4|KW3w2f1BiWF(S=ah=t?7+HjI_|zrHb88$kqkO zj@>wTm$;H@@Vh^2#ak|gF@voZ(2%s`PTw?=s0iyh6yrl)p4*G7#O$`NsZueSiJjH2 z)m)9sMzx#$U^Z&3TJ7=#xKJF;Qp4{`J(DmS0c4hvp=&G~;gk!(>fG~VN0c9rpQ0&I z;*t9}bJR3fhYnBi8H2?$VWd8XA1@^wR@!)ZW+pEwZHlO#FNd^9mfy!HXl_Q&wdOh@ zBY8xWBf$>7+Z~H?QF^>tC$`3^U*!FU()3*Bk9Wjpo#M?@*HRP+7tCBi>CNoB^==a_S*>)#^}pzn0G!i2K#t43`b~!$UjQTTv9;UjLDZV7DqrZ*z6}Mo*;;pkp4QGpx zdTSSg+V&d^Z7r6ZovErS2<>(Kij(;>fEVhdAE-3;?4eah2Hi$F`wF!a9C+eJu3On= z;>~llGEvWB{dg%QU$g*8Ml~->%|wLEz`G4#9-Q<9IC9VJq}M0<;OBePXSThF!BSCs z3nh1eydK9EUv;lKc;tod5n2DeeTcVmT=kX8b&$yq+H0%zF;TYRb{swn9Fs>AwT9DJ za^jq+jA4bf;d3NC)TJm-&o>qZmA`kZbfDuce;L~JPk7P}crv^{B)IGQK)?)Z<5cTF zZL1R7jS{?@-F=+Y`?iqPBzn65!ySF!*O}Jl&6sLt9%+(77)dnNF7IAg4xV}9^<}6o z(zh3^0eC}Z0`f~tho4_0fVhe2K>9?FmiBzlzol)DS^YWtbZRo1$*}5HK@j9|Kj0-wY%>>_Vp`e(6bC2ty{vT zKN&BJ?A2^FE3Rp?aYdP|e%#%V{2YJ>Ap#kr^_#kP(E4%G=K&t3PR#ZU&ZqoIvIsLI zG%ajXCc!F9elfV1&o(@FAjZXXqPLo2B{Kb%!7$T#ZkshB$j&yuaf#eJFiIRRIXh;9 zIrBv^<&m~9VxP3EV?V563Q2Y0xuOu@`IB_g(YnvuS_SU>I&6`WXl?WK%tph&-11Ob zRy_4)FpVRR-%z#0pO~=KNLd@ux>IQuYMykkb7Q^%ubR@QnN880fF%RGm`caRVtcO3 z!HKrhrAP66qC)}aRAbgO9TR0z6qIq@QZ3^%X<0-R)Yc+39cTeSX3Pwj7V~&Jv$I@F7fxDW! z^IKUFS*(wi5(~i}q{_?rO?7=3;m8KZ99}O!bbK`hLrlfUp(T6u(KJK;A+rn{Abi z4L3K&x!w8+?7}4AaybK&T_kSwrz( z@@lxOc=c>Lw*HV{v|couJRY^|?-k@eF*p@Vy)EOPxi$%Nu6cZUWa0o6?>P3&Qk9gYx2_WuCn5he?`kbQTV_xg`buJRI^1HH9(NXB|Rwb$-A3S7f z*#{Y%Do*zk((=0UmWenwwOllk;=2KGy!wlp|BLep^ilEmEOQ>NqKRsF&_l*(rM)+1 zwLP!9wf>V{>qR|ad+BT-CsZux>gWu@^KhP|5pQ_l_p{tWY8N*}8r_8CLvITyK74Qp zChVx4cd+)9MUH*UQoMl7Ugx8JJNfG1?Dz6`tToS4^|{^8UvRA&bg+m;j?g$py1B~L z*X7W+9Eh3OXr;GakpE|VrHA7oo^NSw^HbrirAnR=Cs$apt0M=f@nvQ%$uVcH$7xHY z?~I5{uYKue37MA@P9?_vh63%~a_<Q^is*=x{~9`b%6-5`jo24w=~0eSyxc1q_BYpmr2!7+d#4iP%&iKsO^CZJh$Si5V`_t zT!pHX*|}Cd17P1&W+r)WmxQgcJ=bFLP@U#($gh9R7V`)Wa@sir{G}uoUVkB-9zNIB z);*HydkbjGV|#c5uP-=3+^O4ljDNr9X#>zb?j>VxW#AO-eJ(3IN=M2sOWNc(A*>KD zkV~WSdLT2uKajh7_xtC#vHEWdV74b0ulzpD`ej@sC zVW7a_(=&RvbT)kt!&a$R4oHTD{@(fmUM}FFUNkRHs%?m?s%yuKDVmyZ>xTk^?sFd# z0Ina~CflBdlLOn8f)C525o^z1HpXN1!+;Xv`0+YGQ?WjM44euH3*Pgmeyb7aq2@eS zNdM&n_g}8zexmGmPieSYy;Y}FuI>)Z0j_MYh-@yu!@%sP!{^njHpg$|VGLkojy^@s!b;zSY8W(6AN%|owTy41K&aY~}@8oeQ zBY@I7;Nq$CsrNQ0G#xN^{e`Lcb=#%O9^>_ufG%lJD3e_OF9CsjK$$9YG^?XfxfHauxN8YQyv}J{xQyLq+&UW2Qd(AJ ziD72$Y?K;VT?{!FV{43$PVi^>i7$!8WELgd^I+f^M@8viM*TluT8-2KgVd-Tz33FP zb8}hnuw6o?#)FQVQZ*>d=}?kc7B3D?CbTA7*a>V<8hNcb+W_Pa9Wnb-1Aeiu%qeu3 z_R@-EU)BhWUO(&`ubFYrz>qOO&~2}MG!5I7n-g+t^Gw6GSwFqRJ)qNg3we#FsZWADp*b2IhU~~3dIWFI_p<)bD zHvj!Rp`#GYfA>t+AY)ML1N1zt=ltn*+ORLS?B1dpd9=f+?{^jmWD~wtUMz+K$ssz~ z>|7G?b-EBT{i5*?joWEptqSv;C;JiR5?s?*H~mekmnWq%g^b>NKd2AuO}CT;c;lrf zgwvAeiVX{f<nmhQplkxXpWw+;Ws!EeiU&}Nrnx|uw zVa=6~?;CiyR zfG?vVP_0=7jkA)OKphF9BAIYBxa|7v%x3sFIn)R9 zOqDl7xT1c&RDO=;$#&D@viKp)ehvQmJE+#ZU}o>IpUY-@l4KMD5z_FmQFAWy zp6N_YRQKH7Hf5DrAQPaBmBBfPm+m;oej2s{h4jE%5yvFBHsAX15Z46GWbPN>f0M1l z(_)n`%x*e=isVchYI|T3L4=V8vl2d?jXjavi%@W(a7_qiSUcVoJ={@GU*4(8d?wvd zGp^Dy(oXBYb!sx%V%K0C;y-+^Dl5r~B)#26)2RZcj|+Cqsy6;afsDyL`468&06QuS z4h`BVmQ8ypC!-Qp^W+r5WGY;36Q7uXF5FWoxCV1k`h%TswCp_T>$7A0mf1fz5f>fG z6z7>Tm92Kv9Qy-^-XDGp_O7AKWclP#XG7%W zHQbE$)IPhye02zpW-GOxo1^i2eI)>48pZg~Q*l^DQsIAWqBZejBv+q|k_ zklVV3Elf9wDPv$ETAW-nTzWu#%lbNP2qZ~5di#}igYHaKDEpaFu49?Kgjc885rx_I zT-G^P=1jFiYMuioV4F1FWNXp>%f(k2qrMwd3+sNZE!?94XF2^WjtnzL)RQB9MU?S- zof!1lK(W3KL;%z30^vO3N7A^P>)*}6){aFZl|Py{die+~MCjB9W0=fr(PO8>#{0Oq3M)TGg;+Oy;J17=5NxIw%>xooF1JI} zek+K$?AUP=k!E)}*CK-ZphExb*=f{=2+2_a#cT^5zX-{74UyXtjTOFqS}Fq~M^jk*y}26bUySW1FF21&wzuF*ZK!HIAF-5$ zagv^U@`%g{60W0&+)sG{zbIn{Z~P~bd@^aQdyFd|OFCj<7kuxnIg^lJ##N7HMP(d5 z=xL~W_`i7qwSi0NbL?P=Qc8vPXi)#{XgrUT~bs-qK7cFg+qqZfy!^M@B@IS z;CRC{$xVUcoa|%$YHv;eB-|U}YJQ%B^c-B8%WDEb1 zN$b41{Lq>~yS@Rtv#;|$9?dZ5yGj|x3@kY7J7QbUHK1w}*a}~`0~(Q-cb73jof`h6q3zNm8IXMvjh%bZzgvdB z@dX*G=>w!$zmPwow8;L1Xx@ikRklQ7B^gC!<&o>n^XZs$^UAJ}2_$0s26 zMfCw0mj(lRa8nWx9DT$?`sbbOuVa5QWC;w9-2+V}fL^(gddYg%A+94>vTC82a*YyO zu6f{i7?fLRRdNLb?`|mSJpG5U|6I?zDcdH3ty%_1_Rv@Am zuV^NblxJEN2MivBj1VC)t{QVcztW?PVIgB{Rt*$T1KK|e71Kc>(CXf%sNrk{518&L zOYbePD-#RiOfNT)2~bV7{mVfk5aMHwJtrI-uNzFd?(W~xSl6i1@~XmjrXwDB#bMd( z>5`%oo##Gk7_4-v&1Z*qNwc|#@0WQ}`=5NxkK;0C`}69@1BY8FI5;RyRHY)lNfvQC zXZVET6nrQ3*1p3!Q2!>N!ZW{@Vc^gFsyOYn5Z2bECX$TII&N`abpa;zSwIwJ_00Uf zC2Ib~c9#d@FK_%pQ61EY>*HDAluLW(Hqw`yehC%>?1wwQ_*r|`vG45X;@`_KAnrLg zJ@at)_ky#~?M*%ln@{_T_i6|)|HTp0>B~-*M!6<)x$Cq5<*z--oV|A;I%?TlDtEY0 zl{iF=zTB&Nc03e-OVt9E2M7a?iD;otHrbSs&%c~*Bv7FgF(jXu|v$p7{|MBdwRd0=PkHyQ+ zEmWrDDgUAVy=hH>PiIBvUq!1*-!cmw{nVEAJixKFS9PYxYhAj?Z-=bSUoQcPeJWA_ zXz?HU%qi6jtkgO7hut#=xO#7FXyl${+HNVtdXH4i&_uwTv`RF2eR~4T5q0$JA_^=f%`n zX+UU=`%&JLIBU-g!9Gv^Z3jm>35Py$;O;JLsEhwwjzkK1Jl9Qqy*SURbFKBTTzl2? zXWIO?y>~fR5~#Xkz|~J4kpI{48htmU1mtqkimxEDd+g0CWfDUg#Sgx{A08_&%}zd# zvWjr0PC`8!@~`Tiwkpw0BguT!nW-KY86pJFL5_Gd)iCx6IHw1jr-c~-9u2EwQ26md z{kxqNx}cjb0(|k^DABQHg>5}uiEGs1%y8NruLzfd!*?ci%?jJe{D((Y`;0ybb|E)! z0oynKb%dk=xz#-7NXX}_k9yO|4?ae?`&Kkn*nAjXlU=%?nr+8_{>OoRTa(Z%uLY;n z&xXi;6KtgOr^6qD*31;1e42Z)UxdHdUiVPVEr@GwSQ)!?K2?v38w6>AnN^3|IG7~H z)Mc)}q%nnU`Hr|UU4Fl*g;OKF&u)ZbzuvR3JK4P`aQeTV1t@!QlY~ujI71QZFGC)! zO6%ViyjbR~CnwGTeW_()@eX_{KQt8Hu5|5PD#&iV5c7hgS2kxE}(_A==X zg97!i{i+p>>oEaHNeTL5b>QRF+C62vivUoJ{p5Bw&oErt7Yw;B2HSj9kJrD>09tZ} z0@O?#rPV#5z^o-7;9S!=ppZyQyoa+?SzI_pP=?DqBff4My9P2VCIg0kKUl zK)SQTuv7RjR*c3?uKrmUEf!L26Js?`XZ2j}LwPW%ALr(3Czs#5RdDXft#gQndX0lt z%cM#+AOBN`qSOIk>wt)jKFsNZBJ)aTfx&+`QFHyq_LApHJhH3!L}<1SJNt!V1YX)+ z7uM6TjQ0Ynhi}|UCUvKp2n}i@{e`%+pMchK?>Cj2tvriN&Gpr`sW#{I`xo7{Tdw@< z&0;lEnz>Fb^u!3};%bT$LDsYnK>f|rqXEL!$Opi)o&bC9ue?9(00QQ&)zZdJdu6;- zK+bI+5m9+Z`%M9&zwYoY0LNou`0P%|&2O`0I9QTwa2DV@;+x z_J(c1_oCLXMd`xf=fNBAj61<-Ro{nX^3|UMDe6gElNwvFjc+QEeDLi!FD&4L-t%^% zTj|zaVD(K#~X!-tz24%?1@#9t5<4}}QKn>B>b#uPopRPsrP%J6o?AVJL-c>>y_?d6s zdgEJ`wzg4gsZCl|58y$>&z<|?|6uPwqng^@=usF878KEgh=PDvs3I1Mf&r8!QbP+; z5sfQoXFl-g+$7QgjeYw7)LJ6@;nFP=7bMGHDQt-9-Am%!0}d-o=DX-t z*rMx<6{$yGGZG{g7lLo%W~<|%_?3^C{7d&l6%COBRy2Ws=IYBNhpserpyFyT0rqI- z;HeHd#|_adbfN*7|E~$*BAt98vE^11AvOaYG${F4)>!}=x2%UoejAcGg~N&T3HohL zu6LPkw4CZ1=+=4|O;(Wc=3IKfq15Ts^x6mMPo;5{9tuiuYY|_o&c#7RKc+YPu&dD! z9CtfWT{O}b{rh8%wS42Z`#=7UPc#UfN22qLq%qqt#KkK0zIGMaYBxz_pOEjby0aDG z-A{}5^OoePLja4$3t=)ZRQCxiswERUI}Ma17NyX%P{trs(l{gk&I5gDYJKgh#;a2d z)Pq^moClDvU~^gteY4h6`itT3clAdVje}?4p`@EH4GxpcW=pZACT&NFB)S9Mk&ll> z6aUaj#di=LxH-Z*V=TP?wC&`fPky#ddS`J(Vl|gO7KX#+-`!-64w5&f7k-*4Tx8Xh z&=Y8a?p4S)rmzJumfy_&bT_=JIs#PH_>kB)=u-jOa?N@rq8My?dd)2JZ@nWM8z~H6 zs;Ck;kAPq!eUNNz+_#>mLp9!%mfVf5@3XQ*OYYsOJ1n?I*PFbZ?njY%i*B1c(!`#3 z>g+EzFN9suj`>a*An{ecdoYg2G&RnOCmsq~NZLFKO@yFRmkHQr{Q`xFEfbJ2hM8Aj z=jZ?{A!#rm+j-a<3w)5mTlcdh9bjt2kAU$_YixPtnMjPog~fRzH`GIS zclVL`S_@BnsbS!#^=KrOl3lxeD|{?y#Jz{rJ>O@9OB=_lp1AWg-f!6l);d3Cm%vDx zgBoQJ@{=-!vPla&jH*i4JWFfpQuVaBN{_fYpygQ5#ZV4?-t zCD>`vw&?!LS+DsJ3F*G0*&_!FfSUatRL`5|nA)7s(cLtqK25%}U`hUBwgg~9+v^1s_-PWLky}H&qqekkg+s|G6c(_j z0n9sQBK5BcmD+HxmL4+A(en`@$)3v5YDhaeg9)$hr*6lEw`suyKE~Uv9MSD`xL~yqhC#|(O(=isUk`cZ7;AKXI4`8pWF7jMjzC|TDajkmvKUj1af&= zj4Mfg;4pfoBXg%_1k_zg4L&XH6w7qdAwa?i3jf^2V@bdqBjs@C47BUb7ZJE@Zg%E) zKD(*il(ZD_aw?2fJJeI@iwaTqUOe0V z?njyy9dYvpu7BiB21b>LvDu|59B@K{R1^-4#ycRC6tgi`5?}UZ_$r9tF4lJxSnCrL zF(j1f#6y4GzWU<1%PPhudE#J{1$FL8LA;}gvz5CemLfh=xZoh4_Jx1pR zX5_mU!}~md5VsL&8Fi-_U&xh%C#NvgdVOva$ili2r9}$}NvgG2TZC{uXK@!Ct4*PM@ z3*+z#+8AaZgF*YOyaMY!f#&799 z=)YNnefJa5t89jkVxc}=Ac=@jErMxeU+&1Q{-;H;O47MDZBtEFWLs&7zA-^rw9iO!l$e0H zTj`VHW86wP$u1#o*W9b%$*jp(R!{zswpI>dBp{pslWwu>p%#!A%GBwqLwt-jvb}N@ zzku}MTJ}j}rdeCz(V)PE&znAW~?4~bn<}~d(%|w>x*XF ztLcps*t)Pfpw`T*ZWC#aYB!NXF#_skX;Zf6AM85}Wmtq)Cr9tEaqA}JHAWsXdcYW-Z2B156T3A{ zy=7#qA6&~@X}iuKV`Ibqc>rvQe`yJ>$9?I6c}f;uOzfq|+#!kHaOb9|V-NkLRf9w~ z+#`GB>J~(GWj}uk?Q7{-n-jS#E1XZfv4HKTL1u>#&ZE}s@fpVWIK<7q84+S>#Osdb za;nKO1zV~4Q9-xJiHP_k^yvfYR*x1ue1XVLQ)m=_maY@F49=f)~c zd&n0kN+h)OAYO#vw(n$G3P+^g#>1++wXu5LPWlR73PsM`AN(#F5v@wnR2jTui*GVW z_BWxDS8|+Jc1mJJT;8u(V9<&3quocX7LTG`lj1ANT+8XjkdW7psY|D+Y4c`bwvfwS ztF#Yp1k78d?8?V%U>GAwqVOVT)*zUA&h+`4#?0|pYPDI0A&z>EXSBf*luj^XSj?lj zddGUas&U<`$&HbrV2ezG<+V*=dUXa|3)|FEP`glT%5i+~BfjsSVeA~<)6IbrM1}yq zBmOQm(rdXdIyNc%O;+r-0ZU4bR|a{j)I+32ycq# zqFPA_y^p)JQ>|EuyhE`kIBzTst_{wb@(y;LPB2*Z0P%VG_)Cyn!=$cjTL8-=b-q|`XTLde&?@uY1SVWh#zCj@sMZ>HsHuK@GmGa1G6Y%hN~Fd^ zNcIjMgn`VLyjyx`VJp&3K6lorHx{TuUG%ryF6#1_%>btWV4id6{N5QxIujqSvrfd9;y*=;h^s9!cRE#C=1w z)JiT&VT&ZHOcwUqMd-?Xw6ceXA?};a|3t|txS<>(eV*-<9&1#N9Ffi7o=B^8PXmh^&jSVJ|g>#T;^r?vXfz zq4Bir&X8N{T>QwJrwXnZhLZlY!)iWnUNg&v1*l0ZZf_N=&FtsN(-M921NNTLN6}rq zSI`Z~JdJ{G!xrXu>Y>>3U&$bTNEb^i!p|>iBRTToqSrl{8_9}j=l%HZc~$!NaTut{ z63l2sTLk$|INTFoOxnSNnV3qC{~d*MB=IvTDIz|n;FVX_ST=i$|1I% ze4~_(+8qBv9ovLAqm*h8vhPRee+lz|`|ot!o1!(OO%-;&q#62w+pY4b zGA{0$of{!LWW6_N|IHHP8pcD>VH45BlI6FSLVH{HyXB4HdMR1lAv=7m@7XIs$u(5& z2z#LjJp~d{_JnQ(JOa|B&YdHWxt6)_qC(J0rHG@4vm$;pOlBbSOyyA%oW}k6BHJ$r z&BZZBty?lL$W}-tO`*~jONeH4vifUd*dj`VN{g7;Y&R(UhY^7_a9 z_hp`eq=NX7{6LwPVbxts88>2nS+rE&ch&y-8xU{EXjqYBt^$f)v*^&Cb8r2DCa;oXl!|pxZY4`iL=XnIv5P(0^fMF{37fI|QoGWhS%s ziFs^w1eQu30+b<-4}@e6sXf!&Q;ZFM+t1FvFygs`h$sPdH$O`!7c;-ym}vxutd=iO zE&|Amq>xi4#BwHwOZUPs1uKUcDK2K(N*eVdohpg<2fXUgg0x3JQHNzb|9%KAv4;4( zYzlyr#$^*8_+-*EV!lN!>n10T0EwRgy?wkPjSvln?RZ_q1tmVx)kKjg@qR%vBDT)itj+cm7cK*W9=`RLkkTm1CcGtWCYF-JwoVvkCTw1#QKFKByyP-b*`JuIeN)VS4 zc+~RSZ>%$A`v1iC_rFYn10V-(gRaAEi}ZNOqWLO(%+jqp5ceft=9K*xWmZ5jqZq&5 z|9vb<+-T~%N2Xsd6f5-$v6J@gkUn~}pv;p~A#7+?q(Zh9p~V{UcAEy{qj$`$xFgH~ z!w3(SLb=Ga>=P`4(ZZ=~%6O+AJ&cNUn5R(Bd+hdTfoU$>>7^sB7fD9MXZgx@j-;NX z{G@w~hXIHPb8OU_j3B#Cj=ohj%_$k@kbJJI;!A;5xl*wwu1cCd;;!E&j}%;-zsNeC zTR`HWfyGZ|EKqXf7HL3@o}$1o1p)#oIxR{F=fyHtOdWcl$bJsSb>x}Kl#~&7qHP&& zzF!tWWlHmD`m8*8=;Vg|o+}qOLl(l~M^{t^d+684J%ZIi%{15684R-=?G3clXE{=Tpt{zLM9kV4v?3LWuXMCl-rA zn-l)izfoX2_`k>$kcgx}fG^Jh*w}x*f=xwV4Ipfu0vT6t7?gKX_tSOZwm8}RzpNqu zI%gqiZ$o?h-%kKC7z?08fe}Uj{Xh18itX{O{~rIh8f^am#S;FXkIWQR@Tgd1d#{Ig zm=fcGSuxV1O>yUqR}i<}ZDGL!DxeTSP*tlR;omDqp#PmL7;Q+-9_7{0bZy&i4|nEt zL6I#Q05tZGF~6CQlZx`=r}r2rv;UHKoui0B4jzt}%_UnU0Z97o=?}MBDtDEA==()Y zJm!4R!omAPPF=rv*0$nu%AKJ8gX^IacdXqtWKLZViIC?IyDi%Nwo)wR^JP(lytn=z zJa6aHWab2f_s^y6`=NdM**A({{O4OIts8VwI62Spd_Q=j`|N>pjL}^arnsq#r^$F; zD!(60DLxNn;ZsoRwM@#R^_pu+!FF;i$~_C1b^ctHNg$s_?R_au3xA38|Gx9vr5>At z5~r_&EiDuHbcBtv$7UEb^1Nw*IghkGOjcHQ$E+n5*_PsU{NE?V7Oq{*Zrr;(FzJ*1 z)3&8I*Lie^cdBxu=u%4%vgH#XbaQZkuD#-E6|(vHJF@M4I^2Q@e5`LvP;7mXxVr7h z=}`DY^AOj$sTkG*7y^Y(0&QKDl-quG+bFxKtE;cYu<5-4y0SF>XOL2??Ey*D-i;94 z6kin9TKV(!O8x)@6;_W1+pO2qA9Gn`X;{%Lg^|YB-xhhmiM8RQA{jQ#8c&vm4h0YR z4e2e~{rs3^#<#W694l`jiaZ{4=V*`4F*|z)PhNUs+}`QL10N&-wJ3U@Xd=KPUbX z)mX>y$K*K_qqgfI@|!i1y0g0bPFhbtF@^fN`dj?5oR2ivNk+|`OAbVmH#f>_ z7f%Q%C0L!w%H7&sE5%l^z;VN6PVV{|O;>AYB1Fh1!^d#UO#qis#Ob+pd6Ye$+z*kX z$n7eKX9$9jr?>rnhZ-QJQ3lFgk`>)%9^54&m-|V#ZAixBXOr`T4oJbOJquPrX`q^| zXLA+6Xl{h1CGjFG<7I>#o?DH41%{e37tP#qX~QBQp|}<0(7JcQWv%Q*CkK}t7;@q%{2m>bn++;MtWKiwxz4is5W zXZ}0AJBvyzRMcJ9uB`NAX4dY5z2X+Rm7tcDzuWzexOHe?BU~=wXQ%+)wI_QtA+dhq z;8A|B{QP_r6zDI@C*5q2@|N#?WZhX^@S~7*+G6)RXRGr+!?hQ`zZ-m_Wvm}}n)=wd zDb0p-N@Y0jgGN)4prl$IPuv$xwgQOseh)>@P4DPO`@~p`#MPc&z@J`RTF+|hwZxIE z|6Jdr5;%Ty?@i_Z)tAG_)rT(opB1q}CngJlkklJ>909$>wjWnf!p9F9u+_WcUySL` zXC8EWQzvjHB|PKt0q~I2sf{RMb@isK#HhP|XD_6=iJPg@kY3cy`eRLpY%^w+g`yvU zEZ^J{<>OE{H-{z+b^rfd!DrwJ1t8@O{C68k4&(U^#QApj;`ugL`iKuU9&9?tZ{GJ< zXrsd50q|-lrKIFOk##%jFL~dGUb`q1iG#g4k#$h$vd@bgtn$Fr%b?DwA6%6TvG%6q z%}SvxwFWN>r4LWONYmlUmnuU570 z6o2PF?x=@zR$*y6 z$oZ|K$tyczC|!=H23*{`bX#RI(FOs8Pb8z}jm$34%>E}1=#8axR<-UpY;!7hI~~k7 z1i8l<#3kfezP*h00{NV&d@sF|LmsX6l1sUd?;ih}*_fT4q&U}xYsC_px^L&b=ZYyz z;V5YJumtwXVbu$1?^%=&*Zjtx63+7O{0LAgR6FhXWET7@pk;TEFlO-UF>iu-=sXSR z2JpWddhQ@;4Cq)2EXw6_CUI~gW-YDkv(oZ2`EplHpK!o$N;36?ru|KD@$q}hc4M{K>zf&VEZ({mDV`}rHu**p7X zG1TG#S$ea#eCv(higvx3d(&md7{-j5gvbB zBbGd_Lpf8jbk~OZ^K-B|jr5WY9I=1|*t)j2Jf@X?O6l~B~80=EYD}L^vcd0bgy6J9T zPKSwpa}`D`c|KP1t!Rd~RQaLRCR2=~>x536?(VuY#?z;%w(OWzor-5jppgY&9?Ulg zI3M37RxWIlX$8bTw`#n1XrQe|{;AUcUB1BHp}Q{-+i4IHjGRPmAh22PE9CfY6)L`Vg}TFUP%WTt8=Hv$ANLrxRVhPC%LCoL4BsYr z!4ubC0msi?|904Vfw=Lk-AI2cCF1MnThmvXhKg+I3Me~ zSfZBNqxdmS;(Y-j^A0VAw$%YPA_E;ayWm#CI-j09r4tL;x8HoRbZUp>-0^mF_#gQ= zy|)Wfcz5cO=H{X8nQ)G@BuNoVp8}(oDt6zSl>2igEkcI*L{zM1;0uRn2ZbFHddoQ4 zK3(^-EF1Qfy`HCyk}6)7ZTpdQ;rYF-A{vktyBi>fG@E)dXxdXyxus8hjcTn_OJIV5 zThgXU-tPQYyzoWU;P8Ogf+CiR!bz>mOT`vv3{rh13768{!8fzMb3OSe<2NE(D`@PM z$1CY$=F&bW0vk;dt2*=pnG{az@{VaX%G!iC22K^KygzkGQgiC!3Ai-^{+Bonh71!fjJ$0p%JrLm`-SkCrj*F#HR7-Tm44=K^i3OLA=w%&qJb zG28`4ag(gy)ghf*dyzEp!J|i?UA}Sg$M+2kX1=H3dpnx=_KWI#nh2^j;N6lGV!GDI zSp$mjTBffBM&tW|Rl%R0xme9iBSD#Kd8gKk?0gC!RWV!z@waTtR$s$fWk+93KOG;) zIrNw&k$R1x`QiLx&}t_oxMgbx>?js$smdpYl5Na;Wz4x4DXQ;md{`ln&$6J)G9>p* zoA40K8At0EgUN4xopY$++zQ+}b;(!ym}gDl$1%r&LSY5ZXJ&u&Ww$(`J?lN|IGp3x zdrZrnw4r90D3NnNOJ8Au{vGMl^LU1GPh0Eo9*k4SpGFmx+V zIa(Po1398|5?3bZce}Vf!p=gVhh*eYFu`s`9)d+8dyW!P%eqbqRw)m<))Q4DI^tKP z6hb>(-Hz~eku^P@(xqp$TkDzG_zeb~aGdw17Y1L}0JV*h#>IFDybU}>Li?eUv(|6> zZNFKPeP&F2sBIs35Bg8Yd)WbW1!Y@M>wTW5p#gV{i4H5E?mMbmr1J9lk>l*LZ+h)= z0w3x+9EVuXq^ZB(uCZfQI*5Jn5iHbDlU3l;HfoX-7heO}o~1obu_1xdPWC>|*J^^K z*UmNx_WjJ)uoU_N1}~D^{Z3(TK5D2gvwyoIUYM4f65JjyXWN<~W1LMAzN|G{GI_&T z)M2CydCQ@u)ako?y~gkY@A?)nXhwwdX*CjPg~NOf_qHe@Jz#+?T9;cN*sM_os8$Za z+&Emfk!6v`p=qGK15rHuGQ<6d8JG`#*2TxlZGSBcT=i{&i%>ZU#?n0oUpXTzVy zwZCdpCO#C#9>O_GU00d^bD=Ob1Zi`!uT(&vmO*~(6D8C|*28jVS|e(HohO~QA4t0{ zM0%oO)1p3a_KH&>X1_qhJ+OkaHwQoj2DH`9|vcb24qUqRDUDdORgJN#g#K zOJDi6`wSdIIwj)!?G05?Hc>IJO(O6$T)ABkTH061$7+#rBPJ`?4em$b!~3iUe&s!} zykAD(U;A~X5*Qi&GkuXcwufbJzvpC6(}3r5u}kC#`^w*RQk`uiM)Eq?UXX4|;v8m)oCjR`!ePz!CICDeujo zK`kO4oG5nv0Wlb3Pi|MU>67K}hehoFV;%hKO}BthpFioM)2EQ942A5CI0IbP=&^`- zgW<)qa=Eb|X2=p+#P`r@jxU`wJDmD}Z0eY9y$sLuQ(5Q6C~CB<^R32B<&C8SkL zLD!9|AoeF(XE#6AocO(jCi3nj0nK99RXATe{4yd^9oU>Zuqp8lpQ5fOdX2Z^aZdTL z#{3&bA?b|h7Xv;T?xBywBC~Zm;?@*ug!X|=jTGO z7n7aMR%AR!iU}PkOoVqUq+HantURbaz8I%q)=<)HPHutteaB&{|TmFzcnZrooB43-{ezRC)1BV9f|WZ&Tt8`fQg_ z9L@;}D%@wa1eqe8nktHxWZe|NdioTg1r0Cx8i8y|0{N61#$--!KE@l$JDeA|K4Ir_ zL@O`(7lb05iA`mbxg3BzbVM{U?CGcj(_n6Z?~iFa!APdrs5zD|!n9oA71GDxb3If* zjTrLfozIP*#9Q~>2RyPSgwv}y{q=#~iC>fzjQt0cVw79s1HT(!In6O}Fg7>u%I7B* z^?2|ebxH3rLebJ+@G%DA5hU|E&>6AtnzHybqRl!qMaI#L zx68X9cW+BqPbzcLyd-%&e_OPt*li}wCl3ne;4n;i8) z%ps2gBXhqYzY^Ec(CjC-mtGv>z4{BMpwmn_=Gs*R8!4lVW2D?p9S53EoDJ-|^`+JU)EurbKb~5r6&O3-G4?>H2_U zz6NR!m;-Wo7EZVPwh!X=`SfMYY9MV!?Z_;?uqf+&8Ycg| zQ-xlN^(z3MeDKxr=JN>^w9fJ^`)*rbbK&UBD#jH&w8?Y_|3@Yqbn>lBTUbjrqNF`l z740_8=r2#ddwiWtlcZ#Z-JK!=eWIH5=cFTV zo@OxfS~yWp=w%x6D_M_opdpC2$-)L>K|7L4)}O_ZNck+!ynIzK&X+knzOlHVP$aC5 zNZ7}^HGhvOsqB!kJH?BiAqH(MGjUjW^_i>q$*OwTR#YtPey%qJaW%OY zXqNAxeRlF3Nxwi(4$52(MY>-2tN+>FS9X5<%a!V-XZp+FwdtlxewUiM_D`<)tDo-! zHiD1VpV#~k#S!3E^<%r8dwu4x!fV}lxymOEft64k@`rY4UxL%i$bi=pWiI0@dwXfD zkM2LW!&VY|pK}W+1bi9E@gE@MTW*2DKAz)Szn8(iv%?L32}+R2#`Q}#aYwxlB=c1Q4o?xbjii4XREbv=l_#;xpzRK_XW&|5{$-Z zc^Zx zXJp&{gTW!x*g10sil*h2UZ`;9aU3*g*bWs?oGNXK<#T@@9L&cF0yYFv^;u8-SHp!> zw+k=X*xX`O1svn80D>fIyEj+9a($h{Yc?9fNRl?svyF-cB<&~#0A)`m#PUT`y5#5@ z!$V3O&vP(-;!yGkm!Pj$ynF#9se#d76R6mQaO1zP(~jQM~NFZ#aAN;IwP06XAXNkS(Za z?{J{jp(rsB(8RC~9OvPBGO!!`G9dH`=!2aFyIV;~&F#`zj=X>0ZUBF@1^;>(99qAB zUwz|9oqte;O{?FGC}-ryjF$(~Q29nJx zCTbI2oqOUPr)uwDxO!18cTMs55?h?)IpcpRdjKEp$QT9Y)u%lIWpsvWdUDg?2uG5E z$}7I-7OI@JE;yR$U9Tt_TPm$`{~3U=umA`Pg9Gm72Ab~T1NT&4*u6L*YY9IRRwfbL zlJ541>(XRz_r!6Pt2t8}kIGN!{2L-tj26EFYiXboicx{Fs&0I5uCHomCl-Wwv^a zFaL!z59x57Chhx^q$@8!u3#Tj;nbcH)S5e2(-^{C6OHHA$FeyAPrt$%xdrYTvNMu zmehWK-yb4Z!}|PR%g9iJz<%}zH7yo~dOW=EV$y*%^~{Xlp>LIn#F|CZUB>8(6NWb{ zvVER*v#*{19Z4460?_y9WJAz&Wj|Q~-v1?dWwg4wM-T2}%j56@R_>fQTw@=(M^XbU z+FmVrSWJNjL5cDKAS2_4@o4<8q0w|XE-mBxVemjN0L9)dppT%saQ zN_GWkREHR6u6T`3ss{Ov^?oB$1ZL%zX770~j%J53cj&d`*3_EarEKLj0*`OXHeN~evpzElHXPBnnBno|@ zHyt$BCWhgj4OxT zct$1#m7fn=e|3t(^ue$ONKwq}UfqdwP1s79%_1C4Ge{kijtX55mrM-rK28y9Nhh`Y z&5rlFnqUe;dt$EioYp3if**4rM5qS)PIq88w!3hYrn224*PCFKADIU_g6Dq^u8O8{ zj-UhwpTR5Z0AQUQ`dbL|_h0{BEUEAR6A;+|mf?r%bLjPif4O6T9N9dQV`mF2WbUmo zEU~2D`>MVFlKB5|82=CFZN6!d5|wxE{1ywOWbUbo^is+^tMf-|K}qCKa*k%J0Er=+ zbU;DSDtTD(7uk-!GU~j&>FP{K8eNMBwWZAIDuo54AVTN2I=6_ZJRHyZUBTPWzqNn9 zrMSw%%QpF}^?4cc55l~0V=Rfd2u~c#&vWYlKlFVTkwqyxOBszd3iGJR6*LyIuXii| z@gBQEp9PIYp#{q6qr1t~He1-~%z)Gq6BoI~A@Pj+R<_GpfQo`UGBQSfzI6EfL+No4 z1dARWM%2WZRk{U8R!(6@--e;DLc5Ec%*43_Rpwntnyzo|2b(dlTvuae(X#I zfE9k2SIF`j2Tg1&DXnqVIruId*-~jLW`@X{_nzz-BO01B5+{e8bOqg`X)okHlv20L z)rASxH^&1ioF58}0pggRBw(rQ7IJn4YSH^%tcb}r=D)Hy{kU)!S4MwP2p?w(q|Lv9 zK$RyRx*b%^30?7>8erIQMweF_OY8SPYB^jJOS5SX6L^{_M9Br3o?EL#K}z+4M90a)Sh(HW`8dscXOE@hC53#J znw%-pVdxZn_XQ>1ek&jg+V1WCS{8JGMr&HesWlDO*c<(mzv-RclaGn=$Ubu%YKtY< zDauCSy6OW-F}I^JCcr)+{m^#+Y~z;ybLJ<)iv=mB%~_ zrN&9&As(j^x|B?b+a06emntV{7s2b3?jv_VdSS7rV=(U$qtkC1{SYgsCXXXpceVyp z68kqhXhMspiGwfq9T@2$+#R+fjiXga@N$qC>k8NIb#BK_9iaEv`qqk&uE57tk4wni z(r>51cPxzhJDdRn$dR~g;`hHBOi!ro>Gt&gV91Wg$?9)4U1rtml4Y)-7jq`nO4`c0 z(s$J@6GAhGBVa1>rC|jSI#VI0YomFkND3{|X7MuypnI!FtLdBbPlk|~>BS0rrsx&& zl@U#Xd#3d;{9%mp=dAU}5sj-X%LeWo`0jJm*U*ey>$3uq5W%RxqhX&%pp<4x7OH_! z!m!ZEWfcG z97f#;;~ToiNox$`0`|95OOT|UasffMCeVy8u3q?Z$=yoW(ASb0S&z1uBR!BivH?xU z28-MaxLWy~)8|b+Ge5TZxVL7|6au@8=jY0qV|05!hw=pilJoi*`3gmFJHSks9XpDQ zejo^m0H~;~2QlKymJSxWF?5+HgAr~5+UtE<@Bl2>hZQW?vvQ}gKO2X?9IzO?QAB5# z(y!IuqOG}>*2=C5mn9CYm0a~+)v|a7d}?uUdt*J=5Stvi#)NHVSCvTlHtRpuM(}z;Pb-U){%dQ?`X|Koj9=I7aCI z@@N|U5n^~#1nL%5o5HH+RazCasO%PC^dyf=hbd12#T?TbVS>vSoa6H=){PYaP;^T#wa8w6e2M=WM8msJX&e|kOV%r7xolp%tiDa{ zW8&9BUsIw2SBrjamD1^Gt*sY~MOo+iH}K-EinT`m5ej}YfcyuD$Y>I@7_?(W5;+dVrZ1fFj5Myd9h*(vVrWSl? z?y~VU4^RPR=nBIYU(=pY-o&3+KA#TMi`uQvi2FhDUq`Au@|j~^cruoA_QyKB%z1Pw z%)(Ue7Bu3h%9yX@#E+gjP0V-DcgYJ*7 zDp$cWaDoxW^r}E(Ay4S?`Gt{?59@Zs#6<0Cd5q;LT))4M?K)pf39=Wix@9cL!ePt$ zV?6*=EQDl^;M7Z&Ylq!3o!7s+R>5>YxOBRHu}t3Go==D8VF~$(=>VrB>pkkbTFo`{ zrM2^0?WonPd-aH@^a`23epV7r@(nvMPrW^g+gcH(H-~M|T7?FFRVk9GJtJ+qZm*K@ zu8a68$@`pC&PL6u~Xwx;Z;JNCmuu+QiAXNSgzGT>nkqR9|sp3&gz?v}_eh5H? z4AZOmh}p0h@%Js5K)=33+FYs|eZ@7f+HqpgkKYMvEvXw#Pb%GAiOtoEhJe#qpH^#^ zh%Up-q-v==er;7%d%JOYuJh}Q`Nutdm)+3_rIO?p>XggQg!5U~Bp9#Zn21u%kL&{L z{0?dU&3!PxS+6<$GN#PcU8^d@JJQB^{Aw7wk~q5c-DSjuzS}IdGwxEMtTx|_2?%Gu zx^O-?G#%-^P~5OBn{hWs(7Ag1wFcs)XkFqq_)!a`d^C7rAN1U3#s>q9U0@ik2r8&$cw}tQ=iEmHKNZk1jtdSx>*l zS)EG6vO-dr?^j?|q6>b8Jfjc%e$RyC`*B%~B$#^w>|9-p_bxnh*o-=cT>n8ho(Rk3*qEybix((uks-^PY~=8jV3 z<8SOcwbHtMnsHe>F-BWz=vMLFhqt^fcgJ|QaryMfnejgvitgXo5Ad<1GVt6c*Km+U zKP;Uaw@UJJ`6qnKB-iTS{#&%F1_l%%+0w;6JTy0cpxDWIj|jZNrM!d>@8_*a^MEJ$ zHF`yUq1|d}+2*ZD<&}4Q4#>sVM~%qZmR+%REGC`Kw6AhqpRwN1?p6X`k@m{4+Mngy z#>O4=VN0;#)Lx29VPAjyvGxXxpiX$7wj8aTj#<(CaP|~IAX7TymX#A7P!M&{2qtG{ zb8CE|hz~c>ck?ev5qX!l7PLK_$n;0+h2zkWBQc>QL(bf1D!cn?9nE9&F@2k9Ri;}) z%(XDoqXyq7^)2JE23ku{&J7ih99Kd?sL8c_>7sQBd|3$TMcr%mwKE~n>fXlw>Yo|` zuY_5CaIZiGpC1CW_~~;MGZl^T9gyv}R0y@QeTXkLZVU`OlpL#*B)GwO!ZfU^PKDeo__#*Tf3+sk&$O#Y5rE$jHK-Xw79_sHz6% zyXLQfb&4(3i2y;;vUDf>*HCLhkgYF-QQ4AF@{EuqU}eGm)qYOlu;(=oPP02pV}lV2 zd&((7@hsS$hb9qB6x0rJ1IEIgJWVXgNd>nqdtho7OOuYLz)4l!)^z?mLb$@zzWG=Lf{Lf%JNm3Pgmf|RQma9>>|i|BcXE8rx+KsFy=iS z5?SosN)t?be0)})&X-OX#gz}Ej42$4yl?L?#h3jue6j>2eYwDeZ(>>-l($m}*4G$J z$Ue@=@hGHF@A@y67z~xs#h4j)-HwN(1+vHW=L zMF%1F*F%+mqbi~rbq6F&vF5XTYUw?!z1(?u2oUDSI38nrkS$%V-I!DKqCB|@;kv`? z*8eygww+s~2U{mW+B-bfU`au}c5&ymEtm_CSI^o$-Dp~hjT&j#O>u!BXQIuuuytxJ7#qXFp@gGAfI7Z`fQwi6>fpzQu2!IO9h)pIJzB zIdKs8mH7SV$K;>=_7TyoeD3NVcm3{XCGb@%wiS!906~?U!)fOe?89%oUEY8Ftcfnj zr{r#%tH!kaxldT6pqvfJ^nGHo z{FvSL(6Lsm8~HZyqIz55b*-jTOOQRT-7U|ZIw`Mai*lK&aWilo;@89jRz3~`!Oo8c z8U46x#|t@f1rfW)$Qs@2Sod6_;o0!#RE44Q()MxdIX7jh`rWq8M{|zH%iD&gD)i9O z4k=n>xrw<*;XLavTTT{`dFRk*8d)O+l~x@FGcBbnB9vRPAcuhxo3jEOr{ zl_@{16jFYUR+3E6IGNauK5q_x_){)MX+9?F zV;R$fAOkuWM7-hjc{FTkRTxB6U|QIFS^BX@mZ+Jd9-XVl+nbvUN%+qa=k@7}x5G5h z2LkB-7kTd$)>ON;?W(+pq7fUSARvl@Ac9EINC!cBRcaCu5kgfVlmLl}fT9qjN)Np! zl+c@kf`HN?bVN!Zp+g8s2&}>T&N;vN{r|?=SewfYJv^u*$;cSbbD!6F1u(52jXIem z=i}5yG$}9HYyRG?eidGTJ;+T?Fm2rWYz|#+R52pPac~KIB+3m&x{l^&XSa9{7k&Zh z!y1@3(TiJPfddyM8BZSdv#)Qzm@bWK_%RUh=xi?5R=B_ZB>;}1ASPB z(`nrdT_^q-(G1Jo3aa6i832{%+Ir}b@63vOD5fq{~Su zCmG|ov2?p&L>;idVuGFm*8F>#zRuwXd7cIzcN9;q6&@%UpuV0TG2e~sF9OgZg30KtqTjKDfbFnl_88kUVPDWfIj};HHdtqL+b98Y%+!RNTg5&KX_F-!i33e?4=Bl__AOVPEkj zKlTAs9!`?jT=>JqIQ&d@rl15G)|1|1FT3q*dET+d3eeLDTmB9d6@)83usO|dUN8M_ zz2NuJtQ;+1FI&I)ko=6U-ObG|$$ApZzw0Qx{tn@hl~U0S&h-e@_v_b4522utTefFzUDPIUzzDp)B_Juw5?Q75B(@cFeTC7jAxd3d_4*oVATBq zS>Sk+Jw+5W5V++mR{V!;yz5;mzqkkgUV||!mv|<_S?!=aI2L#G*p89qz?Gn_f#S=& z6`6S+r+S&6kf)2U!z2&ES0I`z+BG7%JSj$|=-Zjv4a7NS?R~3tfyke!o8Wu5$HKHb zJVuy!R?$;hL+p=-uymS8k-S6^*R05nwLvpZ`0Av1(NE-FF)hLdy)t*q^PjC?ep6ro zIDvG=@0C9N5y8b=0}TF)3tP+Me0bNwtD_a)LuWBH^cZfOgXax)x1TAuTOo2z(W51H zS`{Uy4uHj(hrDO)l)V5t`DI34dU`K@1M(Y_`n#6@QCzeAZN9xH%RVKN^?j(wN?dy9jSJ$Y?oJ8!Rl_ zr8-VuZs6nfubg;9{FNr4+DjhHy`>KaIOrpS^U>$Nm^tq9N_J1mz^SovGp%ds&bKUy z`I9yY)?C$4-5OZ3s52{|xSkF@ zU6Z=Zb}F(NnLA~v?)3KcIoD5vD*SRO)`slbWcx2~Zk;`XRS<6^>pvcWQ8DX-qd7%O zXP=(h%1lcWlTmmZ%wycGhQo$7F7}Npi-if#ULP*Ik1L%yrshM!?445X0P5cedlY}= z8}EX%9Sz)1mNEwS7I_=wvwQj@r>=i{qogKg>JccqzIISb|F8RRJq=>e$s+u)uO}oH zrY>i)Wb3p`Q7-3C6;;|TB$%jtpt_|y!$#rTu~~bBocpRmL8lwg{O&>iT<{a@mq$** z8P;$E@!-;8M(^ZhxRrHk4O$#H&0pH$jjM+OVCdGNNon|3U!?LcYUTOA_h{y;fbqmF zpVgDz6TYPCQHSw4zc=%}S-J$5;+3OMzOT=^?e6GIzDoP@-e&Y%Wbj!_ZvFiM>&g?; z*L>f<$5p*QgZH3mb^xhJ9`~czlba)M+K>BN!UooE6Ji^r2Jsml2nt^FSwPyoxki51 zB;9bffI3khRoG>`O^Gx#(pHhp0{iyRk)V-E>$T>= zCXjhWD@38p$3sUVi66uBG+`j!OC!p|0bV#E&GnMQ5mHBlmf{M)s4D$uD32|qaYJOY z+&uUgMIVvv{3|?9rips(_yL^)w00-O%Di$~2Sy^)!-q~mM5f9w*X+8Sf9G;HFipMx zv!F@kJe=y4zWoIoJtg1U88u&{Ul1ZQ@`xl&2d~kR#ieQIlUHUCpXzXkz48f&9!^MG z?TV%*F_-J~Xwni$Gt7%OR73IGTg6ud5$d1kd%?tj6%JderkoF5RM03{TlFiqYns53 zv&E-+i_Z(WW(XXL{K~1j*OjOwsi}C$@!l-)kYfLNRBIQE8aC55!6Sp8x=;9phZ;7z z5yE&!S0-1j>V(x_A5`iV20wd%I9*zryL+SPDcxo0wDE+j{*B$obu&YZ2N~-X1g%hE z<-b~DTj1L-TNF`*7^F;zfWnQF_6{c>uRVFN#Es7RKDwtS8iWk9rHh#Y&_9S zb1VV>>qhm_KJvi#_Kk=V#EL9J1(#$xm2f5O(+=`Lh;h$ZMR}&>&(8?HsS3^-(ailJ z`{6L4DBzoJZ(b!Q=xBQIW5t_X>m^=GR)R;;6(}V*+)ZePW-PL?zWtO*V07?>PtW;c z3>O@o@`Z+bjf~#$D_3Jc_D_6|@s*YvAPVg(_JAxbt0s(3{#jg}zxKJENN2@}4>)6p z{I8?=-Q~`-gEE+g=Y#k;mr~qHM|->fl_V4hFX>6$*^j1BZoISIN-kr8K_a%z@T4Oi zq)yjp^I0u*B>>U!)N@nJH&zX+-wLW~PlJY;ap<$F&L4A<4HXNJjdfaF7RQOMjq6f| ztZ<~pvASU*B+UXMS>^s(Ik?l%O1_6~A@z2GEjpNdeX(2>#FvojKMiWQk>3b3{>n3& zAgb)`S{4)R$CfwXbGPpbh(lVB@OcdQ1vSi=(}+5TQQ>)5c4x;DEeYaUdk3j{WU0DU zr0YI_dlgVd+v8kroQkOwvvQd2dogf?e@+W@`L^4yUy{p@_<@!ipLk%wK^(9TJ6o8)Fk%g90a#Yf0C>mV|e*F~b@9r52 zqx1^KgTp*|sDYt#DKub9_Peu3A0n+q_L$CT*>4L8b?L(BZi_S=U&)uF?E0c7zt}L+ zek$IlG^u@Ge*=2mTFn0KA#HJN%1!rS|$oCLLEgWagSSj31yvviWj;DQ?i#$Uhd z@(xqHrtCV*MuB-$ZbPq2x0*iw#x2+hIYE7v_T}_!$@*~ea;FINmjHUiJ`9hR?GCZ8 z-XP&?)(t`JgD^UD*`C}! zwhQ?w(XE6O*_S=lMp7XIWm#!octLr+Ci%c?B&xUHw^-n|nIKrCvTz%*Wx;LitCsID zPzmtNa+AL8TEqzF=dCvCEoSX} z$nft=jf$;jvaIu?`@sBi9G+7yQPIS^j9&e%?l$wouJ^3;tqjlJ0 zj`8KN;-qn9vm$fxcB@MPYrs#V64;YAv&Lu7aSN(oZ)zm!tWb%t4bW|baYHZFAb030YL`>7@(?YuFG?1`x4Si7xqc24nl( zso}bSJ?3Nw&YX_kDobTdLoY1hcTmbY9=iHrdw*c6HvsYPT1S(A?k7K8Pn#m5lF|>L zLMm73<~rrI|7J~|vc<|-K-=WGU2|jsY}$=MViv}0T|u(i0B!2H!75aD`myuG64o@* zPaA7+17;oo4SH#^ySCn|mbrw30Mm&R^xy{pN5!2UPgbtbP|2uU%B)!Ho!zYh$E>1Y z^-*YzMpTxd69J~?v86pH3nnBQ%k@E6ZH5f0rmrz{pe&-Nv?mUubd4n}d)&eoVZ)Es zGvlZaMc$_kNHiQYImpKyvyrhQw>$gdit+2v47;n9bd99!g>&@|xoHeQSiFeUk5+59mo&ULQ*-v= zNYu4}mX*{G?Rk!KW@(f*rb*o5X;}R}uP8^OCU_ME+y4s1 z-!C#(%&za;+5LK#h{yyV#lr^LRx+mH0hMkJ3~OH=a#_t$Za=V&1Y#bnfqkqO<>?Q> zJQA!~E}!W9L>8{gSx_n>x{`g5C-KdyE{Hn*BtIl#wwQWm4VsA4M=5z(M13ESaB|=D zaUyH8&%gT>FXNY`L(*K_LaX z>psa$8Qq%mTV@+K^!}iH?d&TbFsTILY zqmc?dUx~imwF**dK(^m(7!s{uEY&2UJVI19%t+HXTa~8Jus_P!ow@=nh0^%KPgD!@ z%FRUa(B8LuRjh=mzP>zJ<5ip}@E62JZk{cEf-7Cx;%@)YzVSeWVK0UGx$%n0TS|<`IIW2`@>HpBeQD*YeqG3e^^_t)xUah*-CB!p zglVx2jrM|Z*OTVUiYt1y(p_aN8)D>L9cVCCz&d?CfHvZc*~;%pVjNl6o?>FjSLw8m z?KyU$k_?+7XN}3bZ_yoOA2@o2%=$6!$1z(Z*E;EsN}T`9aKXE7%7?O&|Iu$GXif55 zy!%oZAQ^4~L3CFmV5E(MOy39i0W|fQ6j09MqaBRQ`7BMnCiuX%|3JD5JE-=QRl|;P zV{$MXyrA3}whB^L_S<>y^L}*!DX@*5yLdG3HECoKuZJxJ?wgIBuG z`X!4#zU=S%;Jn@^8}lPh^DY$D@p-*X@wTG?(wu*li{$zo9{NT)_D0^iU4r*hvKn*B zAfhWO2m&+Iq6X9jryT%`QJ-Qb6x#7^g6IFmRQ>+eXEX~S;o&4J{Nsb%)uPW;4xYBf z-XHiAGB!~;(SAYC=*T&v)iKEwOx)8q!u{Rid<6w8yzSW;;IpSH;0G_HLvOgH%64#w zJ@8-?6F~nVp)Ag1Yz{C3v!c#s+n(LQ!bCgSy{wny%Q8u+#b4LQjWZoM1ahM)C$bBdN`nKw8E>5hG zd0zt1gZZ|gFlmxJ!M2~$#&iTs&$PKMkJbLk;s^3mOIr2DKdY#Ni`1)}xNa#aIZUTv zvsv9nt8%M{<9lGd`NuDJ+eG`0#$f|ZlxWmrpMSY@Je88KVbu<@Pkx3iu!(n4h+XyE zzY1=Z*YiER|N1y*_K}cZQu^#>7F^t%500=MB`nF$b~X%ffj12OZ^BPS#3c7sXy2b!ue4VOj~(ic-~oWXAM&d} zB~rU2F@k$ZTNMOI6c7(T@G$Gn^P8(%&fErE9D)x@c6xrE6iR2we0&FbpLX~O`}@Lx zDRyN^1~-aVR+Mk{ezV6%Q1GB*UP@1iI@ryc;_)NmD-MV2+P1AjsJV*F5vRvlYhj7UUo4tJP{aje2wB^T>OnligBPlJn#d6!`HtGiD8WG)_}#) zPVuz_UK<|4r=R-Ea&ru|M(0aB{~*GUsg8NQy(Z=m$oR|)Yc=XEz=Q)hXVP41#L9vV z4~{(f^X>g#|0#O~*hjMw#1G8=u0){7S+h@>k6&GV_<;|k-IF3S^W$q^JoI|-ar*NN zTLq1J%^9cF0V%;={3JbZ)NvA!dwlG@5!x&8hr}I`W;b7bNK_{2ook%ePNo#dPSI$n z)W3D0f;Uq5r#sF*QlS%2)~t0UMww%;*#4I%;&=a}Tp{HVS*+UYBh|b!1I73Q2iOlK z{WQ}&mV2Ok_kX7ff;e*>i9*UUZ#8fep#G?)Hi7@boDUoT=Xil~Ri254iMNJ_0f=aF z4}d59aX0`z4Nd&_bFihMa{r#G;YDD11bhk>v43K?4izf_o&>o<*a~1d;O{~R?Bg9X zp^aX*-B>nte?8l00fBVN+C?infCX$2xEFfY<5}&9!E*z1oXr$0E&+J=;FtVmNHZGO zJ$C==MKBsp@b6l-+jwYQJ1$9V2+E~|d$ByP1%WvnYk6P+txHHI3jpaPm;)5*+L*Bw zE?@>&996fIyyzs?TWeDi%WVmhtsWw=?dJ^Oh$u|^t+`ssRuBFT@gDlmhbjIPD`%tc znzYe?>b^1VB4;PQe-3ZoIC^G?)xwv&8#mOx_nK{`#Ur^nAtz-W6le{ZeV z)YOWtMD}=UsF@r4QEoM>X6AdW^a8Z3HgHCSXVzot4ZBZu6M+XS+0>^ zPXKLaSS+F_c>6--1X52W)y+#-9QvkQjL|sBZO2N2^Hu z@8j=&u^)uLb93K3V7sj~*BexS6KEW|(CQoR&$} z^9)nonog~Xyk+<2Dt{ExH{$3S92Em6guUS%>3jF-NCGx+vJ@XW^j4Q8Rbe%(HZV#ABU2&#!jy1Rpe@Rr#7<-q32Iw+(!)dY8^`chhsS zdiTmMy=~@G9#1WR3y$sj?KyAmT=w4IjtaoKp3O9w$AbPojOXir%M^r|)N+BP>iHMH z67=w#@ctjUREE9twk|}`(918S;>P5yL`DoSA?}f^?OV4Sz1Hz$d^V(aJ&zUhOd1kZ zAfOg+w_qL(@fV1s_w6PSAdvt~Hh-R;IeWE8ug(4uPb`n($gTUBsjUi#RlG#wl$=lz z9*_5~&0utI%@I7FHg@^qywE7<3z9k5C1w)6I=Qkc|AV!E@# zH(){dyYP8{2gTSWprH<)JOH!MR5TonkG)C}ikHtCNMc0Tw8pM(>&IL%R}@vY<+b&7 z5#+y@ISZ#rDY|#uH3CnesvY@euj`r48Vq9IcJys+AkGtkug4V833W`?8|1MrOn62> zBsKQKn~O4q-%8OF)9AI-O#65N!QI75xD)W!qVzI+MfTD~FIBh=QuR~qruzLb-Y?uX zX#(uH?Fa74cvjP^V|;Syd3N$5?(}xJy$mvC>{`5hQP)EUIxr&Kb$gszmd@hkI7E=C z_aC(maMaoQeJS6($TUEh7=nneaJPO7C+R4|CO#$$DmwA`36$E&Rx15HAN!J*K`FE> z6RYuFSvI&AHpF=#83yqD2JOsv)KO)CBawF*lA7e-+l2So0AWbC&DpqGAg{0ud*c0m z7ygb@Ho||!Z*pT}O441ty(43G65-%QnaeLI7ze_qrK7o@W{<(P>k@&$;@V&*MgqUo zU-mZlwMpxM90ReK?ueEZQ{LN=+}YJJ1O)*(MCMXd3VPSKv1_KybY};^=2AsE43`SZ zahXr`D*Sa!?R|IFM8-bv$+hILV(|Xo<#%##{(QquyN@UySP`$-!$Iz4z~h*6@{Ply zFvdgtwR_9287&L(_?_{|Y9Qgj)Z8P-L0{H)c4nq|+>*~v+(#6{=^&u0sycbuBN*I*;)vp=-O!DuBY3c2ea^bv$g_;Jk7tKiE?gynM(UA6%X@ zct@6#Vj-PJL>h8t-xC2W-duWl{%)3v(R%%AG&CpmSzh4w^4;@%|7qFCcv=&4vEzb-DRovb9d7I_c z9zxb6##HoB(*qX$gYo$M?;ip(T=dN*B{iuTFAJ2+S_<&HnO!**MK~0Y&J534T0%Hd zQholsfGy|G4}r}`lyBgNd6UHlD4%noi#G3L^HLDX-IQ-I_nzu<3hT{5o^6V1_PBr9 zlQ(1Xdn9=lA{`)S3=kke01Wki^^VtgsiwDFN=&RaSqtKA-?LVTGJ}a(Td`(p_J*i& zUUkCg`uo0qF0(o?Eie(ISkVi!&S#s2_;yqC53m<7jb8GBeo6bbpWQ>!?LEW#-SE_o z-ev1Hk6fa+&xt622v@FefhfZx8?$BhiU7K?(y_;Tr##yulNg!{^;{Y*X{zabh_RiB zu2}ASB#+U+vj`NCC8+yCt`LNpSVt5W{nn}NgWq$Fu7JSWqsZ!r_?Gp`%}-jq{P*ev z5Q?s2Rkx5f3wZXdJmw3Z`X7K0b-XtVv+b;jzfvps9(S~;ps2{zGqv_sdkz!>UK!CM zhAkU{G1beqZ5|PI4#HikBhD6h(*bYbA3|3q1;2sOG4(a&S2{h=ccy1!wH)h;Yg`8J zDdjQrM)3gmh}O?jsA)j(Tl3b)&ohdV$5!5N36x$NA@=r_7Z79HpVCkT^0ivmSmZDy zt;BElJBO^J)lRP)?aK#zZSNnh8V_JXR(Zh;FqSLV7t}80jE)1bf?)|3Nq)R^ZzDUA z4!gNZi8{Qsv@EbsGVU$9Etjeau68V2GOfLh8wHdiR1{4_b5&4ll*#}$My0aiw=QSV zkLU?1PPyTuRn;)eaH=Fmc?msuA-<7IJau$IiTXGUwrAMW5Ysp`8wZnHb@5&Zkv?eH zkM&j4WnxA);51{gg>#|AXs4aEn7q(iSw zDEohNA63+8-qO$acQe2C?y?T7zZ=~(g7%j8->F+v^1d{E4^ZOnZE9<%n(gk$FR!GG zOm%`;GJtDAGx-WTdoJxn&#u@9ewaOdX>_I55JkYl@G5`JuKe=mqL)r=MOhJRTQ4*y zX;5WvTV>nP8JONm2I_IMv+>++xl>7_xf=8y^FmuZrtVY+(*^}fF&47FyfTz+%x zc!8Ji8vCyJPE|JSOhRcZZhoE$;#dB@I?vZ_@{jzTijo@wf}G7jn2Zk?1$TV=_N{** zXTLWJB$Dxh=$}88my_b+1N4!llZY~7-jnrf3BkeoiMv@-(}J}G+ckBr@4CFaDadv0 z#>H{(N$Li$Dv|#v=&j$p?1;7-b&Rj5{e$0gZq7#2c^VB`d$w$OM|KChSl)X(Z9bFS z9dS%w%erl$RLz?sTJX@`{#_uiwgK20>{_*JsDoW}YMSpx!-Nr3NixM00_n@WX?AT^ zx0O)CNf8p{7uU0dsRU)w()uV zx>qwOHH^gTk7_0q9rsdv2MJ6oz6snIPkY$GGh@0s(H5ANPGix;!DT%wFIEs~xE=1R z=LdO8d2&Dd<{*AgtMS*?Z}86;gLVIFT_N*zzZy0=eU=@q9$~ET9?$UCjq9%iiR^sh z47FibaIZ(OFFb7{+k-!aW62J2$rcq|kqr2oJjf!GEUnfqM4d2j-498xsq_oUgj~^v zk7kZnM#3pWvm4<7ze4aq5$&gOL|OX<;HQKyBJ394(iDD)P{4&+$=(Cy+O?=?*ph>l zAD#<;Az8e(0+D)@a%Hkww@_S@T zD;`V0LU%A~xOxQxV(Td2 zYfl}%APILI+MAdPj^scsh)gT(0UseflwVZ#8R}ZuVF|KIspU+Tf5HN0*IIocGQkJ; zRZwdbj}NGwN~+zBQx13Jb9LTSNFu(7Y8~9w-Gh5SQxXeYUtf3T*r}U8ZxuT>cW-Zd z1qF=`?=5=Qfoh#D4+}5whqG8~O6~aGZd3t`p4_GWV?9ojIo`Ni9t<+3m*dG>z3!}3 zA6NC}D|>`iL0veXtDUc(uvo}o;?r@f!8C4svi;OxoOXfkfUb{(@Njv$ zop8>o!a`Ne;U^$4I>ZD)We<6%*N+fH@mAme@kO12Qe zU|;S|Yc8Gcpu{!vl3-B?zLcGZ)mul=d4&_~(OUYy(pXgSQDF(9B!+ryB-R8vknt83 zgxAt%yZIy9k^;Dv6wKqT)f-nIvO*NC=Hq@f`0eQ@PG7yi2y$1_an`i7%<$+n0V~6q zA*A~x69n&I+vj=4s^Tk+F8wM@dw(MuU3t%9GCK0s)v!*7IbPmR3Ch5T2_Ob zn3rsdaR4=9VNXLMXWNqse##cX(&99jLwM5n3S+LrY1y4QIKLQlQ~8-v>KGv90t7-a z?e`p(ZBo5&`?k+)Th=_SC)XH5qjAtEDwSibJheg2Pmi?@^(`Sbw;CZCC6}=_R&T4r3jvRg%LLfyw2JNTtO)avw zkJ7z-om{WAkuJcq$V-&XsWHWH)87&aon`Bp{trf|85D_3kJvi=d_xh@qrtB}b|K}G zt^3LP&`|$+dBn1?1p1M{K*0sDr(*`~^nj^Ft5_iJ7GzYcRsbQ{!+g_ot7${@QRRph zjhUW4=KCuri-gT17L%0<)qz`;<$;XQqkf!i<*=JITboL$g_Wx*xyTA>SDCIT63gg*hKt3Jlv**k`&9yoczRfq=Ln{qJ(k>RR}oOSES zYgD7VXQ}@BE^R@StH3$@1W&quj25*NsrxJ*`Ob)UWQA?KmI1xof97q;&g@HcbXRXk z<+k=h-HvzaJ7R8Jh+>0$==|19h;~n=D~hU#WaY=57>IW*V43ZTIHO3!f}M8Edag$y zs44BXXZXN9tw?;w{6%W`p!G21pk-u5 znWmWRWh*(WncCbOz?jWr>GiN&hgE>K^W(263!g9cI|zl7MA)fuEHd>8cd zC)kX~g@ozr1N^JrmG1qJNDGE9E;+j58Xyj;B3D3LUA0HjYdHDh!pMWXV?T!-K{D%Ih(i1)sI~<2;mym@6{=h+nO13CA!dDwu(#@ zT4_kE#x+mFBc=B8L%M;v(+1%JYd{!+RmN0oUk$4r7i*ez|k^Nd_bc?J&EP1@^x4{B}Y@4a&1{Mot>& z5H7VpvO;xEfkxF6t&QHbJJT3H@!gSeMs*kcao$`V&(*6i@wCB)VD6JLoITpicQm``-8@L zp{f+_&#S=xMnHF6IFRsh-fDk_O3sYS5>-U{%l0rv>}V zE*2b5Al`bUMK5nb$#%z~ov`}|9_r3nkY7);pF`1#rz{^ z-@GKe+0hpq{BwI-BI|JE)4)b!^{m`eS|G5K)H;ADYB4lrS(k~lWvRz18Jc|+z4)Ph zixwawvDy3ZRQ3rk^-Iazg2UK53}$tq@ZOh zLP(9}{U+9v6#ar)G{9oE0cpBwm6rSU-eUC^AaSV7Xl>Lxs^)kztLVUAR6Q(IAbW3s zzQ#+^2}z~!Epr!QRX!9?)f+WkI*^qrF8U?BNQ)gQ`a}Kenf43`Qzh=q)qRB2HS14; zs++@iQS;rl*URA|Pz0BYk0LZG71?Igb$%b8s1u&vr6~P_;}Lds1wRl4?7v=>MAOf- zy5Log#&55llV92cPjWoZ75P}qaoYI6x6XFG32uVa{)VS>lCoi&r)+r)*`z)=Gpk6O z7<$N342VArqNhw!8z0^db_lfiXX}&mZ@ZVUG{~BZ+2X)LR$lEt)0B|I%Y{#Ck)bR@ z`Ykd^+}yK0(?=ThAdv+J0bRE2uzgVWl*rtKEKzF z{lkwlW!0`1t3jqk&|ecVy!^8Ls_Su0Th3NY0PrVUe|}%FzmYgSq@E&4gFH&d22vCL8JpIh;Pvlt;u*CN14nC&sQP z)+udTwGnHBjk$O^Vf}rdyY`dLr`G$=hKzT=0%7pf<;WXz(5>Y>c+amqt^r!k@&XOniR3>A8+w}c8F zsQ)?-JvRt{$p`DKA_mW`19wOE#Wj`EJdwR_OU@RBCjga9DXmtoK5P{(ip{!lYb-2t zDNd6**^6|}(^WE?VH0bbIIW?sV}UvCnkFN+^Q_TOc`-=s^-)eE3kF(R-JB4F9O^dW zxBc?A{i*tccflLo{?b0*I1K)3H9r~jMp1wmcuk zn`4#@3=8CSno+OanIkU(0-qc^B-H<|@bI403K9opi=3v*+b@q*qxM#lEZi?RSsd@M zgeu_&4xVy)YQ|>&nY53Rnd;{DScDagD4VNi0lDmEY@7EkBCNpH=(QrShKhE{pc(L;Qt!!0z1T z?qeXk^RZ`*P`Ku+?>@ts2fa_tC%!U<wP(`ITC)exmjKzR7pw9P zg?5l%U%KGf!;93v2b26PO#A&J!#}ND6o&IbXd_UfUEKUN znHx1qVavxbMK%{8W$JtbrVT8!bIA@x#D;WAb33keuHRaBxSN|Sp{mN}lu10v<+NEb zabiU6^%))Au$id{J|xbb^QEIx6((D+wy=>)y1V<7Sm3o7A%&FoJS->m+vC}OkJ+Lf z)4)GP(s26DmQuo`xKcVc!kd@f^hOv(dqGr@U0w8iMs@V$&u&3H{Sw=(sw&7fA+}M5 z^GA2YrKv4B&)@;q1+L0%1aI$^<2tKf&vCi84F)0yi?NYUAx`z-YhM_|9Y#g>-OpR* zB>9>_86b>Vpro9RJ;pv_QEkRSN{VTuosKa_q%BEEWnO16FT3W-{4+ct&;OU>=1RpO z6%rAs?upt!4SuiwGxZ&}QcYrLRs*}IwaK+!j9>|nY?{5TT|8ZbphuC(OLO;I@}iAG zYRC5FFCR;M4JeRG?nVXZJRL7QetoI0xgE{C zks+H}(Pqx2Nm|b@z;~uZ?Th}De5oR=mocVcKv_Wlwq36A7TIz1AkSZoy%^4H(#YTp zSW?X4vqOwln2+u5qE#Cw?yhkHbBi@WdRVVBRME!r(xRf~4be{0Uxa;kb0%Nv$|>iY zvfe-_{oDB|I-bW1Oj&9u%AiDpcMzZ|O3eYBLbdzY)v%1`uDm8C60q8KcDZG=5;pQQ zO-D677iTCPxcf`QqS1IaAI~td|9st2DE?NmX-r4wrwRag0?x09SX3nL#q6&);y>qm z;^f=WlMSRAYd89621)pZz|}F7&kHm69x7ifu@i1h)+(i?K1RnhUcSSjT_cCsD ztWyoB-uAN-xacz`%lD{wSaCv^H{EbvPqF@7&HhlE3+r+upX$0x+lRIKz~uRoF7Px#l*Lt} zytCHTpvwB`*zm_R(4P?p?G~?1tuVg32asB*d$JQE9eD&KAejh|YmbW2UD#PzJte<{ zXE^kMbC?&Ff$VZXz<$ttvO|60s+Ql|2Ra4HvyIG!oNC(M*zcQso)ulN&)IMIl;}N5 zYl9G*z4@Uy5aU&<>9`&S7}_=Nk*+N3UKL#T<<2Sxt`VtSN)GfXZL^!Rs`2z@KXm8j z(5ZoDkf3r`06o8PlbN?eF8{Lw9WSM33K_QVcCe!$HDg58^|7m6ud`7-HSVx`-*WIf z;^${7*J>og=n;}0>&U7njw>!G9i_2*){hG82Ar$HfE5k8Z=Q;!{ew4kSI^ge2igq3 zc@z=tDT75IfUA4~sr3ruIjBO)I?TQ7@a6q&)Yu(!xw69hisuQ@HLYkL?U;RgKF~X4 z@3;M<4D@PRS5a(nxU7|?@v`*CW@t$ZP>zh5zABM1ai^b+o%XNZFKqGu$hd$h=ND~Y zY4H1-adUc2s{2Z?>LIaLoq1&(W{$ZLPzTz&diyqgUMXYhz#PCY=3kPgW~T|+Ujvlp ze!25M`qjTCE29Bzj{(R#+Gaik{m)_}`3&HJig*Kj+wDG!-7_tijqzDYAi2!P>v?@r z0N@G0Ih_JVCD&?bH*BgdrF4A0l~LFx6y6&R=vfW%meVajGDnQmg^BZW;eB-QPE1lC zYx7&T?B8#$*xUOi7878~oOGTu|A*|H(t#vB&&H^Vv5o$FLD!c5MH#3tMa@*c!`FZf zW0is)(Idaj(wGqI6<=~s2=m%Mx2xT2f9oUv`48~-|9{#q{&UFxug44l{1_wMIfjD7 za%ZBCF@;~jr+aCraIJ-g~@H5-6p zj7p`hJ^G&q;lKecZbC@tJ_tx5;$d}}vuA%}p;tHu)B#@ZyW4b&lQ-~{<=0^c5*%8? z`Q7&Eua}EMKH6^NTh9Pl9gaYdfts8LL}~x|o=GF%nFv9k8v|EZ2q>ana=sGnj}YYS z-2RzK8DG5XF}Ckf)a}bV<)c0DWWPzqn(+KJpY+oQgh?Ck)!(YhHa|uH9<2o?At>ua zSXol@{0OvTZH@*Xn`} zD`lX2=~`JCEhL-h;5Pzi|5^*=5PX?+Mub6M^#SUl;(sL$ia%FtEkle{?Aw6%fGV)Z zn{^`ryIYoSE7pGFrGkoN+C!D#SU%a8TmsVHRx(l)&sqRHncgaU_t|43mggZWl$SP> zOBendRSGic2IP_&2SIHIKtL~%5HVXSLZ$yqGjI#Q{C$F2m3DXv-z84lARkntWb4(p z6}|KGc09V|umCKxoCztH)ZX6r%XRZ5xSM?*Z*!->HuzWP*p1Fp!*2n4 zz}NzB5Wgu9j(Ntg7sJH54@VyDEk3|iWS(G^Ga)`$)WN@fPH{cQF3*R|X1uzvcIY>>-&uGz+`XOm8vNS@Tsy5;ku zXXghUh^0tdcJYuAPZ$J1nQr>|>8{^7ZaVg3#2i-(d~j(y%<#%_u%*evf&BG9{jul% z4oTPFi_;Jg`d6vP&7CKwxv zadzJY=)wTzmMf54$Uxe6F_!^qN=t#`w@>wx=hN69gWDUadyC=w3gm-98ML}6YQVp_ zNUMU1ia~xQ|2qJ{4AeXAt9=0^^_(QUI{!Ntopp@c$X5OMJHWHL7z~1?P4Krr>->4a zNN8U@i&*IW9uNSn76dm34^>HzXnj4AzBw=&Bzv~t_`txxFhK&VW^W=89UiP=bg3B- zz;=TK#(YFi_5oMG9eNBZ_e56S#FbcOMlM%+@pJ_Mjv_MZ43d13#gp&!a6~#XYihve zR#pka2OZh#TMCJvx4cS$-*C6t8uw&;<YBf7Z*G479eP`Y#b-5XcK;t zDQuj0@0E%D{=xsaKC#X0X1TYZVLP0c93|NK2w5Q?WZE%@j>=-$mF;&0LSDTAmu+)_O`BYf%l8I0EKdN?5EPw zc$Cr&OfD|+HNT41{&8*M#^xq`Qzx#!Iy1YwMyi#BOvtA=E3rzpwnp7sJye)?019OM zE-C3u*T3J-!8R)Q9RM(zQ^oN*`+3pr%RE`hvA8W$l^`mr#|$hHL#c8dh^;wfkQpV5 zP46(@l|>!?t&zK($W^m0-t~c$u+p8T?zXqfTD#b-)Olz6cuphf-{1QJ094+QKq*`m zy@M@3cnHYB$;gkZ9X5U7$F4xg!u{up0$`$x26@0H?*IIGHFpV{o}3pKa@{oN-_Y~l zAI09@|G<82Se~i-|A;z)kEuBPf3Nsb5!t^&(FP~#QN12zK)jHaeE%4qM01ImAtn9a zwY#rQ0+;1ic0jZ&kF{mACNJpOr;IXC@P2|Ic)VD6Rp!sK8QHs`jNi$_9o|xE?wZ~n z0o>P2zyZCKZ3vv~sY<^LQ{z1Y!E%_~n z#r^wvivWz`2foCh2yuS&59(u^r|QSWYbU*9C==^_9}pa@nhLSK#0`HV6(P~pD@DX$ zk4`eO38`JIf{Fa9_~&X-#>=8c1h$}RUBTOchFgBUS1;)&pmUh^v65_oDklY`c5&p> zT6Le-iGEi5dgylhvl_qUdSZ-0(tHjOH>)bKYi+TX9W=v$el7G&`DA{IcK0jNwZ^}S zBFx_NS_A_BSq!n8H^WKc0}0b1fTaCjzc+UJZv*0s28Ylto0E!^KP?J%9WffF-<5Yd z4YM!}b4pv|H9v!0u_|or3Q2{Bx9(J(U!@PFyyyVxlV!*u3VQO>Nt594*A}nrh>ltBbAK4FK>meYiWFP%&UsRfdZ8q`@ z8Hh@~)IrAp;I<4Ek8JApg2R6RCw?hK8eX`LX)h?TgY)sP@NJNoUqWn}WXkJ<=cMGu z-UFjmUEMBux1SfyUyHPd1S|JsxC}@7He}|vcRBm%x6DP^b8aLkGz1^FBs@=>>_mP) z(%}sM_Y(%@0_K3f&*r2FpIv-TN>FrDA1`UdqDZX0cd7P{qQ|M}kJaDI`{EuSqLyN* zaVLHp=Sm|@oxIFjb45>AJ^XBb-1`N=t{Ky>7m;R+gh+K$QTN!8WN)-^xz-8svMr() z(v4n+9-|M-Jd|s^Dc~inXU&}BQ@X#P&(|{wJWxa9YnzE{y%|j#j~A>^(A}n!Flffq z9Rjo?THZCMbfG%jj(M%anRKP_HZWvZwa^?DKj1mBD zzHQF6`?nA(xfdt`5pYd@!*fGowhY#Y+NI|jX9S=+Kg>}@t#U}s)6nY^{vLS44o8$0 zBpJApBq#FEZUC*TsDRJr1E1dLDM7$JBvo!86bal6_)qi2zdF@1ZJ&|g-SF=xh@TC3 zuX!F?`&7kyuZl5wV!PG9|G@5#%wy6A&l@%_r0fvc8eYJ{#;cLo?WJAywX&ZZ%HLie z-$gPVecJmFFVMM!Bo%YLi2w>PhvL?fX_%*MJZ7=h z0_bLm(H#yLn)9)?DWj*1HC_6P9@1Itd0Wx4ZfPU)3pZ8ziF)|_=XN`K3@3Jet^?<4 z<~7TVQH*D-GQX2d&lY1@kH$B7hQX#?S4Sj|e?Br?as#W15&M7~Hmc^%%y?;?9O7Fm z3{FYraXoX`+wll5zd2K!f0mxK9ItF0Yry-Pn74CAFyL3*tw~uQX|P4=QImN~vl+oe zX+*o3^2K+-6-KYVeq}IRn)jmfOvn2jd1a9V!L6p?W7;Rej2R2PF1+Lm>hK{sPMi_+ z>>Vssr;Om44s$sBIPEv5YlfXAm@}yu`ym235b-sT!(roD{fk`E5$d5es_*RAn)gZ) z66Q)AtzUUYwCKhsg9K*lHl(|>W{*BMqTj&p3-6T>h>ifF~=N^v+s4UxYl{q zdAf8qBTl>#dgi%#APflhCH!V?hlF{r_jxNY4#$ki-Qn~U)|J!OmZz6qhA`%euuF;~ z3ya_=c2@3iWs3cKtq`i>n_AcFNL>EFgAxa?&4U)N6yh6a!Q+0_^4*f(JaRcbMu*$+ zHeOxe6q2773GJDA$PWnjc%3V)xm96wDxmWt zIs#%FG_SSVLRW~X`bUzXH;Ejyp#z=W2m8L1w}0Y{@|*yBU%m${7JX~e<6wXz)@WU8 zI-fM4$%Y?|`+_&f-HjbCW_Ts#i?@X$-l1x)jfy0kjWW!z<;E4+f%xblCULT&9xgJL z`*w+fkAL7!85Q@4K%jp!KOvF;1K}c2$A!!R#S5+js6!<>?s1dreu>1c1sdmGyl-*0D|0E2aM|lW3O|{FX!Wo`p*9c01di zf4i53fXMC8T5%Z>_K|HQopsR;U9tY?s<%e@#_FAssRbR${PfbV7mAbBw~?3(Dty^* zRB~m4?DBD}zhv)lk$!R)8(_y_DkA=K$VjBWa{pyjntRO8Bc`ZH7@`J{b$GHJKt*t@ z5XIOv=($yoh#S40u3A6$>;0`snZo&(mFFGTP8bY3Zw92E2?xLX&eyVzi7^g{)Q47z z9FLKyi*Ao64AnJ)61q4mk1tZ}6Bfmla>$vApZbU0#-PZWzf^^#?pK;xY*Q71jmVlf=nF6A0>kN>%DTS}Ug;-r9aJ;+ICjYP|0&;V%Q*l7VdkztM*=|Bb* zSF}Zd*pnTpjyTy0rD*32a>kLK&U7(9h-fgPh_0^D-#Z)!t~B?e6YN=vYarAchRDQp zv*_wI5tMx`#x9j#fZ!)yCK}$VU@=qs7XNEx1QNC&ieHlB6{B{s>>a+6oWoc4%>r2G&QuE39}IxY0d ztkQjU#>_?Gwb=MZM)lkaawgy(bXon^qQmt?fkkiS=fw3VZaX{{FWXM(P`ZafOi!c1 z@!}B8nq(}C&+GWzyJ`8Qxrd*Rh5wisxOdbYP$p#Xhp%bEVlj_}u})H{UPCdaln$Za z+t5x3AAX_THooZMlrS*=ijKjV;V|`wRPHq?yM2ZF9tKDy7*hO9r{d?z_75ByI0}HxgAj-=o^8Us+xlBX94`Gp zB(wb5kT@pRl#QT{v#XuTt8xNX{SONKs8df?Ri`&T5L-&BCsq%-AHU4l;bJ5d^F;?Y zSC{%^M^(%zJ1d%den?!v@#{7U-8l3M^U|dylQc}E58C9AJ)E{DEZw$Wy|)#=yA%BF zZ#a1ZrLu2~N?`-Bw|@lYWdX+#m!wqZyyw8INNL*Tk#{$GGvyZRg758h%^s3i2cNli zpun@eZIW9&WMf|8>Ta@qEmxD*VB?jH^D};}%;QPH zuI-UZSt_p52!$zBZS%(|G@}tGnhBaltT~jpqaE>?4MTS1uUt`gRYU_yqYmFDBjkQtHyeTQ9F7$bxatZ`qJt@?4c1Z=xIyZwn4r4}BR_g`GW#NLLl7 z6IYtdC&KL}g;Wi>pvIp-+@!Gw@aJS@{@Nh)nD2d{$>1%Nb$9?S)=AO7gA1Zv|4bUB z@-K(qf8llvy8g49(wxt`TYtc&BHZt*nBLNfMLga@5*2%dCzk$^_!94hu@G&(mj7nN z-bpj|N@nWQSBlqYtr0bBpMrerygj`s@{NUrxt_8PdZpc%L*J8o75Rk6pKzlxs8D_+ zp0z!nB)L(YzIe@$S-~~+j3HvoDi{@s?aC5HVX&D6Jx>qL88=$+ldrn*jrZDnm^$3| z$Pc}#b}TQ$nrDWeUC-5Tx8S&$g?9VpdDHTy(4=TM7pk<%oF*H+j&KSyC>+=<97o51 zzTRZ|V|=XWJ!npGyk&oTc1S{Iw5~UN)MeyKvNh)@{}fPp3G5GgyUu^wdQs9Jy-6E^ zmuj`+VOC`z6*E41ds4c$O2cY9<Q^FC9R&1Uw!-H(xWueN@W)K2nZkbrgsSIhp^AF-yCYYFasa zvHY1c`6l(R91a4)n~|}xhK?XkA(L9Tz_Sw50}b3j;<`~ZQQ@rsD(j69Pluf8NSXN zL)ZfX5#$~_|E*!N(X^2P&oPlR8S73-AfZl6bp8q?XG+X9WCA7o+i6APfq=BAE>(!L zqayk92(wflGqmnvLser9hr0?z=x@1lQB%0$79(=L4_?0eEc*(F!p}|ofB;_9xJ^zl2 ze0%=SyaWP*>_2s}5D+MR{~d^VaM$%&S9P1P&x!D~{o9<`cbM+l(Xg^BoX&aO=VTE0 zO=m>^8BTg+!~5BW>I~&HVNWcyh3tV^+xagCUNu&?RIWX+xnOe4E_pz!Xmr5_nFZcQ z*t+iS_36ATd|hS2Nk7FSz(b3eo(uP{SpPNvzEe}Wu4i`B)1zSAc4~Y&_y3dZgTInX zIRlZ25U9of@A-fGfdBnh1nmFg>o@)_UW5t-JdoBv=;ra*cq2Ta0yxqn)$N<`5m56$ zI%vmTVm0yPc+fs_U*G=j5L-M_yCK8k_CDm_fR z?XgnlPy&&a+&QN&%&aMdY(kdDTbefKSrH8hAS0v|PDa9prQB{2ah%RQS;)-hof!F4O@97Q zpvUwX$VwnG;?87{b8@W&H&werw+Vz=*XJ&;Xnejr`tQyJKbBYXcvhnG$Cjn*>O|2} z{nd|fvTZ-IDL?m?I>?yy&Hf`y;f*-f%cwLskAhA2NP%$V|0W3Rrh^wU$QS0gg zZ~_P$s%cvmYr+Wnh+MuOWbQl#^teUE#eaHYf5h*#^e8r-)4RGJot9FnuR0t`W*G@59LN_p+nj&o^ErHXgHaev*%8u$$6H|Sn;%{GFf6R zhXqBSH^|+D5m&LMO$pCDG7neHlD@Qpg36x8$B!`2?JSLP{V55bu z4;_b&dEY+5{NWgo^9{kmMwzGrNFQCC?dwwFg zxF%dNA>7)`WJofy7Mqf{`ENVp^`m!u+dp!*OWPnBne%mUq}Mwc{9m$agJ5W6zQnd2 zq6kQCaIQ>cjKQXl&&2VYCcHOvb`-?z%f>NK6^=cjtm`k$fg6N1X-HB2ATSG9sJ1oUrPmLAWJ1pU-!cv);0mUT zV;m)dJ4-OvS48d}(jham=dxABert(z81W8;^#-P@sJQ(;otI^JmCqxzcG-u#TyzPq zAlGfCi1fPR9p3rn?x0=7WdajPp-M_Mh5~~oGw_ey&;VtCu*i$^05LrILi~RxnHWEa z1|VX1!TGm9VwA*VRFjWniCeNWPhNf&kg<4XS!FO%086rs&#FJLG)D`#McceuS6a5} zK}Ln$Kb94JYT(2+hm>tby5@a>#jxGeLZevaHmYv<(&d`(Zi9T2I$G=7N^jAgrgJ;( zY#f&?I{*8lt9l|S#t@7EGmM#OQ=BrKF=eW#t)=*VE+)?a+p<=P?y9Aw9ko5S@j}O1g1>gBNd+8e9sSh)fyAE4DHo3 zD{A8cpXk)OfRudCKs3YD{*f zs)ZTE!U~9YO+Xu4i?87qchL<%Kh^a1a_~7I1>1ASKXzhkIm?6%=PD-YOC0Sb+Ar(N z{UU4)I{+j<(E4&yXvk?Vp^&>%RgR;`<)-osCro(xWN&^C@J_KcMA3*uO;ToZSQ=rp zscO}B%sTYUHvl4o9$VA5dUOyFLo4Q#FWjk?x&NSsUU1QYf z3}}Dej&UIA0xi;~bN9{bm-pRy0rwcg*){rqH>c=&x$V5L>&nll52eRRs^- zULf&>79b1vcs-$g9Sy|k4lzyvbs9wU8%W|Wvnt!5ntTNu;&=JTcm#80kQ-$E_b;pJ z>1{uz5GDnhsEvUAp#uVU97+t29cw|XON-w=GYQmy?jbGpHJ=Af|93>-UtUB_RU3IC zDPJwL1?htveW~TX$-KH>VDkX`-$3H-uajvuVx0SazPNDL(yH~N#9nyuZ*GsV#h@!u zX;oFMHn^1P-;Waqa0CDG(86gO{`dUxi2ucpck_bs|J{U%|6l64S|H${+;BO$ z)|UjxRKPRfcFeT38u*w5AC^LT@_TN_Wp9$~E@3IU&gHbhK3=2+{jj^D^55M@e&>%o z)f4Rm-LeK!=S?3T!+(dL4N1K>#Y0Qb)j|7kMBSz@F%Kks!LyOPCYd%GnDXY{AGox6 z$d~ee;4Fkbtviw*8TjA)`}zKVfX4p=GG_p#Oh z5P#wwyVu5WUc~lPwN+C-JFaXwKo6xkGcxgc|WIRj4bEU>vPW~f4O zeNBC=1}8M*1L>^)`yatb;#|=32?aj{PZMEoXQVQ;2t#L50Dmwb?KOj?desNs5`q|l z_uSkF%?~(#6ug=y{V~~pXkhMsiBeH4=t?EB9S)!{Kw%07h2ig@EA5jknaX>(8Q{d8 zo==LI=$0wTu$ z9jBcoGpH*93bQJEn9c$&XOy2<^=j%sd@gCnR~!&QSq?NIDVlo$Zv${EF4}-p>bA~E z54@BD%KQN7!;J7Y5AR7~QKplvC2nzs^A=y$z&%ogMCH=}@z#eZ`Tu*HMq9p955C^OD+5Tvr z^Qz$`z!K*ZOkgy#P-8uR$DKJ($OcHLj+<5B)^!G?9cBR1gV0z4-otkuP!(IOQ_oAi z-Q>CESx^onv)ypMY7M`#O0-*M`Vu_ix5;vnU^UjQF7RR$;5oDiPOSruPDd?$)usE` zT>ihp8CX~M>&?>kF@7-lb?3b$u31UU*MDVLzZ}kXPWd1fR--!QeS3Nf_3*g$nvX1Y z8gY~^tzZiCJAPyU4v0~$#ic^a{=+oaoPs8}qvfY5xh^h|l20CUYnJBrBQGO8&enT7 zX;;N*f1-k2vF|nl3K`vr7@7fksU95s@Am29xpabjj&^6eT6djhH=UzHODq2p6;4Rc z6W;>$V@Z2=hUBkl-_xEpV3wPWjY z0~8WhaLGfyb&h-=pd~J(<@A?cHvXI&qtx`wD-K2Y+-Xy?_Sxe%KXaUxzDxTuBx-2o z)}3JkswHcy;PdZr+9OTkL}7FIuG9aHIaiT@J2kzaccS;p-q~zUK{Z)UV4ULz$PQY zB9Qgo%R9stqriUnQQJp6`XdG{5$#Y+SsuFF!`N&&auM_=s`VQ4X%{P_ySp3v0R-U~ z{pJ?76ik)wb;y27T(}{3ddoRTnos^&lf}un5lI08mw!5x{e4lks1_?!vpmcE5fK1c z$rlP~n%{h4)A2y4SPYRB1Mz20UEM_9=tvoHz5iR}o!QG=Z*)JBXrPizL3>|nYkT_D zSZ64O!?9{2sL^s1QTVjgY?dm>Edy}-vFvNHr;9N~!an-#>8Q;oDF5~ooPJ_rr~-&9 z1F^*cfEQx>h{JhHaToY-D?vSX*0aN$0YPH=dZW$)0M2?%pd(4-w`oUkb3?ydady~dA6H~l1jewDxMy+Cg@l`m(PS=L>gX|iHIdht zdjrXdePsR^t#E)_iv90c*_}po**&}*9Jr@j2YL?X2Si#csHX{`ZW#5i?;-F={&ZVU zSq~~w`6HD9xm0L!3^A-yC~dKGOe~p#Q3xXNN*SrR!F>BS6lQi0_v>BKpdULh!i=Qu6Rb(8(n!ZGGg(Jg5?_j{)j+&)ti{ygF+ty zq(+32oODzqjsHZizI}3C_~!dpbSa(jpJIg85hVb?CtbFRTF!SL^`^4-(prCWkHs10F@2ORVb~Zk-vLg`(;%Q~bt!j`9K>aX ztDj|sZtKLLoFQA>NKjlvdR!lm13=!qMiSTx0RFj57FX3?jrH^lXv&yn^}d{kr2pt7 z@E(a*?}8WY-p1aG%_Q%;RgM#ShzTL=(C0i5!lAk zsp83J`$Z%Djb}}N#BcT2+q<(2ku+{#UMCN|TYSd&Q^%D7?Glht-j?ODom&CqZ#!F< zq;?RP5U=6ZOe%ml);lh(aJsRZ8>S0~_n>8Da`jHlu3M`Gd&g)``ZMWftwjl6dj)qEY7(W=0|$Huzrf`TU1d+kqH##x`kg_kOi6Dk>~I zfCXW)okWyWzrJ?og{F%Ee zrG9Nr_!%$@U9%12Y1myBPtSm|2;c^iTyq?2WTZYBk@rI+S9*o|QU#L;cD;1|0mbKJ z1jGqH&cl?d0R7vRAJdT(5GYOi6wj|^C=3&7ei!C#sH(F`uTVE8Vg#UEDIf$8ng6qN z>wq`t0+(u(2*PlT5IQk!ZK^(cJGZ8oG~;gt4GUK#0^h776hZjBoz?9u2z2vp_6#3y zk2n7MlJ{L6RoQ4}Yl@J^>Ff4#D(a?YY`umHuBdTU?EE95k^bU+ zc~>6;vz0o6|Hq}LpDEVUnE!YI;y2a{&*3@TCZqiSOvyz?F+aU|k;@g4E5U8+M-+TE zub*&M?ASh#-7w!kM^fiH15oVzGa+BQ$QD{znblZd5>FQ_dAbGSamC_pnB)fP;vlNI z*dr`UD5E6fp%fF(E{H?=ef-XPwWAT-^KC1i_&^kV~Uo?F=r(E+|D zxPgdxM>@T^;o{9C#7Hbo*~X}gj&S-qpYXzT2`_)Hs_y_1T>l{^=E$nz;>->TOwR|h zxxCB!{9x9Rwi{3>r=GPZa8<8F! z^DXa{k>%r`9e4QV6MO=MH5VD;{X(but}az2f#`CNQ8L#rq%Bh?g->2zG<%+j(7UyRP`Qk-G&9Sl)q(4I-ub23BJ(g~``ggVT^w?Wu2C;w;DD&yVD;emy1{tlR^OH^3v`hK=xw@?f!&uS zF$kZ)JmPDE_i2-H*Bdf7l?lQEv?3zrjd5NN^(xm2%o}^z2`}D9g_3pLD8WvNa^CcQ zl}=NQKB^b(ILU?J_nhj`T#=5kUMS=_m^a4?xheD%9k{)?(8uz!;Xd!C(@iaU2KPik zdHGc&1%e%Q@@EOJV0Y>P0y(%co>9Mrrw+I*)zqS`HOBvtUzk{Y?-E&CFNzcV-D)TQ zSSN!msaQZ411FPh_8)u~m?#|5gw^q~RCF@GCO& zpSY?}%t8`~s@cUU#lm{Y&G!R}3P+sBohI*%MrT0}4oQxP(?*&3Y)4oNE*J5#c1Nv$ zmzq{9XkdDpz3aa-g}mv>@@Y%Cg-Eg{qfEE&U8Rn1mO2 z0cqu_pa=i<)SY48j2$98IDZy>LZkrWUIjZaO$48%4yp-emkGe8Rpnv@MM!En>@|(_ z=c6>TsuW?X4adMO(Vps(d@YgVny1P#X;1NG(gxdMCDA8tKZTbWAv;jY$2eZQ@EP|} zf_oO}Do1p&+7dNLsxvR#Lbm5yTfIx!vcaEi^b~ux8gkr(HrM$Yju6@!z1j@r5E_qH zyP)1(rjb5l8xXfjb?@e#vl4(j&)QAq~dqu9AK6r75~LV>|}=WhA6o^Kqjif3;#RC!xg@nVH-r<9K9 zGC)W7Fkq<~g|-~wTpkQ|=NuNYA!zPd6vn+l)YPb*GBhGB)cO<}h;e8^SW?UOTFOng z%ue-$uy7b}AJC+fI48EICm6lBuwrR==&Y!H@hSp*G(vLY@tEH1+5YlXHjF?Hm0sEF zA?KnQyLDFU_)ewzvkN_=dpHR&Lz*kE6F1-xADw!%z!<0?uPTjEFFlOXQbI!9&zHGQ z4?iEj&$tSPyh9d2D~%9AvrMW&Kqj;8Pga0zyyy;s)*f=EdE=#LF6ZlahaSWfgqm)X z!e2iHx}*>`9=!Y!b0&jCw}D27R;)7M-(ZCYd7dXXvM^7IiaG#IUYm1vO4fz!=dd-f zM2b#tXek1M0Z0T+2C!*ftJ!RABRzgKK$KhLq$ft1`&-1P!#uZ~gg(=lIM!+0_^xh~ zEzFU|O4#n|@Msx+KswvQ5<&dz420M+!{fIGAhzU1f`*K;NuZu~_FdLUi|1ibtkm1O zOj^el$>SoQN238_+h5gl73>N0)2Spmj9BQsS>HWwx-9k9NOArYp2a4_U9hY1FpG_0 zXWUX(m``aw{3$+q*3Lu8?Kcxr9ao-?-fcM?Q(4`mqUZw8z(@P^{vqbs@mdc1u&H`6 zliixJ!}%2wUIs(Ugt1J$Tg;SFd>E&P;9sL2;q&WyOlEWK;&b%T4-y%_Uq&S*$KHF} zhXF%FW;yz4W-JTy<|M}^c`(I`-a?pv90l6D`6fmjyEOa>D*Wt4kCYE*uhTGB_0ooq z&VO!M9<2NlW;>}@PkRgB@ad5tV&S9ojrjQZZ4%_(+t!mosIz1nK7Mf|y24K>Bf(EO zuiM#%+EbtXmS;CLdh)n#0r8e$k>?^Ha*g$ggfGrTg`!c2&P}z#?6Y4#^OJSWn%Opb z+TcvAr!E<6v}jc5y~y_^+e=M4E;d9c578L1IKn7+`<1s$UNt*$1*MRrNKA|Hamhpj z%?{fOq%r^fYTLj_0`OH6NQs-9>N#70xpU-&Wy$t4&ftr7A0S3`v{>Y$m_YG&_wiIqPnpH(|91S5D&%pMRnB#!lUE-T=T54D zNpzy4Ahw&Rd*DXDhT`A&I0|elBc_M5p}g}pY!YouaYSmB%Jr9!Gt~?2*G3a94J@p+p$pg zZcVC!vD8nPv0jq_cF5+FN|?=}S!1p_1({ZwIsjL~G#iKFEig`+M0<4WEEwk0yceyp z7>UL2%It$T$BQCqQfW~mp@9(m$x4q1SkOUMlm5sLSUZBx7qodA1O!xgf_;OwUD_4m zhTE^l{xRQUv_`G$+u6R1cU1Nw&B#w1qkJL^xeT_-qnxi4h$b^HT2p$zs>bcuQ(qnQ z!Xke5ZV$#4bUjjCZfdY1+ux6<2Y`^DWFWGLdE&R1Dt~ug;G*mrXB7yly?2vz&f|)q zSk*atn?hkp+Z_b1_2Sa%)&uiR|Kjl{s$M`O=$yao=ol$4R=Mi~O;>y|8ve|B?O-;W z>FN&>P9Y`j>rV&i4dZT=6-6GPy)7p+&H8(HIvcH~(lKeKpq@@_D~WB>;@1k>keXU2 z?t*>@g7VcWlZu_Qz-)%Ih|}>h{RNxQjh$42$6lV^Y?{^5u^LX_?Gd?_cc;u10rf2w z+d}{bu;AkHj}Rtewr#IzA%$*B@n! zm?niUR-;?K;vh+G^yIT!>(SpKgND$!qD2GK^}>6zfuvD(jhW^~5R3RL2L-@n&b}AN z%gCIxNx{l?A`f(y0usB|)dw%SLmXNSCCnKh7^@kE990ko1uM@OWov@5G*F6cI6wgT zb%A@lX5544l({G%d5>&rJP=!zJf?Jqz_QS=gcl_z=XmQEwSMllv1p78k~l3if!%tv z`J++vW#P^5h9RDY{?w4}k>sY@QEy2KA8s+0QLdCxQF+sPC|!4c<1$6SHs zZn5xI6D7obzS{^gSfhmUXoCc|-ZCDma|*NjKKZz{o#6EAf~Ewk*`0jHAWNgLIH~cA znqJ*okiX%|TiS4bBH~PdaU3<2huJ)p!b9t>D7m`F|3T#)nQm9996?IjI`;bdR}Zy@ z;Vj2DN}>HxjuiHJ-j-zoto*zN25W*D0~}CR@0+2119fQ0?`!o2=YJxz0We=^3&~a_olk;lu;~0Ema6< zNbXFV*bYkrrgNi9@;1+jqbJ`8t}{|2&!N;zn%=dPe$Qs}5|?-Q4L!e%Csm4(C)@rW zh4bL{*64;1jm?Dh=%tKR{-CG%5vV#$dCucLzvw)QveEE~em?lzlH_KNA-mT(#)AF& zcJh+sMNuIqjKI6B8&&)s>L=76;hJ0ql>!?hii0PPk)*q zRT065M#<;viw$L7Hb_n{aEqwE*C4T*Anmn+ztz9`zKc@FAAP@RV&+WN0!PyKUv#i0DXziS07 zETJFS8vh7zjw;?pRf8>%_0IE3hz7Hzi_fSeaFldXoVYC{5-7@vfk@qure;x?pnN#;Py&{_A7;R?2 z|MaWZMBytzSl~ONa>v&JXkIib&08-7-?jyIg{`n1cZdnwE900MP*is`)0lnS99u6d~x({1v29m_KkD?WdJ>+RS|(0gz?O4K$7`?glyq#=A5neYRQ*>0;yo1w9282Kl?rjq#SQ~csgyj->N`f@I3 z-$Uf*Ic0ZyW#1PS4-7{Z)g#BF4gWOxJ4z`FWwY{1EB2MXOmA$liA7?gynCv#hf*d& zO z9`d|g3z>oGH#8IZvS?%Q@=aZd`qBLWA=Ky|B{LI`2piot78962hf ze_EE7-)yT5FQk5%7`#*y{@Bf5zrlaXwf4O;*}_)+a|wol7Mtd-1?n*VuO~GI<>|JL zS)TfBFYz>&pVpbt;*2hD&v4?LXsKpVUl#owrh};Bgx8it<7kXAKQHs*Q&O@Er;@~- zY{vovQ1rUnJxdS%+C4!VU#;no!0r<6sVgj3ddQZ#4F<9AVrGc=HF26LTj5O!1y;JF z-_d&)n5k@^wfZb42^fKiqiLtjt(X!)##YS3aLKuUHzLxk6oncQf=QI5hk@WDJ$m5gwsg$QdgKYcyVCJE>u=$ z!(f2aD3pO}aR%6AzE7dt?Vx0K_gQ8;Q`gcy-Td7iD*tP*G9^FTbTbL{P-1#WQAAus zT-zNS*2gtXB*4GoX;>7!_2$piTK5FOcmYLTRs)CdSP^9XBsnYtH4nF#$ zXJ6H4u3IGJkg99lRGQz%e}4a~>LBe}lh)W9&wxKdQd_%4s=@4sX=5_GL#cCkvUXWO zH!fA)Ub(ZBCJVS(^nbbD*>(LpyB^v74#uCjRIGAUY+0OGqhjew9u@US_w7#(REA}- z#-mjMEVWjZK#F{HD$Vkz#Gz82T9^H?Q}>Iqe>8VXk5*|a={Qf7xam_7K&DoEvr+X` zKcB>fh!t?9lf9tsAZf0>koCRR+<5IR)h!)^7bPwq5AJ{{oQUeiaoU;pQFGLK2+M-v zq>RRQV`BMhOsIilj7*6&DGpO$V%Zp-#Lz&M;==970KXJZhZm zcgxR+>N&eye6BS=0F-0VPqt$R%aortm1i2bP%Zc2=tSR~Q+OM~08YfGADYQB!FWi0 zcjr^kZ)$p)?K3H#T4AAy)#r#OYGR*>xkGk{_LbKk?%L`uetTa7jZHOl+Kt@}BF^De z!dD`um+f=r%vq~(FDO*b4!ucAc*bX@)a}AQe&$i7?k*4>+%!wIUYC+1h$CxBY@*bM=%oZeh7)Aj^h6k-Fq7HrqL63X3 zX`xGP#-yaZdi1M@JX#*n{QiVd0NRPxptSY&lSlFoRD3=ijP&-Pwu6ySKE;6Hr#A!cs`Xo@%+5} zL)eHC^Wb*`db#A~-|}qodutphu4~orCcT9T8nSDhQ;r1j)x|W^Ei@%f@+pJxHl<49 zEje6Ej%uW|8T?PIP9z+DIXz9;+J1-}Fff+9?J3pYS~YB8JC$W5%%p#Y=beM#m$|}y zS)}sqhUwtDbVj>xdz<(`9OH~UHlHOAx&73$)65kBQOrzu?+~=cgB+DMRuN#{H0bTQ ztK}WCCHe{8?79@{SFkj^6DUu#``%xYlky;Fz>&CydLUQXRc@yV1&e3X@F{oqXDe#* za?`^p*{}Y>wH{{0{_0QcaGMRslw)=CZXzZK`yeS%(lmo!ucfMjIFP>WaS!7cmM9O* zeO8&KkgQ9sDT#)KG_AXSEojH5RMHcm-PO}Ju4rKh;rtD4N4R9hrms7exdB+>BF6Rd zVL#1^!tXV>A(q5o(g4?Zf$S1bg4{ulfx9aKPn6o|nTnf20KTk=lrFLYr^G^me@bJv ziw+l3BMSCDAyMP?&Gc&T7rH6a7q%zeX3upP3%`!*4vl8Mlx?;z^}xd-PJC-lZlMvY zL2VJ27>v5=kv0*@9-v=7@@pYQ=8dF(z!M_hw;`EO&o|zh!r;y*!wPW65jM`Deb$XT zis6{^PN#CjW`>UD@ry?fM#+O3YRfetP$^x$(R655GAdrO48zxnzu*Vz-BqRL>-1}K z=Xqi;Ez)4^bu40lx_ZvLR1adJweE!hMW04yGt4S!k7N65@u!cU;0*uhg;(AY5)=YQl~kL53F5q=@8V8885N$N6B-I!mpGPV{vx!1SeW_ zLD!msFUGMd_kKo>Ck>S6@g3;3h~1%I-u!6q7hjUDMz( zSF&h;p)R8NP)2j0pumX1kA{~oE@7ZFBx3SJakK|Nw!miWS7+rieR99FiKZTIz(F&c zJ@<1TH7V=lsVO(iUkmQ1O&VpbOk}^Ivca3+f}nYuM!ht$`~|J1jzHD)qXx`M6Q3bn zQdQlkPK7kCwX9_7=c#cs^+$X}#IKJSz`1-NOM16a{E7eCC@<<}AIar_josk-r|O9^ z%Lf%ly$LN`e60Z;p_a2EOH1<4lZEq*L*H&f{F7LRW+mS?_rd|`U~$*zVPek7w^u}SYQ@&X#?2hIU#Dl7swav@u37o+VZ~n;m-BA>yx<>s`U=B1qNl9* z#|!T&yEcu{vwY98i1<)yE)?>n^h%8)CeykA@o6SLGHNQDrdOBz*X_Td1Qw&|%3Isa zy3;MWbb^p*iVOaHm8dsUnHzcq3`Ho`Ct96>*La^E?l`PvMA{^%zw57l7R9ML&4D|= z^ay-UPFFSdlZ#GjF_vNm(taA;ppAa`6@~eO;okXc$Mvk~u+?ts)R;N1hQZ>2!xu7#MZDn>|i# z>aRkWSNa9k^S8&Gx3f!1SPK-&ZDy56I91A!iRvq}{TwDc$uT{t5}yaw+I@_0071 zSDikG$WnCCf1Ov^U${*C5jVQT#MoJWH8s3%r)x?ovMnss5)ec1RO-IfP>NNUfloRW zn2#Gb^w6x2Smtd#532}ovz7)is)HBfs?Qu#CJ;?C)*q}0>^0FmdQ2+ICwzTWfxKrX zq-B{~pC|ljYVLSWa(?B*M1iHg`ovZ)fX}q@lUJb2Z?%tiUgNmJZb_HEM%H!M@U-dZ zyKS|tcCd<@&|K9nLY7gdRkqJNnUNM?{t^UBV zm2~Hy4Sh-Hpa+2mE86oFG78kE+5F`TOg?G^wJ!lLHAIo|&Tf8Bi)PetN)t}0687B@ z-fdYYf6FS)tp1ry;FV?2W6e{)rRs6RFZf*%KcwbkDfqo+9AUMi<(}uLZWjq@-FRC1 zi|}nXh=?=TdbP^73JSsG$e%E+bTsa@=tT;wUDh{+o*wz0eNWkXYc*u!>sys1=;qM9 zUu1Os5^i(Tf(hM9^plw4ACy^A+D?VzwyXw80L#JDCW%yR)2($*->mj!txM#lT;FB# ztwRR}udIPVN-;g_GEEv~Vq(M?IOk})2mmiVP zJWIw#Yz!RxxbM&G)5!W$oLpYaT2I&1E4$sV-A@&MS)gJME`aP9F0P(|AA%=8!VAy0 z1fS}n8FH&2$G&NKae%X^o^v8vdYP^inHZ+Wsl<^8 z-%X64^!oLKHKOOa3L+G`$#krEStg2M+smIChSNk12Py4)2%JMk;9@>~op)?&%6+sJK7g8VUC2W*U zo-T@9c{;74uGiY&{dm-RYB0I;9mN8Jcb{a*j7ia$8Mo=a-7SpVFj15JB{Cz1V=@mm zD%$1go~t(zvM_zB*M&vSMxq^5q1u!2(U!*qVL9SbUxStO=BU;s=zohRC0KAw z7b#*CrmSu$MdP1n`C{eVprYR9VtcpEC#R%1%n6mC1OHTlggUQI>jenReaAl)M2&Gh z7OdH;*d|&_;!qE+_CY`y%nXtJEL6*tn?i$*o_2^#C?M{Oh}KXxfsRJQ4hwb>Szaom z?xm4L5sDWuAE2zJWSbUm&>zGXSrjfF$hjn^^pDI})8Gp$P=tS-E-tbU9;JGpOqzY!T@sGbuL$_^M2*-%hb~Nv`4xiuy&l{Xrr%DY z8QoSsVe?1d2q}6=cx^Ps?CeVAc-gxa4E)v=S3}fPEFA}8^ZN`3x~nZhyDN3+@<%gN ztC_F~4Th$k7|eKT^GbW)TgA_H5wCt9b^NHa^QslZ5q6`oNS;%fpbgT?a?^|Q z>_$fkXq^}OnMb6Xzgs%i>;K-Qa3rkS@ag1iSBfI;I!P|tqBigYrUOo13Wl#Z(vN(? z)7PJaDF>$NdAB%1v|kHs-4Kd z1pJ*eCx?FQqyo4A=$`Mqp?mTe zDumze6=CT{iE=_N&`%X&Ob~H7cAGe>7hBKc^kS%kEg0J|U5KyR`cPas?3>G_P}?(W zr3Xb95y$A#Nh_?UU&VTr)nt_8z5IWOI?J%Cp0{n&-6_&YgLF!lARwIr8&D9C?$~q) z0@B?b(%o!8I+d}GH7cC*Ca-}p6s6LunDr|+D!1s;Z8dxc-}ZsjFzV>QgWj5TAWf~0Da2~buVx^vtC>glYPP_-Fy zfe0ImCd&AU@f9VU$bs;~y3kyg-%|OH(lGcni}KXD4>mm69TiZF81TVse4;SDj!EqVxFr8KQcEpxUJ31Rq9QsOHA^`-P59hS-|{m; z)W)G|ZsIr9mjl3ckw*YQ*hj4U1L7b;s?2}_a9$~AXd5AiZ$9WqWa)6f(nTh2{)V^| z`3Dh$v*;r#Z9%&UL2Fr=(tFuYA=Hd{r=$?iio8bDezo9g)D{QCa3T-tqa~78Ig+Mn zHo@=Yu@gk>n%7ZaiqpcrQ#6JzudQ3LA;a7OAZLSb;`8Kb=CVq`OoGGj9;C@y%j-Y4 zS=)UA5o72$Z_`QsF~W-}42S!TVQu;8Hwbz1t#;Rz-YL^!{%0>?-DW@M>k`?J{>j`W zeF|g)c%E;6_Q!wO@JjLiu*x!ph1B_;62mD|{zcnC@!9cfO{WxNZ{WtqggiU7q=}8N zx#qhlkt2r*jLi|_$6D~LYR;xNu+e}I@Z-EwFZyKwA|hl~mCS|1fWPrS@wr|PJ<^s~ zL_j(!*3=U^%(XE!@bKRVOx6fB&iU*AS~MpmutK;xL_T-=&8bv-&elij7FG*9=|EIP zTp{HUWWuUwl&M;zE(~e%@*aUxrvXDp%ho;OB$xHNrrYWV?3a22{?gyX0+%#_EDSH+p-2SrY|0h z&-7&(7bd7LIk$$BR&P61Lb;-~M;#awL)g4rnNH?s}T_v{CYvDkm;`ZY{k?O^(t z^^Us$kE^s2cKnv&Vt@$e{wsLmezmxusD%0lq1j-7HVe4w)zKTn+n>mO2mAYH`}uj& zjrYx`{p4aHZ?0{(hqH(OJUyl+n7y8E{|nw`>Y0W}wCj44uhw9vX77k-4+Ov>R5jT%V$B_=8&!tYh%X( zY$P}kEH5hi-d}C2_Z#7nHbMdVB&PY!RP;*nv0Jw5F%hQU-8h{%nr6|piBcxHeFnp^ zPxk{Y0!_ylqT`g~Wq9#}Xq2?B^FzAdQ4*)nQI|wLE!W)MwqQ?i^}?FIh_asccc);{ z8fedh%jLKmYUp<#34><8i~J|Lr?sqs^w(#7#D3y5*bd*@dG9c=iQr>Y@%p_ADLrYWA6b1hO{PF(WTy2|GC1@CLl_<(zT z5gQL~wob!X#;)~<@U*D9Go{aaC+>i@p5n*C+RvZ%5njYkCW{%Z9Bkzs5J0qXjLw#x zGM+?x>P;VXSOe)-y{590PZ`1*yKqD5jT|Qsr4>BU)p9ok74_-ZhlyU=gap`fQ(4+1 z0Pt{9VH~@XdB|nGkACCeUzbHi;vPhcc>Jrtn$CffKp9?c!B(dq%vF828|hq&)Jw z=|vfv8q}ooCul9F5kFk(MplT^m|cFLOpT(peLOx>gv4fdl`MG3e)+CVH%MAOJSvbg zLEjrjM}2=Lv6VpmvVasx;JVE7Vak1b;`~GHTD(6XX$DCE3n0E!%vH;-Q2`V-3b)R1B>Bs)C=V%&2pmwTCNOMAwYNuVeZ zw7rU3=5M>J0ueCj<0Ml1HTU^Ig0J=A;#{;Jv(cn|Qu03cVpq^7AL~rS0Q?8FIlz9v z$=|!jG)khwV>fg2>~cIF)A4j`iXv`g1eD$-JdQH0U2aVzvI;Rt-Nk^dCUjDqMKjx zp?S^iD{EXaH97jKpl0*#v7xD`_t&A5o#Z|LYt8y z77euX51KnR{y4>~m~Ta07i1Rq&O-8ko#NdGr7ubx?)u$x9wBlwHrPOE{QTxSVsVc| z5f-U<{hWyV5AIKX2s%tyoBF?n$#~3-D%IV4#8xWjMs0j(3u*4cJ=Z_?!li(t}-Gjt#@*lETE|Ap8f|m4=q&of4KHfXuqG@F-oA*((58< zmiWts;!50enJ;~FV$-x-6C}dUdBJ5dZdhmo*N1}L6Sdmj)#ibETm(jeY>E?+tW_R% zz73_#6k!C}NuK^x9#DSV09+meKb*hM*#ljTwz8>kJOaCmwZ$EP`Wh)Z49Ym83-CM}iMOvOhj?2eI zQsjFZO@wkRgIAS(X9znkYhF6j5uIMnymfIK_Jr|Ca3mRoV(GZ{RZ@elQ@dn@rBh|} zf0`OV;lr$H*{JziN2P^nG@IFia%*?4AScR*TUEl20nTkcvM=*g_F5b4$DTMMen8V5 zcTW7?y~9i>b$NK{D=#ebVc`LF3spjy@=D{6QyNx+TG>E zl;Z(eHmF9Yo-ewqOC4?F+ zVj*ASxq1 z-(|F{nw-sS?9ngk;@k7L-FLv3bT!k#{% zOlX+HR7aaxp7VzvI84fMo?@uoT9$9pftJ1*qT`ICYEnho%Xf(yTZ$j4;O$ax;xRw_ zdd!eFC)+*352G`WfL!I0sh43tlX}`%ZAZG5`)m z+FaT4lmGW!$F(4MLQ*d-Yv1xssswg8l+hHVp8?U1BKIw8g|BgP;dmC|45fEaG$FThBbfY{6^~dO%%N7rRM9pGKX= ztmw+S8?5qu_wbEh;gyKb*z>4=EWRN>8jCqU%KD4&E`fTB|CW18aHI5hIFXz2SLX!G zw#ZZj-gRVqmTe?N!1h6x^>G^MqBXrt@`F0(kyL}$`CoYSLu2EYuD+e-} zqYAsl`FRXlEe7Rq$W+I&ogf~6-alT0WIIx2O(C$We)+OJtEhH#G1gaWdF=pecesz# zhdUd{Fc?J28qs=mkZ3S|$>GO0FZLZ{4(sfJ(mJRaoanxV931Uip=yTkslvubBDi=@ zn8oib-7k(oibJb;CmPlJ36~ucvD-)DFqN7n=c_|2fs}{{%@L`wVKrTRmi!>ur9Me)(V)W;h`6uf%bC zu*9$`Tnpq?$K`KWOHb!{daUCRP8)vuTi;XZ;z_(Nsp}SdUGgp&^f3MI{fN$j-^8WH zpUSy!-se@y@M@K|xdb{$lC*W>!URZy5teuZ6L%}+5Go&NRyPxJs zhOHRbEXtY>t@>7@83p&^vVv&T(46ist@|!mj#a}=Ql7=|QE<3?5omAY+ zNnX%F4zE*hY#U*4ms&7;P>+U$twT-ql1{K#L-c;^6WMBCCcOi}gLb!;o}c-~jBze! z(;XPi{G=j`yGX2ZlwIqxe`FZ%UMl;~Wk(|VdAfFxBV`Y!T-%e2(KI`0f`7N}FnNVR zyyus3_$|aU94j36m>nT5m6~(>?ZJt8sLrI|DZw)Igi}7EL4fXp;^5IfYqeHEX|#>z z!G(-UsQ+C8n0$1~lIVDvhd591yy)=un% zAjTse>@@D`#+#Wi5wq(69kRHf%bS3ad zl=GYRNz83zbEs$<$V0~NmJ2e&3KditOS4b)ZP}B)E#}Hq|ncKYec4RXg>3+*$+e676!YcBGT$ z=_Yqr?+`O8>+qeG%-_egHNq%;wigxC+IIQINdqHtRN*ZJvP3q8c~0e;a2L9aZhk?>!foF}Owfnb zO3Ey)PbbD^+q`eaAU+vZQzRaPvTVEZ6T;XYq*NQ3)1_`J6C5AUWNUf?4 z3g+}itZ}+_?<5pJQ(LE4qdfy{Az zX^hrT&kj3>PRXAugs$Np%Xoa;0(M{sFG?c3Rh&(X#y)$#iw(Js_QpQ~mw zXm`D8T&e0!vK`elu=FnHQuG*CP#`oNzS){_Uxchv22XJAonaofK}l#LeHRfVQhYpG zy(}6@Eg_Q)`mIo@7pKWU!;IeHzpSy-v}$7aYoHw)U{ss8-|lj`&~uBf0p-&DY6Apy zR)QpbbBnbxH0Znt%e3DF%nvM=fC5x!ocU$E&*-M>qwv1wiTZ&O=Jj3U$*Ym*L3(c@z?T$ z%J6Hx{Kj>dn(hpB6JY11u_;2~=F7+xwy89eYHzPEpMw8xnXbI}N1wm$;J|Dk=iF(^ zo~GPgyesq5N7w8~Z~HQ=)fPn*)v|Njg)TPi2g~6BY>4C42la}PAkTuN1uD;ni{k{I z(UVO1Ex*I-37*C~_n~$f@s*3V&9mfUuvxz5tQv`W)Kub~a@Swl`aAWnb)9}!6~8#s2Oyhs)jN^Wj%>oj=R$ zubh6;&v{V^{=GO=jviMLKF<1@)>#*~ATGCmMJ1qsspoeFg(RX+!#6e*SOU%5iL2&a zVRijkmabj#>_yPxVQB|8)gnpx3BOdjbyJ(KPN{W!BiZj+y!R)z85PhIp6(UMk7lKD zJKP=&14H!BBNPQqy5ijg4D1Mt*L%f4Z7}SYfO#)x9CrNv?tyrl6j0Dn5a!o-z)T47;jYRD~(!PniCEO{;wknZ=&pMNo`lEW{r&@6kIip~sK$PcS>O zo0ZtD_A%^<2fZk)ci-!vAkQ(0oaGd&kaHTH=AQ&9l)9X3aPBLoRbmOUdDuG+He8&} zt3L6=Z=%<9GBfRT3w`QUiF7dY~MtUmICy{+f_euB3ZdIp@rr8Lat-d0g z){T%Yk0NujNjm%-k>&vyDsTV0&*_0e;E<(A^8Eztm6|2W`<-nP+Tg8!X(W2OKkw|p z{*eJp%6XnXf73it+nOX;`5UQU{JP~&wmXx|?&67UBgF z_N9a7ONojczSy+;5{dsIvJ^s9-yN~*oY!k1TyKy*vulo@vhqGCG z8Jdm!f`b612>Z_aEgP}r6ZbnS45?19J>uGu#f}om_Qf8w5G(E!Zg6#Of5S3+#YqnJj-l4F3C* zaY;v;5j0V>L@l14GvJ2#z_chwJic^XbQx=7^H@otce)AhjM@_D-323QeBx`$8g6{qy}t|fm@j4MsckXIp_GVU#Me4o2|xpQ9%MST^uM^rIs+6EuE zIQxncbQm&c&j@lI))D&cVaun8oc`bcJzCpK{=lvfK?AAK;tiaw8znGC9i8R^yhmd%jI%PyOSs|Y4kwz6dP;N^$J{#?hoTtDrV=%L-XENa z*@kcCJ5EsIbxNvAG+|IdrN`Qp5(!^|zv&CX!k+u=Zo zN<|qteqtopk1xH*BrXX^*$Z}=A}Kz>E}xp@ys9hF42fhquZWk5W5EKMm#1u6RJBV| zr5@5n+1}x_xyvYC_HEdwYD<6|bxE$S+6}Kfks{qYBvWFkLE*%p)9&_t|MrXOq6Bma zSDcCYbA!)qpAF^)Ehvt)1@FgEca_8sLv+QjjgS=3XhZ%*=)b|eU|(e0;-2r96ieHRACyPNx zEfvXl2(ud7-Oe4o&AH)imHM~b;s_1&e=fC3Sz8HX4&sdWGmfu*^BG3F;Lj5xHV|+h zjE8rQdnE?B<|O1lyW_422e#2wEjR@XJ7!J|0_qAK;jDd;b;m8$DlN4d^r&rjuhzFzpP1Su|4TzQRr=$^G$}M&b(2H z=`tb*8@z1$8=8F&6IDsIdGY4Mqh?Ngj732-1~Io;N%_q^u7eh$`{jvOj0=C3QFb+vbfVW$-k|yLrS`8a^zXW*IDS95-&mSc+!=d+X7)>%>{P;+ zHmG>!opy(_vH^30NR#47GH{lIC&!T__mgl_wEpg@nVxcx+`tq;CrQ2_%@N}w}W3tPBYk0)q-ak{ZNqQmKWzxvY=eIafys1PAnC~$;1H^_Q z3pk8X5{Z7>E4WOgBbn6OjX6DK_SZ8LX@w$c+uQfM_`g*5S_8c{h(Xh+V$r+i$nc6v zi04jgvF{vza+bi{UYueF9r`M->589cf=*$J94wIqnma{tg0%Ds|DZ$su7gdS9_DhS zA(#1}FIXjqQljEGCZ7qV?e7~T`nhXjZP%jRN73=C+()}bvt}OGs)SGD>~NP|JW}^$ z7P~~VqX@?j`DCwa57qV1!m8#_vBVo)=1-akkZ=Y+^=c>cW_+?YOi;%bU$(IYKTsu@ z(g^hiBq}=~9xn~ET*LLB>j?ugHR`f%&FJEQlsH63vA+(2?!1|R6WLn z*R##2X1qZ-AOSu{Dw^HsosV|uvR}KCM4pD>rUq;vK=S;Wz;LuS-J@0F?!#j zve;rT^0Xb+EUC9)&&bw_v2ueRcyH0_?Ok0j&;0mNT0T~WUEFJ|u$u%h9gwv59r+X{XM~#j zim=A#_WOW4CI1T_*4M__^x8*-Lp7X+Z298Chafq;IYs0XHjlar`rP|@ADlBTg}9VI zwZlAaJ3bJ$FI9JH_1nFOe}pWcCRC(Nj0Dfh9LYHly@~esLM%jOcJ&-1+`o~nYTd|8 zM#QapWYb+srbM}L-TC+m?&++%OrkMywZ~sqyx`#cupUV4O8*02Wc_KF2y;Ab{X{nq z@q<+FWblKuB;xmWWQD~E+E=I>StXC(m)psA zFuHNy=nk^3D$*JGosZjtx5mTfPmlN6*mJ@lP)M#}>H~RJ%|Il`gnj3d;?~R{H!-Gq zs?8*-sk+3u%4Nc)e62#fe*~<*HPPtAw=Y3dKN%n}P$n@FJlDM3xPc^?8=Q&F$rc$s z@lZy$b*irqJ3Th@DiQ}SiPxXp%#x4tWh3^jfuME_OaDUfX{)+To*`|sz~7t>MI3JX zHs@O8h1O2eV8XtZi0Z&O1@q9VMy?G@hT73&o)asl&)dF|yj{GcVFmCjT599Ni^TWj z1@03d;kkuGq2)Wq{iTA>)!wducH_^{l3QSb^mCp_TkfqF@+$@DtEVr|(=hwnt4Ujl z!z)e#ZY}4AydmgQ`e#aWBne9T-AbwC>-7+kUsrv(9dyCLsLy$Sg^&PTf15ib1ZAD| z78?`)FTSD$VARJ243r%(8YvRR4P0)EF*17Z!E^TW1l|a1O}^1#{S)(pyjSu?LrXFK z#+d=NhUX!Zgz|}L_}QlWB%LlSVAaVsZb;`0*P0f{;c;`qt~qAL=c-g6%5J4p!R}96Ema z(9)jfK=DZUnW9o(pz^#qFqQ_+ZJ4{Cm@O*i)2aetye$oulx+n}-DK(HEt|LSeC#Y0yf z{xE7e79DjEi1>Ra#yJW)%E)y|lthz2(P;ksgHUj&g2c370mJ@VMpMo%k3nlu{|o8P zE-{MMm0KtQ`=|$cMy^))HPD+nT9_QiWd>hSgxWRb^yW6%cB39BG(b3HRn(p$lX#bl7rG* z{A0WK+ZIIFgZIRCV8wJmb=rD}-(Ej#p{otFE|)RZ8t_Om2MQ-CgfqQJo01d%Qv)}d zwK@+6IyWGq94_$Xu9I%$Gfk{9G1dis(2fvVN9?~Z8Ds#teb|Ib!|eGt%YOzt z(2QS4yu%G%K!R1a6lu0rMXe|{|A)i(02!*!N!!P}kXraA^`qPO%UKEbf0sEnquP>tC9ubMKJNAqIS*civ$kcvGxpP9!jExh z)?{QR+zIt)yp0BX^dptMYS*E>486R{)xO7BfHsQJCghSt6%1YMdPKw zpUsPA`JglN%JH`=w7Bp8iV6hyq0`l;FHZKVE=cN2 zw)4WnVi`ZT7M$}EKA3azQ)`g1KRpg}4(EmI2uu)0dj>1hP^%@~``^Fy={ELnm%SO* zaZ~acOK1 zn`x9A;|OW#S6p0N1{dlqpk?>DfJT5`r&l{SP>c0<#{4V>aUuYNj%LtWG>3D$J7u7K zLm^U&RStfa@{%?r9Pmukn*RW+3+;Z`9sD-12rWC&tUC>xeyf3@<(-$54A5u4yR)T{ z2jxoXs6#N|q!fy@&+u9$X*T8OapbD{B9aFm#I(CHdG5p$?eBNoYg@|LSR(6ckPVGH zE|kvP8`SI3+$*qzPx1hkm$MGelqNV3BpHiij)-6xFHOt}hh**ic`N}t`|7QxW1mI| z9B3~`szoMkL0Y-0byqj$C22^w&FRcG9^1;8MGiYgS#e9;m;|d9kz_0pt6HZ?&6ti# zKX78Xx1agl=n6x-#2><}1oA!`Vqys&X7t^E(Pa;`{-z(CShW0YHnE%Gn`|XY)ua@* z@e`zxo9>^wE3@CMT8FeuT6Rk}l!q98_9yV=Ohz+b!J`)MWFX zQ_Z`=hjxfzv70YUc&r!Ol+>;jMC&fDduF;d&P2KN?Ay%mS+_aw6*f3+%>?T8=L_ zB>WzI?#qM8TDWl>`iGLiXmp;fE}hjf6R|y){T&$;4ey>_{s68>*@Cm zYom$qpnGA!AIbQ~arW&!VJOszjh&qazCMym7=-w7@Zmbs)$Sd{m@{;eJfdpPtx-kA zZNE>g8KG@-t$tl7N%rR(Q1eiNa%q8Kx1ET6`WReT+@P;A?vj=L921ux3Y3!Ik9au7 zeh>T`>JHV)IB}S$5Wq)Y^yollMd#V&=0ggupV__}W>Er-kJU~O0CnS7rO~Yj>x&=- zV|+Sp-o$~0<7sfatPn54%@1?9EWkkA&~|K~V(eqRcFR!ejp z(fo?A0x~BA3=&;~(Ay66anVM(+dLa-PY_$vEs)sHVTp6aNQJ4HE@=b+ESU?i?9nN1 z*%t<01M@G#S@oT%Bpw)`REErxjf#+}@WwZ~gc}jBe@FXni7%+C8TjByW1wQFmXysW zS&U~0550-B){Co2e4T^m`kYtS1?I2Fe`1Gc+t05_EZPDSfPEd&f@Q?ebw7q{(d@b% zvj@6j#HK9;TGf@kq#pKLigA)=BbEa|W_eNDiEgj?td7Y83bFTNlixq>Pza}riV~Sk zQL-G5y=&g45Uac!u43Oqwk87T4BZ}m3ZVgefstg+WB}BfdM+tLj34%Ofy8;E8D)P1 zb^^=Q;nME&@s{uZe^qGcEd1oUa+)~+?v?ww%KJ(WztR7TWs(v?9W$Rc$G4Ki@D-@h zk#MQrn>L{GMJeQiH%F~NazvQ@Ny4Yth$Yd!QAu2P<8A>3teR^o@CyGkB>Wra3TUOE#)#(^ ztAGzQMs>WP=QO2R53Z$76G1sY9KT~(IdIa+0xg^HxXuEj+nz7EdBALFWGsKrjQsT- zZvnWQ_4)ZiYx5I0sBYn?q;I zln?(HnDjh9@l8NwSoY=4oWQSuBp+L@IcP{m;n8Nq6hu1VI+5Q?vS(G882-`W(b8k` zaybk8D}r3Ui$qej06s(ig)if(xGuv)R#}pakKkas^OMHo9cLpmEjuv_8ak(1k-tWW zjyF#k0mdxW{~#K@FLrE6bQBd@ctK4f+Zo^w8ufI2 z1#gAxgjE!YtSkX61X-=zGKq>+=lLBGbKla7jLgOjtO;vqPx@Fj2J~#W6lu z{fl3U$iM3;Sz4q4Ptj*#eU@+{0b7Hu(Lge%xM8X1NiFvuxD6a4;Z&9t<8j+FD!2wY zH|qw+paJWm27Wb!Zo9x^mgPtCYu0f$>UVk8g?aAL;FkpdSm->((2QdjRV7LLDGK4! z`K0iskJGSuEa8RvxemHqKt%-n2t~Mmj~Nr=^nBR=R>53NtaDuKRm(r$#=irmJ&I#W z-~=&WXaQ83;3l0BoD4(_w2EkI07yOI+dDsPz5}9XvH`un2ERe$_g(MTGaGe$gT+F3 zcdK#+pmdEtQmj{u{n|P9yQG}`YC(a`x-mJGlqWz#B~ zKi+8g&KoBpTp z3#(*aRi^{ouK(b;|Jh-rSzk2pc!GZMrSxX?9FJ$6|c@p|Hr35b$`k z(zD%d$Q2Fcr=g~Aa+dr?*y}G<(eJ}mNzL3z(5>`fq-Cn<8(=LpZIfq3y3+kyHT?cK zzN}zE3^y$a=Mo2690{VtN%@Lmfbhax-2Xl z^CP0giN7y33*C0{$!f}96n#}PXKe{A0pRM0I9*fIN=>RMw1QWy145;M4($@H>6)fD z_<@*3ps!v<%A1gtjX1XWS@U4O6#dcQb-1`efuQoze8P)=Tz9GLzu8t$(tdZ;cD70V zq*tVzn)gT`-P6<6G5Vk})69Q86!X=Qh+{|jYDP$%AM-FY?Ryzd%3Ni9M5VJTIyy4p zv|?v$y`s8SN#skNdE*)gD<|-i;cpuu8a#3V&K1`AZ9L+9I;F4`-&Ke)0QzdeIA{z05;f29GRh!8&+l7r z^;Cire0XYobFrc}S1!&!6uPB>v%dZ~Ro6RQ=J4s`n^TtVLMqjtWqq~cyf|v8bB3?+ zao(61{YsbCr0RlX>5Uw~%yZZ2dx=C?a_9V4&Jae+8T^9YO@d(M?bFL7L5FUOZo>}B!EhoXG0=bu<$lAqCc4wv|9T{qOt0O8mbGgrxYd+d{jOR|8+3fMdgN<)*pT ziipdi@*} z!U{+XzrEE{4kxu(!nKprq7sUZ5&3T@zCmedYBGKy>{Oto?f4@UkH81G#DnTg#7 z;ujHYiZmt84lPF2EOz6^v*Z~P@@lNpqc%W=OBnfrTlycS#7bPXyH2t^Q*cgdx6yUJ z_RM1&fY*d=E=`{S+)^1{t4VqoJMj|dA#RrZefzJ+G)ovh#3IX+(TW?<4(d2S$zrz- zeg6NySQB7RUI0N?*Q)m4$F${(e!--62VA@I|Lx}JPNZx#0WT5OgtO|HNA#><;-WVBR#JLb7{qwT z_xu58y~BxY+k3^?R5^pDf$p)KEixhDe+WXp#ZWNb)MUq3O8f2YJV9|v z?^~;!7gl7kZlyLvaxoL0!G`P0gg{*^0r+z8OI+)wid9EYslC^LQVYfA!_f!@24_D=u7Gcg^#@{PlpbZxFqDjkpv?n>Ec|q#fL|{?G7YiC-e!_d6ew zv?BqY2kKxv0wTPXr9d$AdlMyWo7{DC`0nKoGC>u5Htj?&E(D0HyG+<#c5yZXaSYHq!!$+idM)K@P2>Zd+*uD`3}&Q4DD8!hX(jI~E!J+o5w3PT75T zF_=}Ds|3ZI61grZYkB)*_gM6My}t%< zS-^Dd`>-FdHUQ1MeThTrTBgmP!#5m;%{h%v)x^Af9yq>h!uOXNU!U)Sh1N|wW3No@ z1v>ncxTXy5L8o;r^17P)#O{KYUYJ_yG*lZ_dHenJ%W7xT^kJ2PK>vtbhA2ap%g{{| zR5R|?-ztQl2W_Do*Ko_~n{6I@d$m6pH+bp^^%<-UsKDyq-9fLI`cXEu=?5+PhS;+L zias*ID0id9!f%ISqE)vqx1!?xY<+ps-O)qT8xy&F!2Gh92fU4*sN_o|X6ku}jD!7$ zAJtXxD*&P74lV0#u(j&eGOT{+I&a)SOvodURCSDGds5dePM88cVF6xtX)r)r;TaNUn7l1QRx$0|mz|R8U z(~F+?tKp?4!2Y<_2xx|}E?vX@H>{b}bwV(hHQTQitn`4?GbGK;ZqgdM)*djTTPRvsLsVp@3u2NN-gk^h12%U zD3Rql-%+l`3B*i}XGaFqSfOvyQ}%XwDm>TM&{sOzlYy&lsYTZ-ZD(*Ob#rU8>@GT< zH@(n875M{7*p}~L2G^_LnDC$n;-Tbm-Gby<7CISVPd98`NGGu5EA-q5kW-&5i%(0c z;5qB!C^Zt${lPZ)QO@J#SK=JXcj@buPOcoZ^ z`JJ`~O{{eX4v-qh*kz}YxdH%f;{iyIo80rI|2aO;198Q#B`JM94;yr$ym8-MNCDu9blF9b=e`M+YbYe`yli~g;K zpIZF-J$W){?uz`zW(dBJunHE#p|&B}D%sLA@+HKc_4HGkZ1Qc@t|^9FAeLu!%8o`` zL6cRKw`i&QxQ!jP$#8p>ZA6AXmyCGU0((c_2TDU5CEmH2-3I9&JKZ}96}J_jM&^|} zK?sy(7l`Pgv0wrd1+eQ0{qb=khUC-9wNz;JS}x%}7t|y`tEZ?_<;zRmAt2{wwgujc z#{ZHY!~CH>h322)366-Fz>%!eIT0&MN4|`x@4v!^P8M)ev^UOhC9-_Qp=51nXc#)D zS!lE^={86puM(c_37#X$j!~LL)q#v zG_LFbVw~onSLrnRZSaM7hmeP;m0{V?F(R`~&_S!~zTiVANgmzdrF~d7c2DY_IPIP! znOw_hzE(hO1kZ4V`#s=daZ)YBz-H%{L^s_YPCVj#nAdqZTESz3N!*Bld>_2J=idW& zA95zi0B`;s*sy!C+QL=1Ae0d!vuMXC{M)+eynEgmIj8fLfg0bU%(amQOfiV@S}4GF z++c4IZ4C;*8qTROdk${T_lAj>l~)YG*M-(y1%ls%0B=|2b02N&NcbDpcB2Mk3&)pANy{jbn zWo=`Qft|n_SpVYp>{ZbjwGKgx?J=iznPn;FZVU%5PDiu>DU~|XVYa&Lx zv8pR7WRSa#yhE$PS;`i_?%49VhFDD4SsB3yQw40(l+(qHGG*q!3#~V$+qcN|EnuNm z;!8Z>Wby0P5ypKJInKx*elJjnVRRIpt3Yg#<*|Xj0O;)DkkR9b*>tef;!bLd;6{jq zMs3+m_Ij+9u$s}?2-GqZP!mvrRLvRk`mb4j9!lfe$>e20Mcgy^n*i^j0zGxBVMcm7 zAaLa!VyXhpoUl$@mm_)uh#+Hlh0$jk6=0*-#AXaRfCDtDzt{1v?p>VdpO|w)?6)6# zZ}R!bGpVk0=>;t_>3$?EDE8IM@zB3r(!1b53yo>|;aE2Pw&!*LiLBO*wnFV1u)~rh z3Oug}iSK^{*sOAh8nN^pw9OqofpwBalL+w|mjQc<`u?h%5XEQSAaYsQB5Dx_NqQaN zUVc<>2-*-&Hvef;^n@?lcShcGm=If4X$`X0`!$F}#96J4zGC&|11l+qp_*0c%>mOB zBZE!zzf89~;Vk!wNP=RKYIZIXH0<11tk&@1tA_v|A3d>bPH({dZ`kQLV${>1p!9v9 zQ`WoE9<8FaMv)do1_T>(B;-&R5`w?4g>nFCh>YZ3k51CC8N7^v+4WYu>a;OuAErU< zPtIf`w^Z;fZV!Tahz;sweg=&Zp3W9(&t{=ZpvzD_|GPJ=&aMdG_%1QcOQN+EW=7nG z29xO0{wxEknwxTE8v};opsYdc^I5Uj6rn7@oXTd>V2{tp2mo;?*ltzWRUm_!w%~K&6xU9XL72rc_BlFGpnHO?H&TgFH2K65K#(Re1S(vB-NK;1n zI}2*x6>CYEhp+k5Q1{#ku6TU%zeKNk&3N?O8fJ$NzMp68HJdDWcckxC?}T#SkjQ#( zV{7`M_m{^FW(27^;xMI}K!6;s#zMxyi76FNkqPl6pkPIWjk;D^Cp8R*A zxp2;JWbLZ7jA17yp(+0#Rc9F#*S2nLToYUqG`JJoo!}DOHCS+hyAve1JHg%E-6c3Q z65OqE{}y|nd+z=IbfriaRL`}#)|}%VV>|>u9O3}|>XB|U4sdf$^N7b=ytR$kmxh%L zgczBa0CgAmChHHP=zisCfFSleS^%Ca>R&};gAy=uBV56Jj^nO#ZJuF_u9q&BUty);z7WP-Nda&O|q*VaL`;Mw2KGB*`y+2FLv~d zE(hH#s3msQpHx1-{6r@M9@^Q|khcca!rIfmvBB0BP)Ni8X;G@W1^Vw^l+TlK3ee5; zDC5?}LB!S8V@6j3QCTmm-p+w_jIKf%VH5}Ft3@Y*l;}T2y}4rg68GxtHJxwL z%!UCVIOBC@{RX_SJ8T((s*D%a(gMAM>Ql#wXAi-t*r~dl#Z-BEE78&FYhlO%ZaGH`xV6fEf zjiVha#0_H~>~j|mt!=g4+AbL_#4Q#wDU0hthuyaj`H?ga4~8{HPwz)>K4l-~;M-9F zcmQSA$>^KIx&yWOXzMSBv&G6aujN~(s*CrEC}p}8Jp>#`xWO@siZ*oEGiJd)9%1Q# zagH@WRcWc(tCfJqb*eoK^3vwLiXrL=8NF0Ubw&hc2nyjl=3mgM5_f5Waj$0U0=Kky zXp>umkN(CZz^9dQVjiyE2&PX_P#n0LXRKtXcszF0kkP2J8iGh1AJYvc^yoS z7u^qzk7d!}dgNwC;7OaI^21s)0!Fa9A(0UjsjIL*bb)t9;Wa#_Ry@wyGyT1&IrEfz znE$-EYZ~~1xMct0#uGpJGV@*Z0i^=8iaqBwKhbf}7&921@z9yJrB3Y<>>Lkb1)S4N zNUK7xs?Jb}m<=^OI9xLL}4LC5Qe`jKGMmet$RPpT4>df+mpR_S-oa(`|I}z zoE5fhW`bWg^nx-_^ItA8S14mM#RvhixxP$9sfSxk-Mi5MKYUMM8wS9Z%@D zVJaAYbSiO*gyZ2AlJD0+pCaBJkM{(~fzir`WWPYN!gOb_3&bv33a4=)mDE0W>T;lML1Y7PAnC z&juwHsX=)+GBxI%YKhQdOG^u1uQ`<9rLq!201C#JuTWD5~(!~6=qRU<%uOMEoRw*l9` z{e-+L`VZay4A+^x1$+9EF{1sD2=iv#*QTwcd7OT+{rhwhqc6}tOuTw4#fR#j1CPiB z=LPG9Q&SUL)R+ETV{ff;{i(Y$w9wpYXRb>YiZQ-E99*SSLis-;A$A8`S^0^aN%zJ9 zkYszoAbL9s7AjDcDMb)IK0-HC`Of`xgwpRr*0JwT$ejGEYX!^VXkNZ`qv7;E=-r*) z4{F7>D;FlJtV{6vfTL(GgW~==%YC?6^>Y~hnqwy@x^Y_^zq2*d; zC}f1H*>ga5q?JKHTLx&UA~a%m*vm{BRR+Fb=)jl7mQRG|nBKUXmCjqhK0vkuwVyfN zBW6M&kX2XXBJ!8|9oP%SkhwS9F2xNh+Z?hHZNSm~a`2zx=^D&{w=K>2fPuQZSn!*I zI9(!%;0TmK$1Eo!luy=A#9%^J$iAbsc266Sx;4H1jW=eQ5W@g_3PKT4vw^l0ygk{f|}LkQ=JKHP86AKA(6-V@eWNuYltRY97@XCot zaQfbMYX`1k{OwNYY~ql*O*^3Ms*kMo0(#H|Nb*83dfrBpCeIK)hU49pO3=OqwNjL@ zuAbxsOJYR?l1-HAcGunL$}$Hk_9v0w=hLvD9<-SR);C zSdXPo=ckpXs{%5bzpKWTkLHTDDhbbCVj(a`OEamr9G(ac9+&iKH_!q}ev$>2GL)*f zx+n{;kic|{@u}G#VLQ2^V)n#QJ?HSWjky`K)2{iUA;cX@D*tjj>-KrJEtW->0A>-I zE@5~k$9AdwlTP?`pVx)kd+T3HN8_8R_?XYuo41VJ)}Miy7C(omJjaPDT^}iVul_7W zt#?ZHsz~a7%VE7Vft&C8_(NIwIW_5i-HG5?95Mb0Zs1DGyG8rzKRd8> zb!BRMrri8D-meX?CGSB=sRPnQ<}2$LJ#;Y{5>pl%bCH&;ucq9>=_hpn6`{Fi9>PVD zvYNqH_hqaDuCp+&@q&J3kh>@Uk0IO9y{?OwsP|jn-L2qztI`75%->*;EU{Gv>+5N& z$<_X!nn~)9Tp>NNYLr5q#YcrUXH$iTTz53uH(q}e^mqiX_*vWRps$z2ZqK>^TV8#N zE{?34z=OF~KZ-^!^A_rWzDKzO>V`CYPvKSs*U}F13I9lx&81^A+nk>Y4CiqBK!<5RPe{Bl%N{w&YQK^25qBqHwhtZ`o|LG%^$W&6is zk2f%o?!ExVZmzy_u$>_LXbeo%xVcoc39CApxqX;oqYGD-*+jR zz$6s|&+x3$=HXC|#rvrqn)2xL0pjKMP1w%ux*+B2QRC~ep1AK(M~>Rfs(@u;i|1dz zf$iq^o550>a%mihW1^GJ>M$kzGfd>NDaQTuluOl}4RCQ?$+827yk(NQr%yp9QGT~C zA}>#_fzy%OLO_|TLnTkZ-!3fbl)o<8e<9C7!*Nt|_r<4utfd(>0bnFnu*)jDKBD+l zD_RM?{m5Sc+NzqOy;`G}`Le8fsJF5YTA^Oos8?NEsTS@3=wz`eX1hUoNP9?hNE?Za z%UHx?4V6P1nB5{krckvAQ*`C|-AuA`jxp}?)xy5!StKn(F+wsPeU;;&X;J8JxLG&- z;QRC=>kqz~Ym{=CWiW;<1azdCaShUtlg&{#_M?+N`KRLOd9WivG<;$Nf6j6QVbFR+ zG$D3ioZguX%Yp(bI~gbWZ_{O;M#NMpEi)WKYVwcB!O;HBzm^#Hulj23h%Jy@NbF{J zR2!ko%gbroH+IXmB%ohU3HVs*qu{G_U`LTmA4uqnT;d94r5Z#b=!$ZLvb*aefjjsq zo*@tRw9-a1_rU;@x807Uog^`ObW7m5fvNA<6kT%*9#f{NrPShODNZOG9F2J(!1vhh z0?Eof)BCxzrEDweATp};80Y0_xSppr<;e}s72kDgDy{nf7#UzzuxKNq%`vq1GnXBv z&tm!N0I=Q$#z!X5sgJNu@{zsCyK~Lue2}Hc|A@unJ!0EIU=w`{sVB5>?2C+#c~p6H znN^#OOio?f^s~h628COH{&{Fge@A}zrKGz0 ztDM#0u(9m1(GG)m6yKo7&TVD88cncJm!E3E!iOH>k9}ST)A=kWBUlu!enQYtDdOQc zG&%3r`n}rSaVJGxtGvB>*tj#h^%3%}_+=%x8tI&^FqTz*eNJ1DR`9hpj#Hjcv{AIF zX7L2bwo-7inOPLHqleW>l(~J~*fP*2j3DvI3KU zIl-oaK%zZJ2>DWuXEl1FMPQxng0}gh9Cf8obRfBOTc68*;bfs;k0U=G{b{YnRE{N* zqvaV|@k7&o5Eza~Urs-kiS$)3TBc_QB6tKx-Xt z{q6bO(jg*m?{?+o#w2S&z7Bb-ew{AkS(Pxm5Z);J3hC#r`NL&PwX=5! zlSP(PXQsR-{@$p!P6W||EkqQT>%*MNq!R?98(vKTEdJ|G_|?J>2RG7#@HWd%gUG82 z`vOAudx68pRMQ&?!3eFmde)R9Mdjz&7jf{4TCA1wue0$j&Q$;F=)LPE+m-9q<2Ro2AUVkMKV z_*5diOsOQD+C8)oVn8j0fKthLS+efd2-hM_{a{T)n#W?E)Zq}B2AnJ86JL-pb2M~I zsZ8p9$yQ-5aXmIIO(5giP1~*mU%=QJDap(~+FK|L6Y=7}$?1bIb?RD%P9>REI5abf zwn?7y0uKRc--ZU%+&1Viw<{}Jzj!}|yzg6wJsXH&lT?ikN4Za>>6wC_6D>xQ>wteTJ~EizI`|Kud;-4|3dr zNsM5_v^{JTf~=#!CqUaTguZqG$Im_>|IKV45%_~bzKae=;f)l11=KU+nj^!38f_Jj zy8oa+BBR&fenYXmI#$6A=84@je^B!!@t_R4cexJ&O4a$%(=XG4}QUFTk2W4pb zY%T zd|rA?JZ_88(;r9s8WQV#70d4IL7IMkylJId zM#*2rA#;G4(l?}_8^bw*7GX`M3dWG8l+QfYH*u+OvX*K@F9O&@WNW;i*70vWz&F5X zvU{drq_X0!?On%G&Mf?wVADXp0c=k z$n!P6OkMHMQ&X98$V_Ig45~@85}0}o_&s>eHA6c%0MxhP=s$MhZO4Xdrg!IK){4@ElSd+c?YOYc>BD@Z%CqpZZ#}ez^$;w-Jh;Tt*$al}Iof6SQYPL0-OH|wOR%R@ zNJcP6(MMCf&ujiBv5wzHq5BA>aSPIJTvas3T^Vy`{X46oH(+}*Q8ES!1i8legrB={ zh(b_1Pgc^3>0_eL|GimA>Owh~!m-Ke`+B$C&t$sGDZ^0EM_Z|p?QYp*T>dmX;4$IC z8s%(CqL-OrrM(U4S>y&LJtX1aV@{=hQ|grKj0yyz#av2^7LoV8&~kd-sH0^X%;CWZ z^#+@1**|DEmkjd%f(g1-NBb!x1a0_!Oe+mOkQj}{$SE@^8m83h!efx`Raic0ibs5W zfQ+ThzC@*Y;X^y^Vx$C5?Ui2F`}T*g#+5~I8r@9}JGs(bP&0pa!$g7m;y>Bmg*cg= zy?`yYIS``{Sn~!)x)K5w?TedX5)A^(V1yL4Opzy7GIJ|nuhAIxGJR+itr}O10nFcK zIAhUKW*joMX1@hRysoquJjbf2A#yOM=PD*yL!LPCAI6z#BggxO$TWwe|G z)KgVgAgA7IsHwzlZ$J8p!em)~cr6V?pWcgCBU!xeP%trJ;Z z0$gH`5Yl2pxYR!lJ)#{!7bGisZqR7Xb{Sh)Cs8R>it`$;vvB!+ehm{$%U*$h#1r?^6=;pG) zxgB^}j-w^s4zQynFbAkfvl&q#PS`g~#tV<`j8q*dyFZQmT>H??6i20?c1?5w&viX7 zID+VegWa}=UZq8FjQ~PTQ%fPqQ(&M%^t&q9djQEZP5B%)pzhw+N6)}rtJ5)mS4<*J zUU1U6n9NFWB7#Js(r}ApF&Th;{?HS}c2V;w8o4&zF@#tv2U0{YuQk->Z0t(OWc}jR z#<*V)i+_qZMU9oDD;Ttk^Kn0StR=8bK1qFP${2!>BhcrbY;-Q{#nHgTN7{>J`OFc@ zj_I5)aE4ds2*PeqmMm`Wi{=;it*Lo(3~AEmgS25n%)XENpJ7&*K{&Hy)GjI4l6z@i zqT+~}USGCZ&(~LY`rtMOylPJZS{r%-a23;`Om)yZWN|*S4XLxf|6`Lks~#}yoOWfrL^b}6cO(d$Ss%S0 z0(DL@B@h`TgDf`TPxbd-Qo{(@BAM(Q(Xt23n*l^ z^LUq5SuB%RZnd4XpekZG&pNvK6|!OPATamo)XG$PJOeQ$-aHrhzE{;-sAKCNKH}1J z=K^&c`YnzYBdp0QS$qema{yAuSSH31b36HI5awYFH*$0)sa5bxCa|qzf~zQ)H`r-m zNjS?xl^qu)Nnu<)>wNXTCYY|vH<4o@j7dTpIcN*yO_u4Fwn!^3Ft=6_2lQ z2SM&zZ0j`A)FtU$CoLRiQCx!OUC*bhFs7gqzn&nQM`x?`oMr9jh?Gn;wp@WTP@_73 zIJAg&-TRiv1@9IaZ)dQMCQ#}xn_!rdk+LOo*`-}P?K{y_-dfp)qOpxxXPp-{h{s?$9CPJGhxri*3lB+L#3Yk2`%im_KHJb2PO&z5( zNhYWL8c>l~OhF;wY;3;cI?<+a<`fgev(1j;Kd zsY0DpM$}lZ7U-AX5r6SlClOB8sj8tH9KfAC*d1z3bhj9wb6RNX8^?d{J!LosCeCA2?_ zjRDURQ|^~vMjl^2js2tRe@P?+wy4nBUMb>{(16c3%v_*`t1HmHMb*V{>kX%>>pv$i zoG)cD(yLSKWvhBl=a|#PVxc;W6&R+3k^u(We^w{K_WLKBOg0ad7%G{sX>!ff2ajHM z$+7btpkUqufefhHGNXhH{`+Ix_D{?+kHx1h07)C;)JqUB$~N59N^VjyE)69nHs{s5 z-!uv`Sv*rSEf-$4q|QukG#}fuKMN$xgChOJmkMv3Ew@0z?O3&xq4?8-Q&{X^5is*<7t7p# zVzmFZ!jS`oY#(c_S>B+l+|!u-))Wo}G83IAnO}acCEc``Z2&Ncbc~e943arN1oK=? zqS#rc_-+dAYhLy5Vayj;;+BFtZ1161skK$u9~Q3fQq!-wz5tT^w#?B(p7!e9n`G&}9TzefMbVHl<$X}jXfWP~+Wepyv4?)6 zGee7+vLfxmRKyItg`D%Bokw7xA3&wvtS(B`nGh2x{_UZ#0;`X{+Uj*Vx}mlSK!;XY z2NNo6*v8_+1CkLAJjLB*l!)4HE8qXC?e@QEyPuBz)+x*yC93!tE;(?%vOek)ZLlIz z0R$)&o=X8;+2a%!zTT#sedd z!mvl@*c(J@8Y@Z38UIb8(9i+lUmhy3X$k8LV>`0x&~U-~>5uA`*d8JRInjv>(=#7L zOp@M`UE8zaQokrLuE>WP&Wde$qT+|z99pliOXcOXRs6AC0rbGuilznq^gG?q78DB!n@faAr&-#6q zy1|V6!(UO`#>MXx8yu9@YNVoe}^m$Cf%hoGL2J`Iv%CeR421NimNtOGdFlI|p9VHYJ%stuKyZ#=E=x^}2X zI-jaeaKX?sc1N1DMFqdJqtvA6XY89&+hL=IUjhKyv=^04rrtxU=jV)f<@-t&*gbSG zRp!6YKoka`iNpw&K_z<1Z@7zULHcahxk67$^t#Oy|LJefkXG5xhY}100C9Zn1O(A8 z8l}fI_F6g^xzSa3(jPa{bLiu^&f?dS{$(74L^Oz@w7j$;6XIiZuC?RmI{q}&MN3z! z^Eh!^FJK&ms;;vMe^2BmPhy+a5~uKGfRN|4R^EvyPY1W#1IS_IigL4mE|MlfOJ|Ss z&!apln6N$ek5PdxX}+>Tn&6!2)K(_CH;OGshi3X2cHuAjdpzGnS`nE=AfAHWRy_Mp z#H^o;8X5a7Kh%drs}jwOZq3?}Pw6Tw3^1q%gM5K@C{}*`u?J;>9EEet^r|{E!42W_ zp22g3lCUpt#$(r*caa)CB2Tf3aEEI;DPFb)AYWjK-vcX+wWc3b?c*>IBJcJ~+DAz* z?w0g7!4?FqYG7oQm3R!w1X*8@5nVSXkhXxbxfcd9kb!vKBzw}WZ>=&^+A@~3EIuSt zhD3wG!6^>*!f_;MP-8T4c1TUvg%$zn$ey480E_Bc;X#DU`9YP*G8;w7@eCaHKQzNkDyBULDd>wks#r zIR>`7wJ3X989an86vI$7?FRgrIOe~_k`rjSqR<3;%G&@=mzd~333*A$1Fu-X3^xO0 zspvPpe_D4eMvU$|WRmyq3kP7h{I^nQszj#2)qHg_XU4xAHV;YEmEoEXT`Fc_$kRoL z3=*77>Kfg&F1{jpCzQxSVjKjw2>nJ*pn;pdUE~3{O10fDwEDodeX#2vU)Cx9ek@Vh zL}Up&?7{=&$jR`0J4Lu-iBt=5uT>kjdSJgJ3_*oIHC^F$+&8GHWTf0p_C-?y z=&^4%3=lX=_W|)!+*jY5tc&<7MJGd~#3V!5`;dJ$S`+2g6zdKfIaNd|u)=`)g~^&0 zkRqA+?=S`y$gX}R*^N%{of{62hNhfry=}tPT%ud8OU&EXRs8OUg!rxywSXlE7sw^b zXal$@W`~1H6k-AT#&v-iW$MPObv6|%pX-Ag<>?ytdNu~l<`j2)Td(+!@{cvGv(gDpN;3eCojzAdoMw1IsVfrKWvE-U|7+1-K9R9u zd!n4hYyweXYRR==5%DgYfsD7~Otai%vwA-nHzi46Jl4NSJHP3ERe0DL0QX0FH%+(C z1&Lwy-6riY)1-IxjN>~UZFQ`J(hmq}Y2mVm47z{-=1?sFv$jU{glPL#>6hT3B!d8 zrqpz^PnO3{m6`4nJ!SoyuPeWo2SL-lqf?`Isr=mySbw4i2E zketb=(IV$ciCroYiuwM%+-RG^w#qtcQ!#Y_@sdJd+%1<+%!U0g&H;*1jnBWu4tv6Y z6|aR_(i}u%R!f`V1n{`6I+e~7Y{*rP5tI5$in?A#a^5}9oz$8Rzj!^a(oIoN`GCVb z^m48uWA7Ws9GJ3Uux4I7E|)R1gn7Q~JX3$|R1EGMWDp7iY}F2LxnAVBx5omlKLDf- z>n=W3o_E&T_`6tb>=%rDD*o%U@xV}(Ved+*!KU5Qo&9au6N$iE>;#)M0sh|@wNP=~ zA;j3bI2NEF(4C`okGx@)UXNP!)a}crA`#TGbm4Bdr}{GNw~XJH3FfEGMARqK68*k> z1});h7LoMB5g$v*^G_?^Tnjhj@<n$AVW?T=kQgqz2%=DbxkL+Jl0 zueGDo=pOtn!{)nIY)yHT_dFI+PrDqnZ2Q9SXdLd4&mC^kuwZj%G{hUc_sm*u$pI4R zlYS3I)kaB4zCThuvzuINL3Bdhf!KEsz1@J9eI#~SnKhtze!+dwS=-|iIlkYwOd5?! z2M4i)H0UgN)JEh)tT-(+K7efD>u_7rH<*A4W<1#mjyEfa=p$d_G6TpJ*E$aIY39_t zQBD?UAAj_wJmxV7#?v9nEt)@aQ|Tsg1hcf@dLj z3(h)Fb}O$vv3)IwEkpe-+%+Xp;GAIXf|iU&K+gh>a}3blSeak?*;jgbmj;9a#qj_0 z)l{Ow)!oaC<-=#fP4HkEnIL1E#CLJfRK*AfqfM#t09t?@QK@%8wfsg`OEG}Z=G!er zB;CkyZwr~qdR7&rIIVp1k7&gd1;G?9zkcn=o}f+JAoe=W?Dx>_OT~Q=p;Snve?)z1 zXJcnjg(5{Dn1=Kl55uOLyZp!PKv9P#fvh$VMf_%%qbb#%=em6iBFAm@k+KmQS^zZp z@0OOTEdu94xzaAIS%AdkjqkN%Zc@_@IQ3{1>U%mc^zxx;U1 zp_sO@l`D^4n&&|>+X2N3O`Wk%P14pEpB?su`tJhItG~|CZ4(E&o4zF9hr3_DJf0OI zIPdu90fnenPn0RHGh$AW))_!1w`^_DujL_~6p#Pz;bNldd-(D zffGV80jtkvTG^@xpFk*cE=$n$q^R$u()wbW;3gB$!K|*grosbRd8ShU-Nb31u5?D)}VeG)&L>T z1MhX?G&lG6JP({76%Pw6fB{OCJDCrl5tE;|0-S~)Bn+1GLvoy}d6|PAX!4GZfNR>c5`qx|IJ=qj=p+S!DqWm8S1~idZSG zh>66OnYOw3v)DwfSsCqv_GBSWQTf#0EM;t*s|8yTl!JyPLQ)J{H*^O0RpmPbEpN)= zSs+b4{q&RV;V%)WR(`~j#&gFb#$(5SUUfcl{z5~dF@lcDW%AwxVNmySkFKAnj+`c9=(CzfmC&v36G^U^T2e1vSmU^R65ptfuO|VP) zoK#4wo6*~k)s*Oev9hryu2&=C@%19_f zhcE5XsSv=#V%1KOKPd{cL%+H36Zeken>txwD;}47YS*3alS!x~nhQU#<6H#%=)^2* znu8zduD%5z%qTED$jPvSBPPioIBz8en;9bZakC>fZeqDVtACI9{0jJSR%>CJ<~_QN zci00(Oa&@zG|RmMy5uYS`ng}6x0VJ5^0<8vut~YD#h+CyUPrINs~f6d(8j4PIW%Ux zYS`J+DATYllZy`+!p&g5^f|Z&T1{8<>+lz3eZLA9EunXQOkk`Yecu{i?3ZP)nYNBy zeQ*0Bk1s}{pQ9i)>JeeC_58P`;tHutVJX#h=PC(&f7D&Hq(ds3XCgZTSKPePS8Z9l zlSu9T1Bg32YdAQI$KW?;jPTSM`+@8938fK&p0KM2vLUhStl9teqT*Sg%rnn&rdk#5 zl+F_QOUoWK7P14R8?uQ&ofO0tB(-;T)G#(RI92FR_rN>i5r`-K4kI@fx#%RJJ$Ufg zn6U=#Fk9wVBrJK)zc_27RH%rd82=U{K>?PEGpl@v&%`31_A5T{+SLU0g`_7q9}ey` zqk1GGIMZbSL!qa7d-)8a4|z^u7L7GPeX!(ph6Hvu3_jT46-gBXU1NRbZ~R`p#lz3clntBm2MI0(O&+i8T-rSX>#4@L?$LGvj(@ibj~b3bDxYTgL_f}_ zreJ2(%Cei@;kd%>g{)RFl-EJQBu<=FaDqUE zO&8CPm+4&106^ZM=im(?P3gcHFc6-lwK);M`ffF$lS2EA>f+OSzo5okR;VYirjXJi zro4@L7R9m`Rb^YShY*LU70|8=s3}i@Ca_kR_TBe;5>mZzXU53HmA5nX2fe`*%l^t0 zBD%$X>;%-b5LVbGHd|k1r_LZ)VI%l{SLYq>kg>oJsVd^ z6hsK6`}eYh^{5o{N0+8-NSjs6x*rE=;TVxdlVk$c>SZ0^;vA6)nxm{q2hI#wk2SdS z1xzv77K~7EmvKary-cwY}GrDueJ7;58$zvk$`DnMqDAn++nlI!|nZ) z7Xcjj*uqgt1_s&qgBM1%UrW?XCo?k~@-Qn(RmU)?Xi1|vn#;?{eLpY0Y}p-tH$~uN zQ%Sy(ij-CwLZ%j7y8kJP%uBV#_LWA#fETyD9v+N8&ro$8((K~H@t64SP_A)!;T7z5 zzvaV@U5B2tbjg_#?JQY?^&A$qzstXx zlWg~g*|+QZPMAFfgR6~pM)Dprb?hlFnJb>UUt{cvAm`;H+Xd~M1V&JnuN`vB@pX=# z>OovHN-{ichY;SQFw61;OHYB=K?!uk2?YiD-?d|PF5CtGz~$M_FVLtg3KJIhFiNYSAJlSfpznVoO1MDJbKK&Ez{!1 zaOkGj2}BF;t3xEvOBPLhB`qqkw+!Yhc~_Ej61&k){hCJ(;B{lPZU!06)uX;y0Q$L` zQqK!gkE+!zgdg`K-E9v=#lgj&C-|L0UT5;#fRHLEkWe10$FGEu!AL>{BnK_EO6N0j zUlU}6AJ>_Wu5bloj~BV*DhFKaiQKeO7C(+ORwLNp(QpnuA(}sy!Q;Ea!=~z!p3; z)P~hPi>4|dLAwvPYpRNS^G{+$iK*Q(jX$02aBFjk7&ST1Y)26B zkg~__KP_j;Knl93ey6Qh_7{vQR={S#X1ctIR2qa426% zmq3wW1%`lf%BRCO`W0hwhWbXBuzYJ+LW}pZ>W%tZd`YLj9kw03x-=5udeowpa+mPY1e_-*i{1lb<6u;RLQd|_+#x{YGcakFr$XSHRU;`! zygeU#y1$HrLK6Q%k%I&u_Hg$8sX^>vsfSr7x8v|fGH1xW(>Cd}_dQuuUK=z8!Zvop zo52!Y{V& zFR(xy+P3DspAkw!Ei>${GwQx)f+AkeOvzV*9dB#l} zluu%WU5TnKDA~3w&tm+6S+qL0Oe&o@leN!m<%|a%nDAJ5iVEyS0j_GRtk_iVrrV?J zOuo;|Jr`y=JQx?2+w}%FWjJEvBr@tA+FWd{szdXxLwK`hHG90QX4?Du6UC#CSqDu+ zijM}sqtbHLfkikv+X1HYR#~GxB%aT{Ly*UiafI#I9SJ>;K>3k2Y`)n&S*SBQkmR$a zvn2hSjj3kyD!e)Hzv_F5!LJLT5a%J|pwL>Ap?)*r#?q0-O&fewpD8p2%nf9k}5dIOirtr3{w zrKT@6CxjUZ6O0F54xx_flJ2^jdAJgR7n|ubR9O{O0{Bp`-KdOXxrAmu*o=$%De0CO zWK=}q?pm(e9DdQlm679c@wBp}LAXmRrG3ty`Q`7mZ=!WJZP33WxWn2tJR!!)?m*rK zKiy`HnkkgUt}Tv{$=W?Mg?!r&koPt*fBaFb+@-L#b6D^zt7X(J5HDtsPo#JmP2c46 z`=HqXtCxb-tcgjH89LCT_lg4Uu4Ct3*a-?2S$1~)R)5AR(-I;rJ&AJax0WP8FNMK3 z6+wcW|M7o2g#fq_Ig3zLy+_8CRVCXFk`E@;TQ{Mj;4EJ5aH({kZt<=j_Q+eY-LpnA z)ex;rw&z4~ZdQLyBpelm67F&3Lukb(-$#ZS47+t5H2Ky=6-1=C1L|p4nmU7+0Xpy!CT~Uq`FFR- z2Ub=E@ot13;Pav#1I;+8JEO#3LB?H5=%jgf|IC;8fX7KF?cU9CLM>A}eY>rTr2aPL zmzpVN;qRuC@u>&sSzPuB2JVe6LvB=2o3ulr#NDUA))b7uJSrjw(zw)vVqY1mKRqAG zduaN5936X^>>BKr^J5g6%n|Rj5cXV2MBTegMiJ_kQ(Z%a^qD#JUZQm2!!e{6iS z2-Qf&TYh5wx^7yMFvgxh8!s*M`@ML_Rgfnb19KdAyhD`{v0IFF1k4?8vS)nx1Ztjd zG-BzNqLNB@$KpC+Y8+Lcc!cOJD;Nw}G9%=?k<(n0m8(#g1^u;8iaw$YF^b0nQ>_rVb39*A`) zHeUCuVvsji`K$}P*<@)BZ3%=^&fs^5eR4lX3DHKqok#)6j>U4`$|guy67j8uInWg# zxG3Q_5r-zzckld>KRDs?XASB5rb&A*pVtKCOAZWkjxfyTwrmr^2Y9H^5V(AbxP+y{ zc!kpyxg174!ytNST20uf(s=yJsqB5%Tg>PAb6nXbZ2haIJ%a9Jfk5!hRI}4gK zM(|?i=}?60luTHVrm1bQI_N|hb_VuT9?{Y{()gwibdIl;Ae0dEUvZy&|77mptXauC zZCm(sG+VcyUaDjm>c#y08|l%*^ETJWu?@c-xc{m;83lkxty)?IbyMFp?2{U-IT?;}Is zz8@Rh4Noj-ZC(CWZ8Lnt&QQ9u|0kDa_Ws$?rLkqb$vkGo^OE6^A4o1Iea-y>JD&+O zdj0=@<+lVN8m9Am%(stZ31QRLv53!1=S%JUeCq(4FW3GydAeEyoGz3Kn(h;|w=+FD z7(_!*R40$u+GVsB%4OW5&_uxhr=j(Ke!B{XFpUaK%MM^K%6eDD25@4j72Zll-oW#F zXYVYmbmCPCAZ9Ywv#lWW!;Gq|kJOsa*3O2k*PGbgNaz)BfTru|$ztWg?YnB@Q&qR6 zPM<7Cz?!HR)AVDE#)a3}%B4~g&8a&5`hKcA;1D6!s0rVNhv)Z9u$uJ8XoYpP)0!ye z#)b;xEFB0*(OUkAdYj+;oHOeRDF`JiR?AoEfRV=4d?4iSRF3%-EN_D?s_ycC*M{5$ zU_qN(dMMLS3vu@#Q>y~Yi<;4S+tiuo0CZMJy0|ntIy<*?!a!qDHCTgaU3gyvp2rmC z{OokR`>{s^0YWZRa)cKU3s;UblAWs1c=<`M-?7q8%aq1p9qaXY+pJE0N+9SxM&q+V z?O_PfGunFkkm!*>41_mF)Uq1S78wD_azhVR^z%vttD<7lk@k96M65`D9pwF$^$z{x zk+yce$@O<9lpJr0sug@>;ZPDuHNlrA0>=c1Y#qNAH!gTs?7+ce%%}KJl9BgdZ{R5T z7F_1Ww|go$np=8)@k>)@I_k0sPp?fBk4U)03ET6_Q8_g}fok2j~l~KwHSM@=L-C-YkSg-pQ zim@#o1PmLBSlHaaShq?0{iK-Y&{o2h1YIMK%>BqC#Hef>w8#ONwk^ZY>}x<7f@A^S zHQc>Dvk)?AQCv~lf}ThDql~lZcq#+nK5(d%h8`d=7gaCQDFzEBoj*X%vu2+sOoYM3 z_x$bj^4aW5Q_+eb;vaaXNGCZS&G6PJ)Lj{5`0p1s9l$34?(i;KZh#h2L>fiAzP_FY zCS$(7*b6=ne{bQen*DD5l^lGHf*WLG#^n(F(Dk0Y&OO!>*yWQUdu~^1Cn+0|g_G^e z{fJ#rH#oWY=HUghw=;XM*|XwW zSA2hjvb6w>snyLs_YwTnZ(`q6fr_=*Wnld~tF!QEox&H6sqPN{n zdAB!ze&h%8jKLv0tmRvs9stz^nE)t**21fY+x}JsDN2cLkPuuX?Phm$s&i>T z6FkjZCw$zT(agTI7-A2vxMz#$?plT zJ3FLvNGlYqghHHiOEKZ&yFSQ=2nTtRUI~i()jF!*BP~(SkBrHW`R|SQ2rTf88zW{s z&F$-d@7FCYqmHBP*t6d8oFRA(^I7JxowgNAf0KT2&}fH|3SVH3CR@#3SswpU+SiIX zsp`z19AXxrR+bYJZ<(W!8Eubbp!e z^(|@PYq1G;;y`f7ZaSr%skHEFWNK8O;l?|72S*~9`!Q|m6#Ilr^iEu8BwZMKmrIq( zO?N%~nzRxVR&E50y`$V(Cv!^?@e$^5@R{t>vB(5>- z2SE%kMAZ2l|ESk*r@2j8=Xn!JpS3yKMfF){(v+F zaIt_zQBO(Bx4Nde5T(QGqR-aBqnk*rz|9GIX6bS`w@8F@oaTrQjEi`|MyGnG=K7m0 zt)EAWF5BdQ+Wo?u%TzNn6U8v>(XhY*Fgm4+>(^n>AN0ort?hppJjLCQVOrL&esNa& zq91n3EShUqOI-fxx3KiakCB!lQqE(*1FC%EA|vlZO#d)9TSJ9>>b-I}Mq-dEu-Wy6 z4`fC!u#MSvaaTjoVut$$fzs%~+Y7mV9j9SAEDRe^%nnFkY)9ZX9V7J^H8~LHQaz#} zH=HQ3N#!)F3a9ca)eHzekj|jaYHwLeP!1ydo#GZ8#2Ece2Yt1>WWz(+bRY9OTvv-< zx<2B}JhfF|rZFi34vO7GRz>}`^qvH*>CzkK6Xuzj#llzDfGLs|E-0APCy=4sZUgG%^YbjnEH4?nN4&wBI*=RBI z?VNstcr97cSRE6bOl(TUQ*8vKj@Tgks@54cn5pE@bzfd-*YeY1Yg>4xT5FUs zW$BGah0<(8Z1uuRK7YceDrcV_h$Z*8Od(!iUT8w-{oBjroILimMlNVJsUm?oxO_`P z#J#)W`FjL}jzG!xqRNwM;m(N{n1@-dzWfog4c|5~Wb&$T$M7rAH6{b*_hP%$7eTVh+Zs6LaFvZWcG*C z7KfuC^08r%BIRzmNw7IzRqPXjayE2tvYpoRI(*NUR8PDjn9Qw6J6Wb@auDw`n&+*m z0}#G{T8^s!wlX_zMd0v`8z%Al;6tJ)3`qKGXzu>afL?%XBi+>)UbQPAc_`PAH z$7~}~FQ)ZlOh4@D@OXCWo(sQp?V@d%E%EmuR0jHlHmvvDJbS&DLFn4M{@vj*V0Xk~ zg4vnQ<)lu$2YLG8%wGn+`;%qKsQ^@Fku_G9)htfVUD9Yh_mT9r=F{)-hM_IzyVDgT zz%Pk-im{?zZ=0JWf*uhOA@w{fT~3E%tl$1Z65yO$)mkp zO*d($ZU6=X1&Lecb3EOod7)jTq)YRyeT|Y{#V5YSDKqeWVg8hdKYHsf=X+j!djD5? z(P|82d;-Ui&jp#1IjcJxGaM4;Iv?fn@agLOrt^ZyZb3RD7TkiZjESDX#LJ0ZPJ2ws zbwRMZRdeNCRC%=TRDe%U=c!m)mm8lR^?4;~58W)^ryzx=G5(5P1+JDcjTIS9<$KCFMQA|CH z+R(IjYaOSC(N>*qTDw9&L9rW!?2wrWRSL!ljx4`3N zF0YoDElgCN9Km_3oLW4xw0_jalBAq4WK}OiqB=AyhGHbj;to5+`%?FF1tL81U}C}t z`}=I%Zgm7B`F!+wU4n9M5oXXHw@5Fu5}7{O{Fq8Am`}Sd9k0<^gbcNqo-V}Z0+tJ- z&e)I9=uuc^_i?6aa%|#kfUjIFm|R?`%ng9iE(oo5;MN*<&g{)AWpl=Paf!)O?>x_a7<$`i_=N2jV2YL!y zge z&?DZyEY?B`9505Bo8d(V@lj-K_*RCG5HE^1`due~|1gVBwJ67PKcSBk>e%b97x9~Y zN{&G1X!x81`eE@$8V2@Z=Ig9x?lWuvuOY?kNMUyf;d3cH%1&8fY2%oC9NO)A*B~29 zh~#ON2JaYNBedt=4oh%g? z1`|uEMet~5d07|xO{~J=^7!u0NyUtPrKRrW zF6fk0|0!uqKR%X0F0-l!rSO)V$hYjyVjr6+w3zE-D!TZy6LhoeB@yRle|~&m@mh+W z;XCAIHLxyU1dqp@w8`4lh4i}<ejWn>q zTs8!=_kPkBm{QMz{WM8{$2)68g2g^B2XLOExkc+vDUfHse-x4W4d8V6MCa zEs$xr}&9fHXOv+VjVW1z3Dt;mgIE)I=g=%pmmM9)kKISpkq$2Cq{C02)}6wG6)1*DM=bgc1mJpeVZhQ~K4pTTjZ4D(Bm*`Qy*1g{n10X<~fvS9LAT7W;7B
    =Q^rM=r_Y&r0j8luE!OQuzvqVt`-J-y?}d3n zA=UkMWp?ST&hRS8-l#SkV7QGmc;wlWA4ZoKl#;66J{6g5LwVPM#-oqNH<{BUDRwcKHKh{T#80Te`yyo+-NfV}6t7cim{S=1xa%EDhl z4SrG>F=_;+I7v6HnZPpl)#-k31^g@%62*TEPT02J1l6tdsj&tVb$14WoXVyA5+iw| zBh_vSdiyx0bbjBP+wJX+ZBAb*)oRsU!LeCrC*O^?ToZ8mS{yBSzHFL*+EsXHRY;-g zx~bxiX_>Z+h2>>Xla;V@`p(^X>(-YWVK?D38G^uqu^JnG@r;4O_Ecd^WHN_fEG;MN zE~wpV!Ykimp89Sgb3PkkUx}`EBG%Gh-=+Vs_u2^ zy0IP-s*?V#53@G z)K`eULrjE|88f2h6(<`fqr3{28EwtDo!N|ft#;r7K20@G!Tfix^OPbqOCFJWo4ey*P;rW4!8kQ5!r;U76tMx=Kt|sMl@w;8NOEA)*{M>z+b@~a5xqp-@pvP` z82h7ai?y@^mJXz`I8mEF0cxq>eQlZyiXdOSTNLs+)qn+~_t=#jK8{FnWB_deuT753 z8;;w6>#a2#3J_QIu~95vb)j5f93(8;iY4!jqLw@2IZs!LohX5u`+(kbP}}?kkT3YU zS1e!NyoZ3t(zNHyT|JFgUKwIJOe1lg(8qiS$j(+UWfCEC>TXW-y!~v0e50?)GG4&V z9>xA8YboGGc?h0cSttn|pO^jC>USkYu@BX$Z2Y<@h16V^BFJ1r{Kxmj;a+gho6 z%>VWKVT9lT?tBDYDWY7(JcN0#lJMTk=TP{1y;MDtSnw`~F>NhsJ8c}qkp$pnS`_*? zS;2Zr2XNH`SczyTO|@wO`Y}`O(cMUG>@+61cu-!MfBpK%JE?cbhb4f=s%D$%wO9_a zLG6;r^O^}1y4LC{40!X}0J9>z+s-lNIN1_R*1CHjXCt>wyyjQ&q7Mx>#g_>3Ka zaLTBa)FwRDtqmwNs2|u5b^pX&D_xJY*+2dAg^4l2GO6dBz{o&fqkiSyVGWqos+yd0 zCG)N-xv=LgmF7?lW;T1655D6z?N#4smn9fc?g$||;9JV%on{lA+6%1CL{cCxNUJ-J zeHVBBu@xMoswsZodF#I$sYYhg^+wI6vlw^GtnBQi4q3)g@+R{f{e{W*r%Nq6)g5}4 zbNwuRO1~sI%A6&TW<6 zsWOU^!75}yI5ZxpwZHR)UJi|*H<`yfu?(Ge@gM6!ILOW+x`uqM1}M7|#8zM6yPsTW z2^uVnl=iAl$YYFlVw!sfnBJuFMK&QgLcjG4k2()ymw(6pcX|}d5>+5#@-9?H4DeNa z6gC0*M|i=)-t@00ns^owKD7sgU%a6f=Z!3POM|D?c2q~pfG_9D3dy22^Jo_)Y`^9N zgh}e;Xxq5bK5s`x#FJrQgRc=VwCKF7>o?8!=24D>PWx=HnA)>GKvm2#E7$$(+vBMG zqfe0y77sW~iVQE-qXwzBYq!(AL=#yd`V+*)l>l!3?IVSe-3*VTd$x8Ng|3-RBV2Mv zT3==PF=N5$r&T>cpE_5l-Ptmbu~zJszz`U%6ND(%6)Rge;e%<)5WeD4B72U!+`hpH z51@J^w)soZC2$5o`Ea=LS*daD$w{f|pi1}#ene^N9%WGRIs?W6{OG7}gHJkTa_ChR z%%fW|SitUW9J)x90)G9T7#b^R(s^>1vxDSf#0(R=0=}%&3t&chus5qpcP-Zwyr4zEZd=;{f&8yV6Dg@4^Z_Efu^&j3g^dd+;R@sl&uf>pVg zaB-b3et-+y*lLWnTW35>3S^|{N%6Us?p%q%Lg2lPeI{!wINh{skCdmQE0aENC3Ts*nVNMfm`4Wcv`;9o6ex6zbH-eO3 zUDT;{Euv{BH8pqv;TQ5j*??O%uDsMstJ@AaC7SW~SGWzO-M?qKUl9Mf^+&eE@f=0* zKWnf)11_xtzMIO|UXWgi?QzuG43Gu=4&Qe_6N7v|h*G1tLNYR+t(f0%lL*rOh1N9Y zKzx|H@ASm0QE+lS*JAd@o6l+{$UY-Y6jK=%1RwbYY6v&=g8zDw{49SdP=#O;cj_oF zH$W>(9Ohp=Q6 zx=tb9O&gu2Sm8NhuisTMK6h)AOWRU9^v3fNI@%I%I6sY%t=DfvH+bUzD^YdX*EYwn zfpdJPZuV;OrZ62{*DB9WZvDz5dL-h@_HV~td#Y!zDp2u$ox@i)1JR`L{m^g~u{7sS z>7j5AAF}!l!-l4-j;M#ZF{|s7(Jp3P&%Rflq!b@lc*<^?viswX=;{T`vpVDDNL@3R z2A@T`Pv{xmBKiO{xRzHyHHL?(ldVj)SVzIQ!JDp#jDC9Q#EBQlZnr{xx$YgK_Et~- zHQZ^{^)+t(%>6!8x&H-(%oHCp5ON>0`oH!9S*ElE_|@g=mD;-Y15%k=i;~VhTt9n0 zM7U`2u(3T>58e2<`hz@MrDXrJ0MmS>24c>H9)nR*COc!9wpW5zfcE2K{Ad-W*w|p6 z955f;FfCe<_rI_@$r*(@`!)p@y8XGM@@EGWsGTx4g5OZvFNB>T!>&vgnIirTJU!wL zi;g^w+?e0iZ#=Evd9kNT=$Dj4`d2jc0|q0vcp#1epdt4R?OkudXw=XBa%%~=NU$Hf zs4l;BB!w_tZxlsL(x`{*<0}8#L}`pt?eYjp|2IIGDt7eU4F!s+-Xlk(KCkTU2{H}s z%Z7u49p2Ye9_K%#n|A3`=SOq|Ib^aU;Ldl_&=xqegpR3B|HE3dG)`G%>T14{1YGU0*F+L1{MS*N-KavlCwITg(98q`kpm`Ht6%-LN@oOe6x7c6lhfQ}@fxu7 z>w-E#&SeQ_;()J{-TczxYM@@XTB3#hdzRY=44PcS{y6PdIGD_5Wb4;43Mv zS@gG3xxX?~XCQ8jWDI?=O4t?(|F7NHwh4TcXGm}tfOrk~EiWYjuTy`|UflFVwS8fA ziHn$OiM#S6*4%hls#ba40F|HF)4dOvF>Pxfc{2f_${0Ppk7~p?k(Tn+>IcM1@FA6UCc^rM>xLO=IKWU zaSrgb-pFjqhMg%`2I2yWehS>&7G~Q!}_*+!o4Ddn{4` z#!Fo&Vx-5#g!d;D;o(k0b8qfa)e+%*n`54sgn$BF&!_P+ zbrvcOgPLF?{1fBjG?2(vRgGfj;=9sc@7`4FB*-BdH==fPv<^IR26^sX0{KBwxX(z+ zv~LPX)eO>>$fJOAG~V8h_rEQ5ns2{5L{yT`&nhh~Rqb!a=T4hpBQA=Ph3!XnQuMpH zz0ULRI7}$+q3yM8v(URbTFCE-x)iJ)RUf;_n*7*#8?C05Y(A``M#tx+zH4v$m=Nwuvl@TerSc4I#EX7y|UJY4_{I?2qVY~-D`y_qymw;v29Zl zzjuy-UVJjcP`0-%d1bP9c(u{bf};{6X>~KmQ-!^jn+K@ADLhU)>Nh*tQa%Pi9`VyH zqBBm+Kv6ttiZ5dUDsli)wOsmp;tGlM$|?ztv}&1lA-t3NJ;)-id-nT9I^sr)4T$-xc1(8V{RChIf$gJzpG!lKB{v$UJ*4? zkWb!)9DW&mvKaJ5xC9$mcTL?h6g1dAz`h>dfx`G9y8OC5{OI%4)t2%<+g>CCl?d!E z6JL#L2rZ|t&C69r4Tye!D^D@W>~jDDACMXp({hBZ%rUD~jXG2s3P4mElL4iPN@Wt(>D7Uktr1CV# z!s|@S?(37c+fIwtI_R5$UCsW&rM9_~LgJF`Xa*h5%C)`gy-{lG@0Y-ae*p2Igs%%$ zeyr(05H%OIr*Y>qXG3YwDaE4d9S|jz68e69FlCvg|3s2Gk6MT?b%m1frTyYc+#Uaf zbxkrQ#?{ka5CxTgdbIRk>)8vWq3SZPJ;v#N!{aY_d~jP>i3Z>eGfGOhMP-|6m z=K2KSHKFsYa`zNEqkFV%Fvci#I0IQAMxw(gqoTWChm-E>cJIHyE)V*l-`fN&1OuE{ zdyF2$;C~S&L-3#5=!@YJm^`OVm`}X%_7Q)ZB9M3;T{GUAcxVJ;c$A&~Yqm2EEl$Au zfF(`4PWBC`N|o9PhGxDOK4Io5Lf(p3B3!M+8oLofxt8t9;iTK;(BSNX<*o6<{m6Qk zy`XomDo1Pcz;RG}|7hj0WszN}atm2{^7oBsxnYeh7xY!|AD@(y(dV(> z$Q&;^4@%*u)yBSS@+QJluVxjkvukHn?2MQK|00}`g*aE7UGF^^{-9z6&>o3aNfgI-{nYE$h@8u_g1C2{bIb~p7Cl# zq+$&;DxJjn&d3d)K)PoEYMVd7FiapOL09pUm^pd!&AAVWLrH<>eLy-hYPj}1Nn>h9 zN7kdCbpErYZW_K=R^YQ07N;JwIqx=MhKyes3;J-6y~6yB4<@1mWa@MB`r+9Zu`8X?j@;U?7$Ap_QH=bZ{5WcHMs#LYM*KU3G zn((Fm7PeM!LPAoNv+>1x@iY@7LICEU%s|1Rq2t$HU+XoW#O@-K_R)1XRD5dbNui&x%JT4A87#I0 zL@En1dd;3knXy9gm_ZHAlk3&)K3ZE%f*XjgCFtEK+U7RUa=qujt!#VpNUM8cR|oNP zWsB4VO5_i0sx`pKBAXrPB;QY}isYSNU}_lmKAh2N-aNVnVd#uf9_Y%(~$)XH_BQVwcdhxh2%OSxwqK zB0SvU|9*mEOxW&Tt6F$5^;;-xEsbxr@h=Yik3<-1^2I%{J@>Wt-rc2cbJa&!bGy@b zym9YsR~8<+G)Hv>>^YQqoN5Z!w-~+*81)EX)($w{RxT^l&yr7Hl@gLL*>F0*JZ*72t;XDS2x9zMAx@KlTMpGF1Odvdcs(`aKm+m@uE)!>NH;(=o!_P#ZD5GKQ8#DXpjqQi z?COOb;xVrsCzIhry$#G_OZD@@!*}Ru;(Vq({AT_i@o#yp3-3Fy5Xd96f3v{q!=O=UE7p1KFTLKO-4o9p;Lowp zckjeqa?*S;v^1+Z2A zfA10T|Jn;m1b7Sflns0dHNRhS8mw6_cPRg7^Y_pA62mCeuG>VXp;i5VT!xA4Z;a9Z zaZljJinRaWOa5I+|GC(g|KHov7y9$_^BaC3A)9hvBS2tm;O@)#($bqzAsELyAmj`i z6glVkPfP!^f0alHsS!gZB-7MX9em87UA&CYnjVLnfEt~`kQbrNZt-qJuieO<7Uq}j z%YD&92}cECC5lNBL7svC_eTM8yg4dW3%qT`)lBjQs@&@ZfDG`>@^m;^J&-8B*w~GD zKa|J;X$}>-T7so!X?Fj!A^P9zbVyhLigl?-y+8AEC&rGA>eoVBKuUg zmw%56CA%9hfGr31P{GZt?a!Xqp+71htLb^Dq#_F}%s0HPKfr*G9j%uy|3pDwu35T7 zy5DsIQv2<^?jC+$@r_C2et8eQP zT}xcl7FUOcD7+@Mq8-auDHODQ&+{SFl-W*@X40k0)7=x^HQJKK(ijy%lEctSK}c zXDeXQOtZYkQ^~DZRUqASy4g0U6B{k1pit6UXk$Z0_|FgPoXnia2P>;GEhXKHB?XTFknpmRy&4 zjRZN29lHIo# zE#=}Wg?&*$ZxqP7yRRBMK7=hMUQT)@&MVt|y}QNLSeRm)uQaU(tJ%;>E|?24GSuRF)C*LBu6yf0?wbtP!h;uOz>^-0{H^13%y?;cSI` zJHfcUi%UJo_UnQ!DcMy6P?MuZii7w?+2w^2#>*P0n4VFGKkRv#3@Rn(P;ik2Lqg^N z!Td)LwPdWHv{Bn+tydYsda6F1GdFXi(BnzEdPs|T zDss->@@YYvvPcHf<4tX{cLtfoahI?j4`SMhTdzMj?U&Z}C@CTPgc=l(1_YkT?}$#* zor4y)^5}%$2U)?HSuI+cEZ@7XH7Z?l$#r;fR&50q>CT2~ z?k*Iow=T;O6tunn^mh{?@;qFv=>lTa-LVbEUei>gXgRAhA(pt{idXLwayCzEhX1=DZzP`V_ zoHc+J@JDLg$Nj>;Q@{ba`HzjaGc6=J~H)O>p%jsZ}(R)M)Hjp~? z?~nIx1dT8PH8K*>zh@BI&U>P%{&NKU0m1b7>l^v!oHxqd3* zU;ohJ7yR#`1hqWk{~SmE^UVX#lom)1KO!aFTMF3Ot|=-kbc9_Uh2_&lMn>8l0^?8gqQOl@F2G#KA^Rz#iPvnw7;(tJD)H8ob# zhEer)+auj}N;FSXlY^*S`-D{m;L-d%8BJz|#ndl1yYBdE5=?qgZ=UA1`ubklL>&_+fEeXV{{ZGBnrUORYX_;+$K z{47MeJo(l#s;q3px!?Qn&`;w$Wxk3ekfi-BGiXd(AZ&&dqGd=MLyBjrZN8itv&9z!#<~`XuS--E} zLB5Q%+g@Dj28Ksd)|ckwR(+pz*@;_m4+h~01BM>Ay3o~mEqsd61_vUcS^NnXg*t=o z&`<6OT|rVaC6~PgWccFa4dw9Tpxpzo)so}%%@W{fggU8A8@I|Xjih>dif2i6OPIkz zFZP!vaz8JHexf{~!Mm8&)zfF%g_$u)tojjU7bs?utu!PGIvr{|sd={S?={_igul;7 zKG@rjh>MTkj*I=(r9=QZe3Ft3o&k6t#e?aC`8*{~@mc9t&z?1SjPFAi7YWO`GVadJ zAj`{#>DI+_Yp!mti;%ETorMqrKQTHibq2y8RLx$$swS(JmnmCIzK;&>9-MP%J8ndz z=f@Yyt+MMkQSf^X>F|2dq>)NbSJ>m8wjqCBJTdI`Kz)NiK>Y8ZTtREFKJmEEXOep! zz-(`*$Fsuq%Rk`7pO5gLxu5UkRMef-J0-e0eNF50F4~)LtuuoHD=~JpesB{81ZFzl zjb%FbBOFXJeJ~XiPWj;A;2Ml02x;kP>nT!+x(TYhpRHw`F0W|bu%Y`%19V41XN4Tj$uDk8ZOc6mpRu zg8|sY@Qbk4o)AjMH~ISlDkZb^cKINErtrf3$V$~-B%8bc4&aP#V5C}C2j!*%0g26^ zWcgT>$`v2n2LqaLIidPL$an??qLZZHFDH;^u;gE7+bqYEm+ehLbr5`#`TW3E`B%ZW zx2~TlF|(Z?wuDd7RZr^eEl-N%w9QcYd6d+3b0-!?5)wl^-6`a!-Y*2ytz18T@zo~?tR zvs3D5Y^Axomo5;?kd?Y|YC37j)aczGMC_xZzOY|kjN1i>7>*n|qESbdrI(h%H_r7B z^^FGcllV{el)yAh79QrKR@depD*9vh)!H7IL0w}f#Y@%#>T6y_wtnO6#o?KrX7!Pu zi72bnj}tyjCRuO4biotnP6?h-OYZgF10sJ?Zw+10-#2ZSUm9Z$ECo->$E)Q4r{@FDHhkm)U3C1=!lzX)ibV zc#t)Nn+2O&USQZX`$Jehu41ZCVi!jUR(uWN=jmak_uh{ZK}C?ZyN#BhLc&#JauC?* z6pO%)CugzBl82r@u2*zV8zU(T=jSOP?jGe#$UJLMjLAeHUPx=NGEF>;ja{gFFY#@c)n&>)8FADF1@ZuMgW3@SBR(=kgYcnK!5PLEN1ODRj*i$DF;^Hx9~} znRRuu<;16%A$iD$H#z`!H7QB4Q@x=4Q+A7r#q5gi{N&DIbL|+{AE^M^>c<{*atEIy zd!qnTDXZa95f$a64M3GuyyH7~`*Fckc=VIy&hvu=BF`OnnB~>!a`U+7WkcG|k?JWq z>46#|DAnuYs&Sg@9K-R-XlFL{z?-bqckOto}45}l7lbMO&wnnP~6efCA$ zM;msmqnUztZx_p$?ISXdjU^!5ojUOdbuNIZ(?*+7Rj?|)spvqHXN{=C?17M{Si!X9 z+PvFYEshS7ovkjt&Fhue^<(om`_{C}MKX+9tvC$HezdTjCzbWbK=v-jYS!fKn|UV8 zd4W#Gh{|eDaIeWZm2dTY{kC$&Kk#;}74f|a!?{mGT(b+j&MSQf>H$8K-(pFi61EfK z#8-4c#Vn?!^}~Jk6C-FQ8hve*Yvj|>ZiRK$vH$$|eTmqIqSmmxGp=IDwdHwZR6^H~{-7h$Mf<|(lR9F-MY>&FK zzEL|`g$JIf6Qn-S)|9pd24a)oUg*FSY-n>lLjqy)yq&sU`b`I(C*>XvZ&8_9Qd(D- zcq~uPI6Myd7r8LKlfxb-jTeAU$uSgfVz&6ULTY_V*SrSZ<2kr2t7DqBCDlKZQKf{< z`+!Vuy*tP#&2_-*nEUCiyrPjyZ{uGbAWevTdRP%Rg1T6>{BqLOv@amj^cr;uC9MFc z;Jqt{v!-=iWMJU~VNAAyBEJH~fR<)car4(24P6gSPkuf;t2BdUKyUMc?sba1l#0Bt zPSkm|r`g~4=3M>oW3Cv92R$vO+kUl+X?;YHCotKu^O z1qAWTP-W9sABd}IPhdY_M| zVTgN-d17H5MsDZ*iY-0QOgrG;bMF(+BwTT=Fh|uH+?k&*i($Xxr%~!dYU>gOwsmwr zl1dk}mqvu`9__|^ab~kw!Q)ak9p_!Y7anIlEjQUNu9Thx5>!HFnpD8T_4ZE(DAt0k zCi~O%@H?Grqa>l$Q#@Ap{jgFac}I_QwSt=*Sw z^u&VzL~uQov7baIRXY3g?guaDbZuLoXL$MTLLC6rn9d@;U?!Dd70gPnhlpwTP2nEV z<u^Q zVO87(-c@0dJX^%@x;h^d>Q# zj>6trI!`+HjI|g! zn9e@T!;dlv9RaWijtfhqBHD{UuIKGhLg#>C8OuH$^zrstqz7|P;CTf$mj`e0E>K5& zquAwI=Fl}iEB2KMS_fKGq+voSzwPoJt0QM1>#I8{v@DSyw)s_o-gI;OlZTcLy8Ba4WBOpyL?9*B(E*DqfH(b}$3(}x! zIgjY_tJM3ujP#?eBkq!f%kK)^(dl~nNi`c&^5vB%ZkJs1U6+uaj0Vvx?_VLR3 z@B7<_x3~8Et{&6ntV0sQZ&#?ZffITN3W6hh&@--6x*4dfQR(b?GT6sXZttDV%tIrK7W z1##@u3vEoWTM}HdnDyXzWL!9T4r%DTFS1}-5|VRKDqt&aUzzf?H#bvts^wzXGjv{g zZeIGX!cbng1gG>?;kQGwmk^;xa6Uw;ys+k-_PcLD2M>=dBXO`SFqg(<%V4teGRm`~BaS-4vZ`)-a=IPZ5K zk^AXX+`d^Ti3(4T#%agz+VtM{non0;EO3%8CI2cxm)^s<9Dk@k=Aru_e3@CZ_g;p^ z^})3DnL1>@tj$Nab8K(tE@kikCyru^eTyhg2<+qAT83Qgb+$XAR*yA?03KAobmno@&kusV0`LY z_qyjb=NkKhAM(y*+24GqkEr^+^Yxk58vIwvfl7<4p#=7&2Uh3pS(Z0+DA!qPK4&Qx zqHjdlGd63EYDRq9TS+kUiS{)AuYkyHonn+(_!=g}l7HDOggayO7sqH9PrH1 z`5@fhrm3~;Zc|WiJkzx^#c-pJIak&fCbIt3ySVs~u!0k{Q^lvq@A~!YnES0UA;q27 z#M&xd&-FEu0J}V4y5WG5_cx$_GEucwQG^c-^=DlXJu3AnM_!MNtZQr=A{)`Fw!iE{ zi3QKiGv`1&wqNwT)n>*rQ#`|=RQg?K&YC>`w9@rsmfxRK^mZ?qk?Srt<75qEU5ix-If=A2LF5n%u?7{zC*a&*f#vw zacp7qz?W~z|BotgQF@Z(F9%~?%e-}co8s1_MoCR&ar*gp0sZ+FwnmdsWBFSsY8TJU z%H<2E#w+xhu30Cta-bde5a#D^)hwOIYlif5SuzY>0p%pu1EA~ah?;?cN0xNW5eM1} z%9f&hrenbii_dJ&dDLWT+V;oh*_nZb7F(^DF^S2f16m04^apVF54Fd~vKYmD-vgdr zP(4qBf^(y_59F~HTQ%T?Eb&+JH|mD1ngkQor?q4TA;r|Ga?MhxqP7HbfzG<#UqPOn z_+7`BcvZbeRTJ^-7V+~ygHkQ7CTkp@0k&WUIq9NRa@Ol}`R1r!^AJX!h!EDQGdRFp zD_~L}vSToDHni6Z<9~96Fx;ndb=sp(RTc6fQh9HYbiL_NmDd%73_5){$W%IL0#4fU zs$?U<=Es`YR!LVJ=^l23Q9B<(-xQw9q*A;ukb>CVBr-_%9eqnQnofBW)|SS$`MQ~8 z7FT^=bS{G)7QkCf`c>}e$n<>9>6jP0e2q*z4a`7}6sF6oQD~~}?$N$FR;%bB$CHjZ zo5FNQq8IT+VGO-tcj^e;i*M)~bS7`^hbZn$v`>Ls?h}3IsWUcjryjBca&Ga0PJXT~ zyqxLpQY`YVHqDd1gJFbpukQ6yfK_!u!0G)QPu6m$0vHU&ba6%c>Ru=Q!(yv(Uu@|V zB$(QDvTL9&n5tdSh8W`d$T$WCPmk7(U*VLPU6;<<%K8=aw3n;J6V>tdTruA*aOk%> zY&w0k5Eqii7ePD8TT?P)E($P*;FBb`+H@9M)F4kFSySa#LX`@`us%V%z1Wlg1Fksb z1w!g3Uq+S*ivY>?oRJmQG&zCVkmIN6f=j&|GiJPraU#XDUiq8k=7Su-;pTX?cvo6; z4FrCWRVxBTVF)d+Tm0nR>brRtiH8}7aM+{AYOvX5cueAEj+bBbHGyNp%HFlTx?8>p zpR7yn6pq=9fuJ&1h2|?=?%HNrzhmIG((Cb>sVC4~N>ew&umPnt~<_Mm|f0)6eCuxi;7U zts1F0Xm!M~g3rNCZ`Zytpg0_8yo`%itr!uX5Jo=d{^ZH+ulyi$T9Q%lf$yG})*s)^ zF@~(PH@QS7@{gQAHcGKrAuY>}61n@~1p`xC!v~jB(fiRK^4YPe!*}3j!x~p30G!g{ z(fM(@AgK`?bst7^#2R0A)=L+m8x~q5%`Uegq0!H9fvGp!8;;^xDbswJfynCkzpwIT z)H&73w1tQZGLk7X_hJ#|h~<&X_{QGee(>#SZs@TTw6vyK~MwEVv6ma%n|0oi^`)j(qq%(6rsqoi?=lQt3$nd9|O4{ zi_^;7&vEa5+WONtM11_pFE^DY>8y}(1amPSlY3+gyEA`}yweP!WvIQ@)8o?DOF+gQVltWr))yL6;6^vx-Eb zH1#CVS&5}ah>?;nPey;9Z%{x;nFV}Qg^7#L?>t6$$v+Uh5U>L(UugYpesae=`iPp= zQr#$bk6Ay?9T0nvKlnUybJPQHa1>fh5)`tK9%(FL#3?@rY&~(a_0w}kj<52P`lxzM zj^WlNqvqr(ulyN1emn%YUy7Om@%di5j(Lk|W_-~?haBm$3&$LRh(YtD3jv5FEIiN4 z%#j)Y-jRS7*AU4?Dg2eCrR9`n2bekS3Tj!ZkABz%kc+$`qJ7A!S8nDU=2QrPd$i|i zjwzR8ATVPDF1Hm^2AHH(R3_X`6Ri}f0d-V{d@ohdFUBbN6GnpLH5oa+P! z^iVwg6eu3l#PyoQc4H2XFCiZu0g-BKU^~VpU}9;jI-kr>p*197kz!`~A9v_g6B)rg zL>Q;!=&0QU#MszTTl*=W9*`s0KqEnCHWQ<6-DZ8wBR=lImv_$1&oe`1GlqtT|NQLi zWKjdC-}n=mGYS_@{R##7vmmYIj=Qm0C{u6W#7ZOoe8B>wa20U?yHT%-s`BCe~J{z$aEe zruk*~+4Ha1FhwxnT6J%^F_rt+q+z}>K#BY^vS4RSuy#Z*OzPLqQn|N`JJI>iULu!A2<=ziPjaN3=_y4rTi+cGqkyQZaBELU1k*?V= z&EDK)V%MyGHex6KAZIpo>2!dvf85n&y7H7Ox&HI#&mk*AfC&siJ6IN84S*h3TWzY2 zS?6r^5!t=XyKLr)WpEvgK5p;3jTWW^1UAr#;XQ${r65W(9Y=~QfUEVHO934I3b2)SMj5l&=4lIdsz97Z*A% zC?r%s2WJ}AJetqg&0tOo<5MRMZKxYF3(7YoO1j@=#Lljr9W&YF{xQ1=;N|709>veT zD5gj7?2qHS@wF7xZYX3Pg1YK-B}_J@bk`QmbD0?PAMPeqQ*&okH+b%6Qi$hr!Lp-a zv`j!NY~OxPfh&Ec47aRb%YO_=m10fn}VXul^dbach|!nXbgpJ7FDWxtJ{`NXrGz*Wtd`=R_Xr)mjns$m5jx zl;ouCV=XnZu%_W8{q|y<)tx)MqgfeOY5L5enI?PmK)b6_bzF@_1@ak*LJ2M_la4s8 zKY!C1l)|Q!g=?+gjuj z`ES~Xt?gcK4iqBB4EDtVd<(HKO9}GbpUd6$mASoF3E!Eb^=J*HS25P<^+KSir~phU zQ8jtCTyn|K)}v)1WRGH~h1+96fNS1Ei;R-3cW%!M1r;o$TFzH>W@W8iGx*P;ac~&8 z{N$3=+s9$;G$No8aqO#2f)OwHjYy@7qBZnn8CF=3+51dJy~4fk4A{i{w6<=DOhC?) z=pxXwn5O!G;xX(yo{L64G01Zl0&-*pbx+BUD2nlt-ziHX0hv~| zv=&TDPuo!xZX1S<879`&U+OdCydbhfLfo6Staf;M)B@bX@@#g?3O(PP*w|o6^|b(uYb!hM(BLj-t-j$?cQ3h9Gn*q@ZAC=2b6fy?D6CS!Ib{)#JTstu=T^@%?rGKPDr1x4oTSP>X>|)Q&9j_+nuz zNYqoB$LhJx+57Xql3(r@baiz_!tOJNLodX4r!0iXJAGaNfj~QZh138Ca7F z0t(v*S}EPo4OlpjYdP5Hft}J`euyl%5nT&ixKWMcJfigR2d=G6+gef}VN2hBEPFM& ztnf?ZsDi94Fzs~d9+Evf-rd4wkM^oOB%79=9udtmmME((!}Es6$~`qc@6sh?5pTvb zKz`)1jx<+3LR0WI+{agPEe9?T(z_W3G>wOchqVPSlq#t9kN}9Pb~!}JEI|FvkWQz- zU*&$$F~^R;giogz3l)XX`?VUHG8v>0fUV(39mT2BkJ7tenr+VqYY?U;SzDu8Td6#Z zUFz;1)aK4F)MGr5_rtdvAe2X#2bpza=z~GX!mWf3b!N=w!XB;2{>NkDBE4pJw1-Q{5U2(G?!#$np z^J9c+9llX{G0$(^+9B#WCajvEmbsv#?>hCF#+feSUT*Va?9j)=)@Jz|=l|wlo^${T z(mxbO8$h@nKP3Cw@njK40qF1h_hnW;I}(tX_C7PtpZ5#aebf41cIudv`Q>j@NYW>W{)#?2I`5um$L`%N^{rmq<(97fuPm|kR>}+!j)$c(Wmz+M2OjNCAhAa+d&p_R^CHXiFTm17ja=)}jZf{JqL~|p`oq?T_ z*7}#(OwzEC{@kUZmW&l!*JH7CAA4PQ;WBU<&?A0aA57FM)& z*lrJ=z$UOlslbMY-9KoXn~j^B1MI$`p;J8>IG{v#H10gU`?;w}jTLdl90feQ)5Rqo zp+;DQ+x!r=p;`JZDYnHmEEA4sE{yTwu0L*NZSu9-4E*Bd-o;(&EbvTFiw`I zX(e)fJ%Y&gk&J{&n{8+P8SHqcsh6YJ))Kz*s0p@13J`@x>quen#7lRtY}E^Ro4fB} zSAUCU_H{n~Bw1NYh)nLr6#>|HDNp~kY3B6x3n059JAGHzq>>k-(55|s6B}Do46nHj zpSW#fUGuAXy%o&Z!1~25(E1rmDNcMf&MXkj=AJA`?eoy?&Jc>dVPReD4$wlGljc)t zN5%Z&!|C;K<)O8=FZ3Z>V|HfWpah%wG2f=Eg=Wn831NlCVSdO%JV9sP4K_2mP~(tw z`LrY`X8EO)OP)trmO4NnY@3xj&e$c0J?inn1OSEd+S`2^8X7C%_FfLbbbaDONAf0> zu@vhOHwmLPIsK^TskaC)rLXGpHH?a@jk6KOvi2Yk5e=JqDB-M`2F;4W05n9sf1{!G zPm|knp8DCobZJl67TpALakJh2O1d3oSO$1RDQfNbfDNZ%0tD{=nQN0X1x1_dNiUX>20##1o9bnHBz9yUI~ zQJXuQEa6nqvMUfRHw$E?vZWQ1idDa(nBR@r4J`svWtKVV)4a5%aep;W$H1;TbqK?Z za1S$=&jI%>erO|_`#{2%*5@DQLS+i@c;ejbpKtz{AnFfMpI_^9z!&gd>I-n1bkKrR zGu;7YL<3(kX?+L2N#W%@|JGW;>bsPdmewdTvk9VV7)EhtQSj!J*6VlT?}t`v*%#Cb zjGjVA9`e&z2+Mg$8V*>nBwXih;?m)->8lxdseoH}meG`#^+7geU+T60@THK~Xp@CQ ztn{z(bZFu2?Wv0a?_l5}`_D{4L!LGvYiWPj}cHVBDLG1v8jX$(Kt{ zd!u<_Yd_g6^=duG!Dg!$?XOXp`A$V{^Iuawzsqs&(GdgAQ1g_>>#@hs=*p9D<_Ge^_0 zrM(*8%=g6sC4XRf;*rPd>gwFkKGN6I;J@KOdT~b!p2jEU=QWI>^^}?Rh2P9MYK?jQ z@#9l^a?O!(_r{0i<^>ClKQL+nDj9+8rBvFhVaNJa30a4I{3HK&{m9Ajj_~oif59NJ zDluFukhtw7{|Ojy6*VFx=^HD6`nQzMB!;pgnOiW-);x5AkNw-2Jzu!H{hH}Z!Ovuw z>DT@BfrMn`v`=4_h{`(w~rU1G8w*f ztcDe^w5G>`ae0`aSha!46%~EF+Eo0b?Y3v8FgUl`prs$_C7vtU?a)>7ezLuq*WE>`n(Q~n=}GB$Al?t3e|yd2JPT%wPs8> zA=pP0<(M(tm0#SmMYJW{;Cyny70n6s?Dy)0chM38PW3w-uHcaJ-(Oq#SUCIg-^RFu z)e|Fid=piivH-^YNh^xrCs1Oek(^n$`b4wdM&?ZE=&_g+Eo>PpXKx(YjAap`i-3mQ zA1+mk$iDwIMM$r`d?-;Eb2@6c?sRM<_tMLlrE*`FhgXwtL^Dnvtpd_PKt!8&#qlu= zcdbW@@C<(5`JBK(vuN`eZmS|+P=3*s=hpMKb(ogAVrTo7^s`^AHWnwfZUIS7hhzac zo0Co=hPUsE-In$9`!**$PS!ot_*K4@Q`XWs@~NbbNKo@Ja!8D?E~)$ZpJ>RRtjY38 z;(LOk2ywE060sZYsJU|*Bp@@A?H4JlEmNO8U+Vx_6MXwa_jK$lk!$nXr1luQ14|F8=+3U$#WB zH#l{Xf8Rn54oGUWkkY5vTk3KF_pHT|FFK~7osM_e&_Je%1}D=FyQV9sIOt!ijyYQh z24+sWDJe^hFjcq*>2j$El$zJy>*zm+bhHld?TTb0=VOmnc#7sZBkmY|8}aAOIK%x% zVRect+&%1CGFJwIyDwH(a!+5LBH00?#68^;QH?*7BmpUS&PViptOl&JFJ;o#^0Z#@lta-Y4k zy)sw~)l4l9S^IKrOy$oeu%|mfrw7#wRZXW`I;TqV$UL|9F}FSQV4ya_L+oIv>n;+U zX%161bB+Um8HVdrg^X2BueRgFZG3{P>Z=&C!ZKFe@Z^m?h$^|_nkK5Xj~Adu7@^Cy zp7mYfLItB%f=9{HpTFi1WO;BWy>y8;lFC&NDGpJ^CAJJ|sHiR2jN1h~qX)I}Oi(HZ zaA64UNzXJrFLeU%DU8wNDxqsLr{!=;qe5dtXedV7^D2*1>f|*O$tA#qa;42*ZRwDP zj{vt?)V$Zlea{uMFFS3LCrBj*ucBlvY)8H=1XiuawjAr=h>MZxGnXcoVb+EWEBnGt zbUy~bKC71RbMOUZv6G)XZJb9e3A`O7MZ`sYjoy9RGnj_0u{ zb$Cf=nEa>{lfULoKX_N{R85&;>}V|xqNKF7*^+b9z_`6=GvH(6)Ko0f*5-{SK}1DQ z>09jZhE^UzYsb$Mw;*OKYKQTNzECe2Su6_;jKjI0B(#iAVQxkHY{f!)l>dsBxZY5# z_^gEwy>mJZRnR=41wr4sH|Dk7mz=Dfbb8c|EAo^bR$~;Go&AOQ+RT*CO19T@d)yu0 zn3MIw+UQ3?ebGo@U?77`zC5myi+iA&(ASSs;xT{@e0ePU3pu6{xjL91huxeJ@q%Qi{{&Azm7`5P)OR(c| zHwmF^hCgc&zkFq|EDkV02=8ED3$0!jtBS+CTvo zpzR#UMa6s7W=VO&$G{+a^_^Z_Oy%Qud`9lLzA*G;HnL>Gdt-KF%>{|to9KOp(Crb2 z?~{h%YyEF5#(@8w%CfZgbZg_8mveIeWxIHCC^G@7eK;d)wIDX*D*mFKnM=By$#D#z zlzDy_?S0ItE?a`0&i^v_uJpF#RXlaArTRI&T4>*XSK7Y49yp%t1UCQIy>XVQZ@6nrN|jA6g0JPrRNgO z#_llhWb3phJjgSD;*Q`v{q~j(CIAjJTJ1e;+5;I>g_-B2;r%kRu-G z2XB)uJ9?FcFI@mHeNHBca1aRppB3d+INmbP}6Y&FBpZ!`%3094<1GZ_`-~J^~B2FCbXuoZ=ooNtW(loYrl|KN0Qk_=Htwtf}4p)UE%l)`0#>T*(k6>?YlV;>SE9PfE}w*nhdg{<7G?e-rFtWd6f^s}JE>SX@+q!i$oo}}-YHU9o6(jJJ) zw(!(Np!*+a}`>fB)SBsob`#`hq zU;iA?PK7zo#ej_e{)WrK@^*Tu0G~m6@V{CcRKfmHb^dpo40FynYy_>u#?f3!X%Ikk zJ`V&21~qaeUp!UqFs1~7GyrSRMj(tUuov)iIR$U6I@7DNB!U1>XkTThJOmP$BjiKx zGXyt8M()=l)^0c9!v_=wkZ@6cpOU#W_HtFvN7?78ei=Ai&rX=`5ju0&e)kyJKY339 zyXO8OAx}C?(|1xGRhnDTJ&D>y5DmvP)iVJ(gcuv#*ccJ++1cG^G%6?_>wgs!=J>?x z5tCeJ*72{N_rK29;7==`R)7u0;YDGa&rf3DUmab6`L3=$K(i#|b{rZi<5y7-QO3s+ zRlNc@#n;|%^rWY!v;5(7Y8&rL2Ie;Gm(Bos@bsvUn`0R&^WD3vMPbiI-MzeM8{uJL zjgCQ+MV04ybThandxl=oIk9Hf8QnG&+~6jx%Fg{Z8)R;R;~*Y_LRE4 zWkr6z>k42+PTn)P!zy(42ATAoblH+|2$J%ZdSznPW@IWqh5kuST1IiL89p|i2t#z$ zREs@giion-&vJ6z0_-77W6LJzbBAb`@Y!Fitx9|9&A89Y@K`$GRGPc#Stv=zb1jT~ zvOua)zvf_O!sTKNX1MD)GN$uy@c|c9M#1aw1$`Wr&bZ3^CfEPmhwksTqnvF6du!fV z;?@72hSb1+Wd@N8mb_YvNWiAzIB4PLh#SLY|XLuafW=}aBr%{hJu zRBgsrXoZras2OL zaQIYv@E4gM)3H7+pff_KCzM@KNKD}Y#uAe5VL&dgUvh5seEdPy>C2r8!G6ST>4aqAyHis`}jXRn(Ut4NNHB)bn@5iK6Ht%W$6E+hp zG?42khlILA=P`0%r^i_lb@vDP;9UP)sxMamZ<>I($U|M-`|ne*@$=WT1Y#ovowKL+ zjQ)Es1NhJ}UT6ijqE8T5yWfj!;RD?+ssy}5TQ~iyd~K}HSt0Hl2L@J?&(QS-gS4wN z;dwdoRvFqkT)gxt-J>ss8fx7|H3%+H*Ce8wE=xX`x?o{rWi?wUSZ;n=H%Y#9_X9() z_RS~OlGyXwBLp+~feM+@wH@xJh*e!?e>KB5V0jde_J7Wxb0s1>eX+8q=K4a#jhnuN zqyb3??-}9AAgi4~b>+tt+}3+0#GmrKu(HW->T|jlN?SeY@%H-M0-d>Tz2SR^<_fg( zOG6%9ac!KUxn0O)bpd}E@-dL22gSh zY#0p4D`pwgpT^;} z0)J|JzW?1CVilMG81mO4$=y<9Hd zLhg?GiJlK5=UcD;yO2Qc1v>c8w8bmeO$3d-H~wg%qDJy`yzPTQVLVTuYOA`nu(mz1 zxG(PGNG2J&METX;oYjcGMy0O}{$O=Ty_^t!tO+)AEu2!K!lzfqR%P2!J6n(H!UC7< z+W_@y#Tbx`fLPt&SSPJn{9JnRiO3k`5ZaIp3ze~?DiPVo}h1|Sr& zk@#^V-KX1^{m?Uy$4Z5rWV2aF;AQ5fzX$X&f5QZ^Q-gdoi+xdMTC70?AapHmJKF~% zwlR-b!@HfR-HLE}ULPyAp1K_f(C*wi64 zRcoQTxJ24UehTt8Vc@m1R4ABK!_=;hAFbF>mSF7W6A)p`v=Gl(&0Q31>fyMiIaw~< zi`C?UHCt!p!u-(rBET7`6 z4~(nQjBsmV$DYNS5UDWmLx#OOK0OQ*x`{KE9|*T+9!-=MU}M}7q?aS%s@@6?04aKV zo#MVOwn)D@-{bUb_2U9-EG&13=CJaJf@3C7=H0vNqEJ$ncqwTv+CbF20cnXgygjTk zg)&|awt7nu{(Zp`VmYP5&H&dKo)(rN(yVZ1(?f4J1q`0=Q@kP!C^9|}^ z7osoQb#x@N6}W{PW5G^S!0Ss{^7NX? zKk(Qs-$&&oF4U(7$fB9jr!xX|$*XPl1$ZB8S*n6yA zQ|$`hMv}o~>G&YBwYHjQT_Ujo`F@@|0}s@^YY_4H?mVA({4x-YhSbO~L>!nn+v7$~utVi3^EYeV z20Zli{JYLXEW#`iw2^f0r0Cpuv0W`|sD#_O~vfQ|7sld8epS%%FIgXC%K0p7sAM%Aog zjQn3M1S_U*k*^V6i#9%Kyou~n4Feyg)%7AFJAFJY&oicx>Xjf3a;2A+Z4tARqUwHzp(|v3M)6g6%2V z+`b%aF@LjN4roA7xGoJawNds;Ww=-rKz#oFF>yR7d;a;)pR(ZWknK4Qwgq6totxzW z91tA!$M=#(@{Lm%zLEs*i8S1zKtHcsS)S;f#wn~Us8L(R>kg&_J-VDy_WVyt*(~qF zJW;E?z6NQ@!rEF;;b!s6m5$^Z7=PQ}Uwd#G9VMK#PT~aSwvg?-?@KLOL`)DCRRi$$2?O zE$i1fzj)RpVX34$sT-T%dUoEERBMH*DVuC>EcRsyzzcDt&rx`O^b!CHTSji?^>YQ` zs=d+0uaLWBv8Cqw5E3mM>jLcW2b0Pn@-po|ZRAS^9zBHOA53sEt|=iN;FJ<*>?36p zR3cC-$TfYi!zxx+kF-EZYR1?pL{Ju$tMJjoNW=C9E7t^rJo};jh#p0HEEc&$3EhGiu=><#_AJ8cNrqZ(Agw7^^W~`1YCfkAkdHDz88cZ< z9W3b1XSmNpQ9VNmPP#0K2mUML_UvFAvb!VA7||bE<#Hz+Bz&`gCT!R!r)dBm0W)Q2o7gt0w@!xex8b~fd5H?l<&e*yU*ipb>L*Kyq+x(oMT zog(FkzWuduzSPHL$$q}^g)DH7!xR9fVhc?OKl>IT5!dbJJyCpzeH$hxqw zu;~lUT9($QUJcg~ta@4rR;)fsthHI6m--;n21T@TY;!Wy7~JFnf23=_nPuLD>|X8I zWLv_PeT$+b`D@@5KAQH_QIf80wClw=VoE*r z&WANyUpf=fJOni2OB8eQ5Wz>+WCs`@79xr*V=}m{^+3B#Lb&scrsJD;nUquC8~%Am z6+?k+ktZG|kZ8^A*`;)yj&x7Srkny%6R9_!_Z2RhKqSa9_A=vlAo~z^S&bPhwAR>( zVYvOwIU6W3VBisbMR*`_&n@m);S6A`Eio}x7s3z+)CNL9i=sokeQQgHN_dNN-~ru0 z?h0dSpVc}_$$()eI`MpvovdE|&Dytk69HaQwg4+|L29vu=ZsUfa*kMO=uf@R@rg`~ z@flxI=L^PE6IT)HR?)AfCfm_}cj_j) z`AApeOv2XPIG;=s{oC2PX1^&N1|1llpq*rz#0uSVkhof-PGw95ESzqjctc1v_?(2x z{G5KJsH)tVp>X+Md{w`VVR2dcwFAA9K!nlee3Q?7)^}q}yc4r;2S=ja5lomR!BL`u z4BPU1NJjAWF~)}?9fuHkD)YVRI_sag^Iq6qH+>)#Hzj)X>FLI)%+kp0oZ}`-ZS3h+ zkYn#4?`ULH4H#)`OYE+DMAmJ5baARnq0B45-;7nmib34EWz+Y()}krw)ojeX-X}Cj zHE1HL&i5XlVS9-rXTUQHVoU7?cImWiGwM3~4$G)mBco@v=G4;87%yyM#9{3Rh#2dQ zeIWsgb4M14W^oHec=SRjt#5aL8@pYq7&-ZFuON(#_@RgBzh1XdFyDa_*HSTGfpzv| zkXBoHc!Dvdo-dohWs$K*h=s#<3j80o=ZAvsEZFb9`);(m@*vNJaJ`pljC$!UbF8Z> zjNiV9ozz##VwAGi~PFqqQB%)0yW-NFmLF%0eirXwhHQ&Mx6LyJJS%lq8 z8)aVLr`f<`=gr#HUD|kdnec#8gCyJK@ulX%nQG0298K5UFE1#taf}XJGWu$pPHRL_ z&!*jTMrwTbONIv)ASjzLz$8nX?7Q*~ju3yD;nG*GiXJ(h`O+IJ{jW#-$>QH>2`-Hd zNWlD}<^ALqULo{%@C1Ng)DL+bvUz-M_iHF@(~-2$hV%LTFjv%)#bOLo&hMH=Osw|T zrPpM@vFYw2L@j=V{WS-IKK#_gvB7wnNv9q}gLa7(18nG8R%-?Pd%~a<^DXUNQX2() zQ<-z(`H+{#yb(k_@GA9p&NHOle9jq0@z3LVIq9!d-W%0!fctwnf+hnuf=nGOw6QP# zNW=JRz&IyQd~HxHtQK&>!WxObbshuR>20ljObbX>P1(e~VO)SNjMC~2k8UqPdg41I zj||p=4@uhL!iHRYzQ+l&X{S~kE(APU$A5~kFmKXG;X*-Sh$?zThOk#>ov=-AZx^C@ zcod)PmG!T?=rXU{juD*(JS!6>gzKwVn+PA8NVL*}XU*-^zSeSme%B1<$GVH1pc&!e zre2=4N5fD{lx$g%2Up+XqeXml0%l-{0Zqj2RjNj{|NLzm7>qL3$4JkmS+AY_^!f$a zQ1TkL%VLOI*H3ZkWQR~ff4D_^b|Cc{efW280{f5W4-s0h(p$XLsAj3a+gZX3!T_m^ zD4A#ezC~|}lnO_%td8k-3VbuKzeUld>CWr4BF`SU{qM2s|28x3`!cKS*8TAUjlMi# zygR!RwuGH2eiKgrUO0~bptim~3z8kF3wsAy7ebMPcX|)r$%SRuGBaS=S?tue7c zkb(k43kL2xcC(V~_rZPPnIE_oH_VHFp(&A!+e%QIr1b!6uFuqklyUx-_+w_SZp7T9 zJ-~*715*{!S)@1W55wbI3FjKJX1A*W05hzJcjB9O5jMC9_L;#tl^I;)HfCIZaXamS zz0e9F3ISq%R6p-^Refb?>5`_&@yVzzy|EXyykj-J3AJ^|yJP2G3 z6#0FUA9N%NYwupqI-mFzFrHMh&(Rg^Y^sqVpMNb}t9BqqkrsV7i}Aa}fzEdbK{dKF zv66gM9o8}P*YLav{9Ij)e-2!bVQwTdP=3Z!ZY-2QnU3BNjxcKHslja)&P_##XSrw6 zAis9si2Z|XK6#-Jt6%yrw-9|p|EK!_LEVZQ`s<>MfeD}mV4~NUb8^yTunup18}-Q= zX!cDUv`#u|EqoF)ZKxttR8(Y3LETn{$eKTrihderVjxoaf#;(6tsZQ4a_>%SvQy-M zd$_Y12@8g8(K@!-rQ=lbV0H^9iobeh{Q9mbyD{Tg?5WfRrB_DiSyU4Ep>t_LSa$Ai zR`>)ed^clnwO6-_Ps}n^2Z~!EPRWN8Zvaq$@*-xX2q;$z4e#%=5y+9Gy;YFxuvr&T z7dX0mxlOBo(pNJ6JS1$aG$F&jzCE`>i~ttd!zuXXLZBw{Q31Hy*I%u;txOKSSB|Y% zXNPG;4auJ8ZcZ7Zc#*>k)^}4!V#2!$`n^=|vLC`aiTvVutHkp_2P5Ar5!el2d-st1 z-Abj*^xSPb%=Q#YN>E3g@Tj|oV1BnIu*QeBG}JdUD%*D9Rq;>%4>9XacL5ig8OFBa zzWF)XjAt%=+sAncN$SD67U>`ZIRWuZ0?^Vah~=n~{QZ`iHd50mB`0xeP`ajMs*?(> ztl4LBE`^97G;bTCX1l>!5G(nD{;^NID0w(YkJHpGdz_lOLDWqYIxdRu0eSZ?2Qmnpf@`CGEGsF8k z1*t!}x@eu}ejQRwk}-MoI~duHV63&Tef&#EbNiG1`ZF+)q-W#ni&X?`V4qmF#_GaPOFXK~cd)h=SU(?^uL>HX zNP}S{V&@H&#vt?O12M-`8V^}1ZcN1@iDh=Qk!&v=>pz26IQ?vZR7<|({q+t1k?A0> zdAT3058gO^qt)zr@`W4D0@b~-Yqjxw_X9rq3r{1|OKb{DZUU{q(cNmv8(96FcEB$f?By#_$@IADpk&d9O z!IG7!>CUnz9A4%FWYWpW$_FV>CP>Il17oUM{V;i~sa+WY`R>JA*2K&WzYh;pR}KRS zT_aEc=y3(mGV&kZzCxolIqU@r6u-IPP%Wc6AHOz8DC&5nX^j3?L;!lw1wj&ukye&_R?mKsr9m@>lOP$zyJIf4!L2R0&v@A z8DfWTyBqQG;&ak>8NCkLpbFoMcD=txDqMUfpl124CqYW?jkugi)JqG&6I9b5tItA< zi!qxdkHb88^{`ATBS#mSMAyv zC9Yu@+FPbT`t4fLpM$U?iH>8Q&B3a~pp@KDXYgBZ*sw1g`;+J4Swue&67>!)dKF0a zq(@N0P*v3zGp}afZ*8NJu-WZo001g<^ZU+AZjEv2^U8#o|E}u*tR1?%AlsN5{%Xl%s3;|yS&)2jI{`uaD95aCg_avE8!2SoiFDP5N&4d>2lnXFa@?;ej3Q&!sEnlCpw*fx^ z;`^a8mnn`snwMAb7Oq*MjQ^-h&i2wwzk7HEZn2Q_xOXOk8_KlI=Ybdc+MqSaHXDYm zE!?%>zAjFSF&F1~+o=<3yTD!$^bKm+tT)*X?A^d9_yR0q-nburgGP5DPbm%oUiv!Z z6t~YKQ`6!07U?W1sbg-J0T5LOE*`en<1f28nu?LCc7~90>m#QJ>w^=CPLRH`D^LGq zu;&z58?Pe|jN*_4Zua?5T`IIy)tzVu+qbWauo+aPP9?{S?z|QtlgW!q2lrAp2tYO= z%BPx-d!IWP@BlQHDcd{P*rX8U#gcVMvWoqWXPw{8EIu89Uw&6G%! zlI$cJ31gQcWX6zb)betF~ee z`+0zT{aROv6$UnsZL^kQAraJU`rbwg3MFh9pKMoA6W@cFD#WTPoVTM8xJ{%ygt27( z#dD>n!nvl3piF=NWbc5Z((0^8LD5I^ez|&K80M_A@-|v6R4pr@!jZ2e?d~L6O#C^V zxKZ2^{}56ksZF~tS)76Vc-HKFu&ukh$AHlWWTB&TVtl-KNdB20hxW15keciL_dALy zgx3~1=;^76;^#Jc;gk18i(b7tiMXpS8Up&&L8vR|#g&J*53)}in&E|8J_vl=CUn%g zy+D(hJ>%5lqvTMH;gz17Mo0P8AOf&I)Wxa`GP8PTK-ph~QG?wgaopMolV=$2k>r&= z<5$qo#I}vRCsLoVWV-dKF(xLfAfdv$yhsdlNYobBr0YVPpE(Lx1{#}Ub=S;b+JQL) zrnWx!Gwx_;lGGb&dI+Fen$)BqwblcMXw3BF*y&=ERLs}_MM0R(!rA1Sb|UR`c{j$< zA)g^XO zb52Ii6m)yUEUnd^i`VYE#ZJd?A0OGua>!gH5|3?^Op9?l_B3Kld@_lAby3cP)mV;w zKRU^Z&d2h@krh=&2zOo>^%=G&iVS?O@9AVZt7fJ!o;*Zd2_`eTT2ZUD#|2|EH2vM8v+Z*LXYbUC6$=rFBNq9H_B>X!Q<4PqxMdQ{M(Q^X;q1rTa1!=`Z}KSeATEh)b!DZ7n!T@3Z{3WqI>*17MI6zm>)!Je(7U%Z zFWV7|Th-5WA^7R~bDYkt8Jbfah<sxRsADJ3fv~S^4Q@McVdNrGMm4cTZHY|*p8fjV{3w5z#TumD< z={s^384 zrS$Y`sf)EQe2c>Fw+t50Kuccuj5@013I}@gzE zJbZdrPiM&D8QWJ><@xD&!R6<5$&>9PNhh7bh~#UK^K!O-Y=(e>kBz8V| zL@qkydEeW53T(LEL__1SAe)#4OSd7(a(F~s{8$rX%QGHLLz_yUK-&gJug|<{^cIdT z`K6PA=Rvn38f?`cLe!)xxH}pSzJ!=D zmPK}Y?&!8>yclL_IpdyHi^P?ndBjd#rCoEs>sI1w=8=bX$?1K*JjeB7lr0j`E)x1# zRaGD?V=Q?AYFVzIpwFJx!{H(W0k|gGwe%fMUIBlRjC#RDr{t92~!l&Fgv^UsePOF)^G-6??i07 z&}pJnCO=jYSIVBSQx5dguJZL61@fIDicaS5Hv>gCmTA1wNG@(j18W@lYk1k5)cGA7qBSR43aRr;}8s&*Dz zc^lRy$jSWe-lk_#(nO4gnXguSjd~UG6rZEutOo7Kqxc&Fy8Xwfug(?bE}?gG6F%GR zwofGk7O_FGaCz44E4VR78xQShA?VSuv5Dk0^Lk!0@0ty$wLkiH;>zr+M=OHL?2kbs z3qnQX8>jMQz3lNWM1H!{Zd;rpYIsU7kFQ~qB`#^~trbdH-)>&=%KX{Ou2np)y`nFO z`5!juCdv50Sn{v~RsqRr+P0Kq4)c&X+KHZ(Ls+nQoW5 zdclHt2F3Tm`K~XNj)8+)eIXaA|AqT@(lutF#nLU&@ztt5KUpNeJ>6ZeJtGn63+iA zMPn|%WwP^b>zf))1tYHRcauL+>UZVcrQODef{cuUM)7HZ-YRQ^q;>0?~6bVd$wcj`*n10z8jd= z6(QFOdJ(ge(4wENTIi+>@3wfo>{HTkbaW@9HlCoucD!+0J0|2e9wfxhdqGlAm+n>R z7KIU};X+dsd*;^Q?s8=jf;>CCX@1#l@wLZ!Yq@?4{en{bP*bqL^5W>IdVfIDX!nLj z{IENTzcTEj?XBw7-IbKxbW&j7=KJC8%0UYZX2;VC6Dyd{`*KHZw{iEYR8VtF-@0;# z-AJOsj_0FTMs4zXy(L>Lmuda$>|Znc2!ty|;9 z?r!13H)`a^CXW|IB~2F-oq^TVPO;rs)YGR$7iafta{>koX)0wZx!iBxrJ<;5c;mI_ zrL+C_i)LnCE=xsrUIanZ0=f09n|UR^VyJM#utTvRW(TB`JjFhbOL~ysT6*i;;A{wmv*bn2sD=DFm))Y_2DX_ja1566LEURq-W?kP~ToNsG^8+4*r3?h&DSqZ?L6{#r%{>12s}_Z6^Ze6ti=MY< zoH!e#{Rt0xq!g>ykm8E{#>=NZz&`9fc2qk-phETl^pZc4*i<`bXM+FIaQ>7UiiMRm zS0|52J4>Aj4C!S9k8x8|i~SU?&Saq7x&@T3C)ye+8?8c0YncfTV>gJF6)>7v zMP1BH!lar&AouH?4sc1}rK>GD)()>4prKXq{DXnkp=PjmO$G+5d zNXbDj({~3DTQ{^I;bR*eHO&h4OlM963o+r@uZeg9M=@~NA;u{a$@`NI-QIJ#lCyvl zR|J?HI8h>#jqc0>n=EZ6**+ao`0dnS z5aCtM0V+;23qk#~bofN_`}*@bog>H555wCD%6jYO5?m^Hr^v4wzVx#p9yZM~|>stZ+6ySHIo7?II6SK5TRTFIg#!;YBPblbmn$6ZdLl2Eg zy$Sl-meQm|C>e9z+EBp8YHM_n`szX~n3tc_Zj8)+M!ej)(fxL2;Lw|d)5DcFtkpn^ zj-lbJL-F+Rzl}!0i_HLigz{LmMLJDivk zMi~)MppD9FvDH3TUBUAp$M#mB3948Hb}eUyC6R2!75S}4)W6}y#o4U9yiaPR0YZ6B zJkJ+ncPrHk}e*N5P(ewQPFlD+Pn}z}k9hYRUnF z!7Oz2s7^~mgid0w$9aBnTx)CeH~fXu#NTmj=F5pnz zWndqgl6(L(*^0JBaJ%GR@q~n{CNaB0jdu-iUCY0qW~xt&;0yP%c|)3> zb%B$Re>v?LQ&;h_kmPgPDO1zaX3^o?kDz<~$rQ2B&n#nOV@%1E!}-VSw!%*g$M-Ls z_Wju<^!=aG)O!vA9P$5%huQzGUtA3!gwFTxTVMcRZqo%Y$&4tgq11_Kv67M!Lja7C zn4AEKhLZ~$9i&!ZS4F8B{(K3&{Uip)|1NMZ90dHv(Oa4|-=__cqQab3^l(K@cG4sz zRdWs*=EtviG6)DuE>sXt_KlK zfTmXzIo@bwW%VMy>n$J@q@-jQ0z?kzP8t+t+wUOxE0GRWxM0dv~x3KWMmutRlKgWvvR@{~Q3F7iV^G%vo&QJe%5-7mQOL)EA%xVSB8n)3D zq37h#<+8n3=}3EpZ0&$0uqm*+f5Cmq0uVDn??u?M5Nvq8oQAv%6#Y_$-vIw{#QRdm z{NgiC*zIVL>EJm|p$lF@qtRJem#oj~cTtLiN$~)iwatX+vk-#?GN2Oi!ZS&i&@mMA zOR(%O=9g|FS;R4lC1l3q2?3s?b z7-D8M+v>~GsLbyDknWR5EKVx9@fB9fX%KkHI(@O=2> zA=PJMicUj6hc|d<4zxm~atR2yVzI&7PC$3UK+bBufkJD!$u=&ly97*3a3T_Oc#c`i z?ZZ*%EG4Oy391n2vS-lz-A~68E#NH1+i=Tf8FJJ^@v-o#J z$EVMqzuAia-gi{02ZZIu7Db5Jt(Md0vAw03k?;a{~gYF!>Y1+HBcO zq5l4SofVx0f(`9^LX;?`<)#@#`IVZ9gZHeY;B=RK5l^OKAU&rXOq! z5on$O)|A{bVo3(f5ihaFww=fL20&-LESQQag8u3bNV|cTvMyqxyK~#xh6DDLIjB!J zp5m8V(4~V|W@d;Dzkj4A#Ih&i^_UxLmdVdE1@H6$(zRS^ve;@`f`3BH8lkGSt7|6x z=2b5*Uq(sL0LS0n%F@8(LrqmOot=Qip6G~EwZYJtb6D*X>P)w~FBR-kj9K;d!8Dah zt#Ex=?1;Un-cXs_^p4fmTP+uL6l^HRDI&C*txp$hm~Mr0voaVYVx~@7gLI~ijZK-z zxpp@?-k?24By{W|(r!S{sUKZfY+(1Iq&KL!SzyiJ{?7BQ8Qn^j7G>f#r5P0tgZ<_7 ziUiDpot75cNHcfIz%=vwZZk#U+40S!c$DOJNo51*)R^Cxp|e&Zk##zf`5Og4tjU>N zb=tIBNQ-?naB{d} zwlXKDl>&G|uPm>w7YupqVoZwJr+G~_2*VRfs7(X!GB})+i#~f4JS2g81=M=vb zZbK0T+U)#j*#CZEOc!TO5C8dT5Qca)A{@qQ6`h!Kac7 z4;}|X=|G=7v7JzPsBXfS=j;Cvn*O+rfBwvr{rKm9(UbQ3hyN9B;IDe~|M(df&G`mV z9Av?)`ts$=f#wqZwb>NprrVGE^yAN?oqvCDMO}eabJq6+ZhG!T_n~Qb4-e4PM9Jqg zHZ}skYSV2BW883O&pZ(Q>UWpss6IXs?-d373nu}PmJ<2a31Qt91M5MUW4lTk($A>BOEHKqB%LQ+igQ$eKf4FWUvPboHRy2)xO%;I#V_*jE+-gEe9!|MOGe-3QnuC42$Y zfKWz`f=-4fuld^_xV+Yx(-sq zi;Ii1z#P8&3YcoPs1nNnPDE-dK^^>z1gkgRESHC2a&)*ia`w zTm+YF3C@+8p03JxI58gT#XKvw^u+f7L|)&(fb3+DlAB8jEFapBf==YmImp;f95v_W z3v>()x9L0_*_iJ=tf=|KL@AsSy_mOM=qZaOE?_%M`cu$PB&1Hq0M50MX1lN1@bIeC z?H<}f-lQx^-#!cs$Y$klr1pdNbggPIkqj+LQyP#Ytx zu!wD-c2TP*Iz*veBs9fozIs!p^SY%}6RJ7*g=@_s-YL|Ov`6zOG+tXVr)DO{x zWUZDbUlMO|t7A zGS5u!DL1jNI6ug`0>HAPNw6ETiVjnj1anNo+F7>e$$|c-QJ*% z3sdOVKlkYIHJy*@@JAzkw18uh3Y+ccqQbLZw*3(PP48UqeeL9{hbj{>sZgx5OT}zI zCUhiY{!u8dvfcW7ZMTrA)VO}}RfAQP9nhY@O*QMR>( z@k3KHGuGr~(6PJ*wl^=8VSju2uYA&r*&wRRllPpygKGrE!H}Wu-#6{^er+LK{)@T%d{kWXEc{m(lfF zI&N<61z^Pa_**o9fsBg!5H(Z3fMoaI4oC|e(4S&Z-tG0y?(NpoCBEL7GCsCi#WKTT z-^tLbG@dzMUNmWEWoC9h1N8TqLy03-gc*>FfF?1Ql^WhRLA1|w4h6*{IUF15R~t zHQni@1SdKsBM9#%u1Iui-FV0J@o0GVO1&p=G}s)k(lg2)cKkJ}sfvvMUQ*3?+s<@~ zP$u*WWGY7O$I{>V*?mzPkI59Tqj;N;zfRi!pimj_h6y|@Qo}u53a4hpCo=|IP6rc-NqtK zifV)(6kZjofTd8af4nI9GAJAgboWLp%gaRt1(aftMBM(*?!Tl(;2Tx!kKX&hXvmL5 zMhX3+sr~!MpV0ry<-Pv5X8Qg^R=LNp_+Bk$wbuf`yF;2m0`~H5kq#JJ#S?!UTiJWY z7U-!UFKe!a@2-baK6Jy*E-OaVMhDcr_Jq4W)97k|s5CwEODX()c>KU39sDt-zW?dN z{O_UhJF5&X$$yb={{3P`{I^1Aq^LR(Oa%Xkh`Za`jMEt^b-pmiUBw5a3Yai17Uz85*RH{TnW zmXuWULl|+th8o@=ge7iMRE#&$~JZWPBKvER9XMywQ z>s$5K&GQOvPi%<)G$O^HJknr>#{sz^3Gq#}k-eRKsS1PqC|#m?M|! z|Kyvc&u_ZAd6(ob68q{ni{0ftmq@eMC0iXIv)Ee=W5Fe5Wv!O@bLS0HRs%+o2J@^3 z7pVCqNlA@vrR=0;L(Nh{V~Nfd7AcJlO(4oljR!@Ibs^mBC;(8=vxtucS{l2#6*HoH z#D~3iAZz7l10!$H`vnq(3bPq%=m_7w)>RM++#Xb%6#Z)8wxM6h*_WLs-#=?(yG)im z5<58*cPa{~8kX?pCBPU2P4Rt@po>bCT**DJZ(_@eQ+$70=5H%U3=Ga=rxPs;qmLM= zhT)r=3kTD)*&I4MMZNlPbZ%}f#%qg>9-a<~<>iB-qM{q)NtDQl5;RY{!X8-K+J;2k zO%}pd)AuR*hJcJ{rFYVjH3p=(T}>V*rKj^6za*#-=kKnM_Z3b>2L%PUlZzfKB+ds< zt=x?M^H#$>?^DZMJUom0fR5wWEBOfsCW~H}L8oVDiwOij9*tCee@QSv0hj;H9bU|v z1Cn`JVKUl?3_uq%(0w~Ze(kpG8w5wPd?;Ks)jSa2O{GKis<1 z5`cn1FA#+B*G?q5!orxeOPHE?4f8%AQuOp{3JzlhMZ8nl6@DE9Ao^H?nB~je0Pc{@ z!w2>)F3}~Dbv6TVMD?jNw?`n9&~+cqAr63U6a27Dir3KCjyVT*2;FsNhRVZj5vPW| z+>`#1N!{qmIfcJHEGqIy_Bi`&O+hY`GP8Iu*lR}hGM(P@8&zmVPo+k4nSpr!&)s(1 z4in@EXh_+pzj_-gp+|f6gdOvZcbRcUwMI=>~^ArD-b7-Xa_8`H+RiWwaXZAgfW@@Gow%6fV{wc5->OW=Pf@q#Y_%O&n!;fs6QsP=dh!1)Pczf zK#q8U=L#*uaWgZ2R<>jzklVxbNV9_gle2qhXb$A+$?7L+u#7M*byJys>nm)*eU_=i z<2+s2;oWWSSi9W{#mcZ#fP`~`7i^;kV(d~tE;v74Y8Di5L!-jta7;wEd@_&NJ$|?# zpw;)a+T6i(UO*~N?%|dBO#h9{*BzHB=C!Tb-QGV62q;mcxr!;T&Gs5Q#pTMF!^sf< z*3>Dv+*%`W9$8<$F%gsX=1py^gj?H+((V=+(2lM@=UX9h{jmrVq6%b#Q}!=z8XBI= zoE`w?R)up8&U^^W^5d=eof>b4wZS!eO<8?Dpiwbw!OQ$ zC&S-!oxWgR7h(xat}drBeHySNXM3%r?-;@qNR=yHsG=l(rR@tgamIzfv8~>K>S#YD z+bQ7P^84(F!id`1U|l## z)lGrZ)s63+h8uoQ!^kX?(JrB5EIhLNs3k@CYMl@5*?v%}y#v&67I9fQ)v33@=)Qcj zZy#!z#_V^<3X00TA*2XIk-nN*IAaX#m_X1ZRZ$%C;_t0*^bqG5N|GzbPPe=t0=HD5_y{jx0)z!VxB^A|wFZ}uEm-;_eqSZjNs0~_jq@=WT^l~#C z46aky1sJ7!0aTJV_YP^ii?ef4MMVY0>dg}yw7Tj_L0M+KeM_X_S#B)@3`q$t)4d^- zX|gjGlvi$0a*`zgY;WY|<|ctuFbe|GzVDf~eL`^czm-Dk(q(Hug|Z^M23-5mbI%Qu zjo${T4sRUQH8lK6nfxZ{)uX=vVZ=&{D8~mdC5;0$prMUT`qorZ__mY5>O@Svk%2+F zcNRJ?QzJh(hktrz=3YEz^_IJ2X42|%E~u7+iES(jJIis4wa)@n@I7|PYuSCAUt{`S zA?=Op%-ewQ!+1!dviv!llxL5iZZu~vqT~lm3ONT< zO&PkU+1phgVE?FCuNAD*+>h(Kn*s7_gW+DwX92$bZjUPv10n_}1z~p&_d(+GvvZ@V zg1`n4Z04IJbBjN&sSZha4Um^p0?5MoX*|aXJ_}onk|LG}@5S@pUmwy#AdqR7yYfr$ zkccFrnq)?-N=Mxl;)eLngkyL2+Aa6*Nh*9`XZoq@YpRVDX(TT{?@~KdAJ`49$v~0j zI1jLUA6VO+$xf6SoCScpqJdk*S(*8rKxl}%$0(7*F&K^s^)Qmdl*bpKDNUaHIjiKA z_NYOkhbVZrtov;6Q^2Z>my-4ko20k2v%9AT+zEilZ1nPe5fl7=2yb05ZYx5FHepp8 z^ZwL~J=b|;w)6=wZ|t;Siz4Px9|J3=k&8LxiqfrN;C+vnDh3TPw(!<<`p`7g*4mu-WYo&ciwXp%28@EKc--cp9 zcb>@Yt77QI#fgphBnEG;RHlzjvdhI)6FMD**Rz39C6MS0ukxMFI|5bNdv4@6VxAa_Nc2?Jgo1j{1G*qUQPp=_; zw%tn!WO92L=kW!y4OV-8LvqOrR-|1<@oYi=0Dv8q+t%tww|)jQNXeqX_Z`%ra34Q1+k9?Kd?{5UWc%Gq5FvS~lJVkA{4GtTatzqn&0|L?e zlxW6F63g-~|L9HcOosL$FY!K3B-=Y?yGkiq4G|{)sjpu{nq}4!+^jFUv#y`Uy>&h3 zmIY`C|8%KP02>47emGSYKwJO1gH_9yjD4XqUw(%$R8$=QX-#yD9UmXRFz{0+Px Date: Wed, 1 Jun 2022 21:49:51 -0700 Subject: [PATCH 235/540] Fixed link, provided more clarity. --- .../windows-autopatch/overview/windows-autopatch-faq.md | 2 +- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md index d2c0bbd292..f42d4e4606 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md @@ -31,7 +31,7 @@ msreviewer: hathind | ----- | ----- | | What are the prerequisites for Windows Autopatch? |
    • [Supported Windows 10/11 Enterprise edition versions](/windows/release-health/supported-versions-windows-client)
    • [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
    • [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
    • [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
    • [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements)
    • [Configuration Manager version 2010 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010)
    • [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune)
    | | What are the licensing requirements for Windows Autopatch? |
    • Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
    • [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for Co-management)
    • [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
    | -| Are there hardware requirements for Windows Autopatch? | No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/windows-11-specifications?r=1). Windows devices must be supported by your hardware OEM. | +| Are there hardware requirements for Windows Autopatch? | No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/whats-new/windows-11-requirements). Windows devices must be supported by your hardware OEM. | ## Device registration diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 9f65feb92f..56770f8dd7 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -45,7 +45,7 @@ Your "Windows 10 update ring" policy in Intune must not target any Windows Autop | Result | Meaning | | ----- | ----- | | Not ready | You have an "update ring" policy that targets all devices, all users, or both. Change the policy to use an assignment that targets a specific Azure Active Directory (AD) group that doesn't include any Windows Autopatch devices.

    After enrolling into Autopatch, make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.

    For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

    | -| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch.

    This advisory appears after enrolling into Autopatch. Check the following:

    1. Make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
    2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also exclude the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).
    For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure). | +| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch. This advisory is flagging an action you should take after enrolling into the service:
    1. Make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
    2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also exclude the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

    For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure). | ## Azure Active Directory settings @@ -53,7 +53,7 @@ You can access Azure Active Directory (AD) settings in the [Azure portal](https: ### Conditional access policies -Conditional access policies must not prevent Windows Autopatch from connecting to your Intune tenant. +Conditional access policies must not prevent Windows Autopatch from connecting to your tenant. | Result | Meaning | | ----- | ----- | From 97dc2630456a2fdaad9e6af68f44db0017b20129 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 11:31:41 +0530 Subject: [PATCH 236/540] Update policy-csp-admx-securitycenter.md --- .../mdm/policy-csp-admx-securitycenter.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 5be970f2f5..db28229ae8 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Securitycenter -description: Policy CSP - ADMX_Securitycenter +description: Learn about Policy CSP - ADMX_Securitycenter. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -61,7 +61,9 @@ manager: dansimp -This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed. +This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. + +The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed. Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect. @@ -90,3 +92,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 6773c6e0c5916ae845446f717816c68eb1db0274 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 11:52:16 +0530 Subject: [PATCH 237/540] Update policy-csp-admx-servicing.md --- windows/client-management/mdm/policy-csp-admx-servicing.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index f891376217..e4d18d9a66 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Servicing -description: Policy CSP - ADMX_Servicing +description: Learn about Policy CSP - ADMX_Servicing. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -82,3 +82,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 2c3285ae290fa62c56b0f0c69921f60fe8d5bc56 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:06:36 +0530 Subject: [PATCH 238/540] Update policy-csp-credentialproviders.md --- .../mdm/policy-csp-credentialproviders.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 38912ec7cb..beeffe2585 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -130,7 +130,8 @@ If you enable this policy setting, a domain user can't set up or sign in with a If you disable or don't configure this policy setting, a domain user can set up and use a picture password. -Note that the user's domain password will be cached in the system vault when using this feature. +> [!NOTE] +> The user's domain password will be cached in the system vault when using this feature. @@ -183,8 +184,8 @@ The Autopilot Reset feature allows admin to reset devices to a known good manage The following list shows the supported values: -- 0 - Enable the visibility of the credentials for Autopilot Reset -- 1 - Disable visibility of the credentials for Autopilot Reset +0 - Enable the visibility of the credentials for Autopilot Reset +1 - Disable visibility of the credentials for Autopilot Reset @@ -194,3 +195,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From b9648cb587ee32c5e1a2ecab302ce85521c68c9d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:10:26 +0530 Subject: [PATCH 239/540] Update policy-csp-credentialsdelegation.md --- .../mdm/policy-csp-credentialsdelegation.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index b5f3ef4c00..e459f00b15 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -64,7 +64,7 @@ manager: dansimp -Remote host allows delegation of non-exportable credentials +Remote host allows delegation of non-exportable credentials. When credential delegation is being used, devices provide an exportable version of credentials to the remote host. This version exposes users to the risk of credential theft from attackers on the remote host. @@ -90,3 +90,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From c00b8b021d9e787273113324b82e428a5d11a1ab Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:12:40 +0530 Subject: [PATCH 240/540] Update policy-csp-credentialsui.md --- windows/client-management/mdm/policy-csp-credentialsui.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 41635f9f61..d126286e24 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, the password reveal butto By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button. -The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. +This policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. @@ -144,3 +144,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From 30cf0394e4346553e4247197f93e94057914255b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:14:49 +0530 Subject: [PATCH 241/540] Update policy-csp-cryptography.md --- .../client-management/mdm/policy-csp-cryptography.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 4834a084b7..31ebde8cc2 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -61,7 +61,7 @@ manager: dansimp -Allows or disallows the Federal Information Processing Standard (FIPS) policy. +This policy setting allows or disallows the Federal Information Processing Standard (FIPS) policy. @@ -73,8 +73,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed. -- 1– Allowed. +0 (default) – Not allowed. +1– Allowed. @@ -114,7 +114,7 @@ The following list shows the supported values: -Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. +This policy setting lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. @@ -136,3 +136,6 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From ba6ba1964e292892ff3d6bfa4a950a3ae38998da Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:16:51 +0530 Subject: [PATCH 242/540] Update policy-csp-dataprotection.md --- .../client-management/mdm/policy-csp-dataprotection.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 205711af03..43dc6aeab0 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -61,7 +61,9 @@ manager: dansimp -This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled. +This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. + +Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled. Most restricted value is 0. @@ -120,4 +122,8 @@ Setting used by Windows 8.1 Selective Wipe. - \ No newline at end of file + + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From 7903bb2526c3308f35a73ecca9ef14f385207712 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:24:22 +0530 Subject: [PATCH 243/540] Review for improper acronyms-02 --- .../mdm/enterprisedataprotection-csp.md | 29 +++++++------- ...rver-side-mobile-application-management.md | 12 +++--- .../mdm/policy-csp-mixedreality.md | 2 +- .../client-management/mdm/reporting-csp.md | 2 +- windows/client-management/mdm/vpnv2-csp.md | 6 +-- .../mdm/win32compatibilityappraiser-csp.md | 2 +- windows/client-management/quick-assist.md | 2 +- .../cortana-at-work/cortana-at-work-o365.md | 2 +- ...v-application-template-schema-reference.md | 8 ++-- .../update-compliance-configuration-manual.md | 2 +- .../update-compliance-configuration-script.md | 2 +- ...ata-windows-analytics-events-and-fields.md | 4 +- ...ponents-to-microsoft-services-using-MDM.md | 2 +- .../hello-adequate-domain-controllers.md | 2 +- .../hello-key-trust-policy-settings.md | 2 +- .../collect-wip-audit-event-logs.md | 4 +- .../create-wip-policy-using-configmgr.md | 6 +-- .../enlightened-microsoft-apps-and-wip.md | 8 ++-- .../limitations-with-wip.md | 34 ++++++++-------- .../mandatory-settings-for-wip.md | 2 +- .../protect-enterprise-data-using-wip.md | 40 +++++++++---------- ...recommended-network-definitions-for-wip.md | 2 +- .../wip-app-enterprise-context.md | 4 +- .../ltsc/whats-new-windows-10-2019.md | 2 +- .../ltsc/whats-new-windows-10-2021.md | 2 +- .../whats-new-windows-10-version-1803.md | 2 +- .../whats-new-windows-10-version-2004.md | 2 +- 27 files changed, 93 insertions(+), 94 deletions(-) diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index a83cfc02b3..f90932bfee 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -26,12 +26,12 @@ The table below shows the applicability of Windows: The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). -> [!Note] -> To make WIP functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md). +> [!NOTE] +> To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md). -While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md). +While Windows Information Protection has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md). -To learn more about WIP, see the following articles: +To learn more about Windows Information Protection, see the following articles: - [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) - [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip) @@ -62,8 +62,8 @@ The root node for the Windows Information Protection (WIP) configuration setting     **Settings/EDPEnforcementLevel** Set the WIP enforcement level. -> [!Note] -> Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running. +> [!NOTE] +> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running. The following list shows the supported values: @@ -75,14 +75,13 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. **Settings/EnterpriseProtectedDomainNames** -A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running. +A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running. Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client. -> [!Note] +> [!NOTE] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client. - Here are the steps to create canonical domain names: 1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com. @@ -241,7 +240,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate. Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate. **Settings/RevokeOnUnenroll** -This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1. +This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1. The following list shows the supported values: @@ -251,7 +250,7 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. **Settings/RevokeOnMDMHandoff** -Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service. +Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service. - 0 - Don't revoke keys. - 1 (default) - Revoke keys. @@ -264,7 +263,7 @@ TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS t Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID). **Settings/AllowAzureRMSForEDP** -Specifies whether to allow Azure RMS encryption for WIP. +Specifies whether to allow Azure RMS encryption for Windows Information Protection. - 0 (default) – Don't use RMS. - 1 – Use RMS. @@ -277,7 +276,7 @@ When this policy isn't specified, the existing auto-encryption behavior is appli Supported operations are Add, Get, Replace and Delete. Value type is string. **Settings/EDPShowIcons** -Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app. +Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app. The following list shows the supported values: - 0 (default) - No WIP overlays on icons or tiles. @@ -286,7 +285,7 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. **Status** -A read-only bit mask that indicates the current state of WIP on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured. +A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured. Suggested values: @@ -298,7 +297,7 @@ Bit 0 indicates whether WIP is on or off. Bit 1 indicates whether AppLocker WIP policies are set. -Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero). +Bit 3 indicates whether the mandatory Windows Information Protection policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero). Here's the list of mandatory WIP policies: diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index 35bed03a19..e17aa75f60 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -80,17 +80,17 @@ Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback: -- [AppLocker CSP](applocker-csp.md) for configuration of WIP enterprise allowed apps. +- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps. - [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs. - [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). - [DevInfo CSP](devinfo-csp.md). - [DMAcc CSP](dmacc-csp.md). - [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL. -- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has WIP policies. +- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies. - [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). - [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management. - [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas. -- [Reporting CSP](reporting-csp.md) for retrieving WIP logs. +- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs. - [RootCaTrustedCertificates CSP](rootcacertificates-csp.md). - [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. - [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. @@ -116,13 +116,13 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM. > [!NOTE] -> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade. +> When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade. To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment. -In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when WIP policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that: +In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that: -- Both MAM and MDM policies for the organization support WIP. +- Both MAM and MDM policies for the organization support Windows Information Protection. - EDP CSP Enterprise ID is the same for both MAM and MDM. - EDP CSP RevokeOnMDMHandoff is set to false. diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 02d6f53ac3..420f8eb0b1 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi > [!NOTE] > > - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. -> - Auto-logon is only supported for MSA and AAD users. +> - Auto-logon is only supported for Microsoft account and AAD users.
    diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index fd6c701600..6bff41e4a3 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -87,7 +87,7 @@ Specifies the ending time for retrieving logs. - Supported operations are Get and Replace. **Type** -Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs. +Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the Windows Information Protection learning logs. - Value type is integer. - Supported operations are Get and Replace. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 94974cf502..71bbcabf31 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -29,7 +29,7 @@ The VPNv2 configuration service provider allows the mobile device management (MD Here are the requirements for this CSP: - VPN configuration commands must be wrapped in an Atomic block in SyncML. -- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. +- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure Windows Information Protection policies. - Instead of changing individual properties, follow these steps to make any changes: - Send a Delete command for the ProfileName to delete the entire profile. @@ -540,9 +540,9 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/EdpModeId** -Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. +Enterprise ID, which is required for connecting this VPN profile with a Windows Information Protection policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. -Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect. +Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the Windows Information Protection policies and App lists automatically takes effect. Value type is chr. Supported operations include Get, Add, Replace, and Delete. diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index b3a8915e7f..4e21027bdd 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -160,7 +160,7 @@ Value type is bool. Supported operation is Get. **UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled** -A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs. +A boolean value representing whether the Microsoft account service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs. Value type is bool. diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 9591465cfc..a6e0f74e6b 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -25,7 +25,7 @@ All that's required to use Quick Assist is suitable network and internet connect ### Authentication -The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported. +The helper can authenticate when they sign in by using a Microsoft account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported. ### Network considerations diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index d949c55ed5..1951492cf3 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -29,7 +29,7 @@ There are a few things to be aware of before you start using Cortana in Windows - **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy). -- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution. +- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use Windows Information Protection, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution. - **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](/office365/troubleshoot/miscellaneous/issues-in-cortana). diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 50a4533c63..a6130cd7ac 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -433,8 +433,8 @@ Application is a container for settings that apply to a particular application. |LocalizedNames|An optional name displayed in the UI, localized by a language locale.| |LocalizedDescriptions|An optional template description localized by a language locale.| |Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| -|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| -|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If Microsoft account syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to Microsoft account, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| |FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| |Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).| |Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".| @@ -452,8 +452,8 @@ Common is similar to an Application element, but it is always associated with tw |LocalizedNames|An optional name displayed in the UI, localized by a language locale.| |LocalizedDescriptions|An optional template description localized by a language locale.| |Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| -|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| -|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If Microsoft account syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to Microsoft account, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| |FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| |Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).| diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index fa4f61b0d2..2da9bebda3 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -78,7 +78,7 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic | `http://adl.windows.com` | Required for Windows Update functionality. | | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. | | `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. | -| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). | +| `https://login.live.com` | This endpoint facilitates Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). | ## Required services diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index f62bf4a4da..e00cfd8c93 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -81,7 +81,7 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 51 | Unexpected exception when attempting to run Census.exe| | 52 | Could not find Census.exe| | 53 | There are conflicting CommercialID values.| -| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.| +| 54 | Microsoft account (MSA) Sign In Assistant Service disabled.| | 55 | Failed to create new registry path for SetDeviceNameOptIn| | 56 | Failed to create property for SetDeviceNameOptIn at registry path| | 57 | Failed to update value for SetDeviceNameOptIn| diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index c867fe681a..f24f134bea 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -355,14 +355,14 @@ The following fields are available: Initialization of Explorer is complete. ## Microsoft-Windows-Security-EFS-EDPAudit-ApplicationLearning.EdpAuditLogApplicationLearning -For a device subject to Windows Information Protection policy, learning events are generated when an app encounters a policy boundary (for example, trying to open a work document from a personal app). These events help the WIP administrator tune policy rules and prevent unnecessary user disruption. +For a device subject to Windows Information Protection policy, learning events are generated when an app encounters a policy boundary (for example, trying to open a work document from a personal app). These events help the Windows Information Protection administrator tune policy rules and prevent unnecessary user disruption. The following fields are available: - **actiontype:** Indicates what type of resource access the app was attempting (for example, opening a local document vs. a network resource) when it encountered a policy boundary. Useful for Windows Information Protection administrators to tune policy rules. - **appIdType:** Based on the type of application, this field indicates what type of app rule a Windows Information Protection administrator would need to create for this app. - **appname:** App that triggered the event -- **status:** Indicates whether errors occurred during WIP learning events +- **status:** Indicates whether errors occurred during Windows Information Protection learning events ## Win32kTraceLogging.AppInteractivitySummary Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Desktop Analytics) to understand and improve application reliability on managed devices. diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index f12658e2d0..b4ba7be281 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -84,7 +84,7 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [ 1. MDM Policy: [Notifications/DisallowTileNotification](/windows/client-management/mdm/policy-csp-notifications). This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Integer value 1** 1. **Mail synchronization** - 1. MDM Policy: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection). Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. **Set to 0 (zero)** + 1. MDM Policy: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection). Specifies whether the user is allowed to use an Microsoft account for non-email related connection authentication and services. **Set to 0 (zero)** 1. **Microsoft Account** 1. MDM Policy: [Accounts/AllowMicrosoftAccountSignInAssistant](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant). Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index fae8060193..cbaecf9da3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -48,7 +48,7 @@ The Windows Server 2016 or later domain controller is handling 100 percent of al ![dc-chart3.](images/plan/dc-chart3.png) -Upgrading another domain controller to Windows Server 2016 or later distributes the public key trust authentication across two domain controllers - each supporting 50 percent of the load. But it doesn't change the distribution of password and certificate trust authentication. Both Windows Server 2019 domain controllers still share 10 percent of this load. Now look at the scenario when half of the domain controllers are upgraded to Windows Server 2016 or later, but the number of WHFB clients remains the same. +Upgrading another domain controller to Windows Server 2016 or later distributes the public key trust authentication across two domain controllers - each supporting 50 percent of the load. But it doesn't change the distribution of password and certificate trust authentication. Both Windows Server 2019 domain controllers still share 10 percent of this load. Now look at the scenario when half of the domain controllers are upgraded to Windows Server 2016 or later, but the number of Windows Hello for Business clients remains the same. ![dc-chart4.](images/plan/dc-chart4.png) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 187d42ad0f..b67d63f1b7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -125,7 +125,7 @@ Before you continue with the deployment, validate your deployment progress by re ## Add users to the Windows Hello for Business Users group -Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the WHFB Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the Windows Hello for Business Users group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business. +Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the Windows Hello for Business Users group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business. ## Follow the Windows Hello for Business on premises certificate trust deployment guide diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 1220e20185..f7bfc44de4 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -50,7 +50,7 @@ This table includes all available attributes/elements for the **Log** element. T |Attribute/Element |Value type |Description | |----------|-----------|------------| |ProviderType |String |This is always **EDPAudit**. | -|LogType |String |Includes:
    • **DataCopied.** Work data is copied or shared to a personal location.
    • **ProtectionRemoved.** WIP protection is removed from a Work-defined file.
    • **ApplicationGenerated.** A custom audit log provided by an app.
    | +|LogType |String |Includes:
    • **DataCopied.** Work data is copied or shared to a personal location.
    • **ProtectionRemoved.** Windows Information Protection is removed from a Work-defined file.
    • **ApplicationGenerated.** A custom audit log provided by an app.
    | |TimeStamp |Int |Uses the [FILETIME structure](/windows/win32/api/minwinbase/ns-minwinbase-filetime) to represent the time that the event happened. | |Policy |String |How the work data was shared to the personal location:
    • **CopyPaste.** Work data was pasted into a personal location or app.
    • **ProtectionRemoved.** Work data was changed to be unprotected.
    • **DragDrop.** Work data was dropped into a personal location or app.
    • **Share.** Work data was shared with a personal location or app.
    • **NULL.** Any other way work data could be made personal beyond the options above. For example, when a work file is opened using a personal application (also known as, temporary access).
    | |Justification |String |Not implemented. This will always be either blank or NULL.

    **Note**
    Reserved for future use to collect the user justification for changing from **Work** to **Personal**. | @@ -160,7 +160,7 @@ Here are a few examples of responses from the Reporting CSP. ## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only) -Use Windows Event Forwarding to collect and aggregate your WIP audit events. You can view your audit events in the Event Viewer. +Use Windows Event Forwarding to collect and aggregate your Windows Information Protection audit events. You can view your audit events in the Event Viewer. **To view the WIP events in the Event Viewer** diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 8a0ecac521..fdbf865d8a 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -65,12 +65,12 @@ The **Configure Windows Information Protection settings** page appears, where yo ## Add app rules to your policy -During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. +During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through Windows Information Protection. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file. >[!IMPORTANT] ->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.

    Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App rules** list. If you don't get this statement, it's possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation. +>Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.

    Care must be taken to get a support statement from the software provider that their app is safe with Windows Information Protection before adding it to your **App rules** list. If you don't get this statement, it's possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation. ### Add a store app rule to your policy For this example, we're going to add Microsoft OneNote, a store app, to the **App Rules** list. @@ -278,7 +278,7 @@ For this example, we're going to add an AppLocker XML file to the **App Rules** The file is imported and the apps are added to your **App Rules** list. ### Exempt apps from WIP restrictions -If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. +If you're running into compatibility issues where your app is incompatible with Windows Information Protection (WIP), but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. **To exempt a store app, a desktop app, or an AppLocker policy file app rule** diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index a1dba47f5e..21a45af6ca 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -37,7 +37,7 @@ Apps can be enlightened or unenlightened: - Windows **Save As** experiences only allow you to save your files as enterprise. -- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode. +- **Windows Information Protection-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode. ## List of enlightened Microsoft apps Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following: @@ -75,10 +75,10 @@ Microsoft has made a concerted effort to enlighten several of our more popular a - Microsoft To Do > [!NOTE] -> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning. +> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from Windows Information Protection policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning. ## List of WIP-work only apps from Microsoft -Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions. +Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with Windows Information Protection and MAM solutions. - Skype for Business @@ -102,7 +102,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li | PowerPoint Mobile | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** Microsoft.Office.PowerPoint
    **App Type:** Universal app | | OneNote | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** Microsoft.Office.OneNote
    **App Type:** Universal app | | Outlook Mail and Calendar | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** microsoft.windowscommunicationsapps
    **App Type:** Universal app | -| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for WIP.
    We don't recommend setting up Office by using individual paths or publisher rules. | +| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for Windows Information Protection.
    We don't recommend setting up Office by using individual paths or publisher rules. | | Microsoft Photos | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** Microsoft.Windows.Photos
    **App Type:** Universal app | | Groove Music | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** Microsoft.ZuneMusic
    **App Type:** Universal app | | Microsoft Movies & TV | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
    **Product Name:** Microsoft.ZuneVideo
    **App Type:** Universal app | diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 5462ca7f17..18726f1c02 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -22,7 +22,7 @@ ms.localizationpriority: medium **Applies to:** - Windows 10, version 1607 and later -This following list provides info about the most common problems you might encounter while running WIP in your organization. +This following list provides info about the most common problems you might encounter while running Windows Information Protection in your organization. - **Limitation**: Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration. - **How it appears**: @@ -33,12 +33,12 @@ This following list provides info about the most common problems you might encou We strongly recommend educating employees about how to limit or eliminate the need for this decryption. -- **Limitation**: Direct Access is incompatible with WIP. - - **How it appears**: Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource. +- **Limitation**: Direct Access is incompatible with Windows Information Protection. + - **How it appears**: Direct Access might experience problems with how Windows Information Protection enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource. - **Workaround**: We recommend that you use VPN for client access to your intranet resources. > [!NOTE] - > VPN is optional and isn’t required by WIP. + > VPN is optional and isn’t required by Windows Information Protection. - **Limitation**: **NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings. - **How it appears**: The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured. @@ -48,7 +48,7 @@ This following list provides info about the most common problems you might encou - **How it appears**: If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft. - **Workaround**: We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app. -- **Limitation**: WIP is designed for use by a single user per device. +- **Limitation**: Windows Information Protection is designed for use by a single user per device. - **How it appears**: A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. - **Workaround**: We recommend only having one user per managed device. @@ -67,14 +67,14 @@ This following list provides info about the most common problems you might encou - **Limitation**: Changing your primary Corporate Identity isn’t supported. - **How it appears**: You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access. - - **Workaround**: Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying. + - **Workaround**: Turn off Windows Information Protection for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying. -- **Limitation**: Redirected folders with Client-Side Caching are not compatible with WIP. +- **Limitation**: Redirected folders with Client-Side Caching are not compatible with Windows Information Protection. - **How it appears**: Apps might encounter access errors while attempting to read a cached, offline file. - **Workaround**: Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business. > [!NOTE] - > For more info about Work Folders and Offline Files, see the [Work Folders and Offline Files support for Windows Information Protection blog](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip). + > For more info about Work Folders and Offline Files, see the [Work Folders and Offline Files support for Windows Information Protection blog](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and Windows Information Protection, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip). - **Limitation**: An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device. - **How it appears**: @@ -83,23 +83,23 @@ This following list provides info about the most common problems you might encou - Local **Work** data copied to the WIP-managed device remains **Work** data. - **Work** data that is copied between two apps in the same session remains ** data. - - **Workaround**: Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default. + - **Workaround**: Disable RDP to prevent access because there is no way to restrict access to only devices managed by Windows Information Protection. RDP is disabled by default. - **Limitation**: You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer. - **How it appears**: A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**. - **Workaround**: Open File Explorer and change the file ownership to **Personal** before you upload. - **Limitation**: ActiveX controls should be used with caution. - - **How it appears**: Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP. + - **How it appears**: Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using Windows Information Protection. - **Workaround**: We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology. For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking). -- **Limitation**: Resilient File System (ReFS) isn't currently supported with WIP. - - **How it appears**:Trying to save or transfer WIP files to ReFS will fail. +- **Limitation**: Resilient File System (ReFS) isn't currently supported with Windows Information Protection. + - **How it appears**:Trying to save or transfer Windows Information Protection files to ReFS will fail. - **Workaround**: Format drive for NTFS, or use a different drive. -- **Limitation**: WIP isn’t turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**: +- **Limitation**: Windows Information Protection isn’t turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**: - AppDataRoaming - Desktop - StartMenu @@ -116,10 +116,10 @@ This following list provides info about the most common problems you might encou
    - - **How it appears**: WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager. + - **How it appears**: Windows Information Protection isn’t turned on for employees in your organization. Error code 0x807c0008 will result if Windows Information Protection is deployed by using Microsoft Endpoint Configuration Manager. - **Workaround**: Don’t set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders. You can configure this parameter, as described [Disable Offline Files on individual redirected folders](/windows-server/storage/folder-redirection/disable-offline-files-on-folders). - If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. + If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports Windows Information Protection, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after Windows Information Protection is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip). @@ -134,7 +134,7 @@ This following list provides info about the most common problems you might encou - **How it appears**: Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. - **Workaround**: If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it. -- **Limitation**: OneNote notebooks on OneDrive for Business must be properly configured to work with WIP. +- **Limitation**: OneNote notebooks on OneDrive for Business must be properly configured to work with Windows Information Protection. - **How it appears**: OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it. - **Workaround**: OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps: @@ -150,6 +150,6 @@ This following list provides info about the most common problems you might encou > [!NOTE] > -> - When corporate data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. +> - When corporate data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. > > - Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index daf5a9fac0..6c2ccfde53 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -27,7 +27,7 @@ This list provides all of the tasks and settings that are required for the opera |Task|Description| |----|-----------| |Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. | -|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| +|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.

    Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.| |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.| diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index aabc6b7080..89d703af97 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -31,14 +31,14 @@ With the increase of employee-owned devices in the enterprise, there’s also an Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. >[!IMPORTANT] ->While WIP can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more details about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic. +>While Windows Information Protection can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more details about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic. ## Video: Protect enterprise data from being accidentally copied to the wrong place > [!Video https://www.microsoft.com/videoplayer/embed/RE2IGhh] ## Prerequisites -You’ll need this software to run WIP in your enterprise: +You’ll need this software to run Windows Information Protection in your enterprise: |Operating system | Management solution | |-----------------|---------------------| @@ -70,7 +70,7 @@ After the type of protection is set, the creating app encrypts the document so t Finally, there’s the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would simply erase all of the corporate data from the device, along with any other personal data on the device. ## Benefits of WIP -WIP provides: +Windows Information Protection provides: - Obvious separation between personal and corporate data, without requiring employees to switch environments or apps. - Additional data protection for existing line-of-business apps without a need to update the apps. @@ -79,12 +79,12 @@ WIP provides: - Use of audit reports for tracking issues and remedial actions. -- Integration with your existing management system (Microsoft Intune, Microsoft Endpoint Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company. +- Integration with your existing management system (Microsoft Intune, Microsoft Endpoint Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage Windows Information Protection for your company. ## Why use WIP? -WIP is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). +Windows Information Protection is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). -- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. WIP helps protect enterprise on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data. +- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. Windows Information Protection helps protect enterprise on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data. - **Manage your enterprise documents, apps, and encryption modes.** @@ -99,21 +99,21 @@ WIP is the mobile application management (MAM) mechanism on Windows 10. WIP give - **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Hiding overrides stops the action immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md). - - **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media. + - **Data encryption at rest.** Windows Information Protection helps protect enterprise data on local files and on removable media. - Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document. + Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies Windows Information Protection to the new document. - - **Helping prevent accidental data disclosure to public spaces.** WIP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your protected apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally. + - **Helping prevent accidental data disclosure to public spaces.** Windows Information Protection helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your protected apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally. - - **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. + - **Helping prevent accidental data disclosure to removable media.** Windows Information Protection helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. -- **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable. +- **Remove access to enterprise data from enterprise-protected devices.** Windows Information Protection gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable. >[!NOTE] >For management of Surface devices it is recommended that you use the Current Branch of Microsoft Endpoint Configuration Manager.
    Microsoft Endpoint Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. ## How WIP works -WIP helps address your everyday challenges in the enterprise. Including: +Windows Information Protection helps address your everyday challenges in the enterprise. Including: - Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down. @@ -124,7 +124,7 @@ WIP helps address your everyday challenges in the enterprise. Including: - Helping control the network and data access and data sharing for apps that aren’t enterprise aware ### Enterprise scenarios -WIP currently addresses these enterprise scenarios: +Windows Information Protection currently addresses these enterprise scenarios: - You can encrypt enterprise data on employee-owned and corporate-owned devices. - You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data. @@ -134,21 +134,21 @@ WIP currently addresses these enterprise scenarios: - Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required. ### WIP-protection modes -Enterprise data is automatically encrypted after it’s loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. +Enterprise data is automatically encrypted after it’s loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. -Your WIP policy includes a list of trusted apps that are protected to access and process corporate data. This list of apps is implemented through the [AppLocker](/windows/device-security/applocker/applocker-overview) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don’t have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it’s personally owned. +Your Windows Information Protection policy includes a list of trusted apps that are protected to access and process corporate data. This list of apps is implemented through the [AppLocker](/windows/device-security/applocker/applocker-overview) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don’t have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it’s personally owned. >[!NOTE] >For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md). -You can set your WIP policy to use 1 of 4 protection and management modes: +You can set your Windows Information Protection policy to use 1 of 4 protection and management modes: |Mode|Description| |----|-----------| -|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.| -|Allow overrides |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.| -|Silent |WIP runs silently, logging inappropriate data sharing, without stopping anything that would’ve been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.| -|Off |WIP is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on. | +|Block |Windows Information Protection looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.| +|Allow overrides |Windows Information Protection looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.| +|Silent |Windows Information Protection runs silently, logging inappropriate data sharing, without stopping anything that would’ve been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.| +|Off |Windows Information Protection is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn Windows Information Protection back on. | ## Turn off WIP You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn’t recommended. If you choose to turn WIP off, you can always turn it back on, but your decryption and policy info won’t be automatically reapplied. diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index d5400291be..c55f4fe75b 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -25,7 +25,7 @@ ms.reviewer: >Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). -We recommend that you add the following URLs to the Enterprise Cloud Resources and Neutral Resources network settings when you create a WIP policy. If you are using Intune, the SharePoint entries may be added automatically. +We recommend that you add the following URLs to the Enterprise Cloud Resources and Neutral Resources network settings when you create a Windows Information Protection policy. If you are using Intune, the SharePoint entries may be added automatically. ## Recommended Enterprise Cloud Resources diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index cd707f5044..84dae48f11 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -29,7 +29,7 @@ Use Task Manager to check the context of your apps while running in Windows Info ## Viewing the Enterprise Context column in Task Manager You need to add the Enterprise Context column to the **Details** tab of the Task Manager. -1. Make sure that you have an active WIP policy deployed and turned on in your organization. +1. Make sure that you have an active Windows Information Protection policy deployed and turned on in your organization. 2. Open the Task Manager (taskmgr.exe), click the **Details** tab, right-click in the column heading area, and click **Select columns**. @@ -50,7 +50,7 @@ The **Enterprise Context** column shows you what each app can do with your enter - **Personal.** Shows the text, *Personal*. This app is considered non-work-related and can't touch any work data or resources. -- **Exempt.** Shows the text, *Exempt*. WIP policies don't apply to these apps (such as, system components). +- **Exempt.** Shows the text, *Exempt*. Windows Information Protection policies don't apply to these apps (such as, system components). > [!Important] > Enlightened apps can change between Work and Personal, depending on the data being touched. For example, Microsoft Word 2016 shows as **Personal** when an employee opens a personal letter, but changes to **Work** when that same employee opens the company financials. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 40a615660a..38d40913e0 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -210,7 +210,7 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti - Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their device Bluetooth is off. -- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. +- You can set up Windows Hello from lock screen for Microsoft accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. - New [public API](/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index 1e10461eea..57612f7c84 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -142,7 +142,7 @@ Windows Hello enhancements include: - Windows Hello is now supported as Fast Identity Online 2 (FIDO2) authenticator across all major browsers including Chrome and Firefox. - You can now enable passwordless sign-in for Microsoft accounts on your Windows 10 device by going to **Settings > Accounts > Sign-in options**, and selecting **On** under **Make your device passwordless**. Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN. - Windows Hello PIN sign-in support is [added to Safe mode](/windows-insider/archive/new-in-20H1#windows-hello-pin-in-safe-mode-build-18995). -- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (MSA). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894). +- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (Microsoft account). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894). - With specialized hardware and software components available on devices shipping with Windows 10, version 20H2 configured out of factory, Windows Hello now offers added support for virtualization-based security with supporting fingerprint and face sensors. This feature isolates and secures a user's biometric authentication data. - Windows Hello multi-camera support is added, allowing users to choose an external camera priority when both external and internal Windows Hello-capable cameras are present. - [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD. diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index f2f4dc5964..b66fc79bad 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -147,7 +147,7 @@ The OS uninstall period is a length of time that users are given when they can o - Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). - Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. - Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their phone or device Bluetooth is off. -- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. +- You can set up Windows Hello from lock screen for Microsoft accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. - New [public API](/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. - It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: phone Bluetooth is off). diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 726580724f..821c87969b 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -35,7 +35,7 @@ To download and install Windows 10, version 2004, use Windows Update (**Settings - Windows Hello PIN sign-in support is [added to Safe mode](/windows-insider/archive/new-in-20H1#windows-hello-pin-in-safe-mode-build-18995). -- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (MSA). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894). +- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (Microsoft account). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894). ### Windows Defender System Guard From 28127cd691a966e53a97c1df3d42026f5805e193 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 13:14:25 +0530 Subject: [PATCH 244/540] Update policy-csp-datausage.md --- windows/client-management/mdm/policy-csp-datausage.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 530bed96c5..5e271eabfc 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -84,9 +84,7 @@ This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine: - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - - Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. @@ -109,3 +107,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From c89925a8ca7a92619a29e1601874dea5f8a9d0e6 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 13:22:15 +0530 Subject: [PATCH 245/540] Update policy-csp-defender.md --- .../mdm/policy-csp-defender.md | 42 ++++--------------- 1 file changed, 7 insertions(+), 35 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index cab1c1ee93..934f417af1 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -290,7 +290,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. @@ -345,7 +344,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows scanning of email. @@ -399,7 +397,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows a full scan of mapped network drives. @@ -453,7 +450,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. @@ -506,7 +502,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows Windows Defender IOAVP Protection functionality. @@ -561,7 +556,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows Windows Defender On Access Protection functionality. @@ -618,7 +612,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows Windows Defender real-time Monitoring functionality. @@ -672,7 +665,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows a scanning of network files. @@ -726,7 +718,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows Windows Defender Script Scanning functionality. @@ -772,7 +763,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. @@ -826,8 +816,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - -This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. +This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". Value type is string. @@ -876,7 +865,6 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - This policy setting enables setting the state (Block/Audit/Off) for each attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). @@ -927,11 +915,9 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Represents the average CPU load factor for the Windows Defender scan (in percent). - The default value is 50. @@ -1049,7 +1035,6 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. @@ -1260,11 +1245,9 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Time period (in days) that quarantine items will be stored on the system. - The default value is 0, which keeps items in quarantine, and doesn't automatically remove them. @@ -1621,7 +1604,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". @@ -1670,7 +1652,6 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". @@ -1718,13 +1699,11 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows an administrator to specify a list of files opened by processes to ignore during a scan. > [!IMPORTANT] > The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path. - Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". @@ -1831,7 +1810,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Controls which sets of files should be monitored. > [!NOTE] @@ -1890,7 +1868,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Selects whether to perform a quick scan or full scan. @@ -1944,7 +1921,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Selects the time of day that the Windows Defender quick scan should run. @@ -2006,7 +1982,6 @@ Valid values: 0–1380 > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Selects the day that the Windows Defender scan should run. > [!NOTE] @@ -2071,14 +2046,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Selects the time of day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. - - For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120. @@ -2131,7 +2103,7 @@ Valid values: 0–1380. This policy setting allows you to define the security intelligence location for VDI-configured computers. -​If you disable or don't configure this setting, security intelligence will be referred from the default local source. +If you disable or don't configure this setting, security intelligence will be referred from the default local source. @@ -2315,10 +2287,8 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. - A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. The default value is 8. @@ -2374,8 +2344,7 @@ Valid values: 0–24. > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - -Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. +Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. @@ -2430,7 +2399,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. @@ -2468,3 +2436,7 @@ ADMX Info: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) From 1cb2f2acf9feba187a359ca68923d02c9a70a5d3 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 13:25:11 +0530 Subject: [PATCH 246/540] Update policy-csp-deliveryoptimization.md --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 56963703d1..1584cc9211 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -1591,3 +1591,7 @@ This policy allows an IT Admin to define the following details: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) + From 4000c1fba7276c50329c2bbb528012142ec36c30 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 2 Jun 2022 13:48:16 +0530 Subject: [PATCH 247/540] CSP Improvement-09 --- .../mdm/policy-csp-deliveryoptimization.md | 4 +--- .../mdm/policy-csp-desktop.md | 5 ++++- .../mdm/policy-csp-deviceguard.md | 10 +++++++--- .../mdm/policy-csp-devicehealthmonitoring.md | 14 ++++++++++---- .../mdm/policy-csp-deviceinstallation.md | 18 +++++++++++++----- .../mdm/policy-csp-devicelock.md | 13 +++++++------ .../mdm/policy-csp-display.md | 13 +++++++------ .../mdm/policy-csp-dmaguard.md | 13 +++++++------ .../client-management/mdm/policy-csp-eap.md | 8 +++++--- 9 files changed, 61 insertions(+), 37 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 1584cc9211..975baa5384 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -21,8 +21,6 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - -

    @@ -817,7 +815,7 @@ ADMX Info: Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607. -The default value is 259200 seconds (3 days). +The default value is 259200 seconds (three days). diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 947f9373f2..4d3d97a6bd 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -63,7 +63,7 @@ manager: dansimp -Prevents users from changing the path to their profile folders. +This policy setting prevents users from changing the path to their profile folders. By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box. @@ -87,3 +87,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 0629edd5f5..09369cf747 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -127,7 +127,7 @@ ADMX Info: -Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. +Turns on virtualization based security(VBS) at the next reboot. Virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. @@ -228,7 +228,7 @@ The following list shows the supported values: -Specifies the platform security level at the next reboot. Value type is integer. +This setting specifies the platform security level at the next reboot. Value type is integer. @@ -252,4 +252,8 @@ The following list shows the supported values: - \ No newline at end of file + + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 31ab6fa6d5..65ccf2ff72 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -70,8 +70,8 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev The following list shows the supported values: -- 1—The DeviceHealthMonitoring connection is enabled. -- 0 (default)—The DeviceHealthMonitoring connection is disabled. +- 1 -The DeviceHealthMonitoring connection is enabled. +- 0 - (default)—The DeviceHealthMonitoring connection is disabled. @@ -159,9 +159,12 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to -This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. +This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. + The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios. -In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service. +In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. + +Configure this policy manually only when explicitly instructed to do so by a Microsoft device monitoring service. @@ -181,3 +184,6 @@ In most cases, an IT Pro doesn't need to define this policy. Instead, it's expec +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 42835ecf22..ee81f379cf 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -94,10 +94,12 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: -- Prevent installation of devices that match these device IDs -- Prevent installation of devices that match any of these device instance IDs + +- Prevent installation of devices that match these device IDs. +- Prevent installation of devices that match any of these device instance IDs. If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. + > [!NOTE] > The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible. @@ -197,7 +199,8 @@ This policy setting allows you to specify a list of Plug and Play device instanc > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: -- Prevent installation of devices that match any of these device instance IDs + +- Prevent installation of devices that match any of these device instance IDs. If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. @@ -210,7 +213,6 @@ If you enable this policy setting on a remote desktop server, the policy setting If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. - Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. @@ -408,6 +410,7 @@ This policy setting will change the evaluation order in which Allow and Prevent Device instance IDs > Device IDs > Device setup class > Removable devices **Device instance IDs** + - Prevent installation of devices using drivers that match these device instance IDs. - Allow installation of devices using drivers that match these device instance IDs. @@ -463,13 +466,13 @@ ADMX Info: To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log: - ```txt >>> [Device Installation Restrictions Policy Check] >>> Section start 2018/11/15 12:26:41.659 <<< Section end 2018/11/15 12:26:41.751 <<< [Exit status: SUCCESS] ``` + You can also change the evaluation order of device installation policy settings by using a custom profile in Intune. :::image type="content" source="images/edit-row.png" alt-text="This image is an edit row image."::: @@ -819,6 +822,7 @@ For example, this custom profile prevents installation of devices with matching ![Custom profile.](images/custom-profile-prevent-device-instance-ids.png) To prevent installation of devices with matching device instance IDs by using custom profile in Intune: + 1. Locate the device instance ID. 2. Replace `&` in the device instance IDs with `&`. For example: @@ -938,3 +942,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 9a2ac9d034..39fa89a03f 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - DeviceLock - -
    @@ -73,7 +71,7 @@ manager: dansimp
    > [!Important] -> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For additional information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types). +> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For more information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types). **DeviceLock/AllowIdleReturnWithoutPassword** @@ -156,7 +154,6 @@ Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For th > [!NOTE] > This policy must be wrapped in an Atomic command. - For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). @@ -824,7 +821,7 @@ GP Info: -Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. +Disables the lock screen camera toggle-switch in PC Settings and prevents a camera from being invoked on the lock screen. By default, users can enable invocation of an available camera on the lock screen. @@ -878,7 +875,7 @@ ADMX Info: -Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. +Disables the lock screen slideshow settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. @@ -907,3 +904,7 @@ ADMX Info: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 918e69d004..25318d988f 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Display - -
    @@ -230,7 +228,7 @@ If you enable this policy setting, GDI DPI Scaling is turned off for all applica If you disable or don't configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. -If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off. @@ -289,7 +287,7 @@ If you enable this policy setting, GDI DPI Scaling is turned on for all legacy a If you disable or don't configure this policy setting, GDI DPI Scaling won't be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off. @@ -304,8 +302,8 @@ ADMX Info: To validate on Desktop, do the following tasks: -1. Configure the setting for an app, which uses GDI. -2. Run the app and observe crisp text. +1. Configure the setting for an app, which uses GDI. +2. Run the app and observe crisp text. @@ -315,3 +313,6 @@ To validate on Desktop, do the following tasks: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index a92e445ad0..648380d02b 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - DmaGuard -
    @@ -57,20 +56,20 @@ manager: dansimp -This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers)/device memory isolation and sandboxing. +This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices that are incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers), device memory isolation and sandboxing. -Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. +Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. > [!NOTE] > This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices. -Supported values: +The following are the supported values: 0 - Block all (Most restrictive): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will never be allowed to start and perform DMA at any time. -1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen +1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen. 2 - Allow all (Least restrictive): All external DMA capable PCIe devices will be enumerated at any time @@ -95,6 +94,8 @@ ADMX Info:
    + +## Related topics - \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md index 445cc1cca1..94c84c45ca 100644 --- a/windows/client-management/mdm/policy-csp-eap.md +++ b/windows/client-management/mdm/policy-csp-eap.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - EAP -
    @@ -57,7 +56,7 @@ manager: dansimp -This policy setting is added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication. +Added in Windows 10, version 21H1. This policy setting allows or disallows use of TLS 1.3 during EAP client authentication. @@ -70,8 +69,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Use of TLS version 1.3 is not allowed for authentication. +- 0 – Use of TLS version 1.3 is not allowed for authentication. - 1 (default) – Use of TLS version 1.3 is allowed for authentication. @@ -82,3 +81,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From e361a2936aeca906a1f396b23de64cb96958c46c Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Thu, 2 Jun 2022 19:25:25 +0530 Subject: [PATCH 248/540] Improved consistency in articles --- .../mdm/policy-csp-internetexplorer.md | 400 +++++++++--------- 1 file changed, 205 insertions(+), 195 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 6486569b11..3d81f7dea8 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -4194,7 +4194,8 @@ If you disable this policy or do not configure it, users can add Web sites to or This policy prevents users from changing site management settings for security zones established by the administrator. -Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. +> [!NOTE] +> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. @@ -4247,7 +4248,8 @@ If you disable this policy or do not configure it, users can change the settings This policy prevents users from changing security zone settings established by the administrator. -Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. +> [!NOTE] +> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. @@ -4347,9 +4349,9 @@ This policy setting allows you to manage a list of domains on which Internet Exp If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: -1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" -2. "hostname". For example, if you want to include http://example, use "example" -3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm" +1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com". +2. "hostname". For example, if you want to include http://example, use "example". +3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm". If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. @@ -4407,8 +4409,8 @@ This policy setting lets admins enable extended Microsoft Edge Internet Explorer The following list shows the supported values: -- 0 (default) - Disabled. -- 1 - Enabled. +- 0 (default) - Disabled +- 1 - Enabled @@ -4450,11 +4452,11 @@ ADMX Info: -This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone. +This policy setting controls, whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone. If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone. -If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone). +If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered in the Intranet Zone (so would typically be in the Internet Zone). If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. @@ -4500,7 +4502,7 @@ ADMX Info: -This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. +This policy setting controls, whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting, all network paths are mapped into the Intranet Zone. @@ -4550,7 +4552,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -4600,7 +4602,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -4650,7 +4652,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -4698,11 +4700,11 @@ ADMX Info: -This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. +This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script can perform a clipboard operation. -If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations. +If you select Prompt in the drop-down box, users are queried, whether to perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. @@ -4750,7 +4752,7 @@ ADMX Info: -This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. +This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone. If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone. @@ -4800,7 +4802,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -4850,11 +4852,11 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. @@ -4950,9 +4952,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -5000,7 +5002,7 @@ ADMX Info: -This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. +This policy setting controls, whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites. @@ -5048,7 +5050,7 @@ ADMX Info: -This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. +This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone. @@ -5146,7 +5148,7 @@ ADMX Info: -This policy setting determines whether a page can control embedded WebBrowser controls via script. +This policy setting determines, whether a page can control embedded WebBrowser controls via script. If you enable this policy setting, script access to the WebBrowser control is allowed. @@ -5196,7 +5198,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -5246,7 +5248,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -5254,7 +5256,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -5298,7 +5301,7 @@ ADMX Info: -This policy setting allows you to manage whether script is allowed to update the status bar within the zone. +This policy setting allows you to manage, whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar. @@ -5346,7 +5349,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -5396,7 +5399,7 @@ ADMX Info: -This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. +This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer. If you selected Enable in the drop-down box, VBScript can run without user intervention. @@ -5450,11 +5453,11 @@ ADMX Info: This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. -If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. +If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. @@ -5498,13 +5501,13 @@ ADMX Info: -This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. +This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed controls cannot be downloaded. -If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. +If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. @@ -5548,7 +5551,7 @@ ADMX Info: -This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. +This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. @@ -5646,15 +5649,15 @@ ADMX Info: -This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. +This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting. @@ -5698,15 +5701,15 @@ ADMX Info: -This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. +This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. @@ -5800,7 +5803,7 @@ ADMX Info: -This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. +This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities, by reducing the locations that Internet Explorer can write to in the registry and the file system. If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode. @@ -5850,7 +5853,7 @@ ADMX Info: -This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. +This policy setting controls whether or not local path information is sent, when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. @@ -5981,7 +5984,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -6031,9 +6034,9 @@ ADMX Info: -This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. +This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. -If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. +If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone, without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. @@ -6085,11 +6088,11 @@ This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. -Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol. +Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol. Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. -Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. +Automatic logon, only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password. @@ -6139,13 +6142,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -6189,9 +6192,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. +If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components. If you disable this policy setting, Internet Explorer will not execute signed managed components. @@ -6239,7 +6242,7 @@ ADMX Info: -This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). +This policy setting controls, whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. @@ -6289,7 +6292,7 @@ ADMX Info: -This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. +This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened, when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. @@ -6339,13 +6342,13 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -6389,7 +6392,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -6439,7 +6442,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -6487,7 +6490,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -6537,11 +6540,11 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. @@ -6587,9 +6590,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag, and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -6637,7 +6640,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -6687,7 +6690,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -6695,7 +6698,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -6739,7 +6743,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -6789,13 +6793,13 @@ ADMX Info: -This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. +This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. -If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. +If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. @@ -6897,7 +6901,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -6947,13 +6951,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -7000,7 +7004,7 @@ ADMX Info: This policy setting prevents intranet sites from being opened in any browser except Internet Explorer. > [!NOTE] -> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdg](#internetexplorer-policies)e policy is not enabled, then this policy has no effect. +> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge](#internetexplorer-policies) policy is not enabled, then this policy has no effect. If you enable this policy, all intranet sites are opened in Internet Explorer 11. The only exceptions are sites listed in your Enterprise Mode Site List. If you disable or do not configure this policy, all intranet sites are automatically opened in Microsoft Edge. @@ -7073,7 +7077,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -7123,7 +7127,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -7173,7 +7177,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -7221,7 +7225,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -7271,13 +7275,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control. @@ -7321,9 +7325,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -7371,7 +7375,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -7421,7 +7425,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -7429,7 +7433,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -7473,7 +7478,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -7523,13 +7528,13 @@ ADMX Info: -This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. +This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. -If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. +If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. @@ -7631,7 +7636,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -7681,13 +7686,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -7731,7 +7736,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -7781,7 +7786,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -7831,7 +7836,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -7879,7 +7884,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -7929,13 +7934,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control. @@ -7979,9 +7984,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether, .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -8029,7 +8034,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -8079,7 +8084,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -8087,7 +8092,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -8131,7 +8137,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -8239,7 +8245,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -8289,13 +8295,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -8345,7 +8351,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -8395,13 +8401,13 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. -If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8445,7 +8451,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -8495,7 +8501,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -8543,7 +8549,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -8593,13 +8599,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. @@ -8643,9 +8649,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -8693,7 +8699,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -8743,7 +8749,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -8751,7 +8757,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -8795,7 +8802,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -8897,13 +8904,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -8947,7 +8954,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8997,7 +9004,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -9047,7 +9054,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -9095,7 +9102,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9145,13 +9152,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. @@ -9195,9 +9202,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -9245,7 +9252,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9295,7 +9302,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -9303,7 +9310,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -9347,7 +9355,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -9455,7 +9463,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -9505,13 +9513,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -9555,7 +9563,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -9605,7 +9613,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -9655,7 +9663,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -9703,7 +9711,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9753,13 +9761,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. @@ -9803,9 +9811,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -9853,7 +9861,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9903,7 +9911,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -9911,7 +9919,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -9955,7 +9964,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10005,7 +10014,7 @@ ADMX Info: -This policy setting allows you to manage ActiveX controls not marked as safe. +This policy setting allows you to manage, ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -10063,7 +10072,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -10113,9 +10122,9 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. +If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains. @@ -10163,7 +10172,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -10213,7 +10222,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -10263,7 +10272,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -10311,7 +10320,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -10365,9 +10374,9 @@ This policy setting allows you to manage whether Web sites from less privileged If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. @@ -10411,9 +10420,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -10461,7 +10470,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -10511,7 +10520,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls whether, Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -10519,7 +10528,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -10563,7 +10573,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10671,7 +10681,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -10721,13 +10731,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -10821,7 +10831,7 @@ ADMX Info: -This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. +This policy setting determines, whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. @@ -10871,7 +10881,7 @@ ADMX Info: -This policy setting allows you to specify what is displayed when the user opens a new tab. +This policy setting allows you to specify, what is displayed when the user opens a new tab. If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed. @@ -10933,7 +10943,7 @@ Supported values: -This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes. +This policy setting allows you to manage, whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes. @@ -11079,7 +11089,7 @@ ADMX Info: -Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. +Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation, if there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. @@ -11131,9 +11141,9 @@ ADMX Info: This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer. -If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. +If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control. -If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. +If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. From c2b432c3546ec3ed6e3b19cc4571132468bea3b9 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Thu, 2 Jun 2022 19:42:42 +0530 Subject: [PATCH 249/540] improved consistency in articles --- .../mdm/policy-csp-internetexplorer.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 3d81f7dea8..90b966d970 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -11289,7 +11289,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -11339,7 +11339,7 @@ ADMX Info: -This policy setting allows you to manage whether script code on pages in the zone is run. +This policy setting allows you to manage, whether script code on pages in the zone is run. If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run. @@ -11389,7 +11389,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -11439,7 +11439,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -11537,7 +11537,7 @@ ADMX Info: -This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. +This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script can perform a clipboard operation. @@ -11589,7 +11589,7 @@ ADMX Info: -This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. +This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone. If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone. @@ -11639,7 +11639,7 @@ ADMX Info: -This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered. +This policy setting allows you to manage, whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered. If you enable this policy setting, files can be downloaded from the zone. @@ -11689,7 +11689,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -11739,13 +11739,13 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. -If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. @@ -11839,7 +11839,7 @@ ADMX Info: -This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page. +This policy setting allows you to manage, whether a user's browser can be redirected to another Web page, if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page. If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. @@ -11889,9 +11889,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -11941,7 +11941,7 @@ ADMX Info: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. -If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites. +If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control, to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone. @@ -11987,7 +11987,7 @@ ADMX Info: -This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. +This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone. From 3b0cfd0adb5aa87780fdf2eff07e78da1153990b Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 2 Jun 2022 09:27:55 -0700 Subject: [PATCH 250/540] Changed FAQ format, updated FAQ cross-references, word clarity, updated hardware link. --- windows/deployment/windows-autopatch/TOC.yml | 2 +- .../windows-autopatch-register-devices.md | 21 ++-- .../deployment/windows-autopatch/index.yml | 2 +- .../windows-autopatch-support-request.md | 2 +- .../overview/windows-autopatch-faq.md | 65 ----------- .../overview/windows-autopatch-faq.yml | 106 ++++++++++++++++++ 6 files changed, 120 insertions(+), 78 deletions(-) delete mode 100644 windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md create mode 100644 windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index 871a52e791..97e466d258 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -7,7 +7,7 @@ - name: What is Windows Autopatch? href: overview/windows-autopatch-overview.md - name: FAQ - href: overview/windows-autopatch-faq.md + href: overview/windows-autopatch-faq.yml - name: Prepare href: prepare/index.md items: diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 31f250df19..bc01a30400 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -36,9 +36,10 @@ You must choose what devices to manage with Windows Autopatch by either adding t Windows Autopatch also supports the following Azure AD nested group scenarios: -- Azure AD groups synced up from: - - On-premises Active Directory groups (Windows server type). - - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync). +Azure AD groups synced up from: + +- On-premises Active Directory groups (Windows server type). +- [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync). > [!IMPORTANT] > The **Windows Autopatch Device Registration** Azure AD group only supports one level of Azure AD nested groups. @@ -52,17 +53,17 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - Windows 10/11 64-bit Enterprise edition 1809+. - Either hybrid or Azure AD joined (personal devices aren't supported). -- Managed by Microsoft Endpoint Manager - - Microsoft Endpoint Manager-Intune or Microsoft Endpoint Manager-Configuration Manager Co-management. - - Microsoft Endpoint Manager-Configuration Manager Co-management workloads swung over to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune). - - Windows Updates policies - - Device configuration - - Office Click-to-run +- Managed by Microsoft Endpoint Manager. + - Microsoft Endpoint Manager-Intune or Microsoft Endpoint Manager-Configuration Manager Co-management. + - Microsoft Endpoint Manager-Configuration Manager Co-management workloads swung over to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune). + - Windows updates policies + - Device configuration + - Office Click-to-run - Last Intune device check-in completed within the last 28 days. For more details on each prerequisite check, see the [Prerequisites](../prepare/windows-autopatch-prerequisites.md) article. -## About Devices Ready and Not ready tabs +## About the Ready and Not ready tabs Windows Autopatch introduces a new user interface to help IT admins manage devices and troubleshoot device readiness statuses seamlessly with actionable in-UI device readiness reports for unregistered devices or unhealthy devices. diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml index 888ce01b0c..b99aeb0317 100644 --- a/windows/deployment/windows-autopatch/index.yml +++ b/windows/deployment/windows-autopatch/index.yml @@ -27,7 +27,7 @@ landingContent: - text: What is Windows Autopatch? url: ./overview/windows-autopatch-overview.md - text: Windows Autopatch FAQ - url: ./overview/windows-autopatch-faq.md + url: ./overview/windows-autopatch-faq.yml # Card (optional) - title: Articles and blog posts diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md index f6e0614363..06eeae4e4d 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md @@ -64,7 +64,7 @@ Once a support request is mitigated, it can no longer be edited. If a request ha ## Microsoft FastTrack -[Microsoft FastTrack](https://www.microsoft.com/en-us/fasttrack) offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. FastTrack Specialists can help customers work through the Windows Autopatch technical prerequisites described in the [FAQ](../overview/windows-autopatch-faq.md). For more information, visit the [FastTrack website](https://www.microsoft.com/en-ca/fasttrack?rtc=1). +[Microsoft FastTrack](https://www.microsoft.com/en-us/fasttrack) offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. FastTrack Specialists can help customers work through the Windows Autopatch technical prerequisites described in the [FAQ](../overview/windows-autopatch-faq.yml). For more information, visit the [FastTrack website](https://www.microsoft.com/en-ca/fasttrack?rtc=1). Customers who need help with Microsoft 365 workloads can sign in to https://fasttrack.microsoft.com/ with a valid Azure ID and submit a Request for Assistance. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md deleted file mode 100644 index f42d4e4606..0000000000 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: FAQ -description: This article answers frequently asked questions about Windows Autopatch -ms.date: 05/30/2022 -ms.prod: w11 -ms.technology: windows -ms.topic: troubleshooting -ms.localizationpriority: medium -author: tiaraquan -ms.author: tiaraquan -manager: dougeby -msreviewer: hathind ---- - -# FAQ - -## General - -| Question | Answer | -| ----- | ----- | -| What Windows versions are supported? | Windows Autopatch works with all [supported versions of Windows 10 and Windows 11 Enterprise edition](/windows/release-health/supported-versions-windows-client). | -| What is the difference between Windows Update for Business and Windows Autopatch? | Windows Autopatch is a service that removes the need for organizations to plan and operate the update process.

    Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3. | -| Is Windows 365 for Enterprise supported with Windows Autopatch? | Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.| -| Does Windows Autopatch support Windows Education (A3) or Windows Front Line Worker (F3) licensing? | Autopatch isn't available for 'A' or 'F' series licensing. | -| Will Windows Autopatch support local domain join Windows 10? | Windows Autopatch doesn't support local (on-premise) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid). | -| Will Windows Autopatch be available for state and local government customers? | Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. | - -## Requirements - -| Question | Answer | -| ----- | ----- | -| What are the prerequisites for Windows Autopatch? |

    • [Supported Windows 10/11 Enterprise edition versions](/windows/release-health/supported-versions-windows-client)
    • [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
    • [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
    • [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
    • [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements)
    • [Configuration Manager version 2010 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010)
    • [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune)
    | -| What are the licensing requirements for Windows Autopatch? |
    • Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
    • [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for Co-management)
    • [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
    | -| Are there hardware requirements for Windows Autopatch? | No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/whats-new/windows-11-requirements). Windows devices must be supported by your hardware OEM. | - -## Device registration - -| Question | Answer | -| ----- | ----- | -| Can Autopatch customers individually approve or deny devices? | No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported. | - -## Update management - -| Question | Answer | -| ----- | ----- | -| What systems does Windows Autopatch update? |    B<+hTVT{!lhT5R`w0bWP2QN9iX*kHAeAA__V?GJdfi#t`?SD2Je|zjzq_b-gN*HD2X-&J-_e4r07mZ~v0F)KTjt zA%);SMSKt12l^%^>{QP-$X>k1JuV@VbeOIIF1KK1Fs%y|`l=DPv zD#?Oip{dU{=hs(l?Q}7#A1EVU_Ln+HA$%$RKy8IKefuZi%UCYAeXDaOPm# zjN}LG9v{05CQ7U2n`F&_PpAM)TR=@@Rls_cgVSI4Q zu}7E@BUAURe8h(ho*s_X`F5jJSHwWoBaGSZ@!P^ut38DTaCM998B#CG<1FAnFDm%A zPNm_q=)>FKxOT8K?JP}+ocQ{kcqQOd2r?#TjJn-*majJ=6jT-Vm{(Pu)zj0f9~fW- zy0A3s;`#L?6lGURQGQn68&uYBn|jyD6uibSg&d88gYSLwN9e^_T%~PP)1O4joieF^ zCv)6(JpPI%`{fU3qclFdB&z3XqZ4@!l4dPBPYC~EOxMU(x4Wj=)hF|Am77u#sHkjH zLke(+aea;Rct=D`%fzUMRChrym|rYaok?Yy{P((qcdabg1+S&Ap(`UC%Nbfwrri7S zZXf}{4QuOo(Bgu1Q7o zlmIFcSdem->JN}VV7Bon+QL9QkR%26*Olo|dOZ5wf#$7;vuC583E~!F!{p=m(^;jgPW#Mh<2ZjnlUb|sK_G0lK~%R+JGDgumaO*ZWkpIX`z>Z zvQ~Hzpq<0ztBlm8^HknuWuw8X)MazBdeG7gJ=@q5pxRZmHT@5T7Yxof2?^Mb_Ain> z0ShJ~&UEr0|LE}f0KGv^Rk5G4= zr73GrQ{)O*Pl-3ASd3m9IB&LR4OVgxbVd|5ICa$y6~8FK34ee<{^I#Ni4rs)xZ*b- zX)QJkaILSb-GsX5zR2^{tXMsv_iUMp`ANC9AG5Q0`mucC@7z}KX|_W;O&;ArJO+iG zMc@{IajARkEa~Ky+C_noXV(N0f(vj+NDCO(u;j4(^{1KBC3T(v)2fvABd)?$^6kL> z40g=jL`(XO-LXR-CT%~e_bzZB$s3H(_@h4idf)&ll&fkJ-M04qZ1OBiGk74-Z@LyS zowvdZZukKTj!U1xD{?T^KDRE%<{T@EK0NN~gS7)@1?933qfm%ppvkuE+(X5EIHbL8 zooQ5(D3EFeObDbR7Ui<^=Y~i#=T_)FR0c0SdmHD?&f8EX#82K)m|pIkw5|X5g-Q1M zkK0R4pBWRV7yMayD0h4(vsHl$Dk8?sb5N#kVLZ76g=R{ zhUzjjU)b@fv^1U8`LTm;FrqfJnQ9vzC8iZ}(NMuEJPjbLF?C;W3!e0Ot&!9A7x2?o z$r2uDv0$R=ahdwuH zvf&M!XJC_A-`T%Hv3~UtTI1!E_I*-uh>5Xzb|vU`Dcc3CyhDoYYw(G>tpvfiTHI73 z9uXOhYMFSgWF_9NrqD*QJrKR$dm$+~nU3l}R#)>&HkUI0%@rGC2J5L~|7d!K&h*8v zSJRDTI|y0i%t2ognsLx#g{L*D-AX=ptK(sGGehGMW=WnPIc)hYZ={o@Z@=wD zEImz`{NCF{M|!YG5U)DvENCPBQ-A|utVk0>*j1{HL3%HQ<^N;vz2mWb-}vDR+3Q9m z$;!xVm>F3&MMlZWmh2H3A>%IMR!J#j=MLE;Gb2QctgNgEA-c0E^Eobkzu({Q`TzOz z@%p?zD{j|yp2v6}@8f-(CmP-XEXONb8mqe0j>6vn%%-0?sE~PQ0NCq+Lyq@E@Ve~D z?so>WqbRhfNPzQ{y*67m8(O<3m%X^YcNVlm)-AxQJiirW|tq+IPga@AWvGm}qKc zMbX$8cRZn;*OniMYMK|g-7`edU>TMaIhw$)pJ2$b#Wf`jGP0EX$*X3u<8;!-N z)xVLud;o!(AcA75ioysR#>V*vv=bu!Yszha7AK>YF1osfdWJjoW`2I^a;V|kmB>kX zPEP*K>k+o${fz}s0UPI6-}pfT5jlGP&6o3wWcfBu0$GMnPDfWWnVnmCvMIDP-)b}t zJ$ALw57e~fhls0+$zThoFFW1$oAo~8b|vM!o1Q!aMTI%p2vkpN3OiBh(75ceOZlaV z#j1y)tR~S_fxG}%Ti}aTAUxz68uS6-o~ycM^Jq?aT!Zg%*FuLw*++-6j4^so%L_xv z|M2=Quu1>Yk{bkfprTd->$_gxfWD20n*fJVlW!G$b0g4p&?fAI)_Ua=g9*s2$R=w@ zv}RbFP}j$QMHjL;a4>yRe(trME6=Sd*>g}GLMAIp(Av6FG(Y_N{wMGuVMdze0lo;k%i?4J0aU*lD#^{!*kMS2GH z2LsY*>8n2fAuuh{p)5*Au-OqaWKwzdGD@IrZE_)QwD!^a#Gh+qag=mLz4W6(<9uXu zUSey2qpgx>h!jxi+w+TQ(eP&c`)}s>2T`aw{a-CWUw%k_Mk;APP{=L~+?k|}d9`_W z1~L;{qLXDSmBQihkmnbVyA2mRb5P1Tjlm&o?{=>LzV4bB3<+vZk-GBpG)}JD4_b(R zK-o){7oDP9#D|!+>U;-NLfq0M0YTLGP(!0uF$Uko_`I^xgP!6NoCo1zg%gOQ#1*Iff7QK8KK5$;tox>>RJ**osG7}%I48v2|Dl!R>x z2j)>?=WB`p1B!qynwbv=A(G4#e2=N1|LAV+>ic88^&z8q5b|Q@ZLtfiDg9kFsCw@G z?le!&AD2#U=ksWJtmXLUjL;?tu;@DSWPm(d=v!95K4*+_8l(PpOH0@bIzrH#262PM zM%*m*_Tr~kgsRs4ZTxpRf7!CNnYoDRZjcOcZoJ zRf#i&odA|RS)o@oceDS9??-xSrT*(zK6^vC963bza71rA?YzI-@T7l zhr;D((Y9h@V&fph_{EPx0a{V8q1jw`<~W1j?3lme7fHrdw{8#hOVL9%Dt^$w%)#F! zC4NwXiT>E0;&K=_lmz#QYaKO#skZFU48?z#{CMrH5fdlE6BuZq4ef!x@gX>M5sE&= z@fUm?XLoCgn{L&b6@~^+22Ns?+o2nftMW;?3Ys8yI>DcdtxZjFTs=1n4)Sw2C=}+> zp%S5pfu)kl%Jmj%nx@u4V7uqiPOWKZE8T<&$0;e|R4^ShfjaH5*wuOzn{_|TeCl*x zCLD8oiq>UMkHmE`Ay`zm)hVFf}{}Nwzi0oakvk4uv{Uud?XX6$y5*44X1Lj+yX4;W6Cle4B_?$_7 zv+pjGtlI4Y<-`R*Zb1{VV%Qf`T2C+?sS1?cZ2qgWmu5Ma(?8)BrHLI0Hx1VUN|-Ax zB<$SW9f`I7J zd49EqbR!L^d)ra8MUxR`4tsW!+;g`_Ux`cO;e4&vyMOKY3}^f9_ah)$WHN3 z%H#IoeE9{GD)$p(J2L(lLw^WFqF4%EnE_*u$|RSqMc2qarL28TkQ(1(6`5rF+F-t4 z7QFe+9MGCIAyyH<(Ta+)2ItrY;*Mf8&FkJGkp8gu+uS| zT09e%khqbed@k& zD#^_7elECLiVr&5c~5~blQZa&SFs>AOjEHSNEn4CLPT2#$zy(m>g=e&ndk5G=lx7ODB- zHdwi^7VwZozl3PtXCLVX$H%GNsLY zXLQ`f!AHZGV}?Plr;;MU@+9a{|54R%jfP*5tO^Mq?S#D$A6Ch`mh&Gg^fd3q|C7tt(Cx8bSbbG6lXb~F$FM)Qg%k|yd$&Ct)y(XvW0pmb( z4ftSWM>=$S?OZr!?z=o!%;c`@#;G)RMx$Z(LM#t~xE*OVT*(Bl`r{@DwHQC4G`ye~ zv<7ckj~)5C#2gJ7{<(8f&9spSE7VtxYYg37D_@!tKxzuQ3ps%K_x)%h?=Zi2pz6($ z9WScEYrgn1yL^t$CMtwqx5qEVbTv~&=Ibjt_K)&KVUUeID?%BzI-jS_fNp|4qUn|; zA3^CJYV=&7y#V+HoRSxyf7TMxizN9Yk6f%r@W+^=KregINtw);!2MxGQCbU7|E~H8 z(0$beM(*jsoA?Yo1%br7Y{HacjFRJoa% zcBtSD=XN)s$V~Z+m9hchra|s=gIpD=45*&7(RffH9hoGtiL3s&|6y|0M;_zKSME`!{ANmDV!geiV*;wx?{P~e!1tN5Ucj!>)i3@5 z7!!7uijQCmUDnK}b0mE$igioFvPk&wDFA?wsNnRMP1TD4*%zP9o>>%9|1;xMVP<3` z({!6Jv@ri^;zYpt@(+-S3XMVXWGkp!$tuV}3PqhtgE(JtE%uhR=be_-)p9cyKfoeJ zU&Q}m5olX_)@u<+XwzPzaxl_<0GT2W=znh%w?Pbt(?jZHSeSMWplcfb}80ji=N3M5Td$Eo$U;LTsK$ka!R=(GU2QwPA0|B=<3@)e%K>p)~4e(?*q}MYcUB)f^zq>J5c086=C zWIy|wN3Fjpbbl)vM*~DbK^iZITA}d;U57fLd!|+bjQcP|$p~8;FE1t_aE9{+lM4lr zaS#Ax&?xY6JSe=KYs(H=^7#{46}){=S;|hG}F+)hzTzxV^cE=?=tfq_N4I z5Uly%9xAY>6p`#T%=9mz^(HI;tPdr3&>~6kFm}tZRmYvy2NZ<=B!D~X6QGvUyT?C7 z=2z3Hw=e4eOb-y&CDgneg-Mr(Lw>jkrhb2|i#_%;eJpfuXJa4KhZ#sDc>PxHu(h`* z-`iYnnCLUHCP%i3*F&54c0>1Mk?})&8z&xVuW@r&hy1m#g9~xwl)TOA*$}IsC5<{b z6S;PeTSbZhy`a7!BSQ(}#pS)V)6fe<(DQS~;kX*eN9VH)T=v>dG(3Q#{{kLG>R^?d z(sx&dMyy`bKewh%&~o&bV4;8QBOiV2+{19SBOiP*J$7R&m$BsoSq3}4yn8?1g*E}$ z-<~+sfFMC|q|BdRn~o5~U9Zx^;aEo&A2W9wCuM(!M}G%X&b@!wyBJM>M1*g2HNycJ zo3+EDRbC64mM-6kN@?*`o-uq7~kPoFo??sbvwJ>qL9!fN~(L-bDcaWI!2g{W2$ta!`99Yzbz z3-^^NFcFnryXjdb!)d5nVUwP3M*XF8@E5PO3J@*I^CwtIx0q?mRVGxSC&1EMHCUMD}Rpl~0E zj`c(L-?3(#QjtrQ^hoH`;aKJnHNSW)x^CCNX(rS1TZV-LBa$D|F zfh zHPdwm^BbVmpSuf(Z7FlDs$!UwMC09U0qv=T$`DbhR>*O02*3yebs0>U^me*g9*f1V zKOBEei=aW1YZi!1ofxkh2f82S%FdODAA$CJ*x7>s0N^C>??p9G9UW)8Uw2)Ig9NZZ zZ|-FT2i^vi(cH*}=nuTp-ai$mucbwu|0ShiP~u>#hRG3>tSjkH4@#AKqEMuC0b6bY z!zzSexB)^cSr_6ZsM`1S;c}T#SUwl!u22;_S_49Tdng7*mM(3e%U37Qqtx>%4z`vnA$2lp( z#h9TVLv)9G?eYpAarGEAnxzPVnRH0Cz$9!Pjv3F$^K8a-C*Uf+`X^Mz(X%ekU(RZ-HoX z6->1?=LJtNsU7xf=sQVy34a{g<0)snDZot(v?~gzn4&3^vh%%gH&+(&cGd!qg6;rt z^VG`UF0&`t^3Vg#M$IQtu)be_J|2Q31~V0@fmV+U2*&xP;-{F1)M(`GTvTKPpxEbT z8xmqgUH~ON!6Q#>*r3enLg=rmBiiiL44;{a$AAbl6CbG#Ae)TxlCG70(lOrrF;Z@G z^Ah|*5^ez|B3tJQWRE8&;jDy<#}E3u3lZGIF(3j%aG-LHoC%;a#cQ62fg*`y+SDxr z?Gd+c2fD87bIMLwB!xSj|0P9zOWlKKKkrPSl_<(Vf-e1fuWbuGn?0sm1+_Az7smM+ zpw6PAEP%+3vfm)7k&`N6PN6=B-2&ws6qE>Zv(Jc32sC#6_JV}(LRl^UX3wC8?QNt{ zH{l!7f_80Q?LEDhVKBgQ+DCxnQj@px*Bf#i(GhA%E)}hFvIO2Ir!T{l7$II@DXQ{o zkgkh&UDqpd&=Wn&j)Er3ElR#2*1hfBt%U~V*)SeLH%OA|l8Zf&)Fh*QCjPNjk13mV8lH@1d9?@mzojbK-MAa?E*>0uNeW60p|fS0k*}c zHR>dF*~xdh6PVVx_m;RlO)QZ{IAriHoY)kWA<7h7Z1>^eceq7|Q%-;n+4*E9L?Z+( z+Fjz*7+1D$M&;QCwL8r3MBRyz2D$fmOIh+K{&pUn@ zcF0_Ys22)6lhJ(T`$?~g5W7-SEX=qSY5)L+lgNUgKLh>{1Va*Z2EZw~S$4LsC>CvK zOHEWhn(aUi<9cXJHF~LVDN15!_AkjZ7==0stzd<_ny* z@`rPZCsnx*FwqNju3XIT>(zZYre>%eb*ur7!UD=4w(Bh=H-VR#^D|7o0F{7j7B+y! zk#4yQ@5C5ukf+MXN8q-D9k^OJW_I#xQ40PecMLitv+Hx^uE@Uv2WqViF6^q733pAb@)2MU0v%A6sj@~D)c*+D=gfxn`RF2ad^}e*+I7s+NEtTNOnF=g|NE4?4hnWe$ygyj0wBi z`!B6-#e_C9)tw=E&SkTGWd;G#w{-jGX;AtN=7l+ZJkUV79mS^7aQ9FD0wo{c^U#>_ zF(C+pl}?O*Kt!V4BSqiV)<$O;HJi&GfdXf7$iEd!?kDzk5`ayq4N1Y4@1a4L8+JlRUw;yk8f>r&l(nR|8r7x4 z5l#IBtU5qN&?18FHk?Zyei1alQ1$V=01$_ufN(iw@$rzHYYL2MeegvmFKN{9s@yb8 zL|gL(RjBk4m8#*pPAgksPKGeF0I%o;d;f7pR>%=dI_SfILJ3i+6$VBYjzjWVS3lXPLDwRlYnsO?^S!0`eE2+B9aYle>*R}Z>eg+fsG4Gc@1GcO+$e2NcwWN(g!b)3;n);MkZ#&bY7 zp6`(YmZ%^~8vcGZAJZMfR^SF505scdb^?uUz96obel{8gijfSJb+nldO*ek#CYYuy zQ)lm{LN$+Q-_L7>BCtNqKzdX@@^48yLF%Hf5X}KnPWswt`!; z&68M|aGnBgIx!iKPC(Vm1E(JDJe+^-R}leI92CO|EYS$`zK&r*7oIDOk|G(t{ZQs1 z$T1Ha9q!9pgL==L%Kwl(y}rFpFO3KF@7X`&WMUE$uuTsoC8K7AKrM)d-USS#L|6eB zL!{nU&I7H&z(lk&A8-fd9fAvW+YZ~1#+FChvct&d{XOoP}71BAOihapC|C8$fim9VTi&{o-7c>==0{88A1=(~6C zUW`)|@&-BUr%cI=io-iwNB9WoFCLx9`F&JKFXiHf4A72dg*UXw`Dm!m?!oxxAy`J_ z5gZ7!ieZ+RsS8$(LPXaH0j+g`wIOz8Hp1YKUjj0-T}zw>Aj zaM-C#qy5=R9j;`%etz?9H7ZD>yoL#KSu)Ntiz zKD^kC=?>w`YKeMF4cMy%G~_geLc#x?a6o(T^ncDr&3?F=Z%YW)gOR}(55Xe(I$*F+ z`Xjs^XaE9(TXjzP2=Jk-B&c5?AN{y-h1hBDjfQT=T4slsWnj#xbqVhUd+n_Tm*GJ`Joe5hQQ}vGAc>cJ4Z|~Shk9A zO8+ynf!5q;(%-P!^bzx8^d%iuyM2`yIUlP!Dlx1~!XLWBQW!vuAhyanGTNrAt>&^eU86)OL_2?E24 zU>Le^F(2>+$X?WW9*b;_aia`mCuDfAOsE>6F-)d-nvX+J4d0c1MO7ag7Jrg?7F=nQ zS4>m`KO3<0!8#lRbC6o0w{*j69>HkNBN#jf5(tLQ9>A%w>!IH^IaT&T-usTI9_4~i zRkWmCt`7oR&`3iL(|~xmKZ;Yu&|&Y5KjKwni^VFqR3`mdY-a49Ujv~blrjjAkcSr^ zGj*SQY%l@S3tq?ls8En3fGrmSirPXZ643nzm`9O26^Bn#Xg=u)EI1e~{OG~un zv197kRl`cXtD|V&wyDS-iZ5ipX7QWBN|~NegcJIgo-^LT`%PEt&E7c^;AYU?585Hl zE`GvGpjrAh)u6zII=dq>7+@giA}-dNku@%G@D1H!_rr91?27>_e%-M*2PmMiU-NS; zcEj8Of4B;;IL|{z#{~d+eD}@A`^N!X zkKaUPIZQ-dikbgv0c4^1ouY8_Vc0|Ls>N(+dxganBTeir-9-f$fsS&LWsk@}6CVs= zG9r+yAh(1mO7RW7q-&;Poq&2&%>;TMOIP>D3KC3tI55U_%tY0uxpE7cLoSr9i9^^` zb)bEVEMDJn<+i?D=nQmmw)6Hb4`HSV2>FEerL743I_Ey9ylcwxiwBFXZDmx2idi8H z(=93RA7)xjT)fXs8jdj|!5OV%$)Hc<)Cfa51M^*WHGzv8ii~I!2i6@TSZR5=)c6a2 z!d`lPZA{FoH!C}P4BrJ$CO-3gVXG#7QI@47zd&oq^0xTlUv~`cLUeVxRx#VR2y>R)UL21Z3$zhI69^SYDIL^HXr}m zrSS4n%f3!@^|0#v&>Shra{laWbMb(0eZyF%kXg#;+{%vxtIBFVIMU_g#Y>kml7=|6 zEQCl(G=tUafBD@y&bjnA$gIjE74BYt)AiF7VK17PxGGI_i{&reZqkl>`t&?a!I=W- z##uNIMr_J`*#&NMUEbP(o6d(ygU`*nuF zUUt7o)m1PuHT|foh{HQ1WwVJ{@FcfqC&!Pq{A5JpPwQTG?JuCddn_(4E<=S4iD>Sb zz2vT2=qJ0--*%#&Gf=|N%q%ZHo{g1_^~+x}c8vqYD$i0!Mf^W~5pZ#LkK=zm>cPs& zcEyMTcl?L@@_OPHC!MNsk%iVQjZN>`H{EtJb>wjed}h4l{b)W!%#l5U#zXuOKU|Qg zw7u9I{Cgg;sSZ?*{9QkN-eB~yFXtZ;%}?z4w8(^pXWEC@tP4}ltKny@D_r7I67}GB z`Eig`J4shao7D$aXkWOXp8k5-;zsRgcoCur9r}!}K8G^lwnTd`4aC! zx=*(ELM;5wzP`S@Z~WGUO_6HMH^JiHHSE@G=p6vO*?*+m?;SE*7W!;v6y{DZzT^Nz60ia;_$2 z$BS9=HH@9m`kX_7IW>1=&Io>iFs5;c=qEEk%6_Rn%&14IA}i#=tWsyr?Z=P(7wR{@ zx%x7x6y)aQbj1wpnsUXQ8?X)qbnMYTM#)H1W;r9{RfqWkQm>O$Sh!?PnB8T`Vk)Je*rZ{8V^sMsh4 zZV{_|;kJn%C)!LtwKC^lAjLGpZ+ZUU0bTuCzqz)aUVlu;pJV6;#2Q*y6e!(V_l!P3 zM^YGZ`_jdW7kTVrc(q!sJkwf-7*Aw@~a#u9zd6D?1Kv0BcPk5W0rIfS{ewO?t2~=M>$s)s#u z(rjWUrf*L@+u6*573UAep6BfNg#Txvc&DiaJz}BwvL`qCh^&aLPy%HX!l$>O=X^F@ z-*uqKNJHapUS6J95uHlGT>a}%*UA2_dGNo3W-Cbpr zMyI#;4I?Y7qP6*fvLj55_>y6wSwl#@n@loTqpZy zWMGaNu~F&kbCenP$Q@H#B(dp@OGwDCtF!3Pc}YV{tDZj4+ne+JxeCM!He*WcSu=XF zW}E$pfC;pQ-?nZ4m(BP9PrpBh(v2Ul)fVWRAB}n>G=DEC5kaUHr2?OR|M-0E3@!)E z?M1{U#o=3Yzh@9^!Iv)v^-I%70{?uEj7xq3*Bc-cP$2iTSB-EEQN6NlrszLrgGuox zmoR{M7j!l~vyob=YFHeC5aBJ{pFoAsnHa$hq!%t2Sy*sxe*WphTtkXy|L43gM0Zo= zJ(qfH@5M12FKOgtNo#BC*^GSWBoR^3$?~(f66d9gaJ2#O5jB%>PG;27Zxu?A;wfM= zwFjQMtW3Adk1ITf)AO}si)!XX#7#?7+Tz7~!l_xrikMXj;I&qJ(&3iuDTVPTfte!~ z5-udB#cwjK;Czeb$F{!0$VoR7OW!!I;niob{6*G*N(1HypYeigar)l&Okm(jkBgHN ztkZyziKV@*Ju;yhaZFu6^nwpO_+5>=8Pce|*Y069_36maV6zq@a;!aW#^93eV;2|KrwwA(8XBMPQ`jiM2@vC9jI9eBZ4PD5D?Q0) z?lSV^4HEs_zm}+8=@6SXBE!>UJI{d;hJWK;JX%u1fh=W%7-@9~HCpoNiwSXYpQLnI zS(mqI;1bJ@jGNU-$xlR0(k@)D`x{|gX!eeQ3pv(-hQv2r4h&Vpg}+kVeoRj-^I%l4 zi!uS~#4LwvpLu-9F)U7TlsrjaiGKClU)n?@B#b>gibg!D`UFVum*ELaw@zurwmV$j zeH8?5%SQ(8OaiAepo>(q_i|&ydGK`TZjiX2c)Vz*hPf?rOhoR*Ovb&)r%#@+xD1|l z?HB7mf-p@^eR`5~()P~TuUog5S5}-qQS)R&JleD;p75QRqHa%;ZkxM-*j!{0)aeqh z8X@Et)rj~sm_n4i7b!AzW9c)Eia$K!sFhD`?=jeGp7O-@nH6XFIk1~Az?X;@F;g{! zr=_KF!7YA#x?p&D+=cP{L$f4Q_wU`K>Feze|2Cjxbnb{Z!UR9*6?}llp;xvyzo04*u7Qy+?DO%8~@DsAhtcw#3cQ)UQhg0@o~7K!Hf; zm34D+PYJk#kZ2i&mKIF6+)@IVZz8Cx!~= zq-B|aEjK^1tE^3;6KQ}Nfbac})qPk$YMgL@N3XZHKc~AV2V$I=B@L1?0Li&`Xh=kB zsKl1+yC@t-8-7YxviIs&Fg!!UlEecz`@mwYrtXk4gJ%>e)jz-JJ2_z$FDcslP{SaH zl@xi9y%`axwEXdy%g|sZ0G|9d5}fyGx?=}xhTLReRZhjoq#}e%3tbhk_7Jknyk=+) zN7#CSi(T^6g~wgHpJaVLHpx%sZjCTWDcnflmAj!^-u%5Qg8s{+gm~wqz{z%5 zel5s2aAyRY$pM};aEOTC$1DRR3N2oLnYf4R*2uSQISSby!h7F?2Zw`)I95G^5#;+t z$U5)etK{4EqxVP62XH8fh>OSZYjz`emk3*@cd4R2JFf_gG``UNv*wEM3}Z(Gw?3P;bg7#hidG*6F$Sh5?uJc3KKq5|ry1f_MOL zSnWrKspxp~a789SAgYuJ5t~{0>$4&*+qSSF8hYhTYg=2P1U37qat=)kFZt9Ok0sw& z(%OUoJQa_HPET)*@4TU>D@j=<36>S!W}u_N*xug0z#5r&8xyj6tWU}4C0sa?*u|=1 zsG#6u36_K6pNj}BVw_u4#BlWC=BQ|c9h>x38n7C*g~2EQ3?d?8U#4HmN_MiUd^I#N z$w!lO2R7H{(O*5~S6lJ3R5zI69GI-d(k&4Z3jfcV zcLUubG%BWv*|~rcx^C5u>dn&dhybpIm7K`n#8ul?4fmmrw)yTvh%K4~PlMB@@B0M= zp{7qENW7%3D%@ z{4<2~IDaZi9xHNv)30ta!8@+jRn;5_djNdTvQ!|rb{=?T(H3Ib>QR;dJ69ecJ0N}M zAFXi^4(J9=0ieo zQI+gVr!oRqCUEKQA^WP~!A4ph!QiUJ+KgNMBO@05@<_b5eCp8l>h#$GYjBG1o+X;R zc_$}XPi1ZBK#EVf_=g5D&dDvj1a<)N6Lt^XM2R7YL~4aH)=W+GttaWG zP08@*|2du1F}n!3iJ(A&vf2h*LFeZvn}Dcj+goi!1vS_EC+g1MI*43?`!XQRI%Yos zgSUXn2s{+Fq(Fik(X{Z;^GNUN8=gYZ++9ckhyN4*?P4+j073AQU@wedx(p7d?oKIZ zNzq6HX4LBAAOc><&t!<;%@`upuM-0=04NlH!v;TqTsU~>P}^6#^Rb+VA9hJ|AuUNz z8KMypio4+7&LoW@zz;P5FtRTj^qG8h1YWk<=0Gt%FoLO?nxVtXw{|pG?+vL+H2}5@ zznNPPl-v*!3=1a%W%7BXrEp|qa^n)C>Un^FguD78g>6)=%CoNF}JzSpv(uk+_@F2taSGouLQX}65&B6UBOjCC+<467ougBC27Qtov#)$kuvIG0;mC89l+APd-n<;93KQr@%>jRq6jJrp1HNvaO~mY7*N> z3tRKaDY)laf^0wbK+TQ`+?$|15#bO`0!2h{vALmXi?-6B;#!E1C zcmlv4>|as0mWX)S&Ej(X>aSD1Zc;2hNXdhqpN3GJqa?+vSFfA`7 zKX0SkJPhGreG7?08_z)x1Mwq$13vMF_YLtp3Zx?kicU%Mw8vu$1As^rpQvLq`c4w` zbls!DN}Rk&c?i$4wNyxW9K^2FU<(TiV>8{0-R*+mo-w>PRQiEakI$96^oeNxLP{(& zG&E*$@sd5cH8t`8Gdp; zt~*qDxAGo(9Yn;SQNkTtb^sr%-}cLo641>@12F7|$ntE7 zoM-w^(Agi?X3odL?u!>uAbjVbltK6G;>G8X0#N8uA}k_CW63>zZDvu20rvw+>&p5{ zU4VxCJ{m3PFL!s$CbWqPoOe3c6rF6MUNbmt5NzC}$2ZR&^DEKbezsGO?dEr+UIbssL z$uk-x9x|#4_%cfC0OQb;$`Ee{t4y&oNMicwBpvIB8PC6*qsxO_H3n_ataP$2Vq??9 zBv{tmT=8}%V+xeX{FC-5l7r@#bUR-G?*bx|=vk?aW=Y#*VBfce|1#u9%MJQTFqWAJ$9D-Z>Zxs7)kVfOY zQLuWj)4}j|hn|N-1$58RtHW^Kkj1-6#z6zl7kB6XyJ*9gYEwK4NeYFF22J7V{5A{<@3a3Or(o#ow%ZC!DmJ|rKd|cYr zGc2uhX7cGFUM;q;asw zJSY`Tf&V#GE{e3F;B4}Jw1}{9Y0W`cN-Q2g6@WI#*e**Ircml&!%BZeg@JVDS@B$)XI>4NN3+Abb@_kh0@#*?(!0*c={ujNs2jFwM$ctr|X)0b7Jg ziE3ZtLsD%2ak&TCtxH380{gWP+ZpH8obqx*gXhVX`;{{9H}q1KlQ_ulPMYuOe!O0G zs-@=f_+OwuWbOZWkrkfxP*z@^_WHrv<%AzBHKZls&PjQ>xsTg^OxPR}YkFXUrGtF9 zq3}w7=h&=<%(c{uq1!1#Aoy!GM~L6G$O1o>D>zV9&4Iw-LSrKOXbp z#oW34taD_NtfT+oEY7B%SlwJF3_}iVi9UQ-(nqURK)yfZK~E9l$>l>0HVQQry6hq+ zPE^5ydfi*Xl#n)w^1V+}x}{cJ=KV^%;DAb76h zDmmH#An9xtux==eWoT-8zE&TxwP%m$FEoF-@39J%3nkTjEl*Io;J|40FHP7-*iyrI zNtEi~DG~JYh7gD&xn^$oX85Q>m9POq~AY=pluo)oLd z@vp*{DSD657)W9-RY0CNZ;|82AC-Q1gqCZnug|TE#&%;uKD?n5UvF3q73>Q%;KF)XMrq5RBo@Ii?BToY;v*+;suonuy|Ux+l59R z!CeM6`~dk|J+FBd)ARfSXk8BR2xz)4$Y^JrZkGVjho}Gn{*T*2?FkZ%1rri(vLNG$ zb``9wJodK@LFg=KltB%KyzThz`7!aZ(_VZ^iW?NPn4U8F%~zTB#RiUP^WMRMFF zh)YgDL1gH11FA4i2$yS&GBIua>5~U&R^Ju9wFN;4w*jf^`90(p77)B8WBjB zD87Km07Zpe{Q(RcaITPPw7%S`9V@HmXrTo%4w6NJ5_t z_uaOK@-6z_hERUO@^dmo0;7M}gT9e@%X~f3%JEFuKcw3&`1REDcLM~va}ki0fsIgU z`B%tR%6Rm_@O%Ipl}#^G4c`crm2EC)M!ST|Gy?8deInOtsi~FS-pOBl3?=G$xV1sVUx5r2+A#IpfuAg<2@Il4sPv6N`k3^26lb6 zt{`Gj4HyYpef#N{92#Q#EGGp{E;c1aEV*6tzHPX!n!dh%Odmu$8`hy{LxKNuZSEdP7|r?oS;yDM=Q!GlID^NsYnB$l&N z;O>JLqTM2ta{mvoLimzDOkP@h(HF~~-U*9lV@S?ud0?;O*{KIIkOB|rC6bifgUVl* z3po!_5KUTWjnVr(gbl%(ME3nx3n1}Oa{jYJ!}_`(6bKl`r0D4`!PkI-rgiLkVOLK> z{9v|4X`d z<99L!4nL$rYoFOkXf0dSE?ck}lOo+21OneGbWqJrsX-ief1EYm*~5b&HP7^E6@Hu* zC*X0S#`5UVqtL#bE*HgBudfvcTf&K;!K9{W;7KAQ4k^gXgI|x6@(T%Fpeaa3kQQb$ z`sUM6lAm5b;Gs94mbZVO%l;F>y7T$pwTHIf{bC3&kL2%$eBoXieyiipuC5xUN8myvh0dP~+)6v@F3}9w>%?z*iVM zoWt#6KzNfL9QFH(VwV1RVCCBI!<^N>VLN9XcTso6+}eM7oLpDXZ07FDq+b1BuLOph ze)Eery+<8;^bNXjFH=tDH>VYOvO$~F$D!-$08JipO z<-QAEuo-!s9pf3MQnv^W+0i|+4ub&My7b|@&>gg-tTEh6vo;tfNyuC&Qf`|WYB04H zbm{)3HKSMxgH{t^%|aD_k6tbg9m(1o8OYU-2|Zh|aC0!Tbh9V%HfDXgcxWw7_&_Og zb>Q!GwM4_0vzZIEZ3FMNff7JyN49F!9j&Zo+uv$q=Bcbs5zt==54Krh!$I#lt>1ri zAk$)z!44@Es-8YTHt?9)?MPK%2uE2JbO@{)?B=4B%kyok&g3aO4yIfieHaY&pQ-NZ*CF}ZiXZh1N_9K4 z8syx$T2b1m$Fl^ZFVD3c(E9S`g-~CAz;2IoeW@fn{sh>eS;Gz=(!fl zdy7T+vY;Z%zur%-*df@uTOk{XyTLQ3f_wd38jCm1mdf8+_Sa2(n)8X}gVR0nE;Cbu z=fo1_u8=?HXPk*j%uf2-n{SF#^*@K4@lE;t@eNk_wZ~k}&LCn_PJi>^{KZqKMe!&C z=OA&Qm_5E}=)_ul($k!PhfAC93$)CnhO+~Dgbtil?$mW%sLUu1@wccA66!qs^mB4r zrmpNuZ&Eh=r7$JBd2uk>`wseF`g%UNep}_w($g_?`NGb+JBRzG;G-7nqcP;av%%;X z`Npy2=w?2*pUeEW$*_=x@0D?6xbEfTn>vL%L|)=q|5sxJ9w~M`x+dAP`VCJr&m`!v z_je8kFNRy~WnSp48!mFZxwRD>+>tfuyJxL4c>q*4k_O%uk$Ht>=2@Mg^5feBt=Fyd zq-h0X<~rd9RXpW^VyZ)TOz1w@5EJegJYlW~49SCt5HqVg*I)mk!nfF(@%r^6Qk+*L zLzi=iniQCjrps$tokuwr8@9mY=N`HmNMGL!R~<-p-L+5OEk04Ant5|k{%hy0pqWw< z^9HRi8)cV$IwzdVL&D-#Dt+NG23*2Y3 zLif~@)BdQ}o;^DsPP|#9*R8*IHOWEWA@u-eP}3E*gt+YM{BF9RWIm$}kY(c{rjE~o z%F63f$IS`1?q5-6!NhCgNlMPWVVw~C^2Xd5szps>!Tay>4yrso^2_$?JCEPh&&DgN zybC1@P9X(fMvuicEGPb6;WX6meAYE{*`2y(FFD~SrL{i2t5VFH?(B+&9mDj$Ti=YI zil^nhdUrYQ8K(aRGG6yq`h#x{*I0m#a=;Ip23;H)#uA4mzamijpFHqyVJ#kw>%42y zOQIk%5jFGl7`ys~NyTUA$NZOOg@>!OijkWq-Ex{-7Xm5d;c63c2ykzn zN>iwObz7|bdA9R=$V;6IyHZ9Qq25V?`mY3!%iX9mcMZLD-l({0?eF$-ub0_O5~21+ z^AQTNMwNmj@VuF%Jr3szQmW#;ziN9GB#(clH@vI!;4%2mYFW+D$Q-jjS0eRCH}@cw zjp+4iLoiPoZzDwF{cF9x6G=*!l0E$BoFn%x=^&jqMM_v$r?5*c-$Ego3T^gh3 zp>@>j)qitFH-PEYt`tO#TOqg37Zc}yt^BR9)-xEKa5h^$Cv#tf46{&>_V0nTDcN|= z22bx<^!yGTn>+1EvK#XK+8q;~JO3W))bq*?52C#1)ke1TFNreg5Pm8ZJ&8mM*(_!u zo7?Ao-!%GG3(cK_!@~RJzwWzzoUDcRmMn5?dQ@M3_KgX{eD2;{?eu4z3xw)V7xOHFSjtP`};_YBQ9{1`S}`#+}_^sV&pZFZ8h z)IdUWowwS=$!9{PXIE#vPzPOvboUP11@z^~md`}g@ zW{tmpa~=(@pF_zf%ooOewWj%l?bt@KeC_$%n`_HyjnaxuqL?fHVipxS_u9f=O2tu* zgFnTeQJns&>wFz{y0`8pOPsQ7qD+Pg`vFHy#>(jj@0&}ysjR~M{?_K%_- zd5y8xtwr;xpV$m3dHS)#oC6v11KTDt>|~|+Hy1a{1bTcn2*PY8;blrCYbCo&Kh$HX ztZtuIU%cnZ>mRKSQGN)P-tXwF{PnLQdod>4X;g^ zyN4BVhX!O>?sTkUB`P^Is5@Vl8 z$YS8?K(a9}U2UDwl;6v~KgagEz7>!5z7|V&9r#@CwRvOCwB4Iu!xy0sZyP+KNI`3! z)fiTC{c}?0g5%4FW;}-ScnVPOVRr3EPa~X{Ny6L!j#O%;zoq4C$iYt2{fNPF@s?ivDafI zjetM{FEWSi@g7QDFYiokIPB|R9a1N?TG$Yk4}k~=9&FM!-D0wKUBrk)`L(-uoNv}m zQ!>;A)&r1R1*{@il_(aaixF^4hL_(w3b$=Dd((_XZLEbo5IeM}WpT~XQ-@4z5 z)ThWS(Y97T2&U%E4N=n^dnuRlUNw@AhQVs}B~2IwUQWRyu|MjFhyzKrZfDc+K;h@h z4@V?dz-xQJtOML_5flk2F}m^)eoA;A1BKq5-$h9(Zl&vEbj{Q@p2wohW?t8wsanK(-O1Mv;Hj#isvD&J z<|JC%bFMqhQ3#lW8-te@Yp`ip5Xv4vAK!nIUqJN zFla~i2f!ED%}nfB;zOO+4Q}z0*RLxC;%}i}l~TY2R`{|j<|i-iX)q=BaVqGa={YqG z?Wc#cn_(18?QRB<)F9v04>qmir{H?O+|L_oTBVBac65vwhan7M29VdR%UPDr9ox~x zN>cDsz2|e6$a3-|g}qhmKb2$gx)~OPxbUlV+-8sqWr9gUqe?Y}ppXrR;iBk6FZYw6 znHp_#PGM;H(D0Mokh@%9Glwe$dry>(GS}2K_tMXFwC3Z3SjA1wWgwkp=_1_#S_QJn z|5osc$~EL0B0mcT<-X;7%Qnm~%@Sbiv<+Y~y!tsRd;)U*sC}~N?b_M5v$YRY6RY5FjPbsj{gnB@hlzUsWWSMW=V^E{?>O&kO zGFzOBjEOgH8LfHSG;(2opqZKumkxM%jlfSjwgmacW{NYDbDfMf7TMHL^(xr9om@A0 zBPw=`f1hkkt6YD#Fm=%Vs#dLPDU|lRn!@Ow@kiX&f^gaJj=jl0;1f(SPi?L(X*dMI2FB8*t&Px-9(z##LCIKjT!e~`+dv1gbA$l`yx3PCs zQjg`hqX1wiqCSACv6evbLH4?ud+y9;u?qJ}$L4-;0QX7=>Blr;UJp7oQ`~$lSD4~f zt-T<4r%>=6K8EIge#24o2*Emku<3=uwl&K2%BGm&iU<-tJ!i3no65Dr4lVy*2L(XmX!H z9@O{c^bZ7MkNdToSOh|~y8CoA`8L~#EeTtQfV2tgZz4{aMhfQItntS_)qT`ahR1p}ArJQ6K>Ww2%C$^+K^w>I+J&4&Ye6@W=5DB$=9tt@z}Y69XNh2mG(`#N z<}}>OqzrO*(xH_1vJ_}>c5hw#oKE>Sf9Se+8bx?%$BDog5O4L;Xuz%#1@Tsy^`|*I zHup^X8D7Ja*oTeFY^Wbx1(xR1w?eQ4m-e8b)(<_9vb4<=)4`o#`gcXg|5y~ra&1gz z&cItWB}WTn2&0w)8O|>E@GZ3I-JZeOGCbC<55dZj+NckggmxVIqIn@JPEA)OlKuAq z-q?U$Q3^EN1&|-T8qMt%rZ|G(b;Gw4)uy9)oxZ2}9aW&!G4U#$qZvdUx7?)bLhUaI z-YFza<&rJD!+NUu;_zxO%j>2oe@NLxzQ%jrSsEbX{9QPgHkVn^fwSDy?p37Z-EiQx z1Tgq0F!)@`*-rMu`Na(acMZ0^zvHn%=Z->Lo?f_V!rCl&N)==rl%1*i)RYm(6S@hz z)rz`0g?=vQV2C~STZdiOL0Qt=c(b)4mWu|TQ(c)<{^_kVyRT5QgGiu|W}AZyY?9LM zemD~7rR$ItJo;R|zDckfLRuEVx%rsSm;dwQ(Kv^Mv#s)>3Ou0&Jf0f(t+nzn@g@;- z;1eOi``Rf17sZF`F7~@ji$CaF*_aR5{&8a9>W_M0k}9*digX_C*Pi=-DvsUvVjP*1 zIL*Yort-({ybUGi3ZqN49?RqoI zjz4#xbkVT_34QlCxqD)2(h3aCBfTDKtmrOD<@Cydo;#gi30U;;FxQVkfGbtnZuSi7 zlSRH}PK+!va)_XjgIe71!RM`&pC2Ze3%xQmyIoAjV{q@wm0aQ}@E%Ak$d0eVy}1f_ z4o2V15X8M<1@EpEI(cZ3Y1ij;S4DMQJo+HUjJW96*A-6Au&Yfh!K%}^s{Q>}wj76k ze3J{AYQh2#@L-X;?pwF3y9(RCUXo!Y%eMz2)wi~r-wM5VZMm~2I+CfwxpJ~23lK8~ zZJZS6W&|;5i^qcl*DJ7}!xdbN&LaIRcIU z0S504j)f&x_1rqihbWk&q{2>40^$A%nOay^aL>hmjVkp_K%ud%1v4adgp1B2w;teY zFYw;Kc_RY+wI}AiL~6X??&a+nulF#jr2I~+TG%#tm|khsr_>4>{3<|jZ5`IbW0;4N z5ZPJkP7`}huA~b9cNC{N=3_M&+cW~`(nPXT*i9)p2m_!Br0zI=ObcZ`bTaLhOm@#` zNvBEj@&lmWSLf!a=00cT$9*CEOLIwxiVwokmssNjGIF&Zj)jHpzHM`*|0hL@6)vMe zRlZ_jlGMn*oXc#`=)F#~7=KS?WNGRJ)4Pbf2~8OTKr3ZoA^pL1spPKvx|)9RBqhI8 z*h^ulnO2VUzIli0d<*P%0If<1#bm*?!p--p6N~&hew#lm3YGU_J6U#sEwkqAlr+Z_ zppsx0UJr6fjfr?y$5>yBg)u3p^+FNT`>Ir6lTATXEpfe?C|NXDc2RiHW>w1yf!aLm z%A_Z*uB=A=cf}o{Th57fr)H^GPUnXS?*YbJS3WG2e9UXy0_ZZTG1JEu=9Q>`L<)3xlExD&-afHXT|+Y5FAy2>SbLawW2Ol zmEY}r=eZr9r`R(;Y*ygjxWTH)!f&obueAhsJ^MICa?$i3A$|A~ceRXqomcGr`)|7Y z2Be?r#Q!A{i`b3>D%`t@;%=4vFqmsUD487|BvJ4Vt1VKEH zE@%{C@BQRdpaI1kW%!T{Md#}sTlZf^+c8F6<#W44dWGwWCT{U zHv6~q|6D!6dnR{m3;VqOO)3vWQo+l_9|%C$C-sOoZuc!ACmtPv#|X>6LChWl9O86m zkZO8&PUU%Uj7ae1&2hAcOP+2WqR?`yJ6OL{#a`H1B`XckB|xHO+^6%9fSZ7^K=u5! zbu;F?`#gnh_ioPE?F-==fmKmx8nElx4TTnjAHwS}csWp?L-@rzD>O2fxd>DBjjQ;C zJJ|ntf9#8XGWKk*Pxz+m+GZ!~xO|6&ZUQ{8SyzVwI1M^H7|9jG5Mm9y{d=&17b zsrQ{a1-2~%HK$o{K`j3>E#O5Hu6i(iG8lT&?)BQ4ox2BIjpf?o%sS{wtv0`omTE_! z`3VwbKZx6=dvBq!-V}~pExO?S(XQqspIV zcKPQ$9s}re+^ln1F)Rg*5SE+dgW_W_k~9HHYjXCuwm`=w5})U4*X#H%1B9ZMJs<#3 z+W>}PPM5r+-aB*Qw>w26PO}}zDvNPK8Qi@tch^72E%;__tSx-x8NIFlOfA{QH@%`^ z24RPEP9~U*sw?=)-TNXVsQKz<^6S2*G45hA(E@iD(kepRCbYTDQrJ!a>d=jM(>&j9?=eRFyr{G5?oLh-MPhF(~y@g zX(4j4MjY2_u9o+|&RhfSu@AXgsf}y)%-fZUU_wSL5|v~)>5DcOod%Sj)jHQoL1786 z{NXRRO1{+I8ZwTcbc&hE+9JnAEb%$JyVb@9E@>SKf@^w&B~3Knn&_#j10bfYbo_JC zMfWz?8tHGApRNzTMt9S2M9 z6`Rh-`L+*ZZu}JB1N$6BEEt)=%LKUjx6#9n-fQ~Fy9YZLm52mh`gN?*cBbLD>K^#U1=lI=DLjCLG~xMxef#v06b|(x zaTXuk;>sG$D0o=`K|yiyGy$J`GGr{;dSMD(+hp?4OU0#qhqmGlVquY7WnO)_%dns2 z;-_lG|24{bQIml38U3dh>k;%QUfvz+NusZ*h3@m#LA67Y5)=7?WA7wD_z`WLp#O#0i)&8(xh5ZMcv_l@6== zdT7(=@@m3su}-2Gy>rT=TmOKu66wcS=DzD;BG!CsM7vkWPqh;U4-3BI@@i6=>{KQu z4G4^=}~;PUEp2?F9j8_-L0e0SSN2U?nYdzL@r!=5mw7%b}Lvbu691z+@)z|6&`LWOf|4# zJ0WTQo{JVws&GNVL@V{GdfO>JW49?F%NcH|Hxh_Y=%UjetoE& z`!nzo`67;Pcz^Qczs6mkx$X}K?JbOM^NR`cvYOuL-t&ci`I02a&qZ*iyj?KmnPluV zW`0I^YRc;9hKN3wNE~a6{6b~B8yl&3rVTZk1Sb*Vx_ur^A%yK`b7Zm`4Lr+@DVcKC zzoYxuwf84@l!cTOH=MudUU3@Rzt2ZYQ@mFN-Gwu~@8^q@@zsq_K}59A9(N zM3g63%|ywukQ%4=5z+VB-)gE2jp$Y98Iojzpr}_AC_23cXDE0FGdf`dA-Q(a7Kt0~ zq7knKhh^K8t80wUgJ}9I{}rLdx@R>S5TtK1LBX!GEe^x_@SgiG>Ybe7Y@;`p&W(${ zrlcsVEt{MTVr0rf?cd_jjrgqf&2-U*tkW# zkBgxwQF~BI2ZLnMR_IvgT2XbquMfMo@`5c^IB+u4Pbmu}oukGMXxZ$4^oj;B2YMSA zIV25&+mc+JE3PQPZ^`t~PE;@(uGt#XO_u50^0m9?*xl}=_IT!vBR5EJUj$oSbgeB3 zg99D@)~?@4pPR9pCG+;HFg;s{<9PF`8(lkgqkvn-xfh0m3-=STrL>n&@?#5fzDi;b z2*R{8zv^?R(z*Ib|MPv^yG}8&l(W@GD?Txw$%89hTotMc!4mXmcrEkaADX}=PVasO ztNBs#tHdFnuJl&vlTraIjw%xDd;Xt75Z>0HhK@nI=s(K#D+Wpn@t<>h z6VC=x1;&ilNLf~`C>K@5@Lhr3?>$uWAZLo#^s#aWWDE{DFb#_l0;HI%u(l!bwLK=9 z=_FE<#sy!!+haVP8YFonSdRWA!auFky<-sgMUHqEXU%4Z8b@*yoN zbacy2Fp1jr#*QHSfB*3G_1;<~@LE1^`YNa=c2 zJo*g7j^$bH%@;c7SA=DG-?OU=T@wSU32>jLG=GOg&a=ktBye$w8llz2kQ1DjKIO<% zO5&VaIn~ep=x?X=k-(Q5OZVTYC0G^ZF#V0@GbS$^hPf%EG5Bj8;dNnGnzr9p(#F}1 zOllgo+~o3MZTY#MwPH4|QzfXn9#-)0k4mR#TMDBR%e7os$h&nQVowwqeqo$3*}w!l zL~OH@ZrCXmUcSBFadLFqI-Z_IXC87%=yrz3;ouLv60?DxoKDTT?I_i}kvb?lex4gD z)5b;IyFjh<;bzWTv$%SVQnVqX+QM4|s^Vafl=3Snl0?5z+pTN4j2)34YNcn6v0(dt zP_`rVPf%aiyT1>5%agyaKBCM**7iT$F60Z9YjunJrQPCka&2_gGxfv6y}2m&Yt1Ki zvteBk8=CNrBg5K1J8n%fUY~3XmnXjl_%5$5^WfGF_b9$;?;+*TA!X5$7$r{^JJP!@ zJK&l3U&!V2gZ7+-GOqH53QX|J!~}`^tu}Kx~1VxoxO?A#+I<>R0N^M|Tgm zYP(;U!28wg-B|<^^T8?6`r~D-s~6eh_%@$d>fA~-u`J7 z1B3jIScupt7_qTjsHdO@L`kBG- zCC#j0^QFz5qW>pQ3)VlczN^D1F|I0%bM^c;|Lim*Tdu%N8%zpNB~fX?Hw$(Vo5666(Hs(N2oJZTGLWp+xD|xt_THp<(^w zvH!)idI1Tmrj6t;WDm#B=@L-Cfe@#>Ji;)#Ge|mk;jr#N`u^-aMzM%k`8VsCchmS_-%P$+Iu3_ls-Mi=_{A=-nv)vTcd! zxQa5P#lA^-+UD&?LAB(TSB{e(GVy44APJr>hfi5!^xT8lrQ;uj4ycQ|=h0pd|KXTJZT>bG=rc8Ub|1+KO*#oZ!T6Y4=N`m@Q z{(JHBW9eUEh30IORGp2jolUpy7jC!iE*!FgRWoY9f=9!hXmNyx2^dznPTD;)s$m8G z@`+__BHI!=b?Axqf(}Ss!D=UTW*JLNPf8XuGc>nr<2Ezy7;t&%X!r))>osA5#3eTh zr2qE+jx5=TZ<^-n8r;!oehKm^VkIA0>wF^0s(sb}_1nLLdI;J(%q)pBZkhjL>sInh z>Beqp3a@bixHyxq$<*7LNd!SY8bfMS+rtfkRHfNt4TsIsYn~g2fdNb`FY9SGrchzO zeN8h(#1338lm4bT&SiZHK&)5dq_Sah(_#V?%b@uubk3eLUNZwcPz zsl0=AW{go;u_Pxe4B^FcC?@*Yihqi>|5oPCY1U zG#v@0+J;@{K&0}V5;H^n%)dw-zwXLL(kbYlT*us>fX6a}Zf}<3adzgL(hO4xEu5>< z1cc2L@fHe5f_vuGO$2S!`i$sxUcye&7?Bds`P>b-pOlEL!^skOCsr3)jHPgD%sV}i-e0cl{6bK+tItiLOEGUYl;bBVDK z`^0wdXu?F^D6&&_!8nuKIez$l?Xv>5yGdW3k%1JI6C)y(GyvvU(%YJr1;;!5I znS+-mM)?*Xo!nd*9Nk>`GNNi}*mNw+4Sn)~kRFD%Q$gzw;zn>aMK7YInGk=2w(|%% zm0mHh|3Lna-S<@WGKC<3dXPSBcJbx8w0c4PTqV+Kh7^!HtFATK0y6 z7Id=}mtZov=BAQkM0>AF===ipMN(7TCVDCqU89+sHl*VjF)14EQ-+OaX;*z_r?uz( z=c!DTSY^8*w1(D2?L(b`Sji4*UtB0nEE=h|>v*}bW|XOtNgMFax~zLWv**k4zzK)} z0Z1Q~-n_~T4$4-G;p+AGBDr7;!U|8HSsARZ?aB+rXKOlqaop_NhxCRxE}BcB4awsP#+ z#KQWwTa6-1$dNCXp5`4=mo|eSUx>=Wd8+fA{CNZ9PTiuhk&+6fSNejC>JFyP-_+bl zuB~=2^vmyTc~HDp-L}#s)R$=vnazfZ5?xE5%J4_)D_g4rTY;m5@E4&cw}xQZPxa86 zrZNPCXAaz|>3kqR+L2#MGQ|=33^FpIB_G$;F&iU7$d;)O5LZ z#YXBx zUID>S=AKCVSJX?pjUWooHA?eb-_O8&AV`Wz3;K=4QT_7~ezNc9z3e0V#zoV-47Jy4 zUt{Aw;{HP`d|N+N#rM1Z_Rxgy6|c#`(@gY8eR2PrGHu-w^Uez$euL+Aq2$EBu)VX+ z)kg^aS_hHxiulo|g6~K5NJaDNH@TV&dH=k65OZ{~r;xXdQK2MQwN)46 ze~ShbkdQ;i^Y7<3zM3@U=Xk~D@3CYkVu2}3w;zVmCZ8q#$IEZmej)=>z~Wtk24ft$ z(CE5^OeoQ7@Jum20e{O|4Mn?G7r{%Ig)mh@HiNFsqcI(5FLk&snnPVa%$ePXboCfb z+uJ1lmRxU$rg*>7Y%-Xgnz`P>#CgFXmg1;f_E+x8&FXiu307+Vf*^eXj(a_%h7%=R z{~%uN>g182SHo!${2nC<&(4A2(_4+z7MwI40_b9_|frTpap1B4w&3qX{hs65+zi66tMaTrT(Ci*kz zI(hdw?fixN6CoZm4_qa}`Hao#mvtP#p#UD(?iktcoa2(a(#&hkT-X9ke z=V4w6(RUj>mqWOA&GtQmMhe$4>gV5+51`b~SA#k|9t0Toa$ zcF#U?wKEI7yrn(iHdmqVVidL0T=K(+{c*A@Z&>HHs-h&0LBbMu@f`2VyW0~&=qn7Y zbp?+~*Ilv|9!JgjXSWWcJhFd|Exm8R3$$tsn*?=;`-)gIkcg=ITm{F?%T5RGvuS#i zQc?}^zE6_M(#H`jn2b~k2uqF8IoCAagxD@Zp1~)pz~?rKtuw0*BcM(f=9QB~u}~=2 z=_{U!;`rbI+j( zi+l{s9D74}Rv9ZX;V-bVwJrx^$*nGyO&=?ZJLSTC$dTq~>fiDyI3QL^OF@WN4IBHZSj>Vlg!>!fpZ2EfDnQKN1jPE_7Na@pz-@rm(Nh zt@#U&?{r+rL?D^w=95Olt0K4dX1sKLl!v{~2Fs@}{cxrSfq1rfDUzXF!k*Mr#J$?# z=8&wfqRzId+ZnMZ_ESFpul_ejdU>>F%@A@M@)%sy@Ebyr-nhme`iRj$dFZagB z$NJQ&6*g<>5mx_AUyEbG1GR3OJa{{{t~^wUF}WW_)oAdMqZXw)2m320w}ibnNFup0 z!axMfg6Ar#PZ{DlB2=~k(vbhjgPs7v?mE#Owf15qropzuMe;QHa7%>$ZYztZHMagT zxxgTL6KzjiM(j!>93{y4S=0LRQ)047Bx7JdCTcpVi&m#B3Z;$x)|VCTw?j3rR@V#zmDMAVR`X&5+|7HP%sr@eSY^Ttk$ta6i0_$2cG zu8iQB8)n7HT)V&9Mn@_MEXW8}LbkIfM=Ud>H`CAgJt$*m%byxzT^j?SL{~z_K+^)w zNwbq#q+#lwiT0J@D;dM1y4yzD+vCU>!0l~5MXXU^Q-5m+lAo1_)g1x$bD5RXILriX za3nx5{`JQB;xp6wtix~T6X8MxJhb-yHS&Mpf$id75AMEkyg7D9U|WeLdeOC8}A0Acg3h_bXZs6;!RchQoaz}H?5cB$)!Nb>SkSkz8?L=U7)lO*B|owO#WYJ z5N7KQHl4m^(&51u9YOm2?DG*!XfZ#f4b|e3sbi?ZSz0Tj;F$j(^A#UWbw!-97yiw` zZ*h59F205bP!Rich4$x7>2?iKS@jTi1^1tcZCyNq3E>uGd_PQh_Wfe_=aWe0WZLiE zUj>CAxbHgd=^WmBdE6YK#Go2%g>!v@u|7dsmGoauu^=1Xq@jGs`O?G2!hmd|Id~JW zq++W50^ISt>URKxEyS7#nO7}hML*St3rrpUr?T0>U%v5;{0VK6dR$@PEUM8i!>eNl2dgzy0HE?zn&JAt;6oS*7PSrO!TcZ^}NCT<8mA!Kh1_a?g1yggorlXGT#!u{K+y}&1IG10k^Ncq~{fntvjfTbKH|sJ`nNKZdW4! zb07}KRj(-@|G0(uIm`o5XVFes<8md7JML(ayG_Vlq9Lg}0AXg8CQj9wgNKz~F2@U3 zTQ;4%`tAlDrVd!pcZw$^UV4*SJF;^PWF|Bh7gLVkPOc+e;mc1QQKh)u0EuyCmXheq z>}6pL{{omoFRaimFAVAExs-j<^#--Th2SBh(iW552V^Ajgw{Ru6Ytf6vw&ZLYcbx6; zx%+^dhOe=&qqG!G-Em8WQr=fyTntF4Z7&Z9a5g8==ji z-M!P6cT6f#=Bx5mU+{RrQ(SNN_#tomd0%zFu7@lnRtsJ(2@g?ILOs~|Tixp?pWz>l z&$?B)%sCZ3=f}d>_lJaFZ2T`rXZvN4pBZ(}?g?-l1wenh3Wj?F9Z~_`q*LmEbzu@2 zUWYerSMyxZ^Gx;bQi)T?`*mx!1_bZH^|53k>+J0ku-q$e^B3qQ;viu)h#XoX z77*g)I=^*wXCO#_35Uz5#1<{A^ZhBkUCpNpwEEoSQ_ceSvcpDl5eZ<@QsWPo)dCltH8bdaL`!UrJLNXADJy2 zD`Bc3#m<#nQC~qGa8|1ALkRYu)8l6($L2H_!+xI2q!zUJC_EVdX-t;Kp|}*Kn!yz8 z2*x-^fJEnt<5rrKk6W`MO}rEo>-$eXbtrS~3Km;@S+*$fMxGqAsAs!b7$%Het$(iz z8?o!vDy4phd3hw++Y`ULP;Sk=H@>oJ47h4D<8R$UTYBl zN$h465TLZ@MA5nH8F#oIrY9pJ@bMK^Xw8{-jn%Hv{hw<8IJZJOqT6>Q1auT$dD;8u z8r44DB<=$2>=XG{_i}Gf2};ScA$MlMHVq5Nm~Is#u3Iymc()*_&{RhLf`dkhxW})x z=#A>ouIYfLum>GM*GIK;u;L3miKlDr6#48n5iYUCmgddD&nYk>zoeX%8^}}IHy#%# z&I?J=V|X`ZqMmY3y4i{i%@yucEFzNpEdMv)5CAb{{4|oo4Q+NVoo7SZamOj4IH3Th z3%@BL^~=+V)MnOzIQ4^i&|qQQc2K<20T9E{@36{ktg=D-1-RlnXBP4;H4O+M%}r&V zIsWHBj?ef#=O>mp87m|FFix9p4O2&L=a|=$K=NMS$B|wNEY}X~xmn=0!nb~9l9KP9 zpWAJqQQ|#Y*eR7E~ zaUFN4@^X_|CfIq(lc$Fd^irSgFMT7)TvzuUoMVny%#J^D{YvjQ+=>TjMQl+-OX9+c z7BtZzs4>Ln3SfEhMCEwY7jg@&m);IHtjt@O0M>X^alc-pk!uDEW~BSpivKW=xOP|P zW}TCl9HaDq30U!sr(q$q_y^y5SJE}h>z}%3UQs4|W?2*R??Dyh{kqLj*OWobX`K=^ zW|#jpV!sY>d;K?6zi&a0*;NbQ^76cf?fcP@t1KDpt})BPQCnSi)UuIPXG=`%3GdyR zm{`Dh(6Dz-JEQLQKGTYz>R`xEO(Tfji20s~e*7VF2yjMvHY2&fmgyrLq?Y3t7LZ}E z{{8Z1T+Hn}COmcWDP4Kfb26?joo28+IXv&ZKyTsA9@Ieg{7zub4k%mcIxdg-LHDND zUZu~ENzMB}IIcRgl?3O}51;ta0kO;|0$IwCIvx_1dNPr%6+4w3IX&ZgVeVnCKM;(JzBE8Xv+y)yrAD7=ziT}hV zmya?0=~k}W2sIQWZ+xrq(<6RgT1=krb{#qR8G6~`u=gnw`R&}uaN_U8&u>KSRFmNM zF?|?Ce4@Z=IyRl3z{gqtzgd9dj|4dxf`i+8yT{9>0=eadsNx<&Uk`(z7*|9f_C{{p zq^30f0U5&TL+@*o2;go5OJ9BirZ!?8b+7whZTK|7bh-pm4CoisRkZJ zCzo?uieKIsb}YILe)@iyX_)uj@MIo5(e+Najhf=Pj+WAX!c~RdSvY~(ZO`VR_6PB> zg#gEEIzxq!J*V6KyGI5f_RuY5OeCnBf@|wOm#3qGuDx)}i~F66jjd73Z4{&|pfP^d zxjFp`9QF;swS%>R5#6AiDNgF`nFKa9+JC?XmEv;Q5Y^q?Q)QJ>RI$>L5)_Nkl5(v_ zX#gm4)_pk+B2QYR@ed-hrx0E5-;^T>l!T~h9zN{)8uJf3 zCujU2w4mK~iNL>H38wFTV0FvHeYlAqaXD|T_|$OMPW=lRwN)(ux)Ihy=I0hE;SO5- z>;1<0?Mmk(JW`vmbQG$#R9^pw_k1n~d)A2#enrqf=1&TTaBy+MpdOMoiN{9Yye{zfWR}8A0E+dUp2{Fu?HF|?{pxYnf#=dWm-le zf(Rulgb@KwFD{Ts89>aol{rMbXa_G*k03WPd7IJF7SS%+{-Ry%euujns5H2nL07t* zIvulrVjji3OlaR?Ssl(u+x;WEBc*k4&fyBzD}>*N*?jqS<2e@SzG!VFj?rY^@C@lC zFXgl5#$?Zbfu^Q}vVkqN58Pl&y z6XNxk3%z_Yrb(`Gy;0ZoX&MqmG z=teB6KraWKBhpXmt-`H^>$`|^bG~EuXxr~5z0QJj)@}QVy9i%oG>K=7_8f$0b4s!plC^G)S<>n z5?*^;fhxJafZjipewK$ruMt7s2^Q?NU3-WYpA9;_-!^W*aWyYuO|L~X@s0Bdct-8f zs;!DTO`JY%gbFhUbaFU&mV^!TT_hgwn62=rG{^@AXyxmvzL&L7rXfOp)G|R9JeFw% zIwL{2&DSJLSN&!UOnsWRVnD$G1wct@0j;t1{n2AAbwQip%D(7D(~m0<+SmpbK&eM< zHJbI9zDXv8>5{NGuKj*6Jv$2UhhjgB2KZxa26~oK8G(-M9+J#oVLeZv_cpK*s)V3O z_0EHKsq4+}z{}nt2cFsQqsH+#$okq-FY$-a8zN$3nBLpzLMvQr4Y}BH;Z{=a_(G7K z7LeqTet^t?7{GDW*OOa(`Kec^*oo}XW+0iCq}aWgM8+%9vTw(R@mJqmfp`cwTK9LN zLEAfMsdK|k$luXA0V)zy(%>2o3qg69Uwk|3R>zwMlx&&B@#MvaoG0QL_ch@4>{LqD zCTNr=PQwRKkz#Z|O@iH0_B|~Da5Pmp91~1?$=sLpgWIbuo?kXh{h&A$2vXF*Y4h=6 zW0Ce(T6ve1Cy|!f|DDARvhd3vBi62J@>l&8^P2Fo}uOa;bRlAVHuLwO`%Re~?Pvbta zMPywPLF+dGErDcW_a$Jk6RwbBt{g4*<{* z=6sRsQxd5WxXlIKrQwK*$#xf>O>+5SGb1PE>oA4D$8umDvg$55b123cAMn7A6Y|2)aDRK(oMnqtbF38O75so`e1%}Op1)OyMvdbz{ zv**D)RJxD_S>TTMIj~M~ z7~{q};3t|7UWh%Y?K9xcKbm0vNZH0g!L^oaQ+sgP6X|t5rBQUf-2lI5H7-1w4r$^h zPCyBh9DXDQCJ+Io7_-2{-_%%_>Ox@Bonsl z@e>I!;=kp^LnMxz3VWZ{JFqg4!iz9FWn3__BNv6HLUWhMG@GFrf?GFt%`a;)DK_b- zETqMnhmVaFn&*P6!_YPab?f-ad!-Lp18-F{eO>`CQ%p&AX%_nNXX_Pu#_!P|^Wez6{{mVQeW#Jd*?ngcc!+W!ApCZjWl_B^&cd;+vuLo^ zuICfl#d2Oi&%!|?*Ng70kgB2Y+80t7IUS)NblfM>bPlJL@ld@Yu&-gU?nO6Z^cC7)%yezIPkn-;Y$urN`!;Wj3PuBVhAsY4d*Z7OlC5##LEn9DOBPB2(reeObB3)N z9{67S#O+UcSH{^VRB$oipQ`snFlbtw-Q51!l^3YjrOUrWerCnS^C%wVlKGWNk2Q8! zr_5!+===-2Ny#mx;{B7}loF6gqN0eJScEW37GNH!zW$-aC6Bhj=pL1mY}|S&=m~?7 z)bsLR-mnE5+?HrO_j4_3(4mg9Mfl|5e-)_|%iXtk=<|K&3r7Oo35Gc0!5|H>N4xR0 zna6qwM>pQCl2k&13*NQMA5M47o_L)pq&H0XnuWU>ADCi?0&<)Vs*n4hoHV^0N6I~r z*LB7poc^I3OMESNhfCm1?U8H3pI`v+y6V?vcagBb?5Ubq8bvS!5YM=AE)OH&#+8(S zJPm*r)qyW@gFS_bS$n^G!u1%f-SVeQ7`DtDwQDxAHKj&4P0Xp!?+gVfCD@RO0%|6o zOoY?Xz2;YOf2X28wSIihd!Xu`B{yb+%Qk$(JVXL!Y2C!yv-MOfvd%PKKh+)F@Ee{+ z*6t+g44^-<9Fl7ZMy`e5H_i<&yPncuhxYKlvS|wNs7@_iOts5CqsM&;S@kOg-M3kb zn`SKk|BsxoFlIJnsXb`e{m`^wi{(oBH&j)06mh1+bM`C2$PWQ0s3;|n*9OG{FFP%x z;iVw)4}330@sM|Nw>5k+=g=oG)JUSAq_FV9mz#*@-8M-}&Bl{y(7W#Wr1Xire{OU; zlCH!TRB9mRm{|EheyXEHo7Pwj$^A8CitF!Gxp6vDv0;1TU_i!D;3r#!U~V~dl)-ZG1~&(kxUmZE;5;cKSRq zaUZn+O19|A*6aRYJ1)L%E$qvp9EK{nL9Craj`*%!j;J`S@mTLgPN2^VF);wT5Xni3 z6ywA8gJw-(uSwr1fE6PEtVl$Wo0Xqhb{l2=k}3GQVOcD>*`?WQm#?VmDlqnMfTnL-t9Gv3tZ3zvAIH?o(@7O#I9C#cQ`*K4xuj^1v3@s_JW26_-g<$br_a1L zoF7tUJhIk#0feaEQtZLZe}DW`D`OZ|C_`%^jN!Z*2-f!iEoubhHf({zL4SnEWCsHo5FYc*aH50yv9u$u736$@r)_Y450O_ykvHgeOa{-`vdWpT-f@fuW?p)9{s&gWH1CZ zwCruTMwxCD^o^)t+0n80z@G5IGSJ*Mb=w>&4I=Z zj6&I0C5wnxR;(j|omkX|H?S-A8AV_i0==52xOopxLXN3)nxsoo=W}#k>darF7o+Z2miiEmq8%BX-jnd|g@&5s zYXJR(`*Ea7C)nU-AW=yXE4B!HosPX`Q{{Zges^V_m}X(8$^_!%-L~{P4Y;_qku_kY zHk&d4ipNvOKiII%XpEIJ&73v*A_fj$I?`l_fE$xc8=~+`{ttU^6&2Ukb&D2(2*Du) zceen+g1aXWAh-qh;O-EDYmnd`f;$8c4#Bn1f&jtYoil6i??1Pl_MOMu?$f35LaU-` zt-0nHqxU}gSgYk>sap4^w+ajTRo_vPU@&0>_@k71^IBPf7{0BP*NA+kHc&zwns!$$w=-R&l;^^)}zgx**M0?E}=v$49mpqS{ zIE*SD=vM8ow?f_il)V9#9fm=-e4o+`o+lPZ4r|uM^+MlyQrPa?(YQByz{18ql{V7{ z6%Br!fBP^3T+SMCwr!8|xTprHfomS7yxm+hCg5(kkwaY$2GplMN(|TW$qK`{>xk-O za>|3#O*A=)FOOH-+khx(>6B!Dqi=OILKe}+%i|L4})@}*3_ zr)5Nc+m*0lh2`bh$WmMBXWfev<>=wFR02*n?a34(ulNWVnR~QbW}A)CU{OeQ;|9jz5lgN6sfSUfwVrF^#3M$n$}uF+0&q7T_J1GS;BaSrc84>&or4JNt%pIX%Os zgR?`1ThQkSoPkYXGp&HD3+!ZHk=RdMIK^_C)|^dJt{HETpJ|$x(L=#g!Np6T*D^Sl zjV050?&`#EaSdaF20%_Y=a${WH*! z+voB(pgd-M5VY!AP~R3fzi*p$ByF2rO}_BiS0Tx``LL19LziRV`ffMG2eCkuDN5TG zTK;Xfj6w-wSZF{PLxaP@qL*TC$}o{P=6qJ2=cx*adP8NDs5&JXRK4&d&E|}LVQO*& zdq4Z1q6d6!T5KFC;AO&>Ce4P1!Pdt z-3J?_q}bE9wWr=^PRL8Z0tb$s8u<%kow)`8voxBwYesPUQ$&0$VBS{VB_LD*#{vT> z8|UMlfFiH$y|H2mM6K}R#cJqHL;eGfoqD0AmbBn(z5f%&Z3{xAO_I{)-@Cl<3yY&X z`X=k<*DruatqYZviA+(#zY}EZt)VgQUKfx9;T>k?^uptrqx66AaqZ#=AOIR3jy2HQ zMRLle1YUMxS3R825Vn!El|f~uFEzJ!;^r#slNYUya!9Y~u1)7LfTYL@#;FYcq5N>4 zgKV5?5l>1?eJ&QzZ6%I6H0q;dZP~Ibc8Tjg$Z-hAJ2)o8cg&y|)v*!*!=HZ)a`ICP z7pj3k@q6);VHqrWI7rIY9#R}%GeQO*Q*G?BiV}+%`ScyoE&~A7 zAel2&h@T4^U_FpuDeD_8PoH^R%3!a*#WbC@6`Ty)$%HOfYXzp$EbdfmA(r{-Q6V>K zRk;v=H``WI3qI!>C=;_!bb4ejS&M)(o$g>&91aL32y}5+lvMw!oMa5N<^rB}XV(QJ%Fl>u)dou@9>K6usb_srR5jAr&bwDLE)V#d4Pbojpb%1GK-*KdS_o z-Tp*hVKr#PnUpwr7A14X4*aQI?SKGyBsOj|E!C^IAeWFn&)J;^!kU%KigRDC`WkcK zZ`PWxd#PDD(_l`ly#cxkU>p+jiJrwMbAGVr2>KI0aN)nu5S6x}at_E^xZk@0_iS`d zhoS1tt;*_UwyiA$xHCGl#d-J|JVpUSuZ51Z8%1+EGQ=w||6wP)cSHI_O2W|Vm zpN0SYtX5F&?jPqaFx7ls{04rYSXboWNc;X%NPnn~Eh%$0tB5K-~KL>%k3{p3vial;a;woFG&7D+*X%Qo-2TQk`*lMNpg8kt?|@vZrrf&V@FzU^iNsnd zkcB$Uq9c2ac#!jhnRX(7-ZxlUUn|?1$wFsN^GTt?>XE-a{@@<~JN)Ht<>SJpF2 znIYzH&Y%yqr{?onH*H}zKhK5s7l4rh_@ZJH$?H#^!+X3EYkQ!OB{AyZhXY@g8+ADW4Vj)u?Q_&7A?SK;DJ&nD_U^4p!10Xbx7 zyh8#B0;G6UbiuOy6GIK(zrpg+HM1-SJ zJ31xr^M#kc>QV(|seVcpy(j=b;v%X*K7cEy{dTnizEcbM!$`C_J^-wA18Xa zKLZxwG+VpUG7_yrlV}2s)mXlF%7l>1BQ&{^7NbK!M6iPr+n^Ci=rZ#7!nb?$&1pCo z1O<-RN)QGxH395%GsKRj1yVU~2F&rtALB`F4o-e@f)4RYNo7fim_*=lxNAyU(iaHld16P0jeD9u58#kq6Sf&MUA4plrV{7F%S0OL>g*xH<i%KD=I|0aJN**<6z(Tg1GQ-wXZeOxR319#E=vsMFUp5wOs{{P- zJo*edOr?)Z-%QZ+%4QdtdDnLrdlPW}nM4nH^fWvmc3$IpC4PfWytK-DTNvv4{@#g68Y|L#-1O-)B^b%GtRh7hq^*G+MjO1}|jr{+30fIpM zl(@Aa1J_8kP%GFYR_8mVIMRP8sv@#jK%jsCHvGHbKTF;J+;HIExBl~X%*sHv|L0Hm2Verw0RMph{lh5%Zl~~n zyax>njAZ>EKjK~g^}+xD$NXo7{=ZxsiVV_UcEHCTcOw@xn7zTks_4oS`BRGIy-bEoxc z-jf!)-fP^p434G8>fY%30BV&i2}9oh4kWq%q?x#5l?*GlQat$EJ^!4|mQ}jf&|MIM z-u57}O2B+%yKtNw|2%ndsllY7y^P;>Ap?^Ckbpl9|go$0@DP5UhN4@UoaN z!rO-oqz)1-pPzN*JSRO%og%A*gM6gJOQFSWuHKQ|Q#*62ZR*lMYB|5S?yQY=aN_ms z>Qzo$&1-FyUKqJv_ffO1==~FwAshw=b?q)-p15LsXnw4qd|E6C5EZyIlA+>WjBOXZwB`%ua!sfcT8n z*(*;W;$9(2R;8x0$>)5-xJ3?Q~tHE%07vgJRWzTwiTMC)hwA#xj9&2}@b)OtQ&+ok&viz6+}BCXQnpc1OQZvm*`Ncfu0VWEY9tl*2yjr<0HJ5e*oJR4BBfO(KA!je%ZCyMF-09j)Z5-l)ITHZ5 z$2{~Il0@sbix86Lm1o2LnN$Sh3&9!h=e>13L9Zy+&7kDW2i(|V=i(*)C65}=E&-4) zxfnS4nmy*sdwbtip9d)?= zRRH8MU?9>yxVT78zd~&ZZNph{eti1iIwS^|B%s8$BzrNt^Bzp!2n3fm$jbJ1hCIq` zJ%Qh@9YEh}UA5AOm)P9@5(dJ@3Z#5b~<~OK0 ze8;ITGB+B)4L)noJRF^blhO%8^Ep(}pBj+dvAAzLHXXaN6E9gke+xtcM7>S~>yb7v zD+xCNWMANK>hz7>sUIw99-MGWm*JXxn$!R-rMoA@cRFyx6&KID$oNX zvd6s)-xtt}WTKszhDvx}r|GE$?$j625oVUzf`qgW;3By&Zfbetp@Fx6p&$N_BBu1! z`ns~Y9Kd$NTLHGDfyUB6QY*^6oGoXz9d!9sN~7EXVoXO>^_`GFZ({n@v9}6$qP!BL__LP;GN3S}>3~TY8`lpc~NKMb36`#9?Yca6Yjr<@GQ6a^I#n z>~rwJO5x326H!PL^vurjtnSpsBhY;*uDTYM-DU<95r>IBYqX1t#iiDPbKr4IUELq2 zA|WM=wEFPD)$sac3eiUx1SxzneQU&G!Q)d!{&B$KT?17jjM%89lqZFF_!*|{4(I?U znGl1RC(+t~WR1ChTKco=Q+8@j#8^afBj|QxYw^<;uk2D!Wm)r1sahOr_vLGD8`_B@ zn#;pdIuM`@fRiMexcrA|cAo-nS?H(2=8qQ#@3&&P`x|xnRJcl3sTc*vX_2KKl|?55 zv@hQ8!veJHbN6@Bg)y=|bWx-@-#EmBDup?XK0FxN{n;3tx1Y}M?Ho=kw{W73)+rz} zCyFz=eZ5*+P7ntc2>7wMIgrM&r9^BuV+FqRxXAjXSsa~L)9W4)29o&dGYc=no|*yE zZ%QM~jet-W8iO7M*s_gjDc@Hm;K$-TXqH$Vlu-ghbN)wiC+aG;oM>-ujNX{!(Pzb@ z2;)SS$-hoyNx);%Bj8)M{$N(u_O0F<@5v3Xmo7MR(iC>fUlEpOKfwYhi#+xFM&G?)p8R&+*QVB zZ|}jU?3VCced#zGUjb$Ns~7jcPC+*lCJjc1g*TpDw39{~3TUeVJ>zK_3q3dSJT!Io zX1`FiZoaG@WYU;)!maVMDd>gNZA%sCDM$ht93+Tcy=9Ox`ZD;GPqoI|G}jMgNzeri z_;G5=+X7qKT)}ROyKNyEycot3*M#2P=@k>cl0Coje$adB`}1Ji2Kmi>I!W2c?yjxW z{}$-zYBlaN3RSbGLEEwS3d5%)B2#@32mv z%5M{egzep4atia&>9NKJ%c($9MncAucWYMJUou%guh9>;0l* zfNjyfBPG73{3jtEKhK?x?PjUzmw~P`I4ctCGi_AVBMsL3`4y!l`LCYEjuM4E6x3zL za+~+RfMosjZII029TZSEJ*SxB(P~v@e|>iNKQEKA8CNF5E^nE68M}!S1%4CC??f zcD;tZl;XbbzKIm#Zb99HnmS#m>6uN4Sw$Ck6H+d5z5Ws+R6Kl?!W#c=La)+Xa!^d@AH53=7 z0V$RJ^ibP?$+ZB1ryjNf#f0INTPEwqtI3zN?gI0KP;qUeGeJ*Vfv+Tum79F?$_R`M z;btqT%bWX=MUKp8A7wYYib-rvJp_?@NKwuFzk}m!{nfT~EVn^ivI#-_7~Y zwkqsCXCjQ;6f!UL9XNL?tBcO}=iTYzNY&&}F1r2gQ*t5n74>u=N-&V{(}-)+1)8wf z05yxV=JiEHhq7rpoh4e!bCH+?bC6eXOXw4LQ9)Y(Az^n_m*- z)6RdhAXKNzLD^!aUz%->A>^R$Ky1xr{cUhi6{$0Zt70*v(-m8+H)b+%e#md}TTxxJaE`-BH zM}+nuL0zxRc9JhG1kPfJ;}Tl2-~E-6K6Ccg>C~Y*`=!&u%#Yt%|4TybqGnnQz9={E zMq0IGNDBuauY8y=q=_si%gU|caFm2z7n|v`EC|o`Ei74YEBmA$GK4+p-6%$d$qoB- z%m$_!{K!?f7u1he;M3|ZZgnB#?;S7CBW3RQr-vl)nQI+XYdEFTiCTUdyqMxkO331n z!PE^F$@!~}-Rx+wJo@sDr(N}mz^6itjyXtN&=WhJ4WvRL>&nB5Rz^P@7aY6D#o{3Sv_&8mp*JwaBE4%BZa4iV)v5{K+dVLDJ zwM|&a&M!xBGb_L&5SPeQ-EhmN>O|+U^^-W^KR%GMY<3GuIG-3(hQzgZhlc!aKMHe@ z`pm}hNDL-SLyp=hT#gg404}f0pGehaD{qEa##uRYtk7bW-_e9(bJDL)4}(J>Ipx zHw_2@3#q$PE<=Afcchn$==9|&)u>|{cgf+|T3_?TDo9Kb4hbHI9mo8zfq$=F^ym|I z%9HEA-cqa6Uiw3h$-!mzv(rECoiTq12P8+tC9}Mass&rMPb5R&nDm6dg*0v1?&OK7 zkQTC6_8Bc??`Q?hJ-FduE)r8PPIKwtKjG0GPHJWy0OAhkID-1UeG$<_%i|6 zNXddnZ@nhM_!nz@pB77dQWPK7>bdKt)i0%8hYJ%!`?kOMnC&fLIV_ktI9*6>T9gjj zD4Y7(xtV>t5`M?eb2c0$iI{Q|mp`yk4d>5vTJf{-nA;Iv|_${LNfS>yhZ!Y1G|0bsx@Wf^$_%H z!Vk~mS2-J3a(#Ic%RAzs-(RmOQbxSPBcAeq8D>Iz(m&(WUSkk!%TEI7=`5J3Rr!>^ zWBE6nW{G$A%BkIKMcdjH9Ud*U|3(Wrc9HQB!pFeUML+a4%R-d0K4ldzUw7Qoj`>fU zwTk>-qV{2%+5|Y7f`|Usp}Gd@UbMG2XI64hnce3cH;X|>Y1_`5EurYG>ymUc_PESd ztl-^pW>}7LJwnJccNa7ljmNK(N#_W_YnQ%Fd()`xrEuuU)N)Z&iQNNLJnRwSiR`%5 zGm-MYvft0YJ<#AJCsMm4N2C%pyp=5kc;`1=ML(-1PC!hxfo7(nUR9(1&l4TB|zvXeyA`Sk3~4NPg`mk zO?3}y_BJ!#?vY+W?R@*nM(x`AzY!3qQfe(SAH`arJ7!VD0kJ+@l=T)o4#HOPDJW%M zOBO7-o-D3;hE2~vo=&KC0pleOL-EKGYN>w3H?l(I!TeDe9o z&o!fl-!ytsfjXD;7@fh=2mMvV1~cv#mpCucZQn*1v{3DCLi;MfLl-&!;M)0>m*7?E zwj;Gmka}rg68%664~=NUMGwaSx=ksen}^VQ7SBe{?l7kQh1LIor7TjRV_Tjuou?UkkqhTgCD!P)B?>%9fI zPv27GvrUeGS_i7=+jJ_yG<<#GT<#0XcE9&_ADA1_J+!R;UT6Un1l=w=@x&EWmx#&H zWD@h0*ENAn^sH%2UN(m#As!RvMOLdFR+Xps^l50NSF2&Qv?a6**eqlm6uZAdq&JI! z{6OM}y|D4UR;QimEg$`ok$7E?>YbFd`np=Omm~Rfw>T)4>?H+~DlH1WRiNE$CU7BmG=f!F4}x ztgr%^FAyM{OONBA5=70~1X&jz6Y0*eMXam4bk_UmD`CEO=W-%NiZ}YSMxjYG-|}v3 z<1RX^6@Gh(WP0&W5o&TBQo9_ zTzXgG2J!aH^FrSb)5pu{?goof7MUPzv=u%Xp-t(mOZx$j%5>FLx4*dzTQatB=wF!E z%ISPh(p5$*Z;F*IkoE)zz5X<9L?|tl&9T-;+XU~AX)IHGiBoW=Qy66I5H6 znd-mZ`X*sja1Qh8pCvhHhyLNw-N1IeM{<_lU1lm}I)0ALRTcZWwuB$@q2fRJ# zY{!1+dd0?>`sV4+Q(5_xL2D%rvE8>`;p;k8G3MKxEbt0AyqUh_J zEk_Z&W9!s4ozn4MqH@8%pVI%33=hxSUJsRoikj{_x6G`NeQ7KIlH|R|NoiyOP2&oW zy{SH^PB6lBv}!G%ZWx3P{8fQvhT8h?kMTkdX}|TO)?^1Ocw0Tmy{XlV%jEtQ#rl8< zNl=-RGSShqCA>1Iw2c0P=1yrP$f5pu@ZI0#xZEbIq6q)BjOJG|#1)9ab#7{_;Tc4h zBk-c5i6da?g3wk@!#W*Aazdy{Bq4_I)7zTJDO$+noMBFl8vvG>ZwmACZrDQxeo)|{ zsJ+d&ue-Z8lG^WI*JE#N2UJIZ)pJsr>@z6Gq`mj2jy_eq~M6vxQNB&$pwNn>}zeU|B7g^tgQ^?^`{>yUeNlo98cCz2(fMi2#6>>rX`- zAZdV3NoVqG6B-{suFIhGmLtt_u#B&W+hHG7&=9(evh7}8r@SJu<;7CNBHNGDccy1r9OaW1N$ ziqj~anG%Pw6VR03RUP@eR_&8N~&*N@AWm?LvG$z z$g-AlN11zM2^wWKgj(3fFFT4)QhQb!uR29DX|Q5^-H2P=@YLL}T%I%d&v~UyD=)r? z8A@JY$x#i{%1i6(y=~5Vg`2mVd}WZS^S6zrJ3;o`GXpX%*aev!0O#c`?2)E(oqBi3 z)lBR}QsfL4y*VnvdxuP(XxYb+#f2PTgNE*^50RVFG^}tpOHK1piZTXNxvJ{mHI5k2fibn|OdoWV?y7x%KaQh! zMHYcu-r@QMS7Ne4Xgks&RDRPq)SkM1>IKeMD&-Kvzn?L?(BUBd`9cZ{5eOJqnM#FvBM@9s1UsDs7mA2E05P~fH5RP~MC zmbo0n53Yg)2>HJ(yO|jAUUjR@y<>5<<;YYW*s}q9yfmieST1VRvW*)NB;0D%tgTsf z6hLeYE@6+pijD4?n&R@I9fEAmD;fX8PadUbZC8DIXo>wNbVFpzf>%Pez z11!!IOK+0Q#cQ>^za(Ch$B*!^`-Y!CP^Wz#P{=KVt`Zp5%R|Fui4^FBY_w7Yr2{&l1D7gJyDaTE~|+txr@xoXgPA* zqo5>6Ta}rt`p@6tynKI}cH&7w z#JX`~nKIz@B-DBz7YGrB*TlL+56KIBe&hO?bK^bWP}w5xKCjHyed>o`W*?$f6xA6-=cz_u z*Q&4R#yn4w59AESYV{EECdzygm|~~8ff`_BwWBB;jIyK(Epi<rF(t)J%zLxRsdUH`fI1knemI= z)x(j)Qe%5oeIP9kpE$E#Fn>-i8O16cY@y?}MTOENk6%)KplW>qTl{T}*}>35<1{I$ z9%fGDE1&Lxqda)|JDzw#>nwXyOEBcBYFbB6G>;%6bX9UH?)ZoQFJZ94uMuRbJ9+5l z`^Lm)J_Jh%BH+N3gVC3?KM$5Tknr>4r25N+@f$|=;$%)2MjKtJ zU;Maz_J$x`OWtMWZ)1fKKv;NjjcHO08cV3nj_32ztRI95G1}BOXLpJowWIRUjF2u2 z=ADA1dy>Esutc{oNbX-^ zvKKOSq{*I8HC?8fltF5{eemMUh>8uyTdR|f$owd~`&>Myp=!)ETB!EQq{aad&hPm` z8u`pkSf$@s&FYqTR1(Ae{1>9H4zTwxN&7zQb#w_J@D%@TTC~6&ozxC zpPF#)t>^`pOhNyevs~Gm4eOS>74Qgq!IKQDwtEfwl?D3bS;|~HY8RV|v-t3YmJqeM z!C`)^g>9<>dk^LoLzWT9_hWb2uX2YcZF}{VSJCRveg=m`s-zHGP@=DpM?)T_?tZE5-s!~+;?|}I7O!QCfm{1 zGbnv;BcTomeo=4q-8NQdoJ1$sKR$->%1QShiDhTxNGZR?8kDl0C@7Gi)Rxc;1puX! zY2XvSF-XbDykaP{(yq3~(}5}lV`m|sXIxAi=c2^hmb=}GDAGxbzWPG>@@0v90Q1Q9 zYLz{sySTvkcA$qp!g~TCR>pkympXJa4X&!C?W@T%Fa>1xxYDoz5Vv1$U1qHPLXZLo zqUSr&$#)UHwwjU_Ff>@90#_FYDCSCYX$pwzP9Ru_jJ9y)9Q(?j2nYkgj4f%a6=12+ z_|B*3s*hmtIe#sr^}tqT2nNiMyHXZ znUT%tj#hY$#+(-zZVFQT3ktMy2M?Iq6>ObQV=dL1R}-ShX~!_$G7|3x>-_-b=F0(# z+n6;0|NMw_i!9e8GAkjf!ZyPX?Xo^|za-+4Wt-*&`HJ238B%HtYm|zPdZZ(Mq__T6 zG^&|={0_x|I+I_Nx=QkM0w3NqV{_GD!SAZn$v_%fx8)C3d5ms;YH<>gWeTGcS_9AC z0x=>bikl-WZSkjIhR0!)Q~nEMsfj~?f=%`9PVRW@Hg*5-#t)Ga=SbTq8 zk*r^U4S~A>l)9qpG90C~W{SIC3B5%H(S5gBe}^R;XC?^aZwoDR3kb~#3;}N*Yf5vX z$AFDNW3Q^%J{@G&cp*U=`Ep5J%4z71JajeEfnX-_+aceE>FXn6M#tLx;Z~I!pxDqp z_5i>+`jx`YTwJ_d;Mj2FppKI215q=_NC^uQ0=qKF{%>z}2V^9q%I7RbAtl9~{F?k# z1nzz_i5NQWgC#pa@hB^^r`4;hjlQj*PlE?0(nrPFjc}TwW6E0?wPgWWGsi(=I_x(- zB{LIWlB{W6AN?7noQn3U$M=|Hz&+j7>=r}MF`TV~b`#W(o%5fS^ZsPZ2<#jpTH||k zC5G%X{D5FIF%Xl?B*#UGD#Z*3+n}=`ecy6-jk+LAfTQ-Z_q+bD!xl*y&R~OwD9oD4 zrxe(?IL403H_|?R96d)WrBhNNpy&)>BeUXgnygGKGC>aVc2W;^98gVr1OS61x>=(w?4p`yvgrZV8}UE(AO54Ki1BYnoRI>;_w zS7bnc4Z_%g`P|hf*#RxCgoeRw$ftn?Fqsx)j(JP-;ye`T|bda8KP=5R#a#suH-Pm42OCzj;mv}mExO~-w`G|<&Z z2HW4{5|(4lbW^d@Lk~u@}oA)&}__ zX5v5#YT&gb&>d{aSj0hFb1j_a`)#b#;?UbCx$Q^p_^En{=abIhLMEo^T3r{08FXEdTBw3n;s zxNOlVq@u*Umx=5h!^&a!=SML!wb_(2imybuFMfYD8ds>%e~oDqc)p|fEu?=?XY9Ps zQTd?u&ZFDU8Kf?^Q}^8Lpl>NU<6NU)EnkqllY7G6Vzy^dTH8JLe(#05<($S(<@HAl zQe{2oeW_NzkDhw)Vs+k~t7*NeH;b~iIF;x^TRiPy_JR~O&5h_sHB z#cdz##Bep9dd+lF&9OChz?|N`xxp`=9*Bnh-x*vKBj*%O3!ZfFL#^K8DOW z2E5VTbNE=oy{gu#F`nkBX2pyS(n2L`653;_kQx*bk8%uR59rZXK{&-+`|MTuLDk3a z%OF3`l9}nvoW(Awe8ENu&V_o4I7Gsywk0(2u+!^eM`v2>_obnL^X5GX5q>Zl*`U+S z4EM~@U(N|UEhEtJt+BSAHvExGO4-hn%)L3Zn%GEAE$mG9OcKMPC}mnOa`enz0^OL} zX#A}5Xrg;I?L0+}Gq~88DM#EQp$9Y@RSR|(bIdaH%y2fC{90iJpH-~-Wt;Wz)Hb-P z8Yvu=tPVhQOnC?Il$yZo<*j9FPH=zyWMO!z`xNM6qk?>NPH5PDW~#y=pYwKNZsM#z z8kdX5)IxM^7iF&Z0m->a|FOX_Hjg7i9`vIn%-CY}j0?11BZ)=|CI6K>xlF`U0Q}9m zn?pT`h}$)4eH#vYV{X!0?TLz&h?{Du!H}ZtZrDq3C~ zD-C;Cd_ng5T`(DlSN7c_ab1FH;t5TN-NojKl(u5z6}-4QDbHry14Q9qnQ}vC1m9NB zafUjsvfza!;X`X!=tnaEgpvRd%5i)q^19E8;3=59ylRbGf8GA}2{MG?Tj-Z)&gjpN zIu4q_`7Hz0C5ng>kVZ-q`l1QFYNyoOJfawtDbx4QS8S{nKGw>n0F_`GjXu_7d8CU& znpbqBbq?zA^IixKS?)M5FHn6w7+gvV_@xAD0UwrTuuUWd{`QaRq1J939DR4`MWC`-Mk_dNmG(?2g{56KQK~v9IfrZlo8WB@8-_2 zz7x=N6>Yr~hHF=QxjSiLuYq|YdDd{Mny?{p%wCBIrTT6II2pQV-+}Ho{WIkv&O4!(7SZEp>717_gdMXB@{k{C%-EWlrq>EvO?uG<$=pXq z5GR^u1kRDn#j{UzwM<5GUx_pxhY7A%`v?3|{~bb94jBvy^- z9zSMZhM-zI-$q6?&0eK@R3Ifc}lYA8nH4yGn9m}QQm|M+AuXX zPjf}|DMIEvN?;on+F^4`lI12+W$ccMNbKPWVDPioYLCU`ceLdN^twcM#KI{P;eFkF zs84hs2@;m~P#@{YML3aBhzvYK2arGeuip?djmp9=SV*Fn|Mh$Oh)?hT`T}!6l=^?Y z8~*>{S*y7Jmk+}1qTFQoM5=uD|K3;FdMx@)NwmHnzkQIQ{|KHuTUL0cJ9cAL zE4@bOMHI2XqfZY?(sKY)Vp#9NQ%McSoFR}=P|VIqrLyLYYD<$FmMBs^Y3exuYy;>m zsLggACe@3mnZAZX;~q&bIvqIy9R+@hcqoS-r#>JPgIe5kv@DeE!u?hqea@Q)7NX_u zRp<#B{e@<1uSrd>GrqLd#|lv{;oPAI%%Eu&1C|Ssv7)PFvfdHwn^P8dYT4G6K25ph zK-?_%EcMi$eMp!a2O>gZV|~yCQmc*WwaTfWdEU}4AuCcPkshl>p{KS69ac;0OTDcI z(=}8qlEIPdpJO{An^8WKr3k+&b}iRoYI70fpO)i?73N`s+Yvd?RTGh>QxlIi%rQa9 zQ>&)y`96-E!H~1N3cF#iCM~^J2 zIxk*kU958qjezo;mH!F}G1I!ziKGK~XyD$6?1P>h1b}29H?G!xxlKIVuw2hm2GC&v z($X05m$d@4luXdnYX^$-@xg^+j}z_#P}X$tN7@ft9{1r*;kJPsnFV*72(4^clqTF{ zwkceBeO-4w3Bm>w~8(P#zC-f`p2k0}u8gziIRFRbwN^Mv!z2oTs z;RU@j=LS8=NX-f@Tg3U>ggwQnf85GU!cu7`uC$!;2c6x-=GFD^Z3> z-v6?JW6J7%oUBjK;I918-PYK~gL-Z7&f@&$J?nU)gd={VP}!LC=Mx)wK#uPefS}!4 zK;xUT$5Xr-MDFsHH9iXvVkIeyLX-}`+q8)*0I?YL@s>K_p!EFG=ll%rhI%jEvhI2{ zvKi}9@xd7_-!*V?Z!J_3aa6gU^!(siJIL+M>5p%@63(4yKqpX&H5v)=aPy?6=!U>u zk5miBF)<9RU!cjf>%3fh?88jibbO)asaAUM2Nro53tBNinuFd(gbd1(^R4z_xc9A3 znviR;)~M?U_75CF zek6Nry(H}Mwy+1IR>zx}n+Og?i5~0eCJb<{ogswf7wVVqJy=wqLfV6FTh8 z9j1rvH%H8wZlEz=Zt82oPk_@00pcZCyQW-R)Iaz#`|cXYyiF*#!5(-C+#|MdUU(Qg z(%?56DO^fm()4^s8O`+h7r!N8Vg;=y@cSKNK6^;-mDP47)a|t zb%sN4v73qd=w{EC1vf&eOzpGUZCW<80dM3EBF#pD0^6)cCHh!AEc{@0at+%ldRX*g zvxEu?SSAK=1b(z`%xV%&<{gqac+lEut5UzunNOU|TRUZA^aP?1*Qq;8+CC4GeYjUP zXcH+C5Cp+4UOUE343(gozwj6VBF*w|L9j}MeEDq0ojHM}SahjOqLvQGa3ZoP?Bnp3 zjIMnGAkVeAnaxa;@5r@S3?WX>m z=RHu0y+A7h*lxJe^C0BL6Tk7~;FxRl%x5@NSZSRH^iWl}g^@(lvhPwFmf3|ry3U8% zRDcYiJ5TO+de4^X4;g!^*vu!B(|}D72dE!VMYmmL$9_I&zU6sdldm8sm(0Ux>CL0> zl~0cfk3R5~a71$U4Bn>2Z|!CL75fpi&6ffa8!;g#;Lv5}v=xN$K$ zMC;reT-Ou5IqQ8(bm?Nc{#@1QcC5Q(G*n;gV8|?H2Dj$}RfqwgwXqNBLoG!q;ZMs1 zrWb8Dtssy*(&mp5g&dT+D`yG{UkuL^FdqvS20|pE?eKqhyjNBAD2;>aV^%SDqy~9I~S8ZlsgCghiPft5`Pb+P=$BnkW+8bIASSzVf`9Mb2S`YcBr87);MNxiO z-(7Sc_W4oRh)kxK>O|?#W@(pZ=RvhiWH$7#C#+<=6ag|B#hmmk)JgvKWwJQt54i9Jw%)3V0Jyf%6ajO*+EVp zIscAcpPobLN&d)8_KBtq{}9lyR)iF-1Lvu1#Q;gpJc(;%UHK+i;;)7f9D;-x#^7!t zZ3JGpKP^uQv!llM11#ljz35gGaOBDeY8av_0uZ+Q%|0C1G9$8IVWR>oD(#e$Jjlup zoSKH}8cKh1ZtC;zS+vJ>p>)c zKuY~Hsc*@`OS8MnLj_8b0z5*lmVoiwn5w`ALXK|Sqx}xo1Qo+BKU)dgNlM^aZRK9nPv$Kg#%pP- zj*?#_qFed`R`ZTYpP6CXukfk-Am4N&3>XXWHQ^T3l~!*cV;*zO6Y|WEavHzL zzkd>Qj=SPFgjal%O7~JXm|FuL=3m_9X~SIB*#ldE0? zm%UMz4A$S#wO0@(#lB=rcw~8=-&2rI0jM!(aQ+$FhkWwN2r$k~L1-FS}4( zuI4Nb{EfCZ47gZ%IPJLp$D8|vGNkT`&f>(NKMZUGalinZ|J6}zG?oKo$fZ0#F*WX6 zpRaH)BUjJ&;&O^~ogxXjvzlqRvs5)GuKFntuqq(Hh^ zTe>m>bc?-;82M7gN*Rl{N;>ItSNUfn%RYArvx{Z(YT@|WDHa>+ zERU?t0c<-3Q>Qv4#0K?N4Qx4{w+gq<4_siS!y!igb_~I?_vkNC}aCpS<7qopH~&=l;C^E`Jz- zWM^kT>sf2gx#rqQVYW;%dP>R_4g?|)V%5LeV4a!w3rQ^S47NE-dLIK=xg_jln3S=E zod->9twu+&3>oI_slM|eti*ekJ%xT6| z`n@H5pp4#TP}60cP4?9#4vTCFtBx<$T^!i)?5Fvi(!h~37hHOKM5M=>V%kMG@ zFbzP9?*a;X$Tro3FuL&dKF9QcN}CeP4870HC#j$GCg`#^s+^jAKG8lYe5SE`&7um;p1Sxdun;L1 z1bOo(j=u?N%TD<&Sdq%w5a>$f)4n)IsA2hJnolWM03wHzNMDc9wq{zt_WlfQP}EbP zTQ_1x3gx4LyOH;Ch;K4YxmhXTH_O5bN`Ew4So6X<#=aW3*(MO^A{ZoU9_*_?Xq&V-KbUtmsJw^0Z>ZQR=M{?FwE5Pb73 z$blYjRY4sBAgg$I!T^Tkaaa*S3}w8VtUY?)vpJR(+W3wf4q`G=pAydtU+)M&FBUWs zIKT{sK0sV!zEN|1WoY-}ERJeNt1Rf|AuoYDd!@|6vG64*NnQmXa1y||3Mv=^wBObj zuU9$ce*CT&JLSD`N*cxdp@z(+ob>i(c<<;q)N_r&rmA%JJUBAb2wT1Xpzqttgzct2 zH6C7QnuJ5Z4CB8WTQy{#eRoDx@Y{Z3yGG`hUCQM+ajqb-A3xO^}G%E?lJz)6_OQ@g9=QDUf}CkY!Bzi-hk z(>7x|v~Jm3>@rKI*n02Z8b(D5)=IlMK*Bt!t`HYPn)W(nn0V>td0<;ms2|fCNXxZO zJ?N-{H196uz4tVqCW*H2nHJ?B3Kz039Y|KOoDiaVu>+m~YQP12x+G=Feh@xkUf8lq zyY{~92F`s)@S!a4!*!$CA;MaY)cL!jsz=2F?>|YZfIiQ-Q5Zp24rvV~fwa?|gS!Xa zg+o%7TPS*}^SKb$Qr%ofcJ_(H2iIwL@$`XvgAjZi4_GfKQ$QMElF;g;9Np3~dMw-y zP^?$9(dTMjW$o!km2`vA8a@3?*%#{QpJ<&x+1)#T0vEe;P=7Q7;>^b?0S5-TS*V?Q zp9rL#PnBELUk4K`k-c%ks!H##J)ZwUj~)ZqAH?U*)=Ar@bU<6?xt5q3YIE;a^(4+y z!6v`D236x4+4$4$N330|;_{5Y6Zw_{%Gzd6Bb15%eVRs%E&x%f{$J*vEzAW6ev|Iw zsi8m-Var>~1f!0BZvu}DHQv|vIX!b<2=L*~M~!iIntcL)4H9{KT1&eDNzgwIQL%yj zkAV=c;qSa>7y36wbMWT5sY@Y~PhV%i@qMXB=(mT`RTNU-MpgH`lUt*B{%r_9wC~Pw zQxNBprMFmlLF5=U-s_o%U9U!(P`?cVK?*R)KvN-!-|Ai4lSQ0ZSoP@2M2h=k5aBho zA>!e&?d*JkB4>MG87!V*0~WtW9Nf##1Og=B^sB3dqO-j^^e+Ji zzlNvI$<$i^{qD;}wFsPK@A&Qw`k3{6C zR;<~8u};gshaz5PgL$74TiGzBn|HS~11R!1sckykfjf6SkM{kh!nPD!wC!uk zSw;%-<7{`GA+0Y!V~s;|Ku?4v&MK&Y}3s&*tYAs-kd7KGX@cas?9^lB^{S947 zVJN%7vO8@N0Tv9#O!Z*SW+laxO5ST$y@R{G|U4tN>cHzjwDK za&gG*E1*B4E4WFXvlq1kiIDH?^uIystE4o?k$`hI4q0DNdY&SUXNAp)}5?U?~aHY}`Hs+`d#+ldX|f~DorR-9iFd$nCk0Ek$i8w>O;udH}E zx3U)!%x}kJrS1Z{AmK$su+Ixl7&jzwS{n26-R*{N_)G&moJZ0ji)o-`)d3oMia&NZT%?Kh+kPGOo|`3si}W?di)JF!Eds- z2w|~Q&`uuJ7Jq7|-B;B)yaZf=t1!2#FJJQ!>RQ7tU~~o;SY8Ezbpw41z&TW{0LmoTu2k!HJ>NdcA#ydPT1lhdv+NelBIaT5K~WwJEQRCApLA0%hkm zQWmue=-Nc=h#3Wa_Jcp^F6{?qvJzGu%(uJzV_^aUWSd>~6L^k0t(TT_URKGDyczF@ zdXnqKD(vHzkDW!nN*@L5F@C(?QxdGq7YfN_ELOvyt^%W|?@_Gs?Ae5Rkt z_jLNW^OaP)d6zkA4ud6cv1Pww_@R_D;kdyodnFHCX`>h6`^gLPhyUdx{TfqTSZgFE z_I1)5G#G&BMZ$u4iBm>wZJGeo?-`)_m>%bZjscAjU`4VoebxJUB~ho#M*LrgQ(Fon zkWw{TSthtRfBgZ^0JE3WAlV3_h`}}aE_=Yqb~TbBoSvEs(o;x<>|2M3rbwQK4IG}g zC6|Nk^^j0;{dg5uXtC=AGGtFDpd^}2_W6~PEh2owag|$7CwN}fKZSV#24e4 z9x*?AOCvduz?QljliGFbm?se~>O7jjY4+Nf23T&M04QD+qqgc5Ju1E0(Nqr8ah(m1xAU!d?2i)8VA=tt^_ZE(s10fWcE+hVQ#b=8oLq z3~5c4*QKJ{UxD7#8=MA;C#VUuAW3rWG@+i`DH$;USE$#93uveNbeEb+nd`7PG*z8Cg&$%>4lZ07Tt_x!RTim-~NYYy21m zkqCUdw4g(~CYl1Wp;;~(dORV_wWFR_l7@4IFu@jj^4txCTgSi#D}jWjgHhR9H=OYr zwlD?no;tdFvS>%S1gNoyNA1F4_{##olw3duC-MRG&+q2QvZV8x;F!fG)s2_Hh73qg zKLm`xY3$0E)`)3{Ws?t5b(n(+gscupcZ%w}+S7T4N}P0Wma9XjWW19Is0D4i0HT>j zVwT+~J$|R-P#ubL!?sCRfN)r)?d&2VJx@UtiprJW+jYP!UqrGPJpf-~U^jM$I2-xd zfW#~yXdPKpG@$Z67)X(M(!=X{KWL=0T@sGM{lxsBA!KIZHpuy3Jz2ZR3u~k@seC(J zDEHt2^LLKV@g4||*9hoQaWTp-c%<$Sa#9~{q;0WKizj7i@$voQczcx>;^iZPY_nx#rO?_1e z40@UtM%9I$K;uq+w&?tu%=!io!mUfvp>wOBFd{9bdzJlmHUQBDtBOXlN9ly5BoF(k zHU44@Z0CWzK$IoQEO{hwD4n4FpadCn9OpT>nTEjCcd= zco5!wgeEB_g#@SH-dQx|n9;aMmnQ+5{P%ZaG^lA2f8VzvBS72l29PRkZbXg0UtQ99 z>d2@JH)1GFQ0Xn|QfWOge6ci}n!?-uhw&o!A5hO|)_!Y1N`QUH<48li`%c@fW%d}- zW-e~!5Z>~Q>iWP51Ww)JT)qShmzoEbkh$?AAxrj6j8x#}8ITQyL$q@X7XW_@U`aN8 zIR#wdrIFfrc%bVeX*2|?yk2+jU9OMxU`yBqy0ulL(*|=|aSMg`@Dh`8;7c*?MzEBU zjl|C!6*J(y)NYp2Me4=UPT#|K&E$*(;)+AX&IYiq&qa)J<;8tCe^m#h#(piP%LqPn4eu zUm%O=4$v>asQ*A_{!u$FF4#1I@vKw|ulG`se!+U=U5{k}(Kx4!o1hPH{3ht2 z3VjmaaU^|1A)S-_&Z9F5SZrEoQXAd?@;8MGeb)NaknB@8o!HSBqeva2oKF*fh;;P6 z^;u8&L}>})NOTHp8Sp%g&|6ub)zLLc%%?;OWlvDHrYh?|Bmqj+tE>AqQD`4e(6QXh zD{n5mIN7;LP+hp4@iFhl<>s=ewat!Wx!Bsho`L(NnUBfu6kYy3^96T~%I}wYs^iRm zCnkDLTweE0`Adnoby1|k@pKI&x$=)BIpFS~W55S)$TFM}enW=`~7YM+bi*JJ--ozXmm`45M9A!EPpkkGR zoXA=1bevl18ld%Herw_|^>IE6ZUo52&Z-ak%&y`^t?_yUhsl@R*>P~rvS($4^S{yD zvi~i?`;gtf0lMql@J6t_VACF$#;zZr!4$lk;m!R3-8)}En>($%w%qZ*=la+d;b62? z<=67aGcjj&Nj3my%&f!QpMZF9F$p!AQ4hkc63*+80yDvAZv*SsII8xW?V}NL@=)K9 zHOSA-aP;`uR}lUc4hy$t*HA*9oxS zu8mIanZKr*zkJUJT4T>#9{kh-!((_Xy=|sY?q2aC6~3mSqswTP zK)~3V59n^N)YWFOjI`+18SkGdv(tRfXD5Bk%~Ha9dOO#J83^q*>vyUc22g9bfD??j znP(u;YQUGWlw|>)Pwr13K;C-Qd(0FDROS_vD!rc=8OT|@@ztp({q$LRMfD$$HU94A z+N#88X$dGe=^-ot-4~^@Etb4EGfWGc^hP`_2Ck5tbrod-gJuRH5RnfsBwlY=_Bx~| z0cgqw1t%J9Bd;yyKG-n?EUCLyvyjeI9^Z7%K z$^;S$Hp$5{bCrzZJ|?n0?Dxo9 zERSi*GGDNMHPEbi3J+zxu(Jc5KVpXs&UZF4XvB$TqP^dT6X1DgF!)n*n2?^wj*5vd zejX=rSsIw9Z~yG~ZDno(a&I$1j#1C(cUVd%!MOwR4w+kzmBs7l1moz?pB&g`2yc zv3t{h)V_-`6Wsd79}40yMIUYV7>u?7vqvv>7qPGDeKk?7`Z9#dMl9FsyMipbOdk@koFKP5LZMT563I! zLH`Xj@jk|%)cwNX1|-$J^SpOEq~~R|RM=)F)t-NDYQ8cVFba*OWGrJ6`of~!&da6Y zIEuRk&K{ciR(TBA>3}(^Aa%m%6psAy*ll}J7rp(h8~QnHVQF($dfB@GChwb)jR z=1)IRHv9#@>nYAS_5@14b+`*|Z{pCKk__%1BT3RMH<@I1+sk5Zd^NVTINR($3|QsC zbi#nGG-F3V<2?eCySQP(sRA+FE9L66CbocMR{{A-ZI&=&;JU|Eb@JEpSeZDB1IF^J zSU!?l?+p}pwpw;fFB(a~XZ$~#2P z8gHu8EB!W$i+xZOYZ{v;M`6+r!QS_`WV@*xgUbJ3j>7Bjj${D+0tD(dY;jwJhSpm8 zbYTE-BIo-s;lcYNg@r*pyt`e(0WYxPHRFhKN$T+XG3#WU)Xtr4Ttla;#!8F+B|9fN2r9mQ5Cc$ zlYpf{m1e^1A2dexM^WZ8lwpnw3-$}aRbEr3qilLj)UP3*(d3El6JQctIWsk&Hf$1D zq&D()W^>W47G$?XmWrM7<#?vm_kMGY`bQ)pmB(E(ckiXPJ-b+`zicDu={b<#eLYSO z$R<~Ny>0?5W@=`U$MvRZC#cO}h{!VGz-FilrVi8|T=(YU>BIc&vg%oP9S^Je;sRP1KgGI*$>NT8a=5Yd=jVsN8}e7Q zO-)TLuH;pH$;rv@T3cHU(Nk8u!&|CDS@I;iySv;;tgRn5H5&xWWaED=5S`)ANRq<0 zP^b^b$H#`1Xj)jJjd0^bj3gHPDb(&3WzdMbGFcxlF)6 z(lx#4=VRzw`+f}CS#rCtBhGQpE46X6arq{C%%z?FEoY{nUAX@fJQeWez@D6w8!47!rtnQulOiG>~RgEbPb8<>)vbHJ~H zuzbe5fJ$YAcu5f%!!1AA2ygk(->0U2kfQliODhU>Cp-yT7YB~hH&XBVxX(y$u{^I1 z(!0FOYL0+VrKYC-S?-G1oV)*yMr6xd6`h+TXccmN>?7&Bm(Gt(1B;)MLaVc0X@Qjs zJeSPV;|c3t5w9IE8$azrZ5(-2usElID*%E^*Bg@is?!9#^V$!5w$pFZ=m+bLZf>EW zB+RB&@|#gDwgCa^_;fg6~;gg8+Q`Fd=sLx~YfI z`!YK~F)6+<%Ue>_B9TbKUK?@{kmli|)eyQ@?(SsZ!AtZ4;tNkH1p79ZsAqd+uF+HT zZO8aHF1yHS+L}IroHwg|Fj2zm4#1eSQ5pf+{a>Z~yyZZb$?PlT1U24P|ZM{^?^xIxo=I zwtOY8=Irh4Zh})`VTz`o`7jVjA{5QY)rR@yQl2SbH7F`7YS0^>Bw+ErKS@y0-kxi( zS?;<>CQHxEM}i-F^Uc&Cp8rgin1%EQ8G(B!ShDt>o?Cc$ zb4}j;E0Zk1oseuf#RT3C_oCn9PiBzT72OGkSTW^Tqnd4z<7eg>$P!cU;ro*1@mV|bSN**}rBUAoRU;WpiO zU$iBNgkZCJ*Po-KdWNE0>bp|X(s%JjWmY$)2L|qe-O(FN1(rOX5dp>Sm8agdAs!kU zdMe23?!sg=2rg-ntdq@f1@XIbdDxPO4CowM(O~ zl#-fC2lgL1gNz?(Y%e>5d|*q-)k$r!X!IrvO%?XKng_X{eVBRll}xd$>M_VHoF}W1 zG0=z~aGpyyyio?t!m-c0T!)6JOB=bvL!{cG142>hRC(+132Myc0j%O!Hs4)uMm{~A zHz%x)>c`X+@4RX;NlXI%2!4-rf_6-KzQo6lSCW2zzZEd#dRgGTT*y859_(RNnJw^U zBtsbOP7^c9aQBPh>1o*Kkcf+l7S)B;SRFxqWZ^ND^`nA#lfUM|5WxYNc~k_yC#$!_ zc`Z~+vy{8FP)w{?U1#vcP-L@s%luyI4-YQQO=C$NF8{|1VEP{9S^vS96YcG_@J$Dm zg_Cn^Pr6u+;^(^PAWPP<@SeL$f#kK)McD>7H60n^k3280miHTS=K8IonIcY4ADa^*k z_IEhwlA`tB@?GWNcidlBl~qNAgsy=KVOaPIB=46tHXr>{ieWw=mJfPcDY&$sfD{OC zJ^k#Ty$$mP8RGJML!MX8N`?u^pHuDw!`m7cES@d$j`rLbx?QWVYANG2W5P6Q>;zLC zRj#kE@1V8{_(}5u^9$ddsn(s1yIh{N#-FvOFzd=dQw#!j z_$CS!$N1e2tss5#q-}pCA5-Q8(>ivnKhs7v9% zS>DI^mq`#q!YUN;9J8)w7cUF^81sb`*g*{A@*PNS-umG&RkzRSQovOQm%|_mWH5@j zo0fw=d)g$F;i|tO-Eo!Fhd6xxcr4g7D_HA zR4C3U_YayPb!Y4+P9uBbH2$JtbjvkVCz&ag&lPQU29F{#tX)?x^L90$XW&yVouS*{ zbkN+xVAs;khT?hrAOHMDttXL4V+`^Am{3xC(rMp`$y+9#PH00sj989XXxP01Q9^2J zYETbIMz?C#FO{roU`K}!dz*a9t@-0KGtQ%WJ_jsDMMgf6WH1^RNjQ1}vB;DUYSs9{ zddAF8vNd?)y;0WKX?5nC)`o^#L1(jzFWudBeKx$7`}1kH){}yk@86$WzIeeMbT}w60E-5-)YZx9 zp^mmT-KoIIMVebH4@mh56yYDwrD6PHt*6_i9`^S3{@|U@S9>W=AfQ&Sfdshj=7a@9 zpFIeNOc{Sx`701OYtVTFv|dI=hR@2Z7`<8f;>C+cGE8BI+)?yPy>VRNRRy>+Om0I@ zR~IrwclU=YJFH^ndJOKkAcJ*XeAwaL_cLE$R-+%vkhb4kaQe^lPmdheX?tNOa=b~? zm?v0?6Jker0`zO;(v`}k9PUIzci`tug;>(23>*3V9Q1f*#8nzOt4mb(%9)?IL(C zZNLN)^>rAxe1^!Z^mIPlQh+6LEpdxqr5wEvIX}Wxm0oQ8DQ=}=u7=vu+D_Kfa4Td8 z?XllNAj2D96R^4DpQ(H8U{1g8Y&jheEz8(2@s#T@9T3aFPQ4ndtE>NW9VHe6*oG+} z7GEnlA^0Z(h{+QaC;9CY+-H2XZf0*^c&-iN*TF83LR)rp2(fAc@>1ngD-}GUIF5C9@sfFgc?1_v# zA@%+HtKLdpo+I|6qjHeeOled9S zR2K!)aXjRpzl&JfoL5}EQbrpJBpFJ`GPR-|f)m=ZV&s(5l?V5mzJF(lmPJ2j=?fYC zN5%%e!`3+6Ug^mnt5MUTyXDRTe0)9E?*&DJK)ppM7bd0s56YX(evZOKq-M|d$oAQK z6Xwqxk}1Z=iYRtEEUPTW*grz~Q91HXU&Y^}IzRh3XXZ?zuO}5XWX-nn!`g>2v7c(? z#@_I28WVgCv|QEj!(L%0ZE60l#Z64l`F$eDXj45|4Ff#jyHTTgN>a^|(v}-RRpBVA zTW#^H^P!5j*!Zck%RP0o_(_S|kmbcer-QUfh8oWbnx774QD0=|1KD6<4TLV5kA3&d zCrB>#vWenM(WTjvYUz$5Xvbf?%F`rz>m)bF?+~ z85%lr5xMCKIlUuK*bB|_3Hkier_C@m&Zc$LGsTix1C{A>Ftg-m7&|}El6ABIMsiyh z%zvXIJQ{^BZAeC{4)=YyPER#f9-hjL%=r4jehi3^)z~=6f=)evG!$a<%FkNIs~3M0 zYh6M#pslfS$VgoB9tmTdEOHspykfar(y`2HP{vi|bQyoW%SH(1A%F|*##XTWDD@q_Zamkx@#hypO&(+e+7ceMQB{fJ zJVN(e9Wrb4)&Sbm)6-Qis=Qz3P^dIG?889SEp*<3Gi%KAbbA25J*4i8P?D~uc1JVA zo9wi-h(yK201hVysQVh;qgs)4O~InXRJu8pwyW3)!!e}oiBd!P^VA!7UB35= zON$NB;Vm5rqgU4qyckl!`$BYbPm@e7c&ef|6`ZK*>g##?$~A;t1i}Z7 zV;MZWAtEC3_X4}fJ9+CtEv=oM9VKe&E76Br?1UstA3@zV@!#Irp|ngkYIP=PdVv9y z7!c>m?ZRodTsQoIX{@eK8Go`m31sV+L>#lxI9I+Ink{o5ZJH|IP=Kk za$7n7H-g3jy?KdueKH(K3dau?fS2_suk=c>?tY8<3~?DH?^H%-D=R8~D8VOwXMqKg z6ACyqAngDNFqmce$Rt^e1KkF2(Y!H7aQd&d+wi#Qlj!K^yb`X0uFe(@79)qOc~|~) zN-33f3_A<21CnSE@7*&MCN&;u87*0LzWz;bmPGy0buAgD&{AXgQ>hHQ_qV~PrcoYp zSOf?Ev4DWuvXR9Y?mViCfjVNEXJBfB7~HXeB-FK&rt%%SH$7oAQpqJ;nj)t(w-zDT z`dqY!x7?nCjfmFy^?>2~0sMTa2`3~6))=DmuvZ20^+emN6c8EzVPrG0|1Y3q+}WxX zb)6Kf19A164%&R$wF%;?P3;O$eHsr9(-dP?!-T+scJvPLM?%G0~iQLKSPb&%e9o9AA`PP%lvsE?ve}@ zqxxYNVLN6=rxMnJ?8s+@W8WJZxPwB>pY?{=j^k<@E~@IIsPXB~iKHxH?Et9R%XE-kA9N}($mqE z5ZvI3s)&e)033i2Bo?5{@g0G%_WSoYd%H<&l(QQ9T?3@A$jHbaU~?p6PJpH{_rC06t#htK+#hii>IDLuOtJ2XiITz4y7?q}=xL=Dwi{@4r@8 zdwTs%ki22@kmJ44Q!dAg5z}X@#)W};R=P35@NNMqGkKkVIaP^B{rZT$)-SPNjM**y zt>pA1BqXX{@YzUZ^u3j&jLG7aG)b%#`9sUdCtoKpv*l$Ymj#3>t9GB}V%g`S+E0x7 z*M#}(+b)jHma#cVRf7eo!})oODfq&!PlvkEzR7&y&WHXnLT`0gOA#?XoZ3l}p>KD$ zJhFQQk?&s86@8?j%M_94gE}+%dFs5+G1Ip-wt#3BD z7EAod+33?(@P|O|5Z)S1gp>+v#bn6^L?`55GptcKJUa3ca=YuK8dNwoZN_9RN{2}G zWOo!#1INurqQX&4!c5V&GE5O+46^?qLw@-qA%6}JtG${n_F+~=r4vJDRl1IDhlNCC zt32JxhuM87(k{PDYT{Ltr*6M$W|L-WOE>gxMuC)wp?#@YB9%ZkJ*tiEzgg|DhHi3*&;ZVo^FG z@S&yGV3jXyoVp!bpa{!7smaHCD~79|c$m8Lp3#2JY>PbN$u+n2E=Jxjv29w5$8f$p8AihH3QZ=qp% z;k3TKzN(8W-lXco#n0%uT&UwEv`ZY$PWWpYzeW-ND;zAb6i9kyB5Twf0EIDUE9!!JT06 zowNeaOy|eXE;$*I?hMm!#HI0<_nZ8uvHvXL^`6@L&_BswS0(seAy$Qh$3~Lw9j$%M zyPDbcd0}K2bNMvJ3ie_q`ttm|MWWe!RTTEt|FpSpZ$(Rk+5F~BOTpy58+2I~-`sTh zllnXF?mW*`l6Z5!Hz@b<(X0$LY!tGsK>E?GKbb))bPEkuKqShW@n2c$pxxdbjL=DN ze|9x~;aIT{vo}2F-vdOU9tY|YOChZH%=kOo#a7EVTEUNd*oeW9)gx2~^j_z&ye zA4616zbP0}=~*$~?;|(jm##qd9Ugivn^pCRzRcebL!)Bq88&)D^ZZs3#JY0BhpWfO zMn4K>hiZabWQfjNy2mzLTb6vow&p5OOk#JBXuhn3*_wa`47Gn?pm-vx z#W5~^4`M#HSUqV`L!4$%56(Kg`?K2xDM4_+`9C2{fNeZg%(=fgdzlGiT!^2ADBQd4 zu)%?zb6D;z9AHIXcQq~jL z7V`d3x51vKpp)|1YRMk&L-JPE9AxEIQ;#QO)`yBnO2Z@5$<`lva>lY1wkA-)ht6h4 zYir7xSy|XbS*pkBldLCu`*ig{h^+5>PU~KRL{&|{ISx$P@Q<$7LMw(=h%k;vC#JDp zeA)(x3VfUGdfSHosB66lNk!r`VNxNpxZC2C(AI}T>pz%wElvuulgAgbO^(e&A-g`! zAp5f4x_*`%--AB*!=DU>9SQA7$4JS%T(i#<@jwe0mwW89|O9va!L0%iDxYHrNj;^MRB zd19>T7WV9yZE5cCl!M8r{Z2P(+yZ$ylp%=Qg^?kgCh`8!I7z2gOw2NXIe2Mf_*Svjf0;lq{>yTL8)qro{2FEEz3!;-O7 z;v-2RxuvrAw*(DNp9Z(myr%mntITYk893Dfv+m9#8H$#*6f_6PRdauXK@~yC*l(o1c}&v>G}T zbA)Bx7}apEpA{>pHhL1fJc-7FIvWbjbF@V#pZ~CJZfm3NudM$z(xD=z%rO?(r+`@cN=e0}Q=r&m^T%`GfwJ6@*VPVjM!18?qgfMQ9s zH5o-=R?o2LUmV2VS1Vuxil7GTb{}cwRMSSJ=iW=SrG@JtGIO;Pd~AE@j1WOgsYIrw z6E>h|8s6dWj}2^dn=9qic{~(H!l_)LNNJzyU+5jv+}zyxg?P4ZZEH&%RMg`G=`C7m zfEi|YL!jWU|L_AQ`1G4TpzDygF{8PKGMX3B{Sbuq9LWjg-ripOO|#JpE}fZir`o?! zCq*i`l~}z`YLLui_K8>EEtlSMgJL?JVlneZyyMjD=&a7Ae`UpbdEtd^0@beCU~IQ? zN2+n6s7>QiefES??_0?^$JwG9`#qkTSr?EOiH#+mgO|+DXSg57^j=&b-iW6mP%5kT z49v{To}Zo(5*3a)zS!9Ek|K=u-1IFRil`dP-#&B>4FvZ?T4V&+-2P&N-&pzZEEdk6 zp6S|1j^=f$pFK!wJMZ$7k2t1E*(P@!J^kEw$BGOx-wB7#dp4F$NS8cH8(dvldbQCs zA!QK*X2d+n(0D~MSc%DNTwtAtk6XEpJazQLj-H39Q^6WgVGzZ`x5m$F`#T?W)Q8tMaDbXylGe zZOM#D@GWQApSZ-M&#KG?I!wq+7Wh0ZBwD7Y>lj%mbx*B`6SEFNa|A4$U$mB(0k zc117Z*R2*rmBqYNybzYd>BpxkPLm#tun5#|e=j#l{`!6NHm1UD*iP0i@ezZRZ=$tC z+TbHC?_>Y;)(k3wpF?heXS))PqIA$_kJlfE^0*PNC2gTc9;pncB@!DJSj6~I5tR;^ z?qVR&>fD4&ZF`YTzH6{chR;Eh9_bRyqs!?VQhcd(=!7l)3mL2d)nFkXCUU~5)|2`1 zy5A{mzFBhjY~K@_$+faCY2GSzcdUBj_n{j6lMJ@1rh!Q#t!0>AKa=6J{t?5-S@*>S zOwyAlP*8LYYC6}?&09Uq=gYKl8ztn=tkvN#6*2DioXLfn!D%sEZHlR<>Ii0P#y;#$ z@<~TJqFRnn%zVVhSdSk2yy0lt&BW+6g4H=SrQJ|ePJNN=aXPhn)vw%0ug9Fj)tT}T zK9?(%v0s#}HIFuUjMW$Ay}tZ&TY2?G+N&&2j@|(MoZevdt%XMCoDtPY3f8e(yYyLJ zhJ)+4$viqUm zv$YKN+<$gXd5mzQ;|DL^pE9rSg8j2wMMk6VR1E_DQ27mm;$@4l%yNlF)^pyv-iSaD zB|%#VR)z5Je%O8{X=yc%>s11%Tt-$_=!^(YfB@QZ9dC&9*88`;IVcoLBy=5iD5I0u zpD+1Ee=D&1hZ%@Z@+4Blz$Tjm4sV*6Zah4^1_K4so&Y)d1`ATWKQ&V;RCv!D0g7gp z3;1eO%7KB%nm>Famld($zbrYV>|N7F4WL?o8)!s-fEwdZiKPt^@2z~Y$Q@Br3fv2# zvS8XeIWf5(@yXpP&673y8Xn%;aIdVXK|3~tCE8;6^v1hqxR3hHqZJ(reei25dL0|&OrnKb}4JWHCJi^`>2`b$Uu7~b1p8owLh zfB*IKj_u;G5&wT4f!}aOd^j8siG-go-|oGn^au*FGM%!oPT{*Bq4x!o+JV=i3Q(tm zXe`UEA;x%ffH**UG=U>Gi0|N$f!_dK*^1I-NOLDZb=>)vWeapj3D5#VXf09#;S|kI z?|Dx`4)CSXb`0HE*p^Q-_}dU8B})wYOqk|gC-%aVa4o0(fa&XkABjqCOwH`BukMhQ zr@8EK+|QSPw@;rg<_10X#d{vP;SZ?9Fk|FXnPFbrD}hB^or?$ybD6bQkA8Lw|F30K zw>3B$4{vWw$uT|A`zHVf6Da(U#cv=jo!Fk=;Xln>HtmFJW?^YIur>hLc}Y=$TsGm9 zAuXBG^6SxxAGoHrCL6>zzd8U4?$Jm|7PItL?ZpDwC_Vb8U3Cmt;IzT@Ifddm=PxL5 zIlyCMV`H>y5DFPW3-_x{9V`GBrqTrp557+j?3c-vxxom_tg+7jbnQtk1d%EE#j}#p zBXa{$JpI>=U+#y{B&v46u3B%K)=!=|fz_VN@PE7j^nFw%-&_*33qAL~+4$@|B2-|h zp58GWdha**icr9!aEz?meHFl4F6qJz|6eJ8Hg5Gp6XO@uPYx#$NWZolZk1LWh%WWB zr;Oc?-HX0bi&*ZLa3CD(%mr*8(Wt?Z6ti{FQr+3s`*rkhnRb25W_FJoKfIzO2nK|_ z(&g-RM{>7W1j$>zj3{MBJb#9V67jqS*+!+kfKK^7@_6i<3~0>2#-VYND=S=j=SP0E z%h~2-ev8-R-hX8Uo*&m_pJ|};&izpf&Mk}Y!7hwaSpn1HE%lPMrsWYC@7`PF6SrJm zo}rhnfc$r5xt0fE(#UCR1g4pYPe3#PFUFfi=s?a)2jubi^#>TxUr$gPt{MDt}4)H z#kLP23o^FPSB)(;06=491$!XDbTK@WH*k>Yp=W{L#?o1984~rVOi)m8$q0WRs=MIF zDCKtkBJ{X!h#Z-B<`55vdg+8u<_-ULPt8E({#dnB7>7>EP^z2>qeisinjOND*|35* z;gif3O*9gMSm+Omd4s)SezV*;c}8=@Cv=jZuV3m#0da;R+*`kyeb>!4)C67*LAdgv zM|_-*&Sown1d#M@&p!7Ic^bh>^PrA37J{)sbu$nIF?w2kD-}#CR)vTx7-{wOD=rN^ z)G=K-Iy#M%GafrI%@Q0rPTlZ_uJKzIj@RiOVfW>jcH^Xu0zNadnF^|<+EQK(LJ)Ed zWk914J#MruHcPuKA70H94a?$smPx4|p{Tj5Id-AchCMi7Wt~PfIBxkC?J||8rH($a zY18~Q#?2o@7o{@gn@o9=UwZ%GRcxYs=(d+XTkjxwZzPo{+*XOeX zAI8jADDP}hGf?J?zLRRnJn8lbuf>Sq>cy0 z<-`B*7kS7WX4TE^)|GugB+4%dCB**3)!NhqnFyu$`i|w&L^O;W?2X+orpCp=gg9W-C-`H ztN;0u)Tg0TCHDak4>qoAl@vM5f%59^i2{tm+>!&rhxA@sTKY+I+fmkC!Yb$A zr=e$ldLc*kRbt57g7)4`sJ~m&9_ln4WK*=4S^W_g}x?f{A+ z_aZNGeoUOSR4`VPOB^3WVXB;Yk}dH8!STm-{iq%amfUQ2=S|T%bMH;^=?#_HQH?HN z)!+dH?(NyB>l*ga4tBv`t3&_?mEewk6BdzF4(m^mpJ!?B14MFHBacWx=iG$27W#Z} z8vH^&otq+`JCprRT)?Swhy{um(c}O!1I*;wCz06u)#(hRa5UE{=fe>uPoPBqxE%^1 znbaeeWAC|pKioP&9G4Q;GCdrDqGH|{NHwX%QC`z<33*y%?Mz`@cIz__(%R;0kHiIY z_wX+9Cu*H?YmG;HPKGxRcPwO#Hr~d=qWU&CIBnkANhrZ$mnIPQ=!s7kv|5R?=mJM% z(&@-|H}isxj2|!bX*wLX-?&NvJV5>DT#a~4=c-Mg_kLGwPLQmBP@YCzOl5Gg^rXgY zsHA{m=Xx8r3%YIY^6=FOwb%A5jjoe>53Z#2Lgj{Cx8JY^5Z9w-U*?BSaupf#!22qs z^YZD_ioW1%%0z^2y2RUYt!^~d*Vj*W@6{TW;-2=YOYgJIjtIN9Hab#q^gMski+YUy zDUq&aI5Q!lN`p0sFu%_f+Y2T?NO60@3Q3G2LDQ)Y((Z=UAI~I?=u$7QWQFMNxyvu6 zIUwLa-R*#`?@hkOIxlOF@jW*Pi-Z2GbTq%b-b7=Zy?$#6$c0n0JC zgvDa3L6K_K>RuJHPE%V>MQkox_uENTMPIRAo9eGl9~z@Es;IfZwMFN(`T2^5#>PST zYX}G_%|+yhur*3AwqGZ&+*yjdUpG_v-p~eQ$$rx>hTUE=b`dfW)OS-qf7+}qFWV{l zz`ba)8GMnBf=Rn|`1m~Nt>9$+P>pVoViEeW3vksbPH49!)N87QqYaD7pn%($BOsbd_HyuH3Tvf!$@jwtm!{wi?yz$8W!4n4DU)MGbuWHmO9aoK#d+4qK@m*bHn` zjm;-}^V(AR*_9UIP#wQY^H%(`q)|UV)^wp_QBH)3Voa{%DS>FlP2`e@L<2uks3;;*ueeE*pej)@=9Z%?TRk9v+ zwjB@2E#-|rtJ-y<9k#{QRryI~Vtr(;n!X$&X!TZoCViQ9(n&~-5(uawmae&WBED}r z*PpnxbcQ z=1+}Iw%>?eJlnEXz_8hQ>T~b7v7oaPFe@3$Vs0S2@q@7YRsB;X{%jI3LsH9NaCP+q zr2R7#R}vC@ksa*Xz02M?Bu;8h$wDT5C383gZT-FSb~dxMerrAFXFs)0pEb&x`<%f+ zPvv5)6_aIraIE#Yd{mfS!>TrWl8sUG&tpw^rCn%*L;-EB?TMY?F9bR|V_pm2%~+k0 z&Z*%SbM#~5E1X>ZAs|Exe6#k9<0f(Y`N0Q=z@Rs}BFe`3pCvx?OA+?pOikq>Nk8M* zX7Ia)!p*pt6sZ|*?2J=&Qwe!_C?X9Joquxe@eJQpMD*nhMGg6w{6~*DkMbpG`?G%c zlFE$ZUU_1Yi#yDB%pljp;75ID%t0mN`FF<+ke|aM^NFei4ys+BOUMA>IpN({yDbz+-gjG2NHi_Q|rv?*6&T5$8l=X+D?w zUJ=0PeOd)3X9o6awO$oe>(mJ`K&0fS@%!tzRyVEQi7Sa$wEE@}!t&|e>3ccqjJ)ZT zX|IxD@>L4H>--hcL&GGkm?O)Yg7F&T=?Mt?@!Xa4&#jNWrv2#8Bo>Yz5@1HoxzuUL zEcuveuaZT?)NQVYaPX-_lP}NzE=P2Y>*F=$*IGEZ;XGg4b+~q28bwo5UM!Lqo0aY?HK?7)TF(wcHyDL=9ZcA%H5KkZ{P*H(Md9?wh ztLU3Y6b}ye^kfe^uF0jn#^E5RkRAizo;hCVtiY3SBp**^5n6SL-nGFpqrBWG1{uCn zzl`Y8L!SZr3lX)AjhqL>rtXU(dJnK`MXk2bMxIIVmp1m8RNH+JB38hz+Vkmdw}_ot~dF3Gn)o1FVFOI`)J~>I~UD+wFk~x%!!VtSoIZ}EPc={ zG&!??NNLNdijM1($(3;{HjamScx|<7YM)AQk3ih&o!KyP!b&W>v#smW+Ka#;-EVZ` z<`gePufIh_reoQ4;HqlYF3$-%(#K4TIeS(}OGXXV?z74_op2X<^LaCBIx=u# z&TjCOg$W=;L?15oB{4LAQCqv6n6{UsFJbOh11dc6lmR*$g*_{ysNy4ZeYNyc2Q_=> zR!(aG2JZp$xd0RE^j6{)GI(Fh#hk#`NMe&#V%73dP;l3C8GNQ2rTzuUpX*Y|AXyGyx5`(=+y zeUfL!>rbq0U*%4!Xt*?=@ndZhm4g`f?fZDp{!=0J z%^+-tahUM%#{kOW<|4ym-7h`JzYs*fk#bJc z^e76&fDqr^JU+Lg7+9lgDeT63cB%YWaqLSJ7Vl8mm(TN4gc&(o;$XiNS~U85tB`)L z#Av#5t4X1e!{9q+gUZZ;h_zea@+T58nYKomYDCFm9p5%bdfIb#bv!>o*!%l}5-gb( zlKZl;URLL>q2I0-8|O6U==p5Z-J1#w=-udIV@;=iPB44b)Lov&)E~u%&<{M1xNbw~ z^YgQ30;vOKUmR$Y+isRU1ULc^NBMNt^c&QRrlX`oZ0}EyWsL;q2d#mDy62gRh`pSM zQ^ZK5wlj1lz!cW7xyYn`lS~1y^P`O~Eg0c;7fk1i*fckaB5daRrj`POLY zeI|iCQdI6nqqvI0+si{Gcl}l- zEJU1ZjB+DuJEkQm-(^b-AG@uWgp1D+MZ;a}+j+O4s=d2A5o%iV)`K60l1FPx;IZ6! z)u6J~c*A94l<`A55SxDTVe;ijYbnsQxck;ZUBrtcseR=_u}Y&}cv< zzq@&$Dl!?5e)-0V!|S$w_Vo*L3BKfq)%8#1!Rfd^*EhxB<9#(Y3{Nx}56a!Ec-eSw z&Q2+clH2znn}LN*4bhE%4vTgLD#NL)0%xMGWa;mmD)5iA28oG()>Yfki8zi%Do;qJ z&)su#mqdjubRLBx6F4$$$_1K-^%zu`&UuT$FxJv)4I!y?oz~@^FJ=hD;%Gbj7ETKA z@I$CyJY9V)sy`i!gA%WHpaihT(q~ns#S9sXGH1av!U&W*=;@0Z{w>#&5-InDi-pD{ zW#ya4^{&SRl|z;iW8_m0ID&ApCd_~U$qy!l-KgzVcIFFHixA7y3%mDFx6yLeXT$RD zE4sfo%f*ZC%~OvB-4G8TMxvmC0TIyX;-ZYSHojJj35(2-$#U+80eM*>#1Or}B7;UB zn3=2{{Cu&k`Mtp@LO5Rb4#DPjk2lEzt7(AyIZ3d6QRA=}kwu|;Dc%BipCCIdvAw>= zY!|$_3OnKzE1X|!?*d&^+BWQPg|pe2c#WUd88_XYJH?QI9bj8C@K#O1CC@~$>Nv`C zh%iF|%c_ds+o3yGGT>tCF928|-b+5ww75z(Y$-o9S9pBQz3Afe26s5JeuvN$vIkWzo5Dd}6c zQhm(stX%3dYd((%MMZRAg3q0x)p-q-VAc~P=Pu@3DSWkL#U_-PMu10l1K$#7hhZzYxDPu zKSL{yo1>?#41Mb7<#I>sw0n&^UruP9N;j%77mW^({t1f?(`G*?Vc~<6Q}sWjWb%k& zk<4WQF#ePen@m;tx5KwRB}8objk1G%KQ>x|^8qMoel6(02N}=H%mRQ22{jRT_t<7^ z_~Cc?as(7TQ$(&RdSS*DB}Z8o!XHdp)MQ2@x&`iz(cR& z#l4g+{@-d}`*)$vU=*aic1Kn;TpN*P8K}-5qK3Op756%lZlJohU+=v|n3YL3z5+pT zgat?<+h9rIsrKl4%=KGUE?;RHH|2fGzuwBfEvu7U1TO6XN3Y<~Rdgnz?}C&3;LWlZ zQp%ulF=VN$$HY}+dhg#c%#`wA{EG(5Md#&)sy$<7xtO@mojf~UzmCbQXu)(zbeB*f z$QXs~7*kn|0wVAP_)&eQe&t$gbxSvicM7}id|vH5PMa50KxwQDV=~H)duf>mG-No* z@EnQ0GCY{x8kV<9$u()!Wor=6J>dt@3lTV0Azk?^O3KPtK}Oc?koeN@<~K*PRW_In z?^J9%G7zFfz!lV5qV*f}Df-t;IknJ*6UldMfExlI;3c15sCg2qu zo17;=&h{n0OQ;sUL+I%&S9K7B2z{Yh zvxGNmjq_U2Er_~A5m)|PK8hht}pp6k>{2t4z2Un1?_SOAX1E>54K=4%4)HJl#E>3fi;vT*j*U~yyf2k02f1P`V zSlzpD!Q7|5f*<_W{>Bu3ZK4FJ0Q01ZU^_T-$f|!)r@@G*M-}O0r9(k6iF+uk6bFb4 zNS;hGyrOtm!$;(F9+zB$xc%zFxYH(3>b=I=b*|%;%j@gBNuCXyfKDvq`ZqQ;X3E*s3Menp;eW5zNe)RVb^D9L` zSB!KyKh+auR1~St&CvD%XB`pU`J`+yL6{8Y!$Kp6+`E+D+VRa8Zj@40^8@OQYmQ9i zj4k*N_cKBC8z!&b7IJK$0eB5TnxTxv0C%NzCjQ&nSr|OP5X8-+;+X*07$-|{PmF!m5M@=EDF2dZlz{c zt1RJ{VPe$Gou9g%7omF)k9)&H&2sA3`DV7m^)fID!A)X-ps(vDN?&(xoAa%+SlQeN z@M}33Qz#V3XZ zZc3ztreC5-MfEn#CfGmnz+W1iR~M2E-$b37n#;}_uYRIa8&aJiNeJ2|SDlx47BmS1 z0@dLqe68+pwp|JG8EW7`|1YA zod%i@S_aPsYS1n92jrU>KRa)nKd;OKY{-|g)bO4>a8A&b?&fBI*IUo&0Z$N&Sgm)I z;ws9e!qRqjn(oXHqsqHp?T8}IPj-0s% z0s(NmR=m#rNnoc&_Z&)@8u8tsp^8#qz#&Qk#~~htiQ#BJYY{=5ufB|V>{DdW(rRe@ z9DPb;faar`Jb6{nQr@5rh2_C#P}hcwt`LXjzZj(>RvSh=j&$%6t?kL!X}%{uABEku zBXl$7Y#Gd`vC!^2$LeJwL&Y3d^Mx^ShZ?ibX9ppkxSVL(sler>)Nr}iaX#Ql@`9xsW+N80V8FjP5%WZVfYY{e!8CR*0BBCu@$iY1)Eor^J5hUM40E zO%0Vl3>DivEMK9;E01^eJ?%RqRrz2x?c}QL0Z$&aeoLCI>Q}2C*%fW)rfhP;W-bZ~ zI6{k~^dPHd?ax?etZFm1x3Q{Sd))ur&lUIaV#HB|E|>QBepiFs z9IGBhfjG|aTh6gRH%bIhxwQ!`g+;S&V^rGu10sjJd2f5r&=ajQP)s)OKBnRQc|r>QKc)78tWCw8u&cx4)zA) ztR=%Bnusf6%+X-f&nAC6)+lB_NkWwwwe9I1Q1I|cll}T9zLA+l)9t@=fP~=1rOxD= ze|oxEn1DkB1#PGhY4pHRzu#{c{Qk!=hJWScb44a@$L5Gif4l(#9wz`lWK!F|F2*P< zt!$|f5X@yje|_WJ_EM_WvTB-bH&e2Xi7D;BIq{f<>uSj`@ zP>4a}4zjsUtusUnw=)BF15jbX+qygXAnToD-;O@4IwG3xLM^>649E$1Tqiu!_vcYp zpcyLNwwSs$yS^?Aw*maQgXKi;^R}&$5cl~!)6-qxlEb{xw!ELvKs5;-lyQaiZ->3X zk@njFaqK21HSN65JOXlnY0UvxSwqy!3o1;dV);iaI_*H~LAv+oWMXZrW1`~;k_1EW zd;l^4gr_=Fy$`5*94g}=wt@P%yEgQ*z)mGXQ1JK4t|Pk^{L_QN;Zkl=fIIwJm1`f} zc_FW=Xm_J|^(;d93<-W#TM@{jXZ!ZuVLBH-X!(5OX_a$Rp{+9{Xh;4-ax^1qcp(Eh zq2Fxeas?*#-&=CQ=RZvrz5kUax#bt6shh%ae;)zwOW{wHCshI>_a71w{r}#@Wu$Wo zy)^@V{pqVZJ;r>|WHG5ZBJ%Iq%nM-jzVdpPc2LDZ`N!-=R~LD{T- z@9Vav(SPl-HoWjC;ZKvlPsGGTy_85wfq7*@yuiu2!HqDKF`yw()6D_prHG&U2<3ccOd^Z(EkqPUzV8R-|$RfUIR*I zbO?Z}A6WWoZ+f(S2z|qMh0?T{NLWexzx%g-Q(4RaTsnQBX;X7^jlSud629Yab2HuU zT3-sGSFcm)b4{8E7she4qx5S(hyOW(>8asnTe5bkz{X34cJiN1P0+hV=%1fJy|@qL zqOYs|clG~|FSwfQ zxfMg0m<(;DxIcjUiVjf&dNnqqjx(%uyZW!^R0EYx3xTpw3vT{yldlC7BZ)NEbR9JS zy{`>#A5$t?{H4T;c#2fcS9@sUn< zj;ZsRYjY=vY!4tZZ1eKguYo-mjYcZam8IsUR#q;o(`lzw{=|uYGL2b&>K%w2dM=3q zv<6tiMrtIb7V4Iz#(4A@CB|jb{<`edZab+r^h_D`5r!_$kwl#Z3gFJMbMt1zvW^2` zxHlm&))trQ@lkW)gO`vWPprNPz5gECn|(GdTE5!>-VB;b&;wCj(H|3<5+oS0>$~&H zUnBbpT7wol8jB%c23_ai(#YMjNZb0=Mlsj{Z9bs5ZAkI`B}ZNguD&kpvoi`L%b z^FdE0WV18Z0ibJd*B;@2s@lAtW5=H#$)12mD2#WHdjSl7ZRg$B9k1ZEM&2V5g&E`z zfMg`IN?Bkz1%r7?bB2czU^m>=_!AO3j7;0b8D0R3fN(r)MJk(dQs;YmgTba>F4 zhNzm5f3k#pKAoWYs2QEF^~e6nsq#LD${(YnXfo7j({moY3ptK>6&m_1Z7e7*+nB@H(63 zmnK)IM-t~{UE29NBD>W|h8>TK8tRlw?V5aCn)C>IPN~^w#czTH{kO?_oD0_nT$XMi z1vS0&uKyrwfr&(+@o``M8H*)M%Iqm>T&IS8p;YuQcjP9V#Jv-qMo+N6%GX8&D4B+@ z#U+#^+($Qt&iL-@@86dI#+o>$lVtsaTCT;F>QQ>0B5AC_1^6lH1vN)i{ zlh#GLwW8B)RV*>oW{gJeyK@l`TTKB?B&-KCc}V`Gw6bKk*T7*ww+C%8(;$QA6)tDk zQIGSN4@(eL-o<|OHlvkf#kX#tL-G7gWD@9_Q`&827bqrRGiZ)OVXJ*RDz@cA?g(Hn zEKwjAmI5|n#<^NUt&}sVETI6WL3f9oq%??z`!!5JXbpX{+pvxrpk#b@DKF3FabpW^MOi8WScyID^ zV_L(F$TU~zY6=Pt3QAw$f_D>92cecd^fP&D%}I)RvofB_{<;H0ZhvuHKE0#Eqgj5& z5Zilt*PZk~XH^4EV&vjYNBbK5?=oTT%TW zB22&)cqE_2DXAQ!Vh1|BQoS*8>KnSO2$!H1_*9nvioxS@VRukaCj$6OQxxO99qk~+ z&A<;%zFix2fZGN|_BTg{xtU^KNBwfqZoIa(Jrq1Xl7UIR=Gp2U`YB&R#sKa84*KTq zBJD$}g&ke>&d5J~>=X6e>b!_-YK0{*;=1M;Jr%aL5DD<=vCFo<2wp{>uU1NDhT42O zaCTRFPoM<~mm5ExKs57N`pcm>L2=qCdDT0~p=n4qSM$m8Z0m`p#Q|6u(4hcmQrT7l zd|UtgR>*&PumR=jS~CnR_Rc7${toHy;#-_3H*;CnPI{Y{7ME5CUSTGU{Ke>f9b3VN z{5PgKFlz4T#MA7=;Nsj36A}*00h;vdjb0aV0(5oH0!1)=U$ju;Qf&v z42!(#{I$;Yc3VV9%WJxnT|b1f@q=a(7Ox92C)0J#risgO?OR-YCTzfA1uyema#A3E zx9xIjz1&pT=eWnw7#xarL_$tcYc#>B-MZ|0XaI8_Ad?^F8|r}^2L4?>{fwx%B7ZEz z+pEl2M)F@D^ebGw(8BgYFU9`NH4qpL)2oH?FZbCU?DbySSquEwg>6dLxU}v*fSAX! zIF|7Y17M>`x%q_Sp282O6W$5p@u_oOH_JeWsV>?si*W7*eZBe4h0V>z*+1j0oAnC27n8m+ zxGrc}0fY-)OTZlsJa}$cb3zFO0YLwOjsaXjk`MY{An|Eq{>}38b!|;vhJyfl9Vjad zydsHle_h9O(P02o!To^7nGRps-5Qql0$!=|(;XCm3SxKe--kBJbO}4gtqmTt*~&p* zd}e4=pQ;U_!xrQqysR$)4+eq}{WpGX=Rq|&-G0@)*cfP1U*&RPA@7+IK)XdS3Yi4o zH@*U*r;BnW7)^DfrMBhBT$1@E`=OGPanLc|#;nt}>+TlXV9-Py z_hJ>rGdehBQY}8t7Td$+?Ila+UWVe%#We`0*sR(tzzk?0z%^eFy=#KVx`=uu7v64T z&Fd8u7z{x<;@d1z5TtQ`=rj!tnHkH7Xmye-3OvK5cl`$Gv|1(|?k6Jo^rXCR3M0FlsrsumA*%3Ro()hu_wjgn^M?QN3wjXcmE1xOzK4$B zcTqMIKpX>I9R1;4&=%fq1NPG8hVR9J?IEElO=0WPOh$@LqabMJ<#;8=wyLC8La%<6 zMCM$0+}kQ=P>|hvu$A01p?3dDU~WqS_69NHzWU4h832i-Qndjzf}E`5h~lsFv;U9E qDLX{jcWeKz|GrmR|Gy}~HWA7miTB4izDY7JqoJy!QgZ3Wo&N(#y{Ym5 diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 615251c635..9e477c69e8 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -1,76 +1,67 @@ ### YamlMime:Landing -title: What's new in Windows # < 60 chars -summary: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. # < 160 chars +title: What's new in Windows +summary: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. metadata: - title: What's new in Windows # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars. + title: What's new in Windows + description: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. services: windows-10 - ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM. + ms.service: windows-10 ms.subservice: subservice - ms.topic: landing-page # Required + ms.topic: landing-page ms.collection: - windows-10 - highpri author: aczechowski ms.author: aaroncz manager: dougeby - ms.date: 06/24/2021 #Required; mm/dd/yyyy format. + ms.date: 06/03/2022 localization_priority: medium - -# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new landingContent: -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - title: Windows 11 linkLists: - linkListType: overview links: - text: Windows 11 overview - url: windows-11-overview.md + url: windows-11-overview.md - text: Windows 11 requirements url: windows-11-requirements.md - - text: Plan for Windows 11 + - text: Plan for Windows 11 url: windows-11-plan.md - - text: Prepare for Windows 11 + - text: Prepare for Windows 11 url: windows-11-prepare.md - title: Windows 10 linkLists: - linkListType: overview links: + - text: What's new in Windows 10, version 21H2 + url: whats-new-windows-10-version-21h2.md - text: What's new in Windows 10, version 21H1 - url: whats-new-windows-10-version-21h1.md + url: whats-new-windows-10-version-21h1.md - text: What's new in Windows 10, version 20H2 - url: whats-new-windows-10-version-20H2.md - - text: What's new in Windows 10, version 2004 - url: whats-new-windows-10-version-2004.md - - text: What's new in Windows 10, version 1909 - url: whats-new-windows-10-version-1909.md - - text: What's new in Windows 10, version 1903 - url: whats-new-windows-10-version-1903.md + url: whats-new-windows-10-version-20h2.md - - # Card (optional) - title: Learn more linkLists: - linkListType: overview links: - - text: Windows release information - url: /windows/release-health/release-information + - text: Windows 11 release information + url: /windows/release-health/windows11-release-information - text: Windows release health dashboard - url: /windows/release-information/ - - text: Windows update history - url: https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3 - - text: Windows 10 features we’re no longer developing - url: /windows/deployment/planning/windows-10-deprecated-features + url: /windows/release-health/ + - text: Windows 11 update history + url: https://support.microsoft.com/topic/windows-11-update-history-a19cd327-b57f-44b9-84e0-26ced7109ba9 + - text: Windows 10 update history + url: https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb + - text: Windows 10 features we're no longer developing + url: ../deployment/planning/windows-10-deprecated-features.md - text: Features and functionality removed in Windows 10 - url: /windows/deployment/planning/windows-10-removed-features + url: ../deployment/planning/windows-10-removed-features.md - text: Compare Windows 10 Editions - url: https://go.microsoft.com/fwlink/p/?LinkId=690485 + url: https://www.microsoft.com/windowsforbusiness/compare - text: Windows 10 Enterprise LTSC url: ltsc/index.md diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index c1c29d8f63..6e75a1fb9f 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -4,13 +4,9 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2015"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski -ms.localizationpriority: low +ms.localizationpriority: medium ms.topic: article --- @@ -21,9 +17,6 @@ ms.topic: article This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). -> [!NOTE] -> Features in Windows 10 Enterprise LTSC 2015 are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md). - ## Deployment ### Provisioning devices using Windows Imaging and Configuration Designer (ICD) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 291d972612..136ed178a7 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -4,12 +4,9 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2019 (also known as Windows 10 Enterprise 2019 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2019"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski -ms.localizationpriority: low +ms.localizationpriority: medium ms.topic: article --- @@ -21,22 +18,23 @@ ms.topic: article This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] ->Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809. +>Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809. Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as: -- Advanced protection against modern security threats + +- Advanced protection against modern security threats - Full flexibility of OS deployment - Updating and support options - Comprehensive device and app management and control capabilities -The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. +The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. >[!IMPORTANT] >The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the General Availability Channel release of Windows 10 might be limited. ## Microsoft Intune -Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, note that Windows 10 Update Rings Device profiles do not support LTSC releases, therefore you should use [Policy configuration service provider](/windows/client-management/mdm/policy-csp-update), WSUS, or Configuration Manager for patching. +Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, Windows 10 update rings device profiles don't support LTSC releases. For installing software updates, use the [policy configuration service provider (CSP)](../../client-management/mdm/policy-csp-update.md), Windows Server Update Services (WSUS), or Microsoft Endpoint Configuration Manager. ## Security @@ -46,37 +44,36 @@ This version of Windows 10 includes security improvements for threat protection, #### Microsoft Defender for Endpoint -The [Microsoft Defender for Endpoint](/windows/security/threat-protection/index) platform includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. +The [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) platform includes multiple security pillars. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. -[ ![Microsoft Defender for Endpoint.](../images/wdatp.png) ](../images/wdatp.png#lightbox) - -##### Attack surface reduction +##### Attack surface reduction Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access]/microsoft-365/security/defender-endpoint/enable-controlled-folders). -- This feature can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether. +- This feature can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We've made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether. -- When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking **Manage settings** under the **Ransomware protection** heading. Click **Allow an app through Controlled folder access**. After the prompt, click the **+** button and choose **Recently blocked apps**. Select any of the apps to add them to the allowed list. You can also browse for an app from this page. +- When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking **Manage settings** under the **Ransomware protection** heading. Select **Allow an app through Controlled folder access**. After the prompt, select the **+** button and choose **Recently blocked apps**. Select any of the apps to add them to the allowed list. You can also browse for an app from this page. -###### Windows Defender Firewall +###### Windows Defender Firewall -Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](/windows/wsl/release-notes#build-17618-skip-ahead). +Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This behavior was first introduced in [Build 17627](/windows/wsl/release-notes#build-17618-skip-ahead). ##### Windows Defender Device Guard -[Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: -- Software-based protection provided by code integrity policies +[Device Guard](../../security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) has always been a collection of technologies that can be combined to lock down a PC, including: + +- Software-based protection provided by code integrity policies - Hardware-based protection provided by Hypervisor-protected code integrity (HVCI) -But these protections can also be configured separately. And, unlike HVCI, code integrity policies do not require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control). +But these protections can also be configured separately. And, unlike HVCI, code integrity policies don't require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](../../security/threat-protection/windows-defender-application-control/windows-defender-application-control.md). -### Next-gen protection +### Next-gen protection -### Endpoint detection and response +### Endpoint detection and response -Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Microsoft Defender for Endpoint portal. +Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Microsoft Defender for Endpoint portal. -Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus). +Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint. Other policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](../../security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus). We've also [increased the breadth of the documentation library for enterprise security admins](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows). The new library includes information on: @@ -98,9 +95,9 @@ We've [invested heavily in helping to protect against ransomware](https://blogs. **Endpoint detection and response** is also enhanced. New **detection** capabilities include: -- [Use the threat intelligence API to create custom alerts](/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. +- [Use the threat intelligence API to create custom alerts](/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intelligence application, and create custom threat intelligence alerts for your organization. -- [Custom detection](/microsoft-365/security/defender-endpoint/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. +- [Custom detection](/microsoft-365/security/defender-endpoint/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. You can use advanced hunting through the creation of custom detection rules. - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. @@ -110,83 +107,77 @@ We've [invested heavily in helping to protect against ransomware](https://blogs. **Threat response** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: -- [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. -- [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. +- [Take response actions on a machine](/microsoft-365/security/defender-endpoint/respond-machine-alerts) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. +- [Take response actions on a file](/microsoft-365/security/defender-endpoint/respond-file-alerts) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. -Additional capabilities have been added to help you gain a holistic view on **investigations** include: +Other capabilities have been added to help you gain a holistic view on **investigations** include: -- [Threat analytics](/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. +- [Threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics) - Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess the effect to their environment. They also provide recommended actions to contain, increase organizational resilience, and prevent specific threats. -- [Query data using Advanced hunting in Microsoft Defender for Endpoint](/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) +- [Query data using Advanced hunting in Microsoft Defender for Endpoint](/microsoft-365/security/defender/advanced-hunting-query-language) -- [Use Automated investigations to investigate and remediate threats](/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) +- [Use Automated investigations to investigate and remediate threats](/microsoft-365/security/defender-endpoint/automated-investigations) -- [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. +- [Investigate a user account](/microsoft-365/security/defender-endpoint/investigate-user) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. -- [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. +- [Alert process tree](/microsoft-365/security/defender-endpoint/investigate-alerts) - Aggregates multiple detections and related events into a single view to reduce case resolution time. -- [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Microsoft Defender for Endpoint. +- [Pull alerts using REST API](/microsoft-365/security/defender-endpoint/configure-siem) - Use REST API to pull alerts from Microsoft Defender for Endpoint. Other enhanced security features include: -- [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Microsoft Defender for Endpoint service and fix known issues. +- [Check sensor health state](/microsoft-365/security/defender-endpoint/check-sensor-status) - Check an endpoint's ability to provide sensor data and communicate with the Microsoft Defender for Endpoint service and fix known issues. -- [Managed security service provider (MSSP) support](/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection) - Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. +- [Managed security service provider (MSSP) support](/microsoft-365/security/defender-endpoint/mssp-support) - Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. -- [Integration with Azure Defender](/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center) - Microsoft Defender for Endpoint integrates with Azure Defender to provide a comprehensive server protection solution. With this integration Azure Defender can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers. +- [Integration with Azure Defender](/microsoft-365/security/defender-endpoint/configure-server-endpoints#integration-with-microsoft-defender-for-cloud) - Microsoft Defender for Endpoint integrates with Azure Defender to provide a comprehensive server protection solution. With this integration, Azure Defender can use Defender for Endpoint to provide improved threat detection for Windows Servers. -- [Integration with Microsoft Cloud App Security](/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security leverages Microsoft Defender for Endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Defender for Endpoint monitored machines. +- [Integration with Microsoft Cloud App Security](/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security uses Microsoft Defender for Endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Defender for Endpoint monitored machines. -- [Onboard Windows Server 2019](/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) - Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. +- [Onboard Windows Server 2019](/microsoft-365/security/defender-endpoint/configure-server-endpoints#windows-server-semi-annual-enterprise-channel-sac-windows-server-2019-and-windows-server-2022) - Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. -- [Onboard previous versions of Windows](/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection) - Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender for Endpoint sensor. +- [Onboard previous versions of Windows](/microsoft-365/security/defender-endpoint/onboard-downlevel) - Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender for Endpoint sensor. -- [Enable conditional access to better protect users, devices, and data](/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) +- [Enable conditional access to better protect users, devices, and data](/microsoft-365/security/defender-endpoint/conditional-access) -We've also added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you to turn it back on. +We've also added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device's time isn't properly synced with our time servers and the time-syncing service is disabled, we'll provide the option for you to turn it back on. -We’re continuing to work on how other security apps you’ve installed show up in the **Windows Security** app. There’s a new page called **Security providers** that you can find in the **Settings** section of the app. Click **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to resolve issues reported to you through **Windows Security**. +We're continuing to work on how other security apps you've installed show up in the **Windows Security** app. There's a new page called **Security providers** that you can find in the **Settings** section of the app. Select **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers' apps or get more information on how to resolve issues reported to you through **Windows Security**. -This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks). +This improvement also means you'll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you'll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks). You can read more about ransomware mitigations and detection capability at: -- [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) +- [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://www.microsoft.com/security/blog/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) +- [Microsoft Malware Protection Center blog](https://www.microsoft.com/security/blog/category/research/ransomware/) Also see [New capabilities of Microsoft Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) -Get a quick, but in-depth overview of Microsoft Defender for Endpoint for Windows 10: [Defender for Endpoint](/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). +Get a quick, but in-depth overview of Microsoft Defender for Endpoint for Windows 10: [Defender for Endpoint](/microsoft-365/security/defender-endpoint/). - +### Information protection -### Information protection - -Improvements have been added to Windows Information Protection and BitLocker. +Improvements have been added to Windows Information Protection and BitLocker. #### Windows Information Protection -Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. For more information, see [Deploying and managing Windows Information Protection (WIP) with Azure Information Protection](https://myignite.microsoft.com/sessions/53660?source=sessions). +Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune). +Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](../../security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](../../security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md). -You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs). +You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](../../security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md). -This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive Files On-Demand For The Enterprise](https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-Files-On-Demand-For-The-Enterprise/ba-p/117234). +This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive files on-demand for the enterprise](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/onedrive-files-on-demand-for-the-enterprise/ba-p/117234). ### BitLocker -The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](/windows/device-security/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol3). +The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](../../security/information-protection/bitlocker/bitlocker-group-policy-settings.md#configure-minimum-pin-length-for-startup). #### Silent enforcement on fixed drives -Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. +Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (Azure AD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Azure AD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don't pass the HSTI. -This is an update to the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp), which was introduced in Windows 10, version 1703, and leveraged by Intune and others. - -This feature will soon be enabled on Olympia Corp as an optional feature. +This change is an update to the [BitLocker CSP](../../client-management/mdm/bitlocker-csp.md) and used by Intune and others. ### Identity protection @@ -194,50 +185,46 @@ Improvements have been added are to Windows Hello for Business and Credential Gu #### Windows Hello for Business -New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you are not present. +New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you aren't present. -New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) include: +New features in [Windows Hello for Business](../../security/identity-protection/hello-for-business/hello-identity-verification.md) include: -- You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). +- You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](/mem/intune). -- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset). +- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more information, see [What if I forget my PIN?](../../security/identity-protection/hello-for-business/hello-feature-pin-reset.md). -[Windows Hello](/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). +[Windows Hello for Business](../../security/identity-protection/hello-for-business/index.yml) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). -- Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). +- Windows Hello is now password-less on S-mode. - Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. -- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their device Bluetooth is off. +- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign-in, and will notify Dynamic lock users if Dynamic lock has stopped working because their device Bluetooth is off. -- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. +- You can set up Windows Hello from lock screen for MSA accounts. We've made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. -- New [public API](/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. +- New [public API](/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync) for secondary account SSO for a particular identity provider. + +- It's easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: device Bluetooth is off). -- It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: device Bluetooth is off). - For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97) #### Windows Defender Credential Guard -Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It is designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. +Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. -Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns this functionality on by default when the machine has been Azure Active Directory joined. This provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. +Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. > [!NOTE] -> Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. +> Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. -For more information, see [Credential Guard Security Considerations](/windows/access-protection/credential-guard/credential-guard-requirements#security-considerations). +For more information, see [Credential Guard Security Considerations](../../security/identity-protection/credential-guard/credential-guard-requirements.md#security-considerations). ### Other security improvements #### Windows security baselines -Microsoft has released new [Windows security baselines](/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/device-security/security-compliance-toolkit-10). - -**Windows security baselines** have been updated for Windows 10. A [security baseline](/windows/device-security/windows-security-baselines) is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/device-security/security-compliance-toolkit-10). - -The new [security baseline for Windows 10 version 1803](/windows/security/threat-protection/security-compliance-toolkit-10) has been published. +Microsoft has released new [Windows security baselines](../../security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security effect. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](../../security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md). #### SMBLoris vulnerability @@ -245,57 +232,52 @@ An issue, known as _SMBLoris_, which could result in denial of service, has been #### Windows Security Center -Windows Defender Security Center is now called **Windows Security Center**. +Windows Defender Security Center is now called **Windows Security Center**. -You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Microsoft Defender Antivirus** and **Windows Defender Firewall**. +You can still get to the app in all the usual ways. Ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Microsoft Defender Antivirus** and **Windows Defender Firewall**. -The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Microsoft Defender Antivirus will remain enabled side-by-side with these products. +The WSC service now requires antivirus products to run as a protected process to register. Products that haven't yet implemented this functionality won't appear in the Windows Security Center user interface, and Microsoft Defender Antivirus will remain enabled side-by-side with these products. -WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**. +WSC now includes the Fluent Design System elements you know and love. You'll also notice we've adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you've enabled that option in **Color Settings**. -![Security at a glance.](../images/defender.png "Windows Security Center") +:::image type="content" source="../images/defender.png" alt-text="Screenshot of the Windows Security Center."::: -#### Group Policy Security Options +#### Group policy security options -The security setting [**Interactive logon: Display user information when the session is locked**](/windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. +The security setting [**Interactive logon: Display user information when the session is locked**](../../security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md) has been updated to work with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. A new security policy setting -[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. +[**Interactive logon: Don't display username at sign-in**](../../security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign-in. It works with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. #### Windows 10 in S mode -We’ve continued to work on the **Current threats** area in [Virus & threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: +We've continued to work on the **Current threats** area in [Virus & threat protection](../../security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md), which now displays all threats that need action. You can quickly take action on threats from this screen: -> [!div class="mx-imgBorder"] -> ![Virus & threat protection settings in Windows S mode.](../images/virus-and-threat-protection.png) +:::image type="content" source="../images/virus-and-threat-protection.png" alt-text="Screenshot of the Virus & threat protection settings in Windows."::: ## Deployment ### MBR2GPT.EXE -MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise LTSC 2019 (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). +MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise LTSC 2019 (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool runs from a Windows Preinstallation Environment (Windows PE) command prompt, but can also run from the full Windows 10 operating system. -The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. +The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports other partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. -Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. +Other security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. -For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). +For more information, see [MBR2GPT.EXE](../../deployment/mbr-to-gpt.md). ### DISM The following new DISM commands have been added to manage feature updates: -- **DISM /Online /Initiate-OSUninstall** - - Initiates an OS uninstall to take the computer back to the previous installation of windows. +- `DISM /Online /Initiate-OSUninstall`: Initiates an OS uninstall to take the computer back to the previous installation of windows. -- **DISM /Online /Remove-OSUninstall** - - Removes the OS uninstall capability from the computer. +- `DISM /Online /Remove-OSUninstall`: Removes the OS uninstall capability from the computer. -- **DISM /Online /Get-OSUninstallWindow** - - Displays the number of days after upgrade during which uninstall can be performed. +- `DISM /Online /Get-OSUninstallWindow`: Displays the number of days after upgrade during which uninstall can be performed. -- **DISM /Online /Set-OSUninstallWindow** - - Sets the number of days after upgrade during which uninstall can be performed. +- `DISM /Online /Set-OSUninstallWindow`: Sets the number of days after upgrade during which uninstall can be performed. For more information, see [DISM operating system uninstall command-line options](/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options). @@ -303,129 +285,106 @@ For more information, see [DISM operating system uninstall command-line options] You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once. -Prerequisites: +Prerequisites: + - Windows 10, version 1803 or Windows 10 Enterprise LTSC 2019, or later. - Windows 10 Enterprise or Pro For more information, see [Run custom actions during feature update](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions). -It is also now possible to run a script if the user rolls back their version of Windows using the PostRollback option. +It's also now possible to run a script if the user rolls back their version of Windows using the PostRollback option. `/PostRollback [\setuprollback.cmd] [/postrollback {system / admin}]` -For more information, see [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#21). +For more information, see [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#postrollback). New command-line switches are also available to control BitLocker: -- **Setup.exe /BitLocker AlwaysSuspend** - - Always suspend BitLocker during upgrade. +- `Setup.exe /BitLocker AlwaysSuspend`: Always suspend BitLocker during upgrade. -- **Setup.exe /BitLocker TryKeepActive** - - Enable upgrade without suspending BitLocker, but if upgrade does not work, then suspend BitLocker and complete the upgrade. +- `Setup.exe /BitLocker TryKeepActive`: Enable upgrade without suspending BitLocker, but if upgrade doesn't work, then suspend BitLocker and complete the upgrade. -- **Setup.exe /BitLocker ForceKeepActive** - - Enable upgrade without suspending BitLocker, but if upgrade does not work, fail the upgrade. +- `Setup.exe /BitLocker ForceKeepActive`: Enable upgrade without suspending BitLocker, but if upgrade doesn't work, fail the upgrade. -For more information, see [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#33). +For more information, see [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#bitlocker). ### Feature update improvements -Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This has resulted in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/en-us/articles/were-listening-to-you/). +Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This change results in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/articles/were-listening-to-you/). ### SetupDiag -[SetupDiag](/windows/deployment/upgrade/setupdiag) is a new command-line tool that can help diagnose why a Windows 10 update failed. +[SetupDiag](../../deployment/upgrade/setupdiag.md) is a new command-line tool that can help diagnose why a Windows 10 update failed. -SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. +SetupDiag works by searching Windows Setup log files. When it searches log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. ## Sign-in ### Faster sign-in to a Windows 10 shared pc -If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](/windows/configuration/set-up-shared-or-guest-pc) in a flash! +If you have shared devices deployed in your work place, **Fast sign-in** enables users to quickly sign in to a [shared Windows 10 PC](../../configuration/set-up-shared-or-guest-pc.md). -**To enable fast sign-in:** +#### To enable fast sign-in 1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise LTSC 2019. 2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. -3. Sign-in to a shared PC with your account. You'll notice the difference! +3. Sign-in to a shared PC with your account. - ![fast sign-in.](../images/fastsignin.png "fast sign-in") + :::image type="content" source="../images/fastsignin.png" alt-text="An animated image that demonstrates the fast sign-in feature."::: ### Web sign-in to Windows 10 -Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). +Until now, Windows sign-in only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We're introducing "web sign-in," a new way of signing into your Windows PC. Web Sign-in enables Windows sign-in support for non-ADFS federated providers (e.g.SAML). -**To try out web sign-in:** +#### Try out web sign-in 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). -2. Set the Policy CSP, and the Authentication and EnableWebSignIn policies to enable web sign-in. +2. Set the Policy CSP, and the Authentication and EnableWebSignIn policies to enable web sign-in. 3. On the lock screen, select web sign-in under sign-in options. -4. Click the “Sign in” button to continue. -![Sign-in option.](../images/websignin.png "web sign-in") +4. Select "Sign in" to continue. -## Windows Analytics + :::image type="content" source="../images/websignin.png" alt-text="A screenshot of the Windows sign-in screen that highlights the web sign-in feature."::: -### Upgrade Readiness - ->[!IMPORTANT] ->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a General Availability Channel release. - -Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. - -The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. - -For more information about Upgrade Readiness, see the following topics: - -- [Windows Analytics blog](/archive/blogs/upgradeanalytics/) -- [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness) - -Upgrade Readiness provides insights into application and driver compatibility issues. New capabilities include better app coverage, post-upgrade health reports, and enhanced report filtering capabilities. For more information, see [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). - -### Update Compliance +## Update Compliance Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. Update Compliance is a solution built using OMS Log Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. -For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). +New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. -New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Microsoft Defender Antivirus with Update Compliance](/windows/deployment/update/update-compliance-monitor). +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../../deployment/update/update-compliance-monitor.md). -### Device Health - -Maintaining devices is made easier with Device Health, a new, premium analytic tool that identifies devices and drivers that crash frequently and might need to be rebuilt or replaced. For more information, see [Monitor the health of devices with Device Health](/windows/deployment/update/device-health-monitor). - -## Accessibility and Privacy +## Accessibility and privacy ### Accessibility -"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/), a blog post. +"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](../../configuration/windows-10-accessibility-for-itpros.md). Also see the accessibility section in [What's new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/). ### Privacy -In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](/windows/configuration/diagnostic-data-viewer-overview) app. +In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](../../privacy/diagnostic-data-viewer-overview.md) app. ## Configuration ### Kiosk configuration -The new chromium-based Microsoft Edge has many improvements specifically targeted to Kiosks. However, it is not included in the LTSC release of Windows 10. You can download and install Microsoft Edge separately [here](https://www.microsoft.com/edge/business/download). +The new chromium-based Microsoft Edge has many improvements targeted to kiosks. However, it's not included in the LTSC release of Windows 10. You can download and install Microsoft Edge separately. For more information, see [Download and deploy Microsoft Edge for business](https://www.microsoft.com/edge/business/download). -Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release. +Internet Explorer is included in Windows 10 LTSC releases as its feature set isn't changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release. -If you wish to take advantage of [Kiosk capabilities in Edge](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](/windows/configuration/kiosk-methods) with a semi-annual release channel. +If you wish to take advantage of [Kiosk capabilities in Microsoft Edge](/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](../../configuration/kiosk-methods.md) with a semi-annual release channel. ### Co-management -Intune and Microsoft Endpoint Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](../../client-management/mdm/policy-csp-controlpolicyconflict.md) policy, to enable easier transition to cloud-based management. -For more information, see [What's New in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803). +For more information, see [What's New in MDM enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). ### OS uninstall period @@ -433,135 +392,132 @@ The OS uninstall period is a length of time that users are given when they can o ### Azure Active Directory join in bulk -Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. - -![get bulk token action in wizard.](../images/bulk-token.png) +Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](../../configuration/provisioning-packages/provisioning-packages.md#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. ### Windows Spotlight -The following new Group Policy and mobile device management (MDM) settings are added to help you configure Windows Spotlight user experiences: +The following new group policy and mobile device management (MDM) settings are added to help you configure Windows Spotlight user experiences: - **Turn off the Windows Spotlight on Action Center** - **Do not use diagnostic data for tailored experiences** - **Turn off the Windows Welcome Experience** -[Learn more about Windows Spotlight.](/windows/configuration/windows-spotlight) +For more information, see [Configure Windows Spotlight on the lock screen](../../configuration/windows-spotlight.md). ### Start and taskbar layout -Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). +Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](../../configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md). -[Additional MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include: +[More MDM policy settings are available for Start and taskbar layout](../../configuration/windows-10-start-layout-options-and-policies.md). New MDM policy settings include: -- Settings for the User tile: [**Start/HideUserTile**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile), [**Start/HideSwitchAccount**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount), [**Start/HideSignOut**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout), [**Start/HideLock**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock), and [**Start/HideChangeAccountSettings**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) +- Settings for the User tile: [**Start/HideUserTile**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideusertile), [**Start/HideSwitchAccount**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideswitchaccount), [**Start/HideSignOut**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidesignout), [**Start/HideLock**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidelock), and [**Start/HideChangeAccountSettings**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidechangeaccountsettings) -- Settings for Power: [**Start/HidePowerButton**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton), [**Start/HideHibernate**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate), [**Start/HideRestart**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart), [**Start/HideShutDown**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown), and [**Start/HideSleep**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) +- Settings for Power: [**Start/HidePowerButton**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidepowerbutton), [**Start/HideHibernate**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidehibernate), [**Start/HideRestart**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderestart), [**Start/HideShutDown**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideshutdown), and [**Start/HideSleep**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidesleep) -- Additional new settings: [**Start/HideFrequentlyUsedApps**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](/windows/client-management/mdm/policy-configuration-service-provider#settings-pagevisibilitylist), and [**Start/HideAppsList**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist). +- Other new settings: [**Start/HideFrequentlyUsedApps**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](../../client-management/mdm/policy-configuration-service-provider.md#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](../../client-management/mdm/policy-configuration-service-provider.md#settings-pagevisibilitylist), and [**Start/HideAppsList**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideapplist). ## Windows Update ### Windows Insider for Business -We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business). +We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization - especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business). You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://insider.windows.com/for-business). - ### Optimize update delivery -With changes delivered in Windows 10 Enterprise LTSC 2019, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10 Enterprise LTSC 2019, [express updates](../../deployment/do/waas-optimize-windows-10-updates.md#express-update-delivery) are now fully supported with Configuration Manager. It's also supported with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This support is in addition to current express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. -Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. +Delivery Optimization policies now enable you to configure other restrictions to have more control in various scenarios. Added policies include: -- [Allow uploads while the device is on battery while under set Battery level](/windows/deployment/update/waas-delivery-optimization#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) -- [Enable Peer Caching while the device connects via VPN](/windows/deployment/update/waas-delivery-optimization#enable-peer-caching-while-the-device-connects-via-vpn) -- [Minimum RAM (inclusive) allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-ram-allowed-to-use-peer-caching) -- [Minimum disk size allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-disk-size-allowed-to-use-peer-caching) -- [Minimum Peer Caching Content File Size](/windows/deployment/update/waas-delivery-optimization#minimum-peer-caching-content-file-size) -To check out all the details, see [Configure Delivery Optimization for Windows 10 updates](/windows/deployment/update/waas-delivery-optimization). +- [Allow uploads while the device is on battery while under set Battery level](../../deployment/do/waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) +- [Enable Peer Caching while the device connects via VPN](../../deployment/do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) +- [Minimum RAM (inclusive) allowed to use Peer Caching](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-ram-allowed-to-use-peer-caching) +- [Minimum disk size allowed to use Peer Caching](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-disk-size-allowed-to-use-peer-caching) +- [Minimum Peer Caching Content File Size](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-peer-caching-content-file-size) + +For more information, see [Configure Delivery Optimization for Windows updates](../../deployment/do/waas-delivery-optimization.md). ### Uninstalled in-box apps no longer automatically reinstall Starting with Windows 10 Enterprise LTSC 2019, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. -Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise LTSC 2016 (or earlier) to Windows 10 Enterprise LTSC 2019. +Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This behavior won't apply to the update from Windows 10 Enterprise LTSC 2016 (or earlier) to Windows 10 Enterprise LTSC 2019. ## Management ### New MDM capabilities -Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](/windows/client-management/mdm/policy-configuration-service-provider). +Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](../../configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful group policy settings via MDM. For more information, see [Policy CSP - ADMX-backed policies](../../client-management/mdm/policy-configuration-service-provider.md). Some of the other new CSPs are: -- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. +- The [DynamicManagement CSP](../../client-management/mdm/dynamicmanagement-csp.md) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can't reach the management server when the location or network changes. The dynamic management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. -- The [CleanPC CSP](/windows/client-management/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data. +- The [CleanPC CSP](../../client-management/mdm/cleanpc-csp.md) allows removal of user-installed and pre-installed applications, with the option to persist user data. -- The [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. +- The [BitLocker CSP](../../client-management/mdm/bitlocker-csp.md) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. -- The [NetworkProxy CSP](/windows/client-management/mdm/networkproxy-csp) is used to configure a proxy server for ethernet and Wi-Fi connections. +- The [NetworkProxy CSP](../../client-management/mdm/networkproxy-csp.md) is used to configure a proxy server for ethernet and Wi-Fi connections. -- The [Office CSP](/windows/client-management/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options). +- The [Office CSP](../../client-management/mdm/office-csp.md) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options). -- The [EnterpriseAppVManagement CSP](/windows/client-management/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. +- The [EnterpriseAppVManagement CSP](../../client-management/mdm/enterpriseappvmanagement-csp.md) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. -IT pros can use the new [MDM Migration Analysis Tool (MMAT)](https://github.com/WindowsDeviceManagement/MMAT) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents. +For more information, see [What's new in mobile device enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). -[Learn more about new MDM capabilities.](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew10) +MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](../../client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md). -MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). - -Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1709). +Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). ### Mobile application management support for Windows 10 The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise LTSC 2019. -For more info, see [Implement server-side support for mobile application management on Windows](/windows/client-management/mdm/implement-server-side-mobile-application-management). +For more info, see [Implement server-side support for mobile application management on Windows](../../client-management/mdm/implement-server-side-mobile-application-management.md). ### MDM diagnostics -In Windows 10 Enterprise LTSC 2019, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](/message-analyzer/microsoft-message-analyzer-operating-guide) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. +In Windows 10 Enterprise LTSC 2019, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we're introducing [Microsoft Message Analyzer](/message-analyzer/microsoft-message-analyzer-operating-guide) as another tool to help support personnel quickly reduce issues to their root cause, while saving time and cost. ### Application Virtualization for Windows (App-V) -Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. +Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, **New-AppVSequencerVM** and **Connect-AppvSequencerVM**. These cmdlets automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (`.appvt`) file, and letting you use PowerShell or group policy settings to automatically clean up your unpublished packages after a device restart. -For more info, see the following topics: -- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm) -- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-sequencing) -- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-updating) -- [Automatically cleanup unpublished packages on the App-V client](/windows/application-management/app-v/appv-auto-clean-unpublished-packages) +For more information, see the following articles: + +- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-provision-a-vm.md) +- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-batch-sequencing.md) +- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-batch-updating.md) +- [Automatically cleanup unpublished packages on the App-V client](../../application-management/app-v/appv-auto-clean-unpublished-packages.md) ### Windows diagnostic data Learn more about the diagnostic data that's collected at the Basic level and some examples of the types of data that is collected at the Full level. -- [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703) -- [Windows 10, version 1703 Diagnostic Data](/windows/configuration/windows-diagnostic-data-1703) +- [Windows 10, version 1703 basic level Windows diagnostic events and fields](../../privacy/basic-level-windows-diagnostic-events-and-fields-1703.md) +- [Windows 10, version 1703 diagnostic data](../../privacy/windows-diagnostic-data-1703.md) -### Group Policy spreadsheet +### Group policy spreadsheet -Learn about the new Group Policies that were added in Windows 10 Enterprise LTSC 2019. +Learn about the new group policies that were added in Windows 10 Enterprise LTSC 2019. -- [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) +- [Group policy settings reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) -### Mixed Reality Apps +### Mixed reality apps -This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](/windows/application-management/manage-windows-mixed-reality). +This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](../../application-management/manage-windows-mixed-reality.md). ## Networking ### Network stack -Several network stack enhancements are available in this release. Some of these features were also available in Windows 10, version 1703. For more information, see [Core Network Stack Features in the Creators Update for Windows 10](https://blogs.technet.microsoft.com/networking/2017/07/13/core-network-stack-features-in-the-creators-update-for-windows-10/). +Several network stack enhancements are available in this release. Some of these features were also available in Windows 10, version 1703. For more information, see [Core network stack features in the Creators Update for Windows 10](https://techcommunity.microsoft.com/t5/networking-blog/core-network-stack-features-in-the-creators-update-for-windows/ba-p/339676). ### Miracast over Infrastructure @@ -569,47 +525,47 @@ In this version of Windows 10, Microsoft has extended the ability to send a Mira #### How it works -Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. +Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS and multicast DNS (mDNS). If the name isn't resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. -#### Miracast over Infrastructure offers a number of benefits +#### Miracast over Infrastructure offers many benefits - Windows automatically detects when sending the video stream over this path is applicable. - Windows will only choose this route if the connection is over Ethernet or a secure Wi-Fi network. -- Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. +- Users don't have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. - No changes to current wireless drivers or PC hardware are required. -- It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct. -- It leverages an existing connection that both reduces the time to connect and provides a very stable stream. +- It works well with older wireless hardware that isn't optimized for Miracast over Wi-Fi Direct. +- It uses an existing connection that reduces the time to connect and provides a stable stream. #### Enabling Miracast over Infrastructure -If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: +If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, then you automatically have this new feature. To take advantage of it in your environment, you need to make sure the following requirement exist within your deployment: - The device (PC or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise LTSC 2019, or a later OS. - A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows device can act as a Miracast over Infrastructure *source*. - - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. + - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection. For example, using either WPA2-PSK or WPA2-Enterprise security. If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - As a Miracast source, the device must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. +- The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this configuration by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. - Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. > [!IMPORTANT] -> Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. +> Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don't have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. ## Registry editor improvements -We added a dropdown that displays as you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word. +We added a dropdown that displays while you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word. -![Reg editor.](../images/regeditor.png "Registry editor dropdown") +:::image type="content" source="../images/regeditor.png" alt-text="Screenshot of Registry Editor showing list of path completion."::: ## Remote Desktop with Biometrics Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. -To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click **Connect**. +To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and select **Connect**. -- Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click **More choices** to choose alternate credentials. +- Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also select **More choices** to choose alternate credentials. - Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN. @@ -619,6 +575,6 @@ See the following example: ![Provide credentials.](../images/RDPwBio2.png "Windows Hello personal") ![Microsoft Hyper-V Server 2016.](../images/hyper-v.png "Microsoft Hyper-V Server 2016") -## See Also +## See also [Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release. diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index e7ad13d805..8190b90e04 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -1,16 +1,14 @@ --- title: What's new in Windows 10, versions 1507 and 1511 (Windows 10) description: What's new in Windows 10 for Windows 10 (versions 1507 and 1511). -ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6 ms.reviewer: ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski manager: dougeby ms.author: aaroncz -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, versions 1507 and 1511 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 509b7d10a0..48342fd24c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -1,16 +1,14 @@ --- title: What's new in Windows 10, version 1607 (Windows 10) description: What's new in Windows 10 for Windows 10 (version 1607). -keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.localizationpriority: high +ms.localizationpriority: medium ms.reviewer: author: aczechowski manager: dougeby ms.author: aaroncz ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1607 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index e6bae90e51..df0bb338ac 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -1,17 +1,14 @@ --- title: What's new in Windows 10, version 1703 description: New and updated features in Windows 10, version 1703 (also known as the Creators Updated). -keywords: ["What's new in Windows 10", "Windows 10", "creators update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.localizationpriority: high -ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617 +ms.localizationpriority: medium ms.reviewer: author: aczechowski manager: dougeby ms.author: aaroncz ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1703 for IT Pros @@ -44,8 +41,6 @@ Both the desktop and kiosk wizards include an option to remove pre-installed sof Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. -![get bulk token action in wizard.](images/bulk-token.png) - ### Windows Spotlight @@ -232,7 +227,6 @@ Some of the other new CSPs are: - The [EnterpriseAppVManagement CSP](/windows/client-management/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. -IT pros can use the new [MDM Migration Analysis Tool (MMAT)](https://github.com/WindowsDeviceManagement/MMAT) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents. [Learn more about new MDM capabilities.](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew10) diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 905d4ff2dd..ad9ebb3782 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -1,16 +1,14 @@ --- title: What's new in Windows 10, version 1709 description: New and updated features in Windows 10, version 1709 (also known as the Fall Creators Update). -keywords: ["What's new in Windows 10", "Windows 10", "Fall Creators Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.reviewer: author: aczechowski manager: dougeby ms.author: aaroncz -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1709 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index f2f4dc5964..a2c91e76ed 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -1,16 +1,14 @@ --- title: What's new in Windows 10, version 1803 description: New and updated features in Windows 10, version 1803 (also known as the Windows 10 April 2018 Update). -keywords: ["What's new in Windows 10", "Windows 10", "April 2018 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.reviewer: author: aczechowski manager: dougeby ms.author: aaroncz -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1803 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 9ce31284cc..d14888637d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -2,15 +2,13 @@ title: What's new in Windows 10, version 1809 ms.reviewer: description: Learn about features for Windows 10, version 1809, including features and fixes included in previous cumulative updates to Windows 10, version 1803. -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski manager: dougeby ms.author: aaroncz -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1809 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 35ed9f16c3..30dde72ade 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -1,16 +1,13 @@ --- title: What's new in Windows 10, version 1903 description: New and updated features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update). -keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1903 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index 3b33b31e96..7f89949678 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -1,16 +1,13 @@ --- title: What's new in Windows 10, version 1909 description: New and updated features in Windows 10, version 1909 (also known as the Windows 10 November 2019 Update). -keywords: ["What's new in Windows 10", "Windows 10", "November 2019 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 1909 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 726580724f..82a86f30ef 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -1,16 +1,13 @@ --- title: What's new in Windows 10, version 2004 description: New and updated features in Windows 10, version 2004 (also known as the Windows 10 May 2020 Update). -keywords: ["What's new in Windows 10", "Windows 10", "May 2020 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -ms.localizationpriority: high +ms.localizationpriority: medium ms.topic: article +ROBOTS: NOINDEX --- # What's new in Windows 10, version 2004 for IT Pros From 93d4fd0b18f1e7adcb6da5d0d74cb13bbc39b1e1 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 3 Jun 2022 22:19:38 -0700 Subject: [PATCH 283/540] fix links --- ...-in-your-organization-modern-management.md | 6 +- windows/whats-new/index.yml | 4 +- .../ltsc/whats-new-windows-10-2019.md | 114 +++++++++--------- 3 files changed, 62 insertions(+), 62 deletions(-) diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index dc5a1ff7d3..0f27f3d1d1 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -50,11 +50,11 @@ With Windows 10, you can continue to use traditional OS deployment, but you can - Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/). -- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](../configuration/provisioning-packages/provisioning-packages.md). +- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages). - Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction). -You have multiple options for [upgrading to Windows 10](../deployment/windows-10-deployment-scenarios.md). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today. +You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today. ## Identity and authentication @@ -80,7 +80,7 @@ You can envision user and device management as falling into these two categories - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device - - [Windows Hello for Business](../security/identity-protection/hello-for-business/hello-identity-verification.md) + - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) - Windows Hello diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 9e477c69e8..3d11bd96e3 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -58,9 +58,9 @@ landingContent: - text: Windows 10 update history url: https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb - text: Windows 10 features we're no longer developing - url: ../deployment/planning/windows-10-deprecated-features.md + url: /windows/deployment/planning/windows-10-deprecated-features - text: Features and functionality removed in Windows 10 - url: ../deployment/planning/windows-10-removed-features.md + url: /windows/deployment/planning/windows-10-removed-features - text: Compare Windows 10 Editions url: https://www.microsoft.com/windowsforbusiness/compare - text: Windows 10 Enterprise LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 136ed178a7..b9b20a8fd0 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -34,7 +34,7 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use ## Microsoft Intune -Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, Windows 10 update rings device profiles don't support LTSC releases. For installing software updates, use the [policy configuration service provider (CSP)](../../client-management/mdm/policy-csp-update.md), Windows Server Update Services (WSUS), or Microsoft Endpoint Configuration Manager. +Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, Windows 10 update rings device profiles don't support LTSC releases. For installing software updates, use the [policy configuration service provider (CSP)](/windows/client-management/mdm/policy-csp-update), Windows Server Update Services (WSUS), or Microsoft Endpoint Configuration Manager. ## Security @@ -60,12 +60,12 @@ Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) process ##### Windows Defender Device Guard -[Device Guard](../../security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) has always been a collection of technologies that can be combined to lock down a PC, including: +[Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: - Software-based protection provided by code integrity policies - Hardware-based protection provided by Hypervisor-protected code integrity (HVCI) -But these protections can also be configured separately. And, unlike HVCI, code integrity policies don't require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](../../security/threat-protection/windows-defender-application-control/windows-defender-application-control.md). +But these protections can also be configured separately. And, unlike HVCI, code integrity policies don't require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control). ### Next-gen protection @@ -73,7 +73,7 @@ But these protections can also be configured separately. And, unlike HVCI, code Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Microsoft Defender for Endpoint portal. -Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint. Other policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](../../security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus). +Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint. Other policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus). We've also [increased the breadth of the documentation library for enterprise security admins](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows). The new library includes information on: @@ -163,21 +163,21 @@ Improvements have been added to Windows Information Protection and BitLocker. Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](../../security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](../../security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md). +Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure). -You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](../../security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md). +You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs). This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive files on-demand for the enterprise](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/onedrive-files-on-demand-for-the-enterprise/ba-p/117234). ### BitLocker -The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](../../security/information-protection/bitlocker/bitlocker-group-policy-settings.md#configure-minimum-pin-length-for-startup). +The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#configure-minimum-pin-length-for-startup). #### Silent enforcement on fixed drives Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (Azure AD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Azure AD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don't pass the HSTI. -This change is an update to the [BitLocker CSP](../../client-management/mdm/bitlocker-csp.md) and used by Intune and others. +This change is an update to the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) and used by Intune and others. ### Identity protection @@ -187,13 +187,13 @@ Improvements have been added are to Windows Hello for Business and Credential Gu New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you aren't present. -New features in [Windows Hello for Business](../../security/identity-protection/hello-for-business/hello-identity-verification.md) include: +New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) include: - You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](/mem/intune). -- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more information, see [What if I forget my PIN?](../../security/identity-protection/hello-for-business/hello-feature-pin-reset.md). +- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more information, see [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset). -[Windows Hello for Business](../../security/identity-protection/hello-for-business/index.yml) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). +[Windows Hello for Business](/windows/security/identity-protection/hello-for-business/index) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). - Windows Hello is now password-less on S-mode. @@ -218,13 +218,13 @@ Windows Defender Credential Guard has always been an optional feature, but Windo > [!NOTE] > Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. -For more information, see [Credential Guard Security Considerations](../../security/identity-protection/credential-guard/credential-guard-requirements.md#security-considerations). +For more information, see [Credential Guard Security Considerations](/windows/security/identity-protection/credential-guard/credential-guard-requirements#security-considerations). ### Other security improvements #### Windows security baselines -Microsoft has released new [Windows security baselines](../../security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security effect. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](../../security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md). +Microsoft has released new [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security effect. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10). #### SMBLoris vulnerability @@ -244,14 +244,14 @@ WSC now includes the Fluent Design System elements you know and love. You'll als #### Group policy security options -The security setting [**Interactive logon: Display user information when the session is locked**](../../security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md) has been updated to work with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. +The security setting [**Interactive logon: Display user information when the session is locked**](/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. A new security policy setting -[**Interactive logon: Don't display username at sign-in**](../../security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign-in. It works with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. +[**Interactive logon: Don't display username at sign-in**](/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign-in. It works with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. #### Windows 10 in S mode -We've continued to work on the **Current threats** area in [Virus & threat protection](../../security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md), which now displays all threats that need action. You can quickly take action on threats from this screen: +We've continued to work on the **Current threats** area in [Virus & threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: :::image type="content" source="../images/virus-and-threat-protection.png" alt-text="Screenshot of the Virus & threat protection settings in Windows."::: @@ -265,7 +265,7 @@ The GPT partition format is newer and enables the use of larger and more disk pa Other security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. -For more information, see [MBR2GPT.EXE](../../deployment/mbr-to-gpt.md). +For more information, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). ### DISM @@ -314,7 +314,7 @@ Portions of the work done during the offline phases of a Windows update have bee ### SetupDiag -[SetupDiag](../../deployment/upgrade/setupdiag.md) is a new command-line tool that can help diagnose why a Windows 10 update failed. +[SetupDiag](/windows/deployment/upgrade/setupdiag) is a new command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When it searches log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. @@ -322,7 +322,7 @@ SetupDiag works by searching Windows Setup log files. When it searches log files ### Faster sign-in to a Windows 10 shared pc -If you have shared devices deployed in your work place, **Fast sign-in** enables users to quickly sign in to a [shared Windows 10 PC](../../configuration/set-up-shared-or-guest-pc.md). +If you have shared devices deployed in your work place, **Fast sign-in** enables users to quickly sign in to a [shared Windows 10 PC](/windows/configuration/set-up-shared-or-guest-pc). #### To enable fast sign-in @@ -358,17 +358,17 @@ Update Compliance is a solution built using OMS Log Analytics that provides info New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. -For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../../deployment/update/update-compliance-monitor.md). +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). ## Accessibility and privacy ### Accessibility -"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](../../configuration/windows-10-accessibility-for-itpros.md). Also see the accessibility section in [What's new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/). +"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in [What's new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/). ### Privacy -In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](../../privacy/diagnostic-data-viewer-overview.md) app. +In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](/windows/privacy/diagnostic-data-viewer-overview) app. ## Configuration @@ -378,13 +378,13 @@ The new chromium-based Microsoft Edge has many improvements targeted to kiosks. Internet Explorer is included in Windows 10 LTSC releases as its feature set isn't changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release. -If you wish to take advantage of [Kiosk capabilities in Microsoft Edge](/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](../../configuration/kiosk-methods.md) with a semi-annual release channel. +If you wish to take advantage of [Kiosk capabilities in Microsoft Edge](/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](/windows/configuration/kiosk-methods) with a semi-annual release channel. ### Co-management -Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](../../client-management/mdm/policy-csp-controlpolicyconflict.md) policy, to enable easier transition to cloud-based management. +Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. -For more information, see [What's New in MDM enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). +For more information, see [What's New in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management). ### OS uninstall period @@ -392,7 +392,7 @@ The OS uninstall period is a length of time that users are given when they can o ### Azure Active Directory join in bulk -Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](../../configuration/provisioning-packages/provisioning-packages.md#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. +Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. ### Windows Spotlight @@ -402,19 +402,19 @@ The following new group policy and mobile device management (MDM) settings are a - **Do not use diagnostic data for tailored experiences** - **Turn off the Windows Welcome Experience** -For more information, see [Configure Windows Spotlight on the lock screen](../../configuration/windows-spotlight.md). +For more information, see [Configure Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). ### Start and taskbar layout -Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](../../configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md). +Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). -[More MDM policy settings are available for Start and taskbar layout](../../configuration/windows-10-start-layout-options-and-policies.md). New MDM policy settings include: +[More MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include: -- Settings for the User tile: [**Start/HideUserTile**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideusertile), [**Start/HideSwitchAccount**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideswitchaccount), [**Start/HideSignOut**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidesignout), [**Start/HideLock**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidelock), and [**Start/HideChangeAccountSettings**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidechangeaccountsettings) +- Settings for the User tile: [**Start/HideUserTile**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile), [**Start/HideSwitchAccount**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount), [**Start/HideSignOut**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout), [**Start/HideLock**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock), and [**Start/HideChangeAccountSettings**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) -- Settings for Power: [**Start/HidePowerButton**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidepowerbutton), [**Start/HideHibernate**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidehibernate), [**Start/HideRestart**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderestart), [**Start/HideShutDown**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideshutdown), and [**Start/HideSleep**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidesleep) +- Settings for Power: [**Start/HidePowerButton**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton), [**Start/HideHibernate**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate), [**Start/HideRestart**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart), [**Start/HideShutDown**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown), and [**Start/HideSleep**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) -- Other new settings: [**Start/HideFrequentlyUsedApps**](../../client-management/mdm/policy-configuration-service-provider.md#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](../../client-management/mdm/policy-configuration-service-provider.md#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](../../client-management/mdm/policy-configuration-service-provider.md#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](../../client-management/mdm/policy-configuration-service-provider.md#settings-pagevisibilitylist), and [**Start/HideAppsList**](../../client-management/mdm/policy-configuration-service-provider.md#start-hideapplist). +- Other new settings: [**Start/HideFrequentlyUsedApps**](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](/windows/client-management/mdm/policy-configuration-service-provider#settings-pagevisibilitylist), and [**Start/HideAppsList**](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist). ## Windows Update @@ -426,7 +426,7 @@ You can now register your Azure AD domains to the Windows Insider Program. For m ### Optimize update delivery -With changes delivered in Windows 10 Enterprise LTSC 2019, [express updates](../../deployment/do/waas-optimize-windows-10-updates.md#express-update-delivery) are now fully supported with Configuration Manager. It's also supported with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This support is in addition to current express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10 Enterprise LTSC 2019, [express updates](/windows/deployment/do/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Configuration Manager. It's also supported with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This support is in addition to current express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. @@ -435,13 +435,13 @@ Delivery Optimization policies now enable you to configure other restrictions to Added policies include: -- [Allow uploads while the device is on battery while under set Battery level](../../deployment/do/waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) -- [Enable Peer Caching while the device connects via VPN](../../deployment/do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) -- [Minimum RAM (inclusive) allowed to use Peer Caching](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-ram-allowed-to-use-peer-caching) -- [Minimum disk size allowed to use Peer Caching](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-disk-size-allowed-to-use-peer-caching) -- [Minimum Peer Caching Content File Size](../../deployment/do/waas-delivery-optimization-reference.mdn#minimum-peer-caching-content-file-size) +- [Allow uploads while the device is on battery while under set Battery level](/windows/deployment/do/waas-delivery-optimization-reference#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) +- [Enable Peer Caching while the device connects via VPN](/windows/deployment/do/waas-delivery-optimization-reference#enable-peer-caching-while-the-device-connects-via-vpn) +- [Minimum RAM (inclusive) allowed to use Peer Caching](/windows/deployment/do/waas-delivery-optimization-reference#minimum-ram-allowed-to-use-peer-caching) +- [Minimum disk size allowed to use Peer Caching](/windows/deployment/do/waas-delivery-optimization-reference#minimum-disk-size-allowed-to-use-peer-caching) +- [Minimum Peer Caching Content File Size](/windows/deployment/do/waas-delivery-optimization-reference#minimum-peer-caching-content-file-size) -For more information, see [Configure Delivery Optimization for Windows updates](../../deployment/do/waas-delivery-optimization.md). +For more information, see [Configure Delivery Optimization for Windows updates](/windows/deployment/do/waas-delivery-optimization). ### Uninstalled in-box apps no longer automatically reinstall @@ -453,33 +453,33 @@ Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 m ### New MDM capabilities -Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](../../configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful group policy settings via MDM. For more information, see [Policy CSP - ADMX-backed policies](../../client-management/mdm/policy-configuration-service-provider.md). +Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful group policy settings via MDM. For more information, see [Policy CSP - ADMX-backed policies](/windows/client-management/mdm/policy-configuration-service-provider). Some of the other new CSPs are: -- The [DynamicManagement CSP](../../client-management/mdm/dynamicmanagement-csp.md) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can't reach the management server when the location or network changes. The dynamic management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. +- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can't reach the management server when the location or network changes. The dynamic management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. -- The [CleanPC CSP](../../client-management/mdm/cleanpc-csp.md) allows removal of user-installed and pre-installed applications, with the option to persist user data. +- The [CleanPC CSP](/windows/client-management/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data. -- The [BitLocker CSP](../../client-management/mdm/bitlocker-csp.md) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. +- The [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. -- The [NetworkProxy CSP](../../client-management/mdm/networkproxy-csp.md) is used to configure a proxy server for ethernet and Wi-Fi connections. +- The [NetworkProxy CSP](/windows/client-management/mdm/networkproxy-csp) is used to configure a proxy server for ethernet and Wi-Fi connections. -- The [Office CSP](../../client-management/mdm/office-csp.md) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options). +- The [Office CSP](/windows/client-management/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options). -- The [EnterpriseAppVManagement CSP](../../client-management/mdm/enterpriseappvmanagement-csp.md) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. +- The [EnterpriseAppVManagement CSP](/windows/client-management/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. -For more information, see [What's new in mobile device enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). +For more information, see [What's new in mobile device enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management). -MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](../../client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md). +MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). -Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](../../client-management/mdm/new-in-windows-mdm-enrollment-management.md). +Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management). ### Mobile application management support for Windows 10 The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise LTSC 2019. -For more info, see [Implement server-side support for mobile application management on Windows](../../client-management/mdm/implement-server-side-mobile-application-management.md). +For more info, see [Implement server-side support for mobile application management on Windows](/windows/client-management/mdm/implement-server-side-mobile-application-management). ### MDM diagnostics @@ -491,17 +491,17 @@ Previous versions of the Microsoft Application Virtualization Sequencer (App-V S For more information, see the following articles: -- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-provision-a-vm.md) -- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-batch-sequencing.md) -- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](../../application-management/app-v/appv-auto-batch-updating.md) -- [Automatically cleanup unpublished packages on the App-V client](../../application-management/app-v/appv-auto-clean-unpublished-packages.md) +- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm) +- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-sequencing) +- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-updating) +- [Automatically cleanup unpublished packages on the App-V client](/windows/application-management/app-v/appv-auto-clean-unpublished-packages) ### Windows diagnostic data Learn more about the diagnostic data that's collected at the Basic level and some examples of the types of data that is collected at the Full level. -- [Windows 10, version 1703 basic level Windows diagnostic events and fields](../../privacy/basic-level-windows-diagnostic-events-and-fields-1703.md) -- [Windows 10, version 1703 diagnostic data](../../privacy/windows-diagnostic-data-1703.md) +- [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) +- [Windows 10, version 1703 diagnostic data](/windows/privacy/windows-diagnostic-data-1703) ### Group policy spreadsheet @@ -511,7 +511,7 @@ Learn about the new group policies that were added in Windows 10 Enterprise LTSC ### Mixed reality apps -This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](../../application-management/manage-windows-mixed-reality.md). +This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](/windows/application-management/manage-windows-mixed-reality). ## Networking From 72700ff5cf69fbc9eeca209be96a5ea491c20a8b Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 3 Jun 2022 22:26:18 -0700 Subject: [PATCH 284/540] fix build suggestions --- smb/breadcrumb/toc.yml | 3 ++- windows/security/TOC.yml | 16 ++++++++-------- .../bitlocker/bitlocker-recovery-loop-break.md | 11 +++-------- .../md-app-guard-browser-extension.md | 7 ++----- 4 files changed, 15 insertions(+), 22 deletions(-) diff --git a/smb/breadcrumb/toc.yml b/smb/breadcrumb/toc.yml index 3fc3bfeaee..317dcb4c3b 100644 --- a/smb/breadcrumb/toc.yml +++ b/smb/breadcrumb/toc.yml @@ -1,10 +1,11 @@ +items: - name: Docs tocHref: / topicHref: / items: - name: Windows tocHref: /windows - topicHref: https://docs.microsoft.com/windows/#pivot=it-pro + topicHref: /windows/resources/ items: - name: SMB tocHref: /windows/smb diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index 7d7f56a09d..2871ffa4fd 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -192,19 +192,19 @@ - name: Overview href: threat-protection/index.md - name: Microsoft Defender Antivirus - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows + href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows - name: Attack surface reduction rules - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction + href: /microsoft-365/security/defender-endpoint/attack-surface-reduction - name: Tamper protection - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection + href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection - name: Network protection - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection + href: /microsoft-365/security/defender-endpoint/network-protection - name: Controlled folder access - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders + href: /microsoft-365/security/defender-endpoint/controlled-folders - name: Exploit protection - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection + href: /microsoft-365/security/defender-endpoint/exploit-protection - name: Microsoft Defender for Endpoint - href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint + href: /microsoft-365/security/defender-endpoint - name: More Windows security items: - name: Override Process Mitigation Options to help enforce app-related security policies @@ -394,7 +394,7 @@ - name: Overview href: cloud.md - name: Mobile device management - href: https://docs.microsoft.com/windows/client-management/mdm/ + href: /windows/client-management/mdm/ - name: Windows 365 Cloud PCs href: /windows-365/overview - name: Azure Virtual Desktop diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index c059f9b372..a79fb8665e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -1,16 +1,11 @@ --- title: Breaking out of a Bitlocker recovery loop -description: This topic for IT professionals describes how to break out of a Bitlocker recovery loop. -ms.assetid: #c40f87ac-17d3-47b2-afc6-6c641f72ecee +description: This article for IT professionals describes how to break out of a Bitlocker recovery loop. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -ms.author: v-maave -author: dansimp +author: aczechowski +ms.author: aaroncz manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index 2b7a3193ab..e23b8ba8ad 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -2,12 +2,9 @@ title: Microsoft Defender Application Guard Extension description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers. ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -author: martyav -ms.author: v-maave +author: aczechowski +ms.author: aaroncz ms.date: 09/09/2021 ms.reviewer: manager: dansimp From f6e2025a363b77a7649e7ac1db403d17bec826df Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 3 Jun 2022 22:38:41 -0700 Subject: [PATCH 285/540] Acrolinx --- .../bitlocker-recovery-loop-break.md | 10 +++---- .../md-app-guard-browser-extension.md | 28 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index a79fb8665e..f86f657b67 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -1,6 +1,6 @@ --- -title: Breaking out of a Bitlocker recovery loop -description: This article for IT professionals describes how to break out of a Bitlocker recovery loop. +title: Breaking out of a BitLocker recovery loop +description: This article for IT professionals describes how to break out of a BitLocker recovery loop. ms.prod: m365-security ms.localizationpriority: medium author: aczechowski @@ -14,11 +14,11 @@ ms.date: 10/28/2019 ms.custom: bitlocker --- -# Breaking out of a Bitlocker recovery loop +# Breaking out of a BitLocker recovery loop -Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This can be very frustrating. +Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This experience can be frustrating. -If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. +If you've entered the correct BitLocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. > [!NOTE] > Only try these steps after you have restarted your device at least once. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index e23b8ba8ad..ffd97aa5cd 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -57,24 +57,24 @@ Both Chrome and Firefox have their own browser-specific group policies. We recom #### Chrome policies -These policies can be found along the filepath, *Software\Policies\Google\Chrome\\*, with each policy name corresponding to the file name (e.g., IncognitoModeAvailability is located at *Software\Policies\Google\Chrome\IncognitoModeAvailability*). +These policies can be found along the filepath, `Software\Policies\Google\Chrome\`, with each policy name corresponding to the file name. For example, `IncognitoModeAvailability` is located at `Software\Policies\Google\Chrome\IncognitoModeAvailability`. Policy name | Values | Recommended setting | Reason -|-|-|- -[IncognitoModeAvailability](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IncognitoModeAvailability) | `0` = Enabled
    `1` = Disabled
    `2` = Forced (i.e. forces pages to only open in Incognito mode) | Disabled | This policy allows users to start Chrome in Incognito mode. In this mode, all extensions are turned off by default. -[BrowserGuestModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserGuestModeEnabled) | `false` or `0` = Disabled
    `true`, `1`, or not configured = Enabled | Disabled | This policy allows users to login as *Guest*, which opens a session in Incognito mode. In this mode, all extensions are turned off by default. -[BackgroundModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BackgroundModeEnabled) | `false` or `0` = Disabled
    `true` or `1` = Enabled

    **Note:** If this policy is not set, the user can enable or disable background mode through local browser settings. | Enabled | This policy keeps Chrome running in the background, ensuring that navigation is always passed to the extension. +[IncognitoModeAvailability](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IncognitoModeAvailability) | `0` = Enabled
    `1` = Disabled
    `2` = Forces pages to only open in Incognito mode | Disabled | This policy allows users to start Chrome in Incognito mode. In this mode, all extensions are turned off by default. +[BrowserGuestModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserGuestModeEnabled) | `false` or `0` = Disabled
    `true`, `1`, or not configured = Enabled | Disabled | This policy allows users to sign in as *Guest*, which opens a session in Incognito mode. In this mode, all extensions are turned off by default. +[BackgroundModeEnabled](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BackgroundModeEnabled) | `false` or `0` = Disabled
    `true` or `1` = Enabled

    **Note:** If this policy isn't set, the user can enable or disable background mode through local browser settings. | Enabled | This policy keeps Chrome running in the background, ensuring that navigation is always passed to the extension. [ExtensionSettings](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings) | This policy accepts a dictionary that configures multiple other management settings for Chrome. See the [Google Cloud documentation](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings) for complete schema. | Include an entry for `force_installed` | This policy prevents users from manually removing the extension. #### Firefox policies -These policies can be found along the filepath, *Software\Policies\Mozilla\Firefox\\*, with each policy name corresponding to the file name (e.g., DisableSafeMode is located at *Software\Policies\Mozilla\Firefox\DisableSafeMode*). +These policies can be found along the filepath, `Software\Policies\Mozilla\Firefox\`, with each policy name corresponding to the file name. Foe example, `DisableSafeMode` is located at `Software\Policies\Mozilla\Firefox\DisableSafeMode`. Policy name | Values | Recommended setting | Reason -|-|-|- -[DisableSafeMode](https://github.com/mozilla/policy-templates/blob/master/README.md#DisableSafeMode) | `false` or `0` = Safe mode is enabled
    `true` or `1` = Safe mode is disabled | True (i.e. the policy is enabled and Safe mode is *not* allowed to run) | Safe mode can allow users to circumvent Application Guard -[BlockAboutConfig](https://github.com/mozilla/policy-templates/blob/master/README.md#BlockAboutConfig) | `false` or `0` = User access to *about:config* is allowed
    `true` or `1` = User access to *about:config* is not allowed | True (i.e. the policy is enabled and access to about:config is *not* allowed) | *About:config* is a special page within Firefox that offers control over many settings that may compromise security -[Extensions - Locked](https://github.com/mozilla/policy-templates/blob/master/README.md#Extensions) | This setting accepts a list of UUIDs for extensions (these can be found by searching `extensions.webextensions.uuids` within the about:config page) | Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "`ApplicationGuardRel@microsoft.com`" | This setting allows you to lock the extension, so the user cannot disable or uninstall it. +[DisableSafeMode](https://github.com/mozilla/policy-templates/blob/master/README.md#DisableSafeMode) | `false` or `0` = Safe mode is enabled
    `true` or `1` = Safe mode is disabled | The policy is enabled and Safe mode isn't allowed to run. | Safe mode can allow users to circumvent Application Guard +[BlockAboutConfig](https://github.com/mozilla/policy-templates/blob/master/README.md#BlockAboutConfig) | `false` or `0` = User access to `about:config` is allowed
    `true` or `1` = User access to `about:config` isn't allowed | The policy is enabled and access to `about:config` isn't allowed. | `About:config` is a special page within Firefox that offers control over many settings that may compromise security +[Extensions - Locked](https://github.com/mozilla/policy-templates/blob/master/README.md#Extensions) | This setting accepts a list of UUIDs for extensions. You can find these extensions by searching `extensions.webextensions.uuids` within the `about:config` page) | Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "`ApplicationGuardRel@microsoft.com`" | This setting allows you to lock the extension, so the user can't disable or uninstall it. ## Troubleshooting guide @@ -82,15 +82,15 @@ Policy name | Values | Recommended setting | Reason Error message | Cause | Actions -|-|- -Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | 1. Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot
    2. If the companion app is already installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and re-install the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser +Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | 1. Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot
    2. If the companion app is already installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and reinstall the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser ExceptionThrown | An unexpected exception was thrown. | 1. [File a bug](https://aka.ms/wdag-fb)
    2. Retry the operation Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | 1. Restart the browser
    2. Check for updates in both the Microsoft store and the respective web store for the affected browser -Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running. | 1. Make sure the companion app is installed
    2. If the companion app is installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and re-install the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser +Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This error can be caused by the companion app being uninstalled while Chrome was running. | 1. Make sure the companion app is installed
    2. If the companion app is installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and reinstall the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | 1. [File a bug](https://aka.ms/wdag-fb)
    2. Retry the operation -Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running.| 1. Make sure the companion app is installed.
    2. If the companion app is installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and re-install the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser -Protocol out of sync | The extension and native app cannot communicate with each other. This is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store, and the web store for the affected browser -Security patch level does not match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store, and the web store for the affected browser -Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | 1. [File a bug](https://aka.ms/wdag-fb)
    2. Check if Edge is working
    3. Retry the operation +Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This error can be caused by the companion app being uninstalled while Chrome was running.| 1. Make sure the companion app is installed.
    2. If the companion app is installed, reboot and see if that resolves the error
    3. If you still see the error after rebooting, uninstall and reinstall the companion app
    4. Check for updates in both the Microsoft store and the respective web store for the affected browser +Protocol out of sync | The extension and native app can't communicate with each other. This error is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store, and the web store for the affected browser +Security patch level doesn't match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store, and the web store for the affected browser +Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | 1. [File a bug](https://aka.ms/wdag-fb)
    2. Check if Microsoft Edge is working
    3. Retry the operation ## Related articles From 55528d133e34cc8c1f036d851f59db018408a68f Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 3 Jun 2022 22:44:03 -0700 Subject: [PATCH 286/540] fix anchor --- .../client-management/advanced-troubleshooting-boot-problems.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index ab407fcb62..817cffb7c0 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -41,7 +41,7 @@ There are several reasons why a Windows-based computer may have problems during The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START. -     + Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger. From 0477d0aa3e87f64f7a17d1bd1d02995cf2dc68ee Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Mon, 6 Jun 2022 04:37:52 +0200 Subject: [PATCH 287/540] #9512 #9512 --- ...ender-application-control-with-intelligent-security-graph.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 36aa766318..236bd03cbc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -24,7 +24,7 @@ ms.technology: windows-sec - Windows 10 - Windows 11 -- Windows Server 2016 and above +- Windows Server 2019 and above > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). From 719bb3df53b4f0234ffea0a0adbc01d88120908b Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Mon, 6 Jun 2022 05:37:45 +0200 Subject: [PATCH 288/540] #9812 #9812 Bytes should be the correct abbreviation because it can never be bits. --- .../microsoft-defender-application-guard/faq-md-app-guard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index e99bc8205f..cb8c459803 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -98,7 +98,7 @@ sections: - question: | Is there a size limit to the domain lists that I need to configure? answer: | - Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 16383-B limit. + Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 1,6383 Bytes limit. - question: | Why does my encryption driver break Microsoft Defender Application Guard? From 47322e6868a44bbb87edf7abe392f16f14aaf317 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 6 Jun 2022 10:16:47 +0530 Subject: [PATCH 289/540] Update dmclient-csp.md --- windows/client-management/mdm/dmclient-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 9cf97ddc87..140f4c8884 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -545,7 +545,7 @@ The values are : 0= none, 1= sequential, anything else= parallel. Supported operations are Get, Add, Replace and Delete. -Value type is integer. Only applicable for Windows 10 multi-session. +Value type is integer. Only applicable for Windows Enterprise multi-session. **Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync** @@ -557,7 +557,7 @@ The values are : 0= none, 1= sequential, anything else= parallel. Supported operations are Get, Add, Replace and Delete. -Value type is integer. Only applicable for Windows 10 multi-session. +Value type is integer. Only applicable for Windows Enterprise multi-session. **Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession** Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`. From f3e1565cbce5521c3a7503b67d911878389ce7b8 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 6 Jun 2022 15:11:11 +0530 Subject: [PATCH 290/540] Improper acronyms review updates-03 --- ...ct-data-using-enterprise-site-discovery.md | 6 +- ...ct-data-using-enterprise-site-discovery.md | 6 +- education/windows/change-history-edu.md | 2 +- .../mdm/applicationcontrol-csp.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- .../mdm/dmclient-ddf-file.md | 6 +- .../mdm/enterprisedesktopappmanagement-csp.md | 2 +- .../mdm/mdm-enrollment-of-windows-devices.md | 4 +- .../mdm/policy-csp-admx-tpm.md | 2 +- ...update-compliance-delivery-optimization.md | 2 +- ...-compliance-schema-waasdeploymentstatus.md | 2 +- ...ate-compliance-schema-waasinsiderstatus.md | 2 +- ...date-compliance-schema-waasupdatestatus.md | 2 +- .../update-compliance-schema-wudostatus.md | 2 +- ...ndows-diagnostic-events-and-fields-1703.md | 8 +- ...ndows-diagnostic-events-and-fields-1709.md | 8 +- ...ndows-diagnostic-events-and-fields-1803.md | 8 +- ...ndows-diagnostic-events-and-fields-1809.md | 26 ++-- ...ndows-diagnostic-events-and-fields-1903.md | 30 ++-- ...windows-11-diagnostic-events-and-fields.md | 138 +++++++++--------- ...-diagnostic-data-events-and-fields-2004.md | 30 ++-- .../hello-hybrid-aadj-sso.md | 4 +- .../bitlocker-management-for-enterprises.md | 2 +- ...e-wdac-policy-for-fully-managed-devices.md | 2 +- ...wdac-policy-for-lightly-managed-devices.md | 2 +- .../best-practices-configuring.md | 3 +- 26 files changed, 152 insertions(+), 151 deletions(-) diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index 10d59733dd..9e5e461261 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -352,14 +352,14 @@ You can collect your hardware inventory using the using the Systems Management S Your environment is now ready to collect your hardware inventory and review the sample reports. ## View the sample reports with your collected data -The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. +The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. -### SCCM Report Sample – ActiveX.rdl +### Configuration Manager Report Sample – ActiveX.rdl Gives you a list of all of the ActiveX-related sites visited by the client computer. ![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png) -### SCCM Report Sample – Site Discovery.rdl +### Configuration Manager Report Sample – Site Discovery.rdl Gives you a list of all of the sites visited by the client computer. ![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png) diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 8cef068687..63709888c6 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -356,14 +356,14 @@ You can collect your hardware inventory using the using the Systems Management S Your environment is now ready to collect your hardware inventory and review the sample reports. ## View the sample reports with your collected data -The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. +The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. -### SCCM Report Sample – ActiveX.rdl +### Configuration Manager Report Sample – ActiveX.rdl Gives you a list of all of the ActiveX-related sites visited by the client computer. ![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png) -### SCCM Report Sample – Site Discovery.rdl +### Configuration Manager Report Sample – Site Discovery.rdl Gives you a list of all of the sites visited by the client computer. ![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png) diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index 9a828c6755..68e0429bb0 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -135,7 +135,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | New or changed topic | Description| | --- | --- | | [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. | -|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. | +|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. | ## June 2016 diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 02eb0f514c..a34f03cbd5 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -302,7 +302,7 @@ An example of Delete command is: ## PowerShell and WMI Bridge Usage Guidance -The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md). +The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md). ### Setup for using the WMI Bridge diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 3a3752cebe..47a19b5424 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -473,7 +473,7 @@ Default is 1, meaning the MDM enrollment is the “winning” authority for conf Support operations are Get and Set. **Provider/*ProviderID*/LinkedEnrollment/Enroll** -This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJ’ed device. There is no user interaction needed. +This is an execution node and will trigger a silent MMP-C enrollment, using the Azure Active Directory device token pulled from the Azure AD-joined device. There is no user interaction needed. Support operation is Exec. diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 9121cdc2b4..7c517ea512 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -1661,7 +1661,7 @@ The XML below is for Windows 10, version 1803. 0 - Device Only. This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available. + Device Only. This node determines whether or not the MDM progress page is blocking in the Azure Active Directory-joined or DJ++ case, as well as which remediation options are available. @@ -1740,7 +1740,7 @@ The XML below is for Windows 10, version 1803. true - Device only. This node decides wheter or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE. + Device only. This node decides whether or not the MDM device progress page skips after Azure Active Directory-joined or Hybrid Azure AD-joined in OOBE. @@ -1766,7 +1766,7 @@ The XML below is for Windows 10, version 1803. false - Device only. This node decides wheter or not the MDM user progress page skips after AADJ or DJ++ after user login. + Device only. This node decides wheter or not the MDM user progress page skips after Azure Active Directory-joined or DJ++ after user login. diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 8fe5f44ab9..4b5ab02de2 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -376,7 +376,7 @@ For Intune standalone environment, the MSI package will determine the MSI execut |User|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per-user
    LocURI contains a User prefix, such as ./User| |System|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per-user
    LocURI contains a User prefix, such as ./User| -The following table applies to SCCM hybrid environment. +The following table applies to Configuration Manager hybrid environment: |Target|Per-user MSI|Per-machine MSI|Dual mode MSI| |--- |--- |--- |--- | diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 632623eed5..e5f2f80774 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -274,7 +274,7 @@ The deep link used for connecting your device to work will always use the follow | Parameter | Description | Supported Value for Windows 10| |-----------|--------------------------------------------------------------|----------------------------------------------| -| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ). | +| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined. | |username | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string | | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string| | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string | @@ -283,7 +283,7 @@ The deep link used for connecting your device to work will always use the follow | ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned | > [!NOTE] -> AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later. +> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later. ### Connect to MDM using a deep link diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index bee67da425..35fe568d58 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -327,7 +327,7 @@ ADMX Info: -This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows. +This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or Configuration Manager), and won't interfere with their workflows. diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index bc2ce23a6f..2cdda7c206 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -49,4 +49,4 @@ The table breaks down the number of bytes from each download source into specifi The download sources that could be included are: - LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used) -- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. +- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an Configuration Manager Distribution Point for Express Updates. diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md index 116ada644d..3daf7dc079 100644 --- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md @@ -20,7 +20,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on |Field |Type |Example |Description | |-|-|-----|------------------------| |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enroll devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). | -|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | +|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | |**DeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). | |**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. | |**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. | diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md index 92aa00c0d8..2bfbab07ac 100644 --- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md @@ -21,7 +21,7 @@ WaaSInsiderStatus records contain device-centric data and acts as the device rec |Field |Type |Example |Description | |--|--|---|--| |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this value appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). | -|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This value is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | +|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This value is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | |**OSArchitecture** |[string](/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. | |**OSName** |[string](/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This value will always be Windows 10 for Update Compliance. | |**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This value typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This value maps to the `Major` portion of OSBuild. | diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md index 9e0d7a5b83..52b4b8c580 100644 --- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md +++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md @@ -20,7 +20,7 @@ WaaSUpdateStatus records contain device-centric data and acts as the device reco |Field |Type |Example |Description | |--|-|----|------------------------| |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). | -|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | +|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | |**DownloadMode** |[string](/azure/kusto/query/scalar-data-types/string) |`Simple (99)` |The device's Delivery Optimization DownloadMode. To learn about possible values, see [Delivery Optimization Reference - Download mode](../do/waas-delivery-optimization-reference.md#download-mode) | |**FeatureDeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.
    - **<0**: A value below 0 indicates the policy is disabled.
    - **0**: A value of 0 indicates the policy is enabled, but the deferral period is zero days.
    - **1+**: A value of 1 and above indicates the deferral setting, in days. | |**FeaturePauseDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |*Deprecated* This provides the count of days left in a pause | diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md index 566ef0650a..82ab3a457c 100644 --- a/windows/deployment/update/update-compliance-schema-wudostatus.md +++ b/windows/deployment/update/update-compliance-schema-wudostatus.md @@ -25,7 +25,7 @@ These fields are briefly described in this article, to learn more about Delivery |Field |Type |Example |Description | |-|-|-|-| |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). | -|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | +|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | |**City** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate city device was in while downloading content, based on IP Address. | |**Country** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate country device was in while downloading content, based on IP Address. | |**ISP** |[string](/azure/kusto/query/scalar-data-types/string) | |The Internet Service Provider estimation. | diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index fe5f9e9510..501abd7c9d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1314,9 +1314,9 @@ The following fields are available: - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager (SCCM) environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier. +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier. ### Census.Firmware @@ -3140,7 +3140,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager). +- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. @@ -4412,7 +4412,7 @@ The following fields are available: - **DeviceIsMdmManaged** This device is MDM managed. - **IsNetworkAvailable** If the device network is not available. - **IsNetworkMetered** If network is metered. -- **IsSccmManaged** This device is SCCM managed. +- **IsSccmManaged** This device is managed by Configuration Manager . - **NewlyInstalledOs** OS is newly installed quiet period. - **PausedByPolicy** Updates are paused by policy. - **RecoveredFromRS3** Previously recovered from RS3. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index f20bf940f2..8563594473 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -1382,9 +1382,9 @@ The following fields are available: - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -3148,7 +3148,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager). +- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. @@ -4257,7 +4257,7 @@ The following fields are available: - **DeviceIsMdmManaged** This device is MDM managed. - **IsNetworkAvailable** If the device network is not available. - **IsNetworkMetered** If network is metered. -- **IsSccmManaged** This device is SCCM managed. +- **IsSccmManaged** This device is managed by Configuration Manager. - **NewlyInstalledOs** OS is newly installed quiet period. - **PausedByPolicy** Updates are paused by policy. - **RecoveredFromRS3** Previously recovered from RS3. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index fc82f5a509..1131c7979c 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1439,9 +1439,9 @@ The following fields are available: - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -4550,7 +4550,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager). +- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. @@ -5492,7 +5492,7 @@ The following fields are available: - **DeviceIsMdmManaged** This device is MDM managed. - **IsNetworkAvailable** If the device network is not available. - **IsNetworkMetered** If network is metered. -- **IsSccmManaged** This device is SCCM managed. +- **IsSccmManaged** This device is managed by Configuration Manager. - **NewlyInstalledOs** OS is newly installed quiet period. - **PausedByPolicy** Updates are paused by policy. - **RecoveredFromRS3** Previously recovered from RS3. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index e660f2df49..8e1ae7ee99 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -2171,9 +2171,9 @@ The following fields are available: - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -3362,7 +3362,7 @@ The following fields are available: - **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network. - **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device. - **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device. -- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date. +- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft System Center Configuration Manager to keep the operating system and applications up to date. - **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated. - **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications. - **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services). @@ -6058,7 +6058,7 @@ The following fields are available: - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. - **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected. - **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device. -- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager). +- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. - **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use. - **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress. - **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry. @@ -6820,7 +6820,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. @@ -6875,9 +6875,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -6936,8 +6936,8 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -9570,7 +9570,7 @@ The following fields are available: - **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. -- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. +- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is Azure Active Directory-joined. - **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined. - **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined. - **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU. @@ -9582,8 +9582,8 @@ The following fields are available: - **UnifiedInstallerDeviceIsMdmManagedHresult** The result code from checking whether a device is MDM managed. - **UnifiedInstallerDeviceIsProSku** Boolean indicating whether a device is Pro SKU. - **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU. -- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is SCCM managed. -- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is SCCM managed. +- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is managed by Configuration Manager. +- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is managed by Configuration Manager. - **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Windows Update for Business managed. - **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Windows Update for Business managed. - **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 2dd8d27ae5..7f3e3d6a3e 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -2355,9 +2355,9 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -3623,7 +3623,7 @@ The following fields are available: - **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network. - **IsDeviceOobeBlocked** Indicates whether the OOBE (Out of Box Experience) is blocked on the device. - **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device. -- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date. +- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft System Center Configuration Manager to keep the operating system and applications up to date. - **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated. - **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications. - **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services). @@ -6242,7 +6242,7 @@ The following fields are available: - **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. -- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. +- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is Azure Active Directory-joined. - **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined. - **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined. - **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU. @@ -6255,8 +6255,8 @@ The following fields are available: - **UnifiedInstallerDeviceIsMdmManagedHresult** The result code from checking whether a device is MDM managed. - **UnifiedInstallerDeviceIsProSku** Boolean indicating whether a device is Pro SKU. - **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU. -- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is SCCM managed. -- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is SCCM managed. +- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is managed by Configuration Manager. +- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is managed by Configuration Manager. - **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Windows Update for Business managed. - **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Windows Update for Business managed. - **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is. @@ -6614,7 +6614,7 @@ The following fields are available: - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MSIError** The last error that was encountered during a scan for updates. - **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 @@ -6739,7 +6739,7 @@ The following fields are available: - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." @@ -6873,7 +6873,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. @@ -6928,9 +6928,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -6990,9 +6990,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 084f8f8a9e..61f0ee30c2 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -1885,9 +1885,9 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -4871,7 +4871,7 @@ The following fields are available: - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MSIError** The last error that was encountered during a scan for updates. - **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 @@ -4965,7 +4965,7 @@ The following fields are available: - **IPVersion** Indicates whether the download took place over IPv4 or IPv6. - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." - **PackageFullName** The package name of the content. @@ -5075,7 +5075,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. @@ -5127,9 +5127,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -5192,9 +5192,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -6811,9 +6811,9 @@ The following fields are available: - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6). -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-For-Business target version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business target version is enabled on the device. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked. - **NumberOfLoop** Number of roundtrips the scan required. @@ -6859,9 +6859,9 @@ The following fields are available: - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **IntentPFNs** Intended application-set metadata for atomic update scenarios. - **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6). -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-For-Business target version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business target version is enabled on the device. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **MSIError** The last error encountered during a scan for updates. - **NetworkConnectivityDetected** 0 when IPv4 is detected, 1 when IPv6 is detected. @@ -6901,9 +6901,9 @@ The following fields are available: - **ExtendedStatusCode** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. - **FeatureUpdatePause** Failed Parse actions. - **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6). -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked. - **NumberOfLoop** Number of roundtrips the scan required. @@ -6962,10 +6962,10 @@ The following fields are available: - **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. - **EventInstanceID** A globally unique identifier for event instance. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBFederatedScanDisabled** Flag indicated is WU-for-Business FederatedScan is disabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBFederatedScanDisabled** Flag indicated is Windows Update for Business FederatedScan is disabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -6999,9 +6999,9 @@ The following fields are available: - **FeatureUpdatePausePeriod** Pause duration configured for feature OS updates on the device, in days. - **IntentPFNs** Intended application-set metadata for atomic update scenarios. - **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6). -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete. - **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked. @@ -7136,9 +7136,9 @@ The following fields are available: - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HostName** Identifies the hostname. - **IPVersion** Identifies the IP Connection Type version. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **NetworkCost** Identifies the network cost. - **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. - **PackageFullName** Package name of the content. @@ -7192,9 +7192,9 @@ The following fields are available: - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HostName** Identifies the hostname. - **IPVersion** Identifies the IP Connection Type version. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **NetworkCost** Identifies the network cost. - **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. - **PackageFullName** The package name of the content. @@ -7234,9 +7234,9 @@ The following fields are available: - **FlightBuildNumber** Indicates the build number of that flight. - **FlightId** The specific id of the flight the device is getting. - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **PackageFullName** The package name of the content. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -7269,9 +7269,9 @@ The following fields are available: - **FlightBuildNumber** Indicates the build number of that flight. - **FlightId** The specific id of the flight the device is getting. - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **PackageFullName** The package name of the content. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -7317,9 +7317,9 @@ The following fields are available: - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HostName** The hostname URL the content is downloading from. - **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6) -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device. - **NetworkCost** A flag indicating the cost of the network being used for downloading the update content. That could be one of the following values0x0 : Unkown0x1 : Network cost is unrestricted0x2 : Network cost is fixed0x4 : Network cost is variable0x10000 : Network cost over data limit0x20000 : Network cost congested0x40000 : Network cost roaming0x80000 : Network cost approaching data limit. - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be “metered”. - **PackageFullName** The package name of the content. @@ -7360,9 +7360,9 @@ The following fields are available: - **FlightBuildNumber** Indicates the build number of that flight. - **FlightId** The specific id of the flight the device is getting. - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **PackageFullName** The package name of the content. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -7409,9 +7409,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **MsiAction** Stage of MSI installation where it failed. - **MsiProductCode** Unique identifier of the MSI installer. @@ -7465,9 +7465,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **MsiAction** Stage of MSI installation where it failed. - **MsiProductCode** Unique identifier of the MSI installer. @@ -7521,9 +7521,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **MsiAction** Stage of MSI installation where it failed. - **MsiProductCode** Unique identifier of the MSI installer. @@ -7577,9 +7577,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **MsiAction** Stage of MSI installation where it failed. - **MsiProductCode** Unique identifier of the MSI installer. @@ -7633,9 +7633,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **MsiAction** Stage of MSI installation where it failed. - **MsiProductCode** Unique identifier of the MSI installer. @@ -7686,9 +7686,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -7735,9 +7735,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -7784,9 +7784,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index b37678708d..a8a77f6f06 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -1891,9 +1891,9 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier ### Census.Firmware @@ -4854,7 +4854,7 @@ The following fields are available: - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MSIError** The last error that was encountered during a scan for updates. - **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 @@ -4971,7 +4971,7 @@ The following fields are available: - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." @@ -5093,7 +5093,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. @@ -5145,9 +5145,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -5210,9 +5210,9 @@ The following fields are available: - **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. - **IsFirmware** Indicates whether an update was a firmware update. - **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -5774,7 +5774,7 @@ The following fields are available: - **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. -- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. +- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is Azure Active Directory-joined. - **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined. - **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined. - **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU. @@ -5787,8 +5787,8 @@ The following fields are available: - **UnifiedInstallerDeviceIsMdmManagedHresult** The result code from checking whether a device is MDM managed. - **UnifiedInstallerDeviceIsProSku** Boolean indicating whether a device is Pro SKU. - **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU. -- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is SCCM managed. -- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is SCCM managed. +- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is managed by Configuration Manager. +- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is managed by Configuration Manager. - **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Windows Update for Business managed. - **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Windows Update for Business managed. - **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is. @@ -5829,7 +5829,7 @@ The following fields are available: - **CV** Correlation vector. - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. - **PackageVersion** Current package version of remediation. -- **UpdateHealthToolsDeviceSccmManaged** Device is managed by SCCM. +- **UpdateHealthToolsDeviceSccmManaged** Device is managed by Configuration Manager. - **UpdateHealthToolsDeviceUbrChanged** 1 if the Ubr just changed, 0 otherwise. - **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index ddff708e26..87265d9ffb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -35,8 +35,8 @@ When using a key, the on-premises environment needs an adequate distribution of When using a certificate, the on-premises environment can use Windows Server 2008 R2 and later domain controllers, which removes the Windows Server 2016 domain controller requirement. However, single-sign on using a certificate requires additional infrastructure to issue a certificate when the user enrolls for Windows Hello for Business. Azure AD joined devices enroll certificates using Microsoft Intune or a compatible Mobile Device Management (MDM). Microsoft Intune and Windows Hello for Business use the Network Device Enrollment Services (NDES) role and support Microsoft Intune connector. -To deploy single sign-on for Azure AD joined devices using keys, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md). -To deploy single sign-on for Azure AD joined devices using certificates, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for AADJ On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). +To deploy single sign-on for Azure Active Directory-joined devices using keys, read and follow [Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md). +To deploy single sign-on for Azure Active Directory-joined devices using certificates, read and follow [Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for Azure Active Directory-joined On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). ## Related topics diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index c3f40de8e2..e5df19b1b9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -30,7 +30,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu ## Managing domain-joined computers and moving to cloud -Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). +Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 or later can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index f088c8d7f9..b8a04808f4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -49,7 +49,7 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo - All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune; > [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) +> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. - Most, but not all, apps are deployed using MEMCM; - Sometimes, IT staff install apps directly to these devices without using MEMCM; diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md index a173ced569..57d270f1b2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md @@ -49,7 +49,7 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo - All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune; > [!NOTE] - > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM). + > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. - Some, but not all, apps are deployed using MEMCM; - Most users are local administrators on their devices; diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index aa02076a04..20bc578f08 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -141,9 +141,10 @@ See also [Checklist: Creating Inbound Firewall Rules](./checklist-creating-inbou ## Establish local policy merge and application rules Firewall rules can be deployed: + 1. Locally using the Firewall snap-in (**WF.msc**) 2. Locally using PowerShell -3. Remotely using Group Policy if the device is a member of an Active Directory Name, System Center Configuration Manager (SCCM), or Intune (using workplace join) +3. Remotely using Group Policy if the device is a member of an Active Directory Name, System Center Configuration Manager, or Intune (using workplace join) Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for Domain, Private, and Public profiles. From 00b2ebce2e546361681417858f4e57244c216585 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 6 Jun 2022 12:48:31 +0300 Subject: [PATCH 291/540] Update statement https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9905 --- windows/client-management/mdm/firewall-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 39c9fa46f5..cd06bdb168 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -245,7 +245,7 @@ Default value is true. Value type is bool. Supported operations are Add, Get and Replace. **/DefaultOutboundAction** -This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it's explicitly specified not to block. +This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will allow all outbound traffic unless it's explicitly specified not to allow. - 0x00000000 - allow - 0x00000001 - block @@ -441,4 +441,4 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) From e643131ffe4ffd63b462b2aa8cb5e212c4414325 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 6 Jun 2022 15:39:47 +0530 Subject: [PATCH 292/540] Updated --- .../mdm/policy-csp-admx-wincal.md | 10 ++--- .../mdm/policy-csp-admx-windowsconnectnow.md | 21 ++++++--- .../mdm/policy-csp-admx-windowsexplorer.md | 43 +++++++------------ .../mdm/policy-csp-admx-windowsmediaplayer.md | 4 +- ...policy-csp-admx-windowsremotemanagement.md | 4 +- .../mdm/policy-csp-admx-winlogon.md | 4 +- .../mdm/policy-csp-admx-wlansvc.md | 2 +- .../mdm/policy-csp-admx-workfoldersclient.md | 3 +- .../mdm/policy-csp-applicationmanagement.md | 1 - .../mdm/policy-csp-appvirtualization.md | 37 ++++++++-------- .../mdm/policy-csp-attachmentmanager.md | 2 +- .../client-management/mdm/policy-csp-audit.md | 14 ++++-- .../mdm/policy-csp-authentication.md | 2 +- .../mdm/policy-csp-autoplay.md | 8 ++-- .../mdm/policy-csp-bitlocker.md | 2 +- .../client-management/mdm/policy-csp-bits.md | 6 +-- .../mdm/policy-csp-bluetooth.md | 6 +-- .../mdm/policy-csp-camera.md | 1 - .../mdm/policy-csp-connectivity.md | 15 ++++--- .../mdm/policy-csp-controlpolicyconflict.md | 6 ++- 20 files changed, 97 insertions(+), 94 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 25ce545184..ddb335eaf8 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -65,9 +65,8 @@ manager: dansimp Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. -If you enable this setting, Windows Calendar will be turned off. - -If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you enable this setting, Windows Calendar will be turned off. +- If you disable or do not configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. @@ -114,9 +113,8 @@ ADMX Info: Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. -If you enable this setting, Windows Calendar will be turned off. - -If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you enable this setting, Windows Calendar will be turned off. +- If you disable or do not configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 1922a73f28..ab23a7e11c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -68,9 +68,13 @@ manager: dansimp This policy setting prohibits access to Windows Connect Now (WCN) wizards. -If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +- If you disable or don't configure this policy setting, users can access the wizard tasks. + +They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -113,9 +117,13 @@ ADMX Info: This policy setting prohibits access to Windows Connect Now (WCN) wizards. -If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +- If you disable or don't configure this policy setting, users can access the wizard tasks. + +They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -161,9 +169,8 @@ This policy setting allows the configuration of wireless settings using Windows More options are available to allow discovery and configuration over a specific medium. -If you enable this policy setting, more choices are available to turn off the operations over a specific medium. - -If you disable this policy setting, operations are disabled over all media. +- If you enable this policy setting, more choices are available to turn off the operations over a specific medium. +- If you disable this policy setting, operations are disabled over all media. If you don't configure this policy setting, operations are enabled over all media. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 3046a4d8ab..bc33d0aa47 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -330,7 +330,6 @@ Enabling this policy will also turn off the preview pane and set the folder opti If you disable or not configure this policy, the default File Explorer behavior is applied to the user. - @@ -379,7 +378,6 @@ If you disable or do not configure this setting, the default behavior of not dis - ADMX Info: - GP Friendly name: *Display confirmation dialog when deleting files* @@ -426,7 +424,6 @@ If you disable or do not configure this policy setting, no changes are made to t - ADMX Info: - GP Friendly name: *Location where all default Library definition files for users/machines reside.* @@ -473,7 +470,6 @@ This disables access to user-defined properties, and properties stored in NTFS s - ADMX Info: - GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.* @@ -529,7 +525,6 @@ If you disable or do not configure this policy, all default Windows Libraries fe - ADMX Info: - GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data* @@ -669,9 +664,8 @@ ADMX Info: This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons. -If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths. - -If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. +- If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths. +- If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. > [!NOTE] > Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks. @@ -869,9 +863,8 @@ ADMX Info: This policy setting allows you to turn off the display of snippets in Content view mode. -If you enable this policy setting, File Explorer will not display snippets in Content view mode. - -If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default. +- If you enable this policy setting, File Explorer will not display snippets in Content view mode. +- If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default. @@ -916,9 +909,8 @@ ADMX Info: This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. -If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - -If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. @@ -967,9 +959,8 @@ ADMX Info: This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. -If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - -If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. @@ -2399,13 +2390,10 @@ If you disable this setting or do not configure it, the "File name" field includ This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. -To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open. - - +To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**. - ADMX Info: - GP Friendly name: *Hide the dropdown list of recent files* @@ -2628,9 +2616,8 @@ ADMX Info: This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed. -If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer. - -If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. +- If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer. +- If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. @@ -2674,7 +2661,7 @@ ADMX Info: Prevents users from using File Explorer or Network Locations to map or disconnect network drives. -If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons. +If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the **File Explorer** or **Network Locations** icons. This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box. @@ -2769,7 +2756,7 @@ ADMX Info: Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. -To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open. +To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**. @@ -3297,7 +3284,7 @@ The valid items you may display in the Places Bar are: The list of Common Shell Folders that may be specified: -Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches. +Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments, and Saved Searches. If you disable or do not configure this setting the default list of items will be displayed in the Places Bar. @@ -3700,7 +3687,7 @@ If you disable or do not configure this policy setting, no custom Internet searc -ADMX Info: +ADMX Info: ] - GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu* - GP name: *TryHarderPinnedOpenSearch* - GP path: *Windows Components\File Explorer* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 07a9a6b53d..fc13ee8a02 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -294,7 +294,7 @@ This policy setting allows you to turn off do not show first use dialog boxes. If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player. -This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. +This policy setting prevents the dialog boxes,] which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time. @@ -342,7 +342,7 @@ This policy setting allows you to hide the Network tab. If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player. -If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings. +If you disable or do not configure this policy setting, the **Network** tab appears and users can use it to configure network settings. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 1d922a36c6..b5469d2dd5 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -67,7 +67,9 @@ manager: dansimp This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. -If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. +If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. + +If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 629647238f..f11ff65306 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -284,7 +284,7 @@ This policy controls whether the logged on user should be notified if the logon If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials. -If disabled or not configured, no popup will be displayed to the user. +If disabled or not configured, no pop up will be displayed to the user. @@ -327,7 +327,7 @@ ADMX Info: -This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). +This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS). If you enable this policy setting, you have one of four options: diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 017e045dda..cc07201d99 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -73,7 +73,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. -- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default. +- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default. diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 4b2031c3a7..0bd91f4093 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -72,7 +72,8 @@ This policy setting specifies whether Work Folders should be set up automaticall - If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. -This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. +This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. + - If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 532d154577..b716270161 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -100,7 +100,6 @@ manager: dansimp This policy setting controls whether the system can archive infrequently used apps. - If you enable this policy setting, then the system will periodically check for and archive infrequently used apps. - - If you disable this policy setting, then the system will not archive any apps. If you do not configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves. diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 70bb648c9b..ad1ff24bea 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -187,7 +187,7 @@ ADMX Info: -Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. +This policy enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. @@ -230,7 +230,7 @@ ADMX Info: -Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. +Enables automatic cleanup of App-v packages that were added after Windows 10 anniversary release. @@ -273,7 +273,7 @@ ADMX Info: -Enables scripts defined in the package manifest of configuration files that should run. +This policy enables scripts defined in the package manifest of configuration files that should run. @@ -316,11 +316,10 @@ ADMX Info: -Enables a UX to display to the user when a publishing refresh is performed on the client. +This policy enables a UX to display to the user when a publishing refresh is performed on the client. - ADMX Info: - GP Friendly name: *Enable Publishing Refresh UX* @@ -361,7 +360,7 @@ ADMX Info: Reporting Server URL: Displays the URL of reporting server. -Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM. +Reporting Time: When the client data should be reported to the server. Acceptable range is 0 ~ 23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM. Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load. @@ -412,7 +411,7 @@ ADMX Info: -Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. +This policy specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. @@ -455,7 +454,7 @@ ADMX Info: -Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. +This policy specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. @@ -498,7 +497,7 @@ ADMX Info: -Specifies how new packages should be loaded automatically by App-V on a specific computer. +This policy specifies how new packages should be loaded automatically by App-V on a specific computer. @@ -584,7 +583,7 @@ ADMX Info: -Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. +This policy specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. @@ -627,7 +626,7 @@ ADMX Info: -Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. +This policy specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. @@ -975,7 +974,7 @@ ADMX Info: -Specifies the path to a valid certificate in the certificate store. +This policy specifies the path to a valid certificate in the certificate store. @@ -1061,7 +1060,7 @@ ADMX Info: -Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. +This policy specifies the CLSID for a compatible implementation of the AppvPackageLocationProvider interface. @@ -1104,7 +1103,7 @@ ADMX Info: -Specifies directory where all new applications and updates will be installed. +This policy specifies directory where all new applications and updates will be installed. @@ -1147,7 +1146,7 @@ ADMX Info: -Overrides source location for downloading package content. +This policy overrides source location for downloading package content. @@ -1190,7 +1189,7 @@ ADMX Info: -Specifies the number of seconds between attempts to reestablish a dropped session. +This policy specifies the number of seconds between attempts to reestablish a dropped session. @@ -1233,7 +1232,7 @@ ADMX Info: -Specifies the number of times to retry a dropped session. +This policy specifies the number of times to retry a dropped session. @@ -1276,7 +1275,7 @@ ADMX Info: -Specifies that streamed package contents will be not be saved to the local hard disk. +This policy specifies that streamed package contents will be not be saved to the local hard disk. @@ -1405,7 +1404,7 @@ ADMX Info: -Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components. +This policy specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components. diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index b839ee8d78..5d541b51be 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -70,7 +70,7 @@ manager: dansimp -This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. +This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone information. diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 30473c76c3..491be8d1e5 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -292,6 +292,7 @@ This policy allows you to audit the group membership information in the user's s When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -581,10 +582,11 @@ Events in this subcategory are related to the creation of sign in sessions and o The following events are included: - Successful sign in attempts. - Failed sign in attempts. -- sign in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This most commonly occurs in batch sign in configurations, such as scheduled tasks or when using the RUNAS command. +- Sign in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This most commonly occurs in batch sign in configurations, such as scheduled tasks or when using the RUNAS command. - Security identifiers (SIDs) were filtered and not allowed to sign in. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -642,6 +644,7 @@ If you configure this policy setting, an audit event is generated for each IAS a If you do not configure this policy settings, IAS and NAP user access requests are not audited. Volume: Medium or High on NPS and IAS server. No volume on other computers. + GP Info: @@ -821,6 +824,7 @@ User claims are added to a sign in token when claims are included with a user's When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -878,6 +882,7 @@ This policy setting allows you to audit events generated by validation tests on Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. Volume: High on domain controllers. + GP Info: @@ -885,7 +890,7 @@ GP Info: - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* - +] The following are the supported values: - 0 (default)—Off/None - 1—Success @@ -936,6 +941,7 @@ If you configure this policy setting, an audit event is generated after a Kerber If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. Volume: High on Kerberos Key Distribution Center servers. + GP Info: @@ -2609,7 +2615,7 @@ The following are the supported values: This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. -Only kernel objects with a matching system access control list (SACL) generate security audit events. +Only kernel objects with a matching System Access Control List (SACL) generate security audit events. > [!Note] > The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects. @@ -2731,7 +2737,7 @@ The following are the supported values: -This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. +This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have SACLs specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 7344f3ddf4..63ac494288 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -124,7 +124,7 @@ The following list shows the supported values: -Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. +Allows an EAP cert-based authentication for a Single Sign on (SSO) to access internal resources. diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 9efb1181a2..5ff66f1393 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -72,9 +72,8 @@ manager: dansimp This policy setting disallows AutoPlay for MTP devices like cameras or phones. -If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. - -If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. +- If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. +- If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. @@ -191,7 +190,8 @@ This policy setting disables Autoplay on additional types of drives. You cannot If you disable or do not configure this policy setting, AutoPlay is enabled. -Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. +> [!Note] +> This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 283f6421fa..b247fc02ef 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -60,7 +60,7 @@ manager: dansimp -Specifies the BitLocker Drive Encryption method and cipher strength. +This policy specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] > XTS-AES 128-bit and XTS-AES 256-bit values are supported only on Windows 10 for desktop. diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 81ec70c880..bcb93ed44d 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, BITS uses all available > [!NOTE] > You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. -Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). +Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs). @@ -159,7 +159,7 @@ If you disable or do not configure this policy setting, BITS uses all available > [!NOTE] > You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. -Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). +Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs). @@ -223,7 +223,7 @@ Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrott If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. > [!NOTE] -> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. +> You should base the limit on the speed of the network link, not the computer's Network Interface Card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 025122b10d..0818fe627e 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -73,7 +73,7 @@ manager: dansimp -Specifies whether the device can send out Bluetooth advertisements. +This policy specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. @@ -118,7 +118,7 @@ The following list shows the supported values: -Specifies whether other Bluetooth-enabled devices can discover the device. +This policy specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. @@ -163,7 +163,7 @@ The following list shows the supported values: -Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. +This policy specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 1a06b54ae0..dc0a922a83 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -43,7 +43,6 @@ manager: dansimp |Enterprise|Yes|Yes| |Education|Yes|Yes| -
    diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index a4eb170e5c..c70fa1100e 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -102,7 +102,7 @@ manager: dansimp -Allows the user to enable Bluetooth or restrict access. +This policy allows the user to enable Bluetooth or restrict access. > [!NOTE] >  This value is not supported in Windows 10. @@ -151,7 +151,7 @@ The following list shows the supported values: -Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +This policy allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -258,7 +258,7 @@ To validate on devices, do the following: > [!NOTE] > This policy requires reboot to take effect. -Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. +This policy allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. @@ -301,7 +301,10 @@ The following list shows the supported values: This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC. -If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'. +If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. + +If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'. + If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -448,7 +451,7 @@ The following list shows the supported values: -Prevents the device from connecting to VPN when the device roams over cellular networks. +This policy prevents the device from connecting to VPN when the device roams over cellular networks. Most restricted value is 0. @@ -739,7 +742,7 @@ ADMX Info: -Determines whether a user can install and configure the Network Bridge. +This policy determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 12fbbf04b0..972e0d45a8 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -61,7 +61,8 @@ This policy allows the IT admin to control which policy will be used whenever bo > [!NOTE] > MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs. -This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. +The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. > [!NOTE] > This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. @@ -71,7 +72,8 @@ The following list shows the supported values: - 0 (default) - 1 - The MDM policy is used and the GP policy is blocked. -The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that: +The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. +This ensures that: - GP settings that correspond to MDM applied settings are not conflicting - The current Policy Manager policies are refreshed from what MDM has set From ae216cc6e08405638d7c0a1609a65b548b16c27e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 6 Jun 2022 15:48:41 +0530 Subject: [PATCH 293/540] Update policy-csp-connectivity.md --- .../mdm/policy-csp-connectivity.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index c70fa1100e..d7b832adaa 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -107,7 +107,7 @@ This policy allows the user to enable Bluetooth or restrict access. > [!NOTE] >  This value is not supported in Windows 10. -If this is not set or it is deleted, the default value of 2 (Allow) is used. +If this isn't set or it's deleted, the default value of 2 (Allow) is used. Most restricted value is 0. @@ -115,9 +115,9 @@ Most restricted value is 0. The following list shows the supported values: -- 0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on. -- 1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. -- 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. +- 0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth. +- 1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth. +- 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth. @@ -151,15 +151,15 @@ The following list shows the supported values: -This policy allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +This policy allows the cellular data channel on the device. Device reboot isn't required to enforce the policy. The following list shows the supported values: -- 0 – Do not allow the cellular data channel. The user cannot turn it on. This value is not supported in Windows 10, version 1511. +- 0 – Don't allow the cellular data channel. The user can't turn it on. This value isn't supported in Windows 10, version 1511. - 1 (default) – Allow the cellular data channel. The user can turn it off. -- 2 - Allow the cellular data channel. The user cannot turn it off. +- 2 - Allow the cellular data channel. The user can't turn it off. @@ -193,7 +193,7 @@ The following list shows the supported values: -Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. +Allows or disallows cellular data roaming on the device. Device reboot isn't required to enforce the policy. Most restricted value is 0. @@ -209,9 +209,9 @@ ADMX Info: The following list shows the supported values: -- 0 – Do not allow cellular data roaming. The user cannot turn it on. This value is not supported in Windows 10, version 1511. +- 0 – Don't allow cellular data roaming. The user can't turn it on. This value isn't supported in Windows 10, version 1511. - 1 (default) – Allow cellular data roaming. -- 2 - Allow cellular data roaming on. The user cannot turn it off. +- 2 - Allow cellular data roaming on. The user can't turn it off. @@ -303,9 +303,9 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. -If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'. +If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'. -If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. +If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -317,14 +317,14 @@ ADMX Info: This setting supports a range of values between 0 and 1. -- 0 - Do not link +- 0 - Don't link - 1 (default) - Allow phone-PC linking Validation: -If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number. +If the Connectivity/AllowPhonePCLinking policy is configured to value 0, add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number. Device that has previously opt-in to MMX will also stop showing on the device list. @@ -363,7 +363,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li > [!NOTE] > Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition. -Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. +Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy doesn't affect USB charging. Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. From 79131b807a7de7c431cfc6eb19067c8b28d34887 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 6 Jun 2022 17:17:34 +0530 Subject: [PATCH 294/540] Updated --- windows/client-management/mdm/pxlogical-csp.md | 3 +-- windows/client-management/mdm/tpmpolicy-csp.md | 2 +- windows/client-management/mdm/uefi-csp.md | 2 +- .../client-management/mdm/unifiedwritefilter-csp.md | 1 - windows/client-management/mdm/update-csp.md | 2 +- windows/client-management/mdm/vpnv2-csp.md | 6 +++--- windows/client-management/mdm/w4-application-csp.md | 3 --- windows/client-management/mdm/w7-application-csp.md | 10 +--------- 8 files changed, 8 insertions(+), 21 deletions(-) diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 8a68f85050..0d2fcbb819 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -45,7 +45,6 @@ PXLOGICAL -------TO-NAPID ``` - The following shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider. ```console @@ -125,7 +124,7 @@ The element's mwid attribute is a Microsoft provisioning XML attribute, and is o **PHYSICAL-PROXY-ID** Used during initial bootstrapping. Specifies the identifier of the physical proxy. -When a list of proxies is displayed to the user they are displayed together in a single line, so the length of this value should be short for readability. +When a list of proxies is displayed to the user they are displayed together in a single line, hence, the length of this value should be short for readability. ***PHYSICAL-PROXY-ID*** Used during bootstrapping updates. Specifies the identifier of the physical proxy. diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 6c01205868..dd006db979 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -14,7 +14,7 @@ manager: dansimp # TPMPolicy CSP -The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. +The TPMPolicy Configuration Service Provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. The TPMPolicy CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 8a3a6d1f58..4322a66e70 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -14,7 +14,7 @@ manager: dansimp # UEFI CSP -The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809. +The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809. > [!NOTE] > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809). diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 186d8823ae..a82501b2a8 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -14,7 +14,6 @@ ms.date: 06/26/2017 # UnifiedWriteFilter CSP - The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type. > **Note**  The UnifiedWriteFilter CSP is only supported in Windows 10 Enterprise and Windows 10 Education. diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index c57a52f15f..e8d21eec09 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -14,7 +14,7 @@ ms.date: 02/23/2018 # Update CSP -The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. +The Update configuration service provider enables the IT administrators to manage and control the rollout of new updates. > [!NOTE] > The Update CSP functionality of 'ApprovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index add96c2ec0..6a1bd0a93d 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -15,7 +15,7 @@ ms.date: 09/21/2021 # VPNv2 CSP -The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device. +The VPNv2 configuration service provider allows the Mobile Device Management (MDM) server to configure the VPN profile of the device. Here are the requirements for this CSP: @@ -355,7 +355,7 @@ Optional node. List of routes to be added to the routing table for the VPN inter Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. -Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Please check with your VPN server administrator to determine whether you need this information in the VPN profile. +Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. **VPNv2/**ProfileName**/RouteList/**routeRowId A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. @@ -652,7 +652,7 @@ Reserved for future use. Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN. **VPNv2/**ProfileName**/DeviceCompliance/Enabled** -Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory. +Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory (AAD). Value type is bool. Supported operations include Get, Add, Replace, and Delete. diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 026dcfb003..2880edf8f7 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -43,7 +43,6 @@ Optional. Specifies a user–readable application identity. This parameter is al This parameter takes a string value. The possible values to configure the NAME parameter are: - Character string containing the name. - - no value specified > [!NOTE] @@ -65,9 +64,7 @@ Required. Specifies the network access point identification name (NAPID) defined Required. Specifies the address of the MMS application server, as a string. The possible values to configure the ADDR parameter are: - A Uniform Resource Identifier (URI) - - An IPv4 address represented in decimal format with dots as delimiters - - A fully qualified Internet domain name **MS** diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index c69b5612ca..267b31bfaf 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -53,7 +53,6 @@ APPLICATION > **Note**   All parm names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. -   **APPADDR** @@ -100,9 +99,7 @@ Optional. The AAUTHTYPE parameter of the APPAUTH characteristic is used to get o Valid values: - BASIC - specifies that the SyncML DM 'syncml:auth-basic' authentication type. - - DIGEST - specifies that the SyncML DM 'syncml:auth-md5' authentication type. - - When AAUTHLEVEL is CLIENT, then AAUTHTYPE must be DIGEST. When AAUTHLEVEL is APPSRV, AAUTHTYPE can be BASIC or DIGEST. **APPID** @@ -114,7 +111,6 @@ Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION chara > **Note**   This parameter does not contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.   - **CONNRETRYFREQ** Optional. The CONNRETRYFREQ parameter is used in the APPLICATION characteristic to specify how many retries the DM client performs when there are Connection Manager-level or WinInet-level errors. This parameter takes a numeric value in string format. The default value is “3”. You can set this parameter. @@ -124,17 +120,16 @@ Optional. The DEFAULTENCODING parameter is used in the APPLICATION characteristi The valid values are: - application/vnd.syncml.dm+xml (Default) - - application/vnd.syncml.dm+wbxml **INIT** Optional. The INIT parameter is used in the APPLICATION characteristic to indicate that the management server wants the client to initiate a management session immediately after settings approval. If the current w7 APPLICATION document will be put in ROM, the INIT parameter must not be present. > **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node is not supported in the enterprise MDM enrollment scenario. + This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio is not yet ready.   - **INITIALBACKOFFTIME** Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter. @@ -152,7 +147,6 @@ Optional. The PROTOVER parameter is used in the APPLICATION characteristic to sp Possible values: - 1.1 - - 1.2 **PROVIDER-ID** @@ -168,7 +162,6 @@ Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to sp Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It does not have a value. - If the parameter is not present, the default behavior is to use an application-specific GUID used rather than the hardware device ID. - - If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device. **SSLCLIENTCERTSEARCHCRITERIA** @@ -183,7 +176,6 @@ Stores specifies which certificate stores the DM client will search to find the > **Note**   %EF%80%80 is the UTF8-encoded character U+F000.   - Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: ```xml From a4a0cc9076ae17c0cd7987e981a3f81874a4501f Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 6 Jun 2022 17:32:42 +0530 Subject: [PATCH 295/540] Update required-windows-11-diagnostic-events-and-fields.md --- ...required-windows-11-diagnostic-events-and-fields.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 61f0ee30c2..f3407346b7 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -79,7 +79,7 @@ The following fields are available: - **PackageSpecifiers** The map of Intelligent Delivery region specifiers present in the installing package. - **PlanId** The ID of the streaming plan being used to install the content. - **ProductId** The product ID of the application associated with this event. -- **RelatedCv** The related correlation vector. This optional value contains the correlation vector for this install if the Cv value is representing an actiuon tracked by a correlation vector. +- **RelatedCv** The related correlation vector. This optional value contains the correlation vector for this install if the Cv value is representing an action tracked by a correlation vector. - **RequestSpecifiers** The map of Intelligent Delivery region specifiers requested by the system/user/title as a part of the install activity. - **SourceHardwareID** The hardware ID of the source device, if it is external storage. Empty if not an external storage device. - **SourcePath** The source path we are installing from. May be a CDN (Content Delivery Network) or a local disk drive. @@ -488,7 +488,7 @@ The following fields are available: - **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed. - **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade. - **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade. -- **SoftBlock** The file is softblocked in the SDB and has a warning. +- **SoftBlock** The file is soft blocked in the SDB and has a warning. ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove @@ -1775,7 +1775,7 @@ The following fields are available: - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. - **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. - **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. -- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. +- **RunOnline** Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information. - **RunResult** The hresult of the Appraiser diagnostic data run. - **ScheduledUploadDay** The day scheduled for the upload. - **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run. @@ -1861,7 +1861,7 @@ The following fields are available: - **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear. - **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh. - **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance. -- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value. +- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected. Boolean value. ### Census.Enterprise @@ -1874,7 +1874,7 @@ The following fields are available: - **AzureOSIDPresent** Represents the field used to identify an Azure machine. - **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. - **CDJType** Represents the type of cloud domain joined for the machine. -- **CommercialId** Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers. +- **CommercialId** Represents the GUID for the commercial entity that the device is a member of.  Will be used to reflect insights back to customers. - **ContainerType** The type of container, such as process or virtual machine hosted. - **EnrollmentType** Defines the type of MDM enrollment on the device. - **HashedDomain** The hashed representation of the user domain used for login. From 7b6ee81e5b803bda2fdda2bc61718fed2fe218ba Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 6 Jun 2022 16:31:46 +0300 Subject: [PATCH 296/540] add note https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10344 --- .../create-wdac-deny-policy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 3203610df6..3f07cd2b87 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -45,6 +45,9 @@ To create effective WDAC deny policies, it's crucial to understand how WDAC pars 5. If no rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly. +> [!NOTE] +> If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. More details can be found [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph?source=docs#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work). + ## Interaction with Existing Policies ### Adding Allow Rules From 279d9f5b4665d3505305cb36f59408fae0d6d8aa Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 6 Jun 2022 19:28:44 +0530 Subject: [PATCH 297/540] Update vpnv2-csp.md --- windows/client-management/mdm/vpnv2-csp.md | 30 +++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 6a1bd0a93d..4b08531c13 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -20,13 +20,13 @@ The VPNv2 configuration service provider allows the Mobile Device Management (MD Here are the requirements for this CSP: - VPN configuration commands must be wrapped in an Atomic block in SyncML. -- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. +- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. - Instead of changing individual properties, follow these steps to make any changes: - Send a Delete command for the ProfileName to delete the entire profile. - Send the entire profile again with new values wrapped in an Atomic block. - In certain conditions you can change some properties directly, but we do not recommend it. + In certain conditions you can change some properties directly, but we don't recommend it. The XSDs for all EAP methods are shipped in the box and can be found at the following locations: @@ -332,15 +332,15 @@ Supported operations include Get, Add, and Delete. Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId -A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App** -App Node under the Row Id. +App Node under the Row ID. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** -App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field +App identity, which is either an app’s package family name or file path. The type is inferred by the ID, and therefore can't be specified in the get only App/Type field **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** Returns the type of **App/Id**. This value can be either of the following: @@ -355,15 +355,15 @@ Optional node. List of routes to be added to the routing table for the VPN inter Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. -Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. +Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. **VPNv2/**ProfileName**/RouteList/**routeRowId -A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. +A sequential integer identifier for the RouteList. This is required if you're adding routes. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/RouteList/**routeRowId**/Address** -Subnet address in IPv4/v6 address format which, along with the prefix will be used to determine the destination prefix to send via the VPN Interface. This is the IP address part of the destination prefix. +Subnet address in IPv4/v6 address format, which along with the prefix will be used to determine the destination prefix to send via the VPN Interface. This is the IP address part of the destination prefix. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Example, `192.168.0.0` @@ -388,7 +388,7 @@ Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList** Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile. -The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. +The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any another flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. > [!NOTE] > Only applications using the [Windows DNS API](/windows/win32/dns/dns-reference) can make use of the NRPT and therefore all settings configured within the DomainNameInformationList section. Applications using their own DNS implementation bypass the Windows DNS API. One example of applications not using the Windows DNS API is nslookup, so always use the PowerShell CmdLet [Resolve-DNSName](/powershell/module/dnsclient/resolve-dnsname) to check the functionality of the NRPT. @@ -402,14 +402,14 @@ Supported operations include Get, Add, Replace, and Delete. Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types: - FQDN - Fully qualified domain name -- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend **.** to the DNS suffix. +- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend.**.** to the DNS suffix. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** Returns the namespace type. This value can be one of the following: -- FQDN - If the DomainName was not prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. +- FQDN - If the DomainName wasn't prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. - Suffix - If the DomainName was prepended with a**.** and applies to the specified namespace, all records in that namespace, and all subdomains. Value type is chr. Supported operation is Get. @@ -420,7 +420,7 @@ List of comma-separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** -Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet. +Optional. Web Proxy Server IP address if you're redirecting traffic through your intranet. > [!NOTE] > Currently only one web proxy server is supported. @@ -430,7 +430,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN. -If set to False, this DomainName rule will not trigger the VPN. +If set to False, this DomainName rule won't trigger the VPN. If set to True, this DomainName rule will trigger the VPN @@ -439,7 +439,7 @@ By default, this value is false. Value type is bool. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** -Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values: +Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. Value values: - False (default) - This DomainName rule will only be applied when VPN is connected. - True - This DomainName rule will always be present and applied. @@ -533,7 +533,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/EdpModeId** Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. -Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect. +Additionally, when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection). The admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile, unless more advanced config is needed because the WIP policies and App lists automatically takes effect. Value type is chr. Supported operations include Get, Add, Replace, and Delete. From 2091b83d4813b5872ae731824115015223f236b1 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 6 Jun 2022 07:04:23 -0700 Subject: [PATCH 298/540] edits from review --- .../do/includes/waas-delivery-optimization-monitor.md | 6 ------ windows/deployment/do/waas-delivery-optimization-setup.md | 1 - .../update/update-compliance-delivery-optimization.md | 5 +++-- windows/deployment/update/update-compliance-using.md | 4 ++-- 4 files changed, 5 insertions(+), 11 deletions(-) diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md index f7891bdd17..811b6b5a0c 100644 --- a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md +++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md @@ -14,8 +14,6 @@ ms.localizationpriority: medium ## Monitor Delivery Optimization -[//]: # (How to tell if it's working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%) - ### Windows PowerShell cmdlets **Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization. @@ -162,7 +160,3 @@ Using the `-ListConnections` option returns these details about peers: If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs. Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content ` or something similar. - -[//]: # (section on what to look for in logs, list of peers, connection failures) - -[//]: # (possibly move to Troubleshooting) \ No newline at end of file diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index 54c505cc6e..19d12f832c 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -104,7 +104,6 @@ To do this in Group Policy, go to **Computer Configuration\Administrative Templa To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DOMaxCacheAge to 7 or more (up to 30 days). -[//]: # (material about "preferred" devices; remove MinQos/MaxCacheAge; table format?) [!INCLUDE [Monitor Delivery Optimization](includes/waas-delivery-optimization-monitor.md)] diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index ded5de78dd..654ade49f0 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -20,10 +20,11 @@ ms.custom: seo-marvel-apr2020 **Applies to** -- Windows 10 +- Windows 10 - Windows 11 -![DO status.](images/UC_workspace_DO_status.png) +:::image type="content" alt-text="Screenshot of Delivery Optimization information in Update Compliance." source="images/UC_workspace_DO_status.png" lightbox="images/UC_workspace_DO_status.png"::: + The Update Compliance solution provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days. ## Delivery Optimization Status diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index e2713e7395..6dc2e78cdd 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -53,7 +53,7 @@ When you select this tile, you will be redirected to the Update Compliance works ![The Overview blade.](images/uc-workspace-overview-blade.png) -Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items: +Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. Update Compliance displays distribution for all devices to help you determine if they are up to date on the following items: * Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows client. * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. @@ -68,7 +68,7 @@ The following is a breakdown of the different sections available in Update Compl ## Update Compliance data latency Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. -The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. +The data powering Update Compliance is refreshed every 24 hours. The last 28 days worth of data from all devices in your organization are refreshed. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. | Data Type | Data upload rate from device | Data Latency | |--|--|--| From 19abae3d1ddb79ec296d4b5c5259a22ae0f7abf5 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 6 Jun 2022 17:24:27 +0300 Subject: [PATCH 299/540] Update applies to https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10372 --- .../import-an-applocker-policy-from-another-computer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index eec6f18251..c84a31378b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -24,7 +24,7 @@ ms.technology: windows-sec - Windows 10 - Windows 11 -- Windows Server 2016 and above +- Windows Server 2012 R2 and above >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). From aa3fa983b9ec264f5a271e725ffa0e68ffeaaadc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 6 Jun 2022 07:49:40 -0700 Subject: [PATCH 300/540] edit --- windows/deployment/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index f8d2c242dc..cbeb91ed35 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -250,7 +250,7 @@ href: update/update-compliance-delivery-optimization.md - name: Data handling and privacy in Update Compliance href: update/update-compliance-privacy.md - - name: Schema reference (GA) + - name: Schema reference items: - name: Update Compliance schema reference href: update/update-compliance-schema.md From e65fd0636ded5a119ef088517012786f53870c1b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 6 Jun 2022 07:54:09 -0700 Subject: [PATCH 301/540] edit --- windows/deployment/update/update-status-admin-center.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 9f70932186..a6e1f241de 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -28,7 +28,7 @@ The **Software updates** page in the [Microsoft 365 admin center](https://admin. The **Software updates** page has following tabs to assist you in monitoring update status for your devices: - **Microsoft 365 Apps**: Displays update status for Microsoft 365 Apps. - - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). + - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status). - **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about the **Windows** tab. :::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png"::: From 85a5b5af5f0872f66c4b18d575a31915218d16f2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:14:07 -0700 Subject: [PATCH 302/540] Update use-windows-defender-application-control-with-intelligent-security-graph.md --- ...fender-application-control-with-intelligent-security-graph.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 236bd03cbc..3e1dfaea27 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -14,7 +14,6 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 07/15/2021 ms.technology: windows-sec --- From d62208924ed1ff35c8ca829c7a7f2128056f0a7a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:14:47 -0700 Subject: [PATCH 303/540] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index cb8c459803..dfe779e306 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -98,7 +98,7 @@ sections: - question: | Is there a size limit to the domain lists that I need to configure? answer: | - Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 1,6383 Bytes limit. + Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 1,6383 bytes limit. - question: | Why does my encryption driver break Microsoft Defender Application Guard? From 02e8123aa7348c3cbc30926368159f62526adc65 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:14:59 -0700 Subject: [PATCH 304/540] Update faq-md-app-guard.yml --- .../microsoft-defender-application-guard/faq-md-app-guard.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index dfe779e306..3e5afc56d4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -9,7 +9,6 @@ metadata: ms.localizationpriority: medium author: denisebmsft ms.author: deniseb - ms.date: 03/14/2022 ms.reviewer: manager: dansimp ms.custom: asr From 1e48ab106ef7535fc80a04d908ccfa88746b504d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:16:03 -0700 Subject: [PATCH 305/540] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index cd06bdb168..022801745a 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -5,8 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 11/29/2021 +author: dansimp ms.reviewer: manager: dansimp --- From b1e3f3ac2fe8be28b1477d09be7cac2c7472a9fc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:16:43 -0700 Subject: [PATCH 306/540] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 3f07cd2b87..339843477d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,6 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 03/22/2022 ms.technology: windows-sec --- From c6ab5439a2c480117b3bc0c41ac1da81d6b49106 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:19:06 -0700 Subject: [PATCH 307/540] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 339843477d..d7e1d5636c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -45,7 +45,7 @@ To create effective WDAC deny policies, it's crucial to understand how WDAC pars 5. If no rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly. > [!NOTE] -> If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. More details can be found [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph?source=docs#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work). +> If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. For more details, see [How does the integration between WDAC and the Intelligent Security Graph work?](use-windows-defender-application-control-with-intelligent-security-graph.md#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work). ## Interaction with Existing Policies From 68552f0278db5f9b5ce5978517d4adc3b21deecc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Jun 2022 08:21:10 -0700 Subject: [PATCH 308/540] Update import-an-applocker-policy-from-another-computer.md --- ...port-an-applocker-policy-from-another-computer.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index c84a31378b..5901726822 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/21/2017 ms.technology: windows-sec --- @@ -24,10 +23,10 @@ ms.technology: windows-sec - Windows 10 - Windows 11 -- Windows Server 2012 R2 and above +- Windows Server 2012 R2 and later ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). This topic for IT professionals describes how to import an AppLocker policy. @@ -35,11 +34,14 @@ Before completing this procedure, you should have exported an AppLocker policy. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. ->**Caution:**  Importing a policy will overwrite the existing policy on that computer. +> **Caution:**  Importing a policy will overwrite the existing policy on that computer. **To import an AppLocker policy** 1. From the AppLocker console, right-click **AppLocker**, and then click **Import Policy**. + 2. In the **Import Policy** dialog box, locate the file that you exported, and then click **Open**. + 3. The **Import Policy** dialog box will warn you that importing a policy will overwrite the existing rules and enforcement settings. If acceptable, click **OK** to import and overwrite the policy. + 4. The **AppLocker** dialog box will notify you of how many rules were overwritten and imported. Click **OK**. From 6159c3367bb3c5745dc3a6962daa0ca81f34fc85 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 6 Jun 2022 18:57:23 +0300 Subject: [PATCH 309/540] M365 Business Premium update path https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10407 --- windows/deployment/windows-10-subscription-activation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 2b534e585f..42fc531050 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -30,6 +30,8 @@ Windows 10 Pro supports the Subscription Activation feature, enabling users to With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**. +If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying [Windows 10 Business](https://docs.microsoft.com/en-us/microsoft-365/business-premium/microsoft-365-business-faqs?view=o365-worldwide#what-is-windows-10-business). + The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. See the following topics: From c7970511746fde58870ab1af772bc7ae87a46236 Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Date: Mon, 6 Jun 2022 09:42:10 -0700 Subject: [PATCH 310/540] Update faq-md-app-guard.yml Acrolinx changes to boost score --- .../faq-md-app-guard.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index 3e5afc56d4..eae3acc684 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -44,7 +44,7 @@ sections: To make sure the FQDNs (Fully Qualified Domain Names) for the “PAC file” and the “proxy servers the PAC file redirects to” are added as Neutral Resources in the Network Isolation policies used by Application Guard, you can: - Verify this by going to edge://application-guard-internals/#utilities and entering the FQDN for the pac/proxy in the “check url trust” field and verifying that it says “Neutral”. - - It must be a FQDN. A simple IP address will not work. + - It must be an FQDN. A simple IP address won't work. - Optionally, if possible, the IP addresses associated with the server hosting the above should be removed from the Enterprise IP Ranges in the Network Isolation policies used by Application Guard. - question: | @@ -53,7 +53,7 @@ sections: Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. - question: | - Which Input Method Editors (IME) in 19H1 are not supported? + Which Input Method Editors (IME) in 19H1 aren't supported? answer: | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard: @@ -73,7 +73,7 @@ sections: - question: | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? answer: | - This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature. + This feature is currently experimental only and isn't functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature. - question: | What is the WDAGUtilityAccount local account? @@ -82,7 +82,7 @@ sections: **Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000** - We recommend that you do not modify this account. + We recommend that you don't modify this account. - question: | How do I trust a subdomain in my site list? @@ -92,7 +92,7 @@ sections: - question: | Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? answer: | - When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](./install-md-app-guard.md). + When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode doesn't. For more information, see [Prepare to install Microsoft Defender Application Guard](./install-md-app-guard.md). - question: | Is there a size limit to the domain lists that I need to configure? @@ -102,25 +102,25 @@ sections: - question: | Why does my encryption driver break Microsoft Defender Application Guard? answer: | - Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). + Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard doesn't work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). - question: | Why do the Network Isolation policies in Group Policy and CSP look different? answer: | - There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. + There's not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. - Mandatory network isolation GP policy to deploy Application Guard: **DomainSubnets or CloudResources** - Mandatory network isolation CSP policy to deploy Application Guard: **EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)** - - For EnterpriseNetworkDomainNames, there is no mapped CSP policy. + - For EnterpriseNetworkDomainNames, there's no mapped CSP policy. - Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). + Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard doesn't work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). - question: | Why did Application Guard stop working after I turned off hyperthreading? answer: | - If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. + If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there's a possibility Application Guard no longer meets the minimum requirements. - question: | Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"? From ff393b39452cb1e6c8c86d5543f5bdace3273fec Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Date: Mon, 6 Jun 2022 09:49:01 -0700 Subject: [PATCH 311/540] Update faq-md-app-guard.yml --- .../microsoft-defender-application-guard/faq-md-app-guard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index eae3acc684..e423ab56b2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -97,7 +97,7 @@ sections: - question: | Is there a size limit to the domain lists that I need to configure? answer: | - Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 1,6383 bytes limit. + Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 1,6383-byte limit. - question: | Why does my encryption driver break Microsoft Defender Application Guard? From be82ff62eac57144df9429d6bee8bc43bf5c305b Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Mon, 6 Jun 2022 10:32:03 -0700 Subject: [PATCH 312/540] Update remotewipe-csp.md --- .../client-management/mdm/remotewipe-csp.md | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index b76855bf76..c00be2ffd3 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -34,20 +34,23 @@ RemoteWipe ----doWipePersistProvisionedData ----doWipeProtected ----doWipePersistUserData +----doWipeCloud +----doWipeCloudPersistUserData +----doWipeCloudPersistProvisionedData ----AutomaticRedeployment --------doAutomaticRedeployment --------LastError --------Status ``` **doWipe** -Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the reset will not automatically be retried. +Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with Clean Data set to No and Delete Files set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, depending on how far the reset progressed, the PC can roll back to the pre-reset state. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. Supported operation is Exec. **doWipePersistProvisionedData** -Specifies that provisioning data should be backed up to a persistent location, and then a remote doWipe reset of the device should be started. +Specifies that provisioning packages in ProgramData\Microsoft\Provisioning folder will be retained and applied to the OS after the reset. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -58,12 +61,21 @@ The information that was backed up will be restored and applied to the device wh **doWipeProtected** Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. -The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it’s done. Because doWipeProtected will keep trying to reset the device until it's done, use doWipeProtected in lost/stolen device scenarios. +The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, if a reset that uses doWipeProtected is interrupted, upon restart it will clean the PC's disk partitions. Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios. Supported operation is Exec. **doWipePersistUserData** -Added in Windows 10, version 1709. Exec on this node will perform a doWipe remote reset on the device, and persist user accounts and data. The return status code shows whether the device accepted the Exec command. +Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting “Keep my files” when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. + +**DoWipeCloud** +Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. + +**DoWipeCloudPersistUserData** +Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. + +**DoWipeCloudPersistProvisionedData** +Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. **AutomaticRedeployment** Added in Windows 10, version 1809. Node for the Autopilot Reset operation. From 5a0922f0aaddacf3b0abddbfb7822d9cf644326e Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Mon, 6 Jun 2022 10:36:14 -0700 Subject: [PATCH 313/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index c00be2ffd3..71cbd89d31 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -43,14 +43,14 @@ RemoteWipe --------Status ``` **doWipe** -Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with Clean Data set to No and Delete Files set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, depending on how far the reset progressed, the PC can roll back to the pre-reset state. +Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, depending on how far the reset progressed, the PC can roll back to the pre-reset state. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. Supported operation is Exec. **doWipePersistProvisionedData** -Specifies that provisioning packages in ProgramData\Microsoft\Provisioning folder will be retained and applied to the OS after the reset. +Specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -66,7 +66,7 @@ The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which Supported operation is Exec. **doWipePersistUserData** -Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting “Keep my files” when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. +Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. **DoWipeCloud** Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. From 582996853156b8f5af0dce5bf03bbcb187220e6a Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Mon, 6 Jun 2022 12:13:47 -0700 Subject: [PATCH 314/540] Update windows-11-se-overview.md Sensocloud to senso.cloud --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index e22acdf422..9090762b1e 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -82,7 +82,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run |Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser| |Secure Browser |14.0.0 |Win32 |Cambium Development| |Secure Browser |4.8.3.376 |Win32 |Questar, Inc| -|SensoCloud |2021.11.15.0 |Win32|Senso.Cloud| +|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud| |SuperNova Magnifier & Screen Reader |21.02 |Win32 |Dolphin Computer Access| |Zoom |5.9.1 (2581)|Win32 |Zoom| |ZoomText Fusion |2022.2109.10|Win32 |Freedom Scientific| From 31f83a8b38378616d018de7e341ca2fec1de6d41 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Tue, 7 Jun 2022 02:40:46 +0530 Subject: [PATCH 315/540] Updated-6038482 Bulk metadata update. --- windows/deployment/add-store-apps-to-image.md | 5 ----- .../configure-a-pxe-server-to-load-windows-pe.md | 5 ----- windows/deployment/deploy-enterprise-licenses.md | 6 ------ windows/deployment/deploy-m365.md | 5 ----- windows/deployment/deploy-whats-new.md | 5 ----- ...0-operating-system-image-using-configuration-manager.md | 5 ----- ...ployment-with-windows-pe-using-configuration-manager.md | 5 ----- ...tom-windows-pe-boot-image-with-configuration-manager.md | 5 ----- ...e-a-task-sequence-with-configuration-manager-and-mdt.md | 6 ------ ...o-deploy-with-windows-10-using-configuration-manager.md | 5 ----- ...eploy-windows-10-using-pxe-and-configuration-manager.md | 5 ----- ...for-windows-10-deployment-with-configuration-manager.md | 5 ----- ...nstallation-of-windows-10-with-configuration-manager.md | 5 ----- ...7-client-with-windows-10-using-configuration-manager.md | 5 ----- ...7-client-with-windows-10-using-configuration-manager.md | 5 ----- .../upgrade-to-windows-10-with-configuration-manager.md | 4 ---- .../assign-applications-using-roles-in-mdt.md | 6 ------ ...-a-distributed-environment-for-windows-10-deployment.md | 6 ------ .../configure-mdt-deployment-share-rules.md | 6 ------ .../configure-mdt-for-userexit-scripts.md | 6 ------ .../deploy-windows-mdt/configure-mdt-settings.md | 6 ------ .../create-a-windows-10-reference-image.md | 6 ------ .../deploy-a-windows-10-image-using-mdt.md | 6 ------ .../get-started-with-the-microsoft-deployment-toolkit.md | 6 ------ .../prepare-for-windows-deployment-with-mdt.md | 6 ------ .../refresh-a-windows-7-computer-with-windows-10.md | 6 ------ ...lace-a-windows-7-computer-with-a-windows-10-computer.md | 6 ------ .../deploy-windows-mdt/set-up-mdt-for-bitlocker.md | 6 ------ ...mulate-a-windows-10-deployment-in-a-test-environment.md | 6 ------ ...-to-windows-10-with-the-microsoft-deployment-toolkit.md | 6 ------ .../use-orchestrator-runbooks-with-mdt.md | 6 ------ ...-database-to-stage-windows-10-deployment-information.md | 6 ------ .../deploy-windows-mdt/use-web-services-in-mdt.md | 6 ------ windows/deployment/deploy-windows-to-go.md | 7 ------- windows/deployment/deploy.md | 5 ----- windows/deployment/do/delivery-optimization-proxy.md | 3 --- windows/deployment/do/delivery-optimization-workflow.md | 3 --- .../do/includes/waas-delivery-optimization-monitor.md | 2 -- windows/deployment/do/mcc-enterprise.md | 3 --- .../deployment/do/waas-delivery-optimization-reference.md | 3 --- windows/deployment/do/waas-delivery-optimization-setup.md | 3 --- windows/deployment/do/waas-delivery-optimization.md | 3 --- windows/deployment/do/waas-microsoft-connected-cache.md | 3 --- windows/deployment/do/waas-optimize-windows-10-updates.md | 2 -- windows/deployment/do/whats-new-do.md | 3 --- windows/deployment/mbr-to-gpt.md | 6 ------ windows/deployment/planning/act-technical-reference.md | 5 ----- .../planning/applying-filters-to-data-in-the-sua-tool.md | 5 ----- ...a-types-and-operators-in-compatibility-administrator.md | 5 ----- .../best-practice-recommendations-for-windows-to-go.md | 6 ------ .../planning/compatibility-administrator-users-guide.md | 5 ----- ...ty-fix-database-management-strategies-and-deployment.md | 5 ----- ...lity-fixes-for-windows-8-windows-7-and-windows-vista.md | 5 ----- ...tom-compatibility-fix-in-compatibility-administrator.md | 5 ----- ...om-compatibility-mode-in-compatibility-administrator.md | 5 ----- ...ng-an-apphelp-message-in-compatibility-administrator.md | 5 ----- .../deployment-considerations-for-windows-to-go.md | 6 ------ ...g-compatibility-fixes-in-compatibility-administrator.md | 5 ----- windows/deployment/planning/features-lifecycle.md | 3 --- .../planning/fixing-applications-by-using-the-sua-tool.md | 5 ----- windows/deployment/planning/index.md | 4 ---- ...mpatibility-databases-in-compatibility-administrator.md | 5 ----- ...ication-compatibility-fixes-and-custom-fix-databases.md | 5 ----- .../prepare-your-organization-for-windows-to-go.md | 6 ------ ...or-fixed-applications-in-compatibility-administrator.md | 5 ----- ...s-with-the-query-tool-in-compatibility-administrator.md | 5 ----- ...and-data-protection-considerations-for-windows-to-go.md | 6 ------ .../planning/showing-messages-generated-by-the-sua-tool.md | 5 ----- windows/deployment/planning/sua-users-guide.md | 5 ----- .../deployment/planning/tabs-on-the-sua-tool-interface.md | 5 ----- .../testing-your-application-mitigation-packages.md | 5 ----- .../understanding-and-using-compatibility-fixes.md | 5 ----- .../planning/using-the-compatibility-administrator-tool.md | 5 ----- .../planning/using-the-sdbinstexe-command-line-tool.md | 5 ----- windows/deployment/planning/using-the-sua-tool.md | 5 ----- windows/deployment/planning/using-the-sua-wizard.md | 5 ----- ...ing-the-events-screen-in-compatibility-administrator.md | 5 ----- windows/deployment/planning/windows-10-compatibility.md | 6 ------ .../planning/windows-10-deployment-considerations.md | 5 ----- .../planning/windows-10-infrastructure-requirements.md | 5 ----- windows/deployment/planning/windows-10-removed-features.md | 3 --- windows/deployment/planning/windows-to-go-overview.md | 6 ------ windows/deployment/s-mode.md | 6 ------ windows/deployment/upgrade/log-files.md | 5 ----- windows/deployment/upgrade/quick-fixes.md | 5 ----- windows/deployment/upgrade/resolution-procedures.md | 5 ----- .../upgrade/resolve-windows-10-upgrade-errors.md | 5 ----- windows/deployment/upgrade/setupdiag.md | 5 ----- windows/deployment/upgrade/submit-errors.md | 5 ----- windows/deployment/upgrade/troubleshoot-upgrade-errors.md | 5 ----- windows/deployment/upgrade/upgrade-error-codes.md | 5 ----- windows/deployment/upgrade/windows-10-edition-upgrades.md | 5 ----- windows/deployment/upgrade/windows-10-upgrade-paths.md | 4 ---- windows/deployment/upgrade/windows-error-reporting.md | 5 ----- .../windows-upgrade-and-migration-considerations.md | 4 ---- windows/deployment/vda-subscription-activation.md | 6 ------ windows/deployment/wds-boot-support.md | 3 --- windows/deployment/windows-10-deployment-posters.md | 5 ----- windows/deployment/windows-10-deployment-scenarios.md | 6 ------ 99 files changed, 494 deletions(-) diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md index def6469305..ba83569cc0 100644 --- a/windows/deployment/add-store-apps-to-image.md +++ b/windows/deployment/add-store-apps-to-image.md @@ -1,13 +1,8 @@ --- title: Add Microsoft Store for Business applications to a Windows 10 image description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. -keywords: upgrade, update, windows, windows 10, deploy, store, image, wim ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.reviewer: diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index 129bdcec47..a841cb6907 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -1,13 +1,8 @@ --- title: Configure a PXE server to load Windows PE (Windows 10) description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network. -keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski manager: dougeby ms.author: aaroncz diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 409ecf66ed..5889d56de0 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -1,16 +1,10 @@ --- title: Deploy Windows 10/11 Enterprise licenses manager: dougeby -ms.audience: itpro ms.author: aaroncz description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP -keywords: upgrade, update, task sequence, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article ms.collection: highpri diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index d5c45465ba..8a8d38b3f6 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -5,12 +5,7 @@ manager: dougeby ms.author: aaroncz description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -keywords: deployment, automate, tools, configure, mdt, sccm, M365 ms.localizationpriority: medium -audience: itpro author: aczechowski ms.topic: article ms.collection: M365-modern-desktop diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index e534cf8937..6f43fb16f4 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -3,13 +3,8 @@ title: What's new in Windows client deployment manager: dougeby ms.author: aaroncz description: Use this article to learn about new solutions and online content related to deploying Windows in your organization. -keywords: deployment, automate, tools, configure, news -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.prod: w10 -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md index 54ab2b9cb1..1e4ef75b50 100644 --- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Add a Windows 10 operating system image using Configuration Manager description: Operating system images are typically the production image used for deployment throughout the organization. -ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: image, deploy, distribute ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index b007f111f0..4dad48dc9d 100644 --- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers. -ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, task sequence ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index 75682905f1..e925ac8f45 100644 --- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Create a custom Windows PE boot image with Configuration Manager (Windows 10) description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager. -ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: tool, customize, deploy, boot image ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md index 98787c6771..260b79eadd 100644 --- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -1,17 +1,11 @@ --- title: Create a task sequence with Configuration Manager (Windows 10) description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. -ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, upgrade, task sequence, install ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.pagetype: mdt -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 7aaa9cb56d..caae9de1b6 100644 --- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Create an app to deploy with Windows 10 using Configuration Manager description: Microsoft Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process. -ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deployment, task sequence, custom, customize ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md index 0851a5ac05..55d9928a01 100644 --- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -1,15 +1,10 @@ --- title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10) description: In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences. -ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa manager: dougeby ms.author: aaroncz -keywords: deployment, image, UEFI, task sequence ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.collection: highpri diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index 4222c890b9..15ccee4085 100644 --- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Finalize operating system configuration for Windows 10 deployment description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment. -ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: configure, deploy, upgrade ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index 0f6b99c4e4..75efdc9ba8 100644 --- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit. -ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: install, configure, deploy, deployment ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 511ddc7920..117dedd018 100644 --- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10. -ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: upgrade, install, installation, computer refresh ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index 0f06e2c3b6..242bcd70ee 100644 --- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -1,16 +1,11 @@ --- title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. -ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: upgrade, install, installation, replace computer, setup ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md index 7b65bb7a4d..dd7097e837 100644 --- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md @@ -1,15 +1,11 @@ --- title: Perform in-place upgrade to Windows 10 via Configuration Manager description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Manager task sequence. -ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: deploy -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md index f7703a6713..15fb8922d8 100644 --- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md @@ -1,17 +1,11 @@ --- title: Assign applications using roles in MDT (Windows 10) description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. -ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: settings, database, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 267f99374a..3300697ddc 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -1,17 +1,11 @@ --- title: Build a distributed environment for Windows 10 deployment (Windows 10) description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations. -ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: replication, replicate, deploy, configure, remote ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md index ae5d2449b7..078bb06ca8 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md @@ -1,17 +1,11 @@ --- title: Configure MDT deployment share rules (Windows 10) description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine. -ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: rules, configuration, automate, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md index 416567fdcd..821329ba18 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md @@ -1,17 +1,11 @@ --- title: Configure MDT for UserExit scripts (Windows 10) description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. -ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: rules, script ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md index bc3c0f86ea..c4bbe93743 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md @@ -1,17 +1,11 @@ --- title: Configure MDT settings (Windows 10) description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. -ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: customize, customization, deploy, features, tools ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index 6d697f6d10..e9d1c48603 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -1,17 +1,11 @@ --- title: Create a Windows 10 reference image (Windows 10) description: Creating a reference image is important because that image serves as the foundation for the devices in your organization. -ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, deployment, configure, customize, install, installation ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index e1650926b3..0d89ad7be7 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -1,17 +1,11 @@ --- title: Deploy a Windows 10 image using MDT (Windows 10) description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). -ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deployment, automate, tools, configure ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md index 613c9a5f72..031d70b47f 100644 --- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md @@ -1,17 +1,11 @@ --- title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10) description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment. -ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, image, feature, install, tools ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index 207071b157..e691b3677b 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -1,17 +1,11 @@ --- title: Prepare for deployment with MDT (Windows 10) description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT). -ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, system requirements ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md index 1fe4b7457c..838b5508db 100644 --- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md @@ -1,17 +1,11 @@ --- title: Refresh a Windows 7 computer with Windows 10 (Windows 10) description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process. -ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: reinstallation, customize, template, script, restore ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md index 98bf1c01e1..fd32026678 100644 --- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -2,17 +2,11 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10) description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device. ms.custom: seo-marvel-apr2020 -ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, deployment, replace ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index e0cce7674c..e2976790e7 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -1,17 +1,11 @@ --- title: Set up MDT for BitLocker (Windows 10) -ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: dougeby ms.author: aaroncz description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. -keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-mar2020 diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md index c22c41830d..07f52f4978 100644 --- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -1,17 +1,11 @@ --- title: Simulate a Windows 10 deployment in a test environment (Windows 10) description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. -ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, script ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index 78849e6f4b..4f1b8456b8 100644 --- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -1,17 +1,11 @@ --- title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10) description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. -ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: upgrade, update, task sequence, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index e6409ee3f9..12cf171f4d 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -1,17 +1,11 @@ --- title: Use Orchestrator runbooks with MDT (Windows 10) description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: web services, database ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index bbe74794a9..33cc3b4d4b 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -1,17 +1,11 @@ --- title: Use MDT database to stage Windows 10 deployment info (Windows 10) description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database. -ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46 ms.reviewer: manager: dougeby ms.author: aaroncz -ms.pagetype: mdt -keywords: database, permissions, settings, configure, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md index 6f6b6c785e..0dfbb9978a 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md @@ -1,17 +1,11 @@ --- title: Use web services in MDT (Windows 10) description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. -ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, web apps ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.pagetype: mdt -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 9846a41bcf..7645fc5c05 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -1,18 +1,11 @@ --- title: Deploy Windows To Go in your organization (Windows 10) description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell. -ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f ms.reviewer: manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz -keywords: deployment, USB, device, BitLocker, workspace, security, data ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobility -audience: itpro ms.topic: article ms.custom: seo-marvel-apr2020 --- diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index afc608a502..8463fd9abd 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -1,17 +1,12 @@ --- title: Deploy Windows 10 (Windows 10) description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment. -ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C ms.reviewer: manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: medium -audience: itpro ms.topic: article ms.custom: seo-marvel-apr2020 --- diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index d2a8c14908..5afb66f3f6 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -2,10 +2,7 @@ title: Using a proxy with Delivery Optimization manager: dansimp description: Settings to use with various proxy configurations to allow Delivery Optimization to work -keywords: updates, downloads, network, bandwidth ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md index f3c6ba9095..0edb9f9ba1 100644 --- a/windows/deployment/do/delivery-optimization-workflow.md +++ b/windows/deployment/do/delivery-optimization-workflow.md @@ -2,10 +2,7 @@ title: Delivery Optimization client-service communication explained manager: dougeby description: Details of how Delivery Optimization communicates with the server when content is requested to download. -keywords: updates, downloads, network, bandwidth ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md index 811b6b5a0c..2828da9932 100644 --- a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md +++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md @@ -4,8 +4,6 @@ ms.author: mstewart manager: dougeby ms.prod: w10 ms.collection: M365-modern-desktop -ms.mktglfcycl: deploy -audience: itpro ms.topic: include ms.date: 04/06/2022 ms.localizationpriority: medium diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index 2622d23564..96b99ceefe 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -2,10 +2,7 @@ title: Microsoft Connected Cache for Enterprise and Education (private preview) manager: dougeby description: Details on Microsoft Connected Cache (MCC) for Enterprise and Education. -keywords: updates, downloads, network, bandwidth ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index ce7b9f9219..f1babe4d8a 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -3,10 +3,7 @@ title: Delivery Optimization reference ms.reviewer: manager: dougeby description: This article provides a summary of references and descriptions for all of the Delivery Optimization settings. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index 19d12f832c..fd6f82f98c 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -3,10 +3,7 @@ title: Set up Delivery Optimization ms.reviewer: manager: dougeby description: In this article, learn how to set up Delivery Optimization. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md index 25a9c49bfe..2a4f15d921 100644 --- a/windows/deployment/do/waas-delivery-optimization.md +++ b/windows/deployment/do/waas-delivery-optimization.md @@ -2,10 +2,7 @@ title: What is Delivery Optimization? manager: dougeby description: This article provides information about Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index 9126dea4e9..22076d8f9a 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -2,10 +2,7 @@ title: Microsoft Connected Cache overview manager: dougeby description: This article provides information about Microsoft Connected Cache (MCC), a software-only caching solution. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md index 794b51ee2b..e2e98fe19a 100644 --- a/windows/deployment/do/waas-optimize-windows-10-updates.md +++ b/windows/deployment/do/waas-optimize-windows-10-updates.md @@ -2,8 +2,6 @@ title: Optimize Windows update delivery description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache. ms.prod: w10 -ms.mktglfcycl: manage -author: aczechowski ms.localizationpriority: medium ms.author: aaroncz ms.reviewer: diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md index f1cd1edb98..3643b5fea8 100644 --- a/windows/deployment/do/whats-new-do.md +++ b/windows/deployment/do/whats-new-do.md @@ -2,10 +2,7 @@ title: What's new in Delivery Optimization manager: dougeby description: What's new in Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics, mcc, do, delivery, connected cache ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index d3f1d72f64..112c4d3436 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -1,17 +1,11 @@ --- title: MBR2GPT description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. -keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.date: 02/13/2018 manager: dougeby -ms.audience: itpro ms.localizationpriority: high ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md index 65ab59f764..8faeb00aab 100644 --- a/windows/deployment/planning/act-technical-reference.md +++ b/windows/deployment/planning/act-technical-reference.md @@ -1,15 +1,10 @@ --- title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10) description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows. -ms.assetid: d90d38b2-2718-4481-90eb-4480719627ba ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md index 44652ad790..d6cc26188b 100644 --- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md +++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md @@ -1,15 +1,10 @@ --- title: Applying Filters to Data in the SUA Tool (Windows 10) description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application. -ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md index a18ef827ca..1db5157b5e 100644 --- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md +++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Available Data Types and Operators in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases. -ms.assetid: 67d9c03e-ab9d-4fda-8a55-8c5b90266d3b ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md index 0794a35f0b..fead1005e4 100644 --- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md +++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md @@ -1,16 +1,10 @@ --- title: Best practice recommendations for Windows To Go (Windows 10) description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available. -ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: best practices, USB, device, boot ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index 7b81a26b48..a3a1f27a04 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -1,15 +1,10 @@ --- title: Compatibility Administrator User's Guide (Windows 10) -ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: dougeby ms.author: aaroncz description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-mar2020 diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 6ca2e8566d..6ace821889 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -1,15 +1,10 @@ --- title: Compatibility Fix Database Management Strategies and Deployment (Windows 10) -ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: dougeby ms.author: aaroncz description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md index 57b2e00924..905b52b295 100644 --- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md +++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md @@ -1,15 +1,10 @@ --- title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. -ms.assetid: cd51c824-557f-462a-83bb-54b0771b7dff ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md index c1b28533d4..fe0d8b09c8 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. -ms.assetid: e4f2853a-0e46-49c5-afd7-0ed12f1fe0c2 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md index bfa50f5280..2f0793108b 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Create a Custom Compatibility Mode (Windows 10) description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. -ms.assetid: 661a1c0d-267f-4a79-8445-62a9a98d09b0 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 3640a3801b..55551f08fc 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Create AppHelp Message in Compatibility Administrator (Windows 10) description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system. -ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 397f230051..b6874c0cde 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -1,16 +1,10 @@ --- title: Deployment considerations for Windows To Go (Windows 10) description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go. -ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, mobile, device, USB, boot, image, workspace, driver ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md index bcad4a3136..9e64ab8e0b 100644 --- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md +++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes. -ms.assetid: 6bd4a7c5-0ed9-4a35-948c-c438aa4d6cb6 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md index df0e93d341..0bb13ccd0f 100644 --- a/windows/deployment/planning/features-lifecycle.md +++ b/windows/deployment/planning/features-lifecycle.md @@ -2,10 +2,7 @@ title: Windows client features lifecycle description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature. ms.prod: w10 -ms.mktglfcycl: plan ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski manager: dougeby ms.author: aaroncz diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md index 1f81b6a7ea..54b85fbaa4 100644 --- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md +++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md @@ -1,15 +1,10 @@ --- title: Fixing Applications by Using the SUA Tool (Windows 10) description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application. -ms.assetid: 7f5947b1-977b-4d7e-bb52-fbe8e76f6b8b ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md index 9e06b64d91..72b7ebe705 100644 --- a/windows/deployment/planning/index.md +++ b/windows/deployment/planning/index.md @@ -1,11 +1,7 @@ --- title: Plan for Windows 10 deployment (Windows 10) description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date. -ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15 -keywords: deploy, upgrade, update, configure ms.prod: w10 -ms.mktglfcycl: plan -ms.sitesec: library ms.localizationpriority: medium author: aczechowski ms.author: aaroncz diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md index 75bd75782f..cdd078d772 100644 --- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md +++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Install/Uninstall Custom Databases (Windows 10) description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. -ms.assetid: 659c9d62-5f32-433d-94aa-12141c01368f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md index 242674d390..9e24aa3ddf 100644 --- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md +++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md @@ -1,15 +1,10 @@ --- title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10) description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases. -ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md index 4e1df0cd04..78f1404be6 100644 --- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md +++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md @@ -1,16 +1,10 @@ --- title: Prepare your organization for Windows To Go (Windows 10) description: Though Windows To Go is no longer being developed, you can find info here about the the “what”, “why”, and “when” of deployment. -ms.assetid: f3f3c160-90ad-40a8-aeba-2aedee18f7ff ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: ["mobile, device, USB, deploy"] ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md index b350133316..53d51c7ea4 100644 --- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Searching for Fixed Applications in Compatibility Administrator (Windows 10) description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. -ms.assetid: 1051a2dc-0362-43a4-8ae8-07dae39b1cb8 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md index 62b098d6e5..496856bf9f 100644 --- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator (Windows 10) description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature. -ms.assetid: dd213b55-c71c-407a-ad49-33db54f82f22 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index f2d306f5bd..cbb62f87be 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -1,16 +1,10 @@ --- title: Security and data protection considerations for Windows To Go (Windows 10) description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure. -ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: mobile, device, USB, secure, BitLocker ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility, security -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md index 550c1b7cb8..f6e9d05353 100644 --- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md +++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md @@ -1,15 +1,10 @@ --- title: Showing Messages Generated by the SUA Tool (Windows 10) description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated. -ms.assetid: 767eb7f2-d6c4-414c-a7b3-a997337d904a ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index 2936429060..50bae4c447 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -2,15 +2,10 @@ title: SUA User's Guide (Windows 10) description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature. ms.custom: seo-marvel-apr2020 -ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md index 247dae8ef3..ab6c4e83a7 100644 --- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md +++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md @@ -1,15 +1,10 @@ --- title: Tabs on the SUA Tool Interface (Windows 10) description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze. -ms.assetid: 0d705321-1d85-4217-bf2c-0ca231ca303b ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md index 375609958a..4ab4be6a19 100644 --- a/windows/deployment/planning/testing-your-application-mitigation-packages.md +++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md @@ -1,15 +1,10 @@ --- title: Testing Your Application Mitigation Packages (Windows 10) description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues. -ms.assetid: ae946f27-d377-4db9-b179-e8875d454ccf ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md index 755b66cf80..d91279a5d5 100644 --- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md +++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md @@ -1,15 +1,10 @@ --- title: Understanding and Using Compatibility Fixes (Windows 10) description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. -ms.assetid: 84bf663d-3e0b-4168-99d6-a26e054821b7 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md index 991cc5eabc..2e1dbd9ead 100644 --- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md +++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md @@ -1,15 +1,10 @@ --- title: Using the Compatibility Administrator Tool (Windows 10) description: This section provides information about using the Compatibility Administrator tool. -ms.assetid: 57271e47-b9b9-4018-a0b5-7115a533166d ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index 498a0d4424..e4196523e8 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -1,15 +1,10 @@ --- title: Using the Sdbinst.exe Command-Line Tool (Windows 10) description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options. -ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md index 7dd26dfa38..f4de4f8ae5 100644 --- a/windows/deployment/planning/using-the-sua-tool.md +++ b/windows/deployment/planning/using-the-sua-tool.md @@ -1,15 +1,10 @@ --- title: Using the SUA Tool (Windows 10) description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. -ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index 408504f26c..e0a506b5ca 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -1,15 +1,10 @@ --- title: Using the SUA wizard (Windows 10) description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues. -ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md index 9a7abdef9a..3d363d0db4 100644 --- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md +++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md @@ -1,15 +1,10 @@ --- title: Viewing the Events Screen in Compatibility Administrator (Windows 10) description: You can use the Events screen to record and view activities in the Compatibility Administrator tool. -ms.assetid: f2b2ada4-1b7b-4558-989d-5b52b40454b3 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md index a1b074a935..790592964c 100644 --- a/windows/deployment/planning/windows-10-compatibility.md +++ b/windows/deployment/planning/windows-10-compatibility.md @@ -1,17 +1,11 @@ --- title: Windows 10 compatibility (Windows 10) description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. -ms.assetid: 829BE5B5-330A-4702-807A-8908B4FC94E8 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, upgrade, update, appcompat ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md index 6d2b053310..a9fb6d7c33 100644 --- a/windows/deployment/planning/windows-10-deployment-considerations.md +++ b/windows/deployment/planning/windows-10-deployment-considerations.md @@ -1,16 +1,11 @@ --- title: Windows 10 deployment considerations (Windows 10) description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. -ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, upgrade, update, in-place ms.prod: w10 ms.localizationpriority: medium -ms.mktglfcycl: plan -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index bfe6fbc509..4bde7474f4 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -1,16 +1,11 @@ --- title: Windows 10 infrastructure requirements (Windows 10) description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization. -ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: deploy, upgrade, update, hardware ms.prod: w10 -ms.mktglfcycl: plan ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 9df0d61488..baa2e8882e 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -2,10 +2,7 @@ title: Windows 10 - Features that have been removed description: In this article, learn about the features and functionality that has been removed or replaced in Windows 10. ms.prod: w10 -ms.mktglfcycl: plan ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 79b583332b..483767ebfe 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -1,16 +1,10 @@ --- title: Windows To Go feature overview (Windows 10) description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive. -ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: workspace, mobile, installation, image, USB, device, image, edu ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: mobility, edu -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index cc1cf8f69d..59ec7c3e89 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -1,17 +1,11 @@ --- title: Windows 10 Pro in S mode description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers? -keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode -ms.mktglfcycl: deploy ms.localizationpriority: high ms.prod: w10 -ms.sitesec: library -ms.pagetype: deploy manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz -audience: itpro ms.topic: article ms.custom: seo-marvel-apr2020 ms.collection: highpri diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index daf7fb1e1a..cb6e0cf046 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -3,13 +3,8 @@ title: Log files and resolving upgrade errors manager: dougeby ms.author: aaroncz description: Learn how to interpret and analyze the log files that are generated during the Windows 10 upgrade process. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 76ea88816f..9976bc228d 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -4,13 +4,8 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index d2bec5e3f1..44d5400854 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -3,12 +3,7 @@ title: Resolution procedures - Windows IT Pro manager: dougeby ms.author: aaroncz description: Discover general troubleshooting procedures for dealing with 0xC1900101, the generic rollback code thrown when something goes wrong during a Windows 10 upgrade. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 57df118f87..059f0801cb 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -3,12 +3,7 @@ title: Resolve Windows 10 upgrade errors - Windows IT Pro manager: dougeby ms.author: aaroncz description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 505f23ab18..c6161cdc2d 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -3,13 +3,8 @@ title: SetupDiag manager: dougeby ms.author: aaroncz description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors. -keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index 17692fe281..78530d857f 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -4,12 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: Download the Feedback Hub app, and then submit Windows 10 upgrade errors for diagnosis using feedback hub. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, feedback ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index 736fd59813..5b8cff866c 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -3,12 +3,7 @@ title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro manager: dougeby ms.author: aaroncz description: Understanding the Windows 10 upgrade process can help you troubleshoot errors when something goes wrong. Find out more with this guide. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 3b0ef7d8df..6d09c5829a 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -3,12 +3,7 @@ title: Upgrade error codes - Windows IT Pro manager: dougeby ms.author: aaroncz description: Understand the error codes that may come up if something goes wrong during the Windows 10 upgrade process. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 959bb7e649..18488633f6 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -1,15 +1,10 @@ --- title: Windows 10 edition upgrade (Windows 10) description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. -ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mobile -audience: itpro author: aczechowski ms.topic: article ms.collection: highpri diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 46541e996a..bf02d1b890 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -4,11 +4,7 @@ manager: dougeby ms.author: aaroncz description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: medium -ms.pagetype: mobile -audience: itpro author: aczechowski ms.topic: article ms.collection: highpri diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 74939a1ac1..c8f3986ed2 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -4,12 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index f18c6db530..d07d93a95c 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -1,14 +1,10 @@ --- title: Windows Upgrade and Migration Considerations (Windows 10) description: Discover the Microsoft tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration. -ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index fbae4bcd47..3ec4c5a2de 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -2,18 +2,12 @@ title: Configure VDA for Windows 10/11 Subscription Activation ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario. -keywords: upgrade, update, task sequence, deploy ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro ms.topic: article ms.collection: M365-modern-desktop --- diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 374b78e022..3476d250c5 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -2,10 +2,7 @@ title: Windows Deployment Services (WDS) boot.wim support description: This article provides details on the support capabilities of WDS for end to end operating system deployment. ms.prod: w11 -ms.mktglfcycl: plan ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md index 00b17c1196..18021d5a5d 100644 --- a/windows/deployment/windows-10-deployment-posters.md +++ b/windows/deployment/windows-10-deployment-posters.md @@ -3,15 +3,10 @@ title: Windows 10 deployment process posters description: View and download Windows 10 deployment process flows for Microsoft Endpoint Manager and Windows Autopilot. ms.reviewer: manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz -keywords: upgrade, in-place, configuration, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro ms.topic: article --- diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 09bd64cb23..a1d13f7d3e 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -1,17 +1,11 @@ --- title: Windows 10 deployment scenarios (Windows 10) description: Understand the different ways Windows 10 operating system can be deployed in your organization. Explore several Windows 10 deployment scenarios. -ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5 manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski -keywords: upgrade, in-place, configuration, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro ms.topic: article ms.collection: highpri --- From de1733184a92ae2a24d40930925b18487c345fa4 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Tue, 7 Jun 2022 03:02:38 +0530 Subject: [PATCH 316/540] Updated-6038482 Articles updated to resolve Warning and address Acrolinx errors. --- ...fresh-a-windows-7-computer-with-windows-10.md | 16 ++++++++-------- ...dows-7-computer-with-a-windows-10-computer.md | 16 ++++++++-------- .../do/waas-optimize-windows-10-updates.md | 1 + 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md index 838b5508db..356ba70dcc 100644 --- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md @@ -17,12 +17,12 @@ ms.topic: article This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/). -For the purposes of this topic, we will use three computers: DC01, MDT01, and PC0001. +For the purposes of this topic, we'll use three computers: DC01, MDT01, and PC0001. - DC01 is a domain controller for the contoso.com domain. - MDT01 is domain member server that hosts your deployment share. - PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1. -Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md). +Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md). ![computers.](../images/mdt-04-fig01.png "Computers used in this topic") @@ -30,9 +30,9 @@ The computers used in this topic. ## The computer refresh process -A computer refresh is not the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings. +A computer refresh isn't the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings. -For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh you will: +For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will: 1. Back up data and settings locally, in a backup folder. 2. Wipe the partition, except for the backup folder. @@ -40,7 +40,7 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w 4. Install other applications. 5. Restore data and settings. -During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data. +During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's a lot of data. >[!NOTE] >In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario. @@ -60,17 +60,17 @@ In addition to the command-line switches that control which profiles to migrate, ### Multicast -Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You will need to update the deployment share after changing this setting. +Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You'll need to update the deployment share after changing this setting. ## Refresh a Windows 7 SP1 client -In these section, we assume that you have already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01: +In this section, we assume that you've already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01: - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) - [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) - [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md) -It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we will refreshing a Windows 7 SP1 PC to Windows 10, version 1909. +It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909. ### Upgrade (refresh) a Windows 7 SP1 client diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md index fd32026678..30ca655b46 100644 --- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -1,6 +1,6 @@ --- title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10) -description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device. +description: In this article, you'll learn how to replace a Windows 7 device with a Windows 10 device. ms.custom: seo-marvel-apr2020 ms.reviewer: manager: dougeby @@ -16,15 +16,15 @@ ms.topic: article **Applies to** - Windows 10 -A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. +A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. -For the purposes of this topic, we will use four computers: DC01, MDT01, PC0002, and PC0007. +For the purposes of this topic, we'll use four computers: DC01, MDT01, PC0002, and PC0007. - DC01 is a domain controller for the contoso.com domain. - MDT01 is domain member server that hosts your deployment share. - PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007. - PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain. -For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md). +For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md). ![The computers used in this topic.](../images/mdt-03-fig01.png) @@ -40,9 +40,9 @@ The computers used in this topic. On **MDT01**: -1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, click **Properties**, and then click the **Rules** tab. -2. Change the **SkipUserData=YES** option to **NO**, and click **OK**. -3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings. +1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, select **Properties**, and then select the **Rules** tab. +2. Change the **SkipUserData=YES** option to **NO**, and select **OK**. +3. Right-click on **MDT Production** and select **Update Deployment Share**. Then select **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings. ### Create and share the MigData folder @@ -75,7 +75,7 @@ On **MDT01**: During a computer replace, these are the high-level steps that occur: -1. On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup. +1. On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup. 2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored. ### Run the replace task sequence diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md index e2e98fe19a..6bf560ab5a 100644 --- a/windows/deployment/do/waas-optimize-windows-10-updates.md +++ b/windows/deployment/do/waas-optimize-windows-10-updates.md @@ -3,6 +3,7 @@ title: Optimize Windows update delivery description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache. ms.prod: w10 ms.localizationpriority: medium +author: aaroncz ms.author: aaroncz ms.reviewer: manager: dougeby From b529127d41771c19bdac17214b026f0f7868d974 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 6 Jun 2022 16:24:43 -0700 Subject: [PATCH 317/540] Add policies to page and updates --- ...es-in-policy-csp-supported-by-hololens2.md | 31 +++++++++++-------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 142d9058c1..61da8064e2 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.technology: windows author: dansimp ms.localizationpriority: medium -ms.date: 03/01/2022 +ms.date: 06/06/2022 --- # Policies in Policy CSP supported by HoloLens 2 @@ -50,11 +50,15 @@ ms.date: 03/01/2022 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) +- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 -- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10 +- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 +- [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update) - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9 +- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9 +- [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9 - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9 - [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) 9 @@ -102,13 +106,13 @@ ms.date: 03/01/2022 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice) -- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10 -- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10 +- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 11 +- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 11 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel) -- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10 -- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10 -- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10 -- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10 +- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 11 +- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 11 +- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 11 +- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 11 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays) - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds) @@ -116,10 +120,10 @@ ms.date: 03/01/2022 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates) - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday) - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime) -- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10 -- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10 +- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 11 +- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 11 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess) -- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10 +- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 11 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8 @@ -133,8 +137,9 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. -- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2) -- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) +- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2) +- 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1) +- 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) ## Related topics From 4dd6d377b583e71ce35a3d0526fcab5d2d5e822a Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 7 Jun 2022 08:51:06 +0300 Subject: [PATCH 318/540] Update windows/deployment/windows-10-subscription-activation.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 42fc531050..a9a1139765 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -30,7 +30,7 @@ Windows 10 Pro supports the Subscription Activation feature, enabling users to With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**. -If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying [Windows 10 Business](https://docs.microsoft.com/en-us/microsoft-365/business-premium/microsoft-365-business-faqs?view=o365-worldwide#what-is-windows-10-business). +If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying [Windows 10 Business](/microsoft-365/business-premium/microsoft-365-business-faqs?view=o365-worldwide#what-is-windows-10-business). The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. From f42e4e09208940896313efade3e55d978d73b54d Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 7 Jun 2022 08:53:43 -0700 Subject: [PATCH 319/540] Update eap-configuration.md --- windows/client-management/mdm/eap-configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index e1608210b9..1565168c9c 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -139,7 +139,7 @@ The following list describes the prerequisites for a certificate to be used with - The certificate must have at least one of the following EKU properties: - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2. - - Any Purpose: This property is an EKU-defined one and is published by Microsoft.,It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. + - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes. - The user or the computer certificate on the client must chain to a trusted root CA. @@ -287,4 +287,4 @@ Alternatively, you can use the following procedure to create an EAP configuratio ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) From 31a2c426943eae7b1369558d564d8dfef0d824c9 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Wed, 8 Jun 2022 09:50:49 +0200 Subject: [PATCH 320/540] #10340 #10340 the feedback was about stressing that a step is not needed for Windows Server 2019. I discovered that this is already mentioned in the article, so I made that statement bold to make it stand out. --- .../hello-for-business/hello-cert-trust-validate-ad-prereq.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 53a69d9ca8..35d754ebe4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -25,7 +25,9 @@ ms.reviewer: - On-premises deployment - Certificate trust -The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the **Updating the Schema** and **Create the KeyCredential Admins Security Global Group** steps. +The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. + +**If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the 'Updating the Schema' and 'Create the KeyCredential Admins Security Global Group' steps below.** Manually updating Active Directory uses the command-line utility **adprep.exe** located at **\:\support\adprep** on the Windows Server 2016 or later DVD or ISO. Before running adprep.exe, you must identify the domain controller hosting the schema master role. From fe0b1343e3c29d31b131c78396dd6c9584f67566 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Wed, 8 Jun 2022 10:11:58 +0200 Subject: [PATCH 321/540] #10356 #10356 I followed the discussion on the original post and I implemented these changes accordingly --- .../hello-for-business/hello-cert-trust-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 18e5489911..dc18e09acc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -60,7 +60,7 @@ The Group Policy object contains the policy settings needed to trigger Windows H 3. Right-click **Group Policy object** and select **New**. 4. Type *Enable Windows Hello for Business* in the name box and click **OK**. 5. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**. -6. In the navigation pane, expand **Policies** under **User Configuration**. +6. In the navigation pane, expand **Policies** under **User Configuration** (this the only option for for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). 7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**. 8. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**. 9. Double-click **Use certificate for on-premises authentication**. Click **Enable** and click **OK**. Close the **Group Policy Management Editor**. @@ -70,7 +70,7 @@ The Group Policy object contains the policy settings needed to trigger Windows H 1. Start the **Group Policy Management Console** (gpmc.msc). 2. Expand the domain and select the **Group Policy Object** node in the navigation pane. 3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**. -4. In the navigation pane, expand **Policies** under **User Configuration**. +4. In the navigation pane, expand **Policies** under **User Configuration** (this the only option for for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). 5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**. 6. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**. 7. Select **Enabled** from the **Configuration Model** list. From ab6a96d85eb6d61789ddb5834a13aa407e994526 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 8 Jun 2022 01:59:33 -0700 Subject: [PATCH 322/540] Update faq-md-app-guard.yml --- .../microsoft-defender-application-guard/faq-md-app-guard.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index e423ab56b2..b641427ea4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -78,12 +78,10 @@ sections: - question: | What is the WDAGUtilityAccount local account? answer: | - WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If *Run as a service* permissions are revoked for this account, you might see the following error: + WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. It requires *Logon as a service* permissions to be able to function correctly. If this permission is denied, you might see the following error: **Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000** - We recommend that you don't modify this account. - - question: | How do I trust a subdomain in my site list? answer: | From 14d52784f84f4299207d60613f2914945f51575a Mon Sep 17 00:00:00 2001 From: Florian Stosse Date: Wed, 8 Jun 2022 17:05:19 +0200 Subject: [PATCH 323/540] Fix indentation in XML code block --- .../microsoft-recommended-block-rules.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 0fbd505f00..ddc280cfb4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -162,7 +162,7 @@ Select the correct version of each .dll for the Windows release you plan to supp - + @@ -877,7 +877,7 @@ Select the correct version of each .dll for the Windows release you plan to supp - + @@ -905,10 +905,10 @@ Select the correct version of each .dll for the Windows release you plan to supp + + + + --> From 8422c4ed7ae744192f99f7ccfb881260fedddc0e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 8 Jun 2022 21:28:21 +0530 Subject: [PATCH 324/540] added curly brackets as per user report #10583, I added curly brackets. but i could not able add the correct screenshot. --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 8ca6538d48..74765dffac 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -251,7 +251,7 @@ You can use Group Policy to deploy an administrative template policy setting to :::image type="content" source="images/passwordless/gpmc-exclude-credential-providers.png" alt-text="The Group Policy Management Editor displaying the location of 'Logon' node and the policy setting 'Exclude credential providers'."::: -The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is `60b78e88-ead8-445c-9cfd-0b87f74ea6cd`. +The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is `{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}`. :::image type="content" source="images/passwordless/exclude-credential-providers-properties.png" alt-text="Properties of the policy setting 'Exclude credential providers'."::: From 282cc86ff5528173f2fe3266782961d707edb527 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 8 Jun 2022 10:12:41 -0700 Subject: [PATCH 325/540] Added note; feature isn't available during public preview. --- .../deploy/windows-autopatch-admin-contacts.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index 47d7b8677c..2ecfa99202 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -14,6 +14,9 @@ msreviewer: hathind # Add and verify admin contacts +> [!IMPORTANT] +> The Admin contacts blade isn't available during public preview. However, we'll use the admin contacts provided by you during public preview onboarding. + There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch. > [!IMPORTANT] From b00b4519e5f272e33c01886bf01502f761a01a4e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 8 Jun 2022 12:52:15 -0700 Subject: [PATCH 326/540] Fixing broken link. --- .../windows-autopatch/operate/windows-autopatch-edge.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md index 3f0a1a95c6..4b27f96da4 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md @@ -14,7 +14,7 @@ msreviewer: hathind # Microsoft Edge -Windows Autopatch uses the [Stable channel](/deployedge/microsoft-edge-channels%22%20/l%20%22stable-channel) of Microsoft Edge. +Windows Autopatch uses the [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) of Microsoft Edge. ## Device eligibility @@ -31,7 +31,7 @@ Microsoft Edge will check for updates every 10 hours. Quality updates occur week Browser updates with critical security fixes will have a faster rollout cadence than updates that don't have critical security fixes to ensure prompt protection from vulnerabilities. -Devices in the Test device group receive feature updates from the [Beta channel](/deployedge/microsoft-edge-channels#beta-channel). This channel is fully supported and automatically updated with new features approximately every four weeks. +Devices in the Test device group receive feature updates from the [Beta Channel](/deployedge/microsoft-edge-channels#beta-channel). This channel is fully supported and automatically updated with new features approximately every four weeks. ## Pausing and resuming updates From 426955319f177b490c3f6b275355216d77e59a94 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 9 Jun 2022 12:41:59 +0530 Subject: [PATCH 327/540] Improper acronyms review update-04 The updates here are made for acronym :WDAC as per the task 6027362. Thanks! --- .../mdm/applicationcontrol-csp.md | 2 +- ...tion-based-protection-of-code-integrity.md | 5 ++-- ...nd-windows-defender-application-control.md | 4 +-- ...perational-guide-appid-tagging-policies.md | 4 +-- .../deploy-appid-tagging-policies.md | 6 ++--- .../design-create-appid-tagging-policies.md | 4 +-- ...application-control-appid-tagging-guide.md | 2 +- .../LOB-win32-apps-on-s.md | 10 +++---- ...s-defender-application-control-policies.md | 4 +-- ...s-defender-application-control-policies.md | 2 +- .../create-initial-default-policy.md | 8 +++--- .../create-wdac-deny-policy.md | 6 ++--- ...e-wdac-policy-for-fully-managed-devices.md | 14 +++++----- ...wdac-policy-for-lightly-managed-devices.md | 10 +++---- ...rt-windows-defender-application-control.md | 8 +++--- ...s-defender-application-control-policies.md | 12 ++++----- ...ion-control-policies-using-group-policy.md | 8 +++--- ...plication-control-policies-using-intune.md | 10 +++---- .../deploy-wdac-policies-with-memcm.md | 4 +-- .../deploy-wdac-policies-with-script.md | 6 ++--- ...s-defender-application-control-policies.md | 13 +++++----- ...s-defender-application-control-policies.md | 8 +++--- .../event-tag-explanations.md | 6 ++--- .../example-wdac-base-policies.md | 4 +-- .../feature-availability.md | 4 +-- ...th-windows-defender-application-control.md | 14 +++++----- ...s-defender-application-control-policies.md | 12 ++++----- .../operations/known-issues.md | 5 ++-- ...defender-application-control-management.md | 26 +++++++++---------- ...events-centrally-using-advanced-hunting.md | 8 +++--- .../select-types-of-rules-to-create.md | 16 ++++++------ .../types-of-devices.md | 12 ++++----- ...ication-control-policy-design-decisions.md | 20 +++++++------- .../understanding-wdac-policy-settings.md | 6 ++--- ...ontrol-for-classic-windows-applications.md | 10 +++---- ...r-application-control-against-tampering.md | 6 ++--- ...l-specific-plug-ins-add-ins-and-modules.md | 6 ++--- ...tion-control-with-dynamic-code-security.md | 4 +-- ...control-with-intelligent-security-graph.md | 12 ++++----- .../wdac-and-applocker-overview.md | 12 ++++----- .../wdac-wizard-create-base-policy.md | 16 ++++++------ .../wdac-wizard-create-supplemental-policy.md | 6 ++--- .../wdac-wizard-editing-policy.md | 8 +++--- .../wdac-wizard-merging-policies.md | 4 +-- .../wdac-wizard.md | 2 +- ...er-application-control-deployment-guide.md | 8 +++--- ...fender-application-control-design-guide.md | 2 +- ...r-application-control-operational-guide.md | 2 +- .../windows-defender-application-control.md | 2 +- .../ltsc/whats-new-windows-10-2021.md | 9 ++++--- .../whats-new-windows-10-version-1903.md | 10 +++---- 51 files changed, 201 insertions(+), 201 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 02eb0f514c..d3bfbc3db3 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -26,7 +26,7 @@ The table below shows the applicability of Windows: Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. -Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. +Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although, WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. The following example shows the ApplicationControl CSP in tree format. diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 4d66697518..4a0981cf1f 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -75,9 +75,10 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > [!IMPORTANT] +> > - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled. > -> In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled. +> - In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have Windows Defender Application Control enabled. > > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. @@ -312,7 +313,7 @@ C. If you experience a critical error during boot or your system is unstable aft ## HVCI deployment in virtual machines -HVCI can protect a Hyper-V virtual machine, just as it would a physical machine. The steps to enable WDAC are the same from within the virtual machine. +HVCI can protect a Hyper-V virtual machine, just as it would a physical machine. The steps to enable Windows Defender Application Control are the same from within the virtual machine. WDAC protects against malware running in the guest virtual machine. It does not provide additional protection from the host administrator. From the host, you can disable WDAC for a virtual machine: diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 21f2516780..82d351a624 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -24,7 +24,7 @@ Windows 10 includes a set of hardware and OS technologies that, when configured WDAC policies and HVCI are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows 10 devices. -Using WDAC to restrict devices to only authorized apps has these advantages over other solutions: +Using Windows Defender Application Control to restrict devices to only authorized apps has these advantages over other solutions: 1. WDAC policy is enforced by the Windows kernel itself, and the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. 2. WDAC lets you set application control policy for code that runs in user mode, kernel mode hardware and software drivers, and even code that runs as part of Windows. @@ -37,7 +37,7 @@ When we originally promoted Device Guard, we did so with a specific security pro WDAC has no specific hardware or software requirements other than running Windows 10, which means customers were denied the benefits of this powerful application control capability due to Device Guard confusion. -Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we now discuss and document WDAC as an independent technology within our security stack and gave it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). +Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we now discuss and document Windows Defender Application Control as an independent technology within our security stack and gave it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). We hope this change will help us better communicate options for adopting application control within your organizations. ## Related articles diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index 19a27eb4d3..7b909e6fb0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -27,13 +27,13 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. ## Verifying Tags on Running Processes -After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since WDAC can only tag processes created after the policy has been deployed. +After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed. 1. Download and Install the Windows Debugger diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index a8ac5aafd1..8c2b314e2b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -29,7 +29,7 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -Similar to WDAC Application Control policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: +Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: 1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm) 1. [Deploy policies with MEMCM](#deploy-appid-tagging-policies-with-memcm) @@ -46,7 +46,7 @@ Custom AppId Tagging policies can deployed via MEMCM using the [deployment task ### Deploy AppId Tagging Policies via Scripting -Scripting hosts can be used to deploy AppId Tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. The [Deploy WDAC policies using script article](/deployment/deploy-wdac-policies-with-script.md) describes how to deploy WDAC AppId Tagging policies via scripting. Only the method for deploying to version 1903 and above is applicable for AppId Tagging policies. +Scripting hosts can be used to deploy AppId Tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. The [Deploy Windows Defender Application Control policies using script article](/deployment/deploy-wdac-policies-with-script.md) describes how to deploy WDAC AppId Tagging policies via scripting. Only the method for deploying to version 1903 and above is applicable for AppId Tagging policies. ### Deploying policies via the ApplicationControl CSP @@ -57,4 +57,4 @@ However, when policies are unenrolled from an MDM server, the CSP will attempt t For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use MEM Intune's Custom OMA-URI capability. > [!NOTE] -> WMI and GP do not currently support multiple policies. Instead, customers who can't directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format WDAC policies. +> WMI and GP do not currently support multiple policies. Instead, customers who can't directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index e39893ba64..f89802b9f4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -27,11 +27,11 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). ## Create the policy using the WDAC Wizard -You can use the WDAC Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). +You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). 1. Create a new base policy using the templates: diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md index 97105395a8..3dca939ef9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md @@ -31,7 +31,7 @@ ms.technology: windows-sec ## AppId Tagging Feature Overview -The Application ID (AppId) Tagging Policy feature, while based off WDAC, does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't. +The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't. ## AppId Tagging Feature Availability diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md index bea57dd3c8..e882f22e84 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md @@ -1,6 +1,6 @@ --- title: Allow LOB Win32 Apps on Intune-Managed S Mode Devices (Windows) -description: Using WDAC supplemental policies, you can expand the S mode base policy on your Intune-managed devices. +description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S mode base policy on your Intune-managed devices. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -26,7 +26,7 @@ ms.technology: windows-sec - Windows 11 >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications and Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows in S mode devices. @@ -39,7 +39,7 @@ Refer to the below video for an overview and brief demo. ![Policy Authorization.](images/wdac-intune-policy-authorization.png) The general steps for expanding the S mode base policy on your Intune-managed devices are to generate a supplemental policy, sign that policy, and then upload the signed policy to Intune and assign it to user or device groups. Because you need access to WDAC PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, we recommend assigning it to a single test S-mode device to verify expected functioning before deploying the policy more broadly. -1. Generate a supplemental policy with WDAC tooling +1. Generate a supplemental policy with Windows Defender Application Control tooling This policy will expand the S mode base policy to authorize additional applications. Anything authorized by either the S mode base policy or your supplemental policy will be allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more. @@ -63,7 +63,7 @@ The general steps for expanding the S mode base policy on your Intune-managed de Set-RuleOption -FilePath "\SupplementalPolicy.xml>" -Option 3 –Delete ``` This deletes the 'audit mode' qualifier. - - Since you'll be signing your policy, you must authorize the signing certificate you will use to sign the policy and optionally one or more additional signers that can be used to sign updates to the policy in the future. For more information, refer to Section 2, Sign policy. Use Add-SignerRule to add the signing certificate to the WDAC policy: + - Since you'll be signing your policy, you must authorize the signing certificate you will use to sign the policy and optionally one or more additional signers that can be used to sign updates to the policy in the future. For more information, refer to Section 2, Sign policy. Use Add-SignerRule to add the signing certificate to the Windows Defender Application Control policy: ```powershell Add-SignerRule -FilePath -CertificatePath -User -Update @@ -76,7 +76,7 @@ The general steps for expanding the S mode base policy on your Intune-managed de 2. Sign policy - Supplemental S mode policies must be digitally signed. To sign your policy, you can choose to use the Device Guard Signing Service (DGSS) or your organization's custom Public Key Infrastructure (PKI). Refer to [Use the Device Guard Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) for guidance on using DGSS and [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md) for guidance on signing using an internal CA. + Supplemental S mode policies must be digitally signed. To sign your policy, you can choose to use the Device Guard Signing Service (DGSS) or your organization's custom Public Key Infrastructure (PKI). Refer to [Use the Device Guard Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) for guidance on using DGSS and [Create a code signing cert for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for guidance on signing using an internal CA. Rename your policy to "{PolicyID}.p7b" after you've signed it. PolicyID can be found by inspecting the Supplemental Policy XML. diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md index 7f1870c0b6..cc3b1b631b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md @@ -29,7 +29,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). -Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. +Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your Windows Defender Application Control policy (WDAC) but should be included. While a WDAC policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new WDAC policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. @@ -81,7 +81,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these ## Convert WDAC **BASE** policy from audit to enforced -As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index 37b1dd7a2a..8b30f46fa9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -27,7 +27,7 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index 72b3039271..3686f2ecb5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -29,7 +29,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -This section outlines the process to create a WDAC policy for fixed-workload devices within an organization. Fixed-workload devices tend to be dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. +This section outlines the process to create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within an organization. Fixed-workload devices tend to be dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. For this example, you must initiate variables to be used during the creation process or use the full file paths in the command. Then create the WDAC policy by scanning the system for installed applications. @@ -37,7 +37,7 @@ The policy file is converted to binary format when it gets created so that Windo ## Overview of the process of creating Windows Defender Application Control policies -A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). +A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. Windows Defender Application Control policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). Optionally, WDAC can align with your software catalog and any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged, or serviced, and managed. @@ -51,9 +51,7 @@ We recommend that you review the reference computer for software that can load a Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you do not want to run scripts. You can remove or disable such software on the reference computer. - - -To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order: +To create a Windows Defender Application Control policy, copy each of the following commands into an elevated Windows PowerShell session, in order: 1. Initialize variables that you will use. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index d7e1d5636c..a5b01bd9ff 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -32,7 +32,7 @@ In this article we explain: ## File Rule Precedence Order -To create effective WDAC deny policies, it's crucial to understand how WDAC parses the policy. The WDAC engine evaluates files against the policy in the following order. +To create effective Windows Defender Application Control deny policies, it's crucial to understand how WDAC parses the policy. The WDAC engine evaluates files against the policy in the following order. 1. Explicit deny rules - if any explicit deny rule exists for a file, it will not run even if other rules are created to try to allow it. Deny rules can use any [rule level](select-types-of-rules-to-create.md#windows-defender-application-control-file-rule-levels). Use the most specific rule level practical when creating deny rules to avoid blocking more than you intend. @@ -45,7 +45,7 @@ To create effective WDAC deny policies, it's crucial to understand how WDAC pars 5. If no rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly. > [!NOTE] -> If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. For more details, see [How does the integration between WDAC and the Intelligent Security Graph work?](use-windows-defender-application-control-with-intelligent-security-graph.md#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work). +> If your Windows Defender Application Control policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. For more details, see [How does the integration between WDAC and the Intelligent Security Graph work?](use-windows-defender-application-control-with-intelligent-security-graph.md#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work). ## Interaction with Existing Policies @@ -155,7 +155,7 @@ Merge-CIPolicy -PolicyPaths $DenyPolicy, $AllowAllPolicy -OutputFilePath $DenyPo Policies should be thoroughly evaluated and first rolled out in audit mode before strict enforcement. Policies can be deployed via multiple options: -1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM) (Windows)](deploy-windows-defender-application-control-policies-using-intune.md) +1. Mobile Device Management (MDM): [Deploy Windows Defender Application Control (WDAC) policies using Mobile Device Management (MDM) (Windows)](deploy-windows-defender-application-control-policies-using-intune.md) 2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)](deployment/deploy-wdac-policies-with-memcm.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index f088c8d7f9..93e9536d48 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -30,12 +30,12 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -This section outlines the process to create a WDAC policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager (MEM). Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. +This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager (MEM). Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] -> Some of the WDAC options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. +> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common WDAC deployment scenarios](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -79,7 +79,7 @@ Having defined the "circle-of-trust", Alice is ready to generate the initial pol Alice follows these steps to complete this task: > [!NOTE] -> If you do not use MEMCM or prefer to use a different [example WDAC base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. +> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. 1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11. @@ -119,7 +119,7 @@ Alice follows these steps to complete this task: 6. If appropriate, add additional signer or file rules to further customize the policy for your organization. -7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format: +7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the Windows Defender Application Control policy to a binary format: > [!NOTE] > In the sample commands below, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file. @@ -169,5 +169,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra ## Up next -- [Create a WDAC policy for fixed-workload devices using a reference computer](create-initial-default-policy.md) -- [Prepare to deploy WDAC policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-initial-default-policy.md) +- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md index a173ced569..5b21e63327 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md @@ -30,10 +30,10 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -This section outlines the process to create a WDAC policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this topic. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later topics. +This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this topic. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later topics. > [!NOTE] -> Some of the WDAC options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. +> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. As in the [previous topic](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. @@ -77,7 +77,7 @@ Having defined the "circle-of-trust", Alice is ready to generate the initial pol Alice follows these steps to complete this task: > [!NOTE] -> If you do not use MEMCM or prefer to use a different [example WDAC base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. +> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. 1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 and above, or Windows 11. @@ -185,5 +185,5 @@ In order to minimize user productivity impact, Alice has defined a policy that m ## Up next -- [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) -- [Prepare to deploy WDAC policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) +- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 0ea6e2d239..348fbacaf2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -33,14 +33,14 @@ Catalog files can be important in your deployment of Windows Defender Applicatio ## Create catalog files -The creation of a catalog file simplifies the steps to run unsigned applications in the presence of a WDAC policy. +The creation of a catalog file simplifies the steps to run unsigned applications in the presence of a Windows Defender Application Control policy. To create a catalog file, you use a tool called **Package Inspector**. You must also have a WDAC policy deployed in audit mode on the computer on which you run Package Inspector, so that Package Inspector can include any temporary installation files that are added and then removed from the computer during the installation process. > [!NOTE] > When you establish a naming convention it makes it easier to detect deployed catalog files in the future. In this guide, *\*-Contoso.cat* is used as the example naming convention. -1. Be sure that a WDAC policy is currently deployed in audit mode on the computer on which you will run Package Inspector. +1. Be sure that a Windows Defender Application Control policy is currently deployed in audit mode on the computer on which you will run Package Inspector. Package Inspector does not always detect temporary installation files that are added and then removed from the computer during the installation process. To ensure that these binaries are also included in your catalog file, deploy a WDAC policy in audit mode. @@ -108,7 +108,7 @@ Packages can fail for the following reasons: - Package Inspector is completely incompatible if files in the package (temporary or otherwise) change hash each time the package is installed. You can diagnose this by looking at the hash field in the 3077 block events when the package is failing in enforcement. If each time you attempt to run the package you get a new block event with a different hash, the package will not work with Package Inspector - Files with an invalid signature blob or otherwise "unhashable" files - This issue arises when a file that has been signed is modified post signing in a way that invalidates the PE header and renders the file unable to be hashed by the Authenticode Spec. - - WDAC uses Authenticode Hashes to validate files when they are running. If the file is unhashable via the authenticode SIP, there is no way to identify the file to allow it, regardless of if you attempt to add the file to the policy directly, or re-sign the file with a Package Inspector catalog (the signature is invalidated due to file being edited, file can't be allowed by hash due to authenticode hashing algorithm rejecting it) + - Windows Defender Application Control uses Authenticode Hashes to validate files when they are running. If the file is unhashable via the authenticode SIP, there is no way to identify the file to allow it, regardless of if you attempt to add the file to the policy directly, or re-sign the file with a Package Inspector catalog (the signature is invalidated due to file being edited, file can't be allowed by hash due to authenticode hashing algorithm rejecting it) - Recent versions of InstallShield packages that use custom actions can hit this. If the DLL input to the custom action was signed before being put through InstallShield, InstallShield adds tracking markers to the file (editing it post signature) which leaves the file in this "unhashable" state and renders the file unable to be allowed by Windows Defender (regardless of if you try to allow directly by policy or resign with Package Inspector) ## Catalog signing with SignTool.exe @@ -156,7 +156,7 @@ After the catalog file is signed, add the signing certificate to a WDAC policy, 1. If you have not already verified the catalog file digital signature, right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with the algorithm you expect. -2. If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a WDAC policy that you will later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder**: +2. If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a Windows Defender Application Control policy that you will later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder**: `New-CIPolicy -Level PcaCertificate -FilePath C:\PolicyFolder\CatalogSignatureOnly.xml –UserPEs` diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 2738724087..50a9a80492 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -1,5 +1,5 @@ --- -title: Use multiple Windows Defender Application Control Policies (Windows) +title: Use multiple Windows Defender Application Control Policies (Windows) description: Windows Defender Application Control supports multiple code integrity policies for one device. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -27,9 +27,9 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -Prior to Windows 10 1903, WDAC only supported a single active policy on a system at any given time. This significantly limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: +Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This significantly limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: 1. Enforce and Audit Side-by-Side - To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side by side with an existing enforcement-mode base policy @@ -91,7 +91,7 @@ When merging, the policy type and ID of the leftmost/first policy specified is u ## Deploying multiple policies -In order to deploy multiple WDAC policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature. +In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature. ### Deploying multiple policies locally @@ -105,11 +105,11 @@ To deploy policies locally using the new multiple policy format, follow these st ### Deploying multiple policies via ApplicationControl CSP -Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.
    +Multiple Windows Defender Application Control policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.
    However, when policies are un-enrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP. See [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using MEM Intune's Custom OMA-URI capability. > [!NOTE] -> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format WDAC policies. +> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 73098a0cc4..23f551bee1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -27,14 +27,14 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). > [!NOTE] -> Group Policy-based deployment of WDAC policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. +> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. -Single-policy format WDAC policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. The following procedure walks you through how to deploy a WDAC policy called **ContosoPolicy.bin** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. +Single-policy format Windows Defender Application Control policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. The following procedure walks you through how to deploy a WDAC policy called **ContosoPolicy.bin** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. -To deploy and manage a WDAC policy with Group Policy: +To deploy and manage a Windows Defender Application Control policy with Group Policy: 1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 3572e0f5f3..61a0f3ce27 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,13 +27,13 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager (MEM) Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. ## Use Intune's built-in policies -Intune's built-in WDAC support allows you to configure Windows client computers to only run: +Intune's built-in Windows Defender Application Control support allows you to configure Windows client computers to only run: - Windows components - 3rd party hardware and software kernel drivers @@ -51,7 +51,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo ## Deploy WDAC policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create WDAC policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. ### Deploy custom WDAC policies on Windows 10 1903+ @@ -78,7 +78,7 @@ The steps to use Intune's custom OMA-URI functionality are: ### Remove WDAC policies on Windows 10 1903+ -Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable WDAC enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This will prevent anything from being blocked and fully remove the WDAC policy on the next reboot. +Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable Windows Defender Application Control enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This will prevent anything from being blocked and fully remove the WDAC policy on the next reboot. ### For pre-1903 systems @@ -100,4 +100,4 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocke #### Removing policies -Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy. +Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable Windows Defender Application Control policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 1ac9e541d2..4c931b2732 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -25,7 +25,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC) on client machines. @@ -39,7 +39,7 @@ MEMCM includes native support for WDAC, which allows you to configure Windows 10 - [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) - [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints. -Note that MEMCM does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable WDAC altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. +Note that MEMCM does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 43ecea1845..e57deda422 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -25,7 +25,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host. @@ -43,7 +43,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p $RefreshPolicyTool = "" ``` -2. Copy WDAC policy binary to the destination folder. +2. Copy Windows Defender Application Control (WDAC) policy binary to the destination folder. ```powershell Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force @@ -66,7 +66,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b" ``` -2. Copy WDAC policy binary to the destination. +2. Copy Windows Defender Application Control (WDAC) policy binary to the destination. ```powershell Copy-Item -Path $PolicyBinary -Destination $DestinationBinary -Force diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md index 6fa1b84ec0..7f04db97e1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md @@ -27,22 +27,23 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). This topic covers how to disable unsigned or signed WDAC policies. ## Disable unsigned Windows Defender Application Control policies -There may come a time when an administrator wants to disable a WDAC policy. For unsigned WDAC policies, this process is simple. The method used to deploy the policy (such as Group Policy) must first be disabled, then simply delete the SIPolicy.p7b policy file from the following locations, and the WDAC policy will be disabled on the next computer restart: +There may come a time when an administrator wants to disable a Windows Defender Application Control policy. For unsigned WDAC policies, this process is simple. The method used to deploy the policy (such as Group Policy) must first be disabled, then simply delete the SIPolicy.p7b policy file from the following locations, and the WDAC policy will be disabled on the next computer restart: - <EFI System Partition>\\Microsoft\\Boot\\ - <OS Volume>\\Windows\\System32\\CodeIntegrity\\ -Note that as of the Windows 10 May 2019 Update (1903), WDAC allows multiple policies to be deployed to a device. To fully disable WDAC when multiple policies are in effect, you must first disable each method being used to deploy a policy. Then delete the {Policy GUID}.cip policy files found in the \CIPolicies\Active subfolder under each of the paths listed above in addition to any SIPolicy.p7b file found in the root directory. +>[!NOTE] +> As of the Windows 10 May 2019 Update (1903), Windows Defender Application Control allows multiple policies to be deployed to a device. To fully disable WDAC when multiple policies are in effect, you must first disable each method being used to deploy a policy. Then delete the {Policy GUID}.cip policy files found in the \CIPolicies\Active subfolder under each of the paths listed above in addition to any SIPolicy.p7b file found in the root directory. ## Disable signed Windows Defender Application Control policies within Windows -Signed policies protect Windows from administrative manipulation as well as malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps. +Signed policies protect Windows from administrative manipulation as well as malware that has gained administrative-level access to the system. For this reason, signed Windows Defender Application Control policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps. > [!NOTE] > For reference, signed WDAC policies should be replaced and removed from the following locations: @@ -67,7 +68,7 @@ Signed policies protect Windows from administrative manipulation as well as malw 5. Restart the client computer. -If the signed WDAC policy has been deployed using by using Group Policy, you must complete the following steps: +If the signed Windows Defender Application Control policy has been deployed using by using Group Policy, you must complete the following steps: 1. Replace the existing policy in the GPO with another signed policy that has the **6 Enabled: Unsigned System Integrity Policy** rule option enabled. @@ -89,7 +90,7 @@ If the signed WDAC policy has been deployed using by using Group Policy, you mus ## Disable signed Windows Defender Application Control policies within the BIOS -There may be a time when signed WDAC policies cause a boot failure. Because WDAC policies enforce kernel mode drivers, it is important that they be thoroughly tested on each software and hardware configuration before being enforced and signed. Signed WDAC policies are validated in the pre-boot sequence by using Secure Boot. When you disable the Secure Boot feature in the BIOS, and then delete the file from the following locations on the operating system disk, it allows the system to boot into Windows: +There may be a time when signed Windows Defender Application Control policies cause a boot failure. Because WDAC policies enforce kernel mode drivers, it is important that they be thoroughly tested on each software and hardware configuration before being enforced and signed. Signed WDAC policies are validated in the pre-boot sequence by using Secure Boot. When you disable the Secure Boot feature in the BIOS, and then delete the file from the following locations on the operating system disk, it allows the system to boot into Windows: - <EFI System Partition>\\Microsoft\\Boot\\ - <OS Volume>\\Windows\\System32\\CodeIntegrity\\ diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index e3969dba90..1628e2a60c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -25,16 +25,16 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -You should now have one or more WDAC policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. +You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. > [!NOTE] > Some of the steps described in this article only apply to Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features. Evaluate the impact for any features that may be unavailable on your clients running earlier versions of Windows 10 and Windows Server. You may need to adapt this guidance to meet your specific organization's needs. ## Convert WDAC **base** policy from audit to enforced -As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. @@ -102,7 +102,7 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, > [!NOTE] > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly. -3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC supplemental policy to binary: +3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new Windows Defender Application Control supplemental policy to binary: ```powershell $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml" diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index e78284ae26..241acb33ab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -45,7 +45,7 @@ Represents the signature level at which the code was verified. |---|----------| | 0 | Signing level has not yet been checked | | 1 | File is unsigned | -| 2 | Trusted by WDAC policy | +| 2 | Trusted by Windows Defender Application Control policy | | 3 | Developer signed code | | 4 | Authenticode signed | | 5 | Microsoft Store signed app PPL (Protected Process Light) | @@ -83,7 +83,7 @@ Represents why verification failed, or if it succeeded. | 18 | Custom signing level not met; returned if signature fails to match CISigners in UMCI | | 19 | Binary is revoked by file hash | | 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy | -| 21 | Failed to pass WDAC policy | +| 21 | Failed to pass Windows Defender Application Control policy | | 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet | | 23 | Invalid image hash | | 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS | @@ -119,7 +119,7 @@ The rule means trust anything signed by a certificate that chains to this root C | 18 | Microsoft ECC Product Root CA 2018 | | 19 | Microsoft ECC Devices Root CA 2017 | -For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file. +For well-known roots, the TBS hashes for the certificates are baked into the code for Windows Defender Application Control. For example, they don’t need to be listed as TBS hashes in the policy file. ## Status values diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index 1e36c9cbac..bd792e1029 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -28,7 +28,7 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that can be used, or organizations that use the Device Guard Signing Service can download a starter policy from that service. @@ -39,7 +39,7 @@ When you create policies for use with Windows Defender Application Control (WDAC | **DefaultWindows.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager(MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | -| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | +| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using Windows Defender Application Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **DenyAllAudit.xml** | ***Warning: May cause long boot time on Windows Server 2019.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service NuGet Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) | | **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM) can deploy a policy with MEMCM's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md index 5b024e8790..0435921894 100644 --- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md +++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md @@ -1,6 +1,6 @@ --- title: Windows Defender Application Control Feature Availability -description: Compare WDAC and AppLocker feature availability. +description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -30,7 +30,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more. -| Capability | WDAC | AppLocker | +| Capability | Windows Defender Application Control | AppLocker | |-------------|------|-------------| | Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later | Available on Windows 8 or later | | SKU availability | Cmdlets are available on all SKUs on 1909+ builds.
    For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. | Policies deployed through GP are only effective on Enterprise devices.
    Policies deployed through MDM are effective on all SKUs. | diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index 8a26cf9a33..71bcec1a37 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -27,27 +27,27 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). This topic for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. ## Understanding Packaged Apps and Packaged App Installers Packaged apps, also known as Universal Windows apps, are based on a model that ensures all the files within an app package share the same identity. With classic Windows apps, each file within the app could have a unique identity. -With packaged apps, it is possible to control the entire app by using a single WDAC rule. +With packaged apps, it is possible to control the entire app by using a single Windows Defender Application Control rule. -Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, these components don't always share common attributes such as the software’s publisher name, product name, and product version. Therefore, WDAC controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule. +Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, these components don't always share common attributes such as the software’s publisher name, product name, and product version. Therefore, Windows Defender Application Control controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule. ### Comparing classic Windows Apps and Packaged Apps -WDAC policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server +Windows Defender Application Control policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server 2008 R2 or Windows 7. The rules for classic Windows apps and packaged apps can be enforced in tandem. The differences between packaged apps and classic Windows apps that you should consider include: - **Installing the apps**   All packaged apps can be installed by a standard user, whereas a number of classic Windows apps require administrative privileges to install. In an environment where most of the users are standard users, you might not have numerous exe rules (because classic Windows apps require administrative privileges to install), but you might want to have more explicit policies for packaged apps. -- **Changing the system state**   Classic Windows apps can be written to change the system state if they are run with administrative privileges. Most packaged apps cannot change the system state because they run with limited privileges. When you design your WDAC policies, it is important to understand whether an app that you are allowing can make system-wide changes. +- **Changing the system state**   Classic Windows apps can be written to change the system state if they are run with administrative privileges. Most packaged apps cannot change the system state because they run with limited privileges. When you design your Windows Defender Application Control policies, it is important to understand whether an app that you are allowing can make system-wide changes. - **Acquiring the apps**   Packaged apps can be acquired through the Store, or by loading using Windows PowerShell cmdlets (which requires a special enterprise license). Classic Windows apps can be acquired through traditional means. -WDAC uses different rule collections to control packaged apps and classic Windows apps. You have the choice to control one type, the other type, or both. +Windows Defender Application Control uses different rule collections to control packaged apps and classic Windows apps. You have the choice to control one type, the other type, or both. ## Using WDAC to Manage Packaged Apps @@ -55,7 +55,7 @@ Just as there are differences in managing each rule collection, you need to mana 1. Gather information about which packaged apps are running in your environment. -2. Create WDAC rules for specific packaged apps based on your policy strategies. For more information, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md). +2. Create WDAC rules for specific packaged apps based on your policy strategies. For more information, see [Deploy Windows Defender Application Control policy (WDAC) rules and file rules](select-types-of-rules-to-create.md). 3. Continue to update the WDAC policies as new package apps are introduced into your environment. To do this, see [Merge WDAC policies](merge-windows-defender-application-control-policies.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 4bb130103f..3c6789e089 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -25,16 +25,16 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. WDAC deployments often include a few base policies and optional supplemental policies for specific use cases. +This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases. > [!NOTE] -> Prior to Windows version 1903, including Windows Server 2019 and earlier, only one WDAC policy can be active on a system at a time. If you need to use WDAC on systems running these earlier versions of Windows, you must merge all policies before deploying. +> Prior to Windows version 1903, including Windows Server 2019 and earlier, only one Windows Defender Application Control policy can be active on a system at a time. If you need to use WDAC on systems running these earlier versions of Windows, you must merge all policies before deploying. ## Merge multiple WDAC policy XML files together -There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: @@ -45,7 +45,7 @@ There are many scenarios where you may want to merge two or more policy files to $MergedPolicy=$env:userprofile+"\Desktop\"+$PolicyName+"_Merged.xml" ``` -2. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge two policies and create a new WDAC policy: +2. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge two policies and create a new Windows Defender Application Control policy: ```powershell Merge-CIPolicy -PolicyPaths $LamnaPolicy,$EventsPolicy -OutputFilePath $MergedPolicy @@ -93,6 +93,6 @@ Now that you have your new, merged policy, you can convert and deploy the policy > [!NOTE] > In the sample commands above, for policies targeting Windows 10 version 1903+ or Windows 11, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file. For Windows 10 versions prior to 1903, use the name SiPolicy.p7b for the binary file name. -2. Upload your merged policy XML and the associated binary to the source control solution you are using for your WDAC policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). +2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). 3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index a54661c0b2..611a90b62b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -28,12 +28,11 @@ ms.localizationpriority: medium >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -This topic covers tips and tricks for admins as well as known issues with WDAC. -Test this configuration in your lab before enabling it in production. +This topic covers tips and tricks for admins as well as known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. ## .NET native images may generate false positive block events -In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. +In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. ## MSI Installations launched directly from the internet are blocked by WDAC diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 22ff2acf4f..7e7c459ff7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -27,15 +27,15 @@ ms.technology: windows-sec - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. ## Policy XML lifecycle management -The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps ensure that WDAC continues to effectively control how applications are allowed to run in your organization. +The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing Windows Defender Application Control policies helps ensure that WDAC continues to effectively control how applications are allowed to run in your organization. -Most WDAC policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: +Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: 1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files are not prevented from executing. 2. Deploy the audit mode policy to intended devices. @@ -49,11 +49,11 @@ Most WDAC policies will evolve over time and proceed through a set of identifiab ### Keep WDAC policies in a source control or document management solution -To effectively manage WDAC policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents. +To effectively manage Windows Defender Application Control policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents. ### Set PolicyName, PolicyID, and Version metadata for each policy -Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy. +Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy. > [!NOTE] > PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. @@ -67,11 +67,11 @@ As new apps are deployed or existing apps are updated by the software publisher, ## WDAC event management -Each time that a process is blocked by WDAC, events will be written to either the CodeIntegrity\Operational or the AppLocker\MSI and Script Windows event logs. The event details which file tried to run, the attributes of that file and its signatures, and the process that attempted to run the blocked file. +Each time that a process is blocked by Windows Defender Application Control, events will be written to either the CodeIntegrity\Operational or the AppLocker\MSI and Script Windows event logs. The event details which file tried to run, the attributes of that file and its signatures, and the process that attempted to run the blocked file. -Collecting these events in a central location can help you maintain your WDAC policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)). +Collecting these events in a central location can help you maintain your Windows Defender Application Control policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)). -Additionally, WDAC events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature. +Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature. ## Application and user support policy @@ -84,24 +84,24 @@ Considerations include: ### Help desk support -If your organization has an established help desk support department in place, consider the following when deploying WDAC policies: +If your organization has an established help desk support department in place, consider the following when deploying Windows Defender Application Control policies: - What documentation does your support department require for new policy deployments? - What are the critical processes in each business group both in work flow and timing that will be affected by application control policies and how could they affect your support department's workload? - Who are the contacts in the support department? -- How will the support department resolve application control issues between the end user and those who maintain the WDAC rules? +- How will the support department resolve application control issues between the end user and those who maintain the Windows Defender Application Control rules? ### End-user support -Because WDAC is preventing unapproved apps from running, it is important that your organization carefully plan how to provide end-user support. Considerations include: +Because Windows Defender Application Control is preventing unapproved apps from running, it is important that your organization carefully plan how to provide end-user support. Considerations include: - Do you want to use an intranet site as a first line of support for users who have tried to run a blocked app? - How do you want to support exceptions to the policy? Will you allow users to run a script to temporarily allow access to a blocked app? ## Document your plan -After deciding how your organization will manage your WDAC policy, record your findings. +After deciding how your organization will manage your Windows Defender Application Control policy, record your findings. -- **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the WDAC policy, if necessary. +- **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the Windows Defender Application Control policy, if necessary. - **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis. - **Policy management.** Detail what policies are planned, how they will be managed, and how rules will be maintained over time. diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index 9406a7c464..fcf1dd7a24 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -34,8 +34,8 @@ This capability is supported beginning with Windows version 1607. | - | - | - | | AppControlCodeIntegrityDriverRevoked | 3023 | The driver file under validation didn't meet the requirements to pass the application control policy. | | AppControlCodeIntegrityImageRevoked | 3036 | The signed file under validation is signed by a code signing certificate that has been revoked by Microsoft or the certificate issuing authority. | -| AppControlCodeIntegrityPolicyAudited | 3076 | This event is the main WDAC block event for audit mode policies. It indicates the file would have been blocked if the WDAC policy was enforced. | -| AppControlCodeIntegrityPolicyBlocked | 3077 | This event is the main WDAC block event for enforced policies. It indicates the file didn't pass your WDAC policy and was blocked. | +| AppControlCodeIntegrityPolicyAudited | 3076 | This event is the main Windows Defender Application Control block event for audit mode policies. It indicates the file would have been blocked if the WDAC policy was enforced. | +| AppControlCodeIntegrityPolicyBlocked | 3077 | This event is the main Windows Defender Application Control block event for enforced policies. It indicates the file didn't pass your WDAC policy and was blocked. | | AppControlExecutableAudited | 8003 | Applied only when the Audit only enforcement mode is enabled. Specifies the .exe or .dll file would be blocked if the Enforce rules enforcement mode were enabled. | | AppControlExecutableBlocked | 8004 | The .exe or .dll file can't run. | | AppControlPackagedAppAudited | 8021 | Applied only when the Audit only enforcement mode is enabled. Specifies the packaged app would be blocked if the Enforce rules enforcement mode were enabled. | @@ -57,7 +57,7 @@ Learn more about the [Understanding Application Control event IDs (Windows)](eve Query Example 1: Query the application control action types summarized by type for past seven days -Here's a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint: +Here's a simple example query that shows all the Windows Defender Application Control events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint: ``` DeviceEvents @@ -67,7 +67,7 @@ ActionType startswith "AppControl" | order by Machines desc ``` -The query results can be used for several important functions related to managing WDAC including: +The query results can be used for several important functions related to managing Windows Defender Application Control including: - Assessing the impact of deploying policies in audit mode Since applications still run in audit mode, it's an ideal way to see the impact and correctness of the rules included in the policy. Integrating the generated events with Advanced Hunting makes it much easier to have broad deployments of audit mode policies and see how the included rules would influence those systems in real world usage. This audit mode data will help streamline the transition to using policies in enforced mode. diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 94be9da4e5..7eef03213f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -31,11 +31,11 @@ ms.technology: windows-sec Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. -WDAC is used to restrict devices to run only approved apps, while the operating system is hardened against kernel memory attacks using [hypervisor-protected code integrity (HVCI)](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). +Windows Defender Application Control is used to restrict devices to run only approved apps, while the operating system is hardened against kernel memory attacks using [hypervisor-protected code integrity (HVCI)](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). ## Windows Defender Application Control policy rules -To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: +To modify the policy rule options of an existing Windows Defender Application Control policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: - To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy, by running the following command: @@ -50,7 +50,7 @@ To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleO You can set several rule options within a WDAC policy. Table 1 describes each rule option, and whether they have supplemental policies. However, option 5 isn't implemented as it's reserved for future work, and option 7 isn't supported. > [!NOTE] -> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. +> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. ### Table 1. Windows Defender Application Control policy - policy rule options @@ -94,7 +94,7 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. | | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). | | **FilePublisher** | This level combines the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. | -| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. | +| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than other certificate levels, so the Windows Defender Application Control policy must be updated whenever these certificates change. | | **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root certificate because the scan doesn't validate anything beyond the certificates included in the provided signature (it doesn't go online or check local root stores). | | **RootCertificate** | Currently unsupported. | | **WHQL** | Trusts binaries if they've been validated and signed by WHQL. This level is primarily for kernel binaries. | @@ -102,7 +102,7 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This level is primarily for kernel binaries. | > [!NOTE] -> When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate. +> When you create Windows Defender Application Control policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate. > [!NOTE] > - WDAC only supports signer rules for RSA certificate signing keys with a maximum of 4096 bits. @@ -112,19 +112,19 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the For example, consider an IT professional in a department that runs many servers. They only want to run software signed by the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run. -To create the WDAC policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They deploy the policy in auditing mode to determine the potential impact from enforcing the policy. Using the audit data, they update their WDAC policies to include any additional software they want to run. Then they enable the WDAC policy in enforced mode for their servers. +To create the Windows Defender Application Control policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They deploy the policy in auditing mode to determine the potential impact from enforcing the policy. Using the audit data, they update their WDAC policies to include any additional software they want to run. Then they enable the WDAC policy in enforced mode for their servers. As part of normal operations, they'll eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they won't need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version. ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It will first process all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exist, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). +Windows Defender Application Control has a built-in file rule conflict logic that translates to precedence order. It will first process all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exist, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). ## More information about filepath rules Filepath rules don't provide the same security guarantees that explicit signer rules do, since they're based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. Path rules are best suited to allow paths that you expect will remain admin-writeable only. You may want to avoid path rules for directories where standard users can modify ACLs on the folder. -By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath and its parent directories (recursively) don't allow standard users write access. +By default, Windows Defender Application Control performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath and its parent directories (recursively) don't allow standard users write access. There's a defined list of SIDs that WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index da525f4cf5..aa692dacf2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -27,7 +27,7 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is common for organizations to have device use cases across each of the categories described. @@ -35,10 +35,10 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes | **Type of device** | **How WDAC relates to this type of device** | |------------------------------------|------------------------------------------------------| -| **Lightly managed devices**: Company-owned, but users are free to install software.
    Devices are required to run organization's antivirus solution and client management tools. | WDAC can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | -| **Fully managed devices**: Allowed software is restricted by IT department.
    Users can request additional software, or install from a list of applications provided by IT department.
    Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.
    WDAC policies are supported by the HVCI service. | -| **Fixed-workload devices**: Perform same tasks every day.
    Lists of approved applications rarely change.
    Examples: kiosks, point-of-sale systems, call center computers. | WDAC can be deployed fully, and deployment and ongoing administration are relatively straightforward.
    After WDAC deployment, only approved applications can run. This is because of protections offered by WDAC. | -| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a blocklist only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. | +| **Lightly managed devices**: Company-owned, but users are free to install software.
    Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Application Control can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | +| **Fully managed devices**: Allowed software is restricted by IT department.
    Users can request additional software, or install from a list of applications provided by IT department.
    Examples: locked-down, company-owned desktops and laptops. | An initial baseline Windows Defender Application Control policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.
    WDAC policies are supported by the HVCI service. | +| **Fixed-workload devices**: Perform same tasks every day.
    Lists of approved applications rarely change.
    Examples: kiosks, point-of-sale systems, call center computers. | Windows Defender Application Control can be deployed fully, and deployment and ongoing administration are relatively straightforward.
    After Windows Defender Application Control deployment, only approved applications can run. This is because of protections offered by WDAC. | +| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, Windows Defender Application Control does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a blocklist only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. | ## An introduction to Lamna Healthcare Company @@ -55,4 +55,4 @@ Recently, Lamna experienced a ransomware event that required an expensive recove ## Up next -- [Create a WDAC policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md) +- [Create a Windows Defender Application Control policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 4ea10512bd..0746ce1d5f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -27,13 +27,13 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). This topic is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment. When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance. -You should consider using WDAC as part of your organization's application control policies if the following are true: +You should consider using Windows Defender Application Control as part of your organization's application control policies if the following are true: - You have deployed or plan to deploy the supported versions of Windows in your organization. - You need improved control over the access to your organization's applications and the data your users access. @@ -44,7 +44,7 @@ You should consider using WDAC as part of your organization's application contro ## Decide what policies to create -Beginning with Windows 10, version 1903, WDAC allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. +Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. @@ -52,20 +52,20 @@ For example, the DefaultWindows policy, which can be found under %OSDrive%\Windo Microsoft Endpoint Configuration Manager, previously known as System Center Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. -The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order, and are not meant to be an exhaustive set of design considerations. +The following questions can help you plan your Windows Defender Application Control deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order, and are not meant to be an exhaustive set of design considerations. ## WDAC design considerations ### How are apps managed and deployed in your organization? -Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy WDAC with more relaxed rules, or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization. +Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy Windows Defender Application Control with more relaxed rules, or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization. | Possible answers | Design considerations| | - | - | -| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | -| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | -| Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| +| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | +| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | +| Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed? @@ -73,7 +73,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | Possible answers | Design considerations | | - | - | -| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. WDAC rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | +| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | | Apps used in your organization do not need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index fd7b1f528e..c731e404ee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -21,7 +21,7 @@ ms.technology: mde # Understanding WDAC Policy Settings Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
    -An example settings section of a WDAC Policy: +An example settings section of a Windows Defender Application Control Policy: ```xml @@ -33,11 +33,11 @@ An example settings section of a WDAC Policy: ``` ### Example Scenario -An application that may want to restrict its capabilities, when used on a system with an active WDAC policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
    +An application that may want to restrict its capabilities, when used on a system with an active Windows Defender Application Control policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
    ### WldpQuerySecurityPolicy -API that queries the secure settings of a WDAC policy. +API that queries the secure settings of a Windows Defender Application Control policy. ### Syntax ``` C++ diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index 2f34416393..fcb3a32077 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -33,9 +33,9 @@ This topic covers guidelines for using code signing control classic Windows apps ## Reviewing your applications: application signing and catalog files -Typically, WDAC policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a "catalog file" from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed. +Typically, Windows Defender Application Control (WDAC) policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a "catalog file" from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed. -Catalog files can be very useful for unsigned LOB applications that cannot easily be given an embedded signature. However, catalogs need to be updated each time an application is updated. In contrast, with embedded signing, your WDAC policies typically do not have to be updated when an application is updated. For this reason, if code-signing is or can be included in your in-house application development process, it can simplify the management of WDAC (compared to using catalog signing). +Catalog files can be very useful for unsigned LOB applications that cannot easily be given an embedded signature. However, catalogs need to be updated each time an application is updated. In contrast, with embedded signing, your Windows Defender Application Control policies typically do not have to be updated when an application is updated. For this reason, if code-signing is or can be included in your in-house application development process, it can simplify the management of WDAC (compared to using catalog signing). To obtain signed applications or embed signatures in your in-house applications, you can choose from a variety of methods: @@ -53,7 +53,7 @@ To use catalog signing, you can choose from the following options: ### Catalog files -Catalog files (which you can create in Windows 10 and Windows 11 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application. +Catalog files (which you can create in Windows 10 and Windows 11 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by Windows Defender Application Control in the same way as any other signed application. Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries' hash values are updated each time an application is updated, which requires the catalog file to be updated also. @@ -66,8 +66,8 @@ For procedures for working with catalog files, see [Deploy catalog files to supp ## Windows Defender Application Control policy formats and signing -When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 and Windows 11 Enterprise, along with restrictions on Windows 10 and Windows 11 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **<Rules>** section of the file. +When you generate a Windows Defender Application Control policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 and Windows 11 Enterprise, along with restrictions on Windows 10 and Windows 11 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **<Rules>** section of the file. We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command. -When the WDAC policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add additional protection against administrative users changing or removing the policy. +When the Windows Defender Application Control policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add additional protection against administrative users changing or removing the policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index f99d35706c..10168b1379 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -29,7 +29,7 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -Signed WDAC policies give organizations the highest level of malware protection available in Windows—must be signed with [PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652). In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies. +Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows—must be signed with [PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652). In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies. Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. @@ -38,7 +38,7 @@ If you do not currently have a code signing certificate exported in .pfx format Before PKCS #7-signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). -To sign a WDAC policy with SignTool.exe, you need the following components: +To sign a Windows Defender Application Control policy with SignTool.exe, you need the following components: - SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk/) (Windows 7 or later) @@ -49,7 +49,7 @@ To sign a WDAC policy with SignTool.exe, you need the following components: > [!NOTE] > All policies (base and supplemental and single-policy format) must be pkcs7 signed. [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652) -If you do not have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session: +If you do not have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or Windows Defender Application Control (WDAC) policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session: 1. Initialize the variables that will be used: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 47d1c3fb7d..869d7f489a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -29,7 +29,7 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser): +As of Windows 10, version 1703, you can use Windows Defender Application Control (WDAC) policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser): | Approach (as of Windows 10, version 1703) | Guideline | |---|---| @@ -38,7 +38,7 @@ As of Windows 10, version 1703, you can use WDAC policies not only to control ap To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section). -For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: +For example, to create a Windows Defender Application Control policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' @@ -46,7 +46,7 @@ $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -A New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` -As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: +As another example, to create a Windows Defender Application Control policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: ```powershell $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe' diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index b1ace98992..19f39c1525 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -22,9 +22,9 @@ ms.technology: windows-sec Historically, Windows Defender Application Control (WDAC) has restricted the set of applications, libraries, and scripts that are allowed to run to those approved by an organization. Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. -Beginning with Windows 10, version 1803, or Windows 11, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. +Beginning with Windows 10, version 1803, or Windows 11, Windows Defender Application Control features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. -When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources. +When the Dynamic Code Security option is enabled, Windows Defender Application Control policy is applied to libraries that .NET loads from external sources. Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with. Dynamic Code Security is not enabled by default because existing policies may not account for externally loaded libraries. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 3e1dfaea27..2f813ad6a4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -34,7 +34,7 @@ Beginning with Windows 10, version 1709, you can set an option to automatically ## How does the integration between WDAC and the Intelligent Security Graph work? -The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good," "known bad," or "unknown" reputation. When a binary runs on a system, with WDAC enabled with the ISG option, WDAC checks the file's reputation, by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. +The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good," "known bad," or "unknown" reputation. When a binary runs on a system, with Windows Defender Application Control (WDAC) enabled with the ISG option, WDAC checks the file's reputation, by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. @@ -43,7 +43,7 @@ If the file with good reputation is an application installer, its reputation wil WDAC periodically re-queries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option. >[!NOTE] ->Admins should make sure there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines. +>Admins should make sure there is a Windows Defender Application Control policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines. ## Configuring Intelligent Security Graph authorization for Windows Defender Application Control @@ -54,7 +54,7 @@ Setting up the ISG is easy using any management solution you wish. Configuring t ### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML -To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also enable the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option is not recommended for devices that don't have regular access to the internet. The following example shows both options being set. +To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the Windows Defender Application Control policy. This step can be done with the Set-RuleOption cmdlet. You should also enable the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option is not recommended for devices that don't have regular access to the internet. The following example shows both options being set. ```xml @@ -90,7 +90,7 @@ In order for the heuristics used by the ISG to function properly, a number of co appidtel start ``` -This step isn't required for WDAC policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using MEMCM's WDAC integration. +This step isn't required for Windows Defender Application Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using MEMCM's WDAC integration. ## Security considerations with the Intelligent Security Graph @@ -123,11 +123,11 @@ Ea Value Length: 7e ## Known limitations with using the Intelligent Security Graph -Since the ISG only allows binaries that are known good, there are cases where legitimate software may be unknown to the ISG and will be blocked by WDAC. In this case, you need to allow the software with a rule in your WDAC policy, deploy a catalog signed by a certificate trusted in the WDAC policy, or install the software from a WDAC managed installer. Installers or applications that dynamically create binaries at runtime, as well as self-updating applications, may exhibit this symptom. +Since the ISG only allows binaries that are known good, there are cases where legitimate software may be unknown to the ISG and will be blocked by Windows Defender Application Control (WDAC). In this case, you need to allow the software with a rule in your WDAC policy, deploy a catalog signed by a certificate trusted in the WDAC policy, or install the software from a WDAC managed installer. Installers or applications that dynamically create binaries at runtime, as well as self-updating applications, may exhibit this symptom. Packaged apps are not supported with the Microsoft Intelligent Security Graph heuristics and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it is straightforward to authorize these apps with your WDAC policy. The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. >[!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in Windows Defender Application Control support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index bdb1f032a7..6737ed1fd8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -28,15 +28,15 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker. ## Windows Defender Application Control -WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC). +Windows Defender Application Control was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC). -WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on: +Windows Defender Application Control policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on: - Attributes of the codesigning certificate(s) used to sign an app and its binaries - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file @@ -49,7 +49,7 @@ Note that prior to Windows 10 version 1709, Windows Defender Application Control ### WDAC System Requirements -WDAC policies can be created on any client edition of Windows 10 build 1903+, or Windows 11, or on Windows Server 2016 and above. +Windows Defender Application Control (WDAC) policies can be created on any client edition of Windows 10 build 1903+, or Windows 11, or on Windows Server 2016 and above. WDAC policies can be applied to devices running any edition of Windows 10, Windows 11, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 and Windows 11 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10. @@ -72,7 +72,7 @@ AppLocker policies can be deployed using Group Policy or MDM. ## Choose when to use WDAC or AppLocker -Generally, it is recommended that customers, who are able to implement application control using WDAC rather than AppLocker, do so. WDAC is undergoing continual improvements, and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements. +Generally, it is recommended that customers, who are able to implement application control using Windows Defender Application Control rather than AppLocker, do so. WDAC is undergoing continual improvements, and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements. However, in some cases, AppLocker may be the more appropriate technology for your organization. AppLocker is best when: @@ -80,5 +80,5 @@ However, in some cases, AppLocker may be the more appropriate technology for you - You need to apply different policies for different users or groups on shared computers. - You do not want to enforce application control on application files such as DLLs or drivers. -AppLocker can also be deployed as a complement to WDAC to add user or group-specific rules for shared device scenarios, where it is important to prevent some users from running specific apps. +AppLocker can also be deployed as a complement to Windows Defender Application Control (WDAC) to add user or group-specific rules for shared device scenarios, where it is important to prevent some users from running specific apps. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions. diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md index 4112532232..9d8ec5a0c7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md @@ -46,7 +46,7 @@ Each of the template policies has a unique set of policy allow list rules that w *Italicized content denotes the changes in the current policy with respect to the policy prior.* -More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example WDAC base policies article](example-wdac-base-policies.md). +More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md). ![Selecting a base template for the policy.](images/wdac-wizard-template-selection.png) @@ -62,16 +62,16 @@ A description of each policy rule, beginning with the left-most column, is provi | Rule option | Description | |------------ | ----------- | -| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | +| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. | | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). | | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. | | **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows–compatible driver must be WHQL certified. | -| **Update Policy without Rebooting** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. | +| **Update Policy without Rebooting** | Use this option to allow future Windows Defender Application Control policy updates to apply without requiring a system reboot. | | **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. | -| **User Mode Code Integrity** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | +| **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | > [!div class="mx-imgBorder"] > ![Rule options UI for Windows Allowed mode policy.](images/wdac-wizard-rule-options-UI-advanced-collapsed.png) @@ -82,7 +82,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru | Rule option | Description | |------------ | ----------- | -| **Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | +| **Boot Audit on Failure** | Used when the Windows Defender Application Control (WDAC) policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | | **Disable Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. | | **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that's only writable by an administrator) for any FileRule that allows a file based on FilePath. | | **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). | @@ -92,7 +92,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru ![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png) > [!NOTE] -> We recommend that you **enable Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. +> We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. ## Creating custom file rules @@ -100,7 +100,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru ### Publisher Rules -The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule. The table below shows the relationship between the slider placement, the corresponding WDAC rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. +The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule. The table below shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. | Rule Condition | WDAC Rule Level | Description | |------------ | ----------- | ----------- | @@ -140,4 +140,4 @@ The policy signing rules list table on the left of the page will document the al ## Up next -- [Editing a WDAC policy using the Wizard](wdac-wizard-editing-policy.md) +- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md index c2b91d7090..67405ee59b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md @@ -30,7 +30,7 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -Beginning in Windows 10 version 1903, WDAC supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When using supplemental policies, applications allowed by the base or its supplemental policy/policies will be allowed to execute. +Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When using supplemental policies, applications allowed by the base or its supplemental policy/policies will be allowed to execute. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. @@ -73,7 +73,7 @@ File rules in an application control policy will specify the level at which appl ### Publisher Rules -The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule. The table below shows the relationship between the slider placement, the corresponding WDAC rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. +The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule. The table below shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. | Rule Condition | WDAC Rule Level | Description | |------------ | ----------- | ----------- | @@ -114,4 +114,4 @@ The table on the left of the page will document the allow and deny rules in the ## Up next -- [Editing a WDAC policy using the Wizard](wdac-wizard-editing-policy.md) +- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md index 10105e0039..e74fded92b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md @@ -28,9 +28,9 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -The WDAC Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: +The Windows Defender Application Control Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities:
    • Configuring policy rules
    • Adding new allow or block file rules to existing policies
      • @@ -47,7 +47,7 @@ A description of the policy rule is shown at the bottom of the page when the cur ## Adding File Rules -The WDAC Wizard allows users to add rules to their existing policy seamlessly. Previously, this would have involved creating a new policy with the new rules and merging it with the existing policy. +The Windows Defender Application Control Wizard allows users to add rules to their existing policy seamlessly. Previously, this would have involved creating a new policy with the new rules and merging it with the existing policy. Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](wdac-wizard-create-base-policy.md#creating-custom-file-rules). @@ -75,4 +75,4 @@ Once the policy is created, the new policy will be written to the same path as t ## Up next -- [Merging WDAC policies using the Wizard](wdac-wizard-merging-policies.md) +- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md index 4c286095a7..5110ed45a0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md @@ -21,12 +21,12 @@ ms.technology: windows-sec # Merging existing policies with the WDAC Wizard -Beginning in Windows 10 version 1903, WDAC supports multiple policies. Before version 1903, however, Windows 10 could only have one WDAC policy. Consequently, users were required to merge multiple WDAC policies into one. The WDAC Wizard has a simple to use user interface to allow users to merge multiple WDAC policies. The Wizard can support up to 15 policy files as input during the merge workflow. +Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC)supports multiple policies. Before version 1903, however, Windows 10 could only have one WDAC policy. Consequently, users were required to merge multiple WDAC policies into one. The WDAC Wizard has a simple to use user interface to allow users to merge multiple WDAC policies. The Wizard can support up to 15 policy files as input during the merge workflow. Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table. > [!NOTE] -> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple WDAC Policies page](deploy-multiple-windows-defender-application-control-policies.md). +> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-windows-defender-application-control-policies.md). Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md index 445e34f78e..2510df6b70 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md @@ -28,7 +28,7 @@ The Windows Defender Application Control policy wizard is an open-source Windows ## Downloading the application -Download the tool from the official [Windows Defender Application Control Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [WDAC Policy Wizard repository](https://github.com/MicrosoftDocs/WDAC-Toolkit). +Download the tool from the official [Windows Defender Application Control Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [Windows Defender Application Control (WDAC) Policy Wizard repository](https://github.com/MicrosoftDocs/WDAC-Toolkit). ### Supported clients diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index a247be4297..e4cc911cca 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -29,17 +29,17 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. ## Plan your deployment -As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Decide what devices you will manage with WDAC and split them into deployment rings so you can control the scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. +As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Decide what devices you will manage with Windows Defender Application Control and split them into deployment rings so you can control the scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. -All WDAC policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. +All Windows Defender Application Control policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. ## Choose how to deploy WDAC policies -There are several options to deploy WDAC policies to managed endpoints, including: +There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: 1. [Deploy using a Mobile Device Management (MDM) solution](deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune 2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 469562b0c4..9ae7311920 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -41,7 +41,7 @@ A common refrain you may hear about application control is that it is "too hard. - The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps. - The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations). -Once these business factors are in place, you are ready to begin planning your WDAC deployment. The following topics can help guide you through your planning process. +Once these business factors are in place, you are ready to begin planning your Windows Defender Application Control (WDAC) deployment. The following topics can help guide you through your planning process. ## In this section diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md index 00ab146f0a..3341806d89 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md @@ -33,7 +33,7 @@ After designing and deploying your Windows Defender Application Control (WDAC) p ## WDAC Events Overview -WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured. +Windows Defender Application Control generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured. WDAC events are generated under two locations: diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 4e7a69a494..5e8737ae67 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -43,7 +43,7 @@ Application control is a crucial line of defense for protecting enterprises give Windows 10 and Windows 11 include two technologies that can be used for application control depending on your organization's specific scenarios and requirements: -- **Windows Defender Application Control**; and +- **Windows Defender Application Control (WDAC)**; and - **AppLocker** ## In this section diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index ccde2ab561..2f4a109b7c 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -125,11 +125,12 @@ Application Guard performance is improved with optimized document opening times: ### Application Control -[Application Control for Windows](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC added a number of new features that light up key scenarios and provide feature parity with AppLocker. - - [Multiple Policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side by side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy. +[Application Control for Windows](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903, Windows Defender Application Control (WDAC) added a number of new features that light up key scenarios and provide feature parity with AppLocker. + + - [Multiple Policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): Windows Defender Application Control now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side by side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy. - [Path-Based Rules](/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
      - This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker. - - [Allow COM Object Registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. + This brings Windows Defender Application Control (WDAC) to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker. + - [Allow COM Object Registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. ## Identity and privacy diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 30dde72ade..d29e02749d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -102,11 +102,11 @@ The draft release of the [security configuration baseline settings](/archive/blo - WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates. -- [Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC has a number of new features that light up key scenarios and provide feature parity with AppLocker. - - [Multiple Policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy. - - [Path-Based Rules](/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
      - This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker. - - [Allow COM Object Registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. +- [Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903, Windows Defender Application Control has a number of new features that light up key scenarios and provide feature parity with AppLocker. + - [Multiple Policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): Windows Defender Application Control now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy. + - [Path-Based Rules](/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, Windows Defender Application Control has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
      + This brings Windows Defender Application Control (WDAC) to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker. + - [Allow COM Object Registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, Windows Defender Application Control enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. #### System Guard From 76f955e6fb6e9d6222cb1a86838e3d1694d412ce Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 9 Jun 2022 12:50:01 +0530 Subject: [PATCH 328/540] Acrolinx score fix --- .../event-tag-explanations.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 241acb33ab..c20f083f00 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -20,7 +20,7 @@ ms.technology: windows-sec # Understanding Application Control event tags -Windows Defender Application Control (WDAC) events include a number of fields which provide helpful troubleshooting information to figure out exactly what an event means. Below, we have documented the values and meanings for a few useful event tags. +Windows Defender Application Control (WDAC) events include many fields, which provide helpful troubleshooting information to figure out exactly what an event means. Below, we've documented the values and meanings for a few useful event tags. ## SignatureType @@ -28,12 +28,12 @@ Represents the type of signature which verified the image. | SignatureType Value | Explanation | |---|----------| -| 0 | Unsigned or verification has not been attempted | +| 0 | Unsigned or verification hasn't been attempted | | 1 | Embedded signature | | 2 | Cached signature; presence of CI EA shows that file had been previously verified | | 3 | Cached catalog verified via Catalog Database or searching catalog directly | -| 4 | Un-cached catalog verified via Catalog Database or searching catalog directly | -| 5 | Successfully verified using an EA that informs CI which catalog to try first | +| 4 | Uncached catalog verified via Catalog Database or searching catalog directly | +| 5 | Successfully verified using an EA that informs CI that catalog to try first | | 6 | AppX / MSIX package catalog verified | | 7 | File was verified | @@ -43,7 +43,7 @@ Represents the signature level at which the code was verified. | ValidatedSigningLevel Value | Explanation | |---|----------| -| 0 | Signing level has not yet been checked | +| 0 | Signing level hasn't yet been checked | | 1 | File is unsigned | | 2 | Trusted by Windows Defender Application Control policy | | 3 | Developer signed code | @@ -65,10 +65,10 @@ Represents why verification failed, or if it succeeded. | 0 | Successfully verified signature | | 1 | File has an invalid hash | | 2 | File contains shared writable sections | -| 3 | File is not signed| +| 3 | File isn't signed| | 4 | Revoked signature | | 5 | Expired signature | -| 6 | File is signed using a weak hashing algorithm which does not meet the minimum policy | +| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy | | 7 | Invalid root certificate | | 8 | Signature was unable to be validated; generic error | | 9 | Signing time not trusted | From 829d8da98c18fc1be9ff8ea4b2cd18b4d080f75b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 9 Jun 2022 13:45:16 +0530 Subject: [PATCH 329/540] Improper acronyms review update-05 The updates here are made for acronym :AAD, Azure AD-joined, AAD-joined as per the task 6027362. Thanks! --- education/windows/change-to-pro-education.md | 10 ++++---- .../set-up-school-pcs-azure-ad-join.md | 2 +- .../windows/set-up-school-pcs-whats-new.md | 4 ++-- .../connect-to-remote-aadj-pc.md | 2 +- ...e-active-directory-integration-with-mdm.md | 2 +- .../client-management/mdm/bitlocker-csp.md | 4 ++-- .../mdm/bitlocker-ddf-file.md | 12 +++++----- .../mdm/clientcertificateinstall-csp.md | 2 +- .../mdm/clientcertificateinstall-ddf-file.md | 2 +- .../disconnecting-from-mdm-unenrollment.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 4 ++-- .../mdm/dmclient-ddf-file.md | 2 +- ...device-automatically-using-group-policy.md | 4 ++-- .../mdm/healthattestation-csp.md | 4 ++-- ...ew-in-windows-mdm-enrollment-management.md | 4 ++-- .../mdm/policy-csp-admx-terminalserver.md | 4 ++-- .../mdm/policy-csp-authentication.md | 2 +- .../mdm/policy-csp-deliveryoptimization.md | 6 ++--- .../mdm/policy-csp-experience.md | 2 +- .../mdm/policy-csp-kerberos.md | 2 +- .../mdm/policy-csp-localusersandgroups.md | 12 +++++----- .../mdm/policy-csp-mixedreality.md | 2 +- .../mdm/policy-csp-restrictedgroups.md | 2 +- .../mdm/policy-csp-search.md | 2 +- .../mdm/policy-csp-system.md | 6 ++--- .../mdm/secureassessment-csp.md | 2 +- .../mdm/secureassessment-ddf-file.md | 2 +- windows/client-management/mdm/vpnv2-csp.md | 4 ++-- .../client-management/mdm/vpnv2-ddf-file.md | 8 +++---- .../new-policies-for-windows-10.md | 4 ++-- .../set-up-and-test-cortana-in-windows-10.md | 2 +- .../deployment/deploy-enterprise-licenses.md | 8 +++---- .../waas-delivery-optimization-reference.md | 2 +- windows/deployment/update/WIP4Biz-intro.md | 2 +- .../olympia/olympia-enrollment-guidelines.md | 4 ++-- .../update/update-compliance-v2-overview.md | 4 ++-- .../update-compliance-v2-prerequisites.md | 4 ++-- .../deployment/vda-subscription-activation.md | 4 ++-- .../windows-10-deployment-scenarios.md | 2 +- .../windows-10-subscription-activation.md | 4 ++-- ...ndows-diagnostic-events-and-fields-1709.md | 2 +- ...ndows-diagnostic-events-and-fields-1803.md | 2 +- ...ndows-diagnostic-events-and-fields-1809.md | 4 ++-- ...ndows-diagnostic-events-and-fields-1903.md | 6 ++--- ...s-to-windows-diagnostic-data-collection.md | 2 +- ...-diagnostic-data-events-and-fields-2004.md | 6 ++--- .../windows-10-and-privacy-compliance.md | 4 ++-- .../hello-aad-join-cloud-only-deploy.md | 4 ++-- .../hello-deployment-issues.md | 8 +++---- .../hello-deployment-rdp-certs.md | 6 ++--- .../hello-errors-during-pin-creation.md | 4 ++-- .../hello-for-business/hello-faq.yml | 2 +- .../hello-feature-pin-reset.md | 10 ++++---- .../hello-how-it-works-authentication.md | 4 ++-- .../hello-how-it-works-provisioning.md | 4 ++-- .../hello-how-it-works-technology.md | 4 ++-- .../hello-for-business/hello-how-it-works.md | 2 +- .../hello-hybrid-aadj-sso-base.md | 22 ++++++++--------- .../hello-hybrid-aadj-sso-cert.md | 24 +++++++++---------- .../hello-hybrid-aadj-sso.md | 12 +++++----- .../hello-hybrid-cert-trust-devreg.md | 10 ++++---- .../hello-hybrid-cert-whfb-provision.md | 4 ++-- .../hello-hybrid-cert-whfb-settings-pki.md | 2 +- .../hello-hybrid-cloud-trust.md | 10 ++++---- .../hello-hybrid-key-new-install.md | 2 +- .../hello-hybrid-key-trust-devreg.md | 6 ++--- .../hello-hybrid-key-trust-prereqs.md | 2 +- .../hello-hybrid-key-whfb-provision.md | 2 +- .../hello-hybrid-key-whfb-settings-pki.md | 2 +- .../hello-hybrid-key-whfb-settings-policy.md | 2 +- .../hello-planning-guide.md | 12 +++++----- ...n-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- .../bitlocker-deployment-comparison.md | 2 +- .../bitlocker/ts-bitlocker-tpm-issues.md | 2 +- ...-this-computer-to-use-online-identities.md | 2 +- .../zero-trust-windows-device-health.md | 2 +- .../ltsc/whats-new-windows-10-2019.md | 4 ++-- .../ltsc/whats-new-windows-10-2021.md | 2 +- .../whats-new-windows-10-version-1703.md | 2 +- .../whats-new-windows-10-version-1709.md | 2 +- .../whats-new-windows-10-version-1809.md | 8 +++---- .../whats-new-windows-10-version-1909.md | 2 +- 82 files changed, 186 insertions(+), 186 deletions(-) diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index 9d165c8892..d1ed1e7192 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -28,7 +28,7 @@ To take advantage of this offering, make sure you meet the [requirements for cha ## Requirements for changing Before you change to Windows 10 Pro Education, make sure you meet these requirements: - Devices must be running Windows 10 Pro, version 1607 or higher. -- Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices). +- Devices must be Azure Active Directory-joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices). If you haven't domain joined your devices already, [prepare for deployment of Windows 10 Pro Education licenses](#preparing-for-deployment-of-windows-10-pro-education-licenses). @@ -47,7 +47,7 @@ For schools that want to standardize all their Windows 10 Pro devices to Windows In this scenario: -- The IT admin of the tenant chooses to turn on the change for all Azure AD joined devices. +- The IT admin of the tenant chooses to turn on the change for all Azure AD-joined devices. - Any device that joins the Azure AD will change automatically to Windows 10 Pro Education. - The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro). @@ -92,7 +92,7 @@ You can use Windows Configuration Designer to create a provisioning package that 3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**. -## Education customers with Azure AD joined devices +## Education customers with Azure AD-joined devices Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system changes to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features. @@ -145,7 +145,7 @@ Enabling the automatic change also triggers an email message notifying all globa So what will users experience? How will they change their devices? -### For existing Azure AD joined devices +### For existing Azure AD-joined devices Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No other steps are needed. ### For new devices that are not Azure AD joined @@ -251,7 +251,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined dsregcmd /status ``` -2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined. +2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined. **To determine the version of Windows 10** diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md index f1a4be1df2..a04a034238 100644 --- a/education/windows/set-up-school-pcs-azure-ad-join.md +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -59,7 +59,7 @@ The following table describes each setting within **Device Settings**. | Setting | Description | |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Users may join devices to Azure AD | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. | -| More local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. | +| More local administrators on Azure AD-joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. | | Users may register their devices with Azure AD | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you. | | Require Multi-Factor Authentication to join devices | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication. | | Maximum number of devices per user | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added. | diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index 72bea22625..29c5d1cc71 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -34,7 +34,7 @@ You can now give devices running Windows 10, version 2004 and later a name that' ### Resumed support for Windows 10, version 1903 and later The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app. -### Device rename made optional for Azure AD joined devices +### Device rename made optional for Azure AD-joined devices When you set up your Azure AD join devices in the app, you no longer need to rename your devices. You can keep existing device names. ## Week of May 23, 2019 @@ -42,7 +42,7 @@ When you set up your Azure AD join devices in the app, you no longer need to ren ### Suspended support for Windows 10, version 1903 and later Due to a provisioning problem, Set up School PCs has temporarily stopped support for Windows 10, version 1903 and later. All settings in the app that were for Windows 10, version 1903 and later have been removed. When the problem is resolved, support will resume again. -### Mandatory device rename for Azure AD joined devices +### Mandatory device rename for Azure AD-joined devices If you configure Azure AD Join, you're now required to rename your devices during setup. You can't keep existing device names. ## Week of April 15, 2019 diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index cf0c18ee1d..d309a90777 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -66,7 +66,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu - Adding users using policy - Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview). + Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview). > [!TIP] > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index a0a4883d44..16ba07745d 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -359,7 +359,7 @@ With Azure integrated MDM enrollment, there's no discovery phase and the discove There are two different MDM enrollment types that integrate with Azure AD, and use Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users. -**Multiple user management for Azure AD joined devices** +**Multiple user management for Azure AD-joined devices** In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device. **Adding a work account and MDM enrollment to a device** diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 8370601e1d..ae39baf60c 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -1178,7 +1178,7 @@ If you don't configure this policy setting, users can use BitLocker on removable Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1. > [!IMPORTANT] -> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview). +> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview). > [!Warning] > When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows. @@ -1197,7 +1197,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the The following list shows the supported values: -- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0. +- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0. - 1 (default) – Warning prompt allowed. ```xml diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index db4049e60e..b40819c5e8 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -646,7 +646,7 @@ The XML below is the current version for this CSP. 1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, - the value 0 only takes affect on Azure Active Directory joined devices. + the value 0 only takes affect on Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0. If you want to disable this policy use the following SyncML: @@ -744,15 +744,15 @@ The XML below is the current version for this CSP. - Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices. - When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when + Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices. + When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required. For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" Supported Values: 0 - Numeric Recovery Passwords rotation OFF. - 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value - 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices + 1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value + 2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices If you want to disable this policy use the following SyncML: @@ -783,7 +783,7 @@ The XML below is the current version for this CSP. - + diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index b667bfa46b..960bccb9ed 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -377,7 +377,7 @@ The date type format is Null, meaning this node doesn’t contain a value. The only supported operation is Execute. **ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** -Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail. +Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail. Data type is string. diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 492a95c621..3b3d11550e 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -931,7 +931,7 @@ Supported operation is Exec. - Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail. + Optional. Specify the Azure Active Directory Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail. diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index f3e3c24cf9..d7c8ad7e7b 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -125,7 +125,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm ## Unenrollment from Work Access settings page -If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device. +If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device. You can only use the Work Access page to unenroll under the following conditions: diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 187e71bdb1..7e6ac79ac7 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -346,7 +346,7 @@ Value type is bool. **Provider/*ProviderID*/ForceAadToken** The value type is integer/enum. -The value is "1" and it means client should always send AAD device token during check-in/sync. +The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync. **Provider/*ProviderID*/Poll** Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated. @@ -517,7 +517,7 @@ This node tracks the status of a Recovery request from the InitiateRecovery node 1 - Recovery is in Process. 2 - Recovery has finished successfully. 3 - Recovery has failed to start because TPM is not available. -4 - Recovery has failed to start because AAD keys are not protected by the TPM. +4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM. 5 - Recovery has failed to start because the MDM keys are already protected by the TPM. 6 - Recovery has failed to start because the TPM is not ready for attestation. 7 - Recovery has failed because the client cannot authenticate to the server. diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 9121cdc2b4..ed49a1f115 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -981,7 +981,7 @@ The XML below is for Windows 10, version 1803. - Send the device AAD token, if the user one can't be returned + Send the device Azure Active Directory token, if the user one can't be returned diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 767c141d9a..8076b0a504 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -127,7 +127,7 @@ Requirements: > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**. > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric. - When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from AAD." + When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory." To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app). @@ -270,7 +270,7 @@ To collect Event Viewer logs: > This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task. This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs: - **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107. + **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Azure Active Directory is triggered by event ID 107. :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png"::: diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 4b0d882361..02f0a9e059 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -139,7 +139,7 @@ Data fields: - rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller. - serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation. - nonce: This field contains an arbitrary number that can be used only once in a cryptographic communication. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in replay attacks. -- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service. +- aadToken: The Azure Active Directory token to be used for authentication against the Microsoft Azure Attestation service. - cv: This field contains an identifier(Correlation Vector) that will be passed in to the service call, and that can be used for diagnostics purposes. Sample Data: @@ -408,7 +408,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo }; ``` -3. Call TriggerAttestation with your rpid, AAD token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm). +3. Call TriggerAttestation with your rpid, Azure Active Directory token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm). 4. Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties: GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 90157cf9e6..310a9310ac 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -250,7 +250,7 @@ Alternatively you can use the following procedure to create an EAP Configuration After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary. -### User provisioning failure in Azure Active Directory joined Windows 10 and Windows 11 devices +### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design. @@ -270,7 +270,7 @@ The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push- No. Only one MDM is allowed. -### How do I set the maximum number of Azure Active Directory joined devices per user? +### How do I set the maximum number of Azure Active Directory-joined devices per user? 1. Sign in to the portal as tenant admin: https://portal.azure.com. 2. Select Active Directory on the left pane. diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 448f4d16bd..08bade1383 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -2305,10 +2305,10 @@ ADMX Info: This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. -You can use this policy setting to select one of three licensing modes: Per User, Per Device, and AAD Per User. +You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User. - Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server. - Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server. -- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD. +- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD. If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index e14b58d4da..a643d8f9bd 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -312,7 +312,7 @@ The following list shows the supported values: -Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092). +Specifies the list of domains that are allowed to be navigated to in Azure Active Directory PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092). **Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com". diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 56963703d1..0020d963a4 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -702,7 +702,7 @@ ADMX Info: -Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD. +Set this policy to restrict peer selection to a specific source. Available options are: 1 = Active Directory Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Azure Active Directory. When set, the Group ID will be assigned automatically from the selected source. @@ -727,11 +727,11 @@ ADMX Info: The following list shows the supported values: -- 1 - AD site +- 1 - Active Directory site - 2 - Authenticated domain SID - 3 - DHCP user option - 4 - DNS suffix -- 5 - AAD +- 5 - Azure Active Directory diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 1b295a8323..8e01e881e1 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -340,7 +340,7 @@ The following list shows the supported values: -Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect. +Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory-joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect. > [!NOTE] > The MDM server can always remotely delete the account. diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 2a8bcb33cc..3b50247d62 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -436,7 +436,7 @@ ADMX Info: -Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal. +Adds a list of domains that an Azure Active Directory-joined device can attempt to contact when it can't resolve a UPN to a principal. Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures. diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 6180d6da7e..ac23f93418 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -59,7 +59,7 @@ manager: dansimp This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device. > [!NOTE] -> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. +> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or Azure Active Directory groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. > > Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. @@ -104,9 +104,9 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura **Examples** -Example 1: AAD focused. +Example 1: Azure Active Directory focused. -The following example updates the built-in administrators group with AAD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. +The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. ```xml @@ -118,7 +118,7 @@ The following example updates the built-in administrators group with AAD account ``` -Example 2: Replace / Restrict the built-in administrators group with an AAD user account. +Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account. > [!NOTE] > When using ‘R’ replace option to configure the built-in ‘Administrators’ group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. @@ -135,7 +135,7 @@ Example: ``` Example 3: Update action for adding and removing group members on a hybrid joined machine. -The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. +The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. ```xml @@ -158,7 +158,7 @@ The following example shows how you can update a local group (**Administrators** > [!NOTE] > -> When AAD group SID’s are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device: +> When Azure Active Directory group SID’s are added to local groups, during Azure AD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device: > > - Administrators > - Users diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 420f8eb0b1..91dc86b449 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi > [!NOTE] > > - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. -> - Auto-logon is only supported for Microsoft account and AAD users. +> - Auto-logon is only supported for Microsoft account and Azure Active Directory users.
      diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index d002c4045a..bf1b9dc0c3 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -15,7 +15,7 @@ manager: dansimp # Policy CSP - RestrictedGroups > [!IMPORTANT] -> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. +> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or Azure Active Directory groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
      diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index a3d05d9196..247e529832 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -162,7 +162,7 @@ ADMX Info: -This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account. +This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an Azure Active Directory account. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 32e38be2da..988ec769c7 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -194,7 +194,7 @@ The following list shows the supported values: -This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). +This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). To enable this behavior, you must complete two steps: @@ -534,7 +534,7 @@ The following list shows the supported values: -This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data. +This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data. For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data). @@ -772,7 +772,7 @@ The following list shows the supported values: -This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). +This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). To enable this behavior, you must complete three steps: diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 06af135189..3d0fe5ca42 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -48,7 +48,7 @@ The supported operations are Add, Delete, Get, and Replace. The user name of the test taking account. - To specify a domain account, use domain\\user. -- To specify an AAD account, use username@tenant.com. +- To specify an Azure Active Directory account, use username@tenant.com. - To specify a local account, use the username. The supported operations are Add, Delete, Get, and Replace. diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index 4aff84bd1d..aa6c74c939 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -84,7 +84,7 @@ The XML below is the current version for this CSP. - The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username. + The user name of the test taking account. To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index ce1fdf95ec..155761430f 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -659,10 +659,10 @@ Reserved for future use. Reserved for future use. **VPNv2/**ProfileName**/DeviceCompliance** -Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN. +Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable Azure Active Directory-based Conditional Access for VPN. **VPNv2/**ProfileName**/DeviceCompliance/Enabled** -Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory. +Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory. Value type is bool. Supported operations include Get, Add, Replace, and Delete. diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 7ac4734a65..fce3776165 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -1403,7 +1403,7 @@ The XML below is for Windows 10, version 2004. - Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN + Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN @@ -1426,7 +1426,7 @@ The XML below is for Windows 10, version 2004. - Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory + Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory @@ -3593,7 +3593,7 @@ The XML below is for Windows 10, version 2004. - Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN + Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN @@ -3616,7 +3616,7 @@ The XML below is for Windows 10, version 2004. - Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory + Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 79a75c3f90..41b9a56882 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -270,7 +270,7 @@ The following Group Policy settings were added in Windows 10, version 1803: - Windows Components\IME\Turn on Live Sticker - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow video capture redirection - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use hardware graphics adapters for all Remote Desktop Services sessions -- Windows Components\Search\Allow Cortana Page in OOBE on an AAD account +- Windows Components\Search\Allow Cortana Page in OOBE on an Azure Active Directory account - Windows Components\Store\Disable all apps from Microsoft Store - Windows Components\Text Input\Allow Uninstallation of Language Features - Windows Components\Text Input\Improve inking and typing recognition @@ -311,7 +311,7 @@ The following Group Policy settings were added in Windows 10, version 1709: - Windows Components\Data Collection and Preview Builds\Limit Enhanced diagnostic data to the minimum required by Windows Analytics - Windows Components\Handwriting\Handwriting Panel Default Mode Docked - Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Hide the button (next to the New Tab button) that opens Microsoft Edge -- Windows Components\MDM\Auto MDM Enrollment with AAD Token +- Windows Components\MDM\Auto MDM Enrollment with Azure Active Directory Token - Windows Components\Messaging\Allow Message Service Cloud Sync - Windows Components\Microsoft Edge\Always show the Books Library in Microsoft Edge - Windows Components\Microsoft Edge\Provision Favorites diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md index 5af920f5f7..b2a351551c 100644 --- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md +++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md @@ -44,4 +44,4 @@ When a user enters a search query (by speech or text), Cortana evaluates if the Bing Answers is enabled by default for all users. However, admins can configure and change this for specific users and user groups in their organization. ## How the Bing Answer policy configuration is applied -Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes. +Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an Azure Active Directory group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes. diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 409ecf66ed..7109cff744 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -89,7 +89,7 @@ For more information about integrating on-premises AD DS domains with Azure AD, ## Preparing for deployment: reviewing requirements -Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. +Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. ## Assigning licenses to users @@ -241,12 +241,12 @@ Use the following figures to help you troubleshoot when users experience these c ### Review requirements on devices -Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. +Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. -**To determine if a device is Azure Active Directory joined:** +**To determine if a device is Azure Active Directory-joined:** 1. Open a command prompt and type **dsregcmd /status**. -2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined. +2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined. **To determine the version of Windows 10:** diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index ce7b9f9219..18422c3d31 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -124,7 +124,7 @@ Download mode dictates which download sources clients are allowed to use when do > Starting in Windows 11, the Bypass option of Download Mode is no longer used. > > [!NOTE] -> When you use AAD tenant, AD Site, or AD Domain as the source of group IDs, the association of devices participating in the group should not be relied on for an authentication of identity of those devices. +> When you use Azure Active Directory tenant, AD Site, or AD Domain as the source of group IDs, the association of devices participating in the group should not be relied on for an authentication of identity of those devices. ### Group ID diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index aedd92040e..0fa1fd23e9 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -48,7 +48,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op |Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.| |Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. | |Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)
      - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications
      - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. | -|Feedback | - This helps us make adjustments to features as quickly as possible.
      - Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
      - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) | +|Feedback | - This helps us make adjustments to features as quickly as possible.
      - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
      - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) | ## Validate Insider Preview builds Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits: diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 363891d8a9..cb8a3216e5 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -47,7 +47,7 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows client Choose one of the following two enrollment options: -- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account. +- To set up an Azure Active Directory-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account. - If you are running Windows client Pro, we recommend that you upgrade to Windows client Enterprise by following these steps to [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account. @@ -91,7 +91,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi ### Set up Azure Active Directory-JOINED Windows client device -- This method will upgrade your Windows client Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](/azure/active-directory/device-management-azuread-joined-devices-setup) for more information. +- This method will upgrade your Windows client Pro license to Enterprise and create a new account. See [Set up Azure Active Directory-joined devices](/azure/active-directory/device-management-azuread-joined-devices-setup) for more information. > [!NOTE] > Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](../../upgrade/windows-10-edition-upgrades.md#upgrade-by-manually-entering-a-product-key). diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index a3c3967aee..9996bf1d47 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -21,7 +21,7 @@ ms.date: 06/06/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you: +Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory-joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you: - Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices - Report on devices with update compliance issues @@ -53,7 +53,7 @@ Currently, the technical preview contains the following features: ## How Update Compliance works -You'll set up Update Compliance by enrolling into the solution from the Azure portal. Then you'll configure your Azure AD joined devices to send Windows client diagnostic data to the solution. Update Compliance uses [Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-overview) to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Update Compliance collects system data such as: +You'll set up Update Compliance by enrolling into the solution from the Azure portal. Then you'll configure your Azure AD-joined devices to send Windows client diagnostic data to the solution. Update Compliance uses [Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-overview) to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Update Compliance collects system data such as: - Update deployment progress - Delivery Optimization usage data diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index c4aa6213d1..05b179a33c 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -30,8 +30,8 @@ Before you begin the process of adding Update Compliance to your Azure subscript - An Azure subscription with [Azure Active Directory](/azure/active-directory/) - You must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the Update Compliance solution. -- Devices must be Azure Active Directory joined and meet the below OS, diagnostic, and endpoint access requirements - - Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance +- Devices must be Azure Active Directory-joined and meet the below OS, diagnostic, and endpoint access requirements. +- Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance. ### Operating systems and editions diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index fbae4bcd47..a0255dd78a 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -45,7 +45,7 @@ Deployment instructions are provided for the following scenarios: - The VM is running Windows 10, version 1803 or later (ex: Windows 11). - The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH). - When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. + When a user with VDA rights signs in to the VM using their Azure Active Directory credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. ### Scenario 2 @@ -101,7 +101,7 @@ For examples of activation issues, see [Troubleshoot the user experience](./depl >Azure Active Directory (Azure AD) provisioning packages have a 180 day limit on bulk token usage. You will need to update the provisioning package and re-inject it into the image after 180 days. Existing virtual machines that are Azure AD-joined and deployed will not need to be recreated. For Azure AD-joined VMs, follow the same instructions (above) as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions: -- In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**. +- In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory-joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**. - In step 11, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials. - In step 15, sub-step 2, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**) - When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure). diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 09bd64cb23..98a270cd8d 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -49,7 +49,7 @@ The following tables summarize various Windows 10 deployment scenarios. The scen |Scenario|Description|More information| |--- |--- |--- | |[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)| -|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to AAD and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)| +|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to Azure Active Directory and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)| |[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)| ### Traditional diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 2b534e585f..83e543db35 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -109,7 +109,7 @@ If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade ben #### Multifactor authentication -An issue has been identified with Hybrid Azure AD joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. +An issue has been identified with Hybrid Azure AD-joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue: @@ -162,7 +162,7 @@ You can benefit by moving to Windows as an online service in the following ways: > [!NOTE] > The following Windows 10 examples and scenarios also apply to Windows 11. -The device is AAD joined from **Settings > Accounts > Access work or school**. +The device is Azure Active Directory-joined from **Settings > Accounts > Access work or school**. The IT administrator assigns Windows 10 Enterprise to a user. See the following figure. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 8df5ccd434..1afd929119 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -3732,7 +3732,7 @@ Activity for deletion of a user account for devices set up for Shared PC mode as The following fields are available: -- **accountType** The type of account that was deleted. Example: AD, AAD, or Local +- **accountType** The type of account that was deleted. Example: AD, Azure Active Directory (AAD), or Local - **deleteState** Whether the attempted deletion of the user account was successful. - **userSid** The security identifier of the account. - **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity). diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 14bed98da4..4ecc2c6fea 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -4989,7 +4989,7 @@ Activity for deletion of a user account for devices set up for Shared PC mode as The following fields are available: -- **accountType** The type of account that was deleted. Example: AD, AAD, or Local +- **accountType** The type of account that was deleted. Example: AD, Azure Active Directory (AAD), or Local. - **deleteState** Whether the attempted deletion of the user account was successful. - **userSid** The security identifier of the account. - **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity). diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 406fa55f82..8cd8286d21 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -9567,7 +9567,7 @@ The following fields are available: - **CV** The correlation vector. - **GlobalEventCounter** Counts the events at the global level for telemetry. - **PackageVersion** The package version for currency tools. -- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. +- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is Azure Active Directoryjoined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. @@ -9652,7 +9652,7 @@ The following fields are available: ### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin -This event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure. +This event is sent when the device is not joined to Azure Active Directory. The data collected with this event is used to help keep Windows up to date and secure. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index fc4d236e62..a2dca9dc34 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -6239,7 +6239,7 @@ The following fields are available: - **CV** The correlation vector. - **GlobalEventCounter** Counts the events at the global level for telemetry. - **PackageVersion** The package version for currency tools. -- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. +- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is Azure Active Directory-joined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. @@ -6358,7 +6358,7 @@ The following fields are available: - **PackageVersion** The package version of the label. - **UpdateHealthToolsDevicePolicyFileName** The default name of the policy blob file. - **UpdateHealthToolsDssDeviceApiSegment** The URI segment for reading the DSS device pointer. -- **UpdateHealthToolsDssDeviceId** The AAD ID of the device used to create the device ID hash. +- **UpdateHealthToolsDssDeviceId** The Azure Active Directory ID of the device used to create the device ID hash. - **UpdateHealthToolsDssDevicePolicyApiSegment** The segment of the device policy API pointer. - **UpdateHealthToolsDssTenantId** The tenant id of the device used to create the tenant id hash. - **UpdateHealthToolsHashedDeviceId** The SHA256 hash of the device id. @@ -6367,7 +6367,7 @@ The following fields are available: ### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin -The event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure. +The event is sent when the device is not joined to Azure Active Directory. The data collected with this event is used to help keep Windows up to date and secure. The following fields are available: diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 50f081e04a..e00f0e9479 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -81,7 +81,7 @@ The following provides information on the current configurations: ## New Windows diagnostic data processor configuration -Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory joined devices. This configuration option is supported on the following versions of Windows: +Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory-joined devices. This configuration option is supported on the following versions of Windows: - Windows 11 Enterprise, Professional, and Education - Windows 10, Enterprise, Professional, and Education, version 1809 with at least the July 2021 update. diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index d075c45196..b80ee20106 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -5771,7 +5771,7 @@ The following fields are available: - **CV** The correlation vector. - **GlobalEventCounter** Counts the events at the global level for telemetry. - **PackageVersion** The package version for currency tools. -- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined. +- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is Azure Active Directory-joined. - **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy. - **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ. @@ -5901,7 +5901,7 @@ The following fields are available: - **PackageVersion** The package version of the label. - **UpdateHealthToolsDevicePolicyFileName** The default name of the policy blob file. - **UpdateHealthToolsDssDeviceApiSegment** The URI segment for reading the DSS device pointer. -- **UpdateHealthToolsDssDeviceId** The AAD ID of the device used to create the device ID hash. +- **UpdateHealthToolsDssDeviceId** The Azure Active Directory ID of the device used to create the device ID hash. - **UpdateHealthToolsDssDevicePolicyApiSegment** The segment of the device policy API pointer. - **UpdateHealthToolsDssTenantId** The tenant id of the device used to create the tenant id hash. - **UpdateHealthToolsHashedDeviceId** The SHA256 hash of the device id. @@ -5910,7 +5910,7 @@ The following fields are available: ### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin -This event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure. +This event is sent when the device is not joined to Azure Active Directory. The data collected with this event is used to help keep Windows up to date and secure. The following fields are available: diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 0e97842d03..3bdd705db6 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -156,9 +156,9 @@ An administrator can disable a user’s ability to delete their device’s diagn - Windows 11 Enterprise, Professional, and Education editions - Windows 10 Enterprise, Professional, and Education, version 1809 with July 2021 update and newer -The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. +The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD)-joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. -The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer. +The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific Azure Active Directory User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific Azure AD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer. We recommend that IT administrators who have enabled the Windows diagnostic data processor configuration consider the following: diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 9afeccfdbd..0ea88cb07e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -91,9 +91,9 @@ If there's a conflicting Device policy and User policy, the User policy would ta ## Related reference documents for Azure AD join scenarios -- [Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join) +- [Azure AD-joined devices](/azure/active-directory/devices/concept-azure-ad-join) - [Plan your Azure Active Directory device deployment](/azure/active-directory/devices/plan-device-deployment) - [How to: Plan your Azure AD join implementation](/azure/active-directory/devices/azureadjoin-plan) -- [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin) +- [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin) - [Manage device identities using the Azure portal](/azure/active-directory/devices/device-management-azure-portal) - [Azure AD Join Single Sign-on Deployment](hello-hybrid-aadj-sso.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index b8c2e0c3b8..0b7c8c940f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -29,7 +29,7 @@ Applies to: - Windows 10, version 1803 and later - Windows 11 -PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now". +PIN reset on Azure AD-joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now". ### Identifying Azure AD joined PIN Reset Allowed Domains Issue @@ -124,7 +124,7 @@ Domain controllers running early versions of Windows Server 2019 have an issue t On the client, authentication with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* -This error is usually presented on hybrid Azure AD joined devices in key trust deployments after Windows Hello for Business has been provisioned but before a user's key has synced from Azure AD to AD. If a user's key has been synced from Azure AD and the msDS-keycredentiallink attribute on the user object in AD has been populated for NGC, then it is possible that this error case is occurring. +This error is usually presented on hybrid Azure AD-joined devices in key trust deployments after Windows Hello for Business has been provisioned but before a user's key has synced from Azure AD to AD. If a user's key has been synced from Azure AD and the msDS-keycredentiallink attribute on the user object in AD has been populated for NGC, then it is possible that this error case is occurring. The other indicator of this failure case can be identified using network traces. If network traces are captured for a key trust sign-in event, the traces will show kerberos failing with the error KDC_ERR_CLIENT_NAME_MISMATCH. @@ -158,8 +158,8 @@ User: Computer: Description: Windows Hello for Business provisioning will not be launched. -Device is AAD joined ( AADJ or DJ++ ): Yes -User has logged on with AAD credentials: Yes +Device is Azure Active Directory-joined ( AADJ or DJ++ ): Yes +User has logged on with Azure Active Directory credentials: Yes Windows Hello for Business policy is enabled: Yes Windows Hello for Business post-logon provisioning is enabled: Yes Local computer meets Windows hello for business hardware requirements: Yes diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 741371c28d..2ce62675f6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -34,7 +34,7 @@ Three approaches are documented here: 1. Deploying a certificate to hybrid joined devices using an on-premises Active Directory certificate enrollment policy. -1. Deploying a certificate to hybrid or Azure AD joined devices using Simple Certificate Enrollment Protocol (SCEP) and Intune. +1. Deploying a certificate to hybrid or Azure AD-joined devices using Simple Certificate Enrollment Protocol (SCEP) and Intune. 1. Working with non-Microsoft enterprise certificate authorities. @@ -191,7 +191,7 @@ Once the configuration profile has been created, targeted clients will receive t 1. In the right-hand pane of the MMC, check for the new certificate > [!NOTE] -> This infrastructure may also deploy the same certificates to co-managed or modern-managed Hybrid AAD-Joined devices using Intune Policies. +> This infrastructure may also deploy the same certificates to co-managed or modern-managed Hybrid Azure Active Directory-Joined devices using Intune Policies. ## Using non-Microsoft Enterprise Certificate Authorities @@ -205,6 +205,6 @@ The Generate-CertificateRequest commandlet will generate an .inf file for a pre- After adding the certificate using an approach from any of the previous sections, you should be able to RDP to any Windows device or server in the same Forest as the user’s on-premises Active Directory account, provided the PKI certificate chain for the issuing certificate authority is deployed to that target server. -1. Open the Remote Desktop Client (%windir%\system32\mstsc.exe) on the Hybrid AAD-Joined client where the authentication certificate has been deployed. +1. Open the Remote Desktop Client (%windir%\system32\mstsc.exe) on the Hybrid Azure Active Directory-Joined client where the authentication certificate has been deployed. 1. Attempt an RDP session to a target server. 1. Use the certificate credential protected by your Windows Hello for Business gesture. diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 4753b3c6f4..194607bd44 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -72,7 +72,7 @@ If the error occurs again, check the error code against the following table to s | 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

      -or-

      Token was not found in the Authorization header.

      -or-

      Failed to read one or more objects.

      -or-

      The request sent to the server was invalid.

      -or-

      User does not have permissions to join to Azure AD. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure AD and rejoin.
      Allow user(s) to join to Azure AD under Azure AD Device settings. | 0x801C03EE | Attestation failed. | Sign out and then sign in again. | | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. | -| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address. +| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in Azure Active Directory and the Primary SMTP address are the same in the proxy address. | 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. | | | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. | | 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. | @@ -104,7 +104,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F0 | ​There is no key registered for the user. | | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | -| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request AAD token for provisioning. Unable to enroll a device to use a PIN for login. | +| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | ## Related topics diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 8135aa6650..12d4f1203e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -29,7 +29,7 @@ sections: - question: What is Windows Hello for Business cloud trust? answer: | - Windows Hello for Business cloud trust is a new trust model that is currently in preview. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [Hybrid Cloud Trust Deployment (Preview)](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust). + Windows Hello for Business cloud trust is a new trust model that is currently in preview. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [Hybrid Cloud Trust Deployment (Preview)](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust). - question: What about virtual smart cards? answer: | diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 3ab6494347..4158e8838a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -39,7 +39,7 @@ There are two forms of PIN reset called destructive and non-destructive. Destruc Destructive and non-destructive PIN reset use the same entry points for initiating a PIN reset. If a user has forgotten their PIN, but has an alternate logon method, they can navigate to Sign-in options in Settings and initiate a PIN reset from the PIN options. If they do not have an alternate way to sign into their device, PIN reset can also be initiated from above the lock screen in the PIN credential provider. >[!IMPORTANT] ->For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. +>For hybrid Azure AD-joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. ### Reset PIN from Settings @@ -49,7 +49,7 @@ Destructive and non-destructive PIN reset use the same entry points for initiati ### Reset PIN above the Lock Screen -For Azure AD joined devices: +For Azure AD-joined devices: 1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. 1. Click **I forgot my PIN** from the PIN credential provider. @@ -57,7 +57,7 @@ For Azure AD joined devices: 1. Follow the instructions provided by the provisioning process. 1. When finished, unlock your desktop using your newly created PIN. -For Hybrid Azure AD joined devices: +For Hybrid Azure AD-joined devices: 1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. 1. Click **I forgot my PIN** from the PIN credential provider. @@ -66,7 +66,7 @@ For Hybrid Azure AD joined devices: 1. When finished, unlock your desktop using your newly created PIN. > [!NOTE] -> Key trust on hybrid Azure AD joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work. +> Key trust on hybrid Azure AD-joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work. You may find that PIN reset from settings only works post login, and that the "lock screen" PIN reset function will not work if you have any matching limitation of SSPR password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - General ](/azure/active-directory/authentication/howto-sspr-windows#general-limitations). @@ -193,7 +193,7 @@ The PIN reset configuration for a user can be viewed by running [**dsregcmd /sta - Windows 11 - Azure AD joined -The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset. +The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset. ### Configuring Policy Using Intune diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 69d3ba639e..e1421172c1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -24,7 +24,7 @@ ms.reviewer: Windows Hello for Business authentication is passwordless, two-factor authentication. Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources. -Azure Active Directory joined devices authenticate to Azure during sign-in and can optionally authenticate to Active Directory. Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background. +Azure Active Directory-joined devices authenticate to Azure during sign-in and can optionally authenticate to Active Directory. Hybrid Azure Active Directory-joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background. - [Azure AD join authentication to Azure Active Directory](#azure-ad-join-authentication-to-azure-active-directory) - [Azure AD join authentication to Active Directory using Azure AD Kerberos (cloud trust preview)](#azure-ad-join-authentication-to-active-directory-using-azure-ad-kerberos-cloud-trust-preview) @@ -39,7 +39,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c ![Azure AD join authentication to Azure Active Directory.](images/howitworks/auth-aadj-cloud.png) > [!NOTE] -> All Azure AD joined devices authenticate with Windows Hello for Business to Azure AD the same way. The Windows Hello for Business trust type only impacts how the device authenticates to on-premises AD. +> All Azure AD-joined devices authenticate with Windows Hello for Business to Azure AD the same way. The Windows Hello for Business trust type only impacts how the device authenticates to on-premises AD. | Phase | Description | | :----: | :----------- | diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 91e6db25cf..96b5a3b434 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -80,7 +80,7 @@ List of provisioning flows: | C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration. Azure DRS validates the MFA claim remains current. On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits. | > [!NOTE] -> Windows Hello for Business Cloud Trust does not require users' keys to be synced from Azure AD to AD. Users can immediately authenticate to AAD and AD after provisioning their credential. +> Windows Hello for Business Cloud Trust does not require users' keys to be synced from Azure AD to AD. Users can immediately authenticate to Azure Active Directory and AD after provisioning their credential. [Return to top](#windows-hello-for-business-provisioning) @@ -94,7 +94,7 @@ List of provisioning flows: | A | The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
      Users must provide two factors of authentication. In this phase, the user has already provided one factor of authentication, typically user name and password. The Azure MFA service provides the second factor of authentication. If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
      Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. | | B | After receiving an ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor. If the application detects a biometric sensor, it gives the user the choice to enroll biometrics. After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics). The user provides and confirms their PIN. Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data. This is the user key (ukpub/ukpriv). | | C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration. Azure DRS validates the MFA claim remains current. On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits. | -| D | Azure AD Connect requests updates on its next synchronization cycle. Azure Active Directory sends the user's public key that was securely registered through provisioning. AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory. | +| D | Azure AD Connect requests updates on its next synchronization cycle. Azure Active Directory sends the user's public key that was securely registered through provisioning. Azure Active Directory Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory. | > [!IMPORTANT] > The newly provisioned user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory. diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 86edd45c86..a7e607516e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -166,7 +166,7 @@ For more than a decade, many organizations have used the domain join to their on - Users to sign in to their devices with their Active Directory work or school accounts. Typically, organizations with an on-premises footprint rely on imaging methods to provision devices, and they often use or group policy (GP) to manage them. -If your environment has an on-premises AD footprint and you also want benefit from the capabilities provided by Azure Active Directory, you can implement hybrid Azure AD joined devices. These are devices that are both, joined to your on-premises Active Directory and your Azure Active Directory. +If your environment has an on-premises AD footprint and you also want benefit from the capabilities provided by Azure Active Directory, you can implement hybrid Azure AD-joined devices. These are devices that are both, joined to your on-premises Active Directory and your Azure Active Directory. ### Related topics [Azure AD Joined](#azure-ad-joined), [Azure AD Registered](#azure-ad-registered), [Hybrid Deployment](#hybrid-deployment) @@ -252,7 +252,7 @@ The simplest way to enable authentication for on-premises directory objects in A ## Primary Refresh Token SSO relies on special tokens obtained for each of the types of applications above. These are in turn used to obtain access tokens to specific applications. In the traditional Windows Integrated authentication case using Kerberos, this token is a Kerberos TGT (ticket-granting ticket). For Azure AD and AD FS applications we call this a Primary Refresh Token (PRT). This is a [JSON Web Token](http://openid.net/specs/draft-jones-json-web-token-07.html) containing claims about both the user and the device. -The PRT is initially obtained during Windows Logon (user sign-in/unlock) in a similar way the Kerberos TGT is obtained. This is true for both Azure AD joined and hybrid Azure AD joined devices. In personal devices registered with Azure AD, the PRT is initially obtained upon Add Work or School Account (in a personal device the account to unlock the device is not the work account but a consumer account e.g. hotmail.com, live.com, outlook.com, etc.). +The PRT is initially obtained during Windows Logon (user sign-in/unlock) in a similar way the Kerberos TGT is obtained. This is true for both Azure AD joined and hybrid Azure AD-joined devices. In personal devices registered with Azure AD, the PRT is initially obtained upon Add Work or School Account (in a personal device the account to unlock the device is not the work account but a consumer account e.g. hotmail.com, live.com, outlook.com, etc.). The PRT is needed for SSO. Without it, the user will be prompted for credentials when accessing applications every time. Please also note that the PRT contains information about the device. This means that if you have any [device-based conditional access](/azure/active-directory/active-directory-conditional-access-policy-connected-applications) policy set on an application, without the PRT, access will be denied. diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 0b25b65df8..23efa578c0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -22,7 +22,7 @@ ms.reviewer: - Windows 10 - Windows 11 -Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. +Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices. Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features. > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 9496bd8da6..2029789901 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -1,5 +1,5 @@ --- -title: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business +title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security @@ -17,19 +17,19 @@ ms.topic: article localizationpriority: medium ms.date: 01/14/2021 --- -# Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business +# Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business **Applies to** - Windows 10 - Windows 11 -- Azure Active Directory joined +- Azure Active Directory-joined - Hybrid Deployment - Key trust model ## Prerequisites -Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD joined devices. Unlike hybrid Azure AD joined devices, Azure AD joined devices do not have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD joined devices. +Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices do not have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices. - Azure Active Directory Connect synchronization - Device Registration @@ -56,9 +56,9 @@ Certificates issued by a certificate authority can be revoked. When a certifica ![Domain Controller Certificate with LDAP CDP.](images/aadj/Certificate-CDP.png) -The preceding domain controller certificate shows a CRL distribution path (CDP) using Active Directory. You can determine this because the value in the URL begins with **ldap**. Using Active Directory for domain joined devices provides a highly available CRL distribution point. However, Azure Active Directory joined devices and users on Azure Active Directory joined devices cannot read data from Active Directory, and certificate validation does not provide an opportunity to authenticate prior to reading the certificate revocation list. This becomes a circular problem as the user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user cannot read Active Directory because they have not authenticated. +The preceding domain controller certificate shows a CRL distribution path (CDP) using Active Directory. You can determine this because the value in the URL begins with **ldap**. Using Active Directory for domain joined devices provides a highly available CRL distribution point. However, Azure Active Directory-joined devices and users on Azure Active Directory-joined devices cannot read data from Active Directory, and certificate validation does not provide an opportunity to authenticate prior to reading the certificate revocation list. This becomes a circular problem as the user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user cannot read Active Directory because they have not authenticated. -To resolve this issue, the CRL distribution point must be a location that is accessible by Azure Active Directory joined devices that does not require authentication. The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS). +To resolve this issue, the CRL distribution point must be a location that is accessible by Azure Active Directory-joined devices that does not require authentication. The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS). If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points. @@ -73,7 +73,7 @@ If you are interested in configuring your environment to use the Windows Hello f ### Domain Controller Certificates -Certificate authorities write CRL distribution points in certificates as they are issued. If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point. The domain controller certificate is one the critical components of Azure AD joined devices authenticating to Active Directory +Certificate authorities write CRL distribution points in certificates as they are issued. If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point. The domain controller certificate is one the critical components of Azure AD-joined devices authenticating to Active Directory #### Why does Windows need to validate the domain controller certificate? @@ -87,7 +87,7 @@ Windows Hello for Business enforces the strict KDC validation security feature w - The domain controller's certificate's signature hash algorithm is **sha256**. - The domain controller's certificate's public key is **RSA (2048 Bits)**. -Authenticating from a Hybrid Azure AD joined device to a domain using Windows Hello for Business does not enforce that the domain controller certificate includes the **KDC Authentication** EKU. If you are adding Azure AD joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the **KDC Authentication** EKU. If you need to update your domain controller certificate to include the **KDC Authentication** EKU, follow the instructions in [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](hello-hybrid-key-whfb-settings-pki.md) +Authenticating from a Hybrid Azure AD joined device to a domain using Windows Hello for Business does not enforce that the domain controller certificate includes the **KDC Authentication** EKU. If you are adding Azure AD-joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the **KDC Authentication** EKU. If you need to update your domain controller certificate to include the **KDC Authentication** EKU, follow the instructions in [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](hello-hybrid-key-whfb-settings-pki.md) > [!Tip] > If you are using Windows Server 2008, **Kerberos Authentication** is not the default template, so make sure to use the correct template when issuing or re-issuing the certificate. @@ -107,7 +107,7 @@ Steps you will perform include: ### Configure Internet Information Services to host CRL distribution point -You need to host your new certificate revocation list of a web server so Azure AD joined devices can easily validate certificates without authentication. You can host these files on web servers many ways. The following steps is just one and may be useful for those unfamiliar with adding a new CRL distribution point. +You need to host your new certificate revocation list of a web server so Azure AD-joined devices can easily validate certificates without authentication. You can host these files on web servers many ways. The following steps is just one and may be useful for those unfamiliar with adding a new CRL distribution point. > [!IMPORTANT] > Do not configure the IIS server hosting your CRL distribution point to use https or a server authentication certificate. Clients should access the distribution point using http. @@ -265,7 +265,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point, ## Configure and Assign a Trusted Certificate Device Configuration Profile -Your domain controllers have new certificate that include the new CRL distribution point. Next, you need your enterprise root certificate so you can deploy it to Azure AD joined devices. Deploying the enterprise root certificates to the device, ensures the device trusts any certificates issued by the certificate authority. Without the certificate, Azure AD joined devices do not trust domain controller certificates and authentication fails. +Your domain controllers have new certificate that include the new CRL distribution point. Next, you need your enterprise root certificate so you can deploy it to Azure AD-joined devices. Deploying the enterprise root certificates to the device, ensures the device trusts any certificates issued by the certificate authority. Without the certificate, Azure AD-joined devices do not trust domain controller certificates and authentication fails. Steps you will perform include: - [Export Enterprise Root certificate](#export-enterprise-root-certificate) @@ -288,7 +288,7 @@ Steps you will perform include: ### Create and Assign a Trust Certificate Device Configuration Profile -A **Trusted Certificate** device configuration profile is how you deploy trusted certificates to Azure AD joined devices. +A **Trusted Certificate** device configuration profile is how you deploy trusted certificates to Azure AD-joined devices. 1. Sign-in to the [Microsoft Azure Portal](https://portal.azure.com) and select **Microsoft Intune**. 2. Click **Device configuration**. In the **Device Configuration** blade, click **Create profile**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index ebad63fce7..807592de85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,6 +1,6 @@ --- title: Using Certificates for AADJ On-premises Single-sign On single sign-on -description: If you want to use certificates for on-premises single-sign on for Azure Active Directory joined devices, then follow these additional steps. +description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security ms.mktglfcycl: deploy @@ -23,14 +23,14 @@ ms.reviewer: - Windows 10 - Windows 11 -- Azure Active Directory joined +- Azure Active Directory-joined - Hybrid Deployment - Certificate trust -If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD joined devices. +If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices. > [!IMPORTANT] -> Ensure you have performed the configurations in [Azure AD joined devices for On-premises Single-Sign On](hello-hybrid-aadj-sso-base.md) before you continue. +> Ensure you have performed the configurations in [Azure AD-joined devices for On-premises Single-Sign On](hello-hybrid-aadj-sso-base.md) before you continue. Steps you will perform include: @@ -44,7 +44,7 @@ Steps you will perform include: ## Requirements -You need to install and configure additional infrastructure to provide Azure AD joined devices with on-premises single-sign on. +You need to install and configure additional infrastructure to provide Azure AD-joined devices with on-premises single-sign on. - An existing Windows Server 2012 R2 or later Enterprise Certificate Authority - A Windows Server 2012 R2 domain joined server that hosts the Network Device Enrollment Services role @@ -75,7 +75,7 @@ Most environments change the user principal name suffix to match the organizatio To include the on-premises distinguished name in the certificate's subject, Azure AD Connect must replicate the Active Directory **distinguishedName** attribute to the Azure Active Directory **onPremisesDistinguishedName** attribute. Azure AD Connect version 1.1.819 includes the proper synchronization rules needed for these attributes. -### Verify AAD Connect version +### Verify Azure Active Directory Connect version Sign-in to computer running Azure AD Connect with access equivalent to _local administrator_. @@ -471,13 +471,13 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_. 5. Click **Add**. -6. Click **Users or Computers...** Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD joined devices. From the **Available services** list, select **HOST**. Click **OK**. +6. Click **Users or Computers...** Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD-joined devices. From the **Available services** list, select **HOST**. Click **OK**. ![NDES Service delegation to NDES host.](images/aadjcert/ndessvcdelegation-host-ndes-spn.png) 7. Repeat steps 5 and 6 for each NDES server using this service account. Click **Add**. -8. Click **Users or computers...** Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD joined devices. From the **Available services** list, select **dcom**. Hold the **CTRL** key and select **HOST**. Click **OK**. +8. Click **Users or computers...** Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD-joined devices. From the **Available services** list, select **dcom**. Hold the **CTRL** key and select **HOST**. Click **OK**. 9. Repeat steps 8 and 9 for each issuing certificate authority from which one or more NDES servers request certificates. @@ -550,7 +550,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials. 1. Open an elevated command prompt. -2. Using the table above, decide which registry value name you will use to request Windows Hello for Business authentication certificates for Azure AD joined devices. +2. Using the table above, decide which registry value name you will use to request Windows Hello for Business authentication certificates for Azure AD-joined devices. 3. Type the following command: @@ -558,7 +558,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials. reg add HKLM\Software\Microsoft\Cryptography\MSCEP /v [registryValueName] /t REG_SZ /d [certificateTemplateName] ``` - where **registryValueName** is one of the three value names from the above table and where **certificateTemplateName** is the name of the certificate template you created for Windows Hello for Business Azure AD joined devices. Example: + where **registryValueName** is one of the three value names from the above table and where **certificateTemplateName** is the name of the certificate template you created for Windows Hello for Business Azure AD-joined devices. Example: ```console reg add HKLM\Software\Microsoft\Cryptography\MSCEP /v SignatureTemplate /t REG_SZ /d AADJWHFBAuthentication @@ -573,7 +573,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials. ### Create a Web Application Proxy for the internal NDES URL. -Certificate enrollment for Azure AD joined devices occurs over the Internet. As a result, the internal NDES URLs must be accessible externally. You can do this easily and securely using Azure Active Directory Application Proxy. Azure AD Application Proxy provides single sign-on and secure remote access for web applications hosted on-premises, such as Network Device Enrollment Services. +Certificate enrollment for Azure AD-joined devices occurs over the Internet. As a result, the internal NDES URLs must be accessible externally. You can do this easily and securely using Azure Active Directory Application Proxy. Azure AD Application Proxy provides single sign-on and secure remote access for web applications hosted on-premises, such as Network Device Enrollment Services. Ideally, you configure your Microsoft Intune SCEP certificate profile to use multiple external NDES URLs. This enables Microsoft Intune to round-robin load balance the certificate requests to identically configured NDES Servers (each NDES server can accommodate approximately 300 concurrent requests). Microsoft Intune sends these requests to Azure AD Application Proxies. @@ -697,7 +697,7 @@ Sign-in the NDES server with access equivalent to _local administrators_. 10. Click **Enroll** -11. Repeat these steps for all NDES Servers used to request Windows Hello for Business authentication certificates for Azure AD joined devices. +11. Repeat these steps for all NDES Servers used to request Windows Hello for Business authentication certificates for Azure AD-joined devices. ### Configure the Web Server Role diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index ddff708e26..6d2ac37a80 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -1,6 +1,6 @@ --- title: Azure AD Join Single Sign-on Deployment -description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory joined devices, using Windows Hello for Business. +description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security ms.mktglfcycl: deploy @@ -22,10 +22,10 @@ ms.reviewer: - Windows 10 - Windows 11 -- Azure Active Directory joined +- Azure Active Directory-joined - Hybrid deployment -Windows Hello for Business combined with Azure Active Directory joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory joined devices using Windows Hello for Business, using a key or a certificate. +Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate. ## Key vs. Certificate @@ -33,10 +33,10 @@ Enterprises can use either a key or a certificate to provide single-sign on for When using a key, the on-premises environment needs an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. -When using a certificate, the on-premises environment can use Windows Server 2008 R2 and later domain controllers, which removes the Windows Server 2016 domain controller requirement. However, single-sign on using a certificate requires additional infrastructure to issue a certificate when the user enrolls for Windows Hello for Business. Azure AD joined devices enroll certificates using Microsoft Intune or a compatible Mobile Device Management (MDM). Microsoft Intune and Windows Hello for Business use the Network Device Enrollment Services (NDES) role and support Microsoft Intune connector. +When using a certificate, the on-premises environment can use Windows Server 2008 R2 and later domain controllers, which removes the Windows Server 2016 domain controller requirement. However, single-sign on using a certificate requires additional infrastructure to issue a certificate when the user enrolls for Windows Hello for Business. Azure AD-joined devices enroll certificates using Microsoft Intune or a compatible Mobile Device Management (MDM). Microsoft Intune and Windows Hello for Business use the Network Device Enrollment Services (NDES) role and support Microsoft Intune connector. -To deploy single sign-on for Azure AD joined devices using keys, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md). -To deploy single sign-on for Azure AD joined devices using certificates, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for AADJ On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). +To deploy single sign-on for Azure AD-joined devices using keys, read and follow [Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md). +To deploy single sign-on for Azure AD-joined devices using certificates, read and follow [Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for Azure Active Directory-joined On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). ## Related topics diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index e1fac8d907..c45b19aa4d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -43,8 +43,8 @@ Use this three-phased approach for configuring device registration. > Before proceeding, you should familiarize yourself with device registration concepts such as: > > - Azure AD registered devices -> - Azure AD joined devices -> - Hybrid Azure AD joined devices +> - Azure AD-joined devices +> - Hybrid Azure AD-joined devices > > You can learn about this and more by reading [Introduction to Device Management in Azure Active Directory.](/azure/active-directory/device-management-introduction) @@ -55,7 +55,7 @@ Use this three-phased approach for configuring device registration. To support hybrid Windows Hello for Business, configure hybrid Azure AD join. -Follow the guidance on [How to configure hybrid Azure Active Directory joined devices](/azure/active-directory/devices/hybrid-azuread-join-plan) page. In the **Select your scenario based on your identity infrastructure** section, identify your configuration (either **Managed environment** or **Federated environment**) and perform only the steps applicable to your environment. +Follow the guidance on [How to configure hybrid Azure Active Directory-joined devices](/azure/active-directory/devices/hybrid-azuread-join-plan) page. In the **Select your scenario based on your identity infrastructure** section, identify your configuration (either **Managed environment** or **Federated environment**) and perform only the steps applicable to your environment. If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps: @@ -69,11 +69,11 @@ You can learn more about this scenario by reading [Review on-premises UPN suppor ## Configure Active Directory to support Azure device synchronization -Azure Active Directory is now configured for device registration. Next, you need to configure the on-premises Active Directory to support synchronizing hybrid Azure AD joined devices. Begin with upgrading the Active Directory Schema +Azure Active Directory is now configured for device registration. Next, you need to configure the on-premises Active Directory to support synchronizing hybrid Azure AD-joined devices. Begin with upgrading the Active Directory Schema ### Upgrading Active Directory to the Windows Server 2016 or later Schema -To use Windows Hello for Business with Hybrid Azure AD joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later. +To use Windows Hello for Business with Hybrid Azure AD-joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later. > [!IMPORTANT] > If you already have a Windows Server 2016 or later domain controller in your forest, you can skip **Upgrading Active Directory to the Windows Server 2016 or later Schema** (this section). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 04926dd580..f3d6ed1281 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -31,7 +31,7 @@ The Windows Hello for Business provisioning begins immediately after the user ha ![Event358 from User Device Registration log showing Windows Hello for Business prerequisite check result.](images/Event358.png) -The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. +The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is Azure Active Directory-joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. Windows Hello for Business provisioning begins with a full screen page with the title **Setup a PIN** and button with the same name. The user clicks **Setup a PIN**. @@ -52,7 +52,7 @@ The provisioning flow has all the information it needs to complete the Windows H - A fresh, successful multi-factor authentication - A validated PIN that meets the PIN complexity requirements -The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key. AAD Connect synchronizes the user's key to the on-premises Active Directory. +The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key. Azure Active Directory Connect synchronizes the user's key to the on-premises Active Directory. > [!IMPORTANT] > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index bc3b32a38e..e6408a1ce4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -38,7 +38,7 @@ This section has you configure certificate templates on your Windows Server 2012 Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate. Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain. This provides clients a root of trust external to the domain - namely the enterprise certificate authority. -Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory. However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC. Inclusion of the **KDC Authentication** OID in domain controller certificate is not required for key trust authentication from Hybrid Azure AD joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Azure AD joined devices. The steps below to *Create a Domain Controller Authentication (Kerberos) Certificate Template* and *Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template* to include the **KDC Authentication** OID in the domain controller certificate may be skipped if you only have Hybrid Azure AD Joined devices in your environment, but we recommend completing these steps if you are considering adding Azure AD joined devices to your environment in the future. +Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory. However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC. Inclusion of the **KDC Authentication** OID in domain controller certificate is not required for key trust authentication from Hybrid Azure AD-joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Azure AD-joined devices. The steps below to *Create a Domain Controller Authentication (Kerberos) Certificate Template* and *Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template* to include the **KDC Authentication** OID in the domain controller certificate may be skipped if you only have Hybrid Azure AD Joined devices in your environment, but we recommend completing these steps if you are considering adding Azure AD-joined devices to your environment in the future. By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template. However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the **Kerberos Authentication** certificate template as a baseline to create an updated domain controller certificate template. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index a86fb2633a..796769153f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -40,7 +40,7 @@ Windows Hello for Business cloud trust uses Azure Active Directory (AD) Kerberos ## Azure Active Directory Kerberos and Cloud Trust Authentication -Key trust and certificate trust use certificate authentication based Kerberos for requesting kerberos ticket-granting-tickets (TGTs) for on-premises authentication. This type of authentication requires PKI for DC certificates, and requires end-user certificates for certificate trust. Single sign-on (SSO) to on-premises resources from Azure AD joined devices requires more PKI configuration to publish a certificate revocation list (CRL) to a public endpoint. Cloud trust uses Azure AD Kerberos that doesn't require any of the above PKI to get the user a TGT. +Key trust and certificate trust use certificate authentication based Kerberos for requesting kerberos ticket-granting-tickets (TGTs) for on-premises authentication. This type of authentication requires PKI for DC certificates, and requires end-user certificates for certificate trust. Single sign-on (SSO) to on-premises resources from Azure AD-joined devices requires more PKI configuration to publish a certificate revocation list (CRL) to a public endpoint. Cloud trust uses Azure AD Kerberos that doesn't require any of the above PKI to get the user a TGT. With Azure AD Kerberos, Azure AD can issue TGTs for one or more of your AD domains. Windows can request a TGT from Azure AD when authenticating with Windows Hello for Business and use the returned TGT for logon or to access traditional AD-based resources. Kerberos service tickets and authorization continue to be controlled by your on-premises AD DCs. @@ -53,7 +53,7 @@ More details on how Azure AD Kerberos enables access to on-premises resources ar | Requirement | Notes | | --- | --- | | Multi-factor Authentication | This requirement can be met using [Azure AD multi-factor authentication](/azure/active-directory/authentication/howto-mfa-getstarted), multi-factor authentication provided through AD FS, or a comparable solution. | -| Patched Windows 10 version 21H2 or patched Windows 11 and later | If you're using Windows 10 21H2, KB5010415 must be installed. If you're using Windows 11 21H2, KB5010414 must be installed. There's no Windows version support difference between Azure AD joined and Hybrid Azure AD joined devices. | +| Patched Windows 10 version 21H2 or patched Windows 11 and later | If you're using Windows 10 21H2, KB5010415 must be installed. If you're using Windows 11 21H2, KB5010414 must be installed. There's no Windows version support difference between Azure AD joined and Hybrid Azure AD-joined devices. | | Fully patched Windows Server 2016 or later Domain Controllers | Domain controllers should be fully patched to support updates needed for Azure AD Kerberos. If you're using Windows Server 2016, [KB3534307](https://support.microsoft.com/en-us/topic/january-23-2020-kb4534307-os-build-14393-3474-b181594e-2c6a-14ea-e75b-678efea9d27e) must be installed. If you're using Server 2019, [KB4534321](https://support.microsoft.com/en-us/topic/january-23-2020-kb4534321-os-build-17763-1012-023e84c3-f9aa-3b55-8aff-d512911c459f) must be installed. | | Azure AD Kerberos PowerShell module | This module is used for enabling and managing Azure AD Kerberos. It's available through the [PowerShell Gallery](https://www.powershellgallery.com/packages/AzureADHybridAuthenticationManagement).| | Device management | Windows Hello for Business cloud trust can be managed with group policy or through mobile device management (MDM) policy. This feature is disabled by default and must be enabled using policy. | @@ -83,7 +83,7 @@ If you haven't deployed Azure AD Kerberos, follow the instructions in the [Enabl ### Configure Windows Hello for Business Policy -After setting up the Azure AD Kerberos Object, Windows Hello for business cloud trust must be enabled using policy. By default, cloud trust won't be used by Hybrid Azure AD joined or Azure AD joined devices. +After setting up the Azure AD Kerberos Object, Windows Hello for business cloud trust must be enabled using policy. By default, cloud trust won't be used by Hybrid Azure AD joined or Azure AD-joined devices. #### Configure Using Group Policy @@ -202,7 +202,7 @@ To configure the cloud trust policy, follow the steps below: ## Provisioning -The Windows Hello for Business provisioning process begins immediately after a user has signed in if certain prerequisite checks are passed. Windows Hello for Business cloud trust adds a prerequisite check for Hybrid Azure AD joined devices when cloud trust is enabled by policy. +The Windows Hello for Business provisioning process begins immediately after a user has signed in if certain prerequisite checks are passed. Windows Hello for Business cloud trust adds a prerequisite check for Hybrid Azure AD-joined devices when cloud trust is enabled by policy. You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs\Microsoft\Windows**. This information is also available using the [**dsregcmd /status**](/azure/active-directory/devices/troubleshoot-device-dsregcmd) command from a console. @@ -210,7 +210,7 @@ You can determine the status of the prerequisite check by viewing the **User Dev The cloud trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud trust is not being enforced by policy or if the device is Azure AD joined. -This prerequisite check isn't done for provisioning on Azure AD joined devices. If Azure AD Kerberos isn't provisioned, a user on an Azure AD joined device will still be able to sign in. +This prerequisite check isn't done for provisioning on Azure AD-joined devices. If Azure AD Kerberos isn't provisioned, a user on an Azure AD joined device will still be able to sign in. ### PIN Setup diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index ea3e5ae8d1..4f8c8153c4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -85,7 +85,7 @@ If you do not have an existing public key infrastructure, please review [Certifi > [!IMPORTANT] > For Azure AD joined device to authenticate to and use on-premises resources, ensure you: > * Install the root certificate authority certificate for your organization in the user's trusted root certificate store. -> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based URL. +> * Publish your certificate revocation list to a location that is available to Azure AD-joined devices, such as a web-based URL. ### Section Review diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 04d4d3b8b1..90cbd52d95 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -31,8 +31,8 @@ You're ready to configure device registration for your hybrid environment. Hybri > [!NOTE] > Before proceeding, you should familiarize yourself with device registration concepts such as: > * Azure AD registered devices -> * Azure AD joined devices -> * Hybrid Azure AD joined devices +> * Azure AD-joined devices +> * Hybrid Azure AD-joined devices > > You can learn about this and more by reading [What is a device identity](/azure/active-directory/devices/overview) @@ -40,7 +40,7 @@ You're ready to configure device registration for your hybrid environment. Hybri Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD. -Follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](/azure/active-directory/devices/hybrid-azuread-join-plan) page. In the **Select your scenario based on your identity infrastructure** section, identify your configuration (either **Managed environment** or **Federated environment**) and perform only the steps applicable to your environment. +Follow the guidance on the [How to configure hybrid Azure Active Directory-joined devices](/azure/active-directory/devices/hybrid-azuread-join-plan) page. In the **Select your scenario based on your identity infrastructure** section, identify your configuration (either **Managed environment** or **Federated environment**) and perform only the steps applicable to your environment. If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index f32954e088..90aaa2b968 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -83,7 +83,7 @@ The minimum required Enterprise certificate authority that can be used with Wind > [!IMPORTANT] > For Azure AD joined device to authenticate to and use on-premises resources, ensure you: > * Install the root certificate authority certificate for your organization in the user's trusted root certificate store. -> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url. +> * Publish your certificate revocation list to a location that is available to Azure AD-joined devices, such as a web-based url. ### Section Review > [!div class="checklist"] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index d2c8eb0585..c7dd159a00 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -31,7 +31,7 @@ The Windows Hello for Business provisioning begins immediately after the user ha ![Event358.](images/Event358-2.png) -The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. +The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is Azure Active Directory-joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. Windows Hello for Business provisioning begins with a full screen page with the title **Setup a PIN** and button with the same name. The user clicks **Setup a PIN**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index de67cd6dd3..418298f89e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -38,7 +38,7 @@ This section has you configure certificate templates on your Windows Server 2012 Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate. Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain. This provides clients a root of trust external to the domain - namely the enterprise certificate authority. -Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory. However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC. Inclusion of the **KDC Authentication** OID in domain controller certificate is not required for key trust authentication from Hybrid Azure AD joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Azure AD joined devices. The steps below to update the domain controller certificate to include the **KDC Authentication** OID may be skipped if you only have Hybrid Azure AD Joined devices in your environment, but we recommend completing these steps if you are considering adding Azure AD joined devices to your environment in the future. +Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory. However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC. Inclusion of the **KDC Authentication** OID in domain controller certificate is not required for key trust authentication from Hybrid Azure AD-joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Azure AD-joined devices. The steps below to update the domain controller certificate to include the **KDC Authentication** OID may be skipped if you only have Hybrid Azure AD Joined devices in your environment, but we recommend completing these steps if you are considering adding Azure AD-joined devices to your environment in the future. By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template. However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the **Kerberos Authentication** certificate template a baseline to create an updated domain controller certificate template. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 6ea84e8f0d..d98732f5c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -34,7 +34,7 @@ Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 C Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. -Hybrid Azure AD joined devices needs one Group Policy setting: +Hybrid Azure AD-joined devices needs one Group Policy setting: * Enable Windows Hello for Business ### Configure Domain Controllers for Automatic Certificate Enrollment diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 65b58ef1a0..7436890316 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -99,7 +99,7 @@ It's fundamentally important to understand which deployment model to use for a s A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory. There are two trust types: key trust and certificate trust. > [!NOTE] -> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available. +> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available. The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. @@ -191,7 +191,7 @@ If your organization does not have cloud resources, write **On-Premises** in box ### Trust type -Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. +Hybrid Azure AD-joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD-joined devices and Azure AD-joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers. @@ -259,10 +259,10 @@ If you choose to use AD FS with the Azure MFA server adapter, write **AD FS with Windows Hello for Business provides organizations with many policy settings and granular control on how these settings may be applied to both computers and users. The type of policy management you can use depends on your selected deployment and trust models. -If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **2a** on your planning worksheet. You have the option to manage non-domain joined devices. If you choose to manage Azure Active Directory joined devices, write **modern management** in box **2b** on your planning worksheet. Otherwise, write** N/A** in box **2b**. +If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **2a** on your planning worksheet. You have the option to manage non-domain joined devices. If you choose to manage Azure Active Directory-joined devices, write **modern management** in box **2b** on your planning worksheet. Otherwise, write** N/A** in box **2b**. > [!NOTE] -> Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings. Use modern management to adjust policy settings to match the business needs of your organization. +> Azure Active Directory-joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings. Use modern management to adjust policy settings to match the business needs of your organization. If box **1a** on your planning worksheet reads **on-prem**, write **GP** in box **2a** on your planning worksheet. Write **N/A** in box **2b** on your worksheet. @@ -278,7 +278,7 @@ Windows Hello for Business is a feature exclusive to Windows 10 and Windows 11. If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet. Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices. > [!NOTE] -> Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings. Use modern management to adjust policy settings to match the business needs of your organization. +> Azure Active Directory-joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings. Use modern management to adjust policy settings to match the business needs of your organization. Write **1511 or later** in box **3a** on your planning worksheet if any of the following are true. * Box **2a** on your planning worksheet read **modern management**. @@ -306,7 +306,7 @@ If box **1a** on your planning worksheet reads **cloud only**, ignore the public If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet. Key trust doesn't require any change in public key infrastructure, skip this part and go to **Cloud** section. -The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. +The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices. Hybrid Azure AD-joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD-joined devices and Azure AD-joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. If box **2a** reads **GP** and box **2b** reads **modern management**, write **AD FS RA and NDES** in box **5b** on your planning worksheet. In box **5c**, write the following certificate templates names and issuances: diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index f4e8cb2358..a3e52561e5 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -80,7 +80,7 @@ If the credentials are certificate-based, then the elements in the following tab | SubjectName | The user’s distinguished name (DN) where the domain components of the distinguished name reflect the internal DNS namespace when the SubjectAlternativeName does not have the fully qualified UPN required to find the domain controller.
      This requirement is relevant in multi-forest environments as it ensures a domain controller can be located. | | SubjectAlternativeName | The user’s fully qualified UPN where a domain name component of the user’s UPN matches the organizations internal domain’s DNS namespace.
      This requirement is relevant in multi-forest environments as it ensures a domain controller can be located when the SubjectName does not have the DN required to find the domain controller. | | Key Storage Provider (KSP) | If the device is joined to Azure AD, a discrete SSO certificate is used. | -| EnhancedKeyUsage | One or more of the following EKUs is required:
      - Client Authentication (for the VPN)
      - EAP Filtering OID (for Windows Hello for Business)
      - SmartCardLogon (for Azure AD joined devices)
      If the domain controllers require smart card EKU either:
      - SmartCardLogon
      - id-pkinit-KPClientAuth (1.3.6.1.5.2.3.4)
      Otherwise:
      - TLS/SSL Client Authentication (1.3.6.1.5.5.7.3.2) | +| EnhancedKeyUsage | One or more of the following EKUs is required:
      - Client Authentication (for the VPN)
      - EAP Filtering OID (for Windows Hello for Business)
      - SmartCardLogon (for Azure AD-joined devices)
      If the domain controllers require smart card EKU either:
      - SmartCardLogon
      - id-pkinit-KPClientAuth (1.3.6.1.5.2.3.4)
      Otherwise:
      - TLS/SSL Client Authentication (1.3.6.1.5.5.7.3.2) | ## NDES server configuration diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index 2db35d51b3..df216aa4e3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -33,7 +33,7 @@ This article depicts the BitLocker deployment comparison chart. |Minimum client operating system version |Windows 11 and Windows 10 | Windows 11, Windows 10, and Windows 8.1 | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11 | |Supported Windows SKUs | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise | |Minimum Windows version |1909 | None | None | -|Supported domain-joined status | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory joined, hybrid Azure AD joined | Active Directory joined | +|Supported domain-joined status | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory-joined, hybrid Azure AD joined | Active Directory-joined | |Permissions required to manage policies | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access | |Cloud or on premises | Cloud | On premises | On premises | |Server components required? | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 680cbb7c42..3a677030de 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -110,5 +110,5 @@ This issue may occur when the Windows operating system is not the owner of the T For more information about TPM issues, see the following articles: - [TPM fundamentals: Anti-hammering](../tpm/tpm-fundamentals.md#anti-hammering) -- [Troubleshooting hybrid Azure Active Directory joined devices](/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current) +- [Troubleshooting hybrid Azure Active Directory-joined devices](/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current) - [Troubleshoot the TPM](../tpm/initialize-and-configure-ownership-of-the-tpm.md) \ No newline at end of file diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index 3463eceedc..1c229713a8 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -75,7 +75,7 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -Enabling this policy setting allows a user’s account on one computer to be associated with an online identity, such as Microsoft account or an Azure AD account. That account can then log on to a peer device (if the peer device is likewise configured) without the use of a Windows logon account (domain or local). This setup is not only beneficial, but required for Azure AD joined devices, where they are signed in with an online identity and are issued certificates by Azure AD. This policy may not be relevant for an *on-premises only* environment and might circumvent established security policies. However, it does not pose any threats in a hybrid environment where Azure AD is used as it relies on the user's online identity and Azure AD to authenticate. +Enabling this policy setting allows a user’s account on one computer to be associated with an online identity, such as Microsoft account or an Azure AD account. That account can then log on to a peer device (if the peer device is likewise configured) without the use of a Windows logon account (domain or local). This setup is not only beneficial, but required for Azure AD-joined devices, where they are signed in with an online identity and are issued certificates by Azure AD. This policy may not be relevant for an *on-premises only* environment and might circumvent established security policies. However, it does not pose any threats in a hybrid environment where Azure AD is used as it relies on the user's online identity and Azure AD to authenticate. ### Countermeasure diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 6953ab042b..a9fa1d579f 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -50,7 +50,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side 3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation). -4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device. +4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with Azure Active Directory conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device. 5. The attestation service does the following: diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 034ffc1f83..61ce4d8540 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -213,7 +213,7 @@ For more information, see: [Windows Hello and FIDO2 Security Keys enable secure Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. -Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. +Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. > [!NOTE] > Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. @@ -471,7 +471,7 @@ Some of the other new CSPs are: For more information, see [What's new in mobile device enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management). -MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). +MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory-joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management). diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index 6faf817654..b12832e871 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -187,7 +187,7 @@ Windows Management Instrumentation (WMI) Group Policy Service (GPSVC) has a perf #### Key-rolling and Key-rotation -This release also includes two new features called Key-rolling and Key-rotation enables secure rolling of Recovery passwords on MDM-managed AAD devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users. +This release also includes two new features called Key-rolling and Key-rotation enables secure rolling of Recovery passwords on MDM-managed Azure Active Directory devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users. ## Deployment diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index df0bb338ac..081dcc19a7 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -181,7 +181,7 @@ Windows Update for Business managed devices are now able to defer feature update ### Windows Insider for Business -We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows-insider/business/register). +We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows-insider/business/register). ### Optimize update delivery diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index ad9ebb3782..71bb8bbb6a 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -57,7 +57,7 @@ You can now register your Azure AD domains to the Windows Insider Program. For m ### Mobile Device Management (MDM) -MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). +MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory-joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1709). diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index d14888637d..d587dd6af5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -31,7 +31,7 @@ Windows Autopilot self-deploying mode enables a zero touch device provisioning e This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. -You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. +You can utilize Windows Autopilot self-deploying mode to register the device to an Azure Active Directory tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](/windows/deployment/windows-autopilot/self-deploying). @@ -60,7 +60,7 @@ This also means you’ll see more links to other security apps within **Windows #### Silent enforcement on fixed drives -Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. +Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD)-joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Azure AD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. This is an update to the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp), which was introduced in Windows 10, version 1703, and leveraged by Intune and others. @@ -138,11 +138,11 @@ You can add specific rules for a WSL process in Windows Defender Firewall, just We introduced new group policies and Modern Device Management settings to manage Microsoft Edge. The new policies include enabling and disabling full-screen mode, printing, favorites bar, and saving history; preventing certificate error overrides; configuring the Home button and startup options; setting the New Tab page and Home button URL, and managing extensions. Learn more about the [new Microsoft Edge policies](/microsoft-edge/deploy/change-history-for-microsoft-edge). -### Windows Defender Credential Guard is supported by default on 10S devices that are AAD Joined +### Windows Defender Credential Guard is supported by default on 10S devices that are Azure Active Directory-joined Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It is designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. -Windows Defender Credential Guard has always been an optional feature, but Windows 10-S turns this functionality on by default when the machine has been Azure Active Directory joined. This provides an added level of security when connecting to domain resources not normally present on 10-S devices. Please note that Windows Defender Credential Guard is available only to S-Mode devices or Enterprise and Education Editions. +Windows Defender Credential Guard has always been an optional feature, but Windows 10-S turns this functionality on by default when the machine has been Azure Active Directory-joined. This provides an added level of security when connecting to domain resources not normally present on 10-S devices. Please note that Windows Defender Credential Guard is available only to S-Mode devices or Enterprise and Education Editions. ### Windows 10 Pro S Mode requires a network connection diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index 7f89949678..8f1b6a4c3c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -49,7 +49,7 @@ BitLocker and Mobile Device Management (MDM) with Azure Active Directory work to ### Key-rolling and Key-rotation -Windows 10, version 1909 also includes two new features called **Key-rolling** and **Key-rotation** enables secure rolling of Recovery passwords on MDM managed AAD devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users. +Windows 10, version 1909 also includes two new features called **Key-rolling** and **Key-rotation** enables secure rolling of Recovery passwords on MDM managed Azure Active Directory devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users. ### Transport Layer Security (TLS) From 859211bf86b4d79146336a1cdd522f04d4110f60 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 9 Jun 2022 13:52:24 +0530 Subject: [PATCH 330/540] Fixing suggestions --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- .../hello-for-business/hello-hybrid-cloud-trust.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index e1421172c1..443d3adc15 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -51,7 +51,7 @@ Azure Active Directory-joined devices authenticate to Azure during sign-in and c ## Azure AD join authentication to Active Directory using Azure AD Kerberos (cloud trust preview) -![Azure AD join authentication to Azure Active Directory.](images/howitworks/auth-aadj-cloudtrust-kerb.png) +![Azure Active Directory join authentication to Azure AD.](images/howitworks/auth-aadj-cloudtrust-kerb.png) | Phase | Description | | :----: | :----------- | diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index 796769153f..f8d135a315 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -189,7 +189,7 @@ To configure the cloud trust policy, follow the steps below: - Data type: Boolean - Value: True - [![Intune custom device configuration policy creation](./images/hello-cloud-trust-intune.png)](./images/hello-cloud-trust-intune-large.png#lightbox) + [![Intune custom-device configuration policy creation](./images/hello-cloud-trust-intune.png)](./images/hello-cloud-trust-intune-large.png#lightbox) 1. Select Next to navigate to **Assignments**. 1. Under Included groups, select **Add groups**. From 76a1a78899f4f14af0caa4ad18efd3fb9fa2524e Mon Sep 17 00:00:00 2001 From: Mark Renoden Date: Fri, 10 Jun 2022 11:10:50 +1000 Subject: [PATCH 331/540] Update hello-hybrid-cloud-trust.md Adding a clarification for the 2016+ Domain Controller requirements. --- .../hello-for-business/hello-hybrid-cloud-trust.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index a86fb2633a..cfc435c989 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -48,6 +48,8 @@ When you enable Azure AD Kerberos in a domain, an Azure AD Kerberos Server objec More details on how Azure AD Kerberos enables access to on-premises resources are available in our documentation on [enabling passwordless security key sign-in to on-premises resources](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). There's more information on how Azure AD Kerberos works with Windows Hello for Business cloud trust in the [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview). +If using the hybrid cloud trust deployment model, you MUST ensure that you have adequate (1 or more, depending on your authentication load) Windows Server 2016 or later Read-Write Domain Controllers in each Active Directory site where users will be authenticating for Windows Hello for Business. + ## Prerequisites | Requirement | Notes | From 6519ec617ac73aa271cc60b156a0717497feed97 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jun 2022 11:22:24 +0500 Subject: [PATCH 332/540] Update use-windows-defender-application-control-with-dynamic-code-security.md --- ...defender-application-control-with-dynamic-code-security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index b1ace98992..ecf7941e63 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -24,7 +24,7 @@ Historically, Windows Defender Application Control (WDAC) has restricted the set Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. Beginning with Windows 10, version 1803, or Windows 11, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. -When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources. +When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources (any non-local sources, such as Internet or network share). Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with. Dynamic Code Security is not enabled by default because existing policies may not account for externally loaded libraries. @@ -39,4 +39,4 @@ To enable Dynamic Code Security, add the following option to the `` secti -``` \ No newline at end of file +``` From 55e8d06d7f24e423d0b58077342beb178737c5fe Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jun 2022 11:58:59 +0500 Subject: [PATCH 333/540] Update system-failure-recovery-options.md --- .../system-failure-recovery-options.md | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 777b9fa6ec..5ea73e75a2 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -184,6 +184,63 @@ To specify that you don't want to overwrite any previous kernel or complete memo - Set the **Overwrite** DWORD value to **0**. +#### Automatic Memory Dump + +The default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time. + +If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more details, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump). + +To specify that you want to use a automatic memory dump file, run the following command or modify the registry value: + +- ```cmd + wmic recoveros set DebugInfoType = 7 + ``` + +- Set the **CrashDumpEnabled** DWORD value to **7**. + +To specify that you want to use a file as your memory dump file, run the following command or modify the registry value: + +- ```cmd + wmic recoveros set DebugFilePath = + ``` + +- Set the **DumpFile** Expandable String Value to \. + +To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value: + +- ```cmd + wmic recoveros set OverwriteExistingDebugFile = 0 + ``` + +- Set the **Overwrite** DWORD value to **0**. + +#### Active Memory Dump + +An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a complete memory dump. + +This dump file does include any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages and various other types of memory that are not likely to be useful during debugging. For more details, see [Active Memory Dump](windows-hardware/drivers/debugger/active-memory-dump). + +To specify that you want to use an active memory dump file, modify the registry value: + +- Set the **CrashDumpEnabled** DWORD value to **1**. +- Set the **FilterPages** DWORD value to **1**. + +To specify that you want to use a file as your memory dump file, run the following command or modify the registry value: + +- ```cmd + wmic recoveros set DebugFilePath = + ``` + +- Set the DumpFile Expandable String Value to \. + +To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value: + +- ```cmd + wmic recoveros set OverwriteExistingDebugFile = 0 + ``` + +- Set the **Overwrite** DWORD value to **0**. + >[!Note] >If you contact Microsoft Support about a Stop error, you might be asked for the memory dump file that is generated by the Write Debugging Information option. @@ -192,6 +249,7 @@ To view system failure and recovery settings for your local computer, type **wmi >[!Note] >To successfully use these Wmic.exe command line examples, you must be logged on by using a user account that has administrative rights on the computer. If you are not logged on by using a user account that has administrative rights on the computer, use the **/user:user_name** and **/password:password** switches. + ### Tips - To take advantage of the dump file feature, your paging file must be on the boot volume. If you've moved the paging file to another volume, you must move it back to the boot volume before you use this feature. @@ -202,4 +260,4 @@ To view system failure and recovery settings for your local computer, type **wmi ## References -[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files) \ No newline at end of file +[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files) From 6208eafa2a95d677e4dc4786e0f323cda7e73ca3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jun 2022 13:23:58 +0500 Subject: [PATCH 334/540] Update hello-feature-dynamic-lock.md --- .../hello-for-business/hello-feature-dynamic-lock.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 7025fb4173..6f5edfb03b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -25,6 +25,9 @@ ms.reviewer: Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. +>[!IMPORTANT] +>The feature only locks the computer if Bluetooth signal falls and the system is idle. If the system is not idle (for example, intruder got access **before** Bluetooth signal falls below the limit), it will not be locked. Therefor, dynamic lock is an additional barrier, it does not replace the need to lock the computer by user, it only reduces the probability of someone gaining access if user forgets to lock it. + You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value: From 7988ab83f21442598b2662347f40873f07234643 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Fri, 10 Jun 2022 15:12:39 +0530 Subject: [PATCH 335/540] Update enhanced-diagnostic-data-windows-analytics-events-and-fields.md --- ...anced-diagnostic-data-windows-analytics-events-and-fields.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index ee2bf8af2f..79c4fe1d56 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -119,7 +119,7 @@ Collects Office metadata through UTC to compare with equivalent data collected t Applicable to all Win32 applications. Helps us understand the status of the update process of the office suite (Success or failure with error details). - **build:** App version -- **channel:** Is this part of GA Channel or SAC-T? +- **channel:** Is this part of GA Channel? - **errorCode:** What error occurred during the upgrade process? - **errorMessage:** what was the error message during the upgrade process? - **status:** Was the upgrade successful or not? From 3076f8f4fe897cf27b6f47f11b21ad7068b2e634 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Fri, 10 Jun 2022 15:33:56 +0530 Subject: [PATCH 336/540] Update enhanced-diagnostic-data-windows-analytics-events-and-fields.md --- ...anced-diagnostic-data-windows-analytics-events-and-fields.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index 79c4fe1d56..53773edc54 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -210,7 +210,7 @@ This event is fired when the telemetry engine within an office application has p - **SessionID:** ID of the session ## Microsoft.Office.TelemetryEngine.ShutdownStart -This event is fired when the telemetry engine within an office application been uninitialized, and the application is shutting down. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not. +This event is fired when the telemetry engine within an office application has been uninitialized, and the application is shutting down. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not. - **appVersionBuild:** Third part of the version *.*.XXXXX.* - **appVersionMajor:** First part of the version X.*.*.* From c9599777d2e848423946e3fd1b4aa449a1f751e4 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 10 Jun 2022 17:08:58 +0530 Subject: [PATCH 337/540] fixed suggestion --- .../bitlocker/bitlocker-basic-deployment.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index e76c7e5c7b..1e29149153 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -115,7 +115,6 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes |Encryption Type|Windows 11, Windows 10, and Windows 8.1|Windows 8|Windows 7| - |--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| From f6dcc36862d63be3346f44bf03910de3e61b3910 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 10 Jun 2022 20:58:25 -0700 Subject: [PATCH 338/540] cleanup custom-ti links --- .openpublishing.redirection.json | 6 +++--- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 -- windows/whats-new/whats-new-windows-10-version-1703.md | 1 - 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8377f170ae..4b33fc9284 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2577,12 +2577,12 @@ }, { "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/use-custom-ti", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators", "redirect_document_id": false }, { @@ -13342,7 +13342,7 @@ }, { "source_path": "windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators", "redirect_document_id": false }, { diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 034ffc1f83..925c1ac2cb 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -95,8 +95,6 @@ We've [invested heavily in helping to protect against ransomware](https://blogs. **Endpoint detection and response** is also enhanced. New **detection** capabilities include: -- [Use the threat intelligence API to create custom alerts](/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intelligence application, and create custom threat intelligence alerts for your organization. - - [Custom detection](/microsoft-365/security/defender-endpoint/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. You can use advanced hunting through the creation of custom detection rules. - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index df0bb338ac..f18ed76c26 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -95,7 +95,6 @@ For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). New features in Microsoft Defender for Endpoint for Windows 10, version 1703 include: - **Detection**: Enhancements to the detection capabilities include: - - [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks - Upgraded detections of ransomware and other advanced attacks - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed From 671063b2f496c72498bf50edd6b2e64ca403c6f5 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 10 Jun 2022 21:03:00 -0700 Subject: [PATCH 339/540] fix dupe metadata --- .../client-management/advanced-troubleshooting-boot-problems.md | 1 - .../manage-windows-10-in-your-organization-modern-management.md | 1 - windows/client-management/mdm/index.md | 1 - windows/client-management/quick-assist.md | 1 - 4 files changed, 4 deletions(-) diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index fa8d59ec6b..817cffb7c0 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -2,7 +2,6 @@ title: Advanced troubleshooting for Windows boot problems description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals. ms.prod: w10 -author: aczechowski ms.technology: windows ms.localizationpriority: medium ms.date: 06/02/2022 diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 293ce9a76e..0f27f3d1d1 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -1,6 +1,5 @@ --- title: Manage Windows 10 in your organization - transitioning to modern management -author: dansimp description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. ms.prod: w10 ms.localizationpriority: medium diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index d7bc13edfd..5bd11c744d 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -4,7 +4,6 @@ description: Windows 10 and Windows 11 provide an enterprise-level solution to m MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' -ms.author: dansimp ms.topic: overview ms.prod: w10 ms.technology: windows diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 1576d20ec8..28cd4f3642 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -3,7 +3,6 @@ title: Use Quick Assist to help users description: How IT Pros can use Quick Assist to help users. ms.prod: w10 ms.topic: article -author: aczechowski ms.technology: windows ms.localizationpriority: medium author: aczechowski From ed727be9680c1f9cc0ae38d6fa28802256c17230 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 10 Jun 2022 21:19:11 -0700 Subject: [PATCH 340/540] fix build warnings --- .../mdm/enterpriseappmanagement-csp.md | 532 ------------------ .../mdm/policymanager-csp.md | 28 - windows/client-management/mdm/proxy-csp.md | 126 ----- .../mdm/remotering-ddf-file.md | 104 ---- ...can-use-configuration-service-providers.md | 1 - .../provisioning-uninstall-package.md | 2 - 6 files changed, 793 deletions(-) delete mode 100644 windows/client-management/mdm/enterpriseappmanagement-csp.md delete mode 100644 windows/client-management/mdm/policymanager-csp.md delete mode 100644 windows/client-management/mdm/proxy-csp.md delete mode 100644 windows/client-management/mdm/remotering-ddf-file.md diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md deleted file mode 100644 index ff17c8cd63..0000000000 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ /dev/null @@ -1,532 +0,0 @@ ---- -title: EnterpriseAppManagement CSP -description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP). -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# EnterpriseAppManagement CSP - -The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment. - -> [!NOTE] -> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core. - - -The following example shows the EnterpriseAppManagement configuration service provider in tree format. - -```console -./Vendor/MSFT -EnterpriseAppManagement -----EnterpriseID ---------EnrollmentToken ---------StoreProductID ---------StoreUri ---------CertificateSearchCriteria ---------Status ---------CRLCheck ---------EnterpriseApps -------------Inventory -----------------ProductID ---------------------Version ---------------------Title ---------------------Publisher ---------------------InstallDate -------------Download -----------------ProductID ---------------------Version ---------------------Name ---------------------URL ---------------------Status ---------------------LastError ---------------------LastErrorDesc ---------------------DownloadInstall -``` - -***EnterpriseID*** -Optional. A dynamic node that represents the EnterpriseID as a GUID. It's used to enroll or unenroll enterprise applications. - -Supported operations are Add, Delete, and Get. - -***EnterpriseID*/EnrollmentToken** -Required. Used to install or update the binary representation of the application enrollment token (AET) and initiate "phone home" token validation. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/StoreProductID** -Required. The node to host the ProductId node. Scope is dynamic. - -Supported operation is Get. - -**/StoreProductID/ProductId** -The character string that contains the ID of the first enterprise application (usually a Company Hub app), which is automatically installed on the device. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/StoreUri** -Optional. The character string that contains the URI of the first enterprise application to be installed on the device. The enrollment client downloads and installs the application from this URI. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/CertificateSearchCriteria** -Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea) function. This search parameter is case sensitive. Scope is dynamic. - -Supported operations are Get and Add. - -> [!NOTE] -> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 - - - -***EnterpriseID*/Status** -Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic. - -Supported operation is Get. - -***EnterpriseID*/CRLCheck** -Optional. Character value that specifies whether the device should do a CRL check when using a certificate to authenticate the server. Valid values are "1" (CRL check required), "0" (CRL check not required). Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/EnterpriseApps** -Required. The root node to for individual enterprise application related settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/EnterpriseApps/Inventory** -Required. The root node for individual enterprise application inventory settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/Inventory/***ProductID* -Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Version** -Required. The character string that contains the current version of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Title** -Required. The character string that contains the name of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Publisher** -Required. The character string that contains the name of the publisher of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/InstallDate** -Required. The time (in the character format YYYY-MM-DD-HH:MM:SS) that the application was installed or updated. Scope is dynamic. - -Supported operation is Get. - -**/EnterpriseApps/Download** -Required. This node groups application download-related parameters. The enterprise server can only automatically update currently installed enterprise applications. The end user controls which enterprise applications to download and install. Scope is dynamic. - -Supported operation is Get. - -**/Download/***ProductID* -Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Version** -Optional. The character string that contains version information (set by the caller) for the application currently being downloaded. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Name** -Required. The character string that contains the name of the installed application. Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/URL** -Optional. The character string that contains the URL for the updated version of the installed application. The device will download application updates from this link. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Status** -Required. The integer value that indicates the status of the current download process. The following table shows the possible values. - -|Value|Description| -|--- |--- | -|0: CONFIRM|Waiting for confirmation from user.| -|1: QUEUED|Waiting for download to start.| -|2: DOWNLOADING|In the process of downloading.| -|3: DOWNLOADED|Waiting for installation to start.| -|4: INSTALLING|Handed off for installation.| -|5: INSTALLED|Successfully installed| -|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)| -|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.| - -Scope is dynamic. Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/LastError** -Required. The integer value that indicates the HRESULT of the last error code. If there are no errors, the value is 0 (S\_OK). Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/LastErrorDesc** -Required. The character string that contains the human readable description of the last error code. - -**/Download/*ProductID*/DownloadInstall** -Required. The node to allow the server to trigger the download and installation for an updated version of the user installed application. The format for this node is null. The server must query the device later to determine the status. For each product ID, the status field is retained for up to one week. Scope is dynamic. - -Supported operation is Exec. - -## Remarks - - -### Install and Update Line of Business (LOB) applications - -A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support various file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section. - -### Uninstall Line of Business (LOB) applications - -A workplace can also remotely uninstall Line of Business applications on the device. It's not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that aren't installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section. - -### Query installed Store application - -You can determine if a Store application is installed on a system. First, you need the Store application GUID. You can get the Store application GUID by going to the URL for the Store application. - -The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db9e. - -Use the following SyncML format to query to see if the application is installed on a managed device: - -```xml - - 1 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - -``` - -Response from the device (it contains list of subnodes if this app is installed in the device). - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - node - - -Version/Title/Publisher/InstallDate - - -``` - -### Node Values - -All node values under the ProviderID interior node represent the policy values that the management server wants to set. - -- An Add or Replace command on those nodes returns success in both of the following cases: - - - The value is applied to the device. - - - The value isn’t applied to the device because the device has a more secure value set already. - -From a security perspective, the device complies with the policy request that is at least as secure as the one requested. - -- A Get command on those nodes returns the value that the server pushes down to the device. - -- If a Replace command fails, the node value is set to be the previous value before Replace command was applied. - -- If an Add command fails, the node isn't created. - -The value applied to the device can be queried via the nodes under the DeviceValue interior node. - -## OMA DM examples - - -Enroll enterprise ID “4000000001” for the first time: - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertTokenHere - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/CertificateSearchCriteria - - - - chr - - SearchCriteriaInsertedHere - - -``` - -Update the enrollment token (for example, to update an expired application enrollment token): - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertUpdaedTokenHere - - -``` - -Query all installed applications that belong to enterprise ID “4000000001”: - -```xml - - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory?list=StructData - - - - -``` - -Response from the device (that contains two installed applications): - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - ExamplePublisher - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-30T21:09:52Z - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample2 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - Contoso - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-31T21:23:31Z - - -``` - -## Install and update an enterprise application - - -Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”. - -To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application doesn't exist, the application will be silently installed without any user interaction. If the application can't be installed, the user will be notified with an Alert dialog. - -> [!NOTE] -> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). -> -> - The application product ID curly braces need to be escaped where { is %7B and } is %7D. - - - -```xml - - 2 - - - 3 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Name - - - - chr - - ContosoApp1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/URL - - - - chr - - http://contoso.com/enterpriseapps/ContosoApp1.xap - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Version - - - chr - - 2.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - 1 - - - - 4 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - - int - - 0 - - - -``` - -## Uninstall enterprise application - - -Uninstall an installed enterprise application with product ID “{7BB316008A-141D-4A79-810F-8B764C4CFDFB }”: - -```xml - - - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - - - -``` - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md deleted file mode 100644 index 39674a5d28..0000000000 --- a/windows/client-management/mdm/policymanager-csp.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: PolicyManager CSP -description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP. -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/28/2017 ---- - -# PolicyManager CSP - -PolicyManager CSP is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead. - - - -## Related articles - -[Policy CSP](policy-configuration-service-provider.md) - -[Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md deleted file mode 100644 index 7ad3c65682..0000000000 --- a/windows/client-management/mdm/proxy-csp.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: PROXY CSP -description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections. -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# PROXY CSP - - -The PROXY configuration service provider is used to configure proxy connections. - -> [!NOTE] -> Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release. - -This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - -For the PROXY CSP, you can't use the Replace command unless the node already exists. - -The following example shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol isn't supported by this configuration service provider. - -``` -./Vendor/MSFT/Proxy -----* ---------ProxyId ---------Name ---------AddrType ---------Addr ---------AddrFQDN ---------ConRefs -------------* -----------------ConRef ---------Domains -------------* -----------------DomainName ---------Ports -------------* -----------------PortNbr -----------------Services ---------------------* -------------------------ServiceName ---------ProxyType ---------ProxyParams -------------WAP -----------------Trust -----------------PushEnabled ---------Ext -------------Microsoft -----------------Guid -``` - -**./Vendor/MSFT/Proxy** -Root node for the proxy connection. - -***ProxyName*** -Defines the name of a proxy connection. - -It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead). - -The addition, update, and deletion of this subtree of nodes have to be specified in a single atomic transaction. - -***ProxyName*/PROXYID** -Specifies the unique identifier of the proxy connection. - -***ProxyName*/NAME** -Specifies the user-friendly name of the proxy connection. - -***ProxyName*/ADDR** -Specifies the address of the proxy server. - -This value may be the network name of the server, or any other string (such as an IP address) used to uniquely identify the proxy connection. - -***ProxyName*/ADDRTYPE** -Specifies the type of address used to identify the proxy server. - -The valid values are IPV4, IPV6, E164, ALPHA. - -***ProxyName*/PROXYTYPE** -Specifies the type of proxy connection. - -Depending on the ProxyID, the valid values are ISA, WAP, SOCKS, or NULL. - -***ProxyName*/Ports** -Node for port information. - -***ProxyName*/Ports/_PortName_** -Defines the name of a port. - -It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names. - -***ProxyName*/Ports/*PortName*/PortNbr** -Specifies the port number to be associated with the parent port. - -***ProxyName*/Ports/*PortName*/Services** -Node for services information. - -***ProxyName*/Ports/Services/_ServiceName_** -Defines the name of a service. - -It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names. - -***ProxyName*/Ports/Services/*ServiceName*/ServiceName** -Specifies the protocol to be associated with the parent port. - -One commonly used value is "HTTP". - -***ProxyName*/ConRefs** -Node for connection reference information - -***ProxyName*/ConRefs/_ConRefName_** -Defines the name of a connection reference. - -It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names. - -***ProxyName*/ConRefs/*ConRefName*/ConRef** -Specifies one single connectivity object associated with the proxy connection. - -## Related topics - -[Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md deleted file mode 100644 index 509dd8edc7..0000000000 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: RemoteRing DDF file -description: This topic shows the OMA DM device description framework (DDF) for the RemoteRing configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 12/05/2017 ---- - -# RemoteRing DDF file - - -This topic shows the OMA DM device description framework (DDF) for the **RemoteRing** configuration service provider. DDF files are used only with OMA DM provisioning XML. - -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). - -The XML below is the current version for this CSP. - -```xml - -]> - - 1.2 - - RemoteRing - ./User/Vendor/MSFT - - - - - - - - - - - - - - - - - - - Ring - - - - - Required. The node accepts requests to ring the device. The supported operation is Exec - - - - - - - - - - - text/plain - - - - - - Root - ./Device/Vendor/MSFT - - - - - - - - - - - - - - - - - - - -``` - -  - -  - - - - - - diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index 3e0279e5e5..b37a32b863 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -150,7 +150,6 @@ Here is a list of CSPs supported on Windows 10 Enterprise: - [DMClient CSP](/windows/client-management/mdm/dmclient-csp) - [Email2 CSP](/windows/client-management/mdm/email2-csp) - [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp) -- [EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp) - [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp) - [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp) - [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp) diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md index 04665c5f6e..6dc35cd108 100644 --- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md +++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md @@ -62,13 +62,11 @@ Here is the list of revertible settings based on configuration service providers [CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp) [EMAIL2 CSP](/windows/client-management/mdm/email2-csp) [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp) -[EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp) [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp) [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp) [NAP CSP](/windows/client-management/mdm/nap-csp) [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp) [Provisioning CSP](/windows/client-management/mdm/provisioning-csp) -[PROXY CSP](/windows/client-management/mdm/proxy-csp) [SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp) [VPN CSP](/windows/client-management/mdm/vpn-csp) [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) From a16337c48f4ef972dc3b6c937b503f685b879688 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 12 Jun 2022 15:03:13 +0500 Subject: [PATCH 341/540] Update windows/client-management/system-failure-recovery-options.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/system-failure-recovery-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 5ea73e75a2..8758e25c63 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -186,7 +186,7 @@ To specify that you don't want to overwrite any previous kernel or complete memo #### Automatic Memory Dump -The default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time. +This is the default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time. If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more details, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump). From f796ba6826e724296c97c01156087fa500963e5b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 12 Jun 2022 15:03:23 +0500 Subject: [PATCH 342/540] Update windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-feature-dynamic-lock.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 6f5edfb03b..cd2812800e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -25,8 +25,8 @@ ms.reviewer: Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. ->[!IMPORTANT] ->The feature only locks the computer if Bluetooth signal falls and the system is idle. If the system is not idle (for example, intruder got access **before** Bluetooth signal falls below the limit), it will not be locked. Therefor, dynamic lock is an additional barrier, it does not replace the need to lock the computer by user, it only reduces the probability of someone gaining access if user forgets to lock it. +> [!IMPORTANT] +> The feature only locks the computer if the Bluetooth signal falls and the system is idle. If the system is not idle (for example, the intruder got access **before** the Bluetooth signal falls below the limit), it will not be locked. Therefore, the dynamic lock feature is an additional barrier, it does not replace the need to lock the computer by the user, it only reduces the probability of someone gaining access if the user forgets to lock it. You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. From 165ca3756c3e03ed6f75fd8a60654ad8a9d364a5 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 12 Jun 2022 15:03:28 +0500 Subject: [PATCH 343/540] Update windows/client-management/system-failure-recovery-options.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/system-failure-recovery-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 8758e25c63..a69c702060 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -216,7 +216,7 @@ To specify that you don't want to overwrite any previous kernel or complete memo #### Active Memory Dump -An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a complete memory dump. +An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a Complete Memory Dump. This dump file does include any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages and various other types of memory that are not likely to be useful during debugging. For more details, see [Active Memory Dump](windows-hardware/drivers/debugger/active-memory-dump). From feabf31b3a21c580174a37b7f3c1e9d4900a7a17 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 12 Jun 2022 15:03:32 +0500 Subject: [PATCH 344/540] Update windows/client-management/system-failure-recovery-options.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/system-failure-recovery-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index a69c702060..3f77ed5794 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -190,7 +190,7 @@ This is the default option. An Automatic Memory Dump contains the same informati If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more details, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump). -To specify that you want to use a automatic memory dump file, run the following command or modify the registry value: +To specify that you want to use an automatic memory dump file, run the following command or modify the registry value: - ```cmd wmic recoveros set DebugInfoType = 7 From 670514fa1b5c2eb7750148d930f5284f6818408f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 12 Jun 2022 15:03:38 +0500 Subject: [PATCH 345/540] Update windows/client-management/system-failure-recovery-options.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/system-failure-recovery-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 3f77ed5794..b1cbad90d2 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -218,7 +218,7 @@ To specify that you don't want to overwrite any previous kernel or complete memo An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a Complete Memory Dump. -This dump file does include any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages and various other types of memory that are not likely to be useful during debugging. For more details, see [Active Memory Dump](windows-hardware/drivers/debugger/active-memory-dump). +This dump file includes any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file-backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages, and various other types of memory that are not likely to be useful during debugging. For more details, see [Active Memory Dump](windows-hardware/drivers/debugger/active-memory-dump). To specify that you want to use an active memory dump file, modify the registry value: From 18551c254f1571b2333af303c2a5d86ea8712114 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Sun, 12 Jun 2022 15:25:10 +0200 Subject: [PATCH 346/540] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index dc18e09acc..8c6cd85e3c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -60,7 +60,7 @@ The Group Policy object contains the policy settings needed to trigger Windows H 3. Right-click **Group Policy object** and select **New**. 4. Type *Enable Windows Hello for Business* in the name box and click **OK**. 5. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**. -6. In the navigation pane, expand **Policies** under **User Configuration** (this the only option for for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). +6. In the navigation pane, expand **Policies** under **User Configuration** (this is the only option for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). 7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**. 8. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**. 9. Double-click **Use certificate for on-premises authentication**. Click **Enable** and click **OK**. Close the **Group Policy Management Editor**. From 66e81da09ddfc8d17f485cdaf3672a1a4afedae7 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Sun, 12 Jun 2022 15:25:18 +0200 Subject: [PATCH 347/540] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 8c6cd85e3c..8e344e9b31 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -70,7 +70,7 @@ The Group Policy object contains the policy settings needed to trigger Windows H 1. Start the **Group Policy Management Console** (gpmc.msc). 2. Expand the domain and select the **Group Policy Object** node in the navigation pane. 3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**. -4. In the navigation pane, expand **Policies** under **User Configuration** (this the only option for for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). +4. In the navigation pane, expand **Policies** under **User Configuration** (this is the only option for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**). 5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**. 6. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**. 7. Select **Enabled** from the **Configuration Model** list. From dd4b16cba7cdccecf9eddab29a6c877c1b8db510 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 13 Jun 2022 11:44:46 +0530 Subject: [PATCH 348/540] Updated as per feedback --- ...ct-data-using-enterprise-site-discovery.md | 8 +++---- ...ct-data-using-enterprise-site-discovery.md | 8 +++---- ...he-internet-explorer-11-blocker-toolkit.md | 2 +- .../ie11-faq/faq-ie11-blocker-toolkit.yml | 4 ++-- .../windows/chromebook-migration-guide.md | 2 +- .../app-v/appv-capacity-planning.md | 2 +- .../app-v/appv-supported-configurations.md | 2 +- .../mdm/applicationcontrol-csp.md | 4 ++-- .../ue-v/uev-deploy-required-features.md | 2 +- .../configuration/ue-v/uev-sync-methods.md | 2 +- windows/deployment/deploy-windows-to-go.md | 2 +- ...oyment-considerations-for-windows-to-go.md | 2 +- ...ndows-to-go-frequently-asked-questions.yml | 2 +- .../update-compliance-configuration-mem.md | 2 +- .../upgrade/resolution-procedures.md | 2 +- .../demonstrate-deployment-on-vm.md | 2 +- ...ndows-diagnostic-events-and-fields-1703.md | 4 ++-- ...ndows-diagnostic-events-and-fields-1709.md | 2 +- ...ndows-diagnostic-events-and-fields-1803.md | 2 +- ...ndows-diagnostic-events-and-fields-1809.md | 4 ++-- ...ndows-diagnostic-events-and-fields-1903.md | 2 +- .../retired/hello-how-it-works.md | 2 +- .../bitlocker-management-for-enterprises.md | 2 +- .../deploy-appid-tagging-policies.md | 4 ++-- ...-apps-deployed-with-a-managed-installer.md | 2 +- .../create-wdac-deny-policy.md | 2 +- ...e-wdac-policy-for-fully-managed-devices.md | 22 ++++++++----------- ...wdac-policy-for-lightly-managed-devices.md | 20 +++++++---------- .../deploy-wdac-policies-with-memcm.md | 12 +++++----- .../example-wdac-base-policies.md | 2 +- .../feature-availability.md | 2 +- .../types-of-devices.md | 5 +---- ...ication-control-policy-design-decisions.md | 2 +- ...control-with-intelligent-security-graph.md | 4 ++-- 34 files changed, 66 insertions(+), 77 deletions(-) diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index 9e5e461261..91c262c502 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -138,7 +138,7 @@ Before you can start to collect your data, you must run the provided PowerShell -OR- - Collect your hardware inventory using the MOF Editor with a .MOF import file.

      -OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes. @@ -235,7 +235,7 @@ After you’ve collected your data, you’ll need to get the local files off of -OR- - Collect your hardware inventory using the MOF Editor with a .MOF import file.

      -OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) ### Collect your hardware inventory using the MOF Editor while connected to a client device You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. @@ -277,8 +277,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f 4. Click **OK** to close the default windows.
      Your environment is now ready to collect your hardware inventory and review the sample reports. -### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) -You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. +### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) +You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. **To collect your inventory** diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 63709888c6..24265e0261 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -142,7 +142,7 @@ Before you can start to collect your data, you must run the provided PowerShell -OR- - Collect your hardware inventory using the MOF Editor with a .MOF import file.

      -OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes. @@ -239,7 +239,7 @@ After you’ve collected your data, you’ll need to get the local files off of -OR- - Collect your hardware inventory using the MOF Editor with a .MOF import file.

      -OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) ### Collect your hardware inventory using the MOF Editor while connected to a client device You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. @@ -281,8 +281,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f 4. Click **OK** to close the default windows.
      Your environment is now ready to collect your hardware inventory and review the sample reports. -### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) -You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. +### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only) +You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. **To collect your inventory** diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md index 3ec3c7c763..13e84a6792 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md @@ -75,7 +75,7 @@ If you use Automatic Updates in your company, but want to stop your users from a > [!NOTE] >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml). -- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit. +- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit. > [!NOTE] > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml index 178595abf4..618ec339b5 100644 --- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml +++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml @@ -22,7 +22,7 @@ summary: | Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit. > [!Important] - > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment. + > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment. - [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process) @@ -47,7 +47,7 @@ sections: - question: | Whtools cI use to manage Windows Updates and Microsoft Updates in my company? answer: | - We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)). + We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)). - question: | How long does the blocker mechanism work? diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 37e9cba645..6ecad551d4 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -485,7 +485,7 @@ Table 9. Management systems and deployment resources |--- |--- | |Windows provisioning packages|

    • [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
    • [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
    • [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)| |Group Policy|
    • [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
    • [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"| -|Configuration Manager|
    • [Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
    • [Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))| +|Configuration Manager|
    • [Site Administration for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
    • [Deploying Clients for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))| |Intune|
    • [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
    • [System Center 2012 R2 Configuration Manager &amp; Windows Intune](/learn/?l=fCzIjVKy_6404984382)| |MDT|
    • [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)| diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md index 969926e2ed..1b99178358 100644 --- a/windows/application-management/app-v/appv-capacity-planning.md +++ b/windows/application-management/app-v/appv-capacity-planning.md @@ -34,7 +34,7 @@ You can also manage your App-V environment using an electronic software distribu * **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no extra components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios: * When there are disconnected remote users who can't connect to the App-V infrastructure. - * When you're running a software management system, such as System Center 2012 Configuration Manager. + * When you're running a software management system, such as Configuration Manager. * When network bandwidth limitations inhibit electronic software distribution. * **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios: diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index 071879bc7c..2522c24732 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -119,7 +119,7 @@ See the Windows or Windows Server documentation for the hardware requirements. ## Supported versions of Microsoft Endpoint Configuration Manager -The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606. +The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606. ## Related articles diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 2975a094c7..8440d7e79f 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -152,7 +152,7 @@ Value type is char. ## Microsoft Endpoint Manager (MEM) Intune Usage Guidance -For customers using Intune standalone or hybrid management with Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). +For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). ## Generic MDM Server Usage Guidance @@ -301,7 +301,7 @@ An example of Delete command is: ## PowerShell and WMI Bridge Usage Guidance -The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md). +The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md). ### Setup for using the WMI Bridge diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md index 22cfb858c0..b41463da76 100644 --- a/windows/configuration/ue-v/uev-deploy-required-features.md +++ b/windows/configuration/ue-v/uev-deploy-required-features.md @@ -49,7 +49,7 @@ The settings storage location is defined by setting the SettingsStoragePath conf - Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings -- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V +- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V - With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md) diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md index 31ae2008ce..47ddb1c82a 100644 --- a/windows/configuration/ue-v/uev-sync-methods.md +++ b/windows/configuration/ue-v/uev-sync-methods.md @@ -31,7 +31,7 @@ You can configure the sync method in these ways: - Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings -- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V +- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V - With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md) diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 9846a41bcf..d4f4c27135 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -39,7 +39,7 @@ The following is a list of items that you should be aware of before you start th * When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive. -* System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)). +* Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)). * If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive. diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 397f230051..986659ce39 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -61,7 +61,7 @@ DirectAccess can be used to ensure that the user can log in with their domain cr ### Image deployment and drive provisioning considerations -The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center 2012 Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive. +The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive. ![windows to go image deployment.](images/wtg-image-deployment.gif) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index 468fb48151..f57d4eedc3 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -162,7 +162,7 @@ sections: - question: | Can the user self-provision Windows To Go? answer: | - Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). + Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). - question: | How can Windows To Go be managed in an organization? diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 8d47eba6f3..8422a69d5e 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -25,7 +25,7 @@ ms.topic: article > [!NOTE] > As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. -This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: +This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager (MEM)](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured. 2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured. diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index aa86279555..5efc901351 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -84,7 +84,7 @@ See the following general troubleshooting procedures associated with a result co |0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you've signed in as a local administrator or have local administrator privileges.| |0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device doesn't resolve the issue, then use the Disk Cleanup utility to clean up the temporary files and the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68).| |0xC1900209|The user has chosen to cancel because the system doesn't pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information.

      You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.| -|0x8007002|This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)

      The error 80072efe means that the connection with the server was terminated abnormally.

      To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.| +|0x8007002|This error is specific to upgrades using Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)

      The error 80072efe means that the connection with the server was terminated abnormally.

      To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.| |0x80240FFF|Occurs when update synchronization fails. It can occur when you're using Windows Server Update Services on its own or when it's integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:

      1. Disable the Upgrades classification.
      2. Install hotfix 3095113.
      3. Delete previously synched updates.
      4. Enable the Upgrades classification.
      5. Perform a full synch.

      For detailed information on how to run these steps check out How to delete upgrades in WSUS.| |0x8007007E|Occurs when update synchronization fails because you don't have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you're using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.

      Stop the Windows Update service.

    • Sign in as a user with administrative privileges, and then do the following:
    • Open Administrative Tools from the Control Panel.
    • Double-click Services.
    • Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.

      Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.

      Restart the Windows Update service.| diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index b942f83a14..d568f05eef 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -613,7 +613,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n ### Delete (deregister) Autopilot device -You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. +You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the Microsoft Endpoint Manager admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. > [!div class="mx-imgBorder"] > ![Delete device step 1.](images/delete-device1.png) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index cd1cb3afe6..c2f6129519 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1314,7 +1314,7 @@ The following fields are available: - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager environment. +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier. @@ -3140,7 +3140,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. +- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 6a19d4f822..079490dd99 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -3148,7 +3148,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. +- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index cf9e96bf73..912861438f 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -4550,7 +4550,7 @@ The following fields are available: - **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. - **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. -- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. +- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager. - **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. - **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. - **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index e1d9c05c8c..645690fd3d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -3362,7 +3362,7 @@ The following fields are available: - **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network. - **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device. - **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device. -- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft System Center Configuration Manager to keep the operating system and applications up to date. +- **IsDeviceSccmManaged** Indicates whether the device is running the Configuration Manager to keep the operating system and applications up to date. - **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated. - **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications. - **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services). @@ -6058,7 +6058,7 @@ The following fields are available: - **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. - **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected. - **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device. -- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft System Center Configuration Manager. +- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager. - **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use. - **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress. - **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 69a1cecb22..c474b2d518 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -3623,7 +3623,7 @@ The following fields are available: - **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network. - **IsDeviceOobeBlocked** Indicates whether the OOBE (Out of Box Experience) is blocked on the device. - **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device. -- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft System Center Configuration Manager to keep the operating system and applications up to date. +- **IsDeviceSccmManaged** Indicates whether the device is running the Configuration Manager to keep the operating system and applications up to date. - **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated. - **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications. - **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services). diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 7a06722124..a3f4153369 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -99,7 +99,7 @@ Windows Hello depends on having compatible IDPs available to it. As of this writ - Use an existing Windows-based PKI centered around Active Directory Certificate Services. This option requires additional infrastructure, including a way to issue certificates to users. You can use NDES to register devices directly, or Microsoft Intune where it’s available to manage mobile device participation in Windows Hello. - The normal discovery mechanism that clients use to find domain controllers and global catalogs relies on Domain Name System (DNS) SRV records, but those records don’t contain version data. Windows 10 computers will query DNS for SRV records to find all available Active Directory servers, and then query each server to identify those that can act as Windows Hello IDPs. The number of authentication requests your users generate, where your users are located, and the design of your network all drive the number of Windows Server 2016 domain controllers required. -- Azure AD can act as an IDP either by itself or alongside an on-premises AD DS forest. Organizations that use Azure AD can register devices directly without having to join them to a local domain by using the capabilities the Azure AD Device Registration service provides. In addition to the IDP, Windows Hello requires an MDM system. This system can be the cloud-based Intune if you use Azure AD, or an on-premises System Center Configuration Manager deployment that meets the system requirements described in the Deployment requirements section of this document. +- Azure AD can act as an IDP either by itself or alongside an on-premises AD DS forest. Organizations that use Azure AD can register devices directly without having to join them to a local domain by using the capabilities the Azure AD Device Registration service provides. In addition to the IDP, Windows Hello requires an MDM system. This system can be the cloud-based Intune if you use Azure AD, or an on-premises Configuration Manager deployment that meets the system requirements described in the Deployment requirements section of this document. ## Related topics diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index e5df19b1b9..1b234aad34 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -30,7 +30,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu ## Managing domain-joined computers and moving to cloud -Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 or later can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). +Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index 8c2b314e2b..86efc39597 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ ms.technology: windows-sec Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: 1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm) -1. [Deploy policies with MEMCM](#deploy-appid-tagging-policies-with-memcm) +1. [Deploy policies with Microsoft Endpoint Configuration Manager](#deploy-appid-tagging-policies-with-memcm) 1. [Deploy policies using scripting](#deploy-appid-tagging-policies-via-scripting) 1. [Deploy using the ApplicationControl CSP](#deploying-policies-via-the-applicationcontrol-csp) @@ -42,7 +42,7 @@ Custom AppId Tagging policies can be deployed to endpoints using [the OMA-URI fe ## Deploy AppId Tagging Policies with MEMCM -Custom AppId Tagging policies can deployed via MEMCM using the [deployment task sequences](/deployment/deploy-windows-defender-application-control-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. +Custom AppId Tagging policies can deployed via Configuration Manager using the [deployment task sequences](/deployment/deploy-windows-defender-application-control-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. ### Deploy AppId Tagging Policies via Scripting diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index 7f1f74be4f..e7fccafbfd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -125,7 +125,7 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS ``` -4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Microsoft Endpoint Config Manager (MEMCM)and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This ensures the policy will merge successfully on devices which may already have an AppLocker policy in place. +4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This ensures the policy will merge successfully on devices which may already have an AppLocker policy in place. ```xml diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index a5b01bd9ff..b5aca1e44a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -157,7 +157,7 @@ Policies should be thoroughly evaluated and first rolled out in audit mode befor 1. Mobile Device Management (MDM): [Deploy Windows Defender Application Control (WDAC) policies using Mobile Device Management (MDM) (Windows)](deploy-windows-defender-application-control-policies-using-intune.md) -2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)](deployment/deploy-wdac-policies-with-memcm.md) +2. Configuration Manager: [Deploy Windows Defender Application Control (WDAC) policies by using Configuration Manager (Windows)](deployment/deploy-wdac-policies-with-memcm.md) 3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows)](deployment/deploy-wdac-policies-with-script.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index d777bcb8fe..283ec90d38 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -46,13 +46,9 @@ Alice previously created a policy for the organization's lightly managed devices Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed devices: - All clients are running Windows 10 version 1903 or above or Windows 11; -- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune; - -> [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. - -- Most, but not all, apps are deployed using MEMCM; -- Sometimes, IT staff install apps directly to these devices without using MEMCM; +- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune; +- Most, but not all, apps are deployed using Configuration Manager; +- Sometimes, IT staff install apps directly to these devices without using Configuration Manager; - All users except IT are standard users on these devices. Alice's team develops a simple console application, called *LamnaITInstaller.exe*, which will become the authorized way for IT staff to install apps directly to devices. *LamnaITInstaller.exe* allows the IT pro to launch another process, such as an app installer. Alice will configure *LamnaITInstaller.exe* as an additional managed installer for WDAC and allows her to remove the need for filepath rules. @@ -64,8 +60,8 @@ Based on the above, Alice defines the pseudo-rules for the policy: - WHQL (3rd party kernel drivers) - Windows Store signed apps -2. **"MEMCM works”** rules that include signer and hash rules for MEMCM components to properly function -3. **Allow Managed Installer** (MEMCM and *LamnaITInstaller.exe* configured as a managed installer) +2. **"MEMCM works”** rules that include signer and hash rules for Configuration Manager components to properly function. +3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer) The critical differences between this set of pseudo-rules and those defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are: @@ -74,14 +70,14 @@ The critical differences between this set of pseudo-rules and those defined for ## Create a custom base policy using an example WDAC base policy -Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully-managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs. +Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully-managed devices. She decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs. Alice follows these steps to complete this task: > [!NOTE] -> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. +> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy. -1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11. +1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11. 2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables: @@ -91,7 +87,7 @@ Alice follows these steps to complete this task: $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml" ``` -3. Copy the policy created by MEMCM to the desktop: +3. Copy the policy created by Configuration Manager to the desktop: ```powershell cp $MEMCMPolicy $LamnaPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md index 90b3e0fd6e..8ed966bba8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md @@ -46,12 +46,8 @@ For the majority of users and devices, Alice wants to create an initial policy t Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's lightly managed devices, which currently include most end-user devices: - All clients are running Windows 10 version 1903 and above, or Windows 11; -- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune; - - > [!NOTE] - > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. - -- Some, but not all, apps are deployed using MEMCM; +- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune. +- Some, but not all, apps are deployed using Configuration Manager; - Most users are local administrators on their devices; - Some teams may need additional rules to authorize specific apps that don't apply generally to all other users. @@ -62,8 +58,8 @@ Based on the above, Alice defines the pseudo-rules for the policy: - WHQL (3rd party kernel drivers) - Windows Store signed apps -2. **"MEMCM works”** rules which include signer and hash rules for MEMCM components to properly function -3. **Allow Managed Installer** (MEMCM configured as a managed installer) +2. **"MEMCM works”** rules which include signer and hash rules for Configuration Manager components to properly function +3. **Allow Managed Installer** (Configuration Manager configured as a managed installer) 4. **Allow Intelligent Security Graph (ISG)** (reputation-based authorization) 5. **Admin-only path rules** for the following locations: - C:\Program Files\* @@ -72,14 +68,14 @@ Based on the above, Alice defines the pseudo-rules for the policy: ## Create a custom base policy using an example WDAC base policy -Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs. +Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly managed devices. She decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs. Alice follows these steps to complete this task: > [!NOTE] -> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy. +> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy. -1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 and above, or Windows 11. +1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 and above, or Windows 11. 2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables: @@ -89,7 +85,7 @@ Alice follows these steps to complete this task: $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml" ``` -3. Copy the policy created by MEMCM to the desktop: +3. Copy the policy created by Configuration Manager to the desktop: ```powershell cp $MEMCMPolicy $LamnaPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 4c931b2732..856b95f0a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -31,18 +31,18 @@ You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Window ## Use MEMCM's built-in policies -MEMCM includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: +Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: - Windows components - Microsoft Store apps -- Apps installed by MEMCM (MEMCM self-configured as a managed installer) +- Apps installed by Configuration Manager (Configuration Manager self-configured as a managed installer) - [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) -- [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints. +- [Optional] Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints. -Note that MEMCM does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. +Note that Configuration Manager does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. -For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). +For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). ## Deploy custom WDAC policies using Packages/Programs or Task Sequences -Using MEMCM's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. +Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index bd792e1029..441c4694e4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -42,4 +42,4 @@ When you create policies for use with Windows Defender Application Control (WDAC | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using Windows Defender Application Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **DenyAllAudit.xml** | ***Warning: May cause long boot time on Windows Server 2019.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service NuGet Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) | -| **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM) can deploy a policy with MEMCM's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | +| **MEM Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md index 0435921894..d51eeb7f4d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md +++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md @@ -34,7 +34,7 @@ ms.technology: windows-sec |-------------|------|-------------| | Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later | Available on Windows 8 or later | | SKU availability | Cmdlets are available on all SKUs on 1909+ builds.
      For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. | Policies deployed through GP are only effective on Enterprise devices.
      Policies deployed through MDM are effective on all SKUs. | -| Management solutions |

      • [Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)
      • [Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)
      • [Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md)
      • PowerShell
      |
      • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
      • MEMCM (custom policy deployment via Software Distribution only)
      • [Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)
      • PowerShell
          • | +| Management solutions |
          • [Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)
          • [Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)
          • [Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md)
          • PowerShell
          |
          • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
          • Configuration Manager (custom policy deployment via Software Distribution only)
          • [Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)
          • PowerShell
              • | | Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ | | Kernel mode policies | Available on all Windows 10 versions and Windows 11 | Not available | | Per-app rules | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) | Not available | diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index aa692dacf2..6497855a49 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -46,10 +46,7 @@ In the next set of topics, we will explore each of the above scenarios using a f Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff. -Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response. - -> [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. +Lamna uses [Microsoft Endpoint Manager (MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use MEM to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response. Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control. diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 0746ce1d5f..9729e7515d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -50,7 +50,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. -Microsoft Endpoint Configuration Manager, previously known as System Center Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. +Configuration Manager uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. The following questions can help you plan your Windows Defender Application Control deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order, and are not meant to be an exhaustive set of design considerations. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 2f813ad6a4..d16be550a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -43,7 +43,7 @@ If the file with good reputation is an application installer, its reputation wil WDAC periodically re-queries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option. >[!NOTE] ->Admins should make sure there is a Windows Defender Application Control policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines. +>Admins should make sure there is a Windows Defender Application Control policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager Intune can be used to create and push a WDAC policy to your client machines. ## Configuring Intelligent Security Graph authorization for Windows Defender Application Control @@ -90,7 +90,7 @@ In order for the heuristics used by the ISG to function properly, a number of co appidtel start ``` -This step isn't required for Windows Defender Application Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using MEMCM's WDAC integration. +This step isn't required for Windows Defender Application Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using Configuration Manager's WDAC integration. ## Security considerations with the Intelligent Security Graph From 2208287b4bc73208a7184139e8127d8a4f71c9d1 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 13 Jun 2022 12:25:56 +0530 Subject: [PATCH 349/540] MEM updates --- .../private-app-repository-mdm-company-portal-windows-11.md | 2 +- windows/client-management/mdm/applicationcontrol-csp.md | 4 ++-- .../update/update-compliance-configuration-mem.md | 2 +- .../AppIdTagging/deploy-appid-tagging-policies.md | 6 +++--- ...ure-authorized-apps-deployed-with-a-managed-installer.md | 2 +- .../create-wdac-policy-for-fully-managed-devices.md | 2 +- .../create-wdac-policy-for-lightly-managed-devices.md | 2 +- ...ultiple-windows-defender-application-control-policies.md | 4 ++-- ...ws-defender-application-control-policies-using-intune.md | 2 +- .../deployment/deploy-wdac-policies-with-memcm.md | 4 ++-- .../deployment/deploy-wdac-policies-with-script.md | 2 +- .../example-wdac-base-policies.md | 2 +- .../types-of-devices.md | 2 +- ...r-application-control-with-intelligent-security-graph.md | 2 +- ...windows-defender-application-control-deployment-guide.md | 2 +- windows/security/zero-trust-windows-device-health.md | 4 ++-- 16 files changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md index 17fe815f82..45f7dec8fa 100644 --- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md +++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md @@ -26,7 +26,7 @@ This article discusses the Company Portal app installation options, adding organ ## Before you begin -The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices. +The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices. If you're not managing your devices using an MDM provider, the following resources may help you get started: diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 8440d7e79f..970bfa5103 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -150,9 +150,9 @@ Scope is dynamic. Supported operation is Get. Value type is char. -## Microsoft Endpoint Manager (MEM) Intune Usage Guidance +## Microsoft Endpoint Manager Intune Usage Guidance -For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). +For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). ## Generic MDM Server Usage Guidance diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 8422a69d5e..50064f0555 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -25,7 +25,7 @@ ms.topic: article > [!NOTE] > As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. -This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager (MEM)](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: +This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps: 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured. 2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured. diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index 86efc39597..359d1150a6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ ms.technology: windows-sec Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: 1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm) -1. [Deploy policies with Microsoft Endpoint Configuration Manager](#deploy-appid-tagging-policies-with-memcm) +1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-memcm) 1. [Deploy policies using scripting](#deploy-appid-tagging-policies-via-scripting) 1. [Deploy using the ApplicationControl CSP](#deploying-policies-via-the-applicationcontrol-csp) @@ -40,7 +40,7 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagg Custom AppId Tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). -## Deploy AppId Tagging Policies with MEMCM +## Deploy AppId Tagging Policies with Configuration Manager Custom AppId Tagging policies can deployed via Configuration Manager using the [deployment task sequences](/deployment/deploy-windows-defender-application-control-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. @@ -54,7 +54,7 @@ Multiple WDAC policies can be managed from an MDM server through ApplicationCont However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP. -For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use MEM Intune's Custom OMA-URI capability. +For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use Microsoft Endpoint Manager Intune's Custom OMA-URI capability. > [!NOTE] > WMI and GP do not currently support multiple policies. Instead, customers who can't directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index e7fccafbfd..839aa3a791 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -39,7 +39,7 @@ You can then configure WDAC to trust files that are installed by a managed insta ## Security considerations with managed installer -Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do. The managed installer is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager (MEMCM). +Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do. The managed installer is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager. Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index 283ec90d38..c0296ea8e6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -30,7 +30,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager (MEM). Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. +This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md index 8ed966bba8..d03bb18a75 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md @@ -58,7 +58,7 @@ Based on the above, Alice defines the pseudo-rules for the policy: - WHQL (3rd party kernel drivers) - Windows Store signed apps -2. **"MEMCM works”** rules which include signer and hash rules for Configuration Manager components to properly function +2. **"MEMCM works”** rules which include signer and hash rules for Configuration Manager components to properly function. 3. **Allow Managed Installer** (Configuration Manager configured as a managed installer) 4. **Allow Intelligent Security Graph (ISG)** (reputation-based authorization) 5. **Admin-only path rules** for the following locations: diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 50a9a80492..37126d5855 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -91,7 +91,7 @@ When merging, the policy type and ID of the leftmost/first policy specified is u ## Deploying multiple policies -In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature. +In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by Microsoft Endpoint Manager Intune's Custom OMA-URI feature. ### Deploying multiple policies locally @@ -109,7 +109,7 @@ Multiple Windows Defender Application Control policies can be managed from an MD However, when policies are un-enrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP. -See [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using MEM Intune's Custom OMA-URI capability. +See [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using Microsoft Endpoint Manager Intune's Custom OMA-URI capability. > [!NOTE] > WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 61a0f3ce27..143fbdcc2e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -29,7 +29,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager (MEM) Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. +You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. ## Use Intune's built-in policies diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 856b95f0a8..b8f3362555 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -27,11 +27,11 @@ ms.localizationpriority: medium >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC) on client machines. +You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines. ## Use MEMCM's built-in policies -Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: +Microsoft Endpoint Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: - Windows components - Microsoft Store apps diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index e57deda422..28a74c5e9f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -80,7 +80,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p ## Deploying signed policies -In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. +In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index 441c4694e4..601db3b421 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -36,7 +36,7 @@ When you create policies for use with Windows Defender Application Control (WDAC | **Example Base Policy** | **Description** | **Where it can be found** | |----------------------------|---------------------------------------------------------------|--------| -| **DefaultWindows.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager(MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | +| **DefaultWindows.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using Windows Defender Application Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 6497855a49..6ff71e34a5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -46,7 +46,7 @@ In the next set of topics, we will explore each of the above scenarios using a f Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff. -Lamna uses [Microsoft Endpoint Manager (MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use MEM to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response. +Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Endpoint Manager to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response. Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index d16be550a8..4e1abd6929 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -130,4 +130,4 @@ Packaged apps are not supported with the Microsoft Intelligent Security Graph he The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. >[!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in Windows Defender Application Control support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Endpoint Manager Intune's built-in Windows Defender Application Control support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index e4cc911cca..d87ee2f357 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -42,6 +42,6 @@ All Windows Defender Application Control policy changes should be deployed in au There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: 1. [Deploy using a Mobile Device Management (MDM) solution](deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune -2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md) +2. [Deploy using Microsoft Endpoint Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md) 3. [Deploy via script](deployment/deploy-wdac-policies-with-script.md) 4. [Deploy via Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 6953ab042b..aec0a97576 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -50,7 +50,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side 3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation). -4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device. +4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manager integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device. 5. The attestation service does the following: @@ -60,7 +60,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side 6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service. -7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules. +7. The device then sends the report to the Microsoft Endpoint Manager cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules. 8. Conditional access, along with device-compliance state then decides to allow or deny access. From aa822a2142b8bf98d75a4c80d7d219e67bb3d686 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Mon, 13 Jun 2022 12:41:41 +0530 Subject: [PATCH 350/540] Updated-6038482-B2 Bulk metadata update. --- windows/deployment/Windows-AutoPilot-EULA-note.md | 5 ----- windows/deployment/update/PSFxWhitepaper.md | 3 --- windows/deployment/update/WIP4Biz-intro.md | 4 ---- windows/deployment/update/check-release-health.md | 4 ---- windows/deployment/update/create-deployment-plan.md | 1 - windows/deployment/update/deploy-updates-configmgr.md | 1 - windows/deployment/update/deploy-updates-intune.md | 1 - windows/deployment/update/deployment-service-overview.md | 1 - .../deployment/update/deployment-service-troubleshoot.md | 1 - windows/deployment/update/eval-infra-tools.md | 4 ---- windows/deployment/update/feature-update-user-install.md | 2 -- windows/deployment/update/fod-and-lang-packs.md | 3 --- .../deployment/update/get-started-updates-channels-tools.md | 2 -- windows/deployment/update/how-windows-update-works.md | 2 -- .../update/includes/update-compliance-endpoints.md | 2 -- windows/deployment/update/index.md | 1 - windows/deployment/update/media-dynamic-update.md | 2 -- .../update/olympia/olympia-enrollment-guidelines.md | 2 -- windows/deployment/update/optional-content.md | 2 -- windows/deployment/update/plan-define-readiness.md | 4 ---- windows/deployment/update/plan-define-strategy.md | 2 -- windows/deployment/update/plan-determine-app-readiness.md | 4 ---- windows/deployment/update/prepare-deploy-windows.md | 2 -- windows/deployment/update/quality-updates.md | 2 -- windows/deployment/update/safeguard-holds.md | 1 - windows/deployment/update/safeguard-opt-out.md | 1 - windows/deployment/update/servicing-stack-updates.md | 2 -- windows/deployment/update/update-baseline.md | 2 -- .../update/update-compliance-configuration-manual.md | 4 ---- .../update/update-compliance-configuration-mem.md | 4 ---- .../update/update-compliance-configuration-script.md | 4 ---- .../update/update-compliance-delivery-optimization.md | 4 ---- .../update/update-compliance-feature-update-status.md | 3 --- windows/deployment/update/update-compliance-get-started.md | 4 ---- windows/deployment/update/update-compliance-monitor.md | 4 ---- .../deployment/update/update-compliance-need-attention.md | 3 --- windows/deployment/update/update-compliance-privacy.md | 3 --- .../deployment/update/update-compliance-safeguard-holds.md | 3 --- .../update/update-compliance-schema-waasdeploymentstatus.md | 3 --- .../update/update-compliance-schema-waasinsiderstatus.md | 3 --- .../update/update-compliance-schema-waasupdatestatus.md | 3 --- .../update/update-compliance-schema-wudoaggregatedstatus.md | 3 --- .../update/update-compliance-schema-wudostatus.md | 3 --- windows/deployment/update/update-compliance-schema.md | 3 --- .../update/update-compliance-security-update-status.md | 2 -- windows/deployment/update/update-compliance-using.md | 4 ---- .../update/update-compliance-v2-configuration-manual.md | 3 --- .../update/update-compliance-v2-configuration-mem.md | 3 --- .../update/update-compliance-v2-configuration-script.md | 3 --- windows/deployment/update/update-compliance-v2-enable.md | 3 --- windows/deployment/update/update-compliance-v2-overview.md | 3 --- .../deployment/update/update-compliance-v2-prerequisites.md | 3 --- .../update/update-compliance-v2-schema-ucclient.md | 3 --- .../update-compliance-v2-schema-ucclientreadinessstatus.md | 3 --- .../update-compliance-v2-schema-ucclientupdatestatus.md | 3 --- .../update/update-compliance-v2-schema-ucdevicealert.md | 3 --- .../update-compliance-v2-schema-ucserviceupdatestatus.md | 3 --- .../update/update-compliance-v2-schema-ucupdatealert.md | 3 --- windows/deployment/update/update-compliance-v2-schema.md | 3 --- windows/deployment/update/update-compliance-v2-use.md | 3 --- windows/deployment/update/update-policies.md | 4 ---- windows/deployment/update/update-status-admin-center.md | 3 --- windows/deployment/update/waas-branchcache.md | 1 - windows/deployment/update/waas-configure-wufb.md | 2 -- windows/deployment/update/waas-delivery-optimization-faq.md | 3 --- windows/deployment/update/waas-integrate-wufb.md | 1 - windows/deployment/update/waas-manage-updates-wsus.md | 1 - windows/deployment/update/waas-manage-updates-wufb.md | 1 - windows/deployment/update/waas-morenews.md | 1 - windows/deployment/update/waas-overview.md | 2 -- windows/deployment/update/waas-quick-start.md | 2 -- windows/deployment/update/waas-restart.md | 1 - .../update/waas-servicing-channels-windows-10-updates.md | 1 - .../update/waas-servicing-strategy-windows-10-updates.md | 1 - windows/deployment/update/waas-wu-settings.md | 3 --- windows/deployment/update/waas-wufb-csp-mdm.md | 1 - windows/deployment/update/waas-wufb-group-policy.md | 1 - windows/deployment/update/windows-as-a-service.md | 2 -- windows/deployment/update/windows-update-error-reference.md | 3 --- windows/deployment/update/windows-update-errors.md | 3 --- windows/deployment/update/windows-update-logs.md | 3 --- windows/deployment/update/windows-update-overview.md | 3 --- windows/deployment/update/windows-update-resources.md | 3 --- windows/deployment/update/windows-update-troubleshooting.md | 3 --- windows/deployment/update/wufb-compliancedeadlines.md | 1 - windows/deployment/update/wufb-wsus.md | 2 -- windows/deployment/windows-10-deployment-tools-reference.md | 5 ----- windows/deployment/windows-10-deployment-tools.md | 5 ----- windows/deployment/windows-10-enterprise-e3-overview.md | 6 ------ windows/deployment/windows-10-media.md | 5 ----- windows/deployment/windows-10-missing-fonts.md | 5 ----- windows/deployment/windows-10-poc-mdt.md | 6 ------ windows/deployment/windows-10-poc-sc-config-mgr.md | 1 - windows/deployment/windows-10-pro-in-s-mode.md | 5 ----- windows/deployment/windows-10-subscription-activation.md | 5 ----- windows/deployment/windows-adk-scenarios-for-it-pros.md | 4 ---- .../deployment/windows-deployment-scenarios-and-tools.md | 6 ------ 97 files changed, 270 deletions(-) diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md index ea378aa5e9..7fce81849b 100644 --- a/windows/deployment/Windows-AutoPilot-EULA-note.md +++ b/windows/deployment/Windows-AutoPilot-EULA-note.md @@ -2,16 +2,11 @@ title: Windows Autopilot EULA dismissal – important information description: A notice about EULA dismissal through Windows Autopilot ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy ms.localizationpriority: medium -ms.audience: itpro ms.date: 08/22/2017 author: aczechowski ms.author: aaroncz manager: dougeby -audience: itpro ROBOTS: NOINDEX ms.topic: article --- diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md index e58eabf981..60bc7df800 100644 --- a/windows/deployment/update/PSFxWhitepaper.md +++ b/windows/deployment/update/PSFxWhitepaper.md @@ -1,10 +1,7 @@ --- title: Windows Updates using forward and reverse differentials description: A technique to produce compact software updates optimized for any origin and destination revision pair -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index aedd92040e..1eb96d1f1e 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -1,12 +1,8 @@ --- title: Introduction to the Windows Insider Program for Business description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join. -keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md index 753d519263..8b93291b64 100644 --- a/windows/deployment/update/check-release-health.md +++ b/windows/deployment/update/check-release-health.md @@ -3,12 +3,9 @@ title: "How to check Windows release health" ms.author: v-nishmi author: DocsPreview manager: jren -audience: Admin ms.topic: article ms.prod: w10 localization_priority: Normal -f1.keywords: -- CSH ms.custom: - Adm_O365 - 'O365P_ServiceHealthModern' @@ -24,7 +21,6 @@ search.appverid: - MOE150 - BCS160 - IWA160 -ms.assetid: 932ad3ad-533c-418a-b938-6e44e8bc33b0 description: "Check the release health status of Microsoft 365 services before you call support to see if there is an active service interruption." feedback_system: none --- diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md index ded102a0f2..03631234e5 100644 --- a/windows/deployment/update/create-deployment-plan.md +++ b/windows/deployment/update/create-deployment-plan.md @@ -2,7 +2,6 @@ title: Create a deployment plan description: Devise the number of deployment rings you need and how you want to populate them ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md index 6570e67a7b..ef6be01503 100644 --- a/windows/deployment/update/deploy-updates-configmgr.md +++ b/windows/deployment/update/deploy-updates-configmgr.md @@ -2,7 +2,6 @@ title: Deploy Windows client updates with Configuration Manager description: Deploy Windows client updates with Configuration Manager ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md index 9e9e69d824..d63870c7e0 100644 --- a/windows/deployment/update/deploy-updates-intune.md +++ b/windows/deployment/update/deploy-updates-intune.md @@ -2,7 +2,6 @@ title: Deploy updates with Intune description: Deploy Windows client updates with Intune ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 6aae1788d5..933d4dd014 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -3,7 +3,6 @@ title: Windows Update for Business deployment service description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md index 5d39dc754b..aa89b4a23a 100644 --- a/windows/deployment/update/deployment-service-troubleshoot.md +++ b/windows/deployment/update/deployment-service-troubleshoot.md @@ -3,7 +3,6 @@ title: Troubleshoot the Windows Update for Business deployment service description: Solutions to common problems with the service ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 7ad2af4d6f..4ba30f5bc9 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -1,15 +1,11 @@ --- title: Evaluate infrastructure and tools description: Steps to make sure your infrastructure is ready to deploy updates -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby ms.localizationpriority: medium -ms.audience: itpro ms.topic: article ms.collection: m365initiative-coredeploy --- diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md index b2be74389a..41810807d7 100644 --- a/windows/deployment/update/feature-update-user-install.md +++ b/windows/deployment/update/feature-update-user-install.md @@ -2,8 +2,6 @@ title: Best practices - deploy feature updates for user-initiated installations description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation. ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index 012deeba47..01de0f8c92 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -2,10 +2,7 @@ title: Make FoD and language packs available for WSUS/Configuration Manager description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager. ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: article ms.author: aaroncz -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 03/13/2019 diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md index 611548db79..b7b501f2c4 100644 --- a/windows/deployment/update/get-started-updates-channels-tools.md +++ b/windows/deployment/update/get-started-updates-channels-tools.md @@ -1,9 +1,7 @@ --- title: Windows client updates, channels, and tools description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them -keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 5b943421e5..4d9b31486c 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -2,8 +2,6 @@ title: How Windows Update works description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices. ms.prod: w10 -ms.mktglfcycl: -audience: itpro author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/includes/update-compliance-endpoints.md b/windows/deployment/update/includes/update-compliance-endpoints.md index 864f4d38dd..ebb1b35eb2 100644 --- a/windows/deployment/update/includes/update-compliance-endpoints.md +++ b/windows/deployment/update/includes/update-compliance-endpoints.md @@ -4,8 +4,6 @@ ms.author: mstewart manager: dougeby ms.prod: w10 ms.collection: M365-modern-desktop -ms.mktglfcycl: deploy -audience: itpro ms.topic: include ms.date: 04/06/2022 ms.localizationpriority: medium diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index cb16c3b261..effea4ec16 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -2,7 +2,6 @@ title: Update Windows client in enterprise deployments description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski manager: dougeby ms.localizationpriority: high diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 1b91bae1a5..acc9d2ff15 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -2,8 +2,6 @@ title: Update Windows installation media with Dynamic Update description: Learn how to deploy feature updates to your mission critical devices ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: SteveDiAcetis ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 363891d8a9..07becf6f73 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -5,11 +5,9 @@ ms.author: aaroncz ms.topic: article ms.prod: w10 ms.technology: windows -audience: itpro author: aczechowski ms.reviewer: manager: dougeby -keywords: insider, trial, enterprise, lab, corporation, test ms.custom: seo-marvel-apr2020 --- diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md index 2630a35fbb..ad5d745581 100644 --- a/windows/deployment/update/optional-content.md +++ b/windows/deployment/update/optional-content.md @@ -2,8 +2,6 @@ title: Migrating and acquiring optional Windows content description: Keep language resources and Features on Demand during operating system updates ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md index f91ecfe962..3b0180ab07 100644 --- a/windows/deployment/update/plan-define-readiness.md +++ b/windows/deployment/update/plan-define-readiness.md @@ -1,15 +1,11 @@ --- title: Define readiness criteria description: Identify important roles and figure out how to classify apps -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby ms.localizationpriority: medium -ms.audience: itpro ms.topic: article ms.collection: m365initiative-coredeploy --- diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md index cbe6e4c8b7..33c9252297 100644 --- a/windows/deployment/update/plan-define-strategy.md +++ b/windows/deployment/update/plan-define-strategy.md @@ -1,9 +1,7 @@ --- title: Define update strategy description: Two examples of a calendar-based approach to consistent update installation -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md index 6c84e09b15..ffe6a2795d 100644 --- a/windows/deployment/update/plan-determine-app-readiness.md +++ b/windows/deployment/update/plan-determine-app-readiness.md @@ -2,12 +2,8 @@ title: Determine application readiness manager: dougeby description: How to test your apps to know which need attention prior to deploying an update -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro ms.localizationpriority: medium -ms.audience: itpro ms.topic: article ms.collection: m365initiative-coredeploy ms.author: aaroncz diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md index d915b07973..070a39e360 100644 --- a/windows/deployment/update/prepare-deploy-windows.md +++ b/windows/deployment/update/prepare-deploy-windows.md @@ -1,9 +1,7 @@ --- title: Prepare to deploy Windows description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md index 903804f4c4..4bc2d59668 100644 --- a/windows/deployment/update/quality-updates.md +++ b/windows/deployment/update/quality-updates.md @@ -1,9 +1,7 @@ --- title: Monthly quality updates (Windows 10/11) description: Learn about Windows monthly quality updates to stay productive and protected. -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md index c5c58daacb..bfae10b8e8 100644 --- a/windows/deployment/update/safeguard-holds.md +++ b/windows/deployment/update/safeguard-holds.md @@ -2,7 +2,6 @@ title: Safeguard holds description: What are safeguard holds, how can you tell if one is in effect, and what to do about it ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md index afbf77e07c..b217acde9b 100644 --- a/windows/deployment/update/safeguard-opt-out.md +++ b/windows/deployment/update/safeguard-opt-out.md @@ -2,7 +2,6 @@ title: Opt out of safeguard holds description: Steps to install an update even it if has a safeguard hold applied ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index bafff90d2b..fe131c3f60 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -2,8 +2,6 @@ title: Servicing stack updates description: In this article, learn how servicing stack updates improve the code that installs the other updates. ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.localizationpriority: high ms.author: aaroncz diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index 58b209d82f..2c977fd2f0 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -1,9 +1,7 @@ --- title: Update Baseline description: Use an update baseline to optimize user experience and meet monthly update goals -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, tools, group policy ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index c64b4fd3da..4a022f2559 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -3,11 +3,7 @@ title: Manually configuring devices for Update Compliance ms.reviewer: manager: dougeby description: Manually configuring devices for Update Compliance -keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 8d47eba6f3..57acb3647b 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -3,11 +3,7 @@ title: Configuring Microsoft Endpoint Manager devices for Update Compliance ms.reviewer: manager: dougeby description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance -keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav, intune, mem ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index e00cfd8c93..fe5ee1aabc 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -3,11 +3,7 @@ title: Update Compliance Configuration Script ms.reviewer: manager: dougeby description: Downloading and using the Update Compliance Configuration Script -keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index 654ade49f0..d15c3d05a2 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -4,12 +4,8 @@ ms.reviewer: manager: dougeby description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz -keywords: oms, operations management suite, optimization, downloads, updates, log analytics ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md index 6313b0c269..aef454e5ea 100644 --- a/windows/deployment/update/update-compliance-feature-update-status.md +++ b/windows/deployment/update/update-compliance-feature-update-status.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 6d03b36b95..39a89bda85 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -2,11 +2,7 @@ title: Get started with Update Compliance manager: dougeby description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance -keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 029fbe9034..14be646f48 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -3,11 +3,7 @@ title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance ms.reviewer: manager: dougeby description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network. -keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md index 64d5014cac..a72b0bd9e9 100644 --- a/windows/deployment/update/update-compliance-need-attention.md +++ b/windows/deployment/update/update-compliance-need-attention.md @@ -2,9 +2,6 @@ title: Update Compliance - Need Attention! report manager: dougeby description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md index 881d8736c3..25616519e4 100644 --- a/windows/deployment/update/update-compliance-privacy.md +++ b/windows/deployment/update/update-compliance-privacy.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: an overview of the Feature Update Status report ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md index daa6e15a43..c745e589a3 100644 --- a/windows/deployment/update/update-compliance-safeguard-holds.md +++ b/windows/deployment/update/update-compliance-safeguard-holds.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Learn how the Safeguard Holds report provides information about safeguard holds in your population. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md index 116ada644d..5adad45a76 100644 --- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: WaaSDeploymentStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md index 92aa00c0d8..f3cae92504 100644 --- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: WaaSInsiderStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md index 9e0d7a5b83..ab0122a4e9 100644 --- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md +++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: WaaSUpdateStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md index 2d55302fe7..585d9bb1a9 100644 --- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md +++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: WUDOAggregatedStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md index 566ef0650a..9af734b4d5 100644 --- a/windows/deployment/update/update-compliance-schema-wudostatus.md +++ b/windows/deployment/update/update-compliance-schema-wudostatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: WUDOStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md index c20f3b863f..872530b839 100644 --- a/windows/deployment/update/update-compliance-schema.md +++ b/windows/deployment/update/update-compliance-schema.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: an overview of Update Compliance data schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md index 0acb349b36..9bec83ea8e 100644 --- a/windows/deployment/update/update-compliance-security-update-status.md +++ b/windows/deployment/update/update-compliance-security-update-status.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: Learn how the Security Update Status section provides information about security updates across all devices. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy author: aczechowski ms.author: aaroncz ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 6dc2e78cdd..1181984ab9 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -3,11 +3,7 @@ title: Using Update Compliance ms.reviewer: manager: dougeby description: Learn how to use Update Compliance to monitor your device's Windows updates. -keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: aczechowski ms.author: aaroncz ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 176b1f0a64..685add0ca0 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Manually configuring devices for Update Compliance (preview) ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 10fa6e648c..2deb4f74aa 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance (preview) ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 98bb9a944e..8c879261e7 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Downloading and using the Update Compliance (preview) Configuration Script ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 6f62c00c8f..4a6330cbed 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: How to enable the Update Compliance through the Azure portal ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index a3c3967aee..06717d299b 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Overview of Update Compliance to explain what it's used for and the cloud services it relies on. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index c4aa6213d1..acc983c3c2 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: Prerequisites for Update Compliance ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md index 70e9b938c4..6756a30807 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCClient schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md index 45a6a8eae7..ae2850180a 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCClientReadinessStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index 0fc27a857d..3db77ec9fd 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCClientUpdateStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index 71696884f7..b908d5f26b 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCDeviceAlert schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index e2fb645ed5..8ddfb1000d 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCServiceUpdateStatus schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index 1520b8656b..ca7af0d50a 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: UCUpdateAlert schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index 4a8db43f15..ce8c149ee1 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: An overview of Update Compliance (preview) data schema ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index 79edaa01cc..c136aeae12 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -4,9 +4,6 @@ ms.reviewer: manager: dougeby description: How to use the Update Compliance (preview) solution. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.collection: M365-analytics diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index d62bcbe80b..9d860f73b8 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -2,15 +2,11 @@ title: Policies for update compliance, activity, and user experience ms.reviewer: description: Explanation and recommendations for settings -keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby ms.localizationpriority: medium -ms.audience: itpro ms.topic: article ms.collection: M365-modern-desktop --- diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index a6e1f241de..9794557bd2 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -3,9 +3,6 @@ title: Microsoft admin center software updates (preview) page manager: dougeby description: Microsoft admin center populates Update Compliance data into the software updates page. ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: deploy -audience: itpro author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index abca379015..4e01cdd3ec 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -2,7 +2,6 @@ title: Configure BranchCache for Windows client updates description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 1edcdf88cb..1918ed5246 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -3,11 +3,9 @@ title: Configure Windows Update for Business manager: dougeby description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: w10 -ms.mktglfcycl: deploy ms.collection: - m365initiative-coredeploy - highpri -audience: itpro author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-delivery-optimization-faq.md b/windows/deployment/update/waas-delivery-optimization-faq.md index 6425a6af48..ffe3f4ae21 100644 --- a/windows/deployment/update/waas-delivery-optimization-faq.md +++ b/windows/deployment/update/waas-delivery-optimization-faq.md @@ -3,10 +3,7 @@ title: Delivery Optimization Frequently Asked Questions ms.reviewer: manager: dougeby description: The following is a list of frequently asked questions for Delivery Optimization. -keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index e7efe13546..d35f0cfa52 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -2,7 +2,6 @@ title: Integrate Windows Update for Business description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 68f0f0448f..7c573b20dc 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -2,7 +2,6 @@ title: Deploy Windows client updates using Windows Server Update Services description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index 0280f1f136..2c2acee4e5 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -3,7 +3,6 @@ title: Windows Update for Business manager: dougeby description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index e9ce2f2e27..0e7cf67a8b 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -4,7 +4,6 @@ description: The latest news for Windows as a service with resources to help you ms.prod: w10 ms.topic: article ms.manager: elizapo -audience: itpro author: aczechowski ms.author: aaroncz ms.reviewer: diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index c30ca87c8b..3a04bb79e1 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -1,9 +1,7 @@ --- title: Overview of Windows as a service description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works. -keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 57fcb750ea..80f6a1dbfa 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -1,9 +1,7 @@ --- title: Quick guide to Windows as a service (Windows 10) description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. -keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: high ms.author: aaroncz diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 7ef84ba4b5..a43f01d033 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -2,7 +2,6 @@ title: Manage device restarts after updates (Windows 10) description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows 10 update is installed. ms.prod: w10 -ms.mktglfcycl: deploy author: carmenf ms.localizationpriority: medium ms.author: carmenf diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 7e049263a6..9fcb3d398e 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -2,7 +2,6 @@ title: Assign devices to servicing channels for Windows client updates description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM ms.prod: w10 -ms.mktglfcycl: deploy author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 517ebf406f..bac3d71a3a 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -2,7 +2,6 @@ title: Prepare servicing strategy for Windows client updates description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 5e9ca3540e..f198383a31 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -2,10 +2,7 @@ title: Manage additional Windows Update settings description: In this article, learn about additional settings to control the behavior of Windows Update. ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro ms.localizationpriority: medium -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md index d51f0992fb..9c3384d50d 100644 --- a/windows/deployment/update/waas-wufb-csp-mdm.md +++ b/windows/deployment/update/waas-wufb-csp-mdm.md @@ -2,7 +2,6 @@ title: Configure Windows Update for Business by using CSPs and MDM description: Walk-through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 47de8f132b..1aa46d22c9 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -2,7 +2,6 @@ title: Configure Windows Update for Business via Group Policy description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy. ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index a53cf59f90..5ba5e1b014 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -3,11 +3,9 @@ title: Windows as a service ms.prod: w10 ms.topic: landing-page ms.manager: dougeby -audience: itpro author: aczechowski ms.author: aaroncz description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization. -ms.audience: itpro ms.reviewer: manager: dougeby ms.localizationpriority: high diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index dec2eca8c6..abbfea815f 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -2,13 +2,10 @@ title: Windows Update error code list by component description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors. ms.prod: w10 -ms.mktglfcycl: -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby ms.localizationpriority: medium -ms.audience: itpro ms.date: 09/18/2018 ms.topic: article ms.custom: seo-marvel-apr2020 diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index 3442f06f82..932addddfd 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -2,9 +2,6 @@ title: Windows Update common errors and mitigation description: In this article, learn about some common issues you might experience with Windows Update, as well as steps to resolve them. ms.prod: w10 -ms.mktglfcycl: -audience: itpro -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index c53de0ee44..1bb5ed3c64 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -2,9 +2,6 @@ title: Windows Update log files description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file. ms.prod: w10 -ms.mktglfcycl: -audience: itpro -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index ca12e829de..e29fa96bf5 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -2,12 +2,9 @@ title: Get started with Windows Update description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors. ms.prod: w10 -ms.mktglfcycl: -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -ms.audience: itpro ms.date: 09/18/2018 ms.topic: article --- diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index 91bc169b26..27de13d4fa 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -2,10 +2,7 @@ title: Windows Update - Additional resources description: In this article, learn details about to troubleshooting WSUS and resetting Windows Update components manually. ms.prod: w10 -ms.mktglfcycl: -audience: itpro ms.localizationpriority: medium -ms.audience: itpro manager: dougeby ms.topic: article ms.author: aaroncz diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 4c7a2d01ad..ae44dc478a 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -2,9 +2,6 @@ title: Windows Update troubleshooting description: Learn about troubleshooting Windows Update, issues related to HTTP/Proxy, and why some features are offered and others aren't. ms.prod: w10 -ms.mktglfcycl: -audience: itpro -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index ddec7e414d..7fbbd8cecc 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -3,7 +3,6 @@ title: Enforce compliance deadlines with policies in Windows Update for Business description: This article contains information on how to enforce compliance deadlines using Windows Update for Business. ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: manage author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index a93c10f142..18627b1a76 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -2,10 +2,8 @@ title: Use Windows Update for Business and Windows Server Update Services (WSUS) together description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy. ms.prod: w10 -ms.mktglfcycl: manage author: arcarley ms.localizationpriority: medium -audience: itpro ms.author: arcarley ms.collection: - m365initiative-coredeploy diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md index 7e865654b8..e135d2415d 100644 --- a/windows/deployment/windows-10-deployment-tools-reference.md +++ b/windows/deployment/windows-10-deployment-tools-reference.md @@ -1,16 +1,11 @@ --- title: Windows 10 deployment tools reference description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT). -ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro ms.date: 07/12/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index 2822f37514..a37d1cd3d0 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -1,16 +1,11 @@ --- title: Windows 10 deployment tools description: Learn how to use Windows 10 deployment tools to successfully deploy Windows 10 to your organization. -ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro ms.date: 10/16/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index b21f910bb4..69e99173d4 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -1,18 +1,12 @@ --- title: Windows 10/11 Enterprise E3 in CSP description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition. -keywords: upgrade, update, task sequence, deploy ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt ms.date: 09/28/2021 -ms.audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -audience: itpro ms.collection: - M365-modern-desktop - highpri diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 949e778c49..7740f7c09f 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -1,18 +1,13 @@ --- title: Windows 10 volume license media description: Learn about volume license media in Windows 10, and channels such as the Volume License Service Center (VLSC). -keywords: deploy, upgrade, update, software, media ms.prod: w10 -ms.mktglfcycl: plan ms.localizationpriority: medium ms.date: 10/20/2017 ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski -ms.sitesec: library -audience: itpro ms.topic: article --- diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md index 190cef5ef7..920d673e67 100644 --- a/windows/deployment/windows-10-missing-fonts.md +++ b/windows/deployment/windows-10-missing-fonts.md @@ -1,16 +1,11 @@ --- title: How to install fonts missing after upgrading to Windows client description: Some of the fonts are missing from the system after you upgrade to Windows client. -keywords: deploy, upgrade, FoD, optional feature ms.prod: w10 -ms.mktglfcycl: plan -ms.sitesec: library ms.localizationpriority: medium -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby -ms.audience: itpro ms.topic: article --- # How to install fonts that are missing after upgrading to Windows client diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index f22ca0e63d..70a835b534 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -3,18 +3,12 @@ title: Step by step - Deploy Windows 10 in a test lab using MDT description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT). ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -keywords: deployment, automate, tools, configure, mdt ms.localizationpriority: medium ms.date: 10/11/2017 ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski -audience: itpro ms.topic: article --- diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 9b38379f79..2a14609c52 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -6,7 +6,6 @@ ms.technology: windows ms.localizationpriority: medium ms.reviewer: manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski ms.topic: tutorial diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index 5be36403f0..8b30ea5825 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -4,13 +4,8 @@ description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch opti author: aczechowski ms.author: aaroncz manager: dougeby -keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.prod: w10 -ms.sitesec: library -ms.pagetype: deploy -audience: itpro ms.collection: - M365-modern-desktop - highpri diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 2b534e585f..c54812aee4 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -1,14 +1,9 @@ --- title: Windows 10/11 Subscription Activation description: In this article, you will learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions. -keywords: upgrade, update, task sequence, deploy ms.custom: seo-marvel-apr2020 ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md index b09af1725f..a95ebcecdc 100644 --- a/windows/deployment/windows-adk-scenarios-for-it-pros.md +++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md @@ -1,15 +1,11 @@ --- title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10) description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. -ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B author: aczechowski ms.author: aaroncz manager: dougeby ms.prod: w10 -ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.sitesec: library -audience: itpro ms.date: 07/27/2017 ms.topic: article --- diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 08a6973def..0506bf17c4 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -1,16 +1,10 @@ --- title: Windows 10 deployment scenarios and tools description: Learn about the tools you can use to deploy Windows 10 and related applications to your organization. Explore deployment scenarios. -ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877 manager: dougeby -ms.audience: itpro ms.author: aaroncz author: aczechowski -keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro ms.topic: article ms.collection: highpri --- From 5e7aa338a9318dd196dd5b36117e9644a84225db Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 13 Jun 2022 12:57:22 +0530 Subject: [PATCH 351/540] Fixed warning --- .../AppIdTagging/deploy-appid-tagging-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index 359d1150a6..2f9bc3249f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ ms.technology: windows-sec Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: 1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm) -1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-memcm) +1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-configuration manager) 1. [Deploy policies using scripting](#deploy-appid-tagging-policies-via-scripting) 1. [Deploy using the ApplicationControl CSP](#deploying-policies-via-the-applicationcontrol-csp) From d9b883546cb82132c6ada0238317ad68138b3139 Mon Sep 17 00:00:00 2001 From: Jake Stoker <94176328+JASTOKER@users.noreply.github.com> Date: Mon, 13 Jun 2022 14:31:20 +0100 Subject: [PATCH 352/540] Update FAQ Pre-requisites question Changed ConfigMgr 2010 to Supported version (2010 is now out of support). Added text to show that ConfigMgr and Co-Management is only required when devices are managed by ConfigMgr. If devices are Intune only, Co-management and Configmgr are not pre-requisites for Autopatch. --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 2c496594e3..5a0aafff96 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -42,8 +42,9 @@ sections: - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) + Additional pre-requisites for devices managed by Configuration Manager: - [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements) - - [Configuration Manager version 2010 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010) + - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune) - question: What are the licensing requirements for Windows Autopatch? answer: | @@ -103,4 +104,4 @@ sections: Programmatic access to Autopatch isn't currently available. additionalContent: | ## Additional Content - [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch \ No newline at end of file + [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch From 536b5c06e6ca9a371c7a1691206a86d809c824aa Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Mon, 13 Jun 2022 08:06:13 -0700 Subject: [PATCH 353/540] Update windows-autopatch-faq.yml --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 5a0aafff96..756b5a205e 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -104,4 +104,4 @@ sections: Programmatic access to Autopatch isn't currently available. additionalContent: | ## Additional Content - [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch + [Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch) From 4f9a3f7e187fb338704f778b7a154108381aff7e Mon Sep 17 00:00:00 2001 From: Jake Stoker <94176328+JASTOKER@users.noreply.github.com> Date: Mon, 13 Jun 2022 16:44:52 +0100 Subject: [PATCH 354/540] Updated Autopatch FAQ added missing bullet point. Also added clarity that co-management pilot workloads must include the devices in the pilot collection specified that are to be registered in Autopatch. @tiaraquan --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 756b5a205e..f56dfdd794 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -42,10 +42,10 @@ sections: - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) - Additional pre-requisites for devices managed by Configuration Manager: + - Additional pre-requisites for devices managed by Configuration Manager: - [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements) - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune) + - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.) - question: What are the licensing requirements for Windows Autopatch? answer: | - Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). From 841d9ecb8862151be8ea47a8862fea5601114588 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Mon, 13 Jun 2022 08:53:09 -0700 Subject: [PATCH 355/540] Update windows-autopatch-faq.yml --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index f56dfdd794..6aed402396 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -42,7 +42,7 @@ sections: - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) - - Additional pre-requisites for devices managed by Configuration Manager: + Additional pre-requisites for devices managed by Configuration Manager: - [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements) - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.) From fd662101dadc4b1507ccbcb4a78d68a04ba8a838 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Mon, 13 Jun 2022 10:24:35 -0700 Subject: [PATCH 356/540] Add section about proc config changes --- ...ws-diagnostic-data-in-your-organization.md | 66 ++++++++++++++++++- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 5c614eaed1..8a52c89678 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -8,9 +8,9 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high audience: ITPro -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri @@ -260,6 +260,9 @@ Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm ## Enable Windows diagnostic data processor configuration +> [!IMPORTANT] +> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). + The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements. ### Prerequisites @@ -327,6 +330,63 @@ Windows Update for Business: - [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections) +### Significant changes coming to the Windows diagnostic data processor configuration + +Currently, to enroll devices in the Window diagnostic data processor configuration option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level. + +To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on. + +***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.*** + +We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region. + +#### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) + +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. + +From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). + +#### Devices in Azure AD tenants with a billing address outside of the EU and EFTA + +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: + +- [Update Compliance](/windows/deployment/update/update-compliance-monitor) +- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) +- [Microsoft Managed Desktop](/managed-desktop/intro/) +- [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview) + +*(Additional licensing requirements may apply to use these services.)* + +If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data. + +> [!NOTE] +> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +#### Rollout plan for this change + +This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option. + +During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA: + +- Devices can't be enabled for the Windows diagnostic data processor configuration at this time. +- The processor configuration will be disabled in any devices that were previously enabled. +- Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +It's recommended Insiders on these devices pause flighting if these changes aren't acceptable. + +For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022. + +To prepare for this change, ensure that you meet the [prerequisites](#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. + +As part of this change, the following policies will no longer be supported to configure the processor option: + - Allow commercial data pipeline + - Allow Desktop Analytics Processing + - Allow Update Compliance Processing + - Allow WUfB Cloud Processing + - Configure the Commercial ID + ## Limit optional diagnostic data for Desktop Analytics For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing). From ead3be19d36545111746a966b521aa97101c9dc2 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Mon, 13 Jun 2022 10:34:09 -0700 Subject: [PATCH 357/540] Add links to info about data proc config changes --- .../privacy/changes-to-windows-diagnostic-data-collection.md | 3 +++ windows/privacy/windows-10-and-privacy-compliance.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index e00f0e9479..4fc453ce1e 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -81,6 +81,9 @@ The following provides information on the current configurations: ## New Windows diagnostic data processor configuration +> [!IMPORTANT] +> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). + Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory-joined devices. This configuration option is supported on the following versions of Windows: - Windows 11 Enterprise, Professional, and Education diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 3bdd705db6..5c3e01a880 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -151,6 +151,9 @@ An administrator can disable a user’s ability to delete their device’s diagn #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ +> [!IMPORTANT] +> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). + **Applies to:** - Windows 11 Enterprise, Professional, and Education editions From 97e580e87ff37fb0b5d86f3b894c086d8f8df1c9 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 13:41:14 -0400 Subject: [PATCH 358/540] fix anchor --- .../deployment/update/olympia/olympia-enrollment-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index f5d2a204e4..a877d8b490 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -55,7 +55,7 @@ Choose one of the following two enrollment options: ### Set up an Azure Active Directory-REGISTERED Windows client device -This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure AD register FAQ](/azure/active-directory/devices/faq#azure-ad-register-faq) for additional information. +This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure AD register FAQ](/azure/active-directory/devices/faq) for additional information. 1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). From 63dfc5c72ab81b7edb0b177e59e3ceb725ad4420 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 14:06:11 -0400 Subject: [PATCH 359/540] fix merge conflict --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 76776851c0..efd7119b31 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -238,7 +238,7 @@ To launch an elevated command prompt, press the Windows key on your keyboard, ty Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a directory in your PATH variable. These directories are automatically searched. Type **echo %PATH%** to see the directories in your PATH variable. -If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. +Another option is to use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem. From 18af78a23d78b57400aad3eb8d3de0b18bdffe4b Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 14:30:36 -0400 Subject: [PATCH 360/540] fix AAD to Azure AD --- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 358bbe8d5a..ae17e1cb7f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -180,7 +180,7 @@ Windows Update for Business managed devices are now able to defer feature update ### Windows Insider for Business -We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows-insider/business/register). +We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization, especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows-insider/business/register). ### Optimize update delivery From 6ef86df3b84aea4e29ffa783fdcc4a0544431c0b Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 14:38:25 -0400 Subject: [PATCH 361/540] fix links --- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index ae17e1cb7f..5a1f162a4f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -184,7 +184,7 @@ We recently added the option to download Windows 10 Insider Preview builds using ### Optimize update delivery -With changes delivered in Windows 10, version 1703, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10, version 1703, [express updates](/windows/deployment/do/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. From f89723abe1e14813975c93155569d42c9faa3ab1 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 15:13:17 -0400 Subject: [PATCH 362/540] fix table anchors --- .../provision-pcs-for-initial-deployment.md | 6 ---- ...rovision-pcs-with-apps-and-certificates.md | 7 ----- .../provision-pcs-with-apps.md | 5 ---- .../provisioning-create-package.md | 2 -- .../provisioning-how-it-works.md | 6 ---- .../provisioning-install-icd.md | 4 --- .../provisioning-packages.md | 6 ---- windows/configuration/wcd/wcd-cellcore.md | 30 ++++++------------- 8 files changed, 9 insertions(+), 57 deletions(-) diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index cec5065059..53591bd83f 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -139,12 +139,6 @@ After you're done, click **Create**. It only takes a few seconds. When the packa **Next step**: [How to apply a provisioning package](provisioning-apply-package.md) - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - - ## Related articles - [Provisioning packages for Windows client](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index 9d403656ad..45c362c928 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -174,13 +174,6 @@ For details about the settings you can customize in provisioning packages, see [ **Next step**: [How to apply a provisioning package](provisioning-apply-package.md) -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) - - ## Related topics - [Provisioning packages for Windows 10](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 86ba895398..b35c477258 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -184,11 +184,6 @@ For details about the settings you can customize in provisioning packages, see [ **Next step**: [How to apply a provisioning package](provisioning-apply-package.md) -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - - ## Related articles - [Provisioning packages for Windows client](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index 2852698705..3d88ee9da1 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -146,8 +146,6 @@ For details on each specific setting, see [Windows Provisioning settings referen ## Learn more -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - - [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm) ## Related articles diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index 737cb64b16..5d03c7ed2f 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -141,12 +141,6 @@ When applying multiple provisioning packages to a device, the provisioning engin After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**. - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - - ## Related articles - [Provisioning packages for Windows client](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index 59419bb6b2..bae03efaf1 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -78,10 +78,6 @@ On devices running Windows client, you can install [the Windows Configuration De **Next step**: [How to create a provisioning package](provisioning-create-package.md) -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - ## Related articles - [Provisioning packages for Windows client](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index b762a1d124..c51b90d6f4 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -137,12 +137,6 @@ WCD supports the following scenarios for IT administrators: -## Learn more - -For more information about provisioning, watch the following video: - -- [Provisioning Windows client devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - ## Related articles - [How provisioning works in Windows client](provisioning-how-it-works.md) diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index 502a0b3ade..fa270e58be 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -35,7 +35,7 @@ Use to configure settings for cellular data. PerDevice: [SMS](#sms) | ✔️ | ✔️ | | PerDevice: [UIX](#uix) | | | | PerDevice: [UTK](#utk) | | | | - PerlMSI: [CellData](#celldata2) | | | | + PerIMSI: [CellData](#celldata2) | | | | PerIMSI: [CellUX](#cellux2) | | | | PerIMSI: [General](#general2) | | | | PerIMSI: [RCS](#rcs2) | | | | @@ -252,20 +252,17 @@ UIGetInputDuration | Specifies the default time, in milliseconds, that the GET I -## PerlMSI +## PerIMSI Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings. +### CellData - -### CellData Setting | Description --- | --- MaxNumberOfPDPContexts | OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem. - - -### CellUX +### CellUX Setting | Description --- | --- @@ -333,8 +330,7 @@ SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10 - -### General +### General | Setting | Description | |----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -357,14 +353,9 @@ SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10 | OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) | | SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. | - -### RCS -See descriptions in Windows Configuration Designer. - - ### SMS | Setting | Description | @@ -372,7 +363,7 @@ See descriptions in Windows Configuration Designer. | AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | | DefaultMCC | Set the default mobile country code (MCC). | | Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

              - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
              - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) | -| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS](/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms). | +| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. | | Encodings > OctetEncodingPage | Set the octet (binary) encoding. | | Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. | | Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. | @@ -388,8 +379,7 @@ See descriptions in Windows Configuration Designer. | Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. | | Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. | - -### UTK +### UTK Setting | Description --- | --- @@ -405,8 +395,7 @@ IMSOMADMServices | Allows configuration of OMA DM Services Mask. The value is ma IMSServices | Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:

              - IMS, Flag: 1, Bitmask: 0001
              - SMS over IMS, Flag: 2, Bitmask: 0010
              - Voice over IMS, Flag: 4, Bitmask: 0100
              Video over IMS, Flag: 8, Bitmask: 1000 - -## Error messages for reject codes +## Error messages for reject codes Reject code | Extended error message | Short error message @@ -415,8 +404,7 @@ Reject code | Extended error message | Short error message 3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) | Can't verify SIM MM#3 | Invalid SIM 6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service - -## Values for MultivariantProvisionedSPN +## Values for MultivariantProvisionedSPN Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator. From 1aaa471e246fdd10b57a91202b801218a3e66e7e Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 13 Jun 2022 15:27:06 -0400 Subject: [PATCH 363/540] resolve merge error --- windows/configuration/wcd/wcd-cellcore.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index fa270e58be..f0acfef559 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -352,11 +352,10 @@ SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10 | OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) | | OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) | | SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. | +## RCS - - - -### SMS +See descriptions in Windows Configuration Designer. +## SMS | Setting | Description | |----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| From 83354c184d8d1bf3eaf4419799295e701bea6eab Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 13 Jun 2022 14:20:08 -0700 Subject: [PATCH 364/540] Aligning with UX based on Mounica's walkthrough. --- .../operate/windows-autopatch-edge.md | 2 +- .../operate/windows-autopatch-support-request.md | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md index 4b27f96da4..988fb95d21 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md @@ -22,7 +22,7 @@ For a device to be eligible for Microsoft Edge updates as a part of Windows Auto - The device must be powered on and have an internet connection. - There are no policy conflicts between Windows Autopatch policies and customer policies. -- The device must be able to access the required network endpoints to reach the Microsoft Edge update service. +- The device must be able to access the required network endpoints to reach the Microsoft Edge update service. - If Microsoft Edge is open, it must restart for the update process to complete. ## Update release schedule diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md index 06eeae4e4d..dbb8cdf6e1 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md @@ -26,8 +26,8 @@ Support requests are triaged and responded to as they're received. **To submit a new support request:** 1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant administration** menu. -1. In the **Windows Autopatch** section, select **Service requests**. -1. In the **Service requests** section, select **+ New support request**. +1. In the **Windows Autopatch** section, select **Support requests**. +1. In the **Support requests** section, select **+ New support request**. 1. Enter your question(s) and/or a description of the problem. 1. Review all the information you provided for accuracy. 1. When you're ready, select **Create**. @@ -43,7 +43,7 @@ You can see the summary status of all your support requests. At any time, you ca **To view all your active support requests:** 1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant Administration** menu. -1. In the **Windows Autopatch** section, select **Service request**. +1. In the **Windows Autopatch** section, select **Support request**. 1. From this view, you can export the summary view or select any case to view the details. ## Edit support request details @@ -53,8 +53,8 @@ You can edit support request details, for example, updating the primary case con **To edit support request details:** 1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant Administration** menu. -1. In the **Windows Autopatch** section, select **Service request**. -1. In the **Service requests** section, use the search bar or filters to find the case you want to edit. +1. In the **Windows Autopatch** section, select **Support request**. +1. In the **Support requests** section, use the search bar or filters to find the case you want to edit. 1. Select the case to open the request's details. 1. Scroll to the bottom of the request details and select **Edit**. 1. Update the editable information, add attachments to the case, or add a note for the Windows Autopatch Service Engineering Team. @@ -64,8 +64,8 @@ Once a support request is mitigated, it can no longer be edited. If a request ha ## Microsoft FastTrack -[Microsoft FastTrack](https://www.microsoft.com/en-us/fasttrack) offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. FastTrack Specialists can help customers work through the Windows Autopatch technical prerequisites described in the [FAQ](../overview/windows-autopatch-faq.yml). For more information, visit the [FastTrack website](https://www.microsoft.com/en-ca/fasttrack?rtc=1). +[Microsoft FastTrack](https://www.microsoft.com/fasttrack) offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. FastTrack Specialists can help customers work through the Windows Autopatch technical prerequisites described in the [FAQ](../overview/windows-autopatch-faq.yml). For more information, visit the [Microsoft FastTrack website](https://www.microsoft.com/fasttrack?rtc=1). -Customers who need help with Microsoft 365 workloads can sign in to https://fasttrack.microsoft.com/ with a valid Azure ID and submit a Request for Assistance. +Customers who need help with Microsoft 365 workloads can sign in to [Microsoft FastTrack](https://fasttrack.microsoft.com/) with a valid Azure ID and submit a Request for Assistance. Contact your Microsoft account team if you need additional assistance. From 35fba089fd4c4860f26045aab79450a9be6629b3 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 13 Jun 2022 16:17:13 -0600 Subject: [PATCH 365/540] Update provisioning-packages.md Line 73: Delete comma following a period. Delete blank lines throughout the topic. --- .../provisioning-packages/provisioning-packages.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index c51b90d6f4..b37ea19251 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -13,7 +13,6 @@ ms.collection: highpri # Provisioning packages for Windows - **Applies to** - Windows 10 @@ -28,9 +27,6 @@ Provisioning packages are simple enough that with a short set of written instruc Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). - - - @@ -41,10 +37,8 @@ Windows Configuration Designer is available as an [app in the Microsoft Store](h - ## Benefits of provisioning packages - Provisioning packages let you: - Quickly configure a new device without going through the process of installing a new image. @@ -76,7 +70,7 @@ The following table describes settings that you can configure using the wizards | Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ | | Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ | | Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ | -| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token

              [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ | +| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token

              [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ | | Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ | | Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ | | Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ | @@ -87,7 +81,6 @@ The following table describes settings that you can configure using the wizards - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard) - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard) - >[!NOTE] >After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package. @@ -95,7 +88,6 @@ The following table describes settings that you can configure using the wizards The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages. - | Customization options | Examples | |---|---| | Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters | From 6dcefd95aac7121e9d8fbf84fe2bf638039f811f Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 13 Jun 2022 18:41:48 -0600 Subject: [PATCH 366/540] Update wcd-cellcore.md Revised table coding to simplify formatting and deleted extra rows before and after tables or headings. --- windows/configuration/wcd/wcd-cellcore.md | 619 +++++++++++----------- 1 file changed, 300 insertions(+), 319 deletions(-) diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index f0acfef559..057d8d7258 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -21,109 +21,103 @@ Use to configure settings for cellular data. >These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise. ## Applies to - - Setting groups | Windows client | Surface Hub | HoloLens | IoT Core - --- | :---: | :---: | :---: | :---: - PerDevice: [CellConfigurations](#cellconfigurations) | | | | | - PerDevice: [CellData](#celldata) | ✔️ | ✔️ | | - PerDevice: [CellUX](#cellux) | ✔️ | ✔️ | | - PerDevice: [CGDual](#cgdual) | | | | - PerDevice: [eSim](#esim) | ✔️ | ✔️ | | - PerDevice: [External](#external) | | | | - PerDevice: [General](#general) | | | | - PerDevice: [RCS](#rcs) | | | | - PerDevice: [SMS](#sms) | ✔️ | ✔️ | | - PerDevice: [UIX](#uix) | | | | - PerDevice: [UTK](#utk) | | | | - PerIMSI: [CellData](#celldata2) | | | | - PerIMSI: [CellUX](#cellux2) | | | | - PerIMSI: [General](#general2) | | | | - PerIMSI: [RCS](#rcs2) | | | | - PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | | - PerIMSI: [UTK](#utk2) | | | | - PerIMSI: [VoLTE](#volte) | | | | - +|Setting groups | Windows client | Surface Hub | HoloLens | IoT Core| +|:---|:---:|:---:|:---:|:---:| +|PerDevice: [CellConfigurations](#cellconfigurations)| | | | | +|PerDevice: [CellData](#celldata) |✔️|✔️| | | +|PerDevice: [CellUX](#cellux)| ✔️ |✔️| | | +|PerDevice: [CGDual](#cgdual)| | | | | +|PerDevice: [eSim](#esim) | ✔️ | ✔️ | | | +|PerDevice: [External](#external) | | | | | +|PerDevice: [General](#general) | | | | | +|PerDevice: [RCS](#rcs)| | | | | +|PerDevice: [SMS](#sms)| ✔️ | ✔️ | | +|PerDevice: [UIX](#uix)| | | | | +|PerDevice: [UTK](#utk)| | | | | +|PerIMSI: [CellData](#celldata2)| | | | | +|PerIMSI: [CellUX](#cellux2)| | | | | +|PerIMSI: [General](#general2)| | | | | +|PerIMSI: [RCS](#rcs2)| | | | | +|PerIMSI: [SMS](#sms2)|✔️|✔️| | | +|PerIMSI: [UTK](#utk2)| | | | | +|PerIMSI: [VoLTE](#volte)| | | | | ## PerDevice ### CellConfigurations - - 1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group. 2. Select the **PropertyGroups** you just created in the **Available customizations** pane and then enter a **PropertyName**. 3. Select the **PropertyName** you just created in the **Available customizations** pane, and then select one of the following data types for the property: - - Binary - - Boolean - - Integer - - String + - Binary + - Boolean + - Integer + - String 4. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property. ### CellData -Setting | Description ---- | --- -CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled. -MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem. -ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*. -PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter. - +|Setting | Description| +|:--- |:---| +|CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.| +|MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.| +|ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.| +|PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.| ### CellUX -Setting | Description ---- | --- -APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type. -APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type. -Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control. -Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle. -Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G. -Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G. -EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot. -GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs. -Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option. -Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**. -Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**. -HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**. -HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector. -HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**. -HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G. -HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**. -HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option. -HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option. -HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option. -HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option. -HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option. -HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button. -HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button. -HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector. -HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector. -HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**. -HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. -HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed". -IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.* -LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*. -MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type. -MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type. -ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:

              - Phone tile in Start

              - Call History screen

              - Dialer

              - Call Progress screen

              - Incoming Call screen

              - As the status string under Settings > cellular+SIM


              The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message. -ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**. -ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button -ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings. -ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements. -ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**. -ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning. -ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message. -SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. -SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. -SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI. - +|Setting | Description| +|:- |:-| +|APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.| +|APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.| +|Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.| +|Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.| +|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.| +|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.| +|EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.| +|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.| +|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.| +|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.| +|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.| +|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.| +|HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.| +|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.| +|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.| +|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.| +|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.| +|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.| +|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.| +|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.| +|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.| +|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.| +|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.| +|HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.| +|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.| +|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.| +|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.| +|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".| +|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*| +|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.| +|MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.| +|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.| +|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:

              - Phone tile in Start

              - Call History screen

              - Dialer

              - Call Progress screen

              - Incoming Call screen

              - As the status string under Settings > cellular+SIM


              The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.| +|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.| +|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.| +|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.| +|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.| +|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.| +|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.| +|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.| +|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.| +|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.| +|SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI.| ### CGDual @@ -141,273 +135,261 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u ### External -Setting | Description ---- | --- -CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings. -CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode. -CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices. -EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations. -EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations. -ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0. -ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1. -ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm. -ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it. -ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications. -ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0. -ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1. -ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0. -ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1. -ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`. -ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000. -ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000. -ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes. -ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes. -ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered. -SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter. -SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off. - - +|Setting |Description| +|:--- |:---| +|CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.| +|CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.| +|CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.| +|EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.| +|EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.| +|ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.| +|ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.| +|ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.| +|ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.| +|ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.| +|ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.| +|ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.| +|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.| +|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1. +|ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.| +|ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.| +|ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.| +|ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.| +|ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.| +|ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.| +|SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter.| +|SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.| ### General -Setting | Description ---- | --- -atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:

              - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. -atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:

              - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
              - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. -AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. -CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. -CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. -CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. -DefaultSlotAffinity | Set the data connection preference for:

              - **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set
              - **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.
              - **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user. -DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. -DisableSystemTypeSupport | Enter the system types to be removed. -DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds. -DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds. -EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. -ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). -ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G. -LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. -LTEForced | Select **Yes** to force LTE. -ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off. -NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

              - system type 4: 2G (GSM)
              - system type 8: 3G (UMTS)
              - system type 16: LTE
              - system type 32: 3G (TS-SCDMA)

              Select the system type that you added, and enter the network name and suffix that you want displayed. -NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. -OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. -OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. -PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on. -Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`. -Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). -SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. -SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone. -SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal). +|Setting | Description| +|:---|:---| +|atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:

              - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.| +|atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:

              - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
              - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.| +|AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.| +|CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.| +|CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. | +|CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. | +|DefaultSlotAffinity | Set the data connection preference for:

              - **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set
              - **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.
              - **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.| +|DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.| +|DisableSystemTypeSupport | Enter the system types to be removed.| +|DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.| +|DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.| +|EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.| +|ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).| +|ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.| +|LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.| +|LTEForced | Select **Yes** to force LTE.| +|ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.| +|NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

              - system type 4: 2G (GSM)
              - system type 8: 3G (UMTS)
              - system type 16: LTE
              - system type 32: 3G (TS-SCDMA)

              Select the system type that you added, and enter the network name and suffix that you want displayed.| +|NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. | +|OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.| +|OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.| +|PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.| +|Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.| +|Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).| +|SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.| +|SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.| +|SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).| ### RCS -Setting | Description ---- | --- -SystemEnabled | Select **Yes** to specify that the system is RCS-enabled. -UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device. +|Setting | Description| +|:---|:---| +|SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.| +|UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.| ### SMS -| Setting | Description | -|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | -| DefaultMCC | Set the default mobile country code (MCC). | -| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

              - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
              - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) | -| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. | -| Encodings > OctetEncodingPage | Set the octet (binary) encoding. | -| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. | -| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. | -| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). | -| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. | -| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | -| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. | -| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. | -| SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem. | -| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. | -| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. | -| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. | -| Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS. | -| Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS. | -| Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. | -| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. | -| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. | +|Setting |Description| +|:--|:--| +|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | +|DefaultMCC |Set the default mobile country code (MCC).| +|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

              - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
              - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)| +|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. | +|Encodings > OctetEncodingPage |Set the octet (binary) encoding.| +|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding.| +|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.| +|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).| +|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation.| +|MessageExpirySeconds|Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | +|SmsFragmentLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.| +|SmsPageLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.| +|SmsStoreDeleteSize |Set the number of messages that can be deleted when a "message full" indication is received from the modem. | +|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. | +|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.| +|Type3GPP > ErrorHandling > FriendlyErrorClass|Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.| +|Type3GPP > IMS > AttemptThresholdForIMS |Set the maximum number of tries to send SMS on IMS.| +|Type3GPP > IMS > RetryEnabled |Configure whether to enable one automatic retry after failure to send over IMS.| +|Type 3GPP > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.| +|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.| +|Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.| ### UIX Setting | Description ---- | --- -SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones. -SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM". - - +|:-|:--| +|SIM1ToUIM1 |Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.| +|SIMToSIMUIM |Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".| ### UTK -Setting | Description ---- | --- -UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000. -UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000. - - - +|Setting |Description| +|:-|:-| +|UIDefaultDuration |Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.| +|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.| ## PerIMSI Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings. ### CellData - -Setting | Description ---- | --- -MaxNumberOfPDPContexts | OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem. +|Setting |Description| +|:--- |:---| +|MaxNumberOfPDPContexts |OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.| ### CellUX -Setting | Description ---- | --- -APNIPTypeIfHidden | Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen. -Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page -Critical > ShowVoLTEToggle | Show or hide VoLTE toggle. -Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so. -Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled. -Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched. -Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled. -Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled. -Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters. -Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters. -Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call. -Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters. -Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters. -Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call. -Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101. -Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call. -Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102. -Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call. -Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G. -Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G. -GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs. -Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option. -Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**. -Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**. -HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**. -HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**. -HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G. -HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**. -HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option. -HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option. -HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option. -HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option. -HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option. -HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button. -HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button. -HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector. -HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**. -HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.) -HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI. -HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed". -IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.* -LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*. -MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type. -ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:

              - Phone tile in Start

              - Call History screen

              - Dialer

              - Call Progress screen

              - Incoming Call screen

              - As the status string under Settings > cellular+SIM


              The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message. -ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**. -ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button -ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings. -ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements. -ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**. -ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning. -ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message. -SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.) -SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.) -SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.) - - - +|Setting |Description| +|:--- |:---| +|APNIPTypeIfHidden |Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.| +|Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page| +|Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.| +|Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.| +|Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.| +|Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.| +|Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.| +|Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.| +|Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters. | +|Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters. | +|Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.| +|Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters. | +|Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.| +|Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.| +|Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.| +|Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.| +|Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.| +|Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.| +|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.| +|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.| +|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.| +|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.| +|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.| +|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.| +|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.| +|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.| +|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.| +|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.| +|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.| +|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.| +|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.| +|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.| +|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.| +|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.| +|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.| +|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.| +|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.| +|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)| +|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.| +|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".| +|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*| +|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.| +|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.| +|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:

              - Phone tile in Start

              - Call History screen

              - Dialer

              - Call Progress screen

              - Incoming Call screen

              - As the status string under Settings > cellular+SIM


              The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.| +|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.| +|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.| +|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.| +|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.| +|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.| +|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.| +|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.| +|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)| +|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)| +|SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)| ### General -| Setting | Description | -|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:

              - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. | -| atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:

              - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
              - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. | -| AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. | -| CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. | -| CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. | -| CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. | -| Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn). | -| Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. | -| DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. | -| EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. | -| ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). | -| LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. | -| LTEForced | Select **Yes** to force LTE. | -| NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

              - system type 4: 2G (GSM)
              - system type 8: 3G (UMTS)
              - system type 16: LTE
              - system type 32: 3G (TS-SCDMA)

              Select the system type that you added, and enter the network name and suffix that you want displayed. | -| NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. | -| OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) | -| OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) | -| SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. | +|Setting |Description| +|:--|:--| +|atomicRoamingTableSettings3GPP |If you enable 3GPP roaming, configure the following settings:

              - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
              - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. | +|atomicRoamingTableSettings3GPP2 |If you enable 3GPP2 roaming, configure the following settings:

              - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
              - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. | +|AvoidStayingInManualSelection |You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. | +|CardAllowList |Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`.| +|CardBlockList |Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. | +|CardLock |Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. | +|Critical > MultivariantProvisionedSPN |Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn).| +|Critical > SimNameWithoutMSISDNENabled |Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. | +|DisableLTESupportWhenRoaming |Set to **Yes** to disable LTE support when roaming.| +|EnableIMSWhenRoaming|Set to **Yes** to enable IMS when roaming.| +|ExcludedSystemTypesByDefault |Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). | +|LTEEnabled |Select **Yes** to enable LTE, and **No** to disable LTE. | +|LTEForced |Select **Yes** to force LTE. | +|NetworkSuffix |To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

              - system type 4: 2G (GSM)
              - system type 8: 3G (UMTS)
              - system type 16: LTE
              - system type 32: 3G (TS-SCDMA)

              Select the system type that you added, and enter the network name and suffix that you want displayed.| +|NitzFiltering |For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.| +|OperatorListForExcludedSystemTypes |Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.)| +|OperatorPreferredForFasterRadio |Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) | +|SuggestDataRoamingARD |Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. | + ## RCS See descriptions in Windows Configuration Designer. + ## SMS -| Setting | Description | -|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | -| DefaultMCC | Set the default mobile country code (MCC). | -| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

              - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
              - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) | -| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. | -| Encodings > OctetEncodingPage | Set the octet (binary) encoding. | -| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. | -| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. | -| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). | -| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. | -| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | -| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. | -| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. | -| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. | -| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. | -| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. | -| Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. | -| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. | -| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. | +|Setting |Description| +|:--|:--| +|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver.| +|DefaultMCC |Set the default mobile country code (MCC). | +|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

              - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
              - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)| +|Encodings > GSM8BitEncodingPage |Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099.| +|Encodings > OctetEncodingPage |Set the octet (binary) encoding.| +|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding. | +|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.| +|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).| +|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. | +|MessageExpirySeconds |Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | +|SmsFragmentLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. | +|SmsPageLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.| +|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.| +|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.| +|Type3GPP > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.| +|Type3GPP > IMS > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.| +|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.| +| Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.| ### UTK -Setting | Description ---- | --- -UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000. -UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000. - +|Setting |Description| +|:---|:---| +|UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000. | +|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.| ### VoLTE -Setting | Description ---- | --- -IMSOMADMServices | Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:

              - None, Flag: 0, Bitmask: 00000
              - OMA DM, Flag: 1, Bitmask: 00001
              - Voice, Flag: 2, Bitmask: 00010
              - Video, Flag: 4, Bitmask: 00100
              - EAB presence, Flag: 8, Bitmask: 01000
              - Enable all services, Flag: 15, Bitmask: 10000 -IMSServices | Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:

              - IMS, Flag: 1, Bitmask: 0001
              - SMS over IMS, Flag: 2, Bitmask: 0010
              - Voice over IMS, Flag: 4, Bitmask: 0100
              Video over IMS, Flag: 8, Bitmask: 1000 - +|Setting | Description| +|:---|:---| +|IMSOMADMServices |Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:

              - None, Flag: 0, Bitmask: 00000
              - OMA DM, Flag: 1, Bitmask: 00001
              - Voice, Flag: 2, Bitmask: 00010
              - Video, Flag: 4, Bitmask: 00100
              - EAB presence, Flag: 8, Bitmask: 01000
              - Enable all services, Flag: 15, Bitmask: 10000| +|IMSServices |Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:

              - IMS, Flag: 1, Bitmask: 0001
              - SMS over IMS, Flag: 2, Bitmask: 0010
              - Voice over IMS, Flag: 4, Bitmask: 0100
              Video over IMS, Flag: 8, Bitmask: 1000| ## Error messages for reject codes - -Reject code | Extended error message | Short error message ---- | --- | --- -2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM -3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) | Can't verify SIM MM#3 | Invalid SIM -6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service +|Reject code |Extended error message |Short error message| +|:---|:---|:---| +|2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM| +|3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) |Can't verify SIM MM#3 |Invalid SIM| +|6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service| ## Values for MultivariantProvisionedSPN Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator. -The following table shows the scenarios supported by this customization: +The following table shows the scenarios supported by this customization. >[!NOTE] >In the Default SIM name column: @@ -416,14 +398,13 @@ The following table shows the scenarios supported by this customization: >- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting. >- SIM 1 or SIM 2 is the default friendly name for the SIM in slot 1 or slot 2. - -Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name ---- | --- | --- | --- -Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234 -Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters) -Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters) -Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234 -No|Yes|Yes|If SPN string >= 12: *SPN*1234

              If SPN string < 12: *SPN*" "1234 -No|No|No|*SIM 1* or *SIM 2* -No|Yes|No|SPN (up to 16 characters) -No|No|Yes|*SIM 1* or *SIM 2* +|Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name| +|:---|:---|:---|:---| +|Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234| +|Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)| +|Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)| +|Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234| +|No|Yes|Yes|If SPN string >= 12: *SPN*1234

              If SPN string < 12: *SPN*" "1234| +|No|No|No|*SIM 1* or *SIM 2*| +|No|Yes|No|SPN (up to 16 characters)| +|No|No|Yes|*SIM 1* or *SIM 2*| From 19119c4179ba728216eb1cd7508f5db8d0fc6095 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 14 Jun 2022 15:05:52 +0200 Subject: [PATCH 367/540] #10364 #10364 --- .../applocker/script-rules-in-applocker.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 48095da0ce..0daa8696c8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -29,6 +29,7 @@ ms.technology: windows-sec >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). + This topic describes the file formats and available default rules for the script rule collection. AppLocker defines script rules to include only the following file formats: @@ -46,6 +47,9 @@ The following table lists the default rules that are available for the script ru | Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: %windir%\*| | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: %programfiles%\*| +>[!NOTE] +>Windows Defender Application Control cannot be used to block Powershell scripts. Applocker just forces Powershell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event - which literally states the script will be blocked. After which the script runs. + ## Related topics - [Understanding AppLocker default rules](understanding-applocker-default-rules.md) From b54238312d20f7a29714179d9536fe1bfabd07dc Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 14 Jun 2022 15:24:06 +0200 Subject: [PATCH 368/540] #10384 #10384 --- ...ty-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index f53a1e1665..a4973e313a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -25,6 +25,9 @@ ms.technology: windows-sec Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** security policy setting. + +>[!NOTE] +>To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](https://github.com/MicrosoftDocs/windowsserverdocs/edit/main/WindowsServerDocs/remote/remote-desktop-services/clients/remote-desktop-allow-access.md) ## Reference The **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** policy setting allows you to deny or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system. From 8c08b60f3ed7a16b4f5dfe6ee98e193671a3a74a Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 14 Jun 2022 15:26:06 +0200 Subject: [PATCH 369/540] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-validate-ad-prereq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 35d754ebe4..22b2eb2e66 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -25,7 +25,7 @@ ms.reviewer: - On-premises deployment - Certificate trust -The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. +The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. **If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the 'Updating the Schema' and 'Create the KeyCredential Admins Security Global Group' steps below.** From 1b41f5d390694de82096210c25d07d97d39af19b Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 14 Jun 2022 15:26:53 +0200 Subject: [PATCH 370/540] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-validate-ad-prereq.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 22b2eb2e66..e1bb8e2f6e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -27,7 +27,8 @@ ms.reviewer: The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. -**If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the 'Updating the Schema' and 'Create the KeyCredential Admins Security Global Group' steps below.** +> [!NOTE] +> If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the "Updating the Schema" and "Create the KeyCredential Admins Security Global Group" steps that follow.** Manually updating Active Directory uses the command-line utility **adprep.exe** located at **\:\support\adprep** on the Windows Server 2016 or later DVD or ISO. Before running adprep.exe, you must identify the domain controller hosting the schema master role. From e171bd1adbfeddeaa52d189d3fcb7cf27548c0f2 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Tue, 14 Jun 2022 07:30:59 -0700 Subject: [PATCH 371/540] Update windows-11-se-overview.md Added AVD(remote Desktop) --- education/windows/windows-11-se-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 9090762b1e..a138e024d6 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -41,6 +41,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run | Application | Supported version | App Type | Vendor | | --- | --- | --- | --- | |AirSecure |8.0.0 |Win32 |AIR| +|AVD(Remote Desktop) |1.2.3213.0 |Win32 |Microsoft| |Brave Browser |1.34.80|Win32 |Brave| |Bulb Digital Portfolio |0.0.7.0|Store|Bulb| |Cisco Umbrella |3.0.110.0 |Win32 |Cisco| From b05788dcc1fe3b67524670ce7291f520472b3ac7 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Tue, 14 Jun 2022 08:01:51 -0700 Subject: [PATCH 372/540] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index a138e024d6..4740a60a2c 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -41,7 +41,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run | Application | Supported version | App Type | Vendor | | --- | --- | --- | --- | |AirSecure |8.0.0 |Win32 |AIR| -|AVD(Remote Desktop) |1.2.3213.0 |Win32 |Microsoft| +|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft| |Brave Browser |1.34.80|Win32 |Brave| |Bulb Digital Portfolio |0.0.7.0|Store|Bulb| |Cisco Umbrella |3.0.110.0 |Win32 |Cisco| From 1210e6f40d7cd19226648c75a539d6378f4f3f71 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 14 Jun 2022 10:20:17 -0600 Subject: [PATCH 373/540] Update wcd-cellcore.md Delete lone angle bracket line 16. --- windows/configuration/wcd/wcd-cellcore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index 057d8d7258..615458a1b5 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -13,7 +13,7 @@ manager: dougeby # CellCore (Windows Configuration Designer reference) ->Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809. +Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809. Use to configure settings for cellular data. From 9f63a8cf01b5d16cc5a44ddc4b8422f972b80893 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 14 Jun 2022 11:22:13 -0500 Subject: [PATCH 374/540] Update get-support-for-security-baselines.md Updated to support new version of Office, 2206 --- .../get-support-for-security-baselines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 52c3d0d811..42b2cb57a7 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -76,7 +76,7 @@ Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-fo | Name | Details | Security Tools | |---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------| -| Microsoft 365 Apps for enterprise, version 2112 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2112/ba-p/3038172) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Microsoft 365 Apps for enterprise, version 2206 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Microsoft Edge, version 98 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v98/ba-p/3165443) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
              From 16c2ff730b989454f89cda61df51d001d3b6bb90 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 14 Jun 2022 11:22:47 -0500 Subject: [PATCH 375/540] Update security-compliance-toolkit-10.md Updated to support new version of Office, 2206 --- .../security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 3fd0c07c67..f1ca17ad61 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -42,7 +42,7 @@ The Security Compliance Toolkit consists of: - Microsoft Office security baseline - Office 2016 - - Microsoft 365 Apps for Enterprise Version 2112 + - Microsoft 365 Apps for Enterprise Version 2206 - Microsoft Edge security baseline - Edge version 98 From d6ec33e1e44b981416d698d880725d0129223681 Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Date: Tue, 14 Jun 2022 10:09:14 -0700 Subject: [PATCH 376/540] Update windows-11-se-overview.md remove extraneous word per Acrolinx --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 4740a60a2c..b9248a3c6b 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -94,7 +94,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run | App type | Enabled | | --- | --- | | Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. | -| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.

              ✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). | +| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.

              ✔️ If there are specific installation-type apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). | ### Add your own apps From a642378fe6c5ee582fad0090cc43b0bd05c6ee25 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Wed, 15 Jun 2022 02:12:44 +0530 Subject: [PATCH 377/540] Updated-6020456 Metadata values updated to resolve Suggestions. --- windows/privacy/manage-windows-11-endpoints.md | 4 ++-- windows/privacy/manage-windows-1909-endpoints.md | 6 +++--- windows/privacy/manage-windows-20H2-endpoints.md | 4 ++-- windows/privacy/manage-windows-21H1-endpoints.md | 4 ++-- windows/privacy/manage-windows-21h2-endpoints.md | 4 ++-- .../privacy/windows-11-endpoints-non-enterprise-editions.md | 4 ++-- .../windows-endpoints-1909-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-20H2-non-enterprise-editions.md | 4 ++-- .../windows-endpoints-21H1-non-enterprise-editions.md | 4 ++-- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 09197e019e..4d15b92f37 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -3,8 +3,8 @@ title: Connection endpoints for Windows 11 Enterprise description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md index cd62abd039..00b98b9dda 100644 --- a/windows/privacy/manage-windows-1909-endpoints.md +++ b/windows/privacy/manage-windows-1909-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 1909 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima -manager: obezeajo +author: dansimp +ms.author: dansimp +manager: dansimp ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index 17e22dfe6b..2cf0582a75 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -3,8 +3,8 @@ title: Connection endpoints for Windows 10 Enterprise, version 20H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index 4ed0760f70..ff89922df2 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -3,8 +3,8 @@ title: Connection endpoints for Windows 10 Enterprise, version 21H1 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index ebc451df17..fd4603f3d9 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -3,8 +3,8 @@ title: Connection endpoints for Windows 10 Enterprise, version 21H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md index aead5ff2db..4e666b5f33 100644 --- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md +++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md @@ -3,8 +3,8 @@ title: Windows 11 connection endpoints for non-Enterprise editions description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index c73380a6e3..2aa3106c7d 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 1909, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima -manager: obezeajo +author: dansimp +ms.author: dansimp +manager: dansimp ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md index 8f1aa365d5..6f1b25f0ae 100644 --- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -3,8 +3,8 @@ title: Windows 10, version 20H2, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md index 8f75ee377c..c8028cb6af 100644 --- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md @@ -3,8 +3,8 @@ title: Windows 10, version 21H1, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1. ms.prod: m365-security ms.localizationpriority: high -author: gental-giant -ms.author: v-hakima +author: dansimp +ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article From 427036e409dad07ca249b96ff7713db36ac4880a Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Tue, 14 Jun 2022 21:52:51 -0500 Subject: [PATCH 378/540] more updates --- .../windows-autopatch-register-devices.md | 43 +++++++++++-------- .../windows-autopatch-deregister-devices.md | 9 ++-- 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 7dbed8bc97..e492dd6501 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,7 +1,7 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 05/31/2022 +ms.date: 06/15/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to @@ -27,10 +27,10 @@ Windows Autopatch can take over software update management of supported devices ### About the use of an Azure AD group to register devices -You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices into its service. +You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices. > [!NOTE] -> All devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered. +> Devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered. You can also use the Discover devices button in either the Ready or Not ready tab to register devices ondemand. #### Supported scenarios when nesting other Azure AD groups @@ -38,16 +38,19 @@ Windows Autopatch also supports the following Azure AD nested group scenarios: Azure AD groups synced up from: -- On-premises Active Directory groups (Windows server type). +- On-premises Active Directory groups (Windows Server AD). - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync). +> [!WARNING] +> It is not recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. + > [!IMPORTANT] > The **Windows Autopatch Device Registration** Azure AD group only supports one level of Azure AD nested groups. > [!TIP] -> You can also use the **Discover Devices** button in either the Ready or Not ready tabs to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. +> You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. -## Prerequisites +## Prerequisites for device registration To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites: @@ -59,21 +62,20 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - Windows updates policies - Device configuration - Office Click-to-run -- Last Intune device check-in completed within the last 28 days. +- Last Intune device check-in completed within the last 28 days. -For more details on each prerequisite check, see the [Prerequisites](../prepare/windows-autopatch-prerequisites.md) article. +See [How to switch Configuration Manager workloads to Intune](https://docs.microsoft.com/mem/configmgr/comanage/how-to-switch-workloads) for more information on how Configuration Manager workloads work. + +See [Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details. ## About the Ready and Not ready tabs -Windows Autopatch introduces a new user interface to help IT admins manage devices and troubleshoot device readiness statuses seamlessly with actionable in-UI device readiness reports for unregistered devices or unhealthy devices. - -> [!IMPORTANT] -> The **Not ready** tab will not be available during the first week of the public preview. +Windows Autopatch introduces a new user interface to help IT admins detect and troubleshoot device readiness statuses seamlessly with actionable in-UI device readiness reports for unregistered devices or unhealthy devices. | Tab | Purpose | | ----- | ----- | -| Ready tab | The purpose of the Ready tab is to show devices that were successfully registered to the Windows Autopatch service and that have met post-registration device health requirements. | -| Not ready tab | The purpose of the Not ready tab is to show devices that didn't successfully register into the Windows Autopatch service, or didn't pass one of the post-registration health requirements. This tab is intended to help customers identify and remediate devices that don't meet either pre or post-registration device readiness checks.

              Devices successfully registered and healthy don't appear in the Not ready tab. | +| Ready | The purpose of the Ready tab is to show devices that were successfully registered to the Windows Autopatch service. | +| Not ready | The purpose of the Not ready tab is to help you identify and remediate devices that don't meet the pre-requisite checks to register into the Windows Autopatch service. This tab only shows devices that didn't successfully register into the Windows Autopatch service. | ## Built-in roles required for device registration @@ -94,7 +96,7 @@ For more information, see [Azure AD built-in roles](/azure/active-directory/role Registering your devices in Windows Autopatch does the following: 1. Makes a record of devices in the service. -2. Assign devices into the ring groups and other groups required for software updates management. +2. Assign devices into the deployment ring groups and other groups required for software updates management. ## Steps to register devices @@ -106,14 +108,17 @@ Registering your devices in Windows Autopatch does the following: 4. Select the **Ready** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens. 5. Add either devices through direct membership or other Azure Active Directory dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group. -Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs device-level prerequisite checks to try to register them. +> [!NOTE] +> The **Windows Autopatch Device Registration** hyperlink shows up at the center of the Ready tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is shown at the top of both Ready and Not ready tabs. + +Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs software-based prerequisite checks to try to register them with its service. > [!IMPORTANT] > It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview. -## Other device lifecycle management scenarios +## Additional device management lifecycle scenarios -There are a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch. +There's a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch. ### Device refresh @@ -132,4 +137,4 @@ If you need to repair a device that was previously registered into the Windows A When one of these hardware changes occurs, Azure AD creates a new device ID record for that device, even if it's technically the same device. > [!IMPORTANT] -> If a new Azure AD device ID is generated for a device that was previously registered into Windows Autopatch, even if it's the same device, the new Azure AD device ID must be added either through device direct membership or through nested Azure AD dynamic/assigned group into the **Windows Autopatch Device Registration** group. This process guarantees the newly generated Azure AD device ID is registered with Windows Autopatch and that the device continues to have its software updates managed by the service. +> If a new Azure AD device ID is generated for a device that was previously registered into the Windows Autopatch service, even if it's technically same device, the new Azure AD device ID must be added either through device direct membership or through nested Azure AD dynamic/assigned group into the **Windows Autopatch Device Registration** Azure AD group. This process guarantees that the newly generated Azure AD device ID is registered with Windows Autopatch and that the device continues to have its software updates managed by the service. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md index bfb6b35250..381de73887 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md @@ -1,7 +1,7 @@ --- title: Deregister a device description: This article explains how to deregister devices -ms.date: 05/31/2022 +ms.date: 06/15/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to @@ -24,6 +24,9 @@ To avoid end-user disruption, device de-registration in Windows Autopatch only d 1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister. 1. Once a device or multiple devices are selected, select **Device actions**, then select **Deregister device**. +> [!WARNING] +> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't de-register devices from the Windows Autopatch service. + ## Excluded devices When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to re-register the device into the service again, since the de-registration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. @@ -35,9 +38,7 @@ If you want to re-register a device that was previously deregistered from Window ## Hiding unregistered devices -You can hide unregistered devices you don't expect to be remediated anytime soon. - -**To hide unregistered devices:** +You can hide unregistered devices you don't expect to be remediated anytime soon. To hide unregistered devices: 1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). 1. Select **Windows Autopatch** in the left navigation menu. From 2c8f688a41233201084ffb22ceb059899c5cf53a Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 14 Jun 2022 20:59:57 -0700 Subject: [PATCH 379/540] Update windows-autopatch-register-devices.md Reviewed for grammar and style. --- .../deploy/windows-autopatch-register-devices.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index e492dd6501..13a2333745 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -30,7 +30,7 @@ Windows Autopatch can take over software update management of supported devices You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices. > [!NOTE] -> Devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered. You can also use the Discover devices button in either the Ready or Not ready tab to register devices ondemand. +> Devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered. You can also use the **Discover devices** button in either the Ready or Not ready tab to register devices on demand. #### Supported scenarios when nesting other Azure AD groups @@ -42,7 +42,7 @@ Azure AD groups synced up from: - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync). > [!WARNING] -> It is not recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. +> It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. > [!IMPORTANT] > The **Windows Autopatch Device Registration** Azure AD group only supports one level of Azure AD nested groups. @@ -64,7 +64,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - Office Click-to-run - Last Intune device check-in completed within the last 28 days. -See [How to switch Configuration Manager workloads to Intune](https://docs.microsoft.com/mem/configmgr/comanage/how-to-switch-workloads) for more information on how Configuration Manager workloads work. +For more information on how Configuration Manager workloads work, see [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads). See [Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details. @@ -75,7 +75,7 @@ Windows Autopatch introduces a new user interface to help IT admins detect and t | Tab | Purpose | | ----- | ----- | | Ready | The purpose of the Ready tab is to show devices that were successfully registered to the Windows Autopatch service. | -| Not ready | The purpose of the Not ready tab is to help you identify and remediate devices that don't meet the pre-requisite checks to register into the Windows Autopatch service. This tab only shows devices that didn't successfully register into the Windows Autopatch service. | +| Not ready | The purpose of the Not ready tab is to help you identify and remediate devices that don't meet the pre-requisite checks to register into the Windows Autopatch service. This tab only shows devices that didn't successfully register into Windows Autopatch. | ## Built-in roles required for device registration @@ -106,10 +106,10 @@ Registering your devices in Windows Autopatch does the following: 2. Select **Windows Autopatch** from the left navigation menu. 3. Select **Devices**. 4. Select the **Ready** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens. -5. Add either devices through direct membership or other Azure Active Directory dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group. +5. Add either devices through direct membership, or other Azure Active Directory dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group. > [!NOTE] -> The **Windows Autopatch Device Registration** hyperlink shows up at the center of the Ready tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is shown at the top of both Ready and Not ready tabs. +> The **Windows Autopatch Device Registration** hyperlink is in the center of the Ready tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is at the top of both Ready and Not ready tabs. Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs software-based prerequisite checks to try to register them with its service. From fca423e4bc9dbc3788b0e44415a6da3ca06efa02 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 14 Jun 2022 21:07:50 -0700 Subject: [PATCH 380/540] Update windows-autopatch-deregister-devices.md Reviewed for style and grammar. --- .../operate/windows-autopatch-deregister-devices.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md index 381de73887..4d3ea8802b 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md @@ -14,7 +14,7 @@ msreviewer: andredm7 # Deregister a device -To avoid end-user disruption, device de-registration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device de-registration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. +To avoid end-user disruption, device de-registration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. **To deregister a device:** @@ -25,20 +25,22 @@ To avoid end-user disruption, device de-registration in Windows Autopatch only d 1. Once a device or multiple devices are selected, select **Device actions**, then select **Deregister device**. > [!WARNING] -> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't de-register devices from the Windows Autopatch service. +> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't deregister devices from the Windows Autopatch service. ## Excluded devices -When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to re-register the device into the service again, since the de-registration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. +When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. > [!IMPORTANT] > The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. -If you want to re-register a device that was previously deregistered from Windows Autopatch, you must [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team to request the removal of the "excluded" flag set during the de-registration process. After the Windows Autopatch Service Engineering Team removes the flag, you can re-register a device or a group of devices. +If you want to reregister a device that was previously deregistered from Windows Autopatch, you must [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team to request the removal of the "excluded" flag set during the deregistration process. After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices. ## Hiding unregistered devices -You can hide unregistered devices you don't expect to be remediated anytime soon. To hide unregistered devices: +You can hide unregistered devices you don't expect to be remediated anytime soon. + +**To hide unregistered devices:** 1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). 1. Select **Windows Autopatch** in the left navigation menu. From cb967191c257d57de2b1145cf2c732f4f72443af Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Wed, 15 Jun 2022 18:40:23 +0200 Subject: [PATCH 381/540] Set Policy Driven Update path's are wrong All Updates SetPolicyDrivenUpdateSource path's are wrong - there needs an "Updates" added to the settings name. Verified under 21H2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Update --- .../mdm/policy-csp-update.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 4c9d94d790..b06a5e7de2 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3478,7 +3478,7 @@ The following list shows the supported values:

              -**Update/SetPolicyDrivenUpdateSourceForDriver** +**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** The table below shows the applicability of Windows: @@ -3508,9 +3508,9 @@ The table below shows the applicability of Windows: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeature -- SetPolicyDrivenUpdateSourceForQuality -- SetPolicyDrivenUpdateSourceForOther +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3536,7 +3536,7 @@ The following list shows the supported values:
              -**Update/SetPolicyDrivenUpdateSourceForFeature** +**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** The table below shows the applicability of Windows: @@ -3566,9 +3566,9 @@ The table below shows the applicability of Windows: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForQuality -- SetPolicyDrivenUpdateSourceForDriver -- SetPolicyDrivenUpdateSourceForOther +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3594,7 +3594,7 @@ The following list shows the supported values:
              -**Update/SetPolicyDrivenUpdateSourceForOther** +**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** The table below shows the applicability of Windows: @@ -3624,9 +3624,9 @@ The table below shows the applicability of Windows: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeature -- SetPolicyDrivenUpdateSourceForQuality -- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3652,7 +3652,7 @@ The following list shows the supported values:
              -**Update/SetPolicyDrivenUpdateSourceForQuality** +**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** The table below shows the applicability of Windows: @@ -3682,9 +3682,9 @@ The table below shows the applicability of Windows: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeature -- SetPolicyDrivenUpdateSourceForDriver -- SetPolicyDrivenUpdateSourceForOther +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -4013,4 +4013,4 @@ ADMX Info: ## Related topics -[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) From 06af96a0839dab3c1c7ef8780516f7dff0923239 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 15 Jun 2022 10:07:25 -0700 Subject: [PATCH 382/540] Organization improvement. --- .../operate/windows-autopatch-deregister-devices.md | 4 ++-- .../operate/windows-autopatch-wqu-overview.md | 6 ++++++ .../operate/windows-autopatch-wqu-unsupported-policies.md | 6 ------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md index 4d3ea8802b..7fe4c8e3d4 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md @@ -29,7 +29,7 @@ To avoid end-user disruption, device de-registration in Windows Autopatch only d ## Excluded devices -When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. +When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. > [!IMPORTANT] > The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. @@ -38,7 +38,7 @@ If you want to reregister a device that was previously deregistered from Windows ## Hiding unregistered devices -You can hide unregistered devices you don't expect to be remediated anytime soon. +You can hide unregistered devices you don't expect to be remediated anytime soon. **To hide unregistered devices:** diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md index 2eebfd6f24..282c602973 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md @@ -74,3 +74,9 @@ If we pause the release, a policy will be deployed which prevents devices from u > [!NOTE] > Windows Autopatch doesn't allow you to request that a release be paused or resumed during public preview. + +## Incidents and outages + +If devices in your tenant aren't meeting the [service level objective](../operate/windows-autopatch-wqu-overview.md#service-level-objective) for Windows quality updates, an incident will be raised, and the Windows Autopatch Service Engineering Team will work to bring the devices back into compliance. + +If you're experiencing other issues related to Windows quality updates, [submit a support request](../operate/windows-autopatch-support-request.md). diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md index 7495f42487..a76f93d9c5 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md @@ -31,9 +31,3 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de Group policy takes precedence over mobile device management (MDM) policies. For Windows quality updates, if any group policies are detected which modify the following hive in the registry, the device will be ineligible for management: `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState` - -## Incidents and outages - -If devices in your tenant aren't meeting the [service level objective](../operate/windows-autopatch-wqu-overview.md#service-level-objective) for Windows quality updates, an incident will be raised, and the Windows Autopatch Service Engineering Team will work to bring the devices back into compliance. - -If you're experiencing other issues related to Windows quality updates, [submit a support request](../operate/windows-autopatch-support-request.md). From 066609bfd10c47e1cc23c0e9f68e708138f09925 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 15 Jun 2022 11:30:26 -0700 Subject: [PATCH 383/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 71cbd89d31..2888082127 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -43,14 +43,14 @@ RemoteWipe --------Status ``` **doWipe** -Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, depending on how far the reset progressed, the PC can roll back to the pre-reset state. +Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to a the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. Supported operation is Exec. **doWipePersistProvisionedData** -Specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. +Exec on this node specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -59,7 +59,7 @@ Supported operation is Exec. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. **doWipeProtected** -Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. +Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command, but not whether the reset was successful. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, if a reset that uses doWipeProtected is interrupted, upon restart it will clean the PC's disk partitions. Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios. @@ -69,13 +69,13 @@ Supported operation is Exec. Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. **DoWipeCloud** -Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. +Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **DoWipeCloudPersistUserData** -Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. +Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **DoWipeCloudPersistProvisionedData** -Performs a DoWipe remote reset, but downloads the OS payload from Windows Update instead of the local Windows recovery environment. +Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **AutomaticRedeployment** Added in Windows 10, version 1809. Node for the Autopilot Reset operation. From fb363499e1141883d3695d30d55cc6d95138d517 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 15 Jun 2022 11:35:26 -0700 Subject: [PATCH 384/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 2888082127..0640cf4d61 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -69,12 +69,15 @@ Supported operation is Exec. Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. **DoWipeCloud** + Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **DoWipeCloudPersistUserData** + Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **DoWipeCloudPersistProvisionedData** + Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. **AutomaticRedeployment** From 1d60cebd6b88bca15a1bd75c0497f40166a80e01 Mon Sep 17 00:00:00 2001 From: ashbal93 Date: Wed, 15 Jun 2022 19:47:13 +0100 Subject: [PATCH 385/540] Update system-guard-secure-launch-and-smm-protection.md Added AMD requirements --- .../system-guard-secure-launch-and-smm-protection.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 8118710283..5c9e29a065 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -90,6 +90,18 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic |Platform firmware|Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch:
              • Intel® SINIT ACM must be carried in the OEM BIOS
              • Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
              | |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | +|For AMD® processors starting with Zen2 or later silicon|Description| +|--------|-----------| +|64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more information about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more information about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).| +|Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0 OR Microsoft Pluton TPM.| +|Windows DMA Protection|Platforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).| +|SMM communication buffers| All SMM communication buffers must be implemented in EfiRuntimeServicesData, EfiRuntimeServicesCode, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types. | +|SMM Page Tables| Must NOT contain any mappings to EfiConventionalMemory (for example no OS/VMM owned memory).
              Must NOT contain any mappings to code sections within EfiRuntimeServicesCode.
              Must NOT have execute and write permissions for the same page
              BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry. | +|Modern/Connected Standby|Platforms must support Modern/Connected Standby.| +|TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with:
              • Handle: 0x01C101C0
              • Attributes:
                • TPMA_NV_POLICYWRITE
                • TPMA_NV_PPREAD
                • TPMA_NV_OWNERREAD
                • TPMA_NV_AUTHREAD
                • TPMA_NV_POLICYREAD
                • TPMA_NV_NO_DA
                • TPMA_NV_PLATFORMCREATE
                • TPMA_NV_POLICY_DELETE
              • A policy of:
                • A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey)
                • B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial)
                • authPolicy = \{A} OR {{A} AND \{B}}
                • Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c, 0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1
              | +|Platform firmware|Platform firmware must carry all code required to execute Secure Launch:
              • AMD® Secure Launch platforms must ship with AMD® DRTM driver devnode exposed and the AMD® DRTM driver installed

              Platform must have AMD® Secure Processor Firmware Anti-Rollback protection enabled
              Platform must have AMD® Memory Guard enabled.| +|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | + |For Qualcomm® processors with SD850 or later chipsets|Description| |--------|-----------| |Monitor Mode Communication|All Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types| From 56572199ae847849f2b70e054d13a6731e205359 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 15 Jun 2022 12:14:07 -0700 Subject: [PATCH 386/540] spaces --- windows/client-management/mdm/remotewipe-csp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 0640cf4d61..9b8ae699d8 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -27,6 +27,7 @@ The table below shows the applicability of Windows: The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server. + ``` ./Vendor/MSFT RemoteWipe @@ -42,6 +43,7 @@ RemoteWipe --------LastError --------Status ``` + **doWipe** Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to a the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. From 474bde92dcfbcb73e1f87e5c2c70dc8be1db16d6 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 15 Jun 2022 12:17:18 -0700 Subject: [PATCH 387/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 9b8ae699d8..88c970beb9 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -70,18 +70,6 @@ Supported operation is Exec. **doWipePersistUserData** Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. -**DoWipeCloud** - -Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. - -**DoWipeCloudPersistUserData** - -Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. - -**DoWipeCloudPersistProvisionedData** - -Added in Windows 11, version 22H2. Performs a DoWipe remote reset, but downloads the OS payload from Windows update instead of using the local PC’s Windows Component store. The payload downloaded from Microsoft update will be used to reset the PC to the same version of Windows as it was pre-reset. - **AutomaticRedeployment** Added in Windows 10, version 1809. Node for the Autopilot Reset operation. From c7c8d4e2e9744d0a13c17ba31650bfe557e60582 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 15 Jun 2022 13:55:37 -0700 Subject: [PATCH 388/540] Updated More about licenses section as per Harman's request. --- .../prepare/windows-autopatch-prerequisites.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 3d918f7629..5d377d6e50 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -28,10 +28,13 @@ Getting started with Windows Autopatch has been designed to be easy. This articl Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. The following are the other licenses that grant entitlement to Windows Autopatch: -- Windows 10/11 Enterprise E3 -- Windows 10/11 Enterprise E5 -- Microsoft 365 E3 -- Microsoft 365 E5 +| License | ID | GUID number | +| ----- | ----- | ------| +| [Microsoft 365 E3](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E3 | 05e9a617-0261-4cee-bb44-138d3ef5d965 | +| [Microsoft 365 E5](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E5 | 06ebc4ee-1bb5-47dd-8120-11324bc54e06 | +| [Windows 10/11 Enterprise E3](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | WIN10_VDA_E3 | 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a | +| [Windows 10/11 Enterprise E5](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 | +| [Windows 10/11 Enterprise VDA](/windows/deployment/deploy-enterprise-licenses#virtual-desktop-access-vda) | E3_VDA_only | d13ef257-988a-46f3-8fce-f47484dd4550 | The following Windows 64-bit editions are required for Windows Autopatch: From fd097900698f34d59451aea4f3633088cbc32678 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 15 Jun 2022 14:02:47 -0700 Subject: [PATCH 389/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 88c970beb9..4eb9ed7a1d 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -35,9 +35,6 @@ RemoteWipe ----doWipePersistProvisionedData ----doWipeProtected ----doWipePersistUserData -----doWipeCloud -----doWipeCloudPersistUserData -----doWipeCloudPersistProvisionedData ----AutomaticRedeployment --------doAutomaticRedeployment --------LastError From c20c99a86a0e3ee86a6b3ffff72c6b75593e2ff0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jun 2022 14:27:05 -0700 Subject: [PATCH 390/540] Update policy-csp-update.md --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index b06a5e7de2..cce978a298 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: dansimp ms.localizationpriority: medium -ms.date: 03/18/2022 +ms.date: 06/15/2022 ms.reviewer: manager: dansimp ms.collection: highpri From 6d075ad8eb48607df0038b9de7a12fc20bd3f4f7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jun 2022 14:33:16 -0700 Subject: [PATCH 391/540] Update network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md --- ...estrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index a4973e313a..9453c4b573 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 06/15/2022 ms.technology: windows-sec --- @@ -26,8 +26,9 @@ ms.technology: windows-sec Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** security policy setting. ->[!NOTE] ->To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](https://github.com/MicrosoftDocs/windowsserverdocs/edit/main/WindowsServerDocs/remote/remote-desktop-services/clients/remote-desktop-allow-access.md) +> [!NOTE] +> To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access) + ## Reference The **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** policy setting allows you to deny or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system. From 1c082992e615bdf995feec9306d0086ef644dbd9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jun 2022 14:36:26 -0700 Subject: [PATCH 392/540] Update script-rules-in-applocker.md --- .../applocker/script-rules-in-applocker.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 0daa8696c8..a39cc39fd3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/21/2017 +ms.date: 06/15/2022 ms.technology: windows-sec --- @@ -26,30 +26,30 @@ ms.technology: windows-sec - Windows 11 - Windows Server 2016 and above ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -This topic describes the file formats and available default rules for the script rule collection. +This article describes the file formats and available default rules for the script rule collection. AppLocker defines script rules to include only the following file formats: -- .ps1 -- .bat -- .cmd -- .vbs -- .js +- `.ps1` +- `.bat` +- `.cmd` +- `.vbs` +- `.js` The following table lists the default rules that are available for the script rule collection. | Purpose | Name | User | Rule condition type | | - | - | - | - | -| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: *| -| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: %windir%\*| -| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: %programfiles%\*| +| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: `*\` | +| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: `%windir%\*` | +| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`| ->[!NOTE] ->Windows Defender Application Control cannot be used to block Powershell scripts. Applocker just forces Powershell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event - which literally states the script will be blocked. After which the script runs. +> [!NOTE] +> Windows Defender Application Control cannot be used to block Powershell scripts. Applocker just forces Powershell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event - which literally states the script will be blocked. After which the script runs. -## Related topics +## Related articles - [Understanding AppLocker default rules](understanding-applocker-default-rules.md) From dffa3bc0c690f37e84768882928ceb21819a00f1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jun 2022 14:37:23 -0700 Subject: [PATCH 393/540] Update script-rules-in-applocker.md --- .../applocker/script-rules-in-applocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index a39cc39fd3..14bf0eec35 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -48,7 +48,7 @@ The following table lists the default rules that are available for the script ru | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`| > [!NOTE] -> Windows Defender Application Control cannot be used to block Powershell scripts. Applocker just forces Powershell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event - which literally states the script will be blocked. After which the script runs. +> Windows Defender Application Control cannot be used to block PowerShell scripts. Applocker just forces PowerShell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event, which states that the script will be blocked, but then the script runs. ## Related articles From a317f8cb080e88fd35fa7daccf51ca6eaa9cff7b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jun 2022 14:40:56 -0700 Subject: [PATCH 394/540] Update use-windows-defender-application-control-with-dynamic-code-security.md --- ...s-defender-application-control-with-dynamic-code-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index 6b32d76c52..3720558b80 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 09/23/2021 +ms.date: 06/15/2022 ms.technology: windows-sec --- From 46e8636041b5f7d37ba9f0a16d005fdb1ba0b836 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 16 Jun 2022 05:58:39 +0500 Subject: [PATCH 395/540] Update policy-csp-newsandinterests.md --- .../mdm/policy-csp-newsandinterests.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 5d8350eed5..6eb42f6671 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -34,11 +34,11 @@ manager: dansimp |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| -|Pro|Yes|Yes| +|Pro|No|Yes| |Windows SE|No|Yes| -|Business|Yes|Yes| -|Enterprise|Yes|Yes| -|Education|Yes|Yes| +|Business|No|Yes| +|Enterprise|No|Yes| +|Education|No|Yes|
              @@ -83,4 +83,4 @@ ADMX Info: ## Related topics -[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) From f622faf1f8130332b2c5da457dd5b01295398c7d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 16 Jun 2022 06:49:21 +0500 Subject: [PATCH 396/540] Update interactive-logon-do-not-require-ctrl-alt-del.md --- .../interactive-logon-do-not-require-ctrl-alt-del.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md index 4131998946..867bda657e 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md @@ -36,6 +36,9 @@ Microsoft developed this feature to make it easier for users with certain types A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has. +>[!NOTE] +>When the policy is defined, registry value **DisableCAD** located in **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System** is created. To revert the changes made by this policy, it is not enough to set its value to **Not defined**, this registry value need to be removed as well. + ### Possible values - Enabled From c489de57b57b98d64645ac19c3f30c09d911a3f8 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 16 Jun 2022 12:33:54 +0530 Subject: [PATCH 397/540] Acrolinx fixes --- windows/deployment/deploy-windows-to-go.md | 19 ++++++------ ...oyment-considerations-for-windows-to-go.md | 31 +++++++++---------- ...-compliance-schema-waasdeploymentstatus.md | 11 ++++--- 3 files changed, 31 insertions(+), 30 deletions(-) diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 508d7d773d..d398777f84 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -13,11 +13,12 @@ ms.custom: seo-marvel-apr2020 # Deploy Windows To Go in your organization + **Applies to** - Windows 10 -This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. +This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. > [!IMPORTANT] > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. @@ -26,7 +27,7 @@ This topic helps you to deploy Windows To Go in your organization. Before you be The following is a list of items that you should be aware of before you start the deployment process: -* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives. +* Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives. * After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted. @@ -34,20 +35,20 @@ The following is a list of items that you should be aware of before you start th * Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)). -* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive. +* If you're planning on using a USB drive duplicator to duplicate Windows To Go drives, don't configure offline domain join or BitLocker on the drive. ## Basic deployment steps -Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios. +Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios. -Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)). +Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)). >[!WARNING] >If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication. ### Create the Windows To Go workspace -In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools. +In this step we're creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools. >[!WARNING] >The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education. @@ -69,7 +70,7 @@ In this step we are creating the operating system image that will be used on the 6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**. -7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions. +7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions. r >[!WARNING] @@ -77,7 +78,7 @@ r If you choose to encrypt the Windows To Go drive now: - - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters. + - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware doesn't support non-ASCII characters. ~~~ @@ -100,7 +101,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as 1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**. -2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware: +2. In the Windows PowerShell session type, the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware: ``` # The following command will set $Disk to all USB drives with >20 GB of storage diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 0fd8883965..76eadc45f9 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -12,7 +12,6 @@ ms.custom: seo-marvel-apr2020 # Deployment considerations for Windows To Go - **Applies to** - Windows 10 @@ -42,7 +41,7 @@ The following diagrams illustrate the two different methods you could use to pro ![initial boot on-premises.](images/wtg-first-boot-work.gif) -When a Windows To Go workspace is first used at the workplace, the Windows To Go workspace can be joined to the domain through the normal procedures that occur when a new computer is introduced. It obtains a lease, applicable policies are applied and set, and user account tokens are placed appropriately. BitLocker protection can be applied and the BitLocker recovery key automatically stored in Active Directory Domain Services. The user can access network resources to install software and get access to data sources. When the workspace is subsequently booted at a different location either on or off premises, the configuration required for it to connect back to the work network using either DirectAccess or a virtual private network connection can be configured. It is not necessary to configure the workspace for offline domain join. DirectAccess can make connecting to organizational resources easier, but is not required. +When a Windows To Go workspace is first used at the workplace, the Windows To Go workspace can be joined to the domain through the normal procedures that occur when a new computer is introduced. It obtains a lease, applicable policies are applied and set, and user account tokens are placed appropriately. BitLocker protection can be applied and the BitLocker recovery key automatically stored in Active Directory Domain Services. The user can access network resources to install software and get access to data sources. When the workspace is subsequently booted at a different location either on or off premises, the configuration required for it to connect back to the work network using either DirectAccess or a virtual private network connection can be configured. It isn't necessary to configure the workspace for offline domain join. DirectAccess can make connecting to organizational resources easier, but isn't required. ![initial boot off-premises.](images/wtg-first-boot-home.gif) @@ -51,7 +50,7 @@ When the Windows To Go workspace is going to be used first on an off-premises co > [!TIP] > Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn306081(v=ws.11)). -DirectAccess can be used to ensure that the user can log in with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831520(v=ws.11)) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134200(v=ws.11)). If you do not want to use DirectAccess as an alternative user could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network. +DirectAccess can be used to ensure that the user can log in with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831520(v=ws.11)) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134200(v=ws.11)). If you don't want to use DirectAccess as an alternative user could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network. ### Image deployment and drive provisioning considerations @@ -59,18 +58,18 @@ The Image Deployment process can be accomplished either by a centralized IT proc ![windows to go image deployment.](images/wtg-image-deployment.gif) -The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device has not been booted. After the Windows To Go drive is initialized, it should not be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives. +The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device hasn't been booted. After the Windows To Go drive is initialized, it shouldn't be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives. > [!TIP] > When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments. **Driver considerations** -Windows includes most of the drivers that you will need to support a wide variety of host computers. However, you will occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you are using Windows To Go on a set of known host computers, you can add any additional drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get additional drivers if necessary. +Windows includes most of the drivers that you'll need to support a wide variety of host computers. However, you'll occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you're using Windows To Go on a set of known host computers, you can add any more drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get more drivers if necessary. Wi-Fi network adapter drivers are one of the most important drivers to make sure that you include in your standard image so that users can easily connect to the internet for any additional updates. IT administrators that are attempting to build Windows 10 images for use with Windows To Go should consider adding additional Wi-Fi drivers to their image to ensure that their users have the best chance of still having basic network connectivity when roaming between systems. -The following list of commonly used Wi-Fi network adapters that are not supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image. +The following list of commonly used Wi-Fi network adapters that aren't supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image. |Vendor name|Product description|HWID|Windows Update availability| |--- |--- |--- |--- | @@ -94,11 +93,11 @@ The following list of commonly used Wi-Fi network adapters that are not supporte |Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)

              [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)| |Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)

              [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)| -IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)). +IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that isn't supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)). ### Application installation and domain join -Unless you are using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications +Unless you're using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications ### Management of Windows To Go using Group Policy @@ -110,20 +109,20 @@ The use of the Store on Windows To Go workspaces that are running Windows 8 can - **Allow hibernate (S4) when started from a Windows To Go workspace** - This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it is important that the hardware attached to the system, as well as the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace is not being used to roam between host PCs. + This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it's important that the hardware attached to the system, and the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace isn't being used to roam between host PCs. > [!IMPORTANT] > For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port. - **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace** - This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it is shut down. It could be very easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace cannot use the standby states to cause the PC to enter sleep mode. If you disable or do not configure this policy setting, the Windows To Go workspace can place the PC in sleep mode. + This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it's shut down. It could be easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace can't use the standby states to cause the PC to enter sleep mode. If you disable or don't configure this policy setting, the Windows To Go workspace can place the PC in sleep mode. **Settings for host PCs** - **Windows To Go Default Startup Options** - This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users will not be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog. + This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users won't be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog. > [!IMPORTANT] > Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started. @@ -135,7 +134,7 @@ The biggest hurdle for a user wanting to use Windows To Go is configuring their > [!NOTE] > Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options. -If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). +If you're going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). ### Roaming between different firmware types @@ -143,9 +142,9 @@ Windows supports two types of PC firmware: Unified Extensible Firmware Interface ![bios layout.](images/wtg-mbr-bios.gif)![uefi layout](images/wtg-gpt-uefi.gif) -This presented a unique challenge for Windows To Go because the firmware type is not easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware. +This presented a unique challenge for Windows To Go because the firmware type isn't easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware. -To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command: +To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually, you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command: ![firmware roaming disk layout.](images/wtg-mbr-firmware-roaming.gif) @@ -153,7 +152,7 @@ This is the only supported disk configuration for Windows To Go. With this disk ### Configure Windows To Go startup options -Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured. +Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options, you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured. **To configure Windows To Go startup options** @@ -170,7 +169,7 @@ Windows To Go Startup Options is a setting available on Windows 10-based PCs tha ### Change firmware settings -If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer you will need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7 you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you do not suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode. +If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer, you'll need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7, you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you don't suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode. ## Related topics diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md index fedb300b66..ec78a072db 100644 --- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md @@ -12,6 +12,7 @@ ms.topic: article # WaaSDeploymentStatus + WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, and one tracking a Windows Quality Update, at the same time. |Field |Type |Example |Description | @@ -19,10 +20,10 @@ WaaSDeploymentStatus records track a specific update's installation progress on |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enroll devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). | |**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. | |**DeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). | -|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. | -|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. | -|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:

            • **Update completed**: Device has completed the update installation.
            • **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.
            • **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.
            • **Canceled**: The update was canceled.
            • **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.
            • **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`.
            • **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update.
            • **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.| -|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
            • **Not Started**: Update hasn't started because the device is not targeting the latest 2 builds
            • **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.
            • **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.
            • **Update offered**: The device has been offered the update, but has not begun downloading it.
            • **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.
            • **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).
            • **Download started**: The update has begun downloading on the device.
            • **Download Succeeded**: The update has successfully completed downloading.
            • **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.
            • **Install Started**: Installation of the update has begun.
            • **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.
            • **Reboot Pending**: The device has a scheduled reboot to apply the update.
            • **Reboot Initiated**: The scheduled reboot has been initiated.
            • **Commit**: Changes are being committed post-reboot. This is another step of the installation process.
            • **Update Completed**: The update has successfully installed.| +|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there's either no string matching the error or there's no error. | +|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there's either no error or there's *no error code*, meaning that the issue raised doesn't correspond to an error, but some inferred issue. | +|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:
            • **Update completed**: Device has completed the update installation.
            • **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.
            • **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.
            • **Canceled**: The update was canceled.
            • **Blocked**: There's a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.
            • **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that haven't sent any deployment data for that update will have the status `Unknown`.
            • **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update.
            • **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.| +|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
            • **Not Started**: Update hasn't started because the device isn't targeting the latest 2 builds
            • **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.
            • **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.
            • **Update offered**: The device has been offered the update, but hasn't begun downloading it.
            • **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.
            • **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and won't resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).
            • **Download started**: The update has begun downloading on the device.
            • **Download Succeeded**: The update has successfully completed downloading.
            • **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.
            • **Install Started**: Installation of the update has begun.
            • **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.
            • **Reboot Pending**: The device has a scheduled reboot to apply the update.
            • **Reboot Initiated**: The scheduled reboot has been initiated.
            • **Commit**: Changes are being committed post-reboot. This is another step of the installation process.
            • **Update Completed**: The update has successfully installed.| |**ExpectedInstallDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. | |**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. | |**OriginBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. | @@ -30,7 +31,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on |**OSRevisionNumber** |[int](/azure/kusto/query/scalar-data-types/int) |`719` |The revision of the OSBuild installed on the device. | |**OSServicingBranch** |[string](/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](./waas-overview.md#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. | |**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. | -|**PauseState** |[string](/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.
            •  **Expired**: The pause period has expired.
            •  **NotConfigured**: Pause is not configured.
            •  **Paused**: The device was last reported to be pausing this content type.
            •  **NotPaused**: The device was last reported to not have any pause on this content type. | +|**PauseState** |[string](/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.
            •  **Expired**: The pause period has expired.
            •  **NotConfigured**: Pause isn't configured.
            •  **Paused**: The device was last reported to be pausing this content type.
            •  **NotPaused**: The device was last reported to not have any pause on this content type. | |**RecommendedAction** |[string](/azure/kusto/query/scalar-data-types/string) | |The recommended action to take in the event this device needs attention, if any. | |**ReleaseName** |[string](/azure/kusto/query/scalar-data-types/string) |`KB4551762` |The KB Article corresponding to the TargetOSRevision, if any. | |**TargetBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.720` |The target OSBuild, the update being installed or considered as part of this WaaSDeploymentStatus record. | From 7e9f3c731fd59fa659b5039b7d6cc80cbf007583 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Thu, 16 Jun 2022 06:43:52 -0700 Subject: [PATCH 398/540] Update windows-11-se-overview.md Moved |Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft| from line 2 to line 80 --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index b9248a3c6b..5a247f51f3 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -41,7 +41,6 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run | Application | Supported version | App Type | Vendor | | --- | --- | --- | --- | |AirSecure |8.0.0 |Win32 |AIR| -|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft| |Brave Browser |1.34.80|Win32 |Brave| |Bulb Digital Portfolio |0.0.7.0|Store|Bulb| |Cisco Umbrella |3.0.110.0 |Win32 |Cisco| @@ -78,6 +77,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run |Pearson TestNav |1.10.2.0 |Store |Pearson| |Questar Secure Browser |4.8.3.376 |Win32 |Questar| |ReadAndWriteForWindows |12.0.60.0 |Win32 |Texthelp Ltd.| +|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft| |Remote Help |3.8.0.12 |Win32 |Microsoft| |Respondus Lockdown Browser |2.0.8.05 |Win32 |Respondus| |Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser| From c1e2ae760499e702345713f1bb270c598e641178 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 16 Jun 2022 08:21:32 -0700 Subject: [PATCH 399/540] add win11 mdt redirect --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4b33fc9284..9a87d541b5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19554,6 +19554,11 @@ "source_path": "windows/client-management/img-boot-sequence.md", "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence", "redirect_document_id": false + }, + { + "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md", + "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt", + "redirect_document_id": false } ] } From bf86fcdd86a4365b5dfb44bde0e66411ee90a765 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 16 Jun 2022 10:06:04 -0700 Subject: [PATCH 400/540] fix MicrosoftDocs/windows-itpro-docs#10604 --- .../windows-10-subscription-activation.md | 79 ++++++++++--------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index f0fcf08d07..cdaf9434b1 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -1,6 +1,6 @@ --- title: Windows 10/11 Subscription Activation -description: In this article, you will learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions. +description: In this article, you'll learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions. ms.custom: seo-marvel-apr2020 ms.prod: w10 ms.localizationpriority: medium @@ -13,6 +13,7 @@ ms.collection: search.appverid: - MET150 ms.topic: article +ms.date: 06/16/2022 --- # Windows 10/11 Subscription Activation @@ -21,13 +22,13 @@ Applies to: - Windows 10 - Windows 11 -Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5. +Windows 10 Pro supports the Subscription Activation feature, enabling users to "step-up" from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they're subscribed to Windows 10/11 Enterprise E3 or E5. With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**. -The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. +The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. -See the following topics: +See the following articles: - [Subscription Activation](#subscription-activation-for-windows-1011-enterprise): An introduction to Subscription Activation for Windows 10/11 Enterprise. - [Subscription Activation for Education](#subscription-activation-for-windows-1011-enterprise): Information about Subscription Activation for Windows 10/11 Education. @@ -44,7 +45,7 @@ For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots. - If you are running Windows 10, version 1703 or later: + If you're running Windows 10, version 1703 or later: - Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively. - Product key-based Windows 10 Enterprise or Windows 11 Enterprise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions. @@ -62,7 +63,7 @@ Subscription Activation for Education works the same as the Enterprise version, Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host. -When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM. +When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (Azure AD) account on a VM. To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V. @@ -73,14 +74,14 @@ To support Inherited Activation, both the host computer and the VM must be runni The following list illustrates how deploying Windows client has evolved with each release: - **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
              -- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.
              -- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
              -- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
              -- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
              -- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
              -- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
              +- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a "repair upgrade" because the OS version was the same before and after). This was a lot easier than wipe-and-load, but it was still time-consuming.
              +- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
              +- **Windows 10, version 1607** made a large leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
              +- **Windows 10, version 1703** made this "step-up" from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
              +- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
              +- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It's no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
              - **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription. -- **Windows 11** updates Subscription Activation to work on both Windows 10 and Windows 11 devices. **Important**: Subscription activation does not update a device from Windows 10 to Windows 11. Only the edition is updated. +- **Windows 11** updates Subscription Activation to work on both Windows 10 and Windows 11 devices. **Important**: Subscription activation doesn't update a device from Windows 10 to Windows 11. Only the edition is updated. ## Requirements @@ -92,19 +93,19 @@ The following list illustrates how deploying Windows client has evolved with eac > [!IMPORTANT] > Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants. -For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: +For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following requirements: - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. Windows 11 is considered a "later" version in this context. - Azure Active Directory (Azure AD) available for identity management. -- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. +- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported. -For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10/11 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10/11 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). +For Microsoft customers that don't have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10/11 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10/11 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). -If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/en-us/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/) +If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/) #### Multifactor authentication -An issue has been identified with Hybrid Azure AD-joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. +An issue has been identified with Hybrid Azure AD-joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device won't successfully upgrade to their Windows Enterprise subscription. To resolve this issue: @@ -112,7 +113,7 @@ If the device is running Windows 10, version 1809 or later: - Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch. -- When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below: +- When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there's a problem. Select the notification and then select **Fix now** to step through the subscription activation process. See the example below: ![Subscription Activation with MFA example 1.](images/sa-mfa1.png)
              @@ -127,7 +128,7 @@ Organizations that use Azure Active Directory Conditional Access may want to exc - Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded. - A device with a Windows 10 Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**. - The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription. -- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. +- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported. > [!IMPORTANT] > If Windows 10 Pro is converted to Windows 10 Pro Education by [using benefits available in Store for Education](/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition. @@ -135,18 +136,18 @@ Organizations that use Azure Active Directory Conditional Access may want to exc ## Benefits -With Windows 10/11 Enterprise or Windows 10/11 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10/11 Education or Windows 10/11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: +With Windows 10/11 Enterprise or Windows 10/11 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10/11 Education or Windows 10/11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it's available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: -- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare) +- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare) - [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing) You can benefit by moving to Windows as an online service in the following ways: - Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization. -- User logon triggers a silent edition upgrade, with no reboot required. +- User sign-in triggers a silent edition upgrade, with no reboot required. -- Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys. +- Support for mobile worker/BYOD activation; transition away from on-premises KMS and MAK keys. - Compliance support via seat assignment. @@ -163,9 +164,9 @@ The IT administrator assigns Windows 10 Enterprise to a user. See the following ![Windows 10 Enterprise.](images/ent.png) -When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user’s subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires. +When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user's subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires. -Devices running Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education General Availability Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel. +Devices running Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education General Availability Channel on up to five devices for each user covered by the license. This benefit doesn't include Long Term Servicing Channel. The following figures summarize how the Subscription Activation model works: @@ -177,32 +178,32 @@ After Windows 10, version 1903:
              > [!NOTE] > -> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019). +> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when "Windows 10 Enterprise" license is assigned from M365 Admin center (as of May 2019). > -> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019). +> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when "Windows 10 Enterprise" license is assigned from M365 Admin center (as of May 2019). ### Scenarios #### Scenario #1 -You are using Windows 10, version 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise). +You're using Windows 10, version 1803 or above, and purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven't yet deployed Windows 10 Enterprise). All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device. #### Scenario #2 -Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts.  The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in. +Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts. The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in. -In summary, if you have a Windows 10 Enterprise E3 or E5 subscription, but are still running Windows 10 Pro, it’s really simple (and quick) to move to Windows 10 Enterprise using one of the scenarios above. +In summary, if you have a Windows 10 Enterprise E3 or E5 subscription, but are still running Windows 10 Pro, it's simple (and quick) to move to Windows 10 Enterprise using one of the scenarios above. -If you’re running Windows 7, it can be more work.  A wipe-and-load approach works, but it is likely to be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise. This is a supported path, and completes the move in one step.  This method also works if you are running Windows 8.1 Pro. +If you're running Windows 7, it can be more work. A wipe-and-load approach works, but it's likely to be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise. This path is supported, and completes the move in one step. This method also works if you're running Windows 8.1 Pro. ### Licenses The following policies apply to acquisition and renewal of licenses on devices: - Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license. - If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew. -- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user has not logged in the longest will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. +- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user hasn't logged in the longest will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. - If a device meets the requirements and a licensed user signs in on that device, it will be upgraded. Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs. @@ -211,14 +212,14 @@ When you have the required Azure AD subscription, group-based licensing is the p ### Existing Enterprise deployments -If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10/11 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise. +If you're running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10/11 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise. -Subscription Activation doesn’t remove the need to activate the underlying operating system, this is still a requirement for running a genuine installation of Windows. +Subscription Activation doesn't remove the need to activate the underlying operating system, this is still a requirement for running a genuine installation of Windows. > [!CAUTION] > Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience). -If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key. +If you're using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key. If the computer has never been activated with a Pro key, run the following script. Copy the text below into a `.cmd` file, and run the file from an elevated command prompt: @@ -241,7 +242,7 @@ changepk.exe /ProductKey %ProductKey% Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, you can use the following Windows PowerShell script instead: ```powershell -$(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;.\changepk.exe /Productkey $_ } else { Write-Host "No key present" } } +$(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;changepk.exe /Productkey $_ } else { Write-Host "No key present" } } ``` ### Obtaining an Azure AD license @@ -268,11 +269,11 @@ See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md). ## Virtual Desktop Access (VDA) -Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx). +Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Microsoft Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx). Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md). -## Related topics +## Related articles [Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
              [Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
              From 33cf034d82b951bdd87d578685c089178d9825e9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 16 Jun 2022 10:11:52 -0700 Subject: [PATCH 401/540] add whitespace --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index cdaf9434b1..622dd316a5 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -26,7 +26,7 @@ Windows 10 Pro supports the Subscription Activation feature, enabling users to " With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**. -The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. +The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices. See the following articles: From bbbe17098f89875af196e46b0c46d300547728a0 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Fri, 17 Jun 2022 00:07:20 +0530 Subject: [PATCH 402/540] Updated-6038482-B3 Bulk metadata update. --- .../getting-started-with-the-user-state-migration-tool.md | 4 ---- windows/deployment/usmt/migrate-application-settings.md | 4 ---- windows/deployment/usmt/migration-store-types-overview.md | 4 ---- windows/deployment/usmt/offline-migration-reference.md | 4 ---- .../deployment/usmt/understanding-migration-xml-files.md | 4 ---- windows/deployment/usmt/usmt-best-practices.md | 4 ---- windows/deployment/usmt/usmt-choose-migration-store-type.md | 4 ---- windows/deployment/usmt/usmt-command-line-syntax.md | 4 ---- windows/deployment/usmt/usmt-common-issues.md | 4 ---- windows/deployment/usmt/usmt-common-migration-scenarios.md | 4 ---- windows/deployment/usmt/usmt-configxml-file.md | 4 ---- windows/deployment/usmt/usmt-conflicts-and-precedence.md | 4 ---- windows/deployment/usmt/usmt-custom-xml-examples.md | 4 ---- windows/deployment/usmt/usmt-customize-xml-files.md | 4 ---- windows/deployment/usmt/usmt-determine-what-to-migrate.md | 4 ---- .../deployment/usmt/usmt-estimate-migration-store-size.md | 4 ---- windows/deployment/usmt/usmt-exclude-files-and-settings.md | 4 ---- .../usmt-extract-files-from-a-compressed-migration-store.md | 4 ---- windows/deployment/usmt/usmt-general-conventions.md | 4 ---- windows/deployment/usmt/usmt-hard-link-migration-store.md | 4 ---- windows/deployment/usmt/usmt-how-it-works.md | 4 ---- windows/deployment/usmt/usmt-how-to.md | 4 ---- .../deployment/usmt/usmt-identify-application-settings.md | 4 ---- .../usmt/usmt-identify-file-types-files-and-folders.md | 4 ---- .../usmt/usmt-identify-operating-system-settings.md | 4 ---- windows/deployment/usmt/usmt-identify-users.md | 4 ---- windows/deployment/usmt/usmt-include-files-and-settings.md | 4 ---- windows/deployment/usmt/usmt-loadstate-syntax.md | 4 ---- windows/deployment/usmt/usmt-log-files.md | 4 ---- .../usmt/usmt-migrate-efs-files-and-certificates.md | 4 ---- windows/deployment/usmt/usmt-migrate-user-accounts.md | 4 ---- windows/deployment/usmt/usmt-migration-store-encryption.md | 4 ---- windows/deployment/usmt/usmt-overview.md | 4 ---- windows/deployment/usmt/usmt-plan-your-migration.md | 4 ---- .../usmt/usmt-recognized-environment-variables.md | 4 ---- windows/deployment/usmt/usmt-reference.md | 4 ---- windows/deployment/usmt/usmt-requirements.md | 4 ---- windows/deployment/usmt/usmt-reroute-files-and-settings.md | 4 ---- windows/deployment/usmt/usmt-resources.md | 4 ---- windows/deployment/usmt/usmt-return-codes.md | 4 ---- windows/deployment/usmt/usmt-scanstate-syntax.md | 4 ---- windows/deployment/usmt/usmt-technical-reference.md | 4 ---- windows/deployment/usmt/usmt-test-your-migration.md | 4 ---- windows/deployment/usmt/usmt-topics.md | 4 ---- windows/deployment/usmt/usmt-troubleshooting.md | 4 ---- windows/deployment/usmt/usmt-utilities.md | 4 ---- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 4 ---- windows/deployment/usmt/usmt-xml-elements-library.md | 4 ---- windows/deployment/usmt/usmt-xml-reference.md | 4 ---- .../verify-the-condition-of-a-compressed-migration-store.md | 4 ---- windows/deployment/usmt/xml-file-requirements.md | 4 ---- .../volume-activation/activate-forest-by-proxy-vamt.md | 5 ----- .../deployment/volume-activation/activate-forest-vamt.md | 5 ----- ...tivate-using-active-directory-based-activation-client.md | 6 ------ .../activate-using-key-management-service-vamt.md | 6 ------ .../volume-activation/activate-windows-10-clients-vamt.md | 6 ------ .../active-directory-based-activation-overview.md | 5 ----- .../volume-activation/add-manage-products-vamt.md | 5 ----- .../volume-activation/add-remove-computers-vamt.md | 5 ----- .../volume-activation/add-remove-product-key-vamt.md | 5 ----- .../volume-activation/configure-client-computers-vamt.md | 5 ----- .../deployment/volume-activation/install-configure-vamt.md | 5 ----- .../volume-activation/install-kms-client-key-vamt.md | 5 ----- .../volume-activation/install-product-key-vamt.md | 5 ----- windows/deployment/volume-activation/install-vamt.md | 5 ----- windows/deployment/volume-activation/introduction-vamt.md | 5 ----- windows/deployment/volume-activation/kms-activation-vamt.md | 5 ----- .../deployment/volume-activation/local-reactivation-vamt.md | 5 ----- .../deployment/volume-activation/manage-activations-vamt.md | 5 ----- .../volume-activation/manage-product-keys-vamt.md | 5 ----- windows/deployment/volume-activation/manage-vamt-data.md | 5 ----- .../volume-activation/monitor-activation-client.md | 6 ------ .../deployment/volume-activation/online-activation-vamt.md | 5 ----- .../volume-activation/plan-for-volume-activation-client.md | 6 ------ .../deployment/volume-activation/proxy-activation-vamt.md | 5 ----- .../deployment/volume-activation/remove-products-vamt.md | 5 ----- .../volume-activation/scenario-kms-activation-vamt.md | 5 ----- .../volume-activation/scenario-online-activation-vamt.md | 5 ----- .../volume-activation/scenario-proxy-activation-vamt.md | 5 ----- .../volume-activation/update-product-status-vamt.md | 5 ----- .../use-the-volume-activation-management-tool-client.md | 6 ------ .../volume-activation/use-vamt-in-windows-powershell.md | 5 ----- windows/deployment/volume-activation/vamt-known-issues.md | 5 ----- windows/deployment/volume-activation/vamt-requirements.md | 5 ----- windows/deployment/volume-activation/vamt-step-by-step.md | 5 ----- .../volume-activation/volume-activation-management-tool.md | 5 ----- .../volume-activation/volume-activation-windows-10.md | 6 ------ 87 files changed, 391 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index bd5d79739e..bd09b57aab 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) - Getting Started (Windows 10) description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT). -ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index fa2338fdd9..1f3b261ab9 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -1,14 +1,10 @@ --- title: Migrate Application Settings (Windows 10) description: Learn how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml. -ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 746682f4d8..4ad81de369 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -1,14 +1,10 @@ --- title: Migration Store Types Overview (Windows 10) description: Learn about the migration store types and how to determine which migration store type best suits your needs. -ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index d3d5adc181..00215fe853 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -1,14 +1,10 @@ --- title: Offline Migration Reference (Windows 10) description: Offline migration enables the ScanState tool to run inside a different Windows OS than the Windows OS from which ScanState is gathering files and settings. -ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index a958ea914b..01aac53236 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -1,14 +1,10 @@ --- title: Understanding Migration XML Files (Windows 10) description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files. -ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index c5c2dd15aa..ec06b1b5ab 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -2,14 +2,10 @@ title: USMT Best Practices (Windows 10) description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. ms.custom: seo-marvel-apr2020 -ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 7f4625f2a6..9b20c0385e 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -1,14 +1,10 @@ --- title: Choose a Migration Store Type (Windows 10) description: Learn how to choose a migration store type and estimate the amount of disk space needed for computers in your organization. -ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 828f838ae9..95be767505 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) Command-line Syntax (Windows 10) description: Learn about the User State Migration Tool (USMT) command-line syntax for using the ScanState tool, LoadState tool, and UsmtUtils tool. -ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 9e7bb9aacb..ade22cbde7 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -1,15 +1,11 @@ --- title: Common Issues (Windows 10) description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. -ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.date: 09/19/2017 -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index a223b4db6e..854bc6b73f 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -1,14 +1,10 @@ --- title: Common Migration Scenarios (Windows 10) description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades. -ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 22bad03e5c..63388ac85d 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -1,14 +1,10 @@ --- title: Config.xml File (Windows 10) description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool. -ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 3deb500f90..2af6d73993 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -1,14 +1,10 @@ --- title: Conflicts and Precedence (Windows 10) description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. -ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 497ad18ac5..fa9dda30c7 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -1,14 +1,10 @@ --- title: Custom XML Examples (Windows 10) description: Use custom XML examples to learn how to migrate an unsupported application, migrate files and registry keys, and migrate the My Videos folder. -ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 5fa898a132..cc06b5e0ea 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -1,14 +1,10 @@ --- title: Customize USMT XML Files (Windows 10) description: Learn how to customize USMT XML files. Also, learn about the migration XML files that are included with USMT. -ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index db368bf884..19d8cf1875 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -1,14 +1,10 @@ --- title: Determine What to Migrate (Windows 10) description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0. -ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 612bacb671..16457cd210 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -1,14 +1,10 @@ --- title: Estimate Migration Store Size (Windows 10) description: Estimate the disk space requirement for a migration so that you can use User State Migration Tool (USMT). -ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 2daf0baed2..d3db14a398 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -1,14 +1,10 @@ --- title: Exclude Files and Settings (Windows 10) description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file. -ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 7b9045a432..5d06760857 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -1,14 +1,10 @@ --- title: Extract Files from a Compressed USMT Migration Store (Windows 10) description: In this article, learn how to extract files from a compressed User State Migration Tool (USMT) migration store. -ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 96abaac7e8..824ca75074 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -1,14 +1,10 @@ --- title: General Conventions (Windows 10) description: Learn about general XML guidelines and how to use XML helper functions in the XML Elements library to change migration behavior. -ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index ccbe76542b..8bcb20e216 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -1,14 +1,10 @@ --- title: Hard-Link Migration Store (Windows 10) description: Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization. -ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index a76d7b1dfe..a2a9939439 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -1,14 +1,10 @@ --- title: How USMT Works (Windows 10) description: Learn how USMT works and how it includes two tools that migrate settings and data - ScanState and LoadState. -ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article --- diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index ac9784aa2f..c22457f303 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) How-to topics (Windows 10) description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. -ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index 5e490921ae..d6287b456f 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -1,14 +1,10 @@ --- title: Identify Applications Settings (Windows 10) description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT). -ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index 424270d6f0..d3f89466ee 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -1,14 +1,10 @@ --- title: Identify File Types, Files, and Folders (Windows 10) description: Learn how to identify the file types, files, folders, and settings that you want to migrate when you're planning your migration. -ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 17bf9873f9..afea6979e6 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -1,14 +1,10 @@ --- title: Identify Operating System Settings (Windows 10) description: Identify which system settings you want to migrate, then use the User State Migration Tool (USMT) to select settings and keep the default values for all others. -ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index a4198c33d7..294142210c 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -1,14 +1,10 @@ --- title: Identify Users (Windows 10) description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts. -ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.topic: article ms.localizationpriority: medium diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 470fca55b7..1ff3740fc6 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -1,14 +1,10 @@ --- title: Include Files and Settings (Windows 10) description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0 to migrate the settings and components specified. -ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 94a1bc7455..d019f64f93 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -1,14 +1,10 @@ --- title: LoadState Syntax (Windows 10) description: Learn about the syntax and usage of the command-line options available when you use the LoadState command. -ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 77245a420c..37530b9f6c 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -1,14 +1,10 @@ --- title: Log Files (Windows 10) description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. -ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index fa47e15f49..557a608926 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -1,14 +1,10 @@ --- title: Migrate EFS Files and Certificates (Windows 10) description: Learn how to migrate Encrypting File System (EFS) certificates. Also, learn where to find information about how to identify file types, files, and folders. -ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index a9459513eb..c5adc7c133 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -1,14 +1,10 @@ --- title: Migrate User Accounts (Windows 10) description: Learn how to migrate user accounts and how to specify which users to include and exclude by using the User options on the command line. -ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index fd3a60b669..baff6e26b1 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -1,14 +1,10 @@ --- title: Migration Store Encryption (Windows 10) description:  Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES). -ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 63d0299299..3b9eb9b707 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -1,13 +1,9 @@ --- title: User State Migration Tool (USMT) Overview (Windows 10) description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. -ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 10/16/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index 4712673a3f..248b3645e1 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -1,14 +1,10 @@ --- title: Plan Your Migration (Windows 10) description: Learn how to your plan your migration carefully so your migration can proceed smoothly and so that you reduce the risk of migration failure. -ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 142a94a953..621d54116b 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -1,13 +1,9 @@ --- title: Recognized Environment Variables (Windows 10) description: Learn how to use environment variables to identify folders that may be different on different computers. -ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index 5443b4a367..44228df5ef 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -1,14 +1,10 @@ --- title: User State Migration Toolkit (USMT) Reference (Windows 10) description: Use this User State Migration Toolkit (USMT) article to learn details about USMT, like operating system, hardware, and software requirements, and user prerequisites. -ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index ee64c3fc7a..36394f875a 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -1,14 +1,10 @@ --- title: USMT Requirements (Windows 10) description: While the User State Migration Tool (USMT) doesn't have many requirements, these tips and tricks can help smooth the migration process. -ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 05/03/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index 2f40674276..526e988ace 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -1,14 +1,10 @@ --- title: Reroute Files and Settings (Windows 10) description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings. -ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index bd33a0fe0c..c0384baa68 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -1,14 +1,10 @@ --- title: USMT Resources (Windows 10) description: Learn about User State Migration Tool (USMT) online resources, including Microsoft Visual Studio and forums. -ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 66c47f5030..108dc532c1 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -1,14 +1,10 @@ --- title: Return Codes (Windows 10) description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps. -ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 4a3128adbb..816652d904 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -1,14 +1,10 @@ --- title: ScanState Syntax (Windows 10) description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. -ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 01e3fdda08..eb4cd7306c 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) Technical Reference (Windows 10) description: The User State Migration Tool (USMT) provides a highly customizable user-profile migration experience for IT professionals. -ms.assetid: f90bf58b-5529-4520-a9f8-b6cb4e4d3add ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index 1d3f4cee93..928a7307d9 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -1,14 +1,10 @@ --- title: Test Your Migration (Windows 10) description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization. -ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index 995a043c4a..65146dd2ac 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) Overview Topics (Windows 10) description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals. -ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index 0ca52a4be6..78dbd791cf 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -1,14 +1,10 @@ --- title: User State Migration Tool (USMT) Troubleshooting (Windows 10) description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting. -ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index c0f915c647..158700b4ee 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -1,14 +1,10 @@ --- title: UsmtUtils Syntax (Windows 10) description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. -ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 77ff8332d5..f61a77dc08 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -1,14 +1,10 @@ --- title: What does USMT migrate (Windows 10) description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. -ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 09/12/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index a341a5c9af..8a5c5bd2f7 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -1,14 +1,10 @@ --- title: XML Elements Library (Windows 10) description: Learn about the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). -ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index 4914735268..eaad60c807 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -1,14 +1,10 @@ --- title: USMT XML Reference (Windows 10) description: Learn about working with and customizing the migration XML files using User State Migration Tool (USMT) XML Reference for Windows 10. -ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 86e31ea74e..a6ad05ad42 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -1,14 +1,10 @@ --- title: Verify the Condition of a Compressed Migration Store (Windows 10) description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT). -ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index fd142dc7ab..9fa7659525 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -1,14 +1,10 @@ --- title: XML File Requirements (Windows 10) description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration URL ID. -ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.date: 04/19/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index ad970a4135..8b4201322d 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -1,15 +1,10 @@ --- title: Activate by Proxy an Active Directory Forest (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest. -ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index 799cc466f7..3cbecb7694 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -1,15 +1,10 @@ --- title: Activate an Active Directory Forest Online (Windows 10) description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online. -ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index e0b8564696..bbc1b4b9d4 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -2,15 +2,9 @@ title: Activate using Active Directory-based activation (Windows 10) description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects. ms.custom: seo-marvel-apr2020 -ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af manager: dougeby ms.author: aaroncz -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 01/13/2022 diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 052e94805a..8c64ff18da 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -1,15 +1,9 @@ --- title: Activate using Key Management Service (Windows 10) -ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac manager: dougeby ms.author: aaroncz description: How to activate using Key Management Service in Windows 10. -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 10/16/2017 diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index 298b2b8332..4c3a45ae2e 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -1,16 +1,10 @@ --- title: Activate clients running Windows 10 (Windows 10) description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. -ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md index c850c19029..9e64bfc93f 100644 --- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md +++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md @@ -1,15 +1,10 @@ --- title: Active Directory-Based Activation Overview (Windows 10) description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA). -ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 12/07/2018 ms.topic: article diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index db9d79f768..d177646453 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -1,15 +1,10 @@ --- title: Add and Manage Products (Windows 10) description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network. -ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 23927b1b83..b5ddea11f7 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -1,16 +1,11 @@ --- title: Add and Remove Computers (Windows 10) description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query. -ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski -ms.pagetype: activation ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index f0d9ddec1e..c628b7e30b 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -1,15 +1,10 @@ --- title: Add and Remove a Product Key (Windows 10) description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database. -ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index 88d4242b75..6893932b20 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -1,16 +1,11 @@ --- title: Configure Client Computers (Windows 10) description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly. -ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc ms.reviewer: manager: dougeby author: aczechowski ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro ms.date: 04/30/2020 ms.topic: article --- diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index dda22b09a0..2a0db88665 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -1,15 +1,10 @@ --- title: Install and Configure VAMT (Windows 10) description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process. -ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index 94f7464d20..e00654d103 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -1,15 +1,10 @@ --- title: Install a KMS Client Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. -ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index 7e950b2f26..1c7b394ef5 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -1,15 +1,10 @@ --- title: Install a Product Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK). -ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index 85a68c4051..18f56fb621 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -1,14 +1,9 @@ --- title: Install VAMT (Windows 10) description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. -ms.assetid: 2eabd3e2-0a68-43a5-8189-2947e46482fc manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 03/11/2019 diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index d91aa9b28b..403b5a2209 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -1,15 +1,10 @@ --- title: Introduction to VAMT (Windows 10) description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process. -ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index e76d842eee..e3ae850a19 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Perform KMS Activation (Windows 10) description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). -ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index 8e023f8139..10efe983e0 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -1,15 +1,10 @@ --- title: Perform Local Reactivation (Windows 10) description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT). -ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index a2bcb071f0..e70082002b 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -1,15 +1,10 @@ --- title: Manage Activations (Windows 10) description: Learn how to manage activations and how to activate a client computer by using various activation methods. -ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index a34b08e940..c39474fcff 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -1,15 +1,10 @@ --- title: Manage Product Keys (Windows 10) description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT). -ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index 5e35c28ac0..298f4300e6 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -1,15 +1,10 @@ --- title: Manage VAMT Data (Windows 10) description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT). -ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index cd28eba722..7f73814284 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -1,16 +1,10 @@ --- title: Monitor activation (Windows 10) -ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26 ms.reviewer: manager: dougeby ms.author: aaroncz description: Understand the most common methods to monitor the success of the activation process for a computer running Windows. -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index 5366547971..27b477d92d 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Perform Online Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online. -ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index a70ba05afe..899939d263 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -1,16 +1,10 @@ --- title: Plan for volume activation (Windows 10) description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. -ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 2e452f73bc..fd612a7f9b 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Perform Proxy Activation (Windows 10) description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access. -ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index 8fd983dc35..fb4282d3ac 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -1,15 +1,10 @@ --- title: Remove Products (Windows 10) description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT). -ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index a712721f96..d7635a95d0 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Scenario 3 KMS Client Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). -ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index 4ff25fc5c9..93960a399c 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Scenario 1 Online Activation (Windows 10) description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment. -ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index 1457e41148..0bf79390db 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -1,15 +1,10 @@ --- title: Scenario 2 Proxy Activation (Windows 10) description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment. -ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index 4ef9b10724..69fd4f603b 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -1,15 +1,10 @@ --- title: Update Product Status (Windows 10) description: Learn how to use the Update license status function to add the products that are installed on the computers. -ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index bb2b1c26f1..d330d9c58c 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -1,16 +1,10 @@ --- title: Use the Volume Activation Management Tool (Windows 10) description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys. -ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index 6eeeb2af62..1bb0fe7458 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -1,15 +1,10 @@ --- title: Use VAMT in Windows PowerShell (Windows 10) description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool. -ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 1589ec325a..3b40e5ba6c 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,15 +1,10 @@ --- title: VAMT known issues (Windows 10) description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. -ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 12/17/2019 ms.topic: article diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index aaea5d4ad1..7866a50e98 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -1,15 +1,10 @@ --- title: VAMT Requirements (Windows 10) description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT). -ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 9e0146f4f9..96e2238db0 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -1,15 +1,10 @@ --- title: VAMT Step-by-Step Scenarios (Windows 10) description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. -ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10 ms.reviewer: manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index a28449fdae..ec4715c198 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -1,14 +1,9 @@ --- title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10) description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation. -ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a manager: dougeby ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.date: 04/25/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 6e485dd62d..c255592df6 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -1,16 +1,10 @@ --- title: Volume Activation for Windows 10 description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows. -ms.assetid: 6e8cffae-7322-4fd3-882a-cde68187aef2 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: vamt, volume activation, activation, windows activation ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: aczechowski ms.localizationpriority: medium ms.date: 07/27/2017 From b3b7aa1550c384743422431a7c0e7a0621bf0187 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Fri, 17 Jun 2022 00:21:05 +0530 Subject: [PATCH 403/540] Updated-6038482-B3 Article updated to meet Acrolinx target. --- windows/deployment/usmt/usmt-custom-xml-examples.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index fa9dda30c7..1d0f8da736 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -13,7 +13,7 @@ ms.topic: article ## Example 1: Migrating an Unsupported Application -The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file. +The following is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file. ``` xml @@ -87,11 +87,11 @@ The following sample is a custom .xml file named CustomFile.xml that migrates My `MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")` -- **Sample filter**: Filters out the shortcuts in My Videos that do not resolve on the destination computer: +- **Sample filter**: Filters out the shortcuts in My Videos that don't resolve on the destination computer: `` - This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering. + This has no effect on files that aren't shortcuts. For example, if there's a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering. - **Sample pattern**: Migrates My Videos for all users: @@ -126,7 +126,7 @@ The following sample is a custom .xml file named CustomFile.xml that migrates My The sample patterns describe the behavior in the following example .xml file. -- **Sample pattern**: Migrates all instances of the file Usmttestfile.txt from all sub-directories under `%ProgramFiles%\USMTTestFolder`: +- **Sample pattern**: Migrates all instances of the file Usmttestfile.txt from all subdirectories under `%ProgramFiles%\USMTTestFolder`: `%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]` From b0e680090687f79658d69f609fdc1d438457a958 Mon Sep 17 00:00:00 2001 From: Jake Stoker <94176328+JASTOKER@users.noreply.github.com> Date: Thu, 16 Jun 2022 20:56:30 +0100 Subject: [PATCH 404/540] Update windows-autopatch-register-devices.md added the word "group". Previously the message said "use a different Azure AD" whereas it should be "use a different Azure AD group" --- .../deploy/windows-autopatch-register-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 13a2333745..67f32f3f6c 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -42,7 +42,7 @@ Azure AD groups synced up from: - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync). > [!WARNING] -> It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. +> It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD group when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. > [!IMPORTANT] > The **Windows Autopatch Device Registration** Azure AD group only supports one level of Azure AD nested groups. From 480a37534da5a8cb5a515694773adfca2e816540 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:35:24 -0700 Subject: [PATCH 405/540] add comdatapipeline --- .../update/update-compliance-configuration-manual.md | 5 ++++- .../update/update-compliance-configuration-mem.md | 7 +++++++ .../update/update-compliance-configuration-script.md | 6 +++++- .../update/update-compliance-v2-configuration-manual.md | 2 ++ .../update/update-compliance-v2-configuration-mem.md | 7 +++++++ .../update/update-compliance-v2-configuration-script.md | 6 +++++- 6 files changed, 30 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 4a022f2559..308c20b85b 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -49,7 +49,8 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | | **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | - +| **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | + ### Group policies All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. @@ -61,6 +62,8 @@ All Group policies that need to be configured for Update Compliance are under ** |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | |**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | + ## Required endpoints diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 57acb3647b..a6ed493a4e 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -68,6 +68,13 @@ Take the following steps to create a configuration profile that will set require - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` - **Data type**: Integer - **Value**: 16 + 6. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: + - **Name**: Allow commercial data pipeline + - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` + - **Data type**: Integer + - **Value**: 1 + 7. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 8. Review and select **Create**. diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index fe5ee1aabc..f4c88e5d7e 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 04/27/2022 +ms.date: 06/16/2022 --- # Configuring devices through the Update Compliance Configuration Script @@ -94,6 +94,10 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| +| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline | +| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path | +| 97 | Failed to update value for EnableAllowCommercialDataPipeline | +| 98 | Unexpected exception in EnableAllowCommercialDataPipeline | | 99 | Device is not Windows 10.| diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 685add0ca0..97e1c41738 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -48,6 +48,7 @@ Each MDM Policy links to its documentation in the configuration service provider |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and won't be visible in Update Compliance, showing `#` instead. | | **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | ### Group policies @@ -60,6 +61,7 @@ All Group policies that need to be configured for Update Compliance are under ** |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Update Compliance, showing `#` instead. | |**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | ## Required endpoints diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 2deb4f74aa..179efe7fc2 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -67,6 +67,13 @@ Take the following steps to create a configuration profile that will set require - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` - **Data type**: Integer - **Value**: 16 + 1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: + - **Name**: Allow commercial data pipeline + - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` + - **Data type**: Integer + - **Value**: 1 + 1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Review and select **Create**. diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 8c879261e7..29106e4245 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 06/16/2022 --- # Configuring devices through the Update Compliance (preview) Configuration Script @@ -127,6 +127,10 @@ In some cases, you may need to manually verify the device configuration has the | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| +| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline | +| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path | +| 97 | Failed to update value for EnableAllowCommercialDataPipeline | +| 98 | Unexpected exception in EnableAllowCommercialDataPipeline | | 99 | Device isn't Windows 10.| ## Next steps From d4e6329330746a492e4ab00fe126ecce44ebc985 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:46:53 -0700 Subject: [PATCH 406/540] add comdatapipeline --- .../update/update-compliance-configuration-manual.md | 5 +---- .../deployment/update/update-compliance-configuration-mem.md | 5 +---- .../update/update-compliance-configuration-script.md | 2 -- windows/deployment/update/update-compliance-get-started.md | 5 ----- .../update/update-compliance-v2-configuration-manual.md | 3 +-- .../update/update-compliance-v2-configuration-mem.md | 4 ++-- .../update/update-compliance-v2-configuration-script.md | 3 +-- 7 files changed, 6 insertions(+), 21 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 308c20b85b..3f1840da1b 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -18,9 +18,6 @@ ms.topic: article - Windows 10 - Windows 11 -> [!NOTE] -> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. - There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. The requirements are separated into different categories: @@ -53,7 +50,7 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e ### Group policies -All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. +All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Policies>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. | Policy | Value | Function | |---------------------------|-|-----------------------------------------------------------| diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index a6ed493a4e..edf0dc2abd 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -15,12 +15,9 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 - Windows 11 -> [!NOTE] -> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. - This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured. diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index f4c88e5d7e..bb275f2935 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -19,8 +19,6 @@ ms.date: 06/16/2022 - Windows 10 - Windows 11 -> [!NOTE] -> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 39a89bda85..2497f639dc 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -20,11 +20,6 @@ ms.date: 05/03/2022 - Windows 10 - Windows 11 -> [!IMPORTANT] -> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. -> -> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. - This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. 1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance. diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 97e1c41738..708fcce0bf 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -17,8 +17,7 @@ ms.date: 06/06/2022 ***(Applies to: Windows 11 & Windows 10)*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more information, see the Mobile Device Management policies and Group policies tables. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. There are a number of requirements to consider when manually configuring devices for Update Compliance. These requirements can potentially change with newer versions of Windows client. The [Update Compliance configuration script](update-compliance-v2-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 179efe7fc2..3f5e826aa3 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -17,8 +17,8 @@ ms.date: 06/06/2022 ***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Endpoint Manager](/mem/endpoint-manager-overview))*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more information, see the Mobile Device Management policies and Group policies tables. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. + This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps: diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 29106e4245..aafe9ff807 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -17,8 +17,7 @@ ms.date: 06/16/2022 ***(Applies to: Windows 11 & Windows 10)*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - A new policy is required to use Update Compliance: `AllowUpdateComplianceProcessing`. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-v2-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. From 2e910a9042c91c8359ed8d00df3a4d5cd92cb05d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:52:21 -0700 Subject: [PATCH 407/540] add comdatapipeline --- .../deployment/update/update-compliance-configuration-mem.md | 2 +- .../deployment/update/update-compliance-v2-configuration-mem.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index edf0dc2abd..1661658fdb 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -67,7 +67,7 @@ Take the following steps to create a configuration profile that will set require - **Value**: 16 6. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: - **Name**: Allow commercial data pipeline - - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` - **Data type**: Integer - **Value**: 1 diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 3f5e826aa3..1a6b98c90c 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -69,7 +69,7 @@ Take the following steps to create a configuration profile that will set require - **Value**: 16 1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: - **Name**: Allow commercial data pipeline - - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` - **Data type**: Integer - **Value**: 1 From 309b18cc5b7ede21c2f6e2fe776d4832ff50d6eb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 17 Jun 2022 09:58:39 +0500 Subject: [PATCH 408/540] Update edit-an-applocker-policy.md --- .../applocker/edit-an-applocker-policy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index 811e3ab499..7c697728f5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -40,7 +40,9 @@ There are three methods you can use to edit an AppLocker policy: - [Editing an AppLocker policy by using the Local Security Policy snap-in](#bkmk-editapplolnotingpo) ## Editing an AppLocker policy by using Mobile Device Management (MDM) +If you deployed AppLocker policy using the AppLocker configuration service provider, you can edit the policies in your MDM solution by altering the content in the string value of policy node. +For more information, see the [AppLocker CSP](/windows/client-management/mdm/applocker-csp). ## Editing an AppLocker policy by using Group Policy From 8f6076f8eafc671b0ed4319593085364ad06ed6d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Fri, 17 Jun 2022 12:14:09 +0530 Subject: [PATCH 409/540] Improper acronyms review update-06 The updates here are made as per task: 6027362. This PR is especially to change instances of " System Center 2012 R2 Configuration Manager" into just "Configuration Manager". --- .../ie11-deploy-guide/choose-how-to-install-ie11.md | 2 +- .../deploy-ie11-using-software-distribution-tools.md | 2 +- education/windows/chromebook-migration-guide.md | 2 +- windows/application-management/app-v/appv-about-appv.md | 6 +----- windows/client-management/manage-corporate-devices.md | 8 +------- .../get-started-with-the-microsoft-deployment-toolkit.md | 2 +- ...ulate-a-windows-10-deployment-in-a-test-environment.md | 2 +- windows/deployment/windows-10-poc-mdt.md | 2 +- .../deployment/windows-deployment-scenarios-and-tools.md | 4 ++-- 9 files changed, 10 insertions(+), 20 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md index 187e1eade3..0175cb7bbe 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md @@ -29,7 +29,7 @@ Before you install Internet Explorer 11, you should: - **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation. - - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune). + - **Existing computers running Windows.** Use Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune). - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825251(v=win.10)). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/), [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10)). diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md index 9e65453694..7eaac18e22 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md @@ -21,7 +21,7 @@ ms.date: 07/27/2017 If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include: -- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)). +- **Configuration Manager** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)). - **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)). diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 37e9cba645..4d10551b69 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -486,7 +486,7 @@ Table 9. Management systems and deployment resources |Windows provisioning packages|
            • [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
            • [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
            • [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)| |Group Policy|
            • [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
            • [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"| |Configuration Manager|
            • [Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
            • [Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))| -|Intune|
            • [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
            • [System Center 2012 R2 Configuration Manager &amp; Windows Intune](/learn/?l=fCzIjVKy_6404984382)| +|Intune|
            • [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
            • [Configuration Manager & Windows Intune](/learn/?l=fCzIjVKy_6404984382)| |MDT|
            • [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)| If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps. diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md index ed4e23e340..3c080dc8c9 100644 --- a/windows/application-management/app-v/appv-about-appv.md +++ b/windows/application-management/app-v/appv-about-appv.md @@ -58,11 +58,7 @@ For more information about how to configure an existing App-V installation after ## Support for System Center -App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager. - - - - +App-V supports System Center 2016 and Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager. ## Related articles diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index e3104875bd..36da3dfcc9 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -45,11 +45,5 @@ You can use the same management tools to manage all device types running Windows [Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768) -Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](/learn/) - - - - - - +Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)   \ No newline at end of file diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md index 031d70b47f..d5a9a7653a 100644 --- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md @@ -157,7 +157,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well. **Note**   -The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). +The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). ## Monitoring diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md index 07f52f4978..3b225896bf 100644 --- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -45,7 +45,7 @@ On **PC0001**: & "C:\MDT\CMTrace" C:\MININT\SMSOSD\OSDLOGS\ZTIGather.log ``` -3. Download and install the free [Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool. +3. Download and install the free [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool. 4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group. 5. Sign off, and then sign on to PC0001 as **contoso\\MDT\_BA**. 6. Open the **\\\\MDT01\\MDTProduction$\\Scripts** folder and copy the following files to **C:\\MDT**: diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index 70a835b534..a0030a3a78 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -641,7 +641,7 @@ Deployment logs are available on the client computer in the following locations: You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**. -Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) +Tools for viewing log files, and to assist with troubleshooting are available in the [Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information. diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 0506bf17c4..bf62c49c51 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -51,7 +51,7 @@ For more information on DISM, see [DISM technical reference](/windows-hardware/m ### User State Migration Tool (USMT) -USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and System Center 2012 R2 Configuration Manager use USMT as part of the operating system deployment process. +USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and Configuration Manager use USMT as part of the operating system deployment process. USMT includes several command-line tools, the most important of which are ScanState and LoadState: @@ -173,7 +173,7 @@ TFTP changes are now easy to perform. MDT is a free deployment solution from Microsoft. It provides end-to-end guidance, best practices, and tools for planning, building, and deploying Windows operating systems. MDT builds on top of the core deployment tools in the Windows ADK by contributing guidance, reducing complexity, and adding critical features for an enterprise-ready deployment solution. -MDT has two main parts: the first is Lite Touch, which is a stand-alone deployment solution; the second is Zero Touch, which is an extension to System Center 2012 R2 Configuration Manager. +MDT has two main parts: the first is Lite Touch, which is a stand-alone deployment solution; the second is Zero Touch, which is an extension to Configuration Manager. **Note** Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information. From 50e6636ce877b0d0c658c71a17ef2bfc274718bf Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 17 Jun 2022 14:59:30 +0500 Subject: [PATCH 410/540] Update kernel-dma-protection-for-thunderbolt.md --- .../kernel-dma-protection-for-thunderbolt.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 1d0b0ea803..400250bf8d 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -92,7 +92,10 @@ Beginning with Windows 10 version 1809, you can use the Windows Security app to - Reboot system into Windows. >[!NOTE] - > **Hyper-V - Virtualization Enabled in Firmware** is not available when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is displayed. This means that **Hyper-V - Virtualization Enabled in Firmware** is set to Yes and the **Hyper-V** Windows feature is enabled. Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](/windows-hardware/design/device-experiences/oem-kernel-dma-protection). + > If the **Hyper-V** Windows feature is enabled, all the Hyper-V-related features will be hidden, and **A hypervisor has been detected. Features required for Hyper-V will not be displayed** entity will be shown on the bottom of the list. It means that **Hyper-V - Virtualization Enabled in Firmware** is set to YES. + + >[!NOTE] + > Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](/windows-hardware/design/device-experiences/oem-kernel-dma-protection). 4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature. From 4bc96cd544f814598bb6dc2ab7fae500c5e29691 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 17 Jun 2022 15:01:19 +0500 Subject: [PATCH 411/540] Update windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../interactive-logon-do-not-require-ctrl-alt-del.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md index 867bda657e..028bd47b3f 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md @@ -36,8 +36,8 @@ Microsoft developed this feature to make it easier for users with certain types A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has. ->[!NOTE] ->When the policy is defined, registry value **DisableCAD** located in **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System** is created. To revert the changes made by this policy, it is not enough to set its value to **Not defined**, this registry value need to be removed as well. +> [!NOTE] +> When the policy is defined, registry value **DisableCAD** located in **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System** is created. To revert the changes made by this policy, it is not enough to set its value to **Not defined**, this registry value needs to be removed as well. ### Possible values From feb179fa52f5a26b848e00cf31c29dd10bd6b16d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 17 Jun 2022 15:02:30 +0500 Subject: [PATCH 412/540] Update windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../applocker/edit-an-applocker-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index 7c697728f5..b96a2525dd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -40,7 +40,7 @@ There are three methods you can use to edit an AppLocker policy: - [Editing an AppLocker policy by using the Local Security Policy snap-in](#bkmk-editapplolnotingpo) ## Editing an AppLocker policy by using Mobile Device Management (MDM) -If you deployed AppLocker policy using the AppLocker configuration service provider, you can edit the policies in your MDM solution by altering the content in the string value of policy node. +If you deployed the AppLocker policy using the AppLocker configuration service provider, you can edit the policies in your MDM solution by altering the content in the string value of the policy node. For more information, see the [AppLocker CSP](/windows/client-management/mdm/applocker-csp). From 69c796edd17a91aac117c05d6e16a0331cea360e Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica <5600871+andreiztm@users.noreply.github.com> Date: Fri, 17 Jun 2022 14:38:57 +0300 Subject: [PATCH 413/540] Adding note about real impact of MFA issue This is as a result of an escalation from a commercial customer. --- windows/deployment/windows-10-subscription-activation.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 622dd316a5..290eddf758 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -123,6 +123,9 @@ If the device is running Windows 10, version 1809 or later: Organizations that use Azure Active Directory Conditional Access may want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f from their all users all cloud apps MFA policy to avoid this issue. +> [!NOTE] +> The above recommendation also applies to Azure AD joined devices. + ### Windows 10/11 Education requirements - Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded. From 0887642b6679600fcb02274e058cc987de068783 Mon Sep 17 00:00:00 2001 From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com> Date: Fri, 17 Jun 2022 15:41:12 +0200 Subject: [PATCH 414/540] Update waas-delivery-optimization.md Confusing versioning for Configuration Manager 1711 so I cleaned it up. --- windows/deployment/do/waas-delivery-optimization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md index b616159fd4..c59be068e5 100644 --- a/windows/deployment/do/waas-delivery-optimization.md +++ b/windows/deployment/do/waas-delivery-optimization.md @@ -55,7 +55,7 @@ The following table lists the minimum Windows 10 version that supports Delivery | Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Edge Browser Updates | Windows 10 1809, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version Windows 10 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Dynamic updates| Windows 10 1903, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | MDM Agent | Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Xbox Game Pass (PC) | Windows 10 1809, Windows 11 | :heavy_check_mark: | | :heavy_check_mark: | @@ -103,4 +103,4 @@ For a complete list of Delivery Optimization settings, see [Delivery Optimizatio ## New in Windows 10, version 20H2 and Windows 11 -See [What's new in Delivery Optimization](whats-new-do.md) \ No newline at end of file +See [What's new in Delivery Optimization](whats-new-do.md) From a151292623c5ca6b380d92ceed33b3fadcd41517 Mon Sep 17 00:00:00 2001 From: Alan Auerbach Date: Fri, 17 Jun 2022 13:30:39 -0700 Subject: [PATCH 415/540] Correct endpoints for kmwatson. --- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index dd9f021fbe..6ab8e2185b 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -85,7 +85,7 @@ The following table lists the endpoints related to how you can manage the collec |Connected User Experiences and Telemetry | v10.events.data.microsoft.com

              v10c.events.data.microsoft.com

              v10.vortex-win.data.microsoft.com | | [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com

              watson.microsoft.com

              umwatsonc.telemetry.microsoft.com

              umwatsonc.events.data.microsoft.com

              *-umwatsonc.events.data.microsoft.com

              ceuswatcab01.blob.core.windows.net

              ceuswatcab02.blob.core.windows.net

              eaus2watcab01.blob.core.windows.net

              eaus2watcab02.blob.core.windows.net

              weus2watcab01.blob.core.windows.net

              weus2watcab02.blob.core.windows.net | |Authentication | login.live.com



              IMPORTANT: This endpoint is used for device authentication. We do not recommend disabling this endpoint.| -| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com

              oca.microsoft.com

              kmwatsonc.telemetry.microsoft.com

              *-kmwatsonc.telemetry.microsoft.com | +| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com

              oca.microsoft.com

              kmwatsonc.events.data.microsoft.com

              *-kmwatsonc.events.data.microsoft.com | |Settings | settings-win.data.microsoft.com



              IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. | ### Data access From 8605ae97037d460151b9a2238f7b8121e6aff0bd Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 17 Jun 2022 13:50:22 -0700 Subject: [PATCH 416/540] Metadata updates author ms.author manager --- windows/privacy/Microsoft-DiagnosticDataViewer.md | 6 +++--- ...basic-level-windows-diagnostic-events-and-fields-1703.md | 6 +++--- ...basic-level-windows-diagnostic-events-and-fields-1709.md | 6 +++--- ...basic-level-windows-diagnostic-events-and-fields-1803.md | 6 +++--- ...basic-level-windows-diagnostic-events-and-fields-1809.md | 6 +++--- ...basic-level-windows-diagnostic-events-and-fields-1903.md | 6 +++--- .../changes-to-windows-diagnostic-data-collection.md | 6 +++--- ...onfigure-windows-diagnostic-data-in-your-organization.md | 6 +++--- windows/privacy/diagnostic-data-viewer-overview.md | 6 +++--- ...d-diagnostic-data-windows-analytics-events-and-fields.md | 6 +++--- .../privacy/essential-services-and-connected-experiences.md | 6 +++--- ...ing-system-components-to-microsoft-services-using-MDM.md | 6 +++--- ...ows-operating-system-components-to-microsoft-services.md | 6 +++--- windows/privacy/manage-windows-11-endpoints.md | 6 +++--- windows/privacy/manage-windows-1809-endpoints.md | 6 +++--- windows/privacy/manage-windows-1903-endpoints.md | 6 +++--- windows/privacy/manage-windows-1909-endpoints.md | 6 +++--- windows/privacy/manage-windows-2004-endpoints.md | 6 +++--- windows/privacy/manage-windows-20H2-endpoints.md | 6 +++--- windows/privacy/manage-windows-21H1-endpoints.md | 6 +++--- windows/privacy/manage-windows-21h2-endpoints.md | 6 +++--- .../required-windows-11-diagnostic-events-and-fields.md | 6 +++--- ...quired-windows-diagnostic-data-events-and-fields-2004.md | 6 +++--- windows/privacy/windows-10-and-privacy-compliance.md | 6 +++--- .../privacy/windows-11-endpoints-non-enterprise-editions.md | 6 +++--- windows/privacy/windows-diagnostic-data-1703.md | 6 +++--- windows/privacy/windows-diagnostic-data.md | 6 +++--- .../windows-endpoints-1809-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-1903-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-1909-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-2004-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-20H2-non-enterprise-editions.md | 6 +++--- .../windows-endpoints-21H1-non-enterprise-editions.md | 6 +++--- 33 files changed, 99 insertions(+), 99 deletions(-) diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md index 11c9aade1b..0876168a21 100644 --- a/windows/privacy/Microsoft-DiagnosticDataViewer.md +++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md @@ -3,9 +3,9 @@ title: Diagnostic Data Viewer for PowerShell Overview (Windows 10) description: Use this article to use the Diagnostic Data Viewer for PowerShell to review the diagnostic data sent to Microsoft by your device. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index 6e0ca46944..d302e3ea2f 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 10, version 1703 diagnostic data gathe title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index bcc8cfdbf0..98995f8ac9 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 10, version 1709 diagnostic data gathe title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index fff30ada59..13466dfc2e 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 10, version 1803 diagnostic data gathe title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index fd376440fb..9552824cee 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 10, version 1809 diagnostic data gathe title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index d0b5d0443d..4eb97ffa61 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 10, version 1903 diagnostic data gathe title: Windows 10, version 1909 and Windows 10, version 1903 required diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index d9c0601f3f..b672974ebd 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -3,9 +3,9 @@ title: Changes to Windows diagnostic data collection description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11. ms.prod: m365-security ms.localizationpriority: high -ms.author: siosulli -author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index dd9f021fbe..692e7c0746 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -3,9 +3,9 @@ description: Use this article to make informed decisions about how you can confi title: Configure Windows diagnostic data in your organization (Windows 10 and Windows 11) ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 15f28b8b12..ccc46b0a6d 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -3,9 +3,9 @@ title: Diagnostic Data Viewer Overview (Windows 10 and Windows 11) description: Use this article to use the Diagnostic Data Viewer application to review the diagnostic data sent to Microsoft by your device. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index ebb37f6598..45ebff6c6e 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -3,9 +3,9 @@ title: Enhanced diagnostic data required by Windows Analytics (Windows 10) description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md index b57e4a9afe..a4f4601c25 100644 --- a/windows/privacy/essential-services-and-connected-experiences.md +++ b/windows/privacy/essential-services-and-connected-experiences.md @@ -3,9 +3,9 @@ title: Essential services and connected experiences for Windows description: Explains what the essential services and connected experiences are for Windows ms.prod: m365-security ms.localizationpriority: high -author: siosulli -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.technology: privacy ms.date: 11/24/2021 ms.collection: highpri diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 4fb12b3fbc..4cf92acefc 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -3,9 +3,9 @@ title: Manage connections from Windows operating system components to Microsoft description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. ms.prod: m365-security ms.localizationpriority: high -author: RyanHechtMSFT -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.date: 11/29/2021 ms.technology: privacy --- diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 333b283d76..7fcd6fb74b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -4,9 +4,9 @@ description: Learn how to minimize connections from Windows to Microsoft service ms.reviewer: ms.prod: m365-security ms.localizationpriority: high -author: tomlayson -ms.author: tomlayson -manager: riche +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 4d15b92f37..3e7ac5829b 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 11 Enterprise description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 356582f1fb..eb95151983 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10, version 1809 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 61e79267c1..40b10d7787 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 1903 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903. ms.prod: m365-security ms.localizationpriority: high -author: linque1 -ms.author: obezeajo -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md index 00b98b9dda..cfdf8bdd5d 100644 --- a/windows/privacy/manage-windows-1909-endpoints.md +++ b/windows/privacy/manage-windows-1909-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 1909 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md index 789e6e2e56..fbdb65cb57 100644 --- a/windows/privacy/manage-windows-2004-endpoints.md +++ b/windows/privacy/manage-windows-2004-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 2004 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004. ms.prod: m365-security ms.localizationpriority: high -author: linque1 -ms.author: siosulli -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index 2cf0582a75..1aca2568d3 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 20H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index ff89922df2..844afb43a7 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 21H1 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index fd4603f3d9..23f5dcb20a 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -3,9 +3,9 @@ title: Connection endpoints for Windows 10 Enterprise, version 21H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 099ca1f625..b665104f18 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -3,9 +3,9 @@ description: Learn more about the Windows 11 diagnostic data gathered at the bas title: Required Windows 11 diagnostic events and fields ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 61bfe07540..1f3b6083af 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -3,9 +3,9 @@ description: Learn more about the required Windows 10 diagnostic data gathered. title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10) ms.prod: m365-security localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 0580f3dd5e..831b6eb589 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -3,9 +3,9 @@ title: Windows Privacy Compliance Guide description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows. ms.prod: m365-security ms.localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md index 4e666b5f33..d24d978945 100644 --- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md +++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 11 connection endpoints for non-Enterprise editions description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 9fd9cb82de..2651ae6d53 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -3,9 +3,9 @@ title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10 description: Use this article to learn about the types of data that is collected the Full diagnostic data level. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index f229d28d4c..12ab817b8c 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -3,9 +3,9 @@ title: Windows 10, version 1709 and Windows 11 and later optional diagnostic dat description: Use this article to learn about the types of optional diagnostic data that is collected. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: - M365-security-compliance - highpri diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index 10b56f84f0..94356eae38 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 1809, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 271c07b9f0..d98d8fa989 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 1903, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903. ms.prod: m365-security ms.localizationpriority: high -author: mikeedgar -ms.author: obezeajo -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 2aa3106c7d..3608b11804 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 1909, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md index 4ad52fe27d..4b4f07c78f 100644 --- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 2004, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004. ms.prod: m365-security ms.localizationpriority: high -author: linque1 -ms.author: obezeajo -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md index 6f1b25f0ae..ec38d80ece 100644 --- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 20H2, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md index c8028cb6af..2923d95d74 100644 --- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md @@ -3,9 +3,9 @@ title: Windows 10, version 21H1, connection endpoints for non-Enterprise edition description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1. ms.prod: m365-security ms.localizationpriority: high -author: dansimp -ms.author: dansimp -manager: dansimp +author: DHB-MSFT +ms.author: danbrown +manager: dougeby ms.collection: M365-security-compliance ms.topic: article ms.date: 12/01/2021 From c78ec4b3643513c818d429fda7ab07dc159e6cd5 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 17 Jun 2022 14:10:51 -0700 Subject: [PATCH 417/540] CODEOWNERS and ContentOwners.txt changes --- CODEOWNERS | 2 ++ ContentOwners.txt | 1 + 2 files changed, 3 insertions(+) create mode 100644 ContentOwners.txt diff --git a/CODEOWNERS b/CODEOWNERS index 7fc05fbd5b..46c2195cd6 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -3,3 +3,5 @@ docfx.json @microsoftdocs/officedocs-admin .openpublishing.publish.config.json @microsoftdocs/officedocs-admin CODEOWNERS @microsoftdocs/officedocs-admin .acrolinx-config.edn @microsoftdocs/officedocs-admin + +/windows/privacy/ @DHB-MSFT \ No newline at end of file diff --git a/ContentOwners.txt b/ContentOwners.txt new file mode 100644 index 0000000000..3e19eedbb1 --- /dev/null +++ b/ContentOwners.txt @@ -0,0 +1 @@ +/windows/privacy/ @DHB-MSFT From 8238c201d3c6c40f9a3b1a4dd9f23542ea2dc4b1 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 17 Jun 2022 14:20:35 -0700 Subject: [PATCH 418/540] Add Aaron to ContentOwners.txt --- ContentOwners.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/ContentOwners.txt b/ContentOwners.txt index 3e19eedbb1..23bca2c5c7 100644 --- a/ContentOwners.txt +++ b/ContentOwners.txt @@ -1 +1,2 @@ +/windows/ @aczechowski /windows/privacy/ @DHB-MSFT From e0a4a8da4cb6cc987ffff40248924f2587efae35 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 17 Jun 2022 15:24:27 -0700 Subject: [PATCH 419/540] Remove some endpoints --- .../configure-windows-diagnostic-data-in-your-organization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 692e7c0746..9278a481b7 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -83,9 +83,9 @@ The following table lists the endpoints related to how you can manage the collec | Windows service | Endpoint | | - | - | |Connected User Experiences and Telemetry | v10.events.data.microsoft.com

              v10c.events.data.microsoft.com

              v10.vortex-win.data.microsoft.com | -| [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com

              watson.microsoft.com

              umwatsonc.telemetry.microsoft.com

              umwatsonc.events.data.microsoft.com

              *-umwatsonc.events.data.microsoft.com

              ceuswatcab01.blob.core.windows.net

              ceuswatcab02.blob.core.windows.net

              eaus2watcab01.blob.core.windows.net

              eaus2watcab02.blob.core.windows.net

              weus2watcab01.blob.core.windows.net

              weus2watcab02.blob.core.windows.net | +| [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com

              umwatsonc.events.data.microsoft.com

              *-umwatsonc.events.data.microsoft.com

              ceuswatcab01.blob.core.windows.net

              ceuswatcab02.blob.core.windows.net

              eaus2watcab01.blob.core.windows.net

              eaus2watcab02.blob.core.windows.net

              weus2watcab01.blob.core.windows.net

              weus2watcab02.blob.core.windows.net | |Authentication | login.live.com



              IMPORTANT: This endpoint is used for device authentication. We do not recommend disabling this endpoint.| -| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com

              oca.microsoft.com

              kmwatsonc.telemetry.microsoft.com

              *-kmwatsonc.telemetry.microsoft.com | +| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.microsoft.com

              kmwatsonc.telemetry.microsoft.com

              *-kmwatsonc.telemetry.microsoft.com | |Settings | settings-win.data.microsoft.com



              IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. | ### Data access From a710084b28d6ff1b8c2d7960c9a91a51d23dda59 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 18 Jun 2022 10:30:14 +0500 Subject: [PATCH 420/540] Update windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../kernel-dma-protection-for-thunderbolt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 400250bf8d..6a487163f9 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -92,7 +92,7 @@ Beginning with Windows 10 version 1809, you can use the Windows Security app to - Reboot system into Windows. >[!NOTE] - > If the **Hyper-V** Windows feature is enabled, all the Hyper-V-related features will be hidden, and **A hypervisor has been detected. Features required for Hyper-V will not be displayed** entity will be shown on the bottom of the list. It means that **Hyper-V - Virtualization Enabled in Firmware** is set to YES. + > If the **Hyper-V** Windows feature is enabled, all the Hyper-V-related features will be hidden, and **A hypervisor has been detected. Features required for Hyper-V will not be displayed** entity will be shown at the bottom of the list. It means that **Hyper-V - Virtualization Enabled in Firmware** is set to YES. >[!NOTE] > Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](/windows-hardware/design/device-experiences/oem-kernel-dma-protection). From 744379863d5164ea3c894ca9f43f2815116cac9a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 18 Jun 2022 10:30:26 +0500 Subject: [PATCH 421/540] Update windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../kernel-dma-protection-for-thunderbolt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 6a487163f9..80250e13f2 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -94,7 +94,7 @@ Beginning with Windows 10 version 1809, you can use the Windows Security app to >[!NOTE] > If the **Hyper-V** Windows feature is enabled, all the Hyper-V-related features will be hidden, and **A hypervisor has been detected. Features required for Hyper-V will not be displayed** entity will be shown at the bottom of the list. It means that **Hyper-V - Virtualization Enabled in Firmware** is set to YES. - >[!NOTE] + > [!NOTE] > Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](/windows-hardware/design/device-experiences/oem-kernel-dma-protection). 4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature. From e3b3a40d6ff1b08902a20f607297e2fb642c1080 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 18 Jun 2022 10:31:32 +0500 Subject: [PATCH 422/540] Update windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../kernel-dma-protection-for-thunderbolt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 80250e13f2..4460e09f34 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -91,7 +91,7 @@ Beginning with Windows 10 version 1809, you can use the Windows Security app to - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md). - Reboot system into Windows. - >[!NOTE] + > [!NOTE] > If the **Hyper-V** Windows feature is enabled, all the Hyper-V-related features will be hidden, and **A hypervisor has been detected. Features required for Hyper-V will not be displayed** entity will be shown at the bottom of the list. It means that **Hyper-V - Virtualization Enabled in Firmware** is set to YES. > [!NOTE] From c92a5e0e6927081ff6c4f963d4beee47521bb90a Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Mon, 20 Jun 2022 09:11:34 +0200 Subject: [PATCH 423/540] Update windows/client-management/mdm/policy-csp-update.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index cce978a298..77f35e5754 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3687,7 +3687,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. From 845f03172dc8cfbb78731eff710342ad47f9b818 Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Mon, 20 Jun 2022 09:11:42 +0200 Subject: [PATCH 424/540] Update windows/client-management/mdm/policy-csp-update.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 77f35e5754..2ab0e8e657 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3571,7 +3571,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. From 3d016d5abd51705d4912cb852840328a6c84c8b5 Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Mon, 20 Jun 2022 09:11:50 +0200 Subject: [PATCH 425/540] Update windows/client-management/mdm/policy-csp-update.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 2ab0e8e657..04dd37b084 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3629,7 +3629,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForDriverUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. From aca0ce5659c2e9eb95dfd090261b1062c6fe0ab1 Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Mon, 20 Jun 2022 09:11:57 +0200 Subject: [PATCH 426/540] Update windows/client-management/mdm/policy-csp-update.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 04dd37b084..69a315b2b4 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3513,7 +3513,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. From cb60adb6ec249e8505f14e6ec3efe0c4f247429b Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Mon, 20 Jun 2022 19:41:45 +0530 Subject: [PATCH 427/540] Updated-6020449-B2 Bulk metadata update. --- .../identity-protection/access-control/access-control.md | 4 ---- .../access-control/active-directory-accounts.md | 4 ---- .../access-control/active-directory-security-groups.md | 4 ---- .../access-control/dynamic-access-control.md | 4 ---- .../identity-protection/access-control/local-accounts.md | 4 ---- .../access-control/microsoft-accounts.md | 4 ---- .../access-control/security-identifiers.md | 4 ---- .../access-control/security-principals.md | 4 ---- .../identity-protection/access-control/service-accounts.md | 4 ---- .../access-control/special-identities.md | 4 ---- .../credential-guard/additional-mitigations.md | 4 ---- .../credential-guard/credential-guard-considerations.md | 4 ---- .../credential-guard/credential-guard-how-it-works.md | 4 ---- .../credential-guard/credential-guard-known-issues.md | 4 ---- .../credential-guard/credential-guard-manage.md | 4 ---- .../credential-guard-not-protected-scenarios.md | 4 ---- .../credential-guard/credential-guard-protection-limits.md | 4 ---- .../credential-guard/credential-guard-requirements.md | 4 ---- .../credential-guard/credential-guard-scripts.md | 4 ---- .../credential-guard/credential-guard.md | 5 ----- .../credential-guard/dg-readiness-tool.md | 4 ---- .../identity-protection/hello-for-business/WebAuthnAPIs.md | 4 ---- .../hello-for-business/feature-multifactor-unlock.md | 5 ----- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 5 ----- .../hello-for-business/hello-adequate-domain-controllers.md | 5 ----- .../hello-for-business/hello-and-password-changes.md | 5 ----- .../hello-for-business/hello-biometrics-in-enterprise.md | 6 ------ .../hello-for-business/hello-cert-trust-adfs.md | 5 ----- .../hello-for-business/hello-cert-trust-policy-settings.md | 5 ----- .../hello-cert-trust-validate-ad-prereq.md | 5 ----- .../hello-cert-trust-validate-deploy-mfa.md | 5 ----- .../hello-for-business/hello-cert-trust-validate-pki.md | 5 ----- .../hello-for-business/hello-deployment-cert-trust.md | 5 ----- .../hello-for-business/hello-deployment-guide.md | 5 ----- .../hello-for-business/hello-deployment-issues.md | 5 ----- .../hello-for-business/hello-deployment-key-trust.md | 5 ----- .../hello-for-business/hello-deployment-rdp-certs.md | 5 ----- .../hello-for-business/hello-errors-during-pin-creation.md | 6 ------ .../hello-for-business/hello-event-300.md | 6 ------ .../hello-for-business/hello-feature-conditional-access.md | 5 ----- .../hello-for-business/hello-feature-dual-enrollment.md | 5 ----- .../hello-for-business/hello-feature-dynamic-lock.md | 5 ----- .../hello-for-business/hello-feature-pin-reset.md | 5 ----- .../hello-for-business/hello-feature-remote-desktop.md | 5 ----- .../hello-for-business/hello-how-it-works-authentication.md | 4 ---- .../hello-for-business/hello-how-it-works-provisioning.md | 4 ---- .../hello-for-business/hello-how-it-works-technology.md | 4 ---- .../hello-for-business/hello-how-it-works.md | 4 ---- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 5 ----- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 5 ----- .../hello-for-business/hello-hybrid-aadj-sso.md | 5 ----- .../hello-for-business/hello-hybrid-cert-new-install.md | 5 ----- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 5 ----- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 5 ----- .../hello-for-business/hello-hybrid-cert-trust.md | 5 ----- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 5 ----- .../hello-hybrid-cert-whfb-settings-ad.md | 5 ----- .../hello-hybrid-cert-whfb-settings-adfs.md | 5 ----- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 5 ----- .../hello-hybrid-cert-whfb-settings-pki.md | 5 ----- .../hello-hybrid-cert-whfb-settings-policy.md | 5 ----- .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 5 ----- .../hello-for-business/hello-hybrid-cloud-trust.md | 5 ----- .../hello-for-business/hello-hybrid-key-new-install.md | 5 ----- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 5 ----- .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 5 ----- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 5 ----- .../hello-for-business/hello-hybrid-key-trust.md | 5 ----- .../hello-for-business/hello-hybrid-key-whfb-provision.md | 5 ----- .../hello-for-business/hello-hybrid-key-whfb-settings-ad.md | 5 ----- .../hello-hybrid-key-whfb-settings-dir-sync.md | 5 ----- .../hello-hybrid-key-whfb-settings-pki.md | 5 ----- .../hello-hybrid-key-whfb-settings-policy.md | 5 ----- .../hello-for-business/hello-hybrid-key-whfb-settings.md | 5 ----- .../hello-for-business/hello-identity-verification.md | 6 ------ .../hello-for-business/hello-key-trust-adfs.md | 5 ----- .../hello-for-business/hello-key-trust-policy-settings.md | 5 ----- .../hello-key-trust-validate-ad-prereq.md | 5 ----- .../hello-key-trust-validate-deploy-mfa.md | 5 ----- .../hello-for-business/hello-key-trust-validate-pki.md | 5 ----- .../hello-for-business/hello-manage-in-organization.md | 6 ------ .../hello-for-business/hello-overview.md | 5 ----- .../hello-for-business/hello-planning-guide.md | 5 ----- .../hello-for-business/hello-prepare-people-to-use.md | 6 ------ .../identity-protection/hello-for-business/hello-videos.md | 5 ----- .../hello-why-pin-is-better-than-password.md | 6 ------ .../hello-for-business/microsoft-compatible-security-key.md | 5 ----- .../hello-for-business/reset-security-key.md | 5 ----- .../hello-for-business/retired/hello-how-it-works.md | 3 --- .../smart-cards/smart-card-and-remote-desktop-services.md | 4 ---- .../smart-cards/smart-card-architecture.md | 4 ---- .../smart-card-certificate-propagation-service.md | 4 ---- .../smart-card-certificate-requirements-and-enumeration.md | 4 ---- .../smart-cards/smart-card-debugging-information.md | 4 ---- .../identity-protection/smart-cards/smart-card-events.md | 4 ---- .../smart-card-group-policy-and-registry-settings.md | 4 ---- .../smart-card-how-smart-card-sign-in-works-in-windows.md | 4 ---- .../smart-cards/smart-card-removal-policy-service.md | 4 ---- .../smart-card-smart-cards-for-windows-service.md | 4 ---- 99 files changed, 465 deletions(-) diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md index 2ba26987bb..2dfc4dc841 100644 --- a/windows/security/identity-protection/access-control/access-control.md +++ b/windows/security/identity-protection/access-control/access-control.md @@ -2,10 +2,6 @@ title: Access Control Overview (Windows 10) description: Access Control Overview ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index f2d6c64736..404f1abb50 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -2,10 +2,6 @@ title: Active Directory Accounts (Windows 10) description: Active Directory Accounts ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 2ec117c8b9..7a469d0fc0 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -2,10 +2,6 @@ title: Active Directory Security Groups description: Active Directory Security Groups ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md index c68a4e721f..b19feb4975 100644 --- a/windows/security/identity-protection/access-control/dynamic-access-control.md +++ b/windows/security/identity-protection/access-control/dynamic-access-control.md @@ -2,10 +2,6 @@ title: Dynamic Access Control Overview (Windows 10) description: Learn about Dynamic Access Control and its associated elements, which were introduced in Windows Server 2012 and Windows 8. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 655ef0f5b4..654b12daed 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -2,10 +2,6 @@ title: Local Accounts (Windows 10) description: Learn how to secure and manage access to the resources on a standalone or member server for services or users. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md index 992afda9d6..7d9575a8f4 100644 --- a/windows/security/identity-protection/access-control/microsoft-accounts.md +++ b/windows/security/identity-protection/access-control/microsoft-accounts.md @@ -2,10 +2,6 @@ title: Microsoft Accounts (Windows 10) description: Microsoft Accounts ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index 8564378d9c..eebc241c56 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -2,10 +2,6 @@ title: Security identifiers (Windows 10) description: Security identifiers ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md index d6bdc4569e..3120899040 100644 --- a/windows/security/identity-protection/access-control/security-principals.md +++ b/windows/security/identity-protection/access-control/security-principals.md @@ -2,10 +2,6 @@ title: Security Principals (Windows 10) description: Security Principals ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index 2614ab30e4..cd6db0f4f7 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -2,10 +2,6 @@ title: Service Accounts (Windows 10) description: Service Accounts ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index db7379ba1f..82f5cbbcda 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -3,10 +3,6 @@ title: Special Identities (Windows 10) description: Special Identities ms.prod: m365-security ms.technology: windows-sec -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index 9ca5657e1d..5be4c34c1e 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -2,11 +2,7 @@ title: Additional mitigations description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md index f9dce14935..2634efbb7e 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md @@ -2,11 +2,7 @@ title: Advice while using Windows Defender Credential Guard (Windows) description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index 0d09f98a43..4af6dabc3f 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -2,11 +2,7 @@ title: How Windows Defender Credential Guard works description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 7d71cc00ce..0d96d6c124 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -2,11 +2,7 @@ title: Windows Defender Credential Guard - Known issues (Windows) description: Windows Defender Credential Guard - Known issues in Windows Enterprise ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index b63bf80703..1091223def 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -2,11 +2,7 @@ title: Manage Windows Defender Credential Guard (Windows) description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: v-tappelgate manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index 170018c2c2..fba979bcbb 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -2,11 +2,7 @@ title: Windows Defender Credential Guard protection limits & mitigations (Windows) description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index 9cab64d757..ca22714733 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -2,11 +2,7 @@ title: Windows Defender Credential Guard protection limits (Windows) description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 4762a25d8b..cd0217dffe 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -2,11 +2,7 @@ title: Windows Defender Credential Guard Requirements (Windows) description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index 709bc9de64..ac96f2cc37 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -2,11 +2,7 @@ title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows) description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dulcemontemayor ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md index 4153f5223b..1541b47dfd 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard.md +++ b/windows/security/identity-protection/credential-guard/credential-guard.md @@ -1,14 +1,9 @@ --- title: Protect derived domain credentials with Windows Defender Credential Guard (Windows) description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index a3c6d35840..1128ef5604 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -2,11 +2,7 @@ title: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: SteveSyfuhs ms.author: stsyfuhs manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 9b8365686e..af4b0207cd 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -2,10 +2,6 @@ title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index bb8984236d..46c5ce15d2 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -1,12 +1,7 @@ --- title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 0ea88cb07e..a22fdc4c4b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -1,12 +1,7 @@ --- title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. -keywords: identity, Hello, Active Directory, cloud, ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index cbaecf9da3..201f155223 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -1,12 +1,7 @@ --- title: Having enough Domain Controllers for Windows Hello for Business deployments description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index ce4fee62d1..409d7ad594 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -1,13 +1,8 @@ --- title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. -ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index fb5244ee95..1b7fc74348 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -1,13 +1,7 @@ --- title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. -ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc -keywords: Windows Hello, enterprise biometrics ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index c9023f3eab..7c1152e8bf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,12 +1,7 @@ --- title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business) description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 18e5489911..d1a9db8854 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -1,12 +1,7 @@ --- title: Configure Windows Hello for Business Policy settings - certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 53a69d9ca8..13a1157148 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -1,12 +1,7 @@ --- title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business) description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index baa09b6712..865759bf10 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -1,12 +1,7 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with certificate trust description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 1972c3d210..d6356353aa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -1,12 +1,7 @@ --- title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index ca84dfc5d4..278560bbc5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -1,12 +1,7 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment description: A guide to on premises, certificate trust Windows Hello for Business deployment. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 1a167b69c6..afe7fdf157 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -1,12 +1,7 @@ --- title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 0b7c8c940f..47d8b38c53 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -1,13 +1,8 @@ --- title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues -keywords: identity, PIN, biometric, Hello, passport params: siblings_only ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 0798dee5a2..280f51120d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -1,12 +1,7 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 2ce62675f6..5df469ff3e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -1,12 +1,7 @@ --- title: Deploying Certificates to Key Trust Users to Enable RDP description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 194607bd44..631d982e36 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -1,13 +1,7 @@ --- title: Windows Hello errors during PIN creation (Windows) description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step. -ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502 -keywords: PIN, error, create a work PIN ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index c5e10be931..3e481d0f4d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -1,14 +1,8 @@ --- title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). -ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04 ms.reviewer: -keywords: ngc ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index ac9768add5..5dac00754e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -1,12 +1,7 @@ --- title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index 066da6e651..445df8f5a8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -1,12 +1,7 @@ --- title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, dual enrollment, ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 7025fb4173..93301a4171 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -1,12 +1,7 @@ --- title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 4158e8838a..2ee149c236 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -1,12 +1,7 @@ --- title: Pin Reset description: Learn how Microsoft PIN reset services enables you to help users recover who have forgotten their PIN. -keywords: identity, PIN, Hello, passport, WHFB, hybrid, cert-trust, device, reset ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index fc797a8b6e..b622e6277f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -1,12 +1,7 @@ --- title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 443d3adc15..76b94b5ddb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -2,10 +2,6 @@ title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 96b5a3b434..c81ed991e1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -2,10 +2,6 @@ title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index a7e607516e..bd667aac11 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -2,10 +2,6 @@ title: How Windows Hello for Business works - Technology and Terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 23efa578c0..768b3a0e02 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -2,10 +2,6 @@ title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 2029789901..51f303b2ba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -1,12 +1,7 @@ --- title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. -keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 807592de85..65b35c88d1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,12 +1,7 @@ --- title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. -keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 6d2ac37a80..1acba0f5b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -1,12 +1,7 @@ --- title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. -keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 6de21388aa..546fe98a8e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. -keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index c45b19aa4d..2d15af954c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -1,12 +1,7 @@ --- title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 6432ef517b..edba57fd05 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index bec180c498..f9c3cf3feb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -1,12 +1,7 @@ --- title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index f3d6ed1281..f6e69dad32 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 94462ebe1d..f8b0c788c1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD) description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport, WHFB, ad ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 93dcb39b92..ed13229f6a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -1,12 +1,7 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS) description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport, WHFB, adfs ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 7ef3176f22..3dea044165 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index e6408a1ce4..0a7da03055 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -1,12 +1,7 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI) description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index a7bc32dc4c..bba12adf27 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -1,12 +1,7 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index dcffcfc154..ec22d31a65 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index f8d135a315..11fa549fa2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -1,12 +1,7 @@ --- title: Hybrid Cloud Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 4f8c8153c4..66a720d026 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -1,12 +1,7 @@ --- title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. -keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 90cbd52d95..4d064c210c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -1,12 +1,7 @@ --- title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, device, registration ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 705b84df66..299e93c00c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -1,12 +1,7 @@ --- title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 90aaa2b968..0850fae7f7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: mapalko ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index db6d3e0a33..833968247b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -1,12 +1,7 @@ --- title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index c7dd159a00..925d6d12e8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business) description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 46ba983c83..bbdde28351 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -1,12 +1,7 @@ --- title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD) description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) -keywords: identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index b964f460e9..0ed4142f70 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -1,12 +1,7 @@ --- title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization -keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect, Windows Hello, AD Connect, key trust, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 418298f89e..a43a8e5673 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) -keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI, Windows Hello, key trust, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index d98732f5c2..26b31e209b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Configuring Hybrid key trust Windows Hello for Business - Group Policy -keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, key trust, key-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 38b7194d9c..29c29de56f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,12 +1,7 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 4135615f1c..185768fe63 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -1,13 +1,7 @@ --- title: Windows Hello for Business Deployment Prerequisite Overview description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models -ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index d608421337..d2c141ca3a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -1,12 +1,7 @@ --- title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index b67d63f1b7..5baf31a055 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -1,12 +1,7 @@ --- title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 2ba08c716b..c8227d9536 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -1,13 +1,8 @@ --- title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile author: GitPrakhar13 -audience: ITPro ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index e0d299b2df..968ae0d5b0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -1,12 +1,7 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index debf3022c5..809720fdba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -1,12 +1,7 @@ --- title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 4b44e661ec..c38b18d8a2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -1,13 +1,7 @@ --- title: Manage Windows Hello in your organization (Windows) description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10. -ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8 -keywords: identity, PIN, biometric, Hello ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 86a2a82c99..12ccee58a9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -2,12 +2,7 @@ title: Windows Hello for Business Overview (Windows) ms.reviewer: An overview of Windows Hello for Business description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 7436890316..3212485067 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -1,12 +1,7 @@ --- title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. -keywords: identity, PIN, biometric, Hello, passport ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 8ab37765f1..6b57daee9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -1,14 +1,8 @@ --- title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. -ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B ms.reviewer: -keywords: identity, PIN, biometric, Hello ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 013f236742..ab3bdc0500 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -1,12 +1,7 @@ --- title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. -keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 6c4c54aee9..ef30d59ed1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -1,13 +1,7 @@ --- title: Why a PIN is better than an online password (Windows) description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password . -ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212 -keywords: pin, security, password, hello ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 556f49c888..75645f288d 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,12 +1,7 @@ --- title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. -keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 99df1a799a..e2f9b9e978 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -1,12 +1,7 @@ --- title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key -keywords: FIDO2, security key, CTAP, Microsoft-compatible security key ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro author: GitPrakhar13 ms.author: prsriva manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 7a06722124..030af93d47 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -2,9 +2,6 @@ title: How Windows Hello for Business works (Windows) description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: mapalko ms.localizationpriority: high ms.author: mapalko diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 99de6899d4..101b50087d 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -2,10 +2,6 @@ title: Smart Card and Remote Desktop Services (Windows) description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 3ce6180ae9..ddc63b2e02 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -2,10 +2,6 @@ title: Smart Card Architecture (Windows) description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 1ad9d49a24..ad0699cf6a 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -2,10 +2,6 @@ title: Certificate Propagation Service (Windows) description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index eea206d53d..701f3dccd8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -2,10 +2,6 @@ title: Certificate Requirements and Enumeration (Windows) description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index f557a5a713..50881d1ef8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -2,10 +2,6 @@ title: Smart Card Troubleshooting (Windows) description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index 0d7a79fdac..9585fdfb5e 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -2,10 +2,6 @@ title: Smart Card Events (Windows) description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index a74dfed7b2..897140b630 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -2,10 +2,6 @@ title: Smart Card Group Policy and Registry Settings (Windows) description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index d6656c1427..9fb023c25f 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -2,10 +2,6 @@ title: How Smart Card Sign-in Works in Windows description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index 77c8c9d18b..5757f75aa1 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -2,10 +2,6 @@ title: Smart Card Removal Policy Service (Windows) description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index 0d26cf1289..0345ccac67 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -2,10 +2,6 @@ title: Smart Cards for Windows Service (Windows) description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp From 52eed4d4f58de413208183ef9ec36484f3be2334 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Mon, 20 Jun 2022 20:08:03 +0530 Subject: [PATCH 428/540] Updated-6020449-B2 Articles updated to meet Acrolinx requirements. --- .../credential-guard-considerations.md | 24 +++++++++---------- .../credential-guard-how-it-works.md | 6 ++--- .../credential-guard-protection-limits.md | 12 +++++----- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md index 2634efbb7e..7b1cc141be 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md @@ -22,27 +22,27 @@ ms.reviewer: Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. -Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported. +Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported. ## Wi-fi and VPN Considerations -When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. +When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You'll be forced to enter your credentials to use these protocols and can't save the credentials for future use. If you're using WiFi and VPN endpoints that are based on MS-CHAPv2, they're subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. ## Kerberos Considerations When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. Use constrained or resource-based Kerberos delegation instead. ## 3rd Party Security Support Providers Considerations -Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it does not allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package) on MSDN. +Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it doesn't allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs aren't supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API isn't supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package) on MSDN. ## Upgrade Considerations As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, subsequent releases of Windows 10 with Windows Defender Credential Guard running may impact scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Test scenarios required for operations in an organization before upgrading a device using Windows Defender Credential Guard. ### Saved Windows Credentials Protected -Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites are not protected since the applications require your cleartext password. If the application does not need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager: -* Windows credentials saved by Remote Desktop Client cannot be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed." +Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites aren't protected since the applications require your cleartext password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager: +* Windows credentials saved by Remote Desktop Client can't be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed." * Applications that extract Windows credentials fail. -* When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials cannot be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you cannot restore those credentials. +* When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials can't be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you can't restore those credentials. ## Clearing TPM Considerations Virtualization-based Security (VBS) uses the TPM to protect its key. So when the TPM is cleared then the TPM protected key used to encrypt VBS secrets is lost. @@ -57,17 +57,17 @@ As a result Credential Guard can no longer decrypt protected data. VBS creates a > Credential Guard obtains the key during initialization. So the data loss will only impact persistent data and occur after the next system startup. ### Windows credentials saved to Credential Manager -Since Credential Manager cannot decrypt saved Windows Credentials, they are deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard. +Since Credential Manager can't decrypt saved Windows Credentials, they're deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard. ### Domain-joined device’s automatically provisioned public key Beginning with Windows 10 and Windows Server 2016, domain-devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication). -Since Credential Guard cannot decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it cannot authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication). +Since Credential Guard can't decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it can't authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication). Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab). ### Breaking DPAPI on domain-joined devices -On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery is not possible. +On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery isn't possible. >[!IMPORTANT] > Best practice when clearing a TPM on a domain-joined device is to be on a network with connectivity to domain controllers. This ensures DPAPI functions and the user does not experience strange behavior.
              @@ -75,11 +75,11 @@ Auto VPN configuration is protected with user DPAPI. User may not be able to use If you must clear the TPM on a domain-joined device without connectivity to domain controllers, then you should consider the following. -Domain user sign-in on a domain-joined device after clearing a TPM for as long as there is no connectivity to a domain controller: +Domain user sign-in on a domain-joined device after clearing a TPM for as long as there's no connectivity to a domain controller: |Credential Type | Windows version | Behavior |---|---|---| -| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI does not work at all. | +| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI doesn't work at all. | | Password | Windows 10 v1709 or later | If the user signed-in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected. | Password | Windows 10 v1703 | If the user signed-in with a password prior to clearing the TPM, then they can sign-in with that password and are unaffected. | Password | Windows 10 v1607 or earlier | Existing user DPAPI protected data is unusable. User DPAPI is able to protect new data. @@ -87,7 +87,7 @@ Domain user sign-in on a domain-joined device after clearing a TPM for as long a Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted. #### Impact of DPAPI failures on Windows Information Protection -When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection. The impact includes: Outlook 2016 is unable to start and work protected documents cannot be opened. If DPAPI is working, then newly created work data is protected and can be accessed. +When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection. The impact includes: Outlook 2016 is unable to start and work protected documents can't be opened. If DPAPI is working, then newly created work data is protected and can be accessed. **Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate). diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index 4af6dabc3f..787063e450 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -21,13 +21,13 @@ ms.reviewer: - Windows Server 2019 -Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. +Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. -When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which are not protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, are not to be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. +When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP can't use the signed-in credentials. Thus, single sign-on doesn't work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which aren't protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, aren't to be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. -When Windows Defender Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. +When Windows Defender Credential Guard is enabled, Kerberos doesn't allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. Here's a high-level overview on how the LSA is isolated by using Virtualization-based security: diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index ca22714733..1b47f91c82 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -24,18 +24,18 @@ Some ways to store credentials are not protected by Windows Defender Credential - Software that manages credentials outside of Windows feature protection - Local accounts and Microsoft Accounts -- Windows Defender Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise. +- Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server 2016 domain controllers. It also doesn't protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise. - Key loggers - Physical attacks -- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization. +- Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization. - Third-party security packages - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. -- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- -- Kerberos service tickets are not protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is. -- When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. +- Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- +- Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is. +- When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") -do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. +don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available. ## See also From 79a7c53f972d68a2fb6f28fe5d325d6f3b0f982f Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 20 Jun 2022 12:46:23 -0400 Subject: [PATCH 429/540] URL is invalid 9925 --- .../deployment/deploy-windows-mdt/use-web-services-in-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md index 6f6b6c785e..8497dcd085 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md @@ -23,7 +23,7 @@ Using a web service in MDT is straightforward, but it does require that you have ## Create a sample web service -In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects. +In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects. 1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file. 2. On the ribbon bar, verify that Release is selected. 3. In the **Debug** menu, select the **Build MDTSample** action. From 8cfcf1e15a6d35e5d3b86f773a806f2349c4e750 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 20 Jun 2022 12:38:08 -0600 Subject: [PATCH 430/540] Update docfx.json Delete duplicate "audience". Add aliases to contrib to exclude list: "AngelaMotherofDragons", "dstrome", "v-dihans", --- education/docfx.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/education/docfx.json b/education/docfx.json index 04a27cb629..38f8413d5f 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -32,7 +32,6 @@ "ms.topic": "article", "ms.technology": "windows", "manager": "dansimp", - "audience": "ITPro", "breadcrumb_path": "/education/breadcrumb/toc.json", "ms.date": "05/09/2017", "feedback_system": "None", @@ -51,6 +50,9 @@ "Kellylorenebaker", "jborsecnik", "tiburd", + "AngelaMotherofDragons", + "dstrome", + "v-dihans", "garycentric" ] }, From 0e40f3ae628b39a14fd926bcbbb09fcdc81f1e56 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 20 Jun 2022 12:49:23 -0600 Subject: [PATCH 431/540] Update docfx.json contrib to exclude smb Add aliases: "AngelaMotherofDragons", "dstrome", "v-dihans", --- smb/docfx.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/smb/docfx.json b/smb/docfx.json index 9b63f81cad..15de5f0bb4 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -48,6 +48,9 @@ "Kellylorenebaker", "jborsecnik", "tiburd", + "AngelaMotherofDragons", + "dstrome", + "v-dihans", "garycentric" ], "titleSuffix": "Windows for Small to Midsize Business" From 3290e8e4f59e9e196589d5af5d409ce6f848295f Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 20 Jun 2022 12:56:29 -0600 Subject: [PATCH 432/540] Update store-for-business docfx.json Add aliases to contrib to exclude list: "AngelaMotherofDragons", "dstrome", "v-dihans", --- store-for-business/docfx.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index bf0a63a161..953ad15d25 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -57,6 +57,9 @@ "Kellylorenebaker", "jborsecnik", "tiburd", + "AngelaMotherofDragons", + "dstrome", + "v-dihans", "garycentric" ] }, From bec0a9d00ac34fecc24205323f057e5d4833b06e Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Mon, 20 Jun 2022 13:19:42 -0700 Subject: [PATCH 433/540] 40012854 - Clarify LogAnalytics may extract MI logs after opt-in --- .../event-id-explanations.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index 1b9d67ff10..0c3579cf09 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -52,6 +52,9 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind ## Diagnostic events for Intelligent Security Graph (ISG) and Managed Installer (MI) +> [!NOTE] +> When Managed Installer is enabled, customers using LogAnalytics should be aware that Managed Installer may fire many 3091 events. Customers may need to filter out these events to avoid high LogAnalytics costs. + Events 3090, 3091 and 3092 prove helpful diagnostic information when the ISG or MI option is enabled by any WDAC policy. These events can help you debug why something was allowed/denied based on managed installer or ISG. These events do not necessarily indicate a problem but should be reviewed in context with other events like 3076 or 3077 described above. | Event ID | Explanation | From 210cc4b2bbfa0bad13212bbba799a8ae1403b41a Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Mon, 20 Jun 2022 14:03:21 -0700 Subject: [PATCH 434/540] 40023533 - UTF-8 certificates are incompatible with signed WDAC policy --- ...t-windows-defender-application-control-against-tampering.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index f99d35706c..ee63feb1cf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -48,6 +48,9 @@ To sign a WDAC policy with SignTool.exe, you need the following components: > [!NOTE] > All policies (base and supplemental and single-policy format) must be pkcs7 signed. [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652) +> +>Certificate fields, like 'subject common name' and 'issuer common name,' cannot be UTF-8 encoded, otherwise, blue screens may occur. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING. + If you do not have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session: From 5a171c035ff28ce31c70fd203886eeaa7dc5badb Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 21 Jun 2022 12:10:35 +0200 Subject: [PATCH 435/540] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-validate-ad-prereq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index e1bb8e2f6e..9174af8148 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -28,7 +28,7 @@ ms.reviewer: The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. > [!NOTE] -> If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the "Updating the Schema" and "Create the KeyCredential Admins Security Global Group" steps that follow.** +> If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the "Updating the Schema" and "Create the KeyCredential Admins Security Global Group" steps that follow. Manually updating Active Directory uses the command-line utility **adprep.exe** located at **\:\support\adprep** on the Windows Server 2016 or later DVD or ISO. Before running adprep.exe, you must identify the domain controller hosting the schema master role. From eea3f1f959aebf019324d8c95d4975c8a4c6b5e3 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 21 Jun 2022 12:13:34 +0200 Subject: [PATCH 436/540] Update windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../applocker/script-rules-in-applocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 14bf0eec35..aee609a7fd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -48,7 +48,7 @@ The following table lists the default rules that are available for the script ru | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`| > [!NOTE] -> Windows Defender Application Control cannot be used to block PowerShell scripts. Applocker just forces PowerShell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event, which states that the script will be blocked, but then the script runs. +> Windows Defender Application Control cannot be used to block PowerShell scripts. AppLocker just forces PowerShell scripts to be run in Constrained Language mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event, which states that the script will be blocked, but then the script runs. ## Related articles From 7ba112e7445142bc6fd2b9e2a8023fbb7259c94b Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 21 Jun 2022 12:14:03 +0200 Subject: [PATCH 437/540] Update windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...ity-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 9453c4b573..f4c0cda9aa 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -27,7 +27,7 @@ Describes the best practices, location, values, management aspects, and security > [!NOTE] -> To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access) +> To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access). ## Reference From 276813068702f61b2d7ad1d576a41fa751ac1763 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Tue, 21 Jun 2022 10:41:19 -0600 Subject: [PATCH 438/540] Update windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md --- .../AppIdTagging/deploy-appid-tagging-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index 2f9bc3249f..07dfa8e8f7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ ms.technology: windows-sec Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy: 1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm) -1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-configuration manager) +1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-configuration-manager) 1. [Deploy policies using scripting](#deploy-appid-tagging-policies-via-scripting) 1. [Deploy using the ApplicationControl CSP](#deploying-policies-via-the-applicationcontrol-csp) From cd2da0c7c7415eec676f419812e9d52c2054bbc6 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:36:01 -0700 Subject: [PATCH 439/540] Remove win-access-protection in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 824 ++++++++++++++-------------- 1 file changed, 404 insertions(+), 420 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index bb46e48d14..b0bfa9c5ff 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,421 +1,405 @@ -{ - "build_entry_point": "", - "docsets_to_publish": [ - { - "docset_name": "education", - "build_source_folder": "education", - "build_output_subfolder": "education", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "hololens", - "build_source_folder": "devices/hololens", - "build_output_subfolder": "hololens", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "internet-explorer", - "build_source_folder": "browsers/internet-explorer", - "build_output_subfolder": "internet-explorer", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "keep-secure", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "microsoft-edge", - "build_source_folder": "browsers/edge", - "build_output_subfolder": "microsoft-edge", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "release-information", - "build_source_folder": "windows/release-information", - "build_output_subfolder": "release-information", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "smb", - "build_source_folder": "smb", - "build_output_subfolder": "smb", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "store-for-business", - "build_source_folder": "store-for-business", - "build_output_subfolder": "store-for-business", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-access-protection", - "build_source_folder": "windows/access-protection", - "build_output_subfolder": "win-access-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-app-management", - "build_source_folder": "windows/application-management", - "build_output_subfolder": "win-app-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-client-management", - "build_source_folder": "windows/client-management", - "build_output_subfolder": "win-client-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-configuration", - "build_source_folder": "windows/configuration", - "build_output_subfolder": "win-configuration", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-deployment", - "build_source_folder": "windows/deployment", - "build_output_subfolder": "win-deployment", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-device-security", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-configure", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-deploy", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-hub", - "build_source_folder": "windows/hub", - "build_output_subfolder": "windows-hub", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-plan", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-privacy", - "build_source_folder": "windows/privacy", - "build_output_subfolder": "windows-privacy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-security", - "build_source_folder": "windows/security", - "build_output_subfolder": "windows-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-update", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-threat-protection", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-whats-new", - "build_source_folder": "windows/whats-new", - "build_output_subfolder": "win-whats-new", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - } - ], - "notification_subscribers": [ - "elizapo@microsoft.com" - ], - "sync_notification_subscribers": [ - "dstrome@microsoft.com" - ], - "branches_to_filter": [ - "" - ], - "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", - "git_repository_branch_open_to_public_contributors": "public", - "skip_source_output_uploading": false, - "need_preview_pull_request": true, - "resolve_user_profile_using_github": true, - "dependent_repositories": [ - { - "path_to_root": "_themes.pdf", - "url": "https://github.com/Microsoft/templates.docs.msft.pdf", - "branch": "main", - "branch_mapping": {} - }, - { - "path_to_root": "_themes", - "url": "https://github.com/Microsoft/templates.docs.msft", - "branch": "main", - "branch_mapping": {} - } - ], - "branch_target_mapping": { - "live": [ - "Publish", - "Pdf" - ], - "main": [ - "Publish", - "Pdf" - ] - }, - "need_generate_pdf_url_template": true, - "targets": { - "Pdf": { - "template_folder": "_themes.pdf" - } - }, - "docs_build_engine": {}, - "contribution_branch_mappings": {}, - "need_generate_pdf": false, - "need_generate_intellisense": false +{ + "build_entry_point": "", + "docsets_to_publish": [ + { + "docset_name": "education", + "build_source_folder": "education", + "build_output_subfolder": "education", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "hololens", + "build_source_folder": "devices/hololens", + "build_output_subfolder": "hololens", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "internet-explorer", + "build_source_folder": "browsers/internet-explorer", + "build_output_subfolder": "internet-explorer", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "keep-secure", + "build_source_folder": "windows/keep-secure", + "build_output_subfolder": "keep-secure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "microsoft-edge", + "build_source_folder": "browsers/edge", + "build_output_subfolder": "microsoft-edge", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "release-information", + "build_source_folder": "windows/release-information", + "build_output_subfolder": "release-information", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "smb", + "build_source_folder": "smb", + "build_output_subfolder": "smb", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "store-for-business", + "build_source_folder": "store-for-business", + "build_output_subfolder": "store-for-business", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-app-management", + "build_source_folder": "windows/application-management", + "build_output_subfolder": "win-app-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-client-management", + "build_source_folder": "windows/client-management", + "build_output_subfolder": "win-client-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-configuration", + "build_source_folder": "windows/configuration", + "build_output_subfolder": "win-configuration", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-deployment", + "build_source_folder": "windows/deployment", + "build_output_subfolder": "win-deployment", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-device-security", + "build_source_folder": "windows/device-security", + "build_output_subfolder": "win-device-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-configure", + "build_source_folder": "windows/configure", + "build_output_subfolder": "windows-configure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-deploy", + "build_source_folder": "windows/deploy", + "build_output_subfolder": "windows-deploy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-hub", + "build_source_folder": "windows/hub", + "build_output_subfolder": "windows-hub", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-plan", + "build_source_folder": "windows/plan", + "build_output_subfolder": "windows-plan", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-privacy", + "build_source_folder": "windows/privacy", + "build_output_subfolder": "windows-privacy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-security", + "build_source_folder": "windows/security", + "build_output_subfolder": "windows-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-update", + "build_source_folder": "windows/update", + "build_output_subfolder": "windows-update", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-threat-protection", + "build_source_folder": "windows/threat-protection", + "build_output_subfolder": "win-threat-protection", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-whats-new", + "build_source_folder": "windows/whats-new", + "build_output_subfolder": "win-whats-new", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + } + ], + "notification_subscribers": [ + "elizapo@microsoft.com" + ], + "sync_notification_subscribers": [ + "dstrome@microsoft.com" + ], + "branches_to_filter": [ + "" + ], + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "public", + "skip_source_output_uploading": false, + "need_preview_pull_request": true, + "resolve_user_profile_using_github": true, + "dependent_repositories": [ + { + "path_to_root": "_themes.pdf", + "url": "https://github.com/Microsoft/templates.docs.msft.pdf", + "branch": "main", + "branch_mapping": {} + }, + { + "path_to_root": "_themes", + "url": "https://github.com/Microsoft/templates.docs.msft", + "branch": "main", + "branch_mapping": {} + } + ], + "branch_target_mapping": { + "live": [ + "Publish", + "Pdf" + ], + "main": [ + "Publish", + "Pdf" + ] + }, + "need_generate_pdf_url_template": true, + "targets": { + "Pdf": { + "template_folder": "_themes.pdf" + } + }, + "docs_build_engine": {}, + "contribution_branch_mappings": {}, + "need_generate_pdf": false, + "need_generate_intellisense": false } \ No newline at end of file From eed514af7a80f4f945267c535361d4ec3d4f2a31 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:36:03 -0700 Subject: [PATCH 440/540] Remove win-access-protection in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 824 ++++++++++++++-------------- 1 file changed, 404 insertions(+), 420 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index bb46e48d14..b0bfa9c5ff 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,421 +1,405 @@ -{ - "build_entry_point": "", - "docsets_to_publish": [ - { - "docset_name": "education", - "build_source_folder": "education", - "build_output_subfolder": "education", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "hololens", - "build_source_folder": "devices/hololens", - "build_output_subfolder": "hololens", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "internet-explorer", - "build_source_folder": "browsers/internet-explorer", - "build_output_subfolder": "internet-explorer", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "keep-secure", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "microsoft-edge", - "build_source_folder": "browsers/edge", - "build_output_subfolder": "microsoft-edge", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "release-information", - "build_source_folder": "windows/release-information", - "build_output_subfolder": "release-information", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "smb", - "build_source_folder": "smb", - "build_output_subfolder": "smb", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "store-for-business", - "build_source_folder": "store-for-business", - "build_output_subfolder": "store-for-business", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-access-protection", - "build_source_folder": "windows/access-protection", - "build_output_subfolder": "win-access-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-app-management", - "build_source_folder": "windows/application-management", - "build_output_subfolder": "win-app-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-client-management", - "build_source_folder": "windows/client-management", - "build_output_subfolder": "win-client-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-configuration", - "build_source_folder": "windows/configuration", - "build_output_subfolder": "win-configuration", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-deployment", - "build_source_folder": "windows/deployment", - "build_output_subfolder": "win-deployment", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-device-security", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-configure", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-deploy", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-hub", - "build_source_folder": "windows/hub", - "build_output_subfolder": "windows-hub", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-plan", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-privacy", - "build_source_folder": "windows/privacy", - "build_output_subfolder": "windows-privacy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-security", - "build_source_folder": "windows/security", - "build_output_subfolder": "windows-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-update", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-threat-protection", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-whats-new", - "build_source_folder": "windows/whats-new", - "build_output_subfolder": "win-whats-new", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - } - ], - "notification_subscribers": [ - "elizapo@microsoft.com" - ], - "sync_notification_subscribers": [ - "dstrome@microsoft.com" - ], - "branches_to_filter": [ - "" - ], - "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", - "git_repository_branch_open_to_public_contributors": "public", - "skip_source_output_uploading": false, - "need_preview_pull_request": true, - "resolve_user_profile_using_github": true, - "dependent_repositories": [ - { - "path_to_root": "_themes.pdf", - "url": "https://github.com/Microsoft/templates.docs.msft.pdf", - "branch": "main", - "branch_mapping": {} - }, - { - "path_to_root": "_themes", - "url": "https://github.com/Microsoft/templates.docs.msft", - "branch": "main", - "branch_mapping": {} - } - ], - "branch_target_mapping": { - "live": [ - "Publish", - "Pdf" - ], - "main": [ - "Publish", - "Pdf" - ] - }, - "need_generate_pdf_url_template": true, - "targets": { - "Pdf": { - "template_folder": "_themes.pdf" - } - }, - "docs_build_engine": {}, - "contribution_branch_mappings": {}, - "need_generate_pdf": false, - "need_generate_intellisense": false +{ + "build_entry_point": "", + "docsets_to_publish": [ + { + "docset_name": "education", + "build_source_folder": "education", + "build_output_subfolder": "education", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "hololens", + "build_source_folder": "devices/hololens", + "build_output_subfolder": "hololens", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "internet-explorer", + "build_source_folder": "browsers/internet-explorer", + "build_output_subfolder": "internet-explorer", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "keep-secure", + "build_source_folder": "windows/keep-secure", + "build_output_subfolder": "keep-secure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "microsoft-edge", + "build_source_folder": "browsers/edge", + "build_output_subfolder": "microsoft-edge", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "release-information", + "build_source_folder": "windows/release-information", + "build_output_subfolder": "release-information", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "smb", + "build_source_folder": "smb", + "build_output_subfolder": "smb", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "store-for-business", + "build_source_folder": "store-for-business", + "build_output_subfolder": "store-for-business", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-app-management", + "build_source_folder": "windows/application-management", + "build_output_subfolder": "win-app-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-client-management", + "build_source_folder": "windows/client-management", + "build_output_subfolder": "win-client-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-configuration", + "build_source_folder": "windows/configuration", + "build_output_subfolder": "win-configuration", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-deployment", + "build_source_folder": "windows/deployment", + "build_output_subfolder": "win-deployment", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-device-security", + "build_source_folder": "windows/device-security", + "build_output_subfolder": "win-device-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-configure", + "build_source_folder": "windows/configure", + "build_output_subfolder": "windows-configure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-deploy", + "build_source_folder": "windows/deploy", + "build_output_subfolder": "windows-deploy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-hub", + "build_source_folder": "windows/hub", + "build_output_subfolder": "windows-hub", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-plan", + "build_source_folder": "windows/plan", + "build_output_subfolder": "windows-plan", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-privacy", + "build_source_folder": "windows/privacy", + "build_output_subfolder": "windows-privacy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-security", + "build_source_folder": "windows/security", + "build_output_subfolder": "windows-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-update", + "build_source_folder": "windows/update", + "build_output_subfolder": "windows-update", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-threat-protection", + "build_source_folder": "windows/threat-protection", + "build_output_subfolder": "win-threat-protection", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-whats-new", + "build_source_folder": "windows/whats-new", + "build_output_subfolder": "win-whats-new", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + } + ], + "notification_subscribers": [ + "elizapo@microsoft.com" + ], + "sync_notification_subscribers": [ + "dstrome@microsoft.com" + ], + "branches_to_filter": [ + "" + ], + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "public", + "skip_source_output_uploading": false, + "need_preview_pull_request": true, + "resolve_user_profile_using_github": true, + "dependent_repositories": [ + { + "path_to_root": "_themes.pdf", + "url": "https://github.com/Microsoft/templates.docs.msft.pdf", + "branch": "main", + "branch_mapping": {} + }, + { + "path_to_root": "_themes", + "url": "https://github.com/Microsoft/templates.docs.msft", + "branch": "main", + "branch_mapping": {} + } + ], + "branch_target_mapping": { + "live": [ + "Publish", + "Pdf" + ], + "main": [ + "Publish", + "Pdf" + ] + }, + "need_generate_pdf_url_template": true, + "targets": { + "Pdf": { + "template_folder": "_themes.pdf" + } + }, + "docs_build_engine": {}, + "contribution_branch_mappings": {}, + "need_generate_pdf": false, + "need_generate_intellisense": false } \ No newline at end of file From 1d632da97f3df18729e58bfc0c02f29eeb995058 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:39:01 -0700 Subject: [PATCH 441/540] Remove windows-configure in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index b0bfa9c5ff..c34631fbe0 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-configure", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-deploy", "build_source_folder": "windows/deploy", From b755b10b46d6961f9ed945466eff0aeb31e2d856 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:39:02 -0700 Subject: [PATCH 442/540] Remove windows-configure in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index b0bfa9c5ff..c34631fbe0 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-configure", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-deploy", "build_source_folder": "windows/deploy", From 83f1ef39a67eb2c81753b48c46109e32caf910b0 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:39:27 -0700 Subject: [PATCH 443/540] Remove windows-deploy in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index c34631fbe0..c04926735a 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-deploy", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-hub", "build_source_folder": "windows/hub", From 612f42cf99d8fa3139ea51d3972de26228b716c2 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Tue, 21 Jun 2022 10:39:28 -0700 Subject: [PATCH 444/540] Remove windows-deploy in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index c34631fbe0..c04926735a 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-deploy", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-hub", "build_source_folder": "windows/hub", From 2d5bce7d32cea501fdb53cce6325e3028c426db8 Mon Sep 17 00:00:00 2001 From: jweston-1 <81715805+jweston-1@users.noreply.github.com> Date: Tue, 21 Jun 2022 12:41:37 -0700 Subject: [PATCH 445/540] revision to nav steps per Yong. Minor file cleanup --- ...or-the-use-of-removable-storage-devices.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 0c0339615a..5a4185bc2d 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -20,7 +20,6 @@ ms.technology: windows-sec # Monitor the use of removable storage devices - This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects. If you configure this policy setting, an audit event is generated each time a user attempts to copy, move, or save a resource to a removable storage device. @@ -29,34 +28,34 @@ Use the following procedures to monitor the use of removable storage devices and Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -> [!NOTE] +> [!NOTE] > When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](/previous-versions/ff541299(v=vs.85)). This may require the device to restart to apply the new security descriptor. - -**To configure settings to monitor removable storage devices** -1. Sign in to your domain controller by using domain administrator credentials. -2. In Server Manager, point to **Tools**, and then click **Group Policy Management**. -3. In the console tree, right-click the flexible access Group Policy Object on the domain controller, and then click **Edit**. -4. Double-click **Computer Configuration**, double-click **Security Settings**, double-click **Advanced Audit Policy Configuration**, double-click **Object Access**, and then double-click **Audit Removable Storage**. -5. Select the **Configure the following audit events** check box, select the **Success** check box (and the **Failure** check box, if desired), and then click **OK**. -6. If you selected the **Failure** check box, double-click **Audit Handle Manipulation**, select the **Configure the following audit events check box**, and then select **Failure**. -7. Click **OK**, and then close the Group Policy Management Editor. +## To configure settings to monitor removable storage devices + +1. Sign in to your domain controller by using domain administrator credentials. +2. In Server Manager, point to **Tools**, and then click **Group Policy Management**. +3. In the console tree, right-click the flexible access Group Policy Object on the domain controller, and then click **Edit**. +4. Double-click **Computer Configuration**, double-click **Policies**, double-click **Windows Settings**, double-click **Security Settings**, double-click **Advanced Audit Policy Configuration**, double-click **Object Access**, and then double-click **Audit Removable Storage**. +5. Select the **Configure the following audit events** check box, select the **Success** check box (and the **Failure** check box, if desired), and then click **OK**. +6. If you selected the **Failure** check box, double-click **Audit Handle Manipulation**, select the **Configure the following audit events check box**, and then select **Failure**. +7. Click **OK**, and then close the Group Policy Management Editor. After you configure the settings to monitor removable storage devices, use the following procedure to verify that the settings are active. -**To verify that removable storage devices are monitored** +## To verify that removable storage devices are monitored -1. Sign in to the computer that hosts the resources that you want to monitor. Press the Windows key + R, and then type **cmd** to open a Command Prompt window. +1. Sign in to the computer that hosts the resources that you want to monitor. Press the Windows key + R, and then type **cmd** to open a Command Prompt window. > [!NOTE] > If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. - -2. Type **gpupdate /force**, and press ENTER. -3. Connect a removable storage device to the targeted computer and attempt to copy a file that is protected with the Removable Storage Audit policy. -4. In Server Manager, click **Tools**, and then click **Event Viewer**. -5. Expand **Windows Logs**, and then click **Security**. -6. Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include **Task Category = Removable Storage device**. - + +2. Type **gpupdate /force**, and press ENTER. +3. Connect a removable storage device to the targeted computer and attempt to copy a file that is protected with the Removable Storage Audit policy. +4. In Server Manager, click **Tools**, and then click **Event Viewer**. +5. Expand **Windows Logs**, and then click **Security**. +6. Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include **Task Category = Removable Storage device**. + For more information, see [Audit Removable Storage](audit-removable-storage.md). Key information to look for includes the name and account domain of the user who attempted to access the file, the object that the user is attempting to access, resource attributes of the resource, and the type of access that was attempted. @@ -66,7 +65,8 @@ After you configure the settings to monitor removable storage devices, use the f > [!NOTE] > We do not recommend that you enable this category on a file server that hosts file shares on a removable storage device. When Removable Storage Auditing is configured, any attempt to access the removable storage device will generate an audit event. - + ### Related resource -- [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) \ No newline at end of file +- [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) +- [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control) From 15365b21a0b6783c8aeb9a2dc753b2ac46a8e22d Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 21 Jun 2022 14:48:03 -0600 Subject: [PATCH 446/540] Apply suggestions from code review Line 72: Fix absolute link. --- .../auditing/monitor-the-use-of-removable-storage-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 5a4185bc2d..054bdf5247 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -69,4 +69,4 @@ After you configure the settings to monitor removable storage devices, use the f ### Related resource - [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) -- [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control) +- [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control) From d8f9d081f0b38d1fea213ee815b35515633837a0 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 21 Jun 2022 14:52:50 -0600 Subject: [PATCH 447/540] Update windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md Line 71: Change link to relative --- .../auditing/monitor-the-use-of-removable-storage-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 054bdf5247..b3e07f18ac 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -68,5 +68,5 @@ After you configure the settings to monitor removable storage devices, use the f ### Related resource -- [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) +- [Using advanced security auditing options to monitor dynamic access control objects](/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects) - [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control) From 8498bc03cf82f169265bebd4c928fbbfebc52cc0 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 21 Jun 2022 14:59:13 -0600 Subject: [PATCH 448/540] Update windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md Line 71: Revert to previous link method. --- .../auditing/monitor-the-use-of-removable-storage-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index b3e07f18ac..054bdf5247 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -68,5 +68,5 @@ After you configure the settings to monitor removable storage devices, use the f ### Related resource -- [Using advanced security auditing options to monitor dynamic access control objects](/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects) +- [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) - [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control) From 409b8610a596bde702756aa80fbc62fc8eab840f Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 22 Jun 2022 10:15:12 -0700 Subject: [PATCH 449/540] Modified wording for clarity. --- .../windows-autopatch/overview/windows-autopatch-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index f2bb7d8615..a724359a90 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -61,7 +61,7 @@ Microsoft remains committed to the security of your data and the [accessibility] ### Prepare -The following articles describe the mandatory steps to prepare for enrollment, including: +The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch: - [Prerequisites](../prepare/windows-autopatch-prerequisites.md) - [Configure your network](../prepare/windows-autopatch-configure-network.md) @@ -70,7 +70,7 @@ The following articles describe the mandatory steps to prepare for enrollment, i ### Deploy -Once you're ready to enroll, this section includes the following articles: +Once you've enrolled your tenant, this section instructs you to: - [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) - [Register your devices](../deploy/windows-autopatch-register-devices.md) From 4941deb2b924dd3a3a1e808027936fbd4da9460f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:21:42 -0700 Subject: [PATCH 450/540] fix broken links from 6/19 RUN ID 92f59a3d-bdfc-483c-9281-d7f370b7d945 --- windows/client-management/mdm/eap-configuration.md | 2 +- windows/client-management/mdm/healthattestation-csp.md | 5 ++--- .../mdm/new-in-windows-mdm-enrollment-management.md | 2 +- windows/client-management/troubleshoot-windows-freeze.md | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 0041ba939a..6eff7f2a44 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -129,7 +129,7 @@ For information about EAP settings, see . +For more information about extended key usage (EKU), see . For information about adding EKU to a certificate, see . diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 0670d82890..4eb0e57c7d 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -834,9 +834,8 @@ When the MDM-Server receives the above data, it must: - Forward (HTTP Post) the XML data struct (including the nonce that was appended in the previous step) to the assigned DHA-Service that runs on: - - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: [https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3) - - DHA-OnPrem or DHA-EMC: [https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3) - + - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: `https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3` + - DHA-OnPrem or DHA-EMC: `https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3` ### Step 7: Receive response from the DHA-service When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps: diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index b2b8adde86..1c9068aa93 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -88,7 +88,7 @@ For information about EAP Settings, see . +For more information about extended key usage, see . For information about adding extended key usage (EKU) to a certificate, see . diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 9820130606..aeb80a0007 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -225,7 +225,7 @@ If the physical computer is still running in a frozen state, follow these steps Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag. -For more information, see [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/topic/4f4a05c2-ef8a-fca4-3ae0-670b940af398). +For more information, see [Using PoolMon to Find a Kernel-Mode Memory Leak](/windows-hardware/drivers/debugger/using-poolmon-to-find-a-kernel-mode-memory-leak) and [PoolMon Examples](/windows-hardware/drivers/devtest/poolmon-examples). ### Use memory dump to collect data for the virtual machine that's running in a frozen state From d43bb5d0f6c46fd31ddb67c27ce94afd77e57136 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:32:49 -0700 Subject: [PATCH 451/540] win-app-mgmt-docset links --- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index d767f2dfc4..c7e2267354 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -31,7 +31,7 @@ The following table shows the App-V versions, methods of Office package creation ## Creating Office 2010 App-V using the sequencer -Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). +Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](s/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030). ## Creating Office 2010 App-V packages using package accelerators From ad9018b385b13ad171ea5f84f4b114e1a54957e7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:57:02 -0700 Subject: [PATCH 452/540] win-deployment --- windows/deployment/update/update-compliance-v2-enable.md | 2 +- .../deploy/windows-autopatch-register-devices.md | 2 +- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- .../windows-autopatch/references/windows-autopatch-privacy.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 4a6330cbed..313d748f40 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -52,7 +52,7 @@ Update Compliance is offered as an Azure Marketplace application that's linked t 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page. 1. Select **Get it now**. -1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/[support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure. +1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure. 1. Sign into the [Azure portal](https://portal.azure.com) to finish creating the Update Compliance solution. 1. Select the following settings: - **Subscription**: The Azure subscription to use. diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 67f32f3f6c..f23ef5f8ec 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -57,7 +57,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads: - Windows updates policies - Device configuration diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 6aed402396..64041a261e 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -43,7 +43,7 @@ sections: - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) Additional pre-requisites for devices managed by Configuration Manager: - - [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements) + - [Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements) - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.) - question: What are the licensing requirements for Windows Autopatch? diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index ec15b0ace9..7d992eafee 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -28,7 +28,7 @@ The sources include Azure Active Directory (AD), Microsoft Intune, and Microsoft | [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10 Enterprise diagnostic data to provide additional information on Windows 10/11 update. | | [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) | Device management and to keep your data secure. The following data sources fall under Microsoft Endpoint Manager:
              • [Microsoft Azure Active Directory](/azure/active-directory/): Authentication and identification of all user accounts.
              • [Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.
              | [Windows Autopatch](https://endpoint.microsoft.com/#home) | Data provided by the customer or generated by the service during running of the service. | -| [Microsoft 365 Apps for enterprise](/microsoft-365/enterprise/compare-office-365-plans?rtc=1)| Management of Microsoft 365 Apps. | +| [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. | ## Windows Autopatch data process and storage From 1f3c2f48ca9ea5d341c0ac7b7c48101f4adc9411 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 22 Jun 2022 16:05:33 -0700 Subject: [PATCH 453/540] fix typo --- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index c7e2267354..34683ed7d8 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -31,7 +31,7 @@ The following table shows the App-V versions, methods of Office package creation ## Creating Office 2010 App-V using the sequencer -Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](s/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030). +Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030). ## Creating Office 2010 App-V packages using package accelerators From e391b756708309767a2c9bfdd671eb26bdaef736 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Thu, 23 Jun 2022 17:34:16 -0400 Subject: [PATCH 454/540] Added PE hash explanation to the WDAC docs --- .../select-types-of-rules-to-create.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 94be9da4e5..a6c838737d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -88,7 +88,7 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | Rule level | Description | |----------- | ----------- | -| **Hash** | Specifies individual hash values for each discovered binary. This is the most specific level, and requires more effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | +| **Hash** | Specifies individual [Authenticode/PE image hash values](#More-information-about-hashes) for each discovered binary. This is the most specific level, and requires more effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | | **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it doesn't typically require a policy update when any binary is modified. | | **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. More information about FilePath level rules can be found below. | | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. | @@ -146,6 +146,10 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE% ## More information about hashes +WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calcuating the hash of a file. Unlike the more popular, but less secure, [flat file hash](https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum and the Certificate Table and the Attribute Certificate Table. Therefore, the Authenticode hash of a file does not change when the file is re-signed or timestamped, or the digital signature is removed from the file. By using the Authenticode hash, WDAC provides added security and less management overhead so customers do not need to revise the policy hash rules when the digital signature on the file is updated. + +The Authenticode/PE image hash can be calculated for digitally-signed and unsigned files. + ### Why does scan create four hash rules per XML file? The PowerShell cmdlet will produce an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash. From bee7236457d0f3d4155d5ac4a8a5fd4364950733 Mon Sep 17 00:00:00 2001 From: cbrito01 Date: Thu, 23 Jun 2022 20:56:02 -0500 Subject: [PATCH 455/540] Update personalization-csp.md Personalization CSP is supported in Windows 11 SE. Changed the top table from No to Yes on Windows 11 --- windows/client-management/mdm/personalization-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 736959df4e..7eca48b485 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -19,7 +19,7 @@ The table below shows the applicability of Windows: |--- |--- |--- | |Home|No|No| |Pro|No|No| -|Windows SE|No|No| +|Windows SE|No|Yes| |Business|No|No| |Enterprise|Yes|Yes| |Education|Yes|Yes| From 8dcfa37ade97e254ba7b0d525185277d1b0ed1d9 Mon Sep 17 00:00:00 2001 From: ansonhsho Date: Fri, 24 Jun 2022 07:44:05 -0700 Subject: [PATCH 456/540] Update to include SE customizations settings Updated wallpaper and lock screen image customization settings based on Carlos Brito's suggestions --- education/windows/windows-11-se-settings-list.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 0e70e1cad2..2415619fce 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -45,7 +45,9 @@ The following table lists and describes the settings that can be changed by admi | Block external extensions | Default: Blocked

              In Microsoft Edge, users can't install external extensions.

              [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)| | Configure new tab page | Default: `Office.com`

              In Microsoft Edge, the new tab page defaults to `office.com`.

              [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)| | Configure homepage | Default: `Office.com`

              In Microsoft Edge, the homepage defaults to `office.com`.

              [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)| -| Prevent SmartScreen prompt override | Default: Enabled

              In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

              [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)| +| Prevent SmartScreen prompt override | Default: Enabled

              In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

              [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|\ +| Wallpaper Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [DesktopImageUrl](/windows/client-management/mdm/personalization-csp)| +| Lock Screen Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [LockScreenImageUrl](/windows/client-management/mdm/personalization-csp)| ## Settings that can't be changed From efb9f3d5ec6c179a9abae71959552611a9f9494e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 24 Jun 2022 09:57:06 -0700 Subject: [PATCH 457/540] fix syntax error and cleanup syntax --- .../windows/windows-11-se-settings-list.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 2415619fce..2db2717126 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -30,24 +30,24 @@ The following table lists and describes the settings that can be changed by admi | Setting | Description | | --- | --- | -| Block manual unenrollment | Default: Blocked

              Users can't unenroll their devices from device management services.

              [Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)| -| Allow option to Show Network | Default: Allowed

              Gives users the option to see the **Show Network** folder in File Explorer. | -| Allow option to Show This PC | Default: Allowed

              Gives user the option to see the **Show This PC** folder in File Explorer. | -| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

              Gives user access to these folders. | -| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

              Blocks user access to these storage locations. | -| Allow News and Interests | Default: Hide

              Hides Widgets. | -| Disable advertising ID | Default: Disabled

              Blocks apps from using usage data to tailor advertisements.

              [Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | -| Visible settings pages | Default:

              | -| Enable App Install Control | Default: Turned On

              Users can’t download apps from the internet.

              [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| -| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

              If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

              [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | -| Allow Telemetry | Default: Required Telemetry Only

              Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

              [System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | -| Allow Experimentation | Default: Disabled

              Microsoft can't experiment with the product to study user preferences or device behavior.

              [System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | -| Block external extensions | Default: Blocked

              In Microsoft Edge, users can't install external extensions.

              [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)| -| Configure new tab page | Default: `Office.com`

              In Microsoft Edge, the new tab page defaults to `office.com`.

              [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)| -| Configure homepage | Default: `Office.com`

              In Microsoft Edge, the homepage defaults to `office.com`.

              [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)| -| Prevent SmartScreen prompt override | Default: Enabled

              In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

              [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|\ -| Wallpaper Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [DesktopImageUrl](/windows/client-management/mdm/personalization-csp)| -| Lock Screen Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [LockScreenImageUrl](/windows/client-management/mdm/personalization-csp)| +| Block manual unenrollment | Default: Blocked

              Users can't unenroll their devices from device management services.

              [Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) | +| Allow option to Show Network | Default: Allowed

              Gives users the option to see the **Show Network** folder in File Explorer. | +| Allow option to Show This PC | Default: Allowed

              Gives user the option to see the **Show This PC** folder in File Explorer. | +| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

              Gives user access to these folders. | +| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

              Blocks user access to these storage locations. | +| Allow News and Interests | Default: Hide

              Hides Widgets. | +| Disable advertising ID | Default: Disabled

              Blocks apps from using usage data to tailor advertisements.

              [Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | +| Visible settings pages | Default:

              | +| Enable App Install Control | Default: Turned On

              Users can't download apps from the internet.

              [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| +| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

              If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

              [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | +| Allow Telemetry | Default: Required Telemetry Only

              Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

              [System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | +| Allow Experimentation | Default: Disabled

              Microsoft can't experiment with the product to study user preferences or device behavior.

              [System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | +| Block external extensions | Default: Blocked

              In Microsoft Edge, users can't install external extensions.

              [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) | +| Configure new tab page | Default: `Office.com`

              In Microsoft Edge, the new tab page defaults to `office.com`.

              [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | +| Configure homepage | Default: `Office.com`

              In Microsoft Edge, the homepage defaults to `office.com`.

              [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | +| Prevent SmartScreen prompt override | Default: Enabled

              In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

              [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) | +| Wallpaper Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | +| Lock Screen Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | ## Settings that can't be changed From b32e0ad39af86be61f743423fbb05645fb5be3c1 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 24 Jun 2022 10:32:41 -0700 Subject: [PATCH 458/540] style tweaks --- education/windows/windows-11-se-settings-list.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 2db2717126..b2b9df5de8 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -34,20 +34,20 @@ The following table lists and describes the settings that can be changed by admi | Allow option to Show Network | Default: Allowed

              Gives users the option to see the **Show Network** folder in File Explorer. | | Allow option to Show This PC | Default: Allowed

              Gives user the option to see the **Show This PC** folder in File Explorer. | | Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

              Gives user access to these folders. | -| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

              Blocks user access to these storage locations. | -| Allow News and Interests | Default: Hide

              Hides Widgets. | +| Set Allowed Storage Locations | Default: Blocks local drives and network drives

              Blocks user access to these storage locations. | +| Allow News and Interests | Default: Hide

              Hides widgets. | | Disable advertising ID | Default: Disabled

              Blocks apps from using usage data to tailor advertisements.

              [Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | | Visible settings pages | Default:

              | -| Enable App Install Control | Default: Turned On

              Users can't download apps from the internet.

              [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| -| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

              If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

              [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | +| Enable App Install Control | Default: Turned On

              Users can't download apps from the internet.

              [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| +| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

              If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

              [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | | Allow Telemetry | Default: Required Telemetry Only

              Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

              [System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | | Allow Experimentation | Default: Disabled

              Microsoft can't experiment with the product to study user preferences or device behavior.

              [System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | | Block external extensions | Default: Blocked

              In Microsoft Edge, users can't install external extensions.

              [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) | -| Configure new tab page | Default: `Office.com`

              In Microsoft Edge, the new tab page defaults to `office.com`.

              [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | -| Configure homepage | Default: `Office.com`

              In Microsoft Edge, the homepage defaults to `office.com`.

              [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | +| Configure new tab page | Default: `Office.com`

              In Microsoft Edge, the new tab page defaults to `Office.com`.

              [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | +| Configure homepage | Default: `Office.com`

              In Microsoft Edge, the homepage defaults to `Office.com`.

              [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | | Prevent SmartScreen prompt override | Default: Enabled

              In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

              [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) | -| Wallpaper Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | -| Lock Screen Image Customization | Default:

              Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

              [LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | +| Wallpaper Image Customization | Default:

              Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.

              [DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | +| Lock Screen Image Customization | Default:

              Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.

              [LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | ## Settings that can't be changed From 23cd1973a3dbf7298e903c758186711a52f0509a Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Sat, 25 Jun 2022 01:19:29 +0530 Subject: [PATCH 459/540] Updated-6020449-B3 Bulk metadata update. --- windows/security/identity-protection/configure-s-mime.md | 6 ------ .../identity-protection/enterprise-certificate-pinning.md | 4 ---- windows/security/identity-protection/index.md | 4 ---- .../security/identity-protection/password-support-policy.md | 3 --- .../security/identity-protection/remote-credential-guard.md | 4 ---- .../smart-cards/smart-card-tools-and-settings.md | 4 ---- .../smart-card-windows-smart-card-technical-reference.md | 4 ---- .../user-account-control/how-user-account-control-works.md | 5 ----- ...ccount-control-group-policy-and-registry-key-settings.md | 4 ---- .../user-account-control/user-account-control-overview.md | 5 ----- .../user-account-control-security-policy-settings.md | 5 ----- .../virtual-smart-card-deploy-virtual-smart-cards.md | 4 ---- .../virtual-smart-card-evaluate-security.md | 4 ---- .../virtual-smart-cards/virtual-smart-card-get-started.md | 4 ---- .../virtual-smart-cards/virtual-smart-card-overview.md | 4 ---- .../virtual-smart-cards/virtual-smart-card-tpmvscmgr.md | 4 ---- .../virtual-smart-card-understanding-and-evaluating.md | 4 ---- .../virtual-smart-card-use-virtual-smart-cards.md | 4 ---- ...re-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 3 --- ...use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 3 --- .../security/identity-protection/vpn/vpn-authentication.md | 3 --- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 3 --- .../identity-protection/vpn/vpn-conditional-access.md | 3 --- .../security/identity-protection/vpn/vpn-connection-type.md | 3 --- windows/security/identity-protection/vpn/vpn-guide.md | 2 -- .../security/identity-protection/vpn/vpn-name-resolution.md | 3 --- .../identity-protection/vpn/vpn-office-365-optimization.md | 4 ---- .../security/identity-protection/vpn/vpn-profile-options.md | 4 ---- windows/security/identity-protection/vpn/vpn-routing.md | 3 --- .../identity-protection/vpn/vpn-security-features.md | 3 --- .../windows-credential-theft-mitigation-guide-abstract.md | 5 ----- windows/security/includes/improve-request-performance.md | 5 ----- windows/security/includes/microsoft-defender-api-usgov.md | 5 ----- .../bitlocker/bcd-settings-and-bitlocker.md | 5 ----- .../bitlocker/bitlocker-basic-deployment.md | 5 ----- .../bitlocker/bitlocker-countermeasures.md | 5 ----- .../bitlocker/bitlocker-deployment-comparison.md | 4 ---- .../bitlocker-device-encryption-overview-windows-10.md | 4 ---- .../bitlocker/bitlocker-group-policy-settings.md | 5 ----- .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 5 ----- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 5 ----- .../bitlocker/bitlocker-management-for-enterprises.md | 4 ---- .../information-protection/bitlocker/bitlocker-overview.md | 5 ----- .../bitlocker/bitlocker-recovery-guide-plan.md | 5 ----- ...-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 5 ----- .../bitlocker-use-bitlocker-recovery-password-viewer.md | 5 ----- ...your-organization-for-bitlocker-planning-and-policies.md | 5 ----- ...ared-volumes-and-storage-area-networks-with-bitlocker.md | 5 ----- .../bitlocker/troubleshoot-bitlocker.md | 2 -- .../bitlocker/ts-bitlocker-cannot-encrypt-issues.md | 2 -- .../bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md | 2 -- .../bitlocker/ts-bitlocker-config-issues.md | 2 -- .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md | 2 -- .../bitlocker/ts-bitlocker-intune-issues.md | 2 -- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 -- .../bitlocker/ts-bitlocker-tpm-issues.md | 2 -- .../security/information-protection/encrypted-hard-drive.md | 4 ---- .../tpm/backup-tpm-recovery-information-to-ad-ds.md | 5 ----- .../tpm/change-the-tpm-owner-password.md | 5 ----- .../information-protection/tpm/how-windows-uses-the-tpm.md | 5 ----- .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 5 ----- .../information-protection/tpm/manage-tpm-commands.md | 5 ----- .../information-protection/tpm/manage-tpm-lockout.md | 5 ----- .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md | 5 ----- .../security/information-protection/tpm/tpm-fundamentals.md | 5 ----- .../information-protection/tpm/tpm-recommendations.md | 5 ----- .../tpm/trusted-platform-module-overview.md | 5 ----- ...rusted-platform-module-services-group-policy-settings.md | 5 ----- .../tpm/trusted-platform-module-top-node.md | 4 ---- .../windows-information-protection/app-behavior-with-wip.md | 5 ----- .../collect-wip-audit-event-logs.md | 4 ---- .../create-and-verify-an-efs-dra-certificate.md | 5 ----- .../create-vpn-and-wip-policy-using-intune-azure.md | 5 ----- .../create-wip-policy-using-configmgr.md | 6 ------ .../create-wip-policy-using-intune-azure.md | 4 ---- .../deploy-wip-policy-using-intune-azure.md | 5 ----- .../enlightened-microsoft-apps-and-wip.md | 6 ------ .../guidance-and-best-practices-wip.md | 6 ------ .../windows-information-protection/limitations-with-wip.md | 5 ----- .../mandatory-settings-for-wip.md | 5 ----- .../overview-create-wip-policy-configmgr.md | 5 ----- .../overview-create-wip-policy.md | 5 ----- .../protect-enterprise-data-using-wip.md | 6 ------ .../recommended-network-definitions-for-wip.md | 5 ----- .../testing-scenarios-for-wip.md | 6 ------ .../windows-information-protection/using-owa-with-wip.md | 5 ----- .../wip-app-enterprise-context.md | 5 ----- 87 files changed, 372 deletions(-) diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md index c6922f3901..9184e9a43d 100644 --- a/windows/security/identity-protection/configure-s-mime.md +++ b/windows/security/identity-protection/configure-s-mime.md @@ -1,14 +1,8 @@ --- title: Configure S/MIME for Windows description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. -ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05 ms.reviewer: -keywords: encrypt, digital signature ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index b41236db4a..bba1605784 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -1,9 +1,6 @@ --- title: Enterprise Certificate Pinning -ms.mktglfcycl: manage -ms.sitesec: library description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name. -audience: ITPro author: dulcemontemayor ms.author: dansimp manager: dansimp @@ -11,7 +8,6 @@ ms.collection: M365-identity-device-management ms.topic: article ms.prod: m365-security ms.technology: windows-sec -ms.pagetype: security ms.localizationpriority: medium ms.date: 07/27/2017 ms.reviewer: diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index 7883dbd5b9..330cc0041d 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -2,10 +2,6 @@ title: Identity and access management (Windows 10) description: Learn more about identity and access protection technologies in Windows. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index 88d73b87aa..c4aeddc3cd 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -8,13 +8,10 @@ ms.custom: - CSSTroubleshoot ms.author: v-tappelgate ms.prod: m365-security -ms.sitesec: library -ms.pagetype: security author: Teresa-Motiv ms.topic: article ms.localizationpriority: medium ms.date: 11/20/2019 -audience: ITPro --- # Technical support policy for lost or forgotten passwords diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index e919cee245..a477d48218 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -2,10 +2,6 @@ title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10) description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index 935f57edf3..a7c1c2bfa4 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -2,10 +2,6 @@ title: Smart Card Tools and Settings (Windows) description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index 377f4811d2..7f577b80dd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -2,10 +2,6 @@ title: Smart Card Technical Reference (Windows) description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index bbc7256c6d..ded2f140d2 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -1,13 +1,8 @@ --- title: How User Account Control works (Windows) description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. -ms.assetid: 9f921779-0fd3-4206-b0e4-05a19883ee59 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: operate -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index 98cfc580cb..eb97277ed7 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -2,10 +2,6 @@ title: User Account Control Group Policy and registry key settings (Windows) description: Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 3d91177ca0..2e12c5d66e 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -1,14 +1,9 @@ --- title: User Account Control (Windows) description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. -ms.assetid: 43ac4926-076f-4df2-84af-471ee7d20c38 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: operate -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 4b29de5fe4..d5a71d6a7b 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -1,13 +1,8 @@ --- title: User Account Control security policy settings (Windows) description: You can use security policies to configure how User Account Control works in your organization. -ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index 7b01e6dec2..a6b311b8f1 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -2,10 +2,6 @@ title: Deploy Virtual Smart Cards (Windows 10) description: This topic for the IT professional discusses the factors to consider when you deploy a virtual smart card authentication solution. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index 852c4af6d4..cb90ff6746 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -2,10 +2,6 @@ title: Evaluate Virtual Smart Card Security (Windows 10) description: This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index 799487b7f9..a1371cb4aa 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -2,10 +2,6 @@ title: Get Started with Virtual Smart Cards - Walkthrough Guide (Windows 10) description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index cfdee83c74..f81458d9ea 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -2,10 +2,6 @@ title: Virtual Smart Card Overview (Windows 10) description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 48cbc570a2..e6674037f9 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -2,10 +2,6 @@ title: Tpmvscmgr (Windows 10) description: This topic for the IT professional describes the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index f64d08cdbe..49bd1fbfff 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -2,10 +2,6 @@ title: Understanding and Evaluating Virtual Smart Cards (Windows 10) description: Learn how smart card technology can fit into your authentication design. Find links to additional topics about virtual smart cards. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index da45445e1a..3d09432ada 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -2,10 +2,6 @@ title: Use Virtual Smart Cards (Windows 10) description: This topic for the IT professional describes requirements for virtual smart cards and provides information about how to use and manage them. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 9e47da731c..647e58e84b 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -2,9 +2,6 @@ title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11) description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.author: dansimp ms.localizationpriority: medium diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index a3e52561e5..317751d40d 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -2,9 +2,6 @@ title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11) description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.date: 03/22/2022 ms.reviewer: diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 70d6af4858..65de4f3780 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -2,9 +2,6 @@ title: VPN authentication options (Windows 10 and Windows 11) description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 09/23/2021 diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 441d05936f..8b3e2dbebd 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -2,9 +2,6 @@ title: VPN auto-triggered profile options (Windows 10 and Windows 11) description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 09/23/2021 diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index ec2a6bed29..0912af9374 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -2,9 +2,6 @@ title: VPN and conditional access (Windows 10 and Windows 11) description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 75cbde62de..75b93889b6 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -2,9 +2,6 @@ title: VPN connection types (Windows 10 and Windows 11) description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 08/23/2021 diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 58f9b162de..58fa8e9068 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -2,8 +2,6 @@ title: Windows VPN technical guide (Windows 10 and Windows 11) description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.date: 02/21/2022 diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index a07cf8e0c7..fe3269e28b 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -2,9 +2,6 @@ title: VPN name resolution (Windows 10 and Windows 11) description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 09/23/2021 diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index a0a8aecf5e..2022a4e863 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -2,10 +2,6 @@ title: Optimizing Office 365 traffic for remote workers with the native Windows 10 or Windows 11 VPN client description: tbd ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking -audience: ITPro ms.topic: article author: kelleyvice-msft ms.localizationpriority: medium diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index cca873649e..b0cd4195ee 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -1,13 +1,9 @@ --- title: VPN profile options (Windows 10 and Windows 11) description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network. -ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523 ms.reviewer: manager: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.author: dansimp ms.localizationpriority: medium diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index 3ba700ab9e..291f5adaf9 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -2,9 +2,6 @@ title: VPN routing decisions (Windows 10 and Windows 10) description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 09/23/2021 diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index 31f424f860..2efb2617f3 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -2,9 +2,6 @@ title: VPN security features (Windows 10 and Windows 11) description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium ms.date: 09/03/2021 diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 0465f35ec4..abe5fd0462 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -1,13 +1,8 @@ --- title: Windows Credential Theft Mitigation Guide Abstract description: Provides a summary of the Windows credential theft mitigation guide. -ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md index 2048d9f516..89b07558ea 100644 --- a/windows/security/includes/improve-request-performance.md +++ b/windows/security/includes/improve-request-performance.md @@ -1,17 +1,12 @@ --- title: Improve request performance description: Improve request performance -keywords: server, request, performance search.product: eADQiWindows 10XVcnh ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md index 536dab4a74..288e5a9769 100644 --- a/windows/security/includes/microsoft-defender-api-usgov.md +++ b/windows/security/includes/microsoft-defender-api-usgov.md @@ -1,17 +1,12 @@ --- title: Microsoft Defender for Endpoint API URIs for US Government description: Microsoft Defender for Endpoint API URIs for US Government -keywords: defender, endpoint, api, government, gov search.product: eADQiWindows 10XVcnh ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index fea16b36fc..6c6d9669a2 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -1,17 +1,12 @@ --- title: BCD settings and BitLocker (Windows 10) description: This topic for IT professionals describes the BCD settings that are used by BitLocker. -ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 6bb70b5515..f5a1fecb16 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -1,17 +1,12 @@ --- title: BitLocker basic deployment description: This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. -ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 619291134f..4f129193e8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -1,17 +1,12 @@ --- title: BitLocker Countermeasures (Windows 10) description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key. -ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index df216aa4e3..68c9d667d6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -2,14 +2,10 @@ title: BitLocker deployment comparison (Windows 10) description: This article shows the BitLocker deployment comparison chart. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: lovina-saldanha ms.author: v-lsaldanha manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/20/2021 diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 359a620b10..e1d313bfbc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -2,14 +2,10 @@ title: Overview of BitLocker Device Encryption in Windows description: This article provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 442bafb9c2..7f02986150 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -1,17 +1,12 @@ --- title: BitLocker Group Policy settings (Windows 10) description: This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. -ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index f743aedb8a..c8b01291fb 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -1,17 +1,12 @@ --- title: BitLocker How to deploy on Windows Server 2012 and later description: This article for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later -ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index da9fd23653..efdb32240c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -1,17 +1,12 @@ --- title: BitLocker - How to enable Network Unlock (Windows 10) description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it. -ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 1b234aad34..faf5dfd19a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -2,14 +2,10 @@ title: BitLocker Management Recommendations for Enterprises (Windows 10) description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 41c1be27f1..92b67559cf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -1,16 +1,11 @@ --- title: BitLocker description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features. -ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2 ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index 88a6971b32..28426e5d60 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -1,17 +1,12 @@ --- title: BitLocker recovery guide (Windows 10) description: This article for IT professionals describes how to recover BitLocker keys from AD DS. -ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index f33bdd77ff..15738e7ad1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -1,17 +1,12 @@ --- title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10) description: This article for the IT professional describes how to use tools to manage BitLocker. -ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 53a8a654a2..dd79eb176a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -1,17 +1,12 @@ --- title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10) description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. -ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index ba7ecc2d18..4cda103d80 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -1,17 +1,12 @@ --- title: Prepare your organization for BitLocker Planning and policies (Windows 10) description: This topic for the IT professional explains how can you plan your BitLocker deployment. -ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index d176a4f457..1d51dfda83 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -1,17 +1,12 @@ --- title: Protecting cluster shared volumes and storage area networks with BitLocker (Windows 10) description: This article for IT pros describes how to protect CSVs and SANs with BitLocker. -ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 89bcd638f5..7242269177 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -4,12 +4,10 @@ description: Describes approaches for investigating BitLocker issues, including ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/17/2019 diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index 5da7725f1d..ef0e081dee 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -4,12 +4,10 @@ description: Provides guidance for troubleshooting known issues that may prevent ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/17/2019 diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 2609cccafb..cff0ac038d 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -4,12 +4,10 @@ description: Provides guidance for troubleshooting known issues that may prevent ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/18/2019 diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index 6898a72c8c..0cd7aa0c07 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -4,12 +4,10 @@ description: Describes common issues that involve your BitLocker configuration a ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/17/2019 diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index 101da7a83b..c36cc4ab98 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -4,12 +4,10 @@ description: Provides instructions for installing and using a tool for analyzing ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/17/2019 diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index a15efdcb28..abea61f37e 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -4,12 +4,10 @@ description: provides assistance for issues that you may see if you use Microsof ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: - Windows Security Technologies\BitLocker - highpri diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index cd0ae7ec94..163cc0e029 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -4,12 +4,10 @@ description: Describes common issues that can occur that prevent BitLocker from ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: - Windows Security Technologies\BitLocker - highpri diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index fe62dc41cc..6a0c6cf979 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -4,12 +4,10 @@ description: Describes common issues that relate directly to the TPM, and provid ms.reviewer: kaushika ms.technology: windows-sec ms.prod: m365-security -ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv ms.author: v-tappelgate manager: kaushika -audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting ms.date: 10/18/2019 diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 7fe79ded9f..6cf2060ecb 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -1,14 +1,10 @@ --- title: Encrypted Hard Drive (Windows) description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: dansimp ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dulcemontemayor ms.date: 04/02/2019 --- diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index 5356f4bc2d..3ad6efecd1 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -1,16 +1,11 @@ --- title: Back up the TPM recovery information to AD DS (Windows) description: This topic for the IT professional describes backup of Trusted Platform Module (TPM) information. -ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 7260afb4d5..4337bd6dac 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -1,16 +1,11 @@ --- title: Change the TPM owner password (Windows) description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system. -ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index c54c2521ad..9b2fa9a1f7 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -1,17 +1,12 @@ --- title: How Windows uses the TPM description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it to enhance security. -ms.assetid: 0f7e779c-bd25-42a8-b8c1-69dfb54d0c7f ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index a4f56fec1e..b6e14ea7da 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -1,16 +1,11 @@ --- title: Troubleshoot the TPM (Windows) description: This article for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM). -ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index f998c94a96..697fdc3840 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -1,15 +1,10 @@ --- title: Manage TPM commands (Windows) description: This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users. -ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765 ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dulcemontemayor manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index 814498c4c7..a28ed8f612 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -1,16 +1,11 @@ --- title: Manage TPM lockout (Windows) description: This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows. -ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dulcemontemayor manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index dff3ed5386..22a4d729b0 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -1,16 +1,11 @@ --- title: Understanding PCR banks on TPM 2.0 devices (Windows) description: This topic for the IT professional provides background about what happens when you switch PCR banks on TPM 2.0 devices. -ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 972a59fcc1..391fb0e733 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -1,16 +1,11 @@ --- title: Trusted Platform Module (TPM) fundamentals (Windows) description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks. -ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index 5a343e626c..1790a62ef4 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -1,17 +1,12 @@ --- title: TPM recommendations (Windows) description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows. -ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 07705c394b..942d2ff588 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -1,17 +1,12 @@ --- title: Trusted Platform Module Technology Overview (Windows) description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. -ms.assetid: face8932-b034-4319-86ac-db1163d46538 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index c70105fc3b..5dadb45989 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -1,16 +1,11 @@ --- title: TPM Group Policy settings (Windows) description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. -ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index c1799559bf..85807ba447 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -2,14 +2,10 @@ title: Trusted Platform Module (Windows) description: This topic for the IT professional provides links to information about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 57044c576d..4d6e18a29e 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -1,16 +1,11 @@ --- title: Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) (Windows 10) description: Learn how unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) network policies, app configuration, and other criteria -keywords: WIP, Enterprise Data Protection, EDP, Windows Information Protection, unenlightened apps, enlightened apps ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index f7bfc44de4..49dd0c2647 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -2,14 +2,10 @@ title: How to collect Windows Information Protection (WIP) audit event logs (Windows 10) description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 1b4ece02db..3f1a5747a9 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -1,16 +1,11 @@ --- title: Make & verify an EFS Data Recovery Agent certificate (Windows 10) description: Follow these steps to create, verify, and perform a quick recovery by using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. -keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 3c7680cf51..de0d27d47c 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -1,16 +1,11 @@ --- title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune (Windows 10) description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy -keywords: WIP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index fdbf865d8a..0c4214d344 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -1,18 +1,12 @@ --- title: Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Manager (Windows 10) description: Use Configuration Manager to make & deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data. -ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529 ms.reviewer: -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager, MEMCM, Microsoft Endpoint Configuration Manager ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/09/2020 diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 3fa8df029b..39ff0696bb 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -2,13 +2,9 @@ title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10) description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network. ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/13/2019 diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index c81eea7fca..d097f3b77a 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -1,16 +1,11 @@ --- title: Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune (Windows 10) description: After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, Intune ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 21a45af6ca..021ea7ed44 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -1,18 +1,12 @@ --- title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) (Windows 10) description: Learn the difference between enlightened and unenlightened apps. Find out which enlightened apps are provided by Microsoft. Learn how to allow-list them. -ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f ms.reviewer: -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/02/2019 diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index 1f6aaa6f4e..df344aface 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -1,18 +1,12 @@ --- title: General guidance and best practices for Windows Information Protection (WIP) (Windows 10) description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart. -ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0 ms.reviewer: -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 18726f1c02..d984b38ce8 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -1,15 +1,10 @@ --- title: Limitations while using Windows Information Protection (WIP) (Windows 10) description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP). -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 6c2ccfde53..26beadd011 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -1,16 +1,11 @@ --- title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise. -keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Protected apps list ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/25/2022 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index c017a7e4f6..f60db36a4f 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -1,17 +1,12 @@ --- title: Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Manager (Windows 10) description: Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. -ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 348af05f36..9c4593f028 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -1,17 +1,12 @@ --- title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10) description: Microsoft Intune and Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy. -ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/11/2019 diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 89d703af97..f5e201aa75 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -1,17 +1,11 @@ --- title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10) description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud. -ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032 -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index c55f4fe75b..14f23ff7f7 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -1,16 +1,11 @@ --- title: Recommended URLs for Windows Information Protection (Windows 10) description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and Neutral Resources, WIP and Enterprise Cloud Resources ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/25/2019 diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 247a47ecf5..4f2fdaa90d 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -1,18 +1,12 @@ --- title: Testing scenarios for Windows Information Protection (WIP) (Windows 10) description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company. -ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2 ms.reviewer: -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index c1188fad4b..78349eb5ab 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -1,16 +1,11 @@ --- title: Using Outlook on the web with WIP (Windows 10) description: Options for using Outlook on the web with Windows Information Protection (WIP). -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and OWA configuration, OWA, Outlook Web access ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 84dae48f11..20d519622f 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -1,16 +1,11 @@ --- title: Determine the Enterprise Context of an app running in Windows Information Protection (WIP) (Windows 10) description: Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and Task Manager, app context, enterprise context ms.prod: m365-security -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 From 3b4ee04a27e87b019db878ff7d2d1e838f08952a Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Sat, 25 Jun 2022 01:48:42 +0530 Subject: [PATCH 460/540] Updated-6020449-B3 Article updated to meet Acrolinx target. --- .../identity-protection/password-support-policy.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index c4aeddc3cd..5cc29b63a0 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -16,7 +16,7 @@ ms.date: 11/20/2019 # Technical support policy for lost or forgotten passwords -Microsoft takes security seriously. This is for your protection. Microsoft accounts, the Windows operating system, and other Microsoft products include passwords to help secure your information. This article provides some options that you can use to reset or recover your password if you forget it. Be aware that, if these options don’t work, Microsoft support engineers can't help you retrieve or circumvent a lost or forgotten password. +Microsoft takes security seriously. This is for your protection. Microsoft accounts, the Windows operating system, and other Microsoft products include passwords to help secure your information. This article provides some options that you can use to reset or recover your password if you forget it. If these options don’t work, Microsoft support engineers can't help you retrieve or circumvent a lost or forgotten password. If you lose or forget a password, you can use the links in this article to find published support information that will help you reset the password. @@ -28,7 +28,7 @@ If you lose or forget the password for a domain account, contact your IT adminis If you lose or forget the password for your Microsoft Account, use the [Recover your account](https://account.live.com/ResetPassword.aspx) wizard. -This wizard requests your security proofs. If you have forgotten your security proofs, or no longer have access to them, select **I no longer have these anymore**. After you select this option, fill out a form for the Microsoft Account team. Provide as much information as you can on this form. The Microsoft Account team reviews the information that you provide to determine whether you are the account holder. This decision is final. Microsoft does not influence the team's choice of action. +This wizard requests your security proofs. If you've forgotten your security proofs, or no longer have access to them, select **I no longer have these anymore**. After you select this option, fill out a form for the Microsoft Account team. Provide as much information as you can on this form. The Microsoft Account team reviews the information that you provide to determine whether you're the account holder. This decision is final. Microsoft doesn't influence the team's choice of action. ## How to reset a password for a local account on a Windows device @@ -48,8 +48,8 @@ If you lose or forget the password for the hardware BIOS of a device, contact th ## How to reset a password for an individual file -Some applications let you password-protect individual files. If you lose or forget such a password, you can rely on that application only to reset or recover it. Microsoft support engineers cannot help you reset, retrieve, or circumvent such passwords. +Some applications let you password-protect individual files. If you lose or forget such a password, you can rely on that application only to reset or recover it. Microsoft support engineers can't help you reset, retrieve, or circumvent such passwords. ## Using third-party password tools -Some third-party companies claim to be able to circumvent passwords that have been applied to files and features that Microsoft programs use. For legal reasons, we cannot recommend or endorse any one of these companies. If you want help to circumvent or reset a password, you can locate and contact a third party for this help. However, you use such third-party products and services at your own risk. +Some third-party companies claim to be able to circumvent passwords that have been applied to files and features that Microsoft programs use. For legal reasons, we can't recommend or endorse any one of these companies. If you want help to circumvent or reset a password, you can locate and contact a third party for this help. However, you use such third-party products and services at your own risk. From b9b341580b84c6aa808a5d490ee958023060b2cc Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 24 Jun 2022 15:42:12 -0500 Subject: [PATCH 461/540] Updates to Dual state AAD records --- .../windows-autopatch-register-devices.md | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index f23ef5f8ec..99fecd54da 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,13 +1,13 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 06/15/2022 +ms.date: 06/24/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to ms.localizationpriority: medium -author: tiaraquan -ms.author: tiaraquan +author: andredm7 +ms.author: andredm7 manager: dougeby msreviewer: andredm7 --- @@ -50,6 +50,17 @@ Azure AD groups synced up from: > [!TIP] > You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. +### Cleaning up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant + +[Azure AD dual state](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) device, but then as you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but now as a [Hybrid Azure AD device](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid). + +When dual state happens, you end up having two Azure AD device records with different join types for the same device. in this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. + +It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](https://docs.microsoft.com/azure/active-directory/devices/manage-stale-devices). + +> [!WARNING] +> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the pre-requisite check **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** in the **Not ready** tab as it's expected that these Azure AD stale devices are not enrolled into the Intune service anymore. + ## Prerequisites for device registration To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites: @@ -57,7 +68,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Configuration Manager Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads: - Windows updates policies - Device configuration @@ -82,7 +93,6 @@ Windows Autopatch introduces a new user interface to help IT admins detect and t A role defines the set of permissions granted to users assigned to that role. You can use one of the following built-in roles in Windows Autopatch to register devices: - Azure AD Global Administrator -- Service Support Administrator - Intune Service Administrator - Modern Workplace Intune Administrator From 7f0bcf5c061cc73e4e98bf866407ad0484626312 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:50:40 -0700 Subject: [PATCH 462/540] Update windows-autopatch-register-devices.md Reviewed for grammar/style --- .../deploy/windows-autopatch-register-devices.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 99fecd54da..2257dda4ce 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -50,16 +50,16 @@ Azure AD groups synced up from: > [!TIP] > You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. -### Cleaning up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant +### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant -[Azure AD dual state](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) device, but then as you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but now as a [Hybrid Azure AD device](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid). +[Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). -When dual state happens, you end up having two Azure AD device records with different join types for the same device. in this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. +In dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. -It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](https://docs.microsoft.com/azure/active-directory/devices/manage-stale-devices). +It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](/azure/active-directory/devices/manage-stale-devices). > [!WARNING] -> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the pre-requisite check **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** in the **Not ready** tab as it's expected that these Azure AD stale devices are not enrolled into the Intune service anymore. +> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** pre-requisite check in the **Not ready** tab because it's expected that these stale Azure AD devices are not enrolled into the Intune service anymore. ## Prerequisites for device registration From f7669ecbe8708607a99618cbd2e964805186467e Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:51:57 -0700 Subject: [PATCH 463/540] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 2257dda4ce..d9c598be61 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -6,8 +6,8 @@ ms.prod: w11 ms.technology: windows ms.topic: how-to ms.localizationpriority: medium -author: andredm7 -ms.author: andredm7 +author: tiaraquan +ms.author: tiaraquan manager: dougeby msreviewer: andredm7 --- From 35ac007e4a6423017e5cece46e20724f0be71018 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:54:49 -0700 Subject: [PATCH 464/540] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index d9c598be61..a522a08253 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -52,9 +52,9 @@ Azure AD groups synced up from: ### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant -[Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). +An [Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) occurs when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). -In dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. +In the dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](/azure/active-directory/devices/manage-stale-devices). From a80d6df2e9ecfcdb69a42d1b488f78bc74c27fe2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 27 Jun 2022 16:15:34 -0700 Subject: [PATCH 465/540] Update event-id-explanations.md --- .../event-id-explanations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index 2e324713fc..e96c186076 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -9,7 +9,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: dansimp manager: dansimp -ms.date: 05/09/2022 +ms.date: 06/27/2022 ms.topic: reference --- From 9b6f93fda97bcd9ea0c0be49d2483357fdab4755 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 27 Jun 2022 16:15:49 -0700 Subject: [PATCH 466/540] Update use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md --- ...-windows-defender-application-control-against-tampering.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index ef443c5c9f..1b87884a5e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 05/03/2018 +ms.date: 06/27/2022 ms.technology: windows-sec --- @@ -111,4 +111,4 @@ If you do not have a code signing certificate, see [Optional: Create a code sign 9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). > [!NOTE] -> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. \ No newline at end of file +> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. From c64e32e065cbf4d265700fd36111a913b0b4805e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 27 Jun 2022 16:16:30 -0700 Subject: [PATCH 467/540] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index a6c838737d..4e2e839d51 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -14,7 +14,7 @@ author: dansimp ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 01/26/2022 +ms.date: 06/27/2022 ms.technology: windows-sec --- From 1ebab7ccf17f53425bce730ff4a38ffceba75315 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 27 Jun 2022 16:26:11 -0700 Subject: [PATCH 468/540] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index ee1790a3c9..c950b5e298 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -146,7 +146,7 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE% ## More information about hashes -WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calcuating the hash of a file. Unlike the more popular, but less secure, [flat file hash](https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum and the Certificate Table and the Attribute Certificate Table. Therefore, the Authenticode hash of a file does not change when the file is re-signed or timestamped, or the digital signature is removed from the file. By using the Authenticode hash, WDAC provides added security and less management overhead so customers do not need to revise the policy hash rules when the digital signature on the file is updated. +WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calcuating the hash of a file. Unlike the more popular, but less secure, [flat file hash](/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum and the Certificate Table and the Attribute Certificate Table. Therefore, the Authenticode hash of a file does not change when the file is re-signed or timestamped, or the digital signature is removed from the file. By using the Authenticode hash, WDAC provides added security and less management overhead so customers do not need to revise the policy hash rules when the digital signature on the file is updated. The Authenticode/PE image hash can be calculated for digitally-signed and unsigned files. From fe0b2a9084677fdef712746fdab4a23605bf1a97 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 27 Jun 2022 16:26:50 -0700 Subject: [PATCH 469/540] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index c950b5e298..d59f353405 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -88,7 +88,7 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | Rule level | Description | |----------- | ----------- | -| **Hash** | Specifies individual [Authenticode/PE image hash values](#More-information-about-hashes) for each discovered binary. This is the most specific level, and requires more effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | +| **Hash** | Specifies individual [Authenticode/PE image hash values](#more-information-about-hashes) for each discovered binary. This is the most specific level, and requires more effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | | **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it doesn't typically require a policy update when any binary is modified. | | **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. More information about FilePath level rules can be found below. | | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. | From 5c56265e13b95801430eda31eef96e2c66288c95 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 28 Jun 2022 05:09:08 -0700 Subject: [PATCH 470/540] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index d59f353405..6b53f74788 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -14,7 +14,7 @@ author: dansimp ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 06/27/2022 +ms.date: 06/28/2022 ms.technology: windows-sec --- @@ -26,8 +26,8 @@ ms.technology: windows-sec - Windows 11 - Windows Server 2016 and above ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. From f60948f39677a824c8905e74c68efcb7d2c19f0c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:12:44 -0700 Subject: [PATCH 471/540] update personalization csp for SE --- windows/client-management/mdm/personalization-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 736959df4e..2a21d44f28 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: dansimp -ms.date: 06/26/2017 +ms.date: 06/28/2022 ms.reviewer: manager: dansimp --- @@ -19,7 +19,7 @@ The table below shows the applicability of Windows: |--- |--- |--- | |Home|No|No| |Pro|No|No| -|Windows SE|No|No| +|Windows SE|No|Yes| |Business|No|No| |Enterprise|Yes|Yes| |Education|Yes|Yes| From ffa8efe8213de19a6c2c3de5d5025814db030fcc Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 28 Jun 2022 08:14:56 -0700 Subject: [PATCH 472/540] Added hyperlink to what a service profile is. --- .../operate/windows-autopatch-microsoft-365-apps-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 2175c45a94..5a95e0b786 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -102,7 +102,7 @@ Window Autopatch deploys mobile device management (MDM) policies to configure Mi ## Microsoft 365 Apps servicing profiles -A service profile takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. +A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [update type](windows-autopatch-update-management.md#update-types), see the Device eligibility section of each respective update type. From 557e056eb0088be0d31466ad8644537a135406e1 Mon Sep 17 00:00:00 2001 From: Bob Clements <72577850+bobclements-msft@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:36:04 -0700 Subject: [PATCH 473/540] Update windows-autopatch-microsoft-365-apps-enterprise.md Section edit for Servicing Profile. Re-labeled section to point out compatibility. Added links to Servicing Profile resources. Added intro statement for readers that are not familiar with Servicing Profiles. --- .../windows-autopatch-microsoft-365-apps-enterprise.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 2175c45a94..05111912f8 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -100,7 +100,9 @@ Window Autopatch deploys mobile device management (MDM) policies to configure Mi | Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated | | Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates | -## Microsoft 365 Apps servicing profiles +## Compatibility with Servicing Profiles + +[Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting. A service profile takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. From f2feb22443793e545848c58b24f21aad173df7d5 Mon Sep 17 00:00:00 2001 From: Rebecca Agiewich Date: Tue, 28 Jun 2022 09:42:54 -0700 Subject: [PATCH 474/540] fixed spelling error --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 6b53f74788..1b68313de8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -146,7 +146,7 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE% ## More information about hashes -WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calcuating the hash of a file. Unlike the more popular, but less secure, [flat file hash](/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum and the Certificate Table and the Attribute Certificate Table. Therefore, the Authenticode hash of a file does not change when the file is re-signed or timestamped, or the digital signature is removed from the file. By using the Authenticode hash, WDAC provides added security and less management overhead so customers do not need to revise the policy hash rules when the digital signature on the file is updated. +WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calculating the hash of a file. Unlike the more popular, but less secure, [flat file hash](/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum and the Certificate Table and the Attribute Certificate Table. Therefore, the Authenticode hash of a file does not change when the file is re-signed or timestamped, or the digital signature is removed from the file. By using the Authenticode hash, WDAC provides added security and less management overhead so customers do not need to revise the policy hash rules when the digital signature on the file is updated. The Authenticode/PE image hash can be calculated for digitally-signed and unsigned files. From df919101303d667c951a72783e1fe82ac81f1f8b Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 28 Jun 2022 11:35:12 -0700 Subject: [PATCH 475/540] Move info about data proc config changes --- ...s-to-windows-diagnostic-data-collection.md | 59 ++++++++++++++++--- ...ws-diagnostic-data-in-your-organization.md | 59 +------------------ .../windows-10-and-privacy-compliance.md | 2 +- 3 files changed, 52 insertions(+), 68 deletions(-) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index b672974ebd..d8bef9aa31 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -74,18 +74,59 @@ The following provides information on the current configurations: - [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data) - [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) -## New Windows diagnostic data processor configuration +## Significant changes coming to the Windows diagnostic data processor configuration -> [!IMPORTANT] -> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). +Currently, to enroll devices in the [Window diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level. -Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory-joined devices. This configuration option is supported on the following versions of Windows: +To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on. -- Windows 11 Enterprise, Professional, and Education -- Windows 10, Enterprise, Professional, and Education, version 1809 with at least the July 2021 update. +***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.*** -Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether. +We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region. -Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller. +### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) -This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. + +From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). + +### Devices in Azure AD tenants with a billing address outside of the EU and EFTA + +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: + +- [Update Compliance](/windows/deployment/update/update-compliance-monitor) +- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) +- [Microsoft Managed Desktop](/managed-desktop/intro/) +- [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview) + +*(Additional licensing requirements may apply to use these services.)* + +If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data. + +> [!NOTE] +> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +### Rollout plan for this change + +This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option. + +During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA: + +- Devices can't be enabled for the Windows diagnostic data processor configuration at this time. +- The processor configuration will be disabled in any devices that were previously enabled. +- Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +It's recommended Insiders on these devices pause flighting if these changes aren't acceptable. + +For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022. + +To prepare for this change, ensure that you meet the [prerequisites](#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. + +As part of this change, the following policies will no longer be supported to configure the processor option: + - Allow commercial data pipeline + - Allow Desktop Analytics Processing + - Allow Update Compliance Processing + - Allow WUfB Cloud Processing + - Configure the Commercial ID \ No newline at end of file diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 9278a481b7..c28627092b 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -256,7 +256,7 @@ Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm ## Enable Windows diagnostic data processor configuration > [!IMPORTANT] -> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). +> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration) The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements. @@ -325,63 +325,6 @@ Windows Update for Business: - [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections) -### Significant changes coming to the Windows diagnostic data processor configuration - -Currently, to enroll devices in the Window diagnostic data processor configuration option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level. - -To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on. - -***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.*** - -We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region. - -#### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) - -For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. - -From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). - -#### Devices in Azure AD tenants with a billing address outside of the EU and EFTA - -For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: - -- [Update Compliance](/windows/deployment/update/update-compliance-monitor) -- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) -- [Microsoft Managed Desktop](/managed-desktop/intro/) -- [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview) - -*(Additional licensing requirements may apply to use these services.)* - -If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data. - -> [!NOTE] -> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. - -#### Rollout plan for this change - -This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option. - -During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA: - -- Devices can't be enabled for the Windows diagnostic data processor configuration at this time. -- The processor configuration will be disabled in any devices that were previously enabled. -- Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. - -It's recommended Insiders on these devices pause flighting if these changes aren't acceptable. - -For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. - -For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022. - -To prepare for this change, ensure that you meet the [prerequisites](#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. - -As part of this change, the following policies will no longer be supported to configure the processor option: - - Allow commercial data pipeline - - Allow Desktop Analytics Processing - - Allow Update Compliance Processing - - Allow WUfB Cloud Processing - - Configure the Commercial ID - ## Limit optional diagnostic data for Desktop Analytics For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing). diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 831b6eb589..6da75f6110 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -147,7 +147,7 @@ An administrator can disable a user’s ability to delete their device’s diagn #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ > [!IMPORTANT] -> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). +> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information]((changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration)). **Applies to:** From 7e4310ec45a9fe26b277963517f4af3935c20c5e Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 28 Jun 2022 11:57:08 -0700 Subject: [PATCH 476/540] fix link issues --- .../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +- windows/privacy/windows-10-and-privacy-compliance.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index d8bef9aa31..5e15ca25f9 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -122,7 +122,7 @@ For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022. -To prepare for this change, ensure that you meet the [prerequisites](#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. +To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. As part of this change, the following policies will no longer be supported to configure the processor option: - Allow commercial data pipeline diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 6da75f6110..e4e7e22ec9 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -147,7 +147,7 @@ An administrator can disable a user’s ability to delete their device’s diagn #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ > [!IMPORTANT] -> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information]((changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration)). +> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). **Applies to:** From e42b13922d3b1615edf56d02c8445c78428b8915 Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Tue, 28 Jun 2022 12:09:40 -0700 Subject: [PATCH 477/540] 37251356 - Add note about garrulous events caused by MI/ISG enablements --- .../operations/known-issues.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index a54661c0b2..2463f2312e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -31,6 +31,10 @@ ms.localizationpriority: medium This topic covers tips and tricks for admins as well as known issues with WDAC. Test this configuration in your lab before enabling it in production. +## ManagedInstaller/ISG enablements may cause garrulous events + +These events do not indicate an issue with the policy, and we are servicing the code to turn them off by default. This will be resolved in the September 2022 C release. + ## .NET native images may generate false positive block events In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. From 568e1da35e86cb065d7341d918c1483401b50528 Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Tue, 28 Jun 2022 12:33:35 -0700 Subject: [PATCH 478/540] Update known-issues.md --- .../operations/known-issues.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 34b4026eb5..57efc3c9da 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -28,20 +28,20 @@ ms.localizationpriority: medium >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -This topic covers tips and tricks for admins as well as known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. +This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. ## ManagedInstaller/ISG enablements may cause garrulous events -These events do not indicate an issue with the policy, and we are servicing the code to turn them off by default. This will be resolved in the September 2022 C release. +These events don't indicate an issue with the policy, and we're servicing the code to turn them off by default. This issue will be resolved in the September 2022 C release. ## .NET native images may generate false positive block events -In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. +In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fall back to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. ## MSI Installations launched directly from the internet are blocked by WDAC Installing .msi files directly from the internet to a computer protected by WDAC will fail. -For example, this command will not work: +For example, this command won't work: ```console msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi From eb65c39ea16740b6f7acab6235e01d3a96bd3036 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 28 Jun 2022 13:45:07 -0700 Subject: [PATCH 479/540] Add missing punctuation --- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index c28627092b..b8cdecf995 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -256,7 +256,7 @@ Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm ## Enable Windows diagnostic data processor configuration > [!IMPORTANT] -> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration) +> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements. From f3f40d05bbf77178b8c973af37ca115fb381b3a0 Mon Sep 17 00:00:00 2001 From: Harman Thind <63820404+hathin@users.noreply.github.com> Date: Tue, 28 Jun 2022 13:54:41 -0700 Subject: [PATCH 480/540] New URLs added added 2 new urls for Windows Autopatch service --- .../prepare/windows-autopatch-configure-network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md index a1fb48b746..93a0fbe3bd 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md @@ -32,7 +32,7 @@ The Windows Autopatch URL is used for anything our service runs on the customer | Microsoft service | URLs required on allowlist | | ----- | ----- | -| Windows Autopatch |
              • mmdcustomer.microsoft.com
              • mmdls.microsoft.com
              | +| Windows Autopatch |
              • mmdcustomer.microsoft.com
              • mmdls.microsoft.com
              • logcollection.mmd.microsoft.com
              • support.mmd.microsoft.com
              | ### Required Microsoft product endpoints From c6758d8894de1abbaf2ff6866edb53fa282ddffa Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Wed, 29 Jun 2022 05:51:34 -0700 Subject: [PATCH 481/540] Update known-issues.md --- .../operations/known-issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 57efc3c9da..1c179e8e7a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -30,9 +30,9 @@ ms.localizationpriority: medium This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. -## ManagedInstaller/ISG enablements may cause garrulous events +## Managed Installer and ISG will cause garrulous events -These events don't indicate an issue with the policy, and we're servicing the code to turn them off by default. This issue will be resolved in the September 2022 C release. +When Managed Installer and ISG are enabled, 3091 and 3092 events will be logged when a file didn't have Managed Installer or ISG authorization, regardless of whether the file was allowed. Beginning with the September 2022 C release, these events will be moved to the verbose channel since the events don't indicate an issue with the policy. ## .NET native images may generate false positive block events From 760934a6e94ce88cf664e0be990e31d49e4e833e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 29 Jun 2022 17:41:53 -0700 Subject: [PATCH 482/540] Added new URLs. --- .../prepare/windows-autopatch-configure-network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md index a1fb48b746..93a0fbe3bd 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md @@ -32,7 +32,7 @@ The Windows Autopatch URL is used for anything our service runs on the customer | Microsoft service | URLs required on allowlist | | ----- | ----- | -| Windows Autopatch |
              • mmdcustomer.microsoft.com
              • mmdls.microsoft.com
              | +| Windows Autopatch |
              • mmdcustomer.microsoft.com
              • mmdls.microsoft.com
              • logcollection.mmd.microsoft.com
              • support.mmd.microsoft.com
              | ### Required Microsoft product endpoints From 51d59eca5646496f1f7c666fb8169e230eba99f7 Mon Sep 17 00:00:00 2001 From: Julian Lemmerich <41118534+JM-Lemmi@users.noreply.github.com> Date: Thu, 30 Jun 2022 09:58:33 +0200 Subject: [PATCH 483/540] align table correctly fix #10673 --- .../applocker/dll-rules-in-applocker.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 5c09c86d2e..6921eeb8f7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -40,12 +40,9 @@ The following table lists the default rules that are available for the DLL rule | Purpose | Name | User | Rule condition type | | - | - | - | - | -| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| -| BUILTIN\Administrators | Path: *| -| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | -| Everyone | Path: %windir%\*| -| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| -| Everyone | Path: %programfiles%\*| +| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| BUILTIN\Administrators | Path: *| +| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | Everyone | Path: %windir%\*| +| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| Everyone | Path: %programfiles%\*| > [!IMPORTANT] > If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps From 0d8c35f1cf5f9f2fd3a0dcbb29644d7b29ef397b Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 30 Jun 2022 11:55:44 -0700 Subject: [PATCH 484/540] delete minecraft promotion article --- .openpublishing.redirection.json | 5 ++ .../windows/get-minecraft-device-promotion.md | 90 ------------------- 2 files changed, 5 insertions(+), 90 deletions(-) delete mode 100644 education/windows/get-minecraft-device-promotion.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 9a87d541b5..04826145f2 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19559,6 +19559,11 @@ "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md", "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt", "redirect_document_id": false + }, + { + "source_path": "education/windows/get-minecraft-device-promotion.md", + "redirect_url": "/education/windows/get-minecraft-for-education", + "redirect_document_id": false } ] } diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md deleted file mode 100644 index 258525651d..0000000000 --- a/education/windows/get-minecraft-device-promotion.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Get Minecraft Education Edition with your Windows 10 device promotion -description: Windows 10 device promotion for Minecraft Education Edition licenses -keywords: school, Minecraft, education edition -ms.prod: w10 -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -author: dansimp -searchScope: - - Store -ms.author: dansimp -ms.date: 06/05/2018 -ms.reviewer: -manager: dansimp ---- - -# Get Minecraft: Education Edition with Windows 10 device promotion - -**Applies to:** - -- Windows 10 - -The **Minecraft: Education Edition** with Windows 10 device promotion ended January 31, 2018. - -Qualifying customers that received one-year subscriptions for Minecraft: Education Edition as part of this program and wish to continue using the game in their schools can purchase new subscriptions in Microsoft Store for Education. -For more information on purchasing Minecraft: Education Edition, see [Add Minecraft to your Store for Education](./school-get-minecraft.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json). - ->[!Note] ->**Minecraft: Education Edition** with Windows 10 device promotion subscriptions are valid for 1 year from the time -of redemption. At the end of 1 year, the promotional subscriptions will expire and any people using these subscriptions will be reverted to a trial license of **Minecraft: Education Edition**. - -To prevent being reverted to a trial license, admins or teachers need to purchase new **Minecraft: Education Edition** subscriptions from Store for Education, and assign licenses to users who used a promotional subscription. - - - \ No newline at end of file From e30aa032818b7592e7b4a8343db1532f3f73cc34 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 30 Jun 2022 12:01:59 -0700 Subject: [PATCH 485/540] remove minecraft promotion from TOC --- education/windows/TOC.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml index 3a592b8263..717ae6c902 100644 --- a/education/windows/TOC.yml +++ b/education/windows/TOC.yml @@ -53,8 +53,6 @@ href: teacher-get-minecraft.md - name: "For IT administrators: get Minecraft Education Edition" href: school-get-minecraft.md - - name: "Get Minecraft: Education Edition with Windows 10 device promotion" - href: get-minecraft-device-promotion.md - name: Test Windows 10 in S mode on existing Windows 10 education devices href: test-windows10s-for-edu.md - name: Enable Windows 10 in S mode on Surface Go devices From 43a55e57508d2957dfbea754f801048ba03e687f Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:37:17 -0700 Subject: [PATCH 486/540] Remove windows-update in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index c04926735a..6b0aff2a70 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -273,22 +273,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-update", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "win-threat-protection", "build_source_folder": "windows/threat-protection", @@ -360,13 +344,13 @@ "Pdf" ] }, - "need_generate_pdf_url_template": true, "targets": { "Pdf": { "template_folder": "_themes.pdf" } }, "docs_build_engine": {}, + "need_generate_pdf_url_template": true, "contribution_branch_mappings": {}, "need_generate_pdf": false, "need_generate_intellisense": false From 07d2e54d883048371dcf12b2250944ad3bcc0933 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:37:18 -0700 Subject: [PATCH 487/540] Remove windows-update in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index c04926735a..6b0aff2a70 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -273,22 +273,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-update", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "win-threat-protection", "build_source_folder": "windows/threat-protection", @@ -360,13 +344,13 @@ "Pdf" ] }, - "need_generate_pdf_url_template": true, "targets": { "Pdf": { "template_folder": "_themes.pdf" } }, "docs_build_engine": {}, + "need_generate_pdf_url_template": true, "contribution_branch_mappings": {}, "need_generate_pdf": false, "need_generate_intellisense": false From cb8e6de80d31cb7d7c3e748dcb18003161981bd4 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:37:38 -0700 Subject: [PATCH 488/540] Remove win-threat-protection in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 6b0aff2a70..2d771fbd37 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -273,22 +273,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "win-threat-protection", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "win-whats-new", "build_source_folder": "windows/whats-new", From b87ca714a4deb815e33ec2cdec677d0ab22d221d Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:37:40 -0700 Subject: [PATCH 489/540] Remove win-threat-protection in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 6b0aff2a70..2d771fbd37 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -273,22 +273,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "win-threat-protection", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "win-whats-new", "build_source_folder": "windows/whats-new", From 2ce69b6f3cd762567a78454071a387e92016d047 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:09 -0700 Subject: [PATCH 490/540] Remove release-information in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 2d771fbd37..1f93ea6915 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -81,22 +81,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "release-information", - "build_source_folder": "windows/release-information", - "build_output_subfolder": "release-information", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "smb", "build_source_folder": "smb", From 1730a89084edad99371b485c7708a5042c96538c Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:11 -0700 Subject: [PATCH 491/540] Remove release-information in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 2d771fbd37..1f93ea6915 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -81,22 +81,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "release-information", - "build_source_folder": "windows/release-information", - "build_output_subfolder": "release-information", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "smb", "build_source_folder": "smb", From 40905d0b2d22477609aa100c07c7fbf9496db166 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:28 -0700 Subject: [PATCH 492/540] Remove windows-plan in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 1f93ea6915..a1acf6deeb 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-plan", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-privacy", "build_source_folder": "windows/privacy", From 861ae2072f1cf18eb6e10577123f0eb9a639a105 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:30 -0700 Subject: [PATCH 493/540] Remove windows-plan in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 1f93ea6915..a1acf6deeb 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -209,22 +209,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "windows-plan", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-privacy", "build_source_folder": "windows/privacy", From 2ef5dfd15f269373d40609fbcbc2f8b1aefdfd2b Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:44 -0700 Subject: [PATCH 494/540] Remove keep-secure in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index a1acf6deeb..e9a52b9400 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -49,22 +49,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "keep-secure", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "microsoft-edge", "build_source_folder": "browsers/edge", From aa44479381967fe075566234be157bc0373abca0 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:38:45 -0700 Subject: [PATCH 495/540] Remove keep-secure in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index a1acf6deeb..e9a52b9400 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -49,22 +49,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "keep-secure", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "microsoft-edge", "build_source_folder": "browsers/edge", From 68db9d2a956dd00d345572012f2e5e0267ee417f Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:39:17 -0700 Subject: [PATCH 496/540] Remove hololens in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index e9a52b9400..253a70b3bf 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -17,22 +17,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "hololens", - "build_source_folder": "devices/hololens", - "build_output_subfolder": "hololens", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "internet-explorer", "build_source_folder": "browsers/internet-explorer", From 84828bfcb7178214fe7e22a1e8c0f0c0dd8d4b9d Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:39:19 -0700 Subject: [PATCH 497/540] Remove hololens in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index e9a52b9400..253a70b3bf 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -17,22 +17,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "hololens", - "build_source_folder": "devices/hololens", - "build_output_subfolder": "hololens", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "internet-explorer", "build_source_folder": "browsers/internet-explorer", From 42cf930fdc8737bbea4edce47698e19181647802 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:39:39 -0700 Subject: [PATCH 498/540] Remove win-device-security in .openpublishing.publish.config.json under live branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 253a70b3bf..284f6f33a1 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -145,22 +145,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "win-device-security", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-hub", "build_source_folder": "windows/hub", From 5f285490112fb6c9a9a3e31cef3bfc8b63714be3 Mon Sep 17 00:00:00 2001 From: Christopher McClister <5713373+cmcclister@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:39:40 -0700 Subject: [PATCH 499/540] Remove win-device-security in .openpublishing.publish.config.json under main branch. --- .openpublishing.publish.config.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 253a70b3bf..284f6f33a1 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -145,22 +145,6 @@ "build_entry_point": "docs", "template_folder": "_themes" }, - { - "docset_name": "win-device-security", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "windows-hub", "build_source_folder": "windows/hub", From 0c7f4be566e280da2687d62171f883afbaee4fbe Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 30 Jun 2022 14:29:20 -0700 Subject: [PATCH 500/540] add intune admin for 365 admin center --- .../update/update-compliance-v2-prerequisites.md | 13 ++++++++----- .../deployment/update/update-status-admin-center.md | 10 +++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 2f45ad0ced..8a6a2a0c8a 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 06/30/2022 --- # Update Compliance prerequisites @@ -66,11 +66,14 @@ For more information about what's included in different diagnostic levels, see [ > [!NOTE] > Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription. -## Microsoft 365 admin center permissions (optional) +## Microsoft 365 admin center permissions (optional currently) -When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also recommended: - - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles) - - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) +When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also needed: + +- To configure settings and view the **Software Updates** page: + - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator) + - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator) +- To view the **Software Updates** page: [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader) ## Log Analytics prerequisites diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 9794557bd2..71e40f2c64 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -10,7 +10,7 @@ ms.collection: - M365-analytics - highpri ms.topic: article -ms.date: 05/07/2022 +ms.date: 06/20/2022 --- # Microsoft admin center software updates (preview) page @@ -34,8 +34,12 @@ The **Software updates** page has following tabs to assist you in monitoring upd - [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution - An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com) - - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles) - - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) + - To configure settings and view the **Software Updates** page: + - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator) + - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator) + - To view the **Software Updates** page: + - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader) + ## Limitations From 7506612755478a76391a3b53052ddc91c851ea14 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 30 Jun 2022 14:32:41 -0700 Subject: [PATCH 501/540] add intune admin for 365 admin center --- windows/deployment/update/update-compliance-v2-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 8a6a2a0c8a..7a1c5ae31b 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -66,7 +66,7 @@ For more information about what's included in different diagnostic levels, see [ > [!NOTE] > Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription. -## Microsoft 365 admin center permissions (optional currently) +## Microsoft 365 admin center permissions (currently optional) When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also needed: From cf09f99c05f563551085b373a14ab3f76fd7b92c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 30 Jun 2022 14:35:03 -0700 Subject: [PATCH 502/540] add intune admin for 365 admin center --- .../deployment/update/update-compliance-v2-prerequisites.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 7a1c5ae31b..88cfdcb10b 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -73,7 +73,8 @@ When you use the [Microsoft admin center software updates (preview) page](update - To configure settings and view the **Software Updates** page: - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator) - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator) -- To view the **Software Updates** page: [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader) +- To view the **Software Updates** page: + - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader) ## Log Analytics prerequisites From a2f544c005c6624902081088299ff8732b871853 Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Thu, 30 Jun 2022 17:03:10 -0500 Subject: [PATCH 503/540] More changes --- .../deploy/windows-autopatch-register-devices.md | 15 ++++++++------- .../prepare/windows-autopatch-prerequisites.md | 8 +++++--- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index a522a08253..4c38fd7246 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,7 +1,7 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 06/24/2022 +ms.date: 06/30/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to @@ -68,16 +68,17 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Configuration Manager Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). - - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads: + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune): - Windows updates policies - Device configuration - Office Click-to-run - Last Intune device check-in completed within the last 28 days. +- Devices must have Serial Number, Model and Manufacturer. + > [!NOTE] + > Windows Autopatch doesn't support device emulators that don't generate Serial number, Model and Manufacturer. Devices that use a non-supported device emulator fail the **Intune or Cloud-Attached** pre-requisite check. Additionally, devices with duplicated serial numbers will fail to register with Windows Autopatch. -For more information on how Configuration Manager workloads work, see [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads). - -See [Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details. +See [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details. ## About the Ready and Not ready tabs @@ -126,7 +127,7 @@ Once devices or Azure AD groups containing devices are added to the **Windows Au > [!IMPORTANT] > It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview. -## Additional device management lifecycle scenarios +## Device management lifecycle scenarios There's a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch. diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 5d377d6e50..4484d30d3a 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -1,7 +1,7 @@ --- title: Prerequisites description: This article details the prerequisites needed for Windows Autopatch -ms.date: 05/30/2022 +ms.date: 06/30/2022 ms.prod: w11 ms.technology: windows ms.topic: conceptual @@ -21,7 +21,9 @@ Getting started with Windows Autopatch has been designed to be easy. This articl | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).

              For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).

              For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). | | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.

              For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). | | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.

              • For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)
              • For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
              | -| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices managed only by Microsoft Endpoint Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the last 28 days. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.

              For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). | +| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.
              • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.

              See [register your devices](https://docs.microsoft.com/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works. + +For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). | | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). | ## More about licenses @@ -42,7 +44,7 @@ The following Windows 64-bit editions are required for Windows Autopatch: - Windows 10/11 Enterprise - Windows 10/11 Pro for Workstations -## Co-management requirements +## Configuration Manager Co-management requirements Windows Autopatch fully supports co-management. The following co-management requirements apply: From bbbf4c39a3f387268471ba92086e5c65599fb92c Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 30 Jun 2022 15:29:51 -0700 Subject: [PATCH 504/540] Update windows-autopatch-prerequisites.md --- .../prepare/windows-autopatch-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 4484d30d3a..431e2c3f27 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -21,7 +21,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).

              For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).

              For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). | | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.

              For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). | | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.

              • For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)
              • For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
              | -| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.
              • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.

              See [register your devices](https://docs.microsoft.com/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works. +| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.
              • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.

              See [Register your devices](../deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works. For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). | | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). | From 9dcbe8cbb4e86f1c8cc7fba1f13925c6c478b09d Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 30 Jun 2022 15:35:45 -0700 Subject: [PATCH 505/540] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 4c38fd7246..bdb0f168e9 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -68,7 +68,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#co-management-requirements). - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune): - Windows updates policies - Device configuration From 97c1e235e780f80e80489a25bde9cb4f1c713b88 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 30 Jun 2022 15:38:02 -0700 Subject: [PATCH 506/540] Update windows-autopatch-prerequisites.md --- .../prepare/windows-autopatch-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 431e2c3f27..029a20632c 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -21,7 +21,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).

              For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).

              For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). | | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.

              For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). | | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.

              • For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)
              • For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
              | -| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.
              • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.

              See [Register your devices](../deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works. +| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

              At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

              Other device management prerequisites include:

              • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
              • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
              • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
              • Devices must be connected to the internet.
              • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.

              See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works. For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). | | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). | From e4136efa95d70be9c9e36c7d3088d4ead16eaa99 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 30 Jun 2022 15:46:23 -0700 Subject: [PATCH 507/540] Fixed broken links. --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- .../prepare/windows-autopatch-enroll-tenant.md | 2 +- .../prepare/windows-autopatch-prerequisites.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 64041a261e..e88fc29e91 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -43,7 +43,7 @@ sections: - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) Additional pre-requisites for devices managed by Configuration Manager: - - [Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements) + - [Co-management](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements) - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.) - question: What are the licensing requirements for Windows Autopatch? diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md index c594bece89..5170032f91 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md @@ -27,7 +27,7 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop > [!IMPORTANT] > The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the tool again. -The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Co-management requirements](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). +The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements). **To access and run the Readiness assessment tool:** diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 5d377d6e50..2f24e926b6 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -42,7 +42,7 @@ The following Windows 64-bit editions are required for Windows Autopatch: - Windows 10/11 Enterprise - Windows 10/11 Pro for Workstations -## Co-management requirements +## Configuration Manager Co-management requirements Windows Autopatch fully supports co-management. The following co-management requirements apply: From c2be73ed32cd39163a1bf950e3c8469959cb3119 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 30 Jun 2022 15:51:54 -0700 Subject: [PATCH 508/540] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index bdb0f168e9..f6dc54cf8d 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -68,7 +68,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#co-management-requirements). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements). - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune): - Windows updates policies - Device configuration From 3ad2eaa8a3f72e8a6ce7bbd262bbb51cf6840fce Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Thu, 30 Jun 2022 15:52:33 -0700 Subject: [PATCH 509/540] Update windows-autopatch-faq.yml --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index e88fc29e91..3e968ceeab 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -43,7 +43,7 @@ sections: - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) Additional pre-requisites for devices managed by Configuration Manager: - - [Co-management](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements) + - [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements) - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions) - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.) - question: What are the licensing requirements for Windows Autopatch? From 858675694276b1f0964e2a118be925e1661b164d Mon Sep 17 00:00:00 2001 From: Alexander Spitaler Date: Fri, 1 Jul 2022 14:15:48 +0200 Subject: [PATCH 510/540] 10678-UpdateCredentialGuardIntuneDocu Changed the manual to settings catalog options --- .../credential-guard/credential-guard-manage.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index b63bf80703..7637deca64 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -53,19 +53,21 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will To enforce processing of the group policy, you can run `gpupdate /force`. -### Enable Windows Defender Credential Guard by using Intune +### Enable Windows Defender Credential Guard by using Microsoft Endpoint Manager -1. From **Home**, select **Microsoft Intune**. +1. From **Microsoft Endpoint Manager admin center**, select **Devices**. -1. Select **Device configuration**. +1. Select **Configuration Profiles**. -1. Select **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**. +1. Select **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**. - > [!NOTE] - > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock. + 1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings + +> [!NOTE] +> Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock. > [!TIP] -> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings). +> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Endpoint Manager](/mem/intune/protect/endpoint-security-account-protection-profile-settings). ### Enable Windows Defender Credential Guard by using the registry From 980dd88868937de62dc8216960819732c0a67008 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 1 Jul 2022 10:07:52 -0700 Subject: [PATCH 511/540] Update known-issues.md --- .../operations/known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 1c179e8e7a..dfddeebe3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -10,7 +10,7 @@ ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther manager: dansimp -ms.date: 04/14/2021 +ms.date: 07/01/2022 ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium @@ -25,8 +25,8 @@ ms.localizationpriority: medium - Windows 11 - Windows Server 2016 and above ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. From 17c9098c9a4654cb301315c7e73caa67da8e0c81 Mon Sep 17 00:00:00 2001 From: Alexander Spitaler Date: Sat, 2 Jul 2022 15:48:15 +0200 Subject: [PATCH 512/540] Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 7637deca64..c2b416f149 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -61,7 +61,7 @@ To enforce processing of the group policy, you can run `gpupdate /force`. 1. Select **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**. - 1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings + 1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings. > [!NOTE] > Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock. From 6a69f49b16bd65385cba6d3e382cfaf7668e8494 Mon Sep 17 00:00:00 2001 From: Office Content Publishing 2 <44301038+officedocspr2@users.noreply.github.com> Date: Sat, 2 Jul 2022 23:32:58 -0700 Subject: [PATCH 513/540] Uploaded file: education-content-updates.md - 2022-07-02 23:32:58.2316 --- .../includes/education-content-updates.md | 34 ++----------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 73b3828e76..825288c869 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,39 +2,9 @@ -## Week of May 02, 2022 +## Week of June 27, 2022 | Published On |Topic title | Change | |------|------------|--------| -| 5/3/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified | -| 5/3/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified | -| 5/3/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified | -| 5/3/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified | -| 5/3/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified | -| 5/3/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 5/3/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | -| 5/3/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified | -| 5/3/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | -| 5/3/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified | -| 5/3/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified | -| 5/3/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified | -| 5/3/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified | -| 5/3/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified | - - -## Week of April 25, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | - - -## Week of April 18, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 4/21/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | +| 6/30/2022 | Get Minecraft Education Edition with your Windows 10 device promotion | removed | From fda276c337ce533f14fa61257922833f0622dca5 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 4 Jul 2022 23:33:38 +0530 Subject: [PATCH 514/540] added windows 11 user report #10684, after reading this article, I conformed **Windows 11** OS is also supported --- .../security-policy-settings/security-policy-settings.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index a0a8270da7..305941019b 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -23,6 +23,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 +- Windows 11 This reference topic describes the common scenarios, architecture, and processes for security settings. @@ -404,4 +405,4 @@ To ensure that data is copied correctly, you can use Group Policy Management Con | - | - | | [Administer security policy settings](administer-security-policy-settings.md) | This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization.| | [Configure security policy settings](how-to-configure-security-policy-settings.md) | Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.| -| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.| \ No newline at end of file +| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.| From 10d39dce22d6341915e5de5edbf7fce6b97892e2 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 5 Jul 2022 20:52:03 -0700 Subject: [PATCH 515/540] Getting ready for GA. --- .../operate/windows-autopatch-wqu-overview.md | 7 +- ...dows-autopatch-wqu-unsupported-policies.md | 95 +++++++++++++++++-- 2 files changed, 94 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md index 282c602973..e58e36cbfd 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md @@ -72,8 +72,11 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win If we pause the release, a policy will be deployed which prevents devices from updating while the issue is investigated. Once the issue is resolved, the release will be resumed. -> [!NOTE] -> Windows Autopatch doesn't allow you to request that a release be paused or resumed during public preview. +You can pause or resume a Windows quality update from the Release management tab in Microsoft Endpoint Manager. + +## Rollback + +Windows Autopatch will rollback updates if we detect a [significant issue with a release](../operate/windows-autopatch-wqu-signals.md). ## Incidents and outages diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md index a76f93d9c5..1ee72bdfda 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md @@ -1,7 +1,7 @@ --- -title: Conflicting and unsupported policies -description: This article explains the conflicting and unsupported policies in Windows quality updates -ms.date: 05/30/2022 +title: Windows update policies +description: This article explains Windows update policies in Windows Autopatch +ms.date: 07/07/2022 ms.prod: w11 ms.technology: windows ms.topic: conceptual @@ -12,11 +12,94 @@ manager: dougeby msreviewer: hathind --- -# Conflicting and unsupported policies +# Windows update policies + +## Update rings for Windows 10 and later + +The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention: + +**Modern Workplace Update Policy [ring name] – [Windows Autopatch]** + +### Windows 10 and later update settings + +| Setting name | Test | First | Fast | Broad | +| ----- | ----- | ----- | ----- | ----- | +| Microsoft product updates | Allow | Allow | Allow | Allow | +| Windows drivers | Allow | Allow | Allow | Allow | +| Quality update deferral period | 0 | 1 | 6 | 9 | +| Feature update deferral period | 0 | 0 | 0 | 0 | +| Upgrade Windows 10 to latest Windows 11 release | No | No | No | No | +| Set feature update uninstall period | 30 days | 30 days | 30 days | 30 days | +| Servicing channel | General availability | General availability | General availability | General availability | + +### Windows 10 and later user experience settings + +| Setting name | Test | First | Fast | Broad | +| ----- | ----- | ----- | ----- | ----- | +| Automatic update behaviour | Reset to default | Reset to default | Reset to default | Reset to default | +| Restart checks | Allow | Allow | Allow | Allow | +| Option to pause updates | Disable | Disable | Disable | Disable | +| Option to check for Windows updates | Default | Default | Default | Default | +| Change notification update level | Default | Default | Default | Default | +| Deadline for feature updates | 5 | 5 | 5 | 5 | +| Deadline for quality updates | 0 | 2 | 2 | 5 | +| Grace period | 0 | 2 | 2 | 2 | +| Auto-restart before deadline | Yes | Yes | Yes | Yes | + +### Windows 10 and later assignments + +| Setting name | Test | First | Fast | Broad | +| ----- | ----- | ----- | ----- | ----- | +| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad | +| Excluded groups | None | None | None | None | + +## Feature update policies + +The service deploys policies using Microsoft Intune to control how feature updates are deployed to devices. + +### Feature updates for Windows 10 and later + +These policies control the minimum target version of Windows which a device is meant to accept. Throughout the rest of the article, you will see these policies referred to as DSS policies. After onboarding there will be four of these policies in your tenant with the following naming convention: + +**Modern Workplace DSS Policy [ring name]** + +#### Feature update deployment settings + +| Setting name | Test | First | Fast | Broad | +| ----- | ----- | ----- | ----- | ----- | +| Name | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | +| Rollout options | Immediate start | Immediate start | Immediate start | Immediate start | + +#### Feature update policy assignments + +| Setting name | Test | First | Fast | Broad | +| ----- | ----- | ----- | ----- | ----- | +| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad | +| Excluded groups | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | + +#### Windows 11 testing + +To allow customers to test Windows 11 in their environment, there's a separate DSS policy which enables you to test Windows 11 before broadly adopting within your environment. + +##### Windows 11 deployment setting + +| Setting name | Test | +| ----- | ----- | +| Name | Windows 11 | +| Rollout options | Immediate start | + +##### Windows 11 assignments + +| Setting name | Test | +| ----- | ----- | +| Included groups | Modern Workplace – Windows 11 Pre-Release Test Devices | +| Excluded groups | None | + +## Conflicting and unsupported policies Deploying any of the following policies to a Windows Autopatch device will make that device ineligible for management since the device will prevent us from delivering the service as designed. -## Update policies +### Update policies Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices will be excluded from management. @@ -26,7 +109,7 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de | [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices won't reboot.

              Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. | | [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.

              This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. | -## Group policy +### Group policy Group policy takes precedence over mobile device management (MDM) policies. For Windows quality updates, if any group policies are detected which modify the following hive in the registry, the device will be ineligible for management: From 263697a27f06e875e9b517f45f9ec748b122a754 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 5 Jul 2022 21:13:56 -0700 Subject: [PATCH 516/540] Updating as per Adam Nichols W365 update. --- .../windows-autopatch-register-devices.md | 38 ++++++++++++++++++- .../overview/windows-autopatch-faq.yml | 6 +++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index f6dc54cf8d..28cf8a2491 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -111,7 +111,9 @@ Registering your devices in Windows Autopatch does the following: ## Steps to register devices -**To register devices into Windows Autopatch:** +### Physical devices + +**To register physical devices into Windows Autopatch:** 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. Select **Windows Autopatch** from the left navigation menu. @@ -127,6 +129,40 @@ Once devices or Azure AD groups containing devices are added to the **Windows Au > [!IMPORTANT] > It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview. +### Virtual devices + +#### Windows Autopatch on Windows 365 Enterprise Workloads + +With Windows 365 Enterprise, you can include Windows Autopatch onboarding as part of your provision process providing a seamless experience for admins and users to ensure your Cloud PCs are always up to date. + +#### Deploy Windows Autopatch on a Windows 365 Provisioning Policy + +For general guidance, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy). + +**To deploy Windows Autopatch on a Windows 365 Provisioning Policy:** + +1. Go to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) admin center. +1. In the left pane, select **Devices**. +1. Navigate to Provisioning > **Windows 365**. +1. Select Provisioning policies > **Create policy**. +1. Provide a policy name and select **Join Type**. For more information, see [Device join types](/windows-365/enterprise/identity-authentication#device-join-types). +1. Select **Next**. +1. Choose the desired image and select **Next**. +1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) cannot manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue. +1. Assign your policy accordingly and select **Next**. +1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch. + +#### Deploy Autopatch on Windows 365 for existing Cloud PC + +All your existing Windows 365 Enterprise workloads can be registered into Windows Autopatch by leveraging the same method as your physical devices. For more information, see [Physical devices](#physical-devices). + +#### Contact support + +Support is available either through Windows 365, or Windows Autopatch for update related incidents. + +- For Windows 365 support, see [Get support](/mem/get-support). +- For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request). + ## Device management lifecycle scenarios There's a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 3e968ceeab..5b27699c20 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -59,6 +59,12 @@ sections: - question: Can Autopatch customers individually approve or deny devices? answer: | No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported. + - question: Does Autopatch on Widows 365 Cloud PCs have any feature difference from a physical device? + answer: | + No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices). + - question: Can I run Autopatch on my Windows 365 Business Workloads? + answer: | + No. Autopatch is only available on enterprise workloads. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices). - name: Update Management questions: - question: What systems does Windows Autopatch update? From 62c7b78a1a0b088b26f8ba5af43d2bd8e2973510 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 5 Jul 2022 21:15:51 -0700 Subject: [PATCH 517/540] Update windows-autopatch-register-devices.md Changed date. --- .../deploy/windows-autopatch-register-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 28cf8a2491..1a58a87f72 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,7 +1,7 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 06/30/2022 +ms.date: 07/06/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to From 77f1c09a2092607821eb45bb6f7c4d668b4034e2 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 5 Jul 2022 21:20:50 -0700 Subject: [PATCH 518/540] Update windows-autopatch-faq.yml Added a question. --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 5b27699c20..62a912aab7 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -59,9 +59,12 @@ sections: - question: Can Autopatch customers individually approve or deny devices? answer: | No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported. - - question: Does Autopatch on Widows 365 Cloud PCs have any feature difference from a physical device? + - question: Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device? answer: | No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices). + - question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center? + answer: | + Cloud PC displays the model as the license type you have provisioned. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices). - question: Can I run Autopatch on my Windows 365 Business Workloads? answer: | No. Autopatch is only available on enterprise workloads. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices). From 96205dc38cd031137012b0e39cbcdb9e1474f871 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 5 Jul 2022 21:21:50 -0700 Subject: [PATCH 519/540] Update windows-autopatch-faq.yml Updated date. --- .../windows-autopatch/overview/windows-autopatch-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 62a912aab7..109b68bdbe 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -4,7 +4,7 @@ metadata: description: Answers to frequently asked questions about Windows Autopatch. ms.prod: w11 ms.topic: faq - ms.date: 06/02/2022 + ms.date: 07/06/2022 audience: itpro ms.localizationpriority: medium manager: dougeby From 9a8150b345bc76a12ee65bca893636964bb2065f Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 6 Jul 2022 13:51:35 -0700 Subject: [PATCH 520/540] More articles for GA. --- windows/deployment/windows-autopatch/TOC.yml | 44 +++++--- .../windows-autopatch-admin-contacts.md | 3 - .../media/windows-feature-force-update.png | Bin 0 -> 172513 bytes ...ndows-feature-release-process-timeline.png | Bin 0 -> 58777 bytes ...dows-feature-typical-update-experience.png | Bin 0 -> 172468 bytes .../windows-feature-update-grace-period.png | Bin 0 -> 304212 bytes .../windows-autopatch/operate/index.md | 4 +- .../windows-autopatch-fu-end-user-exp.md | 73 ++++++++++++ .../operate/windows-autopatch-fu-overview.md | 106 ++++++++++++++++++ ...autopatch-microsoft-365-apps-enterprise.md | 18 --- .../windows-autopatch-unenroll-tenant.md | 59 ++++++++++ .../overview/windows-autopatch-overview.md | 9 +- .../windows-autopatch/prepare/index.md | 2 +- ...indows-autopatch-microsoft-365-policies.md | 33 ++++++ 14 files changed, 307 insertions(+), 44 deletions(-) create mode 100644 windows/deployment/windows-autopatch/media/windows-feature-force-update.png create mode 100644 windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png create mode 100644 windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png create mode 100644 windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md create mode 100644 windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index 97e466d258..d5071f8114 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -17,8 +17,9 @@ href: prepare/windows-autopatch-configure-network.md - name: Enroll your tenant href: prepare/windows-autopatch-enroll-tenant.md - - name: Fix issues found by the Readiness assessment tool - href: prepare/windows-autopatch-fix-issues.md + items: + - name: Fix issues found by the Readiness assessment tool + href: prepare/windows-autopatch-fix-issues.md - name: Deploy href: deploy/index.md items: @@ -32,17 +33,23 @@ - name: Update management href: operate/windows-autopatch-update-management.md items: - - name: Windows quality updates - href: operate/windows-autopatch-wqu-overview.md - items: - - name: Windows quality end user experience - href: operate/windows-autopatch-wqu-end-user-exp.md - - name: Windows quality update signals - href: operate/windows-autopatch-wqu-signals.md - - name: Windows quality update communications + - name: Windows updates + href: + items: + - name: Windows quality updates + href: operate/windows-autopatch-wqu-overview.md + items: + - name: Windows quality end user experience + href: operate/windows-autopatch-wqu-end-user-exp.md + - name: Windows quality update signals + href: operate/windows-autopatch-wqu-signals.md + - name: Windows feature updates + href: operate/windows-autopatch-fu-overview.md + items: + - name: Windows feature end user experience + href: operate/windows-autopatch-fu-end-user-exp.md + - name: Windows quality and feature update communications href: operate/windows-autopatch-wqu-communications.md - - name: Conflicting and unsupported policies - href: operate/windows-autopatch-wqu-unsupported-policies.md - name: Microsoft 365 Apps for enterprise href: operate/windows-autopatch-microsoft-365-apps-enterprise.md - name: Microsoft Edge @@ -51,14 +58,21 @@ href: operate/windows-autopatch-teams.md - name: Deregister a device href: operate/windows-autopatch-deregister-devices.md + - name: Un-enroll your tenant + href: operate/windows-autopatch-unenroll-tenant.md - name: Submit a support request href: operate/windows-autopatch-support-request.md - name: Reference href: items: + - name: Update policies + href: + items: + - name: Windows update policies + href: operate/windows-autopatch-wqu-unsupported-policies.md + - name: Microsoft 365 Apps for enterprise update policies + href: references/windows-autopatch-microsoft-365-policies.md - name: Privacy href: references/windows-autopatch-privacy.md - name: Windows Autopatch preview addendum - href: references/windows-autopatch-preview-addendum.md - - + href: references/windows-autopatch-preview-addendum.md \ No newline at end of file diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index 2ecfa99202..47d7b8677c 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -14,9 +14,6 @@ msreviewer: hathind # Add and verify admin contacts -> [!IMPORTANT] -> The Admin contacts blade isn't available during public preview. However, we'll use the admin contacts provided by you during public preview onboarding. - There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch. > [!IMPORTANT] diff --git a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png b/windows/deployment/windows-autopatch/media/windows-feature-force-update.png new file mode 100644 index 0000000000000000000000000000000000000000..a1752b7996854038d408b0539040c21bc16de004 GIT binary patch literal 172513 zcmeFZc{r5)|2ItbWGCC$Dtic*EQOFt_GL(DVv@4NDEpQrvWpm!t+I_>kqSc$S)!|u zr5Ix?A$yZ$+@Et)SJ(CZet-AxzMuO!p5u6q`wu0}nDhLcpXL49-q9vTr%dCs z%&XFsg_`&06$3^UZJZ76ej5$wO_Q}d|GlsB@VUySG&#ft@NIXt`bgSgYcuGl=byZ? zEVs1=-`21698*}>`o7{A65T?;#Y*S!?ca)zrdp3VY+Lunvhj$xO_(I{i?C8`eg!y6WbDd3TEB+$!>C)e{l|Mwr~kr`0(rk zS6*A6S_{InkiHR9BN(pV)2DK?izkm>-el!e0+LWNpyrLi#yL8}nu5N4^dVmXe5Gyu zGk*-e;`|raoT}4oZ5Nc72a8d;Jq{ZM_mmSdX3yonksJ^oFQlKeg?;VHFK}NvnfKJF8g31lt+N zJHlh@HOA@+7rGsu%otHGSw~+dzv9TnZKK58ZEs=phuiRz{^(q_JPCM6bhw&o^H{n{ z5nTW+yvFwvkCd#R`SpFW!4lf_eF=ByoyFwq=By0LN|tEM%hpbsC{kKw-DIaya-URT z>pN)@Zldfws&W~FWT=bIy$rs@!uY5|IJ91S6e9?xhE0xRoHic3LU(P2`!Z&A4ishF z{_oQ67mSi%1Z5cLezm){dpenTiC<9f^mJ%`4C6?&l^)Kad`AI zNRXcghn69=61~^M>3C#;TH4J_dgn;+b)ZOVQJJl8-@hA;Lt*zAe%*R>uH_-NK7;>z zi~k3oVx-^MMDNRK=~(q)HJKqmie{Be2tfCyYtqAmr~C zMVW}dcSYbF@uu6N7o6u==?De%=@{&9)69!jGSD)DFP2xouR{u~OXh+YXkp?j)W(Hr zokw5E%Ue?0)(ljcZ#y0~pP(pLV{1n!xw~q%A!-JOG?0l0;u@S`mF5#CvT&=0TxjIw zZk~L0Me<_oM-WOj7|ZV|i-mwqAU-;Lc&tdTCb${iF5v+Wizz}0b2|qjXZP8x`Gyvu zn!vBUeNTByl)2ADiQ(kwn)vwem=boc2!9h4nBRG~of*qF==MYF?u}gEch7y-TwxYM zJmSdZ{oy4&n#eQaO2uuV=dD!lh!^o#nZxq0zs>MNTu!mNk8dg+>`9k@c=VOyyq_p5 zOr>*pdGG!#^XB|4g6UR%mWoMhzpLri6h%3nooU*@>$J!`tAOpD$&+omy(mm^_nTAFF#sDAQZ zH^@%aKgMGl7~jl9*Q$`2OKBzW@D<7+5V?^wD_2v}MrpfI?ZD50@H7}Rab2>Cry8-^ zo;nvQ1TGb~{}`8Y8+f!HrMa?Q!z+9qs{4!UTFXk+D+bL{TJxa4Y0VG=*;cN_0-}u) z*Xam018MJX>ccvRS7KyPxuf7sF*2&m(rQdso8S`^3t$7^-c-n}SI`q>u1~9>qlvX; zrNbTV%W&4;POIVOI!?$XNRb{4CMk2F)gDF?Z7*|k^5YPkU@w!X>z{5SMlqp^F2@qY z*K!GF*m}!Ysyh3AqiEi`v)xS(dS2;S2V7`=h>%zbaHT4L?j9p^HUTcAot0WM!*zJM zV1q(-BEmsGOA>s5l*SvQZcf|bLW7Lz=aEft^AqAm_dhXae{($Qm!;-~k=u*&{!oWH z8nkhP7kxn1rAwMJ^N4*|g#PAaM~Z03RdMEop)L}pu9Y$%Q0_59jEpz9M%&6o?f@K} z6{}goRhGIKa27SwxNH%ZMpwM2;kTXpEHTw_}+y6SX%xWcJW-GqLXo6!vpv01Zn$P7L@fCu#WSNXJLIo4}+_wu4f3Gb>@S>2%V)RE+WP}faM}Jbm+26jjO?eIH2^E3zF315(Z+yF z14kkTl`CLFgI@ph;psvb6E+f!<+dpE7GoYgsSOOgE>Zbj2ruWjkO&vLzF3u(Ta#1d z!q&k@^nNWYx`T}|U7Gor|5OiTg)E!s7RlH2ETTV1hE+J1wd0c&!R;uVlF;7QSAS5kCBe~ZWZ7&_2js-f|&a(4~^_~dfmko6$w%@qX*ZBi4&%5II;O4GX^_p zScN<*Y30tif9727J0} zunmvdjJ#N~aRLU8-buq|-KO{qxstj;4C*5DL(d0SKa1&QnA`G?12|N` z7l#&87#6Ao{>_z%fW!CKWt^d|IRIX#-EM;F$h?R2Skhr5bs zToFGg9{UjRMALh%XuC z&P6c`%srdQew?QhWqDp37SW*Iy{7cOTqH_N_=S;eFgS0i^LK+zA)Fq8R_lgS*&WS_z_ao?-_>XpDosI=< zu9pdLSLHW$=)U3~YuH-u68ze4g|Kr8zz5GVNKw6XMB7a>OvTDIUQr$kd~B>OQBO%l zJ1E}{o1nUV1eEmsaMF;<;0Lewc1JJ0VjYWQeM2V{_(sip?#j2Z5Ul!AD@STtr09?F z48NOkRIJQZXr)*4>j-B~ar^E*p!u9SRsMS$zx(QnHmT^@=E94hc=NqfsmQBrTgV^J;e#gJouaw%o@J@ACXhzH)P6~~r<_|R4g*;%Z& zK?DX&_4VUPY0U@dwVshSzPRjkIGh-7ieXA%#}Aa*1hDHr5YF?n*G&!g@-=2prIHC} zpySp3bl+LwHdM+QbD@nM8TsF~Hqa`nYZZw+@#h_It~i?}gPKI8sBYi!L1}=NhDDg= zQzXH{>F?nDg)-F*_HyoGOr=IJmDSRvWL3>4Zek~m*c@`F<6-TsR%KpueGH1=2#?~i z-Gb0%Kal`|ON6M}ZXp}Z+x`ri5z8H0hg4ykD&?N8lXV?A_4F*c*r_y|t=0%lZ$BB1 zt%jNGfJ1w9)G@7b(RaWWUD`$&(qF{_pr?UUzdwbt7_)Q8L$Ur18c^>w!5O3;w4rT_ zmg1MVZM=@_#MG@yZ)kstiu-ew(o(NOfP1j;uhk2I4JNETJVrCD=oW$4m7}^P z-#QfH*NhjE?k{xPyB{u^xazM5YJgvIdlkih2acpQ|l_@&dIwq+^GcnTxl0+DOA%; zb?t*>6)vXJI0A>qLpeUG?tFt#LDVReO^na=_AJ3*OFNn}|IN;|b_j zxyUVchDoyh`BArFqIpA@$KG=*)31X9W_q%=tCHT;t3)a=6ndwd9CWi;(d6sZ1J{5F611IW zb#&9k8TTVRwP2h!TcV8^nF%9n8&go2P@;zmj6^c*=d_EwdMc5D7kgB%zCDE1#$8=F zBV1Kl`WBspm)rAfYWa`-XNC8kS)>dpRy^|3XHD`bDEL6321iwifTCs77-nI+h5HIs zsrs^jDTsD|g;K&H`sp@qDIl0p#N2O8xT9aGl)8Lb5POd^m~|2aR+xtCR_~mT*rDd1 z-JDD@F1H&m6bfe)TfsY`YkDco4ro+CNxo=YR(t7u%$JhgWIZ^ zfk~wL3PXBpbh0&6A!pCx1^9$&t# zDT?mkOJNj)!8oFOr_hLno%@dPPv9h9egEnXi>J>Lj(fAqLFEGN@meOoNeekKX;_N2 zeVO-%M}n&RgWjMn3f)z?*cJR|B7k@I+RLWp&K@T(6k1!$G6?Cp5fuvn;IJQiWo;c` z3NQ$|W=aX43~5LsuEZQ`H$Pb2URW zN=_pHQ<$2bb>09@duYC7@zEv3e>lN9?qgt-ZgTxB_xq75_EybVgKq234BzQfK0jD2 zyv71!L3=-u0%-#Bf_X(n2O_&vq|6v#5cgSg6p20~gJk@ME!(ijPVA#z?aVCx(;qh;Q zEUFio{pV}mZ)_Hw=nlurd7WZ{bGR;A)qsm_1@IH_4EcfcR z#ogwkD{PwrfQiUPrm#yLOJdeW!l}^n$-SNx3_w!p(=@V7#jI;890R=2* zqO6uBdRa zwLA0}4(}M7ah*fYc+{zrsk!J(j(nfl8-=QGq~b|GUS80cdE%}fxNTM+F0`$r>ZvA( zpSLf%&qz%A~spilW*bdkzbu5C?@ll&>pB7Yp5kKU`F3 z!bowLh{@bffP3E;F@nXK0*c_TTh~1&Gxg`$KA%CK4IAG-PP48nv0Ba^8w|5bQ(n*e z^lvZ>=XKMZq=Wr*%Vpi@s`zI3H>T#=PgKFEEXfIVp{RyfTB!E0NB{&5UL9iT=S7YgHZ(-`WU%ML== zo?WYqUducy*SAlPk4{I4^>BR}6 zcnIi;g>5VyEF$WUa@x4|)sMR$DB_h}`}OGnjq%E&OguxAlxesrl`l7z5*$j}0KAWZ z?p;6!_e+mK56c4#ehBc8F~wd=jTbRB+2Cp8F&rl3;upYsum)xU!O?Eub(j)j@xd2R z74ZM~MA->Q$WSv60*nNQ2XeYgO19P+2JRbLSa0OPCSEWNif5Au-(rD-0024swh4mK z0MCX}l)U5Z&cADY^{8%(cJ?0-7g81e72ircJ5i+A4`>6${||3*fLBYjX}0Ij&;41y zD0Y?PJVM){48X3R1#(!p+Gl$+R&&-}-KJbkbr+a`v6wFb$m9pz#j5z(bUXexW<~K# zUW^ISIcvN^%^LSVI~rzB!b1A%tAaKn4?uDL>1tLz2!qFT2~E!P(Ze+pKbzd z4r^ysgg{We{P$g=tB-Wbux-*1!W_|R586U)OJg-DD&d>*4KOi4`rtc(&2@odP~P9T1QY;36tl{snxJyOH8jBj zl-Svcg^&uxjVGK2FOKHEWet7^L_|;kJ8nwJ?ucPX>~c!&ty*j7K@2HO-!83&D|Op! zh4ykB)){tN?mT$82XYHOabgruS8M3|xH!=`Ht_EFXgSq{Xn^Jhi%AM;xH!|}NAtnQ z5=#i|avP_>XDvZHUGJbd_yujFJR$umCQkA}=FozuVHuZ8{3-!3N}V%o5sdZ{d|ULg z^QiDavT{MS#%v9^SZO8R6y=)U@GjT`==bWuI72#U>SEl$)U}*%$FtG(BbEyW9Ue|I zffC%g2;%1fi>MFd6nevBOUNCpcAM40LB{~ZlmAfb`oKkCSo$gy5N$_ktv)Jq+Vs;A z0Hr4CzE^f{x!TSlW~p*M#k(7ztZt3wuzFt^9%Gb#Brol_g?aW6&?aiQyZ}+I;Q{VH zzva#+067wbG)K8FgWL6+zCSC6GC?f?Fggfcs3g`X+o2%q?VN!0h(_N-F1L|V!O()K zJLzkO(^}&;=ts=%%K?v+Z$d6z9@Hg9fXhY#ycH8$0p>OZ^j|R*QnHQ7FTm#joymRj z+!}Xxy2hi8uJnhHl;H_J7AQJ^mj#44T^k;}3?PsnH0>dGgGx}RcFLRMaAQ@-_Ox0q zE?e-*lD1GHCMY|-xXvH}NW$Qa9vMYIG)N6H-{h|YG|GTna2pW}Bfv%Om@-hgI(WcC zs!S&+WS8p zW3pU;f6%IYc{HDZk=Kb1pKU2JeWoJS&x1Jjq1;YQ@2~nMQ5B#VRWp`l3q{xs8P7&t5!~+*G0NXJ2 z7kfoQq(mUxMV%IXA5d**d2P1eC<==Z-Yzf_jDBX+|9&rUhJiVUFe*0tf`;T-lSG3A zPD-oS{Hm4{Cj#Li&G3~|-F?I`2x!`=W+mUV00Rk*NJr*8dQhC>5T2Cf4*atQHDF`# zg%%os1cOC>Er?kI)l~Ua!+y(nD)w+_#Mg6n<+p#z%V3N6b&6ZAg{puJ{8eUH>@UT+ z33h7g$4>l!#3^>Q#(pU1E#7xm{90+alrg9>Cvfm%W|ttp;X&d z*NKbc!CuvQq*jRdFZxM@Wm78wVWPJAEMdeQ>qbSpZ}Ga(@Q{Y~j>YzF1*Wsbm&_VM zE>cCg>AeazPBf-|SE$`(O)wgh?R3j8W7hD^;p)bG@(vM*(0wasX03jl`ZCwU4qU4A zU3fNA>NZk4Q0=H6@F_29>q`rZrmL~W_eWk|240Kj8mRoZIkm_b{n0*Hc&tzit6U8d z9M^ikIU>{{f*vlO+j;^#H6v=JF8QD0M#xGS(Gvu!d-7Y1Ng_CKK_wf!MK7gVAV_={`Rvg3v(ss-=-h5~gzq?wCO5oY zZ;OU|%Q=jRgaOBR5)V|}2x%BmbB(JQmo+SRN)MFVy{MUe3V6r$ZpGfgO8b^cRZ75U z>q@LY;MhvLdEH~GX&3{S4!Ov*@#$gW#@8zcDYquzhb@^SorTYMbU(6V;sZLfIM`=F zIm6&*F3#qvSfNK7!HiP0vXrGoN z?r!wn6pn-(m~?Erk(fN}SWXD(d(Cpk-=2LiH5WhWRURV3?{XD3!cQ!y*s9{fTX|lv z6{oh2{}6M)ELa(zIAvlj6GVs>pB4C8JhtUqk&p`P3K0&y$C@`6KEBwz$sK()Ba$*g zbiUr>hy@ko%lIi|SY=Uj{7;|d+Pl*xB86M_T@jDw&RJU|R0*ivC^DCZq?-tT1G18` zHgVb{L-DOupP$%vzEf{De8&8rBzGn~X6VzO4};va4Pw{MTiljj8_Cz_z6vt}Vh(4( zC<86i9_uafToK1bVLe!GcoOwLYtbYB4KCV_I&~v(<8z^-C*NJ9+xv1mmqfO|U#G6g zGs{HPhuTKr3gV9P5ns&t+5Z*Ia9Av_0VWY!v6QW8jrqPidGOR(_j09o=s8nEA6}p7 zsY#)PCd}Zq|K$nuk1}@S^MRrYEa|x>ZJGc-znR!an0tF1?*xkMj9E+Hl^NQja^Lo* zOE>0_v=QTXJ0rIM%WWWvB9;teP$wLqS~QTT!fLUe<5D1!>8LcEv>dgsbK(MDGElCx ztD>^LyssGB+^fdN{N%$px9QVFd<7ppbM@Jolk}DME^Wb4l7e14=_iW>G6<$9-brMP zS(YuB7&kjI)xIM^5yL?bN}v1zX0R@o4UKb26DMyvZ*? z{A53wos_TpoBq=HgOw~aI#K)>FZV2XwzzQgz0eB@4zFvccoH;c&uOb;B3Mj;o2p-h z6+x~GMRw`N8tfgG8iX)VKY@pW0;&sJ0bQWe7aV61OXV~yua~H*FITaOCWt!fMi(mr zC&q@;KK5{abF8zvu>2Z-3eqd^gv0FNNMd=(2Ch~_XwYZ>vV-N$%GvF8FiD%;0v|9) zQCj#U7`5Jv_DqVitL~8w{W|irf`#H3_bVNpvlsnd9Tvy|^1fCJWx`7f*Y8$mn{}7a z2^DzH83*9G@NA|ut(qEpXyOW9LM8jm9K{u43Pk&4ioq2#`A;QGvSN{{ajHZ{i& z-f)bO0p*DfB(=vy%TdKR=##$%1)ji`Xj_b%@MGu&bwtdD{=Pn9vLY9^0ib*#^6sH~ zTPt?}m(?1&5rBWld;vKl+;S!(Yfw0%87o(Fup+3{sImH)QbX(a3yE%}fRG>Hx@It1X=ep!icJYTd$@5m);Zxl z9MKA;tH*q*BKTbU*eT6r5-+~t>E@^4{M_BBvqcC~rUUxD90 z67%C>gu5NSrW6w1h9`S4BInCvRTlY>C6h9rq6FwJqy{k#C&~B%>)}|)M}%;l)dj!& zv6%xJ70pqL&qUw^*46MBoj3TLCrnc}J7(|@q_s0}diTwRh9Vy}!<&<^zw2yxOM*p${ za^=v96W`x_cX#w_wNhsdB_u-4H+&mipV8bIS|4_i)B85$B(#$WN@|R^MD3S7K6V>6 z>p>Z9!)=2l&&vsm=mydi?C@8Q64lRsBa^qMYrp2~TnYG^|K2_L-YuM4J3h`Bj+bZwC z>+pZ{E!Moh@Fi!+#xgUedb!gV@U*_h3!T2a(jBGVQZVL)Hs?|Y{{3<#LvItx!t^%* z#+fMBa70gO~FC}2$qUFpcY!FO3Whe@&F4RJ3cgU&F|Ayo3EwW>s>C0 zCp`kk&J{Ax>(2x46))Y<+0)TfRRH@nLK>2inEOSHAJs}r0#&**%whS|K8uhgcrz0T z;GcDXe?;B!U~6K&*tRMH;Arj!BQ&H9Mc_Rx3Fjff3pi*fxId_f#;3<^+Xo(vlU=oXlJ@R;qeAS)LE8>PlC3d~Zn&^rNa16Dm$6P?F*L$H;E zW69WOwq@$Y5#=rS4MwcnE1|9Yp1VOVuf`yl1yK$bA<;R`u~>`@QfYT%Qfia{w;df0 zV5o(S*Vvm#*OsMiY%yX#Qgxj{A$bY8cfb+QU7JnWAb1VF2$wpoqqli03NFL=8 z;N)(c?UbYW^r^t8|D~xHp3xorsN2Ota0d?nB`+If_kWN-S~Q^(hp*UZ=V`<|i*42= z8-bU!7|HORV-N=hi_*5|fvN6m{*glWq6dHmNmRWIJc6=f%*_bW{N=Yx!QwJolKVRL zR++W4M}!Q)qj{x~1XkeV8g*!EOjl`*YnI=Zxg6)foOjj$20nUu|GUHz-1z*{F;c}$ zMmL;4IbAKbV}y=3s=l?)-9R1u(cK7~x8n~@u>G#q-!FBO+}i?PUDJ8S@E#@2e!c9< zz6_>shfOYJvG?IylSFhzzcp!9tDL!hK}mbDpUR;w-4=M0QkvIlob3q}FxbZ##^ z*v=Ud(?wCb|47~JO`uvoIOIMXdJ_O{X|(K2zy$tzFlv7ds`{j}GSH zE;HKG6#fH-OUbwV#mMzj$^0~2p-Q_p^J@@*5g>Zh2*S{&jTW_64 zv>Kcjer!|Jig+ z>ms|^hGE6PJLK}4JBvrfBiCu8KdrKbGL13VkLY>fOfKJTfL!yCMRk*guK{2`l>Uo< zj@J1Po_S+#E#1NQN3M2MJgP+v*BX9Ail?}VNguCN*X;3tNaO)_hJb z@mZtUoLsl=XGL4=dBcDD-M_svGGX&Kw2&_Mn693=@AS}t| z9P>p_^|EK+cb{krXmqNd zc`^#z9)@j(WV{(PJDffeMNy8U#Q>?kn`i~c1< zsI>n3WWn|gc8iD!K@RSPjyFr6+vn$A3=gdv<~+_63Vf?p6VSP_`gtM;enD)@@;7b= z;CtKIxWFUmz=a{%^~ni0w;ldtBXZ^b1A@*U2eLo+HPi0n!9T57N0OC>-y#tmnaM~< z&mh*ZStP8)X(HPbYPer`uO*&2UhEezLVC+RR~waG*)yNBj`pDL$!&`xVpfcSy%WlC ze2L3tzsQx|oOiEfyy+!Is&H9Kx3~Ga-J$RvUh^x&a)=Xb)y^taD3S_i(AH`-2dUNqc$h-MKuMZRbtCfe3!>nFv+vZ1=dOb6^_J>#w{Si|;mptcg;SFDZbW7* zy#oVDl#`HD9LE;J3L+qV{y;!(jQ(kfMcxKJ;9BD`6F?B2ciN0ok2&&lPbwh3xG^4h zY@$QN^17!_z}(tWZJ=Jup*y=sI^&ku2uHjx{YkRq2rF`CZB6Gc;5mD7V;WXIE<kb!aVopS(iBiEU1`lFts&bh@-_tu09!LBIn%-YXy8b0Cb8t6NG zT{9JV6S(+`0jufSuhN<{^!Z(3MY%m4*VNHb>I`N(P{OIvCfu#byXb+RzW55;I4As7 zbxe4y zU*9Yt#ww(-L9Qm+4_Dt6=xN~P{G@@PPzyN#HuTGYQ-kX;kR~4D6`;qMpaQw3R4i7| z$jO+guDJ(2$kOS)h4t)H`*cWdY%t%CDjh)R}2%a8C^3rW&0TY%)iAGrD~fI5IuYr45yO21UU%M`VhL=YQW8_ zY2*U?xu`qHMZr;~ULeu{a#2*ln;Tve+n&m!Lhmov_1}N{`T|U2gso3$O@GwEgZKSQ zcYd>3AG_9lwzoLOCn6X)fO+Vq>0P){ST`kPgy*C-0_sI7T_5dRD=-iC7-&NQ4$FPA z0@iD2K=lKbd#;}dh7IH_MB6F318C5`rsGQpAlDIy3pA^ist9;2uj{yAy>XhYJL}%)p|Q z0G2`uv1jJ4(Uf&$2S3E$D;KbUSVNqnJjwGc1~`Er(@niY*E*B|*^+>!8Wdl{!MAa{ zk58 z$Avg_U;Q+w<0Q>vl9YF)RZuRMs^gvxD;51cU-+v&>A^buaNl%k`o%;j9^nMWeJ5b{ zbBr^I_{pnniv7$NP6|Bvbt?vJh=Z7I9#ddF#nqR2n74g&59vDUzJW2!viVlGD-TXtoPu05P{;|= zS$?LR=pj#iNdgO5o7l#zO#Mn1>d148AJ=%x)`u=@Pk&yc4VF&-cX6)*$PN&y8rK`TEd1%De2Spb70&z^{hLto(BA|~5*3Au>K2P-{9ZN3QZ*jvQ7=eyQF5THB>ko!6A5Q>WcVuJ5U z`&ZJk!_V9O*XSJ5bUClH(a#nxs20Ialt|K*WhgrNpMLqMMkN1W$`#x|)uo){xU_`k zn`Q%PR?M>3W)9g7OJ2kwhNG$KTpxCeRRHQkA2x_}t{V)~x3_GeVGOCV3KVwdOmg7& z;0hT6#g+Ext0+D?E}!uaKJ%&L=JP8vtF__hnQN!IVAhAf+X1IG;6zAa#ei6&dn;lb~&}3uYAVwoXZDK{i$+$uAoqzhlqK|X8@)Wm;#{B0XM_V(f0VK%h zNNcEf!bd6bdnzcxEZ_a20@vfL5~DL%mU~az?U~Q$j?^2PsF|`oEwZOMca2q9ZcS>@eg67!ra9L%^h2jHc+ z(C-=d)@W3_9Yi+N$`^k2T;x#brk?F;2UE~uIH|wc_3_EPXWayNueCl;+qaKOI;g9B&=MYk*TzEe@#DIboJ}dTT$z{%AejA*X5Y_ zSvl}p6A!4tfCE49QxW8rBtVf@7uSzr!Ar^O0L(S`dwP(%m-2AT9yT3xLD`R`{3gz%vDn1YE`POVr8^2pB+#$w>Qk!jGD;*7r zr>W*amII+&NW|#3&_@?t7GmG;ZNSF-q|!rIVz1XwhRTUFE|Cl=SvvnYE?{hqi_QQ} z=_1vH4w@x1V;Oo5O(^=AX|(j3+JNjq?4h{zgK1k0(p`j})Q3g7j01m5dj7S~X`cmA zv;W|W27p{Si;xMNn4>CgM)7h0;FxUkD;2LRd-Tii1qlialqd%qahCmGJDt%|nd~lI z24PZQ`~W&8u+GrUT4l+Bl>Cp}X3R5{B`OshdILU_(;6yI4E1V5T$0u1YDxq4n)Fl*&#dZ6{ zW-scQV)QN_F-1w9^?JFl+&}5y1%6gsDAH1}30rN|>R&KCZtXH$k{bC~c zG=aBD?wLun(eFmLw5Q-b&gTY0et6n`SeqRKfmikKmNsh0(gqTHbB4(m{HC~iOJtu- zvbzjb=L;1U3*hJ?=C2XrAD&LE&Aj%!Bggb@fg%5wF>DAG6@dAhtdtdx^r-Txl8UT1Bck)U=`BE z7%}t2QDrb)9w~)Y*deXGM^yMAcAS6(9OMSi$zEE^$?>0+JU0L2oomxg%Jq>k(!g`? z`C06YGHc(L@)y_2I(V@5j$D}s6I5Pu45BaicO)EJP&qbp|N7jc6r*Jv&iU}z4p11Y zpmbv-vw-ty0k69V>sx)~?BIx~N0gv{k?|1$)yr?oA@)6mgLza6N{H^-nSKGVe-OlA z9FoXp-oG5i(3@CtPK80@>|mD9=;yJ=#v$8Z5M}OTjgYnJ1+XGDXso``A$_~QPJ_L{>x#w(6(E9$F!rdlLIm|^2QKSjB|3PYEGi{XvA!!Q zf8Ke$f#1Ep>IU<&rf5++?0TH0A$Rjt@4fbGt04aPt@RGxgXyy_x7{T=fg4E;OKtq4 zwBww3#P+O}2J4Yv<^*cV%7D3JAm$0is#p{EZGFW3>BzMgufGNgHyKb|dp5OyM?edC zj9xDx<4K9uLFU=Xh)2axm;jmqpk2&Q>E_?$x5)|V-(uU~O&WoG3{rtb){ifz8ecvw z==Vr7*6VA-w{tN`xLIL~%K_Um>aQF|r`(L2tXPcT#vg<6KdJSZhzkS=%Qn5qpOFna5{)XLY zK*&34-O(4b{uExn>_2E9_5G{0@1&Vw+xqtUNH2$>rR@s!+IW=EdPy;TZ0yDB4N{Y6 z-7`<-c)n{MEUKTmasG@*E60P5vyujU`(LYesdN`Vt@PSMo9Ed7$E$b7n)CC^FRK;x z+wN}!EO&@+&U;F^KfU&G4lIMpfUgbjQ_L-0zRNUgpDPnhx1WKW`k+aU+1z)S@*#4Y z9O>Q8JG<^}yX)_yw!c{tcdYczf;( zzIo#5_mjJ73T-d=^{Rg(_M4T9ow(cs;dCtP(vR-HegiK&cZ3J0 zcWf?;U+z{or`Eyd(o)d*q9cTE$?;fo-h+S<@>e~nPOF++RsW( z2x@OaUeJ&(`8caK9>HTR$EgEP3pdDY$#xqOnQRmLhpKHI=n@W?Qm0asq_`+urPpHA zDi&iBO%I`c`MH5!&l2@T-!p@i&dW^C0d7mH>Gihd(TRAd`;Ef65>;BOtoy)nDbc|n zEb($3{z0u*%dP*&t`-=Tu9pb4ruwyW8EKyS#k$x0lXag|5o>fFYyBD9`lmPFih+~N z8aa?Cz;o|~g5Dtio4)J3t-+e6IEPS?^S}S<#gFyV@74P6)+S4)*}0^ry;^{z^kaM= z$jCN*M5;D~S?bt1!_Tdij(gf6`^a)H6N9O%{SviNResB#TCrp17MvoX1jTdrua)B8 z_UK&Ug8HTaTX$V+Xb`YPi~boS^EAv7w1h~WxEU)1THw_7<`&?S0q5pA)EIMYr@?w4 z;M1YaEx?I4(a{aP#l^a!I=)uo5Wv<+wf1lj05g7I68_OYVtz4^4>M>+UMOV0IM6Q+ z(*k32)ovQZATYI&7x=cx&Sua)1vI1T!oQt?a*{Ig=Cj$Xn98he=?smqRJXa&y2pZ!YV4i#gE)@T#TqQh^9^|uu11k<>21eyBJbCl}%b$tN z;2ty8m3^NJ?Odgbt;gY|R*dhey!pmu<7~GS>J8A{aC@Q<_Bkz5SJGQe5vU+Dsh2!1 zTDq#zdziEy9gNBn)$`luoj?)Qt0lRg)bV;p@IzAlgCNt-9z+w6b$~EK1v}lawKhu@ z1kCYLq%hqXi`@s$zxOftk!ub>Q$T`P-mi8&!_Z_HLT)QD^Y@3|m9^(GWakPlHjUIa z1u459OX@`X;GEm_6B0VAzxjiloGIdB`X5o zKXAl>ETkNZq*SNg?EP@mgA=VOH%+SL6;W+TO8spIr!2F zi2#E@g_m*Z{gQlZWv+g`ML=u*^8AKzEsl|Iowr&SWJIR8go;il=mJ}iC^P64qbv$q z76Eb*@RAF;t;#@t2hj_$eiiCvJ19T$%pQ1*Om$$L(`J4+#Cp7n#be!mHJz$_AxLU) zFr`HV9`pK>cC%$X>UYT`RH-2bX`Xci(-7*pEaZ*QKW-AGYew zjPi)ztx`y2#5#Xc?z^PHJlOJa`KVSE4pNP(8$e!Swvf1daBcM@Po)%$-lITb?j$Op zG$}1BvWea2&$OGUdkMh*A)CTMxAx>X0J=j6uVR=&xokg&4HsII1~}16vPX66`y7LQ zcI@k~)~zZ0yDC{T+H3)`OMjKRyh)%@PgQzV1f}tR$SeHjKnbtgb)cXH=>yUoLj$8OrVC4{+YFvsa$$uPmL)o?kg6%s8+t+>3)8^aa2+alW=h38m%-;Fby z_CG>kgGtP$TV2hMeOVU*8d|WTJ8p3MKde{~%(@TueS9F&A~hECNvOe7J`M zh4i9u>Z~&|f2cLY=;sx4$a(aKvn`p46F^q$1K4dduO;98$qR<3{iNQ#4ut>a5a!_h z84>ww$gQ%DOh8I-h0!H)j`Q!-I~mnMM^fF-Fi1uz2qpR2}F^ zvTYaGb*L@s>dw4fVEE#`w_ihcHiLQj^Mt)e+>|%x-9v2nkMFTQe&Ws_VLmSz#ECsD z)}lv_D?~P#9cCS?{OIAYlayp2sC*sAWo6O$nz}w+?*-oXBO<*2{l}(sJZ{;=l2Q|G{pt9^QVzh2@-) z8kd=z=9U#7k9#8mI@*5aS3T-Mc0|MDctF(5V&zI{#PS*5?1q-d#;Q@I=U>WK=$avn zMwiihJTfxZ*8g+9_kgw25cplr${%l}w3Bfr6h?SZCfBY@smvLuByvGYUZ31M>OXl% zpteoWQ2e;zF;I%{hCt$}x#EzC>I1#J*#Qfxo9&vUahF1!DCTVGr8%=~|CcodJ|9p~ znz3A@Hd3XE@9LkYH*aa4k?1|@$i~k64H*6d#(W1Pd(YiUSxV=t1=x0GNOk5u^4Qn< z$2Fi&4METDy9vG2v6nqr{XP*`;!5F#g%ks9%q-5$ZGgA2ZKjt^l>B3DoNURbMNOcK7e;)>g0>w~qhOx58@^9x9`#+k*jqvR-Wzfr_l@+2+&Y(Ae4s=Vb;^s|e@31#u@-e)Q~_`~=%RIbWR;GY-)+~-qi)U> z))1&wPwCbFk=BiQ-U#ESAxj{?#o*!MS3!rI-N(Q%Axj zw53$9uVpx8FWI^jW_d5eV&LWrYwsSOX2HJk8F72+=P+D_JZ=0(OK>O?rDJ~T3yK`? z;j8O|$V5MdfSv7c0kCo}$Iv7fW41XVUp(bbqlD02ty_0r)`_Gdh%dRfk`+oG0v@80 zr4M|@XT3wmS|p#{f8O;O3v~{0TCNOC|HkWde|$-}uC$Il(1=S+rL@ztGmh)K~{gtjc?- z61s0k-4y;qsLGe}d-s@qUwvo1>8&y5*(H;a67xw=iE^n7urIcrQWIFY48Sq|r)eHRnEw zugY$(GnKzFrnW?;_Ex>;)xv3cc^Z1$bvWG@ZBd$ZiCH104?U?M!aVyZ8K@-tf@dE^ z>4gr;EXbLf++dKVgd%0Xl+Br@Vxt0bJ3-~k zo@HQKLw%npWRVdE$niQ53LaMenJN3(!Sq+_4fq}$)JyP1x+aB12$fcl{iU@JsKb`P z9B3-42I@y3cDDjAm~CpVLbMsVo8WJnKaimQnX-=cvl%aV5SnZBQ|yQDxdnyqs(=r> zUvod}E?@ee1J}aLI9uwlVWh#w^CIpLon7n|UQ`o)B+3+OZMv^D#&fT1)>aN`OcVv>Nc7x8nX2Oz*owOL_k2GtLZ!t>j+KQEAn;D zvU_AlAR%Gt!35cUB-<$lx{g8_?1cw@Ux!K#{twpvJRa)3|KrE&q-e2}E!mQyNRsSZ zl&I`$)~SRnW8c>zgis{17cthcj@?wYWJ`8~vCA?T`!?hIdXGA%>-t>R=X3l0zTdw( zolcH1@ArFN&*$UuxIfbSr`u;t$z`tB=>S=b_pY_NT{qxvZD!XURO$vNCg89K8KciH zp;$FlAj0on*d=EMfKk;1f8eD}paclc2_@i`zjhmPGm&fq;3yBKEC{+362eO4v43z` zlW;hu21>o`LYhj*UACXhP)-5{(i_Ppfv3nDj7!)^c-c$DfmwPN_34hJ6c;whP93CW z-}H?d@P+RBh%tbO1>}L5xDO?_cf3y6Y!;+t$YtGALMxD*;1A8F~Iu-^4uZd zT7i&CR3UIB77)F`S3<)b2@APua-k8N`?qflzxfp^g|s)CpjV-jD!NERn?@AV6osY8 zoVfK{=0)AEfhd4lQy|&;0fNqD158Z1569TMj^Poyyka zS>qm^u2(NX{^N(3*poM4Oi2M5OK4!#HdJ{{<$p`)Bdz)qV0)sh&m+ZZPiTxj&;l=h z>|?{TssP!txI*v4u9=+yj@Sa-KxLo{0jHZ$qwAp?pQ%2Ys72Jt_KS>#qC?=nym7j~ z)v=s46$bb=p=it8aejZhU*QTc*MSdK;7J;_YPm0`41Fu2AR^>muV5*~RRcxM=_LTC z>jo^8DfP?qyg1;8zsH6s0pB@^wI-wVGwYHGQlGjHB6$PR6?xy1(dEn}^rN}{1Uz7e z?G|EbAYUCA=iu^`z6YTH0}JF9vCO3vq>m~02cqh)IpNp)>X-?>dZ6gl%*&882B6(Q z@s+863;xmp0QW9)_l@Cm-pRKksjJ)wKq)SYZZ0JHQQE6by_sho_kR=$Zc*^}`bEGz z7YM{zkh?hIyZ_!^)8R#p{D^>X0a?_m$4zTk#+GCknM1&~%bCIMU1gq=W4DPu^%~jQ z79^{(&*MR2IGCSM4&J^xurUBrC!m8~wI8cJ_-~+U4%fx~lPz-0EMs%FHzjN5wiLoS5Ew!6+Q1KM?|)6m ztgFJ3SuymS(oZ${B|QMSF}x$c;P`39B_z*@jG zdo{@72~|Rj1$&o~SE$@~E$)j+q{H0u!&6Byr`_A?ji@0cR`xgau&O%rL}K}*=?5%vpW$&ev$m#3B9RzniC6!b8$_?%}Iy}#aPLe^Rkge&@1YwK(pI@0Eh)W z5oSK}v|?*rnuJ4);`gC@x)b*$uQSQr zj@dnjFP|iUlxh{wWkgIGF!iIzNZde*WR{cb(@cnJQ|Mq@UPC?RkV@ z{L%7pm%)cm%f`bcBxfd8F;|Q#Hs|i@9X1Vc2J%vIFU)rc=}{Q>ZKksC2AvqaE6}5t zrR9t(o#&?TZUG~H&EKq~19P6r-4I)g>2!j$y6J?WMr@%Pxz%bH^K`XBFX4LsC7 z^=L-?c{7tlap>M~I&; z3nC*k>PKjw`~8A)gLMTyWCpl)wdq~KVz$S1-da_S+DfQu8D0*=ESJ;YA8}b^q5A;s zQUA~uAFV_B_Prs5&`}6IsDXf3QB2-~W`zKId#G~1!hs*mKLYNlJ)l~JlxE9h27dAe z8pvM*yD+;6{w3+c^i~9LDH2cyo8GRxM5gUd#nY%19jhMkPgZ0`0dnk8s{b+m@Nt0+ z?JZVlI}38>+AD!zXK)gD)eKtV$1_UEoCm5Z8d-m*Lli;8#DwAh%!d?;CTwnAR8NTaD)muf~Z}B)fm~ z1)WqnL!GyDkkSQ(XrY3D!!h(?;znRP@&|T5+=OzI{HOW|;KIV6qayvKs?ne^(7G_b zGn`}5RsPF1ofqiTsiGG+YX2w&tdBdw*FX0q8 z1}~=re9{ky2^zvz0_s|h#(~2z#2x_iA22Sy)wOF9Aml=0m&P149Do8G>7Synj)PD! zu;}4+o4`R9nBkNGrD{nexpb>;YG}hc#$bEEET-zwP42eBfN0`hY*6+?d>nWekpd9> z|3b~NE1+ng1fU-cw(UXXfq@-8yBY-hLU+mUJJH-Vt<}e#QiB70YvaSb_*4y~g4DG> zOBI}1B6%5pIBf6pTOf5^Q@LnDX0P@rFiY(AFR5b)#07KmM#Daw=bSeb`q&win4RwA zL3IRtrO5}1XTgwo#-BOT5SnLcxU#$HpmVb~X)?J1h|wS%Xn*1gUSs?Q_m>DT6Et-7 zC+Lw>EO1Ren_Fe6`exk^foTq{(Mqq_p4zj-tDZ!<8(a+~E>mAYH~9ul*?;CiO>5(0 za7)P3hg65Lfpmc4jc1$(UyUShW&?TCQn_JdEStplgu*p>`sVYxFVOi0McTZ1@U^h1U;jjVmMG|2l;bn^PKx3eC z9FBXp_#s5(8oNOWDW5c~-8#AC*N=$o767rdmnI1G#*ipv7aBoW3CyjG`*W)nsm(~O zo5665#zCNc<^zkYx7i4t!C1rI1Jz+I_D`mUQ0m0_HkKd!g36*6CYa7cm}|2i-MQY5kls zK^&UzjVhQ4a#_b-$s`70ua&7~OkC%Gz(A-E#L|6yfqC^R$dY(XHjN=TH%RAB|4?gU(u(JHm?CV0LBy;J2a-^HnJzx^s^}NbFo3P8wFs6!|@E)pBh$qY(* zn4W@|GZZSvgU~!_Lw>Ic`sikR68ud3w))(^MmxBjNSX3%S}zhB8|X_jjgW8)3V$+* z>G9{m1QI9G;3QP@E8uKF3OI*tY4QZB0TuOslE(f|dFh^!7VWrgk*YvrtDWn>7^4LG{+yc3f`L;dE!QP0++DxWyq=ad~hYs*s)cJ zxB^UH6Xa)(ur7&JKii<#3cSVUz1l(S&vNI04PH1c7fchO)_mef6?!a$cXvg-=@7mi zwlu>&=p4IvvWEHUgQu)c-(}e%) zr&*m${2TL^%jLj9Nz_Z7CqEzAhXrK^!&5+-C`D5p2#8(Y{jumZEkP8KElYn2m%SJv zI!1xkZw`4f*OTilk;dpb;JcO$+uDE%3|Kwq3w$I_9H4pZHEJ(3PyXDa*T{9vxs6y5 z=K(qQARm^%95f0*3LJ^Np7ng6Z3k}3C0*8geKmKTe%+i@o!$%cDiAHLq6qi{v^7|ryu+ss4e{`oAMjX@Cl(plI$P#Zq6@1fQ|^DLXjdwU|zhF3}o>A;Rtlm@C4VA0+**CA!~|M>jvnY znE+`7(#a6F41~Ep{-5P?vLtmBIR@?*2rL6re_mF=6LRAshsS1Jk)odSf!^L83+3O2FG>4`EY>r^tO4F^ zY0(xqBYn^Civks_bZ-GzElW#>J(_)M01;=`b?^=?yNU$vx@s&3Dkmq&;oGH}JjCZ( zDv6e1pB?y4tF4a-Bp37!x-1S?e-;M}UFcGI578k1$3(HJC;wBB^aKK}c3i*e{*<F#ol*7GpXR#r>bA;WHE<~tET`jbYb+8aTv6b+%^1h5E3u;zI%XVbYRRRiu#*7? zZfd!kUU&;Hs;B^u^KJNe=Y<%P?JDMhPQj42R*%^Wofa&EqI0&D!-t#|)$hi{EEYg;I zq}g+f*+y#>5b8HOt%FW5jlsoC88nXRP0~I1%KQ8^)}&oI_yuPM@!W&uot;HA+T~g| zpxXH2E)Qi=!T6|-2uPgX1`_p{~w>S|8MeJl@2p; z(?jYM=3pj16#l-wl74LtNj+Das{F7_`aJ^{EsR< z(kvE!fz)rgoewgoBsXF8*w(xlfoFUF_Kqu-ns0091P(bK#?qo>bO-b#@R{c)Ii^a2SC zh^)nN4m4w{H~d;42ciaz=!d@L(k+J*}~ zA=RM&>{5s&N-2CvL^0x|i(0QIdyY&pd(fS#zzUm-n}p-XS7SiD&K zRGG_s2zoL$v*!@e;j#uWTiTEkVJw>Fq+fpzYyz5Nq1WDVLW3w}nWS6}WONGz_C+uk zT0&dI)h#eT9x=RN3vypy50~wxw{SgKiXlQ7;ktu|fwCdJDO%QEG<7-uXwekrbgzhy ziz5uP8mT)UX1~~%=E~5Q*1uu};&2+~Rlv1KMTvr3iy%(4Ew99qwG|pD`oN%vjgAE} zV_u-j;=|{nY%ku2tW-c4X@2radv{Vat?$Erf=tS>Yw})9Uq^0`xZgl)68p7Uoh!}Z z-48}>Pvl)&lmj10x~&4ZKAy5-)!3^KohkR|bTsdaP>qvdci&{g$#_t75>&h>vY22k zsG8&0VRgzF7pg+&${?pY0(CHI+e4MJ@YpWWj{r(*#h($h!>7ja-34b2X>J>0yL)3;dFyJW+6197! zY2Rc3Sq(w23?t0M(ggxm0hDSMLJl=x9Ci$VuM#*cYIfM@nzOfiE z13=|-yu=SIHwyTnQ2*v}n_rW`=!zrtBN~8Fdwb2 zdsdG7s2VJ`u&sxsBl{Q_*NZiiSr+h9t%;mF0Nb>p`m4_Yfbq!d-x4xNeGa{rB}cB9 zIG@OiG7mjK5$o*H4-@zC2U~ml9Yhq2N*u~rF=l1l2&14@RCl(H z)Fu^uS+o(_ zTNu?|2)7jc@TdS~*K(OT_1klg$EW_iYOulNzhkqYlG74)PJk8{nZOOz^TOk^ zvBhz;uw~z=O`?N?2tf9kR%WQWU;$DaggxmaW=u)QC&)4o475o#Y96Q(fbJpG@Y{_) z2=(nDV9qtb()qXReyr0iWU<&ODou$ZAG&?1zd>LO=lryb-RA{ke^ZlW!`(n&_IXt% zxfq~p>Qvs*Fn*z1;Ii3b0t5UbwJk1MFADr5`@QFfm{9e>v|`yvw$rc5Iy62_yJvan zkYT&3)S*Uaa337JFZF%Q>LvO&Kr2%Ksxl(if0Pog4oVq+!D>hir_rEJmgG@fA`#gC zoFTPWN}czZm@ZM0MeAn3x7%~>=kT!zX5N!WC=hYFkez;C(o2WJh|Se;31aG^a9u{qwKnM2m&p|FD2MTJDLUjYM_{q{gdKu|fG?QNe_a3b*>rUGv-y%kpjb&OJ z5sR%UdSriB`Pv3|_`9x;=N?L`|M_$KH9Y}_Pwr0ZQd+Ug;kC4w`H`R?{Tmu9f&XiN zq%v9eQP6b(q&Mg|zJ)lYm2}Ai_`J5J6AKqloXv@ZD3Qee50Yr77$X;aI}fX%*~?O2 z(E8`a{Kdr7O&a+4YGyGuKwa?!0X(ZY|7XF|G15R+OIq^lEVj^0Hb))OliHey$^}() zM0;Tn=_=VX0#nj1r2FSPH&1IVzM34%#=ePQy5Yc8@SG>?(5C*{uHTZ~8tlpoIk!6nINIy&N`N%#Erp*4S}Uu=SB{$SBUCI; zAQ2S;iMNT4pV*5BR?5zC{L3Ei_5Q}`034f3-$UY7ZvA#DC<#6FZ`uUZ-+fYR;#qG7 zh=^sBAKhRY${kM$3_jYZ1f3s$H@C>h%7>dfw6lwcr}+>Hb>Uws`(s1HK=Cq|K>zHh z`Co#Z|EfmKo)7bX|F3X1Fi7FIMQOXBJ%bO(_!%_6<->sixTL5}ycwhnXJMHNZw?;* z^6e68le(WQLq3$j$CU0=lSKs}s8$+*@EVFB(=TLiFk*tvt)r?RpJeV#2YwPJh zs?UEZT8%g(d!db{9a_U6)8xoDFt##tfQ`)k2HM&Ud9Ae8L?wZ)Od=fy(&;sQw`_pD z5Y@yL-(_4mkfSH)J8RPz&PtelLUZK2&VyPZ1T-*~j-NdwYkHVLZm`PTkv)|&Lh^@i z>Bg`p<}jlnfY)qM`RYY`gTxyS4D0I|w9^5=#{*!+7T{k`^6FyP7u_+I;WL&Q z(o$K=aKaaXs0yv$v~r>5`o_eR@YwRNH6Ek9K8H)jM}$iJpljx1TS(n|rTowTzM%l{ za@v1i*6pFsBET}mC9%T9IWqiqTiKCfKxij=z8H0Emzt(NQ5#5^-71wPcp|c{6l|q@ z4%5e1Exju{2N4S~vTo9+pGS3fUws+@N}M;zsF|wZAGE|M$^WClyjv{$rH#7PaijD>xL_T z+$onCM|en#29iNc%QuwFIoh+b*Y^mfA!fB8v%H8hAB=zh^#R&aopto@VgZ_T$`^I3Y@2UNx(q*~x6o+victFjl__U%8qiD@VKOZu7&S{`fH z8X3DtTrM`75aywEl>I}vH--02dVm*)XmJG* zZkhHER6eYWn8QOSx1H_p=QOmuK2g$^kYkv>JvYYutnyJN1MG2=99;6|s%V)>M?%RC ze#ko=qYm$>dDoXUIaW6QcvLb`v0-xu{qm;wDNSksATP2Fow91=cwTU8@-NfpNNG@9 zOvPdXq8u)Rl6WW{x6Wc9vi{N>h=!8tgxbG8>xB6O()l&-?bU7}B^A2KZ4qKH)bElZ zcdZPH_$WMFQdI@2QF#sZU!V}C3*f$*%EB|7i4K}9I>kWK2?0&seQ2QhJW|NmXZilp zmcW?|1PdWc8esc5nyHqu`E&P8x6Q!GC6`dG$s)Z|(S7enAUZiB8T@rWCR)(F-2nT= zRU#JpLDJQu6rlQPgTWMpZR&eZ589>XSRMnLbO)C4KfJ1tjKqgr{jAr9eNSuN_dU}Q z?xvoR+i_9_n{>5vJ1l7yJBl4Y1FY#E%ONV;LR+1!QdIuQa2)8Yt27B}{`?3cjX$ewaE*v+7 zn>1>B+3y7KkE}0ZvAz0BEy=tvwaHeV@U@g&F{Wawcx?aDEowW!gEs0!WJk> zS8=ypr#T7hDqom#P(|FljKd=fP?hOz^0n^=>I0QyiNvRFalqSfXC2$7F019zDXqtr z-d2eO_CFCXIq;wM3){ciO}tub%r2Q8j-%)$Po9moXkqk ztmef=y@2E2x!)P^k~}=`RuEof0EN&{__P^s|BQ11(nFI!5L-ThK;Y-N*sDpIh6fCt zhwBY*)@z#t`ei$u6B$P4jXu>@emEm4yW|Eli|VBzs~0}6S76#GIsyWF(Y}I5pZneO zjCHz%dVf|6Tu{J52zD#)9%vO^02Ms`*%PtrPn(6mSufwMq8ofA!i8f`Lyxri+P($r zm44c;L+mV%?=kWh)?Yv$3MFVbC`kZ{o~8Y#w;o!+ms_Fb^$GT|=ksAfh#hwIj;3Ak zGcW`n*2RNG3TRgq09z9Z;x!!}X$a>9K3@)iavVMvU=V&ribtN=MSKem9vf~L$)COn!xEoo+%PROQ`Abut&8K`-Ww^N?N;|T z1{^fjw_kaB_swud_v%E!R}?ZtosqdiR^NqxYGJB!J>hf4?CnlP-0A&hs#B|%GH~h0 zj&;F=ie9RPlGIKWdR#*16~Ss7{QPB1Rr6)cJd=})5pFpTzCLKUvwe^o!@vxGg57Ko z*_|ZMIiZoddr8(ubV2FewesaSR{yf|42_=tWh`Msagd#`(!q3TX==;Vb9+t?U+mi zfc#(MG;?Z4wNxF|F_Q@I6ihB?ZJUi;z4^Vh-KVF*EC{Em!%MP_q%Ah+a09E^3e zz3bSP4JXRMnE1C5PVf zgFO&vWG?$wb=)*T%f0}Ze@#Kzp}tnb1`7EXpytm3>Xfm4l(F3m^*tKCC_H!k?d8&B(ZBQ@hc9NAKQ8VR&~da- ziLY49vqS2Jx32P-dpgS_Gk=zh=T3=d^y;n#9@TN=6c^}>PaGaw?YX1V*>VXvN`Ob@ zri+Q!Tk4nTu2O9f+cI?=V?3*ytA}x`Y#Dp98G5bW^wrpzL!G%(vQB~B#ZKF5D(o)X zUoU4{1hlmnvpWwASTJWqh`}W!IvW$E@!{Q)dL0?VC2<*vD8~Wm4A$wK4ywiS#VPSb zU0sPQ`Elk92CZyC`pU{-y={rfc)ZWX(8lg#(>PAYpQ|$o+OIE-s{s83zJn_*we_Ae zK(&^l3Kt1Zt{8la!n~)jofj{->Hk&v$W~|lVzMv0 zv})+=%~vY&u~FB%u=-Ap&TfxAv&B%U-7LMAEPkX>&fpVsr=BY04l$4ONIij%ie@_; zoa&kN5<3!8aIFC-GUI0WH~n@Ywh;o(s{UqI82tf??;SJANcCV>TkJLG+6>nnii0|! zhD+eqH7+Vj)`{g)E95se8*iN?wGl@Dq~VW#^&1zt*J@&R=F}L?%@j~y_7A1P`N#vU zlcW+*ZSH7N`iT@1$-CR~AFdLjwZ>!Om?^5+DEzVU)o*9St_}Pw?C9BC7U=1F{o}Ur zkgINaZ+4@;iNbAWm|)Ktqo9h7-b!$(*sC-eq%t=ejK>f1daRHk!)#@_^-~RorZHUl z;}~u+=j4v5sB6w?#T~3Fi#b1yR2GvSg)P``vuA9m7^QBAc|Xukrxu3?tCZfR)?R&> z5z&%=J2zo@`)7;Lz`*M+VHJ*aSt)_spHT?T3{~A?BYBQ=*0UK1&X0)>vrSo?neMpj zSj&pbh3yOOX+ka&tB%Qp9Os!I^^KK^YJ!n*mxOvMH-H<~rV@uj4WTf7>y`5lB@$N< zxTQICA9YP>7-585CLa=u(Zr=7nN?&~;XrwFUgf}*%6Sci`0FVpF3K*2T$PItmD_y2 z`V{wetotweH0~61>lpNRG_s8A(r$_*6PBL8>17h^q3QWXyd=l|m+Hx>^Ie|ay$^@_ zhfZpJoe8#CCa8*R0WyUJ!Q+RZj-w*8750Gaq-eI?!R_;oR;D#C0nN(sdUOP^&VRBm zQr!HZ9GL|vq$GDBMF0LH%?3u-W~gAdCU{8US&A^8%sGt{5uSF$Z}vJTLIrt(toyb4 zsy;>5j-fl;$vYrL{L$>uEY2+OpB^LYt`@eOqL_t;ztW+wG*MOIJtj+ehGJI#e0Q~+ z+9HxhOI3rFBOt{iQlH}^wXU(0dh1E8456en@kjcVesP?cNhwo`S=<>aR!x^~XeYZ(j*p6t25U zNce599FrXaNL)C2+#cwrbNYU>x@s#sbYC+&GgW{T9Jk7u2f03H>%#iM3`=K9a=mi= zT}8aF7L(ZZG9cLT<(TYRHX{6$oSMI!2GSu-h^8w)1bWFCNhyKaS_-!a$1IH^2Ph(E zk6N0p6&J?oSB7{5Y3iuf-nBf7KyV|Tm>%wq(#j~wMm$T=DW;Nj*4LBDy?}6!+;)?< zYRc@)a3G7;^x{A~OS?_e)jse3oEwpBdU&nh+`Eb%`qt6R6thTHS-7dh{6SfQjnNN1 zxx2Nqmg)s-pr)!VWJ>qWTuv-Q@tyFLh5Kg_jbwh`LM)nm-p@OpL)?k-sRJI%TWX1A z0um>+o__$1S-^7nH~7_T|D{6>qj>IjDIgRfr^YJgJg`|fuZ6uGlS=P*Mn|3X(%P(I zmhYq%47@i86+Nl7j4iW?Vu4v*^~B*>MT>wmhd89nQ0e-0n4)EP%5XF{BK+l)DxU9D z*A0zBvhq^0&S}?G)p+%%ufx#bDnk1mla;SMW+~bVxJtVgHIxZs;1!xnuQ1L1Fr}28 zY~YYz4%9d<*(;VXR%v!vn;Wr~36mYN$XM3&ioc$DA){)0LrlV^ulQb6;@kxU0ERi? zW~%4OcNo_%4IVfKu3w8E5oM58n*~;FymIRMvMu<$Q#tXPOps)NfGFS-o3yHG?Xa6_ zQev&NT6BK;dh)p!GTi+d|DS2G8Wmt6?*5 zjx68hdy_miN0B8{U+UwxjZGLcxObOXBTp9o;P9Hs9ks0mw_XNm_C@LBSgXCOYh=^S z_F~wqOFkxh==Egyn3W!8PhT4*ZJms@4c9{N#d|{*S}ktKx$w_hn|S)%(SLbk<5Gt8 zI1n-5mSl~Lt7Pkb-PK@a6dHH3t07@3zLLS2@=h-JM%)8Z0yVvhn7OnmEEDI{hCF@a zY}19pQ+jqYK2#}`*CNrC{Mbs}uaIDr*5LQ+F)w>4mC#%JnqPBIr$pN{-1I zEtUrLpYe+`^8a?)U_(IA>MKi$+TtU}*e{}g*6e)OHAv)#Nt9;eT)Y?O9d8nE zxUe)4zg%h`xYD~;$e$FlcR1epy>;zOxbAwsa=X32^TC*Y04jyHSix>@6YQH(9iNR$+6Z<8o1EI_W6^ zlytDBCfUS6OK%D7&GVms-9=E_An`nH*FgMvBk+RbWa?d8DWe8Gb=1IPqU*JmstQLY zF}$Y#u4NfRiGb^h=>;L*qVwoTaL-I$$BOr+EYB7hE7~H+G!=MqII;4iA6eu#&dBhS;L-+HH-Llua}Z+jT~SzmT4KqtJRo z$$wj+mCSGU>qR8-I&5PbM$^?_gvC?C+i6QvCUQnKz1HH-=dSfz%v`DoU_M8$t7(N5 zd6q)t;Y4_{!ZGv|mSvu{KEBdF$hws$-p#|-S`>HCoyjFg(dzu6t2?ty;Ulct?w2XE zvyFMtl)U$=*f8&}JX^wwO-5t$t4$IBYG}P`T0**aOv~E6KCm}c!VT+EIT|hGvP(6% zyBKa`D^u|yNT?hYlRNFzhuhY@=I8O!>bP*c`o@GF353aT5o;;-n;S;MR3~CQA06#q_f`9@)8C$K)Y*x8nsP+u$@oSz?xs?N zm)%pNZqqdH(KlC|37Y#4*jxK7TmO;@N19X4h2JI+v1QxOA0x^H?r?!*?kV7`O;I7n zK5wME)sm(GN;i0z&Kg^)Lxdox*I;Wp1=xv559X9p(tri?FK4aH(_b>c63*ef+WA1W z#*s)tuyDF|`=Z>5uBzALzmrt^PO!R|>6C4Htt9_%$7Vlby;ShX{9DHq;u%P7J43*$Vgf zSV`B{IBaNP22Qqc!OaJ163s9cQqz6#LyUd2sSKEG&6ok862tqCHH_T2tAptnVilNR z%H(6^kY|sx2&)!9x2>2ilxrs8H(Ol7nev2LK^Pzys;zEU7<+ebehq`OK>1o|xDA`|IsF9iJD24A;?hL>dJvyn% zk!W~taU~&p4dXIcdx*d@MHL>qJK~_A!t$=KsNV|JeVD%=X*)Y^eWYJScO#4DRrq>h zC=5kwPz~oUUqpM(G$&nV+537!;q-8!ZPMNc*3D#}^>zjFethnc?e0n(3)i~W-X6=l z&FWg|VfadM;}Q33#dy7T44cS?eOg+~9&wO6XkeIcIN#Q2HIjAb`vHknA`w-u$KMy7 zc>8{KFPDUjr`yKb&jpgR`KdiVWlSl z+$X!9k2?D5rwtgZ=Y1XhR<>+i*Gd+RmkS#M&*I!nRnZ?dq=Krq#Eif=Qw8?Y!hJq= zdLj|dSr{U6$dzUqJG32_IB52Y)96ZgxSDs*)@G#vtb||m8X-Wl$a}A0%cvUNhx3Bl z8tlEC_Nv0KV6LE)^XA|Nu+7K_rW&t>#|mkN^D>K%O82C^6C-Rf-qqaOa9g*ABA1t; z9qN48LU=+ux=Mg^J3ev6k5Ilfw|;!XJykHdG?#^K3)H0%!$qZSD=Qa+nTgjwNGBjS z@lJc0E<4TRUc>9wZ*kKc8*4@U1p`z^b0+rA>x%f6uTUm0)*AY#xJ|$@U%J1)Wvu#% z-NU1L;ryk9n7~#C7h8`?-@(1N$P&Ib@6R=pyBx!tZtt4sOl*}3aG6qy2u$0R@O+=n zhlD}gxcZgkjI#TLe2w^@Q*AQKUUT0!w119W_KYZ7J%#JoYn8vd{*sBN62lYrKw`=*R~0PmL?0Ra|3 zyd}}Sn!xeiWcw8mw$Ijp?FMBT*e#XaGm=Tbx3OR{12~hX!;5Y+ihb}X;EerwVVw10 zYjKAuf-~XgqzclhZiPodG%+v8czkt0iCH4|s7EVV#;CVE(sle(ZWO$hL319np;`o! z6mF)Pk;Jq)k*$Q6GTe_T2!(%YF%@Rk=Cs!>pa0xDU1H*9S&G0wCQig?2G4x$vIXPA*UdMNFD5GF7DXMv@Q8HQt>U*Ysw>l|yNo%ts_(VPOk z&PCsI8r|wx55gE1afPcT&AzD311A^m9p#clUtBnpL@Kb!Q!m;VSr3Y%htzgHa&m~cvYIeUoI8BS{ri?8COy22*aRov z@n681lka696Sp>Lb{gFI2i#RDOR$5hAx47_%Lto=3obva306(>i9?P3s;qc8arr)4 zeEQCg01kJm6m2fCTp5a)o=ak$Y%=T&=d_klC_dYac0BKhl^D(^XW7D(*3YdkatGdT zl}SR?4oN32Egg{9T=4Np)(Z|~!A-4)ohA;x&TM9BlMR;?cAc;hVT?c~CB06+t-`-> zwZ&)Bi;&4#&REP0+Q_`}Stq`3hqo=>OW51BuroD}siZBGIdZnj*8%Ce7W)9}e13@b ztBHi0pRWhz^EzitWu@oKQkn89*|Qt2=NZ0uE=1j&*9aot;>>sj%7YS!KOdboF11gi z*6_d;rB>}tI4CIeaEv7rrUhLHj;REqTo%8>4yu|nbz)_)O#vM_W9ctLo#e1Zd=`p3 ztV&%}%koU>>*Nva(sZ4|k%6fzF*$CfcKD~?Bb%jI%{s$tjie}xy%T*m*5V!*hP0`5PomHf_fDwuruOtHOuUtjF?8|UcNsD;6o^|Usf4-w9Jwr#u_Bl`1QuYihbMM0qXtMuUB|UF!puMWDa2Gs-EO0L_ zPF$zyLWO%t8>>^y(yCY;&BEN4$e_`r;L#6AabU#W4m+aLf1+gCdRiluDkO)?}3SJ&*aKGqVSaca}t z-s^uY@`CmG)T0dpo$DO7SVyv~sS$46bp>NR_^#uM$Sx0tKK!}t0S-=?>Z}YHlO*}r z#EWL3@T>N-JQG3PLvg7CVt=j2v966AsH|vKlqg?2yA#HFd8gQ|Q`%9(T%s1f0Rv|n z`uaHkqRacV(Tr=*Bqv5qiVB)f{%VB*0|Qpd|kaIF|g&9%ehQ5 zj282wb|gFY_9ng^|3b@e><76;{oFkaN`0@SPaHni zo=m=}ta6`YT|hiNHF2#@4YTG^%I=DOm)k%j*zc?d@OzB)Q^**G-+yNozuDbWkM~m0 z5Su)W_MOc?JG#q(Z(T87^*I>?E7KRpzb?gHR%p}Xz&6*9UR|DF59nSw#QHf`?8jDP zNNILaQPSzL70P}>TRne2qw36<)m*dKsmhNlp_*QM27cRhyqxgvZDx7EPT1FQfY7SUcS=PPHU#n$~e-`5W7 znXSCNs?#H7YMIITK8hhHzc+)gB;z(;ar{nek!D4;mG7KnvkP3J7G)#WN?erDw62yY zqoPlIV-z*;D6V^ORPm=#c)~EQs~TO!PbdaUL>D+USmOH7cc0XH!IQD+5qV73`I|+} zvozFgtTXuM$7==0?wHbdBh$n+;$ZTWya=3nY4wq#v*&i^k<{yCB@GrqR8|x`yogs_ zRdORw46F{X`B#J@t#noKMppFnd^ssoM`zU)Sheq|^+)8($ks|jQ-$XKR3YRR!au9{ zRfg^7qAF%+qGg)!d~YYF${KC=oU-s(zXax_Kb)n&0^^#68wGv!lUfFoE-jdA;i>9814{A93Jy#2oAA2|8WHk@w+l*3LG%l|?&ls9m2!lN*fqeX|a`1JAQQm?nqo{^AvGXQtKW;pjEh9N; zTCr_7{F9tqsS9RIztLB2U=YP|mqr5B%wu>KVP57vdRqZg;cc@%b{exan}qV`98CCj zf(njy#5{05^_Q|&4esk!Zrl2Kg+S_x%H$2^YwK{v)MQcYmAUJKJ`-0z^>5}d&d;^Q z_)1)J<;q6Z&2Or#GbvQ$+25M2n7)mPQCXPR<=U{oSHN-k@h+!Fy{n4H?RFk^+DKDR zmxFyV+rbX5lM2d}m6r`5k!uW<8tIg>v zroLyusY{U~-jj3+r+Fu6Bb!6!F4-iDMSC17h4qTP9O!gUZ0*UrVmm8d;Zov}>w!!M z_f&}rUaG)>5>&g;VZZHUog#8*JwKoQY~(DB;EcNeZS|}&vinf68ckEI=yj)8&G%Z^ z4=71%8~z8S1;{e*o@O>Mf`Ba3Q}z8jQa4d+?4QCY9sy2hRlC2P|J`1=Rdna1FC&a% zwjX?qzDb;FzEorNx+`5}C1ZO^N4>X_$3QB#+~EU!*t#&xLxkCtyWPk}ii@w{?M;S0 zA!J*DuZwphanL3m*JT+8cV491(KxOkY3qz0_vnh}@n|N?wwN-Gm#D5SNhR9U43_kQ z`|eV9#)fFMV}(%xgRJuexGOv2>{zp4vV1gJDjT`4y2PPp!M3*6#<4q;;FGiahFY`A z3QiJxMylvL5!=3JnJ^ZAvWrTZixQMb-jwoKMO;8&-2JxaO7dh|quO@OuNx-oYelE@ zaAde+c8|>(I|G(?N}o0^TpQseweMwpf41^i@{7tn+if_!C>5#;hF= zO2VTBbdI6N6`6aP9ELc*Z6xp*Q5w$3ux&@#W=@n#pS!Kqaaixs_5h_au!SZPxb)z~-d$0$|4mAb=v zKPTL;);SrB-(P7zFbp+p(W_AGpjm_q9!#z_+Q7<%>Ck;ToC=bAE~Q2G=+V`FKGqJY zsrS!@8QD$p`Y)ITm9Fpxd$oJ!$b;s!vz2JG^`GlLA2)B6@>?fc#re8-X0Ia^$hV>$ zbfoks_nM7t-F#ory48hr`o|kiueWbC`{1SA*UB9*2lqT}u=neSb_W@E!(QDl|7i9l zvYIZ)M7S!QLp%U5lOPD~GWRA0 z^))vIY_R$6fVHzC5LUvFb`xDEf9&#DhV9r0DyRjai(1lKVGl7_iEe4%>K&rT2F7Yo zIL{f`D>k_j7A`tCzsi*%Qqf+u%ru!-U%2pW6)YqM$cuI>d@*vY_HK%0>R{O<4WEgSAxO|wVvdUY{XS!5< zE0J4dp}J^t)mX)3vZC#tIMqgP^ftYc54l;N&ZnH+D?4q~;zoj|LA%zCTYa_FNWCy-q~$)p!s*dJ5YRvRZ-Y|-hhCS+A9(bzyM4J+SiYb%p4ys>@T z*vGhj7Y7%2^ykr?Dydo2D0~w>%sB96Is{!(mY3^--elROECccl{m#hE{No{%SkIP0 zSNHgVvdNmz4#r*GnIJ|2I-h`N4L4$Z`f}--tuxl>FjMPw&#sr6iWjj% zSBGm{7U?h<1SJX7oP$YpTq?6yly+vVY@d!wtPUTaYU`;MSRN6L$<=NrU6@|Ac4D=XD*->v|r5C_)7!iv&XkK-OLDd6}Y; zP&p`EIrO^8Dgmdw;0jc?FwubClb!rR@lVX1eR~^3&&9_~+Bkf-pFfBBh;yoRrSP^Z zA$&Qhjn4YU10>Aw7Yr1$qYn?S`D}Qz`khg<1OhE>mo>c*Cn6`!ft81>1kx>Au^l4l zkTVNY2Gp{x$v~pysk0g^vroz|D5TJvq@N7b8>($q6TiC$J-h61h?E_|;{P*yZnOd{V2=c^eGiQA17jT zb$C~LaszK7uO{=vbdu^ELvhPgY7R{j^}r%cR3R#jJ?UQr&F!Z1h-||knN5y`y54T* zB^#ZUMK&Er4_DVuo=p%Jq@B{h^OSN`*FZ2wBzTNMT{E#|mn^6RTW7lg45t8@#2;`9YFfPUL;2ytsnV4chct-O6Kcu~RJk;;sKWd3AX{T(-M-f703)zw++t_8TgbYLWEQ1tESt4YgWEtz& zX6&PqB|?}n7)*ACF&JYohV%CM{_gvn`<(l~^PfN7W9Bh)U9anPJzvkI3?9&3qS=T0 zXcD39#8Dc0Gz!ic4g*SP@vc%;lnC)+-eHfJZBLunMritx*LcM`cL1wJ@Wh~bcWreM-ExV|f9 z0%~_pbAbTUZ~=vXr{RF{*O|CmXD}w>+PbPI15>`s3*A)jI|JP3_YmojV!J*3U1b#+ zt_?E}iI@jb8UGrC{mX0F*B6IR3t&1geCT^X>`1bBTO#&}7r0~Wu7H4#KVpxL0fsLa z*V7hmUCXVh<{^U~j=d+hphdFPIhQi58u_ru$vcDSp{L0?V+;qomOFxid<{3B)=Nkq z!#c$R#i|cy|2pL7d*A?SjDgj}#VLjV`8bqTTYj^6XJKt=#o7#bQ1cYBpQ|*q!cW<$ zc>1IKuAsQ$Jy7%QsJ-{MqEv@F6NK#y<}Q~_s|Wo6rm8f+B@uy#9@4k50};Q#+xuzQ zI}vZNTWbAirS&^>MiRb!0sFP0sO#g%QYK+6BrBo=HMVI7%q%%2bv^VwQuYwq>YLqS zE9JQhw0E?B3(qCo-~pk;Vc*E}AW<*pjR)g$nRYcG6U^L70Ym`+vEsi*rs2Mv#MS6t zQZufl+LevBhR8v58Hh*NV0izxT5bZ;qhp6x6$m~fJO9w8&H!y=YmA`yJb9_t&op@M zgtERbc_n+Mmy3u^8usDWZVk+4{QWMe{>X zaxTZHb!*$vexYM!=Xy9V16u>glYDauFs}uKU#HEFglrZbIoeV&>m>m(Z9)p?--%-W zXX^U@EB{4mgE|2GD7h-CcEAmOGE5MsagMj*w7Jz$iFgGYag6QZDy6q9%bdo{dvFjf zQ?ce&4}`VVTi$0?HN5+lico#p|$b>aV;sJg9;1`-rhlsJ!XUR zrD_PkYZIs*NA#cRPxCd5s3b~HLn#OJ?YoM9e(MVmy?Hc_W1$0nH-f{LT!i&(dNoq^ z<&6%*=pKO~S=t95rP>-B6B)0%Vui3%n%1A12Z}r-Qo^4Cb#~YfgnMuqp4YSpyUS53 zsn+>-fGYX#gequwmY~;>7NKZq-vx(O1BvgcoEMHu0f~;44yOBsIT7wEZ_EAnt@$AckY1gNI%m5iC>H!>Gpm`jxp! zb?w&uv1%Z5)XCKZXoW=oO+fWwN^iOjyzt-9Dqv!Yy!5~g_|GLr0H}4m&c&@G4>CX$ z4Y;0b$=m?!wt4@x+jax2oculY8A%JnHXfp(+w!ZX|#rOkWT zk3HjAS5;UZ4X$@*)OY}mYu4nQv6z9%i7O=;Vkxg+j^r0YXC{X}{>cN5?BUqrvC2f_ z+DYLvlLuc)w)w402PY_?Hu|~+eM+p7WUS{ZS{wv`EA1_Q;{s88;?f%cSCIUIFlh%| zM0ly+KNO5q7Tg8-;qsL>2Xu9%2k!9{)7bMfBjyYN#+tQRYZEQN3bY~tf7LLL%m((x zjC3W;t94n~v(=%#E>ojx{66CVl2d%DPS~mWH~N6cANcccbH&0g>uSsw;nl4#kn*C% z>4OD*r^)B6_+2+Om!PeR(-;_l^}5&8iox4@IKcDgoluN9V}z?@R_j|9!Pt~)}* zvA4yKv_UGI)P5;&H3W#f3bezS&P&6)g6h1Twvs2;v&$IHs-td))DMcJ+dsm?q29pU z0l$q?Bh)pA8dnKdu0GMzxc$x8UB3Gyy51=!wM!ppF$#F2#!<8vc4!4P=~B2*8?UTZ z-W%s@|B;1!E%}cuKiVF&Nu}(9v+_cy>AQ{ypPb~OmF(07&mRUG& zp_=l~PXmV$32!M`K)#eN_vm?7y}%Otw{+6`MQTlW%8F)d3P2PCBugT?-~KxQD0hbY z$X!wu{txD}t=mqoR>_0klE41HC*-Jf)PEs+qP20??VIv_Q>ao z*@~7%n?uzB!6H!SS1JKmgh+L+V2=u!yzQ|ua>uU87b#Pf5k-8oqADvP8(GHvY` zn_74wq%t`(C8;#i>Z0^wYaX7493Ooxm z9Yps@y?)HgC|l8@0}Cg;hobN#bAZIVdjimyce`JPcMONAS#l7)JkDYGnG?V{JgRz+L^+NrJ_iczu~Z++Gkd2~ zH2*`CC#rYQ-WYF3r{qI8vp#S z1U*ZG3$|U%DHRKtwe1x?*8O-B;<NU*q6@h%^*a@?C@V6M{e zF-dg1XfYtjSVhha>SVz`X zZQ$O8Zn5H!Qr71>hJ@0$!y|Ss2u5W(xy-5efZN~8p=|~v(ew&rR3;ASc4=sa13f}8 zyn{pz2YTjXcnZmNd*=7|z#o6oP;PC4tJ|D%<2vShqwJH$b@vgMoE49Ixe-QR`T;Wf z)eLy$s>P_k`u_!kBCS) z>)l%PE(QZ)qW7>ZY`hi~^j>*&G?sl2CzmtSfnIz-3>b*78ITWNTtn+-7wBtB+KR#f zoZjQg{{~y8U(fa)Cgix`38RRqW*YndPAMNehSW`f`DS{P{-r>RmB!2ZJOeOvhC8}E zAK1hI4|i(jsHhT*R65et_N}Z;MB#`04dP^Iu^e(zB*%5d$5syaMfK^PrQSUg@^)o~ z4RX9l&fZ-O=~F-%c{g&+{rr zN*_yI0SWpEgKczm0rct*KynVh3Vdh9lPF4J&hqCo7-}HC>xV;F9uN#mmN*uGftv=r zwY%&)e~gM7a|kN~-bTZl?4NRo{{uci!A(Mm=M@qv_A*e!_swe^DMH%z$k4GE(&*2+b zepfR&aXD$Z+PHc)bwCeQ+b8_0wTkhAJ|B;GMo4{f#b{6ee}aa6R@Vc6x)i3(UZoIf zQw{3$*NOA8j%9TT)qh*ZP+=eM!+;0yPG6>F?Uuv~doMhq{{)~C|tLN%_PwK5| z@x}h?`S*(dEJr%ru((Tlk^UU8(`?+Y9NI*Ml?eVxa}Nfx*)_Op{5S3(lFI|3EWFRA zqwayu?Clpv!(6W@0(|O^*i{85y~`^qeahKH?neMezbz_c{-sA)PJ1lOQNDi-Q4Twq zshcQT$k$)!7ZO+nzR(03vd*$)${w?jo z3eISXOEu5Spu%`xx|8c7cI;$8U^~H%NWi(tk1XHA3CE!2aZ{NM-|n~0ZnyWjweWe|sLM0FX-*qlZl$_wo2=SbZHCUMNoxg$MV=H_jWCOzd9j@cNM_add+3dJSg@`~!C;eb?syGSSv zb}zN*@F8qmNcZKof;Oqe`%_j&>XWHoT%}@gnQWjG86}smNut?+**cH10as$yhHazi z*<-1^7Hx4r$kY)YOHnoeuW&pE&=Lep6#&2h;MONs49-miYHn1IB3w)_VXHvq`DNdU zi|{Ex9pMKOM8EfbIZ%Sedom#Oq4c(AilLtK4-Q1KH31b~u}=BIbenBoTe#~A)Q{D~ zICw$w7&7hiNb$4^{OXZDrkz^U!Ig|yP7&RV8pi{wrgHB^FbT_!u{Fg%0d zM42~EAG5Z5M#i-X2ebts1Qnc~3KFV+DmD6LKmrHM=zEM_&y`r~QB;NXI1OJ}Bcf5= z6TY=2Mfd5#qFj1A`opUshjUW&M_s(zUjwB*ySAlCUBXt))^3Yo71-^v*0rT@+N|;Z z)Yz`IhFy_xU-*za(%f-!vENlK(9uQhHeOf_fyz@~L5I4g9>+}=ZQ~=F z10A#pENW22RWQc|^__o>vRnpnE*8vb8dACw&A)6CxXIilS+47OCkQhpV3smE8Px>g80uJ!|!m=LUwNB|8@_ez6?_ng~U9t&O?B`Do)$b&5TGhR>mkK-a75C5VM7<Nx(90c0D%0gxCNEjdOt7#={zz<^Xbv53ouVta5!+&oX*iflw7ioI)6Z zx`Ly|yHhaLBXb{10&R*Pp-RNE6s;4HeQVjz+MrLHgy+!o&{+QMS^zPqow)XHIDFD$ z7SH{!l&ctkuO4X!5au}n%s^XO*`Q}_L9G|;t8B2T{IHY)lx!s2Z$s!Y#idw%5Sh3} zto;PrY|KwGxg`90a>ICKv{fV^CG0S>9ij6=C$s~x*X_L#f~z_;r9tSVud9R(#Cd-m zC*7uM%#nU9_Rv)c)^+`~XhO_D@P{fMT4u#_+Q_t40%T(>%@aW;fHO5mK5z{8?-_+ge z^cQ0k?&X{3?f5L-%i(EWD>Q@AwqQW&4N~z9Aw0w{y-G#7_okwP%PhC4N@XO$#0)5f zv$o=r(>%tr7ga`DNvx=m$+LHNLgSw}DB{rD-BS3yja1ZCLVW-VPM=JJWTOJfb_i6( zM5zDDL;A=`ik)#VPZKY~OHdoIFlpO;Blg2Y6&i=L+~%pz@m6(01yU6K4T|mN{d-wI8 z-A9g6G9@p8*Fw*@Jpdk1sT%+&AA!3mu%loJEndFEz!WLnEeK$4_{I`E00iBbQqkB0 zA&2OJy?xt!5a9ueOVmou$jlTEV?D7i&l?I|J-G8Np}L7gQNvw?>WrOvzEKALSwHC zNiTIx@Uxv7+kM;sGl)asdW$HSc3Cx>9#)oX1P`x=jT7=eg=RN&!c5OddILW2t;APoLBEPV?K>^i`5 zOaB=1pFAaCMARh;>z$nQ{FqhO$oU89#o`}7T$a-W3}v!N;{IN@0!Sz9$RV^4hQEh@ zyT2W|lYcuS%WeFyIUo&Mva7a@ZJw&-A?J7qPAcP+0-KguDW1dh#c^@kK)umgmYX2u zfEgEf7@AOrcFVeRyGsfB2a5AefM9%cA)DRy^r4)DPm>D0O8$XacUC<`K06BzZ?A{p zx2B`l0=__guZS(N;O7Q)QTiT$YXwQ8-Uk86>2uET+8q6dW@}1g++UjY@Sm07YqZ8K z_@ATY4hU+ZN0q{T-$6FF1gLp=_MTZyv@8wFU+)jGm!)CX6bh`EWRMz3pU` z%&Db$4&wW5ER=48Q$DM$yF|%58D*=|0ZeZ*TU~>;07-pKob942=8k^rb$ZJ$p3@i? zrSN`V`X)~T$Z-z6c(M)G08kvfU$iYY!i@z9OAn+%C~pkCeV*~PVq3id1;+jQW?WU& z_{2x^2LKDA-ndqp&`qojJi3)@nMq3n3R%p!2Pmf|b9_|u95VkjCT^tltG8~im8mE& zFvbFRi=0{y(0gh4a4|v@e!Bin#_X$2o^u#L1sp7sjNM<D=#q z>;6YI&kvx4M(s^{hpryEHUM|aS1>-s)mb1Awz)ZE_Pj&4NzShZv0DjC3W0lcSHw6o zZ40TX5ZZS#VqJzFKD?HT@!BCTLSlQH@z%x>Bk0gyy<<|+M9xp6Tq6r?Q`F(a^~=Tlg3F*-*!gVR{l}`6Z3$vukhqR)3Ul=gXvXv-S2zhQ>C( zhvDjT#A$uP8uTYR2MWYLY}ZQLpI~^a;V&4kJwGJR$pTa$J@rQayp1y_(0*-)zx8uS z1`6((VoJC>p&kM=1eow z@VC6OeAjaLq{!W3w>=J`c z@l6AX1HR`pE?n5s#~5AA^F^4bK^E(D){w8W?gYL_`F_&t$LQFy{F>hd+IWZ2KdqZ% z%eAT2bzNK@{s++Q#-2ADOJXMj`Jb58PVoKCai=W)E^q0t3MLx`Au?ngwknPC?sOjP z$EvTY*?B)v131|zhLTfl-X-56QrI>W1(>iSN%fOMs6{$CqB(rhi!`7)r&g@yNfXA; zyQz(?8HGP>R@|*70pQ6b-LT#5P+)2ixlI?@C6L1x)VGHtvKPblViy{O$0 zTm@q|ajbNnn-SihC*Qj;5YSUbAU{IAJn*!;;hn}C{*9-@X+Zw82F$TNx&}-^4042G>9jRF#Vwe99Mk;%ef0 zz(nL)(8Tw2^AJ{mLpPOar|XivsoL?;LU{zx4V!ELRt$hTzcU38=C%ns-|nk-3Cxrm zxJR9o?-d$oXBMp{yudv4MKXIVtRv49I4#79&FtmdID%IUQ4RK&$&)U`{MsLQr4fTu*0 zx8r*L#tDlDOM&SDwMUx0gOJ56)YQ8iQg5+_N0)}eH%*CDa(K9dw~0;towhRQuzQL} z=$K=D+ZsV9Ik2gzn6a>+fts~cCz;fvpK3neOJ?jXSg!^tZ&!Ke9M+J0px*TFE|a9h zdNjD%akqx?^9kec%mvZ~9JNZs2|F1+3b4{EvxF(22mllG9veVJbOg4P$1?U}rciwy zCwr&&tH-2K2g?JEjOFK{4Go|xU%7DT5+M+BfM941g`SXl(b*C+_TxNW^EVZBvHcEVs!25hLJ z=9%c*!2@Fn)>~B!a#;Je#~>aZ;bUD-hI-BdI!mg(Mqm*BaO$eu?&pJ^-3A&7F}87P zyM7pda-+@N*XWeU0AXqfkMg}ag&nIM&}^+~CQbWRZ?xr6ec%ShgHJ0{dj3Q9x})v# z!_+9_o{#P6zyA)D=aTM8qb3xS<|I+aKC@~cW#=|DPc_o$j&W2*(}wX;Kr4 zAn%&|+?Et=SBl0^Tx<3a;tx2MYRO>&3MO+%&7F53-&cOsGT0h~h@ZSSfVej?BOX+5 z*e@QM@Oh8--NYM&&--6v%YHK1z7SkaKObNz)P`?WH5>14y=yEusisH|L(os?w-Sul zMY#%?;?uxkUMnSXIRF0P&Kk>h zLTk3$mkS@g$fT{+);tHve{|WnTa~r%-P8T#rSowrlx(D>`oPrUd|^8!0-f=zd2DQK zvL*L`Yz)x;#N_qGQ-1w^MuFyi`bfXR=vYhERDXU$V`u$!Tru6H-s+g4{g2x5h9_S= z#~XgNvP%yzwHh7m@Sn$#mVmL$Y{@FV} zO8u(l7`-|EvOv_PI=@LuT<$v$P1+I@lkcO`c75g!L<^k#aG*`hWergl{|KVRCoKiI zjehj&*D%?cjktZ*kI8=1BPq5aYG zv;?~|{Qx(Z+Hl+I4W)0GXx7;Qk4_@yj&&N4t6>iZ5=jxPk zz26}t;MO80ydhS>-wy8NVQFWnh8486)@4Rc)(^cXmDf)u&8*m%4mX2^pQUG+X2_yH z=pxfBxJ$mdD?MO*_oo=yfF`TqgR*E&126}i!3*joEb+iOw19k%=T=%3tFrQbmFK0c zes^oRosEp^Szw0~$#*4vX*@7TAwmc3`*D%qXFv|S;W}YiAG+eXgLLf=_$cVE=w9^X zkk3-hH)7h78MyE=W#@vg>*TaAPECG(bTPJ@jVnlEL`bUsn$UdlmxHAXzNWqJhQLe8 zW)%Z0jV;tGC4)h)9?4Uil#3o@P4^a3tL9xvm|-WOC*@VVy!%rb4fly*EugjKTMpCU ze1*NI)e{r$nV8*YXoX94hPivsD<=kn<1o9PUo1c%XdT`&URnQOqw`)cm9lF_pVjpx zs|^=W|6VmC*Xo)X50_Im!b-+HP%IR~Mk{9JJQklmG(|y^GCy{SGPj(#(2eElkPBCJ z5;(DAoBL;0LNohn{Yt9^wxyoG`tI5w;IK7&C3v~E!|W@8B^X3zz1&huQK;?o*zI(l zzo{Nx)O9_2o8LDlYTC}(s{6G=@h{5|vgO|I;jN+vo$Yy9x0+jrpEc@`SH^Pv>h6de z)P6T89Q)=y_f)2`pR+p`Q^jHOG^oUP*Vhr-fQ+ zkA}k5Zw13v{Dc2G3}wrjgx$8jG{ndhkxLuT0|&2A1tS`54oYw@ml*tJ6|_6S3+-dR z2`q|MSpVEqx_#}P#ZSp+U4oswmzAHqvm%7nK+VJa_H*W&-^b{7oEoXCfR59CBA54m z&XbEw?C-VCW*tB9vh5!$fowyYgL>LRWX!aLWpplh@mY;u{w;Gn?+%DeU+2h&%=Nzb zN&Uq-jh@%qA!5sD#oE6#@-JVjYp8<5CmJ8v+gNOic17#zP7fu;alem?S~p5(&+!hI zJkE7n_PW&ON>(K_c;-ibjpq5E(YhTX##w8QSVZ%7_atSzTmLn!$DI)<^#RG2 z(n4xPW^$Ie^B}9=QWcJ2-kdk?`z(9Ch)HU4-nKIN!-#*zaHm-1D+@NWH224CIcykg z5#Bzei^(FM7y0$a^M?M%F)UIK$@!-i z*k{wnFDtwtb~Aym`F&8BfoGHcah+6&%xIe&qV7jkwg=sN4*jj?*`DT^EO4tHmnEK{8VQtt9i0!Ebz z_t!#$(muH>jM!K+$V-+11vP5I`@*D^V^Bi z8!w%kCC%)n$>MA^+?ny#ky-zEC)i(A#3HQPg1H>H=aSRToj9RM9lYLHM)42ce?8W@ zxA!vWuSews!6j{CGC0Np$LJ#D$y(QETs{?)Q}|d_yYjiB>38qA1-dkAYYKKhc z@c~J^UqGVy!-rqks42e)&jVWJ@XFCUYAfw5VJX|kXB%Ev|1=VJAf9!)BwFcxY4z0N zhzZCiPk1x%uOEBM$CT7UJeL zSgy3o8q~B$mkA3w(Mjs!jJ$F(vS;*$M@RS5UoXDZJ-yh)BflYS!SRC$Ltn}0glzm7 zf6AOHV(?pC;5IT+VAXr7<(G{aqT;6IkkpCPuily0+KatzOh!SK&;|tWx89dVH^+9q zPSg8RWCPv|+=mkF^fvm;12qJf&l23ka=pV#dc%5O`R}&R*Fx~sYIYZ#{wj>(_7<*I zc>Hj2GgNlE%*!nm32xd0L(c|MkV)XqoYJf>RU!A@BYissR|>cAgdSdXrQSC7gKK>f zUa3=D1?O<&8!3_yye^dZV&zz-56vDZMvm*yNcZ$x>tt^^n<7s# zgDTEOmeMPEu{I!9t-kK3+6>HG3K=q(uRF$ck{LdB9Udr*xu}KAKY0AX-Al@{^pnLO z)gS#69@k55#%109)y)FF{odOv5=@q88X)N8#e2UM@d{HSu1}!r>$`|_&YyEkaQ`!X zhZ9?_|1 ziq3qUYJs9fg7wEv(E(y3@lqvD#cVd$D)h6^m*8)Qpny|Y%I6PD>)`hJzf!OJcKXH2 zcn0fYy7ePn1NLLOzYv4AD6i)~WxoC$z_g&sRkf%nB-dpjQiKyIsDkf~++Mc5U)-v2 zH`n6y9eYZI1y$RX$7YSRli5E1X8%bqr1@v$C*9HBR96Hg zVD20m4Xc@(0+mnhDHNPftH z+l2+ZEW``L*3nL&?fAA@^mQ%#cztWOVH4)+ubdQtgi`57lCa$>;ab! z$}grova(4N`tiRt;ZYfU;C|Cj+SuF0EGObEg70OA@GDzmGo3J7Zt&Az{O1Fy$ds#B z)3R?Sm9iM0GrRV9EQ7r?W?Ca0f%vuMQDd9n*=lS|ZZM8(Yu2t@MLxQ80Dj-15LnhC zPqXH43yi&f=w82Hm(r%9aPd~OVqngXl~3M5zaFyL?_UzCeDPcc-u*KcR0jeFihUSIeQlL?b>8yUxD_S_d-v;osvDb z_Zga+bM2Q=I@C`FJIi|heC&g1>-)byPHXW!_+>W zbith}fKWfI@_l$s7Egk0KNye}YEhr(|mmIIuA??7+zdcTneH?D#`f*ct~j^^FNl zkQ;oT0W8{i1yBq#hRJML2gG)?Y^BV!AeB72tR)#RuxsbfsM4g&&%);(AmyC}Zu3+W z1E*sVRY46FUKX#;Yh@w-XlRegjNl;0UzCN|i*|qxHv?_IbTsA!n?+~t_|1}K!=yJM zF+W1U*Wt`CSKu5Oa*oD)FyXxyf0g%vCC;CM?VL#;x3O?JZf^ZeatO+VM0sdKyA^`` zSS|L^y=Oox4;lr6?LdAh@v#OvH{W;sbKmRr&G)wxT`qrM!zO6=alwJ+S&0`=r@J!+ zwAV{&#gFYQoI0W9aOsEpU*GHj{|#Ny0+!;FF!sqXR{j-tXvJ%y2Q(j)*?(3(9@+1n zZ>H=ti%cH0SP|~bD0SjfMExzL%Z&6)LvX)-<)Bk%Z1e2Lf@&ueAHT;4(Ng?#n~m6I z39=L=QgQ{J)-wg&<1M>X^qver2(4@|Fyrhib2UE2$}I0H@lx&*+kuM);2Z4N4>~-| zio;Q*z!zc9Wa+>SXGDCg8}PgII#USNv;uQIZc+YKA}_3_ptxAj&xQ6a&?x*9TGmVU1c?r zVtu@N>csVm``b-cBZP;d%wq~Q9o8)%^h6t_s+_uJ8TpJq{V`|u zQb74_i3y1lZxv{yoeauGZ5%f@<80i!0S%wV7-px`M*#{j^F z=dxwT&M>O%ijx{ds5H{TS)GUZ-!9{_<@fW20cOg~@CJXXg9N`}()k2!BS33P7rfFJ z>Hb(nam2z|8{7H#xw@j2B{$qv$tjipeJK~SVk@FFPw8|#o2549gFa7ZzJNz5i&Pp$ zq4R4D@UB}OahW{EmTv^#Vq<2zp~v!wh3(F2V0kLWs$=?z)G70R@!;3 zKCm`&GE4`AbbyjBTHpY#U`imxp}k^LCOErURyj`rEOXG1ky&QT-h(q^ zST281bVFIX@dn>Bx{LVE4e&ev?p#}P4aKtrjIeYC=d zi;JUTmKQwE1B?Y{&{qd251a)qC7*@p$?3bmUCJBz(Ao(XH-5MX^gj+^%H2_H+-LtT zaA^tOc~!uy`HJs9?_I6y*Xk&7g1bEwcyQgO3O2aW zCF1?_07z>}U)NjAEu&gx-140YUcCCVn)mUCTg;X#=PcPKxaJEtqthQ=eY`7@_@Mf( zo4#r5L53)7+^5)w#+Jld_A4wa;u`F!aNo$qdZw-8uZ=le`1l@qD}Y8`zH+ihmor&R zJkXGt;D2P}tQjJwRk`9ec{;pyx5T6TGcksiB&nPO+79XLNZgOH7QZNHF3rU)V@*th)MB{MH4+! zwv7wU4;=E`CB&!dY{q@%=<&zL%q(4Nt}tP3%^(+? z+M2Lx@qA(fRs8;d9tYJ~S%~Wa`~j)SFlLOrGu508i)WB|- z1r~mD9z;>Z&7L-sfh~BnT5Z-lrk_r^;sPHU6tq1az+`4gstd2l4<*}`_KU)5CO+g0 z;#j1r1X#dU(qN{N@5%Dt+yk`~(=bcV^!Y#)Y*<^q z5~=!p{jo}$rwSV;p9{`azy;@ZT$Q^zjl1jaW8QX5^Uc`JqPNgcp@3bV zl_+l68?%NLg1l5tFI_cM4%9N**M$dWRf#o!IJsW6aP=5Qe!!5a)Z=CVHSZWk_Jg)! z@9%rs3j@cpPw!lR&=hVpcf1$;W1!Du$y>Wmi~q7flnMc}$aH7D9m$5wmCsc-Aj4P3a!oGM1=8lx!dELR^0TTN1FwZvX5sFA z-ito?(5e`|9hTzy(s)AA{GsuGN}!|`Pd)2NP%$ax91rXkyQN?VqUt2@E%A4=VPX<& zd^?#+oA?Zw&0IHlXsqt6w}jq5RCbc*Q?zH&tSSQQRJAIxys}8kHoc)+9uH2-V+Lhh zDXEQ;h#Y_PME;G1+E>Ifu@}vW+hKoZS=5YB`ls3b^^oD`0v_#hI6Fv~yOh}?dgz5v zDVv3u_`_Q-O6gyQctP?uUJJD%z^Q0s$^$RW`{CY1>J&U)%m>QosNbe1%X!|<tT$ z>M~=Qvc$OID!}2%4Eh?!YPE8K4Rd{+e{J!(ita*7T!_#q_*}C!!f}CKP2+FH#S5}( z%IlkPz->V0ks*JX!B$T!1DJTZ!42YI7Ld+LNwh`h7XdAv3OFaXlvfH!6ee(6S7wG8 z$>fzqO-49ylyDWhs$)R!uDYEbF>l&oDRIrel8Vf?HITBh*g}`$#cNkjc;t)!yGPVc zVk1jOZnj=807IXOVvWy_G#;fpQ7XU#n_%@q+SoF z>&%z$$(0)>FLU3ebe~&1Yf|_p;}Ez2`c`~lw)cfz{xf$-c^v4Rf`HkPfotNgU&z?3 zcVB+*+S|?E;vAmF#;{F>|B~igmS{_AYgI7YR9Cl|O`@%jn-Cl4QdXujTUc|6z77eT z?eiLW7{6CWeR?r*^Wjk&i0MXwSp7odib9+y`j_>~N@&`rbM9HPzo!*fsY#N4p}BEx zvF|+{&AC4PKkF#ge

              K+IZ&~B7599mW8N1{>@H`-^SEZ76!C)-`oZGFn{7Q&&VpK z6eYzOT060pj$gBI`Fz#Qf(yPo{=7ZW#Wiv$u=Gz{&l~;SDI1Ah)tINk7FxUprTp*X z6fLPmN=*F4rR$kR8z0U;J{3;0Q`v3jF)JsyHg5Hj=hn{H6^wkUFoO&w`ud-OTzjhR z;$XpM;h_!G;R<_cFebSt1kR}Y0#E8ug@2Rs`qO7UZ+NsuzDe?72%K;=Ol-J~; z8qD@g+VDjS)-R&jne5I>dGntsXC1;aI&iY`=lnO~S)_W{fd$P2D{9)guZ-SpQ-B42 zU;(>YJB6+WQjD&vq%0B3=>48(cB_o*?<&zeyk-z(Crgwpnh&_%ol6p^hAntEJFZ;k zO|z(|Kk+&69sy|LfFY5jvnk0FJrY&=0_?gO(7apvc~H5vc|`sTFV>&NBZ{>Ja0_hH z&jcMK8&lqgqyqi!b0B7AZtrd;;${p8Z$iiRHa-ztVkubDsE; z1kHcj7P0YOOoTppD`XpxbRJaY%x717sWhsuMDC<=WakNVhogv0YNkn&^ZBCNvFpz5 zV{Y6y!K?EE3Aes=H7$}NcaH=Ir@_$c$Vi6$x4x?|SC!2h)@*S?;#2l|Jc!&u0ofS+uuR!l@CmW?u z1U`)1X8nETfdmoy*j>G5?{Q-hg@PO7#ebBpjz!G_Dnl z9$*RH9gYUV`VETu{;kGL%zhUamHX$3GalO=B;C4gBmuR5Cr-oRB3 zY%^Qw@~7I6ibyUvO9{kE@PUy>F;Dk4amc~=Noq#;u!5Js6K|%XmAR_^mAOwerH7`` zzYH|SuFy^$Isz`2(9i?9ThFn9yL+*du4lp-iBm9_dRm@i7q3|~`lSh?=6%4cr*)!6N!PVs{kxH!ibvV(D2^n=Tjh1AC2hL_`-e6K>8ea7+hX>YNar;s5Ev}S$ zyow0y`lg+KfOhvvB<9`)f~zQ8ssMOx#XrCl%I&fu6Xt}oE)pgXZNUq)<(}xZH~N)q zN7u63kIa5VfeWY)N3qJnM~7CYV$%Ob)_aGu{f6(~2}Mikuv*k;?Y&2>Xsb3sVh62N zQM6|5XscH3RXcXXs?`!itF@_;pjNeJQCsZrd-wBwp5ym@j^_{l@jj5`9@l-Huk*Z- zpJ4~<$uhK<6>6xb_NM|W*lJe5?ouZOhhF1leF~^MS)=WB+Fk>}P|ret;$vO+C!u-0 zDrPx>Yu&({{w?bdA-8~GQ@I&I1$6ao68pnp3{XKdy-$xsr z!7pDdAw<#?DWd;#)CpJn+KeEJJ;;~wm)(bo^l$SAs{pLR_@;SSdq1qyU!Nf_`qV4pS*p>re?ko28bzy!=b$#fdjm<9_Pqf zE5_;D-D>m3Y{$H9)m5VxDH?i<;1E2#v9(X`CacBk`c`(D_a>+;3fPPZip_(D4gFKf zHzDV{=f|AmYbfk59acN%9V!#ME1zWVBgXDi!2k&%b5P+m(Owiw3xO{xu)u!FUV!;p zvXAQL5N#r+?wvywzQBj6EOb2s%$k{$8F3;r1Hz5LXWn|tE{7-&|agPi> z^}oqn{u_iV3a#LJD#&qvb%^uLsOZ^^)TA}Pp1hC~r;US_1zyp@O+ekHbiY7>`H(H~ z4C%zv7%5LnkAAEJ=cWQ`|49H`&>p3}O$$!DlyW_VuhSsa@%LWr);lST6bdPZaT~9e zL%(r5pl?z_^?A`ZTSCJ%=yE;)h@G3pAO%LM?(8`VnI4Wd&IA!F9iX*n6P?KuuTHYZ zAq%%%hN}jB%V8;q1OgFlS`Mk}kNH8sN>Yo$)}eGW?35YgCI`p;wl#sj)LrOINtCB8 zeWYMViSZPCZv|Pu0fsqt6~0MawJ^@?9UoX?_uCz$#&9ixFu+6g;>d<AY)xLeSjl=%!mNIB@BwM7Z=Zat#b2&Siu3?QNOy@v&HMK$~NG?Gp=5SGX-8=>yJjB z{W6JY)bz@vAl0`m>H4Z3Xhf(&wiu}9N?)<)o%|MASRBf@@#4gOge{=7TP46`_Xu`i z=`}t@D0%sEnrG;8;<9?4fM*^JMQ?-K02q#(J zBghR$G$-{<#;n59sd0B~e`g04On*1?bD8eQ6?Xgp%ifv+eqLGEezU8U9n? zcSu4s+_|TdK4H+R^NpaR<=5+8w^?8yp#DYNzFG4o5!(&HUK=x2HU>^U4=s!t6R{pL zzRV`;7Q}|qW18ki->DSyU;g>MKGx%k7}M?KWM5bsYEN;|0yKJ;GhTB05xmrWnrBwf z@htiMYuwa7I*HS=)hXevMZKw-)oDemns0@Q;?r20?M{Ca>@2_1dJ(Uiiz%aJpNzi36%vem;jaW7-BSse3)aZD;rW~3rUW>{kjv3DWwwh|x zZx?>m2|=`R*_BJ-Z4)>myrQ0OJD3qTX}DL%0{i&|10Pm%1IexN>YT9XMqhww>jCk;!pd1i!SwPRK6p)k73k0gh}k_N1;+J8(0S22$QoiPEuK8kYe z+YPI3!D8nJ-Gy11!K3RXzLzPWj55cS&I&aw=8o}je!?r9;rq~5sXH{!RS{dnbAiN}|b>6XE}7l`_F z!dLr3K*c>jSx-J8rDw0c=LB9eNoG?S!cISRwtHm+`6-yPuoiW^km2<-j>jvhLpP#y zzT|MNh*?dmKY+eVJJ*P%*Ob=vFb%2ru)rIaYI2^8Ez0A%J>Djz>G1~x!a^;}Cte5@ zL(T9jiUjihj(o}jy6i@g(pL*v&kadSD|+ivw48ZN+ueua9#T5t$Tz1&Umi3c4VDYz zma$yg+OY@5(EDpsF zUezX_9h!T=*K}xm3B^yp7@HJqD>j?Vb6Po}IgH)WHp9Avr)oNeHL5n^-&=ofbvZU; zjue}rL+523vd===Ue1&Ru8UY35#96?-I!U1s+DcTJ(V8vym*t-@dGCI5r7numG=&% z)lk2(5~d7H-PdV6?r6GY(($H6H`Y8a2^XSLKgq|E(1PK5pkh9FQcWf!}zvnv2>k6!TH?b)W{{#l1N zzRz1VNxKQN{jX-0b*)B+N5Ynbk9^&hW|6a}w?{~e*CrqKel;lN2qqvtJe@d`4gGv@ z?ItR9z2>Yr`k|oXCS!*B1!$v@jT`-2I&V!Yrk6&z*967gUWwnS_oa_W1{q%5cq7~? z?SRCG=Z~tjV_9cPTilizjsm(3o85P+KfOHu?MLWjg~(Bu3?|D=Uc3MU6QR!hK=LiD ze)_GOX5+l^bGg5#9_+;%@3>07R94XzOgT=zS+7H`i66OtJgI=V}6-Hoa{ick}pXh?@}j0UHRw2<|?aW1GN>{b{@Q zADHUDvP*x>BYZ$WydBGLnz1!_^bbfi$neZlx5WcsgaTq!HouAJ)Vq*zAYaqe;^&&_ zPSzCm`;NQQfOe*EWdc-#H>j-lh1BUV;C$i5ucxd3jwx4E2l27OlfopoH@OaktoRgz zht%IY>o z;c9=MFWHDzZQR8)QzEy&^6GpDstHnOF%(NY z3C#}PJ-xxmx)IaVpz~sOzT;qhg6~%3+N=fcSr=HiaIGfOUJD^YW%X(C0+onN(pARI zcaqbRV#?rz=$h)xC@lm(mx+3pXQ^tz$?Fx;<_i~Gj!7tIv>OO?zNhm*1Lmgv&i2K( zqTgS&2YO=DGJ4Yn7WC}2ak;RS=(ES^MUT9=;h#{dY;3$ndWr6Z5hh;0JqOr z{D3^1xjmqooVUTQZtzN0$Y|dni|rv^pHoP^`1k(VQ=1XVnGfz(S>n%|>`wFtm2mmm zfE=sep}EB2`(Hf|05*aB-HaK1q2$oQS*BTzFqaSu6sLMam8--uX@>E?i5``0j*Dti z3xJ%?Gz9zrC{ER5g`Ha4*f=WRABBT;{{GHv4Q0U=pd@ipmJugFCoE+&sX0BgYIqc! zsXY~Sh6r{&Jj#k}ma^NGl(>+&4J_-0r9kXCXO1V1>D_<)=69Dn?Y;j4KfU>X;3wrW zDnzhREzs3xgc7cs5h3E}((Da9_95;{@f){7Hb`UQ7Rc0FXHAr%q0;A{T@`K zw?~br8(gd?U{;~xZ%E* z5-XdpSFyh)1424p0=zYwb9&BjS3x+8B*Q|4QbR}8!R3a)h75G{$6|nE!do3Oj6E9A z;id-7*`t430QyN+7TX<^FOjqNAb9yN3K#UzRdz=&HNu4Mc@(WYEhd}_4kldzBu`c} z8=dP{2_7mKflq=O+WV0T7G!4}aw3MtnN?S->44>Kyt*4aNj>p#s%AR$xXQ)RLQ9Yu*9v^f#F_o9?=@Lc<+-h_ zhwgcLhdAC&-;Oy{V?yEV+i@Mp-EDT?3!rd581e%Y;9<+nTjE;A4z>bg{&iYcKClDYIgeb9X!J&#U|b`Vy(-b19=(wfKKnGqT780> znF%uVBB+XELW4cZy%F4d11Js)(~rAb;_f|R_npFChXSzQtPQKE(wBiY9(1X{Stg&0 z4Fn;;ckG_b<<2^rH_6Sb4_x<$r#4xC0i!GHf`<`C&40rXT?NjKg-A*%sYfPHH08!j z0dbHC095)EiQkivpwW0O;559d5SXw~Gc3gj-E13&J!sjptd0d?Tk`Lqe;#yyn_Htm zR&%onc-wyKAF$V0A1;bK5-&P%C9MZW?D)DZtbTtPIG`>dh%Qafd^DfEoRIVXLvh}2 zO%&E2E_rBZ`kceH;Sk^MLN>|9x__!gZ0(Fh|w^gy#XnysJR)5CB1D#Pgdirnc-=Fme%4m>3W=Or?zgj2M z8BChv0FP2BiBMuF@yXIo-x5GbKq>AVRH6_rx7L?( z%~jHDw8OQekM%VwupCw$M@70uiRom5hW|R*Y&T*NqwUIhEEe}OgQT}KwJ;v~e|ej4 z4y4T-02t_^V4?lp)#Hk`Cfoj~MKh^#tv#Om(e^<^frC5tm`{i<@KXDeyYlO^MZjV{ zUNSJD^{ws36LY>f<&`F<$hxo3L2|#Bd#20S^F}sJke8A2zw``}Q@a6a*#4vfw0bGz zpr@ScLj55HW@Ri8n9$(_0Go37?zc@Zpa)F*2v~aVBLn~#xF5z5v#-kP+p(9$@r`(1 z?+{_+lQOM|AwhwL%_pJ6$t*d*UZ7juzAHgOKQMYq8y-EQ1K6Xi;wx zX`3i8nGVoKjl*vrlh5$-*XeVFF>J2)B^%IL+ZYh?$7n`$^7a02j{iiwp4U3gV!)97 z_Y>?-moVmMwC^b}#@b|ExxgAQkwP4eRN9WOM0^wndx$si&|x-i5Jl?`y8sEplmk5% z`NvFaeybx^Jh_k6#(tl^_)VNPs|Dhj!66|^UsNXL7PMCZ)feQkDHT|=#%x%NrbYxu z_6#eO^6S*G&z^=;V79$n4o1n(nr~8K3aI32`H_O$a<$WM*O%P73#}mTmA_W}b~|4p z5z3sSR)+T#!q%P{zyRc6YA~ZWIj0uW(^!ae10K|TjyeXr6(Px#@80yiMnv|IH%V1_j0O5K2U&P=-&z*$SFAT~9 zQ4VX7L5II1`)|7B@RaCf$de2V9|r^SDp3lY!w(`A>J^);bMm0`s!&$a7lTx|EN^djM)e)h>2th{0s4&0% z(BRc|Qzq!i-*i*lX5wWkV@g02ilfl(oE=!G&=pm7;2G7=Dt_L<=OTSi1o^$wzq$3U z+LL$kdBya6zfv~RDDS#uUqatKe8PK9Hz9^;z2mdu zbhRZyjyh#3r0bs4k(M6>XvYOoAXy^l`yXpEa~i3eep5ViR9a4L*Qu?i)0-Gs2IK>a zyZZN~D2ku!f{>>-V89q_tMyD67s;u%thcJhs!7>6^E+uY0^`Mw4GJ_g=lQi_gb6Q^ zUHNPP8Gr#w+%Z^X83?J!BFBzq6GA;!l}iNreK922zf0LQaDcbHh@k=jayI~P&qKfT zCXaYqv5ry^n>_Hqn#HX54OH@QECvwFS`P1;!NxR!p5Mk>yan{6i&EHku+p;ra>Fo* z*)oa}+Rm|60w&&OK$~F*1duQ(-c6%Kynyr3rOa0hceNSR4u4rpNYY_)7-`DPN);kk zk~C(nTNqP9+GIgQ07qd_vyKr)=N%o$ES{Zg$RS=NHP-|L+6fDaq<@s5V%y4CmX6S zSq6|g7~tUj(dQa>K7p{7Kv1Q1L?ZGRjLc*h>uW9X%FI!|IP<}ZK!iS7e{g#>|3EwU zl6v1xzF+Upkdwtz{N$%KGz!^rlvRxfA(w6tBdp(}M-KaG0e%Pp0d}C`6LB=Q4nU;m z+`0;HlT0(@j0bU;4=n&4sf5CI)0PS{8s3N8YE-8~|75pE&ShnhMjO@QQT zq%h6BRtD#OJFZ>}za#a|2nk6IF=e`won?Am%~Xr;9pY1E3{~KL8DavgHa9Fxz0-1K zdkvFeU#y_@l)`cNrjrM2W8kWa#noj2zA=qkYQUTHGxTN$y`NnX=>1a}s0)1NYWC-p&vet> zbPMKd8nWev-oRdga}~@sY#5V9LIA7SECp$T6EhnR;o7{s7rjbAB)?JnI4R~zhTCEA zF!~>NTwiJK9Gn}_rs74}(I)v8kjA>JE+A4r*emaz<8VjB_5Oj>su?|9o4mHz8tWP+ zF)L!!<_ykQ%1y#I;+8)$BRe`q(Rr3AbqZynSnZ_6_y%h0fB-68PjD}f|6nGhOw>lw zZmD8vFjv5P$;m2ey{$H%f|zP@EMZOya1>Z;TIiQ`$OYp3$wm?ZCxjMGEFC?W^x2l1 z398})*qSvORNq_tLttmG#KdLj;rVIvX-iiI&E6n_Gx|kXpaPFIfSZIh8d0?GtCKr6 zt5YVjUmmz__$x0q0~&hpP@GBS33c;viouA}Pl>ww`Ep!;Ims3Z=O46m56sZPU%rz_5?#n7Tb zKsAgd`i?&|;6gir(RUHS^ypP`?Z9R3zB-QQzgS!}#B2|3Hg%Hc_Kg(hEOgXOKR0Z2 z23|SP?!tuW;IAdP z8UDySZx?uaqncB_dSgD9cm7iGiJ6ga(w+-WyNgiZqnW$!=SDN-GI<;36 zn_o&bUPS2B99KJHMk*o#@!1PCJ0BL*i=F`Z)ZV2rjn0>My_W_qG&Nh*Ex6rOe1S== z@hM25{pKB^RBQ4wwFB&6u7Lxz$L<+d?_3A>Sh=08>wi60il9?AcZS*F^uwgnlyx zzJv*3g3ewM#jM0rjY5RSO!u;0mW2}+CK*ltBmE}uLT#ZnO=`tcXg zr4cE7PQj&TWVo{^5>(-L3kH%4SqKG=nq_}ecwI}tm9@64Xle{joL-mB&fG4o~Bq4-XC2Ia#?rys`@Z3 z>D9=s@ieM$j-xf6eh{i@n|IcA&+;yFsw0F)&!90jfw4^LCq6=EXSd5OTFO%KJ7zMj z$wx^d($oM_DJqbn9(HCivFIG7#cKDhelFNQUmTCBxb@gxKo@JV5lrYjcxlC@)4Rr% ze%mF_xw55`d4X$1+G>eCw)`hy`d8lc$#D%0tYtyl=3Uy&?o|!}=f%+w8}Glb&ok=+ z$o^>Mz@ZJPgU_LR_-RF@-aPhyvVq`ulO)%3vGl}fIz2J2-IM*;`ZJ%Cd z+4@I2zD8v^ccUq)Y0ILeFg!U{eB5xbY*DYSjwkl&BfhCiQcp%527-FX}nk(81Ci=v=*@$95!qwr#PcboaqZHV1K;xAv zs(B;D0@q*$SiP|!xt|%dRhQO;OcXVXn4lGHnaohq&-Z8w3=6R^5eX*E0{FxH=CsUE z`m1>5d;MGdI(Az*9I{8QZ2-wsPn*HceIFssX;3)LxL)f_A1UY-QPO&cR zWAtYIHP2;v^{vs;rXJ4rc5tA-7oxj-Qj$xYW}H(XZE7ezquq*!(cB{~H>mDxdvUXq zFT>_BKKed`nuTu^hnMyrEQ9lD;jLNBh6WAuMHt9DVN~u}>XjQE^r;fB8WjnngOYtv z$lH!Q=5fD+bEI&&?^lKXjO-m}uR0)4nwQ&S|L;UJxrS9NRf2{gUDrr9sjeoBk8cyp z=Ol~}WF;O!bP>KSOd>vh(0oDte_V*P&IoXOBVRX%_gjvTz2WE(k<(|H-=nsxEKI;~ z8<9_`cWKYRn#jZpM>s(H+qVi*aog8~0=}qvg}w?m*(q08h+f9_oi^7qKV0qvL>ts< z*d26fMSMVLR8q9V*eq=P6XUY0imwq?Ri7cykbQG?NU6JBQdV(n>wX?PufVg@O3o=? zh4rIh2b&iDvIv>ANcNeJw7dD+1Lo1eH!^nJgM(C02YlgU`Mc4qI4!gBplT`EsG?A< zwe6%)>gf4b&P#L?Zg#iY;VA1<;@_SFLnKGsfd9r zK)vWDiV?;geqaERK8Mc=1#cv!6Fy{Z;6}kRhvA(11Mm zPjv%OeND=(;v!nzNw|yN@mm*O_nmnYcUQZkXXFRvX9h+qt%2`a@tFKz+@o|R4pKw0 z!BIwWduTaFfRDYVT>4wV)Hii3!~vb;RW?XxAQC(ZG(=A7=WZw>8g;>=mNaRW!3Te7 zE7t?u&(}~m_hsA6`p|6A$vtZpF|$FNM$OWY`rf}relT zugOyI%+oZ;l1+L;&;F1om>R^<6vyTSzrW_JBwHyL9U^MMWmS8aqtiA=LlTE1JSc>cXi|8Pww9P zOl?nj51bApRfzklA$S2Ypu#nTr;K=0{0d%OZzIIN6#UU`&pN2^grm9O3zL#APc=Hv z|NXtS=+$(L`on6Zf@M4$M7_^YEv;>6c7P;ReD`VXr5rz*>c6vam0r2B&tA#&Ab}X1 zNDZ}sXk4?nP^VpVl;~t)u^V_lvV6&^%q-Cuz;G=h3Q zY68U2t~nOo?|Rn^Zk6>8uWIE9rQC1447@5R!zdXbe>;l(-@So9mABg(-g{HS_x}z8(n{CojqYc9;2~HX0K8U4 zuig_zO+vwq1#c+JKb3=tp4U;6Pv#P$#qleC{C4nAs?nFX#(O@~7L~e5Bu>8EXmjJ8 zkCXE{omyLX>p$M_ifB(W#Z_lGklro2(Aq1l7k6mJQ#C%Y3t47@vVQMWxIo-Hfa#|) z8K!@gmH}1NmO8I2vELI0dj4+^A@vqefZ63{2G%;`SJn8NwB;*gX8n~Vy?>CFlZx;s zB)`sN8S1!nWo(&Z)uZa74J59Q0z1{I@E&~^WhLqlkwg56VOBu+5o~b}MwV3gT!tz| z92BY&bxqlORAZHeF!4!W9;yiESLcct4ThMHbWPVRdSx%D&)*P&7dPFEWuq&LqIP6p zfw5Ht_-<>u*+9h9AH?IH=Ul$=(IoWjdHuM;*Z(9*L$$+=qla^I7S}QYhnBMia%7K| zg6B*&3+#Nux;>{BM#E=&h8w#?z8WOHa!VLWy@zk zY2soLM#>txW=#)-i7R}IRt70^8PmL)w7Eqjqf0_MA&*zz0bY1t{SNgr#do<1LAM?| zL1beAgFy-1TVY|enWNt}u8ls&48N^WZiB^8ATI?p1**!NF#+|*+|PU}uUXF&&%6Ne zTu0HIr&L(Ve8>LAslg;YB6-wnS(hB1S^6ry*OY4zZlA^1$o!7e>ru~o!3x-5f4Yh|Mh3ffB6KW*y!pE&|xR8i-q^XI0! z7p^L>HNiGR>WW1y&Jq391-83pVq6>ZmTfGH+Q&vKWbXuDHA~SetqRtgzNJ8~$)fz| zf`e04`GF><6$80zI_!vlet@ht98yg@_ll-ignADpgvn}QT~&6rUoVjj#fE5@0N<9S z{jY}6_nr&*>iW0&LPk_X6Z&pl!sq^lNA&Hc{U{d;_&jTXdjrK8lydgtpEi>Z{#ZIe zyWK8W3QeEXd*SX@37VIHGY?>$gjTeRF1pP)T?l!wZ zjS4q^ZGFye#fJ%hk8?QZN;4Gf+i*FnU1R_6#YxfP#caC=IQ(U;e_z?%3Rm#Yo2x%u z0)lPuYK1&bV($W?BO{%-fxHM?S+-~Z-%5HO3XY=l?&NyRhQ+U#*yE4n==*qgvh|g& zssm5;W!Sx#@31juSQsyDu_H}ww0TW^o$(6Zobg&cnffAy(c>d8Iwcz`FdD{jC^mY5 zfprMzoC4ZXA>h+gFj0`Ah8I*0D|8`g(b8wK24GU9|CsL4##+fKKweU*D)dCO$=^6= zQW&RpEBatstA-V}i)=J07t8JEN&6|Hu$c$+J&l`4MQ4=U$ zi5$4YY7+CNcT z*f0jvWLuEGsYd6_9jmHmIIl&oW-MF(z-8w2%$s)ua{o?pp5DvIcj1n}teF+;{rtDFalT2$->I_M(!7%=n>D0_UG3(=6nU8Xsny0R{>LAWQTNTk z3~S)FjQy&xoQv)AWGc2<3GtPmBfcJa&xdnoSbEm8JZ#>HjNt00f|V9WFNKqsBtw3N z6P6$LO8E-(HF^%EEZrIJBc{<(PDWW&0Mk%TR4%o=(QQ1F`r)_R)4~<%lFpsazlW&3 zdm*Z=Zn1i?%GSMR@VM2IFdux@bO#jauPDsM{rpUAvca|fD5x=D*T1VVhSO#BMD)?= zi{y+a&w_Uc6{v|&reBpTLJJ{MUdcB5PxXXg8zw@h2ZUnB%-s^=ppkYaop|zf%~&7- z<6arOIPZ6mR&_hQ!&BGvyI=J5-(A2UXS{y%d7V`a^-*Qmily~2WyECI2$yhriYMUZ z^p~W5`WTL#)Ycv7TOJ1Q24|;Q0#IUu&SCc3P98RXt1s#`*N>_nRga#O<7En*~ixf+F z#)1{<_R%Vn?(x%1_kJO06G6iSwlR&}k%xp4n0Nf_%-Tj$q%^Yb9i(=hEopjrx@vH#tLw#9T2Ow}r&mL-r7 zEIE!^DGF2{CE+I%EO_8diLv-eh0K$=W&y<4+q z_cU)vy^%vGJCc<7TmBFkokQ*ubl6tq=8Rb|7ro%5-V}fwG2zL%lEkkq*O!$Nl$)nJ#k-2 zVl?RSjOe}1^>bTRyR)Xlr?S^W2qnfR?PHx8G=J*1cbZl<%x>cxb~uH81Z9AUr+^mM zmPaAvC5jOogdkPWY}%df4Jshm0ti`j6-v12K#MM15-A~YQ2lK?(a-2wZwbgd8PsnZ z4+HL!e4JKW=-gUs7Vg(*v$M^AA578_k~;Cd*&Yy)nt6;Xj%&I< z^5&le<%1T%xAEV>|S79!qX7cY~Lc0D4db7+aZ1A9%zYYvC9QgLIoV_SHB5M@@? z@v`+E7-+uTkNf9J3A&Ofg)us?M%sH!PX2W;@PB%4@PRy+F{_$2dn<1df>ZY#oOBl~ zbD#aGTGwB1n5L?{knd?gppK+)y;!2vCaY1su3|L#)>dR!;k&!?-|NkuA6IxJL%Muq z0*3N=x@-({6t`zbUSDE#+*#c&}YQjokIG?$rieHC#Y1# zgQr4)`?C#sLZW=khOw+7Jetpk&*{*GpOOQ?=|nFlWZx^@m{Z)KoX=Z^b$a)*Epu@b9}T$hS@(D&Kg|v@q!oVU;^9eCS-yfL;mF z2Mio+hFibOWo!(%xMgYD-r_s|ewsh~B4@?QrupbXO2T837CW7Iz#Z{`f>Xiz4y!lI zNSr27410jOSR^7ou4pv$c{28VMItVdPS!xQF;(h_Pi!tpekNT{j^mDi+nFHyMq^Z- zf0y2uLA9;Rm9_+rnBMV6aGGpsKKIJmWx*HqM&>I%RBK^AInEoA8`G(m9(`>t+V!D4 znHE62bC}I+$Ema&{$F%ulB+31e(rcF{I2j_8}5(d_+B8fs>`LweIZ-?c}PDPZHSHa zY|3BWpQXUyBlgW{V4<$t6NM<8-t37oK%XR;GCDx-pxA(xUosmFAQ``EG$JsY3@Q?z zqOfPQCDew-^=TvS;qIu-4Bz&@>DMYg_FGVW?`vbaZCx!bLy{Jkvs2_ut0GL>Q9KEe zd2L$M82)c;Z}95OfMN8TSn(9e;ZDFdav68XFIvu%<4g&QW3)0Zk~z+5GzOcBIOxD7 z0d_%GM&^j3xL^@>KxqH&WnahJg*F@dI~N4pLz>MGNHYjXXEL&?yom+sAfPkSl?f)= z;0`B4__-eiWHw~e>P-%~@P>?}jM#VD-)wyzZ=>20!IZy)ZTLR_JG(tyrdy@vcY#q6+ZEtkfrM4CSq*u|Z~5%*!@r+wNCypyTA)^80`0+!1?NoustZm^YJ6 zx+1~8`2N}N4i#|B`{`d_HnbwtT`4ovvSeM8ae^)9#Bx&y!qCd3ar5@h-Jv(j%mN=B z%;g6R2s2uuE~L)o{GI?-8zDZfU;|+}HsO-Z3Ng(XmZXm5JRu<7Vf0wwHQ{yLm~t4< zUn=c>s9A1<&q=L;+V)MGYYNM82=nDXy%Q#3a*wlV%`8*F|AXaY{teE6v!*a=^a%fN zPp^LoF)A+Go%!Oqv=xx_=>D%tv|39)ny^~!l2@r@vkrSoHG;qS4}F%%GP_OQ3Ow{y z6Yq|0dc?8M*e$$+yW}N>vB02 zQoqe{((#=eFLrUH*xD98 ziveQxB48pQlAP}?NTXX}X=EZ2l6Es_v^}q7;O)v>%RT9Lf|sE1Hf8mCF#a$S;WgOJ zz6f}T03SO?N}ywR&a1!~cL2npBCP>~hd z@~#-bs#x~>E#N%TbQTp(#7d{|g0X%o*q7xIM7%cnskt2h%pw5v;2*G@uaok=FtnFf zhZa+Gp!0B)!FlB(h_pYoDam|oC|T;A&*%F0UHAw^P#WKL5a10SbWP@+lJo(O(n3^E z_GI|Zd$ra=X82rp^V9B^sfhUER|H<+5rSXFBoaL;y0y!NB=jbK(D2P3hUoxZ#NL(e z{2Ysn?>@ij7v;GJYh8mUf$pG_H4QVQB(}H>I2l!2m4~j{!sY5?H^VPtOwC+|SZ7tz zS^!q7+0th^?!PQYz0!>}1>X{Vi=+C#F$0tAGd-Jgow4+gA5I!CX4mmGUUzB2MySQh z^fMpZm>)Ku4Lgj70kM)3Bm09DaT)rjj)eFPt;N!tte%%rcW zWyIjdMF@OcyJmb|S!c80gxZYxK{#w2psw{zF4DIgm4*~@_q`(;`JS6b3=h@jt&+nE zo*}!?*mF#qRc~t&h&biZj@WmNa1;e_4l6<5&UZ>|=Hh66WoqV3YRB#CCR^`|_|^+$ zctd{NNtVx;2tMbd5`d-2beW|D-{DGbxO7G5>{5bj5%w*I-{EhQ(!GGpc_X-Z4la~g z70`mPZ4z`CGis>0BsI`aUYQHBw}PJ2qI7ZX-;G3n%(qEb4L%6?QiMd)*GAlx$Gsa$no|(cm{aBL}Nr7~7-fDx)(3Lzs zsx#T{&?}h}vFkbVhmD@*0#*GZrQHFU#k`iybe%`$fB&dXoGjf!BYxGBKT;rdg~*Hl zD`n*u$oC}`ah(TEQ3gb)S&Cp~IMYg8M!xtOTY7cr=K$}f&*tcEX75L^I16#{5=5^4 zP#6uAc%K6M9_Y5QP|x_;Wo{M80{417opMs|sto&8<~c2-uxAc&oGWIaEfq)qLx*tk zu~c#(Sj5mb+7cGSs*~#D_L>!N=_X}4@JA^zTv(8)2o>>lAeIUGY8yjafT;og9oU-i zYhfVUQ8Ry~?O&@gsq1FjKMbZCr5kYp{a6F=Tx0@A>py3)%-koUc;8~10a5((xciRm ziJGxYNkvzb?~Qy@))|?!5m_nXN^1~G5PB#4K0eT*f8I=|r96rw@XsTYLT#yL$(%L? z+R}mPwPQGtKIDBF$wP_pySz%n6>QI+72TrM;1xlETkXR#4oJ%Y)WY=P()l=Oblgfa zYqNDXzV&#uqQgWqQ?Jeu{&*t2Cln?>5VL6Z^Tj+prQL@qfx@Y>G*v%x(e`1|ldWH$ zm23$!Lk7by@ZI=h)#VBAEIBuRIV7H&PcJp~Hjr!KYZMD_wGdXH)zme^!N860$J9G1 zB3Ot|$U9nKgYSw2PoCK?!LFn3?zt1#&C$$kFn{RICTO#W*t+@a5>L%#m zA$h(Ypq)xm&+hAjk+e`>JutHAmNrV)VWtJLxb<4MgKkj68 zAoKaAiqGrpO8Rs17xCe;bD;Js61R zd?k)&KtB}4czlssH7_idzs<~Mq_+P;=`iXGZ_$8I@;<~>r=_O281VwPpuQ-mbk^e# z$J`k~$Z=##o#;X@(PO5|X0$}i?RCfxtFfghD-D3tp8se34c-lNf~R$8gj0N(;E^6*xhKJzdwT{FB*`$~sZ=5vd;n zq+b9#x&pZA|6l5n8@y^5vgyfQuNNO0Rz~qlB00Pf2L6|nN)7c@ZzvoYWG&%w)1)%2 zS|u!+NAQi-qVX#7e*v6qZq}!ySb@H)fZuu7snu14{AI9M+xaQ-#k3XT)Pfbz_Q>=R z!wj@#V=rUa0YjcBrtSW}e1mX`73)W=cH{qIF?i${p>Up@QfsA|U_zi^)NL9QN;>Qv zx-uV$37_O_0jlQ5mIlEKuM#rU^d;$+@x4 zdd%Q}yypYv(U`^Q1L@{uDWHNkMP>Z}=4u~mvfNaF@;c-zmk^5XiR&mfEnMH3&N-)0 znL(x|M1=n;o3x|$?U^PwP4b!go|Y}E-n{n^JjtYFh~W9LDV6AX10q(2vcm2#Q$xcE zk302*Ke40$p@f;W>mF@$V=~pjU^#FZ&JJ&*RBj)7h!te+%aurzz`=yaj)AOeDJtR| zpDr7u?R2N#;LI*yk=c}USo-%Zj9ok4Qo6?ln3uq!9QnV9h(wU@NgmmY2R#Y}Gf2Ji zya=q#0EYM|RnB9 z&Sz!hwP=GF0{iO&1td2`2Hgc<%B<+ybme^T65aGIn3VMv3nh3>@o z3lEEX0dF-LSzxTX2qy}_SJfuhHdh=ZP1_(NpmA~PmwJ>C5oo9 z!F_5BB#2}fNS9pNm^XY}_PNHE zv0raxS644UHS(ASQswiT&qN2@xIlk}9nv{s{b2V3dNSzOgvG>shF$2yG*FM9Ykk%K zkg%80pmm<#DVOQ4AZ`?ODR=JMi6`Sh(v<$EbNYkNfBT=WwU+*043!r$Q-BKmV&2|c z;CXgi>%)l@>U%~wj0}3a_e1*t43}Yn^DsTqfP<*+Q9|hf>awFO95yP_U$XHI{b;z#KKw8a0*&GH)qUH=fdQY1dvaVWvo-0Zt&v zhq4!4IVjL(9$$tzU1(rzslrsm0ZSk_4INuUhmpNH6Xerq^BaJ8w`no2Oj%$q^V$DC z`V4Wz+Y&mF3=z>ldXyR(1O$c@=@b}1a;TxZhkP%*@8? zQW;hi?5cmUn+5ZjAbF1cNT!KRckGEw7E`$x-0Qn5Y3j7W?WhtnXiCE%`TWOmY3rJb zqbmO)tuC4WPlu7!9}a83vaT-xQ>XnVJt-xgscsI1$OM9IE&qd9up^O)5T;S ze)!IhmY`}TZmUa=qol#SFb`LrMQ6Y%NZv4ToqJI4h&tW==Qh0@rR=vcTFk{W&WAfa z!DfPH;$5x5pae^+XHss`f{*p1qn>30(Z=4$9RYfImFL7r;Pa-*E)!ml)nz@s7jgYm z)nTbdy|cE#M0KS~mh4T|OB&U$AKZqjLe&K){YtZ6$rv*)b8(s%B3<`MYfh{Hfawxy zt7dU6QS}=T9Of~AI*Mz>n>d>+GuuP+E`e%>j+QnsZbz;_0XicLR2Y*!mGWY%K=n=u zOSer1^t(^+;~wE`X?t#@K<4GWFj{)~VhN$(WohyIL@-3L&5f`Ux?5^xv0-?zmiKxh zn4&Y^Tly+;+t>#;JmKw9aY_sK$u$D9NjfGu4#WXth4N2(lk`Oo=_;MqvJy@mM05Q+ z!68C##w-THNL(xjvB|p%30_yuGM)UVjx(O_^!q4y`xRVIu2lVbcB;w5V6#nnGN15v zAd~Fii_+7TPB0$(4^nsKpcbJ1g%3XxP<)2)eTVYRo<@=W4h#9js3Xu?wd1?}Tz;aa z?a6X|f>Rs1KSM4;Xc;Q*G!oqP+{CPdqtbO^^)zi&&}QI;?bD0eWfUzK=B-e28tDZm zaNU;?2vtBM+x|q!G1$~QQOUoli!KcRRs_2%^NXuaHNk}7?{4oC-YfI3@DLxjLB;@; zF>9PHC*pkW7JKg%)g*^+E+pVKBxiDB?024~e?3;7>lrQ(Jv$}CIi+9kndV{iPV1C= z!8d~BWIds9!1m8G1#ctT8K>dzu|E`Na^X-}^d-@#ftv+lwT$A%X&zTk^>LbVRl+=V8vqYRq#uw-3NTx7vhMLl! z-ffH!b~wMBRknZ1Sm-!-BiZJsdz!j$gKv(U-HdbuJ$vkCshZI|t#A@1y}ai<Y^ zF>IVryRAK;Y^1$db-Yoy;d8?-+D^iMHAX==5m1m#SqFr+&js2?A$Xke86?BFC&4d1yky6B~)Ngny_?;*nWxCih;4G_XW+X!D{~A=g z_D-dHmbQUx1^B!iIrul&iJ?ohL7JC3crb^3&RQH}JpSHvY3DX3%Xeh=c9<52bowSK z38PKh<*BrCyIwTiHCHV+<6wPmqHf2+^o-0dG){rjFZ!$(m)YVQWqNp;@&a|B+f)1E zsox&(!e6>P|GLgK8Q)3}sBvGnd;8{9K%g^yN;EFh*cAxu*PMcQ31NC-VfG@Y2L9n_^!rx5WEVFqC5z zp;No0kqgVON%5G=$R>NhaA`H$@Fu4KF-J!l7e{`{0t=UX5|yTta4`C7^*CL4cxD*? z197Z?w;#Dks89ps1~<2MrmdxQVN$E#`dHS@2-@VD%vaSsbPimi)#x&psl46FwbliB zmtN8JBtuvB>2nl@B)aC&AR4GtuubWg!5nspW^VrT%G~@CRcnWnU|Bw*m3hNSkgfe% z1zYEK1?!S0`QE!)y4}ERX}vw8{k}bt*_qp*i=rgfHZm;W^xP?IE}t}pR*WaM2Gchq zv1hXR&ims;u42vRVE0K*=tJ|)kz*{&30<`MyIztrO2utL^I5$8`l+4eSnLmf|I^A& zj3XoE^d%f&(1g{2ZyBl~;dIN%cNbFg*VU#>(^PzF(M}AyWz7JeqhO`Hee zAg?{GfzvEn%jo?%3vV?aCd{-Gx5RMRRi!v}Ati+0g zapV9t;zytC*&fIwqgJA#e99;zeFefFTuKA2r+?xufVtbCil5sccY54~N;2Z5Ud;@$ z=iFfw59i=@xZN~h4^K1kt&ch1WzN5|3v(?(Bwd*ob%4{y& zSI`7Y(2}+T&$AX4=D{7P?YLQ2R%QTIP-0Gf^!1>4&6Vp3=62VkpnasV@0VzZ*Ip+w z7-$1fqB^R4HX@|O;E+EJ$MN~OfzAhh*+F{8yc1XMqG%F?$%t7Jdad$Bc%it$z{=~B zoL&u4t??H*Li+3kuX%@zZX@G|vAjsy;F7%rf!dGcCY)PrVO-nSis>2V>dUprzSGOn zB}Fm8o?QA-tzmOK19zPc~MASvi8~zAu z*PCJgka@~j)4|NM`aHIRe${qP{pSYmTF_>LM1rfEoo}st@K7HfOdPy(Cvo-%pET0B z6J2c#*~mwPZ=6nsl2NtihB)$Zy$l$$E|YwFV&4%<{pPMIE1$8?@3W_s7I;II>5qBU z_`(=4p!NrIWw`HdGN=nN7M=GiC7m}~m6lH;agQck!4o*fT}he%ty%LB0Zp5^i-v&c zft;DUS{(95m)>hi*r*3&C{)I>oBd{&g`#pa`gJuO+9!x^#62!$(z4J9J!e>b*wv%q zy>~cZHr%&^{eb}tkyOACalmOy3!>IXYfS4g^|}iWr~RsDg_oahQsoM7%T@a?QC9E8 z^f+%20k&DXLwtG(f-eNv*0Kq-D9UiaM!1BU^l`%6K;a0@Vf58@-(QJeX0CxIsz$)z zP4G+Yr@Ry-)ugI4fsy7U`ZabH~XdTiurGVI0b$5GG!a@=> zZiW(R8PNoPZcUqv2z~?^DiHk&*BamFDWgpj|M@cMTHXrLG!U;9IN%Ac0_`9NW$2Qx z0pNx-a9&4{J%%UIyr;46fN=bO(^6vav@#Z=>R zB$L>3IBKD#Qaalsa$V9%t@nvb59^*NZ7lIUci0e6=`DJq7;LMzeVl>48s_n;@Y~KI zikUAx1gf1_3)v?nKu08W0_%)cVX+-gyfuKxFe+atq@7y4zvJVZcv?5=EL#6dgT3D? z=#E3Rk*ecPn9+VOO|^mciwHHF(=a-NL%Zt26EV*n%{LKf11>f}Bi0s!TmC^Q*)v3S zwav}qOIgL(s*!}wI`NS%{hm7?Xt`r{=yf_IYYOAcO$|8~1x$I^1g`dquf;($ZWM~D zI4q}JK{#I!M{1vRC){8yij$N4%FH%G!|LyC^Wlz<88SuFF?Qno;CeL@`(jQ`pV8C> z8LL%ws(UDUY%iO<=dUc31dD7Kw=5E{vu2&G70K z#)c)v3P%$JA2U8Qh5@uLy@-r^(*xiM2kz4Yfb}HKrA~K%%1A|K zKA7hq{KcAKHNO+^9F*8{mk9oV=2akGv6$0+sN?1IF7Apal=8C_1p2e2q?Qp7-f)oz zSEPOvKso&-j#CxF&I8#w7j1j1R%;K{Suz+ML+=8o7|`5-i4lhwKHGWrM%>0;4T3 zS+xo@_N`nUvj#9g8!PKp27`--NXmyWsmuHY%^OZ+iU5mNdZSTxl}qM{0fp3= zoDS$|cAm{^xl3^#g7)f#a|>P`RQnR{HB#<2@cNHN?g{Qy?(Q;E?pX(u=L<7i^azGi zt2g0#n72tr=}v!ag|qJoyYrR{KK4w(F7ubJQs(++3ZS>5!M)ruuo3nNdOGfsCcsdo zmEOZ4y5BMr5Y$Hw0~dvIcw1nw8<^q_nPECgSQ^?%@P#^7Q5c(nhyi=_;egvp#7_K1 zB}0u&Qux%X@S46;g{06^6I+{!gE_xQ-A}ePhy|wHC-2JkQYy6PP9LZUp2pqBC~S%v zVt?@DW0!Oj+Fj0sJAeBM$=7Tf3fPyG->s0Li8wMr^&BZo^}CqRqV&nEDF}N8zg2u) zvvC>#a_(t9>e`nv@vF~lGO$DL&CWKDEfUe|4SHgsChUE$6SddHO~-8RS{^rla>-mo zyE%I%D>$b-duTc8xyIqS4bmk28*gjYlhzw>tP4u?g?&j5)z&UffTEAWTs6UFIrb0+ zE@L7(gz7{F9HptciZb32h129HOAWn~;@E!9X)AO|!MQ1=jfYf;S0c1SU!s>;=o}Hu5+ynNp#}oCU*vV#edjs`XyF-=A>Ll)aL>&`!|999^pIi6+oSf%)1#(Aqc$flmHElwE~9h zC&`XYfxz-k!!gGnq!pxzk31U!(NzX~c!DK}9o0dEWvUE`y^g7WogQs<*DJ{W1Q*=a zdYgdIsStbTsGPL5wmJHi!~6d1xLk-(VskUp7OILj)P5KJn#z<>${37x1dXf~mS{oi zt7g0BA`Y*@`*7nLiHQSr=c__OIW_aw7$E}>^J!?Jo?2<}tnA_YIc5KY5!O@wxqcY| z$X{iBWChR7a_OM13eUyTndDF&4e^s5(}S6_zjw$Yppbnzx{(sx;az}M(k6g+W! zLnxZc_G)Wd5dvar7aHA&7jDhB0tDlBJ7d|+{kC3FCo{gA{^-im*z}uZJBr%eh!ipQ`Nq@opTUBD63CdS_SN z*KhJlTDFait=c(FeYiI{N`}?Ha_G6}{ox)Wf<000xq=oW{!l@wL>kod@ppsf)&!II z9lq7;V_c+iK5TvY7v_xqb}#obMh&wzC(^Tqb(6D7p-YA_{;^^xQ*Xr2C$^k#{VNpi z?>@=hZjqhy`#DXu{AgQ_z27~EZol)kr~06MzSPM~ccF%{S%r|zir?7`M(O05WV>%& zd7Y+tRAyb37Fm8S{P^HiH7B*y&`EKY%PhS6ey?XSK zZ+5Y6Rr;%<)E|h2S}?eC8EnX6m$H2F2ePk9fF?(6M)6OLCX&MNIrE@4vm#ft3bG-2 z>SXX05MNtd{BjH?U0#}}@GwY?ncxpZOIOj0BnXCfuE?w;wq%oOs?fOjAOZqhPAZ&V z=eRkqcw-c|BZNA&(;ee!>rYk5ej9Y&MfU<8BVO(b@a5@9tzg>&7sro>Ea1?TR^ZSAFP z49OW+FP)g!`4}~!eLxfSdI?K_jm)#WJopZnEg`(sFL>&go>d?12L?qQ- z+3xIo9wFfXDOX9JHdzzbr;_)b3lj#-WK59=s80h0KPfuBlnq!xi!smB1u>&i;vL0$ z^;EiqsM&D)wN1rg@%iIwQT%$ZWCF?n($TrJl{06i@lSPec=VvaT6cn+e4?yZ5tMiC zeosXm1e{Qm1>*X6+T+jM;yXvVbvv(-CU7bj#S=RgMQN<-Dt*)8#BOrywA-j8bm?>J zbmHiT<*UQ(y3eZ%briOL=Fg9Lj3`72A=?~hfrn}77i!?Lzqt52UD zE4UtdN#?2Vnx9VMpVvVh)hBn~MHgpA#!p_W_^1Gs zi7JWeMOoSuNnr_0#SubSU#EPjtcnz}LNO8b?5AZ-#o@ze{jHn9KV!0DTffl?I(4nM zD4yPogrez$2UPHEFA?h#8t^;{L#QggaH(m;S;1Qx*WDiCT+j@|%grO?z|SSl3e&D4 z)X-%|5Gpzr!N#5qIjbOa@`gczNA|jbf@6-xLjvW*>JemJAaZ~3?Hn}6(M;M6g@a}d z3&yaTNe}s2(*eOMj?V^wltEN#DUU5BXI^TLa5BYE06GGgjb^(v_^-;-*BbIM*xnxw z^y=cSe87e5e$*)zMmfx9<`#7=`LVfIZ_EQM1Ua0wT14+}Yh1H=oZKPLVH#;!kUQD8 zS7xro{|j)M0C@!uO*9M8Yxw1dcPZe(Ek`@nZ3+gsU#)@vaA{?BhDQer_2B>g_nZo^ z!n!YwP-6VCpJvO^0J1=me`la)M3>9Vd=d$!{vtG#VKJIdg(p@DE2sE)-d=GXJ84&_ z4ywW4q@r9*54ESM>M<-AAb%=o|5u7e(3UIApgf*%MF?OkGqv0c)mLS)$7S6lWEf<^P`o-B3!ULJF2gl zbT)@sd~upa6Z?{MvG!irJ&@fdE-BBs#XKb~nBAd1)YiUFPt|F>iG9mRjPwAn;#`|U z-`f*4+)p}L3{0#r+YOSg>->-TFT_s1xHOr2Ghln&ns)r^9eK(C=2~#?8i-X}DE;@5 z6T`hmGQ~Bveos2*CAR2F^M6n$$#Ity(YXskt{zpG!v=ejkPok*btzr|Tbjj8`M11& zP{`|<349pz0Tlf<;#?eDD`@a~kd_e%lA1W1x^RThHUkQag1$bcT@Boag$16KhZAQh zhg!rDXlP#(A+4v_|{0io)ZWbnSwC#grsps=Gsc z&b>o#$q(nY=td%T-%LEBZ&IQ04cxPx{m7)cKSh$+gH+jpc@Su!(6XD)XChgwrWnc; zH&*$We{!8GPZoP+j@vJb`Gwu_a&skyr2_a=;y(fm93Kt%rIXA#t^jh(7gAia3C&BS zV>bh#&orgqKMrfw@Z<%cZ^HO#M29uCQOgVYB{T-=0N$eDh6gg!R@vX$;>B57!qM05 zq}}j_g3y)ESWq~?PC?`q(TA)Us2j@@z|^lITfLG>GNIWkAj67IO2%CX^CvLLtStkI zyzx`sb-Qj<50;qquGps#j(YhEil3uHIeQ(^`?Uz}Re=xaTs@yE=RP228tGI{+Frr$qNHBy2G8tR)SRoz>FyZDu%zd6pP9< zHcr>1feJ0VhCQQQT?S(MEg+rHdn+l7bc%NEP)Tj_u%145w>?;y_c zyogC7ImcCm$Qi`}E8KJCLcMQUaGA`WRV8>~{R^Jev#d7B6i&50y@wIL<ffE{&?4 zQY(ki=hq^S-)C|nvTs0PhOF>@NS=;-0D)UB*Vl$dsk}IXYGtXg?pg2jCkh%Rr|-uB z;nxy+>j^`5xUgH>=TUPbRu(g5syXEV*hF_}&acNsPY8j&hC-QBMv(QsHUbI9;2b?pNS;O zt+~rH15{!Al3b|l0U0Wi>5H5yR{ow=>@_@1SIw5DV+_~MU7}H)1qr6Z^YojN@-KG5 z84n`atRQhj(FqT)uu@GEjz)yc*@BUDcK;lC0`=_xh4iY^U(<ARyO0-PI0%sk{4_<~bRo6`h>zy#gHd=|1UmOX1QC92 zfS|Tz4NeSrs4#1hG@Z{lI){67f88O;1IeDx@<1pR2tED&U;<>kPJmgT)gHj7`F)q_ zNq|8c^ z8;p}Ij@jWZvuU{TeaVZe(N)^n8&SR^bHEzR(7lD~U-izIVqOQI4)?(PziIRXq|(oh z1I*73b8#xgv0ZaZ^laDm1GJxgby21(FVm}pneDAUrgPuu#KesmuC@B zX(RKeS+N?O9FYBUi2?5krqLQZ@1Ksrj^Pc|o~4j&INQJem&ITYC(kmUQ6n1<(?3$E z&E~ppSi^3mDK?5>Ob97vK-hC3q%;oqY7;g-?>*t81EU?D_1o#r_fnjTamL z_wjx4JlM2vJ(H*U(kKf4G6LoIt!zArAM3#?ii!^sPj_WEN%15%4t%0@&IZDOV&eoyah3AqJ<*Q_MHlG7DS^CB zo|Ny|`47_RKdnfCY_l+yOM&P2{Nf5g+SLv+S1${De%USK%mdQ48MG4!qLn951<=KR zp*T{uHOC+$l>%&X)!0mU(m^Sd!yG0_2s?a;_}OVCJ(&tYdtQ6lbw!v2sd*id<`PbV zq8*=Ci5IKGrt zA%jH`Xn{bs*V6QSmyXTtvJsD8-VT`kDiNIzyFHqCixgDqn>e4{4>7E6AJmMdyR$>m z*78Y5Y0NDLg3~P;TqMkVcD2@kwU+3lnI%ol?-m%V;-YyTt#r1Dd zygGvJ-xL=v(P*v<(W#B`*%cW0kBfWrtp@Ne)PYdk$t8&6`)+Br6S0fz8dZ`R4FZY4Zz4w7lXsC0>zkJ^wt?Uw^{c-byw zmZXIZZ6wBGVBbGr!6*&5jCCq!b4xDHfQ0Rlw;{0S|=t3KL;>iVDb3XD%{7&oF3+SN%QFwZa`bs zgJbkm{b2OSI||4?&z1G1ux%3mQqHS=g~lG#Zo(ZW;#X#qH53(=Zmi9A$zGZoQe8@7!n;Gq;I-D3`uxTp-1h?*`&R?wPiq3Bs+>*jlsK}Nb&7o`3Kv^J+ViYZME|6B1Tixc$gMt*wOx_#*g}j26bLZ) zih7L1`0T1cRWl-k3EX});l8-Rz-OqbZ^cT0^w|Y;4E8Kc&cy?SJ6(n10K*DnXnu2a z5xmev%8J~QFEM<-eEHOUP(T+QP5Up8I{9pF+9Y7MK(D~i-C!qK*5Z5RHa4PKC z8px>r+PY4pGxP@q3Su9wTZM~XbMF03SeaV1g>k|6_Kh09gRf3V*VV8h z7aIEaG*yW@gHqCZSsw_1PXYYU2hiPi+w2M2ks;0@q3n+7`r0DAHv7b0u`{rOGsO@3L>U?w3@A-ML-}A9zzwr-SW=zDYe_9)<9A=I^pZoo4FDEOxxh{1+nP|wr zmQKrG(NEjo1a*OPJ~DPPrMcfGK4|)}+k_l2r2&18@Uj#JCGoEVV11P!Mgo>sH690y zX3ZLEyVPf2Z{~sN?udRS@2k@CLZOI)Vzd-F936~Bce?IZtbVg1(8AAlf68H-1F#=} ziYNkB5|xNxQDCmVv+OT4Kn&$-|11SyqhrTXGi z&!;JqfN$e_pR;2TytDhKX0~!velbX4m8UWVB~^9^FAsPYJ@;74rT3?qY%Mp3?%wh{I?%bJ4Gt-8@ZB}s>I_En*ao3xY^%SA?&>_S|5>3-wf7{7}cCm?t^ zD|z!tVT6qbXM8akG37L3KXLo=C)LU7amJUU~RPJh;_mM*FZNL~F8gSku~A>oTSjLu}a;o4~W@?ej+! zMTuMr(&+V-5EjszF?@ib8lQ&|fkU{)boG9GqJGuesO~iJHoZG#uKTHyYLpxZ)igc@ z@Lp9U=qP|2gj-s@0@EuU4ItX@O6UuH3{(j1+V0mm77ZFJPKp@s(Gnr8C{4@A096$v zGtd(%Ptuj?L2$?c0i zz&n;1ka#hEM~Hs^R9jke=%f-h&QjOsuCSWJbF8=jg~9&^^Pil&K6k~j#qj#8`&l1J zVTYVU;NkLEc|P*Qq}Nt@i1>?#7z90kG z4?bJJ$Z4n2nQFK=+bo@dkk3@jKj!IWyg#r&<7DO^|Io3B+GF!5iY-k=V69J!7{)KW zlL$rMGsY~+`T^4hRI7%?#nHZbzvubo_rop))Gvv2eCA3EM$u+nBmM28| z0)ggHAn#?8PG?``cEWY!?z5`p9oq>}kBB>`77Zy=o*8t`n#`h0D+$=?Rgjs?ZGH}k&TsmcxLm#(@%n=^~o>$`<)uw~9v z3PnRJ1>;XEbG`GAbCWL)SQm~EhJush`$t9D(VIn9(H9$5(VH6!9B!NHBP&y|!*7(= zgr84_o)qpK;SIeH7x6=8Wl9c+eY?I_EEK(sL@k-FT!c3rp?n}O~;dqdSJ;jk&3>QFPi{00z(U29o_%!{8n%Sx`cITd-QhbLo zSy$#%04;LazU;`L|KV@G6=FNqSB#L7lgrTx)LO=RBDW@;ebyo{H$#LZFYom?m(2DS zVa1Vpe2b1*nVB=oz+CY(N3MJq?2h%?U36({Aj+|l(RIfdgo1%kna4Y$NSN>crgTh- zbwXFrf}^`FpiYH?I@MP?^`BjK7bwv7-+bOZWFmu=ew}jZ6Ce2b#?bS0yA2DD3E*69 zFy%olF;#D%Rx=gjI7T59AskE_K;iSo>&nx!y+J})_>+yQD|GrI7L15l14t0_UL~X|Q_d*7nk~GVYM^H3Bdzji^bOkZE}Rg(MOT>JTOOOYrXQky z)|nbQw2P1QFiPJ0Gyc2IBblcUzUbUW@A1{8Bg4?Ixor6?im3sJhcJ=6Tm7utXH!QX zeHw%Z_6sxQ6NEl&whAwnZC7>(8}BHcErN`ULn2`zjPt#QdP%Ml95|R(Nnn(&0JCmL zR=<24D3;8NB>!}nu(LH zuPtJ?FXN{0d1XwTZe4DamJjP~x2W2J->^Ickc-_NK#<{KSsa`XjF+VoCuKhoL6_EpKf zPGKhN<^9AM%c~`efKof_1?)-To>xjG(b7-%UYx_@RL2t z|H~Vh#!8gyebWI6CH{cZu5!m{OSJV|wLCPIdw z)+ZdkUNY0$O4^#Cn)F!C!S+1sPEBD_p!H*R_XFx{QrsrrWA8*P&nhv0Z8bSR#r53P zZ2jKa@v$Fn0fKGBMN~75vy~4(ms5|zgq#w6vSQ0{k-c~)Vc>8$cA)r1tOt>5JPXO9 zCB9ZZ!7e`F%)z>D2$da?CDy9CZ(ikStcyAvr*~d ziNUMAwqcJD(IqBXzO`ZEhr<$nJu;DxaQwW=_k~(=TCbgX!xuya9!_}|<6)F|s$Vd? zo5m|!yS;2SNq`(J)+tQ-B1cm-V&oDQpdOBE1)zO=o8f}Qr@%U#&CqzGWX=SSeKz`2 z7f(&M)cr$(y(qN-B3s9XGxy!Offg!Lu85~QpG7~_z9ln8@Yd~V#IP<$j*L6h^qe-j zt`=4%+1)0h^52M=fy9y<=ZGfoRpRb#5P(37&d<)wp;hw%UIEU((|we`KKk{Pb4S55 zl5r!%73UPND67BCRT8Kvl<9Oyym;r&ir}NBcXODidEN4)Ll{VVvj4u-ZO#I+Ylh3P zD>Tc`UnvRl31S>P-Ek@jLRU_loQ#0UOebREg+V#Le1Z!g@Qpen&Ue2kp~_W2r-Mnn z^L{a4`5ZqLe&O|07~`FxvOIWR-q*v{a0&H^RYpA(PCt!i*nGcPw|zdluwN9#bGR_5 z!%|e?3iit^3T(kcS<$V^F17|CV~qFimypk^F+?v!|9X#CIu_f|{%d~#&O!Wn7ceUk>sLCY>Z0t13m)Ub0D;JPO9h+(S99p16~OPHnL3L3?zh@- zq3V!^OQyTXYR_F?==deaU=1&lI)@Tk5Z`HcoRGpjXb4m~_dyjaHiqIQ{n6H+e#MmL zs=`Uus?k}L-IJVX8tlF?WeIUx=uRZgbWza-N$|u-7b{K#kKV(W@_vsq{{5^yJ5z;G zTSvt&eAvwH)IK6Ojr(>5#0HO||KZb}c4q9>?;8os;UY~{IvbBq01&b@k%^`U?Ca4V zmgFy!WIz_&6ODzmF^%sN1R6SroB|9SS&rVIDmzKz!g)D?5m%^TPr9%ifb26Tm`N9k zXoXk#h5CrS`r=dh_?`dUloMwY&d;a*eiLp%x6mNY+GuaR5|ae{14dE9D?|A`phhHG z5g#}+IrK+w?#$d+{MSI;S{wSY-Ufh9SlWY*VwDlUT_>jkdz1uD=0E)v^e@k>E=Grq zRmO{>Pk2gH91tz|O*me8$#2qqBg0`Lpz@i*eBi;LW-?78+DU1AlUo9i#!mZc}%% zQM17C8G~}O!{0FV*$%o+&DT89Rbuvg9$deITe73-l(B*%3r0JiOhYKSuP@=3@2?ES zj8)hr*E;c7${G*ms4?!oZ#>$b>k(wf-yq*#8y$pifE%4RRm_dg65dtinnqyRg_|dm z$BxRSuQo7~ATLF+VSlPT`hz{<9Y0gI&HW=q?kikE;;^){-XSCr!LB%=*(Re=SDWX} zL2?9*+rG1{L59`K3lvnK!`)C-0)SkGWJbxZzPpjiqFWO_gIN;0Uy|+pzylbUtwc9v znqJku=quHHzhVB#Wnb9S-*<4I+qBtbw+Daoy_yl&%M;0tsE+0=I{S&uhH)-K|07j~ zwW2rg^D?lz)STFnbiQ%IdYlYE1+f-4bbLPS{$za930QqDy^#y$3MFPCQN(@MrVDX0)XuoM@`@8iH!raL}EU za7>`vU-o0)pOMWyQ+)1OxS=$*^sYtVDOC6`u!yJG{3(f0`pv#o$+NxM5yD&lnubna z`$?&qdA9qT)z*9<#+R+I%jh=GUraClMp|zxD{!z@&$*hutRwv6M1L|bZ|iT>FVQ}6 z-4<8+ZUtBR7utD<>A(9P`}Uz2P=ax)N$!@{;&j+>%ZrGbRvq6oDVywtc6-Ddp%P%% zeHoyfB%)q~+GAqZ!r8JPIy>gVHpzk53!mMzF8>a1d>t@r<_mO}5Z^y2G?FwbV2a~x zgIhnebLvzFX+L4QXK&a|56RgtZ2fb$G()EyF#Nl07)|2FZ#WIC`Gr{~Df%|mLxLiSvpr4xKk2>)iKT=Zixu{x8Z^QV zT)=1==XZ8YEx97bl_~YLj?gbOq3-;6l{7R;Xc0ID(esQC38tzDafE1z)2-(&#s!(o za^V6xavLsd?Wbx0(2W=_d0HPPD{w+{~>r= z%|L0k!Psz%S@!O`c?pr$z^CuFUgFnJFv4zpg*NJ?IZbV``@#HQA<|f#0CCJw?TlFV;{{MG* z`r>kF4hlDb`|z^egf%<}QyPB&xSIpJ6?D=6eLctHCo|Y!%g&AxP6{IpC2$NQk%K3i--p=ph>`&|3ZLWjyIXt|m+!e1SDL9J}=5sJ=?Q%t{ zl^?2};tlFJnuquUaIu0^I((QO?-%@+PQC>JaJCt}y`vdo_?0C28(Yw6xWx3Ge3s!> zKnY25#S=l0Lw@He6kmnhl`MFlLc+DnjA>)^w=cqL{s}bCbofDfCIL?yZ~noKLrWmf z;Hf{Fpo$ET#R!Sx_GTi3Qa@+1Lt+TjcjAT)3^gZl@Yfui`BH}lJA^(1>$tDx;g5}T zz?t`|sYEA+Y+3x`beAa1 zexE^>2DHBft&>gikpq}=`1z*OCU3ehH}Q!zSq)p?~&7 z^V^I8D54K#=X*A4j?YiH&HhqmOpDyarY{pZO$u!HDV&bY+jdb-q?fPtM=YfMbT}LJ z*$d!1#6kSdMfQM@NOOI#Ij!4faLmyu^s$pCj!T1Rt zDrUTC4W+g^&BYtMISkQ69nri^7M5dGNo5z-vSSVEG`SZl$!$^ZIRH@B$-IjrzCT}|W4M@x>cb(PToQ4|n6@>IKa&IaW7g=%qV8g-gF zy^rVW=9?^73x~49yw?(Wif~WCXyu@_>M|^iFa^tbmR!SbDzbWsRR=WNw-TPW~ z`BL8|ipI-Z9?VHDjngw!_;iSI_a_Qm`T}Rv(VM>e=*m3&Wx=oJIimYTeS#vN9;Z#P z;Vg~V=fpe6M_R=?tCUZVRI3>W%FN{g6gNmoSm&N8y!W}4?sJn2{%Uew0%H0?0#9}} zl9l`gUYQ<0`xDkjvqX4lq>E16T$2;{xEzVbh*~EJO9hFCb~~yx2Wg-2=UsT4GuA{B ze#|gbTlZqU=I0_9J|%G>c1Ur7WI(9mkxnRqiQGH{g{j+}%?Z zOgT)=vi{3!XuuKw#FS&|_^Z~tx`x<-?RwYc?Jv-kQ?A3MsVDGY3fw@BT=HWiaFwvH zYQppW(oklRR>^s%rOgGG<;|gycN({FZ|O`k_UqmkyFsSgHCB zo&Um9o%^TLEoZw$`FO8r>GC|Ce?ZGtT=l`+?W>5>_W-oTos^jUr}qRm#ICW=Hy>X} z+Ab8VStiNw<0t%3h|K`0UVab`yN{}Og>{OK+qgAmqgXXcm#>Om1W;vt5E=+!M;bJS zLakHMz1MIPq_7OAb7T-5RrvQG+p|qR*femdSm;r7 zu$c)-ewe%M5Rn0`mw~ z5PC?KK&@KC$erwIhAp{tQUuZaA)T#GL6`8yvU$$rSJOoLZ^KB-&RysvXI)b12D((L z7kJsQZ|UO`6C3ZMyLf43U&bcR3w zhqSHbVhS-fYj#LjAxMl-9w+-e6Ri@V*#B&?^RmB9eZv|uR4rVY0=d)>Tw;B^euJ1= z$N#QdGGxcqn^zPe3U)m%0fYPI=|_+xaEfpE&^pZh-7Q%e2%_l9+pip9PI-iy-${-7 zxKCtM>NP+=oNZJ5{M}xX&;>gSTPKLn`z0#@CQqQRH_;Aaq<~bt(qbbltg7Bq{=X{b zckGwV>r-C*71guzP1902)w?x@MQL04%Bf{il)XJD9u~?chaw@}%K6o8_q#ifLFykL zo-&n~sCz)HIW18FPhI=5d6-+V_3k{!h(|BcgJ__@N^HXK4Y`tk9ibxB}%QA$eB9EcJq_njQ1oH_Z#G86S$o>PB^m+i~V+-iqotPWb&u#ysSmT$@vvqacy7pS#44t zPu+$QJaQr5{&CcE^-AV|oBP_|QY)*TWFyY40p}?f!r<=}Ss>&+ zX>~gdyJO3F`{RDOhGp(nlQ+22Q5ye;v9}J3vhBjXL0Y7xn<1oAT43ldQ9!yu8U~~V z>2457VJM}$K^R(UKsuxwWaxC?JkPt|ulBc({TIvua~${F_nPav)^DBbTz7_{c8<@J zfNjKD)2c}QGQjBkP{#W#sRr*^N*zMxb>JQ#yaWvB4D_gX^M}fs%bNSVw9+!oispf_ zF%&$gvdHpjHfC!~9JfDD5a(`U71G+H2Gk|pOMaCOyRhz~1F zHDVWRwAkNn@z_Uua01SJFF!jH4J%{i)c_H{738B`F=T-LIQ@GZ%cZ3zpgELxftmj! zd?X$H!{`vbdSMiEncLx!+e2`r(g{PTz#*N<1|^xPKHgFEpta_-FHYQ8`zF6qt7$%! zcaILapoazEp|_r?f&48ONj@zP`9P1k$bP26dfK3`mfxPs9{MDzOk?O)(HT21iOEv$ zDY_Jzz==he{$Ax*neZ^+RV?*y-DC0s-@Wa=3#}eea?2w%9?>HM;8kb zIdZw4*0t6aP+Q|0?lsl7x+YF@As4Vs7^EC-`qT6L&rrOZAEn;wa$;eokAOhk9h3`f zSMYP-_yIK3u}ak&@Ll%F1HGw_8{D%zZ90jyEnC%IK$;~}LQ!|K5H6j$CsVR~k<@Jt z-DHMiFjNOrS)x30*%_IcShmqzdCp;DBp(Qv19H^tb~N`fogsaNt=Gv5Mn%d74Y?bV<2&B0VX=s z_|y;nGJSux{#B4hz_T7vyN^;|bC3m))ypcNrvP2cz?#>Sc|OddsVpo>h1|wb-rZ6# z1p-Dr@k%`nOiJgo8u}~{IrbsuC9$b_tmfL2iZc#6$7!W(9jIaXZq-?B^rft*ts9yy$ANSo`>sD!P7Y}P&X%_V)F1y>idAo#mOj9;lBE$~XQMX` zSV+kQl>YTwhYLQs*Pp$>Sh+(i`mGW61Dm?Ze2M_<(R?NR?xycw{Qa109j$!Qf0T*- zdC;bDU9C_||0m_Tzz76f^8Z)4{|k&u{hf~pSrbRf7kP2UeenhvC*DpS98xWHR*!-A z>QpVg2}toCv3Ca`OTM=g5JnKjmc#<~J+MbTaTHz##v#!MfR%2oUc(9lOEm#9c+xND zJj!m=?H%-wniwebOIWTzSTT;q04=B&FL2qw#E^79m*ooTcVUu$nNx4>ivUA!_4m!n zdu{WY#+8>ff*Zz4di!O<4N)}P8^<)0dh4Gnob;FiRXFl0s*Gjt^B)ezGHGM%3WLBh zlSR&zp$GNAyyvQ&>ZN$GhJcCFe6s@~zyYj_Bn?OEV2scn+dT4_j!smTZyXz0<%L3| z{oR77!YSlvZVryFQ;pQSl=(eB^nojMRN~E0wyutRELFwIIJfZ%+Hv#0ir-P7Z0gdH z2nai2g-}|X zK9-u+v=pvVP&_g;mK5GWRj9Lc4IeNO9C{|F@lSMGy7k+43O$ZV9`D1 z_||tXj@jGkuD(V(&t9M-TkaZ1BWc6UbL;fRp0mH$uX@sK7*A`v)2;HQY+K10wXDi8 zz79!?qY#OADIrLeuEG0s3;mP6ZYpgvk|jr}o~3^L*-1aGkmNy?1nX^#2B0`kPDj&u z2ph+Y@g*(yvbhf1S)+ce&HQUI^}(u>zM~O{8^v^IiGPbUvc@ZvYYO6sXi8EitI0wt zzqKTj4y%>N0P%U8O$A_i*a=WhE|e&^A9OVoXJ5P8ASD1Q9r(LjztEXK!oE@g9$pS2 zSFrl)-jVNAiZeo7u2-$QudSiIzJ2_U0q^5S3Oj!!{g=yrYxzL3;N4$;OnxiY@R#}4 z^DyD#IlKX!I>Bf8L*9`R74QqlG2jEHJDfxg`)>7cMKnoxKgyMr(*OMWu3OAe67l48 zgnLs8xexfh{i9R`zIeUE`?ve(ILbmxE1rkx*pk2ygz`rAyo!W$V|zv%wNW<&q!T;)@WSYfgZ}rc-Jw{n&)Ql7Di+<-xQyOYI0^b+`iNX_ z7OuF*u~WocFdq^Czu7+`s{*^2@L=b-fMwB{D!u6wzQlPKI0}U$*=_>Y42Z@IXmiNKSWD!3xDeH| zh?L3h7Jira^dtN4>73l8&i`UaoXY=TNR$p>?EpYzhY*~>Xhk&YAJ8u+H~&v2ElGC` zd*nYI0R92g!*Y*LJ^)xV(qtZGAa<{B-jNUfqvDYogaUJd{zzOE4Fj1p3@BL}9gVPX z?IJF_xAp0k`2j12hnu?e$V}Cij?1ve86HDF{7G(d#dqInW;clonUK&e{T0FfwtKu* zt<|-dHP)vv2Jk1pvpZgZLsFgm_7kKDb8fkyzja7KiBxK$WmGHh904>1+wq zikOXlkGFU1-wbW>vV6=vvsE=mj(oy~!ywi%x%3wVgUMhHGurj{R@VS}zz3uIiA$?q zf3wj1)`H{5DPp%c03Yukuqlu}zu!_y7wxtwknq?qDb}{ov{+rc#7uBE<9g~j!Q)G{ z^x=N7%GOXQAj`p!vftyd!`C7GJ2GVH%C%-&PwsxHN$VOGIh2#U;O!l{N%CMb@PzH7 zf}daqJw<~A5@)MmZ@_(?2Kr*RmB+JDp=uwQ@REZMFncvLqG*n|FkRP(e>euDq6C-u)k zMH6?zMr(7@3SHBt?4IciOE4#s8#{r^kv#WN4q>!*lNO9-lFJF0-v7@;a|M0s{%J`k zYu*DhOZ_`~4@$w*zH<})C7pHDyx!{q+t0qLjW5}eQX`eqI1Q}pEC&fKutrp1?&~$3 zKpmA|A8Q5)_wYQR(ycXo@y@Wi4c30SoQbAcO~PmV%nJoqU*eNfI8{Hg(Ujy7*$gD; zR~Sh$c_MRi6HhDm%)022H>^N~Q^l0$hqk(%8<&*g{In#+*eiKREHJnj!-(v#-aYF0 zMsA(H3>0HFYz#1#pvq0UbqL= z!puQwMM_}^kaZFiHwiaq6UF8l7)}F5{lraAo@NlIRC{z$C1>-@5#R`PM@HLUa{kd* ztPOYzE8ta1MuKz{y^2MR3LJ9yVPOP&8T1mhY zHtyyP!qYf7CyDS^F-|Ts61KTUIx-xP#IfWt6z$EOV-xZ5HzSK*#+m-3U;sbeO!}wO zT3m5m(>RJsQSK&$z3Mlf$+4gOFxi_+TS`_tbUEPlW{;-j*{Km=)p)F8Kc=bql_4z3y>t-7M>S&2$(^ko49+#*PyDhMLnZ9xwf48^6iLd#%Gq zdT^p$gmhksTta$&{|5f$F9QpEUdJ@FP{4U{Ty+iEYwg{f#Z0chCGsem$bS5AHI7Bh zw(oH}3%hQGz!ROsrTCU+JHWQuT2L+1Gi%X)!6H-gl4fzelu3cONST|M>_X(o)X(IA z$3NUmo9rkEok_(EKmGJGW>}qf4p8!K5+pJ^kwKlI&vG-n(4trskY{B-3Kmb0_&qvn zd6XGxF|hq8Ivfhevj2RT-Udfoy!3sHZR(xCr(remeUu|Fy-2Sm=C=EZ zeMtVSKV2a|mXORxY6v-vMHr*R0S?1}rBgVqE)uu{D*$PYYT1kq5A(@#2};#NvY;J7 zdSvPV<;*svl^YXMoF8&}1O(8q<-_n)LQrxIgME+#QC`epNL;UCYBD+=r7LAzIekWM zGX3#sE9Yw2;oU~Ge}@V}+Q%^6&+TIh=?pW?IrdD^!&)nm6F zupD5Rtg^K{`?%%3#$B!Ty8fP;bn)|rlCSaVbE)zQAE%Tyk$`rrzvnYLfD_KYfrD03 zTz4aH>^!ghPQZ~7I2et*mLmL(Y^tv)L$d5fh{K(x({Vqk*E+LX3-C4;ndk zitx=0a`B*-Wy5732eb(V#*unPv&Axb8`^y@)6}y?GtjBGA^X#6#$KyvC?58Ra4ai^g^lho3laxk214i(Jt&$eU@;<==f z53`X3PN0##3&_^~yFoOf?3I?M zsq~OI7J5Vjvur{GnOkXzd5}4fC2Ormk{$~=FHv1>etsrk@2;Y$F^uVOv3~CaOPRSK zBh~LL>F`*L%@id6oGs|sqWTM>v|!l7c7}ZsY|%|XXZ0ib){<7J@;)oB99wmwr00_< zXNjH@l1v^x63TCmab$Ct4Q&@xOW}hlMWH~LNV+^9jtt#ltk5#gHd1^b=(;%34(%)n zF90*I8Z+?XaAC$U(;g{$BXu98{eq^7?!<7AKTt{n*#r(Uxtb_Jf#~-Tq_>UF7X46~ zN8(wdh&bg4N!D%Q(#8#O{n*7ilV=tq$#vo=0YH$7Mafu~vhj{opdRoj3;#jLg+z5s z-_<8EEgJBmdiqU=Zg;L`Rku%g;d2+%AtdRtXrvdC1AkBm9;i^9Lr$sx#3DG6q>$JG z^hB;30+o=G_FZV~EDkp?=r0C|TrmGU@eAbR!K!-Va;GQv&QC~>Hb_10nyZXB?P`h% zDu;(%p#oS=8Ya8tNidB0>89}8tt;eQKLlDLhF&2LrjTB$@&IswL5z2-Lm`Ag2z~VZ2->Zd{@Bh1{gH%)Kp+;rY zQFKI44X7gUE7Kfh=!XM%Y0-=Ib>NNeld0TTw0f;!Pk50PzlBHi)7h$9676c+ll<4$ z^hJE}LpKY;5$ExG>Cs#*O_=s2`}6*nv&7pKZvfY18Keqd$GbB79@jw>5}KIembAlY+l0BN zwsi0WSj`aci9;}MBJK=5p1@~2D7*^_R_{qdXIRy9Qp7+iI#Ib1=mw-wo8s{N3H9J~ zC(i*v`DQ`8gpZ?zUkA@^XKOVIXuo55uTwzf3P@E5wv%y57#4PzUQskGvg7D>SLKZV z29irNX^s`=7r^89%tK-0=@!E@JvlnPH#^x_+PGbBugR06>h|9D`si(QvfbW~*p_~A z%(I<@UezNu?7{K-i3L>7@J^A^{zbnZtzTy##S8=IvPXrIVTVOU@1-0SeCxK0P}Q)5 z2wv=jEFgl;e2p79T>nC*gZ}P?%5UOfMi1l_GBc=JHi|5~H{EZJcW;sZdR2Tak#s25 ze~)Sp6)EZXvrq8NlXL;aOwq7Y0wnbe)55~GCZXG(tibyw zn_J)iT@~l|6Sf8ST#nZ~)U0-6@w_BcPOpW+=z-Qbhv!wtBPSEL%T%=O+*fd6#C621 z7ug_E{Ua_k`NPyX2&8N4+~k_up)Qk;ly~X_;9#ra_U^kCyl#XN-l3*4`D^m2eOhaL zATLL#o;tGZ0+Z1E%b8S4mX5YcI_wtygZ6i`voC2rFd1ToJ7t5jm}|#^ z>B3KTZ06EL$2%uToBNK0*VQm%R==y53KmIt;*LBiutasBV zOGfxaF}Uq_xP2wq5YF@$YCj3e8Oa<8FGo4>PDySzi95Wn(V!Z=2U#JfX8Z=MSLscD z7pSe>wx8f!2RK9b4HOc&95Gj7okwj7vR5;?t_vSd=OXrRgDEosHej-{-M0l4ttz>t z9@Dx^fUy+q-}XHDKh>+dAr5H4;r^^sj1ub4>O9@K^a zYOhI-ev#|uho%XClV-bK>g|m&i6tFm6;m-G*UAb1nK7J#1^#JdiuWWuuWv483qFUv zBGCbO@iF|8axJsCI}W%i`IvvB0)Q-9x$~m$EB7KLOem$Yo7NQE5BfGcZ0VWe-*C|WDRuxLgGwPMsgoqsLvm_|@$=BU=7cY(E|%OA)nhW500nyceviy~r$1MM`7Lem;*bk7FPCyIY^vL3X&Z;C@uC@OUD1Pi`K>R--@jty) zfRggDnc-i<%!=c7`p3zPZa{Q=;p`k*p->g9y_T4^uO8_5c@w?8HT>jJfC+$k01-eU z0hUl_=C|O!KV80%+c%t+{=$&CbT!mQ5^$0L#;Iyw!Fu7nSJJsndPgOU03}WYT$geo zSeGM@eGV2(r%}-W>f$1i04Q;Vv&bJl9@fN>V-3lj+PSlKorCiNX#Le7();L(?2VBN zMgOG^7 zBd2{zd3crj!dNGYSVWgCMa(1&m)xA~ZSHY*%7czoF0`#y_K*LHnAS8_T8$t%E3`xgr%P-du4}?OG zie3NV^!+50M_rdcBHE#4a4}N@kn4I3uPQiF-a%W+_o6#WDYRY5(I8fM?d|J-C6f&Ur7%@o#F zb3D-SMrusO0u$ZVQzow~7QHI+S6y8fd4v{Uc`jMPn%**N{$T6z`dPB`ZEyYZI7;BO z<*oXvclPDquQl85?KRqUdUn^hb8?$)r|d&bu0(DB-EjUhdH}rQy!=iSm_m^M58=Dv z1oq;=?+x&6*46l{tss#ZZk9x@6X5R*IRGWa{l^m^@v)rKN&3-})FiO)-P7_wCc0kf z!q{N@9%0g^n*O$AhzJu+z}u{NNekubzIliU?Tqol78+fh-S4%(9}luIvWV+1`bn!U zms`h{bBKLEULdAyWYC~W$L*KQa`-wrRp#Jb|8%Qe0Fi+;tJyD3C0BmF8g?O{HJp_@ zle}JBv9V4{PEP*GDAcLMyo!koix)^#i0{S8%@hyl!lZP~csG2R>$fnNqJP&Nl3Gys zLxj(-;JxSXexY2yo*|(E7?ZP~!LU%tPjjADk^ITCFOFB?l_PIQN8ZL=A#ao~syXX* z?rzxbX5<*5?MiEsa_IdoikEv8Zl)Q&1Ca}53YNec6PsMj@9xRNy`C02yJ^tcDa0cn zPJ4C$9Yvc&d{%C`T4}aRloYrZP50+GYFEA!)3ap+D_!a*}>8M%W%*&(lJJ-gQs9|H2^!uCLxLjGU zq2w(a>WuR1c4Q`?X6IgcAI&wXC;!i@vC3i`lYod zgbL;Ax~)c!qfTkNUn1i?--??QH?=Em|6e&LLLE$!6|l6!RSuz42VE9EeZ*6~0lrkK zBn4r{2;q=gTLN~to4PQzKfS#y-aSVID%gsGyJaGrYDT^)K|u&XrSBC98IPojCauOK zge8(1h7hIKCD^4p^BnkbtCxLXsh|vIUuFX#?1sKfnFhX{-sX zf(KOR5f;o|(f2%2}=nqitIM!~4k*`4f-M`-7RBua~#Zcb$o6jkN&twCu6;f%_mvjh;WaPEH@soUb3!lHI zyPeK@(Vy$tkOf)ft*9lkm;u|wt55ya&3dm0VfGL5LlVuKCx3OQBT`~&qtxorM&-HU zMK0kQeD@G-Qp{3`$>w}#4v2iT6pl^6n%+gih_#3}E)&CNzHhfeVXioEYoe9Gb9v@NrspB4R|y=D8XvCJtXe*$9s#1vqtAh|$=cYrWL%s7l!^cN-+*oY>gaBi?+1@CT={Uz}FKv@OWh$9f z>h~NhI^GPuv{6ZHv>rM=mNiQY8%Zc`Rg1z@>EmF%xp?M%F;YrkHi&7N>+SC*t0$1- z@2(8}+kkm?Ge`Mbm zdG0I30W>}@44)c6`ysF5)BGFypOyadt?>Ih$&FaYdkFR{P0**zICtd*t2O;~Mm_IC z1us=jGm4y>kPeU+qfS9MoM-)Wzh~#qM=PuD;+Vd7dhY+$|?6YtHnd zzM=MzU@j2}-p1rJhY{qXT$>FuDH5V$^7vp}e{ukSCM&hj!Arv6U8hRIXqLr8eMUKF z9m=UA9Bv41B103u`W;*wNe_)l)Vkmdg@G*-S)Sz&iST6+k-}{l2|h)s!%Z0z_0eY| z+hO6eU{&u@l&^hU4lu5w4QcBWkkMLx@~hAE3$v&M%sB86GHDm`dq(aUOX;W0@_24g zwQJs_sCM~1`osidM4uwhu4ViK>+e*Epu+@biR3Qzjq#Dw zKsCBOE^O+ghKCggq%6piC+uc?t3Tw%v; z*JwFNa2cO;rnJA=_&Kjdl$JvsIOv4VKa2mISYMHAb*CF0lNt0qrb{}+af3uU+$cfn zLO8U{jP$ilq|Gff31ff~mdx6{!}4*bN=sM%HT`yiq-7)uSdL{o=H2{`T{5%UqEHdO zlmqk`-Cly#04tObf$7S~1x-ALPnfj(c%)<8jc^?>cEYM_J~c^~(1$~ZpIam3o2B9O zle4lCfIjLlCs@>DuW7;rQ;5-DcOiwx{8P&>v+Z1E&3?`$4vZ99!h|VO^u7p!^}qa4 z=jpZk&(gU&VzJ&gL}R`GeZdHB2SSk74Oy^-Kt3gldsNsc5)D*>Mud9aQT92Hnd+Yi zMd3pk{A9>mgXy|K@dP6=_zZb8L;LAO2t?mc9-qD-LF%^eEX}~l)iTmu9!ZU637@x{ zt`MIN4(5J<4iB(cCJ}ego24dHa5Z6p6o^w#OS1inSNS3yviKp+{itU2rj% z1OXpE<}df}OaalEh0ttyg);#Ws3}jc5Oayazh6s~PfrIwMS!2gRv~`!CiTA@qnWe- z;6sSQZUX3;whY-!px40am`DJ$_a%aal+MNu#j^WGxY1?p3r!K4foRtqC$54+<4sTf zpgS%HjserGsdv~JuQ~RdY+O?jo?c5Ad@X__U}w!(KR}hcs!p-z09?GwCz&jR(SpfB zeRmK+wH;!XJlDuhmkq=@aLK&puvuJQ@X~TG>Pr{k!<=Y@dE}A5F?$aJX+iWF6W1xH zCJ9%70Y)VY!h3$In(pXh8OYr*ej8Mb5UUfsWLm}4U7jaa4=6+3I z0-VY6iV!u!jVQ{#6ix+h(Rukosp&=?7x1)efDqjh>NpIHIBNo70ebDwGp7If850pB z%1p>yiY~TLH!N|RJX_V|rS{O-TjMqt>S+wjZQGDJ$f~p16_L}!Tbm}q&m0PqGGB_u z9C|&I}Eq^mHjeSu8QxZU|TP-V?h znGV!ciAZPvg8v?m&zVX_?@54Fh}S$Mfv&_Pps|-g$0QC+nQF7}(=-H+&QG9Q%WSX< zQG?-fM!V7`%sidUV)YJUxD>-?% zl$~z_u35cg(uurA{r8zYa^lQ&^!U77Q=*LLBTA|)$8*9KN|I z$#feLscNIg{og(HW>KxW?E?k{Lj03J7 zD4l_)Cui{ZPnP~76M!1_LAAha1PfxWGwWd~9G`@RQWHuqQ3EuOyW%v&bKvlRK53bm zjYqy~^(;>}?!E>gs?%MDg5uIE+wo;-+rR5pdLm|Nm@K47L}+~{h#M~ZkAD?acBFoy z4Iqxm+mh1Ulo^~Zq&3zQGBFvi@e=U_94z zO2pzS2`q0LLrtZ9^cf?{we=FhNtqI874ZU_q~qv5bEv|;)ee~9eIG_-Gb==pqGIS< z>XoM5%j*9OKbEJr#TV`HWiool5r! zDu@1fc|q6nw9C&#h0I__O1hf*qeC#A`$$xC*|%sl!(=XO3N1nWHzYwdhmKX*b^3P^ zcbXddsicxeSkW}#vg*`2{k90dL|Wq~Qc&_&TXIN(b8H<6N<)W>?qeQy1>xeFIfgP* z^z~(gG36;QZxo|{1@8a)zI}w{&EmYsKA%)_n?v+M1D+}3UbIgq_bM7aM}Kb%=o)9} z>5)p4z&ht-6MyzyW~#B|505IhhXnA-au;treN9}M`I#}M|K%^zBnjVGDov*9D5WA3mz?CXQm6 z7MIBxNWf$(d)JQpfPGKnT}6lZ`D*w!jkbleysJH|F$G`1GLeDYYDf2#PTV zN2-O~Dr)SFm~tyRl>|=6+yys2mpl@^$G~gd((s*9{n{b}@|gxNdYYM?z&dH>Ih5!5 z7*$x*ZB;=f;66;7LW4bQOME^BLrgBzSQiH~Iiv0fo7=>+2#DzD_FY1{Vyq8^Fg*HPrG z@mBj(U8(Z|M=ZYP?=jK=caf(;Xwb%8Uqp3l1gX;eKby2~Rvw^-1Zy_Zf(s{m>o`RX z+a_$F*y9BGJyONN`z52F2yjJdAc6_SGB(uGAQMB%Kii6*2lH5{a8-o@Ai~0HHYc3^ z@|Zhkz*}UjeUc_$Qm0jTnD3NLWI%(XB~(yq`W2BM2HqKSbPTTbmtYkT3=o9H6p~M8 zWa%dJdc(VEDn_^zzdDM66=vX4%aCMeQ9lwPsvJMYML5c=^EIFUAm0_ejA#nKCv(3B z`pIq?-_UbTd(?WPswihw&D#GYC^j)Rg#P%fIlKcP)aZ-oa`l8@aV_VPf|widw{F?Q z3Giv{;hXUvwJJv4c->(E^Js9C1fGpqg%mAmMJ7}{28xX1=z3fW#r#fr=E>tnaM6=vhYENMYu@@#bD3foP6fO!rNpx=zFt3@ti5- z+lxd9l>o&|;RLw>u}u|kII}r-2qDAM6GqOV40lYi3sY`UTa+sD?7HL>4BsYmkYED( zCZ2wu=TOK+=$&5X^Nwwa-^TsG>1i4DjnX)H6JuE4gP+M{jUwM$djul#ZHPzm6Vx@X zL|iAXBFazJ%jw4)VS~chuW8WtXQ_WZGTFl4P<**$6lu)!q%m-8TAZ{?Ixw&v#~tzx z+;}`sF3PHEHh$m*<1Es!lpLnyP1BGnY3?SBBLj{ziJ4FODBT1#wr{~j(Y$Y>akZv) zs9fnIg3)o3E>}L9$j6Y;|N8dEy}$;dN~eo&AS$bRpTGVif&xSa`KdTIfX|0-B`OWo zFcg)BL>c>?$N@7DF{0waV?`4rW=1lFJ}?qXimL2vQ7tH@tJ?x>pZZ5Zk4(!(IIitj z&MTwv-TE10_ubVo1OK}no%Wl(@9MOIgkeTdplWY$bH2YVYHyhAEYGlG>A5rhqcGGs z4mu(t_%#`qc~iZEm0w=O=X`JTAVS2q6c^(C;2#FDLREOaHh(Z`4IB9!mLrp$#lrA6x! zr`+K^T%eK-q8g=lbwN<8f`S3UQ5B7W(o`199KmP#Y7~Yts;nr8xL2@3@z^~1rPC}R z2Q44X%wy9MHH=*PUhsDC+_6u2-rav=V5kR3hlt%=leLaS%N0$Od^=2}B*4`$Z#y(l z`q)KUzi}p8;c_mMog7h(95EBwuPMk<{f)w0APx4mEhuVBV}57il>JM5Vt9*cTAg$| zQ)kir-2(q+U`_C5ms{|rB)3{hF#CInNIXSavLDzBKL}cTJdy4&@%o3Siyt<`L~t9B zhq_Z^bJpXzMma}ZmM2bCokbc0irPed3aNC=To@eBSvs@q+uSK*Qdo?0Np`wu;JmjZ z9b~-PK@!P8%I)?T+&L^ID{SCc8gSw3Ctxd45^4fbGKeuGZzvKD zrQlD_u+twHv`y+*1vtkYw-u1X`Cq%f+u0we=HAcM6z*eAl^e_uNNoUK4!=b;gE8btIms>wL&jjU9DixmqmiVsD$MheNp2*o80;6jo zAx%JR9<|bUjO4$bDp0`Novkj|7Y?{u4R;D@0){@#Z8%MpXz@AD3zV94cBp0vYf0Sf zfYK#J;}g^?s&o0ix<3OKgTiRw#T^*G(;ecFCVR05 zSL~+;VK^S`(b~^1FNXoLHb10O~Jw zZmVv8dZQt1b6kV}(w#2!BYG>j<-R!TeaOTvjClwdFF zI4@yU@s$*Ys|ZWnTp))+GQ;+N+MT8F;Wb%!! z97sli=zhW^9=h^{o|~OD6p7f|zDR%)dYIyA&Fz%M^w-}bYH{2;D|xB%fUa5b{-AYw z^1aOf>#s1ePwx=G{6g7Kdbd)-1u;?8gxWnTD-FmFtibPdN6%+}_| zTZ>I(rX1ZyD$usj&!-VNYd&hHtGY!4SidGWky7pX9ZJt~I*grcdF78jdM8)TpyNHa9iOP5%z~?1XVK}gbwSqBLV~#3aTa<8 z!exfl&Hnb}%h-?6i_@v&Zh3t~!i`ur4b9hISH)992}Jfqt%yQZx>U53vYfXpJ-a<& zx1t(JJ?wZm5yeAB`96Pq^A`kmQ<}R|cg={y-)E>ncKLnUJLg|Fu1J%MIwvnqJGH4q zyLoB$G?U_=IXXlV^kDqYG#)r1bX;X0=(77HGKwnLJnN5xA%%zALpDYf-(m5YI* z#6Tq|7`Q3Gd0ENFrv;R@-XEWijDjxghSAIrgC^y*kdu*-@rn&wNt(n>!1^cI%yrOW zJJ158F64YluLc;XKrZr#%!hO=Ey+Bf!SXE$l8O}2XGs_Y7Oph%G~{Mo@mhF_)Rrk| z0tw!Lv6$f(=eCouVNgLXzWv+mO-D&PJ~%Rc2t++sVkyxMp=uN5#zQ^;k(Uok4pjwV zXyu4|*MRC}!f^pR%z(MrIPJcj@UySs>de#z5w9%M2#k*8-o8x(HO->X#UyM3vP2P) z0k#6!7%v%BC5$C}HOoQv5VwniIj+i`;sd%bv$oV~2qah2voE*c8+^?(P0v75V!!k- z33)}jKS0d@uk(YYswPp~BftAd)?8yFawo1`94qCD8Umt}pB;nD*7sr;qX`R1N>Sa} zwf@BWZFAFo((Q`OR~M930Ln7Hq9Rl?7%5@2{JCaeSle^gvzr;S3zJk{?(X69#L3_I ziKqWS>V=HYg^evkB8J&B)~$xeli3~60f3{o>4e~4RUkH;)JB%FM1@q_1{D)78}{Z9 z*>(x*RGk}_xH{SnRpkybmC-UW>HD{0=4o%6;&rZEDs=u@c2E_;&J=s^m1X<67dXyS z4UJ}e%5-jQD}b4Wdhaid=|(WP(|S@PL=5P@DpO6&G1(XD9Ed3RjLp(5^_M65r}z=; z{!NofSN;{ht;GIHI?9BmSv!o?%=hkBsrEs31|N8`bipPl>$T)-3LHbmejOTS?lvKn zo6$SfA%7l&<;=S2#KSw~E|tqH&g|4@Z|_Xw&L&+P+(3yNCXvg?n;0rsYPD@c^%^G3 z8l56WxSDITzBlN*Jm$?huf>3Ot5@i_WxY!Jc4DHb{ors(o^;_rE7EKo)+X$bL6s-l z?9_?IXL@0yZ9HjT4r{so%~X@SwQtNh=~Pg!`b%QyHkfsv%Dbar9kujf*RS-e)!bVT zsXPN5BZh)>KUNLaM5ezfGFF_&r02%ZcX?l9IpgxNeoFOa7(Tz- z)326aSq2zD_4v~A=;U8583~dwkYOZ>YXk~ZtMW=GEHn+gy>Y?`(g#)>1l_6+^y#y` zwlBPUJR|5sh~csA_}T;IYJ(P*q?yfOJA6-7i=VpvjNs1pmseEGyd7j<*a;Uf$JoSF z3db~fmx95VOkj3IDw`yJ!VswS4iQ3~;9Rr?)^5g74Y#BaYXxd=5uH^W&xEgMYC~xm&hZpLvf4FS`j~fxQ$Y4O2OV%HeG3U=5 z0KU~T94##nV^A~89+2wlUhRTh8)uqa&0`kDehKU8uJY3I+z8na_z?19;UJ5ztIx&j z`M8-PP|MUI08TYrOrM@cUAPy7yw>$!kDw?Bs$@%S`PNKWBb_@`{U&^nz2I#NLEFsK z3g-LX_-!^NLo!u0|B86=>l?_m*PhRyZd>PF>zpl9*7r>lWzYCZLBnOT*7;adQS*}3 z;+eq&8j1kNgJtFU$Si3lUlUW`WA9Z6ET>)B71=ihAe90M$uv_EW214xv5ooum zf^c>8u>gH-|6B4R7$iozZAz#<0IP`>sN;%%xVIi zJjU}7ik{6PL5srcJSIfVUf7?25>&)Hrg=M!fVBY&eI~dQ8<(pe7D-6tuWk_xF;61`;(eQnVZu>h+(9pY?EF-=JB|A2+&lNMg^?B zaAnPf0MPApOwO7LOSsSyz78gNfpeg9Fdd(&($WNj63pr;X$S#f{|>V(rnfv}#?bH! zYD?Snw7KAM@CKb#j1-@Ln)-`^h6EW!vdy4pu@IrW2U$0;x+4R za}pTJvS7;7TvAmcP*9P)*=?rPlI*zUV}m(d^yEkvcrNLD;5YdwLHm;X{0c8L%3pOS z7Ry{$oL-y0f4?3S4V_)!r^XVimTw`1FKf$V(H9iN9S|R~|J@fHi6xW%_PJp}a>Lm{OkFhIkU&-U4MRUf4`MRuR`x8bU2E^cs6=l=p2zu^2TbGb z5oK)u?#mIun=s{>vQ#H!?vqURL@{+NN>B}+X9k1a*qLiVyNAw$BsEJDfvLh)itI|+ z?sS;Wf?~-{vW>jR@JC^VFSZiogRg4Uiy%Msjv`oAV)#T2-eTDaR{yeKRXbMdAo}%Z z{ac}m!N~d#D-0D!we*@is&S2ssXItc(n_zJ;`NWX@nmbU`h9#(3*)B=0o5O@2X9|b z524}64~=lEkNer_zrPy=y&VuEnpRZf+-Lq4jDS9C$l#*}$*cd*Qp-Xz>UkJmN?yaY z`o(u%-lV)IzUz2{Ap+o}E91loA^8cq?^>Xez&KQD={U%;aPjMKi2=%o1hQ_9EUzpB zs(qa`=WLbz-!5^_wu@#&b63yQ6t3n6l0C!|8@*PAJz=z;)ppiw5k)L_OB7P*3#u3j zfgGZkwYy!07U{bT6`}fu-5j*5?zPDvI*FDZyZM){5%z8&bBTNclnF99?vp6qre`FG zVHG6EyQVpF@7miG(I=mLY=7Vy6kn-FVX^&l*pU3==Ux{Yr$?QxPb{9MKjhO!*1kqqDD!HD=XqAUh<{X^GP6 zV({PCEF*@0PL!4>PR)}zxq&FWpm)}-r&=$n&B^n*oDhinCeEQ(opzQ2;f-zD-l#`Z z-ehpa!jDJNg!;;ouqmtu7uIKlpQLwAA&ImM@v!DyfKd%zM9QS4`mRv*>#ReBq_L32 zjj`VEUfK*>RI>8=HNS+_Bl{{Axj9_pG(S`FKJ#!*n`J^F?VEG!8|(Q!Hc#w zJrD1=lx5?;i!P>8TU{rmjnpSVeqAOI+Q}zeJJoMPJ=~N>AVO|S_BTGwP_48@xYH+y zYKm311oq<2iG;Eu-o&l<^Nr_}kA?P+HlLnOd@a~ow=MJM$4ES5>VU*OT&>5$evMLR z7wBMmu!W4JUzt0zZT?=kRtYURl?pj`ny?jWt3<8eY^?cszT>Qk13A002#?{ZL81?h z7}xquM%-_jEo&*#D7<>b+%sYNfIew<(tQKgs|?i_HY@7c_>fi+8suVVx~tdJ+Xyln zyvT@i`NEuD#;xBs8ZTUV_0L(Sr?6e&xx}kEllY9jfND`d=Wh$L1 zLyd3nmya4b`2yy2mr>94n6#<+(pu$w=-z(t__Bd%KeBvEUG1|MyBo)ms>3knf5&z? z!U%$H#?-NbLm@BMZby?)s94LV?K}1iw;+G0U%+Na{s&)g8Przve&Lovai_&S1b24` z65QS0wP^9;P+Wprad#=+BE`oQ#nqh{>}Puyn_J%IeM=_)K55Y}W_KhK`hL z0MzYjbRm9XnHeA`Xksx%%6 z^mN|Mc7CBI@xc>wh0)9uO!YmJ;KgwYDWAdJMH05}QE5$?Va(>-%lf(hH$?|vj2vW5 zW8{@wJTM?h#L{}d2PEe{w0a?IBlFT&znYrC&46B$m{cy@DJt@i81d%Ev7Fx+5~1xBy)Xh!W(U1d=9UHkv4%Ix!w5mt+y zlFRU!u9(U-T|qVLZPn=CzdP-JVg`yEGde)PV@qYZSJRsvF4k2Seb>bVepCj~z~eHu z5^^{z$l06A?=r5z5fb)j_BSZN6;IpTsG0Lk<}xL&j%~=_UIDtaV-0<0tk>uYHr5dL z@-r#nSe)D1kN1O@-tw$0!927Wp>4<3jjIPpBRw@#Tt4r>>bq0rppc3%uut zXP7G6X6Svpff@?LXQ)ei04OcciIsIoyiSjo?6`d_H19;qKN-;M zYS?_Rq&C+0aH754)XW}n#k!zlI2U?pOE4M1w)9>nZpNc|WsI_{wmu+iXBZNFU^P$p zrN>YdxE%k(wB*hTW_t7$Cv5z3SBWe!9fR+mYm&hUg5S?(%-J#b{i26tbm{d<-iXXo zM;8c`XWn+4^nuZCJX|Lgr@qJ!N|{Z;WqJD*Z~k-h^Mo6;+pX_>i}<5Bj*E_JbHrT1 zokwPy)8cb>lm}IM?<1yO8rW4!hc!e2DK`rfg~rpFhuy+!*5WnCHt|r&$PN(vPHkp$|9h8!T32V{%#e$NNRQ^Ru z83lsb;a!JW2rzOZe;ceGJ#EUeaY!YjpCNo?)v$l%prm{XxBfiR-?ZAKOT*u0)gCPJ zwas@%;D#Sqg6R1VNmM*%*!ax~t|p8?GBa#>@GUO!#ZLCl?hOm ztPVEFexBgFLJLFRx1r0JrXtR_$%tJTBMu;nFKX5y<}fHOkVTwk^)BdB(Eh-E%TX@& z`QqI>S4j@<7=OHX1(^53^LKEoz9>^%25!PPUeruWq|xx`+NR}?Vmonvy4lG1_#P_- zqhF(3NI8yr&N(*d8uVS2_LB+FXm(cm0VZ!1^(?{ciw?iF(O^bDrPnoYa z4#g+76s9k+o%y+A>l=GuSiQPaUuV6V(MZl?l=aQxiK~ikUkSDR!Zm1i>~&sioQku0 z_1quyfuu<60w$xB$(~SgyY<27z=;F)*SByh;7PV5D-qIUZ6R(w{zKH++%s*FH!H=NUJ2F*g4s+3shF$G30 zg<1t$nT?jY=w09PT8xWe zevh=I`k+=I54~IR#=i~aGZTEZvxGo)O~h%w=_9^H=Zy1M|e7&29YQa9&x(n5yc&P)Bpp=87$iZ}tjzvFT z@YB!lF=u+8mrMnR1>P5wl(eLvZ8fm(6V(+4KJD^Jg+QgOiflG1l;%(E~%~ zIL51I%t8Nk=DyRw6za;7^N6BZ66<%S*F)9__+S?O+95D?mIq2xY1*i-DXt2bg&0

              WJN5H&+s{%ip__mUwY2{msKV0N(Lu~7bJMfw?rW-v7~GTs$G)L4Z6yri_7naH}) z#pNgsUv*1ZiH|K{7QzEwVQfKtK>!t{=qb@_a~5b8_keACB?u>?j3y){LjM+K49hYJoV?u zSx8DQ62u?;)XubTf&2Z^-<-oAQ*=97IWCUX1^+5tL+df6g-GO;#8!5QviglG@yl;p ziIh!!X6BR{tu((LHIGnseYL*nRc!4+;OfOoU%_?FO^52(^T}=Wh209sC<-osU*C&} zBJP9lZ-r3tN_>^W!-<>Uq0tdoqWvAg*+LPD;B1y+g+j1dB4Sf8VhZZMkB!oOB%XaA zA&G}GFjC1DJUZ7@3wO-{aiy|?T|XTtl)w_y7S4CCnFe(S45|o3?sOBJoChdJIc1WL z9jQNzreP!D8O+jBpmI8JU*U-1Iztr*B-?4CB0yjRm$&PI56CkSxN{oxZhKK#QoK#? zLeAw(<>OR|e5k{*FX!&S64&M!tLwO6gAx>cWfIR2dBpRHr`OQTDf0KPx{gJYFa1$PJCmr)NRSy(R3KeUkQ7bjEm!kc7~MxP4Vo%k@oPjNI}{Ut z*q+uJD`fO7pa@rSlw@cOj6|cJ%sNW#PmC6E#C;%VJW92y!1+21dz90MOG-*~cJqN- zzBI*Tls+QslGtX59+j02_qCj$MSPbOGfiT$tvq#UvS6~QGacrDQn1S=Bh=ZSyPeZe zK`2>Z)ecW`fFv@iRH}!GNO)-|T3O0HCG-QWv>{=pha{zuGl!8gFr+lr1@8BFL(`jS zG5<^lmBx>8_#vg!lyv#6BH*AN(7d6k%=TCk1Hfr-_xZc5qVmKw>I9856*uBBZmw&} zAtdjbRhzJJ)bfXuro!*bh=7C_;Lr1a578}1-f8&r34YgD%reLWLmei#%<^8%M@X);EsCn_1CkXHEe3Z$6* zD2YD}Hfqc~{UskASd7t4Q-^Cd{z_;|yGD1i3~`@0Um6QQ!ktyz#d(d)y0*17lH%YK z0ZOD+qsMWsrraHp<&Z<%i~tP@%2CBVC)bzRoc+ZBEUQ`%Zth`mfUO;J*-9NKXytij zNK)eh^)t(??ocZbVo=UxkqsVyCa^B<(Xx^+&VI$7Fl%zu3vR|vp7HrcTIaJH+ zMYV53kM6TQvJONgk5}~uo%^+}(R=IGKL9HXJP;!cFJ7nk_$yxe@{^~wx-nWD0Tu62 zIvYcq8^$RNnFLX8MFRM+tQClYmiC>0ol|o>IEla7_weGc!R$ils&&S0P&P&E4@8sr zsyH}B>AZ6vStR;*_d`+n@wK>(m)5a`#4rCR!mf9*IP-#gbkiNaS%0pzfeouikm~o0 zp1T#hD5)9uEp}{14|y64jMDNP96(g*48hVd)5f0UuY_Kya+!AH=>5bYIPeuEfQVrJ z>(d-+b;7M|WZ7#k&U<3|3ct|&<+%O?{qomj5X?h9lbvWxKsF&I^0Nqf+-rX=CI&K4 zo7aHDaV6_HAy|D?ab*$!b?*ZupjCUmtXpux$?3nnFr5JnNd?u&q@8gGZ*HhOP(!Vs z%S5E*iF~uO;eu|l33i{OYgHQjFH-Y4yc3S~cF*W;nap{_uQfzmc>!DE2MA|xUtF)2 z1M9AoPNVe4`Ga1`PyIYv_0HmkhS&zIINsS?vkprkDK8#cUY$(K`G{wk*R+sF+d<8o zZ|J&Yora%wKVXnL???rrV7!%4fc|3UCqLxa-C%2MSdqZWOhWospA6xnF#$kbvjBhT#Pmb4=qHVkLgvZ$b%{w9o z@smSd4Q3}($3S5-Y^~MADq&-Ehd$LB$mV!-v-9V6bB0w|vg*1x1}s1JTX6ko#sYUh z<%IQ}^*wT@-sz&W34_u$LY#4Did~HTu{Z{_Kc_<}H!;<*@P{u4m12*`i=C%i9Vn`H z|6{4hN7dU#UuL4dto&{upvB}_saHVh!2WT-ZF0Ujiy7;(z+~0G7SPS5@I*%Q-#4pk z65hNSq^K{y0|`>~Ii8$5pI3S4D6hmM`f0$z$29<}nCH{cv3$eW$NVvOBvx{3t&f8q zuR;h7xDCShu@9B{R5M^}Ks(f` z4v`OCDINEUKj2EJ@`=v*oX@Q$Py_=81{%R2bQF3nS%41$%$uQ%yqTi`M5-5Z9cfP+90?qZaf2UC}XPGRnI0TDiH>H(<{6< z;$`2@^f-P{`;w4StM`-i)<+_014rG8-Sk*Sqi6wWhV z*vLYC`LSy~V1GnYQ7YR~M9*?$L8D7&oC{j@1G4v);oX&8zyCK+*J*#%qN$5>dN@Sh z8qnumfSe^v1iub|`MiI3yHuLzC9;V{s`_Vb-PjYFyFtgY94{9@GBMK+{)Kak4F02+ zv&eFhksv#gNcUqi+hnpjE4p_3r0m36h+jw|nM>XCSfHQw7|u|A zUh40A#rPF0GkP1H0=#bo={-`(@`xTQI%9vz92rXdk~>rt=}F3Drsv$0J%{QI8}81j zfR^v_`XV(o6@JMk$O&71w?AuAJRt_z@V-6wi^HGGP+THDbE(|-oiaX=e-8pW?YTCT zzU4;wX4RV6!$rEH8Ee_pVOt%9L9yIhKdBFlXesR-rzk7U>)~0st$*$Zwbo%0-`S+U z<2J3i39PCeYV5_D<^{yzMgv3_ncC$XMY+@8Lt2|9J z-jHa>l+-6YoU-vk*-?O5Gyhd3#G^|qs#Zfzzy_ZAW zU^koIq=h!j23M|?ge>kZl{<;6d#^U9CgTOm_||!^GheO5ZM^w@9C8o^ePPH&_~T`- z#7I%XIm~AC-lO>HaPeQZZGKl?k@K(KyAtVl?s3bvDjqZ~JPjbqrDQ=ujn4=~jmt8FA^-7px2*8DHWLno?P7rkmNY z&dzopR4*9Vt`u4HMy83*Xk(um$x0ZH9?@9R_p0rEZ$kk z7rP`O8VspASBTPN#=93&iKN(-nOy6@azyooiZkCOjv>Ng*3+?A=(Ki9!zIoHD+Z&) z&!fb3WyDXuY#aOU(e}f8gLEY~y?JyB|(6e7QbvHUIZa~%stDu72-RvqEmT9E6xtBb4**FCbyy(@l zs;hDRj3nXvSMVjOD6r&3vTpq*v>&OgWm`)-*+TSW439Pid@MRQSqUc-es z`^g->luZlji3#=sUsF!GG2&WmhY=QTQIfr~Dfqo?@t>QMVesm6-!dy;r+(rY%-cLj z8kLGw?!s;8t0xC6TCbR>YU6GPb}0VUZ`}LhI0&N#_9;i(92|+0`o!YPmB(YFq`Plxr*0>|3znQHl>PZ5QXneXxgQ7F)Gh8=gQ$GY&g#J&9?N4E+HV` z0nH;i%;Ouqyjk#gwY>yUl7=Ce>rR(&KxrjVdcvOGCM<}^DR?xRh2sr(Ada#67&Ra_ ze(m=!pPo25VPziMd-gfEeRPnV3?!Dj=9=#*omD&Kfpt?yK? zSXqc?JfJ3HxBtLy973ApAu4wq%1Tvo{{^RFF9`ae9pkj|2vXS#=WG#*WT_9Y&4(Vs=<8-2ui=Nfvz-s?b;DT4+ zzXKO*U)S%Euj&#~f9lGgvi!+d0H7_@gHHHNVj}}bcoLU9>UnKBW;G>4NUeH4Q2+O`cheh2}>n@5ts`KCxy$E6}RyHyhtP7{D)7c z?5;eBt%$k09_Ee7IPZyRlrp|?fJ)cq&4}ctg}M%hD61{b!|EHIn}S`>ij7th)9f~~ z2;XjD;^KEO=3j(v0Em5Lp3_p+Sy3s>j+MDS0s&T!Vnx#` zk64bWFWG%UIF^stK>>o1&5KE@v*=VqQK{VOXrggBPvxHLw|3|>;W3Q4!P+PQt`Ty0)#*cQ0**gF!5{xgWO-e}i^5SvC zd@oCM#~X&e9CegxhbnSIDD-&8PArx8@}GrgLeU)OJ@EkFPvHA}qjh!y?N_0z(sTTG z^cTt6#}9Gui&g?TS?;C&_-Lxuu63JbgI4jUO(groyf}Q2bn$m6DU$VP1QqGOZy@~- zp!$z4Y#h%L>2sJD*A_BbI5o(h+9)0hirM4kJRccl7#fKIYy?Ra{f+JcA<@_+%gMim zVuhd*07~^tydi+7J#+21mdb&%3@)?bth0FZ>~iJQ01Py%(iGl3I_cV6UWctml6Bd{ z8QJnLQkTTv=+u_N>fo-F4;|zKt_?W86I{SeU5Kl7o}lU+`k0DiEg!C-IF%Cq%8G|O z`8|uoR*K#@9<3^+e45jxB~g2-+X>?S+3Sz)<53S`RCE-x3inWw2Szf}*FRIj16M8` z&Jkk8;8Rpv(8TWtZ$xk4>{V6~Sd6GM>F?#`T48m;O;O@G$;Y;i5P_q8?j$(z*(LP5=O66ozVsz5EO!x}2wID<^C?IN1-PG9<1n*I=L%&39Mw`~Nt!*viNwkE{ z=p`asvlf_m(lwB?H6*)?GTT@;cgB4zqJ&<9Cf!$m3_ZYe@-HgN8Uly@t1E)PqMj7> zhyg5>6HCggLleLi>H50F(__>QzJS@C|5s5qgcMXpAcZm{Orx>;O9RapbI>EoJ(`}? z$${=LHkGTB(Ey{vDTX9Jn{k~UBdZG|J5rrH2LWUQ&D`%SpSB)!$Y#I57<`OZCRJ8z z&Z8LICszK2o6&Y?-Pu?;_MWc6D<*Aj)C8$(9TkoexTci81p8n9;B}O%^l7yJq+M1+ zBfrAu&+e8tTsZF@U-SkPv0F;;kiiG{?b!NpCKS4DxoEWYk}SEk@ZUOzX1e;_G&>o+ zoGTwj@aETuWm&}-S3(-T7PPzIh~k{Z9RB`a#W{o)lyI*0rt>o(o-qjbn|npNlW@Qo z5*PX?dC=ud{oF90KXL3>%@pl@kT)PR7ba&)Qbp6?C$KUUgsO7Z%fUlmiS{Dp9h`*P zW%$p0mPXm1DT&U-pZ48?ZvZpdO}f5hat3_jJVw{&O>}sMSEPFL@P45AZil?y?VAa2 z$eo5c-Bjn-~MW>Yo?~#H4lz0iL1F!BSIO^ z*zF1VTW9AJ{1@?-hU(LHjH}?3X~fn=`kmhBZG zZkng%O+sY+X5fs4LuCll)_XeT&DjN~hxUxW$6iq>r~!RR0P#Ch;@U;D{GzP;i#3R9 zV0Sh5iT!5zVA-%|$s%$~sQc79pAUocqStv!Mu5+kUw@r*Y0bM*r(L)hyRi{hn}Eze zP(&2x{uB(N{_FYQ2o*eKLY7`+yMqR5ODyuv5Ty6bOa7Jw7@8QE+!)Oo%cA0@R}(}% z9Hz=*58p>DPx9~sEm35aW$ci)2+>Lz+CnXhD zQ~>x7Mc@BRv^_ZaR^Ul!6TWw5!oOjMD9_A8bFCYuXf$kx6raOgmzhmgs~Egw5v>5< zF;alq9%YCB)qpysRGEC`nKm9TCdF8CF2n*&Gez#<@ux4^XpX^&UKs?|)P>#U;RVTD z9?2?EuREQkG|;!wk~v}n84E7-(j%0MhS*x(wv;K{kfm1N0?yI779L zPYRn^t}6&J`{-PjYPVFn%il}*%3g+CjMT1w7AiNb#Q2_-a#Tc9pFH1xUi7%cABS<` ziJ{O@4Q)Y1JpUP~k;5w}co5ISG#sxw?h=%IN>GiJ5k77;Vcv@q4jUrfZ#E-2mke|U z>&{VgeB}1_p&K}x6D8MIoha8Vb~e60D5Ng0_(jQ%qNgr)&uSAb`)#>ePLI75?+-MG z#3Re)G>tB#Rh$Jy=VzC6k9!tQj5Nur_iW3+g|Bnl=KUH948oSV_&=-mY75d853uqO zQj|FA9j3?-%haqa9j-jX^(TNy7zLbxd3#|}rULhvk*h320m2q95$E>3p(IXW^9U}n z_$q%^_6REOAvuN({hazn6ISG*FzE=IaBMIwb=guZ1?#Mg+^3GGP2QQ%r=f3!DKgF_ zo~R14-}_X6Y|vPxip5!hfTI}pBUs*TIT^*0{l@X^XR9XK^6xWMgH!GX#nW2|TU<6N z=L~s0DdO$=#x38rw91z(yS}ssn#UbyjvtJ%V#-z&xX0Ob`QU(r;K4@vN*92NIHb|k`MJP-&5o{g)M}rpq)JicPyJ#_v0v3YBz7Ycn(6A~Ik|UYNa>IV5UEkf zA?na@-Y+TKuQb$yyne*(can7;QH)C2@0GTQp`9mJ76(~}92adY2ltR;E4ZKitdScX zzX*r*L>YM0`&9m0_i8nsw=P{h7~Y@!y&{{mRCL{mr*22JU)f8}_Y^icGVZxNO@0UA7>4|Fhw2$@4N53@CkdH_$+Q zCsVi#dF3G5V1cVN&^Q5MqD%C;>T!2ty8Mpm*LWf0dve5hUo~Fk;wTpkz;v~M3=|q9gHVo`BSZr^4<9bf6Ox#k$%<*$x0imxZaqzjZY79i(1{iiZ>+D+zc1; z03Unxjyyrzi5SK&#L7E+_2YVkRO;PQ*ip_0iiU87s=!gJp1;@7u_x&Y7Q1uVl{}~C zf(Pw-SAI=++9?os=VXpr$n117RtIGa%VlKjy$&x{`=9s1Ki~W$$ZJ983V0|ezUwPr z&}TaTh1t=6V%4AmiSAbQd3KQHWs945n%O;!ys_;TGh04jFe;pjb)hlHG`niKFAZL7 zBW2(d&u)13ud}cTn96WkjmMhRSbw8kuh`({A|Hzu{TPOGIqtD2b_ zZ$TgSyk@wpd0(9);vv@dDMcd}PcSkBkAfJpb4K=1^7(XMMbXV5gfgaL(-F|3#9Dfr ziP(`5#*iVU*V*0r#3gbeCAT)kp3dmcT(_^fdh*ktY!14DIjQaT7})vw?0-_{M&MI5 zD~T(FL)=p$?X|E+rQ=hqM2Nw7e=9_(JDi22qqFf8g*{3mDaT_~`JQWq<5kOVKtG$_ zJq-ak(h<9ev&}UCUhWdfG#t=a-cEsZG78ztp9({!){LIBBkbq0zh|Tk<;dSh02-H6 zvo)Tf!}5p|7Xiv_`(0B6;pcBC25@fQzQnJJpplg9!p$=4k}BGMW%QU#bniq*bLJ@9Qd5Td$}T#{_ia& zWjLG1!K<{}nL!X9(882UFc!!4lrq!V3F{(P|4mu!`EAV{)D@USG(V9%L7JpJ%VX^7 zECQz76ICeqU=v2JTi%a95ArbTK06l9mp&8Ea#co9MiXn$T)cfyZLAS$7vE)tApaB2#A% z3V)>Nh7*m|t#tN(nPKcyIriIXQ}8f3obl*AV6KfgP-uf)8V=GG;`4YF>Y1UbjGU=H zcm1-0M(LKoIt40}j@4`x<3Mq+T46;m2%YGX>|B7$C*u`HEy^QajgwPeQ}(%wXb7gs zvU55wS*yBY51-1E`YM&5U)Wl;Uw=7_*spn2o9S-KYhT#0Gf&^;%TbBVhlZWAN=0d? zB2ZGGoq{9DJD)Deo|4^O5M1xZW2&mo?X42W<&leDo$96n(Q;xG(r*6i2K2$HIhx3x zXzO7RnSI!sNP`wkZNn0MwxPJdzyJ0Hzd<(l`J%=K4WoS9=b9@eq|lD({N!QSYz;T+ zvA_Edu=Q3MCfMr0ie)&qirb&#tp9N%!e45|=Rd78ASUH_UBIE{Ak1OM3PBN8NzGl2 zPao-4PTvX7tm-8woBZ>}!ys+O-%Q6YMf}`L07B8JtXjjhmNLV@dz#5&5n)Ve>hQ&D z(vZgHcOmn?;d*QWShlOy<#HAs5#NvW!>c~i4gb7=4A)=We%?ROnf^UHcQylYt9Wy(Gq@|RpLlQ2b^<`>;KM%^c6@*Jj)plNn58v8xAWqVjWZJt*i^cCNIaNzpz z`R!tWr_v$ooo@@5X6XnfQ)zqthIy%Jl5Qu{x$zB&N9u18`Av)*c4*IIv?pvm)(MsY zw^`s`-c>Ehw)GM(zp$vXW3e{M@L5?wc5c&P)ota(=44(w`=(- z5#iR<8BI{4YtZ{Va&=WS0a$s&1s)tsfa!U#%XIm7#T!0GD*fxZ&#rc=HvY`7`)psZ zR&sWFAUIPt_SBrNhjCy&U!n4@gS_?bKi9JZ7L0h(7Wqe zDxjR|8}a|k1%IAE^HSt@UE3Q?^nUG&OsW`vodSm~gZTI3&~d`Caq_cYw5zhCRU?iN z8S!g;RiRSLh6dAd1UPLwDnPLb?;lBCZ*|aW|6SPeNSE9HpizI^XF5yDGc0g}R-Hh% zqS)?LoJETMS2_xt5DA4AMQDJ^V<_cVd(W9`7KO$Jn)t=bx>~Q{^(DjO!&X zjuEPW2bMvEw$$a`hZN-VcJ4+zXX_YvB`=X?qPR6ezR=dHY1L9_9lTq6(&rK+XrMwI zgsV0lcFrKtuE(6uJDv^iTE}MFT*7!?ff$_tMG$fEikhN>dqdNeDD9f;=}cV;bE8Km z2w{#jw~5JvCnPlC@SFry|LTzr$4j9RuFG2hop>{Eb)Ub3l05(pdaBj2-NAO*G#|t7 z5{nXlNz`tHERzzs_9U2i9;`EfGTVQ&fg$Ff^>m{LRrsdqh+J) z0rnhlN&dL}W_PM3uluXd0l-M#Ld2V-cw|B#hR7)difW&4SbQLJI<~ zvVWhiFLHZ4+bOD(R84%oFzo5ion5k8a|A->AjDI8Qo>SWBdk@|XQFgW>sv1(liU*e_)OyT! zj5oin9mLH;4{}+id&IRAHt4Dr?fTN6&FjexU1Q*B(?Pt(i5wfn<(qQFK?EiEDB3uw z^>QYMY}(^FJ?3vY3=G;Nw3Eo}>5Fo8$(o993xk3_y$!N!FBMxgay{iV7!T=@7q(&5 zTgNDkKd8SRGiJIvQLeh)BzNF9Pr)x#237`@wWa2vq^D;D`Q~WfnP+J0bk_v($~guL z>#@6uDw?XV3ow2YmK!r?f;b2`SIz5aYTZ8xdDP+0RQK+5R@K}oVy1JSPNp(!WHECD zavDuor95`O&%lpobr7}hoIh%jdDamzQLIvS0e*u0E@XOe@T01Pw#nrw)C>`J!Qz!7%Nj0dYeR9--sqH8{1;>>pr{)6E<9UBxc;s{tKJ88b6Cmn@ zcQWYw)2Ym2yNcbLN-v2oC|YllgRDe~RSo9iL#O1m#<})pxS!(DNS6m36p;~XntdhI zyhROc#DFOSKW7RMvwJ@KTV&Gg-gto&`qC>NuYxyf=^DdRw?rVL3-E+io`G9wE?AkQ zKtCw!ZIEx`TX+sXKzC|kx4!(l1HW~waZTy7Mo>n{hZ9x1<*;AvyWr9c&{&#jBQ+nelK zmwk=~hdeWZfAQts=3*JLCS2Vc15+XClH6OWlvA}lQWqURU@fz9o-i?Br%N=O=d?5c zV)rXFmw(EB=i&)U$=0AJSC?*=?z~Y}+8((BGX)k2Fw@l6OxrBu><9*QB^Z?5xTP!g ze>!j}y@6Eyyn{GrXk{~8Er&=IhDufMnkg<#)R<|t;hE^Pn(FGzYXtq9ee7yYJM`vG zFDlRpsH|PTgalqJWF}hOwlcJ8h&M+74ku!D8%&?R5XqY%Yv$>1}CU}wmA%|nVb*72C)26w#gti7_oEXnz4 zL_tGan=()JW38ZM66fQU0%tVu_6Cz$Qwt;K@o=>T!u)xV_~28e^y$o;jSqD=Dl^5s z)7)1W4}w&iKMEh!5aqYxi8r^ZnYR>#wA?8%Da$FM9W)v^L8BW4+yF`xzmQjr8r+Pe zgl?BGYT+4?f&Vt#{%YEaj?C}x?b6;z25pThBOiza5R>hfsA>_VZ6C1}VQmfLmGmwt zuYV5?u(0!6H3Er9t!j0+nk-(Y;FxNjpjo;gc^}MIokVKQx7h#5F2g=6B!6M$>EQKT z@Q0@oMRA{OBm-jaf1&e>i>8f!bI2s3E|D+Ken-_37SiCN@!rb(zecNS>YBWZ3BS@$ zgiJp5@|lQyZz+qwM-^U7fY2Gw+n1KUd)A)PE!HqW`y-3RQ+nIYQyS~@tI*#n!?=PD zRr7<}Zk1-u&FiY$Z`weRR@rvru%f>0_=4hiy)&08+OiZdyJc#ctWC@3jy z#cxJd6g5>(y@^S!8&@2!VM=k7u#Ef;$E#{K4BDcV;y@VCz45_xr0a}}^r1dJi#D?L zpzEtx#e!yNpI(Jy=VUtgiD-0gyoCZk-!$Yw_=w!;qIw!~cu`q$|%u`^2H!oXrd!T6AI zz=74OOp2*bozI;)KDS<>jLVi5@r2cOQik1qdyCRJNw|z+yf!41BdLjis@-jF;6wXg8YIRF^ElEa;jEHpRhsu zcXMzZ(a5XEkcYqAk^wstCK;>-@T9}=x96baHawjFEl3wA>J}Kzlui9L*7uGC)Jwfc zq)-ePP8SnaPZkvpeq|{u7drKJ2!CMM$ZLRj*s6=PBoSVbKu}VX%wSEUpG+G=Rg&aI z=Xa4vm9J7y^UYX#i`vjw`YSP4sJ_&#d>pSJcMzdDz@H`*teo9G&UeQd_Nfk6=*Vh? z3n{T`5Q;)AJ%VSFmxg`sEJHl-No*;a&1;;E5}JBR9la+b;745a! zo67D_Gt#}Npc-Ffy8bJnsQD9zR$$1#5bog)?JY96h3fV@On9Va+;fs|n&TL2F+gOj zr0%Qg0cDHO2d+2Y01_JK0R**mCC8;t+cwYwX3yE!irc8X)3;{oiVBH7@!8)$$iP0o z1a}qXZPDkbaM&dDPqgs$xAL=HFOTmtw!=@K*L(|}pv*wBQPaBo9nV8s;ndE57}7BK z@eJ~I>ODaDjZXPbGA)?IO01p#_Si!7r~;oH<0c7<9xp{1#l1sfaIuY>EfR~R(L4oYPg;O!NeqGy*2B^a_WUg{Id0WTmGiutiTd2 zh;w2l+%2ZXVIt{khY1Qqe(2|xhQ`*XL8Zj(hT>;_wo4ODWVi7^E19LsMsu~G{TyoP z(h$+#Yd*E9e}t;#j_vt1ryMw?PUZemY?dW}M_bk_m_xH^cNf+4o|Hoh*ee!E>xbS~ zW<1CU^$g%{?)A~7&?xsm%;H5M)X9utzhh(R>j_2xs{Ev4%ENA3eape=!GE}^gbG`-6 zR%xYhxa0wETB%OU&rQp2F4nq8T$!&E*yP5`CbKAi@bGD$UNLsojxqY(UpdU$K+)x( z@+d}bi@W=eaFNv-Vv#5*g~XwCcW9X8>A|2)by5JkAdOGAgHNMB^@3}YU2D}ysWT?! zYJ|Qkz&{FCcX>Q zbm=yX-RrO7$RXswX4lHDFfBYWJ%VZ(W$y&sC=tLkfc;Cu^Ogro-ily2LIqCLpbhk> z^RnA^xzFn!&d4$)*XbBsBCEKipYrtb;@6}J?4ueuXGm7880q*44|88>e(k%~#IC{} z(;okJqs9&)di6*Wb>(U@EO3g-T*UJlZwpmuTXZe9SnKs)E9eyA3JBXTEs~ffIz+Hw zACz&MM-c5KDHqckixUe-Tz*Y$WlRpGMi}+v?bQuNPUBf0rI9vxpJ{RSTzV%4|lO$6R13+RhZJ)^;?E+|BUNNlAc;L%_ZI6{yCu}1)te4TtHW8@mHCr zxkDf+k3Rf^Dw*-CSD%L!WI)>f(Y;G5A_Tw|0mR&lg-SAg zsw!loh7#V+OgOb_ta4k%V+MSf6hlE*rGEBi1St60DHMel&m=){6IQE-oa%AQ>- z(SR7d`G|iHIoe^FF|sirmw$rDAp2lu1hPJtY_bP45$1f$NH$seD8?!}B*m-RV46lW zMFL_!j~ze26Y@$S>KIKq(4cr@Y#8fy$BQ$y5u{bg4<8p1yyS>6`xclVswvq(6>QTi zT4p`YMk-4Vd_BePn?T`6gh8HybD74z+R(U^Vnm1PH%pTk#w)lLExK>n0EntiI=A*V z@2KY3@T4C&qD=8+OM7&EvoXZyCr8C{Y?z%s|ENi+yTf`pB=%GE%Q-Z-%VVUFH@2j? zR8G8bMAgfQSmq}iVI=zzZG7P2-9@R2F~pPGzk%i(YkGu>VSB{_IXiHp0PnVQSJkFz z45qOCh5OCD@fQz3P;bQ=!%=A<->I)x7Gv2)A)8LXq;FjC8(1B8{o`exsJkjj_hXgn zL~hys3Cf82m$5&mCkk7_1}HT=-OVZyo2OG(F~;qE5rucTc?-kNy|Gq;u7W08OFY>G z^Vj{yv902Cz0il%qs!M>nt)~p|V5eK^8 z#2Q@vC5@?tR2#;ly`4Sl8xuu$mwj*<@TN`Xm>9&wiaBOLz8kM{f@5$uRT+Z)S@V;9 z`5BrlD1h`GCD5%EVb&u^AY!e*@UD` zcxxjAp6%jtJ2l4qG>ivSZv5rmjsSnFcy%js3aiwvYv6hLUQ$yuQxB>zGOK7zFy+Gs z1&XlyWU+EPn@M+89w!F6UE$!0>rtqNge+GmhY0;p(a~AIu1(QvL2=K|ug~Z}WFgi9 zk79b2Lw3e zc;6buXbk3dIpu8#{H&mFCEx^S+BU;ug1#`>TQqLcH8re34(mhRKZQTjFi#>Ag29ph zLcs91`Jc8@iG-pkG~gUK8+m+Qub$>p-o?{f?#&qiK!8QFydVW;9|EjfC+*wDEZPLU zSsJC5_1!g^#8#BeV7p-#ITrk*Y8AX^d*Cd{al48qblLn4YtB5oTq&MZ-JoMH~_Y4jx{rSIsblGjf&=EKXWKgI$&-cL+`+uc{FMCSyWy$a&kg_Cp z`CT%;fK@3-w2BtTfaPCST9voB-ps4qEI4I~?;e;%+@ghrQCUnCs0WsJb$MQKtf@V( z^D4Po^edF7Z#6iqKh1vVY*i>X${J0fMP&(4Biv`v6QE*A^2uj>;BH&Eo*hyx@97Fs zd3S^oCjn^8$qaN{oqN!2u}&3F!vu4r!2<92x0U zBt$w#q(ed^q-zERk)fre8EJ-;p?lxs_j#W8`MrDZWB=!&%f(`?d)@1b^ZJ|G0s8PxtSSNB=<>;2;6Jcd5&3oRyBNM&VO3|Zy>F)N>xN)pb0^ANyDBT34(`}=N* z-kGux3jTDkno7DjSdcgUuCdR&HG^0@=-OW7EGgpP-^5PvfUk(+$LSWdRI-HySP3EZJcdVRBrgPzs z<}4u@l#{ncoE3RMbIesNf!nPj^2LIoEgY&j;BaKCZ-TXwPr4dmNcc|pDK`odNq3hN zSA8lJk9+L*)4n6~2j~k7Tg1vBxRDgb|`_pY3t=MS^ z7`^NuEJVGNTig{jiaC7*^ES$hhv}}7gOr#FW<41JQ=TVx9iUMfi`U=Qgx{dH>8b(4 zvX{w>SsV*TyOYkkZzd&vB7PaUW;$t=G&LR=Olw}2m0spR`_%1ydNE(&2sL+I9UaT^ zs4D!5ilIg^0Af6)UEeMZgq`>xMLR5*eJOs*p&jryQ* z+=ahvLZ^{Bvuz?eEofQxF#DA&|omIeOpamspYt5^!x6u#-<_RhI-2s zTGPOysR`H5X}SKsrS1(MH-u}PiXhgMLOpRH3hsoIYsAA9%W#a>xV(~^31>;(GEqh& zhbt;?rhjn?IZzX%eEiI4fM+Acl8kH65{xWOPR7JLGW2VURVCf5^eUkcRg59%%()ZR zMeM?gYLDhyOrn-sO!0Jd8p-h`tz1|Vv|bQIxQh7~oA%D+MDy3IcXWMQyw(jw`(33j z4^$Aymx~Sbx>G7mpMU#*r1&8w8Uxq;L<&D$4L1|2rsrZEMZJh*r!(=WNC)tfrN?q4 z<-%H6IQ@N)V=(o5rZG#fmM6SS{<&`8T9j@SlyqC`O4s!t;G4|h<&h5R(67atTQ7;| zZ%xnMF*@YXrT4K-NZDg!FFMG;iYjIi5pI$DUNBZD>fK}Zs!n61d`w+-@Vr7&E^p!Y zJ1STT#empE>?oFI!Dei(P@y~(>wnM*a}TwI=`Fe+QF1 zQ}myYe+Yr{Grf;{GPxfD35nKsFuI&lA6GHy+SJ=FLoch)apnGGzVfX)M;6XLS>bWx z%V(bjZfu9Vs{F*|HUKR#kv#p=Huy=Ov+fl+=X#|h7ltp_;d=t4WaC$f0gqqPZ5zX@ z_spWsE4#RuQuGt7s&~l#VLiv0$Fv z!c1^{BYXOE>*J7yNIX3!o;B+vUv{iOMIv8i<;4j^UMqEu=GL(DUyWJcH&vRuq_U(Q zS+#BE`#)>foyBgglJkYJrB2~HJYzKhj>v(t-$gvrHpH+(X0juyzEY5ULnoCh~dmURPbx$gG9ng6@7W)RMTugop{Uu_F8=Zx`}NM z?8NJ?@5^_l12#!XLC}~AZ*tBLo>UEkrD4AD31KQK&E{$r`S@-zrw5DMuBuTVvU(D) zo!u>(((y5jFg1?XTpZuzPeMh*DWLsvjR;ERS$a@CGtvFnbHYy>FJ2CMa-whUyb-g1 z7|)+%Q;D`4*c{4`D33B{(nJdC&i5z4B$nC6)0k~%QXeEsrgL*$<4&-jN#}OqPf>X? z;#EnLvkuW0kcvLxNw9)y#^*vc6MY?T`N5uEcxMVQs)t?78t0MO~1?6P9+`@%=ED=br*Aziz;d z=I4!K)Ec#QSgzS~@D^=j#5)aCwmSF`NlKdWci+HOI(FM(3S2eGl9aY zp?z^zo=CE*)tGjBH+Iu3T9|qy`Fj-zfT^c<2!4}K#p>&4U4e!6D*?6u*AZT| za22unzCkC(0OtR^T}Edk@yK!Vd7Y4JJEVEFLuQ#6|KF@pQKhvkWgd7

              P9A4t0Th@ z5>sk8cI~Q}=}XuAWT%+J0f$P2Ttwsr3*2;$kV*c1HDeIjv&o^Mr*L^v=0u5;iZq0= zGUXsqs*U_@tDEeh-g3dft|!3xj$AkjdzJm;L!~sQ+JM&~6a-f4jqbExk{@Bakwrk4 z<&Bc9WlxaJ~yD6>i(Ew|$#TEZGd!RAD4#gL$H(U$H-AjXP>eO{XzlT%>}IZj z(@wl?VIiZk2q&K^_cqVNSBJP9Lk0iN?X~6F>StSuwPi&^_Bo)3mn~jolZd$2&5;8> zE8fM^PGuA|k}&y??kxUQ9}5yD2BG~)*e$hW&o+4DnOfRSQ%3b9{HI6HkplD;h7mo? z4b2!OWxxGf4b4Y}4r1;NNr7H5!y8RnWlj1Fw}>P^XxOlBLTym-dCb?x`U#y+ zS%qq7AmvfUt8Y1c?0vD?$zdFq&5DkwxN4*_ibH%u+<#(ytfx493Qp7-^1!e*awmi9 z0GTgu8nHEN`$qq*=4U}A&?998s68fvWNnJEmj#oMD(_eaMRrBL`8e#^_&N3`XJYi0C*K?lOhPJ$lQW!TXj55{!}|p}O-V zCO{GcU`T`*>)oX29VS2bvU?KD+^{%>x72jnqUmJ13U`>2+!Iz-_^eb52{XRSu%29l z<;y7+k_AM?@XbX?ZU2lubI)XqCVM_20G664wEdS$cls#Gp=>vY6WO@_V&AmrH8|h8}4!k+G!h%OW zx$$gJm8XGHxB4<_r!wOB8gH&E61XSC3~MtuSj2q{lw)M_G?n}0S%;KC{+t9vQ-`sN z94CY4a!QoX3^GJL@_{K+S==BN7Q=F^yLm*>-sH8?0!9B~&nmqeR{ZOp6v;7je%?<|u z21);XhiI9Ft};o&_G^IrL0Jj{O!6=chp5^z=&=;pkMt%TJSg)h$(||B&p8ELr=z+D zAg->;-#vLr+raV5`V%CY6`&{k5xn}J0%@au@S4?VXEgxUD5Q*(T}G^G|3&fsx0^m# zAh41xRXaHQ9munrY@qlsNo+EDCyN$Qc2&+PpU#N+9v#rcJ(v>{rzrhFsm zx0yZxp9JVCv{d%eXIm}2{Th>e?Q2c5Z3=(V+**wJm6sF}1FvN0Ne1==OZ&QV_oP+>`=VStFNK9ulxqr7>xG(Xc-8>q)6vvsL+0HyqY?i;l`RYwScU8gBA9 zX#K#bzC+DtZln{YWyEzc_hvy#rH{k^k*e~UdxI*`@`wuamhNP^E58hV&=chsvzk-L zOrB;5)fhG@Lly7}>kj(YEG>d5w&bzigvsR3cMXEgbv8a>&mR__U}$~HCh^%nf8Qo! zfvfcf&Sp?mLW`MTzP&lV{RJpD(7u`#DlCd2(iw?9?E6)5)91Xm7@L&PV+HMxXKj>O zl}g6zx)~=sT_`5e?pH*Q6ycsQ=qu${^VKlrDjY`r^y8n1&b|9ojAt13`FPfurT@nC zb77uq+)k1c$=%!f;cF6RjQto1krLOiuswsp4~zRY5;`ti#fyKECIVE`26W6e9Dn*D zZ~r>kdj==cG2R~?qPSwH8HylUxdJaWrdE4gZC$BFTq(WJWc$ zk^v+yS|npmzCjo2F2~!H4P_nnJ}O#1RsDoT@dBb$Wa6S)fOvdAgY9i$ysD`3ckA6@ z)V&NDLV9$j>0k){ppO-E>mY<)R3!Y;;A>l;8G1|7 zhry>ZQlPXME;vdcRnWamC*{nfE~@2TwDOf2v#3N69YgK|adE#De(0{E+;++?wBC-q zMoeAbM@8q*71lhY{4p`i{4KA~cURE>!OA}e;pD@m=xh?II^)1|UhlP(TSb2viT$b% zSC#a8+>BnJUK6L0ZaR-|G`N6un zt%fv-UqILE+MYVvpQ<#pU?vzxN_?ctC`8D?$c&*AYpi_r;ua;}G_d1YjI3l~y(g0)1kGGi1GZY0 zT0%8%Zc_p4HD>XxxCx+UE0Q~9#Q_2UZW1>w&l7;NrV|zmI@VC&npgmS!EkEEx|%e` zCrMfj?a{l(`KuThp<9ivAK)gy{A*?_gN#@>Rc`JZcU+eH=g zh^&@pGOj2ykAv6~oqPA0yXyQ|$tGd(4n{mWZBxN2wv10Nrj&N9PBWE>Lrjl^TS#kP zm(G8b>ft`W5_U}lt!u@KfBopq?gyyt0hh$rjVFyki?xCv4Quv%iIFxy|6BzhTzZ1L851Ep6?9pff7 zmR3~c(&?@Wxa^WI%X4KxIGw19V*(yKGwewftxJoTF7C)-^{&wt`pBn*#*VePGXSu7 z(wO;(P5#cLqV1Px?4+hghT5_5xuOC6gO2Bo3un(*%EJxr6=8@6ur!-ptC!R{TR1OX z8ShvvyrvstLan9&1q9rSvHBcD&%2LEFBY$#47{4>t-!KENcT=PB&767Z%~ zLqXOyjBOX>Dqn3|_=z<(_YHhI;U!yRX`D$NChqgIe&MzK@&Yx6n{&%x8bZh zU1OjE?{Q0bQ5ld&xz%cwvFg*@Cs^bE=GA$}uQxH6OF{YdT!6ksoWg#tj$_bGO=&GB z(nMm5Ku&bfNe$>U1Km#Z&7a}hi}JwV^o*Z)HvLtOz%O@ZoY!8PQhe+>p!GNJ>5#c2 zfs!P<;#axFRwxV+5_{a=T+a6K%F*$xG?x=&f zsY?Z>lpUE+&lW@N%0o?PcN6bghAq6XGak{{3eGv`W?vo(X!AL; z2NU`PX46jxU3+j?D?G*WI0huK9i_a){I%9-_hXdKGLzPDJR22WrMqOns(9niCd;;K zJTz)sDO|^j*=~_R6#(7&a6|a~Xzgj!Pt}Y4DGe%0(G~f)m9aCMPNs9qu~AxC~3rNctByU$Tg6MnK_ga8PSa{2ekq&7fNMh~Cl<;eW zUm|l;Q1+4e8Y#4S=in+|-&w1t^FsTjeL0(f?u&?CrHD#4jX1tGr~}Y zMY)5mlaTP!@vZO?{b?U*;b{@{nM`fHXTEB=ky&!-lc{}%>nu#JCihs%H5B@pUc&|G zStuWO4c4QwRojd#1=BTT=_SS?Hm0m74$ztTBFi;dThY%h-8Y`QT?6S`ajGbd4*Np= zf;V(L_NGH6-$T)D`zNMw4Mv9i3^uVEb_RSBJ{8*E*dJGvK6Q7_!U+}YhG@R`)@HdI zZl~Pw-V>EFX{dK19%`-^i0|lMGB--|0N^X7nlFNh1RgC?-X=1#y*=4q<99v!Q*&j*I zCFQ%Zsc5xlUWXt)ZZPoNnv(eW@>P16oPTO&@0_}We+x|@iCM#HgWRFG0(14}{!fqf zemPG)w1Dm}zo^!(el5~T;fm)bSy}S5^j(Wg`*_i-*edXzwaw_^M93WsH}h^w#`HNF zLJw(%n;DBcYFt%375-rH-Z`|bx8LSrOlW9%FKI&sa-se%&qEqy?M{X1 zSpVGnpvtJwv?wMcMVNRDnWjQm+rr(83htrkmT#@+=ZskYjpE zH+dTs{bSUg*m@G^YL&Wfa=h(#zPaA^)K2cv+7%sw%eJfB80(Vwr>9IEJ-J^=>A+ z6!q+uubO%JIS~cbX!t0o2hBd_z@(QnCZpFuJ$#V z=HEpx+?di(FI=Q0nG#+29g0nfYC~QZ6}OBh(DCFD+;^}XBTdhIL@`TZ8PwY{As;x6 zfZ14_Wo&*Q7`&XnwnXw8M1=_ZEt;?vr_`~S@p33pNs&A%ir{=I@)aYbpEt*# zdn8nQUtEYgMzY)WBwbqb(r!q<^*UKp_K!$rmo*&SQ9@Pg4Lj23iPq(e3bT#F)1a%1 zPZT-SlrDmpWV8Ty^cx`nNaFpg(s_e-l@yZh+2JJa&eRC-)ndo<+gp44@jCNaX~_8|J6S?gxhzBWgqhog45{kng|` zB9n;Z+A`=OUdrVMC~vpE@Z4Z@reW@8&I-@QG@ZbOV{080A4x>4y*Q=AXiNExe^GB7 zZ2@VJ!M4$Pcbh>@PQK{W_y(oOq1(Y!Iuo zmRD##uCdasAG|uU9h<-}6-sdvrLbRQA^eafWbb4Jn>ucy_W6!$+|#Iz=y z<&yofbn~BI3aRL$W4f9;9r&f9WK4TPtg_w4S{``s{zVD?HMzkK1S6aLwj^e^m~PN;LEO?dmO;3)A~p7;QV-z8B(INL8se_bB@a~ z1ouB5*gs~){R9nXO|2o;Qn*y$9wcK}6)h^C5w3PDOznskjRp9221T54w)slUck*H7 zlDfJ`(JU4Fk^huGOrp)vF~S#=>o0x&d?T=jHc&tmT<6|GVqUmJ^2n$s|2g_U+W|Bw z19The$;wM_RaUE zv7j|e>7j;_+4g0aL!$Pe&2Ot3FPyQ?LGEJQN32bqgBXLlI@xe9`r@I~#qJxSe`rd@ zapV1xC+qzJ)K3|TDx3^4mlQ(7W!hqZ@ABHO(w$#7F!^}*?%ciB2!g>Zi3uu}Ti2i} z0qZR3us`>mWRKc4vptOH~?axroS_#k?Br*NAYyEbntH0<<=z5Gt+HARkLxN2dv zaPElkvBf(qv5i0B+?(-TD}`O09dw@_?I1FhSAR~_I6>MHWwJu-g+Uyp8Z&cGF4DM9J_QohzylUSGPlq0bEA>j!bos1!v6nL-z zf8fqN^GVM3T}zAUOxjW2Fs4dt@ZD~7?Vaa_sR#C|7e+LT5r7n~3sr*`9>|KHPv|*( zX0BOY@Tk)ahrgxey%1rMj#L< z(0Y&V4t-eseTMOo5`(6`+}MYy^RW<|D8JOG>c^e*So8Bo{{O!xs)NKCqqjZ+0X`|( zX$pV=YM`Hq0oeu+L;Y^ZqO)hxF-VyWDaTa*DxW+9y4=6CsNx;6BJe;rGBq=V5W^x2 zMvzYQ+L5M|KkE~8)-vJh+asEV(JUldA;o`tu-AacB_#IYzn`b{arHOJ$|N3}OD3=@ zqHrDydXT|(sa`DHZ%dFlX>!L5qAG0uOd0xR+|n874){|8#~Rl<11D_03ZXj))s%-3 zH&qol7GIg8VZV{3rVV_252=v8KJ=IO_*X@4zOhdbl}`nV^*0w*?f@zE+I*GlKm?Q( zc0JhUfuLQD=iq+f@ip(+{b>UWrQ`J)n6wB>QF~3>>Pd!i)IFc8EJX)wG8>OpRYmd~ zLHF9>ZMvz1szy;d6RUoA(ydQ6s0e)pl(PPtoy3ypqQw3RfFz-lr(11m(maJ(nGVEybep= z5HWE)Nab+|mDF#Y;Ca8fmc3m`zK_-q@%UJ@lR5*FX^S6x?DTQnz;hXYug6%i}j|Fj{-3$2I zg_2>?GacJu-@M+7`@Gw_`dXR{%!V*z+a@1`u5owPv%^=drR~CIaS=QrxK7Z zrt3fOj}mW2uRt^pF2w~D%g76^v9A}Ac>3zh6#EWDtUrLdRrQ6q6SD6B z`H}DH9mR$t;q$tH?#rN5?5o=VMfQ{QLzqW8EZ;x_=6(Kfq4m0MB6gXYr=cb`t(E1A z*_9ZTn_)^w3OTw#6$b*rPdk8aZ4TiLp0Hh~gxT%6j~D)+RWA7={Q614Q(bL!W$TYu z6P`Ya?dxydRjPlJX)tPSn_T?4auUV9elLZzGhN#{U+>60RPTt{9gmfXE6(|{hyEA!|8F4t{F4N$b;MXoHhth0p>kHeMqnhRGVEXU zbTF0tKj`U}&qo4p8n{qfO)AQ_)0ch8^#cB zjz0MzvCl=&1tv3gk7tBLwQ)P9Uf1j8>1DBpnVou@X*drW3)$$5hY13K7y}@9`*Of2 zuhn15ud-iKj6XuI#PTY8^@>OiM#pEfZ4ZmC8|^yx5coXkznt~dtgU2)T=r83-YR#( zNn?4u-;62bD3uC zcd(5ksO*BqV%H@6pcMFftF<`k&R^Uv{s@p0;)TzEFb4!RQkPU}qp~y2_;vS7c}<9{ zgR`H4meynQhZ~B}lm}E<-9uZYiPqFS@igY!-5y_(>4#;Sva89IVa%V*QAJiZ0k!&WojJ?^oCPBHzBS zOz59`RHBPXx(ls0c-%+RO$_y#5#(e;FZ(47xEojQ+aFNbr!&D#VG-SF@d(6YP0J>> zlUthN1B=Tmd9f+hF(N-+i>JS6CF+wB37lbMEDFEvyiCXu$=p8Kga0=OeV_dS_e4P- z0zjjF91?sbTz${8@OhPLl47`PXECSlmr`21g^F>gPr_5zO!1RhUySgQs*lfw(ZTyWH!y-2Cm)A(J52s_$+;Uo_7kHzpGSR;acA~8&}xF_}GFn z_}o@sLSHK9!X9tQqA^P$+4w$HH?62GH{8CdKW-qhC8;|t+7rJ9z#RB&HWfyimi66O?C?3n8N9;`dP8XglPCdit+3yzZ0LJeb=~fUd*?-jP=aDXRl($s|tbP zvq7KuPLFd!V;z&}k0}Br&+$szkJ@<(I?dj04ZtKiUp|6jFk1$1`Jz1Nth@6G__di8 zw5D&PZwdupmx)%?vJQ5P*~Qt0>%Ck7QbG{#oZ>wLrFKe~`Sie~#&&75v}=G%O|vA1 zQ>12GN2GGrN>Oraz1Dd3<~TD{{Y=4_gEv5di1mDgz&Ysz> zQJkQ{TBbi%xmYVFIEh2Q>oSbMvXZ@00sr9Xqt?SQ>saM-b40#f?}wP@iLt**O}d-5 zkZTHI2U95P)knd;>t8w={i~l3$WjYBvw@aFVqvDQim3a_@3(>rC-I8(Zhk}xm`*c% z{Jre&x6zQz?kFJD|7$JEEAtqK7S9m^`G-vOHmP)QHd1`)h6rNy#dzKE=TiKdW7+Y# zec58s7kRtyk8AYwuN>dDai6kNRJ%CX6lI_Gdvm(HH{vR=mrDApTfO{qLLu6M^)Uf7 zVOh$YhZ0e5s^VYyO&yQBxI>mYYs+Z*peV-yY5%J$fdgTnoUAzXtJr5Kb@x!+1W~-8L9LSSSR}vqnBQq13jyAr6d-9(_NWo_0tu zaV~yOF-ah>*;zA~+*6i(;gPmVxXP(w#h`Z~X7QmY-}_6Fw^z!slT_sl883cW>u~)R@XFtz)WhB{H{TUX z<0HUF&_f!040an)oeoJquW1js_@A$MI$x}wU?yrxXp*a;x^3J051vtePn5WFvWtOS zoNWayV!L^~ct}aa|492BV+ub)(MZ=I6>|=G3<~#R(EUSr)Aj#bGy!izFV11)KQ9Iu zwTwi|=5ux}>r9FtAFrQTd~T3e=ICgL`ByE%Y~~mHwu*jqFJvEc=vseSH}EQ6C`ZWe zmo~}o5A68Y1kVThMq7L^-!frk(q$!_RE%{^ezwaxD1w~RDjs$kFXKtbe-<+x zTPjyAtX|O;Egz{6_zqm1?J2}aOWr8zJBzg2zreew0OE44GQaHq8l*g_mE zWcqE!&&Nthin+p05m%eZzV09Itu^^wGTH#$GgJTVcI;Nr#iaVq;^f3S{MrJf|HZpG zJ&~19rTC8n21Pg2j^azR>Yld&TTQy-bFrgyv6enG)Hr-#WB%t!?`UR-CQ&Dk6x1cp z92lU);I_$se<-A(pYT1>DTeX7Nk(IeJ-t;ql=Yp5z5vy}rmQmkNj6g87`!ytXChyW zQ)rDmKGT{6q|@qqMA3JwxqYV9aj2#>xBX13Z5u_a?a@qY?3P5E#}{ruzp)VeS@0>z z(8YkYqgtFCXLLf|r)V$B?-G?0!Yl!K3oF#~)A1E~B_%=012AWGiE>fnzG6Z7F8}I5 zC{7sg(EYo4o-2zv%NvsK^VD-)p8VO50&}ck?=#Zqy~+sJy7x6{ZyXTqzUST%68l<( zm~K^*Jjp(HA>zomaxNV}8(jlkI(#|X|FvTqJe#Q4`Tm~cG=23i=d zA;Uo`Z^(0!ZH^9@w$RXm*3VuOLL{*xqCRE5>=OwR3qJmSOH=6xyErWZY4xu&Dm8vw zY+UmR;vXkPLq3y6#F2-gTR6_a9WFGTb70q4T5^#^*qy>?j0a4PyO=={872=}DU>H_gsV=aQ>(LvJ_ z3dx&y*58O8UCc@rAzc_SClns*dn~K@TdLX5{XoFqpl5#RaH2aXZ7V=E`TY?E9WFlI zbmREm^G~SyHWhl53o?>FrBLz2;wd4E+!%9<+|4PF2%Pe<6fGtt-5n(2^*g zI%OCJmJgN(NC7kYUyyBvmCvFAJ*S&PkWmc-+4IXIZYJU5n=~V$0hCw2Kk9m#ZMo>z z7f(O`w7Ufav*XUyCdFRRwnd=#STW&W$RKjELGy{+8b&xW=$%Wyyb@%LL$h~@fVSEj zshj7|{B4q1nn=Q99|pZRC6@=;CwFgpojJ89gC9{Lt^XcYaiIhbV+@k?1@Dp|NX&r= zlCXXC(%M!~f)m;>58q>tp0$Ya^o%_}ytpz-06T5nnZS}^ahvIsliZe6*BaWiA$ZWs zK9tntwZ%;;d6;eLw^5^0|H4wSHKM9c-GHPG+kPV$C;~--dsXoY4qz6CWwly4vYY4W zfnCb5^_p1Jx7fPmHy5KS1AP5juj=AM6}yn_3aeS|0zRu7B04LGP@R?Ot71R=ZY*@x zEs4IMXHWdf|7k6P{^i2^QbX$leF@*e`2f#~y9LRw$GT zybUX-tO#1pDr@MnH+7b&20Dua7}Gr`3b}X@0LtE@efMXIkqN~eSKI)*WF^i5Ph>)X z!DzjPGFhANT5G_@)oR4p-y&0-92AHHP*}xS1R%IGb_d1bQlG?&dR!jA1@<4r9!QK1 z?)d@!v~&t~uZ9wVJm@u-1vlQ(mp#1bkIh*3d)yFvH$O&~KwJA`vlnwm5YSvbgv;d5|L@S%9Hd#rUQL9c}p4jz2!0hJ(B# z6)yd6=1Z)9)t8zwy2RIBA#OtU3LnrtFR@hp`1oGqK~8e6>aXkU2j9}aM;6iD8m@9A zP4vhL;z9=^#%tOnHzIn^qpkxg{k^|bWhJk@)sdhAOL+}OH;7icVrR%}@>91X6p$(X zI&(Ng>5!d9;7S-}9&5jR)*cV0CO(`^dQ)zGZUe**FS@?Dx+kgKLsP3y>^rl`|EQ2@;Z{#rWt_wlt_*Z1xOW_m@IL6E3IP`97?lj}e=yD~u|t z{Q48@>-1zzZ@q&aN4=+JdkJ_LXSSBiSgmq%39sIFNY)JZ+;lfA5o`=G!dyDx&7z%0 z8{fsR_w>;4LbU4@-FdOvd z(_tsbRNgcJfBLy*Lb9^QMIicC%D>8pZ>j7hx(iq1Hpf#qP+?<#xMy(RvMok|y6q8I zPWulI$1sGeWJYJ>l-Ln?mY>^wX__Y{cYp@RCZM6aE17ei9Vtxh49wpM?jirS^S*gC z-WGz679L`WS0`Gcvah_QgB1I3p->pa!OYreRJ!bkg!%Q-S9*8~dPdLQo=*Ai^o~bf z-#)X0rMFO6T6I0HwT9@HY+HY0Rj7xyoOx3Ac@=Tb6c?h3?X!4T&3zMPci^n`+HQ%o zFPtcqn^<*80-1FiNsPF44g9(Je+BRijc(ox(KOr-RWm#eg|Cmb)7bXp_5+c_*xoq753)4R@5nH)+P%bH(11~edB^KszbyMdak3xh9a;Y4_S z&*elZOR%@YlIP-yWX$eS{~x#Q+vu-3qX$U0*nn;(P&^XeT{^mr_69d{=31KTxdEiB zmQB8W+JxM;#S)r6mnPglu)UmceRk)JEJfI&e=zj}NwGJbya`=NIttWGDoa~=*3e7e`(E|N>AdAQnlRZR(?^<4cE4Wm zv(hcgSa(pd(-dJMbxQ}y@8P>&37!Fsw4MfGQJIaIg@WGRFJUbXC%YvU85aSOzjCs` z=j@a4&yCriCp!m$_$ueawX>ub@Id7ED9?#HNQ@~5eplUwTse>1S95f2>~4VA;ny3kj@T!Oi)oGOP<0-a!lc zzH%B!w17R^C8A*J@;Mq9t~YkU8vG&33~bn~UC#`u-FCCwrpe+O~*mQ;)bF6qVtI^+3Y~R~6U=r4evm z;FqTUZ{7KZQE($bd~8DbtwVa0)V$?g6(KJkFr=JuT6!`s+X8=gw`zapleANd&HmKIvs*-te7S@JeG6V8FGP!f^b(ETd-BLDjIJ~E zOzp?1XDIE`wN}CPn++c2I>0BAlxvJzMr+6Q9hAd{@m+SKhPiyW00 zsCA(i+$cFp#PK~e)YDMUUU7ET8a5Vlnt0YD6~&f19m+-ao&0?eheMd{#*~n&DfmpDp|J($ac6_MJ8_N+Qn| ze<#-scU@lB5n1ms53Q;Tw3CJQ`LqEi8Du4+i6E=MO>|ubMtv5^9@qIR&A_Ky`RPt= z4J|CC7YUsad~Sx0cg|32s5&z|T0P;y4v~T`B`zdCX}YCHNP6-bme~wvw;_<4^kw0= z$(+al(H4WK`pCRj+Y(t$pGQp@*=MlWXZqNAjtO#3KKO=hbF5Dya8v)atI!_ZW$oHJ zD1pgO1mmzxt+SqpJU-3+?!O6g$t0T$9d|hThD>h;`LGu{z+j@za@W!RXk#EDvX8$dq~Z zsAy5aB-q@-hh|dc`s&)ETyUFP01?stacw|8;A4Z56m9|OvKA$^G5DU&ld_bEy*gi5 zwg^m)PLqVA11}&tKeDBc7Dv$wG&Q3Jo;yqB_uCR*Bg>KJKXiHaUAwgJGVW}6O^_c{ zAH3v3TLhgrSv8^OW1!9aq^zl97I{!+4rxuCGLy2Rr3C(CV${6r+rM4iF*&+lvr1#2Ab1&zFp0mq8Cs4#f{Wo|pX3+<4|A%aXh}Dg zO{7MKsQwQi?b=-S+d?d_uD&IQI2Bhe zszBR5Pr`i=ga9&d*=`v&3}Nzv%AhyO+%t)1HnhL+L#w3g)H>0b*R zGNGv9BJDQvVIVX{wUJ6ajFmht5jOL+l%~o78?5-y7D2EhZa?-VeRm$mmZyu$^^r+CkpN=I2Qu=m>Pa zCO)9Y@KG+Dq|e;>wfAoV^4Gtm>zQ80X{|SJ)K1d!mK%P_ZN4}^;f^JfeS4iv|5Fkt zyqmj84HQX48o=M1`GTpmQAkn}bRhQ$9Z|5nZp=qjxTh`gY(e^$TPLWU8$8X7b?Cq* zF&+zK^Asqsb7#d$?7xT9H9*VNw{7u3=dR86YmqH>!yv8JuQpE_QEe}AQ*;N4JSw1( zSxoPv@}c3ki)sdA6gmZJREiW1;tf({!*{ui>ziX~g!-o2loKC_RKAuJT_o!U^1-el zO{on9UDYJEStZU8_%gK#&Jn<8K3XU}2+-QhCb&#$-TOOOv;6PlDrROM0*-g%!Mibf zlt)7Ao2=k zr~v0*Rtu-R2_7wDzJ{SW+Z(RKTkp~xog8?vb5_2sQ$x6HO^3PBS1q%*e zU=j8M9M%1DY3M>etaifSR~_x8#or*`{u5sVGz{H4YbEgJkGZ4E=9ju&`%wTD!*LO% zcbky!&*@ITn3elZuaIh!=SIG6p#~Pz zE}LQ`G7eZXy=6(n)*mTq5GfMizv>fbz7!Bm{TK#$>VMHubT`jOdw-pTF^bG$-S2E~ z)C_p+K0XpYn0ooQ+8MGIe1rRiPx$lZv;E1K;YY^TBfxHy%6SWWGiPI}p-N1#->Dq2 zgq1mZ1nXI`P2y^}3Q3@4N{Q1`IP=cA#AwsZ{OYspuX`@c>Ex0M=ZyJN285KBbYhnihNY;p-}83SmbS+&St4zl+qXL&_upPfl)3`!blq2e=4_(Q z=FaWx>>A_ya7(Q$Blu=^EX1bHYinlniQGq(rEOuz>u}c&jrhf%VHOl8+?6c98>|pkP$is0C_fG@(C=u9h@H>ZdqsIZIWUJ9w_{Ne}1DgIa_sdZ z>)rT1vHUwyqT6u>eN5tPP|PgVdA%R%#$|=*HDFtU5;=(ETfTb5XZEzLX|wADtUA!rDmXk}5+aWDZO9X?w&|o0 zO6b=!?qZ-&&g-h49>`PduIiUuBjh~T0Ih@s&}FNS*DhG$3s&opSZ7RbE_&7c654Pf za2}P7mBkZ!_Vv<1dQXPfDB|`jLfrx~%S$rtyj=H!6x@~JQW+7qSiAnrwq=;P6FygD zgh+BHvsa-83XX)G|G1p|R6RQWuY9?DYglz~S*opL;NPwL+ZGmnN6;Mv^wj=X10&DV z|0Pxqe7om?bOLWNtxL}oeG;|?@K_Jn|*z}{-Ct!nIY5V!~NO*&wJ(78rO#oNTKr0aY;bIAeV3mcF>}{>E zy~ZaAGg`sMLI(<3Oolj5qO=EH2Zd_UHXk4hNl@NYYTxa4N-^0VB9Iu=?T3axx#Yj^ z8Wpt3dcQaKJz9i|NvzmVKYXUmP%wP|1~2pU6swZS>*?hTuS^=2?{^h$rkbnKGZv3s zL7hYk&8#SlM^#XeCa9dpw=Z#))weE2i}NGynngXJ@rkNrs(S{E!WOQYe4$FK$Bht9 zpMA62q(P6%+B9gYHH3wX-*!?sMtK=RH<=vpN4OG_#7Yk5-v78!9CEn*G#b>K6k$At5LyM6!-=@*&O*q7F-s_zF1EyJ)Bj$6V@Zg&8nHXZsW}vO-pjWhmgHe zSRvEUXl#N2^@yL0vAFuGKl)upBqfjM?640yhHIl5sz@$^j-jjtDaFd(#+X$(bW-sc z8T5N>Z88TZXo#9B5XiIcPN14w$X1dvnGJpBd#wFK6HIwoL?hK?JJeF8c*Uw1Z# zl;=~`7Li8@l)DdF2Uif1mHX*OT|gVKdz5f_9UOqV58}ZJ_;OF-P)rmL zlgxuVvI+0NZlRcRx+8wLx_IXz*kwZ_73S7bdtg29ZFTlI# zo+V-&zow6Ryd{caxXLRF6ur{9U^bDMN39N{A#V6;k+w2StxVo`!|3~nYYj;)QRD;x zv^yV$;{`)v;$^D{#QqR?x>iP2!{q5ri0Z_xs*+>P5_w`eF-wn8w;W82tP;n=doNM7 zZqQFyDO+-$5fV$P3hOer#Izlk2UD6PLv1X`{6>?30qn4GXsCo}c)OWmgx1ldXfgWB%4; zPMi5=cr4@$Cp8(N_5J4p#(>@dJZ_%F_(VA#pPl$8JR5KN5ns2{k0tTe5p6})}G z*Pgn*B{+L&NfH!d)+Nsa@gI-pjMm|)_yIK@?xj~aM$(Cb9t-n-Wv-y~LE;B~&dUG! zIsdD+qfZyQ&Mq;)U40i#3U-y7m5?kTv3396Uh@IZ2q)K-?!;!a(*;>SejW4^kQhmQDEjtJOuO>l4t47_i- zXUp+AjG42u{1mBDJcaZ;P$tN|@4?7BnfoKwUt(lTqud%%-Ga6AwE`}r9adFkEVXf0 z(Ra1+I;f2&P9U*pHECqTvj1hqpW`A;gHVTjvqJVbO7arra^N+uvu#;G_C(VQ`osQcF&~=G&(2X7}kzULLrDhqV-asB0kK#=jsK>^#YCF zT}O8;NI9d*JV?fv2-#o^gbgN$M{DJduN|^E_3M}1JKZ-*c7gkK>xHAv7)so~JpExj zX~{OvT5~R@VDMnHTWr<*xhuv8u{tehQxU>MS2v2=Ar`n{*F2=1&A1x%#Pa zqwWbQ(M1_hn%cd_lnn#FqHlom7n=N=1rmVr=(@MB)dz>YLE@KXEmrMB{uR7~wHZx3N*p z(y)S?!tPsju1;>}eZ0%CX4MJH;sDOJf!!esh*$$>_C;!|FiJL_UKE*wU`}Z;PgIdV zN8WzYmFhFo{A7c*NM%)9KJrF6SX(px-QP8 z;f$=j{F;e@`ox!51}$_|H}9<-h-jDmg{|n$K_QO)ch<~|wtX9X)^1__`us~%=3qmT z7SQacs3ED6sBq&G&V*}nNwL%RT31s~R%yuzE=50iRVV5g!vAF`FleqCRo zN(V)S{+Kpi4?{@Q?$}{qj@KuiK9fDrdQ)JI;HXrtBJ;St^&|h$=5qFnbw(`5n8au~ z%J{rE3+HU_E|eOyWb3Sev0*xop4fsGxI?we2-p4N$<$Syip*L;_X}f>D6{Ms+>55K zj}qcum#py1wR{kyy6VHP!VyPhc5znk>pHe6f>-kB`2E{SvsR~R@m=fHdKJ$NDN~*w zmVQ)UT^p;Ir+OFIs^aI$hsG5~clh;@BEX>h+ zOL@@OeRmJ^Yp*j=yfHkmMpj13w(8ww=1R{ew3y+mNj5@Q0hf0+DxvTIff03yp3?G5 zEPV4YHLTctF&F^EWPE2gE5ibsLC2lI45Csut41t#V+A}tM!f|Ptd6KsFb}=zsa}-F zGW{l`0VG*V<*&PZU?!yYDZmu(HE2Nnt?SXm*GkqE0NI~9%3owDwk*+WGL{{7*1UcF z2t0jQH@5vJg<{bXD^T|&!~8M?ZTyC-@4b`QBJtpMB1?cezv}@KAhN7fAM}c_IsL)Y zca9!rzc$6&KbN!U^lq-N4ZdsF3!N0d|AsV7*yti@aT)f-!A9#Au?N>nh}-vzJy<0l zD`^>^Xg#&@!-=FW;La|4B5mGc_W|e1I0ertxZIxaF&cK03L-1nTYCU%*MXKNhsxa9n!6rHJ4ZMJokV+S+1iVBg?iaC33!R zi??Zmxii;n=r+G#v71vinxBfM%xNclcwgRehf|%VMsDuz|0Y?;&Z^}lE4{qGsUV?v z%M8cBCt%NZy(2>Tg@!#EgdI6^XO=ch6YPhl1)DhhEgavs`qppXnbqqagjv-;n{)=O zVD;rB9I8-F92ZvjL97s%1vBw-_ymw_L{Z$R$?oNS1)4hQpAaj$_sW~y@{`%O`pHQJ z_x~Xz>s2i)fBD;+a#i+}j(p^~hHmZ%sk2JPwR%oU z-6fVi_aj2XrEbOLb&Idq@zqlxv<rmRp%)-w-W^@88rLX@)T7| z0ZcnyIdQ}9GtL!^8;>hv9OVgbjf(U&pkFn)hbET)lOAd}5lE*@ptU;{`6Q+1etD`^vXsPluT}r~0(*qzaz&o7?z^lO9|+amn)u>3op(ATYvOkSUz;tc4Zp8ZtxaE>cPuQZTioMlktCtEtkfi|-0XS*O7O%A zRYh%6ML00G>p8ApT!qXtH1Xls<4LVTMxZnLHf6y@V3B7aXXVoR@%2uvjG3y5!aI(1 z)x}?!8~ChTzS4Hd6?knb&ue3>B;U~YQ#iOYIfA+N0R1zbt6ro24eS=gP!zOH-X?N! z=mx^sS6tA32Qckq^Xt1ISur_ssNoTS#%1rZUG_8O9AmHIaIea|+~+VPgI%+n1eOl` z$J7*=?3~c}2&YU5{cTbjVX<)fCMM)X(_;x649_WJV(A0z@Pbej_2Bug+@rK6^PM&U z#%mk(eocx-?dTIeWcWG70b(5bTO#TC=Wo6{<+=y={P{1B#cX=5wNzG@zjFyXoFzbu zYMT7)nO;%AX;q~X^ozvDH99W2J))9kw5Z4LIX?$!M>0>I5S0-=dhYnfct3Bi(vqd+i<`w4zRrZ#zpeAtJlW!#wTB{P^k6Cc-1));A4XBJ(c3z8 zqw^g_r}vM4I-wl;(0l9r?Kc?#V~Lk;n04Gb{k2@J7*%mTnc^+w@j(5z8PfHy z{p~mrr@C<*!Rx{R@6&$rB-V{H(t9zHwstsG#3?X<^7^eCR|FH!8Sd>MxO=``Qtw&+ z+ARd{Hz>}c>|%R=fobQ?lBUG<>zP^3)DAC;x5wY*AY{w{|EpVLoH-s+lKJXE^Uzv7tpwX&^dCOnRHs%a zO3i%mKu_n~xuS#@@04_YGd{a=V%3!?frkNi516kwbwUdkl?~5s&qY3d_Chx-z`~O= z=&a$}*SFs#`&n)jexBg8Do*$OTw2%m-Z`cwZ6Qg@tSL^kudggC_q1CcuUFfL;Y+M1m{l%t%r0LhK=iT`dTZ6YilS@ z-o7XEa^nROWVm9+$?zbu?ekfu_a=9~xeR-xxI{*5kVOls_CHwBAc7%33>zU55SCU^ z`7A1*QSm%#8e!A!wOD&(5d+4phuIRHu@R^*o{~2nj9Ra- zLfO~($y18MlemnBlUsS-8NSo%DBT*=>!NZs&$QM)`&g!)_|-&b6FY%I%rE_T)7|~} z6~VpvR>51=w=q`N@KiHAImNH8Yb>ZVc-r6;_w?Jv6F|TD2MSTH?tot*RJJRw7na zcbcsCPhG&gGS#^fP<$uBvyW5=XuKPnTYjtre9S9UCvBAIk`ND?^SuQ z=+z61{aifyk5fJg^#{1D6hGVH$FsNUj>PHTgR4%TKYdnUU*(;I>rOuB2Jdn8NAXGY z7aTHQpyxgeC`b@_*)Lo^NO#X!r7T=tUHWow#cJU)1=F;}+h%v~2ki1vySIWT>gi4% zo(8!(yV*%T^V7v!pQ0<|eG&#PNG)io3|HrUGmi6)bYPY{=ZL7=;v$ysN?mPGVo0C z7@t`)lG7*Eo#WkOZ($Gg+tF0PHjiJoeV935`H6akDqB5NR}di)QT*UpE*U#POj{b- z=jN~&A9#hd{$_fqol2B`yfZwZ)WiL{8hv%~ zW6Z0K6C91Y(`U?bT&~=BoGr!7fv`;iykeZqbp#{Riu&}%|Be4_fZ^)0Z34L9*#yhuiDMy% z)q19PuPzsS{}PpV~9lB zW8)}3^;639MP@|1Wsh>}Sb;;hs_)FfKtWO@`u%M9%A`r{g86MoP&Au7NqRPESm$!I zU$9`li6Lf8GVz(BGIPB8JSaYm@ApL3Vj8nTDb$RD(P{ZB8RuFgPh5mR?@P$IIOOrP zY@I%XgH1)>5+90Px_`TC@0sX5a8}xN+HmG6#W&Z!9>#MV@WR!`DVrdohpa^qcwAB6 zrUOQ-zN`xnbG&PkZL4pDcZmHq|8U_9JjH3GE7~N>DkLjXRsa2SHC5-=W6X`Sa!-bf{_|fFouD-Cod1 z$r?lpCe3t~pf@$w#~BDN)I;?HEElTh_x_KD5^s?h%LHaV;k=Xl%9qzu+&frd`g1E# z>jaHtp7x&!%P?OjkElBJ^^^5laxvZWU$o?ULAKkW3(^G}O~rFR2VXU$yxpDNkToSb z2k1HFw-b3h1iki4AUnjJRk4>ry{Uo}1E)D00qVg}Q3S`7_z(vNS(aJ}5__rvqP;@S z1$~wI3!11>_oNNd#D&d0*0HWb>%0Qraty}0wGSFJ*i%SErTO8k!`^e(bLL0$t}tgO z92&R$q9x~(WmV&{Lw`zT`irGQi-gxh6^NxcT+eo&=sK%SPB)7cpB52=lt|1gled>o zYWl@{4(;Ercq46#xapU0!_SpfRSysaP5G?JyQ{mjRTtiQiJ!1*B{-i?yCAt;=GtQ< zA#&Kct7N!eGLlC3ZVvA@N=!??X^!$M7NvCSSz!n!;xmhnvU00%x*MWOjCm(ojvzS;P%ny)PA|3Okzbjl zrwn&vISXz}Or5DZklmw$Iv}v+7rvuv$5#10xOhawc-KyLNeHybd-m<&xU;JMrp1c2 zB3t}U6dql3VqEJ@95dHVx7vqqbSdpr%1&v`rsUyP*WuLi{4#0ly3E`e;`q@q&F+42 zgOH|?tJpCo93wH)mEsh;>j1YjI{PMdOrZ1{X(GWv`aNw$Mu!XGrGo%Uxe+^<)^jM@ zvGy=9G?Qujp9tySL&4c^Br@D~m8qxUSCywJ~?zO1Ik_6Y!FoNHSs7Ip-!^GjF;Qa^+l!&yn|Tn27TFFYRUp zUB<_R7|nd$w|wAtTv>gJes<~HX)Q$(s&E@2`myj<6mOEsM*2Hii(Q5?k=ZMO zj=OKGx75MCc+um0<&g;A88=`2ktg38PG?N`FuMiOaUwbOcH2~Ea_Yn^>wKoOqV`U5 z_>OZ#B_&9BeXTwVdp@aA3d}M`X4xP-V^G!1o8Gj(F3gwNt&N8*rhfKMz2_Pr)HXKb zGd2h@JGq6$v8Bb&gqDY9TIzE>`&2!iRDWxqe&2g9eW_(eV-{!3W38;5KE&KYB z8>3DWI<`ekxV{x`J^7}zUJE-eAp)A&#ZzuRfeQ;H%A6DA&fDnjqVth@o?egtO|Lb) zyvIE`gR9!@cHmsgV{(dyxmYq`$iQv`p45IPW9|aFZOBeG9qlZAKpKtJAL+Q%lbsno zwkF*pDjQ?1x_I_G*a&Y|cr$-=tr~y|eXu zQa0m7>i2rIFJU-HH2s2kJ#i={^^xJdrD?~d>8Z>x?`t+nl-V*_aq_|k9@3kV!<=vT zWpVL1nN51sd9@!lK*vWoHs#8B8B2N@HL;n>KDVIZydF|b_)B|CvPb8p<1D7ztNaO7 z{=`d2@8wt|5cz~OR!&qiJ(00@t)kKAi>x|vGb~`YIL!)3;#0uu^DEIx^1L6yxk7sUd4bQoU zlfOTn;2=a0>hBE_eNXGSf5GdySALh*U>#3%WmC-C+xFw72cLUJ=-yYz2@j}yp26sP z=3q;M&v)3g?cCPrnipLuCOFAfPpJ=v_6cxq&nR?_*!^e;Qp$~S9Y?-Hb|fJ}pY(Hj zmBhys48Iex{xi}ycHN?6A>4e9)u)D2A+NPJQI-~GB(&AOq8FObVyao}5CQCuH(wYs zjBlr>yLnGuv`Qqw9+^kJ+(WNZlW>HI!94cQlnFkG$?J`}dgOP8#7<7f3r^laRGZYj z`u1jZOLi*CuiHNE!^J(Go5_%EckkXbHukw@O@ThOYlySn+qEGwO^)Pe6?k8iF~NJrZKR(tiXkiD8i zGPGxC`x8C)0v}`;7m8)Z)Y@J%D<2=%nbgN`5`EQthIHM4Ys8|*#8Q;|+A1Dy;b!LG zGgt&w#1FG3OpD+tG2YlFfdTx}sM64m<{ZgPX%3}_#)mMXgbkw=9ywh>I3>B_#<&5y zN&IZO#zSeeQe*KwtfqUitXGWf*04K2mb;+NRPha%2u(?{ppnz^w0MSkb+H*1+ZwxL z)JXJWeJZ7rb13{C&Qm8VcdQWS>I(bFF4S20=hE!#w;+R(TE~u&NscLshT;0yuql@St0K3Po%(Kyu`C%c6I6+}ZKGTJEAThgbimh#zOF=?Uwomfd$+%x zgYdTWg=dX^uxeaFnh@@s81OE-1lkN~a_DFKRpfk)cjk;cM%jz8pAwAi^r_!+r?Mq{ zHjm{n=C&8ybCZ(g^l@0CNi5N7G9Jjw5+XUKTgas8sd8UtdDP;V34hzLycgAklFMxF zAl^$g<}u{{*oVwSnLV&*xq90rKE|dtoB6Va$cBG^To5RHdaKBlMpGDLd-fj159-QOa$D}NdH#K=k}ERY`ZBjN@iEoVlwZ4s2d%H@&MQCF`15R$ z*>8ToETy)`gex`rIECNVflrota`PbdiUXlDpkbfN#698BW)nwc;?zqCvuK^k`9cmA zr@5Etxt9%s3-yAri_E$utdSv!I<;EDy-2p(yD2#1(bs8|yz<07Z6)QNUED_Lov*s0 zN$PY=hF9B?{LRG~-=!Ivv`mI)Q|dM|##uc|wy zL!QaVP`5x}LG!{b7*n@=2A_Xf;}FZg*~GQ5_(YqAlV)x8R>Nz(mtIVmkvN)u5%Y1B z&08}G=w(}gpFqe+8&A8?DE!y$fcpSJ-5RF6{kD?#oq;9rOEMrhfIU>Njim@MeEOSU zNUS1iRLrFeR)ua(vUF%!-467fK%4_jj*pT@jly;+dvyK}o68~uZY`Z4y zj{F11ra5xKBE59X4%L%#L$llT{+Su0I?rZWY@!RHD@gQ_#<-2PSIZzcE#`b5L^JYT za{4q?=jwZ34+^0s?lve=7`455I)Zbb0^=6@92fhh2<6HSHoVfw5}x(JXOY*>hItQL zMzK$7`c7#UeAQFPw?$>-4y9aC{WaqpcFc?7<@wPPm4yvUk(1qS$?f%}_z`{QQokkCwnuiT52JG>05`NE|oC?EWZ`1JM8ksNbrjIPsd z2xyKon%P7ctpq$BXyS1QA1&ci&=w5(Ev&3A7D^y2>?YK` z+DZ?xO}}sp-)Jxj!BKfps8K4mwBwdIbc7icL5tD~e3t>ry>zR8;3mZn{=9RMGk_+G zrSY5cIv?da!^(Ssr#JuLjaB&CkYJp=UaT{eKmiB&Kv#uSq|(&FLYW6UQTVxO_iQG_ zI^ibrY<3|~_n47$o06~(08OsnSKYdsI6=(IX~a%+^kD$|GeXCAF2Y4!YZzCDTPF@Z z0BCD`p@QZVk~raN$nlE`pW@7qL1JjSK8F^Zk+MVSlXmAyyflS#1_%&>T*9%bH+q7* z=c74tfUoph9PuZcy4DQVIQmS!ZI7FJu}_S12tzh=n?ok>6&w?0K64P6sh_vl4v7~q zX$|pDrb6u6njxpWFsO}={x}kGM%xN+=qml; zTZ49HT!llt$RZuRL?5IBji6auMw#9CN;^WAuk)yVkl`F6oi|a&ALUUfW&LXHqhNNg z`L7bp4-!uu@<@e3v>`pvYe%{E5KhFK;>StpWKFa*v+LHPf z;03)V9ydiPAJ~*bdZ@3k&}eqg`|OCR-{4nmQkqUXE+cdaPfPd#KbxL#3m)Kh(sWO7 z)2{wL2&PA-Nv?s^4bJfA9$n9RQnxv2rD2=kp-ZTa&S!n84#EZ-Py=08nXSEA*1|XD zZ>Ga&kn^$Qau>-IQo0+Skq>XQBb}Jbs>Hd@N{s^V%VywmSr|w;&Y9AIDN^DTzv|9M zt~^P=ciz)>Hk(5S&v@0@O>RX8yor`T-A#TB!01=>ecqvNH;&LhYc{>f&%S7@>q5BU zHe1rSKAjERQ@R_hYTQ=2eG>>ON&^CD?3U17dNpn6G|AR2+@outGBIE>(04X4%Fs?a z8A0~%KN|Xb%#YwDwB=OkueD?2Xb+PPY6}s6qgK9j*Sj>UFmJ-~;W zlCGkePSnN1fwaD(1@wF+Ka>8ll4gPNL+9~8FqUzflSZ0yJ&}{n6h6732m!G%ZxIk1 zBYduT_qWpr(sP^migB{?*qlxtUA$+6>q3y-C78te+5Q}J``Lfy>c;q$WPUM(s^gE4 z_)cWhEDmKX4h?;<@(%~h6b&SD%(8^^SU9gXJJ3Z4TkKC^j=D= z?Uunp-BXr}sry?`M=)l~Ree0n9$PJ#alX=M+E*0AkWKmKxaz%|%}r%x?@BH6w?|%= z5d-oUKKeX+J$*_dA5R>yuckysXf(r8Cp9_MC|bODW+d(jG_9L|z7TxKMPj9+lzCcDKc9p^zFL7wfV ztlr>Qalh75?5{#Gn6UoRnJhm z__BNb78m2J=gSy%X)p_w9T$BIcxH_NjCx*d@1Gjk-~fCH8KbHxrQ!cJ zAid=?GgBe7S@Fl%0!5(_*KzniL+Zcz2Ystzt36OK{S?~VbH$F%mB6Jxroj3>az%d` zDCcVCkh0I6CPhk-<5@Jw|Gy00&tBE(HO^M?OSOvRAkbF?`2)E`b>d<0)R4`QTFSqP z0kofW6Z+J2RTgz%2bd0==`;yI_)pzD!u@g^($DZJ=MT2{k)8ga21v~ML>AUH_1IEu zXvX_D@P5=m2iN(XvfyI)mU& zFt(g=c(4?R_Feo^t}-n~mWC$BY;I}JL=R1kOxavxeWm*-yS7#->c7nczb3TXok%^2 zkg)F`tnm}UwdXv*_1<_kU9aGro1@Hi3T6mD;~;w$E!>SC^hs@*&1sQDdw1vQ6-0V> zZH|}o9@Ih`FAk?(W$x{Aw9ei}0C5cn$@JT3w$_&40om5j;aO&f5p7^`nMnTo zI(bccMAiVc=b)#ozlFoJeqj(SsX_MxTQ*eSw{daPKXvOI+I@GqPEk8oq4ggQ?G3X4 z^~7H3hp_cYcXG#{RQlTscS*ifg$PIGv?@#n9XOS*5^*BL(UesE&}Q94@2g%>bF2ql zd!bQV3_bXqF*PYm96XbRh>cpIf(rwhQSP$6ZbYhC5^%EYr1<%qc$1;4%n?W5dD_CO zZ;QLo`3q#<1@hp0!P2}oBAXR>?3A8duTmOK7M z{cEHe`R6uaJDYPeS?l1CrxZRsw~1KSk`|(Xkc_U-fzu$Zq|tT)mo=d7rEH9C!j4Ix zzO3Qa=f3aLYxc3#_F9`DZ>+xQ+zy-B(XgC*FKaA>l#;)#`7tx@A0buGBsg$X2QyRA z3q$9xRtkXjIkxiMW39A(JloFSqw_s2bp{;y=6!MBaYEUS^ID{`iH?ZZ!4^4KQE^lW zk12B#prRZ{#x~P#C#?`oCwbDi6Y>X*XHdd{Ar!!rJXHM}kna!>S$8~Bz^Vq{#V1(F zV^w;`=$%8Wu7c5zk36D~c2qZ@ql2HN%IVs%;4Te=yoEU0!+AIm{&bsJ5yq zEj;Y03Zqgx4#lX@6xY_4P9|wj>Bi4B4t@opdC<_O*YKXYjlcxQ!+6SE3ZdMq|d4 zczNZ)liCX2eNyp8W!RY%jjtH#Ol^-U-Ln8{eG9PGsdkJ!3$y;aY@`Xrw*gm2o?ked zr_Y_f6q$h)F0C>|A+A9)J+&6-wm-4|`2~luND$t0iZ=xYLc^%mA#kqLI40X+>O_>L zWk0DimuE-F*bX3>d|~4ky+Mecmv`ta+LcLL4}~bm&SB`r5t19>4hL7156IjqAJ|Nl zW)(Fh`^_LMkv1Je}Y}-ooP$dGd>g>$O6@%U@Vy2v z%6z-I?kr*%)QS;1;w&|3~xS4~TZ}z#vh{wUp zX#P^gCRkLeeyG#?7mR* z2)Z>83y`t0X zWN;U^N5vp);9VL-Y>Ur?!y!plw0Y9l{G&2Gbu2tlQ0#HstK6KJ2vhXj=cu^$xn{h$ zuXZakHeNd45YzUw=|J2k#Ga}aElxMGwdMk$eAuRR`~rOic^Ba^mWt|~bKk!g#wi&; zvn6ZB00uH@m{Z6utGPzm^>UcYT@iMC^O+D)?pYk;0}hiVBU%6~F`0@8m`9ySdiTksq}LYG2_JKr zILaKZA%5X&yx3Bm4^&=n#!RX?Tfj5t(x&JR#n=O zdiRDRoNsl+*Xk5hM{}7P2@~e>Lpd!#l{67(JJV?w9eIsltsQ+LT{KKLibHx|ae zZgdUzlsQ)R`==9rJl(4NjeSc z-3@0>5m(*u+n?Ffw=4Ue&mrDe_06sz?&e%pK{0b)Zy;;R4$1f`Y7_`yRkL#>ujm=i4h< zQ<_Vg*rZSgtXX=#!v8?e-yttyXqp)beuMd2z|K~e^!{9{)?0$&AJP#`zS}HXa45C8 z;2U4#MpNljCD4qQjTDw|W=ooW3$)=oHvTRnFDx4>ge)~^B`X^IKuqE9oa=o);qRn&yrZn!Cf6X2T>3N~0JlycClv?8-UBj9`I}E2!C} z)_xWIeI(Fe?jw~EL!ht^r`j>UI?fU4%_jD_S^|@9c5SAXx1omop;^&)ivMg+{X@x0 zgD=)t)-@IJV6_yp9nx3`F}M9HC?%LNe-nO;frn0Tkm7SGSi7>S{J{vnfQ!LuUN@M$ zGQ+|BkKFI(Ng5D?R?w+5+;#rcsd#OyqQ=zpfA8YDvTXnaP;VFY5`cd**<7oxgS5H+ z?6a`4TC;lWYoAig8XThwVB1DiN%aCi+X)j7r=0-^ZX;xu@jF!Vptm9L*AX+R575{v z%CVHb=QOqw95i=$Ze|UeX|5822!r=_egN$~!FESMe%Cf1Jhl@RGG>;pPnEmr{V+ov zPoD*_H9Hke&hNWkErx%Jn*UNBXU?cH6j$}F(v5Qg=ofRAB}X&rd>3g8FG+$;`$9>n zQ+VHbd{iI(ZMC=w$&HR60~+xaR3NWM89`subs3RDBOuNO0jkP_G{Wl`V%m6KFAJi1 zAG7XC3jqLDjUN^6d-?tjhZhKdtq@6g)<>N~f(1oH$XjujgDjkmSmVhiZSyj%AN-5Y z^{zxJ%V@$4KvI3L99Sj-S;=$`Qa*V~;J27q$i}j=CH3lH;DSX?TY)%72r~d((Ev5O zMjUl2jge}CShGOS6j^fCgo$m@gbv^@zTm)lPlx=n4>*NxX*3u9DLmO8w*YraHg=jf zDqZ*-MVboXV3fR@eLn#X(vGzbyl@MKa-~Q*<{qPj%0ln=?gmj`nNGH?0=0Su_bXgc z?(d!htc(TSSs*H`JJ4I#><#Oz&GP|om-j;vy&Sg_iC{vW1)qX6_wv3oW$=yxO6WM37W*$Pf5j1 z+;0d5V9{Im4dbLk)yM-SsS61Lg*KmR8xB9tZ9r~B%=*Byh*@?+57_`D;-RBp*O7WzE{IP)uD1X{TNz;uY{Z-v1h?lN1lgEZbTidMsZ->2FKhU|N2ahz3de#>2oMkbkQOSgDerCkP^& z;eb>D#~iM|cVnx9?B4f%Hv_|SLpnmAMv10>sq&XPJ#ueU*{cTqpyb#88bY?*OHQE& zJMGYjWA^Nmi2p5%hd6LNNtQGbqO}00M3ueVMc1417i4xEjshiqdMeFY+0J9@tUg%X zG}nyz!x_B9j@1$@_L1aPFyB^P_qf0iv7wn@U#D`gAz7)`7CDwA_XBo#{)%7bAXn{{ zlTzSbtBgqe#6gIvd?ExPrB7b+dY^kvv<PI%hVPVBhmW^HQVKn^1$A(OdF5a*DFOBh}daZGVmd#%x($ zhH-)VIR?0}jufNbmFddQdAV%c8r@mTs5IIOUUN{sTaC!@KP6VY9DCJTD>zmx>kdfU z*(I_ex`QTP*0PmW@LfVqtON;Jd7XoOqY>mIN5i;R{3RawQi?CP;=M-F|G>`VwZS4V zF~18u{-`L482kyauiFd{%;w$!FycEAjBeb&&y;d4=oB?v19{B4s{Bw+kTt`%&k%lF5D#u_3{t(lVhOb2%c9=J_5(JC;hT zJdpSZ3Cf^gw7JtnA)rw2YJ3Ms%lIxAY5q>Nky8h`I#^L_gtUoC%bZmdMmyAPubhF0 zbDff}_#w|~!lxj&)C);dsL|or2`7MR76>$hVK4882%xCYG4I5BFZAr9O6N3 z`*x|w%L4!e^%e1%5mmZ7b3XelnV9p;4YR0N+j0mygXdfV>*%d)`7Ag$${8LBqB>cL=wFlQAoyW z*Z^15&V1tI6BDK!9AXSsjnQAVx54#b0XH zk?TkYvLdF~?-A2Wd%lBbFU-9=2m|jxBpQl~`8Jk;S_XQ>wOP}tDUG&*j5@c011Vr1AZkj8&LASMb!I#UvSvzY z5&4_0IB;#brbB2molWzvAc@>};Ade`sEk?jxyd_LE<%AFr*0oV;xh31#l|b8$DII!(qA2f z(KTds@?my`OvHB!?+h2(VYajp*WLq^+L(9Q!@K1J5fet}pVEqbAzecYQF=gi`=fF2 z?N?bPXc_M?TB;#nW7my%U4P^@|40!eWQAuNeXmg}z2g4@@1R!ypNe<>Z`u8?WUIlr zm;MnVh-1YS5@X=WfFJ+2VkzvZg`$@km(z+y~=tcx@Xm``~uNv2pvm7#Ty@`b789_LC zxnjN6mulHZC0t~mdHM4^SYU|swXXebx9~J#NAI59Waqy#0cx|G$SefM;&0nA5#yET zf!0CPmfSuQ_d|=|!(F)-HGl47pT&d;?T#>-Ak0B{Syncd(;xR#g0zm?r0rUoFhu1D z=%qPw)GTDi;kOezk#Ju#w)69q%A)+B=4FvWlO&f;IBso1a?;|mHJB__t1+wzLcPc0 za{PjkOiJ0r@ys%?sDe`&Ev~Q{;d&nw->o$*pd~n9B%Hlxo^M1U#QqVXs`vy+P88EU z`osxACB+zt1M(d!9TEHWQ8No&@TX&t8r4tW>8;+;2k*6vIVQCJ+-L?tKU1$pD0_~C zDQX>fyec33jXR1c@a+_q`b$1}W%L zrQ0g9$~kCEXB*=9Mc9*8Gz;b@9VDb4-0b_6P?5bAu_*XyQUTCF^Rc!J)NPU&5`oRz zpI47mZ0;Z=^9b(q8DyuLVTT_zVjX~DZ~<=|3P+HJ>;$}lSz8Yxo}3u~8#w;=pF_%aNJm3p4|a2W^Fkoee#>4p)81RP06vi_JT)YkQ;2O;X}6kwR&aB$^6;2GZ=?mKEzxcTQcEF`MpA(rv85Dn;k!#Nx+VcS->W7ZZ_1?VeC za%HkCG>_F7Fa3A_1E%2=@LIWEd8Sp$_v9w^|D%wH&A(Dw{x9-i?YR2?C*il`93qn@ bmR6LLQBm77nfWW=eW5MnVk&0=gXhe-8l;d=jnQnx~NHu zLDbBUoPrZD7NUxx5D@k8$gjq*;54G6jJ68|1Rl-5FQly6rz;4ELsnS{QFRZ4i(FVO zQtg%&P`(#PA|HfVYl^rDSf=qio;d` zz{bIU+Fid}taYo)?B88(5B!}he||@xUZ>N?V^ooV+)mc$o0D+OcAKas*-m#6{Y0M# z>~GwD=*EV^IOj?E^6t*bt~+jSKp6uiTR73W4nu8MN`rh}c4z}m0M-mtQ+g!9T`Jq2AbpE|S=8RrX<0NK#!nU@xs>{4 z^e5f-`T%`L5A^B%`?SBL1qF*Rw?wpood-{TH;OSOCl_CITwTeh`Ram80h?5$p!1FK ztuvn>jr^}u>%da%Lce)Y-V2~;wC861`bq64l%nRn$CkF+gf_`=*0nnm&qW8ALJJ{1|}w%o1!;S@p#6OAQN2S$JQJ{ z(Q$m|X&a0Z{VoyYC!LXvo(OsTx>L+VWy5) zvkqlrMmoNG5zqL^TuTr@91rpxzR?}J)x%whg|>xQZ`k1MiqPi?z>i$_!hGVc(VY6ot^;@!-Eg4V6#u$ z-87EmsrQr6w?J#VojA@|{#nTJ>zhrFa$5X@2?v6|!6mMpmE%-D9MkyG`8P?Xw-t5@ zc}*6OCg>Rps3G&3f?FXyu6pWSpoPDDKH!&`nk~f4)|5FOEC8M15{=|0487hS(L~LE z^r=P80j#`Rw~Qfmjy++%W)i{B_8W-0{7FN`YOd#)SO zzBQy3-63n@Raj62sFsH8m`bwA1Y$ImpAMq~?wmA!!B`mmIi{bojdgF!v(dsQcZ`lw z3V`n+@b8Vrgj(WGp?iPP&Ka2BAxPaK)Wb1^PbtW`+;irfq%#n@EKqh> z1*|6-JJb!Cg2fuqi}vlX%KcvLwX9o^0;%80niBYL(n#%5GSIf0a-x2-W~S52eL&j? znFu*e_jDL%YAN)GeI6~@hCu^)Pc-{c4dth~ki!>Y1@kz%kM^OyNWj&_46G5k3w`T? z-B~kOGP)rMC_@8qcu+#zRg7GBTy=2-xX-ka+Av(y^pi-czM$cjYm5jpDDmNsSdxic zY;XVqHc&Z}209Sa2ZJV@PaTO7*(qc=I^sMcY|M>2x7Q_268lmsS0py5c;Wc&D?Qq; zceq71wqC_Mxnz?#jYP^`o|ljh)}(Vb_(s>$)B-a2+o*_&|DFg8(g;zH?zxT;^rRaavw%Q{)CyD6`V~}kCVv+;9hP_eVUJEXt_dNq zNA-zzi4&9XAr`XOWg}8EB@oJ_3Ue>S4+9PtlMTt}wAG29I)84PXxs!B`ua*@u-QHU z#yg^Y#2I2X@S1;F9*Q_RubV3S>Ti4^c#nyYE?LrIujIrg79p< zf<4D>ir;lm%mHQN-VeVW%4iai3kE)Tf(ofRVLn8RVvkj_&+u2lpD{(Tl%wE3^U)Eg zDlkl?V~WQ>@xg$`Pk5^u94!bN?P6ixskaa`XtXL4JfP7HnZ9dJ23T@$8YwKp&ba;x%ki}C)P=tc5O(G0({()D>T6~k|);|KA`V+fN zu17_Fm3ULaG0w@3-jX9eU{FVW{TiXH2ZAu*ovq4|*3D5?;qKLS%-zq^_OY!!5Q~_d zEWPGmkxjGJ3UoyG9336&gj^pOxZ5~;-m4D2#8flUO2H`+4wMe$e@y(7?-U=K-~*$D zmz=A_q?`eF0x7WY2Po=~0L|u6yOWn?XEV6sA6OMU~N|TnHuPL8JW57np*5_AX!w!DFLbkT1zGjnGK%qn>352 zwHwLW!thiD3+5WN;pCy*rYj+Abg;UNLR7q$0XOCFr>O9rXols)2nA%WdlT6q2njg& z5ICZhkodlY`)m#iqD&@IK+Bp^HO>!}V1YQA4`)13Bv08AUe7%W;`O5G#NR&sM1$tS zc6Ue#!G(*!4drKp(?W67*BvRRnjvy>9TEJ=J@JJxPgjGH)QOn~E;s?hymC@@?c7b{ zU3k{y%cV(=Rvwy1=R9}%H>~t%H;0#m~NhbOXokZR3!v&j>w0L{g2QD%$R9Ye3MNS)2^U^=au%-;+SE z-A}Q`!2^%tVQq}G?qpTyMmZ*V7Ow5*+;M*Z^@})0&Q%;o7dnPikc5}iHiFZZOjbyL zI(Ff^vvU7B+>iPIt}T{`k1%<`F7!WWpVY)iI|XyhRAj+GQySJT-K)3?3#)LdL!zFL#ZtPAecF1thH+hQ#&C z8lXA-);7L}dtLO1T_1HrALtHS^V|x(0C4M3^p{sn35@)IstPU&!MF_PqM;{^FC@Ny zC`dTY;@|`Eepn9am1lSbe3&1VL~&lV53ktx*mLJbqLeQ9pwbzRr5@mBkUwoIod#7{ zZkP@}=S8P5e8Dke5B97Y8R>bdTgJiKAs zdGKngaC~iH()QXk*oFJ=SMo6>^I6tleC)M8RZI}ozY){zwm5f9)@w>y&FdMWkuRVi zA9tC|>yK+z7j$tsTb-v|`IOoFu&A23axH3kd6D3a49%T}qw!tFHv`#icdq-DwH|ja zYR2E=C3vZt{ta~tIr*nuQ7RqU9Ga%Im+3Ja<8MDuRX6&?+P6`!qbWGBu1EvYvht5; zxdNH*)u5^yxMxOHG7aw(e0yh*`zVH5Lb`Ailq{nT0z;|XI6<se(f$q6NN_lX#3O+JT8KT7k5<3e>y1d# zymTH8Z}_BqD0epHo`Z@Y-SmZ|zt!avp5rl1dO80*lJmP9`c}q-5P-cw4Bw@1ruNhIApXgF;%7#~j%5M9o2z?d z>ZxTwnL=M2WN|0|Ym|xNAH@6)_sZvN#Hr`D{QT?er?6}Sc?mW zW_D%1x!&Bju&GR>%6L%&&&Vl!#4A8wpVfD9L5E~E=--;P`qUsJLuZ7C=o(AlR~I+(0xVa-?t2c?j3V`=VP7K=8KW8VwXjK_T6Jgx%tDK?C5-@`Aw#92krko&UwYfq*_i zVH0XmmO8%*7^2sg6Rn9*63{|sVmhEC$xEE-t;V06Zzf(b(-rtdw`yCU)wtT_SP^r> zBqwQ9lzj8Dywr3xX255tq3{n~O2gQXBxYKDalVzaKC>)7{MmAVVUkr&MCvRsM!c?b zdW!2Zo*N3m$2iEt3jD13L$W>l=z+VPoAT@JgnUIsck14Z#hmSW?hVKUpdP=~5jOv% za~BtH&d~|BCkXT`Q%a258#2`xT=uxduo&01Ow^BdnV#D%hwqwzM?i@NY-;_W17_-kIEd zeunfQ=C-&qd0vCy#XQcoSk%4Rb>Lp=NrE$|pWcJq za35*T2Ka|Qv#P;qT<7)sW+&v^)u^hbxJQG*lo5l9@uiRbJ(P~y9=kBT@}J7{^r(Ql zi0C~f5N-WxKvj}hmdl^TUG9KkM09h36wJ}^j88G$P5Z!4x{6FmF0S0tKWY_sMfnI3o_1(FJqLBd5~>p1?1_nA44>x=~v67^Vxx|UNq z8$Ux-DFDx(}MYN&>(BN(Hp4{yVnhcfB?13oCnlc`|JEOiMh(V+=FV@n(4c`;jS=y%x z$;;>@2{i7$g|41v9vyQBSj@ERCDRXyphKpeLF70?=a+31Ei35uslofSj*kEi4C*7y#J~y5?!x=-MKBAQ^bo zLKNGgnFmI}?_ViSn!ym;#}X_Bf5+VkjQWb)x{44fDw$J3Q@3H{>e$@gh-%`@=@r7v zhxfNc^5!ok466?9E)qLb1g5*|`)(1G5%1beZr;nXdDhT6cT4Mpv%nQ~quOC((H&P^ zMiF(Os%5YTK%}n`qVG2_n}8`Fa-)SL$amPgAg=biD+(a)aHKm#^(qHz;U0Y_Emgxq zl#g?S0_}m$7~Vf)}uR6E*T1jaM#;oKkN*U+x3+v0pv1b^Y`Q2I;ojee2XM@5tb zr{dJhoH*`4MumTsqB7KKO!(;>4ww6ozQU3?^Hpl1>~fuv6i2ciETV+UfE=FHq`U^b0C42n9 zpx=jxE@FC+ zA4-EB-;WIpB^2$t$h)L>w&EUP;q2Hw8W-N0w5riSo`1kPhHswacU8b>EHRJezzk{< zJj5=khX%DdPTCxUH;;S-_E%Ce88Do|Nq0jL7y!YFIlac+`}BrPd?uNs6uA}(#D_9b z`DnIH3ke|DaYs2I7=NPR1Hc@EYatAG&xn8j(p}W%^ME3|Fc9*>K60U*j z3krB4^+k|#icld92~l98>=EzuB>7!Kk>0tbhvz`*N&VsNUC%|TcXw=FJH8yq1%aGW@^@ z&E0I(H*-Rzg2WODC*+WTSYd&4xCrv`;v23*qV(%%Rp`N}Zt)@C?NIL3q6osV@2UGk zRA7qMY8YWK^p~)25Mq7c5NrER)fps#J zgji>WE@u&1mFx+@Q@t{rV51dcjl4kq^+h}vo!1aQrNC#&yj!@8G{o5l1Os~r@B8hkTtFi%%r0SL+qe?hMsRYTn_g);1BuD+-Qy>|>oFrkCkqA6uMgj}2egBwu09tPm zy?evi5al>pe2Bawv6O9V5xs9P(jq0oMn8r{$X9epRr_R3jd|?HU-aU*T2Tp4u-b|) zQ=VuzlI_?Yjg+cM7J4ZjGYnDl?*I30D5h)Lk4iiHluy{us0uEoQ!Am|RH|@M9B;8j zTG&5Oy7@6zMIaD|e-jgb6906RCgIHaY4)T}2Jnl18ES>FrZW(3%Zy7AHOUh3k!5Y{ z4Q}DhII&7fwF+>TKS$Ih9$g-ZLuR>jQY-zm&;dD*mbUiFJ(`|_08jhulQGKRM0oKa5kS3YRAusYb)$qpQ>sHPv=$!tY*seae zOcP|~pM%_#L!TFZYD#A!?Q0d_yJOi~H2ak;I?`DV)Sx=+W#^E7x@F^pqOJr^>#psp z0MPTw#zbPzS0Gj}ILm|)C|^-VaLgQrhkqkwBAtp}DMpk``=C;TSdV&H59~g^Ip$9b z)dh1#BOQ_&PnC54{p%-!WNo$+SdkdRD*^c;ITi<^F!~8~_wA3xS**Mp7w7D0aDbI* z!Xm=Ld7*G<)iMxHfs!C8jsEX0hbG5X?AS##H`9Oj7dtM>5yfy5J4D4ZM>>57BUu`O zqEuN|)zOTV4p@8f^u(S1S{GZ?u<)Y@>DQN87N*n8ZM2H(p;+3iz&e$)C*%%+v(IMXYsH7Vv#BT@n`L?EU(!xr*%1senOQ0R0~&96nS3~ zr^%$8r|iCg)#*vW*@zdWyTc8ac|e>5Z@OFDsN^3gJ@@11EY4E-0WKcvTgIp{nbXsl zeV(d?EnkaclE?8AyUKB44y77>S3LH=9mcuCAFDGrUXnNX3-9)9gRk*zqwJ2sFMm!A zd~YI9V2ocN6dZz;_>Rz}vRUgO`iCyz2zE!i!$2y89Xsv(Rx9R63L|$CwCpmGGrTqA zgD(h>HoSciAjC(kBcLQ5{?5xlPSgljs2jUSkY_`zD1mF36U!qvedErUJ)u^`4(L*% zJikjg286r9za^P^-&(7QGBL&(Z9`x;(ltPz5snpk&t4be8JT#>b7>;99lTN=8;?A0 zQkQqAH@ZqT3(IZPZ=Da?(Hy?q zbvk|!_~QB)n)|Edtw=fZcLl3xI*bD-#aIhPmBR}TC93{g+ z&8U+S?50Aj0Y=r3Vhyg}VE1@;iaG;ZlNE2Vuce$?fefbH}L6TKYI`;+p^YE(a%!+<)h@UXC z9h>oQD#?e#Z&TuE)YEJAyP5tuYX6RW;HQ1=p#YwOWxlA}$PjKUU%SGAv8G>4x4ALl zPC{(=53`@!@JRl8kLvkM{DFdUtGQ$)g!rO0zJhn8ITWzHD5z^$GDzuH3P?X@Jkl5f zK|aFP6z(!pU0;me;%VevvX&iW38ZJs%HlhplFM7n;rOlWJjX%e2>>}%BF~9U=CC$| z4PF&^v}STWwA7qx_YBso{dkOOq!C~?YS;CZ$3Zi7w#Hj_u1EDOTV@zj7Eh#s-UNV{ zRkoUs;y{BhbLPb;7>ad&DS(O)@nOw$@e{t5e5)bU%YZ zMKU0^Ua^P9zOTu+s38ww8;1yK8~UHo!TXN5NBI8e9*h^=jBwl)u4P_Ab0YO&ztYQ1 zDv*cyp+GzN+^Fuv3hzVwBjOPtZc3pfQCCCG+i9EVk@|g9FjNQ+0J2A|R!cEZ1)nTi zas?)fXy}dF@IU3sV6a8S@A`@OtRAH@zmgWYfSq(3?PE#zbM+(T+vO~kKblbSh^M&V z|A-Pan{hqU43EofMocrcB`2`QF2$+o?I30@8Mz3P#Kj8Tp5i^!o!pLU!bFV zy7tuzYqjiTb`f8Oze~_0%QBVjZMD`@J5CTZ(YDB4}911(ufv^pp zzifTo!5)?_!oGeXKp`>?e`u-ks6K8}Ml&1$%EsM)*^t-hTFjhaO1o561od zzMOg6x>pc=AVg4z$kyo*{o`1MolQk^u|D9@m^dwx4ibiuZzJ`Uzp8-%W4OCHY8@)> z_6?FU=bMJaeoHO(EL4|#o(_jJ0MpD8Dln=J16n>XN>nmJ$S5nEFDLHFd+Z+7aaw5y z44D5pt^qW_5X;l`oxFA6p;(I_pn+9jf%di&!IvfdMCG(s3rPe)9YG7)?7^Mf7RqBHie9aD|`k94iXrr0fl7ihnq2 z@}8Jtxe~C5heHE2>-32Fx{=u|Vv+`5g6G;ad6-MS`aukEewk%fnIr6Tj=3O3y-N9D zVMz%Sx%@(BBRc9+Gz}N&PBe(_KJ<;`2%e7*SjQ)d(5D82pJhy(9vLt~U%({%1M(~n zY$9Uq2@?sOJjBFvK!Y%$jEgtEkECuuHDElE@yuo!nfL>}hskEVPt-5-x##$M z%0%CUGylTQu$y0?@@jh^$spA8q3y!{a@*u)WDb@1)ZR4$>CQPm75XE()cEetI3*6g znUfF-R-je@{@=D-ycI)e@d6Wo8Z?4(WUosDJ~BGr)GB$E7)^R5m~r*=B6&<$FJAX< z>%z;h&h6H8?c1dkHw&JV=@d2nSO5XSJ<~Ff6<{a)O7Ms(Sny|{5Ebo(HbTKBxSqLY zdQ6F#t)}N1*Y|MIXNRRyeqj#4NV70H)GbPaUsH_S+9bu#MEbKUq#I^)kzug7xm&o* zCjDadf3jiDYm_p*c%vRmb?2F#^QIrqG)(F0H@DhwaU@+S_-wJgyXw>do zclt8&@`zntcq+SBxQ~S`#a3&`3`EwerN43=e7G|20~wJ#He=Wa31QZF*KOYa(z{KA z!Ub}+-J4v^6O0KPYJAc#L@;T?6)z~RJ}K^Zkx@PzfKwfDtnAYhT2VwBpfyL72M{^nzl<|;*D&XE)rUKW%0J!LLsQ}+`jwjRD1t#(yRXMrDsIcUdfx`L5aySCAwkI7V`xts6LyC@ruhRYY4k-4#Hro%1qA|#vuZ>T*2jqec}C{ukbWYo8i8|@B!vSNrI`6K*8NyD#b>;PiD!CE^#xy)f$XGPOGgh!H-J@3EKKJ0-0U_j8Q;*Z?cj_8M;epTx7 zy!|QA!P(R&f&?eLqaAGV6>h}X7zW%Y2~54{e`*Il=;Af-zfByN?qM{ z2jeTCy$?_f*N7QX)%98vKvL7Z{_EoGQfJ8jB_nZ z6LajmfGsIELJ^bWIGTHCe*T5ZFtrpLqXZ(7%uIV)907|+$c%=MS9l@{&rp8b0Vq9> zSFD5GA^Th?7$=Q{cHeOhmDCG*P(32z*6R(b=r9T$FChpx!1iJvLdB62XWKXiU7#O1 zexzo=IySTDNzPy_26cePb+JpHP6nL@UR$H>PC9>;q$9orJPf)rg6QNBex3SmA^a}y z#}#XqU1y`T$N*9ZJh>Dp57=OAdX-h>x%3>I?~I_}*@trYBy9 zmK(`#b}l(eK#JpPP*zV7LW3}XwIU$ZbUn{w;<_Ump!5aKhf^NOi~?bO*Py@IGC)ai z@7et3K0Zze&W0ila-&Qo+=`#S{+(i+;7n}v9X0zNCohw#e#@~?&;2Z85t1@iX@U$e zwzDHsP0%Wda0_#79S^$H@$4IVTo7-B;Vgwt~0(TMRa_=d`aZ!&Hi z8svtU>wxl=)Py6jp9lgS`W4M6QnI@Zp2Nu6Lxo-(U5g|!9eUO}M2_N!a0RXAvw#c7 zRs8Xn8gG=SzD{$pM>ogVqV4*b>x>BAAGV{-$iOdm-t6p=F@0A^0h(wnl6k0YGp4#I z^G4)w1O&qrw9aS+{y!nYg0p!J$Rvd@P%dnD&vD;6&3iOka@-Oi>A-du#-09IkGtoc z)Btb%M|QX$j>?Zi13Wit(IO1@zoc&nkG=)QU@g1W!7+=EAu zTEDvD=#%$A7B*sSqzLJ2f?@6SI4QV|PIL`G8#V(VP*m0=ULc@b3Pf-~p{bx(WxB_Q z?H7h^M^#q-vKLTb5d~3b8MkwZz(YAnrY&o=A(+CTlfqIXVw1g;qc3Y~l{2T0Tlnn| zubXyaZK0oq;>r=O8Kn?D!tMp3ye7|#iy**hF@N@g(o2pYAJ~bR)0Vs;&|7F@b3}#O z_}s?ETq~`&J@&(k2P63jm3lcXa##f4f7HRbJFC`WgL;)*Y9N-|$RGT;KyH_^Dd1aM zeBo`-8?C-p)Rzq*hPgrr2V&-*Zlk3%y3V=e zHoR@?sbk&njRirh8wqZFhIqu}j2tlC0k}ieIOrv}y#rgQcD*D~7~xoAE%=X|LzZxW z(RrYVY%NtyCQ`R1$VaFe&&618nEN6{%gQ;aCd6&jKinY+C_~SEsqe5Wa+2MryjB6C zS(zY?zI+D4Uo3;vG2VR*4klh2D>5HQvo`xeL7+B{R{k#SnB#ggUx-@LQgd2 z{^)0_I7Ttp9-Egrnqhn>5qoH<~V6Et9SJ^x(G#|J-(&7HoJ>0 zjYL?4gO~6>PX@KiM=R#>Wb*0v2n|xbDp|vU+$}}@0M2biydNo z6MF>Cw7tNby$)Lr#I7O~uHVGxr|n=WmEY4y2L36NkN>M@Kh6XL3ukR1cs)-w^4V=` zydZ7k8yVJx{-I)2KDJ@J#2HVEwHw0@R%S3AXpB|#7rwQ!g0MNX= z4;c#rV@5~2WNK>+MlQX*F4)K(>$Ey@sJ=39Yap%~Mpg$$iANmFwe7k8-O2moyvQm=*TCdI5{$w| zw2K|kp63g9FIx}y3-8Nm(;QA(-hbueao8-ntSK8hhaWYmcMFB;bd$!516kQCS|WJ+laoV;%FU&pb2gbEx0v^3}EX;LVoyjb`gC+ zeRb;3_IwWiZ#cs{S_SA_U;;e2lcAKPVNQ)oi%_7z(+6uNca}=m(ES$N9T272fg;_0 zw_%=A2bdMpi{NkWc2{s(vg2M{xkag!ZDlI54G$ zkfdCM^b^>K{tr+8x714-EJZ>4S3U5`pXmNyY4^Xt5jgmN?F5I392)$ubn9Qi^~ z;a|APe=7PP=_x5VFXvbA1pWV5Gcf!q)6rhMv;GbJZ(UuhvhdHF?EacKp(jVN*{;le z+2Ejzf4ehe+-{({incv?P$xvpRFD^Em^4rJO5{3J3`AjZ-wavR^@`4JoUK_|OG}fm zDpP-Mh5K7lTsnRgvokwfRM%NM_tI%XNtsvkO604IE^jOi;bYS+)2n7G9_aeAw&xg- z#e`f@S=zL6-(*QhUy@oocUH>x+uo{4r^3pvXm8DWZTCn<+e}h@eR<=*UZwU|T^X#; zmN%8IS(j8Dai*>qln>B3seVVgz|)DsX$yev@hziZe04E9CcwY z@XaD_i17uI@aS_wJm_otd&{+Et(E+jKOcWB)b=U~#rvmr^*oZEr#c8IZ4DY0_kCv? z1L&zT=aCrxvg($tRt@Zvyl*S$guA#epE# zu$;qwdVZZFKUOLdp2=45&l4`0oy>3B0w*M*;{nC0*_v}ebLA5^K^7f2v1jOQWUxvV ztpo#~P+i7z`P1q0d-R=TU|3dI8w#N^!mM%nz@O$lFJQ%Dj6q!+^T+ghJ(XOR#m<*n-?;92ZyRMOZ9R_TC4SGN$ zm3kkOu75^TM{IS)4T;};YR|3aI58&vvrFgjrh##T0@3lbfvXHT?xMpnz6jYIhq)UU zJHaB<{SOs(n&ZRlUO^Jh<0;zK4^K8v|CeM9Ch!r7F)Z|klWSO?(Qv?*ckIWPjVU_`6}Nz+nf;$Oir~Zxepz=T?{2Xod~=+4e3?s0 zyfbA=Ay*_570&n)1CF&(802QPpnSFduLee)dXXv-&#ca6n|B*4D#3;(xZCDDulE`K zL0%l%5V&m(7azIM*1#{P7s>~rJo`RJcfXfPPKq$n2EKg5E8o7rpIc?W{3!R^qw{`K z1g`=$3YA8l*JKSC9nAtFv$z$%tW)E+H_N%38YJXJUVHOEzC>6?_bKo5x<|>tr?=r4 zj=S4a)2a?~7M(3S4wy43yz)9{o$Tbmenu5gQX!R!pzs4`)aztEz1zIR&C8JVIOyBQ z`ni_|Q}-qCbN*h7Pt1n!lknsFPfe$f9nkpg{)YY55zG44`VGAP1H~cBne#{A$Cy*s zA>W31e7s+VfY59I`XpJCem6_!_Kh@nc|8rL^jcFk1N~Faq89o3N;OkBxuq$@@M@2he{Qp)0pv1ThbJvYpoz)DXWx{x+Rc6Yj@Y>8^V0n*_AJ zUQTqcFLl2QtHZadTj@I7-`qHnC*Iq$dH-qY`Od#>{Y@dT-!`~YR>x^gI-^9<`&S+;+^$Dh;o77UCpiIU3Rma3mq5{<+b)x;a+K*b7}DO7-MeK+crY(<{W(Q`-@$G+Qp`) zQN3ethZUBfr7o7*?XQp7iw)2D>Z5ka+s_1w{tgSg7?Ac&+g;UGne9UMty(?PVk`6` zygmm=`S4onEusuX+xJgaZdx6250I)s*NPT?4Z zSmZWNtbZOtg~C74Vorj?3$n+|vOGx_V}WTV_>(a&D3Focbr%m04r~N-29tKo!-8kJ z#Lhw7VSEowHbKMhDhC_hfOx%$9c&hEhi3$ z&8XECUH0a1gpFKkjef+J)W&<(Tj(#wc3_y=EXIE|uzlP_tbM40$F#ke)uLS&E-?Di zB2L0~#>xEWYnt$MKC@G|R@hH}(~D^5npo2zXCJagUzRuHEeZP%+{;)xrCn=5jVsm0XbOoifYr~Pg@UmfFplQ!(w1lL$x;=XH@`a z-8bm_*eI%3=VI6 zzi)01K30-|AHD{0{BCEs z2E-ufV&>?rp(+2WjI3Ea?F=R=^_Lye8?AVDFf`U~wup#n6%E zn5NSrNImc-T9w$qQtMB%oEZ8(t2o+sj05U0ND-?BNvW;(bIiX3uBd7Itr4bofrU!( zv88s;UpoiU7nXjwTk~Iayy{a(=(_ig9FJyph@+`df8?IE>)VBICzxp#DXZN6-i|D{ z(|N@{JKAs0+8aJL%{nC!45Gqi?KwSvmy&;t*I63I7lY#{XU$Y?64+^r$lqFS)CjEO z&)Jc#r{Qf{{K&WaHjIkxwF1k&Z1)-9+?37Oo;cl|FspmvpQNXDi)< zzj-b(Zv)QyDu$Go=u^r?U$%N(q(WZNuG<4)?QLbbhi_XjE>___r18yEttBBzqaG7Y zvw)`ZLhaXGvtl=V{&D8l+pfQH;kn6lu2;oB&j3m-R;J3x6&s4Y*`kRfN}J2#=C2gr z@Pl98B5UWck;}$kE8ioXa1vbO{wd&8$a@$AY}|Co|JbL9+{EKdLRkW{l5>?{Z(pAT zDTdD~tq@ywo;Ghjn69kqXia4&=$+)ped&hjz*gVq7KyfRM=i;0Lip|;i%2KD1w7cy zmRx)T8!7Nk$#9a=WY+bSBER}{iUyL`X}$ctTd@K&ZNc%yxQQS9c*!(-F;m7Bk=%zt#_+`zFuw1tzG`m_1aN&BZi%7x$DcGX|VTK56m=np}r z!_WHm{t5QKqk%i7GQ$N83Adp6kNcNwE~KH%ZTwylUZynFKm=9z64B(Bgke@O!61J-|cxy zt8sV4R_P)Rqp(}j<9O~jAnuf*H9vSzx=g$<>I){(UMJ@U3wy@jlDDX@rCF3*iRqV%&!6pR1RCM z6$^GO&G|XvE6972<;#s)_WazTt%d_s*YulvEniq)619IlEc<;6{9~JOjf+<_F2Pg# z?Yt&k5l_M1@H|iR)Y=?_Yvu#ZEl0l}lr6u~Abz^`jF4=@$(;X9h;0(QMNNwRgmG)D zDN+I|x>i<1Wu<*YNxm4Kcu}_IuftvYa!rR5nG3Rx{`GSv(^q`lH;qVsXtni?f_;_Z z)#N#!e99Pg*44bN&BD;m0SieE3wg}`bX^rzD$I~LVXe>Ad5~ynp?r7+3Xeq8d zbp%}n!D6II@Z&`?FmqGtbZa~2Dj^qR8L+ie8A?#V9N5;rF#}lV-oLV~;h)Rq@zzt_ zWOb}bu2v)S$_}G09c17!?%nz*GO#=d4nVOd<;+vlrw;3Rx>O_F1v_nZ`Q}_yws!{q z9BqrHX=wdfETZMG`>@=^CA%KiNI&vU5#yxyq&M%8x!iCikVz!QnwjWYb0DB^Z}ZCx za@2#AxW<$&dRgGFpGyYzb3>o&ctlZ09A1MmBHp<*CV3+~dAgxN5y>Q$kRe7h+248` z^#rkLpDK)23_wpiB9*<(S~h*aEOba^$@dpk`Z`;-tELj3pLXnYvJFMZ=Ld;*(Weoj zq;}0e6x{K(K1-gB_M|}N1Je_q^)BhW{zoJMCWg|9HVA711E{O?J zQo`t#k`e)F>A|F>Q*tOVx`@Zk%b=^pA zaztXs`OWh1DuZ!*Fm{>N|ABYy z1jAhR(ODX#D7G^06=-Wieb=8X$hN9|u{V55;!(k&E$(dyoE=s$vr7e-!ymKSWX=Ihqro{lFr->bMtL#!iTY+^%T8$1QfmReuQ^UL+1d9k zO8!~^F0*d{3cY3wCFRLIw2sprlDn1v`SK-n(&YA1hUzBMT-RDbnlRwDh3X)QNqdGr zNb_Y*juj#99JuuuRY_VR4CSsO^OSHmC8=y5A}H50vCGua`7;j~O?b>7ndhXgBG5z~ zv=oF-)P(+pyN3dHm1Q~SdONNt0MittH_NAfW%0m*8O?V3bs|1&>-_4iOwZ+oU>(FH zuMv_1@is$9vLsSQk|#A=E@R)yCRbGG)dn#&RX>Gij#e6RrD#n85W6B?p z7aY+}6kSI>j?i}U0uxH#y!-)n#+}5#iUq&EKWVy|zD*MKG|<;s>08$C@Ot#j{q}F< zpRNqH$v`(6l;9u@PL>ZwWeI=Xko){N=~DRq_unZ-mz&m;wQHwu3%KJlrmwV3Y%ST^ z%xGSei}I&q(T!(;?{Ovqp4Dl|wvTTzC1pgBFDdkge8K*8{2r!iLF@$OKG&2`RVh;g z-QkHi?ZF-n!=<(Us;Ss_0Dq=#x<5sfxaPy&*lE~yoM6(L?q+0+0QArd=1>ZtgzWGaQN@03pcB0Q@1*y@=^pCu#Cy_URln%OPt*pU&O!u5+C9AVH;~ zNoJKfjA^~~rPA;8Be$E@o!I*Pug5flWWh!_&qu0%S3SJ-!s=>cwnE^NpQPh(PwHzv zX_ttNZCVgHHjT?0cV*kd_MBekwbcfB#d> zhcFZOtb$dF8UCSVHJZ+p`85bZQwq$31$9Na7|sBP@W#!<5NXw-M=l!5a|Zxs9x z(4Cv#!Ji|a{J`^x%erJ$Prm;}a!|ao2`gbSc2M@)BgGG0D-Mk;ieW4Mt0}3-KiA_( zyFY4=a}yRV&$Akx9v4ylety7((5M=b0M8%3yA_wc(g>2=@pM=mx}LLLTwJj}JK}jU z?gB1%Ul+EOn!H^t7;182;2(VXehdY@q>@wNd*nyRdRW zx}VbG71KDYFw^;cDhAFID0Yt<%V1)kIWYl8DlGW~UKPN`WuLBcy!czi0CIY*`=+|_ zVGAZrjZP|qj*=2vO$wqtD|gj$(g(A}(ej2+J9pk#B$SDJ7;PT*G+D^go&9vx#WDr< zDx5=pU!ISue&Cv=zPjGiUgo2B92}+|EXUV9FI@KgDv>J@XYbrOBHY3V8`xRXn!kME zx?p-yZEu?}?5THo5lxLa8NGbtGiv>@!-w*FL`3`^q=OkMvwxg09*C_GEn-Er2#*9$ zb2RDF(Q@q$U}jeu-ExH1M^}GoQhgDMEp0fIO+#Vx_;M9@{LF3k$H@iJf*cnj_o=~p zNH}q6W*u&2mUN#em~{Dm!b`agVd!rBSCW*T%$QVPr7{H5A+*%9_Yi6XJTw%$60GVm z8z!Ml@Z+W2?GQ$vh=41;1geP*)RemK#~J2TyIBX50BlN5!Jv;b?J0y%SnV`|K~3K} z%J5oTWaxrUq(%EB`WSa-rFmkpxa7L7`-Z9R(Yx%q^#0yciOpE?XW6@3J`&RsTkg%;8JffN zH|%p$`_()Ny|@6wSrX82Z}>ZXL`J5;)hsL8PvSJR`EQe>taO5=tNJniT>kjbPG!LXh>=)~i@~5uAik%U7L?(V`k9 zvaUABp;3jbyV44Okg%V05$12mB_H-tER)qfK9w6@%n_v$tYYlBfRJy4K(GX4L!YS9a>0f?_Aj(EXbjDvVEo<%=%M48yJOWoz=o$Qv36XBAIdL z!QT|yFx5A<%X+$2?BFCkVqJjG0sLm5RtS9VzTyQK+?X~CGMj(Be1P&&9O~lE@@HvK z&dX5RW(QSuWJrv#zV>0njw`(7tC3QvbVdy1i=qOBoumW8;UXsS0hGTAv(dl8MNnwG zAI5C4T6HrN+2e!kABp$WHg{bQ6o6!LAihoTnF;*A<3Wgk`Y^BhtlzA8hIIfhOd1Fw z>rIi|f8c2OiFoi6g2^x~>ezjf81%uO{9YFEq^%kb2bp`$P~4J94Ci+dtC#6`BO$`h z7A3Ce&_9&-r$de?{*p@et7`UVA2TehLY?%BGmSSE`~N% z9E}4HSP26!Gpk=*tsSPns8YGE!2azDfVkJ#`Iv{dct;gcIftkm1zkB&OdI*10l(iP z>aQOQx}_JvWDasqLi)^p6E?DD|Q0yu;>OQ=Gzwa8>|6u@bVIN05W9hhj>%al(vWT={t7 zOm@XO-qtT-EJkfz1L`#tiT(UzSHO7lwb`{)vvxvv?}bd&Q!m0@koJ%FLpWgk;{`=t zm>0`K5Is+R@|=O#+TCh?;@><`d@FBYDKA~7zrPJ~=W_YcKUc-MeS{cwjtF-pH68vd zcKx#l3Yxq`*jG@eS|OxZRF*&c@ycanOy4}e&m6Bp()+FemJQ#u{~VAos#sP)Y+to~ zAknCu!{#!Kq3Ra7=)v8KVv0DX@%$P~?e zjgcIU16@}3w2KbI1cJl~_dAI#Tcvt5=5-h+x|D3XG^hphF)5#9F#7jbIdu6@?M-Gx z@OQiiGSI2s@?|?48DjayiLNfv(7oTJZ&bdg8JGTX4kHz9bU|&R`;5fGX7y*~~dJ86d`je;~7HRU{ z%V@V}rkES(Cmp(J5)|ibtRzd|q2plx`jrITa$~UOU)S`Pa2<}a7Kv0f+-K?SN#9v2 zuLwT(fXGI(TE@9^b)^Z`ANG(YO>yOUv40Px{!&^}}QhN3d-e4^h z3Ki}t{HM^Eg?ENcP4kmoitQYFS!!oI#ZNWN?zz8vMasMED|+Tu5h2)uA6vblPlS+B~5ONVC3O_C%&>y@wkp`nc(VZ zzy`Hh?633Srbonjh|iW>Jtub15Zp!7=wjwy?#jaqY#B6%8v2$BF#0>hq>3ic9XkP) zTwePy8k8pXe72@{>-7sAwn-1^Z^}wi^O;p;ryg?e046{88_e-Z=bpTW&mz>xxKV5f z!t0I$+nf2pJ$-IqV83;*mWL4?{C0-~oO8>T@^vQYHi?d61&)+|r_iS$t$%qQ{nRsH z)Eav6IUs;@HD>=!AoJSN<{Wl~YWHi!UO*hNDYote*(1|Zx;^>4w5DsLmeo!{$|44L zB0l}V-JR;>FgI#u%YkQve0ue^uJSevZjhnIUa<=^&ALmy2=Lk|TzMRc5Xh|FWhe7X9)(M0`|TPgec@}M+^>O%x+Xdc zzW*=PytdThQWVroQ8Tzswl1_;83b~F=)^l;csW6_kPElcGQYkn!ha1yvDjqnv~@3V z*y1N=6vW3De&!J3hW^}75lxF!EF`G4<157G!L0g&iFPG1ivW{T2*|W=Wlmt#13EJs ztDZ+M0%wQJ<^@b{)M$h;!ouCW!^5j=*HP>SKdPAWzm%F;6@}#~GOQoZt2m}zIYfOA zd*_^W{U8arDq8E}m*GOirVE&lR=$!$$=|6xuCYoG$u4-2t|Z)mZ?Z^up6|xL`(ezR zx}n--_~ZUT=LwfCh%-;C`X9h3 z0z;7|v^M-MJ;gf>KNBp7X}#9n{l;GT_Xr_7&S9MEe|_k?SH{qkJKgSZh+V%Oac}6l zzmm8jvcQFSMZ>bB^gW?uSuZdR6Y}aM1Z8|+vvA*Y_Q1={;91vWq$#%6<(2%y)ZgPh zbWzT@s{CuWi3l7GNiuVm<+8}^Ehjai7UIj8AJrlj6<^~>#tlL2v))g}>A7~CdUggf zw+2dhlo3x3Yo1u~hRsM)f>_-PfNy{pByITMCO)a6^r6d0{Pi!Ps5+%9&i32D-Fwj% zmTNR1&ioS|{M`T)`nuAsCcF=ZhLva=8$4&Qdx+{kSN1|V!KNZl>i&nQ3C` zp?5%msV8qt?WJaqXCrJs>Kb94)7Ym}8^PTN5}DyV^FA7U_1znnChffhG*jaeFs)@$ zvM;XBZS63ir~Kk|J=WLD zjmuk_tv@#Y2{9C(TXB(aLH72^T_>pS#OY2Kkva~`yy!15hkW5&d43o1q)P|+ZpZ7?UEuHH^PWjst{`0ph`Uh-ShMbz2SA}Zh8slCVvoE%(j;Dxc6#{De=?UTJo1S zSACKnJVMpm>nttbmN%t0$aSv^y&o^uOgWrq3L3qE?J`{eO%V-QlCPDI5Qk+t7V_Dr z&YR+GTJx%x-62L|HwDnY%^|01S)5_4W$7^+2%{?^M_x!%gTVI zz^Z9JYzE=1UuocY$ytM56k{93y2|wUH8z@bi#2RHnbiRNRdBL;gGq?@0R@h>4!Y4JbBidiEo z7MnZg)~mE&6b43F^u*e%2_fi+@02^w{475yZQFTyMiDC_tsCbRzJf7n3!OVX`|@tx ztM$jKk=y(QoB2qG+bgALArt~(;ST#RWtNQ3jmT`tTJ1UY`P&>qse8T_fz^oD!c74N zt|qA-ceMSUjJ*(|3}uk@vJr}~r3-y%->~|xnwUCjbKm`)M8mVv?a0?|!u&qLo`}|U znSFN7H^7uRkNJ0g^*E~{|GW`i0U{riC6~pWf1z_^)1Sa6fxnvi zZmlpY?{f;p2Xl>Cl9g{!gF-Njng9GPLQ>btHOAwHlj`b0pqw26wZ3VhhlTV1=mXyS zb#m+SI9cWatK5qQR<;l)p5kZ0f5VJ<)E<3)ee`--B?LS;_(I2z-~#EfsX=Lb&v43*SUF5CygL6aAX>oeT^xoq;Oif zYUwHop)6SRU`6@CGOAE@?8VJbf4+$RW?+lG>zQjHn@c+~DBMp7*5p1aH@Fj&J|`D4 z(so909zUKzaaq%z&LE*QBFCcvE5A&j(_Pv$f zL)Y}yq{59|ywHsoQ!y8=AOkn4XC}5=Hwlxi7pD}zNGu~aYzxadVOpTfAC8Cljpy}M zja0$nn*l=QYFjtji6+D$4VEXrCaZr*JpVdb?;6$!>D~c@=cclIP97`S%f?evq)a`} zO{wqXCQCJGBv8BJaE*g?q;)-;txr8|*l~FN{_S0;*D|>VG;QnsR>gMiDB*0}1^z*f zQ;ao*4KM*M$yq*}H0(067g>&oAqsE0YRTpf_q#NjN&>tad;}m@8ssnXl4uj+j-=5* zf1rEXE}_-8k29Q#WhM6X)w{c~Ua7FQ`hD42p4pgs<*a0ymyN&acI)XCUhGRgdb^aB zs%{**hpAQg0|is%<}OP)-kFIqD$p$%xA0Hvz8^A!0r(06g`B#yX*(+a1q+)#XW~jN>ZAR5sy7xPaz)|nxk?60l zN{B^4k!$KrXN*7Ga1YKNGvxz}#dM#bWKYS1zSch6O!QRuYzkTmkXa#vQeVcW>6k(E z;null=3xSRgVns8Dl@FRt=@GlC5YMwgd`cv(SqR*C}^WZ=(hIHKZ?4|F{8&~%X~bz zY`f@Xz(!?v_Z@!l{m3~D-tHRL1UOYxy^t_-5lf-%{ZS(mJ8i%9SPvMQ!7hk4udSda zQ*a*lRZZDR#kKIY;# zO+srwItfs{t$_3r=M~-QHi^W3GTLP#NNwodAMh@Xo3`zAXe7y;TJ?xLscG!6_Ct9b zawg}{=$UWz1S zF4aI2*1!nXm^cCQVGtQpKiN~BVRb03lLm3t^U-n;Dy9@B@07hujvOz(uDG7tiw<%zA-YcT1(UF3-hTM43dkUIkHI4MTi?sFH1xvl|6H(nAOf zLN>2q5!c#*j$o&@>sM6jqaj}SqwsF&)29lx3wwLVNu}(cM1XU0-%#!&Pwsoh3)z_X zv!V7nxa>A4s%9-Ok`|`6QoAk#fy*a(&=bp#oeMX?W;Tx|JqIs1?t9*Nv%S(T)}p-? zum&4qWcqGccJF`Q+6=ATk%u>?_>q?NBIP~%CG0#Q=DOfT;^)lw8Yb}{SZReI*)vd@ zm-*^TULb8hci-`n$T#?yMi9L~A_$!++gWKDU)GYd+uvz>`o1+=MKr1<*n!bsYxx}A zv~Xgu5hY(fNi!+mA0I8xD4d}h%ed1(qsMD>GZ8{F*;*uw4mdqrx%pvi*T%2>KIos&E&oin|4s%zmbKiAi58cDd~`p)sv+HaG#w2cL|qfFKa!Gd9X8TReO17 z?)K^G?!{15#hZEWN~wFOq0kHLugND#@B->`XHQJt$W1dVy8=N@r1g(b-2M)4KJv>G zoU^Qr!EdR7Z0FRIwk?l$)8|j;H)hCxHoZoIqvTCve6+~NsJ!tHGZcJaA9AZ0BOee? zkcz-2wr2x&3iJh#d3TA5tulx_Ij#dX$P~ynL$QiC95~Fg5ot_zj(OYDV%UarTRWe4 z4v_>q)>$rMhy&jpQ?DwbNb;R__1+^75-zjbDUG~uCCGT`L?K)*hz^ba zL>U^bUX#n#!5>t5x>#<=O7bnT?^=-wcqc+hzKv9?#zOHKUe^{d?Ym#nNi+&q4LUe_9X4K+7s=VT-o16LEcC?`*>Bmx!F^3XFlFMvd2mvkdO_ z=4Q#d9x;<7ejw=l5T^btKYw9r zquhcCnB&c_93W19#<)(f1v`>aAG{muG{gV52~;Hg?|o4cBKK%1#4I1`IyGVQ&5%n(G94HJ>(8lk&P-EVzI(Mx4AM1k9$kC< zD3cl?I*Ifk)Q-S2YmX(Ugzk2jrYz$xhkJyAL9AaX6^6^i@p9)$*;joCEkk0Q?BSEu zGQ`Nr-^bV7A?OHPH@j^x@6m<(D0 zJEFb`HyDOxuL^+!fUP=2x9peU#3Gw@7*)EhT)!K`gX-Yx8ZX#QQ327(8PlD5k~ikp)um=0Qlag)rWL*NBXE38 z`%&5@i+E}qhvE!6EPk}?Sld4cTjL!~-kx4*d{hS&L_4MGwCuQnVN)pia_c)`=b}GjFSK7Ka6$&!ZZbSql3H+LN6 zBvLEbo80Gi&^-2)S-rcQQt3f2t0@QTi#J|r6+S}hn8lvs!wa{atOG@66-lQ*0)0Pa z#qo?ioLp@PrDG3@n7)?q?9EBsaN8_;D9g^!&DeVm(!CznxA{-B;TXhoHrGA7$RvpN zkS34!c*e?W4LZ_Pnrh)q>`Z}InVW?Sf#}RrI1YoMW59cyvmxitSf;d6E}06di;ZR( z0()40BdAuqyPJ{Dm<7hc#-~rM(piWt*+e(%sG4V9`MhUzM!AXFUH{~DezI9BErte6 zG~P2;N%qmQR(sR;SZXcyxG1m&-THINw3@d#!EnV}DP`Ha_U>^wbzy&21&KeOW^sh7 zzFEufr|E%2bDu{1Vlz?hA5sRHa3R0uD7Q4tNXDRuvW*p#=IthBr0oT@Q%|0iIq>b= zNDgam7|oj)k`nxih@;3RN?VCoN~I|JnB)~TSu?u+nI%?Oj+n;0 zw~`@7=(d<8IOG52akj-?X(=pb)LZ`USlu_Wv4p;h3GVN5Q&Cu!mR>lLUbNoF5yv1A z1l$E;fR*EBsE+I^vh_QIct_tQhIC|kZ%sWfM2-6Y-#q#5AD>kP#>wM8a;A<*>f!-d zLjS|exBaWIATO(`V|kFL;O$l9(0P=Pri|fR)05MZvT#7(u}oY76H0364&C+d#lm5H z{dQz0m)!J}a+)Z265i zJqi>UBCZeCh1Tt{OhNoB6gyov|7bnZ^Zqz4zkVyn!O;?Q$Ccqd_7g6T^7aFv@aq*j z9sU#g{m8|dvjELC81BZnT8PX0n45IXS!uEwgEc7|c5rC@Im+d;jo9SmPV_NX47#xX z7kXfwd-LZ-5Y!_p$8TAJ^sMKXi5#9P3-i%(mvtM#1Wo#!o(EDzUn z*)SR2Mzbme`8;ITd2sNCo1;B(0=v=@1F#_{@G~t$TA;zo zJC?sJZuGALVj9+~|0qwkZalBL5LLgW*gNzoB?pi3tY`hfcZ!fdBKmVhq7dLp1KqY# zsUx84p<*+h%*p2a!Y1rCI8|bs^HRO@F3X1|Jr=js8AFWd$YuTHVr%+dxo40Ma(8x$ z_W|&z{#U=O$aX@Ee7F{tN(>kC9TxxC-n8#Iw`)a__47MVrW^pnrxHqjR?_xrjY-5c zwl~TfI%?U(lkS>x_PmvG=WqiIIt#lK@vXQ; zg1fc6a4GR3vM zZG0O-0zZ@fbS%X2rDS^=IQxZQ$2La?sl&h#`?!$#C55i#E$3mIb7}3q5aW~4Q=_>B zsDc+)Wlb_%cs8=heBWEa53^%qfLxLhBInucy+GgYdf+>(S-0gNyFd1MsYv{s*k44+ zItZJ$LeoBasoEZ|hL^u?M8PLGTWXPb)GTSkz=D=x)C%O0b~7_y5q8C3)z~`qGh#P%~69G7o^7}dLKqX!vZYB>Tsuvb*`E-bXY9HZU$Zz~RawIfUVii?eO;bt<7QX94>CiLZoO zKw9Q;^0C@bRI%A7JOIPzOw;ZFj}yP9Z(#EH6ub88^7~MgOs|0d#2eqJI4Aic5p$hAt?!P{>az{q~8^HqB;5Map&VuYj-7&cu@$@j!47Q@mFlgvw1SuruGE z#dN+Qm2f`}Ey9t>{qv`d@l{+0o}`iG$r{nJGvs263pCwqx%8JK#ZRejkJubDdK9{& zr!dX?NcrpgbxeEfGceLx^LAv6xYKXAs8^-B3kKwNsYVkbmr`^8=_!(C6 z=_N_OzCYVoc=O}fsIRZz1H)e?jVf~N9qRjqUQN~hE}8UN@@!6FQv8W;arr*yuETej zz^WiL>?3o9l&QY<4j?WH9q|p1ygVC*Da`E@PYhoOHK)+3>_l>Cc@I5rrU(dW4k6bX zTniejYvpYAInO8Fjo2`!0&s@0$2LtkaDA7)q+yB!c%Hv5VFx$kL0>r9I%g&`_03sY z?6+f7)MR}SmB`R}#5U1RyLJxmI!Tb)m9wABX=r2Z!6LW&_gwpmY55FC{D7Mn{R4)L zWxJ^PZ)=f8Pcd)pdkU(ti{aBce`=z&5n3IWh{#a}L4-Nm4xrh?A8h2`A+Wz@mnfkE zHDA;?8=1r3I1Sia|8baQT8H;jLpW;%l1VrDkC6(KOr}{Hny?TSNo%!gu4+!yI5(hQ zOiW&hJnYfEKj#@bj+>4gm09AT+E3vQA3d7FC1GY;tq9KS@3C@ykm3Dd_UiKzF3~zd(%4s4JiP5P89d8v~g^Rvx(5@?$Jw?DpS? zN`8DjKZ?xjyhT%b`sJXgg731BLJWy2DvJuTN0jcN(8hR3Uk7m5AJwsL@G-hC)L!h~ zX4Cv@BR{+qR#R~z$)Phr=I8}DEPNOlG4a%euG5ocX_ox$35R+z+^Cs|Nfia!pG@{qq}|o7gW+G z+qCPu<+)}GB?UP4Cp?B?KVSQoN{A$P1swyb{;M}_e9D!?j#SzHyad@ERM~R$HUtv#vznW3F6pZvHf#iyk!b%pG&@guLG%`Xso{G89Ux zeZMo!+?b_n%Sw^jR?n2mDc|YUM})pugk++h7um}O5!EXP?Eq@$hf<2A$%Ig|X^c2* zWvA<0c+-S&n^_+_Fm+!tacQtCWy=9AYN*$=AnahNH)g`4|3i3V8Adgyo}WbcQ+(a| zZAOqX{WEcwyq{w(dgJd5!+z1*HR$Sl3Ic`@Q4eqzn7{ck>8%WW?HoEGtM8ZvrU`SY zs_5f$l`av5Q*M_mdhR*P_p<_;(qh>!#%M}-$6Xi>8NgdJO!vHL0sAVl?Az14JQ?GB z)X~g6?u;5oCHwRG#4nKs9I_9$iFyrY-x`{HCEoM$#;bNEtehCo9q^so zwi-_MnfmlGSPyIlv`>eJQ)MQ}_Y*c98H4>i9?oiMd$PsMwQHLAI%Qxe9O^qed4tD+iTn%~+cUYiq zKdgIcC4DdGHv(zZAcq|3j9w z4uS2(Hx>BR3S*l|%ACv+W>)%-g>)V8oHNwd?=q9DKBSZCiV<)7!*>w{{&f-M4&RFeun4X5jfsyfzP54n z)$Tb=MdRj&dH7j$#|wNi5(}>jGWC~JG3bgz_HBv_X1ZXAos9m<;0q@ra9lF1wq7@N z`Wd*;snlUV?vG=l6g~{_xa#vXDv`~le$bAmZf-OWpDQl-LQ(-+co_BNZ{3IgbX!-( z`mG3ejuxO59l-9N@|T4Rd}dRPXC*@a{WnHDJ+lSpniT)Vv!VdA^7v_9x`yjT+pYuN z7O=)_4(~SNc?^l?)8qc7&bKO#bv_B}{^dt_`}(g{Zv-9g^T1rUCpZM0qKW`n zvV|jMa;TmLLlW`TSR1zaVx2AO%y`Kot@uD9g63bIXy`MPZlh5<%v}Fv72=t4_5yaD zGh;=y+Hb|&(z2~@=dWy#rqZuh;BRhw;W)7}0aGlGl`=?~bjuk8u&pJ8QtKOHQxxo1 zOqTWpMz@%$Crwwbm7R1Umk}EmZ5Pl)>EIH zo3OYjR-C8CaEag+vS8dnEtx1n`#Jx7%y6lxIo3vez&>qPsyykhp70uh2;yNFU*00-UD(Sf5viTd=fagYieX%^%+Y<>oe=*%eBN=6 zmif3#g!b}sqP4%8udLBazP-WJze&T*))T*1C&0|k){(lAN3n4oA3k{cU{w7Rev##o z4|vjSU$D0ShuM6x<+Thw{w}WX?zwj1`@gf~&cmTlqrAhshnf+3WZVE~W7UZt{&h0C zW<;;i50d?g<^Cs6d~jMJ@WL7t4Rixqb;{j*LP|GQDfAVq)4b5&;`)7i+}po?nENSj z&)+zV$4VX~6-}dq>;Zz4tX^Ip^W#V}k1jYr$HgQ_Vq;E}<(O|P{SD_cShPSBKLVEt zaI(j)?w92xq*e)yDEMz8PVXJM&nRTPxKbPQ3kPUew&DQsrwU2mA;`SHXr@inYnhija}vY@%`D;wBm0 zfrmVxempP~g|HmUxd&c)ne#}`(Um`{0(yHy^yBpBzh5P!{BX8d@T}LBv6aaG=J^}x zL?S0xMSNMsY#QTP_^`xwWd-2GZQ>2$_x+{ASN9rM<#7qVj;CV}jIOW^SFwUN;>-p~ zQp@UrZkQaetc(|8142!^FQV}$$011P#jh+^q#EzMvvIwg@-!-`)N|Cys?FJEY);_U zU~&ClZ(?}_zh!thFr2Wq+lT9W+zrq(oFR`Vs-pOwrhhE6Rwa9r4g`gL1X<+DrGyw0 zD6Q-_)yUm`#A`4bIGv5G3D^*n?a=}+ ze<^i1uPijf6Qe3~=ZJm3l2iTWfsko8+Fgsz1+TXh-)po)t(=(Z#sxNm&?id>$rOrl zenGUGt?6;Rm6oN%Px^J1uFBe~XJLhks=!q|tuxaliFprwuJh6<6r0DMyq@H07Q#wo zv=XEzblHP>rxe0cX5I-s(sM*3lv%zmi<&Ix@hI#QpuYYyA#j1_!}sM9Y31`Ii_B+GHqr*>hItrk# zET21XzfL+{9>Ak6Sge)lwren+N=yWeMvvkFA_`s9**qDz4QUSlz_((}GP(5d!^y>3 zPYov@>*+QkN+X;zi0Y@Gw%dXr(Cs}u8Lt{>CitFmdKd7k0a1HgZ)Q%Vn5SUhsY(iX zTo&PH_)!yY#)ski{ar^3N9y|*-(q_ab4_Z;!`75Vk4gw;3~3_fw!W)LeP>T z>HM;Zl9ipZs%YZG1+*{jIH(%M5l(p6P_r2CK^h!=_M)*9%EPxgZ1JfDPZNWX3$U|) za^I|0SQmtVy30HKngx{a*Z33jI`(IM3ZZT~@iUnBve(xT5^aEi4R#E_&^Kye%TbBp z#gCfsH%&i**bUe>cmIxMQRr9xn8R z;qS2zY^q{uzT%uH={cV5vc%YFV!;G3DN#*p9-ermHns}IsDmpjQm#ip8)B?Ff3};6|zzU7m zzoo%n_I@3nxkt(4nt=s7{_2?BsfU;R?uIEtt(>jq*l(icH*E;7mb<5YRZ)K#PqjA> z7TNgv>MF0~9Dg2@HjL$DOkW$q3fyEOiduG-Xg&uV%UEgb9?dEZXWp<_(e=WjidRNe z71;i7cZK=BNFZ*{0gNiSLCVW8?D6mw0#)0}?P5X#(ybIcScQ4YKE}eh6VSx{QTfqA zxSyh>D+Eoi;8A^QZF*0649gS>b1J!#UN>O)TpoB+406v~C%l9xkXNMxTY%A=Ko9W+ z0q`$OBKynVN%(9sv0g1A!>kGK4xUe-s+LN>@xA=CLey1qMv6kkOFdcLArJ-X-UkVLu?dKaXXaSv3S1q6pyLL0daue z{2(+hfsEv`vnk|h_?HSllR{SaE{U%<439(XAMxKFpzUxnG{^E(-9irlu2c=66kB4c z$scozwgS{9l{AR=$A;EgL@bJ2_o=6zBgijxvs9O_SrjW5Q*T} z%|K=Z}crAPnTpSJ3v@(dXMG&o1?(|$0A&6+h zwe5gGVs+P)#kTW-_*}9;B@v2m_Pr;wub>?7Cf)}D(dam=I{&*j16iwla64RCDj^)2 ze{;Z*^io79gw(L_aeG5acAOTzm+_omdn-aNBk}BL+;Fc(XkT|y;Lz!sK9qZv656~( z$Kz6QCVR+ZMVn04>d|gl{YLXPpIGH8&J(V6&>RB@vd@5cj+bCBkj-?E>!*8U!lNX^-YJ9XApesLXF)?WK+4-z}xAn4)Ynor%T0?w%Y? zpB=b#N$Xih%|SaX7w6Y1zP3#=I=}FId>c7?f~Vru#Gg(02rGl1tuu^vrLi z)j>xN(G9da$E?YR2dArddhKZ;tPi@HpGjFtWN&#s#d1>+S_UAc z{mnLm^yclgIqK!>jS+$g8W6%QE84OzH2;0|F5o?5-09rw@t%zIWPw$YTbojqIr%Jn z*r}48C3521j6A0FG@1(DI}CWeDsJmXt{Wh(|2p&*v>q)P58K+kmWNqOgz<%mE0sT= zghV~vDLn;oW11@;zRklsS>X(ZBKMO4_m=ST{;G>WW&wdZl&!v@%_uIAB|m=SBv;KY z%9!^a_3SZf!&*tJD<8RN!4{6dUZA&_)Lun@3v=RIbB8Mwaik8#@3`+`c5)%=3FOsAEu-S-x@g@50wf{0B)A0E;O;bTjXMeM9fEtX;O_1Yjk^VRckSTr?zi6W+;hg@ zPcyopYVX>%)?CkgVIUvABkEGvu`m(oe;tMlcv-y{f6+@AbnD~X;r&ErxfWQwrq2-8 znr`vja=?DjVx$-P`~~5$uU^yk9)Pn2&0aBStYq-sf5|T|id>F(-FBX_N`tpOEV=~` z7kEo~9L|Ob58lwLo8}TFI10fbd?@FQRQx)BdH#&<=O)bHCQ+RQNb^it#J>t|dV6pQ z<_ggComNAuh#H7G@D2$&WY=MpDB}1Vmf)~sx6=9QFOCDvtS^uVhjt zc=Kjjfs=@v&cin0PWXm%$}>5{M&5UyvLlQYKU>mM1Y?!eR&M0j=8j1g|3x8WDQcIt zo1$%~4?QhlyJ0uH{0J0P;3J%raudH75=%1V5%iAiB?|d*j5SQcoOtY#{3Li@M~o2& ztCE}BgpvIY&y(nLQm$~-f{>3E-JbBe>m_>oz2UeCHc9B8s3C@gUNa=-diFUbEa%wV zMRfSttw?nK+SFZlIa~eZov@2J{4aw4@h@ssUzc*|78tT%jZS8xbqdHsC3>>-%Szb) zZ*EN)C=rj0q1E9Rn(JUG(q8k#I3LQv#nlE*lY620^VTMwGa)@$V?>HJ%Rs$X>l*K& zCm7Jp4JuN8wdv@~vfQtMTSrDN9qIizyl+0O%H3AZw}8AOQqJ@3PXrZ`&aCgpb$D3= za}mpq{wzz^Tay$5|B`SDr7j1q%6h?)lQx=0!DtH0iiXf2A}eIo#`y@?k5xcv_N+qc z`vXCO@bpx3M1XDs8^MTI)1ut9jepA!DE0Ge zELOPw)>NXM`!^==%ZR|_NeuTu<%|U$fA7@LW6|rgDLLY-T}xwxwmq>bb`Y$JZ!UPb z2vmW$lGTmOF&M;G$IVDJ#mqC$D=6Y{A($nVp`TEn(Ix*8+`N>R*h%>!gslY~$dYBD} z>3DDmMJ*5lb|7eh*6(Ltz0h2{=}hxC&V6pdUBk@a^$44-`*pM=!_V$oilMkx*qMr6 zfD@qBi+b<#^J$@Poow;tzi%ZZ_Xaa>WD9X*o|Dj&rn^q3N1e}HIm1MMl`05C8I-?Z>gL{Mql0klkh^Qy4X zUNa+}9q(1FU5T||mV%`I;DV%qcBaZoGFip~>P}S#*q2-7|3kn0XqXqB_R)Ul2FXmc zYXEQ@huIBGrzVi_NJMmIZ=s_vbWnavB6R5(W9|?=A-P9y^1PYey1_e)t08%O4-&j( z$gj{AVamMw(&Y7^(grOA$!31mo$srA{ypD#33LZuO+UDM&KtbFho&-1kXbELO!&ys z-1-k`=BPfSq`e{MzQx(H2adu@JSsa2?L-C9gV&q*s^POv4`wCOmPt$4k* zXZO9l!`kA1JlZSgWJ9KeVJhC!tn1D~^M=A2Ik4~8eI!-)(qg~K)cfE=9nX#T|C!Qw znmy6CRTP4T-_U$f5fcFz&R6=uqoDk%44jCOP zIIF$#VrE&~9qb&-NV9eVtEpng2L|dC`%mU4nKwHyK@(xM=2Z&CK|xW6ZsRF+*v1e^ zwaLjgsI%e+DSen^_D8=O9Nz9ePX=I86PO zW!1&UA&kjCR1-6Wcj-fEH}1->exipcY~pF zrj|?Rc8Tb44qke{oEo-9h)KHd1J=dZux|FG)?W8@J3xj-Yw6iGjy4b_l!w))KaKUO z7`sVS@a8dpWS>!9{C87D<)t_QkoC5ggM;H_$aCQS()HmEAtQ(2Im#6bM#Q>V^TKvv>U@$1$322! zD{{lPBsp^tsF#?B+0ro&UjWRrq33^eXutnx)Bj^p^K;WFsb#g(1HX;r{f{l(`5$lk ze>7_1v_A>BI7K_-ei7LeN)W_Uc;N?v{kqP{gJ->jb|>HxsC zeRBA9PpFk3bGmr|mSO}}ChMs4)zP5iKbkgLW&>u?=<2cRoUYZ2sh$k82G~dkFbmK5 zq+4=$Xt7A910b%W$taZou7>@KZu8uVH9+Tn?&iZO;=22h()RN$fa6I?)QseU=odQe zZab8gueFMUiJ1WJ8@=p$2S)0dr_ttjJJetxyaW7MehDqUTHvOZDhzOxof~;ksj>{W@j?qMsm5YnAy{TL^;*i$M-&rc(BgoJUb9mPVWJh>&{pl!NP5hn~2*`ZRzr+ z=jp{a0Q<0*zGn{TMq(xir4pIkGSO$u)jg7i<;JN?2WaiTcG{XA~y~!ward{MhYK?R2M=kb9W$f zNOLOlBQ$QYue3wL|B?dH?)x*?yxHtF=j1O&f@8U7Ub3?50)S&-Zi2#L|26GU%a4vk z&k&GXuzw$2|_Py8EN$_i2)pPeDPZFcEnrV`4-ILATs z@P0L9Kd>{>EMH7>8qZnNM}u;7p0P3E0O!~}53Q>IdWE02xy2laR%yHLy?1nQOik2A z!zuC{vFmsfGVJwjIHGQ^-7S3Sk?i+kOv=CSyd8!JtIY*?_&A5tD|0V5UtItjH~^(r z!Y?p_{E&DElAiH$qHJ@Ot+}T|%j}!uY}FlwX)>51f&&3#qM44lk%62~LrrCV$wPm$ z+G-9n#+=N5G&knnQe!03IhX;MI_QviVb0NDLd_cl4S-v;g6%|9Rn;h?V7=lZuAHie|6y{;4&(=~*e zFpgt(VliyMYyTh35a0IDwbfP%o_x8+16Kv&iiZa8g0h~hkX%3k%_;gP+ml~H@_@}X zFzrzDFdMMX3L65H^z4yTDTx{<6hP+l*&B4J4BGdWi6G2A%9q_YZMa@l0=$PyJS^># z#2`)ws&Yerv-zeXc>QjYJFc1c_DE6diaH-u1Zju(DBBql;h6c;J{>W!{Mf=GF#@Io z_`tH5P~%Onz9*Z#{~Rprb4x=n<|^`^!U^^zTBw4+4~eNB&p3c^if1@+Xr&O|=Okzo zklJ?tZ&1t+*A$J~BCc9O*qMQwN@0pc4ppVd1;_b_?#|M0CE?3B5}}z1S3&cW)zkUq zI7Tf&YKW*oy=xms!ol~?r*>=;N}a6&Ub07UOeaoJ%ZL+ z-P`*E2g`MUuElYbTuS{+Gt|9qYQs`ToFN5pbVg-~iM?Ed9iW+;Pr%H5w?lQcyiy1O z319H=?v>V%)4(IW=Gi+eysmFud@(N)_7pcC9LhPO4BdY!iB}~d0%;sr?(fXf>q1eh ze)W1tl=Y9&i=DQvZ5Xv{Ye)h-Mj%s&W5TE_JZj-=YD7r0a$uccVfIhEmI`k}p&i>rE-4K}#(=FswQ-=(ztGyVR*&*F75Tt9+84ss?^Y1&kN8 z*MA0Crjlgzj|z(-9DJ295^dG217v2|BM6t<-tXtLm8)?X$+_i9bIg5bchbR@~=oBJN^@?W;J?i*u7*)^Dz0>N@Vp5B4{TT(r5Ms_$g z(Y~(JDO6Dn1*P_|j9#zJX|;7r0jl33Ard^O9I3d{lpz-kcx6l#XQ5ZyIc58X$X1u- z=lZ3Ib(^gEUlu(7$Y@ujjq085eXrQGGpaaxw zYk#iEq4*mwmrdyaRBHbzWIL|Ki%2bvXB382R8#BUTv?$HI04COnNl6Ev<0#n8Wp#6 z%_!8~dWga?!(=J<_p3j3IBKY_R4F7fu;Jvk?}UCH9PW+hTq35*^ryH?UO#+&aOB0p zr^}==RPxC0U z`#topljVRgU|08>xBIuXR<8i4fm|L_B2HYZC&MvsV=U@@ppvI-s4Geg?PUFV&6xVD@ARG zV+<{8lPp_(o(awm6ys3ZY`t|`K2YF~9aUy;LGRg}pQ3#c6y%ZR<>@pC z(l&LD!n}YOj4v>Sz|c~U6(<&>l$yt$8GqmU(_01GP%D7@5L8G?aUOg*`li66gugZjaNqE{os-u%_e&IAxz z5^CBdK*TJ;ES}qSV0Opb^klI_BIhjTHdbF{rZok<7g90u?Q4`;fPHJDz;qSaggih- zDwP1)uyQ_Gd#;78`swS|ixzl@QhN{yDQOT2N_b}qWPZFSwy?I!Me#V^)OWY+G~_)v zreD7O%yp<`{&<>$dg}-nI4zA2wdPx=`~RL2_uaza^@6K&OLf=yorh`_w(Od5oRtM(K>{LNuIWx4 z=`-tf$;~VC%Fd?fJn#NY)YlNRdjTlE2D{KtTkohTr;F+c2Ii(iB`TI_E=Ok@YKO8= z)<|A=9ydr|5x+GyZO`B>I*lL#+kPQWX%i~}05@8A7K*p=P)Y;oJrI-J^M1W>z6fcx zIWH?I&&`Y^lvNzhkZc(7qq}<@)qyZ-5b){@3Nc4}Tw>9%b0l*T*=NPCNIneb6~_Uo zTIWhWi=zX_+Vn>i*;|slF?ylqyajcSK(zCGJ@ z8HXqw5)4xpWK`Ml$s>8{f-32TTF6)_!(TWZ`#dvYK$$%?VE3u*x$!N2W`)PZ6zA|y zc>fV7>&57S0k8FKOCt$~%_Zm3_`?R?iIK@?9I&>RU^$P6>PfJWe46Nf8S^*TnZ(JZ z&3gO1O3hAm_@>38*Ebdl1iG@6&Bn{`(zkV1tl;Au_&{-SbuM;g6HkG*Muz~0vcl69 zdCB`9uEQH-))pVM9Y-S6i3AitE7IOJv-njxzJpI$0tcJanJ5z?i>D_RFQ#4T25-ih zw1Exx6=lO61pMpjeY!zY8uS8ob=){N({l*TB474H^E`-q^|$BQy>Hf&W(Rhmf@)i z){*@>4=o(Co$hun7$xRCao+9OWoFcohT;+t{6qgD-rbmc{>`PPMgE<(bC*_g%s*BK z8S)n)S-noAqE%O(M3Wh!(T$R(B@fdV_`8(G6aw0=vg0fA7w=Hb;tGo9)t1*zr8~k^ zxoe8Vltma@WIi3r{f%Lx z<3wrIDfpK$?YWN+Y9AS;@&Rocwo00OemKXBS6wJ{wRJ4Lz)Gw{lMfa1`nDeCqX(V7 z*5NYGZG)Fzt4-cHSz?_3G_1tCb1c6(56MdAbNbn_Pj}y+nS0-II~8`!M?*myJeC+Y z(QMRTT$LL?lwvi|_sVdL>YRIb(dy1B-BEAM!}GIai1~(4Ub90wVcqkx>j@MWi(#M9(ekLjl@di)~Srpxw$*Q|vg4k`|_7#^?o~~}2rvgSGctL;L*~7Rz+JSy- zXBTUzq^c#Y$gC+EkSND=@}{9@hKSRl%i2ec7?q2Fu897Lrj968Mq}!fkl!8sd$g^y z7UDSKVvt-HL&;Jd{}x5C{KH1 zfGC-TfK!?#xXv6Pro6+Qm(sMSdGI3-TIXzL(RUC|pcuj)9Q(@A9k3g{g=Ti5Ez2upe z_K`!7#EHJ-%?F>Whqdck`jL3l{=2El@Y15{>@g2hTl?brh>Q&dd$QZ|e|;_M3&(j* zZ1?SUC@tyVKQToZX;gG{c^VDJK zB`2pKY{5Ce-4@V4mm2dziw;voScB>YMpSu;x8zgP6(;6tJoMd{UrCvPx)Y1JcA~4m zeJqRESb=A&b!+?@*K*@9FN;}2H^)(B-h*9G2O(d?h8COgPw#`pCgiP@lknoy`XOP3 zw=nvO3f-^zJa0rD+Il@zRwsmCQ+Ol~YK+GK*hCCcX5dZ~c2Pcq=qm>V!-nse!A_8J zcDDBE4E!+v1gZ^tC26s%(Nw-18ZzIQI~Gt^aX3*7^dB^nz4_Jeu>%!wxZGj1m5I6C(7E~T1a4+AA3#4{V%!dVL2 zs4Qg#MqJj}gt!^g_s!j;$nVJC(dp*@OX2f|y?sCyn&8hdqA4v3D!BAJDqlEVm!7`6 zJ>;?tp+6-^ZAkV8vbb%~lM6gY#ieGyh?Q-g@55-*(jG#Ndams6M!zFLn~0!RJ;%vV zp#|8Mwg_R}(r8v`a^xB*d@D+ZcB6lqXm@Yvzhn@@U&u-pV3$+7pEoE_l3f=M>^@?q zkdZ+iRJ+&2r70-}f5{yXwiDxrZ$EfcP$V;oq8Al)pH=&O>pgu>$s)ChipY;%Y3qGP z^=j2NB`wdOncA`xsOpo%U|UvDw86lej4uP!Dij^QJq>IT@qD=tcA#UFD^T)5z&I&) zKDGawc;aN)vIH7NU5s&;!zQ}8$eQhsh_)A}VdSrjWR+!_%419|_8Hex`b93kHD1AB zprAOCCW6Bt;oOpzFHfxyG)`}=Hx;(Rm z;Zbp~bxIz<+?vk@i)~@!$?by>HYCEIuj*er^;4E~2I+ZIUIg5k;%9XW7Wr)Uk`lS< zoE#_WRSL}?X(cVKZS$jtHBuP|H7rI->Qr@IA+~SaaSM#pD`IcO)Yn1yb%xhOaE|aD zrGMkC%9!uktL*r{!cY_*kb(km?MnQ@$!L|e1vk0CP1ej$Qv9(VdPE)Q~$%P?ik_8(EM&0tm} zY3}dMvs)BQzHDr?dpex|^}1|Wj!Op&;!@LhAbyE7xJ8>>w$Y6iE^tp?2Xev4y;*~e z@;Y1iy?;lHy^_|O{bVbUohhoBQr^)SI-l-{e~Hz5l#tt@&&`;$@Z49BXZzKci7LGrhs5Cz8l zlYU{l^!E)u!;Sg-pPQxforE%+L`7~ta!rzR`A!Md8tms3k>i%olBuqojp_blD`6UP z`mpV~f%-^O>CwS>FWw&{yFQGZI8{kWPZL~mACjV-(lu}Hs3*Xzqfljm7w4KCm60qE znX4=^j5y++AG z7!-b;h8~sJ5WMURZ5w*t|L(J&h}{o&`5vJ#C8kw?M(R!N&K8)L2&3ouFnfADe0-?D zY?mQQ+z`1ba+}ba)z-#Xq-k<2qr~!lO{-bd5TvujXMQ!rq1ttdBdaUgZBBj|(U+ip zAJHQ_KB^<7wxd+n^hC_lM~i5=&hVU@cs9Dco9cGRfA7jKD-{+ydOrmg!{ma zyeItj>I@m@JiGh9#J&pfm0UzOnHlKTCYtT{ob zdnp9$(s+_H9Ra>$?zp2X=l_+aPRP?I$`#L4{pMvXXflQ$elUSlKN>-;iixYGnZ{}o z&QhTxT{oMDEtYj>#7#0d4v{YUi8T<1#Gj&YVmH&hxW5g39$)aWpIVBL(0{9AhdGWR zCwZkfsTP449tiiXARBl)`fCbBADLH_rnlRJ8Gj%`Ndv zTy*zS$kMVt89s7xLh@0b-UQUme)$VVMAXBOEbewk?!a(UM06_u=Ced-I$2)8XOI>7 z@k^5Uij)5SG4^X#yZNwwgw z&t)}yWa%GZ_UD*J&G$1F7!~O4O|2D>c24CO+V%FO@moViXA06VmLmUSJCYyYr1lMl zQY`l!w7;0BuPV?u3mM8(1K4xzviwL)*&CvN5spC~8PyiZ0xTxY{%*Q7^o4d$FXo0U zA8$M3>jTa4LKlTvS)?E2zaOPI##H8CGC}hFJYJt*LYW2INY?px;{722F@4smDWjX+ zYFT0F$Bm|oU8mv0_TgsZrl+Vl?TXL(!Cip2AmyW&D5Z796uPMl9W8X7LLqO7POm`c zoCbNsNup`-(1Mz1#{5k0K0tGJS`lj0IMY!{9TXsf1}ij@C`L@*5>--rv5C|GgwvvNQ>y3=$Ful#p%~Pui->mJ6Gz1{%U= zBu5lCH_&~hxf4KRUIek3d{>Wi?)Iio!m$6nfS=c2QO0HxD|&=ikX(6v7PEmzG#&d9 zk2K>AR-92tVjzk~JIgEWQYa^$?&b|S8Dc>#hLXcA84M7av|*BxMexbX#zomZ43aki04XW*r&z$ zJaG8Lb6-Xyh8Kt~^if7WYP`vWlJ#_V^@PKk9xJV3`+)bjf!sC+hwAEt6ak^a;05rR z0?!Qx1SbBl)(WzTKrXgB&fM>#3@1~;R?>71Zv8bT-C8VbialGO8e;$$Q5Q64>z5TB zujgeJRP5F5cNTA75lGM&atI465c zqvE6%hDr)Bue3z+A;!@`et~MZmv4^kucI8EQx$oJ(sKLa-u|Gqa99~P5QHDTT3Dbi z@bx+K@Lc_q!O$Gra2$mJC;QR{&z}O&H)y9+)NkC2fzbyCl4r8)R z9~YO8=*OuMSsV}#5wSQ>gWKq0xl)Bw1hLHqj`zwty$z@hRo54|$Nr0wPTV}Vnw%`V zp8MPQ$@=JSX17`zgE9bQNmv~mE%%DFx;3V?HSTgOapHXI(DCKvZ{SFJ6w50Xkd zDtSQEcAZf`B{aN`oCavVayf$DFp;J0Bl6|ZW%u8NqxP;^zC!PI1g{Mz2~*=iHO{9T zuW*2Qyt*>{NczL4hQVJ7yw*b9rf5W$=WNXXwc5LXiQ}pB5cj_{A)*fL1#t=YB)Ktt zfg~k)H1GizOT$-FOTAk}ujX>IToZp=&(BUgj4nA-{vup1z(&b{LcNBTy4+ZOZ6|ky z(<%Zk6{=7rIlKF71`r_FCG+KLT@hN3)HTgQtN<&I^ zj#^$D!tsT5l^`p_>@!pR{s)wQ2gv0C#fY#EuT{dmgnSiHU3o!|?+MnX0jM>ntGXSo zD(^~=Lgh4tkDuW|$3iSt&>m02lfL!RIcX2-9)_|Q1RR_VNZa&&*^CbsJPyP|-_l)N z{Oic*06vl$WTZbRmOVr9{XtT#qhtlvjHrK?a){?2s>15KHqR+QGBRWi|C=f0_OJDRnhYMVZ{y4@es&m`vg&v)lAD$uQI8QJaqC z2OwEn;DzcmVtm!Tw9V=?Jz4rH!84LBG%T7W>WxQSGGXxkymgth5y&u|j!Q(Wr=O90 zPz{o1$HltRfh*mw2~AMePnK>X_=0Q1&d<&RQoxpg8?v&rpvvTLoXSz4xr#Wk#qc0k zV%CdEQg4KZ5Bx2xe%Rlef2XGY00bAF9<}T)d!4>~FgLe}bgOG0&N!Ucgf;{$LDAp#TE0qz{?vtd`%W=o4_tWK66eH(W10Sr{Vu~= z8zjSQKm}{GzgjA(GsJ!AUqRTy#T%t=lOCD+BkbvVPgmvjr?6leSyuh$YDSFl2i&ER zE^-zS$;DN)n>tAY7BXEA4XZTX!adT2S%#NB>y5TA)>HVr#FPVWwvIx2f{S`mC7JjS z5a`n(aNgba7klGvzaRzFw(VsMk72-$D>`^}8ER4i_7mI5mJ|K|-Yj!CpMz8a#d%xH z1Z5ETA+Sp}k)oL16pO{7|C*pcg!Rj0Rxc1B(Y&}8_GVo0R;vA!@M^MSJ;cmR-JgXH z?G~y3AT5&(gmywfShy3eW#gpckuHzHp_L*^%9sK#L*G(b%rebM%{i_8S_LYb4Rtil z`2b2S?$gcLWNq*Hr}Fjfpu}*a^6R?9z+e{0^oO;z{!^k4v#(NFe}J=*oh=ROduiWa zqwQmr*5ruSw%UBW1JSdOO=*PpsA{O6^>!=YV?>&8a2O8yd$Z{xC`Ac;4vu|O;A@8( znPrU&AYrq89u(I}RW{@8U-o4!G&8IgO@5FqnBGW%^`YuDbTlw?DUBH0j zN0dZyxyn6XbLjNgc;@RjuNX>Xs&iRK$6rrhX#bvfS1hp_RdsnA;oiJW#U zDNftZW3iN675dq!ru6NUZA7WSFrV@!^@9Kc9x7ijc0TNP`+GS#%u$4AlMnA`z5EW3 zQEJQsoOlO$5mOkhyAba6b=4UA1b#mWOyW^>6N%EXFz$hIBc;nq88U4q)F-4Tv?q9_ zw2{$U+(HnT%c@78@WczuLQ0trM8fD}Xn*u!?@_z25f7$R3WWLm@9jlGwuEy?ZD=m@L%DN8e*O)mWwKaYO@H7u^KO$fmHdY5q=_ z+zD690+>3${xsR;_s z*eX1F*0n42Fh=CJoz({&mlXZm9Ef|(eL1H9?4gHpE?Lvvw<#@02csRoX57(p6c!Ge z&1jGih>-ym*L7!38UzQ$ER@O3r6n{b7veIR0>ipB!29&y55F7#6r7qXH$@vuM9C9G zu?=1XX>j(0#9Bu5+LP^ybp2Qmd4{=bOHjJ zgbIct0)JAbri#{Ac!ps0@wX<_qBVz8l(?OO*jL>oN(WaKs%B1pjRcx5!{ccQjoXFC6BD{woy zLGrmOI%=%{L7Wdy zoC|nbnk=U3wR*-0)bTOqo@h$CUGDg`tgW-t+g)EKK8V?Roy=#&F_<&MxLz4?jj7*#E&n)bNF#ewGeu~f{<fCMfABFeX+jV*?Ns~f_^VdsCFLs+bxf0Y*=+5habysm=Zexa3-6etfM6CXPlaVX=5LCZ$C5cR1-N()Vzr z07^be>Ya$M_!!S_ntclYml0Cp%-4N9I8xf+Da-t92QM8OxmySCXGdhsF*ItAj;8=! z2sdT&P=@Qr4yCo|IW`q_nEL)^^v73s|1l5@aSO^CC6qnhO7H*r~`6hvroL;@hy3Af{5!q3!nFBug z=S;u!`DCC+?^70U(AYJ;^yY9%&S8y*gf&-p4YaDoH*KTH7SX4*i z_G@Zu8SC+Qyxe%lZJy$!aot~Z6!IjMN-?JK#a40EizWeCFctWGr#I+i?+x0i^1MgHT~hmzI1`XKTmuV*#< z7TYq(!@d3J_f+^OWJI5@Q`^kO2HXXk#YBs4(i=|AYmHCM3&)H^X0ULbN|~^Qm7+z% zuC|5}4dRL*qkND-&YeJPSoDl4#>h#f3g%+^j{6q{g@T7j!K;XBVs{;ac)>QGNcxy# zpCX#zzK6e>g5dt!kk1)r7Mv*#Z}XTm_+R-AZbO_Se+g|2g;E@z7Y_W2^ENd@G|4Pv z@nevDk(&Egs3pU=Wij~G{fer(-$OjYKb<@;<4>wF-!=JSmjRjL<*HTv@gzx%zzLT2 zUNQObIt&)0oyMh6>!oKoeUcenX!@Ko)=0c{rmvY?Q)Apgulxb8j}XHXL@`fX6L173 ziF#g1w}8$?dR5gxCJ7THYe>VU}28t~umLYpLtf zn&5~!v0q*i)5zj*5#22|k`co8QskYV_gj$9Ib;o$NBqZpO#XWE2COKH4#sOTE>y$R zJHIwbhM^|wNfeqPt!zJ8j63=pU+6h*NAoXfVpL~c)>`eqd9;|iVzA{maLZEju04;F zt##NE+>P>b`EnYr`!U@%fG<%-I!t9g!2)mW=<(fO7p*L}vAZijp=mfJ4J3X2 zfi$|t&Gcx^U>fwIrA3ighE;2fUyxtyrA>HDIz8qc{hoa4r##zhmcVuIC%cgt z6FFs{`3-10IqOFTh81M^YmX<^WT$6;V5%8B2PUAPFDxvjg!_gIHo7f-#j|gRL?^6UOrTLb?@!OG@?TN1p9nxz8z(R5>q@s>&^ZqXG zpF`nWMZz3%^|n)`?xke|Hh?}3*vaF{l~d!&(M zW{N}}Kka3FjmZ@MGZ9dB$lh;XbYvdwxu+0%PnNRG!Y}M7kWL;G;Gx(s&AA{M%P_`$ zyKX}=@pp^6cWVWEv5&i|i3_A`!$i$-<5bnk3kt~;s#O_-kQ@|BhbGf4>FoJL!eZQ2 zo(OPMw{?&l3#NN}f$_9I@Hix^oV!SX!6aKoI;7pP509ZRQ^d3|@BJI3Lb{LmG!;5k zJD{u~NsPYrktR@`}!lH85DHUg>H*m=q%JlqmAoTRxR7=%vW$BVq;Fez4zgFOz zlD-%z{hcoR5A7ZA_u5XUF--01Ymw}xGk)aTUq&Mekdceo7NR2RK2cLkE-b0>+K(fREuy90JTZgrE|c_&h5;9_vI+IbO!K^yTR#ks0R zYmA~dnj_rCFy+}9V-YlhK6&wO5%}WK zYXXR0=PWF@pXYcsBl)CE2&?4=t4!xDU*Rsx(zW{@x7*x%yNnFi8kqUmj%$Y;qZRHQ z&(AtI+6q`KQwb>o-5v2*xn9E>6j2A=+wG2@1aGcK!q!sY+tD>^N}P`^MY_p8JjF^+l2ZT1Xg>=&&#Jgv(EhiKQk0j zuNA{4t@>{U70>oY;>5+xtksvs4WEvDh#Z){hUA%CFEntMY-QzJ~O2=V<=Qh z`^@PYp&fr1VL3e-=XcOP`7qg7=ll}8Uf#;XU+y5z9IY6_VVIq#xJAd_6EobTG=tBk z(Xr=%=e^*&@3w0}M?+K9gbg?RBn#B`o9_N{6?)^?_BsT!z4%4#_Zyl`YboyC?Jec6 zB`YM2tco!LPHeBA7(;?aJs!L*p#S*GUDAwE+;qu{68;r}j5SOdjUS$NYriefaO9XH zI`9P%^BOipU0yhy5{u&v54P@p#!UAAOXlg)o-2+|trcNI>g-r@Dzy{i_*X3Px~6HzMvdK;%*7+o*anxcr+s0SO05@s^Ek~KXNQ>J!fFVXUfnX(G`XG zg28#8G;aKc)I3h6W-8e+SZwd^?aHFsi|xu$QI4~+!a$N>+NC{fU+2mlgknYQi9sP= zKmXqb_D4D??5aO$8Kte#pG#`?-ktV4V#v!{(B({T&+iMLfMl#0;vRo5{7E#(RRW4f z$3Xa|;QuzGnIwNmurNI6@3Qis#PShXcmgRN(Hp+4SS@6>Wq45_(Ujf@^jsdJ>@1AmH~s|+R%!cW>W$3 zgwwP8^ZR6A4&jm^tQngn&I2V}s~E zG?~7YbaGY4g>pg9Njj%1N@iw48!p_OZpvexBj94AxJ@Fq;+4Ak&yzF-RyA$cXtfQB zYsL{jNpKibqX}$=?=|4)vtZQY*^C~wqAZhq`+a6U;#?nGnCf?SL**02je`sEFU+cD zLr98Bf(sG>3@M2Rm;0vf@g7<1O-FIddXj^HDG99Yp>w*XQCR(D5h9Da;J&srZ%WqJNvRae3Mb^W|_@e(a+NnZX5Z?xFFgSv|YFrNr~P03N_VsZ&KYTuDoe4 zVghMkk7lmY!-CH>K9M~<8MCp>!P?VLm^X~Dcm;O(7N9F1l_@q8PKCQYkuXhd-q((g z{RUk!?}}J4IMD_Ph!sNH8)WP44@*IUoqzK%jv34~^}ugXQsBffH(TA+E%5g8hXWSl zR5U=B4bPp#(Yo&~Pw$Gv-QQa3*_B)1&irn)Z?M#k{^&vaq978`XdA)pCF|9YiI%%% zDE2q7fO@|!%X5nG1KbPv&MsuIiR|?L?>)&STT`1z+(ss_uMElYKq3tZX4m=sez)uQ z`C9^%Ke&ka_rDQb!}~-p%Moh7%`ku!W_*|wR+|1WTdE0MbLB%Fpya_j%i*fj3{4xw z9i4DPBsZVK9!MD&H=!+L7&A>F;ucc=cF`w?(DlnQcc3sg8b#3YVIkS&~8TZ zq9neZ8g`o}4&s=PgY87(y7OatDMIVaOO3C63<(ogI?>A@FNH=D=W8_{T#NB9pM8&^ zZ3_1BgTM6TFWZFh>PD5UZR+z%$$!0n3m*hWY&2L(v>!u5BaW(kBVtKI$$?XKhcal_ zU|*LXw_#~d@q8oYMc&j#B2mL@1;X|u#kqMCYQ4E&DbM!1C!=Dhl`_hpZ#IDyLs6Uq ziBV$JK-Do}LZrqeH zds1gBhMo<+fgUFcCNkb_**%fw_vpXRvls3|&;3aje_jY1b;t{g2A`JaGYsFhF`U}) zdCM3x=N6=KW_*gHp~1%^IxDy-&`6koC+T49YQ_!18v_~RhDVeBL6@EhB$f_|zgj3a z6Wce`|C9Gc$o_ka6w!ea*-*y4>k^jzpEV&zRq}@R%Z^WZGYNGZlc}9Z#g$bG?;iJ` zmy3+df17Xy60bH%_rbgbb;Sw9^9om@Q^NYB#xFd65|cxv82jv!kas-EuQ7=f!lIu~ z1Bjzt4TatjdDDm>WA(odFW}rn^8Nhd@p(TcRN>U z|3Yy)T%JaYSo5ZJl=hrfSy}lv))RECezMVj`dy+IA(~eB~OR5+2HTSQ- z`A3;%8d2w(p*uW0v!>^5YKW}cnRX>1a>_?C4ktzHyu21s)P7C;TLWHZ$E@}FSW2C2 zXp0zm!NVbW_zUR(7%pYG(+$8#AE8oK> zqU}r4UTUp546ww(w=qdEs@@K;h#C+`ePK;Vq^xdsDpvvB(_#?ouT4Eot!Q@kUL-tmn}J5{r}oK&#$JsF99PcAc*vU^cFhOrGr4|3IwD# zl@21(Td2ZID4{1PO-d+HKnXQe3ng@c(3{eGFVZKzznS?sf5BwsOIGemR?gkI=bq;| zdvAOx^}a>#*VEC|78>$mM%J8fI4~%vk;N2&+Y{>FpxYx|U;K32DTf0Upa+kVPkWEY z$=#|zPNlhzR8i72ZFkDWg)Kn(dNY|W z9j!n1+OJC+Ee=Jy`dG^Li;8>^HqZ_h8TL&bBYz>h<&iS=3>0wdWVf$@L%P(xd#gNE zYDEGt-Z{jU#XqbIEx8NmWr@ow zyhdjflfSdMFSzO1!YxP`r}tVoO&e%rMI8z9rKTQEOcK=f5P-W!cJAB8jlHzSp-u1C zr8^FA!ZJ+H2!2 zNKGx7jjDl+*_16ta8p zi+u5+XLT=#YPZg;$DZZ(_3yVHF2DQu2_?ft*an_cvP-P4Pu9%~v_@q7wGcbEj|+fT znop-FDWIF(3qsH2e4UBJ|JsQ=Ci{{cC09e5eDV=4_N#IDPJ#iHlT)zpzTD7IT%%}2 z@StYTd138ttNQxQVp{?-n3vD>XiD0GZ?tb%HuzZ3k4;5i>Gum7);p5Rj>7p(D6eT} z+yjVp5|-rwv3baY)jat4Nz#2ciU~a%NOL)=u?EDALj6UsEY5hq68EG? zlhkKp0VB1GPtto+nvj5kchql!#7tT*ha060;p}3)dNqo@D)#loz&S|>TjN-vo{0Q( zrA_8hYlKRos8v^6;PvHoT2P|t3T%E*^p5>+i?FxHK==hYaz5$u@%SFTIWbqZcK6?l z$qoqryM;EC13#SG7cL(U=Oi$xO!p8ns=dv82p;|PIiI&oGin2t zZ^_KezjuFviSwR~MLKgSWHIAhwm zOc?Hc5niapCm7F%r@iX$$L;MqG3i^k>6@RT412=&ZiRW0j~-eZGAra{fX*l{)mj7C z6f}Y1e^@cZBo@&(+JHQ6#-G3{T<#n-uDZW13lQ_ z7_7T;Kx>6zC3m^-2qXa5f5;Lluqhkn>V$n)FEfnU66=1a{N-f*pd60a9+8>{_Z?Pb zUJ1P>u}Hei0|f2_@-~o6w$(g7v{|nCY4sFAM0x0r__?fsI0}A07~gCDJnYdX-TS(m zqD0L1Mf;ZVWefYtUW8Xz9i*+b*3`m(KQ;n*NXl;39BhDJPKA*oG*DYE1s{`4C8l9F z1~(7+U%RH%n(i{hXK%Xtu4Fqtdlpa!_PIH?4CuJQ&!v~~wNddU>T)*+gHow*oe>}~ z4c)XR!DM!?z4HsHGN`17j2d^a`XT*_{5}a>`6`3dZMBNSjZ%^4Lfi?@S<&^i;O@on z{7wU9z=PvBBqhi&J75PH^lAS$<58}PRxxwlFLx7sPIzHK9!fwkB$#M&Dv@&9US=3| zUG!AS*iu&`S@}DAE6i6Pd0w|OtKQ^3tm#RL#NqO(+QTfuZLW>$l)K<_@bssQa zL{s4B7?Ud5@h9j2H_vf_32=lYIwqe-lz$uCyY>yTGq>fMelLSHcK7x7<=riw>@#Gm zPA}&iOy3qBERZ#I7=IreksO*{{z7zU3%1CGns~Gu8u99dXf>4Ssnv>tE|%sfnpDVP z8gNcX{t75Z6OgX7!X37&lO+_-X_=F`2jvB9nc=)r*{CMu zBm6^)oo^b&;CMZjE((>x>%BkR=9EXUUqnZ8;q!q9Vtz?8n7$zf@X*{7v)-Kwv#xCj z6#x|T)NfAYX4Tq>={ON)c=Lxpx7Dko>2yw8xUVEJ%X=5$-IkA^dFe+#xA97l7;eTf z8DfEr7Xumap_vIrn5`bSg5JwXNrMqAoDMK9DEO!UGmqfL`#gXu=&8$em6gu(BFqQGK#@%C3`Ku-%EtV(_`zHHLcNaHLW>(tDW$u8Ub zJ)cti4N6nMR=Y8pxqPmDu?rP^U8fBX*=Wevr3bC68wT4 zbcZvR%E);`)qC8gv>0_u=S57JS{+A9N-G{-OYDZEAk1e>n_1O4qo^us%gNmEwG?)d zlkTyu1=Wedk;zrSfmH4=p?;@m^b_I)mc`&|*I11?Dhg?0i-prX?f^&hEBOVLqRFGh zCD#Go!_@f^w1?#q6RM`fMx`L8(mTtu2Qd!K%Sygfb)fe{wpv<(4Ery_MX14~a>zH1 za~i#4I&pOi*ZV9SUl8^N!wVqFesuoeoT4guXf0&N6Uj!unC*W_+aHkG>+=c>9R+TUN6QdH9ML{BI; zE~>}(V{{JZOm3wdML9arkooZc(N(m_@n_0nDzz72Sbt_o1Ivb$t(Q8hqssfuof#Kd zn|)Os7-kD>*ko)3u?y}R#@=3ezWq*S`ONU*8kK9pQQrr-1>&)^sLV6@Oqb{0SKgW; zL@gP%Cb~nD>vTbq@N;wFefj9*`T-^iEnG z9HU&Bz|E^S6&Z{SDhI3Qk?-_B+C)Nq+1{@1G8cJ#v0Dj0a3eJF!za&|m!9Y8$1&P( zMMts7=TNE77HLlQWBZVb*#u$NjHP~G3{HgRMgPuM;%RAIH0wla(8j?>*J`;x#Tw$Rf)n*vWRuv2*2TaFh8M(TL9C4s9b5Ha&MxRg(tNYP#a{SM zAo~!mpf}T%UtAT@4h}Of7w%8US0k8}Hghd#Gv!K3(SS0zfmg`}f|7aT#1@no^q56N z)3=YzNZl4zrLuz`bLAoynR#^Gl+O4N!^&(Iv;cfvs7DGpIcE3w{2rDw;L=6+a+;}e zNTsD_HwT8kxqE>1AAU*{GTk+YcIKMNRix~|)ng87eQP3AZT;dCa;c=Inq2G27hFaD zty)?$T@X>v6p>4l)G@25o^fBt4=X{)_$SQeDeyats8%W`p@fHA&G@jFz72PzJtX2P z>w1K(!mFg8-yauM%{y|t|D+Y}xg)WIp8Z4R^xIzXa$a>`bT5*jx8ixOAw(olQvW*3 z*C6@lyM7g8rcJGoM4-#caWX>Xk+M=qTADc_X92STu@NMUcl6YM$cpd2k*1#3Q8^#$7a=*Yj)%5r5p<#F)ISN}#M%g3? z6GML+pxtM^rGrIDzBS7raT|f|(qyir^ifQs#5YGk`~2>l@Jr0Hub2}3p1|z$7ahlg zGup*59U2%m9*LsH#A{y{zEQt`gFua=pLM5a6B3xVtNm5SW=j1#aS@%X&O?$H_28h8 zYSN9m!%~pxez~n|jg?U`wMb0+g8XcedX12L)PSSyVo<=ypiCQZn1ZvTdFE2?)kTb0 zWBZ^IqWF(18?)D>3H4<3?VSS0UPim;?`MDvK*BifvY`3T$fRfb z>bXK(slq9Folhp~0aAY7S^6&6(;5ws0@=zJA*gzdo-fjWEaK9#C~x$QAkM~wJi|iN zxClGl(4B?n+)q8vKcFd5gW5!$K2qDE5i3oCJX!H_oKgg;(oCAtdQ4TK{gXDS+G9T% zmY7z)cDZy*33g>$Tq}*Dyb~8xo(IA0HM%o~t%cpw!Wd?Q2hALfoSb0+z2RTwQL*@H z1ocgMjy4KSHxm(xtzMTAARz<1zwRgo>Rhz6a}nclcwELK%A=orshl*bthwS$>oy{y z$owVQplzb?d-Lt+cgF4@N6xIa*^@|+crtItkY{~3f9hb1mouucC`MU<8Qg zWz=1&_p^Nxq#TXYgRx*61Co}24d@n;b6^;>y`(CCAvD6hmDU@oNKSrqSEV!<;6-{` z^2R=iaZv=Y=J+{>`xsy27!!lLn4o3oKEw!sab`(O54_U>)tA&?e`hV<5OWG&p9zmn z)-0+uD5@`CXx%Y61B-h~=;XToK=h}rB$VjHA9zI4nP0?E@+{-J(p*7C0i4Kc*GMTd zfanFMZPMCP;fib^D}Zaw>3!6%g{EZ3Oq0TRXqws%UM2U0NfE2{e{2%esKc9VBRw)N z^-?QbN#z|>}#N>`06t39N@L&?(+iCH5G z=9V12ReXOMcd;e7#Jup#El4Qxv~Ylq=Cw*a`1UNER<&|Q67s7M0Z6igd+ndUS4h z@{QF}_YB?5ZznB!VAZ?xudxT6RdZHRW3ppffXsB_K3bf(GzepJj8jq)+@1XM4jpOQ zv-7cN=YjovUpZ`wj|AoYB{x1e+hvS7uKhIa8u0PKdLi^+Gh^OEs`l_jR;{tB0r&DT z&e+RN@~ONqZg9MvMrOj+(xSw*6nnOBT$G-SAI~4G$OlOoU-Txd*q0&<)K*#ai+bW8Y>3mxOvl zbMoXc#49l&2eaIHV1F}_(S4+;4yq$4fEJfL7;UIi4GzmN&(IrWn@|Oc zz%EB0KNSuDNv>73#I4)(0-XfZW7`lV!;#T2p_V^aKTTAXGE+7ADy;#kv-BQFIquOD zC1v7MiqzN?Q~w&>E8)jAM-{Z1yi~HiT&(SS0xPPFp68zbpIwHx!E*$ z5ag|#{9~27Wt@ZyUOyc8?Ep=>pXLX-VrhPEZS8Ysw>p{F$k)9?Bk^=~isdpS8oS^c7FyjB zf3n;@#HeRC-Ogd-`3c`vy7I@JyIk*Ug`KS`HTJyVz9n3_G)!bm@>R8R=+L5~G-XU! zmafGXj8~2L*1iv6(G>?f<`eNWr z`F(Dt?B3Hftj~wz2G?m=wJ(PAL#0$ERu*u1Kk&W75QX5Aj7^)5gNyEVw3DrdxjL~2 z535ot{o6Z3iC64OTmhbM3i&l|Uj@s^V~DA;i~o&Dj(Xyx+4!p|5Z=; zoQYig65??P`Xzs!2E{=f=|`V1eGo;OjDvI`W8_&TPvPCdPt{B25Q5luoIMy(g(OQp zVm!x9*QaByo#w84K&^wMV1J<#y+%mN!c~A5(&6~=T@D0sq?=2KpMVi_0|G@sy7Ija zPhdk`&)=K!LxFYn-cZNJ2(&!xA7MsG6iU0W?ZQViE#%uD`~Lm!4j-At5o$zo5DI7^ z<;-S^WBkW|rYzo26r4nsZKZyXwu%Zy%bMJlj&YPMd1QrTvGx#HywESG>sCd~K`>f5 zZ=KzbHA6VZQt4$}z8B~{JmZFDsIhqR)z+k(v}@`TacI+pY5kP_y9JEeHc#yM!jb5QH zKpmIE1!oZG6q$QAcfYmsceKj`X4reg_+=HH#CscO@x?_2Hi9n6u$W$7`DixXwS zMNKUoFG>@F9;EFgTAE{nrw!R#s2cPfY|pO$qaEm$6^Lr{$F0UiF9_rmjo!RhZVrww z9tPrp8E_=yhdD1Pct}c_1XcIK(UnFz=4)LNb5wBF^1XZ0B|!PO5^dEOoy%`?(EP5k z72VuYN{|d^4tVrE%`xc6H_R(i&Ej>a1c?_&3P(~1@3#+yK)#7g#=PRzjdS5&Nw^?@ zJ~yQZz`7Gm9&7lkiX{M%)#Yt5K<`=}g2c%um%=nW6pYbdAl#vh_KS^L2ed$-d_{4N zerBmLZQDQhk|&*Aa#oYpw#&`>s72Hr=&4^q%;+59h)A~JonQA|N$<#o?eDFoX_iB7 z{x@PHpIL)wsqeNkZ1AQ=F`49QphSuf<_HsjZjx0nZSLXMVCVQ#s;X${c5{$zG<9uh zE9pjrV_H&GV!^{>Msl~a$IQoBoi3Zll182zM6NX?K8wHuD0Yi9LBvfZ8GXqa3c%e9 z&_UAfavsa3*kxP1;;hi_XRR98V_6g^MuCj}sV~to>Uf@w6*o%r%1dq>dOh{QC$%e& z1_SbCSY7fT?>2WAZ(@;nxS=Z^E8)-hZX*N0{Ocs;epFJtxYoQ3kA9Fi1g| zRHKhoUWsCw8$eNeH`sVLcUjpdoj;pD{9bMJx4^C8zrG9~xFm#Y7mci>fMIK`8(sIz zLgT&Pm%TJ`+m2qdnLhiXG_oMERBy%Aihqx9mHT&h2A(U?L+_W=F{XZRBc{>;@ufZt z!8=ds#FOCpGpBq3YOZW^GEF=dKI{FT@6qa>8Yse#VSG3qCE*?Ff1ZEt{P*Ym`_k_J p-zxi`k>QX3zeeK=8jU`7wk=GQpwdJE2@L`gRl-XYXp$ran%ICOiAqpODmjP}q(PDbf+Ug9&?FIP zl}wW{L4&B|B%ow$kZ@O_@4MamguC}S=lgNLdw=-&&|O`tYE`W@#~fqK8I9D}I!b$- zmV|`lsE)RV5eW%-AqffDAJm7yC-jLFPr!eq-bPw#B-lRAFW?Uf7gaq~5|WDe!#kHK z!QV93wJp3!NRA0W|44O=_?JmY_VaZ#R84N#EM`)rTDPT?e#BpLe(bX7@}pOdDpx6v z?U83|C>o7!qDb=YlXvjylYf-qt;x@utRj?~QFXsVn}<}5Yyi`M!_+;S=iIPi9d2CQ z2)a05Z|du|G@Rp_>HY2NgEurik7Um%?(eL5H288~YuLSU>s#GybMu|UA8o!U+T0qy zBYyMSr{|*z@q;!2r+OYMz4%(w=dic4b*1mzy<^p{-pSido36Q=Mn1Z%VGqabO@txrF)TycB^SdGLklH5XZm-t4+(9pbcvQ}`=0*M zg43Fy!uwXEqgeW#nLG^3+&o3~@u9-j45ohn za+zX8M)reoifZnD5&?uz^jXVDe_;J|d-Z@uFoB}vXMnqy3oT>yp4-+hO0>7h@R_TP%J=M(wqaWR# z)B>N59iHYK0|)6NF=2>gPkrP<&d-bW4o_E|5I#r7p`!>6%XX2%S%zVuqtLoNU~DS4 zyzLemS9b6N)uYJO+qa91W;3$QZtoG_f=`KR@>F2FNTz<*F_;r{YlYH{>2L|Wf)>(( zg0X`(-28K(=QA&4cDYcTvx8xblFWp7KE0%VMS?^z+LhPQBe|DV>Cs!$Fq}kAfzg`| zm=n`EExg69>b~<%4tL`RyAq!7D|u?$Yz3Um{fFh4-JI4aq5GW9Zp0PJRAP1YPMW=V zrzxW?%z#Ny(#BB9w!w*Ep4J|G_LR~Vb#F+Pf4v0i$NG18 z%u;q#45m-8)Fb;yTQe$UTGRc#BaUZtHg*czH`4l;^gSlwcp-@>+}8~rgAq(W+>G*^ z?gYn3LArNMf=ksS81(X`Z9!ny#X7x{c5V#iRC0!&b=bf2WT|Qsm1Jz zUg_78^{FKf&r=A_qMJ{M+0?I@xt1kz_VBBL@7M~4I@ks@ccS|8H$^V#nRDPD4lhuE zxvB0q6P)Wx;cbJ@=`ftC9-!F@J9FN{H#{!3YWwzHFHt>O-o2-F^u&~Muw%=a>Oq>x z)Ee*;;(c=SqEdaHlTyw-;y=hQd6PBeU*qMmFtTZt$M;19O5LVb(^*B+66VbR>9C*aA?rKBzn&0^_R z7<#VrW&Wl@6Kj`zXsR*cuDRROL*m!K1#}2c_awSiO3%={oA{Wn-QG4>H1}+EO#%Yiu3MT%^M2{Nd@l^ zncqC9Sa+%~GA>AO&slh)lN9sSv{{af(OQ@}U)fY`KblGK>B=!{hII|wHhgE2AnQlW z6Lt=UolDgT^+QqS?W)YFRsHq+?6Oxgo`|{?<2faeu4Rn)9KOkpB%>^mrjQuKeeCmu zPg*DpntJl7LDp3Q%a8K+3Ut=(aa^LaR1$8POiC=)0}7F7u!v`p6&`wINIJ#%aV}gz z%Trhvk#^O$1iI=uTc3xnYbSdqGFLSGO!9G+(~<=O2)0N#+hB^c3R-^R(NG0}WLwmQ zi!PvdF~K!h2q#IWl%f!MW?84`l`dQ4QmHQ;FCqDO=pPPzE0({mu|%TX+}&iJ1$V;< zdNot_PkEmxL08-G#u_eUxbkg9A)sM1hK73N8zt#f2PGWv9a}k%yUVMpCMUMfxQ?%c zD~unzUhmcQI$v2J=URO+^~IXFHfk)Ld3%m1>O{%ps;NzCK#_qC+ru&uFM(!B!R8d$ zdi8u4Sa%b!duZz26{^Wn?_5FDe92@jBO0L#-XJW0X0E8eh(!AUf8Z6a$hcNI2}kzx z&|02h@qRFjiSXPiK7ryZ^_GmQu8x~5E=q*Y=`Nb@hLy{-miX%1$BEt}c$OTNIXJXm zxD7tVQZbw&9g5lLv2ZP8+KGgx1VwHor^g}+O9`Gt)fFnW9^tKoB{B1Mrx5e++B=PM z`G@{+$V)`E%0|j!(Ch8-1aFe~;fk9=Kd3e|J7GQoW~DgEI4iSx&U&P)q(u90GIUj~ z$Ae8?JN38?q-2~pR5IzM_q>&}*?d03sO(Mkhn=}a^X+l4{7b#N(kMAnJc%|H65gcw zed8f*@P19FYv;7IpH^z!Fb!_qSlV$xTHF%7b@$Pj8n37q@3U}6L7`Hf+SK>7?)>G{ z&Z57Td3g7>yONy;+cir6Vw{Ksl_X6KnUap8Xa_9t3Z;T%-#lzvb`mBqQ=Xu9nX)b( zE+1vlB)9s3Hc(sQS$MAYqR>_oh>v5Tmnfm-d=%UYm?xP^KM{$@{bj!AmSN~t91HRG zt3KLQwO-gx;S^Qm@%+A`y+&B9vHO$0BAF9r$Rv3U;YN5@y*jsOT@SBuFU;Pw6ZY@N zLtXi*>^!ec3SxyQSixmeRC{*T;7PEd`oxIp>{@{ic^jOe=(*w{?N5cXBm!k`QeKS5 zU|o-v&uCeN>>nFFa?FbNn!HfTZH`H14)(m^Le9J9Oax6D-F0_Ol<1q3mZAyRx=D=8 zRt_ign*>j@kT(tNAwm+7=&qBx-zK%HFN->o!YkP=o5mA|Dz?d?_?dk4Y1+LLC79}y zNvKv=)NscPrj>Kg_>9q|Jg>qgIIXI{FGSF!s$Jy$0Zve2M2KTC9wu~wTO?Pj6ZVLP zA8vLy2t4F9bo~k9hk*bwK?ha1 zyubI=G|{6KZpOhtz`ODVtx)1DK_E>Ye#p-xsGsa}&Ol&B?ue*_mf?v*Q8~Xr5&gQ! zTGu=bpYS8LYPiGPKBc;PJ|<`ggnL93mjD6)99#Q1bh83BE!B9ZDIG*(BXT)@aTn-0 zvVfe;SHJq?By3_plCB9BgP_M-tdaAM0Ca;$eV+)AHD2J%9n!XSH(8A#nz@qfz8yI3 z&8gezkZ&WM1W!7tC%Moi2VxWkOH?aD5g!j50$5y4(HA}q#T(^2&(QhNr6OHcTPFrh%u+hq7`}sZO8o90cW=HMb zJ$=Zh}v8AineKDYb_nyEbI-1^fY@RTF z_{$O*=MeKvZTvXMj#JRM%%-s_5zk5#W68>Zm>j zD4Efp&{U!_Z|9w(ef!Ky>Ir6*4{tuJd^?6gES%-j(|jRM%qQB!$kyucJMCA@%6WRO zP|D2kmxuqg6}VIWNieV=`I$qq1u2JUSIKQH!+uYJo-~@P0;s@EQyK0#RmDQ2PrO7K zdCp#|6N+6_Z6maVbJYpHrays_mkRRdVy`CSi1rm-rV7YpfpQ)w8?U{e+b=)xx1=$R zJe6#xaPjO^MPm1T3TZ@?sQ}_ll3ytlOMj+1E%B~L?QBFl{>&M9l9WXO8}SP*IF0iD z2kRQ-Id>vN!MX-1v*+&a`9w+c>oX>|jpS=3ekRC7hRjoTAQco4dV9dGps<=EdnyL` zmy_UKs-(ZuDuwR3ApbL=<(*`%4269-QaW~B2jFT_2n}={df#)7fiUooJKY^Iy921y z)r5YDT>BZ<|89>nlwUSXO1WnOu)|N3cqH0r?Y4RK43$i7f!fI5Xp{cK1N|f^>kQ;( z2PpBM+tt9`PwUs_{z~%xPa-!mvYqeW(oJa8WPA-ckhu@BShH*lKyG$!E-1IUMh2<m;2_+fDGT-X{ME8g*02x!4O@GbUgZ zwn7pGLs5W@PG~j(k$A=tkkJDyKT0GbvqdZ34{U+3U2%HI917A5-X)^XA8eb@xP|XO zs(?U5?4*dy0$^m4oLxx(WCV=FZ9t#d0QxKuPVMH<3yTn))jiq>cg<8E#8&>KopLZn zybG2 zlZ$MPGezw*;Vi#%MN}L1ImN2#dYCqI5^ah|i_twgpZ@TsE5{zi#laEEUtGC9x(EB* zu(H}ecS^`oP%c`fPt^htXmvwt4NhV~Y4LuglWa*zulfu4*PWWum?Bfa?d@9l;4jW- zuoVnz-v{gn|Hmjq2{f&pb^|Q7*%)6=?;JM(=E^;qBWRpM-moeOGlDxOw>=j1#e zu!xlY9HAOaVQ)VPfQj*d#7l243gB-Z7BBPVTzT4G7uZ-nMKu{EpWnwD1Hl)8vMBbQ z%cZ0sNDaBBCEaH8E9n>Y0tkq~r%lr>SR7Dk$3xHbAJ6WWKbX}ui83e7VE%$AQVe>o zuwNc;KN$($3N0+@19=7l04gA>Uvl;k0|3n1J`XVeBMNk??VgkPv;~&jDXO5-Er!7c z?|7ouBTg5KCJ)DBYJNRrlqv1^Zz-M+vbrl@+EKHSqBZ(AI@hdRrpqG;%Kj;t4FQQ; zq`0XTJa%66?-Cd0W1;}<6)NgB%T0Tp59}~i0IbN6;VP6O=P2gB?{Sze!5Ae)4`81q zv_DKvZ3!V7`h8;LNNI2WJMfae<^Es-w$lhQ6hlA9xb&VJJ5V)QO4@{$vHkgR7SP}nLGjdic@1!|GmR4+<+ z)1A@UkL^SxuMA;_WT=op;$++sS&WWB%#{&HCNwJ&j$VwG_sSZ&Qt~5{QbvS|(l=fM z<@I46W}m#3yki$)LMIJ{F8jMsK;y9B7yxWq>iN1iq5I75sLbDEUxwa>CwsH+sh|en zG3cpWquKJ(w5kH!lF%LxqQl8)^iqRS#~(P6S;`v_Z&yfT=4Dli^zuk-KFsi?>-urOkXp(?YX=b7L-+mc?BQa z=19QO^|$9(t7}%MoDAf~BQ)fsG||Ud^cB85X``j#=uSb|u%E6S3;$!#>7g~DXzXN^ zaCS@!TY-&di>4bgaZ1;-Nt1B?Ltq-Srv6BTT=5CefzMGjL|GJN0BK=jdoF+QzaOG5|pp0 z{b?qX>2T7m!fo}UPDt*>Y1#9+6(?Rlhax1URuLStZCXvgYx@Y;ls3XjFc9O>=QLFC zScxU1@jTtx#q#T$A6x{nUQ-ELcR8-sUaHuQ;JEVR+lyhZ+$r)h4E_!Y=M{PG&jIh|25LsehikEz{*2ZsB9 z|9n%h-GTGm)%Cfzoh$Tj@huDLFePSv#g*3UUBU(Y_OwDqa?9|2qSiK7(CL@U%{M7E z@k|Da2~nbJCtkwB%K7PA=cWNSJ7at=0=(V?ND1CbCYRe3mH|REl^^uoL8=3#p+H6M z21#&$7s0fsvo)g_!|1(;o^$=oSHwP*cOX@lKW@#aK1mLKG3OfYzqd6TdG=c^U+?*s zu;YISEmpl&9)J4is_Vkr7;Ythemd`!HrAStchK$dkU)Q!ic;8%Pr*OFe)+E1Xv=n( zt!yztAIX<4JS?VgFXXk-_lSkEhWf7qX4kcR_IJNuYZz`k;oWB67)m-mk13;zSK2i9 z=eoX-@uHA|6D3R?`%aZ3QawV7`Uo~yjD|vD31aMLAo0F!1mt)n(ICBp1bGEWZwI3L zDWHNZc3PnFPcng&ue(tb+yg|_FD~eYclDmRnk-G0hyzZFd~=GDv#m)S_MhZ9q?|AK zb16mAaixFDwLf#y0;aV7#{LxU8*bs9`Md~Dq&nl%eh0nD0*A|(-7#~Eh`{^x-$w#i z`3gC$c+!;uHZL@+^?VPb;!fo}BtQMlWm0uM-3_Y~zw|hG`%BKnnyVgV_2e?F)ZaX6 zJ`*-|sbPqn>$p23?DRhKs;YW75?`mQ%+DMiN==?<4%8(}AknQ5B;0yF;?G9*bG_g# zRbPrcfgP-u`MXbtw7HGWmQ>IV1#+y_Rv~3i5(KXCn*sYo@YG>XGbDKm`5~F&YO7Mx zo`Ru5ZvD3m2%tS-flhw-&V@YD3WtG|y;$SZW7!!0CY2)8l(<{okai}}p3H=Q&~4a$ zNUFllhZzi*M$2z%`j~ENuNrPd>K?=S$2;n!ta19~&vgMAk*d(U7#o9lWBLJXQwzo0 z>hcdSW%+NK?2xJkEjLkp1Ur&v!|daLr>~>K!CRrIRMa_gW1+O>Zugl6#aH^D=&P=? zLEt%Y~MaHD)v|uoQ>{FiF(!!}b~_scuh>s6AIZPQ1X0GaNf~d4Pqt ztm8Ze8{33GATM7U?WmqYxso&o7NY^Hr?ry`YdfZjl17-r7vy}LVCC~M`)pdl7Bd=e zOjoFUtyZWMDrL+#zLXtsvzuIj*FFP)4cN4xX!$;Y7%Uji0pRum-6;8;Yf1||i(JL% z*qTQ#PXr~ z7l%ejw8o|P1aH*c-tORw=eKFP`H|;3uxUiUPLyP=w?h-DC;QGWW!TJCYhuHv6k3vU zc7J?_wQ~o!%k3<;B$f6I4%O%{lP~2E$%8ET7H|`X&%cUUXehixS;!RIM@4z87Nk5M zbUwV@v6)9P&NRupU%0RNEqL|#QWFd3NYdG-a#7!Bx)W{;Un!Up<9sn-b}|2KwpHDo zMtiX=gXtKGGU@r|AFJF2nKvx`%`*0^I_+$tB!V73IolML$HL)h4ut#E+dRE(^t%$eu;CEg zY-<0?PIC`OPJ1q`o+-T-(8=;blxr`}v{DhtE9PUC(%ws+KI{iFR$hGPdACLJLx8+L z$k=p&`de>|OMxjj{@Q2Z?1Uydb9jkS;JO=HzU;Zs&C~7|?HP5VQ z4=8>Uu6~k3{D#J$(T~Ik1*(dQzG!SzwT)Bm0o6TDMHrZeMR)=M^+$*3 zf?Qyhn^%#6)}h>+iof+Z+`Ts(NOe5)N5RMXnjK`OIB$v`*t(o;5ZVd1lTKb8y{9yXdD z#XByWdw%g8V-&i(7j=!jN6X%_=?>We%-~0ITQ|a6lUa!26=p~zGsh#p!06ul)zxG_ zm^p+i`{~?D$Yj{?z?)WRVODVigxZVQkY}+e^~utt5HHD5ks$tkAA;J#?LuIU9S=C@{FBan>NE{dvoMS)YW>??war1zWs(@^gktr z(#_{&c`_S{4lN5431btXIh>6Z3As=1Q_dL6o;)w^LhoiZZb-|!hopN)RQr&s?M2J9 z;6@sZT#MOCwvYb{zp0U$!qof4M9o=g>sjV>xka~BZG;`e?Bl__^6i!5feFBkWUVMd zyNGly3ZBx-YMrtJxca7})-07OA^0LzO<+TCNIraM3yJy1ko5bkE^zDgB4Geb7In^_ z6Y-62)g+k6zfM5KU`qrgTuM7b6$<8yiR9MNC{ZXl0a7B_J59H_Xg>zgCpQ_pe(Gf) zyQu9@S3BKSE$=K_ql@OXy6Fe&-iNZ_O2o0-OsGyj%F)izcOMx_;7dw37KeOlxNTbA z=MdO9RK48o7x`9K8rc%)krP_(Ca#hJPZ+(Y>Y4ga#>m_)jJ%MNor~E} zxgc&72+r9Q2;t%(W2+KMz0ZN9Yr<657meM4Gyq%e0#E6{0D=ECKBN-#Lx`HEjM>`4 zz`oBiDGU-CY*CCRtI^elZYn5(BXEBVYrMtNZ`}WK0KYdHAp=OGavK1p8$4w{ji$%f zT{6^;y#e-jA~Ocit}$b{}wLZ%bwsUUw&hmntyQnb9A-XX|48U!vt1vowQm_3dd!qUKBU_96k z^gjN}_j>SHz;!d7<52Hce+n)KxI)Mw=L|X6Ycqk31bP(EmAuLFq_u#CJ-A3|$T`v> z`e)t+%&*6XAXNW9I$a1!ih*rB8YyF|!fV2*NhVCk$M)8g=5(U9lD254K2kdA7VUB* zV^2>3r@kqI(M`&wFF8hO56Kv>)?qF>q`~qo65jvPUU@n+4BFrvj2dS!Q+yzr0>2g| zP#ob?DQZzelT3omY_6D-$d(6~Pjd?nmA~Qa zjYtr+!Mp2Zy=I~Hfv-~w$brDa_TqP(T`ZxMY3vIyIKbh6I>Z(4A^%KC?;Dh$Ey;0} zC-X#QNs^BP593C-cfW_>;oA@RIhkF0QVrcPOtkL+*ZxuV@V)D-v3|gr+DxW`)b;RH zYt9wzI}K=5ozT3r8bImBI`jeaL;2$pJ^jW$TAhNPc15B(0J?@6;79Lb;ex=vum>4f z_c|ge?~NVCKLB>q-p3eoGsFaybXlqa+O$n`HF{X}ln^+po22i&iMR5JxuSl$K!nHe zGy98~*`hMVzHu+bAbZJ~YUNyv^vrUWCAkT(ob{9Vw8j%s)y+Ai5#?2or55biyX;y= zg~5QH>N}9NRiZy0a%Z%ZpzZm5^(z>ZfUDzp_F{qs3UDSKP_*rK;lg11kE|N5Xh}(1 zM9Z)0RwqcCx`pP7E)?}UMko{zNZQ~QgWxQXUAPxEZKbI%?5qEouL2FJ*$Z9iv2n&v zFC^^d01MqgT7J*cJXIlwM=wK8B9=q;G-PjOWX@3mTE|HNhK7gRDG`3D*8tJ}RQ^kM zuGDiNI`q!PWCLB^!|~Hlg#$2fG;_{%3_+lN6nJ100h_LH$-~@uVff9%t<)OKPE=f; zCR$fPbT9OirH>OG9t}r~DAI92K8Zy4yyKXj0=$TQH3Qe9PAzR$)SRv@K&B5oEjk}xK2>Xu`+7)d3U_PfeiV~fD+E`<&w;8OXx!hi!t#5b|qw6 z7L*a0oqDNdIe3UGIupA}6|}bZ_JgNk&G+vNwpV>y(o@>k?dHk@MAL)BdbWwQH63*d zPZW>gQ=Fy^$$T937ry#ob+5Oz(atpOcjYPdw5JG(F7rv)QC4U+3&)?ReA?x3EVkvL z8NF0%F}Rm7U(;1urIhwlrW|X0svs?T&2nX9MWFfyk{nPJ0@Dr5(7h4`!Ot{`I%5rY!s1HM1De~$v&pYa zs}rnD{tP~S=4OQfj=?)1`Y?JEZIu>;WQya(C#c#qLlMbZx<$Y~SQwv7HV*`rt(?V# zVk{95{X0!^PVueE(q-ju0SU!13D)nhHrjZV+`4XUI0ftt> zR;GNY1K66jG`^NY1RJA?@0yeK&~oX|xmeZZz2<&l=*k`3*2F=a)kOkHCQd~49175n zlnV}&KoBys{_?sO%YO}=kN_x9g~5RcZHOfJ6Ont-w` zgbF^sbz&vy>Sx>?DtMsy`uu?C`qC&u3HOoxQD(O0*ku8sM*us$`#{mG!>1Wb4XB@M zwVT6kEdwaqSE*LM1Ex9vb;pU{S{`eoQ?9#wR@ItwC<>}|SObCkw!ML8#WA)2-9;Yy z$-F?53YCz6l>@XjnaZaJ;d)|#7VQ2aTTOD)R(FHoe}u=J0zB}Mn$h5Z3BI%}EAL)u z9ZA&q?2D!Pvn%O1%hJD~$NfHjdic{jsm`-DH$VH1Z!eUUC4X9a{_*O0lz8QBA{?NK z({%2w@UHRXEikTXMM16k;T+r+*^DvW*igX`uzPY(r5r?dP+1ad+(8CWY*73zJU}Zp z!nn%6sKUm27^CX+7yYO!C!YueCsJ}J{ZLwNB>y6263*05%~?v}Bn6PdgJc!C9gr`6 zWtR9V6gz%Z6eYEaj|P+^D;2P>Phao)3x(Z5{#Q}hDAk?p)rSICYsc@lp4AO}qAO|m z3b3^AWWU{r`0Y~W8KcU4>Zc!E?4i5HOf7;Ex_gv^VDs#McuvSvr(awf<2a9VvlL8w z!uTG2J^XlBUP`w6)5{LpreubTx0GM7d!^sWuKV)z(Ypbfn6iKSn!E9W3Yx~iE>g~a z8CiXQeX?-sd~jD)D?+T<#dz!8pk~NfRdnN9U8IchGl?f6VZ=nfsQitJ5s~p%xSLCl zqtHfggzCYIXQvDR8*)+jG(oNKznTgxW$7TdG8=@*D#TXkFw3oi87?4Ze%S?J`L8!Z zmqx?h6Z0bN<2085)8`!Z$aGo5@YIQgKXatE#}oFaA^=7DYdZtZX8-%BpV0N_wv;~a zVW@=bfZle7K=1)a$>>c;KLWX_f9$1E_|EjCMPGc0l6^tQ!1uBFN3z%C9dU?D5c!~V^WN+o2Rh9)p&&osQ$tKY4fHZndRh87QWQxi!pZw368AO-Bp zIG+eH_FMrZHA{#&wDo>SO^t7S7T!{1L>*lX>*g|%ITmyHPci^V3qi%`F4ZvUak^p< z4%KUu9Ogt%n2l^`AG@@3c7h01YaF%nz`fISO{rW$?x!fRTMzu40*Q7o1q7wUbk$#zAR?hG(D1gwUpJ^z{ zB8jyv)gEDQJ0A-B$YlbMb={F4{Z)c8mLN1aa8{FyujMXDtDd{{db}mFK>qhlULs6L zAzpcV?uQzZVdVSEwZ6lkMDd2)Y=*bODTq^)TkDZ(shfR#(ftff5c|#fqJm=|7p6+8 z`g9#m`Ad$nyJRrv%TFiU2V{!F)+DY$Y-7@vK4RBrZMgjL{BTC#YNs>Ag^3!ii4 z@f8Hmp^jPrO6~X-TsNqi1A8vIVi*^VJT$a+E`!QU7LF>cQO~*2EdQ>~@%6RSw2@Xm z7v)x7b~o2$_H%HsgoyW9o~55)<^VW7cZOvT=>goi^|4n@0<&*6@pk=w><)4_3|ry> zjMnKZTBzYDSbwV9NkqT@zyK~cFBcd|F-B!1@|q zRx6IUmt%LY6XfUC^x^mkEmKshB;A#hGq`tfZD7_l6X?kqj`E0YA*{VdAXaF;-FQ%| zDMhCGb+jR5Lc^+cSDVS?P(KZ-$GIn!0rEfxpWYCr3F55=c41vqWQjw;g|v5jy||Zm znQBXefEZMu6?i_*O%sv?t^-Xe@>I7;6wgcWBiQ`xhI&} z#d%L{sY#qypQ5dl1C*)^Oy0*n_I@SAfqij{D|vxvJnq5 zm*^TkUyoe3bbvc4PrV}e>g2|$l^Z+n5&HUu&K zDs?R@=O*f&ecti2F@MY#%;8qH7b5mYW?J7=?uRZ{bDg1CxVBugT(dDKx*2qazpQuv z?odTXa*1e9tt0K&2N_S;;pR4w za*|2h8B7`0l?>V2=~J3;dnNs-N$Qi>V=rJ2Q&2|q@wF)Vuipaafh(U(1=Y`wuP?p& z{&fGWXw4_D^8j0&y)Zc!u+}RpXz$L|Uc)8@S=O(<`1<@0Tkv8NA61ncU4u##wuonu zW*ne|dh?kw7+X~Aa>2;h3 zMV%Om-8U>1ppNd7=i0`lg|*2ryYDua29mgGZnh0BHPn1U9L6!unprat?)sJD61#Pe z+MS+xhUeT}36TPYam5iEjhZuJ)q^^HFbq1X7?Td460gWRpdu|kf<=yOHw_WjkCrFg zeFYh*dLrwgQikvI+?{f6dM9m`^Ke>{AdeK3pDDrF^DPVy>>=&3A6`}t51EsL8op+$ z{M3Nuy?|zU*-xx{la1|a-6KjZ2`Hb#u#xZIl=}gh(8}nooq|2jxYIOj?m%bgDj6O` zNbUB^Z`E&4Z5jE#-EGA{J>M8c&LlX&U_1RnbeE2F%-7wL&#Q=Uf)25a zrG8(y-G1MeGNy{;W@-w|liW#v$I$Y9pUPGuQ)6Jve%NZ$t!%3cq$R?vrX`nO48Pxe zbhL}Ll4Kx$K5(dDxDX#_bW63KtYGY`?95%M00fiejazc=-jl@VsE0?S<1ILxlE!kg zTtO_9hMNKkpsy$}j2St2$hHtyT#*;2j+)MuaOmI8!J>hS{-=yTXgZK``%$qQstlt5 z-$T~h9py-Q{el!qV?)#7rV_FTr*qX^LsggO~;WAR3U}4 zl7I&!gyO5mPtOMQf-wInd$KHzWIyonlXzC*BC~(@z=I?9z58^o(y0a?G(h%|pcg)zGc|yi zT*~eX*xI_@mG@q~J1#!r6qbWO_3UiBaWUDcJRuK>}H3BYawu!{kQIv@n`LeeB$ zyB7m7Vc0HSW2GYre{vlOmidck`$L=z`fwuBpl|~i8RA|sSeFLyORK*M0H*%**uRp6 zF2A^!2W(%RkzVlpm%8!8At8zk{XewM*c?W#b#t$qN*P*yv5%)B1_=ekx%{pZbdFrixiLMa2e5{v4_B^WGdvYZk23n zv!ovAWfjlzB5D7pIZa*Z4>a?U@!8HCX>iFcn_zy1k@vUwdTCrK4*yCJiWx6Yv_^MY zEVWtp2YydR6rV?0!t5v{+6KX>JrGeCqx9bx`eAl>AnV2}qL_%{9gZtRMUc!;#F>Rx zrU63QltyFa%lm@Y0TVG))`$NZBF;}=q}XWDLz4P`3fbR{zLtEeBatGwrMI>|=*Q_B+yD|ck^Or50s{1h z)_PyayzrS+ZqI1pQdHl<${O2_oAW3DGpPYQzvierz)=@I~ zQ>DKr1PVzi{5{#Kx8IF&HgCyQ`DmpKUcTM4T9fC$F~5QR{`%ZUn)!)FO#ra<(+*z6 z)Bn`_@V8Y2*+)Qch5{gycBF$R`}bNA`(_Z5T116)Z~aIh|ELLOQe>I^*3tM4v&`EW zf8zt}b$He}#O+kJ9qK;RS=`!tG)N4UASDa?Qfo1j`<24i6KGz*^3+psj0U7pg^$kI zDNmEc0WKM8*kA*g0Vs=}do6cI3@T9o)VbO1bVya0N&%duPEU$!B~yPqohs$}xPjB= z;s>cuUfrjn3!4py2yd2e<*RSi>q~FyRCoOL_Ue*JIJZVITmn|OFOU4{UMTp?y;<*V z@NJ681MI;J9dHyZgr5o@rVfPMO|1sRcPMJ%mrh;D!kHt`#F&rP zGIY%x7K+flUcoLhNe$d1j8Q7aFk0P8@Y+|PWNZN?X6LLtEv`W(6s=X#n<4++%8CS< zBuJ|TY1D5XmsHu4lUm%J!Nv(?)#jbvdrp)Mzs^kW?$|-w^P+ zdU!l`gwMiwx>@KTi8O2b^d@a>n8vk6;@+UzJa9@)!2XeoPdTmv_^kQ53*+>zdYY); zyeoz^=T03dWTIuf`NVEROarRekE}YWm!3>ZdB7jn8yDywg_=ObJG^D@evLMo&$@F1 zv`Nq*3T!M1eX5)l_h8qu#p^v*tQ!KBb_XT)?(GM_q2g&J0hvWWhT&FBOxTKoyDd5* zfXAD^>?kUKxd8GkNE_jK37)Mz&#t`h32xP#z|X@dlq@b{u*K*prs@`ZKDCg?{^c`# zK}8&{UvD{YCtvRmnpErVi@%FL4L@!Z<=>O`YU+EFW*fY z*0^~-$lI?Td{CrM3>&Jz12+q#=?7jZ^_G7KX>Y!xs&7(=6~o$Gs2$awav5tUFr4X} z8*oerAGj9C=gxzqwh~M51n#r0eW+3rO>DsI<`6>N^PKcGfO8R~dY&bMxEnq3eq}v$ zuQXpD$wHJEoG6st$V#_yTT}<~NIsqU0t>DZ06t*a*yAx{2`LQV-xQW;_ZN{S`Do7J zcC?XdsIcD=531I&OeZhQRf6U+khMqxeysXUo&NFB)U5MC#SuEk?`gQ)@iX_CsqWFS zWfVHwa{|o~JD|@PrZ)uO;`JK(&6UA*u0zuVivtminKs@zYf(8M&!K32n zO?IGW2r)9z1w@95I6mjp_Y+zapa8uM-t!Q~mYL%0-ouduXk=NNPxB>?)&s*UpJHXg zamL@v-?FH;+%tqxyI#4FSGd>lsLT|Fw*xR2km$t-HqfQ#T`b!5Xb0=WK{E%aZgJwM z^{L7G8Qn49>(4jop+_8{pua0rZA#<)hcS62+ zq!5XHpd>k?KFhsQJ(BK0(Pwm(FE86G;PJ;Pu~0G}Q@F4RyoyJqWNd|H!;{_J1Z)-U zKT-|+GA?ZJRp7_ZlkOq8ms)_P5#H{U-0r;Q5T@zrNi{$ySh>su$wK(UAB0DNvZCH}JXk6T$_L|`8+R|e%_l~g2n;rNTW znC*`0?bL?f_6TS0FhEdC6wD9z;6xyPyDm=Ms2?N;~yK?ebWFd+#owytFaF{DfMsr}rs$a+qlXb2y&}NAQm5L$1REr_qXK{l+(ZB$*#BvU{{Kzae|fqHvVDzB za+Vepv^k7cVi^{x!csF#~Vac z?G*)9sy_}y@=It_$V!lhlc+dd)*H;5G3=muR`n|dLJwGZS9L!G@?PsACFdBh#1cqm zjNMIO1#=zaCZN9j&mHSOwD6uW68@oIAL?+9V5+nX*kXx?uN8ig#hq%Xr36s;@R$#> ztGq5w?}3`4#DQNcAaZU z?Ydui4ji_e%oSDO0!n4-6L&y!0!I8aWTvd|i9|o}ETM9M_;|&0m!jqQ7j%QocM=>< z+aiTGgmnlhL#n9mZD3)UdI(u|(=I0upI5V;m)k3kQ`b6>L=WV5k@f00z8Q1WLTw4g zi@-aRtduC{WL=7zsfvRvYLNN%4QmK8sdRFg$^p{uLFcJ&2hXH?mIQCZB@&2 zBxBW!*nFv!V&mJT*LQ0s-0Ctbpt#}`?|9m2AF50kfUi4ccsVyIyB)Pt8sa;@SI9KO zlV#3PeF&L!3K&H-E;ZVVlvmZgj)U%c9d#+?Ms?O!99-Y>R)X8UyJC}!+D+`*vUpLS@H(2c} z%Ogr~CtBtFt_-9|K*gTG88HD{r2%by(hNX*H4|4Ah-{=|cXI*}N?THj0m-7ZRXB>g*?*Ix`k!5nW7H*Q^06wLCkME1S2l<_~j34k@y=uGI0`|)g3E0DE*L*|ZM zMLjwkdticM@w0HnFku}XT)@czLjh>V-+{*zj}z2#4f1&c*a&*U{BrRbsvqFkR_HS} zbpToiX#QIeq&=Ne_OZAl9`iMxI3gS4{q;q=(X5FzOGvgTXv~IT`b|Ec|4=m*FQ5}# z0xBf>2aniv&kfZW_Jd9Ce(>)_Ik9JSn$1VD94C=v=C@`jw}PnOY0`&sZJY=bx=TS5 zm#58e{XE$k)SmN;E5$wau!SRY=PRYkSYr9aOB-d}U980bh-VqX7KNmWzEpA9xt0V`C3=vM7l;QhugnYZcGUpoie65ohU;BAvtSBLm|| zkUa?;wScFTgd9^)mk$Z3E?~Z1dWPgLv)Qj{m9{~C6?-GSRCP@J?)D|hznjveGh^ll zZ8iX)EpD}{uf6nVy-)s02hbm3o;w=-SA;OI$C@O8z8C9D;*G#SX)ztIfFuVkD>QdH z-iKVLZ`^ml$Lb(Zs->M%%D{i-T?v9ictz$pt9{rZRVApDOaxQHNU#mrE$@~27}0(D zg_wNg3Gxqe>u=OshTY1zZhUZhcu*u&FFSI}VaPE_uUTQCgz0oWapL(+S3RDLgK81m z{q4akpCDlcqU|k}s5_3zeiA>zAtQDK)FE*O6UQ?xFNCK$-UM*(z-(cj|G)JwFe1zf zBY7bMCgijj2M9}KQdyfKWeB&w_k(FE6r%|06u!E34j0Nuj_L?zGDCXa`Y=@S76*!; z*0&wvl^$@47I^c6i&xXgra^VYg;pP^tm)f} zCH;G*Wb5X3toG)+{$F|d`)z#lWIW>W zcCw1fRos`SI#eAiy|Sa9zL4{%<{tBKlHyl=(~BEF3(C6w1Du;2LS)(bz5H(cxc7AxA(oF!2E7) zbAUql#z7M^4VQbHW*0qJPB-kVJ|9(MllO8o2ai&He{Z)1xbw5V70X<``iaZhInAjV z=nNli{HXZpsUAtaR+NI|qA$`j`{S?>Ht4q2e@G8nC56Y3yci2V{LY@q{L>XK340A( zX)q8~pALE|JKmhlyh#VlIrf%R;nSeJN_(lz3esRtJU2r=OX$#K9qeVz2-4dFd{=9;Kj*s6#XnEq%&A7MBYU zyTbBJ;af>rJN&O$`F+vS1ZrUPLE*@|KMzaw$?=_%i#X=B{YD*@uS`LX60d!9Ui>l8 zpvMzHKOP`z>-%%Esa%#FzMSW?(MlWhypr80P={jS?rYo_Oq4p1>^yLmK~}3MQ;@lo zp9BtK=%tziwxHwx;JJVb41eyjwXox=(|LD*qIWq!;E7hyR_ckJFb)eXE?<)qG0PNt zREnK`ixus6$?4>Hc2?p;-1ps>UJl|pu4Pbv1GhZ=2e%5+556ACw<6I7^!doqz0I00 zai=~_p&GVLe`K0|tMyWc*&lh>8CXOCvcJqz!vf*B`C<%ImC3u?qc&l#eNw+;?5z#f z@%jrTM3x>{WaBZdgAIEdKs@D$IQ4ue_j9zOe&C4TYm$^#yDiqf*VFOEL$st{P;Nf zPK(vzqOvo!FeRFTg{(U%PyOx@oi)Xce&Zq-#jUbeo4P<&y;+}h6~E#rT-Fp&?3FQ? znSG=3vigxa>&zz8@H0VQ&VO0UL)WgqJJ00luJ~+1@!OMCF}cQ03bKa%jj|BE$WQn! zPocQiq03&ZEH2WFCRabib1Nx)*7-^llJK6`QTqN#iop*1SSb6l=p){?hoR4|5=#yP zMJ#|u?3ZVY#|-k&rvnELWckhpNv`WZGTY!y`c;vkJV%itC{y>g?S0B}LgtNO;YHj6 zHd=5wL51)&f=OR{=T7{wy)i0;_GnQHYwN1gS-+5}D}8)%awm2_X(M^D^cU;zMXuEC za|bLYCuJbyt z+j(_5ypQ+$^?r`WXcobWB+SD%dj|5$$Ft1Qv8n>Hy z@l-=l#NhxjVNBKd1;!M5`trV(_>F0UiQqnvAbP+HKwvl3@X;)!+O<(-%;>zfgN!Wb zCd2&ac#%>00Z!+6-&a^0)3jaBNYTBLw4$JuZuy#HrHq8ay;uP@0cdrl6F`%7%Kg?q zr|-4V{=1PpKLGs&*>nHnj6%$oFg$N4%kBK362z9f5!3r|F16=oNcOJ3wp zam_gDDjA@LqI+nUZr>b?U6`t3@MbMC9;7+Djus(nZvSE#!uub5K;R8liPy7G(&_Hj zh3D$;YKG2%38*Vlzq}~c1*CEFhWyWaM&{-^pO#H`^fwtbmF7uSMr`jegk7ac=bFT% zjt4d`m|wb|%^k4%^`s+jShT9}P~CN2jbt%B@Z^@-*s@2^c+`E_^XXx^h2;S=qVPc8 z=jbYmkB+Hl4!}E8wczT$6&)r1y^E!qM~iPA{fU3*D3|KR$?J%kD_twaU+5;x$1P2) z^b_vgSw3aGxX{14vD1l>w?44N?7Z&7Gm1=R9PgL%qw8q?^_u+UqNq7w=ymS4GUYE9 zvlUE|4*bL4k=n9c!p-R+JJZ3#o-5m!-8|t|8uwn7_@}@9NntSq4ODL&$Ybfl)3*m5qd(BDA zT0krOZljaGDD5)j`^h52df4g6Y}9k=f$_2%$=2uMdbc!X<&-bIAlro;CAH5ycjz`W zFch!EoU*yCY_&^Hgq1a#ac^n&O%^$-FO)8f0Zw=3;FxYRJF%k<@jf4+ok!RG_Bj#Ri1E>m8Qju`;r+X=AS zw=h_mHoBZxIHUWiLe;#U*7EzgqwFf3hlC!~I|;-I^}p-kcj;#v%;1}*zFg|c zr{_}mIJ2Z^HVC`#vU;wydh5%ykH?c84{qelS+8FXzT8x~DqUYu7_w0kRdnYQm$XLP zsAT*V%hGYo6s^jGsispOtT5PtWW|-uD;s4qeE!5g1MIo4Ij#2P8my$-U1d(G?YhBY zy6XCdD&`jd#Z!(oQ$}U0Qp&UqRb)3uWBkMbHbd?Aot;Ab za*5!eR?Xm9O?lSkR}_Z=36G_q0fR7qlwF3UMO$nR=uE^FNy`bPUwur>{$j^Kx)Jm# zz-f~3!%;0Vf7m3E(beyjKbiZ~eO0Q{(V*lQGwG%QlFV>n-AnL88Rm9dc3Ky-MQ{na zgj6dqiLX56!9x8V{0(1;ShC2*bWM;5tvkZ^Bg<{_cK2P~U5@px&fiko0~9swIbwR9 zRPJ`=J18v|CYOFMi^Kf%bL8$lhx3rmw_I5qj4BE(HIWseojD>u@IFy(ePzU~r8v2) z?`p)bI>mV2y{~>|8=)=6ixoxh_s2zAT^`qo4=Fdd+3&A~t?x9(;p1~& z4eH@s*yNe_ejf?fVsaHr34LO|GVG~Dpz!gO-xTlU3$uE+8)XKhlcCl6b)q7w9`QZI zQzw4RQaurQ=F+(oB|q5xsL}JV<(Surkrn~@O#W=^QxUiCY@oLvPcBP`c_M?4EIuIc?`>g zZ@!%D25Yu^)LKjRtV?Mv(jt2r(AqNG%zMlH$)2L--g|^cTvRLms0W?K{L|!6^(+n6)Y_JGPRz7Y~592nw*)^1NgK3LUEOm25Zgu`*7&g`Mi{Xy> zV4r(eD3qPfs?)vLI#VTbxV^yk?#g>9L$O0Wrr-Dk`ua?J-|%ai2gv=9T6WBcQSPb| zXf)?|Q}4qS@Fwk+;`H$JJ^HFuV%m)HGsXZ0SsL|A`c_K=di>0oEFfQ|S$JMjbnNOf zH{YPnE&ee@=y@RjYeEekQ`(2wb>y8oVwh>zt6H zr;=4>tJQRmysa3GsF)?6@9yy#y((wxQirdEcb%&{p|L(aX6;wkfzFqz2?PSV|e zLT&n`MN=r&c-NYal^>~~-hN2U!jr*CB{0a&d#rpvFWOn2D#1u=FoO60B65I!U%S(h7x+Y z4QH>Icfp;q*e^ot*ztk2HSWP6hvOcN49$GY`3{|L1~WWnMRm>eZ#Bf(1>S66uZ;|U zLo&W&DxY2KbY&M(<#kqdfeDQzod__gZ-L71Z%zUhv%HC0_`6y{;OR3qcX@#miEQJR zSEs*FYksX$aJVwGW;4T+Ldeqa?$|(qC!tD-W4+OCBJG$xM}z6ini2^Q`Tp2ny=z}S zvleDikL(NK8!Ep=<;A?a0R6okfod2OR)@y4PrT zkybhtGowcb3FH(|EuO2qZ-ACjBb52Z{3+kZp7^woHD*df z^w>2=#zPBF$GlE*7RjFs)r}V)Ht?KpEIjg(fZ2FnxFiv=gfqI*G2eK^#7~##1g+-dVUq7uA;x~XaZyXxa!>$5 z070b;CRD>VqZ1-RtV`3m1T%vxB-Tjd7aUa(u7c%(lI9raGFuI^&i&FB?df#IYnI2# zKUYt1Mp@Gfe6N^;1eojgXYTj%WF_Tt_t30kj%-=cP@BAM5HMb_)GmKZUC$ffyf&Jb z$#Z?NiCUc~AfEiVuuzBa_*ee;RJJL@HtQkF#pju_UOtVDJpM2Ag93F8K66jh(yi#` zX))!RvvMomh11AC&{>LCLiIYYg!c8ShPPc(nuf(ULTgvKEgNuVeZ>Z4D@n<{v9$AJsjMuP?njaCg*@{)OYLdPj6k^nyC1o874IY+Klm%-gu^(^RG-ZR z$0#4pUN-hRtthYKZoLUsk5Z}2Vtu2_4-O%J90v_oyuvinE7CoCpoGSZ569@<>~J~T9?;-weGeCslyN{aWQjzx zI;Wb!(sI@H;NU)^LxtR&h1`wzhkN#oc`3GWjt=f~C!~!u9dvZ4=hlx~VBwOl>Kb~= z{EW>=Z+DT@lbprjo2TyE6a8l%NXAK?d=d2JsI2?Kr=Zo6kQ2>kZC}d#MHr=-4KJk zqponm4JXyy{YXl@DQ(=sT+%al!@SxU}nh=@z2CV$dqX- zB>uL5)W*eF-@+uP0?#Ff?|GVaU=rNxVDb1v{dsC4tz~&IhtngAe&f>0s`ABBbIkPv zB23y&4`y8F^wk=dOxkv@#7COL);#xkVjAU5-KH_w_l{Gl10-ze*%#KBau4JBu$yD7 zE@V$XErvdl32Kx`j0|ne^rsi%CGXE|S7Ae=SC%s_T-07LJc%7#AJ}rX=cFJltr<97 zOJqh`S>H9!^<;~Kd;_Ms!#|R=AvWQcT9o0xmFVTNVJ@O2JA@mZM(GCIKEeTvtDx== zoE7!*XvaWCOX+U&KtJx^8+({P!x*Yf=`Gg&+p}z#(0RF$3bLl>R37>6b)*_p={A7< z`I0CZxYX_Rv+wB|ZjA5K-n8`B(s?laY@TxDp-Kwt*ussAc>(#1+bNCBeG!dqzZY(D zZY^+XkA^FfB6>sMYMjgFYE1)xt3-|8Hc4o2EO*G-sM)d8%n?0sSqP0!%5lLBV_WE3 z)lyFW<(wiDJ4pS1@NMCHRJaabx3#$UPIr^ttUew%Y~f`IBj$Ve8CE?WqH*IhgcdW~ zoHh{K2Ot(@X}RjrEnMSPQa&lrt1fY^;wA*fV?z6h6l&EQVSFq+v8zV?-ivTFmc79! z^t0Ep%)E-88s;ZCa~}paI3^w~uJ}z3dST;8Yd@`2aF*UuR1YVf(s1}5&OqPbW$?G~ z_n^aL-(0fP|BImU4`syLLnhvgmqN9AwY}&|(U`r!dg>5wuUXk8!K0qC!t<93>Q?JC zH(zf!tzt{7)!SfdcWeV=%l!1iEBHQT;??`W577*%Wc9Xmgh%txnD|(Nutq&Ko46-q zU9YthaN3%gDp$=a;Z(XIbL4;h`BS#=&m2V2pt+6lO&w$w4?YK)lRX6#S+~CuwL>Ti zI%A+UM`(k}=Lf_`b5su;e07_?b0Q&i23PEQd9h!JU*hsO;tzbB zE8W*J)q8I=;I5==ExpQ&_XVw;gj8qh>6N8U+T31EKY3w?S=BO;*owHrQ8Q|rSnKwC zV%2hgKq@G2{CB22I7EQHfI-nCVAYIGKtUackwOuD)X%YvvyS6J6IvIBPQxgFBH;Mt z;2nLSFr`$!MD0Do@nJedlop2c(Z@@xb>ht{4-dkm`5qcZH^+WK%L?uK2yUOkg?xn_ zJ4c)FDBuBEv5loAR?c#&3l5#yUM%X!eR=kY-ewtglk5jfJk46J^S#KoE$7F^{r!;q z5AB7&XmuhnNUZzU*#PrKI5*R%@V0L^^V)o1m81E7YR=uo%My- zRn+x#fbo?VorP2|Ri|$~;_cJqFY9{r{cS z7rhexM00>x|A8wQ7)fCnQ1Cc`*L5|lLYLg7jHBNF>r3??Cx_eWrgAa21Rang z0jDzmt}3Sd|0hj-DrKvn#2JYZf_nO9flTON4K4bwGedk~N-3W_HH%j14~43Tw>)?a1Ps(pf}P5Tz&)gpM(% za=3Hl4S>vO>Y^0pAS;SgQ>BWW2X%~Mtact;@rFzQ&!twg z`ibuxWrm5TfKaY~Ae6{&2A0-s3L`mz%3LUSscE^sF_Sh^&va@X7(0j>mE%W?oI zqXM@)piKhM2~3dj074Y=Z>cM8o3+j!2_OWX%o_?+BS=3d(33Kq(Fr*OtrE-WW&ES? zpIeI7fqJlg=8Cs(mp8QFId^n6_=TwTh4fVJsx=fh!Tlx2WV2B5LVV7fQfktvXyVD! z1TQ`KG#!@JL1$_BQ2{6aVk(3XY@D@`9(W=b-o9vfW;pwF$3ql6k*-1jVOV|_znC{C zU3s-fscHy9slJ5g#L`oDxXAC@UnrCJ__|p(F%BQg7P2n|sM3qaLEKqN8G)C|7QD9Q zuRn7_aW{%gC>Z++aVdL;rRc`=W)$K>xB`Y;@xTfOTuI?=+Ig`OFkbCRTnSc6ygS^8 z55Cy^%5?{@(_HO>0ZL^Oh<4}vc8tn3Ev)XZ+fu~b-#1hmT zpdv(Uy#fU$BriTEMrL&jCr*E24UFtW`pT_`W>A#Y;|ypgNr7F z%kN5Ly>^=xu7BiVRDd5>qQ;{Blo_2j4ea&FF?9%abSC-5aURkh8UufU$}^dfQO1Y8 z5}2sXQg*iIK#~=#uV*UHK3LMC4!Y402zBReptFD74%!Sq2(sO zK>kNJc-N);J*Di*aaJReYPQjNmdC;mR361ii=LtOI=T3L{2qnKob*7MxPs@ux5O#hyPPHtYEc1g+a#Eu&PI zJ?GpKE+`t!-_cdTZ1^R5tCV=kmb~9XUE=4DP-1e`yB1&3h7L(WlXDj09w2k$h$ic0 zS7w7U1EK|l)m|zU5<`kPc+=M8<=(#mRof!k(6+LZ;M{&~A1vL+1l*s$sAYtt``~m30Tp9t48p=o))DI z2N5Y>C*d{h>cg`3i}eiD7-Q?*RGuthA>6#ES`Q<2#!;zE>sL+GVBE zY#Cuv?17yITAVhK;h({2hO9Y`+9<|#8+Snsn>oPQA;B}9rHwn~AEhh;IsCiG7kv#f z01ryfE+u(p&=_~GD4i`SKqvq$bW7u*=~(*4nFsFOGR@6}r*n((Tf)fcJW*H3VEgsa z+;>wKA;(cR&AkpY`35vX4~+2=8ASZ8Jg*O~*t(I$rbJ0Ez+axm`*5LKl^Xd0BAI>B z_Y3YR8D->_KJ#KIhzN{WM{9Gq8ZP~_sJ9U)RUd$#!{)y=A?tDk0i9a|bH6SFTDVI4 z<8u2|lW(%PFXI@Om5cT!@lHRkSdS*Sk&?u(wI-KhoafxkAPhKp{;8V9m1AW~9uHNG z0->7u2i~g-t{xum_2w~|fcQT|+N^sonQfb&{vw#oCtj0d^d5lbtVOpd=p6BJ=Pn)J z)1@^h;$w6saEpzyNg-~8f%C_3^-Lv5v#`Jz*mHsA6=OQLUXEsQHZ>|jA(;fP_wUjKzB4RtBi5sH!Imo-qb!|#>tKg&P{1y_h1n>`ek5EdTwUK;v z@uU4RiROBD2L-t^?1jsKLLApm8-j}-z#Uh!8x6lFtSKvd|Hro`Ce$iR+dO`Cy517Z z>L=p+KqKN4aUriN5F0PG3by5Ft8eURfB6?F#VzL6Z&DDFe&c0Uk)X=`%c$85sek{s zr^dS*%Jru+I-(${n&4JsxTg-EwG0R^@iTWVPFMq`^ZGjwoCwju?KC)7hH;_R78(t^ zQHqF~&c_vxCOHO^KlHl~l8Bm)-pJAW`g>-V6R{htbg&#B%q}Cns&`JzGa8Nto22{& zK?+N?NoDxtX- zZU!JVH7^53?5?1?bd85JUit6+HaOh2(SZh3j26F3V6(RrVW0maoes{5R-E@N7z4XC z?rjV)&qP3XntLTst!hQ>_(&FjmM3hyr<4t1!z<~ax*r5R)itruM5D}n{Q^r82B)Q_ zB_*!;n7yz@n6rr*T#E6UpH*b9IJKBEx<>6yo;@r>YFDpgGQ2O#JTAoPOM8 zi6E)5p_#D#} zXjS$arRPW#wA2>%GLBt+!M=Sb{KmE{DB+RQgRSt}Ze!U&F%7SmFSiDF{ngm*Uq?C` z5Jp6^cGEm(4w5#uXnL^iiRH?o`j4jI%D^+?6+~5Zme(HhwI3fR+R`+ypwb2gwaf^& zix7v4r$?1eAPD*{vF3lMiJ?1l)WLC;EZ=oT66<8Ow(GehgB`Po!c}2Qz6CfCWM(V) zb;3<&M^zu@m)Wg~}rJZ>|@F?h7t|Qu$cMD|0La~< zTVfTAhXdFioKI*v{G8NQQ`D=DkBDG;Y+hrg`8nTm)h?JFB!ClV8_9lDF-$~YDwRRz z);7=%uv*X={-QyqAG`E#CKc&j>_g}2nClT4*#k%c+iX7 z52~IsR~{@UBrpq!zc}Oo0pKea_v(+`ppeCPYrgG6yXL$s_z{WD)h+tM+MHXIVtw-c zyRg0pRT1iR40pT<@bb}Ls|zVY>$<5b&jtzdZQGV{Q4rtq!{CiaMZ)juV!Im7{{=J; zE_?M){}#2`mo|GoS}uuKigcY}xjUg+J%%U8fNAR--ZkHT?pL+iD0NEt+aJa1y!v*r zdLpH-l3in8+dlqDhDc6cWu)5rO^!)cAgDgkE|IZQT{*NVoOXxwfnU`aA}$7Kh6H`1 zTSKzyq4`ldv}Bjj`iV#`lq9Tpwe`?5HXl{kACbz_CG8DCd-Z@1POwGS7CCt>9Wi30 zb{QiyBJYq(MPR+;YY=l^f)yzYBUo0UGd;1wM1Ao$cJX@jv63|~dlJ&N0iCk_9jy8A z1~76VROzk=zc_~_$2~&OL~FZ=uH>?Lj0_1{3Po$2J60e2Q>8b%cH>O~n_c?1+U}sI z@F5tJZ_-BcRMF8MXwK1;EOGIhk_OXQ`wpr1kPMDDouvGt!0{VO!LRlOG6Vdcf$?+F zJwn?Aauy)EvGvp_?);xbRz!$oj<<$<@^b{RiItnA0=xCopHdZgRIheC-r_tO6*Kxd zZ+0nq^W`-T&lrdr7+fw`9;3e zR0G@{;>4qT3r@q5V!^?nV)0;89cC$MaCGh%jOI8gv%R(62ORJz{zHK|zy+x(7&5Ml z0fP73ZS}omn>R1RZw1cIp*h&(MFhI~|7v`*R>;>`pa1eT;9g<2*VT8fpX36oftYT_ zu=io(x3I1bFTC(26rwh3`H{b;GpE!0OFU;=4w!4_y>1FUpEbB1O&3sTV0^c0wJCdW zRMunsIl~)Gm4$V(ap~_`CV#`>}pO_TIb^F@A%Fa@{V^v{AX}k{VM=C zq_2~@0(w7X81Vb@AYm7;jyL|9T2KvV^h`QX3za(cm%_mSFy*R_eZ!ObArOCRP(wr+p<0Yn~ zh|`Xw)Q(XJZA18^NvdHB4Q(Tk1aLhuf1H_rT(y$%Tdj>`3M{rj2!O(@dWSM7i*HfJ z>_*=}6}#D?KzHy66DAy8bcM0OU@Fl*Ie0J_E?!WaIgZT3J*%sa9pDkzF-#l;PsWJk zMdbnL*3EJW5!46_!ESa)KH#V(P6WmiK#ahWd;hN`H%lSh{V-PfB80>HGf5SH8<82O*P+1>!mv zC`LNY2yXVWs=cUa2*@(9aunGIkfd{C3yCSQIXUFG2FK3M9L?Arcwh(6HR~C_L9FaU zK!l?tt#7pqS}0#3(G$64)P3T?Rsm9cdH56-5xMdZ@O_e3A+6H}?clecmu;&M1%5^m zo6V<__^+#-(Zbg#O6D)O<+tvf<5hQwFX|U|gX`2O(e~|+KHXQAx7C9SC0*gV{o!{o zIE3GTy=mWZeuHyW_sRvZsT&?hC_>*u&ABc?Qgy~ih`Sy4x+C)tPn`VZaz#O+f9|C5 zq3j@LAs?gN!^GFvq;`Y^F6SOKEkcbq%q$`}PsHs`#rm8hKDGIFmy28sD5}u;u6o?* z&{yP0<)o(G2Uy}@$LIL%qV{6$7*jQEC{?=e0?U#d$N6%1kW#JX2hg*WG1QBkg><#(lj`Swe`xgdVNvz!2!D5nt0t#H0 zb9MpW6sZE~&Xto`eWt$5uC;%;jO33i9p-dGvpDD2RBEf94h$iD@*UfAW`YqXcG*iI zGzZ_o{tG@FHcOi44+|Zhk_~+{1B#NfUvU`$vPW8XP zfFBcv$9!+kP+j+Q%`AKgEV#DdLV6e6{6yoMhe-LV=Da#OF)qQy_uxS}TDoi&UZ?uy zq_IxlIno8v+c!!LW_O;5IfVLH)KoSgIQBL;!bp+96PU|xC<*)@Knp64hugAaG^Ik2 z45ZiIhHn4mZ2d3m%HV_m8t!ApQ0`7FiXD#iF*g<*bf@gUb@gibcc`lO6VaKSUyJ<2 zS37X?ySEyF;1IMO7+TXp^B&VXR!`Xbp)Z;+&D~`+oA;>s9rU=#jT+}%3;WRgyiZfE z`3=v%mVl@V+5@`bZF1jj@?$4b{$79~7|p*Ev?~LTiQhT!0dR$Dlt#K$0SAz>I&b=Q zUGwZ=;g@yv*BQE47_xw}GS}7U%o{9QP0za^Iv(%hd?emPWFjfF6veeT_d_B}bKd^7 z`8eSV(MF`^gpq|H059z_h^K!CJ@%5lB-i+EYBjQ%Pg|Q0T+Y9?6B)1j^6X-$NSPM~ zBeppoSO%(PTKlDM!B*cpvNQ{#g@EOoZvp{DBROAPtug%SFlAwLDiiMspdo0SxQ~f~~ z3mwD~P2_ao)1EBj*VQKL)aAVyHr{vY_+~dtvw7T*6*>2D>tu4w0*9;pa+_juyxr1M zp(h|mSF$&)KFytt(sJg}SYf4-uPC_x4b#yQv5g7Yme_$=r&))=r50J)tazAHXlLZM z8)}Ycyz4$iXIanfW9tl~4jJ7BF!o$BoTy@|0?&)h!b!p<7)`0a=A-OhZdc{Rt#y2o zS(`iksMQ}CQl?>qac>&_#3BcUCYZbbD38%SgPQWp+1TtBZpmMRT)y9d;6P>`&q4Y5!ggh9ueqIuCw*mWw6gQ!{$Ml%>*t`}o*F&}O z#!nXGRDJV%&&$rFz?}BLy~|i+^l?Xb&%OQ@8KKk5hehnIn&%C~)|K;MFL>h<3mDP= zXdO{`4o>i2WEkbk-Z2S~b>#L3K=a?>>tb-|aBi)_#3QPG81B)ln#5tlo*&%b_dQT; zjunbF%KG@ge(9+#Ge>@1b)UqJN5k?;Qj8;k9|D(*m{VZ8?2rdoREm5Y?8f6~-raxK zrSB7V;mB&pG11w`j-OzJk{Zb+7k>U>p_c7^R!wyaE~iNl;FL*sCX7uMN!E%N8b zZ_j<38|mDSKI`4^Xr*v~92i;P#I5V669vxgYIlK2tkj4d1VUW{aq$P=nO={N5U2HT zzkapuug>|;0Sa_I=M_En{k?>pMkgQ)>r9@*EH32yshpbMM>Fg%{_BHTD242F`!E>N zt_M~u@N9NMYuloJYiZo3nlUM?(Jtg7IMKMXt3c+cS#b8 zS=sG+K%l{{wh!-USawTC+sFxnNm{3fK*=b^`gDSgnj6!eVY_D1FX-i`q1*N4huq$i zFE{081y$K%{~R&l8@79YHEiW-6Leqydu+gpJadYpFQ<)&GKS%kM+El?=fMC*8*WB3 z;dlE=hDoQ&eJF1T*-&i#c>n1|W8j7R`3^PIwDZor+U3cP97}-YyJ{(Z6T(H>1LG&E z3~t(KN^#P*iWAX?5g*gcB;-b(z2?sSl?&fX$P{M+#y%wM7^*aISxk z*8b~8^*@cD(Y#tVXFgF%u7+ub^!4Tl=SV2-ykZg6(|8~CnYabJ*2+s$%Tza z0+=<=m-B4~0Qdc)1n$^F)8fy$PgnDVYTl3hfRP%#%#O7=(V$DBjomBbrf0kl&lL5; zyA4fwXKOJ_7m0{Z1kztTwe#Eo3cvdx311rC7r(>qvunN7(Pn+hy&qrF{An*o45g8sZb6vY%zC24O zo?B$Thx9fHV*=T!l8Vxkq;<5S9-m46ja`7*V)IE}3sxF7GZopt6JfQ`tp4lQmqDU< z)!{4JD70eoQ`Mz9FZa7^Cnd}+mi0ZF6^480e$uE+?Xmy)8p#AYiiZ?@=S5;(^V0Q( zS+m>@#~mHRgGRKyVJHfzV{GOIAc*^GsZ=4MBjaN^`3bER!lTk5t_+H_YcIop?UmU6 z<6h}ks}6a{&W4~eyk*HVcsiKA>Z_HA4>m@n9Px?1o9mH+dGc2~)zeQ!~sp>wYIl*~) z_*>m0j1Zn5V0=mOYCSjU)}SP8@{~<3LCS=MRZ@epE~&Vpk+T+cQSsB;v`ql+wFcTt z3L_$7Dh?rCF!1b~t{q7DvllUtNy9=E0xZ}8(NNaS>cCt8it>U}n_8mV*q1v4C78!z zWX3lU`6dLLZt&_jr~P^c*WK=z2d?&w-s3GmDiHY9iGWlW(wEaHbprSmAw&!xq}aOS zPT-}Rw3c|HL_lw~Jc?S_PC)ckA#N2MyuKPk5okPb2@(Ke(nA4_jL!~!!pAJUl!=WR z%Wb$KKg9hWS{yxfyO@BA_ur)FFUjueHe|BjWT?OIT5g2bw%Y`_bvCFpB4>r~z(?Z4ivbQ--+n*j11@Q4+0PP*F zK4F#HEu~qxo$p2S;z=m=YR(jDx_(g#bTgbUL7-bJXxh`nzFn0$cZ0zD8T|7S(EC}N zzTo72J*!j|>{}bxJFT1?Dbj4H+b;%_l+9uYFrrCr9RcJeqz$B@A(Y!PdqwY5Rs*21 z#OQyu^7aGW*j& zt_EZpB)r5!4J4CcuX$HwGj^`Z8Nq1|=MtZ zYG8T9&xk$q#Z4?!w@(Wp8lt)!QHn--?CVv0kYefURegx8*Tv^xR|7d;K0Ady?StgenH-u$E3%1Y#kbC7g5-Ti={6} z(*Hf0rgBaFJDzM{ub~7-_kWYCfE$pJTjgQbT&-1X9yoP+r@CeRV6>Wnau#Y@)yztE zPy7tf+OPZ6y+u|`WaE3AAKE%2k@Uuu!)z%#r8TreQ7!W8`T1SLXduAftv}Ry)sF2T zJKj?;CQ`fWmrEQnVIKY?jS73*wKnE%RsNkuw@lmtdwA!vpWY)+_|3jLHc{~(-W~)3jC1Hp^!=b2`N7cdVDnK zhx3~P>(xi2QLTwLps!~v&!%RAYIwr*r9RgaHyI|u?o!;h@Nqp|lIe^cQlsSwIW7nB~RE&@U~Ajn1?62b=hT?Y6{OkNA{n`gZ(9>sJLj&j3Sl zUC|eJd1M40a#QcFj5^OOz^hW#gmq!ndz1%BdwaF^j_s!i;Ovms3Alb!KuR~hfSbEv z5@VeB@Ck8KNUtDw>J;1a-?Xz7JOhph}PEk=PA@3eVT7k}m}jZ2@ixl&9GQ8f-$a6V>d z-genh`D*+%5DtGx8i;G;5V7)}k!cFImS13s4~3GI2EK&?$x2jt-ysi6F!n@h%anVC zuLqQaZ0qkGkTx#YCb83v39(K0HDq$WNlKFL|C;-m0Z)O-qs+-zzNMSK?%QAV8s9Lo z#L{_IJK<6eUZ{MfC(hE61sI;Z*IV^V2Kw!JW=ato_Tz@sMlDU)pavxH?joIEZ_9EH zpJbeBq;Eq+{?*r#feaJND7u*rF0V=A#ZK!Eb;=S#TH|c-W6yTD+Saf<1?K`kqcITo zCpe5hId7Eygh3G=zb<+hg>tTdz?^myN#uc_kTnSZ)M;hL<`b+N-PF}Vt>Sj2v16T*n6VIiEpBjpAL*N>uUKpi1mplOi z>kY@dyNxo&h@5XMBu2W?ZbEeF$|G}ilSGRhCp`1>v~zT4{K6jj6wtZH>sHM2nXSiFJSjN;b<5iHyFCUOoHusZ*bQ~ zjFZY`^JdtSJ_mQVnaGH>3vwUMh;vD`q4(XE$7ZW#HYl(lk(rH$9pk-XKe`jEJx!G@C~ zXZMQD{)d-wL^iZ8pzweBA!K#F8-z{VB9*@P;n_FjpGtqzEU^ON2T2hhL4sa-NYyylc@Og2 zqx6lI#wAsdFEpzwF}z}FSaqEE(PJ9Fc~rnWY-`h$34v*{;a+@KMPpPOdz1K-9;HYn z$a8dD8;kFQbz|bA4M@8$U9ubScfhyaD(WaKQ^w?7FQNZBs?x2u&_ zX4YeV@I!o%}$q3*z)WJ{>tyR(m?7hECE_B7kmUw>LJ!rz$F&_Y|X{ zgd!V))0{)XI^Yv&nH%X>mSjL+neqtm?V@7X*cn;(@bT45zQdE2wNw#cw zeYCy50luP}SI`~OZO%GwOlisv?B9R1sCVb6WhRo4+3UU6#aUE6`4BHqsdPi?JBVmP z?)Q3(a%)?i$1+gu>3ubtqcyXOhiHJ%&pGI>XkgSv7bI~l+1*+*BceXmPhO6!JW7)1 z#NegxY{qqK68^X07pxc(1IMtwM8fmw7LiTh!chiQM=gl!e!%@2s+ zH`j6SGq0j_a@w zhn>yagRH6mS1R#(ZGynwi>Rvb%?T}C#WA9FFMK{WvVxco6E638bGHk))*cHZ6^nfY zQEGQb6V7YP(|xXdesEpwZTN+1SPWOD@IGL7kKJvQXk7HI%P*6p)qk%@xT}OSYc#9i z8F;nhPy8MIQcnc;SzyIfd_^F!X!VIrynH+Q>BLH)u zJm2wAtz8ka^Gw{y^)<&Ktaw%Y0FXsSi@i|#*wicZNc+UjWu_1l>FewYZw0Gpjh z=H&a8)N{pASmcW4Y6@{LE{y<7deB$nrEDwLq}F7a6Po74M8i{UD}21vv(MAtFJW$>s%GyUq+t8j2g3)R*R|?LX~`fspKnMN88y zgUv-P7wR|yJqI-BZra}eQ8=d$PFZae=mzJ!Lh2w*LZY4OlM+r`Gq*t-OM3%8P^WEp z1QR?Dohs0f8Z(1-(%Mz5a|-nq$2zstVp~?MKdQR!9)SP0m#0 zLqGOz@-Y^l41IIaO(}O0l5tXM+K#Ub(|lz&jVkG(tb=9&>C@I`4DcsyE}M zeB)k1UJWE$542|6s~me6W<{p^=La)(&-ztVW;S4Ss_gYk;H_4=+uMA!9y)&Wa=xil zgwp;<#dyD9k}k-4lu7cjSnH9X#l+UzAt~d}54mQ@*j^NMDCgr}fcZ=KSG^)(H_0w` zU6`H-uSpEyspEcwb;9Y3^9Ga=l(7hyy(#>l$`*7K!(Td5jUWvON%wKupfWHazU!O0 zLMlR@hK<|@;gDA;Hb*>wT6tMkr%#a7-?)n^dX8Y}>M16KedfR5r>vcmYBheFoeM{9&PKXCpa?Yz3^35beu z7qD?$41P3VMeCKq$r9g zkXe+OS~>5K)JQ$=%uPcWrBLmQMS~o8v7wihy^&fP&A4_A!O zBluAXOvCA$37>{ANogj`Kj)bO_k;tm)qKSARfe=TPv)sp+*RQf0-VB>91c1X_T@JI z`@B4#jx}I>`#FA^9&DFbmULdKIfj3BAf&#AZ8BViAk4lZb~npdHO3IWJ|F~i=pi4y zOE%;KO}Q7sNDGQBjJqw9B$}mc0Hkmpe{`{ArPRQ@g0~qC$Dgq=*z(w14fCI%{?UOk z4&2=CEY?AXJ51rtm4}=mjqC$CFEi;zR}l92#6bOg%oDVzD*%0^6$` z8tLft8=RTgRhDF8w3t?5l4n(MqTRgJ1^@Ey-cOCll+c>xFqHH0sx;mK(l$7fWQIUz zHYu<}oiQ0s)&9u-m)oTp4iyj58?4-$|VIUyb!K={rK$<%@U;drR#&Skc8Pr0;f?%F?QPe zb`Z6pvm8Mf?yFp4t3VqTUs^Ni>^>Jskh2R1eGx!B>*zSze!T|9a(BVI9O`OiS{;AO zhk%>xAhCE%lf8>Rts#zYzcYuU;a0!7*d)UbKfPQg?>4A&CdH-*nJWGYTocKV{03M_ z?}kI!$J6~O!qCg{b^@E%4FIXXI%u+RQGj*(E_C5R?s?iY-X=kKhU8DWqcloUJst?7 z8+BMd4Y>DBIo=3;j>p-V?NQe>$kWvCF-2!V+Bdue0g|3VXE^6|!MJ+guL_1tVN&gf z7m#@|ep80D;RKqZ4^>T)#89CJF|l`~!lJO{sgOuaE<&~735Dfv9vPpa8Y9W{YBUom&+=KcNuc}a*A5(p?J|1o!KarK-SF;!f59PJwD~=RR}U1bp1{P=NCz*+4OZFvW(B zQyKr@_aIUuQhdrQ}8Zt%2)XshF zGV9!!#br!OXbr2HcGv9MJYR2XBtBITmBX50v~+hWYY*A*zW(fv9r)Vf7Om=H(|soM z#Y$m^>yQ_fY<+^#8(E7*p z)3PN44dOQ%k=VG2Bw^Y+lZ#pIO*i7NAirWweOHzjd1xGIi)M_`5h0@nTJ7m2gOzr8;50k_>tR!;D3BUHhTpIQ-nM{?gTm>W4E!I&F6RR6YfO{f1(~Cw;UT&w{HJg+ z#71sKht$a{k3Lyd>3I3M^1^xu^Jt>ENrdGDf50;LI@6?~dh{LA?^FQ=E(*320!7yS z$Sy&`h0M&#zxyS?dTyuDqK6*A_0L}H2fg@wutpokDNX$Ly4$>@ZiB^2ZpmfLe z`}>5{_>R>($BC^Dp#}SH8hAAP($lDrvg!zm%0&^RN3-Bqd<&mQB#O}#9;Fon^45=; z^fW3D^2FXwAH-}4Nj{$(8X8(~uD)&K*>|6Af-u|-@^KCSN52x_YAY&6nNG{dsg{T% znaKa>Gnl!;Ph1E-bRs3=Yr2jn-li4Mdd*At6mJw}&I!=v7_0Z{X&~8v zOnT!VlI_;*>B?i~E4qMMtv~@Vf@dILuL4VKp4eR-1FI=*IwI%Fd6#X)D&3)s0-bmY z%hp#02GEMz=p-K0 zg+kW)g7dYgvsb!pvgKdZthjYU-A_^ZYV}bzFL+q>8)8nj?HJRMxq4ln&RHu)2ZGtN zQ3^~^mly)_W^nWIF?4I#KhW>oNOhKxQ&&^#cj;Qo%pPvLSXzHCw5%@YxauTTsdGcW zaYja~uA!bmRYg=miU->e6n5ggj=X1`@$s4YLyr~IcIF1$5#>EQ#m`GZ`ncV^_m+-K z=Ke4g4%At_rxst9D?!|k->=}Fd9Mly_s#SJis#b{D5@WeMfh%4xpbZxP*2;Za(i)R z41WnWFAuuIzH!UttS%GLPbed~0(vDC@!w75nE-GJTSzg_qz`LE^Klm9dh6!`iy+|+ z-!gHX72c{f(jIhW`Ghe_TyZ1d)}enor3T#^O;w+`6>J{uUbG6VJx|tQiauzGPosg% zyf(pPmC$*j+%~~XZZURUa$L%omjc0SG4^$$;ns-6EENK8zUjC4D+nN~B}ql2dUG4Q z8AyYQ>sYeE-_)CRw{1MsGqHy>Z1pA5YaZNxQuE51ZaLxzpty2gKA0ibRUBG>}Ut@ussQjW)cgmdPX2OL1l2`?XMR}b8pXePW3*G$0&*lupL@xmvq#$OSH^o z!>&N}bpqG!#Q-0Q6{Vd)(*A)kEaO~+437tL?TuG(LWoI?b8q9)x4Td9$ z)mmnm$XQEGvBz6U{Q7MiG3wLVZNIlQhz)(XF_>G>A;eUlU)DGJE;Ee&IfIa(xQ)4; zCX3k6dg+^-<2{W#V}y9@o6X z5-x2|T=G@2RtQAGFCJKZM%VjAULddO(_t4@ZZCflah9KLzBlnT)=f?tFsIgSpKRnh z&$s6c)w_68sm%`RT+~QGV}}Jd-`&!&b$`rn<=vy|D-NXjL-9~s)H2bSaN)xHz)NRB zo0cq9UA$v2%nUg=+5cQGqyAyX#hzQ|G%EU;WaNF4>bvCcKexJPOXj*h7JSqlaA2(O zyEQ^fOFKRBmaEby|Ei)7=#<&`S&?9L7>@z{JvxG!CBhSrP~~)oLm`kM$%C-Zhp|eo zNA}il`7>KorFnT|VHc#P9b{M9pY@e}`c7U|9`E9?HasXKxg;f)ym|GQUB1(Y52af% zttaRlwpQl0ez?rhpXo4nY+FA)xEy$SbzvvQt8seoym9vFP25D^3}%3TWpIvLBXDuX zq0W2m=^~N)6O&o{WX(h+Yj2|;nnc0}iyXg}`Tl%$q=hy1aHyuQ<;J=O#@%!%I#tx8 zLm69{v}_(S*-QnpP%65EXu^obsnuvF07c#-2%f>yU>6=MeV3*MkVE3(g)w;XVA#d` zHfQFR-LQLYM3;?M=FLA2&;E4Z=WzYNfWShI?bkx4X@{xm?6EFc&nFqPQb|0)h0U=S zH4;x>!P!L%l^GfclXFanoTI4m8d?z=xHs_fyGUMH)oh_@dtk?+u+(uy|5AB0bCA->*vQJhtefuE4i1%Upp@iECkH0zlkGG7Us`c zwy8XuNxrqXS=i7h^>%dN!6(j`4qXeSiHNv)k>>&a1$lXe*#G((v1NbD;QD`reFsp} zU$-rYh=52Fks75cND-xXM7neZL5K*5l+b%gP^luli2^|ZL8bQ^lokO2rG*|L^pX%- z0wm=9{NMZT`|f@3o5##y7={6obAJ2mz1H4q!G-`SN$PUArrqA6!@_~QatV+ZyOsXy zS#WxJT>pxn9(4dyD)WB|uL8u&J119HM11#ZF=4SxQhdA*)jk9fM^2fe=PE$_NeCAY zf&6u>kke~ITvR+^5);F^P}+)&sUOCH)cDZ^R0;6e#elf`f;oD8I9R0&_WPTjm~K?W zN0L=|2O3FGJe;p~=t`iAGQoy|N0x14)z|`)_jc6YlO0Vr`M&90?(qH7g(t_xVz4~f z=Vx$>llB<<3zW6nvgFw>NYw>!V7ojoboK4uP8)BJv4b$(gY)W%$1r6C4u+*XnOsYI z;V=rja4~lN7VwI~D|hAu0gl6yhvTq4#ECdU%`D1Swax5uz=-U|&w$C6#Myaf?K4;O z9p0C#C*V+ivy2~BCpkN_vYCw`;KbwY0L;#vXL|$ZblaP0=Hx^wMv+0y@@!T5H>gt{}wr_mi=_&*z$Qd)<{isSeDu_wi*V(;(yK73-wxcI#d@rAYJs+mp zCXE}E-prKm%9a1J`SyQq|GAgP>3VIa-iPT6eK(|H1qC&27UFcfI<%i2G`F`z7vlJ` zf2;>uU8L_&t_2I213r#3t({VW^wYQ5>hc6NTd;jx3!I_^dUf^cAcfW6eG3DrZ|q0h z-I_K(yL4Vo<+UeHE_t7%JaVAujRm#`T5nKhM)^(1l5r50hH@zo8`7A8PFLV4N6$Xl z^*wAxJSIw3AcSn!<*XtkHW=?~h|n!JG^pagxKw&24N zGNheSq!y)53fK!CKK;cX-m4b1o$)>-IlQV=vd~V`2~zlJyS`8_=e>x=H!b-r^mu5s z6mBMzu$!;##uYa6Cuf0BqMm;qQ`}xsEIT8{HZjWo?g|PJ-XC~Bp_+7}%?rEV!Sw+- z$=PM>lL+NNtrAa=qVM0Xj?7zhfj=g7BxvWugW5u$PcDsUx>ls~zhw#44wFkDpQ@%! zk7IJnX6#YSjM?|vbKuo9pMDzS2q(AU=QnfF>ic;_bA=m2_%26&_i?_6|KBdZ)H5Zt zN$?jKV?hs<>S4q~A0Upk^D_dt zi#d5a2U}-{?|yTr8y=E-01oO<&prOrU1ckzO<{$3!gysnbb0r1VS$X|@L%F(VW*Ma z5kjrAT%>zKsV+fqUWD(ry9={=a)cIFr{_~k4GQS4g@xb4u{eI#)ycK2s=GoSEF(;k z+*gv~gm9R(mZR+jbwZf*V{ZD%WPxfG#k4ys6y6}q#^&2MIZk+4;xWk~-9dmWFfow1 zL{+7Fd_@AQSG3K%y3eStbX@IycWj&SL?vabWf#95uh-z=>rTY!oxK(VPH3^`2d_%5 z$qP8xQ(jUp41E}mT0Y{HOdj6N$5RAx{G5kzQEko`+b(G18>6!-SNemWb7#4ZwpW^i(H$NsnEJbC&8Ms z#xvnizIPm3%bzoLs)yqwL`ailDzs+%*{D}Vv|~6e?+X?0jc!2^=vOtv<1Q* zq1PRH3PZXZ9sWO?n}A6P!+d{=)YTgB#7EZZW<)H$xRy4SHOHSAn}=OMU)L(h+M2A*WN-a^(os$Z`iB3(R z+>N=2h_F=HX)s&AWslXt`jB^azNVkV)Cy=W<59N-zfT`-d{|ed1T>y>_M~2r46`O^ zUk%|6_^Nllv32+JK2hRq1~N2cOitA;TnpzfnlT(PW;5=IO7*#8r9+6YijDQXkJ>LM`Hg zlJt{rf_NdF*a@kW*HNhfvv{m`X9T88O>LcIj64SNv44IwsnZP_q*#IbNjM=RJV z`IkG1(P8~Ah~9A9->c~(ZodjWD9EmUpm7Fdt|0|^?m zNUdT@658z3{)uQpzgn+qUGz~MU6slvhY@z@_mlk~AbpQU*5Oac7tF1G{?-R|NLzYH zgJ>GiBzBglei(W+)r22U#we0IUjqkvqVYfygA7E7<{s`uRgq;=?;zDE5le*&AM?#n zM1;!AHtZ3(s{W6Dt`}XTi_CVkW z?C^Om^kpM!T2PW`Ua_|iI6T#$5l;ff` zUBr(YmB|SMC&K?08wl`e+wJY#sl9y;pj9vqWvRJXKH;>9^i~u1%}0M#$^KiSZw{?$^cza(Eu#R;nm`e?SF?|fo2lq*^6ux=j>x!LK(z-R8A9Ii|5=B*FpCdD1@aE;vk z2rZi-6hgn|;e$hSbEIBrp}cg{PRj4{(>Gpx$8|9=il~b`G!ivP3_!74(ca_met@{ph>^`=)PJg;s!+akP1M#!91TkA|cho%( zfgLYn$AVn3a-Km}L=u8Iro&$Pss~3ry3%BQCUjMX?JGL>FnIE?zoavi^Wu5%pNsBe zn}&2M8Hmhmul4(f&Sx$MoP58f+VwDXb~oe~M-uQ#F6qkzUB5QB&hyF<4bshftDNq^ zFRUXET{V15+$}o5go9Pr7J_DYV5iy7*}>X%D~jY19DHu|#TaL2i@{i?Zt)DVyIJk> z_8)S#+MDFSZWM+W=z?_I-a9V2<(_+_ZBtTtFG3#S{wPR@uuSPi z^F*U+nIJ-ycJSE}vyvi5TORf7757W?34~$C8p%gB^NCvMUV@E>Q7no(0J7D!c@z|N z>-^!;sh<5nuc950q{p8PAiUR!1_(e-_Zl+qw<&{W7G(b2#I2i)(CX4?YQwY=I8+IM z%sx*(6uopD&o26@OAF`@7ct4_efIOMna5Xl|2(Atx9W1^XM^uDJ(g1b`Z9Xt0&avY zPXQTu_TC$EGM~f&TITf0->&kiYA(CK>C`?W%<{R$-az{C1zOjO_o5Rk(TE`VlEs=XJ< zj-BFC9oD?r#au9>_j2XHf9v)a%9wE41+0D{mi~E)e$Q-Bz^_^2E&zH7fliB-8i23d zD9RxL-57T9^2I~WFlz$y1}|oe`&-*T4e!F0abBe7K>OO7n<`z~C3>Qti3ww?J=dnO z%lR(}2?>U`Yh>Z9pi9q;@>$$#B9fh?tlVV6F3Q#bl)SYCXT7QQW|a6_-sd5X|G<9i zRo7(M#>_j?q?z{|Qk;#C<@jd}A`Che9R`~sc!3Ol(r2DCpDpxq3+VKEXQxfG`DL~SJS1bVK zxtviY_&ZQs8t7*#{gPYFI*ZM0P7|r?OE>a43nae|$2tyn1PX6`>*oWTO zkoU8h9Ha-{Nkc0=9?d*8*YL8w;dgFA^@+6{XUA=9r~DMc`~x4)N-0s|q`baF#%Cb= zf`!%!PvfML*Ny}c&UY}(7b8Gfy5X5V1v$C~t;eij(qv{b;d3(aCC~92M)+)HX0Dbc zsx{mx*l{5(z^fOuA&7XL2x`y`9|vH(aBF`2gS}U8EkLjX-EaWtS6yr+1iZ>E_={9f zMwSE-JC_ew!2>yJSWaN3oXZ38({)a}I(5*>=gNQdew99!esbTMr`PsH{@@xwVEJ;` z;^{)g=v)ETv+2V>-1|SQ=a9`~nZJ#oDYU?p7&pkEdu2P?ft10u5L>d(EYYgMoi$zJ z(zFzx14#tB#w=miwbKL4JffZe1{MFwgcgQ6Wc)=Qow#`bI#d1spmulLpQQXBlD(V3 zO@>qcACg_{#JB_@)Yk*h4ecyIto^qffP;!&$MJ~YLP4u&_p7Ibs(qkNOC9!4Dg*Gj z|8{MC5GW0A9%=}xH^6WnGyxx$@&BG$c=c*uJhebg30v$>@ShvdiIKnTKP3M@bIj-G zHx7ehrLcr2#2)?jQTWRRlOCb8X@z{R=;awF< zgH+yGESF8O`}b(lz@MvR^PAJP&pKG4zQ+aL{e`15Hd%l9o&Q#4UOFqwmIwl&#Cd~f zO8)}+T^CUom`>&a=!2kl%D<{C6xH$SIKDxhd9OKw|2%xUeA^59%zTmvON(hB9k(7g zl4nmtGkT%hI1X4+$6liu%p0g3DBF}@%CKj`$-|DngHBpU(DruNI9*#9*kdRLU0XMp zYVWm$_VHLJ?E7VmP2dR^)km{t_9*&K!!Tj(UzuFpzw*o|1PSe;RfwrOnKU45)k8c* zdw1q|S&;|bYQ}uLin@ZN%*^qf4(HFMN%^X@*>*Ibc~<{WX0f}!+5Vq2QR0!GOKjtO z6>@fFZ#5eAOdMQQFWq)5Ll<OALOptb_zrIeql?@J+I~AY2vWMBGJ(SW1bd8w+E?k;*OwS&1IsWJOpf?xM2~qoK zLHu99E1E;lVQ%vi>q5uXS1E0J#&S);rq;`2hy}(IHI~EH04L&862+pmm+(U<}2K1 zC~Ff+t8?WPWQZU56o#5?kcEV!19`ZiUZOi@M8$S5-t770W(##FLbSeqhIiWoRe3)x zv9&JAq_V!T@sMK4`+njb-iJ?(m4YT8FF3qPI2V)b6=by;hD5>qJpk_~e0!S7Z%m#d zI-~M+NG>&50I8aN=_OH5(fU z*00eaCfUjPKnWNP(5Qc(V4y4*V;#%J7#4zUF7?*+O~$}esV!EczTaMnsg~+EIe18) z&^IZ^wY%^B0bMk;zG~i)l!iQ_$?@(m;CsOnqu#e zk^OtL=KOibXLbG7P-C{$IGHE=dk%lza*hl;`oSA0GsrtX-mX_7QTEJtMSor-#|*ns z__$Qb^%LmyCHT?buLC^Sl$~s@u)cEkAgK<#b!8gC6B;({RF8B{vs>66uxgl<#;1ET`-sYfqvNq_|m5Lr)`jUO9%w!1E?W!!aqkouDD8 z0BMOkO$K@v7odtnY}I!E*i{Zkesnb?%?fYXbFvFQ(gDN$#YBP0J*Epy!M%w`T( zU@aJ2#IgLA9S)K4fKH{1^`2C6Ay2Ol)dNIC?_K=PPCIe0(s=#-KIQaxa$2HtuyMzZzTShn%~oBt%YpGuo}1!u zgYA7vfY2hPnexhEj`5tf?KvUU##R8BT-?335R@tebASV4jy@2%W`A$uv$`DQM|p(* zlgZO}9~NTGO2EC%qitps_3malgwqq^6n(0+E*s%UA@DEiHLP7TMEQy&*it&FKda-q z-d6JM>usUM%XpDhax;$)EJM$}$Ezpf$lG^YW8v^I>0-5UGA zI823f0ANL(`4*iz*%ufFkO8w-kK+U8C|Ris#FO4=oVGgUTH29Bq3UEz^3~=|9o4ng zSu`jS`W>NJ4es#%!B^N-?K2x_mYlG7a(Xz1?Be#pg7e2jk3#ko2wsae7@FP!=D>1R z=fdYFFl0UW>CKjKg&v@^1Ul^hPR9dOQejeoy`q~LaV66$wzx7_{ASp)twS?$uZ9#J z@-_SftWMw;tm?s#)W{9Usf&NXYA~6 zZ0CRivg-?+K^+{3puv|4o(@E~^87`2fAA$JVdrDj1`T7E8#99AVc7Lk(w~nzGju79 zGpAlDlR76~s?l!D$U{2LUKF7Iz30Y!Z-F9I=R)sLud8L<9!63hYTOV^=oG8QdGTAb zfWen0*6>4{B(zxDgh+Bj{}=tm$ym-_gjei1X85b@d5HevNqN%#8*utA1_ZN=MVRmh)JBz}|F<-qr>Su+tf z*3Sri4pXY1v~#8pVHtBGy$$-+!%wOGY`-h*DYA^`nY(Xtqchz)Gw1jm$7Hq2~kjtV3fRs!hTr z`WqX=#BSD-e^nWgU`LSD4-UJ!vRcQyZX)a@J!ngkb^x+=p zJ=;U&LhvMEB^Ahx#wB(b@&-6RL?|t6Y~nYC{wB%RfBmB?Rw!2 z9mk({ngM=RR8{&~F8)Wi_bv@a@Wndk#TJM^@wb^OJH5>gQqSH5 z7Hs~`eX6S^Rvn2t>6n!yEZS_bq2dp5_u8#NP&Hu$+RTizmzSSH39H*i zrZ)M?r^$Yws2_5#U-(vvk`laScbo0IBaV;rApZ)2Q-AMM>KY_yImJmnYL8uco=@#E zx%sY8KMM*X;HtjVV5T1n?#7q>UI$t@(yfd$qQ>em9X}6x^%JYZx?U*&Wo!RmQ7T{2$?Un} z!S*lT5!-T#U`aRJ1bdwkv&qQ4G&n&qNr05}QdpttAy5(}@j9LYI9jDI4(l)CM0+VF ze<;M`_&OxoBuq7&^aj->I+PDm3m78pNOAsThBrGo5FZPbgWERBcfeL1e5ae!_ZAFM z?HmYSa_7!C4~8Nyc>%7lnfc3?G`rKR=hhLhIkVs{FL@r^{-K`iF28&7aT2#poVH!~ zit6A)_};yAx_Us|vswq7r>=X&R-#8lw$-H!c4dVQ76>ee7qi@*R$g|Ogb})1C-uZV zl&5=U5iBkYBR%^!0VD~x-E881a7UheUTD&55CO`n^*0xz^~eU+~S4J)6?U<*(hj9L<58b zdrv%>@cH@hx0UTZbq|h+s-CuAHIE(-4;Fe{Mu(+mYYp@c$7UtwGfMEN@xYR57Rs*Q zzB_R4w${Kg(8m*MQE23rPXA%K5->|p!czi7VzN5A;V8gqZ-S2p4B`XxjEe|5+N#_v zR~0x_zf)HxE7WfRQAbiJyf70s=26(|nrA9e6vh5`G@VG|Q8Kwuh0ErY#X0eM2ab~h z6F^*EW;UBxpc69Jy(Y?c!9a@nFSL1~uW-JzZvIR9G`sm&0f$<^-fl}q! zbbgHLR>iFa7bJlJj$VD?ue-B4%atIMj0~9pQ73Bed2uo`=<0mz68sjcv$(rV=D&cP zRhCl~XhTZ~vVT^RNXumhIHJ9>aQ+M*SYi}y=Mg;hSN`FzZf~~?8i8A{erZJp3lUP3 zd!q&cMz?P{PW#ivH%n{3N>Pm$p+c-(Jaj*eir8xy=^ZaeWmZ8X;QnQ_n9RRv8PGp3KPzlwAr?6hu%M zbPx4}@J%PZ_jXmp+6fM+{y5mokDWmpP}11|qe=M<#41x)*Q07spa%3>-K@hizM;5E zFWEbt|Y_o?Kp+gu_owRn3E7x8LWJV z?TEfSND-qD{@wk(y^=zGZQv^5ZSI82r~>+XYH;C+%HSL-x8{1gXiL zJzgklU80z_x zBBd*Eto8iJR;ZXqg}v|j`!a&RP;TnmQ(3mrfRCgA8*4XA&I0EBPXI@~!-h(9iAp9z zbgbQ8eO|z@j30=`CPVJX>JP+Nq=kEQ_2E?oL*^n6_3TlJO9Ab-798;|Mb375knr;D zgRB7E=;TVCzAdG$E>ToGrIM*Rkxd_qM7^fmeMVu6-$~J2s6TpN314tl0$qhP1j1M^O55)zi^5>JtE~TTD z*{+IHyPENGk(F8H+T0`D*dBI^HmvfFSxa1LTpYuh5so4P;Ktofu)p^@14r3A5=qaS z6KzddhMpe$+&Pv`ztLxuCfXO)VFC1}Ic@70=s6>leaiOG++rxI$oy>ut5e$ZVMT*R zwAN>?QXjZdnKMP+kodkeV)#VhDtRG2e%dbQ+w+#3npQDF5HrfU<&6Wi_;_`cH4dTRWw5@qmOs8Jv|;=>+qy}7T4$oK7NW54B@_{}|Ub1DyKe#9kbFeLWURB`?Y zQ^=MtJY}xS70Irxz*_&20llHVMAJ*1uR?(IR;Dsj#hkS}o&4rgQW=<2^5-Y^N7SP; z%ER9e0(5TtnZMw@6ta?herxe(#gGd^&H78-`|@Q4C}Cczq<^54y=$xGL}du(qoE+N ztRlZPO%{FZ7)UGm81j}sc6GsZtMT_YXE*(o2#thIkXrtqS;l81k5UR>bmT@8i|J@9 zi>bvw%RlnCC%2HzHB?&w&Z2g$(VjQ~pqF_{2uj_{BicFDYUxyO1uTM6-$eXkKD>N;kg*QVhkGa1GO%XbJM>E2` zopRfjeD=9&>9Qo2$bR@;dTd#GzxMI$(fR(IyAac5IqB$3}nmT*6S* zMThaH8omkrVEjwCeSz@e_=AT!Z|(54=D>c>X4i$}v{gq9r@5}Q!lB``&Gx%#nD(x; z2b*zA!GySOx0Ww2+#hYb^nHo(9xr4IqhmQ)(d-NLZ|=svzxIgoRx;#NR<|O=B|8I( zi_G}aY-KPpDIx5(mBuz6Xn_AR^8w=9HDg;uRJQ%&mBuqaeYFQ|BP#p{Oz0O=+?&6Z zhO79HM!-6x;jjy7AhDfcy!oHh<}@6lI*#W8Q)*iflMa8>I$BX*c2?8o8US5b9(i75s&{G|_G7)#0S((0J;HHC ztCXTZt%eA7^3@Q^`( z(Wd4!F8LRWsmYp_#(mrw8Zla8QGEtRIRV9oNenVN$6%b#?s%n2lkx_2PWcyY@Zyrf zkv&%_{$~mM_LXbuqb9mgT8^yP-L^ZXr&QLV45o&gqSxZtuP%?qhvvq|Z(+=5P3((C z7j+Yy?6(AQ12nvhe20BCKMMnpa-z@?{csk!liLAzP99!^wP8J!52Fvg!EYSj-S~>s zd}sV73edVq9<8WlI(IW&+%0izuMe{l>=2o>{WH1Bo-t#97VdqYMW|p;rB+pi(}-}m z%_nc~#jzPpx@qXX!&&&yV2ZidAY)+T3Hav#W?k_c!uR9Fl4ex2^I*4$k<`w{6PKr= zLFk{zmNg-R9|L|{xrVDYKIYdw{RE1M&5KYolcgKTie8Bj{;ZAQg~!`S%BjOD3i$rE}*BJRSX zdeOTnTyohns`>zI7iO^pYBEg^`Vyx>(4E zKSmuG>mJlhw?cKTE(D#43YzC9D0`(_b4Dd1bZ3KDNW2+5LmMr3Yg)E5c;|vN_k#>B zAG|8$Rb@e^YrWlw_Ld?7&-Rq?BTMvLn&Th-KGi3U-6`^~!&#T&uX>%Gu^c;iVC2Zp zaFTpDC-vJ{0i8*aQ1pXKq~^Nx-OIL<>gqL4w^QfKPE>}aaqu(@)YR+DIIT~Y?=<$0 z$l4YRp7%;!K3_T0qN{WN?X}{5w1Cy68kkzQ@*i@WD ze6oIYgJBB#(z77B28G1D_T@3qTWyFL=&x6>|LiNTKlK`xA!EA!x>5i0>&DKG2mO{U zgLqb5xa)r2e(>YZ3@{yjB^a|H8MKD-8avsLl%tmI?!h1orxf}sW42dDnERRQp1hwX#@^f06=3J3 zS{2j%G+dw_499{Td~oV;G;ILM^v9ASGC9o%8i!#X%OSDo28ls_p6xs`T1no>QLslE z%`4{ys7M!>M+s`(=&1tpYk{0Qf38AWm)B;F+G<4R=5*dx-5n5pvCUvZpW~U)#ynRk zu5989Won(l`uN)t7J9kRQSHIvAZOgbfMaoUOEo@t`{_WjRW8Z%-OBw7>}rbf>5|lU zzg{P}9`;nVLz0{qZ}@p+EF%;inZH0$e{1s$Y_XbWa1VVQ+@DcPz*r42+G^Pkv61vP zb9PHiL~eA464*uuZ)uUe`e?^gXBroCcykAz|LE(s?g=tZ@d^!J6BiE+O@v2v?3w2uYi{;$e%}Q?yMJ#vC*e{N3l3Gnhk8s_UE4YM)7}-j zo9{R&l?)HQFz@%NB=Vm>x%tDlY_BiNSs%NmfizXJCR%8+{%U+;>U#xDyVWRQp(PqeOM%GE%}Hkb>2H#TTMgp3u~w8{$2Sb zC?<2q4AJKnA0AaFLNzNAcM_bbO;y3F;d*I@o3=`a`ZMds?Wp%X$3zNzf33Sdma067 z1;q*#mG@{+_KNn#UZL>qt2T5LHYKWvRBXz{`@e#Ek4GpMux%tslk_UL*15vra7#65m3LcQ1nEZRB_n4=W9cfO*Pw)BO6JUEGDd~>@Y&!KpSY*=a z&9J})=zKNDY2Z{n&G2ZRtsRV!H26hTxv}p%{IGv3$D;Ug4x8@*N48$Idu7&UWwSv= z$Fcd1qsG{x@I0vbZUu7bSRi}gz-V;;Yigxl_{@XqO_m_O(K3j*>Z6}QT>UiOO zJo26wNJh_~6SC=qi`m_w^_V-~zI%21-qUlmdP-y6ajzO{a@S*^FV}D7#H%j*57Lj| zPOaf5QE%L_u*tQtM5_@|J)kmG9U?fd{vF=8bh-1{FPsy?kN8Gq3bT+Cs`8Y7>2r4; zo7=-m`*Md473iX23W#)5SC8I2E96lUa2YLIqXIT3XeD(`|J-`y0{nyw=0As#_i6C!t$07qN4~gR9uAy)eEME!7YFbi%{Bk~E_h_UqC)msN2F8|7oynmgc2l0~m zMlQ70?Bk9gm|c%LUn~Q{1Wz&OkXRU_w(NAhv{1@ey3t7YB=GE$7E|u+vju10>QI;e zz8HsFyv|^nDE79++_b*n0X0X#(W}DiRI(F(vEApts0J!j8R%`_2V&x-CkE8Uh2%i} z4E!vX4m9)Sv~><5Zj7mhXf#OOIUjkfIs}PU7A|2djh1Y&2841xMuzT4Q$3preAMBP z?lENm6STi*>r6gQY(mNpob#}FFX#1rFC^9|Pv(AqmV~&K9j$cxX=pQc+I_i2z)C;9 zLse{f9w#M?g|cZ_X;-vf#G~wjd>5f0IFa6n-RA{rKUE|!Tz(qDP zL*ERyB#u~YXwclspS^n!`+>=%@IIAABNOVeU*hA4gYl6HJLTxgM56KvV+L$^|Awe% z0%v2ufXMS&mB&F1bfua0`PaTqcw`*7ThWD{la@j!uJCcy-Guj*S*5IU4B+Y7jPm_F z)RWh<^9^nynYsU_GAi<#Ge6okQI)8`a}r1w88j$IEq!X@Dsr~fCD{XAXK(MO&Q-+{ zSbl*+Y>ZN!za}``0KdWW5TnSMGDs}L$cv+CHR0vqt2rS!ePMp_^suCWWsr#o>eazg^MRqE zsQq1g!;U)tr+h~a?E9h8>J+uKO1hz{$gfK^c-^HMP2Hv4Q>2hdIuk?b@99W`;ny4A zTram0*lec8Ia9blw_fmmy+fDuk!tMvlLuW?7POZ2`JG;G6t3%-lFy$AycH{Y%HzOs z?ZD#O_43jk$NP2~!Wmy^$5UUr`h8pGG-cE%6@K|;LtNvzVck92^F4B13}t946+69R zoV6MKmtT!k4}fa`x^JuXMcl@8Mj3jk3OL8CHmZzb4jE^nTE219J?J*Gqt0U}jr@tN zXo1j_o-w8_P36~n_4Momn!;Ygex)17jUMIKWj;o zgkm%Gg8if(Ydv2Y)v8@p*H|e$W-}uyj*a!^jU9E;3wTniMSE=gj-7MZC3|moRLa6Y zY<{oE^11Zm*E|{loBA5gVIAZ{+xihMmgNv1lJ=A0jsWqi9HCW1Ms%hh-h<)dGeO&< zw@MGun7$t*f%|A+lZh7!dWL{qo}`K0{=0Gf3Bz9taC$bJkFbrubkx$1y1>8W-USKG zYygMUKNdR6UY3CKs|(~x$Yvc)>l8`OOU7^pTqxvN?dO62fK*;+yc^AMpe`7QCwsow zn$~fD<}HV5lnm=378kSe!I7GXb-WRisJ={+ln8&is7Rb6Psn%TQ-+NT1?K|(cOHK= zX*Fs!X8D!U#Gd5__gHlW=`9dEuV^rB5DDMixyGuKZgK*r3if65H+0lT(dCEcjmb@y zye3_VQk+DpUfwcW2&kYRi>UY*K=rnQL$eMQ7=m z4YBPFo(GC{;q)cHldS}|w8T2AO<0*V0$Pqnz=Eut=7oc%!^5m7UWZPx0@>qe!N7wD zj2kE_6C308#xrlYsm&e5sKi_MM_wDaT7ipbj2ySAKWOPIQ8Axx( z)fxZL9r(PyVrVFK^+9n8gS0FVPj{drC`{!I)M`W@#QyM8xn46%RB<}Qbp-OfI( zrTid!LEtZFJhVf{*RsXXw<$7I-@(RIbTh(xZRgt5>kg3CdX|JOM++|%&GX-)-jH*_ z3y$Ha{5ctj&FsrBfAr#LQbcS_*{R1(`hIP=+>(`X?Rm|yM>YP!h^9y`I4h{@tO>iz z>a9+-szDM*vt3J3M#l;L4fNG|TG@-GN#kRRRw7&9)}Q5z6YKKD3MK-n4|-XZ&IN=i z=$jiLL8XJtKALl%>rxpuh(;m>=OBW6drHrC=jm1S)2J;OCE1;KkBam3CVXlju?!p= z@|E6~!N};yck{rS{=154#sYbg2aaATeBJVCu0!7HBd|tRtUN{eZrGS!J0sqxcrMcp zN?)3KOl5XPth|(oIuAsp=Bf#)GpM;_%u2boxGsOr1A3OKCs3PuoON*q!u<+9s`<%PH51X%5O5dY>a)5k7Tf8yeffxWC~aKK$|(U9(m`{6jlAxHu1_c zpE-^9ADp-H-@6SyGuDErF39qu9ypi5@{_ue9VrR%Twjqn1xzVY{nm+TSU6m9#C0QeGWW`Hn|Q#Tz>Kz5{L^x7KHjrl$u$&X*$2PgK`*ELjv&Q z(hC`O5%sM&k$AJ|WzK?W>NB~$&-IJz!lX1ZQrsSyB?>=47I7Pj{Q;7jxX5?XmpRtw zs4F5ztb?q0v!{8k8fX-oT&FGig41#fl$JG!v5>E1EL9ZiZ6(@=SIeF|NVy%tLp@Gq zC5Df_9kT0m15ik4kVN$0f-U>UKhYlC2)f`F`0Y+jEAbrd1LRAF(zE`dPuw&{&sja- z)w!SB4%u~|mk}-|sV2i&ObOVz!qv`Psbjn!r+RGEsKhVWe2@#i{La}(rQ2u6{`YPQ z4BsXTy9F)C{#x&Obi`D!ftYI>KJ;nK>6MvXQM-Z^eqzn(4*DFWq6qfQx`n?VTSL|7 z;;s0OlSTsv(`*KFzpWBV5S`!(_^kvt;u)o1_In%A>{C)$9%8Rw>(%?-&r8I$2GbTk zG@=nQSL`&IAGPnlca9*s zh*CC7eL3Nmt=>ELo1^6B7%(rl;>u0CwcaL@XH=PI^LbyJ$e>pAx z#01*0M1fUmQ$~V&~k^TbeHyR@ALb`MkxDZOS$U@>9i%6s1I7l;~h<1HS?4n;9lKr zY9tcUFPh$eM{POt(jeG^af2_3w!SGz^S-Kn+KbVvPu!NMztEO&yty~_(tLrxM94U;&Ux<>iz&@NNVZ1gv5|W7@!W#>de<%D z^WH;0qBravp7i5clf3pM@7a!Q?febwQW*aUlwl?+lJlG+5As@(8jX+YkeDhT{Py_6 z55p0@l!_);-qB^m(d3G*vRa@x?2aZsB`_;J);TBEcYs9!`&{k8P*~XYjc<;-lPOc6 zh_4a$ynAmW%tQd~t^2imZ)F}FuZ4akM9AKk{CsOR9up!P5Z0DG8>OT^aybB+w#wl8 zsccGWFLWkl>eIe8_K>}O`BsaD zyTbh!S)SXn(F<61HWy@|AC4EShS^2I@$w-CAo9f{zX4syP<$$(7c^`b;NA(%r zhuYnLR8BW=nEvvI-vmz+dKO~*%c5-l%28Ot=UrUZ?IMq^>d>1>5i2rkk1Ytrl6ys3 zg+6Q{btM(dCsw(f6^)y7%4JeXc+PIH1)x;&t&Va`2NZ798> z)xBS4E|>8ENO86Nn(wvgkITUoYZjrnx8W5=+#5aah3r->_?9Z+GvKw6yZ^NRT zA8{@%C$mR?Ve&)9P_i$b`GWZi9s_Ip?;4?Y3!~aNqIs^VDw2JuA`+r@reNHLo6eHa zJfNA2)0|Hs;1W%d4v$6!?Kn^JhK>2upgiLUgws^8LKcXqa}ne3+^&vS7b#t~{3a@D zbSC#1jU~-zIE|a)We(FXS(cm+3mHnOEHY`nR6mSEO-0autozt|?Ll_lwW5u*+gl@> zZxo&7=dYBPYz;BGa)O!7tGAQxJs5CJqaEjZ)h~(glm}CNu`#0tZc19qp~cM@SN+7p zA{OjDy+m7cRgGntJFexWEH5VFW?m_t3xIUqL@<CvKCv7uf)opZn z`01;5R_S8r))tjMpS|aa9&oAFJzU0Y z;MYbd4e7nvVT)3s@W#tN*T}52NO}HNs?MH`#4Pm)C4Gm;tlqC^9$LLzp@UJphlzX2rsQvW-_B^=l&lW;7V+BqJx=_7fUcQfcl_(bN@6GXJL4#vOEI`kSza4&`6NLdpVco=D*F9sOP zZ_2YFbLSxo;o=8;yIKOrRY8-(3CC=mlN`dcu}t@Y-CVn!L+K?xDXWF!iR}*UJ@}ws zw37Xcy%S(O{3yw9x!jX+NlHacBY%f*^y5M4u(qp`N3ziMmS@u!4OW5-fnKorTXr?__tS>m2>XSDc*8Cn6^C5!0KBC?S z#PTxaeh31nO~TT)9a@9u^SAHls@-chhA|bq>EP4CgfxMN!Xr{1$Lxhc^2|b|_F|dm zP1>^i3+AOF(|1M=N4T)Lub*h6>M@``ZHUkNbfC;U7s&Tf~BR5X4jd?nC zriKALUGzqkO(ethanFuKJ3aE-CqT3a#0eLO75VC*pGBE}b3Rj4L0i!Ba7>E&!)L0@ z+eCA)BkXd4`H%RwNSv*v@T$m#X7ksC>O6MYZu zc}&;c<-w7kjo(Ez<)1U9E>tR%3XeACG*AC9_E1iP{J+?G&!{H5Z{0fyy@^t#gEZ+1 zQl$it-XetFM0)Sl01*%$q=@tqASxvU=}kb2qS8SifOMn^p-As|Zl1mOIq&%I_XEQ* z9FC}W);-r;*Y%s%BI{ZcZfh(dgh#kc`#AOySK*M_6j(5h)*$84ZG~ItGq5`%g@>a< zH|04@33^B?f^i&+>eWiYI@F?bv{FtQcY?hVyuaj1`|5hTC{rz7zt>Tajje&=#m?Z2 zN9_3W1@rd#JFcMH&nh}81ty-V_Oq@29pGSuUBO2Z#151Id*ieahvvXzzUi#GkPsu3=(bP z=|MW+pn{X22Kiwxsi{`YD{|zMXY8&LM$_jS&{bz{lU}1OXS^?|bs}s>+V>Mldo~!F zS5k#HD?0CaILp}E>e6XyZ`v36L%$&#=_Kq}mw#*UD!S$nBsk`CWpf_U2JfmS6D5o| zb0!ENJtMq(1?p(HMQPr4Ss3UiHh8J(5-Ea9zjtLZ5xN&qp!QLTPp62wt4BjMqwGaW zRc|;@e62$J6>J?rho1Z&j4AGl1lG-5l~2;Odi`~kRK@>!lxrR~xAQlQdHeOL-^AKr zD3^~KJHCkXf^V_xed~w$S_}vN0J4y}Qb7n0mkG)K^lIP#{`Onvn?sk1M_a<7l;;uj zYb!$_b%@~Szq!8d0q09^g{s=s_Q-n`MkA8)*BWQ-(?|{+cXvQ*O?(ye?|&NLece~I zHd8w;171!xe_xyT9g@EN5nf3!^f&cmP)z@{uV-lZ+}FdkOQRcWCE&qB&jP)a#ltR5 zJ=V-X1k)39lH-+Hwzcju7w(-cG0=~ac5%&}&m=xcSA-oRasGc0nN4A>KP#MlF4lZd zjWFjcPamZVyXQ)XKPY(D<>kGN{%2P~Cbs`tKIOxM#DNYh&Zyh-SoTmyGklf^$%mW!<`zOR?-^XOgLjza9g1~VK-r<@t zJ1_z4y>l$Cgm;Z~1Sd4UNp+Rb7`|CGhslbLHJ~G2g#`Cx|KqMa@KoAX1y)vtnf)K_=_-ssn%k*{BmIb1CEc^O-0(a|0FzTx_Jnnr?75pvA>^x|b z?hO4)@_?b~iq%|9$O zIzm~_OTJ}QJ@UB>`R&(30;_=Bp&;|*eWtkahju}5!$Rbj{zC{*^qTll_w8jec)Yo_Lq>3 zhS`;B`Dz1lk8G3>7hgs_>aV5a6Am@=L`6qJy1l#=)!5a|^QZSfl_ifgAatLbrKU#c z4nxV3Pwuuz5opsd%oB7Fm{r6W++Lz)BUEW3vS!az+bN!y}1*Q7g&&m(=N*4HLsVS zg`)F2b+AKI0@^8(v}9}Qz&k{=njxT{Q*E$ejd4@$gE8ebFBs7w)ZPXK6Q2q;@TXee>y= z87wf0XW})1;DW^GSLD7ag)wm{i|F3n5_8u0-fEx?K)PlCC8yiL)OPe+BgL6XJP7pn zKR2=5kH5|1Ou=`D;-dULnESdLjXGM-_e2`5lW5GqeKyaMoBvHu6S*Bgqv&WAd z$vvqmCwWpv^h1Uu*`#C$(lNu@^LLRmv}GDdNF3Gea{K0sH8{+8#gUNiWi+8(eZ~!H zd0*&M@WQb59D$HGcr&e3AV@_5N&=DAZ7Yn~H2|l4HkWUU8j?${zutcPeIKf!=RvFK z`nHvpbD+kw^`T06%ms%3_wa`1U0%-NGtI0OjmR5yc~3rX=WRm59)gezg%oql?@U_A zIquBcw+2u;C~P*KcBk(_&}%C@tU|w+WEA^GRn&#tmOl3_8zL#}Huyk>{D?oaE~IkQ zAW#ARfx$Es&sc7JY~SwDwf~c(+!28H-gfb#0&?4wfzvj{w9HGHRZmc0QVVb4=!O~n zmX!5_`AsR?Z35UWEAmzeUGP7i?L@$Blh5~qhZv0t@pV+>_v;d9;G!Y^RSkGgT;41+ zI}>>+wedB4M%b@11nLO6Do~#pxNE=7AGK`n z!rh`XA9Xe#clqP2m*ZAQg)7nOrK--uu7CX6<@qnRsFRbdm)<@_$6Z~P{y<6jn6sZj9}mVtCQVF^_sS?{J(IJ z0il{A<=_2gNge09u9~PV)I&M;Y~1cW$iePjlEIzj=ZieoI$cwI{msY%|2&R} z{Pi-<-gXL`&Pq`4W=enf-c&3DjtH0A?Cpow z;6l)2?YDIT&*=;`i+;{BP9sM@43QP96B?7~+govr2}|s!KZis4)Z($^b}D6L1U8a+ zPblsV{M}M-s_SDA81v7ak#)$OnTd>FUI&HnqMG~qe_LRjSh42R^ot&CHm0^O;82XG znq=|@SkPf1%^K0#lfo)9=G8`sQ)~f_D;u}rg+(kcb0{$=p3-ymp5}E$YS@tM8Y|O% zzrr~ZKp_B+5evUUx~U5O9bE0t=1vzf%>ZuC{z9N>!Q%b#5G-&Up(NltAMZCS3BvKn z9M)#>bxpcP?507mjv|M`7)t(Abt|XuI{UR~zlQl5Uy6-5(AdrlPnRb#D%KvR3e^kh zAHttR-oR)oU8X-bd?(s9l$a8arAm&UXBJrb!xcVh89QA0&pm2lB>o+ulrbzXM*TzXaUG#VVxTPJ`7e?yHRG3B z0=W2DZGS%+G=G@TlLt)AR!at55i;8uTfc6bG(5L{KJ=x{tY8{Up%+^L<6O-ee3+|e z;x5AVd@X-gWinshOQE7H(SJzGdj{X>|LuMy>QT3A=S`~G{IKn0ex)OSGCPuK)>_Tq z%aTuRlC%ob(>z!1e^gq#pdP2Nj1ZxTB&J(bF9ScLT z58uh+iCt$udN({@Vm0?(72BKBoMpuOu&1${D^Y}oQkln&e|@);Xozp}XOo$v-l^pB z`|cincy>=Ll5Rn=|L+thTYDH4XRf_gXn~I~Z>98c7yjG+laBnuUroz_ORfIIQ~rua z1NK(2&t4oS2BoXpjAy4peRG#gU5!^{pXP-mdVLAk`%xC-Z@ys6O5oFVG`!LGiO9yE zUl4dIk;S_a%O6dXXjg6vt`fTk zzwIc*%?$0yWF^6=gIbv5m&T1O0I7@!IUYz?8hs)MG9Lm+FSeJj#K}v$ zRo$`cBh#eoRvds39n9*cTVC>yM6x!N2;=8u3!LgvBVpQQz(GLny?1SWN;H!E8wgV^ zmORcn;)!EJGrNKpE+8FbS&5uBL_b#?v}N0E#GDbe%H$1`chw$xXDA&{@);z|@JjOU zyb)X7N@o{}OcBVv(KE&Iy8Ah|M$yBDAugW?pu%i!Q=qp%3jvwg!@H$yoKb?|_R4|f zrGU@!B*#-83kF0*a?H(%M@1`iyUhm)7LU1tc7O)`^0s;eLFwgNII`E12&b14xPQrx z&JP?n7Z3OiYo+ez(TeDBMEAv<21^BRTQvb!NYQ}O`}$}8tew-tbmsnwgX(|(B}0qn zFWD|VA)9|;OnU^v9SVtW3WBZPWV+f!6gWD$fLHHtiMCx#Hx9iPIk(~kx$z%4Hvw`FB?$LM{5VpPjd8WMGtUc8tIfM()Ai`i)@0i|osoOg&Lk`St)vB~y_}(+ z280EspCkmG;x2zgPUQ_Bn-6;QdKUZICR;0c`(t%4i|41 z*nw0Bd-$^&jTdHDP|DGHpr??SH5eXx=(~S!Zmyu!;9;QGadDU@W$j)sqx$y6g=OTXP)(G1-_|8`e9ku(k--PFx zznu-|+v)T0=a}JN`Yn-f*J7RUzJGV?z{nU7q?S~3Ikd9dvLdvgEB}q>su0_LQJxi} z!gz33a^qQXyE6`ZdyWbQMHSgH5Vvbo>}1k|NR z)N*+{;^9j6t(N7>o|dAOi*Rw50dRKxVbzD9m$e?}>;GIJaMUNENw0P0$4Hi0qkwB` zuqqp?9}nq90%7zpHcjJOhE%BL+3-BkcI0CMj8q}8k99?D3@p17LM5%k6`)&*pJL!D zuC|5e=7wa&F;j$4y*hM$_|c>|;>5>u%WlTf^3SFu1AK|)XU*sIAr}^yLh`b3TjW)V zy)qHnW(TmJ?itV>rD~PfPC?+KY7@~$v^y##Ui{{|Tc2zqCZaZUQyhdblU-ALr4sd z;@{t0qF-QIIiiT>1o3tX#%5=7G;O~W&3qdQ?piR@Lfmy$4mFGA>~(bcy|0>eelV`K zq8M?$DEqE{SZsiH@Ro>E-L{(bKU#A~B8(fR{Gxq+U+|anG~0<;wilJg3~2U;45$H8 zO!nT?`X&yY=*su=_bBnQQJX8(dpLq?@#0NqqwVWs{r^S$@}JMbyjtjIcm zHhtjkBWh*u-w9UuQ$T>ZyaBAQAkd*I3Cz9@O#>6KFeJkye<^j;3Ty_BN&;Wj#e41) zT4caS$1;&Q-zr*BtUV`n?*t1gV45pAm^XYNJpvRZfeSas@S2$kNbEUXvc*DQpr2M* zpy8(_zNVrshESJ3CZ$q#FA)mPl?T>swtSxQoI*itDGD!7%WT~+O61Vl8!+nze3kAb zLX()_$;4)0gurI~D+V~!l?B5lQj8o3iZL`5O~W4IpjZlwn_7`RAts-m{s);F7^^RB z+m+M1-I|nK;X}^Jn+7p73feye<20F}^(`mN3*yOY^GR#1Uq#y@7=YDZhX(j6p~9ZE zmE$-G?M!t6G~^zY2Xptq{?V63DQmRFuY7(wSUg_1Er}?-t4;)SF)h8uohRkR zgRaQ@`^mZaJ5u5Whr0Ws84IzqjBeS0VN&3Ye7~9N< z9`_*e$i{YtCSwGO<%c9tHt#1%zS+h?$=#= z${X6%R(zfg*^Ye~r^O{B0QT~<$+*mfs6uGE8vvcV>>Vv8UQjR+x3L#jWCI{{C9pof z`TGSs$P^ zUi_U4sANS4WT;JuM>B-mwvg+B*z2OJjF+18@WaqVPrB!LpXY32?`UVRHc+z)4==(; zBF7@Kn-0+)XS%;&z)G_9ic>ze6hF{@kLx>QUv3~28Up)v-k@5A13)U-#R;fX2b?9m)Gr8Qqp1& zwh`^iAbzGHUKy%E98L^F5dR5hT+X5^=<3T9qqZ^yNX0eQ`M=rnYZ%?B?oZhbZ-yM& zlrBa_dw|8$7A&>r?K9>V`gSWOl>pu`!c<9}`m8-iG*~+KZj&u5j~YG!M;87H$GU=a zNw@L4eAXEtHS3N~82(66_By$1N;ebl_8JZwd+~Q{QTv{njPi%*TMgGZT>E?ev))wC z;@)1~kil}Q?@n~>sS=@l`=R~L%RL#L5{Dr%Jcv8Py`7njKpET3G%$%};A;n_fyJ+Y!@#0@z10|w ziZ@nzCVi(OK5ub+~XRGOUX64#;x&`fVH@9j~563f)Oni$+M%0#+w$0#p*%F-V48^0x z54R8to$^TW5<+C0m-kvua}EKTCw;`XRMYv`hMS;N6vLOGdW~b1 z0^9P`7~`ERh_?M~@3nuQT z9uKzVO)sb4FfzCSD_Ac{EuNY6sKNcdZ_DoeP_3d&5}xlWZJk4D&Nnf^d}pm)5vnbH zoBMTL4&OkmNN1~(#oSJ-S>{7msi)bfR}`dQH_*$^(3CAznNCX_Epj4UXUY=hJe@tY)Y^Qb#h7uMy~ zE$_sa#3+;+hc**Um8#J#_Uu29+naF^Z;L&=D8lzr?_aM-trLp>%X4O@z1Im;kn^Nz zLRuqQt|&F@!Sp^BeX($4F~H~&U}B6JVPo%lcQJ%;;8;WJEnY!P;&u^ zIOax6^-4ufiAL76!1JW;&)lp_$=HY6zOsmej~)+w;2B^uegc(q;lGa+3z{r#NPf&s zc;~`5n$;?ZZ|6@tMK7Pwc>Y?}6m<4*D{LZq?-Y(R`610R_8NLR?UlCOm)Bl9x4EeE zdwJx6r|b>-C)maQHW1uh9xGku4MFGJ>%C2ZB`SRkgb>oetSJPcIrx0REQpz_-k2|@ znNJW32h-cB077VQRTPE-+q3BRfHiu`^Sy)dl?DWTvFs!>i8UvMM1+u3tE6Ow9hIb!7$o62+gTDgd5 z41^7jNC=78^l$VfXgRg8M$F#Fv>aXVv;;d!y#yEdA4JP35}dSAY>>VJYT(cC^fdv@ zQZix2dC_!MkBlXN`yMC9Ed};3xB4%4y#5R{M4}v90=xn&EsL?X{Z>OKwI zC(TSC-pP~QTiL8kXL+4|*1FagU0$MHt{8HpG_K=zWX2hJ;t};If0Or(^EtG&+Te@Z zp06r}8wU0_HSAO4rpy|8c=iDgFh{`jZm1se`psIg2F__E#cEOFWLI|jVNBJuwH z^?+{*QO#b{k#LdXm~my$*YW)$t=68Fm6bOSSDv>`FRxbQ7HPI5`VCItd3PA`JnEoJ zI&phbCcb1p6Wcn_9ml!mhaT=1)y~|t}mWb?cIX8 z%JQPaOyC{P;)PR4H%_2*VR}s9-NZnB@}SjKzzcxV8Q_4EIYxxjoSy}XvI2S=gjR_@ zhQKDYD)t(62H^~F3K*5gWZSL3gBRdKH-YWJ#ayox9?J-j+oSlRJg+a4Aj!#KWn4xc zzhy+9m@NY`%-~Eb#iG%xJn|)Al&QL2d}>0HU$%_n0A4gTV6|)BwmA_F14a)b7bvIH zSJ$pr1FcI+p>v+26BhB%7#Kp=84UCMM>Kcun89dei+w-vXk-R7Bw@qB8F}h~!kyVA z$xqld;5KV1Vbj)gr*_pdBLVLuVvYF?#5r>iR_!0J%gic000#ZXRQ8l_va09l9?zA3o0Qms>?F8y`vjW^b-yXB)SI(h9c5fqWWBCWk*I^G6zQi1P|MQSVL{qjXxp6P_L z9z>T~JazHGoS9a*!&)$(R+yEb8DL@%xRsfdAM7NrMMDjgPCwnxzk{lNA%@f|GeSX>^57ppL*uf+BCpZJeKvH1z#M_h$E%&dK z@?UB+PE-W#6#zP1^wL;P*#ToXKnHF)qHW*90G3+>YAmA%f~%Br*Q1-49@86wG5590 zOK$ROsGO;ZjQ4g2CKc6mUWBLYb6c2L>j;&9Abh;ao6uZ)rmjR31JQm@Xr!H)?dyn4 zU-Xj@MPqr>rw^zKnW4NPZh&_!2o8*1{+q!7FVT5Vf+74VwYi9gx<#dkV5HC%$s5A5 z_F!z8%fuG;k&xiBehMA_Gg<14SDOMDgSr>z1Hf?rW5N{Pbf7B^_}!I|jn_0f5P;VN zFt&?_oGwfs#cPxk6qUL!op+0fB-{G?djfV9n0Qq^s-J!<6b7fy`loV@Zq>LiddwTx z$ktLpMKY`U`;BFsSZgM~Wdg5n8r3_>^SqWrylioB-bJo8!WA%@4rBgXhEg0g5G_?y z5sZAG)ho#=HZj4(J2AmdbvKXG6nC5JMcIuM@xa(_s(Ot(UZ3bnAKJVdx{-VbG&!xv zCibF?DnqA?DxJlRD*f(+>S4zFw<*642m{HkzaE4C_Z*K|g4 z@J^I~43jL!4qvnn(Lu_n1OoBstM?EHq!I?GsQ$>5IFq^_+9gIf;l&U_P$j|cZnE(4ag|OkAIYqgRiWtBA zNtDS?bFEA8ThDg>*iZS@(J){Af>r?*>l*#Qc0B%{J}KoCsuKRknb*ax;eQdFkPYHD z`(&7Tj$zTZCKg#F*7{j}yjTbBgb*nH9mUzhnRXNau{@UZ>LLct0vn)gLk%{1FmnG4MJA`56Jk z4hhkLU`b~`#(5s-N)2NVTFpgrQEGo6N3su4s`?jm!+>^%Q}T~%*W^e5NTAcyHZ+}1 z)J${m;gUzwAJqQJ2!&XNd!?vgkxqKXD+UaorHRq^>}sru#S4$V{;wjKAjWwIsN@sx z054QM#T}dRf#s7;}_=a$zEPX8XG3H}&>9tV>S%*4jGgYGM=RMA=Mpc00Sgz@R zAapt;7`E{idF-K=Q z*et+<8{Ue1><I$`a_9>nlJP@ffi>=+27I-iliwzYaOs3_sFM&%2G(6!VbUCNxhPOPY!Noeo7p=VN}-vL zYU1f?D$zP<-sdrFNPa|7z$LrCmOi=Q@Bz+6fM*YY$#4I4(kU_QW@pMgqbVKf$c+{MaYevmhhyeTRiJ@Z zq?mPUQcUUf&ny|Zp1KRop5E6Cg0VngWg;oRTXa~31UumTI#Ew6=z;G581|MEGA_>b zF1)b^fz?{U5^-u*#NAz9Eomx(9kh#PMvx8CiR-!@>cZui=g51s&geUsZaZ)D1itl zN9}&#^d*?JrX&Mydt45)_Tx^kXb0+BrjNF5rzjc%A4?&ZDY~=urVAuU7x+1?O;ozG zs&zSmqI51rg1j`wi2PSRYjkhmV=&4q*tRlPtObPklOS#J0f>VaAdD5o7y-_U5ZBI= zqztIqD4rf-IE%h3SzTlH5HXxud_Y{nwfV$w9gXW=76{o6O_4Crk4tNU-4RPmH!Evj zLdk<*k&EXIBMJTtPS=KXGg>iKJ^15VcnZApeIjK~*_9?k z|Nmbb3Jh>2f^LyRwPqB6zy zr%0q(z}hu87W;fl6p_6ZZ7AXOGjHkM&2oJfQgl84c7{&-BhcC{er4b^{GU+=w+euAnk-0SAci0DXdd^)W`YO^CYNye_S|_JkQ~j28%}vM)%p zczkOI@CuN)Hw2}m{FbnAFugb}Uz2sj0HK!o_D6W$z{J*S8M4zBykP;w{+(=hbq?NjAa?TfdJbw6wg-2>n zD^Bm3&AZWpRR5AsylTa`40+o8^bcglJnp~kQ;h$b#91Mlmxt0#wbOh!ja&XO3zbr! z*^@^MYS1Q_1v6ORa8!;{HWNf}-bkK*b>^qyP%2rabqjNHvz(O^AM*M=>Z61W1Tp`3 zaQeVo991lk$@$O#1A7~>|GzjOBFsDi?BOj~ZSZbjMlRR`qFqa8D01&b041=m23`+S zSv$qno{Dd(VD*s)p9L8KCV&fstwsx?BWOtAFL19XWKwy-`ebE##j+g9BuT8P%u7L9 z8Sci3K5TH)%*NTf(&6oD+5s~>-iedE4{z+5FM>A60j37%b#M%I@0w>3*7#CS<;&03 zPU<3Ezzz*=jT*82*h#ox6t=wU*v*DMZuEgkv-9$>P9|>?Led zx?}ix#W!sCc0z5n8}&w)KRhlD1Z@~oG5czItflJ_F8yEbUREp%a4;0D@+^nYx|_xCaR7tql; zDPV4_1w~cZQ*(Sv5U78j{-gd`%RxPdMB7@yn0a%gMR@gBP*EB|DKJJ+4{SYv+|e;g z1h@A3o?@>C%q8k`o!vmmE#{QI`1#E=Gg~&F4JHEgEr%N>c*k}9pfUROhGh-eCI2t$ z%+^8bnJ6wa#6@;4VB+oj8ppqnCl8ix$&zNJFUi}Q0C+eI7_xLPWEKK2>`ED8;JE3W zot+Q(y|uue9z6wI6=(?(`~@#BMH&RN3SQoBIlbeZmW)MfbKO8P+c(bfK*v^`fKm*B z0q?n++7|K80}#F6gnAKux(~MY6qw1b#>n}+LLA&G!M_Ji!TJLFDF?t7a^Tqp%-j+I zi4JM>LM9;#js#g$Py3xMVN_;Q_As59zciqFO(|%7c}avXC8LNTT)!_{<7uM}SM~0Y zjE~%|fNbzcncrm^^WH^Dkhn*eyukhH96F}sVh5^7tEb%TB!!AEpKTk^4CLxmeA*;0 z4X`i5ak>F_AplU?HNV~r;N%~)6g5`mCw<+=Kcv*Vo60iaUZHqgHD$C$$gcOM*;24u zjktg}fosjh-oF#9W&aaOq{}KqcR+wj5_=GFLJ}zN`|N1bw^4sCJJSV_y@Y8=otpr4 zSv2gr#Gj^|w~Z?BN`)VFpj;+VNnG={k!-Z1zZMml&+?dYfA`iX$yN;1rN zjMnC&CHj!~)UJsLvjr-NnUJbOd!^ido`&r8u|x_i>t@Bs5W$fcPc6x7?)Q*0eR{hY zLynmm2yXcbDj8mud_4B*l{{;t+qgy%y|EqrZun$*rr+nfMwab%OD;)u=vK47U&by+ zbQs|=F+d{1s9cyPrzyRERw;{M2yp=nI5=>a^`7>v%eS$rN_NQ0uzXrDFHkKjrsJSO z-=nndxZdCyTQ~dQalYl0O|y5lVCA42cWQ&ko4@_%hIcyI(?3)jXx->=E8KkHXEFzw zDxWZWJdn^z$=~7nt#C5D&nKmjzb?MAwVx8NDOBmHEV&jv`)=U0x>MIu2l@gR6~+ys zZ(cc^tnojNm~0g~*?;wtkZa(mUK-b`&fl9 z>0bqQNNMX_4D43ylWjGaVS9Dm=sN)!BTaaf$=YzC{2oBuibY*V2tDNQmTrXz+VSU6 zqWpTpV=wm#X>4x_ciDvep4$8F_Gv-2CJM#O(ZQ zJTWy4iz%e*vV!I%x;MGYB;M1)EBo|ch4HvrDl)FGJcx*#0$&f9l%)>?s7H&fYA(xy=0yQ5?n;ehDdydoDnxSg-qdbqOdwSlo1XRMhyjmw zh)2N}rL@E`5GPOQibvZVq1GQ`%G!9bmg8n^5Uv8GC-K;D#0*}KuF0(=!Th1uUVs0g zrQ98mCYYH{xQ|-Z{W97_>?k)l2{0N-AxJkgj`-fgq+>KwbdF5?&X}B*VJINS1pqB$ z^&|XxJ+foee=W7UQ(DvGI|WU)nVM+MS%dIoi_wPYhR~b0$9+aR7JXTH@yiFd40;{y zvAuQWWh*_hB5#h+4tgOL?+&l-nm74(*Q-_f^6A`3%OOkM>`Ae@ml$0JNXi%U1t2t^ zs6^-4lr`cs*t>xCy$ou^wsgq=XdhZmOjs$Qd3^2@-ft3F#)%_{Z*%r8v-KR4M1G(& zOcGaOCRSj7{mmZumTCI3IankvZ;%4guOmw-dIfOt&pUyjkbVi--_KrhJZ)+4O374( zQUM~97#9)FyvB9bZ8G(Jv=NB?Uu?MQ z7G7HhWj4KWc_&zx)E*H^>)7=FCHP5fxuwUM7hGGHPKzhi*{;D3S6o0E+xbF0<;HbF zQkX)P(%9h-N2f5hwD`8a=A!EeLL~V=qoQrd(HtG)7{gj(K%JE{H)QK5rYLTp0h<0L z7&uezedXYyyD$cXi!n#s8e)o+6`=W?W?~2xEH8QiO5&Za$iz>3!QD5gJf$(VHJ9p5 z&4eu+ zXTYEALf;V?4|@;6esQtvz*y)5z}pyED(gG}pz46`Dg${I^l7!-McL@UE~8XemLtD9Uf7P#IX0`1*M7FFaZe zMD!fL0ZaQB)MsWy`?e1ZWF+VT=hExhb4SK`Q+;xnC(M{s*aEIU1nfu+AHJ@(zoX@z z6|b!JIQM;h5$@z4mk`NHZ5cR)eyur-X$|5*l*bcSdji-}UjYVi5s*vzGDHru?FOkFJLZz!yC_>z z!NM12dw^m05m?h{y*X3xuH;gW1RHVZu{ErVItJKQH{EnV6dOOc(pMtZr3{tX3VJR+ z->2=uXZ1Yee=pkBfBZqnTYY~1&!DGsa#GOwBF82&Yqo=g9~RTdp__YVrl74tKy$uBXS zKm*Z5Vv_&Wn!RSe3U}E1^&QAD`StxeD^i0RMlFP1tp*=jYb34UQYKoZTM%GlF8YN@ zpY)3O92!{e4;6A5A~Y~+S&z6Q2KOHEnylLSM?c_epq{C!`!NI?A%92Jgd;f~lvS5S zV@OtXAL2F|=tqpK?OWt<+`oFiclasXPpZ5SSO8q~BfBM{g(~D2PbuxjWk)9qh`uG) zECKu<>u_U+!YK$^4*#|}+07DWTycoIp4pz}85d!KaRIZ|MTExIUa@x8e&1ghBT>fW~Z`zGw5SPr1(qaG2>419grD zCi`sX17o0HVVM&y+4wxDmu0^N0^^8c&;0qPi%0xm-f#D}w8KpCx4kb>K|dojGxOpk zn~k3~`D+iCRU}!$MD7}w2_SK`s40`N8el1#JMl5WQbjNkYkW+GfWEn$s9b)}%qvV1 z^-Vf&skPhh7mwDJ=pP;}WV-OlTAQrdV3>WCk@|}|hku4;f(wGo8fV3a4iX7WRhr96 z$^*paMBKe|58#W6A;Ph#eVmA+T-D_-*iKZ4-cUaOZdS#o0HMuq=8m6a`V0g)q9Y&I z+oh~I9$REBJ##$kY4WBTlecM3&!|!|8k~Dc_H4RzF>h;so}HZPjgA{-=8V`|eJM;1 z!iht^@hC#&#h#H&eC2=6-2U~I!-8z8rszQLPN z7S4nd2k5{w;l18~vfN6D+k4{?LAyQfs{y7s;h(-{qTKQjn5-SmFL=wjlsUKb-zv3+ z%VosxhOAlxzeeb}2heGcy^+>Rp}@3)FwXunf+J7M!A0{v!h(d*!>?MY=%0;9{h;G| z@K`h)Bs>=PrQtbz^xFghPNq=K1Wuw$uTS;Cj}<8UG_YGqKBY_q?+D@gsF*Dm4k#8P z1P;7bd{B-wEhk~fSI*n9i7d3jmnt;0DPmh)Az^}VE*Q`|Ib5%9*f$k;r9O9IP&P_VpFH?BkOZup7+;( z&+3otw~A}Bdnp)gpZn!pl&u6b74ZG5SsUoepO;8D^fKZ*pvcIX>r!){6jEtPliS;yL(8 z%gQF!`k8g;GzhRu{c;ugb@!T2zJnzV=01%y+A4Xj-J0Ph!~wvaKteGsIB=@YRS}s3 zD9hPeDR)^61F3NP9Sjb zTjkp^d4MvYGNC%a491irs!`ee?P)@mqKfgA&tbF;<;7_a*?~4OW7N?p*4fhOJ25=T zR98`qSbOW^SQ#dL51OboD2IW4?AHzZZ(kMc7kQ4T`7|EbhDzGf!BS^7MwoF*M?A1$ zhxDgiK4C?YL1Qkzg0vz@zFw{6G8x`Jz528JsA;Fn74+e;VcT#>Q_Cq`6WNL)OSR$i z3qV`6-(E`m1w213_E|QEj#A0l^u2kZ<#cFr-)=iXYSB{eXnnTc&O8MyIy-} zI5DxSN9l11OZEJ9gvH)l4_;hc;9Zm81Ue0c5U)uS75pq_em+N!Sa?wm!c4I+b8*>M zN| zGxDulXTUsleLh#P-T8NFe$65CTpzs|4k6N-o@0Fs4F130B5NzC2=4SBx^0(nWow?{ z93A+Z;9o)*xhFZCUj)A1Fa4h4M&S17(vfC(yA5fiA~*)>*f59Xz1G@V>~nNVR;O^I z^wC~lR{wbf8mmVQ&hOUB|BTFCUM$p1OxEDndz$&=%zYUPh}w-mOHTJMJdSL72=0yX zI>|gvaaMaVR1GjpNWrd>k*FyJCKy>|dGZ>|i5$aNIz_3zsqGi6#ABM43%O+SyITt? zfC+U%2&5l6TVd_Bi2gAohLIJMmul87q~YI&^$pxb-I?nsrNV>l;0ua=Lhxw^I>$h<@z&E)%bGHQ&9KeC}2T(l_uoD3XFkrmuI=yBG z0v3es0Du{N%^m7P*u7_O`{YX}-QRqgaIUscA=5}0Iy8)Qm9Q&UVfLy>u0{BA2dg@@8PlBL(5i@uRgHX%F=YwEMA3wZ2^+v3nehZx0r$#J?x~c>{@j6t z5}mgmj>Z|jUsDNf==4C%H|_Nv?-xF59o`FgDLca88ToNb7gdn%$AWGqOS%+Z%zbSo zFtOJKvMRX=Q!V<>*XQ9aw9SvDWV%g+ndo{5d~ZA$Bx&e>pAc#c3*^_SS$F_>qG#jB zSBxa@D0GoD)>Kmr+TsO_GRY6th)kWgL#BQI1Zp9te9|3&d0^_io)iGnIFD2mBsuJ) z=LjK5((IExU$zZz)H)r^Eet5p^V2vMF|?l%&2HeG8&@uiOevex%Um)dD+a`u+)8P4 znsPt`tsp>q9e|8mP9Q;(ho+f1uIsO6!(FwEp+o@nu`PbpvWhK!_>1nI_Tk(LRPY;F z%GsSnfJ}UM$@_O1>{embBoAFt_)=XI!GLopL(hJb_GPebjIY#BS)Tuv`G5F&>#!)h zzWaNIlvWTBDMdmW>1I$tnxR8NMQRj~4v7(oOG)WwB!`g@DFF#VT0nuJLxd3-x}@RV zb6xlS#Ql4Y_YV&_@IYYZJkP!NcdhkVAKs3L>YTUjh{QXsv(cAWT09!Ii61XbYy1v9`)Sx>8g;yjd-2_JS)&1wXGKYXiYFb&tDmr_%HQ6Z zX9?1YoK?J#6q;{3+i)0j5WtV4A*i{ z&7+fwc<}?i9h-3^`(x>qPZjrI)M+8yq`1*_J(UcSHj3E)#y2&XGI*~vp@rya{i!2T zw|_Qju_9MjePV+0Qy8l5eZ}CtazmV@@p$%C}IDq`10hz9ym82a?kR;`g^gXi4o77eTxPGEOoP|Bn>S8vil z-&fPBb1Yxq50=v{Dw{2X?=z2VBt8^eTgYJ6nI(PRY{cF8?Z4jiI>$kOp2tcvEy`L}@3Um3 zMz*A1ug_h7mttt?8AX)FN?e;6W6pmLtv+kS>iE+you}|J6vz+Is2<&_u8?fqR~nhO zuRg?yARmPamebYUCmNclorHMjyo@7zEAr7*G4>RPyJwUZ;Q5=i7O1E<;|0H}H&MpG!%}y?WGDY{2s3l= zp0v7i#(lXyu;sE#izZjD$2K?8Ng8b7im&p9J<6;);5CO+WZ5$4ROXtNH@jmqo;8p@ zqwIc4wOR1he8dL{zd6J~l!cFOrYwQzVG?nIC?d&aK@=A?47V-urW~T9m74vc0sso& zj5-u05K|NV))H`A0pSsV5WP0z#v_Rds4r-Ze(p!oWMqTavf*F=;sG{HSFt!a7j()0 z(M)&^q()%bpo7m;8;iqx*Q*@vFT4+0Pj}Q_tj_XNO^F|Gy~h)kGO}#N%!rczbqlh> zkRY|?+;erW;IY&vT`s^WE5`NSka@PsKR-fb7;a#9OKQg7dXCuSml+kF0SpD{;4#3v z&|^11(f&tH+_EOY^7?t{^1x44B0L4~BP?5A14EORMW`P=iL=Y|y+(ie@~XS1wJ>3ksFJFdJoiyPO;!XR2iBc0L>svFP8NOZ1Dqzqr>0J=g+us6HCP z+}}MlFr>NI>Dp={|JBsIY5$$`z(+F}SL2ZKq)$;BPvZc6!`$8M37Rx(vv+y4an`oTEKd?mTQIdno=i9_ikt}qU z7vTG3e>&v9V>I8bdpeC}LR53|tpb-Qe4&tve-m~0m%qJJba8+De zZqMfC?Zh80T=%#8swdaNgG!u1QWRrq=#4Z;lkn!oVHD`gsN|IbrUQqUUNU`OOBdzQ zkna@`G>PGD%nPGX#1k{=tRZrgKo*7(a5!3>l8|^+fxsHnRatLr2P4R^EVHzg+{RE9 z@ABWq&=gmfdSnB@^`rX$nXb?c9Z4fa%V9$&?@#%Yh{5`PC-7)1eiUy_rna$)9EKp; zu7KakZ4SieY2tHq*xv4iRt+Yz$w5mx1`@m9;dn;>*u0_%)_FwCk!;>|?A1BjZEdD0 z8R9Be+{$7&trJZ$4$K|xXs9Wvp|&2!0T^03Zn6JTAOldKjGcM%BK5H0WaJ1r0z#06 zkw;qKcKF+>a}8DqF*ZOxP=zhkyUAZ`+bX(MU~Tj~NuqqHCI?4^UcL*vc}JU9Rf_!Q zfZxnl$h55ok)K>jlBvvkoW%HtXg#qouk~Y{#lpd$U$Ec^&*tvkV9Kwh+SJ}$o9+p` zO1!;SZC7GG9on)N;QXjZ!@Z?l9Bf>d?w;!1vEG5~ia^YV=)X$mylnVx*yoO_rrt?Y zti8=UBuXyHFfP}b+}d|4MmKfu!Pnz$h}^kwE!`4{_cuR|+}r+bb+vO!9Cf0Lx8ifB zEJUd{Cp!ZS2hOrq)Nd*-c39v8=$@)sCp_3Upb)oBbbH{uSjPw|{PLiAuy%Hzzmmt!**)89_vPG2<^&K6j2 z5B$#da2zZH%vE|i);jWBix;F5WqCBYa+7QB1JW(%O2$kWdm*F*0nA*eQ zzoQ*%p7Ld&hwlv~vu1(S^;ee#u2p`jU#zzBFWd}g)=U?-r*~M>HCK*!$Z9COg6T18 z4h5<5lynMOf;rw*0oi*Cpu7QGBJ3ZI^eicv@$18B7TatWnOJf6%k5-oR~%RpBOg|Y zx@O7>FZAlk9FJ6U&#jJW*FEkvaG3jL?$cl$vFyXa5jkaYgr^tv4OH&vU(mU57iMQ> zmCfD#j`cBT`)XXXrc9Ugvbs-jqhgRz%7+!lKQ4b9d*MZA8JrJ|I%$dFaubXpkKs}8 zQyqGyas@r37rh#3-`<`em~u`uC;^&}fafFpu{$#!%U{T_Gu({K#kJ9@Xutgv$>ZCE z1uKzGLIKLMy{3R(Yx%x)kavWwr3tjeDwKB?oBBZOdYK3?EG$^^GY2=TN0hlM^C}3B z3leCbL^kp3fV z!?480>~VOFuD5t|(Db`4frPg?ixQ4px-pjcbfk7$h?!(au50j>RtUSy~HF$p8 z_)jo;d_N?`eL8W}{46n;+_uD=@T6Rbt57>-Xsd`Zv0-y^a~b0FvzCv_N{+0iO-Wya z)GeXl9ixr~-EhbLyNc%R(de2%s${l0j}8y4id8on-u zuTHwUvFE}R@kg0%chI(V|A!Oj*73bpK@Fs0A59){68X&%Um((0KvG^QyA)}dEwpTn zAfWNW%T_q(xO*$e%72*XLiYN5yKz+N8C549@ zeSs?5!7s;OJ^gZN3})hl6?;%!LRBP7HZO^Jl5Z%I1uQs32rH`_CSAYYbFpE zxofDg&5t1Y+iMxI9FgF0!4jz@D>Z7&tkZv2GnR)Dz`!$Z0mXhn5H&;&IKdzq$z#pQ z*u0Eac-C^a<=#{xuO{AJ2z{V%4J87yuh;uv&f-~y!11z00J8#w!>mxV8aow+#TF5G zpG<>>WYXD(Ey&WSgw^$Z`&x0i zRo9HXzoSha=u&#Gb1e%e?tG)~@nok?#f^VOd_=9yf*(BgP%+H{rdDdqxtliw0PcgO#>$jR?x5`(b{ zn&t74WTXjS)5U8;r35~0z0)O}Wr+i|0O?I0l=}QVmCy}=(J&+)hKQc=;|KKH1{xTy zwCSQMz-#zynFwMWHNEX2$upsq)+io`clyqo6`cf<-^Q?TeVFcha6ef0m2A;uVXR<0 zz$Q$A0guQS9w`>Mu8i#spMC5WTH{8N53v{Kin`);DGEKi%kxRv-*zL8Hj8*V7J||mdckrt{!X4HBC|?*x~VubTxGySQGqvs$;4#B!nITU@`dC@F9n!6NUS_ zM+mu&CfnivaTtKc96w<~(v?t|v!JvH{;xEZ!vHoUE$6tXFf&`cr#xGNC+PCqv1E_W z@-}Ns^lbD+}U_= z36c!(D1w)ouh@V?Vm1U##^z0pFWc9ypFAyC465jsQiGsJ4|It$R2Rw1fQ!aFU_ldf z>qtI4DG}gUf|juAKiJz&6}gVv@aRMp-FJu>RPzi@7-VeJ%-np9(|&935wb@?Um|%I zS~H|Q{P>htF;RvzZ|@bdCqH0{wD>LC9XV*%R^y}19^Ya4Va`8>;4x|bD6P6XkK~{A(`#uh2RsXRKoHuc7+!*xExN%>)G?|n5151aS=~dHE z|h4QqFAR>XSET(-g53~;|fyejZ+3skF0nKnIB_}e&McUQ}I0``U6KV`p zT!=twhJjdk#V9DcsaxAB7HCCN0i+I@p|$gPxY647lWQi9TT*t0ED<{UHkSI!o=V2n ztjQkpNv2@gw`)TV-BhDO=qKGk(GsD2I^_iaklVrvv9I^BZE8`w91EujTHqy4=t<;r z-k)5&h3;^}iAw|(erXbwL*hf71zCKOTR~o5GI$1<{In!uDVx zSW$-x!OtI3=c4KjN$!$FB05nyzZDJ0;O7?YH7L`o0=V2u3uZN<^aXYno;Pq_BZW0G13#JieCPiiy{f4cDgIuh9JiDR_4f0LS@0{5B{FFBodTSM1tGQL8y^10`3ZGr@}$P(ch}aNT+E)|>V;ffX|L6e<2knfI!XM&sp~qy=7u3mtxr8%kgr%MoqxFc#&O#F|9 zBYv~GKgACfQj3~W0YpIN1@yp`5m{7cW0wO$74$KY8Iy}pwDabV^3u#kL`UuqtaI@ z9Qk+=6db$H$8CR3Qrh0`&fcy756NGy_X{q>y7OL>WbVoXE@f59vfVMQa;BAnOkjO* zR>d6{wyl^UjeEZ?J`pP3bykuB3F*rZMr!f^M>v12lIEs~m@c%0vIrbo9Ka*fWEeX} zW(-_}SBxXT;e!$#ba9LdCr8GJyjla5GIIr#VODqyPdry33*>&o2um(VcS!btJ+x** zIiDhiR7zQMNUGs(pA-l!@v~m2R!Jhm8Q5jE#+6f|u`4aS1Xw2ueYjNE?Ye2y7^@cBqWn3s0 z0TgzkyEG_|5|%x74euXbYSXXrgng#~pO$!van%WR5X~K+M?klwtV$U8+}RLsOjj0* z^pIm5nYfAT_X`JrDc55_d6_1jt!^DDH0f_%%Pt$bl8&EdOMQ7Swr8?QrO&H%YpT=i*^utr%a+!jOCGrATEWOf@B+K5+p-$Em;+v_c|6{G zODe^f2-wvE;v4!Y8sT`|lo1M42?LJ>5;GGBeXC9eGJ(*12=7F$?N zO8RG|+rKT}KTr)d`BqCS{`FOYX_+NI1D|dZtKi&CGaGk%Ht{GMo({li1K;$>$#(~P z5^o_N;oe!-Uh)$(`DIEDNY2`ir3}}M-FzNE)I9_$&w7`+H9JEyoJeb-Smk@ck0w79 z(vHvB2IUc>86(4(Mi~C}`iFG=+zZCU-OV{kezj70gq5+ddOlhKKvV#^FlGPc`LbN@ zpYi|usQ%JAP?Q_xa{%mx&vdpWHL6h{_NWMsfEVo3vdzR5)%k-Ss?(6 zv}%gkkK=#6BZ|gA3T{F8-%9pcJePa!CVk0j{)W=1U*Y1RQ_bZAubRszi0sR5b*g8R zK~X+CWzs&WfzqB8yCk26wi`V52S4l;-|&DSwc!2hv3=JI)|9@Mw?_ivm5b^J=K+FmIjf7j%3(LTe&1g;r%y`?t>yFL?P zv?gf5DM5~0xhB=?j#jGEX1WeSZO0%d^kbUWdut6moz7`x=c%B{57e{;t_w~$GS30B zX7`s@3@3o2@ah(tSH-?GVVW*T<(9Bq)7@9}kiKohaw|EsA~HGHr(;L59(;f<}^~;&N;f67%Hkkjy-tnQH9D*B?~y!oi6kZx3!69jKM3wDk?gph{B_ z=X#rRw>pEfZ{AUg)P6yZU-g{DUE;i~cJrgnePJn3n|(HUfqT1I4(IpRTkxnX-FHs6 z2}|>uW&*HvH5?JCQxxs?Ul{@9=#knypKB<3(?lp^vlIswtmx$E@gmY1zH2pnd>S5| zZ|ULrBqM)5()J)H1zlBnyntj%((Mt%w|bCe9S8P`)QBOlMPV{Nl17OKE*GY1&3^Ld zF)O!9Q1D%65YW$2#M=gLb$GPX$e^XLDYjW}URaWAF$iPGjO8>F>{O)^x$QY$PUfjm z(ZT!Wv>^k`JbQQ9->u*-W_Qbt_5W7SBJ~nTU`-#}2R-~7?Pj?(d*A?6HF=r}hMPb`GXa5N zM7W#*y=w9^P+k#kbQ4I_6W~*JNH`JZh|}O5556q2!IJC3J6VS9=ZM2KrSvbT%|X?44Q9ijy$TNDsgDz zzKx+^l?5ig7e>P!WXwE1qyH&g|;7` zJ?!c29Xf)4car?9&*(erzhuX`%xA7;y7jYz5l&I;J{M}#S>N~7SmOg~Th@o!Rxi_S zATr2RXZ#JJE@alWzx1WNhHJ2ksce+nKg?{2aSi*O zy)`wR-QG2wy!a+}kG00#{@VN}b80pP*7?nuMYn@RSAR(~bKD4KWp%v`+vYptQY~A8iD_BVzbWgC@@!zJ2Dp{B zou<;a*TQNN=$5YW{XF?|_{1=F>8Q`&jhY~EX{JZmWtTVitcm~MPw#dJV*bxP+-sk% zGK;{4i&`p|fM?lf8K6S~kcc+mrZIG+xaw$XOAa_fproi$S0nt<9`vp89oWsi7dRQq zH4woM%jaw$@>7RqSMok-dUhFd6(^78Y(IaT?b@ZR)_8GANNyp5zhL=mGxZH+svjA3 z9RYI1ShD)sc8B_g1&1EZYo`f6WkD~3lC}UUX#r5Fuo0j+_ld@J#&0Fof$SPJV`_T< zY1;23V{1lc7z1qNJAgKV9NMrJ0|C^xH-*tNb$1{(dTDnx3V})*a4O8P=uVAr^G#>zd{j0QF9X9r4CdW9qsdqXpxsuk)-JqE*?#WpHYkvu8E31(ULeZ2@z>_P!hM>W`euoLGg%Jf`wt4$U1@v`;y zWe3(_oY`$Eg#6#O0>X8H{A*}WU31F$dBLN#dBf_-i*ikP9l5GWV<$`LYy)gq`ud_= zzQE~nx!Y1M0vDI6``A28A`4D@a zl{kaniY&08kNwn#0Yc3N2m9SyAA63EYbYQ#khP=WNp=32Ya}Cy9{-Da4^nGSVb+VG zXySY_LQt-;3{H9A&Zj%H2QPDNZdfBi)LH~7!Nc*O0TM-Xjn(jNDc$BKUmCqJAnQg; z`&@oPbW!U4(XBR-tWIMR(*s?0HE3R?!=|vBGI=0|PU>FTnWJk~WezJ%>K{b~^i*gQkNgz^jN ztjVP)XYCXS{OvI&hCGY*jfTG^yxki0)srxa7!5i@wrf7baxu=!ZMn+u_1ZK88fdaJ}$SueiW3(=O4|pkfZ5IJ@O)@!v~z_a38T}GgZRmcs27j zA}9*U3}?ik$zu4w#6YPZFyn)`q@BSG&LN8;F$*;GQWo+~UudRuM;hG&7}gR_LYKQl zJmoc$zLGXDgEts~2oyY{yl8Tr?M4B;US=a)%YC)v4MBzdqtiSa-Tc=v*^sw^jKWGj z(B>pm>0e;OrWE1ZaLJ=4=c*7bEedg4#(uy$P?JI^8%Whx2y zbC^6PVTbdbD=HQ|Zo4yFab6QQNfE+t5^~FKPiyi2S=Oqr!CLkh5P!487ME6} zbgQ|=B^4_ODNDh^a~C?G+k+LweN!qz@r^BM0`(t7Z!>fR4GB0$a&GXLHOUyB9Zfv0 zA;Vno{o1~jG`*kLgo_>{@8eWSzgch7dKQgk!U@W-h^Bfx;%gJ@<8H@?P{9r2SXtvz z>%NuWvm8wFoNH4+b}hL3>kNyG2o7ost&HdoFH6u3Uve0mzBz@ytvFS(rl#DP?%~SX zbeieH8Vn|jQ0(BpucA|12;P?!idK?~+PG9-(C!WneqCCK_7bXh<*V;g2cuQ7>4EHE zI|hKSiBPGY01VSez`M)FN`ipI0ciO7MU55qYBAqKkKQc*q`C>_43@h5H3eJ)z{z;j z5RbReVKg37c*J%c0M}lCEUifjDJa$RHnk;2mxFFm(i*Aj*fsnVlNjR1$Qu5g#1SB| zf!MK~CP=!c00w>~YKSk3*K03amKGbWwl@D4NJja~NK5BxQEMFKrP8aw*}v@K*L9nxb{C9S!Z6IHOk zs=G}Nv!Abv)MBZYp!@UOKW5&r zkFfc;2VFesF}b(|>bLX3kkqf4BhSL|dT~ij5fB^(Y0NtAe2n zOmk&k!vl;5OzJ)}7-$I>dqZ9%61bL=SE~U3@w?Rs-kL^J+NY1+h&{!?~wS#y5b)%KEt+tLO^7@lww7a=P8l z#!JKcv{g^UQVZOLN;+lYwVnuqGkpT(zT#UX09M}x)Th3nH1J!ZItODoQA1bzMF3JU zR+R?$lmCXt>_GOM_uD6`Fa_~*_Z-o4If}3uVaAo%q|lA%&y7di(7nBI!=P5v!^c9i zbc6k=Z8WLcOX<%S-}N*;?uc#Q_Hg@@2&v?AQz|^u2G`#hO9f5Jx`cEO^9{2e=6us0 zV7Ss)*?QugG7)f^O0+5c`)f-U=|?441!zw(Y@B%6zC`9h$u!l$@zU7vVm2oef}P{8HE;*>+NG=~`92p-m=^tT=4yQ& zg`9NS6lW20iwcabRhn@ZIY|~r^!OY;>lQy`@?KH2e|f^{onGk>H-c|6Uk6^PU6N8y zos~@ReC3c874^yy93ERuIdUQ&TmXHHec!^T3g{-si2dDM&`RfFq90NUNsykKm;b#!|{5QID(fi+ISy0LTzsRx;&cj8~1hj12RRW!KF7ogh z71!wZz>fr7X6M+N?nF~Nm4=I%2rjywb`>7eAt^Ud`N7b293t={c@#{PgfSpX;tzsU zW$0ZnUUkt7zpTSrmLfD3(0i-IfenBsKpfqqCJ&fcER38rLCQ|X_VuXY8a_%A6nj$% z%#VD?%UExs&U}?{SqD&hp5)VO0Rk+D0r$g^#zX>YVp6RLp%P{7f!_h>>LQSJzd?kV zd)h3|1e}KqZPEpRYH$gj4_Z=THsH=otyvlEQ3O-x4^B!_%}~+Tc5ptOZdX;Qs)HP- zbQV@a(Z*GAxrJzn#ob|jmA5*|N2#{K^^WX&434XXKj-NUF~hP&zdT?-|HSzL0QY?N<;7iQM&XagDf|ScxqI zxy$kL8hL}%dhfbD4>tcCZ&L3~B|t}<8w)*7zk@8Mz--k->-T$*k-8(7H%tth!G7K^ zE}uUxw0xAQKh9Gn&6Y%`z8dd2+x7e;TkQ-Ngac45Z)yS5tI=lK#L>RUmnj0>P2>JK zyW}HM91T{OJu7Zb2)7E`CpJr7-H0Fef4;KWc3Mdvaye43FI(o$UX8pq$v7nyAe>Us zS^lQ3Q8->DaM7GYg`@WN*(p}izq((i_4gxxW`6{9I)HdHW8Tlr+xA-V_t(9ym8HWW zmp}((c1T*Ks&IkHb0K5&;~>NzOYV()+BrRQz7Ta*5S-C^-K3($fl#{B%u=TwAv_ro zRQ_hHCAVU!R<8AwE>|Z3`1f&>@;3^LpE$2m`?fjwX+BC9Zt7t1Jil>X(M0tMt18Vxoi2y!&hw z*9YSW416}ARH{~x@9^2iHGKoP-D(SW80DTkcenz3VxK&F-KeV6k7e?rt@qhQ3q~`q z60%&I!weT1A7Ct(z4mwjX2%-}T(~twlPM$I;8ZCU6%X)BWX4Jw*7??fHGoaE-(VeR zQq%~_vmpQghmTS72G!}o*gVQPuPqa(2BY~rYhTGFRTC(74;zYaD~Y|M8wxf*&YC=F zlQV(!WSB}2Yt9hkVEpDBb7$|z$bkc|E%3N;+Fwe=wr2~K3@Sqe%Jsiz20{0(aBNO? z_^wZrh}E=L=L{{0OMK+6$2QHZ zhgta>seIW7)IW|zx^I=lu*x{>X5G-($z}v0c#o4yvEHYJ00;i`24gi_Zcktc$tmrF zV4HijQr)*grt9>5TqmxH)@4S-X%RHYv*5=TaKXl>(ymUlgDBYGJZ_> z;{(F=EoGc(f-i1`tq@HAWW=djCe`!rZoMm9SlmNMoq5Slz7FtMzS?%UVhzoZjWfeu zeY;eA_vJ0hX3>1zui8%}t{)8iGAfjS)o2~d4F&z;tuN^zN%AZ!Hogc8%BxVEdRX+- zvQf*2^s&V24M;OpsPg^8|DoyIO6hYu{JQt?Z^pTi>FX2@0^?l!6s_>YP{!VTe}SVvgBb`qRf{n;%X0Ra7{+L(+Ah3Sxxm6;K zGR!s9*byqBO_NXLk(&u*F}+f_p};|C-s`I%$n??$mPo`R0F+|yGhkDw&=Z|`S0|8o zy_CxvzqG}|Aq6BO8gzOo)kcqIK-?eX5}j3bY0#ho^U4S*)8p@Xh&#;okQ#Bw-fO|o zvX>b`b_U=i!k}mBakXyEBGBcccWt&T-%Rwan69oJ1wcBy)P*wrc)SIcoDb#cMEEwf z9b7Yh^(Pey-EHqs)R*GYXn$NQOc4^tcf+m{+z~l?WYZ_$1yXrtznx__$R3 zD;4o7HCCcLne#K|K_ym5-_?3=vu+FT6z%VETY6+?l(ISrDiQ3P~dLZChE|eN4irsFznrXn8DLQIq@gVau=n>KRVzUiWeZjp+l0 zg*{byo5TfOIXS~h`F!tCu0&JNv|Dl^t!Xp+t>MQ>F}Ve)SV#8qk{|G=tx&`jRFgsA}X^k}k6Uz}uZmDg$IU!43n_}C-R&UKu%RTCt2O7=yq zat>5$!5Y=^vZL?jb7TK7b_C0rCchuNg?TE|xVNo{vtwOdKYJmB4yx|kjTL6y(xDx2 zIJp$pM0Pr4_-arNpjZNj7t#Yf?BM;8UhsPo!nQi4R`9OGR=Q18tmqx0JMgZ!U?MF7 z5JRn-8L*c<(yQOt13%V3y*UBz1L0i(Ia<~d?k6|87X#ksq(@Wynj`<)5(hB;E1wDB zk<@-J=3Tj)%t7R^wMP(d1Nvy*wi0$nV$4{Fj7175HeHfpb9t;IHP}POHlJH#4+4at zct=(5hC_K2M+$fzrJf<~8@fy|8NX|+AOgg_t~{=R z){-rX;$0&shP))+5)Lf{eDg(1Fd+l?2cH&Rmr7vZ$@c?!bTCr>`JboZf}tg4vR;?q zsofvl?Sh2R4ou*&4RFc0$dBbW$E2Hngi;ke_#Db7T>cVY8e(bLxSk?l-xiyTHpHj$ z8;w?_@V1vwn89qU9e!~Op?_t`F7aG~`wu9>tYvN23u|6h9hhF_l4+4Q@>!kD{eH!G zSSl$P(5oSHzN+l162N2<;xquB@^Lhl`XT=!O@#f_VOz=QdA_ui`=@v1A@kf^t`+Rm z6xiTJQk#`DwoS7I4>1Gsl^D6+EvEI%F$ay+nDm6DY>NbjDRm3C0UZIy+O>l(ie{fA z?qVSDOmc{^HF@%ku5PN)Yup9RUFT)u-I9-zQLdhcEWYVXzw8u)UZ?0EWtEHy8Rbh% za+OZSYYv~*L zFb*vN5GOqownQzM)ceURd8F9;9=xSUH;OB`jlF+0d zvy<|cx5y4TBb^PVKFP34`?%<(mykq_?h&Y98sRI`Oc;-NQZoyXDllD`HE50ry*U^O z^-~GCj?5vPUM1P$<;?|J#P8H@OfrKnY`Zk6BbtF)H=fiW^$z4^fWNGLbLdZ~R$`lN z;UgKD%ZFUDhoIRVR^QO?6>C<^N%jr8hQVvIOG~0DEDU(viEsZqQED&gC3CG^3u-7Zo({sfh!3{;M^ny#P`ZF8}?r@271&r zY%9N-xrs(0y{bv$Q3fbxFtRkDC_zYtPirQ!$$>VPXw>WXRA@>tV)#3yvq)7E4~A>7 zLTc3HP!BLR$@6+A-UY>3rp6*N`Ao*FhW*@{WQHz)-}zkEIHKR&*yj*1BZv@mXoa7_ zt+$TW6Rm9f z5gifY(wDBXI2&cNFlAuem~<}IT%WGzv26}a;M3ne6I%#};Z~yD=ZL*;4gNwu>ja{EqbM9rEjXe{>vs z=jB?7=Ea6_5)@LEF?seTzsBk-m0B4zw*0y0T6;a;a6_KIc(YYy=3ccP_sn|CnGM@d z;;n}sEeaeyO*;nyDdM$!u!K*{SM#R(sUInzd))t?HvLW3wS;x>3yyOlC;1PAnmg+r zj_&C0+w>(|-T1ZATayFiu!bYUaz-gr&TCo|@ml`iwko1d1Mejz`T~O?NXUVE{<_IR z#_imP_l1kq3CCm%O_2jNqOAel`5N(}gd80PU|p^sg-LG$&SRJnIlKv=k#%Bt7?J7J zXd4;Z1CVeyh!>F|W`Wt8&AE=7<#IyN!#rIk9fU&wXg3%E4NUyzm*D)YpQrs^)@J#EFz`})M6PADWtv7R|H7N7xZkM7j3Zn(c z4Y2`#vsJrt=?PSr0-wkGvunUa(*4r78-f88CBx^8I@1~E6Ub+d87_>2ls zD?1g?>t4K>?@-S&l>lIemipjoCj&gCy|)prX12r_@Djx;Va2*~z}-M*s00hYP*gq= z&`W5q4+D#v&kh)h66s`n8@P+S&;AC0&=}=K3m~_Hd!#C_;Tr~pxW+g%5omq0@S>@p zz+EcD2>VMsp>4n*pCgM%ndQ$lMqoTyW(9;(bQ5SE8hEFDK(OHegOsp@;{egK!*(Vq z=J*ECQO2SmT^UtDB=A7wEl}uTz>1~k^F>Nmw0@Dkes@S)sdA;_mEFf@^KDlh*y<=S zSv{#-r5;4wy6<{ z3k>L-EUxjAOduEpFu;{4e3)jK(G6BZm52)koWzRORESZ&mH8V@%ktLDfaz^%2V~J| zAc3Xah1C#9we-eo_6|3R1cgC8_}V(bN(o7RprxV)NVsSZHlWqbHUJwdx1HKv*jjnK zUOdTibo1u(wZv)R3+Sy|=vPPqglhIJy9jcN+KPwBcf@Ea`>$!=CmIgGxUFuMGnc!E z$ha}8qGwR-g#^JVlbl?**YoB^WJHYH&sE9S5{DlGD<5s)9EVTdu<8H5=8sUYw=DSr?e;=dkc7( zy~Dwk`<0LEK}(5Fa}M3N3<il=;`k$Cd$N$rn07Wd7b>U7_$qP64yB0re#A(lxP+_RDHRBOoEMig*L4dri zVUZe|{BSH3FCw#m1O|P6P=%=BEew{j&SKn1YY7pCs>neIVHe7OEeWNifg1vR_Hun$ zsrVz7$ujF8Xkijd2qI}96cKl4Z!y$a5K{7{5(S9jy!Q=nSTTdT3HA`sxfo{TvsZXo zj~@wa_yMSn<6(zwIJ3}G|;mjGr>lmgwsgAe5Z#Tq{wJ$QuC5)9X#{K=XScNDo! zt^DALbTtGi?_lKv15*CaE5H@En;;^QNDD9FQhNMOLO+#5hv<_dJ+X6N?` zws-PAwWfCrNrN-rS0R!NA$hh=?sVJwt?M_sV`!G1>`}Y^xDR&5B#xMVnWBYx zgmr#)^B5Ksb5Z8^$3=t`GtyF=77eJ@z+4Ui%~>Y0*=vA4fT?M6+IqyI6i_{FUP%PO zrgLj1i)qq3ZqZ0*bHY;~lMr!w8Bb4rT;ntOH$c7M@&7M#{U*K0WMGSg?Z8bfI#(|5WE_x0!pO?x7g#rO~cm zZK|^39+rFiK$CJ=|3U8fKtMy;mmF8VN=GZDF})8~9XZ95U8l^G+DQ)&Dw(rgj=rZ( zOLjI*f4=lHufprE6|5e;THtO?EdBGEe1`o1=2y+%)wtXm&hBrr6rKARe#HCI=bsPw zUI-Drb+i$<;o@ktx50B88#e3RvH4tyr%St^=iN6(4isGAA#zDSTeA1s44b2d(_>ZO3>=#=F`s070{Ur zqi6z+oO(#@wVahuM>bghkodp{i7iFi(iBlQfJedT@Us&leH49PA$kv1gy5k2szvNyI{_GQJ2G$`@f_(^h8|5MJ+}6|Gk!yfk5>_-^1u-5tBfMvD z)jcOs|EDt6x~hEJ42*dfwSL;4bhq1_SUq$a`xxE zj=x^_S`;(KOXv@ZI$oBg35LquP&pwwG;v%6pU8e8TX0LcJP^+;D_nu!9o{Z+>tgIq zy_c+FYa=IYt1L%z+)J08(t=zxQfXOKSd-k-Z?DvASJrFyQC@wyMREHu(0>OZE80HI znUv~2-qPv+@TR_NPpX2<$)^N9H|3s}cE6N`TNdT|w>*~=`rlAA28+ljGxshItQ_!) z@U_W#EPel&HSSifxSRcvt$qi=7R17kFq#wsrHrUDOw=+ z#%ku&B@^XWUp{<+2w>O9t^Ar8K$r(8h9lTg3mZS$R_}qVdhw9YiYyZTDJO?(6$QU@ zIUudp#K^|U<)6=2RIs6zfQw_3N(AS>E#SDQbh_Ov-Ah8GOdIYfu;ac4z^ z2pQ@3<2^4Oyw>7qB(Rm4qhbp3ZeR{*oAa2Eth@a{lW+YQ=)ax(C#!iEZeIH|{pn;i zKiuLMZfmsEg5l$IgZGNppI#JB`sp~TYq76KR3CIOpIn>_fn zn!c|x_7g{Gm2HmKBUb-dAZ3BP-O7AwFqeBzqj_@&$IWlbL+da5DYQpeHTiD z-88s2#SV&8%(S5cSNVB;QD#Snll){H#d1=kQ5S_&ebEN{_XjJ%)Lr(%TlPs3i9ApgA4Dov zoP(v-_36D}SH_Rq$)$f3j$)a6e*4ezlI*08*uU!M8# z&6r5ZePvd87p`1SN#;od@4VX_>hcOwujG0IL=+UXHaU&lkZjO9gU7~W_+A`#Rg|jt zfJk+?W7a*j%a9)66zINcWIs9Rz2F)>2F0^d;-KXts^P0vv0=)vE36BY#WgU!g6(2} z4zC7iYHV2bnM8N6f$3cU(Ie?%(;vGyZ_n!l3$nVth^iHzE1srzeWWN@cRNj=bhG~9 zpFg%KB;WRC%r$ZBG~lbi7Vm(xWUSMy&m7C9v;XL5?mT(4CLn9Z($8;8W&^56u)iWg zmBrp}%=Y~l#^l3T2QM~>!2KJXa`LA85mcp+X68A4eAn^NGEZDyCNHB1jq5eiUL{uy}WV;}AUwSts{g^JYXOrRAZriM@L~(@Qh^-AfSU$mlYGj( z;iEdpiPjb+UC4^-_k+c%aecX3u&c{$ozK&G z;Ll;UOzI0&z3xhUlY%N-6#8N6em}MJ8WmCLX8ykDa>4t>^EZRLni8y$lBbz=Z3mG% z-K802ejP4Afkq~)q2w`=ES+<9tlVZ^CQ?PUUs+T|#l+S-8Q%6nQz{PcN_ zRmA2paPmPb+i3$|nzaYe^%T$4WYh_0onuQr=}bQF-90fv5W%?X{OQrhBIO(*GgAM&F?dV7vbyvlBDn^DZg zso8F>hJH7^agf&^b+Xajl4dqpHQ+PLxcbF&2xkAVzC&0tR>uL8YT%;?IL6ntY2+6V zLAmm^+2=OvT2;>4--YO78pW&os+4H`M%BZ*j3L#I^Xco8*o$&YOUl(_7wlmD$Q1am zL;@~PV+6gV#izQm*~PRyrD}JI3;#DT`F(mswXN?$9m>Z{4R%~T+KFxg9>Vb~*#(3M zaBirx-T5X#Cs9M+OM@$1o(o<6Wq9cc#7X-}n=42QvO>K5FI1T;ObNGlsRThGg^5S|Y zHo+V1;s(ehs;!-dMWU5f23Vi@9IRWNRJZqB6A^V+&_)6Daa))SGE%QjsYz68^pTh+ z<}Z9tWz^{79Zq_x^?sfjaAtj&QnJ77 zykC*i=*4P>65W5Ung756o*zZ0o%JEVr%TCV|4?Y0oqZ}bSL6$Eourq)SyWe(z{ z4<`52)bcsD;L-5=eA6gWRW4$8iHPx9pkzC5dBmoj(;VZo!^EcT8x(WW1$D9id>`Om z(lV9idSdp>IZ4|iS<59GI!{U6>TDBr7v!aBUPM=GcD@DO5Y>tnAF>^Ih_mTg2E`Oe zKkdC-CuP(AGb)DLP*GRFksBJvxz9L8=pznWcif>PQr!iK{T$ch^bAv&#XWc9=T4|e zkW;aM9y|l$=eXGgnl~&LIC4#oH7_6D8G}grX!M!SJm-(O_lGG^;fD>GUE(DF)tR>~ zvR%^m?a=7n!D1UtvvieXmuG@_#RJe~B&v%P>D9a+I-b7sXs1@OiNUFS5l+EyK~v#; zykp=qn+`*mi+d0R5|+RcE)0fCBSQI3&L7>lF$QT7CW@q)0x_SIbSmz(J$mU+Eh27) zk&33ZfbP-U@X(IOY-DI;4Se4#+9EzIUi|H&MqNu&*i%( z9$#TdA|Y0a^dXUDTIaNV`(}yj;^*>;u1nh@XH|-#q^zefSkJI&7=y`2QEYt2(Jg{ljyp#O#4rU70nrAo8AMZl3hOyc0VC?_6nVcs|8g=C6{u& zu^b$$3h^;&%pdxw2J~{T2-3V*UhgATcU@O4UuDoIqI9~;CVe$Xj34v|i&#bw^`S@X z`>+17cdH9DA?;6Gksl?ALY0y`hW$RC(>NJCknL zv5NPnCk?#2&SK>GyfBatiDug^DXIvzP@7at!t#q`5 z!i_U=b*$JvS`r^rMo_^(!re<5NIkvx)m*Pdl;b-d!!rOCc8cy3{CIMe;>EIYuLvs_ zS*C=CADmD#Thv&gG$O1CKkE9yy&lUaWpoSSIlK&ihHrbc$_Z}$@ooc>0F-+61z6K4 zy4+Y{@GzI1l$C8W%dXQ0m_Tv2*t=@v^Vx@>`01QeZrk33sxo!Y!s#7md0z z){K5q)G(6rG#8|Pe$zK+JGfv~Yg)X@wjW7_TZAPxh-0g+{CfI20GPQH3(raS7>JgC zVWyMAxz&=WT^z}+ge&`-?YExJpUS^i(<8=; zSFI9uD;4)&#TAVByH2}uSrR1b+x+vQzy~x+2L~w-$qskxbyzDSAbmDhH`4V zn@2S7@|=*pi&<+`nwB128qYIU%pKBEZQkqF$y{7Rd`V^$t(&UV9niR+?JxK(`p38% zDpF^HvOr^qw-0ndL4@ZKr@^G_ugqx|TeP9eK=V8}36$}hMNPNTePZ>EzE;dSoj+0A zBKPdAB#GJhQ-DTF<+-yAP-+}dY#uIk^W6Pcdlv=62C>tiHKC53k z|3yfzFh{Z$r=D7`c9Xn7=^(RiE=tDA-qbYuo|D!2TK8= z|9`F?^0YGrng^f@?-=O+Agp*b7rgJrNrji+%6p)^EZv2>o>8|LlwwAB1Y&8~FJ*Bx3-cy#xJmw%VINUh#N(MD22-KJ&uX=tXTLYY!<;;JpD|&mXV+ z25M0UN?v3^0Y_U2E<<`5%r481AfXDNy{W}xnL~FhR02MJH-`NC)#ID()!dzTj|emZ zyZ+08w#iB9T6w!KE#J}^<>4egQ-H}BcnIH`fPg}n{q@P!AX{q%aAJ>t7pTv#F& z1gu9gKMFX1g{0<|jVfJ?<*ApC->a1(;PVx~$EB3Kou-lOPN(OQ8hjBqRF;Q&Fln@$ zPUDamrZQ*>^0Y2I?oP@=ME$;KTpk#$)`iZ;lB6krcG*3SS_<_3{!SxhtosU7FTly> zoux}6Ldf4#HsW3G8;#CbBDc<#G2EA(wWqc7d25kR3LfXP4b`}qXZlU^sqO5@W%_N?XNVSOjAW3rNw}F$y(-kePaRO| z*t#lp@bS;9y7+`3fyS{cHP}t2fEPfgE1}><$^rQnt1k|lp ziZUHtg3=|?=28tRw>`@gE^~$9gsSQ-=3;xlu8r#2w6YA~*sz~ga?qUI8u42akRm47 z_M%|<;(K1T6rnTEV>qg|q5|U=dugCiuAalCQzG*mM#mQ08$WLT+M#Bhm`yJbbfXtg zQ;^t8)YonZR!%m1VxGUBlgAiy8a=w?!XnS-w4o!tY!agCd1NRp%7|nlH!j^(5LTED zMSMmvz~agd2^IG1(>~dLxbwMyyIDi(e2YJ&V^T^uuLyviw^T8gYt&&eMCp$Mz1+2c z#K*rbwtp@-@LFkV@I=O)AsA~1;;w;fEuju%nr!aUsQTVRqH04|zAlDlb^pOM;yp8> zj;C=YFB6#LPGL2fcc94OE}Bg}`=QQ=Fdy8b!RX7L^%8YeU&5pMxN4+>sY+F0`sf;PhQL4l+VmD~f}sS&{Wc-Q^lQ%dQfp_UE)4+kqQC zn^xIJqC7%nP*JlIZ^1ZD{+gmIz0tTgspvj-6}$CT`Zc%-&=ZTFiAzseBwan8N0|KB#nK(k)ro zG4;%&p>x1}WXnsB#s2c*)G!%hAy&QZ53*fkqb3H;YRq)`yb?v$Sp5<&uJcE}(ON#B z&Nf)9NnQJMz)HKy>yOjup(kZq{xc@^$&G;n{9VMXeboVw?=;4L6k5fT&ljg zY|V@L{IbHaF|SNVs_{K5j(Tm*u8rRY&BR9RmiZsIO|y=l>iuoc7qAJvOqu#Zlyx&P zpU;ax8Ud?MHhT*#>~r*Vk>#W45j%|8@<(Z>1sNJ4yDx8Jw zE8iiApy7WWX^wQ5Y%4CT(%}}h-(%d=r*W44MBg>IzE*jVRQE-MXCU85;nnI0+dY+$ zfCP)l(e`O6LBA8H)64T+%AKor^dg4twQsF!6X&u{w#iv>Y{as5dNHjT% zBDItrm|`kL*y;E>AHS#c4ri?EWVFj%Y`i!Q%=DIO_-(fP?wb>_FEix4*O^k@Uw8gB zNfoM)iFf-SN#cLR4F7t~gKXZ#%Rgtl4o*@jNcy-O923knH3%FEn(>=A39Fc5{cKVH zV6%K1rPElPC0l5tR-nb@z1w&^f;2-lU@p(u-zOmEg!zEgDbY7{RGhUR!HJ^F&2dG7d$h@{@)2+xQ`aF53QNf|+5SLAFnTYMOn#dnF z);s#oQS!%14MumD0m7^3V`j1FZak`^S+1wnC?EB)U&x<=TTh`EgC@?Ck!d`)t}VI> zzfrwb))*;umOECUJtWSsMweIu(LP7({_s^>dNX({PeS4T>U$j3Hr~HQYyY=NJCnxG zl_0*rCqa5qSe~I)L)JnARlA6wEL4d+af>6)pSUK+T$=Q09^leU(Ipgec5w`S@OWZfkgDsnKudsR^HDij5 z()Sb}REEYQ9$JZt4?NUN3=>9)cMS@OiwAu-A#9gJ%C~B* zKR)dxiv?mu|ELPCb!DeBJaO|QG&{SOvJtAsBHg~v^bqvT{HdH30TNm*`4+kUYVNhJ z5zs!c;`3#5L=h@sst`ZASL{ z#?US6v+@qqA=<4bC;AYA)wJIaw;)}f|}~1n$&>HHt1;9TRIOm zMB2saP+(m1#VQZ$n0@tJHVO*OTDh<|cMLpFy4X+&9N8(-)^`qpJ<&7>sMR-UNY;0S zKXGvnBXL=!jPDxdyIp_dyo2I)ac$?D=N^sbQ^SH<$zj4K(Q8QE_L~w)chO&;Wm@Ga zxC}s4ddIWaEp74PQ0SHs=4>+9)pR8=)iL`1Du&6@z~~vua6kRxaPj?#@9f)SerWxll$pF7?NC(eiZaI)qyb>a#Ddg?sJW{rXA?2|J{!=EpKz8 z@IXn0wTbD~q~g5zg<;Q1QV7EbPzBRbhY}B(WbWo=n~3fr)zvl(2OW2PVXN3Of>p2L zeK89FDhpc~oCN4*N@~^$U5oV~Ae%my8(Fu2OmT3>9YX=Wqvf1Cu5dxYCTHv`s~GYkdYRF z`rTNwEpc_~OS<_f&Z@Jw-|wB4N^rpU3;Q0k*%zWjP%Q-Lk&#oGYuH+#sm^qFbDD!t zr?S_g^ZgCu={54c1J|5*RDo@+N<=F-C)|F9iBvSe2k-2T*n=~+1AWp5uO4fGtj zAk4I{>8~awcvUsGo1CdWd|$iU{TWX*lt;?w@}St)T=J40O_z^j!E=18jF8lzNwzJ=*iZ zPyrT{F9K4wJwKB|4p;nd{Axhynt`P?ElvJiFST2#2=DfE`5}awDUE0_0zij*|B7Cy zIflU(gPSe?lKTR4?dSQq(e5ViYce?%6hV2=tJ~!Su7fmJVAMCBhDBurF}}FNdrx#7 zfZoop`0Bq$siV);`6~s;=Y|x=cLoQ`+>ItB(Tdu21^M-LP5#=R;#$x(&cVQ=wQLSi z>C91v8Nv7~REgOv>5vE%)hcsgk^e1{b-8bVo1C?&Xa*V`Gyp%2zm8%G=VsqXsclEFvpsW(Rsc^=W@~w91 z;zxXK>+=nl^CuTgms7~uP*85j=zfr}n2>~^Y^s_d+ou`(b=|-xwP+I~yM3)%IwT9R zU9*kA`RM7iSy&D0bMh9GWv{8IjI0W*##Gy59CmFnyZrYsCtcDOvi!8SE=ZBaI%R=Q zMrV@rkUPyB-x`Mw{+#&<+4YhO&Z7_!j+mPidDcd;7}hQg3P0>^e6D-MKKFF;^V$dA=}e(&*wSWK z)FzqCpS7=P@;wG(1$g=lVBcU{oUbnPc@)-gVYN|J&fhk=qL?QKO;^`GxaOM;wsuC< zvcBvJlaTHgRTv~k|7if#VVwJ8h!XuWYH+_0R(rtbZe}YFfe5GbYAbk$7RtEZkN>`& z$}qsIg)10FQEc`}RgTs0%9w-6`qoq;hg}LphAW{)iA84aZn^`m>aIPG`}31dvB0aF z#ihEzjCB*bwgYE#TIZo5xa`fNLLJ*PWS#5d1i8cy?7byg*bl|G@sp)|mjX>TJQd=P z!je!Wji_FZHf+pv?J`C(p<<3@Z1-35BV$P#oJyP2raC<27d2e>8V#B4c#_<KJTo_QLK%wPc*EUZbd1%DgAP}0q&${m==JHbGj30>d9ld1`V zPx3^^r030~dR1)S(7sMkZTNj$NizE%%cut->VMMNtiw+6}Vy z%@ZQ)qbD!)M57??n161U93O!h^*62ahlY;GaHD#&U1dI_hXQxKA1g z&!7iAo60FvM-QSF!p|gyaelaHGa_lAnCATm$B%mEK5dR?%}}^C`i^HqpXI1)x`Bx) z8$5HI-qB|?sdW=ruUfo3L&lE57Br=5SKPnW0K!eFdX8O=l1e<}PZ=HDO1;d2pc$^7 z34IgWD`SMJ!nGU{rqSZ9)q&;eQ(h@XA?|mt;yspcG4+L03FQJcF^uuWujZ45&EsZ_ zf3Q0F8vZyzfdPDfi&le2P-O2rz9p`4K2)!MYjZ}J^P4TgtJMxZ1FN6+*?d;aBctT> z0(Y2pe((L12jXH)xJ?>!Al-$gwJVX;vCfKJ(z9xz@xrqrPPb$GL^)5$vEQzu8jr)X zx~!MG>x(#F%F%B+pWA&O>Az(l%iPiKr{Z=Y78XY={oV&ksArsD7#F}uZr2XfllG>Vvogs)PTUY%7)!4>Dw%GDqrb?grRmXyO>akX=?`iwt_PC z)I5V3>!`xkF%JLtIgnk-Vy|Z>tyE1nhL)pvzdvmeu}tFV3?j*$Qxn524w~UXg4r`- zPd^I3{80q9bBD7!?qSaeohhYiw8*{!A+fvLlBUe|9gjg+VQuTg6?#?S`W)Ob8X#{( z-_$s-Y%+Q{alQF;z~^T0Psf0Rq*u+8MuF&8nCieBOiPTv0NUXlCAFf-wv$QKC6NeY zAD_M>PDPe+rLFk9|8}7;8shdtwtPXO_FbZ#qDPjOb>L)E(W8y?)|vCsCJjRcVQM3B zJ(T#>T*j+j-ca7%JzK+r#H*31qjOdn5la{-cdeP%Wc@s)td_pD*Dbd6v+qPwHv;jw zWtda5+SAEqak-mU`)E(L9RtPbT)OY=mvbzk$aZSiQ*XB7Y2bK2S?LX;f{wO4liRDTiI?Hsie`96i*}N>QnIyJV(ndC{Y=XMQ z5`lSBUz%Zd{n5)ugVW%8O~-SBA{wiGowy}frtcHw#nLwA$m9YoP z4NAt_#9i9%A!O>K*?Tc0B6Y>w0;EGRK(^bYlO)iLR%GP{Ew{Jh=K5pF%AMP0mh z1b1YR9m%1#wDa5FI`Ce0fqlvdB3x{JoLrCAp|17C6FtKKc%oW0u zdKW~pa(S^X9hwm-CDwYIT5P|aqKzkDKm6yjIrDgf)FAP<=cM=exNXun&k*_l!kb zqjOzO*Mh<-k~H*|W!q4|QTf$BdgF%@EK_MVU%xtDmpZPksW^`eyfCc@qnb*J^PF>^ zELnz$KM&GEa8*s+e=LGCMsF9ro&$dR&lZAc#7U=cYZcsqR$9AatE{iH(5LixOkIT( z9H`x|@yFmk@%dK&>-$-_(Z%avZ$$T;bxz7x^!Ir+sU zef7+0%`zxBFROofn)S5 z)T0nwL$D;0T$Q*r>Vlxe_AqU}7r7Y}pw(=3$zT2fupYQ$mJU9?C-d*?-w#Y0alC!5 zC;M`8w`zu*T8820i#|)GEo;Q?ufQ21Lod}gnY+fgjNj$Ap?ZC8a7+$jsk-fge)dd@ zUgpZnp23Rk5fhW10?{dM|80SKlJpq(mE0hT>nw~1LT2_Gfli0}k%1DAslO9wBYC8B z@XK&)0n$LmaP}kgYv@?O;es=PcB|BBkIHkEZ_FccrhVaDXJntIt6NDp+8e$HMU3Dso37j zw=(H$?`JPV1-@E7-J!|3N&qVQ6`IVUQqqwJCoaCumIv{bg9cym_D9#M+Sk`}!8B)4 z?16dz3j5m@{3PGj1%`l5m{K*3^Z({T6b79Uq+c3m%(cbQ7SZ0zg?gvg9lgP)I8YLr zexTg#z4!C896b$8bnQzGWVUNGu4*j6r~Rf}u)4A+^W)4gzZoPeyvielbf-K;=&pw; z#o95~fQV~L2-W*Ga_O&Z>eCsksAUGXu`Ic#8!1b zds4!B97+N_wt0or$3X-QQ{B-$9K@M8kUu2Ox5}9`a8++yHS{**DveF!>%g}{;rTV> zrbmT-)~5WnuZHr$)9}WBDszo&dWh-T+0+_gdkYZ*-L`@^&XXU+7Sj7+D(znBx6JfD z*!Gn1;j-&xm0ziW@-({HQJglRVv9dw7<_*IIZThU@rB^?!U!MGH1}cgBFbg_5~?d@ zd@7DORVFam&W3O@UA8e?-iXt4sI9q8-QGLNU)_2%V_UojqF5=Pym6|j;s#Xj&9`%O z#?j_Kf^=$O9seJ!3ph47NEGcZeL($i_tQowuJxppjT+h1bu&WdZBv{har#R4?xC_*-&q;vU(PGj>o_IOgjG|W zoDE2A#4xF(YMA%E1A?A&F&Mj(VQ-xWg|z7kfNjWf!!raI(b(q{>|cO~^lzPtE5g?}(^DsLkZYd8 zL1K~;uF>#Ta^X|cDWB*=rrZaD!;Tn47R#oDx*?G5kQBFJD`c*V8_&kT&+SGrt=2Pg z=(M<%s^dx!rZ{evlvGvO({kFXhLGo1*j2evEL6bFB(}A_Hhk#4OQ4Zx+{>q7(hwK` zU$5T#73j0^iHma3RY5&~&9GOvaXK!$!5;1$oy})2*=C(~!e;*=8l`-`5<8ORgn@E! zPNyB^{1OPsL2vs_ecG~%&r?2P_05$S!LSY8=JAdX$&o;(jbyszee`IE2Vl!E#g+v3 z|I4i*BqcL`RXP0@TjL4RiUOn0TN2||aShsItm3BABlFNe9+JgYXu2VjYp=lFw3Q6e zgJ%9}Z66#-y3b7YQYbEy$sb)haEfzSM5wxJg>yKu*QSJ_4yaCG{*d%+S2rH7xW!+> zH_qJ0o7C#yBF9n|j?8-Y&T&);ZgL)VCZQuWh&O zy_OnNv~-P9;?j?pY=~5iG#a673a6?rH1H<7RNf!iy`5UMQLTd6YZ8lu4z9YDvw8A8 z{fL`Iu`v>+M;x3)ATK=Zo>}`^k&aVpoIb|)M+4bXv94;dwZUkJs~uNf#&Y(` zdszSsj^~%((t~yd%^qY}W4dy_=tpMp9me$+m6-H0&R-=(P)aEdH@djXXnUoJ4SW05 zwZ6}LuAPlv$I$@o(3FFcLLL}6zt3|+PEiUeg4M|gFmnapnx9kkxrxK?OIdll*1K0d zyj@x{ny)!Z+!uF9XtU3r7=cS%z3Zdw{c7p4{g^mYdQr)ATC0bi z1KqtIwZ6>shxSBm51mlg|Ew=)?VeI|S2>ThQL;xv5n|hZQVL#` z?Ipi`FnfPD+v5lQOfIy(_3Wsp03G;Y-CW$^>MvZI@t%VDtNrg1rip0P38uF=3FfcDCFY7^E*UgdL6SHDS{H_SsOfaB06q%kVMB(g-^coD8d0o!+ zqomZcRWR}8bb~~wQAU1xO6_Od%@?RC>so7X-k8k?$Pc4gBcdftNW5)Vtew3`=S|W1YQ|ZMRR5UQ}_KMk_P-;H{M&1taN> zqb+UzjMMmhd<6hOwy%MxE%gz+#a})&>9RXUQcLPUmA!4geT&DsGl$Mj^qO*tM zDgvvID+S-&-o8dVJ2?-I6@2nCP-kjE3SPQYy?p(B9%iA*V``zQxUtUdTMf>*i;?4g zrI~=F@GEx|G7vM_96E_UZVs8eIDockH(#8tNi;QDT`y@E60wAXqaT4=dkZs8&PrG6+Vte=!DJK%|9v#Fjq1QNLZ}XHDzkGs zOlRtP%q&l0@(DIb39(;FR^^bE$7_i!y*HlNE)*@q%J z*5%jb4u$3_l$wd!I%nc5cmf75GvAqPpBTWK{Kr^d`89RuS@?rbwgt+{{z=>LxU0qJ zw2sz-OLU>ha6Cr)q@Su8GPJyL#WX0)Ffkbfp5LE}X^*sXX)7u#@wqZ9DYMqW1hhZ) zEEGQdW!fXiH`hK8>-LUcd!#|Jd4)tgHi_fxs~Nqql=g@aOc1T3CbwSZ;@Tmq$!95V ztbQLU@_9Y9iAPi##6VmoxLsa760ZVdGNJDMDe-wsdQjxg8s|2~-!NZ84s%r;4EHZc zm8(f!poR}hrod|06Cz*djhkyXc+>u?y#krS-;jgbx`6hS=;xr`f1p%q06&=YW{(1> zt%=#s>$I}1x(Ri9k`S36t>-_|&iXoc=<7#q*QLl<%vM}VQlRqeynn`d#^9OswqEvW zbN$Dnh8Z!Ap_c{@wJO0X0j(YhdqcZ=Je;Vb=3q9*89~m|cT8>Dp7V1!HkS`Z30g$7 zeJDKddpRH0!Z0~vw1e+7>K^em?_`5fUuHe_U%us5;}g83e(p_+SCfl6G% z5@m6&E|AVyjdq{7)JmQnW*O3MRAXr5l-T6j3<*I5x_m)ZF}2ofiwVz4`CH)Uo-W7! zEBQ%z-+NN=W;e4GCE7NlRcfqc`5e#E#%L3EZm0me_TTfDOKfg-ItTv z!V#A}d&u|(#s;KjalWoQ?l>W*_;LKtzBUfp1$0hz5yc&EOsPrlEuxU)Z(h%9OwS}K zRedw@kWP63hoV#sg@RZb`=woBkeJvFfQ8)IU{CjemI-Q4)yd!^YXL}^;rTv9sFtna zBqfcc*t_TJ{;IfUffS_j+5=2NRV#eoQpIR^1vs*=H{V<0jCF9NgI0Y1{9rMC0CQn~ z2Nok7ep3QM@)z15VvNE9TO_%p=?=p<$ZVX$XiC)rsY3S~%Jmf-b0_WsX(#8D?$wtM){p$3<>n;@rc4%&N@aNaR0{aQ=HXh*|->cHaOXIPz6%Bzja{GIL+?fT*jh zE-tbF{4u0YJ)EeN!#Ugz4QAFBJ*m=spHvv!fxd=?(gTI!aBVDU7 zF@wivIJ`Af`eL!<@@z9yxM@FPAJZaI?4wx@xiS{0Yxj$0jG2sVH-df)bbtAepZPz+ z>gl+G0T$V~V*|UnV6;f;vyu2FfrgU~9Hqkf2B|~}msWxwQFfS}II)k z;Q1;AD|CuR-=o-=wS8a}?eKN;1$HF7)1-sHeMjKDv+PuWp}x%}5E4b6ncx-uWgjUT z+`+SBZ!D+&*op{KuDRSD;7Szr^kO~C!MrHZYqZd{R1F9#>f+J*!~cH4yZRNF?ldSu zrghcix=4R)f&Y`$(54ln``UJc`jc;fK-bi=`YoAXdC&P5n*oBbyo+@Vi}2ONQsR=1 z>NbnQSJ$##jpv-&NT)Xh==1~ww3E4Gl`lX^f)v>!QFAq{%Q67c5XIZhHN=DrT?YhT z{f7s+guGU@mJLM@Q%c1d`X7!@qwjHx=O`t`r6>pf?3;D7iy8Eeiq^uA9(8?u&X6i9 zY3FBypA&a7C@Yh~pN7oUbw}k|D%or6*;np?c#-)6pk>$Vcbj~tYzhinH*(VGS%t9c zkybY5Nua8imf(GUZ!x7W?QT(RfbJKcC#QmZp4ZbmaVG0$-B?(dm+5j}TI>jp92(Vu zN!L@81NLAoo1djVzzxi?{Z|IpVsXY6!7{hOul{ww@zNW>cd?HJUhn~q|4T4`$!>r7 zy@h72vzNN=oTAcG`6?q3@Aj?AG!tq~gDxK?Y^vI;^QmZc zMY+Ltqr6>!Z};0<964q_uoW`&UX7i$dp_=be=sr|&5-ssJ(O)E?$7so^&HCaA2uDn z;uF}fXDg9@N>YAe^=sCx!5I0|LF@MdKp;PM%vNILM`hB0=f0sl;H4=hgd`X8?AQPg zVqfvHsBkMe_cDD+eAxAzX&Twyt+f7SG`@CY>S4-dw>(GFLBkIZI@)y|S*&^+!i5*-(mN zeZ4tcZLkVa!V1_`D6n_gd{`tlGV9i9Mv(_NOucczYQ^XP;KwW7-kt#-rh)Vr@1&Ny zS&oaV{Wuj^i>_oota~ihr7I7~vjtv`y}Pm~q04A#saX+|{oDRoK5!O3DF<3jjyM;Y zrGArE7!hq6=LIELNS#*kGX?=bGGmSTfWDsfKZoEXRn{HPI#_=(Ta%^;r9b>i`Mv(| zf*6-}vQuwArTf_4T>q|MDP>p-~~VP0y~hqxF3LxM?p;#qYk~wyn`M zX@K&!_Hq={{hsQ$b?YyQW8reF9Ajm+%F}UDDkJk`;gggTIc=yU14u>JZV`ZY-diir z*5=t!J0^u~X7^t++VGMc7ZkD#PRj1}G_hMqR!*;6q1o zY-ub|FKmI?RV6Cup|-*hxhpK{;0aiR|Bf#7jeRa; zc6XbtVTstFsj@ssBo~0bCY8k%E5lCwOUB0u{qwh4#4?-8h8+EqP~|)! zq~-Ul%iJ5#!qpXHWcKA_YS55fzjbk5$?Xr5M7f8|@@Tx7%%q=Uaf&A&dmNnBCSLlX zbzJ6noq1|oh`%a)XBp^oG0}xU7nO`+`tj*pneCT#I2wVss!!t2?0QEiu3s`tOnK$h zWbma+02W1T#e?lfd6!*2lwbd^p6d@zu-Q>fDl4SP0K)mddx;e3$`GWiU;>dFmMT4& z+YO)s49`#qmIz%eFhbj$jO9pCN>{hEofTuwicQJ~gs$!S@A`(~<(CKpiqRw#;&D}u z-rG#%Vy~_3uI;y*@h=ni@adgzNlcxkv9DwE9!?@LCy}p$j05ploYj5wcuKtIHVuWZ zJqU`~)oD6N*-efO^=E5BurcgU82WBoC83FbwQrYg8(pp%wZajXM>UnwA@Xep*>ghE zX3=}8#|^A@bsO2k=gGZh*OJ;X!2P&gHS5y%-;#)IX?FARMCsA>;*KKJ|< z@EQKt-_GcHZohXn*(`O*6R8mz<7o3FpL{hZrGsh``o;rpU#%mIDW8iVc2}e73QoG? zps|-_+N)<`9)VY}zOv2*T;~MmRY#G5?&61tE%|SfwQ}4V8;gU-%$&GnOaf3q%@1ApP zeJ^`KyLlh#usLf0(B~M6&3i@uj$UoFOPD^cYJHKTDN`n65>pEJ)CuMifeANUQ&*7` zWB2K)3x zN+OxACnFiqUrEQ}(Hiu~)UBAb010GnMk`+*Cq>(8&QRm^rO~uYxBfQoWg2&T)PQ3E zf3ojR?Qp=5DRiyX*;FSDNYI2b{i%L&@__{5*g{l(1Id+3X0G{aXPK@DPF9dsk-8 z>x4g-W%;`W`fxJxhS^ugu;p7&&YLFvWrp;cI0^WebKN_4KDa^ivB0xSh8G&f$nosiwWwYi(4`CmlaU z@$Utmji$Y(-J1^p90oB+K{5>f#y=>+Bqew4k16uF0N{_xm1rQatnduWj;?JXrAe55 zP=fYwk^yOVD7}x>uQ&&AXiKjj?F$5eREO~9mNWt68DP(O-i}FM?nhctsH}o?a~ec) z^`xQivrlXG1X^Ij%NmT!N#ndo9R);{Kmf@z8gS5cM0RSHTUEe_rkc2KgVe}piuez* zCYylF+3T%>#^ZVMnT%bpClE)#nW@>tS zbk?4uT`>;0-aBxj8)p*X0VY(B#-t@W=RXukR!*}5yXaNk8gWB4j~+||Pb-o1NsCqF zvdXKa-XY$+%b);ITn(e2!*bN6WN``QE#+UoBTCz0n%V|}^AAJ-H@+-tP8mc?IMdF{ z*<55QWCS9+>F~l)92+zl(hGYio$2Fc0Er*q{0)%C@grDd97IpKrhmn|FRVjF|IW0C z)&KIJ6IsNWGPxV}_o`2-aAPMUk3Xza#004sw-j8t4EpYcLkUCz21SSYa~QltWr=U# z-TOZJ{pyPrsuO&-pp&I=9@rl9B_Pk2Pb9u+=i)2baGrw1F?vZ?oX>?4);;g)0LS~3 zoROSe<=e%ZdIl}nPND+-X#cD^&nd6vB4Q55n7&_g|{ao9R626<^_Dp37En%%8wjCLXmU*ekZNm zBMmZ~CUDH#it2anE^3}z>7hxUL!=wpB;Yb55rpPFM46kOCEZCoe)6Z#Vu(y}(v4jZ zGi4a0-=@CiJLsB95wB`XtGX$o%7ar-wE3-Ec~%T|SRXI#x2cEt&{c3*TH!tAoRotf zRCgk~D9Mrf64(8Y{}$4pVHfKEkY%)qN1D4X5LCATc}X>6brDntYNzF<@B3NT4F5}_{$DJ!&Tk`r9M8bG;@|FtJ z5(5IjXJ7n}%F`g5xK>`LUi&hzM}|s$apO?kA9x-(?0R0WWf@c$9un%u>$}JY8xI+j z5q-y#Q0?abNuzfon=FWQY`?uXa+_GS^2(4y?`WA>5J`LL;Wx`?Q{&1bsC<-GpSmP2 zJ2|TiU?$%L>7>XeN>tp8%&3Aw-%wn&;Xx+^>FL!>e;0zjtBg&$$w=Lg551A!Jl$r9 z?$GNG@c2NKj!oNYPr3oR+jtN>v5u|$@%UOu^W|ajO%FDiR6cWsZ#h+-2SM?gh7!5P znhA`t_Q;NK(oRV9j4~#78G~-d2-9bvG_{ZNLOom>6mkM9N=@Ie>eSk;S}P6hc|gif zNmTtUEDB4U0Q$iF@8KBS-9dHZ(KzlWdVWf4E%dv$i|HNNYVf5~6IPxbZsitc6)odx zJi^&(xJl{u_KNiz;;Z}5jrT~N;?Szx{Y3D_xXVQY>dr-4H9H|U>ir9cX^8V-DS-#V z|2V>$>vY8#UjXMbk*2@HtE>ZYIAoMUxbH>x`nz(e^!jk-6(;bD2(dVVlVwu8-5|g@U}R zZ1lYG^xTPtXLM;fMn??1MWv=Uzg(%7_?E6)kEe^?z{}rR62JUaxZJS$Wnl8xb)>F} z#Jf7RD`O^DphmZ+f+7=G0Bz%RaYhxuW@CSWg!Y->od-YrB=;~S~(%`?` zX!kcnV@f#4?TjF?3mOdyPpFUgyw|Q59OpqX7K>uX#jOYW7JINF1fuyRDec?WYwkmhtMWDevc zz81A3^k9s(+{b43e3bLnz|HoX1_eGu;Q{y>LuzEJjfC4qO8}O+wn>cjBK2 zzD{Lurb>C2LaeN5jl1ES)n|K4Z|&!GcsSLhk=u1MbNn%J<2K^veb*%3J`PGumAw+$ zP;W;V6HtJ!Q!X$aWsW%@C@0TEWtKhhJy7<|`y>Lpl75xNd+1GO)#`SPVTxDhcuIWK z_6+_X_y*>o_i!IonogL#2RE444^h3Ov|J~QNkx_W>8{zO|!eswiV@H-LCsk9`k z%{78ixK0bPBRy?{d2G&|hHj#o{kR#qRaPVC=z*n~_};isFO(vN zX%>Qw+^6oQ>6em*LdzbkZR zpI7EGm0p(*2)lI3l)iYVtY-RIssI}-8jfL+FwI-0m63e(zZiS# zfTs8U{eNRL0xBgSaa3ADP;$UH2GU3hBSpGFV&ni7i*83L4U*E`EselNr!)*04d3@X z=e|Gj{hs^x`&U%9cfOw2^|-EAt@oSZmQ6rz&iMbe`l^P>26?$dvYDp`eX9cwZeKQEm5*HDF8zjI zhG8}Qaz5cM_8Vq`+&STAGvy!4Hx*ayhA*NWYZ9Agc(zjQaU4r;mLirjmgJV{RCYDb zqtGd66QTYIP2?KmNLfqswp95+WO~9ssO!FHQ0@~af~5~ZmHYE~X)0%~ZH*d3g93Ls zg6bsKiXsEl|I#`;h62n-{Pgmc(Ps$K`tSIo+E?NL@ny-i1_aWGoCuaMK z2A+7_M|v$(g38or65|(x#w4T$3-uouvqbITp4)-fepy=FO6`khv{3G6D;)ZfIoWmf z9&xm4x)PTIhuFMwprS)-#E|6Yr*V_&92_(<8p3m21#BGQa*8Jr(FRcpIY}p9)7cEy z6?^V(%J1bxN<^+ZuijI4X?d4z)`fT=2n^~~0?q(pu#(QBkYza8*dF(4|5tCqGSKZTaR%@S zy&<-44GZ0)=WCeos`Cgte(B|Xa|cOLMO~L(K!3~+>8ss~Et+$#c)Y#(C-d}m`r{vN zb8U|6{={w$+)lGi1lO(EI_)oIujTe0vt(<+L$$*ec@lq#ZfV-9)ie`7;Bpv3U@(C78W_g>ND<6o~MUuRJsOkzLi^_Yi-jjR}IR4sMu}*N?3ZDk+8OKA3`Gjx0Y2s zk?F!*QX~M%^UwXfq|ImEJ#;mdybOK{&*f z)o_)0rCMteIA3Y^MB;vAW8a2!0b22Ts8^_%q1nQMW@K=l+OxV&;ltnh<;T(o)ivZ* z)`qYLU!{}`ovXDZW5k^M`TLXf%}c5Pg;SBMKIqZ!Q-&5D)7ktQ3VhzrYuRiy%^e!{ zQE++R4%N??Fyc@RcoJ+iR7=-0?n95NJqo4Dw$=lP{4uKDiYqsm924f>7s{gDYHJ2b zw(9uoT;`KZyB!_u_uGqh(7IyC>dDt&UZ)+qFP6m8ALEfc(kbH4OiX!Pyp~;ydb@~S zeY+hF2Her5d{lI57%!RUHELSS)WiEXt#qHmC)Omi`=?K&8SU8Mz!R(LV6D+jseQm!9-F z|0sX_7|2jW-`y;_qOj!BrU5dKeFrId#qaSKA!RLVgNj_bzG~7FGf_+@6uTcxll7AE z17M6SlQSy~MF4@Alit&oXg3Ec&7Vn3^fsUa4jR(z#{TcQGFkH+N*5$*(?h6fJ5;hO zUAwCVAHUj{%K$U|=7eMf9T)i144H6FZF)@b`81R-S#0;jC~Jj&Sfp$o%vE00bEy?C ztjWq#@1rqwrdrMwW?XaTF4<5sS7gjK_%aIG zs^Fe+sVT8%1YYB7{>}jBf(DVe6+>FQbtFZU8`h`4a@5C0Fs>-Z(lS95lZi@3a$hEX z|JL)GQ}^!eC5rbd=QHMi0O1 zb?Nh=%|p8>t$)B%vq&geBw5yJp1+{h8gxAz{1j$}!rmi0h`hluWs48+q{w!CN73 zc^sEIA5IS)=gXvy_hc?E^zny<&8)?2E!$9w##>=XpuSse!1x{|8vBI#!vcYALx15> z`UfX_Zkd`^^I)8&jMRAg&4xDJ`m+&jDH{ss4A(!@mavO!aCk~XL<0kzHHq`YSIU^p zC_x!t2&^o`cjN0x{#0T22+3N$Z?vGldx?^9$saK-v536eNJ%Wq$TOJXpojXpQsl{< zsk0Mvx+diyKjRnC zR#7tSOiJT_oiheISQ2CAHt zjG+UIr}04C+4+nzdwc6K>`ozs(Cc)04O}A)hB}}cgTwQxJ0wMV8P)<8D3O#xdj@f zq@Lj{(8y4XDQ+!mrvzMPI&~ma@$_$~0Pn-!?Off@9D zBZ&#}W`A%%!KeIIF% z>QXh%hb&k}v5ga1u>qkxvzrVY$q$u6+aLwDg>~+|{lap{PS(%0>DUq?G)U)WBgtJk z7wjE}(!nQ#!~+@MUN&H(|B!*HOv87$rPZ>_!4@XEaL}Vw1Vao_XjzQc&a90*s8=Aj zu900RW_u4%R7p43wWeq3uj+H&m2sqDULv|%Rs|j1MD%+b-PMKXhSd{hLlaKq;a~#x zd_U~44$hiF$)&8YcCpFfz|jBvz-(%tO`TresPVbM62x1K!_zIp?W{-*;|IX`9}rn) z_S4oxBa^m^kHBke7dyd&b!v2GuYelCWx;!6Jd9#*-=7(n0cJmd4oE)wo29tcP$*lT zOo${GXuM5*b355Q*JKy)taV5BFU%|_-_!z!h{gZtzdl^%_|PrQi2E%(bL*D zwXWqRANXg969aCWvXe#!Jc8o_{!Ha#MMCmtDR+v=3`*n}XFr6PI3&6KeBYzi7Lih& zb9+|PQs^`KA#}FOJ)A^`pGYUO`~>eBtP>EonQ?Uznx#JXaetb(3HvH+U?7+4(yBIX z+!F}ApGg)Sh^;8XQP6N`vx%-`YNvNXGBdysq%dP(HC7}@vZ19YkhW}q#!?T(z?#?r zar|1#X^xED&={K3)5aB1Lbgbt?mk|44l3~}%l9dbI$2{j|8Z(wpN2e%Eql@sGZS>n=dNPa$)sLfy}_ z{>gb-!**l$iIJe7;)|QPNPX}Fcc;IvS$v)iuQXY5!s_nbt^L_58$_;wB>M%{n{64A z3NHqnh{rqENYWFu^t-$AI!}p_o@gY+jW4iwS=Ty|m4tz*F&&iQ0e|#M5(tMA)&Ev} zg+1?YDzPdSk)(oCN+zP%H36$Rn3`Q-s0YE7Et%)46U)nB zj50Y=JlrB{W{o;lQ#!ivN7*w1tzC4gv?Fb5y)e|WxUA*YHc9qrut%Yjex)>l&4p4V zJ`~~#nLc?bM=(O8D*i{Z8eWV(gSK@<=b&C``ZV;Qd1f*!MzZ$)M)C(nL391>QWyCCtx?VfSmAQr@d6`Z<=!_C=D2=qBi zX4QqUz?SHK#Qg0p&ngYS0vo?IJp4zOa zalWLC_KiWRZmn1!D5^`qy}Rd;fplqJxq?06+G3hAV01$fDQ|*gH}6hfVhL)|>TnKH zT}!uc(WyIDD_QxCnZC8(a(s60YU_~TikY8xi-5B;YP&}+=8HorwBa0{=2_*>LKlc< z71udmUrwZ+M`ukU($wzm8Xoz|zv20~$pAhGT|LyIwh8N1f*sU7>{$$hVmrkr9_X*sHQjo1-F2}Hv?-~U(QWf%=8)w$P2JFpk&#f9^xPO?NkN7S+d{h(04Oq zYY0>dXKNzIym<@euY9QoC}3zRidNmlByev@^!YQoC19j(?a zwmIg|7#DoKHEVyf6jx?np|WeIIiaBGSySt7(D3GXYD)x;77#giz&zBf$NiA9@Ae<% zYxxeqTk%5X?;*|JI?y_TwW|qnNJSrpQy|pNcnB%OnZT}Z37}lt3^)B9 zkiut|@lLi8gja=q=%8Un;k0>pyFBwgh^T0Had&`{KGaqGV1JIR_uvBQ&MVv{^lz{(x@GB+~kn$N#~b}^_MczMK_&q?vzutGnWgV z1IO-0#rkEm#q=t7YJ1!r7U`na3IdzBURxLkhxvERxay}-Ed&me=`N%v1$>$L>n3I{ zTb@S1yF2TH>rZj>+U_K8NfOM0*6G<{4S@~O$oRj$#NWsnunqV7v)k5x8pei)v9I5&jNT`aQgZx&M}z;3 ze7G+6B8an*%^$;RJKM`CZx|LmBVacwUEr^YJyN88b%O2s;Sb%7v9vCZJ53jxz_sn& z`lG)Gjce-}lsjF_Nz!D@k*>Yp{W10|1w(AcBYx1#VZOYWWH;y^O5IaBvAU#c6#o*_ zC)nn=a!=wFp}KSslW}C}(ZyUHUlQw9;ysbx_+(k543tV$)E_UdIMwyg(YyhM(Dd}h zCy5H`T_NJaIxIiZdf=I0%(P(AK-*FbNLKmKGhwJQK0PFGVHJ#+>R2l zjwNqSj6He38-~3f1j7vHkvm&#NlXsaOQBBd{D`rq&Qp`ZeG~3&jG67o`+C2~w>6_) zM>?zO>0~W_(j7{Oe=3%>Zk1B?M(q#aO{S62?Rf{ByB^#>=uDfw+eW{Gkkj9)?LD$c z6ybDxbC@G+2JT?lGOQ#G9dZzm>JI7A;8SQv>hK zvR(X%G!K6z@J_1ydq90}wXVqfJb6QM{dr&{wck$AAjXoyrZJ{Jey8Xd z`cWBqleSc%d*4!iTsUT})u#@#ji>0j(hNjbtC&H)AOmKjn%eVQl zz8if((qfBI6YW9U+cQ_}QUBy0C zx-}xDzsE{8Wp!79J(Zhn*T*>4us(^rcGC>ybwqo`Nmtjt?|YAqeV*gQMMRj-o%TWc zwN>V_H9d11m;Xi*?8 zyKi1l^sIXF;wmt7%!_2(&J4iTC{4dSDE!QYTyy1a4D7hF0n!ly{|O^=g7Cw%41|ss z*e=Bd5{MLf1RH!N4};jw*!^f+H_OICd%TuNo-9JH%SCkYINtQsmSNXmt&EHnV=%#% zRB{Kj;8ygr_fyHv-gUUHREfGHwOAF6FfqDD60z1Z%P2=yz*c0CL?C(DGpN?OER6m{ zau_=ivyK_K{vdshRl8aV;5ARwwFFbIEE_<}Q0^Mk17uW7T>ijt;yVI29Dk95(;`M) z*HRkBiP|b%@=@6BeIU?AX8Uy$kF)E-37&}NeiV(Kw)7uiDau08*b(KPsKGlQG6JPE zUK@uivX{q$s;8scH!+0S8%Aa!4_;s@c^c{6i_P-OetvMGPAyCENgz`VrZ4@$SaADc z{bAjW_Jwl1!Hopl`a!tEJ8zTTYP!-n{{X_rE&}HDBr?VKFnn@!A=hZU4mtrM!mM&D z68#9(*Lu@ZJ26micJiYlT}jqIg$Oyv;Er{qujfBP&aOYjcJc;sjRc>{Jtxq@1<0G$ zh7Vi|FEp8e#TjnQG6v(x3WCmWdrITfoY`Apmj zsYMu<6`p|2aK~FY;wMUQ8?H@)tNd_Pp)M*nvn(&$hv6sRET#EyVZuval;OT@0=S%y zGD98?i8ps}+dfpoJ3KVdZe>`xC$XlDNq0F|oM zBUL1Y$a1fbfM~Cd5o=A$A{0rm_2-+8^3MrWkV8Wn;a6k~Q(>&?ic5i}pmq%D4oHLG zu{!D2c#EwBY4%#z?JfvuJ(wQ3{9bv7oK_`!RE60}WT#DvqB`IYwUTpmMAiU3dtMaO zQz}EHf1y0?h!Yk=eOkt2vi!q5$WMV)-Weg=X6lcv)&HE=hmNWcm8(Zl;)@s3`0W&t ze90?M5k6&QmFPdu%OL9J6(|UrD}bAMDJk|S^L+l-?T$AnMv$R?e*>0@kNLiB7GWt( z7M;3lVFZwv(8>|kYyHQC)dT*1LLO*Dt?MiW67)cwOc;4J8zAgdZv6sR;0d#4MS|PY z;zist{V8X15w&fQmRMBxnBUy&wb}p$Be)6qNHj@&BhxI{qU)468W|1ce@_&K)62XP zzBpIGFBB;T9~Q}mQSUeawFCE{a*UpY4YO*@NEwFq5K%Pu&)~5ejcBYeT=>dPqq7Zj zQ8o*LjbE_5R~z1?s|PJxFQ{?Y-_MnWgVJ51`-5`tB6Fu_>GlKRsHBap{hb1UL0bq)YSfU;sqq`iB2%Aer`r7G8Nu4R zm%2{9IZsS(BEbj4Jsw(-tI^z6zBbXPEQbJe^{t9W}gDH41Wtk&2kcj4Sk2sj@ z1_3RI?D;X97B({g)*}xlRg3q9TFeL17Tsb?ZRaD`k0hb<%<#D@MW^^PwfE*S+B&tTa}DLd{pTO!l32<~|^{*xExh5SB}Y(wbFv%D&bp>{sj< zn+de+k0NbHGwa5jK zK}|FC6?6xim%LtW)>nF7#yf#os17Jfqbf2aq*kYsq3 z?o|T&9+I%*9iv!^72AnNeyr`_l14%g4gV;hRbxiF_`JlBuRd=!&rSQ;@yqrDa7HWE}l{tIBe$2jWEx?V!G#`<@SJVp^=(m2wF z%k%9Pd>@X}QjBis+bazA(XMs0Vuz9g^qa64?{-GZ*6lt(09(rW-yh`f(k28&HW_<$ zvxWSU6swh{yM8Qy=EveVwRwx73a&)Bw4-sOfu=(cO%Co&xa}>@ES9pa~YY zL|efkyGhfK^z)(==#PsV)DhKtvdL)Jzv8tUxiq+0J<#;ZRR?tjUIR9!U*xY>10s)} z=0L#>v*4pr^ShqwQABj=qreOO!c}}VJ?d8PCO}@A8Tn_aCNa%0sVMj2+kHs$fAfLs zK$RtYL)L5;;I!%S1eH^t#L8=5+yqxW_r|;1q3`C(p~dnnZd!K16atm(8x=Et*L>8Z z4@Qm%?ir!o8-8U4QOk%o?*m;z%$TOK55wO$kIW;SYuhOnXQA3FA6X^ZSd}i&&o~-BfWmM+$8DEO~ zWHgskx{Q6xdK0~~=1l}|59+1nMKc#}k1Jr(sHOJ@oZ9GgTh(}zfKxUH_!;tqH2{z)>SwXGmRA@`BYSnj+(_5ZO}n-r z(e0<+9KIVV#ic~q6E6U-$f)HlRmzBQK!3#8c>ue47oFoU9Y<@iwci|ii&#FLu!>aD z5<985cuYEXIGwC!$v-VmQSm=tH#RduVz`Qs`PD@Wi&1K!$#WEfwL<7fZ|Pk8$-}=1 zvaY4t5Hfr)aQ=hu?@|uuYy7KLMX9|8&*WK_zsB+X*XTe-4EUY{9r#qOlkT}DgLvaX*Pu?EQq#&5w>(KyMwGFza8FwGBRjJ2{UjBngrMmm`kh(X;R32$ac41~#IC z`}@_+1KJP9jAd255X1qwVr%G=ltU^I*c^dy-3DX~$#ql?mS!gFxrU+KP3knU0bbM( z6D6p9hI0Sc5_v;8LGOv}3>aEVf5w82VgJ}Y+iP#_1DE{?ah})#uO{<%g;NyBR^)09 zOY2@2V|a((fp+ZWsJ8LDy!_2Qo*U=4*z7^1rFkxkdjJe4i54(`^TtUx+l?wzg_6vO zXvezP`M&7zaPh5|$8@&%A+i=edi*@pi%C;sFnl#QPK`E}X;zl>(dTaRRFtxGy9xlT zY7`!SVLJ_e=_nNrb(4QoecB<}YwMUc0PD8jPh@p!1kd3Kr9tDc$I z*$KVB19KnM)(x>vf^=Cpk;@<+A(YaXkEjjRp!8mEB4x{sfYtM80HpzncZ*#Gm3z7gh@t zfIp4NEDi0d!53WMhgW=O3Eq6imyDE4?&9rt)p~rZ0uYh=@2v{EM`>ZN`PJ%dlfBgI z5`MN`F+mCgl7m{kW!EsN=g`LhWS`{vH<}hin=(jl9k>r!{ZXZ0T_YtS;-N-Tp@@e5 z(s#Eh)sL41{Tb)p$ZP0zeUCM{(MX_>O7;Q797gQ<74*EmG0HynSC_FLS-dV_7FYJ_ zdRZ^_xZYA5AfXRPlssbPE5aJ8Z-VqkTO7@m%!YW9akG!33teEDB_q1tHn%rd#cqgL z$2wx^vv4XYc?x1z#zPY(_x5=X*7 zTD}v%n*04ybJPy#X7}MWoh!hb#Lw=bd(qhI3FkkQ*}m&Z6?3t`Q)Br$t1l1qo+KC~z{PRx1X@ulJukt@8D+>m7oB7^!~t1Ynt9zLAM+g}hw=%F zT|G6U-u(@3IMjpuxnT9Luj11;@({uZ{ezfSSxN5tggQprFB&S@@4vT=*xMLV5)8Qv zvNj>-OzN=Ks0J?dwlirq6bQhIt;`kVm9LyT9v3oethT?a?kl>$CO*zK z%#`HZQ(CljP3$#~t+zs?r8*a@x?EIKN(bd@FkQICF`qhESKvw`F)8@^YW>M*;S+X< z2Gn^rq=NEQr@YT9`1wUSwJs@rsAJ>&}1{PLh-_G;`shSW0uCeXqzS<=% z=Jg@1L9VfWb&rk{N%#_^v(-GTq%>`57)_p?lhQv}M3#!qnkp;22xptsaoqe?fQ_su zVyK-Zx`rK3HL!=MPvl)W7+FTgop%$L;DX?rylig8Y@Q{$7v0W5Fn{EW&8JIw0;zf_ zV69_b=5$H-Qu{#f&94IJXUve55uNgG_gd~aO5AYOrrZJj%o_wi-xk1`q_oer)kqcG+5XC$yBa`BueC|ThSSn zXHg!Ss04=Gx4;H&Vt=0M!0qWo0oLdF7_WA6!Mx9RrY^VUA6#M^Lr0PA60V(z&Y_(2 zoh&QS)_4Uk4ok&6RSSS%AK)kLi-7bysW07uD!^AY-NH+|P!(i0!2Wtn>B6jup!3vp800GGZB>j-eg=Z2m{{J>Y#sFa56 z1OGf4503*sHP53-O_v?F4jcd;yezJv0l?q=y8xu%!t>jp9_vV1VGx(96J{Rd6G&Io$w8;w$w>O z%0bQiPHC3nWfRMQ2tu2RTS>`4jx&5Y11z^e8BW%FWxhYm?`eBr6via3`cEi&^(StIz8XL1l!TMU7>|8<2ICX0bQPF7ABKFHQW^vY^YI9_8 zk5nc*;p2)=nvYd}pFCZ0Gg_?vXJkeGmO zksiQhkllo|zd({EUA6>Ho~+0)VZ<-cwWrGmMg2-1FbY8qZUS#0QgfXf%u8c%I;lcr zR$FR!ZTZh9;BXhj>0*WvmO!)i_S)xIt~^JtRrTCF>}!RVhuxe=USBVZ$ZD%x*`4db z=g^Q1vnZc7C3lFOJvgxKy9&~V0^J&wvXAEEKOFTlVNvf6K1VaB+Bi-#J0k?&C={~A z{8(P>8YuwjLN{B7uN+Nmvo}c>a%VPnvRKOYLx&0w4OeRPlcS~*|(Z1jYz6Pr;9jIM`h;crv zBCyIp;c2)V{UX_F40HU>R51o00o4!t61M53aNWw)>@MEqQwmSu6VF*(RtJjRV&Y0# zby6jMhSUi-|LDRmu#9KsQICS+8sU=MN&+|jYu)}n5DzSpaNx~P15-X2|0=cn=h~$Y ze*=r}QFwb+5F8Uo#43t>F+@7#x!_szI*1A02;PS&1@i0=hI&#V1msdKo337s6r}!= zUx{5br5SV4Jze7PPwj$`Jm1hPm>C-HS4EUWs2JtQ_+)mzyy7CAf5O@yd zWS!gL2sm+f;L#a=Smm9p4Xw)&RxQIO2EqLMT~81tnm12JCNAx?VzEo+7=a2y*>Vh5 zsALYx^I|1wBoiC{#PCdqO6sgoMVjW@kMoob9lt=k22Caa5|bG44k z!7`8mhvY@-41xQXCQxL=#Ub3lQX{d7bLltbO+lb9@d}UR zv{wDmdCwN73;mkyhg<5he14yUCyEi63U_Q6x^c z9*j1*f5Wz|+x7#-tvsNdh=`=k$QgbiSQE-Y>I3Jd>sI?0Jb!3LqWf2)GroxjADQSP z&yFqp{D|sLy23xgOuc73@AF@l(*E2F-n0~S)s{38GwF=o9gmKUc7GFN#q0V_k~9lF z?DBI+QkP#FdGg^XA>r|~zcQhg<8Iw=_G#*0?9>0Zs7R#TNV$V37^HuS$jgnx+$q`% zQG)&YkvDCDO6IYH#8s~9b>aM07tJN^##AtDq+^HnqJg4(6xKE_sy4>x#>*6jQ_qKm zWR4}z#8DY4ZhHi5f{%b``^@}ssd2(ZT*ZD@Ic;qB&J#07VO+zRChO*rR=n6uNyLu} z#|oAMfTOXeR&gh1P&)(CFxI)8K4b zwM~sI7HEX=y|&8RKk|5FVAt77yZAOC+S4bWW#9`HXP&g@I-z1i-6VEi-uYd8e~NgwAm*4~ zx|&~wwTKgPPJb4x<&VjIMXNq+X+b~JAh65w5YYSq1f}GibN2thTK>)E5b*vY(5}}e zhx)Eu?+i%7S32wtvp05C$odLKjj1OB;-!GkL7s7lGmPgs!Q*3pO3j8c%4W3}KgYVj&T&Y3Tuk*+b5QpPEZYv10@0eDimH=pZ z^}HD4ulaj#|hqcxELbN1juEqGDEa&0ENnl#j_yBiHDMLRu zvnI-ldNZ9R`pcGyZxE&EJ7jKOeM0V)6dmyR>_~;F?*i?oy>J5c%kT1DqDa$YJ~hKu zZ5gR_g$9fxO@SiVW?c%nMLMGYv$+;Oh9pP+d~Oz^H~l18wE=v69P+SSfU3C(jh~DI zK6Zr3(`-y&#r=LgWc$EQE-uHCtwlc$ahM%zYZo>)xpE@|19bV!%5WczNeJbVAIE4fFrq!Y$Q8D(J0DL@m%lHBtciSLPF`Pmfyl5$V zIZ>gjy!!V==F?H)qM9|LB+IJ z@sG0N`?Y90^Y4;(o?gr|G~5^tv_X{Y0ikmR0}DGg6kjUU+B=eiiF}Uwzk135PhFY* zADjVzVJ0<*Ntx9YXrdws3|m3@Pad#iL<^;+rBUi^K8p&U(o$u~MH zuvR#y@c>zBBOOdzpr}+ihT+-{)`Ayx7^NF!d9^pgQgwn|=0+5Ks(y8zkG1A>H^j3! zox}@9lUSlFvqmO7O6H`2gBY@^E}aj{o@?%x20kJeHssE@*R*`k58pMjo(nx7{@8^< zfwUzzyXft6>i7{BBFrN!K3RT)I%s)#b{Ka2;CF+=IanE7PEmoKx&i96`zcr+bY5oy ze0R4+DWH1oXMgV}p8w_|9#|7*Gc~>W`bZJ^?iap@7q9vKdUcKe8jB8k5J+GFa!bZ} zHURt3xvQ4u6UPB7JrYlBU$E+RSLMlEbWY4f$o zMs`6qlX-}Kmc~tw|yMtGv4zE|{qRd-r zqq|=)Kh-KP-+943K#`b1G#860(U$V0|0z;+VHqTDawAodI((GTs+-M#!1!SJq6>~X zX~PNB)VThy8Z5)H(cTt8|6N4IVU1?2Y!OD}@BxRJ@e+zT?JY9pquiN+z zDua8^fR>%ft9(`0EQRk(O=hQ6y;y1=6$S zY2GPULm{DM2KVY?#BaX)zv(RS;%`j?XdG3#jHYWVS7j{x1+;wgZ~hA<>d zmUh>yW}-@l1EO*?vn;Y8L)}0J@4tJzM152f_TMr)aObAo-vX+z4y|+3E;@6}fDqOe z_SGAYoXV3I?k8z{K6mSYkllBnPD+1>t&iGw0^gom{7mvZLNoIy=-gR1jk>p%&(3Eu zpE7ZJ;FsGTp?bizFydK=E_>J^B@7I`N+K?2uJ2+aYeK^|i#-eAo^4$x$!%nQs>rGo z&Rq|*e6ugUA^KMPKDLH;9oQ4X+vmw}&j-(&O)TRtvuekQFF>e|v2nnrnFYA@jU)8z{b<r)SXL$iAm@`y{mFk4M+0{c!BKz zA}Wr&hz}ZfLfH~;7Svs23LU&XvrQ)pxi=xo#s7e~a(XG&`o*8F!#q7@0*64|te_## zMa!ZiPa}z7woRnKGnBtZmUFQ0_B(FUZ2_HfLJLI?o2R&vh2W|Cz`k{le67$Sa{;ym zWMNc$PqP$Ku`WFuA7r1fQXBXidS+J@Wbf6jq%g1wR_ZZl7^=RVq89bV?QB-O>0rM4 z6bl$CZNAjI=*gJvUEt-VN(OTadC)%&H2qu188Nvwu0Hr7ktEf}IAdX%D3aB$q6^@C zKs!9&$8lu@np-T%_IH49_##YgE`&L=%e$K!2wc9(soWa*jI0S?%+yXM^K_7;q!M-+ zmbek~9*h6stF`R82Ud704Cvj1d;kPjeB81Ki1nq|&~SzASC#*_>Nlo4z$Qxu?m)`y zck|w14p982>c1GBBU`FcBfDk04}P)VL0(7jZq9sY<1ri)!lJC>;X=hUDKur%$X z073M$<9xyekR861qp@F^p*r;M4(5I6$D<-8dkGgv9Ln_NVW~m)n`PQ74u`6d_y>6` z@ya$?kSkf|l$@n>M{x#N)FjgCvYKf6TxJ!~>Q+LLLgAybSS9C!huwTU%$rKMvb{Wj zOf`xu9XJjB(4SiGdaT(zV*MlDNAu#rP}yKrq7<>ZS;@MgLjotmeX*pH=mhVO`+r3I zi@VBvpV2|wPB0SeP$gmTeT{bx=f6ScFl8U-bg8ZTHo-FK+Sd3Ao9VKIW$vf0A zp5!@P!{vis=;5T(Az4ST6mFU?aK%hz!h^Na|NCX4(89P`^L`68<*?|?9c7Hmp3`}? z?VFlVN#S1T-Y2J1BYz4H7Jq}v%MX0b_WtLt@qRl2a|LN(Hr*0=;L;A}@H$Cl*^Pmt z%On!ks}{+=I-fkYB~~6WZ%Z6RJFRckyu~m{ZOI&`JI!z~1lPb0h*p9zxXIhS;@Edi zmoag{Qq+<{&|geri@x4w3%w$JRydZcTXnO6PHKCnnfVo;5a4EJu_+-OB+^$H+rQ5ne}B3Mp#Ur8@D+N06Jp&AIP@{tM_YyXdn z+|}cKq1?pl8E^z2Q*uO=#u|3HM8~2a`?fl_-UaVp1@icc@&YT=^$MBaw6F8mI01Q4 zZeZN~9gqCGaV)K_)ng9miWCk&k~?_vBS;a8Fug#O=r2$T;Zu8i2wZA<)(;&z^V1#e zUb`=~6gSVIvP-n_T?Ez;f`S2GD_r=H%i`X68ro<-#>SeN&@VzcN8rbUc z6M*n-|K1uWwmr98z0*16@j&R+i%RR7nFq)!J;HuwF^u>mZbh2eX{rqT{k%n`0V8Qp zHbmV*$^4CNtL|6xuiY9%@Juk~V!uPkEse67zh;BhVcH$#v{LUK3`fmWY=77N?%3gE z39+vbYm{(XpuCNouIzeptsb^!rh)-iz7>|zn)7R@daE{5ME%aP$lKZDd@+;dC=Oa4< z`4z8GNe{0Dsdt+U>uJWd`$ikO2jD6edwn%|DD2^X8>VF&UV-cc8s@GF&2 zb(nlHOxhv#?Gj~0aw8OW8P*`*S-Tb2Ksr`f>~(h~wC?hn!*L7FwB0ng?PSt*Ibm*j zvw~u*@OYiHN+eW9812+?aoS!wR&cUMx@6~_KFb75jRl{|TF26^nDG7=EDd_z8-u^f z;suIh%rX{z?-xi&xSnL51M$R2D<|_<)@Y6$&VOA~y-D0wH1?V<>Lq_|G=qH|3qa&5 z(=Kht&xD=L%(_~C=RQyNYnWkm4uA_vBw{a=FS)I43>rlXy8cO%TJT^^E+0@FlqTQd z!>NOlw^le5!tO6@Zk}$i%&h`Xll*|RDW-AB`;*?&2ufw(kyEojf!`R#I!*h`NB9FUvh!!P8XwEk|^&Gz@`V}x2mKjPdcWUr}!s5CNe0G9Ox`=I(yz- zzvvP8nCb(Z;771}vj*SWPiKaZNBNZRAYC1-KI{V2#I>Nv!?-Dtekm~msjFp|CuKk1 zi9($Yv!X-I9$G)iOja!u{*kBK?Ox%-4ifz z%q_+0!wo%wnWemU&}6&5X@7!Z@H{aMevk?+c|k$j4?W*MIvq?1QArcUzIY;J-eD!% zal*B2@xA|h1^eWXVGqzYd05Xi!7an?f7B=Sq-8q<$J=uGh&h+}nsL&4PiC(2>wnU>Es^8TuN{H(jfdl}D{Pash$dJ7Sx@A4Iv%qTlW z86pQSv4mE+#)Lh9!7K6)a}pGsJqGkq=m8jx7A#-iEtCi5`IK6A3Ftu(6+Gy!+U=Bf{U4c8iq} zIgvmuLyxQbwdHg|dArA!=4v^|rVUAw^k#t5kNvDzKGhE%9#MxAVlr1PWbV7DRPNO; zA60t1ytv=_IV^N*M>oa5b1!JF)pna=c-#N}7HT>@Nm9Q*`lq|-M6F`XvHm}Vq=3Oo zCkX|BYah$N2c^$o`TeQxT`xf+9~}`wXUDZQ&AXJ1n_fQ+f&Y1nqQk(=SbR3pn<=|S z_NHH3-Q2kC7UfvKr?{7HnAL^s@|t%`g61|giIK2KqR-U1={ChSS?~iV+nVKwiZ>4h zQyBZ~Q(d<|ZoNMRt!sNgX;rK06{ih*qe!!aO1-=x!m-rt@cTA-)&s_;zoq%?RkB^$o+*+UI_~_)tVNbd%CTC?Uq%N& zyB`0;@wuixW(RW1&jW(k224f(uxT?Yk*#Jpf7%N7+3Vn=A;RnBpNJfNOV|n4ZmSGp z5~0%Hy!SUvQ;0Wor1yUowO^|U&R6}+Dk`-bT7;FWcsoi}^T1#b#Mx=El8tG}p!{X; zHk34%zP?4l%<3WkJWHXbWp%iPo@<&BX9IHybKN3Gr8rr>ZZHeK4@F4Z2vkisyj3Qg}j8iyFRJSw!M$Q7GSX##Q}Xu%-)U-hl75)RKX*> zR8G~qUqVIA-~Qu6LtZrUaPmhVA_y+@^|8?!P%IE7aAK}&Ul+|QOO*$?AZ_3C{##Fl zW2BP?x^2r4wqzW_M^$Yny;wbeQNi%6vT8q$ODeB zw$F|ZsloG?AwV4Rbe6*dUn8QHi-ZV_iR>&*-vD_+j#_pYhqd%1K%&a-N?v0mWwfk* z?#XE{e16zBEdCt;RqPAu0GPM>3(l)N_5{`QbDbCl29{)^`BqixV*m)R=eLT<`2m7P zX*s4LM7!GwvYe93g#^mdA^&pM$r%a)ng#T5V~Ey%vir8Ta{^Oop%Zsep*5o}^g@G( zk(|6R;9%vMu>KOb5NGfO=a;2CNyDLR)>y;-zcL9drWNe0{ zQaU?4Y3ER7Z!s#^50!Df3^rBQf+c{`XA9!O(=SX|shh5BH>D|pY8LX)5Lvt7K{xQd zZ%q@W*e4}xuoSB4Is}VPIP)**1IYb5C{=OF)iQ*$wHmMlDqiZFCUBw?0pJ^q)wTh$ z=ynOHImXPAh>;zqzR{(xs4RN4#4H~1N#hOM4bSz zz>Sp-0L*+~RAe61*1?rR?!!!#e%m34;@1O9^mQ30IS0C=grJ#Gv6^_LplYMW4lB4n zOQY$?GY(PqjRT4~%n)DM4O*+gdn6{>cb7k{5z&(kzu|^oHj~Od83@>ah_r-ApRQ1_ zpwN`->={dQ&tkN|od6IgLWlaK0nNJ%byw&YaB36HL?W1*I=ppT{m*UsWU4FvEXhtX zLf&(dF7Y>8eLL3$QrEUHfRc~ii~1QlT=1|=vF#$t5q3jkzU88Ua}>||5Qu7S4RcH@ zlmdXYoM#IeM1va5m3urTgM1fMP_;93MmW9QceSQ-AsSKIbPHAvEt-;j@}Ba{a=(f{ z1MEs`bsM6&@=4_F&FIc9wtA4=q(7r`x51QCn7erBY#f=+j2O-%>&KOs^B>!neqYp7 z2@Rt?^SUxjt|8F2?cqHpy@&Fm3V*R%VE`ri&nY&@*I4n41p9cf<<9|pm_m?{M~%8C z;k6|OWp}gz|D}+|Cqg!uu;RULj zE<;8W_-tjb+Z7L9doY^OFPop>n3dn?txn*WL(0QJvES{H*< zReu;_nj-wHN^;$ZwozzbSI@kkPc<*(}5x&b*@gnznV@*VDL)n=fAIl>PxJ^v+oDT*Zhq^L&eE zDWfocYlH|8&-!&KuL0n(f^-abptxCmVMu6trRUhlt;;rt688+B!%6iM%41xEjChA2 zY4aQe5^8KD=Vi22UDLJ(NStt+4~5Y;xVP$4Wu*8W#dTT^6mkZgg~%_^d>+pd6iLj+7!23o(4pOz+pc<=TSDE?=W^KReBmIHYsQgJnbP| zJnMw0x3c8^+?j8r%&x!k_9?GCYenIYceSW%Bz8tvJ<*&7WG86(xz7(8A(?W>DtG0? z-NsV!ZVAvn1%^=>4+!S}^@Anw?$rFJ^F)duhx{$sC}ht(lcs+LN+Fi%iN)UwY`bw& zj<-FQrJU*}mN*GY4WFHhgGEB#KPs_RgoEeKMxoDVgA2GwEmBIm~h84FLu$=wh#i!$b?k#j;c27!Yc<`q2B8Gjy*D?g4e^%L=4Ati%TJlrj+TO2 z#2-%?c9tGPp58a7cx&wR=OJiOX>fRfC%gIrR| zbi;y3w)bVSaS*cq)d9%Xln9nUWYX%p8tGctN)=|%Q206)*6n=U-?L^Uj!0sSCUGs1 z)8ke|xi96Vc}%^?1;xRj>0*FR@|LSZ9|q_r>2+g8^ME{WsPEn_ zFO9uBkxF2)KIMZ_8?obr71H0;fQI@-= zHb_{z6K82CYD=e!n;?kAX~Z)y)Yq?e;gjm-oX+f8^?bae z|A1O8#e&S}&2IhSyv7g;v0(UmSe%JGYKKU@*N6xY-4riM1ddZ=RZiNwRL$-juAfDS zL=SAf6Ipz2y9|91_WNwJx;0M|J%SWq4DyRv*6)V;CK@&QE~h|Iy!J!ygf$GjoVMPG zt^`XR@BO|es4TKQ2xon-?QN-5D9}!t!d}u(B#-gUM%Vw^05;^0^8T+mq!phh3#dQ% z5ila!Lj@T8ngu3}?Wdb;Iu+uDxEpgy&0$@uz`#YHrD2FIN9l7(&Ee+d31DJDbnC_Q@rNfhmMd-ha+`$(yKx4)t{6ikXk9qZjvk1 zUjEFWND!vC7y>0+PA&rH`mheO{J{f>lYAK=3yqV}=2*rgi;EEM+oa1oijdgL8F}_j zo^t(-xr&m~=tpyOn{F3+oZR>*Z_4R6rbp|GN>a^hDH#5YL>_+ik~U8cOzl~W5ztY3 zNz@6S%`YEY*e>+(@`LweZE#8IeJh(}uUMQ9zZ)f1zu#pW3}gEyCcPbYqa%@t-_ZF^ zp<5~$gxo%*g4#KvZWma8(xsWl<2WUr_;&PxSM&ZgmXOU}G=XjqVOlr$&k2aY<+rZWWn*r6g(}6m$|{ zX)ZH`ou9)Yvp7hY=EH8kp`_%JQ>q(X(7i>^w=3IxFci$j$Hc!+t(bEoB zZl|4d$!uLKHahfe{PS*VynS)vFisi5Av4n`&~qw2Y6Rg?7FF9jwT(=b3n3cPE&nAJ zbMOV>1gK{R=I(XX$q;d4o-F;4@1-%dF|^@hrh;syIp>XKH&SZ4)4b$@90*P%n*819 zjbQsu!EaR)U`hU{gG*@6M;Fo6_si%Rfw<6khGp*?X(PZ!TrsGbIep(N zMY5qxKF7GWz}!c>+wwyx4)U9ZY^(e5_LkVLx6p=&x+TdngF*UgN(NhfW`LM!X97o0 zO3f7dY!)}&f^SBfN&$iP>=2}hXmJJP15hQ=Jny`+bME#_V%2{^GzyEpN(YQa3$($9 zd}%lX`lF>%cS5~69(NgagC22eYOwE7?Ww81Nljd_=gj|g;zBeC369%zfZ+HEyUjm2 z$@^p~x7G;Kb5=n4iev@Iic$;=&_J#g1oVys{Rk-ke(a# zu7Ub+{iFTMdp>d(bqFm!`5t@Bv|Z&LY^cOPc~?v z5duLa{*z@JfceYi8v|(#Y6u6b4@d?@PE&`|K4~pGg|t2Zr4t_!~yJQ?;e|^%_pQ^ z9F%?|tV8

              Psd09e}d=NoI&Q>HmMhQ|xqVFqh+!3g+tLatZy}J|VkKimcf9u>#9l zidSWc1&NZ_)&5InC5wi&WxJUuHc{K9* z`}T$W{=3(0hPaD~lUwOyBz)S>A4Fp}6b{CXyzIyE%Iw$@7iUMMh3HH$I&u$Or3N!5 zdC%JaMgLkMi7mK;)&R>>+ZY~v`e`XSv$dEhtdJ2)G&oU$WROBjXtt(Mgg>gaVmik# zAr%#s5zjA5l-09-Zc!Cz6l}dnoX*9b^R>uRoXxZL=ro~aKo3o=y7w|01M>LYx7Jq` zn2kRiMslFmn^(ibDsC938yk3Rh=>VMe)Js2j&sbQnT@TVzT2|uNhE!bl4LnjTKFir zWYLhYpD#{g{lxmY&Rvb}NF(cU$|W)Nv4c@D=J@SLVzyXAaZK1cBkSAi_(3TzXO0UX z&i-FeU4OGWhZTfVoUyi+ANkMmv{L`1RT{T%{U}!HX!BqOQD6`pY_d>PRPW5l*;8HE z_I6P$OV;mJ;3~sZX(P~>1-x&YMUV_a!8Qqy)fHG`&mmcSJV6)daMZ{F%cIr&&Ch&FxM)N{|(|wsKBnrIO&%OHRv=RhRPo;Fs52HftoN-+wCi2Ro zS>7A{w(T0E*c`4`lTO3_pj_b}V^wxbuYd!_{ukxuYuSm*9FTF>3I)~I#n%0Y15tYB zlo9=-NcICI@%834kbEV?=(+YC+R2^)MS#w-*{dcBShFOY*V;Un+fS_C?}C%60Xkh0 zPAg>T;gu59LP#ddX#cQtDNLT{1G-dp{Ji-n`(a*b_eZxx%AU>?P6pw4cz{LJg63wbms&L@<_R_n3&*G5!McKsD&%4L7cVa;aP==W zA`oJ<1BIZu-AR@(Bogcn{*&@bO`27&xBrF~an-w_WYr_mI_vQmWv1^7&4l`+x1v+7 z4ytfBY=tXGyvf+r^3PjtiSKg5>0amP5GML9Oh)^nm zI6*NJUb~aV+Toi}ul(sQ1S$AV!tgNWIdRe5b(GseViT0j^?Da_Wsg9i7xhR+2Za%j z)w0mb~!QY(eC zZ*&cmKry_hBk_G6G^ptbmwO*j1(^>%&>69PQ^?ak0V!r*pl+z|oA>i7NDz<^3`&kk z>$Fp6Rg+y+IQ|ugU2MC&JuEZ!j%l&80;;2nlSit+_7_=#w&dhCBsfT!2L(Af=<69g z7j-Uzh=w0hBUK4AE$3mDRjXHvaIj;njxc)Hyea; zgX;@by*=F>))k}d6>n=E=Snz_7zK>v%2p*$$Dk}Y&u)$&cUQr^iFEfZ{!pT@dpV4D|j zrtnmlYVIA$%1C?dp3MZ+?DcR$m7rMmJ?Zu|N2s8OGL`&ztqC0!BHYA2$O(MAvo1s? z)JOV={hOL_OeihG>-R_O{lD&u{xbYZaYZ3-l#;$jp52wZzqj-i`N& zYDb@M*o096_Adhjv_2zbMclbTa*cf#Cod_D1>t{+pPHDdalrV>f8Uiz!ud6c139&) ziF~dXVfn_^TUP=FQK4+wo1yArua%{VUB92v@eQiDV48gA{7vqwa5L;u6%k9nrIjI?&luWpR!N-^zYqRZR;m1FQ&+&w+%GH)Q^tY@Hp$aF~MhyK!ein4v6 zUadyx43Th3j;E70s78zvN8_*dP*52Gt1o^O4eKRtX(##IFKV{++I2CHYn#ukH<)b1 zRlPjCY)nV@;LK+lqQ#)hiRJ~?<=`0U>@U~1_r_%>{R%V#0o;k9BgH6{x``i(f(bKB9%wxo@{ zST9{pMdHsvm#9qeOqLQpbLv!F8X)Uk3`$AWOL?q;;9u;rQwd)sE~Y$8j*PTpWS)>9ZuRw3lf$!!Lz%9q0pJ zKhl~=36BRyy9?swTmA#-k9L5-vu(_Bps8sZYck`#Mrflt@m)afyYg5DikgC_-8fk; znJk5T0g8Dv+Ll;#Q_f>K{fTD_y4W;1ByA>eypF2LaNk2+?)8FF7h!~uBf0em@wxrU z?VvI}yW|ZepbWpQQ@5S_Ax5qP!kE2GJvQZkHmnxCgU?nv&fM7W5nE{<=5f7lHla5L`qW$YtV$qV_TsFr z0n-OiQ4mD>UL|PXJSDC0p787X7ARca>n8~G@R7}bpEH>$p1Fq3CceksxKY$2)D_~o zPHQIYA%SB^k%$*$qn}*RaoF+p%TyN;KZ$`XuF#l1H47SbLt)2B=(X7mY*lr^AjL1S+ zI-hdGxeyWR+b zHAQ5l8ka@5^z)5?)`c9Hp3*=aO{X`J0DLbF}7@Ecb$l+=m+?t$c6 zVXvHUrV-z39Qjr4@|MTo_ckvX`i_F+=!&4>6xB8lo^rdMy7OD8F=r%H0bh9mAt7qY z#G6~nIKdzmK*vB#%J-iWj_tRLpLxEu{gA)xhy<$MOo36wJFp!UaKC{rU(CsU2Vv~(FPHk|5Ap7cR}dK|iJdKze$q!LQ>$qzAK?m!_IPC$KgS_OCeKy;&~+ew>e6_~ zN&BhdMlCz@ucW-i-N-^uHg}4tji}0INrj_A7AdgHdi3pQLy9*hJ({x6t;@0zy49UI z96OhmTRBT!W*GqOqt-Qll`E@A^5IUU@Eq2&Hbt=QklW&q*QY<`7ElfAI}E|Qhl&TQ z4PH%tX{8*lO<4aJ*BSZA!JPRsKfC+_&Oloh19sG3Uz|GvnWvXSI8{D_LOT4O!XAMy z-^DZRMl32%V3%6MCUBoPjvtoyX`+Q~s1xSi&yv2c9Ct#5!FNSQm6|qQEoUxBBg32} z9s29n&zyO3l|R-`ui%S~-9~-QcL;*{Oa1Py0+%6T2>@43=oc7Kdb7I8ALBKzaxj_X zGRRk3$#h}LL4ofTpqDR z@oG#0)XVx;{%!B?CaNhGA*uBpvdxr@ms;)fN|`42zcrOybIF=yB4HFK1&O$oO$#8U z*HspzoF1B<;$NT4MjzQ_GQHQPKjq3zj5a#;WhIXo=0+qPuHv?KyQ=h@nk)06ZFQKZ zbl=0bv4KnnzS(RFzU?J9R7|uk#t_AN$G_i*$l_4`%B@Mfuz0o`I;LAibE(hkf!*nh zt+i?FC3Iv&u-V0l+NC34!@0TB(R_cLIxa=H+^0tCS8#bfTJZ?toz$I@p0s}+`xR|% zMJp?&t=&41M^O)HO(cgUapQW9F2~u2gD$*M1S%6AWw$@?1oif;d#FMqcmrz%wz>@H4ftGc7#&(?Va#H8-slvcs&Sl-~ZU z@-eQL?ioaPIlxErm|Q`C03Hn5IgY6wk0MQ-%~@#qzTu$RXT>#N(w$%D%0`iaiz@{? z#AYCbMX~iBS7GQ5;XIBYZ9{ECXfYlPw8&K5T=7`cF}J&1dB{TgV3&6X@|%$FP|ujO z!A8|)-lC6hJ9VKRcWi|M#bC|r@0_{Tq}Uh_$QpGNmL_J_d5%A0!9Yr(23VuRZJ}Sb zfS@(Zp3=9P4z$kv`n!Te<8(A5!Bhh55Qgr>4X#8{#N8>Tx^vcLRz>#!D^IOFr3jnA z!fY%b7)!l()~}6aXX2|MFFiMOSI=J0U@p@Wt$khY)2ua>dAor)M%AGB>6ND$=^_0a zW182^4Q?Y(scMZ$rgOADo`L}aK)rWIfUJL|kU#ad+_&2WqUnwsW|im~_S!KygY4Q3 zZWC@1eK1aopK(xIK#R3o2hg6JO9T2yll8(ZbN+g z4uN9S=Elc2Y*$+xUM90uVoWaldLujZA}mu)w?pzZ3GY>5!eZax%nJx0)Gt|QI|Bys zc$(Mhx`s_nt>Gl#zpk7u#5MR0Ui`)H?4u$Vc+V0&AA92^{SiAxYV}6hIxL0hbFS3( zUA8GH^TBwInBiXk0q?6+^Ap%@h8XvE)J5&X7oVGqWS+C0)SnUKbv&;!x&h6Q-P_%Q z;1Uz>i~QmjE@_fGO#Ifsh6S^JwoP8BVH8{Jc37?=&H`h2{Ce7P(!rSa%(%Op>QSdc zgD=Zplfve?9M@l+6!}{d@ie4K6kCk(3tWWB4D79(NgkX`T(u5wKV+g@Pfxvcmkfp_ z)AvkxhDMvMePfPs%G2KdB_iVX=9zgump$vdn42|ir|y=AR@t<=QTF9fH;i7-_rmNy zbvD=8uiZ!T^z6H_hjJ%jN*BK=vUF_d!V-Y5XP7@`qmOwkMp2#ZhlZBAh$|hH#|MT7 z?fs@3k9+89s@bL1(}sg*vTMyKbJb!M`bh?HVQF`f+BHw3SpT-);e>*601Dd2?jyX{RU5C9^W-(A7In0; z$MA5&;_Pl-x|z(q2;r%hhbzTc2Qo5 zfW<1Zgq8ZaIG6xw)qoiL%tb=|Uvkzf_a@i)Htd z2cTw3J8~}j=6aQp7CN*Q19|Yo36AdHfJuL5PSIrKc`K$;q!hSgvPhj)2yUaV5yP(% zYVIZP_WZJK;HKf}v|U$aOhT4DgnJ%X-@8>MH}y?TsU0PRHg6DDop4LHGL%2Ss|CE^ zFE?N~_fu@BE>WK$T|muM)ot7?zW*SxU-`00IAA(Ib$W8dAx%n*7(dhoqKv{)H`e!Wg>XdCW6JrkQpeK2@0NnbsU zXY5|>Xo<3?b4+u_23q5PniUW_t#GdcZRvN=#;YFw0qz2C?`j5w@m0yYK0p$`@Up&X zP=thw2pd^vwiQ=$uDBkkAb`G*QJL8b1I{6h|Dfl8-;)vyx-XuAwnHMRh2Aal3|?}? z64Y3-Jnf7Vcyagz6^_z~GB}u)wQ_V9{#%7me!qMeJs6e5(tNJJjhO3__owA4wsJ)` z9D1BeUa5M<5uz>)CU77c>3OeF(o6C+uZfWKMqN=+_rNesu=5kupDr3gST+9 zsc)&YsIJFF@=_JLVi}qmr9|&2?2ooh`>)~-f2g8@!6yy}tMVMA7yYbj0wcy(rw1W5 zRpgL|fvfV~Pn6Bs(}5-MY5Bxk?#g^7BM2sPiB6@<5~b zj1_e+U*3}=J(ysTq49dhDnrKMoZnibi+2UlqURUzjO$T*JjDjvDZ$r(TpA{F9K7bE zUVTGBYky`wVW}^Y=N#O7s(IgS(*qsY$V*i#C_eU7&$!4P2pmn0|I?YsC4FRadax~z zMrA<*h`G$_OoEEeQ-MH$Rjqa4=l}^T=X~9N22uGf6u6C^@hfmPuM{%GO`!~EgX@4I zy}x|dpRJ;rUA&ZVEVZ!4MIibD-@VOPdep`3*vnz#?2zIG1|4QN0V1`aU-v^fNw83` zhtPTt4Q*doFbR2kCympf5t|GAq@M!GY1wGu)^H*(2xc$e{7bc;Wtpq))>mE!|Db;K zP5|KA6nB}s!0gka7jD;|0j1`q=4T^D?Qf= zX(!+mE2(|-cR=w1&r}LR&u0)fOX?=ZcfU^WbX;dH%t;MaDjEe)yL4mQg8Z>ZOn;+P z|9X3^S-lGKm$|T1VE(=bIAByC7j|SzXeQ<}1_D-OoS-7;&tP>}2zy*r*(b}4fLXa8 z=CAL=nFk-mwT%SQ>Ifll=`<=F@z5GVz!$(T=c%`KJ)lxLH;i(XuQDGSTrO^cEVnkn z=q$eKIh>KdT$`}jt5A=ih;Bcbzbb9^)$c&1DaxL*;?XBT;ip|Q{*pF@XgJw`(fide zZln1JA^r!<-r|RL$?;7Q__{lXm;?@G0%b52g3!0kqF5-V2V&>?4FZy?vw#e^!m#K1 zmPD#+-$HDq^HKmcrwQV96et*BEfZF^W20kx(7_Jv0^M}cCn+11el9n4pc#;`_k2bR z_esjeiT+_;bQ7Q|r5$ixMl}U zf=udL*P*C~ziWMtC@0bi2uu`xweRwB(m_N!e*E%@YW(8V7l2(vm(V>+0y-T*!bR5s z!Qt4NW|$lZpVuwxddR!(v>frCdKy#TtRdwL!UHoEeJ-ZdzbH;`vZR;x0_x^M8}^Yx zn{Qh~U8lxxcwElfv7ko!iCb*?L{$t_Z2peh;&lagWbdJQVVmy2?>(K(Z1pa{fu?s? zOy0A+D?xKcK4bF8PIKQ^r;(u&!G73dsu3`3eXMp=s8~peulfFLT1u$?w!2DU;*=K? z-%dqx(_QvxT@47eU;Ml?Mn~Q=sErL_oZv9at6^&Pp)lTpt%7LnuhyL4>qX7pGom$f z_jGA)`JbkU;RF&hHq!J!TQUS2m1ewrunAqa1?UtOK$d$qeW-XRzK6!s9MI5a-xEVGq{wUUMcq{5{&uZh$Zqo!1 zRebu=Y#~Aw2E)<|G?h|}11=e{Dagd9RrDW}nCmyB z^|r&-zCM)>3SWBq*ptTkSQ$4cw`aAOXQn4s#(7KxB=8Fw0758e>P5O;2gbrrP7nT1 z@Rf(sN6&zuz5XuOVMkz7AgWBwb$c_J?s%WAhpNzfeY43@{}3UQ%%Hy+#<7$uyDi9T z-pFti&3-}Ad zDgin_*=N#B0slsh5$H&xQkxC}>LC0vV3a>fjrRBVb~1PEE@`0b@fludB9A&$cm3|s zKy%rv2gY!O3*Ul1UDc6{>-XA*3zwOOXc4*j29{+Xj1RgC{U6B=t!m*Y$Jv$oT?F=J zn8*ya5)G^|FPRlbzOKGJ_W77ml(|TblFYF^SbSga^`iFWV4?W4=)G4-JjdxAj>SLm zfk76V2mZE9eUD_fN7N^W|{LHnFL6Ta3 zZ=P5D%Z$+Yqa*Ku-;(37{+@tGmw}DL2Ff_i;cb}YP)tG<-lB_muLD~UJt&q(^uMylObHh)qWx|)AOsY&W^-f; ztqiwwiq;AXnAZymy!YQ9m&j^ZIu3P!B2J*@Nvc$4J#~!ZmdBg2qgaw;+dcErRgTn} zS32=UEHGRHt;843a>o|(rU)9I_bjajFa60=afyy!o+{#b51YsvuLtoU4)>qZ;_juQ zqKvLPGJlI0wY&6?k#GNwSWP(c^RDf)6~uLwnquywg!#F)xCdKUEYCQb|eb2-OdcpuvsO}p40seJX7j?JR4;9G_Z*(r#naW4TIPtQ>G@u< zaln8-5lk;J)n3JlSl%H7ncI|47pLh2~zW?7K(wLE|AzG?nB&Tko|F z#-_;y4>CRH){1&%gU|Hr*@b(n9eK9~gn()EulGf3r151e7Bk+z){53t1Kt6coa>$x zi}>BcWGX>(N!JlBy*c85?*5&6f7xB`vcYSmj(57RE7k`J9MCfN0`!`p>wFlg`oBNZ z{xz#YJ=2}U>5__urLWyK$xQ~m-_hW#Q@51n_l~I_O>V^GliX$mqgL*<5{v-efpqy@gy59GB6saBP{!R}}P0o1|92y$AhxQQuyq zk{=ZjcFANO+Rfo_Nxj@*qnY~MC?(9n)&IK@B_+0a9c8&y+qJryKN|Kdp zFcn@uM8FYr9(T%DY2TeVIf!R#8y=5+&$CqyZ@g~+JeA%iY7GfxWCs@|M7R!HNZ2v7 zFNvd*S%yd?Y4>%BKPOvX-6ZGeCK`NHKSh8xW9U7!A`b0x4(&-ipG2rGHNK2jD8<9O zj!Et(_Yo}c6D)AVV9-Oja@ zl#;UN@Yl8J*oq)v@482!!hC6Wz@MQ?p&|J~6Q$?~p$^YO(w{lh`&dL?=ZLcM}ORanCCxqX$ zJHBKHawOMZ$tas`;<>DSH+{l|@P&g`w?Y;^QoL79>dBIJxFp1Cn8g3J12*>U#o*2= z30J0o3f;Dcnc(=-qwcI$)UT2U4MV?SvfB(n-d<`AKc!6vN$xa^5zK2a6fw#-Of;t& z&`)|7kM6d>wcTG)|ID%`j)zO4eA%p}`7OX->0=T$MrEWPfFDL8C;2Of->qcEA?4oL zrU(<+x@1mJu|@F0YL<(Q+Fv0*{pN_nM_V>Vn^(xg@IHsXO~?HX@UvY%>$7&Kej|TB zHENe-IQkLFy67_4hsOkjxZYUOQ%Zj$K|%*&-Tc}(`mTO*vug80*_c*^Js%1^KX zQ_HZ87u&IHe7QLe-dyppsxW=0WiJ(fAdw~C%f7tr5dgMVCuJ-h!7~OhCT^et;(QO` zgXL0VJ%y6Pj5eYD@>b!X|(xLw{;!gV!xPT5N=&cmqqfhHn*`~OqV6fW<%2y$7A2$=;7B4S|M2 zGI?8Yq=?HE+Uy9{Y`^CzeO79_#6A_J;ZJ4bDK{ahRhW?8F=E5_wZp0};vTHwy620g zz$PTDnv1J;G&0rwk*4#249vU{RxQ3*;%MxywfAE4-~ogF#bX~SYhNd{antjq1X{`R z>>_#D@;1xVr;}^_MGDlzt7stvm*>}gAIvt-IToGWL-xE;)bCfR<0h~xedyn~uGMWG z%8o~MH$1=gnf$D~>FL`Rt;yEH$SQ{icJU#O>6b^pU^`WhX zGiU|e^)+p<+H7hoAGO{-3E!1zeN;BPM4~Ulql+VjJBc{{L_cUVK&h^n{U=W z2=bom$n)0U8{zGt?8xs+(@OmymeX-uGb%)1xwC(i%RX7y%{1iDD61~Q%~k6jUa?=d z>?`Sp8f6`8PVe{fEa#V<{p82ZPrq|R54*hfK}KpLoWCh&+<+znCCESFCi^E7rL-%u z_*cI2<%iOVqD~egz_#23g{GfKyAmAx<)*VzgU@=bRGW=Yjf%u9X9E{4sD^;_NK*e?089ZLJJLM4oX%UYbHoL`Szj0R!L4e5rmQi{ld^}C3 z;`RRciz)M7Z)%0|&w%)&%1IGcr3{vpGple+219f?u6=tD z@*-LUJ3rp|$zvr50&iiO6yZ}MvnzH>SQnv&+F3{QvhCLajTEq{OUy6NdhUgq`n zSsED@>Gg0iKAm#AYj5|7r-^qb8BC`VeLDS-EEJU}=Z@b}ZeOjLJp@)`YLDt=8##Z{ z6Asq#{t)}g;{E%zow5;ACdxdaqjoRMV4(Oy>Grs_4gwIyPdf<{$8%4Qe=`EML4?hvMcm3NiR}kybx&sWT?8o&W3cKkv zt?qdxsiUnk8Pbsp5s6Srf}h$|`EQwPfxPv?y1;PA7h*n;@rWw7Dq8oITxa16t^&}l zY?fzG$aIi)N93wf4wN-^60I4A_L-1GAAk zPS+xonq0tq)pqV(dU+ILBW)g#Ager5*qduiS!DH?jgUn!MU(Iz6r?EY)YZm4UZspIDs zJIc6;MY--F_y*0J=o;Na>ozEL-{W|zeLn6WfyX9-3{gB03A$8##O*75xMA2_=} zS`3O#Qepc6X8#&wLt)6U`2_?E*-{`mpqmr;IYwY4X>FsBTbR%ZWK~^B9D`T^Pb&YP zHj?9|G9=Bgy|G&xqEpyRVG#%qhN)%~?5hEApPoU!AiwoFZ2FaTdO>LQaH0S&yr*D| z$GU(Y*q*){#qm5@VZ?!)3HcVm3-v%Q^3|x?JTjW+8<5DT=~l!g%w-I;oe&)*X;5kE zxP-gej>}!;&uX*&B7_d3aT;v`=R43YCaJoi-#%In5}@j&}B;W=qiLy91`+!ax8r~m77=69^-4Vk!3r+ zSe1s^{Z;Rb*ui6uyo}gHIX2@4a_|XFY|ICsbr)Vn=oGFf^kEH>cnsT5gz-~-R`OhU zvLa0SeqcW`TuIkB)t(i`#E?(fRwtwC)ET>^;^f%XRxKlh)k?mn*l3d9saomXc9G@( zUM^HQ!Latp1nzIxDSIDeJ)(~NJGVcHem-8_l5OM53?_-vwO?66hNa)=7fE(_#1e;? z|0tFnoH%iOb&S1I%BJSv%i0F8Jore#RyButK=Zkv+PGx1y;$45vl<@H$=<|?>MKs-#8BE72=js^HrCxJG70jUWQudb)K2M=z34SzQHHsH%#OybSyXJ7yRd%oI) zg3fke{25w6WKsDy_50uv6K9GuRA<@ii>S+o05|vK4C1DQRO_2cNv-pQ+dyYb2Excj zfBOK{oW3!v_DSmzPoEHT-OX4|ijV6OiMADNvtH4@aQQ9J%1>^oR{y8F;P3c6)w@$- zz3fB9t;B?XNXC!82D2e`PY+IiwSIMwO0;N~?JKGakPAR}el9CS&_wE&j%w=0p7E?l zAg}ax#?&Z{^#Yt<@|nX=Ei?Z_=doLoQbM&eo(XVfwW;UMZt&us>AjWQ`glFy5J6+E z{>vbT76T;Y@+E>ABOtZQV6Yf`b7&K~5NTY#6_e{b#@!v*ziE7as+Dt-KLxk5th`fq z_t3E+w{aA1_D(i_)^*aL@bWQMu<)$d@fSRs97sYZd%WqTCjZU_NS^mR=a)Zj+A9&} zEIb5O%!M-<&|X-0<~{5DkJ41&v=L|e*8opQPj7P)mj-eePw){@z&kX9c$Ejtrl6

              urbsII15)Zt3eL4jCEt9wr8 zEos5*g98+v`OBbAkQ*GbWcT&HvX|^8lUAhefwogd!0$|kWcIMy+Hqf+UxvDJ%B1$e zptI#mFIENmSdXD&=&uh1{50T`nCKHNN-l)piGR*blde+nuXalnHX4Wc(YXkjNF7{<7PipEXVe}-Z(R}S zX}h`xB)Vrw^*m*(4qj*O93&8_C7Z5^#IuHo-(_^@op3 z6;fsj7|PA1YGr;LvY^(8tyD|t3U1HaEp(Cy#o=pboG@TZNI9%j%RS*dT&IO;t~;I= zYow^0h)rCH!tDB4W=xKO`_QO+i_^e!J%|~57tBX3vhK!teKB;+YYMi%$b$g02rgSW9uGr zxc3ObVmmTuaown0S=pvLb++lcln4*PskF4|_JILSaQ)ZV$3c>X?ron*VGM$Tc;YCsICw@8FHaXznsCtnoORSrVeSztRI6%*4uOyE7;YuB{3Wh?5R zceVap77ZR7i|AM>SW~i|DR~x~IQ^i!OiIS;nGNuTK5NiK1{WF8FKHTD?(^-=iPme2 z!Q2k<>LS+^_U+#c5FVk7XZKGT;(L^XsRFH?)kl71WgA65P$s9}EpYnAFAy8X5K> z>aS6coUttOvK+_MIV~04GE5wZPBJBpoMMEV3i5l|)iQFW>>`@@JddykP&KZ$UjQ72Pdy)T4V+U5wb^)+egx>PclP}EMF#j4TBkg4 z9ipblnkyo=Ijh6$_G|<*7~dE?t7cy*u`*UP^i;#?9hlLLCkqH#**Bw&0!+oG?iwTD z8U83{CzHJ+vSG8)n$2ujKz>O5Z7Z+NA#f~CuIw$v-7WlmjwQoK*iC!nu&5)hX6m!v zyln{L?qPxXc%pJ`HNR5y%3$*liw>i=mb05!f~WC_s*k|9r%vH}a43#vU;q;Jz7~6s@MlmN~rB+OQNBWqL zmf7o$_(WP)G_vu?1-;Aa_FI3!{`fRD^k9`NBx-QIIH2(@|K>qxCt`rXY4c$HORORj zOIyRWz`NyYG-J?G5Yv{Ve;l3C1hmJ=$@_xxp-x z({JveNo55;x9g1k#xpZr-k;K+PGn%Da~4Kt*i8lPz5}d6r*0#zSHa5ai7d;xU^Qrw z>vyD`Qe%y|U6>7njhR(mCB-bc*1DhU@*y+oygD0fwyOgK`#_pk|JTOZ@A&N@r*<3b zm%CugJxKU<8iFD`Q6`lOj`QWPwS@p)#&M6K{r}%h6Ey-F0)st$KlC7E?1H!l`TBSR zXts`_0=P0Lkm}EnI63k7X1;OFXhdqa*U_0Nh<)YQy#Oc-76hl)!0QI}?jentgcwZp~ zAH{r;3V9!V!9_rtbp+Tg<(ygLE)iTW>;Gx*%j2Qk-~JVm7D``7DyFh^>O|JEjTFYd zWIG2@QL@LR7={j&RE#B&y$I3R_iRNbvSbS45?R+(J=xnn6S7YlKY1T8(52MtOIfvp%=lXNtSH;hW6$W#3TT_+pHfNoB zs}@nP)~~B)A7(8UEW!F|bH<#0#l;1w(~z}CW;pV$b=_up3m$7|>8OXgnBWqmCf?t4 zX!1h1F26pI7n_tjTZ88O{ixnhk^JyyV~sK=JA?q7NQsxLSc+7a`i2;J=WDhF(E^mf zGz?A!>cuTH_r`&iz-03(SA8SQP>DwkF)qI`WS#`gmrwj9fd)7cB#m$$!>o&t%ocoY ze(z2#S8$H6V=ATSS|SeqEP8XAozyT_Y)X ziR<+#PWle#A{%NHIPXvH9OHI(ZJVF|T)v~Vhb^HSoD=OrVjg;W)~0;$m$sFY+JR5b zcXWkLDxXtnMIxG`>S*7HOXkEA!oQ!Mu}37rS?1;6tX_wFP&1=8ri0v|sI1l>L>$wc zlsPZeA2EiR%wf+jV0`9Z#fRm}H3c@T*!9Z401Gp3YU>4J6n91SbagHPctw3_We#$f)PMu;#b@gSoY&%dICHF<7rcdJ9e zSbr|Z1s|Ksz;B&RpGBi8?{&?2haUyo=uH+&l`oXkA^C7~w;M^=GB1_0%I-5TTMzw) zcsi9MjxFc5O|Y$iQ;y&_!~$ncFiGN!JmP4-NibHU&T$Aq>1l(A5_h>IbTamz)zYXb zE537!dzq+-6y$hTxa`&L@?KJx>%EM!bD?f_`Uy7YM`U6t9n}W?hRhK! z?jkc5(fWvm#Q3hMM({VFS!y@YMe|6R`UndeiWNRNpPGLV3S}RA>%0IwD0oe<FrOC@8xb+9+k++O;W*M17JfTz-xSBJ=zqQqOzJe%_|{ zV^xrLtAb`!L96omQDl@wze~|Q=pKDnX&%^mdvzj@;E*uDbs5~qKD@Au=A2-73(h>& z2$?w^;N6JGeK;eS@fiUnIMNDdb|iC{+>+N>HAHlNU&kaUkMp>}{~!1zJT@o``23xz zj_Mu|>1&%VI&&T&zkLp$@dF>RxcLSQX`rLRL(NOJ6gOKX;Dbz9+&-xy5cRj!ca&d2 zsi`hH@TYn9o7wn(#CC`|ACPpZKtNVfCf}K?vu5=`sF|slJW}je#PNUl1oF(?D!xz! ztrH7w+MTODAL)}qO>rY{&)I2kw+BgTK`GK;$)7D;;}L%OeHOci4hfhwLOdc3{mH&> zfx~|j`Kf53%4=uRP$X9K+}C^b9}qjP(8apFvi(m*KOm-U&?{2P9u^R;&n0I#N5KkwmP%07EY5nBc!@X7?Zopu1 z5QWmtVZi12{FdkU|6~!NraMq&c(W-SvB(pw0s}Jh{@wnYqBOkbq=7Pz)ruO#c0dpg zJ^?Nc^hNVhiT!6Uryz;|RL~ek0$V>7TlwFsEu#u8VAXhwb9WCle*5U7<(?6wiF^@2 z%QW?kRH*8Z#OG80@OPAE+lnphQQS&R9aFH{DMHzWdOUhM%+?o9ZBxv|+o9IN1 zMCV8j98AD&0||I|9Ax&-#gmUxTmVv^oA(&g2)T z>fmU<#ybymS6+*BtRBI3=wI%fAzc~@p$W;RH6!}}YiwdJU=j(c<8hJ&>CGQlBofsu z9O~wwJ%p(`7>g+Cjgl=$L)UHYPuQ)7F0#fG-+lGjQV)@u*OmKAw_b-B>_Xb}%aKm{ zoo}Ib(3y)#w_xs`n9%3q+>_RZCR;wM-m?jKnRdd+OkuwmYZ> z`|;9I=-7HK%jn`4cIxB}wvbc&PJA5f&bPk_{-*i&fen{mDZ<#>f)AVX>Lb%PrQhg( zEB%&lNx#>#wxr)f=dm9jRA=ZqdEAVcS@dxUHS=)oDm+j3=15>2SL@aFmn{4gZ&DUS zT1Y@3`Y+(^{D6=n*wIuJSsdo3g8b{R3kfvGEx;BuS1xP_Gd~u6JOYrx4~{a?d?h8` zyNf6{1NhV)-I!tkprj5#KF3sKR$&#cF^buY47(0w|xO zELwo9nkc6YBT;+@&PqI2@2WspoaA7028GcdTMAg=HeY%yE0e$@+F4hzD$Q#uet4Cx zGq=Vmi%bm?{S&OWsE949eS5Im)y%bFFgID$CImoBOJ~ndp@(x7xpHhK!^XFCOg;`B zj@}@1&5aRKP=wy-uQ+;Aj-Vl;Q2PkSQr2!2{gI3L1D(0hk!NmI|D0H1sX3Hz(mOAg zLe>2qt6*XPUggsGS5Qg+NjnvMbZ_*!0MhB$ce$JwaZOmRHY^dL_CCs2ruc7D=zN+d z=VC#dliLtQ6Xczk-0JVS!*n%PaIc&hj)q~LE^`sRN6Z#QP9Pbj-+r0Po34tNHo|S^iVDM~ zpT#>hR&DPl9FtqEQ5qm#)oZoRjGd!@KN?q3marvf`{#h1 z{mZ|%pZzyWcySGQS11_FBgV5`B#GcozEBg9BJjW13-b2mJxiw*=wKd+nh!E0ar;|$ z@WN&FsmD)Zg=tj+F-Q8t=jUuapyheD+UXpd>HGQb?9a0M1y(GR=0I8e#vjOeFOYq(MA1SQ;!BRnZq&{n4nSe z?czGLKpzZUu)aI+#v6Mr&QId86*5QhLChLOV5UtsArn3QJL~-^&y7{BQ8TMMAj40C zsj9#SF}G&9yY9UHNJ`^X@An70H7rt|{ZH`kN0C{*rspq7_o&bbyP~4zu3G8hDM2~e$UMO}L>WAGow zpv`-jlbpur*sE=F&6n?Z(X0}6@Ob+C<5hT)$2;bbe!PxXW+h+VQjkDci7l`f>owixO`ZSl=q5&ZGZP1Y$Z}i?`AV*&wDAqSr^F*YI zu(ZO=xbBuZ9)}M(W;iPV1c?n_WE^WCXY|v$9?k=SaR5Bwfcf);frX9Up5h#%JNh>C zb-mj27v!6FJ8XZo(<|wwg4d%y{e3zWJiNT7NgToo40|6Z#XdTEu=(q;n=%#jj|I*= zzQXV^Oz-ujHvzL|7Wg?%>5Exsi0oU2SRS` zpK~#GF}r*`aH;q)<6hh%Slit_+*eXZYcY1f&n9np)yE#s^x%M5Ql~A?f~&cbg4xVt zL))domBENSp$iwz74IIsT(hngXd4aR$l0QWAJw&VaO>>MjiJw^BF*t=pD^f5V$+hp^>*=A2IoD(TC4r4 z6uXD~Nq$QGBfGFk%+?2*PrujD9)kPD9B7s_@l;1g`!kS-go?+8MH9+U(6vw!YhQDc zGED|fx@h@x(b%w-(m~2%K&2IUejGXvV#& zC}y_&fx~|4=Hq(U9ohT!mI@{d$8xE8JGl9_1a9_J({Kc zJwoq_7rUvDEH&idRkr1AK6WT$-anq?@sac{wWs}=;o*e(Vk+07I;r&BISg4+FJmE{QEX?@A8(mU7Q1K5wsNm6)!ID;}K$Y~DS-ULkarndj-;l;wUeafGN&8LOA%WyHDOy6O(hM1n; z0nxzLd3)bTr=9GsRhT2$k1AxLaHlyJZ#<3)bDJk0+jtY(zvOzmW$OHqrQiB=IvhOa zB06Q4==1J6?R71fwjT!)U3&SmQt$ZK=Vv9LEjUcYPs%0scWak+@>ELbOm9H5Q0t;y z5qe{EXmSFZ=XSZ{>14_37uBAHu0caqDP(urql6tIV<^@YRA zb38{+ar16&Kagx@$YCCR{uS=xi;b65rM(TiE!->ku> zarCOys{^Q!cyxm6-y$ewq&nSB>wMmoE0)w($`>BBg$=(KUQuTK%FNtbb$da3_xwDT zePs8!hl{jS3-)WlgZ-W*huy^Yg*IaxHEv`Y$-X9hx^)SAl;BSEBAmJ)=Dqh_=E@{; zOJUnajwl=-&^UN#59H9Z{Ba{P#um(S2IOm#zglY$apDdWX3E_$Z*ci zWy>`!auKd(lIF6-*qqWyw7vp=CefHOSiV4_@QkE1W6E{8*Y9SRu;Hk#@T2vYdGO7` ziSEAI;wS~%Aa|EU!qXOmpgKu3|H>D`H-vF@yt=g}t>&IZuVZPpoO`ZIc5aY4m8YAh zHs7MReNLyFX8>6PTSk|cwNs0=oja|me5S~`L(f3Y8< z{ZD&E3+;JVx0T~laJOx(^<@vQYucu^)OTY(zSTat#OtPGV5cA8euP+mpZoAYTwlN7 zH6A5><91hDv{LI^g?|0HZ${;cwkbHLB*v4%uSrTcm0G@)*i#%qwOF5Qp3;oP$M~dO=QZeg3C54r zM&sP|@C+F$JuSUYh>vAa%wl%b6W5He*0H-J8r7^P!`yk%$-3olcNN#SP;}UG!e#77 zz9#1-Pk$133Yzz6<6VIzxWhgY*>5ftOtv<{uD$)xpQ2J*6(hq>SeX-kQN^8;X=RAK zqx&K#`&||iFv+*lcu}+Gh4Axs;`GfkG|py(Wogl}8*YkKp7Ak=kyre+c6L;7;2>Q8TCXe`Ni9` z=Fy+=>db*_RpztD*-;0)PNJCQ$(!%9isunE?G(3onJ=ro(>h#J4A7TLn+=w;6FcN5 zxn`9|3yP=x)XSf=`ybD(h**EeU0&3$-mKC1A@J}asXrs|Cz*@MU*3$s8wy_3q9Iua zaB8EOW|XpzH^}yh-q2qGkSV#g62jXc-O{4F8rFfcmYwzd*8j7O&lfd2jrmW)j$G?& zsAlo<67DgZx#W8D!B#*XFvWVrnWFR8sWcLawX)Wya{mDF83Zynw^JP z(KM9sMwOO_(;}#J>nIP&c>#sT9tWC*DQV23M>bR#^i%gYBSWquTnz6oyK}a0Y*;_2 z6OCD^`PLCa33H3SM3|o0U^3Q~ZA8}%95g135E|;!cu8$iO>TAA=&bc67>+$2988J1 z=~W1Eir!Xz3raB=N5s~>C&B%%r7)lDEvDLt7OgLK*3$q!+vlzWw(J^h<`98N7^Tvy z@Mj*Ik;{e^N;KOM=l86+p?bL$W13C5f-R)o>aq|M%g*|M2k?oX%mBC0f_I(-hq2Og z?`A3w=hcV6XmgE-A{f}vX|b`9!d}`BC~RqQRcTDraow$FE_&leIl0=cceO_Y4!Idc zAzxGLQ?g6g-Ug~_qkCir#_1_xQqstn`EYlZ5mteSL_Sn1@xEpU%KdFeVXI~zPjQ8T zR8||9DwZHtjlsJA{XHii^B5!MMawP~)OSl%gTOa6j?4#WKio6@kf@22yu=g_D+)=u zwZ7|dUWB0}gX3V1G|&$6ztdvf-IBR+09Wga6YhOOmPooJ&*5i0SSn=){zgTRPbq}W zwZ#3+`)l$o>L%t+ZbJoU`S&PO%V~i%bo*L)QRC{11_j!8^~27p*f!tnFdWnu8ETXb z@~c|ewj37lAX{#6J#N>^zE%qd{r;*w0R#ou5Qj9hSh_J<7k1U^V~q(w?@E_ zceu^}h|R&_YG-@b%R-O*ZJ6(HP3dm=2XIgIhmUoS^#h8LeFuVJo|K|#8nhNq^a8=k ztBZ!}T8F9F56CN&1&_zA^Bqyh<^AqDfQ6}9h_9QagX?GGI{W-@4{IweF4}k%GNQ;h z_R(zS(SsV=tzQnSc#6qKUGz)9UpM8$3U>3fhee|9A)EaFc+m&s7j{k|>}O&s?mcL+ z{eJ0%B#a!jAuGb6#C3H=%ahtPG2~`n)h^ypCb*<8F5kdXc z9qUD4po-_YFn(+*oU5<{kYh^GiDm0l{HM!E;Ysp}{XJQ`Vr1}CLzVpdD=KVu<|+?m zQGCB}-k*muQNXO;+O|Qpp;4r^@T1*fZ7=qStq0n^vW+*aMK~%3N0;|r@8!~f@G<;+ zkhj+n{)?UIni6LFB6v}@8q|v>mrx(YUsPF(6ALJ3EDj)`jUwFb9!wwO&g-L#4_x%& z4B(D$@-_})b&b7ijZ$I1;WT@J{*!s;)Np@%Xds*p&DKy>p>7%<^u(g>O#!cj^=Uk| zVvjP*SDflzy?@!btNw?y>VBCG9Dd_~HmKj`Zei0GSE#b6T%bjLOf+TCvemFWpCiXI zENV%T??v8rWX+`@~U(S3)ALHTqFo{K}bZz{e^> zM^GPgq=FYhj5ORWEc@d8&c2ac3C5K8w-|na7yX4{Y6z=aH(U_)_ynt{GNalGb&q zK^Hj$?j;kP5)+%t;1g}tsgI|HM_6;KRdNO!X#uQ`vJZCy^!`9n(3)KNRhDU5N6rBM zjNUmoa%2EKL3qL;q_m=Z<9s8^=a3sLsj+XY>z;|O0&Mw0h;j?e$;oDKyNTzY9P!vb z+#6@3)MvyLyqiOCPpjdzEAJBdVdd@bZeEO&+$;82m&9yzGWl4turt)$qAfP!CuooEYhpZ zx&AGdA27Lv4rGIZq`H)Dl11HXG+TkPd$TTZ9RTufo_aR^sYV)9Z=#jwBO9_ou~2H& z9>At1l^7AD2w%5Pcqh#}c);hn-MlLStJ!jED$=b)&X zyX4uo-pp#Ah*SH3XPNETLY~$o5NqdmU1g_U6im6oQ*4b!6qTUx{y4+3LXD441Ex7 zTF^ygXwhA7N%@cWHM9IK8Podt`x{&Q1T_4ueKt~}j~qPOSP1*!G6|w(_>?cY2*T&L z)cV^0^J@8;7WE>!Lj2oyYZ=L`PncJUC7U}ekmySo<(FmR#eXyqk`TyE5RL7C?e+JQ z9q_@yahb}NlWiS;m555cm1ZcKm_^6^qAqXUX8Eo4;$1_NE+#bu{CLnU$ zxVAG|&eKEfj$&)h)V&B_aNJV`{m3M; z5d)e-GT}Bk*&`LC*T&abFqSR;EeY(jL3jWdJ(-N_`>^@x6QcLhkiW=JqMm~fDu#mk zA`|R=;>ey`rSWoJ>hTfQ3uzrF1;Ke`a*He~gch6FG8|QnX`L0C(W&JXEnBc9 zwnSchht?d_FT`Z(6AkQMlQf;RbMysken)Phz)+u%lw-jdVDA2Q(3|`4h`x=#AWEwp zWi2?u3asfQ$I)xLQC0Unt9}VxZN^|z3-byEP-It#L}{b@b7=r;pUgULhLK}5Efa6% zw2D*w4^Mcnxq%8~@}zrrtYLgg;i2~+VYL;1HC!kPufU{5`lWI*%c4~?4Vgg3Lc-0o zBNE1JpRuA1?AQ+rCwEk9`k9hD=Y)+)gAS?!#CaZNRoiZnjI)hTe3)v`>O7k$*XSOP zE*ygJKR;h0W8lu4`Wks~^k-gdGqn>}2&O5|WjJ{07vt;vS}ZRR2z^E`s!|Ue$iY=} zehs+_Pb=*{@dlk)%F=C+_`0%^6NQ3kN0GZm)Eoc=TRK)1y|I=g{o+MU{d)E1r0PAl zqQ=_8$EEAG#U~GOaX1o(_vcD6>8*N4o8IY7COQSyScr$#Naj4Rp*zmuOF%H>!Xhnc zp8cgwsp`_Fc)6O5tw(2a?~#T`@Jd*XWPui540WI+&OS)iNsdWxq3v-Se{OU#fXLE9 zjJsr9SjzOld$9t9#al|#$=Z5eh7T~S8liqCmcixogZQ6md7KakeLI-xIz)1RL z6Sl)S`~=vpy(j0N9ZK@@t7<>6>{1Q1Dj0!&8jD=w(UHFabJ6W}e;ZA|{Hdh^;~X4K zA5?PfRAyLP_$D#z>y44`KK6C;#ZT9rZpDQzD+?^>aD(0#_DJK>v#l^as{a;|0UqYk zlv#HDpbnR??&=ac$o(FT4-MEMnayeN?be$+$t!da%L8rCkcv(m|Dlg%ukectc+Q3e z>_GGT99mIkvEKy0M@LwhUV`kfk~A4Odw!}J&Ci4um2?fPUYHFVm!_T@xz2lXf;Goz zf)$-9dd%U+T|Y0;wquNs*ZMaM;s^C@K8s2jqC;nj&**f=58aDTYa9LfaYf5*M!nU3 zZF3FnyElt0l&5w2#pSuYfgTy{*bsT9r3BiFgZxvrnbkLk5(%Dd=Ktu1|^j>5!N>;;wEDT<#F00^+um z2n2}TI-@ZNyj#*lXj6cALOJqfQ-Z?+kODm9_t$0qwVMAQ_vRgE2K{|v+S?glGnG(c zucY((_MB~CV0+FlH4~^gY95Zs0NFrV%P!?x5XC#H>U?Ve>%a=QR-w!rtQys8AwSnM=_JarA8+Xd~^xgv4>yIl0YPY0<0GU-d!}%_h4L zMg7xZHU>3--0fS(8It`{#PSumugtb1U2`VJz6tLDS=?v_dORs`&r29Wy|K{cLNWM> z*KMsG67c^hA=9G#5kiaM>~I{x9_`<9<2d(iZkUSmjjDPH#VqSnVvVMF5!q#13k@$} zDc^ih{ zME#X>o;3Gn)HT2&?hw@CvHpZvov5m7#}mjUeXVGE5Sd>NUH%e3*k;W*?FVj_wk`Y7$?Io)=_8ks}Tr+{|Zf0g)6pioH$dRQ&oeR3A=Nu#7}`8#j0f zwE%S5VbQe`EjRkO$+UA78@@ItQW>N<7)o8TOM>wGc2y!e zL4iXFO&0QN?}%&?MrKu-Jq$Mhcc4|g$5tXIPU|>eVl*xm=f7N zJy>s{(LDff4x-KdC`O}?2Csf2mqC_tE7UBxgSPVlM3Lp;Xiz?e*W(8vAqF3HpXij7 zm+WdWRwC@zVi+{f6v*l={YJ77v=o_;eE>>cv68KG2A4n9B@^e5umzU{$+>o&?R`8h zS`ftATJ2M84_9tZy;xh|kaK6z+qf^z4Wu}kPv$v;pV0Klxw9D^hN zu9Hp49mP9p44F9dA3z5+bf|Y-oFr?K4O#`Tb+TkXTGH~cQ9;@w`_-`m>`?XG<48a! z;&+@0%ece8eL1l6JT=z?@^P38L3!1(gDw=AfOb{xIHkURi~GKB!(Qo>1o2T+JAH-nP-5mtf=ziM;#-!XkiXLOY*0 z(`*>}Lzs++0BW)DYhx`ce{`&$HXA*GF$j(pB6)qxz6__(LWL<}BONeCLk@%(ENsulydBub6wP zG_ufF$?~OcM;{VY`S3#k)_LsP#(ObhD@+$BKSR!_fG?;j#_~;l4r&*8#Y62&R(}_g zJn=R8?YhBWeDD&Pp)pzWSUF(eN0m>b-_p z{Q6Z!-u1weE9paVg_vskV#uEz>8i01x@CaBT`a@D>W|jMwSN=)I~Gwuut+0^5*d+3 zj=Bb_YQ6dWWLsFI?C*a%uC1;7&I zBEMbvCxu!vb~E2H^gW3&vL|Vg^s+KMcJhl$RlwJ{N+^k7+)|h}b9ySZ;_{a-!UhnN z=K?%(2zkgX300BsYd)Yi0zyIV489CW1OBfv2!CDXU#s~)+MB8VvAet&lP~N~j7UT3 zY`pnYvi>yTAW zWXeOz34n0~ovfiy9xw(#s;z;fBE+-X$}@=!2ltC2WxgM&wvh;)8|R(qTK}E?*?za# z#py;MK|u>Ymw{vX%42*0Mb^NvC_~1AAV+htu-Qx+J=!?XdN9e5ZCgG-lUsItk^30r zfg@L(`np{hvc<+rey@&u<(19>9;q^|Idm1Nrr9E&fwd4)9{IL?K>?+PBTx$Y^!;#496AZYe zf^R{`Bt_I!E({{T;X9YGvjPNnF8C6HN^L_%t6z)3DaV`EYwrv(3A%QU`Bwbk2jSU^0DOcl}qno4u zkLqzSmJZb(zMNzabxnJ{{bU{e?xiZ|I8q=t(OHV*7MhSIlL#I5 z%dLems|E{#mkV#-`S#&KX0(@#CvEKp*yp~;rvXyy3D0%Xx*#+YShooWW2z>R;uYRm z`BLjss3!OPp_}WfvruZGl>68UDMT54!?{_;bJQuYC6WeM$zmyxc%uwH?#pX|TwkI} zEhG_m*MT9{1}68QhXAs*I*6`clgn0XvXQ3g@wPGA_Hi`rd#NZq|^-?eJyTK z-EaGbr*x=N`uaXTxo$iFk*2Y8$RuY_S&IG=ik#O0Fv23HiX4t@YeMzu<~VPnNn8CC zedCb~GCn1@8Y2=68IYDB&hwO4qj56HXT`M_0{v9DM`n?nPr`a&b>9u9oPtWWi#t@y=-?j} MMNNg&3s=1UADb>ZH2?qr literal 0 HcmV?d00001 diff --git a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png b/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png new file mode 100644 index 0000000000000000000000000000000000000000..a0899ccf6ccd7b5d9f6398476915188cb8a3cf2f GIT binary patch literal 304212 zcmeFacU)6xyEW{nBdB9SwGoL3R#ZR*f;;`A(ar^$Gg=ZszUhccx8~J+L(2YVYUNC-Kkp{Jgt0@aXRH z#|t7;F+C=eRin(|xiO5lqs!KK^c`!eZ8()f#2%Y`xoP_Q`g_VM({-*KH`o16<;Url zb#%^6OQb94BszueBCipny_2us`su-hQ%KWk^cLUtCZS)mZ{4k8|77|xXhevq(08%D+vn$9$OHX4jJg!qx#wUMDFW!xD^(aSTEu?8w; zl3mlE+p0-?l?4wP3|3}R(Ibg9OU^bar;!mSOt%wWWo^=|5X1`$S5{?31&t&vP-EUX z+hTHok>BWEXBK&QZCy~6mL{Lf4-~%9(nP5s$Ce@}(oRYcbZMxMFmZdHc%UG+(=f73 z0Vcj8<7d@YBrZqm$Hq7zU9b2I+9HbfAbhe}Vc1?n_ro)(4wu_9V@4MvS5wVC?zc1< z$vqn2X>VHXUTQ0_@VNu$5-LU-R>1@oCbx;JsrkEuNA?r%=cCVK=Us1)-TbC$#f$He zCuC8hn)u3Y^qtF=R6~CJJ)f5@uF0uQ)=zD0^KVVw zzUQ;?;ybk)wAI&BQk$w#;LH!W{r2j(T_Fy_6SjswR;$CytLY}7861Y@1-FO#2i)a1 zWU0gE45AL2P)`l`{@uTKH!RAVlo6b09~5^N%$F9HkNV(X8laKY1V_vGw=c87y zG3L63Rn?5#0j))YCRU5_w*Dp71EAgATefu^<>-SKsO{D+DDaaus@-8RoErB7=jPok9(t_J5BPId02`-rif?#nygwZ?U4+Y0nEX5-4W zD^H^@YpeU>2qCyC_GK%RYR@%1j)gCICUxRb#toiKm5cA2AKXLTP9 zYf8{T_iaVpobxRE61G1R4?F*0crlJMgGx@_JI%}!v7a*|*uQ&JYu0K7Wchpda;?3A zX{hH;&$e$Tgp@170{3MIqJ8SIX*aH8DelRv?d6QZ6$tex9oD#hqd5=;Bb0p0u?Ek)VS<;@qD%$0!4#jtD!+C=f@ z8+XuGh_OVc??#>zkB7p4;5}eb7v4vZ)NmQq56$+3lp7vYt{^()3!8nQ;Is}duA|sF3$8rjY)?-@?omS+BwfI zV1tr1;taq;revjw(K5|BiPy1f)dwmo9_iap(?R%Hm)s$&x*nQesi}kc;CFdy1;Hl9 zwbv^uk8UE~FSjPHRiEZw^8z1!OT||e_GKk`v)ew+5Uh(%B~j3_NMra%XbaA1E5qtf zaNemfz>;Y5!!8(lyL>&2JnZzR)w< z%vSX}!6A?1;&u=^=W<>JMlRQ8wHfs?0f{hSitmm9}&4Gp=F=Ra#dK+Ui+Wc)2arPbdG40_+%c0Q@u5f$i`U0Zb2M)kUe zcOkJrYu!OiI=hV<=bmn2h%mbLfc4}=i!7Pu)iAODMUW$-1h-jF8>MJxX<7xIt`g#4 z_DCFeKe354T%$}KPxTXtKlDbPEI?SsbMnR-+;i!>B6T#4K7om$t67Bhc*Ht*_Fy%U zSAEOVbQieuJfn`mbM}j)Y!NJH3Rw+qa?_`a!kB0L1DkL(8Bys#2yriUDT-*b;GSdL zYJQ!#&sRN4e$PiDx9P%+Z$UTS7O}sSU0A1rJYhOwWirCJ;u9NVi-67?g!*SOvhGRF zDYA_&3>tpmS<#TWy=)n~%}odQHf|k~HxoRi6)>T2ZswUla{cRmm(^71YTRNtx{R?e zMx+!4;y*Xgc_Akj!?VF*#L17>-ONn`Og5oEzM4&aQP(uq5_7Wr{g&Lt$Ru#b_m~Fo zDVq=jiMzmq$tRDw!?j039BGjqFORozjDXMPU(0#W%QQrwZ~TOUZo1uO1bW*+FdoxLZG)X3+#}sd z3mJ;A%BuvC+Fk?h+XpNJ>*U(mRQ$EFM3l%epxHJJwbs=CDd?!hu<_6tcs(juvv#gs zDX8!05}adf_gjqe2nw_JZF=ppW66fuRGWRoJZ~7)zDkQpsBaB48DYBg3w>T?DI>x< zE+lc@Z_%6R%CN8@g;2-)BdF-Q163|H%ZH!7e&35_XlcgZ?HUEqSp$e2&sdNyhfs(2 zTaoNdO~21NCCN)h&JqmD%n%doce`Ng1X}Zp1o~%u4X(O%PY^w0u<7fIczJu!J5;HY z4&VYK;DOtTQzNR}MX&sQZxTvmNdoKbQ9GEx8g<(fRqb8nf?raSIDa2>nWW3@7Nl1O zh87&gzAa(ep{pa6O_GhQQ6H1FLFBHtF7lKYj*xdusn!YEL-K75bbiDp;6HDfpN0zH zGd7`{+)}_qi`s**v<}C5s3Jq>-@gTd9$}dRSl~$ag-f(iWh&Io?U_-*aYQMWJe$gV zSB@1lLt*Gd7_PL0I%7IM!%|;x#jyy)ScqLPH{#Cah@o1J6>4Nj3472e*-1k=YRxhg zn1FC-e{s=K?C!%W5I)tsI6{4!x~#H+8C~HvlZvq7x*)vPUqkq|IawgQlD893X9H_q zFrzP*H-H6)@3R4T_K6L- z;F0k?=N!1vAYo`i4zr!shdvZ*f}41VsAG`krz3QkcmZZW71a@sx_m@U!MUhHVcv>Q z=nvuqD0M=-DR3H=KF`ugMzuc-=*nF3G0x6@2g=3^9FdKk<0c(TK}!O5w_gv8PTTAI_xi*9Eh`&N?F^jOuTLTBB*1 zKJ0>c7`x>>)^r!_m}8ZTmz}|a-#xEu7H~8FI&AvFSZiOlb|@(8Udp7 zAD|Pfe*nLFeCc8+DA!*1C`@~``4jQ;)Wur7Fskd(Rs^`C0vC8`mVIoRA>t&J?4z{y z4hv+%s6K4b^saxeWAD2TD1OU$ZOR=HC(@(ZcFtICk{r1)H`J>HYNP=>-uaq@Vd++3hSY6GqTV&r5 z1^M%oxyvP|j*z-!ta5ASDJQN4sVx&eI_GXm1lEdlNMElAUADBNEeQpNS^G(lP}I5C zy;6i_Ei7@->or90f(52#U-jwot{G`a^^0YJH7L4$GqNH&EFa8B?G8f41CW`k`~F?> z4jL)%4ta7a?;&Bry`l5Bn!wPKCw^rvP(BBBT`2+l^aY`SE+6&b-Xql2AIm^&_DI<^ z-EY;=v6`=tgw@5*`x%L6>Q^e1e2~Xx4D?6cpW}_df_AQ?aAZO$_@rz@Ltz>4MaZ-&8!(HtqEyS(iMYbt{`M4;?C$`bP zx;&aUp$IeFdDX24vu&TL7eW39LC4Q<@@WO!FK8FE*(kRhl ze(+oP*M#|N!u&O1rk1q7Cd^+?nE!vCF!x>4NAG1?q11j9tK8_gQAh|*(>D!G^{5U@ zX%@EQOUSXo_{;8I?d85{v9D7inw+w>C{&zsH0{fGI-AbAeSzz^f_aleRN44z%x)~< zOUz)H`8&)`T!J>~^Zkn18H#yV@BBADoXq{!{u$IRlc|00V%cu}v(lxGn2IT9Om+uWQy`q;V1zf4;*D}Qq6buNWf?9~JFHRb!i zZ8Q~x;vILlAKItw)Z+7c9SvvJV@spR_%cb3WFkX0K`sx<0st$`>&1y-sCqJd$+(c+ zl5pG89aUW*+`ri(*3==4neS1VK)g@Q%}co8RteG)M&L|lKF>4aGlihzmNf>_5W>di zQ+J(Sh@Dl6>vVz`#~0?tI2GJYaW@1Z$I~NITxG0atbGK;s$#~SEtdt zC3p~~uY+|S%sl%)4w#4uLwhK zUI<_tZrr@C6ZpUe-mxIwu^buym{E>~SDwqTFGlD~>qHCl8;e{a)t0T$OOTh*bAhO^Q0%&v(k;H3Vyp z+^ty<#9rVPBok67!(5D%ODh%%r7gT%ia0kngPExj)x3uv`1weTC%v0SKQX+eczDaP zBAmejDq>6ZPIQZ?!q_WFuz*4w9?LD3&{-c1DPdN`J}HT{*AP=I;)EL)k60By_h)Wt z$&wT#4`!5lJZz2Qt>|(TI5dvzRk|}P(pGRK1-h+bH~>eya&QEP;*^UZ8>p!~yR8M_ zI#apLn;B4UgCl+%_xW&UD!1`(_>$XzOgat}!A{G+HGn^(UCv{6rP z0aWB$AYGwG-3S3|MqyZMJCNdR&?`@z1$Cu5GX&uDU&;)7(h5PRaDNqsq1Xp11Ng9cHmx1j_0x81ZBnHo-|mP2TP z4i{oP*MjuX|B>cqQvcn$Lh-V>E;ibm6|2r_ueG+60W7Pg=!JN>7wfm(I~OY86Ga=B<0;Jn;=3hHNhY05;*R%87B@|{7BzBPsioXfKsFZYhWrAYT&r;I&I zDC&4u%;}I7VPF}pqy4h+5!olv@Yb0WY5QA;j(oqqH?J+@ghulbZxrRX&;}`S2j#fS z9DO}8PhW2})e%&(da+g}n-FiRt}}vGu~Z|K1#(O@&f$2a1E~I-F}dmF>sSlNR=GGm zzmAPx4|*IN14{|%P*=y5xd0^vwY;YQ7`nt*Y{{{8dnm_!(okg#zks@*i1wxdWP7Ma zy`6AhkeYS5ZJ}~)8Fgb_eEfv|{J@jozXrHxMMFi))Qj6e1#UYb)dok<5i)(2;P_1^ z)oYz#X`J^Ob`Zc*o6WIcUiJA{)UODmBqL5(;|L$kD4;@j8*lO<>po)W{E8cd!E@Lp zKJ`opyneNEw)^7m7%97qlz%M$;9j>0{Zi?{&2%IyjFB8i5Z%WsP3A)l$2ud-uR@p` zz~;1Wg7V&K1)@dJeT2#oKt?A>N!^lqJVrL;?3M6l^!~$$OQKYhosWt~rH}R&ofMzy- ztJ+kLb$P@}^+5F)SiC%vD)tbhZv7B`=f??gG6~EZq;9rj(l@4Xndn4g>(8{Xo0^$hT+X?o5=czNTy{RdV+>=m;Kn5`DPdFqIIdu zx(EPFI3f3w-?_~jnSk&__q82)xgp`Cws(C3XayE51U1(p#Kdk>6(mUCXIOy(E(uRM zw6G)*g2*esHv!OX#=ct7!g3ccXq4+BdFGL8aRGRvpLl_yB43ka!O158AOx)q3uWlS*G!?YL8g&78Nur{&K zYAbxeIhSOdyclLu_c~F)ZaFd&_f|s8=5*aTkcK)A4}}XSEUm#LhM@Ljz)FBczyq*g zfxR+pX-c^7R>Gddlir!BzbY`lAL2ZUQD=50*Y)OM;<%`4b$Ka#CP$2t@icLvgr=>`QX6G4y699m@4nEIlb zCtQ1Dg1Te8ic3rKJf60Si&_iF4Yzhq3}a-&jW!w8VwDXC#aH#luhtY#?3JAy{@!`; z`^F5LrLL@NADkthoQpa{RM{ZXi{9Tz_bfP}nX}TY+mc2Z!b>Z8z4U?JoF5Xz`3VK& zfPHlTgqWhfBL~i~OczbQm5pP-Jn)wC#>k5I)0G{Xk5gXfl3w#%;DPmHiN|Gqg$Kx`_<7$dU3uLa139sCrNH<*q zGgtb0%&e$FWER~o3!SW<9A5)JZ(4F2|D!(A+z0Qi5rYB59LgD5ZyDMD{ICX{t&t-o ze=2v;9%uzbo5nfa6@va&X+Mo3hgp7S zrMOZjkQ29a|Gf>f3ga!tEY~XE)K3?UUEf5cU8$nx1@_dTOrxz(rw<|&1s8fjScz#F zl9b^m%XkWuK?NDjG0Qk_%p_shgjPImEaTm@ax{Br-Cn-J_zZXZ+68WGqMC(r!0T;M23O4>r%}LWtQ1! zpSw}e&`OF=?}5IunqF9E22loGO|C!IyyCEzsbKAbfZ=Apnr*wL2GF<%^=2AVDg_~Tv=@U_|K{e*0$rCTt?GBDkuCSa#4XX{%bXPYnsWn zjth*k5P)a$4Jub?c5lDx1OA-{0~D+=qjs2V(ftkQgq8T9A)}Uf)8)%1aFX_|t%>krQMmD2zlx23@^)00pz^TyvHm26 zcuU#KY@PKqjE6K4&EK~3Xl&?<3{r<~ZjD%}>^14Z#g#WDearRyEBD=dYGBGyj>_Xp z$TjAl-86?|(@+OZ9A!)IWTXu~*Z+={VW~_rBS(DN`%{xlDr}WV5gFc<9Lbla!H9Di^$_KhH>Bs!w^pfc$>!gnR1^n-F8noU?dD z;D_6p?r+S99@QN731685JKSmHUcV|Q{_gsXtP35*l3dxCkr#dVmNy^!5<~KJeKV-R zdJyCEBI4o77d7F9Z5hn%p%BOEsLV3_(dsn`o^@)!5U?1Vvsr8io0pBGi~o>J_QxIl zC;2_k<9=TNy6guHm1`bQY(C%bWxLH$M@iM>RzyW@>4l^CyotrL z?rnJg0pruzZNDrH;~7cU_*|Pa^TTrO{VIWEme(!Hsq`|Z()%kZWWyQSYXZY!7Y5W9 zDx9MksdT6yI4WVP6D;*6#J*hprA>=|Y3?HiRMvrwD6>b|71z4%?? zpJwy*F3mh*JQ4qL#YdIf<0B)ZF11Y6(lMKw`jA=**LyM|jS!A=*{cw5%C2Qu*t0F4 zcQCG1mAN>x1cOuzN!KF$j=`QEYE+dQRo}aIR}!}S>DhjEFH0^XU8<>N(Ou2c{hsdo zVK(2qpP}%S9{W@5&4hS;CU5o0@ApUD2#Hgh<^@%cs-@SacxRc+uPgll#J7?Jm0TSk z2IwNegtkAk)bCO@{8LpgRd&|z3xNM<#{QNLXlIXZB;3EZfnCqqCc^ca_FKIi&4!n4 zbM{?Il_YtzbnXr6*qg&yR&w)@W#RJrfQcLWy<5&jFjZgBXMC>Bv*Lw1ah_+qe8)=c zpY4KwUUl|f4u9X+b6swf$ZF8cBi?>&rrwV2(?-?OQWDj1Gk35$B7_3Cs>;zCWMb1< z1=UOHH|Rs>m8{iP-lee4l36)X86RF^N$S2o=42!;z1?u3SSBu}^x_I*DXZRIdrhw^ zwJWk3#@-!0_QMEqtAA+2R3xgWFL!lRCbS$mu=8X8^f z>Q`TOfl_LUyl_kaazSLCB&g>B-^Ix-sSK)3J(Jzv_DSu=TO+aJ)a1-e=>Nu!+=}Y@ z6YNNBbz8fCQZ@r6qQJ}Wf6DM=NU$n)aWf*@rFno=M~YhX8k7Xpr!w}@IAIEajLNm} zpRiPru7gKLsf%kFn4-ei!&VS~^h=*Vt-0*b8|sA5RKbT9T(B}ui~nhKNq)NW{@LMS zuzZ`lqcb0|3V2&65tV0E#6MkrkU?IhZ6DCU5-V>At(Sghw*5+zgxMc*mCh-xEv445 z)+l+YSNer=XCA+|K|3q}+1lURi6Y;bF`TV@!4p5ZX3cDN{7Cl0fO$rEVZb8?3|>h$ zM={$^v2Nxe*UXHYgZDSsUGOUgPfyu|QIOS9>&bwIM$x#i`SpcBig33^M@DsPQ9_1r zDM9thY&I`!yhjOeHaN#xOvev$W++eS$vTP)C2KBkMwwRjRh~qu=?iKT{${gKXjbKO z87UytC``W)fHy`OA!iPD;swjMhbO|9nl=x->&a5Fy*B-21Vka-_ZSd)w{<+LL7$)E z@AhSg+cS@$2hkppu;?~?tMx2&i`}<<(*IreO`mdJ`X;2uYt$w4ZI7@{4 ztQbzebbghi#%xskpo|L5u)=EsUYyXaC*54$;* z9U)qKEiJ2v*tu(3Y&e)*8*wLWk3<6KHj^ius_E9v`7+HY{nr?p$MAsv`qHIYEYsZb zN5tL8q&H&j<$p?}=&Pfz%(neTsy;C46{Y@b_CVT;V%9J8U1y;y!0E2^&ZcHv=CnPY zI>X0PEdMSF!o7$FqzyS67I44r>06=NJ1;I<)BE_Pwb7=FSAvZfg-`B0v_hk>R0;Q# zR~_!R*7J#b4eMvW4`;h8d$L!snqTP%^!4VHk(mq>Vvl8Hgo^LiM~lzej?~F|z^J(I ze-d6A{ba#!DG0s)HU&ZFeCscy`+tLiplyBx0l1dah=a+9Il>EA7t~LHJTe)4k$#oC z4kQFc7?XVVLS;DKV5I;eZ;#-^LsV=5%@PW9A@T@V-E#K%{yk?~fqnPi=4`KC)9OZw zZTyq9lHV|#KSL`&BFVht0#@rfU^kYUeQr~~^e}H7Q>|$>)vv1da6i|An|KH_@7`15 z?fC`}Go$^)e=vW06ZP-oyZaiJRf%$*J-`O1xU|r4{_!|O$hc2k0VtGn#=vCVVuLsl zr1lSG5Dm=#e1;4{YmM%y7^AxEWC|og;2Hqxeg1crs6P}ET$RlDkESu%+3s_`=%oS& zjWa+QQNwzsa?o2M6~b zD?SUuryH=ZBxoBwS4J3#4r4Wx;on;Th0>hn!*08;te&O+9g6Xu>ts9- zbMVY(-bFnUn+N!_p9_cY@S7Zi#yf=cfX`~FWle|sUynlE&-Pf94x%D)r;U#_(La&k z;C;ft4q^5E%l*%gDdm^56MSM9$i+Tf$8DeXKT}|LsZYjE?%Z-8!HFZJCIOtApkv(E zw+RR_T&^ICR?J!mNK*oXDNdWtu4kQR>4UO{|jP~gYXUr;w3QT~5ml)ZWIxk3GzJkTc`MayB zsE^nBpm!r+EfDD*F|p^nOz?JwEpirAMA}}4O}q_OO3+(7S2eZ;qCC3BGNGDF%Vcx0 z_^dI2(pu^HBOk1C``wGj+>HV3=$tv80pJubIs{}6XHv~P3Ir{H#7qN~yZ%N&uQR>r z%BPh40zUET3RbP0yzg~b1;$M+^#D!d@wh*7mX57Nhhg79HH|0Y>(~J>WZ2t(q3(UJk%z@bA7VoFLvZ7cfGn*l%m0OO*?Q z-l%;Qu*r{sPKDTsi{ZYHr%HE#QkDeR{n|cjKdt+iT-o%<9Te@h5--O#wo7B-LLW=( z@)@8;T%{0c9}GDDXS;eew|qjkPtZ+77W^%uRE3>TW7MORAu23GN{5;eygkMT(yy`I z0TS1|z+@(C6E!^Ivz_0}5Qrph^bF#U&&`HPBEeC$FBA1(v|f4H#Op%Nd%P%|9bSP0V}XY_ZsLJzd1{q|il1^EC=te4oLG4qR4mr0b?! zz{-0w`XVU~y)ZJIX$xquQsX89woHq;17P_f?wj@Aq?Q3tpW8Pu3f1Qg_kucrNxHyA zW{CndE>-w3dvEJ(PUaYN3prrH&)O0O6=g4JvEO9?7H1N8mv&_oM+qXbFGenW4!!{@ zDj43+IZD^SFL6!Qpc_z6-g7dk5Hr8AqidhAT+3Kq-vZSzQ)riba{hr$;xnNm8e{gkYLDG)E~ z5yx#`vNELpcBrPj26AQ49JCzbsLy-4Xw(OEad1~~u*Gvo8!-NoEvKZ5^e-tRt}bUU z{kalOk@LLWEK#I@Ww7#+&MD2n(BW=FW_G}f?Y0+FK$+HK+G^^(wV}-QxTvUrs?JS> z`bjk^&##i2aKdS?v2F`X)j3Ey*@>YHk0;2+X*l#ybYntbvoMG+^rBBZE)MYRxUtvk zV!IqKH61($Z$dxpJC+gf>2Xfe( z0yE%gpxc~4z39m}Q0P&?n_fkgQ6~Wtn{$q#s%FKCa-VQfg3DSNiAdPG4shI63ll(E zSdhOEn)#UYB|M1to<_PoALhFZ1C^DyjCd_v+Clm3=-0<(L~+_y3W)nrWgFRq9QGAA zplvk-Keg=)Ut2Vgx(D4pt_UOV;u7_kqY{0b6rR$Cch9A!fgvA(CZ7%8S~8ss^gt zKn_sC*4iSTXI;RqC8lCwVpQs)PRz#`0%~CymJkRyZL$ zc-Jv{CpNDkDkLfx5A%)XAV$=G3T$j?3;eqb-MIRFzE{yW8b~B>%dP~x3WD~{G44St%$GfqR zJ;vS#WFzt$?%q#wQIpYPxewI8M*ikjWc5BiSyr* z2lia2%Ow0_|B)nQk>tX#BeeGW;mavc6)Fv&x*@`=3P=@yb_BHip5N2*YdXHs^0mi< zHX+6$$UdTX)$|Ym$1%|De+G{Gm(t1G21S6R@s)@EX(`|q|Bk#pMG3MPnGO`3Wop!X zn}Mitg7b~Ck7RgcJN-Fo*E&UMkFtmPJR`0!2lSA^N!f!?EaZybK8CiCF%7 zlm`-+{#vZ;Jk$2`$}qa_xI3Nao`YYmdak%DoPJ#Qhwu)lkXzF#6H_SSQyT>1VY=z{ zb84I?9yq`7@3wM&u`VYF6of@++gryc<;)A`MeN4C$4CR6K?8dnq}>V9?z9Z39@yM6 zi5aiNw@gAc3*)x|baQ4*SOsYw`qm6;Uh%4=-+!# zDg3pjAOzVR|^nvK2ckN_w(C!PW*Ckj|-{7?>si1fzS`gakZhnMi+Tn3+ z>`qmJ&_5wp@*;v&$TOs+nDw7HaLHHw*`Ha-0xJGn@Q#GXM*H0U?@3RpV2Ur3`~>sjv05++j?nmPd+(BbzF7@)&?`|Js-$a(^Rp zk=)Fo&uwh0+{{5s*6Q~ARP?__k7r*7t{dObZQB2r(!;M+ONRG`Y?Cv7G-kg`h^2|3 zo(Ys@Y2M0 zHb#5C-?!#omBB@?(!{^nlw1AcL=~;s683s-D1&VV3bNB2eq}-Bb?FziXVG~iB=$6> z%41%f597^1VXuU?ps<5iQ*In|$d`#jXODk8w&Tr4pb~yw2DwpfTmX2$NpdYKZiC+M zwXBA;zc1fLD|#mVqGeT{4Ew#w59A1O01@i6R1;VSaP)Kk&Jm(E49e}iCtj){zw+*Z z_0^_Wd$9$d0>tnqh$wzQ4WRXaKfjU!j3DHG100g)wWYw3&&Lzv&y=2!^Q z)aE3%?ErH1OGhQp`_!7y7c7Azl=@NV&o8FWL+=xRv*)g)K znB%hn;un=oYAG4gD1aLbP%z-Lqz2(-o8*3CpRj{B%gU3=Spw@LH(i-XE;KxMob`_ z09xc8`8Nom`$aV`XRphBr;H%qDd?{KN-Yiq{6II4>XpAs?xeNlymrlL#K}bYEj)Sm zu-7Nx+Qe?ddTu^HJP-)z>%ow17$>@k+6{2o(AD4i6Y7{Xn!irf zp(BMDn>D|cP`H*htXQ?zkyy?H#vS_$LAMfX3|SuA-a#0h#v){lbCAC=(^J9bP)3mv zw`~Tq#<;am6vu5?PsPLl%!%Rh!wFLn{YHAqL$#(mMd0mgSmkk$j3sScIi z8z0jMM^#ftOZNgl31BTlbT)-a=_4Z=*j&)(AfDnZ~umy*SV36 zEk*f#kKB!%Ct_LN>nEgpJ=agr_j*g2NKy??Hf-nJMC!lRk~MxK=3tS3#}=<9M}Nt! znlyfZkoRVbSEG@5he4qC53{L31p+xHhidNzqro!O!?U^p z=-gpbQFpV|_^QZsU-sR%UO>12M%GA05|~AA91suTzV3J%ldFE0IXlBgE3l8VQZK3? zQ!X;h7>bcC;;lC6TtMmeoQW%UD+8t?@RQ}yk-*xFWj6Lzupqy_k#en0JD3|Z?xrrd z{d=1=?6w)em|`$HIH8%W{K?-Yi6B<1ILfno2SM{_+v!}nhe&oH3jN%~w{{*4PM4+E zq+kSDs<{|(JJT2`enmCno8&2vcTq8UU?}V#&+GV^i$(giazMo*2{lqKV8iJY0RU)+ zh@Jhp+Yrd{cM3+iO(eIn5(OA>pWLnkj1Tz`XdojLjPDc)MAa$iteWrxSQwc&0=#fe z52bH3_GDf!15cKG^6U598BB#1VM{DPwIYSBr#pGgxlIUSY~yt z&A&s#2Tdl01E@A(^YJ&mTf8Y}g$|;ZOEnXE+C{_oAP?W(tp~?5f=2Pi3(N*T9kBJ+ zUGLra*jUC5b}kxk4H`O4^A751G{y(@N6?I$2jgp&@WtGydGvAz>Cm8k72QPtqn+bQ&(m*rP6-QMX5u47oB;-@rzxJi565d}n@w;uCGZcDcRYr|Xw!NHe|sGICCE?&vW>Qn_3g}t})hnH&RZihm7<`D%+YrxC*v|b_cwn>{GAD2UM4r>lM#aq@3|&VOc2IJ!lZ-4rBq3$C#%SPORgEBMfej!Vfe%A#J8XU-o?`9W<*?e zLOEBp5i&P%^zVfRZYPgdfSwNqxj*x7k@2yQif^+{#=LX_AijKufzZ z!i$6hE}v@{AB5#;1`@Sq$hNSwm__9`TS0bLz(mG)qukRXpAYmg!0fNdaSW0QIPXr& zIN4>0m?+5a`;8GJgZc%vj+~ei;RMLvDjHwBWVZgz#;2O4bfc@@ourg=Eq@)XczUZl zsQ*E3GQIBK19zHj38YjY5n6$e8%55|6 zS8kg!PH0sX*EnIkjrW)`>`9}HgnPG4)-vhYk0sZbg{Oz%6oE}62CCOhNF_K)HxDV> zRUv@GP*Q=Op0jhUv~sI6Le?JB`qYnXQ$Xcjt!8d*eQRR^t9aUB!Ru&~$fQZFeoD0- zYiBbtTaLF-e!x-UrO%xG8;vj+;m_K%nCsl7ng?J8{hdlyy<-V0hJBFCA@{oHlu0WS zCT4RRaHmwm#UW+KXEL|S*5TBmjJ+j*ArRe(t4QpY!GDDL0z0E2gP*xb%_r);%ehxl zydzy-bSzYk3eGv@>3J;$JEYBf#dX=C0_&}dlTf6u+-b3eAJ5D@N|C*W2TFLun!>Rf ztTTzhTOOlY-&!#KQXwU^`lo7}3lBIzL}9iE5I5<}?d4zX7oXXJ170hD)WU1()a4@p zW(QGZHy|gukm}zB1dDIIogC+#@P6Sr91}Fy#$yLM<>z;aNt70kXEjERQ!ldSoWOF9 zHjU+%HX*nxafStrVa)nY)85K%1?vQq;(aFheR$WK)}fHO}(RJ_A>98p1?w{G^p1OCK2o(842 zpQabk)M(^9*;y5Pw?eN@?|4iP6<>O5Fa^5V1oaJg^^elBxC z{H#dlMNGl+V&Ec3MsGqmPd=6)7Dwte#NP;w%7t-Xk$z}H9m=DEPuff(+cf$ho*RKRPVMvyqHhU?_p%UgF0UFgpW zL}#k&2V8WJC@utZd&brj7A`b@Huwt7w3m;8Fo?`sp9%>0Q+_i>(199=;#(s>6`KXl z>;qN7JNJf6F2gnUt2lm_KTvVNh#$ZQA%wUq1>e*n%L<++z#>~6DZNW*ThN2=%Yi;p zl*bK5HaZ41*U-+ketKKN9L=S7{>*g?hpOj9amm8<1@oEI1Ai;{F%30ZOs^OHOEne57JAH@++uIvPc{k&1(Vj-g7n~`&g8~{Fq3q8 zce64Tp&GSi28^3G!8_|Myz3RYh1hiZr64qf8%OhQ)CERqjoHV%_)fkPO+K9p18fli zLnRM3Y|K5~S$~szs6Pc!Cpn$l)UpJ~Ra?Yt{26gxRFd!7IJ4ug1<{wW^M+fBd`Kq) zogTYf%>wpG&8OSEfood-45WC3_h{o;4|@CFmU{E{gIeQlZ)I#Jt#O%f*c)(KYBQQl z`>!?{?`;)i)!@+Mw*oJ+3XGAGSJd3;+cT6NBfo=8n3i^pOsq06W`i%~oARD^0H#jk zni}fgi2mClm#16M$k-=8wecn(=;;E{As~HI1uj^t^Ws~Evta%~tUx}Zl(_S| zCh@gvG>HNT0NpViN>Re*(Uzhw&Q-@>zh5mffD%n#R7Ni192|k14Qw5j@Qd7sGvW!B z;*;Tg@+Tg}Z_wRHHXK#tG7JyuPNVTBf*%{>{kfhrT`yS|kDIXnRpN}Gd*6MRv^V5a z)X$J(_A8&@ePXC&|A&59Pa6jc-G}v% zluDjV+6ES-swle4uuxNSvt~y8>3*I`OiO+~n~ZEFP1cT@4?T@&dx!sR68;%f&WXq1Lg4geZYXeCAYh_ zeH?3v0)E#{b?0IT;Q8Fmd!l5yAky!5@VYBj13WgQ$WiVipq!HqWI{pPZp7M(Q{_-)1N&K@iTmf?S`NENNW$Pe@uGJ?Hy0)BW zYthCpZa2JMW6;JcEF0+TFRK!S#Sc z?%WB1l2g91aU0_=U@68MRs&NX046wyQEL9bAm}^f2zohN2IWLkC2?%&)K&#q0EP$7 zu@Ge&bUk2}XDURrwLvZa;_<(o;II*D<5_y#YAMGo4o3dp=2H-immCEQ*#YD@3CdLOA!ln#Q^-iCjHw9gELDW1l_f%^GLUO~=#iD4 z6E5!pnD>yEfWyP{GF+)kU%?bec%>HwdD0MG&G!B9+7`VA@NvQAz<;QCCgG7N}Pd0E8FoN5F;ac}8HyT$0Gz%m zp=&KD+8N)bUdHXsfX7dJy3DX+N{$ms zl@zh4(lC2>fOBEjcPPEJMN}3-{@Cd4Wen*x9|y5EZ`=EpUaT%G;iGT@n9{-l7dU+5 z7C`Hq0Ej_6;M@l}K3-Y53F7s(0()I30%`||rJL~rZQynUSq9y1nka2lHm+7t*)e`>-S-+M3HS1NQbH-Jv{}`!2iE zM0ZPc5WE>wi5b{hAhdfGtihpF>n7@>7L|AWZHtWjlHEjP(noXvao9l|S!HOp?>+qB#r`3vVE zZ?>gRwTr(N@w(`pdpWzQ->_HnOY#Lb&i`d+n0E1dxo0pt@YC%t2FO;ewK)|#{;j=X z7>j`Q?zdX&o_QYtZumR1-BcTZM@E|Kfh}qPj`)jeqFLBxF`y6*imBz01SWT8vD0sC z^=4f=iTr1-dM9gEgQwz(qX0Pz1;q@s8fIKUiR1SWq<8n_8-07ALWtxksUKv>_dS)Sb|kP+E=H!u3%p| z{P4H~*hMPQd(FL}M5RSp1ZcxACF*sCgIWl%GDc_t*EvGlat*Nm<*L8!0vzkE6&jDv zuT{70hy}#uop+Nt%K2IMM` z#IY^MF1VSSs=WY3hkA#!RtVylUQ5+qO^q;Q@2vmab}if63kbAI_@LixH7aL0{)Xe3kMI0quPkJKVL{LcgTLNV2Y7jY;RFKu zAY|r!wWW7~g8W9Icg@@Wi*e$ww*2~)Vtb#WJMAtY1*+2^Hl6?=I7~y9<1_WGF(5(rK3r51k!C~s<73VTJDV|K>L3g z)+_}6jmyzc6?QkU)rH)Z8-aK9*w0XsOK2i6=3!Ck1p_ZuX+m%bPwu7M)uB{-9V>%! zZ9x9}v=`0=+eU5HoXvdYH)WzadXsRx&ao6YdjUDMErg6Hz8BcQ$jh?&Fj zP#`xgzK+HGu$t=seizIi0;(E2Afsu)Ijs);mB6|c+F%Xr^Am#Wfc|P8Ft#yR0$`B< z;V!Tf5U3;;0JZ96V5-^!?IhDsYlp0G1vI^Y&Lf*}-loqvJLfJ(@0d$%I5iVkT;E;6 zB96RC+hYK24y4V?5eDtljXbp$@L+(Hdhl2k#Mm2@mP4pn?E=VI`0^3(={c{V1J@Qj zzk4AVj_A1p_F#iN*3s`BYEx^`H=f=a-*g60SL5*Yh57hNIi52}TnspO?Aj(dPM`oY zm21q|c1=2(9@R}&->T=`TcdAiDB;Ne(vY{y{_wf zU7&TRJuRgGhhbAHGVm3h}8AuA-PxjKj z1;x!sk}zz5fHio zn)SX{zwU*c?yYE%051df)8!Wsq!fV_q(f;`LQwEA14hdjiaVvNo```1}D#VjC>QyZScWwsw-hw82mpS&`DS~06eh&7KD4c z9E7+2ZDjZ-&x3XoG3mbV69oPTb^I?z_kX$5|I3|*6e|Be=T3(_s@yp8j8YtBdHrngx#UD4=KN#r4^D`rxkP&73(CMZK5jV!KzFc15i8hGiPa#Vh1J} z4jH`q{4=-|iY-cz-il4lMFuOl2GB9$R{67ZVa4@4G>4hp_Ivexc5gx1=Qwey+L{*ttTXxgUoF@eTy58eBh)g1O0NDHp{5&MSi0d6yG~% zh}6`P@8LZhb+cFWHKkcM8jk2f@0y#Y0O0RS5kd+CGI@z6fFzOQrNM zlu^HPlUTF*AL{SyXSckIQR>?tQl_#v9s(jv3_It6!KtAF$fYSrckbR~_+AUfR)j2QdkmUl|xhp0OL84DDCyPuyI#wA77U>}K}g!_Pdm*-|iUD%m>Ev|eJ;ISDas7tXjO?J%LKz8we`M@&Wp#c4&9i6nX*1Rb=_8~zO-=hsdP3~U&` zD5dD9M}RL5V0d6d>PmiI7eTTNPQJa%R*$uTWZP5^Y+ito6QdQ*F%QT^q9K!yyou*2 zZOP8|IUl>tAxCa`U`pVhdC%d+FQ3AgE!2Ew;+l?NmOY-9ZFhAM49}-D=goadLE}1^ zVGQ8TuTa3k7i5{HV<2m($E0dL|NbEVHE_ctl8^kj5fkElQq~}c8wr9$PF}Q~qObD@ zZmbU|=x27ZDqCT{?dN)^jmX6pX`E5{&A9I94)mdIFosuQutuqI(hYWR*P8oIQ^9Sr zl1wI$z$XD#7G>b)1WH&G8(*zgT!d`|a#IlhA;<|1p2DC)r%_L0s37rjQ-glN{Kta4 zq`n3%C>bW(d2uqlVBwmfvN`sS{el3)sf?cHLmZ}iSrdB5D%oO8$e>8R)|HuF8()z) z&51Dzu5t=EW9Sf!Z^b2N(>uaD?BTJ=gti{REKVvwHBZ=>yQP+z-l+6=>eBGU%Lb{q zyLECTlS^EvxNg7}Dwj2Ml zfos4~L*=cOo^hJ!{^g($$iU0M_g5~YsJibA53uS0a>`^z%f=E@tm^OGI9Aux5=j0~ z$?%FVZ;9?X8W- zFgWNGzk;V$l|FQU_n^+|+z~eF#M5QMv)g^JP`J+H1upd1-PU`ZcP(6j`wzzE#Q=V8kGe3@88m}J0vT{z29}5jzoQhdC7VC6$EXW&v`!SQSdHOR*R~?E0TTvAjgLoA0zDBk3t`QhN zY%w$ePElY!4d`X1*rY2U#DTSA6X5Wt(skbvLHyA%B^NELO1OPJl<5ng1#``tZ>`@=>YqTj>LC!4INiNi7GF?gzV$+E0yCUGk zubEaC)W)^5lNXontIXW5rn)UqtsjK8>wi{`$6t1>TrUrN@(bP*&s`fp{}w`8GsRwH zEG;Ja9F~(vTXylr>@S#3vTldqh5o!tDm8#PuWt?C1vz|j!b(vMg9B~)Y)EUvn-hB` zHbdc4`3>V*e8*%a%OCtomG{mR{tg>mft%IN)huEs%Q7F_&n)rHHTtfQ858kbWzO{) zU6${tn8n&e)J)wW@>JbO$Fk=LyyngjANxRN8Hk2!Rj$r|;OPb;pmea{#00si&V|3x z(}fPG0H1!8<`yILW+8F>Y0UZ4dsc%P#Dq+)x0JCM5H?eLgm5bl#EKQEoG``vim4F}8_<;nhE>MasH86Ju5L-$+)+F7VC{8$`)DCMGmC6_a5t57eWJ23 zSq~NHG)vTP;|}ZYX%SzaD&Lw6i2F7ZX}M zMcFM%HtFsGGm&_TLsf`#xXuPlHy?1QL8JtLmzP^MZs}tp|@{g z%VIJ!YmE$OsJQXFtMMrp3GlK75h$kCi)NE40<;LUr&i+DS-z)C*T%}H$3Pq8;z=}P0q$l z{n0-f8lu9kqaYW@s=X9CoER9!3j<_Wb1v`&aW!He3vke*W3`dU*U~wwURG1IE^1!% z>Sr{ju(enjDpRT|@3KMa8Y2NWKY;!s7`LNM&O~ukkd5M`=V8*Cq;# zU!FQ_AecN6X4<55y(`Oo#CNb#mO86MB`@;vZ~=@hfR@$>g*9KU27(wUdK{9+C$2oW zGDQxgLpg#8X|p*S@H^6V2Nf1a%!{wF+DvJ^i(jmDntTS0YTH|?K)i*koOu@A!j!E` z4qRMo!6IV|a!a2;>)Tu6mi79uc5mv2b$0{*5cfUfw8NnUfA@y%%&>Qp za|aMMW0WV=7hK)9a-G{H-BM4??KHn=CeAq;HgW^_GP*E`=exa-o(Am&xg%hkm!|3J zbSz9qyye7fb-2Gjb`8Bb({1+b0sPLilFg;bv0ZEA@LlO)(}^RSJyiMvDf9bauOBa@ zGmkuQXH5)+oKfn1L3OHoBX$V-^uLjuHJGn*JkKaXdDQ_MeKY8U(~l1zm=VuZwV&Hu zQ&$8V4f9?j^c#SXZM3>)B_`TtwiS!M2BouP_QD*w8%XX+&L4*m<>yk0ti=q z{&^266Uk&^6=f~l<#nl}$pZ=Z8%MSPgm?*bXlW~o=-n;SweLUC>!E**&Z>EzUbItBphcJbp>Z&+V|3x&uPVEP6q>X zQ-9Zww=U`2$#mIwcjpPcOmprBPZG+eWUy?DlsJu%q=8_H5h(W&H2>b9h0ah>1i__TPcq*|(je`+B0gE#17XoUqWbFMS#B*<@2 zuw)1gSPe?T*Xmp?oheGoUE0a3Y|R>yyrC?s%8qvVxLC_ps45k;orxr;*^}7#D z+IE~Y^?w(=;o*aW$8LRs0NlIXs>hPww~|W>?rwd;$$VqORln3OSR5y3?Fo}IR`q|D zFY{vTqk?uxr}D!T!|CbvN>0++0&IVH^vvbG1`>j#0M*vx`;HwGZbE&XZJHifn31Xo z4uARXIou@9>s8FSk^SiOUCPX~qdJ76iyo5aO=I;#$~e?E4O+O(zF`8Yke4$t`uuWwwtPwfZ+s5p^QGMtoY8slGu<5hrjQx{38SID3n=u6k4(;S?fU&5Q$m!rrX_)0O1lv|l2p^RyhKbkX? zDXq*)Dj3ovB#Y_UI3F&(Q1^(-jTi1rr-~8h#1C~?Q>oh3?6Hw7jcpQ|I!7 z%0O83Gga~PFm~EK4RJhC&wfHc4HLG5bUZ4M!hXaBGrw3Ql!aG(Co8BAVe=1FhrCG9 z-lr9dU(+G*{h_L6>AeVA+HG>Mt&11`wqM>7^O(EvJ8eq}Qo1RJQtUVTEBmdt^m!+y z-@}xvUShARsV{C!Bzhn*)UFnAlm>)l z-@Fn~F2vzd;qeGJ&_0y<+X3qcLK8BNr0lV(hcSIbPG=!AX^8&C`sr*gxys>}ROPbp zITx>R{Hl+XU)}kUw`XUwQCI3OEu2cdQ(Fbxt%it}>tO5z7MZSS_hJLnMp&Dv8p~PG zxdu*X7aZ&C0pdqDQFOyG&YbxCSj6R}QT`2CcC~`EjM76~4VY2*)kzsvVz5$AEirDW z(RKtsH>-7d3H>zq3^vfP8ai|zQLxJbMhhTt;snwNYdWNh*70pe`kl)ny|I31@hF;5$F zOtJrp`YI3=Rx~M-V*e^<|JeT1Y1;ySeO-`wG$131pf1lt1{W1LWe;<1sTA69lvduY z-5a-Z3~c2eQBLU~4~8wG*M4Zx{4s|)~IcFg4i%GS}IHpm>7FTmI3nW z%LO3~r793V$sWi?-I_AWATNr;<=o-A%FNWdVUfO;~oDrKNm%#EIzV_ZXKL0(A)L|qva$! z3c&Ak9=%`bP6?JN*g(?j`C6UEjhK7VYoogtQA5YVss*Ef1;s%qMRuxG^+LgoWnQGj z_lc6*F^gLBQRB)C&~r1p zMWRbZ%C;gKiA51RiiM&93ZM$xn{6eIY7A2&832v)lagS2l^{D03rQ{{V8Cn`d!m)m z?`UJ@G*C5@uEMJ48?4z!@$rr0_SwBgXYs-4n^JpH*ckZDxsAx_XZVZMo1Hxr^4B$j zV}Fbgug@L?b74yR*DDG!qv#&O}sKC+9F~in^MQ;Oh+;;d(Xy;?8A@GCEnk9*o*@Z@WE9Qtw5&L9~BEC$JM!?R7_Z|X< z+5STVc^=?4a}KcEcie@wyE^-+%?%WEg0)tuEdl2xmZ`d!$m{TB~Q-#Fm1EgbT zT*`{dG*Ee^1<#G#(ygUc5~gXMCiuu~v!-DZI>`S%I?8^Hh)?CP`QTXbj8vcHy!YANE@Ccx#nkj#*H_U zXP}~>)C7}7cOhOYi!ftM-&GwEiYB9rDZ!eknJqrDRNMD4Lw&K%(pk`i2hGMO#3uGj z$!+jZEhS}yx4|bO)@`Zh5WX|^;6+`8=ei3BdW>u7`pTOxDmxFuopV@;DT#Y~>-v=L z4y*3R2kKXI8KYBET-@Vw^Gdm95<4(5NK|5{3z@|_J_6CC%^^b((SbYzi-hkv9n%hiEVOv-YLnpvJf3Zj;cx?*nghx30I^`9? zPIDD=|MQ{XyE$j|0L* zD%J@TMQjure~KfEMgt>w11_zU?$l8pSkJjth>~OCq6qeuB&G;H72Y)O;=^!pT+IB9f=|shKEG73=LOXT~`u{Od&pT8hKd8WveV& zt9fEXE<3E|@q4eXr{??BwsVu|SAa6+mO!Bp#zhNzNxB|~0?SL9{#Nnp#alN9x$Z2E zf@*$u3eH1lu%LxHej|YF8XX_@ZhHiCV*BhC6A%^t@lqc4jmD^b7hSxq$8+rF@p(^^taE)KdLtL$3OhSGt3686 zu9v=cJMS?Taii(#4KX?C)Swl7!DA9&K+UT_3v%j z8b1tEC|y!e5U8GqV;*9^2=P4(+S)#m*AtWBOY@f6X}Q!{_m&h?GpT)B^TCC9`e>NT zR{ws8vswlup|6a#srlUa@C{=UL166Z9cGxEEfyKSTbKvH^k>Mw zgX!fNSeYGZvHV{JDMBhhTc@sA=QI}KR@9wXmS)fy+5n-KzeuGuk_`EdmHN9fC9>a~ z65Yac4c4idJ-YgrBqkC69B+Ubi|g)O z7c+G#`%lcA^SCx3r?B}w50V!B4Zp4^002|MJ;i3d64|~~v!&M_mHD~lS|nPB)_r)> z`j7d!KFzJ`ORdz4nW;uoQK4>6-&8d%RK;ZfMuMK9Cx79d8_OT@zgbYBjcINQ!E1$K zfZGS`SM9f4ioDAVNyBWbNlnbV*din3X~l;98@L`mTSEZ`K;7Ca1j*T=ZaJ$1geEiM zvkFOL&yYnK&4RfzwMyU8 z`|t%G82(pS&p?J8Vz6}1>kuo;-2~al{*W-Z86U(pD9}#3&fLk$nnurMXC)Ce!zw2M zc<^Y{o>;CMy<>W9hVrNTo7{2Y1MS@0|9t24!{F#m*0Jssgvrx%h&-Y(M#_e zf;}wgCu-JNHw+)$;8<&lJT)t^$=;YeT-tCY7qj=kB`xEtE%t<-4@N)*2F{KvOhtA8 zF}Z4qdg)}{C?PO?UiM+nsHKk#VqgJ|gwnt6D|WtqJM@e7Snz5D>~)31s<4kF>ZG>k z5Jsg{Yoi;8x{A%A6Eh~#uIo)>Hgco4?a_1D9H}ZgE`;SE&=A1HL7=xi1oy5PqRg{0 z0~vf2w6m9AWIITG^tT_mXxAiko;uB9P2BH!e?JgDGKQZyYPfTz+4N{!#U$8KlnANQ z%-vx4kYi{rqQc=NIF(ZTH;Syk<*2vJf|Q2_LvIGPfduTEl&5K(XH(CPxLL`rFLAA} zCRsTVR`q8cCM4;9xjE5nP3FE&ym5*CL^yWKtw#D>x7hQNyVmIWM>%fip8nnwr{ZR4 zzm6ZN%enkbX*+Sia0(3lX75)S9^n{G0gysPL#cN=%-l2uU`HZFz{=u>i@$#P;y1pg zUQ~{m#lKi`q?;&GbDoo&7Ah*uzZ_gN3`3Sgq)?y3OX0|%-uKE9)eh`h4*DDng`7kc zMYaf6OXCg!Q6>0a$n&I!;$mPgAO3MB6?^EqcC%|iuC;`%J}!7@)Y8#JpZ$2qbUMAA z7<Gs|tW5a8ZP+ub!ct>)Uxf2`SGhQyMeE>snqcsjx(@tj(NT5xo`6FR%u zn=#|fXd3M?WlG}@^pw>rx+)V#7WIdh(L1BFiS5N)>n7`Pb{AYdfHZ*A2u9^XCBOw( z<6Y?^2yQ=hcOZoOCo2F5s4KxH6ND44K=&Emi|q`9lo5Xe^)V^qwt70~xPiwM;N1cy z5g!SYm%70dXOo#!%t;;j*z3aGYt+ui>ZXMNRGqV6A?rwI0OdRcDCZ4F!8=aagC$wn z*g4RT zlbGkr7IRm2zJeYeFK&CoSeuc#FsHCOyXK_ZT!y`&*gN^?FmL8<`!CpzR+qFuXY{|*2?4PFHn0~mH|Daew7J=j(lT+xdNwexxPk~EsdHjr`|Cw1)_-zL?wE|xF9hSeO`<4dH2wu`%H6mxiy~(-d zr))RqW_tXtlnK?U6$8gpwvTcKwIK=|MjUMkL|&!S)J+~y=BN0;iN|@Bx9S@7VIQ?e zZRu7Oy7z|KCX4!kMDY&?-x)0h1vd6T?3XhdYys%=Rn0!zagkH=&IxyacxrcTXUXS- zN`uQCoLXfexbzdMLw#c%I}=}Ek#m<1wxAWE9*o18;_=^YY%miYnhlW|LKyttxQui` z()biatzPjPLiNsiI7MY!EopC>4i3HzR-BXD3CVmw3=5bM4afFCr4x8{;@++*a4|0a zcbgczfoLr_3VwqWIEvwQuQ!s2`})qgi6C~Khy50ba(SS(a^Ai_hssk}hZ6;2_SYZ| z82%gWGtRC)@8=ik@d+@``?n&>NC^bUP<93O9)UTd_Xt`fx4JbPCr69E1S<=QmgPTT zyBZ(V!~Gdc3Q8Fnu;>?uMFH=*LT(88FB6|?MbPmz4_%%I&|Kaw=rb%oN+9jdU-bj> zpY_9kE3mMK1QvU^1AzD(sBO=K;R?XH*`S7idKh9XOZR4btA_b_fK*i`GUFV;{=r&u zCT}<-Ux_a$`ez5AnvC_Jmg?|5+$6|`snVu==fzhjA3_~hf= zoEzu5c;ll?pw5=^P)n)Mnl!d%WY9jjfIzhLy`CiHZ6uj2>XVb=TaCb6%=Z-F|8AS* z4&eWr+h)n?gemE3F#W0hwGJ@L(RvcJZybZ*0E4q$@D+%BL+el^>day8+W^z$L&|UM zf$%_zkv-K=`YrhOU{%8+L;GsEW#2`L&}G|wzd%k16cFkMe5SLOeWjy)fZ-c7DFO`N z6lb3DSLEr5fsqknv5??|Y&qS9 zAyzpSN3%ez_NbaoISUIT+O&aCN8Yuh$ql6R1KlWl`WcqqJ7@+1@)DOtaBwa4(!=-G ztO+36eO2%?8ECPs#=BVm#(aBS+)l>;e2Ak}kb4LaNI3-sLLLl>U)&>0Y2b-?H7ZimaM(;{h~hbS-Z-4B08>BzT+jU!4Tc3gI8*9P263M518hK8zwbw-3h z_L>~q@HPx>1Mp)~8t@hH0k%7B-d*ppr!?X|S zP^u$^?%He`IPy}})td$+nfkf&6CZQSUVFwVX`y=e!AvF~9}a5qHsE+)0u1Q@jPJ&_ zC^E8=6!AWol4my*Nm4~l8oL5b;ASvbb4PKw8lrbb>;V5DBPmR?{c`cr=I*avBs$>$ zG(`d)yb|Nmhe2jxz|04!J%YfATNqX43H(mACZWgrb#cgB1K7+f4v(ySAk^?KP?~<& zje)FOQD-%kY{ow4#!P~t6ZBM^GqCc(x+sQD^YW4SMEbr8JT3+1yT`lFJ>H9;mjn;> zeY(SWKSGxc#*q)@$38~X^gmsC4{}9D7(;VKGCQ)N{M7ku@HKylHfs+0wG1Chj)vll zKEQ1+D%n6|U8n3&OVA$x?7RD}Ah=YHHd76q+M2~2DpL4nE-D>xrmf*BQJKBC25mF* zE(IK+Za0Z3{9P%7oQSMaW`hLA$)8@d0pf*u3C5zYEhRGkG=yFPDMEaUf!qBLPXj+g<+6WOchGZ`klX-O9#Od&fxY1GGH1UQ*f4cT zNm`sq$_A5Ba^35_dk<~}X_U+Ij_1gMw#sQJv9v`G6eWwppk-JoAV)1PY+gs2ZiW7Y zZD25wq86{X4Ki}+{dKeGi`HP?=}$&SXPO_dUskRgCI_smnfc(mjT`7xAH4Wwm1fGW zNL7V#ZBIWD1JCS=(gOqAS5^FS=R*|jjxG3X;ZT%8fQ3?`9KSwb#KFOHZePrv+@NSg zJ)B5mviT+33_v z2TktZ-fRnM2k&>~#hhZ*Hu=Z^s{a47cvyts4|R9>fAn7~#e-P21MZ6J91qF%$rkPU zD_Kji4_ve?6W8$-`mTS4s?r3C&nrcRY6sr(s`(-1BrDn=7p$&x2{HBusZhG_4HHnv z&ZJWxL1y8T^*F-&EagMd8P;DqGH@kE3rv0JAD;+;mQDBzf&<2%oV$jEO&Zt0S_=_a z)a%0qFhPESW1mx0XP&Ps2*nhs=0POhH#7KY0M69cc}K{ zi0B)k24+{8xu#Bl+D2RtbLgO}z`4mG6jNgJHGd}Dg<2W!kJFW_SsA0&?fvmRZLD|( zf%vfHSPfIJgwx&V$5I7JF=wJfzud*?{;NO>xZ9w2%MJBl= z^!Y4)^~q#q3}#VSxr2F}>@ZhGl5|D8|MwRGl(Ro+F>_zPS77 zq%vZGF=*p)3{h?<#L^}-U}5&Qp~bzk;5(PKofq_Vx>MnA{?Y-frHsX{DEwmX-fyP* z^XvSnN+*MX+_7aST~-oU(~W(^Gb(ZGA@rSVN# z5Tv=uxDH3_{sADXGJ`~O8!4dSk@21sIxyM4;W?OGP-M01Av)I7ei`<{E+v{P<0fky z^X(mK#BD$}b_kN=4J2qBI;%c1Dk;)dg$lrSFX<+fS41v(h|I1S&(QUbb8$Ons zZMBfY5Uq^;>@w;ohgo_tDX07AYU0QK)oSACo2{KFOrtkpL`@|8BpC!(4^%=3*#XHX z6m%VKMaC@aQ7P{`*U%%P;qrcfUBsJj!xqrdTz#ZwWd--(;OxB@ZvP0Pe6K_`c^7-j zyAx9HyLpw@i)*qwg6UG1*5}PuTVpTo6QF;U{@W=F(TcAR`~zYsL!*XqjoD&G^Yj)F z*BWj$blNbIo+UR-gkonh15y=|#)srMRa)bt#vzlnTpUkW&_(WXU4eC1#KtyE*1yoJ zONBwm)02cNS$Dovt4v;id(#;-_NsK7F$Z1^zfpObCxdT#s6$L5KVf+r?g88Iy}%EBG-qI7g=~{P zt&{0fez8FCa`;Bc5l1l#rrxisedpe*#-jW{831-F2YL7t{MdH!8~EYhh&Ek;BFCG1 zw@9Y!MX;?@*l!k+!=gTe6L@KI^~=sjlRkz5j+29AX+4<=y~OQFRA30mk>Muj#TZ+a zME-sFwmv>&$^_f;Y#=H@Jw}A1t2vjlB34E zRF~W-mwhNs(Bnzw?85F^g6YW#_la&@{0rjnzMAFbG8vHj=@wHK^)5C}o#}a8 zt0_so?eHWIngW29iy^l#A4$kposA9oBdiozke_9`|6Kp!l#6Y9Ige>DK%lVsM+_Hn z8$8NZ(9WGg2dFKqltB<+i@Dm?<42D!tv{?bA_= z4xJh|E4E%&Y9C&c_l7kt^W$348X*ud>SsIaUyU`LvTewl8GPB|2xFYoNC)aFGMIL$ z$yU%&s{2-S{zTD_@tJk39PFID+~VeECQ0a+49j{sDQ6}QKC`G~bSxod|GI^QtVnp% zO?Q8D6?Sv$+A9X`mzF`)-NjMVv45?v2h@qpP9OfYm~G)c_w&~7T(aq`J5~f)uzYu# z$$|$7paT+=F7Cd9ENs2iFgn=43^8+Xd>Ve!A&bG2n4Xy|)Sc>YFsFVBNU$Va zlahph&X3u}335Noko@~&y|9oZ(+MQ`2{ru-$uZ9tO!PIEk8^uJ`~oFfJ`5_Ie?+AF zqwdseDQsTaSW2l5`?~tvq-!Y04!`2@{sYJ$&oKds=jTZNw@xIiX^Y9iDcmZ_p&Z(O z=f&~Th`=BxQMAa5MUA4zMTc!_wC);PL5?Z*Vl`(>D2 z^#u3@Af`M?at8$~gzi#uFf=0svtAZMEPLj5CLX=>D6+caE47sPKI^*O86`hw-~NqX zu2*|??N;hip8#@S;LOXd;jPFElBaC;?eTNo?_C^<;nez8ye>#*p|%#nNh|E9)FmLE5#|=eVg0g`l=pq!1hiiD+0Tcdk*yOo zU?yk283%lmK_jloF4Cqe#WK$8@=J^;3hU1@r++WSKYLLRwou6H2{Qe6+w!p56JOeH zhxW4d<6}=l#a)g(wYXSjT&Q9SvsL%)8_arx+Z+FQ<9-#lqXxn>U~N+sS4^HFHI!_k z_**P^p7X#Iu3IRb@~njA$qI(uRP0pP9USshfjpq~n3S*}_LA4xilIdlqSia7ja~qQ z%z#hmKdxWZl{y;g2r7&Uy;HWK39ta;SdG=5%{~R zgXGQ_X0U@l@L&PfF!QHTO^}n$!h!TjVnIR}9tyb^U>PMiiQv59L#~~#C)B-V%Z4lB zR>g}V3Vk=e0x^mJV7iTNlZoQ=-i5TLtk_$>$>zvL(*R4E-4#(aIcsx44j<`uYwCT5 z2$aKfXAt;R)%}_%mF^o_OuE0AZd=}{bfH7j|}xJyd|=Q%cKl*va4#7M5+#$rih{Z9^HDp0wMsoTTDK z8x!zeyepIMqWI*PYv?*}m05q4W_k-}h#-*%VJFcC)SU&!E}i5103YMp{*}P+3O2s` z`{W!LR~5%DSue#o5A1sERBmsW24KMCkLm7|oJ$A+!Ty$LAK(f+_oOS@`A4KRW(0$6@G zTq2bubJ7(61rrCmyLt$Vt;ce!@iUthOfnru>~xfRn?^H${M&=X7o{M0vk)Zp64#Ql zwNQyfIebxs=o$N~O3dm)V5R-ue5Z64nROow9(bQja02iMN&0=v8O7orAeZVVkBEgQ zku?{=R^S=GU2MIEN1I1Ft9XPPp=ms-f6(?Qce(A%*!=)}Q|9Zpz(9*|plidq@Hr^c zabKUPvlo19afoO;D&88#IqX35|QWQO>9?U>;-H17xl?wVd-&!|lGYXb@WtmWo=sa!@p z$o$3|YqLg80I` zh~?Z3t)+_3Ef0!q`3QvROK#Il(cVDUfj~6w^@ItM-Bg|B#?G?NA56#}6c4E10=Jw) zV^57g*fol93?r-!60&82iUKIu0RSN`t1Gp&(K*oY9^ zx%>`BF`OMxs-itha{WqL3~@Qz>ZlYCy{R@jz}3}HUa`h%NtvB$?cDU$6GNbxYw0lg zjUh`d;*sw2!bNjOgxmzDb0UNDWi>nNp3c0V8%!YCemW1ix=%hk40~+@kY@>2st?Dp zUM-F)?_*`J9tTN|$GfXBG>YRN1orXZ|YO^L?MBF@>(@VuZT^G_e? z{E^m7hftSM!eg119^}%@i2vu@-!z}#TERC$8zQEntgaSQcgp6;jYyjB%(+X>u>LFQVT=*slK}{7EjiYh!6t}Va$ob1|=bJAL%<(F)NuN&CU04 zZJj2#t#*?StPp>)bt zFWo{3`zk*w>(6H7d|5d&35jB;|UDGsBS4Rx8W4F!+Y+8D@3Wm?B(x8Qb`Ym zJW0CFVRjnS70dji;=ON+(aB3vID8$@R6ArJ^15RcW+p(T1jte`@ z2zwsc&&FP|kN$Y~&D?96?~@1c#S6%bj?svTp5xu>#4a022O%51gBwWp2FYxhKK0V` z2m*ANF)Jc!QXMNcE!3J%3Id%!B~ESE>PDXY#bLQ$61j}}RT><9y2soPgRN;BRaozjvPn`QP03Uh>1 z0D3;vAjN!({ZZp;RPe#K0Va$JN(mCdhB4SzG5gu1bT4-5MJ2y0m$I5TN)374HC|ok z(ph}447Fer2+W5dXB);R+)vQ_ucy98^X<3#Z*uRbEhWbW*QosFbY;<#0i(GI8QsGIXH&Jkte5Wfx6r;Ay;-lZaStfkG`ZLsXOzG!YofVuv)rVJ(LytB$ID-? z?Kh(8ON3ru%?oO1{tiwJ{fkJuUJ0a#Z@hSb`Pib;s5;tM1vZ54mh#paR*1>BUnF$8 zk7>QKrKDd6ahW8gOI!AmSnFXAMmdujQ77G@Mc!i!xY}fDD5n2_StB1rNBKS)URJ_v z1?mJ)*4atn z?BAv;@Kf>x*mVZEsdLa!XI^t9k*@n$Z;r%pR2X91zmN3Xe8r6@+i*^8*AMHi?%os} z2*o4(P$~;_Lj)qH9Qbb>-T$d<- zHD~Y`p1i0ZwEuQV6m{DkSbH%^nsrMgSJa4TsQEVSwBE13zqLU~O_Qa;J8LK*-p7?6 z`hlae5q|b)fkXcdtOJxJ2KB_my-AX~G~=`6g!i{`GUWdyA4 z9S7F^pkX<0+nOzPPgo-UkxAT^%Q(9gT)|uCx}>joH;}rhZvOnuk3!myvh=tjq;sBL z+u~p8x{z*l>rbePlnugKAemLQQV{RoWma2lTOlP+%TJX&U0swHOF2~XXr78lm+Ks` zh|FQVtj**AFya1fLrD3IG_cpz*PcV%^pPz~g!n=bQs%op?I&CRM1t%^3=pa={p$un`J{L zUGdfm{s%20?h@9y&%E#G;*1+;7+gAC@2>dGkkM5qD_2B#Khbv$Gk^&1ANnq%5gG?D z6;eydrUzF)#!kJS6s#{E`$5^+wmqfNb1sE;8GmOz%d&-wM~FrZ5a`Tm0VcX;sfw!7wl*7o-d-0k{_SU zFHt!xpT9viOnfSzZ$%t9JtxHrI!q{p4FK+bkFvM>e5c|3`St-b7Ax|=nEYqvg4@pB z_sZ+sTLt+nDINyOlohd{863J=e}iUX%8EZ1+?AhGFrS?`7uOkd_2XZtUiojODI+LE z{e4|Gu1p3cw=ck8$Nk&SzKJ9M18`;H9t-G?J(m`Ge$78g-o$II}#TqolsU>!h@pKXEM0l9;l;3=94nBJH`! zASE!bcdx2@Ury&V!`jIwGVw3@UJp2A{vqG1Mt@yHoYu~22um%Sz9_; zGc2k_pkW>?QW&+OrwtAS*4a)Roh+~*a=u4t?)>*KyOjd9{bNIcSVOMQMG5t<-3(L$ zM_GIMf=bxOhSHzihQV_ELwGFnZD0vTd?=yDWdvu4rx8Es0f_Jn7IOI62G~Unj5yU% zJVi@CB_U?!^f~Ot8oqCWX&`0yB>m)=QrrU3DV9}8@9{`*A>b+GTrQfO@S!124C2yW-s|IcLY1UKnF^5Is=1_gt~fd%t@twi$? ziq2qm{L=iw^Ati~Ba3f&?I2Zhi_^0Hcv<23rz)8eW?DVN5>nc+KhjJ28vZ;VoGK%;X$;M!xR{)zxHipi=tY zjSA4XsGAphYmJ6-Pb@^PTf6O-bV`E>YjMia*fWYLfEO+8o$%cj4=uF%I6$>HM3GvF z@QT*|d!7ho_}cEpyrMn5iVn)m4%Z<11w+h8GjBpOawH@L-##R-(0=>EC8OJjGT?{@ zF3ie+--`L&zCR~>$VHLgu_Bhr1A*&5&gJYskHG>zy`}2lKNZ10u({u_u#llmdD*f= z>0jy&`YRoz6|6^17H(z}Z)Al{E(LeW+P4$aLIZQf(*6@UiEeAvJ@aKZvk{UrvOk?4 zxJ_amI{wyr%NX1f>+t1btJ~16wZKQhonq!<)~`sIJ4R`FyF-B(&dDz zoaaalB9wjT1&P0)d7V;?0|yS;>^)6eLprvXe*-|XDV2J4#)0q$>jR2`2HmHntKMDf zr0L^B+qEr+pz|QlMv7K zYt`CQ#r8l0TXvAvxA6`b6nW2V$yY=#yin;R4A+i!EY3zeRUNr6eA&L#cu7O?lt*PF z5vb_YPnsecuT)B(uF_fyWJP87Kvy^eUPSl00F%Wsi>=S=(||#I$^ib5_H3$REqbCt zr4@1Os`-nwa`;d*q`9+j=`7^hEb2M19yS@_s%890)io%Ka_5{32s5m9fx-->lt1f+ z%xf6T?pA7952>dQBEysf3yoGE0-im(XpuxEHKCbW?UrdMS#2e*_5aG+YQSj8V&e->PsOy%23VEMh^rUP8D_^)B%x$ zpZNh<80=hF_c5aT+h|KLAL!RjK!Uke0qrZWFpET0c`d2%k{sU5TFQ4)`>DmACHZBH ztZ-&Sb-LShJ_$fKp>3Q%@7E(wZhw-2d0Gtndi;jXsS!kD0w0X z<9N4r_#u$ZsEeQpCGQ7g4XENZB%;}X1F2O_Wg?>bDr4yrJ)7~KIB6o8Z86!Fm5;Ok zn8Y~Zp{7C#Rt4TJ`rhrj=w9coaP)lZZeR%z*sEr{Q&W-z(&Vm-?^i3KD4*F1&#*YM z1Eh_PA5x=HAl>ndP3@$o3*)=#u?bBLrAw(E8EC4PrP{VV?;>=I7 zf~8<18zE?g7zQ@yylqP|IARtXZ#2~#W zC#^MCWa znTxr=b**b9gp{^8}%uU#ZJYp%HLzE=rcnmn2L z&ATM;TTSH-(Z3M@=qN+R$D^TOHGw7^O|QU5i6uT9%H)_l%0-VvebxY19c<5yTLzCD zEFHhXxP6|dTzM%Jdo_3a898#bP_39t=h!Ns`h=NE1Sk8fS&_W$eZdV6R$GfLd|wR- z^XVk@7ME`han?Z0s&9)v{qYgzc3IxuJJfmZ(GdQRxi7)nS{xD$W&L8oUG(3;5| zy8As>wl-_z$1C+W(=0o=@ZbWA{bsz2vgdxCZ%N?+za{)osW>78Kh7lm)&y0{hODOUB)lMe1DMaL~XfV(65AFz6#heEcOVSkKr%oA{8= zQ~A*mh5dXid-kt<>}|S+lfU<$d=fhLOhLJ3BY20hK)Gte^ZxSdcbJt4 z&50AYoRwE&bUS{5HTy*cy;tadUiA?4CkK9{>&3}T_eFk?cxUCWm^}JFo1;s^d%F^v z6R;ZpmG?UxM*;F%JyBi*dem5mLDxlp+(Ig!RkX?)+H0XdtSj^SR~JzOC%udE$Bcdl z2tgCGf6t2jY83yAV}&x0{~3z^(TDm^p*T(A^B*L_Yc?%W z#XFhat}j3$8!G4gU#(UJmt&ooC`({s__Y+zH4esV{n7r{eRA!;6S)f4U+Q1n7&Jx{ zE?%?vSXn;F3jgEa#mwMw{vO< z+@Fr7q8>%9?5be-bWui1x^X&Gpx}X8muTyrnR3auU8%{qtDo zP?vXS@$=`^PC)|$ceN+@J`1F@sYS17io(dXj$~k^R7}!D-KF3r9?8LI_Yiz6C4>D) z^ifb+NP}TD<#6_-X)~hf%5jQ;Ej0rw-P|SYBD$z-<_h8{*jR;(9NxK?7a9i0CADZy{1Bk$% z>*Lk78tCL$3lUV@F-Bc1qG{kc@626gWpPf94moPat060oEKvR zSGURfzt{P{+4(f$q9D0h*A+%ggqixYn@%h+-90;9&L^{Mx1))QZajbDwSPnV3Acw3E@#fLV`Fm2xPv1)wMP)H4nVcsoa z=pucN#VW_Ch*OH8rq|gKpRrW6Vb}@@%BT!Y2}+oU-u)Zjz3ho0z9p%ZM82*fl=cyE zTbUJgF4R|@BeAigCA2FCQQ|)2Q4^sIY8Yn`s0 zakm=osVh?G7M<`K!?VH1D5D;kM_>3Ff%|sEI5<55TiH0uG%4pUHPuAtgXdsZkHY1U zN=9pu#t7qJkxG}}H@DA^7!VyEolTn!)a`a#&nXHO3w&zc?l^3(;F=1L_AbH3m?{m5 zlGCoXnl)OF(ATO}qrbA}eVh^pd*${;8aVyZ(|McgrZW_9dP_36r;pPB>+J0*Tjxav z`_*G8R1Q2z`b&?q+qMI(MO>ziYHpTNrkiTP(JI^pbne`u9_~Fh;Sd ze3bZxvWNAA)hqMm25ZwHbzzZb40bPGyl|m3jF+JuF^gk#x5CC8S-`Md=9V=a+BkCF zT%?4k0igTIFWNa*dz04 z;IEg7QZ8R*-Ne8LfmvCKQ4vQiK4OCfx-`Xe2_eptOx&3t7$f%Qk{)iO4E~HdO6V5! z5vy79UXKsJTuf=;O{-l^YB?*6*e+L&CL4Ejllrz=j)}+O2%#+mTf+pOtbV(4CVe9& zyv2~iJ>Q&Mi)&Z4eGw+FIka*1ygY_Hkx+GQ_hU9{2(!Y-b@V6eD$ub&4~?I$Qd^2 zdiZ_*NSdm#!|R z?&w?{9R5W5mnTGG7I*+rxEPEQ{#6(nHCT5A&&JOSPm14G=>(&Km;?p`vOJna|ymg8d@hKVQQ~rWHWBbhFn2s~rLpMtbza_v9 zQ!XFnJKJ8X7F@75dC%?PVCL>sc6gjhE#9|{j3*9TQND>?W=Eud7e!s;*uH^R%hA6h z+d9Y8$l|2o!E9?!Y^i>nBAVEmCag84`hCk75#N02v2M)TF*A*#+~`@D;+LWbP{;YbmeEL#dAX^&m7{mA1NVGa(85~BjP8BwR#<#k9{s8 zaB@|L;a~e~us7|y63W%OK8Pn?xh?+Fwl7IC=<3xqfAt{D5-r#6+jee;Zke%?%~uS; z$pPu1*g??H`)cOPFsw&UEOtkcqD~=Hb+fD`M zWV=FJOKNN4BN~0GF zPW0=OHEdK2ouqelm^UlFN z3+=VwSb@sg=EB-|^sGyuL^P_CTfmrZNcPg~l4&`c8-O!RDQN$?`QqT5#d*`GEOHJ{N<>%|B_Ep%%5Ek@S#yoj#GYHZz#w zu!BdlJ7K{-Vf7=aT+RG5k{v+;u4LIbI0U;XwLWRymvTD-n}d~4T$6~cXEc;?9TF?u zVSDh8Gr2{IFtd{LD=FbC;Sc}aNUnY?D5uxaijTq z?7@r911yOX3zY%yRx7qwdp$DdkLz&@byw8PdA(dmO}Y12PM^A66#^NRRp5`>$Otdh z_BwJHRzD@ngO1#0 zU;;Hv`Abw4nx7nxyj>Hg{{l5#1_n_BDQO$wFExaA@2RjSTA3|4BO2t>9@__rP{NoZ zfzJbhK-OCcTV^N_(Eia@i^p(?b?6gIK2sw$`3{K@4Ln7SYpoi|BTL;6wcc6|_q3`N z#`)mSUa3t9dRlB;LQeDbsPX>(|IUI_AMMlp>}jH=M?UT&OX7VB_#}Ir%F`35EHB%L zDk6PTDViL%WZejD9YwpfG!qi2tXaHTpv@!k{aC<%v!G_}j7M@=GaV|OIgt%>KCg^e zOS21}wc8taAKLGK#R8D;xA_K5TW&#-GBvCjeGy@t7lvJnVRHua)beES2XaP3-1amD ze0GINj))MyzrVke!<*_IbNz%wEy~SXqGlQ=?kpTH)b(udOZQ)!J9cY0@U`OhVttLx zDy1NPd(f+UV}%k1{|Ps+F6EKEmOSXu%p>DWC>dgioQM`TYp~h zqhxQzqiz#-D=0-$n*v@bwtfc0SIW4sgqNzK2f4>l>%+nCyZsg~l*zN9in>)ult0G4 zKgqj2^e&(s%cLx#ue|Ya?`+`3i->W4+8wu!Ea?l45*}*RwNATBNx?t;Ov~=i-$#{> zVzzcu+fZvcUR^0)u2`B^5Nzl-@JvB`!Qf`RiK4Qu8>T!RcK%}tr`q%s<^_khhStaT zz;$Do<#u^d&mq65jrEEle<%H2R*_Y;x|%bfo}k(OL4w@!I>9=MXS|O7_)ki-u{K|+ z5C1jScdNz=&f$DyFveuz!OYe!nc7cMf=5;fcUZur*kCIP-aZ;*E&&OZI?YV*%0Dwe zW~P7_O0eVz8_Lt7p!wZ6fB(LU6HERf?WH3fpfn7Hce%VO&cs*E39~7UJd8A(u z6=>k5XM>-f=G)ll4wh8e9$~Uy|8^^L_GNWfvu8lqaZU~KI$yd(|GeeZX3)DsXBk}i zS3gAnSkLi^xw7sxTZ?xgp{HL7=e!5ywBzGx`mVPywMeT%jwUQLG@dQ|QQoND(MvDS z*hVO;W5%KRwsI|Sv7ttWV&zX6Kc%mkerkUB0C1Fl&PAzhhyI#wPLBWKbax45j2zNG z{ap}r1qc!t-uZEB0yG~9o`^ruwHRjz+Cf0GpFUB)KL2{yqGmDTc*|{5*JA^&)i37C z`z$^dTfSGX>D|4*TuaH+G8C{dUm1VDF6Y8~9(m7)+tXSqsUBlZm%9&fxMaRn9GJLs zPeatLv{h(%d!>6TA1n3v1HW7091)M50EqEpGte?@S5Yk6di{F3!ou56X&>|zm%@)T zePS9hwUj5UulAbiZ~pu~rgGrT#^l|Jf#KbX_ZAUV$!1>qY(v%a6$5t7Jhz+!dPdyB z_{A8kzM5zsDP>GBxLwsNyy8c(rpVn%yKW8gYh=eKBzS~V+RD{)1i`%T90QBsDU>2) zo&v@I+@NqfXTw_q8n~0;Bh)f$%Kf@+D!7h$EgogpsAg#YYu8PWc%c0v#Ga6-0--E<)==0ma>Eq~2j;Qt~pp4L~SDqJ*u+WPqy@!9a|`Y{Bl!S!@I4+Tg!A z@S~~+3lW+g=s-FUsT-Gk$bKl3!;^F5p_qa|?W$TngyJX*+hV?$MVdvCK5R)9e|Y~n ziWFK??04wR^4IKjkt=y_`~;zeP0)U1goAByEY$t3xE0_!gJ%ODr8>fj1~bu92+k2z zlagA(V|A`gyMTH9T}pV3#5$;`(rijXS}I*Kdu9GP*u-Of0b$4$c50S3+KzRh85ulS zw#HnS+}5A}_#$oeg;U=?7wi2HIl%8X>^qiVKS#jrx-IU4D#hDdKdQSG?yUg8@}1=> z22ai5TY6adqRP<>56%gatSWa7jG|&5DxliAaYK2DPs-P-$1c3d&QBrX+fxnx!Kf;! zH{f`Dq(@xt8h2Z>w-wt=F7O`=Mv&|H``qkNFr1uib!u=HfxlYFOdX+X#;(Hm8q+~r z-M!tN2|xue$02t?%ZiOhJmg z{GjztV)>G>#!B4J)jADoL75FP^+bGK;z51I55ts$z4jU*%{dMRct zy-;pyz4+kl#tS88&-iBEfR3pdE0}=gsvQHl06O63^a#!)(M@z0RBKJU7d77c%m^~w zXE0LD4Rqklcx?b}%|H$FaxF68z<|(CY(ENFjAD!Wf+Xa>rG_oRex<*)A9^x34_6V3E(k=viKPA}h#(&g#gsHyi= zdnZ{#vg!8A4c^_@t*I(0;QDa0wf#CzZx???e^nUy)rdaee#(YvD1}G8jZfsc*BuDT zt_W);4<^+k73=kSUNx7ddAq$CiOel}yi7&Y-g#~a_kJojpbZp+oygPlI!^22KH?ij zVaUZVg?_2*J#CQZj0l*+E#F(fG!JiO*(Rp!tPON8^p)aixJgt9>siLz{a!99YOz%* z(af)K>OG;~p#2I{#)A^`PKUOsGH8dQbO!@#kOcmpzYDBNDrlMh**97Ib|OfR5V%Wr z>fbD{iBH><{ZxsgbX`_m7$v)?YM0ED`%yeMv%2}^)hj%Cn8+}f)1t8N!O~m?mOv=3 z85wk~o}YXjGPcd4h2VdZ>;J4+!T#1apDTM(YVtJ}t#vV*LGAUOlXu;IAd{yD5d7JG zZ)}t)n(;8?oR_up%9o4mm>%UE+YiknQOF-Lwo*&^>UtM~$O}8~vlt`GCJ>dfrp_fY zH19(eo~Y~;S{7b-*K6X)qc3_(wt{%62`+0qEkM#nmfBDuUWo-ov&|fUPY$AiCkw-g z8`r7@pgo8{hO*FfDGFEuZ^>hqyLf=B_4ge01T+URbUDk1$Mxqu{L(tSd=#Ia5cnvf*Ic zIBMLj$h!%Syk8c`CC||?SF`nFwp~?n@4J5RGL^L8ab&vJg`1KE@bjXV;JVv8)x$eo z#ZQ~A5UeL;&@Ce+^=npyk#|0Q=6zH8cW!+@)e#-sq%{|YebJGqxU8LbqEw1prB1)D zdRdvkm)^h1@Ag4W05ZxlbKaqo+V(;=h%m}k^0Da$No#h;Gos4-y4r-9sK^s8)V1Aa zU&ZV96ycf_gDS{Cf1;!L!vcU?>6ma+<2@EyF{aM$Vs8{c`+GP_*1F2zHO=g1jp z3*tjq)U#!nN9P7~kC2gfvfjG=nuFyq4FkhVTv&IO-M*(gH4s`BrUDEtJVp{M=IIlV zzf*#uB$Q*=E5Q@?L?Zb^21G+P+b?}Bv>xQI_60Vbe+g`SQPC`Iq2zfDy=S~?x|%Ms z7wQJ9wVv#E2*VuWpW6OX95gY!1$^`muk(|)SObl}*detGVVdF%vg49WDj1Csc8FThnl2+iKsMWgPwn0(K8z5^}e7fO4tI{A$r zKEgG0$V`-(u=wEBDN~BzS<~TVQ|jlnfy)=#OC8Ea zwc}~-Wz8~nFX-@Ho?hsnREIDTF~KEE&{GYwSYm^{%r2OQB6my`#72Z>S0(3{d1Cnr zg)=s;5=*S>F(uPMT_y!7Xgd9m-9EC)YL|^_HILL04~voFtI*CwrZ&jH>QrxowW#Y2 z*_P!wu!YP(YqP=c_bntV4^m5kRNFFX-bp)A8=`MB3l1qE4|EN)rK58)%+g>~;qvLE z37DPU;?Yhrvb~?@G}VmwZks68E7py|Sc5w6az<^$3Q$RlMe^Th)vwGgK2>UUUwJCR zXtH@7Js2XOm#!hFDK4lpem9vN^eIyOGh82V;wvWe4NJ z?=%%C>l$M&Brh^doR>vEGDG_E9JooVd-$~R zQ;xLwMj9854F?5xW6l=HxBT)oPGa1JIj2h4*=DSdW_(`<*XX;$6PVt86s= zy2ERA*9u1?=IyONQB-ny5Zss@T>e5xsDe}f`xYWe;m4c96o`&0!|Z@1sYZ>viEQI7 zif>D@sFv?!wB5<{QnH+Cu+XxVAaN=5pbL0O_vB*O+=-Nfad- zv>?VG0y_!&8ZVDm_BeX@n4VpLv=(F2$7;bLQ zKul=3lhjbkZ&Yud>_KF_!3x+_n=apVHpgXjwiiZbp4n6FmISfI+>1Xh?dFRA=x2p*P}8V9?7U&txI)nF<)aI zajRi%iKRZA@`We4aa-o(`H$x`YM+)pqp0A4Esq_=FeXvm_B63BJZ)FdW1pJ{f9DX9C_YH(yhz6SNW7@gr7R> zpKj_XwSV_8wSPL(X&jtzi1;IEc2TIXBdg76ZOj%=^*qufTfM8DlD6_loCs%i{|uv{ zF;Y9m!?>}eE$d6Gb7j-(aY9r!^}+G{`{XGYiDvZVcHy0#SsB3w&+se&;S!|inSAjh;H7yyI+_xwpel)|6 zDU7o#kjS-Y`jlt5pj$(;xvLhR86T&N*m@z z3$go2LA=wPTC0_*(NnF9hS|6zH+4S6Hz#%%^Yt*L&*GzY->TI_hdjtN60)|lNBE2# zyckW_G_qF0YRi*SNwh1Pq5vkFW`e~-_faf>=JedkL8^`tSOCwi3P1bCil-sVTalOu7@y!}-w)A$U z5@V81ZlU!VwT`O_!@~Gy>ayZp)`Eqmgx?Pb@9ikz^}Z<_HeEbs3zCqpD3>noN%h5t zVEupDAU=m%>@&5c)a^z(RP?1k$4F|5|B;3i&{>uhBj%eIx#&Q7pnJMXzx_;@BChaCkGFFo zF)=$CBb24{(Z@{=HNp1I|Lmo&&_j(-xgizC-4ugA-Ckr6=L@0g#ptcO_2$sbrGsrl z3=`U$;PmEHO^88cwO#l3Inf{Y@6V@ZIx0AWymP#ieC-d79#-$wG;jlz(&6L)du*zg zZbi}8`pWqcGGXjxExh)!YHC-F@C;(kOQk%H=db`b;w??4oFKX~_ucJ{^8%q?KtzXXCMhyND`*$P;EjP zWj@x`+4%7JNs6)?HFfw z_H&ag{C0>HH==)udwaVx@Kp_>Pz)s!cU;!;Y^|=Tbgp~e+4-)({q6AO;EA{gCgiZy zqIJI$>i6&k$_Xrhv%3}te3-|Le^Vb)`YdBXGJ9H~v&sKR#sEj-2a6#SP4DfB--0R9 z0|toVqm_&HXza`TyaftMBwDuwYq+PCwywBZswS!b!i8YbkATz9Vc7=mu|^46+b1=d|;=g~l? zcGgb^_V@yHq6+1M+{vObyJ2=|5gpdsK0_*vL#&BJLzCxiV;P~`Wml`3!?r2TG_ULH zckaY|qi_2=lICiQK+?~JmFMNoTvUFYC+F@pTya=roDX+tK$usz<_*RzybY zAXaIfWt05ov369-1yr=Ykc_icT!0tj!t;>0V%U<#W1{94-ZT-d(L)^syu}WhPI;T~ zffU9#V;{pLGy`mr9Ohy~lej78ayI(devGww2Vf8V|6nG&_a1tlxW8L6{+M>Gm>Nbw zv#DF;?zWwBkNyrDri~EVL>Cwiu#)`*c7*gH#JChBSVTNBhd_}(hdkgEe@*X@z+YHO z&n{pI^ENJ~n>o}lxv%ZBaex+C6#goCyW%o}y+$?f0B|8iD-5h+1Y%_)kTKlj*&3|@ zRs!@lpnUOX#4zb3>Y9Tz_U8ykS10HP0&qJ%1?J1k&Y24*wM1f%9Di^T^N9A@sJd#4k3-49x38XIQMZrm-N z=5xm5Ep+CFTh~;J7`j}Wn2c#>>X}qPNE%UmdL{otSQemC(SDs*UX-Z^l31u}hOj02 zht^1?ppqw9A^XFn7@bNC`>nb7NTSf!*}Nc~&?iP$gQpX2oPuV1OLNI1^dQ%IR6 zq8>cy^pV(v#PBHSNBfBR74DYkzTHp#6`iAk)OplNyBnE{9Nr(|^{FQPNG(gb31L6S$=17CXB&`=_BMwXWUKfnT+7|u6 z=gx45PP8g4NMxG3-t9Rnnv}~udZ(0_zqgMm9YXX@A)V3kutw|F^%#1w$`|wM%0|b3 zfHuwyy=T(Z;tz1Js=+oKF1wV(e!hV%Udsr@hO`5^;~8VytgwbGdZ>K9@N0ewJ{7Pf zN6D?N63WTpLgsC0hbDmDo^3`et1Y(A8@Nlgs`8n*_bk9> zPIDM#9xGrBbZ;651MflrY{8dNCg&bYf>UZno3n=6o-nQ;XuF5ydB&0gm58ZUPSED} zTswRH2d1u-jl)}z!n37QI=Z1SypcHkKE@@~cQNAHw`&g)6tg>q?pSVq%={YE5u-F+ z2@99%D=nVn4VW9j;gE_0izVxd!#PB)`)`h~+s;i|5Umv$omURu&#WlWBVj!l)H5&l z&9yfK=_S{vJH8E@cIXzObquaLCHegjka*uaER zGsDL0+~I$)#MB^d8s}WrDL3S171iR9XHd~&m3J|Sfn0&`<>rVRrfb|KhG{geYIJ}T zpbw~eOB`V6Fw{WK@FPdycJt#$O9%$g4-6}5)G#`@jS@Tf@3*Uby)+Od7jo5E1nwCP z0WkZaJ_@KBC=0JD=YFTl$@-w*2gu(*r!+q6 zrRCb{LK&rcB>kqi3rF+KYf}Iea+!N3>8;b@V{+5aiB`_t5Y4l%r81IBH$T1R!J2L~+&ag35-_|)l7W<%)rn>?H*4A*N(=AWhExh_90!?mKS;z13 z1$SPGYD+%1GU3BPUtH;xP7ND-#unB1gjk|{%Zk!9zs!S~gIMzFMFsta!8^uGCrP&t zb}yo3tV@wH*mHnPie)s;_F>~jp#Y0=bOR6r2fjkclpLQbF!q}0Flq*7Lx?d`Q}+`Z zhKBzfl6#v(-wgec{Za%qjHei=3(DV*10J$57Tc=lv3P692LL$@Rn#zPIyh?#z?atj z`n(^;V!u@5cKHe(z_)vtsh+)Dv#)h%lz1L}Ysk-WZ+4^TYNXYq)&l7ay2VQSq75a( zcAN9U&^slQwsPh-MWYd__O?N(5{v3&8i=%4szw?!r6;L_h*9JyEpt-JL(A<^4jFf% zswMk5P16%;RF90il*)I+7ZX&Ec;Y_ob{Hu=#tE1!!0^{w(Wgng$8U+cnIBx+KQ=jK=RfNVfkA8O0oYLK21AZ*>+2j}DG<`T291%UEr1@w z70g3ZXj6a3@zWK&S~Y}T%`lBZ^qd4e@ZItEOb|HRV{#%%DmKn`9tKEyxJxD)(Shsm zFh-;YzxNQgAl*k+2l;-Wz23idVB^D?db{cA7?~$N0Fs;!vjnzD;8Sji0DNT>8*D6z z8s}yVi?E%?3<$^s?PGlC;a@c>0S0$Q zHckM703!j5Mh?KA9r->Ez>=j`MVEfgKKh9>Oci4Do-rz47Oki0@Etn&OmubOIV0yS z=W+8(nmGIun$Jg@&a%VoE&`G+-F|~v4F@2~8O^pbMU{m+XJZ+o1;cLJ0*LAmH?wZC z7dryuPXTvc0+!8l-2@daaT-KSHLn0w$Q2FV{uqP^2T})@JUg`y6%sF`$(y({vL)Qq&UaJ=WUy$a*;P8Rmv z$OvA$_IP2XoZXp^xpA9}e_V3mqGgll3l%CK9i6ylHN%LK%`CQ$-70%;_qYp!obAbZ zqp#CC&v{5Z&u0@xQsAy~8y*hh!6Z+lAH8Y9Skq?_;HSQusw25{&^EBzDibZ-70tB! z^8Mo!LmEpdwPz~JFK4x@kHEhI#%+vg=>{IZZ3hDXT9(;MpJOSh0p838dlo2q79XMl z*>tkTI3O(3DPf1>D7mf3;@Ds=^|KD{;Geq5JO%tK1;bBpsRY<0_FZ@_av#5Z#yIIr58u22Cgl@w<&bM{+1P-*_bXnl zBE}}qZEL)mc}t@>>NApnBh(^0d~kA~L5Pxm9H{8WZUEM8IgGoy;=RqQS9ASZ6|+l4 z@p;nvLuliEi(|#QT6Y@N^2!ML?@hMVhFTFP79RoSX_(j|K1rx-x{Aa`LmRv=~+~qLo28p(iF&HHPhU zd}<`Fj!)HweO6yn0bXGPw6<+Ej7&1xowy$YpTFNkr+idT0;L_k2*a_9{SLdMMCc1U zZkQ_98d&QSU%Vc=${R$oeovQ~QNvs}m?o{W1$%y%|6+eYRtLS5Xy$R>wkV zywkUuX#Z=O*(ave^5d}&SS))|LjFkPLC0UkPmQsE7v~b2{++#3bv?EG{ry(dCJ4Tt zMB7`aKBY&s@B^_P1h}JNQ#W)5Zd8wd0odI=9nnkDLL+O4&K+%vSq0jKONEIvtS_yP z4hOD(n<^gT?I&xN47gibnsgaM<*G{@VVWzcl6s88M=${nWwECgw2@N#28!BhUtI!O zSLRz#j@IT4$f6a&9VU*8IrdkCNeH0L>8+o|h>NBBB_S)Y*Bo+cVcR0e0C<^b=F$|< z%$LM+HVRZ`V3p_PE5fWWq1yJ3BpKR-eCO(!@Qv0xMxodm>qfP?e;@*pMuyp0FN14guoc=$EOpdcCYoRF zI)^*R;(}cpB3bMmVn5pS{&5hAYgc)DV=#`nA#?IlOdLwr)UkrrHrqMh<4tP z*Ul!Vq%j(PL5q57q(yl^&HMYKOn-_nr+(}-#MfC~p0dD{W700jEs0I>VRC~uuj|84 zD)`~*65lEF>)Oy9y0FV-W*f0d)Q@A_J_9lwLRL_QgQN?dZ?m^eU35&R#k`_0#L8ah zKsxe6yYd?uF5Ka4WP|M)Y0X&z&NgsE?B$!fJ=8EHs-H8AwvRTYqR7G}tyEp6Qpt@{ zrL~QEAs5ZGrtNT2c8tuHYy5e|Njvc^@#p4EN^8E8Fba7?*kaFm*{+qoLq(GnJ;Rzl zjf&XAjePjW%`Sz7pM6WG#GdkhF*(pl=T!05>ZtU@8+diR7xT~{leN9vSdg3$9xv*o z?b$YZ%Dt!8?D>Kh<9g>o8!+N(SsZQqcqEbUNePh*%LW5b&&9l8Hnv}yHZ@4hHp3E( zCJ_Tir8yR@c~+=`1&CI20J=q$;LXlfH_+h@M9$?9ib6DYSU`#B?{lWTKfmFF(%?Hv zAbn>)HTSQqMHB3vQDmN7=%MZ@@#!PYRe&wIKN`MOW-rkFeY?g`_ud<~BN<+r2T!C{ zuXHKsE3e^_Homx^6vdncnZ9oU((0oB&uN^xjoCwM(9rS59-AwI%v#O8M3mXu(lChX ze8fAAjS&gNP&{)9<{d&E0C1oh_56_xr-%l3d;SbOsA3o{tZ+=)J@@T;l(_2ghrbTgepm*f1>sXpoKr8~Cl!gWg8Myq(GS$fSSZ$VIevTA>qz9=cG<-OWTh~2ZpkHs+w~1T&$dXgx%0>RaM5DD2FA33 z)iV8&d6C`AO#z^~7I2Ca=kI+!Q48>Air$%-;bfFD2Ad{UQL(fXQg# zhrpV@5oIww=j_=7cfieTulIP6%VO-8QkWWv_)PJ+Iyn79o3AkL+d)b0!x^`Y9FiUF z7jM1aGT%GtR8i0q>xndegHsU}3ptlqPT_rZZNu&n_w&V>G|kj&HK#kDFcj%JoZ*FA zEry{SR1A#Y%yy*my&tZThEe(O>CbI& z=p*yAq@q?56g`b=c3@}2J@U>V;!kQs!B?kR0!_k~0O2<qI{Nk7i*6Y?>f^gpEMw`SsQHTsOf?8@<}hw@l3~H`6{JFcTLYs}HCs z_`D@$jJuQV#^$9LQA0CzV4>y2P2GFZaT%b#>iUy=)EO54_b5ekcApRAI6jhDBUQ%c44DXAQqac+38!jCZ)N*A1!40;lik1;GhE>7@dmZ_9A~{V>tkxl5Qc=J( zY3YJA>Hhiztc+DhUm;=sSr>5BBs9Tq(D z5=~YO@JHXSlov84v^~yxXU&Q}Ka^3KYp^(4B)U7o6g=JUPt}`8GxCWnh<2uG_T`Em zvH8CC{p$?3Q_JFWsIoH-$;zr&H0ItdAz_ZxuCdQix9vnSA%C2H=HLDWAx$BD(8)AM^!;`jn8q4`{x5ZR9TguUF+E}8+ac(Av|9o$fP%`qtWwegXPDL| zSmCS@xX46&w_4ysj}VBW@~IUJBG^F)cl5~nqQ;Obt(~_2E<8JT+<0d*T6k4 zV4E34NR*}km{T`jifN?b30uAm*S!mk!a;K|3dx*8;Kx<8iS`7@TJ4kN5a#nIk(W>Z zUoi!X2IrAKfx=9O3ybO~X`aWu2UPy%8P0JA=4Mm3cjbzUwUl3;H%w`6w}{1^AUwPF z&8KhmxfQ1^I$kaJd7WA9@SJeVHnUiR(0m<%SBzw|A9Pr`^6S|`vWs!v=&!1t|IpR` zRMoRDt63lAz0Tn@02T25Q+UD`X(R-*>7%%56q2S{OEa|&T;NwP?CD?}(}`;Ko>R<2 zj!{%C_Uv_~iy3F0r8g@h9$K`MC}4$xC*$n9PtS_$TWDyn%uByH+lJe5)eSmlR`m0s zjH%Azoy&Ns&E$8<@0~BHQM6oH=F8whp)cV3esZcl;vuIY z*OrN4HkoaP?DL$Ht>KCeJ~FEU(Q-q+w(?UsUW&Mm+uX8JRLeZK04QwJdoEA&UZh@t zD8R5RqCbJ@D0sg=OHf=kstCMLty-Nm7xs^^uMk8bzrsG2wEVwJk!WF&CxHD)$k#&p z6QcqE)3x-SDB4GT>{bPv=UB#)^Ny<%}%kG|L?~s1Yk1{Q0ysUqfU!7T*ksanHsWxmq5I%J6;oyKWBETWKB15DR16FR_9MA^d*$xE(Rxn710H z1P(QT4Gk)IKFOBcw$11o9@J)R=j?}%+B+}$Nx8^#^6DlT#i=@VGHrX$<0PFq`~?}L zR3uLQ4mB0?7x#Oen~_^Dfs^b|uoFK>)82MnHQGAbO0;t;ir4??EoCf?pln~sI&DBs zNn4oHb*Z&84%E`{=Ie6>x)hxsJr3s-Z+x(F&bgp!=8mThdVi3SX6=l%DScST*(fWA zEyf=@_iJz5XiEuqE5Xy$DB|0cg^Q9M^a1h=cxSN&J+O{?@}Sd%KeVp?#{1pjKVJ4H z*oy>Y)t_ggZH-H$Zl|;35f7r)BIPVZZ z$DUmJM8@>OwH)aM+?zwLDNZdZBvsy=HXe1VdY{Eksoh@in3Ej$v(`qg*6^QIQRf^( zPjqzAJ5T8hQz%sO?C>O}6ohS?86Wn-4=b#G&yvhD$pQkf~9 z2n^B8Sa&y3CD)ZUON!2x>k;6j%YiSSE`k#jfd}rFd zp6a*oZhf;!iM0OIRZZZ{`KAEeU$-27&$%(h^h-E|~;eI4>6%xH6UcFM)88{oJnK%zpmG2w^h$~}2h*}G ziJ%sXzFgbfw?jJVoapSDFosJKIKaB5Ida-qvh1`;8tuzRxGxtOj0nO~=nUQ3X?cnm z33)O#ol+B=<-Q7zTh6Y(-G1a^0X! z%%$HCqqqwC|C)6bmP8wCi0WUvciingm%e+UN)fJ$q#=1oZ2Y0I%oPtbt%`fk@1?br zK(MN>%LB6SS7Q$}iNZbkx#_@d^lL?=E!I&4v;xCR1M1=T`lvJPqVHCQJo{JI4!AsA zo~{HPX@L~swhtu?2wa?vn3pE>hrH>c^9l7T+5Eh@tzlM+N4sCE9v^XEkZ>zFc<3^X z%-YFb@?&SY!rfms(xBWK4xZW9WZk8tCV^V_IbzwEn<3V!6{vY!2G{N47*jdhPWVlM zUkMsvB2sOkE-8l1`Py5Mwx@^+p)>_T*)=d1`f|RniM5%=h@U5GCU4*i!t;O{3&<>e z2^6OhR~BBaV+sgi_<~k*(6EFKK7+rh2&VD{q`d!XeKMQG3VkN1Uq3K%7j7Ipt)UIR z3<#9F`Q3nyVEPUfvS$K$QATCIh9ut@F%D!E&`<#C(kAj-Ba~l6HxND_mbt&(nBVZ`%e7pC)seSZ{#md5z`Ec%ULOremw7K~AMksiER*lSvRTtC{14xUTI^a3l z(0Z7EZ-N3I2+_xo`1%{?$ts@|=YcVKNRM|8=-1{t(LZrqXDl!23-UI)8OT+Y2GGF4 zBUOI&K+)pbr~1dkfrd>DlJOJZ#R+6lk6gYW*=xuUiYGu@IA8>sqEI(D{Qt+^o5xex zxBdQC6BW^L30Z}N%u&fKlp%#=SY}~SnF-0Tl4KsjB4w&{$vlP3B-0`q3>iXL<{?YS z!m^KZscU+!=h@HR&uj1BZ$Gd5kNdtg+_BE{JARJO=Y0r6;qf_tTeJ=x6)3orhay3o zc&ujPZW}l4xrssPIl(ME!|9&!$Qc)iP;h?rnoTwlp^o6Q7-+bUbG}BU`mDTzszy-(dH0{H zlOXWk`&}XGsU_~a>Ck8wkN7AUQ97s=a|cbI4t2G`FRz^AQ7zlc4aG75uCxUn;4b3S zaqn_TxdAn3n2ENiV1;$47)M5^L~)&8-3Ifz7>$kaJh9@-(a8!!=y=;LK%VsKJ2;pC zwFHT#57D6Bp!w<623YX_8T3D=^SP{HwnM&-))FU50gI8L*v^Uk?UU5k^p_rc2MT=c+K z)SL}LPlDlS0pKT;^0<~GV%!Kmp4Z(iHqL?pVu7>REjc8{;&uSmQ1M8JLZ?ew*S)QRpW_R}z`cyn^of3O7RfV=!Qm2ftq9 zBLGEhTS*pb(L>TxLdGLs1<}W`rL*Em&R**yH6O5jHtsG>M|HWt@L{tEn4NE4qj8F& zx3ZO{2FAz->8Rdr7U{Rpd2TX}AUbCM*`wJ2O=WaW?`~_p71h3nlSoaoCs|&HWkdDP3U3>pSjEI)-WIIf#_e9l_ni(UEgJl2*?V0ik#X z1^wcU5V9k5sMcmwj@EwW><%Z6BX)=Al|zN?fT7qd3fD3k?V`?kTr;2jkuX=m zXFgW`p-6MZ-tAI^t_k*IRgx~3dI>jhafHp%XuNiW!Wz)?lppmH)&b<>GuAIr3@h!d zl+Qk%aS)}?h)^-Wr+8wFh?MNphN>As&!Uv^*78Ikl+PiPYhEJ<2qd}H$lwtp-JGLy zO|MFXnq756B4eai8(pOnad{s{@l!b!X7zHJjCBvR3u};FBN%KveNeF*nbv`w&uWNvUPa& z>;u4w_X+F^dekw0EkR&|&{5Svx-#18PB??jiK}-xbw2f;Q>j9;pFOT_`ewJ!g@!Lo zd^ZjE^Fj`M{MBH!4s1^FQq`$Wfg|nuBDGiOuC||+w6*WP=wJrV8&L7CgO!~0buS+f z&fZf9XVk;D;j^~JWwM<#0~eqaI>txgz$|z?Rd5(uGh^73o3Jn;=gj`>P+qJ3X+2e% zma+YlRDzrFCuNHL32Y**g8(wXL23tN9uPe?;TW4oquoa$*4NfGOjhC0;<*Ke z!4Kub2iEkOlSY~U$vs@ESClwG{l%YDebtLx152|8D#kPE6%^cmSf*YXo_v6hIj0?E zqN_6jsENHAO+69 z&bogMHqa9OTH5{B-1!GJ?_YE0UvuYQ`_8{k1^@rtMx8ED7u`hNqqrnHYj&~>0={=A zLEyj<`K?2WrW>Gthqh(7 zu(2ba$g^MlF%I?Mc=!kPi>V7Pfe8IK?o@O2mU)0s4YfcHQ!8>O!lW_04w~{9OEmV-HlFq`PF5m zTiaYJZLNSW5w|OAfsjx?&Q5{0hEIdc_`gNAAfFKGc_FB9YUTiZ2H^#H!z%|--v$60NHMam`Th<7-a>7D z-M}_h%JEZ7@d-4eHdi0>Nz3m+h~#oHX0P`_7Pw9^G=tRBao@Y=;Ino=x{L1+DeP0S z)Sd*y&F;G;k-`AJSQ^dEgO?mojvIN%_S?m{p>X%EUoS`Ql>kU*^s0J-L`N?k{uv(C z$7qMWNgsc^bn;8G;CJ6!h>SF09pvkZNAAR+ybiJ{*2rbn4OOS=VBd|Uswdgi1J09> zC3X!obiPeFtgJO&{G+UC{UBU!GiT(hz&z}D5S+||*KBQVJv82yWpg~I^=kbfh#5TF zTwSyF=8Q%z7>~FgTg^h>A4_gDB!SaftZ<1wBL_VIk(JCgt{<=S2r> zYzTQkvZm%_LLKW!W1elWK1eC4;6hjdswWufKvMmTavTmGpqT$=1q!@!{T3Ul9xf?nOwP z!)y>)(j!;jC&4!gk{#dB!Cs6P%Y(aa9HMNIe^CWYECq(a_azq@9H_i~zUGM^cL=rO ze9Tju8N-+dRS42{-fF)Uwl2+$;jXJgFfU-Asu55~ku1dK009Zc##NNAJ}CP>AO}Gg z3fkk448q8D>99|Ezp_MIT@1~WV;+T{IJULE=KH>2Uy%eq^ZD0|nCef=#M)p*<>r1b zf)eANSoUXqo}VRZLwwQP+;|w@+AQCFQE%@0_8~w29#RG1pLYW$SMq>A37)u=f&N;} zNd=qCXM@Re4MS%OjX*C;m*sEsokSXM08SjF(=A8%!ontrL**qRA4B7?uSS{Gd9gDi zav$8o#=^j4L3b5v{X&h)oD;ymB=!<3<9K1q> zUvP<`M8Cct^H;gQne_17U7Pv=a3wo@C6iK+6w_fI%yHE+SU!dalhyLXzG8s17r_tQ zTTk9g<%qlnK@tmEWrTD6V<4=_NyGBcn=Wf+3(=RUa5T#s@dI4umoxXQZ2{qh30qy0 z`XNu0DLf1682%)XV(--qU0IXc0OEu9(FcKbKAVJOgq^YjJPhJ{4?#B?iclu>6u7Vn zfxb>b&t8NUCsZyh84wY{tXyDtw4C2W!aJ86NB?SShr3HR3)w5%z4v-z=xsv3X>uEA zsY#)W)V600q61;1aA-pY4U!dzbUKurbJtg#3nDM+E<6XQDKWIp;ef&?Vh>jZM31*U zJY?-#5}NmtZ*cqqIoT_?2Th*s6|r2}-@QZ}qrib@Fl~(sSH>ExbNEkxsb-B~s-;>_ z>^sp(CC=kqdAc)8tWgDVrHF7DIGAq3Msxu~-G@Z!y>s_xQGwP6^u=QqtxR%Ez1pThkEvexAoA zcXSn^XRsKXl8f7S%!1wy`wL3Y%EnF|v-InG#W04YZCCFi<)^4Kp(sB1U$roX&sRd| z;A>O1qk*|QYc6=1`3)wQV{#ad$TPhYtKaR@bPm&9b>Ebl`uC*7`=3b(r0PWp3!9#J z&H6?^a}c~AB!1X`lLri7CE(fxDWxK)d}$|y`ifEeV+PV-D;=a93xc*0YecAog`xot z4S%J@E$>e(xEfDe3a8TZGDLBY*I?3Ab*qKlYo=^Hcv(H?j%{#=AayaogC7M1v<@Yc zfbQ}8bWDx8*BnW6z%~E_3h54j>;Zq~I&Aj7f!sC__Wx90q#IqcH1`_1i{V?-80fX{ zSrV!L)1hGJ7ZC@f2KLS#2yB1G1mBenxT4z2yV(|CQKY96!31;mKnUTRco>8ukj%o& z0Z4Xt7d=oPaJP4VOTQTUZ}PY&{>bBsF(I*q2>Om-j~sDL=G6VUF$!0l172~N5XZL&>gyB0c}4iV#kITtG! z8r<^w$4jz+=vmCY0Ehj!liPc&9Mzso{zNk^E~`S-Z{Un6V(k5?61U*`>W6iYFG zoSC!1URL5|?NhJ3*~c~^dG$e=T;bVmUw#~NfKUOaE{K;V8=3ii0=MOlI7v;P**x_h zo-&%e?f+%qI^x)bdGCA=4?{J8t1RZ+_Dur)kwXZGbEhlbK!R=y($VgX)gQj%KOC!@ z-n!0|-KY=+#5nQ0+utlu>8IB}!EZRrtv_mkRESp!XBt!)fleVAG>Z6OA;zRLaQ6Sl zz2pD&Nj=1LdX+(Mc;rc83XxsCi5D_jrX!^rb&|CgcNoWJ7Z`1xgU*@5cgN8 z2wWRzU#ez8ASoEvvKdu*XaGL7-}%;8*<-5ZJpYa)`k#V@|6-;?<|7i$4AY2%sr}xf zD>A^;_uO{=yw?ibD27Wlchv^=KQfa0YvHf`n?3}T04dUj;7_MS{(0q}T+0H-Z*jS3 z9ogHaep)gkJQK4=oLnp2 zF!PCO3NxzUpIXCR`;nH<{Kv*{cAS@g7lwmsADuga-2aX}{c-xkZCGOT%JqFMy6_{-xPpLJHZTtqs)&OS0w*Kxi=jA z*&*&v_Xc_D|L{b6fRR6g9moB$HMV%*cPP{5-66{&8@OFN{y_dA(FK3MTkWpkkD&Ys zn{IKDK%U*E*rx*>V*U(e3gXu?o60k?Px_w`nf`PGw0EaD!;?-S9R92g=NIgVCKBo0CReiYu(F9ZIuDh@srtPtXdvkeeEMe(O>p^A4Jif8)WN5{w0TNB1reR4<=Tv@!b<*#|L_PZoCHn zo8!A|qaD->H1vCs?=5!CgoZ9MANpj`H}L=H>2vOHR>;5gt7Y?V1eN+vEoHNtq*d%pgizFb1HA zQl#WjG0>D0vcw=It0B*&$Uwb_I7MsZR$A+Q_N-k8H{Jlw;nabtx$?!|LhOwAdyUEQ z6wF11O-e|dh^n#Pp$$*y6qKh{#m$JQ5RR(I`UpAG!{*<$BHhT?3($Sal7PDIzh5Jv7M_JGByCCx?A3YO9}$INrWH@OP$0Up3Bs zqZ9{vuc^0Le|Vh_qK4N3%ILVWTjrh<6!mT2j%_j%7g5nyP;W^$(?05&=jP^PV(wkKr56euK4RFo?Pbc`zoLu?n%%HsG zxEFPhW#qRQv@W9kf<)5;-LEv%@MgX;jH{^oykVc16c~WV<3uATz!> zNN%kC;#5x%;P(}L%D-;eU7+Sl`QTfQXY7#>`e}@OBTmt~@xy)au)s1}z1bu#C9xjC zwaK_7OJ(R2e>8|g-A$y3zNpgOzUtD*?}94K#Kq@edJ@<%(IU}^)1Abl2M9WHa?XS4 zp?t)1cGx+XU3si+()ZHij-WBev3ShuqAa1rP zOGkce8{vq3xq!#O{9Vs4uWE?x$BMQ(5Bq#9pIZ1U=B!%I0E8pgCd%Z1L?O~f?@ydF zm_gvN+Xf1-v*0FlY+Y_3w6F$kS0`tLV4P;m>g3!_x`d`W0o;?L13j>V7NzzSN5cH8cQov&Rtog9~?T-_A+!CWgZX^V)-gg=? zCg>jVPH=>MQPi;YJ9$Hcb=Bd-JPcCbk-gjvyG2j!3uO3g9=b(FC%5L_u7knHCm8v* z?!(LLLxo%!x+wOoSP`2%i$GfdJC04S&9jiAoM@AK638F_bq?*wiWRev{RBDnatQqern3N8kiLDXUaCjonI_oG+Q5j?VU{N4@j&sV{1 zH?A|*UEOzL@PMij{>{E#!C%YVzuT-3I?OFvn;o4w|ImT2(ZIXfN(El;$1iEjJ)q-D zhU^O{I#CYEcH599FoRbpO<(}lg$SaXkm)2%K<@#Z5y|WW-GwA>BB-vLFHI6HIZ<@uCZaU3yLBY#e;YY3biD0Ld z4ZKMKsFuYmFpHTj7~DgQnC<6>IfMq><|;N)^0_`AWO)>TrrHk+&Z8Ha{XdWC^1~vC z#CSZqcst7$gM(={%*xSP^*`ON61fPii{x9W1AkH@XLjwU8Z1%$Lk-3s#bt@Xe+h^M zEQmB3^3feROZhG3z8{VIGF5OxxyR1^=-Y?9sZI+<+RaX5e-VNiP{Wo2k-ds7F&O*0 z6@<<9kH`9mlAvv&kk$UH`1X|6tmz*U_Ya2;)scoU_NoKBf(c7j#?gu92OIs=3-R?< z;Sn)jtEIyZCAn?KO1!@Fmn?LzI1P;N5OJ4tZo@+(#>}6u4yOhAj6ZcT(9zU$1k5h% z|J$$WrQ{PEc`ULd8lX%Gf&Vq32cBpAbNj~G;wm;)$?~d9?{8;8HTB7# zluaa#&^D+a5l<$PudWjwk4Xv8huhC~Yph=lb*X1{dV>CUBU%4fZjl*-w>qxgn(4TO z`s12xHB?RYvwHBqqW~%9wRY9FO-d^0(|K#^(@l%osW z%G&>^4t@Bcfc?E^)E~scN zKdyP7I7na5+I&(}?BPOI9vxH!lf@9Qvw`Ey9k7z1dk+Ha`Hoc#43wLX1m^H-``dUyv~{Z*4tRoj;0EZZ-R!{ zbfAuwoF~r;`+p^ro*?RJ3Kd%6=t|^}1-$KO0)0=%UC3bty4YyY(|qaT4?D8WvdN#$ z3!ihLl>@iD+I7x-Az`#Z!Qn&${FJ@=0ZMgOLl>b`xlPY3L@KPP@asWfzNd(gkNax< zW=k<=>9s;!$pid1N3>8nf;-{nb^=cfv7P6ENHid5G`BZM+Nph>3fuMJZK$qwqQu3- z#|)&{A;^Z9)|MuR<0}c>!)0up zi||e;B^&^_Gwdh)6vehu+A#75?p*JGq{XROqQm4{{UG)s1A{|^;G zMou;o0H!07=Ucobt3vR(!q`l*qFdhXwC9PZsqD&hp6^KM6Xy(FQSL$0umTcv^NuVT z%&or-y^4MKg%yt|_3GcEq2y{|(xUF=|5&-Gzd$y=b>E>gup%8t1bj*am;w}|l&Lhq zr_eGRQi?K zT~y)2DL|P0xA~L@y9zyM;{{k{GO?ew4)0B+mfzR`=fsB=1biWKgN>>!LA%8o4@(@NzQ?(6T8tkcv0}ff-f=yRdQnH&aaq1s zgYzVa1BPqfAwD?MF_4s*#lD^grx0LwSaeV!Prflge)6Lgv|z@*%RY#jq*u)}_q|=7 zlae3B%_T^@M{8hwOLHaJJD>D^+nRSX^nw``%aDb&KaPgZIy2VC7uC4me8ll(mR~WY z;|AqpQidi4C-`HEBH<&-7-oghOo0$?wz-4=Z+#{?8EKjOe|uI|sSqYW{53I=RMaQy zeBL^2ua4IlqmQ++eA6HSEPD8{Y_lu`L4Gm@t}2^q$b*LWMF;!0A|y9T+oUHpKSE1# zuduO4al&Stm-A}wSf>4|Rv7sL%u8&InIoLAE*uY*&GbEaAg6E`)~7+6IypnMqXy&t zb9`YURHyb^^3hS({K`P8I30HxtV`f2a?L~*myT`hf z&dDDp8OhDLc1mE#-4P@{HPh%*Y_haf{Ur;pjli5lK8^E1yCg>pr z@a_O#6zy>0{s&$7H1_PT@I>kvNNtmI-$=lY%-&<>P`*CvBu>a<{^0a33Mxf*)XPy7 z_J=uh4mtkV8FtFT&fwyJ?)CfAc)1TH6WD@(f!*sv5xDh`4PtyZBI-KH4dzPuU+ye* zpkYB=oGv_fhmFpp7Af(9QiH6v7J`_pHd#cbt3&RneXMpZ5M<+UAi4h9@Up1rkppaT+r}n?Cg69pSQ=q7)t{gbIc5cna71Lc950 zl7Ruw=X`4?!J$le!i3o&d63N!%()A8@ZBy{QGMYhHf2=g#nHzOdzyMNXP2hlp>Y zse`x5_9&50AD${Bme%HmxawuQG=U@1OSj+MC9Qn@0xjLF?!M9E^_Y9qcPw%KjHDpH zcXCWomxE7mpHSDoC;WmI_2NR}K+hEt|9V1sWTnACQt*u;BZ|MZ292b=%_zr$F}i7r z$m{FL3!*PH$ua{UvVa)=E0|VlP>4Eh>B#2Z)z0_9x-tGq@OP zgQX4m7R&xo`4Ag^!?U8XE*@(yVE@HpA7-!F-Z;ppa-Ud0yoV1(Z6DFEQDn`%Y+&V; zKShUBzSiV8ke&)~%!T=CgLZs(y&4kt;7=6$O+9IL9f>G&x(|{MaI1Y&qI6iWTnD2y z^cB_U1jD{c9JrnD_|o4k-3>q%t`*TR(B$+TTjIs9aH%KuO^8{7{9i8@a@Buc`b+L` zGVP261|L0M^qe-YGXG0Jq0e1kZzZRL{^mXn^X(5Oh$A#K7S$=|)l7&zCN565q)qcB z+XmG5auU?^j)jLOaD<1(38$f_`!BV43O$jx7B{dGGkj?BN5lJL9HDR%T?6&1rC^K)>&eXy@B^m^@Cqg*+oM6V^i zxyPLSNi(Y_GQJ-fiu6_=cstb<8l87n*jKbhjbbr3<<8lz)c5^Ljhs6o5~A80%-~#% zNRXnXL9#IX4_Nz(yH2*J9ic8!?sr)v;Ui;5CISmAR#lY{&oU;sfLe9#%P@xAr}rFK zBZ!;-#Fzn6Q;5o<6>Gc%3rvA8gAy~;s*b#&YID*_(s$VOs<%O+-)r_P55R!UJ_kK} zUqDtBj7?k~^6Xx@e>qW$JgMSKXd1J^HwPaq71=^vSqL{TKM8b_Bs5bY2Y9*42 znolEf(EEEp^@=-)_bi(;vocKY_cqi>3Cl4A&b8o@zk^J5CoCKXzz|PsF*x`Tem!)B zOA4~%$;Uj91#-P?E9hj~s*rWy+X1SVt@Uz8+qDt(vNwi$CtO^Xz?8WT^8`7B;&W^u zbB!z`J=#q(NYM*z66bI&|1tct`i}hQU&1DcV+LG}RAcJVdxYYT4V1rn%Hp1IoW)2& zPqg&SVWBwwf$|m}tmL|7I1fXGS&+@G?ql7#{vI26p8WR&-156njs9VKx3y92j;b8j z9POOAQ5S{fL+hi3R|t>0E-g2NW;^HPxaF)o9^R9F(t^XSZ(OmxLec&aJ4^rgbl<5< zqNQ~eSZ6{-sGZ~OjE}umI>rN|VdaYJt63dYpXbALx(An-)jki*E-G#~-R{a{Se)%v z`#gW7y+Vgj;bGNGwcHxHC&BJ!l1JObed&|8H~Jj3ys9S@#><0b#B@8c*TO!wc+gj& zwT&gcQb>=?=O(Sg!qZw~_uOt{71nfk4vmOGrPSF<@m5|PWUPDj$xY|=dsp>bF+XV=9iq#^<4vkYWlcP z-_!uv*xPMr53yl^6}Pe8EJIZ7U+oa8J*~Y?5W-GqZy-&UaF3|s7*|4ifgCP>sI zMA8)MJiys7KfVHm2RJ+c48xxkohJ=DiZ*tz3)z*|=e>u~nI&YPg%oz$ zpYRQ8VBg4;CAaSgYt>}5p`0$p`aIswq_q$&t8>@HL7~4u8{^Qh+vNH)GXQ8qL#mZC zd)`J8(KYZPG4qgi5=D1xNko5{+Vb7^`C=a2&(_nSrIE{3zhLNdu7b@QOtyj3_%AQ6 zWJZ6XuRMfwDL}8E2NP>0Z{07~YUD!lw!Xc)E#F6dncs^Q05(vYXM+3U?X#6=vydEv ztczmkEP#xSenvkT@P&5Cq)G@|-AS3UL1jj+wK9B6A&jehaB8u*E}m_is@yz3d#hYB zaWIU#bXY}AJx)I(Rb2Y?0_l|1!c8}+&xhT;6t&yVrRsj;Pqk`$F)pqx&6vO=Fs8k@ zcH0&gLlbX|?g&o5t&(6Y!FMgZTQ0}pw)IrdjFkD^m~>J{M6&Iu1Nvr3KzL|z485t?^N>F8%yHi|zQs}dKzzY*xZFGjzrW1_DCj3P`AuB;O}{urt>?`y{i)dz(9n@wi!Zv%XZ_T@*aa(IbB)=^!?gacqyN`A+j#G1+Fjyw?F24g;_KD*B+X}45IVLISoPtuyD}s zwXc&+H8+2+N@HtlP&eP&JKy&FyLnzMoT=OeR^k!8U8-5{72Ds%nn+o+XV4y^7e%b0 zj$7+@Q?uzMn|+Ia*Tw*GgdHp++jNiv*ETw*{lV%C{)BG7)!I-!&)sxGr_@nJqso{& zXN`%b2l+l#3wI`uMIqHNutyoL)%bd3UQ34S%R#uqnAS?g?p!Zm`9B ze((_xI}RHml}__L-TSh)mc@WAY!bda&#MqiLcl`pTWYDyPEf=X5 zb0gOy#P|--HNroJj@(JASX7|ioF>zAHbDE4^>*mcx-RY-`4T0oQkozp{_G0x?Z}T& z;-$-dQ?scTadt3Cq@ATWoTUyVaD8q~Ke9fRo_MlCr|t3Oj4|DC#+K+=wK600`&q`4 zXI(lupM}y;Wsc{Bn#Z53d9*~@#p*5wb*p7G@MYZAR?LYT4pYm41JKmFk`FWbZsq-l zwe2+$xIf!vPF@nCswhb>7OQaa&gvI6(SOGu=t+IfNpVgeo#7@~(ZF*|WcQO0`Qyts zZ*Lq;4bEstUveVd@eoq?c%mx#F7`R0M)x^k@_qiK{^O=}0f7&1C%9!-RKyorPD;la zvg7!iP1vOPwmYqRkYpTXZjNhoTRyh6NO0+Vu-Ii{f-na4HdvxLZ&Chp>id+Vu?7>iNUl-c=pxz+mJ zq6f=vqh)U94l+R%E56(6en?`Wma#{77?6-g!*{QIedP17zW()&BGyT$OEiti=iQZM za{fbJi+Ef~x=;>d)K93IRY(FA1K1#8OT;YXoLZMEwS1?RDD?ulH(=3;wa1%1t$toN zHdRX7IcRi28S*Xblp+7~j*<6z{YyR6p{N}nDdlr(b_e+0N1XO|1wgfu0qlH`_apF82;gaF-k|)~UxuKUmCSyb-MI=W$EuK9} zFCm^Y2B&3b@Wjw-PhJb&qS3-w;kW{7Y#;vGl@#J={*7h3rzu2ctN1U&p|?83Q{^3a z=fzWR(_W~oejvswbxWBgE%Vsi?Wt^zDf{y40%_&5rC&Vn)7s6sBw99SShnSy<;~!A z&z!Sr>oPIO>0U6f5j3!a@l&#@lJ6IZA9%ru)05tlCS}pMS60R<@YY;e%Rbh&=E||P zo=GPQfN%2nYFXk2NAwm5ca<9OCE@D0g(FEHq7w(K(&JY@S%@$CFFvh~yS4)Nr7x1vI$r0H~HE9-0x zN3z$))`c3kxRoy5y7e^vM%|Yl!bqYvii+j?H(HLcsM}#NADgS^a}WEAcZQP1%9hWG zPsoggQ`?GGJC4>0J+z6xHSj{-MZ95x;AI>!A=K%8R?fIt$_fS|SIUYBuv(>SeTZU>s7!4iHlr&mp*U36fj zG^~e+O3{_YU>edBLTigvMn8qP4$QIZVK!dnFQ$9ve&Vf-ZBk4)v}%1`HTV6mVg4gD ztDo7u5+55M-ohtuj0o|YibUKhKd{-5vn?oA5HzWSq*9{ME5NTi->XMtUp!J__NFxL zI8l8Cyce~sP@KS>k6_>33g`K`-5N8eJ^WmX9;XDbIS7Th8*EJmicqsBm4*h{;IFxAXa; zLeQHXkLK7N7jKkD`y|ugYWv>iYm0^Z@wR+12}S#wwVjyd^>lf=Y_MPY7anz!h7Q7V zb3u?VE}k8?p{*T&;l$xIMhoq{-WR13p9Ya|_*wfLZB6FLZe`vsd+Y;FT%7a6RjHLY z1zxKGb33!OtLFvzaNX*!Lcbch9qvxHeeUF^H7afNekunH8hUR%gfbS#3b4ht*az(Q z#Op!^$v$m)N&=KeWy>-_Wu5EBVpc};No|a zi}je&EN==imd@jx{?ep2d(5+MHR+=XeCbV!S=qFrFAc4RH7<$X=(wTKjJ;zsy`Jo8 zH_&?^t?w*UWT4z6GNAXz2?j{l!O#Uqs>}iF#2&0(1CtAdgeNwc^Dk84tLQJ`$oqj3 z%5%O4B_RJIt+mrKwX$c^rgste(+suMdDR`2UXsrAn#51OOhk9$@QZvg1*^PPffyY= zzBI$C9aQ&-JG47+u!2u5F{YnhAu6P`>=EzN||6+y6(q~W7PW93?{fo*8ZmBIdfT+_f508W7g>xw3{pfFkZG? zxHGZZWiAV{?Tk9SRikDz(z0U_G%p_{9exps_ob%K?!LmD^_hG$NvqSkK!0~yriFvF zc>Ho=rC_>&&1iAer>E6RjF9FmUdhZ;Z=yCZFesx?7|Dui)v$jY{qSolnCoNM2sk%EcoH5c*U_`p$L~_Xb=-Oof%ie?_LH)oQt!dc@yX|n ztFkVtI_{%o?0iz4w?NaqutO)RpjD!IS=MX@r_1YX!l9|x))j@H;(0%%LinoS#p3Pe zQMF!2nl+5s*~$?pDUsAMU5IkVzECer)M`!4sVXuq7+a@b?6AdtX(Ha?C`%O?zT9bo zD#)1{;E+{IaROFARAt*EWr94kKL!nabB8!l1(ksR$_{ZFV!B;)Y15|*H1(FX6N$IxGc`NS`!8Umi)^t^Eb=AgkHH49x{kBL6jeE3r$m|b z%;IqPayt$jdt}CBAb~b*y12SAqA6WZvn15eJMRL&Zegfab~f5|GSEUgeKHY$y4Tb~ z8PlGlshDxhska{={CXgw>G(P4{!09LWrBaY2k$EDr1b;4&oHOstP&?yS$j=R)blo_ z;SC>3KOJ#IF^5m-@_OXEeV$%ojKE)gp1(g=Sl>i+)vbStQEz{DRjNK`pmqPp<*7E^ zaI#D95+iqUnWlSIVJ9#vlI48YzF!PWB@ZrH`hkb_0SnbN{%v+yGbYk=l`S!Cly7VqqH zqp+$g!}@^Pq1m0IlUV+AG6=JiFns}|jM0J(Hr(psq6c4bmKNaHH9jxBo-3FRE7gx% zPVc?izGljr-fJp0W2_)JWvz?}7|GPx1y5^9r;~N+iY-S>h7xBSdlXK~a+L;qPa`|B zvAY6it;7F}*-5-iGtLWFa8HCUTAMvu?|J5%{78IyX_ZKNMl`a0%X3W~X--6E8|3wk zB;rX5UejrrDI$4_eGh1oXZ9tN4q>D^rE$83Y2|4)ng#3Uzdw=Tytkk{H0=Savp&|g ztk=ZC*uHSF({_&MYM<-jv6FL{U4){A2)qG|h`CQisrhC;TBH7?uQcQuE4`|Tfyu6E zcWAr<3&kapjP+3*O(3b3h*G4KHmO$b;8t^GHh}Q><5C!P04{~FY>Xkkl+6xF@<#Ag z3N02n5F=05D6j=K%?M=mg_Jf=TD%hfR1l%41JA5kl6bKdJU}l}oMO<~17vv>OV}U} zpR{o54PTPuovOrpcQ{$Q;PO8*6jeRc7N1;VyufQ!T=mYp*Bh@buNR)Em1v;7Txw}g z;El_?=M;my8?Ay~le4^hd6}?st6;R%`JD~XmmAG@V!W~@14lw84>IZ5#%NXEc$rCD z3_U5^uG>w%dyB(3&bd(~-@-}>f2)tY#Mq6)_cq^l={0GOdhI^fk<@l$z3{Ldb_;up z2g!TMbGqC~B1Xg*l?dWlh%^gg`Ygej@uT>cHXpPjkqbQA}V@zFQ0 zPFPs?FZvV2LnsB*Jx;&yEdvb_Vb}1|H5bqo9*E`FM*lit)0)7 zy!g+$-8q`A*WNBMYTI(eW? zN5@}U!W?a0NGR=!z^7*#E^R+ac}+KB(5-gZCmFcztsJVn&%B>I#VEUCoxf$oB#2(( z4Ug2WB)^3%M`c67>znLn^4<9DW>FmJ+nr;sjY^4c8y4=BdiemaZB__?&ZVpfJd4-d z7;LE>3(O*~D!SbDO%k6~X0zimj(t6Nfr?K&o-;5*Uma!DmX!>v{4>@`^XDQdPU}mI zi!v>hI+uD)j=>smo%`Bf$0@S)J79_bOGg2AT)3^j7Hr12i=EodsbYQ?TQ@)I1I}n| zoW@cE?Gr;Kei(f_dyOrOSEXYTMzheJ6}SvOoPox2DIq=GSiHAlEPDC&OPw&o;eM0F zN8-f5sWJSReImC>xmUL5_j;73o-V(KCbN8Z+HA%&&h|vSJXe`Hh9-ouR)?uH6&^RN z+gU>SDa6mrBFM=h&CcUVMofW$=_xth9DOBTf7tQ(a82(g8J-r9?VT7$Q_H1s?D}U0 z{Yd~tTALAy4hZeY485(%oc~HsQ`{q=GFyCLmVS{imllG}_qI+6)KY`z^+E03Uk4=8 z9|ZRN*#Ct+e}7RG97*`5GYmOn!8E1~&mkiNS2hK^Vn()>4jgihca4Yat}$GHUpZ?l zQ6SH|%Fx^)jT5pla(oUq4=GiBLEEfx&hqR@&Vr2e9C4@6kIk0N4LOfEHoQJcbq^M~ z6F++}HVPflJ6U78pO@((KgnN|!J_7Sq^8KHZk1V|Q6ZufyK=GG~;_a}lhS zH=IINX}%Thkh3>|`|#Z0_&2pww~AkP5)PSlUuTIce-VT3v^~KV<>hRII zzKyw_j$!a3`kh<9>Q49U5Bq`aN(2;2k$~VICX;r=w21!-JC`+lRrmqdh}Ktrz08)MmVHL8z*&J9tatqRPU_3UTNdqwY7VR z96J&o&L6p+XvoV=@1ZUu+$o)K~d ztyA6+Oo9d89bJ3ztjd~k)=RHUkZZ^)IdOJQda~buS!1eI~vU?Ag#g3jpcQ_3!;nPjbW<;{v!v!#Z+ch^=Bd4QqG0FQ7 ziI1TR3C#w8g(Mw0m#&o$THmgNMa3mA^2M9;%-i&J*>PDTm>+LkUK)SY8Gfl-bM;a> zvYBEY;ALN#<-bHptLT%(VGl@{j5gN}SNQDFVD;@D&xe^eX~qU>FRm3wrK&7niBFXH zd^lCL_)4lu@kfni(#_?5W`-Hp`yOo>9$s7$3Z)5tr3+SV5wl}0H`6VM7xn6_Gq6>? z;#nW=mM-hJX7J`{w`J^YOqvx|s&xHq*!`{3oj6>^*l5pcc-&)A?^pw^;Za7Z^?bwS zwTute_$d*K*~cO-6Ou&Y<2k(KoS<8OBd?}7Xgy^pRw1lNDZ;Xc(CW!F`O zzO2rxyOS`hW>78|VRxp?nmz9G`vXns#X7q%VWiSfL)YDba5+0KH;B7Z~Xaw#~jieKE(jD0fys|wHwfe`l z=*=YiV|))JMzM$eV`|1^F8fz%bD~)HOGB@&OFLPsqYL+*W%bx zxk=?53EyVa;`t$z!Ou$p`zb3myjW=MS#f6RhQfvn_N4-ERD+%h#^&p^*_V{Y9NmMO z%;3CdhK8?UPsM^Fz*WzRf}xiQx05o{;Q=*Xh1_2+doev0!35=?Db;c*rpR$Q6ovU; z-=22Gs}4yp0Z&P;4p0K%{%xSJtzK*+--&Mp%pEV?U4ett^y+;BNMWz8X1#;;QwxPz zhsgrRF@XjWMK?v)_l1(>E`gFwBt# z)C!pp1tl{cwbTpEvI$2{UeXUcpGqxVKjGNX)u0}0$1Ud45OcutRhPDO(?rwB=c_y? zpBreqe_q#0O{JdE>6o>8Af&ECtXUdYqHvSKZa-+SFC zRynGg_iD&jlC*mlXLL@*#F5>x6&zP$%Q@RxJQR*3&6oC_c8oI=C!H=aYsnBX4^(~4 zjx)KZWqe$qs}lb6HrB37_vH@x71E9mGgPS&O=<>qPF;@QMu_sMLM!Gpx0_WzIAvT3 zBaw>Ee{d?h66Pkh-Zhjin1-6euX%+_S~AG599bq;X#1fn+pf1gS6eAdJlp!wlX53E z07iNKcJ7?1jn+yoMQS?Kr(3JRt;T87FYjx0E=!iuy^WD8{$yB0T5?N=lQCH%X{a$< zt6p}|yM>f%%v{wd&7?pixo}`IllPPeJpvm|UH#*ns-x;MXP$q$K&ZIg#7H+Ku<^<| zbK3o*bK=<>-Rs^fYfr-Q19P6nt`%Rpcfa4h5+JY7BYe-6tYeUPaoBV5Q0uC-VTsh; zHWQP=$8~A0`55U5LRgTG^Nj*&$x2V{#dt|?GHZobg}3{}2@_qcV1{9i>!LJXVrJIC z#*=s@pYs^eWDd6>F(ll*QFJ+f#!rEl>1BUE9ah(t=g6sGr8bOq&U{1qB@^tjL=FnO zx~km_mJJVq9Je{nr1jNj`3tAp8ry^pO_FEz+>`P@bxnzu@^Tbf{w^-vC*TfB?9xw?SEEe{UIcPeZs7Pt(>FVxQEFtM)= zi0I3Boml@ZNO;QGGkw{5;nJeCwr+M=SsPcXG^aIdSMh$6K1KqmoYWQVHn+N}qdm|z z)M)(J3ma~n|7F*@MS^+8GC`X4%g>;iN72%R?)Eq1c-z@6fx>sKbf9Z{V1iQR4}MxaEsr@T8k1)oR$BXaf&^qNE01 zbjUQOf)vEBN6MdeT37&23yDVo^X?5JA+*cH1!Fw#oh#**eBR-dCUk_*V0x#fPylkKd)dYpfTif5k=7K&?ICgu5}4^e zuT7(&35ccR*Xnri<<-$6e7yX@Tm*#(3_bF@KrRYfahY1lruS)d;ZU;lc=h0yImqQ| zW~u6ly|}_3mI(yCcP2>1@hdfb__qo)i`1`oYc*p<9L{#?IU+4o-~>WxNrY3>^AssT^EZS(jif{S6a7Wjn(y51}z7<>byXa_MEEO3ro5N}gqPeXcI4jr4f&AqH`qYR&G9IkS}+ zj^L5iWx;5dIW${Rnce@O?7icX>cfZsyQyhvW@X(D9GQlLwA+;;sg-5r$ekvck`1?s z8**2cXo{npEj0}j_k!GtrY#39QbckqDu@i9<9$EB@yGZ1; z5!25?@k@)s9^bs|5smboY9LTEse9o#7r1dvV_*1l`N^Y)2dX_L`( zDO)ewQsmj!5Fgw6D26&=8&~h*pDJUQQ(q7q8gA&9m>=?ddPnK$XgCb8)_@g1T)Xx6 zo8i>%mrK>;Uh3kF5MXjHlScBpPIL&H5#L+y+CvYHm&}N8Gt)|C3HUIy&g-i zOCJj5)jwg#U6OjUvw4U6;Cz`Hme7Cg<+kBM%6WyVLXM$a$->X8{AETV?L+e?2F1)s zL%m@=Z8;Bm87HG>L-21&&CTCx+a<=q_8tmW4_{xW*^e(9vy*Kstrq7O^ukMzEzYb@)HgVJ-`8{X`>RI^O05^q;`OVp+$foz#1~kq{4;%UaZe?hCF1IfIO^Td2 zJ#?E+#o>lM!=G3-u#5t`6tVa|F}Pl3O*Z$--nyb?TXx!7yP0%{rOblYq@-o#24l16 z=L3Or+YVQVOH0s|I|<>YeL>W)%MoWh9~~XKTT-v63Tiw9jNf^|O6Yu1JZfJj^C5L^=}E4sO~-5t`XKbi`m#ES}`O5|he zCdixL_&B}*bYXPmPcD`Ac(l`&OC2ehdOd+7;9N!bfQ0;DaC^;qqWpQM^6k@wgikr+ z&-$PCPZ-&QSq&7pCDe#Sa-M7EJnP1?f4E_~otl(;DBVVCL6f-599aCe-xs_T**MxRyl(iYj5;U6LY=E|oXe_N|$fiZCLS zKB(`saR~!0#xg*Q@k&geWz|9P4- ztP&&K0xIvfQqdu`r2tSKSd{w`_;J|z_s%5S8jtRm+eDV_2Y)p^N0TI2DLfP?z5|0K zff2}hr9D%t3A7T)-*S%XdbPx(0zu_~o|Icq(^GlaZav79w3n{`dmwrbdgW;WtwbfF zzQYvQ@yNSJ?m=_2a`;Kpbb=Vr-IS>Uw6y|z1NU^@VHzW5Dq>;Jlc8&HTx0eOp-Om$5; z?AbOgRjdQ_VSEI?#op;{rx*E8eJJDYsB7AGLvYjr``YL zktq_tqh}%@Xrs;FUM?l0$9cI?_3A{3*$iQ;`dY}W`iXONkIHYyHx?m_gW+&pvo31k`fUJ-l#L*i;np>h;=M(^pRq}vQv7p_GF4V(H~y+!q)z<lO9@t-sl)DN8}sB&8EwS*4{x3lg~p zxs#zWT#nfU)Pm`U%nMF%BN(6S!p=o`^!hO(q+%5pB$3ShVv!+TWp zHkbCnyZ$X>9r?{uI~@k7TcOPFp%)9`TQ>hL5jjmxexn2=Q88%U7uJSALL_i8GZ`qrs6XaD~Q_nj?-+7qm+^u5Gmu`Ii(vlEgWeyNYC*+rs@ST4~0W#;BAUAQaUW+ROUTXb3M zKud$mcImPKF>rOa@%7izQ&Ve~=`2`%H4Btm%i;cFa}KTOt5N(>Zx+Uva*LLAah7G& zDgXZ0U!3cf@8ZU1mtSXZr7f3iVs+l4Fh(%AtTfaT*))NrwJPzxv{tRw+$!~2o|0C` z^0s06N5(VO;aq~~=(MeSbB6!M$lP=O(#WpdQX?jRHMeq`l|u4D`-d;(lKg-f1nypE zBpv_%#N89_AW%PX3J^%N1ojo{2^2si{=Usggf3^wsn_$`7aU4FcZ*&nU_|tetFnN( zygT!4)%rEY^0K>rR6lcnKW0M)c7(H+{^uZ&FFFY{C;l6N{{ecRj|%+T;DSirsb}vl z_<8g)qH7Fy9-Oh$Q8b6anSgCDz{_AI>042@A1DBhav5PsJB`JXl1Zhu{6Zg~c8?9> z2-^Xfur{q%^6AjJhzD_wOb`4|JIA;MhtvJZK^l4Lo+7RaEQ^rqTi4L09ewDlGsLZ= zMxKvObIG9&Q{#|$Ue|Kki(9I-CqELEI zdT<}MY+TRGo`|=zuPe2?so@`%(x3}l=oH&pWg#lwzwea3ALST-E&g)6)upn4uy#Wy z10WkSf5s;u7;8(oO8}DdEZVx<|tvdH?n~4XVSP$mL2ZIkB`uCj`8dg&K*W>0OYxCXkgEW9tTXA zi;ltK>AHpP`?=q^Yuc7QnyjRZpP<}n*6o>k1G8RS>D_T2iahzl?ZrTM#Az6d(NIs4`CcsSgFYn z%a9r0@OtXUr`m9H@vpOgSS}qm>Phv58HVS3g@&Q^S>@fiUcCO+@P@EPxk8wpH9unG zXTak%a%kj-E~KQ$>IK$Dj3>#RI@6PMs3I5>7;-bmH$Gge{F6Fz{&e`nW_HPTNx++m zi!$3~oqqcC@+*8^&Mh*4im5fYZkI;P0I52nb7xoFlI*WYUwVBwJWrgeo7Fzx=M zbpW(GvpVW?yMTjOrhMMH-}2<`57xOC_!uG#tSgeGgfVbI2kD@YlUA1B@|Y_Z*f9;u z)_rEmP(9;8qYq`=jrx=T>Ti2Ylw*_{b6EcHIP}Y-aXDSIG%L1pAp*0uak*~#X))vN z+Wzk5r3w0a?)1o=cgpWp$^F?dT_g6Dx@Pu1g`*0Y1Eutat?YU3_3Y0K=IW|2caG|t zM<(L8(vOxe5#Z2zjC3$@ttK%wCx{;cfQkh0FOERK{*a)kpkZ?XmzWp!7(e*4hxcu!iPGcd?UOS#Q@8x+44gu=D%-l9%)J&l3V?&g-|cS55{m=9Ptwq&8H_gGigz z)(XgsT%*CmGbHyWAt705>eH@d|i=9>U?8vc>ws9=%+4&wIqf9*>CNM$q$~;(2i~G&9kj zCPn(z@CTxGHGZr1N3}qGre04KWlm$}xbT+#^F#A(y^FZs6jsuP>iFno>I41t>jq$(Uw|^=2$j7+DTB`cy~oN%l^QKkS`0?s&4IftJhMpKI1E zU4RXaTEMLeHIKE<(kkAK9<6v!d#1m%T$g(uD2jgXp?9CFfdJKu-8aa-X#W=m34B+o9M+RqT8}V%rs{ ze1XNsn8E2PI9LYj9KA`X*o9qSbeX0APzI5Mm)Z3*0xxYZIXw+)qvoEEKXZq6rX)

              uF-NqYY0L8tQ$Q2r0E{M18x)b_Ae^_9dBC&z>R7oT78y1l&hT=jtE= zPQFF1k<{vTBd?*@b1+WV3Cy)LqKod0o5;F;iR4lX!sgTax%W6UB~x08=GrvcQGM3W zKkwoG-lEdSK|?-|rc!eSr%~z+IZsTgw>_x(~P{Gw0$GGQMsMRyVW$@_t;x~7=PRD@>RO7{Q~}t2MG%al*c_dD~$@|346 zBkx6LvxZO3b}$9UQjtLIlm*l69}+$+YO*vVf3^ujm^+g*<>j*a>yf4Ooz#JRbu^)q za|~`=iT||Pc~~y#!|*qbfzXV{2_F6PdDy10NVx&XyzZ@}cQ3Xd)xet~T7RF& zm2(B$V?;t?e3!`5L_-6SMVQsMyonReI;h`eZr|PnWFNLPBO`J)4^6sr3{^VUBbv*G z`9xVou7IFa?)p2HHX*95&~@~d-USVR&6=Ou8pn`9DE$>T%V&UcJjw1tiFLW*xc<0L zUzY8b>2qxf`wr1j?dwUb%}?gT$mp>05so=sG2#le8j5~0b}k}a*}HjfGtb(St}80# zeD?F-+%KaYwaiSl*Ex(dUuEVY=IZ2~gS`=7{BugSL1ohN5A}#V5<5>!0qM6~voMF- zHI$3}1eW`}9q~zZc?xUSK{sgdGM=1YUXVczt>va|Xnu-(l#z>H{`&TPLTgipwFYy% z%8YWhFSS`pcKcna|1ecn62(bX&QxX(^p^fPdBD6pnXHNNHuI6RVIpAuz zvl`2VYuOZD!hy<^^uUeXqjee`62;knb-C*t@}rS2ZEDG65Bu|nFF}T6-1Kqxlb=i>dJNQLB5D_zDdoOdz{zU zo>E(6nLM^oy&z8`MOhCNRh9;d#spGB7cy!tVWT>9L8dudnkPQgBJv9kWA z6M&86C_kiBpWol_77=Ng8)FN=l0)|0(+A75l`^1F5pToG>dotDm&P6H@FJIn9qPE$7}*JZMP|eKTe$0Vk&V*jwKt4NnM1wYz@O9yO?) z*9oTMK>wIl>xbua8ZywBMcvw=C0!$BV(q=6v2&FJseudfz2?{L6T(^^=msxNV%T=? zM_u)Pl@)myJU3nbTbVPqp6&9(^O^Ew2#E0-n>D=sjW5jw%GRa#5;c_EC5(EH+E`;C<}dr4z~^^0Ki$W2qcfrGpsadV=&fCZFb> zAM14U40_b#Dyn>POM}%7lra=Mjm~}FuBBvQuDy)Ofp(d8*>q77b2Al6{-ldez@Uhl z`MeE|Q(1j~3@YyIyZK1m_2C&em_6m3fx!4`<3f1Py}CxqBTG~`Wg#q&OXw6NzTv=f zFcxT!H_9!=FeIz)ewquwC85b=7%!z8zZTSQ-jfvEQ>Gzxid7$8&g*uqdH%9>`GhLn z(5PLa@Ym72&n8HS=R8cV|LnATFzc1N#_+K_C1(Xl-F@56xkl%i!ARU3Y+QoH4@(H- zB*wFm(T`yC^3#mYl04=z`j?vlt>9^2Ve0f-4on3d7&Mk)*S_T9e9+jjK69!yN!TSk z9RFh=W!R8G@W&^X^kDj>rrmpoViqqig-x)-K60m~+!(Ea0^uNrdt%#YE>2_E(>bXk z8zT2WK8K8K>5Rlyj{h83i~|-f%%H<`j?~u5;F2X=@$Ww*mc{?B&2wIq*xq>KMD1JV1(+ns%%$ox_ zxaCKrW5>B)NgkGGAO}vK1qgg|KzXXH)x0E`s{~#MJb?HIphoI;7hh{^Voe0V=#|y> zmo1L8*l2TV2&a6Dl(F(*^2xf7Z6{bQeLHZspszLbZnqn>tZcLo0dH{k$(j?}@FsAc z0toVmGM2+yrd$FKJ#0d6Xvb=m!IIx;c?{*UdMx{;)PQJU;YwwHc@2X{g{Bm#K9lcF zn%{_~*zaP99?pW^b6VUSl~pvHWmdiAYV#JY_5ex#V}y7A1e z+Uvca8|5_Pr*J~ZOQ8ntU$SjlqX%7nb-oBserqtUD3!b7K^p;l`hJM?oPz^eHlU9j z|JacAy&F~LDhTURo7n!`8uI6sJ8g;(WgGuE=J*7FBgoG0S2mhmqzY80-qzko7@Hpu zix`%8(8-KwmdG({s5f=2z-QRymD=7d8zs7&{ZTd+AF@^g%juV!B{Tn0SYDV&ZA(Qq zFw-n+9}b_33j38xLPO&~*nQ?z;XAf*yYMDFVrw>}uEqUn>hy)x^z~jSt!6v=Df}0N!uXp-Fq%mWq@q~jX%-%_fm(mp84abFd40wL1 zp*q+$=y>{iMs($NCnqh)kKw7eP#DjV=m7xUBm`A*7t^h=;Wh0ae?r4UIT5v!Fu~zf zAE$Bl-j~?OMyIUNx0HX_JeuOPY66R?8ZZ>_jAz+Uf4-N|{8zYjOcwKwukW3_qsxcr z3klbH!|#xDDBr7AU*ICiJ~Y(?>T4s0_Ry)klO0t&fY>@McD)F&)EjZ@h<%lmQ}H2` z4I_}ig4u!tSoOP5@xfg{{AilIw8Wz>f#_6E^%1_x5EBO_L~K&A{JDjQ#Ui7CpzYa- z1g;*%7{?24m^?vA2kO3Q+sRai4ACGoMTzJaIseAU1}G8duBc)$1kc8`TfQJEAm{Ue z2@3oDP^tdA^o^_mmY0M{Br3G~jQ-bw46!?(2kbRcNZu`hmOFhD|2Z!I&4Amq1xmdC zhyIrxMD_or)BGG$Kki_@_kmT)N%R5wnJPcu04kn#(fU_Ud1^O^T(1&%!%<`_2zqLvC8^8YzFzqA_-g$u+jkD zSEHV690=9}sL^E7p}zWkmx9{0=2&)2p{Lp3fzNQ%hDvRHMn&DNY0C@G5P;JH0L4m2 zquD-%$(@ab@3hP+UpTtnR7x!|W8P$*tT^25^fj3TceSwxy7|1&#@mYQyM6aD>%WK_ z+U65h6}y*fClKTMTp#J z_wroi2ec<<>u;d53*-SnrIK2r3bhS3_Mi%)R@?7tx(EXv3EN)n&K>rMn~CiIx&eFC zIYB&>9it3ksAAb}WdKuF8|r2Z2wVF*gGv% z2>Go2724Y+spSK;+DQ>E77_QNm6rz%mJZZ$vh-1K_~ki}{%bFCvn#0-H_p#CMwLww zAZjZo|A50cUbb#;G#Z|Hfb&8Hz{u-qg@(Jjb4l~H0bZy5dLyYG1_=)f0rSs+RX~<9 zWOA?OX3seon97=bHogS^jvfKV)s@&SAJ;T9@|U|1YH3M;>-v4*@)?u-gx%=KSu3Yb zcHY3aSHgK2G?FjJe%s0|OR3-;lN)!*A?t3!E&G{#&NxkxD_cJ#`s#FvJ{%}fG=qO{ z2h{eVBR;}I4@PZa-)?nvi&-SwCgml+ChbkhFH1VZLB!|2T~6GIF04I_N9t)rtgB6&&%wR*z?Rja>G zLqZi^+D)Q~)KL8kPc2>)e9YTSF|2mG-OfPvLE7XO_m=Z7N*Wx>Dr`XVpBmJ(#+gE$ z7P?n&Ev>;`Z7%e_M14>6JpT!c-}?RY~qJaP|xTfJ9&UCSxc-5%mknG zswzzszC8I>MwGZk;eF*n{0PIVBymPe#s01`$ca<%ZBNj4Ye?IGSpUalh9ol!4EGC~ zNdQ9vjo4AG8>Yb!qYF`ACi*tU9}0Y3QJok%S6{|uzw(@JbCuwlhhW_LU2_`=6B|lQ z%#74-g2kcDz9FxY781j

              |_5p>_!VyHjC1qHMXWbYbFm8){(7cC^SGOcl7Zp8C{Q z2Py^@Rh3M;3=9jbQU2c@AUXdx9UyT4RE^!%Z{NNRN3?5s1jO6+DW;$0r~>FV5P5k6 zeQ`GACZK5o91b3ONeX@uex2}WRqek1SFFJ(SwHxdjS|-3WIFE|qA;)413(_r>lhh8 z61+Sny-VM+K_H~CQ`BXeGP*ff$M9!b68t_yEX_FuY<_7ESS`w+{VqJ#?Kw_K{t8gE zcOC52;N8cL1AEns)TkvJX8}z%&Ol=?HmE%SF`o!7cHuP>j&>oEYHHo%ZJB0FN2X9g zqh3V-xhdW%-m&i`Y3pV;VqgJiBDuUXyC==I56Jv)cESj|i+gnrn)`ssPTRSJQ|NAB z*7i7{D>-*rwxX(G1`3HA(19%$eyAALI_{fOHIyzg=nN+Sr4f&{ue!d93Gx{g(|)7n zTlI@B2K0xI62E%%_@WB|t@m$p&z%@s92~$4KeF7A9N{D{bo1(-tKj7zq8D<`2IahO znmH$+;Y^jX}=k&SpysD1=vj|32qIi=_s6GDdF@k^_gT~Rd{ zrmCsKm){E}H}JdvZg~o7j_LAnKG@ado2UP+Y{_HW9!C=t7ub)B$#49H!*db{?e)6KP@*$chqVj%w=hB%J@L4MQ(47^AL6^L(WgUuQGY)|$^UV%9dl zYunF>uB#fc%k@#`eV3gtg@PiMmYaAF`YE@7p>jH6hc-&L76`s&zZDaL!h^RJmre{- zJ8XDv^NT3_ztrgZ@SK&$YXc|x9Qt&fvyHx_KJ$9(|0|N};(V>7v~OY&MI1U)Qov6B zeVpE30eU@M)4y4?wokPYjrwlI&R&xkg@r`_92dUvX#Olfu?={s8;^dbXfE#a@0;j4 zlv%p6!C5s?Ffn{^uzX)@PJd5Re=oMILMv-6e1oAnv6Q28(N zedM{RKtP|rFH}BHhI1?(>X?2;W^D1!J-%pHBW6tkjhGa2O_Ug(jnNl$V;)zYs6m!@ zKe#*h82#k!(K}=0tyQ*ZBSpSmJ{%p<{QDUUy31v?7(%}?_`r#dW_F*lfGvzXIcK_r zA3vyfPq;eT?IQ0KE{{>L*E#GPpI}+fIgBZN_F;SoT3tq=Y#pY9xIIP#Xky@ViVatQ zF3NmoRPqrT4-M}QzU2ZR_IyQ2r_L|feDa>}D}V5s&?gkq<;5K4A3@|mYK+_;gA@rZ zM&HOs`*2>t4!RNNw|SYW&SdANFv2yUsYxD~)CUX|*omY58{{EQg+9H7O6#TjBYp8=R)0v zHaEw@z0jJUfQsQbwd5V6xUa*>&g8_#-U=H_wYP^z7ULY}iE|DXGS!Z`UXizssg0`WY^U$!@~V10VzMV$gd= zAOMU}>PzZx)YX>-@QxjiazqN1_u3yvy~nE-w&9mbN=wps$m4d0>+VWDpQF_8q=;8y zwdPz+&j9UKN@>7m9RDPDNkh9!PX;s%z9a!(lx~ajLKmps)xT>;u`x*-nhxCQGTh{K z)Z?2wURR}%r0_ctCjMpFqIla!nH*1q7M)n%vE7wn#M;MRP&QJ^+ZtB(*sw(1FyeF% z(5~jO8@c@%#3{d0diQN&K%My!&jWWY&pA+h6;sxdENTMEYHr*Jt&u>irIKwzmABu< zlFuP(h+klv;CV||&&bRHvGrWiA0x5N$osHXA-8R+|58(vY_bo>NNzju5y)w~4aLYa zGqjhF|J>jJaS8&s$*=C5u)_~FOl3FTje|MRKMwoRgH7?a4-~)R=SZk7ETVl)Hwpbi zqA+(X5D7y9#8w=7or!4BKj|8derU8 zrxU5q5m&>>gB+wet2wcU+(yKP;X3Q^5L|b; zSpTI1#h!Y?)z$}v&)@4tc68AE#UHF47kQHE{tl|#U9Io4XJkzKB^65WK4&ri2bU8S zcD8plEh3^oU%*8w5EUZov2Y*%m8ZG43u;-W{f*p9{^x7#-QVS_O3y2|J<8Ru3{p4E zW-^1QbyI(5e%m`H+5CB7`5kihu6l^;fiG+Ufh2h^dPLvNwy23qKd(!}`EF7E35h@U z_nCDEweh~8`kbE2+k_B4>EN`>Ah~C8B8!IB%=?BeTDfa0 ztNQN!yG^0qhdxUcbqAj8>|Qy1aQX0tR(fa%)KAnEwD;rsF(mHAwQ>yodIy6`s+$ah zpQN|Oq9(JM+8TkYjqq=Aljg^|B7U5T>;ACyZiw=A`n#uWSJYoER*4J({jR z%^r%h@$9*YhrnX)-uk6+qG#<*o?^?AM-tYE>$RfvG<&GGRTEsENKdDqCF3kBO^UM1 z-pz|o>pyolEm~0O6E{IX{I}(8nO6+!fPW8n##@oEx+EL|hd)Ke0;lq}N!NFdxbCEU zUAvvL12H5^#>L2n(iO>Ng*zs<8x!8C*j5{2sRj7O;?ncvNVmKLQO(DD)@|<^B79VB zQM9*3g^bs8#idrEnda4RCrEhAWVru&S7a?>q|>o>nX*Z9kmdMZg7a3+G9!5s%tXSb z?$AJ;wMSlPIMFPj9e%rq&dueDsKU5n=3v_oHChD>2|QZDfvwnm3xm+*#u17zxuk)J z7P$0&>`}E&V?>9Y&Ll)I^+5WqA}@xDEq`oRw@}(*22=cGrzryFix5E<=GjXgSz-JU?MgB6tD2L3QwW^BLj!{iu58&Z<{?}&&H6{2J3eU@NbG;V9B^CF7(}-ob+pgy z_9ji_Ep@I3wwG5|imm-=O#4+F8P<5$B4zvob=YkF^rEk?P5q}I`k4=9I{l4CjT#{H zpv-5SJf{Rg1to=l!_%vxqew5_J1tjvR3qGib3Bui0}+?Mm!+}xwMWcMJw&ofKt1Zf zivmAe7PUqLDHVwIE@Zxt4BY;Y@+=U3`w)_HT|2nVlD@bWDYss1I~unj6W z1g5LbhV2a%r4H}NWZ;fWj-dsyk%ujP1hGwRNJ2W}h{sbC z3$-qaAtYd-5WY6m-D@k2XexSbfnWVk95r6_^>%exaWnC1g{|?*X{3G zBzq+gpO_%N-a7GFjU)o5&lNAk5@0Nlb(I70jUVG(*^WJ$6cO z@tuv;l@2qinyR6_U$1wATHURr>cYVb4|2AO$eELnnS4f2aF0LsXhT2(N$A<>^g0xB z9GDI$<^7YneZR;h^Mc%fg2-v;+0{RQqMDk6HbT*J?bl{ZerK)z|Z1 z`Q(|4Vb-6QhIGHbT)R*9TV??iY_%?=C7T}*J5=t$Z{VS5OqzEU9 z1jxWDYZCI$2d!3k<7$?~-=?kbS}j-7>TNQl8ZX5+fe%Z*D9%>3O*j18!HHy@e=U;s zOF}`aR_#VnuOWY5q>e|@E|M+E5bIum7daPX;QIVP?-{YWc;XYZb>2Sgby$tp(EZ2= zgPH?r80g323iKSgA-_E*J++O0d_49hUGF}vwbsK9o?SUDe-d&(S|RbG?^u+Ax{bL0 znqIaeH^la%t^WSQQX!=X82NUV`KPE~^&2ilhC@*#+5s%oS(|&&(6)N$rJPfZcTp+r z5LnqU;9$1`;WuXT=)r3rbl<}%+x-EP8bc&9ACeQ^g8pv(>F(q`pEWM`D6YY3+d!xw zfbbG$mP|jBBmz7vJ+qx9%uBE$E3Z!P7#?Y<9djgO0$8Sz9m^DFrLVJd96e2X5AYPPswZI=qh=Zj*H?sW5R!#$>-PctP4!M&P3wsxNPu2?x@$tmR z^kT#F9pYdc)1w+agoLH`ZYp!K`#PMOkSEhmtwEv^ubzs0@?>3GE;Q}!J57%DOuLv> zI3uA*=|RmO;RWuL8TXWK60y!IG|PnMziw;vJC3;iD0X%Io{w@Vk1q@J5mQ4Vl;5gHYtwevzb_%NvigGB2D}Rp&4+VS6EF?PhCd66MdOceg4OsfVk7(!9q3P zn8ftpwkoOp?yW=N{sXW0Dpi}}+4V(A3Tw+|0Z8{F-64Nn`Sjq;pDUejrY}lf+=VAi zB<=Pf?d$!JbLSc@Y~yR<)(uXt{#4?Y;OGG?b;xQ6;_A{54QFO@A$zd;I_r8ON5Qsk z4uaS<>?3HjVS>Nc&T7=(S$s=GD`SMk;UnNcQIlVC0__(?gs}Q%Rt6y{`{GF1ibXQg zuT_eq*JC7(%rG3IN1B5!AF&m^BT&|#55H#^pO5r|Zteq33%_ue*oTc7Zr+e{5n{Bz zQYq?9=#fLJ^orm=Jaxoe04`kKdqJsJM9WN}Ai(W2V6m|+D5BJ3?x{GEF-|kC&UoQ> z*pXvJ5#+XU;Lipe!Xi<|wF|oud$8|IAxjle`1I2+O0Gc=qc&ubNVhL|F9|jH{TBF2 zm>>L?Sj(sj(_%=0;8k5 zPM&UFGL*aL-y62(-Pnz@5eWaZWuc{i2Y2QPVV(O-QtT`I0L)BVCd+L57&Wr155?(k|N_ruJ7>_Affym(r( zpUgeL5QtVOcD?#2W1L%XPk`*0>|P+#Xb}oKl6TPdt|_YRf~g>6fb&M~hnT1(9v<#` zXR2l813n-5N7{Jt_Y`=HIiH&GC<%}^wIRhPGTElk54^2urBkRVm47c~9(EHLYK~t( z@sduSk`0Znf{;>CwXHUBE2;t1zIYsobNw1k70%WZ!cu@0Uany)3#h_| z+gSyWmlt2m08KJbiu*)3Ws;-|dqh?1;VNEuYgiPqp2_=@%-c89$bueQ+Sb)#hQ5N_ z8P9wHr}omt6tpZlYF$bD!Io*~_M~2XUSimM0A1b^0^WZ1;(76or% zYFt++sj;a40J>Rn<3v%m*`_eDs^@wv$;APc!H&eO9hTTW)V?grcir0PzG|^0(o;i( z`xT9;iFiKBOyJ}>V}3;?j!WX$>%xFqENYRH1ou-`a@R!upd=ZDbXK5oE=FG<@7AV4 z&wp|fD7L8bXHD*+!REDYdUPmlu4Tk|AVkb;V8)xomFE`FbtNbVa`y!DAwP<{~+(UDNkerY1N#o4v;ccgD-z&7u~6m-~rMcvq9O-v(@pqG{F+Km6DF1uDTwnyB zTo~f8aPJH%VGp)p;ZlGk;DHOLZCL4?A%8uP_7&-Snl&yd5+x4! za!-pF;)rJ;b5ena#Aj3gab&)iKXZI5dZO!P-kC6vM#S7-Bq+=1873uEFgu~!CBit5 z@Xj}F!SvCf&GOqZVNm{9qJZ__pFL^mi!b}HYS7l+xvU@PutDAq__4X?^2>m>cv6Qu zSp>bhYmqA=HCqfsYwNbBZ0$b-5-z3IpqZ`+sRhys=^|GAz19KP1VQ(#9pnwb91FX`_4~Sx~CY0$QM%Vwc2R(nj(ep=kN?Bt%FE%N}j1+Tgg*l~4{V1~C*FZqquTQ}sG^ z;StfHB{kI2q*-ErPv&3svj;CMy?!Qa(BEm3$ePOa90Ed_JI)f;Hmr+YA1p{)CVDdw zSDXb4Oyh($;CAOMy!B7`BD~vzDSF$&$&|Q843(voH!Bnd?+(9#DqGW6>5?{H$lqLO z^CU%&82gJN+>I9n!_zenn^4m$s}To8ihU$TxlNW zuQGwJ34KGBC$IRUOvA{eD z_c~14iTyE%lEY?Go$H>wM?n$o;K_j-5OB!z)(5=;@1)_EdW zG;gEJDl1QYW~9%MXhnv6z?(Qq$&Pv>$4?Yy$9J)n71&=5#GS~yFWOgrfsW?3)%Pu*Z^-6kq~)pa3;^#c^iJpc%P>K-gd zqw|eAXEknN?d*LU13iai_bYp2zSBWOCin8R~0kg zymFMwJ@(J4aUT2$@V{tZvO3fz8h`4yq2EL`G89mp)~Iw3gk)(@YA~D>{pSNm{>IYP= zRVd`n6j;@2&;=0%2Bt-=LEz9g^fx}u6uV|f-@CUzs)i9m6Pa~Dkc}PV{ z3}L`+7dSN?CxAV{pOTor7zqo5%-MVfQbrq&$O60!KiZFsa?9IAvc@1YA%=U3!)a@0oU^g}g-6u2{7UDY<1WHOlYae>&)@}V98tG z4}V1(VX6SL@V6>Q;U(`c3#T7{XW(Wrha-$BjSc?fAGwZe-wkTrc=t}K-vh==Ub>88 z+&!7+DoxLg6uogv%pQIHh96DOQWqMb!1Yty6~DPng7FiJ4wiUpxvYWYGd zd^+NH(~#++AcNal?s3MLYzCMHS>Z)N{D%jCWNpYv3FALh#taq1UuthfT4lwrK;-_` z{UG-=(9bQ}b$$Jd&>cYG0}?wG0R6}3n(<3l72t&<&g>ANn7={nQ3V0e=!jDPh=(fn0K@%iS2@|~b}A+u=Tm54Lbk`X|l@nUtC_7j;{4`biI z?wNhtxEw3f*b$8rz$mILD7Udy$;QKZ!0lrfRsuom7}5Vk-*|Z2a}@Aj^{uir0g;O? zPh-ik{ps%`0k_01_F0D=O6*FnhzHUbAOGcZ0iN&~W95|QHFbK~^j(b%U*Q;7S>z?p z2?$7=!>#WupnAvFnnGKd5F+nc9*TXG_)5xspe(a?^d?l`Riz~53px`dSx22*QY=XV5axKI%Jy8L<77N>_)8|qck?`AA1U-Pke9(9 zh;o|(_e4OhI$bD|);v$fiePUkk*)OS%7Mh?U%-vG8^Y8cmLgiHMWXE{hz`fx$@8># z%J$Tvvwg7LwniRbP62sLOo=Yc}f34Tiyi7!Xi;26`+T0&(~Dli#U zd}W1G+>2*j>iy3QMxg#u*S&6XvO!!Samm!9dHhK)QTWOUk?&x-b}8RO7Ytc^&;tKo zti5Ga)NT9juc9DQBFG@Apa?^Qbc2M7FbEP-5(7wwbcvKm#}LvWB_)H>4Kgs4gw%j^ zcgGO_Yy9p1Ui-yhNPfC~Uu=%eh_A~B~W7&ne z*AxW@tI6Ath`e11P$QGFk8{%soN_BnHoxFuG7-Y>_8~~< zOia+Cv|Bq859*@($$=Aqb z7e*<;mqy}SoNI!6NlAwLMPKcrf`ND2GYpi?YjT-L53bt#V>nUknCM0~cpJY@V1QKy z+^`vLJyoD%bVCk#yMJXI+3zNvCt?}4qTTi$pKfS*T@G>!@6T}`UzkVFn+!9w5aL6- z8Yn>n;y&+_g6+m8RtKjsH_rSflbVazS5*t(UQt(tYenx|@9HHwO*xYTiszY+vjpNU zDC;bGpy5tjU%cMw?gwWEqRNPq$ZC#q#`@ zc7}cL*s<;=V$5eV$((s5z*uS3v0yK&;qFTZ^k)}0v#DD}Cl-*BDIQ9csep`WbG@)& zIom~p4@bQBp(M*@=hKiIJyAcFuTmymUST5BM5+CXRH){IpG!oaqh0jBQK*j*;@p@( zbXp!#cA>kwn^_hvMZS31C$q5lPB^#6`bpXk^2xj{>8~^IpKhjpBoggI1r#0GW7Msb zITi*Yx!cbBN)!tdgl0~1usZ{v@q`-(z2=h6rrDG2_150M_wi(}c{vp^PZd_aUS0}L zR^TZ!cyqlTfhM@m=zrAo2%H{^CBxYyo&Q94L1326isFp4AHXFs0O!RT_XSmUxn5s@ zd-a@J!^c<%NbIt>mJmkeT=4OIH>QeXuulrLbhDrDu0GAl?zZV}{c;l~S_2 z?aB-fu#fc2Si@$p_Ok(a%N6S{yiV{&R)o62);=z;%?t`Hkz0t=DxgtBx{Al$g(i3} zsI&jmYTK8}($G*6|Cyy64r9HABso(S=Nf7tc zlVC|O#O*|w2q-^zpmS{*VQx0nz223>#Svm`Y&Foc5LH(s5~Er9)KrIm2qR3rCpGo4 zD6%r^a`VZPv0Xm=%`f3O>02!meS(>b=)a&;k;zjDDMafW-CtRa5iW6a(DT~)g-=sR z$&`#_pR#GlSB?0yqv4Y2$OT4C#65J2f!N~CT7h%TdE-rls;v;j#sKp%zSLUw>(2Y^ z&>D`WPbZ$+WYvpk7u`=Y_iFn+7gZ*X);+@XkGXP-F0VWq?`>XajnCXFa)r76zC)Z` ziD}a#l`{;ub$7K9DDnTPz1ot2Tq{t{Pf^ado)2gSmy)a*9^#}$5 zwL2Cjg`!ZeDb%eIi$L2I9zJ4WbuDNGf166h~{xpL&tJV@Zs8A{;b zIsQ2Dp-uWT#>4Ydsm8a<PSWpJ_?pXN>C*-kwkIKbH`Z?s@brU@7s_#`de}m zh}V5$$Yx|iQRL?qQ;KVIPI>Fs7CtS~Tx*RdK?t-1X`W{%PA9@2-F=sp5g$SJjO)va z^g;)lxnkySzanFJZ>m`G6b*|Hs$EXyAnRw&!G7DHZAdUmLsNC(9m`o@K`4=L^8|jU z4@RZ>&T|8eJHI~D`zvkiMeQ%9DjAI2ibnL1ciMh3e(@&j49SrHvj_s^Sp8s3>>TY- z=`Laz{pe-Xe%s4W8e&8!MqhF0>l)!z@1kvCXst?@rvAndjZ(2XnEsSTAhaH1 zqjMNIHvW!=kr0s1M%T_2Z~( z`=sF>tXn6migiCWXzSRkV|`i)rY^#|y)WCXFpa;~#2WY){HH{n_`T20RjF$Zqe6?gX;k3s8Xo(TsO+REVc5x#Q^pK8UH-%`Jv+yA z`niIlza0~rS1dip9g}~@Z4X5hSWDYKKLOkTf_CEVw3WP#6fuqGu9Z+3LLE9?G}!mF z-y}kIK4`#^>mp+QE@xCXbyrt1Q;ah=6VaCJ!#&%lR02<<;V;!pjhHF#x#KYj^tJaZ z(ucpwd7i1sNydsvL#x@R5NQh@6bOXnIrg+`D#Ix*TFPR9`LA7NpLw-Skf&lqeQmb# zp60wSDYR0lRgJ8tUfAdCWMu+(-cHU3yb&GamP6>NAo-jt6J%Ewkg%0`Z{O4sMKn4y*Xf>Q)fR`|r zfxL=lTFk8zqJm<$H?xnkByV(GN56rPAzmJb`nQLUxdHbhH*dGe)nPZ$8=ta#D@fHx zx+g(OI#wjzcn7^E<@LZ|ds9@K|x0i(05@Wk3UsgtG?2MQK%F2=Sjp)|u9c;9PXu;@$9PBcf=Ls!lich4 zX=tYKf+D!A>0(8mqt{L18vtobTaZ~81q?~gL3^^D59*F>1CYt_?Y~jFjl&oJx%9k< z;%&&Hymy%q)2%GZF_cbTy3t#=ud6zr#NUuTi?vhS{ivX1Fizb0;>+{u2cN%A1Nz@<|{d z9NKR)kR{2SjR#+=HZNm=8aw*g>>cZXBUQw#%ia@3nqJxQh-JAW5!AY1tkw_)>@Afb)S0$e+jF9~7y4BFvo{ zc)6!_J+`N`PcM!VkNx$KQtq#xX{RJphcUj!doYjP7|^`~G7u#CKjt@t@8yP!J?SC9}+ zx^jyyNg^ZXzIOITW+f**%Hy;v^gTfDJqvi|2g3q5`>#q zh!A31GOs8(20h0PG+iX(@7-zz11ynWbBeT%M7+-C1`xS$9L%Fq0uo<`rjP>hrW@!I zrYt78qpbBo0+`c)jE38VHzh6G9tn9h_q>?%#MLF#jB|Y0!+%n-)SLgjyyChp zUIdAT&&btoeYO@;0L{?oj)j-5gHM-un{*%G2Ob>BUg>Ox7Xyl;**FkQfu6^RHwM39 z$&H=t^Np_Pt63LJ1&@_fXjsl~h6SU2?(&d1!rzv!n}6*#|A3s|R~7`n&aTy;;QEdz zpd&*_O&=8kawrHL&gW}~bTIZDQJMc-n9=CjM90U*jbg1)sx{WysfXNlbE2C6mblG! zC-O7qdIs^{Z4zI#=D^0VbiEwWZxYMWK%EV2(bDx{=&TrJmwdBUoWd;)!46!1mBlIFHvt?i_CsR=D*XqL@5gH{E`YUDj|2gcjn)eON1>qO?; zd=O&D-?M?NaGJd5dcsYHc->=mf53u<>E%Q7MB+wCFkjy~P-G84pFFQ&z#$L+M(Ka> z;Sr-OJiRUUAHVjGqjAR3h!!}&?VsB6PkdRw>7jlXyo$2`!$aeJ4VPwQJZBUgNnmCf zIQTl~)#9SJ;5TS^n-#};zB0oixPJvUPKTbJuFLISfp7pgB&sBUFW_XDjHd;AK936<}O+zC$fZP7-Q&{;2-a7y-2__?rMLQA-Cs~!2m$WY5){K(ekD&=G`@;q}I^yWotQ z0_QdPRzr=3%{0AMLks1Fc3vLLc2|GKiq8Uf&al>U7ysI1sg8R22cGl;ldEuknHhhXx=Sr*GH22R5 z>H$j%es>nE^7(*FYFU`!Qet=jcnJAUaQrpFBSQdvVf$fs^oZO@*<31LyfdQUjN)5^ zLOzF$poS(l93cyba6FdSy0%aSRE{SU9JM?mod9h#hBgA=;v>93-42e}dF3J>1)9`D z?c67HK^{;H479Y1U8hgZZUAKmXtx*31!o5%!NjBDcQl4QK+D1hw2$Li zue#Tu0eU@wN3E|ojKX1aiPc^wX*a{t;#*I zG_>6m^8vOVD;{IYpcDI$P0X?4@=S{6;V!k@`NDsp-FSkVxALntKAI_(1OwDc9pHHL zlPfvORdpl&XhA)IaVubzCl_KR!-5(UE9S)F=#Cl)eT~Lfdb;bIl3Pd+I12>GK6siMVRmq-s_rPr zEktn@8qhB%Sq%`$aM^`?S0pI-b#dVa4nWL~zspMTu<&NWA9bBfz<T3g{ri{%L3}1NWSr zX*1SP=3*l+`q%jYkhRa?o5|q*6!KB@ML@9Ej6v**iZ;^ zS@KZH6A^{V^a7_=heVqV#=?iP3vSaT->U;R2ghCC`^FDRZerG_V#+$dV1|vH+W#nG zM97@(Vn@#@Pgf-;-HqE}k_Y|XRW@b@u4#+>rrvEn@60!c${R7pH3!fD?lw!A3J~Bb>H_#K;*_G7NjcABbN6>5sZIL}~yD`A{vBnF*{U03-U3%QXFB z{CnT!p|Qkq1|wzGE)CJGyqlH4*6;ISTA!A4gndF=aR9neRqSJm?uFov+sAS8eHJEi z9<5AAruFUGs~vW)5^3kPEeQI$(rtoe7w)@woh)coc^PxTlK!H>iTaCv72&~(@&g3^ z3){MQ{Y2|lxL5;n-sLznHT|3*Ta&(pd9R@jZ&2!2v7J{KKDSo@l444cuputeA%-v! z%Lh4tklZGTsc2?u*I=mV+W|3v$Wg`v13^%yA4fX08ij%80+b~{Z9Ov~11&Fpmx<)} z3^1!64_yTp?kxnkRB=fhUW9%XT_76BFAd-On&2p15gHSaIADE)Q`f;Q{E)X|cMbXS zgYtJAn6iERvQvizRxyLSFwDICJM!;-iW3&Yhg#vVw3B4kiTzj-DV>T|!((u!H5&Fk z9`_=Du-%lrqhY4&Rcq*5%Y_fcNGDbgkA2X_%&k2Vg1teFp6lhOj8_T0!sdd?P%RB_ zIdsdXYYeI>b{2D4=P@~^fAxDl1yvgU@hidsCbH5zCdtD>+Cn}o@S?SIV`&ym-sP}& z{3l<`jqP*gGhje^trx;HySg_dPY^9nO@c|FgtzlT^^~kn%k`VHo>vgI(7vcXdH*np z*EYFZetWe^Ycioop1(7>X76?iR6IOh|HHfWY4JCYEoTv z*PTt{FC`Je-S9fUB7=AU>!Wc1kycaCEi4{_wA zpl|C(G(oCV3;+M}fgXPJz8+Zp!(SQN@nwJ%Q1#}J|Dnn17(c7xL)TuuGMMe*wd-&* zX}|Fglq9`o&v4&sHkp=Ff{ESCO~L|D&P#jg z!XLPnkD^`dRRHw(DhrsOoqH|Sz_!QXW7nO5t#7DMrvfnF%L1%ue8r^bwys6?j)u><`s1@3&AV-p=Z2$s za9KdJL!cB7f%-&o%VZ!=tBw}asXMp4uCKR&y{cdDz0l;>sHVw_+T`&lkN|y`PTSna8u4@fT z?%4QXTvEY&8q`sJ4SoYvl65=jz~Nk3zlSFObsmFd66Am!>Ioz&+PIPtt1V2SyW%^v5bky6SA7W1T zw4VzkhXn(qQjSeK)n_YZT6)YM%!ml7 zVmnp~TZ>ZRwwilqbIA5N!lBEf4&TfvWfQd_=Q-(Z>1$U%>dF#Bk_h*WNN6x4UEI`u z$DEn_n%jy4_G zDp*L|jcy-w_`Lo&2X!sZVkyXyca6jH(H!fza?%0SP9y=D<0Y_#k7TO7jlbGtUhKxK z?foDyR2=_obG$-;TJZ;HT&aZp^auCcxh>PPBe=mVT^(e;oM_95$WbcKDWCpElK*Vk zZ&DmC`OlOHansFh_-@fm!fK>n5;V@g+Bysnr>M#j-(}65I|V+={+(*5qkW|&;s|JpZ?VV!_J}?$H(yz`?7?_1dZSx?#A(S zz>nT*alUCBTvBk+-(0F{@VU|-gF~oT35YT){fRR0mt z$j6`P#YtN>o{r6oJm!AXLi#zqI%9;OFSO<2zRPu;NV^8f06b$<&YUYv{(60WAAVN^ z3K<_;Tg3ycM8Y^g(8b|}o5&imYPcAVD&~kg+*Y+arYe*?Cg1WtplHC7)juXZqPAc4 zX;qcF{21AILYORdLY{=Z2rm$8Y$Zx=X#a!={{0C1;z!C6+h*DYVTsR%iQev+qOfO+ z44ptql)DrY9$_LGbqC!&mXqxx@_THvU02zz0r{E#IzG^JfG)-kn4WD2#mzXvc&Wn- zM{yW<^!6D@CnusozisvHsjDDP&}oF6izaJ?bl zE&vZP2d1&yeU3GeS@3+qcLX z59`{tihO-NZzip|%4hP;=%&Gv?w7UdO&m>lOh`I#_HKzYF1etk$2OBJ_}<}ddiqF2 zFip&RaSp)B%vo$1YH!J#*0z86Rb{mQ{3%TzPsVSz>O0T@ip2X-7)lIlg~O$_iCehB z;8&k-gLw~(vN7olMI`d!!jb!S9G0wbk9$rLLFy?NWXiwTHWp_F9*hAq{MuMNFPV}q zMN*}F4Zp!Dm6ZSmyoR%7Wn;jh*~AG}za=|HwiNBNE=N5XC-_{YbcsON;4r5`&`fH) z&4t{CdH&&bn}?Vbf5Gx_jJPJA+E}lHxI&UYcA8hcU14RgZKIVp#UGoikN+Lbo9GU& ztsZT0&M9tZAg^RA$xKlkG#ge~r9n>^XZxY`toVcH&BErxO;atnkL*_A5w&?4W|tgK zyd6kXtU0l@hV4(H^-fc;%hqx0F%RHLBPrYwcl%YYnU0(HhFG!py*7CldwvIIxUG$^ z;_XJ&Ybiww5f>%P`>Co}e3j@?Ix}|0>qqePn~|4`v!b+^N9K&132$}4%#mjD5LA}* zPp}h#ZtaS@QWuz$bSKKK$DNY5PQ{fRNF{5x8>BkuLXiG_CNhiD=Qc9wzO22?<`{6} zUdn78{fS^MX4}e?emYQkdQ4P8 zaQO-{-#j)&RFK!p~5tNIKX%8wYv17b6 zz*YsNX3)z-1g5cq7DY(Yw}O5LkaQW{dcQUvf)7f*cZ-?kVzyp5pF>0j2^IRzA^NRP zGDYYVZ^(Owd4fTb5OL+o<^Hp$G8z}dc^1hRBKRB^w|KW_PE36+zi(vK?hrcJs^U4((6K`sJfXVsn;;Sk4$<_~ubGh07$|F$1qs&YW* zDS4lm#CdMYrC^5$gik{Jg}*qYD26E9eiC}~iz5Bgr|W$7?)x%v-u-~(4T>a0NXeVF z1gji}K7QnjCh;dHL)>LmC-$D9y=Xbm5G+H~Z$oIbk{se~@~xWywZOJF(7>HK@c|68 z>NsVYNqIO5SLh=XQ?`PJ}Bt&55LC}7B<@j2X#AZ5kSQl3U}_eU$gHq&sh9mEiUOS7U69nsN(UE zK7mx%?5z}U0Ydd>OgxVf5X8%FJUb5rTz!`rI)e5D=c?=j$Hhg3xG7p z6rdopRf6Se-`2d?xTQDzLe=bk-@z*-B)+GaZ8>GFC-VN@w|)Hpbxcq6;jeuDw-2~h z#R*>U~Tw4O@yy7eZj!exLOy?^{t@gz7DGi)m-IAh#BK+ z56+e`W5pZ;B8SOk!~hr8mxDg9YiGCW+o5j2oeg*`^VMTMJs}R-*PeX|0$+lWNKI#a z4%x9yA_p1scZ@0Uah0fZmQWIibG%8MfbdFmH7myE>T}m#9v4Gi(-6NpbC-@Ld1K!Y z#l_4Y^EqGZ(?;FLGB{FBZ$=v7_in{KSbBi>xQjP_<;w$XO5}^2^YQ2|nECXb6b`5K zF(1;^{hl`F(uIt*unot}#hKYOB6v8z!-dH`i~aRC?|nU)d#$7>AmU#l@Qs~L7>LvY zMquUlgiD-7xuWNm8v1;m;F&vj^Q^tj)S~)!q#M?2XWQnjS}HdP5zIvG+vHD5sh^tP zmybx!)GVQ`zn;)>BDR^S<4AX}%KG?~p5S{nw5#ELt0+Hq{4V#6dhqdDOJ7Jb9a$BL zeRsxH=D5=Wn}90jy=6>4INTXORG!1TTiRp;0`_~2Ma{Pu5f$K0@>kyE-itE8J0 z7xmHAZxVYCN_Pjx0$TSBE{D+Ow;xIG_zPyc9U)xV*K&*C^Y%-{-Iwry6y-`dE0YI?}%A zDmqJzz#-F`+cUkLzwg zgC)u;I;bm{Q*PuPCQNJjMrsNVHR?xN_~3Y-d@DpK!}8La02&(MZb4=1ZA_A8P(w!6 zP(wHpZs3>8ZQBMm*ZlG??Kn)l+g^L}kt@Z#{)bId#=h%s7&^~2F*u9UEUWo9+-<$M z_;@7XkHvlq{uA$a6bju_;q84T%~I{9(xF;{89RH0{X#ZGtNUH;aJd8}Ea`hU6QYuP zKk3c~T<89p4`&^)Tfr}!E%sIw;)Zq-qj8GrI(DyQV0S zt&E=e@MCNh!s2q=?95~W`o!Cac{8Qz){#UdsjK8q{PO|9?EZ50-#f)Ntdlkmn2zd0 zkTFNfm>^W%e1_||=6iQ`#r4s!+O#*pAPJ-xTq$TWdZy2J#PY*e{j__+Pm#q=I(tbg zv#6*!yVR~->D?0VB#TKEX{v!?aN3~ITzgqz&v;nhM0m54%WS`ppz&EtYL)S_FmFS`S#O#pwh!aIDgM2uopL${cS>S=i$*zKkDyDzufW+eQ zn#m$fwy^DiSU%Y6T zYJnUqr2bD9njU?*kF;1<1z1v=(fAolV9PqZ^mkp4fzzVx4pxR=%6 z9fwMAX}ioz!zXir#Ty@934C5a716RDjfZ|Uz(zd;7(-`tLy3nvR(>GT5fgK|fl~87 znyZ?@I`jtMos<3p*& z4iY9i8k4nZIgAq2(S!d#e?MkUk*UW#>UU z_LGR;?wX;9hzaOI%zCTPKF{C;EIn zN!R>t;1bF;I>U7;iHI}|%Fex01|=s6i>C>U!t{<6@+Z84{Mu9VZ21k)c|VgwahQ#~ zZqL&kgV5hIJ;lO#PC-J3u`Bs3=jr-2WJlt)3_XT_E$X8B)_EYQxz??%rFOjbCtmjk zPyf)pck|{4k5$NLK8TzgrLP+)O=A^#@mI2?ns@WJl=YB|^=2Eg=T~*yrpJC(Ik((O z855+ZpBjzujW7(?P1E)xwX^#bwVzsbdE&f$yhueMIdiczJX?^1?ROrhO1ZQUEn%!D z?lD9+2O_tug5WcmTEiyO>zr;+tu4=tNlU0>!mWZio6E;Mw?~tcVP%Sfy_>>}8!UFR zM+KPvQ$#ozz{JP4s3yc+9x)xgl+Q^^THbG0(39{YWQa4d5qZZ9=y&{VK9}iL@-d6u z0a4<<(U3f<#^4A$n|4l+JQ{Ug1o>2Xfel+}m9&wn zlOLaT9o}QToc>Bu<#Yyp?`_3?!E5_SWrNk~uiKZM!;Oc|u2R+4Y#x`&v6uaPUK-e* zeAHhlG{;+pP0Q1w`E&umrv*A|p(}Nck%7pD!EQzp1~*%OI*jPhdhJbmLkx7SlDyu0 zqiJP>ALiO|r|ew+y@wO+bC=$y8#1B&@NpMC2@jD?Z;!hQ-DBaTr8ceMCL^<3CYsaV zjJkN$hU-pVB>&!B=*btcFCbJ`t5{Ce!PZ%!tx09){fw155yoH{Z^7*V@i5vL4yK<{(>m&rz@Nw^NWF z9-nz$rQl3ZG`j=XH{T;b8@)EzHX2c#yRiYgTXYB+$$13Kt*!qY*AhoHBE0!dRg3c>!{;oU(suKqYt0e z^ZS?z>3hljR&KY;we+3VNMt(@Y{LW4v3GI91q*RIis7jy8OYxPCxVuvkQnAN!*>>mvol_>9>y;Z z9h6b?(&9^WbhP<#XejLjHK;d-I~2{uesj!r%)?$ zF}J8%HT9cW&ld(g7HJT^0bKY+mgeNC68tz+lK7ul8VTCLkwAyM4T18J-qN%+m952= zYluDpSW=m-dCTP^4=#<|uTvp5ONl&GUNVLU7i0J=BlLCGaapP1kV3UKww38;kAp1-AKD_~N!IO*6Br?X^ zK*I6{$N_v7V=0j>ToTHdTubivUUbnLaJpK;SVp|@*iJfhX~cMWUEktj){IzrDn#<# z*4ybK`l_w5pB8(&9x1;)a(8%q%yt;w`&cpCCRC^CoH2~oeeqvYD3#?-@@<>2p%yhK zppj@~2v5I@HJJP)miETKfxlv|;jz|SbHebe%WLI+QcB=}QI9 zU!h%pY$<+Wz@!5;x0!h9~hR^=9*qPpGS| z%bD4smfdS#vXZyIlvMA9Z>{L^cx|d^ti%TTcDP#}AdC8l*4i#esx~@*F7IoSiq;}t^G&&h zMRt!qSn?DTeL40yVqmEz`h{99R<=ByV4mg#GkTZLh4YK*8>%`l*a z${JDwsLF0ZfPemL*@Hyq_nKoUeyyteM6Yq%GJ?c|6>oatm z`@M9_51+UfP2715dmozwH$<8!GPJEwkY>&9G0u()Nj2k@ODdwexq0pXJP?oF<22j2 z5YnVSBdhQ|WIkj(9Sit#d;$sVji~TBrTA8VnzVOE%7c}Hm0t+#UWvGYt^gW?LD#cB z-#Z5ynz)#!@9Gt^7E^SSDTJd@R>z2k5?Y8tk|c!RjA|66gQ^Q^M6|!|o8pxb2kg+UQ6~RW!M84s3%uapiP-XXq5q;XZqWqq(h{0sq!^j55?uMz@HWztmm<$O zF}N$3JC=9P-VrNObzbnZO10f!K&WfKF^Hjt+peWCP0yr-=?QhsP)MFK&!jlXqw${R zmvfpKokVN)2it#GC*9M+bOI{2bXg!cEkaww-n6n&TtK&E2 zTqDtmAgbY#mLC(E6VO^uV{<8%O_h1^TQ6c}GjDiiyuT1=G<Nb z)v>c|BT8@Xtb~$kV+hK`MO7zw9c~yH>~Phnj0LPIaG{ z6g|V=^l?P!k*&e9eOY=pcxW%<)-roDto0-<$iFoHAWa}O{5Wf47Ml8wm2J(luMK{T z8vRwZyrZnKSx)`ZV7`Xq*E{;92hP7=l{tw(5A;6Je%&12VTb7s=S6hCE}mkl&gFxZ zU*7q8*wq3@Mw)RiynVlD``*)&f{PYONs?{|P6%gv2w9gv$6EAA#vtr@#62Y(0(tX;h;e>$_FW7VYOaYo@L#9gi#3S9+--b3w}1myEXUYvDDM* zB`MjB&h+V1w)B~jB;d9N8fIb#A?o}bS~~|M-cfMwHQ!Wt>YxdNs$YAZ$(nynWdja&et>cmdrD3Cq-FN0OGM+LFnbMe3KN$ z7pQ$Hx6ox9M(CS)ZrxM}JNYrFBG;cKPx4UZ`SZ_LJKp5o*XbGuLED*%dNNNbpV@{& z&En5r3JR1SNxL8{uQ<^c6xuw^PeDTt1UAD#A4iw3SMq~S_tq<@FqU1vMuQT^P?U^B z5BD3a$x>VxqhwM>-bLWqpWhFQZV`IXGYDJH)X5+6B)23n_>7d`kM3^hv9?(H>?D*t zGvANg&n95=OSk3M8rzQa&hm!Wjy>tuc>1NgO@y9ryU*dp@AVS_mf_u%{hC~q4Uxy> zbH+mfp6ILOp`J0X|aJ%_*Tn<F^S>5i-l+RSS8!9O#kBRqg+`UN2iWl!oUmbeo! zgbq2-9sSWbgb%-7T$n&=K5N$`FC}P~H#01^oe)||eP@v2cCZb%*q?YKesPGeC-4N5 z)E7qXS(Q#DZeSa_z6SM>SaZp5toyH!(JseCx?sNSQX}W0jf4kwZ7H-GKI8?^qrXvL z%XdG%g`g&-)v~^j(g|0_80@AHlak6NH&_?IqO>TO^L8w#>w2dg8FeDvA0ActU|q~B z6&jiP$c|;aPhoK>vlVQ$&e@XE1EXZH_Y=XaJM)UHm$Rt+UG!t&G>5o*7slfCaraJT z+Y-?n>>8SYl9 z@{KZfdsvhMb{31LTPB`&r@D1iaMdhlSty0__lXbAo2NQ!{^*{FpH$$UdBIiP=0;C( zN2}n~uX*UO)lK5!!EK0u<&dJ>v&zmCqP8w#u(S z3_XRQ@%1;^*zQI#pV@?1KMB-Z9O ziWlDkEqqPh)+(73k6nM^rwzO4-wl%tRvSu(+7;!LNgoE=aj5xRav49RmJh6von z`GRf_elS?1V;`snOBdYPO8lO$bqi~WOUAyaXJB9Qjl#|dS4t?XuT_x0r?Gh6)G2tc z6jgwNdPn$J2!1>4X{T2$X-6=}X9N(cwYc0fS)b>vMxoqCS?0QUDLXTMv9?!ti#Ql@ zVV`cmeTS=U)WkUN-DY%m!MDPB(&;z=~(&q5->`eq0h`%}$#$3zF3AbfYdGx*o*iVQ~$9M*Zg3%65XBL{d| z$+X`&z{7UEljed+vV;#8fFa?E!VFrTKe`4ey+K{=oU~sR31#t46ex1y z!PZ2WcB_^}(l_u9LnD3h z5M6m08f*m6zEm-xkwmo5TERlgbwr=1b;;EvHEK8NFtuYd_J%%24!j4GDOjzh4pEQ3 zSK)agQAl_Vrf-w|bJdiYhCi(>mZTqsZ`n0IG2DCo{rH6}!-i~eB4L=(WHR#BV z6iEBLV&1h%!A#$$*L7I&Y3?1xWq!ZKH>Zp2y`9k?rPgZ~&U!yMhc4N{c2&b?Bg`F6 z)cTvln1Vc&wWvZdLfdjjdIrxJ|pbrMn5T`E<#+uUoP7GIrl^ukMf_0QL%R zou6oOd#!sg*VSG1$t9$QJQK<_P5r=PUQ&vH>Ir0uK54r({q@=OHxqAJ+z}|q|y+t5&$Y(m*vOk_;uRVjD3?Ek}_dESi)LF zDUZUqU^`riEBA;HKYeYzbN&XQPonT_*v2zvC&V?E-0G{%#m=)CTCX>4j(?A|Nsv$s z3orR$_g+ke*W1P+g*6jw6<1A;$O|Lj!?@{vJ1(oCU%f2;FWi2C=vokNyWY;ARN;i6 zIBoHK2gKS>4ONl$NwBew15Fksz>h8zSbyNl;a<;1Ir=Js_=kNGVA!Q_9bAhkvj;o> z(T=uYjN|U7BQ?{n3kBlO(I%u!Aw2FJGkkl(`POfD6%CGwKEg@7n^TP4z-HC*BA&5` zLgnhWA|j+fqe=q#gvQ^AXm0PtCY<)Oqunb}vYU{GLT=;$@k(FbaCAv#;VZK=9GA|s z9Yg;56csyw{HXc|1bBH}4e(co3nLvDPLQHOjUC(?l60&TbcSv-fx>fP{Kjp=m{6FL3&6LsOC_^BAAYKWhS2q zv@eMt<>s{ZW^C=<$jX=1FA#?Ov#Y&EMHBguZ|RiivE8*Jg07%wW4W05TPm+}4Nev0 zo>05HSTQQPFiKT_&}fEtYa=jP_4zLiX{~F#!+P91llgBU!b!dz`)p1Cy_$R^a4mc9 zsZBX*JjMla*neRrW*gBuUxC?c>o532`Z?*c`ZLn~;AGa+6w=DaAc4v=~@8?2s|78T$DQNtq2SMF@ zI-;2RL^QO5{GpW|oB+!2+6rUJO+*=S< zA^-i~0}d9rM#7=D5Fk#*8HsIDD|xH)l_zP2=d2F5xj(q+dy}KazDBNIzO^IRJOZG} z`PhVT^7hqXf4BV&T~WrpqgI| zgG@EH*ecTxjgbNn03m{KPH)>K(V8a@_wKDJ@%;V~qMy~8i5w|0=xHQ^*6c0TkY3+a zbMOgD`F-5{%DlZ?GTo{O%a4t#SZ?q>{c>R|ft9y;TaTea=(>)I*KDBik%!cc)nP@a z$JJT0bk)zsO%~@*-;I(Ma*j`-BnP$H#g%^j#9%-7J{Ik62e9yep(+z0Qo*H^)=BJ? z=^R0)y7(}*)`(~QHg!OkrrrWrNJ7M_2-1DmTEQl*8E#^w;Y9RK8d^}B!8inLoCd4L zzd9i1>JS^-5Yo3S8WDJCmdfefr)=trIo^z(+-vIJ0dbo!iQ8}vKIg!+E{+Yt`nVRD z=R6rY^>J)~cuQaZjKOEE{Q#1TbD4ZyEY}t2G&UQ%QR>wjMlkoi#U9@8>Rm4M64tH_ zdl5StCF+$7XbPy-89i7FzJCK;^)dI>k}7ydketPpn9#fIW_1Wc7w(2*V`dM|CB^j@ z`9-`**-Ri>aX}ADLfzgfC|bKm7QMmu%O{W}clXd=xRKegDITAo?&JeCEn0qIWJ@)M zYd>T_T^khJ8-X2JUSR%YBIfMCRE}`$$B&qJTJ)riy-J?X~5w^VEbk~ zVeCtvhjt4_C6&8M5Y|DHB*!@ruoUkNM4ND^!f$l;gRrzf36lPw++GTYa)Fp_v9-bY zQasp&o!EVwI#v(#a!}g(=iXpblzk==x5O4{c$3)UF$Sgswsc)XV1A16fmnTBy-mh$ zL~0_xE5j<~!?Qp#4Ht3m7c&!1eFCCeb$em&lV><*b2cD)_I~#a%guVOt$o)130*xgWWi9@B73`sLJ0Z$mYiiT@DoGhL^KuqdahxiFG-cC5{VrRce8!}0%*wYLn5 zdJXiomkR-v5>aVT5RvXKDM3L(P#T0`Kxt;^6p)Y@B!=!*3F!t!U|@&=>CT};y5W6h zt-a5A&wK6j;l1|$uw0^`T+aNT{Qd5`|Al#bX*vgpp&#jDzEgLn!kmn1EW%5BD(8Jv zC5~h}&)Y3l8OgpweOM=h5af;~RxybIkklr%#JyU05?>(*_91Iee#^qoe>2dp??2Dt z;xgwlFKVzJL6&OunsA`3r|1IoToX|#Dx2HmG?lD_CdU7DTNG5Z#Gd2wDK|6&=;!plK(l+AdKm6{I00*`XN^1b) zzAbTgiJ);f;NO%=J0QJZWb%rD4B&^h@vK&@DKZTqQ3oVUri5)QxsI=csN zEZh?orQeDr@@ztEaAF2Rq|kK&sW_t&EFYr>1K7bvtfX?*x|^oQf*pimCRoFPUo-k% z`06`|(=G*i1J#El_T4d2dJXz{iPzi*=-=jm78U!_5E>QK{6GO5XI<;Ea}Om#dbgNV zST6@Qi#l}#pm+WnjFbCK{}GVjYq`<+qCaY01;+j@3k}Nn-WBU{$GUOTsIctpO^LA- z4P_$Jqr<0;)APDYUZ&~Fez0qqV57a_(N>cAVj@9HHnU8UCvh8*q2Z40J#yTFlpC!q z%ZX9m_F!_`(=I%)iG3%5Y87z#korV?IC{$B0|Fzg=r%fvpXm(#&{M+qpp|}r5ri(mnjMIr!;@$Mmk?8 zQ@XVAJ`l3&qYrsmNh$#Z9AomI0{>l>3)D1ls79sEGU&- z{9C`+y0VE#v(hBalh`IbFy{>u+^fu9P8+fX5L-NekcM#0AsTkV6>v0P1V?(BM?MU9$9~ zdVyStBo0K*+ZzQES&OyW|A7!Z^Jb9OKyiV3&BcTDpO8*6?Mp=;tt(m$v5ry)F3X?D}a|)eF*u>MP71QYP@3-(TR8u6;XY)i;Lt>H9i+kPi zgrYu6W9(XcaBzL!=CKO}ZuSSu=ZIeGR zo}U^+Ai4_0pUVJHu?*}JAG@WWCT3OtLyoneA{IGUyvt4ttR)Ye9Zh+)tE$V~-={AU z2bg+-m0j}#)nO3LxU~?dTaeNkfAj^HKOxabGjII9jl^U>O=g2M{)EXOD32raaax9FR2L zKv8aylX9r`@@T)geW4_aJ?{ttB+I>jc(3wznrwPjYZw^TCYlxk0($qjGh)$KjoZ7mWV(_j_G5@e$YUv$7ds*Q$tUZ>nGb z97TwbQ&laS>I{n|T3gTB z(1fCWLZA6rh=*3E1$G6S&y~$}L8r&^>@^RU^wwG6>jfe_H-aBP!nFvgDA-NJyr>y`xCrwrFb+0RwP77Tq2GOfRbve~ z6=tZD9Z)gr4vy(q(d=J_)DrhPx$+jCw3rmXET=XLE8jM6SeehNGBTY*W!}fEXSscQUjv_KKZl&_ms%#3Hizug#kmwqM9QBI(U)Dn zqN=8AyD?0wu2dRlMs$sTByRcDPZ3NxHOC&+4@s><4wR}ygpzQH>GHT#^WNXF+fi(& z=byKYo0n+d8&D$5*L@?*D?w=)qa> z&ymP3wFD3h1RR}#%4umIf|-x%gb;Aut@cJ-6*6~&@XiB@28uzk=D76a-m(Tt9Y^9F zQT#Vp`mf*MfAigUeV#OJj+ppfaLFZnX52ANXQY|#-kfQksRkngQG|%ABrhmiC;r9~1O6w%`j&SBNrWTA;+sdybroE4hAWC2_Hq+!C*p6_Wc1NWw zfT2u?#0oXt=-K0OKIYPJH0>GKPMSvPvjkdt7_McIL{)C}a5yhEs_&-5FAX?*3GlyX zAmQ3D{GM?8A#U^oWuaSEsQmOkglqrX4MYvtHV9V9mJ!CLx|F1WBLJDkWdP>WI5CP* zlEQ5&h`sv<0?_>$R9<@NpvQg|=-qCe_#p9ZqI0b~$Jt*{G??o5nZZ%dTQ{&%e4F?* z5fuIW_!UDyZNXXUdPA#ky}Y zY@U`sA>c&0vuoKi%9-DiLdG-pYbE-2Jeuw9?EK`fM(g%f7c}`NF+HgQ;B*g$eMKjl zVp6anXKn!PiWAD@RFl{gq%hEPMziHB>`k`1p;=Vo1mB7o4}Eh{}g8*Xy!Oh{kcu*6a3FBw9seCXgdAXR zjP_6U4u^x!@=3v{HMw29x76j~oAAVD!h0T2aI@Rxcu;V!Ku)dS4Zvz zgIp9>bk%e^q$c6JQss`R8%KG3-$<16Mc~g9OL~9U7>epxtJMgDiMa zK?07yf0ehTfz-bstw^|jC}EmOumOrko?5Iu*4S)>g2QnP+z;)YK9($9p%mJLSZ$M+l4LPuQt-_%>7nCBcXFA|MPhm@k`vf+n2vuvu?|2ZxX~?x)?Nwqk z$ngEfk#so?)`MH&Rr&h@PHRJX8!_2lcoE2#z5OF+D8@-dCRwfDi@lSx-yM61YZC~w z1OI{b>>Wc1Gd3FO>id)-sUN4>7?UE#@yZ>V>0GxHC9tC-vl}S>#U%aEE@<&OiZiPA zes(K!Io6HeVPt?q!(LgKd#&!aZw%b!EQZ6;F}@C9;)#dXZA?z zlgHG+@<&=r>YBJ`VA*j8POr0?Z2P0)T3@iYkK8?m+=aoon4P7pgX5(>%6>4iqIP_W zGcW<-gxf>z%|?AD`f%e0tQjNL@wO%p--rwW68qh<67SSCByOE<$T^ahwSdtw zWyvCV@Zx@Eyp4~dcn?t^!3kK1HHf-Fp5fuvZM{2|6SDUD+)tX7-AZxmE>R#h5{+9Y zZzb*hnG79Y0L{liFl=Vx%GYQ4^bISxL3e_52@JTn_VZ}Q`cKR!pPOJYHWQWOa$5tx z^w;GpVk<(K=70N)@l02rf58njB;4$-*j@fSdjf{Xc7J0~nwtF#zg{YDzX3|Mxe9@9n@xV3+FfVS!QR^g{)mDcbeC!4l$7sOR#9*25NU1_>V1eiz20&K( znt2Iu7qu%6Y~SJm>SFh2LDn>S-?+*Y9B?;g+=ycXW7{qcga_zOZ1`PFpjhOHG&vvi z>jGciy_#zy8DDgp>Q>xKFK7#t@-YRcwKB2XV!|kT^09W@WJBS$_1)F#+s|3k5_t*= zX9r3OPYyRFc!NQD);pF<$$svwM&eGay7=lN$i((*7>xf#>=V-;g3GUXEDdUh22|<* zOX+bjEGx6DIF-G+a>!N=`meWz*~fLKK48}x6G`g5L%mco<_8}i5J-3`=Bsh?+f;?m zsh3;w&!k5~?UHwe2bB3S*Gwdcp+7ql5y_t0qvbW<;s%*EjxBd9E?ff3`dJAs^R*D? z$g#6xV9>V`c;IH%UthEL1qATVJtV8moBalLA`B5*1FmnMo=Vg#tX8_YpInoa6e9$* zME}RTKW5fXgbRn}2B zm)rg(JyrQzG8*anYe)}nUgL&JLT<3;tDddevF0-#2SMO#WX(=!c@lEswipB6~o`x0;;(%m9eV}Mu&>AdW{WCMqzm~Z`%VbcACQayxk(TS*d%C z?{5Mp4+%o~->w+ZRHo|yPpq_!D znnWsp>Fo!)fkfM7G@XD$qM?pazD*pw=GpLD0Wdo~A9iN;P>Wgc@T3UBO!-;x6#a6} zjzc?_6Z~pxN7&oT60MFv)^HhS@=IaUi0)FYaTiDioxpPV(nqEX4jFg~z zjBR8^O;XyHwoYvVp-D8YC{%k%(|NMNGQ#+f{|XGly%Mk<+jwhJj%VnTCV89nCnHQ! z(^t}VNJANke$C+~p!Z#9qm#q7a1*kt8>K)p%7AG|8gT^2_h!fu4Hn1ZCo*fg+>Q0t z_;-**3|ZRXmX-fPA>!#9;xCV5Fko&@Cf4R2v&1i}qWckFhQZ_-ZO$43_yTbd=xY0z zPt1Y+4hwK{VKh<#3VAz9|6_n`Nqr3E%0Fg^<`?Ab__b>85j)Ml!6rEK=5ZU{|F;WuZh8v_eqZbYxiQp-9Yc>E>&RH zzAnHOswsze)G)h&IU2f9%DEeWX7@LjxEtib25uPTur;ITXSZS^q$52zPyi&%&Y>$@ ztDFfFyh5`zU)+n%V`wRr%FpV!ng2}I#_O2Kxc-*NJ#LQU3OJYjMAKA5L5ZD|92Q2J z(IcXb0M{VjRUWAFU?B)Gg0?V9R4IzVTDwq}k9q1%Y2=~A7C2-S5m*k1tS&T5ZIl^e zi8nNp1gR@eQ$8O?Z8gWtU8IijCo%ZaA}#ww8rrJ^>#Fy;6{oi%c>c}B=L3AD)G7mJ z_cZ)~iIUw!*o*C%#YX!Drs&t~*mj1;3@34FJ<$On_fPLvM=KK(eYU4A3sRnH!R}Pj zz9Ra~Rn#I8dY>Tr-L3K^c5+vG68)a-q$$HL2)|AMkyLmQ8CbLar4j^roe5r0+$W7` zkUI(_=&14$A_PkvQXvm0({BgyXoi#s>-IwMw-&c4rt<&kvlgp4`y#X=;Y^FLm%c|r zU;){R3!vh){_)dRx!=zcyGL^f^^~jhTwFYt;v`_2chL$F4oiGpf48` z1NaSPtN`AnrsczqM?m?@8xbIKsDP?==}4*PvzX?VEO%qnZ>pmfiDVUYl?=OyVf3`7 zup+xHv7H=RCm)wtLO1i?b{PZ%Z6vEVycgKKP_5Vk9`9nB$8eEUe>g)jE`*n%G_K~9 zSVxat#h>!!t5cidv`+qXmTvrsBbe*n*-b0BMy~pOyLjjKyOZquX?6IUGj2+!TMFMg z#oSz0rSZ@c>eC@>-uE-7*4O)aY&qCnOg_}%#eo8qOYA$2<;GQ~LHa7yrKkfpXXex1 zX+Mh?;fw`qTFu;D+tcm8A3nJ+4N!m0Uw}K)~7dn)%I~JwylcXOg}~r?~u0jEL#mQ{nx% zgIcBD_lw&+^LdUcys#}bLm{`D#WCv@Rx^PilDv322z}dL738$uil8&AcvCHY;fEjA&wNmu_bv+3=6p9#=M_iP;(sjp0(3j$ zfi_U@Ht>D`38_~*X<6QXZqFA{q|=?%pSLxDTx9R3t6IRL$^iI1K}S;lga<%%LA!sV z^q+Q+i*1wmr;&>M<3&9|mW?oFlI7yWB z5Axzaj`-X%ub=$cAwq&`Jdrf8oY8~rGvwh0@RI-$rtkUesKO{Y(1ZZug>*R1kdw)$ zNtAT_wu9#wtWs$f@T_i2+@SHF{;LlN5kc?MEdnfQ8I&|eF)~!=$c+aZ>VWZKXYqfG ze>cvqY$N~}lT8~DPZG5$uD-7tH>sS-zdo(l3XpMfCV&%Re1jM-X5lBGk1Yaby*=fV z`d2)FI`fMQ+@#`>xdFbzrGG80f!-WHgmakysi#J><3p?~43mGm(sfFgv4Mx9-iKc6 zDn^$l=OJaAgCvITcP+~6WUo~*#|{=Km! zJmkGCm{%e{)Zr&SW$Ox1&jEvadL$7~!yjHFr+&r$hLq8#qN>cAviVl_hLo#Yukj+xyYVG#I?$EFqgD?Ss{3><&0Am8omKBM3cU`PWn z8pu33SxPw(iHUCH!{}-s7DBuM*E!%o%S455Dz8SdU5w18Sq{$^=MO(`x`pCH*aK5e zQpPV@QdNtNVBeRzpZKUH9M6t(YmPwQ;%LdD!qYouC(Z73-a@r|JV4mqMj@TrpdWj1 zup$E|w49<9L(5PYE(BvdHSO7Nbf( z;NJ4K0OivLN|8vG4I}@!lEPnH3vroP71}?29JH!6!5!WM-CcV@mZ!4P2@mRvU!$2SC%O$L#tV4omcxzqGQMC@yHI#MVUtC2vbFz z^}$0ujx@`^_v&-h^Q)_93Z`twUEtor-tIBoB4l9iV7dmP@c#M%aUHdzc9$Wrwh*jn z$==`Pd6((g8oqVAZki^ammvVaQTu>11S16w822*9$z$>R!5Yn!uFG-*Fnh$@n!zra zLB(g|SPyqg!Lvq$miCvvDgan5aHFxi(em%mH6E2b05tdV1#~a}O>C9o#2&z|`@f9K z*Wn<&^^br#Lqo3`?BnE&zo)t1yv%MDpdLEiHxIiB>7IL zwiChx>=gGY*ukRd+B+}$e`9>>psR_<)^PvZN?IBp$mg5q}{YY2Ze&(TOsYo#>t zDqa0md;GU_T&3E2rOk+Dc)BW;VYS`VlLvXai1A)9Q!vfC3cuG&9^R|t#@}5(NqFs(+iL0~srhe#UeQ>eR9Q=!ll3k0-V!lvGfVi9M z;#h8Q1z3=z+ta1W7bFb_o&BzL$S-d_%df7U|83gk5H!d*;UUaTUpM*jTTPAYeKjQC zka;&>k>y;h3!LQhHvzX#tG)}PuWMdZbvc=YB!ODSq6=L0q=kD=L*J?G4~ys=d1?9T zU2q2Un1)!-tU+a+v|IR(Lk_J~)@2`*-<5#US zun4CQI3jjziUv7|pbVHFERFoCDboXt&Sv-&_f2GAY<4v3tya>FM&i9IyqH#N3(>GW z2}`Q)9)`(!%B#W{Hy@qV`cbz#>D=qu2E$3~UYje}$4)5x)aChIa=_Wp5MKL~DiWy& z9d3}rfRd@I-i#`q56^}q;|Rhq=-cAxi_TNzTAW{VgfXXe)*HtoW8yiRN{TrqOBThy>Zcq--8PM}-FZ-XRpm6fSx#x$X(Ngm9eSXCK%4P*tC* zis>9IrVPfx)h@ixttg^dUiV&uz$vW-X!AR2A?aO<`dANMb>wjPlIzqTO#T_(-z(Nm6)L>D#@J zXl`AE;D{ubu)X9|16|3*x`9SH<1ca1AG|K%6Y0N2D|WnZELEhh{@Q&1ipNY!p12}` z8~Wn#Cm)%r!0h(ii11u&FjjQsn)OmtQ}=rnh^AKW!wIemvgOaVe*+<2+Ygs7B2^BO zXR7kAx~PpO4G%>iqLJ1C*9r@l=?dd*TRhMowC+8JyRy*qrzhjA5lchB9M?IHRs)>Eq9AXY6yLKqCtDog~lsXW%NnR z{^(e9V92uUhE)B6p`eeWlpS^RolZI>i38o5JV}Ca^Y-$W?PaO!86(sqo!y(E-aUqN zzjh{<@3N^(Yp*5syHwRKnDs`uaz5X;vP>Rp4i_3B@7h>63`4-7jGh(7=zi;d`fPp_ zlbP6Q?akLK{{wwvDs2}joNRDsRp3%Xy{Y1_!_h(pqqB^oa37eQ$EzTFvL2(V%WRJ1cC49=4F}kO2c3i zT6&;A1l$qewwVbJ+z^2|W)_47tBr8Vc6HDS?&4PVX#;E7xiVHjW#s%eg2Sb1ob<>m zdvJ&pOmg2sy7yog-82%#u!K)VRAl4^oQT+U3Rj+DZ*glEk9kPGV)P}VH1P-k$)ykA z;kX$>z2;vUr7nhzEdbL{(+^B>_GqN|$zn{8FzU_=kfq|8h7_8IVjFUJ#Z5G7^=1r# z$({ce(h^I{zD{F5S+nCy%TC*Nz7K1NB6+vBepJtLru|gqyHdh?*!Vo4 zq6$nmvPn_SCj{rDK8U{P(T)21DIWV&t*FQ{{~wJB3*{+d!u@A$w$WSp}^$pGCT-RDm+6FVt;;%2^;vdd<^t}_ayY@?90c**;Loy^PM|25V(7{vQ_7K6ZQnd5M;hh zoCaLItVQXws7akg!noB^)sR95ca4wQqH(f>x6|(fK@xLZV^b%KhPa$gGoFuF_qY%sf z8a+lRTS9yPmzzetGpLc>OuvZ~N`n>YUk9gC7BWQA1##b-?2-!jZYll(vo}(H{$cS-Nuyl`3I&W$?V9vSYT8%)QXoPmj;B?-q-$J9dAq zNn0rH$vtIX(A@Oj50``P2|lr}>4@S)mIiQkfIum5as`6nT9{{RVqLir`5OE)847ER z{RQok7$XTJ$M2-M^(&|=mexS*R&0c1i0by@yRidZZvOcXH@#&`psd&1&k*^$x@;6r zBH@{3_FmY?NnR?Zh@wLG1~8?8i({>i-Hva^I)JU@E&p7Zov+1PULxeuhVR za5f`7kHaQ20M&c5j7x4{e}C-pGsiI)6!6!qD;OeajAj%7^mPNA1#aBAO!M5T6$Qt3 z8VzoaG1g<#hXXq(#>nzs@vc_rn{5baBSus42mE&HR`N%G5&D|_#)yzzC(IB1aRI3* zo%{ETc=kXJ?q=e0i#)OE>8*hU@up1iME9He4R1NnPP<6)6Qd4+cG#i!VYGDTiGNd$j>7d$ z&4lw@W{)S|j9ul8sqCR~iuS${Icz4`ZjsfRi>(bUCN}&G<-*4mjq#P;DQW0%devie zLOYT@N0dpsDd+yzN}5Qk)ET)p0+9!S8ntFy8hVYN5(g#{%)HF*Ra5JnD9^i1Oz1*b ztTz@Xa~$KPGC*Gd`>|QMNRJ+lp=S&hZ1sOT3ysBQbR7&yk zGc`>2>LQ5q+4QY~Njz&7ua_2SJJLBhc>Ub7SVPRGa3*EP`Ow8~mzGvR+~j|z6X}nR zm-4jjiBe>GVWWzS4ntR5( z4@j+mC-3uveBQ?jsy=crE9mGe`7CIN9#q!JHjH@V9k|G6k{J@>{<}tAnZfgh;v*57 z^@@8?_l627#~aTF71(6hPGU@$SK0apOqjDg)@T*dPTo8^DUY7;xRg-h2{AUmY+THW zH*DneXzO`hQkTT(u{p!EG{d~=%%)|3{ucebd*(DUyZS01q|;ZSETpzSHvM+uE;G}> zqiUfGO9hJ%L3N6r93NTpVSDAI1CG!m6$}MC1?-O99T+Si$v~M(~1>#}o zc@Qj*O>)$z1*(SHFuIAh-dp$3+2)-@jwetOUe9(xo2mJaO}y4i{tHxk&W3wnAq#2= zsr<7azjlyRv{koN<6iaP^jrLoMabFDhA0WJE-AJ2^;0wII~T8gylvZ#x@-$g8ja#j z@Tu2XQ+fWc!QtENXOGe*LG|Mk1XuMcmIvAr1qm=A|8s7DJ4$FVSL#a!x=2*s$EVN} z@4C8yy(b<5*yLr7Ve3zwZm5Z!76Ug;@7+^i#KXQQ9C`X4{F;el&$#4JGs(7^Y49nvO62|hWmgk zJ+`dE@$6w7i~YgfP>sBeK~|alyU`ON`l$8y>SST#H6F**{pC+wtUVtwdeTL67T|dK zw+DmJRW{#Mc_z3Fs^4x+5*xYV zcXDQZVJEx=bcCO8z8jKAoJP4ASJ{jiLM3yd=TRA;SH@_{-$qI5@nFoa6Om)caZkuv zTi$9499T5)d>zm_8Ly9OS>Q_dS7DDuv9RT8HvMj^ncsS&oLv9I4_)UYtbKT`8$c)o z&f8>D_7W(y#I$iTzyFI>;s4k2>lXWr(?HJ?pUEB3otzkl-_Kc68d^K^RFR*{suB+= z)OX3(Rc1d@s0mK6rnqIXr9W~;srdZ8oN)GlWsng$~k}dyk8no!zC_@j%7>#2+7%`>U3{t3uBCgAY{nfz=vZxr7>!XrFZhF z>AA4k=38bgYRFx-S8*<1EPGG06_rvS@I$}E@WZ(%#kL;ZMK-MLuqd!5`lyX*kyrPC zKaz>gb^eR8^yOV@&(J|Jc6MidY1O=$PGxDecC<_MA{~Z*J$kCj&{?-WoWm#D{brgR zHcK%q>t(WVuq^gqeZ-RiRM#_h+h2~>i4jukbvZasL=`ynOg+)rG0TZ<`U{Ch%5|cJ zG_XHQ3wDn00y)BC?TSp8;=!v!;2gy6VPs5-vnf==&6o76s%>|$Uft@^>j^svLy$2b zl=To?7e3>S<9}VGFN7C)Gd}V<(z;edtkRW$dyX%jD=ZX?&i1N>6&P+?8Nz%`3bmC3xVKHu?aZ&3%qsjs{<%${db*2PYS&DB1GnEAdx>mvC;*{D6ptW8lzDviQ+$F z^-#iEuIG-Tn&!)_bju+VtaLhbtaM<*vk=C}Q5)hM4L@`HBGYf9QonI_JdX+?X`6Q< z4rSC*b*d;qaJk$?Na?pu#)gR>xJ*Sox5jWx@mf=DMJCa;g6xPJK37w6$ zaglQU*`ea@nsKQO%KcduUQtYnMx}<2^y5=fHbR{{m0y%qhf(z@VRRAw{Lp}>>Pl8b z2TBEAFIdc>&`#$=0sD%cN|lc1HHoz6;Y(RPVqytGB6xtCM*MnQCM*eWX@33<R5FpyZJqc^gU;g|5umH^JAvsuA z>1TGZKBRPUdY}n1k46v6kYL~YKA6<9LvKJo4G0yJ0FC2wAw#Wo}b;7P`ce86VDgQ(|mqQ za&Izh_iWxPeRnB&hIQxrz#B>8sRnlei=G$qjp9O@#h1EFA&Y|3TC3I9I~&6U2>IY_1VwLuN8=i(hhlI6e=Yco*~zU90r8qAzK@X zqp>lNVK$$s`L6DJi`$d6170pfNuVGO^n@DCTL1Uz(oM?89fZN~>w!UrgP^2@%eheM zX}EQY0UkI}917GYdVkVxDR?>f`-l;OY#tdfhp;>;TsWDfwC>}H&T#nyZ((eB;IiUz z{X}ko%vS@@b7eDc|9l0sKJc#Kt_Lo+?Fa+oE0|aQ!!0lpfFj>VC67>T{yF>EW&a|F zUUr1}i2?{UKj|icaekcmB+7G+w~=m3I0C_becjRB-I}GS9rrE@X)UI8>UN;-0#omm zbTN8-pHuh4$=-4pziL|4+@d~e6Q9V*v+4ElRM znf#3k>#4s5)IB`JEih@DXf{kzF4n0!HECg~yhywX!#5FZO}f-QM^z;;-(Uk@({pLJ zO5E#75$k%wWt+F}ioV8*LAIW z#w}*^++uUAoRz?B{4eeGjomn|WGt0srka&dESvj7?qW^G*IO$gR#F3fZ~G**85@XS z*X2LV{TcB@r?}9s{T|33F6Vj$%R>o8t-YZ4OiN7~U&snweSfMKG#EV3B|MbuJd+ie3j(J*+t%(f zl#61iNB&+eH*diy=2ki^(HWc}F4x^j7wBZ^^J=a#F!U#t3zR1>Z7+ieks|a?)3QHf zpGf%gQz1xB&woKcZ>_iJKPajk#ASIE0sqP5ce-kRhfHZTAj9&|WCmGL^RE3`FH&GQ+=?~0favTQ5z;@9E88(YfOwHWd=w?7n)Q~R<3@Yz@)%g}`ZP!RCFtBX8mp6JK@!R7Ldx=3csX?`!(9A=h^wska-@*CX z#qC_6D4BO1Zf?GyNu+gI*ic$#`u&^m$6{Wb0Qvi*Amte95W$$qlE`$?;@bU4!qG{) zwca-AypoWKNy4MtgFwxSnX1$Y-@7@>4Yft4`(8D+hwfI~P`mOehA#2uligT}__1^o zPX;TNc`@NL?peAM^5tI4PAOULvc{f1N#e%PsH_ z;UhGmMnBiUOg8K}u>;-A-u>3~vLa>~IbyA*rZ#9G+|2YbO~~~j_l2cOj&>2GMLU+u z;1=@6N1ij)pYx@+VAa^V2jMf1tQH{6XD(!QOvcLj}F&e zyT#%gdmMYf#pn81!Kf#B@4BQ()s)97+$MRf;L!o4liqFmm`CuGX;X%;Xz3T7O{(5b zJ}UZ3HP79?P9)JLgS5k#Tit6$%lzSq3C&t>XKA~7IPTg)?Y+#%s7B5ZC*4&C9lS6v zT}sF9tQtDeQ`X3}x1L1Da~9sBt2Yrd(IbnM*6TfSc(|syy#=d z0XCKM8#BJBGkpxgU)mL~#>jipr`6XAmO!^%ot#<7c1;*?0o|H7!$`2+k*5HU)(Ut?DFt_MQbKiE zijjw)?A3(}@*a!L$#;OYiwvvRZBXB8R`4H{b-+d0Ccsw`1c9oz>+Q|i_;=tl1G|$m zahWs@V(>#Y{kad%yLoqPkH+Wi2Q4Md(ew>$;CrMnC2aNu5jWsU91ai>lwAUnxXW8f zH4ODGn|B(S$89eSr0fT$-7VvzhWTb1JtN;|r)-YGyr!bej~v_G;N_~x$NXiR6V<3i zVE>CPi`NS0S+8(6n~GYbD`%a4v?m+t`yq3qtlZlzwP>`ow05d@lG|Fs-sa@?vmLTM z{lixAqLDJ@L)Uh3x;xd(1T3` zlyOBLLfN32wQ_pe1>X3tiW~5Uw7zA&z~0p^oc*zID_ZBR+Gm>|-`5<#1=7>RotTA* z*S?b4E^jq-YdSLsf-gehmQFoDd*VEHufW-tP}G_?=5H39OaA8lrork34J?uI?TiEr@CFjKrf zv&atFS-e;J^3*{Z;kfZ!U{kS%EHKQjksPIQiwwHO5ybQByL-K6ljmbKFHw5m^zSr7 zr_f|bo~?yl>5+dgb%EGhzEE<}WOq8+o}KTJgXGsG&KwaDpY^MmBP=t9f3&?jJGDp| z=?pyS!RkV74t(_9o#~S%sg8eun{zRdSmR1MlUYWqc?~xmyL*Tk_38T zkKjF{sQJSv??gzrUH#_PPEyKd=A{?*j#lDPOhYbxi`gbdCo+{=kbw9JCCA{ny2+fiZ2Fu~%03{^BHz z)HvSIGCfwG`j##HQQUCngFtnek&^9r%{2jm z`*Ul(n2gI0Vg>zk?%EAo(%MZmG~8-zk)d9-rmMdTv};oaUq5B>U$}+TNPAU4m#wRN zzAO(#;>E4Ms$6?e`9^B+t0qz9HywGBrj_j^1C8}eS>;U`lpC)}e-`cUrS1q1Ur>Uw z(YWf;Nc;;Xw^aX**X?GV>QoRery1JFzf-;Q?d3$E(K4;WIp)*##4e4j3&Srae)oBn z-!7g@y}KBH4FugvjFw|Cg+t0G_F7cNF0 zf_Q9x6jA78&vd);`t*B>R+rAg&d3Z=|dD=CCfk^^2%-Jb_Z(YYYLZw|S1 z@&JgdQP%ahHnMi5-?KM+&+++;jb-BvDxkkOWF0Z<@id`+V*CYQOav4oN zw8sd~f*xo_P`Iu5d*;VQqxLq-m+G6JO@~8JpPAN`YF?}uG=eGKhZ7GVIz-SeY>CU= zAi&Z4dS!q3O?l7=LLU*%heh!Hl8}aw?3SI zCMgW%SnHHtVKcU0xg&O1S)qiUaxKB6Yf3Ake_ z>6=%K$}J>=C3~%vN%{b@kYy_Fou zM|7BxNGA`}3*9Gm@`zmj6qPmUL=opcvqv(bTE(0AWdtfDhWYUa*k5tkeueVPwa?s% zk>(e=zQ)V=W|nz+_Hx#E@fXrsnV0q8xr{H#0a0(Ua7ch0^dF3b%OBlch!RjXpR)pg zP&v^N<6ZUvK+rmS)Qih8IO1ShpHR_2AM}5u8vgkZr})WRDl zt|43ObGE=;Hms^Ham&J8o!Xz~ND}0iW0xUDQsla*d(ohNL26QHU3igUHqFiJn?8OGxSxUkMWIo;RarB?%fTyPtG|!$b<%$&sGXOTOC54}UgnK+npAju6WP&~ z-?^}84zL3TmF>b*0zqR|=SIt|A2os7^J&Y&v>1z)k!!2l8D|x?Zu><=1wsxt_0_@N z1qxbZj?Meo`8={SW2yXompxnrp;hieguv)kdF`V-K&a;r9;nQG>eZ^IE-~_Gn7-K8 zCyuSXdCi`onWhnxO@gbdW>5Jzc=^_i4Eb!>7}D$LA@>`?v?e-tgp+`rhvyeuV^sF1+Sk8NhO@A8m zBuVk!*en7_T0wUoJpB&C2$1i#h<1(ht_G+B4Cl1<1HL1ZQrG*>dVMKLaxp#pN{pqo z-{`cK*$ha2JPyaw?23XW3e8L73@+Mk$KT~~Kct+0n3XrfrYMsR&dxr*7X6A$>1r2n zI0(U76eYmDj|o30nKy2EyGYf&oIoTm(vh1Ty_k6a)Da@q8&=mX0@8Vc#W9t%g07Sv z9qv-uza$|77>dTSZFdiPeY8)oa&2Uxij3YjpwBV=J_;C*8L1n=%Qm;y%@N$N-c|3k zK{s&_6H5)BfDYF-?{7a?A3hW+RaxWM*L^qqWn!PcJ?+rmPG}jM5GR1Gv7jA2`?0qU zx@b9P;hV>26yI_hhTO{csA`v98jpXdvbTBWT6zXb8m6O@Q&e0d4>7Bo{7vZ_G3yGv zsv2tcwhYX3LPwo48iMyhM>1yY>MgZNWeMIy*MYA21EH(Wa!;gfrWqD&dukc)CD(O; zhq97@i!VJuDR-N#VS3{>L*}LA{{Y{N1PR|0KHy;d(i>N`ER2a7*D2BuyvOn8T&L9= zYY|*DGqA;Ki?K~>7{6FU2&SDxjoY3al)wIbNJ2ZpY&q~OC%5NmDuGUh)6i+b{{KVX zn})O9cJ1QSUGBRBozWs~Rn?f9iK(S%OI3+^NJ~-F6k--_-DqpBCaIc>nqwYfh$+#*PlToo*zm#r5#oxP55D-es$iTp8z$ z)R?)3OX=T(RiBhjXWv5fgw?F}?tYRJyd+Am#P%PGLw%Z6t>lAvZLF$53pOOFiN(bn z^6%`693DU7gldA?4B1Wsdo8i(XDer8jbIU+UXq$v-Zqix*`qzG*-ET*IQ7~oFi$<@ z+QnUm%p1?dG$CzjU5hFp{;`qwNEzSDx5$VSp%lUXoO&rSNq~6xVQ=_}m}lO{ zBzy_0V|ALNO2CqzE$VfQLM+VwyYd-4&nw!R6-_EgNgrDOh zy4+p0Fd~*uCgZ)Kj0D%0Ib=9lgwnCnbA|ZXp70Q&9+f@YX7F!ZTU58@sSk~EM~J!)ji3};BL%HYpGbzGHzoA zOiw>WwHQ~wh{{eak*i#?l?_I+wMq_0>inomdJcMIGxC-rd%@lCX4E2}ufg`b!I0^Y zc;=e$dA)IkgyL1IcCwGmwnL0I$>Rfu#l{nG3_K%B_`&XRRq|YM4 zCGHJyc27=pq^o(f zyAYvbtmUg`6g?HI}d@Ggm^}t9FMGT_3Jdudm9V?Z!AyV z)XuS85)3Or`^f4xE2YRRe~Y}L#}m36ih25SI&emmIhBmacHdwfdU5-uh($wLyPq=o zMtYE)%z@l9xmx|v7zgmnJ2@g04^&6DT6?GC1p2RnpT5)jWQI@euhNz~p5X&m4TRo4 zSN!vhv%pE!u!7BQ>1T4E@fA;Y7jLHyj%=N#nkcP={}@cl8d+H=Qp~66jcjy4>dPiy z@i8o913Vj6G~BlL*xAH+;Tf@oY^rv=Yo9W14maR_w4BB&-+viT1%ykamC!$Gj0P(U zI)-*>kJzimBz$^|aJUZ5*y-NbZXG6B;Yv5%OSw}4yllr4RW5*leJ4K;XDwMzm0Wq7 zJkHFyZoIkjw(zW-ai7ah{#nwg7mLe-CP&gu5`ee_yrO6Yi2l42R}{YrE8eYp=d$-r z_9NOSU{3nRJwW}D7%=}m6t0g&Bk+JK3-CGSwZmuQc0h4rSk;Vvoq z0$TXbByxIuq0Hf}?~s7M$H88S+~C#WmnzNm+p%Q1LqCn%ogR{hpKC4`!A75BK>;!4 z9WIfCmY?9$KQCu45oSJMjq`!&cf>C&+8+U^g&OLSIt_!VEMPGnXxbWa&f z+3Vp}p4~hWX*Wp`k&rn$hK`s-mo!2CKsURJm$5yru5^(2_J-97jctqc`9AbY94~hbwE8%^$GNIrOZ19;F%N#k@3aiG&5*x~+9Hn3ezS+N;xY>KJUx*aal{QAs8nfYT({lN{`As8hN(3 zr8fkkr;h?dep_Q?lUs52UAwm6h2Ni3gsXb(l58f{`)|%qf0lv%Nrk6Pg~v@Go>+E? zk>hTsG93%;!n2>6ojb^wkTs8tY(YmppLZ$~P?3M{`PoUKn6(QS$HE1hYy;jbZH=bL zBTWN<-Hu8R8_e-(h%9(f@Qj<{>5JK5)jt2|d%$49knME33{|dAUqC%}XYj8W1=V5> z{8j0{iD7sCzYE3x8LHa7yY|Nh=I39o9jgOc>~&xcj+p(qRfw!G5uICFN!23 zm`X{MaoD)xULRvo>74O$R=TFfN~vE@B=n&@DIHo#GRPb~nLE025t{FHnrK=W^?u#p zrk;thH=y)>F`9aCra5BuW2+R zVkWdb(qkz5^l~es_?fv{7pkGNyA>^A+2MQtZeJQZN@Nr9yI4daK{}hl?)<(Y+J1V( z4Z@aFnHH&>W)+!4z)Djbk~hi0JjE}D98y$c2TMCVH_bGZUHg*vMY`x+2`y4R)Tc>p zu8~7Ii<*o9_Bsg%)%xHUFHSigen_gV@$5iQBpE!asWZsYdcc-TN!#6jFX-RmNF~=I~-V+gqIQ$^eS4^;nTsHdYW-^PWgM=*s^5YVMQF+wiIT9l#9#-SPdu zJ}#)JBdRJ!7d4$;ypD=G6$Mfso3~sjSsNkxSO;0U(MDRgD?xdZcx!urhslgCC9NPj zsDxjLl?|U1=lNfyGXn+O`Njn?t2APU25vRi0H6jEG1{}b`56ucPjW{A;4I&UTyZq$ z81{$@qZ%;y@_9GkMFDo+ZUy>gdy#wa6 z*%lU(bDxX_3^BMH(R;~dZoj{WO)F=m&pr+#;zZPJ3dgJFBLp%49Lv+@F>vN zY&H&E_idE-2E`pLyApDrSBJHdhWvEPyA~5*G(y$ALc5=GZN=xFG2-v#?zQnjK{dbL z9X@(m$lS}^;un?rf6&HpLiGICD)(^#er2DQ%vd$&{yd|c7dyb{i%9eW#Byan2I|PT zztETSSm7D(_V|9{;n~TN{*FYMo+3*H@0p)XdxD3X5M%> z?SGPHU3d48=iFTPlmC7g{=~q4vgIB7C7;>e>O)7q)Ty&HVSW$n)3D&W-S2a`cQ8YdL>TU`8kiGIxgZmsh zX>podC^oJ?avij9aN|3tEDk{vA zawQ%9y#KU;lJx2s;A!Sh1En$+RJp_*+RK9bkU}nFR#8XG&j!3tj~5Gdv zETdyI?PIK8il5qQQF*DWpW*&?)gvW`AXPl9J9=B*dM-faYk-60G@tVzUvAJRKB$C@ zMfK%Z3Y;iQRlxxl5ZL(rH+S}1rV05hc3jb!XWJii;d|4|11G1MEhACelbEnLo#9vqLH8GlLs9=EEW(oEwZuBhvtcL@OixI#~SN?mUo?7 z(-e@4SgD^gB=2PE(7RIh+XArH!Yp19n?gCb@b3iD;Wl4)O6nt?DBPj7y*&%86QBAW z+8>!-Y|xm0EvUdTXv`^oU}-Of+xCc9pI5V4UV3ap~;Nm2F9Uv@(2(i5Twy!7&b zAj=?LFgI-cqw9&EuZX}b_%+UL`@gOZBG5Q2Goeaop>Ml6f(x@aTE|Ui)xk{PRVM)A zly&MhF&iTRE3OZilW9HimS}r(3S3=SV#QB+pwg}0YLULZIkJzOtzVOFQVc-3e`kQpKdkS@Gl@v%f-s;@6gM}pbFJ~iH?y3kZK(`+(BINFimk8Et}8u0YJ@RwB;MN$lz$A` zRaKF`N{v-te0{Ox#J4a8ut1CW?Ephujqt#`K$RHhXY0#*J8KPWNGjvxCGoal^wa|; zFbaLA0}fmO0-{?pJtE_498ibdlgB$e9YfR%cK-ZU;$cRorp!y@3j(>GT!=uPd*9?BBAFZU{)Li&^!`nx6@_|51({(%6>Ohe-o@X9V*flk$oYb^tXE-1xi6In z7p5(|<6_?*L#6pm{>4@J%9!O_4MTn+9a|n%jH!}X+*u@Sm^Fu=PSA?HRa3Ud?;b zpe-eC!g1OC1k^+^iY>}qIy+1f!M|OQ`EkhS*RzQBj0l0b*YL`@fzgBE0}iJ16Lj8f zXMV}b7!~apEX9~}31aA+jMQQmHEr+6)1$m1w$%O(zY+v;#%LR;$kjSVyX6Cf?+GDCg;!V_l!Lr9!`o6WT)Ot~wavqWvu(is~D& zoMCh6l5wN?n!kN6Lr%PV&FUrghSTQ6M!0D%XP1R45}b z1M-5ygYt##MUBu*Iw#~6C2Z5x011d&53H;_t zZy7{u)08V>SHL-px!TjQOJvuTvLpAD2Z}XCV@%`)ghd?oycX3)zf!2oM3XE;0UAD& z5pf?Cnt#7i5vrC|#W%KXlQ*#HlxM^EqZ+h*$cf;kZ|^eLPMwUtYwc||rVNb`%E{0C>C2r=ZEh7; z(u&a79N`%c-WugXZC{_F-r@N0J+gIfpx``dirQjU^)fLc{Q;8%_l~=u-BD;>ezO!X zE2%RK+op`jx&J+2@75a<)ays90({zfVFH(k3C*d%cg zb%zcfE)?~%S7jdFk9V|N8lP%uT1{IdZ)~esG4kkceF*ED13mizQ6mV6OiDkM`7kn% zv>mXBv|j4TtgCPv6@5cA<|68acupLY9X9EOWEkuyaz(yw27WieNmnft|NKR7f!nAbcr70RWi zc+ybD5a-Zofz^9rO|P^XvH*e*9Wo=HH*Y>;bqv370<|?B62etLsc@oZ1iFoR>}oN! zF(**Wt)-<#W*Bk_=U|ZLV*Zcm!H}yNr&6l!9Q^Wm3w8eZ$J00eSl{Y3LtKyU>hLG? z)eY{ni?Eaa_-Wh+-%lFF?J5bYdf(TogxI@f!sfmeK|EHU`7eFTBh}%xI9y9rmZ5z_lA1`AUle(bxN|-Rbhqga$iL z*`|boD8BIlb8V%<+rzVRW`dn9y=+Q0I_M{70pRjn)N;FZ>x9_1zE*gft;UCQ?p}Nq zudPS|pj4E)W)~gB9(X2|A?{h!Y)ERMwrsiZj-nq2 ztKd^BBy7?)28$@$PJ*8{Gep1fs4uhR!S7E;>^fI=?HP>Utpz=`Ecy)UDG)?e4?Bx3 zoxp@Js+Mr{R4u9UoF;=;9fo&h(%!v`QM}h>5$n2kXGlrCjYDtHZ-ojiu<6u%t}V-i zh+FRn#z3@V3Mtmkh$}bcx@vkWT@Hb%m-(>{>2Stik?z!odZ)z;Hw)GXmxx?Ex4(sK zCE)vZ6c4?kcSoudHtAGY$OiGnekT zp@IbeAYLniHX6pG(rih2!^j$>&J7V#0rSU!pdqn@=Bq)+PrgUE*&knR{BJ zu=Di3e}?v{0?xS)T#=l%%P{6oqg*Mz)S%lHcmrKc4*!z5bcx+@zLRoYk0tXj@%KN{ zk)CWfLa=nO&pnvHQ?|T zawQ~emKIe&PLO$2J3w!@Gymi&Efjk?xKRUKn0d@e#)|9Zkney01t(kkqCRsBBu%aC z*J5>}O)ZqHbCQuU4c~OZthy83NVjjnm3OfiZwhZdbsG@D8^32Jx!dw?K6rnRbMrI=039T`Th>J zRXiM!K|0p%ncMNF!@iW-+z-1SRMrT@JsCu7p|x&|;x12~bxunyQ`$>P@1Xw-Er*f)u9vV z$=o;iZ&@lI+Lzze+Au%Z8=*%9(TP4{@fzK#=`Z>j$o`lMH6;zap}ze_fOubf*tEKG(}o?K6VGeo|unZ|~ZQ zbDz8X;{|IZ=fc%UPJQTVQ)J-(W>Ows%}nI~(~$|pat4K*l(RX7`)29w5yOfRhxj#h(p&4KG$Z7I+j4@hd^*&}?3sGV z?Oz|fS(tzY`G5Ky7|W?^xxHwKh~s)1;?I~kSYPjZ90(-TlY}`B>sWU-&S|$u45=uS zlAFVLkmhC0`dP#NVC%f@@o(b1*6C@US4*)3l8|d(S#7l0d13u^1M{_41VkAYNWnJz zR0q9C1dN3|zNi9$z8sr8-Rh8p75*Xa8d9(46o62zE<{Qe@YjM)FAP_%87Qea^Zc~v zjD_NLoU4!)`2%WQvCzSN7R#qnf*-sx;C$kMAy$=9W0Z+%%y}a#g~cBPFOpSm(DNQc zGQzuzgNRN3KGkb0U0j}~uSqp%L^FfdOX2rM7Y!-Ei)!SXwBNBWDlovgQmT-{s4PC` z#u*=Ul*!GsJN7_IeHmMwDKnM%02jyGap6@neD}?W2Codc17Bk=PZ067pH%uDP-N{f(b@5Lv zuLqqE^;J4~aWoB{7EK1&X9kV(12%1FC~x4PUZuCVl#THe+1hEwfhHz1nANc0o(pqbDRw^N=fx z`6|1&VceFkn`PN0UA~CkFW)MaDDU48>dkzSgkI9T^Lv?Ek`GQdJ@&~ zf#(PFJ+XAX*3Mprl8m0DI_-aqk6iTtaCAeGPMvUnzkU#)k1E2_kEC{`IdyYMqk5>xV(kLoN zZt_!aw^zjYf1sZ>P2ed*5CAfcU<&{yE4n^gq6R&}dz|jl98>*U*~BJH@SFx+`={pT zM(e5pfj8A&j-@_AF~PceV>Uq~ld>3Hw1sE7;V2Tqj}s^9c*ikEYb-+d>g}|FA^d0i z9>+}=C0N9MDa4#MqBf0Akw@gKY)^#p?!Sm)cy|S?D>-9eXjQQh&O`PdY|BsQFaFHXd^ZbzMMUmKYA4Qu0eUxOl0^ZO8^y?_!S-yGhwL%d z&l~r@%-)_{@!&$e{&wOGA}=$cz!Z$l+<>by*aY5BpK$p z9j1lDwyIu^KaZ$Ty8n+}IycYV=KN(z0i-TTNW}=oq{-h>a5K#_tb5iG?)RpLcBBY_`UA zRO!us*~O0G`9ke` z@9+P6?9{?wXUH*aNzU~B>&v_AfHwJ)bTF0b!vyYf;!m29q` z0(tcHQQ9Ior_^;0y3`k0RhkTuC|5%TyWw8$z(cxsep-(YhI}iQQuZZ}Y`7)Cwsh&W zof1?=BAgd&lM@B=Ws>WDEz017ew;|0mVKNk{R5;7uXw(GFOAC7g{bf9NV4>w_+#b9 zE33;;$$~;GrV84;IjK#e4;MAUmLeO-H}E&p{*Ci z-OD@WSDE97cQ=P!zypw?Dl!b3ct5y=^sRZom9U z1zgefbIfC+M~KId_g>P`{>bgyY<1i;%fkK9On z1n{I8adG-E7pQnEuM}K-);x&mAhpMtVwqR4YeU# zYWwRlap|j&9}!?Y;Bz#jfs9V-;!`432}boUVOBao{b!;Df99;uj%< zWzg77wxph}m6g+edu!oQI%x_QmbyPi&w0YkYCJMjwnn_v6dw3Lf=h6N)1ZwNe%Y?$ zpMd1YUCh;5U3j1yF%dwB;g8H|ycJ#!WX!kJ`#GS4@x-1BXIU&KT%5c_G1EYLv(JDr zXK!;xy`JA*=SD(Hz0y6RFU!3rO#o9Jw#owrlZhwtT*x1XbwFa3pANn#tM~hcK_zxG z)QT{#iIqV%>&jY^I|6gH)A9$S&nu*N_@r$AK7!_eg#-`S8SGq6myVOdH}>2aYL(b| zUGADx(|wv_Tgj)|iFh!hGC^3X8id#@(H}RQN*<{aQBRgv#95h-J$ zR%5tc(#@{2Z+Q+Ha|@gALDusP1;0^&(E1*Q6H^|(CR!?yK`U#e59`!C4*GpJRz}nx zwxr-Zr-7Z8~sOA`wud%Lbn*=fQT>g=Qn>a`j;zFsk4N?=j`fZL3#ay zoc~ju$&>)B0#h8_c&k9RZh8o?hWhKI3mmWRH=rb&o6z#6<3QS%YqU3UeF?BY>Nc3D# zjLWUTb8926_|!qLg>&LH&G2o$iyz2opWO>p_0IO@83`-R$7w#)3yFVC49<37I7UuG z^#OhED5!~PZq%9}5+!DO1eWJ0e$}x5n#STyzW-_QIxJSxKCEA-A4?0#EjF=E2ZEqt zAS1ba_=;^4Vu&;hxXk9GIZt?Ri)EusiTu);p!?&I*ZM}Ayq{|KRuxJk!BPgGc zuev3tV*pn_mZIH`bqy!wZRy8bR6kxeGT(;xb8xQlmi+njd5SBJZViAxsIcC=@ykP* z3yMQ4UlVy1DXfZh_hbB?qPztTN=MY@&gX3n2MiT44fFbK@3vZk;rQFTBV{lAsmJn$ z9mA40w=eG?bhvYN_P(rQ3nR_*hJuDN35K|39HQ)TH_gqmXLC|fOUk^;YlCuO!Nque z=!eqp-^TC*85jGyq!FM}7euV(VQyGR)@_-gMIw!2cWYz9HznB@TpIN@=WpA@;9cLS zpf5pvg1uW(&hOuvrf^8aGtv?ln3cV9TKnxFu2bteMx{WPoxz;2IMI&!SXS zk5`W)nf`|i*r6!Jwc7g9EygvmkVpf8Q(^M334S{pr!}Rey#KBMl!DQtl&L#3 z`IFf_Nuaigu<`rjf2Fl&8mVLYKrpdDA4^eT)q0Cf2F_{|fg}nR&{`tMZBMugKO}(6 z1&sskU%^Ak>T!0zHh(%REtJZYk@-oq>J&`dZ{Om$m{5hbz9r-}LT&K3vC%+r3{}8N zBByp&XLM;2_eqY4{kY&}As#qVrKb;1+ghr$s&Z>=(`1ZRGMjLL>qE32tvo_ zsdd?457bh${hv0t(|fSdf;5)uslE1Ou$BdIUY_MQ6W;)(BLkeQ5kK0OI|h^vf763I zN(o1Si(ZiH=xUDvo=zGlQI1^s`>f_&gNy%m;Xx}}T>0w+`XuM=sN(U!r3Q0mTzAb~lxr(68-WLNk68WUV|r%QFqN(mV1O8aCNvx1y2C0r`T zOzVJxy(fJp&n$h3l>DG8iE9B0gDtUn41oN=l&oLYXuL59WEUp$K!}@XBiSgc$(&QfB{B@oRJ#C5Idu{<<8GOFv z8>ZEbFUP&(_{IavMr54BMx>vX&JR0$x_yq9MJ1?--Dzh|#pz%*u(xzv1LyTi8t1-# zf-Xi|JWI+ZOb8wLZKNiN#XdF@e5_|BXj)4(cK)djIXn?YgzRfEq{=jzydM%F*V#~4 z>Q`PznQs=U$n5Jn$#{fXt$b(pI{hN7wycA*2)U1^7FW`Uf=fZapDi{gsADK2RVG+I zd*xF*zZMSl1d>;Auqq$QT;oAT@wm%;&gxzvnD&Xolo{WFX)Li3NSY%?Gob>X)^Xlf zcHUK7slSW$M>JIMEyt^P$_3?vFK zjGJAp<}|yWGOF}z66N1JjqpX**7A?r+={mOL~SYql@|WT@d7Y3u76_Zvqy=yBJvgS zFKzl!hW-!LKm`aFcp*pd3&6EFI%T3C{4S!NjLyEGp>7xi;M{}J$FPZZdlW3#h!Y~ZBE+otUJt@!%e3&H*_gAuC} zzl;sJJ@_I%AJ+s@E2nRlhf-$2koqJxl=?^HNjw_4))=1@ffQe0ca3`%*|>2P$9VgA zY5)h*E%r?F_h5bljBJ>j%-qOv3=-mcw4-4Yvg9%=HD~A4b13NlVwHP!uLGPNZK=+D zC%3x%v3q~!`Pb$bJ-|@n^_1@YKc@n%>cwDYOLH&d$n;<#_Zpt=j%|%aK4xBjy*mo9 z@5i4T_v6=7wsHNz`)oLpE2v@5Qe8`@SSqb8dSC4$MJMFCAO^{>g`^0o$738rgj_j- zZdghUXe-mT`e1vsuPg8l*YkZz2VedaRp07@_^WtTNQR_ z&pdCctLmGK&oteB(z7Q;_28y1{wC38MO>y>eGl;Rb`7Tzx8hGFGvj3g{cXOg^||K` z{`aD-yEF_8iTeX;5|_+ak+z7*j>#AAqzZx&s!o<8Ue&AvlW7A9bJNtYL6Rv44enK0 zs^Zo`5@l$}y282|@ zKuQz?uG}n^(7%xd6!aCQ_cBovi}Z;B^#n9h4i`UzX&Igcv@Ep*nX3lZUI0;jB>)wSI}a7nZtbuMqV~Cl z?bG1}uR;FXfd_pq+4NuCQ(@*X;!mw{#Y2WcJzmBTf1H%?fJkueMmZPu|&E2YmeD8~3U0h{5f6LQAdtcgNnD=-4dg^5dxv z0{J0{^~%&ids>|xQiy80*GJe{b0w+#?MB;_65Wxb%M9*YUV6D58$sNPVnS2lrGYrw zHflWJ>gYrz*VIZL@6!dk$!6w9YoH8>8KuOahph>10RFJDEPpz8WOZN%xtnlOAbEP% zJM7daW_*;{^1CIb1GqB*UEF~&cWGR|^XUnxThCnBdRM}S{w=_~?6-@*-6n^$-+@jq z(5>l_EEJkDiZkp#2ei?FU|egZW%cM zaQne!!`$P!eD%iUMCU|)BI?}Wny%fUd0Dp~($*ktB}EN(lV z7uh01P^6`bz%LjH)*z7Ev7py3Tf4_#$Z`Ell^J&PD_)Fxfv29N0}$~q?A~l_F*>|BWJ0zO zT>!HH7XcoYpjKni<%Nh1eqlVV!>Ve~6$KqD-&a)1XZmrW`gSw$nWH-%gTYHcLKNP< zgH>m!%IM6gsp?oXLSXuJbbj1K(=0rJk=eJaAOE@fah!H{CrTF-Oinw`KW26nqke#m zXy_>JDCMlNkE(zp_GLx&VW)F2{+|l~=iFUx7x?JI8tC)QQ4aAIGjq{I4VQC z*iw-dID_6Q;u^Au&)Rsj;umaO`XyjxUp&vUK6+Kx{)%sXk@5vsGPTl^ zIeY=NwIOXE%)5zOm=Tv;+PWCL>1opL=GywO$dd3?A*XEV{6g{d30VIUMFBy7ZP^=g zz&Ej%I}WRQhw4E@Q%6yh;em|QC3o1(@@`OsVpk99-E8vym^pZt&z%FH)BZR1MIv_u z9~`K}oG;(!%012{P(KM7H$u)Y&E}+Sj_?1&s?3HM>X4k4T(gs$LCs$3 zGB8)`>Xyjri~jX5R}Q|o3RPi#{~){_ATZX~))cCN+JtP7Pv11ujX5nkL~Z?D=F99c z#4TJH!j0Y-!tFmF%9Bvj60Pn-&|PnmV#b7bf?pQQkD|mZ%F-4-KBL5FG5SX{Hf{{P z-gTR0)cpD=5>xDH#k={$m&25M9LGQWp6C@NzqsA?ZdUFb*}Yr*aH7gl%~AG=ucIl3 zroZr&cz1!Fbk>^Cu9={QasW?ppsL-a?=N1d?2Q%OR1eaDwJ`58Mex{t6Wd@xdk;`E z&W+|S zzc+T{Z=oZ0Vta%Zhtw+$^m+98f!!Yu{!Od6b1IS(U{w_Ui&deZLJGSP9ppi+p1TUF z|0QJob5-u!xibS_LcLBYy7t@+p2()v#d5l+_5N&9Y9&=^aV(UK$tn><-*5^@_Wf+? zR0a-}?@75Z9J=a7qnURc*8z*=7^Fs>HBZzOD-IN%llE3(LrwvV_2U~UKEn?VRxyp+ zAl|7lcPT9Y2v|ZM(aymt>h5Io2MPpgwD{b(p1PMY^mGU}u$=byQon8Pe4pn>Z~mHl zm(|kLp>Aut8aPB7`%p1SPib#6&#;mL&6}Duo-tP;;=UL}C+Fmj&`8spszwuQjAtoYI|-eZSb~ z4!QriLD6&(RB4-#zB+?*dH)X~Vi1xZ!&6T(H#@VWI#W{5mCq@5QsW=Se!ZO~{Nbt8 zEeXgAT{Vc`2lwr{UfbNgF^-;n^Z&_&AgUEEssArbxkO4=zo*In^K*TGv*mZ6NcK;( zzz5+DS8ptUN&X@?T8{{TxmnUXif0D%LwTHL%t~#;IHZplguxH00M_YF$(&iWTZ+4p zVPa77c>#Ww#H@XLf2#-~(9~VT8JWC})?`RUSkE{*$O8#Snymt)#kg3F;WwE_G(h~L zBLk78lOBSO>g{X8|WZCx{N!$r!gBc;*yo%yH)(V*==N5wBaq*UbZ@Dgm=2 zFJQZycCaoyqF6H&UJMIg%=0h@a|uy z;Y-`6drgBi-VioNF;IE@qI$?w^{8nD*u{M6ho>#&eM(s^*f+6mQN51(=$3!S_DTgO zWjBg)HCFH7p0@ab1~$OfK|m12(OwnJL3Cxq5Zkmsq~J``ntI_a9WCE3*Dg<_-ZEGr zTKtNrg1~jul}7P>VerSptz!3mL>xn;J3*z}d@S}|QypJ7?ufu?yNrL$Nn&1=`uXHm zXw$o6F0$Hbcl;*3i;2 zuK!6lo%y+yrZHyiVVfSBYyo_sXN>SHdL01tW|22$6GBq=-yXm0eClM!BV7)DyVv2D zn~!5+?k7ApV(aM}bun)Uo= z)AjkjT)M28A-%P@I@sio4v*2Wn-~nbo$^+Lrn>p7S+k(=V51nI(-)_AfkHMZ?v1v& zRx=wB+_&ba|18oT9R_%g__3$yX&RHCY!b4%`pUBpyu7l;%GFO7FV(;93v3sZdEU(_ zC}YHTqw-0^vsSKoX>IHQLCa7zv>gd1(UD~rRZ}Q)Zjl7<#VxO@$9wL3{6$6lkfz4adCwTcTZj_0W zdFo}B>#b)HDfFO$C-+Y!^VA!ysyV!S9iuVc>|uMWqq3!>{&3=mvbj$OChKv-kV0ft zb#*pWU4vi(I_SpX0a*d7{|D+MKppM@c5>>YycxnH2w=)tjE6uYvfbM`AbtYG=-(Oe zo?Kde)V03)U*^-rJ=YEffA9SBcnxs<&EMK15CZ((CF1=r*mg?xxX;9NzjNqm3faF3 zy2M}cBR`ay*}MvSl1tKRSslNq2xbA?Mafj?k{DRSgx{(|e21mY4DquXc>a@>gkDmE z)Z|)tdz@v5n*+z)_zz$^P59TvxFXPA4PQF)3W2v!5cFR5c;Te0m1v{{*hMJEW!+N) z&vuGmj-(wNY&8a&0SM{x#6=2k-YF=axmdT~fHk0gZmMiP$9D3FgvJT|qfJ_8;c*YI zXRQeRIh(1xNLP2Kf{>#+ZB3Buq|1ACG*HA#bWNpwEjf()OsFsS$%IKI5J2!Tv|ZMB zI%4(LN1P4)H^oPdq#*(07n+9Jz~K7!q(BZx@6+2R{1wOf(f9$NF9SFwSIXBVb|zFF z1w^d&!7dch?Pb4SziSV$5urfmh3ZgYTndln3Fu8O;ID*Ee4*rjqW`lN-{>wae1B-gCQ>P2=~ToTb}54xzHRePq?24TmD_iV`@7peG^PXh ztgkc$xup;qv+$V*VW!oVF*=H5UlM~cQY1o= zY}wcBTaj(#6i$}Pp50g@TaztoWbBMcp{!%gHunAZo;v5=bMN$(2R);NCQ95rd5F1d{;u!Sq`ZxZEOh2DMtRc4+LxeK;|jW$S5AWUPJ|G4)4 zXwaf1c{_q!OnORw9%4r({bDECf^zfVWUJL*V5`yH4%Z!%=ZzkW)0!G}$;;?^M(4U% zbTx~0BP-23=i}&@uG!G|fGKIY`*U=>PpbKg8$@3v%E(bZ5kLOrpNza?4t$GwN^c`)g#D)`}TE$PqwC$u= z8DH`$piY$ks=ab>^0(ISP|n55xdP6!i*NglTt@<6*MWH@jV<|wv3%MA}G zZ`)vAf^O}s22O8|z0t7uHOLtEKj_LC|EQrRO|Fmx5dOcs_auO#mtW(3 zfdc!L#J%2Y`la@KuMNs#N*x9tI`tPM5o|vyIhK#o&-7$I9Re=LTbb8SA<`npa-m5F zOF{C@aGCET5dm*%fVg$v!h{D6_%G{WxQX|z__O_qB^lMB3s!Qu-zV?8ck|50W{92Y zcrfU2N&b3GzMFb=w;#V#p^awz9I@ZnSC3%%aXx6VHqxnP|9Z_u+-Kn2Nbyc@C_+1!NGYT zS(Tj!AFL=q+iz`t2hY>g=LZWFk8Ae2YMFK?{113j{3yk9gYQR6XEzH+tD}5U8+yuQ z`vCt7!^U&-YR!wm()0; zH1MouDuuCg%2NH6g-(o1E&?O0Yr+*1$K^}da9%(_*m9NS?!?9iWi;_^bZPRO%8sOt zpH`CYCYZ#9)@A_^-Io{pi|N`XIKT^ydph|G$}aZR- zk1p@m2T!Fp_d)$pF783=Twuflvm_C62w zdHsL0{Ti@qmm2DVW3^NQ+<5d>6o8u$xPdzJwnx*P8jCLlCTMG;!4y>6wS{O~X zZqI|gjh$RUoIZ=8a{#Kiz1b2XZgO(TFi%IYV(pVb+i$H{*|8xo&4@i*wUJ(KJVD+Z zkBC)?_yZ^Armw&k zja^R;3_gq_$*ofwvk(TX#9^l|txFdeR+I=o#WPe-&^k1ldoNsbbf59-2xu~unNO3I z{`lEmnZYBs!NrDQP_Guq1NRQQV=s{}N)}6G+v6kL+^+g|(#7;DFc7nac5+WR@y_El zz9`v$;#2(UiMn-X@bWupp~055+js7sJHey2f4t~GrYmaJ4d-tM-VZRjju-*g+pxZ=5ITSAAv@ZW{)ncu zxz7}MRRC!1`f953zxv?i(cmV3-AMgbK&)Z+3*emD{xE8x3fwJ`N8Ozjs2`kYcojHt zVMv|ocxll=_TB}fu?oy#R4Fi-I?b|ZKOUqWr~_uCfafsk{oBLYZx)4o(K<2SOAZL$ zR~aylG50a9NX<+Gz9-J+eDt(I9-LEi?MW=~iz)+eADFJCo1pK2n@$(}!dxX(FTrdo z1})If<-TNQ-Iw-EE>{iX*cX5gggtl)uW_3msYw7Htf`%>X8`raBtL;u(h%`KC+5(d z%NWi0V|is??}wCB;*C>Fd@*oz>P-)F@>?g-gimG|dg_FuEaox#7b?o6D? zZlC^`9RUjrHKd1&{rYm87GOYlUid=GbAm>k=zNFJq=t11Gu_5o>Ey z!+o2ZVK|~YV`zAP{SqR0u*_*Of_Tkw^5vuyh{;&pZdMJXXR-i>1q9ODCe&RMON=RB2j#)$zdbw8xd9*Rlkqh?b}IlYxWU z3%CP)^tOMOEkbsHwx8eouXE-SD-;txD~C&IG@q&Xb+K_o*7Oi&%jy-2>wD>^of#`$ zZWX}e(GS_E%vkim6ddh49ykZ@M-*66UqCZ3#W9hq!J6Ba)i_7>(6z!g&Oe2Bz`Sn! zSd1?t%HaaQ(W%Zzsjn9L;i_AB`^l%fjM*p^Ecr^{hl#T0QXQsnC=Xui zmg+Eol*+Ctf{m@OUM7mnp`~l>C47z^EueNCfB_9TZ8D|jvKvPXg`=cLR#o-TL-G{= zg=GDM=no$>z1GqDo>9Qc6&!7F$(UD(ov~?qAOF+hcN@0xj`}w6Jwlz6&{7&+oULCs z_BMtOG(*C>h+FTUMbR-ZH-l)HfJ zoM9du{P}>M1rTIghM1+a=%;+W@s)b9A2w+{&{WL=2%t=Sh)lH8LB@bf-}2Z8D8zQ|A4YTQNCv~G!o zO1h(cZ zmu~W_YnxyVrxr}Yw&%)hZ|-;-hez*CF9pj)^Aewl=gPa)mixO~oFk)PCBFdmBl=I^ z$O}NQmLC)XdPu5!&uYZrsJ_s)$sg{`b@154;Q z4Q$wFl+sJ$VqI}6|kyaEfE)?ss{hR}$HN#*=J2UJ#&g2D1;$3%Ua0W+$O<8Xr zz_pv!0(AWoth$Uv3Hy4j_D}B;tlVG$W+`urcLxnUnF%mp9o}E1fca z_fD3&`E_q#?+qyIOKU(DZFo@}k-m+ddu#o^-kd&53blT9G%(L;Rlm(+*9MkAsm1lD z%z{4tAFWJerq~8-5Wa`B=}&$vOcbAp;z)l!F8VTYCGdW63TBjJ48gFhq+plU<-TyJr_612$(41_A*Ohz#He0-UiyBaPMHD)0BtKPr-^C@U8G+V1h!Y$ z)-^?CFX9M0Q7)WS_UTzLQxH9z_uf$90KYVVZ@r9===4Z#Inu!g4wmcVyFaY1`M{tJ z4i$jtWVnRuxgUihCkWlF55rHrg7*8IdwJ0~gi zV&DtmaCJ|BOPKU2+y%DUuHVxGgGvCdMt7bGX*eW^F5g^sw%O`*2~P{0yVkSs!-15I ziY|jY!gYRtIlWV9?LTf$KH7%>qOp{O_ZLKOe!~NJ2K+NM5cX2SeMx{Cfn(ixaziE6 z0>d3mqX$vM@jp8j+?->C<>`KLGci=8gXMyoY^z8#eZPp30Q6Eo2~HmOD=umtauv&W zFpm<1C}P}XM}+DUjujA~OE6iGHBuxCHg^o%`9V`C8-{aGIh6IL>?`)q4E9zQ7lbS7 zY(~!E!vj9oIo6%UC%3TR?|(rQeY#oFXmwVI9T)93*}hC}K|I?9y~WGLY^089vhBw# zuN;P)Lj=tJ=6KDGMw$suzs*t3S0#G|?-nRiM+V|Av2u0hSZvePwKnT_LbsuxTcdvU znaWj_32Bj33V=GX70Y?dY9nwoqvOPg4e87L!jV|}I?*l536V8YmyJ=KQcyMjD8_voEk9F6rcuY(F zVf>yppn}k=2oZ3EElYUly8Zsc%lUfob0fIROs5K3&TO`BWiJ@rpLhEcjCLWx_KE6$ zo+|x5x&!Ix^6<0Z$OG0pBanIF`=I_d2trup1E$V!;hIe|z|S?62aEhRXtv98=7}@Q zJ;pbaV~!*R;17P{ABlMKg5_Sjsu@_<6jSg?_1`nRZc#4odqcKHYWYvzvz_LmVsvyk z6H@(FOGhVw>86X?@quv1`-EIg5W?cVWNey`ZVuXKAzThSNN;>h0_2w3!Q7p+CjT#E zzdCI#;2XdO@W(a3{EJ?V+iriNpb88j7PFW*Tf{o-?XElU{=qPn_2AO_2FNXk)>W2J zDZ1Zi2RGZV89+FeB3Qq-v0NB$%n}%RezP1ar^Ezxi-)m5j%ZuK%|^`19KY_mK*~Zn z=`M(0kG|Q8QyVL`U}rR=y%x_O+XYclIx=_7#N_PADJd1Xa3&GD^&a{!vWNV;2iTFA`}h{d*J-s@7z6ay~)dDp}v)`=LjO`BZMrEGp}`uB7G z0m8lI_jS#k_eS)sMDySUY3SR5A94y0l4>)SBjHt}m|fHnO&F_a{l%MwXt%#I3-$u|Uj+uQ`v0#!ILdcV*bxIC=?gMdjqmtD1y z+CahNfO#>~_=iwYXz_DQ;_*PYujzrM6ZpWt7?;x*V`sU_92uZ3ap$t90k|v{i(gXoWk#Nj_0bi|f0(Z8t_ePJKicrnl>F#AMu25g!u=VTE(YF* z_5UCKN2Si&ro$0q;en@n2}XDT@<9-v_qL4Ek(@VN=52??ovF6$$)-N zc>-@!JT&Y*heH1JCL39_8o)NPeNs!padh1@=4>|^Ee>VSUf8-Rp4hdutC@l>rYgnc z^_fRneX6k97^nrCWoz@TR4(k%oL|n9fSjgdr!HLgUC%*gFF_W{9LnWTgOG^!2-077$7&@JP*N zC1I76Ojkm2%&ynH`7}5~TAHm1H28q$p;9nTXyun|H~mPvgXz4GAAlT?j(WJ`J@yKLu9cn&61&Yai!`lId=rXZ@GMSP2cZ zSU`dO2XMiBH1B^{pLzeWI^Da=Vm8dpmV~TZ`2Hl4Rn;&4@U>FH9a{KArTTvo$?pNh z;PfhR=Wbflve&}fiId30Y?Z(QT5ZYMRP*MbwaZ`|{i$OANo!D3ykrjp?UWw-4<_T! z&;)9x*EF!f0>4|}VX&YSZ?lWU`Yeh3*!{@R=r6D<7QH;GCP@4pHl|jz+ku!M{Sphd zf=`p}S$mG&7)?74r&d^}eXM<+p&Lq@eq!^;kd=k-((`f1&491y7t!Zj*u3&AT_$Jf zgl4C;!s)uRFh$W~L*uM_N3;*2(;1rEn#~84WtB9bUvh(Z>O>r@DjDhoAnYPH93csf zqv9q}pKVNJTw0LNA~!>q`nE#(7`m<81-c`BM2>KnFbME;5srDbxwB7z)>|KX0#uQv zu95x<^tTY0;Z%8OJKe0S8sSY?`9v&bm2N4v#^j2ybNrClfe0B_Px$40N3dO;=pb8h zd-2JoI|YVcBH&Xp#Nd&;55B(DMQtfv8cFb>C_b|1CZdlgKOdU-jWtntpe!G{L27HZ zc2x^!?FjRuz&tGpl2bHOh`P9Aq|j?T8ljG#lB)ec6Y3Wnh>xZK z?nRZoU-O#`2=@VYgQj2wnS7B;;G+2FK4$m0V!9}K4#W{W1QMvGW@P|j<--451OJ$} z`Og#XKY=W-qodwVzB$*SlK{Z5`mt4%q?Wwb9}zZ*S)@S9R8US&{$ zarJ1dd3wAgiN1B#g@ol;w_W)BM5)#GogOcJfkP&I3#ulLX4h5IE5%2ba|BiP)=TpY zju(G{hi2WFR;u;OaySx|3w5@3v{IrKzd=8Bs9-w>?~QE$@?A3CeHB zr!8e%rlGDXJHfBLdiFp1;bqn3NpM#jXX}a6Nl|!pLq#u7po$E$JHLno2oYf0%p1XW z80~U;!%jTjb(dIYdOGIlQfEKM-O3}~h^DKOC3&R(?V8rjmX&O3IS-;e}YQ`MXJZPQ{fp(UX3+k~2%S zJZ#}(TMZW_mszD5EiyaWv(=EZW4$D)0UkL{QCD+f+a%}HhjkiCGU7*G&In4~v3Ykd zq@T1urfYBB;v#Ve{0;+-f`wioL{s^}^BRnO`6<%$4X3N3oR>5DrcK>iqc% z%duo_qq00Dr9!b^qccnM2$hzv?Y!289P}|M^A&?HKD7<#=yNEYp0kl4E<1mPA{{uIKEGNL@Onm{?7_ohPbpF}|a*Z%yES(nLz zEdk9qXQkZPYyBCn1}{E#)u|whcg&@UXUgPbs~q77&58_{KTs`@kr4_GwjudJEJIuTM>;|3N4KBc(Xiw)+!m z{wGpHGyljS`n$(zG_N-O5YLUUX9$Ae+#7VUZOS8ZIdRUWx||1Ooe2Z?m2G!w0L;6w z*LPVrU+dtrc|^20h2K}epj?;gZH z6|VWb*kAI!-vyMlqIat6sn%N`=QL4y((|pS4c%h*3*I-v->`OqqCPe4JDY31ETxMaZztCm8$?KT`UWv&TP@%FQkHN2H+K4WzuJ5C|%nirN z86GOHlx1UB39uzwO^=SV74*@^a;fr*MM2!Z@(I}W~iYE+i3XTeKW$e>8ogo4>uO(YYVYt{=%vrXb%;I z&5>~!kU-cWq(&fx2v}u-Zt>;qwK-mo+1}+H5cDSu>g-DjVK!7lrA1GM3gtb6@aD}A z5Chi^KZr2bMhI{6voyt^*2a(%WFQJynS072ypD@22eH5#nruY|fF$&{$BKw70$o6? zB0{b=HXh?!Sq0Es&cot;bPgX4X(2xtZ|SK-ZUA~c?@W@}VYP<|;G>VV1KrMgoi~8s zIpN~fP4fH8h~cJqaqI14orP7D->U$=>^C9d(iD#5FRa;q71T#S=D>G({2U7couq+s zTVK}0K#IgY&O;DHFYp>lVd{4LP02wD22M0QAMf$j5LCY zs{ixprn+VoL54D*COEHbeltM5>cLg~)JoOw<;tdt5oz;{+(}m{RCu_*;O^e}i7#)g z+dwL<5HP3`s5l|#D_Y9{TO0eYm2W{_Wn)7>NE!a7*ypt}=>>Ub)xnN<7Eq1-MkT}| zCaWi3+W8=r&bZkR>@;&nfaXLR{G$K@?rQ@=en^8afRk(W7v98?2!=z-DS-(Xx97VCLfXB;q>T=)#Met zvWilLc4*!J<~}yX=+Vt4h>jA!c&w;%9G_6|VAhS(@(y%G@i%L!Tu5!1*eQD4X1sOs zGIsz~jv@b=jypL1)}yVkQx~A#RKh|2VfOLNi3bc1Xv z?U>zVB5GqTxC5~&Ivekm$R^k^ZMQ0-&yHin!o;8j@!4$UjKBE=N zHyCHtvx=DDQpEMLJ*6nk+;VErM%tHb@jgHYunqPg9WHTf{PX7a`1YJ{7~kz?ki0D? zVD*sUQ~a&K8F6MI!}E$y7?+D;R{~13vecHjai@NTrn1eqBX*Y+{cY$z)8>UV?6!nj zWO2y160cdzLU(hh&;B+ae>tXhYcj!4LIPiMDr;QMdwsPife+jL-VK2#w9rVKo}N0) zUCKtoWH`y$et$%2<*HUJX@Gz@k4RN-^;i;Y7}xwl`&gs^8N+J$pxn>-zp6eAAa{Uj z{G|mcZHucAU~D!)bcD>z9~%=Aq*FQx)@gYBF?m@?6FtN6PJ%;^SY;FRw{<*pJ!!VE zK*O942DG1XaH{HFiwZ$xUrnl7;Kvp2k2tsrfHWIWNcE9E4R>Oh70DZ)l!t};6!HO9 zBYU9tC1`C=nffj0^5IkWI8c&SEqs6tjcm8wNjrWi#V0Z097{U6Ep{jJ9N_Z9S@+w{ zwNRA-cp$)^8F?QE2$P7p5wjQ62x-J8A5AdShb|RQbHz?WG|xr15dVlLYy+YCY9Jpv zzU?^DM;*|h*>I4ds*nH_)LnqdD$fB@jh>7^ACU{SU;zLQ#|{fVTVAODwzW3~P(5yp zb><`mnH~TO!q&EgDKV_JWNty^&^v~(`i*btPykEX$Q|NwgfUgD zjvd#LW1=LuGVTS={xaA=FHGczK5jcbh}45~nzXmN$MCq-CY#AdnMF06c;3O!Ct^mH zHM;!;pZs|QM|L5pPL!s*&VJxavAME;yT~oCw)>sPR5AZ&BkbDKZ=oU|-UhN#-45Yx z70n)@c0dH?lgRoC{|x8>3(TjB8bPpe&}0L9Lwcb1=?!Mey^sL-f@lnICSDC%e|lRP zEH<{rR}BL|^$aq18KZzQumjfB98;4iI6d;U{&+(=mG|5B3$?=lqOic%V0woOc>%%rmFj{noyg##E;n^QUl26jc!b zxaix!&=EjYn|K;314=HDwMg_Sd^>7UuuHLG=LadsQsdq8F+kc`Nz{hx=~FNe0Pc@z zZ&vlY---p%!KPjZ^|=P0-tE`c>?zf__b<#Pr!1yXFkintZ&AI}?7zSF8c@t5J9f5D zAJ>oc0@7O*46+Y^OrqvCQWimOavpr2*vgD#gz}<3dAS3iQ5B5oQlq-e_jdac6rj{U z|HBtx;L*)o92}2)0Mi@qU zNfCTDqyZ5DR47wGfI$ch(w?iRIX5$6`ei#wF^F6%vs|qllqpEP&dUlIm@OT(=mXci zs;pW~Sd?hx9U3t=#ERY&S9olunvaaCVAo;uSv%Q1wRdC0)Yt4OVgMW}kmeHFSt_TW zy(b;h+qdTF8}sVvjEL^7JL4lR^8zlb$0Hp$61I|P#&#iRRs=5Dbk{*GW?f|kS#XrD zh8ee{{YTya5%>2e515A3dj!qF`b)s}4$#yef*eCFhPMPtnsCcw_6(bA3Y|xtKgYZ7}Cu`Do}eFqKXy9_VW3q*0HWY-;i- z5b1mi1ooZO*`jqoF)f<*l97Wiw9IseWpWZC!jHRMAcDUgXjs6Z25bqoGbVcA|6h3U zn4K6Drnk*Z#q2)@Y|aS({%J*w{RFsgySK;CMu*gg^*=1R4ay-nFVJdF?oM1bBPo29 zaMwPR(;nCj9smx(k<#gFP=H(fC!d)wa%YqrlislH982F$roz2r@4)pE;~58BIYTL} zr$HRs*O?PsV%+g;0UeU5ZjKcr@`%48JIviNI+${0J#b_++kuGP|2CQpg3bvLg-?GS zdcmNa?nlJtkNniHgwzrcw90pwN{8_GX#+vg<*>gSL-h{<)R1WYQljz=r-EZGqlP(g ze{Xy#q}~$#zZ+lDO4Qeiq{Ht{i}v&?2_)Ue6Uyb4go0Z{J+|R=y%QJ=MUUpbPiusa zp}FJl>tWGX6Yg24biQc)Aos1Q#JwAnbq+Wzv!;bK{`%zq{|l=bfzgy00T?VGCel)v zY?3V#T<%ht7kE9tHF0)WYcA( zjt#Fo&a+2_cgv$RRtM9+BDi7xe-921V64!imIWh|9SPpu`W3F0@~+ykq3Avjf@pe- zhhJ6rd}v9Zu0AuY>SnS7dqk!G&fu^t*0Ps>zE4U&d0s!+7rnjy{Y}?;>I>GF+_P^Y zx|WaCE}I_@^c~PCohN)$cde&mxdzl&a#FXM1f(&3O>EZ9qd};Jh-3XNnD8K>*A0Fh zG=n4>3Gh=m9jKi^9PZr;uFD@-R3mwA$mTnM*?1AUI$CG2PLuZFvngzt*#WxzBK+x{ zLZiEIK==CF&)UGvibMf*GIlA%!5Zl#P^psW z@ULU58`+1Vi>(TU*EGEj2D4jABF6Wo7no9fXU$LDBTy@c{%&9ph>!nq3{iQ3?s~;5 z?EeE`y!G1&^=IqzgWfre-Ll|$pGb7;T;{$OAxpU?J(vGxqE|~}4X+tcWG}zcF7C^w z^z9x;-TCfKAkE(q z)3{I}klqOY{yLYq$cu5v7A^{ROJZ)hTb*%rzV=|>m3l9kr($iV9n0$%6)(MfE06+U z2p!u2LT>+6wXvH|*1MIbQ(xC<(N)-66GUD@-V?4W!?lvidT+po0wI_ab#kDxX)ysk?7=kt88?BoVnx!-kdIY$NV z5alhIlM3dML~5On?$>e`^NQ`+yr+ZLQf`K?D40qU(E#PkG$)30>foQQJKIyP*}H1g z*l>#^aX9-?{Td6Eb3(&bN=kTPKSn|%jDXit);;0v_6NA}ud-%37CBYxPY;?SwdA9` ziM7HAHA7)vVqqkHr}M@2*G+AmNxZ5-H2k~kJG}X^ygY@`bo}zq7KecCl=K8ZOn<)x z?XOrA3~>zj9{&dS<8|2*a@HB~`9a6U{%b*SPg>~cF~~1A^rfINw%?A% zz0`*E9+fb2#<7CTEKke4nY$Dn*9c2bM;>Kxr^9@tPn`gcp}DuT7i~|QoZS3U;buL| zGe(1^`2s2jl2C%G-Vl5v4K2`_M!S-(vUu$go|f30!EB$$JICtcbO+QOf$w87LLng} z%*aF#@5e{nraBDjYf2fU)VxX1V9S%zFI(icTP{iis??)}X6mTJq0o|3<$)BcLng-q#Ga{O;5_EH(8 zA2Hv5Wc>d~9rFyn2Cl3Mzb#gSsyC)M)j#h^;KpS|;B$_+nVS#Y1JjH|OlSe!s^~q| zYr#6D(0yDWL<#aM_cOL%7(J_&n@;=6Da9NQ>VjMi&*M5Fb>s>iBlNC^{*f_Semz*X zSbDTM?Fl_v#Smh%4%bEeQ<^B8rn`$;s^B208$`1rymJv%SsYq7A$$R;So`pXWn2zc zQ;FPTBta8H3NgY;*D-exp2iV=kph#|f&fj^M5y`9ahqzRu3oxLS~Hq#ti@_E(nj?iE~ySX$)0t$*K$?#8SCNS zIo-wApi7a*sy_2YQ-p=ewF6 zCNcC%EAgxZrjA#S6K@4!(oxgATq4CZ;8Z{^wJo;@;yADoj;SK#cu6QugEP2cdAdwW z+e&`^G8DY`D&P9HziF2^RcH6Ob>g@Ek2O4!MM)3sxe-xm!lcXIkmiA54&`hLm&U}C zMU@4wD(QcdhUOR3Zc0vGPfM9i?+G*Kj^o&f8Mk;>dSYVc!KcG^B-PB%y2iS3kgP$ffq(f38^SqV}of7jnSjL`2m``T^qBW#owH zo??n9g|#_ChfCOj_8V=HG$;GCIYuk|KEySE68bBQGm?M%c}XMwz?OyFe7f>8yxdA# za%<8Pw+Z@my!=4}9>_D3HRq@DW{Xxw%umDAl@#J2Q5;d3pVN zw6KnQPL*?mJo(u>Yl~D@pQw_DPhD=konnlCJL$Fs%%tEf-rPYrQ2GA9o1aQel>sQ* z&vK2WqoDoiZ|Kda1UVzEYd{&qm`hmXh3#R;dx+5|8h@PG25+XYWIYYY6F_!kUibg9S z5@!P8;kJ#(&^){DgA>ChkSe0+>}l`iGN{qVlrZI}akTarl|l_$U_>S8APIZdL~Ne! z$w#N@_qL~(zrZu-ilAY(Fk%`;KZikzZi!ai_5_@u#6axzDPhW%d-;HZ*Npd}X(z!> zW+So2CgNV2bzzZC?j)y1^V8DV)%kNd?vR3YVdrF4n~}}NY(a?Yc9=usIpNj7%dQZS zDViOU0-LL%H>qulF5?_x_vRx*=!=l9Vv=IPdBpdu8-T=U`VT+@fOr40prI^Xk$kYf z=v}e!;cCf^xnJUEgvPLJ&EHEe`kUwaY)5-%?~ZAq@-*>G)F1hGgW>**x`y*t080N2 zp&1yXI1pUFT$vOvVzf?jfatUq9U7xmW4n3ew?j)eb+V-)oV2$B9yMCXh~{K>pK5OL z!=BsGwSGud?uFxt8TN)O#E)I<5hW0nugXZJ6&iOOi4_^^MO+ z&NdA;-tWuVs*9AE-XE%Taai7yBHpR~9#JOEiLg$h=nHd}$#Q^R1?$uQm{9U>-7)s~ zuw)P8UFGlv8JQJDUzeOAv&7zVyC>~C-AQ+b-`SBo>y%yvr2Eo{kqxkJ1kR=2h7Iol)Kc+wnkX>2LCt_^&N!A= zyR)B^g}>u5;ZX2K-qw3)+>*jqXr%vTXdX=~S#v{fn6+Y1w@Xk`m9x3(iYstdXo<@y;5kh1b;0mBed|Mn>rNtJLv$qq#t_J^2< zfc+Z?BNZ^fZd8`mKy}?Mfc&4K@$P_gfPS!J+>Y^1x*e2htPNX4#jwhHgW5pW)z`G6 z8Lp>S%EKi(Md^xF$dZ%nz}aXA`nn#lsxrD~xD*(8EWxj;11if6BnbHme*h(j)D})w zz`hg%_C=ksbM5l5zjNR7sE;VW&2L{DY9eEt1S97Mo3iT8zuX>sHO0~zWW0B$=D>JT zM%fWyvW)cE^4;}oU#Si(fJ=iqL|_x=o)3or*% zZzCvcogVR~O0cPn;mSqee@u>n18(t1NE(`1P~V~xwr55vb|qgg46G5}$X{d1;mKEDv^unpqkEcz$h+6Hl-Z@p@t`uxEQ7?H2ef_Q z6n__ZPKg~I3>JW^z7g8_+bPdjer*_NhCI2=`2_Gq1`?>pH6ZwiJ690pQ)DDr?hp~K zfBxM!SyA@aL#|c!U+*Ql&ut{<8_gwm4R=jryCTxKjr;v_&r^9<_Q3ImN5PgMH($cb z=7X;9k_C;Y3S)*WQhR?`YrCa)>8RGYPUFDWfG8o=8y~q1^S^ujLS%%S50F>r9767{ zMJCkVhVcSko~R6a_yW8%1K?Nh>>{{NUkknA(O2IAh*gLM)x<4i#Eg{fc3CMrj4t0Y z=<>*eJ2Jis?4mBr-cb(ja1d-Z^2Cx6eVlFfFQky2<+ z)(ZqDkaITB<@*99mv^2!+D$n)oo`{eB-5)(0HSY7c;xn#+6B6Hd0 zYqpkZb z^S5BPqm)xa-#lNU1%`crpB6yTH<;X)FuFN# zvy4o9_Xa8vWSK>N{An>8M5z+{J8QSL`QytbPvrJlE0L~QP6-lQ9Pje91#iXMbxx&N zyLS_rk<9dgT6a9CPO{s;N4&RHK0D$^HN5cxyR*X?`YFDjwCRlmt@yM~Lv6NwLy#1a zp*zWI8h7!M6G(Q_^$;ohWy|EeS6bFefZiWgoWRINF=K`XO2yX7@Tntj|McU;g1n~{ zuxNe?IXY4#Pu;Vf2t0UU4z{=Q`lUU=-c8}_L%YBlP24OrW=8IoVI3=}Nm+j(!cNDK zK`o`Ug9_U7Fz`Nae7zjDCb?Xc zrea9*M}#!w*0c}C?V?C~70Z3`MuA?>fxvDeALZ8Ib|&u=X|M9`U}nnl&|di?yQJD! zF?OxFBF?T8mXWPF#E1s#RSNxDjSmEJu&Q!JL3{iOHFLqxt>dCAfRs-z;`3)sTC86e z&h=X7k~PpXXAkh6uT;#Jp@qdl9YDoTk0FjXwta}mOu1;~Sb+kDn2ni_#Nj!C zCXn{^hbJCTUm&{Ur{d3dZ*ljrE}-8zE&oI7@y{5!{&}MeC^mJA80q+?d!e?QPb4wr zU_y3lIzcUIv8HXBOD9d~^ndYl{mIPzX!JSjHULaEdhX9a;de#RYzW}se)BG}$@etF5KpMlV6ZD~AL3z_LQCKQ=Cb7m?n|_0 zz7XtRH9)5Fh&_WBa1(zjczq10o&DWMey*A4KUq753(zt5iC6D0KTdFY*1YeDES(3w zfEo^nR9RwYg&HGA`Iq#o4AKC(ei~6o?Dm*l(F>R;CUVa0;h^xP!7Y-UU?6?WY%fe| ztT#J<|C!0IZtv7)l;T{c%;NVp7sf2EQP|-x>b{2Kc6u>B1-CMPH+(pgSyMHsIoO3B zl<3dD0|0I+d}-U8^BmUZFhE$w-EqrR2h4(OqQ^k$JZ;Iaa|4s>`(JoByDC#kaFbLC z-9emLwtA9J%@=iJ5{$|=00FZ%6B6zIj2e4_xirm#ctvx^!JZfMEXDj*vgb?Gy6v}% z^k^ZFP?N&DT4KBt;L4uj(fTH7&)z)A;k)_WwW5@j>t)3mK0|zXuY+O^2P_%*?VkTB zN@re*`)|}GO{(q8f2v9uf^Yw+ZPe=&rINY~WnA=KSyaxP*$9j2HU(-QstHzQA@9Yp8rk{T~7%QIl`HB|EPduVqe}TfUP#F+pmXBl{0qr{>O5mlPvw zXtb{`HNy{dfd4dTnVQEWf=x!^ml9ZxeXjzMiiYqSP*E*EDrkwg3?{7@dLVrL&mL0h zL(ut%+aR5r>;1;JZOv%<_H!uN_NX%Wf(Ch6(HDmqVdXYpQ((-H`Cil@8+_*f z@u9R3`)Bod_KWvCt3y9q9ujpyJ)Ay+xVv@cvWev2Gz$i*)N&$)G?bxoq5@pFG60m0 zu@2?n!R$2i&3DVX$qw`aPQ%~F-IaqvJ5AmsjDubhO7}@+;jJ`8FkSOmmQ_0J=467? zy1tYUHqIQ98=^6sM&o>=GY0{&I*r|;vNY_?OlVzR$%oykmC};ZCXM2ji{<0+;UJDk z-HC8Xl-I=b8d*`uioMgP{CL^jrG{Ize!eOG^9eu-`k8oH#vx0Xrk4<38Fh#C#t;aI z=ME_q3*8ssn#COqrz%%&x+=MIBdD8JJq zk>j_LkJW#NI@8_;EXmv;!ah?j3MLuJf)l{5Ej1uE^qYmTi5`?t9;~GFuMcc^9&iM5 z6lFL}1R18LS+>P+=9Gl_rFY;=C}A~#W!v(_Qou0gU8g>r`n;>oC0xTlRbizW1(o7? zsh2HpV+|M@pZ%88#TPHF8UWy}nsXI@_l&$ROqZACYo*7Ei{2vW^mG#Tf7VTE-d!H0 zMg$N^rAx|m*h{{OUUJq_LOaqCQuOmvhN(jS&Z&1dCpSAA|4n!lyzE;$C_hlRq_cUm zHCtZn&L93%$Wqc{K+RupYv@QOo5j!5*N*`NOgYJ_6~ArT>tpgr-{(fM!iI z=QSWa*vMm*y9nA<9{|AX#GfV$dA0^23dXF3`fM zWx-<(p#zpt{M?Q-Zz0!He?3Y7-V4tAv?ov5q%-KYyRhA6O3mc7e7H7C_JCwaV~)Pa zMd1oU{U&v%%`F5(m`8re$Ot2%{Hywv)n++-S4l?lnlY5#%=tR~aHu_*6>wC6MzaLF z{?4gm<*hjekCU*LV|?0K^Ef?;A_NooGI5m^r$vCgx-C4yoDGtIW@+0=*J^1#(~t?z zD+zi#5q=|^b@v~)e&_C=h{wPxhe7rVCWsJyA8ZfsO<3v+tvYGxOb47j1dUCp5}_nY zrUvre1oxcP~x^eoo{iL~Pf&c3vFo!BBFh)+d+# zJw9WPPr=fD>5&Fm_-pp{sWbfK!2_kP^;dzq;OYZj&(MEg3e!Os9fEp*MIF7R%nzlf zxsO$bSc0Txxhscwpqex+j|B9aUQrTFe|nOC62N-@(7tkmC_`&982YZFnFFVdufgnny3Gr zwq07tBNr-S)hI@UxQegAh`fbrruArY4pD-+vFBKOo%JV@%4um%EeDaFSl1()Upk}C zpsNpgLDM7sDc2700lU-MXCdzHu8yUj5QCVNHb)G77+j$dN_J@3~>Hhpxz@0OGF zPH{z#)31WhqlhlY}*W{Ib!?LXg{? z#AuPVe+-npUKG)1+rwI7g*1Y}s#lwP+JhLQ-;@A$W`%u)>S#vuuW|0plSJiFB zQ=|AUHN&B2 zCs$}=Cg33L^O#3OiRm|NQWyD@{XQ!vP-B9#kT#i!X5J|nF3~MuoL`&ADe=y#j6*tO zCGP7g%iaw~DVP)@UI>VvbHbVTMbZX>6)~WLR+CMY|3@Z-;bQA0W4|*8``Lm`KsBkq zKkR?RU-*V9QNDJoHGh0g7$ZKnxt=EsaBqW6Z(Ake6eY#~6#Qm&c;P&{W_wp_Yq6Fg zD2LMUpvLK7TDB;#59{5{1rL8XFR$nKLJH%C8EJKe)ynpX#;KsP8xax_1c4! zeh|6&Sl&7huBGma!E8J{B6(-yO@w?2x%b0};iVa8hc73Qfy_P^Qg+3&^ZS?MBW@Q} zu%E4KCLT|OM0{#G*Q?qSyGTEVieYHm<`=3%|NiS;lO*FTS|qrhXdY( zhJxG$70ldWZJdAyE*@)S!mS?=2T{V7s7KHU(3zye?&8#N=Z|WSo=bgxvlFXl!i_yy z-D@dR#3FU1D8si=@q}}{7|yu#M8YvbBQNtqnh63EkTb9>F{xz=)g^A)WXchscOecE zMPb_nHW9cF52iS`%dd`qup73T$w<7)K+IsuhsMpEkT}W^mtPm@YQuw?h;dzo&C@5o zN!qrd6~i0QTq5?%pG?bhr(9E!oa*j){O0stt!SNF6OK?3 za**oh{>i8n6^p^%@g7_RYTV@{|4dQ}sGxkM!>6TJN zqrksWkC&A0t?kSu#TW)97WPJ{Cs8_mzo!e~lk3p8Xl3JT5@Q5$w{KblhF&)>1wBtX zbo6R!?NYR+6}5b%@6{$MYCS;BFTS9iEoQD>C#K6S->J>rH{qa6$Y(09apXJ6_GpYN5qMIP!VU)GGG?n!;E(TQBES+9aq)?dbax(JSNP`>)wg;$Z z$if9eWUX55I7710X75cMvgQtgxSgots%Kn5r<{C;FgeCGo^%y6yei9@)IzDSe3hQ7 z!T4e6GP(uo)?b;IbMjCJY%3oUi6b(&0DW-w151u*di-8t(+S_7Q=gN9f9u(y_gVN6 z`g>TtP25fSolkeS_Vy!iJbT_ibJH)_I#Y#hP%x|0$NH zUqwEE1*F%$gq-jX-oSKTtmgVLQIJOyt_uoo!J%Okj${=f^`fwKMP?|~gc&k~$w)8g z!{_?RlK5>?Mi+oH@_O<_J`pF94x&fFMb|e&W@8YxV z`;*!D?$93vu_FFnS%4>f{3{j*|B)B{7Rlj{oU@n(DK%Q3md9FhUPKp1NaAHlZ(f0X z&QCbBS}3&9yxFGK)_{_AOE*sDT)A|nHDr{ha*NeRbw6Kk|4R6k0lh5ngUFEsPZoowKVWK@5O)CygawfWG2yJB%FvS3th zFJC!MYY6j8TS^~N`!zKe9>Je4%CyqocUt=++ud`~hoFnoQhW3iZ*x0Sob+d{$wePdtP#b-4LoB$wz1G_;;F+9<){BCuZU7d* ze|l5L`{EYZWuh#QlBJfVe-`Ya7e#z~KS{VJa781H2HO=kowaoDtHH4wl_ZD1jJ$;M zExygm%wvH@i|&L>PR2)3naDYnm+}b+hgTUX{MJ3}E}9orX=Q<+=wdqM^Bas#|IZJb zBGUIu5ZOT1RRX67b)RU`<%9Slm_EsnbtzHZf%D+?e)fC)ClNzpbV&u}2@XDOuHRj) zCYr*A>5{~(G$+1OMSod-Maz>RHp2(k)5B0HteA5~jVi-~Q#yr$uiG*!>*=;FJ1;K+ z_SlNUdL{)|_$(byPWW1X;E>r9(ZLa>DeBy~vAfyzLVGLa>qBCr%7YlRy7eg2gj|{H z%itD%O^69X@sALBA}nRA@I^(%Q=e9v zf3jl#d<5-`%C)*9>Q{TiUEyHlE(S z)#F{RVTlLsm7W$!KRm}VV+tHp`>vc0U82Z^rYH6HC)3O4zZS(j8N)E4B8#}HtG;`| z{QvY|K`rI?8%9RY0QDKK6A-7qI#f03`HzCj|FHal?KWt~xc}a(*enVsF$h=q$`d{( z@s%=y8=40#)vkKFm`1&QHbK*b@&@UoWn((Oahk8UKoQxqPlKfIW~x z3}loyi;RF%!`}g#;1>}Z{S6_&D>AmQj>y(azjj183Bw7*<~2YFeP7i!#(Gt~IRk!e zHeX35{jJjAND`^cNE51fiSl&m)Rj}OAgMH>4g=Oq*m4u)OaiDXIgDCl;GphC(0mQb z6=~%`V9dZelvfqOLDnEV?v0UN38ta(M+j2@ymgz{?bwcS8(OG@YLt@d6GD6sfu>*z z-H%=AbV|PYmpYD*pLm)kc=A(&=vAo}^jVLWTThOpGnU8Kw)=mB%;dS^m$`i~>vtwrK)%xpq3$h*NTBRtu*Fk@kKi4n zaVbu4U(S*u>BKsZTCf^KpUj4@6+LqFL5vc)ez9fQ1vuWF|za;6cxh4#SiU@3zdFs{$v@?32PC6)N72;v;Er zwpX(CAVa=lpJ??16HB^Qgv&Zx&O!|>SvIPrPjyDx=p60lN?o9h*kTR@)LSjN(KH5&}y@VnFp7O7fOU(* z&^_q%{2oy-CG6PFAn}BbYS9fh7p(x;ZH)&~9JZQ=kUWUkfhCI@-fZhZKW)!E?4fHD*);BXq%?6+^0uC1+ zkitP}PHYJ%?s*i%@1MREj$<{8$Y&yaQowU{gpOkwc6YSuktr!Jofi5X^fh zUf#k8f2Tle9SCXz_znhw{-lo2w_Q`;?F$d8&lEwR)5T6NDfET z0IG)9dS>ndDf-Js^OKFqDlht;4qWnK^OgK-)fsE?0Xqs^iIOK(uqBTK)b{PhAH=^2 zoD;v?k}ThV!63oKsEg(ldnW^elKYzFbMT(fuB-G?k@Gz5SI^qcp5)#9JqRIFF~W3r z25f1$F=kw0xzz{X8>(0h7AELOjNAfl`|qAW5I`(Iwmu>eFuQ&P3hmyR4F)dT_9wPQ zwGg_<-#*Yo-iY7iTOQ|HHqhb(;sDQ&En{25FcT^w3#$F znq*mxiAF(Dj)(Z}3LrS60&RlFfPS8m)i-XH_$iSrVVlpUa)Owf7efXh?>BC09r=Ye z%@XmFcAs}v3ptp*44DAVp7!gMzvllM3V_R62PkSCoI6MvUDHO5qp_pZn zU%W$7CQW+M;YQ??&Uw^BGJThFHcBL3XNUHr9qY3j!D_1%C$wuKve2!V^bsk(URqy5 ztGC0tK%Kh87J%3*Oh6Fu_c@O$=p`7=q7S5&9-Evl)&W({3S}y?%=t3&Z+v);xWtAd zmx3&?jd$0`j)iLTLpOLSpXY2XN z11MNZ7V+tFKu5zGXyPiRPW6$pO^^WymJR@A(2vyT5#*$%F?YiR#I& zRjuWaj)bSnmx4G0NpltotWQgj)7oHm93)V9+z!cWc%3{*@w^nVJYg(@iVS-mbqxBQ ze)8uK3X*oB8@?YJ&h30Y`(&AeosR3Nlhza@fQwSx1Z=}=Cf5WA)a7M}DSW%773G>7 ztQ=%3EI6jGCg5`xl17w03HV>#@al)yeD>SxyZcJeTJ2Sk^E5m9wfGuASSsO(IZ?bC zN^7yVnt7-QDx#dz%zSczCZnU)&WB4h73Gs(n-_G?#Sn(jo?PTScZW!u&~4SoMrXdB#s8-g zC|*hPk6v%SKydyu(K#F_V0&GProGsfsaAW-?qg_HKVdHsyC_NCWuM1h(;06~q_e=W z7a~ZaPvl5@kyQE-2LUxii-_($ar?OfAjNK4)I0yBR?+ElfJ8FV68EcB!gwrN4I^R|EG^WefgMn7~{$?cRa+1_dXswnH zKcJg1fAu{OSxe!p{p7mJs@Y!${2jfho%?hIeLi-3JyOfRf}YL~$1~3|1<%rCexQ)D zwMyeBh~u}yFx;e`^({`JBwuBP0>@2zAlbDAi4^Z)lG*gCc-Ej!5{*919Z9|{6>mqW zUyFUPhuziV+f(=}48WX#c#@D6aF+kQjl_Wi?^ScU*vbVCVfGdWQGWPk5qb4G>|aN=b6v# zR7+o!SV1I9ElP_(r1s`!s1boQVM48XEAQK=^4bT|%-vU{o8K8Fv)_!sgaX9`v#W1N z#Cd)qCc>Z~GSj$_<}Z4ShC4h2vBd;WM@Ys=J`*9bNW0HbghPC|(MHz_ADD0Xg^Npb z<79|M4bz0tx8)lk)kG+GwLvl~I+g6mcXIJAH2`Pw1YNs}GQVv`@N)3IjP6ZNv@G$c zIqN9Fa1kkiN=Q#TAHifpiuEOHHu&tro4dTHT7s15ieaVrjL4urBCg0IHuQZ z=e)Aj>0)hIJZ~e(n5eKwv`>G3#u|a?Xp0!US$NH?NO%Dz9lynZgv+G?rT2rJ?#EM( ziK@}?oo7)9Or`Ox#7UcIhF8>{3;SJ-nnd-S8j&p_BIv?-pMrDU zga-#?AJZs!uXaC?l#5mKx2}C2Rr^SqYbD6F(Kk+7x^T^wZ^g4Ch>lLJBM^ZiSD6=_EI1OsJq1& zMS}o*gpxMMtf4~+MI7K%Ahp)t`L@B>B0nLMRBw(Y$Fa-UW+X(6%U zt}yE$e-?l4o^-fR5kmlri3JDmr>+RICvM4Hqr>TRJ@sa-eK!OhJZA{5y>F8mxTxEh z)n@-LHPz(h=Kz+m5f#Si@5@vU8waQ9z1ab>n zsCVsK)uKg2jzo*+L#+W;1@gH-`3Q8hlF1ubxvh;_^4}>)OsMD{g0qUP`Kz7$2X4z* zH$df3da9de^zJgI9N=xC9iMDFWtLNXjlTI8{i$E#hpnlt#_W?LL?_eMRfz+YDbNmk zy$Dv5x}B8P&&Yo*<6sfNuN(hbu7jO_OHc5f2+!mA6#h=EkDH=qZDsAHE3|&?S4FZY znu$lBq2RhJYKUk(XKb6RVmy2q9bFW8unKulkbuE>n!@t$fp?saHmn%zbG2vuPGwM{ z{=&$PtTo^GRDX~SJfAmihUN?dU1IRz+{@0uLLLDUgIhLOVcICKug^=={jW3wD$PFs zXKi_XD$TYvZ4!7-^4P9~iQd=; zir^N6BuoRUFhd+mizAaZJ+<0*PIT&)!yH5=~&u0nOlGbiwH|JfSM$d0+R zqXn79(%yrl8R-%7k6ja+AFO{lBvwwIk+VMJRURC3iC|a6-E&W%;CWkt-b!H*G_FfK zX-zu`4(CdpgTq$rhqhK14$8TzlfJB*J*n7@ag_)uW~)YBDFLdR9Uh;ns#)m%g0Igp zi&BFxn~dJjE@#fWzU)w_wCOF6>cJFty1g&tnuOY;hL}TaP`Q|h*J*rftY+FOC?$&b zU1qvtsqp)WIp`mY7fg$(AVXUge`u2CKCPnQ#Ar2P{1F7TtKv?AWhaDQWfArH7DVct zc3PX&T;#5BA1j@+wWYaTVwkO7{i2PnAKQXrne(F7A_Rut1*crXOcLWcii_P1B0>~)Uw_# z;W=E4csxeD75=1wqXl2$n;3NX7RT>R4?lRh2-z_VntHx^Vd(w*>imMzb;#zDdG7(= zNRHjJ5;P|2JY=Lg->VF**tT2xRUk`o{6}Tfqv(*yFJ8EY_d`7W_x+i8rd$UxU#S94 zUo{BYy(qE%5Y;Qe#Jc{(gzHZ?2@I1E;dUPkDKwE=cwgt9_Z!&f3sL1>yN4}O!l)=^ zTb?ilsCUVQoEsMiKq~yiC|R^+QalUmZtRR9weM(JLEM-gh4Til+M5YJ8D}d|PU5J9 zv+73GEVrX`Bi}HY07Ex)s=yR?YXZWx>((+WO7P5KH}EcUF6URbuGScqn$-Fq+SNMz~vR;R6Dt?hZTnR3LOye-NdB$))J#9Y;0 z8qOkKplrK_6uu=nSsltAiI;e)#UB*+dK%3MDr^7y@ew<(>_!)EB(XE!KyU`@$HWo7 zbv+?;SW_=Fp7wyYwCq=6q|9pHU=e=pmjVJ`S>13oh0ZPSgnNkxN9or`D@>TpKU9Bg z&IrxT*v{Wl`Ogz{l2kk-C8ttL%es)LOglf{H&}OellCzX*AoJ z(l&bxNq_pqa&iamYzuqv)rpq5=3M-tQ9}qd43RVGxijZ3ahHjQ9(4spp9^)FqI@)m zvDX?}^8|{mfan`KEBRdsu(8qul#&(~Wzb8un)kAEX*4!oV|S5hj%SSy=sXj(vRz(p z#6b+URGT$N7@XQ*ITaiDZreXPwlM;qV?XAy@=$o|;?-C0EXza=1{|!6CV%y*z$UuB zd>eB#!eXqBFVkaZ_-H!5ITBb_jTdKHGQuaKbhwAYms!>nMwzB=?DsCuRlr(Ev%+(A zjBKBJtr@K?98{-?V6DI4np!R5|GnRy%N;Usej};K#8CM3unVWUXKcLw!xq<5ic-wC!%EK0R~jdpuIncW)$XAkXlicijvKcE@B5AdaqvW>1Y>XEhRCJ9A({p-E3O+a; zwNE?#up~({@;x=Cs#->W3QXKB>(j_@_54(H`(Z(`N*L6+r z4Q1xJ$fcFJ;Fr+mo~pa$hqCrpCnm3x1ckU&IM@}GFQ zIk#$OZMUzI@v@la?2!;l?o|GYbldvb4_6)%TM{tz+hNMrEhp2ui;mok!+UhcHWSwgLh@+n^u2cB3q_BZ=<$&Qb6!oxWI+)i=O)`3#z`6XV_9=N(ohEV4KK#k^L#a+()mN_+6LyhC~^F!Omu;hHT|Udzr=C`{S#@ zczJp=TSokCe1k;SzVUiBMRJT5sITv%4Pm>Ylb|=UVAP+bEc`=c}ie>bj>Z^HVA z9GlhL3}@&>^SiFOSslMA`!aQVr2LdXban6I)~fi*Y$*2I>?c;UHWO4eN5Z7`%`O!^ z4r&QOy<%Ij$A@GFw~&)Z_XK)rleJ5d;vF```Q5Rsy<3sE0;PIFgwr}t9NCu7))Jeg z$!^BkP9C-ZJsBxmfeNpY6j4e{C|4G%s#4{4GcGUkvaW_i*Q(2vn%1dhd~;a&)oW6F zmGWj>2817 zi91O-E<1Tl=~;O6xdx1_pnh+gkbZCHV%?ohrzJk~EC?=xpSPW8e$hoN*Z zZ})bGJIe^Ps&}xl)l*A4Ggr3+Vh63^w>oXHw# zw!pd9ujlAdqI6hXDj2A{UNdf-fyPwE#y@OQ1C7qh*PPPS!(+)Z#FS2e`25rYDBAJ4 z(oFMA-pAN#MbJ&0!p7)8{pUoXo9Z{Mgjq+$H(?lCQ0`LFMRcLDg*nQel#Cr zlm=cu)ndp{h~`FUlgY79IgeRadji3>7lX6|NV7@XDe8b*m(VU4u|Xfw&;Nd$>006?XAa0vho)zt@E(@c`wlbfCBD}FHEatYSrE}_(C z9}}j%7ny_TQ>mzH{zW~JzrUy|_;YXtev~k&zTqW*C|VWtb<*E!Xn#L7!GqFZ{xuu# zR&tJ!WUXmYUO<*+^{t8$`dcbW+AF>+VuU3@f;sE0FUt3<)qW)=_?%shSGxWO1 zOFlh%(5S$axeVeg9$jM}sy6yuiCu>{oTwM-=}+#!(nKuRqIAVhVV=W>>uH{x<{S&HRro>Y!5qdkJq79y(=%0I~R@QzHE#;WbV+F_ajfL zS|Z2Je8g>;9B~t|SGu`Nf*MQ(_gh>lO4mJ;&rnsCVU_En4dauD2q&6s28jdI%0C^C zovN`G_p}y(u_3QhRcQ|{R^|vxJ6ntYJjP=`gz*^kjtL}b%Zd^F|h2-loCk^V|lvr_8SF1i{r(ZGmW^MKQ>{ZP`{ zi)rct-l1(Qa5mw35)LG=qKXowQzqo~Jv7Bo~ zo0&>)@17K-6o?O6Bct5&a{8XA`WN#X@YWtId$&iJ=>`$|U}rlQ)~sQ@G_OvmrQNtS zob7S>6^_vOyDsE9cPWGP*}4>8aug1EEy{g$ypsjzKmJa<(9S2VgQ*ZxFEun(%dF_>cj zWvF<1$e+Q#El^SY>P@gvZpXeOe4nxGK@-pE!^ux&`g<;)N*q2hF_dUCB^Ajz+bBVnUZ9M?z5*1^O2@ z!>9{?Ta%?P+ui%!*t%M1Ga(j^cX58yb=m|GEPvu<`$0Z5W$bUabpwGN+o}qn;9BZ% zit&czeoTnLyLRzT-$U86MGz1uD-68WzF5g$Z(mG`xh~@Q_C0m`C8~^-L2Rofi_?#q zJ|n4RZ&rY;wV3A+9w*?k#~WfbhYcphd{%*bFA_v+@oC7XfXeBV=nP(rryvXbS&OQ} z29L>f;RMgYe{XLvJgypxv8$}wpBy6|59BUyCf1R51Wpt@V=lC?Q>+a*N)A9|7IVPZ z56gugiEi_;4yU+RIRNP-v^7 zFQJ6gQd;=&J=5jXH4rth;~s1IQeI2ox|~hiTgVhcj%qCI>*fT{Z$~Qbv^ir^1=b_WQ06AJ1hX5NceZ(rAC;v=)W!*|{a!Oi#I~EPnWa+1C7b%2`6{{ZRXF6Zx7R z6X1ZV0?tQT+-@Sok(5j8qh#^b)in%*MsJ}B9s^VYl0`~yTNM?0;L~C4_JpH3id4}x z(eZba`TL{@3V|h!(xFG6l{k|2iw+Tc#W+7J|2DKn0^?O?Qfo-Lz9J#6BgbXfIWt!f zDSks0XRqnan@j;AAr(;e zo^DTu3&WUX_v8T+U>xJ_-60VZ0lbPNyx!nGFp%pC z<2eVtGRlB%9`pd-?GH!@aZca0@_&BEligLlL89|rFzFh8jas!p#NIti6k~rX1tuJB zx-=f-pW)M;%a)TVraT6o;V0ZCr}|?u&;|D*w7b+jp{x2*o}Ji?mUg_-%`xj)sy~#G zOoW6Tm{kXI1%90Gdqwa;+aEW%uZ&&(gY&MUQrORN5jLTtizgc$Q33zirQ4yoc6A= zNYk*nuUKsTq3L$!Vw8?3W3c`#`W&qNIEEfQOVg=SRa~pm^N}_yK30q<+uKI?!5*A% z-+An8H6))n)ml$dZbnMLEkVPmq0mx*Ig)ZCls2nf3dShQraFSsc#*kkh-LN$Zmw;N zPj2N=HA62FoH4k|Do(9oSEH}AdoN8pFa)$JA0_5g5$xL_qnkGfOEjz4j!LU(7DuIF zybtIz$*fE~s#Rml;%T!yrN4W}=o@ZUk^?3{$?W!$SB7hXzHP!O0b%lQ~}Tq=+5IN=cxoJhLCyOa11|#Gabo8Hti|tx5K{)>(0f zEWLZ*iDAC>=vB%Fw+IkdNN%IMe-)poz7G}0iFwm5G<6u1;;9D>(q!JT${++_^&3ODp5)fpRfsh*+{_``khp4hh;3^PoNGSu=_tr;1+2+Oj#lcc#yRK zc>nTe4pU0tJy=S)UdUfgmh@Y$#fae*Y(SEcbVRj%#kMoFRSd?bAa@ST1A^$DpFRdR zxoe|DLt>-e_B2SF%dz5xcPLX+C;qY6-Ulfn(=luu!xYy{jrp15*(lAWfMr&am*l2E zFo`2O@i!j4N1IqqS)hPclEAXqQ9@3QI5YMs62q%~ZS9FQDcItj7_-I!bkv)RbBC_! zvDPvMuc8AC3Rr0r3!XtycfTEwM?ltI1Dhc9&&KqdCi5H(OYq(q(R9ElIP!nwyLcmF zj$rDLI1NkcXwn^zIu<-HU7t-)5n-8>$c3Eux@DUSo}8LzMp4JTjYme`e)U?{8ou25CEVNHIDStfXG{e#WSE&`h-qoDG@go+ z$6@$0HW9Ut_D7IorITVO64y-J$ptlRL^Tj|P6L%*pCKLf^8y)LG$U2@kKJ6y-@vke z=41z$Ab7ifq_lDw8B@*+R_}35ai_0~9GzyJ2Au10wHv~oqA$i(i)a?Rz(pomP#v3& zx1!HS;+|F2IMMtn3flizd{oO)VEOH}lr6z#$~G))Xi6_h6v4n=Q9ZVu{tWRZsPp7T z+n&u>h%$$?>m2JDCta28EkSF-o%EwCFx;87(m}K#0pBH=EoKfhKfRcE-cn+bX~H)j|m+ zG&=oobZ(@MM zewlTgPzJwjLYbSuU*)RIB=3K;2R8FsGCc%pI*_m`GVAxL6Jq)|c0pON&6A6) zjTL$Je+!Y>3%1lrIb13fewLMYVzX&C5v+sE5#4H50AXKe)LQ4HZU5s)`j(YRRJl=dRpAme!v z*S`;SWx(Ngs&B^kKP0AXOFYl~5=puK%%1V=um+ko5f{jxDj)tz=B56*$XF`Z;Y#w@ zE7?A;7C?WhSLHt8cQ3@Un47~49gMDIA1!g5V9i4Ch$fm zXK3J;{I6vRficuW(>Lc0CqWGq(h(GqJqnM93}#GG6C`@Ws1k?wg?E5Nw@lTS) zaSi$NAox{mUFUPnQnVkV`O*+o`+pS|qP(ve40(;83@Ul{IHKHCUeWcvz(dyP%snZkK%glZ&thIdAh(Grfif zG-@zEs!C2RDI-gq(Qi&?JP>2mVz2`7b^EHjErFos8VG&j)2eJaHz+;JvOb)2AZ1Kp zJda2$J8WyG{H2HUhm@0zLZ!)5jKQVGhW8kt0AudU>jzKaU5a0Iu_{TbaM6>dAR0Pf-G&ikjA z`P5H`olA8W4!52Up?H)$3=$o7MIg)N$2iA3C1*hIpIBXCd85yuU8^#Eu~RJuYeP<2 zP-#@p;Yx`?XlB}b4#&(TTxF~bV2SO!fynH-#MA=eS@-*tc<;sLV<|9?>fRfkw|;>S zi{1j99v#=kVlY>VPOtdmr^;KoIKaT!s#Exg&z@#!0NK-iWTn<11f(f2=n;fRt=78D z1F(vtI}9pSSBC>6itAFf2uEGBa*(;DV8p|ag~MC`k))j`WF z-I1F(vYvAH(ck%?|1sX@q09AP3qV$&wo~<7%=rWb#I9W)f0dj>f~gEh$7NmC7OR<10T;V($wU2-fjL+}l5c<>Mhl-)wpmhroI6;O8!rKg{cpFp{>O9e7!W?vd zt?`{U7u)9{80{LNDdP1$JzAKO-yll-RoTcZn3-*x=E6}~oXUpyBe8v*J6$R|tdK+K z<_hbW5bdIjT{!i^VHO{q6ihQ@>HZT$pJ!e`BzR?2{&1__NAuVy{W!}!af-bp1gq}S z?_m?N+VeUM%I7ucrEa2`Ze`~l;>;JaexI**V~1hfx-#DJOk*Vfx#_vR+;P5xeCeHu zgDnY|`~G|hbxSHn(_~(o8!$j<2|TgP0%;Q~q!JNQDf`ASx|qX7soFtwgcwEvFE|*s!;3?8{OD@{{o=zFmEh z+?3gRF#VHR&LJD>aG~BVZVGjSLl6`#IauZ976`>K@B-`l^%Vw@QDm8(d$gy zp;u_JvP1qAyl~B20ko>V;IYBKRc-&-2Y{Jne&4>r(QT4|;i!F{_wAFG zrq*{j9I60swNTU>Vqp#=Yzg|112mCXEC!s1 z)GMh$T@yZ^J-0;*VZC}9>Gzrj8(w)lOS;@=xiiMUAZsuF7D9Q7DLcx+JE8tJDG;#1 zfUY&3LxKNJm`P^*to;Sus2dZxcABsSq6Lx4!DnrXWhp+N9O#iv^kV^3;;x$=bAMEe zgzO8y2qb)x-u9(=Eti=b#Q%U52Ssn2D2%O32+P^fj{gXUp10av_AHyvdWkURO!e^~ z)1Jww5!tW%4CT@Y{`#e;6nj$6ljCQ-j1|LnX$M&E9v)@MXjchMshB-G3VH9KsItQq zc?%qwNSPA3bMv@18(3;jQa3RRhKvIe<>G#z<+rbn3>tW}8~TZ~t3o@~;Q+pKVm| z?NzE;aVm^^#P94AT0e8Xil3$9I0enEe?J3T8U5Uv)j{V{L40)#s3eLNTB~4hsInM0ips3rT(-35{Yp&2g>E~Pc)ta0n2hp zNaP#6rskwkim3y^%W(rB{EfR(DudjsLflKIF!#Y?U|HM9hAqR)_Wn0hB(W-}=q&(| z{QvH@`@iaR2qL$)2||&!Y=8HNw{9#3?U{7WtOUlFMRHut>llzf(-2Jl9y0hLss?mQ zY^DC8?G1>A@LHJ0zo$IKA0wjz_IK&=|GnLwkR6!rJk|fdsuKVIdOJ#X^8+R!dX*{L za<3C7@D{I}20*BVV!7BiU;gvU*K|7@R;`Ftz^iNbwWX zsT=2`Efi9$d);-^q}ab&CbkI-U6+vsTXu29wm8sY{R3+(Sm^Pe?T5d;o4WqOH1}$3 z`4qXmtkRvR`trJLzjB7*?yqUExMJl$IQRB2siQHb(t6KY1?*97PK5Bi|LwrbcY_qJ=VJ+lHA%l>yaluWk z49xr1_0H{oJnzB5toq+WSFW;-00-Z`b(U0>>*K)ur1(CWfPlboeS3Sm`5PDdQ8H^& z@W;l~lvgO#&D6ztY72QLwSHnR+Zxp$wZ;@_iWUgBSB_U>c{mx={`9$?U%}?wmLyG* z7K%EZdfHzmt5oRrc@^c(`puX(JELm8f$ps37mc#0=s4gr_UKJAUFy)U##>7hGxpmb z1x5F7Cs#cYvE>IDB|1uoKK|3?0}f2CuKF6oH!m_B&E-c?=<=FSoI85K&v5iqBE=v4mRk}&lcIA&O#tldB-O6oQ zLlaN6D+TG-RFvD{xUrz{uR#h!B1MLGB>Un<1&S-J-51=FzUd8#l=MoJSnn_JM6EZi z6b9;UOV6WFj9h&WQPHLY%UNIfySTDeIU24As>RAJ(y-35Sc|ZbFKJ{L=aj|TzeNh0 zDnF4OwflgCCxm4d)zJ&EQm)Sbw0|&oo)~g6eGPK-lU|QiL8v_PTa&x%RP1m_@>8YpR5|^U) zlzx&U`vh~>7CG|`{HQailOF}#)2!;u7b(09Gz`DBqa1L?Ed z<3+D~8#~wPd$Helc8{4Zn)h@jOiK0oz5lxKS#9CF4c67dl#q!oE_g6(zrR6O;-1vA zu)>~Vh9BHxE*Z~aH1p|rMhadWdrC*aOHJwG z!B68RMLJ4L(a-xv?ylu?MP+>2x|_7CSRux=UXUJNXVKJGWOP_xtXR`NoTtKBUtnO1 zR=Q#lli*B{#5pbp-CD9j&IK13G<-XabTmROO}Z*h(POoKxPQoMR|#tsx1?w* zX@%(-a1&lg%5FI?>eh7Ez+QsCr0nNjOR%V0`W*_X04yRi>t0qnec=4PnuC#)@^Z2B zbGeF+5keG^FU<*eFJCQiLg-ZmFbCiio^CjD+dFGGJq2L zLIVF%gABd0eI8H4uLkHH?)OM}Z<9}{t8JmofUA=XU0zwa4(U3H6pt;)QD>-BrlX@P zQt_RBmGJ6-nMPz0l`4-C`;>7^XnJ;f5@Kg(l`u11L;4OW1%HdgJYeu01*0}38!MkI zq;*#7OB`}icY2N(48^)FG+4Qj{M^Tri}hX;gOA{7&;aZLF_ZM)`#wQMdS99c^ws7+kHVy|bVt_rAeg0+vnCr?!U~cCc-_vy*Hy<#>4{}imQz+N>fe94zHEp7#ZQopH zVb}Oh(eMq$5^@DJYoN;veT#?t(?lCl`>7aCNpBsiDNzYx%Ak&>lHPgEHfK!mh+k=? z0e=o{%v;or_5PxxCS%NT;zjK<*(XPaOWc+BOD<6FKWRu{*4?$G4GW>XvHH-XZWPhT zG!7=+BQGsH1?vXtIZpx^~l4blearH39nwo4N)i# zn6D2tQa7CLZcRLGNV=XleVgx#?ScYyWFhxFl&@Mu(jYaxCbD>gx{^!Qs3^(mtnCZ8 zMD(7*PshG3CxxrUyYc-n4hg0bGNmEsn$U6;(^G!MsfBPA ztGy-lEEU)|?>!}N!ReSE;pM^A8#JkIt9{Q619q8`A~>pB8?r}Vye~d$pY@FA@cQh% zL|^Pta)6P+E_Co0+qT9y#xq?vxWc+{5q+FuFDg zo>b>W8;+j^Nr99et?{~guGcmmC#`=Jt-FBDjb7`4a*N2{Forf9e+Le$2i)9OrX2OJ zFdx~;U_3wcttk(8Df0&yT=jNbU5{{UwLf$i;Vz<$WYKcSFJ2T^eDbDNr#FDSaq4x# zBGn8M-B`1;pIy(tdFmOfz%N{VmBHn`!4sw_uAw$`FA7Dy)?gMUpOl}p^C;lC#{eq6 zK1!?Dz4hz&C2M~cW)GL^r+Y&%$PVKpmLX~Gd);QD?ADvOfGL;Lt+>=88JnP~v)^CU zc|ay9?{|b3c^6OTR&+e0`c)rb?c8b*8=jT_y88GeQZ%-g#CyQ`15)T+{qfHeqevmG zXpu!-ZxiM8CVzE?9TQ%=k3M#9k>MXiTz53*jo%#3oP#iLSK4={*Eq1M^-<68hSI=Z zyhmc{9!)Pay=J-@KXdc7JcIA>g&P!y{cIGVyno@BuH#$exe_V{-FPtB=@zd+R>T|Y z^2tdkq|&xVDX#@!AvI=1jj!JwzM8(!5B)C7;5qDUSRbU2d@2%YXUBNQ_ev)DS9OM< zW>$)@Rw1>KuLJ4^N@@I0O!SX@b6~)e<%O_4;&9~uLY^aDIkiA{^&Z72uSonbn8s_$ z_M3?1g{Hbg67<=zZCS}-+fafohP=%F`Y*h4cEc&oi%dLOJi% zk@jiT5H0MyL$4Hm;1w!<@qW6cg*+xkHK0Pyc&2^*;wZ!>i_cs>vZ#hSw}bQH*;?d* zd5`kWh_0`acnvyGU@Ov?;fgvEb>5|9*F@{1;{_F^miqfw*uo6nb^kDVo5Ikg+=7ls zb8lCkLY2(lNIfgQRLKIb(XNK*2}fW)oVK{ySy9M69C&51{+i{}6RjHdVRr?Olal8% zeoMHR1pCXW=eMb-9Qc$s{d2gUZ`tX3GU_Kj^SNC2)VoT&=HV*C&+g1OEmMBKdhWYA z8HQL|J+x(rxLZu|>VctTxh-e?hht_n7pS{6`w&83@+R$mP`k#|?hPo#N5QZf0kwUO z*JpDD6EXKr+z{@BHjJNA&fPzOahB7mD0QkECLs(@SZ1hBRi$foMm5-^IAnNQNOcT8 z@YYSKG;QySK5}(^K*7Dpg&Do2{eL)n>!`N6EztL?Qc4R2ic5;SySG4bDN-DQySoKi zptw85THGn_&;Wtr?h;6FcMH(BIp>`_-h1QSd&fP0B_o6+d+oXAn(~`-f=Br^Q0nv- z6YPe%c%9Qp6naN-w{#3*qCX9CJzK)zKDH&li8u*l;(=tsGQQ6qZf|f}yW*XM`l0rTf0W91GWGwo)hfblo8_mzxB;t)5ahB((dO zu})q(I}&Sn7#|kq1)F_scc-`arVS0_D{8Sis@

              ^;Eca+Oh_pNT{s;9Qm)a>i z*ZvnAzjDEk$lY}x4o~SisUgg;vgx*Tc&2VpTHkA8GDX$2xWZ=0S9|!I+#t3F;g$B` zMf(6#ny}fhFgLjhgHa|G*(HvuI({MU=U6cV8bWNt%)j@$xJK>^zQdl zh`W%2P34?^SFN=sDAqNJwat3htTk_bc1i=mNm4hTtcpJ;%W+)z^=fcHxCpy*QN#4R zp^uw6g+c1~%4{OVffp;RyLoraTl9;hthmd>64b+GYh9_iZYg4 zr8@;gqDpgle%tC;-4;vZT*}pnn4xWk;ecpa5Gz%UMIq?Zcp7#`xj=<#NcW~8QDIhk zzne`$MS#i51>-TKO^PX-c71k)!q`Moq5LL3kJJC3cgHu|Ihi{(SQ{yg8&tiu65Pva zntA)c27fl9G@xmGW43*Hb>$t@-)hYwdTTsqub^o4yZ^R}kW4pF-iL07mxdIj+|7FT z@o{S2`A#R5r>Qur_%k>fhPOm=|@K7sK2I zdN1{Ixy4kN5Zd;Bew+24YMKTSfmwR7dK0QXBTvy*2@oC1G)YZXm+BXIh!vOA4m*BV z6vpMIIl7REtXYhsA#?E_wi2&Aqfd8yf4i})8MrF1y7Ct&S^eULla}fn)maEl63_|x z#$+jP6EAp~c;dIxTPRJ>lO5<)&GLv&p1pEs2nKbr(|D z3?wr1<(;V0gvvWgNHX3yRCXpLoE#-?t*zZ{Q8hmQsIfYb-@?vZJ+CNt03)or3!iOm z)Qqne6UiqJbXU(QJ!^G`#nvxxoV+B<;R$c9oTaL2EnX996|2+=n+WOITq&Ti z@-!C5d~R2&?tJHcc|S+0Y>&ku+KwMljb&xZ*&9uLGZd(2wl(qsD#BSH#gWB=9D_j8 zaOxMcjHA!~;z^;WbKo&A#s}tIxIIzhdFkt|^Tgo0N|C7_8c_m1*k0`fqN*yQfk&#c zx9J+ul_@d7A$I!D^8u|_@m`aDbL3}9_w2+OYyK8|#lB`8)HLZ91qVQ5s_Ns6!Ov1U zyQKT15d$b%B(|)DP-(DbV0fgr`gA7wg5~a!R{RvUwTaN=5w5FXHMdEzAp%OPnUQPMlvZ z#_9e&Fe~?o^KsABCG3^0DDk4t$AhdTz zz!3syUBbG&ld4W0Kx*kmM+uh>&l6xR90JAUl_RX(uLD&RO_9@B)Pvr(WsdtQHudf7 z#5jSv!TBbVt}M&oU%0^1NT;}=*afN#sA8ohXI7#FV4jA0^-{!K*2yYAj|{ELDY(Fm4w{4nnhf@mn6#UIt_jin zYSQnH{lj>+p!&5*8|@gq;YX;GG)6O?vox36C%JBnw!HeJ#g8j~a7)JK73=%{+5LfwWANd=kg(={SJHsPyPUL0Tzsv(#~*?AQo8x^-g(Uy){6|Jll~LX2+A`0}X86*EvH4J^Mc zA@PWePEgiYAs(_)|FVpkKL>T`-0~uRV6jr5eh+P*DYsX4+FgIMb5JC$i40~D;jxoU ze9N&a2t|0$8AKi^D&qJvV&KQyC=;xjWw(Wc!glaH?NN$59e@S$6 z`@g?s4D8VnA_a@$0iHesgq*}_x-RUGeZzfe!v-yFZ<0`qE((N0ik-s7x-`5=zA*;r zjFX@z>%NIs0lG;?-@Fgy{Vgxo)1DDShVNpVF1atG%@b>G^f&0yx0KB?C{6uF|K2_d ziklXJ!51ge#t;OT$$sHc90=WmhCz-3IC*wzZqPMagxt~fxIQ7y=WnHG1zQ=UU)BHIwnm<(J-gxLx0i?B`892FEZE}V7qZp*xJi8l zSZ&pmS=sq^j?z!NoHv)jP^(68zmq@M*yM~J?ALqebx598%w}ow^e|%LWvwuHrMH|} z#uFFF-#a@Qj6Bs7qsL=Y9MNp0rgy*-IwJtT>bm|@4;8ns);_5Tsawj+HoF)k@OqM_-9k;;~*)D({Cr5xt>sHqYj04DE zIZ^lDOcSSqM2jGvFbJg25JkVpe77#TV0#Fy(&jJK6=scXclMq0x3_YJZw>YkaB{{s zIJIxJFI61VJ->)Rj$C)%{iN%jS*;`bhS>Ghn`DypUokwp&_z6npE%oBC#z|BNCVo=^LqIGfA76ZO(!YlH4+SyNeAo3lK z2aD9m_c?d4;%7HF;?aHQ@ls-rB$&e%?V&L~0;l=@)W5)Q6hMPa&}n`6Zaw{CDT>DG z)C}rhy4J99Kkkmg04!o1)oVfuOnF8Wwu{>OQ#7<5Kmo3r*5p-7Kd3)I^pXr?n}7#A z;4R@aNs#ph8AerXQhz)IB}7U0 znlZ@^Si;$eeh#q^Q2%wU^7?*UNRKLG8=v4^v>M;YMY^1Q^crztdOOVE;j`$V+uOBN zU)+1Wie$|bNsaPVl~L^IKo1hS$5?r2QhTt;?!6`G}vh~k|iK=fq`5Xm-LcBVt@0?awIkbtjJJ?aN@e8-ufsmt~>Cj%l z?N&7N(*gE*D6qNxx);?2pwO?t!6eN;_ps&vb2A>SDeMd2E#wdP&?o5rSDy1}((FT} z!$U1v<4#Gb<9^)??@p4YL9x}~rRHTr0jd1W_P9J745)W2u)cFCi?`)-=>y*v7bUBU zYBUDxs5YhT(Do1BH#gHfM(6N1YfI|3m~fdtQM#m+R`j0mUY?%}&Wd~Rc)!ovFdtS-q;A~r>5n*k*VLsQf?N1o-HV=XMQwVnpVhQP zo~4^^<>ES@(|iT7&4=;9#1{KIXXtW7-P(qQdJ#DWVa-E5Of@f^R1PKKAY5Xnrjhi5 zG}l942RmjaM)wi)nBHBNaPDxOP2Hl7>Vpx*-SpZX*TWIT6G%T#`2wkr!6xmHZ?esL zyr^t*W@uW(h%(#gmU~-tBt&f)SliELS^wL$g#lJ;r{9C2+6^51F{8jz+h^erp#Szc zY$M1N^5_8`Lx2GVq%op5MU2P(7jqVt3-$XBf{ZD79KFX-G>~MrD1_ap^Ql4xKQ<7G z?E#uCeg*m_eU$A3%cs_lKJFZrz{y zP#3|Qp2;#@toL3m0T=wiZ27;tV9xl&S*b|EuV-hjgQ*-(mRdZdwX_JEUAF^h$u9j3zJ0ruD+S{O;ZJ?632LX#1Yj6Pj9>WOa>O+Ep46lw>cNz+_{fI||Pa~7X zrqCy|#iO$Ml?{CMd0r87%iKwJ91-(R~u^+4`LQhuBpX3P9ywpN`M@%09{xNKeE-y+`thT2_dQ?YYE;FEv(AJy8xt^0o{ zu5Wk0fbH|JoydQRF&8fi)1Z5v4)HN*3;Nx9`U200%Wr|nMJr1l@XyX(v%ic|g*;df zT2Gat1kWutXG$W63u3ln5)(c^AhV8Grp92}fPLv!L??z(du z4GDU&i&+yvu=mAY*rO-U-*I!lO`ucOa8A1}bndSHkCLpno+<%aEXL#lw_WOgxy}E7 zMbSH{LG1E&HTWFSt7c-pYG;RJS7x~hb@PqXFF5!o3~7rtvPZ1*?u?0_E_WPx_qvC zvnsOQC1OHi4ZuO6wMuOLFB@2=&ib7HzcHZKHyEg-oAjZBXsZS-@kX4yX5`A zM6x`bfJ{NR&a>?aC)9q!ZUpLf?z)b#PxT;I*kYJ;$>Zi^fNh3;{p%C7900+QiygP1 zMl`YX00QSHhg&H2ZCv{7QEu(_llDJHSw072ET0L_hf|2#k2*25nw)8tfqru={)`4# z|Jh@64{KkpBNF|;Jpdn0zL%&69q=GyBI5p9s!d*UKoq22tw2GA68Hi(b)2Ks5YTjy zuD!```iY_<`qrDBQn}X5638_};?pgF*vz{(>X0o-P~Vuw3|23|N|S=KJ6|`fff!Lk zc5Ks?;FuHxZ&_J0DUZ{SkXxew(N!#*GoTxQK1=c9tJUTQfd&$RVxZ!|He=-T;8p&CB>WhwEL3Yl)AlZ>D-lP3H4?>-cw?<;Am0ayF?Kq(UG<(aI@z3hD;ON zrh%(TY@Rz|BXCUa@@(5ac>|=Rr7Stl#orDkuXbKBFyhyrDm>&+Qjn1?eCQpuV>VM5 znE}G8DUeS?mbA2%Wc$uvvLfvos_tmbZi|(*8;D7k_pP+mmhYO1S;`mG+fHI+6GnRK zr@;07jsKm(Ay)O;nJjLGKxtC+a<+vxMf+D*SDRlyzl5#JqsSp=Dm2g1=dbHZD3XYZ zheGXf^3LW4*g7JCj2L3hB75qXhC-GyX>5>m7miakc%L9_&|se_)ifct*D>euU36`e zt>ab|{Mbr%Jpp5e3^+2WweGJ{68eL`P^L}FP!dIbkXIqs4N{>QN_>qgTyo&c(&b8? zJ2t*%Lv9C)_}(nF-inPek{`)9&@vEAOtP`1TbN%feO^mJ%($7E=W8+VxWHAiUQ}@t zHQTmZ>Yai&b)%{@<+iNaU$>XM(!V*dC@7!aUCQRdLh-!k61V6_)B zkL@<2CZrED&} z%LBnNa%8ZP`!H*tvdx~U+6w4I(E)EHD3Xo;AWH6U)5O&Cfq}8wO0%oE78XDJ*ZKX| z9Q#=^u&hB912#cF<3h8Pr{^gHAl06tc3>Xi{F_L@f<3O&#r@Lp0uPbPI?EfX`SJ2B z&YbS@9kYQe`2j+bgC-bv1AIy&G|$8QyQbHEb_!W(hj3C=E#Nu-pDSXXJfOtux>F#_ zr6uJ0bkpXH;SzJh4@yBnFCXQ0sGvlU^HAk@w54TYdS1TWby;5ZS}6;8deOz# zH9cV+xylViDn|$@Vb`f`un?xXQ z)NpM+|GJ*6vWg!s;j2g6YSV_e=iAw`r>Y6lsRw3V88-U$+fxL`VE z3zLZRMYqHvQ?J~Elc@d11xwojdAzP;b=x$r4=ogN2kxfAwPZ;D6teqKXwz!vwkpk+ zHWV^TqT*s{-FKeb`d7#FX?q7W6Z5QmwqjUOO=GyuE*U+ZxN`w)pk`;^8O*^#`I|3#HaYOpQgZp^sZp=T5QMd20fX}*_Mhl{{zk-m~y`o z*aEy*MD&i1Un}Jvh>r7y272DE^GVA(5>>;&el9@%Ds5s1t&o3~VA)j&3ca@S3p&;; z5abW2Kdj^oSp`UM;9;?> z{>_HmuX;p2tR@tSV(`BnQbA%B@@v6YVx@I&k^Z+1XG=OngvE<8^e|8Ck2!LzJa>Dn zrFrQT88V?f6tKiA&g&fNbK)@Z0KUo ziIR}FOEFvY$|-bVo zYX7Ka62ooiQG9Q?sZ!IgrW{z3;Q@7tB;&5EmlOesaT=k3#bJ1L-P&U75Rhx{d@6Je2z52Y*+eOe;Wg$% ziW=1c3?jO(c_uWkC*r*Jf{}^I>1gFc2OvoEMWv-(K;HUpBU?dMZcOUqN7zU-KuIBf zL>aC)3bI0fJ8g|pz@WJuoI@)0U@-V^4bo7*ke{C%+6lehVf$+;M~a3?`u_9hq zXm!-r^BVep5}26-74mOk(eY;tV=;DQM~Xdcg4dY$FLr^i>IZ!d4IC?{9#i^^lN|J} zN(2~GdIb#s`y7_GpkJm__Y!Ca--%%@!F9#ZTs zsE9CJx{^v@LM_=j-BflaxW+j;LCbs%m|~dgM$X}#K6ZeOjlBi$=s0NbWdvhTcgQkw zF=p->{jebfW|-%zKkU8=eW3X4`NJyXpzWePL9=_hg9T76bfV`M(!U&Uk3--;FMeYO zl{0>bc!MM4_a^|ic(RFt63=0TrN=FBd^AVmE$ePdWQzIQmE@n>@u2naGU{W=lhIom zG3Mvxoigv`h^O923Nwx|XvyF+5J{gX*}BR~MgU!aSj}Yo+zNo`mobxRONK)VZ?`$$ zJT3|GXGUJ}HJ4s`MF*nc8{-~Pv-wujee=mynb>92+ z`fzaYnSy|T}9tzfxYfILL@exNcddbm8wAuF= zYmO&vEk;kDCEx_bk5qk%&sa~BinJFlV{6~Is>O%5)Jr<9&dBH?%oYSIsF8CO1Dnll zUpJ~=^(s!r2G{N@UODUKEhR6RDa`uMCtRPMpJZOSs-P_v{`k!20hYbB7DMJ^8H00M&2G)w>k+q(xLM_SiZovZJQ8P>RB`Hg z7L3Tws}lF$Ml3w1`+3@*xm92Bw!zuJBRt+IsuziLaol82y9`f&gm=N()Q->A^z_8u z5ow;w_Yy>S7_CgVS$5>SnECi8^-aP(e{9fnfCNNp&vwN2HPlAMw;MzfnqV?6w}FaK zJ010LVQAMe2&nIhcY3}XTU+p&jEaHj^thNo;L3d6UQg(gFO!z8ivo`bNQ8HjJRz5^Uf*`(QdEEasG-i zi3)TSW<-pTC!I>ut>qlzH}TSKw%Dqr&*#Y9?ZU7iyqYV^aYPmE*ETan9ksXxy*Wdv z%)Zs0g=J9)hv=j{r{z{|5zq)gl+IDNZ@Wws`1-laWewJF>Me=Ec(8nJo2P`z1-zuv zldY68H%exkEVL+9Bjk>|E~TH`M-dgp6ablVs>Y2;`SQC0rUj4$XG5N$`O{ni287%L zKgW8v`V`IX4chSoz=ngCi@$|Meg^<|IB1~7%#|OY48*_Gn3&h2EIEG9gUZFQ$;fhm zf{9%11Q42BZLhl9M7Rs{C(=mo z8=lpb%Kop2AH<}$%jYTnoMtVp2VsE_^tWi00(AUEXJ`(3kIxyV0AwH=p0J3yq8_cz z+fT13wX6#GC(bmAL{&|$+p1CQG(QI+F3M)AM}_Lq6tZekb|V=AxEKVi>iV^oaqWY# zYb|pZQ1BhN#aU@o+LrUwg9aTs z#hT%KP+boUtW6OVyGSfF@I3Qsasi}ddnDAqas|rqzuoP~o#|1f$-Iq!MmHX7sVBsa z*Ogl`=2brXA`I$tD$h<^fj=YTz57cmgQ3K&$fH6Cr2f2+e4uex_6BYwy| zzsJ0uXh{i`I^lb1;cC)EJtkSZgOeNgt&j`BMQyOty|QPo;(S2+RhCdr*CMohLRPB< zeKgq^c}6bFAK0C9R#&$MNGgV%v;|`D$aCyz6-mrQ7vfpv>^^ZwjrUP%C_Wj|X(5!< zRi_RYD@FmD51BaH3bNG$nwx8s&Bj*;6!U~pK`Wk`YjF?n^cSf}SvKEv`eou1M@@8w ze!eM@w9AW_MNhg_T5v+eaxaQ-Vu1$XfoTjpo*pU`&!se|Y@@Ckaue~u)^E#Z#oBE0 zYDoe$^l`gG&=E{fN;}3Xx_iMkpd?(kBb>oNxCxiqaY_r3X=EkZ?u{G6`3*!A2Ag+$TE0$I{Yzye8!@ml=^yy zaz!86xw|ueznvPd6?5bUYjks@WX18%rrlWlbo!P2iDx-S$@fOjwu~tjsGEr6-kA=* z|G;gt`+FSoylF&v(=(k*h2f9)jZ~1ey0ftyeNTu~vSD-=6|%-@0~k5lGJQiA-rNXu=CEpr%>LbsYhx$Q#Uxz1a$y6@)ajz-D9!&o@isMb|Z=7 zZNKqoQJ7zGWGF_pfQ5ip6GXfaKeC71&bcx9Qqc0NhI}M#xOqp@L)2eONYU5McRW<= zP122BFdbE8tx~)0J=Mw~y{K+N;OZFQX(j#}bo$r+f5(SUA0t77*0st0Z+H>ZP{{fB zrjO*G;7@3bwI3+E``SZa)tDD%to(Rg$lut2eh2+@@*cLwu<;aacO0bTIQpC}BjHYm zFj?9EsM780ODD&1LFflD0FweDZvf(Sn!wkhZVMpbkk`A zFw{4JVg|R1{8u7gC5Od(%3(=QNx+Mj7YhzHYn)(>UcXxnS+x?1W!c#FzxOEOsDXWU znLKBqNVv{Z4>g`{PO#;lwuWtxy${sVtRQ>mo&!J~9sOnmuq()vZ2vtCi22jchf5DW zX#%{j>CHR!A2`hZsUfCRf6qJqhCNy+O;SIW$Ip=ILOAMd61ECe5+ZSTj{D0f&lYsP zIwT+VP~keWJNn=~w=Mo{f$`Gm;|RYnH{+8L<$;g8!zuvji!Z9D8YCoT{sR@PDrw8o zC9hWPh%Y-3`!r*Q3f*C_U-~ag(pFs+DVxHO8qUVjHyT1R&D^Kj3vp>z>d|)%i9g}V zs=iIO1Qk08ks-ZiIWe=l?S6a*pveQt5QTTx%+;v_R7>BnxaQoZ>cjcYrP}Pb7;Vnh1zgAAN3(9g@t&~4u|0R)QAO_YFLc14a;R4K1pVdR7O$VtD08o+$R3`pFme7g)`!e zSJvD1ua*pgF`3*EH(zBv&8=B)>`ULY_^@*p;K<^^O>}gg*n={H@b?=K{r3!4u23am zZd&=i{S(fuCzS{Oe@K07NTBRA;i{0?DufQRe}Rc{p%A_=VD z8{_SqNkMKvxA`SDPK7voM0k_>>olX!VbW%;az~SSq(K<%j~1AYIwL6;=}sN(Rv+2Y ziw0rk-8RU-dxMLxF*yvghSh;HQIVibxV9k4n+DjQ@qtwjcIHU%( zE_mfUXa6dZC-Cnizh;k2pY~<5OzXbcpgZV>seqbqt1))gfo*2ypvxboF599y{my_6 zK#O;pz0zy1;|9NOJ1^BG@oZseOT&}uD~J-qFW2XHo0=XQ?e;r9`HPp6SG9|l$+!9T zXUZBjvJG)~iJ!O?1KD(q(F8BiY3bXz(1_0@B3RRU*+R2D+c-+nX9}u328rQ%NzIFD zUKT?}mwfVuofbCEAC$7H`ZSLOBH+ZdIQhYwj+zXNpt-I+XfQWQ=@n8AJi1;wnK>XJ}N`i*YXvS?Pk@Wlnz-MRcx z3`Np@#Eoz#PvQs};1Gx&7Cufgybgq`Ec26g6jiEmS8Sz3`sp$zY3)=Mld_G_cmJ6s z_HFTvks^o=D~3v+zC0Sc#ksTLql)*jpAYE^qc)ZMWi|sEwOBIHn~BgRIdV95@`Sjf zZ zAI?`>gn1_c z4gXAY`c^yAnHNkNZ`G?thL&^}Z8_hS-nHerJk@2`Fq=diV5c=Yz3IF2t<^OMNSb?X z*wH(v|VCy&lgy^d}9PIe(*x z2|h5G_`_3OUoEv0kmV`0)YTDU>&DpJ(1gNIY6o>s-Hi>r$qKqZuhc^s_=SX3HiyXq z6M%{V)%p1df~ON2Q1(wf+sKbX9GuNKU{*%e_?CuRKHduA>_Mi^A#5u`VtoJ?98?hd zA%+7i6~kS5CsU1FqWYb=3VQIzDP)9M3%jT}=(#;>uNg$u^i_R?eHRi5)R_QhzYaL8 z7+uvtj<%;;!$?wGq=GD-_ViOl$c4(4`L%&8+f2LOEEiEkH714L#*Uc?l3i&YrS5xw zmMDA-VXfF9%U{5cjJEmBq=s=+bVY4^O0FPR^zka0agjrqtnie^Ctww^9G04@$7Z4% ztxKtzNKH<4hir7!t5NPfoQ5un(|)K(c`7VK0~!Fd8q@Zs&*=$=80v-iOp38uABDmj zu{MTN7jfU$0KgeET8Bz}zt>QQpNkwwD)O}z#}+JOhFy%qt#p4fT^Q-8KAHcsILg8; zo|DwLA%;18826<{%|$V znRdG8LtfD5Hl;Kjwb_le8{W}HAn(yaX(Ms%5X?^#Ap66QVLR8j#BBd6Q%^qs<_UDA z$oh`MOjVq0Ic)^gyz>j7X>c02CN7wM-T;V7nsl9~e$Ty)6`k|p;qgx7<208fLfX@_ z;yy3Alj*j2fz)4|>}sSDA4&O;XQecd~>Nml+! zJ&y+EgubApELOwYWjRx9o}OOL!%5Kcw`1@@1Ek+suEb3j7y1YXhi7A;ai7EghJ`g< z$yJOPsqpC7{~YXyb}rwVCgL=wo+&ImAQ0Q{#7!{WPdNTgjr4}k+Aei?SJeK!55Rd9 zf1$Af8f$N5gjlFw&KP^x`mzMebg=I4-i#qr&)b@SAM>Ek#7TQGIDv9fnk15MyboZ| z1;7fBqXz?k!yXg#ol96(u~@*@K$pQ{vHvwN_`}G_k_e}i+EDKrOK!Sds6jFe6M~+c zNWn4T;POmVzY#-!I@zYyFy_1kK!%AyY|PM-)<92ZUwj?kmS>A40c^iX-fEZU5nR@` z6-jdjOHYLkc@N4|z`m3xHU6?-d~RF$VRmQ9@)&0B%iclArM7cC+o;eAl-~X^y)g%GdX)vVP0I#S2EDT0irqW zfN$C;4vL@TBTD_fv1E0gwhFulBx&Jk;~iB_XdI#y&qoydq#{P@SIf0wa_?fIi{maZ z5yKS4mRyw2aPvWIL(CfS@hGJZ(bA`ZR3xJ&F0YfeAsHTJ2^gkf`P#3qj8!OD57NGbA$qN3>uzTLu8vJ@HCMdK z)J!pUc5cJ@#D^)<*&t6erXO9?LI=cmi!B>Uo{I1ubQQ!?5vwTS*vMHw8QxC|(0yKL zqGd{xm9Fv5lL$%}lbo4z6m}J-GIz+v`eEkWCy77fyL!xK6XbWH?h!OVJTkPncQ!}@ z@C0H?Z)lK1+SK1lj}C4hE6A2~ZAM)D;pei}-E)uZT&Tgw|C`k4;zWTev~N2Pn53~r2Eb&B8USw+9VO&p?+> z8_R>nyXos@gt+i8HaCT<2yzBFMh}BFPu5j=#jFdAu{M+*_#{0D^QGQx7 zjB%`$e5;Q;R8qlkLG?Y_nbk4$wC0#o<}~ms$)&L(^g}JUouFJ0W>^%7Y$#*W>IE?W8qVEp^fwJ2un+wSQ(4R+$oGFgx~ zth;kQ7~vdpw{p5M3V-Yt+r`n%tSuws&!{hbEtaso6rW@ki`st?a-RYNP5M%qg@XGha4;2Y@FgOE#{N^g6OMYEv%BFhzW?2v5zc~Jd z+*557^rK^9Mgr7LXP-I1!2E~Gf55u_-_#>eP_N-1`5#7UJ;AbV$TzC6PR#8IWssdM1ba*@%Mu-ZiLvn7qd(`LG#hXtyxx(!(6g59g7>-ogk zSNrjqgt*}FhK>B3-4aTL@z7R%=d#W&WHrnkr`fKoJ9a-`wc|0EZ8 z9^#>dEhVXGGFoq~5Lww3h27U^A<0Nf&10EY5g)eiz5;;SS{Xisx|g@WR~&S=u5spl zCWW=sV2rsy@>eQ*>EtgB<@&K(I~)lpDQ(`+Za0g$hFC80(Gt{fVIr2iJ~rklQ%dzF z<<1mj-i&t(g;*d9J`gp!zyBT|?=p_{BV=;F-Wuz<9YgQbo!Xeu6zi*bm2e9>0z#*51X#uMMK&8t+|3*znSL-q zf$7T%df!^x7@YjTh9n!;gMEqdw^$TD6*CLS(z{3*8=GsmyjF z!n9;5!M(;B)*?OKQ-=25PYMcnS1OE}8bv5^Q$nP3hyE}}hL`pxXNDY&E&2)z^5WJ^ z?2cKuFqr41+@Iti~~eR^n&B%FYZBQp`tZZ z%7FYYYScdlSy>UHx}~Fb`=S|BNeiZ-a&vqZDfCSvERV?vGo!-7(2n*J#WV2m%NrK} z#2>?(27w^wP!+}Dd)3#uHW>)y%Bl{wmsB?v<~Xx0Xf>$B9kT`?kwSa1yR6Mm%ZZ;u! zy|M47$45^Fq&j1-7r%s(eU>X*7NL}Ah)89a;ku;K=uFOY-Xw%P+G@_pr5C&+h-z$8 z>#txE4ZjT*L(W-U^H+vk3A%}iYJJMdb1397z_y>I(#$ANw!@jyL{xg{b2s3%i=Xcj+-x#` z3YBmeRJcho;d12`|3$g@~N+IfPtA}Y%l*l;a^ZkGhPH06I`rp8a4di7e(w|N;*4TLz8CKr&WgnFo>uW5IUr;!0WNXV(pLF|( z%9!}*{?>R<$>#T6F4ymJva1yPoh7RAQGcIr?Tt|jI6)P2uB@+x*kOY)L)%*y;R*b{#=3 zV)yta0|zh{|Cz`mlhSr>`9e^Dzf$w;BOwSJNJ6EW_}g@Cf53$hTTYehB~Vv2QT|ec zfDEQDp~mirBxfF3j!AE-+%4g(`ke1B4Vy;pd(mvwG(Cn_u;O-fm&7z$oF-1*c{)Iq zY7gE5scV8471pm}$|hxcrRg>hci(*2Ieua?IbR}6^L>sM*MtXg#6rs1Bs`8m=q)NL zJU2NtK~FzNLY`A-*WrCrjfQMdI_raPbjJS(I| z+~jyJ=dpqkeebVXxyV>i5fK{Q+?qma4U>99y?B>TRO8_Ev>534^1^AjULGU5^8wb9 z*rUMuB*w5s8#M-?v`!rBn5*F#A)YQ(d#Q9xU4Em7C8bUX?8nSBV;Q4xXg!sho6-R zHuCm+PZk3`J@vjHV7IX`!4Y6gKfTZa<`R&SYyRV2GFWv4* zTp9P-x3agr0emcW-U_J=DZF-rDiVSVrAeCzvD!sZX6;+8utGX>#PVt}P~^TQx>7TK ziF`t2V^75O$#=qNjy$M*DdLwKs{23*f=<`KN%X7ktv+?;ShEM_NVgj&U+*8!wm&jv z_CBK&I3BO$d)L-<6bLdiH7a!@g!y?jbB9yb$&zh~RU7n-;N+m}(zs1EoZUB7pEu-& zANf{W^7Zs(AkT$ayu|R=AR)ZDW~{@koqA~)U<~pNNSkxa;OP<}K8(P-0GX8bEj3Xq z#=`9NYCTRQ_Xa+0MmmV?f-=$^V6qzaP5!A3Z`6y4{4W2(FiB zyN!cY9RFP8JG=TJ~nVT;$dgOVKAQ#v__rolXH#b3EOuWz?8BM!LYZt<6tN@m~JON zOZHy$(cX-WT*##29P^h?(py0B1faeGMJlpliZ@c(J+W^HbR%UB+VXJ-`Z5ss{E>(P ztj30mgal_NV(^9x2&D^8|F4*K0Epj-QITf^G3iMF>I~;~6buHzaY7xr>aEarR%~UL zVS58UU2nMr*I2bn>;3Dy_Nr|l%8!|qmJy{JOpQG8+ivvned%x_^|F2fNOnjPsl%sJQWADkSkD9F;EBfpkJhZ%@9VmMcT@I{9ba1{tDy)YTQ~ zB2HW|(~a2*kaTZslzyw@q1f#P1gv-{Kgz<>gH1!D^p@Bzw)?I8d#z zuhkRgWW*!*)*E`5aCFqI2RK(~GnXkNCS1q2iKN0jqKfkh1mHa6^oL^pHr?rG`mwfx_WvHU(;LULzQk^Cw@pWq<=%}U0?Y*M$~BaJ|jNR@GMHk67OOSV{n>fHF0q>Lb!1N+CtU?7mEtu2pN2^K(YD-d@@!TYQHhGc zw~Mr?BMG7zG+Kvm|LXO4F_Br~k>d8Ho=DdBbd(#iy=>A--m|gNN**?U z5y;uTIFQEHha7m>gsD$)nqEKhaue%$pPXs-oQOe1)mx$#y{S@Dk!FL6kQQn4a54hg zozJQp-c1EEvj!|CZh;;(2Ew%-(ygz4uz*?{$$1n5RGYPW0qJmtG2o zkLeAHWl;o4KysjbQv`{uf_55^zSnKif-n^!$;A(mq^IvXDC=v|NC+X!9QG=tY-@~L z@vaj&3d-!<6E=#ILl$aEMg~jlC5-9MO40=FoWyyzED79&!PaARD#4B&eHl)DU0tDHw zwITRb15X=&Y7);&kRv7y$+b9U4U8I&kvhvlvWe$vom|S*w=Njhx3cV5avHxH$BAno zpCCl5@(eszHIpZJC>0fZS`bTG-nH)Z3M$I7lO}$GwKjv4G+$kkvsl9g9PY9mF{7Ic zx%pwI&x9)p&Dvx)tYAw{lE(=?Ci?MgmWX1fP|Nf~k*+`~pR0$>HRj&!&X9RQ#Z2Ga zI-8OK<>#rRpZS-QMU9>7%ZHet(w${C8eXgkip%lq@rk9#er5Y|Ttb-3*L}oyq<{6r zE2<%4L<{eF`@?m=_+e9l^AO3a>a_Sg#2;U2!BsN`q-%~#q|><;`gdc8dBXh-r)-B% z6Bg|fJpETv-GXKx*;S*RzI1vN9ZZb7#pU<~1xDs0W|Yo<`IJ9K;w4jGC8oRy=_BSC z)Eh+BTu#G{rKnI~VeAke8O6Is-dmzD==OwaGTL#APqsFbAn8JDu$EJ@m@@vElT}>f zWq4$LC`F^6b>%Rzw%NA<0XggROS#!x{D$5HyOrA!TJ1hXPEz4*SU!I^%mh-BoKw7t zjkWsF3CEzb*p6&$e%Bd)Jc74ZGbEoRF%qtA*`DcPJS1FVIQbmS!5ix1)a&xfp}LDB zb#cok;;c9|o@sJiL-S)Q}(tb6`iT2J! zIEAGKjvPoxCr48gsqu*xGUr!Mr@l=Ue=6-%*v>uql~c8Ki>ZL1;IiBCV^-FA}cJizvxhH|8!z0cNzizEtD5Ep4Ti3#}5X z<>8H>7m)RjsgX-m-R!?tWl!dU8=(g4T$84x`AEF2g4rOjuYf2`7tBWdDotlG|0CCG zu%8*eQinnb&(#Pi;%M~V2f@=AkM!WrGTQ0yhEQeWs?YRnk~|NakP)IJxOmy5e#*=B zB@a$&!oyBGyXc0rITU@?kK-ndQtDEez~Vt9jHTaBcb%Q-K<+J9+_Fx45>w^!S|TiH zP)}G(wm}`*YZ>9xjc$3rpq9+Syp9#vTy(lzwyt3T-Wtd<*ki4^n8f--oPuo1aJP23 z9Nr|Xs8`6FdMsqu+H@&(c<}iy)R)_FHtJML>Kl!j%YK#^c!zj?&@)b1w1gPbL6(^eL+!{zYt<4D&p4>gq!13@VMP1cG_7I=?`vsQQqGVKo7u0H ziM@TcHV9dyqwR2JL1_wgdoEnUGzGt8Wm$Hs$r70bjo}$oK^k}ncrNoznq9|8nI2co22zwJIo2192e>kOEwyH*1C66Ar;mMxZHDG-RkI`iKgvOI56rVOYXo>Kswe|lk*MPgu|LYad(?WQs^{V?uaj4t$N^Vr`HPca> zJJY-{L5j+ag66rxt4?(CxynM>e`-IOI2J%uDP1Ci*p7ymS4mC=3bkfm8`RvTS3;9l zCC!PpgtdDcgG92XD3Wc4)lb#GDjV~(ENXkFS z4oSR1spHGhi@N!Rid1xXZr7H#G*u=^sUG=j%h$9yxe1A`I~MVe2MC3E)W%3cwSwj2 ziYEdXt)ex>e-xoAFI37T9%b0 zlhf?2)$cK7bb4D#q761kjyg|L>?W!BKzl31a^~Ge&4FAKx9-L%LovI+dAV#%sVEx4 zbC3Y2)gvm(rc-}`vY-PBGqTN3o}2rH>4hg-gERC6FcC2QTnwAT5VP$@uz=|quSLv0 z%j@PX0wzrz=YiMx7!zTo&xC2*`asds5sM70v@{}8QS zg3H=ZyNsQ&t`_#}`Gcax5mnc~?4j3?pfF6Y_T)^lkV1vajo(~hRP-RppCcZfRtPGv zdOY#2dH+6ZPkdnNSSsXz+YYO(oMt)_x)5qj5y$zRjO_aBL&2IsNgZ(jjTehI=Y2@ zQ5=3go%3-4qQY0p>k66OA3!Rt)-cbf(dlT&LplRH02t=Ln(c&0?m5x$>|4 zI-F05hz}!%iGNk#66h0}8|x=BAeCnixQ3>9D{Pc#m1w_dJMLotGu`JA;=STZt;d_V zV5`dRr8=Zw{MOiCGOkGhMO4g=J6xzz-(jEzPgY$SiuO8mE_(-FGa~rcOfjRk99DHhk@%DcQV71$Ysb-@AKb45R@${MJ z(Z**{pL0wBz128EB%n|90vBKOG!5ba)%5TNppA;n9=_R4vHrcaLb|ZO1@taI&~bF1 z|4hu?Gb|EWI@R=Qg6Lu_Tb}$=KtQ_PY~x!0_gkO~&L(dc+{J(@wY%D{kMZH#dUKXw zIb(Xs=!0+sadS>gH<~Jykho92mXvB?ug&EAR3+DP@oY8KE?J1ec;%agcaJx}66vG? z=}@?vmqJYC$N#w2&Ti*J;o36^KTZcVrAZ>%m%uQB}>lPW~f_3}gnWW=|v-LBJ z0Z}qm9<6w^W1QjJ6t^#k2e;rH237)CTMX@mx6T%-rJ9>va}kSIKfDfVVJO+jrCeV_ z!I96`xB`{9LCviV@Bw2hMo~TWxo6^8KSE5*k(=xsUU}y!OlODR!XvduV2-#!zj+8q z-93)kyvx%_?E3!vmM7@wC;qed+3wv?SVE(DP$c#Zav&fwdCb{6 z03JZZ{c^88CesYT*;OKHv(J^`U>Oow73$t_I4FBGMYUqUTmp}#^{9I{!sNU@c!$fp zSNvpq`f1#_gRDGHFx_dqusy<&wmwdB zk&9+O@Zh!-_B)*q9C6Ej!qmPPF0}ot+F|k0n8)h3oa1%7@F(r>*RRgWS+aZ}2+&8@ zEVm#Kblv;{l!puhJsf7&0^!+;i0+zWK>c8lIQBm?s}D+8){GD(dv5Tavd86@cP!V@ zcw^8{b26KQZyUDuAJSLfy;J4;R=qnSG5ZJidESLWEmXN z60d8!T4nU=GY?wr%f)U6XGSl%WICcg+bGAnM7^f%lb5R%rT?SUDeYsE#2!WynSDDe z7aqaFyu~qHpUWb?L7*Zj5iUdiEuMY#n>0L9n0AlWbm~*qHjQkPH?yfw+pCiTQ!34f z+s}~ee{!`2G>~w1%fboCN@S#aW-`QDE~C(9t-AiU3Sqvz{I$3=ArksTx>j2IBuu6` zG+Gc7cV=xQqH_M~`E60h*C+{Ukf#rt_|i4;36)fsCFle}yiKl)*M3r@V#B3&-9vpJ zKM)i?$%HM?Y&Xg7M||2(D!aG)2W(Xg3f)jq!KZfC%`$*^Q4dNszJGH;%PUm+B!AeZ z?}|%b6jd!bU;cAzfj%$CgpC8728Xw6bu|>TKUi9vq7EKbmflA5#x4{YCIr7e`Mv$~ zwY7ArrL45v9;3cO&Vf`o^u$Fj58mb&9Adof>tT?y1rlMDptSb6J?japSp5&NdYKs+ zuR}s4nwO|gv7?Q=tjylkt;4)dx0T2tNzht0Nb4k?netfQ`e!}7V>74Do8jcUf>Xs4 zvgK!aS=~KiD)#MPO{PSkPn?Fx`dwUb*w!RCwL4Mw30m<`LlK8%SO5IldsN4H9X}(p z%7kV$EvFhhaaD4+Qn(?}roI>+IpJ9}_F0vHk`GAKig^b@`mOQUe&hA|Iy>4SO9MG zCmh0PDGV|J@*R3D=q6^6O`%9z$c zpUk>1J^J^Le)}|ufT7tfWR=EX!ue8^Vm=Ju zOf1oIO_9Sn*V4o6`i(m60VJdx!j^+j1Ol-(-tPvZ8T3w`#VX;({ZV@r1cV35ylFemArz z5195);y$jMWt;Z5x@f(ZB3EB!!PomBqP-!5Ywx_?s657VmW{P}cgt(9q}-hbX-pOaFTgk_Savmb!PY;>lclO z7)CyJ_fse-kIPf~-SVtp?|4eLI?WuS70`wvB4=0Vdo|p+^OI@kpP3~6FP3?MCC{#f z_IyYiwbY^Lkak*;#a8@Q5;Dd`>P1J7Yt?#g9^!_|=!}z5&QC##cI1gnycxm-_1}yK zYOS7uNGsyBnr!M}Wblws``pHrGzo!jkitSlPR>%sYBuNI1ZDY?r1?aAvc1Hou10%H znbx0dbH(doyc~*8Hwj1=i#TT*cw-hK2lA>tUoeU4)#4K@B(cYBKDyo%Q(bq{Osvyy z;~{64>lj(vnbDRRFw>+fT95n0uKp-vC-$AQRxNSC!A42N;a$e=% z;GId10VvC_3<__kglQT*ebc@BipGPc&S3_gj;yv%7|y;`E{-bIxEs&g?#Vvu#R>UM ze?NG4Gm}M_hf!s6BCr{0wR<%M(V3(n>I0D@`OX#rUE|#;=Y$ZI`}Wu4EW$7md{7ek z?R5~`Z!XC*^DQY%QZjpiu;%LA78!`Yva*=2x1h3T*VT)3=t?s={8|GkDWvF=S7`Rh zfb4DUKNGi}2+J`EPaP9_(${e`<#Zr=h|~!WlrW$B@zX+Bfcm~6iuoa%ab;d6WyUkN zjHuJglzI3pEzwRl(x0Awb*_8c(S}Pa!Roc~A!pFaVqV>k5q&@k1BATrw8&2GSMB`N z>;S@GDU~Bg>(tW|N=Q-9;Uq&g2zu>5P|@O94`$*8JPi1V!wE~-fPmp&IEyt<7Cj@y zAoQMB%`X6o$_i4hwsK(t%w_yLPrv&>>ivUv51Xnc^r^o5-N#Zl!U+R!igl<0?AM{qP-!j%*o43Bpb`3 zq#T7dUSdVR5+mXC?)UWP>2;IX>`JmEI0kAnUlR~P3-lH`H^KL-I1$g}yYd;Tk(Q=)M1-&Ahuj2=NA6^0z8u7DL$vEUK*W&FHCq zW%(?`?25pI@i0a2;U%=Yiv-U0lbFxsSlRPE>#b{*W;vM}-}_>jF!}ko`}cR}*5q(Q zVt9EsU#Ipgul;<-cW%ep8Xc`QCBXTFb<(Ci1`XkGmVEq5J#GOMX28SIt4>vv{;^Q; zL2Gx+*#wdJl)?A+y%39A0m#Gl8!U zui8RMP>rUBHwhOf-a^agi_Aj7W|e?uA*S7d-$vg2#SaM)SM&#t99rQ*u1^q7QDp-z zx}@1zRG>Th7%RvQWTHNg>KgZ_`#jpFNc@mBfyv}T*n9u9j-NV$A_5`Ul%`EB=r?So z?3ODM`;*_WR-KQVdB?EV-LW!reXqwsUi$BRZ*&v~{UVpKX@q&8E&evxxy#|MMUV8^yG5Uh#+-pU*1t-&(PBJN zS2KR*{c85odi*Xn?iC57W)=G|*1=oKUP4^Gv!e5?5?e)ue7Cdvl`t2rcE|B+&KdOB zPRo5lr{{u2WV13Cc0G&;PzG_nhc`o1ckEC;)Z1K;zKo~lDShAg5_7oZ3a`evXblH_Uo@imZ@=|1ZA`)h#qxu@ROMDy zRx!U0|Kb4vJx^J=UH_^hnqTVu@W_b3@0a8NXYz6%{4E(SnAaa++faylj}zcQ0+Olf z-7%sbz$^JHih4ysLFIQwui}sK=?I@_Y?}aH5xN=miGMujh5b)F6s3S8A`(U-4_GNX zcLS?nH!BEmDJZnLz%LvCABmfrn}6fJL%hS8fCHHG!TfS@vU5FwHnit2Az<;N;J1Iu zz<=6s;WVGNpSUPYgNONMm0hSUpf|g5@>zzWjS3?Pg1-3DBA$3vAY}@P>gec@Ip*v< zu31e{F$x!_&ajs5bm+PPccpNG$06Dn%qgX3BBf{rq|&36GRtM3eTC9*alEPkHvyR| zj&H6&JXEyAilkB9g2w7Czx;05ZFGT^hl-44UIQnei%y z?vV6Qg=|=*-E7fqUYk-~iDUR5@3rrNfazXM@=`t(zPWt4H#Td)=+g#tS5p*T=KH)zH~%an!iex%?V4o&)TG{jzbQf2?}a;7{CXTnL|Biej55qSU6FZh@7YTKofee zh5~trVWYPzHn^o9Pi5bDHF90bC@``MjHVrsue16qeeuj|0j zx}*0^?Gxyb4S3ivf+pWwcC)3$UJoxVjb!Uc#%h2vEsr7ygei2L7`=SwkHOD;8fuB! zod~`Mg7d*_C}#ViuhvssEQAeUp=aq6ll3H8=x|0S%q}jdF!$c!v}Sk*N6cOAGJNgh zO9Dd320(~osYF@zyQ&7mI}5YEg%@-^7pw&xni*jGde`sc6Bdn(@RBt9-dd$iP+Iy> zMP-A7#TEvtCyO6}r_0TiLt=-ay^iaEgC70QBrE$6I!xPH_R)_LcZXMG*%EP#2_p1m zH@LXORZfg|k7YuG3tOW<-Qs5#z608XN}L|bALk&}Ly!UoElpg}Wc|=@l2;$(>wJGj zWpE)@c=xhGRLxS&zwC&nXnY~kx0X0f{H7W0^w0f+h^LJUUbr(#VIB$CyB%;5z#zDj z4IQ1I78nftgmtJ#zj%5?1d6$YpytM5VZ~@htFh?sL0j$n1`@k6X6V!WQrw!U75?Ma zTDcKlFYcl`me6gh`cOk2Q9Z4I5Kme|EpO7=A_l~r>BZ;30t3m4ibDM?+Wi8F2r1nd zuu^%vVn*?MeEc2Qz1{8-D?VTWegfw}Rm z`ZK3=9d9~gdSh>0ea2Z|AuShU=dy10yjdo0yoM@uLkk^7w#}&b#c`Wrj_W%dtd_9s zObWzqwP3k+$$c(})g4JzFpr0$o+)z(X5*!@PllD%wlDP5+#xA1q=>A;Gf;RZ(x|Bu z-1;_fZ|~LKUKMh{*X53&U2YqQ^M6dz4!0IVmP~LKVejpS-t@_vp&-?Vpt($YeanoB z_1OD*8Ga9!dmcXa1C8^rNRA5*r8eV_r@q;lWlb8#vN57H$2OEd3vW*Ism+xH-HA_e zB(du{O4pYDBt9S7Z*dq0UY-Yi22({qGmVY5>!MRrw}VPg(55wQE9>sG<_8X(iviy= zg=88hv+6@DaT5Wy?7pU%@UCV4K$v4UD?$xD__KQVXJ}pb&L0`lvKDtw$092oL5W44 z1ir5QrWTrv(%rdu3Tq_Vi={*Oi(#^{<;7lPcM`iv%7bzBu-t~(E|SsoleTxEksjV- zU!cj9L=iz9*n3C$oX$FL^I`WYw3V2~%+ z{q$p6?G&Yd^{C(NQA}U?l7agnVA0X)gK6J)7DHyjJfJTboKm!1e9!iPANLW3PFaR? zLc*Ft$&If%ljTTxUXy#T&9ir5ej_hV@eKuVG2n4ee=Nwq7b9bmp(uYzA&h~*(Bd6` z;OC#m_?*ZnpeA51=oa595W;MRs8Cp^@_z~B1wOXOQasfD!o2X_-!Dxjt~bnPO}Sup zdv?_J((m>lF_^*;IC!Imx@=O1l4<|*@f%am=3!C`BhrK-X{Gs3m@e&xrR4}d> za9?020hFzFfT;oPSkB5r?2DEiQlKA9+q{j926q(iH?9jqpfh^}unc4O^_;LI(@=rU z1QzIH z82%oLON#cK^*Ld5n0Vy$bL4C1Ce_93(%4LTX?emAvaqk#tGtwQ^hy}Mu0c;CkBk;) zV#0V?X=%CskCs0=@Gz)M4eOnbH|MclP`k-;=`N*p6-bd8%p8K6>imc_{F)23lvR!u z1q6QvGl>&2{XE^5EkUzL%w;mcHpYel^WA*wm$+~@lN}2? zRp|7|BBCwtqyJG&<-w&NS`j#~P_TY0;{>=I;4Va2wlkDJ`4)z;RmHge12{972VCQK zjv`>O?MFDIr=o&uV=O#AFR@}mQK;EQM-U?Cde}H0r1<9q_Q#nMmov<%-&@H3GGjn8Jy1A z??Wye{WP`{$b)z@oIsBck2$Nbm}uws{h{c}+$qprN06;%1ycrbJ)J`nx`W+K) zj~#z6>q)opF$ISt>P^AGU`B=&k5(K(N2+wqxJXk=?Z=i=@0SEx1O-A&Cn<*OK-~C{ zihZhZpg#1|H>PScQ*HwX1^+{s?9bJO^Do@q{C@19OFVx>nm|IRouU1x{Pdj=C6G=i z?NzLmHa=2;wS(HViJW3VbJ~_^wUdQlN_=z#GSGBmlo%S*hoTI;YpYgjg3kuo zBqS^tupO~Yo@T`pb5%7MKbEmEeq+MAO%fYM4@4<9NKd2(H6&b8iHO43tlW%E^wNtyIPC@^R7gVI}|JS5LBVggA` z?=ZS6XG5Hns2YCiBBGt1?w0XfvWag!>B_x-N81=oQY{1NtbQO8>`eS+|z;j&LXwU?hEaMr3JuELjY z$uQ=Od76^w{m)J>6Jj`1P)=q6Uo0j*UgxurBy@gXlujfY?B@%_wZB_*hl?l4 zP9J;o>xM-KC-G-&xT_RjUKae+EFX+}%KH{<%U`12kk0b9L`7<71zukjU*BC53I?1+ zM=D{g{RTx^JEIi8n-$GK;(4c&Ug-gzU*8+J*@>#_NB{3jhuHL5X|MhlM(itt6C|at z5C?z>k@g@W_%CH_NIM{rDvG`U9D~~CU(JCeIY@hO2YLMm!>GBR5!GY|rgnNTiB~@t zYQ{|MrvDXnfS;?dLeezuD-Y&%3S0_>%Fwz0%(;P{^@aJ*DqiPrvFAdmq;oMq8&8FW zsDYoMOtcQtrE!_`G;gHUIhmr7hW1p*i=8I@j@P#9FBW2!Ekazsq$-s|iKLH}NI!Ja zbXdVl%U_dQhe%ew6bijGy}hgW#KtOmiMfPRFkuUWG?%e1+kp;CCxf*m=<~hEN2|Vr zQ=T6H9LEVVFh%A+fao?yu+juf@WEH7P;qF(VZJTSn+c}zl8y<>Qr(=vNs^EYGe0AE zcR;dfIa`o9ynuoWatbw+W*KUN9!-e0FXup)*SU@(2xbt?eVan)mySvNv+CKKS z_7SGG8ZY7TlIKyMI5TS2{Un|rwBPH!F-mXPRcR5pW$%5OaUb36(QaW2*smeJ#@dIZ z84WcWWoH9(IZvbWToo}I6oynG%>8mk@eWh-K6X<^y#v3mlD-sf?^fh{jy;zz>=!rO zBK{12>HF!DRqJLyUOP=fRzs{P-;EG6F6AlQsgz;qn~r$PI0EX+aELSUNoYH^lhc6B zG-c=)Cb1J2FR(r319!Vj7ZN+FNd;K$pFW=%q&_PmL@kp$4 zd#I3jM(fQ-F0ZV2OB5yFNNbfJqwp7OiOfZmsZdGn z?mv`Yucn_rf8w9%MMi=|fJ|D(_ISGW68dlKC*VSdpvS?D@xqAd&13a`S0}$#N{=>`1_Z36?#6KP8 zMVxMyzp=Gc{&8VZrQKsO(opU3A{}yJy%_sF;iDB*z-zVdL#4VTlXxXav!0cW?8jQ?hza8h!nM)9p)0 zw`}nk6x|g_9wQ3gwVAia9>@$-p2E9`b4TXx>iyW}Uy zs?O2ptQC8A32#1*@Z3+o$|HjF))k?bdBI;PxE4AEi!@3+0GsI49xwL8d zj?}M)@yU*pVtgh4r>a5b`5&EsvzuUIRr>(#GJ%Ej^4$J^NRhfp%^&RmTW} zmB?LV5BLY@W&PIkh)jAM%~&2+c~O{GRVz0<+`4Zmp%hj@Mj>1pf#`99Y$6biC4Iu? zwTxm-UsX*6ag0}#8f?h)_mVsNen?*T^KG&Zt>21WH6P_m^?*vt+>99*fW}T_Q_D77 zy!0B*UWdgbHYR$!&@tGJrjC7uYirkHg|3)5+XI=F zc=oP0?3+Q}zsnv(KLjA=LT&ffYVvNXz&9KeszWmC-@Uk(l9U)>p0kp^mFo=NM~Tc` zzXqIY7TO(3C<&sPMzO5RXA&!K2AUn1fp7y7W4ep~~KZ zfXrVzFnj*Pz&d}SEUwmPiN)A2P+^z=cArcFGQd2|l&`tr zSFPaf)HTPQOusb)I{o;eeXVcjgBH3hl95rBx7&xU2Pme5=}@05g@xH}u`Ben z0Ar8+Ybwhq_F)zM)&;dN-ERhq)j>EthCnOz<2 zD-Qj=IA(dd@36L{JLrnvvn5Lo7YfXrYv%YE0wZCtlxae|i{2cHa%^q#aQA#gRAeMx z)18WH)vpTsgGgBLF9Pthl8SPUkGejrymnOZATGq1cgIwr*dX`v$nhfa^}x{9THtlsWeRXAN$;iTdIojO_^3( zvHOCO#Dkkm9b7mkn4g5pwE**;ePcJZL`V}StEB!-cTv!Wif(+r>$`V7!5IM{Ms&uJ zj2Q3gB}Ke0+?I=u(nmBX~dVI-gs_NhY zu0O@?A@u1ug$`1`O#q6AuF|k7-#2YAGHH}p#Hk6FcC3@K?&UgGvsd;RC4h8-k*DtW zS8Vp*bM@_MLu2xwi@4H~JSNEkkoys;v5S$nbDPaONsRiCcwI^jsKn#ktI2bXYC-CeGs`U{J5vq6u;Z5kjsSeeR9D9vUYs^@s#H*WNeZ`NCd#*vh#N6KzTSS7*| zE6@^^qi#oW*;Rca1p*kpxWfwygQT%okKxpP>%*rHRW z-{V^OfbHdi+e|nM7J2M87SOy*7ux2|+9~YVbw|~DMB@8c-9;T6oa5NwxBKI;En>C7 z-Tj|`da?c=r7=a5vmS@dn_kYEt3 z+%Fw!;;|_QiF6+)whS4s4huXj%{r`5BW7%OmCkmQ%iN0ne#nPJQd>G6+UoC<=E(~Q zQYO;7*2$!d#`#*LLUp@#8S*{Ya0{zhv9_$5q-#4#{?uF2F7Hq!d=SFU34Sn2aIt~! z=JCzRsIF}IyNE<1=ePJZn2qe<2=g z-47q2r6Wgc!2MVFL&N|D|CQ4G(BrNKV0V z4>;$g%>N$(jAOcVN z#pE-N(a#%|FX6H%1e2wN_G$qALIcbx0SV z*itA$YJqe?7P%6+>R^#)!V=?}Wg}oW!ZYyNfGM(j|M32ntjDB*7c^G-GV;eF5dk$c zbAqaJnT_fdEh*DFRPe1vhiC?(-F2EICfAuD7}~83p^;vG$Y;hX31n{wx-RF){X<6S z*R1TFSN)QPP>wrPC4=LI*%U~piGEj) zEtdrybC1~N8t?5t!YM=Sj!T+c-x||ICI=d828C_<*?b-amLcfD+w-p>!ZLfxj3F^X zo@e^){>Nkv)oOcW%QZ?n&IL^jF%A{~w@SxL~&=(>34l~hn{uxmA4D(eTsuy zWwXQ_LmSGhsI<3nyy>c1-lX?Le}6I>*9YAZtl9c%fs%n$R}e(y(NBH}Ve$}8bhPy@ zii_;1i9LE(5NYw~GHiYS?FQ#yEkTlH%hwUD*xS$!qe=TJpd3QG#Tffq#Tvu->0~l% z_odXCrSsx55cE((OWEFr3&Y7bv;y)meby=$w3R`MK3i>T+adS)a2(;SMybo>2jY*5 zGfSG@`FHkhJ5@+h?U!Y8Ose6SD~ZLH>Ib)uXUe>-=<+NQru`7poh4Jd7ZVF?Nu#a} zy$yT3*}$ViiQ^%`uw#D|b)d3=s_r^UGif|lRJ~A~(v#7Cr+?nr$BCCCdtM_lWx_%e z9hUkiE)R8FW#phsTvW4Bndd71);Bwt_59;_{l#>ApOXfuMpG7*vVPFMgtlt$~dcC!Y@edqX5j%8mmpM2GMhzhATMn;9vC;#{4pjU!Nm^b79 zh@IV*8T|9ma`oc^yGI=U@3gNcTyhdX4>?TFR-@TnQZCD&v7gCmx zma@C(b}Bg0v=X80F%K`c3ayZr;6YUqgxb3z_to8+bV;UDrz>@q8nw}<8zkCc?>5f5 zGD=w?9nikl6%pCtbt&h+LT~iFZ7)o0b2QtQ75G*F&mriPi^@3vBBL!VBRFEPtCU?c zVh5Xc>G3eGy(mkmv*zpNkYA15Xfx}Q#;cXX7j^uu;=FWy_JnAcfO-}#c(?o(jtG`vAtliaOMb*+cnS?>;8eazb8StCpA-T$d6=B*id0Z?QA3Cwnq9R z`VEVD(RNTC^n_6(l}L6na%OMe=e(=bw=?<8+jedFbBE_tDl;M)V!HX3Gib|vUmISr z3P1TFg|wOF`jLWA+nxE(O(kJ%=i67@`O+sj@?Bc!*4+O=2K@gJB`XXwIxOjqF$a&> zHRe*6OF2q64j6ax#X6-5DY<#Ey(-P)WwaWu^Rcth>I0&lTsQ5ojj*nQu*H=S-s1wx ziR@+cGL>Qjibn%IK_FtQ-*9BY3+>ZJ$LtlbpcIo_}oe_P0_=7$O#(f{LM`Ma$s=5f z593eqL~q}@g-!JevyVwi>>lor29~H#pDqH)RwnRhU?98;PbYwLYn24ud?fOQViViJ z{=s>T!>(jtDj_!NA$G^ri}qL-_a3lIiMmq#_0sR_CjKzi$lRQ~+EZRo{6-%hjp;7} zB6~Y1Hida@*Q`o1qwZ*pt?9Z=FOLVb&KETQGPF6}=(F)x>O7ftqcZDF&YN}lPz2NA zs&?%UXyT+-nVg$!J@U7D``rHaJAeMuDU8hn!|?UBrML{|&+R91p7imay56pUEJLBsl)%>;O(ZWuUn8f+au z+$N2GO$CtY@c?k&CD>oaZ+LVxKkNla6U{$J!HB~gtfy-qcg3-{gK>CMc~rO3npC|= zXPvJ}pw^@V!lGL{92ur^2b&{VhW~PzMfx>IO#} zBT}-mLsnz6Jku1*iOm)M8$d4ASrKA2p7-7#C1`WIHg*sT?aS7mFD2AG`Nh4i6*#3eVMB2E5&hWCHD-06)4$fYTi7TN>LMmM z?f_rRO>$+x9i#$IogeKY*&OD>N>M{hfbAeBG|_nhUt(?d{_l029GJo#ibJ5cGW79P z5?H_Al$5-X22*@YahdMw`FA{|@F$Po#R3~Zd@f*5$d3&3tp=$si?%uvB{c~===QS-q^D{6 zL3xda-Sjh?`;Um-DaFdt#An_wEgf96HoF4dRN>d>#n8Ai-E5J+N`-$D0ZQQ#D5m|kcLxV)5Aeb5`|$yvn;rW6+uYpcQW#M9 z{UFDss9!fr1;Fl8|B$bk(?ZOHQAbd{I(-Nxs#TJvr(pW}-5V%IKPLL01Jupfru0ss z`qoW!AR&Q=1yp}nOu)m_BCTI-6NdSJf@taatFi91P+j)AK0Cx7qo)7u`!IwM2MaG; z7NoGPlmFy>^4}2uLQS&hm_IkCHQ-E*Ur}=g$B}{yzfQddwJ*dvU@GTFtAuYR|>fb^T#;fUi(dSoZX@Q6~t- zyL|At>Dta@^cuVLW~;L>}bii`Iy?Y9*a%&;LK>Z3)J z+YeGrI$|D$e{<<(e|h$c8(~0jtzLMArB-x;PZa&MZhmL2@<>RS$AfAnsf>K5d*ZX3 z+0O64gOdexjTiUUt+UI~Zlj*XRk!K(lhv((Qn}UDlXy1Cl?IVAaa0*g7bv-^_Pvd@ z-07XjYsX*RiK>7H5tY{fT2=%X*%#E~JjDRotPYwhPU_NMT@ z{;BtXf*TOhOE1SN`x>rL|6mmk*2pGaxEh#nH}USZlc1ucmsEnFBE9?~z#srkNO))a zJ-aWM7X2t##`s?c&>PdY2hRzhWRC&!U|z(ku?Pa2$jeslIqc5NuOeRlhR=>6<`Gy9 z_D}9b|06PD|K{8HQ><{=G~TsaIlx0YcNZMN-Vtyx)4(hs0jSuGU}`Qh{csPH^x}yg z3kD^QJ}bI6IDdyPKbiD0-aye85xJu9vJ99*8ZmkVT#3 zpkMsJ{pXH^un0FK;=xpaB$jn^l-M%|yHhe@==$ZQeN&jbOnAhD$$$$lyZ*!WXO+_D zbix7_fh!e}`w@6k!GRZc>Rx@g5lUW{-Q|IqEGQ8X7BWTL$?yxW!l6YUkujcFzv^qE z!h>9c>ZTJ7oj&us@9a7)JT>gtv0AV<@&^wecVynDyyMRW*YB-%+Bf8f zA56bL+7lIB_raK~Q3>^u=e4oQh6i=E$hZn-U_zpQgG z{Iq)DftDqMd99|xe#Oja@*24rd&oQG=nK0m8k5?YPJ~Rk9(t3s+ewOFpZobd&8?~kj^iUwWo~QJGiNgM^$dESuIFc^)_m5j z#Javi2DUEszd=-=tAb^(b{>n-IA!Ihq@S?1v8>?c;>xe{xyl85FZ$gD;!Ta)@c*NR zWxFINTv$C8Gj_u?gul|I=|^Vh__2`N%6DFKT;?>K9JZD%_qZ#N&u4@$3O3ZNd_`E+ zHfk*idsQDqbaMY3?`LuD<>9<@H5wK091bV96-H$c5F;9!_N_wuhK1p}c8Mr2vb-U(c`lzomkNbs!OU3DrKY&fKlm&TLw9ZrW z8^(>~_JJ4{@gHw722NT9J6rSozKlX4t^qQw4{*pS|A)ewc((KBuWr|BN(me2>jLxq ziD7N{d9c@EnV9=&h37lCI~9I$xQ?q2UnbbnMhTNlBQ^KIn=RDSg9I}T`!j7_ew}_N zYK|6&EB{LW5!clFkzjkR9**uP_sce)78@G-wEEWGSs)@n&@|L@$83E~jod`VOx*yh zUNReYG)u&_VeM)|EbA8me{96@3jE@1aX|60Lao2Wx+LDyIF{r|4`4n&H>`4wBg=bI zfoc>x&FA9WscI8*vex_ViO#vYGY>`1oVzk4Sf0lNoeE)lz_X;Y>MZua0V*176KS&b zn6DwFZv1hOQ-wppOr`68kG)3MqAj)q9jFjoKEOdV`(JS8TKR-6+ut&k-_7=sAq%Z> zX8y7IyNp2Zx{{7d2PR5!hX!>}zcdEn>T-uslS!*%lSQ&)q)~@0_udbn(d#xUB?0%7 zyteasCo$Y=yuz@o7fLV@vyZz|<(IZApGo%N0eXU-p%PR7-!R- zJoQEQUMNn$?km$8jM%ald^cjVRk^h47`Ubj7eT0>m2Z@LbC|-_|9ETDrI99cHPVcY z!k*QqColexdwP@097s#J+SYD*wg74AHGJFV3DO|w7PhgGnCFWO@2P4g)sOD4`LIF7_GHKbcu44{s1M|9QM9`HaH7GJLNehd^=QTG;JX$8~-aF@;>hD#0v zdD1_=d%~A2AQ*9oj$dlVF(kD#2O`?GM2z?=sHhi&>;4sXk(v!o<6%ty_aOM*$@A2I;bSATaQ2!wzYmt;yzH zm~qfA#0R_osIIQ!=qoY%FO1qEQq-_MdWbAJ@LTGKKNKMk~L&7b)}AjmUg z?sbe-j&YkS5#Ze`-n67Xecv7TF1Q9q6!zqLX~cFchFyCs6Z~nM<~8QvcX5?qdwt1j zaid!Giy)n2;x+5V{+8@j_I;H?)XiT$6)=f7;fgiXo0n5=>aVxF@AfY%il5rt&Ev=t zxKYLy>?vZ0Jq9O@w{B{NvV-TQ+3)NMX=M)=?^?5xxr8d_%wg7fm!`Uf%nCsrplar=h0mX_NuwznaEp=6PT z?z)J*OdocV*>%W1&MN~^hR>Y~GhJK051kvZ29k0$AJtnRuD;0!PeA)L32{N%BW@_n zf~f%ld(dpVosn;6=(z1b{D*a1?Pobt`{rp)9V&PP;z)^owj2J2+Ad*Pt27W!sTYcwsfn9UsfIPyfW?yjaTMqOLOp zG&Na|){WtpZ%v~?u$isg1V7c`fjyMv{FQrWF>Mve!+wdc{any)xH|Re)Nn(~6z@wRBU7(YHnjW&*~;>+ z-dzU;H+I{!Vb4#mv){cPCcb~oJn;4_E3DT1)Q5Xohshyx+Q-L8_oWAX{2W!TH1-Om zk#*Jc85|e;=2Z(nrN$dZIB}+r_cT^LF=5*u&+7Vm%4K({r=Q48?Aiq_U8g4=drgge z4(|5kvZkhtiS4g`v7vZ(%rqDrd}cG0KlY+I(<4_L@#}@5oHsvHe_j({@;9j`?L35Q zu-EjSEY1%zEKOftdN5}Wc(ldf_aM2mz5z_40dNA4ef)i4{w*hd1nq+3w9kE`O4=!Z z-yh31fS|648Du_J#d9G%rXDID+EiZpWT0zJZcpg2j4KcC7VQ9)b1|0bw?ggf!iP=x zeVwX}x`^XZdwxqIh!3i6H-DMD2=WAc_1#B*sz~TvPQ4&YUa!SsbN_4-qmiwluhE(X z0_7)P@?ot$^%d;mu)%$JKiNzc)Q?KoY)Dpp_;0+$g+N$NB^7&07TyC@9y?cOi6j}bzfErJ}@R=`ZQ*@8^ zCP%)Y5#C7uURb~1-OdZnF>kGha0|HIdmbB(QXUzm7_fS3UUg}oDv&@ta?lUHv{*Va z2F}LvKlc^^_S=^-`qrw%U?<63|x59QOdlvll+m z%m~-;%bZc=jixlPr-gADBDYoXW$~ z3L0VOv8Yz;AFH30KoA?Y4;}gG_X6nK33Q;G7W@`3SYX*!`?ffQ-;8VpyMZVL8)7Fy zM4uXxeTrbhp_H!Fh)0ihr6RAHnBaYBWNXk(e^OGi?;KWFL{v2G_3K@ck&*qNMX_sL zs_^i^gEyyJV;-+-GjzZ{Nn%am0y**I&SyELU|*3(pabQ`fmreDzXJUA%ZC5%p#)i{ zSaMc+`YY6zBo0olpH)-@Z{NQC2s2iTF-uVaKdaUxg@uWfqxMO=4~xI6^rGGkaf6Je#Rjy4xa_l1Ewn80?6Kbu}qBIu6b(r#D>a4UY+y%pQ z6Akw1;Nz_C6-5drV;7`_CUs4Z&kXbXI`*c%@#`B~T=`Yiw2I<(_57I9i|-4K*zcaC zqmE@R!}$_cIFnK7JEAj2$A93>t~MS#md$9W4t$uqfp?8?S15!P6?mMH;InvSuO>Pf z<7&k*!HYmt67EfRmZZ#?j_qLjDw&C!+^+$R_5kFVJ$S8EOGE2chJb=zwmKkLYT@I*G_&T&)0)cDZqV3f7ZMS*<5 zCofGqXZAJAb4<@;QF7z%j709~6Yc?gX|_)LZ)|c_pRL*l zI+E*0g>l4}$*NZmFDNif+OLj9X!^BPjy{zt{dbxE2kz}e9$HVpA2GilYWN?R)RR`Q zS;J*;f;Z#JsjdVWHOeBi56vdEU@}@)r4H<%^ zCJX=!LA%r;2rTt{)Rzn37B?V0G0scj`C7tkRBNLyjX%6=A$_-iJtw)N_j%08wBY6} zHox)QCO?_X{83T@874}GH}rqP5tpL~KP!FZv{1|!gy*U}a#h4eP({y;hpvvLwXKa! zhKud}BDm^55>0=kx5~GV%`s~3b&zSp{v{%vaXm06W7d1)=Cq!LQtpnC43?-9fjAev zp61pLUwm8qS)slwrFDM^0_=7(+>JStl2FR&u$Rs3dD5y+4s&&{#4l4cy-Dq^OO<(z zulmiZMX|Fr8T!Jp8b=9AMc-k{jBn~}UH}L6)aMaDE`55cq^0R{zN_QV(F7&2>M zoKmdYucbdA#-)<3c;iFz#7`%(XKz{W1wR2LxGV7TDNYW2bjgP&t>9E=xQOSo_QIP_ zUS;t>5s~HkUE=BL`Ddf;d}sT1a%~EmroT17!4@)KSJ=ECKED&S%l(I|WC+Lw;0Q>n z9*)4X+gB6P&k8?5&WnT*iNqMK(GsUP8*(CO9&C`I#y)-e1u6Xa$PKNJYk}M<=dsw@ zsHRcugav3yDI0kXFLN0R7EKM%PYcu3)La5POdS&!*P>wT>`n}px`cwz_TueZo+LRJ z{rZF-&=^cjRQoVHVgIKp?}aOuEUpb?(a5}&IV%pQ|v17Q|9d!)yk3Xna*~4A zv!*3H;O1Pp-ES#eUei{Hms}JL1#02!K-B2NjQzaQ8vGpVq{0`4J`VSg`c&*o_1oRC zHVZFDLl6Y}U$L%Y4solRO#|S}u=5|?_?`wk?Z_M-7Tj6>7IzlNpg}WrMem26sz%al zmRPx|v(?WIeS5TwmN%kmH7ZMfj3}P07oJaUu+RP3=(6p%7rZuqri zo+rXsKSHmg;k^GQk4iQ%pmwUj2pGKhY6x*5vGbf59Hx(4^uMJ-{4vy!ynf^PMOZcE z?(&{Sl|?#!T~+%sMD!(e7>zd2PQ*P2>K8SKz(|qmiZ#IV?cKqpQVh{yjGSYlp%A;} z0#ow276DOTvm8u_9tN21T3`^drTh&hYqEZgTR>szJv=$Jfs`%@wP$@csDn3H3+6)n z*#IZc4?5^4=sS1rpu++$1p~?n@EeqP0~{Yrhj9T`Oe`6IC`D#J0Y|XKAq03kX*Wse z3GRt;?@tBaa~3dfwsUX8p?8`?_F_?b&-%v!9>`d#2k-h61{#B5ap&C^PxNg}HV^)s zeR&oT_n*{lquz?(Uk&R_knr%PbdBhPV{fd9i?c;tHjIs>lc!F7yyxlZ=|1FACPr$1 zZ+(RsHGBKPa_2Ke*|$Dm$C|;zxE04iiL_q`n_o}Y^lBUgTd6&+6u4|?_%y0MlvlD> zMfxQ@BhK>Uf<#m|L*jTTv^~(=U`aV+xh*m#CPSX-EGi`QJ+!~*6=cEnq8%=S#d^QS z%TK~QOX=@8xSy*<2!0tVE8ywpR$kfnC^R(k>C<$PRUm>+yCu`yH_np2I-CrL@ou&P zJ%X6ahxLY8KuBKYZ#XXwO+s;<@6}akq7DP{bDJ&pRfFkZj*3GA%0CM@)18O8dgT$U zHQwv|1U5%~->i{-g2>x~6VET3R^xc;0A)?ESbb!O#cAxFpXGhrc2{@WtoW#DP%Ovm zDbqP)I!rIUyr$`ST*-irAuRcS)C{LE2dL;r+H?A=YrB} zv97d1uQKA`_FR`)wH;yV+nPA$cue#91Z+B=QP zEBFS#+&h}HywwR!J=zvf#yb`?ec>O^>CVft2Y!{W>(IN>uoQQ5^t;8(;cY3$g=>rq zNYvr*2EAy41xy7HIA~S@)kDus(#;!OZw+9{#oL|dvis8ko3{(Ca?#N5 zD+Et+bxK2wr5Km$C$tObb>t4dzt+f)H^BX{8+`mtfnL#_0M~dhZ9e?ncj*X?OBW0a zkYE9+*^fVf+s8?%GJuJ+9C3j?-22)9W*7+Vm~;X1FMxq_Znv;E)~Wkob@g$%do7)E zRgcA)8!p<#rJsq>dne*sQ6|;)0qf^i34*fDuOd<*7Exs)RvJyN!{vG*qssnkU)E7& zh2ypFlgok^W#>NH59?N7w$>D4103LKLCs-D()1d`_%d>{)DAQv*d68*KPQF)=`s3$4h8}YXe$6& zxi8$|(cknb8%J@A!&Vgs9H8w&&~wk9op*U72^0ud0Q8f(qnXW0^>AA)W1nAmJbkD8 z{sYy31749oVl{pM=?}}}b0`1;r!Odd@K;VbQvQ8JgnGjP;>6OsU*>##t{oH<;0ffM zrWK`u16ST4=+zt%dmj@ym}Ml=LvGL;skRkK^a#RJeksM2 zJ*v4=xPL)|*MEI|C>WpK8U1lSki&a?Mo(jqh0#yBEg1f=NjT7UaZ24m?c+k+J@^sW zT)iw>F@--VIPS_NQlwzp(x>8@@G?St^6)RA{-W8q;@XJHRza(zSZRuOgf_}Qhp>|A z(5y)5wqj;Fw)%>-kU#J}$lt4^U(vC6YbvgngkzbEuYV0FJ;8b4i;P@MKu|R0!YP-< zQN#y(mRFD-dd+Z)0!QGMY&h_0vF^cCv81@~0dIp_d`f0uh)NGYA1<;<@+aU8Z)n!7|IAn; z&}W<5?{O0j|FbZ_XHKyZNSJmvsl!tp8!poY2oX zCRC-#K_%biThMN`SN9og=H{+iI;#;B!qERWXsAKKlFH`jXd^O`sF zgS|+U>cxx2;w@C~F^oxsmVLSmvyBzmej>ZwbC>%*juzXfM(|3RYsCdchP&(dyZcvR zo;RkkZNs(++y@V0DOyQ#dkbpT5?!b3kRAR%kUg2VQR-$UCMML_qbs|cDb2f@f1SLz zx-Q>H{>kMH_x)nGhHPD)W3s zznbHDNtrL`9^wt!fu5^07vWIZXSZ)O2WWH==h8IMMW1Rew~n5Yb9=HZ&mCQ9lO*SR zi_XtUksa*zE0(V}V#Tt@Mseq<9x?W{lJ;S>lRjboL#}02?%xfcAG#FSg6x?}_Uybc z_4D~1fj=GN|KX=goyU$`x-u2^!$py4aqrYp#f^JIb6o4iM&8V;iHVw;88wbw_I?4> z_p~FnjtezkbJn-Iyo3Fy0~v#on{~c>BsW>UV}VXo8Y`EXlhk&2Pb zwLWEK>beV`ZIJ;d8s^u(c=)9*^5C&vr;QguBUGu^VJ|VaqQV_{MxU))#JaKT=CJTk1SxxByY$#c;x3_dG?8K!43wH{{Q^foK4rf+~^5y4Q!cJj6rxcLtaC9d7Bkd_#fiplX! z@OXcjJN#^%naGt^Yi-jaF+2^Qtu%NiZ7!s=WOU))m+qb})`VMTLF(FAmN$%PmE{em zSvhVk)i2su5?n!`c@PT7C6dxq`1$&h3* z?*{S0WVNQjxEt%Z24IojL+a zcSq^rmS?8CeQa4CV#$k@qRT-<3l}4jx|X4BU!balA3B~lk4Jb~%D$uSDUnVz6m%)> zUc2Pq9@%4L2^uNhp-|R-L=)XqF8Z>=>BO!xn0u72wuLyAs-ir4yX)M_%x5bk#&1q9 zOS@oWLagU=*{0WMbn9+rZTVVxm(IEmwYx{iO3BM_#6%})ERPXUSmSycAF(ywMaCUm zv>78*e+teH*iYiiT>kZ{UJRNq9*ksyGq7M_=0RY1ceiPifH|z#g26=qBR>Aky6^Ri zs7YUR7m=QYw4(rjD5J)_JRS^NCb#EM&5 z(bVWdDG9UFc)t9-WVM`K_=>^T^^x(fmIuC#1socSH+Zu@SX<1RZpuc*Ose2wcf%bf2le-RE>B8r@KjU;c#(8X(K#y6ddBau zaL9e4$|uKPPQW^iP&G@B-IA>e+#~#lZCRXK;V9My)6zdkRde$gZ&QYBFf1Krb1>Za z5SM3(QIM(=I0R+;&idQTjsrj9E-}{UqPWR>uA9^>TU(TQf-hCv&5D#Oz%O1Z=!044 z53*EVRM+^PU5|>5h+XT?Q<`<-!v8PM5GV2D>QOZw4m{@7=kMm~tn(NQ3M$n~Q>g6B zDVW(u-U=y+Jn5;Qr}w3yi(jLQ$~n%??18PlFy<)c@^P;hYXm@XqP`kgbFbj_!d~`TYxv^Ol=$VC$6Nao2HePlj=6(Z@5d2KKFmDs%dlc zPva7wlLtmCCpS_M=FuHUwCp`4tI5^TwB+2zOU><6pQTGG5PVRDwjT&^se7M_C-nS(V03SUS-7W?cY51 zG*}<<5{y?{@$Ms?;JRQez<|7z)0z(b30#HO@X_lB#CPCQt+)6yJwE>)kpHk^Lf%IQ zmU4)zgm?nU7n|RQxVnds60qFT<6TR8Hp4%*(X`S5MBNHt$8yP7gKq|OH^dhAIr=}E zwDy|+4U?AE@Fqfume7?vk6G~7#lt+_uT1a~d@5~Q}3_MFbsGfT`9piJ7Fjg82ejG*t)RZN&U80y)&Fr=L1C$6NH%V4v$rhs z^o^OTwCFAst1$ho@C6CaPX#Iql!>QHy`yZ_x^9GTyKQEVE(&8OF8ydW!=``tYIeKK z9-r8+=WuJZ`uQzJ1;g22`^4zId#8}^%%{p};2f1%Bqu9ZcZ{`GmNhgof3N3=eX@HU zrEo^3c8*%#wR&M_psR$3xZZXnXBTG^7_2;_vz^0&*>NZ|>GK z>Dly~!0GSRbR>Q1c1vswc&5;jXC%BU+5&Ez&>dD`khoI?m!IIZz|t|9S%8^yqV?aw zZD!#Vlo#)FCl86LEQQQup_ns_bXtalSN4owU)AW!rz{n((SmR!Iews=CC?_0X|0zx zD`&>lu4H%$Ol^&=m6mBQ_>XPb9iZ=z@M&22YC`a6usW^&W66h7x9j2(SH_b8KsLJyX7BMw_;tNDObeZ=uYb(M`oJg<7?z7G;HkZ!+r5 zvb3-i^5{t#y}MarwN)~6xU9S}z#_k)ysu_nmc|-LWe!x2ws=o~)Wf2q?J1N6{kA@` zu0t#T`s-|lc;>P&O6JDbrS|*ZLdlh(2q>fJL)?jP9SX8d%{==~R{Oj26i`b9ELm>0 zgN@ps@CDI6+TU}s`C{0rx8o$~CYp3@SQ2AbW(>_JSO8ycc+JRE$;wNF9f!F($Ep;W zpT=k)0|-f)ghv%C6&P8{7tK~{rB*Af2<#CKc19X)Dk>MH?ODF_Dl*KWl@#2*Bh{n) z$lHiwkMhWR>&`Ndcv~?%|Jf_*_157Tu+HXgg;HfCBSW=Ss36}vPZ}-NWwtc|bJ9tE zK=h;5MUput00`pP?{6Lqh50SsKpmkBlj?lWQrm`G4 z^AXsG^TAY~i4d8xF2BtUPSi%7^GS9NZnYp&5=<5?W#c)g@}12z)Mna@z=BWn3a|rj z1=529nQ;WhbW!2lA-=B%t2b|Um{YaJPg{_7^@LikyrhTR@%5#ek0})S=_iJCyuw}xo}KsttHj0FOgo8mN63I*$Rg1F znm5Ygz%&na3c*>`V1`S0($FH(?T6g;xt!d4V9VDLnVx0&^0;+ECU3ykjTv^pL}X6^ zYL1pOh{6o=X5#$bEf|}4hvmm?v}Ra z9cAP}W6kEibFlmv4J$wQ_i7+Jzjku+L&IX6G`Tj*`AACyjxk9QeE=*-Q3u7QcTu`z zZo8oa`P)x?X;xV)q-UGk%~QY&1BjaT+Y&PTrE6*dyG(cFq{{dwsMVT}9cfLmvpdBO z#VtwN9pDRHzp!u^bs_JcVl1$u_x+S#*d_2vI~T@b zrB6;yD4}RuAN!aNHZAu{?*?ce;0T0%4LQNc(;t^)J1pLKr^A}$rr-UnL$y40g`{q? zLf-IZyHc^_Swej6=45mxv34VRW>J!Pw{I;xud8Od2$eXxR$-gzjir}2cFp#VE@h-@ zxiKyHY{?rW{zu)dOKUV+*kSZjzMX1E;)u2T zJYe*|ut|oy?-nmMxg+8X7gD?VIBDPHHJG{dAQC%#f3kT5FSZwgVwxLwnZ>FYqPM&oq)jRge%zBmWtm9yyxU7SMtg#F1*0O@l)|A zZ=f0_u>!hr-sWwiRl*dPy1zPpxvmBp6jcCN=4VVgCH`vG%)f47et#l~v#}G6b{;rf_XlbowUO z{Go7>VCDDaJ{~v0eFksmx4KH@mXjx?XS*#qmmus!B3)UdZO`htJO*T4sreqDIP|We z-k^x$YAWjwG@v%SBgmL3Rruxy28C+H-UN1NbJkDNf1phV1=e(msBG@ef~1=pkBIM9 zMPyWsan-~GYo~mlmlwm8#AdyCmQOUTVQ;Q|-KEPjv|D+E3Obr#e9FGFRn_`Ls)7WL z-lhv@eo>=rqlcQ?zZUGTJw}qu-fWGU}kM8W{;6`0^Qz(tq}_BOM!}y z<8`h#GI=$xCr?|^TYp5B(>vT$x~#^s-8`rzFf6M{zSiAxLB&ZtERHUCVK_WCa$nY%mO>472Fxk>_rpvE%kSWhbAT2Ot!2i z^l>ZGD8^?i9rkS}l;-mN$pSVFXQot}={4D3NoKEFu_=wf`f%(jcByPB4$17xORR}e z4P!gy9F}R01=Ali=~kNW+roIaWK~M;2VZ_KzK}UYaG>m)90R}OJuAVqZ&k6^%4C{x zTSJ5pB#TTa^?VvIejS(>a(#@|i1gHf49QdFQ`z_U+LeiYPQV^cG+8Bkt|^s513^io zwqWr7PJ&t<5qVd<;AFot@S!wjb>UPBj~X47LnbFj<=QTdqCW=V0ZHR7UE;T%D7bX6mfL;waq6{ z&-NeJqZ;ZEU+PGeL#L>MY9D!>P}5Jin=WvN->P}f34q46pJ5>&qxe`OHH`-O=q;<& zlyMGjCA8q_0Ig3HmGuf5Yr&-8DPpbP)}EvHKyZq&xb#%a5oSGaEgF0L!A85W?kO4L z7VNa_krauwl~TofV%~w@(SXifyBSY*X!&z+R7<+*(DG^n8h@+XkYhH7jLoLbx))edB zcS@QObRh~@yO>5{`2n6(ro^(88Gl4)V6TdK`I(2r9Rg3|_ox9#5cNYFM6U&lcS4 z*-?p#X5+L8^{<$*0xSd{m$R>b>@D$OsA6{FzrWhy0%9ViRjpp=ileIxL*KLNn{~YG z2X%(-ZUhPK${j99zSsKVi!O4CxcAaqvC1R1uE0a%`CmLBKDKsrom8g*90CNu7x3(g zj&s!_?o!YF&>}xZdZi}L_F`Lw;MpysfvPGWkM#&X5Ek3#zFnbwaQ{}J)EErp2(_b@ zpS}_GS9X|a!XFC<&p6jvb_o| zfrc_`E?ynAE{MF@e%2X$(iVQTKs) z=QG|Gs*ot&ph=Zv9LYyl)3B%?RK)!T$!j@f?C_Ba_F7!#cvb_@EocIQM@6_C@;UO>d|Dk`aeu?@{ixc_7)FeH7Kq z_p;r9T!6c&tHYf1v}9hxb|Mb-sZfl#E%oYrT@T*!5l1OZQ*~cnFw@n4SP1}_46p4SqJa`U(-ySjb5CW`> zXfHem|AqrQ=oulRE;dx^hMw9EvyJVU$SDqx0n2*s+=ekVGvB5T#NC@0^&l|qn|f*| zEii@LGoe;_glF=L6I-xRo2Q#$6*DG%W|R<;Lg6{xS$dP}j9ocwNH8^^Ak}un!Szdo zZEdR9+(?_{ZM}X0$pD*)LBXo2cLm3B8=pNbsf9gCXsz0-O3lwAe5)GHN(`_^@-vo&}iri4Rr4* z0Ca4`&E+ZH zf!_v@)yxbJg{SW;obP%08lP|){wP7)6D+_W*Ziqj-@4Qo@vpe@ed6%)*WFHy{UVsU zn-I=@Kj4nWHn1xM|2IME&-n6#v?<{Ps?8TQn~l|pClODHvJ%r$rP&Fg+xIj}{dP|c zW&8en?x}SUEIq2yMGjoR5*prcl1xvv_x>w(f42br#Jw(R<;OsGhsQ#kd?4N5Mu?LE znef*@^?~rHh+FxgVEqDkq$gi-_#Cv(2B}o8*?xG(i5u_q%~@KU#nT>TM5XZ^?=vQu%`a*ajEH_5eTo{M$MY z-ccWU*eFO?>{9Ml@vE=akAFz^Zo#vNAV$MRr7YdqP262Cz0Ph z|K}Tmya-^Vz3SXt6<_KAvG9%Q>Bxk2{-1qA%x2V6@3jH@RCaV|9GwH8-Pe&njw}{pRh{r=wT&u3C6f7k` zBy!t!*B9RScl2X?;2((9wq%!Wy5R3o#gV)={x4DG_elBQ7FGV=BITw{$_e?_EO6TE ziX?lQkgNjAg%oI_t4F3z$R_|~F*TVTeG2CBHfg{ACp|T7fGVHKv<1*OBh@e=tJW6R zZeh2P=jxU74Mn%FP~Wr1*4m<&N$Qu7w&35UQRskKR1Z7;8_6l9_8Ti}XTU`fr4|1v zxfp2PPA;}HLUVt|oLy=Peg5cI_oI-R;WDKmZbHzKxb4FKwFPq9!HZv=f@uiZjAUJo zDM|Hs|JTkO#lI%giLkAly)CK8q^Gj!bX0{;3y=o)gLCHDqLgfOZiTh?4SVq<&LN{^ zk|G0}_v!RRi*Sr@B}%%q&2;=j6yV#TP&SnYVu*C?KXaKCu^tH2^)iS<{CjA2T8juZ zkc3vyS(pF3UpRJ%WFguORzK*td`=`9>LB)n1*G$90K^hX7*tzdNbV|nKx9Bv>_q_N z8|?!6jo)a<^vhsscI~ICoO%67BNqKvW3nb6?1@_pglp*rOdQBc8ePfk!OVN6?zXhD zPEKJnD7uiACDUG+dcA1pY}Z%VTW=g`w^jT+gi?N^Pikgw_qegw+;mf!v-Xt9q1(&= zz|^I<0{pLQYzYt?4wa<6ZV2!qDk&mq$j!ISJae0Rs#(A+%qRnVemIL8^F_4>Ds6YW zCeM{fVrDe6ysIY#dbn{L#2GH{a^hWpvvxFhD$&|!9=ioh-rX7+!}>w&3TC}(>=|x; zlTDT<_*PPHEGUdX*b_kRBgA_h)IhTbtV{6)W{iJyF*sqh1)%CH%mo~d;7O%zKL1B< z{CAEXirl(krIvK5{GDpx_@BPU4-pNE)J7q=7~aXE)!Mm@HSn@NvU61smVclH<|%OY zf69Kr0{8%e*}@wP<-*4pWce)NaD(% zLcD1y-cylkI`XwkkL_g!=-Wi$*v8|r@`u@BA@qQuq0xH^Q%_Vg0solRGYMyJ%y6^D zxicXooR+*y0b;2iX%%~HcdTszAa9#3X87+on_cLNp_+HKC-%AcNXiI~v4JG&o*!VT zEuLk0qcro4uWaCex#J9wD5+6T|Z%_I&(k-&-sQ>(oXz zEE1kf0LaUnXx$wTS4KnyY_LEz6GbL68iabmzn#OVBRi3l+T0CcjS#ZN0X$-Mp|08b-%`zY=qe>*<$_rmN>W&H?bE77LLGE&~~lZ zaSnKVbAxt~-Mk;q<^^uQ53pu?<;wv~sufNyI001L5Dlrs9#Bj;QrWqG>jiL7M)6w~ zhA|1>W?tKU*CW0%M;Dl*jDt(tngX-F%3fy}HClOOE3vVPEL(uA0o>^`Tvu@uV-b%E z2)|$O1`7%DAR4!0i7|>&*vR*;al$5=!Pn%=R2G!RwxMkz>@$Q^+T83vhnIaDhY0J~ z##l{-q4^>Y-wW?m*4jg{bqMKBQdQyMa#ETDJY%XRqPU)97PpeY3Gxoa6j2sM+Ly+w zM(qc)^7)mUD&m&qPdgMl-1|qbt{8 z6C461E-;oydcryR)`5#A1L6CmOe4J$vERt2u)Gd&(i@?LAGwlJU$*moV@tJ>(^AcT z=##BHT%LRIObo<6&B4~5KTw6i@}yT(-OG6q2X8l($_C4tARvnN0Ff1qzEguZcrFk5 zc^6*P85(J2M5p9C8?F*no-|I*VCM8J3 zdINP8_G^}b*pRThqoqf z0c4rf1T0M+=c%yxjw1_VDSIFefIegIZsAmo4YY1QSPQY*{0%;}z;Zgqnw9JxS}pkX zB{dTb>hkv{rUH20BqcR}?T2E~{MGwQa|oS|9$}R>Ll(UYr$Y1f*wWDT`*@e4IOdDJ z-NedQw!N=LtXfGJNu;&!b@|660t_TCG0i`SI9dyU>C>>@`HxE@iN3|pY;okzYbSzf z?!^uLny_A8E?;dhF|sE}Xcvd+4-HaX>$~tZN&wlI(!!p-}73U}E(Qh)XYz&tx-NpA|Pc53vh zgr5VkW*eR%k%ba$CGN(FaLG%9D966tTG<@A(g+o;MD5>D8lvC>+ZmjY`DvIVUfV;Y zfUwx`z?Tlub_+t_3b4>xu(kmB^-6Np>r%tqI# z_dT5{hHLXvb7x0&ahp99@8gpqO?f8vKD##JZNn2ftaXJHB~nD+w9790g`T!tdQ`N8 zp|@FKH`mGt%Ix8SPS4?<-iZ*+4Zbm;>d>X6`acdX3 zCJ4fkUi@(wnF8|UgBKwXXgGSWv)|N#T52#8d~>hUH_ij=N$tB`CDcVkRImFxUSkSe| zJx9;&)Ay+fs_9aUsi_(`&}dml3UMfS@iQ$ba*o*orhQ~ex!Dp|_d_YCf7V+*N#7RD z%x2|z_iZUmK|+?wYBmk^-O2o{=NLAWkc9Hpqy*TVlF39Zh3K~DZcZ!KXbyUL;%U$OaUvh6C#u`} zH=<1U+$#9+&g|~6dvizo^iG={bV!AiT7ZJG-(>E-DiBq@Xk9fq138jY{#oJ5YyEUg z_k_>I>w-!l%;h*j0Bh{fx_20+%)R>_**32M?P5A{Bd6Y43&=)!Y&BSalu70)JN*Sh zID7vO^$kfOvR%4Q$Tn%?Fa!>6gT~v+@@=Saog0XVcR)h(Zvrv!AKPlugTVj+_*w_z zDE-5>;`I;s=c<(F^k0B!XQY!C631nEY#tsDPvu{j>(jB#>KY<6E1U@`#VK9NJ z>s}i;>pRpJvta#YVxL=8!zglLHfF*lLMU!}^@xX=NNK9m&{oln{L2$`E=JhYvWQn` z!xK&IF>{gNg|X2%CQ#G5f-sU-@w09JH=*?qga=4<1pGOtO zL<_?5u82eAK1Mm4f9hTNojky}ev6gMKr0)`r};a$CFukSf|Nh~yVSfFm-CMjA3(yA z|3k>nHYfKxMtsGQ%<~V0>u*rq7t2Xdqw|GnI_*KKBO6Y_z-*BLqc~Sg!|6{a zF23ZgxuY=qhDgTb8aW~E8MNR_Wt!FrZ01b1F6JvkU@M9ShzesaTX%Pu)A7G-ngFXG z%a!J9_4Q8~M#r!q#0YL@ihmFEM^7f$entH6TmL{K$kth|aHZwuF&iyDZJP&5 z7m0rt``tkM#2@qI|IbbN;DJLx!2{c>v<84B3N^AAET62SFq01E{`LY8$qUNVd^IW< zlr$K?dVhI=*TJpXkT`&*P`;%6|Y+e$Ye>^tQC1r>k*^VqihRz|c(Ldj>pY97RiY{}?)|9N}{P=8n( z|HoYY_FNWV+~Nn$;eo2craurZe#p*gyAdV)8Tq&Y4N^e=NX}PY+ikT`e;43W?OSaS zLP%fV(<@(1+S^lByPB6U#R|bTydH}jf zH}v0Pw!B zT{sxoto{XPwK&L3?>>-Og+W$ zO#1@#Mq5NLA5armlr#Y*llyBOB!9tAd|EvkI_BR4wwh z7d4auE{id-T3i}GF+6{-ED1myaIIz-fVX8b-%jfK5B8Ah4i=9e|3B@W2|U&L{{LsD zsjir#X&I_hrpXe@Rye1^G^UVHiG&Dcr-RDQlsJh9$$n%ilI%-VC_7myvTrBL8QC42 z?Em-YdoXIc_s;MB?)}~SzmMkeXetgl-~ID?zh2K*{oY~=B^!#_O#+etGsm8k`=VWj z2E!YlN9{xz3WCV#lbFm)c6v{LO&fo6(K@Z@nO)x8?D2d^q{_d*>-l_> zVv)L#6^NTf^$#{wW#9Bku<(9?whw*n56IjpIxXx?NdTcrYuC}jBhxW>3a0`gJgi&R zTL({BqY2`Aty?~W(N40-Fu~EH@!jq*w={`m^>0OVQFvf&{x?>ozx(Nje0PX`xdums zJc)K^M&KPeX=SOg8X^~qoUaph)H-x_6s%PVH!%0lpCCv?_=1MZUZEXS2eys9UGgJQ zS<>r$z#$Dst;SAJ&BA?oJdYN^uaRU9LTACC45Wb$=Z1Mo6 z9(s=Cz0G^{3aoG=5k zW6*G)pYP2(op&y%aG+?1L449B$Hm7DsO{ zNAk@(#r5OuzlmnVGwwBBMEfJuOv0yj3RjW!E_@47iCCjbz$E?lX93^{gwHcyrAZy? zMcO{NHis_1<|Nc?-Ro;H)7PwM6;>xPAi?RnHy!lZwRfiDU&70j*jQS3udLIRp5EDj z{tBm4)`%bJD)pT3FtSEZ$KP~%-}D$e8stZ|g2yfAeN#USNYjSa;An5_BHlRB`Z2H`D;FB)^qx3A{&Ob#M&YVebX zm5K@<3#(WP!@u{?c}9Ua{f)i9F9lE0M$&DAo3|n)gi$V+5(=i_w~X?aZByB8Vc)2! z2n9<@=1x=?b*K$U9qk*#Nh==K=S{8CsSn8BJAuMth6eA&g0jj-pVFkxwRTK5S7)_u zKHM!X`yL2H;dSq@A>Erqmof7J9XJ~!ztLz2Fc+%B^_*5`K{P&CJnr-Uh~ z{Iu&;S6D%{3Y(5mRPH_3?ijwzLW3W6Jwbt#O1h7Th<_ntMn}*Z>9RSceBnh00(!-C zrmD+X9@f6V_K27a<}sJmf{oF?9@i0SeO2%98XUc;)$c!fC&h}(LKU4@MYRY0lXv11^w5=OiIa{r=-*j$flJO>MuXrVe#?oQ zp;xIUw_qdY8IxW`*1#@S4t88UGb$j%HhQ^9-U1_@{evxy_U3VbZnYJd(p_iHz2}X9 zsCoIdx9VA6CjGJ&g)AhMMz&@xF`plynglBFaCLbk9{@iR@{@9uqoaz28_U71eHo)Z zRzm(}C)mfAUm0r>2>TVKgp1d$hFf`pzT~3!97Gy&SkxJxEDarhLbLXGJE_GY@PhBQ z9xu$b5cXox_eMU!pN1@A)%b)ujjL9ZPjaW8q-H6ObOx@clm$AfwB>Yc9?U$=mYs5$ z+UseU7+{B(6}fBcdxZwTMXH1p)^4fFfLxvab{4_B8I%)~(5g_17EYbS0&szG+Gi!g zvX%3z%QjLX=tY#S3wZsKs2P>RGJ@&%n%_61QpO&J+$p(m)w5!?P-NiB6^~=$#-6V& zZhR%jB^B9ga%P3(#gX1SkhN$aFs>xmkwoegoCf`JN|h|dWT+!>v$u9>anD(!qvGl) zPOf?vcfx+1YRHgrycnPMrq0`H`sR^bJ5dt6Gj3@@UK7QBDuwA;2R<14j%TSet$M8y z)|^`6^7HnQdPk;y+vV`;2hp17()#aw`s-3>0_Q!&k6l1#XILvJpJG^XGu$x4xtuju zw>G0*LAg+*ZY^`t7gx~!{BG+?oJ|hcIZ92KrefN49%L#OYT0EzWBv!Xxd*F~SdYc` zu~{u{vY0Y|6)fdOlR-GhMZQ8_=yhk1LLVHUbo5fF&QQ6iBpeHurNkdu-JO6ZD@@p| zX;wGa^(U+wfT_#nlE*4a7m+j8H?5@a`Bp9yKNEJad|t)8k4GR=Z&t8wEOgb1#5u=n zS!I3GFUiuos|t~ZPG6gGR+-Cb=sCSQgHkkhKCw>yy)N&}x!Y`pD&IC~J^jwDr|d?C z?XGJf#jUdDhou6`J1?|ugJkVQ;CHheQoWhe!m)elotkfB&lEkZDq9xNq*_^i+Mv%w zFR@`rs>#ckCgw1+%)V;{*UDv$j{dM<9;^!Qa+MuxVY5wqF=WbKw|}lA(srw3UCJQi zN;=;o=T^ZToLz^FtYnZ4U~W=(uD2n)j_+Xl;IJl6+fHh$(8Y#b{c;bsy?EwQnYk}&+y~ZDQsw=SQChT@J*=BQ5@wOLJVhqsJ_%D)oy9{8#?N32 z?fSU@xMXgft9Qfk~EwPz8!O4YNy5QxuC(CDvq2XcaEBg{lTRt=8-1{@79?r8;YHE)WlQQzm#SXZdHzL?!J>V<@~KW&7s93 zCc04I!UMA)XZ5Crm0~{c2(-_vUqaLq@ccD5?BN+mU|X(ZclS z)5d|EoEfPDiP(lUU~brfG^W?|I&9cKcunUA514tjzpy{s>^R|dR;ycny5QoOl3B}R zpheJD)#6!ls=$G4Z7IA-y@wt;0TEHHuUDR#rq|d}EIO>8F`aM0Pi;hU*<~xyLv9 zI5TrC^S~l89aw>U1aQg`2b0QDvnpJR;SqA)tg5<;W6^5e-DvQCnFBG9?07~?n!KPe zLd_JFMwYKTzS5J^+tg}b$AO^K^UE@v##2$oE<6WgbEPYowutZ$A{mCJ7ha$M*8pM zvx+wuM`K$LX1>WvusnxnDlE)~rEM@9!xTC8>Gy6Ze8coD zp{Fhsr25lV1#kV0LJMOH=98GXXcEPyl9>8@GGfrlXtJToMPg83)hGwqIz)d>9qv=rq~11g8xC8u)H;_|7-V~~27K9f^>Luv$VCCmms z3Gv*0+3yR5Dd0ViIYpA~tAoZ~7qH;C?8cnsX!_$NuAd92y2Hp>9fS10$9d}$L|kbX zCo0c@A-ejg+-C6zU~AEBVK3-XBFzmAr(EhbJC8UzkH?Lvo!OUE7T4Rt9}_N?+7qy6 z@NGTh2nf1b^a&nMJ@X;hE58|G_5>R+uP(*KDFFuO<0s~Yv)h>fskO6_77N+h^I$1~ z$RT8Ff1exw!BR5U9-VU8#vPJTq-11Fghd(_J@7*sh##hb9F=&FR5xFz?Ii#^I3l8zi^P}Z55D>y zbdcsBx$&zm8d|1||GxTVcQ+L)Ue_c=xK@fBn7xIs1i2EPpfBppS!auW#}>oc&$eYPI;e$6CDDA4rl$+;q=2AWwIW{Hv+9cs z84QjyKqBugHyr8M!pQ7F_U2LeBCFQ9cwdB!s>aNXQZK-A8W2sE9*wFtiHW%Q?Zrq& z*{U`MJ#xo?h>fpwq^KgPf|WEj5dV6 zLC7#VZZRO(tfgot9cg}}$T}_Y2qa?m%He%)`koXT37w;9nil0{8tV(eEP>YpAI1fn z3?$hErg0RJRCXPlzf&N~I4?#^M7bQTbLf>zZx`%!!D!zx!zrp@-bydVz67!hn6W`*1?%JfTQ$$Xcet?jSM00Cp_d7fWqTIaSbcAJDf0;RE>-40AI zlO_m(o=3OzAwiJHK_=$Hk0!`mVYk2ztzgiLV3D5WdY=qt>IdRg+3QNgE6zMJMppd^ zg#hG?)(>}??6J8V1YjaCEUR(GA~2DsUS13+R&wlMmc_P#G@v5Gt%^2$OD?^ZpNL*! zL6a{!yLW!nP#_O0hw-n-W2V{M_@aCzA)i`KDHvN=i-_zy5Umm~>TOX*HA&CTqnc#G z6m4KRZen$@_^)8hZ->-jC_8P}1E2y-B+cE$cX?KWV@h;4UIA?Rhl{u1Ez2b;^t9LD z#=J5TIW6B+6e2yp8jZdtJWo5e$-&612adn#Q5a>pPJ)Cherl?*j)G>WS;pygnAVTD zP30W}J#A>LS&gjG_P#G&qetnm?4M8o*zHt!c=NE2ZFrm3G?Mrqzg?e5*z`J~km8er zXeFDTPWDf^&M{nF9l*D}D=Z!E4URD{bjDLsOT9LcrK!be!g@}^dCZ+!K`6RJa~F1^ zo{!UNF~!WYsZSv{6MEg^;AB5c4v4(cGx{F89{VDnAd6vf*Gnsp5jdWw8*T_8YHowz zE~kMFRdz*BtMnQ}jJ`=s-rkXd+1_oA!;Xf?gr)wCJJ`re*E=u+CY_Bsoi|inbtap0 zG(D+K;798{BTO1C0}!RShuJ2dG+`-%H<_5`+U&^UYG%cUa=r_x4L1c>^{gBmO}b9GSwgkEM7U~=y3=mJftXJTw!RBAGH*Fx z7c zlYEYxkVMYq*H+u?q$YXt;w3t7=Hmt7*dcBAU>f$b#ldS{?*?<0yeu&NYi|XaT$BRW zP~)zb8NhpKi=WV$y6u!Uen1dU*^US-fmRBHzWtys-ruZg^I)vA{)G2PK?6!eH9Q-; z`*p|(3VwWdiavu^GOP4FaGA=B<7E;!QWG0%O0Cj*2*D&c}@VGnpV0%E;`z{$-*~+0$&A)F9CrWyT^me#ZdlBpm~= z%{~m%Kghs%R`}e;Hwh9jPty&R87wvLrZ3}q|BUEifXu)&`yDZR>Dr;mL)jaB&@mN$ z!g3?JArVHuEyjipH)SgorLm8|P!-K3IUw&Qbq01JOqrnbjSo>kwzAWVp4X})3V$yS%-fnVY!jQAxu4kc$( zHD9NjKVW`-f!;@I62}i10wXW$2oGMuNOEgwW3gZNoq6|Ha{)J#Z9_E#Ls+k6+(Sn= zK`=9DbB)C!-6GgK9#bdCb6pi<8;jv)L*bv!VPv0^_SKF_w29~~?@rLK3&^5u;iXe1 zdRb0SX^ZNfQuUf{u3+t$I0S=GbM9W>n5dAH#=+TvL7meAUOg-w=&SJdpuuTq|twGQgcKvp&9P7!6!@X zfS__NOi7=ucKe-Rg?_c~U4%Gvmi-{v+Vn6dpH}pyHBBpFv!sw_>DcTcwwcxtubHFN zmsObS&Kf{1zvB!vK41j=d1=cNBCGl9!L%dzowVKho5}yCHqj_GfL-hw(sa{42hcvGb`Kpk(qZT z|BM9Z2UcG1nsOd2htcO7YwoHS?l4j-6K*8TP}Vn0I&m=A0O7WT?IM$0+XqlI!#u4q zZbsM^=$B*B=tQM!5A8}!9cuBe!zSTzKX_lSJ8st)q|j%gKX~qK4ox;A>-t1!LaZocDJ2iXBE)rHEOs?9< zVezO+Cmg)zztbrSG!_uOHpxt6v5nLp=@c4q@$ayBW;Xv4l7n`nKhdyF@~?z5b03Q% zasRkfnyOZMw@Bbx+_G(4JqLk9j11``H>`j2%G&{mDa4>(y%8mB?cw8pl4gQInV%F6 zotzViVBmBiixM1}myKqwxsDoaJ9M0>v~o3%2PcjJ-gYZpCtm8^QQuJAFQ2c=I4DK! z9oyiouR?UChqZ-w*m0!R9SatmJt|XNkc})in@P{Uqzj5@EAGxUQr~q?d`{ywpRX6m z@vBDBL6&AA-o#9F8SWN;d#b`N!DTG2>Y$hbr=)CyOf8N746MR0v6n}R`yRqar`Nf@ z-ylRBPB1BYY^yXi3vjd?y3E1MFmHFd`1DQytb^!0PmcbB%qqmp{%d_Y`#&DF1VE9L z%V+a{37{}gVvA(l-MO}Q%4fsf@$>X`UNhxY`_A^6=thp!Sohr7Q!Guls@)L984XCx?{wag8+DS3GOy zH6-jR=H==kx?Jgk=Dm2ia(w!)T7!Qo zF0foqAAf_>+MiTk?7!z)XSKFPV0f83A>M!4Qo@jYH+eB3aIPi&Ll@+~TU#6z2`qf3 z$7L%1BY)TT^lelU#p=~UP~ZmpPEQO_f>Ql|1vSriPz#Zv7f}zN1jzi;Q4fC_AY)~$ zz{d7xvH4oN;{P-K%LrtDKJoK=SxBz^r})aTf&oAgy{qsmc!r=$oL+wirVly11(^P) zmH2-*qv#(i2Kdi>FKc{2Tz8m!wo+PTE~i9#E~LuIa8G|)_4tO|m1Mfpqg($iJI&uo zp`bD-xWbilJ@!*g2v^br+AvMJ?if|x@+J!?-Q$J!!Pg-HW^idMZ~)MtphV%5 z5il(G`!~r`DUnN9c0mYio=xvuHoW~pJD{?^r()4`(EQw_Yrqy{m)Sfgt zfY+~Iw-&eQs#E4m^kEDuALx5UmJM%*g7mwdYoG4SUw#f5==1cb-1wYa($ytgdBonh znxExqjdY1Z41sNyEJyUPob^V*6+Nt{}MevBF_)~neJb4R#)vrp{gcv?pDVwp;n2Xyj7m8 zgEzfk5C+h$fu1!u#*w0oz{jBP8#>;+!uVt zJfg`fKan4tS9!>TogKcI;_2Qp#7w`x~M*Tz^Q) z{1UAWYIo zbkC2(-lTP-TgUqjUta=PM5Run%!TMvt+gmS!97tgh>xK-ygQ%A!grpExrh}7$wXe| zyeKX{irw2HFzQ2fLH5YjgRJCR*2V-BJQBjMY6V$+Bd)IOE@XN;q4o%}f+gS)sL<4efH7|4V=z1u@n!Jx#R9ft@RhVkR=+rjhpKD5^B&I#!P`R-VH*IgbD8wb+W zt&#Df88(<0X(HX%VdN|=8GXxfb@^L} zExXA;L;!oZCRKjwGNNJFSPox)?bNP7^bh|I=lCP=R&Yo#qkV_j`Af+dBOM|Mw(z5< zkLZ~rC-&6adJMR-En5JrJ(DaJ4QEgdqJ_jnY;cFA#-*`X`4S5wa|aB zCA%;rK$IOov7Ea{LPl{A6IYRQTa*b-uGAqU;l>4mx~szEq}bJ8EimnRN%n_KOf4|C zv{m#<oO$G1HiSV7IH<)qkc$Ge~lW$0ibm8BE0 znu5W+x9KpVV9_ojrT%eqmyqPRZ3dEL-d!DY!49;zAWvkx;j5~uq%Pk<&*)DG~t%j#$uWD4Dbi+Qywj=m3rHFh5V z#^0LTCYyBsXaJ|_ZSI(a^+gvGNtw3tgqjlM((RPa28~Q@CGb(WYDNpC&YCHUiPA{cn)3GeHgDDXRExvV*aacf6*}Tx)Ef z>(L`3ik5K&+Yg+KTSteh06+Ok<4ZPcRO$qBJ`0(%>!&vYlENc;DGU7YV?x34VlozA zv5+BzTmSWFEby<73aPVzYxnzyZR!o{)_)6kis)bD3EHIfPd-#w*#L=KIO1P$)G`B> z>Dh$dPfG~-4Dat10ekQ~-2B?An$gQf zK3O1=uj`A=y1uOf#()@3_HK8E{*-?~6loCZB7d%RHcin&yxhA73=zH7>o8Cd?*3SS zrP}fq+T4s|kDL;m7@A~>PMLd?R3hGig~@Sc736EA?We;CK$=+l5u#t&+ZDUp9fFaMPzKS1kkaS7}q4^h+-?=kc_9 z=9=kJ#qna5AK7>yQk-+)^+z@yJLCjku<m(WvF#^HhMlichNNSr(qrv;|SlTW#_OrxGe?N*INY_V<+p?M zy?90QK|_~UUOKz8M*>had`zIYgv%sn>7 zO6C?doc|15=X_z_6}O&Vwe=Kvp%ghWrSnEC~JFH}Ox#B>z32>HHRQ&(Fz8mGNna%ot=? z8!Btj?)mJ%cVDgAV>xq^K4ZFbPmWYh+a}iJzNkrRm2}$=G|womcu|qkkKVW)V+k^7 z{*8Z3vh8D^pDJL`$3<^??|v}a?De+DYE6@8s|z_}&MNno1M#Y30P1J$x&whs|A%%c z9Z?&YZvT$K{*#Jd8d}n3*l_1X@h~yii;9e&w<0{K7JghSnEHFI;G!MwL$Y^h*6;H2 zh46o(yzCI1_330f)8h5Ns!06&UYG=-f5dwCdB6O*8qUwh*ym#m!Ib}F&lkqc*d6kw z0$zHuivDIKRn>-PckwH_{S5{9Sc}i}o`qJF5t72LzyPQA%)23Fr9}@!`p^egbt#6% zhIh)!ta|{ZbRk(myH)LDzt9kb_iA`8Bn*M0c}q>;={Ym=SJQZ?MbZ35X33()r+{!f zyC8}u4+a7}D`Dl8J>M#!{V^4LX~Qq`;VZ#+(vQ;x)TKpQy5}&Yd9zx*kQpP{Ix!Nc zaed2GPof^xvvcxFXGKXU=i9;>ost8rIB0HR+ARDPTQvZc(H-kx9FyU4ao`?aqv;nB zVGC|#)AB$19WDvk2-kpxnD#UNEO2uV-_VBuH?UTbI>aoPdf5&*hET(0{N3Y7I}^s) zZ^t8drEUdr^4HZ0&{{eY1o{L3UBk5qnv=g$x1$$|TR2KT!8oEflyj205q)9_{QAxJ@Z+TA zy?Wf822$VcTB2dZ186*nI~U~{C1J6-sh^p=)U?rLJ`Q;}W)-kn&$s%(${s3Iuv#C> zidf#oULR!M(!aTq4QV`;N&~Jy@;zZ=i7CHShq{gV;1Y$hK5XG=U_LX^tawSg`fI&? z;ZVt$dI@bQCGTqGy%rP_+Cxi;&Les^K+RzyRbhX>B*VxG`f{bp$Olq`2-A<@ODnPn z{#Je~>Bn~` zb{h*>%51OPi!JKw*F?JDH&{(3%mjUnt8)Sq&5=#fOs88k z-n3K6+SvWh1@rVgzh*8Ds6HEz1T?a(apeW!AP}`c6oHZ^O+vvTIzTn-a0<#}Uy{v! zW=BHZJnaFzv=2GPURD}t$?Rnu3-1-bp4xv-&wOBZ+!}LI@_Oc)V9rpG-n9F$DnnOA zKCapCfR6(%bl4N;ogR6}aseq(%gTmFXtj6GNjv1Dd_s2`reRXA*eel-sxS2K?|+gmto@d{x$j zI%s;wk8d4DHL0t}PS8K|(rpm}cN=yx!Wlq!Dx9(iVtyCfTOP}n-9q1sDo^(#)u)m) z1QSGeI%+^u3hX9CfSbOOpROc5Y9vhJY~uEqNbhmFs%L)61}uo_aOtp0>pm_>RNKUh zH%+e1F@C2Bpcns~yU@5XaL=D}U<3F-OTlS6P+dq84g#qqt(9y7N%q*m;;psO#Me_e zQ3pGb5j|HGBHGMKO_j;;e`wB216jLJndtwNRVTwSiLr6{~r$ zeoaviIX*%)ybFy^O!@(ok58w)hZg|CV7L~eA6(x7^aBn{WKOKLwrLOm58^Ir5>aqA zAl-LCpOFK-pBVi`7PnPqZ0|?Cdy+wmpi11_lm@d1n(AtAlU)SkW<9Qvsqgw1E_MH- z8u!I%ZG!01<=mU^VFHFKo0e9Sm{$K`H3ye3?ie72|B)ZC-8G~}07Hc{0RkX(sY2lV zJ6zop^$C|&4J1-xccl4FGDFZ&c$;8xh!tS-UxAz2y(3#dX8A`;kghKtci(q0C!E1? zpBU@?mGYziDBZ*H^Ltq+rTV;I{#B)6pO3N6$JoERnC|m2_W2n5e2o41BFBH@`C@4* z&_SXq@ipm)1Uk>@hy@m!stNn(L|dmM3tSQ6j~2r%w*`tO_JpSW`f%6XFP_2J3)VS{ zm4Uo41V=gYC2aKys>Ag=;w!4xf?4{AijVrXTO?yoj4Mps4(qx+7`tFeer|gH5^)}~ zJ0Hj+Xfc2ljs8KLUrQ$XcCz!uMa4{ zt|T&Q`2}RAgd=%aZP^ZIOWpVaF!@+t+lDOQQ@>h1r#1q6vzyN*yHi#v0}M_#RK*`snR}M1wd%PTpL?wOjG_Y5P_ilOeX6of3 z=^<`dBItPsaC)x1Lwv+R)>Vb|!4*K!0S@m7d%t(Gni<8BpHF?M=#?+x{A;{HA_+kk%QCk=MY4^fyKD<|V*)jCtR3wRt!gJI zlkm?uEuw-x&6GDBJ(tPm>0KW!lM|C61>XTtzsJl2gZstb}HfrJ?)jMS%Ai0{4eh!?H7Y?=&)2LPX*@(;hZH3od2<8PUj zJE5w07bX47M=dC9Tqr-d7o{ly52{5#G7B<MuPT1}PI1*ef}r1e#hL!cq5ZPmQbs7ZStmQALf6FFR~ zWc@yDZJX~h-+6BDaLxWaJ)Qb5AS;|b-afRO#pf0$Awwp%8DtBq`emBL>76n-oA^M4 z@TE8;eG9a*qQdI!{BrhUlBLL26pt30k^JN=N;x}?kh>3pgxnJ(pP7|%YoO=KUjH_a zhhcxm(4!d$Gb^&=dSyVILX}Q((xgnoM@2&gZra97hY?+bd*Zi3DC@>N!TP^F!Jn2V z0EF!P_LOqXYK%!hwB{9>_GU<{4M^l_rO;r zjO&P7p@C(5^|V!S9k1Q;#U^OF)2Gd4(-&y#Bv*s!prO@d<+WPVXT*xwEpI;b+>iX;}~4cdsK z97j|)kj|hsTzk$I`34z-5oN7WdekqVPU9ZIJn;HUP`A`4+IEuU55+NELC}d^M&553 zI4I09pq^##2j)}VLtCo_V6Umfkuphq`0nL40uaJ1)5~uB`k2o#e8vOwgDfc3t4%t! zJ3y+WUf@jMw)kVeY&V3=E;xNKZ|SwUGr&$pyUNR!9VbaH)fUDp4(4hKPN|gXA(zne zeZZp(KxMNj1OB#*jT|5^v19OfLq5?%(rff?_$t|eY{*pAQ57)k>D98}?Hp@QI@tL` zmk2LteUNFrt2XHmgw6PQ{?|4x*g9ujxXmiZz9pL-1~-lnKiPhuu}wf!yThNz>k)1l zdIv*9Ak{--16;*Ws=v4ocgf+Q8Vo66-zWzGT&tZSJgEbczHK(C@J!_y2 z`l7jGMsBp)w*N+bJ_KEs&7(#)btjF#B*)xcSSn1G$)4Tb0yt0k;Tq}~AS zRd<~s6jhmQ17L8I+Z{6O_&#y?6tFU9S;#+S1;su!VH$Zx#cYK6@g`O$nD(le18Sl+ zYd`dv_Mprp>X z*CEsm-sGqn!T+a%$0}Z*&zHp&#{Z9<@t@EA|JAwgN>Xibtu+;lrOg)VP8VirZ7Q9R zX>j#SUVeVyyL$9T3!ctqShew?bzl9)+e9v{O^w(~U|E5Aa5IEcCj)9N_Sk$ylHdSFvEGq-Hl)DuNcf0I{V Qz<&w{lz&e6>Gb9Q2k8+y<^TWy literal 0 HcmV?d00001 diff --git a/windows/deployment/windows-autopatch/operate/index.md b/windows/deployment/windows-autopatch/operate/index.md index 44954ce00f..577c29ca09 100644 --- a/windows/deployment/windows-autopatch/operate/index.md +++ b/windows/deployment/windows-autopatch/operate/index.md @@ -14,12 +14,14 @@ msreviewer: hathind # Operating with Windows Autopatch -This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, and how to contact the Windows Autopatch Service Engineering Team: +This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, how to contact the Windows Autopatch Service Engineering Team, and un-enrolling your tenant: - [Update management](windows-autopatch-update-management.md) - [Windows quality updates](windows-autopatch-wqu-overview.md) +- [Windows feature updates](windows-autopatch-fu-overview.md) - [Microsoft 365 Apps for enterprise updates](windows-autopatch-microsoft-365-apps-enterprise.md) - [Microsoft Edge updates](windows-autopatch-edge.md) - [Microsoft Teams updates](windows-autopatch-teams.md) - [Deregister devices](windows-autopatch-deregister-devices.md) - [Submit a support request](windows-autopatch-support-request.md) +- [Un-enroll your tenant](windows-autopatch-unenroll-tenant.md) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md new file mode 100644 index 0000000000..b94214338a --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md @@ -0,0 +1,73 @@ +--- +title: End user experience +description: This article explains the Windows feature update end user experience +ms.date: 07/11/2022 +ms.prod: w11 +ms.technology: windows +ms.topic: conceptual +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# End user experience + +Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours. + +## User notifications + +In this section we'll review what an end user would see in the following three scenarios: + +1. Typical update experience +2. Feature update deadline forces an update +3. Feature update grace period + +> [!NOTE] +> Windows Autopatch doesn't yet support feature updates without notifying end users. + +### Typical update experience + +In this example, we'll be discussing a device in the First ring. The Autopatch service updates the First ring’s DSS policy to target the next version of Windows 30 days after the start of the release. When the policy is applied to the device, the device will download the update, and notify end users that the new version of Windows is ready to install. The end user can either: + +1. Restart immediately to install the updates +1. Schedule the installation, or +1. Snooze (the device will attempt to install outside of active hours.) + +In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline. + +:::image type="content" source="../media/windows-feature-typical-update-experience.png" alt-text="Typical Windows feature update experience"::: + +### Feature update deadline forces an update + +The following example builds on the scenario outlined in the typical user experience, but the user ignores the notification and selects snooze. Further notifications are received, which the user ignores. The device is also unable to install the updates outside of active hours. + +The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the active hours and force a restart to complete the installation. The user will receive a 15-minute warning, after which, the device will install the update and restart. + +:::image type="content" source="../media/windows-feature-force-update.png" alt-text="Force Windows feature update"::: + +### Feature update grace period + +In the following example, the user is on holiday and the device is offline beyond the feature update deadline. The user then returns to work and the device is turned back on. + +Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification. + +:::image type="content" source="../media/windows-feature-update-grace-period.png" alt-text="Window feature update grace period"::: + +## Servicing window + +Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. Device restarts occur outside of active hours until the deadline is reached. By default, active hours are configured dynamically based on device usage patterns. If you wish to specify active hours for your organization, you can do so by deploying both the following policies: + +| Policy | Description | +| ----- | ----- | +| [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | This policy controls the start of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. | +| [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | This policy controls the end of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. | + +> [!IMPORTANT] +> Both policies must be deployed for them to work as expected. + +A device won't restart during active hours unless it has passed the date specified by the update deadline policy. Once the device has passed the deadline policy, the device will update as soon as possible. + +> [!IMPORTANT] +> If your devices must be updated at a specific date or time, they aren't suitable for Windows Autopatch. Allowing you to choose specific dates to update devices would disrupt the rollout schedule and prevent us from delivering the service level objective. The use of any of the following CSPs on a managed device will render it ineligible for management:

              diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md new file mode 100644 index 0000000000..8e6075fd7e --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md @@ -0,0 +1,106 @@ +--- +title: Windows feature updates +description: This article explains how Windows feature updates are managed in Autopatch +ms.date: 07/11/2022 +ms.prod: w11 +ms.technology: windows +ms.topic: conceptual +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# Windows feature updates + +## Service level objective + +Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates. + +## Device eligibility + +For a device to be eligible for Windows feature updates as a part of Windows Autopatch it must meet the following criteria: + +| Criteria | Description | +| ----- | ----- | +| Activity | Devices must have at least six hours of usage, with at least two hours being continuous since the start of the update. | +| Intune sync | Devices must have checked with Intune within the last five days. | +| Storage space | Devices must have more than one GB (GigaBytes) of free storage space. | +| Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. | +| Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). | +| Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). | +| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). | +| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy) | + +## Windows feature update releases + +When the service decides to move to a new version of Windows, the following update schedule is indicative of the minimum amount of time between rings during a rollout. + +The final release schedule is communicated prior to release and may vary a little from the following schedule to account for business weeks or other scheduling considerations. For example, Autopatch may decide to release to the Fast Ring after 62 days instead of 60, if 60 days after the release start was a weekend. + +| Ring | Timeline | +| ----- | ----- | +| Test | Release start | +| First | Release start + 30 days | +| Fast | Release start + 60 days | +| Broad | Release start + 90 days | + +:::image type="content" source="../media/windows-feature-release-process-timeline.png" alt-text="Windows feature release timeline"::: + +## New devices to Windows Autopatch + +If a device is enrolled and it's below Autopatch's currently targeted Windows feature update, that device will update to the service's target version within five days of meeting eligibility criteria. + +If a device is enrolled and it's on, or above the currently targeted Windows feature update, there won't be any change to that device. + +## Feature update configuration + +When releasing a feature update, there are two policies that are configured by the service to create the update schedule described in the previous section. You’ll see four of each of the following policies in your tenant, one for each ring: + +- **Modern Workplace DSS Policy**: This policy is used to control the target version of Windows. +- **Modern Workplace Update Policy**: This policy is used to control deferrals and deadlines for feature and quality updates. + +| Ring | Target version (DSS) Policy | Feature update deferral | Feature update deadline | Feature update grace period | +| ----- | ----- | ----- | ----- | ----- | +| Test | 21H2 | 0 | 5 | 0 | +| First | 21H2 | 0 | 5 | 0 | +| Fast | 21H2 | 0 | 5 | 2 | +| Broad | 21H2 | 0 | 5 | 2 | + +> [!NOTE] +> Customers are not able to select a target version for their tenant. + +During a release, the service modifies the Modern Workplace DSS policy to change the target version for a specific ring in Intune. That change is deployed to devices and updates the devices prior to the update deadline. + +To understand how devices will react to the change in the Modern Workplace DSS policy, it's important to understand how deferral, deadline, and grace periods effect devices. + +| Policy | Description | +| ----- | ----- | +| [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | The deferral policy determines how many days after a release the feature update is offered to a device. The service maximizes control over feature updates by creating individual DSS policies for each ring and modifying the ring's DSS policy to change the target update version. Therefore, the feature update deferral policy for all rings is set to zero days so that a change in the DSS policy is released as soon as possible. | +| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. | +| [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. | + +> [!IMPORTANT] +> Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will render a device ineligible for management. Also, if any update related to group policy settings are detected, the device will also be ineligible for management. + +## Windows 11 testing + +To allow customers to test Windows 11 in their environment, there's a separate DSS policy that enables you to test Windows 11 before broadly adopting within your environment. When you add devices to the **Modern Workplace - Windows 11 Pre-Release Test Devices** group they'll update to Windows 11. + +> [!IMPORTANT] +> This group is intended for testing purposes only and shouldn't be used to broadly update to Windows 11 in your environment. + +## Pausing and resuming a release + +You can pause or resume a Windows feature update from the Release management tab in Microsoft Endpoint Manager. + +## Rollback + +Windows Autopatch doesn't support the rollback of feature updates. + +## Incidents and outages + +If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows. + +If you're experiencing other issues related to Windows feature updates, [submit a support request](../operate/windows-autopatch-support-request.md). diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 816ff726f5..8f286647f4 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -82,24 +82,6 @@ Windows Autopatch will either: Since quality updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview), we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise. -## Conflicting and unsupported policies - -Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed. - -### Update policies - -Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management. - -| Update setting | Value | Usage reason | -| ----- | ----- | ----- | -| Set updates to occur automatically | Enabled | Enable automatic updates | -| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch | -| Update branch | Monthly Enterprise | Supported branch for Windows Autopatch | -| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs | -| Set a deadline by when updates must be applied | 3 | Update deadline | -| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated | -| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates | - ## Compatibility with Servicing Profiles [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md new file mode 100644 index 0000000000..200edb9091 --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -0,0 +1,59 @@ +--- +title: Un-enroll your tenant +description: This article explains what this means for your organization and what actions you must take. +ms.date: 07/11/2022 +ms.prod: w11 +ms.technology: windows +ms.topic: how-to +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# Un-enroll your tenant + +If you're looking to unenroll your tenant from Windows Autopatch, this article details what this means for your organization and what actions you must take. + +> [!IMPORTANT] +> You must be a Global Administrator to unenroll your tenant. + +Un-enrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: + +- Remove Windows Autopatch access to your tenant. +- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch will not remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device. +- Delete all data that we have stored in the Windows Autopatch data storage. + +> [!NOTE] +> We will **not** delete any of your customer or Intune data. + +## Microsoft's responsibilities during un-enrollment + +| Responsibility | Description | +| ----- | ----- | +| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../references/windows-autopatch-privacy.md). | +| Windows Autopatch cloud service accounts | Windows Autopatch will remove the cloud service accounts created during the enrollment process. The accounts are: MsAdmin, MsAdminInt and MsTest. | +| Conditional access policy | Windows Autopatch will remove the Modern Workplace – Secure Workstation conditional access policy. | +| Microsoft Endpoint Manager roles | Windows Autopatch will remove the Modern Workplace Intune Admin role. | + +## Your responsibilities after un-enrolling your tenant + +| Responsibility | Description | +| ----- | ----- | +| Licenses | You're responsible for business continuity after unenrolling from Windows Autopatch. This includes responsibility for licensing renewals and reassignment as deemed appropriate. | +| Data | Windows Autopatch will not make changes to your data. | +| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they are secure and up to date. | +| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies used to enable updates on your devices. You can take the responsibilities for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. | + +## Un-enroll from Windows Autopatch + +**To un-enroll from Windows Autopatch:** + +1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. +1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to un-enroll from the service. +1. You will have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. +1. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. +1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft responsibilities during un-enrollment](#microsofts-responsibilities-during-un-enrollment). +1. The Windows Autopatch Service Engineering Team will inform you when un-enrollment is complete. +1. You’re responsible for the items listed under [Your responsibilities after un-enrolling your tenant](#your-responsibilities-after-un-enrolling-your-tenant). diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index a724359a90..c5ba6ea4fe 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -1,7 +1,7 @@ --- -title: What is Windows Autopatch? (preview) +title: What is Windows Autopatch? description: Details what the service is and shortcuts to articles -ms.date: 05/30/2022 +ms.date: 07/11/2022 ms.prod: w11 ms.technology: windows ms.topic: conceptual @@ -12,10 +12,7 @@ manager: dougeby msreviewer: hathind --- -# What is Windows Autopatch? (preview) - -> [!IMPORTANT] -> **Windows Autopatch is in public preview**. It's actively being developed and may not be complete. You can test and use these features in production environments and [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch). +# What is Windows Autopatch? Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. diff --git a/windows/deployment/windows-autopatch/prepare/index.md b/windows/deployment/windows-autopatch/prepare/index.md index 71ba6f2d78..903d732865 100644 --- a/windows/deployment/windows-autopatch/prepare/index.md +++ b/windows/deployment/windows-autopatch/prepare/index.md @@ -19,4 +19,4 @@ The following articles describe the steps you must take to onboard with Windows 1. [Review the prerequisites](windows-autopatch-prerequisites.md) 1. [Configure your network](windows-autopatch-configure-network.md) 1. [Enroll your tenant](windows-autopatch-enroll-tenant.md) -1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md) + 1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md new file mode 100644 index 0000000000..92295357e9 --- /dev/null +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md @@ -0,0 +1,33 @@ +--- +title: Microsoft 365 Apps for enterprise update policies +description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch +ms.date: 07/11/2022 +ms.prod: w11 +ms.technology: windows +ms.topic: conceptual +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# Microsoft 365 Apps for enterprise update policies + +## Conflicting and unsupported policies + +Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed. + +### Update policies + +Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management. + +| Update setting | Value | Usage reason | +| ----- | ----- | ----- | +| Set updates to occur automatically | Enabled | Enable automatic updates | +| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch | +| Update branch | Monthly Enterprise | Supported branch for Windows Autopatch | +| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs | +| Set a deadline by when updates must be applied | 3 | Update deadline | +| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated | +| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates | From 0086b24dfd878d5783808a68de071c1b1056505d Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 6 Jul 2022 13:57:25 -0700 Subject: [PATCH 521/540] fixing duplicate headings. --- .../operate/windows-autopatch-fu-end-user-exp.md | 4 ++-- .../operate/windows-autopatch-wqu-end-user-exp.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md index b94214338a..15a138fcdf 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md @@ -1,5 +1,5 @@ --- -title: End user experience +title: Windows feature update end user experience description: This article explains the Windows feature update end user experience ms.date: 07/11/2022 ms.prod: w11 @@ -12,7 +12,7 @@ manager: dougeby msreviewer: hathind --- -# End user experience +# Windows feature update end user experience Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md index 2636932319..555d20ee68 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md @@ -1,5 +1,5 @@ --- -title: End user experience +title: Windows quality update end user experience description: This article explains the Windows quality update end user experience ms.date: 05/30/2022 ms.prod: w11 @@ -12,7 +12,7 @@ manager: dougeby msreviewer: hathind --- -# End user experience +# Windows quality update end user experience Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours. From 47218f086d67bd6ec02767653b827a9b2f85a6d6 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 6 Jul 2022 14:05:53 -0700 Subject: [PATCH 522/540] Fixing acrolinx score. --- .../windows-autopatch-unenroll-tenant.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 200edb9091..6259186549 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -1,6 +1,6 @@ --- -title: Un-enroll your tenant -description: This article explains what this means for your organization and what actions you must take. +title: Unenroll your tenant +description: This article explains what unenrollment means for your organization and what actions you must take. ms.date: 07/11/2022 ms.prod: w11 ms.technology: windows @@ -12,23 +12,23 @@ manager: dougeby msreviewer: hathind --- -# Un-enroll your tenant +# Unenroll your tenant -If you're looking to unenroll your tenant from Windows Autopatch, this article details what this means for your organization and what actions you must take. +If you're looking to unenroll your tenant from Windows Autopatch, this article details what unenrollment means for your organization and what actions you must take. > [!IMPORTANT] -> You must be a Global Administrator to unenroll your tenant. +> You must be a Global Administrator to un-enroll your tenant. -Un-enrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: +Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: - Remove Windows Autopatch access to your tenant. -- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch will not remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device. -- Delete all data that we have stored in the Windows Autopatch data storage. +- Deregister your devices from the Windows Autopatch service. De-registering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device. +- Delete all data that we've stored in the Windows Autopatch data storage. > [!NOTE] > We will **not** delete any of your customer or Intune data. -## Microsoft's responsibilities during un-enrollment +## Microsoft's responsibilities during unenrollment | Responsibility | Description | | ----- | ----- | @@ -37,23 +37,23 @@ Un-enrolling from Windows Autopatch requires manual actions from both you and fr | Conditional access policy | Windows Autopatch will remove the Modern Workplace – Secure Workstation conditional access policy. | | Microsoft Endpoint Manager roles | Windows Autopatch will remove the Modern Workplace Intune Admin role. | -## Your responsibilities after un-enrolling your tenant +## Your responsibilities after unenrolling your tenant | Responsibility | Description | | ----- | ----- | | Licenses | You're responsible for business continuity after unenrolling from Windows Autopatch. This includes responsibility for licensing renewals and reassignment as deemed appropriate. | -| Data | Windows Autopatch will not make changes to your data. | -| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they are secure and up to date. | +| Data | Windows Autopatch won't make changes to your data. | +| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. | | Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies used to enable updates on your devices. You can take the responsibilities for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. | -## Un-enroll from Windows Autopatch +## Unenroll from Windows Autopatch **To un-enroll from Windows Autopatch:** 1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. -1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to un-enroll from the service. -1. You will have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. +1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. +1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. 1. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. -1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft responsibilities during un-enrollment](#microsofts-responsibilities-during-un-enrollment). -1. The Windows Autopatch Service Engineering Team will inform you when un-enrollment is complete. -1. You’re responsible for the items listed under [Your responsibilities after un-enrolling your tenant](#your-responsibilities-after-un-enrolling-your-tenant). +1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft responsibilities during unenrollment](#microsofts-responsibilities-during-un-enrollment). +1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete. +1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-un-enrolling-your-tenant). From 096c11ce82ec0d58d4caf4ff816c749a8df3be84 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 6 Jul 2022 14:09:53 -0700 Subject: [PATCH 523/540] fixed broken link. --- .../operate/windows-autopatch-unenroll-tenant.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 6259186549..4d73b03aa3 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -54,6 +54,6 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro 1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. 1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. 1. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. -1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft responsibilities during unenrollment](#microsofts-responsibilities-during-un-enrollment). +1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment). 1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete. -1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-un-enrolling-your-tenant). +1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant). From 04ee527e0ff64554c0e9e9ff4d0d3340fe383388 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 6 Jul 2022 15:22:34 -0700 Subject: [PATCH 524/540] Included feature updates in Update management. --- .../operate/windows-autopatch-update-management.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md index ac151e3512..04bdc38aae 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md @@ -20,7 +20,8 @@ Keeping your devices up to date is a balance of speed and stability. Windows Aut | Update type | Description | | ----- | ----- | -| Window quality update | Windows Autopatch uses four update rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). | +| Windows quality update | Windows Autopatch uses four update rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). | +| Windows feature update | Windows Autopatch uses four update rings to manage Windows feature updates. For more detailed information, see [Windows feature updates](windows-autopatch-fu-overview.md). | Anti-virus definition | Updated with each scan. | | Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). | | Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). | From d612be46482d5995a2432ea76569d70fadf05c64 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Thu, 7 Jul 2022 10:13:23 -0700 Subject: [PATCH 525/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 4eb9ed7a1d..fca3b3fa35 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -42,7 +42,7 @@ RemoteWipe ``` **doWipe** -Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to a the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. +Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. From 3e7d5315c083c586370dddcff57d60bdedd87c67 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 7 Jul 2022 14:24:31 -0700 Subject: [PATCH 526/540] Additional changes. --- windows/deployment/windows-autopatch/TOC.yml | 4 ++-- .../deploy/windows-autopatch-register-devices.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index d5071f8114..38e5eeab4c 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -58,10 +58,10 @@ href: operate/windows-autopatch-teams.md - name: Deregister a device href: operate/windows-autopatch-deregister-devices.md - - name: Un-enroll your tenant - href: operate/windows-autopatch-unenroll-tenant.md - name: Submit a support request href: operate/windows-autopatch-support-request.md + - name: Un-enroll your tenant + href: operate/windows-autopatch-unenroll-tenant.md - name: Reference href: items: diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index f6dc54cf8d..5a53ee749f 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -125,7 +125,7 @@ Registering your devices in Windows Autopatch does the following: Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs software-based prerequisite checks to try to register them with its service. > [!IMPORTANT] -> It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview. +> It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab. ## Device management lifecycle scenarios From 5d5581b4df699bfba2cf3a484f3b3e72d48fda72 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 8 Jul 2022 14:58:06 -0700 Subject: [PATCH 527/540] More updates for GA. --- windows/deployment/windows-autopatch/TOC.yml | 6 +- .../windows-autopatch-admin-contacts.md | 2 +- .../windows-autopatch-register-devices.md | 9 +-- .../windows-autopatch/operate/index.md | 3 +- .../windows-autopatch-maintain-environment.md | 30 ++++++++++ .../windows-autopatch-unenroll-tenant.md | 14 ++--- .../overview/windows-autopatch-overview.md | 37 +++--------- .../windows-autopatch-enroll-tenant.md | 60 +++++++++++-------- .../prepare/windows-autopatch-fix-issues.md | 14 +++-- .../references/windows-autopatch-privacy.md | 12 +++- 10 files changed, 111 insertions(+), 76 deletions(-) create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index 38e5eeab4c..baf2422f09 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -56,10 +56,12 @@ href: operate/windows-autopatch-edge.md - name: Microsoft Teams href: operate/windows-autopatch-teams.md - - name: Deregister a device - href: operate/windows-autopatch-deregister-devices.md + - name: Maintain the Windows Autopatch environment + href: operate/windows-autopatch-maintain-environment.md - name: Submit a support request href: operate/windows-autopatch-support-request.md + - name: Deregister a device + href: operate/windows-autopatch-deregister-devices.md - name: Un-enroll your tenant href: operate/windows-autopatch-unenroll-tenant.md - name: Reference diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index 47d7b8677c..7793b6cb5d 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -31,7 +31,7 @@ Your admin contacts will receive notifications about support request updates and | Area of focus | Description | | ----- | ----- | | Devices |
              • Device registration
              • Device health
              | -| Updates |
              • Windows quality updates
              • Microsoft 365 Apps for enterprise
              • Microsoft Teams updates
              • Microsoft Edge
              | +| Updates |
              • Windows quality updates
              • Windows feature updates
              • Microsoft 365 Apps for enterprise updates
              • Microsoft Edge updates
              • Microsoft Teams updates
              | **To add admin contacts:** diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 5a53ee749f..44986b6e4b 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -73,7 +73,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - Windows updates policies - Device configuration - Office Click-to-run -- Last Intune device check-in completed within the last 28 days. +- Last Intune device check in completed within the last 28 days. - Devices must have Serial Number, Model and Manufacturer. > [!NOTE] > Windows Autopatch doesn't support device emulators that don't generate Serial number, Model and Manufacturer. Devices that use a non-supported device emulator fail the **Intune or Cloud-Attached** pre-requisite check. Additionally, devices with duplicated serial numbers will fail to register with Windows Autopatch. @@ -97,7 +97,7 @@ A role defines the set of permissions granted to users assigned to that role. Yo - Intune Service Administrator - Modern Workplace Intune Administrator -For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control). +For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control). > [!NOTE] > The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Endpoint Manager roles, and allows you to create and configure custom Endpoint Manager roles. @@ -122,10 +122,7 @@ Registering your devices in Windows Autopatch does the following: > [!NOTE] > The **Windows Autopatch Device Registration** hyperlink is in the center of the Ready tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is at the top of both Ready and Not ready tabs. -Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs software-based prerequisite checks to try to register them with its service. - -> [!IMPORTANT] -> It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab. +Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices, and runs software-based prerequisite checks to try to register them with its service. ## Device management lifecycle scenarios diff --git a/windows/deployment/windows-autopatch/operate/index.md b/windows/deployment/windows-autopatch/operate/index.md index 577c29ca09..65c5f08dbf 100644 --- a/windows/deployment/windows-autopatch/operate/index.md +++ b/windows/deployment/windows-autopatch/operate/index.md @@ -14,7 +14,7 @@ msreviewer: hathind # Operating with Windows Autopatch -This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, how to contact the Windows Autopatch Service Engineering Team, and un-enrolling your tenant: +This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, maintaining your Windows Autopatch environment, how to contact the Windows Autopatch Service Engineering Team, and un-enrolling your tenant: - [Update management](windows-autopatch-update-management.md) - [Windows quality updates](windows-autopatch-wqu-overview.md) @@ -22,6 +22,7 @@ This section includes information about Windows Autopatch update management, typ - [Microsoft 365 Apps for enterprise updates](windows-autopatch-microsoft-365-apps-enterprise.md) - [Microsoft Edge updates](windows-autopatch-edge.md) - [Microsoft Teams updates](windows-autopatch-teams.md) +- [Maintain the Windows Autopatch environment](windows-autopatch-maintain-environment.md) - [Deregister devices](windows-autopatch-deregister-devices.md) - [Submit a support request](windows-autopatch-support-request.md) - [Un-enroll your tenant](windows-autopatch-unenroll-tenant.md) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md new file mode 100644 index 0000000000..93e03a5de2 --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -0,0 +1,30 @@ +--- +title: Maintain the Windows Autopatch environment +description: This article details how to maintain the Windows Autopatch environment +ms.date: 07/11/2022 +ms.prod: w11 +ms.technology: windows +ms.topic: how-to +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# Maintain the Windows Autopatch environment + +After you've completed enrollment in Windows Autopatch, some management settings might need to be adjusted. Use the following steps: + +1. Review the [Microsoft Intune settings](#microsoft-intune-settings) described in the following section. +1. If any of the items apply to your environment, make the adjustments as described. + +> [!NOTE] +> As your operations continue in the following months, if you make changes after enrollment to policies in Microsoft Intune, Azure Active Directory, or Microsoft 365 that affect Windows Autopatch, it's possible that Windows Autopatch could stop operating properly. To avoid problems with the service, check the specific settings described in [Fix issues found by the readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) before you change the policies listed there. + +## Microsoft Intune settings + +| Setting | Description | +| ----- | ----- | +| Conditional access policies | If you create any new conditional access or multi-factor authentication policies related to Azure AD, or Microsoft Intune after Windows Autopatch enrollment, exclude the Modern Workplace Service Accounts Azure AD group from them. For more information, see [Conditional Access: Users and groups](/azure/active-directory/conditional-access/concept-conditional-access-users-groups). Windows Autopatch maintains separate conditional access policies to restrict access to these accounts.

              **To review the Windows Autopatch conditional access policy (Modern Workplace – Secure Workstation):**

              Go to Microsoft Endpoint Manager and navigate to **Conditional Access** in **Endpoint Security**. Do **not** modify any Azure AD conditional access policies created by Windows Autopatch that have "**Modern Workplace**" in the name.

              | +| Update rings for Windows 10 or later | For any update rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign update rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).

              Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:

              • Modern Workplace Update Policy [Broad]-[Windows Autopatch]
              • Modern Workplace Update Policy [Fast]-[Windows Autopatch]
              • Modern Workplace Update Policy [First]-[Windows Autopatch]
              • Modern Workplace Update Policy [Test]-[Windows Autopatch]

              When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.

              **To resolve the Not ready result:**

              After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

              **To resolve the Advisory result:**

              1. Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
              2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

              For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

              | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 4d73b03aa3..d50c91a1fc 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -17,7 +17,7 @@ msreviewer: hathind If you're looking to unenroll your tenant from Windows Autopatch, this article details what unenrollment means for your organization and what actions you must take. > [!IMPORTANT] -> You must be a Global Administrator to un-enroll your tenant. +> You must be a Global Administrator to unenroll your tenant. Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: @@ -33,7 +33,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../references/windows-autopatch-privacy.md). | -| Windows Autopatch cloud service accounts | Windows Autopatch will remove the cloud service accounts created during the enrollment process. The accounts are: MsAdmin, MsAdminInt and MsTest. | +| Windows Autopatch cloud service accounts | Windows Autopatch will remove the cloud service accounts created during the enrollment process. The accounts are:
              • MsAdmin
              • MsAdminInt
              • MsTest
              | | Conditional access policy | Windows Autopatch will remove the Modern Workplace – Secure Workstation conditional access policy. | | Microsoft Endpoint Manager roles | Windows Autopatch will remove the Modern Workplace Intune Admin role. | @@ -41,19 +41,17 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | -| Licenses | You're responsible for business continuity after unenrolling from Windows Autopatch. This includes responsibility for licensing renewals and reassignment as deemed appropriate. | -| Data | Windows Autopatch won't make changes to your data. | | Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. | -| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies used to enable updates on your devices. You can take the responsibilities for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. | +| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. | ## Unenroll from Windows Autopatch -**To un-enroll from Windows Autopatch:** +**To unenroll from Windows Autopatch:** 1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. 1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. -1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. -1. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. + 1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. + 2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. 1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment). 1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete. 1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant). diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index c5ba6ea4fe..107f37c50e 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -36,6 +36,7 @@ The goal of Windows Autopatch is to deliver software updates to registered devic | Management area | Service level objective | | ----- | ----- | | [Windows quality updates](../operate/windows-autopatch-wqu-overview.md) | Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. | +| [Windows feature updates](../operate/windows-autopatch-fu-overview.md) | Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates. | | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). | | [Microsoft Edge](../operate/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. | | [Microsoft Teams](../operate/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. | @@ -56,33 +57,13 @@ Microsoft remains committed to the security of your data and the [accessibility] ## Need more details? -### Prepare +| Area | Description | +| ----- | ----- | +| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:
              • [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
              • [Configure your network](../prepare/windows-autopatch-configure-network.md)
              • [Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)
              • [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)
              | +| Deploy | Once you've enrolled your tenant, this section instructs you to:
              • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
              • [Register your devices](../deploy/windows-autopatch-register-devices.md)
              | +| Operate | This section includes the following information about your day-to-day life with the service:
              • [Update management](../operate/windows-autopatch-update-management.md)
              • [Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)
              • [Submit a support request](../operate/windows-autopatch-support-request.md)
              • [Deregister a device](../operate/windows-autopatch-deregister-devices.md)
              +| References | This section includes the following articles:
              • [Windows update policies](../operate/windows-autopatch-wqu-unsupported-policies.md)
              • [Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)
              • [Privacy](../references/windows-autopatch-privacy.md)
              • [Windows Autopatch Preview Addendum](../references/windows-autopatch-preview-addendum.md)
              | -The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch: +### Have feedback or would like to start a discussion? -- [Prerequisites](../prepare/windows-autopatch-prerequisites.md) -- [Configure your network](../prepare/windows-autopatch-configure-network.md) -- [Enroll your tenant with Windows Autopatch](../prepare/windows-autopatch-enroll-tenant.md) -- [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) - -### Deploy - -Once you've enrolled your tenant, this section instructs you to: - -- [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) -- [Register your devices](../deploy/windows-autopatch-register-devices.md) - -### Operate - -This section includes the following information about your day-to-day life with the service: - -- [Update management](../operate/windows-autopatch-update-management.md) -- [Submit a support request](../operate/windows-autopatch-support-request.md) -- [Deregister a device](../operate/windows-autopatch-deregister-devices.md) - -### References - -This section includes the following articles: - -- [Privacy](../references/windows-autopatch-privacy.md) -- [Windows Autopatch Preview Addendum](../references/windows-autopatch-preview-addendum.md) +You can [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch). diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md index 5170032f91..25e24cc544 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md @@ -1,7 +1,7 @@ --- title: Enroll your tenant description: This article details how to enroll your tenant -ms.date: 05/30/2022 +ms.date: 07/11/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to @@ -16,7 +16,10 @@ msreviewer: hathind Before you enroll in Windows Autopatch, there are settings and other parameters you must set ahead of time. -The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration -related settings. This tool allows you to check the relevant settings and detailed steps to fix any settings that aren't configured properly for Windows Autopatch. +> [!IMPORTANT] +> You must be a Global Administrator to enroll your tenant. + +The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration-related settings. This tool allows you to check the relevant settings and details steps to fix any settings that aren't configured properly for Windows Autopatch. ## Step 1: Review all prerequisites @@ -32,13 +35,13 @@ The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager **To access and run the Readiness assessment tool:** > [!IMPORTANT] -> You must be a Global Administrator to enroll your tenant. +> You must be a Global Administrator to run the Readiness assessment tool. 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. In the left pane, select Tenant administration and then navigate to Windows Autopatch > **Tenant enrollment**. > [!IMPORTANT] -> If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md). +> If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses). A Global Administrator should be used to run this tool. Other roles, such as the Global Reader and Intune Administrator have insufficient permissions to complete the checks on Conditional Access Policies and Multi-factor Authentication. For more information about the extra permissions, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). @@ -50,7 +53,7 @@ The following are the Microsoft Intune settings: | Check | Description | | ----- | ----- | -| Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. The policy shouldn't target any Windows Autopatch devices. | +| Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure update rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). | | Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. | ### Azure Active Directory settings @@ -59,38 +62,27 @@ The following are the Azure Active Directory settings: | Check | Description | | ----- | ----- | -| Conditional access | Verifies that conditional access policies and multi-factor authentication aren't assigned to all users.

              Conditional access policies shouldn't be assigned to Windows Autopatch service accounts. For more information on steps to take, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). | -| Windows Autopatch service accounts | Checks that no usernames conflict with ones that Windows Autopatch reserves for its own use. | +| Conditional access | Verifies that conditional access policies and multi-factor authentication aren't assigned to all users.

              Your conditional access policies must not prevent our service accounts from accessing the service and must not require multi-factor authentication. For more information, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). | +| Windows Autopatch cloud service accounts | Checks that no usernames conflict with ones that Windows Autopatch reserves for its own use. The cloud service accounts are:

              • MsAdmin
              • MsAdminInt
              • MsTest
              For more information, see [Tenant access](../references/windows-autopatch-privacy.md#tenant-access). | | Security defaults | Checks whether your Azure Active Directory organization has security defaults enabled. | | Licenses | Checks that you've obtained the necessary [licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | +### Check results + For each check, the tool will report one of four possible results: | Result | Meaning | | ----- | ----- | | Ready | No action is required before completing enrollment. | | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.

              You can complete enrollment, but you must fix these issues before you deploy your first device. | -| Not ready | Enrollment will fail if you don't fix these issues. Follow the steps in the tool or this article to resolve them. | +| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. | | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. | -### Seeing issues with your tenant? +## Step 3: Fix issues with your tenant If the Readiness assessment tool is displaying issues with your tenant, see [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) for more information on how to remediate. -### Delete data collected from the Readiness assessment tool - -Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form. You can choose to delete the data we collect directly within the Readiness assessment tool. - -> [!NOTE] -> Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data. - -**To delete the data we collect:** - -1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). -2. Navigate to Windows Autopatch > **Tenant enrollment**. -3. Select **Delete all data**. - -## Step 3: Enroll your tenant +## Step 4: Enroll your tenant > [!IMPORTANT] > You must be a Global Administrator to enroll your tenant. @@ -105,4 +97,24 @@ Within the Readiness assessment tool, you'll now see the **Enroll** button. By s - Provide Windows Autopatch with IT admin contacts. - Setup of the Windows Autopatch service on your tenant. This step is where we'll create the policies, groups and accounts necessary to run the service. -Once these actions are complete, you've now successfully enrolled your tenant. Ensure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md) before you [register your devices](../deploy/windows-autopatch-register-devices.md). +Once these actions are complete, you've now successfully enrolled your tenant. + +### Delete data collected from the Readiness assessment tool + +You can choose to delete the data we collect directly within the Readiness assessment tool. + +Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form. + +> [!NOTE] +> Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data. + +**To delete the data we collect:** + +1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). +2. Navigate to Windows Autopatch > **Tenant enrollment**. +3. Select **Delete all data**. + +## Next steps + +1. Maintain your [Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md). +1. Ensure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md) before you [register your devices](../deploy/windows-autopatch-register-devices.md). diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index b9f8c7b372..13b48f4d5d 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -14,13 +14,17 @@ msreviewer: hathind # Fix issues found by the Readiness assessment tool +Seeing issues with your tenant? This article details how to remediate issues found with your tenant. + +## Check results + For each check, the tool will report one of four possible results: | Result | Meaning | | ----- | ----- | | Ready | No action is required before completing enrollment. | | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.

              You can complete enrollment, but you must fix these issues before you deploy your first device. | -| Not ready | Enrollment will fail if you don't fix these issues. Follow the steps in the tool or this article to resolve them. | +| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. | | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. | > [!NOTE] @@ -44,8 +48,8 @@ Your "Windows 10 update ring" policy in Intune must not target any Windows Autop | Result | Meaning | | ----- | ----- | -| Not ready | You have an "update ring" policy that targets all devices, all users, or both. Change the policy to use an assignment that targets a specific Azure Active Directory (AD) group that doesn't include any Windows Autopatch devices.

              After enrolling into Autopatch, make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.

              For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

              | -| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch. This advisory is flagging an action you should take after enrolling into the service:
              1. Make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
              2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also exclude the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

              For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure). | +| Not ready | You have an "update ring" policy that targets all devices, all users, or both.

              To resolve, change the policy to use an assignment that targets a specific Azure Active Directory (AD) group that doesn't include any Windows Autopatch devices.

              For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

              | +| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch.

              You can continue with enrollment. However, you must resolve the advisory prior to deploying your first device. To resolve the advisory, see [Maintain the Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md).

              | ## Azure Active Directory settings @@ -68,13 +72,13 @@ Windows Autopatch requires the following licenses: | ----- | ----- | | Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | -### Windows Autopatch service accounts +### Windows Autopatch cloud service accounts Certain account names could conflict with account names created by Windows Autopatch. | Result | Meaning | | ----- | ----- | -| Not ready | You have at least one account name that will conflict with account names created by Windows Autopatch. Work with your Microsoft account representative to exclude these account names. We don't list the account names publicly to minimize security risk. | +| Not ready | You have at least one account name that will conflict with account names created by Windows Autopatch. The cloud service accounts are:
              • MsAdmin
              • MsAdminInt
              • MsTest

              You must either rename or remove conflicting accounts to move forward with enrolling to the Windows Autopatch service as we'll create these accounts as part of running our service. For more information, see [Tenant Access](../references/windows-autopatch-privacy.md#tenant-access).

              | ### Security defaults diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index 7d992eafee..ee8956decd 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -58,11 +58,21 @@ Windows Autopatch only processes and stores system-level data from Windows 10 op For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process personal data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement. +## Tenant access + +Windows Autopatch creates and uses guest accounts leveraging just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts. + +| Account name | Usage | Mitigating controls | +| ----- | ----- | -----| +| MsAdmin@tenantDomain.onmicrosoft.com |
              • This is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.
              • This account doesn't have interactive login permissions. The account performs operations only through the service.
              | Audited sign-ins | +| MsAdminInt@tenantDomain.onmicrosoft.com |
              • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
              • This account is used for interactive login to the customer’s tenant.
              • The use of this account is extremely limited as most operations are exclusively through MsAdmin (non-interactive) account.
              |
              • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
              • Audited sign-ins | +| MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins | + ## Microsoft Windows Update for Business Microsoft Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. Windows Autopatch uses this data and uses it to mitigate, and resolve problems to ensure that all registered devices are up to date based on a predefined update cadence. -## Microsft Azure Active Directory +## Microsoft Azure Active Directory Identifying data used by Windows Autopatch is stored by Azure Active Directory (Azure AD) in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Azure AD data is located, see [Azure Active Directory - Where is your data located?](https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9) From 3533084157a6a909f63bfce340923363a677eeb7 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 8 Jul 2022 15:02:21 -0700 Subject: [PATCH 528/540] Fixed acrolinx score. --- windows/deployment/windows-autopatch/operate/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/index.md b/windows/deployment/windows-autopatch/operate/index.md index 65c5f08dbf..88dfceb72d 100644 --- a/windows/deployment/windows-autopatch/operate/index.md +++ b/windows/deployment/windows-autopatch/operate/index.md @@ -14,7 +14,7 @@ msreviewer: hathind # Operating with Windows Autopatch -This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, maintaining your Windows Autopatch environment, how to contact the Windows Autopatch Service Engineering Team, and un-enrolling your tenant: +This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, maintaining your Windows Autopatch environment, how to contact the Windows Autopatch Service Engineering Team, and unenrolling your tenant: - [Update management](windows-autopatch-update-management.md) - [Windows quality updates](windows-autopatch-wqu-overview.md) @@ -25,4 +25,4 @@ This section includes information about Windows Autopatch update management, typ - [Maintain the Windows Autopatch environment](windows-autopatch-maintain-environment.md) - [Deregister devices](windows-autopatch-deregister-devices.md) - [Submit a support request](windows-autopatch-support-request.md) -- [Un-enroll your tenant](windows-autopatch-unenroll-tenant.md) +- [Unenroll your tenant](windows-autopatch-unenroll-tenant.md) From 99908704f75f2026cab5610636da3b84d25cf969 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 8 Jul 2022 17:11:55 -0700 Subject: [PATCH 529/540] Added Unlicensed admin hyperlink. --- .../prepare/windows-autopatch-enroll-tenant.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md index 25e24cc544..99940fe13f 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md @@ -19,7 +19,7 @@ Before you enroll in Windows Autopatch, there are settings and other parameters > [!IMPORTANT] > You must be a Global Administrator to enroll your tenant. -The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration-related settings. This tool allows you to check the relevant settings and details steps to fix any settings that aren't configured properly for Windows Autopatch. +The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch. ## Step 1: Review all prerequisites @@ -54,7 +54,7 @@ The following are the Microsoft Intune settings: | Check | Description | | ----- | ----- | | Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure update rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). | -| Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. | +| Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. For more information, see [Unlicensed admins in Microsoft Intune](/mem/intune/fundamentals/unlicensed-admins). | ### Azure Active Directory settings From 423a83952640a56343706f133d1db5d505e35e86 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Mon, 11 Jul 2022 08:26:29 -0700 Subject: [PATCH 530/540] Update windows-autopatch-unenroll-tenant.md --- .../operate/windows-autopatch-unenroll-tenant.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index d50c91a1fc..03abc5724f 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -22,7 +22,7 @@ If you're looking to unenroll your tenant from Windows Autopatch, this article d Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: - Remove Windows Autopatch access to your tenant. -- Deregister your devices from the Windows Autopatch service. De-registering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device. +- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device. - Delete all data that we've stored in the Windows Autopatch data storage. > [!NOTE] From 93522d9b143c71a9e11d769179e8c861f1566c4b Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Mon, 11 Jul 2022 13:10:29 -0700 Subject: [PATCH 531/540] Clarify hybrid Azure AD join is supported For Windows diagnostic data processor configuration --- .../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 5e15ca25f9..06dbd93c71 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -122,7 +122,7 @@ For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022. -To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. +To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD (can be a hybrid Azure AD join), and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services. As part of this change, the following policies will no longer be supported to configure the processor option: - Allow commercial data pipeline diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 5872796290..54a53c7426 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -267,7 +267,7 @@ The Windows diagnostic data processor configuration enables you to be the contro - Enterprise - Professional - Education -- The device must be joined to Azure Active Directory. +- The device must be joined to Azure Active Directory (can be a hybrid Azure AD join). For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. See [Lifecycle Policy](/lifecycle/products/windows-10-enterprise-and-education) From 2d648a04f12d88d67eb5dc1eec6cb58feb2c93c0 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Mon, 11 Jul 2022 13:17:33 -0700 Subject: [PATCH 532/540] Update windows-11-se-overview.md Updated versions for Kite and Chrome --- education/windows/windows-11-se-overview.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 5a247f51f3..9f89ef79d0 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -56,11 +56,11 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run |FortiClient |7.0.1.0083 |Win32 |Fortinet| |Free NaturalReader |16.1.2 |Win32 |Natural Soft| |GoGuardian |1.4.4 |Win32 |GoGuardian| -|Google Chrome |100.0.4896.127|Win32 |Google| +|Google Chrome |102.0.5005.115|Win32 |Google| |Illuminate Lockdown Browser |2.0.5 |Win32 |Illuminate Education| |Immunet |7.5.0.20795 |Win32 |Immunet| |JAWS for Windows |2022.2112.24 |Win32 |Freedom Scientific| -|Kite Student Portal |8.0.1 |Win32 |Dynamic Learning Maps| +|Kite Student Portal |8.0.3.0 |Win32 |Dynamic Learning Maps| |Kortext |2.3.433.0 |Store |Kortext| |Kurzweil 3000 Assistive Learning |20.13.0000 |Win32 |Kurzweil Educational Systems| |LanSchool |9.1.0.46 |Win32 |Stoneware| @@ -83,7 +83,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run |Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser| |Secure Browser |14.0.0 |Win32 |Cambium Development| |Secure Browser |4.8.3.376 |Win32 |Questar, Inc| -|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud| +|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud| |SuperNova Magnifier & Screen Reader |21.02 |Win32 |Dolphin Computer Access| |Zoom |5.9.1 (2581)|Win32 |Zoom| |ZoomText Fusion |2022.2109.10|Win32 |Freedom Scientific| From 8a3713adcd0f2ff141707294d12397d9d3d4d144 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 11 Jul 2022 14:54:10 -0700 Subject: [PATCH 533/540] Standardized spelling. --- windows/deployment/windows-autopatch/TOC.yml | 2 +- .../operate/windows-autopatch-deregister-devices.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index baf2422f09..c56b83ed47 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -62,7 +62,7 @@ href: operate/windows-autopatch-support-request.md - name: Deregister a device href: operate/windows-autopatch-deregister-devices.md - - name: Un-enroll your tenant + - name: Unenroll your tenant href: operate/windows-autopatch-unenroll-tenant.md - name: Reference href: diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md index 7fe4c8e3d4..4fe92e457d 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md @@ -14,7 +14,7 @@ msreviewer: andredm7 # Deregister a device -To avoid end-user disruption, device de-registration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. +To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. **To deregister a device:** From 8546102f91b4ed06df4ade9317b3422280e53c53 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 12 Jul 2022 15:35:44 -0700 Subject: [PATCH 534/540] Update security-policy-settings.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/39b0b647-dc09-4851-ba5f-05643211e211#CORRECTNESS Line 48: polices > policies Line 123: logs users onto > logs on users to Line 300: speciy > specify --- .../security-policy-settings/security-policy-settings.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index 305941019b..7cbaa1f1fc 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -45,7 +45,7 @@ For more info about managing security configurations, see [Administer security p The Security Settings extension of the Local Group Policy Editor includes the following types of security policies: -- **Account Policies.** These polices are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies: +- **Account Policies.** These policies are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies: - **Password Policy.** These policies determine settings for passwords, such as enforcement and lifetimes. Password policies are used for domain accounts. - **Account Lockout Policy.** These policies determine the conditions and length of time that an account will be locked out of the system. Account lockout policies are used for domain or local user accounts. @@ -120,7 +120,7 @@ For devices that are members of a Windows Server 2008 or later domain, securit - **Local Security Authority (LSA)** - A protected subsystem that authenticates and logs users onto the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system. + A protected subsystem that authenticates and logs on users to the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system. - **Windows Management Instrumentation (WMI)** @@ -297,7 +297,7 @@ Group Policy settings are processed in the following order: 1. **Domain.** - Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you speciy. + Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you specify. 1. **Organizational units.** From d805e985be0295efa4ffc8b558bd98ec27dff6e6 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 12 Jul 2022 16:26:03 -0700 Subject: [PATCH 535/540] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cloud-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index cfc435c989..d55c06e785 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -48,7 +48,7 @@ When you enable Azure AD Kerberos in a domain, an Azure AD Kerberos Server objec More details on how Azure AD Kerberos enables access to on-premises resources are available in our documentation on [enabling passwordless security key sign-in to on-premises resources](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). There's more information on how Azure AD Kerberos works with Windows Hello for Business cloud trust in the [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview). -If using the hybrid cloud trust deployment model, you MUST ensure that you have adequate (1 or more, depending on your authentication load) Windows Server 2016 or later Read-Write Domain Controllers in each Active Directory site where users will be authenticating for Windows Hello for Business. +If you're using the hybrid cloud trust deployment model, you _must_ ensure that you have adequate (one or more, depending on your authentication load) Windows Server 2016 or later read-write domain controllers in each Active Directory site where users will be authenticating for Windows Hello for Business. ## Prerequisites From 2ba0d7d509f722ec581191c1539335a1ec36049b Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 12 Jul 2022 16:29:20 -0700 Subject: [PATCH 536/540] editorial revision --- ...s-defender-application-control-with-dynamic-code-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index 3720558b80..b00d8dca38 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -24,7 +24,7 @@ Historically, Windows Defender Application Control (WDAC) has restricted the set Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. Beginning with Windows 10, version 1803, or Windows 11, Windows Defender Application Control features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. -When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources (any non-local sources, such as Internet or network share). +When the Dynamic Code Security option is enabled, Application Control policy is applied to libraries that .NET loads from external sources. For example, any non-local sources, such as the internet or a network share. Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with. From 300f50b7e13cdd79e1695cd520b741d0439d1d5a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 12 Jul 2022 16:34:20 -0700 Subject: [PATCH 537/540] fix links --- .../client-management/system-failure-recovery-options.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index b1cbad90d2..45ab9b85d6 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -7,7 +7,7 @@ ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium ms.author: delhan -ms.date: 8/22/2019 +ms.date: 07/12/2022 ms.reviewer: dcscontentpm manager: dansimp --- @@ -188,7 +188,7 @@ To specify that you don't want to overwrite any previous kernel or complete memo This is the default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time. -If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more details, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump). +If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more information, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump). To specify that you want to use an automatic memory dump file, run the following command or modify the registry value: @@ -218,7 +218,7 @@ To specify that you don't want to overwrite any previous kernel or complete memo An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a Complete Memory Dump. -This dump file includes any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file-backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages, and various other types of memory that are not likely to be useful during debugging. For more details, see [Active Memory Dump](windows-hardware/drivers/debugger/active-memory-dump). +This dump file includes any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file-backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages, and various other types of memory that are not likely to be useful during debugging. For more information, see [Active Memory Dump](/windows-hardware/drivers/debugger/active-memory-dump). To specify that you want to use an active memory dump file, modify the registry value: From dcaa564b27f23bd35aeabb56e31f1d771c6c2ba8 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 12 Jul 2022 16:38:48 -0700 Subject: [PATCH 538/540] edititorial revision --- .../hello-for-business/hello-feature-dynamic-lock.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index cd2812800e..cbdcb1ce5b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 09/09/2019 +ms.date: 07/12/2022 ms.reviewer: --- @@ -26,7 +26,7 @@ ms.reviewer: Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. > [!IMPORTANT] -> The feature only locks the computer if the Bluetooth signal falls and the system is idle. If the system is not idle (for example, the intruder got access **before** the Bluetooth signal falls below the limit), it will not be locked. Therefore, the dynamic lock feature is an additional barrier, it does not replace the need to lock the computer by the user, it only reduces the probability of someone gaining access if the user forgets to lock it. +> This feature only locks the computer if the Bluetooth signal falls and the system is idle. If the system isn't idle (for example, an intruder gets access _before_ the Bluetooth signal falls below the limit), the device won't lock. Therefore, the dynamic lock feature is an additional barrier. It doesn't replace the need for the user to lock the computer. It only reduces the probability of someone gaining access if the user forgets to lock it. You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. From 03f435394999471890c5d32ecb68cbfa8573541a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 12 Jul 2022 16:43:33 -0700 Subject: [PATCH 539/540] editorial revision --- ...ity-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index f4c0cda9aa..4c05d8bea2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -27,7 +27,7 @@ Describes the best practices, location, values, management aspects, and security > [!NOTE] -> To learn more about configuring a server to be accessed remotely, check [Remote Desktop - Allow access to your PC](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access). +> For more information about configuring a server to be accessed remotely, see [Remote Desktop - Allow access to your PC](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access). ## Reference From e838504fe6eaed99dc16dfeb68a8efa2a0832f68 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 12 Jul 2022 17:10:20 -0700 Subject: [PATCH 540/540] Update hello-hybrid-cloud-trust.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/50b68978-5308-45d9-bc1a-662fd43b5e69#CORRECTNESS Line 21: sign in > sign-in --- .../hello-for-business/hello-hybrid-cloud-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index 9bbad19bf1..1f4f7f1f17 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -18,7 +18,7 @@ Applies to - Windows 10, version 21H2 - Windows 11 and later -Windows Hello for Business replaces username and password Windows sign in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario. +Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario. ## Introduction to Cloud Trust

    Policy path

    Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

    Local Policies\\Security Options\\System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing

    Conflicts

    Policy path

    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

    Conflicts

    Policy path

    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

    Conflicts

    		xPjURyL_&6Gt!NEbpc>lI;@FhrX^C6}VcABlT7>l_E-? zE8YUmk{xjKN%aL3$yW{KbNr6W)CM@S#vgi&p=R|DG>P)Y@Bo2OV%1HcY;q>Z^7Nf} zi{6+ra*Vb4sf}IB6K1?_jw0pVu4Vm%W6W>TpNv0so({IduBmP2^L$#?s$eiU(*PKU zCQ67{2nRunS5n1Qi%wTARta3b={Oy`GIg=rcWbyEae3*pGzPebUMAQubeXuPuDCbe zXE2HA+QARzNL^;q7*)0~^uMdhf9<3>(>Hn4qg*KFJ{`sZ%jQ+ksOeBrUUthyuV(s7 zEGPW%>4xu}d;CzjS0>Ph*Ow#VaR?_hOY=py2VRxu1@v%gRh4_;n9%8>TIbL?N{p>8 zDr2l^(^hh%{-B8+Lf^7BS|0T z!W7T0!f2hxA`*U3+q}tc2#7Mpxz2;W>JP>mKY6hpRk7-kEibCfFwyl8g;cMjBTg5q$3a8?aN$ zc;2x-$-y1^aFS0*bddfmv-1Cv*!gQ+SU)R;$Y2IlVyHA9hco-?9O6OSN=LjGD1R~rh)iKav%C!wow^|2s4HRPED z<4+Q7hVM)*{{nw{@Zw5%|N6*OoTvKw-;m4MUWl_Z3h*?B+8BT1l;Z-Sp4&H~*zWyt ztMsYs`uod$0IxIo8z#7REi<IR@npg|I1pfVGCOCwNIlV$DT!=({ zQOid{dPF>w5ChZ7=}3r>g3EIR>TT>k>~HXx)yHGEj~goPnCsQ5{S$Nv&Z;68^zgrp zQfMhGw83`HoX;KK<`h*>HjOHKt2N3Loly9*RZiH=@_U$CDK`@6e(x|=5dAgA|9Vk$ z%~kz@$ffc-qllpu%w|GJ0&-Kox0e>#9!&}q%8b}>DafL=8c8^_xG zqL-QQ?k#MyV_y%Mk?_t~Qge2Of_$Cv_2w46Ll~qm;oZu%h5z_g{d2xwze-2@1`f_4 zpUfeA96&ab<_$Xz`2HNy-`>=yY<6}H{T(^RiZwkfP-eS;C49V5wrbl!MapL-41NyS ze;;iXvQgGqWT)cz;Xfgfsj@9wI^OHnssU)nnvVEY>}+i9i(OHd#LAl1e8n{Bs-+k< zmy<}D!3zp+cK$Y7VB&z(ILx_YGSfvyp3J$l~=+J$CYc`@jEs>%f`) z2<`Zi+amff|Ko!o6a%A8+$YcVw_!j`CX|77O1Ea>gU2L44NJ%o22MEgm09RU5DvM&0H)z79p=GnGFxy_t zQReqN`+l}L_)YTUxQA$WgL`0BK>`hcyf`dQY+NeM{ElJn1d;*%hJas|tK-g9>61R0lPGbe1^(-I%ldH<%6wak3tfB(+6L+m)IFj*C8nvAeG{Q?(OZ(o45sa z|Lur7JG*?P)L#Sow|5RExf(y}eTK8-@@DN%^=_}~v9Z_*{~R9PJ>PCzXs57xk|gMO zz;2S@4a@hEmD7D+4(H-D?pASeamoI==Z8b`dZ|0wWzLUex9PnfsfY<~vYXk}88^6P z-Qf|Wb6}t&lx%o+;G1NPb%s&Q>2$q&$%!{ga&e;M9#l$7Ca-rp#p9ynWyJ|VfY2U= zy=8ubVAxIAFfn>^6$!pSbD#(v9U6SBVAwL&?iEVQy8b2Jc44w}j?-2n3T;$)F^Flf z&edLZIaug0VtBPoUQ9|~pKcj23te_I?(-&gadH}5fMfkqIHUiKTpo(g)kQmI9z@=j zOSw&x7rIPxgX|4E#(Wg=SgZ~)mT<{hJy?fop)}0^J&hF5AvC{R1d;Qatt!1fKiWK* z-yayN-1a>-q)PE_CG3Dbqp)V38J7Zimz?L#SJ_@D)ZIE_ z-PB}R5TKXkqkC#H(>=bGjuHT5hqi4Sajy2KmS~OT1U_^B6mR6Sa`Qe_#KRV-TPF+h zPu60N)o?xlbiQGn`fJbpyQLMRxExVSfA?DcZL_xv?Rcxi6GUKPrS`CTtwJB(ENT!W z=9`(oCt{RS@tHfa+MFV`gnS=*nE@CKIq35k7#NC`RysPG&#@|D9{YXS?vutR#t1hZ z&0Jvos`k1cIx0VyWIxrClf&QJ+f$jG^F~UTm@s;HA_h~XWK~THz*MZd*pu$;>uW19 z>~P45&pT7|uRV;gMvt(@iy%7!;9i@>PC_W-zt-LFmqU}P1pp-X6#=j&HtXpp*|^7} zV)MFKWw41tDnW;hzyK^<@h7eKJ&IqW&BSwKk89h9S@pzp88sVIQv(QUijZ@vmoL_i z#YT=SCGVTTn`%5}>0Hea^RfKuVR6qK6IO_Z=Se5wh5hQy7G!e3J9>Yp^I>cH3fip1AM>=GBKUygKrl1Rve9Rr6x3n2l4OH86L*Ll7~^Wn*Ld z<5T$Sw*&|w4z{2afVMNH6JMR{ZLE?>4fa$Sm4mAu2fIwGlVwZ*+C)e$c+uQMk0$Gj#$D0D%IC!P>Dg zp9pA;3iLh#m%#>Lk7~Y;04z_iFE#<-DPDpn^}J3o3$!YIVq;^OqtMPRt>1*eykVgj z*!bC{`*Ri}X<#vsKDv1J{ml?MU|QM;ZvNpB{quENwGYgz;(CGF`tA{{*x3drJPbVe z*!|Oy@78nZOc?FkRSR+e4W*QxnVB1ky2CXgY7Z5xL(O;`tdHXG&A6l?Ge!UsZl|#= z#1g%K>G;EktN9xH-0$D}4z312RB;7{(&iX?{2GQt0LCBk67!X7hcgNNgYuPbU^ZTu zhTJAW6kKzL+s?OM-6P82fNoiuS;f`fB#46h{`2+xf1G>z{aYY_lou8yEP#3oL~f9 zr$YRq0Y9nLg`AgJPBMLzv=(PR;5H8Wc*`l91(MNo=vrfdJ$#HRkb<^4x7sK){ z=LMAj0R3=h)|X&@NW$0h{m@IsD7S zTE!jksA)#>)Cd?Dq`y6jVyqeXeUBsIa}8g-K_kuhcMD0My8kUTsCJ-ruGzpv&$|G` zN~0_-_21BoSZUx_kGQhE&UdFy@M5Dq@RQl_DjL;!%*SxKP3nTYQRl?Olyn%Iummxh z%ek4o`lhvAPHmIl{%}-n;qdM7C2*WxK;Zf%nSE8p@E&xu2rltb?S;-211;fRhZSzO5;f3V}&|&l7xcLOAjrMW9zb8dgY`$Ln73p}jmNrbjYDX!k=D zfu+CXri&a;hYT6Eul|ZUYbF43eBC;HgQn)6PnTYhaph9vH4rr`1_X}I=uvv z13*zaqWCNkFpx%2d45wIuMas(42Fd_W(9RQYmVs0TmS9r4f$ni zVoq0DDUdMX$S)k^48PG-$Iv~5uj=(`x{UnTy)ayNPin*&DowULtQR&*ZEv7IM0`K- zR`!f%PWh*O`Qxh7^D^$u!cqC(Kepef%t=D_Gf7#$!I_6nf9{7v4*v?8QuosUBNW8J z&(8IEe^G`sjjOV{caM(RNgm|$+wmwuWvW85ru)k-LsG$5HFL6dMvD z9{#dEZFzr7;{CCJe!Vio-}l=za-&G4S-TXQj+FYF3|Eh5w$*EPzncBaO#U&qbMtWo zXT7?|-4$FeK3kz5Q41C#2~J%S&i*?Zf1;v6;_w6UMMvg<8c zHqo~l&$omC_HZ0Obq?c}8%0bngFfIzUm6&w3s5AyfR z?B}X^@6MBioDEL*melLr%KMlY7%%{Ns&RfU1VyjY7Su*J!}$^2MhT${m<%2_O`6W&6Cjc@a=;>QWySWY;7s?A?AE`YjA{V@&eFsl+!IwVR`B$KMqZ`{zDf9EJxVd` z2w$t{Gb%;^I^$rCqq*?t@uQ7o7n}yNNwiZ=oq=b?_1|q5q+fjW#JFTPmKy8LM@fYg zi--DNc$|*f^(OLajnp?-B_zHDKJq2G5a<}q18?GIMt|443n1N~B+?7wEF7KZzZNqI z0LP83S^v8F?Zu&FUWBeDBI)?uxxdWunsq;wh}-wO=cl_19lL4x6^*CM34@5EE2?bJ z(HcTw_~_WnAMEZQ={fBiPxP{7`wIcOeHJ7(uHoTGMrFQq%+cuk!fSiJS(&CIM5FV# zzjNaV;O;>vw2N>yHZ6oTdW$t6mMNy)AeL{;`0D?bVg1{X<~F+$RI&H04QE|qW*hQw zS9)R%;T4uu;6@x8PEAy|defI`36WiodQYs_vF=$lm8EPAHYSQ-Vq%^pxG(Y-^mqP< zlE?3`taS48u7q%SO{-hXBo!1RF zDy)ZV%9-t#!>o^H%V78*^SUk8u{(BLeR8Z;>(Di63%JkxUK^yMrzb?wevR}-gU3L_ zLsk4FCn{@a!tmq5w*aiy3+*tD`JAj`lRk22WD^-E2e%x6C~EAw!7 z0qNgCE5qoDtF*MB=Jz*fsCPdruT*`Cj?Q`Cw=i$Az#MhG#h*Yeg~Gay(ES)B%~TtZ z#=8dxPZVq-a$7*CmMd%7CGJ5M0o$ywdgI=LS2HqHYMgUP7`MqkA;rQY&u?#nujg@! zJbE>%B}d}UB$xPOx_WzlvvNks2UVJoVAVjD;(bI$FCDI6txWq*!}a@Bs;qK3UR7nk z6?>QXeqPa0Gay&*?tkHB6T=zb9M`$hAy39{bC7<9?B0W}qbBVDO;^8@NS>CL7gPTm zhN`ryDH?RF;lhsW7SXMpW*qkU#_fiXNJ7FuN})SAci5hQ)EwtA6gB??q#QSu%*P6S z=rTKE^;kPO6&$B z!oooK0fefsFH>mUiT}M@#3q|j*jOh)bwTz9|7fdE%IU}?7N|yBNJ2Gv9Y~fpj#M)M z+1X`2$fgbi6?wF~St-=MgFYC$3m?UD128v!DPLT2I6R`!oQkh5F; zsU!fYG`wVwgFKuLI*;YlZJpYgT=XI1*Hz^k8x|W=n)qeDA(+aXl=a% zh`V{Lev)EPuYVjI^pO)Yr1rkXN-?gwsbyLjyJZ1=>Mi7M#Bq#4a6xm26-o0;#sJ4q z`eQQys8YV4b>5ox0lVP0^G)bbvA*PGrYxz41qpcnKksE+AP{p)OBo5hMnBFip*1<; zCx;puH7cRUy9-ZIyE5OcVbr3cq5#>>AQS%jQjrdnD5j^Y%h(*ZUaad;lg-Z5%G2vfmKxd2Yb?%Rh6Wi^2H z{>-?&l4+&jf|ZF$rk?Zv<~iK;t=lJ9HZ;~G4+S?4#sh|UC3=876ya+FP<3%ZTnvB$Iuw-iRE;SICX+;=KxU6>fLBBA~BbD+> z=K3*2Fe!+(SKX(Nc0N?=L)vSG^{UW7m{c z`qPobbTs!@hZgXoZM{KeHTQ+6@D9+$cr%%biH>fiW?b00v~-!cKpY=Roe;^tzD&Vy z7c~ynyE`9LpIbp=(f~s}Z`RG!Y%I5e{oQ}t5&N&2(zhXCoQ=d!HY>4b0o~uD+@tzN zyHloARL_p9i_r9VLrJ$8N_~8Jf^ah+CbcdXh~VhA+!XS}I@*MNlov%-r6+Uk*8l;A zo0mEdd&B)%NoE6@2&}_HJ}o;Ju41nie?3{Qbrb;D@_U>VcRyk0?ueDbnx+BhS;zG; z)=DUMj<-}N_6?&u?$5CLd#;=T_l8~sAu~N%meu`LF9t;Oxi5}@VniM`O@n3wItsB} zdzo3UaoWs<{Fiy8r_Zed4vBYj;SI3$*mYW24`n*SZ(u^*$MOoero4qpeb3kv28hY3 zwpLcM&}Y0+h~rPa`;1Y~5ZiXLB+;0#(Ja#e@ljo=PJPFc)1J7?pv(K zKJUuS$FkQrE+rY*+w1F&Sb>u{!nG3GI|fUCM#N(=DE>=^5fp=0QzQd+dWYo~=FkXo zu3lN`&X4D|1w|u(?Opw}ZVqY;pt(|Lxi7@omDTUBRSj|j2A6VywFgx=GhUT>^5#X1 zH6y%g632OV_-S8P)6cvb$g<=^+^8fArpgtRvAufUIa*s=1IeJKC13RDp^BFj(^KUS zy^yD-7LXd^#(cexGoEMJ;)i?MUZ+c|6D1g2+}tIW=T187+Nz^4O|W8Bp{SDu0v6eq z#D|&z)FNB&Kw{FWr5tg7yZ|(l2ER&3>KHJ>&n|TnqSExd5vnY**dS%@nuY)sGzmCB zkMnr^8bv|x8#iw3Ow2X`UCQxgdq{!KZf6U@0#I=?1iuLPcH@&SxO7VZUYj?PJIjbH zd$k4sXtN7dI_afhe-zo1uKlQ>%Uo3qxr5OjMio+fe(-9uYssN=;iEo~tNSg-zC3Ba z^8>9neqXL@=kb|H;D-+cqY(Ba0nam@SEfd@K+Z6)=G3_s59qeF0bM^fq6~h9jzdsQ zYfaPtW>)pfc_}d+u!8!h1&^pQ^1HguUp*|jEA;o0Z0_?*Ig7Gm-l{aihlkar&kUpE z>%elvPXYPTbv6s%Ezr?~=G=<#H;rA+Mp+kik6Nl0pjdVD-%rbf5}|DGB3_Pl1LBTY zk%q4vmC!c{N&72Rxa!-Zd3;Jr4dP~Ixn=`j>f#T8N`Y#OoAZeE;1y`iDT9zZky30% zb4v>b*osCPV+#JKMnQ=+OjHqe`>;ND-MR=kO;rowLY(eLEE^NmL_YOyIc_mo8f7M+ zR-r1f7enE_cS#?AN32(*(ARG<1r*?9;Q`kc|CQ?fqdxsaC5ac*PB$TyGQSmz+nqKQ zR8#`NC#Yj;iwSt}gBTza!gg-}0dqUIWYN4313Bu)vAS-Tbq9Gd5iB964UmF&J6!iu z&GQm>IT^g6lb6G0^bP?GU4Wn?oZjK}D%p5FK>5F!{8?*67L{UNSS^hhD>ar)*vl(w zsJTlP@Hr_dERsR`b#L6z$y|UcAmCS<$+Knc)l9>S>iwf1HjY`QP(doKJCx-`f-c1@ z3oB=Gm-T>b7pLKwL*3E3O29iuf%@gPj=ZI>w2fCjiV9vM5Z<{mmapMUC@+$MRQs^8 z4L&M3J688YfQ$(5^gD>POgD)hz-cSWjkg4ksWOt2T}&)YRM|2#Al>}52+;n@wW<0M z%GwVJn{az|iIkmmmF1kI`$&Ww{n(H0J6Zqu(}=w^ytJ^i-(hW{+?*uYW&XM&`zEmL zPrSSukbcbTb=cEdQ4+)8W}88QpGx#n?98g?1r}6q?CjOu4J-fVh2>rqAn(R4>pTn7 z+f?dPeTL=y(PjPFG%y#BC9w^5W+m45XHg>Wf{0RWfij)`;B3=9zTHI>8i80Sn@+94 zUb-5G%U~L_WK3^9G4bK8vm-odps}((hwkinblBDv#k6}V+I0k}&6_<5{?v3DY1l#M zKFlaQBKBldYHV#ZM|s42q!ON>r>fy?zULp`YsY@L2E_)u{JOjA1qS*Eo~&>BE41@|Zw??N+(5=g18tk{1_^9Fw<$ zJ^AcN?bKBx$<7}$V7RTc5460;#E}(E@kCTv zkO%KH8YacDTm$?>++KZR)^>(E#!-=&mWBEeQ002LKVY89yihGk*7Scs3Q8U~bmK5@^s7|Te`%z~r>HczCp7^2jO1okA=N!@p6`m;1 zW1VtQ54y~d#7AR`2b#q;Xws0X_G* z%su=WcBSGBCwt4i?&domoa-ydraGiBt2;@!F}p?Fh>>DS(;lS!B2Z$~x6TOxf&^Md zM(Nl@ttF`M=kfMS{Uk^00VD&FDhi|sYWm86?}2Ovo02Mhg6%>(9WAXmO38K)nUS9t zx>CVZ6d)rl9W!0~8D(6CyI0BBp%|WbSS55mK_Dpysf2merlWv`Z;_$#{BW5uc+?+e zMr^}gO;nszJn3YJ7}vM2I8}?;e${lWnp32{Lqo%Lm2cXH!LGu(!`eV%`fw$s3VC)X z4zyXsaW1?(yyC+^<9l|UE=WI;QH(3UXDA%z&Owa31J?Kt7!XR#>S5_umB3=|u~^@$19qcYAzUf@2|?Y2{_!WtXb3qfUPy%x9M`Hll{VPJXou-4Wm!a&(C7uFI$ zpk_TQG)@xDc6YBYNM7{xc4}&xs!gG1F}qIUA_kito0dPDPE9UO)k+UgBm&BlJjBIp z82w8S^h@baL|%LyBXiOA>3OYpB!t*?PSc7T#AXw9gvz=?8!!~z;iEvXLtzCF(7alT zSsSg>;C9p*tO*CsTKf;5Z|jzkT&_|YNCAgyJxa0P%*V9|DQ_Fu7bsa#&;X==F_1o* zXsADEB5{T@7roWYTmbn2*LH%S&PrFWqqQuT<+ZFx5OT{tls_^A;-k4KN7gs~EbrIc z>=Zv+%ftWSK6U2_JBq>`DG>DNC3{O)AG>ds%uA10``ZL8Cq&Sh$#B+l%P2g>C4~J3 zkF-;G)1@qnIYRYji=;`-9XHv;1)(-vIqqccT7~K{i#PbsKe@+pF`k04>3D~RF#_>sUF7e!EvNDBSs9X{X5r?}HErx|><&Iz7XZ!@#Pm%P*3M^J6P2hK3$9gh1G9X z3md0%0W_g^ST#ve$m7PI4HU>jg@HeLPC#y1OUH~9Bqcb2_Go@LkQ{W#nFR7n`qNGj z%XT3Dc3Ej&{fPrY8uP=-?w)}GJ}d%qqq>8iA<~M9k!+3*dyCH&!uT@DptUfoe7#29 zSn^zo$%2i5jo5M^9!bV&kbJNP?b+Gi%ttmJt>-=3?6Qq$1PiehsDVGabxV}zOytD- z-e%*zT%w|a!dKuh6v=kNiS`8j%7JYl146z9oOX-X(m+-t7ukvILUto%?Z|>ZrsR2P z9U_i%duM=`X^eX@&d~nQ!1Xi2L269$2s9Fkh~#$+eKDp4UWf@$1ydY79V^rsacMlB zx%hNuHB&c9%J)bq?Bm4?w{QI~b_xr8-@d=>5%M21Fl|y3bDHB*Pxh~tky7Mjj`yaU--{6_?u$S)gh=6t) zTl`E{dp;&2AS|FQ;9|2V!~>Y4+NZTJ^hd_3GC z=iI3B7&boca@>egMcn-(OsW}7H;)7$>W$-vBEi9(LLSX;_&h@hFJ|x;I!lym4mLhHes+v@ z6dmtx7ojr;J3vinA)i&#ij7)Z*czSZDSKWkU{Uqd$r#&$)|iFe4jM4as4XZ3 zjlxke$7rCTiZ$z4SBpvOnYPrWyZ%FWZ5&fz#%J5o%JuhN4sy- zeKwjj{67LPmU;Svxo&!Le5)Ra>>nxA4S3gsL9`jQFylmW+gX& z;Wc+iSb}_C<13egg4Ujz#c3g%*(;zxKn=BmGiGjA_mr|%(t*s@565xcOV{T)=xTvK z2Etyu<9e?5@84H2K0iVf=x$HdsG5)1a={YxT<^UA-4LurOJU@$uC8WeJ>9)3OF#RQ zyi*nOaSAhQwPT8Ey3@H(ve7wtcgKDDlRUwk@V@LhtNFgSXycDZ0r~?QX^2wO9!9U} zI_>YZ234Vu*r3s<>aQM>A-`pKfec}+?aib@a455-o^YZD&1`H?%q$E(+WeiCNVjqP z!(nw>T=BehG;zwR_NU`3AZ*LnTDXAgp_HtnL}I6_u^+%@nYUS!is0>gVI@b_u!3u+ zSU#W|(Xcg;aJ}JkJ*ei)qmbJu$}?7OWWa|H*_F$hGrC$aqj_o!yu8GqlSevDdiliK zm0%vIBPtjJqo`*5DRG-X?4r2a0R=XN8jrjmlTH%Y(;sW$%Lx~K04x_uXZ_#ljR-#uhuX`Pn}QL))^2k};CiQ#3+mcz3> z!Nu9CZdlE-Kb~8rmxi6?Vn_1QGi6|)-+?*9RGZ+SSEU8yI&{CO#dn`JzMcz+qo64| zqYF4+22!lvsDPaU_4dU*+VV^7D7zkJ2qlTsBm;|U9UFA|$i<47X#oM$$ z(T`4E*oW8LOWGvUQei(-tY2(eSLpwx7eYbKyOb}L2qV;Vs~MB(ba zl!H{sEW87HRjEK#!AHysr4ySN&wahdv=|8c{QjeZ8!S&AcWy5#M}dWeo% z1h?5cHH2yF!0KH_BUL+l^)lT5r=E;lvuXRQ15a+!}xx#C`NC)p8`-eam*{U4;{dObSbJ zB3`So?6NyOKQZfl6soir3k75w`;y(uz90DIoV7 z?eUyZP>6(W_1!s~V!SOt-*PB3KETXs=!DCIyA*?Zqm$*2GU1}AtAq^JOPJ%h4)aZ2 z-LFw(w~Vk>_BuDnW@ct~c6W#F6?XOFa$Qj~F{v2XVZ}H$uDC{~Z9#_-VC+6Nxzoet zx@R=)zFp6}@E!L9@TM!tX->shSzqeVMlGCyo#V1|1;0@v3gNO@KCa?v?9Qd^*K0sm z_FOw~v8^5?g}%)W(h+~&4DPLAUGa_W`p`o$rF-!iZTC{(Fh?cei0bB@J0?*tb#<@c zQjsz*Lkmt^`v&;!76XxOyxyoQ4y%Jr%lf#J1E8>*J?qrN#eh*|U4Qth++zxx5(OH< zI<+hDD;?pPGocEji+-=jPAupG9$=gG>5z+Hzr1CCuJeDj_gzsnsBQoSd`I-oJA8#AT;LW#$|^*V=n8-vM~P>8WC9&)!5v z_MNVdJXA!8Bf^nU+&;TQYK&X!QMW4}?eL5aEtrWCJ&!xNa8y!EMO9a#+#Ku=))p!L zdVDn;@^-00dD?dl`d#(ezc!lr2W6q7;~71K2c6SF@HyB@ z`q)#S9#?<-DM_ex=8EK9bJ^mUd@rw}#ia6`BO%>gH->EeE;Q(=sIJb6Y9hG5^k<(z zQ;MIx9!o7C*VkOlU`xJFQz!F$xvy@pMe}@M+ft(TIO25R<)(u5x7eoP(6d>~@_wTqN4+Z6km>g=z|)~ZZI3I27luizrXksyWZ<3f=yUtXA76Tdeke5&|FtqgivPC=ZlsW!H$zQC3=x5>Y8gGzY2NSLC&(>=@0Djhsig_89O})lYqk`UORSb z7cMM84TdxxKGV|Dy2n{C?HxcGFAqWhd7- zXgBI+S*RoBZF^S~R?BgyJoo7@35TbkLSdiKy$B<4?+?L zJIE^)>B zY4f{a_R+(ZJ?JpxaBSMx;lAJSW4|Bo=FJ{6Rug&AYTi%pAK;fF4j(hP=!rKxSXmI) zZJv@*d8<{T=dSwWoEXOaN7qk##Co8p5=(+h!c0?$cE8RG2qP2W*);gJTK*q=YN29g zstYkSMCplagiSPG=DOJm_`kZ$tMYZlf`VkX*!Dm>mj0Ql-nF8RYhv>vgJBkPeY6w4 znf$6DJk@bcHwJI)?ajP8a~5$&diTRdL5IiQ%xgCGhMh0_gJg?hs8-E#sQ~y(8gOZe;t*jO;Is>UvbyTM3tF^_oNj1n za%HJYX|J4C)qSgID|j5XGn1kl?~!yz&?Hq2u0(9uxH}4`jMY_6PUBOZE;KeZHR)*1 zMm6w}0rXj@`G6eR_Ln(;?Bv}j4f>rLQDVAh=}*e7SAj4r>7w+Bu-EZLwmx@%?-Ty^ ztE|U3#hXWK{nn^UrBikcDyMD8f`I?0Z#bNJ%}jd3S$?J=r$6eJXFTjOQte?t$OB(3YX9_YBh;>1d$TjQ*?yVKt)`pxR?1&z-&64=zd3+LVD%_Y6QC0-$_ zi3JwUhK|W2_I4}6uQal8%;y;(iM)hDVkq!u5)lF;dE{RpMv-IqwKx%dvTK0iB?D&5X}#iJ~HOb>@^HLzS$01xM;UMvUAC%fq*p zd%xrvq&Cri^pvh`p1MjDRT-Mt4MWH38_6{ zKe)Zz$^50vP?c9dxdxJs^WBrVR6i)1)Ry~IG*ayi*EDV$S|VyQlR9QxfeXBwn2s>+ z_2wS^@Gjh0J0_oXe&B7g!X;T>^x;6dJ39>vhhR(G>_yl zxgrbhVzVV*zR&lTYR-UV~`uW4O1OsGA2-OcKREz~fEurh%xgrGj-+NnBt;ly1vf z8qFyY5H8KpoTyOROatn&`T^?wTT$#jFB}ASyLC5OOoIB?Vr*3NdB8~dIK>dNo z_+;~_reYe3##6%70Y6StzCOp_*iuC}#z7<##~e7|$o?H+LwM(#GCAO=L`^Hp>!f+% zs$;s|taS_Mc6?vE(r()(?@UyoJ({>gp&n&DqEG%q|G3NWhu09ZjTBbyQ8}^RTDL(R zl=0k|6g8w}fi@&{EI5CQY=gWqR%!KdN0@c?rut<%pMpR2bEXE$h+V{FcnA$y!Zt1B zlAKmyhye~iWgpe z~wpox`IN^gTADxZ$GJNq#xG?)AA25}NSxynBJMkip2pI|iOp z*X_Rxo*lNIbz`Lbp?051rmZ_gVE9GBLEOR8LwomHE`K)i5b?4WFHPz|K8n8{Kv;W( z=5-ain^AU)`*fSCW^OYxcdQk5bfnmICy_gtDRH!PnjwgVADh)44?@osS_=p3>>;XK ztp>`Bhp@hy@$F1m8zw4J_4RhAS^G3d&Mnmzu$^e(dJ>(-4BC9#T^62J??uPHERpi| z50a}dw7`f_cs4K`hsDU6t))ys{cazBEoEEymMINH_g`$?qy4tPxU)rC(04fVr0nA! zod&^%?u?T5Q|rx3ZJ~Mw4zZjMM#`O_ryd_@s>})uahX|-;0qg0zG^u+?f`_HbP7Lb zkO4Tk{Is{vy??RWVT#P3;Qedae#{2}Z3yI5u*JfBK-=3_J9Q-U$531i>jOMfcu$VL zEFx6tcYSb6=9JZBEEphs^(#Qf<@Z3x(2^?SI(gJhCk`p?9IM;J76zC7E*fJSp8XiC z`Z~uWVmyU&W|!R`n*|zEgRiAjW{Rb`PY!M{8yi(7mku;PxgK>JoOPoIpWfjOZf=d` zSu)y{u9&}kXE{4=ww99PhdiTXr&G%Z@V~B9`g@YkphqXS*YLL_Q93OBG^|tkoOR@e zp&`vi>dq?vVF^Mgy^1F~rV0S9^_8y&jMNX96c23GKWIT%C)8$YAm_wt#uo{f{e-PC zA83{pxAm8Bq)+T#z@_zwmOGp3j$X6rVP3wT7`TBEG#2Jit(p!NX!IgfccHi7aqAK6 z=zbl7w7%nxTgy>=wLc2s{sWkJRNG;=qGK~~r2p2Uyub+h_AVd+seDP>h&u?J)ShBN(>0h1Fj>B$%pUkH z>eh2h;)j0cy39@spi zmv}*|?RClcIN0P$T&^#qO{6{HQ~zaW@>Q}<#Z9wp3vpV4dJfLl_{Ca=2^y6ztq?+~i`~1t3*1K*pfQzeiWQ>)o8V`^n+O zLK!FuxnT-o#)_yMk!3o!~?ED@@?su5+ z@TEN%$_-g`U~@GD8O`2UO(h*g^Ea#YzMHnWbps{imcVM$K*(LRiW5`ov+oHEem3UjHf*%9x91A{zWstThFs8LwW2Ug>}Q^{dvgW5+6hPQOc4 zP=Q7LdiXWj#-hhLhfL@tvjc#WA9;QG&Mr(K-@%~pW5C5k5rAX4;2VM~8Yc__aEg}L z&{{+sL7rnLaeECs*$9E5)-Ld*#-(??A@Y3c+4nbXTy99UQr@1Yz*}!c3*-eIhE#hL zLh_^)Ts2zSS-cvZXxUlCBN>5tsmH~iOm6`w8VUELTVr<#)$ z-Ob`Z?*XQ1F*6_BY(X4lp0`?AyB-MJN;2;zmbzOYvvHIOP)GTr^hSf7H~3K=ITQ<~ z%1dnkk0^F|okc_}<>t6w*QWrLVSqe6>>`f&_u^lLnJC$vKv^k_nt8_gxh~FSJJJ}m zE3Hwt9cz9F^o@J-O?jc&&S>Gx*LUZW!;KsK(PtLOx~SVu8y3}9Ej@Z$vjf&Q&!sgA z{t)5(=30}aGmat6P!B{pDB|gnTkkj1-Oy~go4Zr_-4-c}uQN%Pz5Ca4TZ(vm$hreQ zFe>?gS<@q4-7nTp9v$mQZXq_Pm6n7SyrgftD555n4Zb8VSHvM=*GN82y$UwKTRW=L z_etJ!gX;^;%V_l_XtWx{XHlpmP(*Rg38Q~uQy&Hdn&)^!Ftqdbl);lUHwM5*3*DP> z1S>IXnHO6?wE)klE+^i(BaduIkz|ED>+J27bCY!xj9bWSr zohU^+X2D#=gF;d!rM6>0&ybXJQucbxHpuxufHb@Iz>nNhCr{b~ebr+)&_EFVf2BZ8 zbCfCdjuZ&VR<*<(C+_UkMRakajQ6(>?QUnQGIqbq$hQ~Wliwb3F6p3WcrL$@Bm=Vi zhpxol;32lKAr8jkP-9oqoFc&cD;E0mtdQf4p1T+yIp5|ZOW(1LV%FP*{wsZhZUY4q z1ZgL??xBOx=C)z&nQ*cM(Vq{tY)HcomtiS=olWMxGaX44R`LW7P~G_>lgxy)O4UtJ zvx29O2SY!=dVr(3eBMMb*xG|?T}ge+RT|NFZ6L6ls174C)>E8A3GK7wF>r^ltN$Tc zyA(0wp^{zi`Bi&xkR(Q}uYRGA)$%F_ysW>wX}OfTFs=OJ#0q|d>c8ai6PZ~F@+KNz zl4OV-o67euC9%M?5I58aF{gw)aW^T&V+=Kx@HKG|)`6tbSd-K|XLw46aE3ywEewfD(sRoAw z)w~RyZ~yPzBbD}Nx@C#oN@&33<~dlvgc{zbxxU>xF+^>>gQ@z_hGc!dTaNoRwj&*> zE$DSsTpm-Kn9@a8>ALcV1K;^{SSbRDj1*kkqtS=uYaH{%Ccm=#z*OJAeF0aD~8l`zhL8o0cL$jzed-UgfUs58rh;E-S{m$H~M>`8`c)I+xfyi_9H%2F>kO zxI_mvQ&Rz<)xuE+bQ;q}DNNR%cb>DLwQ?W1^kPL68n=cZ+GNu*7a;s51D3iDp2&Mq za;J5ESC(PO2nr1 zb%~l_#$RBsb?$j}Te~O4`sMUsEi0N2Q3A(zBJ@)gdS%a07RT`8XQhV(f}hvDpJbJT z?xtav-hnH`-a`38ul4IBUbXjXkZcVhFDB*ThMFUBcVYr`q2iVe!+H7{Zo#2#QV*9c zP}Tx7t)$W5b&Cw88jE65NPXiCrk*KfBv6Y0dhNyV+LVyT;=mQO#oH|@d5$H_otI}_ z4UV6mN2~HgaG?Wt(6lyW(C5tEjdwDfk*3Rovc&@0jRjiDK7E80AepHE)lWua03hAq zg#017jc1n7$*vtN&GkKhdZsFD2mM7+e8rZK{n5WDt6WW)N4F!nWH)X#&%NO8ic+EN zu}^M;MNY<{xO+?l*$H&MtFah_>~Y05p^kW1b*nNh-FLFtCvY$6T7Q|b5P^YWX*YVf zscyjR#naSnfBmQ5`D;HnKC4Rjm%v%*Foz`UnOU> zV5s#=_XEE_^X`kiR#Kk=Og^W+hq})i6j{ z2QPaq@5#(Tff+`~Dn>VvjhK|tbg{LyL}8w>l-{@Vd6~#vS{}TV?fLoJvvylQ^G$8; z4J1=Q=VcysS+@|cFb!K;n0Z5E6ZKD?KUJN0P?{E29iceRPS==kv;K4T-{d3W&!@z% z*ij!e(L;WYM!nxJ8zmq|U1|)gR1<7h{3CaeAvUct&;GCnSixo;%LjI|PDY|a7i(ok zE`H>})kN$foL+Vp3SNHB>i|k<==!Zy$D=vORz8s1c-GYUUyC^z%PrqcN3Z=kP#|97 zBg!1&dTa67;RIXd5b{r zn@g2>_hJVy19{sD%x@R`0ayqHH#Afr+$XmS4t&yz>snM~XC zD~=ybllANB&^d-wM__r>LWlG8-cH6}6$g;2RXhRFv&jn_bxu93=N^7Z+}n40wJ zLD@N!edA=6qNjt&Q+lQRr;wqB))%4GJ>xE>!@RXyqZZ+(w(woU#8az-(_E{HF6&4~?q@VVUWEA4c#&V)D0PN^nivys8f{h-+GwRZp)|!&Gs;c3 z(BGgvGQuwP4tK3O3L&0bnL#MyOErU=WBD89q3-EbsPpy-@VMT^gI?os;tp?mJ^mr% z5r4bS!W*up#+D!Eu`2bYYT0-ps81=M!rTvXZ{1ncy$cca3W&BS@7rDJyQR8{f;ofl zl>HYSfm)~nNU>-&wrYhjHx9M_l*z-r*Er0nlYM9>PL2AN*|TuLwk-^+6ga>AtKb+b z>O9H|)HKOF>S3dTchg-EAfVIZv=aL;_8|wyk*5}z=FCyI*v>0llf>jZw6UM2R>gbI zKR+Pb8+TUnvurovl}SmQUP*@`kB+wXT%n(nNwG8shjSju6Ib-6m2Mz z8XOE%w-V`q#6}0((hkexqf_w&1Ox6qiYdc0N)dEahJw%M720x{l~$$4o0Q;vGSzQPgaGUe_$HZ@~y9Aq(c6+L2IgGq2M4u~8@FVO34eB?s46I=NC z4Khk?WkzR5?fRe+8EtBel{Ybr#diYRyvj@1Q`k0`{A^Jnq-&ywW(#4ZdzGlTARs;; ztIsRhOKex`FWp=AsDOvCM}LK~ew+3=%|b+-d5eAs>veo0(5O?Jx91sQfN`Y84c&pn zrQ$Fw`*wVT<9Z9);VsXcmM4^UJe@bSDGC{fb6X8uj0bF?0nnLyy(0T1#(hfsOMR-+ zK3uaOtks0ej`yrs^(mP|KB6o%XtrdQ$JM(+G$-$#V?USKr9|tF)}vD2HJ0r@E*U-J zj6mCcOx_ZM8>X%>QoV0m+{IaQz#IST{s^Y@~3xjt-^{Q>0q5LS+a4L|i-{f*5 z*Lac~a!9f(`bHHMB&@aHKfKq7sH4pIgPX%hyK!1MZNkNR?b~x{``$_708?WD)Kg=$ zf$ahSV{@idjo51a#>OusT$wpdc}i*UbgzDV1QZ7H_8 zS4Sg78c}JTBTmusJQXdCI+i;J6n7~dNnB|CkYv z*O>`eSSb;)b#f;+L&oIg@y+iv$%KT#`YBK1kF)MpYNbitcdV2jZ(jZlu|C#|dJeN@ z(Zcj#3;D1>LHI1=M%_-WCf7lj=zw<;`nTl^V*rN zU6Q@tk++s+41?b@`0w`%{n6SAo(Whr$KJJkkDF;(avyBNz`Jxj%kn$3bTr~0ozl6U z%JR=kJ|@LUUUYoO|2MGq&oKD;^T|IS(0>M192KXg7(9QCI9@6%E88Q)cVsBnFy#O9 zORo(7zyI7n<>G%{{rE7~-_htlgR9s7o~Hkd?c@E2r1{U_$A5F^{|pAb`x_Sj&)7b; uf6$r#4F130^Z!2Nzf<%-Ig{;g=<1NM*|jn6NBCb4q?6r~d~Nuw9t| literal 0 HcmV?d00001 diff --git a/windows/deployment/update/media/37063317-update-compliance-overview.png b/windows/deployment/update/media/37063317-update-compliance-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..3280b3b6c7faaa20dd62a53b2935005515b863a3 GIT binary patch literal 436660 zcmeFZcT|&U`!0$oIv~P~D2RwyK|z|KNY}A2C{+Zcgd!yZ0@9@=iX)Dqp!60%flvcT z3q2sxA=D6hP&!Ef34{`ooG0J6_gUXCzw^ggXRUqqZ>^oRTw)||-uEf@ecjh}-On3C zeeEMWCwVwHIF9K2aqB(@2k&7Hjsuim4uW^$XH?w4U;Di8YyZwsh�i{&4_yL+=I$ z$Ct>%yLMdQ-`r3CF!$!*5DjDh*$4eB@PdPbm8Em*#)D_pbfkKb1%Io_Oi} zCV2Y_RB2St4X$-hN6QGFX;}5AjAdrfh3ZRp-`r=d=HvNekA57bnfcM3@735b-gYCq z=StrES?0RkL3|rDvXw_8LD2?&R+;L+1y+*8Bec z9tX$ui#JO4zQ@54%iGTRk9Qwjy#PjH&&#m=!<9X6u`hb_|L2REL|CT4(;r5Ns-b*I zLoTx&u`Uy;x8kk5-f-^UkM#e?FwDMp*cbDMscD=OF6C1q#Oa!SW?LIBFqr%hUkDu& zeu;gHw!|z=27NB`p4W%H8>Ec7D*BNH@~rEsA?$_mpReoYYL}z9bh|gix3;i0@LUhm z;0!lQjHI-5cYv9nG_AWw!|XlIIkR|G?)ELK+^{1ec`o=o+_6hiBFgS%FPjDi29WYH z(W!_VW>DW)$b+g=Dqgn?v=}juG#P`!=WA-~)|Pw}JtoJ6jjy2;!@f6#sos=%dGN?k z-T6D$Zb}G6ado8X^o~^fhR3n|t4xDyez(Lt>6@$zLi%S}l)L15PPeEMR3*Y**`PXQ zYII?#0jRtOxj%IG49atCD37R~N7R9%M~@D!%q8PXTYZz%x4A9`Z^W8?e*W>}$4?tt z%pAwg`rgbp0u*PnB5O)*c!|$K?+wZrrboELu4VrvjX8CU!_P+>mCLFVgP0=gkd5OZ z@i8;8muyd6dwQKTgdS)WLlk%#yu(l3*kA58rZf-z&!GfA@0vUqc6dRA)AbA@#Ik?e zoXpTmR#LS$>Qit&S`aQ%-6rgnYlE!^4>rrY@6zSyGm1YZgA^xKC6*`aI)(Qx*ctTi z;)i$FI%Q94?8w(RJ$dkCV+lVn9T{ozx>J^LIXmU^hY!DM(8q6;yWmF?&v{^3%$j=W zm)~X8wR9k`uBR=WSyEC`_tgBzy=v6C#qY0At1r5Y5KA1x?@TD)*U@={OXzpBcsf!S zgbAq+nPM8<)i1n;E_oWU=cz8$^Tc1VJ|{=0sq+5$vf!u=XX%d&e=U+d?~! z%u^<$88gOpsv*?}c`KXwthKjYMhg;A1_(W(xVSTJJivueh-6P)ZSojcADL%w9?Tyg zvQRZE^_`={m8G_i=W#XH7vDs{@0s~77LbByy)*5yk0+{qRpGmpRQG28tyR13B$b=V z${v0#GuPUU|(cwU|f zBW;OaR5P$eb4U7^B|9lCbuXgkA z*Wo~D5YfAZgGUeQer{;J7dK2Tc)}iBtyj4>L^zl{d1--p1Bd?pnN`C2OtgXXmZ*Qs zCA+CjA_Bu2y1=8pI`xvKE|o0VDy@%rwK|7oW-Sib_=Z^(Vwnduc82YFczJzVVhX`f zEopuEvhyRnr`&l!Toi27>=duJNs6w8?07-gSokC;ZIR=G|2%K%;OOWK*3;X_$N_&H zqH|N&Mn_v)F%g2kSjNZQXJQ7;`s*(#@AA~uKJD=J!Ds^zsSMtUz&s*%pG;JnY)%Sf zA=Ugu!D zfTeb+t3vbHYI+@75K;EfmB6%(SM(k)a|?PAXiYQ*_itoq_(8+XXm^*|vvWoK4mUUV z2vyOsu?wT!le#pR8?CRgF?cRk!=N=nw3H=&_Pf-@i{j3maowX8ZpqZb0{btCsy++p zIB4Ph$B%RJO!DVyr@M*sLM`tSO9$&if?$`Fy-!I@qhb#QWW>Cb#)vGx5m?nHb|#%BeGHcH<8thW%W^wD%==lkmwr2MOB;!mfF z?jf`#xx}u6s^lt`nUyuNl1P2r87J+VSiVwNg|e)l@B5K@UcJ*aAO)f^>ks!B%=ri+ z6B=td`vZi{Y~NFVUuqrC)y&gP@=XKnTXd1|okg75HslSbKd%^SgG8`IurfvYErm@g z9~4=e+vBOtLPM(`UrEUR7wt}^n5v!yRX8!Wp!-AFZU zhI_pZzs9=lN6rs=tEJqj6h@ErNrhFV+t`gb(R32u1x4Mc-@lsKEVlog_GRT5`JM5& z4Q>*<(0E9!w^TrU_zh>+i00zrq8}n4$0#GLuzJS@c1iouqtBx1Hopoyt$Wn0jQbF- zB5dW=ei3IlYuk~mb8ZV(Btl**3*5*fmpEB>7Yln#Di0(s9-i*~bd#O`Hmbh|*6l1w zS%W$Lp6pRSw9tAQUu<`?Jb>yH6l|0b(A?T=-a6d9G%~G9f2PpRmkRDe7`{2-Px4DVOi+R z%nPuEZ}M+$9Tp5uKTUvUC-2bkWx2)_x9?RRT>%OgFE(qk5~&N(L-Ai!R#M44-f-oy z#u!IqCCMM#qJNvN=N%0Pwv%lU0_z^3EWM-GZ!jg_aNc=!Pw*Eo;$V+?hgs=1EdB{g z?ZY~Cm+XIVuZiY1=Ce|_`Ix!8N!}Lvc0fUUBE;+y=VuBBNyxhQ7gwehV?7!|oACmv zr0%L)o@wy3=wrmWgtgulNukvHL+H|IVV)9L&*_T*9`IKE`RbKfo<+Uhb$Y9qY+t3P z!EhsKTYe>Zv1^^{A~AtNUv1)FL=B8`lD2}zl|G5 ztd7yqgUq}C9xS;Vq<0oBL5*B~gwMA-t>}a&uAB7bLhFgZJd5(Yr6F`a$ewD()d?YA{3sT%OCBgw zD!`|zH}AhsQp8u?69QYQTiAOI!YyiS9oR0FPK=Q?#_h_3WlYUS)~7rCR>}h59M#Zp z9rn&OO&76ooH191Gdkr|j|xth?g=@ifanad-m)}g~!G2*pM8VBZoUp;)sD%y&A=s{>R+SPo_0P z+=}GwBtMY6{_3)UHr`OfWUOi z2q{HO;1ps-!)Ub1I~#Im$&XTgQjNxKQe-_LJnc2p_M3*ATV#TPmTyaCsI}`*fisJ7 zF}`fzuaD>P6>gSlmp13q2FlzgRG}fhWsVQI;wDQ+)I74^vp+1cv z;wep^HsSLdJM&r_ZRaB;&zxxxo|c9{jHAW%2EX!a`LtA89Dl~#p0A^M8*N*{jOlc# zB7HOJTsO!UrCzglkBBJ^3VXG?T5i#;1k&BAUmoHgE$=0U5GGtik47PRJ*P0lbr5cc zXZw}YYmFT;Q-jwob8&I0*n4eB1%+)V|7N=FarD%a_(R@1!=*6HXX4wT*J3iOLA7%x zG~Ue}W#|4|H{G#NkVf0f)j@_Fh_`7O>$DG@ncykyw)xUw=d*5!GyJ|epiB%#zZQcJ z=hr4;MU~;TqZsU<)O8I-MZCL_t)5p2 zRTU;pMaDplq5yl+xJ#KAhQQ283&@n|NV>&sCoF#g_Prk*P zEo}=~7w-@1E=ijC3#?g~1W!yh2wr(jj-n}N<7e>sX|WZ0MB z<-r-{u}mukPrI#fh2v_l*o4I=|LDe@2`Q%69CEEjs4!L$M$kPhMb$7N=v@7|L;?KH{Myg;X%riD9)YD znvsZDMQ9|cdThEY2oZa0Uj`^LPl!*A97wEJW`(F-SC$obZaC0B8A5>G)zR^6*@3w% zC`t1?8+tmC=j%H0Z2Gz#!NHM_z7&Odwu%@kG3QTdp}Bi?mQs*Qo>l|8Js>|3qyHANIuRF z6Ce))tWKSDIW!(5{`uL}eT<13n|LYPu~Uao2SbQ0w{@lXQ161Sq6K+R$ern#LDp(! zoDs4)l^3*JhiMpH?cQxF2!S0HP|tEFF0aR?iVYRw{dIJ3A3CKmlPK>VHBjfH&8c%s z{j-v=Hpk|-9<@jL?tV?t`uushuK-c!jIsD26s;f!YV!5ooBVz1TI-14C7aTGm zmRs2yP9GyOmwBraC?&20cQ6TdQF6NBa;cpA4NQ)w9XM)(diACw>WZyQLKwf86GrfR zWP5G!)C)QVXCt5=);_F2U5zg|@VB|Su9Mg?u6O_W8Ln?7w#-!oZb(jq5Rg0T(FSV;CiLvV2NxxR2nvYi<7Nv5r8vK^UDw|9 z8->@u9}!Wy79xXEqOlkr?;$h&WzNP&MBv(~H^z@AatABz>pk8+J5+ylY;a)7M9Q0M z?BPmXLXL{8R_6My(VQery zcLSU55Lc^tUJDfmkN(B*gzwUzQC;9knv6ZfBm*f~ROQpS>YAbn7K6lL$5lP=Wp~%O@@OPz7Wsz6Z2*DlU!k+(%i!hhiRH z=ea!_KlY+U;=FNqkWuK1&X*%`PRW55b%Es*)qfUg1ko;y1ojxuZ#DfDW7(c0dt9}^n%iqPd`+= zX8tO-!VbS!rp{ww1Y1pq)iWDRSdo?V>6nU}hxjF%v+=)Dn++3u*EF=r6&+LcA(QjT z{k9gum4G5x|Niy%New66!ZX3j10@YF`NxYcq?sP=h{|t%4&9-Rc__kg*o|@To;(B# zUhQ}tK>^%U;?j&sjh|b&yXX(F{8y0lI}wAoT%mfMd;u5pO$3puxAQ{iv?T%-3uzhK z9{TynqC+0JxY@dkPJEpx^!FKXv}5dS1paJp=i%WgQ5*1RVc=7awR5_Q|Dgo%(Oexh z!WyXw6|#EziK@?Me10n?-nt(Ynkn)s_c0#+J6`Wjsr*hEgGPA>c{b0!-Cj4Im$hPU zP4gF>r09LfDN=Hi&3U?S^Oap_q)4iF1muBdf}60Xqc+m3<1+4qGe8TYWzNx%nDd|% zkqTfFbT0Vnau9hE1i9Ao?Iw*4yOXM-%s@4o4T!vMVXs&cgHBVqDFZ`>_!W*0QXjck z7nwuaKJ+ldxpSTzJ0!il#;7w5YygQh$QwiJs^PSK&vjGU*nq>Bx?@OEnb3RNa!k=a%m6_^)raC%30w z^7}MxXyCIqwG{oAPl>8OTPsg7Jh6;Q)D6qh0tu(uI@tN`L?Rr~MPwdN_WC;?7Q-KX z>}l(&onJxL8#4$p_pix!^!$swDG%6F^cc{QMZI0-r3x;Cj4GFK<$WdM4a3S02M+ke z9XA%JE;@K*m#_ux!{>M=<(U;N^O{@{Ds#)fC*wTNTSZ&MNSQvn=$;@bW?Hb-BJ8zz zOxT$aXk)4?y7swH@!`i}V@1_lKCNR2$W zGST7C!|bdqm6enePL|K&vZ7z;e6FU6v3kb?R)!TTg2V?-jA1+ohs0`amPn3AeV0#Y zj_XHlEo9t=TW;mN!>O&PYcRSF(D7oWb$UNK@n*h#$*i4tqiWvRDB=&t8h@qpR08b6BH zj#mu6LMtvd>%8WRPA6z^v|C5GPO&g#M?Qp^#=2(jl@Q0P>-uYmd#zE%GM4DB;{Z0T z)P)P*5;^O2tK{2_U%uw`Y?;|oJ=>`N__Fle_)hOj{>K|jnxxmN(c;~LwFkdjYDeOuu^ zvBaw*Dnm*Ka8LDSR+F+y^Kh}naTGO!v z8_fKo(^389TB=NQuwZ`ABUT0|0Pe9FnDJTimsOLN47=OG9(pV`jM?eGpMBgUj$AQQo7sER@rX^}X zp||u_>Rig%#f83%yZY8{hst1plmlQW#owxs{45K4=dN*aId6Tvc23KRCqr*N%&y&(iB#W72;&oRlK8ph+SpXS z!V~}W{!xh^Db5jTpqdzwz7)LX{0^z`eazyuPQgP!Ir>HM{>LH)KVE{q(mD2&9o`?bH4v`*v~Zx%yFd-z~s)F5RH9*h% zh4IiBo5V51bgm9ixJU)1$WNgR2MS3e$WQI&HXVeHY#Rgv55`(GW65 zqwD~_8NdNXC9~Bk?R%t-;OY}bqa6CsGx4ddyBHdJyQbtpU7)X``w!$+DVz~VsnDc5 z*x_I(#b0bt$KUkZx^yT@V=5Epp2^g2J;Lg6x~n0W<~9EDl={wl0jUrYK0g~!K(0$= zW?mO3627GaK%u&a=1*5RcG0MTQWPU+_&tj2k-gSH5nHi%Wgi+%07MuhX8K8*1xoMz z>^#yx6*99%l*K-gA=R+c0?WB=wl(^El`Qz@4FO z*mse#v6-JgUjsNylTI%E9kVp$R6*G!vUha5Tw&=e~0T391{NKLw3A5TqY0r-? z55(Vvy_34G`lBOad&tzrYVN>qBbVo?6Q+e$xquA$BR4mfO&-klF`t!SQ%A zp@0CrGpx1QPU;nV)Hn{YQfJlL#-@+B+{S}|8%PT874|* z0d-5oKD_1I{$#8oH35+FYR>5;xj@Ma<8BFFu7de)m_XMX7#U;^28e{iFOrts*(w#B zBt0>l9XT1a0-cxjPDm$t_h=B{KAzF&8~16ELh~N>PnGs z(obLIT~caoGwX~W8|zl)sFypbj1xWMffGt?KZQcjX%yTCGBr#E@$Bl@7Skw0!F5g- z+xTPI%?-yN61X{}QJK`&yox?l3FPK-F7JZct8PgE4rdB@~v^j|hBNX}@4w3xpWIAF&eN@T>E= zt*!4WvM;{{`c=nHin9f@GNjG6reH2s!M5WGkP}@-N@P>yWu$vNa+5S2Pyc;+9qY-W z$VwZ1elFqv^?Fd+iEkb09iBaH<2(%qYVT-cXL*ksfT!CadkZiQwkF}BB@SOix5%>B z73Aa$fuTdW#%V((lFj!Ym%>7HE_^)_j#=5cJ(|k+o&L0Mz%*g|r z`oYU8H5Gw2G#aJ?&CQEFckb)T)f!RF;D^(x&(4_{7LH9A8J)a3+6jGv#(2ZlzA$zAhWa46TP++PUMV6cUU!S0S_S;P8UWH)p^!^$%S6ZSR?(Oc z#)k6n4N|g_TiNUPH(nkjP5yR1<o-1)`UBK?pSC&JjSgm$L4R2Su8d{Fyw`3Mi8D9^;JG zcV95rpCF2nm`0n<(=90s+h=ig)2$JX@kb!cFzdRqU2JC^P6ueu@fv`yRnd-_Rq+P) zlWIZ|rY1Pq>uLMN_?+)5g_+^q$x4=KX(>`48_G^z1z@taV~?F4bM@d| z39VG#>IzGa1vqlKYTjDyFMK@reJH3Q{ob=skQeQ*(7vO;@beSy8KZ`8j0ecy$a{rc z0m?@DzWoQU-K0S>D;K&{x({BNlGE@i%nPVG@PIwQNWgv`}G9ipK2%Sg;+;|kr8ZYiUN;K{#! zJ5SX;CO2B{nr*a6T-iJ!uPayPJkbO(vR&x4+o2QHMw+;|fqwywIa2mACnRx=tjQd| zLGY_Ot#pOxNXrHqlBvp8GGwOviCB+)YxIcFoO=I|DsxvJL9)KnGh6Vu>!^KHrI0oFL3F81ttQSDA%lB%NiJln~1 z@@c1ZpmRqjTmA+Dj?-w+vZx(F94S`1>v6khNReO_4J$5}fap=ZlcnT<@)6y1g*4T8 zll*)vbj~rK2;dNb!rC%v4F22E{$!X z&Y>eOmrl28<<5)i-v_w_`QZ}#rzcV+vi1q`{M!^6WZVvq1I7dh0`h%ietmtQXQrm8dwUj@>`|eWT|CZhcK%L8 z+5Yd;M-{JBJQAs9Mjfv#J$rt048Rotu~38c_3C_>IV*5r)Ow;*-IM!2h8X^1Il~>>&KX36L!mUB-v`F4e8~%awx^`p1nFcXM;|yTFB0 z0&>&a<5IPnO&7Qn)aOt6Ru;TeWuh~Zl(jH_q}eG^3ZXT}#Duch?l&>?h9^PQjWg5o z^`8rCeDV1}Cjx5W2M@X2L_%D5@5YUf<%oIB!zY=pANRTLuDCLDeBR}p%mlDiMyVMT_Z5lAcU482Tns{VNX&cbW4 zdVl79zqO{ip~}$RpRHoRawA(i)Oa8Y^JJu7lj&ajr3iOznisY--UVlTRn^|z>|{By z>g+0RQoVajIt8W4+hraE>+-ck1J8u%84yIjxRPw@0%Mt*Sk}n=P5;i{oHW?JovA6? zSFc`==$r@CTsg+vuBsFF`F40&i|TxJkMW$k$ZwumI~yx2n2mR7pmGs|S6=t*jB||l z^`2CirSFi62vze)m>8DX(G0{(^MUax-fgoefY^|b?w=oGVjiavl-)-&(Uuj%V?A@%B%CVg3QTv_u>ad0z{kOX5PcBv zE;=cfJ9vAI#RjfUzQ#?;e_z0CgW$(2&!b0`Z4hXHG1dOAf$#Zxa7~R1ho>^j{a37; zTi~F~X6wc-lLd*8ziSBKOAvbO-;9Zk&DtcUvCSze_L;`|D!1$07qTp1Dc|4i5t})l zW5uJmp59jh-a5aP$*gwS+H}lh@PII>KkJ?l^ta!>^X~mbgN;x-XU;01WAaGVteb#= z{d{i>GoV#iX9{TO>P`r)SMMj!&}9kEJ-xF+iu`^Rj^ZHA#tbypFa* zD!a7ziX57Gr!dzT|9Ct7Xu9LxXXN0J6pq@%b%77&IQ${_&(BAJJK6hsemBhFf7L}3 z|Lu({cEL;5F?UG7c~CQ02vvhUafdi{_3~@&rWoMa7d`&5)fOKoa3%0>-ciY--T53IpsRP)To)M~pQB*PjAw_@37_Pf2Je zr}(Db_S$UV%t!5Yc0@dX{wDA`evzpmU&ZH}8C<@6IdC@CjC|{PD99Vp#ZQ4U0`qq| z4UBLDuY{}@6zg@O#c?+O7^|m`O!DHmy7Gbn&*2w!9f*jE4sE}x{e`_7D@mh=IeXfU zlsE!Fz$%2`t~Ci;KI1BXY?##F-@m?Gvyul8EudMFA^(`I=ez974i(uH8E9_blC~)8 zZQ|D|0FkEX*1q$XF8u+dnJcEBuLq0)FD!ibr?#V$ldAom#|CuK!z>-awzf7yUEOzi zrszEO*s)jo9{&ya+-~`UB!?I4>pod1lq8^L-HoPhUGpO+fFkmfynV~#t<~>r_v-pL z0fS5O@ObKd4|WOa<9Y3+34da_SK}ho0B6zj>m@p9E?U0vKxGeaus_@9Y72eghPfi)hT`{p;7C2hzy7 zGSKRU9xc{jfqCgVpp{gOK~~jCQgTaz(<#cg@7&3=#JH=@r+BXq7-)@90sgxG>{%ti zGL8nsOdSDWhMn~@!?;6(_So#e^9STAv~xN;JJVd>pHw6h)_`{D60(6eTOt&twY(R} zW(&kXFe;}5HZON;>lvuuTJ=wF0S*VaN;KY|))-Ai`L9f}SCC(&i<%z~b!0C;oip zyU=?U_|fiZF}E^4fBx*%?Mfq$uwBc@3r|O#vlqV}mK|jK2QLF)jphXg`EQ8=|M-rJ zW_D3rY`?!|d|8=7wyX!(MFe43irr>f2yMguT~hF0h|TXpBqS zhqLe+r|zVY0khoux4(b?o+M`%%AQ^Tg`~i;j+QVOD#9{d4E~YXu6vp!0Qp2<)h6E* z9sH7s@gTZm)PFs7svtf6Oi&8h%Dv(I^y!mdFN?l{^}w8)YS)-t82*wW z`gCOoWIH5+xoz>~(JN~N!x!6r5Y-&|>afrfh6wj=iLnAA9>r1V4d=bMD@J$jgi#~H z&F4S}`L^8C(b2zxWfe}hMvgUwnI9^hoC7xe6zI_tCmv%eKiEj^b@PM#m*+JOaj6Tv z7Q9uAGDs@~GX3yAD)4HsO$Mzi*IRLlKP)~}=0Mk<78G<$f z8#)9%wgC62Bw_Bs%N;isi1r?kwfA1!dUM=XNRchNrSrAgH)YNLOl6JEV%rEH$nH z&pJ7d3zYBQxJtM6`a^ZZ<+y)!I>}BfNoxLu0JNaNQkn2<6?K`YE~m=;$QxLICQQjbZM;Uy3seWwvy@$zo>?en<}$~A>A&1{nxWCvL8YfVgKmhi$Q|R zPF1k}h&zZ)L)|99{aY$$;;*cFeYL(_G+v~r7CGFsd3$i6GJh%G&o{K@BbHbi;W}=h zeT+3`B#L30d|_5uqp!kzRhmo&7vCALJ47$3)}5682ei7R7As@kP$q7Bl&gzGOePF& zBcGYdq>BxTGFKCxz4YDrF`jjH@CHl-#LlEo71)=BhlqHhoi4dDJ?J*x~4PW;!Ren7M~^=HTe~9l+np@07F> z%VQ@7>wyp1p)0s+w=4J%Hf`>mMiuC|-)_P3e$W{W`xyS)h~t8Sh4I#bI{w7U(a0Bc~Ra0baP#uTo683O&55 zRgsnh!j{!t!K}$z6vOGa=YoYatZ-#M~qG9@3E35gM}eMP(sG*3O8aQz-uZiF}me> zcyd6-`l%lEylHJTuI%K~-AdO?odc^UR<@V?b|0G-Zth*o>18Hw`t z&*#P>!+4FYu)KxVJ{m0;`|fiD!@a zZj>5KrfOI!69);CG$$6{X$3=hd3n&X23_VY?dh&pc5H~@qAH`FTo4y$Hw|0Qc6LL< zfS0v`)uL;!Np0d6N;yUs-m_k=nVW$6(8-sROep!0%1S~yCWGG2a>9ioBVdiggC<8< zK_|afaM7om9)#V^Nn;0x%&;S3h2o8kKv~Qa*W4`N0|c~z(1~BuU8|uPz?W?DK1tE{ zXS2}QKvE%SE(A_z(4#q&&=={vv1FnexSmr|5-~E(+NB!Qt#v4LqT^}GQ(WR`q`)Y?KxK z0_a%e({!Y+AYjwT!Xhd41iexd2u-j&0T{gFw>nk^e!I5C&7Z3u=IF5W&)MN9=HT#af4~;L$nb80}kI}TV=x%It_B|91y2kyZBFRNzKxuPLJK) z4EU)>5<(7vPxg2pIXJRNnFfMeUZk_o@#1R8gNm+svetdS@=wVY!&=)j0&I;P)Fp{m ziUI4V7qab$FErNnp2H2;XS6N==URWKtN}iuRSe_$C#whXh~lgldL7ugdHy z+ybW>4{gvu{}#aME_3gc$&OcbZMW&v`TXxH^9$$&40*8&R=3rEtUE#Fo^OF8ZDTH( z)elt2?o^DqSgDMn%V2Ru<9!B`zJiO9XrXH{bGI*>&QnjOE%7|ng0JU9IG!%IDYX=A zQ+47`HY5Bs&7N*Su5kp+x`~8;I(bdl^&1(SKQ}-ckcgwt>)GO{uUftr00)$<+}^8xZv$&mB9+x6XrNF6Gbe zu+2DUU%nnLZ>#~GG`Eq=$#(r;f-jAv?j{KiIWq^S21%OcvU zC!yG^p6&;ba&Exi(@Ok0Lb&{nQTMK!9lB35{LbI}4l;oX4W zd9KKOuP<#PRlMs$=;`Vj+&My`xFOmvsz~cTyGoz=94^xjD7u2Rs;1NaKvk(xPcY?T zI|YMMB%+J^t9}21#AMhth51PxTfu7CuoFleWKSsOh>48WG*34dHCts?ge1~j&0S4f z)r#vcq@GaLmoh_}KI->R0(~UV4A$1qX|lzRM&cBG9q1p(ff!#TF4>F z_dy%}(I(=`qzAuPXIt58Jt z1ZfBKML))xD3Q_vP-aK(-N32LpPFDby!0z+q}&Y40ZlNjKYv7$xA&&~OO~GEi+qh5rL40_~*K| zF@dbo_&FRhqoCjlEH7F+Rr>I$%_rs!cu{W)o~M`-A2i7Gj5DOal0AJz-dC3;YNV~r z$Y|eYlYyWMy}{k_YYhG~TTg#|Sjc%jLB6A_tM`92`iw{)*}D`jsY!&CG#qhr9Vsd` zqX5X%(P={|x0y&Y6a3mFI{^F&MF2i$e)GWkwsi01kgR`+V1B zQ!99(*yW)kWzZOkehk{rwAsQw;HKwezx`N@Yh#u`(I5-WbZi0hGeUVns@L zw1kv~#zf-Z{pR2V7H74^XfAfu)NBf~5WJK>#MKpy1rQ(MVLiaCEqN45(K9UP-bw?k z=D&!qU~mqG?_|}y^Z)Qel06;UFC13zn6v_ow;`#G-?_N?_=ceVL^lc50${dmNmaLA zvS{@XIxgsdMIg4S0{r7=*Rezi-OK*|eUbh)SrTfma)xpXhYXeG| z7^nA;p|Qr7hc+fURt78dEV-1qD_RrR2$eeaXzRMW;AoBF)_|+h+67yFuOKlP(5A4o zf>d1udiM~B4l!|YLDqX``fjUE+7;W{U}V1dt`VpgZSD;)&zqmzy^%Db#mp-y`mG+Y zw$-ykV{DgXvsg&xbSqSGMB8t<0OEr0UpKSqTb`IC1(1j3*@v3|rgi?^W#Q;6y;+?m z7S-$aA#3dtv|SAbfWQ+wji7uX+fkFitFFKuD|RjY9iaPF-s3!5Qq=3|+Xm?M0k^G- z190q+^AX=WrziHCr4$`HXEkwLZwc9ZV4qFAjpr*M2;>p0lMCOAD685-bsx0>SU}33 z?ev94p3d`a5vDzhzVhqH<@>;LG%!{QBlUht$vjos6K^>n%h&?FjS)8R?PeLNR9*9{ zRC#WBSc=iuKaM&9uwKN&bH~5}&4q1)QwE29@$>=C1S?-~#nZth-lV zXhr5~=O+c!dxX8Vu?UP@v54unD| z05wC8aVZEAmGuo^UXSv*pXCI&o{mnR^!^@3} zVY04f@@>Qr5bS%+Y@`WY!Vq!;y~1s5sT=dzx9_%)n)jtDw)PM$fz1Ifng+f*k>E@i zkGgFXT>suc4t<4ilV9sI*rh=h(ZBSfEtPAC2O^VaEda?3%;2cp0qZaGz9lN`$OdZ4 z0AK!O!tSJUlf+wRVOvI|mJ0Rhw)?26JUF{{Ur_dF;C3sRA=Z^lyfqLd4uBW+TnZTK}}%a{-{l{_Wqnm z|B*L`T9$sBzg%YLTO)=z;$}0kydF?f)|ZpR%n6 zb##jVs+r$ZkNpl%>TnH|lbWRDCL~Uc7jL8{9h-`eoQ#|HTPqh>QP6$=Ewo9RDj> zcjMX0=0&Yf_wV0N(fr4a=<9<+CiIDKOn|EUkN>>Bn6p&7chhn_zZ?2r2v+}%3@QJ8 ztTX>F?ljkH{KtCQIL*y?T6-hvUqbPL@&B}Fpl}+$ ztXb|qc3*F_+$ZHAZhWEk>?_{ny!aYW^6^;T!H}_*T4r@(=6Nr1&$ui|>RK?Q_mjbQ zV=c~&`(VBOkJ=vSfpe5bWa#BvUuqOJg1%cyF4-95!8BmSm9zr5n~{mLB;-Bfj~vvfTu}$iVE?4qc7ECdz&T z7n-%>5>m~V^xoFvrT)ol1w~)~FP6?bobC31`<)cU-CCu^-Cw$JYsk=O=T`>6ZXHBu zVncnnGUOYFW_6t~!B_K$?3Yb0%*-%s>8=yrC299zvfllmp(PeF>wPbogqWq*(@H>xc(_7GNLhbtpU(lEV*h z{r>yNb>{$%j zPA1p99{IAIWc1Uw?u2Mgg33B)e-2Zy=KsB}G%rn=bXV9PtuR+8jU*|}%7hVv9L_VH zOb~P~2L(vig|7pIG;5nIN5*Ch>W4?~snR$(O}@`+!MEMbQJ%Uv{3T$cboC;(1%{tC zxi}c4k|~KPT~7o(E+~{5jazZHlv1hvdAifs|M7g4MK6ofePa9g;-;_q{j1ROpzN7m z=)njA8~|zjk+#Wxc=BYu?#n{BxU-}9(EKAt>erFw221_eo=fbeNT$=1&LQ8b`)|?% zXV^O&q(^s6to4YUgMs-^NPxDMx}%VnX#oxN7udD)Py;?a#Gug-s{p#a#E=2Qp8@b8 zbo|@U^K^<;c}hs@0GVoH!z|;>fegLu=^bh()=7a}>^+_yJ(1lXX)28FJKOFjQz^-E z%)=Er163%f1xftR^yoRH@Z5oPF7MGYKPI$?sT#-OMdWDxcD>{o`%+7jwSW*v1X5J9 z#zXxu_&g_(f(|}t`r_lBc?W#HmKh@EmAX#w)NA!{Z$@$%uB#TjC5`T>u2svrb}o2> zygYV-2wRf{5%z@}S^BIZ3NnMnnAtM)=9Jm3~G`T6bMKBg)E~l$CjC`~n)0wxqMrN}7kr3twJAG0wHbuB3TVfcP-Buvri2oTW z-(35ZdAezAgOY>+GVsx=*osz|RjAzwXzdJTu9igsM%sML&$j|CvIfc@b%*ymdZt%y zT!Y`IqD5Rvii&fH$N(^jOKZ4)NYlDswetJkhIMd>${TB>oQ*Tkm_yE5T=cV zB2#6Vle; z4EoF;w)fV_UZirZ8EjZ(TW%-my8Dzl_%1MmMV^@a`|}e%7Wc6wu9syLOQ8JmPs*&_ z_WR2lNJz{~nRS+TM+(}S0re!uq1TNs2W{gRQLDJjNUXSdMugJJOd&egxdU}uK3`f} z{1qYRd-Lkv$|K)adZ)=%(Z*m{5=yCWZO~L%(x#v@-51mKcf$-RB*?yWxa;()DH{VW zp#!aks*Toey|~!!_R9A}m)|pspDz>sA}E9X*~=;`m{jS4y8+*U*n}q2XlA%=MK3wx z?_~(7WFy+jBZME8{ojVPb*!Q`^2H>z$s(wtuR>-%z)@%TXUk;{vSZajLo2aYEqflF zLWd`g>;jQzAreDigJ6li|M|(8Hq@Jr&I`j)TTUee$sq%09CCB2Iq}zR%~EXh@$VY} zE(@Y>I7TmHGpa_+|KktA-)p4I#=wYn zr4%^0gvY*6#QTiIbFgsF{o#U&itrPqbx&bahbyR1UB~5C1<>n zP0f#1@r4FLyglGt;pyTw=%I{kPksV>e(kjV(9A?y)hg;be}bTm+E< zpNm97U)Gkngy6csz5S?6aO%xqYwAM+STk<^0Ne0lBwo)Z&0E%)T5w}OOCyX zFu$SFT7uh)T)HE7;5mr(_I2&MhI6WqyG_bif5!l-5OLy-Xrvh1=O*pV83+XZ_79xq zkb1?$GOkC=P*^Sd_wiBw2a9#ZFv)V#uclz3N578Rsyr93HyeIu^%or=96Ym1gM)@c06^63geKPC@e2i1y=#yNJr+}z49hTi zoNvv&q48Z_M_)zGEIe;9dbgj`G^d8VqraQz;v3R~#`*z*RS-i(QW}?BfJ8behHL9@2 z9XkMx&1G>Xp?b=nM%93WU>6+(4Kp}Z@=Z(*A5l=MU_(ARkEsJemnC0KCP+SQxW_O1 z4qSwl#fV6spRDJ~bwo|x-GhUgy14f%z#9)@EYs)xCs7?kI(yW*!gkR52WRz|Pe7l~ zY;?Uxfsd(yzn!&pg-h-v$0o_=lgGInNM`hGbECgkb>vxh3aO2&*1kP0tG-Nu^$P~O zk{MO5hIJr4SAZFBQ zr-ilC-yRSXqcQdGa;t5xZSPcC1gMs$c{U@98z+FB*rW8CC+EFP5n}ryOmgZapP~0n zxIcR-Q<-P z8gdw*?xNM!Ryk!?iA_Zt6n}&Fb~F2flk_A+$?8J%la37y@=n-io~;v82`ghWSp)ln zCQC~qlf`mKpB|AZ1T+NbmDtE1Uc~^-$p`6S;*eTVp})MUuj8#)k6A_U%Bo?0G}6_g zP?r2%q8+3uy~=g-I~$-ApPGa?^!Toca;yY=R#&cTcIBc1(a6c*!qbMn^Po}8*FP(# z&Hqf`jh_c5iUvXBh^u1>UhUV&G;}lM$K69B?~nRTY#mf^_M=;7x~|t1L-$=smY$aU zFUI2uqCc+8<5YV0r$=j4RC-TjjSO$JXOA}$`$xBm^DV|y9>1)f&qf3YG4D0-0Yq{f zs#VtU4dTv$uiqU2!i+r+&s2!ZD=o-u*j3H3yB7oCNauPXin z|090#VBwA#{3_AChVzgU@0`q_%glpKHQ-uPm|v~6?z6p_q!0f{IU3NsJH-0Z*_@!G zsy#B6%6S$rW6nA7Ywf49wQcru>UN%Q-bD_s^O$*3FQVK6)D?N%HR<-=hCz z90#PKg{KUeG(aWd+i508&nM>>J}^$YNLUIzQwpi=-kb|j)1|nrjrcq*f+VgQih7at zAWgrj8yf6G2)COyUt6XvaLi`Iiyr9~H3(N2<}iG&+Zaw_$!RmHS?-Oth-w`cpvQD%y1 zanAkwNSC64v^bO0F)haiURJ^Hr;8%dB&|Q!%2A)f?W9STaSlNNWkqq^1s>X`%DKLx zfz4V{XCzJ-)}GHs)o=HtT);PLi1F`K?bS-G!(0Y~j{G$}`|};fK_VSVFJUea(6CSt z8S*#!z+w&dmPcm5_@$HTKa1XTv#1U!yXFJK&S+D>?qn@QLEYux5?EP#YHNOUIXJtB zbtzg;79pv+VMbV+wp%3l?LLV`?78syzsy{%WJcWH+lU(?L!DDn+oRJ|TG?+}YqY;q z*A;!4dwN_5gCwuZm(&v4DyVl{dZ%Z^|Evai>K&RLB@-f`A#wdVg=x$5fu2E{FEwg* zG7NvJh(!@W=5Q+vPKnmNb#uR$zC%^~KQ8sOp?YWC8ol$GGC?SNGxoC7iAlBXb$HD9 z_DBy5qshGeCGE%5pcF3G{{~|njld?Hsyay=2=u|sH*b}GGGM+ZnWOp>!(R1sr0UddtP1q2g1`7a$s*4pZ(HmZT zJ>X#{O&CEk{-wOb=xCC+`19xnZPH4C&llg*iH>e+pU%}8&nJ}SeablQ4Fgo9X?&M6 z5m_~$g89lOOjdrjFv|2L)Yp0?2OGf=oR%NK2b!1JZL_~LS3Qnf*P)V)gR3qnMv2s@ zf5*rul@GPZj||=Gt+kjr5P0Zl{0;+ghI8`Xn^<_7nd0d+C+Znw0-l0_A*dbroc}gv zE&}9dBA0VP?7~y1eC2#1Az`T;oSm{6W>*ps9A+qmqgQUg-&vp1cpr=B&>#9QM<)C+QO?Y!%bApKY{5zn|$2E76v0AKLxdXAwbv*;Q!jUcK6zbah z&>@`pIfu;b>@C=2gLSJyb5YMD6Kt8CQ|8T+Q&-9|NFcCWPcPLgGReEs(3L~L3I;B%8Uq@d1S56F_X_C zGYk{<0Tg&;YI=1INO&p8PX%^}j^t~-_|8w(@`9mxT)oEto7>(b@5h2_J%!$vtpHD% z(_c9suHa-!Gbojbm79QOYa7nsi@h6xuPq<9i+;yH04e=FHc}peBLb>}CkSwLQ zqhU|zcYM`|N2jVesf9=J(Kw;{5?CRJJo_&AazTj0gAUivL6)wN3G&+`Uh^n~@A~cN zKFY@XJ|t?n33QoZTh$aFVM+2Bme5#+!LA4tbi%fattmmW4ma|Gh+n;wZ6qA3iOM`{ z-fk-js1*@IhH9t4&lVhBz*_<=g&NSJl*KoLd z-@zlEe{yTOrj7dQRIJ^S^`r9MrAuHLgV(7ou;cKXDPY}j8TLEVc!gL&(O#iNhxuPe z(IU(Al2=1<)2_lx{PJU4=B~*z5umjH%#?SG_hkHAAgcVi-FHJc(mfqWGVGy!07e-# z=`WelysnWmXu{E4YmkpJeZ?C8jm^K;Yiq8Q6gBrp?FaEu-u75`ZrZ@FMdmo*m(i>y z1z1$)*;mSFmlz<5D8ob6OOZ8bO`btd2icPKr| zy2K>K9A||8A^k}D9LwAr39)n$+h#e_r=ykZonor2LKG{4a47Y!;=&7zieo*bR;hbn8n(^U2JCTV>DwjO?3}YURfq3q^N2qQ;j$o^5*1JW(%Z zul-zq9KAK)6UMx`!(X@O^EQBaC|{)eXS#qUAAFX3>q7;fALhrG(X!X2u3*5Ip!aF?vYsNy2jK^bqtSB;YHy6-sO-3T zJ6ut`9m2Ln3^e+@a)oM1c%o{7t8WdHyvbhuP<}cA5FI1CAsh$p33+^Y;XhElHaq^|T)0D_ z=$U!r$M@QR3hvLK9qvisPH%<9%xKc?)XS?@BS7~pCx4_L{w!Ef(pi67P`D-EH%ipi=-PV{2p)W4~G^RpOtUHIe_x-z3cPsSF zECZ3cixoJ@n?*&3S-NO=4ZEn%vq7y*fE5I|Z8tH!;dgWppw$Cy*#Pc&%Ym z0nE!nsQ#TfKlC0ofX6)DG)P<_wi;hd<%zEEG;&MPeN1h+GVn#-?L38FKb`VrV#d|R zNa(7=gFl6G2;UqjOn)+22C5#E?d74_=+KqKn)*-zmBK;W@H7@4Xmd`Mtp3ebgOMlJ z%Yr=?%FN_cOkhrfg5@M<>w$(peJOvFZ#I`D*1ZhL*)nbnIGh&~NlnjSL0XHV7;!V` zBqyB@rx$*2$Qb~S$FIBNuLuUwNn@jpx_)6n);A~0nJ7$|p)(-&gLh#+fYN`bN6(vyU>6AzH#>7%GbvuZpS~HHCpSzlxk~Rm3{UUd~*L08ACW`$yUV{ zx#T+?c?7l$l3rsUN6_ARXX6Zv>8|kDYt9IHgsD>DlLQLFaOM2d zCUPm{zkWrA@bH=NK;_fGnwtSByLs#J=wtunG1LV}?H~X;%?9rh>TIlau=%jlD)Z>P zAU(o}96F3XD$cYM5`Hv#-&9GBq{J7@XCY(lX)o@3pWNEnczty>7t-?AZR06#W0|jt z8J*g8`|5;j*WiT4ft&U(&3C_!Sr1ItPC<`D;tl$wx>d~YlW&cS7B|^HAQZ|aGM@e{ z@@TGZ;-^F9z^PWBj5WA%Tf{=g??~brZ&N~*KpeeQVM#7cBcoFoTkow~q}Ny3*4+DF zM&PJd!}scpb#Tj|=(tqzg)CfE8X2Q@I{?#pnkxK@B zXF+9dE$_$B-dX4^=KJi}Np8qJ-q+ZD6We5c6dcAS*wgUj;V#5sb1%@nYR5sr+TtsC zvk56GI!iW|Sb+{$_;fU<%%j^Mh>e>#_dV;3kaiVJwDt3%W@q{)c@i#BZ%UIc6K1g< z74yKWRgr!ZKY?rha#kXtNNvMqE|C$8>driRpEwXPjsHPar2DhLB_&Oz?!6hLk;pwp zic%i%!;g<>qlG!s7+w{SR7!EOp#cwV3>W@HKJn^-$Akh(t5=hKi9V(!#8iTOE2YZ&LZDsjFU%r0-uLjE|1~sYQD)laB^@pF{t5# z3iNQl9S0IK?lpM=x9I=XX{~%{23C@43wQudBeiG0#qsUzbK#c$HsA>9w|_Lh_cm_F zRPM1nv99X~8H1W;g!NCcEN;(~X*0#0`r06{4XN_(8C}86p5HE)tN%==qF07^c#5sS@@Z-XxDdKdO1D*V)y+rVXc!o^x(b zb0Qt7N*uP$Jg-W^{N4YGahoG<|8D$PMzNEsdD8Hm>PV$q&9p4Ht0)~Kh>BW%8Hj7~ zH}ZRT?-dL1g<6!A%+M;n1aiBX|5kwqdCrqNTdqN--EZg*($$7bgS0@pORje>pkv`H znbYmS@LjozHK~j0EU~`09#W@$yIEDd08)JdeqB1J<=&L=RCbeAc4-ynYSyPTnlBSE zegrG6SU)!4ycPVu^I(YKR`>sr#M#TOKP!-%i(?v{EgU15q3MHm!G7^n`ngUhqNx>y zw$q(k|G0OIgw!~1$LB7kP5v*+#xXIcJndlxUJE@-6r#4ARY;zDF;8rYZu|v7qwdMXs)gu1k}HQCWC)jC`-(*Hb5nd018ZqOYm~Gd;fUvK>;C2jYBkDWQJ-n+ zM`U!UQ|ZCgkDIaC4oS3f=U1c2ResSwiUcPwy1&O9isnT6X&sMkpbLK!-e=9JSr$cn z(qogZduU~yEUi%{+*N?GO(y($b97?2z2~0ypdNA0_08wMp9}f!0B@<~y_W{>{i{Ac zhx#zZChhg}d3wFy?Td;RyzV8FDfWD=@>-OWzmqiyC;djs`0BJ8mr}vldd+734EXO+ ztsf*~L0n4Eej>w1GD*>UN^`7=;)4_wifuMm_6V|)m{8dGyiT9|mI=f`#7HjdrQe*t zgD8QzFka`*of9l;st-nr_MOn+8!lOWHE6(%okG$K1hf*I5+CV(2$Ce6O{;XW@a}0i z@3~q2d;GpG>AODdgQJE2J;-grkfZe$!c9YxR@f?X(E1WgV+F%In-(^g^x7!d4HJ65 zzb!J-`p!GVhbS54dYrvG=}opOy3WI=Z<NNG0fK&C>Syl3<-d z`-}5Ttsl|GxQzir{PbLSkIJQ)DACakxhB`%-s#*Gl(JaujJj}tvEadI0`I5!pj0kQdb5})uQy{qX7jZnTu7A>5Rs*VM7Jg|q)k61P8pfn` zz+aLa8QqQB8~*su6s?evx#M4RloA!D%LW>BP#xp5yUtxN4+e~F5Gk7!Q`C~sGkad( zQh%4UtYfRxubZ`6a{U?NgDN<;5Y@ruT&zkRj!HF|D!r2}M6rh0fd^gp=gBpcFwr9(3v z&rFw@{CRGZ5jyP-@cn%OPmCXr-&=!&7UI7fsMJ1$pdg!@$`;MleSL2`nv`CBj>>F1 zF{-ZJmU_>gKq&PpGDzffS^AW>`FFuWU~Q`R*~Yc~H^7HX>gPxZ!=78n;yd!G5u@tI z|N1DNc5vl>(uv2O>S1hwfpcTUA|iu4vdNB_#IJi3PmE}f^CNHk;@A?euzgj94CAC8A@erd}7GOqWU>%Ya0=vzKATr3cjr*>`HCX|z}eHqk)NZ2t->f(i5i{vAUJ?-z6LI|pYPao3VqtUb7yF;!$U!x`zA3Wt2(UkE& ze5yWRZtnlaA$fCpufm|Ey8-!?8rsUU4>MqLyl(OWIsaU9ilG&`&oa6rv2ZuWGP4MC zqh01S4SCdA&He^zVV%5>sVa!xJz9kTtRL_pn3}5hD=y72563`HR5p5$CkSBC(pm=$ zeUkbX4+qHqliTfaRp8F84kgv`&wAtk7?Ms6nrm{e;Lg>J1aT`IhtOxd@JCuX;Dpg~ z_YnJhPOV#|e5`{elC7GTFTA^{Ks)S%jRUH@No@ao3uFFU^szjac1Zg|bl5^O63~wn zzv(fa&j=h1!Huq#sHdu>OE1ePkMx8AtML|@W1bI!TiZ6OJ!(u~_D$*hJB;4%^<8<; zM)h5>J*IU79EayLW;JQ|2t8dEQ_9c+l)}O9AH6cM4L8x=K|JGF;vTj@wA|wlRMX@f z7)z+j8PEM@dnOFALHyuv(6mb}5)G2WF^%QN;d2)*T{<&t{r)4I@=8>`@c;%6Bg2~X zE>1WQDhyJGaEAAHMt_ePIp4@KGl3f7Of&roGOwh=EM@#(JLe6Cg!5uxSK#Icg3e2pm$&I3HzRIO zW&Y+l_wQ(o6>Yt^6Gh96yr)q*&wP_@CUyPYP$s>n;noj5(tHFeCV(qhmz6GU%RPjF z+*A+_NjIt=O@Lg7Lo9s{Ho^m&r9IsTj{vI7jhm}xMgHl>XSC}`Ax{wQNweYam859Y z0ueMbwf;w`829k&F}`~BCT%5NDEU-|8{b%y8B>gJu^}7dq=YwrJ%&_!us1(6or*8N z1^(&LAc1mn=JGQcuTWF542V32*W}LJ3aNF@Rxy8UUftzq{H6bacJL!m5A?y$;!bhn zs#3Gc=Q>P5VlwOpb$SFrSsjTMG$8weV8!By2?D~S`t(L|vFKv*2(;!C?sb;u9v%q9 zi8!6=C=V$4_8YA+z_2*qCUjW8O1i4CZh&Xe*AE*Q&$Ve=)qD}906;|wn-LZ4_5Ia9 z1AulJmtHVPvH^8oWpV2j3n73seOR99l=doNKi;LeHs4b(wa~a8S*aqrDmB!r7o8{E zWv{|$jbvJ5bW6C`?E2Z?`)ZiSc*2K0rkA~iAZGL*zQQ!$V%O21k0)jm3q&Y!V@p0L z;VT!;mU@?is@{G$UOmpfQ_$T6!l;NEwdc^h$|ChrCtsJb69yhoC+=lofID}|1=4Ab zH!bmI{?PTKujLUoF?v(ayp$dx=0|RLUR!Wx6^av{u+QL2=d-B`mKG2+v28G>+1neyQq~0Ie6FXOBmiiT}|j z%$a9!PH}u+BL~y$+}y_xUse6Y?nhjf3@8RCj)AMOCq~6Mfv0bI?`4MC8YDqsn|6pIwQl<0+V0qr(*kH3W^MOH_mX&O$S2N2>3wJ4GIR;RiIZ(AOfqTh=yz zv^cmS{&|Z(vI(PxP5G<89UN&z14ZU_E~FbGG=?>$1`jv+pwPD>ePg5Bv|7Iut3A-k z?|aGMc8zBSRj}d%iwCIe6)i-hnBgO~e>o$d&f}j~BBOR0YYG3wbiNvmi@upo<_$MD zzd=!fZ(KG{v6K8P;HNhj`dGC{ho|6E^{iZY+BCU?UAbv;*>V2#zPAd?4y9D%r$=Z@ z(zYf}R|kavz8jL*D1{3`ljVvV$8^~!tAR>x^Jb$_Ky_1b>c?F(fP`x20W;Z9^jBzy zc9wywwj!TaEH*?+4ih`^GbI|V~esT(_E-p;&Cm6&)LCs?8Iq5P=cR_vuVDZ$c{?CR=#Kbo!-w0 zGLet{OSIbln$(caXMK1jc9cEvt+nzrz^QS^T)}drNPg;9$!b}aV~@G6tC0yIc&(9N zO7`J#!x7&bgF;c&r|kc93BT;+WOPBtj9`KaZ7Heyuk)e@m>j)!A` zS&b9l{5wV3KL6Cvjy5UVgzMUi&`%mM>AkN|OW$`Ey1E@R@uHPsR|igqRSw?276-bQ zg{1WLV1v@4HD8Na>;=m^|1)i=t93g+n=F|uNdk0mSYHPEx$Rnya2Y`i~2MzJ9 zHg|Nx$s8(M-Z9$-&#AUW-~-C)KQBh=(+EetB)v%X>H}PiOC&U9oThKaoo`R$?|&-N z6^fJ|R0;?D%4+Oja_4u=&f!6_@4d2O?@G%UcYTicSP zvmy?_%6Jon6TN&R9uA5ogZK7m2DQd|Hzm&jw8tL)5I8mpiwNX8ba@dkW1Ho(d+ui_!wx~&TBjOyyV%j}_{ZE5}LZzJ;ZUk;HyIC81&u%NwnC)M56 zqv%7IvGV)?%`0nnhuJJO0=U2QpM0M#gJ*yDiA#*!Nx(dw<9O^jUbY?5zF6FO4Fy^U z0B$Gkc8RMR-~@u^>(S0df;yf(N%+6R3z?2OIhwt3Ga6p+O|{m#CeK)B%t%Faawx+* z$n&OuTl`$7rfcp2shOct^BV!sxd*z#w(EfV4r{N2nw$m%)BqmCeJIuP(6=#F?*}du zYK)0OMVqVL=~k>P&v+X0Sx0N^b)Fr_GH(UO2{JPodm(rjt2{nDr^bztl<{xW*YXyF z1=#P|G`mOn<>38e9#%dW@F9Sb4#pQkWl2<9dG(?Gpg1 zMXfbck@zSQq<-xOYRmw?BP+wH1jcPHIe3=a0#nrgeOiQlfPx%bMxh)<*o(n?C1<5esJ?ZBATN>Iw_yZlQfQ^4kPmu$laU_2+T z#~Sys|Z()qRvk|jI9n8zb;e2fBQ&GXsQM1?UOjVli>**BWKyB1-?#E5BgHU#8~LTQ zpi_ZP6=iero`49B{w4>TXI2JJ)UmY_oZtvzpF662HBhRqM@Ll=u4z2ZSPz5C!c6q8 zUJ!mR)JCyKA8$evKTAI;hh#7&762JF{M^l+=iMmUtFjNNX>#r}F9G-curNtqSiXzj z{yCp^p8AbMwZCe#NwBgFrQLOpkIQBc8y!{tUYe;v6MGU=HH3|-)O*+Y%_$x+9oYiL*^9QagUMxJjc7_fr+3qkK9f>dmA{Yii!P>n@|;tSZ7cg3QP9kK$b z$8x%{v?Pe>2e*|`gW>@JzCMU40oW-buXwGl@Yi%;x!srA-Zxy6B?AmDd|U^MjPBd} zDIc>cVJB0jDB#6={OM&I?az#b=J~Ju|I6gyk+;m_0#uRi?ZRxp!$IvbS4{OVFTEtW zcuX{_kS?1j4^Rozz%N0YYK#&`KQ9e=({3z}_Ej7;Ns|xZ%Xw<>+PS{^6FY#s{(!cL zluW&HX|XmUl+XVZR1dnYLw>ZbIM%n;X5OsF%tMOc><^eYXjwr>@XR4=b$`4r5o;VS zm9Qg%LI{=0Lty+PleB9t0fl2uJ(GGRUxSIHZ>#2n*=*gXfiDf3Y?X9tX(HcX@qpl~-W&1^0;MDwsiIr)yG4cJuX2o%hG;S+jJqbiLP&?0LH~WK z_wfkg);xOpv|3iN8B2%VXaF7lr-$D~3#}-O9a|SIISvB;RXeV@x!$i|8_>;N-epBRy0@^F-={cc6gMzGbus z%4z+~v`?yB_dX#MRyy}dq&T;J=?Nj&(k&JLp~+lBOIxoW2(9^G?(YxC`jHBBDAPf; z(C)4y&elI{wcsVZRM+yHJ+}bL+>!#_GQzInnV=JUvjtHzx(*DA*^=u$S1`wys0r%# zJZzn3zkgW$h!TQKd~hMRKhteK(P6|ks3khU-ArhSj$BilW|<#$Bb4~4AMFs25;Z4} zHuGLiqWSFuq(k18A0mkm@rz-&WQWiYW1SN#DU&N}+2uj*;8#O9&8zst?V6oL+B3&& z8gGwJUCBvJzo2e0V+<*$;=iB&c0IzSF>YdwZ>%0RI&^F6`}YZYd-m%u5eK{3Xb0|! z!>Ll9))1R6Neg*S;;FR^0_;gIm;`;fWofbL~Mf7~c{^nn(Ed8d$%OX1Y2 z{K)^4*Ky2*#+kjHPRtgg@w)#i$3HvBv>xu7Lxg%C;E5JqD{(2-Qngd`t@dDypI+*& z{&SBVku6J+0%v(*~_a4cs-h*Bo0Fdr;D=jtlDE_8C~HT+w1)%k&3W%JK^U zCHPMQTEFKF%>llH96m|67Aq@1)i`Y30BubbI3SRl_&oMFM3n*`2x1V1vi>RO+Ia>3 zDA_@Kg_eK+N+k7mv+Ch79iqVy9+{zr0F?^sR?Z(E&kQQ%tfc1uzGi1Y_ohpj@hd~3GX=9l1sm^$1)V_|a@atV>o*C6* z|4;Afb+lp_U+Vp~QJ$7q&+`lIs{$VdcWiml`II7H4)~|P^4wug(GVs1_qD)~iE1r2 zeDr~3kQXsKv+71*%4T42>wo^t(?|%=L|I{Y!v1tpUy8kMOm}x6+?^K2P>VTTs-PLT zd(JXLhMEv*1{^(h^Azem?Z8a=B)kliecveB%MhExM^qB(2EiR9u&3_r-NEKE*Ic>Y znrInJ^6+cwVwTnb##Qs%ndMjcJ!*DD+BrbwlX({+=M;KbdS9m<<^Gt{!it5pc?Drz z+nPRPUim^&ER91WSURD`tAVxM@ct8aUqFpuyl)`ZnNY$vBA@1i|I%5memf zEIJ%aaaERmP{lOTE1Chz`w6ExBB)$=J*h(m3RTh--hnPr3)5SIGv@b_Fo7+$<+z32 z+Cu9T+S3B8JKv-~va#HcJeWA;yZFt2c&B@0j!XB|Xwu=DGxg=Y_2bG~7z+Wppj1Vm z>CryvfByKG_O%?8+?dAvdtG$s=TC(j(L8^k`mO&dB!jZ~jOCZnpZ1-BZeu2(lq@Cv zk1|qRC27-ETl*kc#LyI1_%`TxTxpH>cebrI0lRQhm8;ooBRYsil#G$@bLN}+mxDsct#CLGdogE)K_!r=41jlOU(J=314^>d)!R$Ea!djV`*hsl4_N~BR=8vm<;U{--A5wLgy}6^3)0>QR z@iGRw4Pmorv#yoX5DrjT+KvN6NqSV~xmHR`6t5;^{u4vA>^fhZd$zZ*wutqk(cicw zO)Pt+@gUdNX3fip5Z*c&OYWUzRZ+vzHzU}X0t&NZAb7~}{@zGUA^ydWKAP;_*;jZ* z^h47vw9>9!gMKf&D@qRzQybUaNJ)jhzT&8J^z#;SCCqi41Zu*` z^j@P`1Zp=TQ>v$E(pA{D+Y4oLsKjdu7ol7?8V6Tu%y~a?ns?Z$J6MOq z92%tD;CZqDjZ%@m`y10W!N?yT{O(y@%7X*p01ikFBo;!~r*)$REa$%e8rYCqs3mpq z-x=&B`JXMI&5s36v!Ol*FdN0Su}OP7))Wn8B46!bXqLlm#D*wKsrtN-OkcVfYNq>J zH=&$buL3P?b%@4ZnrFPd2Re%cpPD>dIHcwNz>VqKN(OOFe~vRg+r28I z=#gggYGJW_TgBKeX+Y4>x^LznxWTp7c$}0!J}`Zd!KsQ0KmF*sFu8$ru@17*e^0-e zzQ`uMOnojd!vX{sgvK!&yj}?HXnryZLXPlI)6?qE=TWTa#!$OdS3_g)Tpa$}dbMwB zS)K9u-8{zr*H}1lb>64#Gy5#{t$O4YXX_I`<~v?>KLqe9fiTEh{DHRxpfrpZIr zXCb|lU)ZFFr#l@Rb&qUYBN|o9>vH}EBey)b8{XxLeIeZHuZeA2S#l@bypz~Lg9MZD zB?1HlE_RWzk3!V?85TlVpp@c}Ph z>IJ<=N7fn1%aoPDE6vMJ@UUNrzvwX_|$*1Ft1o)0E5S z3PJA!r>xBBB3VWWtdRdw@HI9OkSu3JDphKWjA>}4io_ly{9pwG2N`ZtfJ?bE-gL^%Qa7sF_+Q8Mp? z5pme_>Hz+C`biu7U16mk{&~jG9B`#TRQ*NeT}B}LjS3q@jv=evxa}>zlrhCE%eJ|o z=T|nGX{{+y-@dK14sAV}!tej{@6>5%Q$s&>aBFL;e@k*oX^3j!K>ao#y)`_1425Iu zp4$9$5nJuw^i$A|ig>6@4f(?g{9IfLz7gAhvVDK56y~kVwyG!ck#{m0wn=m< z<+#hCrKr+SF8b4i@$zC1mvxFtMf@rqjBlQ*p!~-~UhR!CIgT%q^;-6Mr+d@^VM`_3 zI)R@XS($M{83@r`ODq2i-yyjRIWs;P42>P9wzWu8DKasa4B5X;=ssyd8oBRg5{iktCz2b~V8ZrM;qGT^^zSfIw)H2HW!~M&&pJwecMe>( zv|9f?x#wj=W;LVW2G8@Jp4>84R1GZn)rlEDtKX{4eE9DHQ;mB&DUfQ=aZZ-KJuGw{ z_O9GFkFW9c_q!Ky+iXqN$m0VPF@#8GkyB}mAym>ca+mW>n3~MC=x)*Z#aVwR;8;_|(rprfV z-N=bgs*>~q5^zDMI^9;+{<7S?c=_$~59o#mOh(v^_jDVZNPv-qBWf+?uZrUqPpQ6~ z;-L8YuH~f4!1?_@&{>hbP=TxxMJuSf=j_C*Vi`cbGE)}}cM3t)3ZnIhgs4BwUGG~` zOXe)kp`gL$xQ9~Niop7NH&CSgL#M?zfN45Dj9aqMS5=X%1ds z_2y-M_A1w^7WAhgfA?_(6cIB^vFR;QmBF_9fI~TsmCYsz3Qq9O)6FYB5a%4LAcGQSxzzi zTxSPVo>M)=N|m!orpkSlk zlybkMcR8qZ4OIsOTAAoF!&cN!i(l!XKUnMlSl3&srX1c!hfS2--=Fq1_(tu`_YZT3 zUI=KugqNZhjh>hBO~{$Q%r@ivZJua9;|Nn_4b5(NQ#Sf6bza7Zzu6~BNAwr?uIbii zJjBZOs}4bbxcBPSL%fv9)mt^l$I&O*O6b=uy4|V2f^`B_JaZaaiWSC1@-JtDhmR=E zN$VktN4)b5**==tG?m{S_31imK#RSGIXoxlyzXNRK9hRwqBnV*Iu`_a-q_T4R``{- zi1aZQVy~H0Yf# z8TPkgB;`ESl5P(a;y0!YqYPi$w3;|(o(Kx@X_>B$g=(P6<)1U$2PV33U1dTiLs9zMujd zq!6aEhz&gci)_bOcL!0dFaDfx5kLGWL;UjrjL$Q_g#HSV`bI(jJ-_&*ctsn|0I5Xm z>5Edzg_}E4t^)rbZ*LveWdHt+6Cx_Nq6nz;Ez%$=9V3(wkd%-%kd*Eiqbwv81f)fJ zlaA2?5s>a2FnX}jW5j^%x#oR;kNf+H<99s&JiqH7L9Tem8Luw&V2v2QuFb*%Oy_j^|HsGtY>D^+KgrNeTlHAXs2UN-GVL1%%>sT z5pm~25c_0$_%zDyuHy)r5)|)D@k2r62tzZoW97m<*j8ZHFDJg9BB{wgC;Btc76Lua zIF!9}2SnGuU%xjVF6C>I{i^Bdxu!nPI<@tx9zVQGzxz2h?LX1@iY{zG56bTK+h~>T z<{6e1MGwdT;RsA>m#otx5luKHaB`9~$o}ccD*4qcxe@OAD|cd+5mh))=HdaG7~Yvo8U1#|Fljg}JWmLwo)1)`i!H@ykH|_3G!Kv8sp-EZ zsh>*NY|yP|cFfRLa=Sks$}(M*=h^h)Dl2yPShUOTD{c@Du6_BVJ|$x{>Z#Wu2HQ|i zDCl^PHxwD%BD{+>sZw)p;C=^Qt=+89V!UI_v6Wzl@4?TEv~Pj0nrCIm?$w%XHCpW@ zZ)G1Sa*o%&i#4`!hO; z%hob;Q%?eoj_9CsBvW7}6zGPV4wZSb5qt|rlTqVZI5`xXw zSu<{{9-JHB9Ci5jGWdVLY+up|f6v!A!8;(3fkrRL5bOTotc0ifV{3du2Fba?mm|bv z$`*XwWiqQm*;X(qL9Ov`^}s)$1KzA|wtGRuYO{~eM=w=&Q(liv#c1q^ej0|0|NaSj z!+J6L-G|NnJ6 z@)-2hm2`6}W9|e9Pb;lzL8{|%6*Z{rU63H~yPtpnD%T_PH%%(-Fsu>f^VUC5rvlA{ zXUKI9BB<+0xEVTTsp)Ls^$~oV`oIYE*xdhmfZ{^-6QF4P@xt6(OSlU;G&>FDNhpe*;F@epi=yoAV`?gv96u`OK$u>9Jxx{oc$~=4*d_K=eO9 zV8~o5dI@NZb+`+>fvacYG;@Y_>h!65>tEwv;2^)d?aDzR`3pe&JyNwiq)hZOzt%Z` zZmjszffA)53vd2?m84gIRVt5=oU|wBP@UuSA)z6PPb?0%uKr%u`Pcvc0Ka4cO(Zf2 zh(AzB?*fa;_1ArG|MR~8LO@^b|0}7!|0UgCMKL@)oB-4qURtsNx<{!4?UHt#2AG=@l+*wF=>A_Y-1}eKZs^$ea0sA8R`vTf71eJRbYD1=7Qbn%07;Z)c)S^A;3eL;DYB{4(nMKfxb zY)?y4&tCFnHT4<_N68n_!Tik45uD#Qbsud@S{(VuJdiy7YA$*mTIM1){BjbZ!->WR zGaOpTxO9&~zU0jg-9&;f1zUEEcwX6jq%fT@Tok%>f_7u`Y)GtL!^(+{y;z*d<91`E zsZ}_UiH$#CJ40ucxFLfHiVX%g<;P9iR`2>>^m~cp=?E4)p7YE2-q3Mpb-HHU zOQ-ISBLh)9^h@hb|Kh2E3b_qiM8ui4wl)DlLCsH}+PIS>4mqmYD}<(bfYmh33~F_MOT4dsS%5(L+ARDf7~|&~fWHU!dm+_$XV~&fxG~&DVP*W! z^aje2Cg-RFnlSUP-csJ2lcTQ5c7zoUkpp@4V^Xhob%G-E(@prr{ypr+1eVoFViC&K zb9@J`ZH+j1U+1-%L*H=-(oM(+SR0Uh;{Zgt=J3a~uCxujsgWArls+A+P~!q`3qNVZ zwXygUl7c&Ua2AKfsVA14s$5U&tue|MjSl1>1IE7YEiAy#kU);2+FRPww7vx6$d$qTWw=fFI`%33K)jHrc#yA2f{a6 z;KgF>M=E5W_CHtiC$eCk+pcWV*xECB8Up^amw@5|+ba*XWS7ddOtp$XJ^U&k&)^Y1 zf_31leYSp;)W_o1=+K}RgLpI!ln=Pws>uK3sqdE?ca}K%?{@Xqet}(cIawN5#S??j z3$3iygTnBwRagNXZJ<^6;awKb8g$?=Jz@On)$*c{XYVf~E`8z%l#R`au<+l z$stSVEu%7*7q)xvDf&E%j6i8!h|~muu?jl$cpTqf#}@2(Fw*LCd-vQPif~G+v)j?C z3_u2H^upD~War$s**Th^(Q%;Q%T_g=!&v?U(0G5T@Ovr+jmF}Ekevs3;YpA%-YlzpOMWbu>4`1i`N;B^&40R@3>y@n!h#ac}*-#=iDaljy zeM8BI^}aU!YKPZ}uy~A#FY{ z+3FuKh3&O@6T&}ZBmeaI6K@yob^2;_W_9smrJ`^;wjfU~wFu)q(v}Wl)8RP- z5mU!LI0`EQnPq;XB&a|by%-O79*j16N>v?b`*PSaMLaM1cAG6Iw(bwkoNFF3I<>R| zcAmFmptS+>RIqbyuW$G8Xz(B~<9%6SVXdjx-47cyXon_MROYtDDmUv5f z^zJ~F)8pIkx&CF4Aq%lU5ksX=fH7^A+zDX-OaV6lDZ7oA7|v{guK62r@*60hXBWlqmYmho zzoxJS(T*NsZ*sg^yK8*$7wGN})+I;*LFpNaFV)z-)|x4*2nG2{FQFW3IncXBU|(7T zm`wDukomt(VfQ{D86xEP9x5K||8o8b#w+sNxiR;!kjzM#Upo|f9mGks0i^fmS=>hF zqsI{VV+i){OtuiXWh}nk{*{|5g&j*CWy;r2@gA%q96BMVbAcl-54jpkr;2kQ{SQ9{ z>u^u^pQyw}1JZ=%%=)#c_>Xsjyd)DYzWND9J8Cn`E3b2gqEh#xra$m)@03HUTR_EYc0} z9P6H5VMW?7^EVF7+scj*yMcGBslfw9l4b#?Kw!wbgZNV_Vemx2uB{pKQ3E zs8Cy7gg(+&(zzd2ZY=o)uh@_Gm}ohonPa1t;XXlJ{>*k43-OuJpueOLrE(1oax3F- zx+7e{@*{7DMW!iUXX~SOxhh$d*~MA@%jR&UeFC~y>A}p^*2e!7k|_Pnl4QjWF}r5$ zZXzpawi>gOy{8kNh1o=iUW*!BLq!dZm|uvixzlofTA?z!@0!!nnj}@dwOgH7Irvh` z7>5RX9aPJOdyy9RowXE|At3!w!H@@EXF~7e!%8$mEy=938j{|BppMZx_+**xcTK(0A~690e9_>A_*c-|OU(@4Cz-=yG<*vGGD8Z@7_v)-_~oIlt_jebB`!X`%C4US zXzDp*Nk#EX>!%#L&eOm9`eC-*+tNLY2)THAU-n^h>WE~ZV}a10e=57XyGKSw8razE z{Cat@Nxf)i{emyK)6o5yx_WHFyFkOH-w0WhXSv>R^YL%3$Zu8fA3eb+l>VRCGhhBc zCPxvX2mil^nEV;*{THvy0{TWTN3+Yf@NY9jui-b~4SDgGjm0Phu!8?X-GrOp)&MwjhRy{jKSg_qP0!I0 zleP90737A55X*_D=^GOu$K+M%Eyk<)hXn?G{r3hlGMj>ZBM8k*ZOm46Yn+|fOuAkQL7-==-Z2@KE9tB&R5^T;^8aeoM!;BQr>7*8Y}_Ve z(2#F`*~Bq_)sWSj{wN$$`YBj1GRlXwxC){r6uhIu%3GhV-g4y;^DmvFiF=gi&)6Bd zW(($a*K1Ky@Mk<^R;np=>hc96tEzl@S)8Y8cJ!Wy;Mp&#%bIe@87*{SKRb3{D=|f0 zKGFM*Uw$2v>A!iNj7=ygI{vb=`CWjwOiU~vfjZ)-dLpfJN3(O5oM-n3eLlz2lzTqU z<&{O~sP~U(6bX*_2IhvZIYh=pc>t<{P3{&Qm*J!YBhcdeQ9Ja^cgw~p4Tg!i+RfO6 z7eI5h@A}U#dKV5^05MX zoKi>h_)HwKaE{&sg%V~0k~IcEg-HquoABQSk=ew4yEeYo04|EGTQB+pRE1C5Q@KhB zx(+B_UyZwud*WzLM&Icg9HeY`8An&wmFn2FsV8{==AfGw&~II@!he`I-y?+Q+$)q% zl%U1(H)&qFLs+VwYSM_D>A1M8RAcOaR5xrBauEZlnjV#5W14L=*+09Nl^)UM>% z2~RKSq1jxrfsg-jWX1C|;W^Q}yt5i?rE4c<>_!qzVfAMyLbw3{^x4oS`moqU>yld@ zP?H~^;rx;s!Oc!8;&;JBo=ba05GccQpp?|7tY7cW`3eBv4RKQk)HVgh|E8+Aj;4j! zk3$BzG~5m6sQ|jVEhwP*usj4&@a|#yW9*rk>B^+OLU0(8j^ejHpb7m{)dC_|82fNd6i<08U#ebX&j7}~C{#{lM zV@^YSGdZFG4?R)wLk11qZavYH(&{GB{yOXk#DfyilTOdE2DAu>d*%pWz{`%`<3h?D zuVKfEM{DlB*gFQ+ju*fe1wtsz_C6&!o*^B(*x=mhu-ReCN z>$0JZ1mf{7))7^kI*jm|^ngn})``{9&>rnaoMvHN>WtELH#T2o2bO%mpL}RdgK}3F zgW3t6DPeFK&wVy;(4vLiB2yo8J)d6^yHyt+3I zR*y4-2Qxq!C^WD$F?WB{(eK&vtKA!#(SO37ots?puvP9MM3HOb<{|V}a;jqjhEFA7k)jSKYKhrj|IdU3cyKk2fIAV_f zwKqQ%*U)WAwd8#ICYtc{C!eN{j!&RRwJQQ`#!BG4=)ZcmHyy5o$Br6(Sm{lB$-E78 zREMsv+K2x3egH+9}2yDhhY{Q=rDg=+O5zVkMkWn_BV7CH8Zq3 z<@QQ$w0i&Wh0AtQ2hy*wpIm%0aH5MiDMoa>RQ!fO+z_*q=hwk|f3 z#)Jq&n6B4LQa96$8(C9Tju;5(24)ZGwb3k;)-k1Pohbsx_aqjXOStbcO1O@VBo z7DlH^%5}%wBAuR}<;%qNZMfSX@o_d4DFzeNq%0xPKy&Tfjtmy)%WjhzCt%2I;QvLx z7T-@S351}v_(zKkBJbmtabS2$m~` zHi!GinV%C^jIRLRTIsHT+}?9fI^Du)Bz5A0IrzcBiIsbDuAKLWppB^#_9xx42k^Jz z0j+F+lA`$P2QblF-YC}mvTSuHCytgD{#xdBiy|a%Q{L64Mx(9U#NG`WD)#ZpvSPLY z6EVBq!EqGvqtkX^QHlf;JA2XKi*|?3p_eYM^OK&@>{80_Uv@(+kz;*^W%p^KiGgWx z@gMA7MimtBr+ceO*(v7tekn|^_o>wamM!M?Kdd7?HAEi(*|ZXguG3-})JQolhSNWr z&zE@Yh0#60%nGbMQk(-cinBl7XP>H#C+lsuSN}L~n+JXFn5G;?h&RNGK_b9bdQx)3X*F#BQ0GpJ_Fyn4$&t)e)l_O4L&#eX zG(zf6h8%=nnX0fW5#tmF{JIA-;Cc=YkIb$_?ScGENbW4SWCXbdE&w`h)Hp4prv2&C zeuiJ2sxk@+Y5-;fP@VXTl~=%QvH{89IM^_mB~bXB23>Ja@h108TqDp^y!q3Q8NeU@ z*QKtk24z*bi(_)|qg~sg%>lDEg3mcgI$}p(WQ^xR6bc2*ndQKpw2#v=fd|x6N>ZAu z0S0vGxvqU(&X}x`374BB`L;%iu3C*AAxK*Bl7Z?Ub^EuigwDD4rb-wgnv(2CRsoYd zGyC)Wk*FM*2N2^jguPZ@ui=a1g2jdc7X$Iypran#6dZ!6H=cdPNE(F1K5o0fG*ayB z1UKnxz-xaIHw9WTc?N!%t)ea&ICgFHu&={aD@R60dnc{j=8-Te6e!f$RSD(cMm6dPNkIyr?w8rAo#Ukdqzwx)ZNU(FJDwUdhhF;wStO|*JTE2#u1 zVq9g|@;ksAL$kR6kjn2%+Q49D@M02)AMBGT4yl1(T;h@uQH_1XSsV{(Kx%N@IR=4& z8&w6kTjdxIBbU4J9f0B{PS?IAggo_8l(oSG%5LPhu+#?U4XY=FZX4Gc@K|~-QxsXk zty&d{kJi@wA;BY1(+7N&PS{)g&a>rh8@;JK%o79&CqolJ$x!iPE1*=T~|cBhN26cO|yf?e+6{WcL zQ)Iz;I+zjVjj3vn@t&FTWg+0Ctyh(NQ!Qq!mmpu|G-?P-?3Dnw3yWCQO>f`{n;n_y z=>5!KPMI!COhTsjYydi3etZX|v(;n*?eI?`!xeW1n#~61j|*B!KI3FnLHLIOzVfTK zKm36Btgv-kgfP8v=7K9W)Us}6>l#@q1!g^sZ1`dVyo{}IgA>d9$P`n&!10`b8TW4v4RG8 zV^^E%U4{{vd&bniwA9qz@akkN7+#akvShV0Z~4BUlz)j214IW|K(^n9hVI3~;4U*O z@^Dh+c!db$$kcA54)0&Qh)5q9G0b21aqNnKzU8dZUGCzka{_pSjrB?fE9^x8!Ugeh zD%#A$qkMmTG8<@%Sx?qBmofkM5tynktj8b4=kLNpp#Z&M#cAf4>Jy9n8`KalG8aI{3s?}@h$JhsEb*Y0PfE$^({ud=_e4~i@at#g6{y_A5ggtQf z3?vgIzU1f@MF-pevPIO)%J-aI9d`BL)Y61v7F^m{U4QjYSFX4KQU7zk^}ZWJ*4*lj zEhk4V^lrZmqRsT(Y9ufb3OC_@7VsXQjO5c~vf%`!1Mb_HXtIRF zaui*}j@N^l%kGku?%^r>@2K;?fLWR{*KGK==5o&IOLG&f749+5QF6LM2d_MUwN|Q` zY;sO*kGYX;Dd$@Uyhg$ScV86RIAn(-Qw*(+YlNeG42^Ug;i* zq-4}hA|B;%q~HDFOi6aNy~Np)wUDNUhI?Sh0=hEuZ2TSa^0HC?gIPZ&iB#ksm}%CV z)Uzw?>~HVUE+d=>BBnZIAv%JrPUcqs@~}{Z+}W|seADGu?AdGs zC=V`rR$i^Gs<@%+g-kr%r;kyio}Nu!fGdS-2ej3rcNA=CBv)OI5MB z#*KVZwR4K6u2X^t({k~j5`}E}`2l14SeBQJOgH8q@%dRD4B#+lzteIBN~IebL8eFU z=Sw~^REa>EM#zqez)-|N3xvOd(Amn8?{!R?gi8x(2&F4qA{vfZRI_+PK zaygH;WHvk3JbuQQm$eodwoaeK!!7>k!gLG`vAR&d-I*z4!`g>Cs(-T7x}H9#R;2Jn zdb#7}O8Pwa#8R<<(fZdKOnOi;^(p?iC`02hl&8%1c>5kqBkab{! zBJF)}sXgULA3K!?po=zOR~IX1RO6Am+&lo%deNah&>E|diwm^gl!t3qbB?3DQr|#M zlB>5S=8MT07HNNDQ~ z1Y{=AW8G=LMug(^GYx4@>p>OB^hAS_@(GRiqJ|NEsn)x^Ar{vf7xUfhms67DFG+`U z6p=rF^5t5Wc(N+3){wQ?{LrW06B4Ie=^c(Ld_2Q^ndRYi{)~I~?uiq&-0Nz#m~={s zhwtO7oDN*U)m4mdozCSx7M zY%xdI-a1U~Cb)hv$*e)_M-9UH_>yB6rddCVw|J_E33;ie=+OtMt#MyZc)bXPq$VlfL~<|!X@)76 z)G(d3R$WV5?83HGILc(w5aa0cum`GgqmaYrs?!p)$+9PQ)w9W!8s__FgLRS*W?$Dx;ALVJvw#Z%T@NC<(tRBxht;I zC6#-B*rk*Q#BLtBy-Vg6fNz)=<4Yy0U6 z1;>nzjA<(hYzaBpi^dI4DOAtWi8g+h@dV)B>ldA86@k;*!~+Z~W&cdIwh+jV1mw>~ zC*c9$xjLE8`MAV0kY7@ATTTri5gT&27`V=PiiJ_RY0q59^$N)LaDmPBIq54`b)ipG z!8mB{XpTo3Qt&!VbKs7^cG+6SX=amTDKw;Cm(Hi)2w}%h$T;8UwE(eo8X27wW@%&Do$Als~Em`)c!NV1`_iX%>CHi%(#AN~s5& z0Iqq0lic(SY|!jbf$FAmXD(52J+kprz$v`i0>~sWE_k5uPV;IJ06ZYf^2f-2#d;C0 z%Bs^9X7-0#-saNGuWU$}!AF*#{FN`{`5j0EmhG7fCZ%yImErnji@OSDd?U9{R!RAi5521AU$mSM&!11Y z`aF$d`N!%LsTThR1c-JhEs~OAm+v;OLD}FWM8sy4u_hJJT<`8q!)p|Jem9zwKKq*cv4m#c zRpLixl&hP>1nY>w?*#|}bTlcdNW6aMhva1pOK@@+=LIsTr=Jp?cND{`&E4Y=$o{;T&wV;#ac(11n-HD@%vGQ|eV2~9n~YQ{^dL2>N#z)e=E6uiEX1p4eMe8+qN!;7n-UKeo6-7@%!wC z(3gMIbo~sd-ZIU<69Y4tnpA{H-aD#cnpM0>!Oy0(YFZ~@Diz%H$gWXR*L@#xLY{kE6yxrB!+&|EvCqUc$>X++`*VqdIUaAwJ;Qz8$X{f5w_Ru;VUHi;* zb)Rbf1%9@-E@)58tX^vCCkOy*dru@NaR=5A2XqX3pZw+9W1C3ma4^eywOeIwzMb?a zO%P_Zs0eW5)fFij!3=?J!pY%&uV(7Bk#tAN5>9C?R3QtsbplsG94NJ|$a%mWhlMJVXJOBgIFizp*h{ zUI_%Zoa6;O{~o|*GV8o--BEWQns#}yx`DC}#SYob(K!^lB#xI6#087MMJe^$>NDbqd zu!{lj0~ss5!CEPV1|-FgakLO|EWSd)9l&^VPs}UbvY17l%vFbM@2z~Z764Gd|+*lFvYjkQkr-cnJQDmydy#g7B886BISx!TWaT#6_NxAD;jf|VBaxQ`z z3Dy^d9RrL%+TxU>)w${Jjp^R*mX%`?P0K zyzQz0tO_I&6q_wTcomlT9?d$3lJ92&2=!poB24U~ z!O4>Tagz!_ZK>g!5F{`=nKHs(0lG42z#E z_NN`~JDX!OrBGiFhjP;;0T{@C^Dnb&?#%k_$+-3EhHu>5BYCzhT4&*f`f7k()cOLK zVHj;%ZH|*X8`JZmr7`h|-sP6}=kiJ^J5-kmI!1V;Vu}+kn@`Z&p6{jn_+;{{;8t$F z)edax+P6fenW_(J01yq>ot7no^NpZy;g<*?*IhC8*a@6%zIDAOVHcBUMu0e1p$lU) zA!GHNl9LU1ktRfuLhZLs{mIOQJOIE4K<(JIYqJxoK^%V36FZYw83h=plloAJnPbzlW1BFpEUeHBU<& zIXmmj7J88&_LLOO`V~&&x3yE{C!HzpNW~nN7;kh2+XS-RU{*pQwsKvx2#Z&1G{YR0#~AomtIGO1+$KRfcJ z$){u}{CSx0;r`F5BhFJ&12dB$Ea*ER9qS|}ZyZ5Z>KXw68$?C7S@kn4?3|8D>GixD z85=7ry$ToUY3z=9vE5o$v2yhe{@RV%30Czvp?$9mbP~E$9`u| z0M-|$+lk1|Tw**f_*JQEvCQqKa)9+!5U2~AzulV&0IRW3h}~HN(gxY9kze-`-|F4r zfJrYBKio@kw1!0qe!kS8wto0CFeWzLr2b8Y93sOOHEd?d%D8bPcnM>~&*bJjVb}7l z_qFIoqmNyr9qXD)H!R@!93V<I(3T5l zHhj0d%M{pl-VeJH_ScGpX!pE1Os<<(+ZrnrJ;@4t{^I#wJ94WKWi*cME3B8Z<{h+KyG@$yBOYtz*?=nfVMkSEJUm_~~3gI%WNBJK6R~Zq?e%uI=-!A(}rFG|5>^j4h z{oFh`jZ5mt))}X@3Rp^kWl{6e>$E2!H8kN6FV*<_e1BND1*x9;d(z>Z%{$NE>8D3Z zAv@-&S)7!PyIi*B%T7xv4w3c7CJ7N=f*ON4&Ef93(v5!4K>53&G@WRhrMPsnY6-Wc zqaTLZr8Y^%qm4WjV9mhl;bLQA{L@GAUAauG2}jT4>GPa^bj`R34QTTjjgrm5+Fn8a z+jUQ^8z-t57L)WY3pyr_F zI>%jTL!NGl99fF?9=B_dGZ)nR0TZIiVNnfE(~K&(SmAX#aShnEvvd=P%7fP!@6AaU z-F=88bG#+hc*+i^A@eZdY;d6oyk4)fvz77r! zgzaoy3CBH@4pNZMOFAoE4Db?N#{BJgk!~-VDAEozm`OCbU&x=X7t%%L?3j4|x(wLF zBL%Rf7JDF4zV%~(L9znwN{Z?8T@JG~(v;(#I!3NfqTUNNA{EUzu=?f)=~iOhO-t(C zjynN6KL|9z>k{nHRlF9fH22;$HNesUjaI}wem&w;X!++@1^(1|Ch!i@X{$XRis|&k zO222^E~f~lTRO0Nufgg=8_dBNVZ>b8e+`m&CeDyo%=A1(xdiqi*-J*r#do0Xul_=^ z@3(e-Xb!-Q-`bhN2HmTQSZ(u1)rhcZNScvW5glvgl;f*dSBP6+#lgYEc}!qi6#=3CI27me#q6O!bW1@>mys$G^ zm*qM7;JEBqDW&O4l@Yq>uJsk)Xy3e_q|}^L#FM;a<&x1SrN;snuX^`8NK9umq6N_yn>P9!aNXK&geUXg+vdE23>=vun&u(>V8>^#BGeJoMV z$2;>Qy_6j-dCa7YtYgTNT)?Yv_RJ}(9CHygsZ+xL2ZMGP^$%ELw7|gX4&SH{*6`Lj z;~7u+0KXXL;E90hCPi4l(^2}9$zZ_Ps!F?c9b)`?4mOEQ!!1C992I4a#=&(XrnViW z6imReHo7@L8*)g0$zngIBXvBeuYMdZNcYoELHB}LC#BMLnJ>c5=3J*>1Tr-H=8z{T zZmxE#aM}#&`Nqq_y1#c>5hSHTN(>0Tg+Dc~dzMgNURl?FoHBr=0S8ZAZk*WRtjk~K zsjJ&D#TeCx%bGak@xGTxFobR&i2Xt=RWkBDdx~nI)}$Xz1&(V)h5{!p_$ItJ*C$=* zV{(9aBl#dgnT3o|v4N_D6X2?Ub8+;$DqWS_{26bVWybW;?6-Z0)td)brn8x)VtWrC ze()^@%sm6O7?$kgH}VTnv#!EQq^v&=9D9CcihG~%qtO+*ig^H-m+ki5m@VSV@Yf+* z#PRlejK!>euV?+1dAt>IUPdr8ql>H~!xAPJ2ZTgHCFEd;lZIAO(ZJ#P_-W()SLsRC zf!#+9&Zz1tqCf89>*5H2!t@w+u8n-GQsyS?jlGj_!Cl72>ZwGaR1C=EM=?IJTwe(w zLudcdB0WLtmdVNJIR(2`Vn_&n&FR3=dSIWGH=)Zj;$U6P2R?@b)HAy_bB(L=@%}+f zE$jZ;37lD)a!&DxM`Z#FemSjH1 zx%Uor&ws{+EIt)JT3Y+$G)jDJTDOCHsT0zuh|C{m;gL0>FUL*x6q%K6gdlgJ*Ex%> zI-*5ee#ThCFgty?GZlh#?AWCe=<6c1bwW!F!U%NE$1-2gv~M&eT>x|3^4#)d^FF%a zu;Qhw_Vki4>}0@ZW_Q#B{U!G-kMU6XLq(oErmpy{sjZ$GGfU!1MWHcZz3R zvN|bym6eLy71vceai-Q)=_8ncwRLz746W&#^N{pJ$WrD(-JY*&So4~w2H)(WHe11D z8;;(`_M>{yy@Zi6kH`4paaFh^LW!g>&(i3*%TCzrQ5P>pdzwugUvyqOC<6{A6%3+@ z=DO7gGxUh8a>C+n=EHX;r?yIkB`YM-eNW9)u~x3>3zjRXJq0Yo|gJ?Pel1Gz8f>w_LKG z9uz}eCts`UVN z`T^zsKCbd{J*EwvVVwQuVwwWoPk6`)k5-b*M(bd)wiA90{OS3N^5Ahh4eF$WwT%r>hYX+*K#v z@H)IDzAX72ir5m&Uw+^1FXaIx)f;lF)eXC>Y0gaNPSoAtIpGdYRN0#0E;4E$wu0?o&Kd2(-KTYe4j8@! zk2sqc@%luD-A@tJT#rNu7AeOWNTp8&6NZif$s>4&mlpd;UPuLpX2Z4blzq_KZI}7(T^Oq*DUcjlg9G`iky8X9 zBk?IQ2>!a&i1$xrZ_F6zGn-pW+coUcV;%kY#hAxO7nstnzvt!=;kLAdijRXuL`UIv z3g5kxzy-C}8lmI$(@@rwjO=}l=xGV}8U;%QHFC0?b5?RWwZbw9ZB7 zBMk~^Pf|#QzZwM8G1F=zGmsrHluIqd40l3y721A`_i;uRIF1UsXqhzvF{5~DTIi1d z;>Llvf0wvj@IdsqTqilKGXKUV^y57%T@@AnZ$1$4+P;lGEc11xK9+k#_q7U9 z@q1cK0N()jwyPCb*Mi(`9h{uC1B^yqF1@L^OTtIZnbBvP#O=L~PNKG5lxJF$n}4h1 zubeq|1~IMbP$)^S)d?s0!(+PZ=!^Wc@SLif9MhzK&*yvbs-de`x_?Tar=BcpKAN*R z1H1Prv+EC^sM8Wwn8BPPz$rP>XlZmi1BGyHYi6T*SP4iAQ~Hwyl6YOrQNx~wcxu|H_l&oj2}@Vz4B?A#Reo@{ajUZkV+^(g6ocIte}iZtHrN>)VOxZr8I)Xo&fnR zYznNQa)2+})2`nqQ1ANA&JGk+nx(Tk(4ui^)w_iT6SUj;HjX-s2BN6{`PoV+~8{WO1Mx1O9UnY3okev2?4oHiSh?D4+(7xt$i238?caF{E?tC*m4gsX>P=tJx0&mQQ zggC~VxK+~xjKjXjgw>aYIBF@JlWeUx4G-3R8v0YxBhW?ovYemIE?}Lbom7s$+0>s7 zpRf}geTZ7Eq{^pn?W_-KMMPP1n%r}zsWAa?O@o=QFB~;!NymW?LapIO*ALw=wstwk zVX|=3BjNWfKGD;pRzbMYokW|bq5H&etw~gh?6?T_%nB_l{JC$U&4&}i>^s%k*2)yH zh&vAWj1UafU!k6I7ok9QEN?-%9f%X@8hF}*=DIC=PwP3YM`9~#^TN+Q0g5G_A5;^3 z3Ovqf3;SQ21v&V<1C;7K-gwQ!4L-nfey*!0$S2;ECmq2|s-c82MWa?()OVR{O&CM= zQpYp=HAS>OYsDI_K-7prkMUb}cDhO^5QMD(@xKG~gro0|^O(Vkd|59{&YNgfyHqx} z?=*auZzTxAaE`tst`9Q^jS5 zZs?=rX;_6ZzqP{G3(bi|$j@;MhhP^g7O4y08_Gs2qQ7}y1o&VOlvest;jkSBQquJ4 z1(|0<^i<20_zOpMt!;v`f~%%|f{RRxMMrh;IKSz`js|YZeWHChkYxZwTp3N>_WPEa zuhio%^i_XC7u^qurJ*uc^7aAjn{3O@(9khpUwuLs+SP(xt*XfWFs^xWw5%w*L+u{v z8PNxx0BJeT&>rL9(r0hccV6khF5$+7xPrN@`dVa_i(QMFr(&bNO#br-#8UVgVW@)s zZG6Gb;GW1-gVZ*?no)QAYNeW~`l)55jOpX?Ggewhg=+3rA1*+R6mZwgb3dS%H@$)h zOZh)q-2u~TR3d0UFX!bXXMEzPPdpR~3X%q+3}RO=0)Dj+p7W3Lph}^tYFgT&xRY=~ zp}1Sd$nxDn10mlmb(LAB;Fv0V1o-g9aBN3wu6T>JF{^pd8q-1}C>3_?!20y3iDJR+9W zH^)PWy{T~f);HQNT2TGQI?aR&Y!ggdreOEU5NopT@YZ9S}uyrEqb#(y^3^@oaU zo2G;BAfg2k!6tM2&PzV5Eg(7Oo(;uvfQ`2VU=_M*(s5$}G2M1zbi}u@Ky*S##-4GH zAF;^P!@wsT`XiI)VU$%}w=+{34~sC$xb#ZAPJyKw)1nyZodaM14_>Rdv=yu96D=~y zP$QaneXvsVslmHgo;QcFH#0LG8G+m(qt`>p$4yU%gTX)_g2y{QI&_qg^3^Z8PjyG% z%oGy9gO}h54pr!yGkkiVV?P+9B$FXaR1|EgH#Y5dbL?`$qpp8(H9~6fDGFRn6U7sr zI6lu7ts`AF6Zpy?$UBrO{c-+itB1uIACP1&f&O8#XYm$0TDa@pcW8yRAm&A3x&)-(I;z+%FKXu>kwD{8N7nBF1Fe7jCp(gOLxclyB3u-L7CpABsRgC%o z>pz>lvoi_lPmNEJa02?)^#W4aTH(3vf;hJ z_|1_V>I-4$pvpkMn%Jst@SyAKyIl$%&M?fsuk2Hf3=Vo^6QhjWkUxF-oEieI3fcOk z&wH_~It4J7LeOaIG)Mf25${)p({8PoB^fV14bJ(<$u#)W4D(t++XYvw^?j>r9xeugN;vxi3{9jIx-G-fgi(#k zqCKZ(`d3aI&QpZ^C`SM}tP)!0lCD01ALAn;&Q#e?8lW?LGjvub^fiLBW8OmFyo6yt zRi8>615`5B3CBiZoTqtybuL(9_qLEN-ow;8@bSTbN9 zA?gI=mgyifX^s#F&sIFmRKtobJyW(RYy%V^qPHDS6V84&dB)kFfu(0to2bp554zk2OO zAB%(`)37}e(>Z&-ha-ZV*XLY1g5C90Lw-!v$Qc#>AF|#%tf?(*^9BSJu!4X}^N0vi zRiuV$K?UiAUPVB92O&TJ#exD#mEL=AiPV4!2x=lFv;YASLJKX17DB$2bLO3y@0x!# z>?=Ea?X{kA-@hkZgHr4|zItR?q;fK=h(iM`Es1aVxID}@^_c94j!oJp*Z4qT=WOYS zFI0&|WI~m7l~$nZ!_I{Sr}a?15{j4KlSO!sW((u`(uE63B_pgMgg=nKemlLxRTknU zg5wR#On!(Ox;iO0SI%RyG}v$9ljM^U_s97lnA1=RArEd=SzMz_Q#tlSAEwnA473#c z1W~8w9-dSq+cZ_`W0vl3+gNWDbeP>3@tE~)avRbjWP(Oj!id*cY3ot7TqK^N?>16B z6vq$A${7*xr>M{?#I42tzgdaOMwZBV*^nP*?YCBCMbzFuc-(2(= zx!|dtuILtbbo%?*!nipJ#dO{q0y(mMzUe?R;}73B-1aQy?S+ z9-~Z&LbxloiP81$!i;@P_B9PJpS&BI3sJ{}H+B*I!bWUG$P`1K`12;dVr=g^2#b&W z@Bukz=(~~m86=p->B5MsGdLUbHqJQIy^!N^L6W{$KkG9@4tK5>&=tM+v+{qT6+H6x zP5rgc!IjP<<8fYF2N*ARjCzOT;Rk+@0pG<^lIW5$h2A zc(>bVcV-y7?oO(aHv-CBJGbuekRj#7`;1kDSL70*sdNU>R$pOZr?Jyv@cRxFTYn>_ z?k!et|k(zdTUc~N?kd$3C9-iq*_*lJSc8}gU z@uEFlyK?45Lng-^w$B_l4#vq(M!6UiuBu3Sd=LNgrPj2(ZFtYVjCQ3AtJXI3&uma4 z-_p+8u5nr13dS#clIL(+;L*riQb*vwORKV+!8g!~w4g*hFbAzbU?P+>RpCoOJGg}qX9=ylJri_5;*l8adY*>A<~3b^Pdn9_e*j<3en48_ ztq+^d@M_maPN|sL0{y?C;Y}2d2sF#f@Zg+KxXoAyRcfV5mtW6+!l(o@Ot1~BXl(3^ z3$*Q%}lpF-Sk&=(Up^SrJ1V1j@V-(?qalklZ+%R4gdx`_a zk>X4Vew@YZjFLP*W%J5o)P{%kh+@OpRUUV?gE=kTu5pvIoisCx>&?PP{`4SF|8;L4 z3j93Kd@e6p(F@TSIh1%Bo(a(kE$v_1Z;aS+AU-(eKrr#>5<6lR%^(O-RfHBS8mevT zzejZw<98~K)`A-Ig8T6{M0|~j(sz;tZl5ZNOV4x;cvYclk&nFU;ah&@NiWAodY8`D z3TrGb@U-L@x;%N#?G%?df?r?jRBu7;>PHqD&YqwoS^7dT;(C))4TpW9afm1)IpEv9N=FhWwPaiM&-${ zRY7c`tgo118iDEAWYvmd-^A_ zFFQ>4M9ZcU6(1I)^zbOlhmRjiAzu7{uE>83nii}U4Bv-d2(1Cx@$K_q*_c(&=RD+* zFJDJc{V(R9_*ZH9IX$+=R!r&k8y^GRdUYca^Gg~fvRcYX62DrLGbDaBw&{9&ER753 zFAs=)2DU@Z=o;&eBpJgH!_dZttlcqD=SDcLI;auuW!LCck5~_Ghn~pK>>dAqHk|D* z+XVgk2xl-r398u(l_ajBJbHK9zD>Prf@OX96Sg|Ze9YN)Lg^t{EXCK-CWZOEsd`h| z+IRDD#qh}Xq4+)p~%pD_UUc6Z?H@F29p9|SLtr+y5=jI98 zm0Qu!&W$=YwiNe2n2Ez=uGL*Vi)2&`H*MEF&2!JUdBJn6B=fN6$$ANpdoB$$xVf#h zd-xN|0JbQvSL`;k;8BXi+C=V#kenq;%*++`3Z;7c(Se#y#@zGu8`zM;Jh$PZFtzQ)kL-#ZT33XB5B&GDIiFQaMTU zwlQL)-uTzM0gJ;AMRG#Q6A}_8ZJ0?@1=&_j(H&}}v+a|?@0XLxR{#DpX*XpOME&Ki9`-@cMt-odW zq3sq>XY<;jmH=!P@}%M8@%nO$rkIx}I<#Xi%6X?cIrcH@scgTW4xJaa{J! z5AS5sKCQWi&5oD2RbR|CEMlU`eXva#_Wp@IlIdZAea>SOVxCx{8w7mk3@-!{SU&&Q z?G17JdJ#E0mU}i#ckl?2&@ogCOd%k!_C`OI$#Z&|UMpD&C<@{E&Y(qTZn zP@ZGl&)SbXJ8g-5ZJLqpm^m)i^_ zvE&?f5pqq9LBudk6Y2;JAH!gta1cY`56AxhA=ESRlV278uRY0yWD?oAPYf7aB%7pl z+T^tB!rD84eK6Hq&Ic<%)H)@B;^oVns?&|){JY|?xeC^vppnVCPZW&G62IX&nr_Xm zdd=lRdb1Q9cYm>tjqy;Cb6)#CL}Tu-MgHW8EnB2a_rqHo&dJi1OfTcDzXVEB8Zc}W z_l>%psCJR9m8v%x{s+I(TIMU}(;Mt_27MoF*JAi6Ct$^<)?p!zi4u$(d3IF>3 z*8Os@N2;Vv{husSA=YO2>h#?BlvvoW)J(a3UdbUH+dvEBbgduTulqvI@fqOlwDA$q7yhzjSps1Z*8o8o4PO#{W zL-^>c^|osGwEuG;<1794EfbD;7yHJ5){(l5u|*BV+rrDMt(73SpRpd81WtjAzBL`x z-vtqbw%LgaXhF!SO&uxio3*`TfN$l7l-IBELkA*UR>nF4KqnX&&q1`aVH$aTXsUrjOr|T8QNP^P9o}3VXp_r>gK=3JEZ8Z-nsU-5fakA@WMZ zLG8e_Jdu@;WfGXnTc_Rs1i*1S{KLDs2EV`D^Ldstu4=r~W*c{omk9rfKH@1}F~iIW z!&qE?ucm#yZl|HnfGXJu57IY`VM&r6YXq%U+f?iChwiP2Fu{tC_Umt=LO^l7iBHMM zxkE|M_QyoJqiv|Wpp;8;p>&PsMPJqVdi+=8NeG9ku1!%Kg*e}hi5g4*dqgYjcP zjXCxj3)=G*El=Lyp3{%8cWYDF77yH=f~0~O*B%i?uA`NM5m3H}R47kvVdO2$`fGZy z(e{A*IJ9Yh>Fqn|;hGfO_R_6C`e|S83_Z`9icXVIyrdA>xzs==J)rx?)cc;?NCk(C zdlF}@2jh0uN;39>X9RUmQcQ^iYKIDp+j1NTdGkxj^e}srpu_z-Uuhi8}4ze3O5wRIt~FbTyefcW726CtHnnu zc8;6x8~p$#pAs_9jU&`;rx6``2UP_bUevsP{oo#uYECru6IuNvYZ9gSuVEoLV(08@ z--;Xl<)N7!s$d?|!0*c?{A*V|Z5FSbFuMtYk#9CYx|SkkQ<(+%OrliU{ft+$p&vD3 z(CXFg+}co~hMmf(u7|GeppdQ$nKaMuTzMO=5TYS%6v&;9Dmlmz7x+@RFIXc zU2(-5gmnRK9~YSiaEp^a%acq%Dv}snCx3t5 z?%n>rjoBXB9^J+Tq-r=r2W-^i523AsDa3c)ZCTR!z2l9F-{`$O-dZ} zQ++2bOoMT*W5!*ZuZ-`Uf@c@4nFV$%quH~@aPX#3F)?#b^VyEzKhtJbNEY{3N7%3I zs7Vz&HIID}@afQvjuPgp9KUdW#)DAeGymh#{ulci5jn99w>R@R-)b>CiN#R#%T8ua zZJXMi+B!B-S!Eo#Zf=*7ze+pr#dQoMx<_faCU;^tJB_`IE6!b|=jZP#lOkYchp zw**7j<^t6`YCI!El_%!%d+M(1CL>`Kq@>c)aA|x|`?a**s~|+s^%iFW*umycKU~jo z&*T_w^<&rrncoF^fhj6OJ)llP?vq@~t(9=e-Dzc)eLTTk#KP~OU8v9;K8p$PX#^F| z65khU+M41&nv$%coRrLZj5ve6*dQrQg>uqmlnp8L2&-b$@>jkrS^Bj~=KACK%m+a) z265@Oxi#o#ztT=Se-HBd_0|uyY2`8N*KWPhTM(?v!0>Tw%nZbDX03rlU)X0OtEEAu ziuHGp^vE~WI7|-@u504D$d0w>ONi`j6~XMvlaVP^;xl(6wZEX8v$al@7mr>Z`(`4 zG!D0iCVH5LN~-#T!OTduRSSgM#I9HGxyHwu8f`Z{9a7j%)n#KuDWPn_D5(>V(AQJW z*}t)1NuFv_4w~y=f*&#*KPzYWrz>o5Remb&dcc9~pfKtoRL>jYeap(Mq@g&AW-I*l zoX&hvLVr2?kEsrjJau@P>U{HKVz?wL+@1Ehy<8pZiXA4kk&JI#>mzo37(pJET^uDT z-m^3eI8OpUQpvv>d-Z?O7iXj-W~RUoGVH-?fYNTS*X^v1HJ;AXjY>DUMl` z6Su+&&o$o9^zEu?)Vldm<3-c$tGbzkzcSQ+6@}*yIrsjI%i-_!mT>@`x`BD(c|Ox7 z{}k|Y?9*S4^hVeCgJUM~BtGW~{|}4ux7!pG7;)V{fowTzndxx#Q;?TMhrUpqY3#IsjO@bT22M=(3iEG|MRyw8W)JrY}?=jL{km zDqjvo?72^7m8+%xQT5Fc=G=`Bv;}I`YNFY_0A(EMq3XwKR`GbNgcuK)hd$^})$agX z3=M^uaCWU(V9`^qgSQ^kI94ca%^l=d9WdlF*L?tLD`5}I#lRPNoa@QxZN4LXoF0i6 zUFVC|%Y*lnJoR?RVb{&2rFXl4Z;yd<&V*~M0it}geZ7t57yMu!(UCX>IOuLvEGP@jnN0L zywCIE{;;g=kgAC&7HP{%ffNf?r6P@d&i5g{)OuZpdVZw04)?CxxReJj=$A*ZZ0UKP zGe5i-J7q?Q0hTN>K3GqYvC-Z*A5M&{YcEbjSn`exdovZR8_~iL8zgE0sto`*EHokf zjErk}n8$kQ9*cd!I_~vG7sUr0b5rZ%PWFF2EFXfZ*O}|SD3(>8D`T*U^merDtPv2X zlgype!nR}v+k`pI3?t)()%~k2O}Gva4WNoulHT>6DftP?y&!j>5_Y(PZ%QhH9GX_S_e$&EC&oYT6BE2Z0-uTzzNJ{(97aS z)i$Iht=hhti%546et6Uegc=$ekyqA*WEZz#!+XPP=&iTXt+%~8NRbE+akKhec|7go ze6u^vYtxy z>|^70klC9vaqCSJD+qOa?T@9VbxDcJ_Kam7D!pZnrD&Vz#q7AN$ zCbFHj)IvisuB>1NAVYTBpZLr|veZ8)R*AG79^J`2LYr%Kpmix9LEZT|>ZjbR^7LzP zt1bmuQOK)TzP$bC=Scgw3|AvCp5YSZTx@^B zb=K%WAtM%CP!d$iNb;osB@2G9O z=KS=eOD|bmxXj?oQHxg3cAH?Tq=>!?dU6ll!tx=>c=MMZw9JrR;TWYmUf)t|^4=sC zGc&*0GrNuj>K{cC!q%Zz&woJ&1lYjr-uFRd-tfW=JIBkR}i^Y(Bc(yJIz{veOBCOD3-R z`H?hg!;~}nqoO5pDhvh8ps5m+99&pQ73B*CRF|chYua z{kq&HD`MyZFkbCk4zTX(A^Jo6Y&XyWkIh`S$dbAN+e2g3-Qr0vRBhtD^Ktd`~3 z!=wRbFeG#iq%#aJuJh(iX-**2joIs!%WTZa?j|<;%Si!Ib>F-1K{V<-LnW;Ol~+Gq zNs000I99n8#V-#D59A|0oA5bVB6bA4F*JxJd-*n;nz2*J9rBlaFC$S_TJ*Y7m)|PY zygo`;@&S-5@3d8;7x(e|X_3qFa-;D{SXhslau{sBxHb}=j*8gO}r9fj} z+I5>e8k1R&8Nh{2_%NaIh(W?1>V&aq-2%gZkWMx_K2IpE0w2E{@jzaq9HpPBdH`w1>mC z=SL^%Wv{E_Xw#bxn3i@lfB-J7n+8B zF<+KD9-kE=n2K(|l z2(M2;RAsR-IEXyCDoQ!`=h+`Z0JE*28l2KR9X97E;xmI=hYv#5%BYA$iC=9|N+S=w6Ig($!qBQQ_PwC0#`>Op?-%ed!Et)+Y(>Le zer>Ctf)iPOXU)0vV&l9%)s{1ws9X}^{uHJlM8jAiM=zXIg=|yHg~eYK(7k)8lr`VD zNVV2O0hLz7!W6FOLK!Lr|Lw1wR~X{QNZHI)wn|)bzAX>86ay9O!%MDr20qPaC(Q=G z1@Koq9e*E4@1>JHlmAF<*8fTGDj6LfhFC0NwJ(-x7~16`W7%l?yRo{4cQwXkmwI*~ zT6<94Z(gztApR2|ZfWP&vWcq#zd!qDCffQA9}RoDX*6h5pah<6B{_5Ok<(3Nv6-~u zQcd8?8u(b^;^{nv<| z{k@k?<{UbeTRjbMZixYA_19@T9gX%0xZ^_Y@Pv!Dt8)5$Dq)}1$z^z~M|6B$#=_EQ zQ*gX{d_LD~b6R7rAp48Dv&P8Qf_Q;yKpRkuwBr^f&CI}z8=OuCy)ka_&pc{_wN2gb z(5Lg+N>PV_spoWW-@f1sGyU88<3iO))Z?flk0sRmqf({T{oW`ADGyvQ2-xd~t{F0j zs;>G4_kmUvQo2^lLE-5{W!gnq&sBgOSDq|JNmamOaBPAm)-w%USDLt!r9=XJIgV<6(uv4$B55jTPxnj;zf#UAo3cO%|iX@piuonibUj98U zC89TO5H!qUwmMW>=WO-&ns?Mv#GqP(E+rxG9NQ+>Sdxs$Js;&L^X@k(z4D`9?yNz9 zH1kL`Fk+tikHDdRT#S>qte^Epxn*7wXT*55$%Ur!v+M6ZTDQAbihaE=t}54m;eu+v zOfz2Xvt#dtoQ{z${YR~O z@RbqrNye~2*`r1PA6aD%p=^J-%Kj1#teFHAPOCRxwwKaAxRL*r1BOPnL zzWt&YhqB32OMRjfRj0+CB02--r#=glv7SaG_$gD(1ENI2ZRd>B7|!%Kp_b4uKD>n| zEt9=@MbWBDfhgVTiO*m)>#=@Sx(dj0S-Bj%vbThVDKK1A?b#b8Iypk{R$4IOJvR2mgFI71Knd^8%rj`Wiz{KZbRYt`T(}IKNvSlMjAoIEP^37#L`O zAKuk4mW2Xud1l8Acs%B2hzP^EV-=>+wl|HYLde6#)(~X$@8vnq=K+8W>?s}^+T@!F zdG#g0YN)5hSKU^m_5j$VMC&hk5xj0@gEXNR^1heqUeEj9y2C2}@#Dvh00iRIu2%>`ULF}Jvu;%wUCnGJO#yy2+kfncOJB!Q%jbXRLrX#{EsSGF zS(`ZhLAL8^+3?OaFLCdF;-Wte$X1<8SO_&nqQDZ4*f z(;Od_C^!mlF+P3R*gw87TYGkPeb=emo@k`2amao5aJ2q_=F^qHy*hD96)}Ril3XC` z+730ZT|Q|V*7%jkY907UIy@*Z+^SYZJ38{9c7=ebF;(D_W_VE-o%2lf%x4MFW-8H; z>Nj~*E9wT}6tuNa(^FhIv?a9BWNrKppa-muuQYp2wfA0dyamvONaTk5-AB9^hN6Pp zlZG;fOAUUScQ~%d6%{_ov9dXnEN*JpZ!k$UY2CN`F%ApOK)r=D<=QoC=QA&{{lljgl zw8s@Vdug?8O&sB{sjbz?q!;;g?Vu563aV))Y2P(Bkd*1q^$avr&$|Fb08kp$PsS4h z@#cA|H5e@f6eVJ}SswuQr#-&V+DGzT)f9OWyeaSA57P(&)9a?Ic|@ z=c7>b1%WNKKjIwzb0Pq(_kZn-brAt?&82OX`Y(_>f@Qs+k%>S&3g}73LIXP7x#{X1 z<39Csj{jD>?nANzt%$o5K8QJwS2Dx#OFsf&4gAn)CImZVzXb)nSk62rQ2uW9iIr#2 znvzpRXz8B=ua_(vrG+U2(NX4Swi{((0ei>ZlGoMVu6=)k8)^2E_!Un=5@5EWfmchG zzLaHP_qxYJ+=BkK8M1A&1(o7S$;@wy;*C9SG|Y1ts^wU$MOMz?44i&-6-n$v2@tMRG+- zCA3JZTTD(4j4Pb4c&cw)kIQb?IMUgmFvG{1^2TYhu7kF8tYu$9nZF z7mumZC~PQ`2{#9@1u5p2Q1FPLnzvGZ9E=C!VWlkFI92P3byt<09NN;4q1L5xaVgA} za`048w%>MI2nm~-NwI_+l|Rv9y)#LB&-rKFf$|JLgj=JAT&ju@DrT%YblV0dzqXVMJ!< za|aglkD*Fe6SSD_eT^&N*Mn3Ch7uKUn}|8jUOf6vX~-f0D;BWM45&$}c1q!kKQ3Pg zqfY3hh;6NPdf@yQDoB&EY=joQRHyM`@_bQk{C6~{#X?sG${2C=2r?m+e~$4B&&pTY zkHPN_@(NtXDluwi)0!nngHcp^yH08c>H*RAW05Vl(^cPdST{OuC#0iUT_-2Iy5!Jo z<%*yCI86Uo6w|y1Ty9M_fT?YLKQP)AW<%lQMgovUwkT9xG)rX5b_zMzO4buU?^ z>G;O^g^%ym&g}H)>5e*}s(d)ktbQE3u@Q7#{ zEM$G-(}b@$2I)uxw#1cVnbZm8togLn{Uc|3ZVo2b{e`*AdwJeJ|Dg0AYt<33y7!5z zBF3$c9Fbi6s@Ahr`}P{s3ZdNR&+(1TvAs(k^o!75n7;9ELX|DB0T zfyw?c^oihIA36rm@>`BSM)47*h{L#rATtgh9{LhCoiuD*R9twpZGj&WL>ED3YB8A@ zbeb^$Iy|59Gkw4f)3>nbf(uqzU3;jfc33+NUrD}`$nuO)-F}=fdl*J(bi#@uMg9sy z%L^0r6uUk0t~`AAW|Z#J8vFJX{72aQRrbPSL7Q&lXMp}}Oowe66wpT2;c^zcz+b-Sx&=!yhhpc}1XWT^e+e*jK8s732 zL{}R1H!~Zy;3J|w6}OU$TN@d46rXJR!)n3*>S<1~iW z)bSueD+U6&nqoFIkMhfOc--4b`}lQIMuSW6W90}2J*;CZ!A>c^&{NG0aq`H{NG8fo z?UpU+CcJ@;0rmM^vBx8BoZ^?JQ~JW28`dCC=|at0N# zfIAE`e+~;}gm9ndQ2yO6eZBbm!z}+VO{Ob9O>G9>cLmY$OF_Z!(5fpZtl>YQuZnf~ zb-x9v>pgn(u0K`VznojbJe~B7nj!Bs@bYAaafOpkcXzVVD#5zlsVYUvHV+t<%Wm)a z>f#Sr-rn-+x(zDlcL|yBzPu|haBBjq5;+RN<#NxqIT_+)dHI9MP)4; zwaUfZT$?05esOthtM$6SWuDh`9CSYf`>gwgLDbg|Pj-TMvhhar9Dhgcz-(ot%Cx93 zW^J%-PZOt>7iL+a)uoM5sp5I5T1K~*%HAB`x;A$>oSGAwOGm3l-p~F87&DVa+z+gK zSeKDA)GD0sp>Ajy%+|6O6#6)ncgDFVQFgPBiPKq%3U64pEbVr9rBS7cNqfq0`5$4l=IiXXX;(xm! zHHwr?k{A4G&yVr7LG|eNnw`|qP3g+jH7fgM)EkDq&0p_fvcanl+R4lCEH_feKk>|0 zTz4Ucy+R*_tuSfG&NQ#VZyC2vf|B@u_)*cWN()C2z{(7U72O;tH@%_TYx>rd4n%A8 zbHXE&~>keYP-zb3pcI%TqY3fxibCRpyNDY{JKxTIUY$I+jehlj^*$x9P?@X zxBO7U?+lp^oFwkzf?vnS8do}JF&T4$vqN3=$tqr~YPZ`XI&#P+$u(py>NlR;nW)h3>&yTVYZQ-Nr+2(b=O$~7@vlJ3bkC{GJt-9611J~#q zWgG@_80>nzw*MUY$Y~t{d3BbVef|{--28GBOMfWki{3<&xZ7Yci)7f&ob&`DtaYMM zY5Kz1zuwuSns=zbE4(r<;fz`WL3WF|;WK!y1jFQWaQ|e}wLU-hlp3=oV+$~!((dOn zcFk(hZM-rhKkG3Fz5(QX|O$+8`O;mcy|dUHjidbE?pij4FW$J6lj z0U3ryMp=7yO|B!qScwx#JN+FFXDe$#qT>r<(GOGYv^po0-ZE?28;$hZ`>sc|Mz1ufu(GyfEfYM63(FaAFIe-?xMcIK<} zH+AUXIuhO2k2B0>)9 zdD-FOS8J$Ia|{QYq3`j0ricPZQn3#D+^KXqx8n4sHX*-)Kdqae{K&?XiYb$)6j$uC zs_9nqV?%dP`%43Zd3RuR#U?=&&6E+}xbQQ*+!n8W%Ws4aL)|jf&244*nzKHBjD0$s zSQV57TcLyF4M%D5|Xw;^#T9};?C{mI34+S6^4TK+lV)1+K z$sQJ zZvlle$xp``PK4?v++tvO^&gWbm$~8W+V|djihWGnh12CP<;`=$yA^~(_T!uWzB^HJ zIf7+J&!*}AT;`L=sqw2v{>YBc_0&vOU8~q}oh_zL{2s6NpqVwyx%c88a&Pd_dXlv( zO!f@LKz^gB2BJ&R+ZCEEGXGQ$uoxl?UB_B0>9<8uG7mu{G^7tMi0IOyYFQ4tbkr@tJ?xv^Ur$l+W7d< zSdiYj2(8dS>-rS2MzXaO!vH9eOkXjI6p0e8(GeofpG=mo=-o?ISQ%5b0f`CdZX1aN zEawJ#STU1pfoSL_7=*r}vZA!*)Nk-lEar;~8G95Ie|@+U`>X7k6l7{cXIq zbYQuD+ukU(t>mK5WMVqiWU~3Ldo@B{c^?55V z0z)KL0zqFBu3_r;hWs@MI%-F2`<4 zHu?-XIe#@`N7Q$wfq3>&vY2qQn_$@XB;xex)6JN1l&sq*eQF2#0Sy6PZ{J(a`(V!g z7+}>vi>^basJK|EV4#DxT@kVyNihcc@rF1k+j;r$d>Jn+m&5}xGsA8+^zqUadH3O@ zvZ1NzgSt)$m}CdFmL3i3sxh2P3Ja_>Z|e7mM$B0@`5sbZUe8d_`m>PK9Yot*)*I%} z1MmDy6^}ny+?nlJv##O$HR{11OfRm*tHm2llMt~`*qMo2S zvQ{B^1{d|`71g;E=+ect?OLp9&N%@sFHt)$NebF>AHir3(iq4o72mW=tM1S{u5+rF zVcX4585dF-?UGMA{Yama>Z5iHaXdcuxAl=^x?st?IPihIQ(1@9Q1ys7MBs#nMU(%2 z|J5rBD`scfh(lpPQ^jz#y{Fk4hxdYQbA~oC55w1}&-c`NVG}Luxrj9#Xn6@L*F7nm{acOkReCbL zGW>F0*(m?<+pa}w2floSsO3{EY?+WH#s*}rAM(SlxlE*{+ejqvf?#TGWXihc?qtEs z`JGY|=uCsmq~`IJ{iI?0TAX@mh$lL=1-6v|y82;(6EsEax!Vu_9gV2??`Xth4EIXF z`00yrJ7x3tn$C6sl#U?Fe||TI9%TKI zI#dVZqBGU!Q%VanHeMv&Tg(W7H+EUSZ{3V{RK0rnH*55vDVTP{kS8oBX6X31z!-?L z(oN!wN?KT5%_ZsZY2}@uZXuA2dIGEB3E~6Yp<uTd@- z4dP#S>2cN$X#rbLN?b4yO)5?M2>>1WilTH86ziwT@mMH}1Om&5FHicI@~Y7nrte0+ z^G6=Z6BVZBt|=Wp&a$W~!g02QTgi-r$zYfKtIXRcve>PY#Y_W%=h>hCk>1dZN$T=f zEuG2iUt}&Uy})tC>9yIlF89B**XW^Jp#d*BuOxrCp-bF{Vr1+)IaqW<7JXv<1QPSe zLd8pkuct58^;m-+grPe@`jQHWnPfQ}hKn`Z=z!D^uDPT$yhV$p$Ah`KAP7AK2B03J zcP!t*BSoAo5&Y}h?i;tX!zFdwC_H&L>poG)P$(5y9Jk#WRha1)uU|yLJwQ^VNOIoFavUlx}L> z$fgVf(c|y!7uA9$Fiwjh;=d|l_46~xW)8Qu>E)dw0YO^yKGwH&*!)h9TD3H#J=w1) zLRRSS>YXiR&)3c#HLj_rhc>iP#r7Zm>v(^s2zboN~s7doRVJAjW>Uy&*n3>}~w!Rd)Z<#9V~z_tIi% z^UhW}Y=g}e7wR(Pk35^Nbn1g^kRR{yfU>1yKxW11Kj%YeQOR>zS|eXX^^p!)7%ttd zvS}U!k5JMAVGJaNliatb=y5@EEZW;L&!r2EMXR{_P+(w`41;&!dkK9*o%3bK{Ogtl zwa$45C|SqDQr>0GAfD3!5Dm)J>C3Oen;gIb;=n}x1S;urU}SMkl`aC@x(YzyEYCi_ z@)yR<^W9*@1LcmFH1Aws|88Sh*qZfaYUIQ3)dJ@jQf55xH(>KE+R}s32EaUn4sIYl z=>>9929`$GLI`JmdBA(6Rw&CEZuemmptho`^+|cIKYE(i_`plz493i@Sv@V+ugf=r zUV46Z>`M%kr}Rw54C3|>;QIYLKkr}9dw#Jbeg@4_2DRl`(Uv@2`r?zucNNqz>&em% z9C~`U_j2Y3dl)?F3w=ta_g&$yA&JcCrm?1=J8TTVmz)s-Jl1XZE0F`inGCcC$ofwE z)k-7t&W4j-_3E2pScF%~b$x_!Qu)=d3ecmgZR2|lBw$R7V6xb+0{5V#w%9x#3!aP! znWKEU!z8t(>esE1IliD%3=zK)Qc{W~|H+p4m1`hGDCuUs6xt|iJNoeaamNC=AHD?e zOGNy-U$6c!+2a?gH+?>R0qs;_qBcb>{i{w8xiw9k*ciA(rmgx+g$1LFjz}8J6uy!g z*}z`dznn^@KgK^vv2P8lw(4AgJz!a+xsR!+V5*#{dnaDjARDg~n#_`~Ofes`Zt69! zkNnrEEm^%PY{79qpO6XN6lQ;h&d5@O#Dgn+D|vTosZ-abyTrx-Q&_)1kz-*i;3~g3S|Rp6Jpm+pdd*w&*j)QN$Y}3`^zdH~ zpQ@B;$$&c8K}%pd9k%>@DI2c{e*1_s^m`2uT|^-@`Lxah>s3(rKl3+^8xW4k+*%tr z=AXb>%9XcFop7=0ITH|=dhGk7bGx^xuFYBC8!Cu}GHwAUak;+IM46~}sO|Ms8 z1F@i^v!Zf0d-j4IhWxT}^1dZ7YkGYwC_R37g@xg`q$L>oM!20Q%yw6EYduH-Ovy?K zql9~X|5Y6!>q?clcmL)maPTqQ7DSCF+fC=vq_HT3{G!_B$M63hTqg&nI(xNcZ&Xs; z3&{Q7zHR7MtgM*p*{;XSeOh^9acJPhLElj0{$YQO?DVY=&{zD&;-q-Dq6VR4_B2Z_8LhRnc}y>WzO+xcLX@! z)-PZ$vanW>xiBsF*)T-&Wyt7CKH^~>#CLu1zt`pVD=2WiIC65*eZ$~s1!!dH{$p)D zvqP4dR0P+#)c8R{|Fik$&b(aO3HC)>y6uv%=%MZ+a36E>F5L zWb@4N>!7?Dx3(2Lhbhu2ysHDA}oFqxQNdS1@-9;EVRw$DAqcr1H}tdgXl z%8}1mZs&NoR<^+@Qg05898UW6C`vr>eeTQHi_MZRWLodHw}s0?C9S8y=PggK4t|XF zo8$&x@l4C>N37R)Z~fjoR(M~})EOzFFN^hB+PeX3cK)f(+Y_2cXZbuAKmNaMvvFyk z7LP;q-a$bj3yOMt4f-xVkZDa@D?h@A=^(6+DLW^6$`59hM36tv`vH%vO8AUU&60<} zPbT~xZnJ3f`=7hYC~lScr?lA;n#(+eoBQ@A?zJI+@ZD}{=>%IdeKBdNYJ;_Q@}itE zC~4wuD>T4{wS3;Rv}wrGcZS9uOGf&Hoa2sH*puw$1Yx)5rh;V->z0>k<8v2xa&5~y zUx(w@UG;iXs=l9g&5kuG)i(%!t-M`zM1wIRK0p z;WsU6T!y|g+8Z3uec#sIm-^!4W!!z7sjY0p7uF4=$GzY~>8oOcWyW@lyTVK7$J}aW z6yapCBwuuiF#FhE)4cF(0JtU}XI{F*`(Z0rA1)}%`+NAKC7=BA2n1Op`mv+cp_3uk z?3X93s%mqRSAKi4*f)nwx|QR$Vjh`-P5kd&0<*{T^Hp*aGa0U}`zQ1Shr0+S+<`Kh zR)z0hcF3F{SA;M6oNWS?lHC)IyCN5u%L2jp4vwRj_uqXpOatG5;a;!b+Xd$CUd?-A zz+3{>A(R^91J2!o7h?%Q>|PpF?ny5!i^S7u8(aJFxv)3K*lU5&fd>qd$u;zl2fwc)uKb6)rJdN z^&UOS;6CwbAd6k{+e_x3(Ux}#DS z>5-{wsa7gT|BW!3dGTPTM^qo6r5ZdhG%WvceuX(B^%nj7%U7xCzA7R*O_UaeW%BcA zE7dM}m!IPk2VJ_X7~oX0BVf@bS%idL3vi{l$`jWl?@cI;dc1o7DaMc_K6Ugx6n`{N z(RU@X(U{sCZjuKVIS~NHt&Ha4)(1|?}n>D_u@%G>4ST}$C`&R)!Pa>c0zcZ(gKx0U{@?RyO`yGq!SFq|I zhc?RWhk_!tme?GBbceBjU!}zR3p4A1+)=Sk^HI-^w-_XPJF4m4mdvY8-q$ww+Nqn5t z%t6lVCY;yzqqr`R=WAZoR*|YAvWWyL)zz9^GRuI^?H3 zZ-tA`5#Qn+Q&w#b?2)Bsp|r%q((U(R@Y2q*_Jw_oS0m1`Yc ze*tvtrd}7uuKGMm33@$+eQWW_GBP$^&T|lddAa;ukshOmI79;A!7;^+ZaB=})eqs>sY=h%my=~^}#*GoaU6F!~ z>B4c}IAE928#HKOsKjr>{Kj%G%HwrS4;DR+j2_bn^ni4cT#!;oEU3l*`dEtc`%$?v zaz}n)e-}b%y#$Xcf>#(^Ml^;CSNernUsn=f$Fn29f7sNTjuD4DF>I0aGuf0HvWL1YT^^@cEramgl zjIE$o9#s?}&jGYh!(yXx2rsUdXZE-5KF{fk!l zRpF>!VuasZM<@MN@IXjX6qs?sQg2ox`3b0$dW*afvNwb}0~S00PMr&M(SHg#AhIwQ zK|??CxBC-~&{y>>x&R}Gl()&RVb5~6KHseRLe}&((f;OPIMxMs;*}y!GZ) zfEnP|TtP5j)Ls<{y?4KjyecWD?-S!F^LKO*PE{SGjMUxh z*_Y}09xQhu=%FM6JK@D5lJ>*QGA8d@nFVWBmpye$wND62+xx!4YCJ49Sp0sz86+I> zXq&yeogB41T5vulnExF!)Bb!6x668cTT{dCIxudk-eHI@@gaYajT^j22v?41+JQk9hir|0eq@$vEJZf<-xyvHAMcMG1WT5kYF&WJWE zNtt%AWpHow3LZdKCRL1pT#B-?evbdZVlE`epnuMI+>%?bGl*v#$=WM}PK{V;>HP7U z=lXj_Y0RF&l-OM{@H?Jye$+G5iIJ5*EE6aBkMtc`ZcRVvN7@E`ZRD(tX>^Evj+DO) zAIrKfd0p4^2sE4GTZQH^4sQlrMxZyAS^dKsm`6l8UxeWi&wntc8CcP0vhc<^Rg0`o1YMGy` zguJdt*ut_2=r|<)xO(oyaRq{*$Z0;GznCYtND#tbuRaHI+3(lr#Dbw~NxZh+G3eGQ zl}eZctkjio3pUcu_1qrn?4=g$NK<;XTwnksndO*7LqntA)3Wd9)#3oRb7MLldBERf zHMK;;4*ljj8&L-#;p^*b^F!NYQ9IsWMhOH6YHZ1FCwNYKQ^Iw?$HNY}|0Efueds%a+xxZo0@A*GXZotO<@&My3jYbgZ9xMT-~=L5KC*2ODU_kCip)=6ZZq=p z6AugwoSvP<+^}$DnfS}4W&SAJ=NRdHcMv!`sK#+&4#Q`s#;Kue&&G`*Pkb+4SDa+_ z721dIrpj8CO+tSSo$2K-UJ0?Gp`o3V6V|r$9_~_4l%Dz|!nL9|?(&Zt6~S;gyPCR= zLe6h^^9#s73Aj3zSCnM1>})No9UbiH^#Zl+@wqS)!@XxQ&UUBYcIWSaQ#I5`P!jRb zAOTRaKgUP}|5eZrKlp^ic@-_zb6c@fpoDJzL{THX*6yc(WJrmZ!G zx61Sj3CBKGWofQ85M%4#Pz%l%;$Nn??>>pmo%Maw(AK8Ns%po3|B;fihm1^`x>C~E z>v7%Fe6B;CX*@@e^0Ce)1aDj47t0CZgXCy`KcWXYyVPC4&58&xx40d9-bmsE!`yyP zRjxbw!X$puSmjG$N?2<5;8F-*?y>ev>*g@h<$!EcIWttz7PLt%pZ)ov&h0scdi_9| z^iyEq*?58e`qCXDB)_Eqb=4blWMt%AQH#C!Cu4^Y=KGaniWXsUe+S?|681TW7CLj|@>V{It>Noi>%ogY7X&LEklenT6ps1w-t??;5R9&yhrfk__(0yX~z z_b0x)FGTXCb}u*b^%@gYcb3}!{qfbzSU0J+5>eC$kg1z%jLr_ ztPRT)Y4gpXS{opIY;aaDxC1g&%$i8lS2rBG*RQ;&znZK3+6eDMj@AFtvtf&lP0YBk zjZRD)h>GJAn?$pwyh=#gc2nneVx`8=c}}@%bTY!Y;l0XH*sdY5+g-#)4quW{K&|I> zOUvk7DB27^MM$pa4U>b#(Y}5=|57Qj zsWg9K^_!vDVpBx!0%uL`*>DjG>{Wyj(zC>oC|Kk{(jSEQ*imtVjX9Hz%5ZL;({W|z zye=D9O_%%3R6HRFIb?DKM~!{NfjvB^qwZSiyOFG4i(|J#&n=Z!`wDt7K~7Tp1q7c- zIk>rjDv9(w780TRMm#W(`I%b8fhlk$$-R@&_3z}&y?UVA0tMv{m|=Kt5Ms1KzMaP zJY(_h86`rNV{>CDbza1VIjvCBd;(nCuj22Z7uI}Y7_w^Un;0*-JecSa9aG%0_>#h? z6vvwLH>LWLqS>es|3xTlG8(8{utdNeYxDYQO`Yhd+8DVhVM^ss1bM7 zIkTGehH>x$RF^uL-ZgImVJ`!tqM|g!Ay*J@V6V0g(|D8JS!~16R8{NwoVbx*frY^v zf`^ANq3Xr=!JYdxy3&bdXcS{|DNf9#h=&CWMi$@vJKKJmNb{F}2p;4X=W#X<86m!q zFnv0@`577-8eisBAeY(G*(G6$2=Uz|Hs6|6s2gPZz>XyR=^U=aVzSsY+v>Awj@0|r zr`tHL8%Vm(-d*GA<>il?kG;uzl2S79j{EDAS^nuInt4~sQQ2UR`$O)>=9jGGf?_yk zdcnT?%i|RF`L6MCC{)2)Aw46Qrmj?kLBQ& z6Hm4R`JPb2&ob91eE$wC|2u`^>lyaqv5~V6wnUUsrrR*A8I;LlWp%hIKkL$}zR9x5 z3frL%6yGY?WxX1NcH*<(h1@C`!BZlRRk^B0^Z$EVxsX*e%l^5)u(!9T2Olcx$+V<0 zJ{~Kb+f}d5uM_6vdwqS9^|lqp8rc8oVF1VOw%4T_ZiY94zbrw7 zi@U<9TIY$v&et7xVcmNg1Jl1vQRHZz_cfC4{wBRfS@J$;jaoW#YlG1De0)o+51sgS zE)Ezr1n=Ef(k|?G4&Ar5w#X5hw!8Y49GfH$tB4VpLWy?R904^9i2A-Z}-JT!wor!*z6{2R$FdZ$Tp# zz(=Bzq$_1u+uk;fr|=~FOnNo7$L6kz*yMB^ib7nYif}o3TM}!_s$`Z{1bs^F9Nx9hj^nIDHo)<|=4j#hC zKHC>X$EY^cp&{eu=a;Q}dOKwI7yg*ZDoDaU3m)G@U3W%N>0|W*H4=%V>#L0 zrRU@Et??q+INqTWr+xMr7)}0Y%*kneFRMaAhK1+8zG3Qhz5OYf%ZBQCuC-pr{}n!#R#6BL z`+&|s)V%uy*iiIXW1W!ve6z4fuCY2Xf#FEvjs}#oaaNY&@a6YV!=3dJq|R(iKm`C* zWpDpQj#hg^LdOgG+sdHt%FdwY7isCf!RZ5*y=S=bJaym824j}5BR)h{zRNVn^o7y| z(eTz28txee43Arm_Gu|8VUuQ~>wxAL?jjdZ|F9z?p>+i% zR$VneBnmYR6~FM^pHDiyZYB-)d)`p+o6eONhyX zC~2xfi3~vZineEJEqbdUA|lSsZwvamiM|D7h)sqR!p{YiFEf+{X@$zXr+8Zy`?;?g z@JJbUHB`rGGOtd29yL|cava@{l^q)vuwFeugK^CS>R({$jSK}s3?Fgnnu!&ZG~y&U zxPY-zq0QMm4m2!k>KBgk;R`tTEfnALX+7QZ*ud-tf?CI!{wVK>jYGgotUVlguzwO38VOt_hZU#4}83Oxh3Wo zn$zTfVjQna{I7hMH05y1XhY7g#ZV_)e#AK4%hL&2@3O0)$91#x2fTD%U*Wfmf@ctG zbQN*1Zk1)!-0^sBF#c8OZlE{sAn=LOI|iV6;%QF*3{|X$A}th<6^GqK_nf57Y(Sm` z?Qd84HEIvxE>C9Fm*jnx8^qEHokmoHLcXqmPuib#BA@kF7q#EAkEF69>-#?2uh8^u z0ilS??zGYxJ4!tI$>^+pqe%qp{l9PgoHh{$qixLE$f$^ji1ZTvo-1XmX0WBHX;6n> zZ#779+pm}yOBCu^BAQrYEGo?*?0xOE;z{AE+DK7f&-V>XIgPt*x|gH5M(y-Xlby>V zJXY&aMc;D#*E5|8j|2VRdmfABcuyz+G;Ej`n|)DK{RVV1d9AP^WD21}9Qzf!OhJ#B z9Pt62=ef5yJAy-xXe~k)TqAyZp!?(82X%|#BU0O6ojJ^~6KC9;Nsk%<{^+8(xG2z! z;28PIZ?x;L>U^FB;FhG_<_W?kHEyhb}J+2_I>Skt*-9K7e`8`}tsI)r( z`2yCLK(PjFFYUJy=m^8Fii}l`vwGu96-ZIyk;PIuImV~JZh?r|?2f&Bf7x!)3m&YR z$MwFNZP6^}b{q&-PLnLZ;B`1T@E383^SGR-Wm-Z6=zg*?oCcaL!Q{gSp4K0(l$LZ~B5o|O?!oQ+$;w5p>e z`?aFF2F?mLoXE?*wH+pMsE(BdA`mJRF)jjG!Gi_A*2~1u&&qG&j*YO&aq@laz5F&y z=K_dVKTBC`?LN!w|9XOP6#95eu}S4(<$WMB*C zEYl7vGFamW(fK}4*W-P%-~rY~z@cBNjEyzJ=9qyW4Hyt&33%-ZU{Qz}#eG{nr&^6_ z98pnS(Hm6t*4NP;x_-Q?cPl^E<&7|?1`<6{yLrF&x!r|zxqb4z zv#ZR)*492BMQpN8_`l6W8!5#Nh3RPeegFR5=%w>>H3%JzJL`pb!%^o4P$j?T zg3mSO82V^tvC{K+QJr{PEty9aH=K^A6hAOQ-iCY+z4%RYz-iqJR3kl)!}!YMWfAun zx_HLUX#{Z~;NslYIifAkv_$e&@equoii~36`k$l?_ifPH+aeboS3mK|lO@pWRHZW#$&=2R#2dw}$NI{{-w3 zVo;=ZA)TgQ-Dee?EE6cU-{gTLg8?KGqY0UAWG5{4O(syd?uSugR<^u~#0E!~JCMDT zw^oBwg>Mi(*dFOV3wE<^N@PX^%+h}1l}0kxx-_?ay%bVRiy7dDTCoi@AB52Z;ja6t zN!xKSK`W%U2dIzLhZ3w;KrAf%EPM~>u60)@lw62QPush=^d3~S7@$Rp(cDsylPe7? z`^^I51~9m0N9INB1jV_Z=kEhF=QSPVB335TB}gzTN4{`>0Z!t5b=3^s2~^C zTta!*Q;pqDRw?<0DzX`FXJ==wZWC1|?GB#v+X`J>$oKET>migwrvNAxMh9CfcJnl_ zIMN`I$XG%DE}cOL@>@(egy(3n)<4epEbM&-$+7u#b&xeJxE;sj^mal+Q?s*c`SkbJ zfwqG)%coDcfqi4O@2MqtwH$?sd22rN%cHWkTMTjPpf=I&;2X;@#;O9{CNo=9ZSAfP z)e8zbg41~Sg;Tg`AKjrz+#yhbCfXkIQx(6oi?L3ZCc(K@yV2)*N27=5EVTl~(e=7V z)M+Yt-(}=*3hDIpuEvUtJy}VeHmT~Ym-QfzrvKcUBP0%_5%b3vAN6-w2^!PlzaLA# zDyTvcr09M?ETmA+5;BEqtPH3bfZj1u0#I^OHtU2<*}k8}h)e_=1XvAXc7BIH$|v^_NH5E#8pg8kcp7H1!D zL{YZwk8c4)!yW8wZy#*@&VTgYYkxM$QL8I>C68}Lxb9q02rsIp7!v>~F3H7H7!g1P zrF!*HpKO{~lDi{+oIEGZ)zj-Jrkgh#Sx(;`25S5=#g1xaM7KbdBIg$(&w~YdoGelQiW8fFuNh)sy2SLD zs7b>j4abkLg2Z8eUVPevNKwU%?y6`W3FE&nz9TTfW*hvVoJ3I{t9Yu=muI>@TC$CJ z`fGG4^&xHZ`at(|M?tVLo>g4Z1blVf>nmT^lb6J6XrSy23j3%=9yJ&XTGAfG-xPyV zz)H8Ztspi`2mmwbHIeTi<~ToG9Ys|L=+cOL^Sc<3sxdsFV4e^o^73jgp$wox-`Gx} zeJeL@_8Gs}2hZ&9sCli$_y{@c=Uh{K`8{a*c#LPIZoinJBV0{u%|}a%M}+=P^Vdan zMnQqKMG4`rf`TD6Lq)}Lc+}bGVHq!PF9Ty^3hkgMJkGb6ysLfrNVRe zFPLHmp$ki)zLe-s#GZXxJK$P&DivY@=Ciezc2({_P z@^XFEy=aY2uE`0q?f1%0%|?r#%UG&%;r6+;!ak7o?lLl@g~YI}ismz5{7{w{MwEU0ilNDN}{@Df-ngY2?YKCEB@uLUP$(D$2#1zjFCP zlT%`Mc@=(Ir#xF&CIiTzz`{y?#9{y-0~>@Y@Bw9QQ>c=U zm)VxuHaChx`{xN(?g@yg9Ejg5D!|Fi$Tx~n(jrvUh$^)Jh-f%Mfx4rbp;ZaN6qV@f z|G$^%dOLgS$6}hX1Jz-{4*%Cu2G7{i(9D#H3P3Pp4crzG7H|-b)j1Jy2J3&EtAMhu zXaD-jj-uD2x=-WPgp=)7=)Ig;F?SMv2_3So z^;l!}=Q8RatZF4wYMLFQu^@H=*o*J-85iyLFEwQ{Ip4`bKlYqoUPiVk zeuW`;pnt;XiVg#~fL$7GN$&FwK=9)@xANQh3vDXRi}7;8>x#>b;VUJDkoed_&WsiV zL`-x6fh$vKLZn8AD;^}gj|g3TGFZ77xP0KlqeGUi@H=hmANxB(=XuDf2McSRA+j%Y4G6!EvqJ-1WLr@v<`EQ+GPpG zh^;NG$12YXYbae{fkK?|-YQfB*wPDwy~rV275n~ih2M$g7@u3G2KWU8i` zGUPwVp%{RFs2CnIujW_`DM=XAbA-48M&4|u?!1f#{c~b`RKSUA*+cSfgW7cpp=)Ss z_!sD4nvUofVJCoEM-?lpZ<0AFYRmS$s>u9@DjUv0`}*3_Wn{vY!CHksf2Nb26ouEk zM0F>kad;`@Q>Pn{kp3A~~9G_i1)z9e}y}wZGf}4Wz5G zFK+-yyStgx>wC#8f;uu}xdiUG&FY7>@LSpuuUq?=NIOVB>*K?!aLdJt2;bAv&_<(E zFPJ!p3M$I9#N-v9Nq04NNrcRg|I(%Dz&MbM8rSu= zB|m#(IC9_NTo_dx8(3NP4Rp|hHr=X- z=vaG8J3E$)JT}NYQ^6TJ;V_Y}hP%e5$yi@oyw?6RA~Wy&#NhBqPw*rwwj9=f_X3)% zk3lh=#_Ts!fBl*AKJ62xj=$QS{j@9uOd#3uOMp~mxL2LvK+EE$@FD`$85S0HYx=ih z!~HUl$NU*mh3R&kr`|&o)7>7E3GX+9YD9H87eeBR(0WWnE-uK7M>J7kYYXgckQttA zx@@Bz)5I0U!N3T=!SRU%T3MlW^4_*chpWuYmBlpd69@7`>S1?q$C=O)eUIJHR#x;4 z%@#1}Bf1SVb&4T+7yVV6 zqO5ZQXwXfzg6Xxdkq4F%Oac=Nh5>5QjiQU{zuNX55CuDLq)k0EgJk^fV&KZP=PlL)Pf18lqcd7n^Zvhb9pgI7p1_eT-Ajll5&l}ZO{AXa> zqXxXl(j#%gda~iyQqOfs(5g=wlF-?xA=sEdf%z{#-X}pIV76sxEy_Aleq&>- zsW9<2s)acgG}WLVe}p-W8Gn>(Q_A@Kjnl4@^AW~SM+@h^^ex89N@CyFU||a|2=;)zXkE|l3#Sua z_)TirKJUq|*{(0yZd+lET&{YA{W6`T% zyvcDc!8s>kTiWSUA^JG;$AUH4_?r;kM%43vm5jVzMw^m9>GUrYc=9TX5qlV0`y)pol*GaEDO zSk94`I&oYZ8_%(AvcFJk#1TDT1=>^yPhL!47`;_C^8W0rOQsY#jC9X=CJ0P_Ea&Ta zJvlW`AUji8M)_mEy)&)%bz!9sw5+iU&dB$RAp zLSYOm>b^oSoEyaId%5oAbTA>wG>{aRX2l}KJ<#9(!|@JMW!w53EN!b)5=^i#-^l&RAA51pB zSLMNat5Opz$I~O?f&T{TF+0;S-&-r4z64JXvA+Cu&oK&q<`$yBnlwB6EkE^YZhM)2O_H3M5M#4{eADm+?HT^xWmJ$h|FtA^Z% zTng+x?JF29FHw_rmBQs?&#y9sJ{0yc3LEDPK!e5Nfdjp7LBZ#H(-n+@V^h3eWiU=1 z8Xb*p^WQOf563gt)ZRxWR-ahBMIW4#lamVu%O535vfNF1BP$oUmb;jQYJTNu5?BgYcj z#tOe5(H%JE8#O9Fy{$NbPn4cA1K>A?v&@&hd^Ojp z*3*pnb%K`rj(@^&@4bxUAi2f&H-(vW-mQllFitWkPb4uunHtg%$IrRB$4?i`0Mw%L zRskJ>&vHhEP;?2ne3m%O{qXYI8~iBlkusDr%x+e^xjY_!xsf3J$?@AkIa&x8+We-= zn}Da_b^J%HCk=(3-hBrQr3vlp9C0h=__k8!bX^M<(DZoBw8b-C0c3lH>^q1Yw* z!%-5Vb7wGKFn6)LdVAVhFKXv(Z@!2^${oDjUfOepSs>c%JcQF=yTOHCBb%E$ONG!a zH9FH_f5+7*O6*|v%(M$Qe?m~vBa`air>VaOvk^xs5qjPaIWg_+*3&Jotf>hJWMss? z5na#9mkz_2P@ypBc(Sp4XK5r7y8<_`X%UL()Re^E!2xkMEuzO6xg_bS^(}t=oIuaB zfy93ae`E@|91e@>N6oAYf1Tk2+9b&wjEcqvgotn5=8UX) zT_Y_HqTk$vN12-=Skh~*^+2_`ITn&0mY$D(mfCT1UzGK_vu)5(;{AGa+1rgm0-5W8 zlH=T|%*MbBKTOv-BMCH`JbMUoV|ZpJs>eidGr!LFz4wh9&hL=y>VpDn z8*d|HBTI?83rsiNz96&-;`v9Jol9hv7e5Iv@;Am&-_!S1r4*Dkh(q)-%^%`8=Ha7f zX=Z>PcIV)!uQFwyG_U7k&Dc%i%#qbY@!uNM} zLp7IM$K>yZ$LyyBU20a95@sX6OsrYE5!7XXG5abxfqx$TR`l+1*JLmlVHib;r#8wo zu)Ph=O5I!v&v|9)@@N(n`SH;tqUt=m7)i5n zzVgn!Mkfcw7v@`Hipd`YLHE|o`WJ&k*3O?Uw|fUWleHt7t+|S#r!zU z@WYc@3Wj3%=L(4goZcG8khJqVdin+ZcqF#x0%-@ywj8=ohmEm*ovZ0dW#`;CMiS_U zC7%}`Ztuy^=d{xwny0$dH(^Bmexras*594}O7<R7#UFODNUV0isSJh@S3U94ejbDEk3@mJp{(r z_@f0JNu$qk`zF+=j^e)ye0qpKN^QOq4+_|EhNSBhwlL|w9Fhj>qfB&`C$oNUL zTEsLCL}O^-BG2q}>de9wBCVWgrKFe{c1|asBP;Jq-QuDSgT%1OI(0PkLc3Ubq12+I zm(VS{n|el{-~hQZW9NHZNlR=5u=H>CC#0LCd!gU;DL8!x0?46lc?)U&Pg-g?qwRaEzT`gCGYpr5ZiZXu9_`tw+^v$Z*;n9;8`y?c%AlxKi zZeuue*^eec`V;&J_1U6nfG+=Z)cYe7-u$tP9EF*C;9)7Z@Uu<|@*1A=528oE zOb=Otxu`M>N9}!4YR(P&$B>%_u`6-Q4!)2J$=jG?8Cpp@qO+LmB|>aLJvdrneJNpm zNoR&sfzfQlwmiq0?8?$EI+1;Uxw>M;&GnUq_7Gt#uff4sc#jW!A0Dfgi$aN<#H|F@R&Y_D^4mix{1}7rB0ef|EA!_OG{jObH=8iX;~y92nq(@%}2EFzD{V0AEwhT}`#a z-G=e%k1`I%r7gqphz{vgny(~TRyA$&56&E{iQh55Hjz(kY^8fNoZfu;=b8B;k4K~5 zuRLr7cPi4t`>q0RQClVnD~tp(W>ulMZp&{!|7nJ+l?7m2SLA@_t}06-|30iKN0L8k zQJdfY^}MSHgmPibcFZwhr>+X9Z93lfXezC>=Y3S3X%|!UdS7OnCxbH>7tg#jb~|pL zzsVTw?f(Xns-lBd7g)=^gZwQN*NVo_FW_-ja17eD-j31Ljy8K#^F}=ScKdl}TMqBm zK$OCZy{T#(Zdkn*=*F=Y$b09)e`Si0HQPi>EsSAgEDp6d!!(H!i|}0c2K-twqpuN%csk-khM=en^UsobfDg2M_3|C!;F?LR0%5 zm8JQb$te_^6q0osWs6SodzirYRvr915aYQ2qojA-QX?u`z|ur(T6K^eXJqEuVWehD zv?reDAIMSF6aj=qE#~2&W$=iym#D}a+1AlgQH^81?TiiLS?$%~VIU(rlK4goE)sP2 z*8Af(->nKN#{WnAt11@pUtl-g-6=i>b6}B+B|rg_rNGQ<&4F?(6d9|eRG zX)2#Ggu-5cT($0e95RP>D=GZQzVGXtoi#Dq`!*E4i6me`-D)XNL+XOOi7Mf-=o9|$s zTT=a0qV}GvZqEd+*0&3h$>c@{JA2ux8g6!nj0m4r1cD1VVb@Q~On#XW^l_53q%&ace zqit2kbWtHh?k3C5fd}Za%IbQZtFxGhs$tog-W1x+Vf*m4>*FgcZsLt?*hotSo1%RY zE3TbKH2Yji903xZ?nzC=@ms>GNC;}oU%rg?j!NW&wip&?ILo4LF@B9d#f6ktY0h)fB%h&@EI$LNxoa@rb?u&m3Xi}GH4!VVrh}vakIUvl`^WJSw+8vbKZcKzwr@9e9KJlMQmU0z6)h{NA2cg%zbdt3CG1IaDs5dayoV@ zyWaLw_T&mJaEraI%ct!#K6|!%#bv*iH3qk;BTEeC%)VTnupm9&^J#h6L6^vjQp|S; z3|VwvjUd+T>PR=# zAgcD?2QJxHPMG{5BXZkrxJ$E8B%H|;jgOskFlkL$xfO=)XN6lb*4()C+Rlr_vgu;y z$k}9%%rA(zoy(&(js6s!cft`)q@aKseJ>PLx?MzX7X-@^K6%X%$)>gz?|S|0tq)Bk z)?Anoa-=`$&eMO5GEyQT-CYN`*)|SR`j>;Q!oP6Qpf=T|!%KEX>X-j{h|1j{x;r-b z-gy;T%0m*x+s;FcK?~V!6e#u)#%4gsu`$2BW(^$W0ZoQr&G}9-;h9vVS?lqI&bq!G z;y_lM0I7!9*Zz)|u7TVRYx?REF?+1u7s?K0&SQOurMMh-;Zu~NjD>5O4%GIa(9s|-07>nk#GdNdh}Ucf-~>7bNp;6%)FnNm)st1 zHb7>%4FACY^m8jVr1?>dO1co?WO8tAe3cc(c7SA|DR0`Y<4-ssE~GEpKZ z9^HyMTMjpncek;L$pUc3yPt$VAyrVaH(jmg_MJTrRTy^sP~312jwA{J3qBycf1mBZ zxHcE2ywMg*<$>%`mNRxRaWLv>EHE*N{IF&MjQ8|7j@3aRb<)16fQXJp?T)&MNqh!Y zq37R#(QHBNCF+{LHAeuQ1Lx+Z$q_!o(;{O|VjKURPW>oi+sduvWY2|un?qUmF0e?f z8=&3Mll(s29F6(;b2W+1vK=ek=|QnxKOz;9{IS9oiA9W`Z!ny_fMVuB9bUJ-iOje zHqQfX0`QkCNGo~how)Q5YZtzMwlJ=8E+Pa1>A?~ao8RalZYQm=WEeJ1=Gq>&yot^G zVn7FP<38szHlj~^M;P=yjY1~I8-YhQK}ackymgg=rl8neV?G!|rMJd8uIvv@vX3ae zdZ4k$pd&vS7MkG6jloiA$u0a9JG4*5=xBJ>-FXfIJg7upAtFUe+HPG>KqT6hB_Ub(zTf*Cb)I;4f7{Vgsy{K54YWGko@dIm$jHetNWJeV zSF}&7++HZFfVn(3-%CEx8!z_pry3HQO#lYy;he0K5bF!|Uf;{ zjsaHLxgImEX0t7|yf4~GOFJ4ZEvXZ3Q>diTJj(eqf0F}!-6cHjIw?a3X4UyHsk zm@0LavB3Fq{A^;mAniZviL&`i<)>cH{%SwJ>IR`l)E4$rol}_Xs~b#|bjgc-$SoAZ zGUA8t&r59AClX4Gh=1n9Qq!(q1*z-xwZ9NERE?@BDSdUvFriP4FIpT4co2_E2_tU4 zUd!&wz<5`3$=CEj@99@*b*Z{)SQ9(8Ou4MIbkZs|i8z=SHo}=^+@*)vDyFFAUmjdU z_*iRAGiDUfg|b4s0K$F2 z+RKDE%WVCTdZ6Cm93Cz>Rj~9Z*JwaXLSA4Y`RK=K) z6af!b=9o6FBHAOs{osF!(@ zqhUKvow?~ThFoKlTY9lM>poey?i%s%ax>xRKD6Sy>&(TQ)GnoNL6Yv??)JPb-PY5j zDwr)@fI=>`zg5KM5S4SsVeQ8(sGEHA3~>)VzBA8xuxJGa$TkCmGD9CM7A;7}+OoVw z9>foG6H2O{z{})SS)~Aza19{eZ?&#OGq!IOoZv?6E>=79CNgQ8qGgE}KHUhubj}aF zbG_W71XMIKhANWTjTg3BcC{bp$=PjjX#W3}3FDhj0d&ajlmGXPcyr!L$;lLvyyItO5f^s$%0>R^Z8MLZK&`gE|Dv2;t66!a& zH7d0K<2nAXD?aAer8PQIN`~YBGzaOD#!rZPC6>?^{~U77tjMbGH6&%WvIEdxzXHej zO0TG|qC`YPASZo(0`c7+IO{}6;`--{W&iRYK_;$r@o+r!_{E{+nZ(>-tH6faut1=O zot5Q_@C@vyuUAHb4&1v?UV6wL|7#KN=$#!#;N_Y1Ey~aP^lLSIF(*fSze9}>8BdhC zz%Q|Ri6Y`TmAk_|)taoK<4ko-d+uUuil!NmlYk9Bsrs>yH!+V~JX+r9>R<80hn%si zj+u$mSyhRExT-UmQtO0K+uaScVx1vN0`K5}O=JlXHf5&785QyZ*shbKt^^TdT6m>tZp|Szn+wo-{5#yJaH_fyWc9Mx~ zs30Hy`**zD#>zCa9X|7ZW$yk#&Yt12r?+SQc0k#DwVdNPljq&>w{Kidw}p6OiLCi3 zoSeY}NBMHT-B!JHPx&X?B%-c{x`TjN`>+|TK~(?>c6dqp&Tt5O)g-QTO?$d9rSV}3phLIIf!V^mLNTO zOT{rYCMs}LzjE{Y*Zc>q%5er-*q_?miSMtD7-tNDY%;mYzWNPNg#ekS_=orW(r+V` z4NT>@#aq}wmmwbEFEv#xfl+z*rNgz7FnO}^ItICXKLE!82^WHh&3IOvmWrysv)-R6 zd`N9`g|2w?k&cYlU6P24o(1T&a~B$fd^3yMOpL@)a%H|6lOG+sA+y-_tRH3h^fJM} zYvIY63ro(ME>k9MY!xuB^;Bm`8>K`Zir4y2@=f}B+hvxGu|TDXsOo1|RV%a!Jq-h|i&)6>y=_nj6`qpd zZO@F{xr9mex{LCJwl}rSsh0CWiB}zMmcG7%46GV4vv2hq%5a4qWbc{5(Jd-aGufjBl(ziW_W81zcz1=4S?Cu;Ivn)qh-%7a`4mj61`7IP$+8bV)DT0Xz5*9ys?xd zObD3d^OrA$I)SWT_pMdcG=*}QcvE z_XB;eOq3k?mXiwKZGNrZ)Obm65vgFC)pF#Pmh<*a1?Yn;sHgK-%)ur-=W$g-$Vx36 z5z#puUKKzpe$cTIT>V$B;{DJ4N@Jj-g3~`JR%h7qdmvYEURyJ{YXl$~5ZII~X=$e> z@F>Rml{rWsD6=&A7*r690icm=AOHKmER|Dp40D75J13bP1ux&ig*Va^z5<3N$i5CugnDSc`)$ zGo5CZCck#WJfR*cq)H-?-i3dxk;M2Gzlau8A;wV@)?9XbS9Bty(Gz$cu!;Bq5i9Q2 zj-5-h5rwc^S~ZB|a6PDJGYu=Hp+_TTDv{ww|LYZ6{-KzDE*WTm5b|XS-rpQVsFwI* zL+$o70+J;SHsht5F`Z}M0}4_(kVS!+4<#kK*`#7R6>l0IE#7M1IKSSFy6XRrt+R}( zvisJ)#6~2g8>G8Y0cq(*T1ur`xmVc~gik1kmVYQ9W{B0aT;CC1 zw>srxmDkk~$swKG0Vf;vG)r6h=Q4>z!`tILfC31#lVED!eE;SiS;Y9E)>i+mX={{ z_p>p@)1`yCAE7QSyW<6FFCChEwm4$n!#%JSji7l9KN)ZzPZy z!e2mc)jJ;mqpDtl$PO<0ww4Crr;&U@=adQPda6k`6mp{W{<13BK4U^Azx?EV&czVn z$LK@amgd9TZn1_O3*dkM7$CDgURkl{I0X^qpMRazV|_Be3TOKxl%a8P{vKK4B0BsS^lsY7t~l6hGr?M$(zT$s2i!516;P9n(H zYeBNK_?+Ct)Oy$LY!d|I(lhbtGLT~Zfn}iR`1m=IC(l!Ml(~r?T?=y+Hzn#9|9tAm zyU^xby3F!PM_pHn-g{J_;Y=gaUD)S@_eO2gyt9Gm#ahd16u;#MsIu(+3 z_?i8!0dn-XtvG%pH}Dj%-5E0~0~0S%L>n(E*!3O%+wXDlkDKtw$ni1)K9-ICigSWX zp~kS^`KQiIAJ*4Ft+0I<-*XG}F#%hKUqiZNVrUujf9a0nKT+_ngc#Z1o#{AGRk{3eS}Ed%2nY(U z_+RITdZ0a4QRWcnUmk9~u%_R9tor72MgP!Hcbe#ZZ@8v4&P)!sV6{E#K_Mw0E(_$4 zNJe`sqX_@hJ2qC0-{UG0RsYy}MvN^x2SJ`P!`i^=bx*6cr+a<2(w>$_d|6D4qs`P= zGET2zNEDikp|V`*Y%er@USZ+{C=* zq8zw2Csf+wIroP0yPUh*S2^^jx6VF4 zcyy9D$E1*Twz~%&2wyqMqk+<@NA`;Hx1FQqfVcN<*Ze$s=G(U(%PLU<%vDOogg|w` zWCv8)Cl9H*0%Anem%QqmpBsTEG_r2_cJz(c_Eo+DYBtQc#mkjwn(*rGzH59lQ}}3YU#i~$gOF8n&i9GgBu?T5Fj%H>swXF<++h=f1uhkcI`beI52D~ej7Xe zy;4zwB;y<59SIArJz6iz=-nTu8p1Gw1Xc0t62CX6pLNU`6v36C8>lZr=lgStBc5NP zSMwMzitPeGA=X+TREeac^4ZkS&g>J2>g7kIoJZvF7FG7tR>naE%WeCUR;R&}0yv^Z zvpjhD1q9$qxz!4A&=HJHlpkaHZQuEJYMWR<^WWHS!vhc=f>YR3=>)0r z6&tk$MDKcji=IM zuH9t?(4nLFf0lApb`A576M)D+*E(}iSFa{WKB>E$35%z>h(MfX`Vgf${(v4kMaTuE zqhl`o@#a&ji$$F?c=ZJAkfr(&_1HZ+wra+v{*#m8+L^^xCx$>WiVhx#jkq{9o*zRp zY3;#EZDF;gqOKtA2nzZb)-8ah`r~w};9l0}sW~I#A+L7bg1BLwoZM~C?kg_tNCvW8 zsv?y(qd8y~mXPTDvyUzMb|Giy0@#shk{a`F@f<+q6B6OFdWXR(x|=xWHU!MVPp)Kc zuTHdDkw|?LS+MA(z7k#Je&uE~eKo!dwrU1G|Jg#b7Xk}Ydybaadsc+g;KP{xDi zE1J8P&f%YQHWhNv64giLgSrFT^SND&fqR^N=WDaO4+!9IhB`KA8~n{bhe9Rkt&w`; zc^yA#O8%)~&fa~1-@Vu|EgrcooCPIga64jiA)TF5(p`SE@3Y^tzT+_&1fLP2^+zf4 zq-D%h3cB+?TK8=X64)z?Kn@77;M)Nm*sk)=rH)|^891BlXg6!3G=(+@--qgL+K6KY z)q?#V7aiEp<3@$^g3dXr;&kQ$Tal_*cGfiC6|vT#SiW@rw*h-XGqaC~zXrcrsHQSG z?6<4iI;=Hdxu2E>Ztw)172eGedKsB8mItLv{h+JM&z5*;K)zKvX*@1bcC z+iCF(jp;vL_#W|z=v;)=-=BJLu9Yp$m+x*JQ~-E~PVEL6PJ6k{rj^aTv0IpbD`W~N z&>tQz_j|Qa==t`jEOQc$)S2$N0&-80YCBTR{oR%*4!LwT%Q#aBFw}lJN8|-754>7? z(%Esvb@;}b?F34)Rs51I$8Fs-=c&Hji%fO?&2q0SoNu_ZWkO@m6H9cWMn}2aJ?jU( zYMl3Z%|{5lmQ)eHe^0JUaO%M;E$umv7^D>zF6l=`Hh3Ze(Idz~*J*TH5O&|}F|Tm# zdF6aCr@MrHaeevr>>CM+ddEI{Sax6ws&}LN4m?P2yn5;U+o;9W06FBDO@^>2>v1EW z;NI*pQI9uR&(OmTDYyk9Tkf{)3C?5O#}+|0@{w5?)Av~9xaYjRibMuZ%rok?8JzgI%12hq)o>FjUjk!60p)d%0BzHC0rde)!BENM~FP0e<_F5 zc5socf4ftZ(JNwwo*3*H4ecE+eQ(MrXoP~<^w7WyyZsM0p48e!k{T_SL#Iv>^f1u^ zc!EesNcs8s+dE%f-}I&>SOTlg7;Q*c>u+OhQB*xLGVjyx*dOB#2OAA_@u3BJf3BGg z?zaUCUiR7ih_uvc^CV$ddZDG^0YlBC)U%hR9ds zAS}bmcUmpghk~_@w?bEhp789{?iU>{2BNS{&pLWEiv8|3KO^fu7IXDeprTT|xa1iQ zBDh1!j){Ltxo3OhpTY8Ca~EHpSat-4t)E3l(AbM_4jKp*(OC3*sviU9#KKrl(IXK@ zj;73@6pWiQ-%{omg&@+-t4j8DqHfHMUV8K>b&F4s2}H z2UA&Z7C~z%>_gmjzA`RCZwMAu2~|(Dn2+!!-H=@lcqwdcO{)q$jC!Dy4I|uyO z#Bkmk&)|6z@Q?$gEyrXct89Fxc+SyMOH0dWh0k^KSd|>@=GMzH%0-jnUy6lovf^_9 zwA9_4m`>C&0o_;8?#^VgJxcjn?ab^YD!I?|^ox}5nTz-)$MA4@-1335GXWRit%QY8 zc|QPb!G=Rx2biRjEwR~SnnZ7QEAE^z?0QK*TjxD6LHolIDiY$H-deR< zNV6)&exo17dYMttv;$FB&1x^>{ThMxyodggDo^`qk~4WDG*YuK`><`<{_O@f(c8Nl z1pa16S+?Rm!e5x;$=E7ur>PzFB#CM^;}33AEV5G)mz696M*2|tbH6Dc+c27I&}~o& z7&i}@7A7Yo6p}9rEt<{(!vOk50ry}wtX)(FSst~1<(n8V4vX+NzLl-0J^gBx}=x|3z zWG{dWTzy66Bb<5&Zw6gbvEgQa+m*)6`%ns(8qOaihOeAgoJX?ptyz1haj6dyeuuN& z05e0i6o>hp0EF|l?*7T$%^nrbljW?Bt_inaB@s;EUa~qW-9Xl6ng)2v16~`;+ z4I5wuaKxY6hnlfvLEUs<0wS&9#2j5x5>-I_(q~xI z^`J2BgRlB8PFIU*l*J}j+=Ca}(%)}W28IS+8Bjs1H(-e6wY9heiKUQ5u|NBd8#E%W zv^5sP@in1x+6e2%F(U1>*uqa*(RUe-5`wSPll`s@=-L-%%gVO5(5|2 zN&)QXaN~4)RFAnFz;Z^HoxF6YHmQ!yM&LfraCp2MkkV?tN9uDFz ziWJ)y;U@kkHVzA2xR`;zlyD&WoWkUfl>AMI0OZNpdV@)ie%^^5!EA)0pmG3+87gjc zcCvFCW_4i#W>y?Bx$A9YawyY^ROZ$g_L}_SAB)i3`8TMni)6*p8@`sGTOr~m92=xZ z6FpRAFs>v{m(cq?rUy_*qVT!ki2u4;OE|wB z470$vzeD_GBofqquAH%DZqDVhNdPy^&2w}QJdHw+IuZ4mnv$6AgDD2Kjomp^@}0~b zyDdtuU-og|Z7Iz72y|rNhKc|x+0f2@R666dcR4jLk1HiCr&6ttSN+3En@QJ&>Zpu! zwJY5#G|5u53Wr0QdVW<85j1xuv?xhA0u)(A{mtSVRjx;n$WQa0;s*E{;vdoZJN^%|lQs$!l89Cjz`m9BLuKSOnNJrK|;L zeL$v9C@?4NGn}uI9K@Y1z0yCnPVBaPTfeo$49DgCCKrl||V3P%2 zn+peIX7?IjeUkxkn}FMKubet?lNQDx-vFj6yLw4?E5>V=+a5cY1A1j`G=_aJ_EXE%ZD?^tO48$b-}PTb|lzF|?+!2+2(S zla)!1%~UHe;jaVjZv`NA-W2N_MHpLKM>rTuhjo`wedg%91vJIhw)>Lz<69?Z*9Oqk)YO9Nmz|wmJ+?|0oJY;F#HwIP@=|%t%5M6}7poF)nd}E= z_H9NqxQ?N+`222^^R@TXxLk#EnwptgdB`)k;AAwqgT@P9H z)fjQgQ<^a)!DTVv(Y% zIvUD=9`ixZeBrLhadlJzQ>IF`zO@~GL9?oQxTmP|u(}kq(n1HKi3>}9FGj%JTj%y% zwlQN6Lhn^=-ypd^ZvI|TqU_k-L z%*+`~d~tUQoI-&rgsmZI!i{0=u4v(9TRZ+CW=eg#rlR3*28$%7gE>VEp9JuvrjYko ztG&N72t)~eQi9`#&0OgztCTUFJ8e{PqIY=5q!u8pJv?a=etv$89dS51w6j@SE{5Q! zU1rb+5Y-9uPmobiR&uw}dVw`!tjzwPdB26y`6aS%jrBa~-QCCd7pRa4HPyvTS{WP) z_0|JQZtjXT;cb<$Fu5bcULD)=8t#@|kK9Mt=knLE{-MiE>yRK~$o z6h%hbv~{nRjx_*gYEq^FUvX345tA!%OWW?v4{B|WnJ0-1UNIrC^S8bmK#YbeW-#yG z=2$qsr_TCAHQN=>gKmILTCbxm7?vNacZrKtKqJ+G98%1^zKQ@t5f(^gaJ$ry9+ zBRws`pHJgLHMO>&>!QGI4c-!(yVf)vCgyQq<3F!0^A>P1TN8Q>xN47PInAw<9cYnv zrMnMi4>-76_zo~}-dx`-lz>0&l$3hu<=sxrm zq~X3;EXCxn9;pm_5Cgmk9)d1JErU=KJL9^}PCpP(K!BGEjV>$W6xjAdk^F9{f6Q0j z5eYr>B3xKp+<5(Q$1onT9hU9yXqyCv&=ko35NB# z(eMQ*4?``4P@b-_ID%59rK?rDnIAh?qqz6pS$xfJ;{~4O^yCuxd z&U!#goN42yk)NKa=`|9jo@f(!czQD37Ce{2EvnNNj*Y}4CFF?H002}GO7E3BN5*%A zl5!6lC1s2FWu}mSlw3Xf3qvz`^_iK@6kytwo85LFj<17`F+-7;THFq3(6Hl1!>T9? zEwW1QM5dIO3+E2{5;Su66ef-`$ev3{;2YS3G>{~AV+7vlcUj*?1Wy9Uogz^o5$dD- z5W>DN7Nl94g64}+QnT=FcdK|vb>A06kHV7ACjLkDxX|c&jjk0-G&Vc+W#!r;8MU%K zGxIQ!s8o|;tB>?%;Z`VD7L!Ne$l}v(wYZv(b>3c=g0Wq)7r)LsU;t`QjxAYSu}Y?@ zS4Nm>Gm4Ba`RYK=QZi~zJ=*o-Nns|>Hm_p3sZT;i`JUq}Y?^38dm#3fxuK_~{W?r@ zxJ5m44tMUVv@a)u1@($0x%*`q)rw)OsHjkLn0k= zMEKfM^T4Hs25U*Nv!9A19QFjV9-8bqw^sV|Bhr=*#ad=33^DT>L8;P4gTml_vxs26 zqod=>+AovGd}Y~WIQL5q=b<}LqV%3Q0tHNI8W54Ye(CaJFsQ^-G9K}>lqn!!6LG4& zc{zqagufu^&-nTCXNwuJ7Xj9$hKY!|!)epej&seH>JAFo?RWpt^Y~57M}B>GhYdh( z7YFUs4sG0mlunw%g>c~l7{8d7mTDf~E+$FJNQH&7^qRc6_a)}bp!#9I5a2|_(K(fS zv5cu|n$MB?A{@C9j-3pXUv^r&QZg+?c>}wZn$s#OczJ8r7Ce`;{1x;xShNYbBnR>n zg5(DZ628d}#5+f;b&7RZStU%$50v!Ki|YN9(mQ7D^brxwp4{sET*C`jIAt_uL( zUTn}1{8*j-=lMD{VZEozGpA)!3sg0gXL~2-kQ(26-zq(l0RX zh{0;Y5wy&*-*^Ifcx#ZjoDzyHIy_2O`@ms^#c$_PA?-xus(R^`$mUQ5WQ^^y2hTO#a6v zFnX^C%kAg8aV<5AhhQ;JKNs9OopP$~+o&tLl9$*TNL6A$I3#^#jiI*!0qwS!jiyp)Q=FB+HH ztWuJ*xMI3!&G$Ps)ME|s?d2544ZCpeYRA9QRb4JT!{tcAQ3Xxn6vdUFRF!HTly-CJ z6!_$2WJ(&049~P8MYexQ4j_J%A)bl~y$9Wh9%pzvB0%uJ+YwCdncr@1NW-@>#tb6J zW>5d^MOZAcJ&w8okR7PUB3}OR%7Nc`wo@M#zy~$x06R8|basxuSCnTs zVQ43JxOjLySG_d6jAY_+tNc`c3LI+Kq9Hd=DB-34r294`yGYJmCn<#&v=3Z?QX!7` zt@kW!N>-UeXj@F2Z`>os&HxS`j#X0|HAyHD%qTn~D)gK-y1xkl)WOWA%Eir{Vr>mq zJ1hEoqJw^JY&>|hql+pxy5ic5^2kybB^xQ31x@F> z+Fho*B^pXguFd?Ha(wc}FF~SZ3~#n_FPg*V_~!mtZr&w3%&n-Ah9y&$p*Rce)Q=zL z{*~c3y^ge6M*;JX6@9eNZG;B={7K~Xu_j#Og7l;qwmYx)#Y?WC(^FI*)12+LL-T+C zi7hF@OG^lwMD%aM|D%G?vnk%O0+i4AXsu?iofk9Ki~I^R#wHn^|FkF7{ zIQSj-AG^91mDtKG@mHR{y&-nE24uSRk+wS=C^9PK*%)dCSQh$dZEf9QImiJeTkJED zFsJZ6z|vwXpra4@zDE%0t-RRc4BTCAO#7uiv~ii(coRHc>EO z(iNld^Z92O@r?^uAWa`G6Kv+5XJhMzX7pv??=QnW`09DbS8E0 zug_GMCdUenNOT)yU)8eHFsma+tDkX)!#Nm))3mqHSe)GVL7k-i$R0&;wcS`G*g&c1c_Quhw0`d*R#Wgc{$SOBWLMuR z4^TqRF;im*=hMcZkVq?9Cm>t zlBVj|{n)!qo4y&>-_Rm_H3R*Gbdm((tQZa)tBWrqEFGn3uCJ0uZyocF;6O|GwE7Yb ziffWtj(}J4tLKXCfOPX1jHrK;Jk^gZf35c)6~EB^ku|Z9O{9CwOPQ#?6Wy5b-G|uU zo2j~jF+RsIk)b{Cx}2)xy6x!eJ{~(BKaQ_6^pk4lkds&L6}`spTw0<8T`8Qwld&UU zTc-ZE=toY1_Qfb9Mu4JU?MPbl^0c?jQCavGAPNuAs{VCpO{{PHVv}ytPTua96)+cK z`V6?pZ)p%}Gsrg;)_d9YxGiRc>+R>*#;}{*jxd@}epK^wP5evGW57T?X810I#CkA z#UN~86rbD5UCqMzybWZA5rmJ>psRZ} zQP>Gi6+&CxiR*}?6U%>Mjx+|0_Y0G7&%M;Hg98?rFYbU9$x&{{Vo?C55&PkG8!W|f zw(-1t0WE9<7#~qGyeFl!1X2T1C%o!ZsppVl=>)UX%ChWNJf;c}(ewt|tgjkA*6try zAiy;#4LRlJ2PYlC^pHDee5(cAv0mYgAt)?=9t zfX~G4F^^c18KGR16uY}bPh8p92!(eSo*Q`wFd#f7;?uzQjG_Ha89<=W)>F@&{l?Um ze#tnG0nZJS^h3IzPGpFgGN+rwOD!$JQp2Wbr!7vVI&oACjCMFE53@Ki+h}=d&1K*; zgY2F2ELa=ewY;pt#tI*qWEFM%+e(n^1hbSw%9H$rNevJC9^iCa(HYXT!4zRjERY%T zWZxtQS)WFl#l_J#F>ft1Fp&GbXZu_U@@9BfDU2)&S&Nx`=hfh zs-mOA-{`#i0kBOCG$eo?)a*+8ivY+CqB?f>{08WE$Hr^6jsF%oy-BZ=HeYqSvuAON zYtZn+w}rqGpHrnD#o+fj7g&A3&a0h|S(x@5Ff|n;K=Y*NgRPt{mWcvv*^}#TI$LUK-yqsW5bA! zj?NO|fP{>OiuPu}c?)Bh9xC56+O^E}6ih3{=C96(7ke?!t6f4uT5?g7a;}vgLHg9$ zTrC2m=}<=t#>BZvP!+~Q(U8E6?3laCj+}6Pt(z1UJ8j8lPQ_@=cUTUGpuKZ`Pi4+( zDw?#^nxT}lA1U{}^RrXMjQ2Av^DcEMRf~6?S|tn^z-g6Uz#(>>(n>$>wctgM07!lK z9XGj|Z#Jic`6SyIhCfP&o zR3H38NAl)wh8ADw3j@=~U<`q1kszen?(399v#QY35?1kE&DU%@dt{(=@R0aw5z>(3 zEUJjn9VpyvQp_d4=4m#8`Kwvu=BfYEgd6M_!}2#x>E=~53ZwDL^p=8>VMccd7|iv94Q z7si;!ZI&Zuo@9Lw?CC!3raLsaG`($MnS9^p2uXDNSV2=lnzMl^aq`>f7Fn_+RgLlu zrOU{A`#?`+CXKKW&(W5}HWMjz8?XBE$L#63g znuTOo!xE(Q#VRO|f zKv8FL%L`jCRg3dK5<0Y;T?0*irAHK^g3-=G*>N@Vve(i!5&C_^qhjCqI*+@fDQC`9 zS?QYRDa;MGpGXVkzj;SmaSav6EVq$Yhb!p=j1FiJ^_W*$-(-n3R(@Y54`q6KksP4H zJevArTBc($UeIIhR|G|chnB+7wpQ6_=oIbihOj3$@gp^TMlp3A^{&57DV0)0>?7_l z*m-a=!$R2M?1Sjj~g0I~OB|-~gH1AaBc5~W{Uo4=BMwM-(D zSbCtSysRCQe8&iO=03^v@JoGjwAN<^=xBB?45sf})0n22MCCD=Udr4Y%Cbgk zmO2RXsc32#QqjoxF?|R)9g)fz&=P5E^(oe0-gc6NqF9ifjCq_Zic&c&MtL@o5wh%! z8gGa#(r1k|TN-#OcIz2bNMAM+y6pe(F}w3@E&&$W%y3kNm<0A%|3Y%inM`RSZKT;; zM)AtVup%@-PiR}Z(B@D}Trw=#_~+#k5{f7@v4lxTxWDJt;#(xnY13b3w42In(fg1B zKe@!limCOLABrqk(Z5lV1)s(bs$q+15I#8D8V)R_6jy^nu$qm7m&%aVwV=0`4V4en z@%|RInlY^C_)&<5Yzcl$GoPd<@?$?*X0nXQ&&5Uf`1(wa^jx?`}XIdGkku`w<^Kb`qt8Sq*W{YX9; zsW~e~kU1oe?v3`ZU-|cLiihz5@jtrC*(tZIA=6+jDNr0&o@RcgnayUCpRa?ced5(L zV-CfAwRE@sY-w5j+UL!jTidWjbko9rE%JMl* z-LVyIdrkV-wJ~RUN{dTHJu@;|2*e1WdDB~JZ7vZe| zCJf@(6`%Gwgvv}Fw|nI3FVtj_B(Gh3sPgVkGi?eL7A9TZ*SLOS$LoRPFKU9ozki5U z2A9b8y6gctEeV%9S95cVX+(uLnf>p+`j%r;1%v3AJH%8W#ik+@?SCb1^#6o5hZPDc z#U6QY%`{2>`C_it>Ea~6C!%T@OmmX{4mu<$daaVkf0K1BJN#`q|MjoG$mw#;X@$7e zBl}gv&j(D2V`q~#nC8XBv!1`>eJ{X*S+~X`+3qbNP((NCS?wEiRG$o6w@lc}NW$Qz z5fBDnZ=I-!T&C!g*dsjnpl;d~9PtdT#qCv1|L9}ZdArZ7Y9B_g(C;zWC$`t=GjHY6 zp{%e5b;5bhUgPm2R(@yJhSxEWmSM6N0X=ujoO6uncNAKsAFPefr`lGfv|I|%UU2ph zd3+kc>6% zDa-oGce>d3ss!oijlUI*TxvS|RH<%-M0{UJ)fQ1wJa3f#VV3oPm&f-OAp%B!M8aOg z(XPY&19D5dHJO|3g*TxBM;U5usXcvaZEaoO2(|r#q>kr&+n8cJG`gG7wvp0Uulpig z(qBKj2(QO;KRuiq7p7E{DrjmZ1ga@J1ipB5>@@|A%#)nGI8yC zszDvM>kj>m1GC|;t?*_>PYg)M{d*={0}&B+>EO~(?Yia8pmffNb{{lf4(z!R?d*xe z&L7F!XFDV~@Ab5*e;X{P^zFR}l!AmF{X+6w1j?CAr9)aDhYlv0^NA%^Mc1ZBxZ z%=3HW4YFH5Ha4~Ytfpr=TJ{WGY_haoJl99=PlS}5cPy#KK9K0EsbqR{cO4jOTGXjd zdS!!obtNQn%ZM=spa_<;YHQzvc`ImeHl;SNUZ=EZ<0jl1-B~~P33fA5RuyR@V)a=_ zLc7HN%**0r{LrxrYY@fwH7Ef1DTsoU>ahChcgMe1HT(_Pis?-uAt~yKWYcA|)FOtp z#1m&~Dm{jMub~XpXNPv|cHa~3{~iotb=E5VqIm6yU6adSR=9VA?iY%)9~_E1Vcb{u z2+h_%;0%_tt)JRNk4I`8gwA3NVwTiZS0(-9VTrx}ztZ5pmkvfv3qR4DDh??T#tJS? zEV25zjV^>sLk13Rm13@Q?LijVQQFt7H?~+HyidASN`OS3cwvFSjn5(A;};UPq3;=`D7POeSUU4rShbo;PnHM2MzZK_%x4|g;jM_WSv95jiupTmolsr-**;o2=9#gdNix}R2bdpm#kXY#@4A= z_;u%)t%f>c>iDvuk&Sd)9Td=9g$`zl z9i#uozp1AwY#BUrLH@%i{`a{P3>f6o3Ou9ql%J01sfhnKHcsB$(vBej*K&7xlEiqf z(HQW4bo7$C=EfBl?1z|$-vdJ+j+ig-U_}a2#U|)x##S*iw-1h?ohB3}r_%=4I1*e- zh+d2mtBvL|D151O>h_&+entrXTH#`fUtuq`dOv65jZd@|2sl^*qGx*5 zj;HbLc)b8}R`D93&UynS*w)?|S6KI9HAor^4GnQw{nDA4ogJY6Rtf{?wb!*Mw$DX^ z$p&y73meHvFCPhd@qNtoxI1{P1XjlWLjj5-cGJLQt-C@RZm3}<&fO)u|V}GXUVHL zjc1x)C`*$SAry>)hRzGyfZ3D-8g5ewwSnB~yrA?3X>O{Urom+Zc-%1G+e7M~#$!U| zA_8VFH$nU1&t8#))+Sr)R^`5lQ z>B1l}k0bft^^9Nrz!uHJ1HXr{v9Z)tYNxO(L$EkPi79DmvFl|`$H~d@=I-WTWzQ~; z6R*>^##WV@FvL?EgV7d4bO+_CqxlAFd&A{;xK@lP%vjSOcZ|cRAs9}~0HoLvuc)zg z#t2hqs*UDg4a>P)I zJ~yI|hCD-QPtLlt1xvs>@29MR&(*1`Pe}+L`Its( z3Kt2E*JNgcO*fkHU_=BX1YbXX{ExCgwnXBOev;k~RGjzJTa)=-EkA(-oK8RhqTp*t zjhMxR@Pw6BVM$%b%#1jP-ERYd;w+N`OQT4VcrQdlX@-Ib>HHHq(s5oSMOwW6mp zlX2a*3!TJ8Sdf^Cw|S|~3;h{(|He}w2p@BJtxr8-J)GLOa@0i--lDdd;{QivPFxJZ zS4c~ZX9c_JLCY~}1|tPirKhAG15giXX;~lY!ft!Xo$O5CqUb3&&FFrKxD1aTe;JeA zH*q}k+G;C`fC5{P!`XYAe=&R_bX~eHCYlyL{zzeM*Et1kEQ(X|5)%b4<=<_wL4nWX z0RxoSn4!n7JVh;Y6sdjcdu7LNWv;gCTl0SI*;nayX+Ww?PTC?sN2d`96SZ2PgA3WqVcELVX<8`Vm-~Q#WT&7D~$B?wcPQveFgszEAK_ygqND@(T`T&HNi1p`mcfxsRf*0&Of19B}7m zHtXeY2{{-UBKq5qDVA+cQTM+bK!D((cJsV$OX&Vbo}wlEifvCE&BV+Nvui5|I>v4J#`<+O7a{dOfAHdMzx!@&F2S%l%yw>WWqyyFY_P z+!o$e2iBDDO8HEFG@o9#I3Z||^zr_+IM!GE)Q0V-IKFaRZD_Q#<@)`N$&_{q_%TRL z=fC3FLw$eUJU8lTS^tf5tN+!)7i_2@J8`JHuOLf=wzB*aIw=3!?@d$b=op*!C9wO% zW&s%dy(LM9nbkp~89C3K^?Zv|cl<%rul;w{k3_Y}kn88OTH|ZRYd?Tg^BWuNEQCQ} zQ_jN2GbJXT0Pue^Vw0chLu>E)S9?F4iBdfLuk)O>4*m3*J(`L_rdQ|GV&698%VNtL z>o50v(HoIA-$Vv-3rLKIHZD&Sd0AZC5gd&-@g*X11vQs8t(y z(Rithj0Ezrw6wIgXPce}V^MM7QajRQSGS$;)fx#^S;ZIMxQW~m5~f{ha;W7m$x}h0 z%TdX74%(|@VqeD{HKGG>1!GZpN7ozEi(UiL|}K`1ONtS8J_+OUS#gcU^q zxbn9v6!``9@HxrmGrcdFXh?nb`75K}>A0FwI z)wZ5=st%|sfqWZGVtZq3iNZ*R?#>cpog<_IK>e}qD`xhV&a`@CclqmLeSy(~t9k?c zndJGZo9<%{+1bV>A)(w;@RXUe7m`sJQlg(FynMDS+qriC&#C~1;>>VX^v6mxLs%`e z-~eYF@TR9N2Z4R};P&=j5S7{uRl}DAxr`&1YX7Ra+?m#Pue{ zjz!lkU|T6OY+yj#hl*;J$H#WArmH>-Z9F;rty5Eab_Mm+g zwnjL6~}%G_HR>EIy#v|Kzo*fsOGz# zAJMU}mva{o!1s8&aMv+;$tLHAH2vSt`52OuZ}#(vAUz(i*uVc{hC3XTOT#0euIJw# z8ZgeBu{_?Xh&Xd}>sLHt!VmW)ZROFnSN1-nMWrP4 z)ra=goKzBwyc{uC3`1=6QNB)(MuKMtYOq7ODGNLSVq?v|=~>c|^Yb3ys;9X)<#2a% zrv>Axr?U96>ZP&ERFUmx5r>YC;JH}-*)AelRiHifb6(Bbq}Mwvoj#s+RrQ*@MJy|J z>vVeG@^bU@fdrGR5`xTkCWEy6l?ov_00z%j^Zt7AFDt964!@r(9RKiG-#?H2`kCPX zBns=f#h$zCd#rX!nDhb|6e8rpUgv~U?|5R;C4PN+6q+vbaJGZmk-a1*aap=lnpRIS zs?w>dhh39EwW-PbMP`+Zy3SXJehuA4u*1zw^e*VzH#UcsB%!xL`uZtAL{7`~j$Pp11dHizhUV&kH5llm03 zih>EQ7bm4QTs2t-Jk|ksy}`-%V8;41PmNQc&x#Zxcw2F;@(T#EIS_)Eo<2TpX)zge zCl~P~XVoslJ2nt>f$!M}Zb?nG02@;(vfF2`M4qOHYLZ}KVQu^LQ4k9`GwClbeDc|Q zhD+&=SP|G45#*n>5hO!n`MbEXXR^O@2r)fvKB%p01P1=sA8mCh#-`%_=b~%|pA&;T zNBUQ{ms%o{%H)-hkVebw?D@%8VuBC^#tkE(p92VvBAj>Bw2HSfBuXI z>Jo`?YX>cQz^|hh8jb)2-P!6$4`Wfq)L&3}0oXWR7&4er?I)ZHUX3@NZ7--!WK@ixEcO@#=CDncko|fNTM$!8jpgrSLZvb3ar~n&u*oLqT}y;f3vaZ5B=TmvQJ(f>!sOR>OYOl74sBngzfrbyzmlxv zkyrYYMq|Gm`&ob>F`VNh`&8R-a++k>7)!3kScC>rpLY`LFF@3hPW;daY%pVacXK{? zU|$?ezPdQBq=en1ngdbYh&RzlA84Qjn434Lhc@zCgDMOp#Fo3|*N ze#COoVw7_u)os{IioKSm_Y)2o>*9SMqp^*@S*bZHn>gkbP-eW86G-@W+|#zYeKug} z-C}gzN24VIR+pgw_%5+xHTcaUEqTS{&iq|v(AqW)kn&EqgckombERfHV&HYcvEt+7#=lE=lXmtO!?{jnC; zul@bQ&MFn^ayet*Jc|5+vdAeG+>uF-3A6{UZNtg;NE{S?P*Pov|UEXtnZtl)z1qERz$h%iQqdQHJLu6LZyU|urV*rgO{3_qM>hUuf0D9;fe1icvuslx^ z@P<}Et*#H@e-WNl?bHCc%tcT7g8s}uGRczu|K&YZW$F6V`Ic1Ns=)v{fuAImF=)1K z5L!nDM=!se-H0|8PXB~i8cW=VEQNVu8m?Qnc~>bowJBT6R35iV*3?6<8c^RQb!5hY zdwXKIIKF5WNDXKu{x6ec2PBwd*3DdB?zsVkTs+={1NbimcP5Bf#UAC)32dZ3AY7Ns zsOkpwTabNmZDzF7aGXd*fJM_BNbPVU*c^a(Of*%LbeS=5A3J{(3lJrqA2PA618d!# zfcyt54;nY;@&5@n-M&Jr+H5U3fW47|@6gIeKnaxSoO8!xH%;$)w191~yF2mp1%pE* zgmU8oFD5OOc8;;7taL8sX*R^`1J=lON?OWRT13ZIDY9E$w4mleo`nlponmgDX%!$8 z;gxs4<~K)w4R9TD2)^Q%qm|<)#@mHyr1}aXTc1t3VU{_UXU<6jh}F=*Nh-%*-eN zK8H8n&dtV_lEa+}C^6n`jhm$HH;ddA3+&JSiu)(_Y^u2Ok4690^CZZPj!1as!fWMD zIny%Z$Ofx92~)!XT)%Q!r&RhR%`UFs=v%rIt;LSoENhTqn7pjirviSoe^055P}ME4 z*<>7hpsh}eH<>{Q%Z~sX;%itx9bJM{l{(pOZ+pDZuA}%`g*O=b2hACHL49s<#gh0a zl{dLw>geBzfGj3qqx&EmQ(-e#vDUfi2zp25>~Sy+1>k5J7hwPcEu+1^e;jIBG%eIu z5pq8W%IOa2ZjgZ4mXfAA_|+iA6F34v8?IwyyI7d}>GcRmxT(2uP~c;~_^Q-TJEnsi z1^VS<)6ydBmmr;&8n(cUd6kq+82pY9%!hSy7@M3N`id0>M9Sh70$!dUO}bNe_%GKC zH~{@bth*?ZjJfgWyN+N_Ajy*I4T#it= zz-~^c+*nUS5qCPGN-uD$iIJ7NfTmNv|$1}p*7^Mf5Ee#&cYcmX>%t2 z7X`F$21WF*nGM#T}E0rtmVsS!;H5-o@c_xnQS7=5f2N8r)hdO|ND$hsy|-%(#Gxa zm4rq+LilCh4wl!N8BiM@nO40_3@I#3wn@$E5R+N{f-dNB625$FXLdXvTr}GjbA2h~ z5_uTob_R zK*!62N__y})7jmxLn#fD5-0suuCegx2g#X*-`At8G`kVK%Kpt4{8w$d!lw7NY8U(; z&zTwllD5joK;Owdihk(7Q}biN?02A}($-0gNuY{_v-v_Tp%$BWOt)xAXx=d?`sYgE*oKKZ#UvGue{X}w;>k4=<;dJQ!k>y<>=A{n!duw`Q)v@U!AOrP) zzd1wd9w@}$fiwg!^)y4cn_L{!Pu4OCNR)ZqfvWF?yi^VV)*z=F@1J&1Ko$PIr6tV{ zXZQG+8OzjdUu3P(S)m@q%WFmwAVKK$orp}EuW|DU(|G&uDoz6(ynk=-)pFF8&~nvk zoS2kpQI?ha27kWO2i%}l5PWs9j-2Z3AP}bVcE4n|P%M(w8d^an{KHjmwL)vwDx?ax z)U8V9|99DeLIW^Ao1eC7+0rW|tO4g#owH!G;FO?#G~Y15=bM!}WKZgzSx>9gCv&iK z!HkSvL5P!6Q^Qe|PBfYue;XPqW^hZ4kO?^>0mAhnf2XFT(}2EO_J^s08H3NA3%zik zo87ttx`I{L`d>>ux#XL7Ch$=bvkA5?<*9M?cBr3leOdKJ=2-+=NDU3{mFf@S4SmoR z-!@7DADH{XaHHm?pPnJzn;6S&GyQSQy0@oyNI7Q>;4O;H zB|J-kU$1BfGN!c&=&%2;|86bVeE4EtWu4(-&2m0IT+{VqVOTb46Ua4&HCMVc;C`U{ zt&9&2syKOgd_hy%Z+4TatSQ2J>yX*2y`|3vTD~H@M*Y#xZsdTKFJ{36dEnc&XgJH+LCqCo0Qf-=7;GM)L5CFeSLF@;;HX}M z)8@AILasOidSg@5pyr8_t83?L;Q^u&!z{ZQ+>3DDo=5!W=y{uE5Mbf|07EU-V#2`D z)QwY2s@F!$wuRNtc6YAaR9B7?%xCPZl#m~v!DbNzX`>BjCV#TdUO(8{A+S(4GLc0y z6@V2OU+j@3SbO`eMo?mE6astG_jZ#AUU%pnU{>J5EwAWrsIBSM2W-(PQ&4is*CRzl zMs_!S!82D77)wk%zq^Vn&#eQ*G7o}9>1W%#nDCKt{el2);ny$u|Dtzgl&L;WwXmS^)?~nNq@9)wyK@J6McdOCW$VH6Xmv+o{f0Q zxY=%GewRA0ZH`rM4=5}wtR0aVs;UoLtw!ZN`P9Bu=h&nx2^03)=cJqsUfG+Rv#&kl0_VW3-I1= zdY5%smZcQFU37o4Tp^|4)_w^{?{!77&acnK=U7RuP622z`5DxwPoJcMtSW^VO*C=>clxqJ4fN5Ze^dFa4N>%eE@Op%p+R|*x+YTOWS*~wP;bPu{NA*WK zh*cPMBaG0@Y$v?)q4~0bcu~0oBU`mTtsdell{!xbAZ1N}$#`{^6=>2w?^zZMD8d7O zl^|?(3TjUVpz_dPgD=}sU5@;4Wm%u+8Y5Tx6+bw5at_%dVW1f`277-Sh+H2}A^1Js zNQ$trnSE{zx>r@hskzm`6+9<=a#&= zQ?L5`FO2I!z7q*R~3YWfHXDW>w1z79zcs{ji9R{k?oVnN?`07%v( z_W{qq3l-@2u+II}#Caup1Zo9fo~NUyv$26-nGJA|=eD_lm6`Rbn-{@AmjgJvx<~*< zSPd*>(sJ6?O?j3zvz+}06Gj^by~$Pc zsN0uAIcuoJF+1~IKkN#-4qhE{9ctBymz@7N=yFN$e3=Vl6C z)j@+jCB8y`VLP9J*M<(a-8xg!c0^cYH^9hdrf~G9SHT2!{!r=zvf3$8^eeptZ{+FY zQ6CF&SuZ}9*Y55j`;WwOy@;htCl{CZ{j8tatp+ge`5bO0>ibS6KAi&^2)0y54Sx+OPmbeOeX3JgdBPE(imFqU-5q2-Ww$ zY96nHGC&ZaPyrRO=$7x%IIojEzj$9kJGlky0}&CC^X+umODyc!vL*7zoPTF;18h{3 z$;H!8fJfxN?(Bv$uT^Pus*C-1{LJO{4x)msfi^MF6IdmM3h?V}09t#mYaAzdTNe#3 zKJTp!!<6x$t{GB^FYwi(;|lLomL!(2bL{3c%)wSd48|s4xD$7>jtu7i#Le0)sb6qS zXa8o7F*h1~4zPgl3;n+$ZXprR7-{$wfFWYO#F>XN80L63X`K30qF2IP*d z*gn@|y%My%@B%4i!4Iq~LLLVcJT0xJd^4c-u$n1Ag|heCI1BSV@4AF z7JtdrfBTLFq5ua5QcD|BgaIHKOr{c8VQT=o)Y29(hAChbAy4{O<#VXfLa!z0DQU9i zeyVX|5hUpkQmeX?hvv-)>#Z0@bmB4$};w7oL(u z`X5s1Dh@7GTl5zfu#PUt)>Ot#m%x^r!7E0gH)ER~j6I7`nE)&wPQrU;pIU6pY5aeI zmV|Q=Ov~KAe*4xnIf+?cU%#2;)qFWpSN=~Wb_HLlXXp<~ed2CaHMgXiicsx!jr5hb z`%r6n@}Yq4&WfXPf#T3c4f`DKIgi#NFr|}B!WTDmrxzd>l5Nshe8tv|4@tPX&{p*2 zN8|@6#8@}JONe4pwf4HRwD{uw%3-gm^-Xkbp8B!q$wys;`x7->z{LLJJ8r|ICfGNA zyD;Si+h=&1bynBD1n)p=?dVm!`;HujT0CyIy_2e0U0r|cPpN@bENvDJ0K(!T#zS^O zB&gg0xh0Cl!ruAo+m1>|UZun3tiXv*Ci@4QjRI`*)2cM`D!0Li&z8}JlbgMvI#EGK zW6}4Byzkgcul|q~B+Evu`dCEDtL#SmDzgaqnd(@l%48gjs5TwPVgZn*wLwNuEWllC`OLcU-q0JWsjXsnV9@iZ9775yZqZ00~3ZEzG~f zn2Vx$JzCkVwfW75x6uAsNXLHi2k#1pzLm+Via%AW^d75t2qQ-blKM(%!0DHf@T
      F_Md)Kq3(|7*I+4hK-YUTrrTHEQF-=Xm7EdOOh$&V9qPbmum za^oWsQn4~W8bQ?j1Rw*Y9srDHl4}Hp;fr-rrbad+r=`IjBv=@TrMj4N{}XU}bMQO? z&b^ZbbROB-9K9jU_6wzUNx(uteO!Ig|MMSbd50f7I~6Dsyd5ie+Jgt|`*%iWEV?Tv z-X?1Ne2T(wemC!mUggN@cej?4IH zQBh7#PU2wY40fY)BUo5?N;+EHK}WXtu5(>-YptI}-><~t`9{rS#>G6$fpRm_dY?m) z^3KG!Zw)&y#*Hj2qSoL$az1N@)VW@CW3$LIh! z%9P`NzZ3u%3hFJcYnzS!c=~C66v-rs25hm-6l(nLbBU_=V2hSc%DY1}$ZizUzm3!w_b@AYkP-(z!O z#%6Z`O%!JZ?3JXH^3M(K9hk3IU}XO5|6Sy16a9s^b{iBbDA)ej`@Is93GQYTPV4sM zTslkjwJ?2WZwPO@EBRh}zlyC*u~tg9pFC5OI&dhy;;=RN)E+)F-l;{nZ#}wsdV7VL zCYK(UUh|~=M2iU+{I^-&7c?DeU=!>q`Z6tlo@Y1jxpbPU^>;mslucfPN zOqsRVfDi#B(0_;|4`?Kmr%bZAY&zx!CQyMgQy8fW^TU@MNc1A~`Tz>dfQvjMf26~P zj}9kgBO4}`h=58maGG`rUV6yg6!x z6t!q~ct12LeR7E75irqt?~RM~xAu-E-<(3piy22Un;I5qzm}P~lAOELz6Th~mskGa zocJD3PEX;kDr>q#`o6+WI5<)1B-N^R^odzz^24@?0RkEtVA&Tst^bV{-!MEjAv)aS z7(#0cB_AEK#ctvynr6ua%p!Flkh>k_D?*lxgG;!+Zi7y}EnNRzR={Xc&cKY7k%c|WnK4c7 znUE0a8_vxg=x>os?9bHe$I*AnZM zD@_AB_c+-~xXFtS|8&%oJ|L`p)2ZCj)`>C;Om*Gf_HrKXDpEvc)t`j_bt!kOh1wLwX7IKm{%8^)E2XqsM#u-sw!(B`>4 zFy85r1~||qg4vQ#bljI>8ps1b5ux9$t02DNR)r2Y<)!681^|si@!tmW6{V;x8Hayg zVj;VJKzNuzykx>)Q*WAuUByitC=3_>eVZ{} z4Df<*zk={(gVdak-D_$T6J;!aa8Lo0H%6x~c;`nL3r1dL83}BAY;Q6$)%~4X=t)d= zEWePTCD^)eAqd~9G7TrdXr~xim1fodcdQxfqs27 zBc_EIK69Q6CXdG!O5eI8RQ~)KRy*)9mwfm+?30Z9j5dZM*NXTA2xQkKBi$H~1cFt_ zWe<)#Aoi?Lz4|d8)2L#%e(=9jXGYJ0Y&9zY4(S%hLv?}ve^=~~@I~PbQ?@AdA_Jdg z5Jtu4pLGA-^Tjs?wr+qgfnRFyPFp4L_FZcwu<$_jsJ6})xv!FUe-w0AtR(U0-MorK z55bVPI;J?@y-M8M)g){Y#}_GkbD8$cQ_Tie5#>ALYu{_p{Rg)&*z4xa=lxj3_zz(J zTAa7Qo?6)@X!VM#4=Hb(91tQpgaT%dMmBgVKdkqn08anh*#6=Pb-NCX5JTl2qnQh< zGJf1|8g#h{?%cQfA3A|i#f5Mip^&jJ&<)&Q4{V1T1AM9d&v!kqUWo|O5}-L{7Q8b_ z4Gn37FWW~V2CE;u`$B10?Erx*BZ7Sb+YE+5Zy#fsgZ!bHz9 zh=eX{b`5worP|&Nva;BoC@Vk*wen%fm;Pk|0q|?8N4JWt#!Dvk%Q1~zf|7_U# z(`=j$$`VZbZ}`==ZmfC3R5pMFO`}fCjwS5E^AB)1{k3wuj9ULSRr!HVg9Ho#w^IB? zljkR~S=x@BfGrXs01nojqRo+&9>X%n`lAH%mEdMDLwJI&lfWQKlfO`ScNo-NePPE8 zY+j~Ub>nl{=_>F1X{Qsq09|;3M|PB?%2)NnpyB_g31uCzpeP0 z8Vg;JHswdPG!yWj7w}?cmz^#laJOQ&yjL+A81r(;@m|o@-pJZOo&=CR`k(Fq(Z+v1 zToVgGSRx%gkZUT>2NaK243)BCybNz8H#>;l5?TM(!d`dvFxMS|8%}S#MeJ9k(-;v( z*4&81NTYgs2e?%S^QfJz7x=N#e|!UdH<@hzc-&5mZir_)a%_N(es>*I2M1yNw_SgJ z0Ogv(L{ughLl+=M`d8WZ5enEG7dpf*A$Ho8H9C1?^jw8Rjr3E0y>c&bS`Nj20uEve z%F?e8Mdu|O3VR*mYD=f2b&sr~MO6w@;Z@~Yy*%L|MvI0d3&~QrU0`ifQv*;Fgv{B7q5+VB*DN+{3;5_4D$G7fFT@Cyd!lE+lGCO!Tb&mCFt+FQ1To(i~|ge z_e$g#@>ueT)Zj5LuwBi(dBXm#{F1 zxs5*Hn&DRazC{K6ZXpNey2tuDg<`TW>bUE3MC!PcU8O-}T$9w%l!C6lF|njX$x_Y}@!+iFN?Xed4C9M79G zj}X2xtY02QA|L`;Kc2$KN#S@#2?_)ah&ci;#wKVc&s9U}z==Ib&;RK$^UcQP2x*SKh(n?g$330>_!lG+FRe*B#-vr9`! zIYgIBlos_R;LR!lWt0b#>JGp->k z{LsfwVs5UQ!^Tz{hFT$_m(9y%f7D~wJp+=fs|EJ+w4HJ!_a0~ zta2|Oz*l%CL)SWhL%|_U2}eE@>ydKQRd>q(4_1Az5xsqW!Y4r@txr4F6s$W-9Wlo zEpOntaUt*7Dx;GU447e7W8<4s^8mEpX3z`N?p##|(ndNkel)+BTDDQXm6;hb6CjA` zM?%-Pp(U{qLi?=2Ib_9frLRvTt#^W*+?;z=K3fj=#F{FXCaEqk`Iw^vX6y1}T&%CF zcUVDL)q%5uW_?vQi=z57AN8{zXDv8)C*6c~v?#WQ-oudujky^0sr{qjf>@;#`*Azy zj}k-L=~`pN6504JsFF8n z^pwoU1#vh%_E2q#6j;%W-mLvT4wO>n1XSC9CB{j*wVCdmS-qSW1fY7b$ct*{17EG&{by=T!77RzW9lwdZ6x8JZmOfjcMntXHy9!~)HH*n zrhxerb+T&*06&3u@j@53TQ=YPwNXG_Bm*>$={25)#oer+}TzpFG!cGrXV~TK@b+4<7aP}-gfauXlzybdgqEwj571tfT}S(3x$1#$isM7%Uk% ziIJ(9xpQYg)u@;v@%G+G{EuSmlOh6BgYGKuV~(GgX3kCp3~6yej(k37&(I6`09$;_ z??%3|keV&oL57+Sx`L!-PiPH3ZJ|prvgNp|9T`Y1?tT$ zKX}h8UBCxTq{U4&1W;qB)9?ZFI8We2bR3Fbyfq~7#Sm;qD}wC(P`h&U`-=$jx-7E)P_9b%4C zFY#-9XJs!o%#n|0)yJrE8YSAQD|?ilR4#K4bsM^`5rQ8D_dl_M(ro{_ypt@lqY^C_ z$I~&A$(y$%zjm*)9+d#f~nQHA4YXhzgvuYT>v zE;mD3kZjq~qE_)iZ&-BeFF*H}OSz(`MS%SL5>atoI_CsBkY7IKg7wG*X=G_nRpUu?l#plr^fb!Qj-CU zv(P>U|K%?R0Mp_5{i%b2Lj~4J$`=BI#&i~!76;tfY`6!=OhZ zz@vI>mK}ne#)NKUC$nl=cu?$U$Mk3Fm+SYeA!b^wzad8fi z)jZo=iVn8|nLIvSd>J8e%W&D+*bM?=i)Tp%nStF#bds)?Out}zkq)b6XMoe;Bg}Ez z&mT*7Qy*8}lLAI*`Ni37F4{F6)#}(0D&|LM_@-qCLVYWWuO{|Auc9FoWE{0Kn20kj zCa6L?(-ZpsS&}@L=$vdv+tCx3|C+<8)JV5%WH<4X%(8$4$#X{m%tV{aMLFz#j=tm< z-M0MJ=C09iVhos=m;wA8I^7xQl!hs{h` z4w}i+on*)i?$K3R(VMk)d!nb8e#};OJ8DsgiNNV{6Vu*q<=D6|fb%>K)mZZni7T`N zlNisPwgF)wVSgnrjnHm=m)3`zLsESgWIcckz`uHc#FCtW;ltSA!QWp@hql4qH_Y&4 zq2y?jMB<-ZI8O(`mRCP5Y|aM`l7COw)Y&+`0rWuCf{{{r>~rC<@$ZB&@H|ifH4+)q z9bqge%7PO0im#Y#s2V;>7+`7eeoVR~kYhYVssAJuvv=K6I*=c-2_83Ht<6wY_y-TVWn^IMjA-+OlpmMTYDsp7q*Lb{`= z@SFt}!%sf14lws=V`0bIvx8R=NEpniSNnn;XE#nm8-9K)ZCVTh{cS96gbaSlcZigF zY|>7ddT?d9o9_G;f+Il05{@>U-~I-M255)*v9RZ13!R`+(iIxxx^)esmPfv*s5K#nzgyDWjsK zl+a}70c?=)oM*cYEK9nAZxMW`c3jSOQ{`x9YIj(22N&AX*s?@GmduIq`bq`Q3@L+RF!ZNS zQ_h=@FjiCLY*~PPrMMDUi$`?8pc?*U*mj-E4Gf0B&)&hk=t+n%m!kVlNvsV)>N}uS z)dJS=pbIsj@EV|!JaoyFec_HX%M4HddUryjp5JVB7U0bc-Sc0O{48^%sUE=WLb2?S z6;RS4J_M7cX!~9x+l4fwi6E3W`U6Hy4>B{$K8Ca*HV8^^2Bv?gU55Z0vN6IZBFh9% zTFWRWK}R@bYKCX6_gXxkNAMm&x<`cT92zDA=)@FM@R55!dXanze;9-PHC7d=gu4;oeRu`H5kP-2AL zh^u!T>e;k*M~0u@ri%E?Bj||-JCi}|!59E>$ikzA`z5?71%NR+OeH0WM@SB^P&bP+` z+!}v-{CQ!q0kt0qkwnX}r?3)@(jpObZOSpWY84xG^v;?}t)f6G;O@smw3mQlQ@f4!cl+8z64F0+Q1ZKU*q)8Cx^o z31yPgG3(&SN?xh0k_Ej6YohH49<~|T&9aX?S)O7S?MnuZWn)~tmtl?KH<2EfUct3glJIf(S=ELm z{=4;jiSRF2)7yd;J+7M%C~WIrqG&!N=H)mWT%DNk`Tk-V%88Dr+Qy zSUw<^U&>2KssGg1U%82!+;Kc~-qXmgTb18#-@bE>>Hlji(^=BOy%Mu#OXly=6w>u(8kS`89*SYHI#d zCr@*)NJ@oWL|%mR0va;dfM_-Z+L%LnqS~g7g3_YJB8eiGw)#xVXT$@(+C8cD6^bQMA1W)AXVhcz= z6#G87c)H!QGeb7HfP(C;Uc*UMDPO>_R>dX|6rGQ5?NR(6cxr9#Y6U}`W8Bx*$@s~9 zRCnvggTVs9xSXy8Hs*IV=54BgNO*xoG3iItxEDv1m%G9Du`NjPD8(2D=^rNpq3Ri>3w9d+p5cR{Psi%WH^ zS`pTuRrp$ZSxLU{QloUEz_%il+w}XLu=~^3-c^KHwNFkLn>6Yb>K{aIgF-?Ofbdxc z4;{J+r<^4ak-u#=U1_M2akh69yuQ8|s`}S7p+f}c3w&KLw5s%j{&3{mP*3Z9WPX?H zMsMPwhl90fz|Jqxg8?q3UY;_-ZRjK&@HV&Vh3iQgl#_D`Oy(ePC4R*fVXSuONH2RO ze@E^A-8@J-S%B0|`h@@9_F;X9goQVwIr29jX|ARh>h3j4&kqNkgq2augufjGn&^&h zW#2hTE9N~o2wqDw-S22^gc_YCIX53WTr}}oe)~-S`9kqxgO1?CN^J^GX|aj8%{WTx z24#+xa6@FkCHL!W5?1PUC}VU5n|sMZ{DrNFS1xLLt$YJVk9ukg{V-%qM;gUtLX-(7 zf*I%HpZjBm!0mHPA4jpX@_VcA!8S}UCM^#6!hclFb@Ri#C_CP!C+FFIs*11#jg#{0`em|D-aL&LmxkL z)Shx3daClZ>?l}$$_(TI4i&EVs7drZ<)S`4_wRNW)rN! z4dsyS&=5gyw?eerpAOwN%EF@T=`vN4a=m(SUES2r<((0o&@qO!$_36TP-*+X{% z?lMCaR8fp0Y`=5#Iy$JyyZ~}yBj%5vkBjcGREIE1z(5x-uYqY1tz@91+Oh#q=`#`~?k> zAv*q!AsC9{G30ifxBRUbn}=_^n8fES2Z+!&_%9IgJDS32d2kTd>{@EUOl$SkIQ353 z%@KKG+oMyiuKS68WqR{*uTN#(O;Db;+kOEdHAQ{P1A^={H;1GA9^rn;ao*7oZ9S+4`%~K8`-tVaL++T^I^i#15Xo2xr&PeOo)?eu27pE_r7`mg~=_g<4Vj(!; zC>nX4)Jv`D%x8Z0r~E~m_CR0wp=UBGg0H;8w5E4tLs&@2oyi7Z*J%X1FS z5j#(-8SmvNBKIN10K77EWDS|e@$#=*{0mPxuA2r7TVLOy%>?7%nTv5zty6{9T%!`7 z`Q!WIgzvV}MxEx9l=;S?{X>DAk}-wo-QZ6I2YP9Y){^zh+n8Ght%6D zbFrrrA4?ysCz=zZ6-Pf@lRBxSMM?WqZfxI_X*&1Z*Cz{MjK}Cr4?Iq8eA}@+pS`P= zQy%puXVqQ6JKF&YZowgMWQQS{P}vEbwv`#{V3F#i8_*Wp7R-U5TD+8ImyM{Zev#H(mQTK?Ztq3!NXtTl;5qfnpIU(^q{H{L*rM zJR>b8@#}rx4QzgfC~~9Mo14eMY2Vvn?K*@qcMZbLESB#>J-G_7yv#@ZxP;Zw^oBI6 z?Esq&QRJy#X14;Btnqy49Ea06lTGR6$x^+^?zK~G>XC|hT$?=8~MLR_U) zifF!$>67z4{a9v1Lh&q*{qkE$1N=}RI6v7ROI`apu)}ve5qgV&TXiuzPOx)4cZ=Cm zh#H+Purf)w)ko>-Ww%KLpDJz4A1X4kx=h`I&BxNE&Jey29shpeF7^#8jxZtyYeWccaEvrdU)JsC3!iNl-z*uk#c$E zH$;>&)Xf)20`~8c3_?Xc-#%xNB{rR99xfwu?TrKjgMv7^D9ICYzq0}O+`X?dsE1S= zeM&s|;>2p`<~}Gk({DRX-GZDi)lq=y2L=E9E$Ja4pH22D9^hGrKq$EMF}KDC>u&oU zhuA0;3~}l+?4G0VYU9+TWrY+~k?Jtn1Us7ffQ|?z=7J2+%PX_jTE7H=&v%=((^Y&! zdFy=7RXdF8E}H|b1`XA3adBSUAP!0Pp()Gn%R|`?16v5@c=@niv<1{}Zp6QFo@xu^ z8$_8utxe6$7@$c>dzy~(mWIxBA8tioP&D%9@tgu`5iGWVFQ8}SB`7{1*eCmhiO|Q} zZEIgTB%pKI{8BI1n)Lk{?{~v@>c6DILm$^#TD8VPZu;IQJhKMzNcDm<_O3-Jlf&E7 zgTRZf>Z-Tq+9YBrseF`;UBfGIFRP~uL2!S$Ty3hl`&+htqe8;M`*TI+st&g8c_ye1 zj0G#`#QtnF`e;{f8~RXVg7n)8Gxff&aY&H|z3rQzuY9%SzFwU3k~gkk;&X=Pw(F0G z)Qsjdnc~4NJeZgjXV%$8DN~2$>bFBSG_gRohLpM1Vfm-dg+@U7SJ(5n*1l|Jasg=6 zvDhO3^|AA7@u;CV6T})$4FTo~`CnzKLM#g}` zpZzNKOf4vKm7hK|1`M}=ZFyYeU5LU;CJ`U@jGvayf}x2|`?EL0Vyy$i7fVcVYwy-$ zA8wCxDN(ve=bu75o#_M#yj)9|Edzuy%wb#+Qf_o>Mm69B={p+fztt{FqF<%#7kqg4 zNGj?Z8Xx}-78Z6uV7rQ`ls$VEqjtHlJHDQ?d>*sBxk1Yy{WofE-OFviCgtjTNOptg3%Ld^$tW79J4^ADF4L>ZwUhR4oNLNsLi2rYN^QH|l;cs6`X=J2K}fm+ij1 ze|l)PVR}B3?KAFEdAvSx*ZB%U=#1u3munzzE+~IcJ`3np#MGj3{p^RP)J^A!=?Q;*LiyNVgKpi1J9^9 z><3?wdyadrrj5~1ZRVslxMVOJ2H zK^HORgsSFNIG>PucLWP#jx~?tlglZq=8He}FdFrM{z4t%br+D4ZInN)Y(YdB)xtu< z6B`lhBBTit##J-6H+g{)(T7Pd~L_8MK5pobjn@c2d%=^c{2S@U7tse7MGEG)=O78hNe`jBHlDnM9eIdmBR9h^z%T_WYIpfmV3F=5c+iJCE{ZMvRn7;S>Lcs2TSUvIh>(%E<@hJ0MLHv3KTXvs}Qs9p;EScUa zChnD7{A?0#`Vr7|6i_FLkv+yII1a~k*3FdyWDxrcE{|w{rW`V91*>PVn|UqjrN&g{ z@?=S6Ztwjr88L@YE%?5%H~e-kwodMYl9t{AWN%z+moqzX^O0KS&U*Ni` zqJ@|BKhAR9Rh~rub<h&^HO6v1cZ|a;Q}2Dy`Iuo;=d# z@ach^R$bl9tTRvg?GWfDOffrFIVlzCq(bD;V1ks4MGd+03^`DYFFU9Zz1}s020J3k zgN*Et_pK1S_qDqw8W=|oUyIKO9XsB|V#DwC+x{94V%~Z&ZK9)ac$ye6Zmc(O`PGZdc z^JzM|^NUm4kD7d3^Awdwh8VYoie2SkYa8=tw7Q!k`;xX;1I?}P!ycb7{RE^7c9pgl zS{gGi-|{3pFV;zTP16^~d>O$GM4F2uqX0s^Z8WvXLl@D!pD2OW=`PA92B8K^UWEso zqeqX<05D2WpKv{h4uB61V9gqQmkaH54zs>JH__NkRRi|ntUgx+`Lg%%d1(T!1XDE! zyG;hLoh!DLbuRN(#r)XQmp!IyDwh63L*$`Zt$^v4eS=7&5t;>s*|ze8c@@ zEfew4@7}CGCV6n)B@pl{Z0sG|Bb8%EYE8v>C1j-@&!)stJd2X~Qkcwc=nJl0^GcBv z`KCl|y7$`Q;FE3(8K;PG+hMo)v^MMjdk#_f>{;2V=F=FhuX@Gw26+`}p+TT=4PLT* zQ^K7Kp8gtkXIn|$4I*y*GczSJAk8SO76$1-swMwHdkCDVj`c#f?_pQfc`t5ek*ury z;?z#Wgpr)n1Zv93&>TWJ=UH8yt5AFt($_mYlq7n^AhfpdR`@Aw$}$T)i(M{>SI?Vj zi7vYZH85hK=p!Y=KrdLanMY#GAtnp8W{&p@RnmeA8L2G+-ag;lkf(=bNwtPIIF;xX zg-MyEJjfQO)e+qJerL+*N&x>bGf1+z0%AqTp*wGP-C~(JdhnG5@6wli7rQ9TPu=oH z@&(l-TxBDH3g%!^TzmKhj2!055Zx{pKU?9u>IRSda=W_IN#?OOSd<~0@h73WMmj`v zu{v|4-j4O_>>sO&tn#+B%~2+2wFqB)yuY)+WmEXpBg#UDDQXcnv^fK z-2XUK>$G8*l~wr`-VFwy4jQ<%;NO++MZoIumewavxiVe)qqJ%c(&>fH0T_QO@u@_c#)4_6C)xsPZ>0@@krC_kU9O<%Yf z>^*2GCZ~-)E&Zx2Oc*iWYBqQap$pe(j7WrVTsf)olOzn25bIb5Dn^s_B*yP#*>YMt zUUx8izFKL|!Z@=~g*9F@%|Ln@2rwgh4&I=SwF+Kq1h#y9rJkq=3Ber3p+iB&;O+6c z<@p35AY~S396l^u!03b#wNcc3*vrDT-o2FP)WI&|O%AM&Qi15KYrO+g?*&PBETZ@2 zsnlceP0;5m9}Ustd>zU5aCInJLkAEHEpNUBg23)jO@zl(a&QyH747xhb1VWE!fpAq z%$_0g7$v2!w(VD3=X$6QI}Hy8Isb7(GSslhEV$blT2UC3m688&0dy(2f8XeQUWy1g zkW1^I1uv@t^npd#guOhE(<3pLH!T_>q#D~q@IPaA;y&n^;TvoS^5 zmK~{l7h_e6L_87RjN*E!xoRj^m%)Oc=1?ir2wBxvc(e!JkD2JG8RTg$U;&|8=8#mx zBE==+{U-?DN$BI9GK0AYryJ5P2A*!i2D)$wurE^>qu&fho_=Be)}zooXjzSI-*qz? z+~(Eq?}cg4Z~8r>Wrz71rZ5j&e34R4+4<9dHFAw^1RF&?B^sR8R7@fYnv(ze5 zUumrX@H$h>0ZzgKE-|SYHEe>roAcBZV!$~KamgLQOV)YbFargySt?m*C=7=|)V7yL z5z_Hxw_m;`swnxVU4A4f$$i^l@Sts$Z9lU5uxF`aBl3aWX;}fyYDre4SyFpz><66s zI88{>b1P<;4IYnMbG6mRJ#R)sN%*cK;P`y8U^BX%C+yD-6 z2D8%j9e9>Y3O+qae5j__PsxapbM=e`zFQU61A|I>0`V|%mSb%048Ao+-k9c zW**qeax9!ivE7A5U+9Ns-t=MRjJXuYgVFqd~jfET4#WNO8%g4QAm_>~=m!&wh|O@;L~pM6_wf052-b zIdBx5b6@3&H7k1<5gT9W_M%K{ap3S7Uc#G10|G!fyt`WN5e;>AK5WTtaBXm1Ct zO)8HF;vPLjHb#?<$BYnu@#JmbitNt>9IceNI6Ryg)|@}|Y<%3|3v|Tk$K6#n9;9rt z&N&BZOf5aNpL;neQWT*IBpW4s6WKij0F%{lu4Vo~904PA$%e9ri!;R&;c=1hwLR}t z_FR4-U)op3+;e_b2jIv+c%)Rr!KPp;z}Wc1 z6!0UJLVo1RU|PC-GEyFdh2~qK8JO&0Wr>{U>5Qd${JPC@o3t2c9ty9XCo^gpuOxUq z;S~e!50JS-*IOaasI28(iMpw)+Y8ZZ_YgCrEThj}!a%_Sm3ufS@K^2<=d5EwvCbjX z`q;OSD$DRGH;q7;(F_vpntdR6^0^|p8YhsWIHq`GU^c)EvaflfmUR(I(PM9L45A_K zxr|QPG$$Lpd`sG2vmy>Fm~*zv(imb&6I_3HBb4;34K8G={+IE8iE~*+#j`~yD1GGGP~Arjo@wUWEGQ2N@%r?L!S)+kNxa_zWa$D4xTBg=6#7y zgvif+?jq~T=3!~};yZ>@?7axbfmh!XtW!NwL<={59x`8gn;b8h@J_W5dI64FMQQ8I z{mUu)eT%(;J=V6!oKPZ0mB$D1>+yS5QOxJxn`PtcTh9*{MonCO>M!L9$O9DG?pjzs zcY1ugC7m2p`M9Z@3T#)>kDc|VUj_}C*yqlRBj*}qEC&S5`G0AlZ^R|Jl2Vv!otv`U zXt-+87|a~t?0E1Q+BHKe9xADD1O`kNg7U@#BO(GKBCwm9nwB> z5qSgh46khsMb4}=g=OSz&$kzM3Gi&SWgsab=*u~GDvg=1Q&G-@nIR;m3IoKcR!nuS z%+mXK%X?wSbq*3C0TFDG8Ds5Q37e3Ef(rpTiR(rp2uI%Xe)w)*#L;c6`!oOomeFjC zFb6xhiDwA-Q&3gVS-soWmlucFkHbZNA-vK_hYH$>cizHpV6m<5F2^ITZXdes{Ow7% zFHzsoO)vH{0jij^8=^+npMNb&d`@h2NeCp+e%O}k;6L1Y!YLfWJTm?;t{q}PP!DfU z_)%!`$CDu(90I1AP}pss%-R>0=BmJDRtvknRAXu zjX{Clk;{m$ko!HGG2x}>Fcx+9ZLyYd4xVHGtn?V|E-FU;%UWU5S@>Ir4R|ck?!)79 z@mp~uJj1yFuv>}z#Y$VgNm|08^s-3QtIGHLISK2yu%uv*edbMKC3jo6&z+IhSZ5kc zixPW^YnSr=>g6c43iVA6<$8h>B%y(zN=qIc#$;btfu&O?hQek7*p!L~#W}+JVmpw; zTViWFE26-3FVsLzzQc22`WgD;5J>PooAyD{m8dlPtCRhd`oS%}V9`3OQoF%Kz%$`p z!n{V(jotguK6=yRq?Zl@*eCMxl!?y(Sl`M}5_b98o>tM_{i{jxMnAw6XzLln8z^+o zlE^}HDfbfu6zq?Sw=8vHFO3?W0(Mn^TWo(`|BN#wA&vxY`NeyxO#Nt^^O86yz+9>6 zY7#DW>E-LdlbLFh<@k`<^f4Hi$FmQj!b-K{Bdwe_=r;&NfDagwpG5BJEcufZ}T8TpXc$p@!&i%ns!O}F4*E>2M3P`EHRJ>Cv<&q&*e*qhJAi{B!_uJd1Rl>F#@C@_ae0ht4&lpfuoD z6r`hADOtwFs}nF;I)mnTK=-g#g72g4f%p~j1%nW;<|C=OjszU5?jp9IN zG-BLiVbOG#l)UoxBVTBH;dx^pEf^hm22}3W>kYvvVeEH~w(kx<&e$lgzlNF+RAA%G zAa7uQm91Pch6eLQgg^3!o3UecKprn31U{Q2?;>929u4MvG#i4$ct!ybFT;#p_llNR zIA(}y39e+%CoO~f>yE~i(^ga-vE0Nh>cBJasjrjUmqfE{o-$(oMf}*6HYufQ)~8 zLA`=h<(>t5$tIN2+B^QvX7!`d6&i%Ys66Xd6QJ;;)hW@U#kdC4od<~QVNeD<2@tn1 z`1tq;7*;{e4YVe&$ADzf-*J*+ExlYF0ybw%5Q>qtB15KnED6UdzQqvd8(u9)3ZeJd zZH5_|IG};XlkD%6do~K&KOMugW0;F4V|Mdzq)=hLU)Q<>s zoUy2)*X!ew0FaSw)dyGxL{Hf{4RkC94Z?V2P#9M%aqlyL`gGglUf!jG-Wn911Prta zQ~hXDpG3|}{a&79m7U``I!N}Onm}}9Nu9ewpNkyH^iuGO#Q>;G9FOTb#CshAf7Iw) zN}%qfjtHN56D}yIcD#xe_mu&VFSA`8H{}h0lGUPJ_unf`MWs=1>J=XW%gNV^kon~V zfMIvY9w`jg!+T!8f3;Df6)RrHvqg{Kq7p+3Ftw7pOORncu*3bHuO{d**S9g%hjy z*XYMXyoZItu#*5740i1EFL@m(&3d_*_(qi6DS<{$LO{QX|4a!$HFrUNT3lXW0vxx7d8p>ddZOg2~mdxIyQT$&aA$c_n>(sIMRQ%tc542eS-;d zx>FqN-L9V{Ee9C6mlhzpX>fm~Qk){Xj@#bL7qTh7Cr`U|Ptt?FHQEB{Jl&fB>m-nJ*r{+z#O_?p+)C_78P%78)JiB~2DDXB@XJG&%#I z%IABJjOr=YPae*quQtz|m$h<2r6{5M^W$_SRJ{KkQPelqa6~OMfIMzb5%k{Aniy#v zN9&#&Kq^?v`N?t6|9iJ9)FUEi-hqeYoc4&>{DKPs7;}dE8Oo70hRL0w8RhH^TBHMx z>?d>oR_+68T*h6kLQE#in_zFa?)N~|(XprreUksiK;rUhHvI|nc{3W&xqqxg2-bk= z{W1V#EjzxQAOLbu4tvAOptO>d&f_%frJgEJsjrQVjlVGW1Z|#d&NM;|m z6Q~Hw(=Pl2fe_$n#G2;DwXy965H_JdA@C54X4hf~-4)zYYLR%#-`l%tEZb~_9Rvqv ze1Iu=z%!)7lfV|x$%um=aVn6a6@@0=?#D+EGfFem3HvuE1>dFiM5Gw^($WQmlL-dt zWLV)`^L!K-?EVP`_yUmD zm;fZ}--F~w|9f~oX1H0YI9kzb-NVMVG~(rr)!_YwhwN9Mj_D#|Wt+o-22w@D#gR0{ zUa~=N;TMvNM5xZ#lzJF&V&3YN1IkMl=^g-(=I7KA+w|M`4PQIkfHJ0m2~6bMFATVq zSME1@pxo{6K(6tJ@sEBbI@78MGQC~dxe2t}ciL`vP>44G02K<`fo1D{TMiUY6Zg|L z*VVc3ibF|SzY=W#eeB7d|c%YSNe5}i-19p}(IF5uI!e<|aW?(Wap5{&e?rjyGclgm$#Vl;F&hEZ{X zddXZ4iA=cO#&Cd~pXuHro>oqI4vVP7mcmEsYZ>(hqO|CSXJczyetjESsB!Vd)D+`A zl!Ge})5v~DW&f}+uSlhexAz;Mx3?i&6mGUAVoijyL|Vx#g6t=Hs@QIT`gvRS&H>PD z>*c*OEH>euWcN>BJo9tv;+|cd5TEmVXy6xj`Z@KkbLaP;Aeu(q!0BWY9OZX?#G62f)o(qO_vloHt^$EHXy^(Ny^EV9OZRD*q=NF=mS@0H1 zF-82Ub=sOusd)o}eaFu=&ZvbK&Pv6EcSvWt+VHWSdID75khYzA#)I2vX#F z)mW-$nMU8W<_1#u8T814X>s5o;fb7Py|i;F5zStYjQ3AXO-)hIil7Mc3;0}B)PbC(_Yd?VyQwq{r4!%`1cQFrIa{DCDk1ZW z7^)}Hq7k?^|IYrZm(?OYFAtUUybV8Hkvk;UcBoZwl`7W8UpJ|AOZx>14hFmkxxpF z#|KaX9P~Jx*gMNZ93ce0FZHXxt1KMdel0BtnG`6qM# z(zrS8V&D_Q=R5L|a#>yzno~~}jy1bGh)fNxa6R%vCu#d%lbk#f+e%%^Zh5LU;Y7#c zA}H5b$hVz&{7020cXx{{5yu%14d&Ika(>B?_6i}V_r(81$ZbXCIL0LugHHUGSrPsF zmh^IVr%-XO5gfgG{HqTiK1`RNs_-HL&{ovq(|V%^`%PxuRl&u9=QK}%qO`Rox3Llm zKcJzcUVBeSWL%uTG5|6-%z8vSWHVaVgp%c3MEjpgRH#4!AZ%^jwQ(&0up?->5^4#O zhA;BakM2r^0@Q$$_WDJk7u;o!8Kv*lam(5Eo4H`_&@1NWxz-6^Fb%It-Hd0@?f^g)h6Mt0%lEwOaE~29&~cc81H%0<8Mt8@h2?N@~9?yCEn)Tly$yS+S0;)gRj_g=_m+LODH7o_XM~vu( zf7ntpe1BvfcP}cDDnDqyN4`4D{W#tRF9`IQP30LZ5rY3sR-b>8^;fonqVBR&dcU#I zgfd&KWOfd<*QPUU2CjE#5ttiFc|R&@c_Pk+!$xh$cCD;Qn zE2^v3tBvTM8`#orxP4=o)II6+s*g>M#3RVqeY6yHPEQiKOkdBBv1 zm3pxhA^-@5f9`R_Tx|^FUZhnEtKp&0;!N+~`W7LhSUqnI`snO`Do(V-kS}k^Pl#B~ zD14D5vu@zMH=W@Y;^01!P36`%?EW_W&_W6savR*+j7K%hhP_nM4sJN;9P){4fbHIt z>FLPTI@^}6uBSu(?0Zw7Bo3hN-;w!_ntt)?U92#CwwMj} z@=REp&Lj+H+P5I+JBfva1PBCQU)eSvh5n>wnfZG=CZ7Inj2k-CDjf?I1sozi| z?nJ<3F4h!!`z%KW$#Ln4dE8n}b7sCfy%ht|b#?Rr11bKaF8Ub|Os^%Ud zZ}yk${6~TU<$Q+RlY<9egm2%XCrn4s+kjHqEX$-x8`~)UV~BTB60tVn4V8Me zNr{Z-@wueM>ppK#O4CQR5W}Q z=kr*oWT>;VR>f|qT=aef8hKrBzNq82qS%xZc5ygj8P$J4_~Ps3_1dr?3_}<$^R@Q{ zdyFaJi{-D9GfHfvylxn#rfRT5(Cz{N@Rm3BjXdS!@Cvny#}-PJdjb9PM{8OIMMa2a zbERi$=L0<0S$n%Le1D{VY)l6A8B3m0AGs&_eZ#DQ_jDX0IrF=-L(ksdeDIR|pL{?i zl5MBO=Zh4K+d2!#)tj{mGYjP-WM2g6{J+{3E8!SDJ`mk`-s5wxswtFUo0bkQNiOnmrq?VLHN zWvZmW`nT8|DsThyXzXprT6fqge2{LwAai`du{j?e%IZ+5#U5TW*X^QB-&bm@Ocq#p z^4nif8Vv;RplPWSft#ku@md~;7Rr7%K$#H*MS5a##erK#7zy5qY-+eXJTk_?LcjLRV{iGIYQ-Ml;iT2< z%f+3)e=s@_l|@`=bQA~5+a|Vw3U6r5?lQo2J3wUtU@H84Jr3QDe@D0Q=WKgYIcu0< zb3B&27f-nG^Jditv*13JM+vY%RckAz(3+lCQhf3U;0h(aIunkYC=AlKZv_1SyC!{= znRuDsj7O6`Zfb}+SMv7sEzt1*_OL)`-->PGeRRCHa4Sq{_l|obc<+OkBo#9=bD=M_ z)lv)45ds(TOb#f{x}#T)RGj=&tUxI2UA-Qo4WReaqb@NpgUjvU`yx1$w6T^fZm4FBnV;YWw7}cfXopQ@l zetr%Yva5a~-7D1ePKNY~mI_oTE%G-KKgl>+kHWOr=cKO!J0yV%_TYRM%)8Ezzst2F zp&mBYO5}!fHAk9$8xI&6=i5rF=cK^dnahFwDyud?jSnv(P)q@@t(|HIZXlX~XE{$n zbt$qU%2I83afMO{4g3zk#Yy^?TnvtshUJZ_tOw zo#9kYlXb#N2TA`prJ|32&<$_gqUevZ3}ylmL9}9@3*B#?HS;N1q`%r`8(m)ADG3MM z7f9~v2}3MIi7k7~Y$6reA!0Q0W=+||`B23l^j^?YeuF}yUb!F;Y>Wl7oe!4Q7X-qd z_Zae+z1=iz-+ylbNzOmCm(S4qW5DBaVgPYZ*?8DGf|ObydueR6ECl|P@ScmlP}97+ zamN<{5Rp3bJouL6S;OUD>Y(Aa>LoAapc@A;EelEB^$R&_sYh@s zJg`$ybjx63IeJRc>aDW9ohf!seYjnZPmVQjx#=mE@6+Db&isPTC-OZNIvc`)v2S%C|64H>;Q>^ zv5?T^KE&BR!fH16=dCr2D*@z{*qMC)!)hix^lI14%{1$RY?z-Uv1F(%%M~|)&WEAO zX2fJ28khuv4UT_09b~@ytK;d+fZ1fLe>+)_0J;ynK>)^AKYjo z&;|60`l0-=nW(h^Y(AwJD2+lw*Pqqh-1O2ek3``PTP=7?^vF`~PtyXGo>ZGL3|5?Q z%ZnAfZyNC|RW&-}w+~hAg#GvL;=nr$FQutf1Libp7 zLu{MF#AG$8x_DT+ad@y`4!IdWCW0duD#{bV=(;TlAhs1u15hJBCN3vta~|?Fm5G)x zB0S|?A_`fg?{{Sx@q{cB`w^G6<`12FB4hqGj5;zKa$62JWC(Bhjo|*!W9|R67`?%b zo8C!1-s}D1ov}s7p&SY2FbPNq1V6hAWib9Q*uOmM z_e&{(@xorC{QmVnKL-DWQl$EaMEyQo&z}7EC!OBkwfWCm{`p<0;~z%L zZ_)AhBk${9$?>00`SZIx>OTzIe?JM39Z&y?fdBn0(U%ziFfIP`VUh&@_ZMUNe=qhQ z#Qc9N_78si|7FFWV!4rPfTKzczrDQ;^p6vhltcr%Oi!q=rU0>pciQ|=&b6Zg@ww&bDyK-nw|*ULF>fuIl-i_zC^mg#Yaqt;*iHyhIvV zjlB{sluBSby0}o*;eY#foV+D?6kC%a3u=1Ae);oLUcSqY?k~l7KSrTEe}avQQH&Y* z9I1;UM~n~pKd}s}$V?)aGx{u5Utf-f{QDMU|N9n@Prxl$JiK%Xx~lZZeqW8Tip;=D z;IYnz;ZI)s9}~d(-&gaBWFVuX_y-`YdVA|Fi~NZ^^dC{j>(NLGS`q#wO2hvqN(?@f zC@e+(E)d^8R}EcB6lY$n#likvAN2pdKH+q1?Qlq6Y@iuaCAVi2^P~bQA29%;M7OVcK-289_whBEGnE~}A!$sSi-)}J z2Ho#CMPP5>mF-6i0Jg&B2bGVK@bVArF^C~Vaq_=2P|R^asl@Nmi}P13RtVkI#m2?G z%7y-O9>)_%Yo=yjkP*}}%Nz}Y{I$@4NBtGPQUtYM&$mXX6Mpk?wl~dVkX?F)l&aFd z$p3E+4+o61-!DYC+EaXX=J3!4g(E3}15eUukb_Tj?nZQ5hspwWn=>9vCXFb>e(msGG(xy4 zh%`d=96F6yvdlYUO)>_$(5ZjDA3#v(p8>;8v=8ffWbBe!elnV(FH%Uk)3OoCv&~Eb zB+{-`Wq3KQ!6E6TqqUpX@@*0_p9mxxSDool9JX%N^I7(?y0i+ixHyO)T%|in4>L3P zT*<%LH{8JJ7Kf{tey5~EcGbEed`$LD+1sSc*h835%m{GJo-cE1_v{hj7Dc6D^pqt% zhJK2B+NTR)1b^_4J-CtPiGsab^IoI7QDeNHlQC)*x>MJ*7w+-CS4M#&x98fS!Vh*W zm^tTBp5|!7qrr$ANqz9Gj=N!XXqzPzH} zq%d|TU=r0&@L;vq2q#qc@nmmCWh_-aG-G17lYRf2<^|!4OcI~Mh@W=?=u&V*>%Z_On2FDQ`o56I?z4b-`;m~0E;mfa7y~n;gM%0jX^&43Bw=8y zV$`aF`E^qy>ylm&#yUVkH!lqD8uME;ge``Wi4%`#=mrI3!PK&4>2~)b{`1!KTPd0K z&m`iLC^5gIgHSU4=g7wQMLg*n4wt_&9kyk#dVwn$G}^H6`FgNzYxX?jgP<>F<4(rV z&v1gea?aG5>Zj$~sVF7v@MCa>+Uz$qL_SZPdG&m8s%P8qQF+`vqNHFK4^q5h_kU70 zHQ}#X>Ab6u;(pER%B?I)yIU($lzZGjm!#mx@pCeYa6nW{BkQJM4VHRV651KOi|Q3( z@?qiK$8A`2mMU>P6KgWjWGQg$p{7GY5zyI?_90nH(S-^xC@86np#c6Sxs^t7K+V6l z7OSlTJ$}9FN73%6i;$#2ZpG}s@QFM%w_A+ecxu{LKxkQ~i*foGg)Hz9xx-duwTK)vQ`Oc{H zHN~Q#GHP+w>=?268`HHzJsH;3bV9Sj3`;e=Tggg`)}CK)JX#)_^p8)XeJ+9rBpzK6sS7XrQafe*@yAlct&(4)vyh_1$tl@&#(-gEe~6e~;`@pp z@(3O{*EbB2s58>L(e{LDrur#VN1YU%?%PxMS#c>wgL?&2sooKxwT``Ncf&?Ve7)B> z7Bk#6R?dT$$`@K`p9nM*KeKH771lpp-I;$<=R7RKTZ$wbR61kbCsHp;M9<(M)$fc$v4&q8;Rlvub}mOCh^Dc7l0#F=|2^mcd_=ms z*Gz`Ulbv0^^>u^5mO4_2=%+A4H(O*km;wd#m9%_S8h+bheALtTO!~Mr2C^N5T>>y) z`jIlfu|0l1QR`ad_3h#SJ**oVwXl)8Z!(nZL?;ibXytMpeaS0wpSSAzG4Cg?c8L|% z+BRFG#}==B{u4)a#+HNcDpq8tnVp9y*TUS6j_wm-*vz?)A(KJPKCwnkqubi2tIU*> z#hnT){UI?Utwa8=rGM4J8d@7CzOLmIppbOLW=hxt>sv@iYD?fDNVtU2v!D^p~-9I4n&iD-XzTc zy1YghvlKh{C1;jKd2DBTX1O=o}Qe>^c74}?Lp;FsKPMmk?5DerwUw;90 zuv9JJ6VMN36gqdidZPB3^CHwKTEji*y?W{J|9fOJ|MQ!=nQHtP|tTe2t+7n$x!MwtIrbSPqz?-5!m zSn}X!usvJYfA3k~d)_mHGOw5~ui;K>0MSCur#F7kPH-%uDAhzm_fuK;eags<6oGdJ z=dMWB8-GsXB>m+fU)GIHKp~bq_a{;HBY4>}dC$*kV;~{AfPa0sdPWE=KEKVH&G*8G zMCWrHZQ{VtophbcURZ*P7BYX5nJ_~as=A9eV0Gfq&b>&ME4p1g&=1^HwIv*Cs`I&7 zk15G{2I4&BaZaQDmhzT`EY@OE`Evu1HH?RlW3y;vZpjZaMj14k|R8p{&NVx_)lfYjx`A*v;%dr9&xBVsBN8DA~*_O9{&mQMvR*iHtWtO5iym^;SF0qa7%^Lh@o-zo>rYG61czs1?x zsIkkn6(g5CC_f}np%mWe%2o4VZWCd`ocZTm^)CFj@e@Zn`so*Lo)T3$@`(FW5gkYg zIThwGSUm9lkhwdCYt ztHbKAE{aqM{B;`s!5w)@0AHAqh+B~OaR%8b%-Wx0h<>w9aJxZp+140zq79I|@vmX; z)(oVnLMyP1UuqvmpP`@nNkSaJSR0FT30Pj5Y5vO1IICDDxX<;*S)&sdRDS9$;@RUl zST1lYR}rNv{|XNx4fj(qOsq0qdX+2#&jI1nk9?n(Wlc-oN6cz%EqXDz6CLX)X#XU0 z#9l)QJ9h4iJz);nER!N;jloJPO4nA*Wyw6Tfst9x9M1Re`_@c)-SsApjhu^=C=;*w z!nUgQO{(E%?2Q3-Qo=8jfGENQM_LmF| z8HaJ{-(;=NtIIe{Ub!6*c{bAsvX;j3xoIS+Y;?iEMvWVMY?UCgmf+nU!H)E z-_L}LMZw#l#;AE=qN0L9#hf>e90#0YNX0)$yTVO0N=g4)JOke|zlF8KB_w7XuAv{v zPtg?Z+mp05*$^VnIdhq|d*EEW2#$lm$zgUVczY zJpWo+D_~?I2I}7|58BX3k7#kl*&tS}HCkF9JX*vgB8kEK8Wvy+^kT*d%)m(~Kq}~$ zX=+^fl6^?cT1O{QjLOWs$c>k~w$xANpc~nQQcepl{Fq*0b@Rfv%YB6RapTVMMUYAu zxl~2c=4y70lU39OpMJOb03v}#qX0*KW4Xg4)#00}#Z^ju#^?H3&NpFI zqcoUdxvY~ATl5HsZV;be%9Z$e7?-PPqK75+CHTF3;@g3>8nSVd`et%(J4n6;DQUWK zNURL-!xw9tA7j?n0T(EXT))J+BT)qYX#S>M_4Cv3hGw1l3p?lX%{w$_6R(Z5k%Lg_ zPxFzXolX9GWUd0C^>+h^s<*3HQs#UJq;$v`{+lB6QoO!fA;=TT>tV&yBdDi?g0jB&@IPFhk8zb7EUmw)3vHoCT0`sL z4ft4>zfQQW^=Tj}hA5+D!|wq^PBo#gf)F2B5S{f(MPzaDk*P|*KK0X+5?K~`>{wAl zQ8zlPoA95jP9jf2*{92fB#kaDI#?Rq*oB-iYn~FEoqxSn*d{uyO1^Kl8Upv>4s-baJvx zBAg(WSk4u|A(%_Yf7g$k@om>pQ<~SG-`3dTV7p^`T>Gih@_xDysI2QbE=A@ac-%!95t}cnhY;k5w5!@8m5{aNo%oamy`P;? z%`cqZ)mm#9jAz91Bz{BFX&odWdhTZm%N8=`*FLoxb>dU%cS*XFRoaHGMkv54Z55V1 z+1}jWsS>_3(`d~Q0-|s;gjp>y{Pbjy_3kZ}hM0D-KxuAB3%3u+j*?#*NwxT6i}sOH zBSWt=UDbs} zw<)TQMBguKDp_+OWEjObHsg4!J@--mhl=?7MUol`JzbC}5L_{vHGR_f!EcRE*vwDu zl!@|YohMXv2^LUo1$fOOX8mg6JlWQt$Wx)#G{Nz{ACVEn1?!VMb(?1P4JFF?n96ck zbDnHa%WJy3IFS@Hku%g+;#X7g21wxtNy++TJMb_*_dWTg^+7U{avEl(+Im&$gbPY0 z=Ql_3Ym=fmftDAdodwSqr<|FHf-R*Qzfy0We;CBcun3smxG|Y#**xCX$nqxoj^n<@ zPXQ@P(0-2L>!CxzC@cu#E}Xb(3G0Ztj}Fd?e>FErftq5M6gjLB4t819)4NFZyUYI))v9d!K z!##%7ZnRfRX3+ikg6cC~nEt2d+pE?{{MA_2Q)o(4pqPq-5h`9?R*x+Xms*RVn)aDOhjMP@Z6`BWBH}5?|!IKs4?4c++f&RxS zM;ElL{8;_kF36Mz&N%jV&-_VdOEwfHl;Uu679SMr}=DO(DhAlTGL3WKaBt;tJ<(n~U^|EO(Vh6bL$6p3uiX!trPu#%?zFk0{ z5L;xF)b4y>w-8DE)-nlZ!#IpL(0~ZIRgqRwAsP5e4Scei5-B9*na(3zWx^6lTWB=W zXG*mExwugrMUuN$`@ViDbf)pG`^Be}PgnUM3fZGMoauG zGfU!|29u7|7;O^p&$C1l5cX!~o*9s!iT3SlM)zOx0P^7C>x$OC{?s*L;K;(IuINjg zWEKL@1yKog=Y8MD`bSLV1JB9J(ubDpd1Q~$0QsHs)Hffm3j+??urU+2Uw@-!G3%tc z2g!^+YF)U$!oicy+)U1-`IGB#xdJ+jD=0j95^1gV9x7CU(q(dTY;tmP7gyKzfdR~t z60xl2SUB3OoaF9FYh{D`mXP;P$4tR;lqmcGp+ASY@WdpYwrii1_aZ_Q;5mxh0E&O!|+JL~M8*1ID5wh`jNF3^?EXQ!?K7?Yza!yoM%d@uBU!ih8Iuw3V=?m^xZc4CTh(3_ZhVgbyNYH25#d%dfn_1BhGx;-<% zLD{r(*Bzx>XMT2|n5Yjq3|fU;q?@>^tooE(h3t5jYdE(QZCfsrJ%y*Qspj{vs!vI{ z`9JU6=abzu=gcc=B-H07O5WjBzG9NtFc|3y38csUy0d6Ul)~ydbDD68<9?u65ANg* zkI`Yx?sxiXnGkdUF-jbmTiN1eI>=|%>n62b=rw}yJbxuML`i%ovHBpOE2cl$5MmHa z@%3UiNLXu*iYNZw;^0QG;e_+o0_E$Nm)%V2R_PFymuU-<&D#_4%8?x%id@Sj~={&?Ul|J6c zWZhaesI!U%DS14hV$kx<7BXeZeU-Kl4q37gkFiV169vvc8YH;(w@XQEWS-HG`IJzP zZJMYb`JsNa#hk*perR@Sb6Y^OgST=Xr*hAz$hrX`diMJllWg(&O#CQ z3~z?qIk%w-$iwS(4;{sIw*ggS9ksUk>muQ;;ab)bXSvBsOZ&YC5~sZz1)~j|OM*^k zB7>hx*LE8?QzkZ3tl#hKK3*B8Vux>z_22V%yZX#Bj+8nBhcV$BE}h1}t?s!8RJ)f| z9}4a~9P(gfNjQnyY}ki4?azHL)#>W0O1Kh!EBI;Vq26GZ(-J)IQRcQlUj$)Y@SF*{ zH@v$x??2D6*=qE%On#jC(Q66X|H2h>I$w4_;|uC}w=xXU;`MhD5cIIRj8@H-GHz8d zVs*ycsQWy&hQsSD5PtT2TmJ*tZGHDtg5UP-_U&fpkLl`C zJ?R12GtbR7fwCVC2IHZ8F+7F;q%uUU7v9;z{}@;0hw4G zh}%uDC=C^9GSZ)k^u?28F(}eXeKPUVZ3Ups2R}QC)$puD-jH>z&U)J=unynEwr>Zf z)+?*;4>O^i?$RBGD7|<^+6naAnV{zoDVt*@k+uwbqGR6<2R?}gQ%+w}u3C|bS*W`z zT^5#psSDhfKRHxBA+G)*z;Va(QyKqOwFNj{Aa9-A2T4FXFig;261Ld;m*kK)f%$36 zNWW!cWsU4L#e3eYqD!?OZj&M@cIPXH9{3|8=PY#MS{Oh;ZzZb-!!`C?stIcdjnZUG z12KQfY3;Mn_XM=FjePGXjIpOegj0(ui`>@?Rt@7Kox!W1*s3@5thQ@Bdn3lq+GSo; z_MRd4Q4E8^%u00lC^|SCwt2YXDOHnnEnfu3EUT5(mXbAn5Rn}DLTcf``L~+|3KuMg z3^f)c;YQ%;z>;{@2C&xN%+xc3!R<|=N@rJ}fm=ylZY;V@Bn4(##H4_mDw1zDXFu!~ zQ=Bcd?1+He7=sY<@k)C0*DUTKm_@LoatWQ)t7PHqf`QNyV*Yypg%Z-J#|yEmxDVa_ z@z-qr zY7%RZ3+6&k#Jg5;aqPTqkw?r^mP;k$U#WL5%n0uD>KwuEUNoO@Ax-pyODEunKFStH z`Sfl_+nkoB>B>nb7*c(nNeVQ(L>1>!c*VdU$^Ds07L3Y3T8q-67<Rhx3|1SP%DOSf zWi9$7G({c4ER9|<@m#_yEvdewu$)0*}v@<3OWjXkmeqDC%rmlXum zX_#G^Z1;w{Xm9D=H)cGSjvhVPrFvD)oa}4z_Fts%5)qYtYo@6wn|1YfvmvU25b3Tn z9pi_94$bfP<%%}T0h$r|28fnBUM^(JZYFr zC%D$b%7@or_VXuQHZAUep{Q?J4*wrtZy6R>w``3PBv`PZ!6m`nrGY@O;O~DgkhuHGIMK53g#a<0c+AY6axVH?GE#5Q!cp8oi&9 z-8QU0bf&G0Qm=)`VCNubIgY09RY^T{_LW@fVcw zb>VB|9xt3PIZ!k;adYx6vn?_gF5^(&-j)X?{7>mMbf_PVI09>c-PWUSAhm{we z^xz}9xQ8cim%S_PHC6(nDA&Q#P-_raWBt%$Agg>521&K2cUT^6Egy&Ajv1&}s)=(j=T#rMaW@+eG4- zUE}U>$FI5r?^=+%636(J_4Hu>3iPeoS*V!`T zWU3`*og(^l&F{;1aL^Wzbcc2DV_34}@1RD#G858$Jnd~V#N$=A4$`j*mcTl?cD()i z&Or2soHTy}fxYGf@dziZhxSlrTptVbso$8f{^UO%{O8^FqRQ3eI1+<|NmC7QyF$vvk zWbo@dI`&K1Yz*v8M{TMg2w&I$*G9{}@{$ry^@vL{A{IKNYW(A>(;>Dh(@$)amFO_1 zwKnW0#nG=>$%v%~V)6t>i6e~S^tO?Q{hh#O2m$|ISjyMW1GQdfhDSu8^jYeM1k0Qt zDO#HmpzMw!>Ys6&XhP4jk%+w|XYax2zV0llvXxy8RYtul^crx2k-_(G7t-cJ$-=fcx97ddy%abyBrt0r*q#BM_mfu7!J@VtDa+KavHygh&8)xE( zC&>&w?kQaygdAhr!O48pig>-Zbljd(A^((Eg&L{gEA z3DT~&My?N;$*T(_X?f}OUSIy~@R|ibqh!> z#zn6Q43zyue&5{{Y?CUqfS=jSKMSN;De}lu>!JCZ$c_W`9E#H|{N$uQ;M*bdp)TF0 z#7CEJ1P?RbWcFt(wb_f%70GBvu0}|DW!0B79BKbKj=1=?Qv=M}B6K*<1pjvBOfai( zYD#fpHC}LSj(<`2%Apb?P>aGOY?;QoIYR{bPi-~GF>f3{sC?X=@ur0ISGx&pUC3Clrj@ornFJH`$Ql^D7I*+bhv%00KPa;-xJDO#=4gs=7tb}a zQcfYfKlU8Kz zdfIue0X910#}RitJRTSiW>lB~Clk8kwi+{2allpN7*&w%Va`gTf_hw@Qxg$#Q-hdC zAM3((zc9~Gt(1Bl*VAQ|h9DGj6;z!!`fQ@+@AZC6>UaWnDQaTE4RL{#X2kk4x%=UK#i#*vFq54jeW6w}Ge+QsIo-HTzb-xh)E zHO?#)_V3m?1%f*hzeUKY2ySSz zO~DT-#T$iVUfHW}?`fa9Gno`0JyNV8`*d1B8|X{QJgEHRw+OLM{QuSN5HVo&Ox*Lv zHRF)f7KYz3l)Z5ZTC{K@^%8_D>AV$uUZ_X<*2nOKL01%Mj&>$y<)%d!$-78RivB0A z*5WmvcBhka%~H!5tVS>R2kk8NHAcT&8ngX@OOIaD^is;cV&YzZj^Wwy0#Uu#M+E0y z6|p)oy{y-bl_2(agMp*Jw4?oa3Ir-@cT(+7R{g1N5YVyz zWxEhk0rHLm<3@RRwY1vP{L;e z@MvQ=ALf%Dbf(w;p7(4V1)zn?pNlA{et+-=KK`^8GDy6uz?s&PC2co?vZzP=HWu}5 zUa;;mkO7n;{Fn*eJ%fIjFhA1j1_xn|3aciVhfdd}>W`<(G+UVV0n{LvO#co)i%)#Z zWGuAX>%Ji*9*+MH5Nji@%h#NDp!VeVJ==cYF%5|oQQ`)Iqhfsq$t{* z{NS9HJsq89KUZI;Xvr>vv2MnfD?<_!K3~X5nXA`Wxk^;Te@7+HXQ|OMerWU(eXFu6 zx7tLMx-JKrsc6VV@ZCpu28cri6s}QA4=Q^0O7ggrZGj_5hHVTcC-JX6mh%J42-y+5 zN*P=TC+!t^3r(c1n=j#`O!$s37VE0u+&NXmI7Xg>+G>hmmGdXmY=rRGzkKj`wLB58 z7UrD*VsECCC||i}IfN`Z5;nVUas{}2Tq~t}YE|MF(L59_Os)ZY=L4S+15Vl3CPl%I zO^{GJc5<}6EM%`D%IIeD%T78O74HpQV}P?*NW*BgiPm+82l-Lwt{KlCdIniK&_>jF zxz_|1DKf;w^ddPk?0H9|MN8{eY6^_y0(kQzN<;V^340nofMY1`0PtOP#xvP{8-viJ ziM$7`)Gb!8sA>f?%Y<6do z=$B>C%V5GwrZF(#^hA@CdY`iK8gO&n;rx%GH-$(QyD+AJjN2U^FVSqBNuocQ8 zkflRjqTbh#_BiCCUxnylSwzzh_UjlV3qE|GtDZ{}?G*HxBh6Pq&y6xh!;%D46Z9C! zOl1R=L{hZDHKse`K5tI?B*_rE0)-k@*l%U;p&=m*MJqb((E?GRydKEJ-H2kZrUmKW zMZVl^rY&gMrqW=2o|H8Fh9fdgAs5rbtIw1jJN|H0lS7Ynx9kkXLRV2Yb*?o`t4q-g z2XeXo=1G@P&9y{lK4m>+8MVZvPXZk8&mI|i=^Q!91_%FixHDpmA1zOP&eF1mP3j6t z4)HR~YdNl1g5Gk3$_`q1PSJX%6o--KT0Ld?mP5hBE4tQo6+ zDj|vZ2qy%Ly))8Q4EMBA<#*9MsgY|l*`)uQY*aHvEoHoIDn6HbD)6RlF(~8LgCt9p*xX zzKe>PH1TJ^iAP3x`SkiuI3FAC68ay(`21oyeU%UDM&CRYM@|deKpWk=DIN6iNO-$f zSK=Fm48AZ!k(t;9o4@^_>do^bI4%5wo}wt|nl6Ff&4{U5_xp9GB*~E4Wv-#|mq8I_ zp(9%l!xU*6dGPzZl`vYfw=3wBe|Wt9)_4YVKj|$lSN@3&C=Y&173(`6$o2l(|M^3f zrAL9VOxeVKHPEL~GCx#dMWN&@?h-zdep-ss;5=j@BIqH6{o#U3D-(CnXv8lJ?`4ZR zAU^h!GCsT80j4J>f;!u&%-FIU&akRa{$()b3af)7M(Cb5HRCMoPN7Oa)$G;0sGWH% z-VKIH=0T{?_RvRD>MB1-!Sis0A&n4-W2gLRBXRQEk<|me)9%$wE6UlYsx~~;o#ON& z2js8!@n7z<9}uNKu@Xxm7uUYS_QFro(&I=_?2c8m5l|&FbO{l{vDN%O9P5$kzp)fyo*LcT zrjlgXI|yyF)zn;b!>8RHmwY=wA3&TH2_B>ucls&a<&Un76o zbnp;Jv0*!-bkZt^x9Bvf$X!4W-sIRZ(;$7~d1GBqt|NJ^@(Qt6^)Rnt90FG}EF}E_ zq%qI_c->5(+6DL@1B2u=BAZ>#2t~-*= zQ_1JRXoM_;R{=XArL!}TO#wtt-RZfX=wo_%5`~g-{AG(inC#hacKgA=qY`psEeTP< z|Km+*@%y7kIFV489}K38h#zHMVM*>}dw!}F8I1!8mNy+Oe`e}L(!~xM4b4LZ2xeY^ z2c{O*hf0m5B7#B@xXhs$*(QI%xw-nH)u%$;r@h+IJ&l-Cv(!q#b>8 zHrBGL%*O~gOiV2-`ruSO0==T zesYx-UNFSO!5cM>jbX~m8%-3H?F<&b%^|glQPwMZAc-xfq>x1d>Afbms>|BddW zgg+S@M&}VlIan=jb?K34qJmsl+%x2i^1c31JXei=7EuCe#shy3jx4q57b@C~FvgGU%1VrTN0;A!?^}rXfo=%HuH3t%<|T3l{V!BJot> zNX%MU92onzsdq51{dg@Uli3Bpi$T{W-WDPPWv=re)k}dv-h&b(t|eeJ`JA8%}J~Wf+}-0<-8Yv(lS*8KKk#UU~%X z{dV>1jZeC9-fl5yYL5>jRCxW~&i7uu`a0mgx!!DQ49=|D#NjmIt!{V{9F0BQzV?YQ zrYq1a`sH1{1+BlI=Ty54Qf~CY0^7qqN%8c^NJsCWmwsYp$lu-T|ClxH11l?QEsAI) zb&^GcrjDZGFGfa2*}{MJb(@op_~a5&kNAro0F65n6lT2_ytq9xPTSMR#veGU4g~ZPTu6paY@IOZ^p zBz|jl%{jff;nY=AU3iK(y;4g!`YK!S+9G@HN`-Io@d6COl;w8v_qkn>tsCFTR%dOM)EKT&}kgqz2sdxI^+yLBOiHX>j)rR zgipi@&4hzYk2x}i@jbh*e^&w8L6Idnns9P{ew_`aU#$P|J}8jcS%yW)EKso4CHNrE zFp;|_{c1`{=Nu|x=+(;TrqN2(x1GZwx;qh<=0&eF;!AC+t8-=uhn_n7qE{YTzy2ZH zwv9P}Siq=e;2yuC*Uo*XO0~^${`Hl>uum)1+KWAIpWMw*PDDm4^$*A{G|x|Ol|ws0 ziD$I~PMKrjmyS2$SF`(1+{`h;Mss%_?_!CtqqC~n53*fBW-J;t>QQ`+fDmzUH}kMBD|S+UPceqSOh0RSqzG0fgpd>40ecORs5IJ=dc^sOc8ifB0(9c4<~o<^KUjUL0L!qlPMcZ z0lvC!O$)ZkwPSws5>l8RU41QZTPci9cKwCXm4^5HLLSg*5Xxd#Q!i(x5u{^$mb>TP zo-?jPFGH@}D@CW;9Z0@cX3V2i`H3nK&f=OFsmpnV-Y2V0LE({bzW!5yH#{fB@(5WS zN7jpt!4Qt#_2_&$a9D}kSa8;hAeuk+=DY{jM1V^mD{S-k3s9gbqX$xwCpY9XEgNij*gw>75`(kqE&29^Uh>*l0 ziSrcr4S8}IoJlICh&94M#$vg8GAS{*+n(z0+by_B6mN}Q5|{&2rsYg@q=a$? zGd6h@w&(S67`pBK*swhbrRn*};-`ehV`1rQZ{@?MAM14apGq*+F}b+Z(T+!7GQneK zR_?F-CfnnD$QQ$YzaGZ>&5xf^i~bb$&L%!d*F0rr4@|!?zy;kpNS>S9%gZl>K+11X zUR?^Om@vKQ4;!mznDdLCf59(fp0b4qwo&Mj+Q){~sET>$DhH)qfnb=aJX`X4^@?^2 zOMxftwPtjW%-R#jB5t~fTD>SQ4;Q|9cF&JwdzH8{N&yQ?QT#0n(@c1cp22Lxv)Mo` zk<)tgbY}~}+*D4{>U1Y<;!b2NB)<8DP;d}iRNzf*Ok8G#d8+<(IaRgyD`ooRi6c`s zu0Zl9-^n3{!D(#)wYuHeEAb|GGo?2!2%w0-m1P0{@JA6z_-aUQ^LOI65bK4RAG(ZI zYw%)7{OaA!YJTu&R=nhYlS1V&e)nq$1{jM3Tb^T`f66e$F`>bG->M7_?+ZerxPbCi zk>c0CE|T%z0DIRHk1XsD$7KDhv6zaN?=F}<@p`R2bBR_9*$f4B0w_+Fd7FCuwD_IQ z3|8@Vkqo^B!+-1q?;X&Dyl&u|1qq~#!nmObi^+)QIqxuA<_&Mq{gSipEpJlIo8DDG zprOF5n5riT99EB(LmdtHNcm%mx&QTv!m1pqDEUysS{oXpSV+DpEkX^?U4G0;)F0x#CEBsVR0Pidc^i%8)? zYiJ}QY@bJ%hpLciNMUD^)?T1IBbaEUqq(h4(>or#c#fuYemJLFOy+~ds!+-H47cBnrK-_5SsqDDS$%&tZkBl0 z-V%wS<<6ba_%Dt{&mMWN9^9UcAj4;5hAmr1I++Xgt7XIc@htPsnZ4KnGp-kT6S~Tj zL$p30%2CO1$;>83!RTm@G{BFp|I-x-qp7`i$B*OHMpTnhMi7w66gfDhD&}Kqt^t{G zYfXq*RUD5V&K~eve>$x(tY$duwg-prTj#YSEEzGS&E@o`rMhx=n)1-e{wj-X?9M@dvM2}qI>s=Z#FGGZPb@HP+J0TcGU7Ff^lxmM?{a8stHG3 zwMBkOD^B|P^-VSD$lu=74qmrQD+M75?Jqt7KOl3h4`Nwmu%acKZ9S`o-smD!9RvYd ztcMWk5we2zmw6Zw+If8pb6z$No*ln0OSukylym3cuN#{K(!E+Erx~9Hq$JI;cI8PT$oEKOA zs8v9r*`luTyjoAw0mtdXJq zGtf-7@uU_4l@Crz2|c5C8q?sE^F)1i-k>c7gxc=}lg)j0`#j{$w*R-6Gei<)Tl@xe z@41#!J|ZRguv5?#C343*C|JXHmr5HY>Bz%z@te}~W!zna;08}I&sgvS!5lIfB{+Qt zq|A1g!w%}a;9|Q&NvrZpzoV8~5ShG?Vy-V?H5~G4t{G0D%j>q+q zT)cuY6L{3OG17HtbcmNcJxY#GNovEqZOl;G=kv%=Qj=EGtg1x}qtcW*P8b z%ydtf>D%jE$-Vk4*v)eo8h!e*0@VM!a)nG0Kjgolnod@)^Y+`>$9JuYXvRXAzh>2JjmF)ubIMwJZYE~A6}>y zCb1HT{^?5TtRW#1gfufHRz5j_2niez_|--LiKkphM+^19rKV9x7S908zt#$QwIIVe zRzAgWczfhH47Sg6&k<@ILYc4P0z;CQu_bU)$5Gk|H@Ab0dK<}-JN>1*p6l|}j@BZt zJu$ItdbszcX1x=NuF4FRE?y8*!lYB=pQqYdLQ?@BEJg2u_@<8+hqb1Tw^P|`(RX^> z;oe8_JD=lNdH%MlK&U|=Y_t#^avXe4E9$?>^APSm=bb?mHxG|8 zAiW^|gs{Q9$EYLy`B%dxq<9xokT~>GPg7IVM58*!Nd3R6Tz?P#>m?bVJH6`Li_ZQJ zI{YPzjN4b}zv*t{xzd;&`z`SRh8$5NShU||^#k2K!3O^SVs8JNgRNkv{5Rof?wjeE zz-BJ@GB?y4N*Icj`d4ME#p>*kFY2KmKlCSxM0SV|n9XHVHunE2{`_dpj<3buXqKDn zCqb{SfQ5`>RU8sVibS2gN%MHZ*97l6^v;$2-Nw+y$jSP8;?mL*gh$>4&nSXr5YI^3 z2Q=jsi~9<}7q#YZ#EgKnbP`rmdW0J&-0i>NOfHonpZVv55iErymGs^J{oDWf`+vW~ zX4cm5{d>}Xf8l?;qtkD$h5BEQLJp{Qw|gYO>C!g;wBKAO1D&&r@MNr;{%-^Ldu=3N*P`05Gg6xaN~GH#*0r@Gxxh)1eN11QyBv5s zCja-*8%1D4oyi*e;j(<)1-6GGe9ak3@)J+Wzd&}wbb+?*m3tSea2fHRF0KB0d#a4% z_KJXT1w#()+w4Joef$n-dIO%ycgo)llZ0&Y_kX%P$QG`v_NyZK`8DeKKKc3i2c!YX zD!ne~_4e4H&+VaY(ZUKs)YqT!+;AAj--KUD|I?jL6vRG;+`aY9$n8((yOihq(C7Cb z(Mc#}d>Fdk@B=@R7u?xGDX94tk#(1efIR-=e8umZ4O(LvZCAOcLjdTOPC$uf=-QsJ1&y&=hI&omJIBrzCPqZ z8W4mc)`2zr7Js!@N=h$_TBwGa^@>5?RTMt|jM;(lrAw(g(C7)F;ROdqO#ofEmEq*~{V3!D+e1?&FrHxg9%Qv)&{sjnEwB6{!0C$gvN?2N0R=d`|t zB7Ge&@iivMw(#iAuVsHhiOGk`6ouL<^8Fn?GCAw8o*RSx)^{rp44_%N8(JT|Jo@o^ z&QHY9B^ykRPgc}%ab(3My^=QZjJVa@>4S?SO%%|8yK4^gixC?Xb0MT%+`gg$7Xzw#Q=l# z>lZ1Ff<`Rq7R&l7U-|PG+rgD`&t?Tu@6Rvm2vWbqKMBjehKFBTI(xT8lS+G6NX@;b zn5}hE2@sw6HF)@=CyAx%YJ-vZh9;+7_dZ$)ehgCwK5F4QL!D-1Y|fdI@0IiUhF>u4 za?L5*_ekH#GSe}3FdF&mUIq0`i#*``@0NDFrnny|;{Br9?tX)W6bLPsB`^RH7&EZ6 zr0a@0pLhAs03xBI11A1DMBnbhJLJ);yjji?#htn~+dp3tKgq>JH4ZVzpFx61dSKM1-?FJBppw5lNPMkUv2Z}1(H zVSESD?|#pj=WWNiJ}3rog;KZe^v8RVk-W27eV^k*IwUBZYFC@^)=NB<%ta602burR zdSXr;(6k(cPWSa+<8ga^Zg~!?amC$mZEw3@>`J?DW*cPnA4N@!HEZLt1VpxE&Kx=kTfo`VI#ZE=2D?^ad6+V z=mfyB|9%Nr&Ue0l@yKmBWK-fICrzW})fT*E>fK$azDKZbW&d{fc-g$0nc(5iD(az3|?_HAar7YRrVVxFMW zl&ms?waN@9E1h)x^qC0PC!oY9(H$%MZq5Unl!|{dUvs^d6i9xpDl% zJ894sT)*a}9S1G|uvpx3-UkkjI+`mMb8^V|{r`|9m*wU_& z(8=#v@G3YVZFCG=s@_z%8lC}LdDgoaUu%3Az4=RGhOXn$BN}Y@FG`+}?$c3aDy_0Z zJ_MbapnW*tLz9Dz4+gQDlyGYe>uW(8yrB+79K++q56+S0Q~CaZ08xhYJW`GaQZfuc`doOQppF{<5Rm+#U;;P?toRLk(b0?GBykRpyK zi2DA3XDZQiKjH=qe0y(@TK`5iV=j&rD|CKg*B65=ba^4CFel;N^EVLaDE`S?$9K+r zIc@aeb(_xfKmf-6qLmJDupiJ9!n8KxFSmvCHqy2Y$L?L7x!d zDV^zW956F}_5(^RDlOe6=I#Z4E1A>dowmRyUq=2XqjaZZM!gP3fh>*drLqNo7LOjo z>tjAb5|^{^%8ua8v@>t4*}B@})x_j`Xh&Q|j0fIhp#T5}c)I0#PY>4TbQ~3^iwGX% z0T)(P`HqUK7>HMxZ&!niTph<=*D#`H_2PJm?E%~9jIr~~&Gn+jhwH-LG{X3O5)nO> z{j1@FMo%d{x(6=8S~Qnj!%C7`+%uqdAyf?B-@e+C4%!BOOHe%^kX~iSkkSYRZ;MUl#WU71jLWl}CyO)kFU+ATQVw z`3GYpI~@IYz7DLRB>mZ?>nJS~i6OHL0%$uCE zzbyYVY&vrPB4oe1{tMLsY+9CpBk@jWrk@sB&V99`xRbqu$nFlc=hK>Jx&Q(7q%of6 z+u=Z4Hv z2=x>amqVUH(*NZt!1Qbw6Rb zGpNZKvyt^&Z22}ieN7Zww zPJ(1E@s_2B1fpe`k=H}y;45WNrJIiH5PYI--y5AgXtfz_kmDu~=PBqaZLv@45wnTy z{I0FJmrkX*0~NV z#wnkQt;^4$*8{uw_1+g9yvwDJ+RB~pu$p?32auV|L$6H~0gN`8KbhDy(`*AjwSn_I zM1kzzkYMQ@28z3srS|;_#0UF&)ZJ4)TRWPXr>P`R(+3%hPP{9oi!L=Qgx_Sgrb=v0 zj2lwa)}DX&jdPUZ*DD>GkuWAO;0I@9zNa~tMVdpce&A`HsZm%Sb_C|nnimf)digRy zjHk3Rc?U~nn)oHltiZbD!7d`vklEt%0iKO183+|F*T!wfqv^}JRAs~r>ecN;kmDy% zvdg16;f{n4JsubK${$)Z?#ZiOK+TRM{z0kZ3M8QIucuxE@yNvm4<&3qU(@ci3|EVDF6WN74nPo{ zq}T3+9kCop=?-XtgoN|9GE2au*U?|?mzCF6R`(n=Gn&LybMDi%4Y4_OW)FONy0p== zU3!(&>ytkee>g$7u4jRv^G_t=q7ZGOAh)V1k7ghr?3Jlcc>=BweXmIzCZYE5o5v zrI*{t3ku->wPEm2tb6toKN0(0AmP6=&-ZkAkTAv#Nkk7mw=#DsPHW~K^8tkj5`W*l z_)fvhRHKEoQFZ0`*AvzN%v%f}>N8h`6G%dwZN~^xKb~XUf^&+;ViD% zvF}C6t74HB-gsoY%7H9Dy3k-LTyGyLSjkly8ARw}4$=8<4iv)?dfX@?_X>tty2e-a zP7q5W3MX+(r{{ejrxK$y1K9CWe!h!|K@1x`zfoKPXEGSbVZ(*Qq6qAl;Kv5Mh3_12 zg=KN1NarbQiyKLr(&5dru+)fE<-p9jOT^5ubLJUYCC9|QSrAeT+2ZI+BO`+zBO?qb zL7~8nVt8cYfv%xE&_c-{A|4(Po|;u4OCLK7%1)-GwU0uBk#Zfc8kRofX07MCJ6q(r zT^J&?V}17SS4x5`6lzuQc@_yH)M||%epc$@Ccw-o$p1JWM^`R040QnQrUptgeXr6B z&m{7GJ|$pDPAk&!xV=oU%oX?Zo{4O84}@}G`vdxhaW6GAB5yjOCo=r;i%52ryXZUN zhu+~Doz5!iuezO{U)=57@P-9tO#^1b4(Of@KFg-_#vQi)PjG_%Y~(Egu2{`4K->)z zh#JyD+2Q@6UDAe_zoA#uZ`;JTrlhvWSJ(lzgR!2_9B50d2i^NJ;O>ycf`6A4@j841 zCtTxl%Bj5&aWoU}1W!fiEl!(` z9Q)}pl_4=zb4Y~WeUp7&0 zQ0*W%fQVk+Z~TWy_IO*^#nyK+VlXI=Frc}x7+hF;lcI` z^b0-7N3`Ab?z$#0!s!f@seLz_srCbiE@{35uRVoz(bkv$D_BO$1Vj#m zarlIs4voB7`l7VdE%YL6$XC=RQG?yKv`1(5t`Q*p+(fbIN}OVGL(w^B9yT zmTy~ny+*@f%KWt2%}#KCW4;C-tArxzX;1dIYL+;3ngTclYrQj}yk83(MwRfy{1cs} znW0R&n?m>BlpC3YOUw@?GmS^%g-R3)bHCi<&a?*=>lHORMeJEi*vzm@nnVCSv3s-2vL(Lt;5(EgQOnuv{h*1U)Om;m} zMny}yn~SbUI#qb|C!L=2*r_WEC?q9Z`CsnD?obVQPrL75#e;9%&ZH95{*3l|!AEb_ zy`#7oXr{@1hQw@+?yMuD@p@*h?n_0&53!B0jVhuq_d|mNMo*PK{Q?#wa+*v;bdp{5 zQ5*~lF;~-A^gaC=G2R5`DWxaiRO4X1V!CUyGT z$jbyyS}j~At%O4_75B1B`U1YlSq>4Bl<{wmx^m75fk#}{aU%wO?(gTQ#{UN{Mc=mj zHUb^ZlsC0QiWSxh4an0k`rxh3po~YY{ehV^(F0qeO;m1coB%6#9nR2ZGqRo$AV~xp zLlAKiWFR>i-?-1js2P4Dw~Jx@McRP23riCcTMhSdr_EPGVB8riQ7Q9A)D544DBzzU zLb#KLvW<2JF{Z*fbKC*xlQt<%JyUoTcQyeu6Igp{?v4i!!DS zF3KNOCjip^1y)#h#*erbTTGb}pIhI%$PgIq#&{PSnv=;q;Yz8M%V49IAj3T>o%6%J zmdX2)!%3v6m4?tJj4M>hT4OO-(7Th$=X75m^)$(s2m_VNQneE}bd+iQezwt&I_-B0 z?9a4N^iq(sSgubtJBijAKc_XFZH`tI^;w>I*VyVs;fKvL9E;fPO{~2YBIV}WBfS!_ zZE3;kwns#rtPjN_+U&2^R3OA>-jClcUY!ZB=nWv56zerLP7q^Hq<4|dME(rV;+I22 z_sWd%ZJTjfh!ZeXt)wRw7Y!%fc#4Km}Y%A-6PB^JNM03_1BM(#?_u-HG+q)seBz%3HDGbXz^#S&= zEyLsP;zC^3j(|r!{~%hB>D$zwIW$4C9M_8qC(o+2X2c@2WEq_KZofN2eq*NDgXb`?Xmpfs`( z*ZHEWIl-u0rK*yjV3{P#?beT0HgC&X-0Le~KJh;g{H1~^0-dgAFgen>JT;cv<24OL zycj`COY4D%AC4Xi`#pLsu0%wko(G6)M*q(zGiC`514t5VXAFbhs^`sy5{UFpbQGFH zC!Qa3v2E1$N727Ct7L?82qAggmwO|>QDrN+n4v%BV&n>+YT2T2Hko-5I84^GXQw;xX z${A^A0Cy~A9VhNoE;vK5(+cdCBbIS~W^>n*;6n?1=77#(L{gPa;-0wuDQ-HhYSHJ? zno}ko13Bg2EJqv!SUxDqU|fEJr+H~ngw%>^t^U+0F%6mu}v*7+Qy$4SZwCxfu*%ye%NNgklWp)eb>vCK2S8| zh2xogGN-B3K^u(T@CoN_unape&r!XklFLFqTIOJWC}W{k%nw1>d%1mrD^@M2MVQI| z3dCnp8o`=f9m-R$$>kLkFE%zu0%UPn(x!4*(-)T9k_k!nA=*%go|}@jRwbqboN)x7 z+p(ff2$^lJneC6wNjkH-B$R3IPt!t+jdY~Oq^Knv_q5Sgkq`&=w_v8%{%A-Sb-&q~ zy!g61S8NG*J2|+cTZE>%!^z8GS{SFfqum?KbD8~6k{c6GfH4_=`VL5vw|xC~qSfz# zWyY_f*|`$ZvwyrOTmR#2r8P2{&j=}%UGhLM0zqJ}?Xh?EIq^X(_gS63b4t)n61^7AIA#`n`7;Hj3X3uS64X+Fs)KNQ+l z5f2Y(aEzB)U{B{k!$B#5P_Q-EAsHO|40#2+B8UwMpv&!nKawZ|lu!f}t!FuXtI8x9 zRdSwfkhLz|k-+9t2FF;mP3Sb!Phh(q0CGvagroOfizc^*L`SD;tdDk`RIG7tZdrgo zwJx6nG)0QmVZyLE<|QWE?)vO*G^?G~c|y9ag-72UhlrnRKulvPr%`(|H53ORDwXBC z{l{1Y3pEwpocV`^@(p_0_r()c<(VYPe*RIxG9A3b#-g6jYzi$~->u3AFLJN%1if%@ z_7XM^pWpG;%h2e3SlX-KPfIG1&PhD`Gb(_s1FoU1DES2gw~R)z$^?9hdd%pJ7JMUz zUeghH{tEVhdGsWoK>4+FCEW`VPFgz53lWrD8mW-PAVvP`5$7#?Ui*vcf`NJ+$*9ovrzV~^ ze);sE%8OKT-o5uK(tUu~w;YSF3K-GV$m{4r_mTl~+t_nr67{jxsrg|+9JW6m*tF@{#_;j8SwGWjDqUCO@l z-5QGi_uFrSi_{gA#6!CsF7#}h85O@x+w8vYP&rTI!Ck5tWRjv6-Qe&m*O7QF*4uMZ z36y-O(b@$IU;WN2m&h>A^~9?#Xqk(-2&}C0Z}SqtC)mMzmU5G|@#gE#Sv@;g1?_2a z`O3*jY(bJsZ8UKkMzW?k#KjYLl!amCH&355c_qL4N~^p*yws61Ojc2T)u(?df;ut? zr;WYc0w>n&;-7A+7`;S__PC_?1z49voEy(9I1IQ3=iG9 z(2aRGk|mWf=6lBz-&9M13}0JLI&BjotZB>TxzsGH?{N9&Za7-oiC|`P4M+xk7 z8l*8wKcL&~XE&>J1&2tzJ?ledi=l_nYjP8V%Pa=ge471o2ke?MkVt!aTL`XZH+^0O zTjnBWof!xS5_A>d3Cq6uSjwV9sCl9sKu;si@BKkX^CLHRf7w#jIp5$Q3{@l{VH+b> zv68R=d!de*CeV6$bUYGfp=(#*PWcm+K2&0f*LHp9<|rj3JG(PvNb|HWCE;vfwu4J& zGT(*AX&+7S=(t!}*?+pSI5J=UjjWZ+=RxG*p>F~nSAy>$Gz>}-jlwS9be zG>IJ)_;FR%o1_D}Br9YHt}My^$om3iN1-~83i2Dp9i%$@)mClOiT&pNR#nK_laJs; zDp<+ibLm?5w<%q*dR1>&I`0SIhu3=V%lHRQoCuAdygnMAz%5kD;urk7UpO%Y-d#)Q9B3ZW zqwr>Fu2Mu_jk^M_rrKpHk&Sni)<$z#% zZ!^h|bMtH(nEjY-5jZGJk+|9LUd@iO>LN`u#`ksIciCZRM>Zr`E=80hgf7tL!rer2 zAR%a8~8LomQe^3dUIn9&j(QJgE-?2G!N%ATzHeojjxG7fnOJoM$M7 zP!s&}4N2ow!8uFJ0p%Y2s<=LEx597SRSeYuw$!{;Yri-9%@{#qP9X7Yq}5O>AJ1&p zUl^4(Oz21Y6RwGf+$$RQRc&&7Xhg-U?~VDrQ<}0$avq4SELZHX`kDCrrL13H_A?1~ z6G7vYF_FadAyBk#&Wc2Th9GhBu8#I|8@n5D^C(=?*O)4A{HQBb1%3-L zsq3+3ffwDPOh4>|aVzZd`cg7eYkIJT_Vhk|k;<>UOxhvE}7Bxw*Ur~6_ zN!JETzHY)xlND*kyOgygFSb1EfRt4EUbszci6~@iEKD9Cm7BnG;Bk$5Q^BKXJf7V< zoJI|hPM4{o{%SbtZI02EKs^i&)Y!XWF{noY_>~ei@5?{0NI$ut$y6ld9(hwvCQK&L z2LRJ9<-G-4lu_6584^-hO+oucA5goIFj11>KqJ{ndH1941(Hko@uOhdF4Ng{7vnsA|k*FV5mFJ-~&PooPRVRjhd}@Nd@G}VQ%Aqy_ zP>whFqLVo~*CV>`cDaBFn*6N3z&L^rA0lO8KJblVTEl1POc+A%&E>w=*R54n&9`4r z-0I8c$;pp*D{we2joZyqeLS!Jp%$7#mqU!Fc(1(MCaUtp5mr>|uuuC|e}+RsC7wLy z15tP^KD4pY8|o>SdPjDL`K&@3R+{-(_SMT;LvKfXd3(3`A?LnDP!Jy>?Jk%xDYb@1J&RC+Z~TzD_3K{-41G++*~d zFtX}BzpgKB7C5I+@DXHx!kR%bqX&s0>-D{^&hr+U)BrmL3UkHbdjbd`N z3Peg9G~L6DZEoTQr-5j}^YGW%3KT)$ho3~(wqgB6ekm#1ovShem2v?`h+}!RMuvGD z2ri?I@gY?!QbZZY#}+Tq0HZHBSD+bDE4?J3vv_PjOU&2<7kgZCmLNHXr%hEhk?H-S z@Ts~~>ZFB_HOGg4P+b?Qqpv`Tu23s7`D(@ico)!yN4l*t=-PZbIH#ku+U zPZL`((AM$a`R&rqqDjcUPsaI{%Fh+)&qkf$PL5!1soJ#k^g_rra9UB))9a{3j$etM z0ccKkuNyJ3+0pmd$wIfXH!rEA&ceqafLL^b{;W3Nd8|a-WU0eg-7>XE7aOQQiAvs5 zUlLCeE@YQhD5QnRLpx80v-xGpl1ds@{b(-Rcg?aTF7kPU0$i21af`8k38J7CILqsM z;tNcVoebwQsGkzETfsBsta#C#J1AC(-Dykpg-FZ5NEkOtbmqB4GKYptR}uFCH6%k@u8Yuak{URts& zGlapk!vU9J7ZF5~01{r*#81-1qycs|r?E0aI>(>G#mD6pAq-8@z@DaZ< zB_G{(A%YZsV=f}HpHh2&!^BQ;8?DK@qa945aZUT8ek`{{zh{PJHHBz2TGf7K`Cf0e zXE?-`XEA6I&9K-BI(+Xj;w~cpxM?>XytQuccU!08&bLxFTs&=ghP^*n5z&1>#Qb4E z<432{ELe-D9`}u=9F1NEz2HOp>x;X(DZp;`Lq3O*-8BuP!YpTFS^QD!jeot@zV+d~ zvmmwflD;MrnOs@v#{3vr#|coqDV7W~2{H8p_E!T3&U_bo0}KpP3sd2{u=p45q{$!V ziS86k|7sc4>n+UI!E8BlLOfkp17s*g4F5AK+t`ZNwZyl!EB=K%pe}nq&rz0~0~Yv< z70^kK_gAJ3VVu)?MNnX01d8{dSoT|$m8%ZV=h`bVu+VrW#5z<6~R#)JJZc2gV`n$QQfU3AaQX)QBl#a*NT5K_#^P| zm3oSQ?oz$yQ|de%px}wn*imoeS30=w&B_yyL?!uk!k(*GU@*BJFXe7+`geRR>;Gvc zWIUN-n0Za3uPo2Y+>FPp@=5(^Y?#|-sJvA!snVcLt_3kDEpZi;d#u*Ub9gs^2rKlA z=jWgog8zJvy(Ni`|N3ele}Fw|RJ#~Yc!xNtZrbY={F%-5y2uW$)9op2`ao1@IkUoE zvipxeVs|P~>kFOZ2yv2hXSG{73ZC@s|EVPY7yHO(TGJ$;Rcj$Z;UYz-{ef8fOg9iJ zdbFMMZN&r6np51s*{!B4I3dhQgNtzzWpmDC!OnNEb#KJM1U@WdYvXJ{Ax$o04b`vW zR}7tiZXPj~!)!0SsX24^nwRRV)7NY3(lj2lm0wz&TAHUFKhQm!3cR=f9z#;+Du{=3 zK_qeV+M^2z7ZYvS4?j4yGv}b}w-M zR~pNYtD4Iwqox)%hb`rH+_W)2qcwDAjTv2;Xgc1N>;~pppA@+Aj~sfMuF679>CjE> z{<=el#PT)D#tj#bnXLC5Z^mX$i4Fq$tw;$uG)Eqi=|^g>Sj>JU4(r7ApCl@@^HtRv zO16=(0^z~g~{d? zZj|ZRm?*;6;AW)|cocv2EPqcFZuBN+LZAToTlAB5{n_|0rPf^W57I9>W!7d^h3|Ee zIy|?iWs~Sb_B94I`u8gG^56k>0$%_PkokW%XF;K+raA-Qwc%e}_!1~28@+oq=X}~y zOV+9#<(4BqVFv0Z+*HTQisQxHa$dQr6ekv0hCBg0-TO>If&NKuOwRQ?V3w}N~RqFW*-r!fFcQbP`gDJhD_P@m26HYhTIr_(>)INP!WmE+;% z%7N7N#lPf!!idR(S~p}qzvUNAv$)GN)v33&;`hLcJw-Ab+P`DJd}suC1L=}0yS2I9 zTmQ*qdeU76hNV&yX@hc;A~aFWI{u2-Sw(!6ud;4wQWmf*5rd3ON53MIAJsExK76=l zj8}K7k5SI{a7s&;h8o@gkh0$mpoIag~}sJ2Wh z=zOL8Z%AKG|LH_KQxvyz@^#@1df|oDC^{e|oFNSuEQ8?x>*`4MQ|=T}$H){`UCZ&! zraF2d&fQg&GC4+^AO2cluWOZG)J5K*vl|IDcz{ecVAH}feecpOZ9)T1I)2XUXSE!PRXgY+?{{6*S3SL$X zEQW!Hch2DPdtI+`m-;g`{2B?$c`D1mx}5t38IMT^FJuPBum-lS-%g{PwEpBy3NE;W zKQ^+T{N&kauC@xviBBW8H-ma7LmnYh%2h#ZB0{cbT`{0ZCkLl_vWJmWJpwu|ZmJw}8sv{qt0n z-D+vogMGjCOr@y6!6HEM5J|<}7s&pq*8?Fo<{myZ>ksfb>~2f+yV% z3^UHPB5NljXXWu}3q$VY{f@Cf;$$&XpdxE!0fwEh;y@I;oMsLcUUEJs9rB^ntfkVZ zcc3P{g~{xhTgpiu915_?ZP29h{f&9U;itIWMkP#?eS9D^$UeEqC4OIwd_xlT%H0Qc z3t4^NdNKE%0zz6(dr+9`)w)R1`06^VM) z-;Hd_=Cq;1-#`&PyQe3Lubg#yy%4#kQQjSy7gcF=>shM9fX;`p@f*@2O>Z7xoouGW z*;0&6O^4<72hoe$zWZU#w@VRK(+IxI;fUbylPCEcd537o;EeJgwYc>~R0gBD9{r{^ zPQ4<3MWNClob#n-@uT!eOoY*-xgtG>Zy*|%B2)UYuGM-#i9$p|LdnL4-4}_E%T%Q5 zXroZ81t!L8l%-{+`%l#6`wfPw75 z%+Ss&fI`X|qgjdf!pyujkRDi?IuOD}`+TBaFHNUs1svAQU2T<)y?uRAKJzy_YaX}f z_@S7`QD4obcIz3?UHFTxgA~Y?vTcb+##H*?d0C!r-6>-4!O63?uK+0Tbm`<*t_2Nz ze;hIM6ibi$8uUNJ$AVzX+W4_e9H-WuCKN zmNP(vrz$!Bq)wXED!C`wHB7d?I!a#&zL!YgWQM;7kko_ zSt*gd+H!Rj13+$sXP0;Du!bx@Dm5L+SC^}BkTtuUkZWOo$7rX?7p9?-(Ngg}c`pwi zS}Ov92J{T{`KlOkrjsQ4`D!<5{C#x8V3PQ04tdD5%YX3sJC7VJ6fN#DjQdbG^f|X8 zD3L}q_aWOiBUh6^BmO+6eJPE==Yn0I#3X|s8()%k1el?P(oDVL_Yk1NRkF2Ev%{KF zFQpz^5-XHtn$?c377%bwsXjQl(*_(5kpv8pVp59hscUpq6l$Zk%gwNHRiej z;sP!DSql=Spx&Xdu-2-Xh4~RgYP=63?Y-93Yuig z@fH`L9KRNGc_^|y=Ogx4AX}8ZPjefiSojfETT$S`Jh`*`>Dhg~^7odDt(C5(>;TaD zlBo|GIqC|vsb>z&=kfAVyDoNVKNI+e)Fm2X_)pc-kMGZ31pkP9*dkAzwGLKs6<`I{ ziA#aonu^?)Twr3=6{{a)8#K0O6wLp9?Y*L?)8lVuMn{TZjB?znJ!{FKsh%T!qRsu_ z@*Mt3j~!(_%vi}m75s1%K}4`CInm@4zRwPYM5;MuuQuUv%!$Cm%q%j|by^HqFNx`t zySEO}X zw3XL-<>%Exs|h?dZAC1-nwEOW``L@B$)xNgUzB4#T03XpQie2D$I%PWBF);IyvE-B z+*Q)?z^Q5KgZJg`)cAwWJeNEMtKv|>irzQ?G_rDWVGF|OG?-%-+2 z5<1>cPKN1}7R(-hw0-(KIKb7%R;bk_m!TSQWxBj;y!lD>?y34K84Qa-KhfTWoz4=V z7?))zE5yHK3B~AiUy}>eUSQA0fdfkRu0VQ>i7OR@x7s{HyJ=viBUJcm)sQTF6~UZP z`240g+?}F#|7K3C^u_M3`*&0pm48lDWyvC6F02Z)WRH9C5Y~Pt+rfsCoS)NBTxQ0r7kZT4e7T>@ZwweFs1w6u z!%|Vlcg6HIz}zyIk&ejbKBluG>- z7Ok}}vkthiQ-%6U2v8_R=@Ss>Ed)dKr#El5?f4{=>Wdp*C$oiYQf;#sAnXThhH0xR zHLER_C0h_$zw-t3HfNqc?>*A-U4VR{&8OH)egAdTiSj?f6fJ|U>!Say>4wl=5+VIgYEWi!rgChZsjuQo@IYlMgPFTB()^`Yi<{z|rYP9)_P zVm8nH__|rowYN8qW9gq5%bdrWCA4_UJ{}JJ=J*W=tk>r#&(5_pXdRvU^hP3K`gD!^ zP0DFIi5MCSkFTNYx|LQ+nwNN8m+m{q0(y-^!TB+EN|7xC|Mi6c_4(`GB={F_ji2ca zq1zoLy$Csew6U%5saI9#R+U)?p)YuWWR$7YSi2uCAHQt8QG(_Y-1g=^87hemGI-}g ziD8grXc4N+b9p@#`#mJ&8v`5~bTLPllqZCM7X?-!>^467_^DqY4ZtxE!FOhcU{rKz3M5&OiE~ErQ zbJ@m^`6B|E69<7k)3>SP;x%h<`FjgB7LD#F8N2Ow8$Dr-zK^^BZ9~@_nO~kmYzhJw zMIa}84hM)ac!5wpj|GSgRJuTT<*i?;9(Xmcn>u*%g%EeTt}fYdCthdP@tdK!whC?i*rh*M=LEIiZkeqw zsRi%1w3=GtuKfC75<{cY76Jx^VD#2N93?e1LWMzF{0`tS2;2hDBw%VFVO&l&oA0or z%j53|FZ`EV>;Lm6z}5)p`}fuuLFjo(10V&yta6Fby7&s|@DxM3nM&yb3;)ARrMDWs zbo1&#KOQDoQS|iKa8a3ua(atD`u;kC`Ai8)%PUeVQYqAL;ilIpMWUpng)!uCMsa&do7CmC)h>WZ8u8R85PxEj%Qa0hSxMe(lUQ6o>l0~G90QaMge zzzYp6FOwcEHAp?)L6!66h+93*U_Lsm_O|=nJ3c*tXz@@!P*MGH{x6vFU&}M3_%Ao^ zRV?a-PB=Ub1Y0I1OJKZTocs?mvWV8h7B}r*Wt3BjEnB8IqPNQ=hKfr`)udXP9Rs#5 z4d0}+Ls1Bsqj9KYGnI2BcbA(utY?ZtvL&M4^YXq)Vb%|9X!vNq(oE$^JYW4XkL@hDcu0Ufj#-Khlky`W8roW*mI-M5tpw*$)>)Wg zKcBcv?2qp`@(XPz^1QG;zI$VD<8=odNKYka&82a{>^_;$@}%vWJQ9yC&=b1fH8G)l z$*NRutNnqRdh-r?FyG={aYI5#IDij)t^eLD05${O_}2$%S?@-fuRH$6{;4_pV7y7I zRY*%)In#p&n3@MyaVwyd(|99JAkpKTy?D3yDNC$Dgow+51SW%aht+N#mV>(jK%5|n zxR(TRrVRNeu{sV&z}Bw%;)0>})k8`N6E^R2isZp;*+jdKms*Jix}>C}$HNVqLOO2< z(4uj@D+tj83e=NC|Hpm?-n+^>@L%EefBk}g{sxcs@0E2mPiHm0B9+@)Lo=5=uO*#r z9CPuIqX<3b;+P;5Ue{rqC#8@3rjZIch8faZyb9cHyIvKGz@bv=@b#HrTFL>wBCTdQ zDGn~K)8n1%&HX*)r%zg!oSkj|g!g~{f2}8_-4Wf`t89Oc5Yd1FMertYuvFI7CH*6@ zPqm*oO`FGcRv66r9}|Um3Q$V|77G4&0^Iqy)EH1ubVvs0?9-QS7C{XqcCfc9kuurc-tEVOxDJMK@@kpf5%GBWauhNnj_03+J{>Y*a1NZl5xzMRH2c5r~X|t{} z>01r(noc>r2Vt30Fa#(Ply?1YKL5fLz<_8Ri8&5!L3fEX){8S>f^%QJ$q1a%)qdbHY%31bcYf;~bm_4JBi-qh{~UJZSF=cKG?Fc~HOYLriE9P?Q z4##dAe;?y4^xlXs*!5Cb)vP9sUMK z7+y{JjAR|1-IAf^9%bEQ(EHh?OPX}Q)lIdy_X$(WxQ-umrr%MO@i~e(`w=3@5Cmak z8l5^d)VWsKGf+h-P6J_BJDPDw4lf|OfMd~p${?U>g^GLRq=rY*M6!c1^o7Ue>@nY= zz2a+URAsvzY9YA6fxvp_@k^^+9eEzqp`X$17QbB<27xTo&_P0|zyX0VBz`Y-vWCpMaAk--u#L?klZ3!<9Ar`a%Skm_`w#;Wlt>%vW%LmF zcJE!38T@0Tc)-0HTc*=ie>RTA?Kwmug?7MfHQj-k|GErPrF8SckFci)j)2 z=1G=*$r-imWa^2s%6Q0d*;M|uM3RHrt?kWx1@^_?q6Y;Ol=u^_)2P3XBeM-CBuS^y&H3DifBB} z@31VFSWqBwh7{0}Y%1Py26Tc~AjrT48;!YG5odhNEIjfDIFiY681rk`D%UFyZ^)x` zhT`X8GE$w7s9>~bf}uxp$guN%9`xqnK>f7M5c?|KswHh*i=?sI0e`u_OlqA2)ZXyc zamBLnaWiaOR(^wVa`-j6BdlPDchm+$5Ejc=$~&Jaw!QBzY3=>dMUjvs?g3g@m z;9(kAdOP>-v9esfa48zegZi0!W7pXozr_`Saw(Gi9=Vbc1ygoR98z55c6_4xq`;Xv zC9#9f6?s(IEFLEP^V;*c%wzeX^lQ~I!_zY zS`DfhLKw+xr@Bm#iD&q?k{R+WT%N|a6gHJxadeKe#fezBn_=o}XepyJ(9@_~c24xM zz)J7h#IWmS{~v9w0{E0p;q?}E$IjH<7UY8DbdaqBs`w%Qa*Fv(=`Xqb9q5wbM>;`} z$C42G_Gdc-_bHOkR}=rnh?UAV@fxjfqD8 zF1p8PMlLpCIElI&hnb0_vrq=Tn>B=i3XNxIzS-ZyU?05ssiFi4+IbtXdX4+nP6*L# z>CRcIUZ7#OWeq{F0clfExhZ|(&p^98?dL+VS#M2X{g)M59@(~vxg(~S&(Vf97V zI7BB*`UkVV5UW+!3fJ+DoCer9T-qDHRvb<5t%GaN717vGHT5-BPcz!sZ+JyqCwZxG6 zCHY9o!fZ)l2%RZioRW=dE&qOzf3kX^(rWm2ey92ywKk(4KYtFM{58bO1+9;>aaI?_ z0Vc2^Rn&6Slyak~`gA}_PV_=9G9B6~H>=Uzu9SkX&am30Vz+`Y?35O=<5QEtQ<`)2 zG}1fUfMw&%AnSU(-OdJ&K}SuFWw(5#G2$~I2q`kvO=ME7Y~K}f-R2iPSry|8o3&h= zM}Qv85(wBSVUo_3ui=5#{}yo+8dhKoCXL+s6kP1y{Fy4W(MOek!}Xg3((%qE37!!? zUD0AxAFHCM&YNc7ik4abVy0*iOvsXGSkh5qRg{6Dwo1^;PTTR~1!UH{NpFl0;z5psGR12qlMy}Ma)bzIhU!GG4_L@y|T|pwYxl|=_P~#GG%VN zO9hCFx@Ko{p@luE>|YQx$XkOE@msRJ(rp?&*U*>*kHedJb;jZrK4P{}KLnm+ur!YgYy#BI2C`e@uhLtIc9dYmN zH;e3cI10sv5p}KR!ABaj1nn*!v1Wqyw|{H~VfI|;aqhd_z%fmNGU7hfz#`huitY&3 z(=jDUNWE{L!Fu5DC${T#TgZ03XLjUl3-^mdTz4_%^IqINN~C1N9@}8GrtbG!7FFQj z`{X-~kjFyStNbiX#N{4f#{=5tB#Mt^3wsKqTU9O;+N62l&c@%LErsWkjlvSc_fYhcQ5zj$K8`mvrAew7xY>hMW{G8%zA&Oke#=qO zR@JC^$q#f-7Jca14p+N7?;D7O7*n@m!g&X6!f92H_THF8)(E!WTsIf>w>b#q||^%Kw*L9K>D5@IA|@_O4<<9?rO;}!Sa zez9me_vg92pF{pIzT~JIR`VvQ1a|=uzLweK2-eeu?>q@DXG@8Phlj;6VPC4(5L80P z?P21Hp3b2Z;#%{b)Z|J;;F2GZIDIO!aKOPwJv(&SK0ItO zV*f1>eO(54kot<(KK@Zn?LCg*uV-$Q&C@&?!w{fp?yks(3 ze+WRhzvz(KGq`mhm}o86Xvglz&w7TN$hDfTFmK8F*_9>`n3!@qc3_-Dq-;E~Q${Ia zT*q@ou-84`ma7c?cw?~Hy&$~j;5t9cl$DmKACJdcKJ(gsjj2mW2r3$dwz+25${eVp z5L9I}gTM%kXf6%eO$-oYp_!h2I_k(pM?kMkA{T*mgw*rPU%}u{WT%j5RA>kO&@UDf zn5NX7aqpJCM>&^9aZY)<(OO(hMg5p-dgV6lJ~5HrtPJl$b_j>dFR~8h)OoL-X11x*U6r_a!5KkF52} z@WnoYIQm7)s;cs7LM%>}YkQ3KxuvfLmo_hC$mg3)V47#;3O-1qb=sfMupYC*QQFQ7 zjp0-tt)SMckgqwjDwWlBvp&>#Qkd*t^*p!NN-dCDb^$l-`J0|&CbSm67O#2S0{mp6 z!+alfr*6Vgl_u{MlCa!^P!%F?cUiNqbq1-s*{*9FrLBl9`w+yL!-cPF*d&z4dy%`^ zt5Q;`Iz&BM6}PuP;|st+Xiea6tOf)Ffu@5R`KghJ zzGD=d+VOB!%(u*ijg`ph+~!ew=*FDwPWMla_~J1SuEx4aApaJdJm?M z_|amWa;>E@zt5eT8o}xLxu~=>5>VkIp!yL-;1-Pjm0e{^KCi5DiVd-BOL(EE%DQL< z%ltXySq$4nJDY^D!_&a2sfpr%@a^n(~x^+MUF>LOyTwxB3s!@+=ND@gtTO6O!+wU4BrT z-TrL!&|+s+`Q>$Dt-v5%r+V?B5*(SAB|Ir>|9s1De=pSdyQd>;n8%*ndp*SY152A+ z-x_X}g$Ja9a(-onaJ25KmdQtR5?wV_1(|o{?1kcz%DoNB*hSPzywX?fy2nfWaur%_4dbZeUJEO6xmfF;_5hpV;-rwP+gW~%+%7mmLL7Hqha zr3h}H^bR`x(-<=ENmoE2TB9gVRClKZBN53ka1os=y__S@psm820U8cMY@~Ypvr3Ua z*jWz`?}NBetP^G1JtKT0>t|c0F0v8lcyRYQQ_^*so?1~wa{^~}lA`a3wU@S_vUPg_ z9nJu8P!{st^PBlXC{wS;dJHQBE-BY2P4L}gT^WWtA1({~P5JNEudaK~tm3}|GI*Fa zkI`wB$YyzUQOo_UFGEt^!?{C_nmq5YHm8vI&7!N^V*{=UijLRfyK}u@_Z))ui-MkI zAcKWek4>(M?d{7QK_!zEON+epX)?nllU#o>js-HSY@1KMU45UmGLQs!R!KE}Zn0E; zZI*;P**AxmXX}Td;0+H8n4u%h&*H;BPR8+sA?hu7E5I-& zh-g;O@U;9sBI!K&lCiAjE6$KvXi^!Vrau*+PPt_yYd&s6Yya2gZ~-<)k@DMK8{|-z zJ)mixg5w$mlj29c#5px9V$}^|Iz^*BfUy#%8=>)}Oz{n(6%MRytV?toDqIqLY3-9a zTTY;XcCN`_@c7EY*c+tm~v}Ba`Y)%IbLvKcC*1upv0(b zXb3ARqBCgq2>AV5TCdp!+1JLdfr!4r8M%mzdsaKEQZ0&%0!31P=6vS-}@jiJHGij>z zo~gIJa}JxQz*lb`KL@Zm<4eu8@H4=({+>&}+t=^&nbnA3%^|8_EqF$O|kr1CZnKNcm`4_$2%nl7^H$`M}jThz{s$|81P@Spv z=eK$ply-?4iRQ&Fst`I^MOn>3*jl+aPgj@yhwxE-S8FXSzSuLuR-c!?&)(A)KT0#K zO}Z>1ED|LBwE~(G-0r)6*Q5i8UKQU~ayg+R%gH3eJ!j4GJ^K;)wN{a($+9u5mnK11 zHDl`&CI&~X1wPArH{+k`+{$CmxgZXMJDe1D40gcj^i98zCbs^hLHMC&2dT}=Frzqe z!fi@$iY>o2vqUox&{eV74(I;8o*HcUP8MCzN|0Ps6IZwHd#t+&4Tez3u;iJ#6GhRK ziVC9>4&NnqGt8*%A${CoZ)`Cm-=^?_gBJ*-?_S@kBI3hgSiczK`+#_rsymBiX9gE) zsm_R%v9+JXcYd&peda%_i2#`lm*A+NKPmAj^$lFN8A}Q%klDvCzuVk;cTst>p6-on z378YKEq2>NV(%LYrN>p{Wr{dajMarZ^y(#pr|NRxX8ue^l(W_953=)lo$y_G7cia_ z#oK`^2u*y1c?EO~4C6#h3{b==;^;ca`{hR}WIlMy%Ow9A6H#df8{BeH+j_w`r@TuY z?|`+9lGwb=2NAW)lvImmB)Wrxsuc}9?7s&i1hubZ4a%_X)SLD#eKeKxoefkA@GwMKB2H z%LiKZFkU0+3B3|Vk0Hpvpq0Ry#c&Zl2v~A_)W4k!WJ}N9;26Po)8}6=*)NM^%XU~G z+K*d#gWmfw*v!0Hex`*{qjStXp}Pzp6G$bWuxU>^HZjS9babn6aADx~T`yq0(t1b3F| zX$J?Jx8i(O3k;Z4$>RQ(W8UWMRHQfsb5YE}IpZU(3Lec-}4rW5@knH=5@kNn- zbS-4E7g;y?RW=e5N6aQ|iwdu;aCha!AFHy;pbO|;l4XVpI(Goya&My#hb|Fu-s24} zj;E&1fVWpTS8F_OYNG)S>Fm~1#Ri^$x511`gm(q(7Gg8Zcsn{(<_F65UEw9V@5A!``w$?#wVQew)K@cDUEL%d zx2}6xQXen4BtMWGdscVw@r;!nN+_r1v<1i%ziZNB=7o$xDhfsv1lJI+52#|TwnEXd zo>(Ee6KM)Vm*@O#8t(doBncM739-(`(ccDT2mKmyozu>9JwZh$pduZ@M|G9~OE1fo z$r{fdf>NCZqhQNt zFqlDST8lAi@OlRs`Q|tbypgBwL|LG`{*>!rvGvkiV#!h$b`;*^{IV&Ve?+0!=Xufx zA@=T;MpH1Ww#kbH?ST6!qRLQ_qwyMD=NK@sy*S<^^03bjZ=GLU)V7QDsuoR(2T!ge z2&CU)$zEAJGt1zD_tr;NpE{JCsJ6uV5+LjDNiwR zW0m+Vgn4k#cprb8s(VJq^|R;LzUP7Tb~Ki?*iluw-vC_X9)&72%j8S!l*4m-hM zJo1xM_`UbZPvIlDPwA!M@a;81=~pYVz}!)p1hu;2Us(#^^nsUR*B&6>_0+M=^6X@F z9ltWnU}wjQ5xEVghd=@(#?N7CTwM2FExrG^elgTQ)Xs}^#)%4aoOTRd)y;K()~NGF zxR!rsY<-Q8%sOV|(`9VE7V+h*UCdZTpMIyPG$pLw)&D+Vp4Wl@u2fEc``1V1Un%97 zW*HlU?dpysf}anX2j&vLG~JK}A7sp*mQp-vu@U169=+O8lrkCJMBZHe(CL?snU|hPab(-G1KoXs)AL|avs+0#P0h` z;Ek!IwAekV9tA*V>tUf&U}Ab8SU7sQKfl_R(}sbbDr}7{b{j}B>MTR-h~`F+f!3;Q zUw#N>*D@gLt%fTfjOJyOGt-e1KBxLuxEF`{&u4nss2806F!~Yz^x?}%k(?{Yn&&j8 z=D*#bQ>B%ThMCL|^2=C`5_WW~M54}Fg)dewp{7UWv|rYGf*WG4a&o%47Ba+Ed!B0j zv3ur3h_-w2;+Z2rfZoexFkI9hJs{S{keK}GUdXN%28!s)X;bFrCT}F6XaB!O4n7S* zFhxb8oq&aVpjtvG95PW&F!HPb*YM=N&T1bLoGl9CKqDJREFVqp+bM*eEB7EoW&w(M zlb_6L6GlDTM~zM#aH`ae5zwh~tIRphqo*Jw?0K0B?xd@jmvb2fwav3R(#i9NN#(;4 zg?%C6i%n=?5h4_osfDth&Tfo$=l4{E^b?~Uq?^HUKTR6`c!At82-1)>3jp zWd}?!j#n`gCWUO`wolqLk(eob{e?7``ZP^Lqabl40%(R!F<1e4K;N}*JJX60IDHbC zta&tf4C?(#WJ0pe2Rd9z3#~XnH=DwVNWrYjsBrHOFo$%OJS`zI17Lc6Ms1+zh$f?h zxuTP&vx~xKi0p8Cq?}9}uU9fE_o<=QsyU=_D%DTtGailp^FBOHM{X|PVb#(0#D62` zPWHA5WiXkEGO%{$f;?|%5nWe#wUkuj^FjWW{LoL{33QH*AGA8W1^z}~AGet%cyCew z4eYfQcv%vSV97|;aBX(5T5^UVy#1denGL?zM)OV9>@+4BUjU#IwN%n9q0-{wTmyi? zEx@Ug%3~JzX`m=A`@#n>PK94mS=l9cUEgV$oMYLqE(P>og_m2$h|eAG);$^y?^|i< zm?!ScC^yO8O4WG}QUKRCZdn7E-&Hc>^Yj1a!HeXJ<(Fy|I`AEj)k=S@WIxg;?2M!Z z%HlJur-J>8FD^E622L?QMZr7gcUjDtpYiZIjLPg(7tHy+Ur~pYHySXe1rfN_pFRM} z(TbhqktKKQ+UyF^sY3UJ6c*KM^Y7a2QV*5Tla)UKx6Mj@v5<~3!Z!BZsN|L7eC`DaQg6}cVrP1^fTytl^Lk4aIi5V<1a4MIR+w_>DVa%h zxQzIx**b|wmmvL_`Ktj!J1##~4y##g3R$qGo+f7hplN&trDIQnqpmw5M336E+!_8h zrnJbs;>t88HY>!OjBDkXqW=&XwQA=F`tmkLXqk8Gd0-17FfH`Z$HSbD=$XViVNVif z5)a?MPnDo&N88oqPzc94zp1ONglU+vmCbb4TyLhMP-E~4{mTzkoEe?GG(<9z*RK!E zjn{YkKIJ|NC{E(uJo2JCUkQjE)wi)4FMg3D+Xy7Ur>rs^)hlhLPtnXxMMsc#5!IGp zO^&08t?)I7gOtpfK7H&tyM4f_eavj;H#K-KFc3LF3vZx;W%}EgwC1OO8J;EW%3O2I zxAVtH{M5yIBol7}Q&cDuFf;%@Rpgq0c)3GeE;?WlJdh1&=IvV-&DkK0lqS}RYi;3@9i!`bF&gvj-`d*)ehCNqVX2L|h)MnFY&O zIFoj>SnbRk=JkVx_#z(n)OuOs17G$W9IjQoyR@HiR^4GLv*Al7h1e#IalF67kx?pX zfCVECcFGUy)!cZ4z6T zLM<-rrf!!f)<_J|KoWyG8U{v?Qjtua;XtUpqvPi)t)@ZVF+Ct?BQ|?XIXE;dp7-TX zX9xn;r>bi+)z|i>%N@AWp(~YAkR^gW6JS&aV3ZVrXSW+MfZsp&bI8@h?=lL63fRE8 zV-%aMl;lf%o_aKM`6?E;%ntuM6sDQKuh{r&-)iW1+dLYEc?sMFPDnCzIQ& zcMUmd2{&Qux7MPciTv(Pm&RNNY~jexZZ1+p$68k^R0sz}5jdKvTKqg^fzp?|>2XGw zNHRj~>s>7A#pB#6c)|3^)4qx(a9H%xC?o;_M{24wwE><9*(()OG`fSd* zuQif_0jzI*SuW8X2M${Mm1Lr|UhG6XQnH8vjj}=gg)Gj-|6^ z$|X6XuXS~=xWA56Nc6f6cHE$e9EjMw!;U_N_UZ`HvOaJ#=AY-?&7-^XTevvVd|63L z{vLBG0nvqE!vn;#(6NchMpfboz*Mkvs%4ccLMmD# zYxDBo?fC8PN%#@gsJYGOv>MinMiH|3o3Xkirn^DOqksQC*c?KkFL%GjZb_UY(=S!S zMLJ260CCu%oMZJ|0AqTEX>fB9Kn|ZnkES?<42MdB0Vc^CwJyI^`t`Q`)^)k*HCi*v zEc=-4NjL+isv%?5Mxf4;RBili(Ag%@tn`ygf)ug@6$*dN?ru(=cU$5xkqVeZSGn|a zfTy0b!x`mW^lYW63j-nFS*-oxGWyYL@ZX|6S)rh52dc}d>^&fGxy$8spUPP)>2p}K zMb%c4^_w&^p4sX4^r)~gTx;qB%52V@8OW@?)*v%kFLiCDH*@&bKxyDp8G!{Ov=e=I ze-5czx6Q|X$2O4fgkjgglR%Q0Tdnb=x!lSv%$@$5KQe{&tR2-NL^HFc$l?L6@JwYv zvP{$#JyLor0%Va+t-%7P^Mo8r0AB!9s~;X}i$0X$qA`B+qNzZ88T>f%P=V{ZRzAhWX zd|zR_BvI)@-wnd4%PEI9B7ZhDQ9Mt(yyLf1S9nagMcN+eTBm{1+zfN4s}Fi*Egtrl z?0Po({ttH>JD;u~)YOjdt647DH`obkxz(TJm}$-gq8Km#?32|dHG_WX=MJAUwx@Cu zL}}{Ee!&^{xsb)08C}AR*PariRV7m6*Q#LA-c)*eN6&XUGz0f0wPy!C8MRfz+L zjB;EZIYkZ*wuuPOyqz|>q9PU7*h8W2Xe0uYT%W@fV3JF{@xj!73O?FPj`=!G?%b<} zadU*=L9P!0rJC^+fHyGBmwM0%m#)4iec1o- zw&8(EW{FH&7ggld**|4`x=A`{;_Q@yvH7=Mvm4v(5n^#NBSKMJL^_PQ`e51yEi@`8 zawsup-y?XJ8@Iu`{!E4@PwYaGdpz@GcZKx8oB3;a=+-1vD)%OGj%&gqO;yA3^iNzK zy9}KbQc2{c6^&VzQ?*cJ!}TAyrYH;Lx;X9V4eAzZ-wiC3Z)wp0kNorfIRz~(d_X_| z5NyEdbKtUC#O(UWX|;%ijg3v4JSJ9g9tey;$lcG4rd7u?!2y8PlDg$0i>R_(ZDxht zrOnYqqSnCLnh?MN7cIFeOz&p><4-fdbbW}CxrH8h_`?zR>sL51mid#zO4#K2jfu3y zd{d=>JrDu*MQNIQ0^^a_s!C_>P4NOeEaGPHHZ{iTJ`W?8#V6nBnw@1EvX1U|Tr$(| zX@ck!_ogWc=780=TdR|9q!e;o{}GjafeZjv-|P};mm9Oh87}!Rj7D+L0B~4f`z z;9AUqYx&07^nIEJ?DpKZg^X37G$PrpE+zKK{pf)KNWtr z&lmg>n#zfuFf-M^#lf=S&eacDNWCLnABymaHcRm#cOX}-dufc>f)Ss_L+A0H?i(4e$GY@Dr-Rlc}8M0(bLzL zdKS7fW#OO}vWG)`BaU$%AUov8QYonuG$)P(_&aQ%``cwtZc!wWv(=wUC^1TW3m8Km zVta!N!q`A>x^f5}{%6kP=Nl=bd?vnaoOyQ>v$Gjj{)N##p|ODv7H6DmXBBmbWFM**q)-Ii0N96k4#Z zJi}2?^}1~uT)5N1wd*M{#)$UcxY?PB7aiWxoAwRil_}su(*pfIR)Z9DL}8mfbW5Sg zKgYo5^pU)eu&oC)1GcSBAymSd+;~n($V9(hB))opniJKVnfh{c;RbHDMl@_~BWkdt zzy0Ajs+zV$b+t|X3V!W8n{Bo9_4suqzk^J}N+WGGB=DwPN&%L zSpL-@wr*| zSwJ`C&Uj2WcTd4$OLlZlWt`t&ummfY7yMCQv5}wvzG&+8H>YP!_@I!M?w@#A28f6& zH7yf8&qsBeFKIntol#t03QbI@w@gFQgs4$mAoA}F;hOGb;{z|Iwq||I*2r)TD>U(N zrA)R3bK%CZ0+tMa*@%cmmN z4A*x_=VE!o%DgWm^L5^oAY88aSW+MlQI4+1#uSowU=QBHLCAGt8n?IZY$Z)})H3&W<3=KN;8J3BIh_WWBxy#VA4%f|Y^QytQe;yP%c4YWthkYVd@2%MkS87rp10bK%^#QNWk7ThaCeb$b(evuH z<)f$9TzJccf&m+J{Qi$+R9tWbl)*sl&IXtaP#n5K8H zxAMRJ3b?KHqQuV6p&|x0kPCDqj>o0Lyg*E%n8aA6wDetlqL?Yv5Cm{%Dt+;r<|-?9 zXnRyFtj(Y~9-9obP+XKpNRQRl@i$6rdXp_q4bp7%yYUJxryo;iq?|}TbIbQG>8&i$ zyNgMQSzyY!-k<3{JU#99hakFNY(qvxM;qEOfgq)&XBzy0s9OXkTdu50F%N|r zO#DT`$jm<-&s*4?liO~MF3_eSf*$6;=q5W(iec@^8m>v<8QIKlW zxEqn9h}`2Ta5A>QVaA*;li#-Vq;+@uUHUQgX5#*0#qY}rK@+=t)fcN4sA>^}am8je z?20>M&yE>=qk%sdwYVZ;FS*r7t#Kb7;av6-XcW1~AgRbnB1o1vF#NB10c_GD?&|`8 zLk8)qChD8HYI|jlvLmi2{8JeCCmAa;;7u<8?(M-*vP}U-wcoyQKqBDy z%Ac(40C2w)zk?}Nd%In#(v8-Cofi9Bp2|?n=RX0t?iq}-Qjb70wQBXs&G3#ohB#dzBpr8jiJ)go#)vJr3g!Z4pb$!DRX>Dyp{M2d-Z82|P0=C(Zz_qL{m{Xpd4 z(`w}gDb%-!lZ`NH)FS8PQCkqHA2oFO-s9$NMy<~S+C;&?w%kbPxj|WGgOpqozx&*& zvh(^giPo2q;OZ9SqXl%V10>0%FSo=Z2-GHz`3MoJAG-eZSzU3ZPBOKJhW~r_BMG&r zTz_4{y)O=E#Ce9ar*a zhmyupos~T0k2@pa6Pjh8thAKwx$?A#=vfBP$c`|z`_r#1enU$flt+FOSyVc%y)6fy zk3!Af(kr(671y)yk(8+ZJxudc{@cUIVhou*$G&h?^}2RNAM2-M#Ej4R+oj`ksus>82l?bc132!?DLt5?S>BUl zIp0&BUar^^OE!qeG#y52>MJkdiMKT3sN^RAd z`Gn1c5EDPh{%!{|Ad0h6XqaRpb8A8R9!FfW|-HrCIjxJP_f5D2y`nKVuqizK2NvA z22V6-mbuMo`BBiWq{m0Gqy=aO&o*Zg-iweQnHnl?pmRyAu6fo;f8$$JTJRz2cWp20 zB0-+|IqOL6d2GF+RcX~}`OKf|(t>XPE?$9kT4?@XciBefpx~dwLgRqdvEyko^5Ro@ zkq6FEtMXL0-=_H2Bbm0NQ>#sS0rNd0v}pByuTHq|)$&Q$=Kn5QmlutWEITy=Hkq2$lRW;OD@)`MYTV`S$60KL47JR~A6b5DmorgqksD-lc$BL#jbrlnRzkE$(YNn9r#H^Z2*KwqmL zmuaik;TszdLlon*&#pVK`CuYl;Wgkm={|5n_EA@~*8v>=00m7V779F-BP}5j43A%< zSP*)km@5|aAzvD@Tu>BpmC;NA@o5s!YGYMp|A8#g4W0o??B!m*i6`unq9`@2=@CGF zYFB{ZgngTHQ04lSHRGyKv4S<0BAv!w#8$dxhRbE0JDCTFo};j)P{6m>r%$u7orS$K z`AXg6NHQ3fif!hK#+6#_Xc?!~Z&m(rhR&*=k*^pUCvseg-DXNF5me=g8li9#+2?PNvqn9V3K+2Cv~wjYgW{!4U=x3s#Ftm; z&a+n`9sLwc$OgMYzjg&wtRtief_W{kjcEnm9Dy(%j&9|*FHERHJa4r0KcjSBL~fpJ zV=bL(0uX&eU0Y^P2Sali|6lcMB*$Pp8}Sg$CJcp9CuAC zN@&5{A4POj!yN9sb6SoVpMuk=A_8_if!oo1u47pmVfmSG`r&=Qp%Rs zYQ??8JdlPIg!`;e>}&y`p?b^9i+&%skGkL=r2opUpKTIbkVUxtgyGHLaICV)>9KO5wVc@(Y&7@RETnVa;j$!uR zJNDTodS&)qJ9BdY6tD@BV8d|`qQ-6m&Q?!l;1mJRFCbev<=NT~=p@NT3);hew6raT&jO@8UfK%8PyTDH7phAr65 zN_k3o1uLhZkXIZTv#9*W<5z>d~)PA+Ey01a=Yz z?VY5cuTCdVnJ9;vxozhp_)84=mOe~pX=f2;Zg!a|Z|Y4K+EBNrl|_RBF>^fTI?8ee z{^nwfxr>I^2xUw;gJvIm_^g=s9=9oQ$+2qHp#zm#X45Ej?P9*(Q%qRTNHj9U0pCFP z&^rVuxJzmuQi{&0pr8&c&7;fz#9m5H_o}sT(oItQVy;}>KQ?PhKcD0(G7y2oqel|( z)rqa(dNRCSKP%NGrI^s`x4Zp(;;{nhl-%A&*0m+o5CH6&pJWMm6XQoSdPz$q5r6CL zE^?JuD#0z>SoH*h;C25gAm~<&?mh7KLJ$G`>8?Ha_Jjz_`6d)?PkMlL1+vWB?Bvw^@$(K0R7*_HfNFPLLTHL+gh#KZE@%Di1GmX5^{* z#6=&g8{@702#hr1x^O2{K|8X{M*!1GWCM^=YNxb*W+O7L-So2JldOK?;wTj)`pczS zX*>tZ;f%*md~F&ll`_h6(X+#GIl`o?Kf%y4=JKKiliD1%*7%qTJ_~GTldf~OCW%_B zcbj0qUdT`8Q{<5kzW84|h6nGRrD@8Yx2t%+eV$him+|oUEJ)7>fE%E^)V4 z(O7IlOJ3}M{cFthVYNKvOKrvr#Uq|$8(P7yOZ=YmEhJWpl^Od%_t%_lDLC$9a^9k2K+8W32~xf&74_isk(IGBu(|1mA$PLAo2}5x=a5^k|N) zjhtkNzkJv~DJSb2eE+Vm5S!(SVyF2mGzRVIGtWTehVtc5L;=5T@+>)1Ne01RcL2In z;9dFL7-nwl)H3Xf z2gRTdo~Kfk=zG^496(9-lI*778uZPNH`BKE}E zz;fv72jgq!+L|4DXSKm=zum}a=5P|eIdQ2?CSEBMFr*$mQ&}d=;E(Zk{FbbEneXd| zm0h@3MItD4_Ehg)<<2aZ{^z#+m((XE6;;8{MSxK)2WFE&&?l#-irwBGz>cW$hB;<2 zFXIM?NDmHoE%uJqVGQba+hW1>+3r|lqq}y41M^%xKoJi*RzZgopC#2xlG-%YKW`8! z1xa3YqwuM5<|44|PnwJ+4+p{R7-jM0c|SVR>W*Um3*7ZJua>GFMT)6Q7KO-Qjg2WI zV~~NKe+jtFv>FDfbdd_e$BJ5KzPS-nG22R5tI`bGO>Jxw7Ke>_ZP$8HWKQY~7!&n% ztFUbYE<#$^*Q;UiHplQL^QzZ^_q)E!O`+a7*++^d!Nk^z7s4?H;(|%}?6&FIC*{t& zS0Z_l@-Q((LDpB`i<93T{%gv9%k?LOZMVXCky^5)5YIpprmx)lDp>iN}+pB{Bvrv%?q`sdXse2PpM2v zQiZnWy{0_`k-*|c#a_Ohxjb2NDHHG-%tkAcZ}zyLbB%b@jb68q@Mi8V+`+QCJtJt> ztbfkIoj|~tAAnQcSN{2{dg5{_5i*>!t6g=pCdKP*BNjR=W(O2)Ff(esF1?`?=pb4*jFbpIsvEh-}5 zai#s%>AB5X{pEVTr6Ndh<&o5GvU6!+o-@JO46L8Wa7h=??B3w z)pmpF%ED6-du?K1%1~Qs=J%^LkDuOM5w4oh6l>TAw4fpJW9~iY%9rj@A3MgUXLN%_ zbQ=)1{)9lQ%(ci!%M94y^7S|q2r`d-d|~s=d;4r zU1b#h!hktz=@GIhbK9Ecy;N`fgUy;uP3&vT0=Q8)0W*|{!IcckJ56yM2jlM%R9YfOCT)pDZLB@lnE!^Pu(Pzk6#tg;YwgXiOm#%_{1dj@x z>0-^k`Y^GiC>1Q2#QRw1iTFF!-{dL&kMhUuikjtK4;S}3wiu9GxHcE z>wG^FBDKd@w9<7V_vZeIV5aM(z}lv?crHNPXO_idYq_;IeQWdRx*kIHxFLok6I*Ha87x3+!E-^TAT~yU-h;D><=rCAJ1_)E*?RFIh#fJ#X!8S>BA2hfq7=S zXc7J}{deYo*zU7n&!WU@ToZ*MaR*Pl_9;Guv8lht$Gd$8>xC$QgDPkkC5yGUi8%Y= zw0AM<()`YYK?A!6o}k0Dw&oU!=3Ov=9on~de2U1xPMsu4NeHr{tp{{c?oIlvOOLJB$!!{kS z?FCh5DIA8JAXl|*)YLSbgla?KaN^1vk2MgEWHVKWfr~uu>X=QHb-Pp7J71E1r?BLc|=)j-i zVs@KMn+xwPKVHvD+H@rA5X&pePyGc7KHEs+$8#umw^sRDS)sGdytyY9^6o@RMHzIK zr9^99Su}xoX1YR|2~8@Rvujr&XF>w`=Uoid?N`D99e9epH(B z-1mBs3uO^Fi}hpR^bV!ltn7c{%8$$BRNPMJeF}+@#cW`Wlb604Q2OimRTH z5iS}_I_`u2*ai15MXubA`AMI0_u=Q9`xPbjd5bmkY=T1Xbvm*(nkNgAi{+BU*x&gO zCW&4eSlC&1OD$E5zF*}xz5qprVbS_m%oqpK*_LeMS>=>#B9pdMW2NuG@<%~WOe)=! z^a$)XRa()@o}e&8)g}alF{WDOvD2{F9JIM~E(^-yqLLp!<6C{e%rQAg{y^&myr8NL z4^e@CL%_e52JhuEAwsPcnjW{);coz%G86!cM!bHNx3(5UAr@vPGQ()Jozb}|76VYF zdnrlB600jb31?wPv^`aR|KE`QXOD$wk59qNpo$$wUYMF8%w%;{Pj}RhEl~>nL&ALe zN_wjuTR6|&u@Rz1s@;EB?Id)D4z{{3scFsV$7%_&T@dZ?W5s4xE$)f0UOdQAh=j6!!}sD5tk1o`1Mf+-{1vkFJzUMOZsCX6h5dFTjdW`#Z{NO9vozaBUw ze!*xTE)1hj{2Idk9X1mKjH|1Bz~5-G_T74=8xbIc_ebK4MvToDK-{V+Y*uFCmfWnd zWX0CijarVz#S#z9jY)g|BQ`p0C><_b8*^Hii^@LFHY>n3KBFdf!6;GX0T%Dw-Fud+v^}mIn9?=7EI3q1GcH+_}pNO6$FslGTupnB;GFPbE_-AJ@-i~Yrn5TO80 zI7HJ-&()%u9sQi32jGB?N)hOAmPx|>V#o2lyLPzr zJamBhp7^!??;ZXiH*v^dr!NV8iWkd(OzuV4#En%K{R?jQn=4y0NlJ_&E)fNtJjrGV zEW=wLm86R|yD_H@ql!ldd^uNH&@#ny-G~{BAd6t{-Y*7t-X_!v9J^qgdhOoyO8UukLhNN8&%JIFkp-FdeUOigX|B}8 z3>VM-Jc;5;_Hn}53oUdJJNeq2dlzNH?aNYJ(dNCvtj8zQ_S6!XR08L%OL*a} z=zz5vNZR!mXwFZMH+T0gD;4Y|L1+3ox4wOU|WF1T)(#$5JxKjQi^q-6XyR=wA&N6K(Q(9>+N|7M==r5+T0vMy7D-u-aL}sZ1YtCz()g0I6&yz@B~{ zj#S-LWRe3oja9vlZvlbW2p5HtK0!yEM?@#CD9t%UtT2RRa(Cn zdD9;Ov7YT;*7lh6Y{eyFWErokzORYiCJul)E?bWke7-usXQ70 zow&1asm6V~pwyewdn2!ZtZTg~y;=>JtNXJRuDQp#{?2%FzRmL={>%FRvZvZjwHQJK zg)A^bVW`8?VQD=*rfn5BJ58-~E}gt)DjtWuJA3vn#a>yMhkub1)-(t)lXVQ!K=L(G zj73-A;CDPm%{n!hB;{VOr_cVI6Kp&4Lg;JpEE^lqk5i*RuZ_nC?P`JY zs*??HB#GY}?7(_AcGt{7P_?pKSoh&d8K#-G0~+8A9uZnVm0i8;oB)I zXURF=vi7xQM?KYsMhe}Z5f(ezfG1Z+#C7a%h7}Dqq2%V|Ag(+W#ASLrk}dK!E|c5E z5Re-}cUY;Xfk3-^rRYtJ&+=XtJ7EWq!=Paz`+~`oc|P8A=;8pWXImL6qW*0d{EeQR zT(s?6I3+tTV9tP1qZ!7wIo-|b@AtXd+mb$eT36`qM78HBaYGT@u_f==>PHZiz3Axq zDb9Yyo|F)>U{$%9$I@?Drze5jfX~8G&T=e0642ndS%)V`iesydfRx67wQ{P|xv>v_ z(MyuRz1^gPnr{AUZX$*Q@C4B$XJe{mF%M&ah6+N9*{XpbVe#u-MC$OI60EowJ75=R znc^~GAsi++8#syv%4gtJ*qAp%w2It5zpM+cBFbSa)+-UZ>cJ`T?``Oh)9wPO)w{D8?1d9RD|1*^H7uqj2%Q!b7v)(YgPLU*D%j#rk2e1Lb$xHQJ;(74k;QP$ie2q} z9`#&FH@k%%UHQc>>i93@f1R~>Asi9|PDb+MZ5&A2t|-%Zl|&#etnb(U zcpcz^4)@gL7TL~><~IgZ`WexQ8UTIKan5R?o1SQKm=n)UA7Kw{;3$yl6lktvBsgbZ_VO@u zi?pN z$uL{aVJIS?C>xXG?k?khuYrCYd9$(RjE(%AJXl!fP~gWb;@3 zF4dh%g#RC%no&f+lj%1~d1GETgagns^+Y#cc33u2fOw+#4V37inO+$bVbNo|?>=Rq&4O;5 zEA$vZUk7UMj55sR()^!XRDDj4k^z?}QAbzZ`}EBIX_;nMy18PymbdyA@ni;8wT1H6V&bwT=Kc;(_xzo6jndkH{o zy=0f*k4`}>hv}c($-ZPt2UlYNjiVAgWk^*Td7Y`npM~0iMyw#Ody??Wf8HR_n0kIa z!7aOJ&TC->Vy1wboa))89)$KhEgfFP!P1Sh(;B2^11Ftz&8%7 z@;K@8ypMIJ@>>jj-aGq$9hdg?r zHpamJ2lVxVvo{G4q$12V7742v`_6d!S*&%`A!ky%j=c-}YT*zAx7vz0h#nDUM_rny zvPl(jdMUoV-rq6{S-?;uvhlu1FU8Ql@^cL)yvBZnq8_uxAqVl@@ND9o?6hyENNCMk zgyHSbN&I{gZ2q0hads6&t6n6%d6z>9WUahYLgkE&gn&lG5<>8ae&o=YYafdeWMW-_ z)4O5nGL4JXZTk-mP0_CYAbi~<*#5goiJlc{bU2LpQhhj=jOE_?axBZuwNMMcbQ5h8 z$PFMAt=ZdaTp5`JSm-F!6QLK;b)i-ae>G#TM!@HL159)0hYLeOK1T@^ zOrW_*v`8jty7(JGYkPbD{JaXxl^GB4ON0-W(Mdtf*Dd3)A1PlKq2r$v3-%|B) zj3sybnU(1&am~AHv}H5ySoJMeA6P3zMN&<1-1qL|jWP{o1N))Y%(&+zz0p$i{~<|V6?CFU4<%yewfZjN-j=oIZu6&FxFTwHw$WnsM zrm7h~0TjlfP!6u=s{h?!V^rq-+!MB-FhVRSZJ#Y?4>w6Ro1Ic*w;*L!L_{L!1l)MXcIKm?$V)Q)$K6(it#{^8fR1|Z+pxg3f z)HTvlJ4gn+oU>=Q&92=Tln#a)^m%U?E-`i@P znk&2^r@;|=xR7<5P6XHw;H(HJiFPoN(Zo`UcaZ0&)WGHP@8RGGC_d44z4pq0MT?A} z2ffbiKiTK#xW zGk?FK7R7=!GB%b(dJ8{294rXWd7G0jSqcb8L?>MNzZ_!-xiCil+URmwE#W z2HzCogikD0cpqoA>4A92)^@nA%u^Z5I{Rl(bX(EhNO0~{Iwr0nZLX92Qz%! zFO5XJnE!PSRUgV5W!td*xD|>CyHdt>uOi zj#Ua(=Quv}HYJ$H`Sr2;Nm#t+5$)P(NfBdg4sqh(tfHBIo~4J6q(bl z-YG~3sm7S4cUHs2rLR@C)?!DxjZz%Rq(-Pcq2q<{vXOP*xmp7ss(C$$m^dj+0bn1G z{Pfz_we5;>Z^H$I4FZ`twVI*gH7)%%Dj35@b~_JBW64O__l=*!#yq}F4d?b zj{qVKQ$x72pkB-~{_fnBH&~-vo9H`NRyb?SF9LbIq&?%og|C~iy!txB*Pu2`iG;Pn ztIk~27tbbe?&S7Wp*GLHI-`h3lTW~bNiHdzD8b1cKBZ&G1X3ZI-Q3sLR-4nLU}0^gG{s;83sH>F%JRp#j8G5m-4m#DR>fLV*-= zYI?e3EL2p{ADl~Z=Y{DXk3=o-BbbpKTY+w~(NKB;v|VcD*HvhgN0km!8hTE6Q)}8z z4Ab?2L?_ukdK+H~>LK)NuE@IeKmskOe3FOOJ@aw~UZ1O46dm)>Beuv`f;6Pfv@_ zPu8*=$}pm~lZr^c`deWqNxi9X@o5KC<1RJ`n)NfigFs}gMeI14yn6N(rZ6*wThAKf z<7k-jK;iG=C)s*C7P{de7xR0>&)@RWH{OdPGj}^RtJFt}`55;;{NChEM6lEu@!b*o zKAte$=;CE!`C-%PpnN0tb`0B~{{*yrRr2ALM%rkNfoL$o^XxbX{IXy97LB&vQ*iSq zN~Hvv+GaTlYcD%^q%G$n?dENG^nIyD%l-ah-efg}3%Qp@TitN;VkA%K0U3KLBL;8G z=rT;4B)IAUzh+GAE+YAW>&#)@MeE$|^)RqxOFM+C#)b9B$AZ77cugN$t+;d)) z@n6O(>ND*L@tU2rbK(BNH>S9&ft2u6AtI-x^AXTrmYswev-})AFk5^>^>=KIsSg`2`DBFnUZYL75N@_P|fu~M9$9OkLot*Mo*!WMEx3KQe_ z;`714<}TLtpUCtm#t+7E5x+Ha?J5PC{#r73pt`ouHmh3>-pTkh#x)C-i=wx2;0F~} zF`IC)L%+oRnL(^F=ctb+viMb6C?g_GO8(zfuIKhbfo@XqdtxF)tzxLjYRP`5ANJwl zAzVEixPI#um6Qw&4Z-5!;n_Pm1vNBq5E2q9R3zKnm`qGfN$cqm*Ecl8rKOcc^@=9q zaKS7+z;GHR)FUY!g<%B~vnyhYkZ5$6{TzhAL_S0{P-+uF7ytEY2d z8=D|XDQM®G>b${2?*`=>lzjL z5OCVY8RFWA8B+5g;-r_+_CA^EMD!H;N&2gf8yfn*D^6(dHoWud_GZFu}R%MwXn6 z5;Cg(>tL?Ui$t3=P*>GKduZ%c#LZRTrPQUeUtT3XnFp`42XD0?cc!xYCkBdpsGnl) zf-g|FV%-Vme{OO9(a_}o`76^>?9e*V4zy4$uHp4!XZGosw4*=VVv1DgTNUPdLJ2Xj zvPtNF)#IvpRiB ze4w|YO40$^kMh?{MMS;<@9T87(a0kS7D?9#+6^&eQPiiURr@gdQ_*U&?cH`2m;U5P^PN>mh^A@m~G zYDR_s?-M6=!YKOR!l)Fh{9xH+991#Kjf-9+qx@iN)t_tFo1euO@FHW9;2btL%gP(U z*Fl{{!c)MAD`EWAHLHjZjk&JR9?i*QWP zWMXaRRfJ$&GtWS!ITWy+5r>z1_MN+#k;M|eI(l^+SSMy4?+{6W31F$Z%1{2^QVsm? zrQ-hU*F*9dXqrsSxf{pN;ShM{Hl27?NZWS|ajg_h_BsDRAH=p|PUHzUK*f!Rd@s@G zK^v*KZ;Z!)a7aj?zU@XslY^5}3N8 z@`^%H;e|X7!?e_La-)>lqJv5~z%{7LNDH^dkTG%>Q7JW%Wo@lS->4kAt@U8YCf{ts z(TGjl_7iy6XAJl28zBCB+R;~d|IebbhZi8sn}@xHuso>}`oH{%m_omqHc4=eN{u8%hGNL8X#zbJHb7;LvVL@cXt~!xCDpb?(Po3-QC?8+y*(5wbuTA!MWyw zp0~TJ>XGWYH2Y9l$~roMQ6MS*kulFwpm1n>s8N7OV_@D2j^LpX?L}|8-elGFN=vkM zk#>B;z@8fuA}S<>Jt>4R9iu;cyM?29NKkUjw$v~!mXl03!3w2d7C{W_LwmLcdPr~$ z`2wVMl{Mxnjmjvu%a4RP8g_5T&v*?3ihI!?--aSh#UNOx-{fT$Rj%*cL!Ehh58+&i z-@kBc{`)IpZH&wy{=GCpimpFK6`(Dvzc^163s1QVeyHSy+4ArbME?Sl%&K6&ie4oB zd6KM`^NEoUpC2hc3%w>G6b!AV;={h@BaPo+_e2f@6Os7$%%Bu!g*ud$gk4ka#3qrh#V1DZj698PhG z30vx{GOPTXIDFVS3Qvo1#Ipp*je^}qQ zT^a(DDC)TIvkxtKeko*kp>H+MVg)7slc?00x0%FqL5FbvMkiqm*Fk9ZPcCr7!>`y_2zGXM4sPz=o*sw>%Vkl$g_jraz5RV+ zZf@Mv)Kv48`V#j7&!N;YvvzL6n*-^=JmfM^8Uv@)ZL*#Z0!0xwlj&T9VM#PApPB2u z&6rlTFx6xVmx70$$+Ya%9wvxYS4exQ75;pblW#v3`u_E>E9HG-_0oJ^k(Lf6X6%4? zp3q!h_8Jou&sXYAlv|>x7)v3;$^Qapb8C7EHOguon9zV~TAHkw6Q${YW>4dTA%zhB zqgMoAIPiUhe=yQoN>O#!6Ko*tOkfVvx^0(^J*m2q%Hhr5k#2T;Wi{tHxs7d%5AiA? zQfa9imRb&bAv7#_KB#_Wx5igH z#61xiXeB~^5Sm<#^o^V8)LNhkD7O6O-=oIgN~Q_@(Py{N*iq%m!}FhP;P`oON=t2#tE?@{rhiX>CBhlrz{><- zNjH{GVYL{qF$f=ej^SOolu{$GHH#Fi`7+g?s@`yZ{O{&O8T@y1a?#G{ublk#-1H`M;^4)&=f6WJ#C>xa#)4lEN9WcS;QwIsVD%c}jm zNg2kEDo`RSR!MqfAG~C;QU(h){!H?hSKB%rUD(GbtCPFYLo*g44nw z&ql~%DD|%*8(Qy6w=)^J5vq;6RL)CVI!L7Cdp(T2_NK|s3iAB&+=y71d$(%Ik!-#4 zC6NBGF;Z1kgehJuDz9HD%3XZ2a>bAbIzfdry?q{3Sig!%X~Jpqi2gTM2pjYL|0z_$ z3T4v5)k+870sKMOz=^?j&e`emW8TM?(WcQO(R3fRnwb*B6IZ+?e0P;c6nJh93EiKQuF>Y5EA#?ZFP2SU#(isdoX+AW+Ma+NpJP<%5R&n^ zyrB>dCWKd>5FSm&J|OZ|wCAIJt{DItaNs&rVp6`0ZP!g@cc#^rmpkz=uwx>-n#Z6V zf+5>#A=9|R1JU=$sZK}QjAzndSPdS11^yhZczE0nt3Av1yZ|V$i^UI^U z^N=wMir5-1s5IQzz!M9WlODVp2gZ)8cJtmd1M1Wl3DOB!3AcUwX|mcX=L-2rY}(Xx zJ&|P6*7Dlvn@X$}eDmrB?b-<BJi5b1sJ8NJGxi{N;RO zlg@Nb;&dAFo!x}8a#O1T=5V6x9d=P>Gh3lua@8;<`B$qsqiuwSmAszMcPJOd17bBE zDH)lzZ%L~kj@{e6reV#EhkK`iba=S$#VN%9X1ZG5|LURn=nUu)HI&E4YlKOCQ1trI z)EmIUvJ7hSLS~7Nq>U4Q>I3)0HwZy-$nNjzUyFOfP@yfdP2;qB8xNg~-luxSVLa<(L#8=3w5(9x& zw`wpJw?J=fZSZ>qrAH9SPGuvA2{cu80$bTd3EdBaYcq_7v#9&5Do0#MG~ApxF5trm z{;S5JdvEY(_*05y-}i?$X8<5zz>Pg%Grn`A#T(q)U0~yGHR8VZ>tq+``}oQ1T{56| zag+Eq{HG^k!V#^$<+{`NeHPOY2Kkdc3IbrhbEhP)4+aRpnLX#zMNaSsx5+K%m0{%M zKF5~E8VNh#V8)Ej+;{J}AsdO|h_>1Wgd`1*A9bPA7OGdCQj-CVNMOdzX0)AUmUCL0 z4QNH>FOM(Kn27U|p~J2kpV1I-tI!0EV#eP2ho9J`V)J!%Ovzr=r=3kKtW>!+d^Wj0 zLagaoAml8`Pnd7s;QeDO%2sFUWn$y%HbGfFuc2U~>_gzy!vxNTlIM|6r-RCS=j#4x zd2D6Yt4rMuU8IO=`R9c=la&G;p%fMOv<-$Oiuk-5rFnGDa=lje{~aj@B%rwPGBy0i zn!QMW@GuhLcygIOn!g2yan&9}6bnw&HFR8jJi6s#Wd&5=32c>CJRTOc95lYx>3kW5 zZV7>JR+rx+FUX$u>B~ksqv~)momt+!Pka1K%?|=zfeA%AvxB5zU`=BlX`!q){(9z7 zBpX3Rf}c010Ke@a!P@FALA})~%!JFy*5&lBB#~7UeTG6&bo@1_Hg7QQswxG@bVTL5 z4;&G^lj75f;s&;(69!NIc&Ln_@og%*^|H}yqk+hxcR8gNObs3a&8?PoT>Ao-K?nrr zM}bpJqy<^XImf(Fi7wKw=_O_phCPF$SJqns(muPaWFOStw0%5X1}n6h5++xs2eqCu zYWEHfsC?DPVPCi;S7ls}-|3Cy1@zh<*W~Np>ENIE^^}v)AsV(g9?3Y89Mp#)F3cti zsFwF}=N6&oMn?fsFX(FDD|Z6HnZm1>`x?VeDD%4Xe73y}0?-@9y@)WB_4KD->hj?< znoF^Ro`z#^KU&OA2D`|3dy#+e;S2=rwmC2Uw0g}9!AaV#?dHwl2E!%c61)ic&|B5U zz{P(O$X&qJ+h0IW02q>b_P|_tbNE=%%CWVPcQC1uwvmnP2zx7k!jMYk60@dol4nAb zD64w2>4P8ybFapw$$Nj)d-Sx2E;*QggGs;b?g#njA-M5l zNGGJj-~>aglOU};(|B4$&J_yt{7}y7t+L&qdg54$A^isP2bto)X0cb_#gEa zRyqpM+CA^9x)MD+>ixh_VW+CzIbD)Bk2Zc7pA_jWDb$mm-n~yOS%UjXxil`(W2sI^ zesf$!LsbB2%Vu>z$MdxrZA(jK03geGd3(_Y{G;^7yIsug>8E`$eg0{0|8Tc&cqEEy z<2-C|YyJ(e|31NOK$9BZ@fTHfHQN3`h;jZiIcoODMuy0F9rsLxd!Lz$jBsFwDUYdr z)`+9some}d-TKI>kf*(~E0F zS-0VI^o*P*suYmCr%9Tf~!?(xRHN{P4%z||Yd@;XoAYGXpHDZx^^aok4xowji7 z1F|A>CJx~mCy2ilYG(eA>sZG54;I%dRA{oP1z6q0MCIXQ;II3z>9DamH_ zu%|T|PR~$ArZRr6lJS%pPN}LAYHKu?-;^1y)I$jZ`$SmDoScfHk-wVG@FjZUu-DZx z+Ng3oBN3=t!{cE@f=e|j{|-k#I~D93&i$?JS+j}ly%J@p4xYw2uiqRtY_{tos^3#o zR80?LUec@a25pGc2bn10Z4V8%W>$3=j%7t^2ZO!&772{a zAmBqt?9XZhOxk!@Z^_P<8ZbScJZ7$pf`k9Sk*%WH7(-bbwUgY~rta|aSl$W= zkCUug#7D+@1!O?O-w_~~HNdvP-Zku89oi7Fp5g#l5=|-e|f0W6t%04i?v)#{=kA!aQ(WuPb1lVVrAF(CrzNldf&V24JRn`9uidVK5b^QAw3+^z zhI?p$6w5^=3;LX(kAFoWA%ewxE0`Pj#jCp)nVxNiDK|G;%0oH&+1A!jb`TurwG*@L z@k96^PLB4bZw>0Pm0#LRPg*vz1$`8#H~jz|R}-sB36Zaaw3^{&dIS+eDpn46D=sy` z2ERodOc9}M{JSo`h=i56Ol}@y$`1~I0!wZR2cvnvjs8H%ymvyP-!)2s>5VN}nY+2t z{uMN@(HU#>9*PV5`nt27!q}C3R_YOX!q+@_W<0HMZp#LAkwiyptM!{rg4MFM%dd?N z(bXNb%q2rAT2swbNFrMcNDAcm$9SFCwlt*ZI1(4&m+us0@;)WVB*PJpT!>aNvCr4{ zY-E<6QkrfY!r3U44Mdj;{mX7x_WZ}EQIp3YUGA%G?!5er2z9rE>C|o0e&RHpvv>B% ztwXCXmAgQk0tdg#hbIJ%OmE4j*Y}qPUvpnyT=zzL_%ra^LgXWp;916uU|jZDHt^$% zLYu3N39nRqT{L^=Dg9g(Fc`Hri}ew(cWhuc8+a5iS73PlY`3+zj=34_h2<8puR1-2 zUN-@VqQO?{|JbWcSU8W;d-5-8%?p1%g^7g(zCUHJqLtO1DqbQMMvQ{T(POi}R{L-@TU zH+5vjG<*SxSNq7sc0lw;!-bPQD2SQ^#HB_dR&Qs9(HUMb#?d;~vgnT@|89pd9-q-a z+^=HIDf{dvI;J`t61(3>KH`TFphG#sA7~EQF?as;7~dbELwH%!u}(OrdDiUh&(&Uhb5|6s z_Q}FmDVIv!u4t)uH<7VnOHWnX-Ql|>p9i-7+u_~I>uR$o9*Te~FMTH_B@gyC9%@Oh z!Uf)OV4GS=^1iHi@Q_QXcGJnyA(O$K^|)(tfky5h>5Thf{07((Gvln6?1bo){sfJw_o_bMMkIan_u5-yrrBp~Imej@ke}EZ|C@{&BQh@e|*ONQO z;#gGJl|}h4=YqOS|6g`dtkG<^kpEtz*W&rPsiCP~k%;CLqw{$YW383!yZWhvlgm$_ zQ4Dnk6kx3d_UY;AXyys^s#F#P;@zGuC2O=^jYc2thdkOZUv9g9g9RfPbg2>7q61lT z7M!(ahdlQr7xZCL66XgWJk4Xf@^{a8w6!X^%=fpDtX~;A^`9g6kBSipL0zM2zub1J z6)OR{_PT614X14qp!%d+j|kiOi-g83Q6=2usw1}-d9`jshm4xjdu#=^iSaPIZQoq$ zugS>7ZGA1y;L3Qnj)9GO9}Kv^o)(kFPj=X``4qX8x9&!}<`$zBrk|>i#W*^WGAljt zBMhz9`%fQ2WuFs90!!oiHnv)&t)U|x(B@yuCM}pvo~yJ| zs_{3f-BSRS@AMwjg=`;X@}0*3TbxV zx9hqea2EEtCwm)afIp#&z&lz!+aQ0Oe0w(-zMf1#LgaQm|629CaJP2@?r0U^{dE%v z=Gw_s#ev&{_-$8LMP*EuXSkC3mSOHTd5=6x5K+KR1gV0DCOQe)a?|C>4!`|(-LOP3 zhCUSYw)ah2*!jAZIpCIarQ;?6vMjny?dl$3#l19}VdAK_rCE?qZF>_891M4pEm_KY zyx%Al_E($!$&dPU!ZDWGB)<$hYx;9{eu~}UR=w6alPAR0CgNTV;wi1_TVU!?Fi!j`y17p8Lh7A3g`BXzFeOhFjTMK zv+ye5W=1~{J6NW~Ywwld@m5J(uFLO}lG!$TiEixTtNm4xyVV5fXtRjoq~$2;$MgY& zLN)XBY%Gfvs;!lamhuH+t>?NZB4GRL+44g~?HI`!lT=-K2CNuHH8xr^#s5T*iMT&q8l?@*sAF;S0Yp)Y+{MG?kG~gN3d<#z03?$brNoK}YA?)K09|En`a+pLR(S^HalY(yff ztMlWnj@`1FcU7$T`KnUukIw6{-Qyr-fjR1=-F9A?;H)xD0lL8r= z`*E`9F5xVaB7opPW1bj2(u zZw%HUqGS9Tb8nWpQ6{8F%O9Y-aH7Mgr~XsdEoS(-HrDw98OmI^lZ3eYmGFBUOp6EM zD^)Vm(<(7rM}nuH(;;SvN`jfbRANR@ykQN!J>Msh?PV4OyG z#}=h;OBXrPXQPT2=&lSxbTF1IqpNG_Ftt#PR)fh|O4{(rK^0jgpRZ$OJ*|VV9FMeP zPF-2nP5lgBeZqs1_4o-T5%(8=EpFkK;Gu}$<+;%x>z`ElU^QJ zUza1;BWigqBQ(b}EsQJ;&3L)9XUf|fG*?H4z%GH(=<~!^Ns-Fmwc}~CIdE%{l3$tc z=@=}j>T}ECOYv0%u`G>x7M}z-r*70?pdoG4rN>2x|P1 z7Hb2{LnyASi{a#M*UBb?5EJ@csfZ_gBn-8f|6znI+2mWTPH zht#nn$LP;x9Fv*S_9IN>9E=SWXIjr4C^gWguk??>n-kK05gwo&7dBpO-x@j{upGD# zmrekCKBjZE1D79;K2o2ZDTN^c8)fS#D>X$i=gMpP_mI4!^{M~wC{sseK>r)oZtn=J zVi|H+t>U%~#g<>K{e{FMO_&j3qRbAXsij10RRVUA`bj8663*ke@ydvg`Y}@YL(5@| zEs`2;w!jVnEA!!p~ct(@P2)^E9d%mzSD!HnO*D$H&@)^t7xD z!6mxDeF_?|&Eg%xhsn*Z5e|VsSbtAL$RbSvdmH{+i)8CAVHkLthpjDry(V3yPFpYn zCVltdpji8lzlGmDH7_qdJw5%<(2!qR8ZJ1LZ*Oh+X*O8rF<1creAn04zy259SCrd- zu#WtV-75XG*&F`$8aNP9BDJ$cB;4J4Ed?;^WP{0UaxHu$ z33)f(FI=wE0I~TVTR3NAUmC;4J3wSuj;!r$b)?N7b$-gOe?BQOG?aAOW_syE|7G{N zAs|8lGb6eBuEA{DQw!&@ULd9gNLEfykUB0j#V8X*4V1YJe2Lr%c6{MvT(*3R){X0-*anyW}ny70shHuSJ6wKun`~M1$Ja@W$ z2{&d^`+*GvzVw(21F%DcpX#jAr+0{bBMESWCZhV_$@WdQ_b%?#8~7l?c2?F39JC@+ zI3WWyk5m=XO4nc$yX365`9ep?&$Eau-m$EYXdI$PKvwI9W4s%XWg{z_hFO&>nL%}n zP6<}>S%6-qCr&~Z%4L+W)A_3VtZokroiFKGc?CDKeXW5b`jS56>t^NJt!SI?9x4_T z+M3P-p`Y>?i=*n){X@?(uiJ@nR^NFlc*Nv0*?E>ANk`gjsfp%~wem2GR63X*JKIl1 zxZ5XkN4TFo7&n%F|GX!wLWPd6+PzD0Miz4YN%}8UhKfDI{qgf6l&WVC#9%gMbH8S3 z-iNP;NaML!%_;`IU#HI5N1@^W0tZP}p^XysTxIBxxLAtteAkfJuNJ}9<6|?@s)^w* zM!Dv4Z`u)<8`@!yT{wA4guaOImmzw%TjFbyL9*%*eQAcgJ|3JLSy&NIyQ2Di?ds_X zU6jmiWlLO6B&If;5H`4a`#zuHk0M2V$#%*f$akWaqzpU4|49wsN>Ns6tSpyg)nKtR zy|cafH;UOu^<~QS}pIK|Jk8a%=gGNkNYk1Z& zm^6uG44+rKq|lhZj;;}g0IMRf(T(%T_4l=US|2*KOi zN(B*x)qwJ^$6N@7_v3J%LEe4$^I2SZKjUo^;Vl@5naI)dLZm=er^mHb_}BCjpj(-- zaM`%~68;~9F@4=^n%_iyLzB%0w!LdYvSwOu@=xcps&e~xd0l|VHKxrZSy=;fGRjQo zCv{_e4OmRFt&`%F$a)UmEG;R1L+qQv#)e7i5us-*CM`x;FYUxdmz;mHW$zsB^*I-1 zY9nWt?w;@vKLc=MKP8WJb=41^(w4TT!CtN3*REpyJ%g$4$U^u3ok4{Luon|-ZdR)@ zI2miXy!ZToKF~>$q^c;%Q%jmmGCEZ55-n(85C6F`SoY(|n6jqs!u0zq0FHShBgVt2 zaCbU{=BdJ0lDa;&&Pf}3Jhk0O4L1cORJK^ z?-DmE-j*wzP@bPG9%c2Sj$;-vq(;#K_YP+Dg=-ss4~{*cFXVT+_GSXpMv|J0SZ(Q| z{T33Q7jp9iH2vT+NmHDRA)GS2G)ChcHa{@MC;x;j+vqDlcVRMJ{)pHiM>{FrUH(h_ zTO&c3%Jz(lr673Li%znvc0}IAzFwE<*&7Oj@9%FN$9U#6BO_EX)QqM`om~pJnl?0~ zbxBfPH!pbBabi6dYo8zq+k<4d<&37daX&}X+Ov6*h}xa`wWJMXJBf7Yf6qUCQlN3j z_Zglfh+x-U^;3!o*(p2j^d!B}{+dv`f`))Kc1%_ycx@R5Y#rwTrg{`FiiK_3i)c#mYHnXRC1U z_Mb$9+x_diCL;=1gZ}eMW^y!-AqM3&CA;VNCD+rUOjzw~xzb}-MwI5|eMlS@N;aw9 z=CtrF{}kx-tKGNH%ClCJCB*30(|y{SAesAGS_ z>PDEw!xS#^n8XDD^0aQiqcPeX}^&VVS5*FW$Rt-R!AWGI*THq#ocE4Y(!=D zN`hT}4aZ>sN2JW&{z6b!1uLXDCGF@*`h#YK z$g^}uG{Zoj7gjC*|4h}!h@5b|-#%8>I1+i*ZhRr7i||vjd%$5_>-sGY%5$rpneJ6V z!b1U_o^0S_t<5dAQ@iX;-V24DpkPt0Z{kT4q2G4d8`$SK#Mb$AOL7 zjoXpGm6`MNiS)kM{B9~rU1@qYH>6~;Hu4>N)klPRNz3mVTl>nV}`fM;nP)MAP)DZOU@q!37*kY z*^u7AWae%RC||uFJ8vx6B@A3&BU!SGd4QXCbxrXX?Vza-a zp|sFrpNm1|6s4(~CLm$eS>uShTB%ZVR7h7gI22JPQBZ&iua%UjHT$qXOX`^FiM+VB z^lqRao~tW;TpDRcE*;}zVg`pbwT{+j)U85`89N+4z&at{*9$Z{+qF1foTIT_YJ96) z^T-v)pR>h$I47pV#)b1{VrabQ4Izt^oscCAPh6OE`6C$qJ}vFq&Au6$UnCpkr&Q#;x zk-YF%BQF!0nQ+ms?(Oc`6Vs4wzcfTY$VoKOETzg^B-Zg3ZNHeTw+rI2<{G*(whC-e zvBLPIa+IRPwunER9-K;B4Ijd}<%O+L5#7aA)(Pn1$l@mh_@+wTDe6ByY?K*a^SIE< zuvY=kFucDwp=an}BN9^7luK)fKYEiP%^?VghehrjxO_6(AKfi<%k#GtY{7ANQRQ>n z2}8?bV8DibBYnNK_?gs7)_wQw+c(K`V>QCw)e(Z_X&;otZD5y!^7C{)zy->5AwHi<72hN~{g`34HDz_YAp7vFNC#oU&B-Yhxal?2w_?&m`A$@9SY z7S-!iVLq`?Q&6ZSp2Mq&v6)Pu<&FzRA{Da%B;RudeQ@WFo~hZ7_)2g=1m3j!@c(U^ z{PWL<$4TG!kaRqx3`u2Dd`UJvGYBWsU6w--$*Mi&NA|ouisOOs!HUb?Tx})yo>&My zHVR-6SG3Sz<3+AA>k2HsWNBUnFN*A5 zX%@yXSw-@so<#3Q0c2_P6Dz*tVOuT!Axy3~>I7Ai!Qm*JV3N$R6M5U)-w;{811*?M z#;>i5)2WFSb#opW~hqP?yuz`LWalR+fq;+-DH8YDGidQVn*rft%zmOi=rTdw|R7D5mp>9 zSQ-`l6QiiJcM?-X$dLMUhc-du@NTj6g%371tl>(X0gTSTkYuMtbOl4o3mhFRh`dO1i3e?&n67zSy_@vINVt-V2+&TIS92MJ0w_ ze_-rD_#iv@5U%jHj3xx!MwA|<6DUJ=0?@c=qi&v%k(rGWCQ4twWm?F*>l^xHVg{o9 z_7T9+F`(ZU_%+5)NkxVrZnZl=!V=+hvoE$e5$-Q^lqjdge=(+*yXAt!OC>uxc zbVd^B9b0G%HbkIZ&9{fS1AcDY<+aS6`%V3vokISU^1cFRvWc8tjrPd}lF=7bbxrYxCKbNFR)UgVz%l|UxH=qa_LNCwkiX>H@H~V> z^t4U5=JxLmV6y9>csvE}$T9x4iZ84ogJaQ6;kB+<2b;uGhCx*j3D<$wz7NjnLWT8T zCHcAy`W?7(x4CtHUMu7b4-k7hy9R!-X7^addhSBF7dzT(N_5$`p#!G9zX9F$8$Jd% z_BxRc>_{EImzw7XkJu(_-$dQ$+R&dr|5%p0Hj8hXEx&|rzV%J+FDtNFZq(6e+Txg_ zAdI+Xq9RNq(*YZC@CKpZliTsT-nS|C4wCrTjSDm72I4l|dO&jgzJgo~okAi^;tMWV z8k3(@8rSEo`jsZXEI&lpmo-OxR4vGCXPj$_fFnrkS zg&L9g>Ujb7>6tuV=le9eFOU3LyqjcdDX-eXOP)Lp;98t&u`2G2J#7hiQ0|`EWL6G| zw`Trcgca+;1}3lNv(%IoU5r-N z7V2hxH9H?0{jt;9gbD_7EQl$=mjJg2%uw1euyM`goBrtqUOm=KuK-FS2IqBw`HAhB z4d*94x~yP{JTVgITdXmiPQ2N+dC`IU{v~x3|HC;5QgTq9KO1%|df?SSZbPVc1IEoJ z`~bp@(sYFyO--(W2Y)|_TEaLr*f&;#YJYN$WJ5}kZgKe`x-!Op^|wGx08WX!GsJxT z16loFYS)-7#DT^!nNrOkI+GMnlX~%n2FzfDS7g3s$SN7LOVNL^X zIS_5AF_OrDXpO-Py_KGCDR<#=tj0xMxEUeCHu^o^8h&P#52)3Nv^@yYPK2|5^-znw zJjNS~Y71jq4`8$yV38)o_nU}fFq~bpFX#D9rkcR_FrGFt8T6>k(`JoNQWW}bGy-}A zZ0pzmdI!we8dF-8-~j_I5oOW{JP#whc_zCTaly|-cs)H|3DK_Fy|{f5ZSh8l=*2Js zjjJ9#17w2E1Y zgwqnj_eY*+s+~`4s+pxRf_5PW@Qcml>$JqY(BF|#E^Z{%&rW!TA_T;}<3#?uS?w&MQVZCV+4Rk)E zop5kcLDXjXUL~T@YHhvK>-D5DZ}d`(@(b}Mw_TR(1C8HEs0kSsY{WWHW&M*BCKwC&f^+U3|wj z`(_d=>3G5w8ZmZF)fz`#IK&2SU8(--3U<>s%<8xg;v>&grb zP@mNG8Xf5>H;06E0R-1KQt4GxWez?GoOKW!pf=b=L&kGeZeSjNWM*oe=RrCmCfK{qpyePsO=1n%P0+B0Ju zTFr5T!YOU(^^+9C9O71aehUbtzO1Slisq*?rSADLiK_ip_f^Z6%kM@8lJTK8_UIez zM)Lwa;#=~*@@;dG2{Wafs2#b%`V7aKH9y{L6x^0vSw+rJF3NkWh~oY(`*t zW~ER~nZk*>#skPN{%q7b`4@i#2ErkYGdizOJ`%yUp`nd0dN4A4*6V1)TD|ck*{OSA zdQBxbS{ud;)J+X`86E7Vpu?EOAWMLQatWUNmAh;Fye4<`Y8Jnh=7w@(Rw-iGs2)Y# zpZ{DQAS`d+m8|hQ%<|V*d<`5fGjdubNPk953gtw}5vp&b=HZlAj~>CKCaUFs|)bTMX%lb0c;g8HZ|S3KVKcOQU!SZ6`YJ= z+}0dm@$m5-4l~^Tfcxjc@8Ku`bXy#uZEbBwShK-HEG*}1qdLpMZZJuGdso*+N1K&; zi#wOPBxYy1G*0C4->f~i61xe0>Z#s3v}TyU0-sH;#XmU0+!6<7{;3m!=~h?)eCKTT zxm)@C2)5&RUtX+AR=1}6du>zDRD+#+?pD_vJR2=}wQ`8Dby=f%2<;dz-(irCD3VTw zH2RV8`2wK->++%nzZ*q1)u;y~khE`Tk3qy>LS`d(gWnR`FzNQ&BV66qna zUC_MB9vz|n>>`C-p7aLx8lEPLZ16h{hUj?tf;o=8t*pb7}M~k>%hF7uqW&Mee zN@HO2_jdwt4_Ogy^6;t*5{X{j8*ZfM6(6j_vazC-xm z_8v|SG?9S}+TrhQasCg7K@vBWBc8Qs8XER-e0koH$^CQZxu6#W`^DNx6nW~?Up8$< zCvN79+Yn4@+C5k7b`#D#&(%$}(gYd;6OL6~<$mDq2XL=lqAWx3{SCLBjHuS+!iZz) zT92{o<43TMU+D}BJP?gqs>jR1Q_g5Cg$q?yw)Iu*GIh_$7>uT8ymiAc8RCbPP z1$PzEqI4U7`bXSU-0}V%oL=GR!(rN=pVR-#BGkP`=&F0w@mnQUaP@g6oX%6FzqO`B zC>{^87LYK^1$7_M#hVGqE>Z&_Qa2z5QqtRl*z7UA4(-!XkOWZnM^~I)CN}Zk*839b z(>A(!2T#el^s))Ri61$^s#>)z}J zV!G)cGmdeg1*wd}g1IEs?(Z(4VA;Q~TLQ?|EALbKn{5e&xqftBreRg<=j!iBvIgc- zkLW3+CrHmfF2ym|c!I>QEbbB-_>-vN8JNk{7Bj--?RIFLSu>x0pMFZYbNq&Mo90hA z=!$ZB)IzJ1*4c`27~CEq!>};8kZMPAZ73(~{k>NBvdi4+_ANTSgZVK-$NameLCNXL zO^p+y;n$I7Tl%aEw|J(bj3~G}RD`H(nb5v&=uaYD$rK%jnE4McDN7iw^Wo|10jTJ? zIoLHH%7R&FUS0up?1qYBHPHm?Ag(Aur$yph!5Vp)QhP$>H@=!E5YhL<=1%7d{jNmC ziMOPaAb((AkJ|~C^us(a&79jmg#4WTSS@q`q=*zH2O)P?4UUsn3WY!eIa39n)WAsc zp}x{=Z8Wq+7OVtljpj?5DX115S>dz2>!G2vmM4n4HzHs93M5@*yDp{qX$(&DMLh@{ z`!;1t=u#PxS8-$dO6^N3ruhpIbx40Z;`56efsxKUqH4?l^&^Sy8*?Y9)_*-P z2#{$ejv7c?flhLdxX#|M6M&ww$lrSoqu)M6k1be$IFzS}K- ze0tbBxOXK_He=_Q2<#5u8LC0YdQ9MNCur8AosVtO+T2**-rhj-^5ygcchiII-aT?{ zfZ$0X{HX@1L&bM7VCMQ?bGo<`KXOY<-P-UTxNnAxQbSK?8hZe1z&07&CcL#}*Y!ur z1RvTM$!!6ZZ1flR$03l$1zh%~f`F@9UhqhbLL3#iym@*!iH7B_$8@rc{W$>JNbIBx zSLyOF==YW8YC+B++0W}E}pm#6>hs?kC(}+Tr%KzcI zg*YbIk>@GFnLZPf=JpkY?93cc60>a;r{GZT^gpB+`z)N@{EDG*pt-Y42rSrr&$?@YX_BhNQU9YJ}H+RNztzYMCsJC3Ie4! z=xQA$#$~q|tx&O~k;uPlnr}JU!S~x5FK9>(i%4jp@4j>;gE#d2SO6r8KLU4a7l~n$ zPiT=W@62l6t@BylK=H8M_!|Kf3$jNNnEQ518D6&ZKV8ed>gR$_5UHa?n&=0~l!cs# zVv38rF)4h@mE;K4Tus8{6O%6tID{c9I&qKAW+43pt60ERphKf0A7y34lI-M@Ux;lh z^!A2ZluwwkQvdNSQeC)hcTiy3}NX7N@>f!N$+6(NJUOzD;Cr7KLVVFw@ zmH)oLcap)O8>i~K+?Ub$Ge?}beK8D|jL&ZOR@-3{Gck3T&XdHf<7rfawPy555ABU$ z_SSK<7!epabUjg2K#kvdGEcV-K8v~My)#{kI=8;9PuJ!=nu47#9siHAw~C5-f8W0m z1e6q{Tab|MPDx2=kd*H36i~W5q`RfNd+6@&?jZ;MAKc%)e@D;3!y#+Q8s}YiU9Zbl z@s|$L9Mt4NmC;!&htt6-r?m+No_qp()B+~|HF>4C-I&+jga|7xm|sPXBQskN_UM5- zgxb!_nYC6Mu3CInuX}9c2HA5Pg<^sm_6EbcTbucqdnLy`F$;}rpmkp4K;=%#-Zk2< z4^VMN*A&a9a!dNFyG9TG=KS{nPI2w)Ob*PtURnjJ69FOO0`*23ZM&Jhlo0p^&-k9iYn-!?Kgk zm*9_byhtrH=kHSMq{<&dP*7eTRqX}27oERB?C-d^a35_>B9F(32NE3gy~Ark9zUO3 zJ9z)-(@)n!>W0e!Ej&0&C}r0NpH6Qka-X{Z7n8V~NNUU7pE@Xdx?_O~i|R!3LL3O9 ztG`tDMS>PZdeI8Vu%y&%^qA;okNLiAFrK!C@Z&@4kWZ$C%;>Nhqat^!P^!rF@kZ3Ouw@qV#@<*989T zZdFzrP9N~IQnTWv%c3({{oAMtemFhj4K0+3w#_3lE!VZGnITU6+4rmAJm4oN?u5^l z`8D2ZfNN163~&*&Mow0LU7r2a$*=U6EDwYC;FgG+JC)%5gtgC;5(+aBfkkwqqQ+r# z6xMMwd#JA~2ZKB9RPv|2A5Yr`g^eAtndf)Be^BKDftZRxGga}cL!L@ekMOUieF|S~ z#JwEMS<%_}UG9T?*?ZonrWYU+2n2Q`RY;7E`#t2iLlN_WGpc2U<$&1@2K|e1N9Lwc zagNm!qH34sEpAc8Hn1IqjdArU`KYs4$VP)KEeSk4DyTG*GMQtR&c_@^%l{}v-T%~H zkR4HTAzQ0-;-fggq09{vMQ>qu5`L-n5Kfmf!@!FC~mIsLIa z)#dUx3GAOhNjAj+wd*iAxzmUn*r0lLV~GTU6!0+v!k&YQEpFFq2M3^k-YekTe94XR z;8V4+q}16Rn03F9fH|VoO(Yn40u2Jyy?Q2~o~6pTxqRpHean3AYnI@r4t|!(@(Z_ulE^dM}87G;CYR(A@=alh_aF&fk|^ ze_gCNT3ZVKoxtB#A_TK(t-al@8|H8nhl!zSqm$(T)jvw}=yBo1TJ4FL*MztK84Q1Q z80Nf^mSvFrtUIp2`*5KqQughIMnO}K-!*r9p}MdNlGFI&U??Tcw<5!rPCXc_9|!u{ zM(Boe5RkT<)}D&Dj6GuqpANrJ(^DQ45ETmytb?V080C8@L*&yw zR`Ed&_H-bT`*+|Jx%c+F7X%mP*cAu+nUW3``UZN2B{!5X52!}BjO0*3Xfp65d=YA;LXU#(b*(_df)V#_G?rgz^?TvrI(^C{e&s+h69KdhqQgOhlmM@*UN#Uj>PGeT## zlJ?E>dmmwq5fQnj;rLetZf{{q)CKv^UgnS*W<&@wdIOqAhW=g z(7xMr?4e7{$#;;ql^A$4-1{S-`?2#^!blj}?O977dJT{Nf#3eeQ%Ufk`|ZIDTRdZ>RH-!RQ#45# z=I0O>+HfhL;-Bp4EsJx|5S!lh0#exw0qR?i&Z}ZgwXkx(kz=ZK2Rlm3VcSAGVD5u* zxzkH-2?9`vJABX70Rb*DAiUQ*2yHNN_Qsbc;^@^4@QIx?X7mI<>@7CIYkS_ol7~Dr z!%D@@8cC-X7;Mef0q`nX9SH2sa8kH9F+Gpv!pifb>cEizkZ6%-dw((YP8Xj$as`n_mF?7A{iK53mt<>$Y>RE*gGu0h|IpT~zX24Hx~h}b_o(O? z=0@?e_1|4WP!k!ByJjY88TLnW^j#j7QDZmd`FpoVp!0sq84lFDAuAe>h)%lWVJ`;c z3Mf)n!aUMNCRJ0s`8n7SsG$CRTi@W=-(-8q%4@YHk;VE$GMlCE+wzugY7DsCeX*BR z9iX7`(jt$f_EGnd24NSUiR_LY#v0xqWw9 zUg&$8xhRhN`};Pw4M=_SEH;OWWO{`NO7~TiADB&uYPnsrbU1F9BN`|o;P+c&8A<+* zhu(ytrLW~zH`|$Ef0Mu`Lu2D+oB)pA5?C>Yj=ooo46DqwqaBwt(c@V$0v;eF zEO2-Gcx$7D#CHGRLD_(w-*|Hhgzey9kbb5<8v|NMfLGvgOWu0lIY>3p5G1V`vgW*D zGdcafRe?`Mj{Dmvv2?pnh~xT0Z&TuO_8uandsL@S6*qPK^OA(=q__B^b;1v@kQ(o# z;LgflxCXQ`zHtfbaI!)D6&8yds9bK-R+$@H8Fz>X7|;!&p3E#wRyXlhMXa&VF9LJ| z1=c!{Eb3Jz9Q}oS2>KeID8DR|f%M5JLT-dg{&ZHx=m*U-& zWb2CG#hh(R7hh&jHEeCp@8-C0DiFvI?xg0PMpD!~a&X1Onj^501lZrVrGyHdT8Nko zMK1f<-?(h@e@=d9kCRpbj33rauW>g65(9@r*TS=a}`(Cv&%=$|`jGSGLd4jvs z-`lb`u_wQl7T(%J5lyn+mUUrS71@%PnB8fesA;$o&=l}Fc9(-Wd3DR^!MUJXUuq#U zed-5VrewDx7V($pv!4?Y$>Yw3=xeQi(!o9;eCF53CI!%!f_vAmhupZ(#a|L$GNcG2 zjqxY?dhOvc3`qJy$d^EYM7Yu&Dg3U(_9DW*;asPNpbwbZSj-h2!v;PYu4 zO;@elHu2!Y7MatIicLz}yI`O5MsiBo zybZCPVFaE}i3dP-`Kja44yr5@r8j>xjpjP-+tO^w(y`6)y(2*M{AF~*F3&Bz`Qg-$h0Y{3$=0jROjb zvww)N6e6U4+@d-=9GD}*4=6R1b{}1tD%A+H3NgDm66!kr!a=?nY{f=eNokrNMFlaL ztlT&w>Rg? z^*-Uy=$1L;(0wqOOk?sHdR_%>6klVN#ptpTb3PVVW&b!*LkMlt_)zp|WRrkj4QCWM~{ zK`AciTK)Yq?ycFn#4UFay1dXnKf;9|HYu9^MtWn-1eWqc8m`J8wDd0;&subd+fDnNs*VEpPmFq- zbMzI+8dH;c&t(sY$lz14< zwOZCA)U7?83nNc2>wP$tRs}1oOE1&g{dwq=%gelsw%ntdkq`McsV^^3U7AQUGS&|b zo2^)F;YGaD%%)xh6w!OO^hxw=KZ1!LkzY;lQ_YQDn7~*M-$6M~HNu=Wv%%i5(Qtdq z<^5I(|8j@(#&x@=bDTw*D;?As1zRLcLhr$W^vpTi0dpK2{^9QNL82%CND?`|v03}a zvh2pnlP+n7^e!_xgzt}JV}h7IMubna9B%fEtU|-KJ@l<-|F8V6zwTzYd|q4~k=o{HG=BVot@~Pz4Lb ztg~Wb-uqQKr9=)k>2!KlWpBOa2jQmuPf*n+dvIXU@VH}#i~ciI$v6H)GOoW`Ml-JF z7pQM!8*74Jg`K^j_macQyjR+Tl-}g4D0-JlY7w z!_(WzNEtO&U>{H)^9)u;>)kNhAhv3_$QwYd?~~8D9XynG+eyLZR!#{6d<%%s`(<3< zXelP+wb|gQ{-yJ?*jAAvh~Lv3#7X|+TYO4NK+E%8xq{ckjqNsMKV~)M_jZ$NL>Z_6 z*07My*sokiXF>Mid^3ERGa)`ag`?_BSd&-90}R{9caBr0-BcD@bT*fbO4Ft|;}lsH z<=tpTw~>1z;3BB=njfO{y${os)tANixl`7Z=k#G4s?0!B^d6w+ISsOJUk;EFIJk9- zzvWH?`WWn<*u@T{k@=++0;EQVsC&1O2@~^zUZaLgj!pfk<_kQjKXwjbzG@I4s4R^Ab6*-P0_Y@Cy2k2pTkqwkVN||In$bqHzzSaZ;mW;+R@@BaaeBv4c4_w zhPK|ii3)OO*2vWuCPx<`&k9`dl;~Ux0}q z1G*YUhaDvVhafbBeeSmARc+#x&U_(~FcJ}%i`i5xFHGy^jp7fFEYBT?F$KKY7m>3t zpawdc0-mi+SudGFo-F;?O}(;}mwT5o%goM%rF#8C|ItZ=`7)nvu4~X2bt2!Av*CVa z`@9)I7j=bYNJ`2a5j)*qD*}GXI9EPh+J2GV4iYttI1&D>wZ+U6N*d+U1IusUAqb^|+za$CvH$K(6yJFn_?H)tF;| zT&|cO9=+Z`!c$#?>0mHCGNQ6#4mdma(1@^qG-NAtju0$MR7U(arDT(T$poWvcQTZU z-vX)N8EB3AqKo=b4#g1vQF{N)tHxRl-9@)6N8S1r9Q}=C zDwDWfddR9=|KhWn*P1DNjl{d;bu=8}~KetL!@WG?rHT-P4QdGCtyd}uIa4G#CR^ww;kV%QJE^Wi)Umo>* z+wb25+xHRK|47i3(~OY)(gOpB7>Md<(HKt%{ke_s-}a(9DseadctM2c;n9#|E)W(+ z@sT6V!uVr^-#f?bqDaeTy3K$Kr9FX=-B8KGA zBmYm|HDjtr#!K(5a5Q2_YWG%pPQ5A(pL7Z~Ve#aIFKo1ZcBhnD}yiP`2ukEp`w zb>H6QTNpR(9IKVia*@1FT5ptxo)S3`jKrjm_)OwVgyVats3M%wsh{vaG3-=do*0&H z1`hD|<%iqN1%QtNKu*+ID$vmiRRV&>M!=XXz=(nhk5{$y%tJ=&SYVd=HPPTWY{A!) zw>0pT`Q2ph!DW8!K-;P4kl<@;SASTzppmn;=35-!A;Kfp421uv06Bk>{$<;Xh_E4u zzxhC_$ahOY@XQ8%7d4Oy*BLo13-k9tiHPJt|Ep+5GMhuF6mU_qF^B6(Pk0y>QS2&EQ_fwng%6e&YuC z1JpM>8kybb^;)qo9|Jb!YdH6)V>_f^UkwXJ;;m>cz+k}0X+m4wLg^Ji3Q+2DECB{~ z#^|-Rj+4%g7r&c$7p2kO0R8;_k|2P>^?`%?CmGTl$$#STiFN1y9ZL}rr%&%>KlJ#K z5x9vnLd8h1yM==LeQ=v4vk>@HB# zrgHOVgUOu6SwlG_O*a;NYIWkp;)8ZDsOayAvd^fHCo<7${Ms0$U|e6AOc?#zdgc>@ zY_|7L6%0BuVET$~xa_oa>lR4=PK+0RT?y*S5;4F9hA^ZDO^(;$0nt?b@D)1ZP$8Y!xs=!C z#TzlLkRuumG%CUf!`B)&0C8^`-X}^+0op%iy|KUCK^IeArUx8MI~<*j5IJsP226wU zARWsUW?6W}6IqHu*oDnmQgw<}2^IAtCrf`NvOxczD+J>IEhReiI)*|6Z2`&$rk&@k z)x{W}DvDyxkSyVJsHWkW67~15!l)8yKZ9AJ8%y%y&>l3{c18W7Uf=y&#iL^UVafMJxa^sN_$&*&|63^9|N9IZ zzW4F(>s6TULcCsf3d%9>(S?*(G5mtd>#l*{4+AQ%MLTlqs1iCdOYtg|h{ddesiIRa ze2t7SmPWof<^dn-oiaQ)uWx23_YJnxn)KMv9$+q10Y18lBY)qt? z?8r5_d9q^CZ?bA`d25>59U8pUU`V|*TVb4b{3pt7RQ3S>I51ZN*Wx7Xj^iYanJCO< zA$IU_QJZjadA-y-dqzs8$SKvV_foFZ^8G)zMHKn}7$?d+z&aOE1GM*Y7Xx-wAC;kb zYI|6!6w3O!{tRc#N{h3aD4|R0GC3rs#_;dPuVN~y1gE*+esz3e#YvW&F>V$s#k(f# zs-1kQXkiB6V6}pTv)gR4|Femi(WC71cg9)L^BYc6Po4dV$?|NE>PQe%qe}cLt>E4f zm<(ci@ca*JgIkLhCYm$0aqGVi5PW^a?*m9l`L$>%^)*-62_qb$YEu)joIC8*RW71GwiK z3od}*qa@%s?yjPx64q5-YF@q_OO!#hcDgFRscT#VWBTapYpdgThAeg_hvbq5iP)^3 zW_pCrP-aQ{`u_*{zpJSFQ93Xva?pw+B266jUGCu!)*H2*r98BE3YJMiqHa=r&RFmK zq!Lo^Aw{ht^Z6=t^j&(P`#{l?T3H=&j;VUIOJ)wu9J9K03;krpc9u&Jbv{Kp>fZ-a zWfH4q=sLGCKs=6^mlNf{5NwgC^ck?isrCCoHH@dvtcXaIri?0B2zQsSAR08)0X&^P zHfgx9b$kQA2w(qpW1&jyr=8QDr@gKLRD|g|1_yJLU_zjDZkb`XA@i+x<-x^%x!7p?Fyw-)7x>+`JWqknBn45Xp!=?vUT^ zsA>de)Iq_o$;#6zreP(FKKj!YcQToQQ8cka20E>BH*e+a#-84IsK}6EDQ$a z!;*xK8vwklUE!Gh8<5!JN}qAqzmY>+Rd?;x8-K;Plk=k#BLzmksp8Q8o`DyZibcvgig)7%+J89S4?McosAeS}$4?x6rv6N{cX4Dgr1sA5mIa6&_2VpsURD}RP7ZsQ zWl|-Luuz;Ryh#1}dU~!Tbb9oILG!tKxaB)PJBdC-fH#$KPKAJC7YTxm$*W6e=AsM! z5yCvs0TERcg7;g5_YylMYs=IIp-lZAXh?I^I!vp0;z4a^*yhGLB^BL@%9ERvXmcLG>>Cmrw747~Asn z8X}$X>#pn2lp{(GhzGK$ce@;=oa!q&YyY0$q5%T<>&nd^+#2{Fx=|gCidZ$O2#rlg z_@byK4Sv@a^t6*OQ(@lqi9|_vgFzO+ZiWk|&OjL#`0QP>exN!%w8P#_x;TMK@1B)$ zj#ZW8fB}qFQyTRrA3gkw1(M(XQ}sip-ZwjFKda<&W2z8msr3UZtQ-pgYk_k*w!}p3kK2-Ip(HvVzZM{nX+g{}MRz5PmAYsd7}M1mLhX7=~=$8Q-AI=XdqXpovoZ zA7d&LiDQ0^814_Rw4%h2c@~scXaZ1*dOlHjypL<>`0xoNaZYQ@_zWgSy_xHz0yF1E z-T&Fl>;NWI?9|ug8yypvpqDGeno)n_&DGunOoW7DLcX~EL8Tf&Bh?JkN4bz{7^c8P ze!S7ESx6f1wTt%CGNhhXg{Qh?uSUF4x-TBx`|_f8->v+neM6udu~Hx&+ugFWmZn|j zp~A(Cq_KZ6@8sRH96Huv=}rHZ+VVw6MIy$n zG9psz(jtAqWJiLP-pYa7l}7yamfzu_@#c&=TCL@GXCc)N;#*JXA@8Ev4(Dp54 z2)Pta%h}YMyCM&K@*~54DXkW2OETMuR`i~om1qj;eAO`#8P`+Th~hJRQwHy{A$gg# z?WdAYAlV)I-YL-MIKgjP%~lAd^b=@)&3v3tl)i;Z)RiNe2+j`V_~&(B?xIO{E5KT;l? z8q?7~qxm&31Z+&gYzwdpRBNIv>HHY=imV+>%GwmFE6;tlA9Ju^s)z_~t-ghI+1dX( zw0y=Aj_pCzFLcNA$EE11HNTH^xBvx4nU^?Jci&RpbiX2z(d0D+ZJ>}xC8vPFgsrWI z910rdTxnBA9Ze^e`a0VQ#t|w{yHPDj0d1oLBgo;5K6-&Y?QEVV$ zRp`!)8YLBDsfc$IBiRZ`bZnX5i$F6+oc1M<*S5HJw6I2vm=vT%1huM09bgc<2^pCS zaW3@?kybk@-n64M_272{(QmpAKF~xbV?RaO*#IlB(Kx<_QOYH3XttF=DLCZO&@kq~)&A`iKg$I0VoiEF)72 zQvKX`ggw$YeRt73N%gQJ6M2g1Kj1y+ufz3rBH!7nhe zPucMG^a%dFUEHZK0F9UPzxP6k-3jXtW*WoyfzUoFW9-J{pT~oFn@RjIjNr>vn+6fL zv_Sz{aglZVx5&*pcW-PToHl25ob+#Y%R5w?N#O;&8~N0Sp!%M#Kg=BVrPd*}myB|3 zVxKp)S!n!Hm*c=-NKOF9W1WnSFu0{FHf5x_3}^Jdx)u3$I(wRjNTP#74KFgRI{ zG69Xu?MR$ehdf!qB7Z8pL%!LLnnm02{EO1IjY`80jJ3w&is^)H5rA3V*%a;~p9R^+ ze>_v|7_wG-9`|a2m!f03ZE65bY5%esPtHa*?MUcSSLe-JZCThr$cW#ahHtwms)Kn)L4FT;uCL{^Vkv za()~ggyWIm683kcqfy9H_*hDSEO4{x8BVlg+V_>?!l$Qx=1;l~EX*(}vl&MxfTLkf zcm`F|=!A5f4fNg6#uulL&#`PQW{cba+6@nQOI1{ev@&kgIE(Z26?&?(Ey#Y%1I~Z+ zML0DbK+xgG<@ST=NxD}c%Y^>F^)=uJ;sN1g7kE9o@2L|F-o@3*yK4UU=w7P*&NH=->Gb{nv*qeL zyz{1Hu{0cB2$$LxZo#YwZQ`xV_=5#Cq^(ge&XmX%p+mG{pYv&OJ?rQ!z+22=z4q`& zht?HzS80be-VWbkkQ?mcdS(KnduYCuSkzAe*}(pLf#>3zm0W$pTh^b~riF_-D0uZZ zNr8Wi2Umkv7)JYYUJiKA^!^2g z+cG5xYZ9Gk+d_4fo=_^RU~Q!}n`(clf1+ixx-D4jSLF54L}qtIrjPjIMw^D@%ftPq zuOJ_CE}`muwMQIi+$-BVM=lV8Nlkg|P^nFUN0&t@>8EZP@JVbSS);i@(X*K7v z0|RRTOL?N6tnonLGFBW07e7$^KB9ffkjF-opzkGW&arZ(48^HjksX*PTb}tTw5hc* z=w+(S!h&Gs9!;10_FbU(4izNDU~un- z@ByT<_KvxA%K5!nJpM_9G>z5hXQGxIcVYQj`Q#@oBtZ_K=I|dFR9+d#`NE23TRAA` z=1K-jv`Jri9qjVheD$id;UbI!iQAmhq6BAU$+nnzj?EW+CzG!XHA;0q3=2GC0Y6a~ z?+W+{IAP}o-5jnG?s#L@ZL7J2)O(z8$fHZk)Y+XI4#N&nD9I?kZn@De91SQoe%JPapbJ`D|C~WD=f$qE=-liA zyXPSOFC=bKmP9}lV|Xaj8Q{I@kDY1Sjei_&`gz;Y(dpv=WWL2NgGMW~ziatF2U^05 zx^{3?2mA2U{{Ga2Gng8YCocsNRq~I;*b2!?-b(x9#r~~URr%%R?cP-3JWZdHZE~r> z6vsXjCM2s&DGqW{N<@Cmxaby8{^B8$rChkp{m6Mi=P=*-U)-zQ2Lwy910_!bO1HtT zsScXaRiQkyG-*k#gG$|yO8mBXHcyNU#7Ji+A(n0IpT21DM?IdNXTMjR85h0zkdAx0 z=A4yi+hg{o2Sj7T#;QfnkG;>CtpfF!T=yj)%CUwK)r<|ooneCsqJ=+siZ9|4u;6C{ z^apX74zH=%d#!qVM+G{YgUUCq^NYcZVA)rIHuvBbO^$2jgwn#{2 ziTZA>|4oX`S@%A=j)IBp-fX(4dY({|3UZu6)dM%R03reJw|B?dB=6z9=NUlcsU4Y~ zZqJj#gtp#<^6^XcYOEWd4VT?DueeKc|q7rZ2#B{2=M5Yh{XHlIp(ti{8~O~OEem#_6k z@}eXydb3EQp<8^6DUSJvQiV{foeW1-D9eHYs2DE9x-bcobJaRxlbdhazcvSW!Y{=> zpxj6KlB1SAsQ0Sl6e#|k%;&U6*mhFv)9SniZ%r=Fuwx-4A9e4cUh4C=z;@oLx zAz%-?;G2)KAe{q23+Wkj%3w5_&n0t19vcLd`f%3%7|(piI$r|Qo{&DL*M7IowM$hT>5KRyj=A3aLNN{#VO;0wVDt<^>UA+IHg)b`7G6@g70 zmH9dC48I8bPZ%W7#hwfO2|bA8M7dYq)XS zX0$mx?6z33FSR$Vt!i=Au3xXCszji}jF0v(f#`iRhW*{8ZpgUto91kU&+3i+_xxyl zaec;37zheNF6Qb@d)ac^y8nt|sT(12z?1HRX)(q31Gs(8nZqAhEiQ0x@jEM4`cDn1 zo%#DU$D}P-QqwCg1@ou|X`AQ_;`mkRPXxQ&S4o7PA4_M^Q@Ia_|Eg%2z2v3ijjTHc zc976{0Fa7hO7nZ_H=0#F8B~BLsz^u!Ky9UgmSU_oK7@`~kihL8oPCZ(+-taq~{lVZZ1BBHoDFo>77Lhkv_P zO?U^oO_d`4!Cfm2S+v_(wY&I7(`-x+^mWYx)>_g@qa!50m!wpdjhA$~I(8+1iUv%! zp?=PlKptf1D-6$jttTWNylQi%Dqr#*N`QEBwb*@)wYdPhiq5+H?PxG$YMR)O!YfGF zt>gTpOQ&xQLBDxackl?U5t#3W^7pLPISoOqNJmtVt2y#p`m^C&MB*W(YMncm$u zDjok`@dnm&>VnFeW2TxPvB1_;JLF;R`ro&T&t?!GIV2~cXf^rJysmpZL>Evy@Oylx zLrfZFdnn)Y1anE51wS!dm67~z>W4fDondW5C%3Qc85|LhsREYvbY7!@C{TDy&yOA= zEi;*&H}m^t*Y8T38<}>qikh~C?qfW+>VeC~bWgeR$?Z$y z_#x|pA=qASYAr(*(~zw;ea%1v8C~i{7gz1b9#_f*wDWcb&XSxDep1c1;%Ql{K=Y_Z zelX+S4dIHl0Bn1KfDQ$?&47UJXev`}OO0u72B_Y+3)T7BlICiU*sk0qp6%n; zTlrl^P#*_8`z@^36Hv`Tj%hgXw|yJYi!uV z!p%B&!!&PA49@U9ra0C=eJcOnb6RWJtR0O@HMt%&~|4oI34z# ze6C^IQdmzFg`UY6BY?R=g3(C}{3GYQxg}HanQMf2>Brdau5K}oYeoG>5lQcIYc&GE z&lgTBvY?Br^#oaS)16rt+jeZN)cO8admQ!py@%V(kG_R&P?YhE=Ew8kPJqTNe04Hn7 zL0;T|o8C}CgDf@OegG7m%2Bh|sM4sd=KANzT>8#>B>i29rp}OO|Klhc$`JPH=5}FX z4HMcfjcb=%>bTYA)RRvgl8?Gw6>zS@$ZD zPp1CP_e1sbMg-+;{(?u(&Igj3fjO@7qs#3|D*?jNIS6O=R4D5TRKcR=7 z!l0I&4^98ye%u8`6KH(*up$^9lw()Q7LT)1^{e0Z1)tQy#e2QTjG$I=Q_csVASJgz zzQ88_|HrrcSO5J*mj7CE5sc0YT{cS$?rWjhDy(ScdX`>G`84IQp34mY8G>IaZUd=pAwkW zTPxwr5Q4wuAD8~po+0y0c;2SvTN@=n%8&aty|GalaeI61G2K?Ji5su!2^59pLh7*H zgrh`_>qqdB<$sd@Clk{6cvAR*e>MLnSctIM&kS9EdzIPqA%nZHyL?PQDX40?3~vNN zFSh}EOlY!NOv9VnT?w7$`EDUQDKY9}ndqvsQ%A0+@vUn=d=A#`vqbx={X`Rh=&cgr z=uZYTlbM{|m497oLvEy%_|0d-YHchngn+)2Hs1I3WAm=XvEGwk%F5|{?}HXj9V_Ol zrb4G)Kbmjjd3du*HL&AejfnlkdqdM7TZa94HKOb8Tj^Mps>Xg}?V8&wlgo{!K##mQ zHO1XWuqzH7`~WLBs*FMQyMzI+W{>%f9rzAc!USb)`ti-gIBhZxg&XaP3Xg&}&O?lrtkEGAmiy zjnhcj)#{vSu%;#qOm?^u-OZb@)|3-{^p1&AAH}Z1_V29oQA-F^>d84Q0ZqYLT$-~g zo_@!`&99&_LXNjg2&cL8of^9i`GBc)8L9QcZf*-dX?JVcHC|x=*J_KunMcw)*Ave#sSIe-`09Wcc2^Cf)eP4br)?Ou@|&=*zb@&m>ntDKk>ytO0^ zjKXj9)t0j`YTJDdVJws`o28W&pq7wjLrjg(x)o; zxQp2Oo3^#8PT7*XEpcL)XJB6nDuBY9wMHsq<-QS|XFp(~W_Rxer|pvSzV*KK$~-9~ zEm}JzI3_>W71E~2x&MTkz;;Tue{OVpa-vetOY#nHpN|t1<01tfT*yY0a2%dsd{`a{ zU?(eXqAU~d(Kt!7=|jLjwpa%&KNb&I%Zr@WT&QVdG8u7c(uw_dDMdFP1_>GeB=`s> zLC?ciNTXC1?nVTTu3*pBG#>tHfE;XW-Ah>9OO?Vf3_&6l{Ty@!m0 zgbHUE_Ox;>aE*r(7IO}w7< zd4H)0G5s9z3{q*D_!0cw)$wk=l$g4s<5--byK#O)E$M=u-SgvgDF-^E_p(r~AJ9sP z_%y3dG5fOr*n$1`QCxu7r!{+}_wiWuJko)1Rg9KH?AI)>!7MPgbu>Bs(E~hgEb+do zU=p9Vvy?%Rj%NS)eaIzQXM7veu*ya zY53X=<58wf5Gkeg_4vccnm;)i>?LzlBLiH>YDy^3NDmn$dwNziBGbD>$pPJH84fi0 z`r&snsaU&Txo9t7;e*Mh=a_h{kHvqcKQ=ujo^@eXLS3Rvnz5BiB84QUw>!J?wLNhB`4%pu4o=^Z{yg6K=L0X~eC%cUM$Mo&v$tAP}i zg<%BofBRa-o{oQ{0sA?r1}kllY>l)9Uez^vb#&i*Grx~WB**)mnXCIJ@7XdDU`T=O zl!nh&-Z_uZN|mo+{X;$0JO3j>qt@DJ@gMkr!O>h|#<>bXMdv&1u04sGdo6yK?;vQ8 z8V__h*D0()sllZ-#HQ++ar>*Yjrq0Q!(St#upRKGbM-9hw68}_R(xR=jBs!dBK#+d zcDX*Mq&4cMbsOl9&}|Adm8d<)`wR)7kjUTf-&h2d%*nWK?1xW0Hw)lW_K+qyd9woW zsW7j}uCvc6=(GA}MhBjeK@T~SMVD#Cd4sZ@y`%5Pw~{_kU79_Cl(*H!a4^5e`Jbxx zeAs+izjg7TWM#b8i=-WlwJ)w<5Cc<>&r9mn)64aO6InAv-%%tGkZ-j@{k*dGcet)RH)=WGEoHzCg2-)Mu9lB+(2Fwjg+^C$#Ui$okF5{r8C4!oB~78Y{Y zh=Vyj9dT0cJf*0ek^&i@{Tq8kMA&IC8=T%jl|nj_)k#W44IgBOI|g_-iC9D|VA69{>3KhZFc|WHqEC)q~(7D2&t7+6^W8}aP_D8E|&5&{-_QT=J&0tORP}6 zpn}PMv?V7&T8J&G6L+0xS-3ul$9XkEU{TSP07@f!be;H2hUn0qXgJAOsligO^mRQ= zS~mL0@)tZ3tPRH=)arxJP`B^esg%T0Ivne@Xuke5&~3`BMIV|R8%|^>3wu8L71~?| z8i*HnX2!TZ3WW<3tr%18wwC)*+XL{SO~eUdLCU?JUk$-u45!b4`_$noMZ)5jz-M?@ zm9g_VfS??x=Nf(jP}G4#ArUmfX@EauYlT}h$dJDgNbvX|Sgb%M)4$++L=8y^6oI6v ziR94tY8or&(d(w@WG6YHW^Z1Cpoa)|La-=MLW~~SQ0HlYfvP4TFJ;0)Su21R$+6=Y z+5GB?3q~}xeQcU{F>0|iJq`PFy zX);1h$HEu5wddOdY0ZkdXl;&WP5xr1kxMkN=^M$Zb52I$8#J819VeE> zgAd9zOy;kwSl?B}*zCu_TA2_+KXE5)*mZe8Yg@a0mHYACJSXy*RbnVAwnTKd#OyEY59N*TD(y zZh_!#!QFzpI|O%kcZUFtyK4i%p>YfDuEE_Q`02UkUi+NqTyO!GKV#IW`l{;v&Zo_P zxTopad#Zk6^Z+~y9kcy&I)4!TO}LvY z!`3+gd|FCQOr&X|*Y`t$1+7qaw4#z1f%#AgCiaE5^dURDUjg`zg7Si7nFUek)XV?C zwWB7F4ou0863&8q+dB&pi+wIMBq_L)nJlQO$=z6Ycw^ikGDcH;(koeRG9%8wUdf3Y zl}k6$on1fJyNH*9Kn0N__Lc-f@wgV_!G2)-}84Su=$KERj}nJ-AZ!?&$IuKNoi8KLWu|CX}( zRc9z`Qg$e9$56Bj=n`;_42>=LL`B}9zkpGv&iIXjPo_4=22I`kr)EaVf{YY|ti8ps z2xxpxdt3b8tdo;j$TC>GzTGpTAifRiS`F7#j7s@-gy!4#mqU>O*%mdyF5-E@uSE|o z?@A2L)mTWncIONAV5<{Pyl0uYo-}Imv$+lK3LzpN{6?<1#8xK~Dv86M$9v@??Z0u1 zYgGil3yWk^=h2dy0#xF)_gjhYznR;~4S2bH6CS1)WX|Mp(d>HpF2{&|R58*wLs3%X zPAqD&t+H_#F{l;b3IU!|b(7CeuYf=y4*$jvy_D&5!iyrOjeH)jwuevPCam+1wMPT^ zh@~F9&pug=JqkB-R|bYoq023b^M2bWL6lNKf?nT~9!rR9IJ=R^{{2oE!*yAadkDXh z=IDGV6Urnnp7kY}<;;KI?3TUoO=*1zv*7Jyx7wAFGvJcaa{rrLR`@w0j;ZRyhUZQg ziA1lX#ZT}$@0HaY5`MRY>0+o6Qp!g{zENy0ZX6V@Th$6C_y`t8@0aXUh0Snp`E!f< z;IXetfk{b6lgv+lNm*?uoAbsofY`0kd#1B&j~bSY3w&!rIT43>xQBb?URs^E9Bfb1 zqM*^LF+$FepHm9$utHV3Dsl(EF}L#}#px`@-EdAJ*^;CmSyIhz{wHej%|aymuf!P+ zg2`i#SJsE&f51+r(>7t3^0|WeMq-z7k+ykaVx6rwB52VV>0s)BR#Z8YgC}N1itw;uH}>)xoZ;xz?buV}V@+cIp@qzH z|M+$@jM!!V7enL{k@Fv9I5(XJC;bB4DslJ&HQ&XLj2W~L*uSPqf&BM@if>um7%dnD zy)JbN)9?{dHi!usLH%VW7o-y`Psx;EtioTVb6a3_zxTO1T?4M>?tQa|0|x`Yz2Ehx zSx2&GvDn0uda%_~4xQzVQtwvncBkdi=Qq8eUxr{_QrC}noVfBglhV)=K_Q0G6L5v( zEw!u+hlDvo3|B~z$TLd1w5JTWhXVba+<3NH4*z4tl^UWKM+!T!{F0{+{nd0|7C@Eb zJ43>=++;0Q@%-2JjKFrbivIS&KWMs`g9H5*;Ox1Jw9zzni;3QTO$7_;05i$>88HIw zU0(_u!>5iOS(iwcn=Hv;QBpTer_~rX4ROUR`~s7_A?h;HnCZ5T*SYI(fFRr$dd7~z zyw?E!MLe*bT5q+JnO;jpDrg-}Ic(DY8P8_Q+hh;=Bl0B%wcaoXN}2%sbZ{X|F5R3sM>JpEy8uwC zEq&F_(i6YmkG40#4I-geB+V>oS0j#ym#+7#0i^#YaRl!fB6sHY7uW8)vN>Bu_X0aZ zO`w)8WWx(OO)7kv$wX4jCc+i_iG zFqoO*89rRBG7FV|ThwP*TuJpN&qgk*jq$Y1}N zPute7ZV{Pqx;>E3=JP-SkF&Qr?m)(q3dJW=E0VLbV?I5N8-D*`b5jVwAxxEcL!qd8 zNhFvxCi`bzQdy!=NQ+0dEa^WoR+tpl^mTBNHstqtFMg~W@YHJ)j2Mil=>@|C250>2 z&knaT^fUO)H3Z=~z- zZ-;|f+*(zjS%qt<#V@R?$Q;QBQKlNXqUiPJ#2TPK{}CK?-0GqaPdASEtG69A9SykM zdLn|@?Yt{_Dwgg}Iy{fsMF341C1xG{>`|(&pfsZyv%%ANuM)U7xkUI?{ zu;9VWV?WdPc!9znlyPsYevP$)C_Zj<=6-ZbG5-&Dd#R>0DUYJ_+K^**LMIXK2!=~K48fd`HYcu`Qe8BviF7Kvj!&-kzUWy8;imgD zg|^2TTyDy;pRX%C-B)!W>JvGD>{yGg{U=2EB}CFpo3fcz$Df%^9OhM-Vv~Ve7%NEE?uV^m zY~0zGLK20E>6)u-Mj#UqIWLVW%Jh#sk{`WF+qVQg4mhz8T#7bT)JAk0jHK0c=bXXz zK)D}#0&-><-VHxWtwHcT0t;K*8svjLN)nmXOrscS!`Rs>04sH)duW zK@?K)+hG3WGRTJu4C0N5jYZl!sN{R3O4?XK54UmWs1!!mj|dtkeju68h+elwGGNO( zBDL!Xk&)qNgW|8cT)#pQwsUdC`M&bmu89a0FjiZ8OiCjI*ynb!U0JF~1w?1p&{Zok za;SvX-zb#ZWNA~^t@{7?T0Ic?8*C)O`3arg!YHw=OWg7#1{a}Qjh*FR%JXeh#5Wx* zb-Q2l2Q{^u-aX)TA=%-iboTF)eK--JKS3}$e{qP}fr|Z=%m4~!E&A*@l;QF7LH1_w zrT`>;qvj2~YQ}qtc}ZFzN2KQsAQ)ibv`o-} z7!{v`{_KwzPFLi%C;?JIom$_qR17+w`7$d|LZchUmu*tSpoE)PVznr~eB`fs>=K&p zSp`SR@!1pCaGWG|GLAhFk9r|Sh`8se6e9g)=euirP7v+zVS#j$fRrcB<{V7iLTYXXS&a&Ik>&k9xl}X zMv&^MMdExO`goNeWewG4nsZM-RH#PwNfT(VzfX-`VVE%m)WS`S8U;lpp<*wswyL&N zT8+C+h`ERSXI=CxOaqZeTcSWp2X7=cIlkycTzMzV9Gm~j)d9Gr&Pg0V)J;BGIx^5@ z$LftLmpgFE449Md&DJ}?ehIK22#EH0l)fxha2O|i^Nf4Pm|9rC2D6<-c8B8rF&&jn zW7;{IDFU0nycfBWfH|W(@KE9!X$W@nXnOc1@3F0B;FT?!0KL2h0v#V>Goy$&xQ#R` z_J$(cItnQ;Dx&QBp~PdNHG;`J*dG`1dFxVLN5+{mHkgbrR!=rZ6*R0Nb}%o@9o8Dt zfUmB5Rn?|_?JK7pXS)ES>mYf6Z$o}sct3g?{Yor!az0pus2r(&x)_)vl^ ztEAE!kngX1pl)!1xK3@$P`tOar=5;gb5O|#{?V5$wgU;ei#w-nrqjSU_Q_lxWDdKS z#gY@}RM;b%IwjwW=#(RnlYPNsoh9|cYqI#y3dqjb!P<;LW35;qdB<7N6 zyj<;}E;lZ75vzqw_ME#JFW|Zj@;?iKD>16l)2I98dd4%0RLKu}5Q=Dvs1d+EO7{U6} zGw&aCOVW zHJH9*RU|WVBSC#CV`#cu-{JV(w~`t1tn+o6?y_vz8o{4a==8^!qQt{rcsKiBM`(I^ z7!C{Q`16#AQB|AbTI1@+23DWRrCe!pA(Z1P1=c({xf``TKx)Xt&F!mI=9X`Pce~yw z_NO@T;5@Ye{HM$EHa_rD`c7D}oQ;hSbwf2H2tQrT-6eI+Q;QxI!d*IIJ> z=1WWwoH1oE4I^Ze$t8w)e3%gf(>onLFD1sMtcK0k34UYW@MA`bcxJuOBIAYq}%t!tkk9upqGQ4kR6*8Ni^2aZ|;E&!E2HDgnL8DOA z1TP2JX+!}%r;7XcW_~148+Xu*@(TRX#_DlkQ*U1(s zYZe*={!Qu?2VGkxcLd-MYWs`9?)%FcDzuVZ6S`Ml8B)M@cWj?d*-Y}{&mIcY&HKov zGU!E2kh)RXxSjc-G<0T4A>SVlW{1$O`rHk+J<5qUzUs(-5H-J3?h$HFIMctiXR@^iQ&-c zhuv?#jKnsml|k6FX!3A-UIpIGVNPV70#cZf%i_NaWiCop@cA`sY8dT2$aFdUtVIQ` ztbdc~@AXUj6vwA?gu#-PVRa}mw29{%01||KI3ojKDLF~?MAJO}1XL5o?V%%Sy5rS3 zsl0(WmiZ}$wZZ$dYMH#b6noohH&(|MrW}=kvwPT8)FoJ%D{$#^`g1_K7gi>Kt5hWuFwC4VTErp$>#OVyT|zNGo3!ZdL0PY&1g0`8I+h5M zGD?EPp3u}81H%~8ne#}4?64(M0QKGVHQQ_(*hV7Hbq1-0mRG)< zqJMvMZ1vk5;JG^7ooV(y?HQV!nWo5ilE++Mp&~qB=-;BxUhnTR$RGYVl_(auvC9vLdao;2 z=dt657+&}N(&sOpL^KeiHXRBtisW1+szay+Du#Bt}6&2gUg4*3q|6FWz zaC=-3xu366e#k2-TJ(HU)}Hx{)><+TFu;d`M*4~9?fK;#6shkYc`-MTOg^e3{f9Q$M1?t7=t-o5PQ)yq1?*4IYghHnu|@7y;)7JtPlmTVaVUkm*|MAn`S8|_BItRi{65Ef5^2`d2X5wu6xQ3_s+%OP#T4~9)0mm zb@GMkTFrw|Z`r)62F4D!ovq=7e}#f`evMCEPKR$iKR2j@b;|{gN@;_Ea*sar$H0;T8*92uNv*#w zp#ck`zL~Q?vB@b^2=`4A$C}z$2IPZmp-R3Y-4^Sf0#11TS`URWg&qL*T4E@#XT>j- zFR5{uoiCiQ@%BBupksD&&Qn!Q-tN}4gJ*uMMX*USmGvK#fbJbhUeXCSJs;AEx`=O| z$Plu+*c_RE;zacb(;`=_U+c7Vin_aPfTs1`h;=n!C=4F?R+j3;hz#j)ktTDvv>Qee z&s&vdJNa)hzWFs{>?{bdJgJLezo91$(ucjcf{%OceBCGC&U32OE>_5mQ#y(X5qfpQESCPpI=H&*^Aw z-P5W0ZsXSu>q|b{SB|jDpC##wB}VcupS$ITs}SQ40;D(05Jc1d=9j+^>z4t1j0RxM zJ}IO(8`Bbfq=$a4GL7y21l$SjVm~wjSag-5IhT;?2BAARgx4>9e#m97H&#HER}yw7 z3LZk~@0$zUZ54jyPvJ6ZC*k)D7qoRVPR?HRG(!zUxIwa*07H;GvtDOR`u1~i* znYM8T)2Ua|Y%z2V42UnUtbF0*#BQ=#0_bwr)z>FM;V}d)Q?0D5IB$!C*WHPTkjlgg ze~!F2=fNz7TUD%zHJN`t^TxC8+HiIv)s13e7@cv{3$w8J6F!6-|DRD}}`E-DZFLhCS`1hXQ1w+vOxBmG=1`HSXVVIE5Y=ycmD)yLWjLrGWuQ zwUriVIDUkdM`3NU5&b2lH>|a$!;Mk!kxde7hwXjRwIJoV;$&m^?w?`pId9j4SRNc~ ztq`7Fbc&QhhJ)nh%Vgz`n}Pf58EYnK!#1r?o#h4O%*2&?;S`R5l&K77GRfLOS<CYP9S)XVvKuwODB(duSlx1M$ZSw4k8ej$pw?(wf%eho8V@+<~0 z+qmM>)t^(cuieoc#&XS@uNDQcr<3@kJE;7;G+h!igJMe6&_0e`D zB4HQF5$>eoB~mLEo9tIFS{sWQDc1{x{pVg59F!kp{^6@dYBiN{;?}0gXLe+N5zeY0SD}=x6aagut=-Um>Zci z6eYf#z5!oR*;;6CJe84R^ZN*Li8+kbeL`$8p79?}k#-bHh`GtkxN;aQ0{la+gNd)InJ`X7 z{_l`&PBZ*qcT%a)=5YV+&7&ex8YKoUM`a*YTR;6PYjd42#Et?|^AukA=MH-sikn{n z?nM6Yl%IZu^Cv8hLJ`cDM=Ubm^*5U7)(3Q9(2z+lw~3-)3D0q{`k+C<+(q>%7S?rH zYWINa#2VceNidq+Sr?Dn`>vemI~gRrcs{i*9vK}^*DL3eRk@Vsmzr_w@62|YI&EzU zHR5ojYV^wafi!^|z-$BqgwgBUO^*?#`_-ed{N@9cIi(^FM1yEZ9Yt-!UfG>@e&)8J z^;t_liQ1?)TIMz!g({};(wdF=GLse^RjPprZ5<@hV6poC?;bRQs_Zo|7%;~B9D34F zFrhCZ4m*I9<`_dCcdtBP?M?-$X8zPB(p|tgrmarFV<9&3_AwVM6z?~2mC&C|9uX8> zwS?hQTH&N+gos#Z|J;f}0YkH~rfpd(72f7kUA6o`M?%m8u>Uj$&|~#RvR-=;yHw)( z_f(1s76EJMH&k+GwlXuL%io)S&ggo)$^O{Mml9l^{spcq4V*zuUCk6?mI9*z<>d&bLP+ z)f%4KdowX(`9`3OL)3ZK@Q+cm^wZN=N$H(TGo(1tb`H{y1RT>G`}{zoxleuvjDWI; z28A!wzqbGIVF#Jj3!=)xbfXqV45BlGb|KPqDk6~s;{T zFL4rrEapz(ljl_MOh`P2iw9%yX_SIm@3`2RflGJ_9*s|RDGKpa`AOLdg68?3lqJkB z+;DCo*<|H8taRY6rEYW2#YJzkkB2>C;IYWqFm-XjyC9V;(e~QHN<2?StJO|Nrzw}p z_Wn`5=`26c`z~nu!yM06pc2kEL*UJpUjZ<&%q^o8aIafuaF6lw%BKoM*rdB(ZKj9aU8}iiVo<7Qg=g>nlilLk#YQ@%IcU84 zRN1!}44l_7l-ChTo~@||z{rR^w9K;FokIjt-d!Qa=~|3^!H%MYL%8AzzOO&)!TQe> z8+m2yaswDzrW~e>`jPt!^ToreowzD(JIjonwdUj2ah~=&F#hwZT&NbXrjBnoI1nKe%d%aUX zR_l@y6~@I`FRBk_Duj!f(dEt5UOv3~loMVJG(s_{ZdmWz8;fbb2&Iy+5(VV}+2Yhg z$Wo*_x0xteSQC0!zId-6I^J}F7#vUJZT&DwG8C-%7$g{jEbQva@iRGjUsR^B4g)epCqUD1R3%2n27UfZd{6`YTQLNcpPd;QO3iWFuYIny7ue=AL-F5i!`_N@ zU8J2Sjkr%1?BC29&4;Kw5KM0}ruGLL0dLwXlmi*_4a;cteB%1kgzN{0qH>glcu0&# zrGhKt{eEXny5mKznDXM+g0_0$<~H3mU^x_sqeP=;9Z>F*)YI#Ak>`(MQMddJF!#_} zkTEykMXW%=VT%G=1Jx3;ECDh?t#l%|C+VbDi#J77xOH_@>Xm9qy2y^s&Z1jge%E(% ziv63LBrOhGLr=Gd*J}>lJKzSO^OzD64jElM*q)&3PURZ<&0hKG*TH^Q8u*7TzB=-f z&%Ei!7wf)>x)IT|XO6IYaNmzUM^r^%sINI>)(}$NBA)TdtyG+epW!@Y^x&Oe`AQ$3 zX4c?GT`FOQ_dq`r!}k(NUO0B8p2Qj@+$7v9Uv)Nq!_?TF+tk?`u|!Uyxv~;BUs;)! ztqd%d#9V(ud@B_XO?+hxm9BJS?6oW7#GAAYR6e6=^vbE0f(JQRBz`#n9!(E;v0`%k zznc}}s8AvQK=Z1DYk*MCx8*Z_urF zO-Y&dC{^eZmc-IB9l!sey_IlT7cvyAL0suVbU)0jc{{$8gU`vIh z{>2NCdwW*yeNTCJcKUetYcpTf1>0_}HrY4_ae!kLU8yPk)!ABBDunbD&$5tIg>tvn zJiP8+*ypxOf*h9fVd1}-_{@%U(})xrhoD7|yn1ZIhuShE{6s$@*$#yvZ!+ zF^w%OBIf7ScvwWn`-g@kQPk?73l~Dc5Uh2O4=z4F{!If$YCP14J=bU3w4$%8JqImu zp2Zn#S_&lNN1_ zz>RwP^L1n7W9laZx)4Oj=UzvQ-4bWm`H72%f(}X3T zM}}6BRuH|1GowZ%B`U(}EMwC9mUnc)n7|q?A-n)KHR_*5r^v|Be;?@vs%Lc-v*NTf z%7SMOluMOon25ufdOWjMB3*vqot0jDQsG@{Qu;(X1tiQg)@~VH5M*Bo-rnNzVugB; zFhp;?I&}$ZWUGq!7?OtET3;Z|*9CB0#{Y8m%W|s=q-P`pjW#emOhHG7FdR>;+GV_P zc7DE6PhT>LzaXFBOCD1BXC^be`CRO*)y2=P3a7dSx!?3q{kVc71x)Ue;r;v%7KQyrz)_9`VGz;LKPfXUKqJf*{R1 z{t{nk+(AZ*bf?LPSf&PCPidCSR`v`E(P@mKn2B<2#SMo1k^wI8Am3j^sQJ7N#vsW6 z9f=B_eF?3B$5R@xGRZX6ek(VSFx7wfSi745c#|(+=Is1^%CPuoG`Crpcf; zlwrRTZyp6L%5?Lb>GB-fV3U2h;YUEmZN-RyFVTFk#hlmlj!7Yo$e+>>>5O(G;=y*{ zwUQibSTM(CP})-UrmL@1uPOw)Y8|b&vFqvU??akDUTlatJ2$M)3TtVlvr(dF45249 zDtlL?>+B@m_#X$bmiEx5Rm(+KmCuMBGe@fzN8EZU5x|sWB}lp%mTVz`V|kd&F*7cO^W;Uh#oWm-9enaih&Rcbc3*Bq6o|i)}gVMg0JFQ5aG%@4DH3NLH z!8wvj&Vq7_il%n<%NG9w{{M{?BX|r(A}aB3fwUpsyDLm!*i*C+&P6P{9@ruQ53}9V zcqggBLFt?Ep)FD_X{=8z6sz?QA#T9vS|VF%d|zdO!4aD)`=lBDZX_Me{V^%a@*H9a z*8q)axe6N(vnqwH!@ISeE|&|Om{}^S*$_(Wk)=;vCo&^ z&+9?w++}x&aT_`X^|OX4Df;wvN{yT6ENF9^j^6^_+%{Jm{nr(at2!^Xx)Z=L?ROAF znPQ$KSUDi^yHn<{oc;vvkM(}MZGF(HVkA|lfu8C8)EJ1fN8bhm9<~ls1sgP~k?a1B z18dq+tgTA*5*oK3I1GK%ni^LvqM~aA)C4k6vBD0kZia8wX>B&MnP10?!ER7@+K}?} zQ1>Xlh}gOm9EK5Ab$oTm?g9*4hTtvU)8YRTXmu9%3(*@eJj2Q^B#>57r&d% zeupsCB$bje7J*v9=e~dY+S#qnl{k*?*TJFwd@K8TD$6MJDX=q(K2Ca0hvS&~E zs^@i6Yw0557!McC0DD&lxNDyq;>1&7S~WqPf&o9wI|Jef`@6R!S=f4CCeZ zy!r&rP$umpz`Bp5y}EEC({!;kCXZIW7+hEHS2o>*`nvrBRa@UD8MF8%2!Pz}OgYco zosP0>4ZvI_UFB#4ec`$8VAa=mOT-NpQH=(vi{YQ*)6|=ZU`lge?$LKYvQoo0;746a z0-N#1TK(O9#3%;vDa)sii5s?Q>F)5IL)yRwk}mh9od5d2s4Q)6SVXN*?lYZkIOJDz z6P>Bja>FtbA|HhT-|lDlm*Y>agca(f+F|$+d^`Ouc@ZGC+VNsN(KF)wrWny5Inz%VI00yI|A_{ppsEIA}~f0admoK_?9mmTFu`AOmD38b&$q*BY1*y+>VLXy>y zqf6v*yR9BOFU4&6%wDKNU4I}@yS=p9-B8K<5^UNx*6JK(0y@DJSo3MhlBQcuu-6+h z97!?hUq}Z=p=d00Ek|~QQ|c+vY3vD$_A^7gFe`mGgPLKx{?MgY7SoW2$44VjN-b!} ze$wN@g@}j5FRn&P&^i=mQY^BOh|W~R4VkZ?s+pnZm<*bD&ZdN#6%WD&lk<)9x%YNu zR2NGa8sUeT*%w}3f(R7iz6^GY#LUcSohIu7zn6!rn;X#>9L7Cka<(*zO1OZrKFLAj zFU*E^I*lsNBLo@5iL>j!$1|fCmFf9aqQh)#H@$}&`4xCeZ2;zs69NV%o7N^@jFTUg zOQuPh-vMgBSTaI~JJ40U-$zHhVh^hz!PULg)1+p+XK~!DO&Ey*A_5XDM??wSr~kyU z-h#}02s5H%Yt)5t2j!OrvlgoSe*`K*`hSURYX^L?*=6ub}Ypf0?kwfkD!|^fSu21MeJ2O>W&#~FDpKrM+7g0q* z2EaWcpE~~;{@5ID?YRkq@ce$R8yMnp-uS*%9zjdnJu8p141uRoxI#2^JF>*VAqc-i zhC#x1RyYq6vW{2>%^(>5XW z)2)ky`mqpnoZ8Rrczh~rnZXDbs+*xUl)gSdJ7qFPMr6%eJrOlEEOH8pr1bPiDH1Q} zi7c)(UCe)yTp}VOC6KqvUz=Mouu?qgfS`)4TD^BGLwFCx%BeS?UAjtia{v5kaewTNp5w{ z7I~qGl^{VA_@z*X zGfR&>ohEgM!_iUb#kJZ}e^h_|9gWrEejRPF4HT+OlQ6CzK~!Ela!+c$4+4K(fUp_U zS84=>4At+02Q_wKXGNn0C*w-E#hMz8b!jtm#7b!SM~YamF~@CT_hCK6AL z6Mk6vp;+YMq(WUjFJ~62$SH8z!D7W?>mT5?YSAG#{P1JqYnXJxN=V6EM6cL;JZ|R@ zQ~yKE(`oi3^$RTdxAFc+%}$Q)IUBs8$(7hhtbLc?Z3{rzJW#y)%qYCTXWch9!S0~* zjl<-Lg=aNu|q1dR^{afKQ%~zKFmsd{htOhxq=iB6#;|uZqxk9VvG}2Cf&aJ68 zMyR#td1uxMgzTTss`1j@d>SihvmT`kLeZfZi)?u$9$2S`azj<16tnBI1oW6-CxtQy zhzYj4;dKfVOLj?`)0%D&VsS{puX@x!sxuBHn>G^F$GG2Pba;I6jkgOVLSsc7{obyR1%QjzP|z5QsBOTMdZty% z(|#?`{oRynEW~TL3=R-}-itLOWSY?X>FW>KHPvEv(>!{PG1EQIB|{PskL=~VDvQI? z0w&;J+;LOak(cjT@q=A??;*Xra#VIN%l*&8z<)Bd87t%7I}X+DmJ-*NcdeP@N<9wJ z$ha?AbxxDwoikOKI$RTm)0TETf9=L1|6d!lo?Ghm%cSGwvh_;(>W2?ImjsGAjAV1g^wQDOSU`~ z8CsOeDjJEm23{{)OeU15t9+&Pv1ST|!3)mdsepYP7_b{xP;v3s<>lp`nHgn!<$V1P zcjp*La!=t#4q?UgiyVzF(S%W zi1uRz=Fdpj%sm2!`h5;;2OFJd#TOm>3f~|tav&B=*?7r{RO%Jcd_lKfU1ks@b`FJF zUPRwy%TGAa_oqr4ek+--(c4sGenSENp()M9rPW~TxD=sODfziDSg@5eIs9A0{)TR5 zf9bI06TYYb?MGb=(qT8s`Mzm|frPDe&nK`bC1_g``)?gb7fr`g_`K}w`cEwm`}RMz zxTBMkvS5Xtio3kjr3CF&4m(`Ynox8AxqnZ}%J9y+JQ-D!qWJW(F}yQkkEGDy9}rd> zW{7(7>-D{KzP~0ZlHU#wH#tfKs_oE2KUcmzFPhC_tQefK5gP@9NLKuxygR(mS68f~ zRn*NI@!omwqi1g+SDIqBqtKkW>yy_arKMx&t@n-TdVDm$AE^E-4hfnD%BF7#bmPxv z5YN^&zKcvtUVN>O1n^T#_XUFPSZe_*AudO;PeM%7^C-kE$RTiyV&R5l?y;`3zFe9_ z!ICKbqFGVP=*y^a`$j?U=`pnM`hP;6N7Y6Y#7As}#+S1oULFLlqKDZXZOVs!%U*N) ztl*PQ9v5UR&YS(TTzXV)@yFYk!*_4_81Td?ziue90{?1M%TieD1avIOs47 z;RP2I(L;VzA2V;$##?O{@zujo?zWys`WUn?fRaa-qh*b-fcV#-%VrWO?>Xh=)*boA z=A^}^9=ca&K`09kJ29<7_D(7HS?I?3%UG@#zOn9{IuCTJN%$cl6TZh2BrbIX6#B6v zZWU@`*_R(LcgE>HS};rR4t;BbDEMhiWWE+GM2Dd=r@4`!pzfXOpE#JsPjSw3SdjkX zc4WSM1d6d>U-RTN^;XO<;8td+I&0=`xdX0+Yf7omlLr#{*^BYScdM>ZcO*iLKvUS+ zzydoU@uOKjg6x~Wa5cY1hGYh*x$R&Y=yabrFKW2nS`&-lkR(qy%fO*eu$*h?eV+Ei zsZ=R~xgQa;rQq_XlH92YKlKcQqD9ENi5dfVH1}ud>q8Lhv|6T~kwP2nGY?ClP3c9~Kt7 z;6aO#k&(outn#x#a-S)#5xsWoM>h&Y`ie^8=b~p#9D_vDDURZ}#D_Gt@7P-4nwnT| zmO#?fX=xa-g?{v!9zj<7nN@>)_TAHg%^ogCBfKV+Mz{&uT|h?b=*@&-9wIqOS-M#h z*~$moz0>AD3ecp@JOa5cFSUh6gG&R=xWPt%E9;F@E|39nO0&J8`#eJTmhQQkrUQp| zTp9mXVpqK8?lM0d8|xd_SDz`5)?cn)<~44K3P7&$K5(3GC2wYNUP5^kS_vv%|JASW z99gt_Ov=$aTwo5MVRzLUbeP5kz0W*5uWbb=6MG(rFQFY^ym!Tq$U8(0E&3)9Df*~t z0Dg}r(;rlYcR0Oek>C)C2A&<^I%mf|Kk$xWyd(=5=wpO%b)knnrY5c0`HDM`1b^F* z(~B4kakb%E!a->n(;b?tnjXA_bItjM8RLC|^*S{v+`fwPuzIh0U{(FeUxey{&;@{v zzs%PmRC?wP?o&ar9BWeqAxJP(T^j`*?yRt*D|#{x6xZ?&XVvd2@s^68LSA_9HXV;P z^*B}SLGk(Bl+cPr6EdJF_oLKeLfw)Y&UVFW?IhF_V(fI-QkS+_`EzrY`66-gqiRj5cjnP0PN1(w4X zP9I!2IC@B#Arh4bhCwo2NDT2gXe;-|j()E&R>P;OICCib;*v{=`_58R*Vr@yh@aup z@QMW}7jRKpZre{=oznGu)xk*Tz*&$-sx+z-mY^)zaws{aj+qRRm4t>b_Xb%y>o6fr zX#&6+2|spAVuv&HZ5t)__q3bAM>;WEKJ%dx??r4@;kx>e3iG9z_L#ip^HNAT2m4rpF$=wkN;6 z7Cgq@t|x6J1|D8JY>0M0&r8+&Nf2%GVBf~UB77g$q1xUgKJMOgeJyH1jYhyqM9lqY zKt3UOW3kFM$PZNNW*(d$l{76cdD>JO!n)8K@ebvQ4gRoc54(iH=Iva^ttm0%e@$Zp+BR`mZ0BXsW*RdR z<_HIwu$gV8H&r`zTyNNO61+@skkBZR!(C6!&2}Qn4pS)!yg0-HetIr5!xis}Mx->i z$UX`0a=q)Dhixw~N*ZUrUsImTE^%#!mNk}zpb(`!wtWAH@UWi!Xk>i?H|B>xC7qQu zZ23j+h)}n12=L$JXX>-=vcSH%%FOuqRBsP}iSJiLVb{-VI=u1k8(UJDnk?j#|7d=n z(K~4o2%{FE#q)*bv>f1(fsD&()EQ3Y8giMjpb|r{Cr=!ffbNb^;G_>o8xAg=x;rA0lLQ@+wEA)X*a{ z4P_r;y5qRrnPrcAm-=RdX&69MYJ!vEHC?GiJt>VsckwfoPlX%wB+5$53Ocx6LI8`I&FV*6wRTKSST!74ub%X2ZeR8Wi#_`hZjj>CV&DZ1f zmeg7(o3SNn)>*gNBNf>(u(FDi3%psrn=YPMwV@kvM;os6?NYulOPK+PxEKJbb8C%uI-Aa2KxcVHgq5R?zP&0=+VM*U7o5}6mlOS{D?ToJVH zAx%^2#`=0hzLWO*=+`!fBuuzTXY*@PJ;4OBigji;2LfSBSJdLDmOfbV?za)Vv8LAq zR5|i;#%!&J(1H$j>g*BWSCq9@=SW4`n%)pc8;+V8@?QauuQ}UmKf?4hnNM!Nob_`sFRdEYQFdf*0BUv__zDs}z#Doo3YXZph2_d5xK`%hT~zP{?N z4=Tf|049uvn6~>{<^eM6azkKZjbz``ZX`EJSe53kBR4OKW(kx2GtGx@s-0fG8N|7# z*>vQ(S4Gj)y;4AR^skW9L?=9~9yk&y0c?^ei+LxhDvxVXLLNE)VnPgl!qxVLBlar9m%RyI^`FPGg;4`Da2nsQ8zC;X8TT>+fr?MZ$HM z?71?NLM6sS{IWL3g6R+!5jU%gjm!-GpPuRaOq?qbI%W`M#**>K)T0BjtvMt#;37Bn~^% zJH&mh5u$8IFx8uAyP$XRf~->0v>s{d@b%0Bc3_dyh#VQk$24R8nOQs%Ee3KdLeP-{A^(i{P<8PT9||lBaqH=HVE0zaJK^$ zcAVQj-To}q`sG8!i|0jGL%ZkOINb+?Eo0UAzLHPldw!gt&cq9IcYg$jXc_QJ49K-( zeV37hX>jdB61VTqNe;LhTFw#tOZB5rkFTBA7vCV=6RSwmp|5;Ba|96>>)S1eyOp#z-;t^F2CH*bh9BB;jS-oAqNRJe@T6yfnfC^)9LMM zKPbv^DIt}`od~D78~ASux4GxG{8vZSN*q?y{QHyCjrbY-Sy{3EE?712uM52H6unHB zTM79LI>c@lLbfXl)&Ir%V^XBJA0^&Sx4=!xg2TU(Hq&r37GG$Qi&0CM&p^haXgyY_ z+J4Rkiyth5ku|{nA&~3rS?LZCLLuTNgF{$vbAd|`dgpF;Kabu7`G98=446g?SHS}o zYJe2n{6exoyw?}<`9o9jJaJXDuibxeFq9Bl_N~LDRxO_^o4r3LG$wkB8*?3_hCm(_ zs2~Vg1zV+X)ahjTF1K*gy^32isDKdiC$ zd{xg#y*{1j%WTq~7r|u;#$jMD&QI}4e0kK!Bx%d9`)NVo|n1m77@`{9kPA6!?z2KLY8OaM2~R4MBlEx>9sTSkREa9 zHdS0Zz)Sc0u}fNt!u~ZSU%Z>H^IRr|`| z7=~1pUGITFH!TX>hXt%5A-)x*pqAKIQm>9H01QXi-o3RvbHk@Prji54HQMF+ z^%zeaPJ+9H;O;KLg1bAx-Q9x(f;$9vhXf1m5D4z> z+GryUG;*8d-S_N$?iu6ze&1U^RrAHH1vPC< zA`2AEay&JLuUd?118J8S@(I9{SF>|giPGd?{|(?XwV6Sgfei_8 zBZy^2FyWE!Y?5iT$S_6yYfO!0gc|F7rbd z6%HA1v1TBqR}9qjhA55)Q@G|7L5j+AqmGxquGC`kuw}w1sM!urKsqD!^o(xgR?*%u zScr<{!_rNj$#O-k$tLnNCWqzg82RHuxdPd@M4V<#V_eE}9m?rA z47q|gNLI6frEDLirMnKNOCTPlKEn%@664-5M;Dh5;G2`lVtGQf3Jv*F8NxpaDG@^| z>Pcc+b+6}>6<@qHrEHG2D}nQ6kQM%=eG9r-{rh|)ko{&15XzJa z1sdP?omb2lw~%r^Eg~Jd6S;pnXVgqaZ%}b=lusy5uV>#UHIp0Lt>W#KzpL6}P!%%a zzhdytu}oDC$OK3uXHkuoSd0Y=U%uzLOI`>w-2bK)b{Rh%Yz409@=fwvJ*=1>jt~Gn zfkT7t=tc~UwCfLze8=`ihG|?@g%W<`wsN4aK57mD(-i{N)0!$lPY)C&Kk8B7rZa^` z>y{25SG`7RisU=Jm#Zcot&e#aOag3DJe0;f_FbH-ZSf5)b*4e%HPeM&px>`=W%2Vq zBr;w5YqkdLeH<)eqsw7m-*02^d-9&3GV3e)HcDA|2tM3%;yWdtE`-Xm%hxW(bxskd zqja_c6|AvZaE#J)+6~;0eK((+oa9~iy_6qYs55o(zCKE3_r5y#R?~4$w|~6&gBOB1 zA67H_pa+Izne0M9X}c?JUhGm;8v78}0ew!2a2*+fi1^fYP1$?TWCd4^Jp~Q1O_i7;}2e}mWNCM+rD&+ zzwNWvjo2&xz+}|Lsku5W_V7)UVeKjdZj8ocDRV}eonfNSt=N_ksYc0Nl;Fx z10X!Bw!~-sPz$i^c#tea;MFJi;Udw!y{AAlhfpmB&DRTpv#WrS-&|YPmT{=SI9Jts zT8|4;sL~5M8CGK2^=!%b7VvbGSW)X*!InE>nPC-)3-(A!k>$J5AYo2>V#}|!wn<_W z`Sf@+SA}e0VZp=8n+K_!cRSzt6w0LEGE{{ua9^q*^uH@z{+;qUsW(NPdX||~ zZ60SNkR@QURGD%&arg*cY)`Ix;5joAf+?L%iA|mnxg0zt^Sr?6o3jZ`L2Hy2zJ@XP zcgA2`zkB7tH>*_4E)F+1mgVU4ENP3h6vnu3PbNqSbJR&$OY6vG?t3X*DriCBm``tg z7#90!z-T`987`YN!k`K%volP7Tf>u$3vW39jGBqAFX|mbfS$CT=F-e=j^>Bu6Z?v} zZ4JiGI?`cABohr4qhXsH_UslPVT;|7nw?Nn@i~UEV&7P@>v>~lU%vSWPHd(sE4o0~ zuKSeTscXc+RKWuw>*U=^_u@MDHrdL>o@|v7eJpz$s^jiE|HYqhhR?;4O{b$pR-@X* zKW*%C66d~BzB zeUqaV7f&ndx0g?sX`Ng8uGK}pqRx!IjQ)2Og7-1*{oBLMdh<`=$@~QqeV-rIjf5Ie zFDxI%7aj+NZ0`U#wiV`N)@L=hM+G?-3kTh`!dJrWuDK9M$x_qv<6EimkJA<nM zRVx|29m-NXvVaE8TW;GWZzS%smAT6KMly!1ABdSG(%^nsTbp0$>bLVlyUlT)Fx(C> zsftfwjP#vdOD<@h+aVqsi_(k1bl56SE5Wq|m=Q8nLEtiQ9ep)iOFc_tcJT=z#AkFJ ze}AyUR1{q$x=`;$7-P^L`t{1TFbBPN%rLn2T<^oJ5apXN*GjIIkam8Mv4tbvmV-GZ z{Ud|FeiLlY!z}SzgWI>pC6{NAov@;AdqRltA~Rrca_C2d<}%r%EyfdQ=<*;}(7={x zf(-0Y`RGqd@rKaks?h0RM&z!N1~t3SbU&cKV?97BE{UYv++xF|ujbZdpsAG873=6h zlUa~vWWh3yd#dvuOVp_;S7TjeYNBMpxf?C}$G&NBl%B641eeRMhPoV5)oG{f4>RR- zLqErm9$s@AJy6et;G|@cxxl4F?hg<;UTcS;F62RNedaC%sdBD7vJut`;m#{58hBaemnmA-DYo zgh|2C%}oL@SEXE`!T7QRrnDU!i9iv%VoCQ^EU&el_b z9Gu4|mq3<33$y)_4J0MJ0!WbjvQIO>*QoxJCRfS>NnbLa0{O>GW@ef^S%ge}Z(&n0 zzWhwzmi?>C!O%Z!T;nN_anNp)*9B^?%~C9H&Kh;H$dJ_ayZk^=M99M3GRZNYE7C_d z{@$}k^oxrL1y8xoPp#?Q(D`w$vav$vj?E!Io>xOwTS3P2hVvKA08573TXl}kHUwd! zDf$VUb)gZ#*?bx#aw_;PbM+SgMC$rlHd)(aio1j(^>#R zH5`%%Arej;-U2*7C`;r)5W)3i8AhKNV2K3EY?Es&)!s(R?{V96>*V$Bls%!?}nyG+qxsM3^?Oc zAbup~_aN>otE8UvIAUm>{x;JQEDP;u2)Z9ZB?5vuLj#3^Udo z@~35dz*RnU+jv+KXYd4g3FK96cC^%^)@1ije%Rs;n77?GUrQ4J348v?I^|pFU2KOb zACSES`w8DXCI@k4`%N@_sVfJ{uX39+RK#U+Rd3%KTXm363Gut)aGzx6*Ti!3aZJhC zP7h%-3z>#|KG^1QRLa<&#Ov~6fnbtCbmHMa#&yAPwnQ6qRZvp}H=DRtnMCbsF#3i! zK`#1`aIxvNt)s}jy)#%jjq^LB>y`o%C_-?_)rTauWN^FZxp3PPB>Js+4x`h;Ntu46(jvJ`%DE5ul}hg7K0ywvwz|k9ypg zWFUN&27pFRAEzF~39KRw3QA1!YJR*PWR7>ks6v>j&_pNZcmG^cQnJz_5>3FlgDYAGi(! zF7yy7hTgJb7*>ZQcD3P>m-q4Co0=DkR$#3` z8X`qf_f=~S0iA@5pP$g|`o67l{`OEen!Gm8Jc*N}6Ku)hQR zf8AHbGBM(Z%(##>I$Wn}0D?7hgcLDuZf^dUK*`9-ea^}vR#8<|Zgsa?SX$~C7=Vuz zFu|{@L?;mtad+oBU2BhmFzfLAhY)Ji7__VC7ntiU#CEwYJKnCieJX`guY$Ln|4I4~ z=9OzEZ$_cNIFH$3PnGgnlKi?lt%G$1;eOlh%)Iu8a&f!_dG49-v85mp0LMEoo~S8h4(gXhK$U9Ck`Y!c)uAk(FY zIQFDy9s0EflND0itHe!{8p5$OVk+Vo(Ef-LpW38jRSeXd@Y@E*KX+Cr+{?6n zj=LtTJv{JwSM>4j>oATypLh58IIcZvvXyIEmLb8LpE%5ZSmh|vZ5A7#y0MI>9qCF` z6tN-0)SUdD{G9*%4H?(8wqf)#d_u?xl0vAOdQAF(&}OXsokA6092uWD0H@Cs=f{z{T3u7&ylFcvA2%!ahdEBDvr#2>y`k`O-0l^ zo*cnmuw)y0IZve1dVagPo{!ScjszgiIQLh%nt;lPZ2+&K+~uX%h|Vy_Csw(R`M8?8 zRFhL)bXWr3YD$=JW1U(ab7VG3`p4y)nkkC^&B2>uQj zA@<2|Fot*gqFa%*`MU2pZ{LMNuu)`W$x8aW4}A8|qUXXxbH(n|5;e>H(=dzWdJzEp zB9F^)=j~&YYUyeNzYf5>X>Tue;GKlY<5TD4WBb|pU9%A0t*vQkxy-hz*hRJBs~$G% zp2hYkb1#ySzB)>&I_kbIAfAaeNtPdO`VoO8LsiHE*L{}hthnASf+OGrdE9(lD%5wYmlU0y#}lA0~+Y^_nQ!KLqM~@a{4n9 zh5>34*0y;5x3*|Pi+Dk@>F5(nrh%?mxxS?z^mK0@_kD=k4MUe3y2aZ43(&fCVKnRCQ2ftvRA!>!+i;k%E3C*X$AxodOO zv@!U?rZ#>zah#dd=&)l%N${jvFOxstsbNG(csJC7ek(NX=f0a0$v1vX(#I6CEQHm~ z#WHLnn|GAH&-M@HJ|syOLPH7ZKI;@E&mO`(Ez{gZfC^34V{D7kH$8>hi(OYsuHU!W z3X$b_vxeqV15W#I{61PfwGn2_C>0k0Er#2}?)fM@D*G#W>FWfK-hW5ttxlxy@5x4v z-rS?yeQdd_o#Evd4snmg^^cVm$2l-wE1^VAKU7yzWPTnxIa=xeS#ekj_7z6)P|nAa zYgeR3R`;IwD_-SJyCeEK&p9X2;>4_}t*y-qnTWiaH3p-+PFtVZQeKpx%Jk+NSy|bU zFHun=KfNx^V|1#MGCx_qYG(dKX>^s5zqu*oKya5KP@b#zE z`wwh>rQgiw`e?R4gZEuJ{8X1>Dd%^-4Ji%0#;0~p8QSLFKTt5}itgoQHzdrM26I|1 zX%>3X6#Tj$@`_oQhXW#-&hS!eSOd!x(M#yIzkVEBY&AAifYeo0qBnOLvyAuf^W~w| z$ERXv@8me@Be1$NNCnE8X#sN1zeV$#x=dZCQ0r&-=W_U+DPE@xzPbcjnpW>TJjB#L zo!O2w+1VebQ;(Wj20g~zj@WuV3?jG%sBZTmSqVvG!9)zbO9t|BO0^i^(TrWIkQ_9< z+h1mWrUc;*35W7;^5#SWpdW3b!0EgJ!(JO;USUIxf!Dx>&m8NADkMdjX9mgDvi-i1 zL#_75x-|OXmSc(r^a}K**hO(UnGL52&7*G%$2&*wRG+_@4@LX&s`mRLSArGpGTJtP zwDT@CqhpJBsw_1%wZ8>wM!+i*UP|dg&z@@t+H5~gb>CTNL?;Xa3=JReip<+iubgz( zQwOl+sCiS1wqS9 zl0ps}yE-CAzb>U!1~%XAoFNKp=H69l{s=mx2lCx=0+bb`g-CF%MNe^-G%t~ZL(|03ZS5!kD z*RzwRs49u(+eeK7?6}aOQ5%f4Qc`#iRmpfa8MOYUWwyyjb<%nzN$f)z8t6jb@{^%h z*46gXy(Pk2un{`Pq(e%lnTIF8On~CxMzHzUFy1>erx}lafY7K>Nt1v(Q-^0oV$uom ztS*UPQIb?eto`89t@Tvn#pEJa6DB?m)uY>>(b>atZhScIO5rve1Dyu`2XQr>LLvYw zZrjrug{=V|msl{WE9zI3Uj{`Aia&|+|kHEm8%*VfM<2PRowb7ZzA<HZ%v4d5RWJJ%hK z1oM7-E8J<9e^#x3sq;ARRUcmot!GIjgJO2vw;Rt7h0{-WX5~22h~t@2 z)2F{&QBRRW%o25Xw}~Oq!&yGUP!`UO)1!Qj*s6kR_7z>(fakA0_@ilTrkYZnpAfX` zTTsuFrZQ!-s5%j=%yUI_R|g5`{UpC3_XK0)j!To)oAIL1yT1i@ECwFTePCHBC>4A5 z%Ky+rZm=6O--d+q#4g1d|7*4;#5<##0&j>}Hkt7#BjF@jh9oP{kUQ*GC^>@1oM0Ek zX-xSy~{7DZdS@E##Kp|2Xoin5Rml3K2>V)`=NMVeGFFtO?6l@gmrL#y1VdZwe6}pN8jXt>(1a&ioO_6Iy zeXT{+a&CJM|MiM(8?H&^65wM0LQ+H*^ZPPF0Ac3j*!Dcs5(*wTGUY~mVe%w_1O zz*nOV#oX>z1B1)0Ohb+|c|ZGJO3I|>YOud7LWGne|9eta(G}j*t7vg0kz+Uc+CW#q zi>9P;Li*ca>g+h1^e3=$u(_7zgFC}w%Il_hzfF^yp9A#|E55_N#00t3=HhurjUI{f z{J^%gd$U2Zht4U(RCCL6e3(KBa)v2saxWXRgEs%&H~B@vOpK^G00O~Tx%=lgOop>4 zsn}}>$*dnhjFxb?m?&=uLpnK~xPGcUN5)NsGA?my2CMzx4EXBZ2Bjktu=U1Gmnj#h z)aDbNFYOi1)5KBPYXp@qv$?rivTvhKwth{0HeI#&q5YKo>Scy$g#TkOf4U~wdBys? z(ytkwcrGS_)qyr*BeL{Hy?*y4I0GnrqKEdG4UB4aF{tgDm7RKaQ&Ma?{v0Ez$ZO>t z>7A}bF^}o5g!TR`#(parR=b%&oJ0_X^V{Z{atYVcQ8k{BoD6e#imAC0ii$+WuZ}N6 zZaL&+-w9S8eJAEb?6fX)JGz$MQQtdkz&pevgDk)kk~ z+fhp@YY{y-;)k$Z)X~dgIVba3uenOjQrsOU!KCO+UgrxUgeK>zh%H81aPaBMbi$Gp>f^myWJ+~E{9da9eS+_CaHtJpe76NReZCtSnoHqmw zwT?wbi56Z-VI?REl6=;FD`_)U)lsm?EsVJNE8|z?mu_&bIHr~{{T2d>^^8{1RpJ!M zSqL2qC5SQZR308JK4y`HA*~5Qke*Rj7Ej1>xlB{a7u#jC1k=)y=^iDb#o+W6Ss^Kj;jbT@lt8(vE`jo_Zt!!gPl7 zc|}q`r{jEvesz6l-xL8@oUMp1qvNGWVJ! zsjBW)G1387PltAlAB5@4tJbC4{2uvo+)WQBU^|%gGK4dtau3>pl=jPgsTeyjY`dgmyn zaj2)G3pHY<;*np-6SeUj9SmQ#cV&bxKbPqAn;54<{Qt*B7XrvqvwG8J~dC zaK$a?%Q!IldLX)3pL2h1pMZkagx|c~&hiOcD{udLz*0@T-dZl$V6+@!@UtMbIs}E_ zc4)D|GUkVzpCXQS5MC*>BrL^>ZeV4RnP+M^g6fmqH84_O0Yz}Mc2&BBc_>PEwB7BJ z$}^mk6x^gZS^P`nP@AGT#%ZpVfSk;TQfQwv(4hzAd6cXF_sg5$);tTWHpM0xGoMw9 zEf*Gpc`f1>A0?#4tH0enrdKfrPid{iD9-d<^HvYtwaIqaYa31yxn~brYe?+)5F^Rq z3bdeFmwUEKLl_9H^cQ1!A*3NOau&DaglMV0qq>>-1i8;|3Q`h_mE!A8B}(#bw#Pc6 zhulcJ0#z#;KT}Mb@pRyo8Dea6G1+FKKf9$)lqRA-tY=34 zJiE>J8DaPw@JPOQJn!>589y{IRzkj`mvuE9yp}-)$J`hEfpgLVNa)C3RNGO_uRRp^ zq<2e6q%f^%w0g{X4kAQ*zEG_@K7sJs7wLfnJ} zj--3g+IskoXr-)m_k^Hz=RtgRXQV?5_X}^R0DEZ(35k{B?Pfk{lr?+>Z`}sKBn|wCfv|+s7@$v$0{< zJx^FqwZqW}y{Iz6#L2lcI}}GH$&7M2po>202A3A!`WKh%m5*Lmsq4m&)SVgiL9&hM zjfaLH^L6nw*LF^Bj<<}hcP3L`%cdGHgLHd8*{1WO(-&Mq1K8L&(|s1!wAvbdiJ{k2 z{kPi{&jDKC;l|aRhqU%P6kbrHtFFYQEahI5aX1SBRSsm+InCoVT(~ z2YhcUXUP4nOj|3BT*=(6wWF8IoBNq@G1m<+-g(X|TG9ky{r!Mpu}=JKZ@t4=XU9Rn zok0e`4QBNsiLFdDJ+;>Clt*sa{cZJ`Z?K#Hm;`Ql9*`0#*N+qP$xtHSzY~9fV+1++ z%D~(Fb5(bt+x}#a1MA!6upE&Uz$-l1BQVel&^l0pU``UhV=`N%i*>C{f&`6Rn(llU~3kYu5 zmpXoOhvxEY!y;c?t#h2EPJ1dxSkYUZwAfLr)MbTddflCN@0I3;g+rB(BwMd@^?2Oj zXpG@*37KpgW9f%NyIEsvf=-h|GqGx9UCcIaMeLUA-FXPAYg@v3ItkS#y#^e98E z>cd0Z&M_bAV7Q;SU2Y!Y^cS3nbv9C$r=ehw6g|edfuUz>OK$5p#&7*PltjMwMkC=P zb&AX%nlAleV6xTV>ve8=&+Vtyhx~Yw^6}M`)7=fm>DWejIH!=CxBcSG*f%@iAbP-4 zH~cpzqL?mhRn~z){T6s&7vRh&f!fnm%cP90Mk&K)~JW_g)QR4GS#Ch-eZ+ zR@f~a*Q|T(Q(D=59p+Z4D%6QdbM0a28CU7=b|0tI@1GpS@qRXu7{ z)&YHPeR50d0=oi$6A-)A6Kw!MP|;)br(|M2(gDbYTY0yg@~3{tA|{U)=i5Wj_lw!h zcRT?&U&>WuhO-U~uPxZVf9GtNjk3ZymZxzgsFJ&ex%KtnT6c(Ec2=%_^atJPp5Nb~ zSU>G6diiGIZ=SCcL?J(8J=I?}a*XFF6mRrnTkM=!?t^c`pL+uv_IKQ-4bd1)0a@ST zL*p}_Q&Nj2rJg^iP1*T+(I{t2qU6YT6#N!7-MW$ed5HlipuZmTv*me0zpoUEqTVMO z$x>+b4L644L{_5)@9UB4E z==;YTh!ea46pw3VU|zlf9A6#2_FDODR|mX8r)NZ7y2hs}N;bcY8JUh+$2uI?y-Z9a zcE+bo2PKz5T)TAmMRWOiQ9VZc>@b-)=s{6Idv&B$m1$+ro3z(I%c_Ew8*J^>b5DN(G${nPYv zlV9o96CXsKHh(enu(CG5Y7ibn3Mw9GRAGvf#}Th5VRd1AvS%eS!~%s{w)0uOd$d~o zrLEems+g!TF8ypl{(iIA{4?vdKC4$Df83i$MyX3{&6M;s!<5f@ttVhYjD0rvAbRTV zWu?4VFfs`c6F$^5X9P`w((jRgEao>w%q=$z5Svx2^*)=))+!=j^3e|o*H55SF4g;ik*R(^2DB;oYiKn`SfRac4BAY^ZJb~(s3y1kRO|-O+sAv*e9l>s+8-o7u{twE-;e~An z^PKD~hyCWYvT|K;93riI=ry@~v@+WU1q(;H`ut9i!iz~9qj(hMp2OQh#21(g}`%bzulyyK#e8pY- zKtPR~gfsm>&9ipEF@SVrQ+Bp5J*_WR(`CtPB!cyXYri@=FmL?vwzH@NgUGHq23mQd zi}kg3j}&wZV~!F%x;u?`;ewey6hf zPPTj(v3fL5(WtDqoOIZ)n}7tNvrIXI^UA<`+=eXJ6QR2U&`3nPlOhRq%9*&>d-zKJ z*jH9QU!aduXyli;Ddd|O!N{WVw7`4hr7MalC9nkbuAgZ%@3}$cNKAdYB*MR zr;iAp4ue!)ej2h?R7}^|0_|i|(YK@6&+=2lpI`l<0Q z>+4b_el;`bpq82;C!34=&t~T7+Z?V@vSM>%gfa%PD#;$&3`!MTsH}J2wOEmFA?KyN zN3W46gk+~iB-|hvOGVbN7tEV11U`W8idbzh8Rg#+^C*+}bKkb?$=(xiN$MUdK5$Zo z3S&nfM^#_T&9=^B(XFZc!echrM{!ZL$isa%{_p|k z&8;-p-gz>oR0+{ei;WdEc0H3ebUNMl>rK*wKr>7}H3Uvn_&$0lcI#=RAStOZS%g`3 z%aP{T@M^VF&WO?}x*V|Uq4)8D(4o%k>r+KQgI*y-;*)FR07AXv-CwueaqLIm9}xUTQttJ+F_H7&egJ+Psm?-PqCobEje>sbtwM>3!ze$! zh%cX{OqCeOm{ToLzl{Mq2I2p-om}WKBWE~gKOO>htuQ}s8W`f+DG|@SWrQtUO)<2_ zaRj{?i!ch#;54STHom$LBc;sBe1NWEUD+|Fo_QOhM!v}DL|+@=(u$k41MTf@C%Cg| zFaPxu;%wH&7R9d3V1Z+|$lK?OeMRYK?l4u=UgjycGG>DwxI>2mKCioch!3_-@AW`s z7hXNyPdvk0F80=eX_Ng)4@##4j9j2=XjHry`cg*GG&^U|&OOI+W0H;9dkQ+LN&aAr zGUsmk=cz`^ofn7Ley|H>1c%c8N7p{%LxO&|aY06T)$y_oFWM%T$(=IA7R#_@n*Fdh zkTseb8547J%8**%I>{WxdUke3F4Jmno3bw){>YB8|J;|haV$fOBjO+K{mUjj*nB%;|+7JU8TTU>iHa`m{A#F@KWvLa_6 z$I&s-t(!lQRZcVc<@7$w^SZpzr8Kq~k~}JaKOdzDDVJ(*5?FV%AiSpi#Q5P7GjwQP zd}p?U!ulZRC%sS;Hguj_FTu}CrGPnn(GR+tbs6f(ib17?%V`(7ZF-b#toiCtrlB{~ zt}Y^D`}%QLlh1k4SGp}J*LLp%-nU@GWYC*(_IbBWb&$l!S;n>^=OmW=WF1#uv)3`v ztxldh8#n7*0XAR$ds($q` ztan|SJGcEdfgOIR_p}JBRBX5V)G7xW%-uwIfTlcfQC9u9vk4_>6Ho=C=-^TMCZtY4 zi`kAU%;eYjeBRLvZuXMS(i2jDF|zk)1v13#qDKrr0}KZJSn7gizZ@}%crqp2+Jtzi z>qE6i)m8-f-Xl#d^%O-Hm@m9ajv{QS2=uGqCe!QOTcPg;HcC969=tElqonvwR%Q%! z>$xmn?`I0z0uV59zVi@1Y#~Pq0#IJ!2B(hUt`EZ*`tFDUEw>EL+menWSk63q-tOB4uwu$RLNB(# zdzqZ}lc2wRMTpSjiVQW&i|cx%5{yHOe6XTFOkZuf9ck1DfGZdtOharw-a*5K;S}2+ zZu=~sQzh={hA!vdkaU{*i=oJ+M!C6g0(HS;V-4btlBrCNIecGpGxLo-qEw8w34E1A z^FS-_Fh8dJ_Q2{D#97(}sc^&&;7!A9t1hekFOJ93S?iS+H{|(h{g9|qVCajIQ>pVm z<$!taV2(tX`JHb-egE;p33RIe>C>mKZc#O_yYo-wq+KBJfM9k_-0j)E zeUDF(B_8Lv6tiIHqF|0Vc2VVJ&ISI#-6($H`iM{P>fx^p#0#4!c=wD<0p*DM|@!X0I9oBxLCy!Frs#{G>H(W7z`Vxo!;A@zO>H+0Dc0kam&!XE)bOP&b8mI0v zGIFXTm%IV`s-a4LR>U`LvuI4woB$)s#bVb0Xk@>Py)jv=%CozZ^c63}d+^-1UCz|J z$65^7K!OYGCO|W zigZ}cEOMWPdIA0AGHc(&qZ4$EZsT(#C=C8#ABW4WS~v0CEC2)LG6D>(p8nF(7ce)) z5k-0oR>D1`?D`9H?tDPGe-AIO*S=v=eBtt))&$ygy!Q`FN<@vi?g(^7cvk-D0cBecQ)_ z>QOPu`K_YZLf6bpcq*&91+WDQ+XM=XQ1%yAyN1xv$aq77f(QGYSgsyn?#;EnnCGvl zF|Q|8!hT#lOqG?W;Bms!hxcLKCa0j#g-*PJ9EQB7>^2)#!k^OI(@de?9do7KxuSG$WM zSG)M<$s(xXhH4PXgV3BdzJT=-Bi zLbtYS81;x|tfm#1(MaHZZ2ol8^ zSpnmG;dy!}+*Z`r=c~?{-(g)cm4mE&PqG%dil^7RFVy$!kR%kl4vLc>e_8LNniUGe z$A{V_MMFvFGa$>MK?f3Nf>I98|KkP^s_}m*0Myl zvB0gBlEhsWP|NtaOYOt&b_bRxBDtOyXGO{jyMX{ESC8Vh1ktd9Iqf~ zD~}ð-F^S?yoWp5z8r!CrN95dVM^W3S_nnBax?`8VFHekz^job|p80TodBvv8|8 zxWl@xK;my7hw0Urp`pC%%d1eV7RqfWhJ={y^poevA!ZbtTHFFDg_4M^uCh}AXC|F< zZXmf?d`iE=Q4=1SPRs2^lc!!sndDvA#9Ig*>8pmBqJFY>JXri+UBkEBbY5E@1clNI z2R*yceOqJ}S`SBTAbh~Bq1ozh@v3(UzQBY_rLKt*HE5Od0%E}yUnd8Eg9WY z%XF;jk3I;@dGUjIune=Wu`sf4x>vYY+@_3Z#1t&@vYI$fJaTpdMCsBp4KpNKI+Gkw z-(uJsb^Oe74WN^a=}+hAI=Qm|&YRe}lVpWXZ*c;zJmB0 zJ$!;tS1X|>QpN$kRS_uB4tre&#aI_(;MKp#^`q!baszu-F1_6>zG{=(g$q^1<$pr} z4RH01P(<${W6|Kh1TtODbl*k$3JnzZn{J#GYE;*VVWuc)^1(k~Hmgu8iIo1~)*sAw ztt674&Aklrm+Ku@Lgfc7kJYB2d z*$~o5d=mV-tjutQm^fN?Fuc=Ha-ryo0{J2;<*k9WzSJqVSq@^TokL!mE{+zi6LD`q zTP{kvLMtQ6$%jdm-WX*&rB?6ml1+3<#$^p3Sat|BXIl78k|NM&sT+sgTi}c4(tL6V zL^UmSHjS==fTP59@XS$BMMh}>EUT-IEZ_UtAV_~Nwwr)3D8re)V^WCurH^kF1R=#& zKHU79QyvdjF*Hs)1Z4G7eqDzJ`^PDsT!z5g<#&;Tmids}hO7ISp+5QD|1c?XXn3p} z+-V@z6i9O{6flx+4Gu`NUv00sO3t1`waJ|;*wwU)u`Dubu`oqpd7}o@+_FQt-xM&o z=OXxGm2W`%$LRg;iEE1S+QZeS(Yb@H-H{9FU=Lms84c?nmh5s4x;qynI#W4AHL;hp zbV$orQ6?kXh^H&1bDI*rtEsl7JjwhLHh#6QDu346(np<7=4rJ6v5H5~sK|BqL4-@{ zy(438taX_%(D(dX=>yme@+Uwu%2ltFIe)rpomsmb4S2D2>u_A1nS|+*ju71GojHW7 zX|g}huAP057!DO1sjnp@_{haJRd`y>*7J!K@tJvIbrp`z?5o7Dv8l?`nWBt#`A#Yof)M!qc}TXXQm1t#%6K$Gb_dw8kSm-wvfXWT|2Erlow^gS7 zpU*auec6PBbr5MH*_jSVAc9OMP!I z@xGJ8Q`eY_sqN(?XN5rA?MA~jsleG&;oJ{`^}dy#><+&`Ki|YI(R?6Se?If>FoLT~ z;_~*8(p6X$Im!YL#p6g-E)R_c;3Cq{AQv+@XggPeXxdzLUSoiJ0{{}fjc0V#7N2NM zgX&us7d$p`BtI@w$yluGQq-+LrhXu?av4wv3#`WflsbJEq9<;HH(PO`k^av}{Of~G zC?)XkT=@~&UtDk<{I(RhhRKoTK}2rhK$l~AD+uCwDw@s^`QaVA71c4iLk3;7t;x0t zyrW%c3xF*zliCD7-uZ@J=o8HMsf`c(ghJ?7Z<18^tgkFWu@Zm(spn926d1egJZS_# z2$HJFTlA3w@0ele zpFqMEdQR~C`Su$f3W4ENZ=ygJdhiC?emJP+HaBHj2z5dx!Zu$X`6r5mtTo3;D@Ffn z@c#Uzh6&+L`t!KIr#j*pGiLlCOi7k$HZZ?0{AH@i4O11DTNb$5I0+UtRR{1u-(B<{ zgo+unE2~rnune)SSl_$43~Ao3#^pWFzskzoL&uwV(+&HwT;g0u*LYa5x_ONxES$dB zK_$et$*gmVh4b2iIiC&p2a{R4n($PkvJjX@?773?Iq~iR3hC(K_*r?m|n(o zI|29wEz0zNJd%1c(U&PhCJ13SdV@~%zjGh{nPxW0X=#Z3{QQN*{~~z{jgCeo@#sDUSdQzhPn9{$UW{mul*&Oe&1xcnaw zf`2Nr{1b%zkB|7|y0jFysi~=*6gcs!@A(5kKA_WIImwq>FF#YJEmbK(D%Yrrlp^(0 zt9~4YP+&ayY!9F|G8k?Cy{9@?W!+yy;=hBph6S}m1b8rlpddJOX$1vI2u)0UdOB_F z+nm4BR=V}J8+r>a1rY~h-e;>Q~_j`jlEX|mVrDDyv&XvzKB#!^$Lw-U0jSTM51Q@ zM?MJQEo28m9{95hmD~PL7&Zn7aV{+UN{1g|ll^LsX{_LT1oVh-B$LTuuZx$vmSP<= zGAUK*aPnG;xI%mviMlB!wSl`Pf6{!^xfni6yvS2Z#Q)}FP$SwUVIU(Ru?%?`vlrs= ze~=j(6g+Bezo+1l&mmc9kfx1<)AJ$}6taDQKaefRpLA#=p24{o4WoZ>Zr9sxq%Xhx zkEXo%9U=}8p!aSHTn3k2xv$tu2j-5}+I^f)G=Kg2Wvl&Xv0#vqD68Y-+H3*7ez{&9 zJ|>#*obQhuKpyM2#wlcUyMrL3`{!*=em9f-S3kFw6pK_g@2>&QwJ$KhzXKwUla~*R zeEvspOP&8wmLT`V4wn!Roe&bi5QTZ^$EQaK6U7cd*ohdDlJehM(KuTcnXhu=$6;Ix!pXiQ6; zHyZxu*Y%GQ^5Aq{`=?TJKO(*U#UC4gTOhP1D=IutU2vhTS9H-tGoOA zCGI}IOodAI|Nq{)Zqa|P$$~&2Alw&il7A>GqKpsc%OE8t5^Gear>A#2O|+8WX!f@d z|B;krlE1pjL7wT~G&*g%zX?(CRNrR+YRW4j;4xu#cGV6I>;Q?{z-E85f3oc`mG2-k zQduH_=L-M$i)hy!^1sU{2q?r8@sz2 z8W^%_ zqvC1oPpPEt@OI%!4lOdlQyO=;$FP%tEJ@qnsHMplH}YBM;y-Q&=N?oNR+_=*q( zne?BIsHo2w1${*ZV>a6pqUE&4pm64v&%Qe01BI-!px0NH$raLr`FiH7`VuB+3fHiw zxx>IB0c|I%DDGUt94!fyb-;?`+v}Q4r2>NEjArA7&zJ|(QyS@A%`?J#rW2aVfiIq) z6l@DMtp7#TJBG&@cJ0D#Y&(r@+jiPCX>2x)ZQFKZH@0n~vF&8yWHP~?zR&yYZ-4i% z`^OyfXRf){TIV_;hb{*9Ooo+k({gz1^QZma>YDmh4{`N)l}(dxPXbJg3H%t3n+u!i zV<>G@fYa*voE4iR^IbbN+1+}ss1Wz{)qB@mJ`)Z2_lQfgMF0W!doe)4LwU1wlg)dD z@R~dM7%#KCn4=RmuJ2meh4b%8IMSC;%Rb}wz_k~q0bF6^ksd!0&u9}K?T$eNEmPS0;E@mA8+(ZyM_Kyn|I|{*kX8`5JhJ~ShcnWg zoXcY!QVki_3$`Qv(4dxZq}?KFz?mB-)kYoRS53^M*tAqF-Y~$L>wER@;r!X{>xsi@O~F#wGX|0$Kap@gT~Y3B>=v%PkGKjxzVJt% zl|{2Cxb2~F&X6EJnbT54pRhycD|p|QHr4CuKOhfE6ZcieZ^!TOE!l7$7 zy2@*J2yUg!z^0q;B0>XY)?K=k`S&on>(wza)Oq1vW~ulPF*p$MbmJIz2{N= zc`)D)ve3OLW`+B=4*%P+#Qc#fENX0cn!z&-cdk>E$CWbmOV~ylZtQCQ3DVWzjp)D9 z8VeW1i*OI}m{z)Yo^gkIWrD!i*qQ&Prd2pq_$R+=dk-Sy;}94oJ8?|Gl*_JMp<-cx zp_fEu@%$H~Vzc3C=mWA}(u zsb+KQ@hZJ*h2+X5#gZyh6#mrtrjf9n3w@-SKn~pq?(5RTM?*t=LOFa{xTX*RA_hL# z>5G7oPg9h~P;@=Q=+feUZxS_Ma4*3|FIp=)PORu*L;Sd<5{ityQ(Z>yQQKR-*u_T9 zTGRUuHqIL4@MCJGQgDF*+*TgjUZb6$^PZOt5gKEvwXt6Be8-~T+} z{(Zk`IlWn}s57m)xnK}mH4t%-8rl!8rx$PG{tZe5#kM3mh1!6J7+@QupTE8y{(9u2 zh^V5luOYiH1#b{hM&~;jwgS+CptnSL3 zH55N=G1`xPQ$uQJ!i=U<$TV9PN}ofvQw#%yNo@qd z40J}r>6byfEQlVLG3X$;YN-9qF~aMo9%`eBj_S6mcWGEV(f0HBS0=%5|DX&olenE) z-{6%iv_);0;b13H6MV0yz$kPnV>gO@-pl;4&L;bx5hr|<{hz%s*f$SpFp~o8>x*9x z_X53$&q!LAXc%xvj8`XyA1|0}7?2J&7&xJ)qzw{Pz0YRD-0%AR&A{U>uR9}rB|PX^ zxL%n0>zLJ00b?4E*|D?xl*k{Xe|>FP<$sI8k76VoR{H;d_9*-zf&gj5zS&~9zYL=E z3Y&436zb&l>y)oAIY%51bDxkj(NLaFw~ah4sQg6}UPio;Ug!}vODhMQpI&pvuB6Ef zC%q*fAHi|eVsJ*__OJs3si%b}?`YKQxghQa2MP(jk8WUzYw)^zOp_1_1~ES8e1+YT zT%Fq8$Y|Cc>saagvqlixIV#O_P2zkiJPY@KFe=G2>=O-bVNrO*9$XB@c&uA|99`$W zYmF}Oe{UQXG(Ccn6a*d3&?+oXY+wNg(Q_|`>G4PKKkDxPS$y#KVMza8_y7Di@FqFe z`GW9QL;&~*7xyOyK||TpLEfYV{MQ&Db)Y_n6iuZ#!I4=W3@Wn!BsYJU2FIDIxqO*z zKNg)_hW{@jMP3kAj6!faLisyJJe|Pa&1DP>mM*x2dRd(Ua#eT>@q;)LcE1fEZ#FU^ zpOk?bD|9>DRx<7~(LD=zU=3kAceY2$ckB|RB2hL&-BSeg@7P(seJVGC)5HyG9`K&) zYG#j>{mPYqzEBgir+!(G*pMGuR%5eU1n2645TRbK)iAq+EMJiDq~^`04~0NWAukv3 zAQu4!fKTl@%%LHmgPXJ40ru#>O6-oGRVGY?i}Du%x&Dm25SrswR6_@}TeU#Hx1 z9xmegFprIVo{`PyL&~P~y{mN!yX;NTJCnD;k+I2w@(bh4s0^F)Nw+701u%ZuGc*?q zZ%lLT;#(Fo$|%zEuH^lxUo}!4_{F~`%VD27$kh2xn|7`#0An@7P8n+7injO#8AF#? z{=Y1WeJ|vs$0_396W_W`WN&Z0&leA|{TMg!gYK;lolGRP;ZTQ{=iOjY&$2td5C=(m z(mrPug!Cq-2<63 z*)pEFSXE)%Zd!837b+lI@z!}|v81AMOX4Vd8ouOM)5=O+N zzw{5@ls4#+>mlWIBZ<)yN9>Uy1&3>*7aaXF0nK-YP((t5OnDH`ce}0rla}p~ zwCzgu;crs)J{GbW#avcSPgg>dnV^h~2w#Qk9?a4M6RlUO36luRVZ5V5$)V)z=m~Jp zRj+_9 z@jVUmO}lw3t47V9-DzBxb2lmZJTigd|2<;=`;y`}Vi*v4rHrHwd>W}xRVSqsL^&P* z>Eej=Xsa2FUV}6+Z{isemlSm4>nAb^&S&x}G>LbV!S_3cnGON;%}30?rpky_MKg== z)V}Q-rPuEMykg&)@^P;Mrw_dCa{c5_z2c8u$r}GzhXTuOa-~^^GNPdF-oTTvEvX5|Rf5`|0jU=7SCw5LE2_ z(ADL(g>chaw*T%+ddB-U%s5-~TxXTYuXM<2bNfwh+M^veootJ6)Pjr~^h{QhF&p53)tGQS23GYigftUmDKs!9 z;v{r>QTtyl+9ca~-3$qFh>gj($;s!jY;i(Nq-YShBOzkd_@F-CVPBq6Mo2)YbS7m5 ztqGo(0OhQhr}sNH+hR+=BzQuh=YB9iU#Wo6-N?QRgs#?4d{`J(ne>( z6B8)MOP09Q%bLk@FqqHFeWGdpe@I#n>!zGv``tvUr86Fj5eS^{04bWqnjJLlQAw`1P7Jvf5 z%+TkICp5`j*6#>okIUqCtks^lgp>Z0DcS9bQQ0oiQ*86UaH0Qw>amb;%0}z=(K!21 z4RE!0_)yMECndrYaA2Y%Hd#?WAF9M_YaF0H+qUeQg}+&1z|_zR=8?G$I8VYcmEyo) zp-+^UTp3X)c-)Z+>pQUW^h%`SMdPb-OLR(bQMx`6OVYj#IUds%$7iYz;5y~ZF8Pogf7)@LGi`gG2YOyI}mtj84tdgA2iHST8Iks(ySsbS4rgu|(MG;WWexRYDN=1Y|t>-k>#d)$P5E+TC`G>|7Ry zTML5u%hdTDLF{7adv1&}J8i#y3al{rp+&V*Ylk~$ueTKvVW1J;jmiXzVsEAy0VI|J@%EJ5N;R{}JX-x3UARz>^c{j{<^JwE!~Sq9nVukZ6M z?jet>k|fWKK06K7Gfb<0^;3sg-8jM6EoUZ;h~<_jZQB zht%8MR_$Q*R_H)U@?DEVe_8SO%<<*mhWG&0?`t`%Wjun^@BVPvqcBNn8tx09x9nyH zhjX2qhjz19c-x%xqhKP|uVorbT6_V}x19ML{8rMm8y40-j=D&a_~|L47=XMe$HWbZ zTTWm~&5Tha6zoF^rLhM#i?!5D>sRnbQKdUHPI93?`<|P17HY&1-U> zE6idKrH}MVUk`%Zyd6`w3@!xNYu=zaFgvTUB-3f7$#{nIO=qq&_z=4%e zV6RRS8GBmuNv+XT=Wxccl(%#a@Ju%fPFe5VwJ)!Z=F#Hn{Y|jvl9@aC|EP^v>%OsQ zg$rn*#X+;YqN9|8tG?|c-ZKa}?Blsy^C?@Ty~5UbB+({(X{kHMhe+UvX++qIWs>0Z zySpg-4|cA(A}9TT*Q>9P=oKP^vknS%GlQv4=S^dv?iMRO-7TU|J^3VtHjTSD%#LQ; z(g*FRJ3TKLXF$avK>*A+ECN_66a_xrK$G1}7q~B{P(S2p&7q~!)iS0fR8L;Oi|?$Y z*-~Ge0?6$V{|_iqQhO!{;SV%OX%?yI3RonrKY0xAam9E-G*}tT12;pm$FEiJU=G25 zo&+gyEJKJ3WY{C|j~A-T5u+RfngtF0{?(Stuz)wNH}QT02al#Po{Ip>2H5_ND##0~ zPiN6cMFtUltIl4$+^QuBWi0yi>d5!SBlv%Dl!H5(uic1X7c@T8?S`S1L}UC_%;ZC; zZu`sI_tfM&?oY{vP!DAlmFq(g<~Q#Vv%`wk zP{jLL{kx1?FytN+#LJ*v$P*HT+P#4uu2sW}uUm6}{R0oQ<_x9B z`SBqCmV?RWCyUzX`@MsSJ>LFZaQ=)lq>w!ZZZ^D2H?|6#AWzsV!_ZUn2Ue!VH=U~t z3BnG1KPuV-atIWczTYOt{p4B|ya{u0hJciI2wx3Ixk z(Zm#Aa%US!VLpsHEpmx|FFz02{8uXPn8wLAHqdf zgX`UM|IpytUU_|Oh(b>%1n}>%Z;XM4QlOVB6wah>)M&@JX~@sLgr_$-4jiM2%&)8) zY@f4)b;F6ktIX-nU?!&#qqXKNd!J*>$~z}+zVKqXT)Atv1jmuL-EdYTATfgKQfUdt zYtJiGQm1ylwsrcKL3~H;kZL=hXpb7sRGPXP%bibC-4V4l)cqe7vI_tn$SiY@`~*HR zV@b)xq8(JOs@{Y1P@`E;uF+*al9!zvbT(O_- zc#EIn+BA58p{UL-w!G|cqB|A3QCbE z1{{=7QH&dI8vKvy7)ioAlUr`D~MEbA5{o4M`Uz&*G8o zyjki^)3Qh#v>7&B18_{S-crQ(Y3Hpb$pN63&e?l4u$+ zBLi{z3cL<-h8(ISo-7s?11Dv|6Y-pu-A+O~4FTk)!O*lL4qLuS_yRCZdRGo5N!;Ed z1Kr}NNX1m_*$?#IB&W_&)`(SL2(!-d9TtyM7MKJ0iImlZL5AB1Z1w<(`)a{~#2Y?d zo2h8`Z_~S&sm5rqiXEr_fvizr6eE%zgkc;<`__MIc9K+s4Z)(g^2eLn6dX;=`CS>t z;he)G>o#Lp z57SORvXm~<3KAR19xxC8;u6Wla^V`Pu zIJo;Sq=Tsj=@IH_^veqq@&;dI2+6Cz>QO4qcz1xRfQI3C-qv{YNsKT>u??G-6R?SU zt`@VsS>pwI?rdb`-Mx94RZ*)O_SlyGzaV8eF?aFf>Hnh!Q(!veAc_N1O?xrpO^X6! ziz*6mA~I{!bSS>%XQq#&m{PFpCpqw`zo<4)UmR#3i435)8(k^l@K?p3EhYpBYr8s1 z>rJJ5XEu6Dzlb2R!SfvAP;Mc22IKgW3~WoW)cTLczf`9S&J)SP52Y4LHKG{GPMN#= z=!$TDA2Hly-b_u$E|5xrCow!U!&TIN=Q8gpqocKJ=l{8^48=!9Q7qcm;RwcoWY>qi zUXfm(_oZLEeJFhOI3SbstzkL_p>#zd8?CC{qD!QV4nhAvrCO{9H+qUFrpD%yVbSZE zJSDe}Fm%lfvQ%QeTkO~N1Lf_J5lCC)#qhY5SS>q0f2F;(`A?hMvzKd&Ny3%qfmh7) z+s|*|qc-SUwF}{IaB1)D&Q5IZU4>s!28o2A5tqVt71bqL-6OVBQh{=($C7=M@cXP6 z6>vqVM<8nly|+15q%4x)THe#Oi?-JuJ}WEzzK#Cy^CqK0k=}VC71?qCl3m?YdsE=% z<{cdH7xE)PD+#T$z#RJQ>x^J)r*s@jUD6z?QQ*R{|8(~jE3o!sW-#O1DbH3;xc{iJ?gWB-?a?_V zMD63O$A(qem$Y_}^SvY^@?SdV*+ImCjvtWI&_)VH35MYZ-@H5axi4Ox`*lRvN<#M1 z;8Y`Q?&W_5c(Y%GAo(c%5pF6x#`7N1ACGjE-hv;E0>8uB7O- zjUa=#OqjDkG*A1q zDhgiy^!GmkL~0y3f5VD&>C0-I$;;-teAPZ(1nq6kA}QCj&9w}mE~@rj^virP8+gAm z`vNv^;i@OuU@Er+m_J;n&u1OOU=$%P+&X==?ypby5(f@LH@_>JHz_y>N*D0Nqh{O= zQXQKYUn&b*vJvR>n#}?;OH7*4=JF5n3I5jSzZ8aY9agg4}lVS#Mr0H1>D;-9}Fi%ed^Av|G z^PkbtGnkG5n%?)P822|s%x(n+(F_dbJa$I+>j0}?5Ap3E*}NfxMONu-7G&Nqopf%w zjPD4`A7dXS)Q8ga5X-iMwJp>~zHU3Ub(;0wRN(BQpi2RX>+w8vIFZz+7b;%UIKgbd zY)dl1sFS^zc1umS786U*Gt-U7M_(bE-&|U&1_-iTdPd+d-#@jnfl2n0`;)78<5r{BndDgReC+DwIEWubedM_|@Bw%lj8)`=PNLjHp&KR-_KNa~n)8U&! zG;SMYqe)f$QutC|Y+_cPEOO>oEo9z!hYk9MwB2duY02vJH;|hJ>zpB$C*kVMs%@>6{%)Q#?J~MmRd(f#DZ=!L1UFh%F-X8))M(~ zXO5;N?`aO!6}J)a1koa9I>-RpN&g8qaeff|6K={~ry>H?42v6u=Mr}3rTt)RTu90+ zzzF;NKl%Q^1$M6CicgBh1%UBm5Gtg#dm>NcHz+(fqYX;kLgZP)y$j zOV2>bs(x8TcW{#eatlfxh_GGniF)rZ|H&EIG#Wfy1g++PQ%=_NU3@EwOF&CSKz|iD z3Z{|H|cytQ{+Fk@w{Sr6PYTO*`xV)(d5Y%z4m0nc zk7Q5F&5w8CW`&qjd|uAeOm=Mjh{&RZXW?aQLqJwCRS;U(8>-Fgy zz@Ouzf{RTC?>BDEhyPP?upz*kQFu2-LHv z(`qP_zFXSj&JKhvr)J}ixPX;bL-Juz7yOL*Ei8^=h&Hg=RRGKnfLY>c(edvNS$NHz z$cNuZ(bsZ}{35F&>Pl`LNB7p>pv1Yph;&LPjbN}^R@B76%tgL5GvI2&SNB+0%jV9& zU9BGo#FR05WoTbq%>vA60}Exho`+|fr_ZTf)TkLz=H`2&i_;gS@YN}c(%-`wjgE0O zJ->VGsusc?0X8CXHDHbBuq<^t=akyJ7-djqOqO6QJ#b=z+(tZsPrz)v%G?{S$NG@Z z~ttXQCn{9|a@rVZq zxXk+f0)UypnRPe$zsFtaXwZyOWIA;lC1@dx%Qmm@0uqm-(ELr%GaPo?!+o`d>HJPP zuR2r-_FV7)WzaWf&I&#C8-W7*Gnri9SUZi6cu>b4;EaTOH_BgBS7`xD5PRabt1JHyuSUr4uXH{gr;*k{H?~I4Ui&SIx?M+S-NMj>3?vUS&Qv{ z2z>5o;erm)qnwR~(UpP&qXzz%V60|>!AO;@{HT*!9LHgQzT zgGhx6PtL1*T?p$OA3QmKt%$zI7zG&wf$4xpOxmHFAQU>)!zY~+{kBgvwASxCeUO$O zT%emUC6S43uX~jgL6*9W7QjZIOs+R`X-h%)!`6*XnfHZWyEin;$2#J>N$AA-(chUg z3i@`#UVpkC9dOuy^W`3OjmF^3D1@baQOmUn&1|(2186tlQ+*Ih5e%oGq62}B4UiEJF+#lL9qK*s;}OfvZD+0D3;jnCzc z7K(HN+ojEgxTG?)QYQRz@4WX>|FTq^L?p6ZynkFqN&jj}KRq>+TfuXEDgDHp{d}%d zk;=?%w>{7TIqy061x_Tg7uZ+!O$qs^-FVT{H*YXpOOr5UU4DOj|6TBAZ6TLShG ztkQphJ6;RkP7B`QecI}M+$>U&a7QBQed8KNztT6Gp`&hLwJ0!oeo%@gyk1UDc}f|i zeC2)9C>~RcT&S91nw*+#ka1h6QYBnl{8JEC2x-7lxu)&7tbLo3LTy%KsiO=>M;WUf zV`*f}3!Dk6(Yp!wx;DjR6ss#aNPC(gz<`qgzroLqBmPb1M|um#p{qTCMasdo*^o3v z05nS@H`K3;@uzqip1K?izWE%ulm|iCt*-Hs+QtKBH$}l}2KZ{Z4%Yxs51C?&Rqv?u z4FRsQ@)2Xa_!?m$OjmFsYEC-nbp)c~-bG;*rl|B<2_nj9tgd9}S5AT`KX{qc9Eu~xTj?5V`NRszQ2X2LunfHlat7~P#S*d--z863lwtrj|qQ}Ag5$&5NYiby< z`#1I0Mg4azdS7X>A4w{j2NIw8hLD+QM651w7+kyfR$hrzpEmTvTroAg_XnGxGZMm? zg$0Vkf6G4FJ<61w9)w|c$Nnrh=*Gfd9q^ko<^ACo+;!K2y(Br}Et3tE1VJir>n_f|*f+yZvME((5)rI)lf+P4klt9(RJ! z4Xva;V~{V-8MlJ+iCf1$i*B}T4Lh)uuA@N7F>vbQNSnh%rIE+Qk_-gGV&F$X!P z6|F8Lq{-;pI^7X_BDSyEME5f)dC17^cXT&x^RHFw{gsi|=}A6-2hW!(4Fg}(K$ByG z4-$q9nr3pvLlOEWmC}Vm-2+lK^%6I}3GUj&w|e?Jvhn83QgOBq3ZdfQ1iZ#ZqxpOh zbC&f84p?mI@9w@(xZ9^E_`zu63qug-TD7I*&Cx3#e zFVeMko~zc~c0`5<8%n>5<>m;n&ij0N*X4!vsJVR>)z@Mq&4AuUeO<$jI{pY0v-O!> z2O>_QzGk303ppR~+ESL@1{^Vd%Xp~t6;>DSO?^P|y;#`RZ6nBQ%Q$1vUFCY;pIMy! zXhaczPmdz$`A9`AGwU1RC{;R2LdSE7i-_18zcGKYQT%YgppJgx0a9yXTF)%TOokXgb(MK;dEwSH0*0yY6K=QBu?JDRStJvafFgSnCu0VGbqo z-Jjg$X#%2YN|Eqx-Mwh`?)`y~&bvOW%0)n}ivDg_2L>^DyWNT9{r&iho32FN{gWsX z$;Gfi54?%=Ey&`q_iQKi((9QrhiaoK>p}>{z`5bLW@rMF*DPY7p`~Yd%w~PP{M!Df(Q+|RBo=2X>qd^!)<^HzBbAoS3#HEC#{HHuiv?Ak z+4|+-m;|_U-cvY@-AIR|@EtBwC}!L5!?)|X{?)9VMO!QV?s#fE=6@?z+GXx#n$ku3 zLY>R8@Vn=W^6g&GM5(>V~|QgxV*VVmu27MbR&_y7a!#u%iI z>W6cD(%Z>Z@&~S?J+tm<*Vk8$cVhFI8r_bJuYqv8XLt(LM(buHdo!C7i~*6*Tevct z?Y)VgG~BXLI)S&L&Hx_YJ~&&$<5@=4f5 zoaHkp*_W)pR!D{G^39d>gxNw;P!X}JH0uha%?vV|f1{By%L^&>9koq3 zG}jAJ`%vB4Ez($^y9(mIFi+PqyL^Wx3oa`+Cz7i_>0&J7p>~r}+g~p!9c5NBv~;oJ zy%F2r4Oc@S^g0HZgdaZs9h$BmMA@0|Z`n;x*KsQ%WQ?-msOa|`MZ4jzt>zHk(5 zqobbFSNkyEMoAc!k z*F09iq&*aX$#yV}M|AC~OPNsnx7UWn*-E5+y%8I4XzlrTSU#f-uNfWX$avbqCnRxj zG3vyn)!OMYi$r0rpIe||GwJ^xTr3={`9h}rJLo!Lv2xOx}%;Du=kmx)Lw0u#D(AU7JUnyVHuZ_&6MV{KN_f#n6YeV{!qN(Ao+S0 z10ANCKo_$(fk^>U7j$Jg8ke{v`=hiw`<2>|P$m6t;Jf4&2KTrP$J>Rx_kN24_477_ z1V3)B6vMj}*^&LoaGHZY3dYCn2&#ZtAOiBn9C$tIPwb{-)`KRiiI5wjB8#g&)7?sp z>6@a&8BaBgxoYM1VrtYza}k(3zASg*P47oM5<5bwb3_8kZ)3AVDri10(Yf2eMtsVC zL$>Et9=^egNXU$cD4*!_+1H@MaB}b4;O2Njc?)Vns~;K81=f)V%ugHj^p)?gH;!gx zI#VWJch&wBp$*}0xMbHQf{rV}-dw!wdro#Az}ptuerBzTrM}a*t*KH2P8TUBfAS#i1a@#Z$?HS zdhlKK=h$#>?oTC|lT4;W{%Z)m^KCBfsMPF-Kv`(ksj_d=jD4fjC;VfM;0dEtG z#ikjbyXCQgSBi1juY@jV3&Ux#iTlaMahC$Vv4U4C)$n3tOqp5v2@!1Dh0WIA*aL<^9=eX7J)F89FN*?djS~8_ZL(Lr?LL2{0#7jmUc!j9; z4^m7T&L(hPU!oPTTzdwl3?dXR%(*j)AAD2|=Ax}+a?%eFtjP9M;Y8i?F>TR&r zNwO?PhN`gjDjaJ6Gfma07_7kITd&uzbiGQoOuyD;^E)+< z(vn`THzz7|8=g0u53I>I8@P(d)*Wj%{hX$uss*Xe`TKT7Hu97x5#02>RZh;^mcMJH zP(QR$W+wYst~rW_V=X_{0-SR6dt>9dUQbxZONi2n`s#id9ScLGrXT(Z*Q_m8vU(>&OGXgx^0_kOT(2XBrj1x%OmT-CL&+rn{v*4EOP+LlQ*wU@@kPl+_9Y&##_-VEHud`IQO~(Yda9H$Z#;g~f)Y^|a;mgy$FY zvN`9$SqkCuJKVV=#!_rQZncv`CF$rTo$?zux=@(1Oy2#2F46s$i=adJMZ>3TZ^D!m zZ{!Qr#h86Us&o2m)4(Ce8Y8~tE$jtA{9!t`FP@+V)#ua!wuan|8d^KNWfWARU=|2+ zppzk|aPCSB9;=ck^Ty!SGP;P-R7@z|m58J;9Vu4?Ne0=mc-dq#R_V9FREL?#;P^N- z{ptgr)nAK|sL@RJB$n2-%V$bP+JDgX>HEj0QOIotj8w+or@TlkzSeK0Rn5)S7yVoT zg$s|_6t+`%u9qc5>-Ez5w~!@l(mQdK+E4Qs!gjv>CsY%AR7TpKlwE~cYmIkxn%zm4XQAe zgmJic2#!FWt7|&&qEZpCau(z7FEA(+?p7N5t&_0>Iag6oaNBK>JP|Gh^|Y(BK8Ei4 zi_&_j(dl6Px7By@eMDi3f^L(!Iq3QRx+AsfNEK+Pn2Xt&M9`~-BCA*bmd%ERBqA_) zgFSECM=&(YA*{`^OaTGiqaWiyAp;IVa7>4iT zD@{b4$qE!MEX0tHrty}=%mrqWYWw`~z6ce<^G<>)HxQ(7`@3@XnV0ucRO6$mXKy2fhZ&3^sGKll8%c9afaSa5?t|m>1 z4H~oDJH}rGDK&S68TIc`wARdtq&uQ@vB6PvyMn8b58F>y+Lb5v?*%Bt_9+oFEbs1C zeH-7YNe?}+%u(WXW!Ag9S6siUSzCq^;E6GBoKK41W5n9@NsW;w;bb3Rs1KF~U8mS* zfAMi8>x%p%)G7JWSDa4jm0RDAO`0^RQXJt`n^is?ejXSxe&0K6O?3`Jbzg!)tj{KDg!6%o37l9SV6`9QeSI9s^{%BGfJoOO zb+QCkoG#L5ky}Mh&vxViT(B*@r42qZ77C@x__!O6Z0QdO1zYw~Mz9)ioo>bj7xax-&Sdfso|4bV%?{V`IH6%Ti1o3Gcfm%y?s|op!$gQ2L-o|ki1TTBjW4xzFtM;m z)1&sF@Il9w^txpTPk5NHd&8kl@)KP%Q$=&CxA8<9Nxe8iK!kD>;rv9gRbd}ifkx70A^`FUM z^otMFX$(2jD^ZV?Rtp_5en9KzM%W+ndcETn3@u$}wqW%L;40ZJxZMvNc?=k7013!f z9#IVZSAOvZYD|jO6eyv1)cgo3J{E-XvkIejo0dPD8N)hRkCVQJuyf8oSCXHf$L9!J z$#2vA$jiQlyROD zXcUSjt~MGGDGBwo+^MJ9ln6cl$Sf^uER~MxC~4_uj;WA17Cu~p+}5)kuLkqE?#RHSFioF1x08>N7OU=;TQyA~ zKjDMIe8p4aoQM&y{JtJO^Nk1IqD{nAohoh`EHjkqqD$R7fzV2TTg^dHSw{!Bt9_pS z`&07w-g~B2zwUlQXDk1D^qV_L9D^gp(J?tcJBBfZm*yfa&W~ovkyu?V0Dml$kqWTn zY-9Y>GWQpO#Qs1M!%a!elGtcx-Q#!7j5=3wMuN(&$^V`a$<% zaA7*_?^{G)GrnrD>yw3M*OxT;dO{I?LA3jAX_ZCWWp*Zt$O&VK5g`p9eRpd9iWfrv z2s;6r8yB+Fda#ajaXaW2Gf~2>F5z_>S7i}^N?P5XeRQbqx*=qY$WA4r(*g}V&Kz`! zjzIt#+BaEQRv@c5$N0H_z%{av2ChDrr+;5jDa3#|Vf!YW-UYX5i^rud1=Z!?_liF& zlkP#(w1b5f?NBxG%n(eEbFGh-Ck^pQLmd+0=2$Zdqi3*|VAg;+Um|sE2ReOOLin55 zh!Okym&&tG(QJcuj2FRt9&0B%M<_s6+JI^f^AAn$wx~6q2$dl)SGGzThJ3Vmu%FI} zf61hdI*;%^*rTLqpUWxnYZ2YIA*?M`ntu88AAfw^THRQ7$1|V$+~}9kU9S5IB5XqV zkR3*j>kJty$6J44ioLWCf0?THJJPG}zSoPf*7Y+zK_|;y(YWE}c;`m%_Q(JDdn4 zUex+lVI&0X{;B0%^=HS+>}n&$8$^fvn+YC~*<7rgkuBdM?&{?4U%69LYf7M0FcG2x zoT2ePrCjq&>z$C(qo8(6{SGFPng^Y4gx3>C{zSIL5W=4ct-mJ5U0xrLQ6k#|PX+={ zeVa}Y-mm7jLZNBF(8eqVT>*YmB!1PyhtHDfoSglnEyDCNE@fH`(tU7P-?ie1Z^X7P z(vyiQoc~mnzG%R>Ovt2`fXv1|G1BearbwC!CnLf5QL({;_f7s1$0+haiNy<5IxX{5 zLLCiT+bKkdS?$iRze#`rmv#rU0oTML1WzP_!Q0WINMD3;2wScgn=QPQ7ODzIE-Mbu zsWtoOx`V>z{8sQLGkVei3Au}X`Ud>qje#x!(CY7pTG!R)yOP{cINR3q`v^XqfOm8c z&&mmSaKC4nuMk9Rx7(_u%WWOFk_)9mQ7ilQxq0dG*&`JCrNK2ehCTmctu}&+_@`z0 zd!!T?Q36yLOQl@WTYVJ<9$?CePx#&T%rhul#~atE;1c2&@VkAbqX2amM*hE7YAST6 ztKFVV3cW3TBGk7oGEX0pV50SvJF7aA1YA!#nAGuE+da5#DTdlO8@qLcU~fP;^)J|B zxDnn^EI6@NE4hL|Hc<~lL(Xu#YsHR<-z z9WZkXfAY#HMfRKw&E+@!<|Vj~M~+<&{hX7hf-NLaapS>xNBoSp|LcdsD^r_44v2UM z-*NFHQmyINhSx}e!H!vJR9FHbn;EBua8Jm7duUft!&9=$`}EI1tc&LJhl8HRF`3CiuZG^P-z z{S?O!-HhXn$e~+05hEpSsq{GK&|(<)5;t~AA~Z|KZ8g)FnIzp&A00-4_TG|B%`Zt& znbSVA#lhpW^%t>X8_+SE6de31qzvr8N$3iXan-3>+>9EcQnSyUFPNBlH%GCPUQWdS ztxiT#C>c88H+p0|r?kT}x(FbaCD3^TV(6REEusXJU8uf{JVr;>HY6yevjPvDM_KMU?z|W^O9o+)GiDJag?jfo~UN5f5J7x-iHO%T|aoIXx9=7 zVrQvGOEDbYz+{?;E%pi23H>DB;Lj5OO06$8vVw);Lt{LbT5i91uV5LZoZjpp(xP|u zrRs-`8x6NoV?YkUhd(CQRh$PyiLtDOiL7#V2lLYAPFK9Z1E=+drbm?$dwiF&7OBG-k!0yBQzIS6eV8rhh7YzticlojCNOgXq-D~;keSzvM zP4UA;qJ`-HB!b@UY7#`d|j1qFJRG~`BLlCX9Kk9nq>lE_)zMpzAzP)J( zhj(f(_LBydo#0)-3sFv%4|}R^yODO1e)EiM!R4-ehU~lZ+l3rt(4gll)5LUbR$pmR zf@A!iZmyigi0hn_eb*=pSX*8F3jAc`QWp$)B!b=5&_HUu6x4-vKGtb_xi-646<`$9 zGmICPFJH=Cg&^XNx5#r4l&HnZrO<3hfmEyVsonJ|kDWH%=ph0yl`TLr)N80!%tsCR z_La?M+-;@Z6<>s4Am%{rSus1riLKvWp8j=UF-s5B&+5FRvC{3!XV5|&jXwqpHiKcx z+S3ZBs;>>k(Q4=VB`TvsIE;+6%jTRnzi+1MFowlgrXy2IAc7z&{FKW+@5xYn>Z@h% zJ2E3Oa4FyhG(~U~d3~GVOV8q>WB(OU&@S#F=%@e6(q(-BJ$%K%P(0FK()R|s6*}d> zZZ&Z{Gmmqbz}<_>%XqD;UhgF8nKoe5(AaLItVXF>t;GhT@wGk@aO#XXVSt`Dm^aYF z-kG)M+ z`65+GIoqGZ0TG6WBK27j1z1sP zOcGFphR+ohQE85t+g_Z##6K~Te^2?Q&3r6$6{t1SzZlC#K1nY^Wb2c8Yy={5yL})2 z!$c#Yiu@)>d{~7q^7X!MID7zav~wYqZP`bmuSqUve>#dRG|kj~bgOB6Z&)|vuJ$yj zzrccU&1hFYo6_@;zYG%$VL#-7Kiq>a|GvqM@K-{-Ka|*M|QvD-$$FK1T&}?ZRpJ3-Y=ohqk&89 zm)TR$avRPj9X3D$M%QInsz;I&TCkUwMf6AXnzORn?ed#?1>}hHxr>1V%lf;u@{{_` zx6!6k0j#0T2U#M-b@*}pUSXtnx}N)W5w)x3GVJxD`z+}pu@A%(Q;`Z$V%c~kp~uk> zD8({fD0QJ2FpZJLCU%+KD-nIfs^hEd;tEA8(ZJ1LXQ<_>7DinrmHLMQ)JTd2%jaFN ztIqi|J;I)lMT)b?J-zN>aAE~dxqL0A?qTJ_T~93GSIIU%mi^^|4(r)fu$>)Z^zUDx)|>Whvonls?PQ6^9#vI$Zu2bVd5S_y?GCFn z28Zv4KZ3Ac!$i5g-{~BoaR8E3TsO;G$GS~NDHk%;XeZs!v>t_0LN<(z7z|oI9sY4W zQ6YV%FVs=5-hfr3;5EgYrIguT$_7gYBpk3q71JIZ?dE#S#f8;dF&_xey&iv&RQTyE zNN`+2^Az`Fc}yk-GPKUN?WP zDLF4S@_haW${gD-E`>VdUhv_1=!#6>;_;2B_wh%7e)OMWJLnVP7QJGF$uuLQ%_s9w zCKzzv`DBW)vB6&39LS@zG*P3Iq1I)pfcyh!yr4(%(|_}G-9EGVm8a%(|26LllYo#r zBqQ9eHDKETa}dL@%{Re`NyzKoum&3FiN$)e;n3lBL>W}u_<8cDDFJ51JgHZDv-Z75 zl?D=*VW*YH+T6t_K#NlkQ;d8aUuY9ET8sh&?^lHZF~EFsB+Ick0j9%2^Y}6L3!JQqVc6xZk)Dv37%e9D!QA?^4nV zOD$3;?CNI5aaCMPaIe?j^b+Aqf8G@#H!gUsNfq~1VvVhOrI)wLD^Z5{vM7Ls$ZR3r zQ`auL@=Vxf^K>XMg!S!S(k=y3^nJH{{L2iRee6`~vW|;cycX2vv z(}7s(YoUgMW-p7_meW)AioB*u?e(YFr}d|wMrGgmEoFq-UmPdO5+^b653RwqmpC>pZV zRK1O4##I!<9(4I5G$p=tK=$uQ0Uc&E_Z^=DtI9x581Cw&3Mq-~UFz0aFDr696AdZG z`s#r41pXbF&g8kR&6D*l`J?i9eKxCxjRzw6+AS9v8El-RBb0M%@}nk%anL7TMMMua zu3IP}Y*bd`{b~-_p@HiiJ;;6FnD&hyq<~rNlDDCs*iew3T*%@)EJN9yaJ8x9Ie_K+Y@?(XX10k(~7niJZI(py+B`Ton#U+g-ys{Ruac=ck&z^71x(tlid>|uec+xpEizPP559E#50*A3U~ zeI|WCC&ttLdN5iHlvjw6D9_Gnj$~C%&3Qf*dmk3&a*MMh__YIf+6Hg``SL>T25N_)M_iLB}NNn)kuRuFz=&!_iY$ZH_-aq&{ za(YSU3}&K_Eq2py22}IAE5PILFiovszHGVt>ri1ob{$92%k0G-R?b2*Xo8Wrp1xr~ zt$Im&>3~-RE_u4ym1sw#S|Ml&c4_|!C32Cee#|I(eOwoJAFc2rx-dV#x_+C7$^ z@zQSlQ!R@y=vUBRqOFZO+*fnXS6g3pNNO+z5|J%<`{pO4q)^3qx zC=9s_xE@cJUCq+9HyyF4Np}gqJK5+tjkML`2Uf~r)(AcL-tkhE{8{m67BN? zC^e2uS1;9HlZ4rQEz?;uUsVF0_Yz}uo}#X(+&;mLml%FRCon``q+6OWtVtl7TC z)m`Fgv0JJLZ4UXA9x|P!2&Iwwl0K08ou8p%^bgvjHKH9L%T+4`D&*Bh?Vu~rWFMWg zM-Te$PF1&kmVfQ+Z$I!X#`OgM10h-hE3~WhYW~T66 zr&w1`b0_Oms?xKh+;q`1FH!pp^aAHwEE`8f`kb`y@muhN8cq{k*V0e-uGp)?M3!rs4fQ8>$V78kq&Ka8I6BBN+|`H0dW zm$9=bd67DFH~+})KxZ7tHAkSa+U0J9v-@6Ltv``@Pd5pD`7pB37Pa6ieKXR{S|uer zNds5K28T6IV%IhOo zNumWv?J^6A{S`34+Csmyzx%-=nJ zBNc$;e}fa|%zjCh%{tvRSKoYkm3d&+Cu$|J#b8Fq5l_iQa?y6nV=ciMq-@}Iu$gqx zBK{~n0V(qjevh6`$p=eNgP~?O1aqi)+S?ml=Iny+BeTqhgpE8su>!Ac8H4_o&EHxs zQNfz7sKq}=7n==%&3WzS!fTJvvuaja>gYeQEn9S!vl{3hUma2@>6$Nnwe(NzJ1CL? zfPI8P?gzA0+R+!`T`8Uu;1BuoK{2a7J;0hw$(3 zV^{l3ayibasX6`2xvaa93{itWs&&zOqFPV7&z3;qXWN5&=#~5y;IqEM1+mj7P0D+Y zGDjoR0Rgirl&3c)PqW#4ZtNz+fKIDBc(g)Sc0OLcVBglQGC%!_ZdZu9ID{Q>sk{RnQ;xTFPG zB!WbL*^C&Z0Q%ZU1>qKIjc+8X;T$Eu*EmConI*c!_xy!dl!WtP9&_LW5)XBy{94IM zy&@A6B69LLmQzHR&(h1Yn5qlQc`QQ{-u@$usY?xRiL$ghX_Q;bAAHh1I(;mbq>a3d zVpjcujeNS+zanJNo zV}MJG^$hp>D8-#Kl#?PC($?NUqON5_U z)3uKW!bjGvu13>KmxV4z3@JEnN7yrpN7#;gpWpc$2|^AnF*DZxod{B;vwnCcQ(@O1 zQL9!{UiHZ@tS8m_OU0>?432!retHoPAlJ;ME>isb_CE5~+$$#Jst;d$_(Qoq1<5wG zZyggd8+$o_);1Slg%=%H^2-k3syjXS2C%V>#iY4fSu4l1y4^_`)0ZB0ed;?p3sD_K z&}0*O`a&OH&eRPu|n4uX^5P4l)n?=MH(#c(u#80G3*yG(hPNlYwu zxc6e?gI2@jNt?&csXEOp7BdSu(5qVZlKUk5X@eaTAf`s1@uGh212FZTYih0CdXvD% z6cgPX)2=bQ$mJ{eaiVYB?yIQRVcgcQaLaun0YcI~lu46LPl`0q19A;F8lgrNIhb@e zu`uYK(wEoc<^${|E^8gqr{uhvcp=O&P8&na+B#G0hO*)I)C9EYzXDZbWqzF4SCSij z@({{-&nE$=?TT^cB1JV!QkQnu=8$Wm*BFzK{o#PkEKN9zp?V)yRoG0)Pc=XbefT2U|!t(-QOV~{n-g%ZH10o(>~4p{3#;l?LS$sea+91pq5O+RSE`{ zf38whesm;XR>I%U$V=z~daj%JAD@g?h#BUy3HeIdUXEO4E!gvD8|#J7H})$;l!A{{#|G{=Fh4nzQ^Vm*6)+gN=5 zrcLe!%(nbofur*A?oegQECyQKcf-u4TY zhlWwa^X$NsSMhItM>Tu$X3)v{_cy625#5K5JItM-305u4222-$XslFnM>|0qG`+ml z=m(%q&j%9)BUpQy9kHEh^AmwL7FE@Z2Ya<*hBV1QQwu9|FoPQ~99?Gs<}!|UoaVRu zQD*U$wGWRP+5b=O{5V?`pdm&r*6hgazp}P}DsWOoaqK;MIQw)50Kyud7ag>2wjb{F z=u2hJ^6^MLQeFvFjx6+HZhbW*N1u&`LAnJqydxXP_^305qY6Yn$&O5ZMs-se~s3LBY6DSPC~?_+4}!evBMZP=Z)-=w3pVv%L6@q@~ZbZi&zNgs04un*m) zdjG|iicg70F+o8;owwuLdg)A(Wx1U%VjO7S62%ZP3^{iVY@Kdnr@b-E#Tj~K*9uQ_ z*oqDoh7moNF}Ne-$z#M7+noyf&40~#e;CK@tRD7$_2brafww9;4=8_dotw~V9uj!T z5X7W!^?9z_j$RkbcAiuGJ;jlG{A)JM5x#v^2yEvK#UiK5?nAfAGFHmZEAs6nzxOJU z-cqqAMv~qD3ZO{q8HX;kT;fM1OKT2A7d41c`q9iGmXin^LX zJW2(#{7?TE`#O{oUk$lKxcaLN(6Jeo2N;~lBWsD25|=+YbMhs$yuHU0*fF5wXN6~kiPnYB#}C19?5XqIY0A;k1hzl=t zu4&^elOHEyuh8t|Ry&M5%&gA{QqnV&s7P_6NLViA}Fdz5@f`ryN-$ zKjj=Q1S1TBP^H3B)1%Zj)I{I#oUuT_HuIS<3KJ7I31S%SOE-Sj>q$bDPhrAmQ@BL$ z$|u?l`zM<})n)ib=?P>~IxnyR?Si?Qr;e&G_I*U%pZY zklLBw++@cU>PzWW9TCu1BQajsqi**RXQsUZi*j60jQAliDI!IAaW%uohedPP4gWj% z$^5b;RDV9R)2ThNKhNo)sP=f;dhEg(zCUBq^0c{Sx8WGGWuP=xx`BU)l!qtmTv@y= z1X9;u^(P*EO3f2Ug);wk!`w5A8R*aGNi1YE_o-+9tP>c{8fHHHr83LJ`C@9pjV92m zhK`k0@1TZvu-;vU7{6FFdF`-?LNf?*8s1LQDS-O0hdyHY{T=_VkH?AL$YRM4d`$Wy z(YBqn4g?S%_kM*7`_Z{**t1<6AypR&Le{+`Z|R^TSsZW%tLDyr<(bQuWY@hzLDpp| zj?ovg`L`u<)9)bgj;NoJC{OT7#f3m~MKu^-b&{G#Ws!y@?hhzeu(~EoE5n0zh|Ma7G|nU_3BViP^^+Zvmtu=d=J5XM`Gj@ zLM5-S9+m&)Q<4#{|A$X)(o+l^W=C;09HH2GNWLmq`Tzp~L~N$e4*wE@&!C}!7NUm2 zBoPf+u9Njq4CgEahwC@f_6y4KGVbw^bR(1*OhURpAwo@$Jt<)+@~syb!28$B!u;W< zCbEZgz9Y=^GtJV4hY2+E0coDo>^ntngea;q>(V=p@UeS@wpUMmecAE{fI8&3nJC&l z9mw@rT*6t<;CG}PaiJI~^=%jGbLzz2#ooVUx;UiGnCMxL5f;oo6J7=Jq&1P; z-RQ#%gBw+bNG-R_A0S-HZAWHY{BdUmx~L5 zPi?X3zv+AL@e`YrGA;goxtrjoN<^}l|6nkvJNZ3NyaJhLp6~nZkxO25Vt0sqVD`R^JdTgND@F^^{VAs-F;zFCUPJ(n^!0&d*T&i?1YC`^T!+(|(>l8@_Sd8+ zT7gdtI)4+of89rt2)Gf+8hn2=R?BbJwS1^4iFzGG)qgXfy?Xl#0AT5@RxIU)N#U4xRBlj)sC z)aqu=9*Bk2*Nn)7>$AzIfyY6(V3*?6XnH7!m^R0y)y3j$KADjh zHFS$KP?LdO`ciakO9nWPSALbtLcp8*r$dH)t^*JC3rFtdk8(AyWxgH*G<_H0V{G+D zq2_ZAT*D=4oOCp*@)G68tshk1u`{A3%?CtgzNQf7{MxT#$|R!Go)G_$HG4d@1B0`7 zp!0VL!_T7v5uZ>pen->&nd)pFYb;Y{C9`9MA(HZt|1%gvrPruUU z2xAT8ZQ9|A3~I@IaM1=N>V-B1)&Ti_MCSF%KW6u^FG(?I`guQyVB3kZ5f~ewU>O^e zEKMRby%X!p&`dpx|B3Xz&ic+kqjbQ%Okc<%@f#0#IjhASw?Fajns;MI&vfNV0wywo zd#fm9s?m{G$tw*mgqr^y@0lDQ#z{V;J7=xwdF3hf6Q^FX4&`wwJ?c$t1^?y%nUI%u z0X-TtOl833Qir{TN*H6i<{@!&Y3Gl0IaX(MU&VUc2M;^I8?+Iv3j3HuiZ-xq2ae7U zDzZYF)$ix68{af-)gn9;i-y_=)sgRX6)u`~@9Z3^Y|@@ndAvNhSi<%W`aEPLx~C#-Zw zHs>1G@3~~@#UhNAbg$XzyXfF) z2&*!er4s5we1skYo-Sr@Q8I?v*o*ZUhsdZ3PJATCnW@cs~ z@If*sJ$m3Fv#K&FD{D*3V)zH&^_xDoy%91Hx+NsL3BG_?no{3$OFvhQyNK8fB3egu zao*d#`MgIoO-N2dC9rF)&4)k~Ap3mwLZ#W1@p;ID*OC8u6P|pU0FroSWQ!4)b8QHb z+E{D7kESG*e=AR5s^0|+zsAFNBU{By3yF()b8%Ee>VoAO9wlOd$go{R<3Q2&Dfl3o zA=^bCLu)s3wt&j%>x;B6Ut-+0$5u}_NBpO{CQIa8PB#=p{I8SMcIf~0lmFo;|6T#k z>EqW=FQ0>$lnWgtE=20Ny%i&3pjJvtTP#nETSjR3!|aH1yj=Tnw#(;PEpPe~N2&Lf zv?5||6uNy73(_?*C_~9>=TZGPQgYt$+v))Bebio@?lEg}@}-5h8AlQDt94Q$L`q6p ztWl=u&+)`+y8;)t_D6V0_7HPn{Cp{rlX}9r=<3W*MBZpW1C9T&w12%4!}(Xz?~htA zV9{M`ppL_D(ucgBryN15N2`@Zrm(_2r4;=@EUp>dulDOh`7u!0G8{g+{;gT0#X;gD zMI-!smALc$nthGT(Y6wvi&2H?#qyAW9hyUg>m5ysUdw^JYr>fM{E zj>Do5Dw2sKx?hLqwxy+|$8;FIy}c_#X-xi*4}pQ8(SVl4pMJIc0zLl`b=f|D5_qxFq!*oj0dr%1yS)u^3uyl34HT`}JNWRkW{)h|{ zTu_vR!OJi21yEC1lM5@%!oRTOQ-~wYs%|e**^Uc09=-qQwek?|Kr&ATJQ>_mll!62wq9m2^PWzfZ zq_tJxV4)2^CMIU^*RL{M_5sPL@-~oFizccR9}h(u6Zbh4#NTU-MvOU37BvQ@{^V#ssctb zp^{3FoE7U}5otDN+4adDwHaHRZx1pM$AAd8Z=BWDRROO<^3=4nlOd+U=X^+2RTbFK zAeArV@jM#o{wU}P-}u6po16Rk?|(V+yT-=G>xWDfR>9DO#^e7;l|DGiWBqe~PhX}5 z>Qo!HasQ|L%KqQ(i&KrPEHj~%WR8zSLV@BH&qHM8T>;~>eL)^TWIn%2BCX`NbLB3< z(I*|k|AQ#6AH{U3^pSz_HK)+ue)GEmQ)RLRG%Jq?w;By}tNc4t_|O*tF#~ymmC_@V zVW!tzFp5XSx9T5o$;>|J>Sn3EhEMSdPD#OivX~A-!NwsZ>|??${r2rl0qIC!JpF%p z&_6daI>+W;e%`5mI*1TI_?uL-JRzd8q8TV16aP_}ggkt38{*HU-0mgyw?__#Z4^A4 zf<*6LC5i(F$12+)p-`72R7Q;KzWmCUk*vn(N1l@A-6izl4uB+&sFGywq%!H~BJ0m# zl!u2To2IWRXeL)Iy2bG7$1QDbZ3O~u->+Ko|})tIYC;ypy`s z0yc^hxF z!HbH&>M-9e3r8%{bl|Yj8%5tDul3r|%lxc`$w^(_urf2FadC0AIut!*a1K93T+)fbmnum5l&iA~X0$O5%k6To(FI(o~>w!Gw7-xWv9!R0i`Z3s>o zby@}%fR0ByF2>u?v*8Uimu=M>7*(><-hE$O@x=w)`XGe#!&D|LtfGUM%^m|bmW*Qcp;b?{mp-Wu9Cv_BR zB^tTEQ^G?M_|mc&Md@r~&noiHVy@izB0tupK3B~sX>l8Uit7ED2y(YX$MptUM+`ng z48ouU>=YvXQW)F>BUpI}#d28v?M0heeHxO_nG@{I)N*8yIzW~7^l%h(|NUio`ND;> zhfJkTbx~#I2nxMXr!Qe~adE5n32lLR&=|@)T*=pUuOc5%uuCK!e6t0Ap;(ASX68yi z2l@YX1UNnUmyK+M6=Oy%1%waaxzs5P5>aL)lIU{Cp(T-OHafB@(0bD~D#IJot2uk3 zaecJK^dv;hdmRALn5?>A`=q@)P(>ZLdRMfQY9V%M zZ{-*bKff+O17sK-Hvnd?7#x36186+fNt0zdpRuQ3?JEp({P;iCKNuDDZ$}z+ADoY^+Va^wz^W^DBwRbCf-^Ch_Gl9*y zZZB9o47iLP;eICmoz8U6mO_$(+W|K^_ylC?Wi>D|w$<|P=>(zJo4AR(|J^JlrZgS8_w7W;#TSq?|H37^m~t# z+7p%^uhW)2Z5PK{H^yDx5O4gBb9TD1vX~{P4S4c=+v5jdgeXRc=nCcTK>W|!7lwU1s@8@SW_NcYlNwtjL_sT$SRIo&0d9W-Ev`iId z6}48T9poK@DBM)Uz4qmV6?$@0+r`5i2vUi1jpF{t~7C4Da|840Z%9Vj3NA^iym8G_cc#F z48(s6nG9jr^fv4M@-@ct%c?|nn>gBRUx5@d1mS@p*gMdqI(?b;nI1pZZocQ()U;NKZa}yZChaG%_&OiBji0^t#aw4j#*4$Vwf0_aqf`9Vtn|<8_6ukIyq1!OCSo zry@0)V+2ldUz!D$P40M9@L>+B@2ZJfuMcY?*V&qv(8YFBX9|q@C0HDu^=le6OQ0sYX%b}XxRg2UV zv)>iMRiov?BkW9+|t(fPf{L;|CCCw!1|Hv*j<7URmS5Jg#(7cD%{Zu}6 zTi@Q^LU^dM4x;sTPI?3z9|9?flqp|l-R=VLkIBYJgi4|+>`N`MXt$IhxBZ%RHa2ux zc$pwvpA&$fqaeHcEv~TDg`Z%wR+e1p_ut8W$G9M5J&xhP2<|0Q-X`_p|NCboPvX<$dZ z0}=Gt0=gzFNgmWH?1{97ttLc~=UQue!+KOJynPpYeB zr(NAcT+gZa(Q}{LBC2%FwFU#j=XXh40~lVDW!`jOU6n*$SuESxB(wYx{=Jmd~2l^)KUCUg46IOY-k|SK>C>mEljFgWZ37 zU){U8Gg#dro4MuLAFa>|{K`hWV%%dykH)m36 zs8oU1?59&j20n$;c0J)Z*1J_qp)9L5hZT=bQ{nG^f62_u?4Q~dfllnaKf@O2v)-RD z2@3FQw4cSh*oSVXp}fyXOY2F}c}{+{Y7DwZdT4TgXHQEqu@$e zAXYk6*;CEnLTq2*ppa+%i;zdwx2^5Xd_Q!d61i|5<}XpJyFKWg5(eo6He5p^(lO!9 zy;y@=!PgKoQDt)e*m*Uw_qM;2)kLnPmCy%T9aZx zwOf6AAC0;ZO2!9_*P6wN;O@TK(#M#2@Uc)hOKL%^KxByh?Ke2*tF`_vDo7=*pYi%; zK*7JQv61sx&a1cASoXCS25WM=e$$WpK*G9pGq~Q!Kn0KW4YWSk+g7ihKG-KN^Q3ce z{P^xAB53bdA-}=+&}4}C<%E=+di7^*0Gv)TpPp&Nu8X2~DlsuyL9)68E+QwagJ!ym z>iN{I91<^pJGaJihE0^*cr@J)P2+!x*%hDf)*`;Jd*-rz7Kzqv&!39B}(BK{|`WpZBxu*SW9WmiMn_`2k z#P1a>L-Lwc{MwaT-J9XkhEM!R6b{wuWr~)8qLB<=?wjnWd;@j|smRc4tRz4CgSA1NTSp$l(WXmbccnU$h9crB~t$ug_9g(nfTzxy^PENX=Rjb1)Ujd7*gw`J77J+EWbFT>9q=y518MzUV%5(rJ;>agsK?*H*sx5)JQ! z+Db|@a{K0Z=}%!r#|x}~s0ttpq#9l9xZ?8Nz-et4AT$)ey#La`<=snx*g?swXoC&| zK^^boz{Fv#+?EPlQ+JsRy5zz){Phj!N6eC_H#qX*l{zb84HMQ{|Kvj&#_7=UivLU# zn3s35?pL3E;KE%b!C@4Fi^ksol0Z9xBF~qvdw--%m>8%SMB=r8|&kt|2 z5Z@_Hz|k6?%?yD1X{&S7l_oE#YP3*XdSfi&ICm$a*0-Yz6ou}akQa{D&_a7!;O_)s zWPb?|fN5oGvfZ8H+N0(~aN#p4Fg``VJa3B^2Km0uPy+B*s<>^$ZiaE&E<(JenF#(i zoVZ9T*3i*!-EzWmqe{vQ(}#)pMcr#j&dRQ3KtG*2-<&&c*ocG zQ|(QchjI|fX%Y|6%-eK11>uH*!C zbc#`~Ib^w%twkf^4BFh|1?fHz{bG>V(;#eYY~?1ZYbr}Fi4;QVth+iJ7Cj`f5@RC)VPCx^S45UB- z=9bHiF=$u*w96ocy4&hjP@}SIf!I2}#u9;B1LO5qJL|Sn%Yo@b#$ftG

      x^Jq{CDHF1$dRCi&Eaf{#>(yKs*0R)|`2#N3U^15md zy*!J}BrV?PI@r9Mho-zS>vgm?EK_Y!o(w6&S~ zS_uJaNvhQnxqHMhf`Rl1MAGA-{Yor?yqNk6Cvb(8m$TGP6?;NL{@ABiZRI z#*ee8uP*jTyFP$zdPaxC^IL>ib9guRd6dLVyU#H8NeeG_oc=U>bVsBAcX<-7D~k88 zv({=)2YzXHBd~_Z@cBq8)+sN&T1URPF%6Pw`n-F(-7DKY_$#0f<+9-}EJ3VmSY`5? z$NpPUc+0_E6rC!(%#HaoAgDiCeR=IuDSeC-#Z&+X;O9^IFM+e;`BXGCM_`c}L(A9y z;u-yy%{{-`gln~?qj2;^puOaVIj=?ZM$ZFr$j%ud^D-cQIrtZ-T4f*VnC*G^kd%9q zDILtLSeNHPiFM3XzUKq!MNI;M0TFcYkucDn-x0uzJ2b-RgVsjuKu$$>Fv8>T|aBT%edPS5b!- zD8xd7e+IC68&OmZ94!Z)Z2LVt+HH%q`l$vdEi2PAF5=9*B}Lz%;_4@Z%ZekKMJ1hd zCN~tUM1f`1u2`LY);ZmK%k4=wfl)n4Bj zU80S#R5rj=Uv8JI5{`BifPP3SmH~%=92%7R!JFAK22ucOu{QPgS5J)f2{q@{7M`dY0dj7Pp|72k2c)QPqXh=U_=h3Z;Z%uPRc|uOMOs*)wX+m8seI>=#}MTa*K~! zzuESAW4O-EOuQSw;D^EeskS=YUX+N=rKGkr@tQn^#TxXeupjc#lWeRK>gK)`X!1xx zY)C*fh&yb2=)HMVJ=(CpO4sRFrL2`sRbtz5th#6J!^9n|cO`awS(v0^aJhc}WgThy zgpCHUB~Ii>5no(#=og;Jr(BiK)ywoE7vA1Wx_e3MX+909AlaTGV%+PebDjUpD}b|# zyReUq+%vBuQzVYw@3ou696|$YWHQ_$hv0(PUrC5PtPXe5#44VMS@XG9e=?xi1FP+2 zd-e!CnGU%$K`*c8&S zM9XUOo|sIRy&nTi^{kIOr{65yr$HYFq+EqMEsddw!MVOYnY>Cj;Ae;-YP@K3kx9{K6{sQII~Z%WWe}KY{J%SK`~Ijx*AZ z?g%shGB%%;YNdANL)&tUkU zdwi*XGBP!1l^aHm&Aa{G(HkYjtm*SrHTS>bV=*{t7n)+^1ik`|C6^w%$iLsB>`BTe2w*!wvko2$|qV)bk1dXNh);#%% z-SEDV=jS~_-Jlbz?|XTP-Zceh@}C4QQvw-3FelAQg+)NktN4T%!sj6|POjvA4k7BJ{svo@xq}ojK;7tAIx#70DIeaVbt|vx>~*W|qS3LyCIl7P8)37VU2pyR;qv zd}~U(V5GmYc@YokGUH8(G27mUG)Fa)Z1NLM_jf1_zgN#Ub>PB-`kZVwu}NSXiMFnz zorbi8y?nI1+Y`k=XMcxn{h0OFYft?9(j?-v9><~z4{qHgvB@ui3itHaO$+D|%P&k` z6%u#<;PCnjt2?)e-pH3AdH-1yFQS#cGqZ~QJcMG|r3ESPy1iS4;tkO`B%cyD9CyLz z@6g8Zto1uxsK`W<6$almc280AHKcy4X2{W`rixhZ<=+J^w&3~g!Nc!au6Stvjb3bx znH6z1lPcfi4tFL#cmx-2kSwnL4*fMmZlOdItQTfyn7OH;zl-v~mB&(|?3uKs5Y|P1 zF<`l-D7`O#xH~I0#yKJsgS3uf3X!F_KbN#wdJyd@#!+CRk)Sk_l{Vl!j*;Hqs$i1p6wF z`(o_bqKm|YEH_Lr944{2 zUV1)T`_C=cFT8tvZ~rOI-a6LNr@({z%JRnhPon>Hl9Q=~G4pXlLz zL8>SEcp(@E-nE&614DfgJLOoue%N_;-wDBMg!$A>iU1xm9(UN|GV09N`rrz(6RU?0 z<5hEm37=06Zq7m{5q@{eel@)V`EUN1x{Li!&y>!2+a*-^A7NEe{zh^LVKdw~>4kmH zZv+>K9#eSAC~H3wxxa>V?8qi*b*;hLI*GC*#i~f^&MJGZ!NJ;Q^P=U(0EhBDu9Ts@ z>42{n)?CcP*UIEx0b+-8Hzo-Oc*wH8q}(6i$555*!4V){lZnqO!tsF?a4FLN0U6hI+hm z4oG{{vDe*LLFgmwP?||=!rm-Pe{zYNsSo0>_NZcu)nw|jJz%3I>`b3F;eoX7V%L~k zZT7A?s&=B0j;55c|?xuc41e1={z2EniF@VRJE8-c8jrEeIdVuj_p? zdND_9ore<~9C!VFRC2#1d(Y?%JD=U{xm0|nHDb_)J1C{Rs5hSqKGRTwMG!oL9&a`lFWH`ZIsfZ{b>Mw2NZa|CKEg z0PTgcSJSnc=QTVwNQWL+re97^;-)83Y7dJ%*CT{Lse$-@?os^5+3fS=Hpo$MOL)L5 z^sgED{na4N+jisA`J`zpCeH1*v2Xp0TnSKWKsZUznc2(1^p+HY(cye4%&-QN{qYQ5 z`r}iXo)V|07ZB$%*4KNHi~D)1_VI|_W-9dT#pmvoRWGcAo-x4)gypbhmzTFDuK5&M zxys*Ca#UPwsb2aspq$fobqokO$#Hb{YX+FaPd$;aPD9mePXJbVjE3O3-c#71ow4=z zaVrXupnqWRQFm@$xOIH0}9OQ!4V$?Xm9SgLe0_@V0MLBGSbMvvbuyRxjLQxry z1Ya7bf~d?2eFTL((a=DO!>g{xK8pk%(#Z^A5s|3g%o-IHLcpan?RBXys_u_N%&;F_ zL2K&+kLy~})^41_f>6Wp0>cQF$sKQtYfWtyF!(mJ-&vsRrP0Gk#8gptUD!waV-7zn zt%U~-5!dddGid&>{ZDtE1m{*C>8T>+-}`(Q0k~ihkS90E_Z|vvdVOF;FejO+z&_un z{0-CBXOpdS4bMVlI=x@3_2hn}iF1X*X>cuFIIk#^)e% z3Ey29!r1FvA)6pjN?MB%GHwV?;spm?SO_Rvp}5^)nddqFta3JmChT|IE5I!^n;?4e zv-jWt$^^HgESqZz zZcvk4@44ufZIAS|PEPh{K%_TQA64@J;;fo$LY0sL)J|G{IBMlGoS2?`POd#8bz+&OFI%JjjYo+h;nHfbvF?zdhVj|!Sxr_S(!8%y9{d>@8 zs?E2#Mqty&h4&WfIo^_t1&?bpZ^e2dO%{iowE&O;$%O5{O|Z`!IGr%TEV|9a>u>KN zxBxUB@iV8ozElW`PrDCA%Cf?{hO@PClKEb`S1;DO_ZvFc1pa_WN`O)C7dYVR?Td}B z_fmWws`{`uNdfJ&JPAsN>UyrOnFo+py~4=JweK`+baQ>z4eaWfYim+Fy>E@YUMx(P zMw*}5Y?c}j06XpOkQamp|G&(#M@r6uay^qd9M)w^mmt1BcI0|KTw;Gi-zNxS1L5;F zAa3a9+0Mc=NK7iS=g3p|H9dcRd*DL#ehLWCEbv%znvbF)3Us`Q(I57J&VnD8o|!8R z+7w%fzPiTy(`^9k!Ov{9rWR%|G@2n-ZwyNuZ%38@Ah2v%n>@W`p4#DQwf>A$qkR3_ zS%JJ%3sursT(_@=QkNiCF#p)_3a1mvJ(hfU#QlvH`ry2`$K_pj)U>a} z#ciotF&g3^4u-J`Hge*d9ic0}yanuD+9osm*2pmtErp zBW|I^&{Z*Of@Ay|&ma1re>tH;gt;y|!|KyE`0Oba(uI0h0Gz=;SK5J)2=DO`>O{uQ zc3tZK`Q<-qaI4HS~eLi!=M>T zaeH4q{yKHoCn-4h}ILo+N-1^VMj-70zuyhE?~D`#qV3P ziR65u(+Js&Y3_Eex;tHoN)_xkhCVGTrx*-hZ8;c;L5mxs) zC%HyM4r1y{;X@?hnDpl5FL<*-Y{jB;!{?Fv>&Fvkb;(L7wJIQ-@}AoDMyL&b1IK3l zLMjlSlS}j6OL5#QB0NffZ3^ROmFKoBBitn@JEq4-_$$@SnWuUY3?2hpQGm&V!?a(J z^rupp;lWl6fhO|sw6h?#A7W@p%5H7zxJXAtXZ6Fo&e#3{^;;QfVLw8eh0$t_40i~R zjrqUe+~wi2%vMCw1fjw?a8i0Z`nyg zgb9-4IUM31=*wKVz_P_&8qVvZlkhcW!wugoOr(vskrJlHabv)*2uE_Bk?9aZlJNlx zoAGs-WxDz0dec+d0&JP_-P5idn-`6{aaiNL)!mvQe%Z)dGB*M+3zdXB)6JD3D z+Z%ne1TLfVwvPya5ddnsKjQw%98?O|p7ezMd*F!$1v!KNTt+_Z{@pWF$A(kd?fu>g zl#p@o>>KnA5}Vc1CtOZiTY;J>W3ydBpZDp%7O(CQN}UQ{Uqgh?m@|ZM=IDpITj_p} zUHAAtJZKHgeg^`ICaXleN1pmfm=#ucVs(}pzXVBKnRnMXBcz9gZ;c-v0-0&oC*1bV zucBI|s02txfK8fpqVk8}%0uN^6;g2U;T9H6bU2g zhY-Vw*v}sSv#($uc&f$0ZeP&;DF6P|QQ94UyVOp7Ge}OMR7+|CBS( zN)kOI?X;u8ZpNIp5@sQmBW$gjnu6K9%E(zT=BHSMVYNYV6>>(nTLdVFWojr*d{WVqJtG3`pyj;lm6vMlV)YCSN$0~c>Ls#P-O{n3csIEvGEB&^H z{pd#7s7MUHL;Y|iyUfI$sP~&jMUls!XxRS@RufngK}Z;WwXF_0N2^U^TP-MQeH=Aw z(R4J*665e!)(OwgS&=k#@`=!Yd_X(Y4RRkh?Wgut!)LSXC`qI$a+{PH0;}d39>@nTAu8#yL^HsVlX>a=owz{@mz?bSjyzJws*M4a6UNZ`Hkxx>+!!8~YLxLh27=*i&!L{Q{;)z2Wljyumhg zhKTGYJ>_Day(`>XIz2U=W1^#!BqgEIF);o#XnfSbZd2qH6;V!>>bK*d7AVobD^;6F zY+{*(oTO2aefqaggP!F2X^>`@B1!#mdk&COMgJLf*L{Gc(>>1m2|y=$f%$1N#)f8| z#WTtxAi_Jpd4mdAdF-6+lle0o$!m@N|H!|G+P96fR2M%-k7o-0k(UQr0H5cZ^`mF+ zWY@=^iUjW0EeXvpfFCoJ-4M_!qt-F-6fTKPTiJV|g;s~<5!c_H@V3f=rKt!3c!GB& zVJ57MMqqT`(&!kKM92MfLnwSSR4PxPiwxA=ir8#s%!y_kTinRBm3jk0E(LewqDl=y zUUByha!g{OcR9$loKGMouk=HC#>XVW_c2;XZ8xC{zlnqGULTfdLIY^XxKq>W&x$;e zc5uB-1;wzs0&vXjQc5FK#{996zQW_?5*my>heMzMT3x(_-$0U}`XlM*afeeq(W((& zM%N1OjhSxP*`Rt^4Fu|w1w(`;dM5rsN}P24K3s)u2s9rz;RYD@?8R~lEmog*)P!EN zWl9b2TmF}W&F4xn6-E0#c{iYJjFkl9j!*Q=%Gu&uCWpT%*fL>Ju<{GVFMJuU z2H8^^5zgwE(J#?F0C^KIO>}s9boLSVx124>`7&JqG|B^lf}n)osL}tZn2jlfDGge{ zUKEc$Xf_@TX`}tmHV%w#4531hrb&GNhZFI4cSm0a0X^a3UM8n%bmH?91~_YTgA#aZ zW*G>I1qWZ3tmZQEdv2IXi=Teu5BqoIzo-e8i5WfBL5JNs1e0MCexcd~;o zxk+ULE~}y64WHdRYkndK2L(*zV@REwsu;L6%}rJBc96rY87b{38{F4$n~iFF8tfY^ z5wAyBg;k79CCO4UdF$p5n71woEdHTC;c#T%^lMcNF>h9XbR7(@7>3x|N8g?@qZaB( z)txte@+j&-=B9whv6D$G`Y1<0O|(*NZ9%$H0w{3ro3s zux^K-(Mq%^5g(G1k^Jdf`~*BNtel)d-@n80xg3WAE|?F7hFNDBK)=91({hO^Fqp_+ zi%}R-Fm1iTi39-i{d9uSRV&pwEHnG}SAeR5ERFFWGl@z&pv`lSM+@7?_XEwmvTl3s znIqnBT<%-ZIf9KHa5Fn8YIo|96=^7}j@h3uf4i>?(y}l3tYm-taHE9=mW=p@u91J* zYXDg~=H2v`)f*d4`-%Q5eoVVBS>lS)LX(3YXFDc!| z*>qJ`ur484;<$V{9Rc`a74v7vcP2yGev%+cNtc*+pV2IjE|jN4#}7+pL^YFapK0No zuyL4Jc6yBfu;|J~Q&0V>F0S^6(%2n4N$47?D9TI_h1({xv1B6b>;v*5$Hj+=VLX0c~8yHvyQ%u%pmxCEcVa20`kA66CK7>z*l>AWi&Kpry`$ zBk72;ea%d$zArEQvLRch6q>@4$@c5Eels$lRCw4lEYVm&K;twV$2`oKRE9Ea#T|UG zW_hDx`c(ZWhIs@VD-4PO>yAP4(vYD#kRPR`J%j2yTA9%2CFa)BKmD>2VB-`4?t?5s zr4|<(p)c7oanwZyZF~{5!0CqpKsSs}3OZO9dJsBZE@%?V^+F^7lo3#V166)t#Vyf9 zy%UVF&7ZF{o_N37RrsNrq%S#XN<8@D74pSYkAQ5ytjVEl9F29%%g1nGP)Pq&W?n$Pjs!aH1! zbx@KU2#rfBICEuINlEhgCkZw=jreY{=S8A66!yR7oMH(>f#6x9Rjgf`xNN$VD^}4m zf3G5dT;Z3M`LO0)WcwJvq`PJv^~{yRD!CwsH$YqsZ14_Rm?cb2m@Y;`2G6!FmHt(UeIFFr1`+TgfQ z3W>WYAop_rtmf?{@fjWyIcCKo!zfqM=knh9f{twaK(IeUBAANZ=ncozQ&5ye7`6(7 zY;;ttJ1~Z`Eo@8zR%pZO{FzET9gGjnQJx($Nn@^KR_@^r_(te zO9(3wtH~32_zu(~9dV@oiC_Kbr^=EGp^yh6KeM3ZEIe;$)Ix}`&syYCF0{zr3~!JJ z={MRREe*bJ0Y&1rFRg&WzA&fQnPPvxF&N6#fL{#7=xU5dz~fck(V(TlSmXmL*BeM5 zM@nNZoq^%vVW6)m^8z(06O5aMxHEFM!}Q}%u;AxwCc^6=bjRzgszMm{J|6pcCPuuS_M5(q)t{#|6Dmh!u$AaLXp5&?A{h_pmkLUu z7&qFF3n}mf&N}(@J) zK@rT@3X+WcCr-dvwKAXaD;4kv;!#dwIM!0v8&Haz57&E#?syU)DIq ziQ&bxg3*5Y*oJO(ppl=c96KsLe?5m2vRTHO9_5w8J*@^m^{+?;3}rTK%;mTnG0(S7q#Lx z+VkqTmgfW7;j&MVaT^nj)K{R@d455 zS_;O+mH$_@>Z$;-<$@LW)t<%ekm|EoWWrzXgByM#o|*Mn(}J zLJ*}w+(?>stI0I5f{ieJm2E7SpoHWmXxrLoDf2_q&})BkTwoRFQ8oEBWvsU1i@Igk z$S?jC=-Uu0E3>Cjk>o6dXL3YV+gWqBWP~3G0==g)-fS3uz1%XwZ{TKTMu5?UE%Ur?hHI* zYg1Y=@eE&BASoRODEP+O{y*dNX zbPhS5=-u0divD)8N%j)NDy3PJmVCEyzE^L_K+Y_*Bh@p(W{c30X?wYMLrYA6UEX`j z!RELtFw;Y%PykPpg%^jRc`NKev-SyXFzwSpy9@lOlsBSlrWiRo{q5fcj4G>PBC3jnGB3{Sx_SLmb zZ`RX8xwJEESc!q{?5ZDEM0}Xvk!k+c>1T4VJHRM$}|Wx6@%gyXZ5A|kL39GKWOw|1EGuiqz*_T0~F z;$4`!>%aKQch=>SBc?Y(_Q;J~U@fsUk$v)K2$y}dO^jeXcj9Rr|F|L)WcIDj24k~% z5S+s`JlGj-d5}*CN6a@$%5>cQeziHWN{zkyn}sxbqgT#~W8O)B72LAXK?mHLO^{ii zaV}lB0fZ_QNCwvZNoWoboJzlVGb3j;vRsz3Jit!Wzwt~u(*(vt*Awl0{P`%cX7Sha zF85E`~w-1!Z8zh(gv}a z^*ZXEaX|0~r(FK%Rqooyantw`?K?NQh8Qg~s1F_S$gCCv*w7`NpY9@p6J@rj zmmZF2&E5o4;x4#rVr+QDbd1_c-j3+D0$A8^HOvweVCs{t$}+j|$Ni~wVf*X@)t@KY z`%fvDQl3neU^uA|)LIg{iAanV#bv%>Np*l(aj4o~HGIl!jvM2$g?&NiR`~aS4M?t) z{;_WV=YCkf&uv7uLf3Rz8Jp)XVEcfz$#zD3TGcd@`fDPQQAr60X{1T`4UDB(_%WCo z)xp;^ZhA2eK9g)y7D!NU#kq8habh60GFJeZS7TATFAYKpTWN5^x-y^a1mvvAB zDLMh`rWFI$L6ezXt}=b||0B={|wFBJ-FnhSs3MOw-ZFeha60*osH z&Y`$(2>H-d6A3{#G~G_$`0>ih%fc+#DO?6jZ0P0UKg5WaQ9?!~T0bE)D&un5@OD=S zV`Tojg%3Qk*XRG)sQ+4)p*q*)$3~HV8GKqn22InVnx<00tQ4gcC4TlITQ-BzkfUWA zY8lI8zjqf(t1{A)ZSFZ_lgV~rz+tUqiWN3Do=p$ib(b<2vvks>z>D%frBob6{m5op{P-^44a+7r8l7o=?05 z5hT##g4FgkXmit$1PXq|*8awEgvzSvfg9g*&sXiNm#t9mw`ma(Zz<{vq$MmC|$`QuNoO@R3;*58mT*;FNco`{vj@ zb7Fq!PPLq-C%pKuKJ?Lixo7hPCy+OHeoT88G z?$C1&E#1Ft0fcc+_1(Gl3Y&fZNOO;|dW3F{hlE;e8GTF|gMd<39`SWh$WmfYwaMCN zo|NzQ+n9|f6Q-f%Mo5*01=(3_y1DpY>90y-9ft-C$WYyHSa5A)BS)wAjLrm&spyan zp~>>eB9TGuG+3LT?D7TfcD}sFeyc;%lnPw1Ec!Q(aimb_ILo`Sm)_`Dzr6=q#hoaR1C4%UK4DoS>>#=v=$u?b1O z+t&!Fk)WWv$T@1KCE`A61xJ>u41;>f21C%PnE*!-Ph!vG=<2 zD}?{K^`~c3%E(Kx2GUY2l)wq~?RjRic+JVGRkhjg&pe#PVRbW@oqo$)%hc|^YF45C zrcWOX(*x^a@8jvxHO<9wrWR=F4@0zM1`PGT`jG=faU#(muUT2#(zv*5*DUT zdDX}M1)kw_JR>BE^6KAXfj@Kv=>M7t{P}~sxAp~38e%fH747wg4eT`aO4iPDQ*PPb z(a2ZI?_l1xFX#~6SFylIB2*`>TUtwejUpJyc<^P=eN5lp01sHUYVK%1R12G2ww>gX z87RS}SDOdXwZ1BUJQ#R~HQAIxN7^1TLeu>dyg4*7Y=>(NZ0=)_gk4I5KbfyDW&U~+ zqf)d7N6?cmf!29$&3{%NfDF=j8{UJBS_hca1|p2u+ZWrQCeJ%&My5qY=)aG&BbFEw z17>4m^I!dN0Cxi18-a%S4PcQLGcX`FXm#^XPbb91#f2UJ`{~gr8P~OzyF&@WYvV!5aRYX*Nbmq8A^1|HL(0=`wvjYb=)X*dUX-J2vKb;q-+ zx-n(>8#o6AS)xio=UPl?Uq8AtwW>W|$2ZuJ3vh$=;4t-elBY;Fhd$fjf-7iuyAsV; z3`SaBlH>bBV3WpL(cFERP{0n=4`A^@-ix$}8#0Xp5e=W^qT08TwQ4x-W`mf9en_2n zE-oy4y>EE7M#))B002CfXw%iX-*H^-mlKk|QbfW_c60){KDCe?{J@dH+x_HUy!5AJ zixc`iUi?S@>vIK`t}vL$=mw=`H-$uO`q(48=qdIGsPRGs$P}f2FFpzunk>%unJM*| z`uDsS=l&E?_F)FxHV)KXA47?iIJk25!x;&Db5%zxo7A?N<<%J>kil0ErP^~!<9(_y zcKN-9oR1(gb5OZ2qC7mZ7~%zoV6yW`*lSzHq-?-lH_GVx-qyLh=NFmw%wF}Lsul^@ z0xcW^U3XsCt2BgrNWV7Dnxi>8G3rBgtW0b#UOGrI9cf}5?L9o#6MUB*OcGbEK{WSpL_KEuY)yqJdl4sBZO>JpH|%WQA>R0b4tv0J2z_RW%iR z)5*R49_#ngs1n;@&z$6{ax&})Uw#Uz1PyHiPxZT9M0tRtst%REle)7@da)tPxZvJ= zuA}9#F)qV3vAGn7MBxhpYe;ub^xxToX1{Y*4Trz<4`9s#uAsM4HuhdF+^6*t#nZO( zO^aFlK7D+o`FY-^slT>S))k@|nSMnkm-f`BxqeeU6SB7{w_LVUSTt}A<_F2p;qt9( z^X%39lENH1#d1B<^RtlNucsfHRmfJR!6rQv5J9F#(Cg|iK`w>+e8A(Q*8@87Vm{EROzyV*}MG4|KZt z{Orm@5q^y7>>dNsTGrytg3T{%RqF&o?hFO%v)(T9sY;-wn zwiU>?^IuatM-h5!wf6;x7Hm93HQGB1Q2CDmX?;Uxl&P=eI^b*1_qhu$1R}9 zAR-KYNtd#J4zq2tm$FA?U&%I4T3?eh|A$C976b&@+w<$K=hqc0>eFT#Mzo#u(YG5b zTiv+3J&RWKL^j@}E1W38Ggbn z&z3)*w2NI4c|Pr(H8U`p4rK#{eos)oo}hA>uw_$K`fLmD16ouN)KK2(5J_LXK6Cri zm8#hh8O_tPWxKvpiUZ$UPF2~5l|wI_)8=AOCOpFXug09N)(}@X46lsXjSRl+u}?)C zTE8{k{3DY{J2S&SYZ9k_!vcDbboIP)LoQ`*-QZdF3{Yvb(DRg)Mlft@7N%1`|{PLh% zIq2)?^`PRGJ+=G%u=aFC0_)UzeD!d(YVn&SVeu}&TlI1e1kWL>_iQTrTJi0!Y~)#g zP41Ef-br4jay&{u_U)uy-nd{QE}r9|Ydu`Wv7IDp;PYav*T?y}-Mgm~0nHw@0lxIN z9>tKWEZABq1MbKvXItX2x8k?6heE*rm7bIY&{D6KQ=VaJ&IT(Des?e?v*_3*Cuz>@ z`f^y>zE&{6ztMXnWcWIR>Yg`i6?WERJ+my94>IkpdVGR**-uZ$-)>QE-d67_;t%RI z9SoPgZl3BVG$w6X8T>ZXJIx?*lif5>pPeXbs-&v9LQzOddBd2uB~r8AgUq+#hNt_o z9;Q^SpdtHuu)BQ;gI#QBX8;@+k{5)-hs4S%E-b2-t}h$uB=?Q-8A>i0H7t9TxSY(s zR$;6x&QIb#owR4qSZ^zdUkG>r+xyW>?DHnZ+^%857ftx8`HxCd3ib<61AS@Th*GOu zav8UkJ1!r4JS7#r2qDlmQ|sxvJM1<+Z!TjZ==%4c^;A0eVkxbi4y(40l|yh`J&g)d zT>0F391W^gj}0$B;JA*AlH5mxdE7@PI4>(t36j165rL12uiCNeb~9toz6ht^=V^g> znoG@RKvd%9bW~*766S8Gw3n$NdErd8es@@&tL1ZvIV_X$R9^Rnt)#fv!TrUhwa-A< z`B0M0tZ1>G)~3avn^O(g;)gXKlX4!e#*5c%2k%H-%Y4JPPT>}B)A%EqSFfI43`RO& z;#Z|o+l6a=or>-W9h^`6o*NubYA_kBPS>-i=#|6RmGZs5a{qh2`lo8x5ws`qgz#du z8N`PSkuK;Y2{!(qL}_#uaWLi_cmp|G#_AOhCH|dYlh=hA`@9k^I0*#wf4GA7Af@&Z zO4+MR`;CX}f|dmR;@uQXmI6;BDQ&pi)1(j(k%VU2Sp;jY*Lr^aSYB0~ER6T@Kck?KgWbx5YE znQx=J5tYlzN=m4mz_fAjg=XDKcu(PyGjtL)(Hvg?qOGD;3fA;)((OP{*^N>0h|lCV zE<>}+MA5wcb!pm?n_>{TL|E2f7Owj$rz#O;GX@a<&->GTrRdbeOsXEj^=ZuW`B3 z>fGUdleP$rJ}3_Fsim~ePxo<`jr8n4OkPptn=ZlG!WG&pGmbDwNAdVAwec6vE<0Br zy7uIe;qll@>V!Djd+5^ZNi7XrpN>qTi>T?Hjod|Ugcv%p+Qy*hjbgp3=j9{Swu2?l zKECtfqSrv4(>7`xiO|V zzGH&;-P5!5q1|R<3BCu}^kQ#-aOD1mGLOjlYT*ccd-J`n41bsL8AbUa0!Invm)e;e z$(CFEJNaT@1NGD=lm|zMl@ig!&@xVmyL*#x9kU^eu}5xvg-eoOy_q3r|4`a4q{X2j zBSsDgW$3inP5)pbssN5oDq^o1cu9W8R~cdbcNOW9-T& zIrs!nYWq{W$+p2O=zVTSn!`WWiCCr3U;Hv7mH3O3`cK1SMh!`_|CjU+zTmc;&6Tf+ z)m4BKGic#51Iv>Bp;~Hv5+!X9DMWwQD%7Zw*9**~bQ9Kq4WbRRJ-1T5gUpc`$M)&E z{FnXxEsk~OZWuLYuTJ}cbLYKXhB4rqB7Zo-iL5I6I#c7=GqNkUVOJR~-3@f5P*rBU zDfQi<>*@m%Ohh|>U{X>!`4ZqICV%~TCJ;~>lDqkdzCU3*_7_2l0Y;*&0j&0EVIK4E zElCylyGAnn`1h@i1@b4GC!hUw6t~c*>jEZIsAFC15A3z*8v=m%GLHj+k>gp+l*w4r zDCvqHnPne|O>?4+%)YU-*N2$hF!lx`-0k;CeKrwJZP~-_97@{z=~fV!-D?+#t1p?X$Rk*%5rutqj^#7UJG%=S-(^92ud(i4lUJapoPq z8R?JztFM7saumAmYS*2^hTRRWt!~Uaf?_pa-bdCjc3Qu{ZpR+1i-iQ4l)u`G*8W4o zh{SWW0SoqF4eew6^{veg4_;R(LSvh0Gf8U;SKw{hu|rrq(%(dER`W4k^5(IXI=fZT zk%u*`xjsm>QeEx=(6A$7sUi@KU10R@4D3l|DSF+mq}gISrXZ-kX$y5GLI~Q^S*xN!jI3E>Qqs zf4BRkKa0jSDzdiFGZIxrh$_9eD{^(BByS<*k!$~jhuC52b8$>YZhw-3?dGh{Q zNH)GYwSBfL{gQQTL0f%V0Yeqb;JH=%o4VK!C3zG)3%7Dw3Cii(mw*%S3u(Dn{lu?T zGixMG3i9F)0+GSX8^d!{MA2Z!dXDxnrL~vhRRnKDRhDLWt2iXgF(+F0CRE?#;PES$ z!RL}(w*9D+l#3C?Grt6|=-Q)5thB8jW0Kp+WYYN}8to>B?aPsvY+pg2p#{W3(DiXw zKp^GEgrK0|F@G!dmO0}GRA3EVlfzT{J(Ph&))1P@^L9-;%Z$!NlNAZKnRF)>VCuc| z(XbS_@U{6Wr)wdq4mUs9@CPLl=yOj!Qc-j2ZFC7E)Wg3~mF%mj-w~@TH*5`uy3HWz zFWyny@b}P(-O$R|CGuri$X=xsBE}zdK&^eN;ah9e=N>w)jZO`JGSb=eJ%19paiwi< z!UP;7ZQ*EH(Yg<7{~=H2nzUv5M>ITOcgsP_U|xLKgm%Q2VvFZ z+0#HeVN264ZjptIYkYm9A0*@#mCZa8-7vN{L1w$(*yMFAHrhqcF7hxBm$O0j6g=fh zAJG*hastYWS?@e*SSms33oM)c-@2fvA;330CP^qnO`?kx#?mW%unYq*}GiW1gxa5ea8m;nMEM#A_KcoO!BPg4I&swezYpI+X zk!vA;a@TChetNe2RCoA(d|06g|1AWF+@}m9am$GD5(0ii=Q^sQjNaHm82N~W% z4U>C2KRdtLLvb)V2n#O@Pk0Vj?8Z%%c44QlI(1-UK$Lt8H4M%;e&-SZRbGQ09n+KC zTv~Z@FN4x4bvv5QLyZ52Ir+c7WCNKdH~gx`V0AO&E>BwiCp^bY`)LGY5%&vG9%kDi zENnE=Qs^oX-cQq5d`dbk+VM^YY}oPE_BuqUKh}i(PZb`rSt?1UJRf zAfq>Qk7UmMz%Qj1-G`TqUYrhsKhNNXIXh_zzQ)VQf3XZeUa9HjMpL3&Ziky5fkg^< zqKEYrRxqVme>V!0& z7xomaW|rQIo`b{E6uOiNPn8oxNz1RHjt=ae2{ZZ?=F#rA#TJyNf(jPojgGl61WXH& zG6JTpPB2S{pDLIzmVIp{TJ!7b%DS2v>eUs$=*NE1m*;B4|J)KsBjlN&r~OGDDuLa02`!)YO zf!+k&tSwO6rd9caQwLb|a7aOE(rljbWM{i%lMlzoe$=soRG}Lq>UJ)atcoQmJ-Uu4 zu_>}$Ro3-UpfV#ld%!i03)D2D@03^6Px!k3V^&wt7>gAPA_+QQc$*mtoM2#0g&+65 z`pp{0=2vUFTl@A8k7ZBYrGs!I!qFlky9{7YEI6CoigNcKiT(QuBVfPDBZCGR$~W_f z>`V0Omw8v7lPK(Z$tJZn)1^gKDu_g54>3Q-oKH$3t2E} zbrt5{&!;RXI?G+9;JIDG-Z>cJVF>REUX!fQ$j z^)!h0rWtUI)P)18yF34XYX{d;_ZWI(TyR;%PAmc_ZhMY{ONi3G5*X76cj21aDa#DQ z!!~143Ck*CzVaD@X?TFY8?|%+9oCC)7}F z#3+-hGZcXrW5V)cqj1x_blpP7Ek$k*2q`^Bi?j?|z$M8ru%4KbF!B{x;4j7|7JX%d zkGbr*7GL9ul1)5-^qaQM+fF4n8nYEQr&3};sj?KtR{*tcm=3V2Rd5zmWcp3%YLa($ zW()K+zW`!rVd~OvGP}#+xiSk58?BRFhITzKo@_;`vrUizdNj3v*G7FIL&;ItsK%g0 z*x_n$*P301MjD;JY-pzq1is&vIV5J*z)g-_dUQL4D!65bLjw1q(SEWStXMxM#FKo3 zK7y8OfAV8UwaWShE>(yZO466W>Nc$8JFBKv5frhz;k-iET%|Tys0TFFNyPrF?;^TeJYj9mN>UYBO90FifN`m3I&?CCUdE0!9aqHtXvMv$!2R|JNUystk z%L!Fj&}El6#dml;6#V7(-aYByDgH1~!rSj01pi+r#Xo1pFs~)2ct!?@13C6PUzA_! zRQtiGi_H?O!VQp{Yv5xY?nR|sW6g6qT**mi9X9avXg-p+7|f)sV?}*%oY&+Ai?iGy z>HNSpOs~q*z}~ePO}TO5aO}Q<7`dqKOMNo|Isv~;ALa=yRJqa!?I@uk7iOEu_F1@13GS=K$zf5rl`nv=83)IA)g+5UiPK>hheTL`^o4g zb09}GGra5E?651ZWLW^Q-5DHOG4QE@w!7-h(W(iTm(8W(dhRiFrvEXeONt_T8vRy* zyNagggASCaf~3s4jiX~6F2FGE&Au%RK?8RA6w!PrnKv~-B~;ncoyep<3>uU0SXuhD zp!L=Ua^uDe>|pi~;_A3tl>NOQ-pcy|4&S%dG%Mkgng|giKTd4hiHo*s7kGLoNV8@e zix9-8HgV4^a0yd;VFjOP$=2&EsF5A1l*EK}s5PkENbaX4$;6}XY%4Mh%r=tJx8zJ| z@00EDeoTxRVs>cr(t<9^>o5 zt!kExfyf=)V{IoeX2Bz}mj@gyC0f642UM8*afDI#g~c4OX|rVrgaSwz)%?IYMY@Px z&yk79?qndnTTP6+!bM=-Zb3JaS|?cy0kRjQgw5yU9QOE-iqBB!a{qLS9cPns)(cx>vHUAt`e)b;Mo z^Wk40;mJcow3~I|89H4FkH)!#Cc?y-H+ISqv1g#M%Xau_r3%TY=$k$e+V#&@9?yQv zvFOf3+Lol-CU!nddqFSAd+ND>Zo}W#L({XNE_TPEaNSM?Yi+x5r(k=_T=6m$Z*xy} z@3n+j?|g$3mug?)1?ztR+V3EOzVuF| z7Z-Mmv;j!)spqzQ8(XBug z-T7bJHC0oxZ@6c+pOxfnOOZ3vJP z%ujnT69p&w<11hr{lB|hE7D}vhZ-6*+OKqW6*?D2quiSg8gi(0SoelsnK8M|49)`G zfG!~xr;Xs3_7P|TC|EuX$~4tEW4#`3rSb*Xr*Pp~*TQW3BKN4?WQXV3-@6foY!A#W z;#)IQGN2N*;^p?AN@d9OD78elW|*PGd3-i$Cb@D+?HXiG%Y7M1>uTHaA#9=%mPBNR z0)5C?bHP+5pQu;$)O8O)#@wHw!B*`r7n7Dx9rHsyb4W&?CUROL!0)squb*Y}i@Nr? z#4bpa*)~oN6x2eaw)A8uW{{?US~Tdc2`S^ii-xq4zQ6QZ}e%BJKNPi z-V-7uk#ryh>y6{Ojj9&%LrXCMXjkRbr+z5o*F(zilP@c=T#Jt_ox0Jp+oN+0#`5}~ zjP)u{)^K8k8G{Vt0bYk9bKllp&*Z$H6`jcATH4YxV&XHi@LW&c7_0R;+tyRAo+iq%QNkCaiUrZaZg5r1S9kmvo>Q5zFZ z{LJZy2+jK$>Z=m#fWNcWu@lsHlELMn_dN>^-o}*<0#Q{KE68dF?-A>FnJ%8FbB+?- z;+YujqU#CvB7`{e`EfLJF6yr681Obo4m4W9Q|rzm+ZEsm&A@3 z0A8Pc=X@fcCl%KZsqG$OrECjxx_H?VPtVVT0^#Kp#09?^@C*s7`WhVGA8|sV+w?E# z@2Ns?4bO;mkOge0Xk%%_H>~D`BJ>bv5uNi^VqY_~t+iRWHqA~V3&`$ye+pwbnmGDQ z@yw-S7_B`P-R4}`Vt81_k0pVtamyb`-7!#^V>HH;#(CIPV&IBMGJ~J+6$(x6#bajm zRBJBtkQUA-4(DAa$EHbz7atQ}KNT&{$L6TX?ckAuaW8r2pW`!Z?QpZK3&X0&|A(!w zjH_zf`WB=?knRxaMjE6$ly1qbbO=aycS(15Nq3iYw}gZ=o371k=3(BX1d+Z=g!;pTZyarc`VzyAh%Fk7q{RE*ndD~FF<_E=`zM=4x zPD#!df!T*B96AO?Y6nGlBScsZToaN;G~-Pg(9S;5P}(h`G+9pEmm6Q+eDj4eu5yc6 zSCcoqZBW2AOr4&XF|S%!xEah$T}$2*sp2*f78g>rBrkbeZc*>=POiDAYti|})aCU8 zDuMxo@HB&xK)GS)rxp(<(mRbCNk>npkhTS=eIjpF!K)~lmhj7&mT3Ex5@6}xm(A`N$1DbDb4%CN%o4$RxUR5%_J~3 z@=s`9)E)dgGh-^+{0Q^c8NohtWEeSI`&jdAWU1-of~L}WK+EKGv3rfm#(;@ugz(9) z>))8~f4{4?>iz#_d;eg?MfafpfsX&@&s5)_{eRPle+L&Z;lE}6}XW~?+1%>nnWXpch;9TR~6ZD2W@u?2Ry7jVq=>mVJ zA~lnS`lolM>d!M_MJlSdiH$XlLpKw>dwW99f}=BI8r$@u^WDff?1(xZO%O7vgc2HS z+Cuzd)M18f-+b4BIskMo1f!p%>QhJ)A^iYbqCiIbXIWF|^jN*6!BmHrPNyW?jj5)f z^pBQEWL1+bmkq);w=21|VWjAbe=o}4--&;&dG^;@^GS4g+!<<);Gy(een4-fv7L** zJR+=={?P+im%_s}D~ENt`UNATt&W}p1&D-_;i*HqgrK8Umj^1$!RP)GSTk$T$8@$+ zvU^%Spc(4wU}ZbxC(w2PHL)D$DiiloujzPUHN-of!q(`2p2CFbUvG#Bu|%aAHVl_b z{NpTXn-^4PEtTQki;3)QhEG(sREp{B14_a{b z-nT~M-#-N)u$KH&( z)A>w03^UDEYCq2l@}jr>-TV!o zA{KTvXqS8uItatwfOW${%2sTkXqUA^X3F}ZXPfY%&lBZ+7SDyQTBVj~InJ5$!|S69 z0jjxLa{YF>cgA^ch4fUZ&Z*e5Y6jVEA))3?Ocm^%${U!p#273{1MjF_+tRtPl z0(12i-G1;6ms}PfFU9{}twema8iowUO4apWodq>*JF`pjx8o_@xh`+-PTKIIz0h|8EUl2CLB8smA5t@4KUWDp2$&f=qSi)e~22? z__T1CvKmG$)Wiq)mZ~#^f^&@}!@~v#loatMZ(N&kfxqI>Os(zX|LxBeb&l8Z{*x;y zqUny_hZ|Sy1pyEfhs%+nEmk9IVw&CG2haU*E$O50X!K`rqv>j$jp!?}vcwUZ1Z zy@IbU>Do!Xk3EeX9r(Wf2er0?f)B*lg`-lcgF$9XM;w@Fi=)+;QfP!e7(%xqM;8l` zND8S!_!YXG@0Kdbx_;#Dn=U>cl98bCvS_f=S>CY+q3!ugpzvY37ft<3l^)$&QzgK92mxMuFqZhu(aWh~W?SS975?O1c41DvhY?RVSehNq7XmHI4adh*j?@|BePiR^z>16wwc}omPh*bVAg90 zBE_RJY?#b(8K{+e+MU;ExcrVk4&F>SOV2w$KHRlBH@Do)$pQNYyw(~WI`eB|=0Kg@ z{OCL9pqS&u*d5*t?w_v=>`IA$#uD?cO`jM2%_|eZiV0HLUQbec6IX=vnZ3or-|bb_UFr;Rll;i4{Fqw2TY8udd75i6-{ z2>C#pB;)Cn^qqtfE4+z{;V}w061Y3$Ni?M%6Nh&XZB0X{qQZ8BF$aMT?Up1$cp+TG zjT>`}fo-M?486#zrmr^^Wn%-_ZMI*|R;Z#v&`EH1uIPSN%aj)D7STMmkoh9oVeDuY zwvc&Y-+;)o)h}rFX}I9B+Mh+oX7YYMMLM!rF&;hb-kTbG2e+o87c&~)`3h*){we`% zkBMfZ+D;_p#r5*|gH9;LvNW>dcKc=C!i4@eoORD9f0^5p`2v4lufYLyN^MHMJA-QS z1bpgNrS`NGJj}uOjI$2>qWoy>mzL6ZfF6wYSZUel$RC|o_uIY=cJv=w;Re5gBkZ?efipR)mFBAgG`L}h$^XfUEC$M z$~|cCW-sp*?ydL{g!hX&oLt|#33?(bk>hofJ{2Z{OeSy8sgsIfHTEEM`zbYoQ?64@ zBA*JpI@A)?3J0QIXuEbsj0*@XKg;>}jA(=&Q}jycQt%YovtwL7`aUSa`M(pp>b8Gj z2Z9ke6t_YjbL+au%n=ln{0fcw8YBsi2VSo4mzxP?bb2)bGFaK#_12}j;c&3(r~L3S zs(zyTD%6hSQqa~a;q;7Dqw&j7Ger}U#6sov9d@2Ac0p{n#SdpLaxF#DXU_vezs zxXAp?UQv=49oVA5I6iJ1Z{&{3#5l~>n_N*D@x7y2A=fe2mW(EGHcD0K<9bbWuwEQu z-4pr_g`2_6GgIxB(q}0SMT%n9y2R=H4jK&Mm(NZ2Z|Ti$*PvPoX}lWgw4{in6N>V? zukW%xViJ@_nV1xA*vrYC>USu?dCgcL#SKJu)!7b&_JxT{zYkejri)2~J)8(Eq|tcE z&e5di6;GlpUW)B$76c{tUZyZA1W1Hak2D=n!l%o}WdgB=r4Q`0&C`aI+BU z12jtw{KboOxuF{=8b+&e6LE1_E$(JI5;oHLXqoZAXfNAKtNvqVGBh(P%jEX)-rFE_ z4z(Da+xn_IGDL>`PG#-iVUTwI9Plf^g~>0`9<+rKDAa z-}Im3s^BuhPjI^H@7m8+!*_DgI16n$gKFi3|a>`4w zQI+G1t)S-*PPPdHgsib2#hO3hh*YL(XAX20pqhkvI@#*d-lIfb?C02PGm*wIR7>FV zBYsuMO4!3h zS_T2<$n*C(Dzo-cf-3d+R!-#LdefcJ2@t+n`%i`RuN;!>A83S4*QJ$pnaKeMKQ%o% zigTm@6BuAJRVeZ7urxvGM_clu6eHT(cWyyxjqwmF8lnEk5Zz+6pV*i#r4^#9%eQUn zsF;QoDl-lI3>tK-Sm^r0Fp+j)ah6%6-3KrsV2=;($-t4hu@uf*<@dUVvLI*_eLql zArBXkPHXlZXPf)W`%HUBW?o z>xZZxn(sA-<(P3E1hW-y;_K8p*D{_>Wep7Pa2>5KvFQ}qBtgY1S%}h#gT)CFvH6ia1~s@COM4GW6G2Ghx3HhQJNCf6(b@4of=N@w!D$Z%yv*}0!-17};lyW^m73cK)Ue|QpQjEY`$uB7C*x`xgE zv3|v?uBFS#(Xqkj6NY0!70JBT=x!K9$N)b1K2gZ}OEjI=JN2Em`@Fpv%>DA93&(kb zOkXmaqf@HG@w6oyOE8q$PniCszBq;OV7>vjdy~_@ZMb<-o-!pn1@szouM9PTk=k9! zSZYUZXQ#saQ^Ugx<$a0lJ`!1WcE-%7nQaej-F znUW^llttcx3ftRb?3>143>X6p^m7Hx%_e?`IbB8!uTf&gk&dzH6P!2pUw-)v&MIs( zWz}Lh$iiYqs>c`eRKPE*!OLAIIv_7uS2;cVW#DAIhB3l!xTmG?by@IAG9lNb&^XXv z-e`f%ItqVWzllmeX*JdBm(Q&?L(ImQONC~)uJ9yQBXX_XiG~oNq)tr_#v0)S5Up{4>)4A%DLf`lbf)74E$s-I4&?uSrV%YSL;k zMY6lrn}j#y1R8Aon7e}{86v`ml{Zh>dr)#YyC2#y9Kh0B6 zV0+{y2Z^8{;2D-1y~2aX;{*JA#4PcQ<%a!ntw*^t6g!M9Nn-?Rv%R>ba~=ugk`KQW z(n6eADn9S+$)XWGas@@E1OU{=$7D`Jv!%804puKbhWt)urPFV2&%8`NsU-%NC=(+~yexu|Srr zct%Dn``Hp&$w>?1<)QZn#}NY}M2rUXIP^n!@g(`}VTkocGn9cl(k=V^iKZ$BJUG-} zl)u7KOBXANK>p?(8RxBV9Hq-tCnK&(`-u1rT&!FplY>?hhlmfxJ~bewY9_8 ztr*-->AG~ITo+Yn_-$+h7g4N+0lQS`O!vje{&L)U`QUK|%Rt{_9=29(wZWM=@b*xDWt5O%7 zWg>IeyyFNv=-kB)?dr%PG-ZEInXOs=5bxG?OyyyZOP*w6V#T}nCOomoe1;DOUgxRC z4)^g#?TZcp9#G1c(Jv1J<2qF+xwIJMj~Tx{%&id4y`C%LmxId*c>>rKO>xv;s- znDW{6HSg{o9l?>1QY?|BaN`6V=n1{!&V`XeODu z!#lE~23`<{WSh23dH&u*!Ti9K0|3M$DRg4mq0W_RNGbDC=m%mbKBmzP8*8-B?nI1`;>w5gD*Bbuk*I0_Zjs{ z^IeV$zFC_4nG78ZIQJi|9qe&&3S8A6{ya~-RDM3s!*kk^TAJYq1HR)@k11)bEvb*gnhJT^V&|ihMo*y-B{-sLy-*@_-@r~KI+Cj zvE%PCOXHxeO$ps%<}15nb;@Z}lcJO@bE!+PsTZngkx7%=F~Z53mPk6hVvicjI1BywzR#L!apomEkQZ(osOzo*#XO0&3b zxk0lG)miam^6fqO>d>3gkL)fWsBY;Wm8BIvpx<2u8 zpbqA~@>_gd(f6}1iU64{N>bv4iOP1we7nJKVDA5xBM3&qFdp+d)jGtV9xgC&P~d?U zu4fzF&jHne0MHmVql+$o2nfCX^J|GO=nT*EqJ^-!BMS=)**G|`g~<6GdFnG8|qZ%Wf=ocW6NM zYl)a96!#U+b3(vv@ZwO)}5L$`{j+!t61^3%pQ@BYJG9a1pD7&Mk7;31+;qXLXKFJ;gZ& zg;rVoBk~OE5*{~WyqF;sVx8e6g04jB4C*f#QHqNJGRenwJyI$omD^a##bTGC^dghP z6N_lJg1JFC<{>@>weRq)GzNCpiQhTsZ9Pbo`1&C=HUA1qPMhO*fL&_+Dsw-KJ?vHX)>FM%di}# zM7=ld!UTJhH)|v=CEZ5yvZ4F_1@at}XQp!yQH9UzW^94ZG=ZO633ey~j33H<1whbg zYcNii!k}tzArVa^Y07!Z<+6EgyM$jv>4ehDH)Gj~9J^&o+LaJj0d!J6-#ZT4B3WLg zB7R}9A@l=i{C#B=iBhHhfCSVL;IzLa*0%tpb5?|q|3G_5EnW!4(WO#r2Dcp=(QMi4 z<&C!f5lk0;2`>%ognEV?f4?R5Ejg*d+){}94QQL$yhLBRcEEPEnwU9_FV|uRWfKB+ zn$;WCZc?Bkj6KT>3cFThj0Y}gs)6VCjj`)q>(N<_P=@QAGqaP+P$I{wD3h|MU#;N& z>VjaCwW3F*k{()0`T>XG^7t(!FfE}n0JXE#v4iBSlkd?pXg!NqbnDT*f}@7r^9%IJ zCAhei1SY-47jHPW+iGiHOdbNtVizATKtA}85(%YQ2G>#s7G5W*P@+9L1 zD8FAWM|hbe(Q+kBo$$Tf;PG@}fflmQSEO10TyXK1E-(u|TspfkWtL!ZK(xMmPO2X$N z!E!+|>uz1sAZ%i)p4?j4>727tFS^V01@Xq=lV@O0AZqB1y08Jt8)u7ObPeQub|_9N z(2UN{gpT=H+Ol{`)L%a!L*(mN0r1Ms=z5s=j_WJd-bI?s)w$ii3R1$s_Lo!F*tR!6 z@;Y6}H-TiJ{6npBymxqEWdG60tcLh_aM;q%{R_t{F2~Y*6b5X!c89WGxfto_Lg5Js%xYAM+IWJ{$kd71^eKr+

      xxtc?k zTv-w8DOl|XFv->N6SGpsBQahnQ|!3(9|!>A(Z~Nm$o93i&p^eLIATt$czZnmD^Bjw z^hPb)^I-NN*uLbOk*JR_#%9FX3nkIk%f%C_Y3S`ZG-PGo(khfMJv)n+3x)0ndM*J0 zh4&u;McJnLeY>~84Y)VrQ^ICvwBfn$i8{d&B=S(mcGJx?;uAtN>CwB*>wf!Mk9FB? z2pA52bW)gN63q=~QoME;>wfS>s%Nx`h$?iOc>Q*Or{gTr)?-Weq%|cuIsXUUZR}&R zr0_obSmL{AbK#apRSX7?q&=bpn^N^}X4C=BzK?r1bU)e0Gdt=0rdArQpJSJl&nh=7 z8*Tt&pOu?c;Mqa$FeO%V$}v>b*t0eDvT-t}6T(Bhb_Zx*GX?!?RUL4?9{8`-daW)O z>ok8&4$bl_-iPi-duBD-gg&;f=A=S1l)gdzn}X@9G@XU7VPK;&0zBLK&4qOJrgBXv zeKKJACSc)q!SAdBT2)ju}2qq(Ose-7dWdQox+BLa>Zot7zbM*8H% zYNO}B1xNBE`U*@R-S_wDg;6gGYTn0;Q>(#E&K$sHX*A+>&m=G;E|{gM2?e6!iglgE zZ6>d@)?qppymwry(BZ@!l-LubV@n^twyFE#F>R{6wBCkGeGmmZ5spJ|_2sYVQ=2#g zRwMU}SELG5S|YzOL^{^K0eY>k*5Y7yJ3l)FhJWb@F0fat;?UbI zJgFka+$5PB$s9;d<(`v-?cLvSp!5v@$Wz}*hp5P-ep7(B!hfH|7rfz+Ba`T*csy1A zx?^vf;W+M|a30Xgw*xgmd zw;v73V-0g2$?k+kX|K+9jX$BNr#wN{J9A0D92dJ^R7HtB>IQkkJ8HvMgFj_j|}e zve4~@ID634!Rx-wt?AF^TLGb<;P46coM#vQFoUslk!2F?Ssx|1D)+@?kuUjH3xqgq z`eHb@Xma@TKN1{RUh0>&v;Bgi@qv%5o(BwY z3+xN{MS;gx-8XN|NRDP|8C#t9={gQ`LB{zMy4vPvG1-hx>h_vuEV+9~8S5`NKX#E)MR^HO)gfMhy6QrqvtP&6bI@rZqxP zN;e46J+8^K`UjJAIg^MtPLcNy85tRov(0|V7&s^hmKyU9uUCEZ910Wu7$XT2SNhR6 z7=t|5Y$~_yxAmc#=e?&SqL?fL2Te47_fEtP+|&(--ENsAR%`CEHt1aAn&ou(FIN>4 z?PdbJmj2CzH~D5B25%76|MxMdP?e0Ijm6&rcF=eRbvY`GNnwV`oc68Wzx+*0J|@k% z#K6Otv=!vTv~`MbeU@`c4wyY8|JUr%e(@3J ze(N@Axlc1-^~@b52)*xM1_qA^P2uuyT>Ka1=BG({f0W;f0Ne1sdd{_~y59Bbl8 z_2*$YENHFE4arA*M2z@jI}(3+2LBIcaqST>(Ds4tH#5;r{Y3HV6^weBMncwK>g-%027=(u%FAJZUk8SGSMO_-IthO}c#gZdrsUX`;OkD-0Z2aSvp&}4xJ zwv1$4N=Otl?k|I+%fi?aoRRfbQL&-hh+m`Dt$UFK?qEPn6B`NtuJ=nM1i#hx(ZE)s zM*Z#6c08Dk{nraF1BP>*1v9JHJflYc7qL2meEy|Iq{o_MsU2nn+9TP;{DEdmk#q=F zHiwwqxKh|yxI84WqO=k0e$wWwW5tg*4@)C#ybz z6W{p-fxi^PJBcT^SIs-SiJ3&W_Uiz?2&MxJ%r3c@@-*Q^(hHvqryd_2-8c1iKB}Kw z5%(R8t)-08tY!WeJEb8@<<=Mu%>BD)|F0*^xNjl7xR4>y%g!aPHr_QhtR$I=VIB z`EzpCoJ)nRsHv#_S#0HViBgP>9aOf>D2z{(x9mELNT?_Z7r<{yD6b_>(jT+`Qn!(%zEjj$DNz3)8}Z~H_> ziQ8bMQCf_LCfbc&+nVqxUeB&u!m$uWq!f{`0sDk^*!tJFjiQTHn1AG;7?Yhk>aUL7 zaQ3Z+&0nUVYKI6xh3zq>Mz@gHD?LgD?x^t-w6>I(LZ<|sh|UL*UE}6a^c*K!slxMA zbMINeE0M2gQAI3wP(!OdHs%|d?_Zu?U`0nF($83t{ts!l zmZC}b9PtM8RKFExW?2L7-LDFHl}StzIRwHZ@1kuGi!t(-gdQ0Eo?FxonJoLv25;zXWx z^k66Cd|9+ohq9+P|4CCKa+rS_Ic%k;nm-07l_=evi<1C_H@ie{85+J&gU?}wsNbIR zBL*G&?EDQ~N#^G+`xm{3U@lnii*8bEX`sC}wQXFV^d}+w!`7kq))d5%RBYBuo zB%S?r$B^QPR6M6N@=h;Wa0boMSFWf9R3-w6) z=MVvlP~-QH0e$I2xd#-H!u!I&o8!46R@SgC;fT<0YxohoJo`o&dq_tWyC$7#ujd&Q z%Yy}HomD3a@D5Kl`=bI;oJF`7Z3jS>U%rt00Fvr=T>_Al{Chokii+uPbhOYA4?0?) z^ZMA~^kV`;uAFGKs45|&mb@@dV{UBrk6hhz>i~T?g@dJ>pvoH~zBKl$qK;CZ`;MV= zMNc7?$kOTPVuH*-X#3R>f>_n_e&VGA1p?XEeCW=v3$i4`y40E_DJQnqCtM2&fJEr0KPdRo?_+O;-pSa(v>^Iu+9Pv!Hxh9!w z4qF`YN_^pc<#}xc`}MV!huBYOquo_vRKD*=bBOv~$IDGO1$#2N;IJo7U(U$ zOTmw9`a3RQ=)2KY`Tk<%w?SSE>CdTZEMG(KRmbjyy0op;VN|A3<~hqA=76@JKXPBu zZz8xT``*OQMj5}3Ha=VALMqt~+c%gbh-dHLc?n1NOh9^N_DotoC%4p5l8!R}CY_&z z^oJX;O&|Bz9bY_9W{wD$#Gye%ym+0!FNooc*Nz06XiVQx2iWw-XZ09Pn^Ck(oiqOD z(N2W_=Tnb3QHQ00h8|LGe?s=@G-egnP^jK|`F$#zHyR6KKF3ScrJ|(;RaFVoOr*0O zoar%YeS21@KoA)z%%hB3`^^Ph-&;wP;l0~oj$j9AFADS^RN3{pGm6!l^mJ^s!U%x2 z5f6s<lrwl>5s7K}XMK`5E#oTi&@oIBW$b(NiIhirIZ`NtnyBs64A5Y?pm?^7$OLP!C+xaz@TqFUVm!{S>->Lxw`yc_U(a1-MG_R_V=0S10$L!uBao- z`kjx6uXe@HDBd&jGDc@p9IKj+%k5-?@ODTxdJ5Qn+uVUFF3q)`HBERF91);!VO!c3 zKl*0`drkxgjjL8K)fzcAqO0-2aHQ7Hb_7-F>)=6f!p5}B+5`b7s4W#Mi$Cu*{HYud zK4i1W{WJXAd(ZI5g&Nm++iR(h4Ubr`P&)~uK>hI+lc)(`)(>c^dfW2D1zB|EdU?!p z#_Y9Ma#W>1{_7td@TJ4bVCK_CQ^HXkJ-A2+zzYQ|GZ&FDPA1iBYd z31Fp(S`SP6bTl~!f-`wX<_GhRQOwTk#efSuC3pB>&wu8#|7_U5uI^Doyh@JK3r-&1 zcv+F+PT^}ZG^z3eMiXX&XYQ$2t!7?0N++f9$~AfgHA)7w#U9}>!_V~hxt(h8ootfB zVG?qyJ?}k^BIBHm`80kVuoA&^2E)v)bXBLf$?9V2Mrd*4gEGoqd4J5-x*7(DA*Xt9 zJ+Bqe4%Hi7n>r9+YQ+uG+nsgdG@qAysJ3Aui4$kD9hM5{hN4RGJ^3@l62}Yd|D(|7`AeF<;~EB&?yt#Nat!;SpovEpW)E#90UA4 zQ7<3dSQ@;+D7D$R1hv#3)>8iSs($ltyJ5GnF*)GWSNU=z^zwJ*4c$aZ)BVDWyCt<7 z5SihfBJpJVlM+zhgIcKvF+Lx?YjQSlSndaQ6~;nk@KzeQ10O64nYQG9s+q|qoKdgJ z;3MdPQ5esb*rPbxperStFn97(ETbDW2@%Yy(B&+zp783Fe%VnAL(G3XTEtle(_ zqT)lTT2Q95Nfa&pK4HWC5gu63b6o6CJr1MiSv1yZZ?teh{7RP*XvQOI7?2XGB^hS) z4WeE`oc6i2__IE3w$)AXr3*QrzaH>pjLI4Z%|B2ZuYW3A2)EBWe_d*?mQcpcAb;a! z5K8z<{kL%=%GawjiO~~1LHFaVo~t5skC*?7AOs*~n%u#_C?EowHPr<>z!ejsZt0D; zTh2hsFU+rKtyXvdQPIsGyd(>nWFa>`x-*%jEoLfFpq)sjy)N3y^Hj?c#R*&B1zdGz zMVEY+By)oB-=-W=KFM?z@)zwED=M$&3Q0w)@8quH&rMa6^14V|5?Z)lwmcd{;#nsx zf8$r@o7^o~U~i9FJ^{3`FZ0#hS6i-tQ2|ylID}g)>)npxRl%y_tS|%!vC0US&5(Qt z4fbCj)YOg@+dWFq=OEEJAhanjVg4+@Gy=E@TwJ4Pt9_&1t(#h?Ub!DQ&pyo#DykDx zErTogH5l-Zoy=rXN>xdFTZwu(as?AFuL!8uwxs$h;xE*c$zShXEZ8gup`SqQ&T3AI zMShncxUNmI>qBeb2t2+?jKi(kjnW>O-;5SqIW3ydaZz*%79R?3a+i0jdC#SW>7GL2 zt-L?j&f6C@xV-t9N9A5QA4wsB_zR;7&^ysFD3FpQ4gK?mRV7FUx{BPrCg77%>o2t_ zLp1H)jFuH);1&D(8hKn~BLwNH2be2xQYsN~F<8R;)ZR$Tx<^2!mG3ui2FEEX2=C*v zUVoWs+}p)PQe7BY?D)oWWOg*A(et6Ms`ScA`9rg$_??Ag!BeM{%Oz+h=qR@cqmOJg z_;uLy9@i)#o(`&X%5oD(M0KBE;XZ>>NzoqeKeIc+e{!3VoXYi(u7DDU7}j;^Q-VoU zz_vIrrrXHw-mMb(OdMr1oqJFoj*-V^@!6IXdiQRH?#8mg&s&rG8$c5$(o*PN!!8=b z?Jg5+aq3I*bkEkA8wSeLLbtcQciO+?We)?cckC+fhizmxXRsgOZO8>`NwnHLUd%tW z>A7L7c4xpVC`{Juo0=_+V$#suDd%|beL2~nwE1F?k+Ykzw6z2#r|^4AFS`NweiPQD zy(mfTFrE^JU0!W&VY7XU7HE+%`)&XM8v=0*=?Pw?}J;tvU_4LOPt* z5e`853fSW<(x1ckKGu10bU+>v+f?ZKAn1wXd_T`Xqt`k?W)&Z!%O_bD3Zo)F^BoZt zj$Kciy>6MUD~Uq4UinQAu`#O&b zif7Q=oy~{2)eZ+u{>-J{ny>|aR;YccZV}!!DKFic|1divn&5iGeLzYH{fFhc_xn0?&W#xEtC-lxnCw_GWz1K5m(QdCYhBDys0xNyT^j& zcSw3hkg0m-c@<$KfPpfhL7+?^-+_tp9-Y*A2&-T6&Dg^Fc-Q(_^me*+>m&27l3IFt5IX203}i~4;=RcoMNW&!V2`_0pUA|^;0+EOpMBrx09 z8#LBwxB!OC9D9>{oWi7XI>khBk&BH77cSi_UF=R1*uiiKRUjNPB=m8E23!)#BRV5? z_>ql}qTsBADv)*>V{psMT=KkW!Cljh>(eCI)f+VPxNa?{QC8)p|PKrCT@tp^H;Pp{GnE{ruF+8iuV2Sa@DdRxG#)}08U#XIpXpp} z8FN%5?EXHlEXSY}omw%4#X=qCp#4#wIcJQJdtVI9^aTI6ho*?diN%ZY(X+QMw~a^- zMbOU2bI2i@tU#p66CX`)QKRLdJ1*9J_Ksp5U146R`enb?S$6trBd&@)Wc^~Kr z+P{>1{Z?PXa=lQX(toZ3oqO3`5x=p)=axJ>Pn7Fc&p`P-(Juo7P}Sw9O;vlI!&}Ul zPP(dYoQJB4<|=Z1C7W@baaGC%s#oB@i7?Qjlos0OX0QG(Gh7;b7mg!)ll(oU79TKG z8p++g1dT7m2pKUXaLqNAl$5xvS7t2dC`MQ29;f0n(g?+2z2I;0iV|9F4f_ad5v(TU ztrsnFTOq@lFdlyYOctE1TW>~rkHlVQp!$>p%HhVxzIc`wj3Gw6-(J!=YkiLVwPB;yArDXKiZ(DIPhXV^vy5LPPd4Z5+ z6#1|B*h3UJNcz$iTWU9nc*E>N$?P;6F4;|E=|`dORdlm2axQXjSQzR_8EzOCDz|oz zJB?;fy9p*&^y0}$Ro#>3>C{UDif#3Z$x4LGpRkMk`w5DPgiBtiV0HC;D(gSG2Sf(x zXjcBvYcWW(4CrM-3OFlRS;FF}R473||; zK3yR<5c+x<3%1&7i2kkfad51o{4ntnM8?W_k^4d>t^}A6U?L^;wEzPuMO<7BKE!!8z^y80g|I z%fq0vAx#njQ(LXnNiy$L;aTW!ZIT~;K6>w3cknAj4t{&={PshQq$cla)(pXj!!7@R zkdWPf6ZPzg;(P*J*f7Bimxv;63ci6;?A4TJu{ex6YH%{8h`e7J5*R`#Mg(q7!UvzA zMGEtt*GJ7r^MK_iALlZI48@O0uLWnBudz?s0x}K7dnYVjbGgPtX)~nDF){i3j+nIC zvpHVLZK#M;_EvJVniYYIF6#_3xh?Ec>_1#E*02#1Es1}78mQ|YUt5E-qQ;1B z0;X9(FIUF$&ES`&nSm76W}=0*becdq-((MV_n%twz#tve5lR+ zyP6`>zSLZo6qhj`ALg9ZfPO{qc1#A4Pkr@Q`Fq=vO>ofR4>iklWZfQHkbX@tiI4M? zd5Q&MJvY08kGwY00aW0sFj_^d*i(t8^0Rw_e|`dTDB$JP6ks%~qKw%`PmR;9P< zy5pw$=~gSCO%5v}(z zFPmUFoP>kkW%-(waF=VytxKR_^%#k7L5wx?6Q{S1YBW^Oh|=G`2F!Ld|cgdSb!`1o7iSVp)XU>iCw(Q}f}tMz}%x zZ4!C0ELz~ry-0R3$A^P5FK4$XktY#4rj@7rj6qC=@vWDitv8IIvEjL7M>CO7y!}A(XI`-jKTt5PL_-FyMb#BF+%? zv{-z~@ZI8k?mD#Df7VDcOL9T+KK^cV$8wrPwYAc-Utw+NiDnB(m&K=Rca5D6h7*SK znp{)OsU*L--6_5yF8B)U>UK11#T3cfwHZjs$dj^HGCtRDOOJ6qoIS@m_wQB&K)q-Y zeGyALLiijeU9k>x=CWB(x~<0le{v~9h~3<_u%gC?gV#-o#5_HaEIU)+}+(h zxJz&e!QH(U=iFCy>;0rP;Lo0GuQ~eY{p*i`jrsYeT!e1WmK;_CK%8~Tb4u#|_)*k{ z!x7O7XKmMw`cvM!?ypatQ&%7Vb7K)yV<>O;kT-ZdvsER$balm*NC{=6YR? zR;~XEi*W{0cV)g&Jas0miuqR8?6}#5UzdziabtF9iMddoUS~Qcx%_-^utMOT_ceB@ zveIGT(s(zL9xw;Tlr8S8zhFn@`;Fz|Jeqrz(k8~Zq*IEIkM)myL@uZWTFz_Q)uc62 zP3F__`x>S-Ma;x8^~y)Ivs30cSdE{|*_C|jAN^?T-Y#}1jmc586NMVKLzqGBtxe3Y zEVnNF{p+cjDXk8q>Ta~QSA%zw$W=nw1DbNK^D_N3#xY<4)j+nEez}|8x`ksg27^P%{gDiwb(MR#+8dI5 z&(DJ0V}=gIvKgvSPHZL+6uNWj%QnVwilG+>PH^`j?UMa6Ic%o^@ndj^*sex>^H6Em5$X zPqvRdSsYYuQ1L#|4)ULD2*|91hl;R-sVq}G=Y?vryi?PYh8)a{2y@B{47nD_`f3uH zlgM5uj~_sguD&zc$#2KX0+$K6zmFdxE(yN_$PVl+<_}%3?YL+|(cK{P=X;w|1ALVl{^Dk5kDhKLJ8O8KW1LMHbd=^ju%0MV2 z@?k*H#LpnW-E6D|jRDN(gAN@m6PmTAc(3>tw6=;G*e)-WpxMdvbIOxCQ#2nfE-;AW zS>!*Q6^D`1fKrF-5e4XUz9*5T;=7b;mlzWB>K)9MTQa*oGbb@w$;PjXHg-&OF-aY= zz_;z?sceDwUaqBt@bs=uzW3P{{Y)ciQrj*qVhAHZ#KU!O&u(33!m8_>Q(J7rCO(T_ zw+_1vr_8ND>Ul=Ii8 zk3S&{o%)6iDZazoo?3qWEJNwD-6-3=ZqA7E=hr_pZm+nNUWbSgt4$vw6a+r`-6>QZ z2k({cFfojs&?`Y2js96{7GpMKBqX+bV6*b!6;Ghglz{3Pvc&bcQK2v?9*n@`=bN&e zQNI6~GzjNz0G#@>s{SHr*ry}tcR)$ed}(;MDMnftpMWs8Xf4Nbm9Cbo94_Z401zVD zKQ6V}>MiNRL7&!;X0qGmD+tY8bM`E?W*-5dCQpFdQYB!UwjRtt7swJPOC>r?Tj2GwSOKcc| z^w4@%0p}&T?YKT0=xMg-khPtLUs?{mXL+}rZouB8f5|bYCa?ZFO{&Bu?`&wqvmg-| zSLW(rTb*rUxMwMe-y|RGXzqVL%awvd!G%J`7hIW24XNSwm@;ne%8mj0SjJo zrEYwanQ~$Yu;@eQWTde5ZmP9JD5?p3gpbN=ox+Y+`V_kseCLqxAAZg~}Q}na&*|8{2TkU+hZ^!=X{g>$QJLahmALR7lT{ z6;2h(*}p)G+O$tI@_DNAJl_^Sj2uB< zx(6bar285EKd9YQ$F?&R-l|~OjvO3^B#dtl>AQ~6d!`TfFNk1}Ot6n->a=H%7uY}o z<3F>semnC8FP{;8KM&QpBrWiqX1=$c6aeT_U>x%m1C0R5M7RPs3t&CW!V2J(DlIr= zfu~V7|4d0u%QXkVpeA%~yurRI!SfYtF6epQk#d~ow2PMrfuW&ldI2y32K@yDgigDI z@axy)Ka#&=mSM)B<-euPV;~f_7q7l&E27TRfqN-U5h8-|)$H+p5*izqkgkEfYxqzd6pFImJz60<8|FOM_*&i_B2*n*5~n zki2!6I&-$+F{fV~VR2L$jDreMcBhbcZrB_r;D@6V%*(3T69Gw`F|vO`wnlT^;Vyd9);^GJQvO6`LC?+wAO_(Ny>ue*(pk2|zb zW>Z9CS^S>R@bEway!|h+|H4T~PYypL2&LASvzJag&zhap9i(pN{Yn|V|K!ddIu)6# zrdT9~fMn1dgjLvRm&F6^U1mCD`d0!@_mVK&C&C})E~Z_Y5$ZJS4b9UgSu`CpQHd>G z#gU=HHpV5d3A7i>3LD|!e|Q3uT_bTf3{z&Y;O0XuRqmizJB&g{_#2_%a#W#9Se$kN zsQep3bvS~8TRe{BMr+-fb)EXkLYL>2R9$iljx`y$)dNGm$>qerr<0KXoPtmH5v=af z@X-hY{Ce)GhHQr;9_k`w^LGyftM3EaP(jUh&k!QJKsxhaJvljfm|@@llUBR%sZxif zhOH#Pe4U>DMUWbr+`4rAIvo-a>aK|gK8ued+CFr^RNOrbSbU94v?0gw@xlz3yNLLE zfe;rn9t(l(d5dEC?`Dj~EOo59bsaBVXhb|<5Nx@^tmvND@V)@{TlOnQPn0fa{NFvC zEpp?J_Hr4nA2dCPO51>2p^;Z+k}X z79H5vmkkXF@oI*gJ9+?d1RfxAzPFXv{HVbdm%rgib?@}@*Wi5R>}eW^Gu7~XsHwl# zT;AgW!a~F&f#9Z-A^L-d&VsVmD8-svXna1GkQ4Ib1Et_|k}?TY(b=1h0Nw-gRAML; z1J>nji!yq)rlx~xc7Z-Ux4EU|9sx9}Mg(^n<$aDqsQ|MBSkB$3Uyxk2d63|qi-gR1 zLbMw>j48aFOKXc96f|D?qN0?oyM-8J}0gy908rvPO#cdW^nK53fJkA zvET5yFU9N0*p8joPsKUj{=r4>@vGZg$P&b#U2fu$pu~Kh+)mfye(HX{(7wFDp?l{$ z0egn%DBRD=7OaOiM!%R-tq;cLBldY6par|-cX7u4po@-)J)P*^U^ z&VK)m-Eo7cI&($#AkQPi(W`mpJyY}0w^7!n{^TA2r}q76Opl8`aaieW+RgOK;CB|9 z-)`6(_&*LA46%}K8Vehs9U9NqG#wPZ3BXDae(?;~8tM?QK9P1h`4cXGA~*y?RQNj0GUagc2`m zA`$nXT5{jrZn-a4f`IbNfcw^pXVnJQ&bL7)A}aJViH+muA&F|RJICA?qi|D+dEuO^Jlgn73)een!(52=qMd1kg%J$$-LX~pQV zzl>krck|Nd&dYj!KIWlpj#FqDe&Ja(N=ScI6Cu#$nZ1so>%9ME-}B< z5DTPOY_^1Y50yn%VDTU%jNW{yN{T0Km)JyhS`VoC+uAN2GBvL{`BFooy8c6gYvDS6 zeaM?sq`*N%cRl>|^kv#t=XMZU5if(AtYb$})Z6f-X`gADsOFL)?^`ZW!LR5^U%W^H z9jDmGyFu=aTuJ0_M7bA+{rE(XM>;+R3>x$I(>Ym`g*Ncw{+$ApBM$N-PqVLAURN?i z-hIthI3Nj`aIWwH70J9Z&%!#o0nLMC5N01UFBX|l#!5Gz6iUQ9RULoADyA-2V6jB@|Iv8pX2 zWGT!p&zGKQ?uyt3Zrpl-t{Tc`td`vT=O5DOd(0c(@V%5r)*(;z+n8#?N}jnAx3_7o zaa$o`FG1O;g|7n0Hoxy-0%S*Z3^&yu{PHIc^RRU!eYykhY9hDqzW87L{QMA`KSc5q zPfx+;M<=H?(3`e2Cykr_CxkDUX^;g-cmMyK^J>^%Dp?(Oddd|(;X5Kc9@gZY z!z_6-zQy+J!imPP#KC1K1NP?fo zquqa;@%>|hNiY|%Yu>H&Su&TR#~JMUkXAZ#j)4IMAJLhyQ0!ib4Ou^|*JT*xBspfH zx1y5%eI&i@3pe{+iaVwpJ%CTpr4x$kB2hV+fgg1O;;*@gb~50(6D)94xY4C4vt^ps z;7KZtw#(VI$#?w7PZ-Yorr!Vk!Ew4SuAMeE`sC^?x_fRAOg?efp@S;%h+l8_(MN`- z^@Cn=U~g_R7DvlbT7BRrutJb2iQ%$4w99Q%Qd3#j#XzW$4(hZM-Ru1_VRJhMVcj!W z6ZO)Z?9i)(OejKsl_ke!jOFCO*IrVP2e@Ie{K0a`-t zJjMR7&U$mf=4{+YIg4Qq;Mg`%qFrLI4T2gkh;@VTp|lY-$~ApXA&DYdG<&v_&={Ht zMZ6v$@)$(sgYOHkfv@J2Kb-lZlPjULd2mC@^(of%aUZYm+bA}x`cJmM$gzXZ4l_5# z1P2~U%h%Tn(vUJ6lRQIqgOPDz8%AD5eSN&T&q%X5@ep)`kf5Th%nhT^^BVlY2cv1Ou(jT`S{iYe0rz1ddL*U3kiD51OLQ2Tm~s> zbKxHd`v=x2#?tFJsB1o~P8@=#3eoy@EmON{mk;*i(@RHdIMiJ>l$6Am^^6Oztwer3 zN^UgPEYzSV3hRGi`|J}3sJD?v{#r%5A*vFTPvBjQJ;rCE&DTqi0qrl$_bsXddGjNZ zi}vIpAU#gx^2k^sydQQK*PCqhDK5G`WYTx+aF8AiL&bU}4XWO&6jn#-!an(Ja;WVP z5esKR-2;*{yizyws~7<=H$f53hgGD@U>oKIjW8$O4mX>28I$u~fj_>;GQBPCgnA*Q zsF?+K?hG3K5dBy)IeRXu*=ED)BPikg%|Fgrm)WbAsab6yE#_^TW{#*;)aL`2{Cd#0 zlLP+xl@_0ps#rx{ZdU}DXQZ7!^LWjK1!H@hWrm1P6l=_GLYAr;Pf_FNEHl%EPB**< zS5+{_-IGuLC=T5C7bHevr9|l-cE>XWFU!lh`L{t?l`LlPfzP#{XuYF%KHW%P!Pz+w z1T**H_KbAH53vn{E3f=M+D$t>iZW-FQvduoXb*YH8_l0w^_k`8a&E1`0`T4o2zCkS z@aUR5-D$nn_j4q*p0$qgUw0uz+ZhnPKL)gip0pdojZWTR*P3zT8FbLG^*i;Q#pPeB z1N_q?a8MmWCvYlpMy&xkwuAnf|8@3}{v1f?xwCc-020#3BvTUe|M2U$mGs-?JN~v| zD4clq3BTB?PzyJSPdRSMAV@tppD}}b`(M;Vu$E#ba-zZ^5U|5|W-WtemTSyPJQ#>k zRJyeNrf9T<^_gF>Sv^QA)n*V}yht+k-`DwS-XX!S(i_azkCREscv=s2Zhg-54Fk-Q8Ik zo{SN-jiu-t0)zhSan*js{+sbDrt)ghSjyS`=}89ZxlP>`(na1;j-EA<*K^8uPJj%< zJDN;(&F`!<5F&)xlDRA>c9`fOZdn1j3_TUio$N|rRT_L7i^y_%HXe4g@=%uqs2lXA zOF#4bw8v6xGP;~OT^sn~MH^K0))$so?=Kf_Vb`U95}QMd$Ru^Tag)1Nky_D^USVxo zHq{?`fBv;~KXd3;hJsbF#lw>}x*G>7T;nw(8M;T*boJp6^!r)bsqre24`P9Wtp~nT zSfXev(aw3+OT}3oaAU>ekMEw)F^;^${3DIGr;q~JU!%xjV_kRKYWF`ddQF={nppEQ zP{REn6N4t|HJ*I6%ls3uU(OH&T7%7)i`lt`(w)Q~3ko-zwOROVln2kjaH$@7iFTM9w*`UlzK1(?Cwv?{P z|GbSxNoad6R|#5pP#TsyCyDB_z3m2F#v)Kz5?1DAaKHn_IeO>Z(qQ{(IVNdD1i+(~ zbVi?a|MB79bQd}?+(;-g(p+tW5B8u%gX%9V-qGZ4g^`fXBJwuG<+)Ceq9;-MPKDxY z&uMZ)2%kk&vlZ1+U&`N!eG=phGf_ka_oGN@PTeF=V@P`GsxW*%laX(wNwUg3y}+du zPLWdiMVB|4-ch2v<%R9Ih0=C`@`2-4?$9r1wBWY%Fg_+Pe*h~dDxqS7V0_J>oH<6u(#B5lVP@rrX}215fuWg& zfSBYtoA+?Qpr(xj_c0?rHzDi^{%OAHWQ~0UvVNy>Hn1n-QUc&T@z(+jgD{{Y72#`%lP2y*3YhHHuq4eeeTi|w+C*}w&Z6zL zSv|FzuZ3X_SgTIp11(&|Lj_+$Cu5QbJ5+#A+lj8j<2QKN>pAb8_PW{kWTT}<0d!0Q zr{MT@>Ul@VM;H;K?a(*GsWjBK;*86y)8pU`XLr1k-O^MlAwbz5O^Tk$*lR9*1YJCp zN7Cae%k?}c>gK1OH}vawe%DkL&A@#qXhaFO47)_52D~aQiU+3ROKOv+AB3S4N09it zZhLRl08_uiqu*%N>v#;!1O$`sI7RvXx8#Auji@6@GEc#`6DAw0>70Cik5&r`I209L zS1&aMn!;>5v0p1P=1?%(f6zhpK`Kb(=`sSuB=jO!q1 z`iQ!Xm$rPm{|i6O8;S@+Syvu-@&rNLS-iyloY=Y`H=IBoUp32G_70WR#ZSa8t_LIB zwi=hbXsR2p1-rwN&hicWpIlX`PAE7Ye9q#K^%5(C=6~U)J_U8jkGKX&6zhvya(L5I zsFlieotALpRNkg)izFM*{rt>-6C3!U${E(J4=@|BTGKV|BRpz+p7Q)8;Ypw%y+4H> zJit3?dd4Uhgxgcnxg2?k;sU|(cg$mbn(d9fH8Vl4KTLe=eH2U16uhY6ZcU6dY`<}lgkL@8>6=!5C9 zzJqQU zr02a=#RN(7LDI9W{-py*u$s@uuo^X&uJ%Uu0I!fy`G?DZ%4-?)oex&GCi|_o9xs=v z_vUdFhdPVwq1T>)Z#JvU_F|l-IinGmn#0jNY-g_>#)-V{)uY z^@&D9tw0O%%3#U7`6QV9&g3`recf!nmfA*a^%H3Stn<|^?OKlPBb@ zO#Q+{Ypkj0X~p)XP6PWv&DTISdhkn{d6&dMea~CIm6mEOP%S~L0Ofkdv9ADfQFDH~ zS=^2fpLw(0Ira9qR`fVq6eXm_sCPFLQ^_RThfv-9NQmYfFMQpFO0p^2?BEO*FHv{juqS@P$l?9&tqjg! zY1ye&cNofGf~1fcxJkWqC!Qbzt$G+mR(Ti?0<-B7e3rtsBwZ%y_BpN`{t{7^?345U zURX(25b>qfd;XI~*l^yKN;wNDND%t}*zXecqM{ zy<~5?X78{bfAbsHYb*W6csbn7X42(KmD3u&9U(O>_Bu}tsfFKyJUwoY+^T0F8kq2Q zrlKRZiRYZCG&l6fSRrextI|5C@kh=UMV=gEi3 z$IY{_T=W}7cV_yG?6Av*Jhhz-yYaWNXC~!1g$k#Uhow85O#|5<1K2(>GXw=6rT!N5 zR3+j-u)#=>v{LV43~oYoRpCO!g_PvZUM-#djG&JEx9Dq#T)03r`qjKiWYwG}b0M#} ziS67eCo*VdQM7=iP&t+6{Q81aOh3X;TC2g(8*X<7$qE3VUb%v=xwZADeF5l_Xk+4r{wX(}1dbSO)`(?D&zw>)tOMMz!>lKYQ5|0~_m!kp`wC|^_=cYC>Jlu3bymaD&tc-WPqC z>em|ei{F<7k!sKvRaWs^_sVDk6!v4f-@vO9@UDT!@HR*wwBaBMmHvACD`l6#S1y}Q zRhwxPcZi%zJ#X~MT+~);q`}Ab;GJ_nGc8@8ZEuZvBzX!UWkqZ@<7V?)`#&Kn1SJ>= zHR7VOC6NrlmdEjSH{iwvS;zLzo2H44*e!*&6HZq`r{ECb$xQk0#Hnu^)uP4^ygC&S`c;XT^FHQ5r;q zn0s_R_J-SLmi*|wGfv6IBYizU&eZWP1ODFL6^(u7+#XU?J>kRbm=cP&Xm0(wS@E~}lPg=rQwd+s(8H1yNrNq!K!TR?U?5UAh z>a>;IRu_M%PPqH}8n3MO&|Z4}-A&D+w7>3&bYSBok<;<$c_Ah2s}$}#*I>3|2Wzn8 z4W@Q(sDTd~HiP6Kyf2rey30*)nf%M6-_{5Tx)Me_mXR82cC3L?ZHmJ(G%A#43&@}8 z^+QOE)Ln8{NA8@t;gGV@T8vUi6+ptrX9RY>tEqhoZ-n_tk%gS$`S$ksb6VFv3v zV?-n-*p`fX^{>sV-n@B}1jal@Eg_ee&SlRd7t_5@R_&lDu)Lo}#I~|!Z1`zf5aB}4 z&CCe6zU;t5FyY+UDoE*+m$IfmX1B3|R>z=iv|3w`vXEQfE=u^L3ilXSMi6APX_D)J z*5VQiK1g7AN6laBub0<5BY=gH_9^cISEG-rdjkp45~mri?}mTrx}4KTpB)U;Wd@ea z7;Lz(U1LWLM|S^6s;H4Gi4>Vtt{m%UUDxc5A`RmLEzlLHF|m7LZ_P za{m^lWQn5Lk5Px&dPFtLLdDR42()k{%B5VqANSPHRfJ@f86J^?q1KaA_Jhjh`?eXc zH-w~RU!3?d}6>3hiQEU`}H1ib|a`aY=q2w zc$=Gf^788F;dBMV2X=-);#8Cff5?B*{lKHP`TQr}%b;3pS0TZG|H5@LBFk2#VDMzl zx|5AyXGrb_c7(yA)w+ zSqsJ1Q;c;<)#fA{82)xICeTVt%&sWF4{4fZ<71gCDIahWW@SNW3i^;n7fS>s);Wr# za(b(r)y#-t)WAKSW&VW>QFpU+kTnh8Uv~H*-t>@ywY23pCyzW@r zM9EfJ4tlI&i^YNP*}TB-_V6Q7T=6)U-9)Grm^fEsbJx>LP9{8tF{W!LQO45vz)5+Qdq@_rRElf|8cZ*JpyLN|1GaVlJ(E1> z^&%?s&hcfW$FGP3X|@u1T^gT(czM{jqR2{MMMY}2>oj)h8(jKjjoIZAQtr|&NHmq} z_$ND_Wn~G}TbCPs4Bq<-XVgLEZrFs`g?KHl@b@4X)s1>`+o?-A7 z#r7^_Fa2N0q2GAJMX}(}=bw}P1aBI-A&1;34KRhH+YAcmsqXSw0SxFMiZ#* zWUr9*l(}tEqxdf^Fp9ZhSG-(}RvyJuSUpgJU6n1}evhw$<5Zy+bgSHSQc>Sm`q<|u zLQ^mfs@^0bkxgF&zd7myh0mH^N;VBa+MtO}?|bVG&UU_n+S6H8NAkcX`YiIF6t=z7 z27isLbaW~b(b1b1A>c2Z(S`*e~ii;7Zw+BpaxZ|MGhf%s#sSymPM=!{1;0%9rzJ$_ zr->%5JV0^8J-;7h@^+33Qg&@%BKn!`A0GP{_lfCvVL86w=+5918s)niJz}TE1&_MUG&}*O)0!qx*~Rsg1`F!Jg|NYigHe02t6cDEN69J=?M2FW z>H+-0U8I;Vq;6tU%^e|N0%Qr-X=4Tf$YH7B3)#hl?7y|UY^K_R4)WG6Z=8dlq5(@| zR*~U=BX9(|XGo z6;8{Q8s|k)Q!ie?sVjXkSUM#DT0`gvR0#nFGezX4@NlYzwKm@q1pGCaGl zTupO&1GDe|>S~=gJT>yUhzQu+P-Exb%>ad>7d6%sg1#$rJYdrUA8-j!8}O z^2T9I6dGbq)<2_t7!+&pOfU=iVBYxPX&+h;V&1>SaKg}0G|_$ZCuE7&6YRDZr>+ni zwfW~HK2itOzAxH4ect!^I7qAGSdotb7jA zO8~5nqNu~WvZK3=_=T#8)x~OBxLk_Khc@>ZV7rWKHYdbqDY`y z`x~6lAR&1BnGo_9^9Lw6B_;zlu4P$JO8X@gD}FLPh>jP-72p4jJ+TtP z+Z#27%JwT=9YV{k3{oFampH^1m|js{Zly=P?gCp=O)8O^lj3@0Y9oeEI%NxW^X>%N zo!WW_Z&j#-FTvohTG2pxZ%ZHv1DxN{P*2O9GGyuaSDTrBG_;jM=$!ORP<78Jx2lS|n%(erVmwXmdU?bVNfej+dHH24u`ByA>;^a= zr5I&aHw@{}&i#miQDoss=T@T;cFCfI)P;cRy}LQ9&Sh_HJSNBXG?q$iUU_~TQfM6s z55on95-&B|Qn$dPr*>4~=4%d8{CQRw#^4ZPJaPb-?P|h0If!ux9^t(kuxgG-D!#mVr8%ZIp2o9Pz* z6!7cQmPRxoXJ^F$U$B<1m^`l!Q!D{`on>+B{7XmI;6kqZP$%w)>#5{g!H3z_Y7DSN_3BERm(cbYO+DY_d@)EU!wYlqwPEmN@0#spOLIYA zx#J3ch-duc0`KR)R76$k>9BG!fn_?Asf5*k9aNhr6; zAV}PS^2z6R(mxIu{}=6-w6Fkf}Dr6lA3}8u6HINxUs7u z6E%g8CLs7f&al92rG_@5`CUoBUc{5ti{Og?b8GJ1vGWgQ+5 z5=Jq}s-5F%Lu*hSfA6#u7-K;iLPpQb4 zC_ll+WP3B>5!+9<`GSL8yv&{0Rk2dUVcH@3r5+k>QOlB+^y)$x93yLi#RS;P>JNO0 zN}-wP5Q*i9u^*2;qZiDIV!PyJPGqh5nJlwBW&rZ!Q7->(Z+cwdj|zS4rHT&iETu;N zn_7$$33|cLFPBtcc)Se)7bLKC9$XQ3Hml!0d2P$hFj~jM6(_Jj|M)z1MnSaVuq&vV zwzOnH#%exi+I4+&^=*up?)Dhj^rohK)T&{gQ*QG#I~4&?05>Ydu{}iNqe3~UOAh{6WF2n_RmM!-T2R4QfkDm^2!3td97Mq6f7;_x< zR+rc!QpuCt2QP_=ikO9_wCJCeUz3+lPtR*jjw9`wXF0fx3}vN7B=3_GtW>S^8Y)lX zd>Q?+6@R0zJ;Sa=8+dRlqQ99^zGyoLAfWPW2PQ6l2EHx~rIeXHiR|820RD#= zg_})?0gAliRyP#IFS~pd-*20GK2`9r$DNhcScOm|{4A@Gv!v6_Il8aQ(sJZ%w)BbbSzX;g zE*Ayc36nmZce_pk@jLP#N}SQ%^*iSH|J=&WFkQRys*I-BF_3~G=?nzJtzEw-5o8z{ z386IUwM|gPFuB=&40_yNVXNCy@R?LvoyUkS?XL1_+&>S(Kxu`-n-omuq#1a$?jZ{M zyT6p`Kb%OXT`wsczqiyft>NhGXKJ)0(euP{x?gPDa(NjI1h<4H$1z;$6~1Wf?qGU+ zLXx@!LB2L)^X^nIclV)|pbZK3$FBMDXz(}Jxgs_WeBd}CxKgh^E^4$(@L7Gn`s|PK zUDTVvcSD0b5}zl$Y({|NrmO((bEYNE?-&R2cjc~TCVvH*P zXc{PoO)#j-J56K<&+5-^;7rcuV4kr|BbpT0jwfnUm|qIcn13#Pu&vmT{(&ErQRYI5 z`S-p(_ONXXU!EbF3Giq+7*q_;;D)5NBjm4_=_keu=04^i4}dM%7fiOwp~sPh4Hy4`&}@e zxA=X-=aLQ!@zgZG=K{Rb9K8eicUlb>%pZtbL45~C#q@$QlQ%c~)1$mM78~Y&1>72j zx2w)#3P6C{*?Yr1P&Y!k@=@qUwTv*W{vc9*qOp1gudO^!Zf{QPSF5w;k*DrlvQ`ja z9h!pK@c=}8Zv$w?+|8m}+yaS|$0xq##MtHTPHDSLG%{P5$8v%28s~(&S46E;;E%gj0{xpE1-bE?e_}ol!K01w7Q} zz`Ko^zu3Ord_oe_*9HdD{Y>b?d}2FdhsNfr)I1z1oEV{QNaB$fDoP^R$aKx9T_pAt z?!4_GEh|*6!jtjn*^|8z&D)Xvh%3jt2kY@<^Y1!zG{*XD z7*0z$0EuIai;us!+?6FGC-0e=xyJ}|;7y}`m`N-^j%xgt!P_nN71+238q zu{qHLW&uK|u!#$8no|X!QOF+(KJ=*tCu0_%le}mB9Sarw)wGy7dp!fMYf<%|@{+OX#p3@5^VZZ?94>XLY?dEy^p)*s zMDHor*v?~)^)I7!-Kzjl3|p5$@#^4VSh6RF3>k>>Sl-8 zxyngTZyuFlK0+#e8^wzay~boBrOWEW@f<{$L9o$yG1L+c<;i+IxrJ0#NodRW?^no5 z{ohy?kQ(M;31e=uAYu}Ygm8Gdekc2V{MR4)Y#D_rYnly`Vdf9qaNVi7FU5c!%ZkY4 zF;!Ce*az3dy+rH1o;9;q5PCH<_dAD5DMBFRSJur8K0W`Qaa^80goQF@geJLPw?wyP1DE9^*w_%V&&b^QHP(~jnt3XFQzuahu>JM{knDa;D&@Y9 zIf7;*I)4KzO}+;<>sQjv8gyA*HQ_%F?w}7GN!3`#HYU|sL0k7WD zN5Q+27Yl;_1i{>}0jGPy2f_QKay$w;elg)v*RAspD64p7X|#!tn~Dc~t^r+FlK#>b zT`K)S#GlD<;o@iZ?@#WO*Dx`k;Or%t?dNa4uUOafjB8%r^;+@sx|_!l8F&?cGQ(8CS;_AXqxj)Jtb>uAw;mLFmQit) z4ck|JbA!UINlLFsXdZm%uKIsNf{q}|&lTS~{m56N2Jrw+c3Y`7mYo8M~Ik9p=W zxnokoSMv$^{SZH4zSdCNcVHdkWw) z(GaMIzc6Q?pVMtY1OAdvm-4J>HID8FR+Z8}LcwJ%pKAtgD{7YS9;4tCC403FhGK?* z>DUIV5I1iZ9miK%%&KcivtG;WZ0_TqA%<4IylXv|!^o)Z=7^XNA;eqchRUm$1i{EX zD4uIQ1=6Umnw?`Xey*9KM#|W`c&(t^5Z2Q058jDZQkYT*eYjQZ_g9aiWYbyw1y{w| zWl)cv&3(d>Q%cJHN>(ddG2cg<2Hb^sI3f<6w`QgZ_-}rWJ~0%$XtwrwCZ04KJ>3T1(CzmWMwCnk}g64$g`PjsE87nTh`F`)eNb|Do%x z!s6PxF5%z=3-0a^oZt?HyE_C3!QEYhySux)Yp~$%?(QxHT{-W0zwZBky4S_7o4VP1 ztu^?q>cU`r+Lez%N+>_qqyQ*q)Hadw{V`3Pj6{FH= zI*-mZVgcpqj3C$v5JVt>NFr8sNo4L$=MhoP+*SJ^TEd+pOi)ZB1I#Q=<>7s4n0o09 z?7aNj2>L-t!m~=BOQLw0lyh%Y9Y(w|P`!VY&=Y`X@c8ZQ<8NBHIj^n)7lr zaA<;T&z^HfpPFM9?pvaz`R~d^yp^WXPn`~gLzzQK^V&5ZYZz{gFv=?SrjQ(7I zoSo?7L+3$x3S?u?#(En{HQ_?CkR@aTcVr` zkpzB;ScsBLM^T8y!MROu5~6n27+u({5Ys!cG-vGy{@M=G9UZQ){HtHK+cI1g%u+bK zPfaR4V}ihwJNTGvz0egLzIkh}<0QJ8HSq?kV@l||*XNz49qW0m9#(2?C1-Z;Mgw84 z&z>C;=oIn)QY2zoS5YenIy|_&s1j2@@iv_;(R2Nj*-9b z3`jr0;P>%&i?m=7kd2grq-e3%s&pWCub!C6a|#O;#zj zl7cuU!Gm9%cRE>wFRvFPVc$A{9DkXa)T{M!L*|lBq_h8W#wC0$*R-Lj&!0^5kGaL# z?zH}@R8+EC z%}%RZ@SPDqq@qVPHS;W})Elgq(TOC13c7FkkRS>jvi*$XrxJX3X9u)L)w$7!!EuSV zj&pUz>R)h}{UF}W5O+5ExNFp|wx2a1DIcNpAt~CS`*fe))cU`=JINKs76H}J_o9Vx z*&$wLl+S-@ULWVZl&UHQJ#gLi20hsc+N)I#S4#M1>41Pub7Z&y3w(ZO)b@u9c{5f_ zqGYl3q;bGHI<1PrhO$q(CrPAw;@6}h(4gUW^-*?ZtC^TYsFLV$?GAhpsa(%nYP{%j zSw4G{;kZ}^w}aZ@?TKTfIEZ4ANriS152e|$3Qn+k*z{~_5lO{K=+OAjEAl-{Dz&aS zuxpcu$N55ZeWmHi`R&8@`Q$!<9YhIa=Sr^|sU54B^14oLmYufa6x75a?9_PcqJQ@I z1-Ux^=3=P|QD=qIV5H(%Y~0Z2(mR5B)j^4;XtJ=jccBRP<^ByE#7)^$6T zlxi0;0z9Z(T_Q;gez9Y-nSq6HZx6qu!!UOl^u#J#i6=2SS*=1-O;`CKRGDrT_B+9j z&f@$vB#$b}HD6k|R_sW#-%a?#X-s8$9?N1y1#5R0B#wDG4o5J!h4Zf*$-fpOi2~Zt zyqm8^`>#gAp4C4Mgc19~{|->k3lL5b+5LBX8fTE@6zcuO0VZlQo@hiS&DF4vBZ@kU z?0x<0?^yK^#WM=O9bj{^oMiWkW>8}TE#Ol%*OU3mqek~3I>Wjfm~Q;TqP4)M$k|so z*{I&EVZtX80H0zHdgH3|P)s%S_pKbgqm2ffv_-~%4^(Rs(kk3F=v5Kc{%>%rL*qdo zXl?pnUTQW284PTS^JVz_m755<>6pS(RrRjKe6O5mWOJv>uxf2_pMEzR^f!>X(sd49 z{o3p)P3Xwnr@0d+1F73y!;ru1VnSU_6E)94U~N*srRAs7*3SQjXOh$50sLYu60>*p zuToZ}6uOG*(Vx#KSK_@{C#%#UmoA$EC^$}7ASP9X_98?>qW~B-5^AF8F=oTC|JaM@U%*8`=;^VV99Z1i3)l=`F$%#(V zl;-?$R&!4+L`9d&-p9#4YUQGDWh!OFiJEmSgN#~pDv%V571uQQcx=8PmXRITv2YBu z?9Th-%pD*k#7y4H<^uN5AlXK$tgdoPQ_@}WZE3Gg*sP=3meyXTa z5G~TlX9$(5FFS-`f>Rh9=~r*h@TJzWqJm8)_>H9_N#Lx_9}n#+3~+WAh0;kq_jnw3 zZ*w>*@gw;a#wWy<5?rw$KIRm5liaxrzrRFCUAk7+?I>PFMr6SWZ8N_no&)ce(Wg>l zuCTS8&*JoqqS@uf0quzVcwzBEBr_fhQlC8w*@1`KMo;g-`%2lb5}uUv&+8tKqR3qH zt-4mL2?F0XyBx5TP3V!q3h2|=#Xt;+IRSj=w)lsPdO}9QFEm1DDowSub`tInI<&=n zrZY=IZOgl{j+UUY>u`Gz?P1oFh_kzjQ^Cf?zfx>^#(?V9GS##=K*zwVZQA(JK= zDEx6lS<`JONrg?}V5KMZ?sB~b2aURi=UAJ|&taNXFduY8JfE4&v?fzqGx)og%4tgi zo7Eyup61$U%QV$7_vM|$(zw{AO7&^;FS|a#UXk$q6Ysd@h|UThBRrlsz@xI`R)(Rz zHB<+K7)nEd_l?6!6k)p~^QSY{&{Bt5y4(vhhCYTM6}85%dEOBx_rj7y4eR>m(h0VL zUh3<8-Mh8>$+|Px_cR&WY>Rj;g8Q{D-2x!d&_3zXbHzNgNH?D$0o3!@tl~)(A{ayh z9+h+7sN3s!Dw=cRLWY7z7DognMv#Y*Bt;2&!OrxUox~-Prt1kFswKvY8^=IE9pKr1I`GQI( zu}R+3I@+cEj}s~QOS6QPtj=pczj?PyqZMB>kg0%aF?Z?d_UR`5a{snKq`i6XlF&}? zVx4jQP)ux_{uo#&Z5F2j_o8ch#&)lXk9Mv3LBJIRO3Ll$iY3~RCE<56=Bva#FA|RH zQS3;i%)4!*7Bi8U;-j)9wp?d(Mb*4`FW8j-oa>;UuG3|H37Qy4_IuD%ZNS^eM@2zF zQMBuQRUyqQu27+Gxw9LvSbj|+CIv0`3noopJ;CL8D3zq9qx)l*C*uM#TCDV}@>DuO zz#w@e9KM$vLVI)0F(FeE!60-yis40}k=?alt!be@}XYceZJ#nNe~%T%{KV~4?} zjvP8Npl5Ff!)I$&vF~bn3QY6#WN!`A?iy?FlQK#LO&qp8S(A_7C0vV>{otHrc3N zk|cBU0IU=8uaw$y>|-MpdCFBImoMf)KOAi_f3dK`Od?Q zi2dURO2|FF;3q&F4m4?~HYNy&laG;8>IFSg%R445P@t*;bg>+};ck{eiiB|<&{&=J z;W-c28)VZDl^oM023}l}zZHnPOku*4s(u@kc81;b1>Yq{hq{J1)CM^@aUH!Lj5k#5 zmRQA8MY5E4e3wZ_Up11c^W|h9P2o{VOV0BCdfKVAJw#UPHDuj7 z^tjS!e`)>oz>?1U<=)5Mf26`JzHX(O69#bAC=p1l_?vvyX==$Ln6oI4AjFwoOmM0R z;=Gpn51WKGRdTgXA{u9Z>+LcXk>u*K*oKW2-f&D+x}nd&5v~aIT@u7^_?ZoW_LXjv zR@Z_I?j?P66zK$s9UsObS1sZ+v&la92qTm3-1!%WgV9rrMd<6+Jg>0FP-luNsP=-( zK+JLdNp7m!mFP9}1MURM#?&;W_J^bsJ;=`R7v#g)@)^73PDbqULI;U-Pt}-9;cFYI zK^^7nd1e~ZI>8tftR3cgla4n&3VxBfN(o$QDzEMXXKOg9R_o8Lnc+LwTB?;{ji(%k zoLKtM2*3XtfV`cM$5Oz5mI`*Ocs4R$Gi~mxyoc>m&Vk+4<#Wo^JoLc;E$%#~QQ~<# zkw9you%<8|fd_+b#dW6{u`A_!@feF(hrj_{q&g*eqsOk#2i|8YprAJaZMoFc$KhK; zeQb!D9#2Evc&(15{w`(Ihy|P60H2iHl+;oia=n}cV}-ksu#fgJ!5!UthZ~y7WY$2N z(SR%9Xa7el$K_kd=JBD5qDhh52V`4hHhgL)e_wcgFsXj%rd%Da>nK}Hg{H(ik)R!`ET=NrI3dKZRhI9huYeu z{Eip{jUv=%?)|X%>+Q}$tfd4;UE8`&-Vy^OviD zi{*t(yla9kMoxhDdbdk8e)iWQKKBmzMwKrsMmeKX-h0KwizKmAH_lXt_?tYk>EGfY zW(J(vnIbxi_`{8qut|Hw$c@%oQj5l>ktM&pY`V2FKeQ#Two)f2KWKmGkpDf<|6O^9 z@bOR~At7O{_KmB(MsMU5%QYB&AZ?i5GUCpg5|k$I?fh7o@4w#l-SaeYjO#wlHP0rh z`;PRt5Eoj;xfm|!pmY?)Jq)2C{aS*i)yktP14%`blamwE(0o=@R1ArV64TO3!?zWm z%wA!$_yZR4LaSOv{P=^;ooez=3nPqmc-G?Sd?f`H$`P7hVq<|54oG4>Z4Khab8{b? z=Nj*h=;8AN)FA@rc;rKUz?YzH-Dn}#c8^WV=wpE~RWYK`PQ;BiFYOB}E%I+FO(g|m z<8l#s#A0H|ez|S^yeM>~cz0$9<>so2ZH^BX`opLcin$qFRhum|R7^)B)mi;*TAkCv zNI8$G-0&U`L}Ms9))6C^m?h?#nyKyp$Q||)ZJ6fEwb+xlBz)el?lJ;o^T9(sC|oD& zui-Q;4u@6vIkXv(k@2U`;lr~I3Fpf$*iqtHanbSC){4*e`v`>5VHj+DiWULC;H4XE zfV-3{?IqGys}u4D57N|Olk9*yHO3Rs2B>vNBzn+cLvEyw_q;D-QSVzR(`xdy*tT2w zAr#VvO!ftK8zuIpp4h)!l-SwBEYvYr5$$Vvj!&j4sJlHeL!md06IF}8!GY}T%wS?U&5X%6_7pnuxP1HejpH^K`N*eRto>L>^ZAOZvGFR9 z>UK?qj%HWXiM|WMxwv;kCz4rcEQcIG)M$U@KIPfxmdUkWLnecTOgx<))~LF4awi2{ z>~_&=|MD>V@YV3yT;TbQp4zBN`xh5hDCj`_&pLYk{R0eSK@G<-vn+}Yg(u}qf2f9d zKh28N9LqPdkl0=K*Brd%`F7*hPoo60l7Dd#Y#&G{BNaBNXzKEN^K-)Q%s+XT5{1D7~5C zNtM4pRWm=``;6L>vS=ZRou5vNT$FBVlrC0}X6v`BA>O$z(l3e|hlh>u*w0jn+*Mgp z`zj+}$C64YSvE7o!W!uH2x^ctx6P}^xSyOXeBSiDPsJyH2YvvV5W&^YqZ$;=t}p;98cewMAY89b?KP=1{lgvmD-z3IcFGa zmH5|1{^w^BixM6g1*NlRM);9L(2c&u$q^tlNHJxsI0U_d+`3gVJ0&TkP+~_b6@gE@ zl;h^by5HEaw}tw27PFx^h@$VaRyDOMC|a&mC{bj7_Wki<-5%Ue zt1=1VbEzu|A7eQy!ef``>jS~Qs`JX0B8nrO|B4o~3kDyr%&k6wk};-E9|Y@gPi57VkM z3jl`cZQX)WvfDOx)6lw?P-ZuZs=dLb)0m~;4|-h+DqXsleV7V8mM@zxo(x1V9_@>Y zAi0=9mOEY3vA>B|{9DN7+AFje6$;skOx6|6Lgf>p2+UpY@{(&r_BR4hQdX4U>iPdN z1z1a^yF7{N{(Sgpyl`8LH9_=Kx_AOj1{7}-G}VoH3kDO=`%beiTPoUal~MgWt$6!; z;8Zp?Et=*(XX{PO%tG0%R&vZ{i*77X90{le|}lQ+L_Sr&*X7QEIk7#6nV?P{C+r56=``g8cJe3nwDq3FBQUt7oP4e z2_}4UkH?ASp_e+tiSMm*5&Iz|wT$>$_BqRwO(Q%bYPcZa8Im(jL{j8GgI9A?&3`h>X~%(bkr;`|R}5VfEM~XX#Y; zy&%W;Fv1cG4ej9}E!DaLoy%kf3Q}gtS#4)M0CFqrU}RX7;z0*?*s6D^5gB-#=v8%Y zKUQreO01&&m5b`=$jF*MO_{?Y^6P=DfnqJGzsPS}MRV;#!`9 zU$`zoJkgYtPdyIdt3l%5(6e>26B}Ka=_{mqahD$|gSeI$twhsG#BP!Yol>CZ6G zyVC4LGsqQ3u5ssniPH1eaMQH9`&c4axUnF1KmVeE%Ghao5?QM|0Igt0;vSD7Ol;Fgt#C2_Vp z_+4blXM5Qnw|cWBl+DLF!DGPL(wK4btA%-(8ol-(u!L1`7n4_nYppxstOQTd)O^L? z{eTNTEe>K8&xwikR}j3Ym3kX;1f>g!a0;UoHfcTEmWZ$Mwn*v2WvaXg^3qGVIq63U z@kfa5mGNW@6uN^%KGt#K*i#h#-$nVB=c>bts@c>I_z4CV;$acwrR67`D*(Rbuqz23 z+Y6`XJRHO7Rfc^BR?8=f_#$>X1J@W%^e1b8m8u7&%+RbB^-A67JMHGg8C*m6(FX#} z&L13RT>Lm^jIJS$5>jM( z;l3*i_4I1@-W6-AGyLdp)X^8}f{*+sFeX(g)6kPcSoxZHdVCx`A!?U7Rm~%G7Jk7G z|I=7@KTyC<4hzGM=xFVsQfG3&r@(7b;Qt@V7~Vtz+<-D6J*?OHRZl`U3zga>YO<{4 zyddmo{{Tr2Sda9|KpP+TQx_)RDXMx35^`cK2-X-*mfJvZi08?u1*=QP1J(q!YJ0-V zcp1neA;}pWLy%tc^8;hf!BJS(!8kR_{+?j^O^>OGu$!dw5O*T*qHn?12N~TRiRPwl zY>Qn;^kVp1-(l7hr2KUITLn?PQ41Bj*c!SD~my(O23D6hy{WraCaJJbm-pZxTX$L$*CsIH^Ix zhLq!-xza+}2&JC z3Nhk2|yHd;Vh`b5rFniL`3e zQ{EVN^#g2d$2Sn&yDc# z3C_0JTJ+UyfbwOsVRb8y@NM_0tJfIk8WDFSs1b5Q86w3o(f4>! z4@;K@J7I*cCMWo2?4%M#Hj*|USK~JSf?WGeBw|017jHT=KoK?7Sjg$F0FTS)s;h{5 zwZKlqn9X~9I0Oj{|xyIU;6xU@_7F} zV0qp~y!nfCX(Pqrq@J5{hhI3u$57Xh2;hNb<&fKu^>Tmm=d_YiH^1=|C7T%-+0OSe6&%8ZGrV^c{e@ zRQ@*yDq%_iA;f^YHD(q~VlD)q3Lq9%f~1NY)aTRWtxJbiM1q`HH+pCu_H5yEhRms) z3Kr#4Rg4Pl`<_=M)hniRIMg_{&oH#ocnv-tpD4#Nf_j}tzJR5ME`77&eNSkrznHpY zYOJRSt0GdNmD&lWKtZO810PAE4^K!yf9^UPjKs5NYI;JEB1a49_se@h2^$7?L%aV6 z!_AV*h)9Bf7meALnDjF>U!@k$sbP23fP_XmzVs6b?yGfLMQUB#6GJ@N4X@3&hrCLn zQN}%AZAe0cc;~T~Axsp6gb(}P6CHFX4%jQT1PdX3YLLu_4&ib@A~6u(+owNEGi*^& zgWNlT`I3YN@Txf;qm+$57 z)c1PXDs5Z`vv-1aE=n%`twbHmWMY5>P?rDQjL5pEaC_Z_dv|tPuSAdDBW7<_0+XpJ zOQ!Gz%Lj%){XrkHEbQLV>6APf1FX_*+S~b9sgOyCyDP8xN>&@Zz@0ZtsZiw#e+~=c zrGxR&zB;jTVq$P)l`5*;)WpW+#8(K&yO*O+KV9ykUCd!e&!$?|ZtI3;v^$Y+M~3$| zTL3|^Bj(Bj^qM(ss%#;I10sd@p-mJI^y7hjv9J-cllvHGI?s@8n zs%~}DY+ZDkj^c&!4jI8rOrUT>J9Tz64V9X4nVb$myK$0(ObsUnGL!M`f42b&et_6r~UPw`5yTI609K`0T(7Ao^*? z6RYnV2-jn@j;NA1`s+{+$LCA%Z>5d7JwAEHp24~!=lLYxtgXw$Q zUDvCfOhTp5a?D+22H~HR9i^b*b35cWI;eA%i*95NZ-B zr1AGwF>-7a|1HvhmZCuiDRBGUG~&TT@HHBm6#E?13RzP>+76=#0=C+MWOv;SSA>j} zW!P&pR&?KBsR;2rNKUblC4rwOs92eLZU$n?=w{qs8cLf3#w>NQBn+pFe{@ zX>0B zSGk?)7>}JD;uN4Slegplf56xSyZXo=nC6J4H1hqH{rmXbhOLDj9wr8DuJx_lk-$8b z&oifRVFKzL&w@ew#1Ryfy%&*p8Uc7?gIIGkj43J<%Ph*lDb!-_Y^`~995wM;YtT{W z=@x4Z)ys?6Pic*uV(~j+3ipD#rlz3s@~`*=1d6Tp#?Rt}v4Y6x=z%^TKr9ZMjf6wc zhJFS)Er;4`5I+kPh>J^)iDpp=#p{KxOtsP<4r7GI;s1*$x%~%GN)B=AW@KtB+}?Pt zY9b%2j>8s3=ek6qaZE0@b%VSk{hnM9iB1Z^t$kpHPZ z)XZ{c|V(`{1+rkH^bnsrPll*>4;poTpDrZmp>@$nTg@*i_cTmL>=ts9zlJ zeIFl;1h{-1KWiW(ft~39jk{lsrkHfBc5+pSY<}Q7D zSUva!orAIR_J>XrK1+5#bH3G9vcz^DZNlVU{&vl2qFSgR^cAB_dq(N1!md+^V2@dC zk}^KvGWuhFEd?dNDHvf+J6U8RvsMh^`Zri@vf}i7V%pi=RVV@EfRf{MAr2|M`zjh*E{e4Y$ z1G7t2(YiBfk7##Rr1TFCn687qT4Ml%51N!QxLW1ljaRHh=T{(w`ZOj3@U^$xh#-YV zv`!LfC{G{DVD$P_A)kEAyzzGqv&dAXU#XH{@O#^+W?$)}splDGrS>yVd{{R5M>X>w z4zbh`-DaDG@85i&bHF9wv?I+vTySkZZs^IeUIexq==|!m#6}eg;_ibP{A+Y9>>H5ptLsl#p^)()I!K4l#hn?5Ui@B^+N;4-N z_Pb1-;DzzgF`B^LTALI6;Y6m0sVOx$IQX7fqSP;rO;5D@lli`2BJYv}cEW$|ct}Z$ zducqB(r%5%F3T8vh)~;~N9WsKfuJ}jYf;1Z6r80DB~-+fhn{w4!Ka7FB`-<{jKW8{ zq>cP^rWnF5{QPcsz)ZQ*RIZUo$}Xnd1>9h2JI2&`IuY}V9F+kvGcwvBgZNVbt?B+6 z_`DRj*&z}!=L!2r6G8YdkWy}*QbJhr-R`>vN}RTB4leWSBk@TU0pdZF7)TVruL7LI24QTy~<=rOdd5R1|}^r z5?dZKjmi7~ZNh%EWaVFv4q7VMf4$IAC>mG_y*48tkVUsc)KJdC%;S&`&e{u8sYx#3 z#FCVq;w$S-{8=>fjC1s|yKJfuKwka2#TlJrp^`f{^+pR;Z$J7-##mVYCxZXN>BA>e zsNls2pg7QC>6Vj$pQbTX-RUJ1UgOB>W-T*7WG@Q z7>T!kN@ID4`g1cvt{#8XQ*dkv#@92a1ygM#=GwTHGDyLJScdN=>)Q*pJe2P($g|vO zq-@{$-?{VA(F?lS7T<6~$Q{(jv~CC}-4O>(tEW@C`(f7Us*G;syH** zMSU-IWbi0PkOuoNv5ejo@YYrYzI?z>LoO;^8$GnOdv+l3w`uGy$mT4(0#m33pQV=r zJ`*AR&aqJ=YiZzd=c2tulw1$sB2^TG++lnJ?<+i2Z_d^KKCtF(niu7F8TP&4t7!Ne zZa&K|O|EefIrNx<3w`KKTQi3a@BT2FzWw{?OctyzJ@%OahgQc(RaA2ssh^$AhGye* z|6>L7s6cGW0}>;XPeT&3dqC*XgE zFbB|OL_uAT6im%QShJ6udKN&@$8;qZU>UoA|847WR1BxF=yq3b-Moqcht$ar5AFKga zFeX$aWSLi(cNsjgIWQcJCNxbHFGf8c5=LR*Yxm5#TdFpm2fJLBUd)NX{;|)m`s^d3S{JAlLr{J$O*Wm>uKho2!Sy(vgRxdSbc?~u&)6}sZN zh2-~7*X`T$m(ICjGSdy6z<-Kn@EaDaC>TK)8T{CvCUak+ITYm|IqdQbhY=XaI=5BC zQWN^$xlnY2WroTK#E~&+`J5{PqSfUQG%M3-6!5Y(E|^ZJ-grnfn7pXw6nd@VOqwQV z>S{b#Edm2VRMU~2#Zwi?Ep`0|q>%hh0-9{M)Yn+4#1Q}d`6H;KgCB*@MM?z+8bKNk z1;0OC433XS!)3P&F`wrY@93bkMa8 zE-4%vA+6SLL!u-Ubq!;Q{@>+Fn(uXjwaC%u<<5Cwi=Ze`=RXm#iOtwmo#0ir2TD08 zB8ExsIrQc0dT${ZOLR*R2%k`{J={{0v9>81qoHHVYn~i<;{S@0JLVRPuFJ>AS5^d3 zLrINn@q)7qbjzI!lJ=30xS8>}6Ra;*P^H=FAYvu}!yoX48yz7Km^hAX8!5<%S`Ot> z9yADSzDub?2BUI(l~L{;HlY+_W1}?GkE{`O*me;k?rsU-2H`xmDTQYgD->E4b|iELiEQEawTPD z#VQ@HZ#EnF*4EahQ#pRTvj1Ek#`vHbG_dMgX3p}^>G3#sUIay^0gL+vur765c5Vnz zW&9oyDpXrb*PyEFPJPzCR6@MB>H3wcCBPUP2*6b@6lfav! z|IZ+`p9sPqiCO0-IZZz&;=2cRBI2w3X2jW<))va=(NClMeo3d9{ckf={MQT#x${Pe zf)Qx_{Nijq*Fk`s82HT?*Cp!v`&p#z)k9FaUNq-jLjjrjkQn5ELydzwXmqq1&{OLe zBKH~sCq3^;p7b0QC_>oRG)lWDan`Dktr4neF%a`9Dut;EjqY1LqC&61 zlZ=dMegT+{fWIm$rD5PBKt|gOaI336h?##Nzwfff`f#<~SAhcMe7^GQ>dF?>>yQHo zMYXpV1VsYV6`HJEl7fYXS}3J4Es%h=4^bEf#n5xzG>_TaLaNFfKMT3n92Bs#ah1l`1-T z=mZKlVoi4PBjYA53$L_yiB1f|H9H?}3QZ{=Labf2=b4R_$>9T|L{!+98w{-e@H=pw z_UTH*L}f0)b7wK708p!^oIqcmx_IPo+R_y)lKc z5I>7ijs1(18)U}MU9mh5Z+&@V^FE^k=!#TYFYj9^&3u@Y#iroZDM^ibH-6r9rl&Ve z)KKu9_gzqu91jwd2doo9})?x>N@l~zgqPi2Bii+x+-Xi_2?Y>Damq-Tgw z_piLMnENG{lQ0$zo?|A1yBjilTW>)?91BOg#j$xqS{+&w8hDK3E<;picN8tz#~|ZJ zKQ#pc+Nl2VWw4LEW_4Hi;>8wF|6O!%0PpHV;md?9-Tt|UR>Nxfs{-PSw45F%cKnS> z6UFt5Zo~UetQ9$U_ia=PhQf{BCxNKk4Go`GYteKxEA#6thnDnf$9!$;_4ep51x;!` z83KlJDJ{~V-5%3y-8syD$@NYk;wPBFvT?Z#=ihuHD?PS-igFo&8yh!F)vog;eL>yh znHog0{R)%uVT8gS-r-1aEdF-Yjcn|ng?IS)M26pVG@lCE=XgUnp6W}caf~IP&xUJr zvZL$`b~G1>@wCOwBQ_msTtn6f+aT_|y$)o3xFplt<3DEipADXl?*Z*^Pab=kHkg6p z^$0@bQVDX76a627{Qio*xx$_jM)#bm(2ka=8N)Yb3xIrs^?5{6W%~{=6duJ^j)Pe! z)(sIw8_V!b&`Q&U^D)(*B6l$XTx+q$ETh3QLqI7<>`gD580eep`h=LcaNLMu zPb4&iIkJC%ACL7j9t%9a2<>{)Sw3YG#$iH0KI8AK@t-1eE)oI)G-jSdJ}rI1XMY*aaN|rVtBbnSqMBRtAbOm)K}{u2u6DM$0fO zVC%OAhCyPPg_9pv5J;nuo+h$JN?pB^`TP;ha>{^rjh zMVS)Sa?F(`tMI@1i)xvQP^nU3f{UW!SA!ck9ZULs!LzkEC?%Ux6z2h*zn#$bbMD<#o3VQuO;m;(9DDZ!etQyB-v!p%64utJ03q2<^+|B~kKodx_#awF)4?;33A(Kel0fH3mv z>H#piG}OrqzL?F{QlB&_DJbbwF;h|`V*TR||9QxRGP*D*JjX|Sz**jLiUTo<*M(rXDdjX_7($?GO?otKZ|4oy-O&t`X8rm z_M{%vw*9}euvz+u)bSh#O|w%|n7cSKR7fG(-Wu z%lXVd8ue;kG9|{27tzQL&igtK_?Q+)GAdt=x>0UiVo?p*Q1!EswxEaK?xV{4p9bztO%%8W3NSmy9pi=qI@C&kydH8f8^ z%ZHa5SFcaJ!4JOiYYt8HYe8XV$J0e}3zw;NcL6D^{qWsX+Py|=py+7!^L+fHLGO@J ztzdN&BB~SX7(727s^X$?L4)kZmFFa3VU*}j#>6GA7(q7W`BZo4(j+nf?bDWv7Pti!w*=JFsH!lCZ$j==E@LaV4kAmQVfM&J53wET$iX=1* z4T81vKCQkz&4s*sH8c=OBmdmcKc|8isPW=ThH|1xc zdS(E(vrqBTR_As6Rd_TNw;Hd%sxowLwM~KIXNZA=6(NAwY!o#yDwJF{e*?JW@w*AcD+# zB3QEx=0AD$!S`UK3m}u#woZgqmhZj(WZ#8KVa?vKz7b2zrl2MJJS}zg|AguxS-h0+ z=xCU_MTX;`>PiY9?1ZknVTe9%+hlq`?YOGMXPpo(6A#cN_3F@@qA?l&hrsvWKS8MJ zMdU^1`n1oR4CFgMpf9rdi-cw`QmmV7*n}IqSvgz(}vNiXp{)i9RU*b4y;7u3f z%kj^>zck!U$eS3_18ezsX!cF=x-pR3J@J0m?KI56YI9Q|A8oRL$>=4pt*9-p=dZ z*42U%|1an*#q1evE8wADYtI9DcVow}A%Q3m4c;&W7Sy*l$hN++0K01+e4;E~ltvUT-4_m@mU;QUb1 z_qX2`NBkc2;3nZfg{a{=jFdI8m89jbP7`3Ie2Bo$e%gl?69XWyYWxUnJ~MO4Q7~TP z`-TqpgA(2;{Uf$M9s@9u{cxUPl04;&!Z2PRHlu)>pYHLDA9cL{?1#_T&9%7GB?j!> ze8!NRu7}a@HAIbtYIeh9hMuDE8@L-a%PIoE4?5;NK`kxZC_=t42pFWTxl-j8r&CN? z^{NPt4Oa*PZbv~-L(pGjwc}4 zYw1PF{DI|>m57v@1qbsd?YHXtJqTnK3O&)|xPjA2xb_u{ZEF(>Dpj49qIfGwF)pWL zN;#blzion(e7VHB5uHf&LW`dEhxzH6viV31i1g2suRTBxPUMiK@f-?%x&-OG8+7k zbEc6|6wEdO)TG)Wp7lbfO)kGBfU%xCEIY6?=mf$h!n(AXnNn?rJqkc(tW>VKN~nZ* z4p_PtpI$iW3*J&6B!GZ!^u5pYg5@cui^w)vas>gR?hn-h^aa%cXI?ABK1wd#(i%$)xUi4UU*q{?0Z!_z2Vt)t@AM$ zR>^j=fKqBcCxL%=q0!DvVW(Z^T)V5G3SOz~$<#&i3&3;Xa9_3hfF5!2w3BD%BW~7K zwVFOXo$qJ1k(jl^yQ9bbqT7#1+Sn+F(?ycrp2JXfpq#wRG5(eKl9_RqiU6VB!}26X z=*d0iOf9(oZUfb5eBBpy{p`S6_f=ei8n|AyENq~VRcAjrMq1~pE;l2Y-InWnJ|B9q z1q{l*Yy@>oY^+~kAY@>0@a|HrQAlKD;-RLd=5}TChVX2W>^=aDm6bImC51_Iiw2nt zx}m97@NIt8eiGOQ_;l|#tG-XTxoM*cfu&?UDzw;Uy)hiKN#*`pZJdimcO8d3KDRfo zu23cOS%t}K>@_qwMuKzLlUSFC1*b+Hbd0$ubdmF+RRlEy_-v8^z(ICjZXBAM$_h{o zMMAzdIp)XFCX+HM=r3h#pl_<#lQV`L7z|c+zz%|F@(jQqZYNDP4gaYz5_(X zT7z;bN;kSqXw8>%67L+}?H{_+5o!G`B2p6@J?XkUgKyl_7QhWx+~dh>TefG%`RK zX%8eh!Oi=PR%qo6a0uu;DWB4)iuYG$D>Wj1+5pG=Uu^wjc%5Oly$?4|V>GrK+ib&z zjja{iwv$GUZQHin*tWf5~;gXe5~vLpalkR*>k0*k(TeEULMXRXA$0t<)x z1hOT#H+&n)QNZJ7#u6T+?=Lh6`-w#i215B-)iM9)9Yl>b$XyR8>{Iu-0Xv#Jd zj9rT}ihO2&C^#vzPy~6k$GvqrmmN3=c94MnuRv;UYs<6S8N6}~L!*dynVPwfb)b!B zbHnh+jZNUj1>}P?aw@+PVZ5Qs4ELOYw3ppIE<&0f* zbKhsvHZGZ!5Nw{uIWhz2oL`HOrdxMF0`>ksLE6jJmAk>~{4~mEWM#3p zNZq%vZ`-$RhgW?9kNog1naYx1MibKRQQYrRwP2J-k`(sM8#O(ny#0f++YmK!b&v=1 zyPfuR;t5)H)}0`cCXIC3RkF8GjAIq=(WS8(62$9UF+0cy7$<4b=rgReO3d_s89f6~UG@@L zIBfQe0oqbB;pPG>ej)#8y#8 z>W#*AWJ89kVD?@yvNn#MJFX7#p6Z>*62t8Q9vLR5i7OF{Vy_&zYn(NLx$O^pQ;7rK zAI|&;P#6cqo#nCK!-tfL^{XrDe^pXX9{CGdXgaMxj*Ks4szL=9ogW-RB1y9|%lFRw zMe*LIKQRsC!Wu@?2noaFxG!fhGS=2%_cE8NSW8q1eWJ-4k5Kf^6XAOSRUOOYyOkFC zLNc^7N&vZdkSM8gN&*?-M_grzSAxF-G;)hS3G197Im9GD4YXe498*52l0KX~d(;%tapDbDTgI%hjtS zK38(6y$r!+)Phn3hISU7LJ=AbE#q~p{SWk6-KE}UVyBd0LMwMkO$PypQd2sh(+nb1^u+cXdG>f$O`RaLZ!B*<6>5{P>@sruzo{&OP{-59?=JR z%24=hNY{bea0{0o>d5^;ls`TZYjgVoL@DnZ2wXa!BjA6g@Tz|A1A`h`!@Rnjp~H^ z9rhvIfk58n*)J4)2{!S%`3xrWV+l7yKdLH@(%s@zk$%GX%yRrKeZ7^2Xb$#k3#Nfn zP;=sj76z7+lLPvFKXiFQK389j2J;-R=ev(6#ollNC=g{9MR|e1R?i~NKT>Nibd8vi zZO;to9FM6|Ss7lxXN z1qo+znV8p5s2A^d;i|0uIg!zM%1Vb-`d&t|czqdI61H^K>Zi!=whhjy(TH ze`PUwHuEH(>szT(9fiavr>jV^#oH>)vPcqhc~W;?o8iTXk6WdR9N(t zdg35BREFPcn1e&DaFmiVq9dP38tuBdaXa4OYIUvz#8Ou2H7ZRIwW~us%W8jHAi5{x zxs?A^Y)W?R+@D=B3r$wwVB&ZH{os_%Kb%P8hwS}`)l*bOL%}Zc_{ck+y|C)DcSIy$ z8C>PDJZ!b}lN2=PnHtGXG=Q1y#VA)ljJ|enf;|#f*-@QJYwtim9R@*Y9nOCtm9D6D ztqMLLf;W-Y7|W0=$?#3mXXSv;Oj!0d!T07IbK!e&mv1_3?fyW`wF+Oj!hTFRtVw7T zU1_B7dmY*I*llD{j7jmmh36#wjB(Lupwor%Ws7~V9~0Qg_$q_m2{&@vNJXuekRCBv zAzt<(uJHf!tI&Lx#{6128>7bOK|uH6+2Fq8BP>Gtgd|gYUu-2`$6-rFc(D8R@ufJ% zxY~n&c+VfUS2-shO{xG%J2X0Ru)Ajk%fs2SJGDTOxn~6ZwT&k?rl3$-KSlMY|52UG z*JlZLxZ03ISQ<8qrOy(pAqD_NIij9(-i*zQ)?!4XrJg*lM254GOX1L9-sQzTj9JUz z;anHD5&;Bff65kj8D51RRz3abH^qH}iFLthOHUIefp#Q;*Y@ho!2M5{HxI@6PnRfp z7^nQC&N#n+>{&wt{qA{fQ*Rs|P zMgDG4GkIvojbA1j53NC;C35t>+k3q73#b=~PdZtsB4c4eGZ{~hL5KNpY6c_X_5S_) zxv{bF%JFY3MZ)wAn=%J&(1)sanxHAs=_Z!~@0Ra}n=qXHhuA>3|AcHv=0+_2;#Nt$ce5kZq|e}Y5v_QFC|b<-PN8C)w1T|X4H0ahVh z2(Q(=UHyT3+gTA%Ay`#00Zg4cn9|MNcK%>Uo_%GP_H1H)5wr~O;wKb=*0>n)bJZ(+)3)jrn|NOQ_6ao0@5`CT~5oHIEkST z6s_?Zw4>Y3NdNBcjB}^~UlaM(Y`($bMsGwR>SOKc+}+}|oe@}-88_h7O;cQmE(~7P zOVF7Dv}G&vVhBz~PCUDm5kdDOTZOz%W>S)F!GtbzE{009eSfhmV!reKS1QENiM1PD ze+4)$d>2H;Hy%HRu?iISw(#^trdmZW%h&RX^hr{&?~@d-WB!%~KOP6uR&9O}yGRcET7V zHW>UqbJ&6#&m8@9yqpW#i1Yo%FuB*PAM4QAjv%clN~DVMz@m}>-urizTzIap`FUO) z#V5Wa3+W2$fTH1IB1EoW;;w@M#EWBisaEf2zr_6gsBqgN_ z{tr!$YeW6NcezXC2t|KiX(Y9D)boe-`0Xs95Huow&RFUB_L$^xt#Y;*oB_+58Ko#c z-RWrUXY95I*9|u>lV8*qV*Ao+EbAP`)hH!itAFf>zt|~%4z=+ENrzDqvzTuF5&PC$X9YFWfpaq{lcpH?wExY}=$oA} zAjeD&CTd%W;WKx%gw=yw$=r^lr9ynw%tR>SG@(!rlx=r1a@7S*6 z4mM#ZGI*{bcjcNFsZwFz?RKEQY< zm5rP<+%NgraEf5MI)Yb(AQKJe;jK2u`DxzQnv{l#AlgM-k-1M`eY;NFlcaX=wKtN? zl{?XBW+0eorcKSH1RC*m|9Z8vXX^0I2)lwDsMT&tH6sM#!8wamX>^_TD&iIaFSW| zHxFPMc6IJNcj;Z0I*gAPgHIv`kcb(t;5`=CCJDbv7`=K42mo13gH*;|HD4}wY@3&g z?d;`mR`k)@RCc*S=&z~Qyib36 zStu$$BIwGCLVIQQA=%_E;lwq9S~2(c?~@%0lU=DJPvdml9Ja$$a`J-$%m~DB;Q)$yzxR=J(nl%f^pHRW`!!9^ZrfUs7*p9KW}l$^lrJ zCs=HNu)RD)urN}eVir!Tbelcd2tHPhtj7<7qETwB{;iuZ-nO#>$mQUdjCRUD3Y{E;=rC5NKgjA|nDAUrk^5T;l~+cE2Y$E&T5TtCW_Jkv(iT-su=REf)O_em@z_xmae*bOMxk#bE9qV{O%)WzQw zZBF6ja=KeF-lPpRe4Bo;#wHm{Ydj)Xfyq*p#E2*sbm67#*KP@7sJquc>$$d%eua`R z(4w9#HY}Cq&y~4DaU$00su;Y4U)alh9zjrNjE>EIe%MU%+1vE7i-=sR%w2S*zn-RG zs&ipYPupRjG6=m}JS&2*2Za3mZRHaSs+T7ci;3fD6~C9lqjQJtufIxj+igDt;Z>Iy zN4YE82Oox#|4MYKdlE`iPfm!9L%I{w?rD2>5h6s*t^WKKbbwD_NU6Snc%W}M`embk z{+9c(4$7v5-+C)>mz*YUm>6j2Qq2w*P`TAXS0+D<04z~YZZ#1$CbXuyg_blbb@kqA zF|K&tm+HY!upad+hj^Gg7~Ud74GRdE51EV*Hs2uyQ9 zfBXxhBS9CcswK2uYY}~Y*5at!r(;r7crlNjp?moyZ;utgccOxyIqErWO;orEpL^21 z`I!NCJeEAw=-v)R1`-oBp|6v8gpz+xX?k)Z>23AMUUKobX8AOIgiJwY+A-qErppj2 zlFT(QOMK4!Q>QbtaBpzfA&()?zU5+=o|&LYBrxn=bxChq!lNLcft9TmT`=~%AB0J~ zSUHa7zINUx64L%;=24jEH8FLOLVHXBnWn-RIFU?*qBMw#-fHfhO+R}n4_*=AnIv&? z4ANob3X${pPHv-@9~_&#I|lXak}6$&wzcSf4+ozuhCG|1>ckzG(U!>WF7&kaY>(!b2rGv5ZCV~gLfFqhz~^y5#7RM( zs;t=}hLmRz1nK2U%Kl66WIXaS0qw9X6On(*s<07=tBmwh$u`@VM85Z`0@=Tj(K=W@ z00B7=d*aTPzA^?GyZIr=2O-(Rp)wDK1E}O1?M3l_(qNUaz)l{2wAx{*&dg5N&?T{d z_sAGBQ9v2GKXqTIi+A>lvW^?i2ZWg~n2;<%Fa#R^1OMjc3Ub=WRBLL8Q7%VBd%+mT3IxES*=#4FBF_m^e$y%v} zn(g>>Z-33+xoMbwo0XT`GhC}h$6b>bUTdXaKE5SYTBsx_AE+&~>Fp_w!KCT2I@Tz^ zJn|dlywjgMJ;G-7!K<7n3}RRC;@U-kp$KS8&f{3Ox z4}7IRHX<#ofcqv1A@|bgOxbD?V#GLmS@Rt$+WDuhoOr?;kPlZh_YX+YCM$5CL*}ZA zj3VOAwO>V|iy4jrxz*C5(zZHEI@LI?I3uX0dfFjMj*> z=n7$?+x~^(4Np3}jUSa+6s&~?iMo6=$jQ+}ZMfFYr7C3Xw{Av7O5P0Kaw`0|+2RRQ~AUv_ugLyd!s)qeA>$Mls}K6Ln0)3c|=N!%~)SW$p>PETq2A-A85I z!?2)QDo;TjLt%QZIZ3}+)sfk~CoG&(Pebx%Q0E~q=1G}dSIEo-I5N?K3ifK0f3~1p zDLoZwN)n54tVB&qMZx!lHz~ReCq-e+5cv%=3|?DPX{ZLcE_M^GJy}t}j(N@#&LDUy z3=$zFONNU01*+7OhROxT>coCb`g}Am3^t?A{9#sDCpWHjl$NC_f6ruYW_2g6d=fuK zO%$vN>G`pmam|j}tN?$87~8EQEmcBo5=V0?whDDZ-6}!9&THXao`3YZ+@$y?j%gcn zLa1?y@zFo-Hs({WZa@Cp55)J;B1eX$yZQf5)*%v)(|Yq?oN8yXUxcx?x@8=@rV-s3 zm<*Xj#o7#pipmdzhK{cP|Ad&Bn3;RZsxYIq=0Up(h*??DKhnkS?mXq?^*A1KszM@Y zt#8dlx{g*6UC30Mk*x{U{UhJb&$KKyN@!g@<^>|orhhV!iQ%eoZ;x5>7ljKwc*7(8 zHFEJ@A{?{e$ITF;Js+lbOl?s;kK6#p&5KbWM1aI!kXT$ZR3toa3OO{cD_#V=-|k49 zyIlFrS!-36y_SfMWvv%dPY+-NJM*A)@j*0LZi;<5_3O%R*o65>>p9^Ydvrty53pJe9d2?q?=z%^7~yf&@a-w{7Z93Mj#iQd!JK5q6J*+FTQh zh-v2gYR`5ShO0h5H?6Rou2m031FYn`tQ~Pm6|LNapYzw|-4l(kYN$!Hb)jFJVL`$X zU?FMTREyt3Ard00E^A5Y&cskgrQyfC*!GEkl<=}xD?@o4&A&yZRp}4tPW%`Df z(4Ziv!hMK_QYAVH2KyUOo8wbE?r%<-SeYKH(CvG>HyfP@Eeye8EGOlc#|7W`qd{H- z!;>EEcFdkNupzXmGG)Zsa;55QSA(#?!1onQdMbqWnN^xHfqF8Aa=54@h|UHEowfis zUO+rG;?(m?gQHX985aMED!nQ$WmRYF4i_I1^Dhy`5L~W|_+X;fyuGspim2D#43oWu zf49MN7qe>3l@OoxiBsgGkjB>XZ}`w3k|A+2Ms9}T{+4Ztu5uq2SZtsG^KzhRRj~Vm zk5(>$=VEK3XXfagV1m_qe<%G4R>*HwYEY*$B`czRjP?UYc~r{mSi${Y<1jT+2-iBM z5#YmNMg%4O1%*!g(qaC&00xw33yp~NrbJN;LGFFAH3}yAyQL;zz~}CEGqAGuyuC)k zTK)C(S1l7&&3K9d2ys<%y0Qk7GqF1dE2DzBPv*3M@W{IUMz4?(7cz=Xhx=7v$HJ1s z{L?MLV2H{|~XzTEL{m z1A?VM6`cJ{=sXZcsTE-rc4dt>@Q|$ZFoZ ztqQ(`(T<++2AS9TtK1rs4zje=qsVb}mE7C7w;1~&YbuE})`KK^JqQT6#rQta`WLBN zCN~XXSKX}?xkEWx!cRBymG{%^hLgKOd_zs&mGH5j*Ya06hmEe>4>v+WJzU=(FQzNI zCca9m;YQ{AN5%e_;E%H*A3ibpzB1F@;c;(!GEc8mHt2&y;a*7r?2q+f(Vv+FFL2!X z!a9R`CrIRZ4DWrz^^*cyOQ^UcS9}-r&%ck6SYP{T{3j->T=)j?UTPYkOI zIUK%uI`^JA1e!DfR1I081`7awH}0pUw)inR9$i)e(b`tK#HI!hAylO2$Mgu+s#wMa z?4O}2q;-M}0)}DvGRb|$qtKILJg*6(28*`q*oQ7=?q*z@M4d*@SG3lhzd_o(dlM6$ z;i>kdA=2%-4RVpsMPhrAoSl1d|Iuv6e7^n*6yKBoB4A$rnkU5|3gL`xcQ!ch5-h|iVyV9f{@KqoGE<}DJ@c% zz6;m85)@_}K6&39OZ}NJ>6r*R!gxHmwPn=~r&nn#eA3jCgh3J`w}g+^qG(IeTixHL zi=9SO&)RKRbB*NTy~rg7)CcR)#)JL*dV-GqxA3fjdmHZ9uhB2WV&EuwETR1gmD88c zo%bi|Crr*O4gHrIc=kH7k`i5MpSy&ycI8<`Vt+M5TMBr7_9)n)ny*tdFUrlBt<;*= z%P>Ew?NYR2D^BIdQ^w!ed*1n3Q%-ZT7#f4zZ-;r%18t^RwK4qr9_UbFMHnTMu+no0 z&&gD6MewNAmg`ms5%t6o+PD#MKS+Q`OCoh~KPNrF3swhiM&E1LL(Rm|mDW=WE)AakeM8Lcx z7R6m?`M$%Ll$MAmd8H>du*wVJ^V>^Qa3^pP*v?Mopc z`5-|YEv#l6(Nx0OWS)c9?sD{cMIG!S8dCi!cvJAQ7)WmP66h%p;MBjwe8 zzB_~K*T3fAF)Fdm->K8!5nw-^tgxy(J&@`Pc3rC^DNRuLwVx|=kp9~Z3M5wcs`?CW zirsQfK8{h^FG26wkp3-)(!w>3E>W@`c6~w1>9vrpn5?a-@1#lLa(mEyF&O>d!=pD2 z$U4N>JAMtC3oK|jAeQJNQrh7ZKg+T@e-a8(@&y)-wlxnjLw%u4Mbl63d$0Hw$)XEt_c zieAM7{#*CdeZ)o`KAgepX_1?7jkXSTAr1It$x(`$uc+zeVr!L(%q{?4wFAN|kX4Qm z?CkeaNlD39-A+D`sKM>%%;5b<1-(uiovXb=v&dH&xk}sCiSfL{^x%_YTdevSOt)T` zf)%1mPeKIcF_A3k;&oq<%X_PJwXXG$V7)}&C<3^wMu@sO2mbPh%YI4!G)!`kFbk=; zG^w8$yw_(Llio%XG#Ic4|6Zqo!SwAZ{a!<5LJ|bvt#$^LKmhyu1*Ux~JR|G3dZ#?8 zXKvklS47~l>O_qosofTB7cBRKHo08rr)#2T4)F{cqdKdA!werI+w@hUc}@Xf2j!UqUuWDt@THbNRq9M4 z9^#JcUBrBS;8QBh4HMTRKk3ZpXNi+ zz`$ZW@G?ihynVzy0fN&=!L&a=VU%xRgjjEs_n5v``?u*QbK4?0gEl|SGY04vMYfH# zNB-QHVCK%I3!X@e)M1Z*Ea^#pneq%=AVSzUsw^&iJ*ey#@;vUqmv@3O5G5q*%0GVu zgTN92KSn5C^SqdV)ieqN11R}z=^99B{3xDtVsejR&YS+Cw?T36+P>8=h&eNl3>waP zheX2l=iXpqpZ^q1$%)y0XK(j3_&LABTYjb~o2 z<}e#8To#JB63c6Uvv;y3d4vA>l2gTRoZFCibpa3k#Sdwxt52lpG)!tqyXTxerg&oo zr@?W-V-Q&<%cj@uc}h)ifchTt%P_=AVkq1XPhFpOe3KIoz483>Kf^#$cT3URwRqoK zgFypSzD?dDkNMW!E_Lt3dEjl{c*lO;^V-wW`L`p{Ay8pTqmg1xj(;~)invlu`wzn4 z_Ah&Kcew8GiBCg$Iv!L7C*gt;x5dq!nk$oDXbC7rgJD_Lj$irKxDvNANe;Xj}ID2AC;enTLwHZu=s-wAd`j!N7~t&!2Nrnjw=n-eLY!p? zh8n?Y8bkr@A~$F+h@C>G_tFW!)pa`%_(^qinGHKAx;eBb*H71=L;3ELi_;&^n^dtlwrj4+vL2Fvf;2j%z%cG;Jm zwIk*0zij2ee8Gv!hg*gZF2Jb8b1?ZohQQpSZp^*|FTWnE3jIX6i8T`dX~FwKkHxKh z)ab8Yjke~H`5{?iv3xsly~1dpXsNgkDd1pbPFI8|61W|&T3M*tik+@&a4NCa#>8ln zqG$C+bx{K-1NbI$+F2&P4gx(AK|U+j_floBIs09AE%Bd1OtTH{*$YxJUx~3xVRBH0 z@HzKvAWNX zQ#{v~5e9yvg!2x18|f|jUt3|GjwxlR!~ySa*&29l>3=^_a+uyGDsfzX?Ny9-yXiIf z$dZ3N9bZTp*SkT5;kLC{A&a=M^u)3~998~a2Z2Rydx;-W!hg^e#Sg=yKXtGbpyosr zgibMJYK4r!$Hk;3s^*wi!;No`iy8SdI(}!T%sY9bdoR1fR|GqUXqy@7R9cg{9+3v7 zw(XEL4Z)+0uVAD{CuEkFX6G7 zEtxnatw^HX8u<07L?ft|vir+!dU($pf0G}lW)I1Rg&3iAhFG)XTIr$b$huEB?#HY1 z+neso)^ta{l$3=L(v;#)Um&H^A4)nwT{MEHR%1pFX4%e-8VkMVGnF!RP|^>dL2Fui zCOrBt`2PqBHww+~naOZ}00){sg47EXkk`_IL=`AI6to~1~*#5J=8F6QM z#E%cyfl_j$f4<&^5>ZCu1iK8FxFQ5BAP5FhTKwveK$sVy4icXGyP~jM4w}@-;iCxT z1Cl_zHduY9waeS*?PC#9eqwuHs1=QAk7*|C6e69N-gR4|q@}mt#H2x@X zA5MN;sPZb|yYY)yG|}z4l0QD|#i>r9wbs)cvX*^}i2p#Upto&GY768`Ry*GFHEy8M z)BfW&`bq`e1&kKvmtwViEJsX4auI4_!B_rw(1FgnLpQ~-p3gGB{nk3mP`#y6O1OYs z2q)+Xp9$D$56~}&(z0>FgzUUuC)B*xp#z4Rb5mIuRhxR5Y^<4-2to`dPvqV<(n{G~ zL^)l~`f!{vthWp|Nh1jF*g5bP@A0jJ`|cNn@->^cg^R>*V>4qB8g9}tTk*+?o^~|O zIBe0gE(K?Ab?G4RUq45qjoH<^IrJD2nsE0#{6% zo8s2Z7hehP9a!{?>^mmQAAIh&vBx%pj*vGeT5G^_6PriOU zNG7VxVzPxwqxx!cD zUO~EQ*!atWljAMeZJ|Jn4t>bXKj<`a{{ZuU zP!6Da5Epm&Gdsmszxv_YK1Q;et#Dw^`wwgt{rn;DftE(>R~! zKkbnh7`pm5(_BjS@8C0QrC;HTtCbMboyM`IGC}j6TT28R1+)?{K|P&NKUB$D>TYfq zDq&dxt~%N;9Ozhpf%vV|`-mrSTFhuMm^mlQH#4%_TBy`SQTieAv;4jjp~dMcX4_r- zQ}38qhs@9O^r#s9^!b0AzU#w=x`Y6af%(reV+}sr(bHZrA?&mABg`ffPAzQmTVLMV zsA+7;#>>(t&+KBgWENxANBsYD*!)++ywNJ#f1~%#nkJ~AQ$!`i4jtqD9%Hx{WhRIa z9B`OWr}ejd(}#qtOGnQ_Q}{geT7_H%#A?u#dD72C^;`Y{cD;$GjJYOo>AS{yTCzOq z&D42r43~~9V#}}uUeXiJWV%WknBXu}E-G-CC`B5WqUm!}nj>w>eh9kg3JxyT7PE3w zZrfQJ3E@VEKNA^4#pAi&IDeNZDE`*8UG2RrA-(8IfRyDKf}ztWNAkE!VFZZO(M9mf zz|JA((jt`4%f8|}IOUsM(9tL?OGkg|WYku)h9*7CXOT08Ya@(a{@efI>Hn+7WfZKx zpT7rUNqousuD6CJub;fV=6BBRZf!F;13{2~aFLP2D7H<`PZsoI-HI371z|0`w~bJw z6{p2|^_n(RsDT<$C^`W}3IAK3be}uV=p-ogXW?gwB_8?GxUj|e^3iO-K}!9Kp-+U_ zSp>6Y6*cQu#`ga+7YDJo6`>d8`a zCJcL5!ZwoNfP9b*l*TCDm#7-2GMVEqD9GU7e-nlZD{vbr>{Vq0LYOczJ>V2?6bIeB z(>52r&lF5+zIHG5Fge`!5DDG|Xmf*@n35QDdj}lO99Is`6!Kj)$wVRWNo)?8ykhfx ztR!MQ*w+}C+SPrFZtzS6c@4F`naRI6s?ozp|CW3`t$O7iZ;{0KDdTRgXH)h=U|O*( z=WCWH*&sH3y(AU7 zFiJv$E9S{rf*b;9TK)oTY*OAgG*MA8q#q(Vsx{WoHCHIV@%a~yD8wQHr3CXvEkYMt zAqCb0Hdi$urzMg91yLDZzN6=iSA_%=ksA$tF?((WEbB0vF3;#|>DiI*hw|VZL?5(6 zK;-5oq(mJOz%zU6$<-%T(Swq&Tu=_q{Riu;-`x?w_hovXwb>R(4+I|LsXjD||2#CZ z3S_9b@N8yUFf`2C<7n)nLavtJvHkU(Qc1Qd?)IiXVYtqtALViEv&RFyy)KG2srcwM0y|$|D;I^2P=qilJJLb4kTD(`RyFb-e z5r%En{Y8f7*O5xGvPS#kk6|G-wc;DgfK+yN2S}$sEYe6n`>ckelMj`?rKG`IXmTaQ z9h38+akrt2b}uP1`<9ZJn?V!1R(>fa%q)d0fA{9jJ-!P7-kh8M_CesrNC@A8m5fhy zgpi4q?!nK$C$$?C8p=M9BT9I)K}=hozNI8OcCh0j<5w;FnZA4y?gy$^ zT1sx+X_HByx2OL2sPYPckzzrw>%_y_nHw@LeKkH^vv*qfdP$nK77)D6#r+!` zF@G+pkz0}!7?MLBvS zx*1iW#xad~{~Zf(A%24L8X=BdeaMI5fn+_fdq)a$6cZmHwaE(L0nb#IgPnl?4_o6J zhuZHd9^W5IQM}K@Lmvj*Qx?Oxs{(qnsjF$bDrNo3$tZq7VpOdWJZ_~JrR@pkA#6+4 zN#vcG;9pA52Jd3!fzbA36#{)KczC z7;_S|&a&P*m>w$VZ6B~E`KdK+q*!r!s)#$>^pQRS=WTwOHTIeDTm1#$uF<@q5UcWn z-g(<2`oeQy&2{Q{1`PCc<4=2Yk=6;Pxz%a(s!m1rd zvvMZ>5p{5OodHfl<=X@y1h%CZ!W{(mOowV{xzUi*&chkRe z^w|^=kLtNRmF4g1N3(%H;(fGi;q~Xt$OwDDU~KDsh^Xcljn4W6EI-mFRWh zI0zP&d=NoW1{#X@#F!S2jzkuglTp6&qpyWG!+`BHlA$?hL=TqE@1Q=!@z%aU(*me9 zsd}BD2@M3R^k%p+he1hnuS;EJOF(LLmI!JC;Z>_T4glrNsDo_W>n&?p<)Tt*UrqiplDSou;wux?IPNEl9 z(yUEDnDMjU#|W^gd?Trfcr$H+`5>Pidg2L*Xdew2chDKaIJB|>`CYjWiD8U>Pp_fg z0R{!%39s65pq{(+nbfK-q<*ZxYIDBPy3)^T4xfMW#EBwQK(Tb?N0x#2m!Bg&pPdt@ z+pIIiy5G1;^jmjAj$S8sTTWg(QEs!TfOp09kzxTgfJBS)4n(Sd14yu{mWL&6)+o!E zhN#1 zYsLxB7G{i>(Y(F%YTz`aoSIoyh6vvYR#`;=)b!{{H$6kdW% zo2hUGzc*xlq;>UX7j%PGP3EZT_;{~H_UAGS>Uq`9s;oG7TTFXJ|HGYWeN#WONgkNq zV6tpuME=MnA5XTJ0y|KZpT>rCiB|TXhKlJ}p``>adi_uMFEo8Q@vrE#*plgfql1ct z&y?_dZwJ_``x11vIFS_2(BpZetKy)pucQ4RO%cQtp1Y2v>;5;P$W4L=Dqh2ncY;cG z2PTsRGxD|3--S}S00_YMz#>T?wKkY@WgoNi?~EA!R;)Nf zKTSJWwHjQXK)z)c){$V-nKq*K^pkG7mCmm#<TWPG})RB2Im1=#RJKP)w%4GuB$uxiZ6%bzb$ywYHzl=H+4eU9r3v{F!gAH&2L{HVRovYI_L@aef}r>;c$b%NjbUX=2k za3B@YZ}S~5u;e*|+3MA{ei*2u3cq`3NjWBCBf}wCc=G}l6i7D+$ z%N6i0uTY7^d954{e2p%MiK&jQY&^fpl}x&O{rPyJO_%Sl#gQj7jc!H?NsThcgbpWt zCl_%*9>_3*O8hu#qBfH%aZ$-)CFc?am6DNj2=N>rDKhXK2l)J?V-mnKPx;ME#f~#J z)48H+^ zGoXyu`|>_GPL{vmEE)WOni;#{2HBNE-guu(Jfjg9`FRH>dzJ`#+{~a-X2AvEnREne zpAyK=%G0Ceofjp2#51X`1w%-`kUsLisNeYOl7*sVmPw9-=di=D|CRkPRR5o~aB{k{ zzw{s2@@YXD>VX8(zcYT7hVb40Vp>YXKONgTx^)oJS?YM1OY&WHM`@LPEaJPwk^liP zTGyW`fuCTqx|yO#rgk#SR=vi4#8DK_mAajIa9jNH;?3cqu3jtX`6S){(nrH}6F)qWIKNSV1mGMM+t8;)tvGEP zILXy<@BZ=D#G={!_m-T0dDe}sRAgH~8gCzp==}?u{Y<%qBc4NGMPk&-Z;H@KZ%>d> zSmrbU_4>PSA_SBA>CEJKF<}$3Jhfy>`)XKE>=dZ_9u~tdTPDo&G9I?dks9NI9K(ZI z@PVzy_avVM32u;L z-u3^+d23$IuB%;Nw^azz^K&73fDH3eUJdKVw_D{T&#fGhC>e9>yXNJOy8K609H{BEL`wceZ)y=hz5&*3STOCgJ5u^^)&= zGS!fg4x5d6(Ba7NtX&$(KqMD?>;syMl%ik~QdyCJYLWl*#8lFTa=YQp@o+K8|C0(c zZ2*RTCe&nPJ6jc+O@un2ie+mmPduT8F%2Er$KLXN()(sU1S^625l;7FQpbIQN>hPt zCaFo_MWlRZ0X@}>f53NthEa%>$ zX{*TANF#@ucWY~KWEf#!;5IM+F~cF==iwrDpEbnlkIOrvwK$TbSJc|mMJWqt9az(~ z@DLb0Ves+UT_3!{tJCC4FgzY1QsVs1LyM!9 zdRC5?oLjS<}OjTEYik;`Bu(;XNwa}|U%H2ibx`#vSJ=4uQ zkJJj&#nz}#LSz2UahKpo*4~3pNI@)a3*pdn5fQ^VNu#+X zTiEHeP-Z2U<->lq6$0|2xGGm6ITZLX98Tgp98GDK8mzT8`}`<*)<<3#puQ&0wcc<# zy|&%=?r;jb%96UB-8u-#QO8S%-_x4i$TT>?5=5Ber6ODxc(5%rb>XqPJ#PFw?R@Lj z{E*KgEQK$(HZcyWR=4+kQtxIhrozOBz9%^n{#n4x5I^|KYoCtZ(&BPx(&BaZbZZ-R zy}h0I`Kq>8C$0WuTpdQTZJbAk8o9}bp`&RCh%9$xr||9~?xhu?Kft%)^J*@gYEVzaS;S`8cGHgGRs{A7_tXzPdT-43tC$$-ONS_Z)jocNvJjf`VU_fF5S`~bi@5RekCwqBg?!P#CTbpPl!*6R;$13XTlPCJ>bCq$;YzDwkg*S$pgMG0W19lfwsIzm25VE$~X z1RwOYDi(2{8qSpV0pJVU*q7}M%)I*vOhy8xJpcZ^QjDyg&$HHwdd$Mlq~Ginb=})q zHhYc`A**-V@MG?Z03ps8>b>J${`IrM$_jad#mO76``c1U8$h#4w@>+1A98fm{*?3o zoExA&J9dY;^_L5m4wZ%fhXUd*3yPDe{me-R!5ALeDIZo~k5?r7Pj;Y{%Ft20x{1m> zll10A7;nyIFubrRY2d@vf}AfNgrIKcU%3j=tMNK~@X&^De8oLpVc)2F2**zFkPs_Z z`sJT|5YQ^aODsa+l8$?ZQO6M9wu-(Rw6ueP#=s&$dNaoqYD^w*Pe=ri2YynuFsuh; z6g&zvS)owE8B?_lZw4sFqCbLIfM#%kB z@WQbRcUq4lHzL^qv;Ay;GM-FV&``bb@mk$<8jCVs}Lsy)A&spONO8+ziG=(rN+}d$o$^PMB=0BU5tW*uIV~G??>q z&F3Gt`+v5A{;!H7|*A_<(Rt#LDrYpENOvqVEhu-+mvf2Eu<8(Eku*?EKxFgC1 zJ_Ic~GNEx+;7<+iD2^WHAy(6y)3Dj>Fu|gX$CpSuaT22@^%fNIB>Yro?c)mLW$rAaZAHuo&1woH-j2dpu0M|o zQ}oD-QRv71Y?r!oa?|t46=`g5sxXSOTh}ODendr2tgDc#NuMM5#xbaF!Lght{rxL6 zH5MBp!*i#J>aqyk3}P&2z=#Kb{?1`^w(TBQX|&#R@F{3$v&|SDF8hvbT}LIn|!E@_ZvDwLoUeEnb{irt{0Lnao+y-c(qEf933R*wyWV3FEq>~} ztuOX<{pi6e#c$Y~#R~E)W?jzGPXDhg{$o-XFU7W=#u)o###A3G_Lk`1UH`;%dt+3R z-+oE++mg=x|LI}-AI9yp#=1S+W#hv&IVbdy2JJ^XBKK`z94>Yax0V|UfGNlF#ii+ z{KfH|jfEF>=!kf1Rw3PyfAPY&I$g@64~|@Knum| zXj$N1ZUN8lnVZ!ZJ#fy%90S~q| z-r=(!iECc8kjIGjDcbe`{jhWp>@PeLB1odq`w?H?PH<}e8H>w;ioW8?k9Vz^>*vl& zJwKQkj84hJ?gs)YCTKb>-fr$G3C7%`_OrHlxV$nUssyihoTn2AZeCe_f042599}y! zb%?>*)&9fIe{ekh`{IoM02{$y8x*wI`CT|vO|<~qSxm(<~jl}^8-#FM>of)DDvpevW{Uk1{(qek4Et< z5sE3pS}M5D`NMd+2k$k%)m=}@j;99SCeTzK!D^C*Vao$ zxePG|0WW-TTrxJ9V6f>fC|@SKT^aI9G_IDBE-@@RV9w<~C1Pm=fk} z2i0Eb8#>N%ZET@#yN*Kz-<_J+)e6>2>pay`3pvY61$hnam~@r;g9adTiGf$!e) z@#LVrvxCpDVq?@*U!XV#>A;}YQzHppJq_fkC-g`?_PHFuXZKm)5F*+nHvV_j)QK|p z{NtwTUJh1HEiv{JVg5gTxD$l>Mx~{%s&D4kMs!R9b+;HtBli8UGsILj%!)`#Y@IwB z-|lXM1C_+IY@a(=jvlk_)vk*bY%dTKw+{SPbM7mztoG65?zxg)Jxx-SUzw6~)%{ve zu>vcucZuD%!!iaof94(+RZ)5-F{{h67dZOh^B|>sf0VBv>3?%9_I)9B>`xK0wNrsZ zEJ(*2dwVR5Nzk9UbQK1bU%3M=GW5M=sFld+=P@L>;HthOo}TC~e|!f`#@??8YMa>v z!b68SN_|IZ#vzEGQnl-?8ar(ejNvw5F|HcZ^D<15oW`lN*6zF3`My8FC#SHxJ?vS9 z=;s9bsjAtAI=`;oFJdQw3B-R*lZ}CwK5XfsCcox>9$YJW#()b8o4Xe`LZGg z!famG58c>I%qk1+h&`$X5}UOK-7}_n_@0HGSI*)E(L`lDE<=`7pjB%Y2SfXvSj-g( zKPqSWbVl4!+teg2&xosgw&4B~5%*W!VBoo}!|m5(yiYFAL(fO9ZwaK`#H!ivJzw3> z@!%-!P%4-w@C%;v73soY9_lhKyt=$7nyYu_4Gtyj2V~#M5Lg4~^OZkyf4%rn==F7- z6I{3o9!Ba!GUM+d{2=UHvu7GFK0~mUB7%5(I=P%xHRpy<+;^}4auwUR^@Jf&*6d(M zB&^`5w(B|KhH1P;q)l*I(YZ2THFXw+WR8+oTNBWG_{g7;$ZRIEJciX&I4yqTYuEuQ zFHB`%lh_Sm$inu9&=7OU^R+q%X9JTnE_1RS>UD34R*b}f4D{;~u-sb*FotY8a3_G} zZa`AuYE2za3Jl72924L{v&$rqIAf*|BBv+D7V}zp2uvi*jx4y7L0eP0sZ0+44Wns- z^qKsVGfKZ;sd9#@Q`nnT`z+fv$OYf7WL~^@^9#?dZ_>sPAF<%|8-i>%yybj`cg*Q$ zDSXH3U#w6ha=lu=I$*b*O0NzOm3!mrrl20*%93D9o*diPrU)tnE%zP-241U3e++l> z_YfsB6RCPT)~Il|92sxJbNW7R+>h%H9E!=_Gd4HU)G(+i`+CcCU*>20~TTs_-Z2$TZ=kbDjq$cuPF%Kz+ z)6sq1RTfg;-(}%S5~@PZ5fx9yyX44U>Wkw;W+EDB^4jdF9X!nA8a2FRDY(R(;J|ej*%)GI_K(>>nImX!7D)n}KtXKENgG07s_~}+XPv85fyZ2io6s3nv zI_R9@SD&x-y%&XxkV<-PO`_sdOL`aE{r*fw`U@AN>ypzlV2!fmTf^zWuU8j;z%k2a zoHMdFynFskl`Euvk8Qca&VK&~TkCb?e_(52rw7=png}bQND%KsQVEn}V|&AwU!5Zz zpN=lPP?}0R)!~#PO<%d`E7v{SoSP;q@xe7$sK<`IW>bz9i|9n3St}_&u!d86vjJbV zdUWP*O*T!`+1f5>#>;zjOV4$QlVt*z!pB4+ZPGi)xlq(nCf(mmVPNO2=!FKNTjCh3 z1Hcjp1Vnrs^dil-96Gs^cCOU>8_!*R&$?t!ec|Og(L_l)xwCXjxc7$Evi3n37Eg(y zCQC#XeQPO0GysQQ{==_8L9}&3U2K=4)v=y2#ETVk_hppcmZ1mD5o>79@A$U)Ko-8p zJEM!su0VoP%wi0KxUVhxkgII_`2zt+2-7L=CN%jz5Dt`^3Nm^~dPD+t!?yc;qTR%N ze-nIS>J^XURbbvXTPqSXu#_`-8TsV%Yzui{Q_Zc3@Q#edcqDnU!qoSrVl2 zv_aPb;hL@prtspA@duYzF2UmCjHyJ7kG-cky@}Pp1NpGeV+R*>cQ_??j4fVeOf!Pj z(2w1%Mn=y!huoj%XO5mx3S&3+el^Tc*7UdA)%6%-)VEaGY`;YtE}@nPHo|2CZ^8XJ zyiwo_&r@lq5b-nRjeeak5Gy*1_aWgXjNs=Zd}RwV^*G#FMX|O4PjiT5wYzzD&yn=Q zh({5bd94LiORXk_DfgRK<6pavOW*w*|1Nkq8`YnZnWwsuY7eZJID_YZdu7bA=MKBj zo4g=P99pFm47!;Ju&S|PKXJ3dL-8pn!yD*&Y)GS9&9uaeu_~u3z z>C#aGmb+>4YtRnor+Vxu=g7kv4bxPvOly!n@~4I*e}E(Tn=#54vgJvB9?aa2;3b!c zwpAEEwOErVS+85t9N*< zx*mv&i`(6!DU@m^l`7hJvMFZ0`R=|EH0Wf^xZcn@Xw+fm z@nL=+{2V`&e`|1ZL*WS+y@yw|B%A$yko!rYoF0oSTJ>o@gP7PqvC@B)fBf^RY+c`d z{9~B0D3s*eugD+|f3&{;oPK_uWYbqg_y-9W2 zMZN~Xc4z)SS1%U{E4B@91#^wouAKQ_=laLD>@55L(FgpW=aR;2k%cPzi*j5K zq*DLc$or8jg#VX`{O6afU;a&fl0f=@iuk$C=KjW7ojCT&qs{hEFp>LbGr!;ZyHs;Z)7d^TpfqFyrN#_{r&J_`bzrN~;3<=_S#p zJVBz7tgbWj#wINEc5S~qi@oOc{nPDf!*#Mm-oMLzbv(cQ7uEi?!W4zu;J^o0cd<|s z*?SY!sE41fPSmarH`vTITEC`*9?9olpD?Xst7-C{{L)Q&k*@sewkiqw{J6@O6E~5F z^wu`)MRMu&<7TeOFII(8jX>K?<{E;PHtmNZQn_KayrQL_Y#^qkKG>TJn8r z5AOHeVd=^34_6R_VIA2IW{TZW;&|CGOZlbFT;K1GD6lexR>E*nZEFUW=mq z-?S76{wIsAuRc>_fG4>G910Y4n#O_Z>eU4|G2J0T^&`Ws@SDV5J=2gsQ5N;~KG~hc zx6{yA8wlEWS34d~!9K-Ly;9P^m-Kxf&IUGY6|Ebg*3%V-{zd;C@aP==_iqV>RP!tP z6AuRtXKhC|4NLgj4_Zr8;j1Y7tQ{# z8zi&(mm`MPt9%^Zxx^Fg7(T*u>xp^;>^e!`ym_9NzawulM5TcAM!La^RfaWo34%2+{0oyk7#q zwBWs|Q^i>ObC;PX54O>=b?)x(B`T2*|JU{vvcLPM;B}0YH29g~qlYngJbPI-X3K7^ zB5so}X-S_E_(%tz%VZw=6k9^#@d#ddqH;|$U-3oQvKJowJpXCj94bJT%**AS$L-gw zdG0Wkh8y7U-txe=U1C_@gDEmgQH=7c6-F@ru78g86?-D6PT& zEfNBb+5U)nJw3hR($ZC|19MdG(D9dO)4whMHV8Z1Rl7p}Sw?1N&%%OvXqWFE?O-|| z9|A8cBV&2SC{~GgCz62VcWyFrsgnzlZE9ljOf8p~w2UKA*zI^W`;oxwvKJzy(LXrU zvo7((8Ub;Cpl-#2=dX|8y7cF$hghEBH1jxJY)3t}Ju|;(8uND#XpAa+v&%nq`ae9* zf$G2RAd`$u!15e5uVqrH5;0vgmKA?P+rHHu{$YBznaTYadIFxsF|r<1KO=bv%=T#t zpF?hu1tmTJ{y>tRS4(>IjJC3Do1L!>Xw;wx9L|-Zq2x+QFZFJ4a>1EB2XG$+&gSM} z@me3bW+$ix5evFp!pNn46@Gc{n85AH`Pk`z=6UR`As@zv*!lT&x{P=%+60k0f4W1; z=9WYL>NvwnI?8?lEvkn%9*@cJCMPF9fBEvM-fn0Gi!*;DQTOR@Dj1Vaw;>wvEwPC7s4*ngesg02Pxy3aaO$0%>+(f4 zy!r6-6O*S_PB^kF7stEY65o@Afh_QLOwJGl zP%U|f(dFVvr)+GAg{;$eU0sU%cmfmCZ!RHr(JwtGt*tk)^ln^tsYRc*E$f>6a&*KB zdV9pM+?6?<-#)u>O*2O-5^-}*n5a{_1|j53;rmcyAy%XXa^o9v7WB#PUzlcqciut*r)6CgdfR>CRCNl6P_XYK#`#-3Aen5Ckp5@uD%r%8nQrx12wZ10SW--G`S zGRI#8I>XPH!T^KL>@yXHvKz#E<2#amTbG8Wyy@8yPYEBjUz@hF;{Q(N{tOr8fJG{e z`FYdh)oJY9oDG1xAGb2ZtYz66$ZFb?9jQ_M*t?nmCu32sy%uYdVP*TkuOW0w5B4__ z0oe~&e__8v`!g5>0l{28m^n~i1Ujo@i+ikySntuOij8adTpl%Od7RAMEOHTId>-SxF z_=h?5F34K}X1r`q2T`=G7F<5?s^lU(Dv&Wt2opnMdW`LpuJrGxFOH_2xJ}zsy9_@f zmG)j-gDX2V*H8@V3D57w{xK~+vi!%0i;Q3v9juwULZEg?a`&~*Ez+pRfvJ?=q}`&I z9KI*yz#OE`mm^93zU4wbsFn-{M&pPb+NSwaP5JFFB$g_OdfphBN6dVatoSoafQ*HC zlRP|Nwd;xsi~jpV`hCp6_b9cw)(sr`-E0R!OCAo==WX7o(CG>jJol~%xy{7-oa?q4TAylw zMeCQG+!I)%uZ+`H#^$BN2BW;fzz^9EsXUy&#>136vAKD33)oN(Jff_q`j+_N$S0;X z>z`mv_d>Ju(K0s!1LBNEz@##9t)OrAZPMqG3Z{9E_p$Bf&Q4JE8Z#Ys%}J?`5TXaI z-YDMTk-@>SLW?GE=QygHv89l1B^_W0{SB9H)OhU4lTMXQWtm$-g&c#CB%B=ixZ9DS zPHYBH9zUoDmr9#dK}TLk9-pE}kXbpI?V;*sLArME#=>wf+q`~Z)B*aEMnqh^UBDZe z(@yR++PN_e%rgUN@<74d+Jcy6S!x-y_q312+}Ebw9q7y*WJlrGF<;QTAmqKPg40TO z2y_SpS&eV)`%b;RupVbY6O6v5@Y_GL3~H2_du~H7TwKaE++qI*v(hmz&Z^oSaXYuFM1s zQE6D1P#;=mOFHEGNeP&Dm*OX^kA;0jwd&mG`fNo+H?8JlVS;l|rX__sGnm9rhc`73 zy7VPHpkEm*(b(|@nxF}J`jn*AF(%&YJmak+w57BMZX535vsmC|ud(WDvuidxfaClT zWMOQr!&{24@LlDYOpvt4;}UX#<1VY5Y?vjbCS{5p?uacORl0-dniY$y_?Ws7W(f49}J-XiU6 z_OQ+Z)w7YJzbvrlH&@W7=y?7kVWErXF?@Ha!6=N|xXQ%4ketDr;{!2+FTgto8mfM9 z$dWbF1pemQph3GL z&|-pla;Ip>>1YhnHa6cFQ0W4FHe>O2Z>VN|d6n?4xtebXV>LM>#2EfD7G6WrxdV+D z;B)rNMaO4}io@^`BE+CDL74^Ew{v$kr|||*OI!PSgm7Cez{QVv)&aib8#3Qks6e*u zwYHt%lX}Pq0+?OHeP^4@mqQdoKp?{DnNf@Oq*UNCz1%4z?Z9?#F#cyQ!DXfP8sNGz z#8+`pT=LqU85HvMl;O1<=|_f*A}y(%8q{$IQbz45;jz>PD7CWF1@dd+XmNdJ@oi}y z6pFws$HTh_vIEgejRCPPuLQ#Kvdchs8%@-NA4%IJ1vMg_+h_MKO{wX2z(I#iznrx} z@oHqXm_=A0>~v?Q&}p>@kxp|#+|N(7{03EF7|#xu@a>l#%v-y#ANBI#GWFf-BiROJ+6Bp8_Tjg*Ao&RU z;j=teU$T2mjp5t;Ks$8Y$j+=Oc?S`i0$+oAG1_%5rs}HB5lCO z9Nx!i)%y~=sL#w=QoDow#vU#cg$nx3hH*s$9YH8Y$^DsYU(l!b5)+6{w->q&x57!s z_X0P=5PM3ImU~8xo>pO{B8UJh$uhQhAl)NJ*&%~t;#a#zQi%x zMfGS`aaXCknh_p>ah4lzCwy_=xPcENEVTW%CQBCXu2NCl{QjKY_bIm@b;NO=?XVl<{z2>Eq*Ki`Y>}U5< z(sSGc;}K*y>K>V;4))Qzom2d70wRiz33aL&F$7+ugLQpwi$2$Ss z&^`P-tv0pMo%oAcS4RL@s<-0cOAqxrIuX`N==2~AcK&_obiCP*1d7a*xp9F8FSkEy zIs(goVYUo_2NaifOu^mn6rV68k*Rh0?<|rejr{g{EVXohJjdbSVj;wgiF%IdB@@?b zUT9_wwIy9z88O~k%Z*HMA(DXbDlA~rBR#|MrwGZyqR70__iEmzNh`I9jZI zjBxm=H7YFpZBz2Zm)5XzY1VX@%gs}@-s{l8vHR}YM%AN$w6b8H=Szx-V4Y?>mJE2= zJk@U}*&3?aN43tUrr)bfD(@l%xHH5l(0KVHQr5C%ok6~86rX6hSq9#GunseCOswQ- z5i}0Jy0FL=wM_dwUIY&#k2`S-|22{o)qWd?u$IJevA%VCrY3VU1MqFrRH)KvAU@|K zyspnGDEJ9HXCtBq&o%69A%1A^`ykBtNWOH4Ple*Zxx%pgw|#x|As&2hfqNN>E5q|v zqI-Kzv5oH$)w;dwbKzJ0z2DVlP9ZsD_-ff$XR$)DiF0X3&HVE@q-PruF(Lg3^RbH# zm8jTtT2E+7k^%9kQ=>Pj-PH2i?Z-S{I&P~J!X%>vZFULTZbr=#?mS_)>*;7-@aY^( z=PEK^Li_G5?G1{2*0u@%LFEX5eusl3H*nkVs`fe#C#UvXxMk)ez5s3q+OCCN3*{^d zQ*|T00@YG^um}iO5ejPNUat(5k%tcN@rkinE&?M0D(%KA_3+2OwgYwpKK(SU3!5i2 zsfl2B0nsZ)Nd&&PnN?yVQ~Mdjh^?KsAqyYn*M2D-b7?9b-%m7lIEbN7ziZoI_DId= z1vCKg!U^GekD%I2_&AT@SS!U-*Ei=1H8@0Okr$5fb1`3-z=&We`nXO$>LkrC5Ir(n z|CAtGlzB@i7n-N>(^zh-O7z$#RNlMkXi(}rcy}XhB)dhd(HrbdV!uO|t2Y+L28GP| zC0mpV!!<0)*o51a9#1?gLj6s*e-W=&E_p7uby!*BcU%eX^8v+-CY%>^7Q$he zE8hH1@BX>gep~K#jqW3NrTDh==X=6kemo*11Iri^Vt931Y6&SUTLa??L$gbU+E2#6 z8~JK9N{Ifp3o8ai(R7S*V(p!-v7F{^d<-oiN3+b7E~{#pPNeOvk1Bf$P4GA`%Vu99 zYV9vcpXifW*#uoCwdq6vhBxeYT(%n#^%BaRj)_lrWdxs@IowL~?dWl3yG0isI2TlO z(p?lez4sNq@acg`xmU^kpEY=dD~(5Ut={Rxj1t0wT{8)BFRy>j9R^}%nx{9;(7+uF z62@u>PBu{w?ou@`-p@PmW~4`vrwCwL#%}28?Rt=L>mWV?aq}bj=k~g^MUWGwSK8wG z_FB?Y@5`;yXV5Jgwci{j_3}UDDF`>4^3mOQp|fDj)FBzFVZO_@bY+!fd#q$=(UZm{ zl7X-D2mZQgt!w+SS%6wp5YMw9WHUlb2YJ)3mG0YRX=DLa>U3*2YS z_%fqX!ym=0J8EhaeCyI^hZGLWg^{DrDflR(N?ns6)ZXzWNRoHLITgB*#$%?4^|6nd z#roqRfis+#hHv$4pOQKEQ*{!b#E=W9PhvzWhr~Ot?d=82te~e&d_)ZU_OQ8nVD`-* zKb?rXXGl~C#Dpm|Wu}1DZcaGdg)`qgb25hPpCFI^&LADkW#8hV?RDbP89y zoRkL7tKP1F-Tihr4Y)y?>CIZ6&vYc1jhApA^1Xzl3cJFBeNuc0a~pr(qN|%z4AzX< z8^GNH^xv(7ro1`H;B^TrxFg|{Kv))hd0}*l*l%{+JRs#&mf%X^G%*i2j$#B#W#FfW zp6;RA+6H)Nv4C}17ie?pyNidD$`)kvqXh8zYIkajap-2Gp2N-yS%=KuHsenb;Hm@k0WJi>2~t{r{H4N1hmC-&!BqwqT;jLdw*idZtF2PJ4SLEeeU7o$k697{L}s_ zlMNW)qTX&AYwbX#1h!>@gVXSJ2zHh&@Pvb84_+K3qJfJ00`({7$zl(~y2bPSZ%kkj zV+h=4p10!0kMl*jjPp@M%?l+#jKSvQki5bWG^%~#5TF<{9KV^D2!`0KvY~Qi9-qa0 zHbqcM=zW}7#V*dE_%l=_FVPF}Wm;ONU!??bvRyX0inY`9}ZBaUySEqKjW*y$$hiUCSdUfipVs|3`=-;#;Gn&kkgs=YCnET;e z&%d;3l0f=0x+~eFnK#EAS6&x9YKayZ&O(2ft%)_jy2IwnwIjUN4G;7yv^7P55X0t$ zY02NOi$V#e%S{&X({99U!GxP&93?vZ>yBuu@>!jp2pe7*IBqu{3-m+Mgl&C@u=}L8 zd&kMArGV>z9C%e?7v_vWWU3q7vgei^7Rjph>HL6PMDE&wi5QC2LZv|%q`k#rYY}G} z-;Vn!vhD@O`ow`Z+V_C``t&ebWWhF%uC3f)$X-mqYQ@@8?am(sJnKHUxjnt)4m5AK zZ;~(in9gSglk{ylkNAB0T5W(hv79aH_el0Y+#|;4?mdNX?%}1?9&9A7VFb2z2Pv=f z$Qqu;6*oMJqAeGnTOTo7aNNE{)y?Sq^af&BGmAxoI=?{M+cpFc!^tEW)McYf7NsDorBhbxYqPPel?wOnP&;hOdi=6$YsCHsBCf71uf zZ|-?ElgE!=`u|&7u{!XIhU1$<4o+;vnghtG7qDoOt~(KtbvMt3ZcNuA<^fh4!Y;eB zCixB%h3`(GgO9!gv>3S=R1=@Pv+%(5DyUJkdnSj*XVo|_Il!XV%73PdfK*dB)^WR& z@8sSY8s?{QVfTG-z2Bv=*p4w8GOC)ks(gKAbQ2JZF|Sw*I@`XQ}%Z$EjHo%v2go%o}hzT~>*jHit&8k60D=|Jry;`)Nk-o6M7ei0^^u>j}5@d$t3pcvSG-r7=pPN+xus%omIneI`Cu zx60-?Flxc;X}!-xc!E*Ny9BX)S^*$QG=(!Z_K*YRQwzhlz`@cN>?66yA8xk!&*lwF z?Z7j9Nu(JoXZT$fg$K9<2J%RKc^xhq%#E}CL(Y{&V8P45e!C0hT99+oV`|J+ZaTN6 zx(_Y({sl6vv%^pitaPTb2Rh`G- z#L-$8d*{tZqWuo>|*V+-%YNrhMz6k$!f~24f)a@>UWvbK-tX@t_>1% z{DAo+37bCLJ%D1C^^HD_LmGYy9O&1v1{lbh2tD?XdPg}PCT{UnHsMrnU%+b%nh9w? z#eNBn%}=~DhNP6HSK?5tjp7e9>b1%idVywm@NZ&!yz#^LCocAF_s?G3QvwP9=Kchl zUsULeJWYz)#4C2pa|4w0RdG-#x>|&R;oZFAr903~fI8)RzU3Y-4u1wdUzp?}!Ho$n zR{x+}5v_U%&8$M~IalrlkjCH+zN&-rIZnai%%v}8&#F0gHFZZ>RS3Y;LLCwUCXB3hOrmEUSC+7~vLP4-Tv zw7iSnyTiL)5v(MnHsNDTFU*$xb>9(E>dIr2F)GXLOktCWSUh63wA<4)CW~=_()&9x zrfsh8Aj07@eJM^5PWwHvFpWX(A9J`~aeEFCMx{BRo$6T7ZpBUzq6Qn$@djna!g4l} z9_b#fVgqJssO*_8J(1I(lky_j9x91o9r*ErGLop{dfpM!4_o4L@2Vuu0r?HN^eIL? z_|bG`yZ6Jm)-xd+>4Ell>=xktA(;reD_Npr{XlTXZJ;w# z_Qd0sCAaoc2x0%|{n`D!4gffM8Pivz;eyV@+V56%!J^PE_5kR_)w|fmHXQMItS61i zE2%b~=&c#U{A_2#y(iRPvojiorqpW9)F(2i_!$VHv=gi~xuv99F*k5e7c-w?;Z*#o+l|u_) zG}h5mkmm6+)&RGtMd1TX%Uv@Y%robrucS55Gb1h51Fl6CN*Z}3(Nr3ZUZ=DcbKoYw zP=y6F4~Nfa#|7`EcaagXZV$JIT+p_(YQzZU>0j#0$YAR@w)@PTMqBbvnf*W3xnU_Zxf>a(&Anf^Tfrh1N zFB5&_kEljy%bnL$d0#FG0;ap;bZw_%m|CFxvdiUJ*H z8G@TIGEt281#4Ebbz+cP&tXr9l4?~BY#6`C&VB>X5MWF*a=48?NMu<8lCRlU*1E9t zS8iZKvrLj3+E9c1IDGeXtlxYc&oHJ1QHT0TtIyDaBzNZPo}g>rrQZ~L|3o`t4f{XTe_H&aL#EP7qTBH+XJam4)aW12k?y-VVI`wbEE{E}E7 z*Y8t%M_}FY)$;0?&%rYD>Gr(A_m5PbYj$?F2okCccLb&H6_;U+7x2Z|kozBd{B(bQ zZ&RJE0Ol%_A4g!dbF08|XgK6nixSo)mpS_u@+ba^jV(P$`s1Q|^d1n@jN{5iU_D|_ z*%Yv`HHbm)ToiZ;v6P%HGNVSe^j`VV+sdYq@?^E;&)~;meD2{;(L43zL4EeiDr+{E zBdQ|jgNT`=RwC&6x@zMHB{WQ_3zG1wMrlPPlx9Y23bETUd4g4dV_4lQi_KFQ9J9rx zh`8taFeUFzDMsZX-EC#t+flm{c6)sKd2}^u-e5dEu)32;M6Wv1AHYOq9b`E~wQnpy zR%KeIEsLbzb{c`5@;-uDHgs=_-#~}(GuVh6!QNFy?O)ZN)aK8ZScWKkflssQ7e8hB ziEAiDwcu=LjmE4soA8RRZjTz3Enbki>7%s62Zc?q>LG@0IwkJgOEYnI^7I3c9i~cx zP;kpj5H{D|3NoiG!UnH)&dl8OQwJ%hfB;hyb1xk;zfWeJW3Z;61eb=iT5XV~#x=-~ z#KL=q@@IrwWHP>M<58CgBEO+C#59Ngq^9To+R%2qSy1`ZS~^F%Q9^(GfMOuXa?jOB ziOSz4B!-n@VcUWUYuIIRKUzA27wg~w7Qq%fv)?(Jn?ru%Z|s1x-F<$(2;Ym0bgj;r zi(VG@+dCTc=$oJ+#LaWsa29Yio;M4*GdiCnK3Z-DZ!#k!)2zOl%;x@_xjN=p|F&uM zxC3krZDjqqdoXw!ZS^7T(Zt4kH|NRPaKcbws=I)n3{=4#Jv*S?g&k;lNhoSzJyjzV z+BI_clyI(#R=5m#x!QV6)ne^H$0J?fTFFXSrs-b)_NOwud92l4$dyv>U%m)4j>Xjd2d~Mchx_m=zrEzlE z+*%XXS*~Pc5jJA554%_E3omrCr92+=z?zumd2fE=Q$2KRm@s}~=ppLR_(`Lwfoo{e zhx_i0A1JI!yQWIqzTGg%EpOt@tz^@HJa|VPT*(xB=zf2*Q5}YrLX86L0{qk*(kQOv zA}!3-8{)TAF-XaEZpQkwv{4+A>bKvzaOy1Zz_>n{RcbMK6=;d@w<{DI9()r%yg)6p zP=vL{9-FO5QU1j@Z~C2<`1WHy*j%MEh#6+b_Jr!iF|B zSRKokM`+k6?PW)R{fZk#x?dfLBCXb^4+uHK)?+^S_^zcmyus0AO?xT0IiJ2bc8zRj z(UG|*AGDXn%HGFKkg{sG?a*on)eqCZA3^-zkDz#VPJR2Yr@?tlbWF`Vi_QBiR{f7d zi}QAxzv0j4nvWFwaJz?bWd=28GV%LEFXFO2{?hi;k zekAERyGO!(>=JgP(fUrPBb7j#9~_i72<1~Elo4CgGgFrL36n<0vrc{;DW#4U78r=s z_EcjrME3PrCaCj;q7Hu$C1`=uR9e^X#!5tpYt8-h#}+1ntt=yI)jjl1yV>@o3;C|4 zltG_TXn|FltLDpixiyNVuIx)ohMLLNtGE}BtGyGl&ogQQyfbgOV|*B_RA!teR62ti zb((N7iYg3Cm1}y^(+4C)6bydjW{GAtCC+67eb+N}uY1|pv(-~0`A)@5$_k8#C(pAa zg}gk9RnacV^MWdVXEe;Gp(cF5yNik=?@fvX4=zgD&Qk|w_!$7?PKVp2u}0FCIqXIj zAsyjTFL{L-`jjNEWVSlQ=ZbscSY!1Gx?1~$?4>z1Xeq>GjR0V==+_-?ZtMr zw#yKlQra8zLRea1V;3^~!H@G0t4pLyA!4_JfQ{|yOTFO!yB3hB)89veJ(c=6U>%*$ zF$2lwJ^{fdRu%aTvEY5!tO>>Q*&JtH^tl##iaiCa2k`8vn_bF#$vHLXlDM2sHn*~5 zO(j=eANAXvCks{jrcr04AD33$sa?n9h&oRV zPeX)M;S~z!d5ebCoB-&107jTSdpISMy%UJV;$fP8zj-fk9n84R?--GWL_t|xjAbk? zJRm#-d?Wh&R=sR7^hzP$f~93AFk>$hg$ufn$ zJTNIl>o$)D`5g&P)6)AfxG$v!f)MGW=&aXGNnMN`QA2AtRG@tyRukHWj z8oxaM^dA3hCjQ%$oC*O#S6GLFm1ahrwY=tu29{2Xh*b{ zarB8;i9su*rK?{NaeDdDUvXKoPS|BoiO}G5Te#xUf)+1R(Gn_NPray%7VQ|-do_de zxh?WzV0n7(c~d4MHZ%QXG9&S>^2Fg1%I>6#4gYZJL&dRx0Hr5_Zksx>_gV@i#4cn{ z^@rrKhm`i{`TBM9$zn^w0!s{TH-8%ab8Iwm(W~O={R~}JwKBi48rqB5p&Iwv@1bDe zKb%tj)RL35#swK*ScGU%V;CFV18KRTPM&3v<(UD3{KV5Zti9HZ8YII z>j)wF1Lp^$D9crETC)Lg?s=(%qvBK!YiI0aq|YKH;^w78gesoLY0i<5(QjHzMZaRb zD?=dkDIC@>jEQNglUKc7S_V{rbr84sb}Bd8%4o>B?W=PP=v0tM5VPwdzCUvp6!aSKAleHYEZr~eVd!g=fZwdS(J7ZM2OEv*%duu9`I+q{OI zJ;)>8_WIov`K=U;w{(TJ8v{ZcPeEU7{@X*iP(UF*F;I6yQItdHu|dIL&znNc7nS&j8D2R^*6$O3nU(axgf8`fS z(G_J#kZuR49NpG={HlJli*FGn#EjkAQd0ib8L&$+=jBe)udelCrTV|f=bzil00ybe zn}@0@*vT1hQ?tpF@QFcFA6b`da|R0{Z3fc}43IY8vw-);BENr{BDC7oX`ln?`%8sc zi0xU{YsVVMlM>a7mAN*&cCC+i!3s1#K4e%b7CIBfzt6#K6W8cnP*_+pS>3BgOh4!( zmx||=cDmE)GT{PM!1UaH1j?h4^ockVY?HOxcLMCE8VDlF=i=HYn+M>tUa zSiXMzc`Y8@#pY-jPW5b|!NV$<l zr**GLjqj9EP*FgH)io_SikslK@+!eob3SUT`B%^dad{Sdz!^4W$!}{l8BH`ZgHDTH zRa@zi-Z+p27>gS4EeWYNRQQbB8kvld;5eB{Y{f>I;6KSUz?oP2igcmUno$z2?4AMW zsb{Tru{k_8`OoElX;c-7(*`h1r~E3S=p3-xip@O8?eD+TiqPjsRP4SP1l|)MJvaZX zt`0oykkl=?20nvf_55Wxn%c_y!)0ir5(871$*Um!8ztOvHIZoj0pjqIxZc>^i9d>~ z8EQ+*w6c&qPgDI1q&d02lGrA^V%)mB)TVN{v|5wN;X*Da&h05Bq#EsX^tP#j6>I`QQ5{Gci+Y9Z-?z)o7DXi%Tbr7H8m1u>|5d4`%^5Sgz@oT zeJ4KvlGErRPG>|ff|o@z{peD9Kc2AwEe$J%b-L?qyub`j|K=*4Rf_a|LJ|7Zw2!gl zm1J(*#x%QIr`5W$1gW}(XoWy(0KuLW9K+MghH$}XkbG41aiuX5YA z(QmZgZ5%^`e32?YI-;{WbZ^_%cAT4xmNJzrGAm6Bmdv=@^L?I+&~FM(SJROd zbLDZ)8%I!lELABn|3y_Y;G@B8WCav};&ek3hmDlS9VzEQ466;(_eES5pyby=lbCCQ zlONs8ZgqL#RaEUZMVFG7DZCeBz)OS$i8D6ljp3pZ2-;_I6XXi|+w{)VYwKGLyqVyd zsnY*a$gVMYj&yK-l}SwdvbZ!0_5<|Ji-`y$LNIk72GZA5*z+8diwg!OolWn54c(if zd8$`dBgRAo+p6qA#!U~Pgr>sF3fhhr-?=qn!c2{eas#VuL!a3v73%(=ijJlI%IHTj zRVBwD=x-bbRA(lAQgsd7HeU)O)2>bq1fMY$l{&&^qYT(9Ptsn!PmLLG>gh34Nv~wl z??F(o8`pSk2j39gZ>CW#EEEWc+c!8NcqJ5S1Uv=PD9hn5{<=K`I?x=b=?TTNf*K(g zN}~H3PKNtfC^`{{2RL%3r9Z8BQ=Bb}ql-}rGQLSzGb^K(|@u2oup?B^g$mRH{9JZ+!^_b~K5i0}Dp-UY-p7q4>{I3UolvqU|uDeU=cB zbpR0(p)m5%eKrfyK}|QUZ2;%6x8j<~0}OM$DgK zyH`vCb^{7@E36^CAoEh9Gl}xkou=L(N7L$h!LW$;yi%JH%1oQHGb0cDU1^FB!Pnnp z?~NhM9mjMN%?v7o^2#M)KshDQQsw3^)OI)@m}{jgU8qsX;$6w-+li%eqSOzX1E5b6kTf5+M5m(Ma@{D_NHj;h)%86UbSnFAXbc+rLEdq zNNlwdu_Xw}bEdt%zw5g0=X*b|=b!tZJAZg-geK>C9LMK#yw_3ILW$sx+fFzZS@nih zHZXA(37$K#eHzDoG5*B(>l$;#*|dl!l>v<9ALQ&ohT>};=rs9L{B+k|e_Gb74`{=M z=39KVIF|C&%FfZMh$O2!h&okKz|{iP)Oz@Wy)vU_O2T zm<2@rM)=zXQbyBlGQVNvJ9E~9*J-f*yG%kh*6&h%@gwei0534DLg-;AFN9{Rdb>X; z7}gB=Al$cm_vZ6^Y{~BIc}bs;c!PQeoj6{0tD3O$ z*POq&x$KomnM)kWNc|f%ZsQLIr;(z>No$Bfeq`zQui7x}h{qp6WYu)NrgviDwPs*t z-!_z#KTsv$;Tt`Ry|%h(tc9N%VI1v-BKizc;zeO2KaCJ-AdN@S?VoNG0&IX(l^DM} zHdarRRF4X+C0(m~M|F;i4~WS5(8oges9i=`b4+0Pl{8S5>YM&Zyg;KLQ}3Drr(lqCBwgu9m93@< zKq|QoE;)c`7bX%_lb_*#@PSYWojB*jCT3%|o0F=qb4L82b?NK9^|F}lk*^JWn2c9v zqCwwI?hqzK-{ib%A;|B@+>&$G>q+DFpOq4vS`K<_LrT%{ha_DdX$(tR*aF$T*_+#* zt?Z`6SdUY3IrP&;5(>Z`upA|G|DFL+lZmkv|@qw|RL4?E33pZlB6+v_r6>@q5M`SMCw&^sWzhtf#R5!I`vGUy6d zTwz53M^vQ4YZ&@KjkQ6}Lvdl{z(SgQ2`};?~w<@$t13b9Px>>1Tq5eO2F0jhTS^6zZa-bH* zcnZ3~{zVU>FNpGcKbZ>WVxrES2M4V6y(ZNwJd|JkGvgcm&0z$Py1OCSU20%GR2{$w zbXqH;Wpco7U*WD=0MIzapijVvcA8iF9bu$&v> z>+!j#wFx@W@Fq7VJ#$;};u1OYdbBxKC%bIyj{%pHIqo%+bcF%0u)_^ zk7mAZ#fR`s721Qm7yF7lYP7b}@)mrts!E>&8`C!{BwWTkow~ z%r?M_IgrCsS4E48Mb2P8_mtevw4ObA>;QibKd`H+C><%?8oVhvct(iEt}_mn;#hEZHn3=fd%A@!6Y z%#v+_S+=u`kDSa!*Z`h;y;jm3hU|z{=ybKd4^7)~1SY2sE$>ia*b@wNBg31SkIWp9(cG-Wpz@QZddO6q7qxpG!rG8P^ ztmx+CmOs+D5Y$^@Qg35i2z8!Y-}hfU?BDln@$uh`Ix+M)h`m~~^lmyVhf#qd(2qAn zS5e6Aiglh<{!W9aoRY(}xcB?zu^m6xGaeLLR9CqXJHBH4Oa=yn9_N?ySd@GuQ@Vcm zxJ`Q<+nFr1-HIg4Ez~)l{l0K7_-$;Zj{-l)L0!UEMlTr$4XMm)Ui@?t`E5=hADQ z+?`a|yv&!kPMjDb;kM%qykpuuPe%I(Y%4a|X@_0Cnz(uLYx3>o9)+9P`b6vBSgavv z$}$3O{iEL^>Vk*Y_oX)xxqSY6-nDyffa}5JPy*Lq_aP}KD^OIA^VHh=p=l5KOLn)u zH1+P634eE3$*wi2bVR_(a?1St^^k0TvtgCti_}DVx{L3xc!l`G^p&8KzUrxa_QnUV zbQ^nV+r9CO4ElYim8=V@F)u_R7MDb|`??;tiEHXL7!9oh@kfV4tDb)KTw*(!X&qPfSta-_52 z;9hYL1P=oyilBM^y2(?>!IxKj2Ia5MTz2&_e;weu*{dUzPfmiD zJn3}t=G7ud zlBr)f)h>E6aPb(6n0wn(TPdH(K%a&w@2zugO`>+aJ3aGE2v=qw!axt8_*0x9b-W@S zO!cD}xw0Sg#l%Eyll%@)7dI;T&4C!eiLv+GLAGPvsue)+Y2?~LAK=28jwFFS`E0qP0J zramqqdTt)08_m|Q(!3xWMoo2biqyo(#ghK!FT#$CJ>ZfQXMI^yuZAl3MWb3z<#XGO zd7(^#vyo`yZSWyeCHY=o`HVCjPUDEXXdh zTiM$9f+lONMAf+SA`vkakr$PYmCPmfFL9^Ux#_~|PN&cSWe zz1O9RKQNvEck`{S4gU1YOA2j2@nd-TEmu*bI9N!e97_(Q7`-1{dI@w8X~9EXTVNX z1So7SaiUwkxsjD_yrW-ilJ~4!J+Kg-SV3~aE#R$Zu$A6Bl3w1GvXWOh6q}%n}az`lqVLZg2%Wn8d-h0 zh0w$X9BWI!+)bWFP1bl+?2r4Vo~bz(8!-$Fm_>&=k~DLr`;jKcVa?B};J(~AS!U}m ztq;tv;*KV#`(-wPv<3BZJe5g%BNB%G=(PyFJim1C6p||jSQC{pTEvf&=&=my|%x$k_rnzss?a<-LJKPM5Jc}(^51Qf#k+Zs)p^2(|em@ zD~_Mg*e|{2DhuNWkNWpv)3o@|xn5K$73sUnd#ld7qQ- zrz#A?_4Ll+hCLSb@(dyKJB<$nK4Vl;tH+MLJ-f0NJ_wkj4(&8sCL{{zpV(CPtcb%I zWhtqX9wtrBN6=LYvD;>gFHmH!vC|+o3AUGDQSXLD(xm&24Y{hyseD$ZdMjvVxcYLC z7Wf=-{}G%MUm@_hvCG(gd9G}(VZVc^-2GgoUtKuCr25+4$fAUX*sJbY#f0TS;YLqr z1AFq$yl@kxD!I(^9caz4$8atFjvX|#d;5an=V17WOQQ)~f6Dpxx|-KQ9_inXKMN{< zxRHeovD%3-B;Pe`>uubAOChIsPC%Zv^Bd-}_+bfvPGLv#1^&C;W#64*(zu@~)m`m4 zbG|#)^oq&F=u_KjKyU)%p8Qkv;djmCh#)lmNU<5y95}*sI16v!ze|yYD2IHQz^jpg z1tV@afgV3fjGwl~o*3P+uefeBFg0v0t5F=5((zkj#_Y|rNit|@GI)Neb%aJb9UIO+m}o`=!#1BW{`qnW~~X*CEg)`Job_$ zSxlyl-p_rsW(>w<%Y4=`i`7)gKA7GHQ|1!(!RzKr`}i;c1qcSgXSy!{2DU2?Z{}dj zOr8{mT}?HZW&Dc&jxW)=+?>QJn^r<4WZ!rb(JkqmWr=-}u);zfm0qU@gt>Y2A_f^2aM|Kv;wGMd{C!FjX zE6dhBt}-7!QKLpC0wl2A$JD&AhwdeHD6dR!n-#wVt%N$fWaQWLk&{&k9LogRqb`Q; z_=W2pE)Eq#x8<47yH;FHF(}MVzI&slQM0x@XSiUF%cM@haBD%>6JNw`G8@A6@i`!I ze@JGuLq~84n$07#va?#SKlYgE4i^WQCjHhnFnv=pfj>*V3FCyL3`bWg&b;M%TCMc}i{9o9geHa&al@#Nu_=vzlumZBIhSA5GKCKM9&0ZKT&@3~wXcHgi$;p>5y6i#UA&ILt zM%8ODf&*>Q4?ANXn0wzFX8w_GyzI(p4=PzwIYWK6ZSTL+?E`+|_iRAPe=I;iiWE~e zw{rk@FX$zZ@FR5`a!J>sjA*goU^57UFfWg4HZA3HINl(8#jvuw0_ zQ%=Er1wuaHfasdXt{e66UjMRdz;e`N|7y0%T?;7dl9mWd)p<=Xw^tvOC@79^~)xm+Xs>$pN(_bDKd#0M|zUfwa zQsr_5Efif&wBAYPfH)67JFMm6Jbskq`j&x>tI09z4^{gKqcYDpXAnto)27^-qK!6p zd;6#CYWBoKt~J@~#Ug5I{uu4g0`UQa8V!V7opz>LTHt)}3qv%>?H2 z)<#g(4)3CB<+DZGL-*zbWtjhBMQ=C5ruJ3E{|pU3G zV9&)kEmrHb2KZ)=PgrPtvjZ=)T|+(*N7>RIH)(uzBf~|2mLBPzixJioQ^IY~_ShK(P7S?V>T+n?s%$Io4GuW3_|e69zN?=~xSv+MdKu4)k|t}}sXP)~>6 zc?`IwD&3mqRUq|ZBCYLQYR1h?VM^{_+9X7RoLsQk_xg>wXg4%pX%8@*2jiL@Hh6ib zxus(_JB5oIdHU>?#oSrTp_l;zj(Sxyt#r;6X35r|xMJI|zoLW=nj&Go4+__NZ_88! zQ-FPh|IXfj^=LgQ*GRQ}2yA}rQ#{_DW)_&f_=7^EoZ)JyFg8*OqKS)xT2%y%t6GqN z*SE_M=VueQ4)*!`Ott-STmu`iJkWgnTDd7#Ns_oR5UT1k6@mUhm~IXt4;e zy37+f#lBX~#E%pO4g?=3vhO?FexwS#pchGyhR3qeV^vxi>=vs6=lQ5(O>HkBf_p6; z;`;2yN_PIoTq~l(7~HeI0u7b19gBnvv~KI>_U3e3gM^W;sC}=dXrk3($%M)7qV8~! zxdGBi-|Nft5sB93k(#c!wYC1OiTsJ~WQpgHKTCb48nbRr+Q)OXjPl_5LEjvJjXkh< zTa6SA0?nC018$5uy21)H2D&lSF42kFgIXKEP}ea9cl4@!Nzg}n(-1$juR2sGxI5bN z{ev^ihlx0EHDk8?8DvOay6>YXLeC&zhd~BCnDwl3b@{p-O$I81c0zPud34$pJQ~}q2SgJ~{F8*bxI{m2H<|@8|Mc8-& zvFDRB6l7-XJ6{_FEwYll)fFDaif?7O`VP%`hMDYqpWh_=oipCF+D#+=&(eTi4#Wz2 zzn3CC(guDO#P3sV67Zg4ok6BJ4PCpw@%MC9>iI2kiPVIOI+n+CofBbxx# zG8-cfuY=5Y#vANP@6eJEl8E@Ohxb~DTWem_z7=U$P5)?w&(H1b&4qTjoZn{67@dn@ zaOLG6=@#9rlFyISPd!e`d~okY3$Y?>x6yLY4yJkZ%tz#O7eJbcxd+Woch$lKo-GpH z;U+oJxS_%fHAPDH-kD3lv9e4sIq!O^0MzCCi8DC4$>YcPrvMe*AZBMo>-H_SJ%1nt zW0`eWk$(kSt!Nxv6gKU8>SkVg5b7vkl|yC>YAbe!c{jO|!yl^MVE!scGbL?_wyIpI z*7@l}z|0}kYP5nriD;f-5#B*xjfp~)J^i_5g6#Y9AVhpKOPi+Or^X!z#N)%G!rV1a zCjf)`u5*RCKRJBJ2#gGOm{Ivqy{ToAFw)bez1tIZ)dHb)fAd9{)ntw3t4OHM9c)P> zi397lu(D(Wjpt$$*cZ(ZDzX?w22_)!uO*;^0Epu!CJK2$L#ovErD7Yd<>d^pC+hlR z-F?K^8`UGYoS})27aE(^Lx7K?5pi=q=2KO^?Vd1A%xM8P{M2!#gzYa|q}qi>f&wGxSN{9=W!KPIC4 z)!y!lcVRQ>ZeX4l4<$81_ne1WVXiH;T00mDz!s35!?jI-s28NohSk0YPOSR?S^{Xc z6Xr=Y7ujEra)jA2IZ7}0>%*v__y-{jyb22D^k0q*V=&F)X(NzhAN6{nFZ| z!k`$XwJl#rzoMF2~A=;BCfn70M|M<&yuCJG4V|k(R%!jpK2~(5yN0PiU z7x7`$s_N#K@=a=^Wv704FV;QPaAx@y3Y_E&xD1}Q0f^?rhN;zyI6Yv`JP{=9g2jaW zbUAAKXJFA0-qb}PdUK-e1d&Z(-A|KE{Mo$ii>fLFEu&*C=o2p7u{W(@-+RCYqurH1j0@wHJSf_(=Qj0z+6lZ)w7g>T4a@I^8w$4{_x zQ>{!@FAb>OJ_K;m*)zSMmL_1K9@H(U*unb5+^tSclM~q*j>{x%#ZzmdjD$gb)akHq3t?KHJzDw&3?G1 z_lun3k|(rnF67f9i znWUSM1wu~pNq6+|&j~!{k9!q&KA|AXKaXA&oF;brDD=HJwt@5Uv7mKVEO$N)uZXSz zkQht7!;#PFK^w@Ur%v(m0@{f*j`hfrTHI-te5XabBZ)vZ2>KOJ0uSgn$)+57gq02& z-k}c|#xy@9l}JtnP0`ycQ2ONgK)IDo!%c9tRxdN~Ysvh@@Z}uzl=r6=ZRx7sTgdOC9Sz{1z{lSh*S5@e2 z3wktPq&u39}9>(c_}HGMu(mwn%(seVv(R_Iid zf&CakraC)}ympYjPh4FtxvO!fOo@my=p6y}LC@NfFSvbw=Z}Q!{;;G0gc=-b9nk^i zunk_MOaE8;@21djQb{XdGFom|UG-7BWy}kV>EqQqvy(otT-8QwpJd$|h3bCZ0QHPW z96L%to13Bzgwa7E0Jf}gv^0u*tO!xDhMWZmXzW^^1CV<%-b1La;gFW!aQ?rWVEE2*yx4sx(@)B$nTRP7 zidld!+Uv-&)LxNMt;rz=dp3~;3CUVIM*U--!G?*Pmzgl-+t$r2viqLG2O@sGWqaLu zw1}ON@oG^c)a?oR40hK!igi^7s9lll9_hcl5_BT304ff6T>H>%QDX!+qzr)sIXAhC`;M8`-!_1eKmW8J9w@rV`IhqSz+Wcy{e!MQT2+H~- zjz6$(qZwta6{zaK0MY?y>O&-5WJ6K7G5pje*ptA6dqArc;07H9nsJ$?;aVCWO+Brp zLTkDK-bNqpl}xjV9w7g|a#~EkHC{@$i#|+zPG0j>@==sha&O#fH08J=^^gW)00nXx z@VV-gWhx&OAGsDF4WLytQ5|Yx2-MrOACGS}_uB#k)F%gRS*8KcLO}3HlepGxS?|>$ z4MbD%qPd^mAty}5K8~+Ih+1n_>p8z!{r7u#R`{3PR%9lrhkYkKJi!THB?a9Wepvmr z2%N_+-1Lx^O~LvGO{zW~ypji`fS|}!H$%V#w=*a_2<9XL#%(@5RBW2>uENAzLp(s_ zP)4L`Qx@!M6F2o@aU%rb2wYS=^k-NZ`8r4XxWgo%{r&v$@lum~77&ZN}|KE2$J zRN8&?M2(Ib0f|7o7L9>!mDoY;UXI$LU-qXI)cXEL(%+?pzt40 zN4Eafn%js1>XH)F^Cn|J8ACuwe;*lho@-27La5cdO*J0+ueEA#rsewT;M5l9o>Rb6RhAm8;qflMTG^aE{KM9|+e5qP)3T{nM; zcYj_mE6Ad#uqloRjn*R>wS={Q=)S@^sl8a1DbpIBV%i0i~sY@v#_N!Z+{ zMxTHHPGIxmzLJK9>uID4xv#|o0~iIVT4SuYE++x*`8KFwHJqB&FxhxQZl}I6ZTA(H z;U5>4PHExyE%|vqJ&+RD(p!+15F$78l3M4zoDE8Y>Vlrv80ie!FO!z6Z<2dyxQ5oJ zpXLFFZ}NtLpfCV6zbH=~vJQ3eNuwB*j!tcU>R{@?7lT3^rf-t!NMnnP{@X`V0r)#t zS<|QeB$vizbQszq3qYKHP7b1MMJGJn&Dl?Ik7*J2dXdDl67dGxw2unpZv=i&i+jY3dy(P&t5 zr8_kU2o83cn$q4go;imr9IoxY$nH!zutz}=Q>8k9D}2}a??nQ*o;H8{Qbi~+=oH-d zV|kXYUuLDOU)5!d`JKF#4FsUjR0J}0>dFZZBlUqGI)i?45dfr4&2ODa7{dffpdhm%h_pgN5kD4^61YbwSP~TsOzQjmO;rRe($;4sX_b8 zG6b>z0C8@|sZCT07BKm}np|ANAUk34PrnyQ@6W>DAY?(w!nvF% zKI6=qCId|9WuYQkrPI$yq4`POY6}8>oX>r-p6|)ECLp&a*OuSV$v!%p?ou^0gko}KPElh$ zU^|fMEdOUfQNpL4W?gY%WujW!8C?uyUI@BR0>-_{QgR@c@t+qz81~nFm(Xi;xk8fi z!wJ8CNv#I%>c*wUt#mFDFb0#vWo7zZjsVH6L#pXP8KPVBdH^vpjyk%x1vj31Ytm?y z)0im6)vvH(pM39WYi>6s>A3yRj(IztQKWN3lZu<7;^Rb`c5L4{ygivaLW6GyT z(@dPejoZ0kReqg@fQ0P?^~%5AVpoTFGfm5A6dWZ8B-82!2G#@M-_mdE zuNzRy0KH&DkJQ}R-#4#v@BpM$bO{<^lKsrG7}!NCDr=%?pbQWOuni<`?tI6t!EHa> zHUYq#9sG!4G3)R+QR03RJwX!KRx}<4h0;VJDhKHYda>qg68D|aC1_3g62L=$E+XC| zalqcOKV4&-?83PL;ImrWf$p3)x!hw4?NH;`_h6ljC{6 zR+`|hr@u^?*OJ@QsgEZhrku#8(lCv)zFVn`Vg&RR8a9kcLk~>x)dDMt!;fZ)%qD5d z-+K2E6zIndN}iba%J1X@(P@^Mir1L=O&)49`aVLNLEd27@RLM|Oc(&T(vx@ComKjsrT8waO;JZt8Ivpp!Xs9@7MC zVmp`dI8o#;?T3}MH4`&)F2Dxyf=bNX9u}=k+tjHZIuAPmu{FF9!hjmcd}PuBFz5w$ zP5)1WF|axxv)vM@!$)a~!m+I)9y{q(s+{G_K`ayxuKMz7_oGk;Fz8U8qZ;hh*A-EV z0Nan5RzyDYT7$}<>{UvWo0DP3)HNm#MTP-!gitJog!ZW(+ClG+dwlHwx(B~pJr$6K zcvm>=p2bo9T&H68RI<%OlSK~6jl1Bj1re(8#p~hjq|E|Wh0QaEie+r(9D_f+vj&8_j34h-T zyP(Z9m7u04ormQ@G|8b4AuBB`^p?x3t}_OWJ2!_a+8|CAf*VTe87`m1)sLlH6n?Pq zGh=_S&D7r-u=L^-v9^6!%LFZzF;J)hbX&d_Z6vyI^sG<7a?eJ<;Fx(mxkqRcn&%^& zYzEn3_g;||+V3v$e`?jz%d4@;f$<9e()G`}c+E7_^h%B;BXIyp3V$+`+xLRc&S(4N zPL1n3mEPXsTo&a*>kx_4!lnAwCnn&H>BT^XposmKMPWGx zca30Ku~*IW-dhN5r{5|YKH41OuoC^MFer^Zq*_cc^ON!1_K)J_-IZ(0@}y%S1nQmv z`6vwbMWguEm-#JK-*m~xG3fZsPF`I?q1uPr=k%tqsyzM?P2f_RVQR#5m^94e3TK{y zd7B~&E5U44d)O2g5fcWQ1x5*R_HD0zy~Q5{{LhihjR!;I88yr_?i#-fdN*XP@8(=Q z$AoqpL$`jQYo&^!N62bQ>DUxQB9pvaMxYnkIr&NBB+}y9n0|xrS_3O<1A2<@ed`J2 zb^n)XwZ$R+XOlk9GYceLbT=(XNvcI@)K`{#(v@JKh+iqtp!?AUWuH1G#Svh)-1(k& zJR8zhw__g#LdsI_CFa1sN-MF;Vj9-hd zPQnvg*M@IiI+Ne)+*|172ZNf$a@6|eXTpg?>)baZ!cKF_s`*Ubz5fB8t#Bi7eCRrk zvVWhK@_9BUe7p$~uc9qn(1`^Z8udAB#dq~NH{T*S_Jgv>$~;{boF>3wW0yo171Z1^J33=Nd=njfWh4CC`J?H^Q->^52qYt_K zr{7_A}+bmu^0QoT5uRJB8km51y;={Yibk_*%YW?l3KC zmm)$>4CoUVcIpljc6MkJtI||H*v`NmbUjucC%xTQKE6tF?3F$x3anxO^9Xji{eRGi z9V$7DWWRVKHnDVF2vr+JKPxck2?KWwz*g7|FWh^$!M7{GB8x)gm&r}=U|oC6&az$Bvafdbe!^;%@P)Gpt7b7QCkNviQGhTRl*ERf;J%uu3;64v zb3)GcHaj%XpU%D;a8m1C*AN%o>)7wK+5e-IkhHnLBUmz~DUY?0OD_J5UJ&6A+LsD@ z*Irx&z8N!xX9dW+-Kn2hMmmGRyWmc?&v<% zel!H_`0e6anbv&Ympitds3Q4@wyFlnn5)OYxk{annKF z@qX@+Q~`>d5O@UPLn_GmU?Wi`Ni%z^T|&@i&9D8fML?QPvxvQ*vH zaynf(!TtrL&v%n*c`YkaZs|+AyhDDCI*3<1ueQ zMXY)S8i<~;r=Ksu)5H%USHyyp?g!NEb^vav$?L3lohzv7tbcpLwHR{c7f=2Ry9kak zT+Y2vSo|tUBrrCUw95~@dueiT)QGAUd75kB87G0wWVmES8{*!56`W3oo zAgttB9>E?xu)I)({_7$G)V*vO?~?+qm(6V=m^E2*8ykSye10*ltH=B(4=P9^cceXq^3o;Z#S#b5@<7og-YQ zI!>!kpRC=!GNbZRGvd<*!f`ixyl_HX7wNUfALZEZz7OfE4Uw55W@dKo^sh^<>S9GG zecbUf2ewxA3ox^@aZ~kX4q$da*FQRMRh`B_}UShQFG;ny`Sz#djN`Sc9zZQ@4Mt8w(vd0jw?R_+MAG z@9n8qJ6)AWalRyoQ+$hnVL`iIvF4M2t@r>yexlP`s7)9TO_q9y&}6*3Wujyj`(0Z; zKQtBdT1zEIev#*Y8I~r?3=#N4Rlts*>k*nJrZ(44m~8F>m{tRsR{=opX$Ltrit;73pZpkMv_L zx^5}wL<*i~5q~Vd%8_gQM#f>il!E(o|HeZjGJdGGo_g!E3HOc*L0(0>zq0rgT+48o zKjf8TRU$4Yrc33??fdB4r%Tn#&Db+eQ*y5pjC0D4xep(+Z~+Zc1JrK@pfzP{>6UfN zy371);M59M@}wTl*fv!~QNn0Wa*xe6Bb0q@vjoN)gnQhLSwkGBOVJNsq+P_fwyNHe)-vtBNji61Onx}$lwar?iwHjL&)A91JAa`bk{a*FXlcI?#o#`& z%N^oS5BMHu9>p<;&)S`~3JTO|SY^){o`H%5j)I-i#YQO>Pmp#G)~LxySJRfQtb=}B zog!OKDZ`=oey!VS;h#;+*+x;XXFN^cfP5m}&l?V#R0YM26loiI4XD{mzh)|Ri7~*G z-ktH&^#t7hk07hPb(eQ-S@()} z=!}cs;fBg=vNSO$QOk1x``~dvEC1Kt)4KGT3nn_qJoA0-i}ybmf@-*$-9q&SEa)#5 z=?!H=bbU>cJ?mZem5VVK{#6~W*@v3uC-UcDkbL|R^1}M+Oaj*e=Ve?=7uAX_5KNN~ z2A$$^_AZG%-?-<9za`&S3>Rt?@%@+8JLTLZj$eTwD7>D3oduggms0c>MR!DI$P``$ z9#OLfEP1b5q@AAE#{`%)I0m$YMuz4aSyJ0#)b~5D7d@6{X-2wCEWBn?D>AR> zAj2LE7ssw2)O^z#NR=48S0Kc?-|=2eOqweWUi56ulGGUceTtqgCA6FbW!Exf%MI_} zE!I7ly@2bNZeP0sRdFb*?w+0Tsaf>VItgX;H~W_-{CeAO==VPb^5>%uZ4o-p)1HC* z2UMEGhKGx6-5lEml-u^;F9p(eKFl(eEbKJ6h8lo?RBK*=nL-D59?rD&dczB(pyJfe zs&9q$hS|~wHNbrKhddd}-cKs*y0M@G@Df`O1Z7I>75GI`; z{4q;!Fa(6m!e_&S+Q%Jw512&dSeM@?WO(K?mw5XXxeDl)-}drNw9}I15kC!j6-YtN zm1|k2b7XuoKsoNlfC`f|oq}O)D1%TUhdPT!mb^`eO!vNRg-?UNG%tdMPRiDHjMg1J z5-75&xYcBOT#!ZI$5pV%n~hWt`Sy7He912#c)NkdBZ?-U-Tr0Q^&o8rwAi|=u1a5; zw#vU3p{v|NPWc>Et2!WXo z8bEq%xje0M9n`>ZsuvquVQ+FU#}caZn!=Wt*qr?MlcJWemWBdmX;nIF8#nZ-V{l&t z$-jyiGFR3N)eTJS9IDj`f`R!w4M1eANk2`_oG35iKL4eaaH0Y%slGf^|6%;`c4{)P z|AavH49uk;!tyVuby&83W!xF=xq%xkFdn(}Rv@u3!YaFp{iZ=u)Q5`6T%NFV9t}%? zg&R6|hD8iL))X&l-I}e#S|{hhcK7aFh~sMzf(e1*$(RC2oXaBqw63{j-)1Uhkgg7KMdrJ6-TctbEQ-?c6w4%!uH)p>e=w|f zikK(AD3EtZprzY}UzN^m4PkT!;`}fT0oDJN%JiJ?$ocP_RAHrMi#6_UV4@5I09nN- z=ePh1)msO{_b9$pS;kW8j^a~d`YxIW;W$m}fpoZV_ZrVxnm(bD~vd*QV3e1r3%u4YP=df~vm z2Wcz0819KBQX)^t;TiE2;&s-#c4v`dY@yb5UIp)x+r48&N6p!MvChZZqUjH+bSm;x z7{VXdvIDywS@Oq7|E8h@nOn!Nf7c9rjIOWk;>SNi6ipPK2kOJ*g;S!Y*Q^gjEOhcw zH|kNs4)}U!#r;KxZ!5x??_@dAS+2T_C&Pj&;2fWffPg;vl5jN~&x{E;rxepYwCYlK zXBKH`9&1-3pD#BfFMe<#TB$r{2zQZAB#1UZ${)Q8cv#_UBRsLEd~PRz8iYiCwIj1H zy^s}qZW}c0HmN@BI?+!~8b94MFMZC9bGC8eS*7`k+`~)4H5OBc79BH`%Ec5eG+hLB z>y%~f>Aw?@`zAt<0X+ESr!cwyV7{cb;z2FhZrJ?SSsJD{J@oC@X;k;7)5>1{xA z{?@CA&r_@?6=4xhEK?<4A}T@1dWu~ErpTC6dobE*ae4pt3!Xu+$>!n1ZVXBTA78v4 ze)CPvBT=e64X?YUIc4@}h6Vh2|6T>>agCkvGt4^e6Ks`M-_k>gz0l6(;pdbvpXCB9 zCf_R4Ya`q*)~D-4m7`z&+-5?mO$E_x{j#YX841&sc z>JVjEG0u2zp{x-mER9NM*SLuDZ`Yjr3N4hQY2n77}`;uS+KC1M64Zq8w#C*yl!hw{~6h=|6;Dd~SqnHi@dXMrM9F$sF zjW~EbZ-Is#YUz~+1x$!fTkg0-wj^LN%l=!~H+&OSA7rvO=^q9382>`1=(x{jS^gKA z_*p3CN{%Xu(clGHrO@KFVjOGak)QuYkb&Z+#wg$ z48J+-e?3VjefIx~Kgt~ikY}b%-Me5ksSylBm>IYO0vKw?`@29KJ#OI8?hxsOY+4wy zn}0fQIUfzSS@ks)6?fH&)qD8y; zQ3x8T!Tk#=A-s=EwC?y3P~It>F5r4x>dNEYRn-O{4;(cIlU#l&QGAHptv)oJDti?E z7dOM*3B`3lk`I5Sya0poHv*&e=h3qJ8ob8MFEdWalgq1Ir!w+50+fJ2|4j>Nk4Map zKH40KrVmaDwt2Dg!sf-LkpGqG`N2VbNgG1fGy#hjXyv=6o8b%K1jz$r-dlhV!Of7@ z`rcKW-#B^odcR6=(IB9P7Ypio=Muy7^d9#d_hVh)U?zTAOqbx_Tji^lVZ9m=liH);h{5dU<8Hr@0Tk1|2s(U*H4rfyf9N7)Wu7)Kca5B$?W}q>Q1r` ze%JWr232sCRSuv@yYIC?nMsp$@(l+RciA`tc+Fzs4!Up{M_STz8ZNJ;xe)-lM+TXL zBVQcwyO~}UT`CK5nk7hbk%(g+QYHK zRGo_NGj7Q~lbprE+<|%AoPJ8@aA*(w%douze&B>AdsPeAe7Da|+e>ACV!Nt75GV&w zU}VuPU%_aA{GG;XyFTgBf)pD{5s(gnfP$ce&_f9&l(C=!f&$W2 zdJQcJ5JEsjM0yE<1Of~qHGo1w34yc1%sk^fbG`59^WpG;DAJ(9avJUyQV}G$IvElp3~7b<@TMg3b3VJG@sixKqcP(<|I`{oGJs*mOrP{N}s8~<1*a!y>% zT3A#YP+s_`xls~`;KPbku6zayyFn>xP*>7=G+@Md-8 z)+4g~5MIC_r2K)MJhzqU1;@x|Xc-GA?Xz9NVNIlK-`}BFqe>u9 zhKzF3P(ObuJC$}^ijrO8sY`Y2$+tElqP)q!OE<+Z6DBS`TIhjy+F^g-YZhB;h>XRaaA7OnlfN1x8Df>7IAJtS#WZ}L0zD{3 zSG{&6Fe^KitNZxnG_mMjlbO@!mx2Vl?Y$+Q+2W{xV*f#-DAhNibdFXqb_|5Qng|Y} zA0M?mX9C1=9Ec|lPjZc9@%MZxnh1CZ1U3+hG{#D1h#%UU?BeiC{n%&?U`mqBtZzs>(BPP&z8Jtye$!h zWOJ9;MUvq>ojPW#qr5%>z-SQKF+Zkm^b-Bl5JW3F^}d0@PMHQk3h9sz+haRlC_&G&xCeM->)7w-Um5VOD6I6P)5Y_l5X2U%<1P869JQ z_}FU4jZm)k;Z%Qb<%cE7WCAH^M*;{8u^`=mgVdv$gF6mrFZ*;X^pFsXfY$M#*68&8 zrno|bn7K9I4(R=VXl`Im>_+|m%V)FM_b|uW4+%Y zf;g{tGCl*Sh|GW{wEbypJ`&dSEgY9LHz2t30e%9P_QW$uCTdWaq0Cv$56?q+ON%@w z+KnlIINC1DQs;-3xchmL0Aq9%rrMgSsIPvb#ckB8S9a`I%%!Zg)qHk!7QJc+K3Fs% zNQ9HjJB}75Z)R&pHJ8_GEI+1T(ihc^q>sV|U6{SB>TU5uFFU3b+f8Fw2|Wr8{+u*o zYI&P(+nJ1P*k;b~G0ZLqYekJ#^oqiN+NR_S_7uBd!FgYRu81$^fvvSR2fBSW5%?6t z@qw=<$+;6Nj9>$fE)Ql_VwS9rVkfBjv#MCOjVF4H73RJa)!@@C$@#gO%rfg>UDQ;g zkic{W`nB?{h!0c#W8MX)aa(wGy!u85l6rB{)j=w?t^QLz7q}S;GDCrm;EXJymYF{N zK2`wZ*Ud%0fShJpJZPPr*WTEaW<&xFN|kbP(9k>F7}unDXf3jyG-6+~5pvO5|KA}O z$<62?t|ip!orYoDxjlHhY=QCS0u2oZNifVYkbm9D`&?e5H?)S$n#esKaX2IKq%Fjy zzd%h1Hl~RvGD%PL#{_-@#D@xv7GNIR#UAemNTo=MU> z^kA!FX9HL2%_e;xWcXvW4sUZoo^xs*OI-S3j8F4-CDli~NASG!jtucEQ!d$?B=6R% znT#JAb^^SvkbFoChl>dUkxW*SW!Mh}-Y5)7Z8eabYkgIJfz-zL5dx&^(IUwhWo(`- zh7x(}&CHtlQnr982Ox8b=*~7Eb+oJ8CYvzgGOUUZv}hmq#8gjc(u05jL17O$vZb|> z=#%W78rOSAs*zG?-Nlds03c@)WBM4>V#WoD8_lTEX9K}U;}yR%Dct@1@=!wPbuUS-6|+17m&qD#Y| zjFk0lTN(5r2(;qbTmbAyv}9077f9AT8B%kJ5tA+$3tny6S!&79J)M)FVc`dImakTO zU<09*)G2axDZbWDXRFr4CHWz0%mwEy%&Z8}D#`nH+j+Rw37_ig{nN+18C$6-e6~MCU|6az|F0%?R+?OwLV zoP{sCWgclG53B^7gye`AHj>BuH2hmbb_PtOiXbW(CAz{TtHl24_@p9Y@HOB z;knd)hvKlgVSmNeX_dB`2IsUSyt7HeZjq^~d=&!3fkr*khpe2&#D-I`Odan+z|S{P zt%7Afo+TNX`OacTzBK#Dt%+^fm<<0MRq;BB3njSF*qp$Ayl&)?OJup0-A-i7z-bBS-jDO{%?zDm}QiCJKnyt30+>l%bq&?neuf z56{qK=B-h;KoVKlbz&zvE(p?9UoVoJHl95HwXv}2bmdKmPB1w{dWZe>K>J60Q_wlL zV6kkz^U!y}Ex0=kaWMpPsn(#2X>{%GuC4~VT%MYvBD$je(*8(Xi_PW9CkA^^jw-ajyW_Y>ejRO( zkW~Q@Har7NQwYjssPf?74xq&drictSh}rTxms92T_KJe!r3*`gy?z!R*Pa8__7W9e zJ8uh)#z9xD?Fq4T+(EfDjcS+bnaOJnsR>hxnQC2F{PAJXaBWYCT}4eXfvUEMXl_8l zHf&Py$v1nMis-yscKH}%a5E=~$p~4K#|C|Jkoc^tzE4|oD%W|UQ=#!r356xMx3+gA z8K~!v>V>T!trDn<2_pTrk7{=c#T_(glNLWB8&->~1l+EAM(;4@mTmaXxFN?h ziPhBSK@ERPw=^{WlwrF8I7AnSs_bbWmhv(q@l=6iw~4WwuXSIv`kwSa_G$E$-ZRef zI)!GOfmD@7w2L_}rV?H3=W+%eCVnWWa+UA<5`w}=288{DWdSJdKb zD|Lo;zbj;K;nfmw_wc=de_$svo+w27BqRU}K$w?~RF=;(T{4^nw%~*3UhS7T_>H$| z-Mqp)YB$Oh7-5DrEA+x6v{O#oz}787`yIcU0)hh9&|2ScV#{0V&3V(vU2VBZCxg$u zF{leIdamS3e}|v}Nk`Nm7)12j0YmwKogw5M^3JTe;yc5KKNPlI%Dr3vv;tM$Q7

    		6J7y`jB^kR#R^zW%87p^C>NTj>LsM7;d8C$#FouVN#Bpz74R5mAU<%PyEC#svt5T zB;i2lK0aQ#B|5c(N8PV(vYR(`7X7u+esl%+0L}pu>I_xjsi6KR-U?aMlVhPdj1{H0 zJq9ZUF-``gBAstfQc3OB`NB65Jmk1-w%bK`goD?>G7ZQg$C|a_ro`R5-*Ifq?PsY z$I07F2+8P5Uj8Jc7z#=?4T15y{as&)`+B{o8t_W`1eE&gPIp7pjx8-k;)xqGj*VY` zRTAv4q(3?p<(md#)Q<}|{EIO0xgS(ul-|2r?*1sz4pM5Z0s1a9>jofN-feKVTZAJih`@5cCI}O~ddQkKZyEv2l`o{Q*-GtwLgGKZwx--I z4daWmtgX-~z7XT#aYeH*YG7P*?`Z=`KMkZqrdMmFUR&(_k3T@q+k7)WCF8g%6R6_N zkN%dDpW=DaG%Y(N$nx_WPIu(&f^kvUCQ4kjx4jhWv5XNk5wc^kReBV?^&}U#c|K=W zC}p*yy~uN@6su2d1Uy2?$(yXbGl5bz7C3Zw|MBc$HC8GX$cdGVVS-=Cko7x&O5ZH z3yycPM8+QjIdazezzF%edVIivo7---K^|yX#-Cc=IQ?BwkR6y=hvjX@cvnkoOJvbH zX*`{_dO9_Uu z#1DF;3*6s%;8kKbpufEh=ZD{+%f891kP#Gt%0iwApPBq z2Gwx;i5tP^um)0uohSuy-=2KQT=nb)W)^?l@Cca8(L|+PesVZ3!ixGYH;xK=Kk_MH zoOVuMd`v7bOA{M!9p-eTO-zWuRFrr4YsP}mU%rB^n!oFXWAm&1gxZYvJPnKtgjoV( zz*k&`DyonwC)(gw{fVY8(=t+*33-#G5PsW+fT5 z9n*(phnR`SeN+UNz7^k(qBA9Jy9T=R?v>eJUh!r?ueA46RDh-cG7;VDsBzcaE_Kp` z!&3Ylez4-eghesXq4-r~T?QV;pw9dZ5gDx1*_?`k+32s<5nVdVZkaCq*$SuyTMvAR z_YB|Uy%Pd|BK-k$Mns2nP8+oNv-BtPP~9*TGLog$WLnVuL{R-Z)%7zeDb zDyl}bvBIzG(GGEUzuB6=8#jFPZ`D-$Ax(2*EDw}vLUGRX6mdJAO5tmVoIJx285{&&N|!Qwjfc{`95oek#h135i!&D(K&hR`{u+p_@? zeCab(VuL>--e26=q}h@|i}#)@mD+2m1dZSCcvDpv19Y^TB+=oHV`J~r=~cx2WeXHz91)%2fpW+zb(MO@}Ug> zp4miPk;(WH`-MQ6F0raSn@DmiA+Y4%P^noZtn#_G%%W6;y|--krldQyF}yLQHKm}i zvU1U>ii;a|ICxS0-NPOJ>`USkh-VKP$C(e(X*4^{mF9AL9E`Cl_nI?W7expP_%>bH z7?app*7CjBu5B{t_^alH^gDbzaxN38MQYPa(<)qJ$jo^iUjd9wgBZ8>#M(8qrf*kt zh^Dmq%=YEaL-AgL7QswMTp;S+Hu^b39KdfS53dQJ73O$F;}mt|q^ekR(k#el~ zb^OhKz+Pck$N+RBg%TXq>^WBE8xV-vdl?~!A9CVpZ zjs%DzSlvh@&FP~Nyec^0dd)M*r;LNefT-j8uTDchsp_S!fNwJ{55+$KX{f7?xn;Hw z*vW0xC~Ja3k4=&-DAp{H@q>iJLo(($12CeiW`|7=&U zoG{;xuj z@f$#Qiz#O;E%^fDSUY+Hbv^*{a$`^Ei;MWi@5y-m@b=S&;cJ8GmP2p&7HH%2mZW3P zy`1H4{@|jaqo0IPvXA|QePA~;EX!PoY6n$&_@>Qrjc)@NlmWQpt>>JzwPQ~XhhCDm z{SiM=R;^4+Cz;j*E4PFbIDh1oeh2zIxvCfeKOk@Tk=UT=2NNqZRoCNOC#^z^K#5S+ z`-7&)ugZW~p+xoS0*eW>O`^l7PS6&)VYhP`fv`@=PHyq>cHQO%=a4wzn{0N!x)twx z?r2?Ou8LX0S)VOOEvtsl0BB>b27}l#nG)G1BVHI$3uMzeEvZ;AjP|7e% z>;k{21(nyjF!i|anC+M=PZyU50tmcTl{S8T^($=$;>G0!1t9oZO4_?Dg6AN5C^#r- znLzht2Xf8wWV5-ot70$tK2ecM_3QvZxGOUCPV>L_eQjJHxhySGx%bD_lpBU2ZLa+w zh=R@8-;#o_ZGqisSfdv2wIp~GxgY{~nRf&&NYPMYwp!itbhUD`KU(U5%#0E$1u9=Pod# z`_lN156+_ljR~g6^_NEKYH-20OVOzmxoy-UdBTh{8q)Mp9Aj0OJct_Ge4PW)5y3rR zVAHy9F!0LCnB{)wR|%9&got8v2d@K+Ka+8y%T+L`R0{ zT0*6o(Uc-$3)_@_zN(WD6vqCeTA}P(cXYsS-EM|DQ09Y~l8|$+cQEFzdgK|G1XSV9 zyp24S&Vf2{n)xN7$kNe_>e;8~Cng;W=m^$!wq6Np+k!t!%vQ14zC8807!44hDWEvU zO|!+i^sU|}6jP4-r{V86o?T3ouH%C>p}!>*MXaA=n1R~C*P0PE&hK!u6MKJ|R5B** ze~~b2zN+%yZt>>}yN0)dZhR=iE*-B5l;#^LeLc5e2Qf)(@Jm^&(nc+wx4u-QU~W01yLJj5tx`2$ND} zapbJ5n{&LiM|7ORy6kYT+H$`%-%j8T2I;@@9b?dC`kxj%fwO_YVrTWDhzwHFEmxqK zjLy&AhgZLTkO542fr6mX2p_BVsh4!ME|njsV&J_SpJ5?Ah_=7hEVXoKEzd+|8NRRgN^GGn2gXQ%KJ7cE|4=b#WD##rM^8d^FecKK68 zQg?y-RV5EJ${c#+Y%#iude`zSsIm1pQdw~ZF}EiQDFE41b#1#&XR)^<5E`ig*`(nS`Wk%;K!xT&i^DK*mMZ6GY%~` zO{>?gy>a5X#$KHDN&n^5zv3|3B&5}RKMw8#UP?)Sb9_)3cgpHg^IchKQpqEAX({2eQ7=<;->56!Kl(j~k{;;+@I;uo> zSG=+_=-qn9AyGXOz-A*$>8s^~0`qkdtV)}WfW6>(W3{o>LEWO%>!CIX;kf?vnBLP1Wb-|Z zTu3GuxaMA2E?u+ydrYliYWHVCXJ6pCg3bK9EBw2y3Eq`A{DS~gTcnnoNt--e-lgZ+ z_yB}OAQ!U$yUHtymAs)mNIv zB>0+{Ac52WxY6cH@?B_t-}7|zFe=&#W3)lg(~!S$%U|uHs00k=zqS- z72HkX;)m!<;Qu}^bGJ+wVt3cRC!PXIq}Bu6jrtgC-5XXrx5@v!UDUo*Iom&us!>zp z9KXW8iW9r~F<@dW=_pWhx+QWk`_aZRH4^*_kx^E9y)=0EkAo(E;)6s5Z-qJ-{airW zFZy?F+W1&{@_(JR=FgBuUY^wvZ~$v_N5EZj*_ zJd}L=<gtzXl)q{}DF+v5(Jp{w=Zke?dk5Z>Rq_blfL@QA_^u!vF4Ly0p$>1ak)l zcV2LeXd_|VYjWe~-7&<_-9y(9&*8m( zf1KBSU$5YqwOA}*4aXeAcklhF%{S%Ga(FltI4CG6cnb2;swgP9+9)V!nb?@Xca-M$ z<$zD9PO5T}C>0}AyTBLdW)hzyP*AF)aqkQfOjATAz*kMTm`Z2`K)3uOfv35s3(UBdkQ z)>vEV(+4ML#+;Clkai<`x?I>|N=C+FMn;R!wilCZjBNOSee}tEyifeEKMDUx*6ob;G;>0M#pFMy zi*C!16Ama7_KUQv@3y^B)VFyLLLR62AYX)T((d`rxNeBl?ws@4)+dXps+>W$DBov( zFAtX5wG&yj3$Fx*vc&YGsD&U`D#il7cTH379W74HR&%+{I_;idzn}m2?D!k*zga7| zK4CN)(ec!;T4##FdQsQzd{aXu>aBsmZE!>Ad7SUWE^RN~`#mPaGkxCi!T(0glxVG4 zyX!L!zp$Dy-Wj7)y*%WcXmMdl5%p=I5_Oh;CF)%qy=o8K`CP46Ke5ov zZ%>@pd+WBZ!|YQYwAOSBU=*7Dc@|t*#HgmmX#2 zrsAR?6Sj)%3-3e4dlh*>g-8Ft3Qh7ma1$HD!X6tTqPy453Gnvx$N16O)MA&HlvnHQu%e}RjEKC4?$(|3s*=T0McT)B}pCvl+MysOx zeuPnP^x)0e_PHoxBvXK4d!#ukjZyLC&GO?z(UpuCwidfyn?{TGiH!KFi|3`V&n<{e zx8*f(eB+|1=Le4#ThHa*2)A9%TTN8@`SoXtv|4^tZIUOtx!w1T6ZXLI`LW%dA>_6( zTCQ!bzQJ$5;{P#2PzFJKk}J$tNdeXz^GTvsj@I-0Jb#&Sr~A zN)uu9CeJ42sF=YUvJ`-#(1j@;q*X=lEtJF$r3*;$#NkEX|F8NB5eY5Ni&59}ka64? zD!CF6_Px`Hq7p5;@^C|5+K}Ydo*~-3_JW~eQB(rC%eaXw>b6-DZN&${mvg;89>yC| zU6$HzHcBf!2ktO%O)hAx(ib@_!zmge0&Od<{80wJnI4DBV`CaXr-X zINd0DcoUK&>~T6^_oZ+k3*InDAa=I{E8fry#pL>w#v40P@ZrNgtlaqad^eUN{g0JW zmguKL_7$Mk3RLoX;*K|yz<$nw%11d;SOrGC_@^U6oB3aQqd2`_?_6ZC_ZuFjO1_-V z0EK0HpkXneUyW0jDe9x;_mf_#Orv@uFPcJrm(v6!7Ukx9w~8g;eI2tGjbFverGC_V zN@lJ>wZG9|13wp)!M$Jq|BsE=1{Z>hs$g9#e%ao=eUA=W$k{>V~QGeP@ThX?EI% zAp_~!j7Xn1NN!q!sxFNYOYNdc8w}@8cftGIgs&q;R^>sXI#mV%cR)$r5{3moB_0?v z>^5GwK2g2DzheB9${h!ESF^vR$KySeT+L~9iHPG-RJ%`kp}UB@dc~6VC0Nq`{Io#P zQ-1^A>{MjwZ16_2Cco{ZhtgC3+(B168Vmngc5kMX$!exdY3tPi{+qhU z8E(FxgQ=`(uNC5?5e&J=(M}j_bNCxQ^S7`{cM~TvWuD?3?ci?kxVoRbm_t zSB%?gRgBZxk9c$hV_M_9lP3-bI<3Om?{62PVR>@V1H)UZBRBAET zAv0`jrn_74}ihQ=(3nQXKT@T@kDV%nSL&;0(XrS}YNo*P1)>HCpJ&~mZ zjPwzDW67o`YceASoXnRUS9+V~jk@p-zYg!y{$5V6OKTr&8Aj}C{T641m#kW^|Bf}F zf$m1n4nnA}rpl2yOH4IBNM212Ki^*@xeRDgwT@du1y>fmR&r5&7>bPA`u0O1mN3(R z(1w##cN;0TLy;5rkT>3RR3c_0h>02*r=(J>KT*`$%xaL=XqfoUt(GH0nzbgs!(%5- z*Q3EwOnL%g|1qv|<3ey>$^*yh96Gi?U0Rg7RZFkh4KuR+X5GT>I2)~A@^W+RB793S!RcEqTcj*rh2g6rxUh88^0raIW6J39&USJ8)idx@ZMCM zfa1&c(ba=yC&!zbtAS$d@k4lr62htYUc%-+6Ahx5cU#X#%9if-^chN^G;GDy+41n! zrE#F9>9=pd6AYl7a?NO%Z7cLU^bo}TX?$5511Vn+-(LYW_|GBS=cplzb0q@9Tzay= zO8v&+oXjljL5s$lwxr(2+Py?MCs(m}WS&*C1vHSzS{i*A19a<@>%q!~bxPftipAHT z)A?_?a(O|YDm8N2fF_-LzIT&QrrWBPDcq@&WM)1FDzF6iC$VRVN*iAuXgcmqy=`Z= z^x{%_WoGc4q*)~grq5p?O=4C0g-OYx*C**hblE=L9E8?;qIJZ#P#GsFZHOhYpXGO} zfJs2H(RNEH3A35^W@b?@PkgxVh&|n8Y0~AvQpaJ|%MJFvJ7KbfcbFaulJnkaE94yF zhUcaN!&`AMk#%DvL+F<9-H<=@Vz{k1IG;d@4Dj@ljFbQ-zoF7>`Oq-;U3Zwo~(TbMys^+C~vUf`Da|d`eRb#iL{!R4@CP(;cdCIPa3LoFh4cf4|t` zlH_qlT6}a*!Q-trO{-k|+8Tdavo%To^J{iXZd#2uaOfx2v1 zj%HVgdmTFfhV1yz16Ph7N)uAYpvV(^=Y_3Iae1`J68%bK0@)^YVF{|n)R}(mb9=t` zP@qV<2+{Ql^r*Ai#&1`89e=5(TJ$;ZibzGH`{9N9w`2~(wllkbtkM3tJFn%ofqlGZ z-L6d1^Hlhd#KxLcZ!>6l{$g`w?}gCAt)i&u%D-8{PV;z?lDeaiX{QB%QD3n!7qg$<3s=i6+2O{ zn%YQ67)m3yO3@>WVQ!Zo4xnKD8>fA>o1<2{0*m+_)k5dD{aNgld-ji$yf(&LL*%Go zmB6H9-X6_TA3ZE9cjmEbL!`3_o)eG@%ex-Tu5$edF{tPH<~uO%2nqC@Q;khUUl;aNRo7XqU3`N6m0FTd6A1+C#MTI$(A$Z5WO6P z4X5!HsC0*pY+oEs%K5z}V|%m}wsqd}FvrTm1F!W)QkNF$=iAd=2ruN)bf37JZwF9= zsuAOPt%JxvR%^8sY&uQZOWkr8`wBUYI1q;)2msj{p|-P^>Cf8!px~LTrqW66r!+_PsTU%2$K_ylxce0G^UL5^g|1M01z(1c#RL- z6*xN<6ZvsWc6#mXds5R&0L>WOoh-Vb!!Lfb(Bwdz!s`?IlkJPF4WeD*7scwV>2Ru0 zQ27g<7wmdn1uYk+n}Zv{B}AH_ivgBOdHgRS*J#MA!AMFz0F<(s_X^0>-*c=${;_Mj zDQqFYRz?!@b`+IgVG&@cPmbhJBXhchh(e+PlsVAY9VQe6E4F<+bYpmJ#@(ul9?OTV zxqeL&iK@Js8t`xCo4buwF$HgRqakUkxH4SyA0al>N!NA^u1CtZdtO|~W#YxYY=D~g zN7LS#{eGM(FB#x2)_%q%=#zXRoQJmlGCeva%czB5M7vz^^19@XV?9FHGf`3x>IHicOF5aZFrPc&;QHi8@+pxfjzTT|Nm4JHm-3J25rJ^D0^t`G*s19&5r zU>^pS_$++&7dMrBDLQ{oH74eB>rC>~X0oLo$JFceL$0)Kjv&bGeifkaXnKWdxCUU=5(^&NDP`Xj{_)M)CxzcGhz*zV58qHBfMZjiGG&r=;BV1e{@On6nC%zJSnc!8(JidyG_zUq> z3r@W(b${_9W~=kq;GShp8U#Wv2XD|Yz1QDY`D`7KPn-ApD{Jh5O3tChc<>C2v+cpl zL-;uzKDL%0K)@$jK2d%nWzQ7-nae_D^^;v+0^xMfJ(f)`Oi>=psKc0N(AoGG*Iwe1 z3e&_VQww^_^St&4&EF=oYP-77D4)!?EuWzy^J~pUfClVwwwa_+{dLzz`bDCxRqsDy zk9YA-i@%piMLfNC>kXMzoMEj>`WFmjX#W9jN0XSrrI_BCeb`#-0`6>uCuQI2s(5O+ z!bg)!KWGd6Fyhm3+1lQjs2o>c$TW|9CMwH|64@Gl4NypHoV#hi{#BY=@a+Az(Vb0>R9#eTD1lQjC?YP zq}$GzUYZ-S`>^%LJM7r2ouyA|r^ zh1*T!_y}b!ySV?l>+(EKGC^y|Xy)f34v1}Jg_vB|BB-5pJKl5xJf zD73Zz$w={7b@Rneu?rVaTX2L#T0MAYrmu&r?W`iwmpatiw>{kMd(w>8t{=yC?_Kt-cGKO`MgAL3=5~mW5Q`8ijvT&5}3iBL8uClHN!$*K*}ZryXZ{#a`|d`|X?^-IeS zPbD?v)nR<$Ckn+RcEM7}@~Gqv#k8wjBvnq=Mkv6jTEJJl-A(RMjh4OeM!O_KsWA6v zNngpUeEGNvmDCfWr5Lye)jry^%hZphH#?S$*v|FG&;olr68n#mf&RN9l4lNO74B#q3TNmiTfBH#%+(>(MDHB^GZ}<+we248SORCLl=W6va$fQ*w2y@hAjA9T=vT401DnS;H@~^`7+7H^c z_wt@Bsuyi8%TUJ}4oE$a3N7V_3`fh;hJhA7` z)U!EW@d<*$8{>IxwEFe4{g<|jkEmYaz3ob?k6nP?BZbvc_<*@8g@51%N>fVbuQnb` z{RH32kNxPWLD6gE^@xve1h2*fj_I+UcPGhbSlNw~ZUPGUE)r1yh$01_59c|(XE}Hl z#VI%9Frv$k+39|_DVh(TyFC?oATn(t27F`9QoBO zW=~aXu`as{s3T6Az2~A3eRk>nX!0%ct;J#$23?qvb266ury(yp_0kiJGn9RLm_k`v za#4@f%9#PRELuX9dGUHb06leKHf>>>gGpZLcFF9sl>pM}GfCmH)0gC0W_S{%bW9#; z!~m-EYyC)msPsGh21&@_r+h&ZIbH_0TyO22W;yBL$YqeRm6u{9i~RUTphYW>Pkfw5^F%xs;5>x|++p(U$h1pWLS9I*iP; zrGCHeF{81^X^LZAjV4qZRF}zttP%FMuF#6yPGQ!_o6KCLdMUMG8tOh@b$nu)DQt_{ z4nUkaOnpLbZY*&kNhw-_1BfvL`qy&aAG=>~P01&Ul0YTG`Y$OF1T4LEyIjU|rzD(? z8*eNY3nTY{9xbQY=Kc*-tSmtTM@0<)m#PVDm5^fVTaO-pDkI5$s&WE2v?`oV6X8Rk~7$k{H)hiR{>&0SR4@K1z9ES~Sc1*jj zPim~^IC=c$>#f+WU}XtBRx|zS&1c5&%MRl;_KpvLcy(SKv??GZg04dpOeSVqc2={C z`OZwl>mm-1lCM7^q13puOQz;x)Q0oxZ}|)AuijStb2Nta)~jAL9QN5CQ@J%=hEw@w zXr98_dy__bBP$k!5IfO=2J=QeKU|*%uZZ|wYHDjXnO8gA+_mV7Y1TNWaGTF6(+r}X zxt_gddm5QL>xJ-K#xt`tPJdf>J6(FyTm{_c2 zORyz)=6pziumSA^pIS%|Z9`+J%uw3f&!^*vNim5vNz|u9ZCRrCbB6KlkCeUkucGca z-gLCCrvQB(B|4~s78T>1xdRvqP>>~% z$%uu{xIg-UPaa|A+I#Qq2!p%1i9S#YI)~%rq&B+DMj?RN$n)!$uj5RG?k$5Mf%?QR z5}s!oG*`3S=HZrQksJ6lf*V}o;iZ^lk<0&2omSiT05r=f4u0RYrkPSH+N$qk<*0av zYwhQ8OWXLULw_0j(pz;kK?^vQwUtsz177m7d2&E04L1PikVeHO#T5?$o7Em?rh853 zaPwcMFD7W;EcNEf;F|p6yU#!t-`$)kHXeygxen7{5xfE+p5}nKF}a{j9|@w#_eZM? zrNHYveydFm@eNsWF=S^)N#BTprt(Ypm(|y$8Nge>kxrwz!pNdomK%J@I@J>H@_fJW zX7*VY);>o?gue^LvYQ5$ox{bqO6c7Lx$7TjwNDtnD%9Jf@t$z$ERi*B+FOF(3lK=z z2Gc!|ft$m38XzY%B&E^S(aNEIiE6==gQ;|914X3NNjv^Tluh~Hb|c3S0bp$hkIGn7 zB+Wrsm8fBR*R4reqsGz66%3eW)7v*TryKq-jP4*T0#G+5dO1-OZ=u6k&nJaU`jEB@ zHM(g6c%w~{P@&78q`@S1p>4WEhy7*DQD*dVudAbiK-hYZQVjaj=R46H_WyS7&f7Rg zh*#4aFN9->>Uxa2L-G6ygJ6Ws3FX5Xq8~-JnjD@vE#N_UBKOzfC;)CgKR8+Mg{W5Q@_Y_@6<}HicLP6$)kwCg|&I$l5-ej=a0s8HVe~^ zB>=kF?%f~KJtu83ZTZ!DLD#*5=dwN96<>;?>MWX&6yTVW@DS?p9xQjTgYe$cM>NM$F;``ttHe?wUwA9|`|~su zX!toLOTvr2BXMRkSNQ*UPsa<}ZJjjftq`PL&ifKaekjY4J>arWz+!nv1MsQ@0I6e9 zHHo?%l|j(0%0JLhGY=X<4<5MO=!kO)}0sERtzdjqkrHa~)Q^9GQ= zP|@yibQq3r)}zJb!!8d&;Y-hu20E+1JQJRx8xe)S;0_7UP=bcf_l2|IEUtLuE0iJ1m`K zis)!GX|#Ryt9z&C6hIB9`KL4<@HE_pdwu+GA}>ba%QCCGb(egbW?4RvOR24^?}!D@ z0_t}~%f3Q7z7ID{jXhRS1CfmL{YuX)mNF-7c}n=^J=SIGefj=y6t$l~qrQ25DvQ}? zmq*PlR&yJJ|J1c^g3qM+!-5Ya+6nd{XEHkwkgpP6x6zyYo3ih9RrM+X^K<0gb=rrr zi+r~2E`7em+Gl4MhFca8ZN;z%nAmU&J>Y<-1fU@CCvhiw+?=&47e0{6z3PeHOqS=D zSm6%a%x7bUXqKYq(NjGs#6DGVcGHBJ2@2gYxE88vlt|%Jtdk$RTfGK&ki&ghspJ zp`;?lU;Ess>4s-(IE^X(pZmQFo+>IL>e~zN((Kparjck*HkHOG{D{|@==}no z?6r1Bn*qMl3=QMI9EDsnT|iEmZhoEaCTIA{ng21=(EY%J(8ACveXCAr+Ts~OgkcNM zBGz{K5~?lnqWc^6)GRaTGy=``i>L>)QK5cfSaeo|;;QBJI;Xgb)Yso*ELyE$b6pfq zoCKVjLd#V?9UchG#MIS84ClEmK-kmIRw;w+pYhLGmpg}|bOK!ILR9V#@W$zuVp0-f zpT4~1`hxn)xnfm1{hY6hUM;zTi2oEL;QY0MPHFA!mjFUk`ryfz?{r=RbIjrC@6=Th zdeB6>wmR5>uSI&)># z!b#;Zg5EnZ+9*xN{c#Q8nPEb29xTWKY`F?l@|CgD&@5QD%+RXrjE|MB=lW#56@#VG zb}_eW?ExJmi9<(kmEbE5w$)GC?G@C``6?5=U(+#=RJo!?J@HPn#u!59Pu_snXd7Zf zc@6PZWs?FR4zwFG-S z4VW0Rto)r$odyOQQIt%`GNWQr2@3_F$2EN9wVThs!hl!#w!^E%cP9$!eby!aT3e@@ z@CM5k?63;0`!H=nk}6w#GJfTMKBbnmm=34yN2BjAtt)P?%Z7#GW@cA|Q@J}UgQ`vv zSpK>+2Jv#!_aoS0bMI%=HxZ1z4?zq?g|S1;9m( zzUQ)CzvF?^xKH__H%ee7;+~m8p3Ydz;?!=Whw)l!7Z5sJ1U{de&WvQ#7<4{qEPcLG zUt>0UG;|q4a;GJ6e@x9Tl zbE6STEsx(_j%04Apv&IC&yqk@zP_5g%3(*8bk{?+DAGun{m**Q>Dd8`R)vE_rCKnC)Y*C<65jex85^ei!=(LPzR20eP$c&Dj!6tFCW@xHcxM{Z)uN>LXYtz z`Aq?+50;?*b&gLhSbRiDcrLNht6$vYiiEL}glhtpN(zT>oAc3>f+fsd|Mmi@MZ;oD zm@SjQo!->DSqw}8=1*zdYLk~Q{ZBBMMmu&UWVVJfN+oApr>zYS=j$i(yc#)L(Y@RU z6GhVWr)Q2m4w=7bcSmAlQzm`lqwO=oyPoZ|%3gCY58kfXBq(DsU80~*rmLe8gIdwT z)i*CK9cms=NQTWwwYtqY@7e6Tn0v!4}IAJJ)$m|mQ(sdd)0ub&--*C$0JFyC0u z2Ct(5qAbO7_Uibp%l@>F{ul?!s2thsWOYJ^{Q-~p3Q9d5`a3`Dt<=(RB-$C_s(}(X z8IRqnm$w}5y_YU}=~t>&;jBi&+r6Fs-l)Y18F7KHZr1s*Oey>Tu%F*+>9)ui@t;w+EIHDV;@zxV) zp>_3dL2mwhC%KxJ$CFUgsYgL}6k{)UH`jLJZ9TUbd55(jZf!=)xDQVZe$2zMH zZYbxam|MGETzJFRmeR;K>uR8R;YvdFuBa&&yW-uG>sH(Ck&HbkJGL~R^^^vuiKB=f zXZPJ3P;tx|!s6rO?{CC=P(DAK<)ddldE@5ph%0)Wt}W~jc@aFY`a~MPcQmllq6T)L z0>|aCBSntemfDfUE01UA-Q@o+!Bxman8|Ea&fXon-~wO7um}OYi1pzCVGPVxMN(@q z&?H&6NaXb+^}TxH-DdHtri(s5M^~f`cy<0pc=GIvum>}-nSLx*^b_pfKfwHaM9B0? z)64HoSxjwi3x?(nQIzUe8mS)wCa#t)I66TXbZ1L9TDyagCfwr#*xo_(K-7 z0h+2}b*@bQ$CL?GWRTWGiIE(+$gLbeT&5kF(Wj>fH-2wZ0gf%;=W2dxmAr8SF_uf9 zVL?8a{>7-6N|IsijCSsyKj~fY!0O{Fp1l&?z)% zX}1OyPkhu3f1m0<=0z_AGGYe}XNqV;)JvJ`EnzWlzxbYM)bqRsE4lgQFg4b9SPZK;XtJCCKIyek0;t%a(R-<~(8jN8-C z311K0hgwbhi08EclCn_uJT#G-B{*Q2E5v1{OgB%`?cvw-OUX$T%&NQfJ$l&$o!|+d z5IzwJ|8~=1Enl7~d4RLDXayPq!8*2tO}tjuLq|-h6HQ89%MG`BqcS->N?yl`BJIZo zW~R?gVPB)Eg_!qegd~s18ZF`reMi;XNYUR$o)B^WIdP&TtkY|<4>(86jFK}~>b1Av zIAT4|ms|HYQ=pCXm5rpb@Jcs7{IR)!A2l;RHlF1|3eO%&p`Jcjl|~OKueQ-HvSIjf zh}S?Z8}!7kN{{rdDhT0JW+xkDU|02-ltpc5TeuVKibKj=c4S1pRAW**gK0I}V>8<% zfgpYhYO)s}^aSxb?+{+x5GKl2-2z-$B?0p#t6py4Bs36~Pzs7Q?Ct=Mma5i64zE>E zm#h>IMHoP~Sl#y?K-fSf=3j179}T}>pp#tR&oysi!E`UK5hkFbSgmb96}*D!XU@%b zKa5_@a6VHW_dK~2+WXGc!WxDc49RH307UsSAXx!3A*thywmZty3bPpPNZ_py_Etzs zeNX2^8bw&grOt;A>fwP*taA3rMZW@Hp)$>gfEQ#Kg`JLZz#}7BZo$qK=95CM2gxmV zeF-d$z40^H7OdJWAj>v=UC)cV4-K|+xsv{dsNml%F8jm&+Ud!K@Nl71s_YKw1084@A)|X@Eh!&vbmk*t17WOCP}zB@Bd^_QyLug@#mX^C;Nsu2AzQu zMRxj05sjvR(D;+R;~zVTv1A?oa*4__jnZF z$U1d?d4>#>nPOvAYCwfQyiHVqCCYDj+P?aTcEQ#ZZ+M$sS)9|@-rMY9AcZCAjGtzi z5&DJY?COWZNxJxo$Z9+JL85|PgH><)GCs|bFt2pMK~#ny@>zn>+L_d(EQivP7?K>UO2SVcm8$ z_uhR<_4-ahGti>%%avX>aHr>iMzn+xm(^H{QWo@$N!dGxh~rxZ`Nj z`$NsgC3k@=pG`u?GjdM(>a{-w0QTZESP{S3oKcvl{=#&xg0Np}mAkUtb39a&J*G;^ zw_DB$@_y_lINi@zh!gR0_4!d1G%9L8M%!pyN;y zhz`RL@wpIkZ`}vcHsB!31axoS`DJix&ez>cm3P&k?spN0d9z1S@Y-8kOXP%A>G#JK z7`M3k2M*+CLYTkm?oPHg*4Zt84l&8XT9Q=F*|ft@br$h-Cb%l4CJSH>YLo?=&PMe{ zBPbv;MyzO;Z|#yHOqBn8Bx5hvu8*^U-<7_j(2IMGe;0wRg4)$A;Di}wNCau%rI(Q6 z<90_=qO;(x=}Tq3_F8H;Yn+#(s5<1)pF{7JbA?+tUF>i4e<==i4)_2>Rk)g>$Dm>X zbH@GgR?CKcfch|cwa?yB%%X!Ls$IF{17i3YGmy$yI*QX|3h3vF&u&Rx*$;W2Uh+5bd;u;wm|Lr;B1oFH$UvhbLc=8<18n%e4{eEv}cii~1xigx5tHY_n z0_omr`Je_k=q=0p+));hEDbAr3Yk%w)fxBum4_pk_yOD#;rPnm=CO6Ijur>^qjkr5 z%<(Svrq%s=^PV(jFoPkGUI#0z(eCwR{C{H|fj}64NASnDBYY{9{+8)MT}IFm2@zcS z%9?r@9p9R2`TW9e_YVgkfwsR>j3G1joQpD}`CJ^p0ftlPO za+-7N-+!9%y<2yO>WvHfzPleLqh6vCJcN2mUU&6dTKUgo>(ezER7j?aX!CwUkv7}GWE7V=9JdF=T;&%+nmzx#KTlIq!4LcjZe%r>k)+h%V9C(7=;Yl9&5T8~~? zem;dDVzg<&ME7_ZVL+q^M(BDl2WU(Do*#cL0?fEniP2Mhtiz(#w8r`d$7RkQ#9UuN z>>o<03*C8F^s$o*hw@weYn3E-{btMh^Swp55gIWl00Gcr94S%7iF^lwT)lQr#t$HU ze7ox(r0fp>Bw0b0t0Sb~$BoS_K)h$sR*b_x8hrk``#v(AeYjR+|CP+>)H&%y$O8mPf)B@PP zG-;t%P#8A3jb6+Ws5>`#tOK(pZr)UT6F2H`2oKkGsb$k~;aVP!xxisFIa#Dglj{*9 zEQ53Zsv&D;BZsE95Rm#*kuEy@PY8vj$L6zG#K|IFumZ^k-f1LNq%_?3vcy}Xu>weg z&NLY6f#}$S+A|fWlS;&YQ~E@nU|KG2d5#7?>>V|TMyKne@l3t-xQ+&ROy8Q4Vv9rNtJrr+Glw$P78)Xg&gVe~k^#C2|QX7mVqX3JEJIS{c9GRvKI$;2c6Xelx4k8KhBTF;>&bVK{7)7PdJgzxK=x=9YYvri97%XzaAuV$N&NYs}qWcFEH z!kg>ks20hK1a}pYDH;MA;TSBft1?N9DZoW8k!8Yt$p*qxDTAjU!W;Ydz@_IO`4!xH@Q%xvv?r2~(dl1Y1Hv z`(H(A{wNKibq}|%N8KL~ovco4TyI#g+i-pLom#|Enl1Us&n=cT1O44y%hy{5+=1P$ zy{b?RslwI6zd1!s-ubeh=v73J6gjw2I^J9usvITo%jFpuzWO4^hCD5%lkd%&E-w=RHJhxa}Cx z8!D`nE4gI82arByS??@?wh;Qvy$yH7rVX$%X6YsDdO#MPkm8^N@F-I-wOFnu`xb{ZFwv^x$0#Tezh3*AM1`UT<@N0QD!Fn za@hbk;7hqxrZBL0l>w?vLjS>G?QJp9 zQ6ObL<+w=z!r+CJkSogw*!WLBzb`M2jOkqVdn^Z@A7OpE(GNrg^LfD|DkO_p12x$6 zLhZcvdvGY9J+OeMa)OzYviWI^Eteic3Ur#CN;ctH_!4C?nD6p%g6};q zju;r^d@7%KW|ryJ%34mBy~TYwq>k)4emNmasS6_oACBM z{<(LshAT6|{f)#yW*Bzr4Bw(^Ob54~+XJcWP#_7Wh{y|9tucPP{eaP1`=#)1%Wa*B z%X&u4a!mZMj6R&o<0fGHi?hx1!V+BWcbqNJ5J{egbKu2ghHrZp?(y{=`L@jfO7MzX z`R_KL4&uH3ICh2NOa+8)VU1C-zC(cbf0ng=q;P@JFdP#U;cVN(X-bQ|%m4H=%=+Ks zGwV^FHMxIVdqwFbihFFN{<2-7aWPuAVDP6(2QlHlkj41f+nDV7RS#?(IjvcWKep`+ttW5@@8g6c>~Jbq|JYz0YvmY2UyJCp zcx#4G5GC?n6F0oaazk0o&;`QNnv>4T?QAZ4Q-Cen>YvW8Ua1$W+v>LOlZio*D(g=^ zdBLRft!fL#s{I5%oUYD&H*O!`xobkut^vN%Lf{x6{=1aE{?3uiW6*3mOtUvJ0WH(-7-1c=VG>Sa)mPq} zp#)XS_Dxy;i6C(l!U+qc@1nG8qm%hgGKr+h6!xVzMHC> zUe8+RIaMHj-s*x>D`rt-xDMgaX|SIAn?Vn@UW6H@h1evm&e!jYCV2@JM_A#JVyP}p z`kz$lwnMH2+~*q#KgLP|0z9zKN{e0Zev)fnQXKi=ws_%4DQs|P9YRF(6rP*e?%5xm z*NeXJ*T=sF>8yIO7M2fA7AnoOke~WSQrP0XMcFre^t}i8B;#$&F|c(;dhRt&koaw( zP}XYe!$EPXCHFhUB+>Sn51rTezy@*7)i4Pyc+n<@t?AXKy_R;5*F*?~rGd59M6vIJ1QepylQ-a)+}cF3W@o zD_E#!?@xO^Q8MHkVn+qNw4kOnUId8HjnS|c4-K%g!T{_gf~E&WY_RAfJiOw8ZAQ)e zUJAfwQ~$M?`$uugm9}h^KMz!*>Y3FCL~L}SV%(vfB$6obth*cBV&o_UfMWx>A-G_3 z8g(U)#8TXUA8Hi?`+D7UF^En<#6avdaUCyNfR!-mq_|3nnL@r=Ljx;?jj(BpOxevt zr&rC_ZQXMHM9kL4e7*^6H}sxbu473CC0)GN zWET&c)^@2*0pa8hEFm&xM(=6ER`6Fi2a+>UNialoJt+bZ>VGK+6`OubKAVjVmPA4d zmstxKzxJ%=Q`P>0z$l50iUsbfu^;X4@yg|yiDoCJ3t{~nt9Jx|01|Vu-UDp(Y>p&o zuffru5LI|04{O+R+{ForR*BG~-s=j@RO-e90wRCV3(SwDk|8*#>R_p3=ZVS=&vL@> z1#{vN**Am%#QGegnW869HjF1Z^ z!0<#dys)F`KVEMp>6eIa02`M&Q6ebF$-h1i&odk=n2q9{JU$WTz=Av$ogw$FWU*b6 z>yXK>6S60^nFeXeeEPoaqblD>ka|uo*4FIfw4=mSVid<2H?=m6ElyVzgAXj9C}vFP zg$*=iE_@lz?Wh!Gj8|@ZF7`(@so*)%l})emvYEYer7M9jzFFNB*&FVbW>=AGq0ZZ= zizPy#&s0f0wzEq>miuHQ?yYskKQpeq%h;@{Ab82#R?SE8#mDG};cjJVO%Lh~}9!IC^izrtG{=m2sVu|QZ7xGs&~ z-8b)RLy>PqhchCbjv=zTM8j?E5>gm`QLzjZfxEH>zCbFE4K967iKn3W^UW@7>|FCJ zU}K??N+PeT2Pv9*P9u$;{0kM+dqP)qCYq{^rknFceQx)p(1L#PWPZ1JMlC3v5$35T z4UB|U)1=QdrX0EGWarB{UNv2s{YYi?BOz!Z)a^Oa$vy=%+7CA0#3U=_^{oLiC0%Iy4>HpT6_FaU3CK_y3@(vr?xp7 z=%7#wmO*x6rah@PsqjBqv3NQ7=kFs>wm!qT4PNJ3>u$CW0k&{z(0l9-dRlmnk5}W&@oQk#)cz0n4$S#VyA@xZ zPIm|VcLrYNaOu|N4HKZG02$f~vXu_6tBQ9T9Qv$Iz&=GnjGA|pd9nLKnFVqE zg9pymDpIe(xdhOFECH~#^)5wfDbFCb+PDHL)aqfPQ>T0*0EUw41N1;1c| zh|>}zAcp@^&cQ@>C(Ky;?}xGD(HC2P7i})fG%W>cf?UWGWXs{lKPt_f;h}lY3+tb_ z%Cq4`hyF9iiloXl*E+QbH^w5h42-1smLX{#?ReJ9b zdPjOW5_*#W(gGqyB7|N-o1J&QbH3xuyXNn#HEaA6SZW~8v!8q4`?{|}fFilOaI<0a zTS0xQl&jMIRmh0-x$ba8aY1IK5@53;VOI`Zr&g&Q=_srkZqE!Z?Yl$S=$}sk)uAMog6#`iVfYlNw=lgI=bx2$4_PR&IP=> zxN~9^wSvNtav#Lb>z-6#!x+lC8&6gzO4p@YQ6KY^JWsuO8u_o5MlvECgE?ImX#CjB zOfuTqtBvMT{sqB@%~JN5+|!b=;b(D7LupxYH+~rJn^=pH)~e4p4deQ8=Um)FNBehk zPGF2%T258Lnb``dj6&0*N0LF29Yp_RM()x(X7a!T{6#9Qx&wv$2id zJWMJ1I}YuVM1!@r-4VYuj$7PuGn_orE<%k0H#?*>kW0I2G|5LMV-wRYdbW~(dhWge zOf1vYc&_APM}hngWg1_JcaB%>kY+gE2z^v<&IvLV5wgqYuC%)vcXcE1 zCr(EaEp7i$?!#?ul=mPFM*01ZuelBxQtN_B2@i8x*-XHpyLanuVuR-+V-2K@)#}k)LUZwmP2a&&Y)Q2>LVdL z+8vkIy}O*Fmh++L3H2&sra+D){w8h0zgDRQ95eOh*I~LkT;4z!<9uzy?2MXsfmV<- zo^2L!da)hK_*2u);GO3-KuY#1=__p8jOt3}S0Tz1CERGLCw+yD3`910MptOs?|DSS z;KCk0NO)Y8@0l1Z>< zISNsItu5YA>7PAG-%9yHlWHp&XgrT+crTL|8Ueb&YTbFH@cdit;2RD^pR?hx6H@xr z8E!h4Jq&6X4HcB=pfo+bA#27^`nSTodew645++dtLZ(AQ+m5QclM;wT! zyfC|?#Vsr)ec*0oemhLFK&3CL?Ofx~DV5R6<7U*1Z`4nl?S|{R{-blQYe_RpTJ&UP6MHS6SiFl}LH$rRV z1$i{(c(e{5?Grxr-rNw_{yBPK?C8hBz-CReNhf^Dgl|`RYWp~*o96QNUxs$05LxWr zM+nrqW!M-%H+iqVhI^Ut=DcDFWFdn8U=_dose#0&Y&JdU2Vv@n-AF~OLC;M9tmNf? z7$UlsLu|ZzhwHR#h>Avp4|T9RyxejKIVpJ%3i*WcJxTjHuzbSr9k}|6WjucX zVXJ97;EXrGW`@=7Ufx6d9%V`W6?ZI|%|9HvMv8a)-FvlPH1tnuyS=R1#lSqovb;a0 zO>J(C!5U ztMh-fTNdDU6;sKxt2o6_dWKA;jQkt**)OZW?=q--XhN1Mu%T)+-& zska7&?a{hm7&1#ElW5xX!A^?CL6_-WNH@ns-)j23ktjlPqU+2h^vFD9YdzqB0zA&3 z-Zu83X1+)2pb7jN7%r+dbJ3;HTjsmx!ghzO>@ru%xk zg?gqE?B{)DX;H;*{M!(AQ}#av1nXo+?wmXfst@1thq)(>S)^jRP$3kA0_N>V#!KHG z_uQVT2@5<9Gvl#ciX8Sod?#-fKv+7EBF zQa=+KwS7)8CRi5=(B>LD-ghGfqjw3Geu$p?x;0ZZvzg84>WUBbrHXFJhwENc`0+^< zR}PvqILajAmt7Qat-2vD)F~z&3aAKRs?|2UaSAO;woZMZ`$|KQ)z_Szw|LLfD&L!p zDDFS1mL{?B$gsL++Kx0DK%V9h(-qSo_?p}|J_6Z6aq-^WEH^{F9?hk1YXb%&(=SO4 z&FBp0|4=E01*zeK4E$_(a(CKNjOBktgBAuP9k|qz$tGm^6zr$%~oaQtC zz0)OhE(9_Hn=floh6;-lQSASk(IH?v3wCO9#ccBXzZ)?MjY>N$!$$nddSsa?LyB)p zzL|2=&!bUp3~S?IOOui%q!xEeC8oK0Q>pW$%Vo>(Ig0?f3N~ArDx*AlVW3AHrF^`z z3?uBNsH1-LHnD$s9y}Pde9oVnH!Z)q5)E7Q`(r9p<{C8`-!60*?w?CJu(fy{9&oT) z;>Ov4xDT1efBy>XyoXh!g_lHt0;1MpQ!=AJMw&Mg%zdo;r`0lcsiXalmvzQ!^!P2w zhdJeTZc~ii>!K3Su=<{zx8YrLi$nW)8-l=0e1F2g;g{@emYB1YCe->}`1!ea^!%!{ zR&A-~p=|wO=oUTPRi|A0g?uDUQDC^=`Efy`oZp;SE!5TC=JDOdPQdItn$Tc+5O&9t^!4C`FqQWD((K)grXZ5HD#qi&SM8+-pP(9F%D&OBOB%VpLo|dQ`!d$!6 ztz2(!gtR!{kh%)lWnK&EI{^zHNvdZ^rc2&KD{No#c71$wNx+dLSYGTCo9bAoNG8Mu z?CoG;1Rkp~41ugJu&QaX_Hv}Z;oq!f)B+4klx6+L-;8-QGb?Dt14@mh$UXp9ssJ6_ zmC>>GreFPwmA-C39f+N4qDONDM$VVXzhc)fNhBt_JQ3#*N_J>-tRT1y@Vgz! z)tN2xBC|reQ)u4D^%{OzC>brJ{&L|~RNsOuAz3`^B#z?2%a;~$b05_SB|ZmMR` zLJ!f%i)R=YE$|$TvuDI5Z65)tr)I_#@>y7${EZnH&yx&B*j_BZ@ zHtQ3DX0~=dBASR}@87n;OJDG=Tosk=?yjn_pA%bcvzc|MZj99~Lyj;ZdbHyC z&DY0}bj~37>6Is{R|rWygEIo_a=(rvA@jEJyvNdwU$e*8lSFOm;Mz3Lj&3f!^77z* zQVIs`?t~FrG@!NADgR#V&gd!XA8wZDUaDUk4=uik(W~~;G1bEl;gcT3(*;Bn?7|gl z0go_Fy~gJ_-;?iE7G!HKkDEQVwM49z;Yjd=vSg+LNIs!Gb=wP^5#t#B=(zgh%hiTE zTx72Yq$La5^kQ6A;L49vIH;NF-gzD`t?}*5d@fq|K0MqtZ8bYrO_7papSm@#Z<0onc=$02THVvE zJ+?M-;FYeVYc)B80b9E$nvn2@sq=;EB|dcBmHyPq2qtp=w`;t1x-@6%-X3K4mE)X~ zhPrRio|Sc49~{g$%xGtYDkpIFfdjbp%vK%zhk*U4gN_^xCT|(R*pFtQxv7^$(Kk6Q zvHf=W68^l}vHR>)<Wck5I@uWk_MEWyZx z>(yh$YHgJBlqikh{06`xp@+H|U&~x!N~*B~O7CnnBj4`jw6y?4^{AMd4!Y@X0bZ`h zS0qf(lJ^W}N<6Qx9tK|enP74-QkRvcWdU<>ycMAE&O=?U%`_-F6(wohruZp8cEW>T zhR4vTb9TxGly`{Z21bY^5`W86U%;VED#O#@rO)QI>GKlVlY=3D(G_a=U2p8{lulM< z@-b{MkO?YItPJTD)4cSH%AM;wp;pURD?Mt$%cK;m#&mYV|S zGFNi@FfDAQ2KCO`n&3p};v)M{3&JR2m8m?%u)DtpeA&KIrCBVrHSm? zlRsV8DKa4fOc$r)Gk5A;soT9mEiOgoNS)P0(hN_Y5?$AIP*|de9u;7FF0mz1`BG5 z*a9!e`PGqX9Ue-r2VUv-#`m21h^x<#yq5KUbUlm{cJAmY~q#91AT zzDLISsww$o*GMi~6Kx!8LQ%v>TZ$?HNL>g%O;E&`l=$UDisiP8^H1e%o5gTq+EW-~ zRuZbPO#0Q&X9<^b=DfER08=B+tYCuc zpJ1*_K5xPuLVZ0jJcH#HkGrxKQN9J8Q|Ijxzfc&P`ephXwT^LQezYl>)|`QrMAG_M zqgOj!3slm^Lh)sn2nC$CT)#%DPd_>Um>BX5^uxV6Ci{EhsT&v<3d66>kEf>mGhGtO z=4Rs+wMx!@e-j$oT5)HQ?*SfvMk_3rv#dn?$xA#@c!_LhSihzHa6CeX8P<12-}01s zEQeCvihncqxNUU=U47(xDv~7e=Hra_*VV_oba;j=?Dp+uR&>zv)XNO)$#6;zLwNd9L&l zzD8zsiO+UTjk1RHhHZhj%?xo93~%E55E%Fh`gHgp-2RfF>&Gj5Qf4=taoRJkTAH6d^2L|lJ}*6SM;TGp9FRS^#`n{yInkM;OZn!zYcF5v zyNkO@0ETOWSAk~4-T2JfZjUS6XKr-mtDQ>?PoLh7#d&evSy!|yssKJ$t_w<(9HJa5 z%(eo4^Ah!!GNs8w&{LJ4BIx#8;LT{BW;d_}Edv%}E)I~tTG~-qA#FeF@lbcfoqUWK zul5k4qa9Gbc6pap$EQ7x`m!gAXbUi5lwhyd>xhvOp{Zea6|?7cZF7m>ih252tCpSMq_wR(E+Y0fosFTp-2=-*x}xdw>2XJwz~kxQhhABg5W7= z-o9*zJMO<5oo?P?v$`?$VE<@`V`l%>jE)wd9#~dxbW+Nn&XNA;y9(-wx(p00M1^4t zFtiz=(UE)HLkBIrqNm;5;Vmc947AZh%S7cLwrWLn={0G2R8kj;U)`-JG4)Mc6^$1Z zh+3at>gT;yowmj$*ZqZeF9y5{PH{w_&EiK_@#@Cn&r@H-B#!#M;}HV+mq^> zHJ6|4yK8qwbLvhw#@*xec0*j%B`lG#S(?g}AEW_evEc64fNU~)LRVqeeRy1g^K>Kp zvlMkc1CDJ@6sEU7blZ_^9H3g<%?Hz);IEPa-)A(M3GQ-mwKu1M?(kaQL9##*s2mJ+brH zB@1{lQUhC*9~$>PmH{H;eQ4jp!%Ou04rttcGx&9Uk6k|s*pEGh_6l89q{w`-fZ3?; zR|5Nc|Hr(3^R1Yyk7BNCt+dT<=a&i0_Y(PVY$ZXvWc9n<5WvfZ+Xfoz=c3Zi<$St$b?h!a07*ZJi&FU-oH$I)ls4=3Do(> zY8}i1hD((pA%>k{7`Q^h(@&S8bC5PaYWZfVO1y!GA+E0}I<`;eo;NweGWHrcP>zK* zOjmhUD|?U!j6d#NR(}E6IO$Ej|6zWW-0B&Pb6c!I@Rb{dVGJK1TfDL}_8rapFp$#r z7|`t4!H(*pN5)%Td3sNv8ML0YbWG3a;+nDR#gM&d;?@wwwsXiWw(}Cmx>wL};HpaU zX$suRzTWl~Eua1Ak^gFWrSDLZxM~O~ZGJp#7yBMDdW4sS0NqiMzkOzhidl;ImEp+= zWgo(3hoH)quGRKNN!MwChZ?z7VKlWKLBCoKjV<1c)f7oR9rv2qEiO-u`*zEEmnOiq znXH-7R&`*8Y=Cwk2gpNhPO^~eklRF`6%>vPp>S z-nY78p_E`cG93i4nrCTXpduApYctUUXi4Lztl^w9b#|XXW3&!q#x!dhSG^vDAA(;g z_y!$@)1-C4^FD#$Ll(Q~nsuo^e^EAI&*m!wt!ZVk*$0%h}wphZc}k zzl~l>;?VbQ{A!b!|0|cQeo2TMylFSE6U_y@UX2!g!6YC6cm6eY-xIr6bY9p6d`^Fk zWCe{Cs5<=Gk+ZZ6el6P(=%D!Bd3jH&3hbuw23`Ikr#Y(@YDxuO8z(Mhg*FN0Z>NRkS{rp!Xtqz9ek3Fx7>WwMd+uNZy zQ*fsbe*FzrdH1o(&Tzq0UZ{` zK48@NR$V^gNM*iMOFjHHH><1lWIQ-mJv(;qQ(S!Fpa^&}=8J&@_F&*wpvsfhcJ$;X zn@R~8lQ`Ix;ctIUzZm2>0@F3~k<0*yKiE4ReSpc4()Ta?4RBXre|KLYiq4A>e2S@# z^Og31E9+7Rf}l8P9{y>9-3-E5C5j3uf0UzhwGNYZ3f zda6$U#6ddhTpg;7GYeJ%U@Wx{3v)JaD2fu)@cTHE-!rSX+F4KJ-ctnKfd6qldg{T+ z+}r%&y)%(?^-+EAVu)QS-=m>*ZQ9qRx*J7T{2W@etLmD`z-PH77k)b~_`{vvlJ9NG z31vphxP1i&lPb`YmkohJ51heu|+eU>b!3=3tEby$_Jp7GR1`l-E=B?3cGjN-6Uc0VsPD>APlG}ADNfRKgdDwRP zNFC!6%#r<%<^7+o_Ob4##fxdR!yLfQ=lwYtOJ!bfw;a zti062JK}#nQ}$)88hfy1_yD({|4R?Seh-ugc^SL6s{2E03Ww|}zy#$%I?L**K#xm7 zBzk*dZQ!gm-K=%L{(m0LY<3ozPW+F&rcYcM>v6@%H%&khu=TZo6LL<-pWz6{9P;F2 zgR%F%$Ly{P^{_LQqV8G2#O)*$wR-8_ZNo{d*VaBOF}hWcHQ3^Gvj;d z&;Hm<{{Cj~`TOR+39R3d$s9gGZ_X6oavj`?zDr$@2G26Vz|PQ8I^B{c>IClcoTmY` zW*Z`2P(3PX=Biq|$pq0ah(h-Wr*J43i06QTUp-ut=k}~9Vl>n{B?K|F z!|=xw@b}xTCEflNSIUTZf8Tv<3QSO-Z~A%T?1XLzR}D3|qIuIT?oLTgdV=wCRWUw4Un*2=XtV#>%p5skrehwX!BMY)IVafAGzE zp>4bI1Yex-@!C_K?RS0$MB(K_lplCLo0Ndla2{~<9xKvh!vzj_aYCAW&l>mEk;>SE z4V>_OEcE6-KjdFu$VuaTL@$(VJ!v>XU`Q*~GwlW)4|G2S#f3wH|az@%1v&K|fAgiws#H75m zm`=~)IVbAZ8^ZSci}umK+zqknm0~fA4X(3Oo{HXE#%L`sleH}C{hnBsJp=J!m!Dp>1Fk0jK~EX8;`r%l_0uBLk%+|x%$Q#2%&gA0kF>q$$7^;GSmVQ` zTj8v}JLAfkq9OB1g-+_h`i%AxlbaJ}p{wY_j%97X0kUf~6bTd0%MODhf#MdvRpq4o z_f`DkHI_|YjWyrv!uuwx1r;hrvOc4yB{BW-IF>%6%jv4=o2JDEq_|rBv^4kG`TMiI zqMxcefwt$oz^%q{b%>r?!lPog#al0uMbaYaH-`s+WRIpB5{Mq|yXQLj~Cyr@mfx@+7 z!MUj~kl^~BLePDcRNWW+z@;15!aWl#v74#8$zv?x$_QdG*nwr6`W(1XNN+HoNXUB} za9N{NUogQ5Sb$KO-ad`_W8B$yzuR6?-54^CRj-4WEwTZ>(QuseS?jy)od5=y|eHe_yA}a0eKK!yWfBfE_~mhr<9p8-k@QPgFrR1et}?{dFqC9P)wnM>wCYx6>nA2Yvn`%$K6yh zS0%=qqQI3nJ8-n{`B~?6o;BH^#cF2TNGIMh>duM(sKWwHr@${V?sM;7AM~Fu|MNqg zh?FM_)n$_f-Y^5V?+i}eipRkb6s>^L)k+LOgi|Ur&Om{+XZa!UI9eB~N|p9Ao@?D3 zQ(m7Sowrd_i@~i1#vlF_wMLKsp!obiYfUCt{c!{1xo`f<} z1t^GcF5zIe$(LSVUmMMV)3|{(yU%o>k^j7?yU7(DFU5K{KU!%zYa3_8b=U-ga%NtN zTwVh0dMvJ81@x-DtiRX(AFr{vxElP9mHQxi13ZcQOr$b0GB~_L)OG!Hu5yA3&bqB= z%NgVf`~;ZvBlk^1%6K7Jg5O{kQv@Fqby*n?oyIY98s}=>d{U-FbLf;6zM1Mkv#>@& zW?I37SKrw0%=P#L(`Etoj`iKUj((sIbpAcX=eZOqjI#&Fvi$KI{rycW$A2DC=I@|h zE!U%bH3QJV!=(pQODMS~aKDB#Qf7mS1@D~jUl4@rJIvI*Ajsn}Y`6#b>Cj<>OD0&; zaOYaQZ%s~1A)ndRpWw14LcpN?S<3`q$65f|qBAJXz-FmwAX!iue9Z+!K-$PkP_*FP zSKpPmZ%pSwG*GQDgBIxsFtP;%xnXIf2q3e5#2L*2b1(2H#R4D=KG}XE<@Dp-^Aw>M zLbg+x`E!{vSKiZ$*LiV2K~4NhTy!O4l;R|~e&_A6&)=W!k5|)Ra1&U4Pmh47UU?y} z07N?jq^m#+ySD)8R1sXZWk8snK-_sx&7a?VypjR}besjbI}s-b8=5j}%z)Sk%Jy7f zkDI9tev)pf-s ze&F__1?`d#w#RRxNbL45)T_=PFI4Y3_VxeonPB0ze1QU3*gwzNA76}p9e4Pz9Y9#m zyZ`=n|9`~TAM&C9T^avhN=y6yQ1ILT%O3^z?41$0zr67M-nyX*vf!$o{+PK3pa^oX zTPP+ABmoDr7(nd9p%(wQKeu6WfDA5!j-;JX4i2ZhZ-ga*i@EfXIt^)`_e9|je`HaM{R62k{q@Mrk|p9zozQUX#dMW)PJA_dB-`nQ@zOpw0e?(U`HF6I9TNIK(|4;wwzo#9lYu#aC|JWBzN-gkM%>7qB zfC)#d-_3YrubFMU_ttoQ3Ji3OM*LH;lI|Y%Av&*Y=01R281DjmiI2xu?fWv`f(ynLr0690lT0qOE!Jbo1aBfC8( z%r@M9D{ZsG?HP*DR9YLme*|d4tHS%36Z`kq4pDr@m05T8QNs)z2nk9-I1EssBAGj_!WIRZC)**>34JukuDtn6^o* zvBf7Pj5FBEZ^tn?P5^_#mf=x9blbvTA@vomAuCj95YuOEFC1Sa7ZH;6oxtGz*qo4tsL~Y~uRNwCJtt&VEP}I6RS{OCw zJ1S@SEH>Rimo#}msyzNWC!?-PYia5ex7tB=VQ&k~{?ySd5P8zz>DjsaMMC}QvHdqe zPrn^%N)g$qi=R|_=Jj=kuc*IrVfpBy%_JgJ)fwy9%5O+z*RcWjA-t@U^=bEr)g;<* zatb*?`4O6v{DNs|)%_VZuYygRE-h(>Zy4J8mF)=Aa%L;ZlkiNT&{0WbBP@Z@+U#Fg zfn?kN`Q&>IG5Kr1o_$Ek%dxNTqxX$D=se7QBmBNP)6@Kvqn*G<}sa)i2_(_E0*&?D>7mpK3yP|H-S8T|dQE<8w=`8h;P#b%y z`;Ft_OxpMux)HnV>zzoU5l5EX6IKbbVFg!T=IlcDXK1Z<8Y7aE6Yix<)ahM_UJ8Tq z0qPcYWM-`!jU*>j31nWll{4e(nK#TtIdr%37Y&b$3ix;CS%D=> zbRARgYc-1DrC9-&nDfojxh16|F!bb~yLV#16NzMG2UiL4*1!K&FxBY|PwWayQ9Mfk z>c$IRhHiyrGa>viFPdR79<)k`ot%%>v?cIx&8A7Po|qWQZ*={g*m2g)`?i-+B9^Z$ zCxAEv{$wJ`01-K>a!d7G`KQ;{tN+{SWUmhL->Q?ZefX|qlCG^l#b?R+0Hv*x#l1ai zgQV2f-TT(yw3G`D-_AQf6=6NqmZ04n176p94USn-@4~{?jfVzvN)t$wP{!T=@ z>s#aW&cL}xTYw;;7|k$;iw|-J1Z)tcI9+KL`g1rzXJt5}fb2bXWuvXso_5twZVp@Q z74>d?!sER99)w#n;0Zf+GOYu1Hu%{I>2Sr0=-tUVJ6P6&Qt6hyr1_Ci+4bNI)3+cK zlzS?^JTAo1_#K$od0|Za=5$J{_k60gE8GsyY3m5HyT=1C(VFAE6MuYzkkKd;f|{8Iqs zaxKA0?MD^UqHpRw?ri|#9{&48GId3A3Sid2=Qii*BLlI zi%zE}lB$9ebu4gSEIbDOI%Y7dijzZ3KY;gh!O;K*YzazBpC6h1`d(dtB}Jc_#Ik9N)w~$ z$`tU+v~ibo_FDBznpQR+lZi6xxV{~bt%^gZu!&hNo3oUsuSrAY`e7>T9mggLFo+?)JY)oubp?3*RFSCF-5WqpPA}bufR2Bvl{}=-lQ&4 zDg>)89WQoFZ5|W9lfs#OsrP(_oS{C)}^4L;Me$W2fWQx8EQEVoON ziNsZz*NMI!KC48R9Htx8angstnj@*}El{;&0ee;;b%+7S#dWi>>J@-VJc0qE(fN`j z>jev+Lq=pd8!)YeW=Y|jy#HO;H_k^#Ss0|&JDr~_*qCU!*^i;c^bFl1`?(fxFho4r zd*RJ&W@$39`DTf>KdEu_eDu8SlUTaMV>ug=>p{!pZ3)>jWbrO8p&RqS8NKVb$G@5Z zc8RAaz$E!gp9qsR!iRci#5j zQvhd;HMu*8y7oC0VGD_nazYOCoY!tW_*_5lrEEQ3nDqop*E!1y2+>GXnY5qF zGdN_x`33GvmHH}P#` znbn(hv6A7o4byQvM}zHFsga~vo=Z|8-q;r%znfl6?s=Oof%6?M0O<`dviaWN6x0l6 zx6`B+gYhqhGNgHe2uVL9i*XAFu%&7L zG>XhBHLBzb?;uacJx?20dEq~ptmu=8KY%mvCmi@`Q{M6buvBAAfqzY=Opuna^*B2K z7v47mEC)M<53oXw-BO^rfIPNqf1e5rh5CViA;3yS;2#B77Qxj-p8mBFM!|w}nYQ1( zjZ6daiDmf|P$pd%$Z^9#(5x?#wQyL*Lm<8)HpsDlKoQ)AlP?1`3-I(XJ?aGTtCZKB ztk~-i*iagOXu?Eo06ewO+UQ035j6v^k)a-bIi)r-EXzBZ2jph;4%yG25{w<9eVv!r zq160dZwt%sIsG_tQcRZ!Ht+ka$oQmnp^wkIh7?ur>iI-){qEdB@sQ4AifG!UAD*wf zL8%}v=0HBKUKuosXUjp4ROS%>r0{&j8G3$7ue3;ZLL<;wM{GxF-L!hqxb(V^#xVtK zM=$j2u}`^;PZbEss3A6!r3oM&OtfAOFlu7}UZq@RzNwR$SrJP713)Xpha9vEx*!D; z^Am(F_0Kr8aRIlG&)?gIoqRE${8E^UwJ(@73tl9Y=vA!`?`&*kbvd6-RkELnUkm2) z`L;F-*F#g5nTWWUtk^b}hAc4(wjK-*Egf2PHWyp#@kzg)omZq(WoSMP%t6cs$7X*G z?>)LEEt=p-H|z&2d#ueXUY`4$pZ#lyrLIv!YQWOq0`~PcIuh@t{u0;vD$DCV?>o6A ze^1Son2iOZQ^u+Iv7wb4j-mvxMwLZ>J{gmijeeVN3xJH}fu%(bnd{?Av;ZlI6?a`{ zB_O`-*z{cb33r}yLR9?jZMGpsNiS9~g^j(-_o}cA==In6%k-*4*dD*{q`r)dF`21L zr0y!#Duvts`mR-?>-5klKLSJ+f8AIodIz5n9=F@4y9OR|KFB-$plZ`=z{hnn81@^0 zi$A+>AS|y(f|$k%xYMQo?8h6BPTzVyk(V3jyR#By$E_VAE5gRn?2oAXtvm#Ev)Tv5 zU$z--6=>87yA3OhhzYbkygPEqeJ!Q~hZFUL#paB+l0?P~R`7II+5%$nKGW^FMR)%s z{?~<&RxbTItsC9A*hXI-UfJ5Q61{4rF8Rn=i0&S_vQUP8{o;3VKD1Rw31^OGls1;SICXh5njP$N3IJ!c z89vY#q}JHYXhXfb_Zrl>4IUzi2wzDu{w8 zVkKGB=5Se+Hd_Lz>5|uOK2STk{4O2sRb zt>mqg%oI@jYSdDK&c41>H*tSVqt!Hl|(-PdgFhBSAPcclrAh0PKH?UZ2z)=Fx2YyoWxl zt&?alL3VmL0Pc+Tx6UJ1^mx3ei|?WCDA~7P^QFZ!s3Xn*hKyiAGta)Qz7OjYC41-& zgdaHej$pnQr}K-PI!q>3d66P^Wetjia!J@C&y!HQTdlHa=M9WAjq&fYOn(ep&55W4*uy5 z<{`O@TA9KuiCjOiK83XaVfg;E2icMBQN&S+_QV_N41yEifva@a7h3LOK&HCnx`zXZ zH?KRfBW4ba(oj&%quxv94gr&~H`!-tO3~0p$Trvo^DVln>KVlg+S4 z)dp@`KEK;4>`1u$E*=o>>MgHO_XJ$z|pqX^xO95x47Q_AaG;uhXB-lJyaP#*y+8V-vYuKzkuT4D_M#|%YHl#8^=+%s70M~iAhry zuMPtBMqwrfUEWp(0TK3T1_TupbW-M68PspE`$HmpKm_-`m`4U7z8`qkhrrMz?&1vN z2U6HRvZcR}}^ zx}F>C^e8B-^G?u&c~7!n3gDG$rP&%*y)D}4l~X0pwx4fKf=lS;Kc|Lz^4c}NeWWoX zO-8pB$*&cl^e*YqYpqDD5(L3i!YhO5TicVIY=>m@Qmhw}9{0YWdP>RO>&|ypn)W81 zr~7pZ+eY$A9<=-d8DcsnFeu|Xkw+wrphlX2-_Fr{0qb#HYb5sZiSMCuv8t4lD52~U zyU(zQy!S(2pW{rREH}w|MeyE^*asJBAMB6IgLKt6uXOVc-#oE1=8NLu)L%f6+rQ97!TRcA#biwc}i10=pAONis-xUe4r!s~zRZW!M4{@_a z7CM=EDvQe-)Z3@MMNi+)T&k{E;c7-T89w@s6v|0GW&TjZv2tcDfP$(p+31_AEzxvX zi^o#b9k{2wBr?~#B;hyGjt9KXg*VP&$7?x+I~`YRm&bcGcRXi?$K5f5@q;O~zv^PC zYL`?vX+d|Kz!FMUYzo3;9KWA0-u3K>>43cb$fx;We}2m=f!kPX33py%$wsLIC)zffA3EemaG;=yS!9uo zmyO(7I^5oz9yvYw(S%`jnD?>Pcd(jy{w`#u#(ufZP=U2cUeXkq*<&x3HCMja@Dij^ zXaIjPyS61S0(QRzZ@cN-O8sacn%*#st~_gZ%k^t3m-MYCT4J_!JL`5W(yT9=PACEL zzETuXx7+5py4z{3>`YWMkD&GVc%Ae~Za)<;(7okmk80(*Qo8{Hyqj|62a`26)7;Gq z>KMCD+Uw9M=V#{U&BxO_hjrs;Te2Gti|Dc4Vjf8$ENPM4bt-F2%O@Na*)HeN>w(-S z&L(eWOidy;w`dgylWWIY84;I6?zBtDg)Ut=TY> z6)o~s70w|1?8cZZi_WIudJ9%8Wcxu$l*7Q~@4_-x@#x1SbR#B&1Py1q_}|)Vcn5nj z;d-?7*fT0sR02wP_T#;c6L0J|0FY35OA~984$wm_7?rz5ckI<`uigvYYtYQAs$FjP z2ylG6{X-hm0J+{AyIYb_7cjm{S#NYluSlF%a2IUM)P6D$c2ELTM&zTt`u?{ z>g~T=wUHdOT*7cPpMzshp7S!qTAu*rr3_N-*}-YMoJK40SUmc2QbKxWfC-zOv=9hm zR7@3lFJLoa2)CM<0sPoT0nRFY;PavH7SYzfHT_UCPb1Q8%d>?ZjlJ1}%6)xUYlo^w zktP6kb)lVrn8Rfly^rcqtB~C^E0AVsWl*1pz5Bi0^uJL0ccO6CpsT()sOw+8oH$%n zoP@~;Z%R*u9!=OR=Vk6)Aw$CgfV5bBL{<9i_Be=q%p8`!kgx)YW7dhn*Y9u=SpyZv z$nWpfM%^udq@)I#xFBHdeCI9h%xtAL0#dD!F6SU<8y40DiXi=7FIxsa;A3&Gfh1_` zNMTjStjW`fO!U}LUHhtZnsTc`KeqZOwN z3D28=rrQP|mV7hD3M+I616C3mDIX6taKD2#=Ua-&Ty>j0DwFT5m^{0iaSVz*Hs&QT zWm5arjV5J~5Lv^)Gc2UtONofqmxik4OTB>96yyucS~79C5oU}SQvmpiGW@RxMncIY zy*ppgGTxN*_RSOHQ0?li*DzBhjAK~!1N3FnT8Hk^xuyBWiY-74Az1EDVY8ZV{sO;< zucNo0YlMz?W3-9I-1Z7-UROlfv`c;Qtj?DK38bVTswq`U;Ms;Z@cgIR111wgt1qVj zB?P%QctZU9Iw2X&U9GnHP?daaQ-0uScE%o=#yyJkYMv74Utt<1lq!3qYt*sH3erQ?xrE@?yP3CEc%YMLbUQeW41n`UD9CO~f^EUxr_ zPTJP@_zhMSRt+ImttL*|`daURkF;B`O_;YX$1MZVCuVX1NClag){_Z0$%rVLL5bB_ zU&0+>t7o3mn|i@t&q*RI;HE)@GQ#$=BcX&27vXmv(v5?l#R##;T!aESk=$J;lR*88sgPxL0kY#rtr4C;Uxv zbXWUiD?_w_DeY@vF5NHAd0u4TWIh%;)pZzjxMw;iX5XfH)Ia0BxA&!)FP};qA3eXXA*jVRSf~y2co#0S=8iwge{tnorvQuWbvr)mGS|VHvZ9IF`Ev)gzQv0| z?ynWs;mT5b&FeR#8w*`8@bA<6sJNDsiWN7qUKz&!n)Fum*~+}*+cp#Tx7D@w@e_m1 zcUbvr?7g z;*(CcflK1Mt(PlW4JIA_rzL%U#m``|`Ufm|l`Os(ym8T?z2p!cCku{AkumCTM;2vQ zG6PkeF;zX`+neD^Nk4xenEx$H*1J~a<%!juJLN&gqeW(jOfu;bbQK1lb9drc_MZ_3 z>1bn>Yx?IXCAQrIlzRPnqWgkMA;d6idO?8^#tJTiCh~>v*}e|2YW-k4-~3%~x$8G* z$>C3)PS?CaTD;o!kp<+xJiuIouZMi0S;UcuaNItR?H|CGmNybGdEjrdlf!ZRQ=}Ql zc6BYflmkNmX#@=vnfrP$`6Gu8_Zh|T7M&JKp5QeAj}rjxrG-svsvCVAco=pVuI#U0 zJhpI_*~brg7EIOb26XfHf$btTCM@9C1qX8haw(R(^amokJR~PM?#mNWieOR>{m^Jv zHcXK+$lj)=v~;pLY^dj!U>&ck&+r*j+MH`*1F5+k<<_R)K(D4FXEmK$1czI;`xd_~ z8iOYTS1VKLP}9QJ5MsR*r8k8;Vb+tB9MF$|z*uw^xCoek@M%|EuxP7z)n6kHKr+^2 z3-rd-U3nPLu(O!>9>-~ot<>Wo8&(F>IKI{{B`9H9(auS}T5V-|=qvk@SM@1qP&Pp! zH}1niNY+n;aa5^0JjSdTXjw^A(m-?;^MjBa=XCWKH~N8tgAS`Je4HC|17TR$_omfH z4A;!Uq2*=t83c^|rn8S6+DgkFJD>jLRKL^}W{z!G++6W9b+7%{3d0sEzcvupq7ufh zdg1>#fxr;?`nW1jqhi4T$1_YQ&VKnFv}ey^v$5pvx{wY(;&P8lpul%N8|c0Wah-0wI+vISVwk57R8IAvN_K$0 z4)?Gzp2(qfkwe#V@juIMpg7diud}jmN~NJ^sK2#Vg}x3ssIxk*#Cmu8zk!zMD$aYC zSN)#-B5OCJjOrTdVlg+C+q8*RTk zTYqWw5k0c@KcXi?=58M{=6^u#l^Hj|>zv--YGTk?6zTW*npQE(X4xNa1O!9*=XZEt zihV(O$d-D86^;xQE4w6sGwl-m1gwy%K?&*rgOU!v-Tf4hWa%Ou0sdu4e70cX@(A#me~spZuJdxe1yslp1c`Q`8q@y#fFm;oFdEnY z65)RMe{lDfVNtg2`Zu7YQX&!(Vt@jINaui{2vSP7NXO8f(ioJ0baxEhHH0+M49$Q@ zcMdQxyeDft|7Wdxt@p$K$=YKIF5b)?VF?*rAg1V`C=L4u+!JY z6$t*^eC*xW;m{8`zwqui2Z6EwLQ=Wst;_Zrd}b1n|}~Hb~d`MtujaM#~X$3{w|gGOm?~ZLAg1+ zQlGrL*JEJeXcR)v686}Q_sctK^4J{j?Wzf*i2?e7J>ruqg3)^%IvP!49IaQoqS9#> zZGngO8%O3&uO{k!zCX>@`^MQ&Wtb82*|6m3%SAU5ff^{UxxfI~Vg=_U01HULT$ z^j!ccX*3ZDC8yf#5?37W_l58pqI=Q(@h{iCTKBXB$ivAJk3BlLDD?(CGZ?VVZ{7iS z^k-l;R}QT-4O+st#KN-m{Q3CH?w*8e+kp{JC4r4b%AUIcu0d>4oqe5?-5-Ile93Zo z0!K{&A579UoR8PJ@|GU++X!*`3HKk&^0ZD{)+|xgMGwI~*+Wr{;2zK}Ds+a?KZ4G9 zGgm?KvfC6Viglgzgy^~|Yrl(B+aV&7ISE$fFV0MzWDY=$@@D#kgI&sGh;|68-CB@W zNW_}*hw%i}P3vvi@;^38B0*RQ@Yu6(0)wj5io}7wbRE26U6-3^J(AL4N<>e)Gzs9I z0hhO)@TAFt&3m4swv!Gb-;b7YT=^$WIUw;d(V7pM`iItDa*1)v@|x&NV4`I_UJXGg z-J1vSESksQpMv39njDmUTkJSjREbwAd~bd<=UpxeSJI4>sjBp}LAdEe^Xt9m%-3l^ zgeDJ*f-VJctee}+T^aeU=c8TimSowL35Grgi6J`gnyCaiu{8#c?}su)cqwbJPx!vX znLzCbz8dwtSqZZ6N8$-j=c&Q6ntrotUS_bv&N8e-#A-s6{17>4lzN&vdb;Uw(H3U=PGb8F%hr zp0g2l!;%N@C2;bi~uES zp79W)Z!-z)fbn3YE}!-6Q!p{A6de@*_azw#2`ncV^57w97FRq%;R_@0x612>;ns)Z6Cuy|wXb9(B_?>;5X#ax$ zkf`Ybmncu1msL2ShAky%^bi;Amr!MqZ(#tJOUhH|^ze)Nu3oIC%EF3#rjB^N=SO5k z@CcY5B%z1c>5r2lAg*f>v!jYckJiHXvmOuefN>#$zqiv02fZJtNihA&wZKVIqE6h{a zv$h~@uGApYjJ^_M-1Yk{v6du?L4TSf_f2pY>{a>J`N2k^j3`E)hFk3~rt;$i!K0#T z8Rt>1;&RFl<|6_)-KWG%WT$A_&~h);H*d^H(Jd^Bv+ez^{k>(dknCn@%h~~|o4GJ` z!xjLJ;gwHRveP)MroYXmaYDY(&NW94xlyew!s%4lhaK2g)AQCoQJ`KpxY=`t%OWS!LLqqZMi zXI3BsnTk+7lRF^dBW$chUGciVP6rYg5*56+y&6lx$=M%w#dkJV*SqfjNVrG4=ITer zxpHi%>`&{nLVhZo!lGUYWuwh&wx~!w#2eLzdnc>pU!<4exuFQO7*Z3D(hc&IhBGXj$aMiv@aqqJSryoKMItX+#CB;pEM16qlxwjI&%8tZq zBH)mNk;KU4$S3A-_-X>2&~=+1c=+W&CxxBY5^?1EhY-T7&50y%g%I#A?S}~Tn42W6 zmHAV+eQdU}(l~VfF+ie_@^Hu+qo-7c2eHchkmx2*Fg)2xNSgGbOQ5-JdwzwK9G65D z`o3wBw&(oUf>#-lcQ~GS zo%GYF%Jd141CySF(+G01E0gP<9u;Lb*+5t~R;a2}prM^A`P0k#%jFiy8(pHH9K7D| z#e$NgdrPxI=cKTcOQS9*^3`qBEFHZF_O`{zRYcjvnf0+;s0W4RRvxqs%C-quFn`2l^E*7xcy z+icL7-`SyR2<~{!1n{K72jkf!gGgdP$gONbr8%gt$)?3A)jU(Eu`izc8XDh>bl#rL zul_cyxvLr$^zx84>sxf1)7wC!snCIgEPK)~0~6IW=`ib1APZD;E}MKvnaB4P zK5=R6S#noUiH2(2wZ>|y$h)D{#rLxwuqQ#;EVUOWaa$Esf;wUpiiQ?CW+O6WV+zh6 zEpoDl+u%^f_wlxkc%hGDAA`7OZd>|sKg8Z0RxKM_($zm9r*^Y(_S{|~s=u{}UpPrj zb6mdn+y=Q_8n@eFXU+8;A?IG1x1`rAo$}-p6~}EX0Qzw_7|&zBV{*fVuK_vzeF-DJ z$ohGzVl@IZ_6p#O97zyPFblYM!58v^)%%tRNHk{6@-00A?Z~kg4mT*aBt1OOV(Lc} zfZORB+h5SjLz}!P8$$LIZPcIYJ8e%5xail(VCCoGya$KB^s@|e6|Vd0M`eC<^_tgjs7kaoa@o&MP^c;zs~boHgbY2ikuU>|GKm|z;^w; z@okCkKpfe(GssC02yW}SOns+5*pCv4cr-4jV3P@U!b8(g1t!H6DX*^ zsr8$!aY6bL@CR!>IXj=cCHLefZ8Q$R&+{yX-wwewCj;9exaNAb9 zhZth%Kn)Q5utcvTd)67cX%BkQs?VQSqECnNQbx%)q#jl69nHOw4jFT8Dh*mHxwg!# zgRcyz1ne~uuke`<$rm$hA2;-nWkw+~&Xq4bf ztGGvRUs$aTJ$3N>ORCtXoZ(tFwttR}8a$_W{pCu{IM{ypyUoL`oZ>$&D!&q*1cKaC(#0z2^HDzeB{CSj*3EE!J0>kDThTTs5IeEcOCrdj@gzXIex2j79XDFE%XH zPPbP;3w6VSd2$|2^cE*fd+#Ecl%X4_VlrOGJm9nYr`m|hHj%-q`L?^s)xX5sYXRd@Mf!xejx96_!p&P!OEdLoDPvj`CFT! z2%ifEE9;g;O9q+?`ay;IqxHX_i8k=LZd`fmomDj#2&CmeRqozXe<`(woKPjgA%E`^ z6?EjZN1tAQObWTkE9irtnJ~}@ehRoaTTMNu{`Xa6bPw8&SV?nQy7;0J!xfOP=pFeQ zQQ7^Vsh2sXj(DV}xSD2JC6;}pSmRVZTq^sMicdRfdnai{-j8b{3uXNQ%hq=?j?Q+{ zJ;b~H6fv*q-FG7Q_ohLUTQwG2s%k4F!0oe}@1PNE;d>N*-bx6?Q!rlGD|{uR61=+# z`eCe&yW4jyy_-B9R_rC98q7P&1O7DzZ#`6=T zGyO7h(njBR3a|DA01=tzeUaF3!bYnCkuWIk$A(Wj*lc8{O^a0$($E_1Ycc+~!{Z_J zD?Dt7PBOOdC`e>zb#9(+MMmU#Z$Xo#BsbyC7f%Eo{yH*zlfow$`ZV(eo)4QD@R&9g z@)r5zGg#_x*i+N@Gp1s7peM3D*cer;yU}ojn4BgGz3R0Xjf40!7lC|Gsjl1P&;Iiw z%V@I?-5n;-x#BTMdbco5ptV$%-VP6aDPj3KF?GXoSm=1$>`Ekz0$@_SWc>Cj9^;I- zwq)B^iS?%r=xo#K3bZ3-Rvt9N$p$)hzi&>I)QIkM*#{fuUx9!F;(`7>7n-&@bS0d| zd3WmC1nt82h8xq#&Cu@kC}dj(Fha6k_l2uQ67p1cpb7iD%I#j?rR$4d-we2Hf0GdaA%db)PFnyW9q!gLI| zq$cpDgVN+rmkTr?WMZa5xO7RsFyuUuhg}a};!q8yUAWEdJ^Ek9T$kaOR#0NC#PmPZ z1#-t6v2w{+#G4dL4lDhUAbPApcY{h|^V(Eu!E$Oha%#W;asKn`enD26J$Wa$BySeb zcnTGw9vFpE$P2WZ6aZnghxuG&s6z6PnrqV03)9jyb1JB%Bj zF9j6lGZNxxPSCYQBCq&;iq0feo#fNx+xJXTM6UaynoSll*HiT5yf7=Is@cKbzwTf^KR~wfA9-DS`5&)vVrQg&DZ!NY&e^L?TZ<|Vw z0W{QSn&nv+d~W3hbXKA{60Yt5>EoWdlqELrPc#3B728nI>&$qpMu`RoZj!S7H!-2UTk}v1$YM=u5k5|lwl6rCiJVn>LbLV5nF?et+f@V0Gq$R za2;Dy36HFi$#!9rdBqv3(5~I^>C55h8ei*^*3<%(Pt zXOT{}Y?e2pFYwC;8V!k26^nhcej4WX!f9Hi>U$tRk7t_=@g$W8QDIXKeHYVSgZ;QH zCFc423?uQ-+k3(?6)VpluNRicf-$qvpFv3BgEGn>nsiwoCZmucGYyQwoi(xFWI($G zu6O9oV$hjdy{)r5Th>lf*=b14!rCfAOyth0SjDks9wG9bUeY>S;X>1y1X zmEQ3c1>$xAEz=`mVK0H5;71qC0-$e1`S4BlocPBn@U2G+Ro5_}3>g+ZejS7ak*q9} z?73*>e5Wy9FVD6=>Lypso_m^Ra1k23J-DOWFz&U4(rdA42SiGHH_=)TRMhm{E*C`3O+|%Aq?gNVmJ)jYp3ia^x(gG)qCLHFJ`C?umDo^O~f^ z0k68hS4Vc#wO_DLH)}mz`5w9{`6vU!Onl^IYl#xRpod=hvhLLuVE@~$RQGLMI};hM zl*kW_23bXGUKq=owG2mX?;bugdh%<7b=xq&+^SM4tCi?I2lBNaK+Rnkm3eAc0gwp; zj7Yn35>=_ac3$t6`C7Zo^L=W_!b3SO&|*KnVRr3${=%gqd`(IqGJP}_+H!+qj^7f& ze!Rr#-QCFp0(a6oaph3|qBqp^GJkI2PN@KfcuImU4~Y(`MjtsUY@2}SmYK>uN%naN z2d*Y)WT!&xmmWW9v&u6G=(A_$2^;{4@?`W7vn8VhE{I(@&Eefc{P7ee3F7h8ewG*e zdSupbUf;P8`0f@1^kck=FPh-jt!weJ6e(=|@I(WhetyM6#An8B&@C)12#My<)%tCt z_yVF-N5 zZl3^;j7s2w)zmEKK4?P&u}IPo0TD|gY>62-;c<0=j_C<7j{~Mlm?ipmd%5x9y))-i z+juU+dW#p)4`1(j6SDke6m!ixDXcBB_Xqi|Q5d|frK_P6yUAQQdftQem1WcO^ zpM)VAz-He0-6S0Mrs)z<&b`RN;Wl%uwwzF?8r(saq!RT^8~A1Qp=;Zy2M!&@^U<((6wOIW^x6wvQg}9f6xFzH zA3CBW)fu`|O?L~$mnI=LZ&SzB$DW^)2T47(??>nVjd~T)QkK&lJFie5dAmC9LKnqk19YvQyOe^7DiHIMc4)%-aI4-3zS+ zpCDo3K4@sU95qA_#-{H%{2CX!&@oxIJe=7zjePm8(s0LVV;3+|%Y!E*CLd<=VV*-Z z`QapCi=(F9X;ALiUf_aJjaxlhS1woZzyR~Z-~FgA(0~=vFH4qGB4sMYowmC?wwxG0 z_wURemN42KZG@uwMV=4(ax`?l3`{f0mW@gBv7w!T@DQ~i%gugyy!Vi|N_^vqNp`D7B(N4=F}E7un2H>7)Z;e%?6TuTkS zB~g=|)M#?gl1|icquZ@~-G=HuWcGZu$Nb5Y=AXA3E;DjhskcrnCt2Woe{OBmPkm3V?_Qf~tBtGVNiuh-6wC-f(}$i8GY;n6|? zCPx19-f)&VcdVh9&%#%{Q{uISR!P>oA$$7;F@<9&|6T9%%JrA_zg+C!3ahp3%DAT1 zTF|&A?h>$ZXg0nT&Y3L62_!IF=}wVsGF5ClKV^Q5W+qs-r$>|$v#HdE6#Q*+{>?aD zUatBfOOED=KjMYaA-!~|*5Ng1ESV3Gk^@`Cm#`l_hTe8quk@J>iVyOSoEkg#SapG2 z+<$7Q?cb@ri6~Y@GaJS;Lad8)8r)TdoG`CojGahXAnPsK6#7}SC1^hh)`7bF!p`6S z_9klsw$;YT%wq)ly0?Mym+b}1`FnVj-#-7mB1E1{$NX=UqE_8jc-ep#dfWDFKX`Y% zYz8@9Mi&;|`JExtTNpaGqFmK1`4-bzc?f}O+rFJ~2AD;;6Cj2T>v=&sY`c`~(pzXu z~IslPvVF?L{!EUsvTQj5k9*k8xlXg5re&XSCGh#4~RA!0XdnD-X*}3d(_YFfT zb}9}W2s`#|1Vczr$E!-0XIR z+tqj@)VLHrvM6&EQL?+NQ`bqE3?a4#emSnm^`YYu36D!V=|cA#AsVy__D&xHPfGMM zgDwdM@6Rc2atWt?W8{co;J?pj^)xD1E)uj=`T)vPZb;f^Xv}att4FzLNt?@Kt?MY* zv}vp!&-$pDoA^M0BSx=L!|sq_xHUTVrHp;J07jjdko4S5Ueem65pnwHo7(M(v{W^$ z6n>YK{G%KeEzkXq*aO6jP2yfl^s^{=vc;`F8RzZ(+GA0kzsmU^o`BJJ7li?xY5jA{kD0pYlLHjer^oaW zq$>3b=IAlboWe05GtuTg`%~H^+OsKB=I@2AALnvAzfq}+(TKgmYZQLbD=7#fEZrc( zF0FzN*@eq<<%v0ROHD(H|{m(@eAti#NsOvTFIG#0z@ckxV zA&U>6^@s)#yh|U_2JZ~aa@jmqd&mnd6XaByA}MZ7n-&i6`-n; zaum8|e1-8E$#t=DJ6pc0yG;uj5FAC)~WM#%7vTVfDS&QM9 zOVp<3ot{URhd(fZ6YvTQ)dC_PK7v(Mcicee?25)@PPC%}C?33AS0%)|?J9l8-Bkmf zZ}6kL_#?@G9waO#%15l)6qR9hN7Bz=^IixrF|u;}^NWx|{3+lZmP%NPmRviBSGuHO zKVJ>eVv*6CeRk5E*uqeL;eA?|+VHAkETLe?s4fCG?UB zr1H-sOldcqjzFtjq9kd55DCI*0ic?efv|bxj`d5w+q|Nao>9-yEXAL&@-m!TPb2?B&by)K3ArcmR+np zuV5??+pn!7Chj6+ya`(@1v=t*ew*U4Vr6Ojm40&+Zbs+!*#2^4L!v&JR>e@W8r3O6 z71HE1j!WHHzvO!R7nauSr|Gf$>lZf+8iE^eG#J0U{Ui0IA8GvTGxmRex(DpD4CY!q z|8)WfOb+z*U1R$m0sPGmAP<)TIO}cG6jJx~DNrLMqJfh9`^k9ZXVVTb%o(rI{%e~0 zU+?fHWFJXd>KJ(N{U!hj~T-02aJzQ@oB+IO?GOTWEVPBSf}8FYn1FmDx7g`OLB zg;FRgDyW3K&G)H$9J^GD#?3q~X~=PC-o4PcG93mdaup*!ujd0o#hrDl_o|&89HM}Mbt)VSt1NJ5#)*;iAFmRZqcS$wcc|NfZ6F%4d~{_#e@ z54Nu+Y5(VQIuHK$FaKX3qw6#2pN|&YHpD-l!NOX=F#v+Ke?Dw|OL_nK3>H@H!b$fh zBshF!L%`~>4#E-ok2aoX{H*qx!@oIC8X%=nts3yVqKIX|t<9V8-{;ro zil@ZdyCOc4_voANGR;Z%k<9Gg;Q|JwN1`4_5!Sj5-QayZc1qy+kY{Vq6AOXsG`haO zR#pN}bF2>rqwVSCwXNPE0v4xO7XYd7xzc6_O_y>s4%VkaAe(<1&QOwwRp^{49r}`m zO0-1m$|_5f1b%T*G1pZEtd#MKDffD{8YhKPwAzX9pOgV6N6XHw0LW?-eNqF_a-R%v z8vjN5P{p&wNtv=JBt^vPTRbaq@sa1ysr`r|W(*s$TUe%0$?f|P`;2TpX=X!OGB~I} z7tAQN65x~ljeHpj7DN{McT}V!82|mD#jWmU8(6Bc>wciog^SlZ`&<64?qc8q)cGej z@SE8{r5ZD#zsq#>T<;;UqJIPQ%Q?qeRF`bZISNtiniahOjbhyDcXqJ$UTR_r4{KqH zUesL$EY`-5J3z5l1%`<8-bWYD-jD1`fm9}Ee3}e|;l&C4%o zeF>Ug_gY;AP+ukhwy4r4#=q3dVnV{NFnv4zre)6Cv<^Qc-omsS_*B}11Fcc@m%=r{ zvvr4Ym;p4Ebndq73>8iW?B53ii%UB?7)Gyk>GWc92ROxApQsNCx`Zu0{HjKqCixL6O|M~3zQN%ijuOxu|e z{`DtN_*OHD`hfcS3C&9*0zN4(0C1XWa4D%P>3dh=z1aKQvepaX3TC^{&JNE4^?XCr z%04_f!vr(_CiHc;Uzm2KF;buxPmnKU5-8lc-hL^;Cvs;)B7!g%yD7^hPFitY?`j@lq!1!@JJbrghLYE zb&_KCZcH`0RRHUZ=9_R@V^%A?9PEY~Qjxz!g}~a ztyZ_$D!#5nLJp>r&sU_+2yKrem-k0>e5K;2eCA)U=Y)Pl@!($eaKVKB%=r1IJCH{Aqf@nm$i%ygzIO|WN z_q7wX@GiT`HF@U~>c8!Cq;9q$(kqP*O&qjy2X2A<4mt;jK;SLPAAr>j{;Iaz^1CMX zIyJ1(2ZtxnnXPn&QLLkSCrkOjaw1B$1aDd;y=Kq4O7l4_M6o6tFo6FYNNxxTmVV`C zGbA3*vo0Omx_*uP0(V#Ai_;SMw>#;)a)7rhKMsWzEpJG>5l3y$)+rZEN? zXwt3N2GovBWX9_)F|5xaSuEJ}BCbQTHX~X2cgw>JES5Tn2cguX?d|PCKdJb-#^`5i zX1s2UEX6P=gLWJq|5mS*@9vnnwN<@ksUJ)6C=39*C*+CERvtQomA<^P>07lpk3$b49da7yN>Y#3rj(iGlFV=huBju04){6g#W(Oty0@l$dRLxnFGnc`C1N?n z^s36m4X7G#0~ur7=L*aaqt3WB@tbgZ?l&UJSrIglOZFT1O)PT_aE|MMFx0#cQe_si z3-|e5nv#<80VKCz^@*E{d(I%9e*hT)mV&d9hSK5FgCTW|2gSM#a&NWUr@=waM*rn4 zRF79GW5_)EMJFow)|}emFh_m`bNE*ATqatetdFcJrN7b;P0|DG$%2UGf#exF4^Ev% zGtx!r*jdg8Y`4y{44tW$BW02vpzyQ)T=-hR)x+Z*+Id?p z7j^tMd#9wyL=O#&u~U+`@{k*A<4=z)XwKb!Q6}??rfkOWI5r9urTooSpC{8r|Dxqemd?E}yb3PHc-IRK1d?yT^43o&cvR)S{9Q4KI0_i|A$CsR7uL{V^3lcK z1s33&rx)o+q2R5!LBy2kg%m9gt2=kk$X;da+}j4qv{;Kqw{%}c;V!}Lkj$j>2A zTT_Oe>(sl#m+1IyWoyclNyxUa4} zLa(fQya&>2_xh18Rjwj_lRhb17nfAHalNP|YT9zn=(664BOI42AGSvL3%Iad|F{BU zJj(W7B(!6EPl$eSX8-oT7q5`p!w;>tH<#ErS7gbpVv(cmw`U&O6nt#(%fA!9_|OmU za|z(D$V5Gf0^QCjFaO-}k}904>$|B85I-7E6elZQ5EMY}SURnP+g3bkh*9b4+|rj2 zUS)~Y1APW-(sh1on0+#{lZCRAO0ZLo>hN^6CCgN~DJj_oD*z+`TimPbn`PR=6X5(d zI{f+jL$i(>z@o*@O@RH4dOXo&vXJu+u;@&AUHS=+7pn4)H}W=Sw^DECw!S3Z1fJtx z3?Hs_UM94g<0YJ6O*<~hDR9)PoOS{+H&5cL8nLm+-=TioAlF?DtqYgdm1=&?CT z;8lMT?xLjC3Cuf|r3CR25uRs<*EW=FrSvvMy4~odxZLzDIzb0e`}=*MowOLfczqqE zD0l)eL~TVkM5ip)BA7->kTckAZNBtkj@lxzHBj%ioU8b0zR& zJ>xA?h6XS6&+iwG0mm5sCv~~G@i_oHHNCir;J7hOd;7v@vTG#U!Bn&CQ{CU*7;UZQ zqaSBUrB+iPDDbZKgBf-7LM2yAK+?lVjUwYzgK0PzeokMBnhs(lfk+ej>aQ)V56{Y#MQXaQ613y#4pSR5pVuJ9~opi7o&ZNh?-BKq74`utO7~R(T~4S z%y_j2TN{E~2(!;X3RK}<(fiDtGb_}%`cjrl3BUhbill5!CS&uJo>rCncv5r($Zj^D zu8hArsrDGO_UPWroC&uMzBY-MUaqYkz1R1q*=p2nw3Rs5hPrheEPu$c(p1LPm&~;} z+A=7hwwbP!(c7KZRY(ze#%no#;M3f-Irp0|M1pY8Sk$iV=K5Si>{RY@)yZYONELLg z7U{V}T%l94ch@z=}N3$mn@nBkI5QEY1rjKXit`p^Q)cV3i>hoUb}i56Mq)C%!g}9WHaLj&@HejQ zi-$A0Ta83HT2AB}hFQ9gMB+t*{qn+rMp}l4_V8{EU?|6ekkJRZMdm~1V^FPiG4r7` z3GCu~WbdJYOEmw!q{!+rUQeEP#>|YEEG~X*7&O^=(O!MN`LT445&wqT4-{z#p4K-eC6vN>1AvzULViLoR}hd;8Q03ODo1^^ZZt_>FU>XFz=6CVo`|e`?Pt0 zgC)fdqjqbX-UX}K1YM>ha#H}T2@l@+YYsjVU6&45E`BxUt_ns3+5kzizqc3hspDIs z@tS9&vR3wS>9H2E@ut1g(9mS8zNd9@9GCG1&)H@8)Cv)~emEni&sD`x5>GbMOPKri z26wkV{(olX0L6JP*s>b;A)w50)OU$3%&`;{PiO_qB6zGOU$hWvlDHoe!7|Rkn$dT< zkBl=<;C4yz+*|xek%6|D)u7;U8FEVo*#CUyIRHyItY`GTc#lUyXH@)oe`ePw?&B0G z#FO*t;xPP@6%w{@etZM~J_%=tvkBDLGM8Jgit@T@Y?L>%JFRZcb+wi1^2Sr>gS}AT z3@>|u?+5?{_Vnxf@a|@+V}?*?4g)%|l%EU>fj})$sXWNS=`1J~h?wIdn(?-&G-g_d z!o_}aHeZa)+6<+o=W7XjO;Hl_g^o_s7EN_e3cS!H zYKf^F$qkNN;m2x>mbrt10nYL3s7xC;jg7+XWInH;sqi(&3k%}RL)GpMm+;A7b3!K; zpEbOXbJt_0jsKeD(Dg1=uNkNu`?tY=H#?`R_#=~>Q#sFF=Y8P>i? z)rUFhZVF8}mCT5P9PaxYE-Zo92(_cjjFkiVDLl%kL7}mG zKMpUSR|yuAMNc`(BT(jc$gKQCyHEyCT5?V=mLr}h8DPHLKP9lL7CpFibtc`|RFd#c zoQ?RWd5aYib7|j~z)}Tv+&w9x4MzPD?`5OeDbqf!6(=`5)}5}zF7Uy@dKeVs3b3;V zJDXp4+z$S7q3Bug&0RGVgQiLsdkO)T*imrJPF65D&q>n?SvD6i4JbmN&dtq)z%SWv zo!VV3H3&KGMQ8?vDOHcG@(N`0{L%r-CRXd}b$|z;;AOjq(q5zPVkvd2^f!3&<(~@s z9t%DZ2ve%Ss|I=O@*t)=vM;Sl_NPeQk=G_vX8rDMP=v;UYrF3qC)`Tx#+oY~&jtVL zASBx}km%rK<`Sn-!F+tzW!|mp=2NQvR2#7w0kbuAHWSOY7galRzdeQ5j?4p(Yl_T= z*RL#FaU4d}m3VGnfsOr-Ni7ye&(m~GssSF?ywv!ktP00<2K?b8FGpJX7->Up-4poL zNn+#G{DVV{cJKP;_HTF$`gz*wT9sxr3l$~BQT+3s?Vb!e6(+~rs=DJ*xF(lEqu(vp zq$PjXJLH7-{X7z|pKN$P&za-NcfRyGB^(8$@k%P_^Vcn1GtSxMSFgjXTA=+4@{mgKtD z^J%vx{2X=ek=^2R`a!!_h5kGEM;>{HGR=z}b|OQDuNR=oHNFVw^w(ggMy)c>_&!?) zM;kWx+Y@XG>)v29PjXJ*V366l(yX>eVs5J)m<_WP`L7=I!-*yRk$n}~Pa}*)Re$W2 zVhu^;{5wE`3$JR|he>RUY;X~%?oL;YUYHeC7Ub#m*4k(HVj!~{#{RsMu<-{Cj@uRm z&UG6W6UERr+W`@gI|+=by2IjC7_0_^OZP*`QoL?{=g+{O%_}FOWhM1#Th!c>hL$=G--au@dpe4lujM!urZ3GR9KZ&W?~+HZNZm`oaW5^Y zDtyG&EVd9;hFCS>v!a1F_KrPJ`cx&PaJ z(&Rbn7F8R=NvO=xO#xBz0lN=6p|s-wfx5UN2(#7$5H<%$BLKmTSV4-bODfGrSu%*c2i~MsWVZ6C6m0(zE`Q~Z=7LnUTh7QXS?$y&dKN7K zv!PM)yCs?xD-<(uZnUnWLZ&+H^anbD*%!%dlM)Ms2XUR)Zca#+@5Tn zD_UBO^!6EfP_?7XtFi6*BT6s%<5{^e^IP51XR6J|4SG{x<^akaMNgM;3csV;zn(vA zT!)u@txF{66CLZpQ03^Cj0_1^9n4I4c#vp*qB!vMuNCFb>H`sm!GG^^*zTY-cmb(rySED&rJ-|ie_&F-YI+4iv%+6Os3-7Y3OkPlLq%Do4 z?ZakjjM3FljOy!eRGdtjTZ}(c0d%!vlp8Q@<9c+o;2x+6U1yk970C-su1q2y%&i32 z(Bld;f=L+pT6bk*3TrROr{go*YA|bHF}WW*nwcC_m*lUd6)Lw449o*bqHMu1lw-g^ z&oepO%?(vccM^IcrArDdGCMj6P0=t=xr|>0FlM(}5`Sb9P1$xPKlNe|2vZJ= z3W^TO=T(6*EdWbby!ZZ}4(=F(?9;p|pUVp-wf@|d6;$66gh2V9TFQLOl&0#N<# zNg3OT4p@Y+3!q?wN>MEGK(-Hyp37HW&1KlUp&sqDLJ+mim#N+`Bt8Wi2mL2Y0&cyO z$zA=3i%k*z3Q06=lJw9iu>G8L&zoYLVyI5CG?_rt*hsnZvFX$fx!{|mi!lA{%-cT z>3E%k>2Ijn`l=0#ws1z<*Kbifl3yU~qyU-^AWqoD8-Lb755`L2d#$ODjor^@hfCGF zX}-f_`IlmBER~8%jw{wx%A~onyS}e~l_O4ySR(rqjtf1{I;aqsjLgQ15AP0XL@V3M z`@#A16zD8?(XrRY-`X<6<^K3l#Vz!w27uGjMhd@6_*jKkL|<(^XMqUk$jnvEn%I8l z-&0Ql>McXmabXyY@&|?XOj3#nMG6|LYhPTEdIwSUtf%hWJ;51nK1e`z(FlhUgi69O(;vhd1N2r84mEsy5|fpI5~EqXygO z-^s%27~RUJlZ=?EwlQFIlYcAAsZFPGT_aeC_n2<%nDNNF@)`zz%|ZDY{LONebOx18YME&+Yp=pxMv zzh&CEVexu}aJ5qeWB$MHlz8guQ!#A%c|?|LAGRI70k_H@(Lw2S zOcqV!T~B0x5|QZ*09-kt_~yQXzbV+MbE(EAOHOSdp2LZz@;~7FPzL|)5tUc!C%1M6 zmIn)Ed0_#7tmJByfngP?R^Cv*>C~Yb_xx$SDCjs!|Ij}CDPVV}p~RAg+n5Jf)e@W4 zZn&HaUG`Jll^#-nXx9~3U5+Y3dahfB0$e^A9El)&C%~vUiD8lqlAW#Hmy4*7xO6{I zxbkKmqPf2=bOn0Ou)(ZRc|g=sXU?OUAGe|h>RrYRD0@+*y!rTKgq6)=&#+zM-8ktJ^`#Syw{K1fYty7$oazb(cYA3(Q%bqD^G6Vu46(-2l6sqgkY>&PA>>V6c> zlds$-%}5*r*hEtoX2W`S~->2sSSPvZCHT&|G>Xd1}%ILzlt_in*Zg+Jyrh2KW+(EYMimoxRElE|Ed z*8;)A6uYnQbNtKrn-gZDNDtbEJ>WRC9)79S;{jygKRa%fI!WBddbdnHzy{a zf?3XNrE6|Z_m5T$t@vo6&&|~>8hC`$O22nZ1+N(ui#46w-a_-49K~I)oslP;6;`^c z2iI7C$8CiCPfmRf!#CkCDW&~0u&X-d6S`9!R=Q&|-z2syg1mEv5PY zj4DcA%yDM~R>I6CuK*u0dVdMd$5MX5g;t!ZHLvJTgo`uF#XW^iS92pHCE1Gp*-LN( z)BL$gaiO!LKu_`!d278f@7TTE^nyY7>4?fFMBjC~v@U4NsDe(UW&QQ6WTF9XQV>LZ zxt95W)41eo>{A0AjcXadYz%8dV}Lgh`e*6RI5Xe9{8W*%^0EWzg@U>5n#d>io|eG* zuvdphN>o9!u15n=8Y!v-M1LN%0=1m^xy7u2+i{FKi0eG> zy+mW*c%hYF>{|ARnYuUzcHHc++{3O}9->yI17b~pSWu{ql>-Os!pzKUydZ{Iph)#8 z`goHQ>4{G6E0*vNTHyr{?}%h!mjv|SeNn=vHODmKl4H_g47@eh!J3ZdqtlY7GD(lW z-0e=)S4b9vwm}j?awgG)aQ=_#Z zCi_3N`fD6dSzxH!U-4=k6Nd|R)?^H5Pry*5A^!lT-bBzl*Wj{z6hFFhD1E2lAXjZ@ zAf7u{Q_WrVTiRNW36LN0V2i0!mO7!K6U9w{i2L>)yT(U9+g99SRbWxb0_dQZ27jd1 zuLiIxl1#7m(GHq*b5op-Y+phOS}Y{AWM+-uK?m^SnFf#o?WwTexM-TL1Nn?{!_L zL?{zrvkBIHn`M?GmM=BXBnm-@e6E~tlza);M1wSmFlnX&blQAx4P+fET6?{y5|;|2 zUE>%acu4YKyYNJ5!~0H53f`UL8+Yk;{@dNS1MbFTPM1H|Hzf|qoX1v4hQS92|4PIC z8r)s%z_ctz6hyYB`4K2eRbN6kvXxyV?G4km@V+bf`2qXB(z3#mgEO%J3z$-Ruz-&O zFVwF38mA@97c!H!;3XV%cCrpqw!KU%f`|pFiyE^HD|+vk>PX0~>%!f148T_Bn@st+9lr zT#@s4bq?NWRG!u0pAhEj8DPUjW-TC4IrJ#qAnhf-aU!2BPnwbFjvPLsZ~r(?y@2<2 zwe=d8Ah74`R&hl>1ykXl5~a9t><70t&anzr;K#?1=_lxcvN#K!{DxEbFYk4+q~792 zi9gOCE#N~_#~FD#r&J78`9Wg`q2LjWL5&uUL-2*5XK^)=uXp|+&4@8hA=iY!$8Qxo zVtDi3l^Xpu9xEmdYChoY=Q{hbTmqHY;F)N@++zrh0Q;-J$L3im`6>q@K2Kc)4X~Ve zBjvYEAvC;+0i8T(AY9Qi2d(OgNo!6z5H029>pdkzt1IJQaieodWwtIc8?T#oo}~d> zESg0+ChUnVuCqDh;C7q*VvsA1pST0(DE331uUV)&LLez3JKXiL@mo!D(T|@1y=(cQ zE^O)CY3Q}ftXi1{yOR$<^GYEYK7bQOp3sm}csQ=amLhkIz$+I7Jv?^`2%bC4?3XLj z$Vj~pFgH6`dqmFd6q_YvuP(BLt&tE6UmWZv8>g@I`jJKa=aJ_CZZc}b8c6{~*16}I zyLP2_fc1E-A`*C0h@TyUqI36xQ8qH$uynGeMN;gQ=YCz9Tvet0;x?aP@If1E2OukwPAT#K@K4CG6AJx}lh3J5txiDGBjhgti55vBA=qCQ)z9%`poBS zP{pa@`pToYKw6Mt?4=DB$H2g7NbMu^o)DH=*cFhAlfa%|*LZu5#P60K2oHV(9B6~^ z$c2)#v!M;Ak^Ja|sH_`zAHO?=8&)Ybp6%YOxs&6Yqmg;OQP$scY~XRAPWII`N2Rg; z4fZLWA-#!-C)a~DfKu2vN1GFLFOjlHGp?2917Lp% zw>bh91O-O`D78RFaTpOLiS?i56|cmCinj~AfX|9j(z|7=DD?|N$vE`}SD3XY`@ms! z`KehupFQyRwK)Ia1R@7>u?nkeoi{5iM;vP!*1Rm2T&DwDqHJ}EKu0tAr7x&2jC;C| z=W%ZL(^CJ@QY2r@v-c8j^`W5rxl|bUWBwEX8WUkD(R7lpo$@h7%`Ec%Ch=<}Qj->Q z`G@9BxPdDqfA5^35@FK-O2#ZvPi+h;t2aTEbQeM)dKk@V_%rElz5Sqs)35NrYQIUC zSV+25NCMi?vtYm|a8FF%0#8@@^Wb`S1e3_5+#kj-ORFV6aB0sM4r}mG-C2eltdV;a zd8paHI^Y+J^nj3Sc9O}b<}fUoni_qlQnS0{M`XaH7^~0~eUM*J@TtBxkuM&+$D}{& z;D7QI&&iiCC$}Q%w1~rbdcF)SwHhvXVpqSD^{`M9<2nS0f)nGhXC6Pylr2=6QWR48 zdi|qxt1QSkehLs7xNJ@+f|0PXZyq3(tbWaWYB)bdm3}yJw3y0C+eeS~J1Zvg@F9Nu zT(vD~xc6u~`>0O02*;@7;*2TytRLwMxy6z)1j;8O;ftBE>drHuUyy#!MT*afF`!sfa5Dxoj1?;{GXRwpa@lzIJ9B~Ryz|)_a4D?06Tmh<{hzb&5F8`fp9VA=9bmuH z10kXlWpB>>lsuH#eXMDQ%quCBs4Yomcm=<4kJb2>PvNTLkR_6}TBY(@&LnVc!jV`w ze%5xXny$?3f)3{!2GF9!e3N>tYm+^EF>k@MOw-QEaoG+GTdR)^Rq(>b2Y5!l_9eM5EL(Gk>|w8EYqY^E`!a99zkK{3;A{q+S0 zjMu5dfLQ5d&;fM5TXlp(AfLc1hsC1Uxnm%#$JGHOSZmjrDt-j!ny~mvAEJHK=}45P zvzC6gew|AcE%bP>d~-$dJxc2brfI@u{fbs)TAJqFA#AEa{L9gj6gAR_^1R)!DCR`0 z8&K~lnAlEd<95naB#jl7`2gS=mz1vGw#Jdw&x&xAca2a7_;78+?kl8lwIx;Gi{7?n zqx!d@UB}X4$4PA&?hN~A-aR>~>v^$*uz-&vqbu*) z-TU}&%+{lNmGOUY!XLHd@)?Ts>t2JZnFV)XfH&d4z9fSGB6v%}4LU4Acm^&QEmuD~ zv=!`Wp#R2L-&Xw#6aE|k?A9NHjWauVs{+_3Wa8gx&$O5S1>%0x`hyebfJwtp-bnsX z8btVQZ>@A#N+hG~9k1*E`rqTdF#n6>esr(K`J|Le&|8aDBaiXN>#zvD8prX!uLd5T zME7PyTjPJi+u#Qkzxl6U^Y5RDhxh*z4*h?F{!Y6IicBUazvQ8$x_%c#h$%5_|?_*Z?^WY?*!jKTDipy zi6YeD^g>_VQMfz1Md@m5lNIlv&KW+l_4jt@uWv{r12a!vW||l^Su&aVrz!M8ytW!E z)h^ekX502g%GzM-+6$!rL+r5KgM$?^#f!#|QhMc2$U3^Oiu}*t-Q9HS(B|p9-nx*h zZmIDX97_qxQG%VFof1r-lKWSNf>3H<=5G{y;YGi{m4O@WKfea$%dhKVj>Sra3^B;T zfO7}6yK9X;7meOL&N8eTiF@y@W~C`&U8lruV2r%HBi6u35!ZA$ z8L~+kHo5jrk&u8$n3xn%uj8;;ZLl~n9?2US0wPC{2N^oe@9awv1cSl8J~;p4E$)y$ z{hvwC>rexdIXMZ8s9Zh&5$9r zIIv`sji3*(1_EbqZ|@Dd|GZEDkW~Xb7In3p%lWWFre4)+yb*dsnvx~8i z=YGz{M1{PiS`l5qjr*~xneyErwR8zgbq{YBPJ`Jl;D_0$h09@%Cfzc*kxV!rYc8YT z&S22?sV7;ueIEm=EpG3sLj9hF*F=;ZKvSjA1W5Zhs8E3r^X!CX(8$)Me^FdPnkGC2&q=Pq zqXw+rG2-10*g@b%$-B6MKsiMOiIw6qpR3yid5%Nn7TjJPAC;)YIY5#7X#?0};ksNV z`PjQh0$aHE)}Hrlqg^KmkTV8vf5&$hmvHkDkiPV4C|jA6@DEG)>u;3u0CHAP(UBYr zJsJu>?1)J1T363M%WfYBmLr+UXoE;`pGzKYb1%Noil37$Z13(yUfo;i4hXrwSk!bL zDN^GkKkm5HgX)HHa)M!1>?QmeQadZ1_OH||pws8=7sR;{c^-Mb#ZB;tjtW~t?)O8N zWhp$Nd*4!2t87I*$}~CaiYo5GdmTXS&E?$jZVy1&tdUQgm}^}20JdHFibGF;6IXEn z&J#q%IP^S|!(TRp?$iJ@QrdB)�lW)C06yaHLaJE4S1QL61NF+I+wotl01>UVl}C z*I`H2H_8I+g;d$aRlMfj-rm#32#v02c9yF*$xAW6iAf-|oe-D&`k6L7YpOL@1K~b_}n{Gay8%ygxpu8@@1`DP+w**9{od7aY{%PtwB)^ zh;CRtX6uE=+7e7rJP3SV-5=dfyF2>DU|@=x2rc}b=6gdTA8_W8%Hq^?xJeaYO2#1A zRj+!p-r3dXMwtKxay1f(Q-6}<;Hs8C%;=Cf#*nUEa1 zU%_*Su9~5uSVFtg18&0mG3rL%b2?2MGmU7rD%xXx!Y82z$vT*|Hpl%E8f^O6&F8m6 zsV2*pX{X_v`m`9W$vQEmyZ!oi+T8fDAMlfv!SxrU+FbJ(``4@YLslbqz3~RU-IEmd zPfw|%1*h;w=Y=bu?RxCXczajuhR<$ZoNq^7U~OHLYlzN-P|QOcGYykh0=r{4(X<;Q z>j*G5k3FD7cBe@ODTte)kVUWq6tdH5+R(>xK$Bl-tZ${}sYzi(kv%4z0rk1e;%Pxb5Og)a71$o z@o>HJ>*Gp%gm*Voau)$FIwy;6ltm{{$1t21%P? z?>|vW7P0Vc(~%X#jW-R&|0zreJU}ghEwQU%1OW)+9%0i|cpzXA$>=(}o%tS}HWW@riv#vtbFSY$7=zo_i1Qww*mCZj%G?;>$rJ|Gmy1 z&)X{M#2oh;XPvE(A-9-shgT9x6RS=JSH{Qr9umDWeC{#(&(7zwK0T{F_0oH*O!Zva z)8j5l3|~PQuRZl3kA1OcuO&FygL~qh>vzRIVb7F{-A02DXELit-_n+7J>JX z4%Ac=k^w0k3~)Re9azz^`j}G6)A$;kCS==t(9RcThv~pa)ulnj%g^y|-?Cwt z&?xUU2a`9&z(b-|stGZpuD?GvFR52^LO}9x5Vq5JXro0d{d%4kuF>E<&LtcBG@g*^ zKC9mG7Y-2ImUX#2Fo}1g;17$;Be3DVjn3Buf&k$x!&fqvikk7ICdL2^2g>b-2rw0W z*##?l^yLmqWsoP|KW}Sr-!1}Ooa6fNlkrjyFuQpx4J0bYB;=k?L`0d?*N3w%S8H4b zgZ3#%yFb$9VSZ11S)48>C#Mr-+`>PUq916n6z(TT$vw#Sr2w8!DuaAKY}(7|>I|JF zFxNh0tv3FvRe5FDeKZ|Gj!A7msqn_%?T>vlb$JxXkTw_c$@8f7$7rN~n-l_bd`7U* zj|Ts+&i#ktoq*p-UB&r2tOOQcD{He+TgE4s=5_3)RN2 ze66yZWCjTNv$RE^q?wQusS|McBh#x>u{gYjaNKUbv?oSU$^nuhMPH3EDn-5uzRU4} z)t6S#b9jq#AXDC;)CS}FM5jCsAVI(P5!+SQ#zEYIRh|dIvO7+){Bdlh%SQ2CZ9HoN zo6}EbM~@l3g@|<68Xyk)+D_sHptzqniU`a+&}eO6 z?=f;h?F%sWPcDQ!*2(n5X-~cbhh{^i3>nv%ru@~vp{1U%nkZGxoJ7K){dfmqx zykKi9_Fy0j4BS3VHF%9~G2G#|6>-WRDVJmbxV$PD*l0JHRy;MV)RT*41umnRWvLJ$ zoX9Pw(eoe=_@g&F8uxPq+_)Ecaqog9vC0|{3V8|5du0Ovyv=H);MV|!irtp*D%U9h z-Iu1u%Z7^IFkEyY!Hgji%#`Czu;`|X;3D(_`}|CU7njqrf?%;v(?9C@7uF7&g<&G4 z=cKJyQodEvVY6*mYrlglW9U5f_m!#o$(ePls!$7g#WZPLwLNCg<}4T!sGdZJYu*H) zYgr&ir1?rDFAw%SUIW{tXv&-7iCZ8F<(Ft|HfjXAigzZ z<$j*iC7tLq z`tt}nn#X)V1ze%`1_XHhWffK$@|j)g8`5B^@T8WO%~pInMwmp3=JmdIRkM=>cW>h# zQ^@GOFZbKg7*{oLHYRm{D4x zk%Js4pE;@{LV(VY)C6din7`{)0--^JkN`*zgn@-*ccqQ4$x(`^tKsvaWG5N|3ZDYG=`HUyCJ30c$`DM2B zYBFAYy6id|KIq|v+N@Ii?g5fyxqv;v`6YX^QyO3`$UDCW4u)|^>bGk-lpv)-9D5cr zT&OS2XRSs1?qP4-P82}c2gJ=c!$G192z3AIyf&c@1Q2xM=f{3e|MnG{y)q5dDt2A> z>~eRo4xKyWFC8eW+ou`@uo()|>oz2p@S4jI=uiAxCkauum;7mM-cD4Of0H5yr5)x~ z(7)=Exs&H6BQ9$^JHEK-0cV*zv*%$>`Q(qs=LeQ2jeA2bgEoV?17`(FUw@mo>{e?A z+#SmIzTsfS-K+D0Q|93E8rbyQRzD0=z;^G&tL(kL>x5gQa zeur|8lwF$hI6CPd9r9^@ff+2Dgl-i&pKX4vfyXkGsP)Ioh>-mzMGK2@nW2fs-yamE zaF?8o^M$y3ww8bv<8$9Hj23AMPq7O+tw`kiI{WRdKQ$qYpHUpLWUqQpPRi{bxdyNQ z+b?yS^raO!`*|%mxkqwoPo{PBwPD&@G?BO73a_Zg3(xbXQ-wcsU7-6FlxdR^Cts={!b&CHZ-)hRnFLBDWj zCxVKBq;n^q}#|7eO_s!GTp?S9|&d z!J>G}UZmZqJ&Yy-MmhR?GR(CPW%6g#=nO-GdG~Ru&TACdAJpzgF5cj(_DD+k3qJ)=21U2$xpeRQi2;e*}Rq4-Jq@0K8v-qVwf1(KzhEEoKO#Gm-5U0o(2z0ikrNA+8O zUz#We^9Ju(>iF9A+UZeVBAqb(MQS>5`+!mn{$kT8Pb~yugu0O#-h~mnY6{Ebz9jOY^Rt2WIY5>Q`|sF^wqE+2<9xentVM`X~7QGaV$7^#(Nux zyVIqdKv>?F`kmj2s%amjyv*@lxIZjCPEXo~K6-1=Wqd@KkS$I15b?Mn*I(2mq-vUf z1JpZ=pd9i}2ZMy%>N*UhHCMYV%SGW>2{fVi(-&f3u!Emg8(QEc7(7kzd3-F3lyVyS zon>Z%gg)XLhaq}E?%E+llEXlRGa&eG)Qy;YS)c(}>ep`SD80BhA^961tnDxZ?6s~W zA5FO(Rg;aze$#ej@2*nOR;d$41DNWlTOlJZkhU?E$+c1;=u}e0d^bC-Djl%6u{bI@ zT)EHLQQ1qGD)3Vv-JB9pd2c*D50ZZta3hg#bG6*Yir2;FD3QOQEJ(sw&~>r6{=n00 zZM(@7dF~Ryc%(r3Zn_6+6f3y1)I1}4$hOVXzt?z`?nmNJUo3yd>KMZxKKrof2X3!8 zrgtOOChM8z3A~n)eKb!B6RNzqmz{Pzj#Z$idv+%#eG(_GUHw^!hZye@ueNKQ zu?*`)$7E5-f)LentXJdl>G2pO#qd67lGDR2{U*;$y}d?D@nEe`*X8RYQh_;^v&5T1 zP0O=|6^W;lBJm=7$~!WvbhAF(NPksQL08*Jdi>LR4i;sqD9&~tPN#EyI-b(BV`l3bb{2ft480~4 z!*q9M^o{X5|JtX#SiC`1o-)Orj8zy2HVcUhMiPThLxa4GIg&=5OWf&5HTUb`15#3u zE5Pj2bN&`banO1T2uxgo$AC(w9H>N1&-Tjz!XXRN4w?6sIm3a3+0b#RkKNYR7Wj93 z+|E#k3rEYn7rzm2dNrym_=nyWzaKocbP-q2S{sd zEm7iF*hjN6w^60HYr24wRF#9}zuU5#EtMtSnzY)IzGh=Ju}m+oR)PL*EKZr!th$tUoFCO)B&$Zp=40s}!l@LMd~Zgak9*9?5hRoyC3ureF6fFmo1QlqIia zB6m-DH&b?QHrEbm7$G-H9b;pLPG}z-YznfKtFa61`qNUiAx8Iuyxk04!?70G8WWIQ z+F8}h)xodGEwkS0kYPipT(jr!@}vMN1U!-Un@R#*{^`o|B7n)9`eFKDzZM?eBj(-x z>)3WebX~+A>J$mr%>;Zem(RI(U6@sSC^hiV^z7W8Z^5-;r4|V0Jt55^khxq6I7eB} z!wriR;Nn))lO%|!?~4~h%1we8t#CHY!VVC}oS~d5HdN@QLQ?_W>cuj;L4^ZMj)*0u%1F2vC(Vh~7<+X|PO=00{~z;O8-e z`DQI>9r#TjURg$=aBd*n-6}yhEp@1wm6FV3Pk?PFetl5ma&{_|YY$FLCGaTKd-qHI z;e=HdsGXvdM7@wAD_x+7GudAqJVy*P`S@s;o4?6n6Gm+Vfj<`_6P>>>us^g3_PepqjeZ~7>7IH*e5kAZ^4Erd4DGW~eC~iX zLP$yfb#1}EhrVm=Ef?+DJHy+x22`jKj|A#pR`E~}IgRrP-a7@8he=5S5F9SGHd>VG zeX;~whLCzq9qq*A;nN*L zwI@19{OzGsv7A99ybHtc4|q>?k~x+{urr!P9lu?yG7dtBGStgX9l;I6{Z*;1&u@X3 zb=#X(sMzpY6DIbdPv(b{3^XcPQC&UxS`er~_z=%l;rzV|#1~ekG{RxJejg{4gNPJX z^z-M4A0Af@7wPof%HGS|%TDWUzT7|AC|cK3kJ?{DHPP^@78-asrrxEf4RwajtYJNK z+A|SVwg)#b5i&6p6&YHcL(8~;6O+B)F3JUn&*@gOlX}Kq@(!t~i1f_5BHOOO(RBhT zD89os7Rj@!2HVYZmXQ1BOeA_#Ue3A$d}nfqT2n2^H`}U}KCznQ6mhrLjkMxOA1!Ih z5!b@W`m*Ltj^gi!{C%5pRpTY8B>bCm?RHJ2LEBC%eKsd%=cz+wZz=cc8((LmMjyUi zn)mxi4wWnu(Hn%cL`wN|$G>G+>V@JnNf%BXa?`EU+X)rBg@HpyD_MMOxRPGLNGE3Fs6Dk71;pIV4p+oivRQtV$CKtLj*g7Y_-T3XDm`SlA zGxL)NuE&tGsN=)Bf=S80VVJ}PLVOZ_Dwis!Gl*9&LRm*ZBf zbMfx8MA)#NPSHPON9jR;Ws?Cq-%Om94KVDGjbV*Z%Tf914C;xJpgW-bt^z?;Jy$dV zKxmZ$78x~9^=s7{&rhvtAd@a_TVQw70h&04+d7hrpCq|n4(z);q?>X_!`Zo z*;k)>t%|o5WkPU)+g<>FofvTG;^$o60aia;zs?mF_6t-}{{%FNB%W z068K%4Gm2xh|KF_hYg-f+4IWppPdb9nt8xBv+O~t#9vK zyU$BOkF>8bnq+;O_0?lWu%Hn2DqG(0M?cCQ^kgw$u%EcJ8rL3fiwO0=E`*6Qg4o*S z6VOq2gCVG*ir}{QI$!Q&Eyvqr&g5(QVzun+?s_&ptRk@7LKK)$$Da&s_NhOUsdAfs z4HQcpz@n)NL(k{F`U9hadCAxn{ygd~hk?XB_Bb{Wol}f?outce*O{X%&ULAsmDjR6 z(XNS2yKE^OSNM|<)HA_2MTwzSb*ZP=s-cQrdB;&p!_7Kp7!Bk!q;BLjkHRWd;P88& z03iR2rvm2&| zE!1@f;ju-P5m+x*d9*FH@w~6#`6pD5c3Gl@`B-^?$C=z@=&}Ri-bEB6@|<0Of@b)c zQ5`IygVd^l#~L|RuaRHT2g)^PXhi^_8-Yn$g_yW^HgE=t)faN{k=$ME<`nnlR(gHQ zqu(S)G^0?f{Z~uSVfX0>+ft9kD5mXul9-EXrL~^j)(X3d$}ah1MyU`OPgqQ07@HDG zoZdng!FOL9l#c|`lE3QQtohT1os~3?hBn;}f-_AiCyQNU#t+MrJsG#dp?1zu52Kon z#F^Pdf4-D#^1Linb0ek~fW5C3$BRuXa+A<=5A516cwysB=hnyuVvHlo6)8X*?^?Jy z?J?EA-nS{d+Z)Geyz9Ti?2MZFtxO}%Y}YU&1&ZYsDz}Q{)&1xqEvdd_!6k8PbC|RW zhlf7TLatV3!rhX?n*KknB@E0|4UXdY6n&G^FfxgHvGJ-`?Ch&kg&EnyJuzeck(^W4n_M3xx4PV)KmGXE!=LW!G*Iha zd1WZgl1sbfqL156sB!zY+2?;?C@Exs;*SOLwz05ZwxIQ|!E8tHutoQ5?KvAE_3kN$ z2@Iu0XHT;@^QhE&0Hrb5A*}h54Hr{DkzG}x#o2)hAnwFcqKzU0`M%D1?Sn)M#bpif zWZbBuI2#GB0e;`l`!(}56sM-A6`yJ0n}i+>4)|aD!n^G;|LZF7F!+?KHC6mxaxdkl zgF=-?GpHb{>JN~*%mQH7FS`e&;6bVsHU=>$?=H^}3#C#FZ4T!~5h|ie!9cZCuL(MR z#SmDB@m*~FVxuq$*dF1AM?>aTC8Hsh&1>uhF(on+E|@}rAV8#p~K%G4Mbg_uHTAV>N*aMDAZ+6QnlJKo0m7Y{3Em1hg@B;$&E?~>iYvl~3rV(*}m*NPdvH@5qe-eH5LJWCW zmPHRvypFayBBd^5nvMcxu)lj1u0M;IhEjKDYD`~?WHG#iP(G3kIZt6p zg`A~1qYo-?(VW+)6@1tfhdZdlwcGuN`Qf@Y5>X~>8hq%?r0h3GnyFd{t-XL#(}!wB zZ#8XasyX(~5oRf$wVh% ztjBtoYOCcB(8}<&PsSryxXvS$gvp-Jw3tt_SX$Ic z;{!1@&=9euhCbw+o>{e8ev_T;y_A>bWG$VhP4iRGarL{x`IeQ%#4h<0jr3@M)Hr*I zJFb2_>CwtIU^ua!a@+l_i?85y9R-!dpU?@=p{=tNe`zBr#GW6^9x*Lk)j8=GC{xE# zbW)^DtNorOe)f(aUs5f@O_G^tJ|+<+x4e%mn{8nW%=uxn5y>m) zuKc!0`O}O`D@SvgnBCK)vZ48^vfcBh`%BrIql|Av+@8esN&d0and}@#k@P;JhKe(w z&zxS08G2}IP}Q+7l`%%DeYu>HL>0Lcs_UiQ<>S<&P?zwYh}-!K?5m-V)cUgQZfm*F zROw*@r;_-SBCLlJ$Mj)@Bn;iXy#(vA;+)!#czqJpMQ@el(I~+91ir>s$1J*LX2>N(b zrodr{7vteV1@Z)*si*MTZ{|FJr&%j2D9u;R&zdbu6osw> zJ60xUL{h-htmi2K0p#1Y1)Nwg?-8o_=V0ELuJ|z4s`H+RzO#&_-@i8 ziQ)|TY##{0dg@uJt5U9fpG?W$ECnX;SqUERz=7R`BhRAsaZX9 zpIrWiJiiEB^I16MC9CcWf9~}0FcY&-Fzys*pE5MJSU=tr|3dGGe>T#%GZi|7D5RcL zc%h2_xo-hV0jHm=e9PaN%s(glMi2l&#M7Q}%?D{%ug%8yKgjJ}pw1rUma}VL2GSaj ztQuyx&=n4wmSC^ndoe0EG;zr(Gi~7X+X3S@#!|Bt;ySxk;2NYB`1M#dFzl4|RrmNj z$j2--UE;z-#1-fD0kcJmOqGZau7*u{^EwWK=@zpW|bO-m*gTlH+}P!vqQV_o$P zU_2K127$_w@A5$t%$5K7{BOkjMrkpc; z5?`~BfSWqT($p|ruq7zWF zmfM@?I;@sp%|I0Ij@ewC6s2;0dH5Q()-KN}hcZ;|KJY5!blN`pL^))+Y$52gkanzf zb0rPUz`fBeo*KF3)F&70?@+K5B{vbX&ExZ9U|Z%Nbyu$#vWo zJwH@I67;o4?#{)}B`ImXqtJ0wyX=;=2j_V~;|{Tm`LMZib}kgAx&)4g(Wg)&Js8wqVovAI!Emz)o**nwl2#A4Q@X6U;zv6)d ze6fIsidt0&OEG}lcM)oqU4X&UNur(G@|D==s{Lk!&%ZPsUQdURUU&$@4vbQ@*7Y#$iy75u=396}&e$qqseaS6rET zLp|?W9m#dv6Y7F;3cNw(tD&RsIYxkw8**K${bCqa5_CPsvUlQ=lGdC4+S%(ji8@io zdh9I`;42rAb8f z@$^EzslRD`g(DN+f`xV~TH0^4JCi3&dRX!PqX#r`8WBjmqjt^=-k9v0y66jStn+dO zJVg8?UR;1KK9GBqR)*6mMV0w0!=%^JZt8`4(Ng#z5qI2+gJ^c;loy`Zl(1YVb~@zY z;(4*}p93iLN$gL_SgJ+~gS|JK<)&0Z9QsPqrz)AN zu$y8mPo{j0U-_U%KZq4amcO`*=+cC+X7a!`M&vP;OO~4DO$O_lb}QxGmIg-!V9mhJ zARX$RjuPBW_?=9>~#AlV0Ub(x`ZC6aUO5i%{Pxd@Gs1uKU+jr(f*$ z@RzolXNMP;!qV2bjUzz@Eq9FkWQFxpeVrKRqaT-Oi-XNay{&KJ@0{;ousL#rTRG2sCo*zy z&GJ&s?qXE^)w9bRIu73L8clP?uYxxY?*U7x{Hu22-mm%4;&ii0C)$MuHBTADPn)f+ z`pQ*zc=JWEf~fmX3Ni8*bv$sZ zOvT~}kGgt`iun+vmqnud?F)yop?HnF(eQ1+i*SU+zfU7Cr%r94+L~@+nL)11EP}sA zc|%DnR$7IM#aCeB6Zf>6Iny?1qT-eExe0h}Jkw?J)RYaT|7agkzE5MZW0YU^H2jh3 zvT$W0JBa^~{r%`kSXrdc@cRo6EDM401k#Et>&>;dS0`TbM}46z(%DoswuhHT@^vmm zJy>XS;QnMtWO@Oa%X)Y?(<1G-^&20-DOviFMZ~n6#;j7ZGmY9#VW)iyRf_qge=?Ae zEs{&?BVLhEU9b8y{;oWlE`)d{TK5P)Ma1>+R5CYGw50sWmc{by{BQ-qA0wg!e#Oh& z!~|j0w#;8~uoL)tWa@CGuq-o_Et%OM{7HV{WdAEs-01XC509}ZsNZiD#=MTDZeSM_ z6MjtXBhCOS;BfMG+sjfcWWEX~{FzmzPJ= zSj{L_FF?YaBKaOJM+`T#JppNJ89=na!B!~#tuH^&`vy7dqN9gk?bnCcJbfWnJ=Eb{ z3epM%7yWhFE1~O~a%^6y0uH~Pl4!n!wt7>ff8p?;mtOS*yP~UCZB4 z8`AVn7jaDF!HYX21$6@D=otNn9pc zN_?J*DUxn?XV6V=y(C`8N{cFsN%@|J3CT{TB8^=ly(>y6;nzfPxb=LbB6+Pb$86S3 z;kH2?iTKIXm3aLfnYisQc}UjEO@0Yqi2Rtv)n$Bxqq92tHL{MB#u^23^Oa(B<|K(p z=D{?8%luWxD42`y5-!M;UU67F9>F+bJ{2*BqB)qjnWBGaZgsQBH!QAGkFqHFyVgJd zq_hH7bc~u^$Et#uC``($ohe0^%^x7$vG>J$R0iQxrqsN#vbAs~+$6V%vi3NAqtTx8 z_0|5rgizI4pHMcb#!(-%$zJ6*^Ws7#ZZlIug^hfNqjXIp=_(LiAUx+xVpQ5zwrq_h z^R#ur^Z}7}m~Hfo2rZc(Qm!RMCq}a+8I19xfy$(21DLrQ`4-RP_IQU4AIpQwGzO4s zj>OTH1HwK4yv*CreVYyVU3uL2El)mZ#rbO1OHHCbjoZI&0`e;2wq^z~r_Lu`Hd>UB zCs+jN7gBDXA2nTwk_M7Il?=SaTn$%G@=NbF#Ge7G%yNu>vWA&PXjjkA@k*OS55wte z73pOf?%wxw1of2}2VT_YFDjEu`CJV6$;VgTt`a zJTK##SlT1m$c&+klWwkqDvzu`l^TiE;-}mfmRVtJzYTb*NY}su+*C)u28vBc67*12 z&62YLx~ctmuEh1SpS@v9eo7%h(!W%aual97Qj0OxRoRu%iY8xM>rWB05f6SaflS)< zC*`QEu!AQ}Wwdqgw)do7_E)c&b0astr-nJM^qNWh za=Orc^3A}SZZ?dTE#%&@zASx>i->$OGd%Y(JSJ0r&?s3W2)XTgIV?Q+`c66a8yn#r zkQ()MKdbg=dh#cMT}!Qqo~#+f^s!2Dae;PCkJ>r09cjgEwHN>DQhv8s&TXs(;|ur7eQtn&wHz#>xms`1wYh$||-4tX?NrtJTt0e#$6QP;SOPD_k* z-WCH$7|V-n@{%L3>8Pj~k~7IcY%A@=t`s!>qkUIJ}q5pkcL zZPig16DVf5`rFkg@J7}fbzW*p_C!ee4OQu1(JPPK2R1~CpVj@c`gn}<)Fa)trYu%e25lV+mN0rV54m_Wr85s#kTNnq^X zJy&d$!jqu~HpF#yV8d z4p_KU=v!7B=F1V>i|AHUrXPqR45bwZphQYE@H0#_N#M{I!rjyk3)QlWsr{t%M_V)8 zm&DwJwrjnj2{*O)3A&||gQceF7j0IvaV%*>L% z6;!L;zr0&n*-pbZ)sc(lpnU)G_x5*kZ%qze>&v@zncZ$+*l_scbDE7JZr^IVsmrFv z58YvUD|!O9&53g*LzOAqZZv}4@0#?87gj>=K6xt(266HcADE11Q<9nI5(Q*c5gcG= z!wGuulAv3wr4=M&H8vr4SydH4*t^xKDC+z-Iov$C=^ZHodblz1{>X)0BsRz|u!EA% z>Ipx*zewEsDCUBTg!BEh-D;z#LnI@}G9W~853nQpUmjTn6?l*Yb6~#5&i}-EnV`3l zRg3KhuM5)oL*$PK@;Vz>vm)nR5M4e&wp}Z1oZ6^q=#b;=O2it#Dc%L5Y#>K2BMoYd zHGl`Kijt3Q);F!_qNns)j@GHU(_IhY&)7I-7&1B3u7UP*3Q))Hymk{q`qu3=YjQD% zuoc0S*BqhcD6NUNkseo)vX6nGF6mL{=If^A!{XmA8_6Qft%dV@novO-_WmDPLw|)2 zeT-wXpY!bb^%?tZ&*H;x!w;Y=FQ31zQ^mQqMqBR6#2lE<`#meonCLM9aR5N@$FJz) zNQjmG)GEyBVE8IneHf!>+F^6VBoul;$zJlX3AZ6#f*C@es}})w!7{5eK2U+zIxh{U z3QWLIxPFrf4L`v7thsy$0?XL=k2bFm!3(ue=lIpqL6b#=(IuY?tl6(>`c&;Rb%q2LRN-iQCQ>oCSdF?+jEahYU?!NPzu0*XXZ1_a_UFnjEZu z*2@yI^W^$exQ8q0n;`)=$WzSke-{1IUQ%g+ff^4zo0^*Sae3H>csG&Ww48vKdhI0o z+CDf%?Jm1_-{-thY&Sfgt#I}mx;XJCz^8l2=Ynv+fafXy0mg3etfovg-xmLincWJE z(?gV0hG%54$ly8M8@MlAHCvH|*D!|@HxGiQ2+3|;otQN@*~0fa0x;A!B~(9x`D)HS z99;qciW85nFjcq)b*B+Kt(n8Zv3maS2_YdIPY-TN%`HyhPoyWP0o%(!H^w@~ScFV4;}d9udE&fs>Mmv~ z?UN?alu(tK%cPL&T4f~YkPs=n*1B-yP2d>nPF=0q*x3KIbGF+8wbyf#hysJgPjT@f ziw;)Lmrpsnx(F}_F3bxvA@-1aJ-nER0gkZj!NZ9>h#B|!Py89KmrKpvO0C+o_0#QMXF^P z?<|&`t}UK|5fF`=vln3r`esVl6T+zFh5NE=08gO)+9gVTZ7%3 z(QV8W-ip8l6sPY21~>BY0uJebeHa#jiF&!_{vYPvGAzorTLZR11rZUD78FoYK)OUg zlvL@K5^0fcB_#yu21V(TZbnMFo1sIbJBNX9jqiTny|+I5`|aUl}-yB=)N8qtheL$C@Tt$Sej zNbIk=Zp!DCL#yt2lGsJ3rpEjFYB?Ib1Y!Mt4bYB@6!QgM+oJ$55sLY^2U;fjL*H~> zmIaXWJ_mue7vsY0zw)~bl3HIv(amnVtinN2-UfOu^kA`oeKp{s9}5ClS+SDCTl1aV zKu^k=>DkHIlLv1ekO=2iOh^p(_JXD$%lS*!@6~K$l$E6mX3*9od}oH#iUa_WqC2%R zbZmVCmlvxj&I6fZbExgOKx@ShJfxEq=|+D2rmF`aDt9JMcTa#QlUC7ubV zH9`4*vJI)8gzj1@?f`A!$7)_|`C>lJ41Ree=@S{-qHXn3YAH|?17Pib1ilz~WQt8j3kvNR zyVoVVwzRawZA=$k@RFl$;rM4mq&6q@kF_5zcg@u9-=FE9!U86%qpk5wevGZktMe;u zs`-+r$k=EH+e(Rv)%e?*-Z(uedff87gQ_`|2QpC`nXJN`@v>h!)St%9OZW`hOhqN? zP~m(VuSmyG)E#%oUS(iQq-=o~$=jJlLa90Zds~nuEYS@Y>BXX(SWOo*TFk&w`b?G+ zZc`$UZJ+D)v+jakCoIw8BTF1@0LMlY)E-UB8#G@VCE~JG@KKZI?5{E>k&i)w|!fFEeLvXPwrm(zKc`9(A20W10D2ey!22 z?!cO&4%g4Wua#t7;zBn;33LF zB~r=Np}a5Y^-jQ{#}pkGo$ufp_T_48A8s$)0@4#(r-}F^@CqM;iDxp1`8FWx z`)$dEvQS#7m+ozVP)5R_lq7HxzrvAu+)EUtgf+m>#3xMJ_2Ct1SpUJ`rxh47mkytW zO8ZF=rJ(dW|9@>>Iv5>H@ypMl!X+`edVrxTWML-gu;k9RkQ!TnsL;i)udvnTpNMvX znr-mAvsf`Ywf;G&+~f9j(uf>w&Cb9*6PPN$&Z04dlZy0UF^muTA`#T$jZ0P!enf4t zO6j(=rC^VdY>X>u@>DZZbcv^^*Dn~#yZh8ehKJ*%*n^AR0CaKG8K-HN6mU;Cb2Pnh z6JzOx$%5GL2=8HQRj>JSk!^y(v33RbJ{EQm=#j&;aTd9Z83uE;Ljl`u>M&E679SjR ztfHOh+?T;L`teri6<bzh1v*)SH*NJW}26iOWgOJz1yoy!ttz)15&KgGbw0@EM$| zjPh>#vaZp5PuLCHS@h_nxoQOFZR74*5gCn48}K^6LR?gnP1yg?@9om|ZKa}`^2HFQ zte-f&*1G?Mqir92c{I7R97y@zgh8snK#Q+(=xolepN|wP2 zcScK}s@0sAx6D!9@RiPd#KpkX!RpvUf9qcZb%i?fMhkstnUheuhXn!;A2#j*If>n* z2GKJgzjxd05a(rLCQ8d}V))H$2%fhK-Bx4{TbNzW11T^a^c}6HP%*8$5gJ6x2x`R2 zX6AAH&79bSKFQ_7Tu}k1;e={R8|stc|%BoV6mGsVZ_?M+m5e52WT# z9(`Kux1-!|F)%4hmb~6*{a+jYD&;7pc)fN9CTrgP&s0#aAfCw5kXR@c`Su&S1y%gD3--331(n2zvTr-g!+a2S z6z{|PpQ!sfg-MtUUhS>-zeTs4s`&U8!3tSkbA4`O)3i8vsOus8 zLkNVEzNC$mc>X9YicH=++RFc?$CVz-?K`%YM=`%Dxk42r1y1z&rB=4h2{Z{sosPHH zSSoLVY!sa@l?3Um6pc}6efW}{i~e{u8J$M;S1H@OVJz>4JFAYi?hc!ONHtHm9nwY` zq{oA+!ul#vMpA#9KbZRdjLneqVPN0EhUYJ;qgX;|h7Bkpp_OV=M zME5gDy|pR)H7S$Mec%~j7N_N?xSe^p8Wn`WpEk{hY2!IHuhhtR9ADd5@n-BXtZ^V{ z$%$sno0TM-@a#I_eO-61kl3b$r6}u|p>*$AdG!UB%3s2iR1*^U(?e#%P8&G^=20S; zCg+*>#D9-0>pV2Tpj1rm18kj8ut@joWHZQgkp_#49%E!q!;_01+UakAUInH?@!L{M zC(F}L+F#x5lJFeGxyn{(X7qa)O#q!g6XP(pnZx__ku2hq&0~d*grUW2%^5Q#?e=tLyAj(@W?C`^-&`&Hx9xGx zzjTZ4-0znxDp%YHpacZmu>vot0GcdOi?x_RWpJI947n|*q<6N~7+mf`Sha=js(kxY z%1cWOl@}9GR;$Rtw-PEVdT=5uPV`j)%5WG=iZw%8cx%Tck+{1kzo@6RVWM}jceY0AanqGE}(L&gP+}US`6B_AP$inA!ifhd!nI4x>N-@Cj%H-0vwclxt2DMxb%7x@x%|7!af>L1K#$hQ!G2N*95$ zJ_1;CFeR+9;5kpvztF8 zqaUBu2*TDsqcb~bOZiU&*H^)t<~Iz?7V)U;Ic*@L`9Qq=Y}woYms#|iAcXW=xk>jv zL6h|LMuqMGJ)7$_=iO7y#6Vww#EieYtQnp`lqk|rdiX!XuvbYjpJacftgNgV(hbZ= zEvR*43o6y$2NwC`kbT!)iq6Agsiw==kCC3mxXEVXNNH&i)PBvgETLN0Nweg{=f#u})dEHmklV)g*(-UH$nVn|78 zQFyb+q5S{6*`(3_5;sPUklmoQ8RSXk>NoThN-vz+@6~gsB-_66xzR7GWvpE$gzj~u z^^+M%IAiE=eqsYQcgZlMTg-H3D8+_s&}`u8XO`wwrji#rU# z)pPnJMy$}UKG_soeJ)^frq`me+3DxOld+yBJ`Bxmu=xM?>pc?;SgrDGxJzr=XpSg9 zq5FdTir*==nsTz~VmI5sW;i!urmf0%hl4QZ&rcL%KMci%>ncXd%56;C5bMfvJ8knR`yK3J`U0%kT6L@5=|R|MnUGDKjbl;QZteTHixEmjKE zmZEP4bUn&zJS2IL?e4+xljef~ODm_Np0gxJx{{!3^;xixYDL&KxC95i<+tFT5kNsQ zkgdrG4pmQfNICV9#o75zos=jNF+(Ve!a#(_Hz+7~jNY+_p}RL#E)sg5PZ}h{m#e9X zBUU&dh-2hL2s*0myVpE@KE1l(1VzmoFjj2_*$2pto+nF2?-#72=4f>Y4 zfdt>_$8(jgI*T02R55-7ja8IUjlKk>Px4GJwz>Gg81ikyiJ70azm{85GB=uy2s#D^ zAJO4Pv8Y!|`(3|FldWY&3&ZvwahC@DgMxwt&#jwcroey&A50v}{TqjI5v9vQrYaSI zOZ9tPi7ms%-!Yvegh5pbRS{! zMNbtjX%6-VWd2<54JIuW`u{Gx_MP?B>eU#X&NyCXjM$ls94Chc$e-y0J@F059yz^l z%+Y{s!WH#_B=SmTu7ln8Qzqnw%hX4n)}@pChleqs>dx0#xUd3PmZ5u9M`cx&0jO_p zww!2j)h!4tRbp{csTZ5F)q$Z&BU2{Wm$qVTj9vLoOa`*p*494NEm&c;7p2|ONP~cR z-?w+<{I+e|z3MJU{iT*~*2V>+w`YQ$e|F|2Ihw*cokCsMOR7fdr&X@+JKGwmeTkSs ze-F3pn|WdeXrlsh_C$V+uhg%Pv{1-(+7sis6f^%8`Nc!2G6%H4vp_&ZVex;+ePSNT z`@10NojtW6F_3*Bh2Bnz9wJJxatnPpNIXa;Iwrg^wZ1}-m5{$!z8&NGECt*mTE=&u zC@s7gTYNq8!94U)@s(DF@e&sq9)5Nn_iw%gv?0^9lJ9+de8A~R2J|(k;roNUOpotO z<6O~Td2<)F=xy1!(w=G;tc8*6ScNo|XV6?F{IvM`v5(94uV5zaYK@UXb7oj^;g3F$ zO3im@W*JG|S;Hm06H14^@uCvOzJsCv)0(C277iWyC`$nQ#X-!06$ADATsnANQ|5vy zhIv3@jA!R?nN?~u7lqu`PiE=4Ilvr-Mg2heLkgqmTRR5S1NJ&_*%%;gq~M@R#6b-O zbQ0$JYi)w2X}-}GozXa$LzoWtoU5H!L^fv8W8oez+S_QRgXcw5BM@=JU_va)^$O&c z_jMLA<`Gj1J_GF5Kmj&T6J3NsRo2>^Z8zC-d49CNk*u4GZ9ClhV>M18w2B%B1s0Ebg}-elKu{meF8Qibd@e*-&v^^R#a~%Z z*I#@NCSgW>X~6((NL-_nz5}96p=5&=kLOy#X|*ctce`Bg#~pSzQZ)zH`55fKmz!(X zs`?6t$V+knY1lMJOI^3{V|0R`DMwX#lCYy;L?ZYyt1nGezD1>ut1v|>OMC}RYCuj= zT;`67XesHJM@P(nNz8q7n&wb?OhoarFP(gaePp;)Rm5&xvAZ(o z&srVEpqLr60W)&4i-Wlq533{@HQY?wbCrZB1z!dfnjt&fN+GnU6-?1#x+=GQLm%f& zH#D@jTab0_+;ck?;I&_WTRD8|YM1s-fW0<4EjHA7bQ_DL{M4UvR@K$3V?592Z^7VxO>{q4ik(bfJ zONC0ATAG{lofe1Z=Yf*R?s8~t)LZ`HqA!2%%~B=5fd|Db61ejGms@w!uaFN}MEHAm zL7q+n**N=W8|6B1T5TRFe)%|e+@-C!Xg$&Gw(6!nMt|nStXCxRZHH5H2raG2Cx<`Q z!26t}to)t6@IhJ!8aw$KKAwgG+K(3+uC5ri3^KdMFW%R+j9Zv=)D z7)6Y`%GH(WqnVf~Ll_JCXIVJzcM1~NgW(^qWWM`}I97X6TSEG3;A)}A1=FGs>zKZD z12}_T4uKL=Q*vwMZG)CDrN|b_9=R5U^xH+8S(g@G*K~het#q)$SRSVI*n;)OvSC6Y zC{)QGsLU&iR(Dt*6dNH2&ZR{%sWM?&#fc7C`svRx))JO>Zj~ktF8IFd-)mD}pO%cmnw3S>HiL+#OzE&lT`NWg2}-LvMLzr5;9_oZ#|PacXD?xELZsmL77 zWD{VTRRBN{J6X_U+`LwG^6rRzOWDNHqzTXq=4`bp28`3KVlc%+K8>f9*$!PFvu9j9 zHk$?qJ)^#m;RSi7kQNp+#VKi)d?o}|^&P$wwJNo2IO7AfGs7`b;2G*jF|c}Ux1!#; z7ohm#k4TdAFw84k)a11l;!;(7HDZ$e^_ZP^BuF4jK;c3(ebr9o73bt!YXnBQRc8$BMN4L=R`HS`1ad~Tw zV&*`|9ZOx5;(#Amn!O|>*SfN#{uGOea)WlC zlCeh4AkT}mQa{_|;wO+L<{;wv@n-cH{igWO!k6t4iWm(P8&GbLBZjZd16^@;!YrFg zVit{$pyC>P({-$Tryc}RDH-e?AAVOfiB6V_9FG(G-_Q5dRf77cZ$(PA34P4*fW0`M zd{v;ZRWrsBz9l1(7}{n*8Jg!`nT(6^n4bG!@6){c`S9CL%D;fjQ zPY%f$(+Y)%(F~=NJI&}LY>I+xUEcdy$f z5m~kqO~lc?q@eHy8IEikgOQI73Ma6`YK70H&Hm&7WiecCjJtaEIcaee z{qfj!{caF|0_F-MJ&R!2cJoY3VPHT@KwJ6)?1ZvXJpKFX`mS_{C6kN1a8%%jQMJ%&*U8 zeuOYNyur{cZWi=Nc6}yP?TukpS1QwCUb8an9C2~q%R(By_JbjDsQE%c07Eh`k%t=G z%|RS(dZ<$08#4oF@;_g1qi8y=`nw2^fLB9%V?wC*;KbE-yXxmc>4iCQ z3X8-tOg7m$&gOV!)^&pd!a56_cO&^f>&p>1U*%!KIH(Id3qOOJia{op^D>ud9N4F* zB3$F`wRa+n6*DD4xP-tRh65{@H1>nqVmPJ1B8VAO1|kVtm7AJ^Z_Rz~6vb%eLNw%7 zs7sMc)N*!lo-3Jn2^0QqEejl}2H*hlatOc92i$04leN%?(+dkm5Bs1%53%^+#+(X3 zJV-u8O;w|I`8nDJ9jkRRp7}uC^6Ey(gBte~n$5Oo&?7Qv1+s@#KG-BR0h)oZpX7?4M*CveE`d6T4tj=|)&cq74B`Ew?GPLJn zI^&HCdq4+pK%Uu|Z{)t)x9mx$AW7BIKU87E3vjS z+XDb?PB2c;A+&No5t@9+d;|aVujoa_TuF$8E7kw=>B7Ie)eCb?vqhF->f~aPyNV&r zdELDFZ%V9ta$PSi$anTyd&H)O0EIMs_{4Bc_Egdxl<-@(GNp6Zf@E98D#Muym@1x% zO666yl$0Qo+S*u_22xv&BXa= z!xzLvvqJ`UwunU1pV5XdZ4C_#?UeRAET{y|COyhkajnTXgTA2gt23O@-~}khR_F7* zHWNE_*dxVS7sHtuoab7#=%ulT#uKV%E*WPKEnllda}lu~YbnuG?~OYdyc&2qXdwP; zr^E9cNVhEg8cn`jtyTJzg|W8Y($X?&L1)#l9wstqIt|*oDQeJ{xaf3{7~DiMmI05jDFxcawJ8D z45XdN7?rZV2Ol~2t8*xmCl-}Wx?k=}m7`K6tPny;DvTb_>`hpXJ5+VcQuv7d!|UbM zrz|b~j_GycTyeqhr6LY|a$!F3xv6>TAx)eJ#@m79lI#0*6hv zEAN}}v6RhT>o;Mc2@u+-zG(kz>PhKhMy3KQ{@<_Qy{*NTfm|22$KI(viBwvtpNekQ z_O~YRNL?sevv&$wq-9Ut>J+9zW8plIY@xYMOq{8;b%&9$4!B@lAQ7xe68rw|SCe!l zpDB8Ay6%mD;poB}4dwYF3va9(W8V`q0lK;ov6qCTq<&=P`}9hn8RkN0VW(Owlgj$t*?&0e_!tVwp*VxzKm$iMLS@vw;g%d zudVjJM$IuRSfJ01hj3{rX zy1&03{N#$j%f`J%2Q=Qe+&yNd4!vCjEFZ6azQv@m)s7P?0$| z;Vqn;s+UnXEdDy%X~Fgmht?p9cz$kf&e&-1U>A8^1KK!IoJ%rcVPR=nf4&*b=6&yM z%mcd*&_+XP#oCWCJK7hZ9Whj5K~-+M@>t)zSH^=6^1; z-!ECptsbg$FVOAF)Y=Q3+6M>BJ;sDve|?Cu-tQ|u8i(Ms@f}StS9_Sg z#7wW;iGS|T_Qo~0tnVhdRe>BGJZDc}B;$yFLHs%)VR{jn#jh^=qoXa>8^Xt0o}Qj* zT3c69(;j=m4`giv7mY}hF6~zyY^~3?gqx@H$o{z;>c4Tqt~}s;R^te?lOYh`yLN50 z_A+bbdoZNBdGFh%UI_LBZQFx6dy5X#FNkNLAnGY6bgZJJ^!EaqX!!kZoat~%PP?^6 zq~Gnl*8fqSh`CnVWNdDkyyY*=IiAL1AycsDMLxoqmv_OPDA~ zI>r-NdMyXjmVS*+bKg%lHL1{JbrZEJjp3a?e?FgP-}B;L(nJGsvqAkz2LyyGlsumz zGW17xXPf1k8WGM17W<7+Y?~V=o2{L1w6z_d2s@vQ+2u1F*nE*_MqaPW06J&()jwk< z=asqvxKVw#13vA5<%NO4FHjR}nR#b|PdA=#!`Q()Pc9}QkvTpB*DwVSGRzF0FGp&q zj7@B38E(hA#V;ppk zcKr_?T3WJc*-tr;Y>!u)k+CcziIqWScD~(pore7mI?$5xNCiJgZR8oMa2IEN_n9cG95OPX9 z4WP_piF3(JpKUtTeUrV7}_oOmfEAi$CXeBSfy>Q zdzu0Vee(Oxs~Qdn5NHo;EixIrV$l}o%RLd7ESRV{cXI?huY#9}w{SI!9JYv=>T7cm zHA}gj->o_YgU(+@{P?C*_wCKxC6Z~|N2aaH+OF>;DAB@MDhKpR*;*d0xus`VEB9%} zqtPrZW!ul=-n87cXS@4kJokpKZpSkdg8yS}%-V)hx~9>*a%nFboc$4%fZ$l z3lE7^)6scH?&HlBNtn6BaPQtzGUF?}74F!QP{m`%a+}qj#S`-E9@L~~lpqtUfH3q5 zpCsKeL%r+`t(L=qfvTC~=ImXYOKO(^Mfw3OfvzeEJfH7{H{IKl{H$F(y}hRgkmhy6 zhKV0eRlF|6E^WlCcvQ?$r1wB!DrYfh!mTkmQZo>4Q{Ut#dg`QNd&DLcV&@ky3i zQ3lN`vu}7BWQw`zA=m;Zn_Hc~y1!uMRBlT8e0-ysrIL5X_hc_EOBM~Q@r#Q>Sd5h} zO%wB(9=B{w|H?{%{v}G9N|zrbhLf*dg(M{<6)b4k){^{LGWKTZ|NQKKf3%rcmt!~g zgu-PtvViYJ*nN)duQgvXhK7G#V!XqH{m%T->9w%}ED&k0H6{LYVm6*l~kjP)i(}Ja&;hh;EqV_`uX{Nvt1zt%M1y75oEQx zdG$rRfGP@5|9LK@FqqQbylMH@hIcsgd&AEX(O*&{6Cf!CgBn41505+-Bo{d&!}BWo zVynh0Bv%6i10QXDyVt*@cHYa2$A0}Ljk*}k?b~8I1MNWc(-&X#XI=Fv=oC`l8Hi7# zaoJ)nnVeJB>L0KO!V|Km8q~7F{V`#M2bP_nuet*jB;dAd(=G4LzMiMBn+%WC{;@gX ziV3$Du8`kpogqy*J=1B+WSH_t_(#f(dP+jQJi)f+!>zJ6s2dAH_$2^;&t+W7pfa?!$Ksw>~so+tfO$RBPgtVv0+ z)^#Hyx^9eWJOgLBqm8c9K$a%so{Zj*>0JM6^XnYCYWt+z$b3qRSP$Tzt1PB%|R zD)RXKt%HM%)N-i1rYAau7|#x}3Y-W$fBt;&dg*wX6+Jr#N9Oq`@rhzHhfUiCTN0p# zd4n4Q4L2(u5N?&L`0})CZ`B6Jhkn>u8dM%d+(=DMo~p7lyv4(#vfCe7Iw3F1E55n} zOxJ(NAO|nr$(5S+hI`WF;~OLjjma8BqC+_i(`b_TY2JyhtsBYV+cYRh~PG^4|-AfE+R6F>n6&rI_3la-MgrluU7UZ5^vQlx*To? zySS$X#P7QWwb=H!X*~pqLW2rAnx}B6U3}G>g3Bi+(fXh~ttCD@oVH{t*{IiGa%7y? zYQE)Lx&7#Tf)iy7w?&}SkDy4!I$}r(4NuSk8aWa{l;An8W{$xAHDTEpzYofYuU8%B zr?gKTuYLaf`Au0|9JzF*#lxcGjNkR*_T*V?9Gv=t5xpxHuhdZ3jr)R{YdY2XN!W50VRGE`_3Y8$&`36s(q_Bz_PN5gN{wLS7$A#^)>2Zw!2%XCstp-3T^ z)_zD9K7L<#g2oec+z$J^5cA%zJL%01V35Ii=JC$t;L%pQqxa(`+Xh?elI`lKs(1BZ za%$_!^_9|6kvCMnja^G|T0>Qa+yh1>C5lKlVvX0Q6P%76NN$|0A}ugM<`x%MaZ<|; z*rvqqD$^DxyP)or;fdeWSoW(?#{B_)OGy!bm8`}*O26y8jI$fTcW>PiReDAA&g9w7 zfiFGXjNg!os$%qCx7r!+_i-b(^D!|oC^A*94*V%+w`~SBeVph=eVUpc^Zs3IR(t%P zMWggV{GQJhidyh#V>2DPx4qbZ88h))cPmK1UEB3QoLT&@IEVQ`-|Li2Q|8(}z*|@` zRzIoYO?-587f47*c%1jYEms^aW^Mpu7PAFq|4M^?pGy6a>9qsUQ>tws)@DKijs4bY z#hMW4>Wa#;s(d?DGT~Zb3c%18An)B_W;U3_6peqsNN+#=P?dnK7IcH{VX=7sBGA@* zjk+Ac1&{re3jo%mFkX`%^!MMvPtvNT35t)`>+tfN_RIxNj<#+95pmH5M-9RUq(E1i znwv$et?yT#96KEW;P-~|&%^Zh|37nyqA_(j+PB0=@bc{R$y=^f?PX{+euB9*w-1m; z61$;yh{67s8RaP_j8-VB^yoKka0>~!XaAHOVrQ~rb7Y%6+6Kp;ib3=wK}ka+pgA=0 zyIIM&-|xbd{r+s(v=HrIha=4w;bUnP7 zmzS5n2EUhpo2)@u%;g^8(y^v#c0VL$CW?Ri zBCICP9Hfe7xphOVMMo{P8x+`_A${m^JtTqhxpPf3mcxR^zX1XD`D4!+wAY6pEisl1(PSb0neL{fU>KdyLvN-e5l zN{*K}n4$HlUqf41PJmUC2=8 z20(<3$@R{gH*XYzWIgMIk0#HKt_QLGvU0W1=u@uvU}>iZMtN|%l%;q_%B-+bWL=2P z9yYevm{%`6V$!O-p{lC7DOB$=tPYThhB@FHnCf^ukps&Et3fdfwUmpfeOZv6Ou>t+ z&MTSl22UDFOqD$M*mS~5K2>Sd=LUV%eo|$2Mx0>8h&hrZZ&^+_860Aqy4R-tXIBD9 zdCy>03``m4MD!366YFix(!Y+i4It;U#s+RgS35g=Xe<&Du6jgt*Y`qiQdA&iI#EbO}WiN6#t%;_1ZXvAuy67Ip1I1J-a6-_UO@tocABXm*T8@p6o-+THotHsI?9lwkBi$G=3EkDTZa_tt`bU7>)2M$K%(UK@myg?P4xBrOLZfi&wt0+R1-JqtXHpX>9tx~uJ*(O%7z3O_Q zF`7#SRZVb0LZHfu(1%8rGv8@&7${rK&4vLVA_eHw(*?CV1C@9LD%WmpYi?hxeph&7 ze}-o+Onz=fKQuu*2*M+q+kDtRqgYAA6mj*S-1u|$AV@?Qqjr2~ zrM?~QO|U_a=rt6gO+xr@UCkE@Fd$2JvWc=r@(PjzSuDPYC)}hr?S7e64CoGX`9*Aj z!g)vT0NE|EB50KOZBg6Z38_hX`&_i*lqP7FvU55*I>y;8gVKXJV;{GtFJp2P965iN z2_@u}nH%M9(=J1$IvxV9kWjwui05ndr>Hl1oaRVQQi6P$ANQKGa&r?aYgnF_6*|yA+Fi;WvE0DY?cl|- zXm>2o6}IUe#~J`6V{gL6r+8#*G+Bz+LEW8)Mce+Ew+(O}>*c;D)sHHyS7}%)u}vs{ zt_wZ*hqz~>u$pXMu~NL*)YP;Igr&@c@@QVG6b(5XaG@wzw26m`I$U_8erB#@{EgHB zoSO={R=U+Ht5ZIdOsq_Io>tAx~9FDrE=Z1%eGg2#o*W=;(Aun=)SBxsuU0RtE=FouPXMYXEG8q0xG| zcM^r&Tpb{g#K>zM16b5_oPn%>vAoSZJ&VY_B6H31#eUxvS9#?8G}nCPo>p1=%TP2_ zBXa-@-Y$7&npp*q5YIAy9##FZ{ZU^1Cg!{y-`wo!>Dhz;#DrMRmzpc?Z?Hh1)e?e( zpXE`w5B-==kChu&AwibE52Wq@JHYD@5G500osoZq5UzO8LS){Ef<^Z~DG)OOS+UkLjGS#z3^o zDp)TZ<#_VX&B)5-3apwq;-#%wnliCcuA$aCgIh1^k`b|J+$=HaYr>zy8+CI#fU(0_ zfg1a)-Ok{3ICWZV>W}l>$aSd(=TvV0eX=Jll1q&^`U2CL3`UW^!*ge|Sybp(9|MNl zdtxnnkt-nY6{4t>Xg_^1&h>C%AF>t8VS~tYT0v2TN7V5 z7%&@2ql`~`gH(0W;4fbL*q;k+IJ5D>i!-YvtYC>?LPhAszgj9U!)xc7DD>Xn-zser znW@aG@n#`;DBs}n?#e{2lN|;p|t8Cl;=qx9t1= z(sa^haT=5PRpbyyN@`YyGvuKCOTT`&jlb`e<=2!EQBth7-N#m4um`2m4CUNMmHVhQ z{T-8M4w|FIBBpEoqTWqrX_@7#^m*Ed!_CVM2t5lb|CjAC&8{9i7gpUSMNG%a30vJz zGCO?4M3jLT(5S6VT6JegOG_)qx$^8G-bckAFEeCu^ZXsxp?fP1)uTESk0c~oT`is8 zqt%rKowlvZPwKaBQqK5=GwOT2b^?Qp2*TC|ldM%1n;j>7;b(LYdq$RjmDrOsNHpWD!!kOxJ7CCWo!j5++*p39Y|u zRt;UqV}?=L`f(T3z1={5@(gePOM6L42OSjr>4T&F1;@5OR$76$fcm4cSlcGS6^EZhTt1X z4C6khWGwaN5x|x7g+Y=gC%j@!qE$3(nlCpx__MA3*GLiL?<_v!+Gh>?KBB2H$dBQ~ zc)c?Ih2ItEw$A8wZXVa8(&gO6U%|IjsvL`Kk@F@<@?=LwUo(M)uSD!k>b+(Pv=QnR zwzxva`?mz3bpctR-ujVMXR`ypt!bp56HVO2>T*H90xkY)K{z+{-}c|6oQTL)?=G>> zF8p@6kF>t}D)n%A#**tbk(tp-f%+dm_^Px;&gC?)1qbKJdY775CG2Vx8~0ywJ36j# zu0C&Bc?@OPd(-YS#2WUWmkGE`hi>kj5GvOzopZ;f>0^A@Ty%aoo_BB5Dt=9PrMkjq z&D(55kJBBs3pnDht6fB5_IxH%M2E)6(K31Z{-rdVB`%)SLEaIzauNvK;Aw}Swg!p4 z=!0QQyI0I8H#vJ)or1+SEd!Q=@=8?;c0XCYaB6C8&+cuw_z$O#0)Or$b>a2zXZJyz>~$jmox&#vL5ta|3#o}ez*_=i!16UU zRj)fqT&3XU2b`O5C~axs7ZO3_qpPc;*)~mo?pw-$|J`}!1IZ1(S!02tE)SJ_d$t(W z7@elB&;1!sB2}_^tk*x`WF{!k-qTbz>om<&D&urZT0za`pi zVBokff9@f{wbhW%W0A+9o|(C%0VKHy7K_&LZuc|f&7I)H<8L{f9Qmp9po+qq5$npw zDINUhMF}^dR!$a1hk2WLH_XVc+&EnK!21SM5vo(pkbW7bF9P~A_tdwP%Lk9*(K8)t zS^ld0OSXD_Ho`08RTATCcT*EG95V=NR@T?CRegtrJeLBn*LTY%&tz#;WzgJaK2yi2 zoFz6R%I&M@WYvNnA z+RiJ>30-gy%C$Niy-^o!gR{;ZX79pZ@v4T$TcA0-(Nfg+?JlOBbZ1U|G_xwv92w!` zL+N~VFOZ6rQS+Z}AlgBE=rF-)HJC8lqI`i4V?&ftQVy98xkcs1h3T0YHoH}g{-t;^ z&fzd||ErWl-q4VGxWh-!Ky-49dZTKzPsKg@_C0|@CQ*$t{&(PHvig}|Px&pDeRzn#g|8FxTey}!vA=d|izujv$s5zgh+ zRtO^sPwq5zqBBRhWZ5zW*zt`5Qn$HlvIQO8J4_63Ga=u7hYE4RQi7UKbbF|P z+Wn=L%wC!HkonA>rN;$c7xRFr$}PuCPFZPk){gg$-`q}w3SV_UR9eirY}qXm8!8vk zKQ7*HXBaRqUTM4RG3#z0->1MSC@f3`y|9N;D?Hh1E+YwyK{G#$0XjLA zn5CUaJ;Ci?IQUNpLVr+W-N40*7xzKR<#in{_luux(eMmTP>7Q{=-S-Vt;Z&5+kMFu ziwjdS%#bX-#lIy%!^fxAZkdzx+$K}0|4cmaof~1lz^S6JFE|sxp|3a%ZRzxJNoZuM z6xcFfp%h4SB$YiUuczBl141pq$Aj7#gU@}0A_O9RQRdaZ;?xmqjMC%%`l;c|VTIQ{~HHW?+hQ~3Bi68w)E z%*@+6l&S&)=E0HD%ChBdYMNHOeLMu}%)1iPJ4JepSGM`~D%H*|=LiI9!qdv75F!T! z!2WSYu0i{Er~U!S>2Ld@vxKxjPyi%J3-N#tV*>&Y0wAFqke_n_HNpd69_<}RDts}p zb;JtMay|`R1oE8fL*r4$B{TXgcGHU&Yntgxf@?qB8s0FadgDt zt!ag;CibYs_1Q%Sa1-mVEt3c$4_5RPFVYwBbjQN0zJ%IclgPKlxlTmX;_6X~29s5o zZdu7leMxh>(qxbYBX32x$M^$re0bUQFim`(T8_hWO&uK( zD0(On0Umf(Q)y^-* zyl{MQ83YvgE)C~^i4>;Spr_3} zw+Kayyy^ZG192hQB#?>Rqw8|Bb8|`Zsj}=3Os?w8T2vp9=Altv;N3Gyp7)y(h&?WF zQMeA6Fu(Khuwj0Wt*q>oh?8RS+^R!{=kjh39@c8I<51m5o8J>JS~_vse&)Q>A2|d~ zEKEO?DuStId3fy;bYU=u7zq)vtT5VosKpcgD6pEIA2zr`?bbXF6n* zr+=|%R!n!*ckbL%H&e+1v5S4>8S~Rp>n+EVY_?T;xK<7U{*Ka zG_=I=MWUB-iyk{KTVgU_&*p}e)!_oHNG(SaEyo36z(_4`?Jl(TrnVYTp%G#Lj;Urp z+Y-uNvs_-@XOH{kU{x#(#koOLTGjlGAeROz#(Rbx4A?D7}jQ&40_N24)?AHk@J9f*MJrmgV)Y{+mewIS1KaVVY~R zAM&kU$i#ne-w);)%Hi15YyAAm{DNd}zcaOFY(lK3`%niDyAfB50{4F%Wd|h3l<$56 z&P{q}TErLh@vfepZe^*!friR+!NAqBc}k2xMt)LJ$@%Q|2MXAf!ma`UzOo)W%zVg* zY%0Js*(=s0KN92PPzgQUxd!ihkeI(r&O21C9?&Bb{q1uL)sL$llUkZD9DY%H*4sQl zvxwiy{hF|qpY5-M<|7!`#^L-@{fL@|`C`POrs2Zr>5aukzT%g4G1198MvaGbE;&at zxyA!&k-L0PWvrKIa*6O(-w>YRH_rWkcsk2~rrY=J{}c%Y=@4m9P*OT11PLh>VT=xu zaFld|gmg#=g0$2Ij4laj1Sw^7*XZtiuF3s>_6pu@-#F_!j?Z~}V+U8xr5~-8u zb4czKnTU$SM(8mgYoOfhuvDN)0a%`j=>EU&? z?YY?I+Q3JorhkCDBc?Qv#$t|SIB_RIGj5#oFDTvGnHC$o=ZqFTv9%mvyYea&Se4N8 zxmxlNaf`Df+)tinxmM}82}gY@=G(_F$w=QRoWlIw>k8v-e_OtI^vUpvDILM`Y zMivdGvIIh4xl_suCoH-i`lj#E1QhI6{U=#Wvgws!hqbkLnEcE42o0gEjFB|fpKo*& z$a_wGcz7Z5rzMX0_ZD^sX&-c{X)iuM?tLHh*Kg`lILtp}xZ^obmZ<-*2Ftu&Zlkcs z*+syQUq`_H==|*?yz7pJ z&O*CMr(t7&p(#y+cXxNU03A}xHVI2V@Is;x7c3KI&vnMGwztevn@;|d>jekn34(|E zpX!7!j8=Q|gh2s$rnerXoG^HPTsF5{ zh_k1baL-=Dyfn5G^W449@bvoBLVgDMl4G6ssKxh9CZr@{P4&`3Xk#3-o_=BR;hCmy zC>-S=K_6bIU+jE2E6nAJzj05gM{TP`l}6U-Hnm7<@RBO=0{W!u-TA(!shMehncaH) z11wIB;oG+fN@GN(FY@Z6a(}MMZQ(=~WDkc(0c2`xq}qve}!2R@@;4HU$e-oYY{i>Dt;Lf;PQbeDUW}LXV88P8N=a+w$N36=zPfNi%TtbQHr+K+Amk3jlzkfybLK~Pp9^YY&bU0g62`sAUtEubkh|248 zY%}zjmE&_F&7!N?acX#x)c~2T-x4(TJF>MeQuO{W|1Bho->;;^BtA|cRs=_u%cEs% zHVr3c;S5p+J=saYcZM)}7YC`dFbLwZ6^xRNO0>$o?)h5=8HP#w<2==PU$c^ZamL-eeKaB4+7UzfAg{7li0zU+f=-EK1tz@s2tW(#y@Y#9lolu zhsvqKpK3BVMTM?@88hd*5|I*?bnMxSS3LQ3(v=`^VX5ljli0$(-N1!A^o}35z>*bi zfNS7E!Ra4vi}Oo*lxQ^K$48|fJ;Bt9#jdAiRN!{HZ=V0(?c~{W{U-ts4i@LaZQJoz zYyFv&FCg|IB`KJt;O!>X#E#%k$=%eMD2g8{XSG9-^X0WT3a)mat4NG9U)$ncCMMlU zRy~;Cv-iLGPTcV87sGEzPi5`h7Yks`Moj{w$SbP4czL9iTJji3$C$3;ME()eC4G}Z z_5A;T6Qlla3CWKk7bc&LS0>WBP51z@I%TQ8#5dLs$T9Ty}%$lr8f%d+Hs% zy(7Ga)`~`jYqiQQ(f^qgyn`|X%gQ3X?zN4=GU>Zw%(scYOMZ8RwM6=_wtD#4UhGVW z2@Oa^I_*HFa)^q4KX3Y;4d2ky-fa;#cPsf*qxdLzBb;SyPb=p%k8)I5E!~Td!>E7k zB~IwuwcQ4AtKR>+Rjxo>@M8GTqo9&2AC{ydtEUwg%(8*Qk|u3QmA`iKr{dV-*7RKM z|Hb$dqH7C4@OhjQssGT@@Moz~?lxW`FKm$-Wt;-3g*@k$6SL1w^r5jdjka~VgrRJ# zC-NUmH^X%m%o%zIY|7}CbkPc6{h$D^vQzBE!{XY|A8|Ci*`u2q(@3qku*-w?O? zYTPx4yL$sw1%J83z4SuZLE1~rv-%aTTsPM!et51me+6G9tu`@!Uq$ZL9L{{__Z)&7 zUxS=T8~qwJE3mcQ8u+*xMGa5x@OT%7?BQb#PZe@HRh}Q>XqGyc?LSx$hGctzCxuP$ z^#7g|Z&r+91rxs|c`y?YAn*Z}MYT6?ZhDh5H)dkMgQs-kJ3>4 zD(wHB*87F57y5@*v>^x4s|_~f;-og!sk+u4uK6}>?hh_ng--o->Ddy zhhnlu%%4VjWp@~Jp%ap;0Xn@N&JVBG;dJWHJIJKQ}FQf z@a%j4dsJ~+C95+A=Pn+Un|c-G!(3PN3gwb~$lcMXCl(uP4S;Cdt?`4EPHcz4Ptuab zN))b$>Y)qr(?AK;XNxSEH_fL<>T87kE^u5mqWxN~p-K|1E^ZjDu=ul5QBc*G{?44a zf8*#5fgNvKlNL^4z4XdpklMFG)(NIsem_X8rz(!pq}%#+Wp_e+8Ib~hgXb6+^}mx_ z`&|6`x8%1^bulu6K>?b@GZBK8cIDq?4>ax&`yW1!thlQxqK zh|K(^v=$GFRhsWijT)T1J<9>!3 zTs247g*NiRnfYUH&G*Q#ds;Z6__|?7cv5Z*GbdeZD9;AInsqCO%O3-|?9Cpc8x>yP zCymHUk}8hAK5dCW6`p8M_7d! zT3*Tc!Y#PqQ03B$S1S~Sh%*se{!6hsL)GZVoXO#HNR8z4=GzEeB3DA=C?_b{f;wNN z04F2=jE&a$_YwFg;**X!Ym<4SNhXvzsUyFV-%c_3TQmG;Lne5%t_a#ol+HpTz6SSO zpo+Sp4jKBO2J5nDj$J$e`gF z)6Z+yRRQoxF$)NgBSMMb^rW)=r#%&xc6rs+nQtr9>T4&=hBf^UTkNQOUM|cEHE@ac=1XmLz`pu)G@wa zE%=4vv(HIz#s2D(;BWkQnqW!4d&Hc-({Ma-M-bwrM0c80<20#%Nk7;hW5+ogxST)f zQbuifn(B;dvl9O4eJ)*B!}Dg_%=8yaw3IWw|BykEm z=Jx-BR_5uom(5dCQSmk>CBA(jHatiNN9%K)GaVrV@-ml7`|fU#~a+M|M44spQ*4nN)aGEQ9lX8c1XlUBsYpac*K2!Ql?a4X$C4aALi zGwwMI8scd|Z_BXlJS&tekg~EiulyeBs18H+p9Q>3iy9hFV3Y|E*V6B6UCJ=}^9FUu zvYUBBvl{2E(buwDh3cy(l8jixzr0^-$D%oq1O0pPzv8TWG`RNIQ%;K+ye<8H1g9Su zk^eUBA5$rq792pc@3?t>J9IPqamQd!=7oBh_2MV?>yC_#^mP%NH71sO_5u?cF&UYE z?%`Fo`*{MMPM>1m&r}mRX3at`Jo4!G2fVMb^Eg-|qJk()OctuAe4|~udEH7TL`5it z>4XFoFWI(B$OT?mAahn93*YTv`1bLQ;pq=|6_;BsbfGhdERqo>C1-3|lb zYAm9$sM0J;z!JY$R6ThLFF9cyAuqAz+?AjzzoU=ubu97VUpWAa>5p@IV@`go<;vx% z#Mj($SN3y~O&zE+FM~~x51NvSYC9kNK5%y|q$PjleoxMu>Rp(xX_u^kOOwYlZ5Z>N zj^4cirLLQO(A1^Vz4#+`<-_PZ?aZ`kF*8(sU(YPixyMb9=FHj2?tj9wvkOjwy#WQ~ z6T5G=UX)weUS=zlMBSe)Zpp1p|1=J_%)J_Tb zdG+uv%k_2j4*yqQ?`jk1uIb?DY;PJ;kEm6PSb58h0*`cci#FZ*01(!vG0D zqDpb)qtyQ{6n2rCygrXlVw4i3&CpG?l3Kpty6>GrJI?dQ%WhYw#=*$6Kk4)BWG}fT_pnckC7W<-N#Cd**%3dUByI~X z*$Rc9AGHD=NCYkE@)4&d`SlM>s-8z}9pWhwN6GonN}6vHsC)K!juJhVq|hUqWvjxa z%EV=6HkD*XhszYN@{yH9=~#|4FtO*0-PXa+oF+~9*uS#3I9#QW^RVSlcdOxaYHEN< zK71p{Z?1KCn+KD)XA!cWJGe63Hx8b>oDL!}Q8^dOyWIz+A9#S~uuuMzPn108G#_!V zTu5qsh!(XQ;ADOV~rC%=isW|a23{fW`|YLcQ99`LaCFxl4kzFhl_vLPh;e&VS z7E2(&Xe!(NR$y0AGKonp@A^(q+)JIEqXJT5Gfi=nAN$Rvkm5vvVoNX6%FBaQZv>W% zdMWYyxsPuOW#ufZpepPC>)t=HNcpmCa^qntGD(jt4cSTed%Jc=GPAY@d8^RhBf`&A ziJ5tcQ~F(!P%tqfR=PJiHaz(8*sfW_hn|=3bJ$vj#?XK4$c)vj`3E@Wi1yEg3xmVh z7qR1&7wmrZV~oorB+)L{hVM??6!Lq1QT#%0p=ucf_i;qN-!+Xo)lQkpy%@Y29_4zJ zo@S!)7mTY0*SJg7 zrYD#p6%4NqF_I$iA^Yz#bbv7LGi=>@=$BQ>TtRCE)8ids9~&bQ73m#5T^}m3h3-cm zb?Jw`VK}1^6_jcJA`cZMs&%i1eQjNCN=3>-V)L{DIA2IFFK@zI0y5j1-`4)md!w#0 z$>z|C{Hz~Zjr*#m<2l8q7~_JDA%0P6u)*EFa9{m3mjW4fAa)N}kx{C+$4`@)t&0m93-RL7$8vH&!#-9#tlja|-ict! zm`f(D41*7|7I1z`UEJCGWE%XdLEr2*Wa?~+CsLuzKt=IiG+lUp?JC=4BDukCp|6$h zP7cYgwa+t19!q5FEJ=DY_Lj~>(yeND(3Xa-=%HcEZQUZ6(BQ|WoYQ&xZBz+-v2cv# z(F%Tm#8T={CnNMDlzm$Ij-=+~m@;Aolz$l-6+JvSU!+qJd>?U-^~w-V;A^o=SgA!U2eJigXpt1Yfc-*xjE4IoBxU2%8@;OY2O81q+B ztWp%-5Dcy?khd0qn8E~uqj|qrTc?DclyW7xr%jpuX0bKx9?R279inU6`p#&jjMKcB zUNKF*X>x^^e|oQi34+vFmxyw}bWEd0C3r%r4^6D6lNW3QZrt9)*ZZMA`0Uo1mKqll zLAh!Iks08iXHwNi4H-C^Pv6lS@;_mJ(D&TVKI@g9WG0pj1D`hJMXr1kX>O7#7icm( z*Da6S8tnOBr6I-HaVu5fE0#;W&q@G@(SQRCvgTD>Gt>z{N1Wcae@iQAK~R^v*34

    Z_xKrV}MOnal`9^weJxgK1@#FK`FfW;NN6oLbZ;LJ) zdu^l#-l6o-;fBKiO3)%+%mOk9Xi?l?JZ4S~mwW!=DM=H9L-l=~y zv!V-;@tv_mI;vMRiG@ZUt{M7i=ddNiOO4)x=9pq`lh?<|GRm9F2RA@(&BXUXDsrN0 z9z^(90&>;;QhbU!SumA)qy!~18?cNkFry1I6TL`p(Eh*{Vvd+Hu&*>rb73Ip+j zX<(5)&)OaNCZ!zxW8N6qjZUX0b6eRYnPk!{Ox#Ex0cBW_Q0e*Yibc>njBSGEeO36R5A2=Zuin;ZH z__=0zw_}N=*W$jj!p-#gwHL*>M$rutO(+!y!cEkuBh{Ez4v*a|w%gL3^xNrK;u`suhD=DWG*JmHDeFh%X>y%aFjVv+o3$C- zqQ7ya-qnpt4OzO)Rs^>^{k*h%M*Jq>ndP9CfRA}~(sp{!sKx$6QngEcilO>3mIVkE z_MQTfO|2B^*#a*wQJcYQuEAk=z;4u$L9+%$47#c7nI3jGF&XwEV#jYA{z|hF%jNXwE0XrBmwm?$tNFH9{m;+GO(#G;G=EUb`g?Q0 zmg$;O!bfyTgE7bE-401Vz#Y}rax-Gk+???LEPt!0<);7Vm>P;?LWWX=5Lf%#2kfuc z^idq@h?6;~AC*a;S-kST@!-r04F=a~oD8X;c0Ym{lyWG9jEz{3xQX>r{%8iVb}aJg zMjw-7IV@R+{HE8s?s0u+7<>R-ALr1lQ3v}8b8UetdhMCku2|+B6VE zzEjX5s^maKXpF^GYu-OQm6x^&OQS5(FUIWj=P;p4l@oE8(Ze>Dm@dfweDlG%?hev&tc*Km4@J_*%B z{EnsC6v_ZKT9$~e>M>${^wGDZ4A$R_py8MT6`SKn)7mQRA`@b;{NeP3dScSAy?&y4 zb+w*!K>TIJHP$Cj^S@tygQVQsrF$uKwZBxRypZ<2hl_E`^w}CkwGBOSz{9Vioj~(9 zl}cMa4lfYj5YbrU{{oqZZ-hz;YHT32(mG$xnEWLs&1PMFlx{+W;`^HT^6qhv1}7(X zp3a03wXWW7{ETl(&;8HBVTX9y{ryJXUOcWJ?xsnwF7W}6a2KF|HcFx!4s)%Uc%&)0GUN_MsZoCbddCbEy z$l=#gvD5yu!ex8Zp?H`Wg^Hzd<&`05HhZu=4ZH4UoUYL^(aGRx_8_FlT<4I*HCjn+ zEGdZua_Vw}T2q=oMD$N=IDv90hj+>z@ zlz3x_lll!*2cHK827IZ1HoS~ePjFwqqMG+UIk9j)j-=ES3uVt6Hq_q9YUGSdL*5ZK zQIXMD80*VUekNMOLel#a+5WI-;U}sy4<*8kEe&TL&Y~Dok$RzM4#RSCO+$kI;Z}9b zqdX`}p14x886UiDXXa+T>boWnp?3btjkkaLv6hPWqD=^kB>Ib1AAXgI5daF@qT;(A zIJpruo_IXPl$&fKg%(_wv8wf4tlks#WV+6DvY%fV4KoTb;z`+z1`6UHb~!CZ7)M>R4w9np}q44^5gL_EdI5skwRc$eTbV(E*Q^P68GNL{Pg|)j^`quw^u_~ zuk$bA*+d1LP}bhVmN0kw*XLd0C?PC<%}HyOcw?&F7~3zzo=1MU?p+3-}TLD z1p<$wAH6VGO*+b4zE%E0IUt+c_{t!Q_=^w&I5PXsJ-gakJ{p*1x_JDf)rpA#QpKhv;&gqkhI5sLsI6p9fr7vqS}Usd1?6+ibvLeP)I7n|yAMlK3=Qc+S$S}wF4pT&VYz=p&7r(^Nh-Gk71!+}6g7%IIMe|Feu z3ZDurljPOdA7wvF>4o|)llc!6SvP!hE;&9nPLw#)&u#h1fz(iT%Z-U4Gkngj4Cph`&)~SAU`yrm2Q;b_nzBe>t0@$WIvW^iEuv%6cjHa=gJy~Qu0ePFV^MEkK@!9Kd zc=~+`Ya80mEuQ7XOlu9u=87`vXwQz^WeA5#A=1`^4Q_YNh%^Y=!R(}}y?E;no89qN$*U3T3) zPn4^;;YkrV0>~dL;mBsocp|ExdR$q$KwS*4e4JPbuSltWAp3IXC&g0z97%KEw1Kon zEV55dX{dx7{^36dzs>AHqsf$K0YQrprO}EpN0+sbXnNpIbPS*PH}!zrN-D&^w3ej# z!tR-=oTW5P*wuax41wRiz-(VYB(EEeUbJbOeg5f~-|}`S$2Os^wGH?f@V;1J zbXqTnrCN=mbK}HB&|VdDhT@tTIs~x}IA{{xm55jAon-npSoQnBX>$QfjIlTw<}Ny} zd4=~A6=Dee^j&QBB=kPJQ%Q|XHMgeN0hg5P`4YmwhWhOse8}0ay+@(-p5TD2AF`fQ z8oohyzAw`Va(sb{;0dN`&ka4h&TC6^2aQ=i_T#+TqqWQfCcB z+@P#q7}gVhOMjF1%j}T!gUb0=yp@JHH%c9H>6q-|9x}?kb`T2QILOKSd4)5rBp^WMdR}mPKh~5w|h5<5pwaNNM_4nyE zianrTWk!#8_w=;oMYC)J*qtyp_#B396?k*w0=1=1~&6uyG`x+N_u zs~Uht$ZyZ@#UDIn@UeMiK_BW>Ut6)l{pB9E@;BHim;e>966i(AEQ|1*Xx^5B9zMTw ze_#LiilWFD_`l<0Aa;WQR-?q)mdS|c;2qufkGqt+%cU8H1-w+>5f6Q%3Xz*+*?#xZ zm;Mh1HwU{(Y56}hv!bAaTh@PZ?2HqIh7ixztVeTk&MLjq?$Hh*_$;JePC!k)HWVg@ z9Kb*D18RTaW3Ll?j5P-s2mt4V3Ii=m^SPu>_1sllAFm<;jIJB0J~r$?X+2lk&0Upz z#RI%H(5g3+fSzi11SE{Fti_FfKHINfX2uXi)N>`nzEc@Ki+1+$!%L|Gv?rjyQ2<)I zg$Sps&te^AE@ zg2;q)=C(14=m_SAYXEPrQL~(NhqD9MkC|z;nBmCRsS|aRgk2OP+!veM3na zQR6H{w*p=Sll|b5zXuCGrE1;hs}8bJ1C~|Tu_BexB)X5lGWlqBD6shpg*hd;I;zprLmqWXWh*cJev2(^u~Sy^iP_hH<0=s;@5A%MwqPI5F;WjE!0RsS~?dpEr~cKw4zA zT&oHE7yyC*pg-f+AQkp)N?K723Rjm{#H6H|?li_fCyT2yYMr*9Qdw%|l z{{XC+PJX)MgJ;%a^H8GgMDH{@}E>&R{G!+D7_?2@BGl;P}iUG#P8yB!*=6IYm`RyK~EAIlZCTqBQ*pI@u*DBfANvl3f9)wz`! zIuCd)?}|^eh@@mce82-rug+Ou+E2XbeG2@kVLF&X%`*j*1hu?brGLuwQRdn=bO!k; z{+2e{H|Vw7aE_l^jk4vo2K*Pw!=%F(w9d_kHOcJ16J_f2stpL$mZwp8$?IOSwU;XQ z@Z(UCHLWP0>g!p*02>%ZjJ*Lb zxotL15b7R(!K#Ts8RVC=iV z^GFeThmHr2oT3u=@LoBt4XF|q4PfGx{cO<1CV|cmwbyR~J#G$zZsN;A7ksGpXYXcF z`-Z7~nX!6L;ArrlL2(qTLvoOxqB3M0TkB!ma=^`}yO!G_t5IkUIHDb5a3Gki4zzwm zfi#8uu_}~#4A^0PIDv9AV$_r_w~9O-GTYZ41rGYx9{-}K4P0-(q-Vk!V({F*NsOs= z!4P(DtoWd-rGtZAGmN)qB`1n^XeR;doa9V8~#?7;}LCHqStRs?vI-`aKJVPY5Uya09B~`(aC41W>XFVt(3; zd_y4JFq2k%j7PW8Ok9Si!*g%^0a8CLp)5Pv=K;1=*q7#mguKrRzf)#2i6hfAZli9w z7;AkA&il3F39HQ>0nh5tupO$~V zu_1LxrMbVzz|qwEcG#dSt;B{-sk`gLysB`9Q?d{o%ErzBr2pB=Lp^=$^`IO)$q4>q zq+*yB36Ia*z&(@vmv_3X-|7g^p=r7Yv-`aJz4J_IZPlGL$~VxE6hl!9q9Gd{+py@w zS)HAomM0#EKTv@_QfHhxBDa}U41rQInwbu^|w9q@e2 zUHzr@aU)Yhin05c9w|9}rm0YP{f7$AvUSh2KTY@uyAVsvS&i%Jb%UUK#eJr%9bfBR zO71(e#Y&IdGzhJF8)y9MbZ~Fgt}4IoBmxPB&8#7`L-nUAD91wv+dfR?$2=FxF`n){>w|*tVBuc`#Aeia*bg;&44T#2s{J77G*ol zhYEywU0;9GGw|%W45i?JW2ftRdHA`CGk9;`umOco&AOZyPiwWE%TxWSOFJNqr`@VQ zE2`VdO+BZY@_wpabk*G_g~+DcnEXK{e7T2ne)iQ|g9wZQ%z?g%$5t;lM}Ut}*TeLE zM_MEd!C4q(nQFUVRW8s{uix87#_Kg8S@&uE?=Yev$IGzdWbFIJ#u)!;>&OYIDhDIu zYlHPASVm7W%ahInpPbb{6&$rLTahSB&3O>DOJ8{&>J)mt3i%|_?28+{pIo~^a2 zCMf!0|3N^GS-RVs0xI#pmk*yw8s0_N_n>{vIDKj0v!eUMY#RBG~ATpnRMiyA9 z-lg!Lu|PeDUG;k=8I%eRW$KToPr3pqqLKq_Ayt*$<_*KeQuUPnbEL%4F{t8xCnOM$ zbjyUTU}+DG;m4brTp>#%8^1~_K9wyP`6Vu6YmRf` zbX=%4<$ff(wn}=qpK)TGi4@;?!NlW|*UPP9YNe=0TN$0|LJvTP^Lu@g3V@ls>cl|e zM`^s_A4E8Zv6VJZ=?4J&BniOP3JBRwg)1<84S@I*VNg-Lut5vps`PEW@*qb*k(yOA zoscRvnFXHueFo~^n)fXu};QsyDdIwgFg@p3mz=Z{+cVO{9Q!{1+Rf5Ixd z*k>__wdUrQ5&+_T^fw2g^y*c@IBSDW8YpP~(z5H|k7?N=R{O?$GG8>C~Wd(hkL% z2pZbv5ega-!WyRfais;?e8!HG_@B-UBQAZfzWHFMilCVb8V{YtNgUJ;4hD@1*le4Y zpe`I9}f)A`Z@9haA=jT)k*GU;k5}eE=T?3$k+VayQQ1+1Nw5V^+Z&T91`0 z5@O*H%4*$3mFqLJQ!*(UGU^4mGSEc+OoU5MZR$*a(3(<|9-$-|qU(kYrIKeuYY3+^ zB^b6;Vx&)=u}weWOzrqN;5qfXxl-^|Mdvx+YXLjw7DRXnc)Rrol~nBr`0|toMZ^u& zdVtP0v1raNcIWHrkQu??8Tyl^{Bo_+7^$oZNt30uRGwRWd4oZg(bt&pP66xDxCdIt zqQB7KKqZe7ghTLg!vZFVu!2QbV>{o!#^X(VaS89AzkggLo-Inh<;+(k&UG`YaLo7I zMAJ${D>&JwS9)TFB+*BX{Iv2m*ob{WNKq)K^+UIM?e7q<5|Xq}+2J-^2w@9P9>3C# z7}b6@0>O|pkEg!IMF!8)~-eOwv4*#?#+0o0ykH6G&Fi_Lz z8%tXaXPSY&aC_872z$&0_hwLBobAqpLtpoJ67XHSnk*%cS(kUXO#855jY6!)>J)Ku z(LKpgQqaOLYtCy!bX10pyuecDkA+K^_t0rh(&x%c)O~;17Xa6w7<-JHJbqSYMZr7k z4+T2~RdkkJp^rQ0Gwkcfmd1J1$9ger~5U}DxpPM zkENa$>6P3Z7#I-Qs@r?lI37Z5i_sB1yXD5e9>`PPfF|ZkuYV;~wUi~nfYsiW?zxA3 z*q0y~j4pAD!A-3qOsPA9>nC*kTbIFvVz@Y<6`gFDF_k|&`~({RdiTxfXmNfHbPe@2 z{(i{)FmRT|j{DH?N9HOVxf{JYlpjW&C!D-YSR78)w02@qB7t8>hf~P&@HWXj4s&NX z)7o6@sA--iq&F37?IB#oNVV6-sTN(4_8wu&huT&`! z<6@OfL{ImkOST?$6+E=pYTUwGdbg=wg(G`wgncQb$*iL5VhnLab%ASZt8&~{0Z_vh#HBs4 zF934Ze|_DG_HQMU9XgrX_O_|mvPgPO$XX+66W|}@(cJpQCTE1X#%ll(IrBx=R_-h> zFVvbCLJJJF9M4C-jv3kZrAq7~4tQ#h-@0KaZmG9mSn(ofD>u2lZhhA^< z#%!fP7dkS`JmS~kVGw-KV$-&mo0?x)EJocPNfXic7CA7+COQ$wi)l|&Ec(5dO&H?i z<3B}=nNykz6&UhxsJX07(E%f>Mt!`M(1wE*SK95T@(S~Ql3vB`J+OtvrMD=!lzCL5X_|Td&&G8DmD#=voF?bd zqnZZX94o=ak@uh~VbYqFMdxe_(Q~BrFsBe+?l!3IA(K;w@$YWQkJB#n&WS#Y@7atU z<2+Bijxmd09 z25V#Fl);M^csdoZPkh$XAs5>52-{a0nJ<-)Wy@*Kn{XPT$3A%!X?hEGmmPIw1-Y@xr!%(fCjOQF?L7fcn9>%k? z%i~APR=>KMiSnh4f(}PZ09$+arU3%Q#7>6<438A18q=~z8HwPf_M6$PBVsR4xqTu@qTNDw6XrPx_GXMzZpo+s~?Uu)k5aM{60P5}*7 zh}cH?-wyzv^pC0X0bg^Y<{Yddu_Uknb8W#-FLYmEhK-&tqpc6V%IUGP<}5P)IPgZ9 zhnwme>K{T1*gE2?ba@SJmoLWF%UWJG=O)~3s=|`*3Pl}I zrgrqO!+pG3%A{Yx{V7 zara3b(Qek6Z~}`Y5!f3PflKd+2POuumDgI$^YFQ=U*lAyC7*KAdv4zVD^FPX()Hty z+aqINirqH!+`+DOS&KXbu*oIjud*8D=u0MTwy(vDa5I*8ug2FEdQDE_a#LAAMC)|< z++BN@z&rk_n{Re;FGQ7xY9tyc1fgJz$^NcSzT`(QR=qrvRWGS*&ij^cvRdw6>+Uz^ zBXoZhmvTpQ$R^Jm;c>gy|2Xuc9JZ#qPR4?%3LLr#V_h48UGI7OG~a;Y?ADqKL;J+R z(`dsFDlZc(pIgsYeqr=uVMW}p$k*(PbZ)lvn+k`IoGrP1C!+G z_VWp+;mH?gE9Mv~ra_X>U6YO}-?Fig|0OtNWb~wH+K|UH;S$!p!9nqZHRxWMO2@#r z-T5;%?y5u6(u+q&1lVQ+defYc#uO29qckDaz`RC3|5qLyuHg{eDJaw|#-Un4V?6qf+$VdCyM(0jlsx`HY$BKzIOVw~ zO3-}rhCYm|i{aqds6jo_n$w64*87O&_!EEed9K#hrbL*PI{L99Uc}nRbPMZXAPejA zlm&`8$|o#j&?=#xlZH^60Z@h0&t(pK00F9=yRcAgM_4LbQ+MP}B?RX;QfZ1>W6r_SNPuY%c`fzVmA(xoX;U8rA*d@c=#J*@!FD#gv)LL?|_PDz6LD*j4n z?#{~ks0iQCL0W~it{dtaZy#L+td?REq`{lHxLL_Uj#6B*42YEv%KvjOC+v{Rtq_^r z?#EV3l-SqfY}~LHcaVdYTMRh@(*ZkGhTWRoEo@w-*PlMfQlJ4$#RO2cMF3G{y(}R) zfej&&6jJg1*4YumGXRo*CkONRKbDKe#W&C0U(45=dw)O>!vI`C;rDNFj3Nc4hiVqY zEx5pf%fFohRwQ0nwc#U1>eYM3F1r0iqLC$$bSvjXdq5pcEY%vD`!8R*w`Vy37DZ6*5H-p8lUzLh8-i+_Rg+~iq;*^z=8{eNz z*c;!nK?Uk^6F^P8bbixJ=W<*+jh>(asc;XQpjXw^ZxbCAsq`jS1j@s#ifl&f8_wtO zsc&*Weyk=Two`G~eR%}7Zq$&XTfg~#fNW?7ME`JJ2?d~*`5=ZbouNH}V2s9mQm75< z66YK<5j$BBI=0-yXh$$Xx8^>DIH8w&c%}D;I8%J@Y-6%I1?`NRDsX}KIgt20K)m*9ba)z8Z(E=>hQLX?abQ>b3}W4`@R{1yUat1 ztZ=QTOYGaF9`?Y?wd*xX*a!9Q;F`7}_AkDT1v!%yV|0{f7C);09${R$I^@~NVmo-F z$*g{+`LB@au%7mRo6nNsz!lEad1v?jD{W+c32(4lwovll6V1Zu*twv)EgL2snP8`2 z=da%O({KVS&~2KhP15%@ZZjKrpHN`J4D5YMqW98t-&-)JA1U^hz_i=;d%N5F{C%D2 z5!83-#55$Q{-cF70RVag)APWYU%9C=02+#VbHL^|fvKP5z|tKlqh}RfAoVYB7j|)# zW;*2`Q{Ew|9KuoiG~!*n^}MDqQ-2igDRCx!rdGJs=D;JTbTzw-`m=|wf1%9(J2IkU zF5_wtp*J4BQQ%oOM&y+)CK{6#_3M>*Bw#b$b(xN5L}-J<9TC|)TN#X|&OWzvA^K4w zf>q@w-}j;>31((^GB`7y3$ztpril7{>iHPzc(XY-aUZVA52@u>0fJYSXKYE9Ce{c4w?UKddQG{KgIv&oOsJFeVDcINBvFo}t zi64qv`^9b2aB8dq>z*b@-L=(UPVtSgwJ-Z{5yP|CVt*(SHL(*+dlot|p@%uFTz1;5 zaa}Lz0IpQ{l0YP$uGFbd)LXFsaaZQY&is}f=t@y~J_&*IDXi%ls$b=1OdeaL&h+&e z(<{lhwsgVT?>@oUMV>DnF`nFXXo$?u50_~@e1Ob~-p7dqsQk-KPJ1@(Df$Wxs#P$bL)8 z<0osR?0ArM;7F!NypV(bp_pjOppFG>xZcGy?CWP(3{nc$W$D-84&W+8qNyklDR(nV zokDs}&gZl1Sf>-fibRITVGT`fRQln|%aI`c1b2G9>vyl$@7Fn_%?t`XD4|aj!Wk_* zLP(zduhfcq?;vpX_18&8FcNFISQ3v;2!I9GGk+$bTW!>&kp2il4dbL9jLFdD7E3MSv8_3THf0;K;Uc4e0@5FOS@ z|9jxofGq#VtS+5j?!@11b_8%L-pd-x$xKNz=Z08sK`Oy`|2h(buMiK?r41FeU*;b^ z@^}k>A#M#5UM|0pAwCc<+Oi3B&ypCtwft88=FH9pF*JWWnrcxMo(u=0*zZeV=2fF$ zDbP}W-~$Ym2XA^xb;>S`rlD#jV;OxX?uY(|Szjb)kk8LP9Q<+9a&c`OwpZToiXd`*suMiPZ zBp1U|LOE81nY9rF+?HX7SCBQ}8FhNS5m=(~Lbe!|918BrwG0Xj;=A2AttJ~FK-s<; zu(c&lGd*o5M2RR#+;o!XpRo7t4t;-ivK4NFu<`Yj(|-T|csk3lsMfX(iz0#u2ug#r zL2f`wx|Ob>Vd(B|1XNN|x5`Og_#V{vn;(1pvGrJMp0)12&x>@W z|B^y0S<7RtV~{zX88`! z7;(hk0Z3naZ$o>eQ3_gWJcr#1OZuL#B zSNZ2u<#2^kUdkU^1^zShG%L*%>!#T*ebe?}XJ_}Yx`x6!Ftx84nkB^vBvY%dB|>Tz zzzA3usfuYc8Md~L+}+MLST7=}cnZ-Tcw>G_x=&*g%sf^XT1dRi7GV;j9y&9xl0r^G?~MBSN4 z;jnZb^XFcgJ;aXd*G5uG_n$TPYF!1}^dF>mw=vU|={(0B7eIkon${ndtngL;VA>2= z5KVWr6NcHj)E)6{uYuCuE~lZp9J0!Tb`%2MU7q5t)XcVii+5J-jGCO^3+~KRyDBH7 z=lJi3j3IriHHCLJancK5>dK{zCYe#m{|0l)T4|Eiq^T ztnYE`w*@@;KG6O5C!G0a9REklF-3dhR(P?6Z56_TlKL8sj2b>vdGJtZkW?%gS+m!KhH^qLsW+E{60{QY;YDaU*}#Ot3;4Qz|4ij}s!1eqa$ zOOsP>zYOjF8KM6n0@%RL4-@Hz0SnWJESGgqfqR*F5TeY1tD>%(`VtC^`a=k+Y~(-`p)ri3)egBewoq0tP^t@YDKNL&Ioh+ z*W^9?7Me&@5l-o>hEe^W-VYg#M>hd6L>j1Vc$;={POGrL0#l88XDlqDi~3TUY+Q!4 zxvH}qhLU!iog$WC*(G%|xAf_=&tEasJ8-31Cg@2Eh(s--;sQ23OBLjYk=Fn1K~8kg zOT*(5Klkb!Gu`}_;I$6@x3R8>0UtNd(nN~Sqw39P$5MZ$IK&slGzpK0Otp~d=WVusj z9C&SA#dce`Ncc04!? z^DRUXQMDqrO-JH36=@HReMv#QlAok-A9Jo2F}dKI z%r7s>A+(%bqPtA{YN#q^P@jrZn1TA2HJ)uew~5@ zyZHa4)Lj1xzMTp|!nD-WkcDNw(D<9NG1w6bZz@XrOk%__gQSv*u!ngvIsDr&K~?rE z+Y+G?%}NTxmKKZAV$zhm7>53i_)d{eq(r+yt)ItF*i5*+q^iFkCDz)eqb=qb+x8jY z+%h7(E9!-Z#y)uJaChPwryj=qT+G5q7s8V?zPE_UM)6Mp>J`mjc8DT)VLo;bAH^qsM5ZBl2z_Oaib#+4A#iKo zCL2D24K?P)(zoj)9~#>_98het^TB%YG(BOGRUa7sdk9Z`Pb)w#aXzQ+Nk=QunDhI& zn^lm71_L8B{QiW_K3?|g_qAUqT{plxyna&gUjpjF!eqQ9$UxVz-d@3jhoG^v94Y+zcl?X4uw~ z6<{spK|K`zX7Mf=^3-M$Hi=#wCq?VOF3@~^6f|5I1YR%|E=m1dotMJGf8zj8tbe?e zUy!6NMvkKUeNtHFIn72*)Kg9Y-KXV>k&^jCJG@X_Cx%f355>xcEfeJXHrjw>1<-8?1JZFt`sJ&? z*4sUcF2rwk4nLn^W|X7Ds|TdRAKOl3yzk^Qd$4d)l!wz3eGK4Wy;)qR0)U;> zE8VYQS7b$brzZ;+wk37rO?*w=;xvqoY)MP6246xF;Bl{VzETxwjc2)R^QzYziM8mZ z%w7J|;#+_Bck$daGCmn6l7(-%)W8&HHS82Jaokhpduj!@6o%#>PaIEHkKk>6Z|qUs z?L)F);vuPD*4R0IDtA(DtHaa+Z|q?wjn?jzR@KHj>drfKjBJR7vkAp?a9JUCnF&fA zc*2UqX;JjzoSd8?1XS2&s`p*MqXj$4iyY}^)P!QmP2Rx($cpd!`nOj{%%*E3-fFh<>i1))X_6Zb(^R%+auKT z4`G(X-2($1d&@mTU=HzMb5d2khA6%yG(?x?Kd^=IZ}oC3SPjkwmWZQp#uJpW>y-^U zj$q6D(|XxWd5B_SG-L>f?^fHsaxjp_SZY}``i4H(P8Jjq_xn8lT;fZgv;;-bZp>=@ zuFojCN7G&b7*KZ8aB%5`C`8%2W0F0#?_O*#g6T+0r(WavI}?A0rEJFpEoe-;ItEUf z{@vQPZ<#WmEajUzwW;StOyXE-LjfEk&tkRqX+b;HL`-Jx-|>wGNs-#3IF6g(NFQ_) zAt9lmEtZ9uYn1IBPmI6FhllkMQUxy+?Byt%`p2IV{)DVxJGtRhTg$0y4G=th=d6<% zQ4sRlS8%duXeEWOnywQKe1;{Z>VrOpISs zeCr)bYiha||7$;s3fxufe50XR@5a(}w$3E5*GX5Z$(+PxO?1=uD>LqZF<3o=8HBr* zS1|SL0BmB1;U!=(tK(ugo-bU{($PWiZs@9fMA;j7ajdJS2nSGae(@)pMOVyD|a@kCLKte_Mmt|{LD8(QGP&Oivs3Ljv8%h zd@@s97g0c9=YPIX7A{in(F>-K5_)D_M&xl(3=?eT&Gwt24h@%01$As6PXWKB9qjQi zK8Y)n2c`Ig^Yw@{;oZ5F+k69Z#nlSmdl;Hu0r@Eks8LhFl#t7sQp5RneYv7QaG>KR z$w0n`e29>7Cg}6Zm3V_oFaq>%u5EAe(bd-vkC{He*2}lrt;K~`_LW?01-f}USrNn+ z3infR3XD7X{=qb=ed1i)HC38LUVlnCz+bLFNDqaRkAB+FS}~!aRghPU7bKT9ic^9; z^^L_W>VF-WYsJ;|LxO_B`or7T555hr&{e*H8D=D1L3XVIrx`uuIKFB1O)dWo*>x0D z>^?UJ+m6qC|MBTrt@rG%PuqTce(gR5@eO`Ut#Eo<=q7MaOASJ9D{q{O#C3~0UKl*i zEqbHsv~NB9az{R6A#%UEHd1!CkJ+`!;6EMj*_47t``YEQe+Qt@)z-!NYJrcIbnJt2~8tM)B?=iT^ZhqBNzZXMoHHjW~j~hVfhJ=W76t zZTo;jPH`KCQC5s;O@2)G4gOj2ow>DVp#^}T$rDuj#0g&&V!>CU3Qjl zBkgY3v~TUG2DxuknD!h)J1iA9Wy>29-fxZ5*uZ1 zO;yPXDd0;HqfRsmlrs&XfgeOK=L_%9R!t;MDVF|7j`tt1Yg7HOGh-v#BC zc#kGpcV}~mHH;Ghv$ORA4l6oms$_NBp8vmQ&(b_t9u)y`(vOW)tXvn9 z?*iZO&#mM93uQvc`d$se(m2r74){P+$<~49CTl5we)`I{yJ^6%iF>G4(z+7)vdB@e z3}STAv%Tfvz7Or}6@I=7S@gIQ+vJx^H@0{}?@URwZ2GxI4pFpXQgvTXyGofQy^LkS za2%=c8ya1JsUEIWk`3enp0lz_DfEY4*MR9W0aD&7!~(NeDVLY*o zR^QM|ZqTb74GOzFyb(q!Yw=5s@O=uiLJ2EyGV+x+E_lFqb{UTBeSCaAM$HOYuwZx_ z>ERdfY)enKrvrgIRC^OoWH4+a{E}^~%D;c3ek-u%QmaBpvh0NnCvGr9_7hQSel#p- zjgSN7Na*z~L^TO|<{Vy+*(L0>uC%uho}&8)KSqmqNXK*wS@Oc+4Xbj3Wgcwo>fI_+ z2120c)ktIfh-~v!S(jKVNDAe&Mzv)C5e$J@aMr%jpWZ<^kpIjKwcb=(?@s=H5JPu; zrBvn+G9e!3HSCqS$#bRJQ((8G6TS=Sf9ew(pIsFd&UHXIdb|9W32({I4z_ya{Ko^r zPJSoNpLyKU*Ue6E_y~-R2lJV##UFf@h40Wxy{-f*%ED$p)I4h$=?YjF4aXnrS0Pet z6`6O61KmbVB~P@O0eoL)RJCGoP$^$@87M8uf6#`juljQnp`HhJLW(FdEd&jLq>~dV zeg<+Ju&HYW{jV>p*B$APs*{@iF10;sy{4V97 zJv3ec{XT^JM(1Ha0zEMucN@(C^RpE1iof66-TqK@a=K%y4YjSd8ccj%Hd$)6!#Y`l z^1`8mErES&T8dYmdnVKFv%XFq2Sd`PgB4cG%P@&}6XmVyJnG6CUq{qT??gK&-$Mla zj8BeG_M<9Xk2b>Q0lwQwQ)6>r>PbE3L|7JFIUR+mqJi@o#d%a+&|u>aZQq9odzM1j z>TK@^7{+iMOh+%uqUT78)G-1rEg<1)1^K=qYZFxie`MK-3^!JLkRuKKX!i8P8hR7y zTh(Ok#_1kKt;`h}L&A0YIB14CVDBTvT3tG@Ez+>oCnT#v1hNwKyR<(Pci@;{zO#zP zB4?{9__|M6D;@_4RLBetoM-_&@Cuy|7ZZ-pQ#S65epm&l4W5P_N%y0G@@W++t1FFbk)N$-EF_8Zd|t_ z1L=+`mZ%w_{;{>VP`jURzjuV2<~L{ZDLWnX^NDN3x)&b4u=xL`Yx|@rBcB4K(-7LhekNw2& z3`F1z-VGRnX{D|)8UD(h5~B9#7W@dylUh>vLv%@aKlZ|l!TLjSD0&8>Q#D~Bsf$VU zJOhvy4+7W6hK7W8JDP_P{u0Sn^$LHCrj;1qb9oJUHlm54yVnlxlhs)3e9WQD4=8ik}iwrGkw z6+3()`TvXhA`g$AtRE4=B-_K}UFzJ#lex9}BwLkOC zb>1vdtvZr4Y_6Sn>PT!xCA$gK-Sz?yGKo?&E);R6OL`JtUxAUR%9)J!L?e$34A+9> zp8es@C%=$HvMEqJb z%{?*RnboZ0#Cy-cVAOM%ZKRbWn^|(AXl*a#B7#wzkGP~1zGg9s_G+g1fwaiklO2ODIXjN>;eij1g_^tUs564?-35mO+u%tuoV!ej$dcVy(;Heb{D zoYfG1C?Iecy#-c;Iv;KTVKNG_+)Ur2#HN)jH^JqaqH)r*s5 zYgCH_$&g;~TM!&tFB?1zn1Y>)Z}Q{EUIB|onLt?0>3?-$6`<#BbPW`+(8M7s4zciuF#J*$`rh5dNPBIhhE#UvSV&@-8TeI>II`_(OXvw3h{UeR)Clv z=a@ac8B4B!Rk`ndSRbQ&=mfV%4};Iv`av;p!g$)wV>?c4JF6pS)s%@@3s|Xqw&E{{ zK>73L!}h)Oh8T8=2U*Zkw{na1;#>h$p{>`&s>)lFhG?T2Lr#yWiA!|z7=7)Q(|p?` zH7jkgxhbZj2=ITnA!DVAjeDK^>aF~6Hn3}@_jcv`%}k!W%JQPHANMoOS>|n?mx$NH zUwa$?24~S_xVO|55;h!{KudiABzAk0s@HfD@Q*KB zA1VGIIk3YlgY*1!iF@#s?3fNIYmo;O+H367L41%BQz@Vc5%^?fO7`Z*E*b3|@ z|J3`^_>W9oZi{ska6^nep9j#)N|6`%j;Z%y?2fN5{A=d0WK9$PX@`Y0L>DxX145;0 z^R*J&Qt{<8v2TP_{*3KbYH;YsyYLrdz_N8Y@nBcqIVJawBD5OuYM#KY6?782EJ#xd zC-oH>YW4qx6DvWj{w`f|trlreRgF*hQPR{{8At1#OR54{q zhP>Wi3C*`pj(Z<+_HMk~eDSqS?09n&hN4y=(P9JLbAy{soAc$1%S+nf0c@EJD%YpkFtf`{f+s>PN5VTSRnit22_?!~D2c+Qab z=DEpV-_+ER#Bm1eOMG9bZ09H4)zCsdJE3 zMY$OB!>#_PC))l5C{!(Ls zxV&WSWPtjTqNd3A{1B$Z2vDw_YO74@Roua~;er%Pwl=1EYzqm#d=K$0yGjpK;^>3M zVxBaLynWCzuHTjQ4;M&m^e+x7rhwxZZSr;|L(VD{bPk2URLZ=MV13z8$t&oCvr3Cs z{ltL2YdJgfScDLOwBskQfhR z8|Xg8NO&P@B5B>!QLmsB$e2!g*PP`a% z^z%Q%V|QypPmagby54|Ze_QH`Gad9=8_c%CRi<3B*=^4930A;4@7P~!*}gV*{l~4r zXMet_#z#TUPRh`;_e0E&{uNqwUeR2KaNZ;QQ_2iPL3X+SyLbp({$?UN18zs@4rVqj zy`0UnCRm7n1Lo414>+B`kQX@*H>KlC05no;B8?$rT8IjN+s}WXU+i%9^;ykYKTdtA zmE5BSyNblm9)PJ5x)Tw!#TZPt8~R*fndh&Q#~=M)8GMwHBm8r(Q#qJn*c|6SY|&J_ zFz-zaC$T;E<4Rx(ePcVNsko!mGtsBv>y^JYo;X^6fD}@U7=3+Uy%>4yKC{^q0$Yrngj|HNKzm5y>U^!0I_im(M zfwntS$Bcqn84>CXM86)a7F$sPdK?JA2QP6itJp4$h=SOX!iP^ zWZYYo%EqUFALIXG7ObvZeGv={cGcLb!}75q10?%*J|vW@+$GcI zRF<%n_x+-G1j>5LYS^vOV82-M5L8D2G$B>)`^YGqMO>;d0WS%3;sMc>Msx^ppg5>v zROKGmY{x$@(x^_#xFuU@{%zFM@6`JpE@my#uj9?{Pl;e|jcT~s#~|cf{YhgI!qJ85Zx}4!uT=O z-44FX2XAY#U9ayQtR;gnuqMW1)6m`0vH6{xc%si9trVy5dso>v_(ti1*43hSDtAo2 zwKF;`iQDL$LJqh<6J|Xa0`KeoJ_-i}`Xo!%OW+ zJ@_$yG9qvDd~0>1NP|^1evOk+0>$aode%Q)q`M)pk1Z?nyCWlAvyM($y@8vz8EW3R zE>uZnwCN*Q6+xkqsi;PErA3)6$8tl-;CFQ0_}ZcJ5I~OerVaiM?H|UlQ?^wA6^Zbr z8lfNC9C?`WtzS7h@nG-jXevb{)YvAqX2_M6PrJQ6&QHUD(SaXqPzieYj5gPmxbHi7 z{ERdeGx`}+nZaT9nVgAX1WWQ6bptMBFbF8cYyg>xPvl>oe$Jv+ZR$msozN zWD}vONY&*@xY1Qc7V0yn6OO20S}NY<$Y)w=pMvLdyJD*q8`ei4EL*mbxB|7UG=>0z=x}q0{}WeFM6l+aYx>nz0#0|CNz1g1)J*LXHQDlMoOrw&1YhCk;cow zWaZMI0inHu@t*A~qiGTJ+S9;1z+(F71NTtm^8D+M75|~} z$KE_kf48t;^nf=PUfgd3EvqeOdCHXkQ3yW&rP;}*vIxW-AO>m9^E3AaV|C&zbW)L* z{Zs$HSlD{4aAx(Sl8S_4RBN{DhDS7P;9Is!{9=NLB|e|;daf-yR(}`MFkZ=t@lLKj z`4JuM@!V;c)%Zykh38#Gjp`?lqYOrmaQ2lR?sVO%$BL-!&Sy+f6|Y$_N(WVoCF{SB z_3MAHZ!yq@o1be5syW?cg$Nz+s@o$G6S}`7;`6N$4{iVQjWj${`&T!5NNnF&^Um0{ zrQL7eTHlf>hhIK4Ufn1(UD9MJz`}jdn!b84^elv|m3cI#uugYEQ*D5b3_7aaHDT1< zU4XL;&nD;*$HG*xo$dJjAN~-)+AQNV9Qw4u#+q7lM&UV+9=?*Q@|E-=*n7qTd87up zSu9w#{8L%6QemwJGGBoF_xHE{=XokXmk^(XBqUBYz#pj^p9C>AYt+I$%_Qjo6g=g| z+RsoHx-PA$%Cd~jhnGfEc1=nDwFg?XU5VACVLi6;4eg zfBgE{N44IYz3!t8(x9OqepbfDpD7mmx5C|?NrsV1;Iw{atwl*q_yDB@J=Ia|#6Rre zSe70LYDsE_gb`?Ht?2K%&PbRrPHL6ZuH_Zlb{~20<};6=QwexBeI_e~RYmPOxLWrd zn9LTr2>g-G_#u3yOAjg-GXzL(Y-s)KAMwN+z=&g8{O#xdEw#?NjcJ)1f_-9-ru|bA zFE4L+etDp?>GDdq(2!di?Ba!`JiBRgM1Pr=i~Rnb9}(;O>F|6-@Rn_CFs|~uFtzIj zpOzc;vad|_CH|nWRU1N(RUh!;jhx|ulk2=*GCPMrOzh{&VPmm~yF-e-po&=pdyfJ2 z&ZUB2jZPvtZi!2{(1O4t<2W4wWDkfvE9 z;+*l!8Vu`1`c9pVp1~eW;pO*q3b|gF>zO|MyMp`G?wsiiCbtpPH{bLvFmU(Va?tJ( zgl;s0!3sU@o|~-}D8$@OvjsV!DfXxhmv(k1nA{+o9F0qUCP&L1?fLk zPvC9YxcZNUwUy8Bf;ZBeTTp{7fhI?-rvi)>FUHLifpIY$5UdjfIW;kX_%Zd>V;g&F z+7*uu?~g_C{glB$yYiZR0+^^3*-oa_(K2}mzYejo*C*k<}I`n=>Sb6Km`+?L2 zAz8GYGaSs`oq2;qYYW%?zC5;5dATgMamZP`hNZ~F#Om18FVCLcy0wIxot^EpIl<27 zx%WjvQnEHV70skDYbP`Qeq4n!GOK85?l|go4Sf0ORZI zk5bi>eP~z93NjYgb8ji;_FeTJ$?;~IyEZy`YwQX#A8pK;R;}yPwuhBz$EILVm&DKY z(k2tT5v1-F@5~aZi>1WBoNPAv^_TEKzcHFdWd&WZT`;%ZelCI$K;xt&kA*$Bnf$_< zx&=F5HrooBvRpn_HsBFY+g^0grGAd{3t)HKMLbHnBtF*3{!YSAZt%b3L1ng9<8oC# zy07(itKMajTVFv}koJ3XCFM)YqQ|!OOt-)%S{C012Yge@n$8-~;Q3!0PWzXSmSJZZ zBp-AY3(uGjo~FL>|0++Nb3G_%A41XSo&rA+#jwYV>ZqihAe+>2^SfLcpQC6msx)r6 z|8_jekF0`>D>~~{6}|te!pbw{eaJppcp5+-^&q!|IB@uFQ8voRH=Akj?M0UnqGOHd zu@bx*sC$>g74CX(*s8Q}&-FLn7sCj>6@k3VOWpM1ujdVcj?_$dPgXJiTyWnnbF)8x zkVMLEKGo?(j>)>{8i?4%K8n;k!smN_&pc&6@hF``K-OcOD|+tA??K*fb(K!V_Ug3r z+clQS({ZY3K9V43!gi)>tms`vv*{#eoXWAcKNjk%WeO)pa@RWXRSJChv7DabAR|*Z z8-6V`rqy&c;<>Lgy-zzIJ!f4n7H3a)@l7i{`Iecx_JxMvM?rv|CN76-MB35ndAF5s zZYMUML$g=tlNm*^`Uf#1`y3}#@ffgsCRtTE9dB=8hb(i+sV_LA-`qy0F1pU0n{P1` z!>fB2^Us|6eRR6z%O}fv`diZXKbRP;Ahct7=&nwh`pl?$)u-MV`rrLz;xQ=hhOIq8 zTUNU#%Xmx8CWNY425Apgj>3l3w*yV=G@6IzUJHP1se)B(%Lqtm8&oA$Qbz`{==x_ZtQ~!oAiq!X_X@c!0 zUv~AA9!B$(pBwva*@W(?&Jip^$iO8-^UN6Ji|Zd#l3I{Ds6K->|5ABbL`9X{emx1# z)rP*{F06+y-L@W=UHa`upk0_p?jdN=AkmLvWp66i=eK3wZ}0gf%F{C>Lz&)TP960k zAZc`}Wfe1-jodf#=EuJ^N!c=X^IhKQ!x#TvI5d6ob1>e4Gf{alA>Xq{74)WIw>rP1 zVrU&Y|L`o*sLHjWj=QZ8bY^aQ)Rgt?-0XrXuflLp%qAqWIV%=^q{ZD=5ZoKLbtisI zc8QJeMAj-oqszEKCTPp)ES=e>@n=pPv^?MZQ?Z|q31hQ)wOb`sOwjF#5s^EH{K)81 zZ+@8qv&OMoHalIG*p2S*B+y-=s|Z81;FLa*(X}TOXn(Gh=-(Af^wzKwSoZLJ_X@2! zThS$OXw);}nKa@i;OiLBT2OgmrmKEQ;d-Yllg9t;K*p+g8hDMA67I&iBxcE-cwTLu zFrf```X5>&S2n8#oIDH|hndgsGBOYfUWf}f;F>hZ2(~lf`G3@i33?^ds;$#?TQt4G zTz!Lg6t^X9V~A$Z50ro)@_a@XWok z(O19=L$MBNkzB+W=3PCWK)XV%$Z960XdO>j{E)nF(n|HF`jRn5%Sp&Y-)%OlUu$3W z*D2KF`J-|vyTpRz$=|0h<2ai0)O!=aC0{&B3j6vJN}E4rgyilc-ETMF+P}33fwAj* z?tb^kO@8ye{J=4TujNpy2(~ovCZI+2oNwoa?W8?SCVO(R+_imwn$co7u4LjEPsyK8{dqoiXBK8=t07@q6KA57ZiD`{hwoV9J?lpU2@E?CR8wc{FigO zyIW)1kk;?k0vn;XQ99~`1@{v2b&@jK@S$}0#ek9PsvDP$&?s#6h*uhm)F88fC%=hN zpL`j@c{k?x)j$+-Q+Vskn%M1>*|2`#7w*uiekBf=GCEZ{R zjniipX{??YQg~cg#w)RJB_%JOm2-qV50~igYC@wP`VMaG)~UEJMmYJFO96! zg;~j7D+Nbjed+Grr{Sirh}46;I52r?j=eSXLiIMp$S*lvvL%RgKzK5xy5|=fUHPg| z>Xf3wgOr`|h`HYt%mZ$zcgGZ*p=_otwS6A(G7%bYOh!EjIk(Mj!$+)9+@V!%Y2yB9 z)VF42)kofL(8SKF<9{W?iCLgSP0Gy8JHLyFQ5BNDdE(!uQ4eSZv)tHpk-9dUQ~>Sm zc)j%FaFV-}R-9{{RkA~XUUanllqwIH=|>voBO;Ra{kxccdo(Y82yH|L3q3XRJAFfI zu7LfvH?sec~zq`RBBh_q^^$tH0`@0E;19z`k!L4!lx@CC_q5=Fs$e43Cp4+ECVtE0FrD{tyY&C!v0SUe)t1A{3m~caQku zUJArPcwzs^C%%rCTpas8efN`3lQ7YfPp6YGYK);Q$xdZusC679XwUQaD9a<1qLSF1NO+UfKKb*cz;F4kxoC}Yr~ zF|y6P)~N?Y@6@jzBdl0^WZ2HnCHkDlUoNa<1^0O7ZI~r-Loy`6?B41s< z-aqL0FO%*hK}Y!CDFzyBs7=%w2LrljQQie08pGXJG{mH-Kxi_LzCt4>?J>I6vkof69n2bB z-sH38j0ay=G5I9lnk(MBISAoSYs94$zyj>SYa5v+3ZC|Fq@*=@Xsq#0W*8l7^M9j-WV8+lCt7B~59M!8 zPFYpj{PMJE9p8so7dcIuX&fx5v-yIZEwie^GNu&8(w+I+$3`M|8Rfx!votP3BFqf8 z7t-R;_=Moqi(P#L-1g_50^1yM=NU^9xhVu*Yyo2*d?_7_27OS`cVUO|M%W#1qT%0~ zZ}ShP4B$I`+Q0f|K%O+4A;;=71ig_B+!v70h=@u!mfm=6MZ?L0tV)3r4Jy`cetw=~ zwS#K8`fhXA9XtW*kK{aMg1cZj`I+*8| z^^fj}H>cj#Y2*6jwlHTj2J?qzPWjJRW}WQ)t9W|>?m{o4vxqTX&-;-^pT1ORH^c55 zWX>iN@v+Cnd&1pMN4|+Xb@CEvelT#9B4{!Il^0R*31!JXh|r19u{v zi=$hDFuFq@J^P}PE90by&>t>eURJ5JP{zW>jyv2K>pI#(Ezg{9^CJwb_1fP`pZ8o{ zo-gM_b;ts`m5pKpdyaGuXvc8S*O1@bWEXgcKb00D11mTFWi0_l^{u_Zxy*92T-&Etx2@FWv>PwO<_?f%5jZYeTsu(3&Fk4=6CY^GfHIV2Zk@ZISkwf}N ze2XpF^-Nh(#BliTx(~guzAbP-7%~#b0j1fmlkI3K^y1CT(OxN}JUr&7ih}+=F&do2 zcuOZIq6QdEdwgR3geRf5Z|?Xj)!vkK^NIBk?IR1{`S--#sX(usrFxo?kV*X$0fS7E zHI9$pNsKh64+i+ZZ@0UJ{xk`HomnUxx-)yYi-!}Q;P73MsWUu+RQagHyB@I80FMtD+CZ&*e%28;>G#dSIh5dWv2PSswtzv$gip4{Oq@o?SCocx?` zb;~2Pj76*6Q=dMXrz&kV5sE}PsTVSe(&fwU5|d55Di@>1(B9`0!%b}eXJ)H^TbEV^ zo0T`s1sWj}UV(*>nDGyIiIJ33vK4vqUr;!D%RzWEiD0gfKR793Os`&-t$Jqor%9DM zp3vZUFJfy7K?<)b(Snao^Eoetjltzok6!eBg}bI#ZaMl0@=vY}OB_C`)_IEvob*x0mdp=}s38#G)l>1^rhDeJjCY2NGQHTEVEemoCmfPD96 zyp4O0)&;!kn~rDMdJFZ!@n;Dlo@{l{Imwg~b^N>JTh#32Fu zS3ERFUd4R|W@3!OJoTltQ{*R-MZ!gh!D|lvzH=p7r>XNVRdn<&N={L2y>ku1p24ea zl_4{+qb*}4K9_m2h401bo8fd7YX~}Y?JTZLx+RRl|HU4}%@{g~Od9>V)`R=Kq@45| zd(%`rnS$QxfE)a*w%%MZnR|<$&uJ;da<<+b5pjKD>}mCzn$PE?)Urn=CHwqv{6kM? z^-L^4<)m;o`W?m_a(EvxSIj&i^AR+>@bJ9Y?U0LhadD}fbo*J-K}AjtMsrG?pH{m3 zQu#GfpD35YJ7j|xMuF8_m7{IvjhkOEnk**BNoGZmzG&#-i|Lt!0nvfr%~VN;ly{~Q z)Jo_0DwV-3`Qq&+SPY%7$NCcroc(A_>m~Y@PMHGKws_D#c?KNH5>MV;j1Ssn{Eyyi z=3`o%_;JS%cCC{QET1wSox(AVu&t{}Pa)bK*Aq|U8)dmY9K6JIhgsh7kenlc#U znKZbQ^M%tn+L&{!MqwP*M^SrQ?juXUg>qM4uPyGH`Pq(Np+yOrt^1x$Tc05|rnQJJ zt0pQfp;nf2$Gd|{t6p`?r{0ATng6vEM`5TaW^%KLez4N(c#)~V?yG^cq??^Y`3M{5 zslnCd6IgVtRwDqyie^?W-72uhHS_X6You0(X^%!{BGi{9o>9+e^(NEiP=$15q6zEa z3ZpG^$jM9YKc`}rZjR?nS~t^$PYTaDxED) zr65mAP9{Mt{HK5S_Ri|hErR+kBImS2f>T){Q!p?iZ)A% z3y=5;P7Y~%LtUxvy(%ivgpCJ7B7sjYnRCtVS(GvjT=G$A{Ye3+CH-)a>V%AH(L=`V zot-iEsRqVX-p6*HHeYi%HkY#r$jGdwKA8p2RQ{q;ZCZyFeX$t&oVTf*E#`^Es?s`r zHAutrA79Z+%W2K-Pql+%x>Z)=+~d+wPvT2|JE$Jbd|*P9ZA@TFponz1U;EfadmpFX7+iI>MDk}O^_0WAJugBZCLna6VNB+E6 zt72&@#=h+?VQ_G8YVp{5yy5pRS|d-f@@5*nk|O}ubBN$kT$M1dMuC!HSK`jJy=Y_g zd~A1opR1Kc>EY$^as2vdQBMq=bng)qRRWLj*q5KIw$Dt*26x$c8+bZ{D~}Yri{1Ol zkv3|p`JhsF98&IG8u+@|&rm|Dyk4jDZ^Av4Jd6(unfNTOBp!EzUe z&|8!2Q@pEh6|OWHw#h&5=~%Ryg+{CO9gvx`VtF=X$PA{Vi1>@FSyUmdDf7 zFb9fp=>n5wceFa2ucuTRl9EXHe9u0?86Y5%`!%_5cWOAsOv+_dsRmQ)GUGi21 z6L+!}{M&DP#}vX?3?D3oev)}~>(=$b8wpXh0rPey zDiXv6!>&g>LLK)fmDYu+a+6%V4C&?FFgevxoVpqLLDvS1*jdj3v%uo>D(r}Xdn)1J zsV+JApC5^y70MLyJ*(_Z;gbFK{kyHK*fYh9%3Kd(eUI!PFbL`s@#SeSsPrc}X@dpl z-UOeKtAc{(Iz1jYR#KKxgL@gcmlw~(#N{WAudgo4Z6-N%WHT_*p_6$Z0XMGWhil{a zZ{Pl=W(1>WGG(C18Ip-1R4oO5k8k(^k9g-O>cs?YNcmoSRiMm{-xhAGJm(CQpNfiJ z=-MVWhqB4hQ2!QKTA`-H5qQ%>b-I6;n(>Xjn-au+6_0y}TGW3tfI4aJ^To2TnWerIo_8qXsscz5uZNx`{MZ@La?x~*e_>X((@Hl z&B`^rks3ioJT}t?-3+n`FMDpn=yJ6xHx(D;Rm&%4NEf?Sky%u9)~%jbWIr-{m-zZl zO{z!VHqY6R9%PA{Bp*v+JnBt-PEGG0MWgaE?)JFuSr1z6PB`vp$Qu`2twVKSf~munHFdzFi}>In%NP}y(j_E;uggp9rMYv}fz1Zg|pfZ|oBOUeQ< zrW4;K!Or$qZ~J7T)2U;wOqx$l8Nz|i-%rL10z8@HyCai}ednCtr3FK~Zrs+}A3e@v zk7`rfURE3epbo9`YHu0K8;~f-Wq2O({hBDt0ZC6sWm{`&X9tx(J(d4KOyT+7@L;wR zSf-pzNqR6L4)uDoG7yFLZH#)Gedl954DwT029R2zdrOa^WI;GrSR~}T9S`D|r#D&H zJ*qY9DWNluhL_f3y`Q*vFC6pzFV9>Z_q}Ad-RgwsW_-Sz94Qn7y%2)OYD#(X=L%#m zEuQB{MJ0gDg}w&S8W+@T zqn}WHTg8cabo_tpy=Od|Z680ZrFv;E)mF!a79FVFnzgITrbVf(wRcI;*y`$3GgfT1 zYp);CtCKL6Lxt0!;tqblin9_MlVe&6+zZ|N|Ki2#Sm zH-`+5mkmo^Xf3rjtzuDDtTHScEkkh6$d=5|lh?ePN{EJ>A?v79Zo%oQUkE6z>7me* z30j-Rj~s&SsMhB%pPG8t_M;vkgw~Tc>9o8lcsh8_&O1ID}Rg`rcKyjodz$6)O3iHTohwZ7QBUgSLI{0V} zMMm~PxuL_*3Gt|`Q3!9Da&_#v{a0?V`;K5FHQ1xS@nShvCD9HI+b@vUed~hiW9YO``5?6f=8$X#ZKDEGWDJZuKsAB??TyV-k{->sy8zHA>lQOtBPT*i+Y@KsMxX1+;@HsvyAB2BR=>r9Y;;%`1tO{ zfn8JG;4Yy8GXcTg3x^LIWgN}8WNQ$*b`;vD7^26HyPmg}aobT#f41u>2a=sPR`v@< zefQ}o2rX+>MY$#Zm3A{IwpH|EMM`S8>*}le-3U(g@qegF{Y=vbZHcEpJ#Rg+5fGJ6 z#8`SDhUCn;;2zwJKNXp=r*8Lxdetf6j#<~`y(3;vcswjF7m#aC#+fnVVrP_JEqJ~; zw)&Bo^(L6yh&XjDg!hzEqRoc+_|L^E9jCxXyFBLEL|#Q=L!@ZEjP>DWC*FRP6`xo4 zB7=f&y#L-?^3D~H65W%AV}XIwQLv;nq2t#q>r?4hdxqIU*Jlifsa+mD!;3pFxXG4S zteg5YoYuSeSBp`o3S9(!ap; zYik!3;F&KGF)zPS3c4<#IC1e8N6scpwM4e@1n*sdcEQC7jMWF@GBFPfxzw=uVc+-> z=;Dbk@I(jbM&w+Ht9Y)%SwYV6(Fk)%(=61+?H77Py?XWoNJPd#9;Y4jRe zlBIo?Qz2d_7CNb5S}K_T_Irjh##~9prvq*7AN(p}U>$vMJ%+q_w1)}hVu{g)2A zR7KzGm3UH)>qpY|S8~7#-8?qghBJ6{5!U3;DH+8PdAgE?h8DQ@FM1pTUFwR*FBG?K zSea>kcsh@j*sa0m-U&a0Is~oO-(EM2E)9*a>82|RRylOVf}*hPB`b+fLPCF?*dq>{ zRdL|a)u`q2fFQ1+`d_TtZ~uCW@gIWiw{I~_-m>(ENd5nLt={}a-2Tt^wr>3Y-`k2N z7Jo^o8UW*6Tv-@G$o<78l4iel(f?j5-l;9oUzEpiM^az5-TJh~dSA=bc5K*L`pF+* zY#Z?;dEbPyRskBIk+k*K&lCS5>ppsA1*2k=Aa2J0>C-0(zfON_`J-D3YB=?k9f!k` z_5tE$e{%7Qvz`}{9e;*!(-{Y~-^^MIx8%(I?rqEWw^?RxtwV%i4VzcNqv)fo&LnFw9L{P`ME{(a*Ij0+&S&Zwa z2RWA)n>5LP3NXbH79_R~UH(5G=SJoQ=!$&2kACV@IFT8O1RbVB<)3914Ms1UK+FNR zqWUo&WmjTnJqST}t2ExvJka%D2=t@87?VIz-I&nrWAyq<8?BwMApN($1|&D@?<8X;e@rS;~91 z=&_lF;MlQ0F7KpnEy+%_equa4-QBPpo0-W=xKs&zaD`@N>Dv22F9T>}QsmJc%0S`z zFwsi=#gWstKfkh6dQRO{s8!Fp`C>Y~VddIzxdVOm*7HsXc=-3V#ST5%yk8tqmT3~2 zcg4j;rTU!#?q=7U`RSy2&TE$2$5>fwnr?h=O#!2X_^o*xhEZ-QV7Nfj=x9@eVPWj5 z79%T{bSzk524eNou}s8g0LsgqxW(21_yX-s7tm%K#e;gYy%Q;E3oPiU)BnCT__`0| zJ%Eu-Qf17D3u05YmO!M7vsU8l<|XJFReu^6nd*Rj=`Pqm9wx(gs1s+C*B=;Lq)lrv z;>}?ZOotB>Om99&B@O~sqAhrTDG_*C2tu)-z;l|&3IokvYmW-u*6g?4Y*ifMfN#9y zklGSNL~N8QtVDOE$P#eX{e<*`d;tUO}p z6{-{MbyAW@Y|789BDv)r6V-)eWQ@Ri7wq|y|96BhD&U>(ttSkYM|L!7=KW zR~XJ(tLosjpO{W%t;nDglTFm`>a|?xWJ2{nPcgw3OQ}&&Ql#k<2MN{a##}}EfHllD zwknY3Ge0up2jAN!PJf#O`XT{Cc##UEe3d5Pou}VRfrRMPfCH@Ul(#Wz)Ln9Tz zt)R47OPza!@}Mj{@DZDM3ZDSuLXp%@hj-e4e0k-jcXQ`DuH_wZt%TSGo??APV{DZu zw_mDMNPY0WTIV$^!7rWb<{n-48%&`h4s~s9JCh1)SyBQ6Qut|#!~i+?&%Z^?(Avos zK1c}0K;`KgK8;KD;hq4eqVxgWxR7B1FPNVaJ0qMxTT1->09%FD8AI#U8W(&*lrp!+ z!GqGm-hKy5DKdU$7B9uL66f_?@WnCF(Z|8PERDNz|1%1mAZ8&%-JHKvWl!f#G}kwA z2Wo-($>&FHcUyS0CYq@!1im~DGb^sW4;xMUK_+!iLJi9-FD?7@=LHHh_^zN}=uljh zLyrt~jXI%~6GUhBvLJS!Jbzx)BkG)Bl!^@RFmIp1iF{k&gO>Q&C7WYjAD-(*@Hu(< zv>k3K0&kTF!dn&c)hm8}%Lxi&=5M_}|IZ5g)zgD{d9Y5@Wmxe(ZAHalY(D{{y=c}r z54w`-U%YzN0h<5BvgTd=1zeE;u-L{!;J`6RNAy00s-N zlDDR}iRseh1-B6k{}Pb5r2(dHTrjD#4oxGE9y#-;1g++7L~^W3a1i@ftDa$HH(`qp z)ze)m>m4wq;EkjO^f@`NueJwpls(7WWv6tulPfSQ{gJyp@_re&jLqS> za(c7-@+yEOYVcW!W#y7pXC%T4?`7RYNqd96Mc_oYP2=Nlni|hbq`APt(CLEb5CJsy z-`Czh>+&9v{mFUtP#ou}6INAnumu-H(eIejMra2l$X zobrav+nWk-muYo5pT#8Y)aw^iC*O;a>C~2F*D8w!pZMXb;CBsUwG%pswhZlSpK7@~ z5=0R(9&|l$G73+~(N`kQ3zs!*qLIF!rB2fB1Kh`g@g0MHqdyW>Y)zGRRWAVj4uxh(iWRG_#V=Vkb}csK3da{JSpHQZo2W>nja z(amHOzoS%*^426H`{h!?2g2^WLq-Q-rBPV*(9!m}`z!4TJw>te@=vvU_jiwqClPd0 zltne}n)fsh{Mm@kp!mpRmiu{#o$-Jjl0arjle~Z0^~q5(nC%k(x_G3dDy*LBBx&tW3hED{9`l&`5y`RytZN=ey7 zHBjzMlY3NThpUt%{OIw_DB}{-2Ph8$fBwabu0<}ux9$awSoVOT(7|!y-zbmKy8F(! z4}3Fj))VBEOz9*uIJiHQt8OCy3`EV-Qz=6Ywa`p-Nd|Ak$r;C-*rw)zDPPP$HP zyM{C000)O=f&vMb-_takIxv+(Ea1-9K&V`^a_@ybn`w{VG-}gw;-ajT5${bjvwcmw z1>(SB?ja#&}dtWKiD}F(X)lxNp~$Lcsm~0blUw zImUNo*v9O?%aMU$mFJ&BR7>w;4TiBKc(}4n*0-jjkex;Q{w_IS zw;Su8XMWI~dhH97y7QBte2M0d{Zr2x!^!R7Bo|F9ZRobO7zYZNr4uHYpr+0z?!Gz% z)cQdGtsKL7EK2RNUb-Sb4F*aI9gD=0(1Ejw;^I*%Yqy`nrFlUiO3Hmugj;Xn!K5r! zzd0>psLt)b>nUj2Sm$;^&P2$POTB(vrb%kmNK&%Qv_`1S4@?1Vw+cUlk=s*p$0&(yJ)}l4_gZ=nK9~(^Pb}kA^54|%EknLa0Vm1gNWG*g?om&(AwYo! z79G+ivH?}bziJrO0W>hllL2E;O+=eH+fP;B-_y@gKS7w{er4ufKgi_laL6KYC0{R* z;J0y=N;;oZLR9N%Sc$m_R`};bm~ZC^oe%f1-GPIp1}%&EjG%Zhx~962ytFgoQWh^< zT6c4AxLV_LlSBcJ;*%R7l*c9#I`DN;98$zQ1~tJflGI5>xUA*%I9*(0F6h}>ZsJMB(k3VCXDzyEv5O8se96cyO~5$zW$?oq zTDDy~K!I(yJX+7+5r}!kEkVqAm0lFVDIFWico+$TZx)-(R>Y^m+@?y?8alnh6GYiv zQUmg`#4Hsbecz9pgKrNzWVAn@2$H19)VosA=7HnAEfT*iqW|n_ zr#MAQOsu7?m(360_l{K?aei!gME8?)8?SC-l61yR+|O1MU@;niCjticpns8Jp|jbP zQ}27`3;quFgKqsF9lMx{R9~iB_fId5*Jv4)S@MBnEFoM>$OZgdf}@4F#oni|!>%rk z{1IGQNQtu}ri~y9D=CvSm6ZjZqGtVNx8I!fvP+Sf{mWhB={q)VMMqTDo$v(yFYcy} zy$*%?xvpKg!?D6f1&-~;R)ICA$VV<4gKkT|M)UMACKxkJ<@ThlzZL%Ze3-p|Dl2sK z#E&19o?n;=Lj3)!AX`&AqYUgxrnTb2b7;pi4y;1d(}u;ghhe?7D?^W-dp)o(#&Ex4 zrf?H)Q;*1wNmdO@g+XnWZd~f$l97T(B{6O#c#K8KB?@EAhTQk?F@yRdVg!q zW9_t8pE;*`rqiTgptK3R3?)Hq*DzSojOXQ@6ZW4F*M14-|GB{-m|s#?i3nyUm(^;4 zNxyIFGbjN|UMACDX!dDgud&_t}PAareCPfS7=^e>7?~W%!=`)fKKX_L}`}=vNFG3y6y9@ zo>UFat0viZbuvQVCBqdw#^b{D`)@Lumo@&>WKTs~|9H-HU{u&hMD|m`lEPDUnGh+t zc=5tT$!Dm57wfa~b?W8yn|TDYf_njXt=W2-i!DpgET?oMxf6G{$sGrXTMOF-ErC7h zWBmOdUL4U6ybfe@Xi!~RQODmzMkWAsoDS1(e$dpao|Lj_qTrM@qp zDq#SDlw;YnlefQtl;r9En#=XihBNcJ z_$*Gf+?oO014`P`x%NIIngaJ(&(T=FG0|LU{ple4A8BX&I`z`z?Ocd?J&aK*n@Is{ z+eEJwkO9(vEB%^PqURVPlJG!uuv6KgDj33Qv6WFhZ z;>M+-^%*%qo6YBhD@F!@MxyfZw<81+cG8~J3v_?gZ89lX!^=Zm7r8i2^MT(RbMemG z?{*0~Zv@oMs!r2POR0wC*4P`fjoX#Wc9wh&!A_{3gGEM2SKI>VNGgGjr4U47RSxGE z#Kw?Th7)r;;$-k`V5|R|rE+lbD`&um1J%g~8lP1>o~_$P2-H0Y`y?Gbj)zYo+rg0m zPa|KK#ACc>gdl`u+X3*}Y)2(Ywa?b9^f5t!g_EPfpk>azOIZN-1%E57{MH`bctMVy z{?V~VCfA;>sJfXxY3~8}d+lqlE#cfPIw>;o^4<&Sl1EX@J9#rl4-%_H{mfXSRq(K| z(kS~Pl_!%b8ORcYhKQY1NWnA%b?u^NG98(rdhOn6^6j8_C2To5E&;=V(!x;yPw2trwN+OGXPn1` zrR>%E$9H6feN2_szOt`>3}Z_c>0W6jquTfbl_Sq7KQ2`Y9RydtFwnhMxoe}?%Dhi| z{Y|bNmsY%(XxL#DzAF3uD^V(Yf1eUNCt}mmEC8xxzYm)c4*mx3dzMu8cdP#7mbwS3 zoC`cr8N7f5Qg+B}z%r1AhLSEv-TC*rgRi@xzm`4U$;0L@nKjI;LED4)17{tV`ih6` zu-oYFO53%^$bEtb|Fe7XA|{&c@xlTG-$ixrUi+-iFLL$2y{+``;bu?u6FV&wCwpM* z0^z2%{p5{&jtBq+iD)H=$dHOmN~LX9;*HIbA12#74eQtW_!*v&a3zAwRp3B2c%Pj; z_56!;t3j9&2wrl2UXFkP7nxbRV)9@eXbQW~b8>N<$of4$Z7!>kArb%nSsnf)Kd|Ft z-`gGS&wwBiY&CN6$>w}>pugSNh`0Xb>kq+c@39l_j<9dV+06yC^@+^;r_Q*9c=j3E zzM$UW(Q5LeB$Qe-v;%F3wza2bl*O2pT4ddU!8h|eb5r_wHJ<*3090;ymDPs_MLylc zm#eE!hHG3BS!}8C2NX&O1yTyZW#dh0#2;lj77Z?4OGfu{N*?-42Lxmscsu&o}xc(Irr%0h<+rc0J%Fc6Zt z0-R#(9HApwwzlM=H)&8351Z}27Fzkn=_+a0ia2aKi>~&xVGodZ=#H`vG`IwI8|NBl z{Tk;7CbjNqyFXI%0ULOgSfU2P$a29hRXGYzb$n9EJZ-GL@yx?#*pB~r&}=6MOJ$2c zp~9vCUYxeFox?G7SaGuskiFW?JL{l)nPDftV6ZxNZc7g+(#}v19rZ}36wWIucPJ1R zW5(V3v?sb!YOfPvUtUs3I-5_@jKgvQH9BPcgh54YK0K>wpzJl^8x4O9X<4%YAJc{q zaMe;&D%;o-_lcxlqSI0+nnzhp@gK=R5rGo@?E%=*`*_$)Z*S`Fr@_9M=_Uu4(Hx3i zst-5{=+6$8dSksZi%hB#z5g;M>?|FTHw_-O6P+EYgxJLPNv5w*vJ2b0=edqnc+RACc`_y3m>=IcE zHrB6upqO>**lyT*EPLDtPdEQG`NoNVO1RYZ5v^#2juR2er7xQm zJDE!LlCR(A*G-y~{L3V4L_qg1@uO$Ow4and!>Lt?`C{t*pA*Z;!wE)-R$_^@&NJkC z)fFoqy&d!H152{LEAHGLZ5mEo(xgWFRNZsMWl^k3cl`oBKvlAVQH|+?H&0P_GPv0L zZ_ES8OFjIIXev3U*iENNG(|SWyRUfT_Zw{Xk=cwV>UF$N*-8veS)O;I><~=4Gn;Ov zEyuG9jEcw2v?0{ca#a6*9a$u=>k_7cXtDksNI?nJ7*v|#-jP|u(KKIe1m{!wnD0a~>`o6dOT5Xk`$dZTqCKu2jM)F6 z&z#Lj5h>?19HE9Dp3aU^PB?a6zP&G7&2FT6#dd6@2FOF*;KVWCnZ4$~rISA&lW1QyxT1 z-@|+`zWaoYwHznX$H{96x*S4s^!Q$ctXfiwcE5dB=e0hvIgbZgCqtp7*dSkb_UIoR zcYpvTo$}1(2ANHzQ~UUnG+7U2geqVGZF1j{K_gjEnpiqfa6h}thM-VBIu(HWMjp-V zVdT8m@kpQOb(Hj|mD)s!*VILfG!4*6C|F#rYGeSCDm7JG71-Vm= z`6Wm7jOS_1zS_3On-dRfXGpCe;0;rFcy~!N_{s1 z{=ve>(EVu;yB#~?z0mr=*viiA!1Pl{-s+GZsB0gv-z2g}5+@|ffX5x6z7B1AFk(Bq zo}!>#N8awyUskmLysK?)2xw>^=}xBAO&SPh*ITY{$RG8jEmZ~*WDfF$nil{bWxb=( zYNlPr%~fjzG?{8>?}k2+TZz9>p*MJc5w{HUv9cbPEDCUa89-GJ7U83P#{-R%Wj);e zf8*pBLKdT->Y5=3azp(Iz)lDgg)nSRS@*{h1HaXR3=DFIKH*Fzx7Ma4W)OPQUmeDPa8@=kC7m-$3ai&~%!M=W7A5JtH;TJZ(-wqB*lswvol ztp^PV-rnxtKMQmnZXCK@PKo?-zw$}Hpk&Fg_xI{0#dGKJ3D_L6U{hMY8%5WbBh(t` z?z|?N0;eH+44~v&8QGMtfKcbC+qY9=i5dPzmVopzh%AS-m;qnh=ondyLt#@%(5y7I zK1~;*m;(K&BlQ7CSy*CZC!SeoCWr{$detlvUu1Y~$xp>E7$^hpzdbE3MjiLf*qHNd z`1|F{_7Q29PR0M+ssDa4hj+`n4tu=RQMmXekEf=F?CYKOd7VH$?IvoIrW|N$8Av%j zT;(72j#J50Gw#YG|5$k-Tl$k@z51MrkG3V8^1!J#Gi%9HQd{pY70d4cr)K{1nYJHw zo}F4n^WR*I3Dr}+02ZuUQ1U5v^Sg4mQ&FI&rBxuU+@ zOyqXzpB37s;Nf0iY;1pN#R{il6Hpv*Tz_)!Z7A-|yu`~UMMDUN?@^?g#}c^ZpY}36 zF)qG$L9Eww9(~;LcS;X>%gd)8e!`7uWl&FD0bWI0azdAWgO3|!NK`{P04TScA5h+vrer?%mtZ>fQmI9pyeIbZKuT7z?m80y{8CnCcfl zyoS8)^d4GMOg@km_xIPTXy)@0SS(10?r09A<=k$I)vtT&bJFOjQ*noml4XrSV~ z5C`1@F%g5iN6v^ij&$>Fd}V=?O7`0t;bhxY13fJ;GXzkg5Id(DmJu5);~od}gug5@ z6TwzjVq#)^j{W|o(4V=P%p78?Dk}IVPMbe61rd5c^#Za-1QV3VH)@X5fEoMRIvg^ zul~KH0|}M9_UVB-y%Z2OD8MCCoJbwl+Wvj#gWmRr`>k?sewHIgVgbsnsjmLI*rMt? zivQG^GyEOKB8gCY2HLc1ZfDJ(gu)tjD!pbjS%y(v;Fj&}ZqI;1GO;<3CmLcn^R%~b zKYsk!wafz@Ip*GYU*5Ob66HE90+b+?O27RNfBo?fRQK%?)7k{k!*|eDq99sy#K_pz zHYY&R`@`;b3lEm^k}K!o+Rr>CtL6Z}*OGL$!2pAVCVy&j#_{H2ZC1#zGf1{wqV-_;4f-hWz-RBngikXd^DXG)Oa zW0evoGpzWElG)6H{EL}dqA(C!d+%&G!6}2rwtHn5%|Yiu?Yr||{l@yWMttY2+qDwK z;?JfB>q1&D2n$cHan>-jjoSqx1VGXHAl~dW(^h0vaom3DQkgq7KgyE*8UWRx886fZ zv3h|1Nq{t~kacS3`#Ww?6}pu1_eNQx4@M=4D4ed0a^f;A@TT zJGU&y1BvJB*V|?EvmPIM6Y)lxqZ(ggCJYAoJ|BH@OBS@6Q6~TIB^6DG8J16zy0kH? zlVba2hoX_U`ud4NBGjo&_xC6#ru$B~Rhj`lT1~=j#Fzi-&KFP|fO3!>>OY<>V{^j; zW=Bi4@TKec_jhJ}!q18)aMw~lx+K!8a3yzIHq(K#s?AtRX z(<_+7q?tf+m!af}fI;5>W#71I|2z2h>)xz}b^@`?|Gp;wuiCius$*uGDUbRiTg&Iw zW|Gk_+_ZK?w}^4(7Ww77n*nzS|8uHAztQRJy-&D*;MM`vA_WytH|HEs*J6Zg&;%2h6+eI*)CpA?$a0GQx^1MorxgT}Gj{jF+ z!@qY2s5e2`s|Bbo4f$$}(K4EROb!_2+;oI4Dw;F12I!lj9NiCwAYeew1_!E|T%8nQ zJ5Y6?q)Cf}T0Lb>S>5Gjc%q3htD(Dp*WkM2{$8bH-^Dj?-c-Qex=u7(pnd9|n$5^r(*e@DxF^M_tpF*x16hFJM2(Oj$ z7#~ILpq{mzG(m|t-SBzxqpO-Au(C0|NGIQudBcEC8jk&IUDasSxA$7 zZ5mcVU77G`=WGpF7!WkjU9@sg?usnx5HTuFa_b5JGNs#lRLs5x5H#8i6!fj*fAXyZ zy`4RF{j60GUyaKk3Y00Fj>>L3QYOu=$hOz1?9e6;?VZgT*9;&o-HfirNK--Xz5!#- z$56K1UFFK2*xU76Kf`BUx{pCzH%g%Jl3HXdXi;iva)8}Hq{)vOQ-;~m1QoR7|C|*+ ze{pPHe5}2$gCA<9dorwUqFy91bbpoVU-}R)oZ~v|rC;lAF^u*OXDQItCKBo%H3`Z( zjc9}Ua1QNAov_!zbc*qtKiCpK=_!cj?F&K%T=Y51$0}?Dw!!BG za#VW)Bq{&*HTjRskb|{)nL5cR;n;iQ7jd+Hgfid|DuO`z9St-#F~C$4FV<#Tvx%$IU>7`jPDE?p(%J0adj);{6;~D_@`I%sXRX)u70j-= zMdyBE0XdI{%CiJ%N8Vdj1k~S7m%EfG<1X@`=m7#S5XpbyI2TE7fcfwOaybZvWjZVP zctq+oB|_FR5ujdI8hn>xXGKkcX-6TYd5tF+lrq%R`iNT4@?WRTsUojFYOE4_Jd0_3 zAPnthP#33+RFqS_=ltXIi>XRlBsZm$JbxcLE zMt^z5Mv$ADN2$;{k5^fs#{eE5?E?^i6dAYJS3G{|XT%;_6Sc31(xg4o74-p^Q3&wM zQ@}CyONZ|~5C;sYNrj-EmdwCTj-K#neguHv)Y_HaPsRObhyjC{%Tdali3=gt9*~E% zA@z^IbEMWF6A9o9kp^l2x-GBWXR4$TD#>53!5(4LRFp;XBR; zc`%nWEDsSC!Ch&t8YA&tR2)V9UIG0In5qo%&7^by!@4+T#}t_QPai*k_jbm|fTMwr zb|t^4prTBF3DF41!UCDOiE$ZY3dWKo2I1ks&I+hOmx zmF`;lFL`eVeb=5JsVNdMLmBREP5CP13j_PP7j=x2qtK?=`pW@+h4@?R_o67oY@RPrN}ot;vZy~Kzw_?3TaXVV#z78E01m@r zwTFoBX|qk&vh6^lm;&3&&AK%cE{=&kYsKkYc`JAi$b&0>WQDdQ5AI^M#N*4F_vAk* z_brJUm!_sk!ifzY@ugG+kEl4P(8uBZn+A({f}+{8vhs?fSS`R(37%BUb4k(YKnK@Y z(4@Dvfx$5j7)6ro0?13g_DDbT*}aXbQGiNAdh4o2SYL}3Pz~o|`4Wc`a!@b+PNEOx zY8lrrEEKu9v>!QqIK^&ZYAz{C`^Rq&Ixn>y^$90n)7{=&kfYKBdf9_LfFS>V$aJE& zB&BVD1{@Gm2TN;utlEtWc%{=Q>gR3;PEM*;SyC48iLrcInn2o~11frcm(^t@|3!0m z-fhrI{Cr-i^mNa%$-e{0&0={OJwPe&6c9>+E;!p2UR&0J=BaLlT(F;^zC9>0m1dVh z2k!?Ble{N16J@874xk4#{el_+8{7$p8yVpaz_-&mXwd(Ur^R6n;9pc054 z#bv9-E?s$muHI;*aSIxjXNs7wnk6R`(PnW3zt+L-3UYA~^FS>O)u4gM)998{s@?cY z)^$j|Jt2av7?>nBjh=K5!qyhex?b<~-eTJxtwpB^_EDA>7CT%@om_Cn@G@WZR*b!p z0SRdC?Soi-@Hf1ABp#?bV4Qv6T@t}!$%6qs<4XGPZ)^P0%IT;}I!67qmM6!vp}3}; zAlMgJY|=vU3|@Tr`5pQ9+vVF~^a+PadmW?NpsR)NI^ji8IWdc#-+2OmLUZD%SHUt_ zGctsHlz2L)#eb<>pm*ep!sG~oGQuNOUT@jt$KOkth&~R^(4TQ*AMsl^dS6CxYCeg% zSm`|Twl0$pNZV|WOjDS8UTJVEOcwx4kL9>Ioh58C!Uc{So|j9Oa;agC8xQPJ0?{W? zUciu#L{->KAQV>WEFd0P;;6%!t|Q}Ffrm4YZ^Y3B#np~|H&GrFV*X9f-zEZ&3}pN$ zDn$!vSl46iY8?BpIDPRF+Tblbaj3!ui*i%QAY`d_&vY0^FDdw_1E|7HNp?(D2h`ce zPnC*YG16WbD6#3T2N4g151}op%iA@6@#n4|=SfXJlO702TQ$V6!nLvHqEbycLRG0R zV3zfp#)1Pran@TN?$Nh@x*}8<9fs0;2?R!51F}6Es{hNY%!2Vv~ ztSNOVU8zCmUWGlQUSwIOgNM^tSz8~&c(mIENcs+fg^WQ16>E$BKT4{WL&N!Z>%C^C zKZlD|);vR7thcd&cLtH6Ief zh8hnLx{Kar=O;(0wGR(Hlzh{qYp!zQ^d-hxwbtIT{3T#13BjZa_l{gTez4SKuvD}r zt&RP52_nG-(gO<{mc!nFBfiu26YkF;s5%5TmEr37jLWLS3*Z3-;1Cmgf&V^GUjYfQ zX!!n42h(Si3%=W2ATRVYpkrc5^4@U}3Ja9^F^gc9D)8BybQ;?^0&2T>aVty6Y|gP3 zye~y&cP&hAB9Ih=qv%EegswfO4KV|WR)Nzg<>Mw7+9#gJzFR6Po1ANPr5E-CO)5oz zJs?9eQ<1N)k4R1W?IJVCX#sfwrkWJj=DL*DHd3!$p-gtn**&8f4N`UXVn=ScumvAB zPZTlHUl=UoISXA|>2kDV-&W=W*2!XHOlX^J2}em3kBS(Gsn$6eS7PFmua_YPNq$Po z>OR{hTcTa-J9i%?yyK$Aj0Wn7vmYlxSns$WDHy_zAmNq73VyqCdLeewJYsqEA z(uSygzU$^_o(|VMZs{(IC&~^8^igU#>MUAC+sa*fsh-zQP#Nr7Wl%PD*L%Sngt~osQ}?ySexfCDH2g{WrI+o1 zE7OmkF=ZSh&*=FbO9x0l)UF3;JjNB9U}xKfV{HY30jn-qX6X{xIoFrB+*Nf9=sqO= z2Q?DP3@cF?^3{~dco$dI*VldOl7mgEMj4`T;@(9}v9r0kJzi8u+>H$uRt;=Z37SCs z^h$-X^ysN8kcsBq(f2rwjtFr#*XIdMg9Vmjww1?*&s@B4VLzE+=&R~5=XE-5<){v7 z@xrb27$^+r55rBStH1OuB7l@Z`>u#J(KfCfm>j2`2l6tl!hEVpiJ!E=F*Y_yywLUQ zLnis{kZ=m2qrj)&vm6Jo3r&jiU{{dlVsF+h5SGPtFD;4r(?SrI{-E&jo&G$InvQr; zhlIjfok;sJT@fW3#aybc9@0nc%d?_MaW19xcfSX2#3)iWjt|eDd*w6{nDY2u zrNaa_h`LyusO>@V&$vw3pH|A3p7Z-?6V(RngYFWR!PKSN^%YzR;FAu?(Qaq(Y@||- z4d6qzvALSG&b!M&*jP8kwP3o@Evo z;|H6^OEnJb7Ar<0bQapWDtzW=z(t-#7Fo)uH7KO`wKD7}w7{HHAib2; z;gd>dfsEOSo4w`MEj}Tk87mKsmFBK16&2SCyFXY|Jib%ESlQ8e?I^7K8?2AvsnS`! z>$D#^cuy?s(PXBoa#f6f9*wpMoJKV`u*2FcjQcE&@&OA30u+hEXMVc}Aq>Y*??7_oj?q@$q`p_pz_Y! zGcj(2TBK(ukgec>Dk$y^`}dSdOOHcGnKgbDO%x&akBeEzWJ)+sGDZFxt2}*@PPGG8 z2@Ok+xuu}3ABV|`ghu#L0IR)R^0WX|DT_op(4D;Vqoy&LLVP+B)YH1gx;!b4Bh`f_`EbncMXO+X{O!BnG4}lx zKeD5~L#BQwv!A&R7$Lpr(q%lDD~v~dcNr*%F$d8(BEYuFp|WRFb!=RUfmS4rks8jG z?Eeql#6KykK-VdB;^n*3|syq)f0f|)jLhEu$cjHK~F5NCo39x z{n7JLEZv?%cKMc^CujuR`!js;#m|8#Cw8Cf+UIJbE#A_<1Z3}JKztU$RLh`#iw;_U;wyf^0O%H5nd%#<^OEESBafW1iSK(vG8mV?ylY{5u$9 zM!?PGhT5p@gM9!5O2k`niBZRVF)Vu&BcOsOk5<`Joa?7H33jWQs_O%jpS*72#h`tx z8)omJ;Ltb(pkLq{vEPRLoz3Og4!HZEXN`AJ$IPJdOC*hBT13E;p%BG(?s_j1nA5ma z>ji{cp0z6j6=9|0W zc~H~F5-p_K4d30pg!P`M-czYMmaP^M3&|x2ANnK4+^?E^$?)HlQ}Bg$huoH8$boU3 zHj^c;u@8LZ>|mZF2(^)>`z_L_!G=(DM20T%BHp)I7l^s6EV-0Nha3#uemEg+t~qe`jX(~#w4O90%x*rk=9@go z3M~Lceg{{$2P$^V^=Y@W;QIpC-K`=WftI_ z3Fd)lrE~YkVdORPtGW#TeZK|6?RlcrbY6;kY$Ndxk(-Cl?sgy2<0VPVns+pVDXOchJ!u8pe#Y#!dvKhyy`RLc{Wc z;64>o3u^UP<`X10c?-OTn9KMmQ;~CK9rJY;-e;gQvKtaEYZvH-xq$6zN%W*MkRWKM zN|~hlEjS^@g*|DKYT(om4&-^p`>9#fVD_d14-?YsZe1U| zD=(CO=*X#PmA$PoIUcr@nZt(BA}3TG{CN%2&gnzkZuf@`s!LKyYl?HO_P-XcSa6f=WP>g8pr7g^XV48D@x(SZs355K+iO#(PuNTMuoM zTdR%Yb8i0F^^%Y`nmzw#A`wsO8Ow-2ll$Cm-R`W`D;1x%afAB+2wsx$*`On+^WGr1 z6~0^1lJhwC?K()*-2Ssvzc5Wadrogx1w@U&o#yVbuf|!L)QtO$1WLdw-*HHqaz9&D zg-?bahTYk;?mDx#P*m2MKIU&bFxLlQ1{MOM!4>da+=11YQ8>}UYl2QC;NHo8A8z>% zy(}Yk1xu*kIl$0HZnVEw57+L9guK;kDg$~u8}-J_LpDiikim{aeuIzW+Ry!INPgt9 zGoSb|9Vk)|a)DqyB~3p0?P@SYg><=|=Q=N15p%zL+ET@=C@%Hg+n6&dZt<4EOR<}0 zPsiXF5)wvUthZfy5Z*!cziHQfKUZ&LVb-U0zXlN5R4ZCKz^%fz;*F)R zj#l*~O=Tkz0++bhln&_xwl`00v$dB3NkP4o3`KaX zoD7r*JV4nZ`J@+FZOikI6Z zJ<nO%EJkFjS{ z5lp7PNo_(duQx50&xo8p0XG^?J}Vad@-{zGD6w4t!+l-M|4UD6ja_)_`FJh$#3SEw z_9q%_eTO*Y0)#Y!RF3n9kt{AZeTa`e^68Lm>)R$>|D4o_h{4y|L{mx2vk79S!wLSK ze{s4NhPHxU4FTX!({&>Cd|%pV0B5Tlv4y9rrx*CQa7?u*_rMn{fAxh-ZDaPFgM8>f zftqVrs6Q*C$*3Vc=iU1;)NAr%FcttrPJ`&0+iGeZP#PQ<^}N1<*>4}jn_u!?7^tW{ zX;SZ%s|c`WNKhf~jn)Oi)C-?J-LVB~kIKLnpZcF~g*$s1TE2f(f2v(QP;md&<_f_f z=<$ADibuk1x8FdKvA7s%1=OL_z~kM{RfZ7*)i|O%O+gDdTY%nSKVb!vAqJ3BS(TL_ zF|@~Q&;A48mt`SW(Vc#nyfU_e-+7$s?LN^QHXMBC|6%XFqMG`mwqH~P5fK|8QWXRN z>AkB+Zz{b@?;yP=q996FdRMAQub~G7=^d#7f>a?u=mA3Dtl&Go^Z(x4b9=av;Q+Gt z+HAGewWXn_gB&S_xGWol|_l_VcU7uUn>95?69?NKetyl7&bG3q{MnYdb?>u8X# zQ6CBFPA{$OqMhhJpW7WvBv9W1+w0I0Nv(o&2jC1N7klXAJ(drOV*Q@i64plT6L*2s z=pER}za< zj%B%NtFP_a<9eVzs%G`Etwn$Q_$J>lC$voji_Lbswr@BVpoL7zYjW$&%FKGT&ONuT zVbaltJ+wXAfFV62oo}zW4F4=d0cS$Kr-pSA8vm$2(TePMw2Drnz5cX1k+2 zvjl7gUjY9bLy{zln1qy^zh!sa1Stzr18T1nVPmLjJM^SX(~CZVF15qID7mWl=$@g- zgs8MZ@)1F^iA0G1ThO_Cp6K8sD}cKAy@`N#ff%vd&PPbY02@ z@2=&2CEvfNcST*ZcYVtn@rC7Sd!hfXf#mSZ24{YcCMF*9_r0cTJm0J9La+YLe`*y50Bp%eOr$(a2S6im2 zlp1dZt3u_vzQ497%WVAnleBMO)1GI=GC?o_554P-=dgeGLom7m9M*SO`p-7_#591D zMG~%nv-jkSb^YTh2t&V(DxjcqJF;5Syj_?iqKj$!^rCh-xq7E9M!kEfe@6nw_TuYX zAjcKI{RD6IxotRAYRa@y?Xd)s=I9@zKL8Tox&SWyiM=4;U*G0A-W!owT)i)&(rgVx z1gdW~*R%>OeuXZ%{-V&yO{92Hv9FeKkVe7?FR)f;0|omHQQ^i2t8aL=>E7Cm!K}Yq zP-X4fkD86T<2Cz5kfldIRHkIT!hS&5#bw-}`|c`H*V*j7)%67X-a7lQ)%|eb7{uFq zeKz*Tm#XPuDa}@W4UNudW4+Qh-}s$5YX4@ITlpwmO4;`W0^sNs6Yr8O=89k$B`+(yT+Hjx2!bOScB!dX1YEvL~9 zD??1)4ScRSz!&4HxYWHY7BBTo3DX;rK>x7UCql#eoyfanGLmw|Ho@AYE8N)Lp z%FvCh>ep$RL9H@U9Okq+JLAvW%+Ek@NZK+MsK_s=o+>iba4VmL*==a!_evc;v9~Gith@+nq&8a`uPVP| zoBn%f*qnmQ(Q@cK(=0ibH=37JHBjIHVF$OjiuaKZ12@sa z#g;fLs)nU8gayDv;K?Y6HG@jGZ~=37ydUsI%R9jSz-#G{0oaHxW`E}lKh9Y8Klj(8)3HdwZZX?Zwi0&lvbPY)5~@;m_2I(ZjNMVYFWx;bwJxbt9g+-Je$P zU@tKf0z4w;INM>tLS}jY{A&vNIUrlI&1N)FWLBx?XL5>rmo1w|_mHt9q9B z)+=Wv-fDBU)-CTEtw^VZfts2e9h97m9^$-?T|S`$`;6Le_Efi{@q!p}`G)W&boiU` zG_Qx=kJoC4H`-HrMS(0<46z1jna=|?9&qeoJwSM2sgCa6jS{`F+v4tjzlz3FaA+#L zaa!GIgcE=|xp07F5!}LMS5>$hZ2O{(8#j4J@H82)S!0BrZih^}tfUPCuF382yvc~j zh-2lO(m>*1%$*YwIn!$FqlKrR`bhp)vOO1e_O1vB+rR62g;tKID`NZQWP6IUSeK5e z?HBW<&*ES@>(LYZpKsl!wk%;%g(6Lay1xdesLqU-EINdrlxR`-se>pbHE|!3t)^7J z#8%}DFl9Ty@0TP*rZNk>sB5Cu`7Wm{otW;tb!1~x9eWstk?RqZFw*iu*X)j zWM3G+7hVU!)zy48ivk)?lk#GblWj@ zR)=Dx2`~0p&sdEcTgXFc=BW*5jErwQGMW;V>)$am-?t~*tgQkDY+GO~bhTY*&*c=Q z_BfGr$E}T*IP+CS(H>QI-79`Ne(!GXWY)ekm9BYV1a?pNf8sFrMNGDTQGn zRyT1#6r*2h^Jh1;5rB>G0-kD0y!@GkX|+x9w&hAB9mxU6+`8B{!v(n;_rBnzSVs@T z$x!1dtH2$AN8RFgaTb6lwsJ!8UsVo4%}Mg4nAkz#K$k^hWN7?E=cCCjByUokX-UwB zG`{_cdzy~LS^i@^#7l7{#Rc5I-VIZ>rHt<7^*8cQ`}U-8|1lj>fprN1JcK? zMcvaiXz(U6P*$jTxzgtcp=KI!J9(v_*Ea0xWchnrU4?;oywZ^)19Ff=Qa3hN0>}*U z43I=>s@JJ{m^9;uO0fbh4*4!86E1H3@tg@fOt{+LMFu*+S*&zAS@W{a3$9217coxw zjrH{61%gB6Pq!W}#;|Dsr4S(zj!$F%o}dM&d+y9su9llEvGe0jdL;1MG9YWWeP`19 z-xT0U_X(x#H)$7o>f0!{P|1Rpv6r_1Ka5{C_qa}d#+45<){||#nw{iakxX>d-rhbj zbwol=o`6?pg*Vxf5J>^IK*Lcx3a|W5I_bJ|1fX{3fOG-x(n_F9>5ucZPQ?}CQJ-KB z*kX|<=7CB)`jYju@!pL>>K~X5guQ`AN5%Epr*aI^CIS=s10@%qf{Lx1U(ff23|jTU z{hBDLFF^LvX`KOK_ruh!$Xg-3ti)XRKGt#>7be!KaZ1wTaYcF+&{+9nOak~G&jq?4 zC2>;P<^I3q{(Kq8cST`@OL28eJIZv{O8!R7kD`8aXg$}D=k)Af?dti_d5GeU`_+i( zEG@88E_;`hG9>o>$ptoz+)6-s(E#mvfs`!dI(_WfDOQ~wP(S!YSv`;U*gk#QrVB5c z^ihsue<F-g=0C5)^z%Wchp(eN8aqATWcmU{9BM{ziAA#xn-!F@6 zAZtu$WGtB;Y52b9n%g!$g?UpkwKE^58l&P|ZO?+7f%r@deD~n2Etb>E*K8;?a$RPp zr9Bs7aT-*2b_2?#{WHATNUK06#o;#)X*n3&)(22nT1nsEWAkZO$l}1ePGNsd@VsG% z{+Nk^~GJh1P zk7~P1s1hFv-l^+_5Ba=N)JqRRd7%z-XR8w2wlh2ML&O z!$990#y6ThK=@OuXSIS7R|dp4)p{ZWSYvJxz}c(dH|s&5Z-Zw}APjo49nzaF*i+qx zr>WI~Vpa*^WY&0z2{%xzRa6D-h#?ZVp;Dr*hYDZ9`|fS|Zd7ep9<1x_EJR7OOgMS$ zb>2+kUGTg8$d3yzj+Lihbv{_=kumv#2fpd*CT>J{wdv&+7qFJrf$fMDUHoHXhXbwo zW(1HE$6=(sO_Bv{+56IP85B(?JEVAVLs4yI@yZi$a=KLB!&Oma88OrL(&Ob%8?%iDYH3P|+xi2T!Q0<}?jP(G|1WPMhG2@_IjBRcmKG3=dRF)BRQv3*08z}h>A@m{ zcZhsk|Mrl_&MZtRY7&5^7DEBJ;S7g9V+Iuiyn0zL3ML;ZfI7xA!GJ0BfU>J3qy(!l zusz~2yk7&(K@|DS>=}1J|0&?gG3)28nTmnWO-TqsM`TV&9irJLJd#ds9$R0c@^kSU{wMoEHoJt~(v6;Eq;^a!Y@P%;@d2|#M zOA=DnT|hgnGFL-XJYHa+esv0${t8}V?pnOtxqDdrGD~jSWoSQtz7TtFg?5x+7nEsJ z+&sbQ3ZLEYM{KW{Cw%+`-KRWRMVyXvBJg;{`)3~#RmOn$l|2UZ>H)b`V6`g^@6Yg>Oi(y<|zy+`afWa&^ zB7j-gAK(PyH7-h;{#^P1OriIQ$>~2L5&%6u9@NL4%|ce_*j{D^H3laJ>`w1;ch&># z$*+FM$pON7aUn{IkNPtM2TW+F`H<;+AX}u>R-V{}o219EEUB0KNRCMEN%lfw~F|!)Fdq(*eFIYOmgX-Yr0z z>0UAMPqIMftTYME9sNr9pk!eYn`Cn7`>yY0^Na%NEW8vI*q)45vCWst?Z?$_zc@uW z?=H2cI0>wjmpmTDAK!rr*hAnQXrqmCZc4H{XaQ!UPBLM4ra=I{{m<9i$Nz(fHW63v za?IGQstRgq%zL*A#bUCmAI>f%+=)l~YL!;4%U2MQdso8U*WA;td9U*#Lf378yn_X` zmxyUkF6?>YYvZ|blW7)skA?6f~5N^HYGEv<5pcpiDj;&L8pMn=9*Z;3&`H1x*CirTgOk^~orh(q?3n)B)Hp zW_%pQb8;tKe0tdeo!+qSE}Xg z@CF^L{>1x$2o&QmQ>O(Ms~m7P$g*`DDZUwPH(HZq%%A}(V+Scne9iwsYJeg{$(xOk;K{k)9Pqgr@utsMAO{Pj;&$@8NNNtw zSXa2~!?B@d3D4TovRfKm|u zro1fQa=}ko^QCd;Q~rfUkr-o&tNr%vC!`#AqQw#}D>uf6V+r17U$mXpX+TN~2f)ul zb|Gi(nHVgU_T$&>0kh~!1pcPI1CYaT27+kgK%vb`PrjaeVis+ZH_Sk0h9`xPbelZa z?u+_jPV9ZOz*&>nnNe}Qb9GBs1JfW8PTE|)zZP+|C+$7=muIp&$zs5144R$dYg+)_ z6NxN0VZOUdO4yTpnb*}KL%jOF@gGt%%Tr@=w$@66wt2x4eXwlAsUw{0|xWAypkw{uG~n%w*X0g3HF z7~WH>OyHt7go_KZ7n(flHYn`x#1flua38%t zRI~z@cuJ3T?-vh#3e+#@dG!jnHq?OHOQ138!5uZ18vSmX95fK{XmKw7!ATJ`v$mf!w_BeO zybWJON;xf zy^IYnu3qW92D4K|H*o@jhSi#a1!wKu@S}QR)WBkEidCht$i`Rd-WjOzLS0g7dG#;c z?%Ft1&1du?J{n)0-oroYfd9F`R>Arl>cKu;`i|HcPgtQA=R~Mm)x6Gm+=d?oh725D zAV~U^fnQ+6&KHljb?F^m%`aDe}W0 zsy9&TsCfbcg(v@K7(JiJb9#gJsz|zM;MmG#r62z{ign`_i0UHqX<`EAr4kpDZHP2m z035!jvx0+ohf_~`T=U|Zws(Ay`?os9MLOWqX%o`hMT|Rq}@#%=*=aR@XI)@RY6xnt_ah&o%oh}@aRNM~u!w;-mXW8v)qzp%I< z5Q9u=6DCK4E)q`Bm>-FmZl)~i1(65Ui-vS7AQ%~Mf?#aH2V?K@z<+{q0rwSqe?9c_ zamcuhbx7iw6A|g|z>NHH`{YR&%8PrxShb}n<0@;+6#~Ysw&#cz_5}XGF(gAJb2 zB626UkjiDDX-qZ7*1f|Ic6XfqW;?^{3j~2({KiXGpO9!8PYK}$%x5-ns=9^wsj4~c z$|LtgvI!yr#v zX$iAYasvD#LS_*0=I!@)i8cAFQFk{hQ+Q`jMm!PLsP5Q}lc~Rv*mO||H&F3@@?{R! z6gh6?@0Ium5s92_t;y5Co?pWBAL(Lnm`!*^Y5|`jot$G(-qIGnxcNB_&JZ8dkvUUH zY30hVQ$x+=Fr$+D@F`roQgU;u0RQpvb7o~b*lX%?_5+L85n_;zamUHi5xL!g>XbTT zzkR$911t$9KJ5+zx=!7>ts~1qtl#b7ZuuS~7A!E(gn^Lg-^X73XJ8kNgoD{tCc$x4-~+RgHKS>P?16?ub{*NjJnL@Z}kF9JP1|A z)&{Gm(C{RscLF1Mg?1B*V_L>RF3y_QVv(_ZH6>?NEw!ag(035=FmZ116IbvHCb)*{ z=hk*tM%)e0nfWZ&d7Ie$`cE7JCc#!EZx%`=COK48;x}Nw4(&&rei-`;f#Vt{ooY{eDVn20tN=UfdGno7Zx!Z1cRp*c@t1gU@%8LlMq@aG`_m>;Dp*GBq}# zn5b(M$eWbjk;$@Nz} zB2h=JsBNZ~^Hw#bdR)C0`qSn7CGl1BGwAAeSiP)zeNlY`UIPKqY$McXaOKxWNsB}3 zV;o1QtDLwhO$-`}8xfK*tK&56>cEh@l~;qohGg|^ty5PlwA=aRP;J&You-`D)Ct+Z zk5IJvy8mA6tjr}z*>(Y%6c{7~8#|yR@_~&9F z2r`oa*8q5lw52J{!Ut<{Z3IW-R`_1J@@`!-j$ypS5;nOJ#UXwMdh0>|=ke71dps8; z7=F@A-mvA@sF`G&R-tnG5=uD9A@OhnMz+0i@SwP*J~Op^MGhp6J->+c5iUj{R^n0} z5h%|SwQ00an~`Y4RNo?-x6Qu`c{qT@nG^4WdD&Cl+Of5MePQ`$5#szR(1w2tE+Q6$ z5+UNshG0lK_5UYSh0a6ugwZ50yyxD_($dbc(T=5wmPao9+BIEll@8^`HhKt$gR7X~ z_(~HFeasq+f1*oc>rHn$4H%<4OWdzXshMjI^^SH!T3v;-mA#k%t+dG)BAS=8^RBkmwKYXwS3r_cI>o355hI=x?oRkZDc zzZ<)K9>vl1=bMq}UpvcTUs|!P{LF_+(m^xj%QY1Z3NfQUPbw7IrptAVxK#>tW|HQo zBt6nvV^u2*gf6QOxq&c={xV0pqtJOA^C~;YQAAxfG$RgfMOWQgA#Rm&bF!AlgWvYO z!FXs=>%lLh6m8gMk^}yCVLco8Ueb(~)Hn#Vzz5DiAuWeWOg+?>chV46b*ldtU(%vl@nA$}5oI-|!%XCdcP>1bUC0Pi>B@eS&DGDIUs`r+@K38p)8%d~*MDG}$-T zJ@})Tpa(8vq0D-mD(abql-;xaoCwm2CnNKN?+je5M=jeuz>>fadgu0J&0|fqkdE%; z%imV$-Z)+?TA_70d$gt?QS4_-Ttn6^&~D-f^JCBb9w1h$s$Z&HB^*@(*2u+QaAZ`h zIrSdotP?uq^qx8kY~i?SU8o-CNeOcTU978GtNpmZ3b^xco^+=D3(E&b zq;fsEmVaFIm=7GqnK~kal$-o*&t7PN!7t<0yuLByK(+axu|ofm`oYza^?Zb~fxAy} zT;9mz!AgiWj01C^6Dsn>8gCH@~*@k(_cUzO22GuPGOe^!6D*LZT)Q1F+m zhM|CG#~Ap~T9Kx=D5z1?l6~+A-Oqy1R0X%@Dk6REbU)30G1&O_I6ooCbX4Wo8F1BR z#||xO>G)g$rbz0U?}Bsj0D}@lQt3I11{f8Uerf9yl`|~vHh8O?OgNT&37<^Q^n>d2 zdgQHB*Y`befUo2_m7Ka^7o?PV`0F=7P_q4dy}1gX&s)AEY{)oIjL6Rz!Jo_NJo`o| zK*(l(^NVnXtb zYZA`kr=v1d%M+8Qm0+suyJR?lXSBr=={p<#pe`Cnb{W2&Q@tLUIz@RquI{ZpS*7vL z$V*Y01xZ0GS;F_$%Jv%hS?UFMQ zO@6zp0u9J00oeZ5osG=ty738zsj6JZYUIW!)Cs;?;bEx+q^KU5o-puseEjbje*G7r z%uj>O7c(sXs40%f|6Qy`{Jyy@o1$fg{h)E{CPaVd&^tJn;pgTIHOpBNm~}-9<+?Rt zuBe0IjdBkJTBx0Bp?g-PzCSOm007pd`hccnO$=QpQ> z+4lIo?#Hb~mk6Q}wqL8jud(xuUH|5p>VB3|j5D1bD>9yS&0# zRkc;Md@z2Gk=K6n94@$R2e@suWvhTUg@@u4TFAD=DE{9Nd}u)tJTTmh-)Vg z4OgxPyRBZ&cB*H}!C{qEl| z7A(YMWqW$etstnU+^E`Ng=gl|@y5oq6v7!%*`g6yfT}{+q0}e{-Wo>YH<$okci#Kw z2@$)0i{6p7?em|HZ|aY{!y=1Pz+CBilyfFAu7({Oy$QPQJq$S`O=!HIx8Sr?`#Ws0 zT;Dr%Gn{^QV>>Oqr)Hnu$d{qI!>|_rI&;8+idIqR9jeI&K9x+Sf%d2v&sWPzsC4_0 zo6_%+zl=~WO+)%JI# zlL2e!+TjnDT$IMXbE zarne+=M`3W&43T*%aBfw;p0LD=eJ|PG@!ASLqX#~6pd^q-W67xQuL8ia@(kwar}Lp z^s%D+Wcc2c$WoRtzj3yyn0FAl*xNU=PzF2aG3f z!0zO`8+zqaWVm3~H);yWh3uqhm*EXJY#+2}LI^YEDBz*-`%96Zl2u?j5ey0Pt_)m1 zr|P7}=)+o%ft=OxGpS?Mz7glT1^i!&*u$MlD+|=;w1!9dep|>{^+YZ6nbud=#^n7y z@Jm*?54oSa&edAvcO=LSFy8CeG}pbpOO5LMhf%$`6VbTJY&4slu$&^`-?7`6 zYdyY1M|7Ar&s>!i!6{d5FYAsT4;hhxJZ2QPe@>2g$u<@livR72xx3Q$gTQz9Ez}na zEKuNxq^nt7IjQGV>6GB`RXVdG2@S2S04`Y7gB8A7X+4AIG*6^T5$ zZ&0yMTrPFxeo*v#(zGGpTUM3rzZ7Ul0~~%&tiH>N`n+R#<0J5_fX zC(IVAca!vCOAR;SBdw4sJ-EG@M}P>t+N=DS1pjwpzQWNDGRL?+=s)}XN;XeCCN3?L z3r3b_M&0JHAF_U2>PeH5w%J%Z+0JfIpsjuNWKi>kUc`$k@0Lppp&I9Zf-rLXHW&+V zd*#oX6sl)IlZ%G4SwAuJUAF;A4$yrj79fDWa|;S;ogP`IpP-=(J#Kh1rLdExIR3X3 zj5RXXo#=vo8QySGx*|;V+(P?GV%ZDHb)A&`dMzd?16!KWqE_E&-?}%aSH>7DcSKT* zWT~{hdR~u_YL$`KGuT%{#@p6xRMCc~wkVY1lS9!2i9~dk2 zuc}Tpv+1{lWKv!t%(GeYFAjZcUM5#Xqld|%ufK*Z8n1p)@qY#;N&(7HHYoQz;?u{d zmn}nVQ_raayQpQ%6m)upX4=hk$n2`jk*AMdtou4?#T99Ba0KJVvcBB=X1D#0Sn5vR zEifX)7ibq)&!2jbMVy3s^(;_pNF22->;NLZ?K=;EI$H|m@a?n*UIG)yepLgmzuwg# zL&~-DKH1E@{}V0N;ggyCPyZU;^aO)L^W4Jt%04RmCNE?n71^zZA-9G(mPPJAeW_*C zPi|BOLCJjb_GhXOb-tk|N0;$=Lq?XPb@^m0j}!l>F3~gV52U3&$QK`WpbfvxdOv6( z+r;dG-wVI`gcGH~02!_62aDuF+2sZz@G3J~<%XK#OoI=&F?)mW)EiaLvFDHb@*c)| zZ9QHa<}xTNQ?bR1I5tYvj1em;{LafPHj~6S;pmfqpnPs5htT?MMqf((ixL$~P8yeL zqRL(~zoFlNkL%muxw{gy@g$WZ$=i(<|tDg0i)AWJg_`| zWQqhNu{A|RwPTJSM%khnG=K!1Iz$*k5_7fMLPybK6dyU9U+|h@N8kA=)Znmo=5g?`_hx_mIPZ-yHqko<0B@V7~%B2KH63nfD%h|8Ny zNqlnU{^HzQ^Al|rVxe`^GTB|_mc*;=r{HPcaDDwbuWPJkZhx{lkUhh9E#Gx~2BUCv zl|nNr2VfXn{qxjb)u~Whe|k$@1_jf1)#caHaG8vs==@fsE9f534PenD9=C|dji#UGUWB7oZs*6J9D>{N5EU>D2>3cSb0i;o)J6^+et}$I4$#r33e6KG@8ACvHKO z`%>~qmh!wdA6w&)N#)+#W{&R{=y4qkt{oe&9yZpD?2R%b+5wkwNizYaq;de8RNw58A0&gOmgTTUlc6%{{cK#moiHf9WBn6`y~c{RsL7DuZ~A3d*5 zL|=Y(AgEB8&d)3R%4=SnnU;Lx!S_a^%Oy3J9r`UU=Y7Az5Gp8|6{q>Uw@QdAfXNe< zULkiRn7i=jM7y1DUdMh87WP&9!UMwk%CKp3C@xApk>@E~*?J)PA;3w*0((bSu~B}% zvMWuSt6_6rH~GgzLisCQQGdh77I?C%q5^r#1}BRyJn;;zI}vO8G&BcOUxA5K6wUbl zu;(S8`1(Yr<+$tx+qzB^2aj02Y^TqnQ2452JGHB~t$AMXx`3m+P|*Z+Oy1DaV#Y>1On?^HxCHSG2y$^qTcdd6!V zjkBaUiI6(kx+E!NXwDq8E-upUoZwmJ_1chO0eg3)!y76$C%&0OWimMNo&jS;*pvXq zlg$x>MZ?8Wr%d7t6qBpt<>aZnlhn$cj(7d=LH@;P=kesd_d-l^*AjruRB0Q?eSe14 zDQ?gIN)tvEn!t@WYq4Aa!sBPL_B;Pea`F$wUWL%6rR5ZhtvNIwE#tGy-TiSR4uBI% zDSrR1Z8e16{|S(hq4f3e;A-xMtp*l-bA(M;fN6%pVEb1Uho4m|)^5*EC$geCK^vgT z2nLap)jWnA>j485`9H$=o;6dYAg0NH1sHH56Q=Ns;1}sf`BcWdiB{GS0^ej)%D~Nd zk+Zi0bw$WyLz=_&?y3Id-**p-T16>PQHjr_J{psyXthg)zs|6$BuD8`3$4JUBs5>v zQ#9%nH0J8>uemC;e!w>*(*q6cDsoqlg7y}m*U`bWefJ$})d8R)UCi*=&4x7kzH0O( zvwn!Z=kMu0HfY?qm5!w#U-LM^NsEr4`xoo5_ zT*}rlo|J(m+MXdhp@Cp^kT0%1X5WwjL#&PWYJ)Cbqo)tP?7|P{cfT{(d?gq3KjiTN zetz$=cZ>IghI|XMHx=BF3@oR$B{z$DL9EY=Dos#N+!v9RJ$zBvMO~C_rZAqvPtD0* zEQ7h_VD+tT*Fcps(4;63$@NbEavpYyqxOmCS%=$INRZ&`X8Gd5rw2O4p$Mr9NG?|n9eOy;iUUAHTC<#G~}W@J_}pq2Ei_7iPF~lOEiFQUYHeQX{ZUU zFp;K~@~^pmHDJpWdgS->IW@m$DqfD59KG9)DnWg6d7RjI3{vel<3{JWm(cKd)7B3? zISEF&Qoa5HzIzPpm)upP&er*<4_EVEftK+;r@>TG9Q(sGCV4c(W& zHpXxhzX*Lz;USud_oAMZDm1YKiP7=ai(kbwx(^N-f01i%vVFQobs6-R&DjA4EI~zK zdQwWR-%pJkDu9pF4j9Q&8xDtic8;h_lyF33zvWzsubtc{0Z@R=(V$f}4Hj|rWd{|t zc+ed~uFlB)bHn~vimw_Rrdg=_65kNj2apac{l&KUk2Wx-u6=^zYvgp;#_c+Y=czJn zVTO_69(1$z90YNUp*ij;*;&#tvH!BDE=~R!O$6mO;%<0x_0C6k%k8wS?YB{uL(gWf z#w=d{c;v>K(+OIEIyzL6#s$hf`>S0B(Y*vWI`kYPpdtK!Uk2`V0Y7Lbb;4(qOOs?L zoExiU=Q@}cLvC%;v~=kchc&XYo-K%8mbNpoI~b|+pvgC?kF3Bar>jHR1>0;-dr9Xx z-MKG6y;W6ZFv+$y9Q=c_&7g9d%c1Ld!|p!Zu1UAvO;3-ZI#8+KS#?S&VayU2c>nuP zPl6UUb~74N=%x!m#S!BtMn=fBIAjP}f{t;3>UGJ=ssmPMw3|UZHcoWu^}2O15@8-C zu67I+c!Kmhxk47Oa+68EYj*(tRnf8L`oTQuz{;@)+q5NRMPi;qgmk*wT7F&^X#bkK z5&|@fo?`(Wr?V!BfOEb|esSR;HRWU77sWN1A@m46>$Hu+py=r!^OMf|RZ@ALy2YNa$7h`t6)kkj&rLV<#Z&l+YRrfQcu0*9ty9??e-K`C<5AMMlNc6p zq^AJ`-ah7ehsXXU=M+)r zW33Karv5<9ef(W)WY90**a9T8eCsynThTL9?gpo!B>MHO_RUUE$>O>FTw$OSz0veR z!*b^P)He~gHs`dp3fXLjoM*$^mBX%M9u!NV*aBOh#gSuI6h~D~$NSNo4w=!Mk;_Xt ziuJbu&OZZrt=bk=P^~LX-%pe^HfHCMHTi2ca5p28j(ps$HaLv3y-}97zav*Aof#OM z@J{1S>9gLEpf%k=r?FmYc7~}s)w*4-FW9;3+%>X`rKYWmomr8?3{;yWClMz8tFk@^ zN!GnSJ8HE>>I{;wSt@207A1@_*XI#6RN?z2e(MQftw7GX3HHUF@#89cxZsA+*gq{^ zM7K}?LYQ)pa%Gb0@VR~3(9~a{J9UREW+petjove=9Zw0B*HPYm?N)dD(u|ZT&ySHb zb(qx}yT{cYmzDT9Qs<&V-m~L8yTlsg6DRMw-1ZYEn9gX8NtN15qjAcaSSOkN*9mr? zc4SEWdF%|Vb!1ijREcfL@yov#%edIc)Cy*0n(?Tq-0fjT|lN zsj7Mq{}K{WQ5@X;=hlR5w#bVNxV zCki-B@UXwUHoiQVhsG=$0NWwW(Q00X`}}=qK=_Sk*YAk5Gw2pM3Di&c0h3w2^c2Wj zAs@UH5~UpLVjsVJ)p1D0t(U1dx}7L#U%jj&;5em%j%qKO5nFplV^vhVVl|>KDh7(l< z61Y8$wT|^M?0mfA`6Y0cgyhWK%>+^wgC=o`H06aNt+2AC7H5P-#qnMg;)#vob-Hf z?MfTXam*Wb3OhBmsJOx){enaY>fe8JqUa09oWxZxkrwiqu@Vz>;mwnc%iCFE*QU6D z>Up5gYB`HNBlA;hVC_zH0~DJ&Wg^Hy?I~lK!q9{M z80?&3Q~scvI1kQ&eSrc&)1aCKO{U z0}3|=4|T^yaj!7JdHJYBUC3Bf++sfr)$O7FJ9c59LQ(7Ek-`rmEfnQwBC;}oBmyfe zsiRE)7x|>WK0oxg^XKn~hzMj0DzNyAk*?dK$MJsZ7mh7xDk!!<9{hkuC9W)_k%d+V znVY`GFgj&Mc$q4XIqQ%fX^~P??t3zUXZ(mxowEpsGv*%cZ-65uek0H3Z)oTww5mXn zPJ@n`Lq#Faz5EaI<@}7l7Jr0FXT_`-x_)xsoYrGeIRqtx)B4@$#tVub(x+SRRgwi1 zv76pe+s4+#B-q&=bEOUvX z_PL(~mptal7QGmc#3+&1Meh_{m;9}VA*U^2#K*>cz56E226-DwZt&djw+Qb)W5`D) z(A}ch>r#}xFNn94TVvED?%NTqw~Bj4J2#!`7Nt(5g3?Nz?PD`%aj`Pgqs`W+TQ(GT!s!lLqstMa~YjoXclswl>nPUlMSl5M#P91qo;HSgID3S7h3X|y89#UXc7Ps ziuvBm<$d{b>ny&1q62KJIgR>7j1cCHew$6=Gus^qp)sGGPprK{^8?zq!_cICzb~vbH9}|n59fAgKzYE@)VmiP#fdT zsyaI3&9KICzqA=$a^@Pg#nB0~jO0d~;niEEvb=S|vTw+YI?FB}#tP>EhpWEZ?XU*7?R ze{IK@tOpx1-)Vumz{1=qJHE+$=p;#t)Ik8^*BuJfR$~ZSy6x#<-9QWx;uU<7VRl7#eq$h`!%}-oY+DAZ?%6+bf(<$4 zeX;?gk&?d#AJ}e2?n4=%v?mN-pM2Lz zvBCLKF!7UE7PH;7t!eeqsl&wg&w$RRhW3rjUYqcaDswVqYPMj9l#55tKzKVhbziG> zaJartZJXdZM66_&)N{`#5~D&oV%)^8*9-GLKDfIzwWYsp987{{iVvSffM%?+(&Hj| zy?>{|SvN(M{?Za1x@m@+n9`Ci=!sySV<*fP?q0@M6kv;bzpivLelag51!%ad{{?_xG2!TULH`%IiG-Cr*E^oq9Z{ zajb&Pc~)`u`rP@L@LUq$dnd~R>iaET!i**J4PeE_6F*(c!Zb*azx0G#mgX6ruf4Ss?59SnY&vp(33Ys826 z%FTcTE_V72Zr^vP0(6e|<@)IO+CbsM@z#6tcNdI$GhJ*@LhK!WQ0-#f`)9o=dGDQT zdX(-un0GHKih0j`H)X0i!kNFNh`*>Lsd)iL?)00S6c(HVWe z*pkqni@|>mGBW_o(C!Q!UTYS|Pu#L~2GaS!)?%CwYk{c<8z8^6QCxqZe}pR8K0b5p z&d*yb68-!na^DPVS(6xG8AT5qmC{N;p1&`s^FvclF6va~_JHKX0pPuSJ)`>Ln81g= z&Gj1aucoScQ?2?^P>!N-z$qpQz&hqq3G?)*rippvyj*CX(vb-acWk~c-ORYVyX=g^ zSGLM?l=m~QN0Rw(onm+9-jnZWFA<9>RGwOgrVLHpXmcrOi}Eowkb_W}Ftz=?FC7ow zfUz<42?_S}C0riKlp5IC;X)b3+TA|i;iVtlE$IP&Y-VKcr3vk|=-l{PnL)ZY_@{KXKohi_eiOmru3Focu;!EUDe zZH}R(rzfu=+Pud94rT4vUqjlKxd>OF_tIh04LZnG>d$H8^rTkHKg-PGU%X{F^ovj2 zcjD~`ACD6GIQi?kcwx~AuU)K@SNk4y@zNX{Xblt^+Qu}`~F1)q!px7DW$tpq@+ZpyH&b-6A%GOK@bU1 zKtj5^W76F*V04WhFt&Zqp6B!Y^8Ewc@SL6d-0$nY?$>o+%199mzJxxjlDR6)BmQ)< zo>l)lo@Oz3ru#Zv|Ms=hY!A)H>GT@DG878tS=pZOY2S&txJaSx%R=rKk9b|n|iiWrVPDV!DM7BE%-{h2F=S*n))83uBK#7CN97~IsM-z`T($A@5}k8O!Z z*gWJ3n|xbefj8j&BLOBw6MwveBnfZ|QSz&UME-8gmP^`PAG@T89Ks<|j3b&>%CCbQ zM3UG#569J*za|inj75`6dmj|SH2f1*K*&A{3`W8ckrm749uY_VaVx6uLwA;@<+CBn$Q}vZCU!~$R{iKmUI?m@KWMVbBNRJyjQg{iaL7YtXKMVtE*nM=D`?K`%Blg!xfxd!@G+s z;V-P%??E{AY&l~A)*Zfx@oEku#j~#@G3>VF{53k+^5&zY)j>g>zz+0425Kd71xQ;( z4PP%|r9PHRjQUX{LO$z{|EeSIr1=IDkjpVr6=kcmh)}qCH5&v+k#EF-+yCka?Nb26tOQ_jCA2N}#$hk7Hzq?*kGm880f?2S;cX1O z^~=5)k9@ah3GSvv1Bj)SDY^oIrky7!k9-J*@7UtJ5p@X^=-tiln{U`))Pn%tK}#Y7 z4`1x0o>};u=FD%e{B#lC0wi&sSB+3y4$oR@yndbJm#|eUi4=Mw~3gehNqsh=6-t# zUN8=w)gT-spes{JZ6tm+VQohq1$`hN{Wv*x<<4jse4PT?@^H=upV+$>dy>>7hf`+1 zb8)PxyLYm{ePU}d$9$!%N~PRnV>fs3#-1fa(~y__`;vKY4=Cf`*G0zZKP5{x>+<|v zH()M9V|Oh*{MFcsg0s!ogWH72&cg$!5M~idinhS!zo7WLFy|?T=6`6MJx+$)a*eCE zZsd;VfZ7-_(VZaq+yb1Ny%2c0_XnojAbA03&AUS;w1Y|{ec~r_600!Gd)YoeldG=v zwp*Ri*n^f!LG=;R0!Qtk9&{8-8D=o(~`^{d($0VO5b*z7#JgX1iU5ZW&$6JI# zxtk}K{0a;l)@&^vjU2t;iDdZQ9xJ{=AAML?G?@wgQR500zCorS^uX;6hwxb*n*{QP zECR@OYUc@(;_6aiXV#!xPdPcE{*#06h{nK z*>&~rL#ZgVei{%J@|Pu~cpMxrgepbkeW?8~@mm=}l7M?Fh8936NmDp`#PNv$Wxo{0 z?Xy4C4}=IXGpcP4=-bUt*n3d=0#r@0xOUn}e;|C5K6kwSx#c5pG03fjc?cbMk2N!V zIbe4AFRbNW;8hDRPb|II%hArU+2Et=?TgmWOI7+jS*Vkll~&O;?gO=8wdc?=%g+M} zm;`9ytHNs?66?ZMB5T0e-#+wyLC zBGIoCd$CbdPJF4tcy{vl^R?`%>~I1X4ES;nS~oOc6)-*;4635+t`f=5q6<1(30wi~ z^D$*~Z3|vDM3S>GvxC?mJL3@M$rGMfTWhBOuSO?3_Rp+Fb(7B~<9(!LXa8yEy?^M> zxX@I~Ilanm*EbX*0V4wyVdKJ4VjL9wp0K=yQLT@mblIY0?w$K?60iqYne0-5_EQ!N z-#Rqw!4u(v2+Plot*?w(7N!P9$TJ}`D`maJZNkKJL)C-&R2v&H!=0Zx?i~DcOR`%l zIUs!z%A#P#L+q&Ps);|K&(Aw6YoTev82^LdKrif{N7s71VWqFY7Pb04)#vWc6c_DI zGdq0OC@t!S;{^b`)cUT5*Spy)Q(;)-(8f(5jmrHYBGYR$**0FPuhqgU%>R=XJ)APG*AS|M)XVkS|ysoMu=sr?VPG6OF&rK&i-m7w8!(}AXI;w}q2tl~yZ zc11IX3-t+2h0$KGhY}N)jXTeXY3=$-Z_C7kp`c0PhVSOS0aJK- zn0iS>%h?9N%!v*ZIQDBi&T)M`HK!WK_|V6iF+5%UEsse}VYQLq8(RJ^Fre!?>I8u# zAnpeqkp9|P^8!D_iBWvi08nwg1rOFhOt$FC@U*^ zI3Jq87E>>{8Z$2@d)404dkC-#_96nv<4Ln!6!!anDk3L!WV9`gkYA1{>#Ghtda0yi z%pK|nhe(3`yxTV@6#?( z@uu!wd>P1coBd9IA>`z{aq;dj;Te(RC%G&E$BlC^qhDx;A79(H?3IPW+9%2j8Lk!b zBw<@%S{*nzTU^$r3MYB6!r#UNkgZ;{PbQA-pFnq`V1||`eR$Z7KG%A>oR}*mvA7_(sMJ#aF;y6lPKw@`@Si-dC~vR+53WlAxYZ+c?%q~ zSA9S}h#%|sI_t|AzUFM;wEB2Eb&dc$zf@YXN!@5+&o zQ`1EWm8mBMclCW_md41?CR%E2i%O!_uI_2D_`{_wI$dY55T#cSBT3 zYKVT4Tuqqt##n3^t*CQjXx$gj#0CK2axaU{-Bvq1SWljB z{8^+CK+Dzyyjyc`qYzm#*=2BB9fz@d{-el?{en|ciKRr>sy|EeYQy)>^}&MM!aQ0m zn7YNAoq$*V*=t^U><{`ft{+X6y;0+Dzx`6^rOZzAbEdJnO&4GR`58P%BLPuBBQUd~ z0j6KF9Mgz*V@j(WtDO^{_23?4@~=J5MFi68*|TTD0H3O`Sv0T;8IqA)saP|3DAa$D zv`pJ95n`UW=rIK0VWcVZ0*Gr?ENUzvv6pWIwQQB!{^}o6R;>Aej=^YX+E2}%z(zc5C z>K8lsR6yumt{?Apcwc=cMVf=8ytxq^y6p{}+`Ch2SGyWD~xSKh&HoFIJ zMYtvwCcSYFrtQH^E4tGj-%UuZ=qZ`RjURljSLdKpXkJh^({LqbbLB2);r%4hTRwPB z@ZupL7}#Of1zOf4_3P#|nBUGsPM#bCwnVp8!)(5?TIsj5Cd1sOo%$ot%>kl`y>}Um z`#(fHid#JQUmMr@H?Mq<92#X&8Fdicg0LGu64?pt!rQd(nB>`5Cit$x;bQ%HP!nF{ z>ezA$*>&;@HUS))FE#ns9IF+pI9)yVJ9`B)TIhcC=co))OItnq*&DDqKvm`6pTzo1 zM#k#+a?GGK2j3hAUmVatN+2~HqQ9aR$#i}Q8w-4#DWb%Px5UwlrApTxHd>@bQ*!RG zLN&OuzO604s?c^0>I}QSSqRk?j%03Aj3TZ}dzKdxNftOx1KFCz@!B4q?sUGo-9M`~ zUh8r-aLq+p;)DA(7#h=3FDS#E;7w7Nfecu2j|?8^Ijwu0c8IQrrlBoue0hH9A9=3cDE(kbB_MbQ0*FD5tB$*)@Lc+=S>J18E(_eRV@Q|X%dIu z`$i8n->4yZX8C!S;eRQ_x~ceEK!_3gT};o*_ufV)PoaN%WhQ!2**E2JUk*39sZt#d zHUCx53VdT(Nw`%fU_F98aelirYa6A_H=k}Em^CXT*RuxR$pIuNa7s87WSiQWJ z`co6FB3XY{-yCNMSor3yNW%PmdL9Pi2s1|&MU@)23N}h?yAkX)Qa&bNli&SNPx#~O zTv^I=NF}~$ZrnmE;lASi-4${wau-_^x08pwtpZyv8tp=Njvy%UO5(5pV_r-`F_M#L zd530iNUqviJUKZy_^|@>bwp<0;X&97#vZ~U@k6eGlT~S|8|5q=$;VN|QoEKB{ZBd9 z)c)?U^~sRM1`ValX~xU$J$;tknbw6~?V;3}YFFc3^Ll*yizvHb>8_CUN&pV}QgZvf zji%SQygKN?g)594 z9)q;9#l>hvh`o$5x+mhaSHVOI>G=CIDq!e?Q_Be3TVISGzynFKIV`N%prCDsNXn-P zv7L6CuyflEv4p(9Fuet|x7K8~qYu#_rVb-cPnj;i_e+#g*KI1u*uJ}n?KC^tDh69b zet8C+RGh86g}t||KU0+bm1!i`WIxe-wDmmQI zd7u;sAY5aTQ3vMn>XDa+8(n4Q!-U7`8Zqb0p7$>A%OtzVu zW{JV8NAVq;3|!4>x||^Ufq)n3+&@8nPhFd=v(ypmKB)qCvK}lEE-u~4%{u9n_3w{+FfXX@TdDPO0QK#)j zA#9ZC7<4_)>oA=8o95H2u6mmDx8)Yfd$Yv_)sn1VX{~1Nk_>!KuBs-&H{j9N0b4(U zysc2Y*5|vzfWF~n;(mFv_?{Zk#_FBu z8RGnFy3#`oX;{W*iS~+oS}P#xF_6_rx_wX8*R)pqcf@V)%SYeN+~V6(j`#k^Y~&Ug z^iS!T=3NMJ{BfOBFHxcZoM+m>mJ}gE?$bF;^oVX6lYKGWZ(B?+2X=?)DC*m@4%2toHtFCpL^-X8v@|^8EZBBiRh094vSFo+L{ipAoJK!b zGW+=E;mJr!VFwLUvpxc7*Iq4O>%YNT?{O_7V{ecGY;+Qj&B2&O32iW@U?n}4bB-Pq1> zp-irC!2c2NTfrl)$G)Hc3Cf3(R!T^~?15J?tj!XDN{@$7i@=E;+T%IKIoLPvEp1)` zBe2QlkWByeXu7uTMxXd}I$CIlV;LwMU(e4l8n53&vVF1Q@iW)E)H4Z?Ht9$Xc7at| z@JieXZY(U9<%@>U1Kd!SX2?}LhCj}aOD)#N*5JVXwQpKxFm%hCSFj$!Uj5S7_F(1Q zN3M|$65KLy;A*HVfAXpB!f*8-_y5Y>lE0ghE5ssR4?C(3&>bny+<2lc4cb4f-#qkN zNvR%@Hg!xovvR*v&mFKa4%tAmfWE!am75OWHKL(;U)BaFk{8EL>PzxRZAkbmozEq8 zX2)g7ras`5$u6`kw9b}vU}V8xsv^=!wG`$m@t2ddR+Bx`A05$a!oy5WDAmVc78fsxc7C0^bh+~HuGG^HH5;U<~*=S=c#Gw zpC+8#kDUezwT0jJa5fJ=b$4#wT#igt-RC(&zJ;0AP{0=o$ zrWn5TaWZO{ec1U=50V`u>O7@R5G_~{$-XzYNE|3A^9bKehyfq}pZm$Xk<9tsBy1t; zzExQ&sQ`s*Gxxe&SL5Padwi{{kwUNcinOPg*6v-JxdYBBlW+h`y3dDl82!O!D(*IO zh;^6>TpCDh$IBBk5zf%EE(81`-ZTY;WoKv_$3756lv+k(Q796z6f&FTIfKc1hElkF z1+VgC{b)+)yE~!cx;y_SIY;PzJYofgp;jO3I+#6iSUksr8(uYa15WeJe1JR(*p&^L zgI95Y|b$vK=Ke7wQkn)u}+UQXgBb9Iu& zFoX8UaXtQH9S@Cba=AsqPkr<`GnJ1TPi#57G{#=}=^DL=neU&q~YX=_XH)c3oe|+q5jAa<*!_td=fFv0RqZ^~T>4cCSr9Phuq5*7?M^ z^KN3AeG;lm3=zGLU1Ivyv3h?|Ny}M+c-owDddeCF(*I@>7h}H!l}Ly$NY$BzX3Gkn z;x0WM`V0+{)B(4@{!M~JeqV+mkw;fGb1+gCuHy?dJ|W*#S*b;?>Vs}iih3`i8=rDnRf(ip6Lv(c-lH0p%*BN&7OefC=32}`Y{Ath$ElM}d;3oo*b7O(t!A~!Htxg- z5{iiAe>w`R;WFU0EYo-gNG35EB`p$!Lx9Ed?ipbq68HQ}!5<^Xq}zD=g}IYA$=Vai zC?=9vkuYjU=Y>w5XU9!DY0>&oB~48sFrTh5y`dOsdmEt8mvBoE`}KzXLu}_rrr4V^ zalwpQg8t%4KhN`O>&WCPC7m`mFDG7iT^N-l{Hb2mr=K)dvLLs9*VyHZwxhNvpy_)2 zLw-d{ui=sI(2CQr4$0t1ny>1?a1aA$y{!P`>3?PhT-$8AjU+mvf?nt0A&EqOMteH{xqC=RpnMt3l+5>_L7ysDi3E^EBWc%Boh zl~t(;-rwhBKkoLYP3%l#_6C|OI`OMlHARRW3SuS_lG_Sp@=P842bnh9OD2Lt0@==q zMc_Fl>5`eXsek1E1e-TUSxT#s6*5GjAzbe=gcR7NGBzu8{;W;=*bvwj&kAs>W$Viy zH^-S4tRLzOtGMG3M|a9c({ljsm^<61+8JWAN-{%VLW$$gwns;24)MIgOHHdlzbRIO zYkobW-C3@T{PZh@$2m!Cgi6kz{Mcgk$us=lA;N)^`NQ7sb6meiGh_@Mn=j#(E%R-I zDFOnmK~Qe2=V-}$a(F9KLJx>M)eb;6I^tD_Fy3E1gBDE^=6feW!ANa1qufHk6EJa$ zBf0FcV$%=t?oB|LBz8SRz}t&~SfcDC;9d3)J4sRgjDFIs7W<7{;h=o`1enc@`&Qa* zy0s}N-WAvJrYjDj>n$?7>2&QKOyLD_%<{I0W?xVlY0fY z3dvaaHxLbEf>rl-eLeiJHHSbQAbi+o`}$kDMX18>SXbgvEhG}3_ptK!C-0CAQuV5?*i@H=8p1vtcV4Nu#d*B` zDPTwP8;}k1K1rfK+1;ZPKv&cmAHOB^~|+%T>9n^_bC%kmmEMLE#qadV$eN zn`cH9A2~C1b{FYY3-(_yGud6jRv|+sE^O>jYOQ7~|@zkT`JvynUQp&C^%X zkE7U*+SY4gc9{mNU@bkoyBO_fu`x)PKitMHW4rJpw7G0ULQ+);s7xDt*PQd||8X&c zVFcEbzSa&zGBUlcSyP=O^w#z=ijFKJT>oeUC~%u{jv+clFh52q%?3@U><}DJQX)YWVnm%^i8_w3v}p74SXy-0nQK zS`A}q+{`kony`FF-=}t8#IUo2oqyw+ea{~_cUj>(lGyMYH7HW^rj_H?S8B{7iL&ps z0!J7U0e5R^VuisJ0-9hTG%;7ihtI-BAhi#-I)vA<(#+B_dJOMv3xU5t1$rsK%l!Eb z(R=9c)*GRYK)_7Wggv?LAR`xvCEicGMV)lq@xywZ6YxnA0S7p{0_r>&OS=xhAXo2t z&k_qv+*AXt>?huj?JCoMr_Wn^Tu7@2&UZ!5*E{ULoAaADWft`>Fb7k+kBgAtw|%|y z8Fdu`!9}B#fcKJj1p`LHSmSj(UbYasoGdU{J_TlSntua^EkP%Z= z&A#WpONd?cwHevXWrmgjks}qmqLl;HZMmI&(A7yN3pjRyW$kj;s~H&Ga_xoPqgX?T zvT;iZj=k95UF7hI%%C%|P4_5#hZpC<{a2_W(!RMYy~NzmJ#Y>l+ZK`jJL9#ekdjWz z)4)`orI(WLhev*CBgc9T1#gQlTp4_2ti8#be*S}Jt8qCn%@loeaU1x8w+IME$<6v5 z_}=FAubO8Mn^v0O(I^%OV)`Fo1(QL{n7U2VRds17pl$4ZJ6yJ$W(t1`-KlRFCPK?F zDYO{Z3VUux8wua&BuI37(+>TlW#GB&bt1TmSG_xu4s1eo-^5a0&y<>P=b-@na_#wD z6qZi=URcsb^TUS^pD9H?_3vJr@)F!&l_7d1u);J%gn{SbbPIE8xJfRv_uG{+-3ui@ zejcajlgOBWynVQ?C<^s>2X5LrEwqb7F4i@{d1g7oj*RM&+vE%r2*k8NetR}2Dmw}a zg>Y8F=U`Kj$q0$4aKOzK@soH}W+nj_(80GKom0k3o<2o+oB?1)G2=~au$VHr3m@s; ztY0Z_&|>=lNy{Z*Br3X{y=oWrMTvo0ICbh>mrV|haXg4cJYlyR$j-PPUIhO^-t&(xxVLL5cn8*&>Ou3=LUdv{C4-mp)FCSwGj7ffSbN%#x-6Zs^qI_gh zILD^?i3T-j@Ha6t5Nnf4t|NIXWcWd+F!fYP`2Jengml)^8B+lwSHU1te%VBbXO~Y@bnEZiqT(*AEXbz$Q zAxGpV))w(*mu0*$`F z2-e!shK*GRa=2&c#DEmmwU(Ul$+Q$)Bm~cL>270S?T3*JA)rY}WlNBLZ4VA=!HvM~ zTfEPb8LTOKvsu6buA!kIX*guVM@5n`<=`G0campP3w#9$1_L^;aPI+IYM%qfYDYlX zhgF`ML^^?1e&{`tI@o|d9m6nm8prZ%G8^k66PeQh zb6KYh_R{6eOY3_2zC$Gxv18tg;dj%3RqUC;#NnW*k)WK4Lwrmy-1>6gcBC)Xu)|f2 zgX-|4X&dzT63j?bbBrQvR3E~~b}%tj$#}`P5euHl^OukUCg<)LhsuLtKWUKSAB9IE zkT3Vjj2uQXe@8D_V~axrty#IN9O{Tc$mYe;Y(jfywk_Iw0sY4zE`6d#;|(2P1Ru(f z7&XqVq#4DGjS`NOU-qnIw)esm)gs@vZ6EK5!rn_g&BO_ld z(^&Xhj6z0aFn5`}q6kJFu3zMa1ot(l#ia6Oilv*sZw>1Xa`d&vL>9lMq zapf94ex_#q5cU|E%u&%q$*vRJIq49JqZKlT%kZrDGOv<#7OX4Ez{yc|_pTU2`DlzO4gG^fRezVn= z?8B~##gU^sbhE*4KM$K@JebXGtOZD<%sJ|h!~6;l9=&yKtzcRF5b*XqmRkKUxB2hH zDc9FpA0+rWeY8RkI`JkasEA%N*%nVueM=<&R%-NWk3MKQKN=XS7FvO3PTH#n&%8N5V=V`$nbIQn9k@D541ideiFq#BlsFa<-&m1FHHM|Chqx8Y z>`gYlWpg;DB$qaK9=YsK744T0;L|q9BM-bp=Yc@ew$upMMB3^?mVhZeVb7lX*T>!D z>>M0{1|M3~EQ8U&4(jeRi>0>jFi702F^_D+@Fq6)QgeMNm9E-hHS7xBj>@mDiEyOo zmIq!Xa&)L|w1z|XP52J^xf{yDinA^LDCeaW8Z2 zVbWS2D2Gr2hbAJCpe}==>4w6-;2vZuFZ3fE4i`s-;H8i{|Ncmwv_?EHcB%B- zo_f4;?A?)!hM^b8D7dprY+M=y>@GxKi`OC7mB8&JH%RT61yIO8f|_7!bt>zM_p(VS`Tq^Q97i)q&hS`URguZR_+Wi%blx149&)sb!1At+<(IR z0VCD39SJ6{gG%9`OUAhCD9BDEBq8`FjMTr9#H z-i((21fzl3QKRGJ#iC#{SCY3|16o>6K=LG%sO8W#*pVa;E_TcV}r2M zgzd_2LMN@Bo7}>XmhucO7HNgB(dkH*;HShxQe!EG793(9UVxUE2Uju+)^tqoDC8xe zcpdNEv^Zvk)S;OygHP~6vb&KzzQ^sMn1}3hj*j@=&(VYKu?pb$6D0eG^G!6Z*h~0p zx}SnQ;Xl3!sm7d$#eRoyQiT7Xh|Fc1^h>|k;HI0mXRP37;OkMsu6>x<+QqEJv~i>m zbKGp^!}+*Msl)xFV#&{l0?qII-0i0?EnO(#t+!kIU4VC3%Np7qj_^wU4gt4sbzfTNVSjeKj zuFmaXnb1G4t0?oCbFEzb`v%z;E&GpZL?M$$Ei9gaQ8of^9nRZiQRcW# z|2Qg^fn)a@%6LUMkSqh7RNhKao7J?SF6Fsl&nK4spt-o8Dgm>sCJ^HO<~oALa*8;Z zl`SX@Fswbs#SdmLZy(pCERm(X1KQdxu-o|eHL#OdW4QLibkh6DgA!Wcvopv>$}HP; zEP{9KwS_NwOzT16H`3uWuEkL}{qptD$6Q&DFb1`0aeMt-KVMy6Z(EMxEC^y%UZ^t3 z=|#xqbRn$InMyY!1QsTQzf3Ro;pwwyivZr?*_P4lAl9uYB4LkMFD1YokXZH)Hw)ag z_w0_7kapU-vQ3w^f7yiK=CQL62`-ao7F4{s2vSb23WNq0w;_mW_`eYxwd*?Wb{vpj znX=N6g?FS`GvfXgXt_$_%*DAq#7f3ldL#;W-_5qQvU70^0@IGo23W!@f)Tg3GMi>d z_TpbR`F;oQjMMahMIi(kPYlH%z>fWF39^|-UM&Lh&9wf9$Wu*W|6?mTi=l-XAcS4} zIRyE!=Y)VI&`3w-P}BvE$(MA!{e=VBS149@1)UZZ__)(wjdC9N3_*W;{uz)q0sMqFdx}DM%Qti;r{EYbrmSoC!5AEN`g17?DRs>P!7R)9LH}SZuPmK`LFF}bI+tcDe+rNGQdjS* z2gt0b`H180s5y)qIlqnk?N~THE(+mgVg^xVz&flqv3CczQwWZts21Pf-Wb#2p)i#fFYZ4H04zW z8o)H2hF!1p)SWCZ=hzRf)-u|U2qaF;AU3~OQ_UjIe@6BnNPhiw39xfcw=z)YWSsu( zg1A&R&*I4;u`Kz(CeuaW(MG>>2Cy8kIEz)cpKhou5zrwJ^%?MoEN3uC%~Nxy<|sGF z8yY(7WwC&|+#vN&?ZFthW%7mp;qT`akp1bUJveeM0e(usq50PZS$DXw-Q_2%sHMUy zyStH`J95%(C*ca$27g$ndC$pzJ~Lm_>@D@iwH+2;n0D0fiXplJO#-rF!Qx0PuyCGX z+p0fPW?JAE;@?$5Bh&3`&;j-NvMZthaH%>I-i*6F7Z$R>T~YWrI|c(59@k@dts9Xa7?>)WIWSmC;_w9ETS943_cJ7&=N-OD|&5a0gabU`{%)ra}oBs z+tfj)NVMs}wN?x28pI|aE~(awe5hHJ^e1ohuztU!R7y@wrE139Zv|L2C^3X)DzBHZ zeYf<8xDnYKg~4fq(7uHM%WGcAwh3|uqe>oXDS~t^lgZ=A7wWv%0$X0OVBL*gT7~-w z)|T#_coWrz@CHYVUCPGz4YvzBUOI>H?WkD-w(bRHJL*v{ zitZLZ9@_=h+>q7Q&VC+@(}V-WBi><&PyO--r%SO z=8MX-&W<3annBROB_L1#q1nsVe1 zuqI$A71)4u?+PmV8a(|A|&+;{5vy;}H@b*_AH@Np<3sOMps zeP9KDl1_HWkrdNY<*o-5-a_tv9*CpU&PdcI5ZpE5j$Z^Ecz4B*7f>JFXi3!9!&vc& zJx&Bj9Eg=pX&j(N)mxTK-hHKCzoy*`6a&_7ZGv@0#+AW0x-$C7eV@_7Z-FCfq3_VA zdH8VsMt+8CD!_u;cg_vR58){)lDTjTMX<{%{slLyu}sH|-U%-Oa2#WKALT<_zbA1x zuPgFKGB22{>>%=Ri-2ExVc`Q~?L)OQKBh5#t+rT)A%xTep z^3L(K@&v1c_C8`O18V_onDM2qDK2X=A;=e+WL&UGWP~dzoTYb#Pc+Q5BeHKW zTqoBoayR4v&c`M3fd>Gr*h`>1#)Q7;|E(Ok!+Y%3eijd8cq%RSye>5nJ8K_*4dr5A z3p)PM(HjRiwPdfz?lwe)=4oDaWiurC&Ar%nNlM+bE$4T+GimhsF0MOJG2htNr+P8) z#X}qK0^q(73%|C{r6So)Ygp7I?ny{opH>+NjO z@g1O#Ntqm#?5-V<2ShFr52SMA!Rg?I>|N++`|W8A+6cFDZ9eUV)5n;aD0204Jb7xf z@m#ejzrfxvDPeF{@)7bed?+PwOQvFM=g?kT$fDe9ooGl~;9*ppB(%dx>ZB+6{K;br zV*Up!4mR{j-Y?Ujyf{ zK%nCU13Ej+yNQ%&OC>>(UlaZgF*gDLsb|(TUUyWn&U9JKc3Yo}HJsp;f`b^g;0~oLn9<1*@{{0cTs> zEP%IQ*QSZ98C86c<5w??;$;tknXwj>lY6jiKf;wqXUn37swXOQ<=~1*k0_cvK;dT< zqw<*Nl-`%#YB`_t1ui_Hh8qpA_{oN-_6W`)#2$yP+=cg28_P=Z;?22G$l0W*hSODr z_3MgPoxzl9LOjwApH;y$gg%mL7umD!gcxii5c4qB-r?{BXe z`r?kkcidfpRIS_#eh*s5E`Q3AfcsKoYqa2*{um+9Dx{+Gcj=~J) zWok#?Fi5X_{N#4N?WmQ_PddDP7ajqO3k~fYwPZvRMZu$Th=KpCPw+WdLH2uT-LG2t z-sC$ku^exHBij=BGD^{xS2+quQ0i-45&tLMQ%Y9<_uOsNRc*1udN6b-zB`bGx)=WC zvAK#H@xF-~67~LVUf*3^b0hOZgZsCSTQ|RQY@9Q1>W}K?InQ&DduJ7RszTZY99jW0 z*eR5&+_6qI=i&+Fnct7JY!6v7$a$i<6RoXxY3;yL`DJ36&x>|+(Fb6>eY9dDDlu0P zSRm{1r&aE~YI&pwc+_fU7+CTfGR7f%Oh9#QovI1^#D*96i)0=)n30IsG3MF=V*#I9 z)5ph=KBd-Ej^ASO>kP)v5iuEP&vCMfc4_Q{Pl`#eELu=1RCw53W!Xp z_A4GWzpw$9OHpOE#~U47?LEQqCyq?FO^aM8VG&ZueAj9>B2IIbT*JDhi?XdgGoc<`Naa7$Wp3;b;7e9@eo2F% z8BzDJ&~#qHaBv=dFMd78dw3Fdysu~e-A>mkpYxSKOf@_3UYidR-5oeb_%*(8BDO2| zRTawjipp`;2-p=L;-&tJpP^SGvrhcsD)YB@#14y*$_?`CTy|S~_BZ~^$o`jLa2NA> z+a-qe7-ppMofB&Et1l*kt48@jsfY;PTk4}8m#o*IH z{oZ$<^ha;{&m!B8rT-$Ev=hGW&*YP) zgLTgH6UM-;KX4j@LgV;F!VDi&u*zUh_o06^UEnrZA%EqnjSA_VRV#aMN=K=AS8;vl z)ewkqki3mTQh8hSEL5$fzEYtZ-4=bV1cpwj*AP`toFl+U-X!mc28^0B*fL>~xlm?l z>?DY|pC|DV0>YBZ{_L5Cj^xRUXRq_3&VU=xNesD?>eE#RSxYSNd_4`Uu z7va+}zDDh?gA1{C5qFFZ#Dk47aGmYyIk5`TE0=20V!uMMu#0AGqj?1@$$#@{nY{28 zR2{E*ljt(C(x%rl;Bwy4{wPxl+k?CWT-#ZZz}1k4^zt&aIOBCLhSBS|`PEXVSnCy6 z?{hy?2)3A|NL@ozxxTQ!ZxlENMc~5;c5jd$>KD85T^1iy%)bnI`pk5qWK?g+S>$-X zj@_Igmhj4DpL(47uW7;tAAq<@hU1ea0mFfp*hKjffUV*VgZ=!>LsRZNe*EWzcdXTt zWv?dbM!7byl$pP-RR8guPv#NI;BEE-69B5+=vc*yZyrF7jg3#*w{MTI+s@a3p)${9 z(RTvC5p84T)qkCeJ0<^}#dN&b{xC+z@YX{_N^)8ASf-oVvG)G4Z@G=8!Fc{yCe--i zH-&Tlx9G;+UoNh*;Us@&$WYuCv*B#(h(!{2wE9Ei#&^v#<8!D&yT2D0RfpL-VtX`i z6oQ*LEMzwo`YZ*Jl3CvI8QJ8S7hI-6?MH+1_TA|_4VG;$A6_(b8eEdol6$(7 z1}-&tcv{aAZ-kwVCIhz7mzwo4{8-bME@0I#;on)%=ii&rCZdj&ZwG#;RpgaQgM>Qg zm4m&)h}gNuMT$rfDahi6x1809epoUBwrk0r0mM7g@c&dv-2YWc@+8}X zU{ZtVA$)5+LJ?`n|9+2G{(T`|XSTl&>)xYg=ue90za2gsuhzUC4ggC}mGRvLpUabu zu&Bg-@PH6#7-~SD2H)zC*!`yfKD<}t{!6$@qA`rxy!X4fphRcJ}3uzo*aYkoTqn1GBZ-+z2>ykAwmcrNY8TY%2=0VWg5?TV8j zq7qeU%b*ump}k)}6JvwTK#FD+s{F_sc4RHQ< zM|kVp;+V%t#0x-9nidS{ab2YZ1qd}@`7*wOPwDS8@usbKh{yC0EwMGMUg8EVEs+lBOTGBRY3;e)#MkZNJVC#>WiaY%Ac=P?J?WL=DVl^ z+%TKv8F>0%G8`)Rl+seoN~C(CiykUO)IEpDAbJnZP(p=N3^I%i9X8nO&JAqMnc2RN z{B3P4zqND+6_QXlM)kH*cpmXhV#m+~kgB^(@#gX`Or3hl9jXE1`#b}!?HQN-P$S)u z)n}Gjau%W27}Y{-`;En30T~hIn!x9MV$?e3{?A@0nZI{g^s;a2ebcF&Y6+{~NoU0x zc!pE1PK&H2WDXIps7%AGe3}8oZfPms!R$=xLR^f>fk}znGua3Gx9)-9a|4pS3YEq5 zCZm&`uWy<^pTXY0tXv;2_-ras@E0mpSq1J;2flAZ!ntF@=+9pRe%G}kpH=3l&dy>qD`^Ll|ZUejmNzX!@}P-W5I zip}o#-Er<^abrai7(BuLJRZ~Mm^hzy5Brg zawv<0V1E*jq-IM3hEmdxgF0&-$r*rKj*d(7#IY9+^ZOyu$>7VclKJ}oTub*N1;#FZ zYfl&KcdXw2HRZ4|?Bv1LqW{OAi;%LI;6R1f;kB4m0!q&N51ThtMl5!iS9 zfR$4K=*{n)Kl-GD9*YpJzXA=2ciFWoBmNAxyJimi)1NIiI1ifq#*yPr3q27 zI+wP_$hEgU%k1GS_bh(p{vlg`iQHlnBh*Hd18=G4>?5@Oh{bFq=10F)1`$xe@JnL3_$QNQ`6VYd8Ew9%`anlf~*Y4>-EWkz8qOn9#BXB){OloQR z?Ccb@>ufmt|FXcNGbRO}YmOY{N;f$f2kpAxB^_Ssw}5Z!*nDmNw@3P0*nJx&g09V6h-mY%OK?a|4#By()rI?*s)N4kJ^D5S3g5Iq{Iz_YRJ>*`T@B^1={j+pY-YbRZYB_{aQqRF8gOB{A1=e%qyR`#!-+0amOdu235m~hT`qu z?Bv*nim0Do8OJ)#Nq}U|T?L6YcJ`xwCUy1NA(PWpM{l^BsLcQ_d*zk<#(vd5I zJeOKrKT@T0`r*KB!*%v*_CIfXb%`;_VgP*his0R#nxfKy-Aa5#m%VvKze?qJjubk- z(A-af>k6Zk1W%kJ--@~mvm{B(@TeU}zw8JikM)yE6t*h(KvynvzVqrBEvz|`t6C9hU!oB%HPatG)`d1iI)=N!vg z@+7h^yaV@V-tCxTmWBk0HD@0jDn=jZZl2Re}! zY0<0_U=qhhKEs_~tOV#76fsNOV&DQZJjixLk=5GpRn zo~A-=VaCu4@6`r%b&d(zwH&Ks5{Ctf$X%af8-R||j88v-_-zuC!7R*OOChbUzUIrpkr_}OE0KRJ^((auwavn-82h-v|Nv=84$u&+LeqnPLGI3R`M$q7u90b;h+CrFp?QI%C-i9NrES0q?^rDQ6&@~a|rg*tnDlnY}lRs z6nx}F!>id~pe=ft)Olt7?T`>5=#bBE2$(~j-lU|7vz+q^4mm`bcD7skfJOw1Jmyc)WQ?j@_OE!IHAPJ!;kVgzZxv7pv?_u< z5AL6DiKC0a=WaNBi#DWfK)aj@7zS zWE9V4x<<$Q)X7hc+CrZuv5cgM>n_#j-LmYWkEqvF*Gi9Hq-vIbq=wZ&Am2bYNgMQf zSczvWy@Nv)(1Ew8Ix*=F_*Q~)NFKcg(-UC8hU)Or0p{DauNZ6uTSN-=0OPnQbyZoZ z2&Re&O1h|lrWn3ukB8C9RFT^qElJMc_=XUw$r`qrBgqOCwL%x?ele)B%IK9On&cRo z4gcgFGN)Xmzi?@-drRjrqA7eH+F$PfSoBGh&DYuKRHluRQ7B%Cl#3yVOf$onY^;(^I~- z*zy8QedrB5K8u%Zk@h}xVAEiSLlq-Npp=awM*V-C|NRNMT&!8g3E3G# zsU4ljrTG+Gh;~a&>PAxT=j)jLt+As*gVE=U6My^%n?;wR&L2C9`stiuw^sF^c1Ggd z-=~dVe=`ANd+lu3g`CAJH>_jpI13@6TI_civ{8`L*+V`%<3JTjl)-jheGFlA-D8>?4Ns&zqZmw>TcA7dM<2tZdF7+}JE} zdy;upFD&AR?EhN0YwH$w5g!TNXmuzHU%0l& zstzORfP4?q5PD-t4tq8bG4O|pkVo9;Q0HoIF;l_!8w2oMb7z$iTV2(fX|0wCYV53F zwA2J+o=G1wYg^)6;^{sx-kddBVXb9!TAo?E?#<+xyB;&y%Y65ZBZ+eF-Rp3@9nGTL z=VP%1Rk95panjdpIj`V^k^2hQ=g#vkCN@TTVFwq}>f{h-V-Iwwd`oc~TR2Jz?u=#3 z)7-Xz0awYlMzjv)-xDTtU8NWI*{@|u9y5@G8tz8XaL?qa@s)KRG?5!N28Ndmqppow zY0J4kxgmq_rt3iRC}+tWlMJ4QS@*I;RWhlieYO3xL2lphBgEM$K$h56@MLzr%gJD` ze+@8|tKh!RPyUXz5+ki!s%tFAUNT8oZ{Oh2sTYIjwv`v;G055bt!$Qrpr(EHj^33U z?J6*vdyYOylkpMt^wc)FS;TYU6!$lM3|qLoi7!s9HONJFbSo$&_CjKdI@e$77Ab$! za`QJjHlkiy!tX+vbRS-r;cLU+u_8-EEN}o-J#uQcpZ(7KoEB^jx!+=mDNAByi0MyH)6B z8E%WIz48!r9g`GEvogyz43d}$+{kWkwNVla4pwksVg+T3ng~t5U85+!>;?KsC%a{4#$Zg!yd-5wUx^RzB3k?WIN(!B!M4uuWoWqq&LD#`PC^wzY39P0{gQ z`Sq@_;1iOZ2A>Zro0&ah=>SKBvsy9MzPmC8t2;Y$Pqqv_^OnolMX*~P;S_vqC_%jj z1J18E#fGD>aa3dMBk47j2%vbTcR7DofOerP{}B^i{Iww02QUSsj5zG=#xDFEV&F0QgRs*020|OX{1!Pd z{XoW#tYxvdYE=pp`l~kd=w;47ui7u$SBpDja4^86d$GD%3k;tA4n`wL{p++-wx;Z@ zGbi3b5~|euQFe6OQo-b@8*=JE%g5;+N_p_{tb1+VQ|Ze3UsKkDTf^K!L-#ob-5<#= z5-E;8-un8!LNh}lt-_RvPvRMs6w~q1tjH`C()T49Wa~WV&~!Q( zSfo#2k@UcLl$l_iqm564;mO$ku@$YF9JXZA(xGn}`*DdqjwW6|v6JfPrAnPBNI=H;C(F|Nc<^Cxu zq#4HHrIvw|vH8na7`E#JFm`KDRqid8r}sXnE51KSc8yjWB97`sTv^dJyg_l&tDSfx z^~=y^9?_EhLl&OpkV?;O@tw>9?o?ms8_gz_qOZQntLT)3%cHOBput;xG?1j!p?T-y z`uT!`mWWUCQ~IY01}MIpwJb>Dw^$dmxGQ;2Zrs=;sq^RT?Czb0R(?HAomVJ$VcJ^* zRBlf}eUVz(FYnry%?;LD*AJKT)ReA{O6QC0Mr~8>TbzECFoEY_Zvhi#q^agBo^CC< zV`(6KnSVgBxzuTC)aYt;Xt9qWllM6yN#7s4%WaIEaIHqV)#kJ4T>QMxUGEiflXy-J ze_R+<@7;nCb#?xhRrLTI;sTH8ifZ%MW6qhU3aSRLeqLFbHtU~m0FZ4$Yh^QDW_p^= z^61z_JsQHjyeTzTFFZAq09sh-6tHErZ7RyH8=1N%zJ~KUxyUfP%LHA~SOckn;85YQgHs-whQ1k2Uz*DbV`#fu#;X9{Z)bE~NuNXENXaebIjJVlF z0M2;cEy+x(H|d)(&?O=cbIx1S{(?={t$GLHuCWM-8}2Lce!~Ok`Fo(T{Eh#hWZb_| z@=UZX*a0<->iW(w;Y`0sLmqUBD6SO0S_hz|)pB{Rsek%|6Ov3PK-f%DE&SHC)&IgvdR z;^uXV*v>QQH#;6GLVtbTYkM{E_z*1->%7Z8hNa%DsFx54q{7{T-?Qx?DrmpSUF{Zw8L~`(D$JWHmK9b65djQR~l8@iO0`%q%P6p{Lt{-c(V=4ZQ)fuJNX}|zW zyD%{u4@#E>g)n|JLMz%o!FIAG_4+?Xe5N{dd^(R4h!QLvd)=(g#X0mbhMDcyIb-^=+V+z zZMs#J=-AzxgK%*5WP{5$mk3#7BuK}K8dns`GIZKRj9%9iRYAw^H#JP%<=oe&7so4% z9+8Dv78I64AxTU+UWXGbG;dNxp#^C2y|-RkxP1?6GeCtuJ6{LXU9oXE;N85|jk1pz z`iad#^(sl7kB0$9wXBFD5e8_HEct3x#)$aYPy0M-j-@gqX#OuB&+K15#@TWdaG7~m zm^8@J+zNya6O`bjX>(vS=Ia`54In#@uBE+FL--a9TU@pa*f_-=jUr90uZT4Gybp76 z^~jNS60C-K1hrA@NNb5orCK01RrfW z=;SlKPAvR9`*=8TL@j`w?Kp5^-~y~zd~r3CxXeXfQHLHmdX=68N@NkmEdUrN=HLCV4rWLYQ2abF z=Z~{g^spfn{<*xapy44sI)M_yOyH)O&#tLIZeh7e^?~bewEI4%Kzy$}_L|H*;(nG* ziT`b+;w~NI?;y;8nx;`eKwt9^4m46 zh2F0W<;Vgh&s2oZ`>?}-Elp>&UskHDm-$8o%EO#n;gC=XJa2d)==ZsH$WvNi?92%< z`^5qekp}Sf@zT6{6CmbMbsOlu4UIOQYiK>$(lKoj<7Y*nmT32>kZ>eRYWl^!=gBtx zhF@Xx+54U=uKBdKn6-QXy>)Gg6C=Hg7I$i&=3+92v5AShmPC3Z{aZ<(qv(0)@x(O$ zsi(kqP-|-X5XZNdd{(c+*)*@wvSK~TGN*y2jV5(T{^E0m5gVQF`ZRm`Gl!}xZLxku zuUHeWfCQHSE#{J9#cLRAl5y;NqSia$$BdndjGBi=?g?LD`UQ<`7J&4ny#qV2lEBg& zO{SO=@kcj~$3FMZWROAf3HD4S{*`C9O=;@z=~HEN8P-XJ_--Wje=4|L5VU&psA6f zAXOlt8D55ZH!@<2djTVY@UaIQqX@1pHok)_P-H~JN524|L=|y)r<6}GpZKL=mAVD- z%F!ck8}HNz17`-E0j-gl_X4Se08F&J--vIt&m}m1O*^WN?giSwLR6keyCSmK85g|G zf%|07w|q;w#rSi{Vnawdmv3WN`O;i*sOT~I+O1;_ydx9q zU#hl^fDoWa66OJyH#tF4ZAp>tdW;v7kKMyG@hNv4j%10om#}7hn|WI7zXrqkTb`MO zG4jGwsewn}tZA5t9vur@CNfa(XYd6zgc41k7a%M7CyI;@QUwIrWOBPN9XrSymI4{X z@s+dLH3U1dOypsHe%H}Op!fGws4Q5fE!>E!;XEchi2&lTdbbK{@jnFJzq1cu(2Hm~ zW0AH4c9zCX!l_JIHs3j1gT!~Xuh>~G$~e+bwz>a{UtSS3#8%wb#>&KB#=&vQkDk$R z96f6rfYCy^xNTf5li$;cjRBE|b>!O(O2P5fS7nvZLJEQ>mud@uB<*Fs!X+q7ctE5e zIor+B%z4*C*ok$V)Mk-PleK@nrq_Dm+Q>C=Y?U$N*`&k?dio&2AcN4j9&SdBU(|@{ zrBGYbj^ukzty;0KLsS2)gs(tHFsoqt>F}mCbbexmVak2Lo9$y$(6xZ~w0e*&h~(if zih-hpDZ4n*d{X5g5b>`@YuM9WE;BejZhiA5drOuuf}kbwuXygCJ0Vn5%mf(?99chmRT&g}%J8$A#Dt%K`7f6a zIJp6mDkZTaBb)2}MW!01u{wrD&#Ev&1(BfJ33v^y8wD^rV?)#5CCkzn7PXgPaGPm_ z>b6rfpJ6M$Fb2mvyr4$Ji5`C+=;PwAKKCdPXb8Uf@yjm#^>&5Pxp(c#Rc7htZ@r#5 zz#z(kb4n%f#vEwf2wy3x(mRB-ZaQy*=~bP|=&m|jYF5UEmV7TuD2i0$;_dyugdEg1 z1T~+CiD>@SgI2&S3A68?o1N+E7JffzjMQ`E51C?qj!v9H@TX2s`EYKyjlk#g~Om*jE!D zn>-ABIkm}#NC+&R|MiX7k7MK}Kdi|POXz8GdQ+txf1tLM=*N)!Ge^w3(})p5y^viG zPTC1FNsE11Ou755i~1bbLU=+Sm$#m4txjL3?I(;oYn+0z(taV6#Ui#46Y*ui>>`JM z{hu_jacNTgBR=;%JmF0oTA@h4-RDwf_nmVo57a*V(L!}esy)~E#eUbA z7UQJ8jfzHQ=>8Z`r~b>HuR0Fd)qi^DNLtUNdS_m{Trj3**o7p9KYJbtIEK`*$dm-n zo_x#2=T^|+Y~mf>i=I9e>DS(@V*Ot%BvfwbgaRGbUuUlN%DkZ6M~7EA+4r3uJ`|u9 z9qsrblM{vKI1gMutjYhx<*@q&a;jH-(eW-uib&$vivS=A3KRIVV|JN$`k#@Jh?lo@ zt?uWCcts4;4x*J!YLx)Be^DR&ZC`QWdZA3{+i9T`m9n$<%nN?YdPWsI%k`H;_l)*U zdI0Rz)T7JKMF&q6#1=RGmBBh>0HYEH`U=_`sI5ED#aTvSCn zHva*;Y-XJ?k(Y3B4y_-*i&dFP zu*pNKOn?L(F+4C>WX+wW0KK9qAWD`m+`ucSN6N~otur31iGTKua=_?~0hB&4_0`MX zy3ZL1Y)pL;TcJJu#~(71GB2L1f_d8k*N`vC8d)KSA`w<>;#)PLkVlfn7Sy#m_vc1) z5N|hh!Be!B)R#_=%W>0 zIOZ4vYp>ipV>o0RY zcWO-AMeHWKbX?6_SCI^ zhv0GlTghQ0SvCZUe{Uo>hf+!BIV%>D8V%zF7LE3>T$Pd%(2d*byJvW-Y?+e3t!p`z-3D>2_SQ!d>3dn)ESVH}9ZZ z=Ho!U8}g!pTseWoS~g6F?MtmoU4Xl9n-@U!mpjM~XF_NO2*|nY&y6plZ*=O=XK!;^-aq!Scv05`7=#u!pYW;SN z8WB{GN@IU+dTT%2=)#@p&)YyJJN{oE`Qm+nv^w6OkX@W$QGh1jkEFBR_f-a5^h(Nd zV06Ax3)#o@S2}7K?pozV%;spZBlmW>PW*LyJiaU1;($^LCmDJ>9}7;^ zHEKyO`Dl((N_tHQb=(znGcH982e$U6fHvX%DTD!K6PuU!9*2`4-!7OM-CH5e? zG52h;z0aNwFu?SIO4_aCf$3?pqhpclcw9H(l)tQ;+w(sn#A4DS4fJZ>BOvSRpxFd_ zA!ur|CeKfjFr`Dj5gJ5Z)6RRE1tBu2)F1w}Ur^eB1rV3#ntV9GE|^Ag!7$|_f1}?y zN$+qF*`nw=Doio)BsTO((}JtHzVBpf_V{KNKN=cM#LCFW+SMCyV)(`dOBiT^(cC)@ zlVTA75{-*K8W-~MGgz_(QuctepHbLlgRqwZi=(4>Nk~YtUeA74&R1my4WhdBsVlzN zSO(ho&sgp09_?Z44}yUg|4GpGfb*jJMG@$W?Gh*pN+;myU%y7CC5>pk#G~y~z@xoc z&X>>=Jn{KW`z>D^RX(h>O?Und$k6}pm+|r3ge#oC817k%`oRlal9j!8_}umjh@udNCaNgz+Q|>d z4+@%mizErH@7iqj;$X4Y3pt7)eoAru%gM=O`(GYE_O066<|n9poGZg zf_4nob>1B*cNk%@z?MV)r^)_)`Gp79r>xSk)$rf^4aQsBw&oZ#eXZ`*u32T+5O}y+ z({U)Jr?7d!+F4t#t)39C8Xl4U0}S8i&JA?!{hos%-LI_A8S`xIW!QaJ%6cSUIRwSA z>qw86o0;vUjF)>I!z@D0&rS}v!aO$EFF+H0HW&ln?h`$4KO&+^;k`uCkkgmKED=H$n<@-zFVw0?eUL=Ts__y? z^gOnje1XCS`rjC5o6arHCREj`=iL-^@#hERB7b(fN5X)+OH!|9D5JSSfWjmThJT!* zs0mkQLdKayF9SX<{mOw8Rr4ZSGx;ecdEJ=p1Oq|J{>BoJdaf*`(fx1m0us80`5IEm_cb!?7?BM^at`)>1+hbKFn3pJSHc&w8PrF#ebT1D%4)A8xT)+Sf9B@(!u^AX2x?S19; z^Gt5L@KNVfz&yCA-E47swCixZ?$TcUBbBo$AY6JMkd%y^cgk`$6hceGsqAXBQ1n_) zXa(xIOxilp`%|nr=>rm@)obNli%n;z_nCXyX42N`mp&vswkoH^^gQ+G1d?&7Bedj* zcTi)L_pwRq2WR%*F3^=A#i<^fufkq=rGgSubTNe$S~=N?8P3|ToIXQLrfFED2NjC- zbd?Dnd?BI;iR%w=jHDbXkVOkQJK;gPO=-+0Dp#~kTCHPTc??UmtCh((wAti8G??Z^ z^|And37Zx4vAVoMv360uu7iw=;CbB+qZx+J4UBOv012l!FaR+slmul)EfiHv$8FXh zD=4d|@W{Q#8*8oI{Q7{$yf+3@Tq_wSx}hmgPt4=fc&Ylwl!qCZnRh?}a@QYej$wdH zr2|L=Gt-@K`m7+rUu^zJ_fVkq{CRIYp-!n+cwhJF*~F695s*GvM2b{((eEUgj3MkK61g3YpbzlCQZ$)%J zbRA7~d9t=}+F4R7`$GPSo|SCyuXB!ZtF1C9S3EqqvgVDnLn=u*YbHezmq~@&lo~Pf zc(wTKcL~!o-$QQa)yIN$CQ{5m-+2NsKymm1*;|qj@^~HvQN7^X%=DR3=giq%aglsQ zI`~(6G9^#%f#r-0;aFqgg&3^ST#>q z0)W&Aujj^FBnnt4{x9ymZNOyEZKH?X>;ezRd(}h73+1<*wSC)b+*`~biQflAOcaY# zAJ#s~glj4C`wQuJNJI=z);Lq8t{kQxo(mLUgWp2B&sn5oD5Xpg$^9TV@g{4|%M z6bQsJ@0=w*fI~(HwbGwTccyWf1n9!X%?7h%Zdt%@GwW*hik?4_U!&b^qbv75b^j4m zYPv;Iy$~gv1p-TN6fL8KkI?Ino@a;TLQOjq7AYJ+=-O%ON&>|(@Y5(nAUrf_i&AFs zY4O^I2ai2(_w=AQ8@zfsXD-%HseLZgBHru|P_|zqAXYCY%SK9FN zgrK~cS{#rf%T%R0W00$uJo7WM*-_v1dAn!-VyVBZCv6U32JceRRO(%23Lb5S0ZN(S z(rVmQ^wq27pRnhY_A@>WR-j%>-kNVcog0M2UB4!s+v+}M`O476fn(^Sw^yEWc6oOa zuMTWOP7M{+5@Oa7l|7gNXf@U(zVnilkarv01xMH*A5c&(f88jS>Q(Jo?O@$>l)!u( zfk%{O7P4d=l5N@%HP~(A(&&o|&gGXDq5Z{Bojm30@}apMj9o+Lx3}pX_v4-7Woul* zlP!s^k+LuX-OUd#750X6_4TYr3YkO5I0qB68q3YPoZ?o2e1~#$f=MGRDcPiL4aM`h z@0E^i-BL`E&LRk<(YOTUojCi`oPZ@1mUd+qGZGK@o;q@toH=!BR7Fkx-LtUvGL5ZE z9-oK_PFBu3uaZf+OvP-aopXOJj>tJ!#@cdewMQ-F<;(H!QMx=zFjDTo4U1xA)Y8kb zrI#EkdB(U_{U6_Ur}AikTe%Z*xg$Eqa{JNRA2O}db=UjeeD!R(rd8=$hCNz?$=LG| z>!_-Z{E>oer*UrOLQO7sOQ!B&xsdEmvEE8WTY*MNn$h;-gW14z5JIOSK_rx^(SQB? zGn7^JA!oL1tiAT*tGL&s|5W+TW`NMe#ujd~xe}aUa!w1T?m98)R;(KC zVh=O7;j5@l5gN){#NrC95qD*rgJrF6I=WiF8A9r?lEvy7d9;%^w9>mgcd*BZ>p3%)ngrKhAiWb$JHs0E-?i@A31 z)h15FqtIq6##euzem2l|1l432L8H>&S_#Kk<&(!9&1JvVIAg`=ir-0>H5)5`b>|&V zh)FRTd?YPJ3$|?J!h)&WSqnM0{Nt&5ufVmjo1!<}hgw6+2W&E( z@&=W2BfJ0`4DxXsLai$G<`^wPXOdcU3^l6z@tLm^;9TdZ0RpPvWL-QZ7Ks6;>koOw zYKO&zIa~C?d^rB{@tcMw4-ZXjvF_hjFye_U0%=tUhY>vK8DJdc;K-8*jTn#{QEFiu z9G@H8|5G|a60DU=+xc!h(`CBBnHxXgceg07jwSr*F$hd;IZJOfTpAg}qBRJAmi&D% zs|?EHxFiSAERb8|c3Zt|HJKX;wrZ1Bg%ofzFsd}g&Kg$|5r14yj~Oj-NwbWKit4uS zcF=wdA}lAXdT|U8%#{VyN1^h#WGa+j7#c ze|Y&tzsy*oCb7b0W9%LkzgLvQ@;(=%MQnYUVfMM)c;ly2JxJiLVRhnDKkZF6LIHQ$#6g5nf zD%FZo4uBS9p&kQGH^%ie)VthrfL^QA@a@U3Aw|F>WVdnzNU1W10XRY7FoyA455HPU z22A?9@DEh{`amPnOn>L`;oveI(Ve^UNqmtywly*aIS+D5DB9l73vD&u!eU4FH89~8 zD_HTP-LB!BgOpV*3U3#KDGNJuteo_iKArFeAn%C(j=)bx5YU1F0oMJ&I;{#PA5Ks# zCn5=ne@*h6ZFtTN;?C(RqcD!Wwy(6qI+zp!hjQb@1DS#k6BvrIq5C=>=uvtXUKIaT zI4%Kc6jlb+VOz3#`FpWYmm`}ro_@Jgo*WR9oj^cYA2_WtzUy``Q!P+e3llvPKrb!G zL@)MgLz=@vF3(R+s#6hq)<`I38dinH+_-E*h6#kpVd{HR~nU+$wG-e8Ub6RCH^3uF7jY0J6AXByYgFgmO`HP{E;~Kif_iS^DeRpu{UGQT-{u^~Omd7Ev# z#xDACURoSWWMZCPl+!Tb$ivdi=8Cp4<7XMpeXVYLB){G0SMHq~ks!ek%L94raQHpJ zY|oa?-$U$xA(7u7onq3|zg?+|H?TMSi%j%4M^W?Ji_-mX{_hPE{J-XSe`AdQn}3`H zMwKG>JG+5ZZEj4wnC|$E*D_xJYhe91-w+}2cNyz9mY@6fyBy?2tP8^VtETw>e*Ayf z@Bgpaf2PYLrYa#-g=5tytN-!c|Mg#^Y8lt~1O%sfJm)zmQYuxJK4(eX*REn$dPPaj zdUsTvgDv|SlK^OO`S-X8yka5c{6#shd6~DROfVrTVU-P!+F77vVmbTT{dNX8Nw!L& zSTAR^75&KUl5FLxu{wAcUYt*mt;sA>O4yVMK%oPT@Zg&BrvCY`>i zIu+AVj`7qQNVxOy;Jd}viR{YjC=0vE4Md#BT6pt}R}bL5TNsd{9Wb5X6gi*N>Zo5B zQWP23r*f7&Io@n=u&)ZqY9o#B0%tPdmj)=MBb0yYE><0w&7gh~%UJX8=4!9M3mzcc zAU%Ueb+fg5Y?dTC9vhPZBO!`%f1sF_wQbjM$^@9!)y_&P z%zG%^097a!wSkFzFq|Coso{hLD6xFJ&8pt5wNDpF151eEG|>OtmykBwJ>mGHJ5uoT z36D=bc&2WxOsz7{>TaO@LdkDMPs*bD`u7R$a?bXu4rEu=S_C@b(?rakSxBe+ZkP2s zG@)83!etZb{3`I2s%kT4kvVUb;b!Z}VNRh|t$Ntzunb_zdpKm#{W|TOFPYyi4luD< zBy^|5s{*BQNAula0o?% z#D8ZCnj_9(v9se#nTZ+5Y8T^rk{dNJWvl z;MtsnGRddhZIO+Mh%3?-`u&a_*H}QAV$gY3pR=qZA1BL&Qo08^v@9%1lETA&>}P97 zUWW9UfP2?M=Gp0D20`shtlVSU_4RD51A#gKn=owcbx}s6Tw8@jUzG6X7riiny3Arn zwDV}^!PdMP=yI${eePH9TvX8u^bAY^N9N$lfx=*&1c4Q*I28z`E2|glu4upTTbSVh z$*z+6?OC%Gi=O=SgS-vbNcup-!?eo# zsb|!{2i|77>+gSAaPB<=5C#(y@`I;`qAQFK9TNFnic|VmE?c2L%TH32^4m`4ULEgA z=8d0#TMHMMwFHxHPe4jK&r`=G!U@^}=bN|YzL+!~zuCvx1bnj<3#$digMDK_LP9s> zpir+?z4+^r_0FN7LI5EJN!|66o}X^5KPXXK>037$By;KRx}DS?Z^U+S*2+z90wVe5 zQ_r?~{<~A>uguq7H;yI(+=zQc1$S3p$Pv_*$ zMSr((9bQL(3UWx4OGi^C!oPFrSpadzpp`JpdVHNkOUXiFKU*f~yLF%JXT@|TjlC~o zSh`*7;oN(px*kQk4jtL$&XC|qm(8c!&GX?DZUqqN^X-RGo*ugP?@oZ!V*l^9&7gHu3N^5k7n(_+9g-n#95@d zY1f}@%L=Y!MPrFhyFho=;%p#Yl;YWbgVWU#Ajgu4CDXCthjM)V#qEV2$=8U-s-6MX zmRPyy=n#+vm!fr!DKu!%XHrO6E*$tk`&1hNo#w!5`C!v^ZlG{N?zEm?AwuWA{HaDX zM#y>f3oo}hNJk{;9s_z=nb>?aKW8d_+d`TCKiZD>PW*ktR}Tptv8RH8S9S@wCra3UUFQ>Aj8Sr4vc{CP=qd^60VuL zDMiZ+7_Et>h|kaT2EW#x2p%b}3@*x5ujUu@oJ(fZa{}2D{m7Cg^r*paI5Z`!e91{&|d`y_y%Z@K2RAy`W3r|;tn&8Z% zyhZdqoun=v-82yq!4%0{U9W%irt%sIG9U}J7_dhoQ%L=Cvgox*9j{i(l-!nV@OIGtG35Le=%OiUC&SKJUDh6QPcOj=Rz6eb9RRV}DF+OkIyQ6ak|Ks*L)rZ0t@mOmap0osK3L0X|V z%WGIkN*3hPDxr1zx33NZMTmZXG*G^kjCOdM%mheL5L!5EkLX|XhyuaB5;`viw#%Mx&*1-A(y*5_>8?XJUyG)$K%Wc#NMi-L zG1+~WRtvn21uTuX?(63oPp3@61l0*dLWXh_`7w0&v-QLT&6lQ(_I!XI0fhVU#Qay$ ziMqh~*09)JD!zoiA*G~)>wHOl-I+`0wr8L~9j*8jt3XfTiMLgsd4LEZV;^krsfDd~ zpIaKNIDNl5I92(y>BJ|&NAc7EGF~2g_6p0~{;${vpU#c1f|scnUCqjF`<9caVy%WE zzm0ABuGa(3At6>Fq;Q!vvtUWRym=3605KJl3X@_Srnuobpn+Q{Bx9V?cUZ|zGCV?o zBEu^Euts7%z7&m~`4<2Z2fr?x9^}i)C#cvl_>dDFj&^*Mr#_pI2~eHF-~3 zVcSBcY4aDUHO`AEj=firIMOpuXPa;F-gIlZCX7@0<2^%I%u-J>e$e+nFno3cy0_f8 zAkOAkG<99Lut+XdNX>%&dWB)*r9?hx617+NfO4H{Z}iHRJ~7311yjg0OefvRC-af? zWvOk?&{f`ysQk#+x}$acWiqQ<&!`v`=iz;6JSZ&*WRcDTEDAF3Ns{S^x}WVHN;z1n zl!+~St&QEo0s!~jRhg$d^*G&MP5=qLOt~OJ|EqhB>=nuF#!5d`XgF@oO0Z z(*sz}2KRk6*rr@8R~NEN)`xvqh}FI0a^#QjufJD#iq zx6ZDh;WVh1gGv`mL_tBKn>SIAj4_PQYH-*}3qJ_aaJDU5GyhzfIjV%q@sW8-@58*x z*?WP~Ad;k-H zk8`|a&f12EU<>QJqWQ(}EmLEa$Z)T1m_LM3zmF$9gtQAvB5b}S$?ZAMB%kFgE7Use zG$p!|C4Rhjv>zmOxJ{a6RuH$u!zUHpVj?)}e=CDzdH${c0`ZiOL2>n-cJ)#cBopvC zHwA<`k*)5Fx*CviYFD;3F97svF2EpcezlF5&^+<{t!6}wh;j23H%t+Kwnd*#76$hR zK$oYcAl(O~)+g{bR}6eYM;Yz94O5jec*iR3GrbWLm4b4sSWT6iKV2TGPBjJ=+K^_H|~vZ*sM)>V**? z?JZ+$oKf*PN37+VQb#8kss473qI6qm{yHx5Ytr?bF=h9jMYG0HB(9$l`vm| zk#JlvDeF2H^QfOGDw08}JyEYWqM*1=+2Vyh+#OEs^=rUk8_;2^d*F2}Nef9i>>}B9 zh665-H?*GLm!h`!XJX$Z8h0xJ!IqL?Me|OQ6uv}2-WUA`}1bnyr zxgfs`d``0wlAr%zyuz?0^aO{`e82TWAA3?&1VCYVL>16;$keFAVwdbJ;Td0oe68FH zcTM`(W&3VgK-YLbr{xExq&_ZQ-&4sVt{(J@4BglE1GIiG(@~rKmsh|UB~@H~WPN&U z!nffX!>+?&O}6qVfw}J4+vUqvj6w~269o=fd0d2!M_2zn@hr>8jKRZSLqk21^+Rip zes0q*lh@-xokwfFqT_^}pXotY|0nT<<;<`cP`?fWT4((-0BnBlKpt>i`uFt$GsGew zT`43FleJDt?wJ^^wFz~zcVQ58%1Irk3>wwme7-r5QA4;g@jOYR`$>m`PbsR7iBZ=g z9%%7clCYbPgvO60-HJFlX_%Q8=VCd{!ID?0k~8njXV{%flO`dQa{`pAh5Vd{ z%zGA+?eIGyJ~gxhu0ZUu!3;{PE=7BU=4TsDo(~d*ob#Ee{M^h@L!aeiGs8s8OQz`< zU(TOOW;mGh-1Puh;O>PAsmHWex#N%PZVR)4*(eEeYZ4E2X8jERO30}Gt(>i-pH*o> z&cTl%Q@VhK{fBlClRm?rsJ=H(&9+UMl`C_5mDis~)u+=4Ke*dSjp`=sZVsJKG8G}0 z77D|kss(a`?far95BaB@qCsz*rtLZ!6s%|QQdivV4sHAIQv4i{5-QkxADOvOP|^^I zWNN#1T_aq59I+$0`*`dqTZoLj6gY(>CD1(c=3kLlU0fZKK3ga~+GFmtl zYQ%JWa)5F2^n88Nhg(P;i%+Y! zFDZ^B8c+&77IHaLQV%^Ajm>AxVd=^vamasPN3VS4tY6%Rg!t)+w662Wh?2HzFWC3o zU_-@)AM7g|3cX8FdE?$0)3J4iPiIP6r$V~=ZqOy-(pcW5J#a;wFRE&lLiO;6s~6>e zZ^0DR+CH`$Fs|NFgz#DPj%ppaO0Y(A7OVVFut$#jbmzY|a2j~mMWmP$ywXN9%1WS@ zt|#!I=P-cEwjF6{&zxIdXjhnJDv5|=zt$I<6}(jPbY^UD-BC>UDvMFvG&ScHaKOatKG6PD>F5x)FyS8rK`*dr_!8JbD0W) z*kqX#WvLA!<&ZfbhO-DXD3qq8CgO;ohB+Z30xED`_jR3Y|2ey$ z_j5nrePWUjmXjSJ_vcM>*x2bE=w&1qR`;cySr|Xn6LXtc@V!rx8G2U*I{mdc%H=&TumpmQIv|{Lb%B?f^2gXiR`Kyh}hCe6^hEyvVkWicKa<58- zYmk1GXWkcd4`Xh1>838X=;2S_UKHm0-2+XMiWg_i6)U<#hQ3X+Wf0iQG{f>K)6b?bS}$k?p-$G$lRcxVWHfE*>85 z@RPsqJLk4PDK}TwlAdu*<_{prFb&Hy0x`Egf{RcppkN(5 zVjwfDLGVoD3 zZV8m0S)Wh#)UXy87tQ4+=nrxexmfzi2I5RZ=n%0Apog|1lBoUG8-0?I5wWM_tn>XM z2aKj4E#2!nW`3zfPoBi}fm!wYT+po}jyPB}*F}yHCI-5S5;h~IItqiTr&Mk@I9GJ_ z;rw}FVmObwu ziC7TSJV?a#S4U`XuMWx7#%27<42H(ds5G+RTrYx|{^Oc13;S|Px#KcVj>-zte@w<$ zgj06ELM;aGxHf#V^ir?+nNU)fg9VL;k}pkRysy2JbpP6;`(Ko+s^6<*I)?Un?v(-E zzjDsFySuLl*>`_?PDWpP7k6APOB509u8)7&HHmkv4QC@l$S>B5edUtNGXwPo<2TnO z%V;+SmALxL#O>Cyw#L|-ReKy&WvFkTpFT>g74-(Pp18oWJR<4~`&f{STy{M-w=Gxs z$3}`#CGl5IkflDt@2+Efrgfm5jsIzzE0nxh#~QDobHB;BZNbMlFizQ}8A z@kGY0Jl)is{Rfq|A3dN21Q%fQ9d@PF(VFYerwQxK#+XL> zHkwa$j{{{D{(B|59r%v#2&m(>-g>W8I2^VfWwrQmx53qq55xdz@ExdoV{rMn9LAP# zIUn=W_j~%exwzN+(I!+MX3z6!+O+9fVOl#TL1mrxUmq`a-&C(%=nDUl97g=(!^5wwldVSBXr-p&HXe~>^TM4JroV?s=&-Z0p^+QSLU5x9QQ3Z$j z&qsznGom}~9ub5N-5*T)p_TqtGywBxAB5DT+G(Lo*KUaW9bp|z25JJH%MyAvZS8jG zgEYq|tGT2P>ZA`KYNNirxrS38h;1wJ;DLSV9%9cGM2;l}qGsQ%^XsF?Q~?doajK?2 z++Oh`V5Mm1vov<@zN?JZmd)Pdr+h%W?XPRRCR4VYzkFBoP!q4&^Z)_v_VwiXXdnF;bWgpv;XvsWa0u}I$z#91!D!OCY%+%`L^kR|%B z5+360Ap&)uWvp0OTy&^Gl*Hc6DJRY(Kg3hCXxM8fq1D|ky%Hr>)cX6iVLgXram}jk zo0b9PtA&j2k02ggx(mi;sP4=z_oxHJaew}N*QxcQZO^0!Q}>s}W3A!|Hx}+D@^unp ziQ=dOvRD%!*Q8;MLY{jz-;rmmtEb<}$alb)_b%b~;rBJBoJbTRjP^J_&2ir0=%-Ja zB4`+gT%B?i@9FW1ZT>L-;~2kv=2z`pQ~tUvRWdfF1aY_Nj(J(Q$zO6LJv*~#TsVXR(wz(- zFstb*R#RcNmsZ;|oVsYp;;>R^k;23VlOdIz<_D}Vlj>Ap=il`jp)Zl*;1_4FgJGqZ z3~B5fVa4h3yx`Bn8-hLK+p6Cz%@AoU`9f_ScZQgMfj!jYl@Nb@VnA2Bn)A#gLJMT; zryjTGVx0f-W<(XpSXfk?T7eW`OIf(6^k<0wO2ZS5t813*H_k|6ASPxCm>=kj3 zsA=12Y97#sVX@;(1CM(;g@TO-J|l)nA{)^Rf;P*>`wI}@Yxab*-+H4|bMZ`}t4kc! z4=r`xA#L@cKG=18B$={ocGliLzbgwvXz5YnVQ#e+H%Kg{i#GJ!bqAw?r0it#{k^#= zffy-G!!Q6ETz!o=8Q{*zhz)0|(uYGWGSod*)Oi}%S;eTPsA|mg* zy4}wB>oL>KJ)=O9$XjLHk^We=whM7imFo21SlUkW`R4a=G3d#NIs*_kVbTPPXTcN7he0Vd$P>wGBU>_Z3!( zBSg2r==zSTrRr7ilrUH48t+9I{AE10FuAXIaSlXD8n~lFraZ68c)*P0zZcL0ook(h zVL$GnAdYYYQBT_QulEUaiZ>?+$t~|=*d{E;!WzB(dE@*l(yJAt4&&UXRbCcyI%Pl| zOY`7YP(7ktVaui<$20J-T{(WItGwBb}w6_UZ^KYYH5! zgEr|zwWMf;_PvOK)}y4zh&CgDzMGO`@j*k4@az3ibhikS(08G%m%rju0VT%<)PY8F zqUb3Ah#3nkgRhxi;Lvf+V&pBp>&y0e%c!c-rf>V9v z4RDoqq&VSRN9ZeZ?T{uA3A6|1{17U7AhLsmh;_zMM(*H#-1P=e^GfKCM=0F*2csq7 z$3+DNx6}&b)vL!hzh|ueQn2}($C}ljD!ZVoTdeTso&Wst|73A4_`PRrr98=&rY}Jq z7KjDKKAHZM{30YqdMG$97`|Y!{D?#QX~$e_aV@uyi0b+T=$U1X>{IUo+d5oxO+rm% z4e3iIuPs?Rlk+%CH2%eOt#;R*5PyVHqe;B?RCK=`|IDZ5AXXk~KqPQ^bH21%kiWXQ z3VL|kOEoA-ekW3oGi0E{Z?CGC4E^e7jVpH$pNLp`+KGtv z&ow`f%Q@}ej>}i0|NShr)dEFe6F)48NLw)@QQtm)Lag5IMZne??=!jwknLs(sbRIf z4UkDjwS7+H;&%hzrli-eUw^dwY4uso?-`}90mj+!(vQX@I2D!QC^BUZVA&=EF8;2? z1(I<~YpdWPOBv)K=}r!2X4F(TuzQ`wPF&cGM4i(pXh*NzpgBrfU6DU4fAhfS0l}^& zP!`w$dVuJCYi_S??sBx=3S3siKr|O)05oWkqoNNWVA!!@9v^3yPOQEnZ=YSMzK5eM zPL!I)-b+$;2+OJ#IR>kpZzU%Y2n1x)Twx?Gg#NMJ115{8Dfw8w#A1}e1>!M%^nFk; zY0{I!Bna0*&D9Yx{xHrX2wN*BsOq6(xR}Al*fFHLsXhja@;Qjh7Rf}?%eOaxAP&-; znvwCuIswHniR3hy&fbuYEKZiE)JJitnAm~M7Q8Ay&ucQcLBvoa^jt=bPh4=y1E7ldsxK#FtPQ}s+AZxQab61H4NWwYIbFp6-guQSNOA9g{}H^iGp-=o zU7Qn$fd{ZPo#r;LPH(o&ZTiY&G{b#w?!GXMY}=GFFP9)*Pq-F%)+f6IKAI+kyxu&4 z)Al2!Ct?P>cPZZC(y{8Hcv8$)pvuDY`rVm56HB*@97!{|I?~e8nxB{V4-1!z7q_T; zUqda=)Kbziwi$9}KcJI_XxiG=1JKI4rE+4PD}ID?TiNO(^^k62Lj(~QF<-yX#{_B# z1Ock5+l4>6)v*bXM5?~RGcz;!K$w~O&~C@(58m6<)@d;f(=Ezfje;s-as;%>k#-B- zK1e2!xopyV_0bdxq*prIyFg$~ke*VOo-qm^FrDVuN_d&Uc$4Jr%%pg=M&dBsf>VX3#3EmexJk<>gvyP0U9j3WSPiVyDWyq$KuimObR ze4qm9!*(<0jygHq_gGqJ`}OmhbsJMb);yM9s`6aE(PHY!AU?FVy!T12rE<#xTH1{V zf}vUNEJE4mW1X6oeDTNy2t?C_^_P8)lomx;@|-KOR?U?^3<7}O(T%HfC+iyj0rlFZ zI;QHL$({EY|A~NK9Wacf6Yzn~IbQHRKEr$;18D;&;k!93nm6v96x~5U4q&K50wD4cnqRK{q@I$-kKB#+`&~oh=yN!tO{X^h?iGvAKsGK zT+)#mvwGm8&xVvV-;(J1vhES*HPuYCQA3M?btl@@*wPv?^)XaFqG`gh|i? zp0fnjSrEj0eW8pv)BvYx8d8p!2Vj^CX>PIQ2@cRZns)O^Giq4Q$RjNgM=PLoY`*V zW)ad;j^R1G6K>7d>LykLp$7jNQfRHM?h+Ww-#0g z(o*#UM=kB`yD?7th~OQ9J7$_ik=svA*e_jgDe3_9m7pAKPgQW28xYXV>$b&lp7^Dw zf$Dm3kj3)sZbC>uE6W*Ux4sgzC0c=U8r=Xk`+y0^UcSR1AzDF;{>`|)zL1I2yBIxr z(w;rZd!(Wj4l3J?^PTo9ZlJODECg*rO}%dhd_+xuShmPzn@PAQlHaT@@y-OhVh}UM zWFiGMZ`gOY2gK`^4VK3fpB!dmo>;}lF>1|`TLnRkM)_`#wwN^jCIKDPSryFisSO`w24ds=`nXscu6AGxsC%|As-NXr ziUunApY~!$E%jbGU>bUP+{DT9q)ZHLSt1w#-DV{^84<%d3dSKr%b(ym2;RIEdt?@o5lsbHrO6lBR3Gg4c`lOc!78{+Da@ z2(LFoE%mdSz;jie*M@B`%3YjXQCmj2WU4?MRLjujf4zej7fypI9Rz)x510sE{M3r*itPb+na!+rh~aJ$&k^jaH_hsBpLNWShMG{ltK)m!wBL>4Q%K?rsl= z4jyYC4EO)`ket#VKDpi6Y+fEfQ%_%#@=)5KCk)VU7SNDtMuqZEThLts43M5)<)2|{ z4Gxr)LLB$=)2);sS2bR4-B2E*p6_Y^nkJD=&t8Hy@gHNX2?ov3st#LzwqAJ>D2FrwbYKSniCx*6(VWiKLuf;~xrNeh{c@0UMS9}B zJ3z|aQ69epTWbc2cQBm*bt(0diuUlaK*QJoq$X`HgeBkEJr zc0N!1m>mcv$tVczDF?5E05<+|oqF0N{7-tFbiu+`&}KrXu11V+O$uH7&zj={*2(FC z2DmH!1r1HXN3z2Qj2fyTn>HQN(@SAHkyG)L-R%pHHh>&*WbLH?mBGHW1Kk9oLyz+=*&SP369V_8!0Z5T|JXw{Z0um-n^sG@O+ySKc`y}r#AfN;dMkmX(O;7)gx}I8ZQO(5F5L~1sU$##`Gh|3 z<<$w?6VccJlsH2<>(^CX>WKL8o)1Zs75Mh`@bhiEKQLF%xq@D)i~kAoPs2D~4x;~6 z3##xs_@@+7K_Pk5&lmTdWd0PDzWCd}=a>Ka Date: Tue, 19 Apr 2022 15:48:58 -0700 Subject: [PATCH 101/540] rm v1 schema list --- windows/deployment/update-compliance-v2-schema.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/windows/deployment/update-compliance-v2-schema.md b/windows/deployment/update-compliance-v2-schema.md index a1cfd4ac52..7117c198f4 100644 --- a/windows/deployment/update-compliance-v2-schema.md +++ b/windows/deployment/update-compliance-v2-schema.md @@ -17,6 +17,8 @@ ms.topic: reference When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more. +## Schema + The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries). > [!NOTE] @@ -29,15 +31,3 @@ The table below summarizes the different tables that are part of the Update Comp | [**UCServiceUpdateStatus**](update-compliance-v2-schema-ucserviceupdatestatus.md) | Service record | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real-time. | | [**UCUpdateAlert**](update-compliance-v2-schema-ucupdatealert.md) | Service and device records | Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. | | [**UCDeviceAlert**] (update-compliance-v2-schema-ucdevicealert.md)| Service and device record | These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in WUfB DS will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. | - -## Schema used by earlier version of Update Compliance - -You may notice that you can also access the schema used by an earlier version of Update Compliance. The table below is provided as a - -|Table |Category |Description | -|--|--|--| -|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. | -|[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. | -|[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. | -|[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). | -|[**WUDOAggregatedStatus**](update-compliance-schema-wudoaggregatedstatus.md) |Delivery Optimization record |This table aggregates all individual WUDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to Delivery Optimization. | From b7c1e692ee2218f83369b4cd9c65807fc87737c4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 19 Apr 2022 16:18:24 -0700 Subject: [PATCH 102/540] add endpoints include --- .../includes/update-compliance-endpoints.md | 25 +++++++++++++++++++ ...update-compliance-delivery-optimization.md | 1 - 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 windows/deployment/update/includes/update-compliance-endpoints.md diff --git a/windows/deployment/update/includes/update-compliance-endpoints.md b/windows/deployment/update/includes/update-compliance-endpoints.md new file mode 100644 index 0000000000..efd6a07a2b --- /dev/null +++ b/windows/deployment/update/includes/update-compliance-endpoints.md @@ -0,0 +1,25 @@ +--- +author: mestew +ms.author: mstewart +manager: dougeby +ms.prod: w10 +ms.collection: M365-modern-desktop +ms.mktglfcycl: deploy +audience: itpro +ms.topic: include +ms.date: 04/06/2022 +ms.localizationpriority: medium +--- + + +Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data: + +| **Endpoint** | **Function** | +|---------------------------------------------------------|-----------| +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most [WaaSUpdateStatus](../update-compliance-schema-waasupdatestatus.md) information for Update Compliance. | +| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. | +| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. | +| `http://adl.windows.com` | Required for Windows Update functionality. | +| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. | +| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. | +| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). | diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index 6ac4bd6dc1..ded5de78dd 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -55,4 +55,3 @@ The download sources that could be included are: [!INCLUDE [Monitor Delivery Optimization](../do/includes/waas-delivery-optimization-monitor.md)] For more information on Delivery Optimization, see [Set up Delivery Optimization for Windows](../do/waas-delivery-optimization-setup.md). - From 53ddf2e84a2995271e9d829c84e31a21c66d661c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 19 Apr 2022 16:20:47 -0700 Subject: [PATCH 103/540] mv files to subfolder --- windows/deployment/{ => update}/update-compliance-v2-enable.md | 0 windows/deployment/{ => update}/update-compliance-v2-overview.md | 0 .../deployment/{ => update}/update-compliance-v2-prerequisites.md | 0 .../{ => update}/update-compliance-v2-schema-ucclient.md | 0 .../update-compliance-v2-schema-ucclientupdatestatus.md | 0 .../{ => update}/update-compliance-v2-schema-ucdevicealert.md | 0 .../update-compliance-v2-schema-ucserviceupdatestatus.md | 0 .../{ => update}/update-compliance-v2-schema-ucupdatealert.md | 0 windows/deployment/{ => update}/update-compliance-v2-schema.md | 0 windows/deployment/{ => update}/update-status-admin-center.md | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename windows/deployment/{ => update}/update-compliance-v2-enable.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-overview.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-prerequisites.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema-ucclient.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema-ucclientupdatestatus.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema-ucdevicealert.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema-ucserviceupdatestatus.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema-ucupdatealert.md (100%) rename windows/deployment/{ => update}/update-compliance-v2-schema.md (100%) rename windows/deployment/{ => update}/update-status-admin-center.md (100%) diff --git a/windows/deployment/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md similarity index 100% rename from windows/deployment/update-compliance-v2-enable.md rename to windows/deployment/update/update-compliance-v2-enable.md diff --git a/windows/deployment/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md similarity index 100% rename from windows/deployment/update-compliance-v2-overview.md rename to windows/deployment/update/update-compliance-v2-overview.md diff --git a/windows/deployment/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md similarity index 100% rename from windows/deployment/update-compliance-v2-prerequisites.md rename to windows/deployment/update/update-compliance-v2-prerequisites.md diff --git a/windows/deployment/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema-ucclient.md rename to windows/deployment/update/update-compliance-v2-schema-ucclient.md diff --git a/windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema-ucclientupdatestatus.md rename to windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md diff --git a/windows/deployment/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema-ucdevicealert.md rename to windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md diff --git a/windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema-ucserviceupdatestatus.md rename to windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md diff --git a/windows/deployment/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema-ucupdatealert.md rename to windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md diff --git a/windows/deployment/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md similarity index 100% rename from windows/deployment/update-compliance-v2-schema.md rename to windows/deployment/update/update-compliance-v2-schema.md diff --git a/windows/deployment/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md similarity index 100% rename from windows/deployment/update-status-admin-center.md rename to windows/deployment/update/update-status-admin-center.md From 5bf353d2d5e5baaa9a3e7f3f2b0f8d3c9039e74d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 21 Apr 2022 09:36:24 -0700 Subject: [PATCH 104/540] admin ctr pg --- ...37063317-admin-center-software-updates.png | Bin 0 -> 180898 bytes .../update/update-compliance-v2-enable.md | 3 +++ .../update/update-compliance-v2-overview.md | 3 +++ .../update-compliance-v2-prerequisites.md | 6 +++-- .../update-compliance-v2-schema-ucclient.md | 5 ++++ ...mpliance-v2-schema-ucclientupdatestatus.md | 5 ++++ ...date-compliance-v2-schema-ucdevicealert.md | 5 ++++ ...pliance-v2-schema-ucserviceupdatestatus.md | 5 ++++ ...date-compliance-v2-schema-ucupdatealert.md | 5 ++++ .../update/update-compliance-v2-schema.md | 5 ++++ .../update/update-status-admin-center.md | 25 +++++++++--------- 11 files changed, 52 insertions(+), 15 deletions(-) create mode 100644 windows/deployment/update/media/37063317-admin-center-software-updates.png diff --git a/windows/deployment/update/media/37063317-admin-center-software-updates.png b/windows/deployment/update/media/37063317-admin-center-software-updates.png new file mode 100644 index 0000000000000000000000000000000000000000..1a4ea20ff5ef85adf39d5e7d5096c94aa4e229c1 GIT binary patch literal 180898 zcmeFZcU03^v_FbEwxBW!h@&FTs7MtHMOp$Xq97eYCnBRr2`E({0W64ufQ6#8&|64i zGyy>fqC!Rx0-*#$iGm?O2uMjn5|X?x_x@&_cklb-{oWt%t@YOZuEl}?Ioao&z4zJW z^EnUgZ7sKh_JU+&WVTks>G`NJyl;Fbr6x72ByzpL{!ZzpLV+;OQJ29uu+fy3{ArGZ*W+jlB(>WsJT zz}#84Irz!(O;0XtxqJBY))$|g>m}^``o+NxIxD}%D9hQU5XM0AeI|V3=EH4Qyh1Uf zFK>K%Kbf}A;Qr*~Bp}>BPtP+wJ-s9_QkdzaOcNaV=l8%5vA?a?`1k8w98gtHkooMu z!3HFDWGQC)ruKA+(e~}zZ-%DKD1FKr@Mv)~#fNeFqDWdtF|dmsKI(8Xhtt=|J=!o) z(mXZ9s+{I6!fS|p*3;!T9-_c74x0PrMYymo08%im^z);l&Tp4hIu<E+|E~5b4;kNSN2C_4qqA5mbrz8(#>ortKvVxC1HzX}nv4!@J9>Dx zm$ZFREchu&QDsnIU`qHzfy;@aKMFqEuvZ=q5k9k+9pNT;_c~v$4Z)@j zXxBV*s!rEg5=TSl@;hF$yRvBS>CAQy3?;qLY1S*shhZ0@qskyhmyez zx(D(Z?@+csM~vtCBS>n$nrm%2OVw{*#9$!1twqhI=MoO!jU@T>2nL5PHa$LwBl6=k zb97;~mug4cMhOK2cmzD)$9+y#s9&8)FW!x`5WvASkILf-ym5+OO1Gb&0bHA29vKWr z3}-Suhci1khydk%cR4Otzo0__QY+EI5WcRxy?t;=4USa9oHXXeEs%fCqNgvoUQy$t zYNTGTQS9>6@xcD7!L9BxrsN8ny!W|!LGNE(?WF$_@__e?)6X|eP0uLW<89mAwmH_6IMlF3j>MgB9scs>EL`Xd># zEqwCxbpLZUw<9CiEb01FmpsWGZ*#@u{b3hA>%6)-O?^3wc1_A!nopm;D2|rB%h1=m zCtsO-W6JZ)p0}Q#H}@dbiq0@@ip=pgbTJn6^0R5JhVuFC3V!=rYs zTP^qBJU3u=AIqa!>m=#KFQh8o)zErAZVeMUJ_nZCu->mxx9Gjkx}xR|-EXl&zR7Ki z{n;+)_nHQbT|V$H`t|$sMuj_qzTD4o(mo~_{uO-7(QsXn@vY@v%ZcbFSW7&x1N{@5 zD@?ak{al&AQwfsQH|i@zyEdw;J^v<;S~&+SNwtEr1LZQP+SSY=@4)K4ige@+i|&-+ z_&tTUD5Ce)G#|#^OTGS6Ju8hF#eJ1+5$L!%O%<6b+c3tG@|!>4`Hk0 zN(+%kD#ltBxcz(Wi$6Krlmv$6*}MwubmtK@JvXQ;oWqO!kI9Op6pk;og|c-6L)UO} z!xU-RNCnPQrbUk_Am`WpGj7o#YEjDE{!71OaH~HOim`t1*a7nW?fb^>v491d&fCPaIa#RvfzZTb|V3R%U9)0mP5iLDzU)ef_$Sy45b8SM?p4 z9si6!tCnHPbITvWwS7xgIdJXsa|c__9@B*^mBRLjFIRJth(Wabn%FlbbFB*Aiyd-# zCIcT;pXHg&`!m8hTrt1pr=;(?uh6`sxA#@r;R1|*yxY);>2UyU+BwQ+NG1G*H^zb6 zt1cXMB>FolPK~aD6oe#^YdnEg5Iy!AmL!}B`)NT_hRYf$UO&!-u+woBQx{i*z^iOX zV<~*_&4r_G#>SsOMWR^vI zgBSGPt%KO*+1Hf&F!78lv%l^@%=ahyOqig<^}Ruhpew8Ri*Cp_Yth36n#zSGPKhWiGD6DT7Z93U;Eh2CrC(KT0vw3Z#ANVccn<=a^FgFC;ZgN0K+fVZC<0nB(|)I|91 zH==8U(7s@a0%_5^U>-NBll7${&heoT8`;G&g$MS72>2GwnXmg5+ykUIqT;;P~*bPrtCogv;s2w%3Yu(lOZL@NO{mMc{f>*b8 z@8J~|nBQ>vq7?9WS>bP0yzj2pApJ2%a_Ib{2V_vnn(cqkt{>Ue z2l~VQ@_jB#{knPUPELc0@JfJZLl{$^f4V#_eyPhK8MXTTC^Mh)0a|Y_V>8!iY>iA< z`Jj?MoW8s=k&%3gVsa`!yxZ{Ggo^Z*VZFko;#DU*Q$57EJW7o<7}9!Yqwk0N+lv#V zlHyPXsThwx5dx}tiGd2YH7!%Ezdf}+rp_YR?H&24kVVfYCkZYmZ~gchEc1aE1sGLZ zOn0DPFBic@!?sI*$Vq?Qw0*C0H@u~yqN1nLE{}V}sO&}($QZk<#Fm$~82U=34bA0Y zTdXChrQu-Bkm1I#Gp@ad>!B7sWsQ}zIK*S8t#~++2fy+htIKkLhNq;SY+jX->zoAs#=ZClpFve?=8^%rv}eTeo@tuOW@o z6*nf*4C=7Xy=168KZuVmD!Cief%lc}8!kc&v$QdR2j+%5|F+g;UQ z$ALTQDXQ+9NdaMqQSyCO&V9WWSkJZLmk|LC&@b`a1bfi0_V!88^T&5@x$*e~IWyc! z_e6;NihgVS_`{>^G`LqBhq&O@@AGUKC0%8GNK*3Iv*hf`a`fJ4{$Qi+^)PQP<}>u< z%kb-MTe8$|oQcC|{9eOPk8U~?VwA%h9HbgHZc1}_wra!xq5`EQ#mu5`by(|Gqi7*$ zN7}^+=({@`*C{yIC(adPJ>$Gf@j-oiB5kCr6ls%<%!Br-xKj3@cpx&!s|J0O9pi>- zRE0pZreDl}hs1SXvomM9pPwiNf;apzuQ$he)p3_m8`GSS!*4P}C#Xw3pg(wzR4+aM zm0T^fLPJJXL|STZEX396Lh4f0Q5EN6k$c8v5GCPXXUJuL+O;H5-US=ivI~9HcvQ32 zCCMj_FAz?28vecvzYg+kdH6fx#`$R%m7G<0Lm5f;1@_?jyn{5n>RZj;dkyQ=z&w0L zo1)4x{a2gpecbAU>zV3mW_*jzlq&3EMD4?Hj9byx$O2DXoBfN8VO3t5M^~b93HA7y z{6O^9IO81EuiA;`)BCyTPZ6?z;QdSSYH!Tr3M^@rX6xVT7@^urNLkTeZ*OiVg*ju{ zb&0z+?!G>9p0jMEhynTXDKoJhP7U4FMzPw-qd^TPG*BmPteKLN2j{gawY>@Hf%hp;E-@$ zTpp?S32VdZ6X*$WG8?sDT#@JIPSMI5{h$5d<))|Go4vD(Uwn3BzM0>CF>s^Jo-`+O zc_Z8%3qt)n*)-RQ{t6du>cOpcw9Dp-ps^lPd;0q05pcogNaWPciGL;_}=qCVb3x4{GLOSX~yFcy7f z%h}C2;f;mRJv}gTP|24&yES@$c>{AO+GUeo8JRVB?b#yeiW@P|Wo3i~R)PijUY!PQ zt6Ma0h90xOk#uKYSnEDV^Wimo^avY86H(oAQA&$X@x?RZ%vBm4NT z-j8o*1OxjcYJm;yM}HO?PM19!zxNjNwMbD}>%kdaFlL*BdQb7Lgkuf~dy`d{BIP2s z*QMN>nI74F`m&%TmgW-&-*0Wjadt(!eSUGOGSZ0-#a_U535RzQb|uf%uXkT<#^VEs zPnQi>CIXjh5icLCcZk49yd-bXE0;lWUCBODhm0bSj(GcDV%48=zw0j2D>@@z3BK_@ zouf1O_N}Z=({U`+zSC-5?w_v6=2zdQN;A@NGe6dCE>!JTy!0b26j4f?(@79?{s2z3 z)7e2`J~(6#+Q7LYUhzhe%w}TWxfVL7fmMk2E>Dyr%5$H^DJRpVOqk><`?PL_XGp`5 z?0|eD5|BMyX=pDE{{q?vI@r6X7BlBEH=yRhJiG4bG?I`7SqAM?Mu&2*vW&#beSQL7 z1$*$deb3#(N~{g7T7)%|jf>~)cb0si#Osee^O*9v&fH0K$D#zVqH>g#uhN%`=Vb z8c;j@EX^{d@ChNhsexU~Zys?taO>;s73Fyv4t6~-5R{gdcGG1q9Q5kC-SMnDQ9iNL zB-K-j7mAzjs7KTyWa~~Z{&lF+MrL`p>~5_G zj0K5UM7|6fo+X!?nk)VS)N=lQrgi`s=Mzq=sy)&Fsr-Qy(+5Kz0pDCY^^yhS(*3{!zysK{pq&MD9}CH-;TQVeS*p~pB0YIeeO{3 zYk#!$?q<1Tl|Kh9@(?L`qnC$SRL7to_4ey!@)0~PVbK*j7E8d@n{4+pefeWx6_^mEBW%Q3VsLLCB z;-=m<$1F{T1!}HW|L5OiW@oRMCCNR1X$ArkB^(Bi$9sW_41PO)*=%GuG?63)YA69q z;`*-F1d1J7VAP3RxE$Lg$WQw|2!#AG~!6J+z^T9_**VKi1Mc7SRT_pBlu;Rzp1$VI(Ev7nQ@q1}>G_PhZqlx$Ix zC0Hb2vqZ7970V4;aWpuJwGZitU+FgwHPNpY) zUYtGAiSS10G(xSFI5xT63vi;lG$6iXQ9QZCd2@ky5>_}!41?K;mY1eG+o;(&*{M3G zh?5tIgzt-wI)ax1C^;_(g}7(K)VL!g6PNz;VcfRGKBVjQrXTNR{o! zqb(5)jLgtT1nFX*kHZV55^<^4XDsMl|X%{d*1jxeL<|l(Hz*>`Fg^N^C(nj zu$#6M&FVxHGOUkLzApwkRNFa_>LL(Uo-fMcU~>k{B{2mO)Qh)EWmXq3qVEwWL@>H* z4N%P_XVHIS_|z8Q4nZk70+W^;ufk8vff7el2?9R7l3921BA+x8+EG8>vU2iSMRUo? zPMtuOyXjk19U9oRzN*a^{Ys)K(2yTUR0n*aVIDUhb$SU&V;_Mqoui~qFqR6~=8^Ndp_PFop8g{n@E<%nzqs|IEg_tbQxhn5{@m2{|9nIWZ;9F_4V z#@PPu72XvNLKz=R`pgnEe_y$ah)` z5NO!+{zBZu@B^-=HDsLaTEp(_YaE~tohu3~NRpKJiRe)Hz1>fvptD0`U?*&BtkJQW|lvt0+WF%xdqna?m}|?#f&2y zy8u`_zeT@6zvJ1+txLpk_ZSS9I+0JnI@jn7R#cG|1>36-g@OIaE8!RXDHFqGp1qQ?9f`AZVOc66%~w3DGwLz z4+>(^D<^aU=a>58sesL{#G^S*(8=;hjvMVgzh&|C5soFIu&zYp+7As#2vJ@VGk8A4 zWJr#(C+f=d2$)RwXy8q+q|!yJ1eC6J_E8ceP?VV!6X0z;NcM8g-C>CiXDdB-3oTE0W%!l*!bnw-yJ|47mj>pROs{b~?>Zag09Q^~T zGaX}xj|f5e!7*N zFn%QI@EDr+gZ0Xf?W9#O%yRS8q=A(a9O6(Y-m{9f#gBYXIO^3&9ZV3paW_etMOF`h zj4u%sM_WqjtVH4L=kwA!evRpB!|aey!J5T0931Q*+L2-XW2{PX8Q?Y+#L(f&+RxT( zIv$$@sN78}dd7+g+=7p*!cZk6Mw6lzPII7K!ZG7Ia2vG&nNB1EeY*uEB3}>y2>|>a zqGf=muDL{QjH(Tqp5imqD0S;LY$EVzznv($GSyQIH|qPd=8jr!Zf=L6Osw%nXsu6k zW4?x1E?c;hI&a<~?fG&u*PmnKaV$VZGE|>c5{8;rhvkXCPR_8>(}?(2USg{ldaANW z^aPmi>`(_H?(J?kPp+)of?G?1)P*@|>$o24;7`0XQLf}5O<`m;3}(v6#M)E299ftS z*O}g93Nvs$)?gHsUqR#}j5U{lvyjUaydvl%%(ACEBD=D60+dm<^JzNr}i{zc|jC( zlD&dpcP?EGfJugEy~LSZZ5Y)ETrjo|rfNkClM~;}&DocslS7b8m>srqXrS;jab4Ko zT_MrIwP{(*8P|?JpV=Ws2B6OVWa#AZF!6dHJ}XFm;I$C2EgNE!SA!ZOFWC@JG4B;Ze zot^{XMMhv6uXW}S((Nkw?Kuyr#F4WJ`IF4{iOwUO4=SQMN9VaEQ)bZXpuYwv%KL)+ zt~Lm>770qmJpLiTRKMV}1iUD1dPFdje(rx1=l@&9`A-}7j18?Nx#O=`AT%xg+Y(c5 zPPDhRSpBQFEi?5=vdV(cjue$BfYyK#e?N)PTKn6_SUK)^KaMtMDRpRcYiZvRAh859 zD#duaAZuLPjDqRgObQ=4j9($}W{i->1fs+7 zCeUk4N&Z0hyoe|aFuo|#0y19h0B=pc0L;lidU(caLo27glp{#|+6qz^qd zZAhhLxj{%R`xC|@v;uS3##gy%1r)~7g$evgO+KqODxQHGup7Qe_wOAm3%JPk06a`U z!fYR%8iY5ppd4c^AsJCxU`(^n7IpU`TZ6-PFI3L+SVS1n{Bw1{6xwUTiayB;;W_MC zIKYJ?3KR4jVtvXfFb@N!=n^F$j!};fyGVHwkNqfI5HnYnD*PPYdNI_|p|c1H_@PQh zmU{!l9|&IKG4XU;Dmay=YGds|>p+t1M1H8jY@gJuAlUM%BbdPtC6D*f(eumh&k0y6 zsSq&f>LZlOaAbvGdVqke zJTFrmm8FBpTSQi{2+i}uZVhFu3lP^U|5ZW338;@5~ zr~E)KaAq4(V^)*?bB zDt|&WFjg;L?qV6SqmwW8D6FzAXC!(_CC}#*{x^nZNa2DLWk^l9Se=4x?Ff${$r*Pq zhy&+`A5v=$86`7C@!EFI$-rDDbO+mKf+j>QTsmM#oO~!bomd}UHk*G1PGE^zv>7-a zsXz^5R1)q+nx`$Ei(HY^EBiOP!(@!o6G0Ji`wT)JNly>q-xm#A!8kY0a~^#yWL zGQ^4@nUsfXLTH0DK8NE5*Ym;i29wJn@B4<>k*xgst>T2?^nJ}+oIPtFb%PXfp>&I>g=s=g}c zEFxwnBZEk69zBI8A(8k-XkoT{yztS-j*m1ha*7V$52ejLTxo0oN7Qz8ha!yeCxhmJ zgo)MZ#QPiuM0&+4IQ9qXwD{5zHLMqp*RN9|UYtk&k9hwttzK|urFQcs%8V#X z*^|UA7*2)Mu}VxX4nHTzEif$*kikJ-6yu|i$8DSOi1D~4m=52iDG#IZi-YQKx_Q4n zI?kRH_Tcr6TNXGUJ8GLDyqH2AyDz6YiCiu+&X`9F=3wNkEBU9otUE2p?erm^e${3i zDQzVl(>$PvMzLYF*in@UwxCWOW|`SNDy#V#@MzSiG~k?A7#gDw_MFDgPp^C{l@dM zB!_o4E%D;<`&WSDaG07CBNlSkN^8DAe$4dxJF1nD8E6vDpl{*?!()37_BaUd&aKts zAV1~+Xd*l1fN`fvw5FL^=+++O%ebO6NC*Skyk28vQwest&E@cOwW6QBC^HU0__nLQ z_?-NNrYrVQtHRw)+d*q6obV?gqc1P+Y$XIf9Q*Zn@X*U!Dhgi3q7oU|i0#lSGw*5g zXVS~JbB#eG8~zciY7}T*{tBBe8c>SjxoGI}-$ZffZ+4vxmEN7>vS~??L4yRZ*FOHQ z@Om%Lqi)BGg=F~GudTpBVff}aaPRPjhy;b;+q;1A>&vzr$2b<#;{O?3<~pQ{7|;#( zPsq9pEwew~_OL8kbzZTemV$G!YvL5CIDX68BFF~q`+Fpr#B}__#eyeTZ?u!zg`)bg z4I3@A;v`>QMsae(Y(*HK=2ztztnt9zyPb;@LCvZgx&K*71(F#qy{fRF7s(%0I*_os z@J9Vg5CCcTmbhWZmNmd=!};p&8UQc(c8rS+vt@ljgO?{Nn!&E#z6;}R-|*xEsbup0 z@Jo9P!~Qh+IkCoE)mlB3!K`p+iYebKzh!{Ezm8^tos=VDyc$mKzxi=zWPxQcjs{CG z^${hm+t6XyoO(x{pple-N#@goa7q4!@v2~1(}d=^KkHAtZHr;#S5%OEXID)904Pqi z+v{sKd%%blTXDy8h*UtinU&K`_x)xf1psJ!yG@opht&Y3SROny&hrf$`?kYyv~#2( z{DW_@^6q0myJF9!Vx7#A$MFDWDT#ud3;*_JB3%~f`KCr@@t06ilLNF=(qrDSN~|zU zGV2eKH5j>Z)+A$W-Ljo@+3uS}G_RBMQ-{6%1&hpYYoOE*M4HdOyBdutUBpP{%r*){ zipYoc=VQ7~1n%IL}UhIP%u=6Uz@ODpJ3OYo4H<9`xCB>-N~#*mw&CBQItjD{3fQ`j3|Ow~D+F zjYlQZScS($Dv#H2AKz+UcWbcb+&lu#KyCnpBDmCOEc{0jSRp5kpGKe=WWq3EJp1 zMUN{TKtu1l!eXlP1Fg;Fb3cqmGsN#d%}dc?A)ol6f{>M^a7w#?TYq4AFf7EgG+J5y z{=FXq2b# z@g%j!XZ&d5`I-kOJqylAANLOfRpQ^IzOOEW96TUZLd%~plqrqe49CRVchm>~p0j1< zm5Yq-@5i`>;jbYGX}bYwr|WIn$Tve)exK^|Gdlo?^B|;WtZ4>=ME~GE0pl3bNZ?wwcwhi@w)ZE=^9G-I$r8%dYhlb7zyVB*%<;-- z$cXP-iF+5&ij=2@QF=PwYb5@yqW9 z4?fHB`HZ_!Y?cooen0w&9U3=Q6;0Gxn6Iz z4bn^ZHfv0TqeNaK{pTle{P3xiEOmwH=m8hkq+kuc8&>4^8AdaZ(Ia+w`r32h%W_q!?fw8ZyIUOt z{s929^z)xSX%j z=d*OG;Du%!?~6ZxK^DIHniAWi;)}+up>~-0yD$>W*Tg_`dBC~w^x z_o5QC;mBGx^8ErB+ zvs<{0XmFw2z}~D2;HY#~r?aVw8d^hUDqqL;T>4!YHicW^ngP|_Ne&bHb}psYWi%=N zJ7L?wme z5BlGMT+gt0xe}75S%yL^e)gK*iAi*gzs|5+FI#A%qtzalPy-J& zKt^26+V-(&$xA4gw$=mlq!Sw8IUz}n2pyg*a(XGe(cDZVCGlnjjixICWn)zdUUQ}|DA*;S@xk2UVk)4MW6eDkSYS({sQ4j9(KNC}Wd!^*Dw4*J?YcL|KfdAfHBC`MN7OjEGRv;N-n(>0tstH8z5ObyD@!2y zqr*vN==bFPyT}*!$ar~*IQFx!Wdw!|xUdm{t%HlbWY8z*@^tHDOFSU^{a zA;g~Mp8WjD8-xpqla2}|#cXFO$mh*;Mc#kV81^`qyxXiC6bb4IuddCm-xExKgGXc< zT;rc$mSRHk_^@w4W7ggluID>`Z_(juBg)$}ItVWVGFiC2%Sw|$u~Zu1bOY3zaR34T zFb-4lBMXNpKbu$5T&ILI5A&oRcfd8-{q?oBiwG{pgu|tSWFPkk zR=+oKPh9QDbc5mQd-N(>L8=(s&FTC`ohaLVmc51pKFmP0P=l61s7mX`HT$#_2RV6q zKl5qx&2JXfHk-0Lo*oHbzH*2VNZaJu~aX>ScYqzt2kgBLG)7*m7ro zW?dMiy_^*6RpZaH>5PEs?nnq7NG>Fr`ft3eUUbfH@H8=Co8R_NLgY=d8jXjb^pi z4jd+^A1vDq963k_nfsH`%h@vJQh?U=(M-O%+ALM3e{WH*gYa{iCLa~k&A9)%+ps=g z!$G;Zz4U2d>ppIo=n(jVC2FTA-wkNjMMZn>wfDsddp6t2x1Mw{ZUu#lT;t!8fR)&GN`8Fjm5L}aar?4y@A%YwZ?@h`)t_ZvYAS5A%|8r@eg>_neY zdwI@}`r5Uy8(s9&it=|dn^ncQ07y9D<> z!KyfT8@pr2l$v*R-1WK7cHKcFSIzU+(;J(0zl7#ZHZWEv4ao06UF%ZsXy{6*4#>S| zyRP}S3=;f~#%}4f-M8`_SPB`)C~k(hM%Dz(3>(b7jU9vP)|c6&{yOAUF_%|(JL`ql z=p5F1gT}{fLjgb_8WUn)jC}`kB*Y^Rs$NCsrwC%VWT+Yg9jsD9{>Cj2o|p5En=WwS z#opnVYo5Oa3K@Fod)9COEL^xSP29h`=;j(Wf8fY6T~79u+N;a0clL}tkqmub)O&$@ z7>}7Px`+@DY1%35KM4NIj6gTgsaAu{;Z-n<2 zPnH`MpFf#=D14cvbF6WyWT<|w+^6e`z=HMqgwjT2{~5TrnYX;HFAjkA@5{r#+m6?7 zVE-KmU-qvoN?D^HVdQ5D?`SF5`=%RCJ|BccAvr|a75lcvNcNS+L(4T8*xc|wl}AB} z_cPbaE9hR%1JLQK*z&iFE-KWap`p2;cpx)UAy-3w;0|wZ`a#y{<2|%PlyqHNs>c{+7Qu{k8RI{;vu9 zjb2$L#UEC%FIM>++pF{n{Rh)T+qcxUbxP&sm>I=R)AcX&&B_We&60!Z%PQmj09Exp zkjlc=;t|(_Nl@jU8rfK45+Yr>n_T8CXKUT;8 zhfO?{7Php_0^ssp58>nJs02l9KOGGu#oE61xhE8SFDVi0<4C}r$3oopDXcz60 zn2diYv~tKu*1^cMpeG{^K*hgoSy?}faWQy zi>nkJZak_%*;uJC4Jleg8(m_MkROU#@4m0E$LOv0~C6tL){pX|G-&q0vcjOT9y zBiD7^l*~o9q=wg@Z`~T7w5ePVbv?l%Jv88z3%%Img{~@?ORnn-hJF};QmJicLygX~WTDrm* zRhnBB6nwkAQSP3lN{ntu$6MB1-23L1hI*S{FLl2&zdPZxZjW%=PWxWNVeO(bT2qqS!o)%#Fg@|uoOWgB1>+Rbs<0Sc_bAQZ!CCl}mKUGc82jb<+KHTnV-YtRE4wYZ~&xBj?P zV5D~-t^twvopw(O@ayC^Y``{5=7t4Sdp(;2qWcg;m99~76D4e^wMlU{? z0+iAW4g~2G#4wX5M}pZY1K;3db()j1#%DE8^*8RiTgi5Kd=ERF$5_2)!qeoUy_RaC zx?+`+5;*sCT;nvYm-@h2m6$=p3EvM(=v4OWlA^5}?WVF$SSY+JHUeSQgoy2XO%Bf~ zKEHyKn33W97oo_Pv*MGnSI^s($W=irdhS(_PLJN6t0cVx>Qz#O4M#M3|7?P82F`PO z72MSQ-m~~2wuN*{z^B7vKNq;?n;X8jW~wXc;@D&>h0n(UVtZK4xft-Sn~UE+;nPbf z3Oxtk&c3pKbiuh0Hf=6wghY?rvDylRKzeF$ zHr(L#3;;x0BEG*b~Aw3q~^8B)4KDuX<_d8lcHp^VMnH z>U3B32iA11;%rf(Of@&(qqudE8t#KwXj|}5_+CW0-=TH+cUlXbf`YUVRYv8~F2+QK z>VYkcYarqSYD4C?_dG4MV}jmW-7W0r|M>Qyvzi)Njp5CBE`Qc~^Rc}=eE5ws7EC?C zZUWWW7gEoYYbFF?c<|pPF0+6V&vlBqsf|2(&_sUf2Y028qd$P$|)BcN=nng8u6-mxx)J={K#aW z0A^cE607j%f(h^LPSzR+C2w*rk|^jFf88oB5(9+YM=_w_o>zLpb+a9pe-*#{q6CX; zS=~9KWM3Rl&^X^1VejzIrpXwcN84P#8Y)}%0}F(UZ%$gILw~0YIsncycw1EuXhZJ7 z`4n3Gtz1~Y6+hQctHe;P`Pc_2XHFwG93ke?CTbR%xmk*A8ctT{SR82_Z5&u$RPZ6= zw8^Z|wP4_~gB$sk109N>_Af8|WPqxBz27>;l)Zfv{?^ z(KHUY8A1;3Q4I`ua4qf#?eV$29&~aV1I2j#HYXJ$7hDcnXhN@Bq=d00C3{DWM&{8_*KMKv^X3Kst?AlTP%_Z8 zH%^JC#ywg-gj1_p<1t{Z_x-alGR>nwxaQp~`f`UX#=iA%%)`mw;ml2#{-U_or?Bls zhVC14*2X)BlAjdTTbONZR7S>d?_zacLaTdnZUOBTMBU#`M<#J^lSIfqQS=^qrKe*< z)B9rWE^`mF+oPzlc$C8FVw-jA=|C53y_JI79h3DMJ=y^AROOO55##+Ogir=U5G)j(Ff@8mBIj_PIfap@=kwzGn=u^2(xxSBw zj%!FvKny)JcQ=Yv&Kv~OT6CL>V{qP-f%{H>0Lk{EuOL2gk6Iv|14A{qhrl` z3FSq14xA|GhA{!wOQpCXU?IlGBZLz!7QND?q^He)=qPs-XAWosT$DZK%_YKs=KT!Z zMT$RlbtFcsppGATX>R}1K^xI$F6tE+;n~6m)|zI!ivLb+XIWz*>NBN|aZc4L3o!vL z;DW&=@po#4<31fsj%Ixm!GvRAlS%==6hSC9Bc~id@F7&7$FgQBYeRa$u4FZi;(#5S zxe{*^3w}1q>h_x^0AQIg)?-2l-5)E>sgKH2MsId)Uoz|Uw@qL696CLe(UV{Ybp6gF;=le1ptK&Onc5}ib zA5ncA!~~!8d0H9kR6zWkNj3mRHd2k=agkktoD|x*tB^2^I1=m=ac6>717Sh%lx>$H ztm+?gp0Pyu&~bLdc%M=G*tQS%->h%CqaGXyLf@^6km|$f3I-eZsloYg4Dgi1Ne?1E z@FIN8dH)G<2CjVC>&#tN2S# zgeM|ku9-&zNcb=St2yE2*~yOtpq%Fd-X8Od+1tX)uGEj+0e~*r>t8Pg%x7ReFFq=; z7L0d(*OnuaIf)BL`${~fFutNZa@G)pV&2cm@*1d zce3+T)G=nNjyxl0W-nSNN_lXQK7?NpJ{??OT6vzeC&ynE%PZmyLf-*6sn2-Jck!~Ra_Y+F#v%k3VrHY${9$lMZ$apq(=^@G){*kL zq782)qHzKO83-j@ds7=GD;toJO9LnuhJIaW0) zUtDtnAa;TPxLUc^20cG&spSq(9RA;YdUdpoD|v9>0q%UM=T1i#0ztC0f@W3t@rqhQ z-SS#2(d*mH)a4w}*x?%Q7l7oJ71~k+R9!_}2T(X9R{(kD9}3{)FZ7KzypcoS4uzDu zm7_=fEv?-gJEzG8R-LIJcbJvcqOd+imSEXXb5GR3ZDlaIH^M1L%9LiFSApC-BLzO1Q)&KEh^%LEKAS!iY zz?Ja8y=GyQdd`(F61^36J4Fs1KR=rIDb-p70tw9;8Ceg7ItHV)A;z5~J=lG;IOa|; z-W*Ej^911v9qAXW@Lg|;4BfAG)*6!w%M+FiF9JL+bU9jCqzM4e2Tapz9Fxbi)^W?^ z5OfQ`r|1UAyeJF=-6HD79m?8a7ExsTsB`26OIWd7H+4ou#&`@sL}smElF627;$?tR zSd&HVjykXg$*QC{_vyNdq$PY_|J>#N_`w3ov#J*Fw@81D@+9j)wI#a+3D^7h>8bW4>cAq!dLNXbE8AS4osHQmd!2yisZ98gsXD>v_4U$Xl?O9qx4)VO7) z7Ds{m@0O{ndQmWl{)~S#ShZp>fJX2wG2UK)go^Z6iHFP81)$N};H8k^$#s}`$9iZM zIx}H7npPbO=eb67wO-oc`JwW$%fI|v;xNe)JpmdE6$K{!6p`-gxolLtVdsOL2SjCM zV0o{zw02kDg5AW|QF2_kw9H)T!wpu^Odu&Mot}3y zYlkyev)3e1;ncjUIlb*hed_smP}w_#9ocR>%hUNwZ7_ht4hk zWKY&86fLKbcwSB`u>b*Z0?CC-GF9k5-DkQr$=Vi##82Cr@I;x6zPf&IkCg&ga6{O+ zZ*^$j@(S(10`%>QzDL1mIDP!Qu{8}=(`bhe?85(~m9^tbDzuedwe=Tltk)=rg#6%< z>j?jI2v3-h0X-C$p?%1+)1SSkUz!pLow_&GZ5buIPHoc35I zX`LZQ+=1R*2t~&y_(J8Dy1OYLR{$>P=+9^XQJj2W=G_|%fOclpSLbGIdy{M}-Z20s z04qdGktXZ=*4;X(FxKZ(Xg~tWP@Q*XV;9y{qw;@xDUr&WOiw^^?)69=IIaMOM#{ND zjf0uhOC=u0yF9B-nUt)ul}`K6Ow9G<-np@P)jH|`y4eQvde)ktW{%5hGKEOuoPmL< z4J-qc(59`SWE7g>aA9c!2D>>1?b^t4H}>CQrmpX5mHL4R*E$G`%Y6jicij+ zJUC24Tyo2qHm=$wsCeL9 zPejp7#V#|p1|f+^bt^&<-8@6_0Iw;)X6T~SQk%gT&95d5bjLdEz`A31253ntxwc;c zv(K8m@RoJ(ivfLgpcZV4Alw>CS%HT={+~Ws5y7@#pP!NK0h!GM_ZGVO{LE>55sbWI zLx2sXPv7)?H-g-1K-7fwHvj-@g!W9g+YaBeM~kNd(6;Pj56^b;0Z^jE)ilOHJ=9DMvkWTq6SdoLl z0f^@xNmGM?-ThEP$t|bhQK8cK|>v3S8`kZdykR?Q_eD>#5x19Hw)RHKga$}P*y zabeuMBFl<2Y}(mflbQ=Qyp#2R?d1qh0O8LJ)&hxl_r_R0BaEjppOijE^qkw$84j`lDkT)6z+<|%Jqo~ z*2u|NSjp5RKXL-b8tJr2!8 z`+*OhIe51jYIn#0_Xbd;{m&6noRv9X1C;;mKK`?pw)e-Er~d^yWn(+7tMl*6>O6bG z^`A?yJ^ABbnv=lqIscnz?7x*(*x3FQK5@}zbay#e;)1PN?_PVV#jKUI7aA1%ZHrw18h1fn;oS`M$ji(8wDgDhvdD%d72zDWatU0UW)kC z^k)5u*pH$j#ppFX;jWT|8Mx@)<6=AN9So;FI0i_(-P<}SPV#P}MS&(Y3e)$qWvAU) zZ8v~(Pkrvxv!qOq*mHfaRF0_W)(fJP97zF>*K&_?R$ke=$`j?n1o0!Y>FO20X>4pJ za?uR38SyL|TO;S;!eS+pTw}*WO`;}N4f~68ryA(iV2E)9SWb@1fw+;ALuApYZrq0P zh7N=Cu(rktUS8|1bm1$k9O4Oz8B##zw?-!R;I9VM!R@s=7J*WE+j_qE0k!Up9sB9qxjgNtP;dW;Sa~m4e6crUwk0rRpMlr;*LsE*KuDoTq6fiW6PgDA_+A1t3 zII%>*malpJUtNk-Kxz}JEP@_?Kh^4H(8XyFVmDQ^g+G|z7*i{-kC~k{4b#(eSseVa z1-nv`pTAb6ab*x5`llk(@8Ka(YKm_Y$G>~k-Z@t%MhW@mxVz!F(~Y;Vjw$a!?-5$E z_qqM2AMIRF3}dZa$=YEZ6IOoAu!%bbz7$7rr&e}9f8{Wmt?S^$Vmb_nHAVNgaYR04 z&^qpc;u82R`>ERCW5Su~kgmmp|JDwDl5sQA{`n4^l{z)T-WMeTr~LIcaG|O7xh|vY z+>07yGGFCoa*JH7tJf@RJYe(M_Buj} zK_;V)yQA3Va}fu&@Rt|WA6S;$@%0T=dTw6q(zrB$ovYHgwWA^Q?=f9@`Fmwy=*vLr zj9f%?X0WX0#(JsOYQ!DlczcL>@#yz>(ba3JNS1pJ3!mER(X@O_*otY4Tp#sa+?Gc> zS+CJz8 zz74NWj|9_4U=9$5gO$Y;)X#0lGR6~0_Y_w6DhqmsLCy%5d!FxL5Wj4#Y5tMX@cQX7xB z5TsXD&6)K4E#~Ltq&8Fw2Y^Ns+ijneUD|S&9zzlj^jrP{U1G;%Lzu~4%*9{_S`k{{ zViWUv!Hh8+WD_=M>+s!eH}dzu*0I3;$#^btpu5D~aMa1m##LvtF|pMmY*D8%%4||o zv4{1gU4EsfrK>@rC$kEg9tfVp9*u-A5;CNpU-4b$vqO2-uOX?2x}C+2cx->H_Xw8d zNt_U4t|p1JN~?X7<=>h! zwF0K@cx|tBMkellTXXQsik|{>QMr)_;G3(o#mU2C-6lAFMZmM1mk|aods7uYB$xf* zDkg>FKJAk9lU5DllN{n%(Nx0Ifh&B>AKnFWW%#XjKBc|6XNx|?Vk)FFi7SyM^mx7v z7V+#QSNk?b6PW;3Uz z)8K*+S$*QI;}E8F#obrKsF}$t*{5S-6U9U?V#vg|=v{pg+I0rG5+iz>B zKejuWS}!V`C+{C`9cKr%<|8k19mmw3zfHquwUWtcGrnm<8M6Zx7kLaZ8ON17^>4k` z1NND%6I7yeWV144W$88Kkw}~!mF8~n!iK}w%f^wM3|!PnaZRmF5ykVHqN8}%y$BjfwJXYXYp5r__n^0t zR#(1Sp9#nZ_f0^;1g`tKJYGD0kau2O*>mz3jk+W@mq-`}q4Y<+{g!C>Jl3 z+k>kJGdEvJj(}a6SJ8azdTM9@C2?D0+1;VFILBca@9)5fiqEOaL3Qabun0bxU>@DW z5bmH&I-tRd^w=i=8gb`Mdhn(vHzgXsrKL`jC&!lD5Z3ZD7H3N~bldUTylQpp;noYs zkWG>>N217)y!ZSC1+eSin?iZTtgRK_ll)TyS#d(6LP*%;N$b=>(1+po6C8gL0pDb=K}`7ouM4JC8F~&8EzJ!%i8|rpLW#7HGl5z`Hta0~Qt?r(X@b zjWIDVeziVZVsbb6z>Ko{%7CE!TnAsA z8)8oCt8<@_$ig$R&a&RP;^$lF*!q$g$EGr0C49o%Xo4s?M z{XxWl*T7MZH@-23X&(Z)pU)SQ;eL?%-NL2^KRTS?{^yj(wScn@Yq@L5A~Ndbd>DL?Y%$A#29Cbx;m@F;%^-(~}BlswV_& z-E^GM%$uEBzW<@t#&miveZ}sBWP0citR;1%dW%aX)ZV5cA3Bh}gh&*`FwJ8{T*Shr zi#?8*RQb5N1i|iehnf6no0a{x$K>Lk$MGNJJ9R|aeex7!fu6wVjGmc9UEhvv<2}^L zB6>Tl&aXMN#Sr&`j7V9}avl*2G(U}3Sj;G-uixPYOH$vy9W5*(5`Ll-OX4S0dlCvO z9cDVP&TA6|8=lS@VXjX+t{P16s|BolBIebiggeLCyR9K^1B2&}{MG)X!)xZ5fOqms z->^!>S?lc22q*e9O?4(S)|7NR&9Qd~5I=S4zf$#0q55E>A?{{0R zKjoRUhwbWP?#j_?gr@~hVwP^;ycZ|+T0cP`r!4ZYWeSQIX{(wmp8VK{@IR2l(uHvH zyZT3wco&Zk8hydv8aId|Wa(TeRx}@^|9G-lO;MS`*|elAQx2Vp7jjal_jFYC#Y;HQ zGzz2i2w_1&3XlGp$B-u-w#AZK#~U_Uwe5m!gEpu1b4pxwgzDxprH5&_tq-m)^OURa5yW^iRA|%R)m6Q@Nuy z>@x@AiUN7tb_Rwz7kQVJF0Lt_N>n&|Fa?~#g~GPf$ik9u2ddC<$f#KOP<6**#`tDS<(7l2iyew_mogPg{abwb&q@spQWQ*V(zh=8f?m2E=j z4Cp3mI*PQ7OR{0j(DA5^A!L{D-0#(-SnAu(z4Xo@8G$x@RfrxdMOJkkY&DXnkta$x_%Cj z_~zt+3Ae2}gty{(MDz%S9jj|p@#D%W5%Sr$?^=c}(iDs|PR43J(C%tBmz-BjI_9*9ny$Q1TzQ%mMBV z`lu)a^ju`h-1&-?2NG3h7>B!V5fm@`t|iX-}~H_IEwc&AJb+{ zNp5R7tH=VSedBY*cS5QSDrLfPxS`m|rlBu$IdbCo;oUnhs2KBP*#)gccyF#xfkB^x z+gPr`Y;k5yb#2%p8sfg-EY%`egHs}QxH_uSv9A=CAl=OquyDcMZ9Eidki-c1e zPNo;&(|vN$_X+6BDPN!I_jP8+fLI$ARSE2|>CEJnNO9&?B4P>Eo>QdYYIrsI#ePsJ z``;8wzjsHW5ijV=;*!gk^3z}SV@FLrk*4zcS%p5cTX{PB8M@TheT#y-w~kw#gp}Qz z=WD1DU55(-5x+v?x8~H@Rz*SRTB2QCuvYvxK2nYBgl?P2a$-1;m|(!LD`t+4^MmUr zzoSajxKCkK(l5=}PHkc|WYc}8)TXqg82X1qa5Z-y^M3PeK0)I>b&SR{rnGrdRVG4K z;;~h=Ox&qae%^6dkkAm4*znmt2Al)OpmU6~Ix3wEe7n)cF5{KzK!!SIJ+WT~Z*-$> zyg|9PaBRfwW|P2?NB4Ph%H|Ij-ekrmc!<2q2k14=YF+~oWi8Kslgh|58IlR(w6>fZ z#pkjzPKDnnT)O<{DNPT1ZpHq;>RfVd-TCdaPxG_Cv4j@PWvNKdiVh4czc~>7S?3Lh zc9n6O95Xy?ylC@474>CM;4lWla|JnKqTS^=*e69zSaKANM{0gWz-}80^LN4nx_8cn z=~}N3(oJ71zn~4?;s+lh{!CGL9=7TyW>}x)^AS6;md`s0vo8-^9mP*#^27YTIg2aH z*j0xK$$spFFE38ciy1#ExeVruaFb#hD;C*ad321bC<3CQ4{E;7tI=CSj+jd(Zn znJ8L=l_Nj%1z`H%S5PyB5$~MQpz*b_&Ne!Fdr28|Ouq2Aa0K#|K+i7>-6Hviw7yts=4IgtXo3=@I5xec%Y~_xbz9l;GW|pN`q(Xfv zu!E~zWP_RS2+%~PxsJ!j8|E0BIl3$!Z^ctYS{p6wxM0f45m9KpHkt+VlsURm@dBJ= zJoSk%DQ>R0*0kECx6!uF0Y8zVy_L4wlgAf*G(4@fp~&d4wXovG#P|S2&*jmAaoIh^ zTEEg^8DM!TlH$1QGQIm+yyXZGn|FDUzV!jA>ca^D6#{Eh!h|V_iNLb^7<~m*-_B`= zIz)#(S4x4NK*sBef=h26pSwhTO7w=rqwC+>jQrdt2Db2DvttI0OTw0n9X`_#WlGPV zo#0m}xKR?Ff<7umQwm1t{4t!hU8C=fgqF$08d{Q(ET!*=(|p7Id^+X0f#~*om%ET7 ztBiTdpO2i6FD6;7Q*K{{7C6`K9$FX{o~zwG{la|N1l@7}#WRkS(1$*j;0?p6jubMc znW#pt5xYj!r(W&b{$#u;D)oKlPv(8-XYqaF&+U)zSY)A~<ujJm+Nq%6LkU1y;fy<2CW93$1Cf7CnFKR(Du4iRfrEm=h zZ900+jrguR_S_Mfu$a(`m!LKb+&U_Q^WPyS?i2c|kz)k*3JO(F;mR6uz=)RsJt|$=3n+zgUJb&WjRPwYHlH7F>IWLSfdP;<_950@flO4t7a? z#HpMo>@8f5cwJ~G;xhkG_K&EO*PEq#8W(z%k%aoWsdL`q7FFjxr^7`Qjas(!knB}! zGWMnq_QOpBvfwS8D<`ol1fY}-eCxkhC`JuZ;k%)&0>zO%bVXq_E7AzbDk}sM9 z%kw)1*`iHaMN3f33LoHuKNEG4*?)MfnWUSv`zTM~OaSUTHKil_rPwmd0LLOJu^Vn0gQqgOp(BWP5om8OiS)n#vH9* zNFV3qj;iz13`1<{{n=F~UU=qFULc=qiD-Y~YrBG1GVBJ5sDrO9Uq+kH%Ewfg>O?EY z-=8zjcvPlZoQY7(y(fbD5Sj3KIjQCSmA>m#yWN(rcWj#ynZD}eic~8)j_)0}xFrKr zAnrlF&XCEz@imCU-*bfNXGAg#27bhk zd|mcw2>Vk}R}`|g`tIvk`D!-K@_Ck}U>ZN}78gyoM9MJTtsrio>rlZxLDZ#Z?D9cY zpZ=UAr-)bj!h!VXyOv;biFR6?#gE7i1euCdx(Srlo}Ma5zQp?+WNo?nyb5aBy`jLx zzjnc;og)KvokkKmY*YN#tsP&dr-!9sC$1vzxiY(+BGQ=sFBOlRYbmtqIK8zq64;j2 zX~%i_4Ci^*J{VBk)ZhS&qq23&u8ptpIY%cpQ{C5;PFiVAcd=;qEP-5UDkia6rANJb z$?XzJ_o)C^02ZWtwKIu2e(s?4wtL5z!PDb`yUS}rL*CyZ;>Rr-N8x=4q$%i9zz|mG z)Lva5NV;hK&AGGt2ep3;+e|A_(ZX}*Jhj}A^{t__=%Gi0*mCX76*Z)dY|A|duX=A? zs`b7w>@q##PFr-%Zqqi0)-@0{hgKAO@}d5K$0@dCH_r3=mdquShJS{D{;JL@ZR zO5i~rYgu|hj*dd=E;^%g2s)5At!-604R&CQ;H*j?BH6)L53`zbKr)&kxddQ`d+Va} z5;PT?XTFq7EmkvS(tV~C96BJUL?^?h=>`Wzdk+=gn9oqp#kq~%;tP~3arckel6l`= zf#M1;&alhL7C5EofRIaic1Wh>(wSs*SbpYaUOq14dCJgHIGCkZ1P~C}8HZ+z6SPua zoV~U0s9Lr2q8R*wz{?!m{dut(DWO7*>eF$LvUnJdxo$>vA@C^wMBlk!my-tf4zN9W z0DjwQ?p_?vHS{6I(!w3!LRo*$l~N6&?(;TM;yJy*Tf3;Bq`0+o9H=yYaDr-ai)sG3DUMaS zJ?R`e+U%rfiS}^{^7w8rrDA;XumNlLijZ2lr|PCwbYzrPRK&L?9aIyX)^fW5n^B!v{iIqF4qrQ9~pHo4WW@g%5O{@fbFt zCyTlio{yX>j$}WPUnXyveU*k|Zp~yDJZ?7+w=@-7k>;r7sl>M6BAO9*@5D|W02%)f z1o%KWTrxmk<#zx*yba>G|2(Wm67^UH9-_Y%!*}BC+GfnObI$O|t4}3ElAl*xhQ&wO z)=``{%bPAYsVvmTBOc_E)BJJWV~+z?G`hir5IfsoF`!0D|M^V1@x7h2&j3q9C4KYr zKp`%0Tj0ErhQ}>cKZ18v?@skx&4|KW3w2f1BiWF(S=ah=t?7+HjI_|zrHb88$kqkO zj@>wTm$;H@@Vh^2#ak|gF@voZ(2%s`PTw?=s0iyh6yrl)p4*G7#O$`NsZueSiJjH2 z)m)9sMzx#$U^Z&3TJ7=#xKJF;Qp4{`J(DmS0c4hvp=&G~;gk!(>fG~VN0c9rpQ0&I z;*t9}bJR3fhYnBi8H2?$VWd8XA1@^wR@!)ZW+pEwZHlO#FNd^9mfy!HXl_Q&wdOh@ zBY8xWBf$>7+Z~H?QF^>tC$`3^U*!FU()3*Bk9Wjpo#M?@*HRP+7tCBi>CNoB^==a_S*>)#^}pzn0G!i2K#t43`b~!$UjQTTv9;UjLDZV7DqrZ*z6}Mo*;;pkp4QGpx zdTSSg+V&d^Z7r6ZovErS2<>(Kij(;>fEVhdAE-3;?4eah2Hi$F`wF!a9C+eJu3On= z;>~llGEvWB{dg%QU$g*8Ml~->%|wLEz`G4#9-Q<9IC9VJq}M0<;OBePXSThF!BSCs z3nh1eydK9EUv;lKc;tod5n2DeeTcVmT=kX8b&$yq+H0%zF;TYRb{swn9Fs>AwT9DJ za^jq+jA4bf;d3NC)TJm-&o>qZmA`kZbfDuce;L~JPk7P}crv^{B)IGQK)?)Z<5cTF zZL1R7jS{?@-F=+Y`?iqPBzn65!ySF!*O}Jl&6sLt9%+(77)dnNF7IAg4xV}9^<}6o z(zh3^0eC}Z0`f~tho4_0fVhe2K>9?FmiBzlzol)DS^YWtbZRo1$*}5HK@j9|Kj0-wY%>>_Vp`e(6bC2ty{vT zKN&BJ?A2^FE3Rp?aYdP|e%#%V{2YJ>Ap#kr^_#kP(E4%G=K&t3PR#ZU&ZqoIvIsLI zG%ajXCc!F9elfV1&o(@FAjZXXqPLo2B{Kb%!7$T#ZkshB$j&yuaf#eJFiIRRIXh;9 zIrBv^<&m~9VxP3EV?V563Q2Y0xuOu@`IB_g(YnvuS_SU>I&6`WXl?WK%tph&-11Ob zRy_4)FpVRR-%z#0pO~=KNLd@ux>IQuYMykkb7Q^%ubR@QnN880fF%RGm`caRVtcO3 z!HKrhrAP66qC)}aRAbgO9TR0z6qIq@QZ3^%X<0-R)Yc+39cTeSX3Pwj7V~&Jv$I@F7fxDW! z^IKUFS*(wi5(~i}q{_?rO?7=3;m8KZ99}O!bbK`hLrlfUp(T6u(KJK;A+rn{Abi z4L3K&x!w8+?7}4AaybK&T_kSwrz( z@@lxOc=c>Lw*HV{v|couJRY^|?-k@eF*p@Vy)EOPxi$%Nu6cZUWa0o6?>P3&Qk9gYx2_WuCn5he?`kbQTV_xg`buJRI^1HH9(NXB|Rwb$-A3S7f z*#{Y%Do*zk((=0UmWenwwOllk;=2KGy!wlp|BLep^ilEmEOQ>NqKRsF&_l*(rM)+1 zwLP!9wf>V{>qR|ad+BT-CsZux>gWu@^KhP|5pQ_l_p{tWY8N*}8r_8CLvITyK74Qp zChVx4cd+)9MUH*UQoMl7Ugx8JJNfG1?Dz6`tToS4^|{^8UvRA&bg+m;j?g$py1B~L z*X7W+9Eh3OXr;GakpE|VrHA7oo^NSw^HbrirAnR=Cs$apt0M=f@nvQ%$uVcH$7xHY z?~I5{uYKue37MA@P9?_vh63%~a_<Q^is*=x{~9`b%6-5`jo24w=~0eSyxc1q_BYpmr2!7+d#4iP%&iKsO^CZJh$Si5V`_t zT!pHX*|}Cd17P1&W+r)WmxQgcJ=bFLP@U#($gh9R7V`)Wa@sir{G}uoUVkB-9zNIB z);*HydkbjGV|#c5uP-=3+^O4ljDNr9X#>zb?j>VxW#AO-eJ(3IN=M2sOWNc(A*>KD zkV~WSdLT2uKajh7_xtC#vHEWdV74b0ulzpD`ej@sC zVW7a_(=&RvbT)kt!&a$R4oHTD{@(fmUM}FFUNkRHs%?m?s%yuKDVmyZ>xTk^?sFd# z0Ina~CflBdlLOn8f)C525o^z1HpXN1!+;Xv`0+YGQ?WjM44euH3*Pgmeyb7aq2@eS zNdM&n_g}8zexmGmPieSYy;Y}FuI>)Z0j_MYh-@yu!@%sP!{^njHpg$|VGLkojy^@s!b;zSY8W(6AN%|owTy41K&aY~}@8oeQ zBY@I7;Nq$CsrNQ0G#xN^{e`Lcb=#%O9^>_ufG%lJD3e_OF9CsjK$$9YG^?XfxfHauxN8YQyv}J{xQyLq+&UW2Qd(AJ ziD72$Y?K;VT?{!FV{43$PVi^>i7$!8WELgd^I+f^M@8viM*TluT8-2KgVd-Tz33FP zb8}hnuw6o?#)FQVQZ*>d=}?kc7B3D?CbTA7*a>V<8hNcb+W_Pa9Wnb-1Aeiu%qeu3 z_R@-EU)BhWUO(&`ubFYrz>qOO&~2}MG!5I7n-g+t^Gw6GSwFqRJ)qNg3we#FsZWADp*b2IhU~~3dIWFI_p<)bD zHvj!Rp`#GYfA>t+AY)ML1N1zt=ltn*+ORLS?B1dpd9=f+?{^jmWD~wtUMz+K$ssz~ z>|7G?b-EBT{i5*?joWEptqSv;C;JiR5?s?*H~mekmnWq%g^b>NKd2AuO}CT;c;lrf zgwvAeiVX{f<nmhQplkxXpWw+;Ws!EeiU&}Nrnx|uw zVa=6~?;CiyR zfG?vVP_0=7jkA)OKphF9BAIYBxa|7v%x3sFIn)R9 zOqDl7xT1c&RDO=;$#&D@viKp)ehvQmJE+#ZU}o>IpUY-@l4KMD5z_FmQFAWy zp6N_YRQKH7Hf5DrAQPaBmBBfPm+m;oej2s{h4jE%5yvFBHsAX15Z46GWbPN>f0M1l z(_)n`%x*e=isVchYI|T3L4=V8vl2d?jXjavi%@W(a7_qiSUcVoJ={@GU*4(8d?wvd zGp^Dy(oXBYb!sx%V%K0C;y-+^Dl5r~B)#26)2RZcj|+Cqsy6;afsDyL`468&06QuS z4h`BVmQ8ypC!-Qp^W+r5WGY;36Q7uXF5FWoxCV1k`h%TswCp_T>$7A0mf1fz5f>fG z6z7>Tm92Kv9Qy-^-XDGp_O7AKWclP#XG7%W zHQbE$)IPhye02zpW-GOxo1^i2eI)>48pZg~Q*l^DQsIAWqBZejBv+q|k_ zklVV3Elf9wDPv$ETAW-nTzWu#%lbNP2qZ~5di#}igYHaKDEpaFu49?Kgjc885rx_I zT-G^P=1jFiYMuioV4F1FWNXp>%f(k2qrMwd3+sNZE!?94XF2^WjtnzL)RQB9MU?S- zof!1lK(W3KL;%z30^vO3N7A^P>)*}6){aFZl|Py{die+~MCjB9W0=fr(PO8>#{0Oq3M)TGg;+Oy;J17=5NxIw%>xooF1JI} zek+K$?AUP=k!E)}*CK-ZphExb*=f{=2+2_a#cT^5zX-{74UyXtjTOFqS}Fq~M^jk*y}26bUySW1FF21&wzuF*ZK!HIAF-5$ zagv^U@`%g{60W0&+)sG{zbIn{Z~P~bd@^aQdyFd|OFCj<7kuxnIg^lJ##N7HMP(d5 z=xL~W_`i7qwSi0NbL?P=Qc8vPXi)#{XgrUT~bs-qK7cFg+qqZfy!^M@B@IS z;CRC{$xVUcoa|%$YHv;eB-|U}YJQ%B^c-B8%WDEb1 zN$b41{Lq>~yS@Rtv#;|$9?dZ5yGj|x3@kY7J7QbUHK1w}*a}~`0~(Q-cb73jof`h6q3zNm8IXMvjh%bZzgvdB z@dX*G=>w!$zmPwow8;L1Xx@ikRklQ7B^gC!<&o>n^XZs$^UAJ}2_$0s26 zMfCw0mj(lRa8nWx9DT$?`sbbOuVa5QWC;w9-2+V}fL^(gddYg%A+94>vTC82a*YyO zu6f{i7?fLRRdNLb?`|mSJpG5U|6I?zDcdH3ty%_1_Rv@Am zuV^NblxJEN2MivBj1VC)t{QVcztW?PVIgB{Rt*$T1KK|e71Kc>(CXf%sNrk{518&L zOYbePD-#RiOfNT)2~bV7{mVfk5aMHwJtrI-uNzFd?(W~xSl6i1@~XmjrXwDB#bMd( z>5`%oo##Gk7_4-v&1Z*qNwc|#@0WQ}`=5NxkK;0C`}69@1BY8FI5;RyRHY)lNfvQC zXZVET6nrQ3*1p3!Q2!>N!ZW{@Vc^gFsyOYn5Z2bECX$TII&N`abpa;zSwIwJ_00Uf zC2Ib~c9#d@FK_%pQ61EY>*HDAluLW(Hqw`yehC%>?1wwQ_*r|`vG45X;@`_KAnrLg zJ@at)_ky#~?M*%ln@{_T_i6|)|HTp0>B~-*M!6<)x$Cq5<*z--oV|A;I%?TlDtEY0 zl{iF=zTB&Nc03e-OVt9E2M7a?iD;otHrbSs&%c~*Bv7FgF(jXu|v$p7{|MBdwRd0=PkHyQ+ zEmWrDDgUAVy=hH>PiIBvUq!1*-!cmw{nVEAJixKFS9PYxYhAj?Z-=bSUoQcPeJWA_ zXz?HU%qi6jtkgO7hut#=xO#7FXyl${+HNVtdXH4i&_uwTv`RF2eR~4T5q0$JA_^=f%`n zX+UU=`%&JLIBU-g!9Gv^Z3jm>35Py$;O;JLsEhwwjzkK1Jl9Qqy*SURbFKBTTzl2? zXWIO?y>~fR5~#Xkz|~J4kpI{48htmU1mtqkimxEDd+g0CWfDUg#Sgx{A08_&%}zd# zvWjr0PC`8!@~`Tiwkpw0BguT!nW-KY86pJFL5_Gd)iCx6IHw1jr-c~-9u2EwQ26md z{kxqNx}cjb0(|k^DABQHg>5}uiEGs1%y8NruLzfd!*?ci%?jJe{D((Y`;0ybb|E)! z0oynKb%dk=xz#-7NXX}_k9yO|4?ae?`&Kkn*nAjXlU=%?nr+8_{>OoRTa(Z%uLY;n z&xXi;6KtgOr^6qD*31;1e42Z)UxdHdUiVPVEr@GwSQ)!?K2?v38w6>AnN^3|IG7~H z)Mc)}q%nnU`Hr|UU4Fl*g;OKF&u)ZbzuvR3JK4P`aQeTV1t@!QlY~ujI71QZFGC)! zO6%ViyjbR~CnwGTeW_()@eX_{KQt8Hu5|5PD#&iV5c7hgS2kxE}(_A==X zg97!i{i+p>>oEaHNeTL5b>QRF+C62vivUoJ{p5Bw&oErt7Yw;B2HSj9kJrD>09tZ} z0@O?#rPV#5z^o-7;9S!=ppZyQyoa+?SzI_pP=?DqBff4My9P2VCIg0kKUl zK)SQTuv7RjR*c3?uKrmUEf!L26Js?`XZ2j}LwPW%ALr(3Czs#5RdDXft#gQndX0lt z%cM#+AOBN`qSOIk>wt)jKFsNZBJ)aTfx&+`QFHyq_LApHJhH3!L}<1SJNt!V1YX)+ z7uM6TjQ0Ynhi}|UCUvKp2n}i@{e`%+pMchK?>Cj2tvriN&Gpr`sW#{I`xo7{Tdw@< z&0;lEnz>Fb^u!3};%bT$LDsYnK>f|rqXEL!$Opi)o&bC9ue?9(00QQ&)zZdJdu6;- zK+bI+5m9+Z`%M9&zwYoY0LNou`0P%|&2O`0I9QTwa2DV@;+x z_J(c1_oCLXMd`xf=fNBAj61<-Ro{nX^3|UMDe6gElNwvFjc+QEeDLi!FD&4L-t%^% zTj|zaVD(K#~X!-tz24%?1@#9t5<4}}QKn>B>b#uPopRPsrP%J6o?AVJL-c>>y_?d6s zdgEJ`wzg4gsZCl|58y$>&z<|?|6uPwqng^@=usF878KEgh=PDvs3I1Mf&r8!QbP+; z5sfQoXFl-g+$7QgjeYw7)LJ6@;nFP=7bMGHDQt-9-Am%!0}d-o=DX-t z*rMx<6{$yGGZG{g7lLo%W~<|%_?3^C{7d&l6%COBRy2Ws=IYBNhpserpyFyT0rqI- z;HeHd#|_adbfN*7|E~$*BAt98vE^11AvOaYG${F4)>!}=x2%UoejAcGg~N&T3HohL zu6LPkw4CZ1=+=4|O;(Wc=3IKfq15Ts^x6mMPo;5{9tuiuYY|_o&c#7RKc+YPu&dD! z9CtfWT{O}b{rh8%wS42Z`#=7UPc#UfN22qLq%qqt#KkK0zIGMaYBxz_pOEjby0aDG z-A{}5^OoePLja4$3t=)ZRQCxiswERUI}Ma17NyX%P{trs(l{gk&I5gDYJKgh#;a2d z)Pq^moClDvU~^gteY4h6`itT3clAdVje}?4p`@EH4GxpcW=pZACT&NFB)S9Mk&ll> z6aUaj#di=LxH-Z*V=TP?wC&`fPky#ddS`J(Vl|gO7KX#+-`!-64w5&f7k-*4Tx8Xh z&=Y8a?p4S)rmzJumfy_&bT_=JIs#PH_>kB)=u-jOa?N@rq8My?dd)2JZ@nWM8z~H6 zs;Ck;kAPq!eUNNz+_#>mLp9!%mfVf5@3XQ*OYYsOJ1n?I*PFbZ?njY%i*B1c(!`#3 z>g+EzFN9suj`>a*An{ecdoYg2G&RnOCmsq~NZLFKO@yFRmkHQr{Q`xFEfbJ2hM8Aj z=jZ?{A!#rm+j-a<3w)5mTlcdh9bjt2kAU$_YixPtnMjPog~fRzH`GIS zclVL`S_@BnsbS!#^=KrOl3lxeD|{?y#Jz{rJ>O@9OB=_lp1AWg-f!6l);d3Cm%vDx zgBoQJ@{=-!vPla&jH*i4JWFfpQuVaBN{_fYpygQ5#ZV4?-t zCD>`vw&?!LS+DsJ3F*G0*&_!FfSUatRL`5|nA)7s(cLtqK25%}U`hUBwgg~9+v^1s_-PWLky}H&qqekkg+s|G6c(_j z0n9sQBK5BcmD+HxmL4+A(en`@$)3v5YDhaeg9)$hr*6lEw`suyKE~Uv9MSD`xL~yqhC#|(O(=isUk`cZ7;AKXI4`8pWF7jMjzC|TDajkmvKUj1af&= zj4Mfg;4pfoBXg%_1k_zg4L&XH6w7qdAwa?i3jf^2V@bdqBjs@C47BUb7ZJE@Zg%E) zKD(*il(ZD_aw?2fJJeI@iwaTqUOe0V z?njyy9dYvpu7BiB21b>LvDu|59B@K{R1^-4#ycRC6tgi`5?}UZ_$r9tF4lJxSnCrL zF(j1f#6y4GzWU<1%PPhudE#J{1$FL8LA;}gvz5CemLfh=xZoh4_Jx1pR zX5_mU!}~md5VsL&8Fi-_U&xh%C#NvgdVOva$ili2r9}$}NvgG2TZC{uXK@!Ct4*PM@ z3*+z#+8AaZgF*YOyaMY!f#&799 z=)YNnefJa5t89jkVxc}=Ac=@jErMxeU+&1Q{-;H;O47MDZBtEFWLs&7zA-^rw9iO!l$e0H zTj`VHW86wP$u1#o*W9b%$*jp(R!{zswpI>dBp{pslWwu>p%#!A%GBwqLwt-jvb}N@ zzku}MTJ}j}rdeCz(V)PE&znAW~?4~bn<}~d(%|w>x*XF ztLcps*t)Pfpw`T*ZWC#aYB!NXF#_skX;Zf6AM85}Wmtq)Cr9tEaqA}JHAWsXdcYW-Z2B156T3A{ zy=7#qA6&~@X}iuKV`Ibqc>rvQe`yJ>$9?I6c}f;uOzfq|+#!kHaOb9|V-NkLRf9w~ z+#`GB>J~(GWj}uk?Q7{-n-jS#E1XZfv4HKTL1u>#&ZE}s@fpVWIK<7q84+S>#Osdb za;nKO1zV~4Q9-xJiHP_k^yvfYR*x1ue1XVLQ)m=_maY@F49=f)~c zd&n0kN+h)OAYO#vw(n$G3P+^g#>1++wXu5LPWlR73PsM`AN(#F5v@wnR2jTui*GVW z_BWxDS8|+Jc1mJJT;8u(V9<&3quocX7LTG`lj1ANT+8XjkdW7psY|D+Y4c`bwvfwS ztF#Yp1k78d?8?V%U>GAwqVOVT)*zUA&h+`4#?0|pYPDI0A&z>EXSBf*luj^XSj?lj zddGUas&U<`$&HbrV2ezG<+V*=dUXa|3)|FEP`glT%5i+~BfjsSVeA~<)6IbrM1}yq zBmOQm(rdXdIyNc%O;+r-0ZU4bR|a{j)I+32ycq# zqFPA_y^p)JQ>|EuyhE`kIBzTst_{wb@(y;LPB2*Z0P%VG_)Cyn!=$cjTL8-=b-q|`XTLde&?@uY1SVWh#zCj@sMZ>HsHuK@GmGa1G6Y%hN~Fd^ zNcIjMgn`VLyjyx`VJp&3K6lorHx{TuUG%ryF6#1_%>btWV4id6{N5QxIujqSvrfd9;y*=;h^s9!cRE#C=1w z)JiT&VT&ZHOcwUqMd-?Xw6ceXA?};a|3t|txS<>(eV*-<9&1#N9Ffi7o=B^8PXmh^&jSVJ|g>#T;^r?vXfz zq4Bir&X8N{T>QwJrwXnZhLZlY!)iWnUNg&v1*l0ZZf_N=&FtsN(-M921NNTLN6}rq zSI`Z~JdJ{G!xrXu>Y>>3U&$bTNEb^i!p|>iBRTToqSrl{8_9}j=l%HZc~$!NaTut{ z63l2sTLk$|INTFoOxnSNnV3qC{~d*MB=IvTDIz|n;FVX_ST=i$|1I% ze4~_(+8qBv9ovLAqm*h8vhPRee+lz|`|ot!o1!(OO%-;&q#62w+pY4b zGA{0$of{!LWW6_N|IHHP8pcD>VH45BlI6FSLVH{HyXB4HdMR1lAv=7m@7XIs$u(5& z2z#LjJp~d{_JnQ(JOa|B&YdHWxt6)_qC(J0rHG@4vm$;pOlBbSOyyA%oW}k6BHJ$r z&BZZBty?lL$W}-tO`*~jONeH4vifUd*dj`VN{g7;Y&R(UhY^7_a9 z_hp`eq=NX7{6LwPVbxts88>2nS+rE&ch&y-8xU{EXjqYBt^$f)v*^&Cb8r2DCa;oXl!|pxZY4`iL=XnIv5P(0^fMF{37fI|QoGWhS%s ziFs^w1eQu30+b<-4}@e6sXf!&Q;ZFM+t1FvFygs`h$sPdH$O`!7c;-ym}vxutd=iO zE&|Amq>xi4#BwHwOZUPs1uKUcDK2K(N*eVdohpg<2fXUgg0x3JQHNzb|9%KAv4;4( zYzlyr#$^*8_+-*EV!lN!>n10T0EwRgy?wkPjSvln?RZ_q1tmVx)kKjg@qR%vBDT)itj+cm7cK*W9=`RLkkTm1CcGtWCYF-JwoVvkCTw1#QKFKByyP-b*`JuIeN)VS4 zc+~RSZ>%$A`v1iC_rFYn10V-(gRaAEi}ZNOqWLO(%+jqp5ceft=9K*xWmZ5jqZq&5 z|9vb<+-T~%N2Xsd6f5-$v6J@gkUn~}pv;p~A#7+?q(Zh9p~V{UcAEy{qj$`$xFgH~ z!w3(SLb=Ga>=P`4(ZZ=~%6O+AJ&cNUn5R(Bd+hdTfoU$>>7^sB7fD9MXZgx@j-;NX z{G@w~hXIHPb8OU_j3B#Cj=ohj%_$k@kbJJI;!A;5xl*wwu1cCd;;!E&j}%;-zsNeC zTR`HWfyGZ|EKqXf7HL3@o}$1o1p)#oIxR{F=fyHtOdWcl$bJsSb>x}Kl#~&7qHP&& zzF!tWWlHmD`m8*8=;Vg|o+}qOLl(l~M^{t^d+684J%ZIi%{15684R-=?G3clXE{=Tpt{zLM9kV4v?3LWuXMCl-rA zn-l)izfoX2_`k>$kcgx}fG^Jh*w}x*f=xwV4Ipfu0vT6t7?gKX_tSOZwm8}RzpNqu zI%gqiZ$o?h-%kKC7z?08fe}Uj{Xh18itX{O{~rIh8f^am#S;FXkIWQR@Tgd1d#{Ig zm=fcGSuxV1O>yUqR}i<}ZDGL!DxeTSP*tlR;omDqp#PmL7;Q+-9_7{0bZy&i4|nEt zL6I#Q05tZGF~6CQlZx`=r}r2rv;UHKoui0B4jzt}%_UnU0Z97o=?}MBDtDEA==()Y zJm!4R!omAPPF=rv*0$nu%AKJ8gX^IacdXqtWKLZViIC?IyDi%Nwo)wR^JP(lytn=z zJa6aHWab2f_s^y6`=NdM**A({{O4OIts8VwI62Spd_Q=j`|N>pjL}^arnsq#r^$F; zD!(60DLxNn;ZsoRwM@#R^_pu+!FF;i$~_C1b^ctHNg$s_?R_au3xA38|Gx9vr5>At z5~r_&EiDuHbcBtv$7UEb^1Nw*IghkGOjcHQ$E+n5*_PsU{NE?V7Oq{*Zrr;(FzJ*1 z)3&8I*Lie^cdBxu=u%4%vgH#XbaQZkuD#-E6|(vHJF@M4I^2Q@e5`LvP;7mXxVr7h z=}`DY^AOj$sTkG*7y^Y(0&QKDl-quG+bFxKtE;cYu<5-4y0SF>XOL2??Ey*D-i;94 z6kin9TKV(!O8x)@6;_W1+pO2qA9Gn`X;{%Lg^|YB-xhhmiM8RQA{jQ#8c&vm4h0YR z4e2e~{rs3^#<#W694l`jiaZ{4=V*`4F*|z)PhNUs+}`QL10N&-wJ3U@Xd=KPUbX z)mX>y$K*K_qqgfI@|!i1y0g0bPFhbtF@^fN`dj?5oR2ivNk+|`OAbVmH#f>_ z7f%Q%C0L!w%H7&sE5%l^z;VN6PVV{|O;>AYB1Fh1!^d#UO#qis#Ob+pd6Ye$+z*kX z$n7eKX9$9jr?>rnhZ-QJQ3lFgk`>)%9^54&m-|V#ZAixBXOr`T4oJbOJquPrX`q^| zXLA+6Xl{h1CGjFG<7I>#o?DH41%{e37tP#qX~QBQp|}<0(7JcQWv%Q*CkK}t7;@q%{2m>bn++;MtWKiwxz4is5W zXZ}0AJBvyzRMcJ9uB`NAX4dY5z2X+Rm7tcDzuWzexOHe?BU~=wXQ%+)wI_QtA+dhq z;8A|B{QP_r6zDI@C*5q2@|N#?WZhX^@S~7*+G6)RXRGr+!?hQ`zZ-m_Wvm}}n)=wd zDb0p-N@Y0jgGN)4prl$IPuv$xwgQOseh)>@P4DPO`@~p`#MPc&z@J`RTF+|hwZxIE z|6Jdr5;%Ty?@i_Z)tAG_)rT(opB1q}CngJlkklJ>909$>wjWnf!p9F9u+_WcUySL` zXC8EWQzvjHB|PKt0q~I2sf{RMb@isK#HhP|XD_6=iJPg@kY3cy`eRLpY%^w+g`yvU zEZ^J{<>OE{H-{z+b^rfd!DrwJ1t8@O{C68k4&(U^#QApj;`ugL`iKuU9&9?tZ{GJ< zXrsd50q|-lrKIFOk##%jFL~dGUb`q1iG#g4k#$h$vd@bgtn$Fr%b?DwA6%6TvG%6q z%}SvxwFWN>r4LWONYmlUmnuU570 z6o2PF?x=@zR$*y6 z$oZ|K$tyczC|!=H23*{`bX#RI(FOs8Pb8z}jm$34%>E}1=#8axR<-UpY;!7hI~~k7 z1i8l<#3kfezP*h00{NV&d@sF|LmsX6l1sUd?;ih}*_fT4q&U}xYsC_px^L&b=ZYyz z;V5YJumtwXVbu$1?^%=&*Zjtx63+7O{0LAgR6FhXWET7@pk;TEFlO-UF>iu-=sXSR z2JpWddhQ@;4Cq)2EXw6_CUI~gW-YDkv(oZ2`EplHpK!o$N;36?ru|KD@$q}hc4M{K>zf&VEZ({mDV`}rHu**p7X zG1TG#S$ea#eCv(higvx3d(&md7{-j5gvbB zBbGd_Lpf8jbk~OZ^K-B|jr5WY9I=1|*t)j2Jf@X?O6l~B~80=EYD}L^vcd0bgy6J9T zPKSwpa}`D`c|KP1t!Rd~RQaLRCR2=~>x536?(VuY#?z;%w(OWzor-5jppgY&9?Ulg zI3M37RxWIlX$8bTw`#n1XrQe|{;AUcUB1BHp}Q{-+i4IHjGRPmAh22PE9CfY6)L`Vg}TFUP%WTt8=Hv$ANLrxRVhPC%LCoL4BsYr z!4ubC0msi?|904Vfw=Lk-AI2cCF1MnThmvXhKg+I3Me~ zSfZBNqxdmS;(Y-j^A0VAw$%YPA_E;ayWm#CI-j09r4tL;x8HoRbZUp>-0^mF_#gQ= zy|)Wfcz5cO=H{X8nQ)G@BuNoVp8}(oDt6zSl>2igEkcI*L{zM1;0uRn2ZbFHddoQ4 zK3(^-EF1Qfy`HCyk}6)7ZTpdQ;rYF-A{vktyBi>fG@E)dXxdXyxus8hjcTn_OJIV5 zThgXU-tPQYyzoWU;P8Ogf+CiR!bz>mOT`vv3{rh13768{!8fzMb3OSe<2NE(D`@PM z$1CY$=F&bW0vk;dt2*=pnG{az@{VaX%G!iC22K^KygzkGQgiC!3Ai-^{+Bonh71!fjJ$0p%JrLm`-SkCrj*F#HR7-Tm44=K^i3OLA=w%&qJb zG28`4ag(gy)ghf*dyzEp!J|i?UA}Sg$M+2kX1=H3dpnx=_KWI#nh2^j;N6lGV!GDI zSp$mjTBffBM&tW|Rl%R0xme9iBSD#Kd8gKk?0gC!RWV!z@waTtR$s$fWk+93KOG;) zIrNw&k$R1x`QiLx&}t_oxMgbx>?js$smdpYl5Na;Wz4x4DXQ;md{`ln&$6J)G9>p* zoA40K8At0EgUN4xopY$++zQ+}b;(!ym}gDl$1%r&LSY5ZXJ&u&Ww$(`J?lN|IGp3x zdrZrnw4r90D3NnNOJ8Au{vGMl^LU1GPh0Eo9*k4SpGFmx+V zIa(Po1398|5?3bZce}Vf!p=gVhh*eYFu`s`9)d+8dyW!P%eqbqRw)m<))Q4DI^tKP z6hb>(-Hz~eku^P@(xqp$TkDzG_zeb~aGdw17Y1L}0JV*h#>IFDybU}>Li?eUv(|6> zZNFKPeP&F2sBIs35Bg8Yd)WbW1!Y@M>wTW5p#gV{i4H5E?mMbmr1J9lk>l*LZ+h)= z0w3x+9EVuXq^ZB(uCZfQI*5Jn5iHbDlU3l;HfoX-7heO}o~1obu_1xdPWC>|*J^^K z*UmNx_WjJ)uoU_N1}~D^{Z3(TK5D2gvwyoIUYM4f65JjyXWN<~W1LMAzN|G{GI_&T z)M2CydCQ@u)ako?y~gkY@A?)nXhwwdX*CjPg~NOf_qHe@Jz#+?T9;cN*sM_os8$Za z+&Emfk!6v`p=qGK15rHuGQ<6d8JG`#*2TxlZGSBcT=i{&i%>ZU#?n0oUpXTzVy zwZCdpCO#C#9>O_GU00d^bD=Ob1Zi`!uT(&vmO*~(6D8C|*28jVS|e(HohO~QA4t0{ zM0%oO)1p3a_KH&>X1_qhJ+OkaHwQoj2DH`9|vcb24qUqRDUDdORgJN#g#K zOJDi6`wSdIIwj)!?G05?Hc>IJO(O6$T)ABkTH061$7+#rBPJ`?4em$b!~3iUe&s!} zykAD(U;A~X5*Qi&GkuXcwufbJzvpC6(}3r5u}kC#`^w*RQk`uiM)Eq?UXX4|;v8m)oCjR`!ePz!CICDeujo zK`kO4oG5nv0Wlb3Pi|MU>67K}hehoFV;%hKO}BthpFioM)2EQ942A5CI0IbP=&^`- zgW<)qa=Eb|X2=p+#P`r@jxU`wJDmD}Z0eY9y$sLuQ(5Q6C~CB<^R32B<&C8SkL zLD!9|AoeF(XE#6AocO(jCi3nj0nK99RXATe{4yd^9oU>Zuqp8lpQ5fOdX2Z^aZdTL z#{3&bA?b|h7Xv;T?xBywBC~Zm;?@*ug!X|=jTGO z7n7aMR%AR!iU}PkOoVqUq+HantURbaz8I%q)=<)HPHutteaB&{|TmFzcnZrooB43-{ezRC)1BV9f|WZ&Tt8`fQg_ z9L@;}D%@wa1eqe8nktHxWZe|NdioTg1r0Cx8i8y|0{N61#$--!KE@l$JDeA|K4Ir_ zL@O`(7lb05iA`mbxg3BzbVM{U?CGcj(_n6Z?~iFa!APdrs5zD|!n9oA71GDxb3If* zjTrLfozIP*#9Q~>2RyPSgwv}y{q=#~iC>fzjQt0cVw79s1HT(!In6O}Fg7>u%I7B* z^?2|ebxH3rLebJ+@G%DA5hU|E&>6AtnzHybqRl!qMaI#L zx68X9cW+BqPbzcLyd-%&e_OPt*li}wCl3ne;4n;i8) z%ps2gBXhqYzY^Ec(CjC-mtGv>z4{BMpwmn_=Gs*R8!4lVW2D?p9S53EoDJ-|^`+JU)EurbKb~5r6&O3-G4?>H2_U zz6NR!m;-Wo7EZVPwh!X=`SfMYY9MV!?Z_;?uqf+&8Ycg| zQ-xlN^(z3MeDKxr=JN>^w9fJ^`)*rbbK&UBD#jH&w8?Y_|3@Yqbn>lBTUbjrqNF`l z740_8=r2#ddwiWtlcZ#Z-JK!=eWIH5=cFTV zo@OxfS~yWp=w%x6D_M_opdpC2$-)L>K|7L4)}O_ZNck+!ynIzK&X+knzOlHVP$aC5 zNZ7}^HGhvOsqB!kJH?BiAqH(MGjUjW^_i>q$*OwTR#YtPey%qJaW%OY zXqNAxeRlF3Nxwi(4$52(MY>-2tN+>FS9X5<%a!V-XZp+FwdtlxewUiM_D`<)tDo-! zHiD1VpV#~k#S!3E^<%r8dwu4x!fV}lxymOEft64k@`rY4UxL%i$bi=pWiI0@dwXfD zkM2LW!&VY|pK}W+1bi9E@gE@MTW*2DKAz)Szn8(iv%?L32}+R2#`Q}#aYwxlB=c1Q4o?xbjii4XREbv=l_#;xpzRK_XW&|5{$-Z zc^Zx zXJp&{gTW!x*g10sil*h2UZ`;9aU3*g*bWs?oGNXK<#T@@9L&cF0yYFv^;u8-SHp!> zw+k=X*xX`O1svn80D>fIyEj+9a($h{Yc?9fNRl?svyF-cB<&~#0A)`m#PUT`y5#5@ z!$V3O&vP(-;!yGkm!Pj$ynF#9se#d76R6mQaO1zP(~jQM~NFZ#aAN;IwP06XAXNkS(Za z?{J{jp(rsB(8RC~9OvPBGO!!`G9dH`=!2aFyIV;~&F#`zj=X>0ZUBF@1^;>(99qAB zUwz|9oqte;O{?FGC}-ryjF$(~Q29nJx zCTbI2oqOUPr)uwDxO!18cTMs55?h?)IpcpRdjKEp$QT9Y)u%lIWpsvWdUDg?2uG5E z$}7I-7OI@JE;yR$U9Tt_TPm$`{~3U=umA`Pg9Gm72Ab~T1NT&4*u6L*YY9IRRwfbL zlJ541>(XRz_r!6Pt2t8}kIGN!{2L-tj26EFYiXboicx{Fs&0I5uCHomCl-Wwv^a zFaL!z59x57Chhx^q$@8!u3#Tj;nbcH)S5e2(-^{C6OHHA$FeyAPrt$%xdrYTvNMu zmehWK-yb4Z!}|PR%g9iJz<%}zH7yo~dOW=EV$y*%^~{Xlp>LIn#F|CZUB>8(6NWb{ zvVER*v#*{19Z4460?_y9WJAz&Wj|Q~-v1?dWwg4wM-T2}%j56@R_>fQTw@=(M^XbU z+FmVrSWJNjL5cDKAS2_4@o4<8q0w|XE-mBxVemjN0L9)dppT%saQ zN_GWkREHR6u6T`3ss{Ov^?oB$1ZL%zX770~j%J53cj&d`*3_EarEKLj0*`OXHeN~evpzElHXPBnnBno|@ zHyt$BCWhgj4OxT zct$1#m7fn=e|3t(^ue$ONKwq}UfqdwP1s79%_1C4Ge{kijtX55mrM-rK28y9Nhh`Y z&5rlFnqUe;dt$EioYp3if**4rM5qS)PIq88w!3hYrn224*PCFKADIU_g6Dq^u8O8{ zj-UhwpTR5Z0AQUQ`dbL|_h0{BEUEAR6A;+|mf?r%bLjPif4O6T9N9dQV`mF2WbUmo zEU~2D`>MVFlKB5|82=CFZN6!d5|wxE{1ywOWbUbo^is+^tMf-|K}qCKa*k%J0Er=+ zbU;DSDtTD(7uk-!GU~j&>FP{K8eNMBwWZAIDuo54AVTN2I=6_ZJRHyZUBTPWzqNn9 zrMSw%%QpF}^?4cc55l~0V=Rfd2u~c#&vWYlKlFVTkwqyxOBszd3iGJR6*LyIuXii| z@gBQEp9PIYp#{q6qr1t~He1-~%z)Gq6BoI~A@Pj+R<_GpfQo`UGBQSfzI6EfL+No4 z1dARWM%2WZRk{U8R!(6@--e;DLc5Ec%*43_Rpwntnyzo|2b(dlTvuae(X#I zfE9k2SIF`j2Tg1&DXnqVIruId*-~jLW`@X{_nzz-BO01B5+{e8bOqg`X)okHlv20L z)rASxH^&1ioF58}0pggRBw(rQ7IJn4YSH^%tcb}r=D)Hy{kU)!S4MwP2p?w(q|Lv9 zK$RyRx*b%^30?7>8erIQMweF_OY8SPYB^jJOS5SX6L^{_M9Br3o?EL#K}z+4M90a)Sh(HW`8dscXOE@hC53#J znw%-pVdxZn_XQ>1ek&jg+V1WCS{8JGMr&HesWlDO*c<(mzv-RclaGn=$Ubu%YKtY< zDauCSy6OW-F}I^JCcr)+{m^#+Y~z;ybLJ<)iv=mB%~_ zrN&9&As(j^x|B?b+a06emntV{7s2b3?jv_VdSS7rV=(U$qtkC1{SYgsCXXXpceVyp z68kqhXhMspiGwfq9T@2$+#R+fjiXga@N$qC>k8NIb#BK_9iaEv`qqk&uE57tk4wni z(r>51cPxzhJDdRn$dR~g;`hHBOi!ro>Gt&gV91Wg$?9)4U1rtml4Y)-7jq`nO4`c0 z(s$J@6GAhGBVa1>rC|jSI#VI0YomFkND3{|X7MuypnI!FtLdBbPlk|~>BS0rrsx&& zl@U#Xd#3d;{9%mp=dAU}5sj-X%LeWo`0jJm*U*ey>$3uq5W%RxqhX&%pp<4x7OH_! z!m!ZEWfcG z97f#;;~ToiNox$`0`|95OOT|UasffMCeVy8u3q?Z$=yoW(ASb0S&z1uBR!BivH?xU z28-MaxLWy~)8|b+Ge5TZxVL7|6au@8=jY0qV|05!hw=pilJoi*`3gmFJHSks9XpDQ zejo^m0H~;~2QlKymJSxWF?5+HgAr~5+UtE<@Bl2>hZQW?vvQ}gKO2X?9IzO?QAB5# z(y!IuqOG}>*2=C5mn9CYm0a~+)v|a7d}?uUdt*J=5Stvi#)NHVSCvTlHtRpuM(}z;Pb-U){%dQ?`X|Koj9=I7aCI z@@N|U5n^~#1nL%5o5HH+RazCasO%PC^dyf=hbd12#T?TbVS>vSoa6H=){PYaP;^T#wa8w6e2M=WM8msJX&e|kOV%r7xolp%tiDa{ zW8&9BUsIw2SBrjamD1^Gt*sY~MOo+iH}K-EinT`m5ej}YfcyuD$Y>I@7_?(W5;+dVrZ1fFj5Myd9h*(vVrWSl? z?y~VU4^RPR=nBIYU(=pY-o&3+KA#TMi`uQvi2FhDUq`Au@|j~^cruoA_QyKB%z1Pw z%)(Ue7Bu3h%9yX@#E+gjP0V-DcgYJ*7 zDp$cWaDoxW^r}E(Ay4S?`Gt{?59@Zs#6<0Cd5q;LT))4M?K)pf39=Wix@9cL!ePt$ zV?6*=EQDl^;M7Z&Ylq!3o!7s+R>5>YxOBRHu}t3Go==D8VF~$(=>VrB>pkkbTFo`{ zrM2^0?WonPd-aH@^a`23epV7r@(nvMPrW^g+gcH(H-~M|T7?FFRVk9GJtJ+qZm*K@ zu8a68$@`pC&PL6u~Xwx;Z;JNCmuu+QiAXNSgzGT>nkqR9|sp3&gz?v}_eh5H? z4AZOmh}p0h@%Js5K)=33+FYs|eZ@7f+HqpgkKYMvEvXw#Pb%GAiOtoEhJe#qpH^#^ zh%Up-q-v==er;7%d%JOYuJh}Q`Nutdm)+3_rIO?p>XggQg!5U~Bp9#Zn21u%kL&{L z{0?dU&3!PxS+6<$GN#PcU8^d@JJQB^{Aw7wk~q5c-DSjuzS}IdGwxEMtTx|_2?%Gu zx^O-?G#%-^P~5OBn{hWs(7Ag1wFcs)XkFqq_)!a`d^C7rAN1U3#s>q9U0@ik2r8&$cw}tQ=iEmHKNZk1jtdSx>*l zS)EG6vO-dr?^j?|q6>b8Jfjc%e$RyC`*B%~B$#^w>|9-p_bxnh*o-=cT>n8ho(Rk3*qEybix((uks-^PY~=8jV3 z<8SOcwbHtMnsHe>F-BWz=vMLFhqt^fcgJ|QaryMfnejgvitgXo5Ad<1GVt6c*Km+U zKP;Uaw@UJJ`6qnKB-iTS{#&%F1_l%%+0w;6JTy0cpxDWIj|jZNrM!d>@8_*a^MEJ$ zHF`yUq1|d}+2*ZD<&}4Q4#>sVM~%qZmR+%REGC`Kw6AhqpRwN1?p6X`k@m{4+Mngy z#>O4=VN0;#)Lx29VPAjyvGxXxpiX$7wj8aTj#<(CaP|~IAX7TymX#A7P!M&{2qtG{ zb8CE|hz~c>ck?ev5qX!l7PLK_$n;0+h2zkWBQc>QL(bf1D!cn?9nE9&F@2k9Ri;}) z%(XDoqXyq7^)2JE23ku{&J7ih99Kd?sL8c_>7sQBd|3$TMcr%mwKE~n>fXlw>Yo|` zuY_5CaIZiGpC1CW_~~;MGZl^T9gyv}R0y@QeTXkLZVU`OlpL#*B)GwO!ZfU^PKDeo__#*Tf3+sk&$O#Y5rE$jHK-Xw79_sHz6% zyXLQfb&4(3i2y;;vUDf>*HCLhkgYF-QQ4AF@{EuqU}eGm)qYOlu;(=oPP02pV}lV2 zd&((7@hsS$hb9qB6x0rJ1IEIgJWVXgNd>nqdtho7OOuYLz)4l!)^z?mLb$@zzWG=Lf{Lf%JNm3Pgmf|RQma9>>|i|BcXE8rx+KsFy=iS z5?SosN)t?be0)})&X-OX#gz}Ej42$4yl?L?#h3jue6j>2eYwDeZ(>>-l($m}*4G$J z$Ue@=@hGHF@A@y67z~xs#h4j)-HwN(1+vHW=L zMF%1F*F%+mqbi~rbq6F&vF5XTYUw?!z1(?u2oUDSI38nrkS$%V-I!DKqCB|@;kv`? z*8eygww+s~2U{mW+B-bfU`au}c5&ymEtm_CSI^o$-Dp~hjT&j#O>u!BXQIuuuytxJ7#qXFp@gGAfI7Z`fQwi6>fpzQu2!IO9h)pIJzB zIdKs8mH7SV$K;>=_7TyoeD3NVcm3{XCGb@%wiS!906~?U!)fOe?89%oUEY8Ftcfnj zr{r#%tH!kaxldT6pqvfJ^nGHo z{FvSL(6Lsm8~HZyqIz55b*-jTOOQRT-7U|ZIw`Mai*lK&aWilo;@89jRz3~`!Oo8c z8U46x#|t@f1rfW)$Qs@2Sod6_;o0!#RE44Q()MxdIX7jh`rWq8M{|zH%iD&gD)i9O z4k=n>xrw<*;XLavTTT{`dFRk*8d)O+l~x@FGcBbnB9vRPAcuhxo3jEOr{ zl_@{16jFYUR+3E6IGNauK5q_x_){)MX+9?F zV;R$fAOkuWM7-hjc{FTkRTxB6U|QIFS^BX@mZ+Jd9-XVl+nbvUN%+qa=k@7}x5G5h z2LkB-7kTd$)>ON;?W(+pq7fUSARvl@Ac9EINC!cBRcaCu5kgfVlmLl}fT9qjN)Np! zl+c@kf`HN?bVN!Zp+g8s2&}>T&N;vN{r|?=SewfYJv^u*$;cSbbD!6F1u(52jXIem z=i}5yG$}9HYyRG?eidGTJ;+T?Fm2rWYz|#+R52pPac~KIB+3m&x{l^&XSa9{7k&Zh z!y1@3(TiJPfddyM8BZSdv#)Qzm@bWK_%RUh=xi?5R=B_ZB>;}1ASPB z(`nrdT_^q-(G1Jo3aa6i832{%+Ir}b@63vOD5fq{~Su zCmG|ov2?p&L>;idVuGFm*8F>#zRuwXd7cIzcN9;q6&@%UpuV0TG2e~sF9OgZg30KtqTjKDfbFnl_88kUVPDWfIj};HHdtqL+b98Y%+!RNTg5&KX_F-!i33e?4=Bl__AOVPEkj zKlTAs9!`?jT=>JqIQ&d@rl15G)|1|1FT3q*dET+d3eeLDTmB9d6@)83usO|dUN8M_ zz2NuJtQ;+1FI&I)ko=6U-ObG|$$ApZzw0Qx{tn@hl~U0S&h-e@_v_b4522utTefFzUDPIUzzDp)B_Juw5?Q75B(@cFeTC7jAxd3d_4*oVATBq zS>Sk+Jw+5W5V++mR{V!;yz5;mzqkkgUV||!mv|<_S?!=aI2L#G*p89qz?Gn_f#S=& z6`6S+r+S&6kf)2U!z2&ES0I`z+BG7%JSj$|=-Zjv4a7NS?R~3tfyke!o8Wu5$HKHb zJVuy!R?$;hL+p=-uymS8k-S6^*R05nwLvpZ`0Av1(NE-FF)hLdy)t*q^PjC?ep6ro zIDvG=@0C9N5y8b=0}TF)3tP+Me0bNwtD_a)LuWBH^cZfOgXax)x1TAuTOo2z(W51H zS`{Uy4uHj(hrDO)l)V5t`DI34dU`K@1M(Y_`n#6@QCzeAZN9xH%RVKN^?j(wN?dy9jSJ$Y?oJ8!Rl_ zr8-VuZs6nfubg;9{FNr4+DjhHy`>KaIOrpS^U>$Nm^tq9N_J1mz^SovGp%ds&bKUy z`I9yY)?C$4-5OZ3s52{|xSkF@ zU6Z=Zb}F(NnLA~v?)3KcIoD5vD*SRO)`slbWcx2~Zk;`XRS<6^>pvcWQ8DX-qd7%O zXP=(h%1lcWlTmmZ%wycGhQo$7F7}Npi-if#ULP*Ik1L%yrshM!?445X0P5cedlY}= z8}EX%9Sz)1mNEwS7I_=wvwQj@r>=i{qogKg>JccqzIISb|F8RRJq=>e$s+u)uO}oH zrY>i)Wb3p`Q7-3C6;;|TB$%jtpt_|y!$#rTu~~bBocpRmL8lwg{O&>iT<{a@mq$** z8P;$E@!-;8M(^ZhxRrHk4O$#H&0pH$jjM+OVCdGNNon|3U!?LcYUTOA_h{y;fbqmF zpVgDz6TYPCQHSw4zc=%}S-J$5;+3OMzOT=^?e6GIzDoP@-e&Y%Wbj!_ZvFiM>&g?; z*L>f<$5p*QgZH3mb^xhJ9`~czlba)M+K>BN!UooE6Ji^r2Jsml2nt^FSwPyoxki51 zB;9bffI3khRoG>`O^Gx#(pHhp0{iyRk)V-E>$T>= zCXjhWD@38p$3sUVi66uBG+`j!OC!p|0bV#E&GnMQ5mHBlmf{M)s4D$uD32|qaYJOY z+&uUgMIVvv{3|?9rips(_yL^)w00-O%Di$~2Sy^)!-q~mM5f9w*X+8Sf9G;HFipMx zv!F@kJe=y4zWoIoJtg1U88u&{Ul1ZQ@`xl&2d~kR#ieQIlUHUCpXzXkz48f&9!^MG z?TV%*F_-J~Xwni$Gt7%OR73IGTg6ud5$d1kd%?tj6%JderkoF5RM03{TlFiqYns53 zv&E-+i_Z(WW(XXL{K~1j*OjOwsi}C$@!l-)kYfLNRBIQE8aC55!6Sp8x=;9phZ;7z z5yE&!S0-1j>V(x_A5`iV20wd%I9*zryL+SPDcxo0wDE+j{*B$obu&YZ2N~-X1g%hE z<-b~DTj1L-TNF`*7^F;zfWnQF_6{c>uRVFN#Es7RKDwtS8iWk9rHh#Y&_9S zb1VV>>qhm_KJvi#_Kk=V#EL9J1(#$xm2f5O(+=`Lh;h$ZMR}&>&(8?HsS3^-(ailJ z`{6L4DBzoJZ(b!Q=xBQIW5t_X>m^=GR)R;;6(}V*+)ZePW-PL?zWtO*V07?>PtW;c z3>O@o@`Z+bjf~#$D_3Jc_D_6|@s*YvAPVg(_JAxbt0s(3{#jg}zxKJENN2@}4>)6p z{I8?=-Q~`-gEE+g=Y#k;mr~qHM|->fl_V4hFX>6$*^j1BZoISIN-kr8K_a%z@T4Oi zq)yjp^I0u*B>>U!)N@nJH&zX+-wLW~PlJY;ap<$F&L4A<4HXNJjdfaF7RQOMjq6f| ztZ<~pvASU*B+UXMS>^s(Ik?l%O1_6~A@z2GEjpNdeX(2>#FvojKMiWQk>3b3{>n3& zAgb)`S{4)R$CfwXbGPpbh(lVB@OcdQ1vSi=(}+5TQQ>)5c4x;DEeYaUdk3j{WU0DU zr0YI_dlgVd+v8kroQkOwvvQd2dogf?e@+W@`L^4yUy{p@_<@!ipLk%wK^(9TJ6o8)Fk%g90a#Yf0C>mV|e*F~b@9r52 zqx1^KgTp*|sDYt#DKub9_Peu3A0n+q_L$CT*>4L8b?L(BZi_S=U&)uF?E0c7zt}L+ zek$IlG^u@Ge*=2mTFn0KA#HJN%1!rS|$oCLLEgWagSSj31yvviWj;DQ?i#$Uhd z@(xqHrtCV*MuB-$ZbPq2x0*iw#x2+hIYE7v_T}_!$@*~ea;FINmjHUiJ`9hR?GCZ8 z-XP&?)(t`JgD^UD*`C}! zwhQ?w(XE6O*_S=lMp7XIWm#!octLr+Ci%c?B&xUHw^-n|nIKrCvTz%*Wx;LitCsID zPzmtNa+AL8TEqzF=dCvCEoSX} z$nft=jf$;jvaIu?`@sBi9G+7yQPIS^j9&e%?l$wouJ^3;tqjlJ0 zj`8KN;-qn9vm$fxcB@MPYrs#V64;YAv&Lu7aSN(oZ)zm!tWb%t4bW|baYHZFAb030YL`>7@(?YuFG?1`x4Si7xqc24nl( zso}bSJ?3Nw&YX_kDobTdLoY1hcTmbY9=iHrdw*c6HvsYPT1S(A?k7K8Pn#m5lF|>L zLMm73<~rrI|7J~|vc<|-K-=WGU2|jsY}$=MViv}0T|u(i0B!2H!75aD`myuG64o@* zPaA7+17;oo4SH#^ySCn|mbrw30Mm&R^xy{pN5!2UPgbtbP|2uU%B)!Ho!zYh$E>1Y z^-*YzMpTxd69J~?v86pH3nnBQ%k@E6ZH5f0rmrz{pe&-Nv?mUubd4n}d)&eoVZ)Es zGvlZaMc$_kNHiQYImpKyvyrhQw>$gdit+2v47;n9bd99!g>&@|xoHeQSiFeUk5+59mo&ULQ*-v= zNYu4}mX*{G?Rk!KW@(f*rb*o5X;}R}uP8^OCU_ME+y4s1 z-!C#(%&za;+5LK#h{yyV#lr^LRx+mH0hMkJ3~OH=a#_t$Za=V&1Y#bnfqkqO<>?Q> zJQA!~E}!W9L>8{gSx_n>x{`g5C-KdyE{Hn*BtIl#wwQWm4VsA4M=5z(M13ESaB|=D zaUyH8&%gT>FXNY`L(*K_LaX z>psa$8Qq%mTV@+K^!}iH?d&TbFsTILY zqmc?dUx~imwF**dK(^m(7!s{uEY&2UJVI19%t+HXTa~8Jus_P!ow@=nh0^%KPgD!@ z%FRUa(B8LuRjh=mzP>zJ<5ip}@E62JZk{cEf-7Cx;%@)YzVSeWVK0UGx$%n0TS|<`IIW2`@>HpBeQD*YeqG3e^^_t)xUah*-CB!p zglVx2jrM|Z*OTVUiYt1y(p_aN8)D>L9cVCCz&d?CfHvZc*~;%pVjNl6o?>FjSLw8m z?KyU$k_?+7XN}3bZ_yoOA2@o2%=$6!$1z(Z*E;EsN}T`9aKXE7%7?O&|Iu$GXif55 zy!%oZAQ^4~L3CFmV5E(MOy39i0W|fQ6j09MqaBRQ`7BMnCiuX%|3JD5JE-=QRl|;P zV{$MXyrA3}whB^L_S<>y^L}*!DX@*5yLdG3HECoKuZJxJ?wgIBuG z`X!4#zU=S%;Jn@^8}lPh^DY$D@p-*X@wTG?(wu*li{$zo9{NT)_D0^iU4r*hvKn*B zAfhWO2m&+Iq6X9jryT%`QJ-Qb6x#7^g6IFmRQ>+eXEX~S;o&4J{Nsb%)uPW;4xYBf z-XHiAGB!~;(SAYC=*T&v)iKEwOx)8q!u{Rid<6w8yzSW;;IpSH;0G_HLvOgH%64#w zJ@8-?6F~nVp)Ag1Yz{C3v!c#s+n(LQ!bCgSy{wny%Q8u+#b4LQjWZoM1ahM)C$bBdN`nKw8E>5hG zd0zt1gZZ|gFlmxJ!M2~$#&iTs&$PKMkJbLk;s^3mOIr2DKdY#Ni`1)}xNa#aIZUTv zvsv9nt8%M{<9lGd`NuDJ+eG`0#$f|ZlxWmrpMSY@Je88KVbu<@Pkx3iu!(n4h+XyE zzY1=Z*YiER|N1y*_K}cZQu^#>7F^t%500=MB`nF$b~X%ffj12OZ^BPS#3c7sXy2b!ue4VOj~(ic-~oWXAM&d} zB~rU2F@k$ZTNMOI6c7(T@G$Gn^P8(%&fErE9D)x@c6xrE6iR2we0&FbpLX~O`}@Lx zDRyN^1~-aVR+Mk{ezV6%Q1GB*UP@1iI@ryc;_)NmD-MV2+P1AjsJV*F5vRvlYhj7UUo4tJP{aje2wB^T>OnligBPlJn#d6!`HtGiD8WG)_}#) zPVuz_UK<|4r=R-Ea&ru|M(0aB{~*GUsg8NQy(Z=m$oR|)Yc=XEz=Q)hXVP41#L9vV z4~{(f^X>g#|0#O~*hjMw#1G8=u0){7S+h@>k6&GV_<;|k-IF3S^W$q^JoI|-ar*NN zTLq1J%^9cF0V%;={3JbZ)NvA!dwlG@5!x&8hr}I`W;b7bNK_{2ook%ePNo#dPSI$n z)W3D0f;Uq5r#sF*QlS%2)~t0UMww%;*#4I%;&=a}Tp{HVS*+UYBh|b!1I73Q2iOlK z{WQ}&mV2Ok_kX7ff;e*>i9*UUZ#8fep#G?)Hi7@boDUoT=Xil~Ri254iMNJ_0f=aF z4}d59aX0`z4Nd&_bFihMa{r#G;YDD11bhk>v43K?4izf_o&>o<*a~1d;O{~R?Bg9X zp^aX*-B>nte?8l00fBVN+C?infCX$2xEFfY<5}&9!E*z1oXr$0E&+J=;FtVmNHZGO zJ$C==MKBsp@b6l-+jwYQJ1$9V2+E~|d$ByP1%WvnYk6P+txHHI3jpaPm;)5*+L*Bw zE?@>&996fIyyzs?TWeDi%WVmhtsWw=?dJ^Oh$u|^t+`ssRuBFT@gDlmhbjIPD`%tc znzYe?>b^1VB4;PQe-3ZoIC^G?)xwv&8#mOx_nK{`#Ur^nAtz-W6le{ZeV z)YOWtMD}=UsF@r4QEoM>X6AdW^a8Z3HgHCSXVzot4ZBZu6M+XS+0>^ zPXKLaSS+F_c>6--1X52W)y+#-9QvkQjL|sBZO2N2^Hu z@8j=&u^)uLb93K3V7sj~*BexS6KEW|(CQoR&$} z^9)nonog~Xyk+<2Dt{ExH{$3S92Em6guUS%>3jF-NCGx+vJ@XW^j4Q8Rbe%(HZV#ABU2&#!jy1Rpe@Rr#7<-q32Iw+(!)dY8^`chhsS zdiTmMy=~@G9#1WR3y$sj?KyAmT=w4IjtaoKp3O9w$AbPojOXir%M^r|)N+BP>iHMH z67=w#@ctjUREE9twk|}`(918S;>P5yL`DoSA?}f^?OV4Sz1Hz$d^V(aJ&zUhOd1kZ zAfOg+w_qL(@fV1s_w6PSAdvt~Hh-R;IeWE8ug(4uPb`n($gTUBsjUi#RlG#wl$=lz z9*_5~&0utI%@I7FHg@^qywE7<3z9k5C1w)6I=Qkc|AV!E@# zH(){dyYP8{2gTSWprH<)JOH!MR5TonkG)C}ikHtCNMc0Tw8pM(>&IL%R}@vY<+b&7 z5#+y@ISZ#rDY|#uH3CnesvY@euj`r48Vq9IcJys+AkGtkug4V833W`?8|1MrOn62> zBsKQKn~O4q-%8OF)9AI-O#65N!QI75xD)W!qVzI+MfTD~FIBh=QuR~qruzLb-Y?uX zX#(uH?Fa74cvjP^V|;Syd3N$5?(}xJy$mvC>{`5hQP)EUIxr&Kb$gszmd@hkI7E=C z_aC(maMaoQeJS6($TUEh7=nneaJPO7C+R4|CO#$$DmwA`36$E&Rx15HAN!J*K`FE> z6RYuFSvI&AHpF=#83yqD2JOsv)KO)CBawF*lA7e-+l2So0AWbC&DpqGAg{0ud*c0m z7ygb@Ho||!Z*pT}O441ty(43G65-%QnaeLI7ze_qrK7o@W{<(P>k@&$;@V&*MgqUo zU-mZlwMpxM90ReK?ueEZQ{LN=+}YJJ1O)*(MCMXd3VPSKv1_KybY};^=2AsE43`SZ zahXr`D*Sa!?R|IFM8-bv$+hILV(|Xo<#%##{(QquyN@UySP`$-!$Iz4z~h*6@{Ply zFvdgtwR_9287&L(_?_{|Y9Qgj)Z8P-L0{H)c4nq|+>*~v+(#6{=^&u0sycbuBN*I*;)vp=-O!DuBY3c2ea^bv$g_;Jk7tKiE?gynM(UA6%X@ zct@6#Vj-PJL>h8t-xC2W-duWl{%)3v(R%%AG&CpmSzh4w^4;@%|7qFCcv=&4vEzb-DRovb9d7I_c z9zxb6##HoB(*qX$gYo$M?;ip(T=dN*B{iuTFAJ2+S_<&HnO!**MK~0Y&J534T0%Hd zQholsfGy|G4}r}`lyBgNd6UHlD4%noi#G3L^HLDX-IQ-I_nzu<3hT{5o^6V1_PBr9 zlQ(1Xdn9=lA{`)S3=kke01Wki^^VtgsiwDFN=&RaSqtKA-?LVTGJ}a(Td`(p_J*i& zUUkCg`uo0qF0(o?Eie(ISkVi!&S#s2_;yqC53m<7jb8GBeo6bbpWQ>!?LEW#-SE_o z-ev1Hk6fa+&xt622v@FefhfZx8?$BhiU7K?(y_;Tr##yulNg!{^;{Y*X{zabh_RiB zu2}ASB#+U+vj`NCC8+yCt`LNpSVt5W{nn}NgWq$Fu7JSWqsZ!r_?Gp`%}-jq{P*ev z5Q?s2Rkx5f3wZXdJmw3Z`X7K0b-XtVv+b;jzfvps9(S~;ps2{zGqv_sdkz!>UK!CM zhAkU{G1beqZ5|PI4#HikBhD6h(*bYbA3|3q1;2sOG4(a&S2{h=ccy1!wH)h;Yg`8J zDdjQrM)3gmh}O?jsA)j(Tl3b)&ohdV$5!5N36x$NA@=r_7Z79HpVCkT^0ivmSmZDy zt;BElJBO^J)lRP)?aK#zZSNnh8V_JXR(Zh;FqSLV7t}80jE)1bf?)|3Nq)R^ZzDUA z4!gNZi8{Qsv@EbsGVU$9Etjeau68V2GOfLh8wHdiR1{4_b5&4ll*#}$My0aiw=QSV zkLU?1PPyTuRn;)eaH=Fmc?msuA-<7IJau$IiTXGUwrAMW5Ysp`8wZnHb@5&Zkv?eH zkM&j4WnxA);51{gg>#|AXs4aEn7q(iSw zDEohNA63+8-qO$acQe2C?y?T7zZ=~(g7%j8->F+v^1d{E4^ZOnZE9<%n(gk$FR!GG zOm%`;GJtDAGx-WTdoJxn&#u@9ewaOdX>_I55JkYl@G5`JuKe=mqL)r=MOhJRTQ4*y zX;5WvTV>nP8JONm2I_IMv+>++xl>7_xf=8y^FmuZrtVY+(*^}fF&47FyfTz+%x zc!8Ji8vCyJPE|JSOhRcZZhoE$;#dB@I?vZ_@{jzTijo@wf}G7jn2Zk?1$TV=_N{** zXTLWJB$Dxh=$}88my_b+1N4!llZY~7-jnrf3BkeoiMv@-(}J}G+ckBr@4CFaDadv0 z#>H{(N$Li$Dv|#v=&j$p?1;7-b&Rj5{e$0gZq7#2c^VB`d$w$OM|KChSl)X(Z9bFS z9dS%w%erl$RLz?sTJX@`{#_uiwgK20>{_*JsDoW}YMSpx!-Nr3NixM00_n@WX?AT^ zx0O)CNf8p{7uU0dsRU)w()uV zx>qwOHH^gTk7_0q9rsdv2MJ6oz6snIPkY$GGh@0s(H5ANPGix;!DT%wFIEs~xE=1R z=LdO8d2&Dd<{*AgtMS*?Z}86;gLVIFT_N*zzZy0=eU=@q9$~ET9?$UCjq9%iiR^sh z47FibaIZ(OFFb7{+k-!aW62J2$rcq|kqr2oJjf!GEUnfqM4d2j-498xsq_oUgj~^v zk7kZnM#3pWvm4<7ze4aq5$&gOL|OX<;HQKyBJ394(iDD)P{4&+$=(Cy+O?=?*ph>l zAD#<;Az8e(0+D)@a%Hkww@_S@T zD;`V0LU%A~xOxQxV(Td2 zYfl}%APILI+MAdPj^scsh)gT(0UseflwVZ#8R}ZuVF|KIspU+Tf5HN0*IIocGQkJ; zRZwdbj}NGwN~+zBQx13Jb9LTSNFu(7Y8~9w-Gh5SQxXeYUtf3T*r}U8ZxuT>cW-Zd z1qF=`?=5=Qfoh#D4+}5whqG8~O6~aGZd3t`p4_GWV?9ojIo`Ni9t<+3m*dG>z3!}3 zA6NC}D|>`iL0veXtDUc(uvo}o;?r@f!8C4svi;OxoOXfkfUb{(@Njv$ zop8>o!a`Ne;U^$4I>ZD)We<6%*N+fH@mAme@kO12Qe zU|;S|Yc8Gcpu{!vl3-B?zLcGZ)mul=d4&_~(OUYy(pXgSQDF(9B!+ryB-R8vknt83 zgxAt%yZIy9k^;Dv6wKqT)f-nIvO*NC=Hq@f`0eQ@PG7yi2y$1_an`i7%<$+n0V~6q zA*A~x69n&I+vj=4s^Tk+F8wM@dw(MuU3t%9GCK0s)v!*7IbPmR3Ch5T2_Ob zn3rsdaR4=9VNXLMXWNqse##cX(&99jLwM5n3S+LrY1y4QIKLQlQ~8-v>KGv90t7-a z?e`p(ZBo5&`?k+)Th=_SC)XH5qjAtEDwSibJheg2Pmi?@^(`Sbw;CZCC6}=_R&T4r3jvRg%LLfyw2JNTtO)avw zkJ7z-om{WAkuJcq$V-&XsWHWH)87&aon`Bp{trf|85D_3kJvi=d_xh@qrtB}b|K}G zt^3LP&`|$+dBn1?1p1M{K*0sDr(*`~^nj^Ft5_iJ7GzYcRsbQ{!+g_ot7${@QRRph zjhUW4=KCuri-gT17L%0<)qz`;<$;XQqkf!i<*=JITboL$g_Wx*xyTA>SDCIT63gg*hKt3Jlv**k`&9yoczRfq=Ln{qJ(k>RR}oOSES zYgD7VXQ}@BE^R@StH3$@1W&quj25*NsrxJ*`Ob)UWQA?KmI1xof97q;&g@HcbXRXk z<+k=h-HvzaJ7R8Jh+>0$==|19h;~n=D~hU#WaY=57>IW*V43ZTIHO3!f}M8Edag$y zs44BXXZXN9tw?;w{6%W`p!G21pk-u5 znWmWRWh*(WncCbOz?jWr>GiN&hgE>K^W(263!g9cI|zl7MA)fuEHd>8cd zC)kX~g@ozr1N^JrmG1qJNDGE9E;+j58Xyj;B3D3LUA0HjYdHDh!pMWXV?T!-K{D%Ih(i1)sI~<2;mym@6{=h+nO13CA!dDwu(#@ zT4_kE#x+mFBc=B8L%M;v(+1%JYd{!+RmN0oUk$4r7i*ez|k^Nd_bc?J&EP1@^x4{B}Y@4a&1{Mot>& z5H7VpvO;xEfkxF6t&QHbJJT3H@!gSeMs*kcao$`V&(*6i@wCB)VD6JLoITpicQm``-8@L zp{f+_&#S=xMnHF6IFRsh-fDk_O3sYS5>-U{%l0rv>}V zE*2b5Al`bUMK5nb$#%z~ov`}|9_r3nkY7);pF`1#rz{^ z-@GKe+0hpq{BwI-BI|JE)4)b!^{m`eS|G5K)H;ADYB4lrS(k~lWvRz18Jc|+z4)Ph zixwawvDy3ZRQ3rk^-Iazg2UK53}$tq@ZOh zLP(9}{U+9v6#ar)G{9oE0cpBwm6rSU-eUC^AaSV7Xl>Lxs^)kztLVUAR6Q(IAbW3s zzQ#+^2}z~!Epr!QRX!9?)f+WkI*^qrF8U?BNQ)gQ`a}Kenf43`Qzh=q)qRB2HS14; zs++@iQS;rl*URA|Pz0BYk0LZG71?Igb$%b8s1u&vr6~P_;}Lds1wRl4?7v=>MAOf- zy5Log#&55llV92cPjWoZ75P}qaoYI6x6XFG32uVa{)VS>lCoi&r)+r)*`z)=Gpk6O z7<$N342VArqNhw!8z0^db_lfiXX}&mZ@ZVUG{~BZ+2X)LR$lEt)0B|I%Y{#Ck)bR@ z`Ykd^+}yK0(?=ThAdv+J0bRE2uzgVWl*rtKEKzF z{lkwlW!0`1t3jqk&|ecVy!^8Ls_Su0Th3NY0PrVUe|}%FzmYgSq@E&4gFH&d22vCL8JpIh;Pvlt;u*CN14nC&sQP z)+udTwGnHBjk$O^Vf}rdyY`dLr`G$=hKzT=0%7pf<;WXz(5>Y>c+amqt^r!k@&XOniR3>A8+w}c8F zsQ)?-JvRt{$p`DKA_mW`19wOE#Wj`EJdwR_OU@RBCjga9DXmtoK5P{(ip{!lYb-2t zDNd6**^6|}(^WE?VH0bbIIW?sV}UvCnkFN+^Q_TOc`-=s^-)eE3kF(R-JB4F9O^dW zxBc?A{i*tccflLo{?b0*I1K)3H9r~jMp1wmcuk zn`4#@3=8CSno+OanIkU(0-qc^B-H<|@bI403K9opi=3v*+b@q*qxM#lEZi?RSsd@M zgeu_&4xVy)YQ|>&nY53Rnd;{DScDagD4VNi0lDmEY@7EkBCNpH=(QrShKhE{pc(L;Qt!!0z1T z?qeXk^RZ`*P`Ku+?>@ts2fa_tC%!U<wP(`ITC)exmjKzR7pw9P zg?5l%U%KGf!;93v2b26PO#A&J!#}ND6o&IbXd_UfUEKUN znHx1qVavxbMK%{8W$JtbrVT8!bIA@x#D;WAb33keuHRaBxSN|Sp{mN}lu10v<+NEb zabiU6^%))Au$id{J|xbb^QEIx6((D+wy=>)y1V<7Sm3o7A%&FoJS->m+vC}OkJ+Lf z)4)GP(s26DmQuo`xKcVc!kd@f^hOv(dqGr@U0w8iMs@V$&u&3H{Sw=(sw&7fA+}M5 z^GA2YrKv4B&)@;q1+L0%1aI$^<2tKf&vCi84F)0yi?NYUAx`z-YhM_|9Y#g>-OpR* zB>9>_86b>Vpro9RJ;pv_QEkRSN{VTuosKa_q%BEEWnO16FT3W-{4+ct&;OU>=1RpO z6%rAs?upt!4SuiwGxZ&}QcYrLRs*}IwaK+!j9>|nY?{5TT|8ZbphuC(OLO;I@}iAG zYRC5FFCR;M4JeRG?nVXZJRL7QetoI0xgE{C zks+H}(Pqx2Nm|b@z;~uZ?Th}De5oR=mocVcKv_Wlwq36A7TIz1AkSZoy%^4H(#YTp zSW?X4vqOwln2+u5qE#Cw?yhkHbBi@WdRVVBRME!r(xRf~4be{0Uxa;kb0%Nv$|>iY zvfe-_{oDB|I-bW1Oj&9u%AiDpcMzZ|O3eYBLbdzY)v%1`uDm8C60q8KcDZG=5;pQQ zO-D677iTCPxcf`QqS1IaAI~td|9st2DE?NmX-r4wrwRag0?x09SX3nL#q6&);y>qm z;^f=WlMSRAYd89621)pZz|}F7&kHm69x7ifu@i1h)+(i?K1RnhUcSSjT_cCsD ztWyoB-uAN-xacz`%lD{wSaCv^H{EbvPqF@7&HhlE3+r+upX$0x+lRIKz~uRoF7Px#l*Lt} zytCHTpvwB`*zm_R(4P?p?G~?1tuVg32asB*d$JQE9eD&KAejh|YmbW2UD#PzJte<{ zXE^kMbC?&Ff$VZXz<$ttvO|60s+Ql|2Ra4HvyIG!oNC(M*zcQso)ulN&)IMIl;}N5 zYl9G*z4@Uy5aU&<>9`&S7}_=Nk*+N3UKL#T<<2Sxt`VtSN)GfXZL^!Rs`2z@KXm8j z(5ZoDkf3r`06o8PlbN?eF8{Lw9WSM33K_QVcCe!$HDg58^|7m6ud`7-HSVx`-*WIf z;^${7*J>og=n;}0>&U7njw>!G9i_2*){hG82Ar$HfE5k8Z=Q;!{ew4kSI^ge2igq3 zc@z=tDT75IfUA4~sr3ruIjBO)I?TQ7@a6q&)Yu(!xw69hisuQ@HLYkL?U;RgKF~X4 z@3;M<4D@PRS5a(nxU7|?@v`*CW@t$ZP>zh5zABM1ai^b+o%XNZFKqGu$hd$h=ND~Y zY4H1-adUc2s{2Z?>LIaLoq1&(W{$ZLPzTz&diyqgUMXYhz#PCY=3kPgW~T|+Ujvlp ze!25M`qjTCE29Bzj{(R#+Gaik{m)_}`3&HJig*Kj+wDG!-7_tijqzDYAi2!P>v?@r z0N@G0Ih_JVCD&?bH*BgdrF4A0l~LFx6y6&R=vfW%meVajGDnQmg^BZW;eB-QPE1lC zYx7&T?B8#$*xUOi7878~oOGTu|A*|H(t#vB&&H^Vv5o$FLD!c5MH#3tMa@*c!`FZf zW0is)(Idaj(wGqI6<=~s2=m%Mx2xT2f9oUv`48~-|9{#q{&UFxug44l{1_wMIfjD7 za%ZBCF@;~jr+aCraIJ-g~@H5-6p zj7p`hJ^G&q;lKecZbC@tJ_tx5;$d}}vuA%}p;tHu)B#@ZyW4b&lQ-~{<=0^c5*%8? z`Q7&Eua}EMKH6^NTh9Pl9gaYdfts8LL}~x|o=GF%nFv9k8v|EZ2q>ana=sGnj}YYS z-2RzK8DG5XF}Ckf)a}bV<)c0DWWPzqn(+KJpY+oQgh?Ck)!(YhHa|uH9<2o?At>ua zSXol@{0OvTZH@*Xn`} zD`lX2=~`JCEhL-h;5Pzi|5^*=5PX?+Mub6M^#SUl;(sL$ia%FtEkle{?Aw6%fGV)Z zn{^`ryIYoSE7pGFrGkoN+C!D#SU%a8TmsVHRx(l)&sqRHncgaU_t|43mggZWl$SP> zOBendRSGic2IP_&2SIHIKtL~%5HVXSLZ$yqGjI#Q{C$F2m3DXv-z84lARkntWb4(p z6}|KGc09V|umCKxoCztH)ZX6r%XRZ5xSM?*Z*!->HuzWP*p1Fp!*2n4 zz}NzB5Wgu9j(Ntg7sJH54@VyDEk3|iWS(G^Ga)`$)WN@fPH{cQF3*R|X1uzvcIY>>-&uGz+`XOm8vNS@Tsy5;ku zXXghUh^0tdcJYuAPZ$J1nQr>|>8{^7ZaVg3#2i-(d~j(y%<#%_u%*evf&BG9{jul% z4oTPFi_;Jg`d6vP&7CKwxv zadzJY=)wTzmMf54$Uxe6F_!^qN=t#`w@>wx=hN69gWDUadyC=w3gm-98ML}6YQVp_ zNUMU1ia~xQ|2qJ{4AeXAt9=0^^_(QUI{!Ntopp@c$X5OMJHWHL7z~1?P4Krr>->4a zNN8U@i&*IW9uNSn76dm34^>HzXnj4AzBw=&Bzv~t_`txxFhK&VW^W=89UiP=bg3B- zz;=TK#(YFi_5oMG9eNBZ_e56S#FbcOMlM%+@pJ_Mjv_MZ43d13#gp&!a6~#XYihve zR#pka2OZh#TMCJvx4cS$-*C6t8uw&;<YBf7Z*G479eP`Y#b-5XcK;t zDQuj0@0E%D{=xsaKC#X0X1TYZVLP0c93|NK2w5Q?WZE%@j>=-$mF;&0LSDTAmu+)_O`BYf%l8I0EKdN?5EPw zc$Cr&OfD|+HNT41{&8*M#^xq`Qzx#!Iy1YwMyi#BOvtA=E3rzpwnp7sJye)?019OM zE-C3u*T3J-!8R)Q9RM(zQ^oN*`+3pr%RE`hvA8W$l^`mr#|$hHL#c8dh^;wfkQpV5 zP46(@l|>!?t&zK($W^m0-t~c$u+p8T?zXqfTD#b-)Olz6cuphf-{1QJ094+QKq*`m zy@M@3cnHYB$;gkZ9X5U7$F4xg!u{up0$`$x26@0H?*IIGHFpV{o}3pKa@{oN-_Y~l zAI09@|G<82Se~i-|A;z)kEuBPf3Nsb5!t^&(FP~#QN12zK)jHaeE%4qM01ImAtn9a zwY#rQ0+;1ic0jZ&kF{mACNJpOr;IXC@P2|Ic)VD6Rp!sK8QHs`jNi$_9o|xE?wZ~n z0o>P2zyZCKZ3vv~sY<^LQ{z1Y!E%_~n z#r^wvivWz`2foCh2yuS&59(u^r|QSWYbU*9C==^_9}pa@nhLSK#0`HV6(P~pD@DX$ zk4`eO38`JIf{Fa9_~&X-#>=8c1h$}RUBTOchFgBUS1;)&pmUh^v65_oDklY`c5&p> zT6Le-iGEi5dgylhvl_qUdSZ-0(tHjOH>)bKYi+TX9W=v$el7G&`DA{IcK0jNwZ^}S zBFx_NS_A_BSq!n8H^WKc0}0b1fTaCjzc+UJZv*0s28Ylto0E!^KP?J%9WffF-<5Yd z4YM!}b4pv|H9v!0u_|or3Q2{Bx9(J(U!@PFyyyVxlV!*u3VQO>Nt594*A}nrh>ltBbAK4FK>meYiWFP%&UsRfdZ8q`@ z8Hh@~)IrAp;I<4Ek8JApg2R6RCw?hK8eX`LX)h?TgY)sP@NJNoUqWn}WXkJ<=cMGu z-UFjmUEMBux1SfyUyHPd1S|JsxC}@7He}|vcRBm%x6DP^b8aLkGz1^FBs@=>>_mP) z(%}sM_Y(%@0_K3f&*r2FpIv-TN>FrDA1`UdqDZX0cd7P{qQ|M}kJaDI`{EuSqLyN* zaVLHp=Sm|@oxIFjb45>AJ^XBb-1`N=t{Ky>7m;R+gh+K$QTN!8WN)-^xz-8svMr() z(v4n+9-|M-Jd|s^Dc~inXU&}BQ@X#P&(|{wJWxa9YnzE{y%|j#j~A>^(A}n!Flffq z9Rjo?THZCMbfG%jj(M%anRKP_HZWvZwa^?DKj1mBD zzHQF6`?nA(xfdt`5pYd@!*fGowhY#Y+NI|jX9S=+Kg>}@t#U}s)6nY^{vLS44o8$0 zBpJApBq#FEZUC*TsDRJr1E1dLDM7$JBvo!86bal6_)qi2zdF@1ZJ&|g-SF=xh@TC3 zuX!F?`&7kyuZl5wV!PG9|G@5#%wy6A&l@%_r0fvc8eYJ{#;cLo?WJAywX&ZZ%HLie z-$gPVecJmFFVMM!Bo%YLi2w>PhvL?fX_%*MJZ7=h z0_bLm(H#yLn)9)?DWj*1HC_6P9@1Itd0Wx4ZfPU)3pZ8ziF)|_=XN`K3@3Jet^?<4 z<~7TVQH*D-GQX2d&lY1@kH$B7hQX#?S4Sj|e?Br?as#W15&M7~Hmc^%%y?;?9O7Fm z3{FYraXoX`+wll5zd2K!f0mxK9ItF0Yry-Pn74CAFyL3*tw~uQX|P4=QImN~vl+oe zX+*o3^2K+-6-KYVeq}IRn)jmfOvn2jd1a9V!L6p?W7;Rej2R2PF1+Lm>hK{sPMi_+ z>>Vssr;Om44s$sBIPEv5YlfXAm@}yu`ym235b-sT!(roD{fk`E5$d5es_*RAn)gZ) z66Q)AtzUUYwCKhsg9K*lHl(|>W{*BMqTj&p3-6T>h>ifF~=N^v+s4UxYl{q zdAf8qBTl>#dgi%#APflhCH!V?hlF{r_jxNY4#$ki-Qn~U)|J!OmZz6qhA`%euuF;~ z3ya_=c2@3iWs3cKtq`i>n_AcFNL>EFgAxa?&4U)N6yh6a!Q+0_^4*f(JaRcbMu*$+ zHeOxe6q2773GJDA$PWnjc%3V)xm96wDxmWt zIs#%FG_SSVLRW~X`bUzXH;Ejyp#z=W2m8L1w}0Y{@|*yBU%m${7JX~e<6wXz)@WU8 zI-fM4$%Y?|`+_&f-HjbCW_Ts#i?@X$-l1x)jfy0kjWW!z<;E4+f%xblCULT&9xgJL z`*w+fkAL7!85Q@4K%jp!KOvF;1K}c2$A!!R#S5+js6!<>?s1dreu>1c1sdmGyl-*0D|0E2aM|lW3O|{FX!Wo`p*9c01di zf4i53fXMC8T5%Z>_K|HQopsR;U9tY?s<%e@#_FAssRbR${PfbV7mAbBw~?3(Dty^* zRB~m4?DBD}zhv)lk$!R)8(_y_DkA=K$VjBWa{pyjntRO8Bc`ZH7@`J{b$GHJKt*t@ z5XIOv=($yoh#S40u3A6$>;0`snZo&(mFFGTP8bY3Zw92E2?xLX&eyVzi7^g{)Q47z z9FLKyi*Ao64AnJ)61q4mk1tZ}6Bfmla>$vApZbU0#-PZWzf^^#?pK;xY*Q71jmVlf=nF6A0>kN>%DTS}Ug;-r9aJ;+ICjYP|0&;V%Q*l7VdkztM*=|Bb* zSF}Zd*pnTpjyTy0rD*32a>kLK&U7(9h-fgPh_0^D-#Z)!t~B?e6YN=vYarAchRDQp zv*_wI5tMx`#x9j#fZ!)yCK}$VU@=qs7XNEx1QNC&ieHlB6{B{s>>a+6oWoc4%>r2G&QuE39}IxY0d ztkQjU#>_?Gwb=MZM)lkaawgy(bXon^qQmt?fkkiS=fw3VZaX{{FWXM(P`ZafOi!c1 z@!}B8nq(}C&+GWzyJ`8Qxrd*Rh5wisxOdbYP$p#Xhp%bEVlj_}u})H{UPCdaln$Za z+t5x3AAX_THooZMlrS*=ijKjV;V|`wRPHq?yM2ZF9tKDy7*hO9r{d?z_75ByI0}HxgAj-=o^8Us+xlBX94`Gp zB(wb5kT@pRl#QT{v#XuTt8xNX{SONKs8df?Ri`&T5L-&BCsq%-AHU4l;bJ5d^F;?Y zSC{%^M^(%zJ1d%den?!v@#{7U-8l3M^U|dylQc}E58C9AJ)E{DEZw$Wy|)#=yA%BF zZ#a1ZrLu2~N?`-Bw|@lYWdX+#m!wqZyyw8INNL*Tk#{$GGvyZRg758h%^s3i2cNli zpun@eZIW9&WMf|8>Ta@qEmxD*VB?jH^D};}%;QPH zuI-UZSt_p52!$zBZS%(|G@}tGnhBaltT~jpqaE>?4MTS1uUt`gRYU_yqYmFDBjkQtHyeTQ9F7$bxatZ`qJt@?4c1Z=xIyZwn4r4}BR_g`GW#NLLl7 z6IYtdC&KL}g;Wi>pvIp-+@!Gw@aJS@{@Nh)nD2d{$>1%Nb$9?S)=AO7gA1Zv|4bUB z@-K(qf8llvy8g49(wxt`TYtc&BHZt*nBLNfMLga@5*2%dCzk$^_!94hu@G&(mj7nN z-bpj|N@nWQSBlqYtr0bBpMrerygj`s@{NUrxt_8PdZpc%L*J8o75Rk6pKzlxs8D_+ zp0z!nB)L(YzIe@$S-~~+j3HvoDi{@s?aC5HVX&D6Jx>qL88=$+ldrn*jrZDnm^$3| z$Pc}#b}TQ$nrDWeUC-5Tx8S&$g?9VpdDHTy(4=TM7pk<%oF*H+j&KSyC>+=<97o51 zzTRZ|V|=XWJ!npGyk&oTc1S{Iw5~UN)MeyKvNh)@{}fPp3G5GgyUu^wdQs9Jy-6E^ zmuj`+VOC`z6*E41ds4c$O2cY9<Q^FC9R&1Uw!-H(xWueN@W)K2nZkbrgsSIhp^AF-yCYYFasa zvHY1c`6l(R91a4)n~|}xhK?XkA(L9Tz_Sw50}b3j;<`~ZQQ@rsD(j69Pluf8NSXN zL)ZfX5#$~_|E*!N(X^2P&oPlR8S73-AfZl6bp8q?XG+X9WCA7o+i6APfq=BAE>(!L zqayk92(wflGqmnvLser9hr0?z=x@1lQB%0$79(=L4_?0eEc*(F!p}|ofB;_9xJ^zl2 ze0%=SyaWP*>_2s}5D+MR{~d^VaM$%&S9P1P&x!D~{o9<`cbM+l(Xg^BoX&aO=VTE0 zO=m>^8BTg+!~5BW>I~&HVNWcyh3tV^+xagCUNu&?RIWX+xnOe4E_pz!Xmr5_nFZcQ z*t+iS_36ATd|hS2Nk7FSz(b3eo(uP{SpPNvzEe}Wu4i`B)1zSAc4~Y&_y3dZgTInX zIRlZ25U9of@A-fGfdBnh1nmFg>o@)_UW5t-JdoBv=;ra*cq2Ta0yxqn)$N<`5m56$ zI%vmTVm0yPc+fs_U*G=j5L-M_yCK8k_CDm_fR z?XgnlPy&&a+&QN&%&aMdY(kdDTbefKSrH8hAS0v|PDa9prQB{2ah%RQS;)-hof!F4O@97Q zpvUwX$VwnG;?87{b8@W&H&werw+Vz=*XJ&;Xnejr`tQyJKbBYXcvhnG$Cjn*>O|2} z{nd|fvTZ-IDL?m?I>?yy&Hf`y;f*-f%cwLskAhA2NP%$V|0W3Rrh^wU$QS0gg zZ~_P$s%cvmYr+Wnh+MuOWbQl#^teUE#eaHYf5h*#^e8r-)4RGJot9FnuR0t`W*G@59LN_p+nj&o^ErHXgHaev*%8u$$6H|Sn;%{GFf6R zhXqBSH^|+D5m&LMO$pCDG7neHlD@Qpg36x8$B!`2?JSLP{V55bu z4;_b&dEY+5{NWgo^9{kmMwzGrNFQCC?dwwFg zxF%dNA>7)`WJofy7Mqf{`ENVp^`m!u+dp!*OWPnBne%mUq}Mwc{9m$agJ5W6zQnd2 zq6kQCaIQ>cjKQXl&&2VYCcHOvb`-?z%f>NK6^=cjtm`k$fg6N1X-HB2ATSG9sJ1oUrPmLAWJ1pU-!cv);0mUT zV;m)dJ4-OvS48d}(jham=dxABert(z81W8;^#-P@sJQ(;otI^JmCqxzcG-u#TyzPq zAlGfCi1fPR9p3rn?x0=7WdajPp-M_Mh5~~oGw_ey&;VtCu*i$^05LrILi~RxnHWEa z1|VX1!TGm9VwA*VRFjWniCeNWPhNf&kg<4XS!FO%086rs&#FJLG)D`#McceuS6a5} zK}Ln$Kb94JYT(2+hm>tby5@a>#jxGeLZevaHmYv<(&d`(Zi9T2I$G=7N^jAgrgJ;( zY#f&?I{*8lt9l|S#t@7EGmM#OQ=BrKF=eW#t)=*VE+)?a+p<=P?y9Aw9ko5S@j}O1g1>gBNd+8e9sSh)fyAE4DHo3 zD{A8cpXk)OfRudCKs3YD{*f zs)ZTE!U~9YO+Xu4i?87qchL<%Kh^a1a_~7I1>1ASKXzhkIm?6%=PD-YOC0Sb+Ar(N z{UU4)I{+j<(E4&yXvk?Vp^&>%RgR;`<)-osCro(xWN&^C@J_KcMA3*uO;ToZSQ=rp zscO}B%sTYUHvl4o9$VA5dUOyFLo4Q#FWjk?x&NSsUU1QYf z3}}Dej&UIA0xi;~bN9{bm-pRy0rwcg*){rqH>c=&x$V5L>&nll52eRRs^- zULf&>79b1vcs-$g9Sy|k4lzyvbs9wU8%W|Wvnt!5ntTNu;&=JTcm#80kQ-$E_b;pJ z>1{uz5GDnhsEvUAp#uVU97+t29cw|XON-w=GYQmy?jbGpHJ=Af|93>-UtUB_RU3IC zDPJwL1?htveW~TX$-KH>VDkX`-$3H-uajvuVx0SazPNDL(yH~N#9nyuZ*GsV#h@!u zX;oFMHn^1P-;Waqa0CDG(86gO{`dUxi2ucpck_bs|J{U%|6l64S|H${+;BO$ z)|UjxRKPRfcFeT38u*w5AC^LT@_TN_Wp9$~E@3IU&gHbhK3=2+{jj^D^55M@e&>%o z)f4Rm-LeK!=S?3T!+(dL4N1K>#Y0Qb)j|7kMBSz@F%Kks!LyOPCYd%GnDXY{AGox6 z$d~ee;4Fkbtviw*8TjA)`}zKVfX4p=GG_p#Oh z5P#wwyVu5WUc~lPwN+C-JFaXwKo6xkGcxgc|WIRj4bEU>vPW~f4O zeNBC=1}8M*1L>^)`yatb;#|=32?aj{PZMEoXQVQ;2t#L50Dmwb?KOj?desNs5`q|l z_uSkF%?~(#6ug=y{V~~pXkhMsiBeH4=t?EB9S)!{Kw%07h2ig@EA5jknaX>(8Q{d8 zo==LI=$0wTu$ z9jBcoGpH*93bQJEn9c$&XOy2<^=j%sd@gCnR~!&QSq?NIDVlo$Zv${EF4}-p>bA~E z54@BD%KQN7!;J7Y5AR7~QKplvC2nzs^A=y$z&%ogMCH=}@z#eZ`Tu*HMq9p955C^OD+5Tvr z^Qz$`z!K*ZOkgy#P-8uR$DKJ($OcHLj+<5B)^!G?9cBR1gV0z4-otkuP!(IOQ_oAi z-Q>CESx^onv)ypMY7M`#O0-*M`Vu_ix5;vnU^UjQF7RR$;5oDiPOSruPDd?$)usE` zT>ihp8CX~M>&?>kF@7-lb?3b$u31UU*MDVLzZ}kXPWd1fR--!QeS3Nf_3*g$nvX1Y z8gY~^tzZiCJAPyU4v0~$#ic^a{=+oaoPs8}qvfY5xh^h|l20CUYnJBrBQGO8&enT7 zX;;N*f1-k2vF|nl3K`vr7@7fksU95s@Am29xpabjj&^6eT6djhH=UzHODq2p6;4Rc z6W;>$V@Z2=hUBkl-_xEpV3wPWjY z0~8WhaLGfyb&h-=pd~J(<@A?cHvXI&qtx`wD-K2Y+-Xy?_Sxe%KXaUxzDxTuBx-2o z)}3JkswHcy;PdZr+9OTkL}7FIuG9aHIaiT@J2kzaccS;p-q~zUK{Z)UV4ULz$PQY zB9Qgo%R9stqriUnQQJp6`XdG{5$#Y+SsuFF!`N&&auM_=s`VQ4X%{P_ySp3v0R-U~ z{pJ?76ik)wb;y27T(}{3ddoRTnos^&lf}un5lI08mw!5x{e4lks1_?!vpmcE5fK1c z$rlP~n%{h4)A2y4SPYRB1Mz20UEM_9=tvoHz5iR}o!QG=Z*)JBXrPizL3>|nYkT_D zSZ64O!?9{2sL^s1QTVjgY?dm>Edy}-vFvNHr;9N~!an-#>8Q;oDF5~ooPJ_rr~-&9 z1F^*cfEQx>h{JhHaToY-D?vSX*0aN$0YPH=dZW$)0M2?%pd(4-w`oUkb3?ydady~dA6H~l1jewDxMy+Cg@l`m(PS=L>gX|iHIdht zdjrXdePsR^t#E)_iv90c*_}po**&}*9Jr@j2YL?X2Si#csHX{`ZW#5i?;-F={&ZVU zSq~~w`6HD9xm0L!3^A-yC~dKGOe~p#Q3xXNN*SrR!F>BS6lQi0_v>BKpdULh!i=Qu6Rb(8(n!ZGGg(Jg5?_j{)j+&)ti{ygF+ty zq(+32oODzqjsHZizI}3C_~!dpbSa(jpJIg85hVb?CtbFRTF!SL^`^4-(prCWkHs10F@2ORVb~Zk-vLg`(;%Q~bt!j`9K>aX ztDj|sZtKLLoFQA>NKjlvdR!lm13=!qMiSTx0RFj57FX3?jrH^lXv&yn^}d{kr2pt7 z@E(a*?}8WY-p1aG%_Q%;RgM#ShzTL=(C0i5!lAk zsp83J`$Z%Djb}}N#BcT2+q<(2ku+{#UMCN|TYSd&Q^%D7?Glht-j?ODom&CqZ#!F< zq;?RP5U=6ZOe%ml);lh(aJsRZ8>S0~_n>8Da`jHlu3M`Gd&g)``ZMWftwjl6dj)qEY7(W=0|$Huzrf`TU1d+kqH##x`kg_kOi6Dk>~I zfCXW)okWyWzrJ?og{F%Ee zrG9Nr_!%$@U9%12Y1myBPtSm|2;c^iTyq?2WTZYBk@rI+S9*o|QU#L;cD;1|0mbKJ z1jGqH&cl?d0R7vRAJdT(5GYOi6wj|^C=3&7ei!C#sH(F`uTVE8Vg#UEDIf$8ng6qN z>wq`t0+(u(2*PlT5IQk!ZK^(cJGZ8oG~;gt4GUK#0^h776hZjBoz?9u2z2vp_6#3y zk2n7MlJ{L6RoQ4}Yl@J^>Ff4#D(a?YY`umHuBdTU?EE95k^bU+ zc~>6;vz0o6|Hq}LpDEVUnE!YI;y2a{&*3@TCZqiSOvyz?F+aU|k;@g4E5U8+M-+TE zub*&M?ASh#-7w!kM^fiH15oVzGa+BQ$QD{znblZd5>FQ_dAbGSamC_pnB)fP;vlNI z*dr`UD5E6fp%fF(E{H?=ef-XPwWAT-^KC1i_&^kV~Uo?F=r(E+|D zxPgdxM>@T^;o{9C#7Hbo*~X}gj&S-qpYXzT2`_)Hs_y_1T>l{^=E$nz;>->TOwR|h zxxCB!{9x9Rwi{3>r=GPZa8<8F! z^DXa{k>%r`9e4QV6MO=MH5VD;{X(but}az2f#`CNQ8L#rq%Bh?g->2zG<%+j(7UyRP`Qk-G&9Sl)q(4I-ub23BJ(g~``ggVT^w?Wu2C;w;DD&yVD;emy1{tlR^OH^3v`hK=xw@?f!&uS zF$kZ)JmPDE_i2-H*Bdf7l?lQEv?3zrjd5NN^(xm2%o}^z2`}D9g_3pLD8WvNa^CcQ zl}=NQKB^b(ILU?J_nhj`T#=5kUMS=_m^a4?xheD%9k{)?(8uz!;Xd!C(@iaU2KPik zdHGc&1%e%Q@@EOJV0Y>P0y(%co>9Mrrw+I*)zqS`HOBvtUzk{Y?-E&CFNzcV-D)TQ zSSN!msaQZ411FPh_8)u~m?#|5gw^q~RCF@GCO& zpSY?}%t8`~s@cUU#lm{Y&G!R}3P+sBohI*%MrT0}4oQxP(?*&3Y)4oNE*J5#c1Nv$ zmzq{9XkdDpz3aa-g}mv>@@Y%Cg-Eg{qfEE&U8Rn1mO2 z0cqu_pa=i<)SY48j2$98IDZy>LZkrWUIjZaO$48%4yp-emkGe8Rpnv@MM!En>@|(_ z=c6>TsuW?X4adMO(Vps(d@YgVny1P#X;1NG(gxdMCDA8tKZTbWAv;jY$2eZQ@EP|} zf_oO}Do1p&+7dNLsxvR#Lbm5yTfIx!vcaEi^b~ux8gkr(HrM$Yju6@!z1j@r5E_qH zyP)1(rjb5l8xXfjb?@e#vl4(j&)QAq~dqu9AK6r75~LV>|}=WhA6o^Kqjif3;#RC!xg@nVH-r<9K9 zGC)W7Fkq<~g|-~wTpkQ|=NuNYA!zPd6vn+l)YPb*GBhGB)cO<}h;e8^SW?UOTFOng z%ue-$uy7b}AJC+fI48EICm6lBuwrR==&Y!H@hSp*G(vLY@tEH1+5YlXHjF?Hm0sEF zA?KnQyLDFU_)ewzvkN_=dpHR&Lz*kE6F1-xADw!%z!<0?uPTjEFFlOXQbI!9&zHGQ z4?iEj&$tSPyh9d2D~%9AvrMW&Kqj;8Pga0zyyy;s)*f=EdE=#LF6ZlahaSWfgqm)X z!e2iHx}*>`9=!Y!b0&jCw}D27R;)7M-(ZCYd7dXXvM^7IiaG#IUYm1vO4fz!=dd-f zM2b#tXek1M0Z0T+2C!*ftJ!RABRzgKK$KhLq$ft1`&-1P!#uZ~gg(=lIM!+0_^xh~ zEzFU|O4#n|@Msx+KswvQ5<&dz420M+!{fIGAhzU1f`*K;NuZu~_FdLUi|1ibtkm1O zOj^el$>SoQN238_+h5gl73>N0)2Spmj9BQsS>HWwx-9k9NOArYp2a4_U9hY1FpG_0 zXWUX(m``aw{3$+q*3Lu8?Kcxr9ao-?-fcM?Q(4`mqUZw8z(@P^{vqbs@mdc1u&H`6 zliixJ!}%2wUIs(Ugt1J$Tg;SFd>E&P;9sL2;q&WyOlEWK;&b%T4-y%_Uq&S*$KHF} zhXF%FW;yz4W-JTy<|M}^c`(I`-a?pv90l6D`6fmjyEOa>D*Wt4kCYE*uhTGB_0ooq z&VO!M9<2NlW;>}@PkRgB@ad5tV&S9ojrjQZZ4%_(+t!mosIz1nK7Mf|y24K>Bf(EO zuiM#%+EbtXmS;CLdh)n#0r8e$k>?^Ha*g$ggfGrTg`!c2&P}z#?6Y4#^OJSWn%Opb z+TcvAr!E<6v}jc5y~y_^+e=M4E;d9c578L1IKn7+`<1s$UNt*$1*MRrNKA|Hamhpj z%?{fOq%r^fYTLj_0`OH6NQs-9>N#70xpU-&Wy$t4&ftr7A0S3`v{>Y$m_YG&_wiIqPnpH(|91S5D&%pMRnB#!lUE-T=T54D zNpzy4Ahw&Rd*DXDhT`A&I0|elBc_M5p}g}pY!YouaYSmB%Jr9!Gt~?2*G3a94J@p+p$pg zZcVC!vD8nPv0jq_cF5+FN|?=}S!1p_1({ZwIsjL~G#iKFEig`+M0<4WEEwk0yceyp z7>UL2%It$T$BQCqQfW~mp@9(m$x4q1SkOUMlm5sLSUZBx7qodA1O!xgf_;OwUD_4m zhTE^l{xRQUv_`G$+u6R1cU1Nw&B#w1qkJL^xeT_-qnxi4h$b^HT2p$zs>bcuQ(qnQ z!Xke5ZV$#4bUjjCZfdY1+ux6<2Y`^DWFWGLdE&R1Dt~ug;G*mrXB7yly?2vz&f|)q zSk*atn?hkp+Z_b1_2Sa%)&uiR|Kjl{s$M`O=$yao=ol$4R=Mi~O;>y|8ve|B?O-;W z>FN&>P9Y`j>rV&i4dZT=6-6GPy)7p+&H8(HIvcH~(lKeKpq@@_D~WB>;@1k>keXU2 z?t*>@g7VcWlZu_Qz-)%Ih|}>h{RNxQjh$42$6lV^Y?{^5u^LX_?Gd?_cc;u10rf2w z+d}{bu;AkHj}Rtewr#IzA%$*B@n! zm?niUR-;?K;vh+G^yIT!>(SpKgND$!qD2GK^}>6zfuvD(jhW^~5R3RL2L-@n&b}AN z%gCIxNx{l?A`f(y0usB|)dw%SLmXNSCCnKh7^@kE990ko1uM@OWov@5G*F6cI6wgT zb%A@lX5544l({G%d5>&rJP=!zJf?Jqz_QS=gcl_z=XmQEwSMllv1p78k~l3if!%tv z`J++vW#P^5h9RDY{?w4}k>sY@QEy2KA8s+0QLdCxQF+sPC|!4c<1$6SHs zZn5xI6D7obzS{^gSfhmUXoCc|-ZCDma|*NjKKZz{o#6EAf~Ewk*`0jHAWNgLIH~cA znqJ*okiX%|TiS4bBH~PdaU3<2huJ)p!b9t>D7m`F|3T#)nQm9996?IjI`;bdR}Zy@ z;Vj2DN}>HxjuiHJ-j-zoto*zN25W*D0~}CR@0+2119fQ0?`!o2=YJxz0We=^3&~a_olk;lu;~0Ema6< zNbXFV*bYkrrgNi9@;1+jqbJ`8t}{|2&!N;zn%=dPe$Qs}5|?-Q4L!e%Csm4(C)@rW zh4bL{*64;1jm?Dh=%tKR{-CG%5vV#$dCucLzvw)QveEE~em?lzlH_KNA-mT(#)AF& zcJh+sMNuIqjKI6B8&&)s>L=76;hJ0ql>!?hii0PPk)*q zRT065M#<;viw$L7Hb_n{aEqwE*C4T*Anmn+ztz9`zKc@FAAP@RV&+WN0!PyKUv#i0DXziS07 zETJFS8vh7zjw;?pRf8>%_0IE3hz7Hzi_fSeaFldXoVYC{5-7@vfk@qure;x?pnN#;Py&{_A7;R?2 z|MaWZMBytzSl~ONa>v&JXkIib&08-7-?jyIg{`n1cZdnwE900MP*is`)0lnS99u6d~x({1v29m_KkD?WdJ>+RS|(0gz?O4K$7`?glyq#=A5neYRQ*>0;yo1w9282Kl?rjq#SQ~csgyj->N`f@I3 z-$Uf*Ic0ZyW#1PS4-7{Z)g#BF4gWOxJ4z`FWwY{1EB2MXOmA$liA7?gynCv#hf*d& zO z9`d|g3z>oGH#8IZvS?%Q@=aZd`qBLWA=Ky|B{LI`2piot78962hf ze_EE7-)yT5FQk5%7`#*y{@Bf5zrlaXwf4O;*}_)+a|wol7Mtd-1?n*VuO~GI<>|JL zS)TfBFYz>&pVpbt;*2hD&v4?LXsKpVUl#owrh};Bgx8it<7kXAKQHs*Q&O@Er;@~- zY{vovQ1rUnJxdS%+C4!VU#;no!0r<6sVgj3ddQZ#4F<9AVrGc=HF26LTj5O!1y;JF z-_d&)n5k@^wfZb42^fKiqiLtjt(X!)##YS3aLKuUHzLxk6oncQf=QI5hk@WDJ$m5gwsg$QdgKYcyVCJE>u=$ z!(f2aD3pO}aR%6AzE7dt?Vx0K_gQ8;Q`gcy-Td7iD*tP*G9^FTbTbL{P-1#WQAAus zT-zNS*2gtXB*4GoX;>7!_2$piTK5FOcmYLTRs)CdSP^9XBsnYtH4nF#$ zXJ6H4u3IGJkg99lRGQz%e}4a~>LBe}lh)W9&wxKdQd_%4s=@4sX=5_GL#cCkvUXWO zH!fA)Ub(ZBCJVS(^nbbD*>(LpyB^v74#uCjRIGAUY+0OGqhjew9u@US_w7#(REA}- z#-mjMEVWjZK#F{HD$Vkz#Gz82T9^H?Q}>Iqe>8VXk5*|a={Qf7xam_7K&DoEvr+X` zKcB>fh!t?9lf9tsAZf0>koCRR+<5IR)h!)^7bPwq5AJ{{oQUeiaoU;pQFGLK2+M-v zq>RRQV`BMhOsIilj7*6&DGpO$V%Zp-#Lz&M;==970KXJZhZm zcgxR+>N&eye6BS=0F-0VPqt$R%aortm1i2bP%Zc2=tSR~Q+OM~08YfGADYQB!FWi0 zcjr^kZ)$p)?K3H#T4AAy)#r#OYGR*>xkGk{_LbKk?%L`uetTa7jZHOl+Kt@}BF^De z!dD`um+f=r%vq~(FDO*b4!ucAc*bX@)a}AQe&$i7?k*4>+%!wIUYC+1h$CxBY@*bM=%oZeh7)Aj^h6k-Fq7HrqL63X3 zX`xGP#-yaZdi1M@JX#*n{QiVd0NRPxptSY&lSlFoRD3=ijP&-Pwu6ySKE;6Hr#A!cs`Xo@%+5} zL)eHC^Wb*`db#A~-|}qodutphu4~orCcT9T8nSDhQ;r1j)x|W^Ei@%f@+pJxHl<49 zEje6Ej%uW|8T?PIP9z+DIXz9;+J1-}Fff+9?J3pYS~YB8JC$W5%%p#Y=beM#m$|}y zS)}sqhUwtDbVj>xdz<(`9OH~UHlHOAx&73$)65kBQOrzu?+~=cgB+DMRuN#{H0bTQ ztK}WCCHe{8?79@{SFkj^6DUu#``%xYlky;Fz>&CydLUQXRc@yV1&e3X@F{oqXDe#* za?`^p*{}Y>wH{{0{_0QcaGMRslw)=CZXzZK`yeS%(lmo!ucfMjIFP>WaS!7cmM9O* zeO8&KkgQ9sDT#)KG_AXSEojH5RMHcm-PO}Ju4rKh;rtD4N4R9hrms7exdB+>BF6Rd zVL#1^!tXV>A(q5o(g4?Zf$S1bg4{ulfx9aKPn6o|nTnf20KTk=lrFLYr^G^me@bJv ziw+l3BMSCDAyMP?&Gc&T7rH6a7q%zeX3upP3%`!*4vl8Mlx?;z^}xd-PJC-lZlMvY zL2VJ27>v5=kv0*@9-v=7@@pYQ=8dF(z!M_hw;`EO&o|zh!r;y*!wPW65jM`Deb$XT zis6{^PN#CjW`>UD@ry?fM#+O3YRfetP$^x$(R655GAdrO48zxnzu*Vz-BqRL>-1}K z=Xqi;Ez)4^bu40lx_ZvLR1adJweE!hMW04yGt4S!k7N65@u!cU;0*uhg;(AY5)=YQl~kL53F5q=@8V8885N$N6B-I!mpGPV{vx!1SeW_ zLD!msFUGMd_kKo>Ck>S6@g3;3h~1%I-u!6q7hjUDMz( zSF&h;p)R8NP)2j0pumX1kA{~oE@7ZFBx3SJakK|Nw!miWS7+rieR99FiKZTIz(F&c zJ@<1TH7V=lsVO(iUkmQ1O&VpbOk}^Ivca3+f}nYuM!ht$`~|J1jzHD)qXx`M6Q3bn zQdQlkPK7kCwX9_7=c#cs^+$X}#IKJSz`1-NOM16a{E7eCC@<<}AIar_josk-r|O9^ z%Lf%ly$LN`e60Z;p_a2EOH1<4lZEq*L*H&f{F7LRW+mS?_rd|`U~$*zVPek7w^u}SYQ@&X#?2hIU#Dl7swav@u37o+VZ~n;m-BA>yx<>s`U=B1qNl9* z#|!T&yEcu{vwY98i1<)yE)?>n^h%8)CeykA@o6SLGHNQDrdOBz*X_Td1Qw&|%3Isa zy3;MWbb^p*iVOaHm8dsUnHzcq3`Ho`Ct96>*La^E?l`PvMA{^%zw57l7R9ML&4D|= z^ay-UPFFSdlZ#GjF_vNm(taA;ppAa`6@~eO;okXc$Mvk~u+?ts)R;N1hQZ>2!xu7#MZDn>|i# z>aRkWSNa9k^S8&Gx3f!1SPK-&ZDy56I91A!iRvq}{TwDc$uT{t5}yaw+I@_0071 zSDikG$WnCCf1Ov^U${*C5jVQT#MoJWH8s3%r)x?ovMnss5)ec1RO-IfP>NNUfloRW zn2#Gb^w6x2Smtd#532}ovz7)is)HBfs?Qu#CJ;?C)*q}0>^0FmdQ2+ICwzTWfxKrX zq-B{~pC|ljYVLSWa(?B*M1iHg`ovZ)fX}q@lUJb2Z?%tiUgNmJZb_HEM%H!M@U-dZ zyKS|tcCd<@&|K9nLY7gdRkqJNnUNM?{t^UBV zm2~Hy4Sh-Hpa+2mE86oFG78kE+5F`TOg?G^wJ!lLHAIo|&Tf8Bi)PetN)t}0687B@ z-fdYYf6FS)tp1ry;FV?2W6e{)rRs6RFZf*%KcwbkDfqo+9AUMi<(}uLZWjq@-FRC1 zi|}nXh=?=TdbP^73JSsG$e%E+bTsa@=tT;wUDh{+o*wz0eNWkXYc*u!>sys1=;qM9 zUu1Os5^i(Tf(hM9^plw4ACy^A+D?VzwyXw80L#JDCW%yR)2($*->mj!txM#lT;FB# ztwRR}udIPVN-;g_GEEv~Vq(M?IOk})2mmiVP zJWIw#Yz!RxxbM&G)5!W$oLpYaT2I&1E4$sV-A@&MS)gJME`aP9F0P(|AA%=8!VAy0 z1fS}n8FH&2$G&NKae%X^o^v8vdYP^inHZ+Wsl<^8 z-%X64^!oLKHKOOa3L+G`$#krEStg2M+smIChSNk12Py4)2%JMk;9@>~op)?&%6+sJK7g8VUC2W*U zo-T@9c{;74uGiY&{dm-RYB0I;9mN8Jcb{a*j7ia$8Mo=a-7SpVFj15JB{Cz1V=@mm zD%$1go~t(zvM_zB*M&vSMxq^5q1u!2(U!*qVL9SbUxStO=BU;s=zohRC0KAw z7b#*CrmSu$MdP1n`C{eVprYR9VtcpEC#R%1%n6mC1OHTlggUQI>jenReaAl)M2&Gh z7OdH;*d|&_;!qE+_CY`y%nXtJEL6*tn?i$*o_2^#C?M{Oh}KXxfsRJQ4hwb>Szaom z?xm4L5sDWuAE2zJWSbUm&>zGXSrjfF$hjn^^pDI})8Gp$P=tS-E-tbU9;JGpOqzY!T@sGbuL$_^M2*-%hb~Nv`4xiuy&l{Xrr%DY z8QoSsVe?1d2q}6=cx^Ps?CeVAc-gxa4E)v=S3}fPEFA}8^ZN`3x~nZhyDN3+@<%gN ztC_F~4Th$k7|eKT^GbW)TgA_H5wCt9b^NHa^QslZ5q6`oNS;%fpbgT?a?^|Q z>_$fkXq^}OnMb6Xzgs%i>;K-Qa3rkS@ag1iSBfI;I!P|tqBigYrUOo13Wl#Z(vN(? z)7PJaDF>$NdAB%1v|kHs-4Kd z1pJ*eCx?FQqyo4A=$`Mqp?mTe zDumze6=CT{iE=_N&`%X&Ob~H7cAGe>7hBKc^kS%kEg0J|U5KyR`cPas?3>G_P}?(W zr3Xb95y$A#Nh_?UU&VTr)nt_8z5IWOI?J%Cp0{n&-6_&YgLF!lARwIr8&D9C?$~q) z0@B?b(%o!8I+d}GH7cC*Ca-}p6s6LunDr|+D!1s;Z8dxc-}ZsjFzV>QgWj5TAWf~0Da2~buVx^vtC>glYPP_-Fy zfe0ImCd&AU@f9VU$bs;~y3kyg-%|OH(lGcni}KXD4>mm69TiZF81TVse4;SDj!EqVxFr8KQcEpxUJ31Rq9QsOHA^`-P59hS-|{m; z)W)G|ZsIr9mjl3ckw*YQ*hj4U1L7b;s?2}_a9$~AXd5AiZ$9WqWa)6f(nTh2{)V^| z`3Dh$v*;r#Z9%&UL2Fr=(tFuYA=Hd{r=$?iio8bDezo9g)D{QCa3T-tqa~78Ig+Mn zHo@=Yu@gk>n%7ZaiqpcrQ#6JzudQ3LA;a7OAZLSb;`8Kb=CVq`OoGGj9;C@y%j-Y4 zS=)UA5o72$Z_`QsF~W-}42S!TVQu;8Hwbz1t#;Rz-YL^!{%0>?-DW@M>k`?J{>j`W zeF|g)c%E;6_Q!wO@JjLiu*x!ph1B_;62mD|{zcnC@!9cfO{WxNZ{WtqggiU7q=}8N zx#qhlkt2r*jLi|_$6D~LYR;xNu+e}I@Z-EwFZyKwA|hl~mCS|1fWPrS@wr|PJ<^s~ zL_j(!*3=U^%(XE!@bKRVOx6fB&iU*AS~MpmutK;xL_T-=&8bv-&elij7FG*9=|EIP zTp{HUWWuUwl&M;zE(~e%@*aUxrvXDp%ho;OB$xHNrrYWV?3a22{?gyX0+%#_EDSH+p-2SrY|0h z&-7&(7bd7LIk$$BR&P61Lb;-~M;#awL)g4rnNH?s}T_v{CYvDkm;`ZY{k?O^(t z^^Us$kE^s2cKnv&Vt@$e{wsLmezmxusD%0lq1j-7HVe4w)zKTn+n>mO2mAYH`}uj& zjrYx`{p4aHZ?0{(hqH(OJUyl+n7y8E{|nw`>Y0W}wCj44uhw9vX77k-4+Ov>R5jT%V$B_=8&!tYh%X( zY$P}kEH5hi-d}C2_Z#7nHbMdVB&PY!RP;*nv0Jw5F%hQU-8h{%nr6|piBcxHeFnp^ zPxk{Y0!_ylqT`g~Wq9#}Xq2?B^FzAdQ4*)nQI|wLE!W)MwqQ?i^}?FIh_asccc);{ z8fedh%jLKmYUp<#34><8i~J|Lr?sqs^w(#7#D3y5*bd*@dG9c=iQr>Y@%p_ADLrYWA6b1hO{PF(WTy2|GC1@CLl_<(zT z5gQL~wob!X#;)~<@U*D9Go{aaC+>i@p5n*C+RvZ%5njYkCW{%Z9Bkzs5J0qXjLw#x zGM+?x>P;VXSOe)-y{590PZ`1*yKqD5jT|Qsr4>BU)p9ok74_-ZhlyU=gap`fQ(4+1 z0Pt{9VH~@XdB|nGkACCeUzbHi;vPhcc>Jrtn$CffKp9?c!B(dq%vF828|hq&)Jw z=|vfv8q}ooCul9F5kFk(MplT^m|cFLOpT(peLOx>gv4fdl`MG3e)+CVH%MAOJSvbg zLEjrjM}2=Lv6VpmvVasx;JVE7Vak1b;`~GHTD(6XX$DCE3n0E!%vH;-Q2`V-3b)R1B>Bs)C=V%&2pmwTCNOMAwYNuVeZ zw7rU3=5M>J0ueCj<0Ml1HTU^Ig0J=A;#{;Jv(cn|Qu03cVpq^7AL~rS0Q?8FIlz9v z$=|!jG)khwV>fg2>~cIF)A4j`iXv`g1eD$-JdQH0U2aVzvI;Rt-Nk^dCUjDqMKjx zp?S^iD{EXaH97jKpl0*#v7xD`_t&A5o#Z|LYt8y z77euX51KnR{y4>~m~Ta07i1Rq&O-8ko#NdGr7ubx?)u$x9wBlwHrPOE{QTxSVsVc| z5f-U<{hWyV5AIKX2s%tyoBF?n$#~3-D%IV4#8xWjMs0j(3u*4cJ=Z_?!li(t}-Gjt#@*lETE|Ap8f|m4=q&of4KHfXuqG@F-oA*((58< zmiWts;!50enJ;~FV$-x-6C}dUdBJ5dZdhmo*N1}L6Sdmj)#ibETm(jeY>E?+tW_R% zz73_#6k!C}NuK^x9#DSV09+meKb*hM*#ljTwz8>kJOaCmwZ$EP`Wh)Z49Ym83-CM}iMOvOhj?2eI zQsjFZO@wkRgIAS(X9znkYhF6j5uIMnymfIK_Jr|Ca3mRoV(GZ{RZ@elQ@dn@rBh|} zf0`OV;lr$H*{JziN2P^nG@IFia%*?4AScR*TUEl20nTkcvM=*g_F5b4$DTMMen8V5 zcTW7?y~9i>b$NK{D=#ebVc`LF3spjy@=D{6QyNx+TG>E zl;Z(eHmF9Yo-ewqOC4?F+ zVj*ASxq1 z-(|F{nw-sS?9ngk;@k7L-FLv3bT!k#{% zOlX+HR7aaxp7VzvI84fMo?@uoT9$9pftJ1*qT`ICYEnho%Xf(yTZ$j4;O$ax;xRw_ zdd!eFC)+*352G`WfL!I0sh43tlX}`%ZAZG5`)m z+FaT4lmGW!$F(4MLQ*d-Yv1xssswg8l+hHVp8?U1BKIw8g|BgP;dmC|45fEaG$FThBbfY{6^~dO%%N7rRM9pGKX= ztmw+S8?5qu_wbEh;gyKb*z>4=EWRN>8jCqU%KD4&E`fTB|CW18aHI5hIFXz2SLX!G zw#ZZj-gRVqmTe?N!1h6x^>G^MqBXrt@`F0(kyL}$`CoYSLu2EYuD+e-} zqYAsl`FRXlEe7Rq$W+I&ogf~6-alT0WIIx2O(C$We)+OJtEhH#G1gaWdF=pecesz# zhdUd{Fc?J28qs=mkZ3S|$>GO0FZLZ{4(sfJ(mJRaoanxV931Uip=yTkslvubBDi=@ zn8oib-7k(oibJb;CmPlJ36~ucvD-)DFqN7n=c_|2fs}{{%@L`wVKrTRmi!>ur9Me)(V)W;h`6uf%bC zu*9$`Tnpq?$K`KWOHb!{daUCRP8)vuTi;XZ;z_(Nsp}SdUGgp&^f3MI{fN$j-^8WH zpUSy!-se@y@M@K|xdb{$lC*W>!URZy5teuZ6L%}+5Go&NRyPxJs zhOHRbEXtY>t@>7@83p&^vVv&T(46ist@|!mj#a}=Ql7=|QE<3?5omAY+ zNnX%F4zE*hY#U*4ms&7;P>+U$twT-ql1{K#L-c;^6WMBCCcOi}gLb!;o}c-~jBze! z(;XPi{G=j`yGX2ZlwIqxe`FZ%UMl;~Wk(|VdAfFxBV`Y!T-%e2(KI`0f`7N}FnNVR zyyus3_$|aU94j36m>nT5m6~(>?ZJt8sLrI|DZw)Igi}7EL4fXp;^5IfYqeHEX|#>z z!G(-UsQ+C8n0$1~lIVDvhd591yy)=un% zAjTse>@@D`#+#Wi5wq(69kRHf%bS3ad zl=GYRNz83zbEs$<$V0~NmJ2e&3KditOS4b)ZP}B)E#}Hq|ncKYec4RXg>3+*$+e676!YcBGT$ z=_Yqr?+`O8>+qeG%-_egHNq%;wigxC+IIQINdqHtRN*ZJvP3q8c~0e;a2L9aZhk?>!foF}Owfnb zO3Ey)PbbD^+q`eaAU+vZQzRaPvTVEZ6T;XYq*NQ3)1_`J6C5AUWNUf?4 z3g+}itZ}+_?<5pJQ(LE4qdfy{Az zX^hrT&kj3>PRXAugs$Np%Xoa;0(M{sFG?c3Rh&(X#y)$#iw(Js_QpQ~mw zXm`D8T&e0!vK`elu=FnHQuG*CP#`oNzS){_Uxchv22XJAonaofK}l#LeHRfVQhYpG zy(}6@Eg_Q)`mIo@7pKWU!;IeHzpSy-v}$7aYoHw)U{ss8-|lj`&~uBf0p-&DY6Apy zR)QpbbBnbxH0Znt%e3DF%nvM=fC5x!ocU$E&*-M>qwv1wiTZ&O=Jj3U$*Ym*L3(c@z?T$ z%J6Hx{Kj>dn(hpB6JY11u_;2~=F7+xwy89eYHzPEpMw8xnXbI}N1wm$;J|Dk=iF(^ zo~GPgyesq5N7w8~Z~HQ=)fPn*)v|Njg)TPi2g~6BY>4C42la}PAkTuN1uD;ni{k{I z(UVO1Ex*I-37*C~_n~$f@s*3V&9mfUuvxz5tQv`W)Kub~a@Swl`aAWnb)9}!6~8#s2Oyhs)jN^Wj%>oj=R$ zubh6;&v{V^{=GO=jviMLKF<1@)>#*~ATGCmMJ1qsspoeFg(RX+!#6e*SOU%5iL2&a zVRijkmabj#>_yPxVQB|8)gnpx3BOdjbyJ(KPN{W!BiZj+y!R)z85PhIp6(UMk7lKD zJKP=&14H!BBNPQqy5ijg4D1Mt*L%f4Z7}SYfO#)x9CrNv?tyrl6j0Dn5a!o-z)T47;jYRD~(!PniCEO{;wknZ=&pMNo`lEW{r&@6kIip~sK$PcS>O zo0ZtD_A%^<2fZk)ci-!vAkQ(0oaGd&kaHTH=AQ&9l)9X3aPBLoRbmOUdDuG+He8&} zt3L6=Z=%<9GBfRT3w`QUiF7dY~MtUmICy{+f_euB3ZdIp@rr8Lat-d0g z){T%Yk0NujNjm%-k>&vyDsTV0&*_0e;E<(A^8Eztm6|2W`<-nP+Tg8!X(W2OKkw|p z{*eJp%6XnXf73it+nOX;`5UQU{JP~&wmXx|?&67UBgF z_N9a7ONojczSy+;5{dsIvJ^s9-yN~*oY!k1TyKy*vulo@vhqGCG z8Jdm!f`b612>Z_aEgP}r6ZbnS45?19J>uGu#f}om_Qf8w5G(E!Zg6#Of5S3+#YqnJj-l4F3C* zaY;v;5j0V>L@l14GvJ2#z_chwJic^XbQx=7^H@otce)AhjM@_D-323QeBx`$8g6{qy}t|fm@j4MsckXIp_GVU#Me4o2|xpQ9%MST^uM^rIs+6EuE zIQxncbQm&c&j@lI))D&cVaun8oc`bcJzCpK{=lvfK?AAK;tiaw8znGC9i8R^yhmd%jI%PyOSs|Y4kwz6dP;N^$J{#?hoTtDrV=%L-XENa z*@kcCJ5EsIbxNvAG+|IdrN`Qp5(!^|zv&CX!k+u=Zo zN<|qteqtopk1xH*BrXX^*$Z}=A}Kz>E}xp@ys9hF42fhquZWk5W5EKMm#1u6RJBV| zr5@5n+1}x_xyvYC_HEdwYD<6|bxE$S+6}Kfks{qYBvWFkLE*%p)9&_t|MrXOq6Bma zSDcCYbA!)qpAF^)Ehvt)1@FgEca_8sLv+QjjgS=3XhZ%*=)b|eU|(e0;-2r96ieHRACyPNx zEfvXl2(ud7-Oe4o&AH)imHM~b;s_1&e=fC3Sz8HX4&sdWGmfu*^BG3F;Lj5xHV|+h zjE8rQdnE?B<|O1lyW_422e#2wEjR@XJ7!J|0_qAK;jDd;b;m8$DlN4d^r&rjuhzFzpP1Su|4TzQRr=$^G$}M&b(2H z=`tb*8@z1$8=8F&6IDsIdGY4Mqh?Ngj732-1~Io;N%_q^u7eh$`{jvOj0=C3QFb+vbfVW$-k|yLrS`8a^zXW*IDS95-&mSc+!=d+X7)>%>{P;+ zHmG>!opy(_vH^30NR#47GH{lIC&!T__mgl_wEpg@nVxcx+`tq;CrQ2_%@N}w}W3tPBYk0)q-ak{ZNqQmKWzxvY=eIafys1PAnC~$;1H^_Q z3pk8X5{Z7>E4WOgBbn6OjX6DK_SZ8LX@w$c+uQfM_`g*5S_8c{h(Xh+V$r+i$nc6v zi04jgvF{vza+bi{UYueF9r`M->589cf=*$J94wIqnma{tg0%Ds|DZ$su7gdS9_DhS zA(#1}FIXjqQljEGCZ7qV?e7~T`nhXjZP%jRN73=C+()}bvt}OGs)SGD>~NP|JW}^$ z7P~~VqX@?j`DCwa57qV1!m8#_vBVo)=1-akkZ=Y+^=c>cW_+?YOi;%bU$(IYKTsu@ z(g^hiBq}=~9xn~ET*LLB>j?ugHR`f%&FJEQlsH63vA+(2?!1|R6WLn z*R##2X1qZ-AOSu{Dw^HsosV|uvR}KCM4pD>rUq;vK=S;Wz;LuS-J@0F?!#j zve;rT^0Xb+EUC9)&&bw_v2ueRcyH0_?Ok0j&;0mNT0T~WUEFJ|u$u%h9gwv59r+X{XM~#j zim=A#_WOW4CI1T_*4M__^x8*-Lp7X+Z298Chafq;IYs0XHjlar`rP|@ADlBTg}9VI zwZlAaJ3bJ$FI9JH_1nFOe}pWcCRC(Nj0Dfh9LYHly@~esLM%jOcJ&-1+`o~nYTd|8 zM#QapWYb+srbM}L-TC+m?&++%OrkMywZ~sqyx`#cupUV4O8*02Wc_KF2y;Ab{X{nq z@q<+FWblKuB;xmWWQD~E+E=I>StXC(m)psA zFuHNy=nk^3D$*JGosZjtx5mTfPmlN6*mJ@lP)M#}>H~RJ%|Il`gnj3d;?~R{H!-Gq zs?8*-sk+3u%4Nc)e62#fe*~<*HPPtAw=Y3dKN%n}P$n@FJlDM3xPc^?8=Q&F$rc$s z@lZy$b*irqJ3Th@DiQ}SiPxXp%#x4tWh3^jfuME_OaDUfX{)+To*`|sz~7t>MI3JX zHs@O8h1O2eV8XtZi0Z&O1@q9VMy?G@hT73&o)asl&)dF|yj{GcVFmCjT599Ni^TWj z1@03d;kkuGq2)Wq{iTA>)!wducH_^{l3QSb^mCp_TkfqF@+$@DtEVr|(=hwnt4Ujl z!z)e#ZY}4AydmgQ`e#aWBne9T-AbwC>-7+kUsrv(9dyCLsLy$Sg^&PTf15ib1ZAD| z78?`)FTSD$VARJ243r%(8YvRR4P0)EF*17Z!E^TW1l|a1O}^1#{S)(pyjSu?LrXFK z#+d=NhUX!Zgz|}L_}QlWB%LlSVAaVsZb;`0*P0f{;c;`qt~qAL=c-g6%5J4p!R}96Ema z(9)jfK=DZUnW9o(pz^#qFqQ_+ZJ4{Cm@O*i)2aetye$oulx+n}-DK(HEt|LSeC#Y0yf z{xE7e79DjEi1>Ra#yJW)%E)y|lthz2(P;ksgHUj&g2c370mJ@VMpMo%k3nlu{|o8P zE-{MMm0KtQ`=|$cMy^))HPD+nT9_QiWd>hSgxWRb^yW6%cB39BG(b3HRn(p$lX#bl7rG* z{A0WK+ZIIFgZIRCV8wJmb=rD}-(Ej#p{otFE|)RZ8t_Om2MQ-CgfqQJo01d%Qv)}d zwK@+6IyWGq94_$Xu9I%$Gfk{9G1dis(2fvVN9?~Z8Ds#teb|Ib!|eGt%YOzt z(2QS4yu%G%K!R1a6lu0rMXe|{|A)i(02!*!N!!P}kXraA^`qPO%UKEbf0sEnquP>tC9ubMKJNAqIS*civ$kcvGxpP9!jExh z)?{QR+zIt)yp0BX^dptMYS*E>486R{)xO7BfHsQJCghSt6%1YMdPKw zpUsPA`JglN%JH`=w7Bp8iV6hyq0`l;FHZKVE=cN2 zw)4WnVi`ZT7M$}EKA3azQ)`g1KRpg}4(EmI2uu)0dj>1hP^%@~``^Fy={ELnm%SO* zaZ~acOK1 zn`x9A;|OW#S6p0N1{dlqpk?>DfJT5`r&l{SP>c0<#{4V>aUuYNj%LtWG>3D$J7u7K zLm^U&RStfa@{%?r9Pmukn*RW+3+;Z`9sD-12rWC&tUC>xeyf3@<(-$54A5u4yR)T{ z2jxoXs6#N|q!fy@&+u9$X*T8OapbD{B9aFm#I(CHdG5p$?eBNoYg@|LSR(6ckPVGH zE|kvP8`SI3+$*qzPx1hkm$MGelqNV3BpHiij)-6xFHOt}hh**ic`N}t`|7QxW1mI| z9B3~`szoMkL0Y-0byqj$C22^w&FRcG9^1;8MGiYgS#e9;m;|d9kz_0pt6HZ?&6ti# zKX78Xx1agl=n6x-#2><}1oA!`Vqys&X7t^E(Pa;`{-z(CShW0YHnE%Gn`|XY)ua@* z@e`zxo9>^wE3@CMT8FeuT6Rk}l!q98_9yV=Ohz+b!J`)MWFX zQ_Z`=hjxfzv70YUc&r!Ol+>;jMC&fDduF;d&P2KN?Ay%mS+_aw6*f3+%>?T8=L_ zB>WzI?#qM8TDWl>`iGLiXmp;fE}hjf6R|y){T&$;4ey>_{s68>*@Cm zYom$qpnGA!AIbQ~arW&!VJOszjh&qazCMym7=-w7@Zmbs)$Sd{m@{;eJfdpPtx-kA zZNE>g8KG@-t$tl7N%rR(Q1eiNa%q8Kx1ET6`WReT+@P;A?vj=L921ux3Y3!Ik9au7 zeh>T`>JHV)IB}S$5Wq)Y^yollMd#V&=0ggupV__}W>Er-kJU~O0CnS7rO~Yj>x&=- zV|+Sp-o$~0<7sfatPn54%@1?9EWkkA&~|K~V(eqRcFR!ejp z(fo?A0x~BA3=&;~(Ay66anVM(+dLa-PY_$vEs)sHVTp6aNQJ4HE@=b+ESU?i?9nN1 z*%t<01M@G#S@oT%Bpw)`REErxjf#+}@WwZ~gc}jBe@FXni7%+C8TjByW1wQFmXysW zS&U~0550-B){Co2e4T^m`kYtS1?I2Fe`1Gc+t05_EZPDSfPEd&f@Q?ebw7q{(d@b% zvj@6j#HK9;TGf@kq#pKLigA)=BbEa|W_eNDiEgj?td7Y83bFTNlixq>Pza}riV~Sk zQL-G5y=&g45Uac!u43Oqwk87T4BZ}m3ZVgefstg+WB}BfdM+tLj34%Ofy8;E8D)P1 zb^^=Q;nME&@s{uZe^qGcEd1oUa+)~+?v?ww%KJ(WztR7TWs(v?9W$Rc$G4Ki@D-@h zk#MQrn>L{GMJeQiH%F~NazvQ@Ny4Yth$Yd!QAu2P<8A>3teR^o@CyGkB>Wra3TUOE#)#(^ ztAGzQMs>WP=QO2R53Z$76G1sY9KT~(IdIa+0xg^HxXuEj+nz7EdBALFWGsKrjQsT- zZvnWQ_4)ZiYx5I0sBYn?q;I zln?(HnDjh9@l8NwSoY=4oWQSuBp+L@IcP{m;n8Nq6hu1VI+5Q?vS(G882-`W(b8k` zaybk8D}r3Ui$qej06s(ig)if(xGuv)R#}pakKkas^OMHo9cLpmEjuv_8ak(1k-tWW zjyF#k0mdxW{~#K@FLrE6bQBd@ctK4f+Zo^w8ufI2 z1#gAxgjE!YtSkX61X-=zGKq>+=lLBGbKla7jLgOjtO;vqPx@Fj2J~#W6lu z{fl3U$iM3;Sz4q4Ptj*#eU@+{0b7Hu(Lge%xM8X1NiFvuxD6a4;Z&9t<8j+FD!2wY zH|qw+paJWm27Wb!Zo9x^mgPtCYu0f$>UVk8g?aAL;FkpdSm->((2QdjRV7LLDGK4! z`K0iskJGSuEa8RvxemHqKt%-n2t~Mmj~Nr=^nBR=R>53NtaDuKRm(r$#=irmJ&I#W z-~=&WXaQ83;3l0BoD4(_w2EkI07yOI+dDsPz5}9XvH`un2ERe$_g(MTGaGe$gT+F3 zcdK#+pmdEtQmj{u{n|P9yQG}`YC(a`x-mJGlqWz#B~ zKi+8g&KoBpTp z3#(*aRi^{ouK(b;|Jh-rSzk2pc!GZMrSxX?9FJ$6|c@p|Hr35b$`k z(zD%d$Q2Fcr=g~Aa+dr?*y}G<(eJ}mNzL3z(5>`fq-Cn<8(=LpZIfq3y3+kyHT?cK zzN}zE3^y$a=Mo2690{VtN%@Lmfbhax-2Xl z^CP0giN7y33*C0{$!f}96n#}PXKe{A0pRM0I9*fIN=>RMw1QWy145;M4($@H>6)fD z_<@*3ps!v<%A1gtjX1XWS@U4O6#dcQb-1`efuQoze8P)=Tz9GLzu8t$(tdZ;cD70V zq*tVzn)gT`-P6<6G5Vk})69Q86!X=Qh+{|jYDP$%AM-FY?Ryzd%3Ni9M5VJTIyy4p zv|?v$y`s8SN#skNdE*)gD<|-i;cpuu8a#3V&K1`AZ9L+9I;F4`-&Ke)0QzdeIA{z05;f29GRh!8&+l7r z^;Cire0XYobFrc}S1!&!6uPB>v%dZ~Ro6RQ=J4s`n^TtVLMqjtWqq~cyf|v8bB3?+ zao(61{YsbCr0RlX>5Uw~%yZZ2dx=C?a_9V4&Jae+8T^9YO@d(M?bFL7L5FUOZo>}B!EhoXG0=bu<$lAqCc4wv|9T{qOt0O8mbGgrxYd+d{jOR|8+3fMdgN<)*pT ziipdi@*} z!U{+XzrEE{4kxu(!nKprq7sUZ5&3T@zCmedYBGKy>{Oto?f4@UkH81G#DnTg#7 z;ujHYiZmt84lPF2EOz6^v*Z~P@@lNpqc%W=OBnfrTlycS#7bPXyH2t^Q*cgdx6yUJ z_RM1&fY*d=E=`{S+)^1{t4VqoJMj|dA#RrZefzJ+G)ovh#3IX+(TW?<4(d2S$zrz- zeg6NySQB7RUI0N?*Q)m4$F${(e!--62VA@I|Lx}JPNZx#0WT5OgtO|HNA#><;-WVBR#JLb7{qwT z_xu58y~BxY+k3^?R5^pDf$p)KEixhDe+WXp#ZWNb)MUq3O8f2YJV9|v z?^~;!7gl7kZlyLvaxoL0!G`P0gg{*^0r+z8OI+)wid9EYslC^LQVYfA!_f!@24_D=u7Gcg^#@{PlpbZxFqDjkpv?n>Ec|q#fL|{?G7YiC-e!_d6ew zv?BqY2kKxv0wTPXr9d$AdlMyWo7{DC`0nKoGC>u5Htj?&E(D0HyG+<#c5yZXaSYHq!!$+idM)K@P2>Zd+*uD`3}&Q4DD8!hX(jI~E!J+o5w3PT75T zF_=}Ds|3ZI61grZYkB)*_gM6My}t%< zS-^Dd`>-FdHUQ1MeThTrTBgmP!#5m;%{h%v)x^Af9yq>h!uOXNU!U)Sh1N|wW3No@ z1v>ncxTXy5L8o;r^17P)#O{KYUYJ_yG*lZ_dHenJ%W7xT^kJ2PK>vtbhA2ap%g{{| zR5R|?-ztQl2W_Do*Ko_~n{6I@d$m6pH+bp^^%<-UsKDyq-9fLI`cXEu=?5+PhS;+L zias*ID0id9!f%ISqE)vqx1!?xY<+ps-O)qT8xy&F!2Gh92fU4*sN_o|X6ku}jD!7$ zAJtXxD*&P74lV0#u(j&eGOT{+I&a)SOvodURCSDGds5dePM88cVF6xtX)r)r;TaNUn7l1QRx$0|mz|R8U z(~F+?tKp?4!2Y<_2xx|}E?vX@H>{b}bwV(hHQTQitn`4?GbGK;ZqgdM)*djTTPRvsLsVp@3u2NN-gk^h12%U zD3Rql-%+l`3B*i}XGaFqSfOvyQ}%XwDm>TM&{sOzlYy&lsYTZ-ZD(*Ob#rU8>@GT< zH@(n875M{7*p}~L2G^_LnDC$n;-Tbm-Gby<7CISVPd98`NGGu5EA-q5kW-&5i%(0c z;5qB!C^Zt${lPZ)QO@J#SK=JXcj@buPOcoZ^ z`JJ`~O{{eX4v-qh*kz}YxdH%f;{iyIo80rI|2aO;198Q#B`JM94;yr$ym8-MNCDu9blF9b=e`M+YbYe`yli~g;K zpIZF-J$W){?uz`zW(dBJunHE#p|&B}D%sLA@+HKc_4HGkZ1Qc@t|^9FAeLu!%8o`` zL6cRKw`i&QxQ!jP$#8p>ZA6AXmyCGU0((c_2TDU5CEmH2-3I9&JKZ}96}J_jM&^|} zK?sy(7l`Pgv0wrd1+eQ0{qb=khUC-9wNz;JS}x%}7t|y`tEZ?_<;zRmAt2{wwgujc z#{ZHY!~CH>h322)366-Fz>%!eIT0&MN4|`x@4v!^P8M)ev^UOhC9-_Qp=51nXc#)D zS!lE^={86puM(c_37#X$j!~LL)q#v zG_LFbVw~onSLrnRZSaM7hmeP;m0{V?F(R`~&_S!~zTiVANgmzdrF~d7c2DY_IPIP! znOw_hzE(hO1kZ4V`#s=daZ)YBz-H%{L^s_YPCVj#nAdqZTESz3N!*Bld>_2J=idW& zA95zi0B`;s*sy!C+QL=1Ae0d!vuMXC{M)+eynEgmIj8fLfg0bU%(amQOfiV@S}4GF z++c4IZ4C;*8qTROdk${T_lAj>l~)YG*M-(y1%ls%0B=|2b02N&NcbDpcB2Mk3&)pANy{jbn zWo=`Qft|n_SpVYp>{ZbjwGKgx?J=iznPn;FZVU%5PDiu>DU~|XVYa&Lx zv8pR7WRSa#yhE$PS;`i_?%49VhFDD4SsB3yQw40(l+(qHGG*q!3#~V$+qcN|EnuNm z;!8Z>Wby0P5ypKJInKx*elJjnVRRIpt3Yg#<*|Xj0O;)DkkR9b*>tef;!bLd;6{jq zMs3+m_Ij+9u$s}?2-GqZP!mvrRLvRk`mb4j9!lfe$>e20Mcgy^n*i^j0zGxBVMcm7 zAaLa!VyXhpoUl$@mm_)uh#+Hlh0$jk6=0*-#AXaRfCDtDzt{1v?p>VdpO|w)?6)6# zZ}R!bGpVk0=>;t_>3$?EDE8IM@zB3r(!1b53yo>|;aE2Pw&!*LiLBO*wnFV1u)~rh z3Oug}iSK^{*sOAh8nN^pw9OqofpwBalL+w|mjQc<`u?h%5XEQSAaYsQB5Dx_NqQaN zUVc<>2-*-&Hvef;^n@?lcShcGm=If4X$`X0`!$F}#96J4zGC&|11l+qp_*0c%>mOB zBZE!zzf89~;Vk!wNP=RKYIZIXH0<11tk&@1tA_v|A3d>bPH({dZ`kQLV${>1p!9v9 zQ`WoE9<8FaMv)do1_T>(B;-&R5`w?4g>nFCh>YZ3k51CC8N7^v+4WYu>a;OuAErU< zPtIf`w^Z;fZV!Tahz;sweg=&Zp3W9(&t{=ZpvzD_|GPJ=&aMdG_%1QcOQN+EW=7nG z29xO0{wxEknwxTE8v};opsYdc^I5Uj6rn7@oXTd>V2{tp2mo;?*ltzWRUm_!w%~K&6xU9XL72rc_BlFGpnHO?H&TgFH2K65K#(Re1S(vB-NK;1n zI}2*x6>CYEhp+k5Q1{#ku6TU%zeKNk&3N?O8fJ$NzMp68HJdDWcckxC?}T#SkjQ#( zV{7`M_m{^FW(27^;xMI}K!6;s#zMxyi76FNkqPl6pkPIWjk;D^Cp8R*A zxp2;JWbLZ7jA17yp(+0#Rc9F#*S2nLToYUqG`JJoo!}DOHCS+hyAve1JHg%E-6c3Q z65OqE{}y|nd+z=IbfriaRL`}#)|}%VV>|>u9O3}|>XB|U4sdf$^N7b=ytR$kmxh%L zgczBa0CgAmChHHP=zisCfFSleS^%Ca>R&};gAy=uBV56Jj^nO#ZJuF_u9q&BUty);z7WP-Nda&O|q*VaL`;Mw2KGB*`y+2FLv~d zE(hH#s3msQpHx1-{6r@M9@^Q|khcca!rIfmvBB0BP)Ni8X;G@W1^Vw^l+TlK3ee5; zDC5?}LB!S8V@6j3QCTmm-p+w_jIKf%VH5}Ft3@Y*l;}T2y}4rg68GxtHJxwL z%!UCVIOBC@{RX_SJ8T((s*D%a(gMAM>Ql#wXAi-t*r~dl#Z-BEE78&FYhlO%ZaGH`xV6fEf zjiVha#0_H~>~j|mt!=g4+AbL_#4Q#wDU0hthuyaj`H?ga4~8{HPwz)>K4l-~;M-9F zcmQSA$>^KIx&yWOXzMSBv&G6aujN~(s*CrEC}p}8Jp>#`xWO@siZ*oEGiJd)9%1Q# zagH@WRcWc(tCfJqb*eoK^3vwLiXrL=8NF0Ubw&hc2nyjl=3mgM5_f5Waj$0U0=Kky zXp>umkN(CZz^9dQVjiyE2&PX_P#n0LXRKtXcszF0kkP2J8iGh1AJYvc^yoS z7u^qzk7d!}dgNwC;7OaI^21s)0!Fa9A(0UjsjIL*bb)t9;Wa#_Ry@wyGyT1&IrEfz znE$-EYZ~~1xMct0#uGpJGV@*Z0i^=8iaqBwKhbf}7&921@z9yJrB3Y<>>Lkb1)S4N zNUK7xs?Jb}m<=^OI9xLL}4LC5Qe`jKGMmet$RPpT4>df+mpR_S-oa(`|I}z zoE5fhW`bWg^nx-_^ItA8S14mM#RvhixxP$9sfSxk-Mi5MKYUMM8wS9Z%@D zVJaAYbSiO*gyZ2AlJD0+pCaBJkM{(~fzir`WWPYN!gOb_3&bv33a4=)mDE0W>T;lML1Y7PAnC z&juwHsX=)+GBxI%YKhQdOG^u1uQ`<9rLq!201C#JuTWD5~(!~6=qRU<%uOMEoRw*l9` z{e-+L`VZay4A+^x1$+9EF{1sD2=iv#*QTwcd7OT+{rhwhqc6}tOuTw4#fR#j1CPiB z=LPG9Q&SUL)R+ETV{ff;{i(Y$w9wpYXRb>YiZQ-E99*SSLis-;A$A8`S^0^aN%zJ9 zkYszoAbL9s7AjDcDMb)IK0-HC`Of`xgwpRr*0JwT$ejGEYX!^VXkNZ`qv7;E=-r*) z4{F7>D;FlJtV{6vfTL(GgW~==%YC?6^>Y~hnqwy@x^Y_^zq2*d; zC}f1H*>ga5q?JKHTLx&UA~a%m*vm{BRR+Fb=)jl7mQRG|nBKUXmCjqhK0vkuwVyfN zBW6M&kX2XXBJ!8|9oP%SkhwS9F2xNh+Z?hHZNSm~a`2zx=^D&{w=K>2fPuQZSn!*I zI9(!%;0TmK$1Eo!luy=A#9%^J$iAbsc266Sx;4H1jW=eQ5W@g_3PKT4vw^l0ygk{f|}LkQ=JKHP86AKA(6-V@eWNuYltRY97@XCot zaQfbMYX`1k{OwNYY~ql*O*^3Ms*kMo0(#H|Nb*83dfrBpCeIK)hU49pO3=OqwNjL@ zuAbxsOJYR?l1-HAcGunL$}$Hk_9v0w=hLvD9<-SR);C zSdXPo=ckpXs{%5bzpKWTkLHTDDhbbCVj(a`OEamr9G(ac9+&iKH_!q}ev$>2GL)*f zx+n{;kic|{@u}G#VLQ2^V)n#QJ?HSWjky`K)2{iUA;cX@D*tjj>-KrJEtW->0A>-I zE@5~k$9AdwlTP?`pVx)kd+T3HN8_8R_?XYuo41VJ)}Miy7C(omJjaPDT^}iVul_7W zt#?ZHsz~a7%VE7Vft&C8_(NIwIW_5i-HG5?95Mb0Zs1DGyG8rzKRd8> zb!BRMrri8D-meX?CGSB=sRPnQ<}2$LJ#;Y{5>pl%bCH&;ucq9>=_hpn6`{Fi9>PVD zvYNqH_hqaDuCp+&@q&J3kh>@Uk0IO9y{?OwsP|jn-L2qztI`75%->*;EU{Gv>+5N& z$<_X!nn~)9Tp>NNYLr5q#YcrUXH$iTTz53uH(q}e^mqiX_*vWRps$z2ZqK>^TV8#N zE{?34z=OF~KZ-^!^A_rWzDKzO>V`CYPvKSs*U}F13I9lx&81^A+nk>Y4CiqBK!<5RPe{Bl%N{w&YQK^25qBqHwhtZ`o|LG%^$W&6is zk2f%o?!ExVZmzy_u$>_LXbeo%xVcoc39CApxqX;oqYGD-*+jR zz$6s|&+x3$=HXC|#rvrqn)2xL0pjKMP1w%ux*+B2QRC~ep1AK(M~>Rfs(@u;i|1dz zf$iq^o550>a%mihW1^GJ>M$kzGfd>NDaQTuluOl}4RCQ?$+827yk(NQr%yp9QGT~C zA}>#_fzy%OLO_|TLnTkZ-!3fbl)o<8e<9C7!*Nt|_r<4utfd(>0bnFnu*)jDKBD+l zD_RM?{m5Sc+NzqOy;`G}`Le8fsJF5YTA^Oos8?NEsTS@3=wz`eX1hUoNP9?hNE?Za z%UHx?4V6P1nB5{krckvAQ*`C|-AuA`jxp}?)xy5!StKn(F+wsPeU;;&X;J8JxLG&- z;QRC=>kqz~Ym{=CWiW;<1azdCaShUtlg&{#_M?+N`KRLOd9WivG<;$Nf6j6QVbFR+ zG$D3ioZguX%Yp(bI~gbWZ_{O;M#NMpEi)WKYVwcB!O;HBzm^#Hulj23h%Jy@NbF{J zR2!ko%gbroH+IXmB%ohU3HVs*qu{G_U`LTmA4uqnT;d94r5Z#b=!$ZLvb*aefjjsq zo*@tRw9-a1_rU;@x807Uog^`ObW7m5fvNA<6kT%*9#f{NrPShODNZOG9F2J(!1vhh z0?Eof)BCxzrEDweATp};80Y0_xSppr<;e}s72kDgDy{nf7#UzzuxKNq%`vq1GnXBv z&tm!N0I=Q$#z!X5sgJNu@{zsCyK~Lue2}Hc|A@unJ!0EIU=w`{sVB5>?2C+#c~p6H znN^#OOio?f^s~h628COH{&{Fge@A}zrKGz0 ztDM#0u(9m1(GG)m6yKo7&TVD88cncJm!E3E!iOH>k9}ST)A=kWBUlu!enQYtDdOQc zG&%3r`n}rSaVJGxtGvB>*tj#h^%3%}_+=%x8tI&^FqTz*eNJ1DR`9hpj#Hjcv{AIF zX7L2bwo-7inOPLHqleW>l(~J~*fP*2j3DvI3KU zIl-oaK%zZJ2>DWuXEl1FMPQxng0}gh9Cf8obRfBOTc68*;bfs;k0U=G{b{YnRE{N* zqvaV|@k7&o5Eza~Urs-kiS$)3TBc_QB6tKx-Xt z{q6bO(jg*m?{?+o#w2S&z7Bb-ew{AkS(Pxm5Z);J3hC#r`NL&PwX=5! zlSP(PXQsR-{@$p!P6W||EkqQT>%*MNq!R?98(vKTEdJ|G_|?J>2RG7#@HWd%gUG82 z`vOAudx68pRMQ&?!3eFmde)R9Mdjz&7jf{4TCA1wue0$j&Q$;F=)LPE+m-9q<2Ro2AUVkMKV z_*5diOsOQD+C8)oVn8j0fKthLS+efd2-hM_{a{T)n#W?E)Zq}B2AnJ86JL-pb2M~I zsZ8p9$yQ-5aXmIIO(5giP1~*mU%=QJDap(~+FK|L6Y=7}$?1bIb?RD%P9>REI5abf zwn?7y0uKRc--ZU%+&1Viw<{}Jzj!}|yzg6wJsXH&lT?ikN4Za>>6wC_6D>xQ>wteTJ~EizI`|Kud;-4|3dr zNsM5_v^{JTf~=#!CqUaTguZqG$Im_>|IKV45%_~bzKae=;f)l11=KU+nj^!38f_Jj zy8oa+BBR&fenYXmI#$6A=84@je^B!!@t_R4cexJ&O4a$%(=XG4}QUFTk2W4pb zY%T zd|rA?JZ_88(;r9s8WQV#70d4IL7IMkylJId zM#*2rA#;G4(l?}_8^bw*7GX`M3dWG8l+QfYH*u+OvX*K@F9O&@WNW;i*70vWz&F5X zvU{drq_X0!?On%G&Mf?wVADXp0c=k z$n!P6OkMHMQ&X98$V_Ig45~@85}0}o_&s>eHA6c%0MxhP=s$MhZO4Xdrg!IK){4@ElSd+c?YOYc>BD@Z%CqpZZ#}ez^$;w-Jh;Tt*$al}Iof6SQYPL0-OH|wOR%R@ zNJcP6(MMCf&ujiBv5wzHq5BA>aSPIJTvas3T^Vy`{X46oH(+}*Q8ES!1i8legrB={ zh(b_1Pgc^3>0_eL|GimA>Owh~!m-Ke`+B$C&t$sGDZ^0EM_Z|p?QYp*T>dmX;4$IC z8s%(CqL-OrrM(U4S>y&LJtX1aV@{=hQ|grKj0yyz#av2^7LoV8&~kd-sH0^X%;CWZ z^#+@1**|DEmkjd%f(g1-NBb!x1a0_!Oe+mOkQj}{$SE@^8m83h!efx`Raic0ibs5W zfQ+ThzC@*Y;X^y^Vx$C5?Ui2F`}T*g#+5~I8r@9}JGs(bP&0pa!$g7m;y>Bmg*cg= zy?`yYIS``{Sn~!)x)K5w?TedX5)A^(V1yL4Opzy7GIJ|nuhAIxGJR+itr}O10nFcK zIAhUKW*joMX1@hRysoquJjbf2A#yOM=PD*yL!LPCAI6z#BggxO$TWwe|G z)KgVgAgA7IsHwzlZ$J8p!em)~cr6V?pWcgCBU!xeP%trJ;Z z0$gH`5Yl2pxYR!lJ)#{!7bGisZqR7Xb{Sh)Cs8R>it`$;vvB!+ehm{$%U*$h#1r?^6=;pG) zxgB^}j-w^s4zQynFbAkfvl&q#PS`g~#tV<`j8q*dyFZQmT>H??6i20?c1?5w&viX7 zID+VegWa}=UZq8FjQ~PTQ%fPqQ(&M%^t&q9djQEZP5B%)pzhw+N6)}rtJ5)mS4<*J zUU1U6n9NFWB7#Js(r}ApF&Th;{?HS}c2V;w8o4&zF@#tv2U0{YuQk->Z0t(OWc}jR z#<*V)i+_qZMU9oDD;Ttk^Kn0StR=8bK1qFP${2!>BhcrbY;-Q{#nHgTN7{>J`OFc@ zj_I5)aE4ds2*PeqmMm`Wi{=;it*Lo(3~AEmgS25n%)XENpJ7&*K{&Hy)GjI4l6z@i zqT+~}USGCZ&(~LY`rtMOylPJZS{r%-a23;`Om)yZWN|*S4XLxf|6`Lks~#}yoOWfrL^b}6cO(d$Ss%S0 z0(DL@B@h`TgDf`TPxbd-Qo{(@BAM(Q(Xt23n*l^ z^LUq5SuB%RZnd4XpekZG&pNvK6|!OPATamo)XG$PJOeQ$-aHrhzE{;-sAKCNKH}1J z=K^&c`YnzYBdp0QS$qema{yAuSSH31b36HI5awYFH*$0)sa5bxCa|qzf~zQ)H`r-m zNjS?xl^qu)Nnu<)>wNXTCYY|vH<4o@j7dTpIcN*yO_u4Fwn!^3Ft=6_2lQ z2SM&zZ0j`A)FtU$CoLRiQCx!OUC*bhFs7gqzn&nQM`x?`oMr9jh?Gn;wp@WTP@_73 zIJAg&-TRiv1@9IaZ)dQMCQ#}xn_!rdk+LOo*`-}P?K{y_-dfp)qOpxxXPp-{h{s?$9CPJGhxri*3lB+L#3Yk2`%im_KHJb2PO&z5( zNhYWL8c>l~OhF;wY;3;cI?<+a<`fgev(1j;Kd zsY0DpM$}lZ7U-AX5r6SlClOB8sj8tH9KfAC*d1z3bhj9wb6RNX8^?d{J!LosCeCA2?_ zjRDURQ|^~vMjl^2js2tRe@P?+wy4nBUMb>{(16c3%v_*`t1HmHMb*V{>kX%>>pv$i zoG)cD(yLSKWvhBl=a|#PVxc;W6&R+3k^u(We^w{K_WLKBOg0ad7%G{sX>!ff2ajHM z$+7btpkUqufefhHGNXhH{`+Ix_D{?+kHx1h07)C;)JqUB$~N59N^VjyE)69nHs{s5 z-!uv`Sv*rSEf-$4q|QukG#}fuKMN$xgChOJmkMv3Ew@0z?O3&xq4?8-Q&{X^5is*<7t7p# zVzmFZ!jS`oY#(c_S>B+l+|!u-))Wo}G83IAnO}acCEc``Z2&Ncbc~e943arN1oK=? zqS#rc_-+dAYhLy5Vayj;;+BFtZ1161skK$u9~Q3fQq!-wz5tT^w#?B(p7!e9n`G&}9TzefMbVHl<$X}jXfWP~+Wepyv4?)6 zGee7+vLfxmRKyItg`D%Bokw7xA3&wvtS(B`nGh2x{_UZ#0;`X{+Uj*Vx}mlSK!;XY z2NNo6*v8_+1CkLAJjLB*l!)4HE8qXC?e@QEyPuBz)+x*yC93!tE;(?%vOek)ZLlIz z0R$)&o=X8;+2a%!zTT#sedd z!mvl@*c(J@8Y@Z38UIb8(9i+lUmhy3X$k8LV>`0x&~U-~>5uA`*d8JRInjv>(=#7L zOp@M`UE8zaQokrLuE>WP&Wde$qT+|z99pliOXcOXRs6AC0rbGuilznq^gG?q78DB!n@faAr&-#6q zy1|V6!(UO`#>MXx8yu9@YNVoe}^m$Cf%hoGL2J`Iv%CeR421NimNtOGdFlI|p9VHYJ%stuKyZ#=E=x^}2X zI-jaeaKX?sc1N1DMFqdJqtvA6XY89&+hL=IUjhKyv=^04rrtxU=jV)f<@-t&*gbSG zRp!6YKoka`iNpw&K_z<1Z@7zULHcahxk67$^t#Oy|LJefkXG5xhY}100C9Zn1O(A8 z8l}fI_F6g^xzSa3(jPa{bLiu^&f?dS{$(74L^Oz@w7j$;6XIiZuC?RmI{q}&MN3z! z^Eh!^FJK&ms;;vMe^2BmPhy+a5~uKGfRN|4R^EvyPY1W#1IS_IigL4mE|MlfOJ|Ss z&!apln6N$ek5PdxX}+>Tn&6!2)K(_CH;OGshi3X2cHuAjdpzGnS`nE=AfAHWRy_Mp z#H^o;8X5a7Kh%drs}jwOZq3?}Pw6Tw3^1q%gM5K@C{}*`u?J;>9EEet^r|{E!42W_ zp22g3lCUpt#$(r*caa)CB2Tf3aEEI;DPFb)AYWjK-vcX+wWc3b?c*>IBJcJ~+DAz* z?w0g7!4?FqYG7oQm3R!w1X*8@5nVSXkhXxbxfcd9kb!vKBzw}WZ>=&^+A@~3EIuSt zhD3wG!6^>*!f_;MP-8T4c1TUvg%$zn$ey480E_Bc;X#DU`9YP*G8;w7@eCaHKQzNkDyBULDd>wks#r zIR>`7wJ3X989an86vI$7?FRgrIOe~_k`rjSqR<3;%G&@=mzd~333*A$1Fu-X3^xO0 zspvPpe_D4eMvU$|WRmyq3kP7h{I^nQszj#2)qHg_XU4xAHV;YEmEoEXT`Fc_$kRoL z3=*77>Kfg&F1{jpCzQxSVjKjw2>nJ*pn;pdUE~3{O10fDwEDodeX#2vU)Cx9ek@Vh zL}Up&?7{=&$jR`0J4Lu-iBt=5uT>kjdSJgJ3_*oIHC^F$+&8GHWTf0p_C-?y z=&^4%3=lX=_W|)!+*jY5tc&<7MJGd~#3V!5`;dJ$S`+2g6zdKfIaNd|u)=`)g~^&0 zkRqA+?=S`y$gX}R*^N%{of{62hNhfry=}tPT%ud8OU&EXRs8OUg!rxywSXlE7sw^b zXal$@W`~1H6k-AT#&v-iW$MPObv6|%pX-Ag<>?ytdNu~l<`j2)Td(+!@{cvGv(gDpN;3eCojzAdoMw1IsVfrKWvE-U|7+1-K9R9u zd!n4hYyweXYRR==5%DgYfsD7~Otai%vwA-nHzi46Jl4NSJHP3ERe0DL0QX0FH%+(C z1&Lwy-6riY)1-IxjN>~UZFQ`J(hmq}Y2mVm47z{-=1?sFv$jU{glPL#>6hT3B!d8 zrqpz^PnO3{m6`4nJ!SoyuPeWo2SL-lqf?`Isr=mySbw4i2E zketb=(IV$ciCroYiuwM%+-RG^w#qtcQ!#Y_@sdJd+%1<+%!U0g&H;*1jnBWu4tv6Y z6|aR_(i}u%R!f`V1n{`6I+e~7Y{*rP5tI5$in?A#a^5}9oz$8Rzj!^a(oIoN`GCVb z^m48uWA7Ws9GJ3Uux4I7E|)R1gn7Q~JX3$|R1EGMWDp7iY}F2LxnAVBx5omlKLDf- z>n=W3o_E&T_`6tb>=%rDD*o%U@xV}(Ved+*!KU5Qo&9au6N$iE>;#)M0sh|@wNP=~ zA;j3bI2NEF(4C`okGx@)UXNP!)a}crA`#TGbm4Bdr}{GNw~XJH3FfEGMARqK68*k> z1});h7LoMB5g$v*^G_?^Tnjhj@<n$AVW?T=kQgqz2%=DbxkL+Jl0 zueGDo=pOtn!{)nIY)yHT_dFI+PrDqnZ2Q9SXdLd4&mC^kuwZj%G{hUc_sm*u$pI4R zlYS3I)kaB4zCThuvzuINL3Bdhf!KEsz1@J9eI#~SnKhtze!+dwS=-|iIlkYwOd5?! z2M4i)H0UgN)JEh)tT-(+K7efD>u_7rH<*A4W<1#mjyEfa=p$d_G6TpJ*E$aIY39_t zQBD?UAAj_wJmxV7#?v9nEt)@aQ|Tsg1hcf@dLj z3(h)Fb}O$vv3)IwEkpe-+%+Xp;GAIXf|iU&K+gh>a}3blSeak?*;jgbmj;9a#qj_0 z)l{Ow)!oaC<-=#fP4HkEnIL1E#CLJfRK*AfqfM#t09t?@QK@%8wfsg`OEG}Z=G!er zB;CkyZwr~qdR7&rIIVp1k7&gd1;G?9zkcn=o}f+JAoe=W?Dx>_OT~Q=p;Snve?)z1 zXJcnjg(5{Dn1=Kl55uOLyZp!PKv9P#fvh$VMf_%%qbb#%=em6iBFAm@k+KmQS^zZp z@0OOTEdu94xzaAIS%AdkjqkN%Zc@_@IQ3{1>U%mc^zxx;U1 zp_sO@l`D^4n&&|>+X2N3O`Wk%P14pEpB?su`tJhItG~|CZ4(E&o4zF9hr3_DJf0OI zIPdu90fnenPn0RHGh$AW))_!1w`^_DujL_~6p#Pz;bNldd-(D zffGV80jtkvTG^@xpFk*cE=$n$q^R$u()wbW;3gB$!K|*grosbRd8ShU-Nb31u5?D)}VeG)&L>T z1MhX?G&lG6JP({76%Pw6fB{OCJDCrl5tE;|0-S~)Bn+1GLvoy}d6|PAX!4GZfNR>c5`qx|IJ=qj=p+S!DqWm8S1~idZSG zh>66OnYOw3v)DwfSsCqv_GBSWQTf#0EM;t*s|8yTl!JyPLQ)J{H*^O0RpmPbEpN)= zSs+b4{q&RV;V%)WR(`~j#&gFb#$(5SUUfcl{z5~dF@lcDW%AwxVNmySkFKAnj+`c9=(CzfmC&v36G^U^T2e1vSmU^R65ptfuO|VP) zoK#4wo6*~k)s*Oev9hryu2&=C@%19_f zhcE5XsSv=#V%1KOKPd{cL%+H36Zeken>txwD;}47YS*3alS!x~nhQU#<6H#%=)^2* znu8zduD%5z%qTED$jPvSBPPioIBz8en;9bZakC>fZeqDVtACI9{0jJSR%>CJ<~_QN zci00(Oa&@zG|RmMy5uYS`ng}6x0VJ5^0<8vut~YD#h+CyUPrINs~f6d(8j4PIW%Ux zYS`J+DATYllZy`+!p&g5^f|Z&T1{8<>+lz3eZLA9EunXQOkk`Yecu{i?3ZP)nYNBy zeQ*0Bk1s}{pQ9i)>JeeC_58P`;tHutVJX#h=PC(&f7D&Hq(ds3XCgZTSKPePS8Z9l zlSu9T1Bg32YdAQI$KW?;jPTSM`+@8938fK&p0KM2vLUhStl9teqT*Sg%rnn&rdk#5 zl+F_QOUoWK7P14R8?uQ&ofO0tB(-;T)G#(RI92FR_rN>i5r`-K4kI@fx#%RJJ$Ufg zn6U=#Fk9wVBrJK)zc_27RH%rd82=U{K>?PEGpl@v&%`31_A5T{+SLU0g`_7q9}ey` zqk1GGIMZbSL!qa7d-)8a4|z^u7L7GPeX!(ph6Hvu3_jT46-gBXU1NRbZ~R`p#lz3clntBm2MI0(O&+i8T-rSX>#4@L?$LGvj(@ibj~b3bDxYTgL_f}_ zreJ2(%Cei@;kd%>g{)RFl-EJQBu<=FaDqUE zO&8CPm+4&106^ZM=im(?P3gcHFc6-lwK);M`ffF$lS2EA>f+OSzo5okR;VYirjXJi zro4@L7R9m`Rb^YShY*LU70|8=s3}i@Ca_kR_TBe;5>mZzXU53HmA5nX2fe`*%l^t0 zBD%$X>;%-b5LVbGHd|k1r_LZ)VI%l{SLYq>kg>oJsVd^ z6hsK6`}eYh^{5o{N0+8-NSjs6x*rE=;TVxdlVk$c>SZ0^;vA6)nxm{q2hI#wk2SdS z1xzv77K~7EmvKary-cwY}GrDueJ7;58$zvk$`DnMqDAn++nlI!|nZ) z7Xcjj*uqgt1_s&qgBM1%UrW?XCo?k~@-Qn(RmU)?Xi1|vn#;?{eLpY0Y}p-tH$~uN zQ%Sy(ij-CwLZ%j7y8kJP%uBV#_LWA#fETyD9v+N8&ro$8((K~H@t64SP_A)!;T7z5 zzvaV@U5B2tbjg_#?JQY?^&A$qzstXx zlWg~g*|+QZPMAFfgR6~pM)Dprb?hlFnJb>UUt{cvAm`;H+Xd~M1V&JnuN`vB@pX=# z>OovHN-{ichY;SQFw61;OHYB=K?!uk2?YiD-?d|PF5CtGz~$M_FVLtg3KJIhFiNYSAJlSfpznVoO1MDJbKK&Ez{!1 zaOkGj2}BF;t3xEvOBPLhB`qqkw+!Yhc~_Ej61&k){hCJ(;B{lPZU!06)uX;y0Q$L` zQqK!gkE+!zgdg`K-E9v=#lgj&C-|L0UT5;#fRHLEkWe10$FGEu!AL>{BnK_EO6N0j zUlU}6AJ>_Wu5bloj~BV*DhFKaiQKeO7C(+ORwLNp(QpnuA(}sy!Q;Ea!=~z!p3; z)P~hPi>4|dLAwvPYpRNS^G{+$iK*Q(jX$02aBFjk7&ST1Y)26B zkg~__KP_j;Knl93ey6Qh_7{vQR={S#X1ctIR2qa426% zmq3wW1%`lf%BRCO`W0hwhWbXBuzYJ+LW}pZ>W%tZd`YLj9kw03x-=5udeowpa+mPY1e_-*i{1lb<6u;RLQd|_+#x{YGcakFr$XSHRU;`! zygeU#y1$HrLK6Q%k%I&u_Hg$8sX^>vsfSr7x8v|fGH1xW(>Cd}_dQuuUK=z8!Zvop zo52!Y{V& zFR(xy+P3DspAkw!Ei>${GwQx)f+AkeOvzV*9dB#l} zluu%WU5TnKDA~3w&tm+6S+qL0Oe&o@leN!m<%|a%nDAJ5iVEyS0j_GRtk_iVrrV?J zOuo;|Jr`y=JQx?2+w}%FWjJEvBr@tA+FWd{szdXxLwK`hHG90QX4?Du6UC#CSqDu+ zijM}sqtbHLfkikv+X1HYR#~GxB%aT{Ly*UiafI#I9SJ>;K>3k2Y`)n&S*SBQkmR$a zvn2hSjj3kyD!e)Hzv_F5!LJLT5a%J|pwL>Ap?)*r#?q0-O&fewpD8p2%nf9k}5dIOirtr3{w zrKT@6CxjUZ6O0F54xx_flJ2^jdAJgR7n|ubR9O{O0{Bp`-KdOXxrAmu*o=$%De0CO zWK=}q?pm(e9DdQlm679c@wBp}LAXmRrG3ty`Q`7mZ=!WJZP33WxWn2tJR!!)?m*rK zKiy`HnkkgUt}Tv{$=W?Mg?!r&koPt*fBaFb+@-L#b6D^zt7X(J5HDtsPo#JmP2c46 z`=HqXtCxb-tcgjH89LCT_lg4Uu4Ct3*a-?2S$1~)R)5AR(-I;rJ&AJax0WP8FNMK3 z6+wcW|M7o2g#fq_Ig3zLy+_8CRVCXFk`E@;TQ{Mj;4EJ5aH({kZt<=j_Q+eY-LpnA z)ex;rw&z4~ZdQLyBpelm67F&3Lukb(-$#ZS47+t5H2Ky=6-1=C1L|p4nmU7+0Xpy!CT~Uq`FFR- z2Ub=E@ot13;Pav#1I;+8JEO#3LB?H5=%jgf|IC;8fX7KF?cU9CLM>A}eY>rTr2aPL zmzpVN;qRuC@u>&sSzPuB2JVe6LvB=2o3ulr#NDUA))b7uJSrjw(zw)vVqY1mKRqAG zduaN5936X^>>BKr^J5g6%n|Rj5cXV2MBTegMiJ_kQ(Z%a^qD#JUZQm2!!e{6iS z2-Qf&TYh5wx^7yMFvgxh8!s*M`@ML_Rgfnb19KdAyhD`{v0IFF1k4?8vS)nx1Ztjd zG-BzNqLNB@$KpC+Y8+Lcc!cOJD;Nw}G9%=?k<(n0m8(#g1^u;8iaw$YF^b0nQ>_rVb39*A`) zHeUCuVvsji`K$}P*<@)BZ3%=^&fs^5eR4lX3DHKqok#)6j>U4`$|guy67j8uInWg# zxG3Q_5r-zzckld>KRDs?XASB5rb&A*pVtKCOAZWkjxfyTwrmr^2Y9H^5V(AbxP+y{ zc!kpyxg174!ytNST20uf(s=yJsqB5%Tg>PAb6nXbZ2haIJ%a9Jfk5!hRI}4gK zM(|?i=}?60luTHVrm1bQI_N|hb_VuT9?{Y{()gwibdIl;Ae0dEUvZy&|77mptXauC zZCm(sG+VcyUaDjm>c#y08|l%*^ETJWu?@c-xc{m;83lkxty)?IbyMFp?2{U-IT?;}Is zz8@Rh4Noj-ZC(CWZ8Lnt&QQ9u|0kDa_Ws$?rLkqb$vkGo^OE6^A4o1Iea-y>JD&+O zdj0=@<+lVN8m9Am%(stZ31QRLv53!1=S%JUeCq(4FW3GydAeEyoGz3Kn(h;|w=+FD z7(_!*R40$u+GVsB%4OW5&_uxhr=j(Ke!B{XFpUaK%MM^K%6eDD25@4j72Zll-oW#F zXYVYmbmCPCAZ9Ywv#lWW!;Gq|kJOsa*3O2k*PGbgNaz)BfTru|$ztWg?YnB@Q&qR6 zPM<7Cz?!HR)AVDE#)a3}%B4~g&8a&5`hKcA;1D6!s0rVNhv)Z9u$uJ8XoYpP)0!ye z#)b;xEFB0*(OUkAdYj+;oHOeRDF`JiR?AoEfRV=4d?4iSRF3%-EN_D?s_ycC*M{5$ zU_qN(dMMLS3vu@#Q>y~Yi<;4S+tiuo0CZMJy0|ntIy<*?!a!qDHCTgaU3gyvp2rmC z{OokR`>{s^0YWZRa)cKU3s;UblAWs1c=<`M-?7q8%aq1p9qaXY+pJE0N+9SxM&q+V z?O_PfGunFkkm!*>41_mF)Uq1S78wD_azhVR^z%vttD<7lk@k96M65`D9pwF$^$z{x zk+yce$@O<9lpJr0sug@>;ZPDuHNlrA0>=c1Y#qNAH!gTs?7+ce%%}KJl9BgdZ{R5T z7F_1Ww|go$np=8)@k>)@I_k0sPp?fBk4U)03ET6_Q8_g}fok2j~l~KwHSM@=L-C-YkSg-pQ zim@#o1PmLBSlHaaShq?0{iK-Y&{o2h1YIMK%>BqC#Hef>w8#ONwk^ZY>}x<7f@A^S zHQc>Dvk)?AQCv~lf}ThDql~lZcq#+nK5(d%h8`d=7gaCQDFzEBoj*X%vu2+sOoYM3 z_x$bj^4aW5Q_+eb;vaaXNGCZS&G6PJ)Lj{5`0p1s9l$34?(i;KZh#h2L>fiAzP_FY zCS$(7*b6=ne{bQen*DD5l^lGHf*WLG#^n(F(Dk0Y&OO!>*yWQUdu~^1Cn+0|g_G^e z{fJ#rH#oWY=HUghw=;XM*|XwW zSA2hjvb6w>snyLs_YwTnZ(`q6fr_=*Wnld~tF!QEox&H6sqPN{n zdAB!ze&h%8jKLv0tmRvs9stz^nE)t**21fY+x}JsDN2cLkPuuX?Phm$s&i>T z6FkjZCw$zT(agTI7-A2vxMz#$?plT zJ3FLvNGlYqghHHiOEKZ&yFSQ=2nTtRUI~i()jF!*BP~(SkBrHW`R|SQ2rTf88zW{s z&F$-d@7FCYqmHBP*t6d8oFRA(^I7JxowgNAf0KT2&}fH|3SVH3CR@#3SswpU+SiIX zsp`z19AXxrR+bYJZ<(W!8Eubbp!e z^(|@PYq1G;;y`f7ZaSr%skHEFWNK8O;l?|72S*~9`!Q|m6#Ilr^iEu8BwZMKmrIq( zO?N%~nzRxVR&E50y`$V(Cv!^?@e$^5@R{t>vB(5>- z2SE%kMAZ2l|ESk*r@2j8=Xn!JpS3yKMfF){(v+F zaIt_zQBO(Bx4Nde5T(QGqR-aBqnk*rz|9GIX6bS`w@8F@oaTrQjEi`|MyGnG=K7m0 zt)EAWF5BdQ+Wo?u%TzNn6U8v>(XhY*Fgm4+>(^n>AN0ort?hppJjLCQVOrL&esNa& zq91n3EShUqOI-fxx3KiakCB!lQqE(*1FC%EA|vlZO#d)9TSJ9>>b-I}Mq-dEu-Wy6 z4`fC!u#MSvaaTjoVut$$fzs%~+Y7mV9j9SAEDRe^%nnFkY)9ZX9V7J^H8~LHQaz#} zH=HQ3N#!)F3a9ca)eHzekj|jaYHwLeP!1ydo#GZ8#2Ece2Yt1>WWz(+bRY9OTvv-< zx<2B}JhfF|rZFi34vO7GRz>}`^qvH*>CzkK6Xuzj#llzDfGLs|E-0APCy=4sZUgG%^YbjnEH4?nN4&wBI*=RBI z?VNstcr97cSRE6bOl(TUQ*8vKj@Tgks@54cn5pE@bzfd-*YeY1Yg>4xT5FUs zW$BGah0<(8Z1uuRK7YceDrcV_h$Z*8Od(!iUT8w-{oBjroILimMlNVJsUm?oxO_`P z#J#)W`FjL}jzG!xqRNwM;m(N{n1@-dzWfog4c|5~Wb&$T$M7rAH6{b*_hP%$7eTVh+Zs6LaFvZWcG*C z7KfuC^08r%BIRzmNw7IzRqPXjayE2tvYpoRI(*NUR8PDjn9Qw6J6Wb@auDw`n&+*m z0}#G{T8^s!wlX_zMd0v`8z%Al;6tJ)3`qKGXzu>afL?%XBi+>)UbQPAc_`PAH z$7~}~FQ)ZlOh4@D@OXCWo(sQp?V@d%E%EmuR0jHlHmvvDJbS&DLFn4M{@vj*V0Xk~ zg4vnQ<)lu$2YLG8%wGn+`;%qKsQ^@Fku_G9)htfVUD9Yh_mT9r=F{)-hM_IzyVDgT zz%Pk-im{?zZ=0JWf*uhOA@w{fT~3E%tl$1Z65yO$)mkp zO*d($ZU6=X1&Lecb3EOod7)jTq)YRyeT|Y{#V5YSDKqeWVg8hdKYHsf=X+j!djD5? z(P|82d;-Ui&jp#1IjcJxGaM4;Iv?fn@agLOrt^ZyZb3RD7TkiZjESDX#LJ0ZPJ2ws zbwRMZRdeNCRC%=TRDe%U=c!m)mm8lR^?4;~58W)^ryzx=G5(5P1+JDcjTIS9<$KCFMQA|CH z+R(IjYaOSC(N>*qTDw9&L9rW!?2wrWRSL!ljx4`3N zF0YoDElgCN9Km_3oLW4xw0_jalBAq4WK}OiqB=AyhGHbj;to5+`%?FF1tL81U}C}t z`}=I%Zgm7B`F!+wU4n9M5oXXHw@5Fu5}7{O{Fq8Am`}Sd9k0<^gbcNqo-V}Z0+tJ- z&e)I9=uuc^_i?6aa%|#kfUjIFm|R?`%ng9iE(oo5;MN*<&g{)AWpl=Paf!)O?>x_a7<$`i_=N2jV2YL!y zge z&?DZyEY?B`9505Bo8d(V@lj-K_*RCG5HE^1`due~|1gVBwJ67PKcSBk>e%b97x9~Y zN{&G1X!x81`eE@$8V2@Z=Ig9x?lWuvuOY?kNMUyf;d3cH%1&8fY2%oC9NO)A*B~29 zh~#ON2JaYNBedt=4oh%g? z1`|uEMet~5d07|xO{~J=^7!u0NyUtPrKRrW zF6fk0|0!uqKR%X0F0-l!rSO)V$hYjyVjr6+w3zE-D!TZy6LhoeB@yRle|~&m@mh+W z;XCAIHLxyU1dqp@w8`4lh4i}<ejWn>q zTs8!=_kPkBm{QMz{WM8{$2)68g2g^B2XLOExkc+vDUfHse-x4W4d8V6MCa zEs$xr}&9fHXOv+VjVW1z3Dt;mgIE)I=g=%pmmM9)kKISpkq$2Cq{C02)}6wG6)1*DM=bgc1mJpeVZhQ~K4pTTjZ4D(Bm*`Qy*1g{n10X<~fvS9LAT7W;7B
    =Q^rM=r_Y&r0j8luE!OQuzvqVt`-J-y?}d3n zA=UkMWp?ST&hRS8-l#SkV7QGmc;wlWA4ZoKl#;66J{6g5LwVPM#-oqNH<{BUDRwcKHKh{T#80Te`yyo+-NfV}6t7cim{S=1xa%EDhl z4SrG>F=_;+I7v6HnZPpl)#-k31^g@%62*TEPT02J1l6tdsj&tVb$14WoXVyA5+iw| zBh_vSdiyx0bbjBP+wJX+ZBAb*)oRsU!LeCrC*O^?ToZ8mS{yBSzHFL*+EsXHRY;-g zx~bxiX_>Z+h2>>Xla;V@`p(^X>(-YWVK?D38G^uqu^JnG@r;4O_Ecd^WHN_fEG;MN zE~wpV!Ykimp89Sgb3PkkUx}`EBG%Gh-=+Vs_u2^ zy0IP-s*?V#53@G z)K`eULrjE|88f2h6(<`fqr3{28EwtDo!N|ft#;r7K20@G!Tfix^OPbqOCFJWo4ey*P;rW4!8kQ5!r;U76tMx=Kt|sMl@w;8NOEA)*{M>z+b@~a5xqp-@pvP` z82h7ai?y@^mJXz`I8mEF0cxq>eQlZyiXdOSTNLs+)qn+~_t=#jK8{FnWB_deuT753 z8;;w6>#a2#3J_QIu~95vb)j5f93(8;iY4!jqLw@2IZs!LohX5u`+(kbP}}?kkT3YU zS1e!NyoZ3t(zNHyT|JFgUKwIJOe1lg(8qiS$j(+UWfCEC>TXW-y!~v0e50?)GG4&V z9>xA8YboGGc?h0cSttn|pO^jC>USkYu@BX$Z2Y<@h16V^BFJ1r{Kxmj;a+gho6 z%>VWKVT9lT?tBDYDWY7(JcN0#lJMTk=TP{1y;MDtSnw`~F>NhsJ8c}qkp$pnS`_*? zS;2Zr2XNH`SczyTO|@wO`Y}`O(cMUG>@+61cu-!MfBpK%JE?cbhb4f=s%D$%wO9_a zLG6;r^O^}1y4LC{40!X}0J9>z+s-lNIN1_R*1CHjXCt>wyyjQ&q7Mx>#g_>3Ka zaLTBa)FwRDtqmwNs2|u5b^pX&D_xJY*+2dAg^4l2GO6dBz{o&fqkiSyVGWqos+yd0 zCG)N-xv=LgmF7?lW;T1655D6z?N#4smn9fc?g$||;9JV%on{lA+6%1CL{cCxNUJ-J zeHVBBu@xMoswsZodF#I$sYYhg^+wI6vlw^GtnBQi4q3)g@+R{f{e{W*r%Nq6)g5}4 zbNwuRO1~sI%A6&TW<6 zsWOU^!75}yI5ZxpwZHR)UJi|*H<`yfu?(Ge@gM6!ILOW+x`uqM1}M7|#8zM6yPsTW z2^uVnl=iAl$YYFlVw!sfnBJuFMK&QgLcjG4k2()ymw(6pcX|}d5>+5#@-9?H4DeNa z6gC0*M|i=)-t@00ns^owKD7sgU%a6f=Z!3POM|D?c2q~pfG_9D3dy22^Jo_)Y`^9N zgh}e;Xxq5bK5s`x#FJrQgRc=VwCKF7>o?8!=24D>PWx=HnA)>GKvm2#E7$$(+vBMG zqfe0y77sW~iVQE-qXwzBYq!(AL=#yd`V+*)l>l!3?IVSe-3*VTd$x8Ng|3-RBV2Mv zT3==PF=N5$r&T>cpE_5l-Ptmbu~zJszz`U%6ND(%6)Rge;e%<)5WeD4B72U!+`hpH z51@J^w)soZC2$5o`Ea=LS*daD$w{f|pi1}#ene^N9%WGRIs?W6{OG7}gHJkTa_ChR z%%fW|SitUW9J)x90)G9T7#b^R(s^>1vxDSf#0(R=0=}%&3t&chus5qpcP-Zwyr4zEZd=;{f&8yV6Dg@4^Z_Efu^&j3g^dd+;R@sl&uf>pVg zaB-b3et-+y*lLWnTW35>3S^|{N%6Us?p%q%Lg2lPeI{!wINh{skCdmQE0aENC3Ts*nVNMfm`4Wcv`;9o6ex6zbH-eO3 zUDT;{Euv{BH8pqv;TQ5j*??O%uDsMstJ@AaC7SW~SGWzO-M?qKUl9Mf^+&eE@f=0* zKWnf)11_xtzMIO|UXWgi?QzuG43Gu=4&Qe_6N7v|h*G1tLNYR+t(f0%lL*rOh1N9Y zKzx|H@ASm0QE+lS*JAd@o6l+{$UY-Y6jK=%1RwbYY6v&=g8zDw{49SdP=#O;cj_oF zH$W>(9Ohp=Q6 zx=tb9O&gu2Sm8NhuisTMK6h)AOWRU9^v3fNI@%I%I6sY%t=DfvH+bUzD^YdX*EYwn zfpdJPZuV;OrZ62{*DB9WZvDz5dL-h@_HV~td#Y!zDp2u$ox@i)1JR`L{m^g~u{7sS z>7j5AAF}!l!-l4-j;M#ZF{|s7(Jp3P&%Rflq!b@lc*<^?viswX=;{T`vpVDDNL@3R z2A@T`Pv{xmBKiO{xRzHyHHL?(ldVj)SVzIQ!JDp#jDC9Q#EBQlZnr{xx$YgK_Et~- zHQZ^{^)+t(%>6!8x&H-(%oHCp5ON>0`oH!9S*ElE_|@g=mD;-Y15%k=i;~VhTt9n0 zM7U`2u(3T>58e2<`hz@MrDXrJ0MmS>24c>H9)nR*COc!9wpW5zfcE2K{Ad-W*w|p6 z955f;FfCe<_rI_@$r*(@`!)p@y8XGM@@EGWsGTx4g5OZvFNB>T!>&vgnIirTJU!wL zi;g^w+?e0iZ#=Evd9kNT=$Dj4`d2jc0|q0vcp#1epdt4R?OkudXw=XBa%%~=NU$Hf zs4l;BB!w_tZxlsL(x`{*<0}8#L}`pt?eYjp|2IIGDt7eU4F!s+-Xlk(KCkTU2{H}s z%Z7u49p2Ye9_K%#n|A3`=SOq|Ib^aU;Ldl_&=xqegpR3B|HE3dG)`G%>T14{1YGU0*F+L1{MS*N-KavlCwITg(98q`kpm`Ht6%-LN@oOe6x7c6lhfQ}@fxu7 z>w-E#&SeQ_;()J{-TczxYM@@XTB3#hdzRY=44PcS{y6PdIGD_5Wb4;43Mv zS@gG3xxX?~XCQ8jWDI?=O4t?(|F7NHwh4TcXGm}tfOrk~EiWYjuTy`|UflFVwS8fA ziHn$OiM#S6*4%hls#ba40F|HF)4dOvF>Pxfc{2f_${0Ppk7~p?k(Tn+>IcM1@FA6UCc^rM>xLO=IKWU zaSrgb-pFjqhMg%`2I2yWehS>&7G~Q!}_*+!o4Ddn{4` z#!Fo&Vx-5#g!d;D;o(k0b8qfa)e+%*n`54sgn$BF&!_P+ zbrvcOgPLF?{1fBjG?2(vRgGfj;=9sc@7`4FB*-BdH==fPv<^IR26^sX0{KBwxX(z+ zv~LPX)eO>>$fJOAG~V8h_rEQ5ns2{5L{yT`&nhh~Rqb!a=T4hpBQA=Ph3!XnQuMpH zz0ULRI7}$+q3yM8v(URbTFCE-x)iJ)RUf;_n*7*#8?C05Y(A``M#tx+zH4v$m=Nwuvl@TerSc4I#EX7y|UJY4_{I?2qVY~-D`y_qymw;v29Zl zzjuy-UVJjcP`0-%d1bP9c(u{bf};{6X>~KmQ-!^jn+K@ADLhU)>Nh*tQa%Pi9`VyH zqBBm+Kv6ttiZ5dUDsli)wOsmp;tGlM$|?ztv}&1lA-t3NJ;)-id-nT9I^sr)4T$-xc1(8V{RChIf$gJzpG!lKB{v$UJ*4? zkWb!)9DW&mvKaJ5xC9$mcTL?h6g1dAz`h>dfx`G9y8OC5{OI%4)t2%<+g>CCl?d!E z6JL#L2rZ|t&C69r4Tye!D^D@W>~jDDACMXp({hBZ%rUD~jXG2s3P4mElL4iPN@Wt(>D7Uktr1CV# z!s|@S?(37c+fIwtI_R5$UCsW&rM9_~LgJF`Xa*h5%C)`gy-{lG@0Y-ae*p2Igs%%$ zeyr(05H%OIr*Y>qXG3YwDaE4d9S|jz68e69FlCvg|3s2Gk6MT?b%m1frTyYc+#Uaf zbxkrQ#?{ka5CxTgdbIRk>)8vWq3SZPJ;v#N!{aY_d~jP>i3Z>eGfGOhMP-|6m z=K2KSHKFsYa`zNEqkFV%Fvci#I0IQAMxw(gqoTWChm-E>cJIHyE)V*l-`fN&1OuE{ zdyF2$;C~S&L-3#5=!@YJm^`OVm`}X%_7Q)ZB9M3;T{GUAcxVJ;c$A&~Yqm2EEl$Au zfF(`4PWBC`N|o9PhGxDOK4Io5Lf(p3B3!M+8oLofxt8t9;iTK;(BSNX<*o6<{m6Qk zy`XomDo1Pcz;RG}|7hj0WszN}atm2{^7oBsxnYeh7xY!|AD@(y(dV(> z$Q&;^4@%*u)yBSS@+QJluVxjkvukHn?2MQK|00}`g*aE7UGF^^{-9z6&>o3aNfgI-{nYE$h@8u_g1C2{bIb~p7Cl# zq+$&;DxJjn&d3d)K)PoEYMVd7FiapOL09pUm^pd!&AAVWLrH<>eLy-hYPj}1Nn>h9 zN7kdCbpErYZW_K=R^YQ07N;JwIqx=MhKyes3;J-6y~6yB4<@1mWa@MB`r+9Zu`8X?j@;U?7$Ap_QH=bZ{5WcHMs#LYM*KU3G zn((Fm7PeM!LPAoNv+>1x@iY@7LICEU%s|1Rq2t$HU+XoW#O@-K_R)1XRD5dbNui&x%JT4A87#I0 zL@En1dd;3knXy9gm_ZHAlk3&)K3ZE%f*XjgCFtEK+U7RUa=qujt!#VpNUM8cR|oNP zWsB4VO5_i0sx`pKBAXrPB;QY}isYSNU}_lmKAh2N-aNVnVd#uf9_Y%(~$)XH_BQVwcdhxh2%OSxwqK zB0SvU|9*mEOxW&Tt6F$5^;;-xEsbxr@h=Yik3<-1^2I%{J@>Wt-rc2cbJa&!bGy@b zym9YsR~8<+G)Hv>>^YQqoN5Z!w-~+*81)EX)($w{RxT^l&yr7Hl@gLL*>F0*JZ*72t;XDS2x9zMAx@KlTMpGF1Odvdcs(`aKm+m@uE)!>NH;(=o!_P#ZD5GKQ8#DXpjqQi z?COOb;xVrsCzIhry$#G_OZD@@!*}Ru;(Vq({AT_i@o#yp3-3Fy5Xd96f3v{q!=O=UE7p1KFTLKO-4o9p;Lowp zckjeqa?*S;v^1+Z2A zfA10T|Jn;m1b7Sflns0dHNRhS8mw6_cPRg7^Y_pA62mCeuG>VXp;i5VT!xA4Z;a9Z zaZljJinRaWOa5I+|GC(g|KHov7y9$_^BaC3A)9hvBS2tm;O@)#($bqzAsELyAmj`i z6glVkPfP!^f0alHsS!gZB-7MX9em87UA&CYnjVLnfEt~`kQbrNZt-qJuieO<7Uq}j z%YD&92}cECC5lNBL7svC_eTM8yg4dW3%qT`)lBjQs@&@ZfDG`>@^m;^J&-8B*w~GD zKa|J;X$}>-T7so!X?Fj!A^P9zbVyhLigl?-y+8AEC&rGA>eoVBKuUg zmw%56CA%9hfGr31P{GZt?a!Xqp+71htLb^Dq#_F}%s0HPKfr*G9j%uy|3pDwu35T7 zy5DsIQv2<^?jC+$@r_C2et8eQP zT}xcl7FUOcD7+@Mq8-auDHODQ&+{SFl-W*@X40k0)7=x^HQJKK(ijy%lEctSK}c zXDeXQOtZYkQ^~DZRUqASy4g0U6B{k1pit6UXk$Z0_|FgPoXnia2P>;GEhXKHB?XTFknpmRy&4 zjRZN29lHIo# zE#=}Wg?&*$ZxqP7yRRBMK7=hMUQT)@&MVt|y}QNLSeRm)uQaU(tJ%;>E|?24GSuRF)C*LBu6yf0?wbtP!h;uOz>^-0{H^13%y?;cSI` zJHfcUi%UJo_UnQ!DcMy6P?MuZii7w?+2w^2#>*P0n4VFGKkRv#3@Rn(P;ik2Lqg^N z!Td)LwPdWHv{Bn+tydYsda6F1GdFXi(BnzEdPs|T zDss->@@YYvvPcHf<4tX{cLtfoahI?j4`SMhTdzMj?U&Z}C@CTPgc=l(1_YkT?}$#* zor4y)^5}%$2U)?HSuI+cEZ@7XH7Z?l$#r;fR&50q>CT2~ z?k*Iow=T;O6tunn^mh{?@;qFv=>lTa-LVbEUei>gXgRAhA(pt{idXLwayCzEhX1=DZzP`V_ zoHc+J@JDLg$Nj>;Q@{ba`HzjaGc6=J~H)O>p%jsZ}(R)M)Hjp~? z?~nIx1dT8PH8K*>zh@BI&U>P%{&NKU0m1b7>l^v!oHxqd3* zU;ohJ7yR#`1hqWk{~SmE^UVX#lom)1KO!aFTMF3Ot|=-kbc9_Uh2_&lMn>8l0^?8gqQOl@F2G#KA^Rz#iPvnw7;(tJD)H8ob# zhEer)+auj}N;FSXlY^*S`-D{m;L-d%8BJz|#ndl1yYBdE5=?qgZ=UA1`ubklL>&_+fEeXV{{ZGBnrUORYX_;+$K z{47MeJo(l#s;q3px!?Qn&`;w$Wxk3ekfi-BGiXd(AZ&&dqGd=MLyBjrZN8itv&9z!#<~`XuS--E} zLB5Q%+g@Dj28Ksd)|ckwR(+pz*@;_m4+h~01BM>Ay3o~mEqsd61_vUcS^NnXg*t=o z&`<6OT|rVaC6~PgWccFa4dw9Tpxpzo)so}%%@W{fggU8A8@I|Xjih>dif2i6OPIkz zFZP!vaz8JHexf{~!Mm8&)zfF%g_$u)tojjU7bs?utu!PGIvr{|sd={S?={_igul;7 zKG@rjh>MTkj*I=(r9=QZe3Ft3o&k6t#e?aC`8*{~@mc9t&z?1SjPFAi7YWO`GVadJ zAj`{#>DI+_Yp!mti;%ETorMqrKQTHibq2y8RLx$$swS(JmnmCIzK;&>9-MP%J8ndz z=f@Yyt+MMkQSf^X>F|2dq>)NbSJ>m8wjqCBJTdI`Kz)NiK>Y8ZTtREFKJmEEXOep! zz-(`*$Fsuq%Rk`7pO5gLxu5UkRMef-J0-e0eNF50F4~)LtuuoHD=~JpesB{81ZFzl zjb%FbBOFXJeJ~XiPWj;A;2Ml02x;kP>nT!+x(TYhpRHw`F0W|bu%Y`%19V41XN4Tj$uDk8ZOc6mpRu zg8|sY@Qbk4o)AjMH~ISlDkZb^cKINErtrf3$V$~-B%8bc4&aP#V5C}C2j!*%0g26^ zWcgT>$`v2n2LqaLIidPL$an??qLZZHFDH;^u;gE7+bqYEm+ehLbr5`#`TW3E`B%ZW zx2~TlF|(Z?wuDd7RZr^eEl-N%w9QcYd6d+3b0-!?5)wl^-6`a!-Y*2ytz18T@zo~?tR zvs3D5Y^Axomo5;?kd?Y|YC37j)aczGMC_xZzOY|kjN1i>7>*n|qESbdrI(h%H_r7B z^^FGcllV{el)yAh79QrKR@depD*9vh)!H7IL0w}f#Y@%#>T6y_wtnO6#o?KrX7!Pu zi72bnj}tyjCRuO4biotnP6?h-OYZgF10sJ?Zw+10-#2ZSUm9Z$ECo->$E)Q4r{@FDHhkm)U3C1=!lzX)ibV zc#t)Nn+2O&USQZX`$Jehu41ZCVi!jUR(uWN=jmak_uh{ZK}C?ZyN#BhLc&#JauC?* z6pO%)CugzBl82r@u2*zV8zU(T=jSOP?jGe#$UJLMjLAeHUPx=NGEF>;ja{gFFY#@c)n&>)8FADF1@ZuMgW3@SBR(=kgYcnK!5PLEN1ODRj*i$DF;^Hx9~} znRRuu<;16%A$iD$H#z`!H7QB4Q@x=4Q+A7r#q5gi{N&DIbL|+{AE^M^>c<{*atEIy zd!qnTDXZa95f$a64M3GuyyH7~`*Fckc=VIy&hvu=BF`OnnB~>!a`U+7WkcG|k?JWq z>46#|DAnuYs&Sg@9K-R-XlFL{z?-bqckOto}45}l7lbMO&wnnP~6efCA$ zM;msmqnUztZx_p$?ISXdjU^!5ojUOdbuNIZ(?*+7Rj?|)spvqHXN{=C?17M{Si!X9 z+PvFYEshS7ovkjt&Fhue^<(om`_{C}MKX+9tvC$HezdTjCzbWbK=v-jYS!fKn|UV8 zd4W#Gh{|eDaIeWZm2dTY{kC$&Kk#;}74f|a!?{mGT(b+j&MSQf>H$8K-(pFi61EfK z#8-4c#Vn?!^}~Jk6C-FQ8hve*Yvj|>ZiRK$vH$$|eTmqIqSmmxGp=IDwdHwZR6^H~{-7h$Mf<|(lR9F-MY>&FK zzEL|`g$JIf6Qn-S)|9pd24a)oUg*FSY-n>lLjqy)yq&sU`b`I(C*>XvZ&8_9Qd(D- zcq~uPI6Myd7r8LKlfxb-jTeAU$uSgfVz&6ULTY_V*SrSZ<2kr2t7DqBCDlKZQKf{< z`+!Vuy*tP#&2_-*nEUCiyrPjyZ{uGbAWevTdRP%Rg1T6>{BqLOv@amj^cr;uC9MFc z;Jqt{v!-=iWMJU~VNAAyBEJH~fR<)car4(24P6gSPkuf;t2BdUKyUMc?sba1l#0Bt zPSkm|r`g~4=3M>oW3Cv92R$vO+kUl+X?;YHCotKu^O z1qAWTP-W9sABd}IPhdY_M| zVTgN-d17H5MsDZ*iY-0QOgrG;bMF(+BwTT=Fh|uH+?k&*i($Xxr%~!dYU>gOwsmwr zl1dk}mqvu`9__|^ab~kw!Q)ak9p_!Y7anIlEjQUNu9Thx5>!HFnpD8T_4ZE(DAt0k zCi~O%@H?Grqa>l$Q#@Ap{jgFac}I_QwSt=*Sw z^u&VzL~uQov7baIRXY3g?guaDbZuLoXL$MTLLC6rn9d@;U?!Dd70gPnhlpwTP2nEV z<u^Q zVO87(-c@0dJX^%@x;h^d>Q# zj>6trI!`+HjI|g! zn9e@T!;dlv9RaWijtfhqBHD{UuIKGhLg#>C8OuH$^zrstqz7|P;CTf$mj`e0E>K5& zquAwI=Fl}iEB2KMS_fKGq+voSzwPoJt0QM1>#I8{v@DSyw)s_o-gI;OlZTcLy8Ba4WBOpyL?9*B(E*DqfH(b}$3(}x! zIgjY_tJM3ujP#?eBkq!f%kK)^(dl~nNi`c&^5vB%ZkJs1U6+uaj0Vvx?_VLR3 z@B7<_x3~8Et{&6ntV0sQZ&#?ZffITN3W6hh&@--6x*4dfQR(b?GT6sXZttDV%tIrK7W z1##@u3vEoWTM}HdnDyXzWL!9T4r%DTFS1}-5|VRKDqt&aUzzf?H#bvts^wzXGjv{g zZeIGX!cbng1gG>?;kQGwmk^;xa6Uw;ys+k-_PcLD2M>=dBXO`SFqg(<%V4teGRm`~BaS-4vZ`)-a=IPZ5K zk^AXX+`d^Ti3(4T#%agz+VtM{non0;EO3%8CI2cxm)^s<9Dk@k=Aru_e3@CZ_g;p^ z^})3DnL1>@tj$Nab8K(tE@kikCyru^eTyhg2<+qAT83Qgb+$XAR*yA?03KAobmno@&kusV0`LY z_qyjb=NkKhAM(y*+24GqkEr^+^Yxk58vIwvfl7<4p#=7&2Uh3pS(Z0+DA!qPK4&Qx zqHjdlGd63EYDRq9TS+kUiS{)AuYkyHonn+(_!=g}l7HDOggayO7sqH9PrH1 z`5@fhrm3~;Zc|WiJkzx^#c-pJIak&fCbIt3ySVs~u!0k{Q^lvq@A~!YnES0UA;q27 z#M&xd&-FEu0J}V4y5WG5_cx$_GEucwQG^c-^=DlXJu3AnM_!MNtZQr=A{)`Fw!iE{ zi3QKiGv`1&wqNwT)n>*rQ#`|=RQg?K&YC>`w9@rsmfxRK^mZ?qk?Srt<75qEU5ix-If=A2LF5n%u?7{zC*a&*f#vw zacp7qz?W~z|BotgQF@Z(F9%~?%e-}co8s1_MoCR&ar*gp0sZ+FwnmdsWBFSsY8TJU z%H<2E#w+xhu30Cta-bde5a#D^)hwOIYlif5SuzY>0p%pu1EA~ah?;?cN0xNW5eM1} z%9f&hrenbii_dJ&dDLWT+V;oh*_nZb7F(^DF^S2f16m04^apVF54Fd~vKYmD-vgdr zP(4qBf^(y_59F~HTQ%T?Eb&+JH|mD1ngkQor?q4TA;r|Ga?MhxqP7HbfzG<#UqPOn z_+7`BcvZbeRTJ^-7V+~ygHkQ7CTkp@0k&WUIq9NRa@Ol}`R1r!^AJX!h!EDQGdRFp zD_~L}vSToDHni6Z<9~96Fx;ndb=sp(RTc6fQh9HYbiL_NmDd%73_5){$W%IL0#4fU zs$?U<=Es`YR!LVJ=^l23Q9B<(-xQw9q*A;ukb>CVBr-_%9eqnQnofBW)|SS$`MQ~8 z7FT^=bS{G)7QkCf`c>}e$n<>9>6jP0e2q*z4a`7}6sF6oQD~~}?$N$FR;%bB$CHjZ zo5FNQq8IT+VGO-tcj^e;i*M)~bS7`^hbZn$v`>Ls?h}3IsWUcjryjBca&Ga0PJXT~ zyqxLpQY`YVHqDd1gJFbpukQ6yfK_!u!0G)QPu6m$0vHU&ba6%c>Ru=Q!(yv(Uu@|V zB$(QDvTL9&n5tdSh8W`d$T$WCPmk7(U*VLPU6;<<%K8=aw3n;J6V>tdTruA*aOk%> zY&w0k5Eqii7ePD8TT?P)E($P*;FBb`+H@9M)F4kFSySa#LX`@`us%V%z1Wlg1Fksb z1w!g3Uq+S*ivY>?oRJmQG&zCVkmIN6f=j&|GiJPraU#XDUiq8k=7Su-;pTX?cvo6; z4FrCWRVxBTVF)d+Tm0nR>brRtiH8}7aM+{AYOvX5cueAEj+bBbHGyNp%HFlTx?8>p zpR7yn6pq=9fuJ&1h2|?=?%HNrzhmIG((Cb>sVC4~N>ew&umPnt~<_Mm|f0)6eCuxi;7U zts1F0Xm!M~g3rNCZ`Zytpg0_8yo`%itr!uX5Jo=d{^ZH+ulyi$T9Q%lf$yG})*s)^ zF@~(PH@QS7@{gQAHcGKrAuY>}61n@~1p`xC!v~jB(fiRK^4YPe!*}3j!x~p30G!g{ z(fM(@AgK`?bst7^#2R0A)=L+m8x~q5%`Uegq0!H9fvGp!8;;^xDbswJfynCkzpwIT z)H&73w1tQZGLk7X_hJ#|h~<&X_{QGee(>#SZs@TTw6vyK~MwEVv6ma%n|0oi^`)j(qq%(6rsqoi?=lQt3$nd9|O4{ zi_^;7&vEa5+WONtM11_pFE^DY>8y}(1amPSlY3+gyEA`}yweP!WvIQ@)8o?DOF+gQVltWr))yL6;6^vx-Eb zH1#CVS&5}ah>?;nPey;9Z%{x;nFV}Qg^7#L?>t6$$v+Uh5U>L(UugYpesae=`iPp= zQr#$bk6Ay?9T0nvKlnUybJPQHa1>fh5)`tK9%(FL#3?@rY&~(a_0w}kj<52P`lxzM zj^WlNqvqr(ulyN1emn%YUy7Om@%di5j(Lk|W_-~?haBm$3&$LRh(YtD3jv5FEIiN4 z%#j)Y-jRS7*AU4?Dg2eCrR9`n2bekS3Tj!ZkABz%kc+$`qJ7A!S8nDU=2QrPd$i|i zjwzR8ATVPDF1Hm^2AHH(R3_X`6Ri}f0d-V{d@ohdFUBbN6GnpLH5oa+P! z^iVwg6eu3l#PyoQc4H2XFCiZu0g-BKU^~VpU}9;jI-kr>p*197kz!`~A9v_g6B)rg zL>Q;!=&0QU#MszTTl*=W9*`s0KqEnCHWQ<6-DZ8wBR=lImv_$1&oe`1GlqtT|NQLi zWKjdC-}n=mGYS_@{R##7vmmYIj=Qm0C{u6W#7ZOoe8B>wa20U?yHT%-s`BCe~J{z$aEe zruk*~+4Ha1FhwxnT6J%^F_rt+q+z}>K#BY^vS4RSuy#Z*OzPLqQn|N`JJI>iULu!A2<=ziPjaN3=_y4rTi+cGqkyQZaBELU1k*?V= z&EDK)V%MyGHex6KAZIpo>2!dvf85n&y7H7Ox&HI#&mk*AfC&siJ6IN84S*h3TWzY2 zS?6r^5!t=XyKLr)WpEvgK5p;3jTWW^1UAr#;XQ${r65W(9Y=~QfUEVHO934I3b2)SMj5l&=4lIdsz97Z*A% zC?r%s2WJ}AJetqg&0tOo<5MRMZKxYF3(7YoO1j@=#Lljr9W&YF{xQ1=;N|709>veT zD5gj7?2qHS@wF7xZYX3Pg1YK-B}_J@bk`QmbD0?PAMPeqQ*&okH+b%6Qi$hr!Lp-a zv`j!NY~OxPfh&Ec47aRb%YO_=m10fn}VXul^dbach|!nXbgpJ7FDWxtJ{`NXrGz*Wtd`=R_Xr)mjns$m5jx zl;ouCV=XnZu%_W8{q|y<)tx)MqgfeOY5L5enI?PmK)b6_bzF@_1@ak*LJ2M_la4s8 zKY!C1l)|Q!g=?+gjuj z`ES~Xt?gcK4iqBB4EDtVd<(HKO9}GbpUd6$mASoF3E!Eb^=J*HS25P<^+KSir~phU zQ8jtCTyn|K)}v)1WRGH~h1+96fNS1Ei;R-3cW%!M1r;o$TFzH>W@W8iGx*P;ac~&8 z{N$3=+s9$;G$No8aqO#2f)OwHjYy@7qBZnn8CF=3+51dJy~4fk4A{i{w6<=DOhC?) z=pxXwn5O!G;xX(yo{L64G01Zl0&-*pbx+BUD2nlt-ziHX0hv~| zv=&TDPuo!xZX1S<879`&U+OdCydbhfLfo6Staf;M)B@bX@@#g?3O(PP*w|o6^|b(uYb!hM(BLj-t-j$?cQ3h9Gn*q@ZAC=2b6fy?D6CS!Ib{)#JTstu=T^@%?rGKPDr1x4oTSP>X>|)Q&9j_+nuz zNYqoB$LhJx+57Xql3(r@baiz_!tOJNLodX4r!0iXJAGaNfj~QZh138Ca7F z0t(v*S}EPo4OlpjYdP5Hft}J`euyl%5nT&ixKWMcJfigR2d=G6+gef}VN2hBEPFM& ztnf?ZsDi94Fzs~d9+Evf-rd4wkM^oOB%79=9udtmmME((!}Es6$~`qc@6sh?5pTvb zKz`)1jx<+3LR0WI+{agPEe9?T(z_W3G>wOchqVPSlq#t9kN}9Pb~!}JEI|FvkWQz- zU*&$$F~^R;giogz3l)XX`?VUHG8v>0fUV(39mT2BkJ7tenr+VqYY?U;SzDu8Td6#Z zUFz;1)aK4F)MGr5_rtdvAe2X#2bpza=z~GX!mWf3b!N=w!XB;2{>NkDBE4pJw1-Q{5U2(G?!#$np z^J9c+9llX{G0$(^+9B#WCajvEmbsv#?>hCF#+feSUT*Va?9j)=)@Jz|=l|wlo^${T z(mxbO8$h@nKP3Cw@njK40qF1h_hnW;I}(tX_C7PtpZ5#aebf41cIudv`Q>j@NYW>W{)#?2I`5um$L`%N^{rmq<(97fuPm|kR>}+!j)$c(Wmz+M2OjNCAhAa+d&p_R^CHXiFTm17ja=)}jZf{JqL~|p`oq?T_ z*7}#(OwzEC{@kUZmW&l!*JH7CAA4PQ;WBU<&?A0aA57FM)& z*lrJ=z$UOlslbMY-9KoXn~j^B1MI$`p;J8>IG{v#H10gU`?;w}jTLdl90feQ)5Rqo zp+;DQ+x!r=p;`JZDYnHmEEA4sE{yTwu0L*NZSu9-4E*Bd-o;(&EbvTFiw`I zX(e)fJ%Y&gk&J{&n{8+P8SHqcsh6YJ))Kz*s0p@13J`@x>quen#7lRtY}E^Ro4fB} zSAUCU_H{n~Bw1NYh)nLr6#>|HDNp~kY3B6x3n059JAGHzq>>k-(55|s6B}Do46nHj zpSW#fUGuAXy%o&Z!1~25(E1rmDNcMf&MXkj=AJA`?eoy?&Jc>dVPReD4$wlGljc)t zN5%Z&!|C;K<)O8=FZ3Z>V|HfWpah%wG2f=Eg=Wn831NlCVSdO%JV9sP4K_2mP~(tw z`LrY`X8EO)OP)trmO4NnY@3xj&e$c0J?inn1OSEd+S`2^8X7C%_FfLbbbaDONAf0> zu@vhOHwmLPIsK^TskaC)rLXGpHH?a@jk6KOvi2Yk5e=JqDB-M`2F;4W05n9sf1{!G zPm|knp8DCobZJl67TpALakJh2O1d3oSO$1RDQfNbfDNZ%0tD{=nQN0X1x1_dNiUX>20##1o9bnHBz9yUI~ zQJXuQEa6nqvMUfRHw$E?vZWQ1idDa(nBR@r4J`svWtKVV)4a5%aep;W$H1;TbqK?Z za1S$=&jI%>erO|_`#{2%*5@DQLS+i@c;ejbpKtz{AnFfMpI_^9z!&gd>I-n1bkKrR zGu;7YL<3(kX?+L2N#W%@|JGW;>bsPdmewdTvk9VV7)EhtQSj!J*6VlT?}t`v*%#Cb zjGjVA9`e&z2+Mg$8V*>nBwXih;?m)->8lxdseoH}meG`#^+7geU+T60@THK~Xp@CQ ztn{z(bZFu2?Wv0a?_l5}`_D{4L!LGvYiWPj}cHVBDLG1v8jX$(Kt{ zd!u<_Yd_g6^=duG!Dg!$?XOXp`A$V{^Iuawzsqs&(GdgAQ1g_>>#@hs=*p9D<_Ge^_0 zrM(*8%=g6sC4XRf;*rPd>gwFkKGN6I;J@KOdT~b!p2jEU=QWI>^^}?Rh2P9MYK?jQ z@#9l^a?O!(_r{0i<^>ClKQL+nDj9+8rBvFhVaNJa30a4I{3HK&{m9Ajj_~oif59NJ zDluFukhtw7{|Ojy6*VFx=^HD6`nQzMB!;pgnOiW-);x5AkNw-2Jzu!H{hH}Z!Ovuw z>DT@BfrMn`v`=4_h{`(w~rU1G8w*f ztcDe^w5G>`ae0`aSha!46%~EF+Eo0b?Y3v8FgUl`prs$_C7vtU?a)>7ezLuq*WE>`n(Q~n=}GB$Al?t3e|yd2JPT%wPs8> zA=pP0<(M(tm0#SmMYJW{;Cyny70n6s?Dy)0chM38PW3w-uHcaJ-(Oq#SUCIg-^RFu z)e|Fid=piivH-^YNh^xrCs1Oek(^n$`b4wdM&?ZE=&_g+Eo>PpXKx(YjAap`i-3mQ zA1+mk$iDwIMM$r`d?-;Eb2@6c?sRM<_tMLlrE*`FhgXwtL^Dnvtpd_PKt!8&#qlu= zcdbW@@C<(5`JBK(vuN`eZmS|+P=3*s=hpMKb(ogAVrTo7^s`^AHWnwfZUIS7hhzac zo0Co=hPUsE-In$9`!**$PS!ot_*K4@Q`XWs@~NbbNKo@Ja!8D?E~)$ZpJ>RRtjY38 z;(LOk2ywE060sZYsJU|*Bp@@A?H4JlEmNO8U+Vx_6MXwa_jK$lk!$nXr1luQ14|F8=+3U$#WB zH#l{Xf8Rn54oGUWkkY5vTk3KF_pHT|FFK~7osM_e&_Je%1}D=FyQV9sIOt!ijyYQh z24+sWDJe^hFjcq*>2j$El$zJy>*zm+bhHld?TTb0=VOmnc#7sZBkmY|8}aAOIK%x% zVRect+&%1CGFJwIyDwH(a!+5LBH00?#68^;QH?*7BmpUS&PViptOl&JFJ;o#^0Z#@lta-Y4k zy)sw~)l4l9S^IKrOy$oeu%|mfrw7#wRZXW`I;TqV$UL|9F}FSQV4ya_L+oIv>n;+U zX%161bB+Um8HVdrg^X2BueRgFZG3{P>Z=&C!ZKFe@Z^m?h$^|_nkK5Xj~Adu7@^Cy zp7mYfLItB%f=9{HpTFi1WO;BWy>y8;lFC&NDGpJ^CAJJ|sHiR2jN1h~qX)I}Oi(HZ zaA64UNzXJrFLeU%DU8wNDxqsLr{!=;qe5dtXedV7^D2*1>f|*O$tA#qa;42*ZRwDP zj{vt?)V$Zlea{uMFFS3LCrBj*ucBlvY)8H=1XiuawjAr=h>MZxGnXcoVb+EWEBnGt zbUy~bKC71RbMOUZv6G)XZJb9e3A`O7MZ`sYjoy9RGnj_0u{ zb$Cf=nEa>{lfULoKX_N{R85&;>}V|xqNKF7*^+b9z_`6=GvH(6)Ko0f*5-{SK}1DQ z>09jZhE^UzYsb$Mw;*OKYKQTNzECe2Su6_;jKjI0B(#iAVQxkHY{f!)l>dsBxZY5# z_^gEwy>mJZRnR=41wr4sH|Dk7mz=Dfbb8c|EAo^bR$~;Go&AOQ+RT*CO19T@d)yu0 zn3MIw+UQ3?ebGo@U?77`zC5myi+iA&(ASSs;xT{@e0ePU3pu6{xjL91huxeJ@q%Qi{{&Azm7`5P)OR(c| zHwmF^hCgc&zkFq|EDkV02=8ED3$0!jtBS+CTvo zpzR#UMa6s7W=VO&$G{+a^_^Z_Oy%Qud`9lLzA*G;HnL>Gdt-KF%>{|to9KOp(Crb2 z?~{h%YyEF5#(@8w%CfZgbZg_8mveIeWxIHCC^G@7eK;d)wIDX*D*mFKnM=By$#D#z zlzDy_?S0ItE?a`0&i^v_uJpF#RXlaArTRI&T4>*XSK7Y49yp%t1UCQIy>XVQZ@6nrN|jA6g0JPrRNgO z#_llhWb3phJjgSD;*Q`v{q~j(CIAjJTJ1e;+5;I>g_-B2;r%kRu-G z2XB)uJ9?FcFI@mHeNHBca1aRppB3d+INmbP}6Y&FBpZ!`%3094<1GZ_`-~J^~B2FCbXuoZ=ooNtW(loYrl|KN0Qk_=Htwtf}4p)UE%l)`0#>T*(k6>?YlV;>SE9PfE}w*nhdg{<7G?e-rFtWd6f^s}JE>SX@+q!i$oo}}-YHU9o6(jJJ) zw(!(Np!*+a}`>fB)SBsob`#`hq zU;iA?PK7zo#ej_e{)WrK@^*Tu0G~m6@V{CcRKfmHb^dpo40FynYy_>u#?f3!X%Ikk zJ`V&21~qaeUp!UqFs1~7GyrSRMj(tUuov)iIR$U6I@7DNB!U1>XkTThJOmP$BjiKx zGXyt8M()=l)^0c9!v_=wkZ@6cpOU#W_HtFvN7?78ei=Ai&rX=`5ju0&e)kyJKY339 zyXO8OAx}C?(|1xGRhnDTJ&D>y5DmvP)iVJ(gcuv#*ccJ++1cG^G%6?_>wgs!=J>?x z5tCeJ*72{N_rK29;7==`R)7u0;YDGa&rf3DUmab6`L3=$K(i#|b{rZi<5y7-QO3s+ zRlNc@#n;|%^rWY!v;5(7Y8&rL2Ie;Gm(Bos@bsvUn`0R&^WD3vMPbiI-MzeM8{uJL zjgCQ+MV04ybThandxl=oIk9Hf8QnG&+~6jx%Fg{Z8)R;R;~*Y_LRE4 zWkr6z>k42+PTn)P!zy(42ATAoblH+|2$J%ZdSznPW@IWqh5kuST1IiL89p|i2t#z$ zREs@giion-&vJ6z0_-77W6LJzbBAb`@Y!Fitx9|9&A89Y@K`$GRGPc#Stv=zb1jT~ zvOua)zvf_O!sTKNX1MD)GN$uy@c|c9M#1aw1$`Wr&bZ3^CfEPmhwksTqnvF6du!fV z;?@72hSb1+Wd@N8mb_YvNWiAzIB4PLh#SLY|XLuafW=}aBr%{hJu zRBgsrXoZras2OL zaQIYv@E4gM)3H7+pff_KCzM@KNKD}Y#uAe5VL&dgUvh5seEdPy>C2r8!G6ST>4aqAyHis`}jXRn(Ut4NNHB)bn@5iK6Ht%W$6E+hp zG?42khlILA=P`0%r^i_lb@vDP;9UP)sxMamZ<>I($U|M-`|ne*@$=WT1Y#ovowKL+ zjQ)Es1NhJ}UT6ijqE8T5yWfj!;RD?+ssy}5TQ~iyd~K}HSt0Hl2L@J?&(QS-gS4wN z;dwdoRvFqkT)gxt-J>ss8fx7|H3%+H*Ce8wE=xX`x?o{rWi?wUSZ;n=H%Y#9_X9() z_RS~OlGyXwBLp+~feM+@wH@xJh*e!?e>KB5V0jde_J7Wxb0s1>eX+8q=K4a#jhnuN zqyb3??-}9AAgi4~b>+tt+}3+0#GmrKu(HW->T|jlN?SeY@%H-M0-d>Tz2SR^<_fg( zOG6%9ac!KUxn0O)bpd}E@-dL22gSh zY#0p4D`pwgpT^;} z0)J|JzW?1CVilMG81mO4$=y<9Hd zLhg?GiJlK5=UcD;yO2Qc1v>c8w8bmeO$3d-H~wg%qDJy`yzPTQVLVTuYOA`nu(mz1 zxG(PGNG2J&METX;oYjcGMy0O}{$O=Ty_^t!tO+)AEu2!K!lzfqR%P2!J6n(H!UC7< z+W_@y#Tbx`fLPt&SSPJn{9JnRiO3k`5ZaIp3ze~?DiPVo}h1|Sr& zk@#^V-KX1^{m?Uy$4Z5rWV2aF;AQ5fzX$X&f5QZ^Q-gdoi+xdMTC70?AapHmJKF~% zwlR-b!@HfR-HLE}ULPyAp1K_f(C*wi64 zRcoQTxJ24UehTt8Vc@m1R4ABK!_=;hAFbF>mSF7W6A)p`v=Gl(&0Q31>fyMiIaw~< zi`C?UHCt!p!u-(rBET7`6 z4~(nQjBsmV$DYNS5UDWmLx#OOK0OQ*x`{KE9|*T+9!-=MU}M}7q?aS%s@@6?04aKV zo#MVOwn)D@-{bUb_2U9-EG&13=CJaJf@3C7=H0vNqEJ$ncqwTv+CbF20cnXgygjTk zg)&|awt7nu{(Zp`VmYP5&H&dKo)(rN(yVZ1(?f4J1q`0=Q@kP!C^9|}^ z7osoQb#x@N6}W{PW5G^S!0Ss{^7NX? zKk(Qs-$&&oF4U(7$fB9jr!xX|$*XPl1$ZB8S*n6yA zQ|$`hMv}o~>G&YBwYHjQT_Ujo`F@@|0}s@^YY_4H?mVA({4x-YhSbO~L>!nn+v7$~utVi3^EYeV z20Zli{JYLXEW#`iw2^f0r0Cpuv0W`|sD#_O~vfQ|7sld8epS%%FIgXC%K0p7sAM%Aog zjQn3M1S_U*k*^V6i#9%Kyou~n4Feyg)%7AFJAFJY&oicx>Xjf3a;2A+Z4tARqUwHzp(|v3M)6g6%2V z+`b%aF@LjN4roA7xGoJawNds;Ww=-rKz#oFF>yR7d;a;)pR(ZWknK4Qwgq6totxzW z91tA!$M=#(@{Lm%zLEs*i8S1zKtHcsS)S;f#wn~Us8L(R>kg&_J-VDy_WVyt*(~qF zJW;E?z6NQ@!rEF;;b!s6m5$^Z7=PQ}Uwd#G9VMK#PT~aSwvg?-?@KLOL`)DCRRi$$2?O zE$i1fzj)RpVX34$sT-T%dUoEERBMH*DVuC>EcRsyzzcDt&rx`O^b!CHTSji?^>YQ` zs=d+0uaLWBv8Cqw5E3mM>jLcW2b0Pn@-po|ZRAS^9zBHOA53sEt|=iN;FJ<*>?36p zR3cC-$TfYi!zxx+kF-EZYR1?pL{Ju$tMJjoNW=C9E7t^rJo};jh#p0HEEc&$3EhGiu=><#_AJ8cNrqZ(Agw7^^W~`1YCfkAkdHDz88cZ< z9W3b1XSmNpQ9VNmPP#0K2mUML_UvFAvb!VA7||bE<#Hz+Bz&`gCT!R!r)dBm0W)Q2o7gt0w@!xex8b~fd5H?l<&e*yU*ipb>L*Kyq+x(oMT zog(FkzWuduzSPHL$$q}^g)DH7!xR9fVhc?OKl>IT5!dbJJyCpzeH$hxqw zu;~lUT9($QUJcg~ta@4rR;)fsthHI6m--;n21T@TY;!Wy7~JFnf23=_nPuLD>|X8I zWLv_PeT$+b`D@@5KAQH_QIf80wClw=VoE*r z&WANyUpf=fJOni2OB8eQ5Wz>+WCs`@79xr*V=}m{^+3B#Lb&scrsJD;nUquC8~%Am z6+?k+ktZG|kZ8^A*`;)yj&x7Srkny%6R9_!_Z2RhKqSa9_A=vlAo~z^S&bPhwAR>( zVYvOwIU6W3VBisbMR*`_&n@m);S6A`Eio}x7s3z+)CNL9i=sokeQQgHN_dNN-~ru0 z?h0dSpVc}_$$()eI`MpvovdE|&Dytk69HaQwg4+|L29vu=ZsUfa*kMO=uf@R@rg`~ z@flxI=L^PE6IT)HR?)AfCfm_}cj_j) z`AApeOv2XPIG;=s{oC2PX1^&N1|1llpq*rz#0uSVkhof-PGw95ESzqjctc1v_?(2x z{G5KJsH)tVp>X+Md{w`VVR2dcwFAA9K!nlee3Q?7)^}q}yc4r;2S=ja5lomR!BL`u z4BPU1NJjAWF~)}?9fuHkD)YVRI_sag^Iq6qH+>)#Hzj)X>FLI)%+kp0oZ}`-ZS3h+ zkYn#4?`ULH4H#)`OYE+DMAmJ5baARnq0B45-;7nmib34EWz+Y()}krw)ojeX-X}Cj zHE1HL&i5XlVS9-rXTUQHVoU7?cImWiGwM3~4$G)mBco@v=G4;87%yyM#9{3Rh#2dQ zeIWsgb4M14W^oHec=SRjt#5aL8@pYq7&-ZFuON(#_@RgBzh1XdFyDa_*HSTGfpzv| zkXBoHc!Dvdo-dohWs$K*h=s#<3j80o=ZAvsEZFb9`);(m@*vNJaJ`pljC$!UbF8Z> zjNiV9ozz##VwAGi~PFqqQB%)0yW-NFmLF%0eirXwhHQ&Mx6LyJJS%lq8 z8)aVLr`f<`=gr#HUD|kdnec#8gCyJK@ulX%nQG0298K5UFE1#taf}XJGWu$pPHRL_ z&!*jTMrwTbONIv)ASjzLz$8nX?7Q*~ju3yD;nG*GiXJ(h`O+IJ{jW#-$>QH>2`-Hd zNWlD}<^ALqULo{%@C1Ng)DL+bvUz-M_iHF@(~-2$hV%LTFjv%)#bOLo&hMH=Osw|T zrPpM@vFYw2L@j=V{WS-IKK#_gvB7wnNv9q}gLa7(18nG8R%-?Pd%~a<^DXUNQX2() zQ<-z(`H+{#yb(k_@GA9p&NHOle9jq0@z3LVIq9!d-W%0!fctwnf+hnuf=nGOw6QP# zNW=JRz&IyQd~HxHtQK&>!WxObbshuR>20ljObbX>P1(e~VO)SNjMC~2k8UqPdg41I zj||p=4@uhL!iHRYzQ+l&X{S~kE(APU$A5~kFmKXG;X*-Sh$?zThOk#>ov=-AZx^C@ zcod)PmG!T?=rXU{juD*(JS!6>gzKwVn+PA8NVL*}XU*-^zSeSme%B1<$GVH1pc&!e zre2=4N5fD{lx$g%2Up+XqeXml0%l-{0Zqj2RjNj{|NLzm7>qL3$4JkmS+AY_^!f$a zQ1TkL%VLOI*H3ZkWQR~ff4D_^b|Cc{efW280{f5W4-s0h(p$XLsAj3a+gZX3!T_m^ zD4A#ezC~|}lnO_%td8k-3VbuKzeUld>CWr4BF`SU{qM2s|28x3`!cKS*8TAUjlMi# zygR!RwuGH2eiKgrUO0~bptim~3z8kF3wsAy7ebMPcX|)r$%SRuGBaS=S?tue7c zkb(k43kL2xcC(V~_rZPPnIE_oH_VHFp(&A!+e%QIr1b!6uFuqklyUx-_+w_SZp7T9 zJ-~*715*{!S)@1W55wbI3FjKJX1A*W05hzJcjB9O5jMC9_L;#tl^I;)HfCIZaXamS zz0e9F3ISq%R6p-^Refb?>5`_&@yVzzy|EXyykj-J3AJ^|yJP2G3 z6#0FUA9N%NYwupqI-mFzFrHMh&(Rg^Y^sqVpMNb}t9BqqkrsV7i}Aa}fzEdbK{dKF zv66gM9o8}P*YLav{9Ij)e-2!bVQwTdP=3Z!ZY-2QnU3BNjxcKHslja)&P_##XSrw6 zAis9si2Z|XK6#-Jt6%yrw-9|p|EK!_LEVZQ`s<>MfeD}mV4~NUb8^yTunup18}-Q= zX!cDUv`#u|EqoF)ZKxttR8(Y3LETn{$eKTrihderVjxoaf#;(6tsZQ4a_>%SvQy-M zd$_Y12@8g8(K@!-rQ=lbV0H^9iobeh{Q9mbyD{Tg?5WfRrB_DiSyU4Ep>t_LSa$Ai zR`>)ed^clnwO6-_Ps}n^2Z~!EPRWN8Zvaq$@*-xX2q;$z4e#%=5y+9Gy;YFxuvr&T z7dX0mxlOBo(pNJ6JS1$aG$F&jzCE`>i~ttd!zuXXLZBw{Q31Hy*I%u;txOKSSB|Y% zXNPG;4auJ8ZcZ7Zc#*>k)^}4!V#2!$`n^=|vLC`aiTvVutHkp_2P5Ar5!el2d-st1 z-Abj*^xSPb%=Q#YN>E3g@Tj|oV1BnIu*QeBG}JdUD%*D9Rq;>%4>9XacL5ig8OFBa zzWF)XjAt%=+sAncN$SD67U>`ZIRWuZ0?^Vah~=n~{QZ`iHd50mB`0xeP`ajMs*?(> ztl4LBE`^97G;bTCX1l>!5G(nD{;^NID0w(YkJHpGdz_lOLDWqYIxdRu0eSZ?2Qmnpf@`CGEGsF8k z1*t!}x@eu}ejQRwk}-MoI~duHV63&Tef&#EbNiG1`ZF+)q-W#ni&X?`V4qmF#_GaPOFXK~cd)h=SU(?^uL>HX zNP}S{V&@H&#vt?O12M-`8V^}1ZcN1@iDh=Qk!&v=>pz26IQ?vZR7<|({q+t1k?A0> zdAT3058gO^qt)zr@`W4D0@b~-Yqjxw_X9rq3r{1|OKb{DZUU{q(cNmv8(96FcEB$f?By#_$@IADpk&d9O z!IG7!>CUnz9A4%FWYWpW$_FV>CP>Il17oUM{V;i~sa+WY`R>JA*2K&WzYh;pR}KRS zT_aEc=y3(mGV&kZzCxolIqU@r6u-IPP%Wc6AHOz8DC&5nX^j3?L;!lw1wj&ukye&_R?mKsr9m@>lOP$zyJIf4!L2R0&v@A z8DfWTyBqQG;&ak>8NCkLpbFoMcD=txDqMUfpl124CqYW?jkugi)JqG&6I9b5tItA< zi!qxdkHb88^{`ATBS#mSMAyv zC9Yu@+FPbT`t4fLpM$U?iH>8Q&B3a~pp@KDXYgBZ*sw1g`;+J4Swue&67>!)dKF0a zq(@N0P*v3zGp}afZ*8NJu-WZo001g<^ZU+AZjEv2^U8#o|E}u*tR1?%AlsN5{%Xl%s3;|yS&)2jI{`uaD95aCg_avE8!2SoiFDP5N&4d>2lnXFa@?;ej3Q&!sEnlCpw*fx^ z;`^a8mnn`snwMAb7Oq*MjQ^-h&i2wwzk7HEZn2Q_xOXOk8_KlI=Ybdc+MqSaHXDYm zE!?%>zAjFSF&F1~+o=<3yTD!$^bKm+tT)*X?A^d9_yR0q-nburgGP5DPbm%oUiv!Z z6t~YKQ`6!07U?W1sbg-J0T5LOE*`en<1f28nu?LCc7~90>m#QJ>w^=CPLRH`D^LGq zu;&z58?Pe|jN*_4Zua?5T`IIy)tzVu+qbWauo+aPP9?{S?z|QtlgW!q2lrAp2tYO= z%BPx-d!IWP@BlQHDcd{P*rX8U#gcVMvWoqWXPw{8EIu89Uw&6G%! zlI$cJ31gQcWX6zb)betF~ee z`+0zT{aROv6$UnsZL^kQAraJU`rbwg3MFh9pKMoA6W@cFD#WTPoVTM8xJ{%ygt27( z#dD>n!nvl3piF=NWbc5Z((0^8LD5I^ez|&K80M_A@-|v6R4pr@!jZ2e?d~L6O#C^V zxKZ2^{}56ksZF~tS)76Vc-HKFu&ukh$AHlWWTB&TVtl-KNdB20hxW15keciL_dALy zgx3~1=;^76;^#Jc;gk18i(b7tiMXpS8Up&&L8vR|#g&J*53)}in&E|8J_vl=CUn%g zy+D(hJ>%5lqvTMH;gz17Mo0P8AOf&I)Wxa`GP8PTK-ph~QG?wgaopMolV=$2k>r&= z<5$qo#I}vRCsLoVWV-dKF(xLfAfdv$yhsdlNYobBr0YVPpE(Lx1{#}Ub=S;b+JQL) zrnWx!Gwx_;lGGb&dI+Fen$)BqwblcMXw3BF*y&=ERLs}_MM0R(!rA1Sb|UR`c{j$< zA)g^XO zb52Ii6m)yUEUnd^i`VYE#ZJd?A0OGua>!gH5|3?^Op9?l_B3Kld@_lAby3cP)mV;w zKRU^Z&d2h@krh=&2zOo>^%=G&iVS?O@9AVZt7fJ!o;*Zd2_`eTT2ZUD#|2|EH2vM8v+Z*LXYbUC6$=rFBNq9H_B>X!Q<4PqxMdQ{M(Q^X;q1rTa1!=`Z}KSeATEh)b!DZ7n!T@3Z{3WqI>*17MI6zm>)!Je(7U%Z zFWV7|Th-5WA^7R~bDYkt8Jbfah<sxRsADJ3fv~S^4Q@McVdNrGMm4cTZHY|*p8fjV{3w5z#TumD< z={s^384 zrS$Y`sf)EQe2c>Fw+t50Kuccuj5@013I}@gzE zJbZdrPiM&D8QWJ><@xD&!R6<5$&>9PNhh7bh~#UK^K!O-Y=(e>kBz8V| zL@qkydEeW53T(LEL__1SAe)#4OSd7(a(F~s{8$rX%QGHLLz_yUK-&gJug|<{^cIdT z`K6PA=Rvn38f?`cLe!)xxH}pSzJ!=D zmPK}Y?&!8>yclL_IpdyHi^P?ndBjd#rCoEs>sI1w=8=bX$?1K*JjeB7lr0j`E)x1# zRaGD?V=Q?AYFVzIpwFJx!{H(W0k|gGwe%fMUIBlRjC#RDr{t92~!l&Fgv^UsePOF)^G-6??i07 z&}pJnCO=jYSIVBSQx5dguJZL61@fIDicaS5Hv>gCmTA1wNG@(j18W@lYk1k5)cGA7qBSR43aRr;}8s&*Dz zc^lRy$jSWe-lk_#(nO4gnXguSjd~UG6rZEutOo7Kqxc&Fy8Xwfug(?bE}?gG6F%GR zwofGk7O_FGaCz44E4VR78xQShA?VSuv5Dk0^Lk!0@0ty$wLkiH;>zr+M=OHL?2kbs z3qnQX8>jMQz3lNWM1H!{Zd;rpYIsU7kFQ~qB`#^~trbdH-)>&=%KX{Ou2np)y`nFO z`5!juCdv50Sn{v~RsqRr+P0Kq4)c&X+KHZ(Ls+nQoW5 zdclHt2F3Tm`K~XNj)8+)eIXaA|AqT@(lutF#nLU&@ztt5KUpNeJ>6ZeJtGn63+iA zMPn|%WwP^b>zf))1tYHRcauL+>UZVcrQODef{cuUM)7HZ-YRQ^q;>0?~6bVd$wcj`*n10z8jd= z6(QFOdJ(ge(4wENTIi+>@3wfo>{HTkbaW@9HlCoucD!+0J0|2e9wfxhdqGlAm+n>R z7KIU};X+dsd*;^Q?s8=jf;>CCX@1#l@wLZ!Yq@?4{en{bP*bqL^5W>IdVfIDX!nLj z{IENTzcTEj?XBw7-IbKxbW&j7=KJC8%0UYZX2;VC6Dyd{`*KHZw{iEYR8VtF-@0;# z-AJOsj_0FTMs4zXy(L>Lmuda$>|Znc2!ty|;9 z?r!13H)`a^CXW|IB~2F-oq^TVPO;rs)YGR$7iafta{>koX)0wZx!iBxrJ<;5c;mI_ zrL+C_i)LnCE=xsrUIanZ0=f09n|UR^VyJM#utTvRW(TB`JjFhbOL~ysT6*i;;A{wmv*bn2sD=DFm))Y_2DX_ja1566LEURq-W?kP~ToNsG^8+4*r3?h&DSqZ?L6{#r%{>12s}_Z6^Ze6ti=MY< zoH!e#{Rt0xq!g>ykm8E{#>=NZz&`9fc2qk-phETl^pZc4*i<`bXM+FIaQ>7UiiMRm zS0|52J4>Aj4C!S9k8x8|i~SU?&Saq7x&@T3C)ye+8?8c0YncfTV>gJF6)>7v zMP1BH!lar&AouH?4sc1}rK>GD)()>4prKXq{DXnkp=PjmO$G+5d zNXbDj({~3DTQ{^I;bR*eHO&h4OlM963o+r@uZeg9M=@~NA;u{a$@`NI-QIJ#lCyvl zR|J?HI8h>#jqc0>n=EZ6**+ao`0dnS z5aCtM0V+;23qk#~bofN_`}*@bog>H555wCD%6jYO5?m^Hr^v4wzVx#p9yZM~|>stZ+6ySHIo7?II6SK5TRTFIg#!;YBPblbmn$6ZdLl2Eg zy$Sl-meQm|C>e9z+EBp8YHM_n`szX~n3tc_Zj8)+M!ej)(fxL2;Lw|d)5DcFtkpn^ zj-lbJL-F+Rzl}!0i_HLigz{LmMLJDivk zMi~)MppD9FvDH3TUBUAp$M#mB3948Hb}eUyC6R2!75S}4)W6}y#o4U9yiaPR0YZ6B zJkJ+ncPrHk}e*N5P(ewQPFlD+Pn}z}k9hYRUnF z!7Oz2s7^~mgid0w$9aBnTx)CeH~fXu#NTmj=F5pnz zWndqgl6(L(*^0JBaJ%GR@q~n{CNaB0jdu-iUCY0qW~xt&;0yP%c|)3> zb%B$Re>v?LQ&;h_kmPgPDO1zaX3^o?kDz<~$rQ2B&n#nOV@%1E!}-VSw!%*g$M-Ls z_Wju<^!=aG)O!vA9P$5%huQzGUtA3!gwFTxTVMcRZqo%Y$&4tgq11_Kv67M!Lja7C zn4AEKhLZ~$9i&!ZS4F8B{(K3&{Uip)|1NMZ90dHv(Oa4|-=__cqQab3^l(K@cG4sz zRdWs*=EtviG6)DuE>sXt_KlK zfTmXzIo@bwW%VMy>n$J@q@-jQ0z?kzP8t+t+wUOxE0GRWxM0dv~x3KWMmutRlKgWvvR@{~Q3F7iV^G%vo&QJe%5-7mQOL)EA%xVSB8n)3D zq37h#<+8n3=}3EpZ0&$0uqm*+f5Cmq0uVDn??u?M5Nvq8oQAv%6#Y_$-vIw{#QRdm z{NgiC*zIVL>EJm|p$lF@qtRJem#oj~cTtLiN$~)iwatX+vk-#?GN2Oi!ZS&i&@mMA zOR(%O=9g|FS;R4lC1l3q2?3s?b z7-D8M+v>~GsLbyDknWR5EKVx9@fB9fX%KkHI(@O=2> zA=PJMicUj6hc|d<4zxm~atR2yVzI&7PC$3UK+bBufkJD!$u=&ly97*3a3T_Oc#c`i z?ZZ*%EG4Oy391n2vS-lz-A~68E#NH1+i=Tf8FJJ^@v-o#J z$EVMqzuAia-gi{02ZZIu7Db5Jt(Md0vAw03k?;a{~gYF!>Y1+HBcO zq5l4SofVx0f(`9^LX;?`<)#@#`IVZ9gZHeY;B=RK5l^OKAU&rXOq! z5on$O)|A{bVo3(f5ihaFww=fL20&-LESQQag8u3bNV|cTvMyqxyK~#xh6DDLIjB!J zp5m8V(4~V|W@d;Dzkj4A#Ih&i^_UxLmdVdE1@H6$(zRS^ve;@`f`3BH8lkGSt7|6x z=2b5*Uq(sL0LS0n%F@8(LrqmOot=Qip6G~EwZYJtb6D*X>P)w~FBR-kj9K;d!8Dah zt#Ex=?1;Un-cXs_^p4fmTP+uL6l^HRDI&C*txp$hm~Mr0voaVYVx~@7gLI~ijZK-z zxpp@?-k?24By{W|(r!S{sUKZfY+(1Iq&KL!SzyiJ{?7BQ8Qn^j7G>f#r5P0tgZ<_7 ziUiDpot75cNHcfIz%=vwZZk#U+40S!c$DOJNo51*)R^Cxp|e&Zk##zf`5Og4tjU>N zb=tIBNQ-?naB{d} zwlXKDl>&G|uPm>w7YupqVoZwJr+G~_2*VRfs7(X!GB})+i#~f4JS2g81=M=vb zZbK0T+U)#j*#CZEOc!TO5C8dT5Qca)A{@qQ6`h!Kac7 z4;}|X=|G=7v7JzPsBXfS=j;Cvn*O+rfBwvr{rKm9(UbQ3hyN9B;IDe~|M(df&G`mV z9Av?)`ts$=f#wqZwb>NprrVGE^yAN?oqvCDMO}eabJq6+ZhG!T_n~Qb4-e4PM9Jqg zHZ}skYSV2BW883O&pZ(Q>UWpss6IXs?-d373nu}PmJ<2a31Qt91M5MUW4lTk($A>BOEHKqB%LQ+igQ$eKf4FWUvPboHRy2)xO%;I#V_*jE+-gEe9!|MOGe-3QnuC42$Y zfKWz`f=-4fuld^_xV+Yx(-sq zi;Ii1z#P8&3YcoPs1nNnPDE-dK^^>z1gkgRESHC2a&)*ia`w zTm+YF3C@+8p03JxI58gT#XKvw^u+f7L|)&(fb3+DlAB8jEFapBf==YmImp;f95v_W z3v>()x9L0_*_iJ=tf=|KL@AsSy_mOM=qZaOE?_%M`cu$PB&1Hq0M50MX1lN1@bIeC z?H<}f-lQx^-#!cs$Y$klr1pdNbggPIkqj+LQyP#Ytx zu!wD-c2TP*Iz*veBs9fozIs!p^SY%}6RJ7*g=@_s-YL|Ov`6zOG+tXVr)DO{x zWUZDbUlMO|t7A zGS5u!DL1jNI6ug`0>HAPNw6ETiVjnj1anNo+F7>e$$|c-QJ*% z3sdOVKlkYIHJy*@@JAzkw18uh3Y+ccqQbLZw*3(PP48UqeeL9{hbj{>sZgx5OT}zI zCUhiY{!u8dvfcW7ZMTrA)VO}}RfAQP9nhY@O*QMR>( z@k3KHGuGr~(6PJ*wl^=8VSju2uYA&r*&wRRllPpygKGrE!H}Wu-#6{^er+LK{)@T%d{kWXEc{m(lfF zI&N<61z^Pa_**o9fsBg!5H(Z3fMoaI4oC|e(4S&Z-tG0y?(NpoCBEL7GCsCi#WKTT z-^tLbG@dzMUNmWEWoC9h1N8TqLy03-gc*>FfF?1Ql^WhRLA1|w4h6*{IUF15R~t zHQni@1SdKsBM9#%u1Iui-FV0J@o0GVO1&p=G}s)k(lg2)cKkJ}sfvvMUQ*3?+s<@~ zP$u*WWGY7O$I{>V*?mzPkI59Tqj;N;zfRi!pimj_h6y|@Qo}u53a4hpCo=|IP6rc-NqtK zifV)(6kZjofTd8af4nI9GAJAgboWLp%gaRt1(aftMBM(*?!Tl(;2Tx!kKX&hXvmL5 zMhX3+sr~!MpV0ry<-Pv5X8Qg^R=LNp_+Bk$wbuf`yF;2m0`~H5kq#JJ#S?!UTiJWY z7U-!UFKe!a@2-baK6Jy*E-OaVMhDcr_Jq4W)97k|s5CwEODX()c>KU39sDt-zW?dN z{O_UhJF5&X$$yb={{3P`{I^1Aq^LR(Oa%Xkh`Za`jMEt^b-pmiUBw5a3Yai17Uz85*RH{TnW zmXuWULl|+th8o@=ge7iMRE#&$~JZWPBKvER9XMywQ z>s$5K&GQOvPi%<)G$O^HJknr>#{sz^3Gq#}k-eRKsS1PqC|#m?M|! z|Kyvc&u_ZAd6(ob68q{ni{0ftmq@eMC0iXIv)Ee=W5Fe5Wv!O@bLS0HRs%+o2J@^3 z7pVCqNlA@vrR=0;L(Nh{V~Nfd7AcJlO(4oljR!@Ibs^mBC;(8=vxtucS{l2#6*HoH z#D~3iAZz7l10!$H`vnq(3bPq%=m_7w)>RM++#Xb%6#Z)8wxM6h*_WLs-#=?(yG)im z5<58*cPa{~8kX?pCBPU2P4Rt@po>bCT**DJZ(_@eQ+$70=5H%U3=Ga=rxPs;qmLM= zhT)r=3kTD)*&I4MMZNlPbZ%}f#%qg>9-a<~<>iB-qM{q)NtDQl5;RY{!X8-K+J;2k zO%}pd)AuR*hJcJ{rFYVjH3p=(T}>V*rKj^6za*#-=kKnM_Z3b>2L%PUlZzfKB+ds< zt=x?M^H#$>?^DZMJUom0fR5wWEBOfsCW~H}L8oVDiwOij9*tCee@QSv0hj;H9bU|v z1Cn`JVKUl?3_uq%(0w~Ze(kpG8w5wPd?;Ks)jSa2O{GKis<1 z5`cn1FA#+B*G?q5!orxeOPHE?4f8%AQuOp{3JzlhMZ8nl6@DE9Ao^H?nB~je0Pc{@ z!w2>)F3}~Dbv6TVMD?jNw?`n9&~+cqAr63U6a27Dir3KCjyVT*2;FsNhRVZj5vPW| z+>`#1N!{qmIfcJHEGqIy_Bi`&O+hY`GP8Iu*lR}hGM(P@8&zmVPo+k4nSpr!&)s(1 z4in@EXh_+pzj_-gp+|f6gdOvZcbRcUwMI=>~^ArD-b7-Xa_8`H+RiWwaXZAgfW@@Gow%6fV{wc5->OW=Pf@q#Y_%O&n!;fs6QsP=dh!1)Pczf zK#q8U=L#*uaWgZ2R<>jzklVxbNV9_gle2qhXb$A+$?7L+u#7M*byJys>nm)*eU_=i z<2+s2;oWWSSi9W{#mcZ#fP`~`7i^;kV(d~tE;v74Y8Di5L!-jta7;wEd@_&NJ$|?# zpw;)a+T6i(UO*~N?%|dBO#h9{*BzHB=C!Tb-QGV62q;mcxr!;T&Gs5Q#pTMF!^sf< z*3>Dv+*%`W9$8<$F%gsX=1py^gj?H+((V=+(2lM@=UX9h{jmrVq6%b#Q}!=z8XBI= zoE`w?R)up8&U^^W^5d=eof>b4wZS!eO<8?Dpiwbw!OQ$ zC&S-!oxWgR7h(xat}drBeHySNXM3%r?-;@qNR=yHsG=l(rR@tgamIzfv8~>K>S#YD z+bQ7P^84(F!id`1U|l## z)lGrZ)s63+h8uoQ!^kX?(JrB5EIhLNs3k@CYMl@5*?v%}y#v&67I9fQ)v33@=)Qcj zZy#!z#_V^<3X00TA*2XIk-nN*IAaX#m_X1ZRZ$%C;_t0*^bqG5N|GzbPPe=t0=HD5_y{jx0)z!VxB^A|wFZ}uEm-;_eqSZjNs0~_jq@=WT^l~#C z46aky1sJ7!0aTJV_YP^ii?ef4MMVY0>dg}yw7Tj_L0M+KeM_X_S#B)@3`q$t)4d^- zX|gjGlvi$0a*`zgY;WY|<|ctuFbe|GzVDf~eL`^czm-Dk(q(Hug|Z^M23-5mbI%Qu zjo${T4sRUQH8lK6nfxZ{)uX=vVZ=&{D8~mdC5;0$prMUT`qorZ__mY5>O@Svk%2+F zcNRJ?QzJh(hktrz=3YEz^_IJ2X42|%E~u7+iES(jJIis4wa)@n@I7|PYuSCAUt{`S zA?=Op%-ewQ!+1!dviv!llxL5iZZu~vqT~lm3ONT< zO&PkU+1phgVE?FCuNAD*+>h(Kn*s7_gW+DwX92$bZjUPv10n_}1z~p&_d(+GvvZ@V zg1`n4Z04IJbBjN&sSZha4Um^p0?5MoX*|aXJ_}onk|LG}@5S@pUmwy#AdqR7yYfr$ zkccFrnq)?-N=Mxl;)eLngkyL2+Aa6*Nh*9`XZoq@YpRVDX(TT{?@~KdAJ`49$v~0j zI1jLUA6VO+$xf6SoCScpqJdk*S(*8rKxl}%$0(7*F&K^s^)Qmdl*bpKDNUaHIjiKA z_NYOkhbVZrtov;6Q^2Z>my-4ko20k2v%9AT+zEilZ1nPe5fl7=2yb05ZYx5FHepp8 z^ZwL~J=b|;w)6=wZ|t;Siz4Px9|J3=k&8LxiqfrN;C+vnDh3TPw(!<<`p`7g*4mu-WYo&ciwXp%28@EKc--cp9 zcb>@Yt77QI#fgphBnEG;RHlzjvdhI)6FMD**Rz39C6MS0ukxMFI|5bNdv4@6VxAa_Nc2?Jgo1j{1G*qUQPp=_; zw%tn!WO92L=kW!y4OV-8LvqOrR-|1<@oYi=0Dv8q+t%tww|)jQNXeqX_Z`%ra34Q1+k9?Kd?{5UWc%Gq5FvS~lJVkA{4GtTatzqn&0|L?e zlxW6F63g-~|L9HcOosL$FY!K3B-=Y?yGkiq4G|{)sjpu{nq}4!+^jFUv#y`Uy>&h3 zmIY`C|8%KP02>47emGSYKwJO1gH_9yjD4XqUw(%$R8$=QX-#yD9UmXRFz{0+Px [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. + Update Compliance is offered as an Azure Marketplace application that's is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution. ## Add Update Compliance to your Azure subscription diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index 95bacbaf2c..f642955b29 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -17,6 +17,9 @@ ms.topic: article ***(Applies to: Windows 11 & Windows 10)*** +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. + Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you: - Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index d5a378c86b..31cb73068e 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -17,8 +17,10 @@ ms.topic: article ***(Applies to: Windows 11 & Windows 10)*** -> [!IMPORTANT] -> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. +> [!Important] +> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. +> - Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. + ## Update Compliance prerequisites Before you begin the process to add Update Compliance to your Azure subscription, ensure you can meet the prerequisites. diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md index 1ffac11b35..6a9f250b3b 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md @@ -14,6 +14,11 @@ ms.topic: reference --- # UCClient + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS Edition, and active hours (quantitative). diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index 3da1a79c79..6bfc239cb2 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -14,6 +14,11 @@ ms.topic: reference --- # UCClientUpdateStatus + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index 0349003050..fa4d919a0a 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -14,6 +14,11 @@ ms.topic: reference --- # UCDeviceAlert + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in WUfB DS will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index 97f922e4e1..4c7b854d58 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -14,6 +14,11 @@ ms.topic: reference --- # UCServiceUpdateStatus + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real-time. diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index b0cc95b2af..5824f77a83 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -14,6 +14,11 @@ ms.topic: reference --- # UCUpdateAlert + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index 7117c198f4..4459e84f51 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -14,6 +14,11 @@ ms.topic: reference --- # Update Compliance version 2 schema + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more. diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 0b644d4fe1..c326f5e89b 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -1,5 +1,5 @@ --- -title: Microsoft admin center software updates page +title: Microsoft admin center software updates (preview) page manager: dougeby description: Microsoft admin center populates Update Compliance data into the software updates page. ms.prod: w10 @@ -16,25 +16,24 @@ ms.topic: article ms.date: 04/10/2022 --- -# Microsoft admin center software updates page - -**Applies to** +# Microsoft admin center software updates (preview) page + +***(Applies to: Windows 11 & Windows 10 using [Update Compliance](update-compliance-v2-overview.md) and the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview))*** -- Windows 10 -- Windows 11 -- Update compliance -- Microsoft admin center +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) is a high-level overview of the status of updates in your environment. The **Software updates** page has following three tab to help you monitor your clients: +The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Installing security updates help protect you from known vulnerabilities. These updates are typically released on the second Tuesday of each month. + + +The **Software updates** page has following tabs to help you monitor your clients: - **Microsoft 365 Apps**: Displays update status for Microsoft 365 Apps. - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). - **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about this tab. -- **Exchange Server**: Displays update status for Exchange servers. - - For more information about the **Microsoft 365 Apps** tab, see [Exchange updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). -**Insert awesome picture here** +:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png"::: ## Windows updates in the admin center @@ -43,4 +42,4 @@ The **Windows** tab in the **Software updates** page in the Microsoft admin cent - Up to date - Missing security updates -- Un-supported operating system +- Unsupported operating system From 688ac9b4c1b5823a61b98aa2022fdda1efe8d9d0 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 21 Apr 2022 11:08:35 -0700 Subject: [PATCH 105/540] mestew-ucv2-tp --- .../update/update-compliance-v2-enable.md | 3 +- .../update/update-status-admin-center.md | 30 ++++++++++++++----- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 391731ced5..f3f6e802a4 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -33,7 +33,8 @@ To add Update Compliance to your Azure subscription, follow these steps: - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspaces, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions). -### +### Add the Update Compliance solution to the workspace + 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this. 1. Select **Get it now**. 1. diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index c326f5e89b..5e03ada33b 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -23,23 +23,39 @@ ms.date: 04/10/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Installing security updates help protect you from known vulnerabilities. These updates are typically released on the second Tuesday of each month. +The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Security updates are typically released on the second Tuesday of each month and they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. - -The **Software updates** page has following tabs to help you monitor your clients: +The **Software updates** page has following tabs to assist you in monitoring update status for your devices: - **Microsoft 365 Apps**: Displays update status for Microsoft 365 Apps. - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). -- **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about this tab. - +- **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about the **Windows** tab. :::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png"::: +## Prerequisites -## Windows updates in the admin center +- [Update Compliance](update-compliance-v2-overview.md) needs to be configured +- Read access to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview). + +## Get started -The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-get-started.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The **Devices by update status** chart gives you a visual representation of how many devices are in the following states for the monthly cumulative updates: +When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Supply your + +## The Windows tab + +The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-get-started.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. + + +### Windows update status chart + +The **Windows update status** chart gives you a visual representation of how many devices are in the following states for the monthly cumulative updates: - Up to date - Missing security updates - Unsupported operating system + +A device is considered **Up to date** in this chart if it has installed security updates released within the past two months. Devices that are more two months behind on installation are in the **Missing security updates** classification. An **Unsupported operating system** is either no longer supported by the [Microsoft Product Lifecycle](lifecycle/products/). + +The **End of service** chart list the number of devices running an operating system version that's near or past the product lifecycle. + From e275fcb504891e8eae8b780885ae6bcd8a578261 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 21 Apr 2022 15:39:26 -0700 Subject: [PATCH 106/540] mestew-ucv2-tp --- .../update/update-status-admin-center.md | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 5e03ada33b..2e659863b0 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -23,7 +23,7 @@ ms.date: 04/10/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -The **Software updates** page in the [Microsoft admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Security updates are typically released on the second Tuesday of each month and they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. +The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Security updates are typically released on the second Tuesday of each month and they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. The **Software updates** page has following tabs to assist you in monitoring update status for your devices: @@ -35,16 +35,24 @@ The **Software updates** page has following tabs to assist you in monitoring upd ## Prerequisites -- [Update Compliance](update-compliance-v2-overview.md) needs to be configured -- Read access to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview). - +- The [Update Compliance](update-compliance-v2-overview.md) solution needs to be enabled with clients configured to send data to it +- An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com) **???** + - To configure settings for the **Software Updates** page: [Windows Update Deployment Administrator role](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator) + - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) + +## Limitations + +Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers since it doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). + ## Get started -When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Supply your +When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Supply the following information about your Update Compliance settings: +- The +ONE tenant to ONE workspace ## The Windows tab -The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-get-started.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. +The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. ### Windows update status chart @@ -55,7 +63,7 @@ The **Windows update status** chart gives you a visual representation of how man - Missing security updates - Unsupported operating system -A device is considered **Up to date** in this chart if it has installed security updates released within the past two months. Devices that are more two months behind on installation are in the **Missing security updates** classification. An **Unsupported operating system** is either no longer supported by the [Microsoft Product Lifecycle](lifecycle/products/). +A device is considered **Up to date** in this chart if it has installed security updates released within the past two months. Devices that are more two months behind on installation are in the **Missing security updates** classification. An **Unsupported operating system** is either no longer supported by the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart list the number of devices running an operating system version that's near or past the product lifecycle. From 568c86445dd28516e9795467e33caff927868cff Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 27 Apr 2022 20:34:20 -0700 Subject: [PATCH 107/540] ucv2-tp --- .../update/update-compliance-v2-enable.md | 31 +++++++++++-------- .../update/update-compliance-v2-overview.md | 26 +++++++++++----- .../update-compliance-v2-prerequisites.md | 6 ++-- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index f3f6e802a4..2a6ae960c2 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -18,34 +18,39 @@ ms.topic: article > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -Update Compliance is offered as an Azure Marketplace application that's is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution. +Update Compliance is offered as an Azure Marketplace application that's linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. ## Add Update Compliance to your Azure subscription -To add Update Compliance to your Azure subscription, follow these steps: +After verifying you meet the [prerequisites], add Update Compliance to your Azure subscription by following the steps below: ### Select or create a new Log Analytics workspace 1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com). + - Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. 1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input. 1. Select **Log Analytics workspaces**. 1. If you already have a Log Analytics workspace, determine which Log Analytics workspace you'd like to use for Update Compliance. Ensure the workspace is in a **Compatible Log Analytics region** from the table listed in the [prerequisites](update-compliance-v2-prerequisites.md#log-analytics-regions). - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. -1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspaces, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions). - -### Add the Update Compliance solution to the workspace - -1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this. -1. Select **Get it now**. -1. - +1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspace, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions). > [!Note] > The `CommercialID` for the Log Analytics workspace is no longer required when configuring your clients. +### Add the Update Compliance solution to the workspace +1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page. +1. Select **Get it now**. +1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/[support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure. +1. Sign into the Azure portal to finish creating the Update Compliance solution. +1. Select the following settings: + - **Subscription**: The Azure subscription to use. + - **Resource group**: Select or [create a resource group](/azure/azure-resource-manager/management/manage-resource-groups-portal) for the Update Compliance solution. + - **Azure Log Analytics Workspace**: The Log Analytics workspace you created or identified for use with Update Compliance. +1. Select **Review + create** to review your settings. +1. Select **Create** to add the solution. You'll receive a notification when the Updates Compliance solution has been successfully created. + +> [!Note] +> You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported. ## Next steps diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index f642955b29..6b490c989a 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article +ms.date: 05/07/2022 --- # Update Compliance overview @@ -26,26 +27,36 @@ Update Compliance is a cloud-based solution that provides information about the - Report on devices with update compliance issues - Review [Delivery Optimization](../do/waas-delivery-optimization.md) bandwidth savings across multiple content types -:::image type="content" source="media/37063317-update-compliance-overview.png" alt-text="Screenshot showing Update Compliance dashboard in the Azure portal" lightbox="media/37063317-update-compliance-overview.png"::: +## Technical preview information for Update Compliance + +The new version of Update Compliance is in technical preview. Currently, the technical preview contains the following features: + +- Access to the following new Update Compliance tables: + - UCClient + - UCClientReadinessStatus + - UCClientUpdateStatus + - UCUpdateAlert +- Client data collection to populate the new Update Compliance tables + +> [!IMPORTANT] +> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. ## How Update Compliance works -You'll set up Update Compliance by enrolling into the solution from the Azure portal. You'll then configure your Azure AD joined devices to send Windows client diagnostic data to the solution. Update Compliance uses the diagnostic data the clients send for all of its reporting. It collects system data such as: +You'll set up Update Compliance by enrolling into the solution from the Azure portal. Then you'll configure your Azure AD joined devices to send Windows client diagnostic data to the solution. Update Compliance uses [Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-overview) to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Update Compliance collects system data such as: - Update deployment progress - Delivery Optimization usage data - Windows Update for Business configuration data -Update Compliance sends this client diagnostic data to an [Azure Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-overview) that you own. It sorts and analyzes the data then presents it to you using rich visual reports within the Azure portal. The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Update Compliance data. +The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Update Compliance data. You also choose an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for your client diagnostic data. The collected diagnostic data populates the Update Compliance tables so you can easily query your data. ## Use your Update Compliance data Since the data from your clients is stored in a Log Analytics workspace, you can go beyond the standard reports to analyze and display your data in multiple ways. Some of the ways you could display your data include: -- Using the built-in or [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview) - :::image type="content" source="media/37063317-update-compliance-workbooks.png" alt-text="Screenshot showing a a list of the built-in workbooks that come with the Update Compliance solution." lightbox="media/37063317-update-compliance-workbooks.png"::: -- Using the built-in Kusto (KQL) queries or [custom queries](/azure/azure-monitor/logs/log-query-overview) - :::image type="content" source="media/37063317-update-compliance-kusto-query.png" alt-text="Screenshot showing a built-in Kusto query being run against the Update Compliance data." lightbox="media/37063317-update-compliance-kusto-query.png"::: +- Using the data in [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview) that you create +- Building [custom Kusto (KQL) queries](/azure/azure-monitor/logs/log-query-overview) - Developing your own custom views by integrating the [Log Analytics data](/azure/azure-monitor/visualize/tutorial-logs-dashboards) into other tools such as: - [Operations Management Suite](/azure/azure-monitor/agents/om-agents) - [Power BI](/azure/azure-monitor/logs/log-powerbi) @@ -54,4 +65,3 @@ Since the data from your clients is stored in a Log Analytics workspace, you can ## Next steps - Review the [Update Compliance prerequisites](update-compliance-v2-prerequisites.md) - diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 31cb73068e..7aa70d87b2 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -30,14 +30,14 @@ Before you begin the process to add Update Compliance to your Azure subscription - An Azure subscription with [Azure Active Directory](/azure/active-directory/) - You must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the Update Compliance solution. - Devices must be Azure Active Directory joined and meet the below OS, diagnostic, and endpoint access requirements - - Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance + - Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance ### Operating systems and editions - Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions - Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions -Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions. +Update Compliance only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions. ### Windows client servicing channels @@ -67,7 +67,7 @@ For more information about what's included in different diagnostic levels, see [ [!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-endpoints.md)] > [!NOTE] -> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription. +> Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription. ## Log Analytics prerequisites From 7d25e3de64af97e001a884b1a5d5ab7cde46b979 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 27 Apr 2022 21:42:42 -0700 Subject: [PATCH 108/540] ucv2-tp --- .../update/update-compliance-v2-enable.md | 1 + .../update/update-compliance-v2-overview.md | 8 +++++++- .../update-compliance-v2-prerequisites.md | 1 + .../update-compliance-v2-schema-ucclient.md | 1 + ...mpliance-v2-schema-ucclientupdatestatus.md | 3 +++ ...date-compliance-v2-schema-ucdevicealert.md | 1 + ...pliance-v2-schema-ucserviceupdatestatus.md | 1 + ...date-compliance-v2-schema-ucupdatealert.md | 3 ++- .../update/update-compliance-v2-schema.md | 1 + .../update/update-compliance-v2-use.md | 20 +++++++++++++++++++ .../update/update-status-admin-center.md | 5 ++++- 11 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/update/update-compliance-v2-use.md diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 2a6ae960c2..254b7622e9 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article +date: 05/07/2022 --- # Enable Update Compliance diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index 6b490c989a..3193d70da6 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -29,7 +29,13 @@ Update Compliance is a cloud-based solution that provides information about the ## Technical preview information for Update Compliance -The new version of Update Compliance is in technical preview. Currently, the technical preview contains the following features: +The new version of Update Compliance is in technical preview. Some of the benefits of this new version include: + +- Integration with [Windows Update for Business deployment service](deployment-service-overview) to enable per deployment reporting, monitoring, and troubleshooting. +- Compatibility with [Feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune. +- A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues. + +Currently, the technical preview contains the following features: - Access to the following new Update Compliance tables: - UCClient diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 7aa70d87b2..f774a20c8c 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article +date: 05/07/2022 --- # Update Compliance prerequisites diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md index 6a9f250b3b..d6f422c3de 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # UCClient diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index 6bfc239cb2..225dab4ad3 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # UCClientUpdateStatus @@ -40,11 +41,13 @@ Update Event that combines the latest client-based data with the latest service- | **OfferReceivedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when device last reported entering OfferReceived, else empty. | | **RestartRequiredTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when device first reported entering RebootRequired (or RebootPending), else empty. | | **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. | +| **SourceSystem**| [string](/azure/kusto/query/scalar-data-types/string) | ??? /Azure/| | **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this would correspond to the full build (10.0.14393.385). | | **TargetBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `18363` | Integer of the Major portion of Build. | | **TargetKBNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `4524570` | KB Article. | | **TargetRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | Integer or the Minor (or Revision) portion of Build. | | **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The target OS Version such as 1909. | +| **TenantID** | [string](/azure/kusto/query/scalar-data-types/string) | ??? //!AzureTenantID" | **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | | **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceUpdateEvent` | The EntityType | | **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index fa4d919a0a..0573b183dd 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # UCDeviceAlert diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index 4c7b854d58..ad821324d5 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # UCServiceUpdateStatus diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index 5824f77a83..129144a9b1 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # UCUpdateAlert @@ -20,7 +21,7 @@ ms.topic: reference > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. +Alert for both client and service updates. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. |Field |Type |Example |Description | diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index 4459e84f51..26dc6e98ab 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -11,6 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference +date: 05/07/2022 --- # Update Compliance version 2 schema diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md new file mode 100644 index 0000000000..23251e46dd --- /dev/null +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -0,0 +1,20 @@ +--- +title: Use the Update Compliance solution +ms.reviewer: +manager: dougeby +description: How to use the Update Compliance solution. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.collection: M365-analytics +ms.topic: article +date: 05/07/2022 +--- + +# Use Update Compliance + +> [!Important] +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 2e659863b0..014d157f7a 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -49,7 +49,7 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Supply the following information about your Update Compliance settings: - The -ONE tenant to ONE workspace + ## The Windows tab The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. @@ -67,3 +67,6 @@ A device is considered **Up to date** in this chart if it has installed security The **End of service** chart list the number of devices running an operating system version that's near or past the product lifecycle. +## Next steps + +Use [Update Compliance](update-compliance-v2-overview.md) to display additional data about the status of Windows updates. \ No newline at end of file From bd424f66009ab0b42c0e4f744b7f495a49ca8c01 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 27 Apr 2022 22:19:02 -0700 Subject: [PATCH 109/540] ucv2-tp --- windows/deployment/TOC.yml | 10 +++-- .../update/update-compliance-v2-use.md | 43 +++++++++++++++++-- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index d873d6e484..c4d8ba0081 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -198,9 +198,13 @@ - name: Configure clients manually href: update/update-compliance-configuration-manual.md - name: Configure clients with Microsoft Endpoint Manager - href: update/update-compliance-configuration-mem.md - - name: Software updates in the Microsoft admin center (preview) - href: update/update-status-admin-center.md + href: update/update-compliance-configuration-mem.md + - name: Use Update Compliance (preview) + items: + - name: Use Update Compliance + href: update/update-compliance-v2-use.md + - name: Software updates in the Microsoft admin center (preview) + href: update/update-status-admin-center.md - name: Schema reference (preview) items: - name: Update Compliance schema reference diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index 23251e46dd..8cc180ce7a 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -1,8 +1,8 @@ --- -title: Use the Update Compliance solution +title: Use the Update Compliance (preview) solution ms.reviewer: manager: dougeby -description: How to use the Update Compliance solution. +description: How to use the Update Compliance (preview) solution. ms.prod: w10 ms.mktglfcycl: deploy ms.pagetype: deploy @@ -14,7 +14,44 @@ ms.topic: article date: 05/07/2022 --- -# Use Update Compliance +# Use Update Compliance (preview) > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. + +In this article you'll learn how to use Update Compliance to monitor Windows updates for your devices. To configure your environment for use with Update Compliance, see [Enable Update Compliance](update-compliance-v2-enable.md). + +## Display Update Compliance data + +1. Sign into the [Azure portal](https://portal.azure.com). +1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input. +1. Select **Log Analytics workspaces**. +1. Select the workspace that you use for Updates Compliance. +1. Select **Log** under the **General** group in your workspace. +1. + + + +## Update Compliance data latency +Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. + +The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. + +| Data Type | Data upload rate from device | Data Latency | +|--|--|--| +|WaaSUpdateStatus | Once per day |4 hours | +|WaaSInsiderStatus| Once per day |4 hours | +|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours | +|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours | +|WUDOStatus|Once per day|12 hours | + +This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours. + +## Using Log Analytics + +Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance. + +See below for a few topics related to Log Analytics: +* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches). +* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards). +* [Gain an overview of Log Analytics' alerts](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. \ No newline at end of file From ec06864f82f7df4349cd154a674a1962fbd87d4c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 27 Apr 2022 22:23:07 -0700 Subject: [PATCH 110/540] ucv2-tp --- windows/deployment/update/update-compliance-v2-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index 3193d70da6..e539586053 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -31,7 +31,7 @@ Update Compliance is a cloud-based solution that provides information about the The new version of Update Compliance is in technical preview. Some of the benefits of this new version include: -- Integration with [Windows Update for Business deployment service](deployment-service-overview) to enable per deployment reporting, monitoring, and troubleshooting. +- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting. - Compatibility with [Feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune. - A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues. From 01a1ba56a7f25fa400f104b43980476b7918d56d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 28 Apr 2022 15:35:39 +0530 Subject: [PATCH 111/540] CSP Improvement -Part 5 The updates here are made to improve Acrolinx scores and fix format errors as per Task : 5864419. Thanks! --- .../mdm/policy-csp-admx-cpls.md | 8 +- .../policy-csp-admx-credentialproviders.md | 10 +- .../mdm/policy-csp-admx-credssp.md | 35 +++---- .../mdm/policy-csp-admx-credui.md | 13 ++- .../mdm/policy-csp-admx-ctrlaltdel.md | 21 +++-- .../mdm/policy-csp-admx-datacollection.md | 7 +- .../mdm/policy-csp-admx-dcom.md | 28 ++++-- .../mdm/policy-csp-admx-desktop.md | 92 ++++++++++--------- .../mdm/policy-csp-admx-devicecompat.md | 10 +- .../mdm/policy-csp-admx-deviceguard.md | 12 ++- .../mdm/policy-csp-admx-deviceinstallation.md | 35 ++++--- .../mdm/policy-csp-admx-devicesetup.md | 16 +++- .../mdm/policy-csp-admx-dfs.md | 10 +- .../mdm/policy-csp-admx-digitallocker.md | 14 +-- .../mdm/policy-csp-admx-diskdiagnostic.md | 27 ++++-- .../mdm/policy-csp-admx-disknvcache.md | 24 +++-- .../mdm/policy-csp-admx-diskquota.md | 31 ++++--- ...policy-csp-admx-distributedlinktracking.md | 11 ++- .../mdm/policy-csp-admx-dnsclient.md | 84 +++++++++-------- .../mdm/policy-csp-admx-dwm.md | 25 ++--- 20 files changed, 296 insertions(+), 217 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 19f04975a7..01686de6fb 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Cpls -description: Policy CSP - ADMX_Cpls +description: Learn about the Policy CSP - ADMX_Cpls. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -64,7 +64,7 @@ manager: dansimp This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. > [!NOTE] -> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. +> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed. If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed. @@ -84,6 +84,8 @@ ADMX Info:

    - +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 92381f92cc..dbc2af5073 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_CredentialProviders -description: Policy CSP - ADMX_CredentialProviders +description: Learn about the Policy CSP - ADMX_CredentialProviders. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -122,7 +122,7 @@ This policy setting allows the administrator to assign a specified credential pr If you enable this policy setting, the specified credential provider is selected on other user tile. -If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile. +If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile. > [!NOTE] > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers. @@ -190,4 +190,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 6644992e57..c0875ac3a0 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_CredSsp -description: Policy CSP - ADMX_CredSsp +description: Learn about the Policy CSP - ADMX_CredSsp. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -97,7 +97,7 @@ This policy setting applies when server authentication was achieved via NTLM. If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). -If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. +If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -156,7 +156,7 @@ If you enable this policy setting, you can specify the servers to which the user The policy becomes effective the next time the user signs on to a computer running Windows. -If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. +If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. FWlink for KB: https://go.microsoft.com/fwlink/?LinkId=301508 @@ -215,14 +215,14 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att If you enable this policy setting, CredSSP version support will be selected based on the following options: -- Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. +- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. > [!NOTE] > This setting should not be deployed until all remote hosts support the newest version. -- Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. +- Mitigated: Client applications that use CredSSP won't be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. -- Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients. +- Vulnerable: Client applications, which use CredSSP will expose the remote servers to attacks by supporting fall-back to the insecure versions and services using CredSSP will accept unpatched clients. For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660 @@ -271,9 +271,9 @@ This policy setting applies when server authentication was achieved via a truste If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). -If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. +If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. @@ -327,11 +327,11 @@ This policy setting applies to applications using the Cred SSP component (for ex This policy setting applies when server authentication was achieved via NTLM. -If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). +If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you're prompted for when executing the application). -If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. +If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -387,9 +387,9 @@ This policy setting applies when server authentication was achieved via a truste If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). -If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). +If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). -If you disable this policy setting, delegation of saved credentials is not permitted to any machine. +If you disable this policy setting, delegation of saved credentials isn't permitted to any machine. > [!NOTE] > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -555,9 +555,9 @@ ADMX Info: This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). -If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application). +If you enable this policy setting, you can specify the servers to which the user's fresh credentials can't be delegated (fresh credentials are those that you're prompted for when executing the application). -If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. +If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server. > [!NOTE] > The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. @@ -676,7 +676,7 @@ If you enable this policy setting, the following options are supported: - Require Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts. - Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts. -If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices. +If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode aren't enforced and participating apps can delegate credentials to remote devices. > [!NOTE] > To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation). @@ -699,3 +699,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index d6bc1bc1fd..04ca607c75 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_CredUI -description: Policy CSP - ADMX_CredUI +description: Learn about the Policy CSP - ADMX_CredUI. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -67,11 +67,11 @@ manager: dansimp This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials. > [!NOTE] -> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled. +> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled. -If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. +If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop with the trusted path mechanism. -If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials. +If you disable or don't configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials. @@ -112,7 +112,7 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords. +Available in the latest Windows 10 Insider Preview Build. If you turn on this policy setting, local users won’t be able to set up and use security questions to reset their passwords. @@ -129,3 +129,6 @@ ADMX Info: < +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 7bdb85337f..cee991a058 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_CtrlAltDel -description: Policy CSP - ADMX_CtrlAltDel +description: Learn about the Policy CSP - ADMX_CtrlAltDel. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -74,7 +74,7 @@ This policy setting prevents users from changing their Windows password on deman If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del. -However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. +However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. @@ -119,11 +119,11 @@ ADMX Info: This policy setting prevents users from locking the system. -While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it. +While locked, the desktop is hidden and the system can't be used. Only the user who locked the system or the system administrator can unlock it. -If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del. +If you enable this policy setting, users can't lock the computer from the keyboard using Ctrl+Alt+Del. -If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. +If you disable or don't configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. > [!TIP] > To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer. @@ -170,9 +170,9 @@ This policy setting prevents users from starting Task Manager. Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. -If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. +If you enable this policy setting, users won't be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. -If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. +If you disable or don't configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. @@ -215,11 +215,11 @@ ADMX Info: This policy setting disables or removes all menu items and buttons that log the user off the system. -If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. +If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shut down the computer, or clicking Logoff from the Start menu. Also, see the 'Remove Logoff on the Start Menu' policy setting. -If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del. +If you disable or do not configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del. @@ -237,3 +237,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 280a763699..02173fecab 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DataCollection -description: Policy CSP - ADMX_DataCollection +description: Learn about the Policy CSP - ADMX_DataCollection. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -63,7 +63,7 @@ manager: dansimp This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organization. -If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. +If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization. @@ -86,3 +86,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index 4efe29532e..e10c705b01 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DCOM -description: Policy CSP - ADMX_DCOM +description: Learn about the Policy CSP - ADMX_DCOM. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -66,10 +66,10 @@ manager: dansimp This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list. -- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list. +- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list. -- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list. -If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured. +- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security-check exemption list. +If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured. > [!NOTE] > This policy setting applies to all sites in Trusted zones. @@ -119,19 +119,24 @@ DCOM ignores the second list when this policy setting is configured, unless the DCOM server application IDs added to this policy must be listed in curly brace format. For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`. + If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors. + +If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server. + +If you add an application ID to this list and set its value to zero DCOM will always enforce the Activation security check for that DCOM server regardless of local settings. + - If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. - -If you add an application ID to this list and set its value to one, DCOM will not enforce the Activation security check for that DCOM server. -If you add an application ID to this list and set its value to zero DCOM will always enforce the Activation security check for that DCOM server regardless of local -settings. - If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used. +- If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. + +>[!Note] +> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. -If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid. -DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. +DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. > [!NOTE] > Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present. @@ -154,3 +159,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 1a66b56054..5c2ec282c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Desktop -description: Policy CSP - ADMX_Desktop +description: Learn about Policy CSP - ADMX_Desktop. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -145,13 +145,13 @@ manager: dansimp -Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results. +Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying more filters to search results. If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it. -If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu. +If you disable this setting or don't configure it, the filter bar doesn't appear, but users can display it by selecting "Filter" on the "View" menu. -To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter. +To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar doesn't appear above the resulting display, on the View menu, click Filter. @@ -197,9 +197,9 @@ Hides the Active Directory folder in Network Locations. The Active Directory folder displays Active Directory objects in a browse window. -If you enable this setting, the Active Directory folder does not appear in the Network Locations folder. +If you enable this setting, the Active Directory folder doesn't appear in the Network Locations folder. -If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder. +If you disable this setting or don't configure it, the Active Directory folder appears in the Network Locations folder. This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory. @@ -247,7 +247,7 @@ Specifies the maximum number of objects the system displays in response to a com If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search. -If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. +If you disable this setting or don't configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. This setting is designed to protect the network and the domain controller from the effect of expansive searches. @@ -295,7 +295,7 @@ Enables Active Desktop and prevents users from disabling it. This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. -If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. +If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it. > [!NOTE] > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored. @@ -343,7 +343,7 @@ Disables Active Desktop and prevents users from enabling it. This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. -If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. +If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it. > [!NOTE] > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored. @@ -390,7 +390,7 @@ ADMX Info: Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration. -This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. +This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users can't enable or disable Active Desktop. If Active Desktop is already enabled, users can't add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. @@ -433,7 +433,7 @@ ADMX Info: Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations. -Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent. +Removing icons and shortcuts doesn't prevent the user from using another method to start the programs or opening the items they represent. Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop. @@ -479,9 +479,9 @@ ADMX Info: Prevents users from using the Desktop Cleanup Wizard. -If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard. +If you enable this setting, the Desktop Cleanup wizard doesn't automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard. -If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs. +If you disable this setting or don't configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs. > [!NOTE] > When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button. @@ -528,7 +528,7 @@ ADMX Info: Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar. -This setting does not prevent the user from starting Internet Explorer by using other methods. +This setting doesn't prevent the user from starting Internet Explorer by using other methods. @@ -576,7 +576,7 @@ If you enable this setting, Computer is hidden on the desktop, the new Start men If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting. -If you do not configure this setting, the default is to display Computer as usual. +If you don't configure this setting, the default is to display Computer as usual. > [!NOTE] > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled. @@ -625,9 +625,9 @@ Removes most occurrences of the My Documents icon. This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. -This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder. +This setting doesn't prevent the user from using other methods to gain access to the contents of the My Documents folder. -This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. +This setting doesn't remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. > [!NOTE] > To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional. @@ -673,7 +673,7 @@ ADMX Info: Removes the Network Locations icon from the desktop. -This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network. +This setting only affects the desktop icon. It doesn't prevent users from connecting to the network or browsing for shared computers on the network. > [!NOTE] > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon. @@ -720,9 +720,9 @@ ADMX Info: This setting hides Properties on the context menu for Computer. -If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected. +If you enable this setting, the Properties option won't be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected. -If you disable or do not configure this setting, the Properties option is displayed as usual. +If you disable or don't configure this setting, the Properties option is displayed as usual. @@ -766,17 +766,16 @@ ADMX Info: This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. -If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following: +If you enable this policy setting, the Properties menu command won't be displayed when the user does any of the following: - Right-clicks the My Documents icon. - Clicks the My Documents icon, and then opens the File menu. - Clicks the My Documents icon, and then presses ALT+ENTER. -If you disable or do not configure this policy setting, the Properties menu command is displayed. +If you disable or don't configure this policy setting, the Properties menu command is displayed. - ADMX Info: - GP Friendly name: *Remove Properties from the Documents icon context menu* @@ -814,11 +813,11 @@ ADMX Info: -Remote shared folders are not added to Network Locations whenever you open a document in the shared folder. +Remote shared folders aren't added to Network Locations whenever you open a document in the shared folder. -If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. +If you disable this setting or don't configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. -If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder. +If you enable this setting, shared folders aren't added to Network Locations automatically when you open a document in the shared folder. @@ -864,7 +863,7 @@ Removes most occurrences of the Recycle Bin icon. This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. -This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder. +This setting doesn't prevent the user from using other methods to gain access to the contents of the Recycle Bin folder. > [!NOTE] > To make changes to this setting effective, you must log off and then log back on. @@ -910,9 +909,9 @@ ADMX Info: Removes the Properties option from the Recycle Bin context menu. -If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. +If you enable this setting, the Properties option won't be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. -If you disable or do not configure this setting, the Properties option is displayed as usual. +If you disable or don't configure this setting, the Properties option is displayed as usual. @@ -956,7 +955,7 @@ ADMX Info: Prevents users from saving certain changes to the desktop. -If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved. +If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, aren't saved when users logoff. However, shortcuts placed on the desktop are always saved. @@ -1000,9 +999,9 @@ ADMX Info: Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. -If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse. +If you enable this policy, application windows won't be minimized or restored when the active window is shaken back and forth with the mouse. -If you disable or do not configure this policy, this window minimizing and restoring gesture will apply. +If you disable or don't configure this policy, this window minimizing and restoring gesture will apply. @@ -1047,9 +1046,9 @@ Specifies the desktop background ("wallpaper") displayed on all users' desktops. This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file. -To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification. +To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file isn't available when the user logs on, no wallpaper is displayed. Users can't specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users can't change this specification. -If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice. +If you disable this setting or don't configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice. Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel. @@ -1097,7 +1096,7 @@ ADMX Info: Prevents users from adding Web content to their Active Desktop. -This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content. +This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. This setting doesn't remove existing Web content from their Active Desktop, or prevent users from removing existing Web content. Also, see the "Disable all items" setting. @@ -1142,9 +1141,9 @@ ADMX Info: Prevents users from removing Web content from their Active Desktop. -In Active Desktop, you can add items to the desktop but close them so they are not displayed. +In Active Desktop, you can add items to the desktop but close them so they aren't displayed. -If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel. +If you enable this setting, items added to the desktop can't be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel. > [!NOTE] > This setting does not prevent users from deleting items from their Active Desktop. @@ -1193,7 +1192,7 @@ Prevents users from deleting Web content from their Active Desktop. This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop. -This setting does not prevent users from adding Web content to their Active Desktop. +This setting doesn't prevent users from adding Web content to their Active Desktop. Also, see the "Prohibit closing items" and "Disable all items" settings. @@ -1239,7 +1238,7 @@ ADMX Info: Prevents users from changing the properties of Web content items on their Active Desktop. -This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics. +This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users can't change the properties of an item, such as its synchronization schedule, password, or display characteristics. @@ -1283,7 +1282,7 @@ ADMX Info: Removes Active Desktop content and prevents users from adding Active Desktop content. -This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. +This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. > [!NOTE] > This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper. @@ -1338,7 +1337,7 @@ You can also use this setting to delete particular Web-based items from users' d > Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again. > [!NOTE] -> For this setting to take affect, you must log off and log on to the system. +> For this setting to take effect, you must log off and log on to the system. @@ -1382,7 +1381,7 @@ ADMX Info: Prevents users from manipulating desktop toolbars. -If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars. +If you enable this setting, users can't add or remove toolbars from the desktop. Also, users can't drag toolbars on to or off of docked toolbars. > [!NOTE] > If users have added or removed toolbars, this setting prevents them from restoring the default configuration. @@ -1432,9 +1431,9 @@ ADMX Info: -Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars. +Prevents users from adjusting the length of desktop toolbars. Also, users can't reposition items or toolbars on docked toolbars. -This setting does not prevent users from adding or removing toolbars on the desktop. +This setting doesn't prevent users from adding or removing toolbars on the desktop. > [!NOTE] > If users have adjusted their toolbars, this setting prevents them from restoring the default configuration. @@ -1481,7 +1480,7 @@ ADMX Info: -Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". +Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper doesn't load. Files that are auto-converted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings. @@ -1501,3 +1500,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index b1ccc54155..c13f7fb7f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DeviceCompat -description: Policy CSP - ADMX_DeviceCompat +description: Learn about Policy CSP - ADMX_DeviceCompat. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -104,7 +104,7 @@ ADMX Info: -Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions. +Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions. @@ -118,4 +118,8 @@ ADMX Info: - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 6ef592107b..11ef6a220b 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DeviceGuard -description: Policy CSP - ADMX_DeviceGuard +description: Learn about Policy CSP - ADMX_DeviceGuard. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -70,9 +70,10 @@ The file path must be either a UNC path (for example, `\\ServerName\ShareName\SI or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. The local machine account (LOCAL SYSTEM) must have access permission to the policy file. -If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: -1. First update the policy to a non-protected policy and then disable the setting. -2. Disable the setting and then remove the policy from each computer, with a physically present user. +If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: + +- First update the policy to a non-protected policy and then disable the setting. (or) +- Disable the setting and then remove the policy from each computer, with a physically present user. @@ -89,3 +90,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 596d4df2ed..742442731b 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DeviceInstallation -description: Policy CSP - ADMX_DeviceInstallation +description: Learn about Policy CSP - ADMX_DeviceInstallation. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -86,7 +86,7 @@ This policy setting allows you to determine whether members of the Administrator If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. -If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation. +If you disable or don't configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation. @@ -132,7 +132,7 @@ This policy setting allows you to display a custom message to users in a notific If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation. -If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation. +If you disable or don't configure this policy setting, Windows displays a default message when a policy setting prevents device installation. @@ -178,7 +178,7 @@ This policy setting allows you to display a custom message title in a notificati If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation. -If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation. +If you disable or don't configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation. @@ -224,7 +224,7 @@ This policy setting allows you to configure the number of seconds Windows waits If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation. -If you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation. +If you disable or don't configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation. @@ -268,11 +268,12 @@ ADMX Info: This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies. -If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot. +If you enable this policy setting, set the number of seconds you want the system to wait until a reboot. -If you disable or do not configure this policy setting, the system does not force a reboot. +If you disable or don't configure this policy setting, the system doesn't force a reboot. -Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted. +>[!Note] +> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted. @@ -314,11 +315,11 @@ ADMX Info: -This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device. +This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device. -If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. +If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices can't have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. -If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings. +If you disable or don't configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings. @@ -361,9 +362,9 @@ ADMX Info: This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. -If you enable this policy setting, Windows does not create a system restore point when one would normally be created. +If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created. -If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would. +If you disable or don't configure this policy setting, Windows creates a system restore point as it normally would. @@ -409,7 +410,7 @@ This policy setting specifies a list of device setup class GUIDs describing devi If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store. -If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system. +If you disable or don't configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system. @@ -426,4 +427,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index ae07cf6eb3..de7d1cde74 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DeviceSetup -description: Policy CSP - ADMX_DeviceSetup +description: Learn about Policy CSP - ADMX_DeviceSetup. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -66,9 +66,9 @@ manager: dansimp This policy setting allows you to turn off "Found New Hardware" balloons during device installation. -If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed. +If you enable this policy setting, "Found New Hardware" balloons don't appear while a device is being installed. -If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons. +If you disable or don't configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons. @@ -114,9 +114,12 @@ This policy setting allows you to specify the order in which Windows searches so If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all. -Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system. +>[!Note] +> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. -If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers. +This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system. + +If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers. @@ -133,3 +136,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index 49774e691d..8bed2392e2 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DFS -description: Policy CSP - ADMX_DFS +description: Learn about Policy CSP - ADMX_DFS. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -63,10 +63,9 @@ manager: dansimp This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default, a DFS client attempts to discover domain controllers every 15 minutes. -- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. -This value is specified in minutes. +If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes. -- If you disable or do not configure this policy setting, the default value of 15 minutes applies. +If you disable or don't configure this policy setting, the default value of 15 minutes applies. > [!NOTE] > The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied. @@ -87,3 +86,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 731f55b062..99ae418a32 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DigitalLocker -description: Policy CSP - ADMX_DigitalLocker +description: Learn about Policy CSP - ADMX_DigitalLocker. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -68,13 +68,12 @@ This policy setting specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. -If you enable this setting, Digital Locker will not run. +If you enable this setting, Digital Locker won't run. -If you disable or do not configure this setting, Digital Locker can be run. +If you disable or don't configure this setting, Digital Locker can be run. - ADMX Info: - GP Friendly name: *Do not allow Digital Locker to run* @@ -116,9 +115,9 @@ This policy setting specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. -If you enable this setting, Digital Locker will not run. +If you enable this setting, Digital Locker won't run. -If you disable or do not configure this setting, Digital Locker can be run. +If you disable or don't configure this setting, Digital Locker can be run. @@ -137,3 +136,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 312e6550d5..f931979921 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DiskDiagnostic -description: Policy CSP - ADMX_DiskDiagnostic +description: Learn about Policy CSP - ADMX_DiskDiagnostic. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -66,12 +66,13 @@ manager: dansimp This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. -- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. +If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. +If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. -This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. +No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. + +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] @@ -121,12 +122,15 @@ This policy setting determines the execution level for S.M.A.R.T.-based disk dia Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. -- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. -- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. -- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. -No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. + +If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. + +No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. + +This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] > For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. @@ -147,3 +151,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 87b9aee1a3..718a8ef652 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DiskNVCache -description: Policy CSP - ADMX_DiskNVCache +description: Learn about Policy CSP - ADMX_DiskNVCache. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -67,14 +67,15 @@ manager: dansimp -This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system. +This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system. -If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume. +If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume. + +If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. -If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. -The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate. If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. +The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. This policy setting is applicable only if the NV cache feature is on. @@ -119,12 +120,11 @@ This policy setting turns off all support for the non-volatile (NV) cache on all To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache. -If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode. +If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode. If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. -This policy setting will take effect on next boot. If you do not configure this policy setting, the default behavior is to turn on support for the NV cache. - +This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache. @@ -172,7 +172,10 @@ If you enable this policy setting, frequently written files such as the file sys If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. -This can cause increased wear of the NV cache. If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on. +This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. + +>[!Note] +> This policy setting is applicable only if the NV cache feature is on. @@ -192,3 +195,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index cc4ff2f0b5..ec151b39e1 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DiskQuota -description: Policy CSP - ADMX_DiskQuota +description: Learn about Policy CSP - ADMX_DiskQuota. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -79,7 +79,7 @@ manager: dansimp This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media. -If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. +If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media. @@ -124,13 +124,13 @@ ADMX Info: This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. -If you enable this policy setting, disk quota management is turned on, and users cannot turn it off. +If you enable this policy setting, disk quota management is turned on, and users can't turn it off. -If you disable the policy setting, disk quota management is turned off, and users cannot turn it on. When this policy setting is not configured then the disk quota management is turned off by default, and the administrators can turn it on. +If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. -This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. +This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. @@ -180,9 +180,9 @@ This policy setting determines whether disk quota limits are enforced and preven If you enable this policy setting, disk quota limits are enforced. -If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators cannot make changes while the setting is in effect. +If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. -If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. +If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. This policy setting overrides user settings that enable or disable quota enforcement on their volumes. @@ -232,9 +232,9 @@ This policy setting determines whether the system records an event in the local If you enable this policy setting, the system records an event when the user reaches their limit. -If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect. If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. +If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. -This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes. +This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. @@ -282,9 +282,9 @@ This policy setting determines whether the system records an event in the Applic If you enable this policy setting, the system records an event. -If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect. +If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect. -If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes. +If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. @@ -332,11 +332,11 @@ This policy setting specifies the default disk quota limit and warning level for This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. -This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). +This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). -If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group. +If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. -This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. +This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. @@ -354,3 +354,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 5c192b7816..35d0ab94f5 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DistributedLinkTracking -description: Policy CSP - ADMX_DistributedLinkTracking +description: Learn about Policy CSP - ADMX_DistributedLinkTracking. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -61,8 +61,10 @@ manager: dansimp -This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. -The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. +This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. + +The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. + The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain. @@ -85,3 +87,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 89e960919b..3f078ce171 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DnsClient -description: Policy CSP - ADMX_DnsClient +description: Learn about Policy CSP - ADMX_DnsClient. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -127,7 +127,7 @@ This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issue If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names. -If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names. +If you disable this policy setting, or if you don't configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names. @@ -180,7 +180,7 @@ If you enable this policy setting, suffixes are allowed to be appended to an unq If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails. -If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names. +If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names. @@ -225,7 +225,7 @@ This policy setting specifies a connection-specific DNS suffix. This policy sett If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. -If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. +If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. @@ -273,22 +273,22 @@ With devolution, a DNS client creates queries by appending a single-label, unqua The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. -Devolution is not enabled if a global suffix search list is configured using Group Policy. +Devolution isn't enabled if a global suffix search list is configured using Group Policy. -If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: +If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: - The primary DNS suffix, as specified on the Computer Name tab of the System control panel. - Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. -For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. +For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) until the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify. -If you disable this policy setting or do not configure it, DNS clients use the default devolution level of two provided that DNS devolution is enabled. +If you disable this policy setting or don't configure it, DNS clients use the default devolution level of two when DNS devolution is enabled. @@ -333,9 +333,9 @@ ADMX Info: This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured. -If this policy setting is enabled, IDNs are not converted to Punycode. +If this policy setting is enabled, IDNs aren't converted to Punycode. -If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured. +If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured. @@ -381,7 +381,7 @@ This policy setting specifies whether the DNS client should convert internationa If this policy setting is enabled, IDNs are converted to the Nameprep form. -If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form. +If this policy setting is disabled, or if this policy setting isn't configured, IDNs aren't converted to the Nameprep form. @@ -429,7 +429,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. -If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. +If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. @@ -475,7 +475,7 @@ This policy setting specifies that responses from link local name resolution pro If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order. -If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order. +If you disable this policy setting, or if you don't configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order. > [!NOTE] > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured. @@ -531,7 +531,7 @@ If you enable this policy setting, it supersedes the primary DNS suffix configur You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix. -If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. +If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. @@ -580,9 +580,10 @@ If you enable this policy setting, a computer will register A and PTR resource r For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. -Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. +>[!Important] +> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. -If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix. +If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix. @@ -631,11 +632,11 @@ If you enable this policy setting, registration of PTR records will be determine To use this policy setting, click Enabled, and then select one of the following options from the drop-down list: -- Do not register: Computers will not attempt to register PTR resource records +- Do not register: Computers won't attempt to register PTR resource records. - Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful. - Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful. -If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings. +If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings. @@ -678,7 +679,7 @@ ADMX Info: This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. -If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled. +If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled. If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections. @@ -724,13 +725,13 @@ ADMX Info: This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. -This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers. +This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers. During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address. -If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update. +If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update. -If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer. +If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer. @@ -774,7 +775,7 @@ ADMX Info: This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. -Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. +Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records. > [!WARNING] > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. @@ -783,7 +784,7 @@ To specify the registration refresh interval, click Enabled and then enter a val If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting. -If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. +If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. @@ -831,7 +832,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting. -If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). +If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). @@ -883,7 +884,7 @@ To use this policy setting, click Enabled, and then enter a string value represe If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried. -If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. +If you disable this policy setting, or if you don't configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. @@ -926,11 +927,11 @@ ADMX Info: -This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept. +This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. When multiple positive responses are received, the network binding order is used to determine which response to accept. -If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. +If you enable this policy setting, the DNS client won't perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. -If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries. +If you disable this policy setting, or if you don't configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries. @@ -976,7 +977,7 @@ This policy setting specifies that the DNS client should prefer responses from l If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. -If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. +If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. > [!NOTE] > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured. @@ -1030,7 +1031,7 @@ To use this policy setting, click Enabled and then select one of the following v If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. -If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. +If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. @@ -1078,7 +1079,7 @@ By default, a DNS client that is configured to perform dynamic DNS update will u If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone. -If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update. +If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update. @@ -1126,9 +1127,9 @@ With devolution, a DNS client creates queries by appending a single-label, unqua The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. -Devolution is not enabled if a global suffix search list is configured using Group Policy. +Devolution isn't enabled if a global suffix search list is configured using Group Policy. -If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: +If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. @@ -1136,13 +1137,13 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two. -If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix. +If you enable this policy setting, or if you don't configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix. -If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. +If you disable this policy setting, DNS clients don't attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. @@ -1186,11 +1187,11 @@ ADMX Info: This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers. -LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible. +LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible. If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer. -If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters. +If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters. @@ -1207,3 +1208,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 94017ac6c2..c330726dbf 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_DWM -description: Policy CSP - ADMX_DWM +description: Learn about Policy CSP - ADMX_DWM. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -76,11 +76,11 @@ manager: dansimp -This policy setting controls the default color for window frames when the user does not specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. +If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. @@ -125,11 +125,11 @@ ADMX Info: -This policy setting controls the default color for window frames when the user does not specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. +If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. @@ -178,7 +178,7 @@ This policy setting controls the appearance of window animations such as those f If you enable this policy setting, window animations are turned off. -If you disable or do not configure this policy setting, window animations are turned on. +If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied. @@ -226,7 +226,7 @@ This policy setting controls the appearance of window animations such as those f If you enable this policy setting, window animations are turned off. -If you disable or do not configure this policy setting, window animations are turned on. +If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied. @@ -274,7 +274,7 @@ This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. -If you disable or do not configure this policy setting, you allow users to change the default window frame color. +If you disable or don't configure this policy setting, you allow users to change the default window frame color. > [!NOTE] > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. @@ -323,7 +323,7 @@ This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. -If you disable or do not configure this policy setting, you allow users to change the default window frame color. +If you disable or don't configure this policy setting, you allow users to change the default window frame color. > [!NOTE] > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. @@ -343,3 +343,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file From 87c99b8bebd991265ff090cd6bbb2c6d4d194adf Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 28 Apr 2022 10:37:48 -0700 Subject: [PATCH 112/540] ucv2-tp --- .../media/37063317-end-of-service-chart.png | Bin 0 -> 75344 bytes .../37063317-windows-update-status-chart.png | Bin 0 -> 53909 bytes .../update/update-status-admin-center.md | 33 +++++++++++------- 3 files changed, 21 insertions(+), 12 deletions(-) create mode 100644 windows/deployment/update/media/37063317-end-of-service-chart.png create mode 100644 windows/deployment/update/media/37063317-windows-update-status-chart.png diff --git a/windows/deployment/update/media/37063317-end-of-service-chart.png b/windows/deployment/update/media/37063317-end-of-service-chart.png new file mode 100644 index 0000000000000000000000000000000000000000..fbca74ba520e275df7d5bdfddecd6452f3366f09 GIT binary patch literal 75344 zcmeFZc|4SD|36$;*OgqhN=0Q!i9{x37nKSz6xG-#Bn`%rbugnYB#DW!WlhG`*q0&8 zOoXvyY3v4*-C&GuW|%Sjrt7}1`}=+VdH#6*dVa6h{d!@}(~RRh&g1+XpXL2|zeU|Q zH4ymo%%2Ai91t)vylsBqz+s&O2Yzcia+v#@b+U#F_vN6ExxuXiB|Tyk?#b^iH-R?~ z94JTf?K=FyJ?Hf@wDLJ{Ks@r-_d(>`y7Pep`?*H9Z$1pPU*UKbNesh(!gQDZIK_AS zMZ9`iT*G2jzbItVeK*qjiFS0X;m7{ya>G%G!qKQD30cu-U#8$un@{DX=i?DISK?p1 z%qTbf!*IO(65#4{EA+ruf1z7iU(si;LPj~A1EyL=PIvrHS!%=$SUzzHsOqg*-K^Kq z(Rt+eIWs6TIGV{m_$PC6LHCj0(r&5GQtu&2z!hnu_7SLmPPYr&?0hW{Q4J?hh}|Ie`9ng6}S zv;V6Ws*y+6-kO60h_l9BK=^+iFxpx@bh~G%Cag*Oe^~>S{Xb{%tiZ_s8qNP-OrQCc zV2mMG=LySZ+HkNl+v_vY-y)Gkdt)U+db?ihthugec~GgsBpx12r#P-R7g}_AU9V>? zKdFOlwoNY$V!COOSsD!*Ax}Mt|7`4Q8KWkFwsnEt-fWKcA*LO}^(eb+`TpUlZ5$7$Z&?@;`pdXD*xof6a>=AFU)?ifO)h zy1qSwl-xE@_uh5sNr%e35|q?!2%L(r2xerS{AX6a&$Oq!R|@k_aV_7}TeF>3(0+ZR z{X%qPa`fssnr#rBd1?XB(4eum(u8aQ( zWRp{lrKP8Zqh2^NE8LGn)Hrk8EJU`sM~g<5V45DAev(1Y|5|?ZwP9qcM#|Fm#eYx3 zPhvX|LTBUrr(1lY)6`c@6ulC4kupo)o@_=faGz~;Sp5w}FaqjLnQjd}T=GSGwxt7w z!LRzW8PqvlGxAA6FOk+?OCBo$e?jkvRdMN6j1>=drGu_F`^_ySPM_0cJErxD>EQww zvm+m8O`g?*P6n~5t>1*0Uf+?Aa@fCiJ)&9-#{9k46OC_)712cn5K7?OtJ*Im(q=%UWiMp_+ zxi728PS<9ddutmY#eZ!ER&_nNPr_re;S1Mt*JlVI{Ge3mQ64DaFCC9O9mGG+|7vB% z+LN`E`YZR0N$21{1>Y)yO2@yD4!F~H7P4sLim2b0gB-pf#|V$h^_r`AyTiNK0kM(V zM!#%H!+*unhj}N+#ptKUk<|gib-N+h)(^tttd*9F0Uo}sbM-V_@UXaK;e}E0lkT!v zPcB`5v9zvF2e`RZgc+4f{jX_w{hG$t{iQ_t*0~&H9S`bs89tCQIRE1@h+N0?zPs~M zGvF9n_`uIN^I`lxp<8X_aktZ_x}&Qh6*G%Joa))<(q&D@IR(XmHHUk$@O>c*5f=HW z_(RCA)0>vA%^%Fv*4i&gDEZB=sHY~wh4V!0YlHRj!8(mBD38NjebFW>03SS@lVzwq zT?=fvE__(0^KC8S=}8X>KKj}>A$5G@*->nXa{&CRl?7W=t~trf|7axIJM~nHQ8=$Y zGK(4fkN?Q?IVTBeJ;$0s(rnjzpD;!%nYcrL-K2Q!(7P~X|FWJ!3oyB{{}nV5tJE@B zvzqzzc{4r6b7eIQZ-$tYkJcZ}_|secPx6emkZvGtLL@|@OLS)@+iSZ$<6wvkfXJJD z#BFKBVl<~9p6Qm*5`K_IJy!w)85o8Vy3Yng0)#xz4C#(f#Gki^>G46*^Zsynvhjyg zEdE6PKfYz1yXBjHs(@I@NxD1HdB&jq{D8n&n(fcnFtISQ(mCC`dzN`bUG5d920gW1 zC10uD)-7xn7iw5!f2Z_!|3s`lKBZ?;=e1x|hZZ)h&@DyLpikxgBo;9|SIOcLRpp z)**@V<5=(HPVV4@#Fs*6iCX^l?RzoLHZFuRjdb?pviKd$Uq>Atg4(<`y*+D)+VXy6 z@^!5w&iB)s0$|rr zt6keeUg#xrVqa&k!f*G#NL%QcppO*H(^dq9R$Efe(9$mnY%ByQx7_ZFa~35UNi~mQ z1!AM4qU2`1{pm{+sGCTkkWijjacwMjXAzpUjgJJJ6ENHl3^^qX2>zeTYyaEf5Akcc z0MM&1HX~^(yA7}$*bo29dm@39t@0eRlD)Aer^wplk}Js^A@0r{4VGvenEQ~Q?MiG@Em0O7rj*Si{eiKKyL0{qkf?(@fn)M{JG(azgck z&+e#8wD;E_1$WFfrSjMef_0)Kr4`+5Y4UU+Pk-cpJ@lz?gIpAN=bj4X!I>j2AK3$i zrKNjkko9u*`>O#q%&PmF%)rkBj_KYc|8CX+g)jh_aOT@H% zR7WBakovL>0hn(cLDXaftgvPJ2~kkyck=(ROe&~}t;rX|N9HNVoOw*(=dQ@Y*?KzP%K zo3=Q#P<&xDw=|gC`u1YrkF1^VE~kb|>}=ql!W5~MDspW*-H1DBjD^s>g~}rsX`{>B zifzm(i#3p+YU-EvEmA1BIYkPGSgt`}G=G?S-@0WBb39K$+?inVgs$;m@SWJfYNsdL zY2@8`I~0TeD4dP~Pb{IMujTSc1U{kLjC$_PdnzLKnW3TF=``Oad{A*&rG!?mU$ZcI z5khqX*UR=^m14A=^<2T|YNGJqyBl2?JbK5g zIp-a(sf_k(ujZL27)m96vqzilc>a}tBBNTsLAogRv|;=;p~|eakB8_~&(L5dcBx$S z;U1N|M?Dl8U5D-EMLM`1X1`N0Vq!Q~rEco>r0pJC&_3IW?tzN|8M)FSsbfPdtugdg$C4Az8;6NbXKdtm9@g2%MgW6J-HRm zgx`xt!%_yrd4$EerlAfBHPU(`dSm8xDyIBJ`nz9GCK>>z7-P(&jncmUd`1dCoF!S6 ztYys1Nsa!#h=Qp{-h0lsn4G-9ljT=^fz;M&4n;|%``Fg|7YD9#F*ip3zi=7a`X$Vm z$P*%Ldg+!#{d@n4+AC=bp17U)v~DbsRAm*}^R5cm5Qty)J~-c{JpE32S0r>@1o&ZI zIy_3ytnT7OZ(yhu+39-CXmyT6EMd|sm-*{{;3_XK#;kumBvgcupZNjgalTbrioEwB zbRi?)aj22=50`!JHXPq=%wn&ECwl*eIIb(vy?9}a`zW%wpup9SJDYm@n;87qk5^}2 zR38B;a#m@39x8!9zg95*;v#@(Yc{l5zmBXi#yfflk9T<_<@sHMikdi)i?9Oh+`H=Ak&1RY2jnMVg} z-zKi?u6zs9!K5ve}2G<`Db)G+$ z!5{t#&J<^laMuRcuNA{-^{(949GUkX2YA2c42hiMC+{(8XuLw++J2Uws29Zh;jP}N zq(aV~A?CU4=FCmB%j^$7DzkRv8UA&xBAphOB*mx~fQ0gjE!+&TJ_tER)n1QFt1~ev zE)K0NtSf_p*{TR>qcbtQNKFl&d43mKV^YVPhQ)f`20Q(bE=6d8jM~;Nj zm{+2Ap7m@fAM2dZ$Rlb|;y)LAzD~-=1v+Qh-CIT*Tc5f)0Y)Y1BQK~+XXUX!Lweih z7s}fbzGTDuvv<}r0wxPPk>SoJHkqHh*(>tEG-3epVs9GhYk8k8KSXv%(V@7w*OmC9 zT^X&X(b5+p&PVwkq(3;HV@V9kZtJVdk=J>pahanB-nK7J^_r*erL$J_mn+8m=#c{v zApzpmFpbgxW3o}QPUA(RF|#_GRX95DTgxr|#-6CvqrMU&U^y}Ur0fhDPLR*xPv522 z=|>Z^9y!IL4&tOT7Qbq#qEw)K8Qn^3J07;%*%MUjBl4_i|K~0*o~P#XIZ(9L3n&UT z8HNe(nZ_i;rc0dy@-A z8z&ey4?j|4Z;WVBzx6qtiFQ(;>e+pQFGVA9uZn>~#$S{UIpjucU`>N7Ja(cRQqC$D zC|5zxm$>mfW^Dw3IS;I5?WVVl!m|DTaJbMbsG2u^H@)10vQMdqc_E&1)h7RYHL!N> z^{heXZOXn~SIWVqa(KscC*ytNWNgJ3UW@9)@Gqq%1L(Q;&cebHq?O^Kv&?E(fZ;?_ zFLB?=XfPaZnDMYbbCyK9odvgmJu$RX` z#(c7_`r2mt0^+w9ZBot^T-T&6*Lv-KtTbnZl5fc>H#hToQnXdO`b>{PbbLQ%SCz$# z)!K@%3mb##tKK77u`oj&(?kHt^rh>@xA$v|Ip-vuEBQLGGuoHp0jdO(J^O{#o=9D zTF~~N(^`3#eN_GKLlL(5_F}~R(!$cZq|{gK*b2>RKbhiteCtHjxJO*`PAZhu$vXmu z;$K&2-5DRAO&sGzrmAVH`q{5yqN7U32jC33u_3I^eH6ZKpd?gpFrs?SC?4I|H}Qg| zqOYCltK(`q7WtXd_s(iDVIaJww36W8W~&*mxDr-YL>eunrT|q%#kx{%epYG|Y~ioj|{hmc9IYc-%E>m+7*qEvo0|rjoG+^|k?F2?bS( zy*0qD-Di2W+|Tr>u`%^_kEp8i`;u5uz2)M{`f!taoq?_PNff1 z*~fWQ^WK!E)_I{8c;lsu-5v`|IGO#-50PL#6ko+g930X0RlK*{c8e!B4@ImoDUV5w z?MuiQ@jb0fRw6Qc<#b zE`7)jd;Q$ETjR+Cc^!4eWF@A!8yKcgj8e21NK@T$wt&AU64ha4C5;7Pt{XEa)@@XF z>WeFWJXXtBrr$Zfb1RhyY6pskS^xtFOpXjF!s)~Wc!4ja6R%1D1*^Y^ow))B*tw3? zG_F*dDaCzIgu*_`><5fKwrgj1u-q|+bd}QiNP;j(LNmQ z9M-Tskgr?4&8WdQvV3djqLv&-9qc%dTwvzqtl}OdVk@V0w9*9>8nX!srGvWT&zupQ zC4KFqDrm2_QqjNCcDHgJIcv_NyR0kP-O+PKOh=e9ad$FV#1Mm{#YHzK9j%U|r|mg4?|j)4WX{AOI3R>#47TPBt#+%EZMiRO^8VgZjWRLWmmFRS zr@8^H&bpeMke_E$hs zBV@h4vf&2awIG)jg)tmW8k@9Qz>=L(1mU^&{>96+hE7ZEjkiMHl~aQX`Pe(tBKSbF zOqZ!jT*d2DIME;3p{>f!YVKoU@+8P;bB@}U=*V5N_dBDS?5UB%V*@y?OPyk{P(yB4 z1e{6$Oo^U}g!>)y6YM(5RuYerXI;|gzb;7J8V=o2c_4b1g@1cxTp$~0ffp;f2uNtNWGiI>+HQj&2_AD75trg+qHJ%Hf<3lOgxoTtWyzip`?2SM&uRTRN&(rJuMacue!St_H z5y2Cv{4wFK`6=jSW>GmaD~DprMpnN4Zv` z&sCDJr*=DuKb8%A~`gF5Tq=TXDwAxm+OdyjOZI zC$H-S=Zr2*o?y42vS^IQYI!e)^LS?t8|_Xcol>R4L5Q&~-C&@2FA;=2H02&Gs|$c? z+tm#e^%74$-UC_7f*HnkBf~vhH<|oQbLy3pYzo}C`-VCBk+wp0#uY99TzY@*vNSqx zb9m?jpQ`x%Bph`s<6LDGGz`T}vioz34`nPZw+Hy42|v;Jsw`hA&!GaNu9BXoWEPwf zi4(3OCi{9s>Tk!9_xtJ zg-<=DxP`TQ!i9Ad?1YEm@UjvtU#{OqE`VH2%KA((7(&|sH7wOsr^;iLhm$fbW(@{r z4aNrJ3!7i2?je97u@Cz3QyQ*gGB^tqp3Q2{^&>i4cpq~eE0k;Q6JfT@oq%J_#{@pC ziT1}144B#ZS&(6mL3Vn{y4tQwaf%j$`l@~oHtB=m*?D?aHlbV9oAJ`rT&u=!7pmRE z(-!g+wH+{KZQ4HbCJUQU$+EkRy=++>_x!dBpFVcFMdqf~y!fH1Xz=dzQcVSJKN3K1 zD9xtrKM#HeC2u~7x-ebc`>S>y^mNwSTStQMz?}IHjB1#}s1cZ>CbnLuW5f+aZR~@r zqlB&=`ci3d;)Vlo%(vA7T$_Js_#&L$x^erX7N>4&PPp?4aBmeO?;0ytty3t@(V3O= zoBN{3b=aX3^@?OG9!iCdQK_I4_>6+t4G_NC32e9X>P2nOCVu#4t!r0{{gCnUxp6pU z;?%w>^f%ZO3%a!tILNz5mGkmfU4|hu?t(`PA<<*R7@Yx-Pz5#B_ktMQkDfP>@Ff*D zCevjLkUBab3Yeh^OQ$aq%J#=@XtvrIo7O-)|8%#&1Vs$ekO)yQ#`M-JS@a^+GfFXV__mmMl5#My8af%9?(L zi6|`U(iHsXE1uLDH;hGdU07B1p?l{t*oUoLH+{fk#oBQykEu7L73(|b+O=n z5us|oo1oLTz@gb)T2w=DRwHyebIpIwIF`u=-fmthg$&x7l!550ma5QAL?Pe8shW7{ zxo6j>jy-QU{oY|ZjQ4$NtT%7Q9I?X|yl_z8^z8$mTaPNq$F;KH;;Uz>*EQ5|>{!5I zXLb_Q{*^gOM&B%n&;}-VoQ8cl0nW{({a$pfZ*2IO$8z9s`oq{5lrEg0ITvLEw$H}N z<=(+vy-K>MmnVh7+n(%*5(;bNKVGELQ73pPDVi0{AF5bRWQm_-M)pSxKoA?es2 zZbN$HFL&5s!}rP+IPA5W2kDYr8+K(YIkCCbN#}dUlhVVT>(ITuPv(~vw%7VFpA zsVG&vV4KUR&+FC23a<8pYRbt{92DoHj6jEhlZoa|Oyg(1i$aa@0}rkGd<3 zVBlaf!~*57e>hW3d{WIK=?e}@ZAH6frOsr1hLX{#9h*voAIShCCdb1B|9a*VSpRfh z)(^jQRqq?RGr{n#ys=b29)=aZ^vY#=FMIXfrWk9bmD@67qV$R@qX(KP}8sM5{Yqa_BvLwb4o@)yokKK{Shj)PfYT>pr9I-U>dk$ zrn=*VC;t)lg^{0UzIo&uJC{EeGE9qfTBwcGu~stB3)`&1GF4XxXU<2aoEK*+UOLn7 z0uDHz2Ly85NkKK-B5mc%D`_JiU$SZ7?^*%;dxN?!-U<$3OFV{lSLl4U%ru;Q{Uu|H z5g!QYC(z@*)WZ9>S2?mm?@$4GJ)jl)D7U{oq;*`EB~av#1sCI@VSF?G=HzW zu}+Xw*Hfo!G%5*S9g}pG>C^|}ONbC- z#CvU<&@!bx_Lou3LtHIMAXenshUZY zY`qp0x=y$dc@O!7FTF*%Og*AxLDpw_q*`)AQ#f|9v%Y#KsbVM~LSp^Vy?mSwLCMrx zL})IXrWDZ9b)uKZ*~-_mQ~hAvptLifPDx0+Z2B9-z;f)pkf9y|OTqYz5hdZUC(n1N zUHhUw>c+fuOHc#7;)@R%4u#8k4y+`<=(#=dkkxtAwa$Ne zAa_wd5()*Sd{&5!LH_D>(Zu^^wq0e*+*p3$KA-mt3n)1r6@sak^@g@e@2!JS$jBil ziyC27*QNL>y+;_DC2J|a@lCWfnsb7aI#!$Ysh7bGd*i5H!aPTb#ZrI-Z3MPs`ChS> znD;Gojj1Nxn!!|8(hk0YI0e??oQl}2b*8d{9zV^}z?__K!2p2;VbtyqeDOI7R= z{xn#_zG9{v%|-vP+w6IDywxtE&g79tT^Vw&!^wMJVHbb{u|gGKU)(G#BuJg6z#UJU zfPxYY2dhlqBHS0dS%>MeQVFBv!s*`=kVIWasSxP>pfTAjd9Gt`Da{YZY^0s6 zK`H)<~*mju>LuZ3snV<5Li0$hEBXh3j+yeE9+TEX2x)f}q<_fj=a!NFnAH+v6@Q+4Nm zA=HC4U0hs@o18noQR1ALmf514Sv_}Bb9SGU%%NFcK+@?#*dH!5c_9T0hS_j&7o(1g zQ6Nq2LU;=06*w+ zQP;ad3CNLML<@0?LHQ6v*OOObNzoI(_JsX3P}<>EFT`Z%wQ zcnww!^3ac6W?KR41SllxqYQf=F*uc$J~;kLf3$>}EI{owD+FB0(R(BhM?X(XMf^ah z=YdhWxDF7rlYn57E7r3ld%MW{jb5)eH<3g%o^I~MJ z45Q{B$p(368fg6i!PjJy>>wREzqy*;AAW@L5BGU1T!7o{MliHOg%@->9c}!8V2+J& zEXV(au^1yF4ZHkt1QP_AXs9*~?q`Z#SQCwERHW6}bpN~$y$;M=T^@$s1AeH_TK<@- zmBMm3%c<}iG|?Rx$`Ui~KF3izTv8LY`?ZB|UlopRygXyETz}xD6E#)Z`9)#rcVKoN zG`B$l9euBE+{`aq+Q=eh!nh0alJb1L=+R*u>#*i6vWoE`@d)$$WH`g&Mh@-I2YbC4 zm*K7q^#D~_E1hWH@4Sb_>A;MXf%NyvwSB4w?~Vj!wQ99v;D@%;tKOZqMcWE!zFIu% zB}EQMj7deM%6Y|ueB$r!U^2c+mnKdJ_V3g`WUi0)@gAJckuk--s$Kltzq5}Jt6j#F z@&*7K!4+hgK-NlrklbKE1bbxbCiSHh?Og$|7aMe^zwpDQ8{q4}RN_9#7!F;uPxu1; zOwsT2_f6Cz22LPG>s;-BvqL4J&(eV)+#ejP!$!EoBr$IrFxP^^|8={m1;WoKu(B`z}VMkYKl+qNHnkVFt)KS43HcRFyMuwcP$a*D8bm+^bcgQ2TGwbA+}M~2awgdfbtv1CR` z^jeL8j=|_8(sctMo1%K?{yB+DkyUoV*WYWk*$)`QsVZ!FYILoP*fRf;vezVN=-3=8 z7Nn0vOZ)HSERF=D0qlu~b~jGzUB)OZFeb;?LDvWXv`n%Lg}Yw`0Mw@5nhhRaO@fCL<8zK&S2JVNo^-=lFM%~FIax0)CejxEoC zbv}kPVr$RD<44sX7Md?HmZ|?pfA)PW-vHNob|7^z?Y5zioX3q%UXcYj&^E;6yt~GPjeJ4Y!!*&bHA)45X0wt{C=^%w_LRq0& z<*D`ZVgwMF!9_}|=H!}XnGE``ATffO%( zV18=dN6$2id@#uNikact<)V58vuBTkYr`7uvsSgbHqfrsbcljkQZ)O+3(CEHF02!= z7PHQ!##GfPid7B_EjSI#Cabvg6ydIa$1dkW2Rh)enYm=JVu`vxgaihj{#@>1SLZ92R}LjzT;cN-8+ySlFHB1hh+@<#SHnHP5L+ z)VXUZVkb(a@X13~0dn-w<~mqtkrMq56vu0^HA)VgiJ1;^O2%qIC+b$t4Mo7IVcg6W zf<;!Po&gyRj5jtty3!>aF$nJeEbxu<4CWZnd(xaeQ4yxzk#k_Ar*0>T9`%j$k>UN| zRhcjksZF=$q>HVeZq2Uv5oQADgyRHNpxcSG;iJd&;X?R3cAzwgr=*hPOa03O7cBeBqo3)5Be zcih;#VP}{5C*zaz&ZPfDJL~cL>a4d2W5`P@a|ez&$7+za4*2nh_d7fm@Qtg$nSH$!Xw4ehNn?jB&^w@MQ&tLP0PW=JVsM$qUGzQu;|dCb-~o^HuuOL z`g=h}A8&l&F&A3HrYTAy?Y3=2R^eelJ4ugSsaMZ(3rZjG*a**Jc`SZBvGevSm5IV! zBI%c=yH`>gzCgI`qxK8>vRuZ&2j$GuDIYdcs$uBC5iKOE$bSPzJ-uh)NObD-hkER! zAVyPOSuF`oL-neaECw%%33G&EY3GKFDeJ>%fcNbNvq2Z9;Ix&>m^+!0@nmLQujv;o zwAdg`4XgNc;tabGmmn>tj^P#3(o}kX4O^-I?K{goG8PcSvP^$dCVtrRb*5zn*tAn4 z&#&1FAEn`Zz~T8B6t?9e^5}W{8rA!vvS?L`p{P2H*rCSD2YX?HbL5DwNCZ3kQxQ9p zGSg2kHQxxjx~RFOc!7x8{v3m8mv>q!YbUQnL)QXgdxwmIH|EVkS^astiCDdhOM1;? zB0}L|UU9PO;(3K$CSqqDBvjU$yzgqR)SvMae1n7z8Y?xKS4!gaN69S{5zAse=>41c zqmCrvwHc;vT&SUZ*(&1ZHUaAFrjn$$XU=`0cv`w{FMvgR|JGVg`m9y`|hN} z_t|7xx6iWa=W@v;E~JJZX~z*8Myff$;TZT47YXt#P@?9mH(7}8jJ^ZX9KWkwE$NQ2 zcO?BHDcP~#Kz$;AsBNBfFhpt^Sn6^pW=O^5RC}Ao+k4p_ottyq?p`p@qYw8dpW*mO zmwnjB2sTT}+&;}0D6?y5FgYnMmg!^@FQJW3ULpb|^w_alQpkW7Trr_0($|m;((Ip& z&GwVp;Z$aER+dVYWiI?`Nd?onByx6F(cel&bYt7sqla!oMFVF#pK|M{dT!T`Ol>?= zz~D+N;~9SeuKZ%0-<|$UE9nr_xWuJ6@vTlSHfOxTy2Yb8-~SdpLVlMJFyAc61UAUu zjYk)*ziA_0Xg0?}xF6{G`vc;J;~&<4aqH;AS55qX@&1;@MW?+VH!$_%(ZC$wvRm@l zKm+p620q|_1{F8_8}A*@{sm0B_MJP1ET3)^=dun%%UEc;?w?$hfW^md%@?!n(>2^q z=V#J2nYA4RFt|0Rh)a2shTu1I=eP)h*87y&b{-GMs|zYwJ0_dy8(+U33kbKxBN~|* z;!Vkk#_`xF-d*2MVORyb-%w&9v|uvZzQ1Jf6EFvgl7{I0OTxxu4rz9}Y?9Q#Yoiw+Hdp_;iWCRHUg#QQ};3rB8)^yf4^``}3MCm*>fSL)amntKHf9 zAr&v(J=g`nuRM*EhCKe4!c^ufUmxsUB1$|S{Uzs$({KA2FlT8=*eHI!>EBED%c^P_ zPWgc$gTD&6XZIJGq5Di)(2p>P_Sl>Sm3*xGXW>k9ORf zguT+#+g~c(b6wAojikwqaH>w-Zc2EPs?M>e2@N8yP;NxOTjkqihu(A^I^T+wQqy6V^|dz zQ}vyxp$aI;?0nW3OWw9Eb&m`p{YVC7}vn^O<5i;p?ZXo zeI8n0li>e}k<36$$D=+*N(2>H6^x)8x26mv6+I?ve{k<1m^R_j{9<{?>~WT%pQxb} ztzmzU{p%(g*sJxxIvQR25OwF5(lK2VKGuY}?mNSyHzKklC9*SsAUCb;ZfY+W<|ose zZk`M?Olak*L25N=6!~Pk1#TUZKh1`da>rW(tc1GHjY|xVGHh1wYMFbah+&$Tns}K~ z@$0Oom236FU4JIPJ4bAL8p(=2lRz>t2TW`Up-PkQ}{gHK5%Man#J6&wc@HR zKkq20VwK|Nn{`SwmB~vVNdV`s6$PAkyE{J&;tcfcIXada0Z)%c`LskQ+uJqJ8TjWt z!4knM<%8;-9;H2C0LZq8IW{-!-)q4>Ogv&7!kjXY7~Q#Ql&XFVy;zYG$`$COk=G4<>ylG`%ylMk)+_}f!Wx=WOLb0NAvj6z zJ5nI*(Ytbe2y1nW5Ors67+=r5=5ghb4@0uB$wt*_dLj8A9%_3}Kiv#n z-59}W2cQdcseg72^ngbS`NW4w+R66tY9kU~mp=vJME261mg?NXHb47%?ap^=qa-h`?|(Chy{7jqZjPMZXK^^Mgs#Uvfy7SV_-4tS*uB6a_aS&>8kyXIBZ=$`mt^Tvq#isfzbau30Wd zvhk>ULubbxJhD2m7OA@)HJ|^BI6YDNTJXE~@SUQ5zu~(kA#D+Glh`VOJTIP`yR<&n zTX)#sA|*rm(CPusUi6?K_4~>NmL z$7puz8Es8{m=r=w>&VuB3fE*1pau&YJFl5rmHP9`4= zXB_mjfsrA4{1d$oj{w*tA^ONe>b%;<_q={LkDcf5bZ7#=8p|vv#i`8^e^S8f z_8ET@-Lq*Ws@Mz$S2^s4Kld{Ub27?|RD-^)U92pGyI&A^JS8`3AoO%FI6WX&q(<97Vm26pJ2D$%i9eynXljv!DJIW5*>z3m8 zCI<7h>z0ghp{^hFjCZ5~?27?|)awLP^tMzZsRXy|DnwK^89(}%s5%G|`iSBGfo-gK z7m2<4Ud_($erDDPC?WdzP{;B^tj%S&MU3PNfX;rkGY>7uVikfKn}zyY3vG$}*n|wv zCtkDbXPkZz5a%)iV!5xHpZ$?r+~a(=*QQ>(U^{4swJMH=L1Dv8tF02VEbUjhNHYC+c-0p~R5Xg~oEK zj5i_bv0U#v7{VU}n-VnwOly%P2{*{n@DpZLDCj+Clg#D=aNvjm7@WlE^ZcWC3aR|T zcvIhgo`ALqzuw%=@}2@oclaybA^DXhV z#Xlt>`lrw9_WLfmsn@eE70OILrhD0(J>hqSDnV7GIu}w6(0_Q}%QUJU9Ho?BqrJAo z>L+CBD6+;Feyl6m#r&TV%!u1=^2R?zpvz8IjeK`M}Bqau~=0O4gHS7kTMVP z^abFaS>}QZIq*jMLV3*dWEM+c@pJM$wzL8is>$vltzW%kCpjYw9b7iY+(GFSB(efDZM+mHHiDq zJ=U&Ay#H(Md%u}_#H+tvu|FJ@d z(Hc}FWO}Utz0n!DmQVQFyZvrXxPvUU-y_;`{iKb%JeRPLd2R2!VCq|cm_lxoBd&Mf zal+ho*1Ogt=ntF$?p$pD+Fx{|Fb&06ZI0mb2CR^1dh9S(l91q$wT)Ji*$>(JQE}4- z5qWXn)X4gj#-8uQeC=Za+qA8b3+~6rzPo0CO&8u}Z<8N#M*XQh0Phz&)fviQ^G?~7 zEb>l~e4}}s(9UV1&fd>3A+DFQS;-19Ps`L6*pe@HPQ2zg@i6>Cv&d9Tt`M0FM7mKy z(&zU=Lr&*COf?v>pN-RaM$8N$CK2ZUa+(z-Hi$y*)g2SMn9zvbj#A#*qcXIQkIIsG z*s&pT^Ri3t*M5e5Tbi#by0c9TA>beeu6H66cgG*8-%c4d8+&FDIO1uK=--~#PHTzc zqqLb#zpFj{*Y1ssE*7le#Y(T<{_awmGeqYl-Kt&v9Qdl&ag8rAS6{@BzxItnRRqq5 zND`&YP&!$&ewU|uH{l_A#IlFa+ItmXV-~U-R=6y+6&16ZDt>fU*tSB1`jv%*Fzky- z8HUJt+nt5N_FyMccY&K#^2MR<&F?1+35%hXStBkjRtTxPg|w75gG@!I&0|@K8^`eZ zI|Tq8$^uk__QosU&s%Z&l`we=T_ZE`CQMNb;C*aI{tgb<&Uj zE!Q~VVpGvN!hqY7pXD~Ylttm41-&=K?qqiTkX*bRfbKOg+D%-`sNx@*MOBICl*mWn zE_r{*bND~By?Hd7>l^;t?(VGx);y&x8beXEMNL&zg3y$RAkl8BrV2Hd zqD2fKDemIkl0mj>6~QN8O@t?T&#(?ob;`Tjs}@*Si|`FfX`;kX#DwIC|jl?TxM!OUHlvV{qjwUv$t%d%pz8=m4!fS zigIG`JUcF8pv*O)UE{l-=ivJ0Vxp9?TNzgdA(KMk)oX|63C806gt9S2Cc%3N@U{aW z9JHI2i4=k5%*Qo zF4P@X%}Oayd)}n?8ONa+JdWALU*=9&*J@)n&0r#pRF$4<^gAwBq4IrkNEf-~B#9jt z1+=tPWlGykvD#YWIhhfqRM(-QzN+vZNR9zy>PqUMM%AeAI<%Jh}9dw7Oq%sQyz{q_8{Mu>j{lOHS_gX zdv6$Wyq(?TK?3D^U-keq3blye;a8!XHz?6z9U4s3&|JP0>ZN^AX^WR2G>}pyO;rVk zx(_PvihTj=VfSmIOE)Gy4W;k?U{>q7a7ema4zcoENret7BMTX0cf<=fg3aNcxhFy$ zcSwzO%4JVP4SP)=H+?zW8^t&7&LwCaXlYP$S{+Q{?mt5C{ivXaAn`{y@p@pVITG^* zZu(tLKb})n7H)|cUbJ@CSZ$I*2aHOLOzKKloQ^FjoEahyE z4k@6#sYjvvwr#>o$>B_vXCO_YU_lOf044`j&UswnYftWFr1u=%5%(y$KU&~+rFK*R zJwoh7_-c*-Y3YHSy&SXARqtdoQoZu#n`q*gzxYZyE`KTPvPG{dY~X=s!Tx8`mNq`H z`SM}-Be@q4kvZC1#vR8>OOfZx&g@)l;Doi%^SjtRz)}%hnyrR&=vj?+@1MUI2Rggq{?u zM*jTrqVq1pyq(;Uefeikw$A2e=(DxNshnKu=XZNsW^I@gGCP*^hfqJ$S(@kLH0_ob zvgN1Tx+(*YpC)8SrM~aTxIlY&Gv`8gQe#eEJCuc7TLwROZq}~J3N2akN;tOq7Ct(e1D~%=*pD9He+>KZD(B_oZFB zeBk1!JJxOpw&Z6T*3b9`d2|P5Dy}e`E_Q>RSStE_om5$xzkRxg$Ky+i#$2ZsK3D@0 zU3xd>jjbz?aE6wD8gaL#)_5X;x5qyx*V{;6Xr{aOAEeA;J-+Fxtu>)5by}MV;?Ock z1WD`+q!ghr$fb5c^YuPwyYwv0Aot#-$BC_*0S2P3i_@CVpBakTuugP|xquiwEAKR! zGRq3ag)vec3QT=V%XkxAAo|&b?h4b%QCRfk+hMeQ#SoFovKX2i7#V2wR`N+Fj4RpZ7gXpaZkDz2W~k{8yHT@%kEzLZMv5lv7o=gI?c z*v6Nr56+wVY;=kEUoay;#+#T{pQ#9I8(TZ;?XG-KV_RK9J2r3C`LK-`R-kkk zXutW>6A`HnBtRst5)Vx{Nhoo973_;62BG^+G@+5fGYPB-M+ec2tt2y)zX7loS)z4k zaUjeoV$+@X<#j=JD-Y7E?(pHCGXlBRcU(nbU?UakUs#RA=PA2}hSq0NaKs=P%sN0^ z$ytf?@&449I3)TL)FP7y>y9CE&vQp-U62P)_pgA4j*4lL)?eb9obxIkIHJ9mWVZm( z6@PqcXfc0;unX^(m6$e;P01^sija`ho*P;#CvG7AG5+B5h-KM8o2V#5V7||V`6U+;Bx$u~Nnb#Hf8zKwWD*RZB zp#^;!da3GUDgAY*uDD{=AE$!s1>r9=t(ZfRT6*UZTZI-IsJs#c%jsCW*y0qZ*u9;k z833ioI|)d95KF-)=lJ5cr?MGEfbQat0luI%XC3;H8UMIeuXv`T{@})9$U{z5QO~g; z)tz{Y4?jn`b#tWv6J`1_M_~XAk!&P$2_jZkQaI+yt5<-OVi*-2)6#Ae7u3fJj%j-- zxl1vh<_oZSxi?;`wOH2ZA+(G#2DPUDCJ*C+<21JOF$Uh~s4K^vk#arElo|ii z@_GBuT-~>XHjgqaUAc?oy;azgg{I{INA?v)cpA?sX%rLp^mCw(PlU`=^c(oBG$RW> zEYV>+bO9>#+4^`Y&*ig1)%P^sMAz$0z*Km)MAu21JFQiDesX1`FjJ8B?p?^9KyEkj z`;)e(*+(;R8qv@@Vsp^Yp&!o29zjGFs7}SJdp8)I0u)iEG;APcdbwF1PmmOUa_{QB zJKu0JXP$q6eKC|Dn7_;vS$7ecJF^EOCzZ1fZ~?8*#YMx!&utw7AvrO>&DZ!^~~CRCS# zob!V?Sk~`%YPq#cF=vbk)fe%QGr{No`T+{q+w7Hk?Nea=sRzD-{qPVRL?9a5CMe=bW3_JVDfcXsc3d!~ zW~QM~ER@3hC2ueg2GqBX4ffS-P>k6rHLcLn?$uTMq~vPkSpa?9TK35t?yPWreSJ+v zm-C|*3erDH-L`S6?qJDKEDQ2&@00MW*}?H)iqaI_6ef9sZe&zO#+#cACOuDW>u)o^ zJgfWaRe7;Yer`3rG1MdkduY|JUyH->34rRRLo2xF)Y2cU`UF}18Sxvp$gcwzI@0#< zfvh#T%+{~{vSdu=t%3&rsuW4H&RjJs3(uB7MsH_NDLg%Od`sIyd1qb{g9A5xrqU3=O}aD0!UjJx}sk|vNg6QR2Tont5%<-#|WFt0_Pa+U)mA7{T#!) zl6(-tO2_cA?MUr3tvg|B-z|6Yoo}-G6P1TH4M}lK5mZEtYZ2E;q3sxK`_93MI92&I zXx>XW-#rAxC*y>FWJBRB^Y>?ggSCh=nYoWC6H$GpVsFpB-WeN^cRbB{Q~G@%(>><- zs77?wxzwAcVlvq`5*nZi+07lEwQoH#TfIr8&njP33AKV+k%>i92Pr4D5U_4f&yct`GD*9U8d3QoYj#E+U5l&|nW6d1!GE+vVS4|xUC55y zizO7hvvmJR>#57z(P2f1bCW>QY~0b3z{lR%g5VzMV-JS5lYm~wvwj??vjPgFvI$oP z*|*u3WLj?AxFDo3C+G#?65g8P4z)t;)D_!Hj)z8*4gtK-=@^YTew2cRJt@$1Rz;3) z=PJNR+G!oZt!2IlQpy2=rtP=)ADq(d#SSa4D6~yZ;Bz(tG@KD<#?9N z$!(X`@iAW~Uhm|i^CqdXL(6Y=V`7;2bPcLMfcvWmi ziqDK>A8`VQpr?!E#03`i)#+(d|Jd0y5iR1L;}lY7CpB7ToqVIY2-5dk9K^JFK_&r1+TLb!dR;11>Pr->QEGAzGa3f=(j=Q6?m>eDyO+VtdoK$BL}y$exSTt z^9lUaoYKMi>z95@ z_9Ko5JxorGRug{V@zDF{gVDKBn_!k~=kIBarIjjrEj^i4<;`tD%@m<^4t@?c?XMN* zs&G5xg=p%+`L4PAmOsbN9>>1=R~PfIw|~3ldq3DpqGecoOq{BR?CuIhZNo3mqI;VD z4i~{@pJdDNcu7y!OqNtaY@HIXKfTs!v7veCZfuwk>P>X(&ZT7OIUk;21rGbN04!{4 zS@WV0u%%J7sNnc9&y6Y#ZGp_#qd)6KODsat+vLtlY)9B+s}<&m#ND#Hxb;4_ZUD5} z)C-x!uMD|MLncyj$w0a@+1>X>*)A`id06gl;dxE=i=CJQ-Kjzijqr}h0G+B-mwMG_ z=g@bvZ_JBDudTZPc6F^s1CH`<>TT|$djc}2mgV)%Uhw&Ot&n(BB2?B)aphXZZmjhw z*Ww1nYkmVjfFOm6e9MjzdBJQw3&?&Dw^WR>Gq%X@G~)Gmo%})g@256WE+1=MpGynTwl}#$*55Rm zlXA~68G@cDARU44T}H9`d$L~)yAlc@>RYf2OJf^Hx*5ZgM`7pI-|^qw9M*^0-7W&& zp8Y#k=mhi2Shvtp(1i3CCj|$^QTDrqR|ZYcE$`piM^Bc&@X%HLC_sXOvxYpjy}J^) z7SFebvehBUptLI;s>6lmQ+Cncalv8$D(Zw``A?BdIqk)_-1`E1xva_kS|YQuzY`#9 zNb;Fv;!Kkseke|(YPm+G(cT6AYfzReJd~A(K4nYG&v-s&WN=C~DRlJa_eI4+5^Jt5 z)vo~D@z1drNvkn&+%AOqkhx(`&wV?G(dhb5*>piW11oEOvpmr2!tlDr#+1M-*%WRW zJ@M%*Qf}qhSXxc^NP0gM)hcCId1v}+uCNak@_u@Z2hwS^%Ri(p5H3JaRXAry4zjp< z{T}!*b61gkn>5eW@%F7|b-`YpOe^1s(Gx>_9TC1BB_QaS)pJNWhe*U?f)d-ot+&Ttd_(RVyN#B^rb^p(Gh+5uNMbcW-wJHU)UsCFEV%XcK zcr2FNOw5@>opW+@w>nKJ4emq#VD>#R7uw$ekq6P-p5x`+(d3shy{wZ1O(;qGvaMl{BYI3di z&&%QSJAb0LCwuO=J-c}0lw*jx=lwBt!Z|k)QWY5&9k+ob)IOL4 z+N$+l=D<8V|IbIvh3t+hd1n;$=@p)-{MnyR!Dzib0DV{}C(se1``)kGM^yDz?MWC` zz-_swsla*Z<-lit-%zo;5|%Dr+j$3aDm$h*VkAo}#D+sM-x8pojR;$kY~BdSJEL9z zs7S)WQO8;ba;ZC8j-e9!A1qR7?}81qg=PvofM0A8{?Zb#bi=v)Qqjd@9g@Dh=dX=f z=oK8REom{)HQz5DrLL3m_?#oUY(n`Oyf25H9b#Ovu`1HYxsUZpP{7VIu|Mz?Qh<*iO?melw) zokNIOPuI0*H3!B+C?kk4sJnPALF>M+kZny9D*6o>9qx)6D)Q&7cYh~WRTe9q94#b$ zteBn*S`nuFSsKJiIa8ZKUB{l>edd*Qp7A|VXaej!qRD?hqW)t!W}UBxF+{&W(_W0! zpa+|7*r}Cqp0q{qUbwVHRnk2M`*}OfQo1XeU;ZDr#nM))Lq2a!(4rzJQCn;ES88+AfgbLjP};;Ys=R<+()~!1~gvoZ)WRt9+@k==GNe-qC?V01v>fF z^(}TIP)|hX1XRv`|D{xY7IOVE#%T9NyzQ{#fJ&Iw`sAY;IE*T=c|U6>JafUDuVE=D zo@_9mA`PXG>bLSDaizkVNtisRl=Ara7fqJ?-!w?C{*8{PftoOk8(&Aqk?Y?c9EBt8 znoI$r@|&=_aSbuYPTiR$5ixVhgoWi5y(*m`s-j$lOn*R)$3T#CbB!(WSK3`T+A;3= z(9j#$itRZ_&emJAop9dkX}fnPj!FeIUT0AqjbomV} zuUvL2&r;;Z{O*uq#nz^%4UAw~Jxx=+`)Y%nLdGj1hW^!g(dw)QZ>750vT$#gK zlI%b1bVZ)RL@Pdc{B%w=_4v#)jf_pC^`nv_wwF3sff#Z9AUiB+A_%`1p1?4c2ew>q zp0_VPfh+{n>qv|I`a}(?Re1J-VM?Kch z^$|;=Q?^#s4Xry)b@~hMgR^$GZc=mVed9uz%0Mtw^s>}lDB#-_L)a4sCB`?dFN3M6 zQ{OjbHhcZtJpNU^eXgEq^V9W3yQckJ`@)Y6RvnQPnMb881+R1`r1& zfP_}pV3DgY!+tvk-29wrG)`aqGd$EJ77!?6j=Z6dRK$)pq!)(60=Ul!Tsp3JXzN{2 z*i_oeTt1h~4E`OSGJsS17Hxjb{(J<~ooCyd6dCp*r@P}M|N3OgVH$kQC6-8DT&dUj z5-9sT-HS62^cB81lwBH@KV@$0WXofcu8Oz-4qq9uD)a~a8uk14&^pa$b%ZX+@G3!< zlr*{T)TpeF0lc@3nzOZS(U+8RjREHR^?gS}R(FPJ>op`Omt%) zGi-z0kLZeTD0KVe?B{ca^gNNrTH*{{sCHN=8V!KxsR28;$I(BW_v>$qA0r5Dc4Wj6 z?=QTwM8tM>*YPzh$@xA#)>%{%3EknRD*ciR?SqFAx#tur_dEe!$Pr zYc@#^vko86#}_8oUftjo`E>#o`cMS-pIB#nAS4{dbp!8@y{iqBE9ON#2az{p7_zx{OIy|9Bd;WIjXa@=}4w>ZrE5U>dseb>Jju<0y9mzFXSttIj zF?31RP(+(pD#L}~;(B^;6`y2*dy3`J^ned5K?kaP5ozv2OGaSpM_!?fY0oA`;Offb83Mh~%T>m7L%e!R{rWTQV?ukjr*G`PtD)u59zp8M^ zWz}gOl2rV8O?7yH%LsX~;S)?EI#7auc;J8>LzGMu;AeKO<=(J~V;I-riMD4o2! z{Yn*C7zx#&^!J#%Ai&}nTpFRXwrqPl3m7uCu{iXUgv=K}A5%AfZnn9-iOJrRiPMea{L%L={CHa&XkaxvkVPSW& zdI~HQK$W>0dvb5{H?*1-$r{f4pS-5odPEs#DA*2VD=75gP3pX6qL_jxV*mKT}|I6az#-o!&0Q0G35n`u*zjo{6rWJDKmh6!k=vS_Id;^z|LY8 z-_U+cm37H3!7}FV-C5J9f>-&8i7`L^Slf5$^&h!^F>v`wR0>1gPU5PPExKr?Q0mHs zzstRUwzr3TJlE=^g;WBZUh1e?3+MVtAx`k{k=&n1Krw<2$7d{NF+JB3-e?^KPy^4( zY;@}Lfzg{v7noxkjjqpc+bf>#IGU=n{!r(rgAkv@Tbsb^gZrf40}99j8g2B@VNju7 zvsq2U0$lRzQ^~DIMKf+$YENw?{WWRVbX}MZ6jPVjsO-SoDFGvZ2&jPgy}FIg3+!A= zGdpp&=P}ItZKlsew(N76eJ4$)RK=wid6~SV>tgIH;SSGEZh{M}xY;=L_1aF`6sfj% z5)!#}e2p(_B>748vdaRRDEOIdOXeA^ppm|%XFVd>V>V*zx|>dsZoCP)Z7=anyxsC0 z@RBK7eT@HN6wcj$F{CHhCXH(E)%4>`)xGHoj6 ztlOo0C5xTxYx8uohJ=t;FV3+ItO)lVCjm5H-$_97DS?EsXNrreJ+~+aO^a0qwj%@3 zvEv>MO2owNM&{46$VmW)3bR(1Pu&>iuMlSl&|h%2CV@;(2`K7SHyA>R$A=9)bWPv= zT4yK!$FOtqwMnnrNu;+eeXIMrc;QuBh-+qu3RR)4$1}3F)R|I%#~S#e!W2X-eOJi0waj;* z^%L3w@zwnbIV)PU?N+dTr690fUN?~tni;fwe6NB|Oz<-I8Mv6*fBM9+{qOh#tKcn( zl^Rv2uavZKv&O}vcT?w=Wp?`qqSlj%(X%QYN8#2A2~V7gN_~wU5mXBy0K$03=JlMY z*n@lG8aUAfQc?P0t{LSZ`g9M<)oJKs&c_xRAeQ2PpqZy^RB&|t=PFiBQkhV26z=;d zLFVTWb{Pop1uCSzIw4B=ivoQ6{`E%q-KX)!_Ri+_G0_&anWK~VV^r5=}! z&B4`bfE+l=GU#Oh1jmQ#)nEmjz-2{gPKKvk+H!T=hI|;Gn5mk+rX=(}^Dj|Mf`bs{ z>2C#GU(h%@*ZxfpaOBgk(Z|js?x>OMMf<-f&yG^c`9_72dwix@VUy7W759;b={XNK zlPO2=oFi|{wh3^=BfErodHo3PLDoW)2_`)%%p^l5SDNH?1t(y~N3+x4G@aEWeb(3$ z*iu~@F`2E^kVq}Jzm#RLB<`958WC+&;oQZvKqq&^&6nSJI5*k3D(fEbT8_kO&B}WZ zD#u%tDp({{Xr`*T7ZBQELj|S=#ecE-6xMw~;&2$OFt67N) z>*e*zF&lC!jiiw5u=}k2d!jiOl3%LAw*bA3q1!XInd#hW1lTbQ6%-8;;=2Ep-Ao*c@SJq{pYvKN9mAKG-}8_gp$FKom}{ zi0ZOdAyRD9s-O#>aP@y0o8ZOpSuTpegh8xI$`V4C2%Xn z|Cp`tJfb~Is|1e4NH!hpgT(cszc6B1sw;kD9m%qn`=(KwCQ4jW_Kwq}(FW9mQy)HF z8~^@y=6^tzDcQU^>*$2)@2A`e`(@#UbHW^Zr0Mqmu9?k^#41CkJh-7X$twS+ZxMmJxsj|9tf_O2l@*<1WVM(fwtH9mklvb9{aWJ}^OHC%OkgeiZyU&!GW zr|*W%_t1+YNQa&MHt-`pLhm2HiHU}DOH7~itdlhgISoo&?_193d9DzCyK9}f!Oag? zo%;U$_wMG>C}Q>EZ!7_C6zp#ta^pSh&#&3O-p*sIwS zo3s2FrBcdZOkF!TY^t1#12n20>Cax!Lhp?atd2gWM(X}Oh1wojnJp8(wxIGaK|IuV zBdGS$e{m?J*g%fg`{P>jwDL3k=4=I1)c*^L`yYn)A7AkQaCHB@{{Kjh`2Q^~@9BRr zboF8E+D=YyZs^Sa15J@MjPXsiKO>HRe}AJWYqkZwPhJ!RJRRbIF$N9)D_rB)d6U>U zA)z;1W!z-F&J}o6VU_FBRFjk@9FSCXImZw=w80QwQ+QraTo*kT(O|4j@FmZ|AAdYa!i1{!13>ICH8*b z1XPf%7pk92Z*ViXfZ`#4q*%tMEgOriVkBnG+?Piiw_CRTG-vXrKhj&cAQi5Gb3Pf+ z*Dyk-u?LS{x?eq6QSG{9Op1M8W#ZhewBf9<8ZX%QcA@m0+SEa7`|PXX2jE_8g>C!f zB`(r65w^|bZfE5-v?heQq{Qmp$Jx>r}2SmL1{5(GQg zd)-;(ZdGQ`5oU-x}iYnLpQO`^x6ksRMRZDiJR*mVvbOT95jzcIe>5_w#~qn|kzqBgXBLLe7Hj z17{eBvzCv^%*7aNd9eaOj}zx}bk$`cm}LU`kwr$vhE~|zbV6%n`UXorKd?4yr^f7hmUsk z&3jH%-IC>6a&rFUb3A|FiR(Nrv0SjqO<~NW{Its64PkActy*E97UG{6e)KLX=2qBn zwF?*0xt(QamT2>D7ATgt;Y?Ue$GNHPo*nAQ^}<0hxfi_TO_hCn z2<^Jn&H9#jtpGkS)_mh{H<@^W5sM*Hh!gLRUiT44FrJvX<0@Y^2(L?>lEgrjEVoa= znk==SWS4K;ts`!G8?(ieU3UxEF;IUckZES!|Bd|sP)t^@*~b3702o_(faFoAqcNAq z-3bW{gEvXvS$p316{$iw;du6bS=|(VY5hTwRcn3l(&F&s!g%4BoS>|{WsdJwJBx=! zS*zFIZDXGazXfB7frzbhxO>leJ9Jn1yG7O8+Wzinlx84XdwzMI zE`mJNSuyx8lZfh4x6Le-ed!*wZ$Oppl6Nf)M?4$IqzXb!e z=0ZB{va2TPH&;3xW`(C}cZIbATaEOSx=@kZJzss(b;dgk>El&)X)}6FU(EBGQs&U07@GM?QL=16{1UjKuIoD=G~=yr7y3X=~v!2itM z#$yzjmVK}-T6OcmEys`)l62s(V`OrWf-^9o%HmO!5BXKISRo00ls3mr7qkHVg~hiG z5vJ`VXpKEeV-GWnZbO}i9@u@X5vT5$!~M(3gQ?UE+uj!sV_gGNZzRwoJc3zzXBj|R z{K3;K$KLDV{|A~u)41Uiq^*qA)HaI=>xz`cm%q}4tYZ(Q;MNJAuv}e4`K2`z<3?M} zualqXISak`{S@jA2G|Dpg8yuUEHb#U$I4O9NSKnc_ybODggP7PZN65(AIE9p_>NPg zo1yeZKlF;us#~l2rh7=dEJOsJy-MRO^#H|AZ`x2`G-&T>pk6ppwQy4%nOix>fs_tX zHnQys7>_KPUgEFS48QiRtFTa@_f{KHVog{Y*pSjPl|_-$e-y!Aws)7Np=b%g9F2kt z3trQ$=>42P^X>Q4P$*lce~C=aDTkY`2K3e=eK)ll6gZx94!fT5Rg%hs*s4fw`*2ST zb!2NY=;!Y$^4#mpnoHO5iFK~nJ;RBi4S9nq-a{4<)SBhVs>IQ(aKvqLj}}aAZV%DD zzD+CAvof*qzK95x)VZxTA`8H;s$A98WOH)kYVt}%>`Z*a>;yJ?ktYYb1Od;ESipGZ{Ur$-uF zNN~`0dAcaA$%Pcf==z#$e{R~;m1(JW)-R>)I-(gADa#ZD%~q3|jH5ZM-hLpxcb3H5 zyComLp#(ocF5vJ&gr$97sVUITtRWo_d<}C74P*Yx+q*F?z|L%bzmn|!3^aF!>T#v# z^CAGkdQx`_pdwQyp>1YUe{R>a z`H^qngI_xqAlj(4@1ZQ?Ogj?sR@g7MzbSon#F!w1dlGpciXh+H8pEa#PQK~izv;Pt zEz`m^_kX?>+#QMyJGVada6YQT`K=>pyo57u75Qq1Yd^)!pS&&#Yp=q>0-g?Ee8Iha zF0hmJer&&3ZyTvm@gGbl?&uqf70?CPyh#_a*Rs*;ouO385g+OmM_^mx3aIV=snPqw zY9Cz%I6vNMqj{c5pGhI}Sq8q5L^bvNedtanJrGLeq22yMzz^0uop$D~lW2LW0a3od zoU+AwkygmJ4@{uHdENA{yX4DRi0(5Z$Bv-E|JF#h`@MgkbM4;ui|wL`I9w{U5LuN{ zF&3_f$=~4YVW73c?ghFqlVHuHl~=*fKoY2p8GXXwgVsnnmuRBLr2S`kt^Q^UH;Lsq zt@z;Ix^%R#QO{E3P7@U543*}1`3TZ;3zpvH+G{H3|2b{Di<1L`AaAf%KtCZapI^S8J|b3$H-q#I5BGJ?y9|VoMtI zg20a!jP(W9Z|N`%dYUmKbF|w4(IxC^qOeGgMiO|oxzHz9s&6!UBX-AUaV7z$0Tf)u zZ07Sbluo-RX(}8S0He%cmvTE7ct=<_dR~Y!@7IK{KYgdd#`%6B!sTE)NxwR80>sxFLw%s7qR~rR@rL%A28B)=n_KDEjMV$_i0(k z;V@Uw2?lI7#vizy6~fS+9^XIosX%#d(g9V_k^S$?;1?BPOO8!T)pMlTuyq95bKBmQ zt`S|G*yRe*PhiBj?l<)v=5mUb2itry-ke$ub$mG!p4UGUY9;wvJU}4f4P-ueaC!#gG*P8_$F77^Rp~%TpGLVw*I$a$`&3SZEKo zv8~IlVj)EEdxwy$ck^I;uP1ij_yDtazlSiu^Ddn$vh^;F%jYlforAnDG*&3rF0{$| z9s;|{{Z8dos5eQg$IYc&fE|AgM^lgIhJEjC#BHZ>`y!82v@R}o+cb&61qewCb?~LU zKZ2FKWuZQ`wf-nLA~I`}6+Bb#)%s*#?@VB7-B}6|1M$TtR92=e_SIM@0Q?_m;us)T zV8W~V;^dxrhJZNo=8q^g-=Z{F|joq9#O@Es<9Vkvbc#bJB@O2F;iu2hSO%xo97 zL?*?;4wF8^F)Z&Ap)!}ImFIyy_Z$zdO2s?TZ@K*L=Vv-45bnURCkR0^Z7p^F$*a_@ zQ8m!W@6RIQu68{O1kCD0%&oDp@K{Rk_tXaVBz`QVXmBTo##3@*-+Pq&5TH;stR z9DC;n^*=UBZ;5;N`WRwB7vT0KVpT5qGJ}bKjKb2$wBopEE;%}Q4X4t$x7!bUTk^m4 z;HyhjAhHH5KMf&f>%Fqfp?rDG*3&7Au2ktB*sj-!FIg3Am#QhJLieyBrO*WR8PlaM z+`gcvlz*=|+7s1^pS5tt7+>!ZdM3byS+(HXix&J=2VyU zxcPbQYyC|(axqyFOE_AyU>(F-{hR5bClcE{`fwy>+NL3{x$Cf@G=^{uJ3WIiIJT}P z2O4=o8JeCWo?nM8F6p{`1jJuIFHOYNo=)2G1+B`I<(HLxH1PFN@;1)4^Oolden)!; z^;YiWsq_tsWNG;)u=JTvN-TS~-{T~p3|e;MmSyYt4QQU9`=rhITsW3h02f%<8}Pzv ziAS)kD={{gWTwF%j3<2m;;3Z%6m9xXvr%|-hc)^5?`By{Q+ZGfQTtFiwXVib!WPfz z$}IF-y*wHI?8eM3k00hGNeJQmzbr%>HmW3e<6qmSGg1}jMf#wDug!%1cf`IiDNp@7 zDe5vv%CeSE?1k7s22LNOy2k7N>sk?jI2L4J(zShauk&OuSJbHk*~vRP8;<4wcI(`_ z@$S6*F@*yOKom|e7f#DgxvxiF-U?k+2T^_@-M>cc88#?c1WEF^X&2(I3jipefI>?K z3A!HKj?T&)tPLPffO?!Pu%>JcelK$(m%M%PFap)7-018b$)k{aT}M>qO`vR8-IV2G zT=yC5QGROHhF+D(7mEkfc!}E67h6Z?1UqCbug$lmn&f6`sFn$m z>J746G`(!QvkZy)S7g{95r2A!u!Qu51@6Bxl?FZLQLNtjg;b?v^@=-qn81N~>KJcu zz!B_GbpT9FAEz$F5&hjE4_MEfnPb&?v8@I#jb$J7vG5TLz`L zgou&8OORS?I!+3+3mBK{PcJ1Mj$b4a7wm&I{7h4l^(xY8^z$?LWtXa_O-9d#BeMUN zY3of*5}3j-+`X|gjO!B?Zf^t_jBr_uuy;Ued4|)6;!WBT?s@W7()?b|d|Y5mNbExE zNG#LVHk}ajEk%B?p_pTy*Pi3e++3`0qRKHXQe@PS9`JKn{L2EE4z5|fyz{bVtF-bW zr=%jb5wCMJAxa;($c({xZ#|3E9ocX4sB z=y+;`iiNnSgHS5-Dyi`bV2sP+;RO$HjffM>lY~^9KU99kx<8Kr9efz2U1*ZOXK75; z+M=kRbmvj%T ze!G}oG6SY{8*`@8t;Vdl<}+xq^@oFU_;Ait2&m0YaMadxsRSQ@QS+O1j%g_0+vBn_ zkn}j5;vzxqZq^7Kj|hE$38Iypoi^qCECCy^e+>IG@+6XFK#^C{vwo#iq+S0IC6!uu zp*5YU(+ieZxvRI~9IxJ$h|9Y(2PNO`I?r^Ed5u3y(vj{tyMLWb4Geo?Oa1rqR;T&Y zAlk$W0`Sw;<)^PE+Z}vPch)e=OrIq~;OCAo^Qj zmxXA0jDW5VYR2x5Dml}o%;89|ll4uk5a3Yw=cn1E+!My_i5ix$2c3z6-xZAHRRC9o zrFkxT{n{0&EwpXap__{e>8$Kwh@_ardg+XvIHetuX;NUKrt$F{$J%kZw-WNwfrY`U z!}pJA1gy_|R$bN6KGpoUurnYEo){E(ja$q=W!W^$%lg@+0fuM`5VY4|!SvTbvz$L6 zKaW#l83RY9_PJ7nyswXZ|92|T>pa~%cJY`IS7~SJKDUIwPI?WOshDPYrPTjbbIty4 z@TCm>y^e~NsPxvRwkC_nS3+a~e78`CC(9n2)+{Vmkld0 z-yqn0(Cu&sWErpni0X_DIo9=s#VV_|ySnE&S2y=%T$AOnvrnW{3_HLf1W$|BFz+lC z3A%e3DL|B(0z0=gt*Ovl4#y;=hou*6+SoM>1sSyMei;oqXtHbpAG`%Wx$|D;@aukr z#>i#J2M4a3)&Irbdj>W6z5TxUvmi(jP*D+(E+S2k7K(_7bO9BRE+PVkA|U39J<9pC4pK>EBjDbb8GilkUK*s$83a-jZg@Vr%XXnv#m)3#-A`+#YloTS z%3Tz6ql2SFciB;HTR_ks&~UPxBF%&PR=%-vnjLU+R<90!z}}246V@}wnvMl0E`{3X z=g&`fJbWnHrk5O{Cm%=~Eq>8z%tFz~CL>odTAX$;sZMyhoE>7?p=oS>{#GpS;D!5= zp#5Kary^UV9Lk+9N>*Ij7i{H)zmvYI6xO0in$6XKqG_>h+Csigy3$ExXQy_Vj3;f# zCB4l8+TiqIb>B{p9EDC4mQ#pRTQ&>}cLHUW`R^RvEy{!egD$p}5>YcZ=9L_djE5 zn4LoGVdm45hwks#RF16SIpX-BELcRS4Y5vgdnt2_qA_jSgE=<*p@F(S^l~^%0pb1$ zExFh`FSIqojtI^b6%=O^-y7f)N4;quMnk*m6;2kLGQk;peA=j3@r=|uarsd-U^A@O z_T4VQlH|J5FUP*P4(p?PJLQ!$u&kljX(2xNF5g(-@hw!g zKC$#--Vn;V&&&lmJw;%NWHDZG{|>+0;cj}ubv2-lK5yCiE6;Cs$={uiX~i#R$M#CS zt)I-R;d^2qd_Knp)A6D~X@|jheqXfO#u^>*$#iFQqn9mCs+ZL1=1Oa5E^K`Ng}qc6 z=yIU>;Joewi9F-}*fNqWAZc~^^BYGub#BPZ zgtl~X2XbNyO`NYtU&bw4-=(>{;zr<9;s1v~D_Bqf!geqXi{$Gk;u(ZP8}5{VY7N-c zryC0!3$W+d&2bvap$qGdvuN8b?S;DE*}7HX#$}sTp$5z28V;=fWxJlUgwN7jt9%JN zPAwe@2B_NVGljZ}rGo4@Pczs%05x@+=&Qy(kPzgg(~L-gEk8$t*qzXFZ8Fjnr)Mf3 zN>#~8mgW7KW0oP5b2h6|GFJT-3a!TfSu(*lF~E{(2+*KUh~lx*V!u=o`MY<`N6M!@ zFEx_oZ*<@*H zktnrGJw0altrr`Y#$e#tiA7Uy2>VbMm<)(+$O z4qGKh%QrV6aym-gby3pJXa&EJI<4q^zR00iry6~Xs)c^?1X=HXt5W=L5jCrO+T+>9 z_ph5*IFnh~AQoroHnwb^!Zz82yxch8H#MNxD4n*Um+auzzv3hU8>&Upoz`b!-p&3V z0*ecRG0qHgRn5k?_o@-89f5n}Ybv<+Wy92|CoRrw^M%vOZa3YerFGmq#R=uk-!S<= zhUDM~j*(YQe8)}Pq2n!MfF^b+?8El@POvsw4vGg~WXaTFGUkfgQ|?1_ZW_oa6rmfR zD~3?4km|PZ&4Y{0z$>@n``y`AG994x4jWZhAH0r9RIr}@@btR8OH^a=grzU-d|rq0 zgvyByci~lsQCZ9AaAg|D^}mw??!YYz@mP?4Mh|4rnKSoLP~S?TUq_7aRg`0y3-4V~y1 zpWb}y=|bK8H|s^J=qL!$&w6%kmvWLy?vnN5{xs@^aW~gZS0*}eOmbDL+l%b@o0&c` zCyxjS(h66`1*TOPrXPjdx-{md6qVNAPytVtnm3btAV zMc(VSSdpm{BOjMwES@w2ecZ7sbpiAYbsgEBJ0JqKv_&vIVF_*|^fuat`=GmPKa-CM@(MI8I9NDVhBYQZr45B z8#x}XXTcBZ-MSLj{@c&kZ0lOaqyku-k!aEAX{iB~KIf@9%c*9x;&yQ3?C@F*KH}Td z^}V{fs?to@4@Q>`yRk1X9>j(j70|hx%XM`M7_2NIyl?Vxg*O;?r6Z<}w@y1mFvG_# zDR6u#qXF#zrF%CloEylGJv5P++&bU+7+Skf8oQkTl(clc3# z7QAYDRoM#zGSQd0J__29SXe&dM=!FeTx_Ig`La`}l`N!TLh*NjjEPjdzd!pwa<90(4$<-n7A&Qes*gA;@5)Uq=(?5+K}ulMDFkQmv`O! zyo~Ll{L3R%lX$RUZao(XCSe@tJW*#k7&@V%^HA%oE)bJF$T2Py%XpN+Rppke*h$$X zN|w~_s5YgLt{R(t7v)CXW+N!R<$kcUAf9WtcEqQXi$|TO&2hugILGaS$J93=KN@QJ zn`3Vi<#+(TH?C{(&PKvyVavYJpcO9+({pRIZ)_veGRs^V)mRMD@(FMH%0wKgS?W88 zscDj#KK9pXSb1$$|J&?3=;%3{OO9XD&%gl=DB1^iL^>cQwj5>&1-q@WsOsQ}l_PM2BsQk~_W}qskis(c;D-N!l7+YrwZbDoG ztDvObeh2aw<;_*_)?)`NrQg&7+Fg*mUYf!P=?%t$3>{@&`|`qvGFO>LVwQv7vVD3> z1DV!zb>9KQhji*_slP28nF!{V$8yah)xcMBx6|0t)V!f;$or>Q;Jr1O@8!2Q z!GVOvql zM=EfI3HWI&ty?jNS$zo=!Lyx)ywSIdi)yk##%Q?cnjHtea3T|IyMktNnc&H4d-K|=%j|CNU zEsm3+J8i9Z;5oWCE%lk-e*h_`jmV#A1E>kt~s<}k3&t)kd1Y31+5hRWE- zd}WaFeu91aj8cuF6+wRg<$GjYKahG@4}Z!Qx85Y?Fmn#Gbo6yuX$NHY8M-oB$Tv>A z7F9}`u0}|MyE=4VEn{{*OkPO08db8ze~4Ikhtaq4b-lNk=nvJ4fN;wvFNtG6tG?Z_ zFPwRFlh#1IB2rFLotWm&of%PqFqGe1XV2-n1y2b^yApgBt=5ZbP*;{s#6`<6#o^=j zuMQ2_qu)AMmX`Qwk9$>>IZQoK=Gm&#&W_Xb;Y_L(_P=&qym2JoRaJ^t2=d(VG=_3F z?AQs5FZ+lv`^_Y1%yjSCT8^=>Z;Ief9&@m5L~qH$y({Zxl^t40Q!7lOGrk+^7O3`2 zGlr0=`1nZ}zt7&WU4v&QM?()k`O0Ja)KG(GgEkiG7eQGt#TEucajX|sq)A5#o z=NlCuOtgnCt**xE%Ph%7+D6IaG=ij?-iL#uMuw$&>n@xKmWD2P_-ExYg($$@!~e1E z*GTbC-wWk!9#US}s`txM#(^j;q~0WYgduY@_usJ@ZH4P^eS$R?~UuMdEV5v!Ok zH_X*m#q31etTX(#7&_RPT>oi%JWLLdTS$7S_QwrPlOJMq)1pPAspBw&y``6W%ni|v zXzmG*dXx_T9(zX5a)JK&!3~E;FrHaO((nE>8ntI#DH7s`y)8Q; zowChC#Wst;BV{NUt9%Y{RU-4YEC|G zs7?E&6Dn=3ayyE5>+FD}-mXgr?fljTO)MpDsXzq1x8w~VJ1qrT89b@2VT z_gfz=-_q~v^rCd~C+yXMiEIgb`IfR{ggk7=uJAnpg--a zrH-*z@#Qwfmc}Mjf6e!s?D|SOs(W}PuxoK)&-=I8XPYpxL;?D$OPnS)(@BNlD?zDh zM59=xMptJ{clZ7V?_f)9X(^r5nT)IC3pR@FJ zH#pYRG@`}ib11$NdRYaGb06*n&#$pA1^Wsx^PSwYIH#pFK8i>9_ci3Y2g?aXcxpSO zwandGs~16CpS4%{<}9M-&hy&t7PnQJ3s0NU%f6$wn&DK$Ga17i79RohozeO0j>J?b zYCw5H!;F$k(apspUaj;Z0TZWocgR4YRjkFFq2$fqcd|dKfSw4#B@a>;l zaSne4bs<>TH#;6IS8m-aS>@L!?}I%e_a_96;{!om4N>wtVwg~{&Q*}NHoK^{_Lq6&O6xjtU2$x|QD7T0L>nMUjmNGZk zA9O92G>L`f>Tilf#e0rM&Z4g_V?u@`2?=4I@|05V-wP?^;V#n#XI=lXphE4NhidJh zYc`fbqBQ~~W(Q8!F*?z*j*H|f-7S$F;S-Knt_M(h26@4j#AUk{Of~K~*jsByVze|P z@zBI^aie0Ov`P;-014(=xZ;RSIs@5yJ)g7#((4NI|HR|gBpj{bG{jWgekfVxG6Eq* z!%Z(p9An#sC7WH z&d*NfxbENT#>q=fjeIi`3w!`Xg?d`pJRG)CzB4r~(=?oBUxZ!k_RHWDJ1v8B_j2~> zKRcr@c>qm~$-xn#Ujh~0r$~pUhf#^5UA+sxDqogaHMaQWvWX)wy@|nEF3?yYgeR;U=AFV5F0Wr)AjH3XrYb&W%I}m+6Z(O`2FvR0h;*Ka^i{ z$Q2k3@MXF~phmWoGU=0baJiI47{=mf!eaSN-q3 z0I)CV|KaHT`|^K?ApcDw$ba3;|KsKKr%a#I$A6D&^8f!;PZuNX*jT&h6v?*BQz-AioBDgI|;O>wn&@ zPTKTdjMhj&`V_~YWBWfpIuX_##U`XD7R3ds*`3HWPTTtmyqk0OHyt8*fuA~6 zpQxCe$iJq%PdTZDvOvN;Di#)vTPlbi<=%VcsMOO>(=w6M*)6?c`(xx#%JkZhxEPZP zp(y;+-l01%aOVihMNASYQy%Uy6? zz8g;7S<<}gtqE|30g}wCp|LssEx?)DO8=|0`)4Q|;xhdTx?$Z2BfoO1;LC~S%Gb}Z zgx&?NM;2*7sy1O`?rs-N2U?2HA{3!KkNI$G#dV=l2O)LY65 zRxUrCmAffxlS+lKlnx-RC2tODaGNOt8MeLw{mpEG`Wno2PDrtU|EyGp1-kXKt^TyBOWEZh0D>T9Dd+ja z6lh;*aziaQ;%6N7{7==B*vsID)XCI8<=clqAYP2iH2r#R-AN$mW&Wevqe)8WAuzc?9o4S#P;ODL?|8td;#&3liBLBySkgd z^u3?80&Nc7yMFHKd=QtaIvCD(H`cT6hpUP;dI126e3JkclTUcKxR`m}v-cQoIEk=C zH=~DC2Y!FZd-=$XJ5c^?4ojWXqnODf^iFQO22&Z#tV($_3}xzuxs|kehw+iCx*+1C z^^E{r!e|z+e(jB`C(kyVgYjh?7c^srab6$P=LJi5!YEyqH7h@YvH{izY6TI(En$Lg+Awsm`k}hi8 zXDy)gdYeNUuk)aB=6eRE=JgeFe#;(1%$X`*!>K4+Sv7Z^-WFD9y7Vpchv=y;AUEpU z^f->(LC}uj_Y9?6fzlFH_kve5B*fyZRwqXXLMa*!<`)RmChC<1@x99H-g>C`>qbDI zkWt?P$R`*BR20uL)X`G(;gZ}#^WLw`!*NT{Up3{oC4xG%t9B{YGxm>fvJ2^@zVFK8 z^{*!XM4Q}PJ)2?C<#Myjqxddr{DrPnMHMmxbz0GQpM+;`?@t0`5>~c+Z}=-Oqh!`l zwM(4lNEn#VcAwKnmK#x|o?l9!T>^?HPb~ znYC;>kr^PKwuxFOE|5TXGu@>Vyjs9N&UBSM{wyZ+Nr~=r3Hh7!qq?=-+S<{UA>s+|94d6Lsh3qT=jD<1zOtIZ}ukNWY7QkSN1!?!(-y`wN5a_+C6I{bmbaCacA3tEJvB$KN9UK zT=fGi9HDVEygbt*lS4A7!~1&R;+n$y;1+X^uAdjVp-;NX94{+hldxeuSs15lm+JkQ z!^VK%_HC-pcr}y}Q4Y#ESzvX=E}SZpQW9-9i<1ACcImfpkylsC@DbBE^Ixe!AW!gv zs4jj3?gQ;xm)UQLoY?WemlI2*SRP*o{H6AOKn!?E;c{KO8aLb@AXOb5xo41dDw}qC zYF}n-9d!e0jwi?=@s>K`-U6bm>3Df-MZ9@WU*!~S@RE9bw7?Eufp}39VU#I%s~Iv0 z&}?s+nBgW5azjahOB5GC86E}n;nAV$6D?nrR4*t|kR;2eNWZ0?Z$D0*|Fc`k-2}_XJwtqgy7Y~ zzoRSP#h<;x_q~`E!i#)4qOJ`=h}we)$4d)w7uin$d-FpT$%6w)c(E=BuN_^|BHwxp z=pGDQqYj+t53YPiba+3zOVO|rOIo? z%=3bHucnV0Qgn;TOqfQO$G6q>!Ro6Lo7!!c22os?W?xC9u2}OWzS5?Sr7;MXTc-tg zz8;iZTEwjnC2s(|WtJ+PX}nWA-iyDZmm$t$Kshl8Vy;LW@3-LmL>_J`*jtYmX{;@m zl*$N-1gDaEj8l^BU8^6iMO~BNOP%R!^DR$nS-GGUljHWT)<@@&c{A#TiK1_;NNT<7ptuiaPk)}|+`|byTzmidDja6M`{vgy!u+Ol7HUxUUzEzA% zs~zA%`lTsLCUm8p&((11Ou9;*t0Da0!A30`rhas*XYJYvfp?AU>|ZxqaK1v(Cw(ec z!iEzn6lXh(3}4?Xy)++5PT0C&Gy4hj;K+FmQ1-unkXT_=dXmP*CGuSB`MKXBBYSQy z8E$=~=W{k%a5Ir+T5BtLL%3K7nT6IKCx?@BU!R0%STb_Xh4froJEwbh`miLSJKXz^ zaabtNVtg&&PB96|Dk9|4j^upzx~sX${_a^MfR&+_^l~Phr!#Jn^OqN0CR}()wt~)p zw^Z}xk{a+gkKRMp5Z;L##D}*!5e;%xiD-M_3%%M{-boJ{MM2%`_-<5<34pNDm!^vE z&wJl9v@$W2On5T;)5Ab74JCbf8I`2AQ<$TWh*ZH{H8v<>&!C{0p-`g3t zyROQ2k=j;@TyW+lY5JD&kG(NnyM_dd0}FcFy6T(ADy!1KHabK{bWU`rR=gI^-O#EE zO}wjhz&zkU%~Wo;@lC<-&CB*;X;T;dyQB^u=61hGV{qNBtl=d}-1v0|cNWmbPP=WpVidf0#>*<&bwt`cm~^h*;+2(YJwarDf4;v@3HnR`Tq<28=?nW-)9)Er{g$kr_ZzH%{&T&l36{zV9pxOUatFKPBWh6W z(X5k&_qD@kQ&(vFai;J%6Ooe>d~p~z`B|>lHDY?W$53*ilDpH z!S@~EcU;{IBG2_4h0EPU&%(TtjkRsUfq>CG4;&*tM(&|Q==iduM9P{f%(|DQ%Ga#V zKrABU31zLY>zQ)?-uZ2BRKT&N6(*Vv9`=A6%i8MYVL%qZ02SW~g$ zV{a$HiPyXfJ@Ev#s|UTFDj(YT)a+OwPyMOHH2bZ1OXn;2z0B{*gemt!#oZ{aSkzO7 zR)yn;yBK7ebn)6kl~&S&w_ewte_hKKAHP;xsNRnDhfK^p1r|&v|Kl+!kA)jeYkcCZ znqF(Ah@{k~_;rTkU4L!#Vf+_4(*?MXoP4PN#(J|*Pv4@}e3JK{Yg~Xj@QBOl#a=qQ zr|207dx@dhvn@K~NL2O72p(v-a3H%hRquYd$G8@2VIIkxi!ZP<525fc805CxnpEcI z6Flb~pjn9ceSNf_zcs6${o7a=NKEU5PfrhN0*lcyzomn$zoHk%1=2T1+v}kY9W7sS zVH?3G0)OTUM=bcjvjWUHHveTr0_wi;-3$ig0N91j7vwP zKbS8^ioSa$Qb+wYq50!ho8g2XO#`5p5!0QNt#zdGp}AC{;W~S4spNz@RWXviEj6la z39T7UVmXEq54067wDc}sowd7npDMNx>Tn&GxRL4FmVFyu$|b%hoMkYlu0oh$mXK_H zWT*C}C-c|k3=`+rMk$kwZq{osd#k2rAt4^MP5 z0y3(oskhz!Y11cOt6D2#pLFJ`emMI{lR?iC`?+c@-`uzQm|IASgs>wJP<<=ly6r&V zU{7B!61UX+g8QFMgliXdV!6M2yStJ2_!C(i;$wXMBHzH9mZwLX;lQ$migAHQf~Z5r z+9w)QS6fe5u4hc-(-yw>DHN5*46@-SkiJ|x+_MU0+oGIuHAiZ<)XiD?6)i7HK_}RRdTl*)9zTY4 zb4ObRk`vH;2j8&Gt)HXwTlc;U!s?mA{%s5{eIOwmty~s8@h+i!{2HdC0i)IaJjW?HOBdLsQMy`*3qigg?NEv^l1MsA4TNnQz(DGYJJUtZp zeMcH$R3@t==O>eTAEI$ zP}lJ#$^f}KhM$xFKWu1VhXQe=UCw{QD5q~Y9Q=PoBmf1AQ@06tq$vFh?Ed%p|4^3y zTQ>^-AALD(DrJ^>@~?IL_tqAU&XT^t-S;uAbN}yoI3WK&uQZ`e?P~v-htp{8zj3gC zU;f`dUCsa5Jfc2_qa~fy8)K)(%-`7Y^8A+>&SQW=p(qd~pI$yZZLc?#142b|)FJAE zMmUmyB>q_kybNHudH~@iK!FAfnWJXWa=&VFU4Opo_YDZ-0kN5TOq>eC@&>MJ*v?Me zp^GdM1#tniO5^|`?Qj6!_w$$pXj}N*pK!%?xQ7FWfK3u?XYthCkVbO9$rmjvueyrRoouX%7lWP=Fhy58UwM3_K@6(6{!Si3{^fI%H46-(!uEr10Ht7VE zY`)#UOl;%RbUdWO2u9)5V-+H~le(#*)O2bXfXy7(M~CPw6YbAvl=|gIK7mgu{PNov zEqPnPdn(}pgyPCdDGg&l26#U`G}51A;Fd~@oag#R5wZqFhX5s+$dR#YohL=zg{5?e zq$>_;imVwMb4-~-`9SCq5TaR+^^-Jk1q3)o>8{nN-qfJAtFoj-uj`$AO*H6=t{- zL6$Pq9!~8vE-O*~SD<3e8nlhywnp=Ml6_Ay&zxNlzL0~t;Fdi8l#04~?7dlzO3`GJ zSS4)&ak<%QiyX$l?E%HzJz$~+aC%-I-9jL*t+#SsW1nfLKt!hbQ~p>=W0aR5D2YbS z|H!p6=fvhU_6vKu__7M+khBY-pkyuzVJ`L&d-3nvm&PnHjJ@s5DpQ{W>$DNU3rg<9 z{%NC_9B1kRay;3bl0m_bu~U&t6^!uXM0ouXf=W;+rJ%{HvlI-sI7Qz|rTWO2x^7jf zJVD5Z6Z6CIqy1AW6I74xULXM-Yzhs8#V1BSspLYOY(*1)`hQ2~i#yHv6 zELi5zxyJ0lz|j(Y4)Ddzzfk|}wVxGdB64!ASt?_bMyQUrz{$S5-qr2Fh$+vp_S3qR<@)d>noymqD`mdOHQq8a1WG0kZc3-M_pbg5X8zNs9?zP+uu zUrRlhwNylIij&deWZZ~Q12?G%ehfD=mxDVKHdRO(;qW5_C43}5ypu}chT9SFl<5pH z7;cOLi`{b6F!jMPQ(gDRnp?IvsMZ7#%Yai3>)@8=tYv&1a)Ea?69ok#sMT{3|?_Gqe5K?x2F!OIF6oYGp9}?Nr{kn zcgo=*g)-}cZt6Qs*gvbSV@YZgCkgd=VMe==h|+Bh^E{Nc`DOTk*seWJQrnPS?0vI0 zp5|31K{&<9)T2H_r}XdT%^4~c;4TVavY4N z3b+0E8aMcIBDst!o#4Ep$xW+%3|HAqKJDoUfqwDz{u6uQxMTcs6Z2=f`wH5}b1Emg zc&)I*fpZ6GdW+@&*sByQ!4q8ye~|os{EFZkv1XzlMAz%1YZ{R_hNrh0;{=kDoNf?} z@eT_vb4{`pITk*}PA9?+@Es}Yyf{_O&Ga6z?1Am0k08gRw>n-D1_a>u$~NOrNV0Zc&XuKTmIFjV=O%Z-xvQvLe2|RZ6%1<^2yk{mzV*G92z>DW*9I((}IOcGW*~KCDs6aBZO& zeP-dCY!4g%T8HMEz8DE5N<1>BH-Yj_(PWw-LE#X7L~Hf_f&*T53a8pYO|v?lEm1beVAq2}2{`yc znqPudVMsfiEJTIw?v4T5Bqc-Vqd94`Hf2`WFHQ~pIYS7!gZQTT`3Rl}Kg@?W_~kP} zY(Ijfj<<0tBt5p}ap$RSHCVsUwItU$J;rs~Q9g#^6D#rdU*{NO?;M}&qV5874>WDE z%q~F=+8NIH>OGnm>y2~50JA7$fC1jF`wqWX=$|r zsfSHSzQzjj-xcM?#;M<1=jI3x2`V$RtzJhFC}+Yre}a8FtifmV+1PEkxtr@=w-9Yf z;_KO_+5l*!^ZQ_k<@OD{`S04!t4u7g7NfRlRsv_u3s$PV=0ePo9wJ=gXJmHo0v39! znn`>p)k706_O6{0I`CERYc4u81W2txS2}B^Jnan<@Q)}ah0U;;J3?z&f=c{rw|nth z7ma3@2(u+yhDT{b5U%`K;*vhx_s~r)W-A2spu}AjbvWalU4M3Aj6$Kd9G~b@7LhI& zj*<&9H*=GUkCsN#SaTcs4HdsLS&?X|na82x6k?fdEVGZi%R%*&7`cj@dbEY>;%nR? ze$u>B6Aa8N98F>nYT40G`MI3*`^ZWR5x>xjH?;Y1hnbzwV_W&_Toiwa2&YRytL=CB z;N?(;V-sdJ?$n_VJlMZDt(d%p&nQEfCrp{{Q(bHzgynC+^u9^f8;M(Mvm46&VXY)| zqhOum$4^v4zMHX}xv0CIz`f+q`OuN0tvOZdGxp|}Eds~%s*)>KrG8@!&+t1=Fak{{ zgcYwrEnXrRD2VwFyX)94LAtiF$1xtfZ(?IFj+IS^A{F7&Fe-V(1>{rBPbD=U9yqrJ zl9KXN5W6w_@zvAQEO`yRfuB&9jX$}tA-;sQVtB-bxhgFi^l*Hi{yB>&maQJ&`nvG2 z!7{S^WDO`W(x|y{mI}q5s4XD1-@E@QFX2evvtYCBSnQfL)AgF0E#5ksOS>tc$V-3B zuNJmsUzj~A=*HSK9(#iE&0VNbw^uMc@k&nel& z`1M7H*!t~TJKM>ox-Ujnp3xK&>hkUBqQ6M@nwIWd{g=n_pNlTfgvFhUz8ffJc+vW6 zL7Ug7@%M9E>jx{cWTh1la%g%8$UUlQ& zB70tJV1|lM=WtXLxKRZi>mxqiLNZ^f1Xo$!ebTHNrqdfVw!_{UmmE_K9$7n+8A0Z1 z-sy4llzngVPUS;@!6sH}cO@7F+dEJ5Yn*pJI$6p7j_a*4!n40K|BNTBZV#c_*^ilJ z_W4(bKcSdDTQ@rD6cpt+w}5g3I<*wMeft`W!<1dgB;vDCX}6fJO1p7oRPVE__u7x% zO?qymjIErdy1CrYWf!`K1rsz`IRJp0!A@sEVq{RZ0tEu+-g=KUdVp9Qgg**0v9X3t&ro=!`R4fLSLmDt#|e)t^!u*_)+e*Vn^ zF=WsebhFZE9aR#ke7@>|u3|=lsdN|8@oUG1q0JV?#q5PipxVZeZq<8S__9%!3sn{u ztW-Pp<0rXxY5iptwMK8&8K#U2wj403N^feo^kkpCs^!SP&Z)g&yCI>FC#vPAquo0V zGuTWGhc5NlEP+YS1y^PVhetC5~fEYGmh zyh2m39=Z9wRoLi9q>MEoybcmveu;lqjB<`9f{~T$2DjWOZ4&c`lT0${eB`f3yL)}@ z?9Hp`C+W9whPQpE8}>sTbynM-*Y=s!NQ+8|y(&pzP&UZIj=?COK1K5Q7(59*Zx-|q ziE#fB%Q`3MTMSoAL2Y&P(agoyV29nF?azaM6-WD962H_qkco_e-L%spk`=Zq{o75L z8JORy`JIJB2kC-HC|Uz0sdxEkw}wN;W%5c8qex??X2}ofGL=#V*)uf9JH8PA)vlJs zK(TqA>GdTW)xk36J@#v&TQcX9uikFXhIm%UkSW>oE?1;qS~uNuZ7D~Jo9jC7u37F1 zyOozCRlYffh*OGR|4z}U?Rv4ZqQ;ta@2Cts_~IzVQa$eK+=y*skEN=apL1FD_qm_{ zY)%R?3M?L~os@xlvX6(I>7SnX#9gj9*n96=qH#W(+#<3{U8RsG;&29Ow0&i}T?zS_ zwKYn3(%@dCt*`R1>re35?$7B`4b>NpeBi*aS0{F_Y~G93-r=#vedkGiuk3^Z#&2iz z!d(pGC2G|CIBYaoV<=tD?R#NYkWN4AnIA<)%O2gc4;bPPx`VoZVD}1#=4XVi^`|@R z(F|3DjnDqrY{XSA6O{DB-uYq@y<%i({`Sl+p(WpKdf=KV}JAt``PjxjRfqe z_nYVVU$n*0%VV^2;NP4o&3V-iD+8#?rq85F23K!#-7TA|)W6eV%xH3`W#IC)Nn|;` z>CUBo72LsL)Xco9=U~mTSZa%RBmN63Gp$|qv$heEsd%8A%^PE#cbq;OFU@Mra+w^;IpGy#~x+JS1ykz!j#Wz zm(*2;-JhM7y}UfA`z0C-^-)iZj1hU2k!Q?eH}d?i?ev?S#qPiXT=mO)@>yVX-$6UQ zbP;a1Mx)Fji4Vj4P2;50nmlNq5-f)e}5 zc4L8X22M9}oN-b?)Ii6`jYDJNE{*mdN3&#l%<>M5Rw@n}@3`e;rN1nF^`IE%DORwe zFZ$K961%sJOqUP(CAP=P{$H=n*gQ50~g2^z?djVfyn)s@M8ff$jtSRR415 zGt3nOwC0apnbU~{3JVo~A zH-dwEIE>I&M9t`~oLo-y{>`u7tQ4VtS$NRail*w`tYE_R!Dm)7Q;GW5k5Mp=k%WYt z!P%=42)~OuZ|?rE^w@2-eLZQ6vsX+V`_)yx#+cNmy zh&DK&mEPR!vT<#aRYt~u5&o0&g;!A3b?H_aK`Pf*%8Sn9K43L&=YZfSet&q6i5CyjcGmT`2TyiYp z1e+9kh1m{hW1gM7mEHfxaNw$dK#y$RUx&b!8@x6K1$o<6`GM;d!U5JJDD+!Gr>W(o27Rmg+D6EQ|`$r*2#d30NVr zVi7~$1ROWSZ6q=0yP5w~gaEC-{zXRH-1(-kBX>dNgmfgfw0IO1c2y*1W@aR}HhHZ7 zPo7x5ZI%B-N#M%InimgjiuEqh+_oB-;miXz=VRl>jURp)M}M!5+NmjfelMV@*n88y zws=0wbIEVepI$K>sX#3Z)DJrOjvaWdo=EneY0`%)_ziOosEnB)4vbE&&lYD^a-n?b z>GkxJr|Q~f)-^*|Meai^2?rZ;9bg`6)@RZ^|nlxvSJbWZs8>sBH*sq zEUoBc@cdF+f3sJRz?ucre%0pn=_Hl0finb{cJByhAw@Jqap;J#ce+O7PtTXUB2$?SBMyuSBRinL%w0fmX(4ejvOx8^)ET( zzsgP~4SJV)&wk9G9itrLmPKb7+U-PUvSt^dP&GAZ3oUWLS7S5vOQl@Rwc{l0SRn^0a3Wu1)!Iu-*~yMdYD zpnY=#mrtOUqfUv9CfO#|9GEX>JQ`3RzT#leayeYX#pBN8u(s_(;UjLJ@s z)e8O7+ee?y+Q8p86L$(GB?yuiXr!HLA;D`efrS&we5q^wF8O8qYE^px(dXXvGW}eAU0KXVPxHYG-KzCQ^8LNa9Vl=7}%lrT&x9swSSsdpC^ZE>@iT?CW<&GxHl4 z`~+l18{D)rdp1&FYbPwzPb=cxMKJ-ks;P=M!OsgTV``Od^8Q&Lc{i@WDF5;x9X;!@ zSw)rcPmSSL*pj(&i^k)dnDukC8Zw@I=gI+Qf<7%V8MYKZ!AJAUgl~R+wOzZ_JDXWX z`^~D0o9ig^bk4cZ>6`*e$76%NGq~7mZq|y|4sUONa<^LO2uiDX(?xo}DnXu(;gT7S zueM4xzwhXNwN`m&kNFXTc^0JFu6&#o(;%=_VuQK9+iXPg;irT}A1(XQ-^kefODqzk zB~@UFVqMH<^K2zz6r^6<@u}>#=qn)d5qF;UG10s$nFe;mw`N5}3r%NDM4e3F5!d|aMY32=7MBVSUeP)Y*i==U>3s`FsOj&F8H7=3N6w$cm# z3Lu8P-hC#c=~-ErBBd_!4X9{G2?XppG7CKF49$+`WMjKWV`6am?c9JWx4)HlE~Y?U zG($==Wxtq6$l@Id73abQv`7*vqh>kp{oeo1?G+c_q8rq`W-|Ir33eyv=;gJarERPt zcI`AvjNeAUHAuTNyLX#uBhuLEClkw|l{P=R+T#NF14bU0e$ck3qbZta8M7`YN~oW2 zRmXi#XI+oX&Z_MRQe<;Nes2)edeoFGX4I_bkAA#wE924t`I)a}pr7z#6FS{r{|^l= z3|_ll&w7IhbwWCZy52WKrrL0Nv$)~Oo`{3c#FffcJkysv5=XkUW{pDc3*Ifs?9m1pXNno z4Bh8xuA_fIP}HMl%{A#rn-4n?fE5_{C&lYUL(r$5OK&#T_wNs|GwkvOwgP$T_U6Oo zZ|$*ST|rY7uee^TQLkL(Pc$-p^ecuhyYHXh^cN9=BA+c@emp5GK017tBAG2T#V&A1 zPtn+4Y|-FkP4PKz{ym%QfVulGQ4jLKLoz?c0`bS0=RVQ9Z%kF~R&u^7?c+XVGCQBmx{$=gHZRZYU6-Y?7c>tASg2JJu8YKB?51Pfev z4&o_WZ3?>MG{Tn8p&Y+|dpriVj9N)bcbS-?Kt2g*CkCAW=ZK}6W}I0OPxccn3^zV@ zRp}>m1JbroNBc#9={@%(;HKH|5Gh-0F249UTqR)l4gXFRXhhB!`QVkPmWL3{x(nf^INph-OFZDJpuv`(mua4D z1(FLlB@GiTeH}hXlilV5`x{#IRWLq ziAr$th&G*anM?E4^bJ%gC%mZf`+|&wgv4f@1Ja-QHcoq{e4ixGQES1c zI&$=FQq<*yjEm706NchxesyB4Aop}*;K!y1_htv6`>r1-C2%Gs`LI-KcW*cC+kSoJ z?Mue?WmS1|MFIWvch`S-Tf|e^5U?x%RL=Sx&40c3EP92y6Y0Xh@m6c-mdZh`%~Ou^ zkFUl(w>Im(EUGbd;&yWN?{f*OGsYI`$8DFy`BjeB^kc>>p#m1vmPJ4KzH5?R>y#BS zx2Vl_P-Y!Zj}>|6w>sCl*nBv9X}2&jfc_&gL)of)y=D*8_w1u-hLj3*5D_%+Wcod* znxXH|9!@M-%wHqEXt(Z9wHjD<{K@|*DDm!h=$LXdaouTcWdpV&I z{w9t5=eO4XqV7Gzn)uqb--sfD0!o(>L_xY(Xab>#fPge9p(DKpPL-4fGna}H@`9OJmuiZLB@gRE#@(P#R*n*Ut2^kK&xIeLTn!*XDytoSA zGw@ILnY|>feSFsJFj<0i8Wf2gpYw!x9W5ov7B4aR?<=6C&KLIPJ@%IQ4W3D~>h{QG zQ0nAs?O~tEo+XaWT>xsG{jdb+U4w-EYS8H(&ItpgczE9SW_(j;wj^WjcYlClZwihi(J4U}V zGJK89#y}{8>W***QuEU_4t^ag%mNlz_oQ4*lcaWddHu`a6NK4MvI6^hC3TxGIw@JS zB~Gwo$lcldz5dG^U!rO`^Wgmk(eFnh*&@GNdEO~eUimy`-=%U=n0|R(xcWSuQFFkc z+pyBY77;G)@TFn=X%V4Y+`3T(leHK$HHJ&-Q)m{cjuf+w#QPQuDa)MDW|T4ZDX!Sh zdX;u0L|IQ(mRyZO%HZ%oC*WSa*NId-DT4L*%xN1%vo61EmWe+d@0C4@Z>6Zw+wkaQGNyX%fk5B;a`u2n;{$2N zS1(xG8g`ALjIO)iii*xh+n*gEmLkRmG)gAiZ8E9_kS69T>$NFJ)269xT5)tHbLe!pXgfGyLK=EsU|vJcxa~6iRdLP-0C1Pp;)sGR6>O{+F^zGU9_ELI(g5Xt zJ!^~60p6)QP)8%1XjC)Kcif5k(d4B?+Z&2`^R;xrC)Ys;m59`i9^G~ap@%EAJQrR6dd5D z`cv@lE0e%5ME0+Z5isfB9sX>q`~0oBzyFfn{IvbAeLyt|ZI}PG@xQZxide=^u-c2V zrd=h%wSOIumfNT{)H3=3#r}UBu*kg6-*))BQ}r{-|Norh|7+Dg`}bM!{Rf)fq zfSGTcng}mdTFe~d=ihufKX2L4i0w&-Gzw~zo1YLC@gl~Q(Xgp;6Mu+a%f{GZn#U|@ z*#YH^2<1w^>aOK8vy^-BPF<}CcGHLjY|`V}gmjuqw`9#$;223$s0 z6rVk4+^Aff`Z9jMJ4ryz%Gd|yS(4%!WrwlqOZ~DjakMg7)D9@Aq7LKX0xb;b7RWfAwV>JLu2_;T@(ui}<~`Q+{r`WVktX>A_z zq3b5``pMRo^6ZaTO-oWrWj(xfn_=QJpMI05 z&)CbA)dn~F>nr0Yrd?5KL80O2EiJ&=c2!!pyH%-xK;##5lpY*7$hJ6|#Lvrb*Tn>q z+Why{Z0+1cl+9=51mzbkhI4^7(_;Y87+)&HN7xH+;;yo;yO}1sWB7JF7>~}9C8>fk0-iMq8-BmeohdTm+4z>h zw-`Nw4GYRW3A5#Xxm9=2$%M7*YoU_FCD23n2ge^msBX3>gpiZOuK>v|@7_yZ(~iCu ztroTV(^HB)#@m(oq7kJ=A#wgZH!FAmUTBJt_8r^_|4JXE=05#K!D$sXC{_N*3kV*> z0yzp6{)(}^DIwlBYP!9dwG~}|q?52RpT5n#GDTn!Z+C~y?)F*$!w-&dI&%D)y3?o6 z!4;M48M7ol2a+@d#l50~ST%161`d9~3^j`aXwPg2m}0L`Wkg;cjZke7B?1L&;-dDP zno}Xlu?HDk;NUkogiRmzE3HyMC$>ny=-kghSt@#-=88i(frQncd2KH=Rh;g>v`@*h%)1kkrAIu^g9cy+z7p&8*J@j(r6H@j9Fl$WB#?(w}>st_q9n^m51Bj&DV^TJ;2%zqaWmMVM=v`ED0NvaS*#3 zD#F%%>d_qh=4Zj=fxwzv&O7d3twQvW4qlo>s-(dD`(ZSz=)iuE8k#D5eoBz$bG~pT zSSz{AVS*PV?Kalf9w9G4Nvw!+T}ig+LYA<-n*=&7LlJwOI+b*Zr&k2jnxD7b%X1I+ zQ82u=+?PTh)wrb*IV++B;+j;CujWErdFMT1Gd+)v%NI26S#?SgnPEzV6C7O3c=Bu$ z0C6MNT3)Tv0?UuiU+!a?Mj{rUJDiM_m>N}C!4W$WGn^bes%hTbM;mSHakRY9Ab%!@ zdbOn{l4?L3lBCWXc3%~?{JHq8L$MKd1vHa6x5fC@*Xg)XKbzJ@kfJk0aJ$hDb$ncu z&LO^kqJNKhwYKg7-H3!-_B~)EMnM`q((^^OhIId1!a=~YkHev9c@%56TFhZbDC!uc zId$JiqbwzOs89)d;qlny<=)iW5jroJV4?$RKj;}|c#A%a82d=W=^DN=G>+cubSL8S z2_omclmJCOW{i~fcx#=NVY-xCb9Wv6u_g7Ww90Gc3$mMY|J1!R^h?THg8lh>;y_Yr z7MHnu-)j{$;5RRhKed}bStJ7){`d_<88OWgNZ6U`HLJeQkM13v-#dvtK{~2!)qA+q z!7o0Yp);ndxW9KE!gxA|D*RDOJ*@&QBI6v->}s z1YM^O_R-jV)~)44#zC_`>yZ2C#^e_ZIq%c`*-fM7`@a2#DWjCrzt#>|>a8-vGoH&@*udY29~E6WkV8miW&94vlQWOkcJ=5UFDFeo_1O33&Q(UN$#Mh{gri! zoA{>zPsDrZ%OG>b=EsB$xQ%X)JSuS9I-9?PzTPh9@)_MY7s-yVlCO=iQ7YD7;4nBPYPi7p-x<-aqP)a=Lh>6JI9})l^Kpc#7*@l<}WH6W@5z0%`(JjN!H*u=j@gE zo})hw{<~j6e&!2gvAt|NSD5OX;FzP#F)eWgb2c<*##RFBP!V^oag4 z>d3=csW2E=ah?bdZ4Q>3tkLFzDbt$#1vlbm12f#v6u^z5|H9R#UP%;*So#=y(+h~1 zjd>AP2c0t%y3`e^Ibf$P@%RVz5-Fu?F&<-@4sX#O8XyM#Fr01^n-%?eCu$R>yV|5d zQC-~MlfepDH3LczE4#$ws+AiY_kW9l$(E-=QaQv<_jk7C&I47T8y;(|<|NO`jcS-j zv|ouxIedzxe`9o|*=mMYjJfqX5j=ibdq54K?OfTq$Kv`6fxpcBV+E&>}5qI z9i4>8x$ju0@fQeVU)e%h?OY#NDApj)rmnEdFpYAD^d?B!2Y9rw9!H)pUPetHYVZTZ zL{@8_QD{l46D`?5q0P>?FwJ;+C(qWy`$HOqi?5g2f6+-b*tF^H$GB%>wX3J{Y6;_&Eiru&a!?|)fZEF63J?t!d^cY^ZuKJk-c{WhYnl}o}E;2 zW3n4Kl1)}3`PF3nVLr1**;uBoeP1q57^ZZ^w6VWtZs9pB2d2*EfO={2vXRTnbQ3ZE z`QIQ+q$I2>l$x{c>BFH}ZR>tPLXFMSr2G?3%g(k8F;}kYKvw;t2;{{GfWf>;V7!;? z*M)>(>tn%BL@ek)FRvs{Y||fO56b^iFD$C$IFf(ew}Rs?+lmyd@1PpCJHz(+*RSv% z;^K(q+F7-;D94s~bu9XW4?jHf9ew9kMuWeKF6z!)l+$xQx2;8a>=TwB$YPcoosZw} z!v*3!MY)QC5LtyAN}-~rizwa25(Ah~4Fx)=)c^JCZQVknXC;Z2wZU26wPbS(#ufNl z>~hICT71hGIiOni)L83>(YGYQNKi&a78BB7T(sl$w6U;s>On2!^soL9IVxfZ&D6 z9+&hv!v~(2?&+4FuRiH*r^V{7x$&CKRO1dD$mEdXS)1x9t4$S4CB5Gzqr>ag88&9m zq$lJ7BF0FrIA687N$^^R!n!)s62IojSHMr(C|-1^T!j}}!Z=0{qaV4PwQ9I3oaTWr z7kjl*DXf*Us9~n+DzRGt8MWFO(6`)|9Ieo-d|Z|kP8Bqzz|rX1$BXvx@@`_njep|s z1ZAc$-h1gliL!>~pnM`b;XnPP4B*}4{-+DhlpqEmPQuJ&ui?u=+4xM7qV?pMIq}X8 zbT~T4BZOuY=%%lBjF$|Al(B+&oL(wwRy%O0Z^#<@swIB*_F>4l^9s?`0=p z$ZBz@6UcbD8+|5R$Pa&QBI8EOSEkJ7zyS(#)Q+R_8X4PhHWnipS+?UmY2-dOBYbCa zvWPAm-cc`OL^;AAjWi_049$(oqM1reyMWl$Sm8gwllS=a?NayJU-j=h({Ai&2EET| zwjTqoIj(DV%_?DbA1oP~@<1n-DWQHZb8h)z;ntU)(4P_aH zP_U34B$kI^4ae5S&b?}$YGvOob<1+E&Pr9aZhsJoTv1EC)@7|j64Ynz6txXM)=FvD z)^PRU#ljMFc9@zATPb!$(yS#WGTF^CnOdeeQC0@1oSR6@dw@4!(-_0NH{2-3nr3sb=BZ4>&{%n=KmNUCmk`~qw=RQJYV6_vf^In& zyMIiDFpbyJH9}MRr+yE2x~K~;q5{d)9@f<;!%8{=*OFJ6wO`2|9KS_c<7ClC4q~nLj zLhHCHt%a`bQt_{ysSD0E@p0DbX&XLulM_8t-J&FvJXQkTf_YwNvTXU zvx_~Rvs9Bsbp?1|%%fUsB1d=1b3WkXcS!Fm(@bug>es4${77^{_Nxm59m$r4zTTK< zf%xP$o|aoERnu^A?Tb(!qcg%h8VQMJmwq2PT;k5io zR(RynP!RGWJ6Oql#)s8g)FC{o0{2F+`L!`fy29PZ8s!s3mbY zKLD(_rl*p3YmU|z3qRMpIewle?U;^u?U-NO6%c%+@k^uy#%wdfhQ|0SJ9O+4`eRwW z6t8JkH|c~;J;w{0AyFknSZ%$=muWgJ5*Q~AS~JFAhbFzprD<)8minWs3=Xxads%A( z`ixu3?XSMB#CZR(IV`U{2szKgW36Pr&D6Ttdm63yH_CpwBrRh5(W;YnpGlt{w?r=B z_$Zd=9(xDQCw(0*DOp37-z@!9|FXfo6`yCcL?u1_2k@4;4B>z2oqq({0x|1a7BSv31ZHC2e zC^KG=d-pgxl0S7VasQ+JlaDx!0e&6ddZyyiZ_mvX znT%A*ko*nWEcyi>SyCK19qxyz#tBi&h(mY^lVe#{n$l&=WQ~o|t6F$u?Y}AnuQ?YC zGEUR)>qt@WrS6&*rTm^l9Zw6)*dM2wPpkFO&XrU)47SJjB^EW#kJy(P7P0+(* zK&d}1*It`>^ttu((>+cU;_{EAZhV|@zxX#QTe=kjJ_#d`CS zPS*sU#x;}to^L9=QIdRNM0&g1gT?4Ixsld0SXyWi&F^HmJIH(S5M|eZ#dD6h>bFhJKerr-jZ+qn+ zB$iyRTm9k5&SjEHYe4rh`-d%Q0N9c{buAB>ox8&W7ZR_bT{`y%QE$!8-)Fric)<`w zGQMV6X&tRL8kLTF%PNyq-^=xl7j!9MD}+?GZ@x14CYOfQy46#4kJnWWle?rd3#6d? z2%To}^Ddl$FZCo{&}3l1^TgXQ3eC zowIr-pqc;a5cCk~8j$&0G@O2pCip{Xo0+T}{pYo3Kb*hKUHM1~sO@1N6rLN=^Jn7% zr{pG&4tczu7_&MyKPV{K)EIw>9~#&;Jib#~nrtbUURon_&9KpOHBbLG&!T0##UTBM z&t;)z=*&8nvjM2=a1WS{8S0eM8SZ!kV=8N5dr=Khvu?iDaqxN-07}R+EH?``YX}3L z8TVEBBJQ)W)`XV=%Y+ZYfygboa-U)H>DRlzy}Ev62qcRb&cyP|o>(aIbG$jNmfyTt zhUufs02LlD-2x4$=X!L7_+?8SwF*#jEbh4ub<09MoF-kJOt%jQ;n5#XfaO9CU{p<7Uf*J3zbgTGFMtD^XXG3&MlXN*@66w}i zNC;Q3pVXHZzvM%1o^upG!A+)0-#km9e4~KD$9T|-Tw|<|Q&q&5=X!^eBFehs4@>ff z-d?N50z2e@NN_5f7Cr$WtD7v+gGZYh~NbQM+lUb+^J4<+7GaoLnPezp`2O}oV? z>7niXQjH33ZFX_3NGcIxUrs<;7K%=|jSDr*Gi_GA$4y0{&d(2InYO0zGvyHBjPIBY z!SYggrLg7@`&MrzT!ZOISi?u(hrundm)CKO+rM~pY{x5iQ{8}z)B=<3V`5{tvcP(p zf5A*(%d<2FG@5TkN;S*|-vKK(R%7Z><@yIqjNdT$8Pv7S<#Cn_R&n=@9*7hO)OqgK zHN<|DlwsMwdo~TF`4pJFJG&8-?8#bqR*NkHOT)$!_5@B> z73Qmc`%p?T#}f1Go|?4mM4Gn0v`t>L>0gAVv2z)(+0u0pRMf1Z9 zZ|(xn?g@5}w#ZQ#H7rQ9@fOXI#Qv8RVGnaers)SSpHxYm>Ff@>o)s!QwC*djb`jEz zm2Ow29c-}&Tq5x``&HW}ajcRj4&8T3fqBQKf0IhG2`K}ItZyUM$<7|HQ_gz?u?Hfr zC>+_l6a2;mlK)JS@N(Ax1-BPnp0e@}LM;#O7kY+^flMXe3H32cZYpk z#5v^Xm=%8S$i~}`s8x5W#vZymX5hpjaIx1tf8a2vvhiCfync1=8B-g;g_uy#C-RUY zP(UK`#rX8x9H0%z{KI~5ug#eL_NHDiO4XC`C!U4NIB5*%m6fUaZ`2^tAMlK6yIQ{I zS00Wh*QTjeF*eY##qkcib)1+x7zoZT+f)jpi=YS?KpdWZKCl?@4qxlGanOJb1EV@{ z9xvjGiXmv$#^fOH#L!ih9$)a)8yI&47wI=uc1O z8W5>xZ^dC6V7l8nkcSRH*3{<&!O04k{pS`B6)%|uTh097`8TTh-QyC;&`X-cU$t*O z70BeB(&^2=^07C6Q;YqXVtB$+w`;EWV^#t_#1i8^dacExuZ)2;D}*^(tySByeabxuk`hk-eh&Ha zXd&6b4#XgiYdUkUgAO%qY0V2HMK(o!$Y#~=IUL?yD=VtikxbE=rW*&^8jPTGsLVoIjn8}7H)F@a= z$~EQM<|U9DLBPY`;d$rJJ;USCb~K5>4gUlM*+E@XXWHg;VVK>E$MG7w-^e)n>+&8& zyt+l~i#wh=mcJv}ct^G@^nH%pB~M~tZ7Z1e>g~7v&5>*|4hA)8+UtTgPj#l79N?Rk zaGRP7FW(domlQK(1+#xYIQKU3oPB_D((aqwLA1>&ZEQAN1Zb#z zuNIqSV~cf+rZT(7A7j#Sfq6I>O%BpBMFq*B0u)_AtsT;Tc!byQ)p1b=;KQ^Hy@P_W zkl@y28=4Q1)L`vJ4hd(|a+lxFq>zkj>wqe!`uS|+L=lqhK7(r9Ap)debL#30Z^ znbQ=tneEblu>YRwWio?HbA zkFflMOqf4wcG;RLm%NdcV@!b{S}I)09M`_0)9x8LR<1-H^l!++Tv2YWhF?3p;}1hY zefz%(%cIFh!v|ti3&(eWWV{a+A+!}bGB98d(CQVTKLE?a2d+UESwPyu-JhF=Sii05 z`iJ|2odeXrp5+*W3rF7^?_-_$a)Fo)gtC+r!uqFVrsjVF9FKBn|9tu9RRH-<{No=) z<%P#safAaV9|IPv_u969m^cZ8WrG$-Je~$+EQ?OQ8RQeNa#Ju_+ z2kg{#@ZZdbO%V7$5SRatpX2|dYIhns(jqVbl|ns&I^VEHOZlxEpqUh+*l|s#Z|l&x ztVb_)uVuupaQ(*IA^^V^HwlNcOaA#G5Pe#>U~Y@8Ui5#`*bTLzyp!5Ad`AZkOw<024!bKSc!gGo1tdDc}DlQL`7#fOcgY zfW&Z4R=8Lb9O{lTjwsuyn06i~@|&a=o1oZygxz0w-q0Y*#%;AMM)Ez?PTVffd2y>I zd#Z}5+6Xg@pM3Lbh)-ZX>q-#S8)2h#Ai))l=nSv2?k)FaeFvayf{M>&v|OV~4Qi3j ze$A}z8xvnrdUjScz`aGtRMcx30vRZ?&>ZU#f?CJ*r@P53QsN1Jju-UH%z2QWA3D@F zti3Bo^NygJ?)&Cp)-6r5_6wLQG94Jn2(v$Z4*j-H<{1HDVd4--c2<613 zhqw~-9~8-t>{;f>tU)SSwP?UTTaBPf5gu=r37qO`wD)Hd@r?3@3BBty&(0FX8aD1M8f>q-LhBxG8wkWXg9U~KO zr$WAifviCExvP{~h9qseTACQYp63}J9hOkkw)Z*DpJ&D$1>VG14}1L_%O;HUp3e+> zk37&mxGfFgR?SS#XWVLXINb4ke)TLpUCLhu8#9pBa~WhaCpXtFd#Wx~C>Nvf&HN(E zB1*1VGD0olkazY`#i}lk*PtB(4@Y@KRKA+~$6&rEN;HQHbEN-4qp+9y{+8+1MVYq$ zIw}-^{u@OZPU7QG-|y^R4L9*k2&b}qQzA;CM8!P^snP`ZZu;~hD~7n@!6c)Vvx ziBJA8IoI5IR>%K^qHv&(ZoX(bLng4jn1Ye19)p%_hR<#NX&KG|tt2<&8`BGS*DpjX zCqu$uen3B0xv!R<+C#Qtea5X=4rGJZ+qWOb{NR2I^xumIW5pD>;q==Ow)t#KJa=5X zkJcV^6OYIV9bS)W+aOXIA9W04(^{E;I0qXAdc{UV~?mXrJDK1N|KG` zpNhA;`Hw}GzPYmEJ(L}=dH&(mIB!TEe$5R9K0C>Uabx^Aq}((yb}Y%zb#9C>2%k6C z-SAM0Ug0~+$GqXipuGM77s)Zdq~%Y`tQO0`)oTr01O3_IL}wBuW2B&hs1FKu%RO0B zS2(k?3L;qheo_Xyo$C6%@8DF8uVCed#d+Uc&C9AT92z}J>!BZRLNeEMdipb9{DjD? zSnb6#Tkb&aV>~u)Kpy>Glmq)qj9zBX`)_oG6e>WDc>uq}gXjpuT}|;ww{7%&*6##O z{anv&jf$@;{}38gKg+5eDSycWR5$R|qYG`+SZO`8w|jmD^SFd;a}-KbL>o8|2}f&2GJUs3$d)5HbGZIT5GxQ#I;W00DhjxG0$@` zIMle@=WIN7#=x^$ws)cIQL35_C)ljw)$=~}h-RFkAt`M>nxSGdz-UqYi@1mJ3yKZQ zxY(mC_78b@2nQp&?@1Okkl$cV+hgWJ+7stAcbt}prr}UYS4x7<6svtOrkbyL68WLi zM6z6*oqp6su3Niu@LZ(=%q+iIDSqZ5uZRX%8>Z=gKwi`IRKc)vDhjDJfj7IRidQPA zxONEkPmd4OHcOAHDSC_W6Ua!*$8@c$Lr!KK%zU@!LxTIV=LUsGYUE$6vQ98OxZ(?- zZ_lV?{pS|fI>P*Wmj|z1OST?Fbk5_>?<#{@f5dFR;QvU*bFvr=tOxdZRkml5_#$K! z_p$U{#+f}z%u{@ss1H#@y5V$ubM)`KTeyut!_IdkfN3}y z)n~fd8yiHmTw4_y_4}BVD{u{YmV7^2@&}BOpEvri?QfDS;@yVPO4L`{{J7d57!3~XrG>7cO5TbY`_m9N1w5#F#P3OVa?_WFIs+S+ogj{*I z<9a-zJl~v?eoe`2I+gsA_H&$6Go>{gG059)P+$0|$#d;j+?7C;cF&D8V!!2S{vP&mJ~*2edkwfiabXGr-^ z$oUCtc`|Db?cz_2WGy=PY_zUU0!e+E8<#-?PpQD%#BOJQd6{C)5I~K{oK|Bs!EgN+ zFSBQ-vP$+2;TWB`F%V)`>>#PutsdJR`@pMsJ$KFo?rHGLXpj4dTKw(e3qrw;+#TbV zi?^ACs-+{xY_GnWiG0;gh`E-hq?)D~o05D)@Zrxm#DeSA^uRi&8U=^hX+^!m&+R*j z8ZvJeRs^zL#-dz2`|A#_gEBvRn?)r0JDN`_8Gn5LK9bEmj9c1Prd4!8bQaM5%C&0` z?RFgZ)`u1b5vExV5N|_m&b=eADVUUfv?C*$;F(q}C%zJU?l|m@u>LL-*etXg%kXG4 zd509F)*Y*}Vqt!v`r*KLwsO}vB^B=PFxoDA@t}Ytm?|gF#wV9^eGp;sVbC0KkYQ$W z>>id-QWcEC4){K)JnJ7Ge$uqkgVh9<4;39AVd~UG$d8y4w+6{%OKnV^s23#ZS;oJw zopU^G=}Xb6xIXiHZdo|K8s#~rE1|U4QNaO{wg!wTeCec07qVK*iOcy1=kudO1cua= zt=OSRR?iLTYsjL+z+jW1UP^*2 zmxb_EH)pHBU|lj{4Xwvl;#O+k94A1nqJ#I=Jy$kss}y8iPhG)lc`$XVm(8)yH*381 z=*Y@1Ny|B%wM$tkB+YFmD5IxO6}n@AHH80i7iP4e9e4hs6FbJ9p0tj%E5k2}`S z4o(P89CVr4{k|fASh9U_XOw=h*|AVI6EUWrm%pg0d%pZ#otiPZd+e+C)sn>$<>-=- z2(EX9OIZ9}FaL4cE$=gX>|@%`?v!qE>b33F7$7wNqJ$a-egLpAWU5vjQNNAIQN2F4IGT7{6=#tmTbOQwpY-m zDK~Tqo{p?I=`o&L4KJs;lyHUWatvw&aggu6KS}3!s{I3#@+V`o3&xXpSaC%zJzF7z zbj92_7V+`SC+m5X#@%Op0o3;FaK@lX0}hX#NfD-DmGs9WMe8pcN?r*@e2%@7l)tXg zsAEL=E>tBn91+gAXZYm|*~>I*h^nBK`Y7P5ed9T*=(<39k9@d|^>bp7^drEX#-F%> zs7~_7W*}jYUXbjOh}xX*=t=liJ&ttf0SEI~i9tp|VxV`z>K|Sw&+X1)+nfgIn>GPkc=0b?!z?(?vW{L?5u z8G=_PYsns>pE1=H_LzRs7Y9LCDP-JERXa#llR1n$>m|Kh0YYu9^reiC_~|e=@X2Hn zpfLu+Mb~P)FX{R)`fQo-n!$=UL!(#Xg+o|}k=$RAW=l%7YLTz~jbA+rl`^RHmJ}?( z5HHAe>jb>1`6NYOJm5C^dv+#|J%WaKTkhM*ABtc_F7>l+#V*nr#c>w3a`|-11Yc)! zgIqhc$4119M~y{{W($5-4rf%6BM(kFA5k9lzDSjH6PrFkR&*#$dgocR8`i8%68&lu z^yy1g_mHh1k9=lILtnwx$aHZoG7%JPNq=bycU*Xn2L$^0Y5T{jY&VHJJhq+Wm$sJv z>3;GU(YND=d+7J>r8FP8)th`f!vK?!4E2v85tXH}h}k<{tc6O(hwwM+Mh4rdqZnCizqkys_SK1ab35;*UxG&kN9at)3N-Y3Z6N$V4K%iwpk$RcjCHE3F zpsn#uUb36E8}I1@HLMqA^Og(kH|3(~47$LLINV;^%oh$%y=N8cLs$|h{D zw_rHJH<~n4?B>quGx4E)^%Z%Wm8Q!-sVKy(?95Gyr&l3g&!DfKHygTY3easjiQebv zl3oYCz*Q8YH95Ac`59mRL|s(#VRa%|SSU+4!EN?7kk0mI{ktRH{h+$T8xGS9vET+> zEmWhnrWXE{P-?Zj=s*y{YWw{Nmj(rh0Rs4M^!KnTu^)! z3hu&-N0vX;E8E6P)MF+oDVM0JDiD^u0cL0>?xN;jQXTO3FG9iBGwuJc;hq3jJl98R z9_oY^5baFieU9CNl7;yuSBiq(QB{J6X8eTbLZnEg!lq_4D>?6Sh(y)qAkyYXRg;(? zFl~O&c)Yfu5g1%27UL&{U8JLoc0(&j#zG47W{OsNJ+EHkzm)aPWp?6>Y?h}Y3pQQr zv62>)`=12K4uoiH?abT!CD`koAD8Ezg_z2Y^D)U+ka8h$_ zBwOc>^XP=@sf(#)LtpM8^$@(Ozb5Ld??RGxgOhgG!KuR5N8XN|72&bZvtJn*;%<@ckiE5j4<^$sRae4T>ha5_tuEPTIvWAg~ zj#nEomhFS_qf!G8Rm_H?K9Dcem}8L0b;0WFf_Ie@+S`SVxAtTsJ4g1OsRD}Eba-$} zteT~Nx4B$O`1=D(*c>UI;wE{v(2#K7_0^(CnhyHL1{1!3YG>1Rv3u?hdh3>x%Oehj zbwy8Kt~6&%Wtl$_9hoY`#3nq2h(u7)DTVcnZks<1@FgG41>afg-ASU{pa>cPmC{WstS<;*TDi+Lm<1L}ZW+A%^~_&EpZuOR-XVTt;GqsnSx8p#yYOUkqujpg zhF?xV+Dr)G|3h9p_bW`(W)ZOGJ7k-m=W~|vCjLd6S;O|ZgXCAIRPB{eR+ox@u|Ss` z=JqTC?3s!dOchDjxfiHkCURBIw^uu6+`L6hplyxzDJ>8QY;iu^dD4icRL&C+kqhu) zO40nCPQ%DpygC-S_neeuRLItM@HoZUNj6D{W79C@IOnB=VDd^o76HEN@O|Ya&TN(SSCz8pYvgj;i5oYS?=In82j=2? z2Atg(kGpF#rYtub0DVE&A#vQ3b&)b|2`g&nQ!}H~VDq9}wLi-R*TS>~zx6g7zj|l` zQJQs4-iUD=U%8|%aF%7Pxgg@lTs7e2-1&5$X?o56SXA*7>qXry<&W#KKyM)1)~?~K z`^U?MTiId}Xpo0UQ2G0M_c+8cHMQK}P5JY7U70n+ua=Hx8Q=FEH0Yi0IDCnBGJC7>csZp?VTq3|^Nyo9^l`>d zG7ywS$EvBxr}P%hX5y@nM{sLpuzY1l2vHr~6;>EhDyjB%Q?K%2DmwNWHS7nNBXK0V zb;{F(Zlo5>Ju`--Jtf;pnrWCh;mC7QgD`0QG6@aTS=XeJZht|Gzf(D1xEm}&&2O?2 z7JK&%(b`|Xs7hG5MTj?oD=SvyG`Yeb`qS=;-jIOm1h-d_MTlSH^vt*vpVxvOKcaGR zq<#Ye)wu?44N}~>75_>49;EtA3zdmqE35&Eff8m ztLCckT9SuoV;CZ(`T>eU%Ha!Cs}3%~@*-M8;}#sHb{?Lx62hh_-l2$kEY^RTB$km% z1X^s|zsGtz!5I9+2?f`M$J{0JEnI%5RpOFWR8PzPfXUmIZ;@Purb^mhqzs{@4h<@X zs~ZPQ7Y6Ko+82HrM{Ko6;4B*tsWAQQi|8P#Ba^1DK=QB4Jz;b;)??!Jx*4mS!bCjQ z*xP5iX`irUu$+%(rTzmUDefvXT<+UPLXov1yM^1CCH znoZ-?J}!VmJpO~a({+3Um${JFPw#YYEFX2J(~<>JuYg>GKPYric3L!xcW??zu!4{e z!XF!7a=N%w58zp)0}iuiZ>$Y;I>muUYdmB!KJZq>Zcf&;46E?qYEzj zq_LIhZ08awTreV#+e5%x0@m2-d7Izf-NgJbsPLZ*8Nh|*=0m=06edRa&99O7Sh=9c z66lLsUFpeSEZW>ZMcl)&4tM|hPhN(?)`A+NB9M2H_uUJvAmBmf9!Q+mpZzj2p z0l!)4Xr$?{$3~BjZrXLr?`CRTJ6(O!i4mhp+!xm$qO%&~WE=+ba4kws?Vk^+t0+CJ z2E1^FPjoJw2aV6gG!HqfEzzC!OG&x;=|x}XpoyU6y>QUMaYW~73@J79^L^2fhX};K z9zaf<{M2MxH5@P3O}C3##TUxzV&`s_tQ_r2^!wln(nALtFV~6cA!K(#5uaEcUSP4q zA!{a6otbj<@jQeMC#!#uGIBW!Rx`=Z>zCV&eG{5)mr)iP(~pc13NmXYwO}_CAqO%W z631DNu*{BNlVHcfgbKj^Z61eUS2p%gHKFc|m3bq6oK+T__XXl0`Vf!QYg+wY&LaFg zk)Vdza~;#x@}&%R96HydB({gb%4)inRXRh126Gm&-LbfJrfKlZ0e&WpPdWNiS{%=v zbdQMBBZL<~zW_O`vHHimOZl{TR}Jw)xAnX|Udetse!J2}A`n+zIsOCSNmPH## z(7@}es}U2&ySce)5XpRVIx`ATHp*flQH6Ojkf%`lYzLfN58N3uU=t|U`yM>Ytu(T_ z<_rse-&7KO^0n>##UomUC|Z2-VD;Kpb@?t+57o3Qo61FJlPzxc1e=dFfqZ%mg45wq zS?`<0X1%&z!tBr`P05rc6SO;WT@bZF+A|${t7^ON)2VpTf%D}w<#PrBy`j(U{@xDZ zdHiC~hHt?H9_5D}#kyX4Wz_5BSuSh>*or?MJI%8mEw!=2Y(7K=oz~bTg&{ku)?C_rR8k1gdE^Dl~yD*0WO#zbf z1#zGD0$W~I&eh6idR`bL9D@WhQhpQ7lKB;^S+J5cqr9OQ ztGz`2c5kwd;Xg{DUW>0Bq4*ol}H=3f-FA9-XNpG zHTZjcmZyntS+`%8{k^*JrHbwAt*N_4Nx?TNb3Uw59U?VS3eN;hvRij^7MF9C+kNdw z@XysTc8A$@3h$7zHFww@QI$uM9PW?6F_Q0h?H-B{Lvxe)Qj~9*Z`~;Q zQV5rjX-V^~Vhl5xI4i8>vbDv+O1_M{t&PpT+|RoAhx-TIAG+uC`StxdpL0I%b3W(& z%k%a4VEZJtQRWB&b6Pa3)7G%jc2hQSNZAh~Mz0fbL+rB}F_c>kNkhY}%q&w|{y zGYT7g$Waw1pQs>EiGEEuNcdscZdv@K$854Yx(_JJZ4IhQB+9y{Kk}~$=5KNd?3pf+ zanE&X$RWjSd~??=Evi#BN*-c3=^)VCW%b$LzlpO~JCTwO#j5~GsLaK}Xef4p^`yDc z+hPweW@g6%AP5uDFezRuOIuI#)2+;w&HCpgRMY{~69{Rsqd))NF+10K&@b3_qX5$; z^ly)r9Rrb@Mo%{f>dJ2C6s`@f6v=j^m?(Pfw%%j5v~iU%S_wsd_h537IEdy?HI2W9CbZI{ZJPCD8li5V z#-cwhxIEZ98N#Uxgd{o^_?GV#Y%=&^#44;4_+@4)^eP@Ee=?R>0KLp&)X;ZElf~YW zh#MO+&F+Y`RkLsqCKd^wdWf>H4PerO`2;kr7;qwITq8V_MoKzxQn!izm}Yhag!MVgTw;huCw^pLP6O1zhOlzWs*Ij8A86z=;Ae*Or6v{6%skUR$%{HHXRtUH$AFcMM>R-K0r(O-7|syoS%}i3ZPMOYR`-ZgmCLc z;YMtvcrcga!#^s zy+ChW`x5MMoT3mzU$}2|e2q{A%BMy2l77wJnZCpWaK*8cwM^_8q|8@%p4;8@846o- z-}dvL?LD*E8k%^qLqi(LE{%f+#b{16oWE9l*w4|WHH1@*ebdcK$+c|YMzJ#m;h=K^ zVGsB?(Tlv;(a;ruInACD7^w6S-09uKg^EYce7 znHbNpyfG@3&U9PFSkL)FylN3T=}S?~*sz(>6~!X&tf474rC|&{!C_~M*(-qT_xuDx zzk%H|%xsSz32TmxZQ-<6On?7=>YO?WyT*|!_RFKR(ijfvEbP8k(Mp1p;i9fqkQ1`3 zRM&~sxAfk5_lTd}qJ5G-9A*%!iQE(iAkxa-UH&GGqXBfd(j=s$CO{!c*D ix0n7Zpsb-?G!>{3LPyqR$D`FBiJQ~O6OG4%GX4Tz_24xC literal 0 HcmV?d00001 diff --git a/windows/deployment/update/media/37063317-windows-update-status-chart.png b/windows/deployment/update/media/37063317-windows-update-status-chart.png new file mode 100644 index 0000000000000000000000000000000000000000..875b303375a442063870385c33eccc2f72a4fc62 GIT binary patch literal 53909 zcmeFZdsNct_cm^qncoQ+6vh@H7OY?k_RMIq;g6dOUnah z9>`M6JS8HeC^l1yil+oYL8M8M1c5@q5WyGw{?_~7`~LkrYyDWu<%YGqz3;v6z4x`R zy+7PL=kK}Y``zE`=;&t}G1`AeUG#C8!It;N6&X19DMMhLfU3=%cD{=qXaHh{E+Ut{kzFD zN$tz}f%^LTl`-t`h$8^)?zFF~pLzAG`rpKHr&}Ap3775GZ~rE|iPO~{SNpm-vC-q3 zpwqHF`@h1~ecRT3lLme>TmMaX{NR-CH{s}>|6S;tBL2_Ok;6jw=&~RZp@31EHJiR| z?wb7Hu5^NC?sMC||FPfTy{Ya0wdo{h@_(fNweJ772PDnrRLh5#9^}EMLOasL+-?CD zO*xsSnE&|Cof;l z8T=wS?3+#gW3fBC_j0_;HdE`amHv-^>zjtIrquWpTQ#B`Wgj+dH89YGr!8^2vsPvQ zE|a=HR%V%iw#d-3K8u`atWxo@W!N=j72GySD-PJd>&rhs3|qUde8`l;a=P!-RDj~A z`Er;MK4&MIa6`&&mBTzwSK0HH14O)U|NM~u%6s2UyBPE=((ZWb&lx8IpTRb*sY_s5m(q5Y+N^uh*;jo(G~jDxy4X1r~(3T&71Y zlF*;Ht*vm~&GG%IcN0_-vgnwvDX(MUcfT`gXAOwQ-HbY&^W)9l<;GAX^r!URLeJCX z3@7u;XC(@xvby+ZSVU(k%h)+<{`DvdwD2vmNjxny*KiW$h9^MY2Z|qg zns)B{kRZ8dadCKIcyT^yxWR2LX6xuE#4{VV=W&%UszSMwD5?9BL6+l-hs6Pirfi9x zxkCA=TGzWV%qg|_j3{ZYfa3fcZh+Kqq^91DM#CHY8}r%SF9Zkok#f0Ez>n>UUGRX;iR6g3BQ+JETe!JDJBXvJxjMOxh;7MJ(6`}3PNHqs) z_&I(0fxVved#|GcSt2D1Ljx=mrw92dj9XZYwBt+9@Xs(SR#;R>%iyu1#^?%E%9sAb ztFJWBP=rh0^H`}mMa_9sFTEqcMy#gHyhSUosp(g~NXSyFg?~RTllCdoOr{IK2z^pb zzZKkSAw`h(rCSQnEcRg~FETf!@C{0z4WLoM3V2w3_0Ux{{IdAY&I;3k;b+z`d~Q%v z2ipl2p}uwuqyH$mOI;TMFiHLN?*n=#R8xkQNinJq?{frM4AET1>Ybetp+yk@Y4Hmh z9_D8B(!G0(gl@gD_@2x|e$%$m8{_SUw&|ZLvzT4Rb5rlnb?KYu1q%(nj`4<1{eigL zV(@F+J{nEuhW*CvhEE5~QiJrATIV83zyH-klQK8j{rBlX5C#j++ajBV35MN}tW%mW zCA%$^3@bsPY8DJ~WsMK^u$lsJqJ?3%h}Go8e2buPRI7cH&y=E1V9BB=Wy&nmNp*Za zsIhQ(>8{?yzM!#a7l8b-uipC|>3e?3NuSy>)Vhn7IevgkEpa1zs|~fs@T&Qil?^8D z>6<@O-N2=OcFI)9FM}JM-4K#{T5q0e3XkHV&iA{T(31K6bt3FCzh5Fb6}5f~>Q;_9 z54(F8MIj;AtsA-MxnYK+|9rvfKAURFQ<{IKn0XVq>F~%aSEk^y%ogeBT z*t~z(7i3Ys5`6DX1OVwO?=5e}i@i@>I|Rd5=z0)~76pH4K+H#Q7g?|PW|)vev+iOz zU#@6pk*vXOf}!#d?sv`BNwdR^_`GCRgy8MIJZHS-KWjd=D{3%2eD zcL1SGGw}PS)EyK=aji}Gd#S&a>nfFfEu8@eSvZzw>hG94*n%sWt)m|jwT>nZZPXj~D_}Oof zbAPg=*YC?~eF^^TgpKwF{pD;`ulVN&>qhO-`ORK%Pz%(O{4;BcTyF6QYDw#qu|+hf zqc?TKRwHp%Db9)5hYcjz1rJ-fzOGX{AUs_=)OD-y)}f{&qHmCEL~6EvdqDE-?+jOl zoM|ZY&wK=5jcbimCWd^*wrR=DCia~~_iCaS; z!%`SU&NTkJurc%=*LZ$-K`f&B9_UR}%F2iF0jH{FPMbuY_|Ge^j3Vqpr#ZGrp3;=< zw)CzX8BS}_#7^|2wpkq5uuwh!aY9fL!jEhi%86Is>#%=5lSUNvPbVG-C6#{r->^_$;IgW!q=IBB zQ3=G*+bhC~Qh%Rmd=~E-g({_>zj>m>LVtU9@6#(wC_U1KA4pAihb|0*b?|9B&$J~f z3xwSSrKC}smEB=PW)@F@mbRbuibXuNq3!x1KUq58yR>85oN&*)wG{a&#Iui;s_bL2 z?c#>-@^ zXvuaa%!Ir1PlP@>1WvO+Sj-#)%Fh$)J`EkOQuS8qZphbAikqZYhE^uB;={Z$4n9B* zTv&P(zIKaGb!Be!@ZhO7+gt-hd<{MfKU%B?J zn>p*~^CT99Eh1zvk$)@RMkxE2Yn&n)K9fNT%NRKg(Zv5-u|v{ zDOE^`oLT6xS&RRYcF{g$;onQe5vh=$j`aROBf*W7En7WRJ=|L_;?iXHN;9)>h;Q29 z;I@RI%l~F>jSuULU?5J{n`8xUt>ASaSxZaujBG!+{)a5Rh7kQbi1#S$Y2@NLrJM3` z9YtgopbRl)%uNM9^wc@9>)2xUv&}m` zE3F;xDZ5p{$Z>X!JM_31IuN!_Zbx)%)GD{?uyUmH@XKD}ezW(erf-gMo%6S@d3zqH zUnc_b6u+nbliu$5(5?mLlIn)rJG*woq0KG^H5vEM2O+j~s$SQaXTHa#V1RD^xIM4> z!VKVVa5HJ;s|Tc_TN0`xf5)cZW~#f9hRJ%5$cc9}b{oc2`QlFt+6<)Wn3>4j>ilZC z>ys*;ar#MPToTG6;Pz=`WkPuT%37Xl=Ug@oB(^e^I$j{-Qsw=zB3OXa_rFbMI3!1m z)T(}!|4c1%Yrw6)-Iqnv1{&|k+xt-ni_W$)u4~uijr!x|_1g_^NcHx$=jjQBdb@?u ztmx0Lq+vSLfB(&rrk4$?T&y<^nJLFFD|VDS8UFa6PkR{BH0Pn`<>|E>?1G0{V_D2D zz=FK_dAe8++1QCtIn`bMEqa8EAs?{GF1y8+T!t@!r`_9c6<4(w{OPfD-~(V;HZSA^ zvD}RN6h(3b>GN;Wn8iQ6&sAw!tnpLmUZ6?;~* z|J1{$!1X`2)`aZsv)dWPO_VnX1>1Q9#h$GZZImHo_g~kVrM~<(*)ee&>M{i|+ zqWDyr=t$BAMt77C3#Ew6-PGF6lAVUHhmz#91?lk-NBQ`(jz8O-PGWa1GcyTFWq*+q zZ{5gJB7gHKmhi)wHu@hw#l4W0z0mtiMwaM!n{+Zz6==+t&q0z<1Y*zKs3}mtO;Aa( zjo%Yq-TFffLT4IY=6X9`=fxC-qI0hQWnAoRSP@?@bI3Gk12=f8+cYe6mDxC>6bj_D zUf`-|We~sc_-TBbhwO3zRi96WhaGN**M`J%W&T|2Ig|dDHkpN1fgL%|(wi7r&3G*$ z!pbRSY`5o~KbsdCA5q@35a8PO`_sKY>hwq6H_!aaE%u0Z3HH<*P!XG_a(8id;_D|- zKf1%KIu`bcyi4k3Bw$xh6xYk0dExdIzEy>zx^|&fb;hS%C9A2Alq%^hjg9q7xzLxg zxsTnZ4eKw%T|L%E%AMi=h587`S5D><$`58X8&58tEveiYxYSAi@H%QwdtUt9FB?iD zD^QZQGvOP#=AwZQ5Z+U?hKa~JyOa>*E@gbu`yve~U0SerA7sI`g5G@raU6Yq#05 zWuD~Se*9B~3@~S%ztx&@LqH@{k*(4BL->^ifhuBiSnMFSK6XB>)--RagI85Il;z7! z?{(V0=Akz;^nc3k{Sd`_^JV-gjAw?_`x>JEMu1O+{ZqtB)ju5+6wsw)e!7f!wDZ?! z2kz6;kHBS4hx?GEIhPHc zeNB=`EGQHyZk>Xj-CYokx>e7>PTo3xF=eYuy5NVtSj&PjgyVu>LDvttv8+Mz!5o_2XM7hdG~bJ5`!NztBqOwuFpWCt<{4o@irZ`o2f)KF!y8qE$$ z#iPLeHd&IpbHX%RAhIf;k5qO1?>eT~NZ;AnV+&>*?qRgNaNF{*>z0if) zs+DxjYbjwiK;0=(oxm;fV`Dql7@(V~@>9A?_nZHR4ziejYBKm=W@s|x|A$bT29Hf1 zccmbc64X6%Eu0Nc|B@!cuAM{Y%i*oe+UM-CkFUp})hu+_DxcVdR*Q0K zuolq<+!c>NvdcO&nx(FYGhxT8*VXF>(mx;g zv9xaFxY^^nowMggzlb7MmoM(_zX#Vw_z2_NNt5&Xn>(ajhT|ig%3`>n=9@}{dmvfw}m78GMU~7BCXiENiXs4%%Add#8mLw z&i1KOZ*9CLDBCq&lextsO2^gsrmpF-USC#}ncRt|9Qr6-)kv3q+}7KkbcPp@AuE_o zu39%Vma)k@u1+pg)gKN5!^jO?U%Ra@J`%esLu6kvmL9;;BQI>V-@7dV)=PP$zC2Kg zIq}8|VmPzOqCv;V{?^8EUz$UL)n)ak=XqL%Z&tyWtETsDug~q8d1o8+6!znv*~v#n z6VAS~L;N^z{`bSpzmjxyW4sWJi>iOOqF-yO!k7gFi-+&=L-mK1@_^OF08s$@KvQD( z73_}#ZM*|$yDh(7mtM0}LD`l!(}E?0xJMa3>*!?F@yl+|f5^V2Vx9iZT=uopBZS&G z9$y5GLb`7d18pL1?WV{VY63e$K1Y~f9V?786O?CQ$Qmc|3ZA%D}MU(l6AS| z%|W%+&f%-NZ}!r1qDgH}x18)u+}nFF(tqgQEtKPnQ}2v|Dx%Ghbf2wrJ8YglKHXb}oo!rRj10T+-4bzrY17HsXFO}Pl2(^A>9_tN!1`H=|7L>Y3xr42 zaY7z>Z~Lg(Y}*oGOC+;vE^ITv=98P^#q)Z^r{E&U*REByw8?*bp;PzbUA?}L3Q`$( zb7$P4h14naBh2z+C(mU^X{}q<4YLY1F4?SO-$&xi*!i@ht*{M~d5H<{#_yQr+G{Tj z!llY(h_UpwP}Sh#znbx>gWRhux6r-*q=;A{n&l?z$Aaf ze8Xbombga-A$sBkbWSb8bu)L6ZE!S{$_}V7oNSBF9i2mr?9lQ(Rt-iB4_+`(s(oY zD69Wc_sB{5LEO;29fYJc)qFkWv3tZe4)Qgz`nUKGy@mEN!G6SxWAnRHH~$XcK@8Ka zAeO7qM-#mrQIV%_S9Wa)yZ6Xx|FRyr#=v%>r?R8B9kj3z&XPSFtX%iA1h7d{q&QgK zR@Tc`TO;*SGxR>h^FQ8QEb``*tS+P-RBzF_N#84YXQ&c7Sqw>a8VnTgeGlk7TCJHe zEQaXTL`_7fg+Z(?E`U_(*I8q}As;ntJG5Lg_1&?Q?=Dx2u{wV}VDTl=I^D=ydhXFx zWl4?oc>cOusyWQ0Wm{3gOG$YTXRFIv&Xbt7O{3?pw5l3bu}ORLu6_(h%np>u1Jrg% z+Z}IQjVFz_&uuKKY8SmEm%35?BGuCfdmu-GJ8$+F0+@jbCkY4Pae%M2( z+8e}1JgAP1_)*8OJ@(zcl5cZ=L*f_Gm*;AN ztg($-2JIDxYQ8c_l-95ECUmD3>pBnBre*bx>_hs~8(wc3pW$w?tcmlnzgYn73o}=) z#zv^v%XD!W#`E}rtr-iYyn0#HP+lQ=6#F4OZ0Br-EwJALp-HA$Ko0Q>Y!f)=JEwxC zz-_fGuuE&Il1q#XX**uWxFcD{=lZJH5u_7EJq0gXs>|{#R?3powd;jeS6`TDq@?`2 zp9tCMg=W7FbX7IhWSMau=j`<^**U?SK2pahU9=2@#dx{rT3EDV<6jbz0P;lz4$XHRH~;0&{#SEZlP6UgDe|#lt3M zF-f_M%;~9N5rHo#e0x4EsVwj6OF9eC;;_(Ambuu_Qno`&Ho0fm($A}XN{Ypf_lSq) z3}Z~&k)76AOcH=vRdoQ;+g@<@XZXa`m*SQ<=^d?l&;=|@ReYFFMva(Le59)^iNVje z@j}iggw-%s&crK*Hi;`@6;$>gWboR&?T}ZR}?SI z?v%E)*@g4%q5k2QBaCqNmuS+vVzHsC zB7dvps(IHEs>v4!Zwydi>my?(z`sCtA1*!8Qr*!M(M73<1Tk5p`>Dcsw5&~8j=S`*#K(cMm*D+Q}--8qadzlEq5;#y8F#<8W(Hf6F7tfG5DA$yL4yQVzb zz-b}u?DmTN4Jcl1O&fdqSna|@6KLTmkQmERG*zQs(A-4VxE3w*geEe(3N>}m+HNq@ zr~qFfLFD)BEpZd|A?yGgCb7Dj8()r}Y7A3tFU=imRkV7Cak@QCQ4B^3oHdp&IMtPQ zReE;%J!yeOKj+z5{m0%5aE+%Yg?Ukf}vUT+SBGGXm^5wmh9fAezZLSR)O-qJ9c5Hy5a0{kN>k8 z;kXq%h7M();Vp|S;a2&kk(?xJU320@1So)j6Q*`HwZgt5U zm&x<9CEh^@ZwJ982d3#^V5}i521~{J^;ZXoRva{hd7zvCX_Jg*S<)YdiO>mUx3U?x z{5aKqvh)Jy2^_RP!B#b4mm)3&_pg*n-Zmif)ql*B<*5PY+aAebAVhy5bP_jdGkjhn z_wy2Y5veHrR%i==YYCk_h%AB5hxoe`$#^&(9y-xurHY!36?5YA^&@$HO1QW#w8bS- zoF13jVN{Bzd^3&qKy$GV!gd`!sHXaf;D$jHRlKc}a}^U#pxt$qr(2C)EK?!^fDh2` zN6qB$@htymS$d!>Cf!A6Gv9}|ZuTJ|`Fpz(d}pL_B?U<=Uv@NC9fkjBbE4YHPi#@j z$UznTj-gwqLU~IfOXFJ?0huzcBYybr((&Y1^{^Pr=TOJ%C^{npIRD%#E^x`NRazjc zbmW}4pjX}SnB7DbUZQ=e1IKW2VT%oI+H{dg-kMv0+khb97uWUM$@A8RC(CUv zVEZXVA4kx#N5kB%(e_osOd79n$FQH?+0n*$rxA=YFa?FKt7%ibrSHmq{L;-Gh(U)^ z8+_eU8dkd#zB3QhpwO`;fnBO0s5bLP6;lFZl`O@3`??yx_2#Pnf_CxAp;I2jr1@X} zVp?)00<-?Aw_jKUXgAmQT)U|2_0kIC@WU;M8bu}29xWUX?M__JP zD+=ma(vwT)DDEudMkS2g!`mLUlc5oZ#WM#}AS&QggF53wyuKVSgaY<7kSm&4t#L;# z4kJXzPr!U#Jn@(8CPmo0{I;86?!#pvDgGCwl-`yvvbc9ESYFFuSTI5z_fCtox5jg1 zRgr4?zkLe8)=3dhu}}F>@SIpEuk@xIaat$h*%h}Fn#8MXsFq~YpO~>s$2OwL&^Roh zeRz}c@ghWU1WiMJP<2dN>18+oK;oO)E5I{hwvouPl&d_IsFJ3T;H{aX7#O*JMvdRm zse#&0;EqVE9vG7(-#Ofs;=5)}j<9DRcy)447-yNutDD>y=F0JQW=~xU~US*i^Hm4^(IW8T+S=~ zMSO*b2nxQqTna#5WRiU}v(B^IswmPr)1dtkxG7ZIy$&q6SYac6%V_gh+quGlHs?g0 zWSD9`XZ20@C!7tNsGc%y$HQP8mbcRc8!;}wR3MMy=@65I8@5AUfebcB8qZ@k$b-6; z$K(Oipe|O?=@DO4;y>s0ycSkRyq1=wxF`l?0EZ9+p5}+`oCLJ1aHfD8ecca)>A?_GY-5K0NlsEQL(4+7JP$>qp+i`u1A3Xhs@GoT}Gk0XK*Au}|@kIcnuN_EDWcf9k^{qPe8T-)BQD0Kt zMxXT&;16UUPYxPw4CE0vnL~kh``*?nj{ZGBIAK|u=eqo&mTM^7MV$Ak9z+Vt5f|Zm zff@cTyT7NHWX-^YU}A%RNNp1knZI&v)9nXd-11+VTmh;-qMYz9V7CFHKa}M~%$o=x z_T|y5U@AK<3$ew!rjzUGD&4(p;sS5e2RrfX`Ok+p>?@sR+0A|ErS!vJWDp7DVBTI6 zQZ5Iltmxo^-!wJNN0!R4j=x>);w?UVQac?TB)h_jjFCkZJD2+qV}6FFcnl<)_#A zviUyev{!J$J^^U9p$4p9iJ+u{Qht^^v8LnqHHQl`qFhiSssDs&yE2~_A{e&4z^aki zqfJu{uF2AoX43K|Uz9Y#3%P_M`3BDx))LK;j2bZ7gj0hbL@g}(P2_f*qLiZh3fhgb z`VYaI$ODo>{??M03(7RsdCI{C6d2@VazJb;Xk#D?(tR`hA&{J!QRfqA5u+gzpjtfV z#K4CElr0Y^aOiP3owZb+x|`iaPK=Y3c2!_3j*4KshU(D%^SO~{`VXk0c?cD*Ssn9o zu)e0lsiriSDSjN2Rx^5xf%&O)-VK7ySD1^hiBj&1sliuy&L|)=NC56X1RXxeImUFG z>~5su*$jo&tp;4*16Y_P7x3=X1U_TME24AA6+U4w(W-@6R7JBLxjO7Ha4w6%>4LaO zM2G)VO7IJg7>X7Wt>(O!am)GO<+a+PV!=PyU!+K05}kEf(Go5^m0D6rkkoaWlnROa zIK?(~HML?tNAf~pZK>u+7tByzsQGs!CBRtJ!+r>*LFuVwkVeHx5Y2^0OG#eJ^do|Y z6o1eO_xW>-V@@JdHl`}_mo4rKYY840(FvegA?=fMLuter6_?KfMz~&8^}B}PC`ged zL^4!RD>b^p%J9H&>;rg(_y$^73beZ|S=O%qS94~NPk31&GZSd=F%l%|8NU}ezfgtRIZ;7@BWlVn zvGn^JYyHtBJ;G&IS=7rG776A%SOBRn;O1w!FG$-58_J6q)MnXXJiuK{J>O~S)SOd~ zuAeULg4197c`El;q553&S2!NRGrW`{OO6|^8t@B{!mhf@<^n;5g<}cb;E?G*_HXP^wit7DK;F(H^)+({dTKn=lmm;$BJ^B zr~L>Lw@7&>cqBE>EnZwYlje>eCdSi3p|h?kTOh{MYmHS~ zgM=T>nH~hOTYV?C_OOc>)3qHmTcTSl(XX$xc^W?IFt*xjdmf`2Z`ucm^P-MtaGzL| z;2Y!J_PSY=10mcX)cx8>?s;YR`P5}$a%|fJV@`eqKz@?0MQ|mcA!G>g0MezZ74`TR z`U-$IS4yh5D-52Msxn-}Y?84st#$TvNuU)xyviTUMa|Lh3+hxX^jHzD*``507!puw zBux=}5+q%bZ~&G>XoFZ}5t#H!TaVZXmmMQghS(UQ8?yVUFT?}1TT`oNiH41ho+YKk zjp`g6dAK3k;6GsRX~*QzW67f~jHd@XgEI`SDgANDG5E6j==$wbHMIs1T=UY0ZTmcgHGCo9-xN~bIQc9tKnP{}j2Hs(~C)9)$W$pErCkCSZ@J z@L@@xLV|dVP8!UcXCthwhW>>qcptW5JAhA5bT)F*5C+_eav4+%g=w|!QLQau-VF%m zuno3~(SS^60Q3f%M?sQ-v8&gCs(HF^5$!y=D=!i1FbftQZ`BkkUFSioIhc$OBMzqt zgxC^Lf7c0K7W)p9SX((heVYw%W5$2io1ftMCVLO2+Rk_UL=FeQl)B&>Uq=wjg8`OXeguEkOuFB8hbkkcTfEaq^Ch(7LGq-X|n1P@nw zkIjXT1-b&oTvy-feewjPIY|Q@_Zlm>B7DtET*+Qtj#w2f*Kk0~n;MjbspYOeL2>=^ zHHtds$!L&U4V$esWBA>)CsC#lWO2Bx1B@0bezJSy8tj8UAkYPZClE&t3mhWx8o%6X zAUwg8$|$1~XK0h7q(Q}Iuaa-JWUyEehoCqIme=k8yvr2pn<0-~D@Hhil>ilrLYH+? z)UXH?rx~?hrMbi{&$od%Nao*`9FJzY$vI#rgJ7+0oLDkVZ{-SPVkwXp!e%qFY9qHD zojtmls;v$=&HP27HX|2T!`NvXI z`x)&Z|IHt15gOTYO$K*)JP`Y%ncu17>+Xd`NIGD($07QOw=p|M4?f^6Gf5Zc2E9%Z zVK1koF$F{bq$Fks?zUI=c>$88#h>_qNt&?=BXh{z!NpAf<^vK;x%E_45ayjYvjU3h zU;|aC3X6>Za}uE?)>MX(exh^lmw)$*lnK`idyjyYS>!Tnf}#(*A6eR(oIj4!QlP(=_acD_gu{mUOK)766a?^q4zpK++9- zF5jiQ=%giJ9Zd{%VJ`-NO zoV|i$RH`NKI90>mP%prAl^zf7&`G>RdVogdmO8Vn1sZSwL_+$)=j=Fq~x zoQfB5&s*Q_0c<#Q;GxY4KkmQDffgs1mM=qn_BeZ*R@Q-yfw%e!n5oVjJGT(_XTRLq zB;#1gi3WZvG$Vd=7FRy-Wv}X2Hq-qFoYY5T7D1R%5ve1E>VteXeifbv2B_o*QKi@V zy26%!DrHQx`SBw(Q!K$Jf5T+12Tdub=nn`+MoH|&GK6G#X{;#&uBH>9R+mq1L2>*z zf4cHl_RZA~yV+P3EaYv@Hx($Udt)3lu+*{_eta0FvrmHv6mOjT!N76b?~Ri%LtVeO zkElQMkNpOCa0&YISZpx*Jt7UwB0dm2H0rRC_x;^aZ~Z`O6?9pk(?)A3cL&K31qD^t zYB!V?ioC8hER~Kgs?N~vg$RRawyj|(bU=HJqaG^A!54nkzU}+#zzOED3G1b?p9wP% zlF?naS&<^~;l7Bm`O?MyesKKGj|a4g%wtGB;Zf^l>qF+_fj%|N~pS7!7Cgn>`y z@8l4FU&{CMUnae8AD)teAE~4IDf-t-B68OO)%RTI0-}xzPv(VC!39sJ%f$cSG95Wp z)mk=;u*JXp@hE<3Z1xRe2!5yS(HH zNGPyNX*-JxJs&dUmhbQ1bAHN{dTis##8Rc z{ov@!z1`O2^y9KGJVkLK#bTn;kJHwt+R~n{AOPFkuMDY=<%RWoouUESs1Um22!b@y zIg=4Hd@>yX4WvE&Ar40WHg>mxnha{;%=7zV5+`5+3jTRYTVyuy>vcsi$+CUnUlOsn=FZ*vK|xPRcKb$^A(y7-TRTD35k zmb#UT(;tI6$+8{>O~7y!?}NJ#mtR&?EFMQls|#K-@+Lu@v4@rNe6_D270s@UnM0Vc5?T%bs0k!bn!{g|ckwg4 z_*{{5BmbBW7vHgyW=Fk?IrcJ9^C;(6(L&zJ=Iho@FHU)gp8k$3Jcs&e)e2N$Ig#qa zWh^O*W|JvdCas0=&Dn-$~7brgrCgsVl)lw&zl#Z$7-QWBFtV}Z;pP22ApSv$@$;G+e z7w?0lB_8QpTKFJp8VHE({C8Z8Uw7J zI*P$$ujLTo3Q;ZcQxO1=Ig{a#QDR?)F+h!hF3gPh%JcB$DAZq29LT3Djwioi00?5j zo)Dpm%r-*k>j~~okV!C#y-akEv^_I)qCdexVCoREGzHCAt_nBJwk`Rm7EYfbMkCE4(2;H!i-b;5ZB3l?V15sU&j2!=s;ZBmzqKq}@-V4w&Mz9f zv{Ta0wB?#Dp#!_RB3SETG`AB1X#ODSGVMG&t62(0Uu*VpIa~UENv*A?PqBDYe*FzF zC77MOI#FDBMmU7evFy=Nz_wgxp; z>#$f&ssJs~8Y$p0V5}>NL2piJtlmn0R^4F23BU`X7M996UPxj~-{vxT`#%D8vK|BOq`sOj1e2FndPqjUAUe$~k6G2^rhq>sS4oP^Q4?j4@XvY=6tYgdtfsxHBrr8d1XoXkys zktv|o>~n-)9uEp0XyCuA2J^f!=50QecRcxJX?pj3#rLydHzUr@yt?_2+qqr>*W25H zssJCAEonws2E7r)zTdp#7RK@VD3UogdhzP3q=Fses?)N_mq(JGiT}KpM*m;7-8;mFY;*jj%zyIM>;LdiCmf6~1QhS{Go)pu71*nS_n^PQyNcH=mskEi# zegNO5h_ZP6o>VPqIY-!>mv9ek^lDM5^B-Ub=bE7=Gq;SGZAqCwoZ4l^Ll4^-g z@QhNs`fK8#cyhp1-s4|*bOwpL*oi@ba;aLaNO(RVMJBV|4*tjfqY~|e`@}@e?n$Gk zLuC#vshVkRE9v>D>?6B5*T>Nn_yAb}dtGNVlf^7JP4VN$H0^Z{IzcE4g}$r?V$5ia zd#7c%>V1Sf{7D0VGT+gGI9R*1hNn{`alXdawM^6gInIoSQ+al?<72TA*UcDzn~LLe6Y6Nf^MgNY;R2)}VUp2? za4oI{MuJQ5t^lfTZb0sFfV#Yvc!K&Iy3~h)Oym-bBUN5{gL$#nqx>gwn`Oe|@FP-H z8tseQ1`~IPC5kkCj(H+w(wBS9ay5)IilIa)wEYMpM^da;q(an8i6TfiHQ+Zd!P~m3 zVWk;jyAA4EwEF_M9FUnEymYC}_}8>ao7soNKVsZ^U5_RwTxmGK>zQvs?PBl54Ix@2 zP@1?(l3|$dcoI{rR3#Y4wsb*Lot+0kL&XKAKsZ3I&gi#)+`YWr&qB!BGHf?VCB!jU zvGXM7b4x=(0kqr^Vel)yGC_%+s1&Q?T>t^=gLu5|@uUOR;T^9v7rUz3U=(l`RQ-Sq zaQd!u!PkX#eNP{C2FhD*r{j0Dr278>MIOBb^`Y4W{tO&mrO8xU4zqTdu+=M?*RI0F zQ=+C;D#T({2G90lz(V>E1=$W9eIMv4w4qT*_Xb!biSNYSrab58$py>gSeIQs(FpJM zmU^&$vdhw=8KA4Rn10T%l@OuDq)qFl? zo-R)~27y30{kE7IAoN!ka5-0zT99s7=NWualu?qrD5rsz#4~e`Yn@A;bY1WjA$B#Tqrq>r2f!LXtkl zNEZhq0wPiWxZm*9a(}U!l!XHe@qs*=wwTNAj4a6fU`0Pa&2$_A;rtwrH*66-uKdj& z8{lP81)GXzeWJ&&PXEwRGwAp9AOLa|hJQ!@g5opTPA0pwL)tgIMa{Gc~6#I_$N78mKI|quHur->`8Vz#umE!<`G~- z1^4i+>^9-Vh*ndN5gtZ=fol?)hL1+rCD(x^SCCH)(>K8}<#56-Z%<6u{N{#=y~;&; zKvRX!gasOgY~)*E^lK+7_F@;UonDD}{&^@yWp5%#)cq zOus|~2MCoALQ`tEO52I((m>WGEfFbG(X*ectx*@T+w~f@SnL8;0V(m1ukxH13DNX^c`VZX`hTZfA@^P$wQW!B}3t`W2pNelY1 z>sN{@4$!X@HqN?Yp^s7>gB$~=RE`lGs%wej4{v6Ht@OFE1B5Kuqk6eBc&PIsR#mvt zdxPGn;Nt$#mX_y!ZWHLSXxpl|U$ zfL(2z;~ql`3?M@H-L2wIM6VuIcKWDZ^?f<6`bc3H6cpNw69b+ky+(}<&#dmn(#i@8 z2Z@5LN9mnAg_dReZ)KZ6&L`>&zv&^4){c8xd{~<^{t%)hZQ2}1hd4|8PtOtN+3)WU zV8PA+w?C6cso>(W+IodSs9zzMB^iKlY-`b$X34ydobQF!kjmpuKIMmXyqg$DYuYL zp<{?pQ$g$*TB5frjK1XXj(7x&&vW*TaG`lm&A0G0YqPs`U>pU^V-rw^#P1SY^Vi-dnG)`i-4*5t_6ANROXPjD~-bAOknl-|9a z`<~Uc`eS5u3zv~2^XhnQAJwm#0>kGOT8g|~rodnixfV zufCq)e+Jq?ipu#?4uKb((eFCvWaT9~?;6)Ke7}gw=;$M(EXBVPD`8>obUS%W2ujpc zQx$1S1c-c`TrFOMvGI@a^V&{N54&6&agp?YoXnS78BM<0Zev92i~uJ+#=aQqW{zr# z=e&wti~qQl3JKCn!YGtVN24c*Vg2bSUPDc@ZR-rMq^mW2vAU)EAoSN!!e9n5Ck`#r zgavrLU8^g@`>)#d6`=Z3{2NHVmLg`N|5U3LslsO1PHqXJ9TvS1dC?N=R6_}zgIf`O zU4HEMew-}SA<=-1ih078uWAs>DXNWOeL1y`PZnp>8?M!2OK}h_Zw!Aa3P*Z+uyFGB zso~LLEhH(Kz1H<_c*4QeBZ&VTobe`tH*|bmV+>fv-_w4(`lYoA1%;m&!ao9`Qyrs1 zzKzKf>w2Ld?tQ>Ae$sUp5>jYp`BPPDTg+QK?~Jvfb3`bl1UgLKmTyWe+3MvU=E|*e zE5OVjuFl{KRAD|9)zAs5=CM4=*j*JsinD8Qf|#~Ux@o@TJ*N$8kojP2@>Ogt{gTWf z$lO@qdc1h~(pUp9;Sl&3sS=;D@`Wlboz`8jR0Xq{Aod8OIli>qDHMG)0lZ=tlqWG) z{TAV74mqS|r%fEBcB6`XB05VJb|oui{61=WXjg_h7w;dgb)S~-ncrK2B@bto)@Dt# zkBxY%=VyZ`r4&gh^%WkrdF;W=8Hd~oW@O(v2Tx1UO4ppij~`~)1uf>)Fbe9W;n!&R zE%1qCS`EQ(qA^TyOIuJQpTK{rp4#6Pns9) zs$BOA?i1_pqif%*^0;p+`s-VHz*|a7&CaC%hrKrqOF9kzzMY)0X~wc;X3TPHF_&D@ z8uz8f%GA`{cX2W^OC%RGRG@N3Yb?z@b0NzmLoqi{QK+dTA+>N9(Mpj7fdml&f%~WP zzn@pnaldmRKPtUkepk6`5e*kpKoLLa zZ3v)DH)OrjtYHRog-wvsc^C--){?$uw{KY3mf=k(f`*b(kh{`B{l`gSz(MdEP<ljY#E%F{{J3{Xy_dUrEWcdD{P>-2wZ8 zZBrZYo0sMW`e@R!fu@quLjKS05lESE^sSy)wiTc9tOuf*!K4y6VEE_$-j zCul^tB&kf!nU#ZOrFh0#QH~F_p0Z30Z+fvwUmYKHNjd^*J4NU{*Gd6F0rgFE>KXKLHDo0((Ot6RB@lchomLM7?Wh zq6Gcc3n>{Ef;N9O5)nfP3Q@dwcswn9u(+XKH`?oMm&%>~A`!Cx2a6IJv1OO&;k5W$ zvqI9$p5-3-k9+hofq&)5ru_Z?h)c3rEA>|ZaUW=%n@SAz*nBGa%DYm+O6^;aY!qZd z03O^7Fe^1TA)GvBkP6vo3WGtVgDEM|>6Uct9PqZOVWnP8rlso{VFguyA!<6msvvKJ zD&rf{8cq}sK)BD7%B;ktjHTy;_-ek{u;bV!_T;+H4vU@nw6ZROzcBQ)QlA^%)|*_${vKtW{gf1G~8mT7NkapZZ4!Ljsf>i-Lus zAuGc2{rk61_czbGVv$Sn_rXOc^g#7wy#j6xu{;+gU#UkAg_h*Q+8j#FKoLj_6T#t| z{?x8mF~BonYHd8j%LMC(Cr_(frYMOV9b_xRfbvuC*oWuQk0s?mE>u!~NaN%nmSK8l z_<7uGQ$`_YC~}>kGU6N4+T$@?BpgpIIQ;m5ot|ZJWbl@~zPnFf-JZD7s?zi|z+j($ z>$4<23*JAMR5#Q7;5*LPsV@z9{lwagUV=ps;!*QuuPIT-_UPd9nOz_BQ~!tyjq#b; zcJPwh$v;DVQ@NMYlk|b8S$(6qPbX~eoIDMS`BxJ#il_Ve1Xj^!FB(ODghNhZuucP~ z?$~TGjJ}RgZ!jyL?x*UX`YRkTg{*7fkA7({-Nfs>#OwfM&FVT{{cS?Qk5xV2cc0%_ z30e8JuzbNo?$ZKE`}D4S{DD49+)&P6cwWsF4dWqu*sg?L@Z{L{7d$15H(l(=tGW)c z=hGCxOEq?se0}QQb^Zrr!E94%^~&PW>;^kfHxQ^B$2_}N2r*%xdTdAdo8xj~bkhTf zx}*9%;A;X!D8`yqM{@fgLokj*x_lssK#;Fs!$zHc|0dh0C?xN+&CA=jKgjb!O++fU z^{dK}ZoaHRv}b3Z987MN^++ooZ^{X4$k%QtgZFO>l) z-z0Vaz1|Ntw8B#&$C$y2V8sbj_COlT<$CQs%icW)1efi0x08qZUr$5Li&1AlbXQwe zs`pBNYIo|#)p43Y{i z$>k*chjhxxHGhib z@4oZTI2+e=?4NG8f1}$$cB^WnulSCYb0EcF4a&8Re|*z9`Is46`?&D-*WZM{3Y`09 zeDm@9>r~couzQ}j)w2y~w!i&#N43?9vACg60W=||(dmFq@|FD%(>E{MX!p&1A)e$8 zy&uPRfBQ5)B(1`4>$QEl=jfAy?8!# zp(OQ^Cawj)_n@-KH}98!8a|!p-kBWpd+=26=7Tiz4lQ5yT|(Nh4=xG!_CU#hxa*8H?5n1t*PtKCi zk#I`mFVj%u>ef6V(oN+_=+>pS+-Y$>FNT&_yzaWg&5Pdf zAj8eJzOF%ZG!B2?_+q}aRK}j!cCNk0#+l=;q#1hs2c*?Yk#J*=e7iF#Fncd{k1woZUHI@Zy;i$!+E;FJ>t0FZCT;BH0h?cM z-3ig&S`_)l@m_DctuiMn_4~tGzNa!h^d<_9vg_B!6%r6og~LE~?Ud)EcK`K_za(>; z^eQH9M6JMko7$Xga@dK1BZ=y-99MeFAHO@9&i!XEm4B{o+S?o&b2gBIg$vQ3a7BAp z1IK7%l=q)>*VgY?Ts@;Q97?@D)!`W5VCj#g5#DU>gTPw^CUBsL>3P#WllZ%CzPija zR^!9aN$Etf!Z~wEL$#_qN|)bR3CWn-k52UlUZM$q<}OfT`e;Iv0g-|zx5xAPlk)oh z@*>K^_oZM;48`)+9R-b`uo6q`--Wp|DgeH4lld`1yp`F zm3D#n{Z@<7OqNE?z$gP2MjaVlDZ>f>CIpX7xTB@*gooCr{#N}%UE}nir4S5McU&nW zSdZQsaW)X}u{{3{=;!S|{Wak4`P40jCa1CtX#TUV-dGdg-iiiw`0USSXwU2Qh!LM{ zk$QO&vJ=CycwBnp6c8M5!~nLPC*L^6*#=1&X2>qs3x~vdXG-xR9r)q-ru6ccZXW}G zwXm-G)JLG_-MSNAJH03JT0{EApDJa48R>0IbBj3HyZGx|lvxwk?ZbSH%I)JH96GpM z`fvEDBTi)-1Ksq;&FNoZEAj)@$pwu@`Uvo?@O3lg$4b9H5Ymj9J)+h(&;8ru_U}s| z^2&xO4sdV-pX+JUdv4w7DbxiJLC0p#E^vID4SGbr6g_NA)pu;Js7fMN-6y;=C5e6Kpt&YS;Msm+IYd4yYj@{J|mx{f{G zoNl}sNGQeiQ=Yrbd;WN8lXIjrQFZdo&2bPCE;Innp1>zEeakL~-G8mUQbW9uZ{PgU zM9In1dZ{Nj^a&fsSK#wPUvx(I%cgaILzfAV{(u84D8wEJT+yXIG5aLi|NUAQ0DNsi z63o^&l&L@v8*%o(76o0r|9t{nUe5jRN&b(=ng2_F-R#i++eiN|@ZUGu8Ec=n=3E<} z30I^byV8WEIqDHN5X*i0okEdYG;tf4R8DqTr>JtooVh_N?GQIWL{H*ClX;G^l|o^C z_GfBs4mz3MnE;nnV!Kuvq2znWvoT*wQEvnMp=BW1J?NyGoG;GXSCK ztyth?x&grqD3lCh`}(#}K^5#9CsG>Ig`>!@+E^MP(WW^~%qSg0X*RD2+T^XsI<*_b zuJIw8g%3?ulWLzXY{X4=9{VN;hISYBRcGjLr&b4Zz707MJCm2cz-{)Ta@pBB886m= zBG5QWiNt9eatht}COF0$c1^C0jdslSg|Zj|{JOGG`oOWTn(LyoE^un5Lhs0Qcetx~ zk`d$uxBZbIyYn_Gbs6z9>t<}P)oWaa&TT64of6ks&7u9qw^v(7MZUUGJGN;@XUsoP zz5fH?IJj_v^wdV>bfFp}XuOH21MJ#H9+N1X_aNHy;?DIxAsdZAjG^GirC;@dq=uw9 z`+(S|kA-zmcbzPXzSP)^c4U5V^l;ZsVGnGuY2`;Xs{mfz`l1)g7}G0_=dG-cqS0p! z?8drCij+~9?K5-_AxJ@70Z_9TWH(MTZI1Wp&Gd-*j<;IS7F)Syc5)oVW&z48l$E6i zFXqg&5EFN{J7j-Gm}ZZPg%YD>tC@^z%QFxK?(Kb%LhuDpU53N^K9g@E`%Y@Z=JSR6 zsrY8rYPZg#D0**l5AcSb;#;Z!Qr+7Q5duHu(%iEuVYNBupY+f`Q|SI0>oa~^_C{-L zBis{DwzdA@xU;L;C92 zcSkDg!?r&-%iCE2Uut=a4vYv53*&wrauiJivBzr`nWnx&lwgK_$Fl&#y^|M8kN&z_ zb3HO=kQAHWUA(%0fNQ$hmY^*^i2=&#Uxg*FZd=U)UygsY**Ic-Ml^=f&f6gRKKCtu zm6NTFxFK6yOd#@x!fiDAi?76z)IRSht*O@xmSdOEpfFcK)Wu zG#$^}#Gq+gd3fiykuNO_o45nlVQcZzoh=f@-6XF@d9&6Rn*OnM%3$suJ*UQa6DGtG<&pp{dI#Q)7rCkrlv}@ za=-S){jX%4PXL1M>$Cb3e*myZR6u_3iL+`B$s;@U{z)^iqi*DZZm=4F8Z6z;;$_9H zch2|!sCUMCd|xGdM|TsY`N>#jJRUO+`C@5eg0#bH%cmhzuM4@MxgXU_NZo1QzMSZq z6)`dGvt7G67p9hL<`CAH_ngm+ZRwI4xIP#7-j{Cb24;{&g|(U`;Fl6_Ej5Sr4=ki- zp8XCcfa2wVX==g>Ytqw|K<3_aW~A=<{@y1*N*+6WY%PKe9d>zEO0tQz%dS{W%AH%` zDG)`XC}>}&M)rbVZ=>z~kL8eF=+V9T_=BoO8%wn4k;RAd`qS5WM#|*+Gq-<;8PfjY zrx3H9gY=!eW**m2(5j>6`0b@c-#Vk-Xy>lG6-V~&ve8u}KKV#VP27LA&f{rE(%RZw zd1_6Jo0Y7owaUKFNWfqMlH5mufkyrUt(f5GaJ`{cE_h2=88R*%H&7a&r@*=@>V*6Y z#fiqWgbL`hhsVv@9D*-5)R(gcom_NN$7RokFpH+bgMu9mG*m|FEGuKN@B}wWCgisc zt~*}NUB#7W1(Y=pHp6S8)uADl4e7La1(uaTu@!meb$1JE&fx5s=K@h+{u57T9p}C4 z%Ac*dbMJ?p+rY&7P<<;CG%Nk?!&sF>L|4U?#RJae_IWp3e^<1WpHo=mAFW#YAu%__;na76IxI* z6YR|zCeWO%Pi$sdGcL}+0e&^ZT|MwrR!>p=TZ)N8E7aFA*8goF$($Q zm)g>Z5H0H`p=wwYiaE5Bk|-%bF&4TioP{uBUfcWkASS#B4n1f4E37CaN8lx=TMRk& zK6QjL#s)?j2#k{M(i3%6E2F(}>G9jR@uY_%cY8FE=W)6B8PU`Svh+sdx=Uq~gk(1s zqcqW0Ix!g<%S9{DrMG%h0Xx2Ew9v=WSu)ifmrk9a%Ufhu$bQ|!VvZ>;{!l9tvGyt( z9d*hz&=F00HO-QFK%5Tapy-Jd0j+S=2is2!kyT<^q6R;#o}LW68U>C_ zoz=7p7$@Cs7dg|4V#K-hv$HrI7n|SCYeDdJtIV{}?&wl%ubG*2wQMS=90jwA&HJZi zwYBI^GNBv-heb?{9$?&vpj~!y4e84@uk~v6Nb6G_txl^97b6zfgN0aWaddEA2gq4) zHasGV)CS~b*zG0V6`XUG91N~qMn?pnXCzSDr$}S)&+QJe`0VKrQX;MOzHf+B>?}>~ z)rqmoW<{~Y*C-OlfQbHVf+U~t2cW34yxiEk6q?#!f1td*zaL)|1M0dI3LGdL|2P~D z0dUbm2)Ga1Rtu@*58Cj!svp|bCFpeE(^7KvA#SW`8c-O^YP+%+U?@Y+8sAdE4N z*leH0x?-ikI^f<(e`S-b#yD;$LeG0kP&jrLo*6mGlS)7z>EngS{$T^uXx7wFxFk19 znEK3vhwY^kLah`ynuw(0H&O_#qX+;+i>T7K#h|_d0Vz2KTqp zVY8rdOA@_7AY6fw25(&~OgKJK@0;p!I$z~bYi4O*+qt>*_c&tj)rr>Epw8=`$K0C_ zZN<2&L)7Z(s*RL?inY!viZLuz4$LViX*@1CvK^Yn560!YJ(VmSpN;taG<~Ichdrge zK7rlMXQ5LY^#zw^T(n`Aeg~nmwbQQrKALIFXyYe?~QY=n|G#G4Yfhq z(>~q8;}RNkg^Xy!ob`$!pWh7YZOuZ98Kr|44ACRQ$sgKgHewC=Dm_3LN1rqj`%-^% zrBNuJS4_ZR*tR0(#H!2G)A|PWluCjv7kPqZJaP?Xni= z0q`#cJ*Kb-Rswcz__;BgW5!y)@i^(4=y}!32)aRb7-~n`4-GdE{90ZY^WIYS`2Fz_ z1mk&oy!=-&LLRWdxdzG}>q3v}0#1o%0`NOOZ6?p=qe-6YIi(xtunnqJm7sWD!ck6G zFQl%AJWIu{76%p){s8SSv<>4Yzk91A`-+i0j!2~zN2}}23XmTML?KgI@#Pf_Go=(l z#3gub-cD$@#jGU{M(co75Mpun3QG1;m~m0`m_b`gcN^hpG@?hIg7=_QpR@G^Npe5O z&UQz8*JutS4TX)Sc@4Jv`iZJL;?v^u0VIQKs>s?G+hG6$^q@=n!Dp$~BM@VT-I3UH z@?t2I!3*{RIY!g!__602h`}*9d7X#XOs?y!Ib%OuTp0BQ11Hs(=hgT3l)256$a?U| zXotn})M5)`w}@0H$Va+@m8kPP5FZ3)cQ-!4DBBQS9ZOu+mJYJd!A7JBz#tg{V+{pG z?fUduO-iC~Ry01Oi2s~Db-`v~jTY!BOwr@jVXr-}oIE|IQwuqE7+%_F1?|%NWPbUp zCT9NiL`$j)&&ud50Yo8E$kb8B z#6Y|lB&Rfqfz8*7?L}PsqN7+=v`Lo4if=k&sA*2EjyzIW$+-JYQg|pDrdS_R^vLJ2 z1toEzv$JhluDmY+3ePO17a%tg-NVqiJ!E<~2}O5l1rwL3To# z`3AE7g zYvpb;^LB87TEjRB5Tl0l&J!2~zOn`iBpd5mfUV)hbrB1e2JjF6u zB&6<09^UI3Ba%ju{^GVoE=|zJFPEkP=m8z?@ln7Ja*;eDpEki0(!6;PdRqQ0X=)uL zH&alWU{>I~K57-gwS*o%>!;O>6BT+%@=p0u_D*?G&F~#dp5b?jK%g|p!0`uF=CqZ} zx~XQLDmW)FoY}14rLH<35{xsZsa3g*Q}A4}8upjBcGBnO*!6Sig+wT& zEdcOpr$nB+=0vP%3f;hp(WI-*4g4vW{e_HGcmxgt2d7lZ4?rhZI{IrluG(X?h*FnX z!dReH{iR@9T#Puhu3epOL5^YYfE;rXXcizt)@vR=exKvw973*MsxQl$`a1(rl!a#p z8|Iy-rn7~I zS7Yju1^R;GWMPNh8AE}OjvIaP=<5P?fMO&Xug>@ypWd)X?6k;5@9`FKBm`gHQTl3w z=lBKU^*ACA?NwIao(<=?-DCK-T-*PhH03JqjzK>0*`XY0jj&^!OA!8^>Qof^4bz)$ z_k8V*!T!X`d$J%UV45kN}Prt^)$Y)1BwE{=krlI(hD)q^xQn*krRkQco zzupc*{)gcorOx@_ey|+Q2x2B+_RZktqcJ{rs^Rv~hG}luYHbGb3;~2eyo*u-Vqm@* zZ9-qDi)-J(7`osPo1c~+8gocki_aYyn%<%_S>nO^=-n+9oDjB+(AZX(W;rkEvJEi7 zyfMlBbZ~PIUybbrISMP}&67*P^ShLSJxyRfQ*Z3;PO!~V*M5ac11MdsVqZ4A~;Hj;(hqlx2!(Q;bGdyK;AjW5^>zl z6c=}NEAn|zHoa}gAr&1)VsYv)K<44cuI}zcwwrU5Ot1#gvlnVeF2)<5xD95?L|S_oorj_c;=Q5hPSR^du_D+j1HB94Bo=D}GVmQHbs5vlHp zCp*Y7T8ohn>93~-#*QY&Ta{P^gRCHwA)5A{Yr%-wxzYkPJ$QM=(Iw~Hn50p( zB8QUWvo$eVYTBBcLrHo;kUZcRQ*`h@zc`w=<)0F48VghHQ7p0Y^YkwD*KW4F{H$`) zZ{aBC%Lj4FWNG2*Jl!-=bh0MTrbx}1L|6)SW{$W-nwj1XRBYEuVLH3^`#bM)k3T6 zhwS@2zYRLH5IoTPf(*7&Ph5cG?hb&L9{cQD)_j2P+i@fKaz5wL>j{YtY$bnGfs#py zz&I4FbtPp|CY~9O&(cRexF%8k;&qm)jIm>s2`PBJ#ceaU%PlWxrE zdi%ShVqGw*fM>1t#$8*ylIsvMKc>qq(f`YtQLty?;uRf0YrB!nV<~>qBZf>B+Ctb- zpD{kDEY{UYF1JOOZ6<^~(>~J``N>*!v~oUlGNzm6t@dHZDBY)ib-DA_Z+b&Gn7#W* zCdb(=yveJRvdUab3WFE44vrx%tg;&lzW~0PE~wOBrDNDKPYbzVF&57`NDC>Ui{24O z#8mAP!b-w^w(lsZ+_tmIvQ9Paeup`H$f~1#cmf-qlRV(?Am$jLs-HspaM+nz#`Vj+uq|YFu|hB5)Q1f15^^n}X!aEQLqoRP!xC zQ8&aYWyaz6_=jm!s+tM-&wJrtD{TFzYJIkTYPajSb*EdoJm#dj@RU<#J=~YRjNZ>o zyvd=xY9_#w{}@Y!o$?Qz~MVhL+qX)YMaUXotScUg6T=%}5ZsX&~aD>p0+=|IA zf421mUVHC5QEQ&+_JZG_F04+wH|6JIBF``0tkc8}Fb|*_QC&{OSq92KmWOHi^5Iv- zaI;>P?`n(BP+K0jpbA4RsoTySzs-4C`RS=l`YeJmS>rnk5q^6oILqc> zice*=TSd|6ttbv9h&EN)H)zA7^OgKpDoA;Hc0E1O^Upz2gSJ5lxl$5iv$UaX$<_XIet?1p~+{?yknhl}(Ju^(D zz9V(m-u69EcpNy&;^fDJr2FwG^T6j2wBr%R#lHz@4;wTKSy)MfFcMah&&*<`OItZ9 zx#4f^lXso6iMhI1uASW?c+|~hidkpizsK>LLJ`qMS-Hy2um`f1l_;0I6RO+VV+-6bJ(s&4vlm+y)|kMT;HvB}iVHp<|nBbnBU;@L^v<89qX2 z2s;i{r3-WKG$5j41#KQCw9%;mDdN-$ES+9PEOE-96H98h=Bo%ZCySN>L zK_M*vSWwkfP51pitFMdbma+#et4+clJIR*ZXnRvPr{u;RMc8BT!UnJ*GpC;dU&_2r z-B=m9Ya_}w(WLjes9VJZL$e2qzL<=L{gijS*h|z;9TDOHtDVl7X5r8ntg5QeBl@QO zq7n6LQ#?3K`-K2TNaZdQ!)3&w%uf%f!P9!ZSYUsyp8p%~;l;rqnh#%=F?Qs|4FPp2m90AN@pefRsl_@nbRK#H;!sSt4}?OqK} zqcTg*&?mwE7;9re{89ZsV}UI+fCZxx-5t!p?zSX)ceodgOVOiGI<-|4aJ%8!0(Im^ z5J|C8PXk}HY7!RR`fFnKD!*Ddq!)Oo_+@JDEm+Is#LYPEUEa5Mnao0323j7EJk2KZ zi$@jNk;AQM(bJYWQ8}9wvE=JX_KBYiBqtbW{*Birv0zpXxwQjiFb9e{OcJj<1)?qu zBQDr{uDD8cL$(d(@sr$XLs;SL)Ln+bw@!(Tk5^*QSjn_8ta)dDTaLIRae3c$! zoVn{`;8u#CN+b(f+rz(6{!G*{dME=sJ>Ke&v~oXtgn1ml!@jDfRjU?YXHfO`bsHg{ zAtTgI=W4}JQ~&Xxu-c$$eJbRfg1+vht5KYhI&phLH6e-x$*C5s+B#V|92r}Pe{J=9 zDll`&DdU3j@X=^*6kctzwrR%SCe`&(DC@(Bcv z`>)NCZ@9Sk8b@C+J@!w=7$*Gn!xg7-W3-rYN}ODYoijb6cAMJ%{W?z2RX<; zj~;C{!Ssq~8@CdEWC^+&Z9_|QZM*NDj-kVHFIAbO&B+uQf%4VZZ5B{UBV-?b`wi6U z-*X-~WBR%>Nny63m&uX`LXAI^K4;gsn`8jUD=m6!h3lEecyshmY2 z5&rQu3FL0}To7U=K&zAEjs$>>`dw6W;Wgpl1EFj1VqpLVrH)v;((gFT-!;R&Ic{WHWS+&Sil&@;k*Tmt47zk^ovXVrb zpLhtsbpWrr(W%0*SL09On5OW#aLrUD*~?&vYA%Jd8=;(da4jAZF)MQ$4}h{ZF7 zlfv`vWuk9>luN1)Jf7 zMoZM7w@E;}>tdT-he<{xeQ;NP`082fd)3wYUG|4f0fAZB)VN=+3vesvuJgT-;4 zvG3iL4(k`f${=Hvv>%ePJ#Z0m&$;g}mBFI}y%;~;?iv+`%=(|GIW11@P5aZ+ck4o$ zod_;;Y0ziXRO{&UV;4uUntjRvW)HuyyQK-IZQ^Qrx7Ff*Fpu{0#|` zhR_u}bUM9($6Xqcwo8SCk`yQP>Gm0od=9D&GW~?`Wv$&%Tqqd}jHkyAyWmHKmuP}F z=6cqlpwD(SE9oSRsdge-yD}Ed1IVG=r}E1hZ?U8|&VEcvf)GTu_38!%j-giCNAlq9 zqckI?scVuufo_}KOwG_F-w5WC-EApz>w}g1k*JI4P-skF&chG@I7x4i?Ca>(3E^Ho zC-no}@x|6MIs-u~H>RV1O0tIDy0f&x@DQU52RxNQ`#QmPt&2-F-tW>93&Jo;6#rk# zPgDsbgJC_Sq735uw#A$-$)#gP+avFuhot$BOp|jK6QORPnG#Q~CX03Dz9~krJThbhpf4JrzbM2ffNcLqNZXk^zU;Fy^T@!t>vs>3&Q>nPx-EM{KwEp_) z1*1g!{j^!~$pDQjjav^eli5Kw3HRL6cKE~JJ7JRR;>ai0J`|VYr<*!>vcvk(5Ctm` z=lR%8C(@ISxBx%ZXUZ8rLi+e5P839g8r-@+!tjyn4UyYMab3r2R3G0HvO@%kji#5y zdN2KT1R<2PE3*U4+PJJ-SNuw_yMzT#Q+IjAzy&ZKMq>%bpj^W8gKk;H^Q}@Y1X%oI zcCVGqO$0NCFAyQ>de1&25`xIFOT8DI7s&Np(%gQZzGIpLgyfFsSto23_m8&E3BqT9Z|-Z}U5k&C$I^U!z4ha%Z-?Y}3wIJ18}8P532 zQA=cTr_57UM=q{y8j2mTq}wj1ry}*gcG(@qf*VEjceqDseV1E2B&?V>qW*1+`&sIb zwz~$;>|2|N3g$XDsQF6I9bE0FC0`(^Xk)d$8dVaiPyT!LWcBC2l72sV?1h#~=57~C z=XHc2CZsg7|AH1}?#;p2z3g8WCfjRYclYahF7E7zj~X8#f!orcoRwTjvdU;%nhcxjDYc7zoI%4+9E|-*BTsn6I9Hp$=ET3C7 zi@*%{*9pxP)+~?S+-lOLFd1Xj>_bytl&{nkJ!&yddd%NZF?S)tD2O>}$_ZpAv80xNF^j%I(^BKAoMpS&Uqw@F{#rrN{VLz<*FaKpf8HIAJx`4Bo6tw_ZD z*;9v!p}C=2qs2|a&afBzq*u|QU>}7W=;H9tu_DGKGq;bLD7rR?42;^wPMQiYPO;3= zhPF4=kEvTTd(s=5&fTnCnX9^{`eJ%t9(oWRg42U`e1ELlEA!Sc3#jnNHnI!@t>$YE z4A~4+?i3r_EwRoVbJ%{ZtI~e!$I^(j2GOTNVtCKm)6rH*QDJGAthiL8Zh3lPtlQSa z6$uLIR=&r0V}?@eoj8J|@Bzj)p%C4OPY%#Q+-NIZ84bKL@NwBp`6ImYK}JA)vzCuG z(;Rvx1Jw%t2wrRJmEJhqkBzp$jZhM6{|)Lj7AMNr|DJ(2%`33_v(evLA_Be1x(eJ^ zT5jvTCFW!{kTksx+27WUo(r{p5q!;=6v+d+rOPk5YtxMhd2gJst+XZH{=b7i|lE8V$ zWU5z=e>Sncg4JUN2Jy{lbdfBPkwnIg+_GW3!Bm75i&jT`vReWAZ==(M&*W;!(Mqhh zXJi46^l>3Z$3S{Y^p`aZ>-PF2ZKu%j#0jMc9a7(FVSH%8T&g3_t($EAG~GXt73w-{ zsmza(J+`5Da2P8qo|Kp($&Uzx1p`}*(PL&&et{`>=#t0yvI?@?S=fXkt_Gt@ckY*~LoLyxX-OaKXyvyF&&xCdz9%`*L6jf)s=71@Q@srr; zR@9ClP;a9szXthrbzSw}dIIC6xW6^`QWs3lFCLEokXK>a-bJU@m+J9Fr#vNz7Y0%; zmC?IVjQKM;<=-p)Ga{JQC~S4t8bAO@=D>*bCPTC1$1I9UoeNf}RmF^${Q_7~2067g zFGX*yz=G^pu~NEjC=KE(J~tbSGNJqM7K&?uxe=05aU0mxg>^>bMJM2&{Za;*wZE!g zQprVA;I`7hs-eozCv8ik>-*cCg1utXcb^!f$I`)rqoGa8fp8yW9+`jNU*_(B77f|^ zm}spRiDUEO=ED>6Fur*!U5vouMbdQpgog!bMKXivs@0yEtX4Bn7k}z1Xd<9wl8$<6 z-+eW(pJZQZdyAyXzwF=wg;iNPMVA#mrtXNToHTQ*Izv8&fddf_hO!X(!rIjZ=4{VGDvZqEU3&kQ8&!z5GN;l{s1lvjNqmRqD;Q4aPe?!=#qC z10@bh!U;h!X*s%TKAPo{n~t`GmMPTi*IqVR+VGNLQVy)S)fgO8NpdD}eTY6s08}I9 z%K4e*E%(`AvuHnT??{`WIHDn^U+|39R2{`J1)slJeg1MC7^gE-JwV)sUI75zPB=XK@&cA02*3| zU7Cz3flW6Yas^2;XsXA~xZ5ll4gKwfIw7=IzU_K#Y}lj}%sqT3-m$h3sH^wV#)2g7 zHmCWCrKbiP_0@lFwnR@q#)3n8)%u^d zAT9@|)!Ds zPwh)KK4f=2g&TIO05xprb;vO#(oyv0qe*7Vq7uSnyDK$($607d;)4MuJx0X%{wnla zP@UQK)BBpa_S+&xv?CBWo|JL&;n~aOnIEq;_ok2%0rZ0F%zRCAIX5nf9CP)9<<_i` zoOkxM8KI1mzL>D*6g}aB0nrl4jUBg)hG_nC1=;0Q^D$+H#ILjk_+FY* z(!nyJ{vBvY(K>7F6+vdhDB;C8Eh3yy_2E;ZyRRPtssgYxS%1+`xjTOaVg!AGcVb>j zL?!;=&GO@8F}}3}LkSR&#Y11LA+)pcS_deA)AwK`hhN!>V$?K@;ZXDGWm&6*VaxtV zV$D&XW~v#BUD#d|^X`Jvvw5kJlP!A*P_l3WB^m%}*^h>Tme?u&8OftUTy2y7ErYer zw0DT5(>^iXF#F^s3@&~A<)z$u;c`up_vC7e{H)2WyEcXoDO)X=Z4ihvz6RNi^ngb2%# zES!LvJO6%N-(iULC~O`51*h&v<>=qu@F_(8_8uLj|+iUU%Z>5GTX{M0K> z_rT+!B2Iz4Tgwm}DKXY4T#`TnzxxY6>`Sg~*4gJwD^Nr=&Q2Qv^~GJa#22wZ;V*e1 zr&c&5s#$s;?e^NIuJFNGgG_Bble?$u%=Z`aVhCd}7LSQ9i@B<0LjJk5tmzsZS@)`xVsV?iASTHm8q^%46WxZcsUInyIH5-FnJfY08j4QUH98F!g>j1B zAyix}UhLM(i$X;QQ-2HQez4>|D)mj7B&5xFh+101^PxMMaCn(G!aX>5GP>N#8@N)h zRH*r{ysIHz<2)l6+jV|&#zxTTUs+e9?|TVf1z(_{QGzXBk|%K9C0fC&VT>^H0k)C! z-!Qfjt*BwJEue|C<{>JyRSO}2io|^S80;VLco~e`<4tZnlR5*CTN%>wx&%}R-+GZU z+Oa&7PJzc?D!25OWCX`xkymL+KY%b7!er}!)J{IDr*_<{%mPvuAndUz$t_Mojlr9^ z>M>frv_JwXc6j}38#{&jd`9jeH8u&M{25qYGFL}NR3wsH+f1Yph>~#Ds3xp9x|DOL zRSRzb#nq%^B%w@X@DPE`Izmoyp|*iT7BGR~wN+<&iOe1C)8>Ua>c=|?In~gmt6X@- zc|+cuQN6Q289Ot}G@3O=l1(}PnhLN6LOt%d3k6nF|Y z^vx3ANK=M&`O$l!I(X}B0^r6HVV!MMzIy@MssPO4H__}ECT~vb%*%GZ&+9_O8)YR? zX;??4?&*6DmTEVLT>w&pwKr_X)v6}@OTvrva+kcVG)Aw-$?~NnSbm)L&$??{Upg|h zT%Gw>9&KFVElkQiMG_BMC@nBQo`2ae|MC2F-hcOidr95AAEs?txtY=|M7S}rTCdN!|Dyz{?WEiGl?5_6#ryV;UJy(0*G(Bp3auedEMS6 zHa1%uusf*KnF=5e>I+VOKW#U2V=e}L^hNgkr4y&_#GumSW!qjrn5cF9Ti_4d|#Pnl>m1JHgfz@Q^-=CWbj|F;RAc{c^VJ4`EF$*dTBD z`seRn_8x!}zJD~_hm=po;3V)a_b=Yx{dg0=*Z$|sIkw*nz3G!uy1WTy0Hnb0&u$Pg zfY1L2SH_la8fzRAQ1I2sFC28Bx=sdg6KJ6q;EwMOvS0g@nUf71oDx2-|NXX0zbXj1 z>5x>??9SYFI;>Yhd0P(YY5D1_s!jUp(w708d{|>(2KFFg+3$ zi~0TjLC}q>%Yf|=qe4lFc~ehW?7PoKf0umg4oA;yHbZd#?S1yRy48$gi0$5X8HWHiaY7Q&kSWL{OZ{+he6^8=~5C}s74>n=MmvT)>S#Tr%XSuY2PCSaC^1M3_b;%@VTKr zU@-%5gv5iL9o=^^dCrytshiJv1^OlR^nC3|%#b5iVxzpKamQ&}SEeq{Yi(^|VB^Zz zfV{h8g~poK%R`w`Sij(5jguK2F`w`9o4RROkjc~UU0TD70(Y&JaX0l?T-pO(VH)1i~Ajk zE~lyRBSew$p`ONl8=Y`-E(Pd>(<+~4GuTa`x3c{|d=fJQzq>h?K{{pi<1W`w75Scw zbGo`b_+I|MKby_``qv$GqNw++_-FM1C+4y{Fc1joN0kH%%cUnI%2D4PVQBI0^R)ULf-r*_#+q!h!)A{WV{C7{$ zsO;NH+x!lHIyT?%v&(n?#JOyzib| zYJoM-eQ8?y$3hNR105xX#oJXHm7krY4(^*hnOeNB5t6w5S$-< zWD*Tp`vb^)8Jmo-1=*X^&3klBrRzW@Q|XP`_MNQ!OPF^vVt8F)M0d->Q*M-^0+i1T zPs_y%EQ#IBRSDSvha%?sTJe1^w@6Q8f8OgAyF42w-x`?1miHm8bFCi3?fPB{{E~`% zthrT(b|N+tD#N%S443%tQc(Oa5B+(xfCiIC>C$$~Ongi3G$7V_nD_UTnyxmO2<20C~ugU)4Q=eWSHbgdw zycyloI?}av3_3_&cjMmjM14@=Z-6N2<^&e?Bi(F&Qc5G-B;Ey6%*Eq@;2k@!HVDRI zfG+L76NqZOY@)^`{>78m8OLcIdGur#!T;tSwXF=ykxx_-D-L8~j*no}d+_|ffwny9 zMhm@=jI6;K2X05SU0?W^Ydx#a2yw0e$+hI>wW_mPV zdgl6z(Gc&NSv=B4<=C^Y@_&sC08A!M2S)VO$<0>iA?W>=%sSHcoWA!q`G7E|>tpn` zSvJ6e6@Ggx7uu661DMX2WSXe$J9$z!tv4b)rDmg=0es(EV1|$8RY>bZr+E{eps|xY zf1`@@jc$(yNWaj-Pf4BXJQLn2y~X{(MwfYd*zw5Zv6WxcE_{`L_G28&q~xu=``3T= zVGQbjuKthyFC^9tTNL0pPRI6|uZ~Pg8}d|Qmp<_|7J5&YY_hiaZ`pt(;mWMVkBk1n z=$5x)qkjxynbofUzW(T@0MzEE_CNgBA948qEC1Dq*V-rYSB&L$Y9s<|K*;i_KU!NS zkMzM%@MS-nl($=zPH2kecVXD{gNeV%>zpnD_;kygTP%?vYI!n|?jecw)bom77^`n>0v0Af-OM6l5`Y}3$pR!w z%Y%R;-|S>{ZK}2kV(mM>L}Lozf$03;&;tMA2l4XLc2!Sl)LP9HVQHPWc{B1r_8fst zSODprqod=EYupH_2C9KI7k?1J+nG<~LsMz>hK0Wcu&dkSl1-SOmwuZ;djhGrwB+C> z&r%Y5ST8E>2TCOG?6)9}WYsbG7u9rNU+1us*CJX>2o3*eeg%xREe3d=7;^G`zhgyjYAk6IHIs^ zoXZjv`A7XZ=I%9%Vy@3S{s z26iD&xTaZt_8k-aaZk-#`)d`!>TRKqrZOJ}3b`l4;`nVMxWvef^j{x z8bEuQ{rTl0^26MP)tq+|3wIXdHdE=hy3+QWQ3@Wc*FjD7h;sjasP9BNG2;++%y+ze zBa|HNoG&PWuCoCR4lpVB7?;U2po?tT^iZp9Al^b))y~om?X%CX4Mvn)`SW+$Po2Ld zcmvCdlg!b0EnS7@S86AaViz_&WgOseFLSN1-f#2az}cv2aO!SE5p4N8DYkB7uHlXT zml%>{K^YcZ$R$*-Bb&Po#UqeJGD?Tek61iyK<0Qvh3@aNYHs(9qoJH;Rx7MfIuq61 zS47-NRH3?_EmM0UmRI2suf-yCuEXKvSGDoHWWFs76@&E}(0w~ceOhI@p4Ey0dWc}^ zOOImF+pIX@D^5wlK&ovSpe~~CM-)_o**(&M*21F3=w(X`XZIY@)BnBBF-es+_8tG~ z!VM4Zq(sSJ@uoj3evvuH^g-LZ>|crj<~Fb$B3l*s<+9}w!;G<#>A3;ogN;s-$07$^ ziCi2iNiPod+B_>91WNXC5+xw$ALpD?r*<`$8$m9>DWUXNzHQlFaAB578@H{kf))O% zdieu!nQUAU2f;!_ZS06}gjXBb>l+O#5hB|@NCDQ30 z%u7sdh@-{S(C|bYES$f9fr0hu%9IxbOa7pXcQYi(1UL2KtaGtnxk%sWJm*=53=6>(d9!@$|<6X53L>mPhi%7RC$(~F6p z24bCE);k34UPH8+-b!HD-e2aDb!q3r6mw#|hNO4=EgM%S@=cllA=sTm@HPek>;H~u8?H+uRc?qkNbVGUG#PEyVSi2`FJT9w} z2+#0`r>%z*lW>5pwO8u}>gIBO-@T&kW&tVEbL9;%1^HJ{NvHfy`<+}ma{^N4XF8u| zsp2NvhDt0ycY$XQJu1-AD|SvDKE8nYEilZ}+mjF-&UZrx$0+;;Agx>_3qborQK`Hg zcJ9Pj76-MA{rQx;&dy##h|ZD@?|4tAxPu!g3~lo`*A}gB9%rH}ZacuE*%vd!epH*O zwc%2P8x(e5oWURLOZ&5Y`w3p?bAtcm<_0gmW_-?^2oL&OIKF?zSt>tT8mNlAkJqcz zylT;Emk3K+Ipv24&zWI> zPn=48n_`FbbMv={v0@YZ?iKnZ4LteT{sk_WT!W{cJ+^nm`0eWjP4dmcy5Om;a)-}* zLC4hNb?3;i7wIHuK8D9;8NWX4x8cszMT5p)QXn_CdQShsEjpdvmY}-PCDH|6g^Ylh zl$Ck56WF_!7d-vJ^dFS+NA5}V(@b}RT-g4eMG{i@N zT;7g)JCTxIJ(Sdv72ak{>lBxRAkJ6K4(1WabStkD@#>pr0Mk<-jg#pNCh&^fbzXz? z0Ydjz<$olxU^n{!)+fgAHc`a{e>Gi{&J%^>A763?$QZ3LpccV7)ZL>EaMuY60C9&>yexF~VAJ>gEqxNn5Ml1$Px;Ms;q)*(hQL2V@s#Kth#v zMBBG{u>7v6pd82NlRQGpRI13X;I`-&NtXs8>GesLS>cU^wFSCVJ0_;RqN{aI*eqU2 zy zfI2@ZvVfKSv=@5+NEhHkeKE4|KG!WLkRkXz)NIz1p5j2s;PB0K%Q223HIr!A8S|_{ z$1+nA>AJD=*A^%O#J(al2MTTYZ5=LH$#j}wK0j0wmNPJCt*Bb1_9kr`;I6H#WpZtR z+P|-Hw1gP)zN*8v#hzsY?iG3|PO13;)&*CIXny83liOY6h^$g)F2*TNaO+Ry9Vaqz z9}H_ZTHFne3_7t~(mWdNZHt*o8BevzJ$f~?9eKXFRnX8Gr9>M}|6@7R4;ypugLyh> zg&6U#IzXTw#(?AAEdA5yY}ViwPr9lQBw%!?SD`c-nh`FSPn@9Hh zr1$8Qv-&D-sr*~X+R(u%AO6TcmGYMI{Ae)UmG-KzqT^6NTNSGmIdj>~(v0W^q80D{ zXL^UaL))V3>`h~`h-~Nq)0_%s+&FT>A71CcY?f~$+BhAV1f(l=oy^=aYyUD=(*+?9 zC)i~>xe!9=%}es};WHQ4%%_LS96uudHtM<<49^}r!CKI5hcvSaO`X<@> z%Lq+9vg=)b1l|MQeogxl>hNJ~$d4nlVS4x*Jr(EF9a*qvi!H>q`(0LL3B`zAbx2bO z1-4eIUl+_knOcrAJ5FCHt}rpQ4Xl(ek#5GY512M%jsj9PQJ?8l&y)OPcUJ!EEdurRgY!mpTnZ2+Hc|IN#~bn zpO{zF4F(0hk2d9GCH-jx+rMXtbs|9g789%0AUhtrDx6`XQ-b?`ExJ9=qCQ>BSBayV zuj~d|tGJE9AI}evL1rAm9in1i6JBMKz9S8FvwaXN=ImiPkYY{9VC~4J`Nc>&)Kx;So1Q+<0mICaw^m08)2#{rfHdPMuSmM&M?4+{(7RoOatu=ayIk!7y+rc}BJtO_d#2Uzv1efwD@9e-qbcrY zy)LA69CCRrARI8Eb8K{6(#z7y!@G!4sPZeYiz{Pz$=)}_&!zM;1)rF^%H?x+mBHwa z1%F=@T*xU0IcOpz&)%7i`Ojv*PG^RW)wY!E8w!}G5>LSi_RWjam*On1YsO%GN~`{| z^+IhsMW^}R#}R3o0q^^7lOpfjRC~y8fT=1u(uMX_=jf%_^T{@X%G|fWZ?G&uesQ_8 z*$#13Pb=^t2TCsY`c%$Gr)C-&kmO;b7l%R&+0eVWY@8iO%R!_#y|@qsbvvv)8%oN= zIhUN;o<=xx>XYSWY7zJ3Ly{y@0enLby2+sziz5zZ1^vxdf1p$6bs$%0)wnyer_S)B z=TE?X^^L_4)D3u9(8{(xMHTYzP$I1TggBF<;i|8{YH%We{0qy^^8(wXQc%B022MTp z-&r#dMw$g}=c`#;@G1K}u=xiDmGqrn$6ltLy8YHvorH;b65kAIFqJFsh+yga+KB<} zqh^HLeRxyYkhkXbP(Mxk@brn;Dw{B-u1i!&`rVCK;?9GoOJb{tNK>Wv;GS#(k23&d)`bVLcmz82lr44B8lFr7gWujn+qN)@D zsNOkkP3szt3lAU8(yB_ncK#hcZ#qCT9PL>uU9CdaZ!FkgW?HmSPBENjMg#QiJ4kwJ zC&heI;O@dc?BmM;FS)PYjQA>XYnDZU!dPA1AqCBM!I89knd_8Tz%q|L*PHR}mgLu> zHw)$1xlLyEGBbB7bx1QnA!93fL>(9Lu~U426~WRXUk6L3Z7m;_nbQ_3*-^WSijLc6 z^y=R_{xF>$`J4L#!Kcd8CTt-5GL7;B5FdWD{a1q%In`(i2rp5aO+r^pG>tZ$(SI!9 zKZG+)YS%$iXJ}_Dx^o$RdnD_^->_}x+0`G6D`;nHj=J525h`usn=2PrVg0Wbtc^1? z{656rv)0!AR@q+kwCw@~B!pqkmMunyd*f<1Oq~kL@hT>ZDW9@xI$*Wsh;=Q_baU+7 zWW~aB&smSY+#}Zu_C>rtyl$cvaUQ;{h^LnM`xWm!YR+5Bx9ZL%|L!ii{>EKUee<^E zr2DO+qg%1i!oXQZ|5Z%^gniwUsU-ID+H>x}U$Yseb7WL(c8G$#cdP0R3wnz2iQ8n+ z=-sPB67Dt=d-{b;?xJ~(23nAH+dN*#_%45@ibxR^s?2X_?`bv&3xZTyJzFI#`zlF^H zcDd~%8qSPDY}^s%C*@=xT?pJ9|ovwgfzTFlkVvhQG-gAJ=y|QN} zhcM}bCxl)^C1Gf>IX{{G$tOYnJE2 z5AC~UEpx=7K*@zfI!XyJ>77;E9Ii4Y2^W99#qG-)fAX>vxixO_=^;eezYX1AuY9Nn z+*|E^VE>kz&wMdayO)l7J8kofJ0u_hJ*vsll7<)~ekJ$S`yV=b4X({X^RSK|fBtRh zf0m(_|L;i8|F6}m|CMK&?~Ubki8MAJ-(ahx^1MX*ynSV!I&s3sxndBk;`F_|MRyvFw0`*K; zN&8LMXy7&;PJR1736{?HY}WcFpU4+@$BO0v=aNQx+>avt#M2yF|nS6K_%Wr@gWf zmvaJc8VS3lf_K1HdF0~KDd(SVa}?u#X01APp;HYvO`eTw|c9IF5WK4`1x+FROuqUr&U#%uR0Hmj{BTF z&+fh4-<7>(HG-QXO>Jpcr3c>}4#>o7hI+!ze-GDuRA`;++3B`;rDH%j+DNe0)cRP? zyfGSR3k;*Xr~YjU%zoeO#&15T3OGBgOSmq?^FUCwM>`u(T95ZHO)X_Mgmr}r$+K5@gzkQjqSZI>iuh1M`qn?TJk!$G=hzhBopAh`po!UJ zg9%p&=orj`09zQF1iCO@rgeD@U)?ou&}eyWHiq$aFW}F5TQ@Awdwd#y)r{f^`1;h` zcx{t$i){%uFzDnMbp>SL+)MBb@nQ5W*0=C^&h1s9b?&@?A6qepVc)e<8MuiIPH(%D z%O4VwdW^*b^4lU zBGe#uQBH7A(+Lk7y}bJ38C^k%E>#2^?uB`3M<-8|Xi6olS7Zxyz&HY;+{X70@n@li z3kb%*4+C#ignbtR;1a{;C^b5|sHTOFYlnN++og~nx2-D0^KJ2+iH=sn=9Lzdv&Jiq zHZS(1F3<4cbUcf{J%=+^KS+U^RkD#1c$YE%eU;4s<8V^+s4t~y$I&OgN~WvoIKkO`EAaW?MgoZ^Tds{Xzs zV#~>WC-*V8(MPg0?e;f*4kS3H1;`dB2X}tB-WnRBkv#c+o7#c08hmyVhFg-Jwr^J! zAuaewdVuf2!ask1tbRbJ`-1)7>B9y`jrxS0E z9{d`!ns@FT#grFQkOMEs@n0-Z#(jUf3ZTLT+1?WErhHu|PSIDyP%5maYu_^2WlT zd$FLs^+SpxMqR`(ODFpIz30beHGc_XLRUJ{lqs@hBP;ooG`AiVOQy;s1L2Ij7k=R(~X zhI;gJ@qI50Q!r9JVJyx;D#y2&o?sg`WGj>V=yXaY;xLuYSxEqFL77Ea8vy53GtQu@ zk#s7@l8H(P;Jl(wrBZYXP%~o`+0;ZUB6;bigprc<_{(ry%Xa$ z;cV__!sPkD-3|f{8g@v=?D(YQk;&?SRwAt55JBZ9!o(Sm7iJAq>ZYez)14V$NVK%D z)SR+Kisg{vqXwN^dTi5?RY8ArY>6R~4aIYXjjSnEZ|n1m-RmEv=~g;4^BvYL7K*8Q zQuk0BU*dyyW$?T2K81vO5fnO;w47mlUHC)9u4#- z@?gUl1_R|kS5zLWij#WKUxN{I$7|oU6GuZ5P3Mhe8zfJ=Ur4^sz==1EjcfAzKA;zd zLj>?(fFhY(ZEL=KMZN`~zoFL`MeHh0@$<|lg&;b^peP%?e)>T@(Q0izO!b z8&HM;gxc)q-|!I*j0-jM`X38-9jkEaO`n+NzcRAQDd#Iu zZTx~`oPs^iNKw~NN&t=$Gh>b%Y{%1!ASe8)yafz_P=}m29*`lOfleh$BUTgPZt;?O zKza*|9E}xw^-GF%m9uh>gF(G&-N{LGI-?_u}Jbh0Xt)3?0 z_h-b4M5^nT1Y+Husk%E_;rT0mDw1_@y>)(=bZH!|J#lNwB@72$4voJ6jlJJlgz8nv z;b@7)L%|t<7JP`M^56oU^uSVHUJ`;F^+V-5OsLOU?JAu5yNDmRTKzoj%jbSjEDod5 z|ACr1?BWG)!o0JW&wQ=JixC5W?=|)??7$2J8ai}}H_sW)cxsJ;`xUg{jKOmOB{ z#U zaK>4+-q&ogd8VLpq8vf;mMhZf79-uf&XXKe>$x%c66?X`QIv{wVi~UD{Z(QP2g7rw zTDoELu2u1#4PD{E3otz}(jhQcBl$*9>)q@uktsWmF2^&c3fGo7(12M~?(l}FezcZS zFv~s1JEWy$Q7?CBsOUMzgDH#yf)K`;(J7!{hcKKcGiVO?ME?oZ{T@a{Wfj%qV9v&r z=~H=X_~=HxDs{B#IH~Q93FEj_S3)p@vixa?ka$PCJ*9&G zv&_SgCiThK92)mqVbv{R4}Hy_7Gwb6EHr2wF1E^?LlkF3k`h&8rD7V)fW9)?s(}a8 ztI<*Yhm9iWlNpgT7(HGA>=nz`@*Wi-Uk(91Bq1{fy-^WAaVwJL5Aujb3~iNL$1dUt z69{%sYl%mJ@N4SC4}*y{x?5J8>iRcvqHTk(n{XZDEfgf$_VNK0?gw=L9E+?Jr(yPy z?u~wS2Jr#|<4t?>t1k*|hO z%6a#5UEqqLwPQLJ0qM+OsR(%>YtEe zjP9Yn8B2NI>a%MA!88F(4BO7B?Y67T6VvEa_@HlPQqN#z)4srHtyM2ybA>*2m%r+> z<(uM+BhJ$_BL-b650VeKw|F$EyF6a4Dr1okcvf&~dT+Zts89>&IN(9U^`ML#(aEv_ zp95=}BZ@p20y{I1n#uqwg`HIw`PLhw}IqMs~9eHoQICa@r5tY1h4hv0% zuU}E}FJQVh?wt10qvV1FO`!$P=SF;U?$p-ECb;Z_g`d?`Py5d4s#$293t0mM>Nvo= zZL>9{P7JFUAxwyEdkgQ8;Atux3Ke;?jZ#St%y!Hmj|9;DD`ZlT&=d(7Aw4 z|5MVe87KK;w<@MEnH;DqIa0F59L-;|L#)VDYM zp$Kaw7dM%Kp4}*TjsAV!<-D=Bi9+uJm7S+QurLxZ64?2?Q!`n{%^6T*S@`~ZQZu6O zcZDDW*{B?EX%;0t`xbf$`8&Yxha1h8vkdOc7k$@gpk!882o)PSq^z`%QtR$rks%eZ1IX z;F8J<^i)blT@|G>f4oiBp+Da9;ZT{94eNF5{iyvRm1N zhx2X>QV9dXwA@t&E98}sv^3;{ivrflo{GjS9nH=RjUIwfBdiB!Anh)`@;vnqx8Rase~)@&Qe?`ROn~u+7d@46~Zrc|Tvjyl=_L<$*Wc4}V*&ZAe$+p+cge+%#TToQq3n zyc;{(JYH`X(9`M797Keu$&HQ`K(9ijH;IAk-CHdMYP^c=H%qo$kc&JV^!tKJQgmxO zuC2lJx*myYwSCA~Q#mGJL@~nzsz=h_JuN&0-?)O=vYda;A4hVdI0yUhS|kQ$dK87< z+h2C{jsuG|=mWmb9n1i4?Yi`!@{2J$Yg?YHGg>#Jt>{YxtL4k(2I%n1`d1v|GB1@x z)Ie?8SrS=z(qTUIbb&j%v;)Bo6TMovM zyL^htLBZ0AKttNCLG%qP%=)yGnCKo_gf|wtXII2qg<$>IcFLD4dLK121!dwK;*he^ zasG9-Ygn|#$KvwW6gNRI$&VTgc8f}Z*rS++#jHMOg>K|&lB(Ch@)x;=f|foyrO0AB z$eU{1aC1W2#N54jRfBv7Z|v_rBVz?&^;!LR7jedFLmvXS3d%GrRev$s(e*rlhAf~q zqocW{qtE@(xn`?tQ;FUcy2-evR^(`+1n(2x>O-4EKYbcZ&NJjNLZ78St^0D(*tl=a zG5Kx4%LS`a(E z$#9lZ@Ry0yTTHb)2INwc4xU~4d8jKhQ!_fUrCZ;JjCggNk zt_^7N2TN$|%0x`ljqQ6n!P&$U<) zXkqR#G$BfDDxSUy?MM^O7~PJU{Vp}fGqOE!&~Z*y0D4^mJzuHky?RI5XZU(QgZ1$J z(FYNK61<;3N&>IXM^d26X@=H>f#-<1%0qeWw~#K$B~1VjBmZ)iz|ZA9w(=*ht3y-O z?NZC(j+Z{i?XRUCHj3c~fFI?(IqZHGT&2i51>XyZu}2ADBzM2)K&XFDVxo_xX4`5+ zdyiK?X})P!7B*`b<%N6iJ$&f$shW!Y*yl6BQvC~lBbn>*`NoY^#uj}(BQG)#vIz<% zvwD1=s6Fl5A$o^xS^s=-pdC%?eReBr$}hjh>25ad{8xJmBfd$EOKD`S4g7eNK~dL( zx~^N&^YhW(QL*(Nr+0w~9W8!rZ+eItX_!VSf2-qsJucm*#(2nz)=-W#`_+l0qa`1s zeeQX?Y1kW9pK;2KnM>Z_fwSY3WZC5`;n4DJ+R?AZ=8CoGk!>;$Pt5_*&ri};nz^7+ z#Fx1GUw*0-&{?Np8ye>_)v{>Wqu!FAl<(=6W8~J`*{hka3at-K4lr@#DV6#B9J(fN zVtX%P>a$$E;-v<(?$YE?OKpzV`Cn(=bny4AIJJHBwzQdM|3%`rg%M~uwjlFcw> z+@-$6DTZXAG`|H>t`3i08F7Ah)fldsjmhJyTH~#m8Sn?tj-CC}g0G6hW@ReI*WG5y zEe2hL_(h8{%-7?>e`-9+lNgqapgxzg-Yy^Rx}vI$-#cNQEbb_R&yn6Ve~ILt%FfE6 z9lnwyIzt^;{)8;_ELk>y;g6jVFMIMWw45CTr!(;NQHjf6D0bNf7c#A7TZTYGrKWQr zJNQZQ`p9&?y+jl_ID)<-wL4ok|LPugU4?4H&wEs+bw?Z>+G$*l;Z_a8&pMM-GJ~fE z@Bj;4;@dim^rcSketc-rDr08uuktmD@M0HRlYhy$g1vTcaHfL~iJ|%A0~!0Kv6{1; ziyq^zN*k6aBEq4?eZcjDcGKlD=)TNw$hlPLQ+#Q4riVtf(f7_y1alOZWr7|)^by)u zm+Qd{NGya#+h+*Ky3#JV;b@odRmi_e_gsKNf((o0TmspQ!D%oRY!*Bcg<4>|ep?2K+jmd9W z^FxO?Ih309=bEZ<^h}9J* z(7M7IFhx{5*Tf=H_V_|p8&#e%_1rz78q#;Kf~p5~X}^zz@O>Qf4O{O&v#7Vd;kg?d z2_iaY@!g$K&d3$U?#$C-0Bb&bXL?C(Rn*3G3s^)gxHiNuv`3N8G;ERic4WQlYg4Ou zD{Q{hi19vK0Z76X!g&GeAila{qI z&02L&%{zQtHi!8+QD?qyDMKjMf9(~=KTnfpFp(DCL)rn9=k66Aichdr*9)XQ#(twY z93aO}t>OTlnmX9xW62DU-9Qz8tR}7DTk!#hB@5o(1S)zz&r~^-M4X0lS7xijbj*#k zs2Z~6O^P+~PrO@^Qr^tWGExAB_1aFy6P2+6dxU6P5UoclN7_iBad~hR)_5xCORsur ztUs}bo==l5NR9F9TrwVh!a04z=ky?V|G5ghp*vk;qwi66BdseVk_-gRtyeFBZNf}3 z*;tq_LK6nE5?%~u=60*M=&YdPzCV$VB2Q@2XDY>yd5n_XWeKL1#kWelko~&3!uYPw zJc_hx;o7U|uu9`zfi7VwR^Zl`(MAH9Aqhc$cRgs~myL7?Dk8E(XXb(!kwfRn*W--v ze>6z&#M4?(NVeHQ2>ICV^zCjo+#_6b0GTZ2a4NU;?y+iFaT*7V(@SuTUHY9I03CLN zYdohg)RSY2+1oYQwj z_De#EVS%kyeGwcpL3g~=fEv&-gUK%CEvOcVYk}CWvuNZi zGVU6J3m3auM$Ucde&uvb)`Y+8`V=I6?F^aocV?x4|;0I%!?|@c=XgfAD*L}{p74PrU2B=?B}OK z^s46D(@6@>0j@(CPh-8wO@ayOxTHZh0BFgGm!~1hs($$*-YtTknY(z{eWv?eyvj={ z_Krz5Bc$~rk`C(CtZ!~hIl4vWh)#4^=<>!#@KTkkJ5YIy0pWs{L(kcm@~mNljyCT_ z5g+5IAqkdp#B-HFin4mYTPgBXW9G-Ts`~D~%*cke2iyWQ=}`Os>4??ah#kdsvA-(2 zygQz3boLekK&UiDOpdtBf%HJ|n-K0OMP4bGf(KDvg-=78?BkzdvuDpQf^_pOL z#`%YB&4rEv^O{i0)NyQFpGOq+;7rRef^|AD9teVkcw96Vq~JlQm#Cf1-mXQ53TWVW zAOA@cHeAm;-X^9CAS83jo?n|Z!(CIJGLBFUm(Q+)72DHOkdLp~w0TrJk}2TB75mwK z^mxJ7B%Ud#dQqFyw>JCMQ+62E4Td2h_(ufC@&@Cr?X1`3;_p;B160mRarhh7<9k_r zXCf2UiPayG#kx2KPk(Q$xb}XRQhHm4vw1@{j4NFqoTRx4Z#6)&a~V}yWcWR=;T2xf z5J>iF#e!#eF274u;b4%;fRI9i20L2D@;c!;Ijq1t)F;-@!)Ixo04pskQA zscb7IbxeLiqoG#rMiYw?2~_uY)uoI=M$aCTk@;PDZ_G=~pR8j?xAP>J=k8BscjR2) zJ+sb*&pY*K@j7-m1_6Yliu4KE{BenqLYLN%+e}gxDVQeW^@MQ|B;nr=t{kpI8o3|b zFQMnBhImqfW_9t#2i=p~AglJf1vQIV6Ml>nffJZwKawUGLPg;BPL0mImX%`4jD4{D zRHWsV21vY8g}W`E7mj6QHBZOIH@6kffjoTOM1p-T+ZP@W?Y%96<9k=ZE+FUHJldTq zppe)ApDZ_4Q}NK>S+%eBJeUbiZo*g_I999Ri=fK*!AoprK;5dG*a?1++_hZH#ghn< zN=u;5%+uAR59izkxd&J)_MI{y%=#IynP6oT)3e@fH4FXp6wGwz@6`aY%i*8B;WF+n z`rNN?)F)eJn7N^>%8Rjc8u4?!$gO3UD(Fk_Jx`VQ65?a+Ow`PGt-7lO;q)UaBbLde=mSBdPf5L8M*5dE4FNah?O@K1ix0Ww0Wm|?`p3Usvk#@~Ee@|{&@7Q~P1(}b< z1K{7Zg^QoIH>gxjC~gEf1cHVU*Utkd6UW(SGKV_OT$;PzVWDhgtjfLLPEeaVUkmG` z=*t{ON4i|DWI@{x$>e6o!B^SvrAX+_=`b^IP4PQZB}l*c?{0&d)LQgbnTI@6{eH_Q zZ*smpW;A$&nU(B+t1G+1GDYQFCdGX4+)*{SXathVVUO;K@ws zcWNkjJ*?yl;;HZ03OI$6AUP}}LqN|yGn6sf0q0L+YL#}={z;bojUa7an@pq)ru!ds zvGt1WJYLJLYz~cDfDS992W-We*x2O128Xw{-%S8cGKA?lD_%$}Yo_EbHg@q~vc(5G zm}b%U2l [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. Security updates are typically released on the second Tuesday of each month and they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. +The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. [Quality updates](quality-updates.md) which contains security fixes are typically released on the second Tuesday of each month. Ensuring these updates are installed is important because they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. The **Software updates** page has following tabs to assist you in monitoring update status for your devices: @@ -31,11 +31,11 @@ The **Software updates** page has following tabs to assist you in monitoring upd - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/microsoft-365/admin/admin-overview/admin-center-overview). - **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about the **Windows** tab. -:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png"::: +:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png"::: ## Prerequisites -- The [Update Compliance](update-compliance-v2-overview.md) solution needs to be enabled with clients configured to send data to it +- [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution - An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com) **???** - To configure settings for the **Software Updates** page: [Windows Update Deployment Administrator role](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator) - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) @@ -46,16 +46,19 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos ## Get started -When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Supply the following information about your Update Compliance settings: +When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance: -- The +- The Azure subscription +- The Log Analytics workspace -## The Windows tab - -The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. +The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**. -### Windows update status chart +## The Windows tab + +The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. + +### Windows update status chart The **Windows update status** chart gives you a visual representation of how many devices are in the following states for the monthly cumulative updates: @@ -63,9 +66,15 @@ The **Windows update status** chart gives you a visual representation of how man - Missing security updates - Unsupported operating system -A device is considered **Up to date** in this chart if it has installed security updates released within the past two months. Devices that are more two months behind on installation are in the **Missing security updates** classification. An **Unsupported operating system** is either no longer supported by the [Microsoft Product Lifecycle](/lifecycle/products/). +A device is considered **Up to date** in this chart if it has installed [security updates](quality-updates.md) released within the past two months. Devices that are more two months behind on installation are in the **Missing security updates** classification. An **Unsupported operating system** is no longer supported by the [Microsoft Product Lifecycle](/lifecycle/products/). -The **End of service** chart list the number of devices running an operating system version that's near or past the product lifecycle. +:::image type="content" source="media/37063317-windows-update-status-chart.png" alt-text="Screenshot of the Windows update status chart that is displayed in the Microsoft 365 admin center." lightbox="media/37063317-windows-update-status-chart.png"::: + +### End of service chart + +The **End of service** chart list the number of devices running an operating system version that's near or past the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart lists all operating system versions that aren't the latest version and counts the number of devices for each version. This chart can help you determine how many of your devices need to install the latest operating system [feature update](waas-quick-start#definitions). If you are currently deploying feature updates to these devices, the chart can also give you insight into how the deployment is progressing. + +:::image type="content" source="media/37063317-end-of-service-chart.png" alt-text="Screenshot of the Windows update status chart that is displayed in the Microsoft 365 admin center." lightbox="media/37063317-end-of-service-chart.png"::: ## Next steps From e631577a05a1171ae452428565e298ae34aee795 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 28 Apr 2022 10:39:15 -0700 Subject: [PATCH 113/540] ucv2-tp --- windows/deployment/update/update-status-admin-center.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index b14cb0d4dd..e0b0013002 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -23,7 +23,7 @@ ms.date: 05/07/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. [Quality updates](quality-updates.md) which contains security fixes are typically released on the second Tuesday of each month. Ensuring these updates are installed is important because they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. +The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. [Quality updates](quality-updates.md) that contain security fixes are typically released on the second Tuesday of each month. Ensuring these updates are installed is important because they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices. The **Software updates** page has following tabs to assist you in monitoring update status for your devices: @@ -72,7 +72,7 @@ A device is considered **Up to date** in this chart if it has installed [securit ### End of service chart -The **End of service** chart list the number of devices running an operating system version that's near or past the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart lists all operating system versions that aren't the latest version and counts the number of devices for each version. This chart can help you determine how many of your devices need to install the latest operating system [feature update](waas-quick-start#definitions). If you are currently deploying feature updates to these devices, the chart can also give you insight into how the deployment is progressing. +The **End of service** chart list the number of devices running an operating system version that's near or past the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart lists all operating system versions that aren't the latest version and counts the number of devices for each version. This chart can help you determine how many of your devices need to install the latest operating system [feature update](waas-quick-start#definitions). If you're currently deploying feature updates to these devices, the chart can also give you insight into how the deployment is progressing. :::image type="content" source="media/37063317-end-of-service-chart.png" alt-text="Screenshot of the Windows update status chart that is displayed in the Microsoft 365 admin center." lightbox="media/37063317-end-of-service-chart.png"::: From 1e73d9e19f97934059505dfc85bf730e8c650640 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 28 Apr 2022 13:51:12 -0700 Subject: [PATCH 114/540] ucv2-tp --- .../update/update-status-admin-center.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index e0b0013002..1d441ae3d9 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -46,13 +46,15 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos ## Get started -When you first select the **Windows** tab, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance: - -- The Azure subscription -- The Log Analytics workspace - -The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**. +1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in. +1. Expand **Health**, then select **Software Updates**. +1. In the **Software Updates** page, select the **Windows** tab. +1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance: + - The Azure subscription + - The Log Analytics workspace +1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**. +1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts. ## The Windows tab @@ -72,9 +74,9 @@ A device is considered **Up to date** in this chart if it has installed [securit ### End of service chart -The **End of service** chart list the number of devices running an operating system version that's near or past the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart lists all operating system versions that aren't the latest version and counts the number of devices for each version. This chart can help you determine how many of your devices need to install the latest operating system [feature update](waas-quick-start#definitions). If you're currently deploying feature updates to these devices, the chart can also give you insight into how the deployment is progressing. +The **End of service** chart list the number of devices running an operating system version that's near or past the [Microsoft Product Lifecycle](/lifecycle/products/). The **End of service** chart lists all operating system versions that aren't the latest version and counts the number of devices for each version. This chart can help you determine how many of your devices need to install the latest operating system [feature update](waas-quick-start.md#definitions). If you're currently deploying feature updates to these devices, the chart can also give you insight into how the deployment is progressing. -:::image type="content" source="media/37063317-end-of-service-chart.png" alt-text="Screenshot of the Windows update status chart that is displayed in the Microsoft 365 admin center." lightbox="media/37063317-end-of-service-chart.png"::: +:::image type="content" source="media/37063317-end-of-service-chart.png" alt-text="Screenshot of the end of service chart that is displayed in the Microsoft 365 admin center." lightbox="media/37063317-end-of-service-chart.png"::: ## Next steps From 8f6960e0c006b17f05c34d1a671027368bf579b4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 28 Apr 2022 21:25:33 -0700 Subject: [PATCH 115/540] edits --- .../update/update-compliance-v2-enable.md | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 254b7622e9..6853b29fb7 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -19,13 +19,23 @@ date: 05/07/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -Update Compliance is offered as an Azure Marketplace application that's linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. +After verifying the [prerequisites](update-compliance-v2-prerequisites.md) are met, you can start to set up Update Compliance. The two main steps for setting up the Update Compliance solution are: -## Add Update Compliance to your Azure subscription +1. [Add Update Compliance](#bkmk_add) to your Azure subscription. This step has the following two phases: + 1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Update Compliance. + 1. [Add the Update Compliance solution](bkmk_solution) to the Log Analytics workspace. +1. Configure the clients to send data to Update compliance. You can configure clients in the following three ways: + - Use a [script](update-compliance-configuration-script.md) + - Use [Microsoft Endpoint Manager](update-compliance-configuration-mem.md) + - Configure [manually](update-compliance-configuration-manual.md) -After verifying you meet the [prerequisites], add Update Compliance to your Azure subscription by following the steps below: +##     Add Update Compliance to your Azure subscription -### Select or create a new Log Analytics workspace +Before you configure clients to send data, you'll need to add the Update Compliance solution to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll add the Update Compliance solution to the workspace. + +### Select or create a new Log Analytics workspace for Update Compliance + +Update Compliance uses an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for storing the client diagnostic data. Identify an existing workspace or create a new one using the following steps: 1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com). - Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. @@ -37,7 +47,10 @@ After verifying you meet the [prerequisites], add Update Compliance to your Azur > [!Note] > The `CommercialID` for the Log Analytics workspace is no longer required when configuring your clients. -### Add the Update Compliance solution to the workspace + +### Add the Update Compliance solution to the Log Analytics workspace + +Update Compliance is offered as an Azure Marketplace application that's linked to a new or existing Azure Log Analytics workspace within your Azure subscription. Follow the steps below to add the solution, to the workspace: 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page. 1. Select **Get it now**. From c742bea47bddcf559621db541ebde29eab634907 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 29 Apr 2022 08:59:13 -0700 Subject: [PATCH 116/540] add client config --- windows/deployment/TOC.yml | 6 +- ...date-compliance-v2-configuration-manual.md | 85 ++++++++++++++++ .../update-compliance-v2-configuration-mem.md | 80 +++++++++++++++ ...date-compliance-v2-configuration-script.md | 98 +++++++++++++++++++ .../update/update-compliance-v2-enable.md | 2 + .../update/update-compliance-v2-use.md | 3 + 6 files changed, 271 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/update/update-compliance-v2-configuration-manual.md create mode 100644 windows/deployment/update/update-compliance-v2-configuration-mem.md create mode 100644 windows/deployment/update/update-compliance-v2-configuration-script.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index c4d8ba0081..5d8c4f4c62 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -194,11 +194,11 @@ - name: Enable the Update Compliance solution href: update/update-compliance-v2-enable.md - name: Configure clients with a script - href: update/update-compliance-configuration-script.md + href: update/update-compliance-v2-configuration-script.md - name: Configure clients manually - href: update/update-compliance-configuration-manual.md + href: update/update-compliance-v2-configuration-manual.md - name: Configure clients with Microsoft Endpoint Manager - href: update/update-compliance-configuration-mem.md + href: update/update-compliance-v2-configuration-mem.md - name: Use Update Compliance (preview) items: - name: Use Update Compliance diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md new file mode 100644 index 0000000000..41e40ffcac --- /dev/null +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -0,0 +1,85 @@ +--- +title: Manually configuring devices for Update Compliance (preview) +ms.reviewer: +manager: dougeby +description: Manually configuring devices for Update Compliance +keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article +--- + +# Manually Configuring Devices for Update Compliance (preview) + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. +> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. + +There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. + +The requirements are separated into different categories: + +1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured. +2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Update Compliance. For example, devices in both main and satellite offices, which might have different network configurations must be able to reach the endpoints. +3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality. + + +## Required policies + +Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables: + +- **Policy** corresponds to the location and name of the policy. +- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional). +- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any. + +### Mobile Device Management policies + +Each MDM Policy links to its documentation in the CSP hierarchy, providing its exact location in the hierarchy and more details. + +| Policy | Data type | Value | Function | +|--------------------------|-|-|------------------------------------------------------------| +|**Provider/*ProviderID*/**[**CommercialID**](/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |String |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. | +|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. | +|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | +|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | +| **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | + +### Group policies + +All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. + +| Policy | Value | Function | +|---------------------------|-|-----------------------------------------------------------| +|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. | +|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. See the following policy for more information. | +|**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | +|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | +|**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | + +## Required endpoints + +To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints. + +| **Endpoint** | **Function** | +|---------------------------------------------------------|-----------| +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. | +| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. | +| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. | +| `http://adl.windows.com` | Required for Windows Update functionality. | +| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. | +| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. | +| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). | + +## Required services + +Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically. + + diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md new file mode 100644 index 0000000000..91da857807 --- /dev/null +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -0,0 +1,80 @@ +--- +title: Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) +ms.reviewer: +manager: dougeby +description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance +keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav, intune, mem +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article +--- + +# Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. +> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. + +This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: + +1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured. +2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured. +3. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more about this in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). + +## Create a configuration profile + +Take the following steps to create a configuration profile that will set required policies for Update Compliance: + +1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**. +2. On the **Configuration profiles** view, select **Create a profile**. +3. Select **Platform**="Windows 10 and later" and **Profile type**="Templates". +4. For **Template name**, select **Custom**, and then press **Create**. +5. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**. +6. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). + 1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid). + 2. Add a setting for **Commercial ID** with the following values: + - **Name**: Commercial ID + - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace. + - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID` + - **Data type**: String + - **Value**: *Set this to your Commercial ID* + 2. Add a setting configuring the **Windows Diagnostic Data level** for devices: + - **Name**: Allow Telemetry + - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry` + - **Data type**: Integer + - **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*). + 3. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this is not disabled, users of each device can potentially override the diagnostic data level of devices such that data will not be available for those devices in Update Compliance: + - **Name**: Disable Telemetry opt-in interface + - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx` + - **Data type**: Integer + - **Value**: 1 + 4. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance: + - **Name**: Allow device name in Diagnostic Data + - **Description**: Allows device name in Diagnostic Data. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData` + - **Data type**: Integer + - **Value**: 1 + 5. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance: + - **Name**: Allow Update Compliance Processing + - **Description**: Opts device data into Update Compliance processing. Required to see data. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` + - **Data type**: Integer + - **Value**: 16 +7. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. +8. Review and select **Create**. + +## Deploy the configuration script + +The [Update Compliance Configuration Script](update-compliance-configuration-script.md) is an important component of properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management). + +When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in Pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices which will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in Deployment mode as a Win32 app to all Update Compliance devices. diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md new file mode 100644 index 0000000000..87fd0bdc44 --- /dev/null +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -0,0 +1,98 @@ +--- +title: Update Compliance (preview) Configuration Script +ms.reviewer: +manager: dougeby +description: Downloading and using the Update Compliance (preview) Configuration Script +keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +author: mestew +ms.author: mstewart +ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article +--- + +# Configuring devices through the Update Compliance (preview) Configuration Script + +***(Applies to: Windows 11 & Windows 10)*** + +> [!Important] +> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. +> - A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. + +The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. + +> [!NOTE] +> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. + +You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting. + +## How this script is organized + +This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode. + +- In **Pilot** mode (`runMode=Pilot`), the script will enter a verbose mode with enhanced diagnostics, and save the results in the path defined with `logpath` in `RunConfig.bat`. Pilot mode is best for a pilot run of the script or for troubleshooting configuration. +- In **Deployment** mode (`runMode=Deployment`), the script will run quietly. + + +## How to use this script + +Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`): + +1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`. +2. Set `commercialIDValue` to your Commercial ID. +3. Run the script. +4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`. +5. If there are issues, gather the logs and provide them to Support. + + +## Script errors + +|Error |Description | +|---------|---------| +| 27 | Not system account. | +| 37 | Unexpected exception when collecting logs| +| 1 | General unexpected error| +| 6 | Invalid CommercialID| +| 48 | CommercialID is not a GUID| +| 8 | Couldn't create registry key path to setup CommercialID| +| 9 | Couldn't write CommercialID at registry key path| +| 53 | There are conflicting CommercialID values.| +| 11 | Unexpected result when setting up CommercialID.| +| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD| +| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.| +| 64 | AllowTelemetry is not of the correct type REG_DWORD.| +| 99 | Device is not Windows 10.| +| 40 | Unexpected exception when checking and setting telemetry.| +| 12 | CheckVortexConnectivity failed, check Log output for more information.| +| 12 | Unexpected failure when running CheckVortexConnectivity.| +| 66 | Failed to verify UTC connectivity and recent uploads.| +| 67 | Unexpected failure when verifying UTC CSP.| +| 41 | Unable to impersonate logged-on user.| +| 42 | Unexpected exception when attempting to impersonate logged-on user.| +| 43 | Unexpected exception when attempting to impersonate logged-on user.| +| 16 | Reboot is pending on device, restart device and restart script.| +| 17 | Unexpected exception in CheckRebootRequired.| +| 44 | Error when running CheckDiagTrack service.| +| 45 | DiagTrack.dll not found.| +| 50 | DiagTrack service not running.| +| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.| +| 55 | Failed to create new registry path for SetDeviceNameOptIn| +| 56 | Failed to create property for SetDeviceNameOptIn at registry path| +| 57 | Failed to update value for SetDeviceNameOptIn| +| 58 | Unexpected exception in SetrDeviceNameOptIn| +| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.| +| 60 | Failed to delete registry key when attempting to clean up OneSettings.| +| 61 | Unexpected exception when attempting to clean up OneSettings.| +| 52 | Could not find Census.exe| +| 51 | Unexpected exception when attempting to run Census.exe| +| 34 | Unexpected exception when attempting to check Proxy settings.| +| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.| +| 35 | Unexpected exception when checking User Proxy.| +| 91 | Failed to create new registry path for EnableAllowUCProcessing| +| 92 | Failed to create property for EnableAllowUCProcessing at registry path| +| 93 | Failed to update value for EnableAllowUCProcessing| +| 94 | Unexpected exception in EnableAllowUCProcessing| diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 6853b29fb7..3f5ef04c9b 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -15,6 +15,8 @@ date: 05/07/2022 --- # Enable Update Compliance + +***(Applies to: Windows 11 & Windows 10)*** > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index 8cc180ce7a..e053ae7781 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -15,6 +15,8 @@ date: 05/07/2022 --- # Use Update Compliance (preview) + +***(Applies to: Windows 11 & Windows 10)*** > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. @@ -33,6 +35,7 @@ In this article you'll learn how to use Update Compliance to monitor Windows upd ## Update Compliance data latency + Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. From b520d1391c6838a4d8a221d49f281af0b2edeec4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 29 Apr 2022 09:08:25 -0700 Subject: [PATCH 117/540] edits --- .../update/update-compliance-v2-configuration-manual.md | 2 +- .../deployment/update/update-compliance-v2-configuration-mem.md | 2 +- windows/deployment/update/update-compliance-v2-enable.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 41e40ffcac..c305ca5636 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -2,7 +2,7 @@ title: Manually configuring devices for Update Compliance (preview) ms.reviewer: manager: dougeby -description: Manually configuring devices for Update Compliance +description: Manually configuring devices for Update Compliance (preview) keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 91da857807..30da7d5a9d 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -2,7 +2,7 @@ title: Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) ms.reviewer: manager: dougeby -description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance +description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance (preview) keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav, intune, mem ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 3f5ef04c9b..f14f6d2bc0 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -25,7 +25,7 @@ After verifying the [prerequisites](update-compliance-v2-prerequisites.md) are m 1. [Add Update Compliance](#bkmk_add) to your Azure subscription. This step has the following two phases: 1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Update Compliance. - 1. [Add the Update Compliance solution](bkmk_solution) to the Log Analytics workspace. + 1. [Add the Update Compliance solution](#bkmk_solution) to the Log Analytics workspace. 1. Configure the clients to send data to Update compliance. You can configure clients in the following three ways: - Use a [script](update-compliance-configuration-script.md) - Use [Microsoft Endpoint Manager](update-compliance-configuration-mem.md) From 304febb1b8d3d6ff8c7f539d27ac37e86cb3fb6a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 29 Apr 2022 13:11:25 -0700 Subject: [PATCH 118/540] mestew-ucv2-tp --- .../update-compliance-v2-query-table.png | Bin 0 -> 329607 bytes .../update/update-compliance-using.md | 2 +- ...date-compliance-v2-configuration-script.md | 11 ++++--- .../update/update-compliance-v2-overview.md | 2 ++ .../update/update-compliance-v2-use.md | 27 +++++++++++------- 5 files changed, 27 insertions(+), 15 deletions(-) create mode 100644 windows/deployment/update/media/update-compliance-v2-query-table.png diff --git a/windows/deployment/update/media/update-compliance-v2-query-table.png b/windows/deployment/update/media/update-compliance-v2-query-table.png new file mode 100644 index 0000000000000000000000000000000000000000..f48e6dc074e948d9fc2a629a816e7466088bfbab GIT binary patch literal 329607 zcmb@tc{p2d*EX#4PY2p6S}i)MmZB}G*4!#;u9=u>CNUFJgjNSdRkbz65T&LNF^3RZ zlopX15`;v}Lj*;nMC40*zxVUp_jkO1zSnW&$lg22wX@f?*1Fa@*SX>z8R;B5EOMBK zhv%5?!w053JcoOEcn&!HbC7#wblL6`_iay*sm^_#^4@a`+>`wt_YCjx@Kh!p*>O6+ zJ?Hg*XcNT4Bl_~sYma@Nz*8O`PJ!-&d*)#dOBCM6rx+B@FMi(V8hf9ffBR@!E&j1XWsId*c)^j=Zpa1@pr~bz4%+(Jt|W9B&Cz4P%(uByok^nvu4HmIIt;_QnkDZX`Hz|W z4=RAEb{GoDN|CWGXHjDMRn)d-pvah(&(A@*b*F-u<@U?g+#h^6^;fDuC|wl=MD?0^PnUGf7PPMVje6t7u)*~!8`L8+zLg5J1wurRP#KM&+~eJWpO=oeEwYs z-CX8+kLdqAxE^h8$=ioorPVzi?FijmhIH<|BMh1UVPb5Q^$A!DYH;c5taRzz*k~`R z@fy$$J<7wQ@%1oDs1PU&utd#kA1(pnMQzmrjoD=`B`nBN5v*(L?x?8kuF98@el6G@ zo_}I^@oH<|E-en02z>k>jp&NoQVd=9TbUjIiEsJ3?~Y=IUbWx}IG{%XUxWAH3fcU! znMs|I_Yr{akiE$g@RB zo~%qUvGs>9p1Z5|{GZ7_yuuzEoKLf-KPp9<2XtDVr^)wtWDpb(_9p-I?&Xo{k)V?s zH2*zO?!{HVU!NPi{wyn3>`ardH@UaviY&K@2p+Q(26&;7L}a5&@45Ai*=oFs`Tjpb zKCD^$KaVFR#1Z1pg2DlQ<-6=d^-1x8=9yHOZqm+f1f=1&v%NP3JHGwOVVlWE%lMf= zxP{>5;dvy6d`Wy{K$DFx8~P?1w3!}$W8HbSMCHVPS=&`fu7(bYO7(`IYyverpOBZpoGc4ooc9ePwU!lmW@ zTg$rc;o$&?8JZI)E;tuRQT3}@Zmx|jUyiDUG}?sjZW-c&jbSL(x+%;)X1Z+4V10xu zs{*%JcUwE;Us1%E73c}Rc>esVg2Dp}O-+khBmw`r+V>*~eE&Xj7%g{A-q@YmC9R_W zUw$I@Tri!4GIx3#NhB7w36j|SN*@+q^S=D|4NL%KFBcV8a^E6}V>iE)SfY>@LC)wPk-4>VLODLf1s3Q4TMP7=8MVW2c$>9}@sHXP7K?TB z4_z*2=#HBl#ml0_>3EBuu?(q6Su@@V&*?!3Pn z1X+~y!Q;vwUH(8>8mXpS`1fCVWTO50^aS6YU9AV&i*J-)7JCpfmnPQgexkM_z`H6; zlbOxl$vZ@(MK|o!Ye>Yx?j^h*F60t;@*-x~9HoX!aK>eMHqSVYk2fk(&Ac35Lx zZU!CVJ6GX*P3di*1~0hz2j*;x8@oa6w|{}M`Ay$t;(+MhCqa%6CNr>MtNZ&~iJ@=sbCDkDX~w-=wN{(jc{ z+ciT-W~}tAd(Xi1c&+KGutBO3LJdXbK;Exs&%4^xO(lN=SWRWK<4gU6Zko9e5)JV5h%vI~R&LMlC@Y zgE*mJh?3%vsF})NzoYX%HuWSv^y5JfX{BNFtRoV?UH69g^+3DDZa>u&$dcC{Q#O?W z)?B?&{z+xv{2iM5KR}>*6BOYqiqj0mH5xD>ylUS9oA-MdLO0B{@I5^>qmHhw&vCm= zqy3_qFF~uKnl;`FrmRXE%!v~xHY<3ecAe%$H~rlvOT=KdtiS>yHxr*-i+6e=9Th{Z3JaJ_g#8zT0G9GBBp{ z^sa!$#%t+?#O`M0r#5DS34qId$xGuI%{r2r)C@3YC7jKk#8>it( zDnpEru<{q2tE0qVt_Dvt&v@j>qi>=aH$J+`%g7t@Xv~}f${3h1GV7CKJYuT*AfRhi z?qR&8OTw1&P1r?kqA6a4Xn_J1-`BgTT7A^rMlYVLq(5USC!a;reo1yL@JF93FO7y| zM^MIe@>ilYqM-|J1)o0EqyNXP%n6t^tQb(AJkH?B=k0;No$K&xsnyJG3|$FC$TYtE zBAi*9EjJzuYjk=hI&4?%o~Ycx+uyw1CCy#6iaS>kTdOTfUt$R#o&W?kt3Dk6Vv~E)E1cFA;oED9YjiGv#qk6|nFXvd zkEiQtTRJ=fZ?o5y%u)JwXc7vzm=wys*TSOnh$^Rk#EfsHEjNMFMa%v-%IxYgPZJFw z;J6QP3BH&kt-k%xwuRLzW+kNF#Cj=I@@zX~<>wpTUZ!$rz2@9)Gt}@6Vgyd2Z0mlh zWt3~|TRi?~W&l-X<(EPJtyOb4!#tL~%US`fQK3tlmZr0+vp9E=mn${WM+C%-9)9EZ z-KXJZE{#oAHotXcOvFUqZi3j>WfwrY@xIt3A1m5{vaCgNgDt)4>-#+d_!3Mwy6d%J zBY`+pue3-wY**sJqd==S8KuJ7)G{Ms9jPAaEOE%%MXS6)PSf#xF z>&h^*Z8t0p23=<~0N2nM;#QSWNCj!^(TR5(v*_{xVhbE?xP1C&Oj=Iykl1{wtyq}t zXcZ-(*jjg;9zSW-k}>_}s$2(fHp70;Oqp{M?3BK|q@UyOoESZATs={L#jdZ)IR z%a=Z+^7^T%%$|S_KX=FNdo95mEEd5zK~bDBlwnODfmL>3VO0ibwpXsNDEkF@$E#}D zd!_lt!#Vx*LGvs?&X{#>WULFuY1d8v`m=Q3+JiU)hy)N&5vFd^a@~Xn+LB4u8sB$JhUR70~ zU52iJuS$25iVKpxLo101FZ8|o@n+Bwbf=ctU^h(ZPTE4>5UlXmgsJKf0Y-LNof07f zv`+w9PYDtAFh|8d(kMlb?kgJhX(|Ft(pf*gsU_3L0>@5xw7#;6tYby0lE1?EuD&=* zOTzXs)r-^9Pb=RTWzBL-KOxlTd)5htFiYmRBDq{inJJELB$!tWUPkTAB}7a<{fPa_ zmjbtSJQnfuf?;-Te6FZ}PB*o|((g*46d)k=WL@K>r$P9SM0gktf^}Pyl4#67-2EtU zQc4DX^B$9*P7_1-_~dGOidXPSOc;VedKTOGzV9l#kq|e{1|>-Z|KkJH!}KN%XP?`Fx@b!z?m~n#@z-3 z2BYhDh2hG}r;$R-w=$(FcU#+E^5WFC1|P7Xzr6^A3P1PZ*GEph0t~E~=Kv6W7_^_~ zJ|6#%NSnrHW%Iq znxt&l+6x&#T+ztlx<@O+l6sT9)U=XvW$&01XJ?Q0p)ia9-%AeuomMrc6PE_NL^ofV zG-k>L#Xfx}zsFi2N0ig<61A_oIf~ObzGyXMhl+06{gc^^RSI6Pg<2X6Jh9aQO_mjG zD+DC1O=*{q-=`NdIa?*0pBnRdveH_CA;fI^JVA=vCv0tq&fd8XuBa@wFse-Pfm!ER zv2|z}<~2&6(f(OYWc9Orgx3fNH98~u){s<)wvt}PdqqqpbrZa`e$h*7T~Vi0r?nvo zUTEdc*XH^Bh`x4=Zppqs>-T6Ryw!<(!cfRmqQNtKc^0Y^K=b4PB(iVAPg>-=D zj~@98xt)Q9j#JoS?qFVy^Psv=X}sNVFSu7Gp+d7E3OSsE?pYfnVbH3P zt3UTN9!9GdI%eIaS+ub8&RCfPY~&5)ee$c!Ki#IaUN5!r$jNj3v%obuJU{Q7& zKUy{TOx*9D?GN7ilR5<(p2u8w8ha-@a921B*I-4EkI)Q%Wm)9#Y;0ok*wT#XGxA$t zp4rh!=a77Wv1EsL>XF(Q{%8}#?rBtaG^f~|18z|JrQ|TuS;n6VnsAhyUq0K``!hh= zmZoO&$p?h`G87u1hJiRz6q{;q<938)E-L@cm^BK7&YW;M^u-{I^gQeMFgJJ@`B*=K zo{km3PpwFQmspn8V=hzZtQ2YWniaN9op*_H@N8Bh;rg2*a-~l%q3SYi|*m2(zb>gKw^MX?;_NCUGBPA!D zV{N-jhP`u+gJZ6|wM|`syWQ#*x-Qk5XZO68m7;ynOslRBhAqryr9eaK;+yrh(%=wB zN6G2P?&GRwZY;&++0aHyBmCU;-rcTmd%?!+&XsdW#B6x6uj`ifC8cBZvIL3~`vX!T zw4z-wVb9PeU3rN`#X(1zUv6C(wL}4Da4kC$H1&iuvYH^+cHgdX&f>7w1 z!S>gr#`p0Y|FHBxCMqDsw2^P}g#o3M_xa~&A!HF*V|9d5!TS+)X~jRWzmkN_?U?GT zxYwr&vixH;Z5OIWUB(VQ{W=zv0gSkxm2qZ!M6~@ydF-}h>bP2eNITfif&9^xyFN+n z3>uvUj)o+{98b=w(pt7UVCGa)$Zv2^G)mUTrg={=4^K==Wk?FuASEiO8xjxcoY8eG zeIbXcdSgw8Fslikk4J-O;`iRSSeG+Vto!R?5Y%>(w+zae|~#8T1g!m|$5 zvqwUUe}ZA*(H$>Ni`0&$6H{Lw@WW%0E?fzwPuwj}pF6rvJ_67<%0mP_sMnNmX|1|) z2P!2w#MhT<6-F|c9V|KL=D{h;8mls_zTBpW)bq zx6erZkZ8w&mBO=w$a3W}bGo&vts}h$Eg(c%<9OvNAI;*l8izuLbr8*W z4KE#xkkiaF4H}z!X8A50|7eX|0RLsZ8*$p7pnz+Ty0$u3cx91oGjLeWHg5&!?{-<* zDGmWq1viimgmo7xW)I>1M3n8-uLWw>-YR#cU_mi#s-$H`oQLOtI-)PvHhasih8S*` zlV$D$1UQmC! zz_w?~=U6KNWIC~BvGg9l!GON>yRwGW{Pxj;Pc)Qk7r7<9`SDB{uNv&$6E~(mE2)Xy zZ+|FiG=R6@3ecwmY(L`T&d6~tkNGL}br(VKK^qHEqfbU{Yz0^ExM#EKGAu@)Wg6Qe zPg=@gmZQ;`SfSlmoR9SE)n54A{Aes~b907siN9!EdaUSxN28j36A9jMA!-hX7gQx` zgKMYP<2kMWg4?r34ZeO)W>WK4S~yfbJbcyLL{QM=rV3Fr0r}D<19xL8TvR!v2WGze z2bj!C@TH9sn*Dy{I#upzKXGZSan}qo&mH)s2+o436CLu0z@aBhtjcf3S^JEq4lrx;;^%z#{F0FAul&1QiCN z!%^Y%hVKDYj=&^>XAII)a@&6A`Ml3snpA zYY-x^N;^24x0o+pwk*{3%Ov#@oe5B3!#s1P(P*+M6LM+rJ8k9dE2B$Ig*UDEfm3Ua&}!Kb2lvL`R|vE=V-=~#ki_snd3o<7W3Xhi(^j7W1 zG)omK#~&JI)ta9jSS)E^b!hUj{$q0yUDi0;6h4K#U8mBH6@b7y*Ugl+VPQ~0fvci_=f*QgkSuDy{A0<^8 z+Dpv6*ZWu;j@Ko1m9znVCJPICh&rm!E?f_9aL80J4SfT(9gQSuu1O9k{3OLHFc7@k zCFPCYq{30xR3Dd#hMwU&j!b^B;z~JLVo~F|dcH|rZ8_(zA#+^mk(v56M!(=x`fc1+ zv33uzKs7`|&PLLB#CW)hd3|W`3k=}ge-6i~4IK@b^`WRSU&umjmaEA4tQjS{&T#rn z<%pj3W?lzhq`7?as{I>Rm=Yw{H~cZYc9)-)C)5j7x~hwi%`7lHL`h2_#a+g2eLj9n zL{UFrw9M>q=q^2EhhSXWsd&RCo}Nu0V7-G;+m24h3Ol^)bDsoh=k2Z=)6_K5(G}iw z8z*vlb9qYo(UzBeNfL%Xd?Q$V3HK8RP(BnWdz*Jo>IIu%gb8W!$w5Z_y>6E z0BAk!-|8IpZ2K)~VfXW$Z3;G3Viv_lr<~`l8zLJC_J&M&b~lrvRwWK?e`i zrO;0plIRA_(`%IMQ=p#nH>Z4ZqAN zU$j??r5-fd6P{rU8-h~ye1376TM<(>SGsZoy7M4aG*|{qv{~OB8yg6z9TBjR>^|2a z^Sz1-*p6KPjk!HtAfC`Xz5CfAZRUmKz-_i|!lDi`_yq#@b$*-W&^IY8PWoIbXJTNU z-g=)>^t$4PmO|5mG<%!i;#yA49ANF`mH5>r3>+XD`eVPtA)_4h$bfdSRnZmX*@g9E zQP!UpZ#Np?w1Mlt`e9hA0N*Cb{cVozM!eX$utcE4DI0$=O%x$M-lQ>vK6b)Egz@8B zTI%A=&1b=o*wb2rSAUN<0WJy-Oo$wd^e%Tms63pTMIcB`nD6|j3w+qtS2{l?sSUkp zs=HLX6pW|^bZgdCb$`5QpNv&2D-svWH9EGAi6suMh1ZRK%Ooy1Bj`S4{j=40hsvCm zF44ID`Th~!_Gs+3JgfO~4-|+&)~gocS0p{1(Vo{JDTREZc`QeVa>K8dmp;53hiYGP z&^OQD6{uN#rUhrGwaojGd^YoDfWPMx;|As+Rx|vLU-<3@ zN6B~vcEeZzXSNl7a-+ZfE>g`oN6k*5JDgpburX0KvG`aub9=%7mv%Z5-yW$&pkYTY z0Rq12LK;US)O>S>BCL@Mnq+B4g3W;;%?_YUWI)5ae80i=Xzm8lg6-zU+`=n_fof4$ zst;>aL_Y8hsi4lPrKrpes>qRdm)ka9QB{ACrXxvXOCtI*ZS|`ozy6LYpg#1>kKs>N0jD}=;GU@xq>=IjN4(=E|C}l^ zr%yLNbF=Pb({}&sT0ii1ysH)yp8M5-He|qQ!{nI6!k3TedlBL@B4ln_h`uCr`6-fo zCK@dpqiU1j5zPF85h``3yxZEIT3yO;MG8eHd&2HJorx=T+s(NAIGv!gC>c$fFDXof z5Gm32NV&CCaHViJ^bVOc4YDrqBt3aaWK-rSTIX}ql4XaCZ3yU~HQ(^RmzotOyKmR}M$rQTJ= z@$ehUjE;Ed2dBF->CFh$dsfpBMd-$^e(&6vYIo_ebT#Hw0i04=!or?kBD-RSXuu93 zz78>Rz8@Vju7%RS@m>CsCa-ueX0yF~G1>ArTdXUd;QP6AjR#3< zr@vfJ;O*Hyf`^~4l&tXH`&H|J|1p9`xD?ajp^8(~%Hxpp$}OR!XH0&cwZm==iu~1Y z*olXp1lf3c0z!*}4IbZSe7ou9>Yj4<4%iCK-uiIM*mc2rmX{sbRT^V`?Stz`Z^O?r z=AIdYu}7BTp5GO>TJ&zEjkOGj%I5yfn&-f*Q!oMM)9JGsGB2b%4f>w7c%_Jk0RpR1 zV6C_V0{4@e?y=b~TV9`5Hiyoo+&pmqQ1}3|Jj653bA3Ewbs-i~z#0xn=}2nP&tB6j z2lkt7v@PR$=^ENkwwk)&q|=m1K_$SNTH|M(*lV+0jT>`b`_@{EN?4SI6(f^E=7#a7 z+2}fmysaFkw&XzT{Soz!CUCVA;^%jH=(iWKZKQ=`uSw!1~j5Sy3kaw zIjldLPqp+v>*^b3|9-BXU+O_R@EGo%@FDN!7Z}^!hz+VxGANuj6|syFrlJ|WA4n+M zQ45#xts&=71AoiNRX^6yyCDZCO1bc2J96F=}=2)=4TqvjNzz--DWX=FA7{S0iS zAuw|R@g@_)BTL)Kponh&#CZ_?L^qWb9Tlu|mVqW_hdPwrHc?BwH3*MwW-mQnsQaW! zvirSWM^$DN=ZN-e^)>r!ccw(pYcGG_uP>=qoP&pLfB#mvIMPyj){c?-X~|bWp)k}8 zT)wUqaxU-YCBuKDELLpR%>uQ0XqyEQTZoeQW?0O6TMhS(e-QK5#Q_e-rB)K6A_zz%_Qk}8|18% z8HWSE2DU~SG+t7OC!O_u1c=#?1A58m$4YD|AFWM66|rR8&yG~xKvDWV11-K z8PD>3PWh3#h$vl8b7qnXLe4G@*Csf_3dKh@fcDfe*dwVDa^06}>tuHPrW)1p5LK+$QbTsBLS1i5@%Xa#gHR4*>hftwNyU#mv509EI;J&wZ&x=*OfF0;&Q?40Y{Q(_j-%-lC~sEu8uD&cW4{Bb zNqBJ-?=fB+WluSyRAcWrnmM?b7TLyf>Ra@OfT7ukE-{`A5bAu+fyagYZ`dHn`)bW8 z7@OSt37O%~B6JgrRe-c8xc#Gts6 z!%)tAGO+5C>o|DJrO>GmQf>)n%<|T$t9s?JhaDx%j5TVCHS#mwOmJNUK|v?6spy;j zD#Fj;c>Q&Q-1Ui@TlZ$p3=}nJe$96d_KzI8$&)3AG%uOtOEC)ByjCFIJy_W@74qtK z(NPO$JPRLuE6L*;&9x4IvSViSU;AEV5+LMO=R{2-FL-ePvVAF+jv$soL?Tjv5iv5# zErU%DLhG;l!t-K%L6d?V-+u6mw|wfuvF1smW40?$#$@C8)q+}F5HF?y+Ota{$v6`ugdiFtt6>xl3I`D$i#xeb%i!&$P80Bw{J zQYHnLZZM!oQ4sl5vej5ZG;WXKw zXKPN^db`8i$?iDCDTgAQHKx(y4#DB>vKpG6`cZ}>Qe=AwIvf7#pvrIT?djUIhmb{B zno>j3qd@+#XapC`SNKzTafwfLVwen0#fZjGcF?!KgB)pp@>d@#hz_P<~MLI+py>-n)3iZl{je& z)XgnZ32P=r`=}M6l@f6RTg*wMvyG|^51I8107=hckH|#-+Do7n0upLaujT|v+M@KV z;JiBMtws{Ip?A#h;ScPjQlci9@sT&MR;>7*;`X?b_B2ry@c9#&WT_$8PJ<#FTaMds z^9=d%?Fvs?ePAPp;qb)6X0IXPHLhEuhg7&WmUuL$f;wc8G&^5hAQ_Q&lj z-%=_Wt}{W>=`ug6bRZ^7Dhak2h#H-KpT)j;PaF>VWY1c}o)4@(VgV}(6$g2CImq=Rg$+>~>r-RPD+Q9cLIWKjr* z?EY9Bk`UOjb(j{G4cp?}@2cVW4HYE}0h#uI$?~)NHs}tEok)}_zhz5JrMGP`C#e+0 z2{FMb^-jGbZ_Gll+g309jLW1}dQrJPrT9uoVCd!|@M`W7D&p9>H49BOYP_l;HX;kPkDVDSQSybSh86N)^44;ZL z8{9p8=1hk0YZ)UGoAex2zr6k$8kgHA_)jogT+r?xi?Hri^D#gV_S%~{Ko0YCPE>E3 zvH}<>1!caVqW3*H(pQpY7V?8JTsftu4lgNtuii-bFxK~aN>42vWR;~l@Ml9``SK~x z@9H6zW4~e}#Yw+g8usjo>LBNq@uHNiEvea@?@Pzs7bjBo({$IH9S#bqx}X-pAR znH$pTC~PlWjA{^;Dk#hO)L1s;ef8~5y@6(9T^Ik1>k2VeP9^s);#3yvgRwhpLU=Oe zo$%$uX5HluwDVGB8WnTH#t31DUG})=_eN^;xnrhiBZq~=4L=3HvCB9N9=1f@TE48R zwsO`Dn`HQ^&%6*P7CZn6EL-Qvolhd(} z4iD`viYV`AB@K;N_-WltD?0<@Jlj;i{yKW{X6VwH<0Ixnlm*dTLsF3(-;j7=x$L8q zAG~*U5k`wN#WGjlP~4Kahsu%}o&2r$A*rsN7{NjKf&0q5u$+&v3ZB2^eJ#Fdl$)Jx zNn0=?=3HL4K|!==&iM{%*kYSpsizl+*{qGDEorTCz@OoURIeDjk_fsOhels?Wb_TY z&DM^tYg#hUwIpLG&8Jl17iJ$Iq{CEViFY;WR?gyUs~Ssr=!5f>AlFdm(wfFB{oXpS z@xjFj_KlPvJiAtO@b;@ncWPDS+H2omjpb#d;vV1C#=?Ax=1UJP`c`ArBDMD&F)q+9QZ@iU7|AGtac!W)H4Fjx(Cn)AKgmcmF^#|zhX5?IzTg!J_fC8*7HN|_<`z+${ zMuX7?VOWL+8>`<3H44`Buw7PrRC&+guVMN}oe3a(+k2rfMI7eJpFeFtGzwy<3EYod zE74sZp3Kmng(6)Y9;T>wXO^5|O*%UGi+|^9hp$w=5mk1NPIB|*Rt@C|s_OK+$L2#b z**WVUyUNgCLXY%nI4lN9~9go_a+b{51Mf{wK_4e`Y zSI}ihY}OBNU6$s`=lK^Go$$h&Y#$hl%+&hT)UhrW-ISzQh`hyR1x@lk2S)vF zIRl(*$;vd{t<@M0%a)I2=i&5%1gGMEczJr*FY#r*9e6|hwOrA8Xxlkw{IMUhku($K`P3%o7>6~p z2Dv(zuzi$PAI2KJdrz`X+PD7^qa{3dIpT3lVK2NOO>N9oomi$n#FHk*EG`0S?XKRg z8zdg?b_`e-K^5BXpygI!-hODbXh{yH z2ib+_Wkj7ht?Lp-C@BAmY#fS zbaT4;5Xgn_5l=1fTg~F>3xlXZs$XfoZ0!Bgx1J(-c`Q%s2usb{9l?11R^TM*!&L>^R@q}|9)xkK zY+`lv@yFx>UYkSCG1OVWZ0)S7)&+$lKOS9>-mhAaxnjIeQd_%OH1tqbf9Mq&>mW?eErxG#KysGxW++_DP!SZ17#u?u2I6xq?x>OhIxV$d~hE3E=4UFiX!>lB!Ers(~1owq<05*OE?UL z8jpT7Rtt&6Mb<~et|jyec`H9{-`NajF927%%F(p%!Yu*f7Bxpjhfn>iKJ1P0wBMT7 zgROoyV7EEe2>bOG(MbO0>J zZpQa$HKOoJZ?z+H>08b{i_Yt&4UVZTdBH#IlUR<9R7{i)C9N^9amPVmPKFrk$F^}X z*qUpff&cn^Bhh|hPK1*onNYHmj%-s;hk{wZdA%)*-{lNZ?{uwfU-Lgpsr_6@IyWlY z0*evqu<1n4i4Xdf5o?!m!Vr#qbU!P~(kf2twgn+Mnlzb|2HG@hgHYt&F&46TMHE6( zNrFgUTP)qatU`91p)sJ-gyKZbh}mM$q<3h%+b()wMxw_)rw4K<#sW?^&0|=e^vI3= z)wviHU-k@cyDe3s<;M@kYB56HMmPz!SHzR?euFTAT)$*MwL+h{6epn8;jE&$i@QXs ziVDpy zO$lkM@q}%^ztUgZs{fh(V~N{_K-YKAeEXi4VB&QfQPN5~dr=|jS;>+YX{xHAmss1g z4Zvs^eCv6RKPoV2YiTfiG^H(FN33!b?xk~S1tKLuLHN5_69qXiuYC@}vs4Z_&o9m)RBv)y6Y!RLmXP zQ)sBlrAz(gy;VBJa0=NOxfrLtm0Aa0@#6R1L2&y!X7~;i>7_^^fdF$Zhp=qQ;25z) z^y7Rn5P8CZQZAO69Nx-DC_JZE?OURh6=JUQ#$AeSUHHcRj-r{x=4x{OCT&yvPMM~9 zMupGIs%W(WkVUB!($diWlxP9gBpE4a)0Pub3$maSWaHjlKl{bz!+ZXkcIh!2Ok1>9 z?itTuM7h_TZpNqi%zFN@iM0aV2D`sdlpSXOb(EV70`b{PgA`1N`{#>c3sHhPw*o=;=kMPC z)ua;i6Ayrlf+YVdExoDmoiI(l%;KnFJczH`Pr)ZPsYbBTjT&hzR*|(QrvnMgoUQ zC|g9h4RTRvhWBq0>@GSP;s=YQH#^Fp5w-(4d~y8FDQUmva9FLvGLD zs}J@^!Wg&dau+|so0Pwc9(J&U+U-X_Q1Qwjh?E=~ zz9d>E9nYH)E<2*;+>Sd?IOVh#cIAnC`q0VC&pP|-cX%KHf(H0qaLlVhn5;w9;I7!n z^V4`WU*t1*9bl1qV!4zpk4R2V_TqQ^XU{eOOsdy3#VlJjYJTnh*5f!d?)y*kTD1*R zjEaC=xJhp{Z@=B6l)bt0x@oNSy@2ElYM)s{Q}Glpw{vK&k=rZf9~F`AAo!eo?>@G{oI?BT=jG1dPf*eITzg_UII z9M?+J55|8x4fzZF+!y*kz>nRF?5FYBU!%1RikZSpl5Y6ZV6Av+=52$0FS+21cx1kK zWUIgle1zxp^c=AzSvl{?4K1au%%54`R*^p=HaD0>hel}ETmjIbJo6Dc{8oojewD{D}j6w>#VNMerx|e#-d*J9Tz+?rcAu! zHR~+bT=Hse@h`cZvXr%O^oZH0QSS_9G8G0aj`7pg3TZOgXFxTGO_{J+b`0(_v`4Y% z2{rx}KaIcrb}kSq((A)OEOgLUhKj!@ZnBFq>$XtVUb4mxi=d@@y|y`yH723&FVr}2 zCWf?z2-h7xDQzqk(Ry;XB+^yO&%NkC&Y_GTvp%G_y8K8C#u0_Kh^{tDLlHYRE=yb| z%R=a-G`&Yx=&=F7j;);WVXJ$ zX7UZ)z0gHXwJK{Q{MLgAw!%xdy*6fj#8)|jaEg08vE{j?alCQA8XGdwbB(R@q z=YEbF7KA}sc&&@d``hD!x~#M7%c^RZ-)n_vz*ZUdWw@q0BV^7quS1H+jOz5ic9VPZ z*2EPvFVgedhPl1w@SUhRBc@GQdN)}v3>@VkXw;@6s|(N-@Khj18cK9YBH-r5BJ=MB z5OtjyLp|wg^q8i0Wj&9A(dCHEC9iSeuQg`{9@Okh-~}(Sm9AXTKEx+h(J3elXWT%z z#cT-Qf3-X6x2}o4qH^x~fbieW3;O4$`?&d9c=SuAhvP#7wZexC`!=;a zg+9OdIVaG|Z@BlS6RDyCgcLL}J4RD}N=k4!TWr#nu=E6s!`501@%GsVc?2>WGLb&4kuz5DXX(TJl?nUg25^e_$D9ps3-3l+yaHoHR``*C3 zaXvdZAm=P=I+eb?xxr11ksqlkIXlw6BTd}W?bZnAo!a<2j!#rKUud{JQvENw5@m63 zpc>bD$O+W%^hDY2O^C;|MT`RC#6U;$thWYEB>bzM(WkCmweg`{znbZF49h{f_b zA#j_q!$NFv_aH4K6ehaHcmC_u!cq^_?Vt?u*D&_e2nCDr`ez=5^NhuxwQ7N7bV%O3 zZS##uQQtAR+%R1^QZRiTE&8n3V8 zR25G2YFNi9VYsTI>pU%BAK>TrEnvn6y9ygu56@Ag4P0qdVa)T`jvQLQ9J8F?=qG=n z5CaJ4k3>m-fOJ`c`U7z_J*8v0MJFer0WVs^OTcrUlUY7d`~1HAL+kJ4wUEH~P3_J~ z!Wu1QZKOHLW%AN%i)vUj4p0#SztUW<2aV(y%5r&9q-K<&6%(R!)o9ENOt%xs?xIkbgk%&bRx=Mj;EnU5MN*u7(rl?mtDM0HHsy9_tnRUc*W@Gc9*!mv?}Q9R&=4p0 zskBF|vw&8+*3HAJ$f-Hw+T*Zx;?b?>FZ zTe-YoIL~|0rK875SzBF8O`w>kzJ+-+FS^XFBEh>&dx?tpsdvv8da$sFNi%M5i&WAX zd6L*|?J;@NKm5p8`eM!Vw27}ZqSZ-oSnZsl;s|p#@b~PkEiMDK<#0zK3cl$cQx(eB z&?dHNrAqoYmzX8LgWHXqwuyc@!t7Z)&|P*Y=tyct-PX~zNcUVdMx-0*#R6^R^sPZL z>Tf#6=sa{<729BC%yNH;zq6hdp2($)C9OnU<|c*r{nx?*EFj2Xq62O4O~tcPnamEP z*89@{FLTFZa!8k0+kB7~`Qwm#qRXk#iX3itQ&nky&d!#HDE?0Q;3XZ%9T{~Mu$Z`N zYRS@)8B#pMm!MNA+dm&4Bh1)BQCpl?!NEYb6nzvd%0TucSCXa$o#u(@xGID$y0^b zfb$I-&0GEB0vl?THh$DijW2o*)B)3%w|kaLJJ-;p$KhNWTNsxkChq2&j@pyNJ)o2o z39FV#t4bIe&h!<+DfzFeysI**%R zf>MXpwq-pwQ(uVu`bpD@t@NuPPv!eUYh3*z>@ja_=GE3#M|z{k&Kxg&fQsJ%AU!vY z$Ty~QK%t5>PTQi%6^A!{#^;E(M;-sPen|oR{ox?kMclM+q{iBw`BNS~+ybFSIV&fB zQWQUn9vb^$=gpD@xmsDPm9QNpM~Hy@m7IL$%dmG^XY|4X>N{jB5heq&_+XP)jK%2( zK1u=kSB#bmjkVSCjRAJm>Sy!#dNZ$+=5|1z9HbSfopE%a!h#8I;{{=7T8vcQuBwNN zilIWcwG~x_+ZEo=(iWk!4-ZhSvd+%|+-eKe?%Z49c#2J<6Pm(n4?@*&<^t$Yb)vjn zpCKgt2y5>z2ec1bnWJPF8hY(_tpA#@9B9%--)-o~W&{G)jGxmECBg;}eV<9qPCMQ{ znH(<6h4(tuhi@!y2&culqV(e}Tjp2`c{(|jslR}Ruc6wiv{AY0f^vAS?G+RWVk|?f zRy^q7@)bWyK}R8#*VkT-aQS=25j(XHB!{;XHnA#oShm4#)zKl^3SVXE`LmhSCZkI| zi)%fN0bv*ty{hm>)T`aixe4spF%gewRsA9LjgZRqEIA8l#8PP-A`G*&6CStBD0YC> zBst@(z`7WW#4yB5A5+N5EwgTMwE^6!1gjUu^lWq1m5J~r=#Z^{+c4EI_4A*I?! zC^JJ3af@}HjL83wx%ZA|yM6orJGIr)t3z89SKCX~Zi}kjO{pzLtg4zZ8=KIgv=pr^ zgsKrT?AW6yS|hO%BZ5*wmKiI;H@!Ze`??>W`~Lm^yWf9$NY3P)^E}SuJdW4v`3_0V zUJ$Zeu03N=F&XCkxiHkz{TQfRbUQYw;0-Fq`s)#G}2DJ7rh@2tw}jo_`T zwXPq?f;j)K=BY*KH0p#4^bco_z?E>0cIw-d==5O-W4qgALE*~7_TY?Ohi(;{pknK{ z)wRAZ2t(+{FDr1(&T&3*HLA;RmxWh##f{Pp?_7*rn5sMO$Sug>ca9Tz3Gve2)8mnj zx*aZILvpj)Ko_Q!V;kyUZrPrfZLp5Fz^)IFM~WLh52{;DG!>}5M;@uQj-7O2^H26T z?Xbp5dnKyBl(^K`3kN>p5sBtf02j54ZJ8%=~)2Ih{z&&E6km3k3IbDftgvOLz zFB7n7f<8cv>_nOBzO|t4|E^kh>1UbDzdyIZ{z1!OuHoQWWYS1fq)EACr|IdF#(m2- z@kNH#3Lx{LYIR&lp+;RDJS8b9Z8XnERg}OP~1!ztYY%OT} z$Dm0*bNfTtbqaIYR$+H1Jm(KE`*_oGnVGX`@s4YTnR!{y0a74Ha`XQETh?Dl29eiT zk%AVZoa}Dwmv5V(Z$^|}pmt5b*=HrGHR=V$57*lByC-wE#tM$ta~afZm--Z_TyEsp zyPzUa1*&})<;#Q0Cyl9Y>oI9j)q^R7S92~tX~IG@OxEI*^JLYZhl)j(3}Vbgo6C4x z@ZgB1>c@G)0(&zgo7}P6<1GfZjNa1W3j~kXHtBaBj3~a+40yjNe=h->jf6+EAf6QX zO-4G#eV3_c;pc$6yLt6%)gb)Oi;Mu3;~b|#T-N8YC7Hp>=3I-ss1t73kv8#mW~Pj; z?`?5IYIC*64^uFm9jvyudzCFGD-U{vAVz@KcV=5gIHwVi{uk!>(rF|iK88`W4`fyND=U?Gmu`E79Tt7%gmDW)c=$=DAn@J#*v} zbj!8%j{*UI{I{PFpFp?j%6QU$FA}fgucSL_qeYr(xGbV5NYbn+QqGA%16n5RxnX zOekvi@qX6k2L^-mSXciqz5w>uuD*(2(T;JBB(c#__hdRsvT{NLPj_tEkmZvQ)wB^3bO7ylxFd@b=-o`i2C#k`5_~U{1C;(=Z;Eag;B6^9t5&Ra2pHzH*tvu0uF% zX6gI;oG<;iCJ(bXTXlUPtk1$Su8^X%BMUt1Bu&&>8`Evt@!hQTCFeo+2(P3w6t5KZ zqXr81|1R!|KvSxzLmeP=wbCO+U!JS-pt0(pVnQ*7%U?|XU*0eWM})zJi|g{w{v<@6 zjjcZ#d}8b5ThGy(<~^wwie8(1ed}eh`#k+KQjF#rAe^=_|C6=#;KiYsW2c47O1Ir4 z0-+x_IOeeN6g6GTMsoJ2e|!8ug$@rUI5N4rSM1`1W|}`9ig&c=t>C}D<#MRK;}&0l zT4VI#TSM!Sj(twn&Ib)~s~P>MVgnm14lkvYKX6HHgJbm038By~UODo5)o*4&pJ8zS z`gfqp?FY=fyy59D%6?vV^ZC&j$d#PhMp;{g8__ZHpSLluyg^nmxOa>d0#u5C&B^+~jed&!G{kM<4!UD27 zluBx2DpU0m`bNM<+X}>Yeyv=ArY@+j-!Sg5n3YhwOBOHH*=(q&T$A+{yiizXFty2L z=}lPP=N}VmZ2P3pnA2lAez6qPKV&mR-E6#&Q2Xr67{9j4N5m;yBmSLfd+b&EcI6xm zA3Ynr_!t-DDt`~xboT+Qu}$mAq*FAo$Mkvi?J7Bs#3#7DP6*AA<5*TNRZykM`IM^H z&Drdym^N*j_UN*VhPdK~#2D?b>s3oe;PYlv_`Lu%zY!Dn$_PVN zYR=GmqmjGsP)fGtT!raV1b1GWgBYbiPSO z@`)31=#v_!PE1GQQ;(_VKXwtDFY@ZOiJojOaYaQlB?6tC1NM;+ z6Dz%n=1>N5bFUyc{(0Xuk#9WTGCEy^l%T~Aix-u%964n=a^pV)k2f6M6`x~!qbz2q zL0}attAJCKx0Gofj%^oPY;so@Q@no4qP=Mj@J3pCKj)JoL}hp36FM1R$t?4CCRlO= z-8K`CE-HdOd72(p7LS)bcl{mOTFevF?poRk-7puGTBduj8#~N8u85--HbK2ii!r)M0c>akS0vr=ES|#cf#`Aikb9zr= zaOZC=EzO~YORo%5Wa;Qw$gV%gX3fXRwMPYFS(rVKlph5!<+07ZLnGH0w#Z~SQBjW8 zvzDDIZ8^SqQTg0P)x#VQ)@{4~j7l4(#3?{O&CJnd16g`k5i}~YW+TU=?@V~cdT_E& zAY$o~>r^Jw0O}yOw1R3UdQb(uV28hMe?RgJtk0&Yze>LWisQg9#3YRH$YUi(1hur@ zo%?`x(QP+*ABW(xJLc8bry5^$rliajpmUxBgX-xE=Foh^>-D7Zr#73L8``CGZsuBe za=c1=8!h>`ntPZNxIFWKfXKR75x4O1x zPR030$0mJw{C<-9ClFoIVu2P&y%pqe>?7RuhgtARj|SQ)_A>rO)7JO9(&FT0*KSsl z&&a!C;ChE+fjM?deRn;*fuHM-@eN!9Y8WR(>I|mmoB3-$(pyrbT z=teJ8!*;UgEJ`8=vXNo=huObjb+0Qj)q<;4jvP3EjY$ST@6PaxZe|vwG2BYmZodk; z`qWch-l){2)^XqAopLe_@vp{)3HP-pAH1Svr1&5%yE7)$5}!L(+!8d@ZWDNuw$)2$ z&&n8mfu7=5ueJ%z-faD*55eBNrPDPJnFEB3Y8~D9HOF*p%CM!JC+8ET4#dAb0)z_^Cbt`%d*2H7UQzGbtiU?x?C~$45*w^t8BB72W)A zs#j6K5hqEm*0FF^V!KHxsSXSmnwC3`otJBUa*onim1Jq?+s>tOS=+h#vm&{rfQu*V z0Ng@R(kwLp-8(In&(0FpS~wK5)-045I`ra=h+4!N?YgllpIM&pq2~@9!R& zKVUUV`BrUU5>e=vGPX>yb0yq;a#0bnq#o=s-n8_(c`6f?!)bTs=);V5TGf;jcbiyl zD}STfF8?>sOJee^KvqYcsKLjKX({bljz)0oJ_r3X+-`DD$k(%V&uw0^@}!Bm0-vky z(Sh#C`Db(H=cG1l!dh=qaYvF41K>>tQk<3*@2Rwr(|@Y6MKp>yc#GnHgPF!LAjvO| zJl2;jZ8^CRI7dy9uA|Nog$NJ7M!=*uh9=2;7f@48;hq+y(q1Mn3E++&VQ*#*p|ktY)tq}!{tRqp5aUAnV2y0 zb$_?zqW|C^a^Az>J-Zg17cZh?thG=lB8KKn#-y$x9X`%T|FEY1J=EvK@kWn0z3jU` z)s_8Wy~=htki~xz>p1^dlppUTJmiE-m85?2_V2Ch>dnm1lq+@k4e|Sr>+@OGV*kOW zi<|Mc<5Seqfs?;sb#iOw!v6_X~D3wXOyX1vWq!^?cP`c94;v?{uGn<#Y9#an46o+ko)~Mzpu|#&z}1Y73v1f#wk`g zE!p`0{W~YO4As?**Z9}m@!WZ$q*NCZUjpZ_`08+}38-^j7(4dJj&sLt`gnQYUT=&S z-M6KB2^q36<`j5q`hP(*IfJ|o2kx()#kk>3bu(+EeBW&h<1|3H64-d1J?O1z8uN}v zoAHL)e=okjKN*KIXYMu|%Xe-_i%C&5FoD&_d_bX>m%ZMaqFps|z?9^Qii+e<-X@Eh zgFajR_Y3lAW~e!Djt=NZc2;sk1|B*RW%MNUH%fSLPrnWI~cuD z)B-_m>76`XH~U8;w_5bmk+zH2wm|;>o-bCP&#~2mrd$9TI4c9&`EgMRYI+4iPgi)po_U-{EQ=0&p(a*l2pCyZC z-FNIdx|W6)F5aOgdSh9tH4L0PVOi17rDHON8=GU)y#u3Y}s@(x>E6bs)q{JQOxZIrFy^IeY+;ICv)7B%bN`v;)s#rQlU#XZ*GpRlLOv=Gt= zoe+vx^)+7+ocQz2EBUq92*%CTVI;aW4$b-~0iCQXk>f4Om#J0XHmRSv7zV$9D_Dq1 zv493HR8{|~$JL!3)CVyLv(SdTEPKH^v6RFrOZyxmV${FlynnY)*mas3;%#=X(YSYq zJM;1}iB5iZ#VfveG+ORbi$Y%d0poarCo|unGNr6(f%)+T=1qXyA2tuIp`&@&@XK^y zrM04Jnw3u`36l8vjKsE5?^CpG7OM5fV0!39kU_hFf5>C+_P0qJ3!DaxK!Xb0;8K{` zyi3QDO7Q?lj{7LFXFfTeMk?i(4TbxK;rc(=GZy5&{1v7Xi3m)%)b}CfLW%0hrvrsG?t%4*CsdbM({D@t)9`8pL()Yc_^W__p+EcVzVw-b(3%m#=Z}|pY}X_FQr4z~vf#<2F%A76 z{V|y9zQV3BxJfxf-=(AT6ziWD@%kj+)NcbrTy4Xw5j%<#585`Y%D~~}0YTs=SZ*AupfN5Rp} z)Shv3Ae!2h5z{yI-mWH0(~G zb`aE*R>^2bg3LE58_l=<`}E%=;Qnhx9k_TPymC2q+3n~L^&(L!Y}uqml7id>0O$k8 zcP`JbVh(v0=7s2>~$}R<|8hA@F=j8zM2KcMt+nK7`|l$5_T&{*dH~ayJon$ zI_VLj@}M5d+tp_%1NGTp{>_ObV0rnAFnRAML|rsc?{!bb3#Vy`iiT>XH>JY52qcXE zQ+7e*J%Fsgqsv>hKMIB2u|{*)cCo5X^?T8->pZu(YcvntcuBpYd#AOb^9*I`+YvKK zJwhr(0E0cz$4eR00(+E{%2_Pe`O6sx))zO2)fNN|BS#&i^M`*2m^B`Ze6IkMKdfk? z)UP#An;$l}mTV2WtuRu*LjdS2$52_I&g)$hL;Q{PZC2e#6iAmcoUr&QpyrVH@x=BjZ{NXKk zs;ftWoK;*sL`Pc0PC{R^{u&l_n=O3?e=nj}_QGxb8==8xQd)K1uO$zvG?2xk`C3}5 zj-8uCi@hB-PS}_a2nEWus5-a&voB3Qc;rR6rlNadMMZwMuFrKPAQ6#Hto`fvE;t{W zg1B}Nv6}xajNG{KR?Y9mljtM`@P>c=x1dt~upd=)Xx+~uHn7W^zT*my(#Xs=-vrY} zP_m3ntg*I5i%y>H_nekd_#Mzzn@H81`F7aKqW5ITL1?g%_|sr{hj~ZeoN1IuFiE`u zV6QP+YTZ$icUfqA?^s`1we=)R%*}LP(GLWHGAADf4^L&!`vWf(-L@&eUG)MDwq|(4 zo&|KD5LTBw*<={1&nnmDNxZI@0*|b8wyV+MJ$W91b;k&FwwrERlf0bqmri%DI*}hxh*dP}-#^OFUuT6@F zjCU3LbjVIZM^5XG%`_sMmB#s6@a`8g6+&VDEe_>{E}Ng!-QoK*Sj^^_7&iw-QS8@1 zT}xh52U9%=!A3``%}VKXi_;tA<}zzJ!jYox`HiVS>ZBUiH^`F4u#;r8AK)w*bi)DC z<_&-4OgbJ{-&m+76QBfa38<{}ILrtxX=?C|XcFRV8MW<{jKoj_Q$+`uH^6KuUhmIB zJu#44`Wr|WUl`Z?+A~b%yt`{rCI4}g#~Y)!(B)mx#g^0{%3$Y-aqL7Y!zo7tl$kj-8{)Dv`+Aj}+tSpoL=JJ> zQ)BzZ{^-C6X;6FXeZ#QI>igu6`YfKA%bm)8ZX96Y8+*;zA5#`xI}sbI=f?>Lw=Gkb z3p-+qSm0&=;W@j$98E>df*I z&E8Db>sZs~#2Hz8W%KG}sm*0vtg@y?Quk_2q#T(74QHJ@NSfYV#W^u(P(phzY@}!_IVxop!3!ZY8D=7%RY8)T(peL$>CozWVwN zMO}P)57Qgw;RpD3LM+xAyfTM`2Mgx!SLa=`b*~{jjM+i;nP%blj1Z=VH3%EJ^Eht@ zAOD}r?@X2$c={j4F_=)o-Ki8j1A-$(PmEB8U4lhyS0CO|sX+#^yqGr+M^~gc%gj-zqn{daaZ}KrVzk6O z=>`}dq0|>0&NtRQ5wAALrwGdNF!$HCRJHZF$a?D^@5gqE_An3ZhLR-&e05OQZEc7U z?5pWxJULbRej+ZZM4E`H#!G_l1Vc*nyx|8*WZ+Wr%LWpj~7oldl*201X+qq6(e3_e;?S9O^}=vh;cEqY@)js zI!%3w>!SCFTwFK?!ke{JJ5DF#H_e^}{21YPQIx(WKdSd?yYy-%h92n%edDMw+yT4@ zBPw^Dr7IOb*xsX^LYLS0@-aP(al&)ohhxIr03@?P8e3tKVw9=*YcpjwO~fS4EOc4$ zjufEftf_v4ips$$z8uS?IBf40~V%QRRoulRiovHl$WHu zP^%Q%zQFH1v4eqoZl7_zrN?{oBsKkYpc83gQ#9YQ zi~Ma?6nU90tRiEPJ$G3JW$4JS|8m~EYv-Zs=BhCLm0agz$y%w~T_Qa)AZ59cLggWG zcT4F-?=aicnLejFmfz!UC^W7fWYh@J~Z zyqxTyrr2)Z>)P+dj0_=*6Q-V6!`we6CfkXm?e?5j-)xr9hLOT#?>3;o@HnhGzQLZp z>)=Ueh*@-DUOwF3|Kne@2+q2mw(`;ou?F995T%~tY~K0n;D9JC;Pcl--VhV$+etM%Xes)Jd&-mYi zG^cek!8VnFiGjMP)G9CAwG}%J+p3H|tSY!NWuIPatC|jjj;+;nhL)J>zn9KC`HzHrZp(2uAEsvaXAjQ8F4{) zS@&wXM5ad3)XtFJ^D?Ky1r|h^z(LV*)s99DU=lTZaN7TNRVPH#g$_)zxU1@LV(C(` zx1;_um6EL{Z0(o7Lf!h7Ht|^weV~(^^*nd5k9kh2N7+#tq*c_(EKl_wl=a=o(5dRI z8Y=fyz#h4$2OBIp9aH=#m3!%Y@qlACSl_jy^MGyPys*jclQmHvzBqOm&-s!|ah26^ zW9lGfWm&_npbdNSh7J#6DPDHao1@FmlL4XUR@~&4<}!TB&jv>o>)9;%8Lcc`CT!Ug z>J#F;HoS459GBvyrFRAiKy1CFY0`0K^+UU{m?_hMI+%eupYNU06~Pi+Jd{4KZo*ax zD%jzKgtY>+O1`1y8r;rfcDzBK>-kP=t4Mam;q&c59h5o7WSW{DenK(9wd4dh1_`1I zw)kwGcCz+lTr8RQFo%DfaO>M*8M=EUPSuRlnHilswcsM5suD;;sAu?myxDeh|aBdld~KI03$k&mAbY+FJ>Pu$ zc%2Jy3ks%{;izg|!MNLdGFH~SFN>zaV)U^)GO_HM=#h&2znq*q)3y(8qzjv7DpGfU zYB4LjB3<7!xYLM#uF2&6>SAAGg;s}E_2+rVg==t2_={nvAJ2K2oCB$6<(@^rg<)CM zwJ+>H?V5a+yI}xF2fjHy6(Ay3VEkaTMBn@5+iF9G*oGq()g=KnKXM?Bs zUz;BtW%`W56-LqaYSR1m#=h~ZJJ;{#*S{E79LXB^B=8a~zIJqd;vS#bAo%zP+8upeMqlrbPV;G;GWGvs;N>>*q0waL6 zq9vz-cglg!+oCcopxX`|Hc!?kScl{_sb=}EjX#b&ij-v7f!I|WCCB*?%Tc!kd_Av8 z-{dQPrSH-kee7iDN?JCGUnEl^v!bT2M~#BivpIKjDFI&_jouuotZq@M_TiNbjW`#6 z2~wy3nIpthqjg8X(eCDt7WK>~4!U&ia~wCQLLm}A`o~5jxa#HrZZ046*tyRht*|Ws z;%}c=jxj9#bbV8y+!VxLBP?sh#N~Y4q0mjIGs|y%O)IvHcc~Bj;-Sj~QJH}b820PV z+BXwF{N=&b8Jnw-cvG@4S^)uLnY(CvUE~}%`?wjifOdQ%L@us=5Lxf~iGtMBbgG-( zyo^~|gAGIDuAev6Wm{&BY@HZk^bK=Y>V0X$OUwRc#Y-RU`5+DFu1UE1Qj~6z^Hxve zZjsZqzHJOg4DxCr-Ly9CkuU^&tz!#C^)ss;{dWW2X)Q;cqavtU>77 zL5nmwGvQZ=u0TmZa9@9n13xew)Q0*5T=UXlzGF@j5fZ9*OzpX>-CCwnF}6c=?S{eh zgC4=F>$v$#UJhXC1v~Zqs?IKvb%ca@HXY%E%{0*7!Fk*)j(OoacDUdV^d1T3d->+V zuSM{e?mC=!Y?CIYpQdr;CuOL3dakFPsOg;U0$S|it5GOgO`QAkf~Z@hT;n@rMbzK2 znjBkee%{jF%+JBgD3^X?2 z_n~j9q(ExpdE6CyPps^sPavI#0X$jWPS$~(vv-L(%Vfz(l+~j3xUSfQEN;g$JjEtD zGdfLLSk~RjVq2(c3^oI?^>>wXU6BbYO3*(_o=QY4FeU^b7`8XSh-Z zQ#n7!d;)Su;*tewc>FWiB`jeuIUPgqfdAC|v2 z>cla$H}{~@*4{aeL|ejUb76MSR%YwR`oOfPtW2MLlPlqgcj3(k6l`5f!3e!L>X13< zko!H55Dx`l3`4gjOY_HUB1(MzTIA%8vL~reoL`;RAa>q-lR<@bzb=@sn*asqGCjzG z3y2coG?h0nCN)7kH@)l;8B17|Uq8ovGPb;seyS6$a*)gOmYEI81GC$Rb2b2w`XCJ4 z_}PWk&7+*;7Eh>1Z$)PuB^1x*&x|;Xx%-=M#%f!f=@kLh+g`4Dm<^L{(V86}@p*Dl z+~lVRQA;LzgHl%&kgGG{2$z_QY=h$aZ`36I3P&G3cS2mHf)?WjBR=|7n)J%KYx2eT zNmyuM%}p(uJbTmyz0AaR^8A%=+BLVc`}Hd3+gGI;0Syz4>8gxuknG zVcqw>Z{u9yRbm|Z_Vj$$J&@mc-sNl&-pCPywCmU#;P)#sXc$}7gLSJEobKa3MqiK3 z8-KK&m4i23vhCucnL)em4(W`MqlB807wvtJm4^&su~HrSI9mrNN#Ly-UlnS@0wp<>e6_8yjJQHWpdIwH77K+#mf1U zw)ceoQ~!;T(Ho^ATYxfUj?QdWl+S_9eiotRzVj=;YOBkylvXi*?-y{*B%9@9Bo;;dI4BWgTx|A&>h}PgHt&g^%@jctOVz`^dnx$y=opZc0_N;X5@5p^3DWW1;=aX)p>ZqU8O+ zME1d*bfE7r5q(@Kh~d|_MJbC9@HKuM!;NDZzP2^|M6pvO4~@V2ZrdPh5lq71Ph3Y@ zL58Fu~I<=5V9g;CtZ=K&zn`phKd|Fse-5dZzR^ ztL9recLnx_ zh4xtHm#xwb=Xn(s`JJO6w!WUxW*lQp)HHSPZUB4y5h7lNCRx}l_)XOZ@pZfEM7yut z;VF1APQy>~=e+^4%fUHeya2092ryg6NP+N(F%DYh1!51#~ct3b$h(8pW+JrX%>zfYniVN@u+QyqM6gX6#b`4CF zs|_Vx*(Z8UT#55lw3$Y9#tQ&qPaAKg>_&8|Z^B%kO_s{U8sWoyQ#(D>956~CjWPkx zT#1Jqr)+{AHmw+}n9r9^zGf>tbc(882xCHxY@wut_A!QN6|&g6U+yvjTcbeeq9boy z->h;(siQ{W&Bi%n4OK5n^`{jt{cd|=_`eT8>4h&bax|-MB@?yrClX7mvy=F}iXlGF zLvmN}Ye)k@2am3!N6qN;{LWo=(R}vpgCCsx=*A{EL%kgs{O?rhJTt6bP>1#pI{bAzP@ZLzVM&QLR;gn((dHd&U`C7Do!O-R!KwCRfeWU)s6@r9Rg@`n6_PGg! zXUE>seLLqk&u#W-u`y+T{`5HCXHS{s_M!?2z!XrAtXh`=+-I0tuMX>VG`})e{N~`i zzLNwE{0`g~Ll#*U$G%Q2(2#j!;NOw_hnkM;RnuwN#b(Gd3}VUEAjhYN3v9?Y zu?4F=Me;polW$+%j0JSgzBdEd3#kAKCEX+aV|>Dn`&xO=#~c)1JcjAt)#_2U74!ip z?QJ2Yy0<;w%PoG$g1^i$wRkZ+=bwERt!{R=tA*b-*fV06d%dYNW>q9a{iGiR(#CFm z=erw()z7T(@J(xgSwV53|Fk^34&K#lu5R6)&f@M%tyDh4cQLDPJUv(ZV7PoJ9cvO2 zXv?$qRhTDqyU5Xe$la!;{=zyE-e;dFPA{(ZbC~bDc2x&pSc3&%6tL@8S+_A)OJAEr z%_yeJS|FWi`yd0mw5vR_Psj|r?`C3IK(aKGRXhm*Bh_T9#xW;Ola>jgLgG(Zyno)AkaP!hZUAd` z_<^l+<0aZ9ZLD7(|M1`MGt@SK44$B`p1&krcEYu|(z>ZXI7eJm|8W!QT+9^3rN*fc zC!Vnz^R^XQr_TIv1cv=q-WV8M6GO{&6NT!$2@bvcTmn?HLT}8&llE?fSG`0gah_t* zwSDH3r!R2mf`7-7$>y9GrfvKeTltCWcK;<&je%!k*)F9+#^aKV`U4s=#UE#%7g4I5 z3y+2sEt>qL+cVrIeUxRaKVmu^ZTMJA=~q-TB2{0*^s}dL%3c<^_Ur|^VHyTr)iFL5 z#U|MByV*+c=Pqm!)aNmSaqkjrz@OW|QB&@Hl-$i=#qpjom_fF1!N#Zzv zgl1#e_lGjP^>(EVx%tAfXZEJAkX+3+-o3cIXOT&NBf(wzc`Z4;=bC))sQ}N2iFWMN z39=D@QwOigO<&tT#LW=<=Rkike0AG&PnA!YainWzD13{+oEC>))u|=NPRaeLI^1;G z9U#q5oaFU84*@M6QIz3v9H5uR*BOZy>K)x+y&Y8Wt?HccqY6dQY0o6h}7 zOfT(re{wD#2*x4CKrd+!d#QH{nhS|>)a3aR@1ByB*vq0JG^@lZ&I7A^S0q3%!m$1pbfwmDnD3sre%0D zNx-EKW9JukE+@HgvPV03jI{gwnVU^a(K;RT2vXk%yuN9FjKfse4_yQcj!XtZnpZ() zqTWw-eg)xu-a}G9=6!3rZ^EzYWAxrnkk{DBxcFv*n3l&_kjcr3p7Jzpt;5WQHXdbn zAHf8&QM(~uKRG#-6KOG}*t(H0%kBntZsE`|b9cw575qhaooMC^z~eiinRvem5#FNE z^!oFN2f_%fJB-(zUHyzcXea6+ckr49+ktUKdUw<+s5z#S$E`#(0t#e%sC5j-d{@b4 znZ4<{pXck&1C|sL6TT6keunrJwl|6TQw9vnvu44j-N>DKzH@^sBQ-&=waY$X{b#g3 zgN2c#XH(AAxU{`UTb{&DQ<=>%5xtS8X)wf*BdA$`;ua^t7o%>jz7BTCBg z@r56h;1YyO^zMk5gEAScJrW}e6M6BW9`T0XoA<_2i>O{bAgm`y#-d8@Rin!v^SfH@ zz{0+4N!9bB9m>};fi{{9wpa(j=5Uq4&GKa0z*wfVM zt^|Df)!ob}b?q_eY2YDi#FzU*Cqo`unsa{rg@q%hP2E%l9(}!T&ObhvYDbw;B7`lg zDAXk9Ttr}DSuwA@ZQ)}>qfFgYQ}a!BNfB~>UUW{}Gl$dJ{B}Ds7Wo80N|DBd6rD5I zxdq78PHZXyXsSK?cx^MEK&wg(B%VOmRC~8<*Z}e=n##8E#Gm7wgPeQYlTd_oYMoG; zk(M=&z~Tv9_Arl}zvPwCvzFIYeZU~JSBsXux!H2Xb|9|<2y6&JS_ms%8bTMSbsFt# zjF-45IDH;fCtZ6$7ih2}vPIFC7Bnr0fR9+K95;8TnzKbGiZ6_)8r`W++eKUUosW|K zj0G4%-8_3Q$JtiPPS4RI1{!sAnbi!n`(n6)s9^t!9Um5-lWlkXvxXPBC)PHcUnFp& z-1E5_sMi^ptGfe_?mKOmXWMe7e*#{kR^#%5oiwuLrt@UNnL&MEsT#v{ac#&}cq4KV zfz*dXH;TevCA%?CzXkmAE_1#mjZkSV@u8}Isl92saiyant&Krytd^VBFWxZ)?R&8r zYTfw@RLCp4?|MzlJQrm1vvYr)-7o6M%VN!P&mGb3Qlmwk2UlXALvGoM^ksr@dm6?dk1ZFi5R?Wc|f+pG$_s+mxPIhHZWm zJ9;MMpBm0xeG|>L63QNySCGR-g0km@!hqqSEU@~(GccWF!?gVKl4CtDG)Q< z)Xaak;9IGlYcBt~C5&**%%yAMzGomA^d@ENZmmN?AxgGB%h`1BOdrP9=rKulLun&0 zJg|FUxkJNQ=WF~TClP_WHU_FU7VcQGY@QcTEmdm#Ll=zZ!P)k8t7ey#Bo|*75)ZZv z7JuBUz54di9Q&Q9q+hb%=m54(hat|hN965ePvSy_lAW1L9&KOY3J}s2_or3yl7wsfIl+F(tf{kI zdfyp?+yHB75vPrSr2U$T?S|*`jIX&YR6az&-mJHJFMB^MbT3=BYc07k%ziYjm@oLW zC0WApr8j$rKN(`sla$qZODN*_8leJfJdwY`DKheHxBtuF$4OpZuRSf`#X=FPc@whV z&)yL>%?YCo?D&w+)>Tg=X+Iq=_$jNBwn-=40_Fi#Y_Tx$zS7d!kXs=)9+GTFIb%U2 zlwjRP-IHwSb~oeIY2x{0}cTKbIIoL7=U7aL7xMkx%xT zoX7ie{6+0Sdm4L(Vn0y^eiR4QzSKon!>Vf4$sfjpO-|DLEsMB(PspSU@7{)Mlp}>b zq^%9aK34il;gDB@xANzqADpy&eR0T8iljDayk6r^FXY%ZTFMhfy!Dyd&B!iJ(2YK*yMRMy#Omu2R_L_VV zB6MDzTHD!Gz>z}ChXk_qkYOC9$7P*E?_A9L#tNhLoC9CIi6DKCSt zm-40dw4d{`q)k_-tgkX*_$F1|fpx2I!i64TYOAn-IFJ+E3HUm7mT>2`ne00kI@e;) zz}VeM`Ic6;<(Mlj5AAnzqKd@Xznc514h}gOe)hAyzdzu6 ze|WE7xDF1OnKjqUT5HyBa-g>`B1u#OSJ6gJ? z$K*d(ITANC3lT---00=I)MV<5D_Yrz`nf0w12T7d81szgmAMQ7+7O3E^$@*iw>8(P zyQ5&gUNeC5VdDCc11N#LUM1*JKbdjlr^agCIrb>?c3!;n~gnelSIe7-%VbG_+ z^x%wFw}J}}Sqi20PPN3t%2;T9$TM!M z{!S#ve&tBa8&YRkN1m@F{1Fk*PadP@Cbr7a%Q3z7s$j6~=m``?j0Bj-Tab3*eLF1aM76X*z!q4sy;AJO7<`EgVIsIMNy}UzH)vYOcx59yr zPe+EK*pJU9udu=5L#qE_*m)nZ(Ho!wu#TXz1la0ZjdZ07#q^JSX zu^niq(Ic3$h-Vma?HZh6)Ew)1J!QBT4Q^(>PNmgK(zkEV3*cAu+1XzCINeiq{yO*i z?QAiGX0@Vd(~%0bBE@8^TLXK)Vk|DK;LccszlIRo zN>$Q3XVeN^m2b7nwd9orYswsQwHz&t zD&)x6;IU_Ui)}rY6UjBMbf@3BA{#qsU@uX=JCFc6owbp$C$9eBVW%-ErdljAPikSw z*+X5m?trSo3T&R|Imf9^qJvPTSe8L>U1!|9lOypZ%9B^Hgoh#9YyPqj4^DmkSU4R^ z8d=vqt@(C9NIVJD9f+4JOPs>LY-HA6YQpj@C3glgj~ttjq~I_fA8q3FSb?yKo?qh; zZVHSW$uCk|y|L^oPQA*P^?7BECqprt*_bCKexkfis_5hDgQ|G-SA@zuDyCtA~ifIke-U2 z*BJMY2)L`E({Km~@UDy;OqLe|xui7{=mhe}(F^!ha<%$hNLox3H06dI4n#R8K`;M7 zR&#UA^gMZ+aL~DQJq5M^A&a&o@*t*H{p^ckr+tfc5B~O}`D!upr;|-0ThOfTTe^Mq z)woVLpg#&t&FvS!El6h=kd-z|tFA%h3KQg-vK*~4Aa=DokZ(Kt$^!~KD!zbA&^yj$dQ{)t-~miMPf zT?91_wAKyIRn=}V^eX9HH7%majqoTcbjW=*UofQl1=}Qp!!2Ecc>VOY5O*^^o^z!%MF zFwfldrDlhmAEyQOFd{q7N23(s^(gDdPZm&Qaj$C_KZam-GUTLn+ zf9-fLyZA7|)-WHK;QpqyXV-^hzj_0bpYN_WYOwLG4N2)LN|U(_Xf((NpXro(xeH|} zrtuKN?J-`u=3HK-netKywNQ{dZfDO~(bSk{74POSe%u4h0#Lfo=$-a9S?oF?fI0D$ zl4luXw9!7#1t(vb!4QoXSrY-7!$$&np$^?Rb>t@PYd%1n({TQjd_urMc721XCzOkW8{cnFaSh;qLEQaQJshdnKEa=@f5s&Nl$&i{**L$ zn~KFz9Gu5)@kXMMiRV%5;r^^QHJt_VvO)O&Ge=+`Z%Zrho&Q!dRs@-slF%L!#vH z;_GI)HmAs8fHuz&_YrvkbFxWeAj%pT!)&fUdLEcaFQbYrN2n4`s+PI zLjQC(y#MMhN%i0JHhNmdNGVP;H4KH$%29!S9t73 z=mR_yGx{>cs>lb-uk#&i6UNJrFVTx*EfuL54}E19!l<#hW2xo~E*7-b*Q7w6F!Q){4fnE@W1?0vk2*7_5dg_^4iaL0@pW9JG% zU36=%P|o7Ty&H)%XU_0xH{R@P;MEqXMiz2kBT0g*|27!(R2=ZXpZwRl$<#mp=kuK= z;@`jr|M+FT?*G+g!v7d4_4WT1egAVl{{O1;pK18DZYo3E5+s^bwIZs3L;T-AbjKb~BCjqoVBm<8dVIAG_S= zpdySUb2yjp%#RZfZhWYaBu3gB=US2W zV@`Y)=nnTfw3XH2z6c)C$=M1aLTS_C(Phfv(zQg?u5VZ`yZma{Ub9;WWwb`!bj>~F z9}0-ts3iQ4Ht&Ar;Hr5eUF(Fmkr^(v|URHZXArFzrn zZ?UN_Gs#pa6e|-n93q~Z)`7grNlORyjPT#vuYl~6Z14K+oQ~D=yyIIvKAjgi&G;Ia z8)F@1&H6SZ;Gx*J2ahNR8{rRx`p|+q>J@c^^~2?2g6o4PiT)Z0vY6Vs?Bmmv+}Jn4 z0S_~-7XQJ>SQe$D0H%3A-MjYSLFuuM?iWIq9NOw+9o>sAFQt-jtqqXkfroF}RUqZ! z@pNLo>CM6D@h+@$BaRUaW#2Hq;RShiOs+{zS$%w9bqhLQ}Qs|3v zQj4o~iHK!pI8)6C-oORz-P7s8ZSc9EUZ1fbk68&KOYJC!JIL;eK&yW)kD0Bp?wG{K zi(WoObF!z$E;xHI>jkTxTf8#hdd-CeRG^O3E@!mfQq_oP~FIdd_euAMU>;wJ39!zfKpKS2JpkII{Zf|V~OF2rdr5_z^^3r!bSg)M3@^5${ z^8$U2xtlqPvOJ$tHyg}x8S{4r1a&t4#1!M}1!QHR!Ioeu@Ri#HmZoLwdVI?$e6U<> zzw;aI!EPXFe=6hai~Bn&SqW{o9ES3a_bTON+&gGTGH)i7d0Tl8yw2@H5XpycPcEZ2 z%kJwwm8+J`@7f3`7Fh~^wG7xz|DG0pxxg%F)}% z=p?9EK`_vj2P63n5u;Kewm4&hFWU%Y&ICr=2w(89Aud5TZ~6Q%4!Z={SiB4n)QlO6 zdaJw=^JRDSRSmEav>2MgWr&dXsYwZm%^RhA4z64-etKgXcb_A3r#(53X`uKkFmJVM z-#bfuj3Rr!jmb7PamP0A*GUi*t(qjR60;G1+tfW*dl!im(P9icH?7*QW8C;xdh#KiTJf^gKsN|$-;7?hyBg8>qP38PNsuz zz^to}8J>AfmdISZiu>XuTIspSaF?rsRhe7#&!d5;yIy`gJUp$x!PxMnXSP;g0b*BtYKLp0ul zkn?oDqfq0kZ7$(EBCB;ngner`7&&eb*=x{&Mk;;Gw#}NV7V9B0nm*FeWW1{LgqLv- zoRe+6uEMeI-}Ka2h8_N;OU=H1%6<=Tr=JzEcv-jgOG-vyjOg|&_{&v!*C>+%N2EJR zP2lDex!CMLKMs`L;T`&wkry7}UK$e&y(?1=VDhAS~_+aJbUN;EjT}cTbFXY{kr+^941Wp}*+!Op$$;NW!7{+?91X|Bk|YhHVe-6V0q+5`^ZDy+Sk% zpH2pTbFknr04v};qup7nQmP+Nzq%{n5+KkUsF>Nce{04kJ^S^Mz12(^3!Q+vCn7w*ESCK zstJyOXZV)X}8 zBes|h=y)boiVu;@U4oVHi(dI}>K#T*V)$`!wP2Z%F+Yh}eCvYwp2*!R94!1e5`pdJ zz3Ry#r&kmF4FLm^&TDyEs^v#~PdgYIuYjk7SclGJn1Z+R)s(LPE~!Ore{bHRT5lb(HhL>6B6F zOfma4=(y*w6okbF(YeA{VUABVl(QY$<8Krr@FK-F+N=dxF)mY@^~&4|>sYW&h5_q; z?SZ0(Sp$WNmsmN;qvHThNP@d`Go%Pns|Oc)C>wUbHYUY>urWWLoNA$th*5YM@J@?mNSxPE#0>(=WLh;-&Jc&CDLqk1sBbSD_bxRCC4EHuLW&xo10WW!~ z+FgedYi@}(9`4tJj4@xVwB*t1 z(-3j4K37mkpOCH)4q)Qx$v{q1lg_xHQsuXSeGxTRJ!1m*%UpWdwVr^7@te)Wt`h|QJ? z9bhR|dG`V)amU+)r`M;SEma8Nrxoft>ZdrfoF}$?sGZ6;;yV0GN|bqEl)L!{m$d8i z3QP3xmzF(*;&UGaWfRWZ!=T zjP193iWQfv-}-6ew?D*hWid)O{20BkTzkGV=Bs@;_#IJZx3)2f@LXDFMn}g}8L4u_ww2x6Pl)+=$jH)+^ttRVCQ_aia(LrCw4T4ph zu-ep5n#2W#$G3`k?dsU-+<9jd4w0kf0xBuuF^l$eOa^vmCOy^T8gq|*wzcCv>o5&W zatj4%F6#p&ik>et=-YI?ph2hgCv{(|M_Mq7n5o73S_c{TWfKM#8B)+y)w%2lV+<)-{{1Xt;d6}+MGn;7JN(|C zyFHoA`bqScb!P7BbBUVkWXDpK|CEQIZ1(_6X>3X zy;vpq3togLO}G);LrT&XU)PJmd&IHT>k!wP_#LhHw$ke9$MefLP@WFrie}7*mpV5*`+)t$sY8+QL;^{t8-nbu!FNX^)%fg?4c4<0TV~b&k~># z1N~Upcum7E5Ne>G+ltk_X!3ETJz2Rv4TA`%8D~jLim^p$?Y-w_(dRDE=vD zRz&_3QraXDbmIO@(Fn&DIK~5%nmJMRUXR@t?(d1#N1U5fL=rxNIe^k-GY4M|`py9d z>%V!QtN@h!zh(B?8ojS-m>pB&7dxsyp+xv4*a9jxUMLCuQwN{9PcCdi$Q|_-iV+KC z4RIe}SS1u4+Ch5mm4kbgvy1Z@ZRygl$&RE7bEw&mNBIf(=ICtS zM&&Z9$a{ENMt&i2=;bDzj}7ZhNg6!JP0r`V#pvWJ8SxE4Rr1U()_4`w zG4B+#Rhk{O@^EWjJa>mtq{b6zsDDRXP%3uytKm4+BJc~j#%_d-Jrv+OUe%Ly3G zcaR2#)l-U}#TX^+c$%aYrQ|&_=3u73#1n?Cli(R@toFe2l0Ep4?4WcZHP79PGJHPd zJ_*z7|BMV$F@z+86f1=PBT|ZrrWB%ST&NQnP&{vWvnqX3dt`c>e8p!hjF%tDsb^02 zv;P_+7J|*Ocobv6!Ji(HC&hp0s^)dB#tQMZZf~7>X0jhIZyUWKaYgH}@(Jo?+xN>s z5~W9RQGVRJD1{%ko56IO@gPl=$U9>|9Z_Sa1U&LV@k;(I%(qwsEHpfHe&T0mYO;u; z3?Wh*!#$5$>s0rF>}Y2x(?ge6Sg(m1K`%l@9~au#{F|ctKMEu{W=`QRA?ONCn5{G| zYxVq4ZN(jq@1_^o2aEhoIPAps4rt;;>Y5Otc4wEY-ybNAoC1jFVvOxZN6pg#x7-6- zW~>u(__`F!v=8=~eAo`Ze{qD9wOLM#lOo4>312ZncxI|>MH2=3)oUhH$Fw80mOPm5 zz=c^EJdDv>3qA|e!?k?*NL>Ym568#HMK)B!_RmB3yK(^`F`|N} zxG9Pj4avZ+*)1-O>X{lVnjeb32QQ&oMh=;hOR zxV->6PoVW1#jhMIdl}ZS%8c);zl#e2b>k~(_69!Xx=*K=Bd0uJA!wiVu8U@?_#P6$ zpfEqB*yrUSS}#Z-$9p<&DkJW-ow!Q~PFNnUa{MYg^ZJ^<+el5pxwT>o%_yhb6eQF7 zw3Ua@SzE6Nyqiu*EWYf{%Bw`YP@LHM=>RE}u0)x3`7qt&kPkv6gumi|`P6k?%K=-$ zWP5)3W9PUN0fOEB+nd_+aqt3MLu>P=wW-Dl(m$u*%w0jKH7@8^kq&hVNc+<-tgs`T z^@j+kbycgZ5O}a(;E~~THe5yFOsdCOT5FgGoqk~su{*6$ZM5{clFL^UT6%#$u06;H zeetG;n!}l*w`R@Ro40(i@@|`2`qM{i{!KrP-Su~87?47Ls75E!6SKr=6h6fT_ogIO z_L{+KY=%4ngW(UXIQlyjm8O`4^xe+3_Uk=Gf@qiDP|Ia9EBEf#o0=rNP#v||(`X!L zxw;5pFR*#PTHHZtPiyD>deC^iYK%fVxExE3kEq;O@Rxi%Vn2*lla(@*6r=h9G$6gP z>75PJJF-v)4T%dEA&UPrkLi+&^nG=Iq#`X_3^2^EQ`$cCc2}mx3A*d&&lRzS3-x%j zs!kY&1}ke!oJi;R#;M7d>WVITU#|6@Mn2Tkv&W0oLz9EO3#Ac%IrRDga+q0zlKzME zl#a_T~?5PFWd!Yx}pZy_nE0D(tW)Tc82s(s?)CyFNFx(Z%`uPm+j%ocTpA}cz>=CN9{d#vNn zJMXO@KT`B*jx4`F`hiEcM6GOjzKqX)^7S5`el6>vCV%gsCrZaNfRVAmyx?|o5d-V2 zh;c=+2Wx&gyUY=4D+sHRPzKp1Df|4G!5dyP<{0Cp@j_kE6RC%F8=WMwFbiEXZfM=p zYe~H5TIrK(>UwycUO$c{(anhwlh_f#Q$i(5_HX;=cRwRZjR2^*F%=>CMFA}8-+c+&vgbRpwwW9`KrwW`M0Xs{#{j8EIt1Ur5qE5m1LSH z@*9b3T82sfX6+Yz5mnLjJkW1=4~cwer$T2=Q3KOBSq@GtK9W^^W<@`;J@CoQ!Ri|` zC_tl(!KXntAv8rsX`>dnHy+Ma@ay94b2GVW{>&#&WM8=4i`_ga7p<)5_lqf{<`>qh zb3Gq5+tc8}Ze8#F6bld|&e38Ln?Jp>{|zX+y@1M0qvl49qm)o*&l=0VG=3K3GP%qe zZRprEM%&fb$2eQ(P?D}d#wQ+8Ottc28;=iIAHGfwt}a!fb@>6sC&5>yxKoC2WjB&; zKGavdI9-5NZgzp6^*-)Hss6gzK&GB?=0h1bnP+pv%?U*0Q5YR2@i9~VApj^^nMSI~ z@jKbQ%2kwVhTcS1PZ#*`q-KL-Rrry;XP=4IOyoUZ#HXA--t8mFxQ+M$1q|)nLza%a zysman<=X1JS8e4Vujq!tu{Iz%ZrOjg4*Bg!* z4{2&v(X6UaQT_6;IW4$XqpVYQ8K7g@Fln5lf>*tc7*PziDFZGIT67b<5dmEprv9T_3!@Sf z#EhWb=Wzto$@*nI*QN4bWiYCpQ0OtdhT63Ec6^Q z@1>@ZDUmqamnN6-J(8N><(6!J?;marbZKf1TkwQ3k@Y%+$HoK`PWFigazf&5Hs91} zS_(1NcA(C)di_d&JRD^0nGW>+94|%I^Q(OOqE_Lzkn9O2{5)E1wdB*Dql|6Ih4?`AS3;51aEbTab9(y^+l zF;MIfaemx$d8FZh_gu-K=?BVM?I5Z02780lBUn@3EKhN>DyFjj@(90X*dUeQ%*Ls; z_8I6r(<6)6R1%Nl%lAE%DRkStLmSpsY=wHUxkW7o>xStkieVR@r!=V2GihbwJpaMFGzbAmIj0=4&a9H(SOkv|FnzPHJ>9$4=zb(NBD!cv&=VI)}|DL9qi)#fn_z z4BqVkjw&5RfRzVSPN)vL+{0t@tQ43bhHP^MJ9$}b)H8EC7yIa4vFNnzQ()AZ z4IQ6;GXKb$8qjVR8mzle&*)_wkY-|xQV^jh>hFejOg&xQ`5}vh7&TE@ug2b0qimpJ2|W`A;G=Dw%`DUZ)J8S905?r_;WYk=H zt|V{R+@c6*S(t%8KY=jAA1{pNiv;use^gm7V`q2MxdFt>$7zb`p{K| z{_=O{qq&bqni|9xiP`7KeY^Xtr^2P-yrKcAV@*KkhVRD`yPOXmPB&^W>{M4@J|mD3 zsBd3Yf3L({2-{2gt(PZyphW@n($bPZrvu4vq$cmcYrvoa7Hs8Wq-Zs9IGv?@lx8Rc zdEHd&JA1HHDoZw|_&|(vQcu9+92d^SXym#VCzdezsBdXMJNmPp@waKwGsG53CK*;1 z+RbL<9V~g{Rzb`L6}5%Ub$iD11ekvw!cVM%2rIHb`%ZP`yF7p}ukQ1s-!=QTLgU)C z-&)EaFEna5KqMAHt<`@?J`kHW!o1bX?t8Q}uJ;Q} zrlOkI-u9tEk;Z3t73h8TO$#h26Dy&0s1%NKX9#-1?&@qsGTz~XK88`MjQy5Y0*gc% z@3%AN5clt?mbRPu_pVx7!hh@P2^O65q2iwCg(P!{3e(t4S(2!8Z+Gc#4R*3a(DCG( z#3k#eY2s96V&vKBZjDa6xEwjLF|7E_bg0}-rjnd=Cx@%&RkvK$=?+9F3Gjk(r(T27 z*^rgexwfM|WtJ%Ga{>FCB06J41?Z$QDBE4Y z4DT$f(nM3I1i#KRj%NW)8jNxShW6~E^A_0jh>IFV`Fde#+HuOezi+Ubz+tNQgb)N3 z{^dP^r6|9eA2c$jWUvFWja(2B8Em0$5v<&GOY&1)D$TX!k)#99`YIlELH{7Jg(1bRWkGDC?}G{F`aJk`R`0UgOk}!)o3iqQy*O392&t5mo+dIVl4& zG0~N#S4db3jthLHHfpH#>xEU-A^ftX2@SSmp(i!+t_)ttU!-He({yr~cMbAcS-Fiyz-?oj|~OJmh%dHn5P3)N{pK+TD) z#x4=^o6uBpn!`d}N8CaYZIU@Ss1J5GqCOsL4(t=LN&f$&&&357>N$x^NR+VKc_r4S zhUFdH1?;)~(`-`Pe&wdu5?W!2)dw%?gPRweSgqQ}GN~Qs{Vyfazen&rCxg1e0EujG z-Skr37S`_^sxp>WE>-NnyAp`twLt8>4+H8{-I_B_p-H7ACCAJBJ$0tmBJgr#0k zAG!?DI*yEX0&ioNV{N?loT%)M7rP+MkH*H_p7Gn3RQMD;pKdl$Ghr(U@>#p`dpk1? z`PwaG=suC5MH2whwsg_vK*`(%h!#Q4-j=zEj2G*Y;CmhsF%WM*(Cv(_y>rJwzqn66 zx5o_5+Mk_w50g-GAR5A7Qw;n!3G?5LC&#cGRy*{C1qTNOjWu?!Bi_QVwY{P2CVJOV zG5xsIG35}ieH z5frfD3=kEA+L8=A=Z~WxSo%Jb+s<#8Q21M3A^Afv!vYrp3 zQzRKyE}axwVIW;@)fihcR#da#YO#3pn=S5ZNkD1c4qJZeItL=srR9V3Aak?R=h#!h zmt7#eY3VJ8fftI(3|~(pZM;cCx(E234<^e5f>Bd=c~x`Hqm9n4>dp&&oWrWp4G@e* zq^@mNYND)p`tkbWWKOX+x=tSP0ovn6jn-VT!*9*Leno!}Et$tQ&Xs&$VOehH4~2_Z0&?f#U}>z8eTwb02PNTmT6yF z_{nPQny*S%t4;mxh~`ffx>A!C?@JYo%R(FOp+D=Ymn$|2DGnF7+z+bUj^UM3{_1ki zcJAnr^Jp015zde@=h+8g$$G28b#Pkst<2;LJI`m_hb~d31iKL49wB2b!?|!X^Z8wf z)P2Ae9eq0UcoyU`1^uF3nmemj$CCeXS>y)?@!ffEQ*%i9o7leoO3mx*L0dV+3Auz` zKg}-f`6n(s()^>E(p&SEPmylCwCBJ30OF(PgB?4YW(1puo zbqDQKK?87oDX7(L*>~9UtdBA*Ny_uZ7B-eS9D%m_RQ2Xq2f8N|MP(1;3?NN{dbT8A z^^b<0f<(fz_BHu8BD&#qw`gtbuW~ts3OYC3VBSNL?Vg8+xddzCfA~R3h%|){cyz_j_7RhRK_t+<@fW}S8K6{4P0Q>{q#0bVoKK}?JN0bs8C7QMM9D1^IP74n|8!;b$FnSPgVh_Xo zuz{G4*V6v2lKy(Z>LNpU{5?bQam~$nhbj4Wk;IU`B<6rgm8Y|KS4BS`=SOp_K!k@m z=N1Ed{uLdb5umXm^Pt?b3^R{H*vJ_!$~}nuowY&69T-^u3D8G~;LY>HqN{%WVdJl3 zz8w8?#VjC>+o+#il3zM1K?^2+4P<1_~oc< zCk9itJ|4AS5$TB)N)IKi%k>pL(fmxF)kSls@r+`v_Y1UugU_3akST>r05Kd+gR3OT3lJ#vxrJ%9(ar z9@rmr8K!hJ6<^tNbtZvFQdcL4paU!*(yHyavpgTND-u67CHfEmajgS zk{^i*n0|GDEu~`f6It!S&J;str#+3j!Q|*0B|$nc&+xeu!DYyV}5|N+H#J2!4qZH79|eou1I5)Y@3Q9&lP(k9+xkIDKefE@Nmo zQz@@q5!+654ZExn;1yjLBndaHHt7(bbj(==G(FystVic;|KM?L!1Fc!+WrGSHZW;P zJ|^WRy`&aslo5Jb(y~u_3az-7PHlCbd$kX zL#`-~cxBl!os*!F*bR;%Gx&Bi8;6Ebvk7{rbEau3{vklvQ5pO7)Oh}_iR!7{9oVED z9&V~1Kgo-4GOptvt>Nk1?F+3Ees3C%Qxqc!2bc?PVQc-<4n8He4Tv5m7fClKrC;Ob&N|2W86xLWESfIk`GI>QipRa`=A|E#j2lZx+LV$G@e8QO zk-A!uhxqONjgO0luf1R>b}@BeUuerEaVX^}L04_!J^P4Ae*f0e!N`kSmVjBFc{<%M zLPzub?Ex$WKREgK_vV=f8fL!!T9Y5Coi)2D5(du43l$6-Zt;9DPP zkf94t4B;>O{75|vJc&WSP<6a`Cd?FLh=h2B-j2OzFi_w7Bd@u&jtSE2@JTv>zcpD> zsgo%Hc>-!_>1bpHsURVeAEQ+UW$)0rlt!fyy4oIRI=4ELgk*b%+?764^8ogHL+@4I{Z@c5n*0toI#h+SM>I2ONFHo;23m!-* z^|<*Oz|#VG8E9#2!<50kdqw78@5}PoQ;TfnNLQG7S7q4V@x^bhc-_ z?dAUT@*w5DbX&Kv64L7miFn%fC+aaGF822FR42AViA!pZ7eEv-7qjd(LQc6nvw-&> z@@Icz4Md*Z=(YHu=Xr~0X(AvC7W_H?iSDJEd53t&9P-MFPR^wrf!1Q5H zNdlmy;$DZ8B?DY0RIV6&gwXrkDQv9eV#&9aUe->z2X*GbXn{p1W#{&8Z2@?)_R@yp z%jN;|ZG3m*US*)lOs`nI^OLJhRg8`9O9c3bcW4Hv(ZwRcuIlB3L~#(}%j*NyuKHNQ zrn&^F^X9@2Yf^qIhR!Of?7jByVeeO*A1e6LU#46a`2a&?Ne7(^cWdY=HyLYR5B7_BBKOqB30-mWsZ3qByy-yX%k)3L8(x2=_1`u`<5)XRk**6_EV+2_y z#nsKGv=6KJ+9$q6WtqD^o1(3)-M2+7TFQb_Z6jG`@v7(363o|n9=g>}fmJ_iEhK+t zC-*9}GxsvE_LR7l_TF^%O?H6~?)~61Kr$U0lAZQ+UX?!Db4;G=>s?xrY^PXXjc^ME z-4aKqJWhGTy^FN85%lhvo@R5@z?U^qU6x6UN=tNV@qkCr&l1bJ>&^Q4HuGuyMH=Yk zjj{asaXIr-)?TB`{qT;}?V~G+QdUh%7;$ut%?+``+4r=yt+o2s{_+>6PH0J!FH%&k zpIThj`|X(U#7)tWg#`w)dMmQ|&M;>9wsy>+smrq9^dT;=q4c%0^Og5)Yvm*2sN_i8 z()!Zk@<+g04t0*e82d`Mg2T7=Q}Js?8=RbAbwk3bM8xye5=RCAbENA+|dBwG2YTMA6@fGW(171}{=sE*>)eFgkHSJ*(2Iy3r6#KLp4dWWmI%c4oZ$;@Juov|T3L7ACyYmA4;#EMb`c z!bJbRlWk)0(MRGZZQbxkMQlYge-g5FM`~SjLV%+%&gR<^x~ZKNF(3TRuR6~ab^bn4 zujDRR%?_6)-R`9=j^q>a^z$1iHSU@^P z?;8)0rw0$Sc0Chr674*cr4;L^fP1V2*w~8{cDA-Gtx)OCKQaPbtg-?AJ}vLw;#!{f z9hUB=Ta_gS@)rd;NmBRY<9i*nQSQW5DcV(PwJQ6)`>~DA4nK{rZAqjycBS?9w>Ac~ z#&$TtO{*YiE5LW>hv&8q^B%@}zKX(heXU9!pg7#6 zK6g*q#;u_YIC4p_=GF38H8fBfD-qdMMU#lSWuWx3tdVX9XH}q0c^S&Lq#qMet)TqU z9fSqeK!$QlK!p=0c^hF=BbaFe2{G2IDsxf~-FL5DVwqYhdaHysvJPtC@Yq1S+&wuQ zBWT;Yy1qZs^R8TKYBW)iJszg|1O_T8t!?2zSH9K8YNj2R0m^f@Dbk<^J@}87#tKgYR!pci5h&_m=qHt1P&~<)WO%iMg0WCi}@L_jMV^ zC!3~7T&q$KbIP^MPlhf`X|6_cPw~U+7kPXd-*6tQ)5&Q>x5=oV4?zt90BbAU2dmvW z^_5by`B9q2SyNmkfZf(nVgO7$mn+WHIv_||w1B2&sU8OR5ar2vwyy2$94_uKh4`T; z&o@50(Vj;7hS@kQ)N5r_Me<}j%u3w!S&Oba5?z;G$V&g^P?ymJe546H7?DcH%DD3n zsNbqyFVU)&t}c0)))Q%c6!%#=s>ax`NfT7=RPPk$rXwTzrAT-E&<_0d2t?sv@?OV` zHxVyU{%ABIif?F7o;+*cFe+?#PMo>lL2HmPwd`gPZQtWBT7<^5t|hYRFsLa z!c-uYT7*65LJ~nW`TBg7^^W(E(dV$i)n<|5t^D)O!@J-gf%lnl{U)8-y^kDq7RvHx zg-(+q$X+E*Cp_UJON}Td@1(L~CpoSNf3OI~q|nVUyz`)0p3ebJJ^|mC%wD?2E_3H6 z1ic^)Ryf?zJIvd#J-A1xy;j{W*~}V{>!*?#H-Pm=9|2+~?Bsdo#MwG0 zJsG&@BVXyeH!yJS>E!S1k9Jd!55@n7y!Q-iYTNpFRkorivfUDqzSWHg2uKOlfQpEK z5PGO#D^fxgLXQC(pj7D)O6VgC|KD&e_6Kge!YMpsjWEIxlF+T7G2+7e}CU&2$EPF*Z)_>;d~bS{yRh-;PACph}{F1z0C_;>q)*hANcr2 z$6nT2V_xBs`8>KjEcVEPqAp`CSB%wlZdbpbj~34L99B*d`WC6cRM+?neta!vws&pi z#Jrzcn8cScPOq>D<9l0_1rDI+)3gJslWN>9kJUyqB^z>LjoG%IrDT0!!Mj_}Ph^|e zcCpdw?bWt(W*-Psq~94tJ~ypXk*K@$1VPZvq*X5)OC|SkZ?;@Txr}d@2YswChfR!t+CK z$>TQMXPKaw_EGR;ab_HRlNl&nx`s1+-3D90Bj*>Fn;2`DGyM-rOlPlIn9nSEB__|) zalblbEnhr~b(mb+Idd|b$2)=uc)s?FfhZus9$Wvu3Y2Xa!d|W|)V<__J*JHH-fvAC ze|nR4iNSr17Ju+*rL6A1&VKBB-c^+-25rg7<7nve&^eQ5@8Kp}?<+_dGts&1eanuj_lI`I88nzO*r~e_c~b0cQ+W{`r-=$#YFurA6u{0d{zv4lqO)m z@o`i|I`f0|GI!jKqjq1%L7v{F)CW>u#$o$ZCBxTIu< zfQk2|#hZaWD%>j+y^t*-y(1;--f@SdwCh2&r;Wd)Eu&Ox)ZRE{RmEPHT-Awa!mX9I z7ytSbDDXc%Ir6#xTaq{?1N%Q5fjfkI|3?rSJn`{=zz6c4k6 zY$@x~|HV7}zk9HfNlDDVFRVp(%ZgKvzBXVnYSK5WS`S#(deb z4L4j zRM+oDckbv<__*=0(JWuGBlTNXCmOMjBhCw#Upe-j@&o>#>-=jpZ^r$KlM6GShi^GT z^vJ;F(y?bB({QQ_ZgIN;Pn$3O=U%X{uB4&tQS0be0PDjm{f{3#2DV~7H<-+t#bd{w z9kK7L$LOmj44Xa+vD3K@MjV^@>kh*@sNuDWN=h$%rd3_kbt!S|4=-8tnPi+ zun>dLJ{K(gpRcgbWCS!%|6U$c>VA=J4frc;A(-w>{9o6CDtq+5X6B11$L-Y#3l1Z~ zh5ue6vR!)rUrgiiDSy%aiKv9ZBkcXbw4E#g!x%{IF6ZW4*=Mz9ik;B^PJ|yjW^Vq| zZklV!b|m+RON=#5<<^93Z9d<|Y~D|m^4ok`GdYst6b2*xDgCdJ!Tx(EOf|8Bp79%y zNkBIEZ3I~4%0d{3T~6Y*T?6q?UGmb8?E5ikmEZ~cF8h}GsC~s5FI{VsqH(r0joaDx z=I(nZVtfvuWh9YOc%(DCC{kx_m~g^Uhl*>fdR~XCQRWqA=Em#47}~Q#3L-Q z^cs;d3O5R2zdn5`*1g_7=oa-jupt&y1RHiEQIai<(4Mo02P>t=$|4!-YHy;v*iUfi z1KV{s^y{%_o;&{%50aAk{SV_r?7a1)$Rml77rwJm{pUCO->0OGo7z_SxwEbiFYaQp zw|KLC`s*E$!~hndp||+Y>nDyGY4FkUzcQjO*@X12$b#K;i{K`SmzwuN1_-X-g@6Ta ztv0MdP${|cI+Orp`rC8!GpH|3$W zhN^BF!lnTAWz8n&21A1tV>1o-6ta6YOY|d_1N-=&633vz&i?*5v11YA!7ftLAMqIa zVJobjjAeS!hyA!|OBv$U%a=mE1~GQk$Gl#5x-K8pG!OkqmW{LQU%j!>xis3*7Z0LU z&#grf=4QpLkGi`zN1Y$o5Djf=+HPpj1i}uADrK_lZA=L?yj@#M2p3({^#CCv1jWK; zp@TCZ_L6y=d!zI*I3PgHT#j9JIem3DEwsv3>MDJ<*)zZ9IT7;hyw|SXqBwetxdE8_ zTl?7k#m}@>@cByVqWuuFcJu4mv(@XN%^g;|3DB5Fy#%|MS^IYAu{-Hzo3vjgBL>VC z?a#3db%gNbWqS_+N| zM*S8NmQC+9%0J;MSsiP}3LTB?Oo`1R4@IUq?0M1Es8ciYi(Eb~`&IY-?2y({!ej}g z^}t|>($>}{eQWC>#@ZE~m~YCjsweL`+oGeeMXpg4#u=O1aWt8K6pi4xL-3x~JgYlg zB*rqHa%|t!%Uf?S%1;rY2ZkNZC6>0Z0`=O7#KGeFRKi>(?tEGIs{6^Qz_7_C4M>D( zmEu}^B5JGk0{y_NsG+v;-WFC&Dp8@$ZBSRZyQ@#4@$kc1T8fa|>lWZZWeE4l0k~V+ zSxb|YN}QGI*yiUm(v%=GPXD94eSardvE8GZf-PSwVQ!v^e6^tM)cjz-AoKD^{`5(Q zZE~Djg{wPv)OBslI|(%FNtiQB>4R0gBtH9~RR7w<;Fyl7^3fCXT#$3@ed*BUGX|L# zOP54VlUJc9)x`CebrJ!!AY*cgOvfMM=9sA%GaurwF_)(xA=+fmh~FTjzMXb-KLwnh z9H?SMjd@-VQd@II$=c~9Ukb|r<_o0OjaTKz}kvO9tN3n$u%4MaMqQ@y!nNj|9Ol5+L$Bw8>H{H8Pv&f6pi=U`pVP3Wt6AI2<;dMzgR!!*mRn% zn(js*usR1a(f9#YL}Ku@t!l%kj^l0|cYp!U@)x@7%0|v1g#I~bN}d|h4SPAxIN?$* z-4-bcrO+S;^LRICh2ZDVe4GdlH*F!;WD9DX%V}#ti=u=lKZEztu7y7yw3>Hfu%}w; z4HZ~3#XQ)~PXe{;aV*z3WcnJ{x@mz(?WaO9!cQ^?@wSoS0{iTbZW4)`S;TvQc<mi4= zZRx3sYI~3-XuMnBz(;=TuT3OXJ|?lo2P z#N=W(^d`&3P zg5~1>N^vF3n>yZ5Nv+fTjotTds-ZYMhAKhZwn$p_txgF=-2_rg-^zrU;?K8sp>xI7 z&(DtRNzK$NZ+$9h=7O!--TK{4XuD1Nv*O$`TQPYD!bV1oUv@N?K7W4gy8YrGyX^Xz zTeH84g$R_^m0kMfl+g?R=%4r>0cFo7HOg~5Xt1;(sHCY&v=h@O4_t}3I2P~ypx(;4 ze7W8^^DwjPWBWQm+=Vz5_85_3GY=; zAdoIJ_VDvzMv|ZqT*J)1 zd`#EI^J6lR(U#I8{pJDZ0w3XSPL;fQqd4z4Dh$)x3C2!l$Ug#kiI%f7RCQBf1CMeK z)jHaDWSiDJT%Uql>l@eA6sD7~X>+dtpJ{$S`VrCvon503-1io7lXg&+@^Ms_iT)6N0ZW>a>}~b-d{rXjFe-*~MehbEP&Qt-;S{d=d3Aa>-dpOeaZ6 z2QmkCKgO4UxWx=O+#fg1`Wcg@hFxspoM3w&6Ze*%rnp{i8ChJIQ?aRmmr!h_6m0@` zyxRE>HI5+cNAmZ_>`6q6-mtz!R>hdW)S;xCbvn?!j1TQvz$dG$eFl9BZz194+$& z<9GdtW@wIcc6uq`9l&Tpj9s{3bx?k^*;c%ljk%evJSeY%=pC%qijJ7|v*=FF^cC~6 z%j3V;<}&v+-a?Qur%18`x@`yFrcq`q;s{=dxyvBApzurXdWs>6yw^Zb+M+@KMTZr? zHp78vp8TkZh?zo3SN$rva~8D~6%A!F%VSN~A1plfq#)n!DZve;1&8G>m)0}Q$qoy3 z%x)J(*R|QC2CAyt7#w2~)4upNkHySvid>_q zVcb`a1U62K@O1Dt_nJV?11R%(285v`u(_hMH(J z)iV=a`7=G9r85N0IAc>-)$+sj6(3bCZgQVDwM63Cbu0?0d>3t{A6QgbfYBwe(4R$6 z30_+Em~ZjrY2ZcInWV5tsRN376I;RPGM{7KFU;N`+Y}pGG$aH_58rfvK04DqT%I(@ zCRY{A*tXNmERHV9vmeny^zcsVC09mVsa`6h21znd%Pd(Ut!v+_xz123K6Fe;Sp(&% zZN<#f1lu<^FNlRy-nm%JmPmrwv~9gONM?|9)Kqwh>9nj)LHmuioiMEpQ_EqCp@J$* zVnBHlJ%Tc3fj|*R+A6#Xp{Psl`sOJF9xET)Bs7#=W!ii0;y%V^`x7vboBK7O@5|+* z%f)rC%qhpseBL<88liX!vNE^^G!Zu`dU$e2nQK147Nfgwm}YiguFUZnGd5+2aF(|o_iUHir@h)~)L7(vC{=Ds`kh-)^hzjWNz@i+ z70QpZLi5^7E1|WF;YAV~cTxlbL~@t$i!KZH&ek5}m1TjUp+N0JRlTzs?`l&6O0TtK zaJo{WRZ*Jb^-b_Bb`YneA#Xo88&y7=P`DIYk&@qkns^JrR-$qs7tH5 zsZ>shCzP&(aWsrF+~pm4dSg>k6ep$t(Fd{9-z&;loh_a#onL>o(ie>$*jVx@Ft|9A z>~c<^*2R32vz6VnUEzkn(^J}=VwPGf4#09OXnvb{lukd+Lpb6oAKC~E)xHfAvS(QG zd-x&{lVO{5C+$N1&o!Vy((Kfu5H2pImQR<9cV{Qs#tlQ-B(Vi?59MbFK>9j?RHhYKm*{-`IA<|0iV;T-jq!xakR!_jSI>65t8&ZMgzO<_eE%5P*zr60k{|A1tK2WnJBaxF$RN z3~e2}S=6}|w~re-a>fmRyX!aj$6|HL%6ENUz^CnC?#m$Pgjb0}<|2YHv$eZ-vtDT0 zN<6pI5MJMdA>ep(;cQ7Uf>z)XVo zl;f_q+`jkNAi7^&+-{wP!n||PKhqP^XxmBZJYxB$UDu@O#!R63{RE`k=YFLn9K>R2 zfO)8PwJtbDWYF|(3>PSwx+66caK&PHT`SMLudzg>)sd%iwHx|BkZyQySS)+~v)6ir^piwF*78vo0}9GY7{-w~?d$ne1w!TFO+* z5~#3f1Ytfr&ffv*HrXzcoRgcitZq(&v2JRIUT_q0WNTTyr6cqoUJK>-Gf*?7*KfV( z2=7@bq>D!M&42BvDQmX|JjKJ4;Md2wx=;WoyMB^W!%ZpuZaWAV?pbFGs_?imFTjXS z$%4tCF}OZM%g%qNI(dEdbfmtupXOJe>V1z0hmC!TQS1Bt;Y)0czhBW4NJ~*W=jDFo zz!F^gPZ}H2Zw(FYZwS>tzM%Giu@{to3Cv#Hufigd zPvG>=wKny_7&bzk4w zT6Od{sb(~Cm8&9dnS?gGy$}h7V`t`Xqd7Q;NmW7dMIed}4^b31lRwlVu*iG}l2_J) z4Kbv(T2cxtz(H&Mfz3EX1130DE?cX&rNsN}BIEbJR4@S*&>Z3H*M{aJtj#za`QcWR zAK1ogu(2t3td?l;IpXL6D~-3rTU(D8-CH@Q6};wkhN|I!9$ZaNEdglqa(_ZikDg3? zrHF7j%k6?lJ|Tm{1bg6mc7pp5_QGZe`}M5E?352wo}T+0Frs=rt(Kl~_7GR*r8E01yfzPNU-M#NC& zx{A%gVXIec0)M?b#UbtI(oRayK5Xms`p(>WCFu8?Ekee<*S@DK2+=TYVLpv~+KIQq ztl~au`}*RC)_~zLp9bi)WZmq6b$^W$vE@Ey+b5qHr+@r9lcdO#JT*3Ou}w6@ISDCg zI$Dg+ltz2o&wR3{0D=t1B zR(@-*K(4CtQ5V(G_L0czo4c%Ovf^pQuc`5Oz|VyE0eZfUj&JMl;$m&Q4JEcp@QV;! z4IVBhWLeg(BW?6)@B-?f_Y$&l=9;vXdo|zzEB_32Cad6U>6(k_%Z{@2G3M}bRLykt z7`qwmmVL-7`#s>q!tQeXmC8R1+vLjn3(&T} zz14htqi6ZVb)$;FeMcc@x3s7Ck-tBL#s(6%SKM1K9evI5_5!IoC)cb|^1v&8<;cwK zoM`M|jYONqC7Fu-e(M<4=W`BI#LWHWnpN=(rpsaG1y_qsXw7A(AN~g;+T@;?P2bo)1-RdJg>kMsaqfPF{=S|C=F0XS zCm)lXEV6+d)z{&a36^1I7v{cAXKaTUx=S&{t90j<-$IH6s$sA1^yid!*L34$&kxZL z*)M|(eFDrrVPmSX!_4~Ad2EKJ`A>L31_h2h})#s|wpd;_nU!b#uC zMri?>WaC+$=oYb>2QoutAk9?O+Zk1hrqXegil@!szZJbq9d5t;!{e(79PNG`qr@K} zsue&B07k$yls-RH5Q%@tGY`nQF~DVOsG&t$ARCpBEiDgcL+(1dn3avPwo1LBX^KTMW{=BN{H31lj937Q-PZ)P8*WEzFTL6 zi*kq9ZH6XKg!Qt~jMKax3bg?v2YLH27vIi&0bcjGK%X0ZT$7&ge=-c7y40JXlE?5- zAV?$;NQUOTCu@0{tZr7-I(t?@Zu9h+(BY%{Ws57xqku`LhR@H6o`m@P@mxi#QwS=s z+3`H4zSVHE(e`4IILilJnXZe%UoHFdq~&-`TnogDQ9s_WvdDJSI-9r`4DxWdU>{mi zinYDMpk8sdzZtrjR%=-ZEiJ)>{X-OO&qdUPW|lSY!w1s2)NE# zw5B|lzTdy~S9=7z%!RG9{XvW3tw-@6GFlOK4ZqZX!n3Uh*I46)h4@Q>=etq4qhBFF zc4xuKonLcD&z7=h66?clZG z0i5mZBKsvya%pR#+??&c=XM*Co^DlzuX6S82z=S8H0xd8_GGk!bQ>)jm_DY2j2t?A z8VBtVstiUh9W$^o?sIgpl~4ZgBwR-V(1b!>am3Vu`%?u?1rYt0E)ZqL+1q5vt`@H60cPI?WSAGuZ^0x5^XjKO)oz6 z)Yf^%fkx$U3>V$iKaUrkS{pOi7PjEm)!_E!*gjWX*r03CcyQS0wbnCzJqWc+j3eJ` zerr?XRBY7Yq(DkVy!BXaOTp9HJTZP7z^-@E91@)^GEsD}7E!FdoLp&2AeC3B(>*{F zg+_NSnAILD|}3GLyfTQhY?vtB!@@4 z=i)rea_MdKrrFAb6@KB##1cf&5oBVv3h>MvgdEu}^WkhTu2O^43>hih7W^~%U`
  • o}Tu9jqJcKeoe z`eei5{1fQWGLNjMFGkO1qEN!eRuiP?81H|nF3G}53^rQAMmKsE_=`O32N+~}xzxBA zK_vEvTt_$C2jE=ojc-vJT+Iv_f|qr0;1B?1-cP0mEXHhLYwR(94|JLLe@Ou+8wxBc z+Som)rFEq%3;sL_U)mq!1b$avhtD*axDG< z763}oUEWCM)K9R(UP~chbMU2>wx-rMvf0>6OAnj+hwz2wBIhu3}?ayAV(cIX5Xyjtyzcb`bO&5tmw!Xr&?vNy8!=G`H&|pI9P7NOLsVUn-F`tjhD{Jj^T$m>?{-QAr5l$?np545sDd#nRY;un= z0;PzPxOdrWA<00>?W!<98Zgz(XzgB#{f44Wy1q znMn<&r6jYcNUW9j(0ha$t9$4a(5>u2i~!TJwUZ*RZ3?k(=pC&dR8aJY8sGLKvWxvj z@5L;$)4CM_*O~+*KCl>j<13tJn<~@lJrfq5(`#flb|`(uo?cNYo>LE`C;2gcjACm1 z@c`Ga<$-P+HGG^UtR7wV;v=cgqGGT{f0sJ}Zyx@`eUOXPM)d=G4z3P7V zlMCTz^o@@Cl=^DhB>xUiC%_c~hz(RM$4ITLj+WV&xPK|GM2*=6NC-MD<+4F(@V{<> zH0FUs<lMI$+K-Ch7zgiA_t0F&Xix(nU!gZ%((_rPL0u2xNuCaUp# zY_A@T3%45mhH6>c{XNDFTuEeL4QFcv_Pzv8upx4Wp;n>DeMjOd7wLRfL1nGIxL3uw zppWL5@8!ik7eNsC({z7Gc^|tR8KVX-2WIZ3&-RB&3!|&=pV~fOApOhzT6HF7ZxuJ{% zsP1tyi#N`gQ+UZ0>YK#9AAiB5^;8O5knnqFw^cVEC&(SGneMe~EDmSEyEBaqEmC}< zAFrk#1lky;$W5gAZ$vW?#m>=Flqz_P{RzXYO35x%NST#Q{R7SY0hn9h!W%7VS%y4o zuGBJ@I4HH2Aob5>NEThR;O}f5e-BW$$-n)@$2~?ye579s34L{|4)K@AQs2F)l1Kdw zn)M`}<>Kw%R;*Ik1jad~mZ=kfG`exq)v1`OeM7q=dF>0?lXUq&f*_`NEr8|eRg`kr zkL7ZmM*jGJczToTf=anr{(*o~ug_i7G@@i)osmGAVYv>Q;ZI#gU_lCiR<V zaHQN~ug^(m1tN!{%N&x+OSs_0C-Y-n%BEh+*xYO59a8zx<0cbHZ1iSuvXfvb{p$q* zXv)y=?M_r_=i$$ZWoMJUU(5JsM(f4K53h>R7KVv49_n+3xMeNQd2!Np?!M zr(Jvv)ZXO&bs?-#ejO!`BL}i7ad>CI$dx20c1JY z+{6~FSev@{@0vB|-6&Me*e@S^n0swXDO=NK^P3>J6q1wlVHF7S>AuCUIVNN0r?>l~ z$dfzS=>GWoe246glZ$c-=-X%<=$Ui4v#8Q%{II~aWlicnC?YzxwnAA8Kh0K1Qd}=) zN=qvu?h3~ZZ}4UJz!?@&3prX=o>xZ7s{^qihtgQ(ivZy3LHhZ|&GL`iv8TfZmDOOh ztsxo)V6XByJ-Olw_AGGQ-t)N0R9jWE;D-R>)w6H>@V-xJHoT3%Rk2#KA`jota0GctRIYfld(F^o{zzd@QA3|K;t(B*uomP| zYtha|s+p>$TXo2VulmTxEH5ZF2D_8fg|bwG#<)fs2EGD^G-1s_32r=vAEdfJD|3LW z2a(sWH`=hq0J~8zV5J6Il>BgqT{n~`d zH$O~Vy7#$GttqXTyK6hC;!SyXeIZ-V1IsRX#X?ZD)C)SO-+|b+$0@ET~{s*SUY_6`zY+Z$4NaE-W5*-|oBIY{s@B$n6EQZfE zx!<_a5u8qzSa2LoaV@(O=%1`H zkz6)sCskdk7v^L@;?>wQj*-xBEXGzofAJ|IC~dKn+ud}v>~A{DU-hMhFKle6TH8NX zY&5frf0Sz>EdFr&E8Et&^{Yl?s#CZrA)D}5d@>ph9l@H22>%dB zY)@`&90T;1N!j!3V%C+zzx@FVJ#$h!VJ3^lSp$Q$ET-j_I7TI1mE}fyWQS)!2n>mx z5GD-V8a@$c5CncV29fYx8AnkD_0!LsRdiiBA;u0Ox7keyo|h>6*04OW>v&GdS<-*{ zxrclsXcgiG)*c9<*mo`ZrFZ=B73H=|_6oR>D+Dftn_Sqo>eM-ICpw@Xr5SMQi*RM| zyj|@RrPOEzwI*@n?WWDBwqpI`+8XVpxMPeAcB~~77mS6LidQcu4HW23+_O*m>Q{8K zAG|!&a+G5wHhEey0g#Q{IO7~RbdGd>7oYuyBEr}_>brX(7fGNA$5b$6-7H*<9H6kL zXqqt_^;3Y4Nx!8ZzaK5C=XWqbue`toZ&ADVPa%(`*4EA1c}NoQx~Un`)W&LcnQeEO zOIt^+Z{HC9rgZ5UY}6F_I(j|xDK_Nsqsa|$G=KiPsQy8CpnY7jOJ_k5dM`HA_Ax~8 z5S>r>&OggUcTHu>g~~C-j!qn08v5hmNA8&EW|dZe>AT_my_cvTD|b$&tLBxPwLVva z^k?6SO-E9&O3X6`2xPqyE3n|X%YY(hpLLKMAY6AfH@UOG#6JL!*{5FtOw z`sqn+t7M)xtu=JCoUZmR?~0r53cHzrp{xkaD)|iNLJj;}EQYgfUNQ?G(%Y!23?6nt z($BP3!%FXHS6#qnPl?H7f%g};bqCXO*Ak~4tViAcnx`OO?TFNiROf{S*!izU24I*C z?5;=@-|Q)uvG4@eO83Yu zEpS&Hu;td;sAe%OSz2Uah|2``cy(%=G*Bh$KyRiOXGKQh_rsk&@0E~F?sLePR>C7- z0|$YQY`S-PXhw-lTeXMjsipPg)hjSwDcRe!!r7^cLB1&wQ>-N5U*-@QZSs#56oQuB z{-az$aopM2Kg7lVxs)HX^p`VPmple1&V3X?;l6q}V((8EDk*Q*1k*0zj7_X~lELa> z{&MR21YdKxH7Rxf8$Ojb$Iry&Z7wgo8gA`OtPOdwM_Jhu5;JYF_M+FCzDO^<(RHEF zfK|P}YW+syQ+bM;P)2|Sx^@3M0VVNdh|4*UnGvuVp&PGP`n8{Wb+ma-eK5^37_qF5 z2-B0yVX1HfqcVgo3yd8D-Ayc_`%A(Wg7}KQfj4C=Pv`B%R2kAe5EB|aaJYN^)zooh z0Mr98*11wXm^av(*$=>8UBjou-Qzrh<~nI!%irm4E6b}kBLz#}4e2z5g{`Z}!Fvc} ztO38>u$Y^Kf%@0AW3*`K!A(M%-q?AMz2P%hW9}Faw^L;lyV5J*lahW$Aa0|YHraig zb#qFI0W3S=pv1*bV5&RO4&|Q4}rlzV>;}OGFDUN^-Dd9b7jQjEL*+Y9T9zR=)Y0G2p`zdR38YoM08Bn&YwXF>?3=tsK+n1X z*~xv|`GZ#m*@1;Z_{PN>4B9S=dMR*=s&-eO?R>o1=8~b&*Kfy&Gwk@(;%4f-O}pj! z897lRLG@&1QOes7PrhnN7xd>n&BIQo`l`p?6&TCkJm#bQZD$V{!(Ki;Xz8?nP}aG1 zA=tM(sOa+Iq`f$7y;+}1f6pi`imUM5pC9h5ji>&jGwe^*NT$l#wdYFCpMn0&IBVl8 z(^e79_Q+eZisN6}&y%1ldibDMic9Y%H%y9BKp+!%vy64YHHJ}n3bF3tYN5#UPoX%u z1!rDwh0R4+ytWjCO-qM$o**`p519g`-G^kUb`Qk59I>jf2Pqsih;R_?SHivOt?Az=q%c*~H4D!smyvDfNJ+8=uZ~H{YJxyDbjyG@DRg?K|BK{jF(y>Dy>GCaRWE zxjf~NG&!D7ptv2U9^I}&zms$cEKrWHkCrFDIi}qtfA>O|Cevf!!Q-L!SL|Jbe^MV; zrbAoM;efAp&|Bg3#iF1=B}R1IA;#N~Pow=&dqTCxk(=YexeqtVs~V;?So3=?U(Y60 zdE|EqbVErQm(E>;z={d5EtcXDUn%%UvK~_7;p`Y+qCQvCgSB6Vd$QM#iht~~db53N zyYu=(dlPm!2S9hJ?i6xe#%+LY8TLBeW?8h`9uxDCkhIw;0s63)`s7~S&p1$Pu^nrM z!k%+=pJ)Ke5-wc2mu+ntdBVivg`I>XQR zNbN_%h{2fQ27#!%|Plj^Is6m@Fu_HT!X|0YByO};r}L^NpT_HT)@-rtfUq#d$r72$x@-< z`x)!{9~z7Ez8%;dc-ehT?d7e~bt;2hg@p>eBQjnBGffz9n>if@owfZ%On;PcPY|nz z7v?Qdp{pmA?zPa18$Fw?0f)-FyGQlbk~9jqZ;s$4^@{O#>8|;`npnD_2^wtJxmTUz z?{Vm`vL*10G}??*928O|Wa4h`r?!gV&}byfk=b`Qf6o+$4LuJtOJXKpUA0O?l56 zeGotHeR*7CV1&uB;H=uFL5?)SO9~9gOOYo9#EB}K*Fo?^P_KbE!>+&E+#@!UIfyO?n;9ogyg$qY!d^rGlz1Kx~`PaqHrZ49IQ3V0n<)<`K@i& zJ+>~(L2n%Q2Hi#H>em;Xw2-YGj06o+lByrEizv4Etta6_bJjJj$i0?r@f!oP&i0GL zLHjrVxT1R{6#f;5L0fD$_hnl~vt?lhv}|v+)*+POcB9FuLMc6>x2L`kry&%AJ)tL2 zkWj4zm9Cw0Sr9z|B=7yc`b4EX^?K2=)nH!)_$2JDw{=~1BS)|;CiG3J*~o{bhSoh9 zW8fupLPZ&Fpt!;`vB{6UBUx^v6%a4WG}o^+JG0#?--m`cr&B#!*=+&`AAR-|7$H`! zGoBHz1|<0&F6#HxW&j*RBq}_>ep1qkZVy>c>W2h7_YXaPXB+wI?oik;@lOC}gVAEJ z4ZsPG&+2qStJ%3M9mJxo>}o!AMr*!;o;lmc@sT8TL(xVa=kKsZ`EbzV_RlqIk8<@{ zUHy>^J`_-_OCaa`75W6q#$~A5qXoX(q+dHyGYW9*p8+_AJ8{4Cxaw;Iah@t?Hf(b; zy6NY{S{LjsN;{?LxQT3J@nEplM?@oIaQizmAm zq=}DQoYwHFSd;hn!k&<86Q4dvjMcTrYCEs=Sg^aP{;E;eZ58g+{SnAUr^gDTfWW1S zZ(hHmq%lb#H1({M;<(k}syilQtx2Dr5xl%pOCz{;cS|0GdH!8L!H2R7VjcyPd&ubu z4bDew!4cDecTTGQD6KgD)y9n+;KF1(AW2Jc)kpcMz-pWK0*==u9@{tdniLdG09|Ir z*~pq)HaQ*UMQoUcA5L8)0><(x`hM&3>$8{JtK0hJWMCN=5F1N0%%w3V2eZqy@QI z(^f}E(=;?Mj~9LEmPTy_PL8m`P`Aq)Pax&FgajE!50d6jys_}>PX$c=b#T+UOeC#3 zr30TFwmaIc(`(H-VhBvu=AXcQYx$G|s9GJeA)d(UuQA{+*SXYo3ESiPgDb>LKV`K0 zN}+1EoR0p4W41$LBc_m;DNfoW5AeAyF6+)7aWrMpuCI*au5pi*4u4(T`Z)F~cQn#y za{t_|Y|e#dpgR3ISuK@F+S$DYrls0vvJ2n;5X}yE!eT zh}V`5v-f<|SRNkE39T5+$Mr+5>GO~z7oD*qk25W~iNNo9VNNfj789^4i1tR#feILi z*o*rC-1h#~@oxB&H=eif*O(Ak^}X9EnJoiPC4!lk*%UV|jl0|Ps^*!}2bYs%*3$SYRBYx1H^K^CMn8lEw{Br+Ll-x{&Fl}<{Z%Pj z>gr*YJ!RE-eRI@&Oc-DMCPlPl6V`8Rx6;g8xVEjo-gpFyi@=b! zO#U)>+|gO%8EgItyboC0bIkEe8%qJ+;k#V+_C%88mWt88YkF z`Dih3C4rPp{<}HYi;mnBfohLJ11)+7Ufd9~udX}hTYYnF@&f9lj4DAu!guo?)_y0+ z+zR-!RWD`GJQOOjR=IamhMQXrn(OSUCo8Sr=O`;;^0j?gVBN0B;%R2@+g;AB$(I|& zxrV|jIn$v5F7Lc&nivyjCK&78uDdgF4ep~b;R-8=mKwCH=jOBZU$Z_J7FyXGWGmZy z#c~-FZm8IZ01pSY>)DUSt7;GW!|f)=ovo)%R^pV9up^QGhq||nitB0KMH3*9-~{&s zf({;B6Ewkfa1ZY865I*N;1=AS!Ck`u!CeP;XK=WapS=I~-h1xHyVg1T)680X@9te) z^>lT2)l&{8dfM*wLY(s@Lf)JD?Fqsy0;NMX6Jkr34>>~M9k;BerS`9TGmY+v!zY$J zz!8kW$lr_;ary;dwoJ(v`rfX#%bKvk=eiR>!!o$AoEDW27Y$b6p>V&ySsG|d@D_Xu zh3(z#Jb0+-r3TjzV_hfomE=%Suryrc6Vfr9eG^jtw8c|%*(G{4Ywa(&IK?i~qdlAP z5DXI#3yo;BSuZR~UhpN=&Mr(^i#=^TdlftSrr8b{8hv}48KGqxOX7tGPs=^M3zp97 z87)PFYW_XJ{8TP>Q-PiwJhx$Gr%|Wp+;?l_h7SUh=@f(ncW_zn_P1Wu>(f`hicj?e zYT_o5f5ibsUY)-A%~Mh0qHsro+R&0f(YovSuzn>6x;?n$w`^nCfDeX=2w*_3*7~sk zD=~fadm4$SgE?BdcU>dwVObr`_H5jLFnT7cW6;Hl=JDA{39HJaPhXoTvz{>_JN>CeZ~gKA-GKHvS*K)Vj)tWY-(VU zB<1ol+-M;yDy1oB6W@dR1k%)$t!J}MuH&p{`Q9-is=Z2j6Q88~aa>;5w0~a`d}t}hA#O2&Jd+uv zw@2{$%he$5$)o7qM%Z|5R?fxp3G{rm6n#oYW%FTNZ}L_AMn*=4v%fh9!8KYV50;i_Qup)jVYrW2?vJcnWI6t>aYlJ?fJCI+#TGg6FoshKJ$u%C~rkl{oah6PTgZ zz6P+}=JzR4D3f+u;-Tj9;DB=T%C|}KfUoQ-qSUw+cRJt$#b10L+n;T1%Y7X-cG}xB zl=e=^9=ti!LlrjYX}ZZqfR>VVj*ce7PXlpQvLn-Pjhp6pQu!WcCXV!flmx*S&SOQ? z(ocxPB{?CFG^HPU$8+OVxN@cFTwYonTf>tDmf2On*ZmW)*Ea}aUFS2=k!qz=uaq@X zC4mZ-xgFYPh}8>q5_7H1Q&k_Pra9PPy90BqfR?X9w)}NsPJI_D+ln)FunDmV>iAVx zE|6)f-gK&;wTc1dunqd*u`rDaye^%FTT(slyqef!Q+I=iR|3lLZ43Z!Eqco9XaQ&b zv)dw<#z;#eupOjo|5FxTD$FkTj0zH}yiuIDVErKp;Rfb7wYmU&Kt^X0;@me1HM_%T zkV*GGwD@P-Soq%yHhX@`IE(cz>>S)+b>}cGIg--D|x#mRcQuN-=H7ZDRE^Mnr~|ZdTG#AT(*iHQ6lEt z{%vK?zie;NzXxcWRXc%FtzuFy&CgBJ2kHXq`1+h{?COfU0PeXNq?)&Gq^XygdF|26 zWK7IC)8zPuZs(kb<#o1M|gMYRQG~i;O#3 zEqMIS*-d!3F&H~f)fsII6sJ9?r@vLjiHmQ6VbiT#oU=#U7CBi$5Opvip?cY^unF35 z)8xfi{NZ*hLWHw`xPJ1!G0KRFl@7Z6M>%dLRze?`ce+s9MX zWYIu*R;al0L^pU{pCEd_&rdfC&n2EZK^*_=R5yl6`DrGyd5Q6fXz#|$!k>NdB2zyd zx7Z)~(HGTD+naRs&eP}G8|`o(n)e&V?=!DoG`Stf={4%Iw{Do;LNHsYtUlKp3}={p z_H0#9Al)X!)M7Dke%jM8nmV_OQp{avoYUq-yOlT@o9p6=7o$x-d?X- zGQZA*45hqvSu`%GW!kA0yVX?IJ?bVOU6jl3Ut~))D{<=SU`NQ<9ymM&TpD%wqg%@< zH{Z4uqA^uaXB#g@S$W@cuXV?2k` z%D9s^aUR0!b&|O5jCPU$YvE2e#?1zuPr9S>GT3VGi)+kYT2a<}u#;MWsT^04zRVMm zJ6M#Emo-fPN>*;Ftu#d5l>ceIai}DpVt2Kqs^0$L0>XISpGWc(N<0r-jZA$W;l61j zcchg2XcPaf+B@l1Ar{=9dy-hcGo@!z(Gt0L=>4SgPiSv(iOQ?bP20zqWezX$(Vx%g zWku(t0{p*Qz{z%Wu17@2!CQ7kB&pvH(c7lW^Q7#`E3_y4rVv-Q_r_Lq3+C$iS()7r zN+_Mz&5}_YPEn(;gz~OjO)Q6rjYHu3{u}uKE~~K26b%_5ZRq8A52uh-tgidz#nc7R zBi_p4blB%gsM*aIsophV`;YN|AU@%DwrIlcoa@ZI&rRA;ffUD=@Xv9T8Xl&RaQHoM zt~0bTvv>84uuK{xeVXKW94La`UzP%GF&=iOLy*h>&4F>A-Y1iyP)$~so5B7R55JB% z^_Etm>h;TI-9WDGZ$d{tnU8i8NWs9O^p0Nfe|dU%{r>Xb&K1l*WB%C=&|sN2dz&l; z7GjjEX%{S`N&fv=?!J69qd&Dd*f7>=xaFzv`1!U5ZpA!_S93*(n@u)td>zNlQ?2Qo zl8+ty8(p{zM!~3+{r0CgY0Mj!niYFP$?rWcs^~Tj4}Ilyo;~}`8rq%Zw(P3{wwjs# zvHobS(3`g!fMh1ZU%Hd2@R=@Jzj1HsTXi(?7EO;+?mkOJnIC$qB+rOKRi8_rMxX5H zH20H33>H?a&W~o@buyIS1qbN8Z6ZLd;o%ByQZ^X1&zb!m@6Wst9b@0?gRR6sl2gNcWb_6}pZoN9^RLAlqA$!! zhANbvKW8q3Ca`jAKc|K7mm{5X^?M((H|jXVrlFioyf1N zqL6;SS0p#lbXKfOZP%i5J~&zaS=Xfr#^GYAtYA|C8;_2@>B9b9z$qa-tw$~zMKBNk zU=C!K+-c1EPX)D~97QwP!32sH1kYGV-m`f*poL8W5ufrsoiFSnLQLhQfYSU& z2yZzfYfM7)tVo{REz1Q<3p~nA@3C~)^k$G4yk`fs&KTet^`EOFuL#~zxb+p9t4bpI zNA&*7L-Xejv&jEfp_~sd{+bp4^E~{=|27n6|38tdJ!Q5EJP*r0=zjL-4h<(MW2tGtE-!5vfizqrnj zfN3=FH~v4b?8FFsv+)1L17RFEfi?fPrvCZ!|J{3p|AQXb5b!wrk~STZo}NDaADJL{ zi)I++-wBaD@}Q4ouRTSHgLWebAfa^?sYb;7y?o88Gn8m_&$&QuRN2@F6S|{ z09KRrb>HjJf4|20`-)Sd;=F^U7$BQ6Xoo*L9Oz8oV-y5*RjZflbi(2Ki$+2ieFg5@ zc{n{@XIEFiTdjY34&nTtcZ|tQnGA9rocon7QA32&%VfIp^tld~2c52tbdive*Y>7L zv?$|~lZhGCii2L$NdGh+%dUQ%vm%_OB+e|97)$2c&+$)VxGd)pU%fX|3kOhpz5!2iSoo5(;$ zSf+)qR;(JA$V^8CDS>zWi$4sWTv7eHJ|i!WhJ@QX%&0fQ!slOI9H(mzsJYo}|5s+> zpV>HNSO*7nU;zOE_NyJwiBpCXSuLc5{9GD<-Tuw7#CFrKM$K6JBq4cq~f{rPg}x zb#El$OvoE5DzW_h{7NubqS^KEi-c{}Bi_DJm9P(S!|}hpv*=u9`ezhza5gR2+1alT z>sL;W+n=cX9`E5YezEMaO%7txR3;4w3sY9fmnE*XUD7HSk+{^X62{+GtMdKVJRufD z|6{7zf-*r(F_a=Pq&&7AJv~U6n3!j;H^jw3zD5rgc6PA=FVG;D#TxA#g8w24AI9Hi z$fue%-rLv9klvtnjQgi+N?ZIMXYY;{8w25ThCW=aNZp)mf~CU3=&2cjrD3jz^8aXW;TD|`s=S{Zlj9zFc=?EJiFPT^%HQTjg!$H1YWKV28wF5N= zfrISWUz*&?W@l%oiKC<{i5G7wCnxu(jU5U2x4(wFr!f_R062z$>U9Mj5q*d<{`%@{ zGOCq z@@WXk$B!RR&d$EuIB1?q$1@IaDoTN0W*2}-E5tOo!5mCp5~)1T9u|qCTiVioDgO=`DR}*Uf{5>r z8YwL+;dKiahNI+^7-^`L5i0QqhlZ|S>`qiKH8>cDn1+W{e~M>R8?7`HnyX%1BvQ03-~~1z zX^AWQ9`oAT7jy32LlNlM^}AK}?my5EqKhxrKm~+MhWM?Z?%3pCzLU!3vdmRxMFRp86c~)w7LM=jTgHlz-z5eSx9g0hHf7BNuux7vi z)%8sABkt^iTJV!PfyV5p_~8}D=13@2FIx90Q^eSGv(I^_9@3CRX)a zBjVEQh6d}2!K>?2W1Ut{wK`HBQy~MY?1RZdC29}AbhnX@tawF=`QjNyUkBe;`X(kk zA9;qmf!MW^f;cp5e8WF|KLZh+nlZt}W%xI~d47g1x(A&U5@`wnf#0ITC9IvJ(1#*W zYi=L2aU&!pps6zv22-THWBHcEZ{$5>ca5Blu6gfqZdEZ8r@Y&E5~muG8yClJ1^ahR z9No`5z2Xwg#FqtQ#RS@Wul3SLMFkaBxNM^-T9FMQZUU=L`lP%y5-VS~_dY`ISOR0G z2a^O?0>>|tm2q$Sy*U#ytJt@maEdNzvJ=;F>R1V~>YrI}PZ@_hVyuXicYF5HpkGDz zh6)lW7R(RDn?No!rgO`;ul%D8uFnjJSITFQWBB+>~? z3=4envM(2DYeiL>^=9qm3ohSfFAiYIq;N{A%tiYT+LXCbs5LoTsFrD|)m`ozQ$dPs z4eJCM4qiV_-sUnMU;i+p&^Cra`g`lIO$4~n|lDiyE4X`asudzD+ z*y1MrKiKfDoF@~3eJm_|^erui^r184fj&>gRw4|j8XxUT5N>WlB*wqVKE}!~s7y=? z#5^C#p^wWOZl!pNY@P60E#q0~|5;^KxgLZysb!EN@YHqQ^Va&-S5WZ%-L=*R`Srm) z!Name6h#dtjqeH*et7#*q6Kt8K%?%CNW&?V{)OR{!!NbgA!Cg0;+UHIF`r?YhW9(t zpneI1&GI)OO&{C^J1ezow3LqJa>o1i>W;1uTFZ9pOT3y2t2_JPv#jd*?8Jk4u+%t4_^~84d_jsVVVY#e`NtV9I-9`hqwJKfO>8fKVII zV7K!)VRjmCjus}1i&=78~xC|)B*J|nQIe3 z$f3NO`xiAX-E18IGL}!kD%&wFf0`oeIZ>$)6_QAF;CcMZ`wa)Z9m>C0RsS?RR^D1*8zL2Tx}M~fcV|jH#J+x zYt^f<6hfkH-Z#~pymwuYxt~6yDnB)B(7_dDaFeoD`p}%mL|wj2^#_iarUyZRK`6#E zK|u4nIdp5@o#2iIWcIETMWkEGZkGCIK^CogHcDX;<0;7>J*tMh8`IuVu@NoJ2=&4= zezwYa=%iiqd$#L|dU4uR3knXJ2&{8lMt<96l_GX9q1k${zE0%w)a<&KNLqPC`rATi zXUas2xTY`F5a_T9bPX~)Zwh^GuPH?Q;5QWD&Q>2OUP1N`YzIi;SiT_`gH&WU@Pfj_ zCBt9SD2~0u3{&%E?`KFq)6fCQH&dddv!H4L3AS+JK1977>SGA(eIuV3$$IK{j@{=c z_)?(!8NOCb55bB^)zQA5xqdyrbiyQ6b+8QM;a;KH3Vz_WZRaYjr? zfCHG3EABDcD|Rb{5`-w8He<*kHmzH&qh*aR505%xsOQv=6X?~iuNdc#V}hEi84spw znOGER##xT(o95kNYBXe4CIRCWkctJV*eYeDpv<$10&&)^tJwX@42M_UKGdg*zUgP3 z)gi=n(Z1yU{Gfn5GRDZ{WJCWvExrBeODPQo?c@@309xAPEIKR?6mQ^6w!vchh)}2s z#si{%<^!dwFE!?5m?*V*d*CsueyXbp&@9+I;X6#t6^JOR+gq=jh$Zpx=4(<_rIdQ^ zRGaFDAWR{^_VaPDFhLe1wj+w|E?S0p4Q)avyI|771Wtohj+tb^U-5fAv$vZC_urJ@ zv*-|QLgIheJa{HM2Cy}Z+!CF~26grnqvhKQMToRw)Tu1{89q((5orOO|X?;d9x4AAqB1tXg)w0PHGencnj_GHSidanibzD`?wj_rC6SyKY! z)#`L5sJdT&0E52qzyRsXnOhSbyZ~SAXx0LzURHJe`ziXsVvVk9qSbl>epeG1{u2FC zKx`OWJ0(Ry76Mxav@?qgf)j%%l%b48aK-&eY#9%lk$ZJXKlB zp_3+0Csyk~6_mQa*qP;_^2MA$j@IBI|5fEkUv@>Xj7x7&{2kQGlCW*}j9)t6akpW} z4IiaGa<-IN*hU3QZo&JjCq&4NP+=2?N?D?7={=brBlBHCeC2jGq*B&7x*vgFxepx{ zQ(>$@UPg$c)bg@)5kH8d#Lno>=J1p1e>qBQB?#dVuiD}O5oEO>ADqpji2{vl8K92i zG}6*Mo>b3fv%SVaZ1x1mcCUSBowNv8&#Xu0BW$oUJ{pL!=Z!su8BV{A=8_t^oHMoO z-$~4yU_Nb1QfIdmCtXjByTVX}fx$_%j9b@RD*(#7P;0;3H-S7aC+qU$Q3|d>Bd|>h zVVO2%V=wK{=|I|=jv-=$;8b|F2<|<;NaMv1I`M-U4nz>5jYNzd{Kj{3Sj&`ZfZm|o zAGJ#l%t_fV--rWKY?M~eN#{XRw*~q=!7`OAByauhuKuhE^j5*&q1EZ^?9i9DcRV^R zK8U{i+Xm6w(S(I5WWi7J<^A8I{Z_{g+a30fN!@#Xt`44#VhV*sHl$H*u{wTyxs9j< zgB+bOnNZjghU;nmvk3b@g?=Z|IG$vyh8$RuApVs%FSCSj)f;6x?WwFo*`6QI7VscTxavCJyc z)+K%cH+9wXBl-t%stecsw)yIcPB9H}(8rnMoRO>NJF8_cr12#nc>N6&T=u1Mrtfl5 zjX!wPSdX>F7{{25W~&MdwmiJ-=F#oUR9>Lz0u8?KdMPBxF$j>Rqrs3UQR{FNe@^y4$BSmO0gcPRt zBW?sU*7dB$$rn9+iFoyBsSoXOfy3PIB!u44)xa^L`$sECy3~nwGh5)>w_Iek1`m|g z{Q5Un{l*t4U_}U9i|m|K@++`NO3bUv__}TMp_PI|6dWa(p*y$RnrqxneD7Zi7$sU< zHA5_9;qE#>-0W+juX1J?Mm2uCbuR!{PvIRDPjG_dv9Yk|2+>kUQo?k5enV@}xc=@H zlUB5=IKa!A-2uXC=5V;AaY=Y_c>e;Ypw^g*YSZRo!hVw8l4=dN@t3jtV>LPzx3*yq z;SOzA&aT4~c3*00_hJisLi+SAG5)I&O(R~XmiF70>Elg-`kTM@aZPi4dy-pal zk`qiYO<^PL^qptp*++eY=?6z-6*IWAWe(>QV>?7RlT&U^00dS(h$3T+hr$;hhhNS4 z)Vx|52uBU&*f4ediZQ++9C~2ZyzcAvlz-FLyxb+W3DrJ&Zu!)!u*wwDeuoqfhMvix zcEFmm%}9ELdnICJh}vc;xoWr7Gqz&kOo^T9cypg=k+CXPIv`xn?b*^KBcFP+MMT%d zLS98-Rrn^PHqfx(W)4wX>obK+2uod1HvrCan|-zDCq_Re)BR4&e2?+oOHX-O3CvU% zT^=3C9lVaUBPHk_A<@jz4gEx*i^yCwZ@EOb@h5@)m!1N zix3dBY#E8CkXgJ>?2v3v1=)8#xwB}!m!st*nu?t=t%(Z{*TT_l*YgES{LHI6PN`zS z)3>Ss<)Pw*qyaL_aK0@sQR}|EhgI}|vRX%{%h^-7mH3;lM!gn|8eY)0N!qS9#hjfI z$UM{vOYR7=>9GVy(~SAsJ8;1!#98m?tB zf)b%y33Sd`=SUr1?M0obr^+vTa`d1f>-vKZtn)oBT!K{f*R0A`j>!CD`4ZYGb9=_kuwgkY+nLM5N;Rz>6Y)F~2 z0SuWmEw1~v>s4Rc^&{4QybYFymc>e1yv=Gp!Fijdvis_l1XN^XSi=Y#^Y$z!g#Kx7 zqu;3jAz_EzIJ-r*d3(*nzA+0XUth}-%FjBKxDYa6&r^5Mk7OVwb?VM~@LD}jW)C8N zK~N#mMRR)f27mYIQAi)|hcgk+V3e)vE0iJ%Vp|_v{$@((=8Rw9Cl9z95%X(2GLKa zU9QA#nJ>s_5;nYe!vwZbmMyG)Y9P{w$zAJlfsaF2^UG!Ho|4{N+H8KdNw&M4BXBtx zmf!OU+-|}C1KXefhHaCtDm>X$+s;TZy|A9g!LeCF>|mib$isOYudAFKey{i*c1a{0 zBCP0v1s8-5wR=@nV^v|k1Po$zo;PctZ4q3DeBMKXN`SWX@)k+l_Ufq!cn-Xo`pL~Z zs}!*b6DL|=)_oTD71-@Z!ylJEGDJw&1+Q~5ZBYC!6ay>#frFO)lFX){zL{aEqLvYD~Y zo0vEQb7`ZKlLH!FCQOM;r?Cb#4X@Vhjw}Flr}9h${i%C4&$QcNj0>BKpm@Y7b~2;D z8OLx;!+DK?C89F|FN{*;)T6h;<-s17hx*f5%ePeuzKQ0cZs5a)0Ekzrn#|Cr<;NsN zh`;*Ge`7@1?PK+3j~)@L{WYRrw}rEM=xIU5FGahS*@A1Q#5icY`~%aKl85A*w9CXE zo~>PSrrSq;GLVO3&ClCK0*IND`qt+w7j?FidOVhy)S~n6XE9Vn(>Vkb=tWV>_~3Dj zG5!WGozTkw0FmFcd5Rz+Rn=juHs4% zEPA7;X%k1K+^i+`8|!ySA7zWQ>o*lYe^tLxy3b)^6s4|cF(N-{f-)AuZ%$FFF1iJ` z-y~3-c2*Dy&8D3sZ*+p;rqxHesCG*(>+R2V5P?!BPad^=iei-Mb|UBZjM*?{;51g` zTZQ0L&A_bZ-VKUlH-c`Jw1?dTXFSUB)=^NV`<@M96sRH*(rI!!w@9!q6Nq?O){G&~ zrSl`@Ti|-U$0%7V2BvD8HAhsXhu&IX+M2pE?BPSg69RF!VFj^7%mzz~e&Zd|#dJu5>!!6%f zx5C@3-$ndscOSatM!3mj*$vU!m5q0SI+zG84t~~TrSm2%oxcc-cPzQPp}$wwP!D?W zec24s{t@fd(N;UJ(6kl6D&W@r$wV8^pJeY&Bl(TEM`m&+Sn7!qk;6rZp{vFiy}L$) ztgE+HHnH*zZ-w4V9-I{BX>7_Uk15fb2zW}^N*cWidh33~u@gF#Z3$hZmI8)o@>JH2 zFBL*f{7Upu>{?XXPP|-}=G*Q;*MMK75SacPR!a3ThiozZV0tivbNvIzr?PX0_xG>O zqxgs5Q}T2+r*yz?VJ0k@s#3=EqUu)r6+z6NOZ_ZcQ$61_foG ztP~AvRKwiDL?l3V?@@DzF(G_RolWSw&s0vwBGflgC!4oc=eGMZrzA7ec|oY9z^<>=s{`NZ}(0$9M|~bN8=A;x5rPS>kt?4(wGBtDY>2xO;QUj6p`Tr503hxuw^npAhxB9+BOAtoVyO7qbGC zM|r6G!g~8+l^CZdOf>WY2p*=2^CRoQA_Rr_c+HZ;{0L@lng`UoB|vBO1^qw01KC<& zZr`qn2k;KLw#AS{vI?~~m0&v{uB!`nhRh-)P317!{;uq+3YX?-WU-B54P@y3Dz+%fv)IibU;x}a|93Y^I-|hFxR?0gc#W@4c zOV)9CRJ=0Abu%>a`$-5v_-p{Mx9*`xA(B=ET}pfhw@rgFuD;YACmDIe^}dfcIdW~G zJ^|K6ruy!^*>u-%8;v5}nEo>=X!9LE8A}fo=y3U-CPnfGz(8BB+e*B*V`fvN_JWI} zWjuVuvC>vpH6kYAxyJgGjd4}~4FwFu7(V#kavkfi(Ql~I->)P9n^0=`WdCqu%H@wk zmoeG^Co)zj3CE8{v+6wOMbd}QD#uU3-JMdBSj%P+`&ew=x@>K2ObPwog%b@N)9vNL z;;j0$)iJO2;v;I}cyvxpw)K*#Z{8hQgjRNyhasvijd~UF{>oLsGU6NVE?0TWR#ZqK zs2sW*{0LCy#iqdwQZNs$gRA4ADqB}Xa%Xk+E9ZJ};BX9eB_R6ihjof>yRsjhow^eD zjDqMHHCkCN^*9=iqiA32UD&{tK}8(-At)=#A`KORE916%*H4H^fOVGJ;0%Y}?^%cJ zj(*Z8M&exQdgcpO9NhHBY16v{xyJ zP<1V2JU$2>L?oim)IOL~2u{Syo&+vr8$(o;wlsLWT(UxG9dq*t*8k?XT1m zu*%w#+&T+D7J^Nwr-->m9`PtrGk`(0XQJzfXpr;!Si_mc9L;)LZmN^*c>9_8EqPrI z9UI_wJH>-Ul4UyJ9<-^3ilv4aC?wqX{eA3|FTB3wN1 zqZMdI=K6OytU8uCOQ7bpin8}1`s=q@8S7&!!f)SQ%2JllJCaH`7w}(++=X`cw^AC@|c~zUDY7lTS`bFoqd+@ zHOS>|#VA#gRCoFHN<*!C+_Ao6rwCR*;XZ=FvIR-qlP^LucxJ(81F6n0&w9JO!2p6< z)ov@^AW-M~MDze8@5o%Pb%XMwRG)&P8?Opo zNOc;+hg|vbSV-5Fr24-F4_U**O&c8%0ddog8Q}FQ|#{UXe z{;?lela-ZqZPAa3PQv@_xXzdE@nEOUX1V)U9CfAfo$F$YhYGR`{0tF(axJd9hWNqA z?Hw(*VdlGA&7jhE0GNs^lAhF+kJ;$9y+8Uy#N!~M9mLm3=<(y^gqiy_FM6P_5bIr| zU;`^)IAVsLj5L_Wrbj7MXX{b-usUf!G zhsKYLx7oQ^W78oDMt98gAC)}dh6lcnFkbMttmI^Wxw*v}!yiL1ON%(puHin;#+Nz= z=hyO38#G$jndg1@$S{dhSfFvC0zc+z4nCYaBUCfdtvuq!45v1GftC|%Oyi-L z?ii!KejH?0WjXFF?%Rgg?g3Y{#ixMSde;-62dDe_mr|X21pV@t{=@2fY@xaezYMuC z)d9Uoc6vyOUr^qOLb>J1UaAuqM6x6`iFw5ID;>D1={-$8_jsd2!SrBB9)%wz{lh<9 zqk0$*F^Xbw3VL+Nmc%(OssUMV=Mz}xF-huPxdN@^RZ>q>J*q=X<>63(s8%yrpr0+ zW-REO#fC$e-y2_hHR06e_pZ&63*<>}uqKatu9J6*_NJa4_VIP7CL03-g}?d`P#`M2 z*UjaK2I&Uh!uLIW_zD(AXdG?^QrwcP*B;j0@XI@E=)DxCxx6(!bvM9(pO4(s_m{ zKSXp4Q?p5Uw+D|8j~b7sUGMUHDJ#rEe)4T&v(1HIHz`3B?dZ{1P+G3cf3*9fU%Rk#=nersHy>a zz52SaWvJfp%5zA+AWHvxyrG0Z)J<_gbv}9@qgm`m#Z7?plyxk09eh%%&j{62vT!|g zvln0$t(mT{HV58xhDOdz`4ok{=TS0-`b4R39hU{XU@MO&w*6g*@l>JL&wIycuGIQY zI@MBO^AxmlF^8WrH8@&bMu@&70ASOe116C$t><$avwMXV0?U~O+dhlB<*(T}jViB#gUusc@ok2`ZtxDU2{n(W7>+4C~cWM^QZ5X-;g_H$^;Kcbk3$W-?Xjpg_;}oT=2|iZ_df z5aIZ0KS4L8GwB};109a$w+V>z4E0Uadavk|KXsl6|Md2okM2zZLUehKd)nDSKA$QA zAvX9ZoU&FQqX=&wX--G+O9-x?U(&5L7wH=0t?=QZCUxzthZCvj-{{!xLoKcS4z^o6 zWUH1q6zZafIOk3&koC4;*YR)5iRyS&2}HuMhD{|b2c3}TE$51I(_2uZo)5;-4!rRR z)`nG-Rwc2g9P;$04^XkfmSpFQHa5&o7!^U!?l0@t%<^}4y-By@8 zb|(r>uN_2dKOk8O2?y!eZ|Cxs>IIza;E63 zmJ%~C*CMBz+MfA<*xOd5FS%J^lFi1NiDk*_-JP!Ii7GL-B+!V@jYk&N{CHAT$_db0 zF9}goDiXJSj8`L(;Ly1!p|EbARak%AWbq6c$1 zykBizM*ONg%<{`zOPGHj=Wwhl4UO##9_z|4ObcmC?8edOW3JhzY3+(I(1_J?XUlc$ z;vgvtZ0>i_U~LFEHLJP%HjIdV<<2;RBEgv0TgT0CPt*SC{HTK#!6uWH$Em8+MByDxOui+C-U%EN%Q(_D`qBc+nM|!}F zE*bl5>p^Ee4AZ!Sb@Fh(Kc|~^tCGB)Or_U_tfI7^pxfXJzx(6HS7aGw;RfxtB@!~d zM8P1FX-ld$hu14K)X(t|GyD*7f%NOPHoQj(<~$z!w-Lr#lEU?co;8+Vc^j+{7IqaF2A3%DYy2lq8SOWepZ`&C)aCf97u>zmhI& z+4Mu-zcdVB?5;Gu5x+2}%b??zx=5-e3)MyW7+sOl(b5K+-QWB|StKoH<31M7*h5UX z)rQtwTWM7-(^-&=xtvyzEXf-ihFXPXWgF&Nf$L;!Fbec!(>b$OEEK z=-#j08ThGt5?8msTDI~m*##FmaUF3~*?gY;M5#X?)23zs#Y^t%yO5WP;V1RB?E>GA zvV+rR0SeW&s~ax?U_$KmP%)~5a_dyG6^=Gq&LXQEWQY*rYhRf!RKywN6KECqV_h|* zn9%IUJ67|oIeqc(ZDCyV(ZrYVi2PuCok`yV@+Q*2)%zQ^a=90RNkCFGazK_c$q(&0 z0yyNJRO^!Z2#~HIYjY_p7?0{UTeZyRvd3F>NG^Kn0b$co>>shDF2xIT?_)}T#Pg|m zlF_;tPHbdJtQdGzS~ToP2WQm0|iVGP@!SLZB}!O zw1WPcuCLJu5`b5nPaBuDIa-Tj-D4L<+HXJ2X5cxDRu1v4@+pDYE5iKzTTeI^6)?}b z98AELoAZPeLcpYz^T#1$n%Tmchb`n`5G z{SO_=&9LDqL0TO9qBXntl(|@a#rP~QF|N99^U6mx(R+9hm2b#zl@w|d+pB)Ox0s|z zH_4wQCA>_WoM9ES@Ay!lsy9;%xQ%d;yw-CkEz?Vb@Y4%8G$*0HcUJPnz4EE&K1fe6 z2J%#u%YFoBBwhN5%xVk#Jic-o%}JSFd3kQ@R5>*89C!><@%7pVoZ+@6>D&-rKfyzl z!*IH*tY&^+%iJU-CubS=#}HlIY**LRyM253;~(oK{3`6BLHiC&!#ARu`d0d~4|0cN zdGQ_!EK8>=9;8*{^ds9^n3BxAo%*JLw>t>_4c$XS65r?ZEq-J-y=1>nf5+!F|BFg;G2MbkvAFAzG2QkyS3@GlpVSjSFN5IokZ6!(ZK9G#zIRPvvGSm`%! zTz&n>sUsI6xmNo!rcd(cCJ5~p&%h_1Z5&{PA+=Gae%^&VXIk&!5?!J70a*OXxS>Ur zCZn&XeYqE~r?h$mmZq|ZP9IW##!M#tvz|llQP7Rj#T3b??v8nJoEVUK{)w2UN(h2- zr)2@SA@`Q?A@>@5hp+#mSP`4K_fRf9PUIWmhabg7rBMKU;tNX-FTHViEX-i> zNhS~%KtecO%-sL>+L8X&`-zndQ`pl2#VSByu_GjP&#g@2oRO#i2K3nZdGwg{Gdw3w zgDfg$(1AI#L5`6h}+>*3mbuphuL49g$N1e1|=|z78`ee z9=uRrW!A%G167gr#Bx>x%uxBgJm8W75z@_gj<3jtqKdaMY%5{UY~n^= zzDgR@IKk%3?t1b&_c<9q(cR*Qq$_sKOXSObBhdmp%pLm7Rv${Rv>FGyue~O;fKztV z_>=lN%5)@`n3qQ-J<^?g9@+iy?$A7jc&zwl-D?eQUu_`%_xpe>5#f|y-Chl5rG3Fg zg(a!vqN`2oNz?L<4A&Pg1zsg)UWALtpr;EEaDS$Yw0Iwt%*AAwLKIiEYk`m&6Szi+ zCb$~^MZ2I|bJMMW-*s!p+Nw1BNO#fe+q)`yJhos9?k^7)`-Xo)J}6WGQc>*a#KIR{ zuM04*&kRtNsC9`%?^{=4=hCHGLRk8+!{FtZLw1$cNkyaE6Sr&m20BJ+0)!DnBi%j! z3>)+|zAF}LjnbU%`k(F5rw|Ld6=EzN_JipD0fpk<@A8(-W7*e*Rl9521S*XVm5>Hb zZ?S%pqKnq7OJ;48R#=(?6@AYwMOv6j2tuF40Zg^5vE#eHI?cSyr$00$+RXlRm5yh* z>`bg=%c1+c(*=)cf#5d-0V|P>>totCdbNkbV$BHZ(qyBR`O~uR@Dc-ins+KM-&3zV zp96O#o<(8@^lO5fwQ~ivE>nWqkl$vNwNbsx4Gv5oSF2;w;w@B{Q60Dy2^mFW{}}ju zg8hSLpNs8}s=da%i1$roDbPc1Dk9QnSnWZr*NXaB*9`5N)}*OjrC-TQK{GgqRTR4ncEJBe?tNHy|2&$5XvCtug|BO#IAZDx+wozbkivYV(Ku$hiwdhEWzxL{!bk1S~-d6`@t@1?iQZ)GEI}{zzxQBT5>K4s4mAuK2$|m( zHgp3#8_hk7oM}^S+jhR0ps-{%Ke+kaG(PZzs@e$R_&%4lW;M%Qg;1x7|3OKYvrYJQ z1Y`nX)aQ;%2mL+4&*50eZfPZO%Y&wCkWdo0%tF=DFPL8M8AFV`>4=P{#73yg;NPq4 zF;n0FUSwM|!Hj_8hWBx7TtliYynTK~M40YK`h31OqYXuT1l*jwlZs$LOiaeWzQ&^p zS3Z3Q6XBN?lJ?Wc2@I-Gwu-C==2~g7N%m4t%Z^1Iw3!eQV1jD&QFhBD)hK$pjf${_ zp_X0=LW(lm8Q;)~MUv$=#fY)D2U^csz=2EW{glc6C@=g?c&eVx@!?7uoMy2Ym=_;WE5&VasB4#*h4)UJfTw-i3Xs z7#TH`s+gNmnF?9#Uz6jjOhg>ig#m%i5|Hk!8TShxZH!mx*S;(SrK)XcxAvn8Vr*OZ zuTYj8vDm78<+ass!fxG&wy9^Lg)lKO(=y2y=4TdPu!dT) z5u6CRNG@Pu2G$o;+u7~=*Z0~HM26Ta))BuwG6UlVh&oKG1erHyYu>lXlC+Fojqs|V zt!Iu@0`yf$Xa6ta-YPDRrTzC!LJ02eA%bhrpb3^B!QCaeyGw8<$l&fWIDZr`6x}trPcTW(S6Td?f#c%J3r5Z0-0owDoC$C%~^a?AUeZ67FtTMHeQfq zW$keB!OQ8=pEjM9u0hZiaZgSV3L!j66<*QAoau+xzyd>#L`09B( zN|~BU3a+~F1ZltG0n^smzQbec%6K<22f9pYxZ?%9=bvl~V&YpI%a=~orZ#od9z4f@-3kMNLOjaK45?|Z(? zk*Y+Ur7Bc2Jzm_93X{#|*D-V|Qst@ewJrqrv_%3R-Iv`pEmAz*XuJ`oquc$(VgR4M#P{&Jsk45fxWoL&wh(m<$#*^t?x~DvCB<*N?k<>L<h`aLr23lTbg&O#Pem#Eep!g2%M-cMzQkFylf zNA(PqX%@3sJC)MOLIt~K>l((Mcm(%6EH6IMF9MZP6j7PZr+x2q`rF@Ox|C(>98e$Z z{`x*{<)4sr5Q!Ev6sW82@CrR~nZ|Il9q)P)uw2~8K|?UC_~wn?2bpZOt3-T#nnQric3v%DNHGR)kf@ks+RiJHp0)fl5?697-orq}o zyDD-`PEjHpKj*XHEVlqQ)^vf~{g`>~DHezhnM($!jnEe>oq+nXisP7&_QLyXi1Mhk z^efAD-waxkN3Y=JDQW(u%3Z%k$RzT)OS!TAw_Mb*6%FZat1r~;G_ z6AL6S8jPobZgbh11UzK%bxlrk%sXC)`Rc7sCi5CRTd{^m-y%(N9~oSNHK5SPW^QHw z{3H6&A41-@K*SkFy*f6cQXc$rsofiGvEI73^C`lw>(K4cE9@iZ%VClq=F-XE2E$xaa0pe2clB)~fonj_R_m4pz4?>7dANO1}Zt$d364UO!S zvH}=XJ|EEfC#S^rurWXJwD+Wc)?V{zL7AZ-bIA_2nk0YuGap@ZZnitq98_Iiy=0MKgv(<3vDb7s5NU< zB|e$&9?ncU-wliE>P2&%*uL{!w>wsdlUCVAC&Lu#%-ZPG_rY`W>{%B}0ApX{~3FfBkA4pIdga zYX6fdxr-d{TAN9zDm!;X0%JxzbmrFw9&NUVNs>8d*=4%48CS7Y1*n%MhJvm0@SW=e@y?bO}$=bgv}1Qi{jj~H?VAEE~XeHUPh+(;;R4|Xr{J%zN^nWjmvqd zJ2COvvw|t3h7D4S=PUx%-$XIWlesL5ffot-W$9PHB|mZFWgH5smKryPmOQnyW&LV2 zDx~sCfZxi=R2hfX62BBNWFl{ZIVR8qq!$94k$A|Kq1|#n$kf_~ArdJt@(x`g%t z2eYu?OGE2+BHah*Rp%I)jpSuN*lHide&W}Vb-Iu=3hiKpc-9&$T-Cn2xii&NXp8GT zam+onJ|yts3UW>xUE6(a9*fY>pCb9_J(hZ;!#=emkM{7Mmy^*aZ8+=jX~rphzRe~1 zH0q*rSdt$n9UA7m(p8dfhwCd&#y>UVJ907fy@Ti3R?07WlwM=sYNymZgK}+rsWF5_ z@mw{93e?eugM+9RP2<|DRojqRJzvp!4w1mmzVHjR^POchGT(dl2P`hW4B224aW|KV z+#qBuxtmI{BH4^?zp>k)S)8$m=;+|AEULa}k|+cuA4x)Gg37nLO3$@o$lpiy$4sBm ziHM4>@3$g(-<`)+f;2lXmYN)id0f!_{U1O_L?uc__@<-Rxsym#`X{;K?~)n&K4BkG zuk4+T0jyKKOO8MF#t9fdW?W7Nk%*m-Gbe0jY_X1+Sf~gyJW>r^Uo#17&eD;rYJiv{ z>#5z56whv<)e%MUTeA6P$n_!Q z2CWA6Ama=zKfUTm@CJXDBVPu$+6KkinLVTrg`1L5HC7TR=<3^*@x665sAdiXBIr#=d)sVYxm#W3UyvCmfV9TlB?90rczn+^)=3YKIv>;OThYb*fhDBm>4&0t`E2$ zBIWN2X{@uhP%z!a=o~SKRXaE%b#$DAuB`2^1)AoN>>hOB6#QV9lECoV6hYP<(CP8z zYjiz|Cwt|tRd8b_N=h|(30)BmWCVz=M9|8|A@kh=?g$@WQH&(O*Q4_(-u)>ZpLh%T zcES^7U3UuTqk5fe3lnT3pL&d}%4g;75K}RWe-o9^yzMgpsmadldn>C-jS_WdcStXU%*?Y!# z)7Zu$EM!w1H5O*S9!d z8gYzgB@aoPWpgxmE`VJfhca1Phv4A_7MC2Q?-;A3Z!n;>hnYgu!joE9^`D(J+!|c| z#=AZXm&9Q>e{Yjq1XB`mXU zs1%e#%lOjCWQ=p(y$E-$ka`?d>nRH-oBlTJLZ+TQ(5%JUujE$TI!V#FIy?+DtM|!{ zvhfUhN1~Ar7Ra|gT%>|~ASvIjGobw5Bw+kBboAP`M<%h__zqFP6KsRWR7$)&gOoKF zq1;Yb!uEH*h4o&Ja)8Wy>1TqvyRYwFV3EgE3b}`@XD@-(5zy}nvuY%;x@MXf?S7iE zo%SY*mNhif-3{}R3m+6^!s4BLhnq>7>3D2>vw~L5U5!8U&vCNNZF^+OJUnP{yL`X9 zrWS7gaa3y@y%QmEbt^KR#Bz>C}S7D4qks0(r>D75aZynisQ3fd zdNOToZS1y((%I)qjtuS8z5_fgpccYT@2Rm;mjac&4#|8 z1w&tpd^3^j9$GDl4wt2`YgJ`r&>yZkMoziV0D=aV@ICgZr;gn(7(0`89rARkO8jPx z*Sw;3lcB)3KQ7$%iia4fU_(R0SYclur=6dOmb2wam7d4n8DDrmGxC%VJBkc$VW z`c!zfFh4)oO{in6K?dj!x1c;0s?&4h3YD4aKOh!pT%kFcnZIGsY+@{|*k@pzxb>Pv zp&D`Q&p=mEV?VA`sI~<+;MG^h5R*i~h zBtG8n(Rbv0C#`6+*lo==?yKS%?%&jRD8jXHUNDBjke}b_icoETCYiEYt*PrWz6Dk- zZ}vKQ%@6?_qsBX(H)yLusJ%JMAMIv{48EwiqnjDM3Mh<7uQaT;{aISZ9@^-QM&{ER z*Jvoag?ioWBLvKC?-`xG%OOeCeiegk(&G+y9nLdR;=RYz8<#KCyjBK=q+y^>b){F88Z zPPrQUhnx4n`zVo~Wr3F;a36&}T;&^>-7KZSUjG&c3PWeXjSG6veRs*qU{m#*p|=S) zx){m01uBDaZ#P-dMmu6j3^WlidbgC;gCa^^$kYt94Iw8YE$^>?@4iq!S{@BYs52=x zENIUvDpD&&nh|NmqL#O$HPp}&Y+@65lGIyZtS3p0oH#qJ!d0Bss%fe2*Ko2Euly7* zS!2$ivo!BIM^5C4?W~@L)(E5g3pQmM>r`rUg`sn{a$QjjX|$F8wTx~rtTU&ev>90@ zj=~}oD?ZGheLcXgOa$9yH~G@1MEh{XFD&J)6;gTEIv0FHIOdQR>+4qfc%^UetvWdA zEK@6)SENo>3M!Gl&FlC(Neo#Ih(E#X*6i>^KJEL3u!XmW#`vNO9 zD~e+m@rxYJ!TqBw6}d>8B7xUlw0&55DPF#;5+UC?_}LxPvSwa;pA%RwKMJKe_#GoA zb5$wHIW2V%OUI>0Qo7g(O0e*zj9w^=E>liMjCa`{d<8e>-h(NGPz1jw>nP`BhEhVW zrfs{N_TN$JDF!c;dGXAM;)ij+X}8TY2`j_p>`a!U*pT~)H&$hzimA2b9KeIsy+#F( zV-_{|#(%Q)9fYi!Sl7Pl6?Y$4S~p&aChKN8G|d^e4s7n!2D!TCVa0R;?s0Y~gSowN zj|-P4Cm$ziqM}?j*xUMJDA)Tj$i6;-09dAE9$%q9$dI1}(s?cie94z1oO5%A(o0EMZ?tVAB?V@Q~#lTuCGI z1K`yJ*BB3NEV~}CZ!V_LskZV05FQlQD9*~zDAM#c zjW0tY&M0Udd=47+(=wPKKJ-EZnLaNiz!&Gaz_r*9_p7bRtnzKcSLLO7-+AHTY~|VU zk_jgS^yx5rcnZxfdArgj_jI#W3$~UAcAUH}Yjl!!4w1;2~37=B0GV6L`iM~w+$AnHd&3K%l~%^I+hmDDf7?k)Oyt!jMD z-H|2xw3Qzg52!6jY+~UFNne3Jh6xW%?ZL8Jv4+Ff$G0mB?B=V1)bEcs%twwq6ZhZ8 z+KL4l8c{I$NSeNC&;X8i0)bAbusU_&(;PRQ9Q?XaW zYYwSAHg8iT4RqBzE|Xno!;Y(dAx*!Uo4iB*L}$l@ zxYh-X&R@*5&YO)U12P_RRQ*(Ew;#0P4XV&$(q;9L#-8PkH1KCSU$ z;Xcps{t~&hXUWh`$Ys=oiv#j4OUiRH>v1Pwn~R`29J?C72Im;R%Ltr3THX`fs)cli zqpA#>11DszLRtURSCU9JF^*Vc zBxYsSN0H9bqs0L`qu|bly##j?cI?%2u4`Gs+MaRqXsBiv)>+X3=WRwki4amx6($^G z2I2IMTa!e0{?;W$_!HU&X)!D`$TB47BRj>tDlh%&YvT-qDs;#p7uF$GuVa#tOy0S8 z%cjO$jF1%YGsA)gDMrL@YtO;ypM&BD}lJGsQ7@sRMv5U8qbFE(_m(4wl6L zF{z+B?}bkxe!ae^__(Dm2vEhG_GSbXrWXMk+1f~T+3U1?m$h=X z)aVD2j&gD)JuIL)|DlS~Y`GEBqP4I!(`|%jH(NG?(5++D&g)Lt^-YOmaS2lY(_H*R zYH~h1B-lI}Mcf13m=#iRUNte`8td{jRwulQF*vfADE5odYAf;DsG~z)tcM$O>FzIm z3!qP*mOi&&jCi_PZdYrI0jdU(q}?}@Gr%_e$KiI6})z@<0xpEL~i^ssu-47JPN zH4030XYZEN_>$C7od@5eZ@3%hLbe4Ffsl1y<`@Iiq7((Sr~T7gt6GL9u~`H?FZu~T z#BOKi=sv$Z!tbd%y^;Tw($xrJ@9M@Ru(NMOWQu<%ul|e}NoM(NXnAUTz2uhsalp&W zTmilRRyj_^W%KO~Q{t^THX+i`DUJF>`8$?qh}fob9|X3S$je*LM5sC#k_J8d#Y?F6 zyI;%L-f?5kOm9M+pjL|zB1;Bhi} z#1tZxZh*^+ImLIpL>ogL+8NHM%IqLs)m44V=1Vk8E=0t`KwKu4i~?>kG-IsJLGPPc z52)Hz{+t``bPB(V_Pa`xEH&)q`1WO0@|_)CjWwHx+$u^3nPm5iX12g|`>wcxiqB(u zW}=wUpY~`*COn-Pl4`sRSguultA46CXbc~an!PNFg?i6yC)dmqtQ55Z*#-h$6Ygx$ zdy2`zk6_U~ZrS7-Guowu^5L%fLblsx?C-lr#;xg6B zA90aPzBx~ik7pOEM0*xU1dz+rvbjAXagpLwn(;WsC4KrpyS%c_B7378Ys*laQ-9{c z*3NU8eC~z!gPMlWD;J8HEcrAER@ay(VBaEwTRELb9h=*mHN-J^#7XaV#AexIs_%LI zX{m-NK1Y*}4l_}u9#sclcy4rKZougmimF${?M+MqmbWwN`wz<`Lo^qnEe%XKROYPK zC}j=g?E1GR|4 z?2vaOPU|$VpQQ@-u2AALOth16BA^Q4o zK;b^yDqurT?}p{MFjGu0#S6pTm`~MUgbw8MXW?8uRpuxlSQPZw!OTCnUT4~b-E)q3 zzM4=)ae4(ZA$~JjC`ah^7|zu>UjC`tTNcQLN})atztupnrHfx*&P+aT0 zZYK=BcZoPDE`CGeT)VS+1^*!4!>jY0X4IQjb zTyBblqx3S4LejQ4znZU_Sjvfb#*0id)T%Vdu|x7tZ1BsUdeT;-7u+w^Dfnoy=mz8* zF)YGEx)x5&Q>(B(h<$zeH*$~U4|0!j8z*NXg`*=Vt<0nEe3xowfT240p~V5Q!e)VF zI=s{GLptwCi&dpggRZI}!R3KtR|AL1fQu$9>+X16G?Mf^?)F%g=wkiRW}5k=e4Uws zH63W(GNNBxd@g_ULEvI{y8ox~&{st5o-2HV<)b7P(I8Zdt?GP3BO~M91vH}3p<`>m z8VhaSP7DN&u~ z+K3){$w}$*xg{w)nsKeAkTIL8z5DY%AJ@}*bCxwnO3MWJs4eT0%ZSGxiJ7dov(5kx zY8_yYwMPrNqUkTrEx>ei_r93tcKAm>*pkkFAzz~L(AfB0N?UKrjfI8fUej9aat)9# zExl_s>9i$ULsByR4$kw`XXqiX!%%uI;S)qgq~>iw91#=ewaij^RNR@AWx5_5^l-NN zNjo=pqCAyUk*k;wKml-HNYi>a>z!ml;O(+7!ygR>Ay@^8^f zf*T0Ag@lPvA)hKRr^UQEH4Ud-7tuys%wXRlz%%1DDEleJJ%XNp+tdTEvgmwig)9?V zMB3hAp7wr@n*sNXf7Fkb{ABsaQ9tX~K-%H3loy|u;Iqx5c$8uAa1NTXo~V>@`ICjn5<8H83!6;MGeFXMx>>NqCf0igpbA$gLd%Fw9Am-6Hv^LY^}7?IioDJhfz7P1c}?# z>9NPf7dQ%i<+?2&EsdjYXLj|19KQ6<|3S-o-2~=YZjWV5YNF@@v|%DW^spn%jzvw+ zH`Qg2C9%;&u^k_LehnqbwIuQ3q__Ee5sbJMSFX?|c^ggy$alHy{Cw*rWQNV>J&qGk zBl{y5V{d(D{abdn?Boqbe$iFpIMn@~8}W*YoVzZ3KTD@UaVgl*)lG4CV){8$;0Yn_DedKvdZ?{OAqOWTeuZD5&I_Z< zRGqn_5??{MU*Kvu+;EupG=s-zmv7Z^1;9WJxG zjrlDMbo7cd3`d{Ew= zqnu$H#Vd)ElQEg@?CTk(44iHqE-#~jxmq3@ZC;GpR9IP5YNj8?pn29C%Am_{x7Kfd zG6dGQ$njz^P9=ZPxXH{X{4fGLmnp3~ZM&b---X!wSp#Sr{jkePq}*jK2wq`PcfO(Z zoZ0lcPg<69&OCtc9a^pT_Yu5@(i;Xp%~I>Wg?5&w$r%XtR5cg2TbTa5lWeIIl1-TY ztAO)VtPs3IoccGFHHmRnIh`PyQZO7v&zpYnODbnq>kXQ|N#beN0D4&mscQQ2-hQM; ztqHWg8VaG8lnzogA~4Mo^rX3?5V~gsxS-We^9~8jS^zCjz}$UovBB10IGG(89r^p@ z=4OoNdO0Dp{PYreuXIA^H-wHiWVGM@f>GB57xOM!_A}o*(>`-6+_xYYL<$}93J(BR zcUl5gs@!V0o1;!>Ym8ZJwu%j!1??8y71A7j|CH;6u^BK(95__dy>Y<2((Wn9Dqlgu zkN0@MF5y%R4uE0Jyu&g@^&p&+42ihL!EB9kK3ICqVa*LRu z81S=+KXJ7_a`guWpkJJgjeYxp2Q`BiH&t6jH{CE~FKHlnp!&$6I zOoMpVyK1XjPDiT35cyjrBG|ib7!crLKxAXe8pEHJ;4|XRr()EHc-(yi^U`p z!aF$@dXKFwdlan!r0+NWYN=oo0+kmz5no2pMqWIBK5$X4eiVLj#3-knNnsA|HZgHQ zANh;bii6V@s!fniFs&?3SEqimar)2jA5Ln`Ikc7<5sSEg=tG6U28%L3zf=$-f zz9Ar^qQ)J7Uv-xOwF9O+A;R9_%fgS5MNn%K_uKQZnP=fd(&RPn0AX4{K(Nm9&zeJV zx`hzjs`7&0Q?1XYAilx7O#f4*RE^e5$ulWJdVF6!r%`x9zi=ttqG!hNL|bO;p3h(B zrcg+y3Rb^Ixy|KUKUi!qPNNh5sKsUrX&i1v@n~I?xk;i!3Pt%gwCjvKbI1+bd%|cB zNhAL?Q?6Bm9sY6#VAlQ{oP1uhRk{WqZ@tkX=CNrN;Lw4Wl2vcFBJsI4 z;41XyAUIgDjX3Jidle#C3ebaLb0-M%4}hDE%?gHn-)Mkv4~L%sHj#F-6H0$fi&5YC z&hgn-Sn#$3A`cklv$;J{G0Ji zSgKM+sOt-No)@y;cupzI?Sm_{g_vWP#!sTP{0tknP~~t64eQ(L7~svA?8Ww_=Qig- z5_McNKBhlH1}JLu5vqpMxr4CP!q+C5kkd7(^71n0P3zC+)8H~ z-nbtAHr_L5l7D2PPI5DFwBq&cnDa+{Uj2DHj6VxJ=|*7g36vL z>KH$;(vW@^Th!)$4pXlT-{dhA{KL5Z(-K-zoHa4CCfn6#24w(pdV=Rx^BVZ2e08`eX(-#y@%rm3X%dso!Y@^IGG2v{M)L2)+ATgkFY2uC zgocN4Rd)#q31Lf3XsYE8PcQanXK&jZXA@?1YE766zhp%N5xCADV&yU~ZNwX0kJnh) zy!+4-7*wP#;`ZZ=xpz>$QM@c7WyBxhbCinMECLGuqk`G7^c z@nt18F%c0hP&hqq_3hbw60h(4oh)$ey8+CzvJh?nkPKoN<9!=$@~4Me&SkSUlqIp`c(sQmfRZz#!ue zEHTGy#^l3Mz&ru?%I-B?z&+i917!DH$#|M#m9oTExj#b*XbF__D)xzgfn)z#;tL+W)`~2d+~qx`^M8h*4FgPvE<7&xsub;hNNSN06PAj zv{=Fw@O5i_QDn#{D1WpC>e~GZ3JL@!vVodMO{%}X9DviF|Bc1|b7Mkv`EW8bc6_ix z9x;sk5^EBWhwHtU@s$pS+NOZS;6LnbHa2XaN7J{(!^6Y!C5mqo=oFrbM-YmiZ1ft_ zGBD%fv@tmGWeCK6SQYfX#pkhI`2oMXf>0~xzH0!12%t%{_Z(8bKM-Fv( zVo!g{s8%rm4F?FYKW_nOu}*;$C=S%f%)}&L^Hs8(^V>fp7o4W&e2p6%_CPzYkFVwfnE*-rwJ^BLq4y zQPu;n^DX~pkAUg&TW+21aXlarGPP2fD-liD^MXYZyNF6LID5#&|kkBzxr?A z|Jf%xx&PAueExs?fj}=>xy;DPg{s=x$v?gSt0l|^hJ;u$Z-x^v7DDKF8eNYvXI|yz zLqUv1kpG;AZl-h+OODA%>Vlx=|3lN@fA5MyX6HW?F#hq^EtLP$-TD9Yfh~5dHSPk8 z727hWJvhYYSBGvIjbsbG4HW3oL_o+#nxvKdB7R$&jW;HkX2l$*q(DF9R*xLXczoSud#nSiX@p+uw1!6 zd(@lJU&((uXa8{zRG!&sRKaa6&f`T@VG)yG{FQmi>vc|y;k%oOPcg;NRM6(QW4W3LEpW7q}EQ^6WgwxLY zubm8`dI{>YEIHVP^4{qL^`9>D9y$^jXl7Ym{2-$2htwa(kd10jF3?vUR+E;gzHu^I zFvt3ZE637oaKK7yzY`|=AL$n0Q9}N=Ovqoup#-HRde!9->&x#(Lq&bwS0lPTOMSg{ zNN0YFhsp2FP%pK^6%X-6MqH7MHo}?bYCS9WxhvKE!VnG&baW}w9fFG^OsO4fZ8?EL z=Luy0#hvY$|4Nv=^4R*X+=^I2c)zJ{|A(x8xAYD+A&bpW;eH>#nJrX{nD$-DwQFe5 zF*boogy!aCK}(gz&k(n(C@DIHn!tUAwh7{+%jCefk7-dZ#?z(~Lxe#bMVEuBBisQK z9XfC4+kYKKXx038u}N_KA4iQFAvLnPn5{D2H%+$G!+U!+t~ZtIRc|ms5BUim3EhFI z6b0V;u_M;8#0&5WARaYX2VBkGl?fi+8jkr_vcW_PvVL|LWho?IMF?m9D8?%KHTc%m z>Ydxlo%Q18CUt!EPAm5Z)LcsKpet5OHrt=y-;BXg&s^LAku&Q~H(;!a3#Y>*3}P+^ zGTDRS7<_P3j^C2l(Up&cqIY$(!AIdA<9{2*j3HS2DU027?-5ND2R7`feELH6si2?{ zhFM9L8yjRuxi(zUl+2c0#=T;g>Ky^;4^T`|dr&X?5)UDo5;ANr2Zk<{tE^iTg{1IZ z5Z8id@p3;}+tkBK#Bue<$3Pp@rNh#IKNTo{HHDSG3ATU#!$JlOY)g>L3=+di#3psB-#^h~U5(ll`Y4&X7qPilq(5G?x^WE%AJBL@ zn7j_YB=L7|k=;=IYCPqYM`)24^FxKo6`V1Jux#42smkzey_iFHj+K;vVgg*~pjC@w z6%kGes@lUxPu~hI6EB~z zJR~Hy6ZF^9xiXxtGNH>Cxc~J-#Of;XL>EEfc$F8C0}GM5)Qq`~tbd%C_Nd#mfT} zN%8gJ67L$7l8kq&VtD{nQV3fK?O6DhsOF8w?Jyc+2$O%mQMSkS{Pm!F65k5h<;JXa z?LY|%k#~+7Im{1j_7Yue6 z3a;zS-{RvwU3vCazV_@*q~+Teq1_L9@qz5D@W{6<6%0|kFd#sbW{P#&18+0^PnV=@G5V(rEY`Sok2SPqQs=#?qa5+-7l-Ob4^TT?wV`S(e;)aDf%}V*GWT9gJxNC6_D$rECzME_o5buw%2os zMwdWs@21~wZ_TkLChAPC2UJoDKsq7UTU3w+cD2f7u@ND(DtA>| z&eGhGI+5uUn^ml7?BiNd-grfmHQMnlgYFd|Zs9aS+MhX+B{vk&Q^Q@D=N@AU)*mL!_DN1)=%f^vxdluNdG>a)y+lsi`d>_$LNHf|zaCB?<>^Y|DKGPR#qfD>LYb8~z zDE3V?T5vH%z6cg4SR2El>Z+8wa@PSk^8aoMFaG^tFNpx~J%Gl8#Vi`x=uTaxn8rt> zj_J1XTuDZ+9m3L!*ROKZ*L+}j<)EGfCNwTR4+1R8q2LXnicAHqAXGwCGLrLOsm1xt zIE<#~UE}L7mJNBVLx%|naR$xs;Me zj#}9TbGONDRJK@fD2WArjAFPmoaE{2(>O?k(Jq$X4dh7U|ND$_ww|JoDmDXJW7+2M zeSkYDWhMl;*6$)#fA%@>Gqx1?Xs(_QM$TrRqg=T5Rsi+hEm~!P=C)Uq9#|QXDtB<~ zxW(GS|EXpITDx-Rf(OK>MbetOf5J~R$w=rOk*8^gSfNGu@hLT1M zH!oT19CUi;_hMel*Xchn9Xxmz zgRBOg0p9kH^EJlnzU$8@1wJ>G2Dr(fzfSM46YBk71*A#?Sn~mww&n}@{LeV^G{EJ{ z1s4F=z&6h>!P42XFQgWu02bk$>{^3T`|->1OLA@8MB@u8y~oM#;4CZU40sMDGxN zjF9b9%MIh#wyn=sXO%;VumXdL|AoANPTW!;cIBND6tqY|ZLU09W*`pi1QKefRiA7(L z4dW&x*kW&ZI?dvBi6!lES;LI%?jSw+oj4rql4rU(SqPHfKpe``ZA+=&tuQW~{>f0y zFu7G>m9I19?nWuwFTl6{)Ycnuj!0$8d2S$>wPGbUDrxWjOFrB7fA^6NdUmSBmX;~T zIu}1#m7_PBN|VzzFL+iu3#60m4i>n|Z5;kH*Xw&Y#F)vPq`^@Y{A`PZ zII7b!1`G}bh%)+`3+RdEe~KLP=HMU-nQYOu=8wc3S>I@&E!__*{waIf>qLYl7u30& zXjq-W>r_V2B^+X|GxgKs8!n>AeXeI`p8z7Vjpe`x>IhBE>Pu4V5# ziSAZlHwI5ja-roiR?sP%^Q1WrCq4GgR`w7+o!u5ME`{`+<{9g^GRjc_I~SKcEMom=mz=53=(u77_tARW$E7 z_X1T+r<%8@)sEJy4d}iEn?S7NH&zbDmo(M|Xd|M2Y*zJ$HMflALXh%sQef3~Vtp1^ zThF&B#%~a~Q1{?)e5Uv0fk?NUCNlVx_nX0QOn}t4x{1{RGDwMU&NRdzR=Hd zHyA9^VK-bL0XgKqFUHRCevTA0ptRCfE{7$*{GJT)YOt< zwzZK-CpK@EUJsuNHW+nR*{-`(k~F(=%vJL!*YlNHZqFRKu7pV6UPUVk?a^=D2zsvV zc>`H6C6dK+WDr|KRbtt@1pMM47untO_GU}`V3sAMM>09wFAcP=l^etBQOONU6e!MC zd3Nhl)LdqF6%?ces;v!Pj&mi08gA*QQCKJ)$+%T}D_X%xd9uviohM}L-UlDM-57Hz zSGx-~@2XDI4(LM?^^})QU~jfFglBvja7=CTX+32Av(UPW|0S$T%X0vDyHrQdC!5Hw z;ZOwdLv{uFs4hC_Exsb8t%vL#Z_BpcCV>`4n1QQaV^Gh>tEzfO!E)Q*XD26J{Twl`bfJhBa`|U2Hn1sYyhO4I0&8ac$ao&`e+lu#eYp4jLVBzoB=*DJ@ zaNnH$rUDS)JBS6p?t47@h;Xt~1ZOw=_4$wEQb897H3{d)ps>iJ@+hXAI8P-OitZy# zmiK6K5It#f9VzAeoQFd6b;vY5A<|<6f2dXM_R}`}(@(EjMCsI7!0FnDpU8^tXtyb)Ey8T`9xEIk{s6%tqv{ zHqWc6zS@`j$pW}(EcxWGn3QXIOuT1>dpozv@gj~7Uh!y4U5wcSrtYFu9moBCZu8zR z+x5iLpd|U+XY-gh51MJOzH4pb6pgqg~;Xu?B?98%c9Q|$bra$dj7=;+fMn~I7Bd3t^zcGm2C;7@4F zl{Cf$F7_1W#NV5(?CBTu9Js=+oPSiJy|3}@@M0D0vBw_6LT(HV!=qVSo;ezL*tq#q zQC@4>7c&*Q^Jc~Ky2{{W45wj(>xU&t*=d>UW*-Jvy_$Tv#rX?obc^o;37^h}hhTMe z_3?#ZRAoCkt8gW;u9pk@NN=4S>&a~h)?+wO3E$U|nXEUI$nxdfBY2Yb?FKvhaJx4P zph~>%*n92i;Q`$eJ-1x^EoimS$nMh|?tZ#g+0iG=Qn;Ql7$3>P517=+fW^q?V#dn& zCc?eVY+dAroE@XrwApT5V>n*2>hpFi=KZ^BWyy3NIz_+xrPV!%}5 z=D}k9;7vZ&Y=T?5z#oCGjo!Z^9v?$$X)jAv?ibKSV(NhK{4n@c!9{Y^xHn zWOh)TgOqL%NijQ%92|4~(8lOcPFgY#T1gse%= zeH)N_ILr!pxYXqQm#zmNREa_P*^ssTSxusK)-ddju2`F zCbH|;vHX44P0fOz zOzZb$hz^(alPzcPDp};sp4#SQvn0bFO^%S7Ol6=wVV6z|C3JhKp6JYzQ^da9w=`UH z({bx;jLIxVf@`Q4>?K2Av+_!AdT4N&f8Z7i?b^Eq0Kq8h%}Xt1X5JC{6lmsVBVPN@M~uVip?rZxR& zy)(afBc`>7POU2<$W$vbiZ(WdD*+5Ofz!VSY7?)0*e}h z05hCXJ>WtwoqM?1H;_^yV#p8`BI3R7;j}kY+Fme{5bhU)U(}>k-yKB&r71$6~ zg%1B)wYleezwv_@G$k*y0I&oW6AIz>1(73qOwXtM1nZm}9AX8-i91j5`khgq*Qsp0^!eGDzmLwMOjo@R9a>@ehFL9F&K)-W(e4HgQ~}U24vVs`#gJpAcm{UQOKJ z#Y9FA0EDPwySoFE`fdlnQWA3)9N2w@m;7wAoMQbjE!-rZ-RYQix>!T9ySp2vxGwE2 zchSP<^cAcgzKtkCXa^l^Z-s45XCy9*ee~!E_1~9z24Zh@IH2Y?}gVp9|gB~w3Ssj$} zN~J>YHB=FESN9U81T={&c>$H57(He6su`$l zTW=NwLpNTU@W$U;Cd;sxzAxK7naa<`Zsq*0XEkNsu(+bP*lP4vN1y}a8H2S%gUIzn zsHb~^*f6o#z9V5iqAu4AxG$LbHy_pi5tZ1GBx;fuA`5aI)YHJAfCLH~7NsM!!|L~X zJ|@kN8O%Ijqri%PIG(BE`lFJ}mDT_?ibk46&hsMzO<2r84d+Mz2_UqLab2F7Q3<~C zQ2q9|8>t1)lypj|bojZR6IJZohRZtG$Tg+f0@HJrJxZCHX`*o^la1Ac__0cwr{>cp z2MvmubLzyT7o%oe_vfZbxvbYxPw_89~FeOJXcn_~&yR^3zqvthVFOC{EC0PXsq%dd)YHc5m?_`o#$S5 z%!Iq7)LIdFQ&Vi(l$7%~F&>To+Ux^*a;D4<*-oy~x<`9eG#8FQ;ZSrU`B(|P@{5Wq zXgC4m>JK-F!Ln3?@&}tkjQcBRCSJ5f^z0bY`I3JAzPHs@r&!H>q{cKiGKdko)F67! zk%+pgr2B}vmf5#H14|!E)3G`b|1S}km*J0NhHX5sw3qUz#zo-lqetuP*Ejl~mR4O+QsV_J@j`Hu|E?a3?ki$jf0n88VwV4DLl z;h)T@1S6*#jHcA^RE~xUj(ctIMUHg(m@n6tl+!#x$o$O3XicqoPp1nQ)4FbwQ1~Lh zG}Q$5HrYW3Ey&0?ZCBxM4(I0pDzG3H+Nx&0W&^)#=M>x|#K{;GN_l>dJNjHM=vj3u zy`K%YmO5}h2}I2itBBRrLQno_w#$lIkD=Od6gx>~q5Q*>i?i&@{Z>2nsILmiX0`Cz zbK<@^{9ohryGg%C&*n^achX*rV?UI(T~b-Z+K$p*QG3nw-K4qbL2YIA9%Am=O`KQ0 zRH~1*+pQ%%s(&-=x8c17VvL%O^v`)+{uvQ!RN1XU*!62b^QC8Ye#2j5l1~4=oX=ml z!)M2p!=`5=s?!b8RaQx??(ZV}qTG2uGe;0Am~balAn^KRSS?d=NeoWgklkjzzY9re zowHx(HFl+S*h)gnnxQpTuN{#-+Gy(i00W!PW9b&2bsK_7ADj7&o7(u$o8->|E*(kJ zaz`9pQuzdQ`8Ab;`V*h>viGM6|3zC8h9euEET^{)DUTb8cAq#g%IE+zNEyEDD){Yw z0+JP9JxIJJd`Kmk-J^URJ=C-I%Dr88T(|AHoblT|Fp@I9UmjcWUo@bMY2`ugwmkec ztFIKFOQK%0r7~))zoOc73(yRrGYV%HS>v^Da4*n5ICJFiH{fTFt2Ra!>9Dpl4TJ%{=Z=lym-9O89s2OaKEJKlA2to~L#e z{th4xj-B}EKe(QI&W$R_5LD_qUt$~$knzLk7WpBEiYCw*q43@aBOXPGI=wZ|i#aU` z1?3<@34Hs}#hU%ulDcx1GFrIO3aAgBz7LlO+SN=9iDY2l7W++y(CNFjCa9bWYzAMk z!({N0B=_QW^+P9Z1+lw!3Z zRq7p{E(CHoGiQr6`OPjzNw!RKgpH4inS{A9{NFnZYR&*(g-j4dgU#eSG(bb!S^VD8Y*E#)D$bb%J21sPG4yAF`Ub4?kA4c06X;{?5amU zMvXMc#Kb>4K$wbY!IANtG6wUdv^1ldfn;jowrGR(GwNG26!vS*)@<#1 zeo7)otiJcS@X5CRu0BB9LC%l;m7bhDt7ZgKH2qXZjA_7*I2THcL!%ahpC1i9R*cai zmx@{;ADvW3$1xK3r_E(AKF|&qUI>akHb}xlnxwx{&14ue&=ldGF4Dm%=KA9jCUc^6 ze(>u`CzOCT;a#qVJktsvsxAuS`}CAP*HuTE2GwQtdE>~o9&fIVhj;`+Ce6@XyVSl< zBtPa*y6$Z3+%vFI`LA7S16wvvbHWLjv{A*AAD3YQVh?is5z?P29r*-s7cjo0&vVudoMDIdS*56b*=A(}ru%;zi!A5C`!yxmdC zaKn&l@{mr^o>_}Ew{{Bs>6uod2MTduf9{yvuPB>8AwQSG$p>}2O8nf>_3#axz%>rg z&`We%a#@vr_$*Rf70OQiu`%1gpsXK?jm;swh<5mswrorZ*Wf=6fd68FbkaM^8^;8? zDD6nNp0>0)C_W*AuR%ghBXT&5D*lOyiRJi=43NX{CrW{pU*F>I8S?Gu`oaxiFc^4F zP6YlVNQVa`7Ij1Pi8vaU;tQy%%Y?4_hQ9(kSOt~K=Sr4<61JE9g+NW_y8umZ(Zm%X ze+4#e4B*C0oKtFZIm==)*9L}Jg2{Hz8)2RHeGp?~p#%pJ5vTQ}LR+#1u;E{*MdGsS zSTWt3Ma9xvrexUP5mr5V10sI$rSz<~dY|4Tz8BW%#BIDO^=K~5 zdh7At+=fa(&^~|05it4@)Im`DCMo(@O?OR+UldV;zm>pKM1K(ELFbSdQY;omN#`CF z(YJYC<{b-1&j_DPS((m6oUJ;A#TvqJDs;j4^Gx#3EuJz;gEKA|mR5o7j|mYo zK(0x)>#)Cmpd!q`iV3J^CPvF72G78PdcZfRb7!HX+y~LR9o=4d9CM-@cjuo@B3Z$2 zoQe$hDc{z9OX2hvLvTq&Y`5WwcRqL4qi2*!M^6o8i>{@u#PjTZXG=+^;m1Vd%&zW5 zXgF<-@xBq0S=d_eXD?r4G<($41$W=dNquSa=Tqv(%9M|D0R!m0=RDYfXDxa^fPhC= z%H{BrpSl^&=}3+2z>lz`v0EX z5#Z!n+tR{S*>ze_m3c)B*90I^MwHfm>#GJ2C;V_(YefWPZxj@k7+0qqUVxPTzgYDx zwz!5eyqLsS#ULEzJoGrdE?+^#8&yF?pIHsM*?$o)A|}h5KXw*hJ}&vc`3)BzfH>}Y zGB5icODdKy_+lH<1EF=e(J?Mnt%}Lha_1=lB#*h@!8iLaW9h%EoR~xtC{fz17UY=p z8&Lug{9;JSd=NjYtJ{RZKUx;t5OK2dy?oP!ot3u3TnAC|6T8Km9Cwg-Wwby}tOkUw%4yGksmERPfzU}#d;0knjy0v+Jc{l=APv$V#zCP_BRDrBWIUG5^SW_Kb*Rg-vi;>v0k4|fVLgftLfT{EoVH;eR{&N$tCU` z)?AARN6S7C{_nf21nRBKkYS}bInd>L;n>Ec9246cjmrlEYaYy~Y5_9I`aTtP{re2= z^=L(qc-#SyTI~2|ZM8jh8L>6$UK!PRy!*&(idAY)Z3!oNfnp<|^`+L)`ZfbR_mR8N z@}5gvb2loJ(qd*c$I}hVba%PrLsqh(dqh@A^xNfdm%>-0YqA>BEcKN8d5)UX@TEM* z2dT%>LwdF!b5c$w1(&4r6H7)P%c4m+7B)gt1>WvHoiu zWwA=lPghWj61DX2JJ~V7`LMaWOVbx>vu+i?^%QQfk3i`a=#xR8F!H=6*3YKw{4-Fs4*w&QeB-stbXeP)@!Zr(8&Z;3QKrPRh1bN z2#t?#l#C4xDauj{=W#%4Iz)UfT!|i?zOeV#hilquyP0f0t?Ynz*=WFV6@6^oa!B+A z?m;>87DUOsX(INj+Y*o~7LwCp%pXO)e+i=jUx94IHA1P z%X2~lmfmXIw_4H;6rU8E86}$D+N))2G3_D}Syg0)5m@$TZ({`1i7dMg9ok$^s{cZP zhR2a082|Pa4jMX_BUP%A^lpG|lo2dSLO=Y_I$Fir88z7+5Ns|Q^8<|@n?L^|UHY4H z8%z{y$aH6|$nx+TGyx=H+aNtv`Sk{I7j}z*$_dv{E1(|eRLMXVk>qmTM#48G=!raw z&_C<{Bn>jmnTE5j&duwimI(@P*{JD06%OKSFTaTokf>MVOK|P3m&G>J*CI$)W@M|? zW~{d-&aFgl8B(G_aGtNXI!~`1-;?B z#%)8dVRIq>y}tnm0Jw#lN1LDTJt|qKa1-`n3Xa6x!dTV{_%mh<4#iS;_m|a9Cj>xI zJ^(nlj5$%XS4tb(gI*qx_b!f?I5K$4)Jkktf0ay;8;SSVsW7%iR3CPDxq!q{FnOsCKtqdG+z-pC;aRW>w1QxEs_Vno1%}W-3*;8Q%0F6 zl!Olr-WtGWh#=)TN5*B=2?K(C=+7G7)5?2pfIxP~s}0D~o%#%Y<@6qU?^b`&$Ycb) z!tA6=GZFO*RW&&{qR3vUV~7PqEM|)GjRqnX@3&)XMXQP_Gw^~#LX76iQ+djm&h)+6 z;6rtEH+Nv4(a3liimHm8GZZO-qaMq`js@g9;%#kho!?JUxqEp0_IDEmdr(t)V&<+N zu}#n*y=%0%TtWeNeYX8 zN1RysYHEWo(&fQv;ctjM*ej_|eUppVDCZ_h+qP@Y@5#0bclCWoLYmXMs8K+$W14#n z6<+^bVXw=EgHxtt6|AQ;iY2(4-EB8M!d58uHYFsq*Xau7`s|+D6Lk5-Jge$U`b?tu zX0H}UENjUeHk5?-#~L&ih#D=NT)S0R2)^y8?&o-tch6Uk^l0L}uZ(}WMiCw*<46Ax znMklKs~ba#yS$b&fG@CwL!l%8ebP5<2~i4{{w<$!j&r)& z8Le4oW(+7QYC8Z^q9(60h?V>wz?c%>GxZJ`H^-zzX_+cq(Ea?2+S$h{t9wErA)#8r zzj?D;$p6nQd_)!{XX!VNYjWDd%&^&0c4uYE^pC zo;QahFOLg$d;4Jkej7LE5RWzIRwM`0Qrp+9F`_QFT!_h*G~#1Xf7H}EMCU0L-?(2P z;IO|xuhM9<6-?u{VR$-Q>?A?P^Q9FYG0R4Ew=GbGodb402;dep_u+sl?{JK#^Q)`f za(P$n$&%IRFax8hFzgz;GnE?^Fc(gddb~WNqM;2Uf*&jvi{qvieDBXGBrPViOPK-- zq{|LU!omgC_e02CzC0;o%E+m~- zSMpR%IDcrCRqh+DU~tckD#~d}B_V5t&QsMRW&95txi7zYp>2twFQ3`X`U+mB-%?(}5f< z<4^aGlFgxant3~tP6=te>~~*fsbFnmg37;jc)yMjgqNglu}rbs|N9ot#E3zTc!+QC z)hFvtkY@u;BqZu=@71qu&*!wG?QY$}9s1NEq@8R$5aPpgr*RbTI64G-3|ly4Wsgji$6Ip9&{R zSr6R4aLqnBvMV2P^U{0DI3B4lksdLwNy#kLA(8#cJGB1Z=mKM7 z+7uA(iwl>%5SH&Yyd?Er;C(2qbEw*G$LJcfc*9kc)q5g%s3CqpL+oAm$-ZD74LWDyp|) z*WfCnkuJFv+3OP{C+CCXWm1v@*q)xq{e0uc{D0|BAgiH4$t&@2RrKRZeM7_CAiJJr z)o|95TBYlZ7D0Yv$0Jy;5x_&1KzJP1JkRpGsvocr-Xb6%0KUcNW|SWh-J3*q?G#Ta znwpwG^dRNpzRM``tKO@6h=g>)*L$$tJ1}jjb`$A%mS7;%_f=MHigWk6L>aJJioqUH z6-sBNb&}Mn*82dwfX)2eK&RdQ&EL+CwKkFEj^AZk4Gd|WPn9S=lH#8#I%sz4-9|LWg8$2}IyPpnKV5Kxk|5o)3fc~Vc6*X<{5F7+zc z%;jn(6~s_9vhNpOJ_NxD3;UBb`PPvb6?(uRq^RdH@v`uI@#kAW|IbgQGcON&*~=QY zx6dA7?abnvG3K+21R+-C>E zH>H&m-DN}w6>_RR-O%T$Hl`2ZnogFD?oZ?j-0);SIb$wkT(u+*`CWa?JE~vL5j^)o z>0rCVNst!21Hr%d?VZ%`3|MwViRo5uNEH9|x^o}V6N04PlYX1G87=)8EWi8hY(cHD zijPcopp}>T&;HFBI-_)IR4r3^um~AByA1cwi1r{x$>6ina;rae394927nG^W zh1y~mrI!B)1Wtr+*Qyrjq1y0*qrAaKIV<(3Da;^F2NJ7T`^W-Lc2MZ9a?+rB7VJ(c zir7TKqcI43up+!l;OTfn{Mu;e|7s2a0i4Qj*PbOeMoqK($@cFKCv)t2I}EBO8frQb zFIxl1l6}?EH8Y>oE9KxB>EnH~Y_Y-D(NkDXMk zQBS}_?eH-Kz>=iri-Hj+d><{y>g}LFkRceD|RF5DkY^qCb1cLxjV$YAiG0S3MCY`>)B3p~Kv8`C&$19pM(I_+-E zSG<~ZWofJzd3#sGin8mo{)F#b?q&P+3wG(5n0$J9Jo;t5vbZ>;Ey4t1Lw|W$sCGG0 z)BFZxuUV-t3=H2os2}}a|Nc?^F4*VkmIjeN61=@xqZ^VrBYLbZo8B2II{dQLVn;Tf z!5i(iZV?5bla|UDm>oewN6o%^R(+UrWwg=Ox_8QNbwSR%Sd~Pmy#jsVfSG|?p(F0{ zLBxu-Oa@0~0WbWjD{6%)0z+G&ar=<$ys~G|v`o8&*VT zaL0=8tRz-h)L^D~4l7prsuJNJSrEb1aCXiPk&!{*$`qVwdvubb6GEKrAi zP{yw1tX!q$X!~2>_~Var8HGw!H%`3ht4KD#rh|R!UuT5ng2kLnD|v2Ze;8*9(J>EI z8L1e_l*6ZEHvgX!hmu$kP`754JXTLp7lvVy$!9k_xtlK)8x>-Bb4{VGNUx?MfRiX6 zU83J5G$@}!x1ukb8kNMHmVZavaeh$LvAJ5vB^mpo6ap^tzQF-VkU!2A)B&yAgYsd> z6LJ}>LM#G|0Y%DPX#s_@8Iyp~ftPISHc&3pBvDJTLM=!g+X|Zd)^ffy*p|#iB6*x_ z7~*oc_y(|4_f%*%u^RR7xj$vP)t4lCC?tJryIY}>&k{)CHEz9pCfPCWHx@oze#flc z*xz>6Std&&Pxg%S!gEnPoJ?>%|VKzj(q#?bs;o2H%z_pP+L2P$O7lyb0%>0#@qNm(0Lmg4@!-r z|08$;G6|S#0UdLOB>eSy`BR}aEnW!D_hgo6fZ6};s>;uwz^Ja*h>fkv3Anoh$Fv*s z^Z|%pue}*%B?75ri&rxG5iXtEPNc*0ra|f#I_Cbf_a8a}Ivf!QFhu{{)VxSrYrFfG zV(lM4KLR-)`&XgmMw?JnV3ixsY#TbaG*SyLXI1j(1R`1cdV58M7&zMByXv@0 zGdyl~_)xl)#H5K;SqU`&xJLHX2dLlcfb7|yS$L>#+sC)>(Pj(fvfS-XmOEmbpuSQe zMFUrV(Wol*vXGXmUHTCRE#L-3CFJaOD^nZs0MZl2^2_f^hHJ4#WSH7Aa=uRGrSMwe zhMiv6aq`X{x-tsR+OqQ*Px`eFLq-X9P!N4<`tWoJTitX2x$S8_=S zdD?^T(wd|u!Xr05B($~1Xbe`LX!5J>4My!7D60{r8vKw^Gqe~cidMPLex&ZL_a9dY z1t-ORAFf5yNg9iz==ln5z+Y;iC!DPcz2m$4VnyrXtL64WT$x4xWGG+SerzQr*bS8y zl3Gw3_EIVIYqLRjwyBhX77I$+w#9hQAsEdeN^zNdlT19~BS-D8abaee7|#_H>HiEZn9EwrBtPnXD9D>us{+su4X2+utUI|Gs#`8XC9| zr~;dpTWemf35R$%K%lB-t7(4TlH`?7o{8f7uIGPAr6w{VGG3)4>R}!r-zQo1r^J^g zzt=bH-g4q5%VNjR?bN1O3J{@(7bcyXRN$5P`+%YoBq-g4Vflbes%vwo{W}#$j^K@d$GtII6 zyK{L2Hc7a)kg)NLJio(z)rdP?nFiz4vwT)Y#=_LBxqYYxwmVM^SZ(!*M$(%5x30DtIuH? zV|I+d1v|_!X&(drk$5n!yVrcWlJ}V1NjMrU1iIOG9#bt=;D{w5e>zvVrVFIj zGsShs@^eKZo8^jnauZ;rO6uES0@GX+oX=Ku_C8$gRRfR?K$;yb3yO;uw)5~Xia(z9 zT_y?}WaEBf)G2w#he{guqr#H>Qk^-B<`Yo{PVNF>^JxnTquN`*fV zo9?8E!}i%&P5g|pzwZ;K4X!r8b&wyENQxgWyelN3=#mgt3x}EJk{OhW0QUn4w(+Pd zzeqGT9@4#+Zky7sUL>=CQ#lgS-I?R6{=T&-AKns;?JeJ-{nW{a?^ZD0bsu>dwHMpF zDM?fp2f?r&t_I8q2sk81Uov+>N!aCAFGjh;5t6nG(~jt~!|XP#JLy%(*%(GcRSwrN zgG#{F{<}&2C`t+v?_{^$X5HZn5yPoRMr)!OcwQm>D*nhFU5Jre3Vx0Mm5N(4=WZ3! zv^uK*txI584N2Py)-joRRkXt6dEeoD{zh)SdnLuN^~Fa0BZSQrm%E3D4_f^SN3aV1D-ZesK5D z1qKcB36?&ed4o~m;=vfjQA`$T+^zWKa;0zL;`A7JSslTLf%67FTL#uT?v3n1557b? zhn=fXZj|xP?wQwWzZF;O`vY88gyPMh!`qz;2dFFlWv*a^X${!`D-Td6*PXSgw!c>y zz1z5 zD*0^5H?<%W8scidRPHMTpWt)tUmI&_OrP7sB`w8sH`+j?0eU0_(7k3)7 z5cB}U-5SrA*Ast&aH8iv3B=aaBgOi#-Qr+q^FC9FydU|BZ=ze#X4bZuNX_{>%Q{Ka zHdLk`*Uv`fV!u#0U;y}#fI5qnag)TJ%&hZk!AO62ky|YHidL#Lmji^NT1&UbuSFZj z%EHI%waB#I40*BI6DlO3bX-3_B+>Sg*JFaNG^xaP+BeFf%WA_=g5|JW%Esz4U3BJk z+nB+zW5f7Wv#r(BX})^01_|FR9CkDPagyvf{0y#`o~0mmMxJ!3m*g-yyjHKzh*k^b zl6p=~-is|9e?tosYLFJbG(AARG;;C6k30ol?{di1+>C(wrLehj9l9-tb^V+m!3Njb*FQ2Lok&O| z4A-RWVGT}N$0XoEq|*9qng}TCNryG$$F&Te**V+=r}*@g&T}pB8Aa>fk!-TlzN64^ zBI1!(7#G7yxE(u5>DshjO>Ryg_H#d*3pEYaJ-_wo`B`TRmkegC5fvWYN2kIg8t#R2 z@IG)Q79=UwWuwCh=&11&r@eO2gpb9(5W%JRQz#tsT8k2oFdDq)Q=ts>aMsn=xn=!h z#*Ylnu0-1VovDPU7I_P~^{_Ob@2zAUY=cF?5YS5dIy=r6J2A<^eV}w!JU;C3E|GL& zls7=~U8MDSelf=ViGJ|fFgGq%zDq$;?br>GhP>K*gC#3GEY0NgUu8*TUMB$-PDXfQ zfihy|pZV6>`uN8SBfB|v%qNxBo78|}S1eJJEN{gBo5o9|y0^I+BC=$+ssqz1TvyOi zeED`EUeXy495lT|=q&~~CK*;PaaHI6I$jiF@ayFu)%ktON)7&JdcI*LB`iC{uZP!!10N$K!U!q-$9d(9TSC%1|qX=S1cj^Ij9!@5Wt802xIG#`*^tY?^9e$Y-xHj3Ns{(=2>ptA)4OvXdkj*iwqBM%Mtd_qKAp#> zFzY2=9#Pv|b-_(9WmiRF5^uHZ(4!g*F8J36EbGPGYgA>l~>98yh`KNVm!8rc^K={`@G3kf=5Hf`W#0vz}6HeOupn~08;awg6Gye zW>7A?;J{L}{OiGP`JN@e^9dZ4b58vs1*((z4?vUz!Ek_Fp7zmX3?ya>E$rLqfr|?lM(uPMS z)%JrhVf_USE{m{}yK`eWPR$=?0+{54Bndn7wc*Eo6m~j)9Hl?uOC^K)9WHnaa|9n* z93T-Nbf?PGP|G7Ue)kk=3348Bzo`@+4RLa~QA`jDuzR#JwDnTq($q|%Lv=RWghiSI z!sl+^Wpr-fDoi#kfww&yNYbDEq7V5EILrbCt;(BO~KK(MtdEfbVbv31V6!JkrwA z6%rpZ9!b^K#((dslR^!w1(&>cNCn(;8nBRrSU;@cd6p$gnev;B?|7eS_81%cS__%H zuTs{^?%nLrNGK`qyM8B6VPp_;dP4UjO>ERZhEK=YD_~m7uRY)#Ujb3f?d^%WAf$EN z(DIJnD#6k!=5{2p)3!VJAPK)|6lK${-{57J)?EJ$;;KIUc45l)q*G3$G*1!=iiq!n z0nAC#_zY$++oFJyAF>k+q0ZTvwJ#^jmAP9*ven1!-Xi((19vLr^+vhA9D|vRgqDE} z&IfsGqsrr=tcswLSbaTqzlu1LCfaE72&jvfx?^vaXq{sVx&^M+Ph`uphJTsK?4&)tm z+h6;=@E5cDqCz>B#3 zuwIuH?z295lDB_X`0kb*7Yc)6=%R=+J3J-%daN>{GzCAL!>SIwSGZO5{1kXPk2B2q zqqQgK6R#Vvn>&zMe3Ec-Zxgov7^y_#S@f{#N3|DDm`~-J8b{PaMZ2v?iUc3{2QmGRwlD%L*q?7Pwb~ zecs{7d^){vlse~K_pbHUJ|xf(N6q;3smE!-_4wtgyr*EU!a#fM{eX>dz{ujRWumOH zDBNb98%HCVU}WT*9<8uBxOrC`#nr+Ol2NB0yr@8DO^rA@s|}c9CC^bfP3u!Ql?Wk2 zrPIHqO*3h=nm`FAE#Y^%$Sy!%@`P(lHP>aQOV5vU!A>C7?p&gq3kGhC_sjSV21nF@ z&8u~(leT=6mx`Xz+WNNl`tGH*7aXD1f1=RV_;V|#7(#tD);vE7Y#=6&QI6sS_#3C! zfa7UnBEf2tgswNj-5Z92vH~x2GY?E+K*p{=JFMEsSl+6_-aFLd?mVb8Wg7U3rPyb79; zzvLpx+*sYA;^b)P)^~({oIa|P9Fny=hPIMqt(!Gm#d^wEtUgjX+i2maf$kScy*=?7 zk1v9fb=2~tJiHsW+?`c*(SG|h$~9*sqP2`J=Sg){YM$Pcxe3Uea{Qj5S~fH8ez}Ua zKQYL^rTv-Y!*QQS>$}{EEVOr%jrVcbv96B(%?gXYkvGS774UCi##x4>s(5!Iw?F-R z>8pzo6=dnjY_rDJYL(kqHJ3EaPXOOX3x7#(tMQ^=&sz_1{%qmVSTt{;fewsbbSlQ0 zm+2F*FczI12iUMm8io|UeDP;`NmdL93~WdmUS7VhVJXvSS(dc|M=jsZ?J)nZsJ8+< z?9}$v5#k?hk@+HHaQJ*6LvywBhcOhd`BX8zOrFe>7K=C85=r|tGN?OiZ3zglBwW#r z5=#8Xa9%WByi9*c(6fEpzxOLY1rVRh=p=p00bion3^LseP7q`f4!=uG=;M#jF}Cj> zd=oNPwXpWlqrw7wH0payIxJWX*gSrSEA?56*mN)O8AxUW8-r*MXXnbFLLx} zdWT;Wd4BsQ`X($SKnkAmyI6cX-^!;N4*VOi9~a=m!3-B;8=7s-c@m5Uddk!gk>YVv z?lQSuYL>4kPU|5B$`m>SO&v{V7JyE3+GhjJ`DD6(a z;;-<;q01L)it~A*_o~#KGgR4!G3Tow&rnbs+LN5#zxwaZ!uHAC#~(4)Xv=%2X50)6 z)p1vij<5Nzz_`sPc-6k~|4gdOo58e334?d$gtlL?8UNao+&8cxT z)8~uMiLL$RZ}|1Hq!m~feXX&HI}OflwLU~a1}J0;Ztr7E`$OC6TTkfk=#zt2999i< zBTtU+K_je{3!y0wc_XT!_lB@ATYPSH4>TA%GO}7@ybJzkd#sps^|o4EFqv?Rbffh$ zuV{wn@gZMHE<{>t!{%5gQ%=--;N^y3H{6D4i)%-tm>6AJg8cj%vpj23Hbf;*@BB{L zr24bkQF4oK2LY4Qg!AfrdBnc7&U?!9`N-HA0!h4}d?znPh{TQnrC42nqX2&mNxbkA ziZ-YK+O9ck5!HA}<%q#e#?d%owKZPCy+8MzERE~e=!~+THA%d=Zh=YX%t3pqZoz?f z6>`XgTXyb~nbW3&C>cBs#28ebZLo#)OkuX;AY-flI9X1vcQuJS`Xr+nN;FRSN%wBd z`Mw;J1P+Qi>_x)*p)7F%`C^X@Or#t`uf4}`7p;My-xvEPr1v?o3pU`|h|;#5lt?bb zh|h#zd|g$+Y^M9ICR#1HL5`_T_3(izb%I_~Esn043?wy$bh0jmv0StigYmce7RiFbit;9zCEB0#F>lcz!f#BBxh2ynCF$tH$YnLH7<-JtH#YT+P z*UwmQ#i3Q-p`uQ!`-Oc6Px3V`Is2S_xpm<)TBi2trf*^;6#*uTRgOskw7k1*j>8EdduG#0(3$2h6+k8DUJ`qIN?qb}$FHGkPUpRhV{1xmN z{YVSyye9{73&##rt8SjZf;2p0Am>oL;H0e=rWyq*dOCFybY2ZMryc=NzXsK zrX;`!D?C+K{ez~0Ta`#Y-IB0dH+bYZ1_>yZ4 zx^#%WfTkkKEF?j9DUwpI)P-C=WmcT%Bf=UZ9_BZPaB4c}uAZA(NBbLj%t{JG=-4j! z&>-R`q>3%volt|JFw44$iVZ#7LNA)fpQKCfDqGGPjOSfo{LNiXqp2EZNTzZlaUWzSBdz7`bSYxTGx$*XZR^9Jn*j z%`MrbM2G&1;#l7Hobsb=u?r~4j?emsp16U-N2Jv>^btRfRbglIX?mmviL0#Qtqe{* zD%~N3Cg`l`!rinVKdQiXNk~L`XK<^dq4su#8;Qi**0;3(vJw3MYbM(cOl3bvGyTqJ zWjIlzW)zk5X_c)kz5>P8Ib-kMT44oVPQqmM5A7A8Ty{;VO@|p-)*Pry3l_h-scGVRxVb`tt#&~539^vKKy><9kp|LLbwa-#t86mVz<92|~S{04S zQG4brc|@{X#G1-*U89~cbz`$E&w6jYD=Y*xgGeP&w|EMkWXJU+G{1<0?%2f%uP_Sd zDfu07NL3Id)^@l?ftQrwDHZbFB{dwWN_iF5fPlXpy<<$%Lq#rpc&nK7z+#ixBKxI| zeRyq{UB3}#y_#)ou|96eXE{QRNU97mI4Zan{#+0=G5sy2C`0Ox!-13wbhS>ApOj(m z-y7(OM2^sGihGy+N$DB|Ljd755y}S!bgkLQC$^Z=WGdE%2LxhhWtQ?teXudtQes%G zpEs{k$i5OM)M5HR|K^9@*$ETVY$@%1WDi8wecmvKXZ6n&5k<}LueU)*oLZVm`GX7) zwt~6Fg%4R7NkE$4^UwxbF|PoUIE4_Kp?me(_>zuKCSluhZgcM>Pe4?R`{eKYA}p&NXJ zx(u|hcMoG^MaGLtAn`@sK5**oy^nBTL+m3j&!i8|E%nRA*D;EVEBcUTV@rnP^q?QZ z?Fg1(P?cS_u2cJDt756unvv%HDAQ9|h z2XDeadv=3t=}I!s{6K-H9x<+`%-L-i<@2M&)(GzAmt4A8U-^SJvk<{hV^+Ui>_ti} z7vlOa#~r_3We%MfaA$P0aHA?(Uj8`G>+by^FJWc06k<%HknRCj%QDXRE9#l(G6v~_fQX^p6hW6x-@<7C%oW1 z)NJELM3Fy9Il@=Jf89JpK=|-ibyN6EcMuwKoAw;?vI_`^e{^uO;&+|MlA6_^kFc;U}*WPQd zz1G^l?_D6cEz~hhBv_IB@zXBZME2U7ROR+oP(3O2oA$o)B*&D-F_L5EiH)biJ^Q zOYz1gSIe*>qn?OyFHqcjyQB9Ib&$nC4N7zt6$dVKezANI;eFg9lr2kbHWUB;bOwl$ zS}9@ISuE&Qr(UOP)QxH*CtEkMbcA!H8R+xgwPBIq< zvUnGR{Ga#^+FN1oc`ypo9x+21`nnu$C#Z*X=A!Yp8nR}2c8V#@Tsuxix-$}y)~kE< zoXacJqbKvxe(%J2Gf$qR>1_<{GDdB9R+i3$eV&7)7nX=cYtLlQ((6vbbG??1cr>g# zLZ%H{E;`i2Wf}%aqoR3iR-@O5rqot$dg{MTYThz0S2HSa@_tg?PqDa#WTnKNm{Yk%cevGs^_Uz7^iC#oQ z-Hnp=z-nTgZl*$qYG~BqnA@p_>q5!E7O6=A%25{ZE$KA`=JC8EM!E_irRqxL3X4i~ zD)~+F*^q(GhdS+|E}T=fg!+{}E&_sq1uCpbIaR8uOT)$Hy<+Q~*bF$xg}J=% zV#V4(Nx1Iz@O;CsoLt>Tt7aq0s#e4dwB+{RNI#vuWGp0Q6nPW!xOT$s$H`6`9|L7T zn8^4AT$+Y*oBKmb?~|q@qocGwe5ayJ?4|83rIxxn9XRO-27yEIXUGCm;zqC;^oHae zrliJdV!Wl}%;<)+e{DDvck`-sPEHG`@*h5^Yo{7xpo~JLdlRWDz(bS$>}*garA0ch zBkS{=0t3e0wN%N5_!718K4Gx=FXolAg>K>!g)_$Jrlb=>&lxbqiVw zSX{00B;c?BZFu5(4Es^TTYfKynp&$_w1h92Pgk;niTU{}itv{nw>Qw%qM+OZ(UEWE z3QppDK(Y0nfz|Q+B>`tSqIPNI=aDwo32Esu|6!I`NVPq;yZ)`=_|P)*M6IMm%@Mcs{?qHLS9-MQFD03p zvA#nIT>WFy16Yo?HUx0)idueowcaq$kbgqK7=&EBS+%TuT4@tmryvgsrN|DR`}wXt zYv>R+%0G?0Ii>}JEuVP4_)0*Ypxr&*$;?4jfA2b0ua^lWWj<5NjORy~Z2BRua{qkY z{2Mu&MDA0tc5T^Q!!-u!QA$i=0Y#$1{#TX=EO~=+Y|2*$HKsW(+t=`;PW>(K%U|;$ zmDk_QReP4PC(t~@G$-sJNQuqMu05)PBgne>z7egKvxkVQ3GNzKROl?0SRLVNIV;u$ z!_Ggp_UxUvqRyyeI)z>BOnS54Sev1HghDgIR2>7WZ*Fi9%VoDN9LuWY$E2_298SNv z{$!t4v)ik>mLEOR9nb2U7;*JT=hLS-SC;nm%EyXbPTIYTuRCdx-e zGurP@S}h)<-+n*4s?8AB86d)iy>-_q^+SfymxtRB0-^Bf;I%b&a*N z7^hsM@wBhjRv>%xIUO6*c$*jMzS6WGfC7VmO0G^h?}S1Py+>Bq@-*`$)a7gnUU0oq zP%bEJ*e=%RC+-@Rl3H=(GG=wnP{k-#Q@FyEFA07n`%G|Z>IJ3&Z@6?CL7?rp42HEl zBA%?PPoW;((%!pX)t$*EO@f@OZv$+vq@*ScvwxOxOb zDtw?glh>!|&}y%>mCC(UGQymPYH_hMAQU5!y){iDWFbayp631FeJw)i(GQ|>yGhv8 zoZ0q@~Gug0wQH$@A<}U6k_lL~wE};uVv2$TCWZRz89@(Ijkw zb#gBzQ?idsB&2?v&pdVI?;M^+W)9~;F!MHlcB!@d+QlqTpAdL)Z4sZjlU-cd9&d1n z@HwJh{`Qfi08s*0W%rusNUmLlPDSA^Mq<3@$_g*JH@RlX&P@?@bXi)Uc-qr;`0Gq@ z2DaOzrD1C&anI_<=i^)*R+t3|+qK;GyX?{QXdcKHyDA7yL&+U9Nn-9QVz4durNOeF zF0JKCd0)fUO=CI$%6rIyUk1pg%|RDl{aG1o)v26P(0=_AD>$jqF8JA~Vu|^ct?o?H zjpHCP54lBFOG*q5-^SRqy*%<|{JAby(z%T)$_<;jSWWSD<5t@&RBeJa!WY-IM#cIp zVaj_P&8~LBKS6YW{c!x9hIc!*xYpzf@zJ?ZHt%*_knvX~cShAZ9^A&Ld)#rz6zQQw zW5V%yNZ9S%`&rOLDR;z8I|CmuAAbI^X2oeKDjJKo>90_s#Z}t*u{frERgHKql~wR< zpET?-X8f5*yKy?w+$5X-hv*lFK`3KO!yWe!DrKAvUzT9Plkgmv%!^S0+lp=@?@=yU zd^IVSvUk3YH8#1Cqt2Xb+_x^=nmCuCtI~vx0~5; z_+T6r^84uDvpF0R_nTdqs{LV_(=FOp<%E(A+E)49j$A)F#Y5$N+?htS^TX%n9Jy`- zpql<4H)W?A2S}CNxqHI*b2kAvnG*3w~_c<}Hv-X*PKsu~M`#H~oC~JiUlqz>80=y8<_Zl$yx17$2M$o|-I! z&6O3G{Yo(&?qVP`#g_KPJc*^##|AG4P0;89ifT{Pms4SI0hIX2!d%S9ogbNo?p8gRB={zur zQF~-J&2EA}){P4{lHZeZPu}0)+|M2An0Q?ibg9E6L~5_-HjAuHsHL$@EMR;r6w(HJ zh-Rd`Q;X-peVxji<3)sx7~isj&E=_H2jJ$Gn`;e$(35^YlM0u(#TUfs&@|NU?*ZyX zPX7?xe~*cqyjO+GCHYFINpNO$iQG=J*!2r8VY<;$s~LX_3tE>)cd?pQS&Csb%2=x= zLD~l4yFMH+$RL`&O*6;w_Ko=xA6q^vG(e;+sbj#Pfw8386nwc{{R2;8G2V1bV~~W} zsIgIjRy~H^t2{Vh#MveruX2l=>^amnU2-{TN{$#5RQ1|9LnH1Tp5J8Fy8?z<+P#(L znH;2CN%s5E_q9CDD&|+z*piuwAl2$1V?w4tVa#{@1Zr2{WKhVWuccb|&!qiUu_tB8 zB&(g@Koy)W0uzHE2>&TZoNT?GR1!Dk6W^pyth!GP7CO~tt|HX4!9*9U_8POl?KN+? zrUpqqMMv388cdJBrXZ%7TS{Z!6|zH2DWOc_&Wv(`gE;!#dY9HCj%p1I)llj+r59BKm-5Y)oC!g5keaysL-hC*&P0D9~!noVSl2RUA z`w?p_d8;#d)1V02iDF@xf7o289YBf9e?lK zJbM-FXTaiX8PJJjLN|}noOPR=Z=jab(O>^FyAEM{*v{ z1v%>d_zIqz~J7?*>O71aNm(bZ<$M<-efJ)VW1&!9=^aglPDW90`JJ zl@5-y;;<#^e`f}{wXg^Km|&HA`gOggjMniAzdolX!5BHxm9d#)W?U_QL&7&AXVGJ{ z8f>=tb#-8_Z?&ln6IK#t*fH(|8KsE0nFHV2EqKoQ?hgmF|MJIHJT{O2@JX;v;F*Xs zklU@XjbAl{OYJ!%-vk-eCXl8#t8OncU#^!zVw&y?OV8pRr{F(X(9B`cdYGL#+-S*f#Sr@Ol}tS4Iwrf>Hn{4iz)DS8{oiv$zhzC9{{90q+4V%gm;9?Fa*t}Rwc zlG&(6>q_vTK_sd;sC`84vMXPcnvfa6Yg08?YA|1jAFSvc(ASz#X}XW%5T) zt~0Wwzm01rd3aOE1-0%~d7I&EV8cLl2!(dAAuMC^35S5VD8Ur85awmRjkl1$xm@kS zkU)+87zmN|Ekqq&Oxo+d3b0bQnS(IkeCiL9kf7>SW2j+Ce4J=IY~6@{D4JV~JtUR! zyss0RW0RcC=84^f&X3ShNA(6WTk4m=m?9rMFHhCGix~y6s8Qjcx1NgK4`PM)Wn9~Y z1GtB+AH!LtT8l^fqHb1+r{~v>iNbfYHI8z>@h;hn4wLdSk1_^KN={7cHlo^1e1BZx zbj)3OCuIk2%S7X`!W zoBw5f)Yuz&TAZZW#Hkp`z4M8w%Pyj$#1*-)=^T#Nyo2`p#an1vxEn)95!OAKXFFA2 zLc<$VeQ3zWKKQG_#OM11N) z#d&hVE^un7A;G01jLqL2c|akM4VW_Qm-8lQy1>LJ_q*~)2; z^{I_PKusAdOem?MT(w4qYxYpOy)D1qZZW>iL8mUct2Nu&B+@($a#1|63=7^IPHS&f zy;<70Ks|6mXV6qHWDM9~!&o)>>a;kFM(8ifNq}czs78ttvSgcJ45S~NdZ)*0Ac?w_1(9@~<24mq4)*3|Odu&3Q^ z$m_mEd86@Sq2Ys?vdZ;JV7V`+%>6v^3X9mUxy*cB52Rl|k2Sl<%BMewiFciAac-18 z(-AI`{%B*V7B#PEXcJJZ#WT^a-Rp{$HiEl5HHQjB&XQfSo2b53jo`9&H@ z2cjOUdfhh_h2ayLD4t;vF_Uc@f@`mPPnZf0p>Ae-u2&2-&1L`2SoxdmS=Xbg42j=eLZRgRAwua2< zGz~L4)1-2bcT`GozmNEB=gwg!!&nB>;>J^$^D4h6`y6&z*L?=I{84^NEXd8FQv@~| z)#E*0-X7}yWC+%bX7Lj!s2Rh+$DBW(Oqg~@2baGGitQp*Q8`60%8Eo3%0E7DG$+ha zAFTI}@k#N`vgaOyN_z|qV6)}K3_LBTt~qp%V5ph)uPc5#W2qT&;sb5XsdD+HK*?6Ac> zeOq4ik{obe505b*6Qr7i%a@8c5y~M+BeYNv@Q~i#v83!fux~Q?Q6MfNL z8%1++)t2(3vdE{+E0qImQhiyci5&Au`(H(c<4$j^bhU&`7vM4mt6$9i5b> zT5XdJyI!U9A^4I8VGH?&vZjf44@!{wnDhe@P*a*B^vGUq^WAlY0Wp1yKQf-RWI@WE zAnC~oBV;a^HI_f1?mNVQazgE}nGk4T#4jvhsXWJ2wssxx&fj&GHlzQ$HnO}$TVCga$R1C+T-*@9Z>=lb7!uu`jwqCWV@S8fR z%u`9AWx=Xw8?JsVN3?Aq*~9HQyee6b_=H!?#rWS3^I>hopX@oS__jz^4x@F!@nyXn zG)M^ta$(hh;;U#!gsKI@j2Ia*?(qo%w6+m_gq=#~gEP`y%cIhZzxTaku~l3(R>Bt4 zIX^HoMk`PADJ12TS1s^nRB>y-h}^QR52zv_mGm9Nt7CN?C-OA3NO^}o9o7NJ(*E~<}HVagQLbvz+4#|xyb zKX#-$q*_Bse*?94rXSjGocZfO_3|0|F?m}NqkhKoH0XJ)D;P3+1CtmhsyBY()-dEa zc&)p&PeVA=oh6&S#gP+sLmcz^+Q-uI`ohbeu&>=m+5Cgfo~)vHK}?}x45!V?H=UWT z1u6x~31{42TcxZ6P6q1}gd*KnC?~-?%gP$QoH!l95igk$#nodB&VRm}VeFzLrD-ir zv7P2*7Fv#3CVqhx&fW2OgmRKS@7sARwb6o>;)M?8SGBP>>Bw}4*?hu$gFyoYvC9@U zajOFr!8YJMw-!4g7yU`2q%lE6*lF(+Ds}d?dehfiap}>py+h%xn9T0Uc_(Oi?ug#fs=8804KI9;Fp2JQidwZzI#<1j86nq}7i!%BY!P)4Fh2-3UPi`r`Dr02A zX|%H`5oCB5T#W)9J^W0V4BsqBS7Bx8s^HjJ_7u9i-L}o>x#Ezh)Y*+iqU31Q7I9wU z^xF^TbAe6FJ=SLTHS<6^#~;&e4@21Yw4Q26A5&^fcW!yPEkLPvF~FB*Ih?E>pIR#nw$rbdAw?6BKyeK{>!HJ7xk=W0V3h@{3RX#D&PIL?ETQ{$H= zRh@30esQC%rvH5eeJ7DxJoAi#271)(+|A&&P~#U=hy7w>KP@w`j|=RMl%^B>3KnY6 zh$I-ji|wgGZjsbz&Ro*FUE$eNf7ncxS`1~db^G+_(f#Q=NpaN#5Z2JdxxFj3PMaFc zsyaWq-&Vq-_qWjDW_H7+EpMUv*Gq-A6H^>7>@5Tr8va%T%IE@h)OCvPvMvLjX0kf; zSQ+N`72ccvw?G_#;pG5hSKTH@O&S@AJe$QOM7fj>nFl{cwQlE~#ERv`thB&WBnpi{ z!`O+v$+~Hr8hM=4y4Q=pb!!iI>c3S^V$-aO$b|gpi@JgdUc~Q)vuXuhJuj}6(sv)m z2n>lho@=|H`EmFt%WDax)g3f^ew@=!{g=(dNc*@8cgTn^^rkO50l;BLbZLgMn~Fak zQs?~pW%~8V1Mg{~^IFLhjH)r#=DI2qzED3(un7@goM=NtSnM;H;9I5mYM=B}_q2Pv zmelp`Z7jX3J>5|ZefpK*PWQV*oP(w}Vy9MyS0ORq;SV`+qu=Z6dAG8x%fEi*{tLTh zs7J+=Z#_=Q1Mf3edbnQe%tXn%heeeyv~|n`&;4LJUG6|AjaNGS^lr0tl-!;q%BDIk zHt_Aw*pck7=6s6e936%R&s$TjC*Hmtr`Tv?3jVD!VHq3-zv9K%vm=(oUca0#_lS1B z8l8Hm$!BVXhxIO9cWB{cJ`+YJ_?k5uc1_hTr7d>u68CzD26_^M-FG{-nlgE@6)9>a zL&@4GGUo3NvS(3y9y$Qa1v*5r^2w` zQt*0px;2w|$JAYg$Wp$7;&c$Vp^YKf=PUgs)Gsf`;g^y9m43Re<~~y}LHoolfZC8w za1H<6^bw8m___oxQ$mUU7StnL7%(B4^_WrCuW@lvA*u}&RQ&qpo(l8aXFqdy>*Z9 z&KB3>7mI9!Kym!op8DGk!7p*=tvMuf$q?IXf4H+V`cl)m+@tqQb%Xy^;4szOUcMrLy3}_g?ZPXQY@ni~8 zVn&8Rwn``4&v90iCK-5w{_fnVW*BD6*EUGaUxn%7fy|Q5T3}ssaqYI+(&g2%I{n;; zk}t)BuD}^R2V~(|1AsHJS!u#{1+`acZgAvo?1Z=Dl+I1b;>2Tu-^!9JLLLq~emk8F zh-T@GluAbdN?K&2?PrC_hx2NbrIHh7brt2PtQ*mC)BbF! zbAQ#^X!`~wvC4l9e6yNZZ$ZR!ZP=fhULi~2(o{a^$_8$&9W!ZJ=29=7zV1;oU#rq3 zcYln(LuPn4Bk1saie6o04o45)hIHoUM z?;2@-EF$-#kn9$(>7)~)j*M$K`d4za8No+gQ>61y$nxnW9zTrIuODjlTqM26&WsUV zV_r?tVZ8yqncqgFp^|Pq_+HK;%_~*8fVs^OddyW@nz9i6;(v!w=Qx>WP*3V(Ui%xx zp*~NyW10a~f9WVD7;z;VPC0TqoM%@Binw9U#|K=c{wo4SGo8$&&X3#+Ys@!Y&O0CK z?n5%RUJ-WZ)k#j~XJzO+SSyQVKk@6Yt_xc?tFTMH!Z7&&J-0HRH@D9oi6_b{?gS0$ zXy81tE%uGko`H8m%CEC*Kl-+=`;WYRA)65As{H2hqQo<}-Effi1*cM~f3AHGDc7wAKZXdb_ERwbi78E$U>#xOGwMajw)Qq8If7 zAyBQhhjU99*SvTIPsy%brVLu~ORFsvRvmB~HsRgoz`4x1->7#p_(6|tR$+FvywJuw z0Ysr*F{z{{T4vIC^9yXyogw*}1+KU)IAxo!7#|tckp2!w-5qXtsgV!nnazA~B?&tZ zo=n`jjW9Qpa9_pV_8nn;bo^e)^u^m$eugO(xtGk3)>~YCBE_PmjEu5vSfo}NO_2<5 zkrfg1ve8oYmY3k1+)TxUaO-4_EX^z@8F0p2L02>GoWo5cX|s|hnAgnE_WVMAmbQy3D6FPTU3UKtXqHry=u8I&*@xTdkp_Y%T18VAWmQ&=m zQX-sk=wQTsY3U!Gq1YZC)$|qhJ~zPs3@C=^y7@GuJUy(1{Ov<${+2mpW;a+f!_{Af zM;jas?{1!!sMgC_X>^zy2$_j|wHB#qMQmU{;88Ida*d|dRpy}H(9qarY^&a^DYwIy zeL*fVR_UNN^TH#87NS%SR=lLJ>V1wmghsSZF(&1%+k|+arrZs3zf~X+?ZTWVB10Ye zjfhl|-S-AOJ4iy4sJ~DZGp}G~EPtMBh@Uc5UFooo1D=o8H#O1}a#pE}8WJ=1sc&S+ zh0_l#AP=i7RvNvTmYmn>#hpJ-9+F-DS&F**eyg4cSApQb^)avYE%fcP=V|el(MLHc z1#TH$0)jfi-_G23)MH&sBp?k8S^! z@jC9KFnQZYx_qY!DH?PYD;U+S4?!QS?0CUYTk@}>c^!C2naPdlS@tNzK-n?0st( zAK3~cIr^EMbJTSQg~hn@raLBXrW}_fljGDPO7b}O^l}RFufQWq`iS*b;f9mwWQT(< zX%uq!^V-y5<{WQly1P=9ig-aT#1v`$Vvk$;lH#`@nFt=m07m*+L?kL@LDI3nl-8`Y z)A^*aVLQUQSK+H}48dVsUioNrWTc3BwJwAu{^ z&%ed{$-nSZee8 zc5q@&(8?~4NxjLUG*WrKwXqreF!=uc${sYeMc62U8GCWboH}pC$pJM#6MLM9x@7Rd ztE^c`;2@~cOg(PHMIT+TX&A#a+V_JPztCxe=>{epoy8T7q))G)Mrc}0^JerI87V_` zBi}+$8a$p7xxh!Qm#rbQ&0n)Lp _p3y=Z|DFdw5J9Ql?vRIakT{XbRqJ7+;y=ct zvZ-;8=9-2BFU@}>pMP)m;mv!QzdrhREeYNqC%3+A-RrqtCN6{H|2Mgn z6aFkmM*qd8fry~h5^-yM)#ba7;{0unP^`r`iWYi{i;b{c#rHbxKae^wXPN()vtQNF zD8;S`@RO&5bx~zY6_wkO;et**$9xlGe&as;CA|OfeM1={{x}!2nYS)8d7S+lLiht}gabXrpLH|!HI9W-2^*-Fozw(72S0u9h^KIZ2T3jV>f2PmE z&D2!}#mTv$pZkF`T`o`87w_VKjfYuzAKbaPg9@nbeBKqPNpiDjS9D#ew5AiwVO^7BBd>HqVx1Hff9yDTfKzCwP| z_tjqiy6w#$kBPXh5!e4TwF^_SCXP3a55rSUQA2hh*J3W`eDTjv`+^hXsYts_A7Z}g z8%}vR;vNaJM>NZ@p!~N@4|pDM#xjJnTkYFqj8y;yU!iEqu9KEf49J2PMEd1C;+}zJ z57}^v$PHAMN%HRm_%LJKxqy2(jjbZqd$)gfQOFMTtC$z}!P6Tj^^~|jZoewm8b5VX zJuE)nB)+a6S~aJ{$xQa5D+m8{t6(6foV!FVK`n#?4oZ3k(a;n2EcFxQc;Rq$YQbHo zk1gAF3)*q7Omvq6RRBB&0odw4OE$x&CwT_vrjCQRRRYKaA9{_`jppvELzNEx?O#9# zm6>54(M&2(4cT<4MtjUGyUM!g&>V7gNdww*3+2RBMx~--8uAcP*4nNKv+I(|o2^1x z&0tQmS*(&m<}e#dMom*FfWLgPk3Sx2(PRA8adVVLU@`X{J}wni8T=oKZsmLigBV-* z@qlS}{QWY$_Mcr#2+jzvt_&?9VR~8$2us9gX^eq_KNyZ_)UJKvECYSjt-XB=4V3D) z7_N|iULkMd}8HX$t8G@ZaZ9d)vY%@hV)N|S4qGW|I3|M}x_ML_c>f}L^WKKx%dgamF2uSO2ojM(8rfJ#al z!$+{=D&1D^CaJIwyU#6j%z5{*ZljJf4vj8xXqko>={_o5_23s&SFJ-=;Fgm(I5>VO ze0G*C?{r%}BB{rTH+;P0q!RUFm=6>2z9R7P@p(`IuHBiK^7zN_FpLLg^p%~gZY;iT zNp@ji`@e375L_N!4J~c0vR=({(jWl23x8HKF*bQIOR~=UvMhP`U_;`UjZUqmLmMX` zG@Un#lX9~iOHcJPDL$TXcW)1ukPt~9R{hZj58u1h_ZmRM=t&G|)!N@)IqTeSQ12}T z+AdyU-#va@XlWMmas8qe<9`!F*)+_J3bAdiE%SUAw(^pdNVQP-CGT3>2+lt<2Uxbi zvjwXV(p8`rY;gG|W99>8fYORu+7i*=;*lJvHf~%z9rC$V{fg8H&9B-UOPK}q&8N4j zTYZCr77GBAY@%PPE>Lt>xj~9!R6`p|;YswSeQU*R;<>lY6DaD- z+SMQxPB8Xgmo4fngcai_ydbq4o{NrdTWZfxe*NXcx%bkI?>rl0{X(@pAXxA+0;^v6kpwSQO@J{J4G)8li!iS%{T-`RZAzww7IU zd&;MVO;_b$LrMzD2dd=7<>d?1*=;95fi$IZAB1lyDFby&Yke_Cfa3Z^uDW9L`lcT; zd?(8|U4{0l_YDiY-+d@I4{nk73Yr_yYMs>W&_B)a4X6SZL+XVu}48K(B}t0!-H zLCuulXq0_$ye>;3W=oOWa$e@uvQO>W^?N73v|JSftKiQ2o~bIeZjNDIS&-hR2EKNtZ} zd|YDQGwWBT!prkAM%MK7<_P{bA>tNi32P<$JZdYCsudl64@?!RYcvJ?X{8{$Dh?o0 zJmNsYtl3&2Du&Wu&(Ulxb8w|taE`S)F6d>2Lzf|6M$J4b>gs~Mhmze+H*s0@zeC`? zLcaUW5L%{A;0JYXEm}M|H1o^L1{b=`p@33wwsaJkR{6I*jT`6V=Z)SIgt7@<0ou^D z;#VWe)gTr?&S${Sa++0F4p|#%?0%=*lijh`X`zKYu&|IpQc~LdoQxQlbLIJRU&{Fm zS0$V8@2;yl%V>_8pJGw8n@NOpjvUZ3G8~j!PEI=j!=99zlFO8vO89M~LI%@-@$X1d z5`F_ejD8|k9gS9M?fG#2^)O+rekWrkpWRZN;Ur(&wJe}i01q!NCuaA#;lFIwmrn}^ z#Gs7U@`o-~LZS{Ad>=g!B0I(bLS%0emsyR>3n#imgrSs5%SqQly&Pnp znFiD*mwQ_3Ch!1=Lg0%0>TEBBoX^&v2wIUpHaXcqg9A%RrU`p1}LBAMl@5!v)s?%W)J3f>FGtAJ_ktUQA(r9`Ml_`>Ph88|z>Wt4ef)rAe(EBI) zUSF+7@$D+-%aM|bmR_6cy2EC<3h)u%_c&$aS^vEv9j6n}np~YkQ=(vE1`QRId^wMQv09~Z<{Ij^4qoZT#G{5q?nyP+_+sc#P z$V+NLr_E>jeI&}7XVoL3u{4@p7Lwpahqb-|@J9gYfQW=-asCK^W_F5>c$<%AKF*iB zL|cc(Pwy)evME0Sl&HmX>S4XDEuQ#+pQJvkBic%-EfuL0WC6Hd)F&+f_oDlAmIRn# zrmv4Y1e@~bK8J$7nmVMqXgohhIj0_9I77o1V06YB{zfBYG;b-!gL<|8;luyezhg|X z-u~5WRoT8 ziQ;m~0wBf6h(qx072MFm;?;HWtMM=k05EiTx}`Epe03whs@MEz;7yQHlY-4GeQ0K3 z{keXjdb#M5=ebCZntl*6COPzd9YBfcxV=8FU2Y@v1(B^{N;219-Gv(FMM`-n)0B)n5Z%JNx~ho({J}Hi>@&F zDz6A)HrB4T#5iYggWf;Rz#j&8b8hLx4o%rpe`-tW;u zBRpfb>3;d~&F!u7ukKYq=wH=rTa3PmIlFw>C z^n_Q9#2v3sqLtsj8ek9>)~Q3VLxj$6PZpk@wY|Ihc$iEmay;fO%Ed zF!Y+1g6U0F_D4uzA>*6!jo~y|ykNplKj&(#1}ug%gxIcak&&UJC50H;xo>f2%?e+C z^6wAUKqp{$l)}k7r}055f*`&;CAG!VH>jYX08%km3@#xKHbpuS{@stPA@z3V8^GVC z%iw%2qrW#vqGG5ka@6?ZJxRGKll4+FDZt%JP;-O%TvNs#h%*Ot1cWTl=M5NGY2ymH z?n}n(Q|IWzTKNGW#K)#TT=#!GoNRSEz=h{?TbR~*Cq?)pfW8hHm|48a3ol9I?nAX> z&#eMhZb{z;8cV%BgT^yGfM=c{Ab_0#2G$JOq}30D&7cTkz{Nm@wM{bC!ngU@$uuyr zv119X<-;N)y91t{KMdgYBer@{uZdFf2apk(oqo5gV0_;T$mU~ zq!}eX0wQnB8!yVMgpYr{yGZYhRQ2%@SEBUv^ri9e z8Ro{)-x|hX`Pqi~LNE8j+-#JgaM4=*7B%D!dmXGRha+l-66(`ijNghf|4+&S_~}Hh6@dq4X)>`rbFpbfb#^ZOY~|Y0IcPB z{*yAD)<|5s;I82^Mj~bnKU%2>%k$?16cmwcx~-o_tS%_Bi?^4>5ytB6#Jog5=I+W4 z+9w-!g%}SdPij{q`S zheIb~9D_1#zaSlL_U=2?@HYFEC;JQEV|QcJ0As}9i6i!&P@SVF@5UzOYa9Gy@hI`l z;lweLx)aTR&m%hy9Rakq>6YVx82^QVAzm3UQN6LobxPz;>Ms>95dj7p_Wp6Ej40_F|-rBs2KLVR63WG%MRNm6Z#_MH>y89zM#rpBS z1uHsQi)~a%vvu|Mw$Uu6KfEFPYTrjuan|+}l+!S3ZL~Vj;jl)Z36L=^_Ud8Fjcy!( z_f@uNm5j0z?)Zkr|** zvr}Kq1CGZnoMpYOl5?DK^Ehdx2xACp>x_dJXpCQr)OFNQ$IJSBJBCtK+QlqRyWZAt z;>QRsK0aMZn;_uT^oK+GTAF{Y-%0ra1in7NHSjpyEm|a3R8^$px{{rxI%%u4cX3I0 ztSa6-TnY2-OBJXFlbr7aMc_T3Qqgt*iA5E@%_;Al%M?e@q^vXP|9UJceou1L3P44I z`=Oo_ZDlCuKpUyX^L<_<_GL>&tW4yFH7nv6j=Mu0@2foPA*X^a3;c1fjB^&zg*`5C z0GFOlUmMX4@GI_pdWbV%P2X3V4nWZG27T`rdi9n%>$4RV>=4~*Y0xd7TMwCna=l*NI7jzp8y?nq9&i%{0dH7 z+!l|%Xv)}*WJa~(Oxwjq>5+NBla6Z%Z4>eK_Fj)+9Y|!0$(K*DJpaY|M>rPv75BeG zxAL?gQ%xk@J7FzzUgf;m=Y*zk8yj{lL(pZ6kCySd89Qz!L}f#Mp}|1{R8yo@ozQ(!x!y{ol@h|6L(KJ0uY^%(nLB0ds2AnMW^WoOS|yuwciODH4$@*bz&?(XTj*athnkUlB!$5H zU{k5QX&0OMUXimk+r`nk(rSz$mxD2ht)19s6^wH&qL-3O^o*z5e5|~C=t_ypA2t_BhL31V@GTn279c0=C1KI(_9We(_jqY z;jTY&-Cy`p|L_)fonkeWb$HMJPUnx>+Vu5C!u(*)rq&sQ`{-hfE>Y=wabiiM7jPHIXR@1k96 z8TEjAQ1m!g!10>IKQP>HzO=vnP2PNaCd6sNOhry{gEEv-->${S7fB`3YksJ98g|{y z4Ny?Ns0DT#9{}_>WK1&X2Eho69$lWK8z?YV>QE!ljF{y{E7*()ur3Bk5!0yX=skVZ zuIdSwrrZ`^g_wwd?%~eP{@y+cq^OjKv&HInM&N&J<|N}zzPY=*_vA@PO%6edfBC0` zLKB}V4rtSYy1k`l)ZTv31bGTwjg}a;wX$?C+KsY3E!FqDn;Eg5Kn8rBFQ&kva9jth zOvexLy^qlgKIzl?$~|#$Iz>T$_>3Q3K700Tv5YJOAEL9DU&|?NbG?1c3z(CrsviLb zU?4!G@l14&R1d_v>}7C~2V@@_$zSzjsjFhp4c7|4rzS zalTs6BsT2=P_Pv=)8Iqbg?^xZm*Xq?&o5^aAI?`ItI;!$2U8!8d+%ZW^8?@&S_NFD z&O~%wER3luoZb3sYa&J5Jw4XY+%Nfw|7pNVNQK!f(7sfuJsCA5mIQ6D2Lbaa1?omNzz@0^!rY z#cz}L?@;Bg_lkc0h+z}6MZa#gJ(h-1cG*S44 zgu{#9!}ljT5E$w{x3xtPsHQh?UsngA_GFx%n=04j$kt|mf?dXjXGx+hj z{Ebk+|m9ipu*yWNQ0=R`@T2Q)QuM*Y}?oI z_uv-ls8G z!r?(p*D>GN9cTqz_n!cJ=)Lq@z$p#^aF02_GFNqF?dI0tqSzY_aJ>L@VTA|WQZ7x9 z5ZHmocS(ZNH%2mI01V{7BX;0fv}gd3*9y~8@~KjoUjmD^WlJ1S(CWw@edR0UANno0 ztzIg(hJU2AaKU2#dx(#Lh~0(r2o*m+eAIK-ktM*4f!vviXKeRJU;1FF5&7k6md{!AoE&SL*v`>ojyfWr>^sOd+`7OyL6}wRo(c?L$di z1-RtoCGdPP++b%{*FJ!!8nD_Ek)z+{^G(Q=74UeUg#b~W96MMmgLWO{3C)F6x8^{R|nV6VV%RWf$yd!k>#uWvK3#G^8Qa~tU`;cfpRIyFSJrM zdJhdq-4|uOBd5{Ebsb*aLmg1!IjYzaa~C`OKjgh-KvY{BHf$>;A|fRqC@2k5(n=~F zLzhYq-3=-Nf`kFmgMf4i!_Wf?0!j@?3_Wyr*TB05&+%}c=lQ-L@85U-kPYtHv-eu- zuIs+;dtD>FKELnxRe2j>ds2<5{Z6_zF#v{86uk_!e0j`FmpBt*ZQ|!y9v&VM_mxx1 zNn+ie>PoL{kM`y{*|fi$0s&54Z=o@_*Ov7SA?Hh@qoe(hRow2?(`__mm6gr28xgTW zE-W~AA7G<4P3~X=u5Sr~P7^o#0jyGoHu7VqD+TLON=62%o{c(Mt~q)JqJcHRdR_oP zH`WG#wy<=5H-&_B9P1ksCW-qX6=EmszKJzp(GTIdi4xZL8GQn$0 z66a(+`{rR)DR@<5u-I`LF8wxc;!>}P?Kz%1m}cVfRx^w*xirD-Q z8?Ny?veebPz<{$UcRd*HGk4`1=nbb|bXu>vzcd*jGBpK|B3SNH+|^P$Oha6E4tObf z@cgp#ihf|z5ZQ9aNqeApbzC$d5o9lV0LFFGZn&x+@;LZOL1sJ4ne5A#FH?xPbHxeR zg#&ja#bLZ*tsHz`+Bsuu}1REP$@%8$0KS~UYlx%lBb#lNi#f%;i zj~lw*$BeX8M>fz3R>sbA8#-XGm8M7*W;>l@w$NRIE2kAme6c{kQKme`BRMk!pC+eV z@y6{gHynB^d(3yM&-~s4RtY`;Jk__v@)X)(!~n=|rOxO)*+d2cywm8mMB&s2FV6If zzO^9VSFp2l8dyTym!|eJyj=rxTM&!YlQ>_e^ytzEmQdn0SqO@ezbONHH9TN z8EglgAnc|jrd(i%RLRptoI`P*kq5iiDR3pd%+zLmi3F=HoPaR6G5D<$SWH0QvHBx` z^2jR0bdmyu^u52uiPb}*+F<TOPrEd*%zF)!C zVa;4tW_Q)o31z}>FtaxH_x652Z!z5(A4EXT@niQFsSQ}sI;S;X$+xz)BD}`PnAM~- zp+1KPy95|G>{5RSepv*a_(!s*q@>Niy5@uB;3+A&si~=iXEGu$HHTy)f|Jy%G`q7k zO!Xi?eN>}x4wq!O9g-0h@a&4sN#SmC|I5yhFr1?zqX`3c#2A1Aql=5|k{Q8Zqf!A( z*|V)&of+(GhWinA3okp}jMqoItG=F*;{i1lRS19@eqPBF6JZ^Wh|%J%b{LldTkP@w zOL8L>A$-Hh~9rR3#uLCiXtUZpVmv@mKFJ34b87J+G>$3CUJe5Rrjo zk&U83BxZqRzQuwLQGs*saplGMt%`wVq?Y~A|H95D8tHh&rYRljd+MnCR^+I~ph zWwO-f3)l|6{nlCKu?~&k%6FP>%T!Gbw0`q-5oF^?C@3h%zmr9fqiz|FkJbe_QWDaM z>1%!>lltKbOmUG-Z$U;<(x*?K$~?T^k&9;7A0Bv666Qm)uI_CwN1Qp2Z?S!aMAbEt zWO{c&>VSetaO@%r?zR3pBE`;}IRlcA8DSkw-L|@{#$6=^9Dj+{3>gn$E7)U`AUr&L zXKy~Bw_;J2*P{Ij(8km~xrSjx^XOY53}-$tDSr!3a!ZkH3@-pI*Vi5Z|A{)_;;hZW zZEe1!8vMyBNz8}KVeGrfMbP?LBOZLrMfo!T~DwVNt|m?MM5}=bs-6_oGGc`%JMNitLhq!0G~*uq&brLmYpUXdjL|9Wz=;h@F$=BBj^alSM z0YG1i?M$hoWXT{ymY9>y4Q`3(B*jKYYYif77yp0cLDQ9>6(9J6wc#|vSIEfHHg7YY zDWLP&Ac6MeW^HET@ZU##AnSg?kbsQk6kxP!Ay9&%u&UwdhD$b6^;(^xk#s<6lr-0B%6^`@q^X>@Syo_%Azg%utl$ z(M(W`t#tF}GF>x~l9n~kImQHR-^Y@fYvpUdKvtz`%*@O(b>K`*k<6)^Cs-ZFQUKVD$2RY8i~r}R`0kxllgZjgPApNfg1gVK~W7-v44*S=wX@5V9+AJ=?U0PjT zO^Cw5R9F5tOcjBXoZOy3pD^e#ZT9YDNHkj>!Z8RqBBLYU{9lKM_jrQ)-_5wvZ3bYZ z0Gx*ddYD*PWcJ)^`}IrB>ZF3uJ%8@p*S0n#>eLgp6;mN0aA67dFKd=!p}vq)c`xyQ zCT}BO#_W}y;t!mVR3Ri-#z72C!8gM$bwzR-!J-{;3yS``ph3cblM@aV{&U+u{FB9juvn9~3r3K=@6`P=!*cy^K`o6=Hu z%$l~QvT=_imt4~QDt_j5SlH=j&kzGKx5rT_#$QIB8hUTGpP`o{Kk;&ZPA5eK@7?!e z;3eii7f;VGbfJ*pZhY;)IQ`dypsK-pe=hsyL{%wr{3Sf)*}}oTS<(B2X2LrX&q+~H zjVJx7zpqvee-EzxV0TveR_c{h^}xIS55-|SJwLEc{?ACR=81yc@c#Rlyd=nSpZfFJ zHnBHnQj7t;D{olFvJ}U8q&nX+YG$NBnM=A6G?TKbZXddpOIg>t=v53Ix&Yf3MbMsf zlKwt#dIaw0#jZfq6w*}4T+VKC{cKRmZWO)I`~3p3h#pwfpZPd(;`lOwEP*KOBbjl% z3V#x%7@R#6#d1A-o;10)tc2p(SWXjD^^xuU6J^#XBv9~iIDVTUQLq}Q)=XKA3!n_t zVrII?4g1ue%O9S(Gh#iqUm)_PYv}~E^!LMpc;}|nUjt9=6xfE|=wDYv`m{|96 z$eRd)p6#mgC#{v#J6|9(AE!09|4++t{0M@w;LGP&8?q&fdvY{Cgmp+it))&|kxa$k z`IHcKBZB0#PS}kIFY9Y_x^b4EF@TsTQ}BDA>o4)5%hN6W24L)OZkW8<#81Ng zkcRU^NP<$A`H77&hr~+ffO!GT$kLG4&iSDooMM<-jjgRek>Ou4ZU+wKf7jFO$~_N`)P7 zp6Fcq!SF1~L)>YP5MZ^Td{$_NyLT@Eh4*lis+)wCH*bizKT?YC?SofS z2s&OXu^D2@Adg^GPY+G-J$QwO+jTu%VWuNhb_Y5KX@QAeJUVya&*G{9f(E`EPM3D_u=RLOP=Sy624f9Q9`-2-;*Cf2>j%c-w1+ z%QlD~ZoZszG9v@-*SB0jrz>ey1s$mdUu*_6*^ElAHCJP=50uz`+sIOXYHAt~h4Be; znnqbgs0~$lkYYFtLf*c;5_)jpWZhq^DrP$wGTD3hL70ly;&~KnO=r5&OnY+OeV;jA z&&>tO?fa`0;^jxL@kp6IJ^6N~Kk~$~`*W(JSAvg&>*;%D@__t=#bjFO@LliVhGt0Q zG30E_vlcc1#-aO5@K4#LVU|)2f~kkZdaR2uEl#zJx?$u#NEQduOI}D;oaYA{)F%(+ zRa zO!cyaK4U+n-{GxBzly838##x)SQ_h{_vGMXuF%D+Yr91upM)RYpZB@|+_YNZu;CZ6 zv9Yeo5-!8uq}|!baKAHWaKU9C`5N1~;bAcl!SN1zH0~G^TxYu^+gMs$=#E3!z%I)s z`wOw~dtd*TTtym~7K~Ucgx>p3g(U0BE@Tj)4!Dy{vNJvv?MvgybbY+{WVsxl>zAw0UVPrT5$K8->! zpU_u-PK$_fn*?j;5$#iT7i;!(`P8h+<Spm*&Nfv- z=m?Z97cMr^aeEdMBn;fQLN;K1mTut4MiqVs+!qLE3O1=S{DuPnH7wp`?k3j?6O&Th z>o`8EF?n+G36!14wS++{k;|7GKH3a?F-H}&&pLnk^5sEvzCrt>Ke0+nzcWQNK=dNU z80D?l<(O9`BfYklezL3r?Cae)SRt=NLL{uM2OD|hZmmjw!a1s_2Y{q00l*p66e+w& z4g=kAU|Liq{>JM&#b-`%BvQJ7jQ@99T9eE?)zqa=JGJzsu7hSCM||7>G+_N3Qn6cs zptU-8WyKz#;8w-vCMW;4rt~_X(b4{+Od( z{Y>!9B>Tro?ZaoHuQ%y?2yja9#4&lfFMDiZLR|6UV>6^ppvUlwvb9GL8ImZ=`r>rE z96fTW^4eY1)H22!*7&SGv8;T+UBF_wpN`#zWJB~E^`n{!dO15 z>xS^cZ;797DrnMvKrzsnwI#fG&nOR7zq7H95(c}TH(k>}kae4X?;?}P;`7+l8$rUm1EF#d^4tt-?H>oy;Tqx+HtnX>1)aF{evzidv4BgCIJ7_vHIml zLh3lj(c1Iw9v(l}^Hi$6J#a|jF5ybJqiz0O*77&))&SRecSpITg5p65{XbLf)f&gA zT5O^E{rmS35TZI_Uqg$>oYZE25xyiPQC(tWLEMo&h(C2=4WvZ?G#HTE^{G?UGf+@a z3Y8wI>&~l}#?yb0D;ZDo&c4T%s4?KkLprv~Z#>OHP|@}FOE{f(`{Ut!UBrbTV!DUU z&IkJ>FCxU14qlixYyD_)NfdH<|3c^CE2%gEE2bQDo(}v1E)q>JR0ciU4JxjoV4~fg zW3$exO@Z$CD41BMC*++FO4qbgX93mp54nXPSX z5Lq)CSLYw*5*HeN-y@lSoXc4_{C)3FRmATJPf2J5H8k=_!!NbfGJJVae278XWW-gT zy5#&_u01!J!)iJ@{4n#t;jO8eR6?DA_<`--t?`Kd7>Cw)fx2i8j(Z0zFK^UfeF^1F ze{9C)#%%Rl6?|ihpj;Y4-uW;M(nk$t4#ujLnl_7+5C)Ss2*KhD(-+~M#qU7kDRD(Oaua|P zg-cYLT9iP$vn|m1G?H)-oGOFb)lH_JB<+Z2J|LPod4S|;9!nelaJHr>HwaTGaw)`z z>#p9qEIYD*v`F3F&M|#)8o}OmS+3Tp=FW9?N9iM9Y}u<&2~zTNoUY&ir@ z$t)y9b^7q=him!Tu^N2dSWH!ilkn>CL2almZ) z-SgVK`jvUDT=Rd_+wob`FmM@59>99fk(s)vuG-KGHH=hCZBI{yz)2!WK^?hC|2N!&!o%9SDvdP-Rb8-^E zxvAYTYWi4ipDH)}Bk5m8JINX(b5fmSf4vS1u1^$p!>QQ8_zX;bVvoFF>oC%5b!XKWJj6xdP5r`UARS@t?J9Yu z32A9*Jty8br5OMJ!}iWjR;i|ff}@1f0Gko?1#43u>8WwSyTW-XG^#l|)elpBOgBmU z1^gHX03Y@B82w6eWWw%|&Fkg5rG(-Noj~oA^6-1Pb3Oasds#Q6gyFC0C@)jqqezON z2nX@JCGwBIi#v%V1-o?5<(!myh7H+d>nYVn-qJ8p zEdYkO?7yC>8k%9JBqWn;yu7$t!)**)9+(1=lv=;EjLg{g)p18G!nXUKZDPpQk9SGq zWzo_6rduwcCLv*M^&6ev0X>eZ^v@CL^gAiPaTN@!{bD~~pYM2>zyy12dI6Q7?a zh0_QGHQHtZo=@-N}JJI%GewidD{IEF=} zW4-*x9^LXrKcjnI@vZ_RIzDJuyC=`^VGg~$q1#y)mL)}zk2R0notDzyR?qg?a@3W)>B-NHuFoDp zViWIq6b-rpeg9n5$ooYg5e?3rvB7_k(aGF7RG;jB5xCug#n5iu$~)VD6@14`At}5d zT}e7aiOvG4)7S|-tfyn=5)RgttI)ZWGQMJ00Y&lMorpcJ79boudwaNgqM5x8*&@!o zjmFDQf0klWfK(MFYVM8eVydw#jRy}-Ei5b)bL;-szLCgR zAk*c+%7ICuje`_@&un1)<#GiT3zLfkyZs`dlr(G8C{UK-2}(V_|FWy8A4b+dMRlTm zeSjLv`6v)U*{{iI?TpPZn^`qey;l4vNt_7K6R(iRVRy!tdaF!Xfg=yQ$;%3gN`8!Z zV0^I@aji@sH+M%8t{BH#Uu@Z_s@g}l0d``1H7ga+vw@EziJdr1LBTYzBPqPiHe}}Y zj5BVF{QW7DQt5Ddss`5tzVQzuB1i;{?di5dy%GuFQM z5yL_*r}zNPK}d7&9MK%Qu7$Fbgp#r*3FqqpMH|EAE23KpWzO)Z?9ihS^QO3bqc`b^ zE^;1Skc!=31j)7E0*x2^Hq)I$m8ef;%)@JAgs%S};C-eB)8U;3E=rlh_=RDQ4DM{m z<0K>LJ)_FN$E0_@Ha6;o2gyqP_?mn(TO5_ZEqQ@k`cVnU5ohY;T(`Di9gB>JAndFt z^L_#PBm9`{9N3&c8X=h69r8OMk$!VM0ErZJ7NT)oSb0!W?K8TV*X9Hb4rz!Nu&K>d zy+z_Yec7-;lL(AcBk+MIiekj=Z1tsopbfoweTInG*ahYAOB@9{$i1V5q4Q6) zx-pHbC=33IO5w=Ml=v4IleM4A-AzupnS9mHQW^qzASHMDG?_Frvp>akz6YPFWdy84 zCy(6Pmh7zAGGADG)xf63wg;V1iSxFw}in)GLoE;RgA7 z=p6-$0$Bd`otq=?<;r1&<>WOLuts?Up@EPxJk#|lKVIL1X>=}w=dG4%vE2#dO1o2k zA2$o>?-QIlW$zEviTO0%=1==u^tEs|d5a#1bCu?%e4T+u2PB@iWzb-^Blk_yxec?H z7+Y4WxXsOZ(NBQ&(4gDhi8LY=5q21R1(v^Yj-a7I)`nSmQsutr4(IuEL9@F$L6Osm zi>18XG&Ndx4kQzh!&P~DCA}U$-!n!rDN+qolL5y09bzaCKQ$ZI^M;3K|&(M!=x%yf>I zT0fD;JlyxtBa6mL;tLa@l|&&^Cbi!EH9!>7UEcG^)GrTViR84~XVI)`T*`U;foaRb zfS7c65!(#}2W@VcPh5G~*hl{PM-kNjNAb>LI3eF}9LFXh;K<|SAM?kF?!wwR~>nQ6_D z9mNId16EuE@mBZHX0V#_o^9FCb`Z8EvZwOw@3^g-Vegyg`xv!W!bdU!whYAm4y$~1 zzubK2YZSY_Su<16m!FjSj?VY(%~2gVF}%RY_fRLA^Wu<7+LOPR!Ko432lm%bof^3i z%Mu-!WgGj}mQf_0g0(g7lYT~9qRSDMxYv|NpxNx+{NUE|Kn4d`TW_DW>6dSey`gb2 zN)+PPHp}*G(1`8uHuP!#^g_4DBsg!00--jWXD{xy?PY%_Y=6I447*;;5hQi4`&as! z%F&)6Ux7`sUYwZCJFVExwBr3L9i|x1jb7D(t&O$fbv;utoupglmtEXP&zl08<80U$ zmw8Qg-Ks|#Ihx%AcEl=&2j>&`NQz8R`G!c(9L>dk-D3OXo&uxg+{YB@wN~BG?hWsO z61jN(yiV3M<)q>2I%4s)*P`hK1qJY_JsKfr6;LXm5qy<#auo7_ZyhX){*mmA=xCn; zPW`ec=vb~?y!tqnB2X$`!kO(d-_w6{T9R1w8YLk+phlVbY$Jzhxl~{<^idVGD>E6@ z;A0!%wleY%ExMGIk>q)=?NlC~28T{juO@;I)uAv&TV7t!>_dz3T}KdAVe(qAd{1rG zg`p!~AF?c0Y%iIc#8}O*{gQ`vjB)ER?xKx+9eSk9&!Fr!XRUGuD?G|!Iek3~10p=@ z;X^D=woKZh3yE%%fP>b)$E+IJk0c{NN0cv?ODk={4h}7UOXPKHKF{9o`;h)A$v2(#mSxt3 zEHhJ{;a?jn4xDN7F8g(M>G*|NG7I@^3$PaRJ;nB2XnF_~yGPvr_9=uZbaouBcKYzp zbL?kEmX|b504JuVcJFsL<{Zg<_#@$o0YaC@tr4PXixO zDvV}77WkPIl%ISiC!=j1@UyJzYwhmzjthYO0ebdLW3o$`uG9d+sW$6l4ErGcgls%N zVsyMW2HH$S%~!Ns;Bi=ZJ|su0ARl;ALh@QB&2bvi2B^c0Se^>|(W*|bd4-W(%{sWM zB;3r%Ea}gjJa{Jcm!MsNJ(W-`tqXf)zHDOQ+7!uYe2%uYtH!V9+!0~*z#N~|LdI5Q z)kYBr`DyZso`Q91?QR1KwS??fo_BiHgKDuZ#C%T4nuUbpZxQ2Vi+VU(*E}$ru@x{G zHMO*F>t+FF&gaCu^Np9 zjd`!k@mkOPJ(M?@f157y3fRg*Vm@!YsF!P0feL*?q^O=Nb&9+Nz@pa-YT5!%TlM5p z-ui6zQPI8iTuXkwqoq4~HT;0h=b77v#OoWw936>Fs)kl+1r3M z#n7k1osHE#hkDg8mD#Yc8?pNx9%QSgrXTKtHV>E@)NGXR5!Njc)P>`;QQoV#_QBJ- z>Mu%cDqV$K<|3JtDD0+HW4SW%0va+@Mqgt*f**P+D`${Z=IX#@4n+nPfeeF&T7Qqi zsmDa$bWWXmPVJn*65c=#Lv|+Xqyl3S$G@0Ep^h>{+RESL1kE_iQHk&<=_KzI)7)-b zz}1@y4bO59zN*CfbZ9B0uCUMjwn}RT&6iH$W~CX&A4B8`d`o$dpTp6BBryxB29=f< zjakYs7^KF{mphS=DXXW2iqFKgE2L?tlktNWchHPLQclISZpJ`MEISQ%%X!58nQmAu zH3Cvm9su$a-LMBSa|Hl`Qw>;~Ong@wgvae>fqB@SgKh_otnsV9vz!KM+H6nfGB5Ab zl&nLtY>$@VdM>k6FFKv_y?}d6nWix5xjdGouy0iMZiOuwy!2nkZRvC7r%#=-eT(;+ z60in~)(3vRGOw{TP|4s7fOdqlCK(AV5=7VW<|uv>z8Z(+j724iV@mRbT$XN3L+*b> zZQe1_=4RP;a;v!rwtLJYn90c?_`&1yoo@W>%esxRg*uk?j(oj1D&In*JJ@kzKEntA zy*F3d8t6G}0jh5(V$NFPQKAr{$fPY7M9WqfKCyW_v3_sK8a~F zXAZ`RWne-sY5-ev`1q{9(5EtyoKtfUwj6ffedQBTbwdLrVyMzQ0{{BmPoSzw7)jFf zkv#{5_?E46d=(>9rA}y$-MxJDSz-};*=)}ExtcyFlTsVfB|e4v5rx=$AjgLkqCsKr zp+?_g=&3Jpc%O|jSNt+ub+M3}{uwE+(j!4fDagB_YGbbi)Q|ffYoEhuMY92LY5*5n z^c(f8g}*WbL;3r73n583f9h1(!zJZLqcVHOAD+UKD{@&1md1e(Iy01#6=vTr(M>C? zbVKHOPj@%c*=0o=dJ48>siifwX_hAKmseu^g_-3mBAcdS)!cMWH$S4hXVT7tDlU5X zle1<=Lc9g$qgM-`8p<3uKx>vJVzF-gpDC!-9RTi=w&k5Ii-$EueN-%WobDN|^IcnC zck(RY8pzWwtknrg#Ivqotu$8D*CD56 zWK$ep4xCBiBb$!3{Vs<62#Q`B(w(iiz>}`KIoI}DZ@p7lT>1hafcx@aUclHT$%Bl6 zwGpU7u_4nXePa0KiEqMk9q^7f0X=aZ=C!1n{1Sb+EnPlZ>HHe`mqh@$H@IIm^XOjA z86)hjNEG%1?_O;&yrGce=@WkLpO^Z1eBq zQIm+bw>QHPK`Lkr(g`%&1O1+SgB%)R*G!PsDybM>bX|D%dQP!7Biaf8+xraJg5ihb zkquZEnPy>f)g{6#Ys_Mi?GRYfU8;)%ZtYe>6@o|yY97yG@ZP!HN#PnGQ)iR3YwhEP zE;)~Xy&d>ZUy=n%LCj?FW8@nZm;EQ*V)vHWu$7@)9nWRtsHfYG7qs_FawoO;_93V> z{tVcBLP$JwQ2o>o7-j&HO9OUE5Lt?TPea~4(~Q*}O#VXkv1w#uI8osV4lMLE@8!~) z?LH?sAcpC=AUbrq77zrfzaD@|vi@445L-kw>1n61(rI7ADbsbBsSu#HZrhS1pu9QP z-5GC(OdBj;zi*WW)|q8jrgHI(FtHg(fS(J}L8 z493V<91B?|Z_#?5h}7r9)m{sT5oSWgH`Wl-emhHvPSu zXgzE%b}249hc8=8E2$c5{iu^`+qynv(iMsK!Ea2+&k2)nb|$j`*{`vUIeK1VJCp(f zE6P6Pkgp^VTxyYK4x7gJ0&j3X5Bi;XGsu1UcIpRa$6_ci^MnDXSh=l z-hKDFbBv7qFA^6%gc@V2edhYcU8vP?A;N->gO)Y_ax;J~`J8_|*;fj6Kk~PrZ`~O_ zPs*^g>ghI#N;2}-Z{$IbjgCG=HJ;NFKis(mU}KJkeN$^piDE&;k~(n3^~c4+x0Waz zXwX%{MhdW8lsH|+8fXFW_4#QQ!>U)J`A=EYl;iGqRO^N5FW2k&?8#J?u41csTD$;T z_X@jV@k|N!a%KNqcg|+bAr^w(ghPkV`?p)KUDrE5mYF}j4Rpcpqf87K5KT}Zn8+9! z&(&u+L`&8jRpP|b23GFiP4$NzuXCChZ53XeIlt(QS`y{XR_&=?7Tf2<8wZaB0LS`F zmf2~yM}RaDw(hiF>W|YDXMwN#3S{LukuV4!1QKIr*clA)e#f#K(>pOmQkg} zs79x6m8m=#hkow`eLA1wU|_uSrjxuh6%7_a9Yc=f{^hor-dL_F0?w+;Z46zq3=y@I zaDHEgASe9LQxdLmRFm&~afFU6j&Xfbyaplt*IU1b{eVBpg zM|BY*S8wrJ9jv36_BlrZ;k@|iz&x&QpIVA9*?9e+#mQM5^)cVeP6CcIg{9~U=|HnE z2I-KQ#nWf4+g)2?IAMskK&%o^kgk<@cl2Dr<&ssh%TD)r8TAxW7%jbke`N^&1)h=ErmzVEG8A z!8nNk{Jth6#(N#%xwViCg38P!KSL;*?5@fKB*tAG*tNoM_ergJH8@*MKI(}bmboqu zlj$t3D;c@7pnVa$ z9zT(v-7B%f2~sbSbsb+)GZCk$;-MozZ3az9mbL5NFtrG7!5yG|Yj~z$*e={vMD&Fx z3R%v4dD;XU@Be0@Zn@Q2n3R<}j~yxpeV`TxtT2;q!!)+2<^)XZk66}>;iC~ry~NF5 zX{Wpt0|n8uJZ8Ntv9(QFug|wSz}Gme&Iv4u&B;`-~0C?7xZmsh>yt zD6Vo3#BDcK84*$O7Ju_`Vwb&4=Sl;Q^P#hw+&v;69M!>W&M!)xbP8jG04dv~k3*dd z7Y?FJoM+YaJh~2cf1VS!%P=OFgxJ-JA@x~vDu&2Orl_%v%whZUpiQU)pWX*Mdz zKra>bX(bwC?;lSDaHzC0iH^?DHccA_Uwk8kdSakr<^Ec%4z`!=nq@& z-{1RNc?AdT%6(=Q@xL_Aq~NMsDqHWEwwMrd94CLH`N&6h`GXMYC*9KF?FtEaAY~~) zRNf`))V(6eP>N3nNfv>grj&G+sp;{?fpIqMZnQ+;*HeTf$k_n;q;(49fXCWHKOtVi3FNBlG`-!<<$h`qhHuq2lsnsIz0>KW}5 zch)TRP*+QN**%iEy3Ibk21$Cr^f>zEv)!#aS{smP`1c^-0*2$TA^t7DjV^9omw-A0 z=yd78_E7?Qo*=ycXR(8Mc@o@XX=)eqcza4Q!^4K4FUt>`AQvCPlJa`Cw=gx1*WsmF znnG5iUI`?Q*D`_cpSzzD_>DYdfxKPGUgoa%5umFl4i7Y%8$Fl7`Zg)0hY2@|7_BF? zuJfa?O3fd*qvE1kEi(4;y+DoIOZe+66cm}Gbr=l*-fU{Wx!zyqkc#V_0CElYZ=LuW z)!!cKW6*;HXNYa=dcS;YvkMxeRI{`~UB#y}6zezHYY`gsU7EInm3l0F9Rj-c8h(}Y zKtK=1Y&9LdHU3&xHD(Q3ZTogv$Ms2-|TB%Khmp|{q6r)Zl#&J2xv(~ zDxQ{YUs3(6wAvF`hDZL?Zrn8C-=79Qul^p%Qow4k20qwFn|S5DWl$_u@~$j)+5(pG z6jtETcH;V*4#!&i?I|Fu*`Va7cMIgnvP9y4#7>*TQlG+dJgQG#z54s=2LQz+rG)WC z$$_p+HUp3JTb!J<;`mUVB3dV|e#?6W7Z5ypz+|EWiZ(pl-9b9qK)1|3`7)i@LT>#~ zi^!ezsum|66iP()gnN7H)NS_T#e6kpH`foe=!*g%Pok)oCLl_nLB2Ja$Gq+SEqeiO zRJ{n@dP2+kJyffR`1*}MkqB^ze@Ps}Cj37>vd06`%5Z&U$g{l)FU-xctx`%2O5m-Ms@dgimjgO9xlP(ocE-o(OCh4sTs0~B_U~zG< zTzzzu#BT$*wow58FwTiL`}tm)lE(}JG?tC{Rn13_UV}P}&%mhnh7^It&;|IaHZ@Pr z;3`-leMP2|lar?VV07|9;ZTC+f{3VS;-4tJOyhrgOvggv_5)-u5N^wcdb3@x1XeNk zk|%+c%>uO@$IvCgsRwH^xOYE3o(l(!SUaCHCv9(0rx&_1 zW=KCDUu#?w$64TsF{k4%f{GBAxh`hlEw*vQKgr8_IhQZ@M$bI^XB3lDRyS1AG_TC7c&`eArK4NeBxcu|CsFOOgKY;@L$JF-mpMOs!#FD2xx$3BCdx zZx4>w#PRt^8~uIip+x+)^e;yOczXxErikIug2iYFMs)-`Y*ylt)YlU9p?t-axw+pT zKK>N$p9k+h-1dhzx1F~-c=sR{bt5P!z+n5J6#k9MedIly{Lgj2Pi`|l=D2Ug(r|f@ z?ux1+KifjZbSpevGg{xWSoG%i3w9^g4ekSPi*J{YEX)gY&J0do2?%&)xDB}%7IcAp zt4rRa)6zb9gX+ulOQI1b#uqPM%wcMh;>7x;0R7R$)2`;0Y?-KClyHHVDl?q3Iuk^B zKTs%?&Mh431oE7qhWRKB(AhG!mnN2%3qZY;Osb5}vz&gzJh1ArHIWsdrd4d z&9QW)jR&AA^k4^%YJFB4^nz-g{S$lqex|bZ_Yiy6`P~Nr=Vc)u_@Yc&s~`Yph+!GK zr#G<`T3GE7?#!|nrHefjrR-SF#W-%gADVLQ1<1-r_I*W0xyUZz6?%X2> z`s?+8j!Zcvi~Y=?;z)_}->-hkR{A}D8?5F=%F31PYtZRkb+7wYw?sa&`b_K*;&-x2 z-?M5PB@l96E$Z|$-5;1tsi^_|CGxH^%HMUGV*BsAWq_&Vdx8Ek!m2(Dq4mshcEx%w zq|k2n6$l2k%_rguYOt$QRUYo1p^Rd7!AI^d7g`L&WTDQ3n93u3ft}5n5FO7z&%q7-dB|n-oyk zEQIWc^@Ud(43r3Y@sD|f`xr;;Pmr>^O#C1Lk>Dejr5v06l%?iSfdT2EEoi!5e^-|0 zQXhY|PHM%F?7EraX2*|rYwN-jp&@{A=i)jT(~(LBS`GUhVYNULN%;1+g;XFnx=2ri zfg7LGQA-8jHD&oCFE04D_}sYX{$<|Xx9#q~2l;K+?d*|-_w3Pp=EhHQKakK;UDx5} zH=-i;(Pb>SeDPcs%2V7%aIv7YhwfLzMO6PG9g<+S`+Xmu%Qkaj<+W?&iC#@f{Aoke ziz>Mm+!{HCfNHu3umiDdBIUnd5Ib``=nOgi>l$OPnWTfoNNya|@sL z(~26Re}1@=$Zku_sm$p$c$HDE|B8LOLM*5V6dcg{{77}cjh(4$Z`;Ukb~Xdnm8qK4 z+YSX_*MgYBC%1;sSHAXq?0WKr1D+ON1M%jQ3ZWdk=XS~+JokjrV>cW$xWPSIV^ zLJ-WC%F1P1PdR%!wLVNFDqEN%E}0)b*nbX2YQQBBZ$JhT8>YPsYchFcjK*9BNkvT* z2w6e?5ky&1dAg#h%QgE-(HzqHvib^)I;6#k0(SXT^F7^FyX$=WL3DgJ{aSmjJ#6f{ z#o9QIkdfbEma;gFaa~4fGl+7ZMeGm1CTRj)DwcB8Wl8TSmiQ!v)8qgd7rHfG;<0YF zIlKPxrNOrE*RLQMxMA+Y=My;829#1yK-y#olFW=4F>+Xg`4x@%vT`Ce1JdP$H|D z*N;G0jMm<-OLsd@WXyjCWa@w+lA{SQ6~Nhe0{8)6Rp0Umb;gQ zeM-kILN{+g2V+-EhO0a_M}uzJq^YYv?4kK&Gc-p@?MX!JCi~I=Jq6w0$%TL>CouQ5 ztoy8~anKUr*?t*q52NP4k94CG7Z=Yn#FnyX<)?TOcfBD*8sq2in=^dr} zNG%8mhU?#uIepAuX?pvx{tY>NdvxNbx>5lo)1F?~sM0KtXy|YM;`i)5pSYz8N~vn= z4Ad8#>du+hy_D>lkTvo^>E>vPV~wK~8T)dk-)tweUqw5+_?6;&XmI3Y3}F(VoJmdp zHG3y1G=#7n*UZhp$U{dQyPeINu$Kz{f+ z1Lmy;kSoLs(|@nNw;PPvBi1SwF)vdURHKPVeTgb>d~W}Aljgq5x3-~XbevZ}(5zoK z{_JKG3EAUiUbp94sS#qDpaPr>^p!?6`lN$wwBRj<&x-Mymip@63S~VIxFVrKS@$db z@%JF%KKV1TQK!NsU2QqD!x)$Pt8iw10PJ=OQy8@+$hjY@mqH~0w) z>Oy(?4(Q;Z2}ndLEa+;r&t;W#4o^lHLFX1BdG7P)&(BUgMk7AUO;!ltIkBgQED`{3 z18@wX6S8yzU)K&i*1OW2%xy3wt(5;^z>j5>{ey6tl^ogp;NAFEbv`F^2oc)Z6gHbZ z`FfXtjKJbS;?=lKcMWz+1HJP+(%wBswr>Gn#1!;zEQz2Mg-!#bt@*Jf)&+FnUmU2x zY}K3ASor`i9iN=z*|v+Q!Xxy8Fh5hK)tO2>X8-8uywFOoZQ5Ow5=RADCX8E&*m>4ejgI`mB@ZdSo8>#?&@)9TY;F54R z13eFyt!)fQtbHgsf=;6nJAt7FlFp=2pjtN@rU%v?2m$0-aC&2s^<(4x{DBID6~eUnx<;0ohM*HL3#1?M$OSBVReMaluB@m4On?s{qjM{@1Y7+r zTR3nA1f*Ta{rNaC<8-i!#;hIY=ei3DK$R&A7gzhRfD@Y&rWH;hyu~y5(}^+jBxC|4 z_WgBYI=ZAEQdzisT7@tfWpyK{)he*#M#MQt`O%b3Y)EZaxM?B{1#;l$jwSqg4k-S( zpVvF|!>H?zq^u4gz1&{Ql2$dF!1((izJuO_UoGp~ zIy*aY=+*J@To2*3ZA->!IH*%whW8<{XHm6K-%?l^LS|l2|H^otY(0dVB<|0P|NhVe z5cK?qK{@4cOuG2%uD@?>@?wPTu}vy8aKc@YmmO>fFR-7)~C~|6jft zZq3?fu-n<$Wq_G@J}~>)FB68{db^cG1$_=P$b^By z#9jXTux083GkY?4tSi=oTwRvqs7HU4Dso^~u-bfzG{2 z7iPqbrtA?|;#1s2_n(q_|^zQvD6G9WTHmdeXQ>_)d%r)mKpcqy|o|qq&yCG3jyB&=zZ)={z$^IS<@bl}?u^4^zyUC_cwKsrA9cQB__=c8k zDeVFykHwE$<-9(1I!NS3*-Hrn|0M<-04cmo*jW=VkOKmaIPP^TVN|3boQFXI7uo`2 zg*<3t1(8PL|9*!@qx74(@did>u|~J(T2q~~L?W9u@4%N_islD;&Tlqg`=XfAtlAA2 zczGe1*0?mlf6M~<+H<^B005nnxqnt1c=Sg%jz#-Gw&=5b)-V)Lyh? zCBiD}-rbS~Wv%j2JmyLW+fEr64AvG$O$y+Gp-R`;#HV##RXXY#d1^X*RuC{(1a675)Xs1)ak{Xew5c{tSl`!`(I)pDuSRZ<~TN}))0La9{tUG@-T zUy^-mr7UTaoh0ipVvK!>3R$y^!B|uF8QEqq#@y#e*W&xVf6sH=_wgK$KXO!K%*^Ng zdB4x|wViG;!j?Yw2aGmcqkRJFtExB+PJ3Gj;m()>QcEOQ4$ zJJK5TGv0hVq0~)}0GT$mTm5=%mV7Sl)_8a84>T*FnV+oJ__Fw!82`D5(b)}5oo zBhC&A3JRi@D|ckb;>Sx^g8$mjL$lH0WDFF>Eie2^ntt%rD^6_mO-t%$wb&lfCT!6|rWj#6zWh>5; zRuz|*mu&~iOZbh8-*4M}_#O0?jUPXLG(Z%^rY5F7U$&_bvJG;~0+&AeF=h#6CL{Q>xJk9b`-O zXpp{L*_m55=>Vqu#lHDg0qxNyHT8#}p&4&WQ*|VA-rWG^9w||}UEM=RiBH-OR<7Li z-pRaNQfV5SpzbE2*Ol!qX7aLVbZx%CBmTyC82s3Wg!fMUhDNGgTO>nS1x6PXQTJ0p z0;>hHH441v<#+7Zal7mIX>DN%b@KT_$KUevyoc^>*Li27iQ+4T7QA;8sj`B0XLZSy z7lUF?d`j#32;_8NQw(0wJ?J5}R#U z9{%Tx-&bwGc!Q0_dKde&2;>Y`iFJj@YU5~~?3{8{{cJ~5Raw8suBN_E==CYCvd+!T zUXGKIw1-0I&!|^?+Pxv~i@tqW``yE|RA<5le;0*@p=IDZa%%dT4s&j8U&!0F;S~9t-IgPv~5QbIAe3otK_mj6YEYLk^H7zLg3L=;yZokL8XzIZXlV~jUeM6@LK6= zIey;rJ(Q;;qVuVGZ`?v+qMCq*0oGcVGA$LK8i(SqTw9&j!r2TMtIIFG17-k(6eqvT zd_DT3K1MrLIm$z^R`5zgF(cZ6|C=?)?F~Y1)_edx4&k7gn&yuN-2zZBfx4_M=*~fy z@Mgc*2WrDBdI{n7=Qj86pWPCk(p%-6Wa_ zXPDBdwI-#CtUZteH~~g3r5OGn?%NeDA^n$~neE(V+xB-|!8}*(dh&l5mN`{eGk&Jj zMkKxI#m%@W4ip2`NDRqKG&KcMExdzcZzA+^<+c86C5W%YgVal$%%#&7@na*kpZ{p> z%F;Dr;Zc7VDg z{`toJ#QBN1B<=I0e!=ZlQPf0N%p?{oA?p4b&P!93t!;3B+d^a?LMtVx5EuHD+%=DL zo=|?Jft$qR{E6b={fm%TH3dLk^NI)UDXEa%!B{Qvd?xsuf$Fv(WUFyR0fz(3^yQ0D zLQ|k0(ydy1Ans>(KPN~kz~;v4Sm4j0YRT65)#dr#jgnIR=#lTOW*0zcLjYe18k|@w zWZF!@M|VyQA6+ zD@gl0py5nN?M5gvk3PIgbXPX9(!Y#cLN!HjAp@2&fbGZEwsUC!j45dLG(*z9kPoIx zP{{oPP+WUG_(W(#@Vv3sDEV_orme|!;E4OXZ(6^0us9FKn|Ru+x$DO^$7Q|>LFJ}3 zCYzQXzU^Nf`t>XGirZja%f3IW{^e6FJ_c~?l$bt-TZRk`U81P6iMIzHW#Ph5U`WhcqKEQa2aNUvZ% zy`k*Bd-*{8;vQ-A41;a@^k+f;$uK+PQ88x6rQmIH`Nqzjap~#k?Dh^_eYD~5b)}g6 z7Ya4;)vl6vd`h9W?lV_rsTJ8AYA?@Ju8n^XUNZff60E{>v2A+6$4n?B+N>&!)Kc_vMti=bkXC(!Cak2&XviR0)peu z@D%z}O2#@t5lAod#wL2N*uqw*;z*Rs1^vrZ^~$2CRYTMqg`!6#_|`+?+%s1jV=3m; z{wZ+;N=TBKi*TKA9mFR--*JHd)}`{rrh#5C<3B`!;!S4P*d&J> z`^^YM(+FBAmwj7}sWTX<9KE`8pd_2b)0k;vHPF1E%^zG{SaoadCB;hEXKjl(571M< zR9Iyp!cDqQ4LCFUY@XUab)=vuw8mEXDR3*^R@`t(JSztbVOmJ0ZbIdQIf{>0+uY+u zN)`UCpV^NljZYI5#{yqx*%=Ni%W6^5y#&6dU1v+%3df=Hg>Sdy8dt%LY6B9iJUw(H zv?*D7=rpLf(10td&Gdf(MJ?$3!WF|;j_2P#>a?4>&sEBolHC!)SLuE&0L&iAis2kn z!Q5juKc6LMnb0chm9m1E&|R~XE)bVypju6lq7kbozKe*~cUFx(Z-B_xs)AKA7V3wA zrNqS|;yy&=2UWtTgX=ulaWY!#)ZgRnRatMi#Y471k6QrjsyqUpYftz-oo1JIh&Bya zW`$&wn?(|ag?U1=@okiD4omGuxADi@@#|MNA-@&Y{Owduc#CFFtm?y}%>(D5i3x-9H zTX{yvLjkWjBpkj*tJh@#E8h~!80hzNlCT4XKO#pcEz&wsL8sicIhsvu_B+?7^V?w% zanrLsEU0D!%6TNUvY<$dmFw@fav4>5z-fo* z(f>e&L|IWqTxM)YLegZI#Qs>ZbE%E#(x2=2jyFvdD`mZEf6B5m;l$rh@z?j`9#42B zr=|{iKE|2OQe1<;zZjnhdD(RaA%d_9mEuZYVE1>t<}s5#^FRKir&DN0$V6pLPJ-SY zaFnzO*7?7oxiHIuf0IrsX z6)M7CgD7em>aIF3kaOUka;S@SY$^<-FQ?bkSO`_wKh3-SBgCf83kYq*s0h>QG9c8{SN@f&OIhPVo?jSt4rMBhcf|paH68p^jgp7u!*Ei z!3$}r7eKI&x-d3bLkN^#0lE@j;Va?Gg>l@+)}8u z3o&k_est6%!S{ocWn${`yMm;oBu>l32i{!3z~_7pJup%KoCk>I*B;q1O(!$LKYaKg znUugb!eyVxfQI&1Ya5vNCM24C#oR{2>K8}-`EJ|31f&E4s=nxGSpv8tZe?mA6axgL z+`QzBm}(Ri!QWrb9ELIck#bndEz9rGj`bG%(Rzzr_s3O0d2K%Ve#DO~5^$ik0sg<+ z$rJ1fi&Mm_BPLYI@!Qkpa+V;7nC#1hQ+DN3kV6*e$-4F=f`a;#xw$GW5KI~t#sajmVbQI;dvL=4%^Sr^cRFE&Ap_atJ{r2Qnzd~`S^WwNqBF^Hx*gHZxv zIOG%L{Cj(}x3F|^l6@3^-(H>*$ml=p&CF&(17}()#@_e3y)m_?IUa4`{L~)v(Kw<+ zumgo@TPTTf<6I+`QB3;5t)wI+zh~5MJ9H0>#RzY?(S);`$H$DTxC55V3*kOMQ4_@M z#Z{N*lq=fGqL^a_cCnn|0)0BpwxgF!JWCUA?JkEw*%b8s2f3?Hg~#OY)c@)3H+zLP zZ%@A7IXgPmw^|;TM9aWXD~bnvy;G_-fQYbX91))VIXnAAMajq4S0<;dRT(=kl{1c1 zXcCjnZeRk{$#{1D{CQEoB^UUOwG-jCT|UmKsuMG(uMobOnx#j&sCc=+WbDFkBM+av z)WO;5qEx3^f>J6WAbx(r4ry7vJ+9VoTJ7oV}14kAI@!`e_ zUy98_w7PDd#T8=UnK%hX3Ueh#XE`L_!(lZMF4;w7(2^?jc?K94_QD8`QkQTHT;cR8yf|VZL-e_CwJ$WOmz5WLAOxY>QaS*lj-qd-!~)Y-=fkC zGrbR%S4?G1p>umjddA45NoiU+nvjLHynRb?i>J%?iYF_lK}3m8PYmd#aEwNqwZ_{H zR-dzKg{I#?s2sR$urLvg}kQ1;AfAi-!>@I@WP%T~_P>NhAoLY{#Yp*kEf;2=6 zU{3;1D>e~KHU#=LXF`k;cBC#4lbfd6VV~=+T}C01uo6uo)0AE`Wh~jOYOR!UZ~L*N z2bs~d;b89Wn>oTahc4i3W}_X=lsl6+SycR|a^%GQCgm_aMXmhYVh-K)rlH>OIS&2a z4Am_nh>3HqoG7JkoxbrgOhSGtP0Lw?Q07cV)42M^eO+_bSLw4mFbk~R_A>_5vuZo9 z_4YA#l|LT@G3fCVu5>FMiT?wL{(PHGd<7ef?a%@UXQ4qLx0_E;-MS?+jVstPfvm@S zx7feVgNV_@THh*eK5PC761OE3i*vvWp9Li5Et{^h7b_bg(c^OZRZN{FXl-`hKg(>| z6lf2YtBMAn?owp8mSI^UflB>L2h-#gtKVMpen-h^J1YbLki_%*lc1g`rqLM2k)m$* zT`Ub{T(B>8x`Bh}jHvzhmV~Pj;*NGiqaugAd2~!jqH`twDnJHLcb$!;S!eByyP3Uw zc`dQR*P+UsKQdN*wa%Rmu@w;mUh~a2a^>YDe4WJ^*dD#K9K8y|TaxW(iLd#z#SJCT zB}emPNxem(=MziF{FpJPn)lGBd<_cczytBuMh^ErpniV&m1CTzsGY7ZOZzmigW@Wa zyPMfZ*}1%iHggEdz7Grx%gQ2H{FVTq0B+2RG6VmcMh8_*kAGZ9=4d%Hiyj@6In(|D z^UXy%xdC*W)}uz0>B%;16m#@I225h?{xjQ~7qkFckS@wIDD`og_%N?884sf=0BF2I zK{Y%yNC~oL7OB+F9mvuxD?D(<*yhrd6VtM3U(*chrfYUhGh?7-++a)w#p&e}u|p06 zDyi{$ccShKN#;a1p_Tv~Ld*HD*o-#Cs5z?)S8s>^u^tJtxgB%cT_k)ilSiWUg>>9FLGL(D6J^x*rkFv=FnS7!b2E z>nm|nn(I;*pXm(dO{O`ZWac-`M(mLKLA$^L7R}5JGeH|BDsIyOzbhS{ifC;fh*NmP zQZjlECdSUO>V$fUF4`NAE za&aG!bpM0_dy$K`xRWAxl=>MgPRSoS^K9xh;CzTkU^|Q_21%zwl2l8nyS<}JpE1he zHuU_H_$(P^LM!Tr6317^{?cYKhT>z|>hH#_om-x|eXk#eL;vAt4pEz%gWB3By3ZUP z41Ks-v7zaKqrfxeGRz@UN%&%W#dB%ZBcZss)gYwh;U3kS9xxKnuKnGU4&TT(4=@wY zur86W+R(8Bsw!T2t|Pn@c9_SL0q(CBy{i>ovu{O?d8DnR^UXNa28erPm%96^su%bf zLz2}*Sg}QfeY|;=o?^~xHr?1$7t1nKBs;fkhk$^0!Q4I?z<)gz7IW_E)GL9Ijllk4 zrH_91*O0`JJc~!Xs__~3ejm_7{0nx3V)PCU5Eg~wq_dd})07WtCU*`p8t86jRZLF? z#uw|xtY=gcqz4L*P1HP+pU6C!RFKpu?>?#YmFjWIu)rppkT|d`imFz4bd0DOL$gqb zb``E31ri-*1UQRXFW7)#)&PO^pr!a8RvZASr-esvu$&_GWm;xav3kwyd+}Cuy2%Jn z&6~6=5{R7~YXVuQmOM*Ha0cX7t)#LEV1>sCV1X;g2KPk{lkR9OWk$(qr!jumEtz#;>jbI|n0!0Jy?prn)@44g4 zoYL=*>g~?N;~j7FzJPO%AQMl(e&k7~XynF{4u^^Z$c zd48@%!_}dw3_NDL#GE=cTIH$PisjVAG#rKwA7?di58$O*AMO-2pu$`W zAKz5y$kWZN(2X%^B{T|2JretW*>~9~8J|*d%}QTinKv@9w)J zZCg-N`)x@D7KVAgA*&BsAVOk4zs@x{{_!9Sn_MtHG5)3|!hihqr|-{kksV4mc#oju zHamm*r?v&2KS$9a$))wRY?%)=;F3IJ4vlb(P^eDB=z<^m7^=K(us1?Dj!4VVr1yU6?(Y z;_!aa+Nw42(#&pdt||X8Y26Hsww_}OHaBd_lRw1ySDKq+Jb9*9io_yO4?rH*k`S7q z7te2{git{QPlc+31e)(gQWC5)aj-|6iC;8LRZnPxCiKYCeMOAd`Ies!qumNI$z%Hq zt17U6hKg?e{(NoplHaT_tMtx;Axp<;@?cTrXxar$CKN}OXxrBz>HH2syV#)U+Swev zjEfcZ)`2MR^0$ z&ZU&~qa9VR;K7hFzA(`NaU{@6;2{BFaoVjl(=uJHAwfpHKq+~)zb?*I01C2)#S*-J zCP3$^#*1Eux-{RscBYciA~#hQS)vcHXdbIJjWH7l2@^r*6MP-|9R84k+pyuAPZC70 zXRS-U3D*3ru_N5)T`oj{Gi6}BNd}BdYN&~o%d$x(v*j{Q1-d8=@-flz+m0IM+vQ`F+Z%%y- z938}icsMl*pl3!+gdhySz5b-YnM6H9&rQ0rKr|y8;Vb7gD%6ZY@AlQ1o_e zagJJLGqybcBVrf5G{zqAphwtOXPthmjJ$kCt$lcsL)5|M(x*|jx&vHto@;*JD`-M7 zZu3>+&bji1XUmw5&{i;>uPspgqGp`Gi49LQ=w|g&0P1v~{kCXg4`D+(Z@pY$@hfsj zINtF|A&&Vd3h4E9`&zZ6gQAZ{ZdzNDNjUG_4j}XtXCUa70h;d&!k`Hm!wa=!pMlVB zvX!v~?Y|DPCx}8*&Unts>Ut8vAOw;tf*D;JZsL0)#4gzXhBc#6+{10NPtc+!A{t$F zTvW9$@ZGK&KHbL!+@W@db@LtQUFo@j@`xg1vu2iQY~h5+lnO0IFURp~SM!zuV14#* zq=h!~TN4-~OhDbf|qy-IQDA@x1vX~q@* z0)`=h>chnKLq)ft$?fq4lE%)rU-Lnsxw(1o`)UGZtUmE0nb=J4`+b#;^PaC_+GkqH zYHK|9lIN-i34j)$P7B7!9)M2zFI5K@@;f^8>H1Ko2hPY>T>>fqG3+A(Y+$9r*<|^9 zvF8NMDjj|wuUcC{ckpl=bMDT_tB~g|XH){}x8FOWsZS@CQ`{jV=bKLos21NrhHa0= z>eu8;7V%gni@2m2!1K$DVcH&o`99@dBg?c6IDa&5t$)rv30i|YbU~X`@Ig!2JFQkc zo-rM$hthB3*R`5vZX#~icf+{?U$^ahSaTdhvz1GBx^%h+E1*75UV7NefJPzd1|KxlxEpwv z*>3kC$*)1u{UAR`k#nxd1ak(F|MitnR_xfVry<&q3ei50M%s*E!2K-`_sV!qW>82n;{fhB4B~6UxN`WkD^Ml^ z9^M`c0dXcCjMFi0h*}eZHXMGRnyH*ui>DqFgfT>gt)9?7c=S{_Qg!^+l+0=dQa^fxG|HnQ zvMk8#4TncjQL?x1XoXCZ9B3XQ7n@)gFau$d&dnh!uwZrt==GmX#({;m^UcKvI(0-N z7>6gcdwO^{d0|49B#uz^5WDK$g2!m&y)CU=$zm2&q(>OQhEPZ=aak+Rv9PNJw9KgA zY$o~jnWSeBt|so#{bu_lUKelpQZOV)Q$3sf5kXTC*= zn@IaICz>XDn2j2%ST&za@=?n53^b`edNdYrH>FpnGa(o3L(s`^aPM`mK{ZJ9<&47z zG7^S<0UV>=v5dRkKZiEcb~WE%$#NV_e!!ei>*0XS^;@2|2aprvHfT9R;9+L(CaL@> z0)MOYkAryny(0m|CR2&A)Z1+}kHjCdEgD3-IN|Md-B+5}NPT&iPO8Ui2or?XD*b5_ z0R+h;UAf*L(gbTLYu!9WW~wst?P?m*EOMB70sN^8QU{3BrY?G3LN^|JtNASiQ2;-E z(s&-K0<>wx3L>=nPBI}3_)2I$!9iw%PWBB~U%^rC%js%~1!J963`S@9m7QftOXMrY zO|DafKn>{Gzk(WS+B-K(&mYkv>Jon1Y%aQdD&%SrC`q6U3m~Y2Z4<8p`9rfF@*S3 zqoV2CR}`=k)j9&Qe%GcJKD^;fa@XSDK0NQU^#Yv)!rztmJ8P5O>w}&nNclrSt1CZABf1r@xT z^DU47e1E~f?PRh_*v{=YRA51^<#3k#wV(Xr zdSK^K`$uEjmxb*AySR>Rh;5laelY$DBCsSt$kK{!wYnkHO^AvNhGal~|Mee@`Wh*< z;frt+^8qc>asV#iBxF>3!UY6<{JO{a#kqgwzI{?#P$^~F)jj(ujNkHpg18$>r_K`P zgQ`iw+JU*IDFBw>9F}+ZOM7I;iaRQ8NUd1^td6s<%dmcZZomF~cKTnB@n8RbA%8uu za^s`^l9c|(KONtRJlWlvj~_=8HvY%mcX$8KG|TI!dQ}xnhDGe+7jB=k`1A+t+C>9C zjfl4Th}^o$*0Z)T!R(G96VLy<@S3zXbNb(;oQ<#N|4Ipc0Vt+fwT(Z1LF@nG)7bcf zn~Xt>w0~$O7uIb0_Upe?e;Xd~Y#OXSc0hXAwY@EYE%2h3_>*-l@P@~1dLhOVi^u}y z=y$>pi$L{*ZTk{c->z#yX~E@7yc-^T_Z`2Tjrj57pD5r(PWVp09k5*pI|6UOn@>z^*JRs?1vIiZtvOv1}KfbKU;`NlB=fT0jkQi{`e|${% zk^3|v)94tSkVqxy! zh(pZk($bO*#Ntq#*J8dDsB-`NYL0lHGA%DgBE4LbA|gaYVZfd)+=~vkPKg)(oPPJk zY`lW1ckQuqfnKFe2jS-!E`DOXkBUh6q%Wos1$%P*})IY zs}?=9uwm1D5ds&F%%9JDm_y&|z?1c`k~grKc%AHH19+>)$CEeh>A&IVpR6DsDo`W3<3)>cNcTxZOZk0wvs#=qeqzG~-o!*w zytKXwUtea6?{}Tc=MNt^6H&>?8ts<#v2PQGJk*a-Nd=Z!fu%+)dP%O(i6!@7=AU*8 zTl=`Q%aP%E8W_Wm4ub2{4cbRNnZZ=fS#QY?47l&HgJBhdAZ@y4g67 zLLemQCc+P+(t!BpJA3w<(CI6n&8oW0K}hzONswZpx88zI4Y8MjNQG!wS{Li)o#N@7 zGdG(@J%te2-I@`?@af6~KyWEZ4)L4AAp71~kh~q~1at-I|!u zlY*-27#>VT0K$n|iA;h#=uZbP+h4Vw5`auaoZ<+e$a#&lZBy%moRDfsI`Ylqs@ zj@C{-QTKiW)b(B$$+In!IJk&Rq$-SP+0AM{#J?qe1PNS#IXn#pJS1XK>o&V2#|}eC zb@lK`1^o$n;P=J&)IY$E6k3>Lu251rMUYb73r(^v#OlSLSSRO4!UraozJ-eaw0k;X zO`#H7zpP0e=sa&1g32kaG`QsLC)j^WQ{i@Idf}I`evYD<){%L>( zN!uR>cWraDu!*|d>_h9;wSj?`8GljT`bAE;J@#TF{je?MjF{#By%6E_sXpJ470E8{ z;Po-tpeSRw2c*E6AVF?nKhFE)9Aepc)=eiQ_e{A1NC0g#P5REb6223uQve)k(Ykzs z0OX>i@?I4iJb^$kcyYd>TnB5d3c)VjRxIqCpkO*(cUt7ogG~SvV%V?ksZHbheU-Y04wmI$dS?+}ulsW;)nQCZ~G@ z@D$a>ZfGG9MbF%<0XP!;Nd;bCv}h93eJVG_?8Zfqh#aldEbM;skG0Hg1Cbz{Q`}kF zm1Up|U+NXR8BEdLByM45O7*HgPH=aF&@_rx5MJ+gD)M2MCHfee~+*gU^%3&swIb zCt>Etj#WN(neG-|#+W%1gP0BkLY{Je*J0FO-j9YDfvAmA-)Dcq28*C#Qpyr_TdcL; z9SMlJG5Z}ZH2F~^_vSz7)KLl+(xGCRxFRk zQH=Za81y2D_8vR^ne+t+h+#993nqmQCD1Hs-xa;e8Aom!5Z!fP1!p=3i zC)SZ8ZPE^ia<|vFB8nh92X!40f`IK}=(LGu#?7OVLS_R7FOYJ?L^G?qHVrl+fdBFJ z9~{$~VjTYvOO9zMDx+SOhbbJiPZ@JE9@FV9y^m?PDJqvg5AI?+cM3v-3mv1~5h*jl zYzAZ17!Z0uVS^BT6I1Ze=@+{I{jlrHNaj^f+@ErvW78%Eu1r`I=3ME4So%67I^u^e zK0vgEhGo{_6qBpEgs_-%nLgo@aQ9`n6Df{`{?kjYj)Rr`h2i|VXnv3ww7j_Uz1}>X z^{Cm}s#20%1@_LBkXL+>?o+a#Y zIcxNl28gyX5xnvK&4Blq3BADOxu2h&ZOy0ah4O-2TwFlLl)}~$&t(gXLR_QNwnLFq z>h>o}%*}D=1mD3%OZ-7>?r7|=?eA}*+xHg4$gM1~M4r-Y2La=$Q}udif9It#7-NK_ zZ2j}~A?KK+ZfQTJdkYGRK1HI_S z%O(g$$_^BF)B?^GpXoMcuZFYh(t=Etgfq?&Pz6KYg$B%`FKXmnmG-LF5Cf>qd+z&_ z13}^HFz!nSL>O?GR652zh1^_3+&1wX?vT_MCsMXw!lD|<1;?VFIcl5^G(UA(ROg<) zu5pDAk)ad|G2GyRa$^&-yOVwIM}~Ijfe5J-p0!ob?Q{CmnOMnw`&k*u=y&!V`eV}zc9wTx&NVriknm&bGXce7teA5E5si)AQA`eb zuQ;j_^XiLONerqIEY;Zk67vUjCw&O+uipWUfG|M4b2C+H5x}DRBk>ysAkDE374)H?X4KMHzOyCiijPB4L)?dl>Jl=wtNI}J($crO^0 zUuJSAw_gF9eFYTf%do(LvuF_rm`Iq(5G1T+SaTxI$DQg->86HM%3lQ1&-aqN#_TOoO7`NF&r6=`I7{6 zjpLiHE%E?MN~kg>1yGKwDyJktH3r+|%1o6zxUz}jk@n!N5`=V)vS~e-<{D`dn$F2*X z!Cj-s@%vcb8?j$T^2@c95;0f_?VwIB#25#~?^sx=xJcKQTNPR+JrTC)JInlt=yHiM zo6&ZAzRU89$+t?`YN1+>!;7e+A=?Ux(PI9{4x=EErQTC${#!2A+8>=3A)ZILSxYF% zE$oNr?10C+IzX)fCDY`i-6Y*2OcAG1jvXsFNV+LyARwr94-}Bx&~t1W(mT;GG+p>U z%t!3J`u7DT7eQbQ`vXQPJ~4Sc#>C705iz^d>%H{1pqiy_wY=&vD766QN&JQ|aO6hM z9RWWSzp05;bccu|C^@SiJ{fC{Ln8@Uy*RsG68rhN_eee$66w4$;iz3w1o=oF=ST=i z(pTIHCZ3LZ(jc3-N&uoLw>Wq4PqV>A@jD}OPGBSL08=4JF4tpG7zFiMQKfhCh|HYl zZY24w<~e$TZ{}$dxQNOec&XxwoxUt_Z{8fqF)mSntf@k3W0*fEQ7K$8zN{Q>beQ}X zwyQCkBn=_2%k!iCo$1k_+%*z)ZmS8>w6t8IEt24jZtdvM9&oRKOmUD8JEB`^YqvPb zFS)$S($5`U_|y#H>bRbvL#m6ZZmLpOLv}pA~rIkYPT|lIj2hZ5VX+Wd^W{u8B zN5Yn6H{5veL6;6?yI#y>9Ua~)^{AAW#kg1#_SGka+#)7(#k2Ij-Dxj++AKk$SlBur z`*liP{>=O8c1w(FT20T7H;pZZJ?g&|f$b478U-@?v)_IW$pkHCVND;j)DA;;+CM#+ z4U&fz4PH(;1~l*JrWg@4RHXo`b?uRF(gPnTqM8M{ByYSO#r}S-9Ozx@5XA zU)D6xM5fSL9|>++Tv}f4@m+v=;uw0QBxcGUKgkwOn-=ly-#ezE1Jz_31f{KK`em#9 zu?TH(1`xEAq@19bIIE5%0Z%8Qr!1UpX$T#nytnE0dO2c&s=->CFya%=y1vNivwMw{ z?J@4${tJ0?qs>#TwuF(|u<6zo=j|cNx*_xTZM(xLPs}7(di}t5@CwYk90jK!s0xruUDY3WA5hG?I8Fi2cHWERXo5V`~OP_~~T)~LkBSHu%@k5RQgL3yCGO))46+M~LU*_JCseO`^$L;kd z(Xhxi1!kD_E~cGBGu5gktwoYc#<(gZzR~O72lr5mU~%jj;7&f7iH}LQQ zlA8^ivR)X?9D`b2YF&g97JS-H09{moZq(r`Fgr!l6_9=IVkF$Uz+s)h)EaAdM}nn$ z+ugD@APW=prUwFOj_cs~(k~2^O~^B#&GtmtFE9Rll;Yoa(S@3B2!Elo^BwCWGg`FP z(-vN_qQYVBay?(4*om#9hS091@tFnKUc!#b>&a4A=i9P!OOO^j*FY*3FrI87FR z@OTBN+Lvs}X53b=Hs23LGb8pWqzktxY>kflLX*8p5dvo_T? zJau)oNqC*NP^&>$e+|T?Ip7eVpDhSqc?9sL%{pk9*Yh}Fc^MU+boOE-ziuI&JP8(J z=w`qlaVO>+C3zqZ~gJ5&SwK{0|@h)^Z}{^2T{U4 z-=3UId1Rf!4`ai!bq!Si!0RYO#hHlXyUhz~@e)3|q;%?y}8S(jhk2ZIsI{;`Anx_rmw06wtKdJNkJ zf0I~@x5aLe*vV{|%hhW;u)399KH$C~&M5~dXBi%gC@F30RJDX&gAhJYoGb0UI^LC| zF|42_kOsSOX5OjMfeS{L}!of za|e6o+urw?g2ZeCH~-lm`*ktKR~n$!brub&*{h+ywdL%!2lM^tDM40}=50r;+*0)N0I!KIZ`~wriSGimj z2ibbCV_(ZY2G{urYNkUdv9!_UhbXX^=DH>YV!Y?a&?aRRjJ+J7Yb%rUt|Nc6{!_^h zkr!vqSIpC`NyIWZ_I~2@woB86x7aT(s4tL$9`qJf@)(`GI%ud+Hl; zznR`qv-EWkci;0*Z1L{Gy4I>^JDZmM)>zXl>;WY&fEGAG&J8s0faYm{ZtqKnSf$J9 zNE8HcXNt@^R9VtIWQ0t!y>9&=LiADh@@U{%-hA0TsiM;{BE)C8B_}05Zn2pk6MEy+ zUuNH{-(f;UzptdN$&kADy6*Y4D*pcS!nbFq9$9YIgTHDQuNK?v9@DZ3sXyJ%$sq<-JO+T7BKq=8Sw_dvqzWW zmK0=^4-|LZf<^WOQ%F`UBq3uuQiXWc+acG=;X)5-Aya#0Ddl-DOt0bs*BRok?z#q; ziQb4}IAZRtppnavyf#Q#OCGG$bpH_2Pk1#ijO>VU`3vix3s_O&(ruD&dk&4MX?7u#Db7T`oV;6Rxe&mJGyM2 zY15EH?a$EIe(BK4K;F;*hnKo$@{tB$*>~^abp$20JCM&jD#z$^^Qfxup%jn0 ziB%6F6X1XmMaBq{#G>t8%{u7r75FlJp{?7tNgLJcr6FKuS&RQn(`w#!F zVdUE=5^=Ec>&ZPNI{!O0s-mJIp{w7KG7!2l{wY$O9Q-I~s4jWKV>|kQbOYU9SBbNa(3K(U-9RD1of~7Jv`mN4W0NdYS z;SD29Rxt`AQH_xT=_o^7*8_}y^cx3<`}glJKo2!RbgnGKn>V{ccZ~6!$$3`?fqr=V z&c}t0ot95;_eY(ES#%x_P%K!WYXyx8n-W_u?U8*K0Odd6UB>eR#-(?z%deg_nuj!H z>c@J>T7#$z4Cohn=H03|z;CnyO8Nq*!0UZcm}+7fCNW^tHd4?;5g;Cq)0>WOeX#wi z&asHb3k3OG_(WYC|3_~0rH|I%ANLTYxSx@bYEkl7X!>N!&~#!byZ5(pwAKC4;T=08 z*Gh$a{(+WD*p9`^d_5z*?YXlqt-ct$99Ow}B-p{sf=C zOVfpEdP)1K#o0}$>pP@<4RHBsw;?a!Kfa#5LVi7cx#BzVO-5H&X!NMWsqyS5WSVdL zR9$&~M-r@XHHaJ^@?Y<#lgTmPG(-Sq#Jv)}mie?QrdJ$oWN|2avKN4)rL!*&1lBmaNo zj6Dhtu9Ml=XKlK^8Hum@kFQ@^ga7!a|KUUMOt?FA)}PwyEtceQp=7W}5O_X_y5Np2 zXvK(F-sQOX-$_}0V!vIg5gU!@XrPjJ%gWBbfq`{zMh;$z$K{g-J!oJw3j=-1X3X~g zenBq!l3s#0n5(+eo#rFPEi^I=Uo~b7O0%|=T(n}9D=$ZA=9phUElm84u+AlKeD$ki zyAyWm&1Y^exb1v*azCZ>HP;ETv1NrUvnJ)3cGD*^>rzv3ccEnd<@O#h*jjU6@LOLq z|J%par#2=OJP}!PwP5(#n_k^7Zy#~)0QZDwOK)*xW29cA^g$dk+Ob)#sq*eGLVV-v zU}W-5wb-n6?X=V3f1oJQ%8^qujf>8+=D_Ck)TIZ;?{lyD^WeG}oAB}1z=pfuzXyUR zt|O%Xz4^!Z11?h#a-R%Pp^P$FMeJFuq5I4@+`nU*(%f>`Z=d$Eq}wT_Ox2g70e0$oiOFe2ep;S9DG( z+o72EJs{Et4c0>f*KdewgFa0lK=Gr^3`u1sw8Enhb}^rV{99lShy4-tuTEg7R@Ed> zk5o0^5sJ^BoUfaQDHwZD&EZT;I|<72Ty5WRDA6C8t9JU27#{J_eGodoNH~Ywu>0!o z-uoTrRN-7OL6u+A0ih1Q(m(jn6b5yU2Dj*kev6lK7%c~%zDP%sb<^#>(?9?U%P1D z>&bgf>b!R5&CyP^nP!1Vo}B)up7b6G7ct}({-tTT<`Y0))L*92WDwM^n8UccNVQ6p zGkbUV3_)4Dh_8O)>YTed?J%=H1`{h!Q0J+n=@O||BI>qr64OY5XWAErt88*R{-Pa^ zi{CpsEFB=MW6+VVvpe?{{8|y(S=u?8C~X^NeWbz>HU!d!No5+yfP{&QT4w<$6oUy- z6!Ho2%}@*FT3A+eXQqhA<|^Vs_*1Y-rEkPidToEUUM~+C@2Ti5STYJ9#~acE;kF9C z79hW{!;g zoRsU!zeXv5t7+SMDBdkQ*p=C52V82fntyZXFKz2kvoDrgrF@^nv2^cll)7x=Xu zk~R5ckbC3|*J4hgjPmuiw9GU3gSSB5m_t_%bL@ZQd!!RDz=dwD=(QxH8sh97ZWcLjW$#`2P@nPcErN59LDHs`i+v-}T zNR)zmJEMz{^vIeUnTTpV_yPax?6!P}a!vy31-v`lb`VItNX9FJ{9B_dyGI9!Xcy8{ zfaw`sNKPMw=E@iuy9y8on*XYL?7+rD*v0!hoDn}LdJzO}w*$tzojbcM)i}P?Lit^vPG5kkONiECkH! zw1tYSk%H%kx7s#$UR>$dG0*9~%3bag(SAAm*N3|4MYay#`GuRVLXU#3%R823JbUi~ zn}rB5fYIt*CWKYTIuF^cZ$K_}AF;^fI%L+RBZ4A<4X~IDlMa6E5amY5P*Lu{h37ec z$^_J0mIWpW89IU$SAdEgf?M5Xmpio~NX)1Q%7^2dqXehkb%YV}RAWW5ih4yc6RTI= z#@c-?Es`@WS3US`<%PjGpJS|q9^K3~XWIa|>h7JYL_bWCqF>P$J<0HbVIEY4y^rHl zHL3nK$M!n1u&!xG{8ZLcU#qy?+6jVDgWF{fQ)ivNm$Q`Zl#88LeTIIns9v>N9Kx%U zYCw=R7QrP+7Y`ns3C5=pt{Rp%9v0Z0d~uF=_9{2kF6Sh7*zG~HiS&uU&ufat-p+Ej zWo@G@(PGPs!Ma2)w`{b~>oIv;0yaDbLzVqiL|o9)u8NLQ`f)9#C$80=lzagarefBQ zp(eR|-RsJ%!Wt_-mKVV?Y>7GgRfz~`W}{vAG(jg{hYyg66SbvNF->wa+r~_&&JZ0x zH#eun2%tyG2L_;;as3U2z&zP@(+CQVp1lp8xecQpy_!qSQ#n52MBDLBGaNlyX6ev7 zZDJsPAs`1oRFcU%$Ck<-FMos+J zdc6GCoYckmIrkRq>Xo~05+r3A_SG?V)lQy1y2>MAnS)yBD#JK7c_dY!ixTJbJX#;S z7ny0wT1Uv3%5u4u8Y{_983)Hm>+36ac7~(Io74lJ?D6Ocx0z^p6sBR(q=sOdXDKU{R58Bm1;t49i#EExmy0B?7aa0DdnS{8Ilc6dwFybR z7k50*eZTMfediAbk(hJNb*{bl+H0@n5SQ%{Hg&#%+qGuYo}%y}YS87l$2-S4OG8hg zNI_(rSfI#(T4v0K6OHZx6GFMHQnb8cRY`hgz5K{-{G1JPY)d)GX;7yca$>u{rdpdF z(ZelbUKC7k9Hu66wqjGOZXIcx9A=UmD+HzA)Uca(==9NpQ4n2Ni+cN6Oam)Gtq|uc zwy1$6+nRK`5oHU^E&3~n7X-DU6Ox=p%V*@#NPbbDiys`mDE&h=Lk)dI&91MNx?sk( z$G+>hz<@N^N&U|q{Fxxgh$>k#+3esd8m^o_5bVx6! zD%crTO_f)r*SzHQ7^U`*93G~HQh9fV%;xON#qQCqv&`$m2_Q))aO0|$@wTPu?QAv( z_N0e=>9^Q1VC;O@JE@5>vxv@l%(n%zIO(6%%G2xmaJdFkxfSb91Q4GK2atLgZMu|H ztE`seQi?6!{)s8{agS?$2$(AXllTVHb)YTL>|5v#L_Y3a!*`TrSXe5)9Ochc?WKUm z;Z%2dKj$A$-LvTn!|&8G2`ldxHmi2lY)-#K!V&8y1CvcgYrSWp-V$k3h|w1{H^!2P zn5)eWYo(C=dI>X_3m>Xm+*J&AYw+gwyTss~o52J&z2N0Jg{NCi3yg#BAK7YLjF%kg z^(2p|1m~)wbClw`RCVup?*uH7aTuHHRh0ZJ)TN?OZQ45wGHU-OE+Yhcak~6homj$c z{am!5Q7}8o1xcPqiV~~Z+MJW}X z&jrD>(1#J*o$u=~DYI&wY))3;YLBMZJRRIWJRG?-j{G+Cu|TC^1`u0bybxunpOOVr zx1sr=CTn1#Ee5ES+waU|VAIIVxPbzpVPtcjH*BkAq-2~(Afuph_nR&eM=q{Q;`p{t zATLw5#i-__B6G&p<`)OM$*&gU1z+$X{1y?{rgpG8WnFuav<^L2CF2}$VH! z2G4=$zz?k1Ld>I;2uIS#W|{Dh7uz8{{6=~Fmk1M@QBH_KBB5RQc5gXb zR4~IVvv6B9%qDiWGp2-uZrO2u9CuBK2s7Xp00wXm-%l2 z0fpj^&jAK5j?cWW07Aghn0YQBD~;E3fNk|y(0Ryh0O9FIJTJM^W%j902>tv^QQd65 z$6rjj5j-qPu=&8R+d|L2jS9bEI%z=ELBhj6pnOr_w!TYIjhmmQk5PiD1?gOe2 zQc7{tVG83(O{%d%ESFINs&^sTgcTi%-cR#BOg?MalQs{J|0&MDFt}d5C$Kzk zGjEeh`m*1ElS^H1C^&ZV;hqhu0vq@K-S91% zw?CfBot!Ap-ixkD)s!wMN>m?Oz8a2gw0z)-snwqGjlXzkFG6`$m`v}&g5s|OY6SH& zn5?9`U$&k6?1<*~q9PNQIVSw+RwC-J_)pUZPL(oapT3!~eRz+3l<)diTnW6Bg1mmdRqE4ny7&cw__8Jz9F zf_zZ%LY<~A7-n-fq6i`gnhuE>v=00=` z642UuQ#WpArtQFCz6dTH<4?5$ZU=L|T8%cZFZ_q}xINDbnu|H@7ENE}U+qG&w-S{z zqj9yFiK-lykL`FiNl_%4P4R8xtnReX20UDlZf0Sq`i0p9*%xwt+6AxQ*OTL5!20Wu zecFx}#}P@T=Uh%3gQUiX)7hXC?f9}Jm_$@97<;sxU-Z#IOQY`f^);)-JbxO1>|^2> zMgV0l$TxW|a%W@QKqLRCwZzoij^(7@4X&yvk1gy&z3?g&g?6k^0b4_(Zn3IB?Eq*1 zsysRaLgd_T+p%a>3BVOT1mfNo$MX^@em{O7E?ZuM zXXj(OzmMx4Aqd=^oid-IrE@LfUI|Z{&*_rpx+y3Wl7o}aNVykEaN(898EAPPnuO9s zOa3mlwN;fv$3rvdtoxZ>LYuem%%_L%`*e2L?@HMt0!TH>hVpV7Ut}}q^T93eQD*-N z`$SV7H@gKFWH1lPJlt6od#`2l%{xzWb@m9zh#fl9(spNJ9sDSr|CCV za!|QOS27pwW+dGpt}xRiLcC34n5RnhUxM0j3}+E=Ub(H7?ql3I5wK{A76e~4K8e{W zxNf>h1^TJk%EOW&5TP9a$@}UoZvhVCo>&JjxWHrk%x}u}Kn?X-7$1h*NSYpTpUb(DpDr`?5`As-`U7l>FTBiQ| zX8L{hhdjdwqWR-?)9KqeDISl>!Y^B^eoGxv+SlF(v|5d>kx~nR&Eh}^YN(|{?4c*! zL9Swj@cGgD{>edr62S`K8?nET1D!P$=@@^1+5&owOf+9~@|K}|EMO!3Rlhr2xx|$R zY|JF90&DSH7M9DGb{AwHMiNAfx|wucCD(=5(x`l2yP2BA8}?{)Rwt0S zozGE1FALj_v6!P{;de)HVH8?KD{X^hjMhT&=mk_P?x6i|}hy&Erv>iIg{! zKBX_76pC3}tecdKr^^M z?Bj-AHvdKVp$+#3Wq*6I_QcouH;ov^Cvm?0en?m(PcPh<_+Q|paNJ=^XlZ|uhSne0yU|I#XiuP8c#aC^M20RzZ_)Ct zzCu*TS>K)Ml1chWZ_puy(`A^vDz8UJ75n2ycWxuV?p#e4MdTxoU=3=OK+No6ULh8i zY@C6GMHoPCa$P=y)pAY1ZJCna&TBERJ~dwWz;K;&V<=T1j?2a~Vzi3e;S@-(S&5j{ z{p2rt5Qc>_jUNn=AS_6^u=|(7@!)|tlZFs5a zn*at*+pT#GgpmmlkTaUieop-%;j5P059G7ENJB%ZcYy>)!P*C2utt63)KeZ{xk>8vBF0mpP`#j3X;%?z^^ z3DcY#*4ucIKTCG!yYQ>-r#lkM&+qPQa6D>jceS=`o6?t9sXw&x>wB{o=$oNdVFmF` zsdW=5U$0%MyO)HD-(nMmd9T%sO;>mC#REeoV+U5p>yIRJDFT(J=UYYmO3SYvY3{wE zka9X!%h@r>3ZG$kvz6G!z*-rDy*Ul>>50l;(biK!s)(x;UXTr1bfG2`>g}6+Qm7#| zw`_U8&t8~mtLWok4u)wtjJhEjDUl{cOL{K=|!U!#x3G)zoM?;;}Njwl$a9 z-+%AFk(K^K`Mti+&Nbcoz)o!Qg_@hVVaC)|r0ltj7IeL6(sD<5<30!r_BZeYcAO1*}fq3K*LmADWJ2#qmE zAZd{E6%jir^~J!jo*vIrZ27GwK^Tq##sa0<%MDJ9F9?#7f<9+dfY!avRB@^mGtGop zegp`X#W}fGADgPhf}Bf!T)ipu8g69 zoKhIb`K76IJmZz^cNkiHu3TnM3N%b<79x^>kFDT9o8L{3WDyvnk8By=_+z!E><0fR z8**>HbHNV{+-ZG)T7Kp@IRr#z`mXdFx4l+I(!a=6*PM*cpLy%RFYVZ0#S4bIy#Sdl z?P|G15h9l;i`w#3G{32E*WWlj;!LM&>AR6q-3vxEw}`}sx9^m>tULTWV8sreNbkoT zalZItX^?7b%-s84aVV{AtnvW8Hnja|G9-4S_07XqX|#*}KLkx!=Q{)sovc-xYdhZN zpZ<8zb?;sMr%!^&eb;t^&R<|UxtK$NT~&-JYBBAF4yxZf?uE8ZYVTF*i(d+-okZz> zDPWnw=sb^Ne)pJ7Lf`XHprKgL-2GLyQSKb7#Qw?0&qW(w-E104(rvo4x4tXSY`I>? zsmyFCS81e9vQS*x*sO%0$YKAT*{bRg#F_2ubDCNjfQ_oa7Vve#-nLE6h`T+zX;i6n z^)bF%bm-<`=wW!U;C|Dct3dISmcE*(w6gFXaeVGiK=dHeQx{6U;&u=!Ej6;7l2X4> zQW}T8-F=TjqWG>dA_4^&jga@g9~>^*_6ryGC57_w-pzonAvY_KE{s;rPY&nEe>bQ^ExF_lVy55R`17L@#PC2a5IKriHW8J%fQb(qTj2c3wu!?SKbI>w1@i zFF$9fRtYxf7}I;cc=`RM;Y!uVO9amG7X9VR{TU8IWAoYS60}+%MRGyc^h@wbj9bzx zE6@6Tn*sHj{p)EPGd`qMJ^x;IU~MS=P}$%A)97N0mqKs#y9nwWJlT;N+l{Y)*pcnh zoo702%{DLx_L!V6^Y>)NB}oP9>|_g8uz-!EY9}G0;5PC6>p12d7Afmhja@!6Me7f@ zqJs-a)r>?Ra!TJf6nn<*oH4+{B$cZ;n>oki6--EZL#c^aCw!AEp-2T;)=5+Cmbx#A zT#MNZ>OXB`<6EcSG}-0O^W#yOaT2xwFq2u5z6ti~&0?6!PnmxJOWMV$l>4dY*Z3DlR0(VfWuLBQ{bqFQd6vljTmvr899 zMRIn?2*JG<-ETrTxEVYJfuhC;S=A$J*V7+FsIzqr_>{hwF>ry4EV^5tytt<|m_3n9 z410AoHL2FCH_su?8pG?L-Xq5D4C?|##^UCTf?`-uo+l}mthJtH^ru^sf)z}+PoC#3 zA$oEWpS$A}LY`AlNNS)BJpJoY1TVk&AGwEAZkg-!UVQX5pws-sz?~pHNh_N6V4{V>@bd#XtXK{ZUZZ(dJ%hk3V_QPa(dSqNd6h(Nt9x;r7vh>kT$Q~i z$pS8Tw{jmXgCBqz)T8OZ%Ie@El*HYs1HN0z8VA*g2mDIkXySCMD9xL_H=2%;MZ$IM z{a3U)qNl&cfjZf9P<_h-<78ihWs25@`1<OV*HPi zw`;nF$@zHW2ZfiTsjtD`N!Opb*E~5||H##v7v?}G9y@$*n36EJq9liCeW*eFbH*57 zm}YkLz!^uMJcGXfx0SIRGUW>A3be9Kq;fOWs#Y-H`PoQ8hFlxn9YIoI0wXLCr_Y6| zMl%M)SDF7pz+H?@UtlSYEAewg3P@lmE0sj+z~pFTa!YtI$@rU-{V;p=0aYJV)F18( zg0DPVx0uMkP|M28_(9mYR$A zhz1HfRe*6el~i==pwOT{$`CLH#%^#qX$J;ql&xih$wFPACBA>SD&^FD1JWa1G=-*I zioAxv&Emmizur|eTn0@NprS8#MiF2KlwGI+Fc;M32VXsOc88zf12HZ}hUK;H2#Ju8 zM3jNR#VnNlz-N1~YoI=4UFQmM{n!u}GQ4B`dq}u2Vrmi!HPiLKW3g<}_#IYlvOYi? zlZ2x)0~i}^^Nks;M{wU87%&^ka$w=`vjVQFomnO76YP4O z!L-_nuPXudl*!`Xi{y``LVMvl)B@BfBSD=L25_*6;X+x-IY;0`HhlV^loB1|b@PK8SrSbfY zVkB@JV)>BBOVuTCxhJGzruaTjuFAZ=^1!!J#`$DBz!w932t=CLtQ{J6clR0#dL=}1 zTyHgi$l5PRphW@x^A8S0LaHDBXA%4j0G2O$JsJ=c>w98gI&Sa)8$05@kD&=}@AJ0O zcs`X|Sc-%5B%mi-nv`@nTUJjc;AE^j!ZDu`DH{TIK9U<%S;u>ETa!oU*RUa253r z_U_zUelWMoE=eeZ`?l%mH_XOn?J!8YK^1m^B&yQr!FsTP1~_qsyKMU0GSfqX7Q@)j@xTP9WRkLF+i zQ9H!AXoevX1}vIQ^5dqs>tAK`BtV%JFN!vX1sg_&7a#!dtKwLI9?ZJw&1M(zc zz@ZI&^GXm33*3=HBcZ6hDs{BfYfG3Mi9O%Fsua5%M$$u_7t%* zP<<&UKFG`~P*6PpYt}fIS)Jaq4g7|fGmvj#WLYGBb^%(L+>VQPG@IO*_E4cRo}T6{ zqc&J%@Uvv1_*YfMiT^3)%p zlads>!Fd6y094T3UN^da-%4068)Vh~$_F^mKyjO^wI%hgYK3V42I)*Mj7SUC3TeK> z?{fN{>ANLWAbw2hCoOVvZyy0MFkP!BuLvPFF)={{6NZ&t!DJx-*@8mqDy;=b0j%$^ zaMA%1!&TeV%0yCijk+aZ0w%oBXm0eeDJek-O?R4l!PN_(BDpmYACA)i$=Xy2o=e{o z&BOpZkZp8za)sNWlL)zygi6P^PS=FYa+W03+3${>PCw(wvI?m%qe~Oe>c#6H?)$A) z6Cxe&>h*zC;|UIqw;*H|B$#n=@&DQ|{`^PyC^B(^bT-^0)e*s78vf-xj|+t}o1dYz zEGGl7&!@_rP#>a`F*5wz%u9@mi-Xn{Fo}l|1_5b^R9!I!p81ae2`&Nf=`lI$9Xvd| zYU@>&1U?r$nPlHo*|bjOmEVt$k&!tZS_3|Q0eGeUc_lDMW98yfl3S9wZ+816DdbJ2 z$gK~Q=H_R!UQMp{(yE`M1`~4$N-8VJ*V^sOD8LF=v(>7|0Py|1>YdO{vxkuOO!;r? zx$vOubcTERx&mT$v*%B@SnX%Ik2mLt0e};w;Iuba=NDa|sxy+_ea^2X2(Hg`se#Bs zC1IDlUwvvPt9Wv{VR`6!F<^q?51zE)M>Fjl@fbHMzTs5_L{YC{~Ol z!9Bu;ERO8#Fsl*!PLYfGL3WyqW*X{ql#-gzH)d6Zg&R{P*t3_X3VI+4kwbf&)NhR~ z#&1_Iw7O4iF-J8g&9I6&H;NzZx$?c$-q+`m|F|i%&p%zdL|bPtt?o$3S)G~$k=qtb#u=eWbG6xuhbXA1a!ku0&_Y$oV{AnRa_}+~EU2Sp znf|*KI4k}4aseHT4Go~(!XBE;-95zkKi?1*)-YfD;{WkwEG!5PLBjvBzfeHK-qeD` zze(0?YGx)E5Bx^Rdth^!t=cIK{QW9!-!U!o5uRhN;^xM5L69+37zjJ#?6-qtxhLl8 zb@tMKe9!IofrB3KR+=n;n8yY zxBu61Nz2OpkJ9Mw6~RY9+>QyFuGZj;3)(*E zyHrJBw5quzhqCl@e{LsOG8u(VsQd~HcE{TjVin;MfZk+Gcx!_B$Jze<1_YXr{8kGR z%@mxZ0wP8h$|4!e=qw2TxLXem=@kB5_{Xx@P~S#@KYly&zv8T*Ald+R*x2KN%$S=$ z%FGNXxkPCD0X9wA|Lzn1_w4@s%u46~|0+Vffzn3^FdhEij~hAipKn9(&H7+s+qsqA zEq0W{7KsO7N$e0}4pD9G6e5wF9q@2~a3r~l`uBqdloaxZ3kzQ2^(BYF zsx0z&^dx&qeMMvC7=`S&32p-zX!8BO;<)@+rznj^_6h~KSDrr$lY%aY-2}m(ol2-4 zU!IsG@Ht@UiHC_tSP)5U*WIF)!%!doiGMxx!!CcW8)z6oTN#~%Hy<31nJT@dXbEBh zP}~&*e)Y1MrYbm~E&?tf9oH94i<7{~;_3JB((Nloetr@+w>mcCv7c2BBl`RMS5G(n z!2BdI8X{#MyM|e)5pKE<@`EZA;8w!xA4v7jc|bj5-2@!l-zdIL;&NaHzaP3bQR8%! zncugy)1VRZj*LQGz`oDukIpfG7yfYs{<#YbOYCZR8;XfZwi!cpvo-r4HVO(VgCU>b zF9(F}dW|fi*>c`|K=PBX-u2?CUT0`qBOJNd9PZ4h)p!rUuPq*4eyr|@dmwAb`J)|R z3M6)dL9(vX?oa+5kX}F~;p5|@Gd-e@QjeG2*V7ye$c9Y}VRQ zbQ}e{iszQTIlvX%76y$8%x2nF#NklTKeYiz-{&6@v{I${2 z0gXQ}x%UR(d1+{cg&ML;y(~KV3Ur<2=V(i83&>&R2!Pell^XO1>WKKY%+9JyJJqE# zUX{?Q=Ev4I*lk7EXE?B2ccAh+J_!ycl-AaLT9Nz5?l@eBbAHCe16C*1{Xue3(MSS* z_a|5oH6iTAKjDoCmRc)87+Lr^m&>z?O0N5W2yg0FXfmF|ZAeSX;g9Mb}Eq@Q)J+-f} zI^8DZ@wZ=YzVIcBg)^aeA{h64s%xs&DKwPyl7>)%47>oOH0e!&o8eA z3dTA+0sCjgRTsWo7Tnn6e6~xK++|s}tUG1lTWLDYn0y8{iE|~jWRTxLHRpJ-wkQx< zn^mybjb48>E3IIzHSqW=R~S>NRvFW+<8LkGq@e<9&%8DNboXsQv4}nj+`)xGKDZQY z0<|&12dKF13+@Ze0B{?~8I-X?`O8!J(!5K1H0IoZ~H!;q!WF@xn z_;OO$w5YB+b4%;ir6Rn@;h-8?L?aUynKH@xp9pgMNrT!S(d9cDQU}LSmzei45XUrs z#rn>|;c|@5Nv#Bm3q)FIV7J#Dn}LxLjf_lApWrb0>TI}FpMhug`ii>os*nXtKa!Xj z$$7uHs;&8TniJ}(|bPJ~Ivaf$(+@;+!PqY?Ao2f{P0pqd$*<)zr3 zYSIz{VjILNW%^!0QWD&JRUJ(?f|0$9YPGLAD}%0*g7CT9$5R)w3Y}tyN*DdHF21d2>3B4N$8;NEU!uZ(H6_k{=8$+7DQeZ%l=Bix& z_lR=s=SKj!3k7Zo**tb+{EpAg2KxwKeq(WW<8cT0?QP=zbu?>Sop-4Q5MwsT>Rg?8 zEI{pQU00-jA=RIOI>7tN@>@{`TbjhLMGqt^GNH!vCDaRL4&$-NvyOslmWOQ8EU8yn zrZuI9Y`{SB*`E7o`n&e!H8zf@<)>1|aEm6hsG=eO&b%_e4snG9=6J%t zV&HKjKyGih7ihLtlOUirem(wup~#jh%6gPR?EXZ=Ab(aX9Cs&BCCiz-j(ZQ@j8lK3aPCwYMMpa<41B>g@09ZQiG z*6B(>g3^5ru|?VY=l~97K_15I^*_+Pg!ykm0qR=pdcjUO!l;lN83!%v8U%j1gW+5C zUyks=oFKcI}XKd>>C%LhhEtCNj_@33F@f$p?G% zw{azj5F*l&h1Cr9+ZBKHHu=CZ?kaTp{O^K1bFE zJ2kanLOu+ca>#sD5iux)=tTxP@0C*!Fp~ipBh|m3)!$UMH)DlnG~{hPx#9IU{an%% zWM@G@62H3rDTEG@EMH#QnmeAi>g+!`8J^KwZ23KFR^s1xS4W%3^Y-pi_z!KTw216a z8zzGkg#gfwC2h&6^{2gW+n$wXSLk5N2E;M3J8~>Q0M2M0`arYM*(XgRG`r-xW}|Ds zfQGtkMXt1{ow}7;#|#lj{6R4oh^9duoxMpfmgxqQd-OSgKbL8WT~W2>_hx zIh|6K50*BTCnO5%l451#$#A2DG5_Et)qj-xN}?*{us!yuCQX5||2riz;!Mco{=sN%eeSbuy!%f;IUKMGHV1)RO0)&RFkNv(h96lS<7tDmjZBcjWUF(UaZD zI9BLZ2BM^V-`vz*$Dq9y$0s2{bH5Q$-u@lnvAb(DUP|SLaH@?X`VCYdtH~TmIXO8? zEuh#C9Rh7>T3Is=kT7f}g;s0TJ3bg_ zw~U168;40>aREx0!P{ivhkRhJ$@R{8*LO;*>-Kjf0`??QF-%?S7l%3<-=1?jA7{r= zj_B>wAjU7>*ZU%rYCZ+;oL`!#T^~sFY1=6)6J$C$rlg7>9siyqW>935u-r!i@|F*P z9vEO4fJyfj0L{u4Yo`+2om_bWTSbf-4#B5SSGx6_7`&StpL>-9@$zgv3w*u!4pzHO z91e%{B9pOi<35;ISIcT$nH!s%^f!B=m?lB+^MVL$A};e_0AWF`(tHV6Q<~5!n*i;y zUq3;)64({SUXS81s;|(Abdt@~62Kg+-fbYj?DM4=NLs#gS!f26z9d55oNUYg@lt=> z;2)VBsPl^dEKQETOYIEhr(lW^Vf=p)F291VaRUcQwxNOI>k8X(;UJunZ_htq8NK&U zUl|*!0{V%^??i>=8RO-bMlLn#?1Jn7tUQkMD6mrkI3vmys`IFH$lsR|%aFy=jC{5I^iiNl3x^Zc65Q6b; z^=WD@h_6~AO_1(GyhEp^re;rR0Ipe%PG)a_N*)^+SvrF*abPt_e2@;xM$9>E)$wRj z72SD1sr1SL7JOzF)H=xMSyoVKUTHo>BK3TKF^z#W--dK*LXh%K zKv6{Uz1<7#ltg7En)gB{ngxVd8R@Sa5O1@!P3=d`+*c(>%gZnUUF`7j{3f1NVWOL4 z$O}NK7UjN&SNT18XUesSP&h}S*E4zeNyeAI(%G*afZyFdWcr?h#P}j3BR{joW^zDT zkI6+I*m<+8Ani0LbN?K1cZbfOx_|WxiB#vLwcRxWX2aeSXCmFfDZOyi&>A z*UO815x9~Vo2G;ObWwGY!;Zy%>4f%PH%06<=zJy!*eFUr2aIbH3HM9-CDe%?FV`oz znXW(I6p^>AIf)FXNqyJzmE$H!jZa62xj|BIyube*5o8M;- z0+rxvs{|p_t!5PxErE$&iznrWAK(=BgLSk*uty73#1iBiotdxP#6==2+5UjKjKv*Pm(_b=WftM#WHw3-X4CdQtZhqTm z0ni|DcZIj=!w>i#dui7-*&iL~zltsr^9t0hC-ks~z^t!Jt*(qQPyc z5-=gt8_gVX*AVnE_=~HGyg+^dxW(C5@1MXb?6&a0B(!+Q-S;-@ogfT#f3qGcPy-o` zX33t|jW|tik{jq7s3a=zH|bc)Z>KG|U7^D&;L$|wCK(^*YD-xR`pyYKD6WcwQflS_ zxs{+pA}o-ZIy)n-YlzY)J(Hn>qHh(BOP*w!!D`A3^}M^p?r`#7Ke#odR)Huy(b1O~ z6svYRG6@SJMs)LDh(2b$8Crr0u{;hJPLVfxpjC^~gdS1M zchJ=PR)LE6*w5}m^NVC8A_R-EkG1!1=d3KUEljB$i&Am7mE7%$wcY4UDR73N?HmuDi@BkxK}uAv zW!t_5E^I7WU7rWb;oOadao&v|IJ8F%UU6zUt?x}mWWON7$oAZ3_4wlDTRe~^PBWfo zc|V8T;guG_Q7!&;uDVpPfw=TNL)#9Jt5&^D`S)?J*ya^M z|Cr#ScyYDW8NzN!m+M|>I{p}>F43uyCG)qeBN*FZ7nXHhXBaUJ64ZIxX60*ITADh( z(j>FBTZv$ST16y$zS2yM!w~RN%u-L9P&kX!s_+(gIiuhlCTs6)jTSKSlnO)vpJaTN zuE=z{bYrrq$yK1zXdVsFY1)8a&x(EdmpRG82%Xm|$K!xjH8*)u;5DV5wXr+jz;ITzp;ST!O%`*LKJU2|Ocp!&+-=_JFT<`)7W< zm%sm0%F7E8*T&ISGCUr;h&C3p&Z+1EHu#tyNfL*LKJ4OrxjlJ`t>y08VOiqm{bu5b z@i4x7AsY9?lZQV_*5G)nV;2$=B79@cqagXCMQzLBoC4>}wFE!#*by9 zbuJEZH-K7ceh)o;aG)hLd+PUp>ACvf*g2tbd!VE)HUN^fW-ttp(scp|WObR}^}Hzm zm{+g!J)wFCGZ@^6M3Eebp4)FTUg9G5Ptm-8{>YKKY9nYS8iRFJMU$ zL~jF}o6km^V0R=)L@TN^dY*SLNHP<9T5=V?p-rN8io;q> z@JifqGqZ!B2_-F6)m$FAq$yvE#xI`wy)kL_W_;?6w(k_(aHHgpR=R_J3*7`W7Zw_u zKLg0T(Nr-OkVpsuwq4zb>E(4~HCPd#Z+1Nmqw`1L{F(x3;LxSDU&0v}u(3{x%2P}Q zBD~gu!hNt@JBDdwisIaxn?vqbIDk;vNg*RsV{t63Ccw5gq|>%~Q-ySO){DUZW&FJ4 zN&=X*aEpf$QBBTGb|FiIk@*C?6XyU;Vf3 z4gkS>^}agJ0UbG+46;4gAKb`h(S6J&|5e zP+$y@+TpGhKsr-mT6RNR7>-j&^2Pu`6m@nXo+u_YjF$!jq5}z=hUK8Z&N2Nro7Nz| z{7w4C^Yd4GYrM9`ypN#fb{Eez2}qV6t~)_hQ+S*UW__92g5;61GE=SBaZ6PoW6XV~ z;k>fYuY`&ltQbO!;?C%FaqrZ$%{No zrVB7SduU9;sAw+J>Pg6jTGZw~T8!PDc54c~08==Ub4L=Yt`-ELX+n??G84NfbSCv^ zofC%~NR(f!W8pJs+$oFKbyK4xtHjhX`o3%$L`<7*-fCL5)J@4S~^b*m);?4?Jz|cl1cd*rPIkPuz@)oimS`1x!VMPg^36gVZg`#j`nxI&ky3 zW+aV1u1KiWn<}N8xy=26=JRlAu{3q#mwcPHo7ol3?u0W3{lSzkTzq4X52iiwy4%`wdN@g%lbOzMou8yF}2up(jhm($d_4VG+c#*ZV3=01Ho3a zkq`nW@S%w{+9vU-tK$RTlR$p1b|)|q5y*8Qf;49(=1`9zu{iN=<3*SZ$0FSpZatj; ziEun#vE7HrWd(gcnqvYs+i!cT${*{o97~|hS5BwFpGUW&v7?- z2PJh9Q(HfBFw}N$CyRWHTx;3JJV;O`U9`ag-$SJ&Snw4CqfLNgg8!giIQ(T?EG+ek zPiEol5w``FZ1|t$&7Uo0S!-*1^B{o0Xa0Of#wRtAzxm@92@Y?4W~w?#HZCT7^#*-7 zx6oXEsI;Hk_!R^@#!_8%+tb<1S9dij2u1O3`o0VPuPRg8g!tOFvr3>0n>q!T6FH7` zcwMDFWy9~16Mv|vgrOaTuu|i0W&RO(glyp;(lC(rs|Jq3JQuVbJhUaT$d|@PggF)b z%!>u3m8IY{4KmGf;xDhXNy?^ejD|w98{g4~zjCzCL#)HY%%)^eP&+f)1i23#JoyA$ zJS*$cqPMLn{8)8r^v6La&93=AQ?;8fW><#kb*Kp1p7{FU7wR z3r>i`K?H&#YIF|xS=mXvxd(SG1k1M~=O|jQ@SqDrpqAXN zmQZ_ofGqkEd{|R=Qi>08iD7nsJ(Xe6flgU^a-L@IhZkA@Z1Hsw_W;=@kBjJqn%Ehc zi}Ra70a4Mtc-M*IGQ}NO7M9U@w4leH#`4W{=#$W|PG%nmyU|C}T3SDUXKukP3;Fg03o2wxN)m7MIqBN4KC>Yh&$ys1)7_{Lsus$DsEFEJtH zH!M$ks0U*GW0}S_W|VosjvTQM^ZQXS?mD!ll16;yr$w&vi}iTV1PfOvpNT1a?`cj^ zIa$sO86}=Y8@aJs=v6_BKQ*4U^?74}GE1H(itrS_PTX#>N8nEn4TB zoaUTq+o2f~PsakoGPXY3n9{Idah|rmDhZ<*ddCUE|)0t9DU?7*~hQ$JkAydUx9*iLSU(wOCop#cy;hO+y73O`>x!NI5htXfUPqk2KD}xDMgff-8M+Wr%-SqN zYoO0XDmvvK<(u>fIoCb2e9|hn?fA>DyDf%NPR+`6oHUOUkuOx}yFAh=tDM^N`FGew zo_jWwI5ohzkIPSl*o8x%6r=s^fTs6?qz0~b!~|0aqWbfoj7W)KmPtFCgWn{htt^Bh zv_@}&ND*rybR6}#%NUhARMktU{o+Fcarsd=w@9GAFU#jULH@z4^+X=OQkvL>(Y9D2 z_SyEcFua5LS}ie-cP!CIcUteUHiYqUYT>`s_p_6Mvnja@);Y40Fs<@Q?Zm=x(;PYv z2iT*#8X+&OAq7Fd5uE;2FY+fd^vww}JAcRr+s`5nQ4|Y#DY81AkbSMWTxVPYPFp)X z_0oJYJ(N|at|DwSJnl~N2-2gmPN|n>Tq2g518Vo^+5M2)Epx5QhAI z5}Jl@r}fOAzEt?~NkNprwp4tps6rAuoje(n-xiA=hW9+?2qXuZqdADTR@%ftomrgy zE6~m2>abPR%suoc+#pIq@}4` zK1G$WjgX5`SeyC>%ytSb+@4Qe*Ze9JlRTGfLUkHa<7drlURe|aY$H^Vp=pxBkUUYc zWc2$#D!Vp)8Yn|+GQ~`XO->oh8B*fOs;7wWUOp+|R%96?&Fj5c^uUsqq^RTG^S2QR zX(3pUt9l^ZTaPX46zfl0YZ>6R`5K}rOHLAtxULAtv`x@(C4 zF?wG2@>=(Lo_PVj;Df_&j@WDaZi<=`$yFYv`HHbM=^^VSDM3U^m_M^^R_TX#GLl(d zvZ#2wKm8S+F&sIIGHLL+@sTU1uqOW!eM%WW!aHIl$=maUg!Jo=NL$pA7s6`4?4NJ* z`Uh{pMgPJXXN_6JDz;#U~4emwtbcd_3($a$2_??!tSz` z-dC9NQh$vZcFTdh$7;xv+G2kMa~(}6`(@4}N&I>ICx>S(Ex~=o4ILTjQ%npW%rquS z!m)n#=q#uNykl8u<~8Jk(`+f+o)xT+)uzeJWOc=jNIj8Us?$f`kZ}mIuj9_1{J&iSoD%r*)C#9W9@+3=tsud0)zBsJ6+yx%@)1wJlvhcGkh0g*IH6N{)yUw;%cNO@_|F&nZ=(29hIyJxY|8Dm;}qyr zwJQdnblg9Q7mK0$YrvEcQD{5pY+HIV)z#WSi(%aL`(4}q{FEn;7rFkEC%Mw2<|$DNO>hMftW_00B%Vaz+If{WdXdiNxr}^C))*{J;i{*<_F?f2mc#l- z3-#{eLitSB)ceBwt#_+YrTnhx%E`|mMqefd$l2DIa!C73^@9e9KFP(CiBE~UoPQ1U zv#9$b`S2;L8)`p_;w}B&5|{Q8*LS9!%AlVef!4l@NaN{6%qt(`_vL%*c-m3b>EVxw zg={u@(sc>{lT+ykjnxf%Np@=ht?c#FSo`_~%+&!NG!@!iY*uSePmF37f+e*mnzDcPV>ff=;+< z8qe1x@s4<^Iw&X(=D$$73Z@SaINk&YZYBS<@##e9ZYm2E_o_}bSCdnh2KeNw=}tQs zTAlYrKHd?p|ES)CyRaFx<$TPVvlV&-5JQm--Yb_OLM4Ve82moO8W)Ducls#bhf~M-~3_-7cC0f zcGdc+@t4sHk0L}j4ATb%FUbW!=~3shBquRESP|rlLNmT zEtH({n*AG0U2&^rI+kJ5h<>QduU6%Fkgwz`nT2I?tsEJKsKxrbvfr!u25*U)=!~(i z1UWo$-jDPSumz%3!p*Y-_lI95Dzh>BFmP6=7gF}>i!K+EgDL+`vS2fD!;(~M51bCh zxcb+Pb1n!;y?*6B;x?_fJIpL3#Ba+j+QUl$)5s+l9N*eiaw(&Zr_xseUSuOBCr<`s46hNvkpu_r)0zT74JI-$L(`Y9P7T5J5Ms@AYj zcWg-coU+pFr4!*DPd!SWB(KQ1p4x+ryJ8Z0N5`Gr%&3-}S?5LUNA8Zub@&L|GcT?U z<-!<>yW>e|wo$S-Ssbf+s7pVnKJzt{CimxWb{x;w;isoyrIaczcexAxf|S2^7HdT5YgJL~p7gxwY>=yx_g`J9>1I%LRhpC}%d=){?Yi_D!MJ6}RSyYPNTz2xZE`^I z`1qv6KZ%TA?!d9aP$Neqmymp&s8!jUnTH1}y{hvfi!wx)<%=wpw+z-@`{h@f54@rX zgX*5ood|e!B++l>b^4{mPFq}XgU`NfW|Qx!H&>X)29v*he%)ZnFF4!tz34}M_zB0S zn9m=tq4DDZ}Re$+N6X3KGng4{5eETrS_u7X_IMw-#wS#=VOKOe5=z{!Db_TQgN)Q`e#VS5Di`|EZVLP}u zuNk+k>M3L+yM+^D%O_7<)R(Z7!U8ZWc5J_yTxgZ-YOBDwj0ue~gV-)@6FdqQ=43_} z`J6;Mk!3Pw261b|QZw1O49$jd{&sK$;C!q>i<+>urYe_Nl;~OlG z2j4E>Ddx7WC`lxpcPiDo?{e010NYw* zp^g?_D4jxz_%E?Xw6CqL=EuUX8MwRa)X9eW>hKlfml8N@jt}A&&f#CnxR*N*d;TD6 z)PL|QLNn;&x3t<&x1v@oHx|%(lo4I**uKJ{Q*=5rW{y5HTKA6J;b z*2}%pxAQRojN%vKAjoL>^g|<-wwB=lYzZ6T)%fcMov?-LfWVr70t?cX-qqDCJUdMdSFUL!kLY(~UF9~pZGT8Iwi^d|_mNjld|^NZ`J>A+2u zKiV1GseEx`@_;|6RzIT_)!;3{I043fU}UA1*+0)b7V%QctO5>*vjw*Jp3Zv@on@&N z$?fq@M%w#85wug(9Y`N^`76OwL7q#cZ$`#rEM0gSj#=%3_NPa=eE^THSzBX&0^bUBO0QOw(p_@^fPT+_m`Z zu@wQSs~7zcSs@z4>&QyY+%|I1rbg?Ko}7g9CN1C%E>CYGYF7(9N{M7rUHR?09_e}( z2HV!PCkF@%Q&1-Ktx|@ElH-037fOp-=f#dJLhK#2IhJVgPt{x=_{@Abp2KI3n8aVM zv!bJccB;gM1`AqX6p52rrlUQqGHm}C-9C~-PSkx8wV%Le`*q(1*Dh&?{lU(9WH-}L z$E_wVdT7(GqojVLbi3?Dv8xjCnB}goKH1I^V^z>x!UF4M^iXNS_=nmH)ogLi~HI;bd2#hp##5IDw>v;0bcbW zS2Y?QByR-SvOkK&xI@dF;J8;Zim)lB!? zQ&o@JRH*mgCsaS*YN-26?Yb~To5Z&d-+Zy8xlnY%K?LFaqt*B`&9xkjp|Z_b zz@6(Gy&VmeFs8$R;%)B)&Y~>e#vvC_GO0K2D4j;f7ol`f7rogUD@U+Ut`IQ>z@NSr zBms$nX5o3k@%Cx8%k_2yZ?^(j1KuZJZ5iG?qlN638oAJA=*HH>q)Zak z1jXQm=#auodi1^Fow~P&-?NiZ){d&!UcH;k&pS@ecwYNy$M1L;(25H7l!uTJXO@`b z^CqW>@3$nxi}Ta+E{PpzUaNSsJDUd|+wHNus}uBmusCe%G?aouqhH2P`?a}r=kcjZ zeC9Y?!0P85TPDhxG@e(3X#ExIYc)l=JUUe^#e{;0ZnG3A!GbcIs(J}`YQ)xR4op!` zuBX<@ySg*{#*Z|ib$Wrn*MHsfMfFy@W2RGv_yp&;nX8?;iYcDwrMb@4h?E71KPv6$ zXo`-7n;XoYw2KwRpX=1fu3gdD=DpI*U9UeuYx#M1-De^BWf04cChtVQ8|!E6!M&q* z*wolq-20bLN2{JJe@*%tye07T_J+*?Tg3)rXd&F9{9-U7eL}AX(LJHdW%1h~NMY}+ zB)tMl-rka?C&S4UG*1nLuiL5LSs&hVUJ8Ex60O|2P-j`H>eFx+gkLqOpUUIRQ{4Z=(iRmaz`8Wdm&uAn6Cu9FUD$m6PQgw4TChnekcuwzSm)R#L-FBcKBC$!nb zRLX=&LbR>@1hIEC>u?bqFJD1)UudwjcOvakK?SnlcijfMxUJnoy&%NKpECMHZbnAQ z@IW^~ZGiH6ft@l8UPERo0+cr+Ywyd~UszUk1$WdH+r^Zyv<1^qXH1_+3QB&`;(h2h z^Qw8K`>3uj+jwfb3RPQ5a(0DDnbpj1nOB6QYj4=H@TCbieJ=44-UM@B`ChmiaB~;~ zg9NoSD}5JqMne|QHB>m2JsAh2srAY1zAG}34lzS0ZC%SPVNx1_q=T@%3AU6gNk(NB=@Q!k`u%-=K zXPsE%Aa{={8Cs(|6l#A`OI0##Du_@~9C_p%>`0}$=Xst@w*w~01UY(C6)vti{JB6g z7EOYaK4iDVQ|5E(pUR^Z`W0iBqrNog7%Xc{>&x68u_z$PBUQpgUVQof4 zr*tK8Ab^3g(-!F}@B6!#xoDc2x6~7$y|QIEQuSVUoZV*Q=U1SO1uwg=Rn3YO3X+31 z+DeSB{sBFfI-LyCaa+G|fNuCgb!o9`tw4O)_c#s_vDGcUGl7ZWR)su-w2Z{?rdteg zVLQ+*9lhJBu7h^*&JUYXO3~%+86~8B>1uU;$=%s4<&u<#>HVHnUhk}0a$TqcV~W03 z9Xo-F#LMl%Me&5a$0}zmNSjc$EJ^i^6Jj&&JvORhrVWQ%cJk~$g4Ox6pK5k6 z704k_obdok<)0S>W1%1J5a4gZwW-|G)Bd9#m4f~iW`UoCa59rT)M3PYmZ+|gmZ7}{ z-}diFtitSQF)bp}I2uMuZWID)R**j-y~{Z#|NgJ1w10)*;QytwM#c~~`v)^(U?&vR z@XN7ivIT!I=D&0J^6#%&2sqN2jI#8#q4QjdB_i&zbz?5t1eBU0xQo>!8M}WqEZ{f& zevPC)cw3|aSFsD=@U0L0Ee)Bp@C+=d6z7fp{lmsoSZSTA2CN;5p-lU~WZ)})rK~sG zQjJn(D%Ss1+=YF7<_eiiwVGc%K*FVu7I#XIf%ol?pcvx3!J#;%%*w&;5plDEF`<_A zEiDFdB5}<(Hp(1plwN0KZ?Wk<+@cMpE(dRG%W!351CXkKQeOK1kH8o&mj5qh9R$(q z33{I<-)!!295!u6lPSIGjKV_c$}V5Aai57&p%HZu7{$md0dMqR03a_{NdA2U|L5C? zF90*vnVfA07yqgTDplCbE;R$2&fCdB#<;M4fJUO)_;x&MRPS~s^)3w~7Lju2!u+%) zb6eHc$;K~AD5CkhfS1e7Wr+sEp3Chu7hv3cGAAQ5+c>puuk=>#AS%$PYzLZ7OcIj( zjsFelp}em4U~QTHu--=jdXS}_XT7m%qLCQng6&uKn_~h?yESDl=eu8P@naDQw$+t$ zKLN2%wtEa7FjHC`=?I&uv?iW=g4+BtoLK)?G_?yDTTG;K4erypbG>Ahh$Mo4f3OG0 z9ngzKZ#JWDJuu^ioTpOIezr3?{&Wcl;9$%Gpb_Bdb@_Ku|Md+L*#poVTrXLIS2{v_ z&SUdbv7S0eSEko_{K957_xp}0MU+>31twW;fa_qXwTVff!FCD#9&8G()@cWi&0%*6 z31DIM3=AlWEd=W5^@+|Js8g2k#L695F|Tp{yCAEuRM&YuH|j}T0?7V)hf>ml2}>~RI$(?kKaK8w{1|9#W35Gj z9U3I#%@FaJp$bY@i#@)y-hD zaDHpPPFC#Wd8E)?GeG?GgqD-%DrU*FOirp+Hh~dlCfyQjve8V*>2q90RsCP3>&Jf- z)nJ%f%fsn%IqR4G+OrwhuK3T(yaPPJ{?8O}`2_{z0!v`Pl`Yp*(CdZ(1`@HJEozF3 zH3}%3sUHquEkGPcHtvlPkIPpFZ>|x{=%oQPM8Y=P3xg);<@FMvyO!QkTyLg8U9OHZ ztR@SsgTMr7cV!x2xTFDxY>6ybu?4&cUwLiA25(;F(o5J4`) zJgKVm9QP#D&fuFD!Bzxt`t0rsm&u2M-A1sr9|1U&V*ILE5zLpsY#Jz}wfYIaxG)b( zLWsn%vE41?4Cj{Oyrsf&axCdpnaM!RC?J^>biS_a;9(2?<%Z+b?6{=U%u zDNAWoz_aWCTiX_TZVg5+kKAyI?AdfzCD5pRw*uRF*xvo5+TijCCz8SOq-y*GvpF3e zY7uVKkx3CO*cc1hxnBdP%eYn)_H`}$#1jKT!~3S-5y~U)XN5kn^GT5TMbj;U$<;}Z zaQWXVijhzZ1|CZb3*^3NYGY{ccpf5hE%mG$K8tocP|1gh1RyUSm(BvYlY9K@^;|;)>zILv(Z{ya5@A40jQY&E*OG%3fqdJ zxa*72@AoX~Xs50&yZVaDK9vz)Xy3JisZ^uXD&6}#EM+J0DTnn?TyPA+0rjGBhn6sZ zVRj7A<+4oZ>8efPTvfLPqK9PXGE|xaNB6C<5-NZTCZm3O1{knIb_u@%avXVyMZFPLKew70hxzR{lqbm}a?5DQmZ+&kEFD8oLB zu4TjjpZzW%Z$bq+bjDc#2l(P6kHr~|Q9_<2`wefkf?8|xd^5TuY*^(RjYt7K;rEkK zok*bwf(ZAE{ocv2Mp^%=+Z5oU@uR*derQrz;m-Tdw#yLDkcw*_^6^~%Uq=9LQa|AD z^v2OM&O$`8vj=i%TN5a=8G>#1fSep15SrF+H33*|W6`^>@>#2sPcFpt7rXIiMpfo% zymrG-hBP2d8B;E_9(fFqKkaj_O?q3!`dAdRz_=U^5SoJp@~@wx5>FIGB1SZZBeD#P zkjW|q;R17~PZHroeZASOU~2&l=Oe;3M#V}dlm731K&7&JLCVJlScY_J*{Ml`2{7#{ zpq79WFmf&;hm5Qk(6o5pJ;wC@`cf6)`I%0WtDh>1ZcA@2HjPZ8|K5V&agA3ZJFba| z$%pUOvz0wvoX@XamtH#)YCH|aXQ6<;<I|!+~e;RyW4`~TQdP@>oqvkhe`}-nKTTb`w9ibCF zZ)EVHP9<4cs6;4e#N08n(~Y7}Ty-(6Z_mSi@60NCjdD5wbfkyAt(Vv^hbldOCmt}d z75fz}#7n!;gAij!ykuhhga1SHRlLPffz!Uu=p5E4$Y*Smve)PuS|n zTLH7E?`V~_+c8PN6us8@z=uh_tlM0~Ku7h>)&1|lRV+qjovr`H|Ad3!UV@ZA7X=~$ z$sBGl?3}N0z!F6@Ut$=9+PlHc6%hW8OPyCqX&f$Oq<25j#sOzJS0*0VY_F8xJ>Af?zlCG|*)uHr`!ZdR+g?>IQzG zsP85UwKWmK&V)7FHZk>^Q%rw~XYVmsJmX)!CsQi0@B`)$eGeenZ^82=KW1y^4&Gx{Ev)yD zVT)nWB?GF!FP@fw0_dIP_Er?QB(I;W{rrlf>#2-;aWEf0OL2X)Q)Jnl`fE1$_86ct zjOzfDY0s`PdT%NiIoJE9IX==&5H2!oKrbQxwdskPWT43QOO&fO1Zg~(X}72pz^ zHIc-pODsUf69f7)qg0R1L7~3;GJ_g&F9LsZ1hm$8T`&4c`J2VO{DSw?XEX11cNo%s zUnTNLe9VB%rSLC}2AzyQ7@#Gop|*g={FG4xm9XOE6==}Z+3vcGF&g~f-07`t3W^R} zRyOz)a_3C_=V1H&^`VdVPT}|W@(J+Q(Uc(0?ul28?|`N<3?Of8z{}UGu}wF+txJh< zy~C=;Vwb_Sjts-jl?|#g$sS5Z?90GxrRoAhO4mj|Hg1+qs?t;a7~c9n$?P z$L&tU-VjW~Aav%^7i6mdHdjiTj5vI5XYU6^6k8c zP(il24WM%DwsmrVc!zq(i&b{4-;qns;vYp}N4}V70PsLvf^WA1fnbnkpC42!~S{g;%VEWE>EhU z#)2UGA0*8fnVd4j)D=7 zjT=_>;(k7%e6xsYFI1a|>u z_}{PVCI0FM2h?rDSs4PmJHLWVwocM%>t*J}fBI8WcRayQ!X2k6VEFaOhEgsIV*-Fx zRU&ZGG}@%E!+LWdiJ6F_A+86tvi4}8ef}vHN zT~L#tWzu~hTEeMGM^Qr$RA?ySB)Xv2Fj}?x%yfXC@69w9g zaBGx@o;#V$F3b#t+g0-kt-4QD3Sy#w7orh6c4!0XQ^JIZz5Bql_Qt~K(x~i;VUCEv5Y=Kp!3+9t?D3>!xrvF!l7-M?ZRL5yzmqw z50-+!0^O;?OYB%q-6k(;VD)JndrOm>3Q7+6mMTRcyv;ZQaY4|c^KOjt68GIUuDtc+ zkST)xdiAx;U~v&3YU-C;BrOk>=cFg{UGakike^Ee?5$b`hJ0e{+?@S(TF1LYXmKr3aATP}(DWYvn zxwcKqMkK^i3t%yY`(bPbLyjFVOZFTt(r&PyVFz$sud+Z;g!j5LFi=B zP##dIArLTOO60O+*45+{guV?d(9LPKGx)J)*hLdRF=;@KMEU#-6h;yf63n2lRXddZ zMa0jv4cqVin(imyO*`(1+u@=pbe808-VgPB{%$py}hZ8N>APxdEmi!J)TpfoR6$IKz?@&)0-p zm^G>XEA@x0J$-aQp2X@gsIBIp5nze$)ltmtL>DVW%kB*^>50R+lAdXCZ7-_EyJU1z zZ3r75ux7hEx>|!g$sdE znmz#*Pv6oKFe+(}W%N!1_ER8eVUyZYe*9SS?vm=}#;LEb0)tqPWYJ^vxs>wE6AZF$ zi!{K~1#X1Ato9RDF^sA*GB`k~yECh*a>{vr>2`gF1*rVb83)J!Ys$}yfQ|)=MWkFY z(@hNNVOVo&Nodjv_A#JS$E4xQ=Zw8`_i8!hWl+iw?)l;!iYS9@pxG5p>IbNE+BQ3< zDW<7_d&B-TwIqMhKP5mZiLU6C$aFw#V|dzV?@W%EWzzqtunhB$ zoxo>dli^4l8X2+iTyFX6S8VNGzb3|&E772BpAid~HL4!~k$B8S_*oTVG852T1+s$O z2M029P+wbUs4Ml&L$pS@_RMzHyZ7?ANZxmKKidx-{0EGGwBjn(p^Ozhfdjp%TC6m4nkda&tVB@l6UI{_@nI@L*aZ}ip=^}Su*UvvUA7btx)EwaSY z$v*<2wiv*9hh#q@*A|J#g`NQp5u3DoB!$-@gm!@njgTKvcQV_@2hN-In(WLo&D*+h z&-3$LgTG4=@ho(IEz>*vyPzY31bNf@cK6puIvc8c0tY3Al2}ilKJN;flu5321WeXG zrCV>=Q?~zVECe^L`>QuGb*8n|lAo*OS)f&sB^ztrY@KT#^VzEXO{-iGa;l8#AYOIo zg^SIfvm4RJDs*)gu5Wa$ZzQs|o-uH|v*TG4LghXs5`Vwq~>_t=(URf zzL=Q`onofdr=fhgk#rneuM5Td;;=klzR|qjpRa9E)qFqfOgU9!bY$T2HkkqL z31#`O(}FJ^OjvmPi$y7@Z(w*qn?(?M88ykC9DXb+DsqeS$BLiAzfC7^Uv=KzqGa^{ zC0a)5BCyg$Zm7gCkgFqUpq(k3!aOPMpDCVlwmS^>vQRgEG`uHHKvRs|dgNN}v~DU6 zmRGGtA5WFkc;5?x03{URY)5}Bk_uvFA9TLAW+}OgU!ntYrs!K1rCcQ>bTs1LN*C*p z$tsuRFi)BZ_4>QBG<7UiydqamGnMS)aaF9@SD*-VeAV8#00Trmsa>5aF_gHM?Tkk} z3Z0C-bEIrt-`|H@Tiuzo1Evs%r&`Z9Wx>{<2N_hbpu@@y)q->JvDGn-&}*#C4(>F59<;D-65avVyAwjog^e)%vSq@2`Y#)zSMzH04gu^gH_~pG20k+Tpw%f zH&gAiBG{Lb*$gGFX6SY5{ZUE6$c4n4WW%le&@aWU zV@OA+{m9};Y^FB&OJlY!*N4!mAD4QJ1A-oxaw-tOjQ)HfE@!h}ulq?QgFRn_zMZQG zk$!iv31hW0A{Mvd6INfch*m8Gpj^ zSzKs^cXk%kGU;8d* zJC~A;dsHt7Gp|!ba9k+pG5aLhNf0Wxg=zn2wA@><-EO?v|tO3S(d$#4CtQm#!~_g_f;& zMm1X0xfBhTslFe}QKap4m$Vyr<+|eU@qVaY9EFS9yf5_DB7bEUN-21o=WXqUiff8< z>?VzPYgq;ug&-3Nsuv0RjyQgOecgTG43zLXT1A`fQaO86Zi^YQp=A^l_xcT!?@Q-L zei8587w-!^x@Z0?a|nIo-BEt2oP^eHkp(f^5kjZkNA&}JJ(j_nrMnyfem9%0wi>jk ziAEp8j_E4Q*mr2af`P>g1()H+zBmxDR=Nx_GXG*`cCYhllkm8hzn}xqI8=3zt8dtT zum~K_o9xC+)_0-c4Q7QU-Dbdork+J4mC}K(u^b!sLkIqp0qH5QwbWeu74i^n&hYkl z`^4jl)qKPVhSRyF36?HD2VjGfO_pGAt{ITNa{fgLS7$H_U-A~v`&hkOe0kbXt{XM$ zoJifyx2aP^Wt$2?>>RoE@+2L!@2O6LH!N$cU4!CcqMEnE` zf{pBY`b?aRPlvCK2IgEZCwl0mQa~Mp$P?-nWTjr#W7oNMxyyk{E=bv1YT%CSEw5Gy zTP|3h&#$HGoy4fwZY@>(jSKP_(qzeB-fUMOfeK|9b|S9WYbk$&j-7w_BerOTn|8b9 z(}DY8C_$RK@M9%lh8g;Be;*5~Y4v4_yCfVKR%ejJKQ-|D#$_21-gL(>xp?SEd9CmX zCmuQ>{qxTOF@lUW7G{}R&QifR7nMKuQEcP5%`M9_xtD?1%YFqs(smsAsf3HU8Nhw-Xd96A0Z{q9&QGbeQ~fX< zI~5i#hQUy<&?PY_>rMaB?dR}ryeUzkj12pIuTSz7@#GZ=dIN*Np9yR@9ijNDiVHxi zkDSl*tyIuIv@FE)tx6KLl%RRWij~!6y2$@oyO0EI6}t)Y)lucPL%cj&(*};?ypkh( z{5;LXw7oz(o>LP7tFftaU)^3B%HGim<-Ldg(?0*%LX z;(9ZH)&UG1KqOoU=)w{BqhG!(U*8gweEOFmdVH1C=-8gC%y-E5Ur~mC}n9ch3xI@gdHB*a;dgLsVG2sGZ+PrA-L(j(Wft-C9k9e z$4C9B{+fI~1i(m94HDDV76flSIxE$KEo)sowE_3^H#Ah>Xv#q7-FMEOEyKT(E5HmD zVyChfAOGR(`-iR&D&lXd`Y$$=Ha7|sqckYAYaL2SVJM{%F=Jtj$Q)3n$G@xbCI?$R zx~;$I{Yu@zwLwpGhs)V^Y$6{6*3VsF-spXI^`tx- z^}1y`uZguZKJ$vm0p#2mV@T*oD3EDXuVrClK zfl1<`*DM2E1z^6J&0P}Lr2Opfx7!*L1^@}U{x|>Wu)@Bd3Npaw)z0(>;_%$ReMxio z$j-~pX|(mx!6Mf`LL`6W81hd+SStxVC;coau*g6YQyp_(kgD08A|wRd57Ymc-!fsn z)@rgLohVd?Q=Ke?C6x%(b$$A6o#EN4MS?1YYCgbwCXbpjq&UB8jNX=<2UF;t9}d)I zW2(M*CsO()>gY640SVFr)n>&BV#-oGgWME_@ z%f_JYN1X=uzD>=%v-hB7eh82j)$SLCNiQ33qkt57ege-Bz?*Rj?xE+7qObzc%@kYu zLk+AEyg|)8rx&iebD>ZJ%+XT?11PriF8MGmZb5#r#hFD7nSsy?^;%Sv3eWGL2gODE z_i`PE(s3|MI}F>XwhRjC_e`6*SGFnERg}^P+|E$oJ0v6|@sUw~B5uECd2^p?k?m`Ifz2z1G3}ro>b> z2DwxcRHOjExZHA)4DdfbDV(XE21!fetHm+pbc)4_&YFU_MZ`u?kxN2Sso-|;J|9@Y z5MVKd7q#z`mn^K@9|N}KA@CsQv8Q5wsl$oX4W6M-sv3z zndMkE7S%^OfZ$G(Yw@iH&E5Q9%YT&6zS7~K>fyG)ca8AI&in7bmHg{TVY*4G#6OPgES?Pe`hCxf6^pDl`fkx*i!YIWZ zQ9JsppnDo7vzUJYmu3$CzX6x5S%^t6z@>_Z=N-S}qvlTF;;f3G9X?#N+N2>QG%=xw zxhy?=VNjz5>T7mLz*8>}HsiB3^uW{YqB9h?4~yjH0dRZ~2H=))Eu=3ox9PN%6@OtS z+bYQvvzE4o(=8${--PT*Gs)jpsunGL&<+2KGZ~;mDJ6){d>4SEXaY{<|LXZ8|CtCA z{E$PMi0ehd%f2Ehc)h$t;mv7l`xp^tY@qGv>J3IYB=W|HzKqPq6M)H<7O=C}KuJ$NU(F6wN*)6`RY&N0-|FoQ1*E!Q z@sxOfu7UQy3s+BVCo$~ZxJ1m$9FF+}cw@2=CQEdxF(DgiMt`=@|Kdnq{)Z#E0XULx zbS89_bhwm;d!+(-0Y=gYeiR0i4M{5^u(Z~O2M6~jN6eOY@>nmqU<5-@n(4)LCH|JG zS!D|V{A*DDl$%wySMtK#{BhEkVa;3f?#{5f^;&O69`iRrPdATf3OHZC`woDOUa#H) zR%w2dMFt4DDg0ij_icCCFiUakStnL57#ZG|e2bxrMoDTn12+QLayBRNGmUtI)WMi0J<%Dq2MgN3 z1ZiyR!%G{juAVQnV-5eb%-GL2Ib(nfIuuLK^X8ImAXzADpZcxTF8L7;i;h2)ESX|L zJBQUbg;`n#czim!2Q4iap8{jw&sF^BOoc3+;){oNV;+IK!tVU1I#&Q7ccgtM z_1c=$ME~z+wH1e7>%m8IcSUTFv`EVDX^$4 zTnvmG2$tWL>{(9cM?LIZ`wVccPnneD0u>EWIzkU^K|#yd#RUYoV8$mSb1OJ?1I85v z)vVCK8*gCmJOd%E0Q5wt(V-}&r1b8wWY#Y0`M2NBWGlnp7r zZVZGEo~(b_VPaU`4!L_;L{(Ds$yL+)xye00aGP^+V{Qdg8HV*X?Kj{kXa$Wlxr*Fy zRI(jhnD?Mgo!biuJ^qZ!gHc%_@epikqxB{0S+B5CPlK<#Wu`EbNG=)$IWSNL{D}#c zO+1IR089|_184IG^14*tf1PJ^S4mnN=y?Y-dUKh&Z23-JMk=crvg~b;bJm+$a}ull zftEvD+VRIy%)ibL7RisS)BgwC^aIS{0Oy>Ws}togx?f=I?4u$FEvNN%cIQ@bUngMF zBV3)V2f=)HtZuBQO9^$F-1Iwte(nCskwx^42a>xLyxeA-Dyu|UL8tK)%)N!w8{LA? z(6|nyiab@;#Fh!55^)ERcx5HPUd&Yp

    yj#m`1EWFt2RzxU;4L0-YQlm=Gs4dRnC ztieYCHJI4tEiNvWGxPzS%<8jW!1;=}-K7vzxb?O^xA1t~RM$WDw&vqgS3m95RV}yc zTC*Qa;?fM{IWur46JYcFHA1acY>Ne^2l6|&t<;*xzRO{FT?*p z;9o6XF?9q?m%()6=ZmnX^uGCEsKOc@77s94j^|RhErKdj+zG)*k?zifb+Og7!qXQj zsJOkVpP?tsKDX?8zqV&^lj|HpO7F!m?EzK#xJG=d91^SC{sFwx=9ljhmz;*IwW@6e zdn?1%y`a{4m2*6V?G+Wb8jT1Y?7+uCn7RN1k6G<=_T4{QcSr!&>^vhV2)tBcCJXf! zd0)LU_y}#LOVh`)+5_cgtws-ZgkThWhEK=1z3DddZuGUDfIk>L=zg}X{1o_?+`YTL zw4-y{p9?YR|F&A(Bs7vWh`D}Wu@z>ct!=zDF;g3gy7V2LCtQ(M76J~<1XjCfEf$Eg z@!veIqe_d-z%KN^qOXx7P|sbMnO2FdvP1DVZGhPJ*C0Dj@KK$YvQivwC!zFbMV0+U+U?(jj(_id%Mg+o2!2x8C z|3cfzAn*fUOcrv`%JS`zur4 zc{Q^Mxr*)aqp}HEN*;zsAaC1?8IKcRbhL8}FS&20z6X#ye`@J?h)I7UB9EsAv-5ol zG=Wv05)9Zp{PLE@V*j7obt1!`Q+B|HEU4N>?bdQ&V( zGnH;6j;Of#r`a!rdqVyc32=ekQAlVRgvdk+SWs%k^v0apxoL`PQ9@$c|I0{8$J0VVu?DCq+G>etIY2rVux2?kx{`&;qLHoP8!*jrmmw-sWuF|W3UsT^5c zL;5E8xE;kn-ZoBfO#qWHAN*@0^Y66_emA`7L2I5LVdA{Dza?Mov-9_yaLejNbXsKv ztz0adJR8z{zi$tSQX2^GGpIq{Ib8Q&zFWgxwE8XT&y2n>e&DqZI@uOg8}GbyPV}*y zfh3+-C~0`0&GLDYEV^f^*m5`A#KW4g|MyElYv6s5zOuVsg+14l^EbGnHhkNc&mU7z zINL23<8L^W#ivczDR=3+px~iM+5Aa;VIHoV|I6O3r{mFp{cUmfXx5?T)RTTIsWv86 z=Cxkqz!C2LA=5N+Irj&ZMT7|7tSqpkxc@>L{FMx5WLjkm86R=+*B2A#naFf}lyNHF z;e4Rzt>LdLyC9spsKm(x*~l>J_?_+m-z$2UOU10ydo{JgXzIV>8IZzz^{J1b57@x5 zIv&~V>hR;jAvpOccHDI5XDS~5U-AX)z5PU!f8v>wNjk|@s1`ZMTVG*g$rCxcc(n6o zPbbz{Jjar^IO%e6WRjZvz_sGdS&LFMAin-#yz_eXE0HvLU7gyzLc{lw@JSu*sLLvR zPrAPZ8`ow89&fOBhEVg~=S+tL(|upzX-td_^lbPuyulKfef8^Bzxn{;wJa?b<0fJY z;1<<0TfT38jo^w`46H6Ya$mcy65e>RDxUlh&ER?T)(3@H{HLn*^&2h~mdE(q=7XlH zL?$1|IASX8J1*bhm(!QHJIxdS4s$u?R}*6`{RPWzY%ekrDQe@Lmsu(qS6tiK&uvNT zh-k^PU01|s_tTq}D5dnlc!diZ5^@ibT^~kX+~eNN`$(@~F9{0JTFw9_fA_@Wfv^jW}y9E^EonQ&U1* zf(MV3X}$Lz9wzXi4^WQ|z~gtsUziN&lnM;oqXjC*_FqWt?wC~{bS@8l(=U#)ri3UR zUq0tgB5u8XX;_kZW2@tdm^Y)A4NcV4F|(XU&0F6ssdx5X3Kv`_(vL{U+U7}`;y_io z9vxUkIovgVGKt%1sC3oz75QKsPA~RdxZES}9ly$V8wB@0KIbGsP8MCVZN`Q95*$I5 zhqaJ>$@oRWyc^Y)n&4XUc*gH$O0BpH+l9mS??j;TZh>D$zoqGWzfVsqz1dS;9{OM^ zri(mTac7-=Ry6#eD7@0kYv!6TX;ZvIop}Chr}-J_%?wSG6%H14;4*Z^#k>S|?N~~R z_+2z$t*)#x*F&qsNpN=xzyc!COkDv|D=CKT{Bo^b_UX&+qT@0e{IQY2V?~`op z!Tstkg{u9<-Yx03|8yAD|1Sv=Byu6|nHAX>>G#dH@!(4op(aED1Z#;QMy?f4d1nHz zv)S-@w!r1$zVrS1`R#l28}n>yy*PKa0SX3PAz*=!$9Em5EylFvo?GEiBq zVh=|qn(_rn`kTCX)!&)c9OUA%`B0Zt6 z=)Ok(j^J+3_EG>3tgf~AlbvORl;z-MRn)vZ8VHJs2#6+H}VcQv-IoI@L zMuJ3YDT%L9Wrd`>(fn&`_kCj5dJHg^cKP04GZlGYN7ycl{JSHHSFC1mcXuK>MV+bm zrCm=oiZQjNzGc(f;iOIP&u=_?_Vck5PCZ+OPfp@-;q%H`L@cb17i3+NU~|9BK$$^T zR^B_l=sf2r8)ikjQS*V_dDuOv(YgKQI6Py6QZIE_6XLvoQp^$RyEwc;!uTd-8!z5Z zWH78dJ1l5s^ERl0;C?_9*t(s{ct(>uiFyT0BI5Sd@I7gZ zC+PeL6OZ9kn^vGYgdSSPzejETE^;JcHY+k&&o{{;WviqVy(i$AgzV;Kc**(Rzq?Y{ zapI<7`N~hgNQ!icfG}#HAl)h< zDIJ3iq+43)9^JVCqeg5Dp40z*KlgS0kK=jHH=M6FcE+!NpRa}C6QGSn%gvJDo#26# zmLhPaN}X6kuie{4-urI3Ij(jK-c&wsakZ3sg%JhXNbWhtW{)P!V@MI8u@qo7YLiQ` zl1%u`kAUwf)Dv-r7v;tTRw87L5)7YhZ;?K8glD4noX=RsL{#9+hrolZbt&+^gsD2z zYNKIbSk2{U@=$g-?C+{h&MC#ewsl=?ZbVJ89*_^IQVhIwamkix4^!8VQxE&F-6_Pn z5>!SvS(mFr?AFRHy+-#t=WRr4;ku(s1m&5wL)5744CJYyH$#BQ#i76j!uyAIpCfmP zMS-%&Gt~NZcx3||n;VI%hzOUJ{%$!oz=GWx`ZF;S{7Mo`0S{G!+ZJ)f)xPD9bmYhV zvKj;EQo4#wBWi)^7doc$QYF7aP8`oQ_Qms6kr{{b`SxSVHuvW*wuQ{^^%B=#gIB<) zP&(t?G^~EqR5vyD4=nCd6QLjOy)UyXkACei1!kpyN9hP^us#NSVN4j*%pv8EO;rGD z=Xz`2gXB)%eq^w%s0uKcNT%Ylvy2S}SM^1O-5<7l8SPSq-XV7l)(pnQfyPEfI*=xg zd7o;v5P;HwyKTeyF@)Mgj(WuJg_Lc^@t6qjO!k+Sx6Yq0xNUN;D!PbG!@XYoHubz# zKt7)T3_Zw1uDxq?xwFrFC#z6uOG1n3U0#XL<8R2kR9tnBzE*~OIwDJh`B2S(y~&%} zk-yr?GCw8xhJZteZAm@$?Kr2Eb7qS^*>1GGC7%heOz@RYsO}0@ zcr7TPvGk3d4ZBI`VRA`9dllGiMGzmccH`xq{(vhqTQ_=;`xev{D@{(YvXYh!qXwFS(gTzBoUCUZ9j|LMY%`j3-UVNx zW5Zk7$33o=94^q|pQXL-xSiU#AA3f(Zs$aJ_~u;Rj-t?MHpkJ6osP?-LQ#27-QDvtuy14^biJReF@A9MpgWl-QZ++nsebIu z_eQ##?w1+LAb_s?&^pII55>0J4*sw}hUXSZrQZ$7g6OhLUl{g}c9@&VV0F7@?- zWPO7YAjlGcjcm3cdDCG+kY-BT3lXyK>j*;0W=eX_&IAUpnS(#CZ)MNB%Rg^G$-41Vv{*axdWIsu7cs9F zif9b-)9X19_!mDCC|`Z}v~L1zcs@Ne3{s&od)g4cIJf-Fz;B~ub!pi)M0?^ag&Gm} z$&h@TaV9CXi-_LoFh%9~6N1LmpR7Ju9#5gu@9xmdVD@q?(&+jwvn!wXk!}XOsujvH z$iI@#t!Oa`+mD3a5Tw$1LSi~bYv475LoEL13C}-mk}W!kX@Po7WrlVxwcqzw}DP6{m> zYbrR8bHaetIu|LC^@Vlq3#ImR=!#YEowY<$2upJ31sScycb&3#beLRbxzYuzJZ+T_ z+~bCV#7eU&js5P2zE?7nmy^|FS9sboxoQ_ooYy7!+)`wY?ZmLb1qH11$MVzP+3q%HRs$_L6W)P&zf_g3jXiOm^Q3;VV7Q zxxh%NfYsqw0kg=s<*^(C4@rq;{#5=ENKDFAni~}ayxHy*U3t>6U%`_{7@c z>+2dgX_F0qjxL^Kli(~7xD8{7m2LgQu-vpnz$!a2aLRSeNY2mtF+FQ*L-UJ?`PRyk z07A`qaWAdJ;!@(1%C1TwL3?F>;{i{#@^R+qAV86Do$CGbd!M*j_O|JOp z7d5!9Z?%Q2;N>t|WlYf&)9fjqBHga(+I%acyUqCJ?cXV+6Ij31cW#gRWszmgLveih z*qsBG3HP87Z&x;@0HduyN@|Lglw#7Y8)QA=z+7G@W@4)hZ{}(E*}IV9qn4=1LQyAX zwXz5M^!3BlStf$(>C%sA1ocZ&R z_db8NAUl5-U&s#suTJ-!r4A@y5P!kWWV&l)F>hp!#_@o_G8N{p#IeA=iDYr5pDy zO5uw?i8kvMr4V&6xTO%Mm!+)NZ@1UDJx&x`0Z&Swh?n(1A$ZF%1AN!11Y%Yj8c66w z1i!u59D9;6nHjQ{sn&R;X_<95R^VzY=$Z$mBIjF5F@?s0qp7<2rsrD! zJ6`c0mvsApIa9`mcc4L>Qb^=xL|bTToSmoJwS=fKstKs$ZvM)8g!-%O$2U2icqE9( z613cQ_4e}vm_sCgc%M>2FR2zjRXyI$>@ceCPYW+nkyLVRoQ1Ji6^aMm5xLVRzxUJV zv#I5)9u4#$m-0Zbf@-yzJE>9@WeUhp^ia%D)umU|IH91rgEhj7+`^?wmxAa4ax{c4P6go-BG-H_1SSV zD^f%Ut@c4>X{w?x2Yid;*%aFX3;=msGA2ZCIUOTn3~r;MMt z`lv(a!h-S)mS>3EP~#A4X9)P>VTKH5Z7)O?M5%lBKh@G!Dm4kO9YI#G$vE`uyTq0Y z?!?Nkm1?NyTUf121bE$kvgb|??$-(n5mTVl@zA^K{u12D-Xc`wv?26hPzzSqQhkpG zN^fJP!IDTLt3(*~YpdZ;TOU(PTSYjVZX8ju7fY7pOF6;lA^Az=r>4nQ3(Yz4Cpkwv zbbVt9tJ}D+nb?M_vfrQ7t?iEv;JRj}jV+mUsHT>rv}Xou_kBJSt4atsEkdmEl?Hj+VTbsE*ec@3gAmtn`A{uf8Uyn0GhAax|MpQB3&?1u z!qnul&iS5GUo3rAybCCB?`aX$EuiCgk5@{cMwXnZO z^leul$iB`?+y3gr^=E<@**sw$hNV9e{}BV@C59`tv~zN&(mCUIt)P* zHGBBn$gwkirQautI~fifRuiRW)&8^|RRE(Y+6_~|-j<~&_rUZU?7jO9r}+zlf=ag&JkF+Ce&l*HK5yM9kk`=Tgtgk63GSasWqxk8D7PzVr_z87VrPw5)$+8k^M9-G^O8l<+LwbvQmQfSrEsa{ z`V99SQsGiusQZe#6~ny22Z=8wGUbFAiXt4$QLcwRRAu=8B0S_;j6@SAaYE_P+zjR>>*(O_PYs`mG7 zK-x)k@~t5iiD^_iZ8)$A4svR^?;axCRJt9g_$bHfhjm=f$1k~c^60~`2th$-We&ey8%q^$5 zA3C@S0zYZ3DkwdTUNyY_D2j!3FKFbR>(FGQ|I#k|3!9y_^XM%|fX&s7I18XmlKLue zb>xak6Kg-^5*6ToAa zBV<8gRcB$rRJ~fg@H$b#_jba^7xm z-qey0^;RZ8toqsKF3Q!Si}3g*!=q#K5Zva|^4AMagpuohb7%I-qCVWo$l(8(VEm7Z zRrLt53x4zNc{adBk_-@iosex*RSr!HO-k{i>kS!l%mgd zs3;$3N7J~|bmN=j70sGNU;sJO%EbYuQ};HmGJy!PKtlK;+&m?!{fo?0U^(;p>|w$a zQ?^~BE#}Z$Di41Ty--%B*v#ZH-@V9|e4n1b5@!A@ygWqe)!RP#l~)#48Nd(L>!>xo6k`hR*V8(G70Sf^hzerP4n~@4Lb&Hz~7|n zsHFS;+KR#RozC#0kdX30^5BuxfjeGCgBDJd1td#(V4H99BK5FV&Slyzpsz zCQPR?>mDzu8fYAnOZ5G&;z*a+y~k0` zI_M3Vm6D~bVhUz0$E9>9I-$gB_COk9zAVQthG8Ep%WDbj;P-x!m zhC*x-TVw*gFGuR!CCJ8Su8j?QTRRK1U9OluAa~z;I-C9~ue8K?;m@$xjf3wY+~-z= z?uB9Efs_mJp~DPGktE^fyYo4tA|vYaV*?Fx0ey0F89ll^7%5eKGuov(jcMk~ipz<2| zqw_K1v|cA;Y+uVVY(#y$Ut#EG+)U8VPK(5i9U>DXBq@o1#@>EPeMD0J=CkWl0wu;; zwwU=F={*j+(GIhwm8KRdo?g5D+ZGi^G5ceut~QBaFwCP=H7Ot5z&qb)fi5ZWu1v2F zk@Fw4^A8O-CP%~A!vll~rB2Wa3bs`z{A#P^_una}1~8YItq(BB=L~dImzjJO(U+SP zyLE~}t$c}e!j#Ot3l$>xWf-XYd*mRs~>Nf5!}pZ@xh*_~6oDpe8%?&(F( zbv?{XUV-(3n|%*L96q1a*U%XF4;5NP{qz2FII60iogl83z4e}q8rHG8Z`i_V7@i&n zu26_}U>e1!MxLv%f@H)ga}A^{QVR<1&tP(kyQlO@I!L6xY}({*jQqSa*>8;}9HC5^ zr${pYL^Q(Y^F1l~7D_T|l7`HKO~!ld&u7Z>Ps0fz7Z1;WfBAk&q9Cs)<35(F%6bK+ zF}$77R03L+wK-2ZT%$Qs`gcw-%SsnQh>cFyiWD?ONIiYk&vUVZK739 zh0~9P#27wesJ>oaic%>X?I=#hNAC@Kus}X}M=e;O9yv`H;inMM^pLw_n|2^6@I6ku z2=ir8@f#bFNBP$`*s;F$n>EqZAlFH5le7^1%|Utp_dj~#%RMbccP4^g%=qx&Rb<4S zh}3?}Vy;u^L@lqAU1iUR>;uCw1^)MndsY$4k=K;BGm57TC=#2}q6BaBY-L1Mp?R=( z6-uTuL#pZrUv?1b*}OU`IGK%@tWrd;ids1KX3JRt?vf*^ozCoQd-YhUK{cqz%lSs=Em_cJe5d$$CyVPHn_O0MtJ5<@3b2^Q zl}yHZ#jV}9`dN&m_yQyj;@#(W3$5OXx2qPk9fl~e@M?l*;xE0qIqZ;Q+S8)#_r-t#Y`iYmz4eCD~*Kj2v>A*sighBnBiytu^v@U7o`eg?H;;m z^*X7797ikA0ue*TmVYbr<8Wr?un!^`NB(98NcoY57Y|hOw%Qyy9EGu}ApP*_=vd`` zT`6Yw7sIjZ!X2s#Dpr17oXY~IylZc*Uyg=3sD*Yuo`7Zfsc^bAp;G9hKCcgYgzd8y zWjJ9a8!N*M1>pLzoV?VOFqYHtsZe`m3ipADkL5k{u?ker%S)`Bg-eG*4b#)wZI$a~ z%%`vS>26vjf4X+Y+z&s5bTqqN?JckGlA(=L$#*dc&s-$yuqaaJ@qlOSj!CRRW-=O5 zVC!~)P3|z3@2eabCbJ7Fxnks{$ejqK9Fi09_$SiL&r#_;2P>Y>iP$n%<^sX__Z>eL zPL*D9K)pq zXqDF;g>n7OTI!yD_0O^}i=I9{3J1h^EQe7t7yIFPK}&BU$_Wv}CE9r_j6=aCD&VDQ zM$rBn{Do!sa7&oJ?Blg9`X#v^E3?;f*tEx5YqvI+dt?Hc?1x+SvNINs`>x?W+dn8B zZYlij_2;xWVOf1)d)ZINswJ2OVEuF3-S_kq)jehcwTFg?E-l_Yl+l#qbyb&NlE?dH8OQn~##@55piSGL7L>?~$C09Y zVGfGSLd~QNb1Y$1`LuBe&B21ABxJ+5(SN2q5_)>f>csvtobiF$IPLR$56U3vXAwSH z7enPNO7TtauIK3g?h8G3%icfQ{z%Ru`6J5Vp6=uyIpH+Q<|j7~5YGm*sg#v_v@okq zQ``>*s>OMy8T!Kq_&(csg@>`-YNmS95qXOEhQ3_8=J@y{fQpa1j64hRII&= zce;3w+GX1+{oF7~Qp|o&ROnTj)x$u&x)N#Y+4~MJZ?mdK&IU>yB0H^f`^S5e96iKj7n+ z3I#QU7dg;V3UfkN#J|&0U1O8rI#c6t3BD8iD=42>s6IqBD!CI-eXMS?qNbX!#WJ*! zZn(jaQ{>jMnxDHsBZGZx2bxX-@L*=O_AhThJ^W9p4IgmkP_cygYV~4Y&Yj=SGaM9oaIwpD)Voz z++t4;$W(#?tYX}hX}_c$>Z}1p#p2Ry#8jWQaxA`g=7f1h#PlbYb-cnaju-T)5F0KLMp$LP}$|;)&bdO zGW^;KFO-XVP!H|Cn!RR7NhSDK*LHlT2^QWS6eAV?REp8^rava|7hyDHAUrko)5RD6 zJOlk|ARY3d_f4^6rHZ;WeT(~CfbNeH1WI5GwMR!4h1{C5e6DhAW_#8^o@AyqBTb!P z$*a)PGh9~im6*NFSF9fhop-}}crSpm!;J(XmfRkBv5hlVe<9KkU|b0aJw?>WIjRcm zkaE6}?wE##4qDE*lO%|UkZ|F{?3Lmum4_w^opyH&16zayqgBS`_0}&%?eTk&swFmr zk+g=PIsSwK@;gKxUGCLX%To7Wn0S$U-Ltu$Q@LPr5ai?g=|onQGcT+~3|R@8`EVJx z{=?pb_Dj!akV#UFV2_~uV2ypb2D=XF+VWX`EU8|#Rkqiih=z9lx_VwF;=AdI(;tQM zUbvHPG@|Z(A}|bjrk3gz?dEq;%?B?csCSQsx|@2j)Vfol*`s-vjT%8xa%ApWxh#RV z9eR|ZUhh)h!SHilrO&M841_pdNTCfRHtq2*W+cR%JgA*@XI3gBq=2AAkk`k*Aiqh)$dz0e@3^Rm!?FkvC6VAccJt$|P znX@_;y94T_?yT|nf?Z803xiUO{pt=#Md`HKP5E}|-lnLFMJP~$Tt<4QI7wKFA*GCR zeVi7dE4(m;J9jxt=F0UfVjx#dzFi!J>Q}MG!WlbyE)5K?iBQ?6ucC>*XT(vP+@`KZ z`_n9rtRFpIJnE5fefPm}%dU&ga?*5dvXL0-{e@U0#=ytNhsI_N;J_4ufib<2;s-pv ztIbX{qhn@q`u|DF8~QWA&hWJEXc!K-D8T%AA=qaU5DssS`e)FvXt{Ut;V=7_K{szd zn9-nIG-MlYe~o}X`6YBJ^;~pI++lC=wJ+Aw&;{54{rjQ+edO30gkDr{zgM?|i+>if z(&!=n*URzG$lrLAmksCcYnn8b-*rM~P=Oq)xPRpi|9qq)txbOZd*@!|ezSz%Nvx2& z3F6~Lp&6+=>Wvaa3Yd4JRga4vSNHby@gf>W;1+VtsLskg=*_dk9wjVv1B`W$-%qs5 z{(8FY3-GdXz9N1naAE|8Xa!7*z*H>F{rz_?fMInkw7~OZ+HN&=7A-&PwRCaK;_D^SdUCF{^7t49o8jjY_q&4T179(Al=GAld{>E1S^2}?S;yFX zTo^@95`P-TPzws|&3jv(I0Nkm6a=_OvHbr@Bl+(?!H44(|N1BXo{kW2{+Q$wRINCo5lNuEn=bRdj+wB! zpk>!%P?k*W)Ftc_qFSkwfAa@|#vGG6*bGs3`uj^?s)m@;N3fobX7F=$+^^*h?D(Uk!$bF`dVh&aPo+R3 zJ_+B&q+NZYH~NSvmj!@^oZyV>=ekKuRr! zmZFMZ##(J}la2>uVEdnnzhC+&`}yx>_`hSzh*xDqlDD*4bXq;@35h~Wwz}IjcB_sh zxb}0c+%5vUe3G5Ejxdxn_|PF{KTUEebA?9?lOmCho@Pex4>e6ol!f}2yBnL8*d?@i9ar%$30nQ#(b6BSZ zQ|de2jnx?&we+N?dLlx{K*5OFE-J1{kE{&KCn=pAA6d}zq7ST*VPU&^e+@@5d8c{r zV*P&7r8lM16>Rb1f&A<^Yj+xgiCB#h{X0Ixn5EZtt| zem7x`er>^&&Awd3Wo`o%Et5`DOcz; z2KWU`@`21w)_sns0De>Dprj@nu%fkH2u&+lYluyalU`pAbV97;LN_hdmq2| z%AW}F&2*1rSuOPCat9SHtHJ8UqqxE>Q5T*&SI?Fb+*XfUFpoATcS@a`ez>Fo@}hh7 zy!`xKx!9j^&$4C)*QtM}i#u?%OxNEPY!YHh_S`L@D9*x~b3U^+OVib}=y-N2qT}W! z%o-7)YVnoW&23fqw2LmGnS-gg*nuZ+H^M2^zIbafOZRXB6kv4 zC|!Q59DI2CGQ@&14F^uj444NscIl@l@|3GNn$p;H$yM>A{BOS>{9ZO(=*fGQMP4=b zw2)dI^9+J10PIyH0KEQX|LpD2#?S%&w3;yJ>I@HdzVPOpsc{NJ!5U$I6oFAwW#wv# z$wWJCRg;=`U5}W=-l`kXH<)^TUpSrmLb>6R&CYWl0-(U1%cu8;m2%zYt08ZYek@$k zaUFCP_li+(wevJkQs|~&DvCJ^n^eKp3thI3%4WaQl0wGl$VlC>WAc5qsd%aQgabxk z#|<90{@~MV27&C?>@Gh1F?T#3p&p}nQA??4z_>fI*qEU>&>_;h%iV$VMeRjm7bpwy zeS}3h;3LrhQ?AD`1&PyV+)fI3QYwk42>>4Wv-8cY39S!L2C9mOmH;cDi=N0>wse$P zeBI25AWR)UJ2?2N{{zqw``7VOWno|VMy!hHy=_R5Lsd#-rQyRsD0l+)wT(1^oo=aV z?Bj{=gEK_%`q^~Z%uY?muT43YUobGUZ`RB?{^&)MZ2yl|N6EvR_|k9IO_x|y336gM zoCu;0IzK=6-nn80#j(K5zt`0CnjTtRY!Rw0e=AS($e zDene@2vPwP{#M(%_4f(jH1%=MC-I}2f?X`&J8es|uBS$S_6%JX)h9%K2o3?r(Qt#O zQ?+YHdpi|1V+pI0mhz((LRN2}MY)q`Xg<;iG-6D;UMEv=s=eKr+A(-oE-xBbt%lFyccPbWlNPkGZ3+z{M}3f%m%!~~Y{ z^y!oMR7o|EqE}g*Qw#VGLlD5(_AVX9_OJ!oBYxc-Cv&LGyrLMCyYdH7dAENiJ_Eq{ z`&o3hhNfxtQ0PkOPF7WwepAbb;)a)B@I3Aw9up#`TVbrah>1OfJnZyCcfYl@on7(A zvN{oQdH_w*H6!A*zp5?A@#qnu?CoHZ(_WDY6*}|0Zi&_Cr{ibJ<4?+0{*nd$_ZTVe zX$S~*6jSS(-dBnEEf^Q}9PRf604+I^Gs~8i{4#KDWb|on-JyKB7+A#d3>BfnH2Iuq zXzX}mb^zpN5TM-JViAb3@?OA7V}b)bsVUFwJ8m;eejvhQPo4HD^mG$>A8opTx{y6= zERM2&S1&{8%)@#8j$g48jnsSCVT@BNha^leQpQK-0Ss}nlH{mr7nJwqx#Pl5Q(_|Z ztJ+0#kdtR+_m|-ieNh}1#j@pfzRq)>gXRb@!y{No46q?ePa*e=(Zc^Agz<7H@bWI; zfF)Q1cdp)47#-K^JMM@&&o|JVQm}>EWd<0B*v6PO6gfOp=SZAv!R<*w`ZW$0`qMT| z&9^gkO<`qO1ac4jg*TSN{w~Bq`mr7ZdH`Rp1rOSIj8nKVIq_WG3s6s(*$>mVpRC@~ zmDmfRy9{<)Wz~sG_j-iGEcl^yt^?p1ijo5UorC2zAeUA4%1Y0V3wV-ukU%hk~@L}H$4 zn)_)rn%5bcg{cous03B~locbd(`insX-ev*Nu@!R8qlORpKq9yue7>?O5^&$<3)s^ zaB#EN?n;C+4nT=fQ4TY0X8OU9;1h|>r5PtUNDMT+>ooyyF~zAVR{q>UEE`c3n6kCSPnF=&Gyr_kPg zXW+k*t_dF|WXF>FvCgJwUA z+|#mF*A~3$Ej2w|+vU}mtRl7zbUm0m6S614XWpa?qP_cdf4Z*8~GFpo{$u3hb1ctJ(p%OD6oju!E#|;3`?QG%@IN z*kbYStn2t{K|aG%uToMuYAgXxZb~{OJn3;_M=5Fn znsSl>M!Y%Mk+2^th>`VrSp0))!YaA-dx%&PAaIU&vhNjpi=93DuZ^fMMS=4o#$vBta6gz_@z zOly?>uGse*73d+k2{J7*cCnP_Hn_e9FO_~yVS5BDL$*`Gf;dUz+SC}Clsjjth!`E= zB~}yk-V=Up_9~QVTs9%{oUDG(eK(5<5dJA&?wF9Q``s|_gD?}%<2TGSUHZf3clBy{ z)dQ0@^)KHJ#LxQHO1e-3k)zsfB1Tj%dCm~A=E#^tVbHaHXbNAaQjy_&@%vyx>7B z^E}a%?$if}j2>}6emoK;4@xyT=|=Go9R99TgMOB<&YJg{y^lFt^F)<$FH|UDl0CoR z-vb}ljsTz@i+?jZsK&cJOKPAralq0yyyJ&j=+G1#C>!N75@MTe!IF6SDa2S}9IP`R zkrW@J1HSeijG8nieS1^>y0pf`wjCk$h5*~=x1lg9ogb4$H%YxR!7w=#R zOux+iT!=GMpD<8SDG3Mor^{AZ1`JQC$=?0+=@Srdq#`;uy|%99jugdIk_9>J8-TF<)bk5uv~m+P)pUNuLj#Ueh6P(+&Asm+L;4msG3zETxH*R}O{mCHKBb6v~F z`7%PeB%a~Y;njSj7o>1TOW_6^1bbXeJ$DawKSU^PKtwTpcc!+-CfQS`ZMOBY#G*XE z#wDI|H;fHth%@7v7kyC5*LLr8xU|n_Gb3zo9{vmNcd`^G$0NsvVaF*2F-_E;JjeKG z#2YBKR)@&v^}_U@Ctd3WH+mHZP+ul#xGV;Fj=vBUcK;}L+m8o%b54u<%x+(_2d_7 zI~9DCV2e>TlVW=<0|VT0NlU@|EITYdDK*k%wl){QDb=k{nqVpzZQ))STnM(q>AC{& zHDAIrLkH|BI_z}eh&e@on_J$}GMnUpoc_Jl#5UH90xDwItbJHtjP~poY`x5x(aZ8F z=)Ex2+ApguN?UZ~O!W9S5(s#o?G*ie>aiK49(qBFP6D(qVn6<20OfK`x(8KGl(bEr zVg|oJJjvxoQ5)l3Q@0Q&+qoqr&x?Km9RGm!0xd7ofb(^=(k&3vxz2*#wL_zX{SX2R z1DHRlU_m|r)l;Kn6(xW-{Zwbm-B$P3Q!JRs@WO8IJC3Q|a)Qk9z#G)-CiSi? zn4`@sKafd{hq_UUZ_~k*43>LkIl7ErriTz z7n}wxn_cJq{dwR|*Dhx3D|JF-)`@S#j5Jgq6%=;_B3#dPEiX$e2S+VLOr2aZ9x9{u z`c?Z~G02G&d^;&o^R8&AX*J1t4cYI0(?}qQupIu;hBb=eOhmIW%QQ@GB$>FjeSasG z_9w=k&1LF`Vuw3~OY9rSHLvv!Jm9Vg1fW(`hMWoR&x+R=heB+VSuaOZ;u8%b+vOa?anATffODP8#+={Yg>E_;BtGzV@Ps zD^@=GDe5wtqnRv#EJ(=;#6Cxxd^N3wVAhkxPv<D&2k3zq(ReN46hoP%Iw_Z7crhop#R}U(+H~$Q{9jx7T3>$`-o{o3x{V*KF zG09!3gGyM0-#!p%DAG$TybiFA)X~@GsXdeHAT6}n8pw|nH-9+|JUUo`BMs1 zGaq&$OK+Pr?>eRioK4$_T-uh&`DyLjy;74?R@w8aYpn5)6wO(DnI9rVi&w55BIFQk|4~(J^$7WBbKG>PUAMPO=oOiD# zCmAK@Uzl6Ex>ElxzmNsH&BniCf`5}Ch! z|6u?4VhN97)nAIuOv2_HokGDjSip6a;D92FzR8E?ohLN6&99bycji&0PtY&1f69^8 zOyIo>)mxgg^|y>d_%t&MhUsCDgK2R+&-&Hy*9V|hoL`~pLFIm!qI5~a>m5p;>=*Fx!#>o@zwap@jB?XA?@iEp+eN-JiE zTg;?ro}A}wMctM|o+>YuI5*iG*-pIUo|e;n{cbKd?(M-Bgnp6rd0Jof5GEN*4^;Vb zfbkEF&POk7?I(koEHLU@xCb9cjLJ|I6- zIHJ#d)nfKbcA|d#NGo?+?J=q=Li({=XZ$tnCN=uz9qPXfCUxGu{F*k7aUjIS=Jo~G)|z6jF2O1>`=zCeD9z-O$Xc?AY$d{Uu(_H)R0{`W>06Nh_Csq{ zf8$CX4^S)D^R%E;-6-P0g}E{r4&RJikp*B|YkZwAy(W<2r66zFsAziq;_6xEj1@MM zw3T#lGz%B(-=o?kTkVaa6#;iP=o0^8Vb6%FJMBROERlB^RDWCw<7?3)x=;kZ)7>HL6$_JzkT0aY{ zzv_sSlRR#T8LM_OoZE*7S}tY|nJA+MDCC*+O*m zk%@{*_#S|E>j27TM5IhXWhOQExi+YPx(KGYz;On+)^SW(+`hlzZmPh*; zF_J55=5t8M>X6*&+utm;tJ8LcR)ag!jsar@vbl;sMn;6~0p6i(&5@)KkK;E+QCtY! zd$bIg^P$9RkgEi<2=iu0|IBLHcsaDjafA5oyC8fT58V_pOq()k?NU z=un$O@R)pW)3ldK)n2=dA}>z5=1=E>XWunyg?K3ixpu96CTKbyHI){zdGd~wOhNZ; zPD7H{^iNOd%%;0X>Rg@yoln-9v1t&j=EA?(b=O)-P41Wy)`E4sz}0V#AKJ9`VmrIK zOE3WLRgbOF^1;V>sG;CJT3QY+Nye-5p`#SsN)$IQ?^w_M|LY0@Cplk(>6!>rEn)e> zo)c;)$5EV*lin*mN8z^VPyqZbGAN6426pTGa7F|=OdX4he@VbSK$rV(rwIBZ=&{f% zwi#(t8rA%UvcjIxUQRz7Iosy*f|B?Rk|2$Va zZ54+GZ!4u+`s_V0{ret6%M&i<0qa<;e0h1@sL7kSJDLRw z8(3q0%x)loeoij}v}^X5L|=fC%VPA8AV7uQ2#aM3k8aWi6(&1f|2~u{(^}G-50u+Y zZV5xbIz>)RiT6XcZ9vy8c;b6M0N(a*q}-*aEf@2*%RdlP10dkq zY`RkQu>qDR%+jn(&;`AE*)N#K0t?wE2~Bo~-yOKm`C_6Y+kvXFKhUQ|`r>}I-SiCT z{;x!~=;5K-aVjwQFuLZ-+jEI_rwnv^9Id36P|0Qd*Zx48nwlabw7~C>ZAM2Z1uP}YZ#cpEb>QnGE!xrtc_eO=8)dbZQN=^j!H>0N zLIC@&geIl2X2vgZOYi?8l78|oeWAACZ(l7T#hxbM+cm|;liiV4i>pY-H@efv`pwL) zl0@DKCxm#u-$~K_&P`6$l|&U%kj*5W?GUVJkSFd>B9B$;#bK1_jx@c$|Gwe0#Z-MI zJ*R4HXN%k^JLhUOBg$;{WIVsB>RudjcB=)DL?at3(CV^F6SaKl$QZ4fE1UO4U-9d; zKTYSPfQqK;1iWJQepUqlyIrccD}>5N5`X|fwa*5H8MoD*N2F%q++(W-V3_0|KXD&C zT@0-@AOCHf7G|afk%`(_x+44p+PImX6bB zsaVIOrasVadmCX^t=$`0DThD)O2Xg3XxQ}{$TOx6l{woKeX5!XDDs8Vf{}LyL~r?| zx9Ia6VK7~Q#^k|#?P3XjjRVxe1-uqOE$#zAEq$B**NqAer2zrn_RDr2!DeZS+67-| z$#1U2kwNiXk<9OsWI)qR1m`6Z0vH2=D&Tj}T3ZW%uA59}>4M(P8d@xW(G*a5`}T_{ zniV_si1q*B?60G$>e@DLSQHQtq(r3~B&4KM8U!Ra9U>r7BHf@!cSx5YxhaWFhcrq_ zY+}>h-ThAVy6(sO8Q=50W4!#K+u;~%E%sV-%`=YQapt8SUF=^g!zYSr))+SsFgdI9 ztu!yGM$b!jP$`iJCCUoN(tY2AQgu9)e$(vTIXv1Vm`AtvSujWv+I`;r@O{1Le<$Z^IY)1NL{^^v#Jfl0%4$wTuh%vP+CF4pWEq5# zTq8^CxWb2Uk-Zd8=|+*0GYi`GdZ|zK>om8iGGag6_^X7G|Cd^a|BzFzO)Jz&n+f@) ztc0hFpuB5iG$B(j_Xj~TeW;P=)#>tydU5iazS(g7(+x*~hKoHpFrcJ(jq87I-hV#z z2Y!9*%Ux)4t1ek6H!%4@(^ym#-c8iIR&r*V>av8JH26{g3)nV7Vyfvi=q=lJ7x23ox9mj7PqOBdoOLG=$d)=}Im^Z(Xp;Xi$xvByG!vNLh2 zElMNKWY9vU&S-`*{}Q89ncwOd*omg1FioNpZG3OMHQ-kMpw>!;7%0pcb4O7a(pD}5 z!(xi);_oI3aZeQ<+WdRQ6`y}?({3&_W$%SXh^>0af#OHK?GZdaZWC&c<|lxnWSdQ-PgkZLkb$od}#zM@IBl&u0FBa#; zzw@gz@O?dAQt;ceQG3)*wV33f*Z?q6VRuq2vb;hKh>imP(vI=NtSYJ8xL$eE5E;Iw zaL6K{m-qNJsZJwJLs3>9#)U`->`eU_pwmE3iC?C)W5@S`TSNVO_q2N0<@BOalhM@9 z06m|LOOuy7%Zr~*ubOZ^P4%@QxurrZ{F^MH+y$zSAHE&edL8O}%|6jNP-iUh@<(f` zxNA5gCYnywokiN}fcmA@>HUA#uYJLTuTOw`Qizl$Ykizb$U#ZEjMnmpl48OJx2G~y ze8>z*2Teo9e?2i7s)-(wM9e$Vot9&4=_;mNnSPF z+0Mnbn}`4K$<^vds8?8;(935e{1&7^9O7y6UhA1lYx|J9myZZj>k(wa8V&Nu?3}V) z_3EhZr%#rT6xL8I;&X|iboj~BgkpN9g=3Bok&7UQ%8M0pwEb-{m=yt3I@&0~qF9!^NSP+IkFY61JY(}N9v_ZwY>$>g{ zxZ-2m8TNVRRx9&U6(p^WsYDTnn1UeDSDF~iYr7$BPx5nL>tc3QJwJ)3iu_iC+)lYG zlNuRvLMipR;N|noALOEa2=nV*%SsgX?Dv@kEb6Sm3BvS$9%p{hnC4O%^!wt18UAZF zh$A|m`?pE*H=o!ZrPKYPtN*+qQh+DIA_W{NzQZriyrBJKB-$Wib-!#TB!Mg0NRQ|> zssNK*h56#0#wK)M6k-}vIKv=>{*Cdg&w)14Na-Z#A4*xMY&Y* z%RmmM(l>7hk6uVMvmGNINay`tF(Ea4IC=*rX9t*)-6TvT1cnXJA@1o-VNV<>g~9d_ z|Ju**eiUhQmFZA4cVxG0#V+QnWU1Ov?7t(Nz8l%K=)g_II-KLQ8EhUSV8NSd9X)o~ zP%idJwW>ma+p4d2Ob@v$`LT}%q4k3(^#>5bK3JGA?%JfNqffY(Cl*&>lz-kDa4 zzk}^orTnPiI|;Z|!5-iKuK3C*=cx9JtcBQjFJ85s>t*FF?rYSsVQG1AC{;-}%DQMF zW1g`sMi7_{2ICq%&8rIJYbdshxIC5dF;7z+q}CeU)ua5qv`;i?8sa}SXWXX2zFiRA zj8pm3ZgiSo0Jm-4R@qj`;K(@oKjO47@;f2o<-_FXOxAvrslEr2h=`JOHn-KwRzmHv zybuD@q{n{=O6`LfeH~ozNYF%EZwWag7?2~W%a7LNH6e=~e!rN+6ODkcsl>^GF^%GV z|B@$I>~Fk~d&)=7uqTd|#c|kJ@Ff{>tM8ha65?`*Cwad1!8pj!K%QHKaW+ZidI?Ow z7O&xMpk)5V_cHoDgl)jKiSQA9 z+zgHsZd0dq*RA8kYY=LQj95n5|I~XbrKcNoQT^}%obcqpn_aU#Tv~$FWivb=a8KJp z_dJ6|;Az0>_C$7an%=e?r~C1e#kjFU{;;9=z^Nx1X`FAy(Hn`?@wr+7QglO4G?$9K z%Y6>N+{F%TyDgV%!(PTO13r(#tE5s#WXBuc8=>1~OHln1L6apmzvh!T%JPyRI?~1U z<+T!#vY)uqHSriZvHaMoSQw8h?f1rG!JQ(g;qj7nPZF_#b~3E~z*X{o9i0h<=kple zLdSqoic1?)USTW8$03D>S1eOk0Vy%Lq)j9;N$U(7X`v*=$j0)VElM8R|Lhn1VIe!4 z+t}Um;%9VsUywRxDk^-CJdaJ|9lFdOQQ2VV*RHP%yRd#WMDdrcXn&qrCBc{-%<=u> zZoQQHTh{UZ5*AiW1L~tG^=o+<91BD453G7c*M>A(Un)qx?7we}Ik?12No1CE5IISZ zLv5vXi-UW+KVRVuWpkfT?k?iMNIadY9?;*^#aV=g1H*XlEt!-k)%OV$G_BO<;m-)G zX%|Ngbv_uwx{a+SgCd?y-Rg*vFs`z0Il`ooFF~R%eKnmtOJXp-#5{g~V~k`;*GV~h zvoAoN*OfNoi_A0+!u^pZm^T`Qrt0P)7+z;cL^`;-c-0OFm7i)xz5N@XB7Ufzil0vy^svDhCtFAZ|KpiSr9u%)n1=s$Y14qf6OkL}8&u zJ7xkfmS{Snp?PX$S!fKcoMq_Li`FSiAW(rt74!-YX!X}PMxqgG?%SzWD4*B%BZ`7X z$sDjG7xc8_fq9y4r!eDG$E-J0y^8%O8j=g0=Xq&Z?yxe`jkYzI9%}ths)U$*Ez|IfK#} zuluxn3=t5}F+YP%%rWeOHqXN7vpu0Eaqw2Ru4ntTqH=vZ2Zg0Ab2rzURjmE*GKE&s z4UED0LWl9b|>b_;9 zXeRJ2M+!E}hHP&nMD)*>hp*y>Kc@jAijybtccm!V%WlQ~$cDz42>4NW^pQPKU@x1q z#Q)pa_N8dsHVL8Saa`pI_+tLkoOyYm^fh8YlTmzz$mN*$^)q zh9SturAGIqJqGKsl$Jhtq@X0&sYI}GlZf)%ZQfpb;PEA?=qg~?F~&pccGNJR(t4u( zp5!ZoLLnYpbh*tZLJJ#{btK;k9UD57$!c{lq>zq@ z;sW)1lHot3{|THF&ro~3v{xLhB90JgD@Izk=1f$m)7p-G0o~Jn?yag2vwjM9UFg(m zphnW!1?SSH3!k($_n++)msEsQAt15jR<*@L3eQ|Gc+#$K98X<6%r9?@?$0oX)$rSe z^?x2d{#DDLQV8=^8R-*X>;R2%8$=cDd!gI^F_ZS;isEu{bUuf%qmLrYWmO@G!Z{#? z|L}01q(bQSc35xThCmVrofhhO@_T!;`A@g(o=|mUHPzHVXxE<&Aj8iHpU*Zz!+X@x zasxUEza4z~fZdMyNm0q*1#bOYq>LIw#6#Q<_aB{8+G^8T_GlBq9=CPDhM(hK2=Jc| z72dd0%-A)M-|hi%EfeXH-qg3*?cdI&e@uM}!HD7Q0rh zE`36*g+q51vr7?ox`#5HVNMN$6;#+U{!F||by^7Fop;$kd;Sd=>52am_^*66GDt!a zxM|J$xqMk}*TCp!Dg9nE&Zpqv6Cx|M7s8+T%BZIUnvz~g+}X8qFR)ZwLsMC!poo&B z>njci3$dT{LyGI#%O|YUA1}D7HQA^imbBbCEP?Kk#Rp7mzlcan2tX^oof&#hGVcDz z04<0^;ct4$%I#ZARM6XN4&#@B5?{ix#nLKytbdhx=)nZ_e!lYJR?&$QLzeFoo$XtE z!pb1AmB^g=GE_3;sDbM#>rj5c+xp>@m+Dh=&oas@4%;j@ogu+`>c+Cq-F*l@{?98P ze(&#%+?=6|$|9DOO@b006+FR}niSHJ_46(NKt9TIAsdL_0U1u<=xzy&hgzPCyn0wu zuLtekFd~02qM?ByBj^4?@z0?v@=%{VWi|(B;s*0&b=c2}LM%3{Q0ew1yp0mp=RQq- zb(|&t^lrMy3+-j4a5R&}XU4c|T z7s1Pp+yG}BisemYOx!@R=CUTnsLUrz-DH&dSdKNd^2PNRL!J>@Mo!WP1)Bh}xX?Lq zSFbn~0hRW4Dq=dCFf6kgqkI1>fqvPrzY~?L&%o*`>JFQXZ#zHK^9(!CPs>6lmaIA> zAJFR1tHf%4@*Z5I!|s62yg;_5u*}+wh-%gC$+vA!w5hDf?Qvk^e`dF?Qlq{6=S>$$0rseyfqXv>$y)lT-Z7ujaVZ^Y8 zMu;~IHhgYLVU2uWjY}f3BIC$~zuY6G5cU-nl>^g-N}DA3OVTGn9=pV~GOD^65%xP; z)FIz`(52&oFLC&}kr{yn_%+JnedZ!F9-B2#h%X{QPCPMaA#?xw(c) z!Gaj)*=Pv=*Ef1S0TDq(7K0J>KgROa^;&R++HWxjNgZ5dB+ibB-`6yyqjZbAs%hXS z#HHA*6MNvAo4Dqnz^sy;Wcc2gYT$uSRhHvt_2L(K3^#Ryc{7;EmL7YvQ+#<@gleI; z)o#?25S4TU^aan@tLehV_o@{dM<0+HP=$`FCsEgn5{Z?L{OuHd?V~zhKbg!knB8DR*BoUfL|hANkeo!)ce zo!>q}?+?&Yeio&7CX10l)`xmVN5vmsGKL@Jo;so}#FKS+Ni!6OYk2S8&5~NVntGC$ zXedy0m*QLZ|f3y)BNl|I`$eJ=lQx{J%drVVhbq2AMFoHp=PesNW-f zI)x(xk`g||qmShl%&%o(^?l@eMnvaNz<`Ui^4<^oqC19w?b2O4JycmIZCNh-8y2ch z2%Ks3=vaKFlh^8Up6%xliXPpqz-O5%<`5IfA85P=u{?~<9EgaI9DM;CdsJ{XyrcUlON3sh+GqJSgrej_e;R9qd0Dbi6BJ&2BZE} zfI*^fZV`8;ufs>hJ|&Md-eWy~VViH|;bOxB&L?F7D}hI^Z%q}EE^H-5#bmhwHiSKcUV_Y^;ouFF{qxSJjS+nvb3`2D(4 zUJMt2asIg{^ucp=mYU@iUOt3Zz4{Ium?1u`lBB@}ogylfKaS{Hmt!cL966i$`6Gm% zy@dF6v)sPj@rI(2=8mC5&b;7`w@VZO;k@{-H*$0;bjBH9U>dL&)%rW6i9r`>_ae*K z9xC4neWJ4r{h)=povIw52ePKLd1b=Y{qB5gL1ve{0I~(&IZ1|qBoom^oS!Yvix?PZagWpIaoX*SuY@?4L3KS#Su%iedx(1jMNNd_4b;_s8qIw zEHC!T56z3iM=*_(Y&TDP7q@$ySiBktOfK;w4TGVh^zG>geiM2ss2w4*3f#^N$$jgk z_$&edj7%46CQ{8cn60RlqWvmXUS@;NE^z8i1Rv%-?ycuxM_TBX2ASLVo6iQ?3+gox z!VKD=taeuQ?;|ZSl&QVAxCqHK{EJhhq5|{+^Rs8F+c)7;2EY{mDIAX!Tsi+A@Lhmz z!8%WFMfEf;xt*lL+yB2*B2|X!?Z0-L|6B{`0l)Y=di_sj3-Ds-|Fc#7^Zx$*S3kqY z-!E}709&SD{rx{TpZkA&`0Ew_Cl>tuCqM1q>-w(?$U**V!~g62E1$prGdAIWog)SB zuWHd>XZU~p6_xb$^-ab9I`!|5_8k8ozkt6^{paKV{VV$1kg1EVJpXgY7l0}lUMuK! zc{p;L2}!*YrnSpMLOf4-j;iEsG}(s1tM^?bw-Z_lNGoMPh^bTY%c?E2}& zowS(GtHp^LtmLc{TgTX!1UENjGu3UYADnJJl;_~j=|J#d&;0i-v43s&zQT-+SEr{} z=&oV%Zp_u%=#$ji5Woqe52Ex%2~ZZ2-y!4Ox2F>V26CC zo^Q|Fif#2EZUt??aK1dVo8bvlIq$%fmgXwy*E>Bt(<>ey{_QLMKBnd0S0G`(R&s-m zV)l}y7!f23DO@(9j8-pym~z-42{!>n=l&mg@7L97XkWHiH(q8Rr`KG7@q;%idu4rn zn{bU3%hOZHA9CgIo19u64<4kHnoJDC?OR@OIx6!YQy#~9pkr%Fm|B<Z;`k9L7fP8vp@OG^^xBCJ6Ll##Qpgu2BoIL;& zvu0tm!H}dC=V+X0cR!KK1$>B5LV$L~-rgQRvAHW|-*Aya689RB>;v~R2G5IKY51nB ztStK8p0Lv7$l+$N9BZ|j!(Xkl-!BE10U*0EO|wD8G`*OQ=U#pbE~-ty@zo?hQ;p-M zU*@W8)fzPaJ)nWs#XmkPU)1+Fgg^GYzTDZ{8@Pcl`+qD+p!dCi4=ajXJ^*S%)K7OO z{icwvpy=4d-dYR{YmtZ27)smIjpRV&I6LLGr9PN=rtdFJPI|Yt{yA1~c$yl!ftI>n zuh6zGG73uGyFBxEU40spshwv4gNi3 z2aFYCw#Qx|{g80}diDbs&>YH;31u3r8Ws}rK)O1a$A)=jrE!){TezuwWEPKI6eb_x z@4OJIUrs&x$gCQ>iHI{4-+KP$jUS?~dGPG#l{U;at0ujGh2!EA_LQ{!f#zXCl$kY| zGkz2vzQtsR^ttelK?>t!ftD6EHXTbaO$^99ppBf;XPEzeEBXWTfyQi-8fO_MP&nM) zwwydD#J$;P+xugXO=EE4=<1aIMy_kWIZUveJYNV%U$7(f18@HqY&*Lh5@WrD2 z@n+1H+1Qk-@V>SM>{(@WzsaCI8*QPk;8oy^@YA>~Juw)$mh~I{Oq5@_TP=Fi#MY6-~8J`_>Sj3;*{P3Eq=8 zcLOF&8jm;7Ahmy@uzA4#f!_Mva*2)0_o4Rror)e+I{JCb$arP`+N+|~Od+SOV8$m42q`l+72rJ8R@?w( zjIWMmxWN@HQ#(&o78RQDRb&;H=tI>gqTffT(d38buW8BK+e@}_j@{4uML({gC*Bcf zQmlI#i&0Xg0g2wV$iG;EGV+)nS=K8maLBjkHF!jK}t-L=JwvB_Odi zD9R5?az|Y(dy+l4JUM7=xT)cL;pMUOj*>o1Xt~FZL*MVYG^3}{C)NOyMhcQ_v z#fO5&y&z4#9A`9>N1tbV82vX1wdmWEbAI-E=h&WqRWehAlK zEbBTvp!xet% zWa(uo84zC~+#FLA8<|a0;L!G6i6hay?u7TBd50S8ue$@l*`;fTlY*B`vu2X*dX-!9 z!^_q-A&i2$Degsd^fbBaa+Kq-1$wnv*;%t!=j2M~T190lQKqlEVxO9mC=%@p>)9!g z!&q;K-d>?&UAUrf__H^3`Bww>s{@jU|MaZ>*$p#dbHH=GUPKKqwP$y1;_^6qb$(>! zJS%eDRNQ!xfxTM*G{04)(%1wX5p2H5LKhboYK^@qq0qEow?j7cA6EbYRGQbb{gHJ7 zSa5>un4fxhQn{gOi%~cV@7@(*D9BVvh|#^C>SE1*wRm>uvho``d!+B2j={ytR9Ohc z&9(6pw0%GA5eemwkBf^-ECQT9Bn!4{Q$i5lbSNRljyL5o>wBGhXk!(Q{63RPr`@8M zw1g;8pmwqdS|=-`-g$AexnjJOiC1qH!F!VTvN>X&%tZnsG+wo91jG^|@bXe2yoZye zF!Q%x)91S!U%(mwqei3yGi+zkgN7JP|FjOJ-0lZBJiBe{ozcTdr{DD33{@Io-cS1N zv|#tC1v~mQ(NpH17T|fWc|o0~L3ys^&1gjCiI(Phh7QCrnSS@i$o#)<1${Vl;5=8j zx}SMFMgF|)k-8!Hp)UA1-D9l$v)y=THxyEx>=Gy=lHu@tL{XOkA z!PoP1-!6K1Z1#I9oiQVZCA~xO{9;Vx;41l!dUKx4aqm{?Ta2rLz&T4e^IZ**I~um2_t$=DHy7~@qFSbcUyr0L6~*pxw?ZJRhLztFIOh>GQ+#AAh_G=zNv)IiP@T*D_7XI=h@F zH~k9ucd+x4^4lw2{8B-;_%q;GwB)e-7A)kEAd5bCwRpImq}H~u}%W# zA{WAIwS^XK&8CXG8%Cm`S)P~T(aYz2v8ze27lC1S46G-nbQ|i1U*zBsX#vq*Dv+$f zse|tnH-YBVy{sLXX=^O*HGzNGBY}tr!;= zA@k<P{`SrhT71%Cn%0Y3gt8r$ptFMQD+h?u1RkoZt_o?m>fCkW|rS&nuv9(up?wIU>zU^Ss$*~DDg7ZxjG-#VZ@;njk>sS_pr<{@VbPcMA6=2 zg8wu&_{rZ{Ze6IGB__6<;s%b}(lHIQcr-_^pf)?nZq(ikEljew{&`YdSEK2npSd@_ z2G2jtOAPZVp#4I%PP?7MtT9E5z96%*Xti0kfYH;rtT1JLiuu!2SvY!c?6X;BWMBTt z%2zCN13w=hsLNBAr{Y*~eGsWPbo`DRx$Oc((q+>N`>bAf_l_yN9`Pag!Q2f8_p?<~ zwL@vev_hj2E06~P!wY=HmufuBByxCreLa_HYq1fT$;7m5D_bCzmdgur7oUX5UzJmnBfjm&xe^S8y38LKW>v5iak>k5qVsRg27Sb?sh?7<3o*6(A4>g|W zs}~N{R4q}iKN&%W%i^dtXTpD6ZNa+?yihKb_U_y#6U=S&hSII`vmSCK;1CjODf2-( z_s);FW*ZD!4urXWxY3QIi7_5XNrpmmp=-8qh(?}W-KcgItoPQg(D6jD*VW*cMqAHV zZ`l6VV0RWj?8e5Q)yhSrs8b7d`Z)KcWn*UY&rMZ@d5%SPo=bj!s7?0)u9pyqwM;>> zU^M;Tn*|j=A1r>R06e$fr~Pea-t#p~+Tj>YkE(ukIp`5G2kXL1E6bVLLNWA+^&IB% zwq;)9a>>SdHvBGA>|ipsTmw+7MF1J-1n;X47#{`CH|!^bot09M5Y&+!6Gfh;FbuC3 zZKXF5J+=-1aos)+F>#Lf!~CZY3Emb0?HXxb=v~};VbKaJ_ zc;=BGdk-*L6t+{IIw%J8^3Gyb#co_eTJ6#J^bj>tJ98F`7wnu?)5GElp9g5MZA0vS1sWRKcN3VPtA1EI z!1~UZW|%flR{57-pbS|zo=Q1%!FnJX28A{G(bCsW+gk+-2%Kx)bIXJ3itx4A`3kjA zr?DD`e2l#pCxavpGR1PRC_k#9r~mAs2F^w8;@F{5&Z9Vx`k_T2Bwy3xl2rnpK&&GM zkSM!;U-<3LR1#r#O~|%hTAaV{>gr?iNB(YG4LXxJb5wvP9O2m-p}#EJ)|l6p;_dU& z0Cpv|UVStRmiG5P*T}#fKau&x+}h=tcD~>H6Q(*+q<5$hgX!l5J(lcTp0nLN%itdg zHJFR22rU)Soe)W~WoZN+32K!B$CnqAPSa+~CuwR<4j`ZU-;sLGBC=^0Q+`v$JH0Sz zYs+vOZPj{@oo{x@tz?ykiNk8v#J!AaEos$zj^QoEn>*7%i=03O`skEWgpW@WlKUAa zi|M(*!IYa?E{sx?mQVv)BwIy!(OYX?=*)l=oMhdg<$JYIQl5H)Lf)w8ub`e2cOL!* z5yiZ#R1#h?x*j$x5!G8m@KQJJLZ3aDF9PlYzOu&JBSt&<(H}C9S%aLm)Q}Kg;d#-| zT4zuCm6an$APS1Z`(Rl^KIF1skxs)>N}pCva_0`ug!|~wBwxURR`fG-wKW+7xmuf#l1qs>5FR@T#8~2neVw%4(|mjC7TM^J@Rq*1xB&u-9$B>rBFxT;AUrL%Es0*I2=d13inHga{5*|y`ej{S6^^6-(qRyi6Eb{%@lR&Z-8eOfD1G4Q!t zC5A-6s()}L^~4tIZBGU_eR|jOH9SmQTbr?9Sl4p8K_SIXC^9M1al5Dvsa42XTThSj zbzTAEh^bf+%3aJV-1<8g7M!Juy7x(;1+ME`<%8wN@Xc(xILA%Id~#Wz`lM;H&6^l# z6^nz%)Xk%T9|H(SuHo&o=lE0o`9HdZ&vj}Y|JTb48V;&0F_^0#TU5}G*zS|DNcY|A zI~c8Mul{9mw@C2(D-l4wOscy326x0&N`|eHm*_s?bTE^yd78O!?#!qm`W)77_yTzZCJFm5g+C$wWAaCuk zHLGMG&s>tPO!R7p3ES&;GVUD~y}%3k%+`AocqMsvbKS-tkeQKSjJm8o?sL^hCQyNI z04}B#WY6I!`^)or4AD362z$TLAv61AGr@i}#BT=YS@_72EsY*Hx zUae+I6~kf%hb_y3T+HQ{-aPvHy^LUB!sPzK+4_0jTE|1V`&%{pFPS|L;f&#{l$Pfs#^02Qh_Uq=m0!@Wa==$zwPCyv>aV-pftis|~xp*%*yS^Ip~J z5>it+;gf>g?j z`ibXMH&u{uWsw`Xe(z8sKuy)5%`Q~%rpy=d^muc6wT@Wt$ORueO*_!1x}2G1=CFQ0 zu60bGKV8o6xENUik6ja?X>xj_`D1ig6|{GFSl4;hmserj|8O_7La`%^@KeN$&hClP zwSP6jvtrDWv2LKYav55c0sOVF5Pp7P25H|T^9Ri2C?Mem@j`b&8aUeMMXnE$E%P)W zM^{zQWRd%-u_)`1=8<#`R?(uXgQv)~3n8=OiTDsm?s#jlp-n-PA^DVdc3TeV? zeo2UTiBU;fz%g3z(eZI+P0bOkvXbX2PlWbM@edz}^)kgsO;IlZTi-$E$(gp&dIbD1 zn-XEy`&If|U=PyEQvBZ%^vYQLWO!oZm2d&qBJUSi^hk`Wr7?&ibZ715M>!j%?4FZ1 z93(}O`Nv&)xVG7bb=)zaePDA=>O{eLzzq>~jGipQ&LhtgbbD^GHs@MkYhk68N>;2x zoEO3Eu%-sgdkAG-$~M(FY|ln3-n)scA+paB%(06uJWjUx^Ownnk6f(Ij<^h`E>Hkf zBMab}pnOFbUmiwcJTF$7M+G{zh#+b#Jb!n$T~UofeCgTi1sRX-L}Su*9VAUo`-{@c zbC}s$QQ~>au}H4t`f%tyN^%Rl9YR6^U#BU(PoK5=^535Tcw_h1O8?1TFzZ1{Sa1JE zWs5(oalZxTb!0qhxLLOTqhyquivKiOCgu(8t@WD7H())S9MxJwoE%iL&Z8AY`VEi( z3!%ny5pbWhw@rk#>bb-A#S$@ije=QW^dI3pNj&StL`6WkUv;t91vv%Fyz0fh;0H(M`%aUuD9;VN8;d*`7HVd@ ziW`OuAhbO5x+@Q##2jayMc--tc;{{eNV3lI6OEI=@s{1x_gb*mbmO(RLcMP%5%aFqJfZcXe|dl26uVyvJsZx35qFXPh4uDmGd=t38 zT2St_0Bqv0QM0oI}y!35aUe4tcNI!whtFLk!k)ap-5`^`^H~&i7TY z3DihM_ytkl8Ylhyd9+>}hMgx5vQeJbSKcU(L6%E^VQ{r%dsuB=@O8|(2N6l3hb#I>@*!p>&c4@!ke4L>J|4-=fkHVI|=`GH~##s-SF^1vV(f^)AMmH z_M=4$f3qGBE+7*uLl>f(6{(jVd3&G4vDftNvM*TX^RL=$jT3rAZ=-?q5_Scpa|zk5 zoaWDO(6e35f^NPfYt#|?OfUL<{rpgaGOBT;a6CX7eUcA=tW;9^<+1iyW(BgY>rSzemUx?oXEJ{ zwdcY=(2&>Fzrlm9^@FQygbatqowVg7u2JR@ZYiTj@Ta14IprpAOzQJea`xd@L1Y3_o9l>^ zvoorb;aBjd^FQ3EwClY)dXEtIw2jccN(n{?15U*>UP5*G= zGc>tp&vs{Wl^+Xl2w&{2M_S)DH&>ZGnsW13cQ1O_c*f{AVRIMsY6^?Kns`0cuEG)D zu75P&E|k$*+tcI_9Tu@3dLkP=cSgI zeOL<(D1p_=@1Kl^5F5wq^hRYm1=5e4ge>#$B~}k-E4VTCg-6wEz8ll6+i1sBg zvF4J`>LCfB)5$_A_{vQ4Z{;A%7gc9h64B|3Ol_Z>tp{~n)Z9Zud;VS~0HaXmZH8-G zrGeKe3IoHB(N|@&sczd4$oyItq+flhdTG*$37UnTP>hI85jYf%p)q#rDr{mT;jnAR zbO(SG0TQ#BT-F$9Rzb~89ZI`zU_q<>F4ms5pE1@DtsEH`p(#J+bMy$th@Lh0gz3(+YSmS}fN+f|ay0lD zwO$^Je1Trp$lO}l>#EK7s0Ni`#;zy~?>-R`x$$B0Lt%xE!-R-q$FA5yE^h}snJABq zDT4}+LAu(t>D{_8EGVAlWdBxWgU30vksTegC+XNW=8|qd^7M!4Btg8*2*^|=>^T=E zsvNpvwUdAWiy)xRC$t0@g%`=ENBqjAB>K|!6z*|(zw35wAucZZXQox z8h%3?pC!t>lILX`e3@c0xig@}+7;ih9B%D=0UO}w&{bXK1#sGZ_eqUykBbR^3yxm z$HYXWu}IIl`kM6jQ`*m9EFOjNcG%K=#`J!3F1lIg#LV-aW$%8QS=YvFE(1gKe;!ry z1Yl~czGvn|3Y_Aat{fhZo{bZb5ijr9KG?2DCicSm-fmFdUg+_BDIF{B)P=}XhMZ+T zkLZpiKdC@!F{2saDw)uTZSNLs+F=2=nEAvhBsBEn}6wzEi;d0)2HDS|1$~eIfI)gT*&hd%r z2#!lY=R<>>QmdMI_o^;$*jSx+WVsbO+2n#N+&3n~%x?2o9vjrr(65*0(_fm~oF+U4 zsHps)r$5{mBRlZv1k=N{VvyzN6caL7L7ksWC2RAh|CrY~{A-uCYJtcAnm2h; zOw8Ec=&?h=)ljz$ux2&tavDk!7e!hhYQsL9&C3X@s8tj4AEv7nqMr^*lEU2SbRl7B zX)zg$7(Z=k-_vrBa_9DaDQL9xw-~3Tpb0mKRZ%LRQn*=WDD~86!njZmI3ON)RUa+Ixu5>>l^EkL3s;IeLS~|Vp$9`(rkYdzy z6TqDDaGlmoTz|jg4C=5$S9qoO_r@ZV{6SE#GPDGJ7hf*AZNoSk6ZqaLiSRk~fIU}} z;IED0$I2DGK?e!!0i37b--d}VJqqdjmyArw{jKp@5I?{1qEB%i-k$LPB{{uX92T04 z`{=8|as}{Qhk#xvm&H`uP1fwKC;}l+r2X#XTg>{d;q)QF%pbqEtQ+qp(1X?p&yHJr z1>95HpQ+~Lz0VBpwrD{mj;$}j1d+7z{Es@f;|5fxX*-^xh8m5~TfWGuISNTZecV>f z$wTGZ`OP=^)atz@Y7r5G9t|-!;HBq!<28KgydJ@WcTl~&<)&0;M=vG9ivb#@H|-b3kd2p9l`+=!SD-}?ZSQJ zhHlqcUY-Y;>tSE)`SNV}pkl|@Gfx-MacmV)EzZRX+>|F|&NE0GleHRNkQkDDeV0Xo zO9JJVOHg+|X#}rJyBIZr6d`&DBqD36g!7pyB$Pnqqht4I2{Z}V(}z~?4;&U58FjBb zsn0jt0J#4)us55c;n#{OdhC1O5HbC}*!aPy(QNVYv4nS-Fz%R4c?|WGi`R&aI%-D^ zCJpNk3C~o5ip_z(ThmDCXoL@aeQ@b`uOahKWZoam$rvm4NS`kJ%%Q+ZQOWeqV?fGX z-2P&jgGE?|AF)$Ma6i7>$Oj@IrFO})6x+#NNN_vHhjPA_S;Bt6E%mu>$HKR6JY%dv zW+~gu;hH00zm;Vw7@~c@(1kbn<5Q z!WtlA2WKo3?o@!8RC>$7pIra_%9&Yb|u7}o+#ci@a%SNV=~Kt=UX`1=RqyKJ0p4?u@a7a|ytt4$FZga>9 z6)F>2_DR1U%D6-Wlc=LU(LO0(qH+oy9(DZU?uBk^iag_doiEkD_rA3omdtzpIX8jO zKbzXEROA~2(hnw*|Iw83D+5JbK~>APrJ%V%E}r{4*$>pQ&H7yEFFn_vQ(^#6+jref-n9)2Le#)g}R-@_)8rRAiL8sE`Dy@6bS zBWrKF?``JH*{!W{wC3&{)XUFpOl4+_a{+YS5T?T2UGZO?G{*08xsQ(QeSYqgJp8;? z&luCpp`MNX{3l&~T+-aBD8yfO@omBgXVOu|14*VRAp35szIgZXG1pUKNv`eS!g0#G zmU6Ju_{$mU{eGgfR8d47hhaX~GhOwP%a4=EgPlkIVG5sM!)6DEg_RpVzmSQOaV;4b%woHSY{i87mS)s#$fnC3|@OHKk6J z3C8GE=_&_SHO40Ofzw{+3fuGcGvAR8SC)Q6;}5N$Z`ER(0z;QII`emXF7Cj%#T|?a zH~|~VVFPgIZM=8maUIio z-z|PTV&<}q=fyJdZl}$HoD%DC_vQ5O$uMs^e$hlsS^bhaq{zUR8o3pZrR^pgxxZa5 z#?Cx{d)6pOqInJPv41PIixkJ4|6}D+exyh`FJvK${DNN-@Q`mGwcUycP~gupOi;e{ z#@rWRCeCL;dH=m)7~^p>?x@^0#1PwZP;7>Wl3f4J*GNG=B1%LFo5u^@?v}y)LTge- zZJfdByB~4UJ5R>~c7FUoRJ2l0XnH3zM4}yFiw*cCHmP?E$SfZ%Z~9N;B+wC--1*>L z&5pJgE^)--(TdU5Nk(|9@f&ic*K+8uT@HoE7eNEK!W4LU2+BIqBSb`Iq0_G_<_Cl= z$>(136m^Yq(#@`wg~i*>(&?6}7-AlmIKq-{#b+J-$C7C(R@c5Q#eGk(&%OVtIV1u_ z_Rt3K)%0JLm3_=MBZWz3PwWRgi30-CPe!mVZ-li<>gs;Legx^JD2k%IFQBU*22_%i zuUG0cK!{{!3hKB~qRpI{u3Kuo)QBT3{hJcEnADDuM-ajUwRH~IWaw3sg#4OR@ZtU|t$cNH~i^VB*6!uc37N7`wyqU(ovBcSi5PYlK%+TYV{)%ys)004&ynzVbZt`n-1#Jh7X(I! z3;~I0$RTt1cxqqPoA0r<#u>P$3n$?%a3_6Y16DBIsn4W+?*_i41t!?T!q;UG>PZP{ zTZCCo`ptA7LGFh)lRUzOrveo3Z9pUK>JH*&Imk$btgWp#t@j-rQnkyDya>)+C*8KG zxt=OuMgR5)$!&OHsF#X-R}6>!IkqSuz8265>-q7AH+%IDb2OqjJ1FusiyL_PNZKN$6fP3fn7-3uXp*D$7VYQ_+%R9i3rKGuB^(d4>-l8R_Qk({D(VQ73LoY4p-kJcTl?&IDXbl z4ZmF}{(MY|X`tM3&zR9F? zkm8;mj%8D+L@DEAPxp6v85JQu*^tBV> zp$xH|_!we{AfcC_F4S(5$>Jq7>$)9L;(`spDHz>7Tu(ZQ(2;C%VhjS=^@l-^U7q%! zsY*I`pS*gA@y7T2H%hEXA%QPllMLT1t=m7x(Bh(3;AjRhGMUh^c1s)f-**4F?5LZ(49kvGHfd2#9HS%kK@?)->$DW%HP+}8pE)$-M(~nWvLjtW9yFG5(rK- zqw1BAX>hXUjU^N7(=*)=v5Vv4LAVTHiNDqYWw5+mYJLoy1rA`BcwqG^UdBDDM#?#V@; zVZ5z>BiK{IW>*|&9dIfc;?g{N7o}Fgiw%p6AMv^l#@f9f;W#fMP7UH!^bHBIa(Bjj zPw7({CFtf;yedeS`UE)Kdt}w$@ImsfZ zTctG2aPJsyGgPWR-X*|B+L1|*MFyh2inn2|%{?!rI>5VRM!)JHnIY#gg8kR2KeYw1 z&)B~{d$V8c-;dlxbQ*Z%vxS)^a*T{ zP>)y7?b~$vMkfN9Su4vuO#^c2Y)+!k-&&fHLx*!3gjZ!^OulQzlrf38krT zU)@8mwPpxgaTsWnJL|(oV?cO4wX_g960%@TW3}?CqQMSshIcw)NEXG%moiRZ0h8_* znpw4IBuh|5?Z%nQ*XR2?Iq-Di4?8cd(a!3bCOVOiHLck!Su1u&J+1qt6S{Uv5=zl5 zxp?cN*j-l5EYW=NOp!eVN-mrV&%Wh2-dgXlmDUQ>slFtGLaTiwUrgn^lR}o6sg(Zs zouHpLkGffh^x^`InwtjI!ZQ3l{0HSyP8z6i?sco9dRwVy22aF!=G$FaN#CWNbpfks00e%SJMkZpAqRP#gA6ERXw;smv5hRrq z0<9HOu55iigZW`PchJ&`|0f01DmzD10jc&(S1{_v*CYGtWwjPHkHKvK5}531Gu#cz zp`FGDuMcXzy_N#s4@=Jg0M)!@zcH~KvHiUiY&e#$^Uio8yDl}$lv=R#&&U9iskx}>$)Fg+zaHrC5n zA<{Qd82c5q-mi{lNZ}aBP2;Z3IltruQHNxt9LOWvLX4>X7XOfw|I6~WIbQve)S@_# zmV9YLqx@v@!RX&S0T}%gJV1m_pxB>L2SvQ>EfybFY=njZp&MMR!g zI&)Jqk^QHB21@Av$--Kjnlx>Hg5-q;#Eot?9LE2grok*}N*f!O?jsr|Kw^Ht2T*Mi zdo-aF`#&|*BE}A&eOf7R<*{J&z1T3GS}|aG5eHzfG*EDrYas0rpdTx%EuT6R!(QHm zbbER$F_GNEB|6@ossk)00NhpzsWYRe>1RFJwC1Fhv(z#8>7pKdYMe-*HBfu@m-+0`$eBT5^8YAtd*bqgC||bzlNaJ z2A#}Zs}BZOwu!e5Z|hUD&N#M&b;kG4X?c7L?=TRg0OCyZCZH-BzoH1`O@&@WY3i@|mIdM!q0Z!sNyL=O}(hD)Eh}4<2-A#L=K@WLK;= zCr)u^#L*Hb^;XX`%D-rXrTeEejk^NBS5i+z5qM}$!~{hUmR68-;%!o}>>Ep6=!pS| zb})KhA3L#X@AQ^{oR}$%>!vi^$Rq-u=$O2WT&k@@t4!PMvva)$`W|K)HNk<8#U3ov z$)5@+Yr(L;yznj5(qC1kCM}PPl=JGaJkP+a0qj`N6dOqI zQ>lxy#B%}CAIBx2$;$EI+*kG#{-gRF3*-eYV=mt#WqrH5-ZVPNGc2#eC=~uiyk+**;iLvw_5|DzYO8p*8T6}3DYKgb8vYI z&!!A|;9kQB^DXMeEiY_so+${Qcx#yNM?Q1W%|~M4ls4n+Dn)j#8vfuOh|! z8+k*uH6IUHDZQ~`zfk%q2763v<=8p0_E9u2N>Qx;=d$Kc1X}v9;{|7w+LlF^{z~iEq zoJru1;B~&4{?3k^T(prKHUvJ4=cLB>ZZ+(qYkwWA3>MPzVLI{9(r8+iD@vTjP~^?=kc}8&wP%~Z z9cG6Trwgz8I-BBGS$ZP7S^r@@s4Io-^-GN^V1~JPhJH?XP7MJgmcU(l(9qOv%*+hT z;``Tr$mnS}v&v60QhRjbW#>gbqf>xty{vYVeMVy@;Jf(tEp{O=2+#wm5nf8x_C{kP z(c+;9a>DYuQi@8uE*=M}sX3PXc*TWaKT)hp!6dalC6jAjjK?{_I=*fqb%ET{zX7D9 z@G!|FWSd)%jf#vI;FJGwAuX{ijURNKKWJhm`H_72V!90pQ|bbytOXCP_$#^D$;bBD zprZI}AiuGd71HqqN+0V;ep_+EFE_@g;;Tt?2&djW0hK)>)I&^z6U8IEi9?2(74~Qj zrqZ+(5WLa+Zi|^%zZ+iD?`%IMWk(PLongJs7PjIyP_Nu5bic_Vr(6Y@U=!CzACJR6 zzZwtay)p+Cu05lXzi#49&>DA$t!?vJ*~FTf{N6R2$vHpIA^PHa9*w?Ob-XoNNBMDv z-;X}{j&4YBWWhF(|M=k0?pB4M>I~a%QtTvZ4CZkRSLg7ti$#P4*ZZ2+n4jSMQ%S*e zT0>sUa_q2mvuVHVPlIH>e_yczlK+m~{YOJY0^VzOYT2G5;%YS2tIMghT@Yy*s0K7W zTY7I%6;0~ z)Gs#R8yqyo3dlc!zR&)U*bdK?U7mv={WBt4R;iD*kIL+JuP?fZU!>!r>ukIT47%*x z*q|{kl?kyH{6H2HG#g|%0fjuLb#$YmNtEHy1`t)~0n<|mo?*v^da0#~W@5`d_}?|O z{*lIJUsaYR`aDDac{_XG@tFkr2a&5~|7X7nsJDo_-KQ(et?wTn<4II^YM~R@u~gA4 zNEl8s<;H&02m0hdC7y%yn=9|?BUx3rZ+j(ipDWHFES2zQTuC1hr9ZDuZkQnhhPLPH zfC}=#P<^8CLO;_aI3Y-_jb(m6p#4=*-?Vz*EI3PRN%#eUWy>>!!Jk9X!cX2@n>FX@JAS(k5hcgm99v;jfQsF>T$;lVStMs(lz22JZ4Akz< zFPklmKi2M&ks;N3dUR9IN|?j+Qf=`1DmG}~-*Bf@vg}Qt$gxL>e{`Y700)`|)y;>8 zzfVdFePNI(R(_P6u7Q!^Hw5Ya^-qY~NRi(I^!BeK{7xXJ-R=Uefvi3uRRD4 z+P}8Nz(DAl4kgQI1^4N4Nc&6Pr2KrU#zc{bzuy#4EhhiFT7294h8SZ#pUOIwJ)7`( zJLfbqJLK`-TN{9Y>uC5dL|bT7i{-Miihk6Q^=ldOB^=upS3N9=>i1=ePZu=y|Ev2P z7yI{n_~*&+{tz(!?l=7R;r|@~@&6m+;-8P_&kz4!7?1zH`oDh?pnnK={Sznte_7WA z_3U5z!-D8^gi3ww++1hGac}eBmSKZO^^`{ zc=**Qm(}$3qaMcIohME=qMojZgpzY12sf2N2Ym-jeYA&#RFJ1ah@)~pF~{-sOQ{r5 zSi4J*A*wR+9dcO`^zxF5NX$rFPvxI7V<|jkA>fRz9nU;!CmmQxTktV6^wYD!JH7N4 z8T&aj^mFKDV@fvtc96ZzxN!2%JOBH!`>)e&lO!Q7F5vU$AL?B}CWyHIptVFS_aPWAt0PAl90 zeFZ}464~@R0n>bRFB(o~(yJVh-DSHU(p6Kt=>1K=957-`O2WY-CCx#sGoEg6+^{=Z zmE~c9xc@1Y{(iA)WPe?Dn~ly_Cl*$6aw_q9gg-ONqgw>%kbw!4GSU4qCcoQ3rUA!zi#vLUtbe1Rxg|a(e7{GPCi0c zFVi_EaBy%qd8MXL%Ig)mkwIC&)TBS?(&BbV^PF8jup1C1bp~OAbpeAk9v<W zxvTO@r{A1jtyh>|LP*?NCH!z*9hZ9Pj0;7QwHZDA_&0WD-)Pt46@xW zB0W6yyL5g(;KbzqHfps$-}36LVdMQb8@C4Fpuii4&1guPt4GqUeZkIyFFA#384dbMD@OAY~1VzOve@w?6!ggjy8&iHI!rJz-Jx$*tGSE%F0&~MfFp&`Ad z&j|_8;8bo4|12d@y~2Jg3-Ss0ZO+;N-r|17Oj(s}4=U<1kh)t1ud9Mo?LI^XSf{4& ziiohershSOETr?>i)Ref-*mJ#} z{Q7a9M<3^(+vZ>2OyNmc>Y~-KDWB1lv?pF_4Plp&OP9|YwXTpo7OR~KDCYq<4+TR% zn%7aGBYPhY^11a7<1nwR*gsrscLz&dn)M$L5D{-4HiA55nSgbbhLaO9Cj%nI+V$*Y zrrHdLhL(ndRtU>%=&SNd$t56GJ2?48{TLhj&BtX_0wSK6H6X2OhKPsr5fH9B*_#k) zwSkk$XLOKx4>jqpQZ&98?31ab$h#%evH@?^&4R1R1)aqQ5}ttTS=jWOLx)8Tg6^-} zj9?|nOcxeljcGnW>zO3#)mUpHOs|D1J8}dzL3=&@UCIl9jBVRT%X1M7Fd2w-a zI-Cd8OaPptgB`A6Dvu@ci89I8o@ZF|Znr#v3h9A>VN;7$8V>0S#)co>vH-b2P$jJ- zuQIFadi&uu!C({ODi(Anc`?}6Kz9?-Yd4(l%aY-0o|t1oRTKd2#2+sD_p0@0@e<&R zCVI6@03l-4uK5*GChT%*xm@XjU3vL!%&q5?ch=RDl_=_KS4m_@O!LNz`8&3!l(wQ_ z3sLt0VE9R0t!=Pk(C$TDl1*Lr3-D}+KEXmXvtl8mDQG{BJXhtTTDTVRO( z5F{VW`jY=v0!K8$bFV=fJJsrP3GKn$fNfCkhCteSr>&Dg;s!)QE^Vy`1GzHTZTELg z7^HHbQ6#h{?YDkt@0(n#d7?j`8_&=^Ghg1>L1brVudlB!oUEb%Y&B2sZqE%)8zs=p z05!xdce7ttV}tprhu4DLl2qB>piu zQk^-{IA4Wb-&vP?4FOp_Bc+xa<5iW)#{|-6#{iSWVW!D-Uu1JOFPwyp6@AJ3up3O^ zzytEI9?NG%#d1?)9rJ3txt%oF;+mVCI|hA=?=Lqf(+h8_Iqw#+CMoKJxB2+gH#8L6 z12iINMso6}v4VGo6B`*TUtm5bmAy5$E6{l^#bZEMuw=7)VF9F^dRSL^p0i(^&Dc&< z>_qR^7+Q#4enqP}vs_#B1?)*hXE8P#QRLwJX*e9}{3xkFSMdcZRQ$_*7z-Zn?9fN8Mq$b zvTR7@NJVmd3~Y1RiS})(6E#W8jT;tqJ=5K@S9%NTjh-1j$?6|z$T{?^%}#1fEG<&b z2^RVH3Cs|@5UB)rG9OVmEwU;*ScMvL#ansdRocM*Q!t}6khKHH8OB1Lrc1kI~>o%y}xa*WYY-!Eq}(pB znz=lmY)zJz=L3FQ`K+*1m1G{aJyjkS>czwYh3*>^Ob!N)_s*OwD|aLC>=%4< zWu(?ae}z%>sPV(yHB%t-_SII6g`3SR|EbnoljkC!oR$XCM8<1URaHJ$xmT00p`(AG z5HP=?q#G%;r-c-r(7g}>^bMdXRoHP}A_KL{r9*95{_T;4uF&50uQ!Tq)-${%+Na4F zAGK+>&*!g?Us*VW!rAwSQbQQi-NbzeFBE3>UvCT<0yH+G&cILLlxfHHLfk6Zqw`dU z;(2YFtdXYuR-KuUjN;)K=lHwMP09M>A;Af56)m@};PPMOWY$p(+TMTnit)Jl+U5(K z7YMy3^t$i zqyV}>A8j}#rO;zQcK=S8Vp2tCU?p+jI&|YGRvP33taw|8zwkd&(`0Xt)jmrhP$5@` zmcyVRc}k;kAdyjs$2jy3fhm96z+8S}Jnxm#YOJ)u2$4lBRTZJYoW z;1E?trQb$n*7)<6cGH~A2RFw|UR2TNk$QK^t#t`Y7x5W}Qx!`ZxAt*IeRDX8tb-6b z4m>T;J|oKyB0;pYwD`+`AYAW9RkrscJS-Gm2XDeVG>9hwandbl zWGG!YoLtal@pxE+nv({RRthU5`dsWLQ^P0z(bDBHtT_ESJ*}`FC8B`Kma)AaDX&$M z&YZfpmFlQ(0W$YCYydM$ztK&Wk|`~=uBaYJBX{VkIO4x=ySq`v)){TR^*IU(lng+{ zw!gOiR%AGBv+;x+Ly^{+djC^6A=|PFUi`;A0VuKuYs~4F52c^4YscW;CFVz8&@Pw0 z1ZomWN*6QY3W>OJh%+dS7CZt1l{8l4C{{Jur%-u$c`KUc-uZy0lmNDsSn1|mLG%PK zhgoX|{SAw?#(|?`wJ9JaUho!tZ`}RA7=HcxjaWl)SXmi#=wV5BCheUK-wheglvq{L ztU6`)sypVVu$~kPGNqRhEOC75#d~8TGq>H|!)pd6}RsRal8eSuL5n%@^?Qhmj zLgwEGV!W^*R~Dye?o7f(+)bu~gh_&~QBWIRKy#yzb`|EKP~omKP@z^8Crvis4M1HR zRhXE$J#Q}TA%(_Uu+jn?Ef?uA!IP{`I(`cbVT#ud&+az~1nF;FH!~|!+T0h%V^eL| zu3XfhC(>_!isMA@5uKg9Z@%hheyAt1-WDYo=vS3#`I!DL_kGD8lAROon6=j?GT#6a z3&#vgiIZzlB;kV@AOO)vFF7+UBHdHxy_?8)_A6Qqa%rqEckiUg1YJt{IG~r17+FBX z?--4#b)SL)#l|GosKBV?i6rH#BssGFm5D&Y!&w(Cgf7N(pz&-h4lUhl869hLK}i@w z#RM+%K=j)|Q!PA|`%Go2o^a@fcND-ck1*x`^Srtw<31Gcd33KbEz&smvcHRvEdT#` zfng1W*`B4TL5jF7EgiY4hV{mgY9~gPq6DDqV=@HV#Lw|FA$hI<=jlu?_P{@o2wr0i zEDg02y(*HiTMfqxJ_ab#otr{X3~Kc$z>OoPQ`j5jm&R3mO{Q%AGDEx{_P` z7LQX{L0JkNhsQ=5D?nk9lasS~lo-*mxnpHCrQ^+E%KAa)Ip6{4UX_hglTn9$bJ>Mq z-+TV1Z@$0tDv{MJ_SSUHllcrnEM+heM*E+OOX0F!Vuw}{TPkD^v31TzCCKR8y}de$ zc^}}o11;sj(*nbSaB=*-1B?~m+g5_~glJAP7C9ho6) zcDCacU!1_A^;KtZ>vxufV*yvpB>v4I#YIwzRDz&AfOsBN!2~tMLbZU}bYytoDNqUa zMp1yGHTLcfBjjrduadA&=iZqn2^@Ymk z*_pM>j>GDgmbfaY?TupQzP@&R-{uX0L@hToHmtq72ON183*E)?dd}*w<0mcsI~hKv z)W^}H;}!H(_db&%(lS$1u(PeZ_sonNUnh2joww+seuHAS7d(pL1q5&4AG#Sc3YqF0 z7H)ffYPntSx^lQ3tZV|i=AE6Ll6eh{K!3k8i0Ap1ge2F(@XI}8`V+WGQ) z_P@R0hpu1te@->@f!5n3qLIzXqSNrg8({9d4 z&x{6OrREEFqUP|LA`-^2hwmrpWK@3Yc)Q%(b5f7V*kNn@B|$!qaDT%c5Hx1nrsO*UlNh>OM#GqY)VSR-iRJoc-1OIi}JErLq9nTCxPXqef#Rk z?=dD8CTeta*cS#b<98GUH}D8zx5FU9gYCV!dU@M6AZfL@_iae9f_i)aYfN3T=shH2 z5`Mok?FiN{%C0l)LM=^`DmvvV(kUnd_wri9q0R{(BE6#QGx!Vb8P>EI(L+kKj#2WJ zJV7WnWveTnK83yzy`1+sn;xOxy22sK6nD+DHwbysut1pVGZm5H4KEAEjNMncWa9t{ z0mWP-M)UJ-ZCnlSzL=Zaa{$eg?n&lY9Mtcc{_=*g?)D<5d;c(w@!bai+;>&n=`CnS zb$%_^`V=!5L~o~cfX0wVf3E%H$rIog4=6)GACx=uVFKuG^G>QiY;*F`0O&(r8{%_z z?ZAurdi;f%$3USs7;)|2jci03!5t&nsWAvps|ISyhJByW_H^eVDweKMdr zn{bN;@0$K5;@$@w2nk+*zwJLqUW~up?tKvyJ4!M^;&@)+kPD4gGXnnVoF2v!tsMU%1O(c{?i6Gey+#FL*u^&Xr^gwG z+Ivn)qQVL-e6Q)$TJ{!vd_7p_EPpaqYc;U}PKg%1L}nI=RDCln z3F!XP)64StT$fj6n@I_Rmb#=1ElgUKR+eA6>^MU4lhno_uep(NL{4zkA*}-Ew+(P1 z{Mb+7*Uuh$NQvs)=veacwE%$lKU>kM(HN@!X7_y>YC~+PXo?&P6jp0950)AshATkk z-LX-uu2rJ`ob+jco}lZ;HM3&1>prh493kPB@w2ka`mJWIHx8v3OBk1Tv33=okbMMQ z_p;j%MJ`v3tfr47TK5?*DI!K%*}vJ;QheoUd@Fs+*ZZc>A7RL3*RKl9~g^jq%Da1)=qMn^{iP`#E({PzBhZPjX(2Aw@s zZN{2197jM~Xb2leo@ZjBSc5P{V{h^~TT%w8)b5>~D?v$f%If_4J!j0imK!@cxQ@)h zwO`p>|4l%FKhV)xm>rJ0e&2A<$++~ffwCzU0Kw(%Ne7W_?6;h!U*UauJ?-Og?{cvC z=2ZL4F_G~>o;I?W}n!LH&wLm%V=m@>5+#D_{ zasPYsu-Rj;hhkPetk*uXVDivw1M%JDK&DR5-D~Q~qm`s*!|9c3-pmN5w%57nqYM{I z-i1;C)vwTOi(nLmFkl=_^^-Um_|J+FJgIHP}b_ zOA%DlIP2qMgThbk7YIxtlt5mrFVUm>Xz$iuRUh$Bp*6Y;YFLy4_#UQA<}9EhW_YG8 zjcyC{xv*P2&WF;JU_Su19f~ELv3A>CDbXu0WbkBJ>3pKkhq!h>wa9pBp+s&XT7tpc zSp7&6o?~lQi=AX{}0?CUYpS4-`L=wY7+ z%qNf4^7hFE7F50I0ik_ECvi!~MPwT9KjFWac6JM`N)^3B5f~ zN=ED1q|jvBW`yBZNX@YBC;8{%wcRnEZHcwRyeLlHe58Efg~4b`Yv(q&G|+{60}K!r z5nTBqNO;LxJjOD6uO6HTSs951aHag?#UG66V&6-WFJXDW3)-A1C?`p{Ht^YPRT?sTeZK0( zU7L|uSCY-d`@pK!v(_4bjJNGyvY25@H?|U~Be&PlPM{n&_pSR9^`d|IB7iEq$JXYe-A4=35i~_6?KU zYR+s9SQoLd{=mH!L!OpsOtmnEe$=~zo{1R1SxqEBA2|Fj?=G7 z2%(-jLb7v$pEbjfhD>Lka>DVZWn&(1?mTW=OAsljTK|(mMmp$B@D&1-{WmT*LfPML zf+(M4XvCXj>`$W_HF3X9+iKr8tJ$j&u_vJF0A?35-@o@jIdWc#F(Y8OvsAg~aiQbO zXo^EYKb+P%IXTtn+0mDHVU*u=0i5IPhn@sV?+Q)5QtqE!4JukNeDpv$XSFUrr00~s zZ-6j*0t~DE6*rx4yul=Z?Yx26lfd%(8>D+a`W=nP(Q3iU$%OCyR9diIZ8xXSQNn_aFz(- zTNeKSf3;0z@$_2o#CJvbi3v5xFAv&0Tb&$t8VjKlrDJl-Fnb5rL>vY7=pXky`XQM$ z1y*AP8Qv*CB+#Hp>*y-Qem7z7N}>U$T5A8@wZkra_IeDUzY_s$kaEO20?9fZZ!2Sr zIC;rQ;-w`bQldh*ocM~vj=rpeF5t?fEN?yn?|Jmy#oQVT;25_N(w(;rw;dopbl+Qe z(*zy%ejJ+5d-KAD+b*N0fmOPYy9!ruN|Sg5?20W~Cur#@l+B2m8KP4>y9-+4lgE5c4#v)>+grC&#Bnb}QR9AiGZ&)<5kZbW) zvEs!milWwxOa62+yg_3nj!W~<*fFB^+QkZ`FmrD?ew`K?dU$w+IWT^v@D4fn`v;$3 zd(Tb)M|JXrXxFjEvdWg@BhK%q+f0@e4^;$kG#={m`IwNO#Z=Nv$_uAZ7cR7H&JR)W zSgQ4ERg0@gJNQ07Js|`I-sGGLpYuPkAAVr}>Zd%*!+<>uGrFqrLt7Rm2!NSJ&#>ry zNe_C_&ed%`-FOKIGflu*ec-FmkQO1EZYH!*HlE2{!BI=bP92)mZzek0g+#9R z71J5%>O7$1LwoX=83yQUJZ_OtPXiUY@6;3#b3vWWnA9mIRP~#a9}arWGYv@Di;ZF6 zg1w^4oK+^gJtyhnw zos*N=3f&argmF&xJZMSNa!H{`T+pXOTE=e?M%EsK5?av8iu*`9>gDwLSZbg`%)cr`f8gxGo?Ts+4NdtV-8HP)w` zgG<^(Ha{-{)h_&m<>_|PF1Y`*=WByIFs(x5>FCB?+!sn+mABN#I$N4_??yavoS7l;ro0)>~WZVZ7v^R9<| z?sB4vC-r?Kb_>E_dGdtK=XYMt&B;S3uY=dP)_y!X;`U`$6fad#)EF8VG3qHC=G(QM zHgG7BZA#jgrru^C2s1G_+nNwGpwiEe2WB=2Unxx>oru6aA$h8!vI$MdLwhr2dTUHq zA}W{4!H#)K@S5s_I`^oO;Hpiu#5)dijM19fIM?#~2erAd-oK<6g8qBGR!o z58(~%?UMQ3a3kCdMGIru3vU!NB3(?^@e680 zL~tcuC=a8vBcUWLfZEIcQtKpE$x^!kCTjx2MXJcQ%_L=qR>-XNgl5+}*N(9+ ztZhHIr{Q#W7Bo;UOP6;Xx(X|AnxRjl6V0?^Dhm^Sych5(Y@<ACU1>$?-x%fLldC!6-(0xi7KQn-$N<#^Dw(*z3-YyQS%6{j( zc+TbFD!|UoOhTB(*SwV*HkA`CjLKf_4ei`Kt7$e6k+7>wXiMHip|a6Ww_Tp_8T0vML}+{#Q`tXpC3+?Wsrq7-XVx*ed9FzzCVi^IX#sc`&HQqk1%p0F+zk14vVh2lr-%^m8ArE4VtjoVS zST!fAQGP8dMPu$k!tny%5JkMYvr;t^!=7RPbI~!^jtuP1GNk=o4`bJhHLbRfQ#e9CR32x0u~(j%&ubH2T|~O|PFnsm9QO%)!jsGw;)YE#J!*o@PRw()Br@ zT5zHIAjLbR9vW~C_a9lOo>JNLVo9KBUW!$dRFBzi-}dxx?Ry%v37|VVZU3&PH4v=W z0f)YWcJiA462mq#S-TC0KsIV}*$#W4$N-H}6_8BZ^`6cwelAdcK7aw486gO zj%_#4Pb_-x0D4a_`HyM_8eD_&=J6bs8++s%O{MK69vY?)79{-IbXOfq9$D*O?fQ3V zB6wQT5k^0!ov>~O zJvADtwRf8`dIc%|r_5H<4bRt;At7SSSgGNIYG>_PJ11eGX9)BhF`#i$d4to)CS`l)6@@z%q@6fyK z?M@!juX?UiM4`89$bfdt$WDDL?5YltqUou*@+47q{8sho54$bp#dM~F{hrj=*a|?} za|<#&()p?nvd}fu`QWmUU9ibEv zE1fd1ZRbv-<3f@RxaZ4T>L~G|y=pP4v1O9Do{QM@TuyM#dU3eCL&TcC;=b%N`d<4R zwHLZZq>kEET>5hoBSsWV>wu5P$Az+q>-UQq*7>o!{&UcmwWY@g9A(udagb|@$4M07 zUuZB{O=*qtF1<<@MQF$l+n!Of5B#SQp>SLYr3FE>(6}OyCM-#>pHIyY4|n`*V@>=c_sWiBCL=~juk0~*?%{BLM+O)(LZ(g|ZjY(_A zr!Y>YH#|-;3wYe+O~)Q4_A8Jou%!w0w;(UocTf|)68hV5mw%$X8`t&XI;Izfi2^EA z?9bA5BK0O`{9;_UL1yek0kxd^omHG^$QFvX#k-r8Ie_wuuzJB=8by#@f1Fo})=;hJ zg#b{e8_`dD?!75^*He-Esij4@(b*Fh5NJMyc{e;a8%hs)_=+_x-uWj21uwt*a-c}h zCZLk)z!B|hn@4hSx%5HOFSpU-wwl8I{rfk6ere9@BDbr}oaiEG^+T5^!>3h_bzpWR zM;hoJODp5M32M8Js6|WG;PRJ)XbBvnM|j{Quo>DqF-h*UT6|=E_NO@ z_$#5d^AoWf1jt8BPL1fGCRaNAvwmhI2R8GTw3neUk-niB_{wy+z1U2;&6(Xfc6Uk} z`QmX^iRxo7GR{iVFv{69Pb#nKJgO3eLt5R%Rr0XSfVzVes$=)Am$W1zbGICmNsM*v zzJd0873W0Z`~i3F?APto5>NqwoZb>{b?015{rqY73?(kx2=bLeJ))|bZ3!wwGy(#b zVX1ygkpoXw6qj8u$8y5EvL`ahYdH7c`n}6E^+eNji@i{TXa{+)4!MMtD=1`#*6l7X zdpZrZg=nrcjBD|&Q{`He3Al&P$lL})eO={mYh{ga0*4;^rSU3#XZ+Os2mP+cSoUMF zL@i~`g^nGW8DyqMLTn&kJ3Z-x%6n_#HO#F)-Y~5RIRjhH)}sT`TD8w(o{L7CqYY05 z8u@cnr3rzVQ@E1Ir6!6o!)j0xxKnF&lqb`qJ)5R)>*YP0lnGI-5TLTLx~6S>w+*Q z&HCol9k^lOJ`+NC*o>WR6>rWJ7x1QKq}Yhvdv8u0<9Qt&_JZNiOrVhu0A`cja?O+o zw&F7#GUi*dM(Bmm*`<<;440H9h{pJBR1 zYjT#fd;b|69!3KS$n&TO^pqC8E&6uv&M@iPU4XMr%G@$F^p_vpgRpQY=`4ZL>pAHnuLV-n zzHCotvgyoGnJ~T?F|+7%x?}f2S-+VYW8)+dTexn?kE!S+YVGTH#vtj&v)9~p_zV+6 zhZQf0D=b$s^$4?ZukufO?+aSi(9eH-vP({erZK-VoeX!%9X=P^a#Ols=R>`aAK1FG zu#BtpViEcp5VJ+(k6kRWsIKHQunO!&(H{02sITCs!%~!buY^8KYErUPVx;sAp{184 zeCx??BD|^fhDDAzJhJJb!6K zB1Y|~t#0MLzp5#Y(7_{h?>dZ!IWy=@jp<+txEYy|auZHa{w_6YjS^BKUXoB_J%&0o z#0IXn{8k2S1iw+ChK-G3+Su&zyX+7Fs^ZAY$J(3%ZRO^I8Jz`+m) zl+yMOqq@veQ1Nr9248;U8V>61)oE9Oz5T)2nQ{j8goTNK77WPY3U}Xci3Y}Xs)_~# z+!mwA!4%Q1gc0zMpogv zPcab%z;A*QHAGn=qNEmDA*V$HO5!6x|8{A6yFg!lM!(TXc^4_J|KS$f_)3`1h71^E z6uk@nBqyJ)_CX-Hv&*cIGVEUwNsGFRWYvBveH?+OgW@|E=5$-tiJrG? zM7W|uNbg$h3vWM?#ZCrwtR58D}n|aCtJ67Td}S-UbFq z$E#cGzS-IpbvI@$Y8ZdauiI~Gb8~ZNH(;*2a1do9ugrUOfg(=N;nE&^{Lk?pN{jk| zZLj1OUZ%zvRN20+8Bo<{K}YURCo__S&Db8w$F@JYt{P*_mm^p2*NBAWwlY9p0loE> zM1t1UA=^mpOU%lE-KB4xq_5Cc7Ipl6^yQQFvG-JcGo3eZN2={MS^h51UipafMz9bu za#1yEFe8`XbOt-(9aMbQQsoWlnrD5M6chGSHvf?(MrUyY?X!dpAQPqbw2BSw(^Jcw zUKSjd*=mG4>yr@_@~|K!N73&%pCr~*Y>iH56|(?G>TG`+JyL zCJp0O`^!~2ntB(Uw@<>}n32eIho8xDi)-?|+&tKy(i#nE{Ozkv(xz&xU2r9{iyC^{Oa3d&Bd zueep*PYi`IL#~5mgWYJ<`iZz$7BhB&&;Bk0V`P^ZR%lCv8vE}HRkiefw^i4;HtL*~{|KvQ(6dGBd5zF! zjFfSUnoEJ=Eo$vGtY)H)SOYC~g#?;*|K%G9vzem^Y=IoM(frx8(qxA%Vkg!~hN#Yw zv7*RUf3DTvK6MI|P_E{4^lgF-2zZkPf!{xIs^l-XHd@)pBY&}r^u0R9S?p@a?gbNn zNokzN83<&<&pw}CzkUw=^}L{D zn-OGueJ*zKnzBT8`U4Ml@wj7!X4cGj!*2vHG>sL@5RaZo7i&GWDQ=gLH695U)L0EL zq|}-$(um1AU3YrJq1--*jFSp<1?Tzd6Z3a}zfnYYtV4_1P_u}iIStvEbmoz?!x3T) zetNuEX%WqC?Yp}UtHBiZ_tomGZYP^r6#Gj5=sx3flPEVP*|u&ywhR}#tBWGViM6a7 z64vYN?E(v6O1jDB^eh@=sh!a*-@bP?&U`WN=@gQdrut}#r)Ln-IiuuMJKfl2R1Y&C z4*1^EqkL(l^!BGq`}Aavn4}8QM@BR%1eeDt#K_-f17=Vup61}0qtQiRNR?nzkxuiv za)oW9%Fd4g!HU&-=)I z&uh*JQ&ye20Kg*@U#~X^) z&PmG(_+Ic2G~vnmWt%`zkeFI3GrweD>vJ^JRKf_%WBpuZ5E)tcoBHm5CANwv`9iEhrhWQKks@(c7yxw7xpxHcuNmjH-}IAe%=Seg&n%j2M?0-L1wD7B4)HerLmASM0_dHyoKwL-{XOy zo8IqTVpi3MF;aazPoo=OlX@#MPs`PFW0ff@{9`5v6`xYEJM*Xnd%i&6W=2uiEhiQw zD^1sX?fGVD!T=8d*m(W($lrDd3N8tl02&2V?->}?uoWk}sAN9t%^#!ehpj(owlJ_0 zebI&jq>X55ywR#TKbg7;4bily&CThS4pWLF9AJC{pp9oJqm9@zeeicd`S4zTG z(MreGK_Z2(0?f#5WI+McZ7O_I@krFxm0SHk{m+xxQAaxS8rG3KC0$Q8Cq$k1BF_#y zfGzxdJFXDtJ%>!AH-30Rg^e`vqmwnQz0Wbx$=l2%_4G8jJafXcY2GQ`9hhq>e&ljER4^ zAp+--q}3`B3bmcE#PY#zAQSB%y5tSjEtf)^(c|h5B+>D2iTomG)HxZ6Tl+@!7kM6$ zaD2sEvD8(V^qmg%?v%Wd$MAQxF`53Hf_D+G95x^_p3g@6ouPyK?7h0;%UGlKrA2;{ zt(~VaHG*U_1GjjD$>9~wRCbKdelrbRCH3?U$20d;Pd;bTRg&&{xbQ_WhMWSq#N&C$ zck=Lq)2?NHD&(!_><6F%`FMGg0h$*rt7}iPo43$t#cA9O-)3@HFAI9GaA$*lF1Y+X z^Et^v;=g@!(x8w)#BlvRk5W@J6#u7KtNf+tt=Ul8L@-mKQeLE>m{W0|$gaNUMe$F6 zBUk!qwJFJs)$kuVcn9Oh>3>S7VLXP|ovl+M4_N-%1K`CwXsCo%(3&~EZ9op9X2-Cz zI}NU`rrDK$9$mwMjmB3VPCzTfN*p93?8fC90Ib^U^i4l;B`4M>jojI8z*!Z%Vt1gv zxtI`46?P8H9-xW-$%qSO1#fr^WyG_R7v|n(_5+2~rbkS|i$9Zx#FzUnM5`Hh0jb?I ze*LR-Ijkz1`}vn{;erE_r#So5AAbp0R81arU!*DCDw5c&BH#N7+F557>q$JqpX_~i zMa{yAyfDf0?LW6~?}s_s`z0hdr^=%!e`RX5t9>ST>YgfCH3h+|{dr`PC=+sUYeJx} zbi|d_`-eKYo{)^j;&Bd8VCPLyIvBEj&ZA$d$-<#t8H3M*5THl30|Vt#hyo=Sm=EgnkFb`f*c z{L4{1`q|j8Ki0pfTllu;6RV(&wU2Uci3{)q(3%+fpSdqYl;biJuvfZ-3_Y0ZGEeXO zmuSb+F(`Wb4~4EQ{6DDrW+y-g6Zrp2y#I3<{ya0_{+ET-f7VVQ&t6pjznSoVf5ry& z|AKvE`Tb)W{LeM~>$#5Ve@OIy--GA>hJ6RM{Fm3x-{&vH(>(5f!}b5ZOC|~675eY* z{r9{7fBq8?IyyR?$>0%0%jrMYRoZId#vGjQ5Kg{Uf};}t*T#IJKuMA!vv6w)jQsB_ zLqZ^*MU#9WO_FMA6M1E|qdsO9`%cx{&l}4`v3l;n23#yW!Y)pgjE*)MSnS&{Oasn`rY&OsxV9iQ0(%bZ5rh( zRYMVS#C(T=WQt-OmB^8-o70Ri`?FmQ@E_87^PeLQ;^Q}tt+6QI_H=Sq0W%~s-nz!0 z$+;E^{xwLH3)0BnJpQs?jdOU=R<&N9nt%r z4-7HTiT@htbq{j@rsm-1)?0g^@EHU}0fHPQgjnT?F_FQT|Hls{)#v(`&zRk}RzLSq zRjT%_Q?jv{|X@Mfpu0J0g~ z@9hH-e%%W@#@tTZlITI+-x!#l_nx;;5wC&zU=Hc>Ca~&BNK117go6DO6r^Q9a{h-z zL5Pj#bFmO^zd*Gg$3EQ~G8B`?f2?W(I9}u6Kjm49Q_CeJ`Nt0Gp8;Bj|KImgz9q0U z%(qWvn5@>RUmCiCtuMjR6*ym-XTR8rc) z#NW9=kY=TZqy9c%NRLc({rA8gi3o0;2~*H$okb&~-ES*%HzZ*X?eA{`#`c*Ea?sK?fwSuTOM8ywfmMu~W2a z#t~Hi44}Q##tu>ipG($~{@j6ohTC6X!dzvM%?h``h|vI1k9(fhs0*K~#1OKX5A$1C zFrTQa6s$7t<+N46M1Fkb?hXm7h}W)jLIY^YgMQ8|J7APUz8XBI-zT8$i&^V&z@ZQf z`1x~d6F?_wk3USz^(8n`SZ6Q{NarjAs>D*q4eW^?J4qrlF5QK{4(4@t*^~{MT*@S* zUzos{3OyRU-q;;&lAZGMBa*|F5mTXs%)oXD0=NPKdb{^)-M}6To>;Q(KP`Io3R3oQ zL$apSO}FQ;etUa{6nZu@0lFqNF2W4f^YpA_Iip$mauX?&G-w4VF?7hL0F#ft1QmLp z@REE%g%7lJ;NT{(2hBSVDga{7k75?!T?cUeM>qo0SZHWgC#7mp{Fa)Z8ApLXH1=S( z%tVG6`DKBd5NHv4MfUD(q0cjhh@*Zj)g!6B?rzj4$dRp!KDU9b{uFBSt&2D-mm6IM zhb!W$`<~vnr)mJn%?n807u{|`>6ZX(8*X9Y<~`>qb$16iY5y<kplh9~zjF;>~^b|hfQSq#j?^~q2P7di&NB63;wGOxP zHYW;s1huO$fv(gQsXHwb$#Zs$)~7F*0LfJ=fDx{rW$o$F(%!JMhsx((7@>7{sJZb;egN2}fh|`b z4Pk5gcs^1*e<7(68;@^>Neq>efK&!!tz}c&r(s^S%Eo^Hq&XT=8syl`3Yg^!iDfaR z9Oy;@G|#V~(m=;@jpR!awt~d zu831lsq4P(4fuD+3q&21>Nikbk-MZeSY*)O`n!1&2iLJUC7;9DDrfRdmFN`?m|@Hhp8d+>)F+m_*xe~;tx))|?EBS?qpubsjV40$hY zrXM70Ru1RMQvfUf?p&>sPlA|9ac zJ^=u^P`yakIyNRlk(^g^ieMb^893iu4|Lid05a(#XAB~imNY#daZOFjzjiT&VSuv& z3b5)%-9emy$^ccO zDO!rU2PO*}u|XR_27co7ZsMR69;l}LEgELiiLS?eJfINV9hMU zIO0@67}c~_K2K>hE+Y0^UZK+-uY2hXS@yAUW*@0!xyy5YTDhF5t2eyPm97_5l8ey4 za5{hlV zg@C4h`CkjN`zZz60~*PQGFVTenmYuJxF|Y~*4E3@JgD{-J*bXIW$~9(ZoE6|xC)oX zwqb4459NMN-7S`DR;t=j;Dw4|B*Yi332sYP-EYQ}Du`yJl2^@ctgj#ZD(q3hW!cAxRGH|&Wb|L2 zP>r7fL>#@>?q%mMDJ{cs<|eK?E#^@AXyUO58CBPmD>+xP?CK1I*_&rFN$lM#XW7hstm5&gmJ}XYJ_>Y_f3J%&zTp+c%@p8u0)L*;BCljKBEyn+*v@dJqZp5Ij z-pT3*MFo6evi&Hs3>y3(_OrpvMDN?lI|IXpm%l6Z6uOjposuMk_R8@qk4I#h<2R># zWyRsskF2$q*fo(2qZRY9%3{7hD>=PgnjDyaJAd^g`x*aYnNm!H$d2nlfDFm%D?p@6 zFMkLA?su{Euy*R{n2T2Pvp)hC`_~|n$P2x&W;at%gt`%(vE5BCTlg%)~;<>R$Zn2 z_RXBVlA$KzRnBO$)A+aFw^Z!X;~`WLz18v`K`W7;PTxJ-yK-QvGSX-sVtRGh_`%Og zc?6_V1b6ttSo6YnvM3(c`qDr;`$+zzycAOLI8V{)jxK3t@#C<@;e~< z>+>Oa?e<5%(71+DX38gO5Mi)WNJ;TCLw!mD(5X3yN_v5Nj?dkVJCjBO@jQh$stxqK zFwAZpktf!l%7@bEA(*)yv(?s?YXp>739EBxdq*YKe}gY?4t}yBF!17pB2R!Xwgyg{ zM69~~pmYT8%`X$rq*{{m)g|T(Z`7MZE|;im7r>M)Q>?2ioiBGvnwPGBKRqD7AjT%+ zxa;$EumAq6njD`z-b5WHzs^lZSKz+jaV%R2UUS}?<3*4;PXLRIs;?$}g7Mo<%{Q?M zzXjO__`Iga5E$}=z;XX8>zOj7t|$t%S(AlMU{$V#N|;wM6c*2$0S*)BfF;6(*7aSL zM3bJ+d?N`K3Ab{b+JLj2i|RSERkL;>q$^$m*l=MebxaSY)-TPNNov7q)foxw5&KM= zx2JQsW&FqsF#Vegb4H*3m(&bt2DKEVDB{Z(0(Yos&z~&1Y($s6B^F4z#kFOh(@4~m z@T3TMIn!cf{Dito%p0WU{Wh&mlqSfx#pPb)0o~qY)0_nyj4IGJ$=~)9iNL^LB#C)t+n}pfL z^=GwD`6~c9^3Du83(ZQg+F4U{P*!r`)<1f)g59E z7+Doc7G7Ne^>(CHpY6&MRt;|foC_I}22#{68rV@|>eA)+(<)X)Bl!!tvauJYEcnGw z6fi#=LaxlZafk2)u>Y19S?s(BeB(wbHL1e4z+a)Ju-Y&TaeT0Xv-vccFWR?MlcerC z$Z%jWcU5M#bF2sE71}*auOw%6?d(gV=^iQm%|+eqBb#@Sn!w}CJoCj`I>Fp82Jnm5 zQ+HKV?hq(=PIFD&}PdtHFqJn9pHnFn2JRvU&qfP$B4OTirDJnc?X2*Vy?S(KEbOglJs zl_jubXoQhqvn_|-V{v(p{jHn}PeF5WaF%SaQ-RJ=d)5`4ikp(DgCW`Def)&G&;9qq z=8pKY)c=+~DT3Cp^1{t8%&+Zj{3eF7^jPO_aO=3AVm}rQ@9KGvVhqI!Oiy+h@M5Oh zZvd@kz}1RvEt->IzgF1427WsY)fByGY4jJAK8wkE>Xl2|mYdvsHTPo~yIU?yL_|X| zY|U65??J*@tNLTtClJRDq-lml64<5Sd=b`1>|ZoL%8Pv7V4gOFPeuF5N$G7rj>>S1 zvD_*^`pyI={RB^S!j^k%B4jZ;PbQVh!+r1mY3N~ES^tNoPNO`3R*~P8PGGVM&hc#0 zjSpxl{jQGgq>{Z(@^5872FVV+cOEz$Z?etIlhU$+m<au5hzR4c6-djWFBc!9e|0 z7w$pD^wr;+!Rj)LXoM=i1WWzPVT)zOZAxSbfYZOz|wy96+(#3!$iAcP=)PuAJ!9)>qrKjm)_8 z0<^!1>%rZW;badtIy)6|)XuI|felA&4Yz-J0_)C%VZ`kh@qja?n5{leAMtl?2b2IV zO#^tB1gsAv7uwtG?IBEq4hK3T-a2F-kX0&+)UQVJ*#RY?z&e2A&ID|!^7WdV(0Rv8 zT5$V;vc*rp46#3nlZ0MA?H91A$m&Exle_!r&KV>ipe$f|37A|d?9dp*#vQ`$Ns%s$ zfJ1{gGE?zu8ImNaVIBrc7NEZ;=H-?0f_`Trvm^Dwen*w|rA-UqL{?a-1m5I4g z4%i#6RTWfJR@BlReaVO7IH}CO-Z5vsd9AYgo4sqkP5>1kWx>`49mT{8Y zK0!e#aQC@fBdV|&LnKt`EnE~RZKRMqK&abm8C{F6JkYDxAz9K^#d$B0 z$na$58UoV|Ip-=?vd zsNZq@63L!VAC#55eCndM4xAWQO-m6IyR_U84ra?XMQFr2*O)$jlr%LZo(pgO!lVk* z@;>+1|_k%u{4y0bmTl=9Hu&V(! zeQU$qyE~JBniq?`x@4F`hiLEbQM1VxqkfCy!RoBi`2c9Eawx)c5G$wy&@c8m@DUS= zQ$ZauN25p*JTIRvdSxVr8LE?q4G;L<(_2VIaY2oy>+Pi$97(tQNlyxT+mWkSdtHpF zZ;xwHzjA*9rAO9+D+}j;o6~Au?!EdRfzAfAQ0u8pr`JS{&ZhFNn!IzlJFx5f@>Ro` z_F*g7KjwkFn6*IU?Q0A?svU+dtzPflD4c-V1@jC3=N6d3-+yOQ-F#q$^Yvo+9bU&+ zczaoN0S@hw6c+{cH<>s5K&#cqg`yYUs zAzg9ldeHY*Tqr^!2bNp5EV6iQ4?7`0*wtQo#j@s1ectc_-~aZxJDmQQR{pCa1Fk_K zGufve)E94v z<7>$&v6flBP5T;~AK~mPN`lc9UU0OB%OmhU#s8PJK-E=bnZ0ErXLxdjgNSQR;`MU-;^-uqMJ0? z0{u&d46BBfqSAV&OZ=B~5pkV%W$1*a)+;}73O(c1@|nve54FAu zpRf069WPMQH?xh(=@a~wXMbp!n%(TygJKR?5@iB~1w_XE37yI$H$J|T##Ji{LpP&= ztVW4SdWq@|@T=4H0joBZHO<45vG(zc9;!}&d*2tLtk%gX{(?@)V>?3as>8u?bgQcw zgDZV>zLJ0BKc%GJ;&`j8i zzLakRrpcg@tS(CXRi2Ot9q6PaOfeD(ZH{UD48WeOPHV%n6@Mx(&!@zG_P)I`82BDA z=iYo{Ne0B)sxWC)DOZvJbqqmzI3G3biAj(tv)e%i%0y#3;KDEg4p5foiShiph)wz) zaGi4YSrHi4y4CMa@tW!rNGePwK^UwcYNxx?rK0u013p8qgp7i3g>G`z0`zLprwXQh11(;6+};y<9(&Nd2St zkZ6i6LelVaKSM(z%M#D4wk-XSeB~*$+lDd>k^cH7Bq&;y9SK=cs=Y>tX0kO^ zcRW&p1*{gv<>Nnnh9#D$ETfYiQens{RR^$F6>Rbuc6KC0ZqjrUCa+DG-xM>C8&y@p z89}&C-6CQ*ukFGu&XI+WMCs9r_mqvoKTb6wXT6$c76MD^s|Ha$ zI6nqDXRUXvAqS_{Tb(n&YCfyDjd6?96qdLwzLDU=KquwQ?X4FUm_N01=Pnz+jpj?i zAg7;zFHPqzscIX{Ixcb1JX+}dF692glhR27b+@AN#o-5Cb0LHZx6;ZFIOxF>8Gb?? z2BrohC>iq-=UZ@}5L}Uue6O#kSB}_-_0n5s7;;w>Avm1Zw((Y1x4W*`C%7l_AJ^}X zy1Z}BC<3L7&QXj6LZ`UxNS_D&Y=SMVnExsWI~Fep02}5OEt=68!0S6Ml3Y+VUtldh z+6V`1;hx}3LEB*W*L2As{jIam8Sq5%ogEYIU={pXK<(H`SV_*O(hXgt*F#`Npmv6) zliaGYRdG*T*lBr><8egIed|J=?9H1Ft1z|MQLu|RS6WR?E^_T@&Ex`(q$;3;L&?5lB>n8Ry&x=-@k8Qg&x&BPVv*@U z{ch!wNO!yo7f-?D>wYNEZrd*Do`YA<8ngwVLGX6~-vo98?Qn+ZfgXjen7XcdiGy&cC$^3m@#xqVy$nZ7U_D&$&9+l=#<~ zx#`xIgolT;02PTKz+Y)o3FsOil;i`c%8St^F83-hOOc#>skmdKw>QXQR2^Kn_CXE3 z0iEb(Tk6w;ZOvu`YFMM+1K0v`-Kd4NY;?uTjp2@jZBr~5rA^BrQ=*MkP<&~$w&|wM zpJAelrQ4NGchC;n$GuvIJ<@bdT=*_CB$0OIzN`vyW34#kxm~u&R;y2Vw)7qxd6!v; zb4u38AWgZ$c zpBa31eKV^!4SG00UlPA}f;(m*uf5 zxFxAL z!`)2gy8EFVMA|9Hr8!IDn{PpzB~z?xBJ90T&^xy_I-Zj)OjldpuGMI32xfjYl7wel zW1?2bXRo?i^|v`+`U%#*)2quZk613+@udmOhyebAlJOHjG;0v8VMZ0m^Zna8uX++WmiOSQ@B zW52w@HO`6L`UICrtKz$?hq?8?!;2wnMS70gycQdgg4PPyWmWXl2JX+O^TGq=OUUg2 z2Z)%fdOB6;adrU1Qhn`Q#cFRy+u2NovjRazIku@LYDRoh1Q^BLTrwBn@7xpxUq5^v zWC+cPE0uSMJH0M4X7Z`tOt;9Zw2+tC2xm^2FS`Ad8*u&mebC`M&0pX+(d)LUir9i5 zjwPSJ?KH&!qLKjU7ogF`xO6%}Iq@L}mYaMgB!on<$hwR~Pft&v%KRaa)t&aP4e40L zWa@C$zn37fBG)KS&U~iq02KO~*b)w2-u#`<0NtBymRFHtEI6u&32>tOMwKxScv$Ti zm0+T+Nx$dea!&TBD6gfcwo%E5-@|cbRgQr&881ptf2fj;2gxxE+epK*Cp!iji+DOD z)-%?C4Ura>VKr!0H89Z!=mW#myBV{n{nmkA#t*d;UBW0yw1szkd|4Xhu{TJ;2xU%B zlybK8)h4^qxa;zsp0|R5Ms3s~0Hmmlr@!FH?xtY)z_oba_y(;{=!zIH56S?<2-{5( z@s2ka>?&KQsjjAlOP0dGskMSO|9Wtjmzd&NwxA?rnk7+)0=eD$0+?YE0heM37DKPE zBt?hgP((XmoqO0rPf<9$D@$+G`ce?CIY0jV|so6=4M%vwQA}TifL|` zk?_I_ku3&HJujNIYS6O>fcjuE)kIh(USr)&#<+u;SFeNcbXi;61)yCn5K4UcGUpH{ zSJ}C;Qu5AcelSa#pyO{@H9h^quLZTSAf>z8tN=Lf_k zc_B9|5OEVXZ}m~ujXBNUz#IJudI#qM3yP_;3`;OSiW9PQpEb zO4liRO7Z)#4=$P1Qd7fM3*u@*tcQ1EJTg>1wZX`9G~1T;TYJP zD#L!!Za2tWTnRPF-7y(Co@vc!JOPw)Hfx?dZrwN!`_K5Q=xJE`9yiTb8Y$pRu9Ib_wcpj&C=*EayejzpVtn<@D|_BCF8vMLAQOOU82J`&IrFz z^?MKZuEzAa>zg4*O0TLk*q?i>+XUmS6?{B1kh09l@Ts1YCC4F^o=)X%f8C+nR{xTe z_vl zv9vO(5J>Z-aFl^S4zPs+90{+`+JkUPq9M8Q6*dzvLuXaAFln}vzDlb@-+B^&ek9rk zgl)=!uh#6Fkr>M~mD0F-NA5~=Me6V;X`b@ zRW&`S;x!u3w;k_ z)cFJu&ncf@ZnNUzzX+QI!Sa1lUPmfxH19y`m0xkOc$@4wOcvk2D5s_#2Asmj0f+4L zcgvxQEyys-ZqSqISD(jALz$(4bBVHQw&+dVWD4c7dLF@aSzIKqM2wkyM4*6lxsSK&Z zD1jE%Xc(3E!B2c^yG<4F?YURiKp9$5>&bIFqS16`trDf6JvX_TIO9I(~(8mcf>d4c|+NuJ!u#;hd^ly+H zp!`~H9|174-}u+Z<3L%>XPq8ZB9E&}r9MT;vPO|+H?HTw3!Q5E)%{PJSyvrQ-*Fdx zQ6lJ;jce%3Nus|Avbxnclo~IW;e8z%GWh7`n#fxW9J5VO$ulrLKIl{Q%}KBWnb5^G zu-yAbx#iAg9eF72y{Z?7GA0M#^UyDT?;EKhI%e{2l;k}YWugwz-=F0~ocMWaG?g&h zk>eX)k`BUCij_l(-b2ZW3&9};Sm6Y&4~3>~mi3bd$x+9zLU)vuTSk@R#>b>~2z1Pr-elqyy zl(mcl$MWD?U#aZ1Ag3=1I(n|Rf>r8|$$GsT%sJO>3pi31gIAUpU71!$Pz(*EUk>Ut zh2Op=`6(FESU|ti-UF( zOHDLgO;4}lfRL%8%SViYmrwkWae@-mn(+hQ_GSXT6iK+&Xubl?+$>ZlMkgyMLK!ui zmLW63rdW@{c}Mq>GAO`f-_=!DM#r-QMrMzBP}FoM=JA4#tlQ^EpTtaM(gEm!%4Ze!<@=? zzjK9MTag2MVLXK`Vh%;+#n!=-eLjOzhz8YjIsD>2re&|wVM|uwTX}DPo$W`cx zENa;TmMi1@Y2GVtZpgOrO=RZdi=f6Hm{01+4~84ZvQ!c;y-4A!)>Wz0eT@16g#!-` zNJ>=1;QKafczw1gTiZ+bw$k?ZiOuqt8- zMl#eP8xPNFd%wI%7KIN5u)}n}H}LvlIlksz9X)lS5)LvjdV2HayP>jql5b(`sFv3L z*4Zz6bUsq@zazS6t9JIgrYvrzeqJzRA*EZ4wGs58gi?V2yTMQI$kg%!qnBf+9CTUv zj!F=EnMLv{)4W7k9{DF0;8ky)JGXB4{NScV(9$R~+j(Nopp+;ze=%|hXx5GTV4iE* zhvli&%UUWcXEuI%`fr;}{m|ksSN$u{=ILZ8#5Xe{b1kjT*LLwYBATBtTeq09ii zU2Bv{kXH2rtjM7hO-?*zmZ39C+Iga)w(Ud*f3l5qtqG z+Y|zSXHzPWt1JMgI}T9oOzSfF7Ja+EhjLvlO^=jz1`bh99dn9g5D@Ck-N1`yQQJ2f z&$=3I>3(^n?gD0;%D~L-O~+!oLv8ULKZTqb*8;UC#R;LTiv8kUn$VDRl($jmev+ZA zkimn4ICZ6LmlSnAX@}@CK{>wdl;x>;Vx(`EbB%PpO5aYC6ti5v=Rk{XZX#dHXk$$0jaY|cZP>+WrKv6L#vU;_?B6U3Qp z>^{64zgP=}C7Fi0q*rUVHC@isxwq);&^M9THb&skQOiN;F3)N^JCVqf9 z-ca*C7ni9>i&ge42=4hwkfi-XLlQo>!H|Hum7x!e8b7s!5rV3!SVq>;>I z<6<#1D5As|sa)G(#HaqO@}TSAS;j(qu1d_2iKnU}U7k8G zB>6fRl~&pxzImiqIQoxQbUuP}GO4By3a@O8T-o&~|IZx&2k4mTl8^XybAYJ_x-*kz z1MRteO?+K~?)Pj4=*z!bgRHGm@yF}QF+kYH+eZ?SBCDN9-kH{|z((mb@l@a1@0Unu`pCDR9EZArSO)kb7Q2 zmNp=57hiQKykril>+nO>j#hXZU`K@!THc1I*Vdxn^S0f#ti%N?RAMPaYEzzN$g$P; zA{4MWvO!tw@g^Y5blhbUZej{(0s_R{O+?|xhFvI@R!X0^N4ayT>OT?uA|*`_@|@;v zV>y>+!?xSag^q_LrYAO&l`G*2zN@jL%uk}xHYO?#5jAXjpvA42drkGG*h_7O-{yd{ zq{qeec-7crzsE9DkU{yNHZ`r(O?K~)o6=#0NA11(Ph>y%&qseUdZoF+%?}B= z1mv%jtiI+vY|jj!?_s~*hwEs()lR77eu0*|`ZI@SZp~3uOn1q!{%@VnrI?L&Ri++FoOj;9PukdR&D_3axzOj2 zcbau~gwBa9>^HquYDwXF;#BUosE_&FjLNyV0%>VOQ^Cv&59ZdY$1o55gC>G)NDCQP zZmf1gTb_H6M12|ZA;X)o2qAr%t%Ed&%iUT2zETuHld3J(Cc0LFDv#O8+g}b;+~yT4 zd1=1EuQckcEs^ot{*Ih&-Ou3V<8oDFe|rs!+im*DCwG(gVV8;ATRu{Jckt218WNme zeFo)#)$X5BYOOyF|ga1)gOGZi6$KrH06YFIwKW&;y zD@jNomR(Jk+UY93;*sq&An1q+9npI>-2aeeR9;%rqZPR@{5YGsDY@?`RZ+sk(nx2r z=+hIT2Hieai1u-L1t@i0?iJ4nhUW7UX3P1U}D8LO{HJy?D0DO1GX)j^;VbUj%V_t0Er zfUFg1j|h+h71eSx4(c`)sf88Sc$;t_kpjl^QL4q7TSm+~OS|EKhaRQ#EcXrIp?;-~ z05!IK-t**TFD02tW&r_yfGb`lkgRh`H~jjT@LPO*(0sk?PKoqJWUlPU8MOWeM?crI))d3VNNxs}cROcLa`1-;{y8tcq0#hW9m`#|uaj`_dIL z4alxz0bTn2<&e*CW-a?$##WOVSA-Wif)xoG=sBA7X(R`FbYnmb_pgTvGw&?TGUpq7 z4Hv%<@_nG%S9mfJz*MRp1M%nc`fa-_u3}as)rTK#U972aqYWC^UE1Hyk76t=Q~;LF zcaF4pe+m#h6yd4(q1_r8#C$Di*l7yBR>UF$A~KURZH}h=ZQA9ye7$H`usRz3OeRMB zRvM3%f?5HOj~~^d9zvyD{4?={+8?WvVJ09WT&~o?rklj9a89jOv&e_!oGW+&`LqwS zVoTxsQK)JleenmHydKYIt$Wqoc&pm9>)FKee?-)h8uz;h`>)GwW|Zjt{`H`y+PQ7| z)a3xo=|kD=E=ByPazZwF;c+DV7Plz(-2ZD9Ppl-fvI^C)<77P5!xguSTHaQxkNNgs z7+;$}s|<g+;o- zzQx@u53>t-jB!CmtYu&wI^x<(*Vm(ei!B{=f74d1(=ZC(&)iZm*$}5<=pzxFMF4Li7}MW#wcw+#lF;ka3KS&yfvPe&a3CJQb|l{E1&k}hk+ z?|GI*ZyH3wU|cYI*JjJ9zA9Z<5ML zBrPV&Ol8`SOHJLQt2T;=-vDk&t3U_G^6~0}hw(kAv49R~4B_tki;s!J_fn z7!{5#E$RW^tAy(%USbai)o+b`FWuprB+gIY!=}Hj%YwnEP!kCY7#J1s`1bn^{GJ+xqY${!_%bJ%AQ{TMG2fO8}NyC+mHRj->CNwHZyujf|v1jo9H z30|0A^K@E2mT8u^UOF>;)>dZ)dNuV@a;#CC?NP;A^>bM;(iv(Zed z>jIkVIf}9yJDtWhGcjo9=&_-p;c$tb5GFC(1Hg8DY_W6~TED00H(1higTDwq2kosM z(*-mD32yzKJko(5`$Vc*J%4z7!q)Y<DeQm<6%Vw zz@wJ-^-~f6%C5I3%rxsM`;3?VuqG;0*ufNY{OLL4H>|mrp!b^6m~BCPl%AmMt9}HQ z|Ca5MJs-zUgV^MmsHY5{IX_S4(a2eG^1!88K!l~E4}yCNq!PD~Ji!qDssmzPBER|F zn1T|$gI=fU^EXhv{;x=ngd+slT_rizBhSSAX-Y%JbEBjo#qcQOqUU=7uq)$r(zNk2 zjRqH4P?CRu`!Zm8fPUSoAf-oPs5;W{sN(Q*IyvSU#g@{FZz?az6t1rTAH3Qv8B?jkD0Cc~_>VfWJ4B<)S3a ztY3Dx$u)Uv%)eLzebwK4Uq z2>LyWb1rDp-+yjdF{TTwFkWifK>qf3q7IHk2PH^HVI%!<15u8l&u3D`s_x<0x29Gg zw~y)}SV`BV!OTN=eQ&&Cdm1m3Yt@^ z`L4y$g@fZM5w&?uuuG$~Smu+IDH8qJ1qy>wm?x}uP2;yeC&|BN3RXK$Bl9t}YNFB# zQ};=jpi%8V0;T5h@}QTzg;}_Q?2itENpXpjb9MGBPlxmRB%9JzNlFU2Q8FucIn@=S_*~18eMP9C(FELq$Q&uwR8&;7shxo8)NhNb z%z|yrmTqJ#Gs-f{&NTJHI^#E-I~|!1L7nM|FPg~~15PF-be{)fleN`sbVATm9M>f> z0Ok4>-y|4Fc)3{og;oRDh}$->KLz|7J1&UyJ_#$JnZme#UNjS#dq^sM{Ql-c;B&h0 zx>xUB>^JfZU8D&vCXMB(bPSoLxf5DVK_}wDV#Nvmq6_fi0GYhTD~8;UsbN5S{3Atj zy2T}cEq(G+D^RsGv%Sg7E9(DPIfyWHtX}k}pWZGc7?H^RS!}K4HtpmEM89r31ED+$ z)w%*HL%dOsQ7{o+e2552z>wTFV~sOUF6r~HUs$!X!`b#m4g4k$$N>Y@9H5bBv!1r& z=dnroo=1rmCg;wpj1+T!y(mn44g~)NXns=ipH*>}$>X{1yLnxj%7AIFS6{i8 zK|jCS;eNKF$l@7$N;~DLBgS|we<`H*DQD~1^Gg*%1D@PiYoCb7hp6b0-~0ND z<=w^%fsKvih{ZXw8>W5-xEO5;Ha1q4F{x%&~{uRuxV z75xJ)^$F2?*t(cF@{c7zl;jV^fBA9&{0qXC^EHDMUR(Iq@T%eBB^nPu6-#{)D9mZl@VxqDNxR9< z3#Z8Q>?ou=A(C+J_-jXf5Vtn}=rlzEx_lN>P^!HOM z1n}Ecr2tv=mm4L6p2)4+!xN*S)Gn+2IDrtB4)KAIQcB7*swyvT;)ML{2^en19EHyg{sIYZ4jrKmMO z?DUcYkJ?B-{M7icTBTuTLW@_zKYg^~3*UyPUpL~TzBYN!_eU)}oHpt_I&%rbQS%rJ zKiuiVH{Bxtm3v{m*_D&$A72xrCSFau!>LwX=v=N~jcu-KQ%&7blUkILU36B8^yl%m zZ+Z>ie?AGiH*3TBQ%jZXCawrS-)+{-YHt1XH-CT-3u5MO!am;A5g9n3RZ!$5>HXh)?!SC#&kRK4}<<-#wn-1yF^jWa!e zZCk=s5$|kE-?&svc|{~QRN=Rn}Qz;-FW(8Q?X`P~%gMvr)Lfo;8~O5KUc&HcldSi>t9D3)?F1LL3m z1!RqOKoahi+XqOUw+Xq(rY$GF_*c2KTqY3tQTK1_jdXh<^6+B951R%W-v}>HN26SS z-}?s-in72C({Jo`4?JK){?Jli2Fy_94OGsqg|~$h%n&XMMcLciZx3tRyamTuj`itK zpqQeiJ&&FvswE1y%{Kjy|M7#5_|I^)Kft=89IYUsC>6fH-au%J zqPg5pI+NOic?BWKnw4rm7cSo_=yIzH#InG&%bMc=R0=2)>J`1YzvT)Cs1wo8*v2Gm z5AdZ_j}eWjS50~neL;jW$KNUaclfYhqn2X-W#L0y_-{8C;ITk#%8Uyp?>|TU|M{YN zAJ_D6@%*0;0lr!J|A&u`A}b@~YLQsb@51Eo9aGWTTasLph%(%N?BkX7HXbM*Xo_-y zq#t!#SH5nO``>ObD#VoSXUYenm6cGjsII@x{7L_JLnLt1zW&Eci1^e0{3mOXfH=M! zG3M@Qg8$c{_+ufJB123;;R^_WAPiXzShMZ`fB$4aUq;;naBO?ie}4n`Jp9yZSd$r5 zyFYFn51=Xv1XN#v;r|NwSzt1})4e`g00()h0N+t%`=6n<7P;B27Sw*ddnyg{`(alJ zz?Ml?*=8q|Ti=v>K`Qo53cl)I5BgQ3n7_B~@7EUw|KA2rlkfQ~N8WRrcCY0Bdsbn; zx4!wuCTH?JI3hj+Wmdd^-7^{qgs)(+X=)OL;U=!Hm>&}`Ssw50Ytr1f@y`nI&ljls zKkhb90bx-cO9Q-@$onlJAvn|jmTJOHQsW_LkIEAz)C)nEO-ep%xnID^VIO(&C3YFZ zmar3<#Evx_z^Wg;+8f%r^9Au7+W+HAQ)xM)AVN~s7fzc@ zM;nW`V#=v?fe8q>uMH*Y`c3aKX#1l{qELcn;3VJ*`;S{1_N}Hc{c*HPp}5yrtRC`7 zSXn7zXMrg6p}^y7-~`S}&hzez$2eSKjn4|}aSsw@J-(doD|>~A01gw=DcEhpzL#GF zszCV28++`kbQoKyZC!!0hR9b=UK+{~uY1&3j40k)?wOx-N#%HZ%t7p(_d3;Y%mySG zs}hGT*POB)ZcgSXSUH05JJlF|T7zJ*jJHzd06bAI^zw-PPdwwF@p(+}$KZ&+Jm*eg z)Yr(Rq37uyKPU0^^K=7&W(`8~!eiEgmfk-~>qP6m6O2o8vNMvb()0M{kYf`!ZX4k`9I zhfl6v$=cv`N`j#%w`$JCVtLFyx}>ID|ICpiWaeV#GYWEU^7ui(H%TBVYlC5^sNcaD zUvpEw%Bg&awxD+=n6O%KbEGmwIsg-vPqF1uX!gA|1gyn0$;&U0lzsKLbI*V0;O;+u zVo}tI*ql=i`@t;F$?ZE2dn=tRu*A|oYV=&DQeXsAHsz_TI^pSqx#a5RmJC2(RMkuV zX-{sfDEIspd0HqZQ%^ObIL^8f4?J=80}2F{pe`= zpC?hZUK)lLJAQ))LZ$=5+Gw$fte96j?c7_zDXMG3P@k1v+M&#xtt6lGrtpW7uTx*j z59Y?yLI2m^>$Pg*A0M7Y=z4oGA~m7PdA0?n&DlFH%)g+i1m@slkOz#e7U2XY`(AS1 z5H{V0rO3M?fT2AxonDMI(r9k;z-hBLax0nuM-y5WOQA~fGsR6$?NZD7#SX|p_J=jxF5@!YT}nz~*4c)vYcK>pFu1`O|7%4!befhb(~TEvq`^vq@6gj^r#B~G|H&>Sx53M2-)+~B%vweivD4nYK(h!h{6A?T9uW57OfOdx-{U9q!jo;nrR9f zbMEbbt2;{#7E8{SjkVMPHO31gqfgf*FrWu_PvqEci0TY|KhejVl7wB)h_{51w#}|b z)E~@pics;LD>{=C1){9@J)s`A+NOQ-6>tV~Utg{PJ`!Qc5`AgXL_=-cAWUiy+;ci3 zQLJtfIS9Lv>9IA`Lf+;OUFsMC+>iz!n5~~Tn7HWzwSg!}*|NVW}{_))W-0tUac@RI%>9}&6n9XXsw#Hmp zl7Rs$QST8uy@_pLc*&$blnlv2bDt)-*j6PZ#MUY#i3xZfb9iG`8N8Sto~*yW;4@!z zzDL8mahU)JENg(N826!~{Z-H$edX(jyTGU8lwG_(jiMI4WBgAivHwdbrdSeqZb%OKpP<@nu+{go?0 zza(jVKK___GXy){SKdbsX@7n_Ffec+xGSZ>$Mu%vBZJ&e5Q^+;nnVRd*>uLIKl}FA z<45gd9-(XGk6A#k2L|cJ)MV^iq>|9Uyr58^yQ0Yo%ScU4#f0=V|9TE|{gSY~_8v8Z z{j?pt(`^a3m42>XFbIQ14Zh@8&G7>@xgk(cVHa!8M;wY)r;=K6B4^u;$H*M^ z@TjPC1uMFwV%ynEpz(AWyEqRtHVk@#Ox4;kZ@l2>q0Shap948GOY9myqRFVmF5gHc z#imSZRB-9RD=I)_K&jt#0MD2LmskzkKl2f}Io+f{J`e;JESC zY@pHh<@hql_w#@KP!bweoPGgzrO{ZEz{N+SCK^2Vuco*eH!!PHlM<|rqoXgd(Z5eN z?YF>l7tG9TCM&2QBq03o5uX~&pHe>%;`tuuM(U8*{|s)5#pQw9*i|`F_F3_{hZ&)D z&4HTN&8W{XD_^cM12C#Eam?{$ea}L20++2krk^qw2GXo2E04E+JT14~c~ELSniAUO zFx!9=v`z3nCr8`bNoUms1cHFmOB1k;Q(Y;_O@rpBC`DPfDtlwoAD}_Pjw=I9CGTqU z0GIOFS-UG%(rcJRkuyB`JmXt?suG#w9zom=ID8?uE*!v}srftw$VswZY5|KwN8}(G zt}m@V$H2Z|Q7-2P!@UiLQD;(8QW0LGEU}FJYSe+mIR?G=d3dX0nVPsi3YqV7W~V`8 zQL>qnukvCP(87C5t+c&z?R2s6xgXQAv&VOFtkdUmuSCU_y-Uo87M6VT_4UPEhb9y$ z#Die&Nk1@4b!jYAs+_HOY^HR4jOjWe)>`~IIiWQ!>&IlE6{&J@418M6+-U9i{>>z2 z=}YxMa;-A1o3AGd4uV!%6r*Ef$p0-4v!I55s>;arn_b?;I~3JNQ`MdcDmxP(W*phK zhck_JipgaHD^-%Gs+eplRuf`y?oBM_xm|zt#^;NlK?F=JzlERI=~4FA@+CUY(Y(o; zlLknNbAr&jsT7&y62WMUbt2Xl?CQ;{ zGfPVuV;T3&ZtPvKFq4K4frw{KaBK3%OU!aUwo8Uk4z)Z}-J674FvQ2lV@2wy5fQ>q zQBI8a*rH@=&f~>Hac+>z0F$6H@^?{u);V5zopt-Z^q--VS_36!+;R!1>uR3lnV0Ga zf8cM^eBiYhj${;JmZ|i~OM8h=0foXTYB5??9d0oE|2fjFjQwN8sp_6S3NR^>8%sSs z2v)rkDb=B~)y$;pHR=(sqTS#i+v{?v7KKdf_Hm&h@bqKssWx`n|IYbE5bT6~eN7dL zh%yD6^{EIWP^b=Ug(tPKo`@98^&|=@=uT)*Hk*lV~Mt-hz3f~vPo~@ zM+&i@z#$i@ydVhk8s>z72nOU}UwW^zptR^GF1M#>Vd>pp{;@Si< zcX~k}VR@DK4}~ZOVPOg%Ow4B>rXsywu6D&D^t5i(Wd6J~LC`_#ph+B5eIHAJnxC6` zb@uhUxb(m;-_sQmGRJ)hpvZ>pXs)_@r0UmsAA`U>tcD2e zTB-%;{&ZQCN_1N_t5(TR3T{(_`i6JJTp@$QP5rgZGG<3TQFKE#EkStCzde%Y@EXfm z8K@#%>P&<|e<$Gf;lFh#uSBp)lh$e`0Xf5;7nJVLfy>%9iYk^kLovb!4EzV&S8F_twV8U(6`?)>u)x?{zzwAB8-?N6W1(^*}O&+!*dq zGkx&&$_rVr*;qe2J={q5#Nq>!(ueA$0YnnPf$_T*o1a*Lfya#|>et90#g452! zn>3u4)`oq8v6SW)fsp%;1@2*&OL^0P;NV~}#{;GPIzI({)Z4#|XuzrqaLy@j3ggB|yEl*NanO&V;#9U(40MtwWMQ ztqxQs^+m=VyEw!aL(l*rr?olIBrPh(WOO4C3i1ry@nXS|U5waX=Gj@|vxmjD*#hpr zG=dQmUHsFZkV851Wz#;5*jl&nL{;s*(#KAxwV@X^+Sc{Gv=Xe=`Po&)fRmLc;xb`( z6{IrW()WhnB6@^Tfaj=WiNfH4f_QZx&=i+lA?E9WzK!CLdAj@7*~!*CI6@3%G69I9 zs}DF#2smyl2KW{mkBUbngXz!oqvp-*vtKRwziKwd41jx%YRVih7SPc(NVrsJFp0Z1 zDMvG6_N}6Z?7IGckNeOPiU$H!th0CZ+~4SDSB^H`T6OqsoRxGhmQ}7H*=5?P44P4a zSvydZ2)lX{*AwIdVof#6Q_YmUa>K8PczI$1v58j`g2hAgOF)6R7u^K<&ej+xpNISnlO&!LMT_hjo`HysN0R%*S^J6vSs20*Fu}DO5v;JNiDDZ0HEd zO&nQQM|Bh%S~XF4^Bt6_+8UVr0I^V}7+)wQdld1HT;^+L#E;WPFA)W0T= zCQ_;EYF+yt#0x`Q6dtR-T(mo!VwqN`ddI(4x_^?SjCk&%%f zntLY4dp)^as)JE8OMq(oTGt|zAlmcCrS23Uu3YJxzhgOBi4#b&JZ<`{bZxIk-C((! z3U%+tYhdQOaX79jb+VmYP1Ds@QnYnGJ*E3o`t^|=<@swuf2n(pvJdTeB&lThzkG5G z_%wHsDa&!?;bZ!bj!cu2lF}}XeLpA}>92{Lo=$h#6<&2|A)Z)9S0BcV#+;wIEQuGd zA-#_Hg=#OF4Gj>|%fupcQ7CWURQC`PHl4?TRLiUnR^Ypst2EyW?{O`d3VIyo!khi| za;_3k@4E!AIHe*6z&Xc)btk!Afr=YH8+k9MD#TFOb>_*B?Q+~VG$O8#!RA|M|mT-41T#)^C430;+sW~tm3 z1HN`oc*pRA3wP!*W3zL!$4K35A7Q(r6B+yq*w_2VELvAgFJ8DXqd!_?+|;D-9$&%i zpdb8>?=ra$B{2^+jb&tgaSzh%=3gphIRjxOM$p# zqoYmT{t{_J#x=c{; zDT=x6{YCU5LSItGlz<>xrSPL%l315HdX7gRj$c8KC>EV-C`qd|@dGiaMRN_<&D1(Fd2&(7hG)DZXDu{!vR&juU9R{PLMr6^D2)vHga@Di zDAe+=)2XnR&SbCUK+O9)najrU!4@HR9(LLd<{yQRGSpo(rplT2Nn#^zhj1^ew@4n< zmCnab6&V)`^3`Alef^v^*oL>>|_wMU*OrAuJ^qveY81g z1hUtP01{^bld9NVlwX{|n{N@GQm2XA%d|owav0opmv~R__JZ}k>txt&2;FNpyn`vS zAhmOH!rv_hBY$nN=B2mgcCcKP-L%$)`)^&_2G0+^b+lClN}_KLbN!wk7oHmz#`4=t z4aD;Mlm|geg!-YXISZ}f5AA`NBV>kv&t$EUm;)#D~-mT26fW{sBM)B-@YK~^}NHV zloocKm`SPuLDUY5HL?-IUmwvtA-O-kEDA zve{x@Dn*Tj;);S^`GX{%DQT!`K3kz-OKIuuoiVF2^hsvCh}$zJRj4J@f6RKKoK_aX z5)N#Yu99oxi<>X@|B@!`s3SzMeGLu>Vu?j96=Rk;0x6ZVO zI$H}CTfthZUrB(96?V4dw^9-uhOnrPmAPjpwt#&0xE*}g;Kx)Bu*j;$!cc8Ko9Ih8 zH`+lcnW6P^zF{<{;Unc_P)5Rv3{RbviPa!$f*pyX{$%3m1D!F`yk+A@yF$hvQ-O0G z&+IFL(C#HQOeM|5(5FX};1z^uBVyhIpZD7U*<1amZX=D z9n>)e&8u*$aSRXQ37EADpfcfFBchj~v!<76tvNkf_=!R9X3kf?qaO`P^0JcBCJb+~wjS*s)quLl>Q z-jp=eU3{<|8NsRVxkd)A)$r_Fb1-_6OPpn~Jxbf}CKXcv5kqM-coGUH5%_#y(&y(Gpe7S?d6*=ZukO42D7f2-Oez0i>b)8+DU9EVE zI$C3J5<61_Ug%5OleaEh0^dLcL_8r=Cj#+Sz*5 zu1|qEE=wGrRRn+$W3?Nh`>O-8i6U<4MTYCUOC6;2%{HL%vuliCTOtT^AD=+z1wK5W z;0fzbm+1g|H3Q)GgkL9S2EN4JM-64s-Z55F)tW*jHl|CG=X@`9balJVau&c6$Ys5* zK}3Fv@jsVNe)hR@*FeI*{S)4NSG7LMEsWcg&4FSLocH3!uSmW?x$yy4xfn4ktw`wM z%EkukWG$wB!XDj`U%M1~20rmMmn)_pAgvpdTv<=)SF5*+6z;=KtlBWc^nxO$AwiR| z3K@xUtoZ9y&;-2)8*A#(ceHs~w581vj*y%A`lReVf?OW61{LuWx~OhlmdU_l^p+4i zdAu%59M#%ad6@?rNMSvNYNM|GJ4Fkh3~9_m!n+)_1fm5eMjjaYjI;3PZAD~X&S=}L z#!vI`J$q|?@7#oQ=N-v$)WuK1ljj}mCskk1$~_>i3viN4*a3R~E?~xTH)3UHwUgNUWbY?MeMdu>5gypEHeBIAr2=c^|qlFs=v;FZcEMvTF0i zZ7-Wr38PMPzsS684q^m5STq<|ZJB5$Mj(Nygg>&c0cOXZ3Q@sdDa8iR;=zG6C$c zw$7sdP&bqslV^$+xp%VmxGjbmVmV#grQ%fMby_+kWX||HC5=V5R7b1i9a%b)@p5ap z1acTH_2^an{j0Yq3!;Bdv6SLd3xC%HLB&u8c z#V(rTnIGcjnZ)!j91$bebD0Ma$<{BQ^@jTkdKH_``k!zewq=UjNRjzwuz0(R}6f*R7sd?y~}vs*jpAQCUXA^CGL^kL!34@9=|((qXfcO5et zb;NBTQ%742k|CtPT9Rh>?NJ}96n$}(6>)m7#(b54GR%Ak+A(N0(8be7VWYw7`7T|y zCf#dXK|GjnKJ)1+*!^TXzZc4>zIv{oqYjGzq7CVdF(fs69!W>gg;zK%9p@}JGtn~&I+BWv$HEl7`U1cg}Oh3A)&dctLt za;_BqomE}T;d51|8Vkqh7W>YfYXWeZixA0-ahJ{S?cZXiyI5?h?-V5B#JlaUgm;1` zbYiJiCW@&)-9p{Y&aQCy((7qh9KSI*C}*@g=EV!b((567x(}}^ z1AZb(#o5!@a;jRoJ6_O`6$d+|pDRF`Eb5xIC+YS1lIWjS(Lxl~c#@1OHzJ&Jh>$bY@X4h$1KHe%_r{jTs3kTAw!BY> z2kq+|6N(WBRWLo-KoZsn8Di$xd7VB1imrINN{mDEwB=eW2YTN~zXFd)gPeOzbwWs~lWumUD&zw&uO(yqRZr}X_p`V zTGwe)t;s%0v*1l_orB9_JF(fmoy6Xh9bYr~GfbL1#mNl1$bKIPomQ1Ai$E^=uyav2uK_IVBGJ? zdBOFhny`NKUdVZk9G6M!W1Q!mf{+}W1iNrTr*|OYFE1-wh3bA4r^*=V`+s!H2i=?48UP?>!_)s z^v#~H_a)peQVH7sQVDQmReaK)Niga2wd5#!)8EOcH7rT~K07ecHmT#$$*i9df?LGR z7$}~mcaVbfM^_wg)ZTJ;TUE%$wCg-RcQn;l8MmQ9AjJ{yfXh`i~O2Ln#IQ4 z9ZDH;jGTrd=aoZ0GerF=Lo2PWx0D7_osMh{l-lpVo9TU{(PyYz?HWFhTBY|vJ86Q* z2l11m`Z|-z)q%`(`L$s#^TB-kwP98V9dH~D0~}Pz=Ci{%Pv8cI$;*CjL&tTRDCXt9 zCjyQ@OKwul&meNqI>>$e}v$T^&tH%+E; zgk9Ec$=|2}NSxbX9$ZKUz(2X^PX~HZE}~CmGke4#h9Mh{>j$xYM+W(cqFtszYIAC+ zG0@OV#M|%?6ihPhNr>|GzZH8Z8DD+1J3-uLc(FaEBVJz{gj~}*WXRcX&se{pFPht`&19WZk-%koMh91=&H%Nd&lmXC;AnpfZ5t`hlxSAl%CYcXLl1(dv z&-5x*?iKv za^3lqN_$rXea_i#hg7lU&z~Q9U_wwsA=@WDL@$R5hY@{N2b8&5H7~IM-UxyQHf*rf zIm*3+8nhcN_3~ezfNKNAq``1g5ScP^@I*11MHlITkJLblsX3zz z&D3S@BhAY{$)ygpKb-W4m!VW_opKS*-uaO1fsD2|o7lQ|QAlkWZ+WbUo4woGMj0%f zHudRHR~(;ohFlC?oZ-z&?!zbj_hGd(yw^k=S2$w$eLe`@qVkO?Hi^5vQEq3r7rr*3t)~D;Hr$ce};m%uQW({Q* zCECe#h6^^qnR%g|+neS0jC38Mk3OR}7tF9Q`lSv#TWG0^dvI`G2%%^QhWPU1i!EK9?}8|G~zx*)t?;e zdx^pb2RB@@a>j2lkEHL6Ymp!Fobk;;!j&rJ$ST|qpf~UJ>O<9YP@NZGYW;wC8I3n_ zxYDO=ztm|4l^Bb7Bx~}~-nl^KvW+Z+l~`R}{p4_bi%u0fXi_0R?&0bf{oqAldq2Hw zyx$An_s56hHqxiJsLno9z}?NewBTuW^N;LT`{^~SOoHLf3@ZHdp=2ht+GW<5L*+~@ z=^}45uKn&p+nY(QNt^VpD{Oe3JZX+eCH*kmtHNG8pH*_yCMkX8eSf&KRXU^lOHRB{ zj@{NoSCheqU`}v_0hGlj4lQx5LV=K zx;8iWwp;pScM(Q!U;_}a!F=`UPkEPdA0Cifj^)PSshrl}I@OsE=9)3BCyF@ro81%U z;dukQxcws!4bIcDaSCFbh;z_(Gdh5(4wIkn3)G$=EtD6BGfs2I&8M|g)$&cpKcKJ5 z-LHI7e<>qDJ|6<&5#p>qN?cyS);T31hj@fn&dI$2N^y38(C0EZb3Fk_rGvcpL{|8G zO?|__E z0d|p$Ky()!M8>Tp>zk2$aI&}D;qSC2Q@qsGbyBqI+2}_T_ap~*AYZ5AZ8Tsq>2evh zzG#6U~JS)hc?xt;$!8?j|xhdGtxg8IT`-cl)$3yv8nLV}qFw^_5$c!LJ&< zIEFe9DX6XvB0uRi@3CE3Y^B<}bzoK$f@VK(F>*scfnZEaKez<&!Rt(NivF4=4;hwov79z|HjtcN-<_jgLti+LCSm9g#7I{oB6UnozeEE2}JE3?O>4C0}w`CcamtS$!$4#5{ z@JbSMy^To{#x78xBcms_D&|#M(pvrEfmALmZdeih16Uu9$yadj`l zVJsVUduHQB?_NqP6%?~bk32I`*kU`mH1U{GKee`>t)g{P%$VL|)35);CuF0NFOqW9 zqHSr|Fs*8c&2r&eioUSky1lrWhNAu&h1s;~+RQ%_>%y5k{l{X?Gu3ZSo#QcF-1zq* z4vMD;gay_XiObEOyY^p*SIYy20<^UkweUZ{PfK7ddetNRB00%|_%Y@qDiWDJsl;r& zBN?>K`#srTvx)Bwo!t1~8>01^=W`M={vy3}gvylLsg<(4vc9re>nnZm{H7~aYrLMm z{bO1ZV5jm~>W!rrb2M?&o(k6yGf6Z~G2oY(xAHzl32CM8o}KK?Z7is5l3y8ixE;1> zSnVoy>bl%Lfc&29G*npUbAABHRwP$h(OiX{H_B#o#w6epSh-u7-&bLd2%!)j{!~lh zHK7PtH^_W*3k?uQmm6c!wOi7k&+Yu~Xn&Ra6*I1BTkMdTEq6wucuNJsVi$CHaIFJL zUAT$kfHxfr&2aX^Z;xK_Ts-RSxA-->cJ&2w2gzd%MQpbqkc2&a48C@y!V9cdzQyF1 zrps)Ss`ZB_S5FJIhM1O$x4JikYquov?^y__=9E#3+W%rv7Rmz{B6spwO4C|N{W_`HXJW+3=%6~aZZ?&yFt;sgLDc>M0hQ3ZhCVRQ!Ywt6rBj{gu4*fK={Zq(ti9hu zk$KrhyEtRJV#?jO=S|E%T<4~&g5@@pq~~aQ5wVY|-d>g3{X3cTf@jvhwS*odE`_u_ zOv=Wsi-w)JFv1GP3sWV%e7%x)s%KLC z4kGG^ybT7!Kwa48z#QoZ;U~n=rBZDKF795epjr1#LEMV@;mey4;toihlc4>QBRSix z8#@UqVu!LV%$h|%e4A<0lNV_v{G|c$d2yXDsOBKdrCNzV7Dgxd0+ zIOZPGw_s!s#rYf{3xzPg?rKeyF?5l}E!}>r#MW$9uo$HJgs1dR?hj0IE=wYDxwIiZ zYc{LOhbS_9x?Z0qneV#fX9XIsV!WwZ`s*U#e~0yr2UsI8jfGD|F6D)$@Z_r1yu^19 zc82wrn;uzP1c$bSCJ9i3piS6e)(~mZ;*xyQ*T_Pue023~izfix;4k*Hd5bNYI&)#czQNnQn@VqL%qItE_9}61h}`TsGfcnwp(W{Kiz| zy?Wp}-|Q4XJZ{G-p2}q<^^T+3Es&(h^5i-h&oKj$t$z8N4<%-kWBT;NGp_r`ecU~! zu1rd4SwR@9pn;=g^gRySA9U{X_!c+9bp#z`YCTUD0rNW&9EReIu|0y*ke<6oMaD^F z&j_S0ccHJ|v_(~V(}10|wDdNSw--3PE%es=E;%%3+HdN$crS9%y1)u@h(Cl(%9ACBmB=Fx6#$)^`nw%9K&1lb?2AZ_fEew@JKPHABAAgQWR!xi;f3W5(-aEBbYQye(1_FuhTXs#%KdaeEQ-m?5p zehJim#7`)0Y;RMON&sLae4nWG8fWo%y=BsEX|0)`Tn?%yp;rd2-N`iyfC?EQ+%u91 zf}~qVi%sR>j`Yx)Rv`i6tZ5vyqGJoEE1kd^=Ga^9-yY4nmd~|Oyt4ceS91v9 z3C}1qTma^z=MXdv0r9AlOXQXUCqDF!T0Zh zdB3s<21d+n`-!pxhK3-41w0$i)$?_uLMixww7~DXdA{@ZtIJm80+f7?Ss)s2>I%b+ zyW4p2+0|})GM}##8-cQ{KU2Y`!gjVAka}<#!Ngdm=p29s5i_fDZ2;*7>EljU0BkyR zpkdmjt&#^wX#mvb@+z1;cE+5Ya2dB7wG@a_@#EhNp%#^iX4hu}4Q;9Vj|viH*v`-( zRI{U#fKuQIpVh=WXxP}kfYUUPeHwnOs#ncYG*}%;PK`l$*Bz&P!>dH$zcHV7mpxL= zQEO|}_uiqp0rS(&_x9pOn{B@Vn|?su&(zK7O1K5!mefL2vXx?Xu4#DjKQM!jekEp# z-J#jtQz!!TNFT$jW&4@;n5W=5yjpD3W)5uxvA>h?>~VSw;%J_cz83xAh_J$(BWsPi zDg6UOZod#T<+4D2<#hMRxVgYd?7Y`)9j&LO&Kp8Y=>8ma1qU7P%Rk&bQvs^2bB>~B zRI4tBFEwGCF+uQYMF0Fmv1yqm#-s>Lpxz;51{r0G?amy|NeA=+)oaIdEC$lBlj=>y zc!Q+#=txgZohk_jaGN>jDZ+4-d8^%5W}fbOBaS5d-ZtgJ>y@+KJjG)EZlQpb^UL$_ zI9=71_Xkirm|L_d13%HI&KRyX5UC|MQuW^A;vSh{v2Q&}FtdJ4B&4V9E~Ao$1$v;M z4zW5A!Q^D_K=pUq`aNsDcmChUHP^~eZ{gct5m6CbDX*UjG7IERoz{k9YSE?n8igNOv`Sj9$WZWG&+QK{k^ekfFYYm33L;ag zow(Y+GVj;_1k@eA=!MDq*S5yNjJ`NQu)v zuW1074+*(Co|_}GAJ(`Z@DXc*NX#;8`WM$px#mqnXHShM7d!HF7d+p;DZ~w^LsiDb zoNtcX$O(&5Pclr36NIwMX#l9A_D0cLE-eUk6qUD)>}Xpad?$NlN#v(7o#TPC^8wp3}?oOk8{ z0P_}%r)B9Ln9mdCcgmUa^xZcpgvQo5sYGmlR+}7{t9Bh89tapTxY{{5aBtla#S|1c zb*Syt7V68=xKji2f$61K&_=gK)#5z{n0N%>f>k(g#8L{n|I#A2vlpDobl2mNnyOM~ zpFS$04%H)A6m!)#Iot6EeFHQlqh?WLc0`SR({<1sGzzO9{PE673rnW)0t9rHy-`Db zej!%PhAy4?Zs-n@_iW0;%?N0H?3>2NKe?j&-`H+WR4f8uqX+~mw?%P7MomrG^vdtI zgi>*f6J9%x`2*+wvjE+9cLkLYo?*+)orfkjE#{>Z0ni>JYy*meA@z*wsk);ojX#BDxZ1${8pc%m7ykXN|Pe)WV2rWQWl52tMCV&D!6_)_RI8x?OhQ%V8RB|6XEOm3wr?sTj3&n~0 z36<)5&d#zw$((Hha(Qg~F>{suVz8h5n9dq+; zxL=slO|Z*bh18t#PYZR&1r7;uh}zT%b%%!3^&1AS-t(mv^@w@m^bFFAa}|)Re_9{e z)P~B{iogOC z@~uiO^AYo+Gf1tUI`i%@e`ET-e&hCI57tTjn&y2JIp-XybmEy=0otwPV+k%Fzq>V$ z!OE93gm)B^s?qTJs8Wua6%iji-^=TKWx2UkUoz$h&J7R@?qtL{=2YQ2DI;NSf$bA5 zUe~#_wxzRiL~uy9x3g-VPE$PMYsiuF6OLu@9bJHZ4DHbRsO%=KHP?Pa_e!{DyMaGExBxc_q%hUBRn@af%zxz5Im!IL)_xpw| z!BIfMB#VXDdB0r4HcNm<3SG8RMuc9ChySR!ICvZH-~Wem)Oa|JlXN5@UMu^zs<}N9 z8?4SNa|bI`3!2C{R34 zSA0&THCysF{VQnMlgIG8y!xb`5ZujEQtjBLwD&N8U~PDj0R8WK@Py}33D@-E7fNw& zIkkK}E9?9uK&P-^Oeq3jKO5*DK>)he0aay||3NgnHQ4rz%VJp0Y@{F=B&lo3{^?5m zbG_%1?DDpJU>}Tl{QAL~=5Zh5V#-GlM$`74v#u?QS^W%$1rXZ+WydZgn$4jR~ir{8uw)lw-{$*m zPOCAM3a7Q`0~SjFZ%LV}NCdbn$(@K^%##b^B6ZwlxKk!lFOaw3d2rOjHb5<`aAIo{>eF9jk{bADw9OltVA7 z;TOF;F#LKmltw(-_bP$RmR?O70H;jk4qk7iR&tqi+Ej1-XP_=T*Z$29PvLARo?UMH z#sCy3CfWL14_DV`X({+}A#~CaGTk~AbjnMepjjbJ#*0*s5w(bhHz~6hS*aY()L+&t zHi7T2kIq-rFRa|JZpI2mqV&DVXu)&OTfYfdFyAe(IEeg=>jHaSD`@D1kxDseV zPtJ;a762*#8*nCS$L$H;Z3!adGV3?OJ|vbCC7K}jlob$;3rcr)9*pBQ4GpQP~;}qFzr(h9*Zd*aC)Ev zlz6-nHUWYSZs-U&ik(-X2e%h&)k1M3IhCr3SvgJk#C!@b}NE=gcQ~;z#@yd)8f{-6=cJ;CB_K8-t0CHGPk$ro z*EzUrEEIcmrt1d!GI{vgGL%^9W~epL@_=Pjp(7y*vJuyCGu6}(3wtehatWzqvdgly z>iL3A=I16n6PLfg#mOi0MGd+F3|!jl>Id4SJi4TvyZopk0d1!K@~0uMw@1wN{xHFFCG6 zxUFbjKY;?$lgm=I*-Z3aUT|tSt)8y!>pj`-kF*w}`in=hz32=U6Xey{eLKHa`7Th` zB0+8h@EM-NkyhjZ7*PoNdqw=!ZMaGZS88J0?*wlYa5vmAW)c^=@J0vZY}NY3ejz3W58`r~}-^zs9cn!_@c7Qc~H#x4m$`2g0@t zWM&P{tp^*z1+DzRD@2QPd*wNOVQV#DiC*^N)j~80h>< z))s0Yaj(aYJJX`>yxkbRGzOHvO!Rhum$)6r2s3i%hE%p5b~(3X{?o~hqmQnAt&+Jc z_5@aJX&~R+I?jn^iLVQ|NG+-7I>V27{p{t-m!H?>q}B*6OxcPKN0K6>|=_ za)CUMju2DT!MlBH?titFOT2paM?<<+u>zLl5Lb>zlE`^|JfdZ~-?3*b#{C*K(2adS z#*HwOuQhTRD?bPW=7TsBzpI+0k>j*mrc~5o(MthKJ&?kAgZLunl*v4P?j^eTF zFlW`uOFPh)*Gi%=F$$<4Ijc8c-aMTxw~kVngt3W471MPv)iWYTZ_|Qx~BIk zpDZu*j<=BMhw-od!O5u>ME^fysksfTDpg(=KWo+KmEUVX(~80@G0`a{jWpKv=&I~1Rl@eea(w1ELXA!_0SSc_y&KIS}}f**8n<8Q`XM)WADs?{acYnc<7 zV9u*nw)w?lp*JLx*<55CzgYvk1KjZnDtbH(8ckYhQ|t}3Yfp6KPQF~JTf$y8eY_vgxP<7v zaq&$+lcBzAcRwzl5=9vGx=5@stm4I%qY@Ewn1%xCbQh% z-251o;2MACJ;a{vweyJBUr0!P_UQ~0-^sv_iarvM*O^#;@fabL*S`7ZNs99oBvackeJIw<3YkFkM|>o;+4%0o|`y~55=f>pZ>70ha2t? zb6&VYk2-iNsmzWDTCk$4+J}z$JfTDd!QG^ZanoL2Nj`N_>5B~(xp4vG^9NGlK9Nf& zb@8ijbzvPsaGebSqgSBYQnwwgJqJ+#%cJdy+h6*M&W}`;^>X%o)9)8BL1_t-Q?;t> z57V@rd+KgaVa#YqEi2m)}w_aCp?mIwEuC!?b(`@L*Fzr#o*D!PX1H-5d;xsH~V3IPda zFu=VW;KA=$)E~;5XbAJVBRer&Sa*t0P6n2m-|mC&2Fl#E{-hT+5jzw*cL~+g1m6RM zQ2sTTia&avbk3W`4+XF)*S4n)C{)%OH%9m>>n5fdOSTQ!1HL2w>^qXs?jj!6z-+H& zKO<$!O|J-{cz|J!hB>@7NcQvN*AlR+Tb&>NR8#7@n#M0qeZ46{oD(6S$20<2wg%K+ zmbm4Z{Q3;d)SzRmXcbua&(ew5`;dsMb;Ecvd!V@6_nSxxmTlCS6I9Zb7ZXzD7Iq{HGDzI=gOr5f@%9KSeU608s` znq_Ww(dR;sX3hU;)+V2R0Nx<0FMa27!s^;$4t~SyEuncTgpKRl%y$1z* zCGBu$f2+(SpCd2;vGbaspx{>JxSs(jQ_;B?8A!H4*0_{64{qZ@-=HS~i2*Q|B&byz+=wf5agvo!n5QS} zAr%6VX{BLDn&zl8bobA~{j-?$!d6WWT6_SoXM*^g$J0C2LXzJqFaGx z`#Lgm4#>CuAlKXN!f9n?HL>jrlfcB~7Ww3SoT7ro+Ld9zfp@hC)vI6EF;$T%GIJ`U+awcEcv)=I0u; za^@V#e9vGG-CgXV6>bRUjwalL_GthT&p#fb8G*`)?4^^hRbYKzzqpL~+0>}o2knPN z4d70~x<;oz2Z1Vv*4rm48qoA=V=p_mq4!uQ00uKtp(=B-pZ&_smsZiiE$q$(SrhM$ zuQ{fzwXV(s{)fd`XwvbHa9tLQprILnC@wb@T!<^EEZY&;WSvAW*oWpSD0@Z-?l}FH zBGnsIMVuP%d=3oF_UEgwOb>7(!e#QVyh3^l^pHTJjtYVYtjiGkOXKn|>h* z6hr#|f!??s8{x8ima+dIaRMtEK#1aXLv#5NCoiF zQEp4o`IWLW2p^d=jvM(+9c%gEHTE%VdgwuBg|YAfK}EQAynJQAZ^Bp!)5o3vYhf(Y zwlJ28uU%`N7*BkYQK*l<*Tx*E?_Q%6FJIl3AX&|0*eBl$5Lw84x!Z)FsN0+buo~Iv zBgN!QG%~1-r%9OpQ7UI}FqCUn^48l`MHs1J(!;I=cISJ>7}IG{>K6rCLkvl;S+VFn zMJ&+LRSb|8cC` z9jAUgf7$HYcqYt4lis4o{4@dxYoS3X7zw%mtX*9l=6z-fvzAxukHy%11MLf!8%RsS zS*a11h~FRo^?LuyXKv6!yIn5if-Xd2#>yw&KG5~i!00OcLd(}6otJs)Mb{v@bzG;5 zOxL}0M`5#o4$ic~cSucuX)N4*;HZY3FVkE6mX?9yja_)D-+&uRcJC`^AEAy zo9^;sy8b7tUfBbcB#m1~&nuYY;A_rVfk`DIGMUosk_}+-{hXvLb+n*B;|65Z8gNt4 z{G576S`bj}!9&omp1w3ywfG<#+n%bY2iPnFvq$p*@1Zm@quFMedzN`O535Gf8z|Vi z(NyFQOqZsDy_BQN+|TKiZ6GL}XCi`Z?fY{&Kk6|KbO&`u@Q#Ams$CS%IR5*`A#&NS z0E5@NW&D`~2`)=Mde_Kiu=(Ih0Kh_M%vEf(xXy77jnj%z-$x(B20&w^Ix#xWVS3oj z`TJZlJ*d21T4Tk zpmXZ5>&|opUH$#;bqWd=xCCKX8~oozl?tryEP^{^5!mo*iwZmDp`UT+<*8Wq&B@p@ znFDa%>Nwpm8vw*0cV;SP1;4cJtkC7_-lu$VTKQqlzfUa$lpl(xY!s&AHIidhP02yh z8_{yxk%JZ8`vZVk=UhHb?BMl<-MP_ls;5&lOI>n-)q{80Qe*u*)Df`~r3%dvK=)dWGzA$N?)!|=p4p-BZ>V&d$68tXluM&IG~Q)r1h1+Lo|(AxSiSFnE*f< zo$Lpj6!E4$W{$J2yrKMK+9qD0V{^^AUEyZh{r2%OPNgo#aIQ#^I$x%zI5kD2I#P(b zbZ33ZRl%$?g%#qyKls6-Iirg_Hp}b@0}VN;z%BqBL=zL$YFMPuYogWv3Fw1SQeuq& z8r_J0LERuu=r8Uxo2cx*IN_9I)u{mNBs4DS-~|7a`5*S-NQ(fnvhTf)6cS7JK)Ar8 z&aYQPzKJ_0F;@?wKeznmiPT!MCCyy1(DwBh8d>X5uxM4f9E9Yv^}T#K z$zLiMrLaLT9^r3Km<>Y+De*!+e;z5tq9)W{u|y#Y-Y9^*!HybT}U7dc9qbx40%P5V>gok?KN z9Aa2B(YpM*W@!$3OzNOvwxjXnW9D*ubSc-l+c=(ir zQ^#RarYx|S8-|@7x%OLns(4(;zBfa=7|TGK_a0=(c}369*6i)_pw~)zg}4ENDRf5ndZ!9hCn*=bV!=?%{P0Q62XeIR>vCI$k@;k1_m~5qs7+T|1!x zx-9bJ6@Qw75=jPoVl9==tglN{T{xp|DP}6Lj0~2nBdZf_4cH0t1a^`59`vyCQbkNIAi1(y?{NR@P7hu^Mmic$|7LLLmDSfH^et_jLm|%8VZ$vF zl|Ypr8M?pAD14L?{oQMx;8E`b!Y5g1Y{+XFmVW{W;M5wHVl#L_ zX@%5@xrSZqL_#@I7m+_?PI~iBQf>@|Eggl&%$G!XrroP0}fS-1j==tNCu(pASv

    kEU4q1R-XMry<8JPXX_y5~pF`8Dbkh0VWv zJnEF=l14|tr5*R|Ky8oy#%wV`7T+Z9|H4Z@d(E9v?3$RGn332$$f4r^uWTiSTe($c z(|&F5+>a^RR8QaF1TusFjL5xO2sjPoag2P}rIwPs*-F@ui!=6`_lg(_igkb3L0uZ8 z$MUF{QX|Fa6~AIADb_|Cw4_0xT`yo&ww3_4@`X8FaNv{7j~V^UL^ zu;kX$xoX^tH&$!@4A@0+`{nqYd5vFu9C(70>DPy8ap-6$OeLlsEH;bB zzL@FFuY-j&g+E?KFne@)~c5Z;i|--K zKO`S01TPCy%p#H2v^DM`@#`zKT>0pM#2x}5zYP|ymFSoUd(NphMgWqSA80Ana-{0I@-5TjRlwjpiA8<3PYLi}A*b;-PLbjk zx!X~R;>vk$3u`qiQxVL{DZ7&!fM3fz+)LSDVT}i(GKsiMX@7_eYzs}hJJ(aygqO}jJld*MxXK`9V>utZhX1CCmwNo zK)ecUzgfRABMXqCiXp{E^2u@wU;vxtS}S<;#i4A?Akpi-<}t3EYD5_-?C_$m*s;lM zL?0k1GIoEQG7&FX)X3eh*ss^WuXqsBvkSx|;yQ;5*AiYDHW?Q{X|rjj1c+L@J=M;3 z$=&J#Q}gV=t1v)_jv(Ev5$^yW|1c4Hd*V8KHcXk)dhhTh?e=7yy6Lg3_#5%yESKO8 z+`{@*?d@wQ(dB%Ot&#agkeoQ-v&^KR$?Yg^bdEFx;&H;^FTjV$8NE^l`!rFlyLH66 zEYqrC#+JNS?MCZ;qp`H+WDSDa+ed$pCyX^q43eE(ECbpx9kPH-;5ry%^XKJ5Ta7)S zY-EI_s4b$e+(7B9J%@q^#M-2!XhGp!!)DYp7T(sn>pX1;q0zH`3KgW=_)=ht4z72p4L?>J5LX+}HHS%?L5Oj<7=v^Ity- z4j=V#mz&h}yq(X>ZQC$eIF7pghC{PRPMkPxH+ZlFg#3Q9{behTSTIMDuFQt!(px2G zmYM!+yd1ce8e{h#3x)Z_qK|*&Yw6`dE+=*Lwx&7Tv8tto3=>ll`AqvXAWj?^7l|cP z$XB+lM@pvVb|h)GZAi-#4h}&wi=-#*ttd*T$$pxp>k6xcLEheRZ`{`^XZgK{Y0nON zpqlmetCUCQz+Stuzq;X-g#KMi#ZhDp`Bg`6ee+b+49j)*?{lbZ?;T(R11W=V?o>w@ z;mwwB!azerw+cVfIY`1zCk*qNG3BLl#0=pcye?AVpXyw%!z-rXq;?d&aGndrX`$&6vj>q&+Z zev^goHsfp>rWb&W7X2bFu_*!|`3LIGe7b!FN4c?XydIFUCrVNjqt!L)!uZ4aEIRt? zqiv=aU~ zXt!21Br(IDT^_|yam5#gk#ksAT#H&8W3HiyZhzs$A#t2{y2cSMnyD0G-g=o z5>0sDXwcxNdYnU>1^U%6CG-~pSe3v~94S|aMS5&f;}zd&tR~urwvHAmEEkH~M_SB; z@$^Rc_MRaHECl_$Gu$r94L`kK^2%BRSc#w z*&GGa^J}00U+h_@tBbWWUJMb!1a)7hT%#AZukQI!9>}gHZH6xZwR7#pT(TZ?ql6vI zr~*jiu`Z*;L8QG`=5Pu?lH=))zT0!cb9_8dR%(1^BU}(O>*~6GvHbOM=qqG%8K$U= zdN-TR^zcJ}!HXuPIwb}#l1~V6rU~9X%1;uupLLnzFD1 zPXtph_8fd{uW+h;@J0P=tSSZXLOX}sfS3HSUp8d%O?xr(D~2)GS&N?NS${gG4vNQW zMyj+W@=>CXL(8EOg`DQ&pis;E8E`1T8OOxNSmN#_fVZ0gTj`qnYtPHB4Z?@MP0j~$ zDPJ1^50gc0JlFyn^YIZ!)b)sD-d!>Nmu&o4c%R^UbLL5n`fVaipECyEyBYUoIcMjp z$f;_Q{!B*wf$7KzO`f!BJMAEZU%pi+OASmXSfF_C^ny-9>xSF-s?Xc2FGC6U8F4Nd z)cRxfkxZdH#z8A|J;VVWNz-y#j&_Q7WEPp!srC55=N)Of7T6=ISt_iH?k#F>4PDx{R0BfT2nrnX2J;%wlY^-I&5K`#K^jT^VHx=2VxGQR zYHL`vy)wFH6??soM$eun z29(?z$_UlL0%b~N**=`(60G*AwR81AhL@nE4wR6E6Cv2{+|>FgvAUc#tzO+SH%+6) z2-Z5BU4XCyt&EZC;ksy4xk{Q!P5o4%RrlM%ZZ&Tme4ctnRBMKnUbYoFa|I&W#$!6Z zSD0v^-(dMW@j;y74c{FmS~a0`zLRp`X^>iEn-+L(3%Y2WJ%+L9dv^x zCC<2UBJu>lNX*dm4+3Xfc5nw09E`s_{8ry%DU1aIR0(NCq@y*_k6GsK>>2Bgu6YSm zeJeo{R-gdL_3Da4d9`l1kB59~Bt;F2jEj3vJ4WN{=KIy~iO_XNjPStQ2r*sdOIEI{ zQ9duf{Kd2HMX?Z_`t}+iQRO`HAe;7)dGos%0&ZjTJIN6=fZn0p!?Rp7y^a?ouTb*H zMO>0Z^I35r`55?RutmFf+)7Z0JOewweE06#VVabw6knUbO?g)#T%dg^=5VPy2DA>+ zP;1~i?i<$o+&XxS!(?=MWs{bzxf2CGewqm$HwiuQso&}Y>qJr3x62U(Y$=1-3l_r& zyBCN?O7z6!%VBjb1F?2AgAz%5*+pEPssU>9{fp_zjh44pN3xqxf>R$Js;O8szljO$ zJZJ=wpC{&iGkp_KP&px6<(;W53ihoHWUJl8ejnH^!ynQ->Mv0CWf#u2Be{)6>0`3UexM(^1=zzN)&yk}#dye14dqnA1OI;Uf=Z-(}==UcY7=Cs*h2GWuXkE@ifFUMbb ze$)uu0=2HFhqWJ^TW4Y@_lC}W=!>}Zhu)r02E9wIz0O>U!`{XJty^e&HC?aRi1W25 zRJ}pv3!vQp*R*?Rq+;_uA!v6giTCBL2hv8GfbKxXreqxRS2Ubt#pPueU%(nKxs{4N9eP zhQ8d(9r)L@HDGKNuZHU(r&vvt6uWA!*)*R=ysR&4zBrl9UX-RbgYGyQy~0>( zWH(Z8n8LNsJhjeVTU1myJaZ4l`{OM!n#(^G<{sYi;rY^!Ur@)Jwi*4Pq?ILwcoD!a z`QQ0TjbqW^k!5^gP;7Ok*O-$sv@3HsWMcSwg)0g8B(lK4!x=Nu^kz2gAV|-lS=QT9 zR;8Z);ajVkQvKlZA;ZNW+^EPaY{n_9@5lvICTD>3%ANHJ3DiFH5IUuDq6t5 zBaGmQWTdEpgWsD+im=4InFa6R!4sF?n&p})tX5(XCY1J}9YR{aLGjNtE{ckYx!185 zA~w3PvN#1IUfT#1!y41g{Q6`#!;5im;f+?dW%PaVHIW*mUD(k&6b{mt`cSd!PcC_J z0u2qc;4QUaxQ)8mk)d_I@~QWQFS5otMUz94sM;6Q>^pNsup0&TCW8t}39=*OQ~QwG zB8|TyHgF9}NW`cwkXuxE--$d?mv7H<97_~HQnWL7abbancoUd(r-@w%iPI%RawIPr zYZk<*TcUxW!GjD=Lc9>*CVKO|53u!)-F%orI#maz9^-#+-XUY($1Xip(YrVE)#_w; zlpt85FR{B-#?d?D_B89E*$^l_*<3`e<_jMD`h8Km-7#{i>ts3L7 zI@?zK<`PvmstQzbY5YGxrXv??12`<9t9&Hq<$z%QZ_1v5fdQj+Sv7yWDj|c##@>H02rL!ui1Qo(Hf)?? zaN|-&#_+4z;MwR|~J^8V!^wd)7v<`k$2#QxUN2VF62> zJdi!t+3QHSyaE^Mzi5IVc|F}MJ~@t=>CWzTInJ}9G2LIR4m=)HPIvJp%9G!~=1?i= zX3Xhbx@e1z{(c?A2Ch4&g}2&nCU~Ix^225@P`gl}wH>71*F8mA-x7QQOvVZm_x28IBD}Pkg>s$e= z(povZK#|8fEhIlV9lH}$O`%v}ah&bT40_h>4OX$W^(T0%U^RnI8Bnp#OtdBjUw(Y3 z?wX=vDA-DsTPHP6VJ5}*#eMk<9>X=jGqwFb$B3C|>qJlg{q#-TuWbQXN>cQ1q| zY|W+34gzPZE|k|e?OX+r^^VE}P0I^Sb*(_nnfb#o^~bn=phfzeo+e3O@0_~EIV z&=l-gjki%zkQ;$~A@~nedryp!mzOgs84_%^q` zy?P_ta@>be36Zpn;~79MaQKwyX|Th}L8Ic^wfLt`il}j{y;VLx4>DB(f;dZ}b1f}$ z|KI?3Oy&}3HMET!!rxm*Z`tqLb4+5Fd?Abf_~;(HYT9XJuL0P2PkLg$KOgb)oaoHY zNT$VzSkJvVu?P;VH&Q6tJ$JP(svzbc_Wekez-QtT0p)|QsPjVg>aKlZot@yy4=S2F zD^}}ErfO3@Efn_v%o_nUS8JJ$$QtbFW`GD{pwWRtL|n^nPT72L)ZpEr8}9X3?fPt|hi9DQ zDFP_-M)F%?q3_zSl%is4#|1YsrpN4K4=Uf1UlL7OW!Ai`$rqya_KJ+m(AT>upP|*- ziKgPC?EUkEupB64FN~?M@0}t$IY;v7$BoHlg!;5%lEMB%sa$fGkn75;jd>zrVd%?4 zV_p4ULk)A^=Ox1Xa~)Lw7vA5BBZl-YfL-14A9CMOF=uCInWrl=ac*k|TVwREV^}Fp zpE(6~nqe>hhHYXn7nB|I<UE zK0qkX-r`(r(F}n8b2~*Qb{ECXTK*E~G)){R7HAH=Vi*7VTjnIysi2|cY4qfVPvjIs{HG*Dc`}O24 zI%E{FNMk!)uiTQnW(^zj@n%HlUc6i713i)5VNV`q&r}wd`z)P|z@EuQX&Efh_+cNm zDH^O8zkEf$+-haL{=A-S?%Sd#y-uls^6if1o_wfV=(87G=n*#2)EQOjT@8019In9f}jc`~X5MJy|%ahV-^U;p~9 z;A2+>4P7Q^?FT@QCwypni>dtMy1h?@oiem+VS`wRRbEIz3?%lyG4h{(tboXiJTK(I zE<{4GJxpJ@$Dn9u%E=vxJ5p`C>PQL?zoxl6t-`=W<{p|NPn(*oXA5B%2H?Bv8P9wu zLb=k0ko;tz^bZQnSeU5I>B+kuppCt)nXaawK@mnPi0pl5_Sa^$1_Prg%Lp4}o z%<36ZcSNp7H!`k`J*CpfOZ4(!@H4XSaknDJ3dX?|no85rST$CZYWw}@9i;BI<|Sjh z4)GG=*4wYf|L3Vxk2gi_{g$Tlo_skg`qwA?*OTymMYbF)*sW+hqZ@~u^R49a>ML7p#UJxZ?Ty5a zU#vI@;4|Y2tAFTae*Ag`k!OH=yId~ii245`BM0+n+Ek*kXU{bES>i<6k8AVaFJJXI zw^4lvGoKdF$QDJ}wpU+?ODvjMaR^TVT8NS$?+dK*W*Gb>J1Qwc5(z+$f+3NU0c~MC zmbBgxmh}7T`g5*6`V6~4rxiZ)a*or_Gd*s<}B@(`j?GNK57oNU(WsE z5=-$&kbLskoXQo|h;v9}@!a1YXQM9!I25Se|6^Ylh({U6$tFLzAD(lcJRa_h+KP0Z z>VA8TG41K++EY8<1${37CKqJ)T7KpJ+QRnJCY+RI(BiF$=(a;5+8OE!ID-!ioLgs1 zab)1T)y? [!NOTE] -> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. +## About the script + +The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting. @@ -35,8 +36,10 @@ You can download the script from the [Microsoft Download Center](https://www.mic This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode. - In **Pilot** mode (`runMode=Pilot`), the script will enter a verbose mode with enhanced diagnostics, and save the results in the path defined with `logpath` in `RunConfig.bat`. Pilot mode is best for a pilot run of the script or for troubleshooting configuration. -- In **Deployment** mode (`runMode=Deployment`), the script will run quietly. +- In **Deployment** mode (`runMode=Deployment`), the script will run quietly. +> [!Important] +> [PsExec](/sysinternals/downloads/psexec) is used to run the script in the system context. Once the device is configured, remove PsExec.exe from the device. ## How to use this script @@ -46,7 +49,7 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru 2. Set `commercialIDValue` to your Commercial ID. 3. Run the script. 4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`. -5. If there are issues, gather the logs and provide them to Support. +5. If there are issues, gather the logs and provide them to Microsoft Support. ## Script errors diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index e539586053..b819ec3085 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -44,6 +44,8 @@ Currently, the technical preview contains the following features: - UCUpdateAlert - Client data collection to populate the new Update Compliance tables +:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png"::: + > [!IMPORTANT] > Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index e053ae7781..ba54f0e519 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -21,7 +21,7 @@ date: 05/07/2022 > [!Important] > This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -In this article you'll learn how to use Update Compliance to monitor Windows updates for your devices. To configure your environment for use with Update Compliance, see [Enable Update Compliance](update-compliance-v2-enable.md). +In this article, you'll learn how to use Update Compliance to monitor Windows updates for your devices. To configure your environment for use with Update Compliance, see [Enable Update Compliance](update-compliance-v2-enable.md). ## Display Update Compliance data @@ -29,16 +29,23 @@ In this article you'll learn how to use Update Compliance to monitor Windows upd 1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input. 1. Select **Log Analytics workspaces**. 1. Select the workspace that you use for Updates Compliance. -1. Select **Log** under the **General** group in your workspace. -1. +1. Select **Logs** under the **General** group in your workspace. +1. If the **Always show Queries** option is enabled in Log Analytics, close the query window to access the schema. +1. Under **Schemas and filter**, select **Group by: Solution** and then expand the **Update Compliance** schema. If the **Group by: Category** is selected, the **Update Compliance** schema is listed under the **Other** category. +1. Use the [Update Compliance schema](update-compliance-v2-schema.md) for [custom Kusto (KQL) queries](/azure/data-explorer/kusto/query/), to build [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview), or to build your own solution to display the Update Compliance data. For example, you might query the data to review information for different types of alerts in the past 7 days and how many times each alert occurred. +```kusto +UCUpdateAlert +| summarize count=count() by AlertClassification, AlertSubtype, ErrorCode, Description +``` +:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png"::: ## Update Compliance data latency Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. -The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. +The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all of your organization's devices that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be reingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. | Data Type | Data upload rate from device | Data Latency | |--|--|--| @@ -48,13 +55,13 @@ The data powering Update Compliance is refreshed every 24 hours, and refreshes w |WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours | |WUDOStatus|Once per day|12 hours | -This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours. +This latency means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours. ## Using Log Analytics -Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance. +Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure portal, can deeply enhance your experience and complement Update Compliance. -See below for a few topics related to Log Analytics: -* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches). -* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards). -* [Gain an overview of Log Analytics' alerts](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. \ No newline at end of file +See below for a few articles related to Log Analytics: +- Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches). +- Review the documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards) to develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/). +- [Gain an overview of Log Analytics' alerts](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. From 77bf17831c31dfef500938b5ea3561dcd3cbf5c7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 29 Apr 2022 14:46:03 -0700 Subject: [PATCH 119/540] mestew-ucv2-tp --- windows/deployment/update/update-compliance-v2-use.md | 2 +- windows/deployment/update/update-status-admin-center.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index ba54f0e519..6ad9a5f5c9 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -45,7 +45,7 @@ UCUpdateAlert Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. -The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all of your organization's devices that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be reingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. +The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all of your organization's devices that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be ingested again even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. | Data Type | Data upload rate from device | Data Latency | |--|--|--| diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 1d441ae3d9..89f50b019f 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -58,7 +58,7 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos ## The Windows tab -The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. +The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. The Update Compliance data that populates these charts refreshes every 24 hours. For more information, see [Update Compliance data latency](update-compliance-v2-use.md#update-compliance-data-latency). ### Windows update status chart @@ -80,4 +80,4 @@ The **End of service** chart list the number of devices running an operating sys ## Next steps -Use [Update Compliance](update-compliance-v2-overview.md) to display additional data about the status of Windows updates. \ No newline at end of file +Use [Update Compliance](update-compliance-v2-overview.md) to display additional data about the status of Windows updates. From 343ee396c2c4fdd54dabe3e10b6ba9821dd59802 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 4 May 2022 16:55:48 +0530 Subject: [PATCH 120/540] CSP Improvement Updates- part6 The updates here are made to improve the Acrolinx score and to fix format and grammatical errors as per Task: 5864419. Thanks! --- .../mdm/policy-csp-admx-eaime.md | 5 ++- .../mdm/policy-csp-admx-encryptfilesonmove.md | 9 ++-- .../mdm/policy-csp-admx-enhancedstorage.md | 12 +++-- .../mdm/policy-csp-admx-errorreporting.md | 45 ++++++++----------- .../mdm/policy-csp-admx-eventforwarding.md | 9 ++-- .../mdm/policy-csp-admx-eventlog.md | 19 +++++--- .../mdm/policy-csp-admx-eventlogging.md | 11 +++-- .../mdm/policy-csp-admx-eventviewer.md | 9 ++-- .../mdm/policy-csp-admx-explorer.md | 22 +++++---- .../mdm/policy-csp-admx-externalboot.md | 13 +++--- .../mdm/policy-csp-admx-filerecovery.md | 5 ++- .../mdm/policy-csp-admx-filerevocation.md | 9 ++-- .../policy-csp-admx-fileservervssprovider.md | 5 ++- .../mdm/policy-csp-admx-filesys.md | 21 ++++++--- .../mdm/policy-csp-admx-folderredirection.md | 5 ++- .../mdm/policy-csp-admx-framepanes.md | 15 ++++--- .../mdm/policy-csp-admx-fthsvc.md | 17 ++++--- .../mdm/policy-csp-admx-globalization.md | 32 +++++++------ .../mdm/policy-csp-admx-grouppolicy.md | 40 ++++++++--------- .../mdm/policy-csp-admx-help.md | 9 ++-- .../mdm/policy-csp-admx-helpandsupport.md | 19 ++++---- .../mdm/policy-csp-admx-hotspotauth.md | 9 ++-- .../mdm/policy-csp-admx-icm.md | 5 ++- .../mdm/policy-csp-admx-iis.md | 11 +++-- .../mdm/policy-csp-admx-iscsi.md | 5 ++- .../mdm/policy-csp-admx-kdc.md | 8 +++- .../mdm/policy-csp-admx-kerberos.md | 6 ++- .../mdm/policy-csp-admx-lanmanserver.md | 10 +++-- .../mdm/policy-csp-admx-lanmanworkstation.md | 9 +++- .../mdm/policy-csp-admx-leakdiagnostic.md | 11 +++-- 30 files changed, 249 insertions(+), 156 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 21ee8c0b36..d48d7e983c 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EAIME -description: Policy CSP - ADMX_EAIME +description: Learn about the Policy CSP - ADMX_EAIME. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -686,3 +686,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 00a8db9920..a22618a5e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EncryptFilesonMove -description: Policy CSP - ADMX_EncryptFilesonMove +description: Learn about the Policy CSP - ADMX_EncryptFilesonMove. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -63,9 +63,9 @@ manager: dansimp This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. -If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. +If you enable this policy setting, File Explorer won't automatically encrypt files that are moved to an encrypted folder. -If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. +If you disable or don't configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically. @@ -86,3 +86,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 2ab763817c..cb50981ccb 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EnhancedStorage -description: Policy CSP - ADMX_EnhancedStorage +description: Learn about the Policy CSP - ADMX_EnhancedStorage. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -76,7 +76,7 @@ manager: dansimp -This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer. +This policy setting allows you to configure a list of Enhanced Storage devices that contain a manufacturer and product ID that are usable on your computer. If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer. @@ -121,7 +121,7 @@ ADMX Info: -This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer. +This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that is usable on your computer. If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer. @@ -258,7 +258,8 @@ ADMX Info: This policy setting locks Enhanced Storage devices when the computer is locked. -This policy setting is supported in Windows Server SKUs only. +>[!Note] +>This policy setting is supported in Windows Server SKUs only. If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked. @@ -324,3 +325,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 7e72497d05..4922b4009b 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_ErrorReporting -description: Policy CSP - ADMX_ErrorReporting +description: Learn about the Policy CSP - ADMX_ErrorReporting. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -249,11 +249,14 @@ To create a list of applications for which Windows Error Reporting never reports If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors. -If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.) +If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. + +>[!Note] +>The Microsoft applications category includes the Windows components category. If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence. -Also see the "Default Application Reporting" and "Application Exclusion List" policies. +Also, see the "Default Application Reporting" and "Application Exclusion List" policies. This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured. @@ -307,22 +310,17 @@ This policy setting doesn't enable or disable Windows Error Reporting. To turn W If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that aren't configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting: - "Do not display links to any Microsoft ‘More information’ websites": Select this option if you don't want error dialog boxes to display links to Microsoft websites. - - "Do not collect additional files": Select this option if you don't want extra files to be collected and included in error reports. - - "Do not collect additional computer data": Select this option if you don't want additional information about the computer to be collected and included in error reports. - - "Force queue mode for application errors": Select this option if you don't want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to sign in to the computer can send the error reports to Microsoft. - - "Corporate file path": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to sign in to the computer can send the error reports to Microsoft. - - "Replace instances of the word ‘Microsoft’ with": You can specify text with which to customize your error report dialog boxes. The word ""Microsoft"" is replaced with the specified text. If you don't configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003. If you disable this policy setting, configuration settings in the policy setting are left blank. -See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. +See related policy settings Display Error Notification (same folder as this policy setting), and turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. @@ -910,13 +908,9 @@ This policy setting determines the consent behavior of Windows Error Reporting f If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those types meant for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4. - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. - - 1 (Always ask before sending data): Windows prompts the user for consent to send reports. - - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send more data requested by Microsoft. - - 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send more data requested by Microsoft. - - 4 (Send all data): Any data requested by Microsoft is sent automatically. If you disable or don't configure this policy setting, then the default consent settings that are applied are those settings specified by the user in Control Panel, or in the Configure Default Consent policy setting. @@ -1054,13 +1048,10 @@ This policy setting determines the default consent behavior of Windows Error Rep If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting: -- Always ask before sending data: Windows prompts users for consent to send reports. - -- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft. - -- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft. - -- Send all data: any error reporting data requested by Microsoft is sent automatically. +- **Always ask before sending data**: Windows prompts users for consent to send reports. +- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft. +- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft. +- **Send all data**: any error reporting data requested by Microsoft is sent automatically. If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data. @@ -1107,13 +1098,10 @@ This policy setting determines the default consent behavior of Windows Error Rep If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting: -- Always ask before sending data: Windows prompts users for consent to send reports. - -- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft. - -- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft. - -- Send all data: any error reporting data requested by Microsoft is sent automatically. +- **Always ask before sending data**: Windows prompts users for consent to send reports. +- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft. +- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft. +- **Send all data**: any error reporting data requested by Microsoft is sent automatically. If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data. @@ -1497,3 +1485,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index ffd209aa8f..f038c26759 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EventForwarding -description: Policy CSP - ADMX_EventForwarding +description: Learn about the Policy CSP - ADMX_EventForwarding. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -122,11 +122,11 @@ If you enable this policy setting, you can configure the Source Computer to cont Use the following syntax when using the HTTPS protocol: ``` syntax - Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=. ``` -When using the HTTP protocol, use port 5985. +>[!Note] +> When using the HTTP protocol, use port 5985. If you disable or don't configure this policy setting, the Event Collector computer won't be specified. @@ -146,3 +146,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 5156768413..3eb951ebba 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EventLog -description: Policy CSP - ADMX_EventLog +description: Learn about the Policy CSP - ADMX_EventLog. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -125,7 +125,10 @@ This policy setting turns on logging. If you enable or don't configure this policy setting, then events can be written to this log. -If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting. +If the policy setting is disabled, then no new events can be logged. + +>[!Note] +> Events can always be read from the log, regardless of this policy setting. @@ -965,7 +968,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. -Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +>[!Note] +> Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -1012,7 +1016,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. -Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +>[!Note] +> Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -1060,7 +1065,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. -Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +>[!Note] +> Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -1077,3 +1083,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index 135c65ed8f..963f757d21 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EventLogging -description: Policy CSP - ADMX_EventLogging +description: Learn about the Policy CSP - ADMX_EventLogging. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -63,11 +63,11 @@ manager: dansimp This policy setting lets you configure Protected Event Logging. -- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. +If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. -You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with. +You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with. -- If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log. +If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log. @@ -85,3 +85,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index b5dd4d7f65..4666f5d4c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_EventViewer -description: Policy CSP - ADMX_EventViewer +description: Learn about the Policy CSP - ADMX_EventViewer. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -150,9 +150,9 @@ ADMX Info: -This URL is the one that will be passed to the Description area in the Event Properties dialog box. -Change this value if you want to use a different Web server to handle event information requests. +This URL is the one that will be passed to the Description area in the Event Properties dialog box. +Change this value if you want to use a different Web server to handle event information requests. @@ -170,3 +170,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index cc7f6818aa..e70d03a440 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Explorer -description: Policy CSP - ADMX_Explorer +description: Learn about the Policy CSP - ADMX_Explorer. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -73,7 +73,7 @@ manager: dansimp -Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. +This policy setting sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. @@ -163,7 +163,7 @@ ADMX Info: -This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values. +This policy setting allows administrators who have configured roaming profile with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values. If you enable this policy setting on a machine that doesn't contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur. @@ -206,14 +206,14 @@ ADMX Info: -This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer. +This policy setting allows administrators to prevent users from adding new items, such as files or folders to the root of their Users Files folder in File Explorer. -If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer. +If you enable this policy setting, users will no longer be able to add new items, such as files or folders to the root of their Users Files folder in File Explorer. If you disable or don't configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer. > [!NOTE] -> Enabling this policy setting doesn't prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%. +> Enabling this policy setting doesn't prevent the user from being able to add new items, such as files and folders to their actual file system profile folder at %userprofile%. @@ -254,7 +254,9 @@ ADMX Info: -This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios. +This policy is similar to settings directly available to computer users. + +Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios. @@ -269,4 +271,8 @@ ADMX Info:

    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index 88a074cba8..02907548a0 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_ExternalBoot -description: Policy CSP - ADMX_ExternalBoot +description: Learn about the Policy CSP - ADMX_ExternalBoot. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -71,9 +71,9 @@ manager: dansimp This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. -- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC. +If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC. -- If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC. +If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC. @@ -165,9 +165,9 @@ ADMX Info: This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item. -- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item. +If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item. -- If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration. +If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration. If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item. @@ -185,3 +185,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 74cc4f3f50..88d6c1ac71 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FileRecovery -description: Policy CSP - ADMX_FileRecovery +description: Learn about the Policy CSP - ADMX_FileRecovery. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -74,3 +74,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 3fd0807394..7a229546e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FileRevocation -description: Policy CSP - ADMX_FileRevocation +description: Learn about the Policy CSP - ADMX_FileRevocation. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -60,9 +60,9 @@ manager: dansimp Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` -- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. +If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. -- If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. +If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application will only be able to revoke access to content it protected. @@ -85,3 +85,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 18ddd06906..c5ccaf7cad 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FileServerVSSProvider -description: Policy CSP - ADMX_FileServerVSSProvider +description: Learn about the Policy CSP - ADMX_FileServerVSSProvider. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -86,3 +86,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index ab0c455e6b..416d4a5f1c 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FileSys -description: Policy CSP - ADMX_FileSys +description: Learn about the Policy CSP - ADMX_FileSys. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -99,7 +99,6 @@ ADMX Info: **ADMX_FileSys/DisableDeleteNotification** - |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| @@ -164,8 +163,9 @@ ADMX Info: -Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. +Encryption can add to the processing overhead of filesystem operations. +Enabling this setting will prevent access to and creation of encrypted files. ADMX Info: @@ -202,7 +202,9 @@ ADMX Info: -Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. +Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. + +Enabling this setting will cause the page files to be encrypted. @@ -241,7 +243,9 @@ ADMX Info: -Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. +Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. + +Enabling this setting will cause the long paths to be accessible within the process. @@ -282,7 +286,9 @@ ADMX Info: This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. -If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume. +If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. + +If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume. @@ -390,3 +396,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index cebe91fbd3..187b9adf04 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FolderRedirection -description: Policy CSP - ADMX_FolderRedirection +description: Learn about the Policy CSP - ADMX_FolderRedirection. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -395,3 +395,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 4b83f0c105..d1e6578c3d 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FramePanes -description: Policy CSP - ADMX_FramePanes +description: Learn about the Policy CSP - ADMX_FramePanes. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -63,14 +63,14 @@ manager: dansimp This policy setting shows or hides the Details Pane in File Explorer. -- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user. +If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user. -- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. +If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. > [!NOTE] > This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time. -- If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. +If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This setting is the default policy setting. @@ -114,9 +114,9 @@ ADMX Info: Hides the Preview Pane in File Explorer. -- If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user. +If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user. -- If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user. +If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user. @@ -132,3 +132,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 3cf5694548..b37ad9e699 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_FTHSVC -description: Policy CSP - ADMX_FTHSVC +description: Learn about the Policy CSP - ADMX_FTHSVC. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -62,12 +62,14 @@ manager: dansimp This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems. -- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. +If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. -- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. -If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. -This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. +If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. + +If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. + +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. +This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. No system restart or service restart is required for this policy setting to take effect: changes take effect immediately. @@ -87,3 +89,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 45623d01c7..d42560442c 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Globalization -description: Policy CSP - ADMX_Globalization +description: Learn about the Policy CSP - ADMX_Globalization. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -134,9 +134,9 @@ This policy prevents automatic copying of user input methods to the system accou This confinement doesn't affect the availability of user input methods on the lock screen or with the UAC prompt. -If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page. +If the policy is enabled, then the user will get input methods enabled for the system account on the sign-in page. -If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page. +If the policy is disabled or not configured, then the user will be able to use input methods enabled for their user account on the sign-in page. @@ -490,7 +490,7 @@ Automatic learning enables the collection and storage of text and ink written by > [!NOTE] > Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help. -If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel. +If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. @@ -549,7 +549,7 @@ Automatic learning enables the collection and storage of text and ink written by > [!NOTE] > Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help. -If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel. +If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on. @@ -1099,9 +1099,9 @@ This policy turns off the autocorrect misspelled words option. This turn off doe The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected. -If the policy is Enabled, then the option will be locked to not autocorrect misspelled words. +If the policy is enabled, then the option will be locked to not autocorrect misspelled words. -If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. +If the policy is disabled or not configured, then the user will be free to change the setting according to their preference. The availability and function of this setting is dependent on supported languages being enabled. @@ -1147,9 +1147,9 @@ This policy turns off the highlight misspelled words option. This turn off doesn The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted. -If the policy is Enabled, then the option will be locked to not highlight misspelled words. +If the policy is enabled, then the option will be locked to not highlight misspelled words. -If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. +If the policy is disabled or not configured, then the user will be free to change the setting according to their preference. The availability and function of this setting is dependent on supported languages being enabled. @@ -1196,9 +1196,9 @@ This policy turns off the insert a space after selecting a text prediction optio The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard. -If the policy is Enabled, then the option will be locked to not insert a space after selecting a text prediction. +If the policy is enabled, then the option will be locked to not insert a space after selecting a text prediction. -If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. +If the policy is disabled or not configured, then the user will be free to change the setting according to their preference. The availability and function of this setting is dependent on supported languages being enabled. @@ -1244,9 +1244,9 @@ This policy turns off the offer text predictions as I type option. This turn off The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard. -If the policy is Enabled, then the option will be locked to not offer text predictions. +If the policy is enabled, then the option will be locked to not offer text predictions. -If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. +If the policy is disabled or not configured, then the user will be free to change the setting according to their preference. The availability and function of this setting is dependent on supported languages being enabled. @@ -1312,4 +1312,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index f3e83e48f1..a250dbbadc 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_GroupPolicy -description: Policy CSP - ADMX_GroupPolicy +description: Learn about the Policy CSP - ADMX_GroupPolicy. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -1705,7 +1705,7 @@ In addition to background updates, Group Policy for the computer is always updat By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. -If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. +If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations. If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy. @@ -1762,7 +1762,7 @@ This policy setting specifies how often Group Policy is updated on domain contro By default, Group Policy on the domain controllers is updated every five minutes. -If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. +If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations. If you disable or don't configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. @@ -1817,7 +1817,7 @@ In addition to background updates, Group Policy for users is always updated when By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. -If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations. +If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations. If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. @@ -2025,7 +2025,6 @@ By default, when you edit a Group Policy Object (GPO) using the Group Policy Obj This edit-option leads to the following behavior: - If you originally created the GPO with, for example, an English system, the GPO contains English ADM files. - - If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO. You can change this behavior by using this setting. @@ -2034,7 +2033,7 @@ If you enable this setting, the Group Policy Object Editor snap-in always uses l This pattern leads to the following behavior: -- If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates. +If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates. If you disable or don't configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO. @@ -2084,21 +2083,15 @@ ADMX Info: This security feature provides a means to override individual process MitigationOptions settings. This security feature can be used to enforce many security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are: -PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001) -Enables data execution prevention (DEP) for the child process +PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001): Enables data execution prevention (DEP) for the child process -PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002) -Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer. +PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002): Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer. -PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004) -Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique. +PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004): Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique. -PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100) -The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded. +PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100): The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded. -PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000) -PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) -The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address. +PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000),PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000): The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address. For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of: ???????????????0???????1???????1 @@ -2391,13 +2384,12 @@ ADMX Info: This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who signs in to a computer affected by this setting. It's intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used. -By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies. +By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies. If you enable this setting, you can select one of the following modes from the Mode box: -"Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user. - -"Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings. +- "Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user. +- "Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings. If you disable this setting or don't configure it, the user's Group Policy Objects determines which user settings apply. @@ -2419,4 +2411,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 3bdf5aa985..59906965d9 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Help -description: Policy CSP - ADMX_Help +description: Learn about the Policy CSP - ADMX_Help. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -22,7 +22,7 @@ manager: dansimp
    - ## ADMX_Help policies
    @@ -82,7 +82,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML ADMX Info: -- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executible* +- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable* - GP name: *DisableHHDEP* - GP path: *System* - GP ADMX file name: *Help.admx* @@ -256,3 +256,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 806207275f..2a6e635572 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_HelpAndSupport -description: Policy CSP - ADMX_HelpAndSupport +description: Learn about the Policy CSP - ADMX_HelpAndSupport. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -71,9 +71,9 @@ manager: dansimp This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. -If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements. +If you enable this policy setting, active content links aren't rendered. The text is displayed, but there are no clickable links for these elements. -If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). +If you disable or don't configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). @@ -117,9 +117,9 @@ ADMX Info: This policy setting specifies whether users can provide ratings for Help content. -If you enable this policy setting, ratings controls are not added to Help content. +If you enable this policy setting, ratings controls aren't added to Help content. -If you disable or do not configure this policy setting, ratings controls are added to Help topics. +If you disable or don't configure this policy setting, ratings controls are added to Help topics. Users can use the control to provide feedback on the quality and usefulness of the Help and Support content. @@ -164,9 +164,9 @@ ADMX Info: This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. -If you enable this policy setting, users cannot participate in the Help Experience Improvement program. +If you enable this policy setting, users can't participate in the Help Experience Improvement program. -If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. +If you disable or don't configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. @@ -212,7 +212,7 @@ This policy setting specifies whether users can search and view content from Win If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online. -If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page. +If you disable or don't configure this policy setting, users can access online assistance if they have a connection to the Internet and haven't disabled Windows Online from the Help and Support Options page. @@ -232,3 +232,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index bf33f5110d..b0fc2da609 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_HotSpotAuth -description: Policy CSP - ADMX_HotSpotAuth +description: Learn about the Policy CSP - ADMX_HotSpotAuth. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -66,9 +66,9 @@ This policy setting defines whether WLAN hotspots are probed for Wireless Intern - If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. -- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. +- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. -- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. +- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. @@ -87,3 +87,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 2f9b7183ac..e0b549015f 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_ICM -description: Policy CSP - ADMX_ICM +description: Learn about the Policy CSP - ADMX_ICM. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -1384,3 +1384,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 424b4a38f2..65987c4497 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_IIS -description: Policy CSP - ADMX_IIS +description: Learn about the Policy CSP - ADMX_IIS. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -62,11 +62,11 @@ manager: dansimp This policy setting prevents installation of Internet Information Services (IIS) on this computer. -- If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. +If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. -Enabling this setting won't have any effect on IIS if IIS is already installed on the computer. +Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer. -- If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run." +If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run." @@ -86,3 +86,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index c9465d3231..a98e2dbd6d 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_iSCSI -description: Policy CSP - ADMX_iSCSI +description: Learn about the Policy CSP - ADMX_iSCSI. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -175,3 +175,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 1173ca86f8..f7d8034b39 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_kdc -description: Policy CSP - ADMX_kdc +description: Learn about the Policy CSP - ADMX_kdc. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_kdc + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -106,7 +107,7 @@ Impact on domain controller performance when this policy setting is enabled: - Secure Kerberos domain capability discovery is required, resulting in more message exchanges. - Claims and compound authentication for Dynamic Access Control increase the size and complexity of the data in the message, which results in more processing time and greater Kerberos service ticket size. -- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which results in increased processing time, but doesn't change the service ticket size. +- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which result in increased processing time, but doesn't change the service ticket size. @@ -372,3 +373,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 998eb8189d..02bb6cab49 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Kerberos -description: Policy CSP - ADMX_Kerberos +description: Learn about the Policy CSP - ADMX_Kerberos. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Kerberos + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -449,3 +450,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index a905d94c9a..e75c413968 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_LanmanServer -description: Policy CSP - ADMX_LanmanServer +description: Learn about the Policy CSP - ADMX_LanmanServer. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_LanmanServer + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -199,9 +200,7 @@ This policy setting specifies whether the BranchCache hash generation service su If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported. - Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved. @@ -282,3 +281,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 8fcfe9af1e..6f335ee3fb 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_LanmanWorkstation -description: Policy CSP - ADMX_LanmanWorkstation +description: Learn about the Policy CSP - ADMX_LanmanWorkstation. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_LanmanWorkstation + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -207,4 +208,8 @@ ADMX Info: - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index a362e05ab9..e481a30777 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_LeakDiagnostic -description: Policy CSP - ADMX_LeakDiagnostic +description: Learn about the Policy CSP - ADMX_LeakDiagnostic. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -62,13 +62,13 @@ manager: dansimp This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. -- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. +If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. +If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -94,3 +94,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file From c879e4ef03be70fb0b164fcc61d0ac86c5da772d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 May 2022 14:44:24 -0700 Subject: [PATCH 121/540] add tsthoot --- ...date-compliance-v2-configuration-script.md | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 950378fcfb..4041855308 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -99,3 +99,37 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| + + +## Verify device configuration + +In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps: + +1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer). + 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + 1. Under **View diagnostic data**, select **On** for the following option: + + - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)** + - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)** + +1. Select **Open Diagnostic Data Viewer**. + - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. + - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed. + +1. Check for software updates on the client device. + - Windows 11: + 1. Go to **Start**, select **Settings** > **Windows Update**. + 1. Select **Check for updates** then wait for the update check to complete. + - Windows 10: + 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**. + 1. Select **Check for updates** then wait for the update check to complete. + +1. Run the **Diagnostic Data Viewer**. + 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**. +1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items: + - The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-get-started.md#get-your-commercialid) of your Log Analytics workspace for Update Compliance. + - The **MSP** field value under **protocol** should be either `16` or `18`. + - If you need to send this data to Microsoft Support, select **Export data**. + + :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png"::: \ No newline at end of file From 29bf0412ff1738067446a14a0fa8fbf95e3ac419 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 May 2022 15:15:54 -0700 Subject: [PATCH 122/540] edits --- ...date-compliance-v2-configuration-script.md | 87 +++++++++---------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 4041855308..7532e75b06 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -56,56 +56,55 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru |Error |Description | |---------|---------| +| 1 | General unexpected error| +| 6 | Invalid CommercialID| +| 8 | Couldn't create registry key path to setup CommercialID| +| 9 | Couldn't write CommercialID at registry key path| +| 11 | Unexpected result when setting up CommercialID.| +| 12 | CheckVortexConnectivity failed, check Log output for more information.| +| 12 | Unexpected failure when running CheckVortexConnectivity.| +| 16 | Reboot is pending on device, restart device and restart script.| +| 17 | Unexpected exception in CheckRebootRequired.| | 27 | Not system account. | -| 37 | Unexpected exception when collecting logs| -| 1 | General unexpected error| -| 6 | Invalid CommercialID| -| 48 | CommercialID is not a GUID| -| 8 | Couldn't create registry key path to setup CommercialID| -| 9 | Couldn't write CommercialID at registry key path| -| 53 | There are conflicting CommercialID values.| -| 11 | Unexpected result when setting up CommercialID.| -| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD| -| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.| -| 64 | AllowTelemetry is not of the correct type REG_DWORD.| -| 99 | Device is not Windows 10.| -| 40 | Unexpected exception when checking and setting telemetry.| -| 12 | CheckVortexConnectivity failed, check Log output for more information.| -| 12 | Unexpected failure when running CheckVortexConnectivity.| +| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.| +| 34 | Unexpected exception when attempting to check Proxy settings.| +| 35 | Unexpected exception when checking User Proxy.| +| 37 | Unexpected exception when collecting logs| +| 40 | Unexpected exception when checking and setting telemetry.| +| 41 | Unable to impersonate logged-on user.| +| 42 | Unexpected exception when attempting to impersonate logged-on user.| +| 43 | Unexpected exception when attempting to impersonate logged-on user.| +| 44 | Error when running CheckDiagTrack service.| +| 45 | DiagTrack.dll not found.| +| 48 | CommercialID is not a GUID| +| 50 | DiagTrack service not running.| +| 51 | Unexpected exception when attempting to run Census.exe| +| 52 | Could not find Census.exe| +| 53 | There are conflicting CommercialID values.| +| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.| +| 55 | Failed to create new registry path for SetDeviceNameOptIn| +| 56 | Failed to create property for SetDeviceNameOptIn at registry path| +| 57 | Failed to update value for SetDeviceNameOptIn| +| 58 | Unexpected exception in SetrDeviceNameOptIn| +| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.| +| 60 | Failed to delete registry key when attempting to clean up OneSettings.| +| 61 | Unexpected exception when attempting to clean up OneSettings.| +| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD| +| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.| +| 64 | AllowTelemetry is not of the correct type REG_DWORD.| | 66 | Failed to verify UTC connectivity and recent uploads.| -| 67 | Unexpected failure when verifying UTC CSP.| -| 41 | Unable to impersonate logged-on user.| -| 42 | Unexpected exception when attempting to impersonate logged-on user.| -| 43 | Unexpected exception when attempting to impersonate logged-on user.| -| 16 | Reboot is pending on device, restart device and restart script.| -| 17 | Unexpected exception in CheckRebootRequired.| -| 44 | Error when running CheckDiagTrack service.| -| 45 | DiagTrack.dll not found.| -| 50 | DiagTrack service not running.| -| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.| -| 55 | Failed to create new registry path for SetDeviceNameOptIn| -| 56 | Failed to create property for SetDeviceNameOptIn at registry path| -| 57 | Failed to update value for SetDeviceNameOptIn| -| 58 | Unexpected exception in SetrDeviceNameOptIn| -| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.| -| 60 | Failed to delete registry key when attempting to clean up OneSettings.| -| 61 | Unexpected exception when attempting to clean up OneSettings.| -| 52 | Could not find Census.exe| -| 51 | Unexpected exception when attempting to run Census.exe| -| 34 | Unexpected exception when attempting to check Proxy settings.| -| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.| -| 35 | Unexpected exception when checking User Proxy.| -| 91 | Failed to create new registry path for EnableAllowUCProcessing| -| 92 | Failed to create property for EnableAllowUCProcessing at registry path| -| 93 | Failed to update value for EnableAllowUCProcessing| -| 94 | Unexpected exception in EnableAllowUCProcessing| - +| 67 | Unexpected failure when verifying UTC CSP.| +| 91 | Failed to create new registry path for EnableAllowUCProcessing| +| 92 | Failed to create property for EnableAllowUCProcessing at registry path| +| 93 | Failed to update value for EnableAllowUCProcessing| +| 94 | Unexpected exception in EnableAllowUCProcessing| +| 99 | Device is not Windows 10.| ## Verify device configuration In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps: -1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer). +1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer). 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. 1. Under **View diagnostic data**, select **On** for the following option: @@ -132,4 +131,4 @@ In some cases, you may need to manually verify the device configuration has the - The **MSP** field value under **protocol** should be either `16` or `18`. - If you need to send this data to Microsoft Support, select **Export data**. - :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png"::: \ No newline at end of file + :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png"::: From 2cf447a096c242e64186bef3e33d28edc78a34c6 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 May 2022 15:18:20 -0700 Subject: [PATCH 123/540] edits --- ...date-compliance-v2-configuration-script.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 7532e75b06..07305526c7 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -21,13 +21,13 @@ ms.topic: article > [!Important] > - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. +> - A new policy is required to use Update Compliance: `AllowUpdateComplianceProcessing`. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. -The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. +The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. ## About the script -The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. +The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script doesn't reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting. @@ -58,7 +58,7 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru |---------|---------| | 1 | General unexpected error| | 6 | Invalid CommercialID| -| 8 | Couldn't create registry key path to setup CommercialID| +| 8 | Couldn't create registry key path to set up CommercialID| | 9 | Couldn't write CommercialID at registry key path| | 11 | Unexpected result when setting up CommercialID.| | 12 | CheckVortexConnectivity failed, check Log output for more information.| @@ -76,10 +76,10 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 43 | Unexpected exception when attempting to impersonate logged-on user.| | 44 | Error when running CheckDiagTrack service.| | 45 | DiagTrack.dll not found.| -| 48 | CommercialID is not a GUID| +| 48 | CommercialID isn't a GUID| | 50 | DiagTrack service not running.| | 51 | Unexpected exception when attempting to run Census.exe| -| 52 | Could not find Census.exe| +| 52 | Couldn't find Census.exe| | 53 | There are conflicting CommercialID values.| | 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.| | 55 | Failed to create new registry path for SetDeviceNameOptIn| @@ -89,16 +89,16 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.| | 60 | Failed to delete registry key when attempting to clean up OneSettings.| | 61 | Unexpected exception when attempting to clean up OneSettings.| -| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD| -| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.| -| 64 | AllowTelemetry is not of the correct type REG_DWORD.| +| 62 | AllowTelemetry registry key isn't of the correct type REG_DWORD| +| 63 | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.| +| 64 | AllowTelemetry isn't of the correct type REG_DWORD.| | 66 | Failed to verify UTC connectivity and recent uploads.| | 67 | Unexpected failure when verifying UTC CSP.| | 91 | Failed to create new registry path for EnableAllowUCProcessing| | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| -| 99 | Device is not Windows 10.| +| 99 | Device isn't Windows 10.| ## Verify device configuration From 3ae58cb405bf0e031e7c95426e90eeb3cabbd469 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 10 May 2022 09:25:39 -0700 Subject: [PATCH 124/540] edits --- .../update/update-compliance-v2-schema-ucupdatealert.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index 129144a9b1..ddca56923d 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -45,7 +45,7 @@ Alert for both client and service updates. Contains information that needs atten | **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft Global identifier, if available. | | **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of Alert) that provides a recommended action. | | **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. | -| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | SCCM Client ID of the device, if available. | +| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID of the device, if available. | | **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the Alert is from the Service, the ServiceSubstate at the time this Alert was activated or updated, else Empty. | | **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `100` | Rank of ServiceSubstate | | **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. | @@ -54,5 +54,5 @@ Alert for both client and service updates. Contains information that needs atten | **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | | **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. | | **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | -| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an Upgrade (FU), Security (QU), NonSecurity (QU) | +| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an upgrade (feature update), Security (quality update), NonSecurity (quality update) | | **URL** | [string](/azure/kusto/query/scalar-data-types/string) | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. | From 3286a114660a048b51a63cd9c45114560f5ba8a6 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 11 May 2022 13:28:25 -0700 Subject: [PATCH 125/540] IE deprecation notice --- .../includes/microsoft-365-ie-end-of-support.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md index c92fd17fd3..7e2421b511 100644 --- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md +++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md @@ -1,13 +1,17 @@ --- -author: pamgreen-msft -ms.author: pamgreen -ms.date: 10/02/2018 +author: dansimp +ms.author: dansimp +ms.date: ms.reviewer: audience: itpro -manager: pamgreen +manager: dansimp ms.prod: ie11 ms.topic: include --- > [!IMPORTANT] -> The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. For a list of what’s in scope, see [the FAQ](https://aka.ms/IEModeFAQ). The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. [Learn more here](https://blogs.windows.com/msedgedev/). \ No newline at end of file +The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10. + +You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). + +The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). \ No newline at end of file From 7b5ddd7592b259a9cdc0f8f2a26742d5e5b7de80 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Thu, 12 May 2022 12:09:12 +0530 Subject: [PATCH 126/540] fixed acrolinx issues --- .../bitlocker/ts-bitlocker-tpm-issues.md | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 5ce692ae1d..aec78e2149 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -20,15 +20,15 @@ ms.custom: bitlocker This article describes common issues that relate directly to the trusted platform module (TPM), and provides guidance to address these issues. -## Azure AD: Windows Hello for Business and single sign-on do not work +## Azure AD: Windows Hello for Business and single sign-on don't work -You have an Azure Active Directory (Azure AD)-joined client computer that cannot authenticate correctly. You experience one or more of the following symptoms: +You have an Azure Active Directory (Azure AD)-joined client computer that can't authenticate correctly. You experience one or more of the following symptoms: -- Windows Hello for Business does not work. +- Windows Hello for Business doesn't work. - Conditional access fails. -- Single sign-on (SSO) does not work. +- Single sign-on (SSO) doesn't work. -Additionally, the computer logs an entry for Event ID 1026, which resembles the following: +Additionally, the computer logs the following entry for Event ID 1026: > Log Name: System > Source: Microsoft-Windows-TPM-WMI @@ -46,28 +46,27 @@ Additionally, the computer logs an entry for Event ID 1026, which resembles the ### Cause -This event indicates that the TPM is not ready or has some setting that prevents access to the TPM keys. +This event indicates that the TPM isn't ready or has some setting that prevents access to the TPM keys. -Additionally, the behavior indicates that the client computer cannot obtain a [Primary Refresh Token (PRT)](/azure/active-directory/devices/concept-primary-refresh-token). +Additionally, the behavior indicates that the client computer can't obtain a [Primary Refresh Token (PRT)](/azure/active-directory/devices/concept-primary-refresh-token). ### Resolution -To verify the status of the PRT, use the [dsregcmd /status command](/azure/active-directory/devices/troubleshoot-device-dsregcmd) to collect information. In the tool output, verify that either **User state** or **SSO state** contains the **AzureAdPrt** attribute. If the value of this attribute is **No**, the PRT was not issued. This may indicate that the computer could not present its certificate for authentication. +To verify the status of the PRT, use the [dsregcmd /status command](/azure/active-directory/devices/troubleshoot-device-dsregcmd) to collect information. In the tool output, verify that either **User state** or **SSO state** contains the **AzureAdPrt** attribute. If the value of this attribute is **No**, the PRT wasn't issued. This may indicate that the computer couldn't present its certificate for authentication. To resolve this issue, follow these steps to troubleshoot the TPM: 1. Open the TPM management console (tpm.msc). To do this, select **Start**, and enter **tpm.msc** in the **Search** box. 1. If you see a notice to either unlock the TPM or reset the lockout, follow those instructions. -1. If you do not see such a notice, review the BIOS settings of the computer for any setting that you can use to reset or disable the lockout. -1. Contact the hardware vendor to determine whether there is a known fix for the issue. -1. If you still cannot resolve the issue, clear and re-initialize the TPM. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](../tpm/initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). - +1. If you don't see such a notice, review the BIOS settings of the computer for any setting that you can use to reset or disable the lockout. +1. Contact the hardware vendor to determine whether there's a known fix for the issue. +1. If you still can't resolve the issue, clear and reinitialize the TPM. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](../tpm/initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). > [!WARNING] > Clearing the TPM can cause data loss. -## TPM 1.2 Error: Loading the management console failed. The device that is required by the cryptographic provider is not ready for use +## TPM 1.2 Error: Loading the management console failed. The device that is required by the cryptographic provider isn't ready for use -You have a Windows 11 or Windows 10 version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive a message that resembles the following: +You have a Windows 11 or Windows 10 version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive the following message: > Loading the management console failed. The device that is required by the cryptographic provider is not ready for use. > HRESULT 0x800900300x80090030 - NTE\_DEVICE\_NOT\_READY @@ -84,11 +83,11 @@ These symptoms indicate that the TPM has hardware or firmware issues. To resolve this issue, switch the TPM operating mode from version 1.2 to version 2.0. -If this does not resolve the issue, consider replacing the device motherboard. After you replace the motherboard, switch the TPM operating mode from version 1.2 to version 2.0. +If this doesn't resolve the issue, consider replacing the device motherboard. After you replace the motherboard, switch the TPM operating mode from version 1.2 to version 2.0. -## Devices do not join hybrid Azure AD because of a TPM issue +## Devices don't join hybrid Azure AD because of a TPM issue -You have a device that you are trying to join to a hybrid Azure AD. However, the join operation appears to fail. +You have a device that you're trying to join to a hybrid Azure AD. However, the join operation appears to fail. To verify that the join succeeded, use the [dsregcmd /status command](/azure/active-directory/devices/troubleshoot-device-dsregcmd). In the tool output, the following attributes indicate that the join succeeded: @@ -99,11 +98,11 @@ If the value of **AzureADJoined** is **No**, the join operation failed. ### Causes and Resolutions -This issue may occur when the Windows operating system is not the owner of the TPM. The specific fix for this issue depends on which errors or events you experience, as shown in the following table: +This issue may occur when the Windows operating system isn't the owner of the TPM. The specific fix for this issue depends on which errors or events you experience, as shown in the following table: |Message |Reason | Resolution| | - | - | - | -|NTE\_BAD\_KEYSET (0x80090016/-2146893802) |TPM operation failed or was invalid |This issue was probably caused by a corrupted sysprep image. Make sure that you create the sysprep image by using a computer that is not joined to or registered in Azure AD or hybrid Azure AD. | +|NTE\_BAD\_KEYSET (0x80090016/-2146893802) |TPM operation failed or was invalid |This issue was probably caused by a corrupted sysprep image. Make sure that you create the sysprep image by using a computer that isn't joined to or registered in Azure AD or hybrid Azure AD. | |TPM\_E\_PCP\_INTERNAL\_ERROR (0x80290407/-2144795641) |Generic TPM error. |If the device returns this error, disable its TPM. Windows 10, version 1809 and later versions, or Windows 11 automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. | |TPM\_E\_NOTFIPS (0x80280036/-2144862154) |The FIPS mode of the TPM is currently not supported. |If the device gives this error, disable its TPM. Windows 10, version 1809 and later versions, or Windows 11 automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. | |NTE\_AUTHENTICATION\_IGNORED (0x80090031/-2146893775) |The TPM is locked out. |This error is transient. Wait for the cooldown period, and then retry the join operation. | From 73cd019e267c64c51c55b6872ce50ea7dc3232b9 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 12 May 2022 16:34:50 +0530 Subject: [PATCH 127/540] Update administrative-tools-in-windows-10.md --- windows/client-management/administrative-tools-in-windows-10.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index edca458380..76d04a5dd1 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -2,8 +2,6 @@ title: Windows Tools/Administrative Tools description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz manager: dougeby From b1cb36bb601fade9370df6648743e984dd75fb62 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Thu, 12 May 2022 19:52:22 +0530 Subject: [PATCH 128/540] Acrolinx score fixed --- .../bitlocker/bitlocker-basic-deployment.md | 16 ++++++------- .../bitlocker/bitlocker-countermeasures.md | 24 +++++++++---------- ...r-device-encryption-overview-windows-10.md | 8 +++---- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1e29149153..72a85d7876 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -99,7 +99,7 @@ Encryption status displays in the notification area or within the BitLocker cont ### OneDrive option -There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local accounts don't give the option to use OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that aren't joined to a domain. +There's a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local accounts don't give the option to use OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that aren't joined to a domain. Users can verify the recovery key was saved properly by checking their OneDrive for the BitLocker folder that is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. @@ -143,7 +143,7 @@ This command returns the volumes on the target, current encryption status, and v **Enabling BitLocker without a TPM** -For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. +For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you'll need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You'll need to reboot the computer when prompted to complete the encryption process. ```powershell manage-bde –protectors -add C: -startupkey E: @@ -170,7 +170,7 @@ This command will require the user to enter and then confirm the password protec ### Data volume -Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend that you add at least one primary protector and a recovery protector to a data volume. +Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend that you add at least one primary protector and a recovery protector to a data volume. **Enabling BitLocker with a password** @@ -200,11 +200,11 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us |**Suspend-BitLocker**|
  • Confirm
  • MountPoint
  • RebootCount
  • WhatIf| |**Unlock-BitLocker**|
  • AdAccountOrGroup
  • Confirm
  • MountPoint
  • Password
  • RecoveryKeyPath
  • RecoveryPassword
  • RecoveryPassword
  • WhatIf| -Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. +Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets. A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the `Get-BitLocker` volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information. -Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors. +Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If you don't see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors. > [!NOTE] > In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID. @@ -293,7 +293,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup " ## Checking BitLocker status -To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command-line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section. +To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command-line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We'll look at each of the available methods in the following section. ### Checking BitLocker status with the control panel @@ -343,7 +343,7 @@ Administrators can enable BitLocker prior to operating system deployment from th ### Decrypting BitLocker volumes -Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption should not occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We will discuss each method further below. +Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption shouldn't occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We'll discuss each method further below. ### Decrypting volumes using the BitLocker control panel applet @@ -378,7 +378,7 @@ Using the Disable-BitLocker command, they can remove all protectors and encrypti Disable-BitLocker ``` -If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: +If a user didn't want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: ```powershell Disable-BitLocker -MountPoint E:,F:,G: diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 0d8ddfd9ee..2f3c104b7d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -50,7 +50,7 @@ Before Windows starts, you must rely on security features implemented as part of A trusted platform module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. On some platforms, TPM can alternatively be implemented as a part of secure firmware. -BitLocker binds encryption keys with the TPM to ensure that a computer has not been tampered with while the system was offline. +BitLocker binds encryption keys with the TPM to ensure that a computer hasn't been tampered with while the system was offline. For more info about TPM, see [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview). ### UEFI and Secure Boot @@ -61,7 +61,7 @@ The UEFI specification defines a firmware execution authentication process calle Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system. By default, BitLocker provides integrity protection for Secure Boot by utilizing the TPM PCR[7] measurement. -An unauthorized EFI firmware, EFI boot application, or bootloader cannot run and acquire the BitLocker key. +An unauthorized EFI firmware, EFI boot application, or bootloader can't run and acquire the BitLocker key. ### BitLocker and reset attacks @@ -87,10 +87,10 @@ This helps mitigate DMA and memory remanence attacks. On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways: -- **TPM-only.** Using TPM-only validation does not require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign in experience is the same as a standard logon. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor. -- **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume cannot be accessed without the startup key. -- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume cannot be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN. -- **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it cannot be used for access to the drive, because the correct PIN is also required. +- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor. +- **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can't be accessed without the startup key. +- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN. +- **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can't be used for access to the drive, because the correct PIN is also required. In the following Group Policy example, TPM + PIN is required to unlock an operating system drive: @@ -120,11 +120,11 @@ You can use the System Information desktop app (MSINFO32) to check if a device h If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports: 1. Require a password for BIOS changes -2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) +2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) 3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607 or Windows 11): - MDM: [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy - - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting is not configured by default.) + - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.) For Thunderbolt v1 and v2 (DisplayPort Connector), refer to the “Thunderbolt Mitigation” section in [KB 2516445](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). For SBP-2 and 1394 (a.k.a. Firewire), refer to the “SBP-2 Mitigation” section in [KB 2516445](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). @@ -136,7 +136,7 @@ This section covers countermeasures for specific types of attacks. ### Bootkits and rootkits A physically-present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. -The TPM should observe this installation via PCR measurements, and the BitLocker key will not be released. +The TPM should observe this installation via PCR measurements, and the BitLocker key won't be released. This is the default configuration. A BIOS password is recommended for defense-in-depth in case a BIOS exposes settings that may weaken the BitLocker security promise. @@ -148,7 +148,7 @@ Require TPM + PIN for anti-hammering protection. ### DMA attacks -See [Protecting Thunderbolt and other DMA ports](#protecting-thunderbolt-and-other-dma-ports) earlier in this topic. +See [Protecting Thunderbolt and other DMA ports](#protecting-thunderbolt-and-other-dma-ports) earlier in this article. ### Paging file, crash dump, and Hyberfil.sys attacks These files are secured on an encrypted volume by default when BitLocker is enabled on OS drives. @@ -165,9 +165,9 @@ The following sections cover mitigations for different types of attackers. ### Attacker without much skill or with limited physical access -Physical access may be limited by a form factor that does not expose buses and memory. +Physical access may be limited by a form factor that doesn't expose buses and memory. For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard. -This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. +This attacker of opportunity doesn't use destructive methods or sophisticated forensics hardware/software. Mitigation: - Pre-boot authentication set to TPM only (the default) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 1339ada24d..c14b762488 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -99,18 +99,18 @@ Exercise caution when encrypting only used space on an existing volume on which ## Encrypted hard drive support SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives. -Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 11 or Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements. +Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use, whole-drive encryption with Windows 11 or Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements. For more information about encrypted hard drives, see [Encrypted Hard Drive](../encrypted-hard-drive.md). ## Preboot information protection -An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it. -It's crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection shouldn't be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows sign in. Challenging users for input more than once should be avoided. +An effective implementation of information protection, like most security controls, considers usability and security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it. +It's crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection shouldn't be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows sign-in. Challenging users for input more than once should be avoided. Windows 11 and Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they aren't as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md). ## Manage passwords and PINs -When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows sign in, which makes it virtually impossible for the attacker to access or modify user data and system files. +When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows sign-in, which makes it virtually impossible for the attacker to access or modify user data and system files. Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password regularly. Windows 11 and Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices don't require a PIN for startup: They're designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system. From e7a02f35f6e14e20c195a9c44300f636da5a7f24 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 12 May 2022 11:48:29 -0700 Subject: [PATCH 129/540] Update microsoft-365-ie-end-of-support.md --- .../includes/microsoft-365-ie-end-of-support.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md index 7e2421b511..bb2983bca4 100644 --- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md +++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md @@ -10,8 +10,8 @@ ms.topic: include --- > [!IMPORTANT] -The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10. - -You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). - -The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). \ No newline at end of file +> The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10. +> +> You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). +> +> The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). From 2c63468a1a7fa3f9974f52c67d56cdd0b94e17ac Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 13 May 2022 14:41:17 +0530 Subject: [PATCH 130/540] acrolinx fixed --- .../bitlocker/bitlocker-basic-deployment.md | 16 ++++++++-------- ...cker-device-encryption-overview-windows-10.md | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1e29149153..72a85d7876 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -99,7 +99,7 @@ Encryption status displays in the notification area or within the BitLocker cont ### OneDrive option -There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local accounts don't give the option to use OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that aren't joined to a domain. +There's a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local accounts don't give the option to use OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that aren't joined to a domain. Users can verify the recovery key was saved properly by checking their OneDrive for the BitLocker folder that is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. @@ -143,7 +143,7 @@ This command returns the volumes on the target, current encryption status, and v **Enabling BitLocker without a TPM** -For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. +For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you'll need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You'll need to reboot the computer when prompted to complete the encryption process. ```powershell manage-bde –protectors -add C: -startupkey E: @@ -170,7 +170,7 @@ This command will require the user to enter and then confirm the password protec ### Data volume -Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend that you add at least one primary protector and a recovery protector to a data volume. +Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend that you add at least one primary protector and a recovery protector to a data volume. **Enabling BitLocker with a password** @@ -200,11 +200,11 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us |**Suspend-BitLocker**|
  • Confirm
  • MountPoint
  • RebootCount
  • WhatIf| |**Unlock-BitLocker**|
  • AdAccountOrGroup
  • Confirm
  • MountPoint
  • Password
  • RecoveryKeyPath
  • RecoveryPassword
  • RecoveryPassword
  • WhatIf| -Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. +Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets. A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the `Get-BitLocker` volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information. -Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors. +Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If you don't see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors. > [!NOTE] > In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID. @@ -293,7 +293,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup " ## Checking BitLocker status -To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command-line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section. +To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command-line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We'll look at each of the available methods in the following section. ### Checking BitLocker status with the control panel @@ -343,7 +343,7 @@ Administrators can enable BitLocker prior to operating system deployment from th ### Decrypting BitLocker volumes -Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption should not occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We will discuss each method further below. +Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption shouldn't occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We'll discuss each method further below. ### Decrypting volumes using the BitLocker control panel applet @@ -378,7 +378,7 @@ Using the Disable-BitLocker command, they can remove all protectors and encrypti Disable-BitLocker ``` -If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: +If a user didn't want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: ```powershell Disable-BitLocker -MountPoint E:,F:,G: diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 1339ada24d..cb7a3d5253 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -104,7 +104,7 @@ For more information about encrypted hard drives, see [Encrypted Hard Drive](../ ## Preboot information protection -An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it. +An effective implementation of information protection, like most security controls, considers usability and security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it. It's crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection shouldn't be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows sign in. Challenging users for input more than once should be avoided. Windows 11 and Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they aren't as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md). From 5a47f531a537b555cc1cae51a4b70891e955bb93 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 13 May 2022 17:08:07 +0530 Subject: [PATCH 131/540] Acrolinx improvement --- ...itlocker-how-to-deploy-on-windows-server.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index e496746dba..5c50295226 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -1,6 +1,6 @@ --- title: BitLocker How to deploy on Windows Server 2012 and later -description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later +description: This article for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f ms.reviewer: ms.prod: m365-security @@ -22,7 +22,7 @@ ms.custom: bitlocker > Applies to: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 -This topic explains how to deploy BitLocker on Windows Server 2012 and later versions. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server on which it is to be installed. +This article explains how to deploy BitLocker on Windows Server 2012 and later versions. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server on which it's to be installed. ## Installing BitLocker @@ -35,17 +35,17 @@ This topic explains how to deploy BitLocker on Windows Server 2012 and later ver 5. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. 6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. **Note**: Server roles and features are installed by using the same wizard in Server Manager. -7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you do not want to install these features, deselect the **Include management tools +7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you don't want to install these features, deselect the **Include management tools ** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. > **Note:**   The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems.   8. Select **Install** on the **Confirmation** pane of the **Add Roles and Features** wizard to begin BitLocker feature installation. The BitLocker feature requires a restart for its installation to be complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the computer after installation is complete. -9. If the **Restart the destination server automatically if required** check box is not selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If required, a notification of additional action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. +9. If the **Restart the destination server automatically if required** check box isn't selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If required, a notification of additional action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. ### To install BitLocker using Windows PowerShell -Windows PowerShell offers administrators another option for BitLocker feature installation. Windows PowerShell installs features using the `servermanager` or `dism` module; however, the `servermanager` and `dism` modules do not always share feature name parity. Because of this, it is advisable to confirm the feature or role name prior to installation. +Windows PowerShell offers administrators another option for BitLocker feature installation. Windows PowerShell installs features using the `servermanager` or `dism` module; however, the `servermanager` and `dism` modules don't always share feature name parity. Because of this, it's advisable to confirm the feature or role name prior to installation. >**Note:**  You must restart the server to complete the installation of BitLocker.   @@ -53,7 +53,7 @@ Windows PowerShell offers administrators another option for BitLocker feature in The `servermanager` Windows PowerShell module can use either the `Install-WindowsFeature` or `Add-WindowsFeature` to install the BitLocker feature. The `Add-WindowsFeature` cmdlet is merely a stub to the `Install-WindowsFeature`. This example uses the `Install-WindowsFeature` cmdlet. The feature name for BitLocker in the `servermanager` module is `BitLocker`. -By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the installation process. This can be seen using the `-WhatIf` option in Windows PowerShell. +By default, installation of features in Windows PowerShell doesn't include optional sub-features or management tools as part of the installation process. This can be seen using the `-WhatIf` option in Windows PowerShell. ```powershell Install-WindowsFeature BitLocker -WhatIf @@ -66,7 +66,7 @@ To see what would be installed with the BitLocker feature, including all availab Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl ``` -The result of this command displays the following list of all the administration tools for BitLocker which would be installed along with the feature, including tools for use with Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). +The result of this command displays the following list of all the administration tools for BitLocker, which would be installed along with the feature, including tools for use with Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). - BitLocker Drive Encryption - BitLocker Drive Encryption Tools @@ -86,7 +86,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -   ### Using the dism module to install BitLocker -The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. +The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module doesn't support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. ```powershell Get-WindowsOptionalFeature -Online | ft @@ -100,7 +100,7 @@ To install BitLocker using the `dism` module, use the following command: Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All ``` -This command prompts the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: +This command prompts the user for a reboot. The Enable-WindowsOptionalFeature cmdlet doesn't offer support for forcing a reboot of the computer. This command doesn't include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: ```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All From 0a8b8c2a55d2981c7a890207c043289c48026770 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 13 May 2022 17:11:36 +0530 Subject: [PATCH 132/540] Update bitlocker-how-to-deploy-on-windows-server.md --- .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 5c50295226..f743aedb8a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -35,13 +35,13 @@ This article explains how to deploy BitLocker on Windows Server 2012 and later v 5. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed. 6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane. **Note**: Server roles and features are installed by using the same wizard in Server Manager. -7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the additional management features available for BitLocker. If you don't want to install these features, deselect the **Include management tools +7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the extra management features available for BitLocker. If you don't want to install these features, deselect the **Include management tools ** and select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard. > **Note:**   The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems.   8. Select **Install** on the **Confirmation** pane of the **Add Roles and Features** wizard to begin BitLocker feature installation. The BitLocker feature requires a restart for its installation to be complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the computer after installation is complete. -9. If the **Restart the destination server automatically if required** check box isn't selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If required, a notification of additional action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. +9. If the **Restart the destination server automatically if required** check box isn't selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If necessary, a notification of other action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text. ### To install BitLocker using Windows PowerShell From b4aebac6daf216fcc66c1ec258f25c5d186689ca Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Mon, 16 May 2022 13:13:27 +0530 Subject: [PATCH 133/540] sheshachary-5859198-2 Improving the content quality. --- .../mdm/eap-configuration.md | 29 +++++++------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 9f9d1ab88c..e1608210b9 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -14,12 +14,10 @@ ms.date: 06/26/2017 # EAP configuration - This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10. ## Create an EAP configuration XML for a VPN profile - To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box: 1. Run rasphone.exe. @@ -107,15 +105,13 @@ To get the EAP configuration from your desktop using the rasphone tool that is s ``` > [!NOTE] - > You should check with mobile device management (MDM) vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations: - - C:\\Windows\\schemas\\EAPHost - - C:\\Windows\\schemas\\EAPMethods + > You should check with Mobile Device Management (MDM) vendor, if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations: + > - C:\\Windows\\schemas\\EAPHost + > - C:\\Windows\\schemas\\EAPMethods -   ## EAP certificate filtering - In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you might see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria so that it matches only one certificate. Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as: @@ -123,11 +119,11 @@ Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can - The user might be prompted to select the certificate. - The wrong certificate might be auto-selected and cause an authentication failure. -A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication. +A production ready deployment must have appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and appropriate certificate can be used for the authentication. -EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample, or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows: +EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows: -- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. +- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. - For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field. For information about EAP settings, see . @@ -142,9 +138,9 @@ The following list describes the prerequisites for a certificate to be used with - The certificate must have at least one of the following EKU properties: - - Client Authentication. As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2. - - Any Purpose. This property is an EKU-defined one and is published by Microsoft, and is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. - - All Purpose. As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes. + - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2. + - Any Purpose: This property is an EKU-defined one and is published by Microsoft.,It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. + - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes. - The user or the computer certificate on the client must chain to a trusted root CA. - The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy. @@ -157,7 +153,6 @@ The following XML sample explains the properties for the EAP TLS XML, including > For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.   - ```xml @@ -261,7 +256,6 @@ The following XML sample explains the properties for the EAP TLS XML, including > The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.   - Alternatively, you can use the following procedure to create an EAP configuration XML: 1. Follow steps 1 through 7 in the EAP configuration article. @@ -290,8 +284,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio > [!NOTE] > You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article. -  -  +## Related topics -  +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file From 2f5d94e85c70e42668dffdd25b2d8c498c43c145 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Mon, 16 May 2022 17:21:36 +0530 Subject: [PATCH 134/540] Worked on grammar, and consistency --- windows/client-management/mdm/supl-csp.md | 38 ++++++++----------- .../mdm/vpnv2-profile-xsd.md | 4 ++ 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 61cb297fdf..b842b5ac37 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -14,7 +14,7 @@ ms.date: 09/12/2019 # SUPL CSP -The SUPL configuration service provider is used to configure the location client, as shown in the following table: +The SUPL configuration service provider is used to configure the location client, as shown in the following: - **Location Service**: Connection type - **SUPL**: All connections other than CDMA @@ -32,7 +32,7 @@ The SUPL configuration service provider is used to configure the location client - Address of the server—a mobile positioning center for non-trusted mode. - The positioning method used by the MPC for non-trusted mode. -The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used. +The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted. A new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used. The following example shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning. @@ -83,7 +83,7 @@ Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) serve If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3. -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned. But the configuration service provider will continue processing the rest of the parameters. **Version** Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. @@ -96,7 +96,7 @@ Required. List all of the MCC and MNC pairs owned by the mobile operator. This l This value is a string with the format "(X1, Y1)(X2, Y2)…(Xn, Yn)", in which `X` is an MCC and `Y` is an MNC. -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **HighAccPositioningMethod** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: @@ -110,16 +110,12 @@ Optional. Specifies the positioning method that the SUPL client will use for mob |4|OTDOA| |5|AFLT| -  - The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. > [!IMPORTANT] > The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes. -  - -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **LocMasterSwitchDependencyNII** Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. @@ -133,7 +129,6 @@ This value manages the settings for both SUPL and v2 UPL. If a device is configu |Off|0|Yes| |Off|1|No (unless privacyOverride is set)| - When the location toggle is set to Off and this value is set to 1, the following application requests will fail: - `noNotificationNoVerification` @@ -148,12 +143,12 @@ However, if `privacyOverride` is set in the message, the location will be return When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working. -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **NIDefaultTimeout** -Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. +Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. -This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. +This value manages the settings for SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. **ServerAccessInterval** Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60. @@ -216,10 +211,10 @@ Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root ce Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time. **MPC** -Optional. The address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty. +Optional. Specifies the address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty. **PDE** -Optional. The address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty. +Optional. Specifies the address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty. **PositioningMethod\_MR** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: @@ -238,13 +233,12 @@ The default is 0. The default method provides high-quality assisted GNSS positio > The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.   - -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **LocMasterSwitchDependencyNII** Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage network-initiated requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. For CDMA devices, this value must be set to 1. The default value is 1. -This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. +This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. |Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed| |--- |--- |--- | @@ -267,22 +261,21 @@ However, if `privacyOverride` is set in the message, the location will be return When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working. -For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. +For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **ApplicationTypeIndicator\_MR** Required. This value must always be set to `00000011`. **NIDefaultTimeout** -Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. +Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. -This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. +This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. **ServerAccessInterval** Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60. ## Unsupported Nodes - The following optional nodes aren't supported on Windows devices. - ProviderID @@ -305,7 +298,6 @@ If a mobile operator requires the communication with the H-SLP to take place ove ## OMA Client Provisioning examples - Adding new configuration information for an H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. ```xml diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index d318a8734b..dcf303c5fa 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -442,3 +442,7 @@ Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent:: ``` + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file From 749f0066f986ee8304dc3347729ae3192b69d1cf Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Mon, 16 May 2022 17:38:45 +0530 Subject: [PATCH 135/540] changes in metadata --- .../advanced-troubleshooting-802-authentication.md | 3 --- .../advanced-troubleshooting-boot-problems.md | 1 - .../advanced-troubleshooting-wireless-network-connectivity.md | 3 --- windows/client-management/connect-to-remote-aadj-pc.md | 4 ---- .../data-collection-for-802-authentication.md | 3 --- .../client-management/determine-appropriate-page-file-size.md | 1 - .../generate-kernel-or-complete-crash-dump.md | 1 - .../group-policies-for-enterprise-and-education-editions.md | 2 -- windows/client-management/introduction-page-file.md | 1 - windows/client-management/manage-corporate-devices.md | 4 ---- .../manage-device-installation-with-group-policy.md | 2 -- .../manage-settings-app-with-group-policy.md | 2 -- ...anage-windows-10-in-your-organization-modern-management.md | 4 ---- windows/client-management/mandatory-user-profile.md | 3 --- windows/client-management/mdm/activesync-csp.md | 2 -- windows/client-management/mdm/activesync-ddf-file.md | 2 -- .../mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md | 1 - windows/client-management/mdm/alljoynmanagement-csp.md | 2 -- windows/client-management/mdm/alljoynmanagement-ddf.md | 2 -- windows/client-management/mdm/application-csp.md | 2 -- windows/client-management/mdm/applicationcontrol-csp-ddf.md | 1 - windows/client-management/mdm/applicationcontrol-csp.md | 1 - windows/client-management/mdm/applocker-csp.md | 2 -- windows/client-management/mdm/applocker-ddf-file.md | 2 -- windows/client-management/mdm/applocker-xsd.md | 2 -- windows/client-management/mdm/assign-seats.md | 1 - windows/client-management/mdm/assignedaccess-ddf.md | 2 -- .../mdm/azure-active-directory-integration-with-mdm.md | 1 - windows/client-management/mdm/bitlocker-csp.md | 1 + .../mdm/bulk-assign-and-reclaim-seats-from-user.md | 1 - .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 2 -- windows/client-management/mdm/cellularsettings-csp.md | 1 - .../mdm/certificate-authentication-device-enrollment.md | 1 - .../client-management/mdm/certificate-renewal-windows-mdm.md | 1 - windows/client-management/mdm/certificatestore-csp.md | 1 - windows/client-management/mdm/certificatestore-ddf-file.md | 2 -- windows/client-management/mdm/cleanpc-ddf.md | 1 - windows/client-management/mdm/clientcertificateinstall-csp.md | 1 - .../mdm/clientcertificateinstall-ddf-file.md | 2 -- windows/client-management/mdm/cm-cellularentries-csp.md | 1 - windows/client-management/mdm/cmpolicy-csp.md | 2 -- windows/client-management/mdm/cmpolicyenterprise-csp.md | 1 - windows/client-management/mdm/cmpolicyenterprise-ddf-file.md | 2 -- windows/client-management/mdm/config-lock.md | 1 - .../mdm/configuration-service-provider-reference.md | 1 - windows/client-management/mdm/customdeviceui-csp.md | 1 - windows/client-management/mdm/customdeviceui-ddf.md | 2 -- .../mdm/data-structures-windows-store-for-business.md | 1 - windows/client-management/mdm/defender-csp.md | 1 - windows/client-management/mdm/defender-ddf.md | 1 - windows/client-management/mdm/devdetail-csp.md | 1 - windows/client-management/mdm/devdetail-ddf-file.md | 1 - windows/client-management/mdm/developersetup-csp.md | 1 - windows/client-management/mdm/developersetup-ddf.md | 1 - windows/client-management/mdm/device-update-management.md | 3 --- windows/client-management/mdm/devicelock-csp.md | 1 - windows/client-management/mdm/devicelock-ddf-file.md | 1 - windows/client-management/mdm/devicemanageability-csp.md | 1 - windows/client-management/mdm/devicemanageability-ddf.md | 1 - windows/client-management/mdm/devicestatus-csp.md | 1 - windows/client-management/mdm/devicestatus-ddf.md | 2 -- windows/client-management/mdm/devinfo-csp.md | 1 - windows/client-management/mdm/devinfo-ddf-file.md | 2 -- .../mdm/diagnose-mdm-failures-in-windows-10.md | 1 - windows/client-management/mdm/diagnosticlog-csp.md | 1 - windows/client-management/mdm/diagnosticlog-ddf.md | 2 -- .../mdm/disconnecting-from-mdm-unenrollment.md | 2 -- windows/client-management/mdm/dmacc-csp.md | 1 - windows/client-management/mdm/dmacc-ddf-file.md | 2 -- windows/client-management/mdm/dmclient-csp.md | 1 - windows/client-management/mdm/dmclient-ddf-file.md | 1 - windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 2 -- windows/client-management/mdm/dynamicmanagement-ddf.md | 1 - windows/client-management/mdm/eap-configuration.md | 2 -- windows/client-management/mdm/email2-csp.md | 1 - windows/client-management/mdm/email2-ddf-file.md | 2 -- windows/client-management/mdm/enterprise-app-management.md | 1 - windows/client-management/mdm/enterpriseapn-csp.md | 1 - windows/client-management/mdm/enterpriseapn-ddf.md | 2 -- windows/client-management/mdm/enterpriseappmanagement-csp.md | 2 -- windows/client-management/mdm/enterprisedataprotection-csp.md | 1 - .../mdm/enterprisedataprotection-ddf-file.md | 1 - .../mdm/enterprisedesktopappmanagement-csp.md | 2 -- .../mdm/enterprisedesktopappmanagement-ddf-file.md | 2 -- .../mdm/enterprisedesktopappmanagement2-xsd.md | 2 -- .../mdm/enterprisemodernappmanagement-csp.md | 1 - .../mdm/enterprisemodernappmanagement-ddf.md | 1 - .../mdm/enterprisemodernappmanagement-xsd.md | 2 -- windows/client-management/mdm/esim-enterprise-management.md | 3 --- windows/client-management/mdm/euiccs-ddf-file.md | 2 -- .../mdm/federated-authentication-device-enrollment.md | 1 - windows/client-management/new-policies-for-windows-10.md | 4 ---- windows/client-management/quick-assist.md | 1 - windows/client-management/system-failure-recovery-options.md | 1 - windows/client-management/troubleshoot-event-id-41-restart.md | 1 - .../troubleshoot-inaccessible-boot-device.md | 2 -- windows/client-management/troubleshoot-networking.md | 1 - .../troubleshoot-stop-error-on-broadcom-driver-update.md | 1 - windows/client-management/troubleshoot-tcpip-connectivity.md | 1 - windows/client-management/troubleshoot-tcpip-netmon.md | 1 - windows/client-management/troubleshoot-tcpip-port-exhaust.md | 1 - windows/client-management/troubleshoot-tcpip-rpc-errors.md | 1 - windows/client-management/troubleshoot-tcpip.md | 1 - windows/client-management/troubleshoot-windows-startup.md | 1 - windows/client-management/windows-10-support-solutions.md | 2 -- windows/client-management/windows-libraries.md | 2 +- windows/client-management/windows-version-search.md | 3 --- 107 files changed, 2 insertions(+), 167 deletions(-) diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index 59c8210b09..eba023fe12 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -2,10 +2,7 @@ title: Advanced Troubleshooting 802.1X Authentication ms.reviewer: description: Troubleshoot authentication flow by learning how 802.1X Authentication works for wired and wireless clients. -keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi ms.prod: w10 -ms.mktglfcycl: -ms.sitesec: library author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index dd92af8c4f..954ba48379 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -2,7 +2,6 @@ title: Advanced troubleshooting for Windows boot problems description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals. ms.prod: w10 -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 8ab2aede4e..35484e641a 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -3,10 +3,7 @@ title: Advanced Troubleshooting Wireless Network Connectivity ms.reviewer: manager: dougeby description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. -keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi ms.prod: w10 -ms.mktglfcycl: -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index cf0c18ee1d..281921614c 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -1,11 +1,7 @@ --- title: Connect to remote Azure Active Directory-joined PC (Windows) description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC. -keywords: ["MDM", "device management", "RDP", "AADJ"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices author: dansimp ms.localizationpriority: medium ms.author: dansimp diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md index 8717d386a2..686860ae52 100644 --- a/windows/client-management/data-collection-for-802-authentication.md +++ b/windows/client-management/data-collection-for-802-authentication.md @@ -3,10 +3,7 @@ title: Data collection for troubleshooting 802.1X authentication ms.reviewer: manager: dansimp description: Use the steps in this article to collect data that can be used to troubleshoot 802.1X authentication issues. -keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data ms.prod: w10 -ms.mktglfcycl: -ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.author: dansimp diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md index 6c0e959124..54cd623df2 100644 --- a/windows/client-management/determine-appropriate-page-file-size.md +++ b/windows/client-management/determine-appropriate-page-file-size.md @@ -2,7 +2,6 @@ title: How to determine the appropriate page file size for 64-bit versions of Windows description: Learn how to determine the appropriate page file size for 64-bit versions of Windows. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md index b3c3a0f026..e631ae9d84 100644 --- a/windows/client-management/generate-kernel-or-complete-crash-dump.md +++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md @@ -2,7 +2,6 @@ title: Generate a kernel or complete crash dump description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index 3d50f1d30a..dfb3d72af7 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -2,8 +2,6 @@ title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10) description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.date: 09/14/2021 diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index be5ce9c487..af10628683 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -2,7 +2,6 @@ title: Introduction to the page file description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index 100a615574..e3104875bd 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -1,15 +1,11 @@ --- title: Manage corporate devices description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones. -ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D ms.reviewer: manager: dansimp ms.author: dansimp keywords: ["MDM", "device management"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices author: dansimp ms.localizationpriority: medium ms.date: 09/14/2021 diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md index 29a9358bf0..79544bf12c 100644 --- a/windows/client-management/manage-device-installation-with-group-policy.md +++ b/windows/client-management/manage-device-installation-with-group-policy.md @@ -2,8 +2,6 @@ title: Manage Device Installation with Group Policy (Windows 10 and Windows 11) description: Find out how to manage Device Installation Restrictions with Group Policy. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.date: 09/14/2021 ms.reviewer: diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 56a3adc040..4914694065 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -2,8 +2,6 @@ title: Manage the Settings app with Group Policy (Windows 10 and Windows 11) description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: dansimp ms.date: 09/14/2021 ms.reviewer: diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index cc38c493dd..f66d8ad2de 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -1,11 +1,7 @@ --- title: Manage Windows 10 in your organization - transitioning to modern management description: This topic offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. -keywords: ["MDM", "device management", "group policy", "Azure Active Directory"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices author: dansimp ms.localizationpriority: medium ms.date: 04/26/2018 diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index d45e85d719..18aaf583be 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -1,10 +1,7 @@ --- title: Create mandatory user profiles (Windows 10 and Windows 11) description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users. -keywords: [".man","ntuser"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: dansimp ms.author: dansimp ms.date: 09/14/2021 diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index 307391743a..67db0fe0c7 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -1,7 +1,6 @@ --- title: ActiveSync CSP description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. -ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # ActiveSync CSP - The ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. After an Exchange account has been updated over-the-air by the ActiveSync configuration service provider, the device must be powered off and then powered back on to see sync status. Configuring Windows Live ActiveSync accounts through this configuration service provider isn't supported. diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index dae70c2133..6501f41c92 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -1,7 +1,6 @@ --- title: ActiveSync DDF file description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider. -ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # ActiveSync DDF file - This topic shows the OMA DM device description framework (DDF) for the **ActiveSync** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index 3328f5ca2a..85a599abb8 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -1,7 +1,6 @@ --- title: Add an Azure AD tenant and Azure AD subscription description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription. -ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index de7482b72d..4b0e2a51ac 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -1,7 +1,6 @@ --- title: AllJoynManagement CSP description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. -ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # AllJoynManagement CSP - The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. The devices must support the Microsoft AllJoyn configuration interface (com.microsoft.alljoynmanagement.config). You can also push configuration files to the same devices. To populate the various nodes when setting new configuration, we recommend that you do a query first, to get the actual values for all the nodes in all the attached devices. You can then use the information from the query to set the node values when pushing the new configuration. > [!NOTE] diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index 77494eaf9f..3767ae23f1 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -1,7 +1,6 @@ --- title: AllJoynManagement DDF description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider. -ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # AllJoynManagement DDF - This topic shows the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider. This CSP was added in Windows 10, version 1511. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 728e4dcda3..6ca982d1d7 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -1,7 +1,6 @@ --- title: APPLICATION configuration service provider description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning. -ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # APPLICATION configuration service provider - The APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning. OMA considers each transport to be an application and requires a corresponding APPLICATION configuration service provider. The following list shows the supported transports. diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 5c44ba2dc1..3a84ac6f07 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -11,7 +11,6 @@ ms.date: 07/10/2019 # ApplicationControl CSP DDF - This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index d18a0ebd70..c801b28787 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -1,7 +1,6 @@ --- title: ApplicationControl CSP description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server. -keywords: security, malware ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 4d6a2a787f..68ac1a4137 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -1,7 +1,6 @@ --- title: AppLocker CSP description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed. -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 11/19/2019 # AppLocker CSP - The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There's no user interface shown for apps that are blocked. The following example shows the AppLocker configuration service provider in tree format. diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 7bde68650f..bb3a6e5f85 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -1,7 +1,6 @@ --- title: AppLocker DDF file description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider. -ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # AppLocker DDF file - This topic shows the OMA DM device description framework (DDF) for the **AppLocker** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index bf80bc1d61..9eedf4f812 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -1,7 +1,6 @@ --- title: AppLocker XSD description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized. -ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # AppLocker XSD - Here's the XSD for the AppLocker CSP. ```xml diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index e99f6fb7de..d8c68d15e5 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -1,7 +1,6 @@ --- title: Assign seat description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business. -ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 6a73458cf7..87a68a8abd 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -1,7 +1,6 @@ --- title: AssignedAccess DDF description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider. -ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 02/22/2018 # AssignedAccess DDF - This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can download the DDF files from the links below: diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index a0a4883d44..06795ddd56 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -1,7 +1,6 @@ --- title: Azure Active Directory integration with MDM description: Azure Active Directory is the world largest enterprise cloud identity management service. -ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index b4564bd96c..7da50e3114 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -12,6 +12,7 @@ ms.reviewer: manager: dansimp ms.collection: highpri --- + # BitLocker CSP The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro. diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index a47e4f4613..19a2fa944c 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -1,7 +1,6 @@ --- title: Bulk assign and reclaim seats from users description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business. -ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 0309b24aad..a6d69bff48 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -4,7 +4,6 @@ description: Bulk enrollment is an efficient way to set up a large number of dev MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' -ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87 ms.reviewer: manager: dansimp ms.author: dansimp @@ -15,7 +14,6 @@ author: dansimp ms.date: 06/26/2017 --- - # Bulk enrollment Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index 5605ebe1f4..ef16b97a85 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -1,7 +1,6 @@ --- title: CellularSettings CSP description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device. -ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index 1d2eebc12f..f7af4adf18 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -1,7 +1,6 @@ --- title: Certificate authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy. -ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index 758b284713..078523d5fb 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -4,7 +4,6 @@ description: Learn how to find all the resources that you need to provide contin MS-HAID: - 'p\_phdevicemgmt.certificate\_renewal' - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm' -ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 0ef7d8606c..a9c120ef20 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -1,7 +1,6 @@ --- title: CertificateStore CSP description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates. -ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index da503f9902..89fc1c2442 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -1,7 +1,6 @@ --- title: CertificateStore DDF file description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML. -ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # CertificateStore DDF file - This topic shows the OMA DM device description framework (DDF) for the **CertificateStore** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 1f2c1fa3f7..fe436a5c96 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -1,7 +1,6 @@ --- title: CleanPC DDF description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index de295098f3..c510d7aa45 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -1,7 +1,6 @@ --- title: ClientCertificateInstall CSP description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates. -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 46bb00affa..aec920c139 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -1,7 +1,6 @@ --- title: ClientCertificateInstall DDF file description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider. -ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # ClientCertificateInstall DDF file - This topic shows the OMA DM device description framework (DDF) for the **ClientCertificateInstall** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index 06562d8462..c69a70a18d 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -1,7 +1,6 @@ --- title: CM\_CellularEntries CSP description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP. -ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 333377d822..a1a4b475e8 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -1,7 +1,6 @@ --- title: CMPolicy CSP description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections. -ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # CMPolicy CSP - The CMPolicy configuration service provider defines rules that the Connection Manager uses to identify the correct connection for a connection request. > [!NOTE] diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index e8f9de1f33..c860bb3992 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -1,7 +1,6 @@ --- title: CMPolicyEnterprise CSP description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request. -ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index d0ca95bb1d..9714d6d292 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -1,7 +1,6 @@ --- title: CMPolicyEnterprise DDF file description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider. -ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # CMPolicyEnterprise DDF file - This topic shows the OMA DM device description framework (DDF) for the **CMPolicyEnterprise** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md index 26a30c88a6..ad3e957a90 100644 --- a/windows/client-management/mdm/config-lock.md +++ b/windows/client-management/mdm/config-lock.md @@ -2,7 +2,6 @@ title: Secured-Core Configuration Lock description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. manager: dansimp -keywords: mdm,management,administrator,config lock ms.author: v-lsaldanha ms.topic: article ms.prod: w11 diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 56bcf98029..ec713ffc7c 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1,7 +1,6 @@ --- title: Configuration service provider reference description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 1a0f77c9ed..e1fe7788d5 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -1,7 +1,6 @@ --- title: CustomDeviceUI CSP description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application. -ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index 40621f8a86..0433c22507 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -1,7 +1,6 @@ --- title: CustomDeviceUI DDF description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider. -ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # CustomDeviceUI DDF - This topic shows the OMA DM device description framework (DDF) for the **CustomDeviceUI** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 4621e9a56d..138c6d80c8 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -4,7 +4,6 @@ description: Learn about the various data structures for Microsoft Store for Bus MS-HAID: - 'p\_phdevicemgmt.business\_store\_data\_structures' - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business' -ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 22ee682cf2..2622105e41 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,7 +1,6 @@ --- title: Defender CSP description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index fe6514f5c2..9bf6463258 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,7 +1,6 @@ --- title: Defender DDF file description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used. -ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 7a1c219d01..a0d6ae21ee 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -1,7 +1,6 @@ --- title: DevDetail CSP description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server. -ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 29a697c6d8..e1d79c9308 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -1,7 +1,6 @@ --- title: DevDetail DDF file description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider. -ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index b27c178d3c..244e26d627 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -1,7 +1,6 @@ --- title: DeveloperSetup CSP description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703. -ms.assetid: ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index 13d4a19b6a..4d959b186f 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -1,7 +1,6 @@ --- title: DeveloperSetup DDF file description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. -ms.assetid: ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 22f1b88991..df9fb81141 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -1,10 +1,8 @@ --- title: Mobile device management MDM for device updates description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management. -ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777 ms.reviewer: manager: dansimp -keywords: mdm,management,administrator ms.author: dansimp ms.topic: article ms.prod: w10 @@ -14,7 +12,6 @@ ms.date: 11/15/2017 ms.collection: highpri --- - # Mobile device management (MDM) for device updates >[!TIP] diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index f0d67e6950..2ee9b7eb60 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -1,7 +1,6 @@ --- title: DeviceLock CSP description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies. -ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index c396396f46..75ec208587 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -1,7 +1,6 @@ --- title: DeviceLock DDF file description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP). -ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index a932bc0ed7..17e6724109 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,7 +1,6 @@ --- title: DeviceManageability CSP description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device. -ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index ca69075d3a..f57ca0aef2 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -1,7 +1,6 @@ --- title: DeviceManageability DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607. -ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 3f04f4495f..caf84a29d2 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -1,7 +1,6 @@ --- title: DeviceStatus CSP description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise. -ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 4b820066f6..5327b89015 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -1,7 +1,6 @@ --- title: DeviceStatus DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 03/12/2018 # DeviceStatus DDF - This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index e5dc49d8ee..310449119c 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -1,7 +1,6 @@ --- title: DevInfo CSP description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server. -ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index 3cf4154682..9d99d2d67b 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -1,7 +1,6 @@ --- title: DevInfo DDF file description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP). -ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # DevInfo DDF file - This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 057030f5f3..ea79a37fdb 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -1,7 +1,6 @@ --- title: Diagnose MDM failures in Windows 10 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server. -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 6476b2d5e2..2c80a8b89b 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -1,7 +1,6 @@ --- title: DiagnosticLog CSP description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area. -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 0f25053a37..38cf705e56 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -1,7 +1,6 @@ --- title: DiagnosticLog DDF description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP). -ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # DiagnosticLog DDF - This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index f3e3c24cf9..ebb0553ae8 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -4,7 +4,6 @@ description: Disconnecting is initiated either locally by the user using a phone MS-HAID: - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_' - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment' -ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8 ms.reviewer: manager: dansimp ms.author: dansimp @@ -15,7 +14,6 @@ author: dansimp ms.date: 06/26/2017 --- - # Disconnecting from the management infrastructure (unenrollment) The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account. diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 50fd9dfd0d..3622905318 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -1,7 +1,6 @@ --- title: DMAcc CSP description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects. -ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 2d1d256133..b967d91e87 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -1,7 +1,6 @@ --- title: DMAcc DDF file description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP). -ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # DMAcc DDF file - This topic shows the OMA DM device description framework (DDF) for the **DMAcc** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 80655c5989..97c91fd54e 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,7 +1,6 @@ --- title: DMClient CSP description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings. -ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 9121cdc2b4..11a4346622 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -1,7 +1,6 @@ --- title: DMClient DDF file description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP). -ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 67d29f0ce3..27091ecd80 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -2,10 +2,8 @@ title: DMProcessConfigXMLFiltered function description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML. Search.Refinement.TopicID: 184 -ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F ms.reviewer: manager: dansimp -keywords: ["DMProcessConfigXMLFiltered function"] topic_type: - apiref api_name: diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 5bf20a535b..0bb1c75f3e 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -1,7 +1,6 @@ --- title: DynamicManagement DDF file description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP). -ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 9f9d1ab88c..6f3a8808cf 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,7 +1,6 @@ --- title: EAP configuration description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10. -ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # EAP configuration - This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10. ## Create an EAP configuration XML for a VPN profile diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index dab6f05a0e..c6492b01aa 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -1,7 +1,6 @@ --- title: EMAIL2 CSP description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts. -ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index 11c6ba0946..7e3c271fc3 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -1,7 +1,6 @@ --- title: EMAIL2 DDF file description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP). -ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # EMAIL2 DDF file - This topic shows the OMA DM device description framework (DDF) for the **EMAIL2** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index d5a45549a2..c64c2d9ba3 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -1,7 +1,6 @@ --- title: Enterprise app management description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. -ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index 8893e068c9..7a448a03d6 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -1,7 +1,6 @@ --- title: EnterpriseAPN CSP description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet. -ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index 60e6f5ba4a..2e81ae80fd 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -1,7 +1,6 @@ --- title: EnterpriseAPN DDF description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP). -ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 12/05/2017 # EnterpriseAPN DDF - This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAPN** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index b59fc137e1..ff17c8cd63 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -1,7 +1,6 @@ --- title: EnterpriseAppManagement CSP description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP). -ms.assetid: 698b8bf4-652e-474b-97e4-381031357623 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # EnterpriseAppManagement CSP - The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment. > [!NOTE] diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index d8ec6f71d5..bfc9197068 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -1,7 +1,6 @@ --- title: EnterpriseDataProtection CSP description: The EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings. -ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index 1b0ee74568..68e337c333 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -1,7 +1,6 @@ --- title: EnterpriseDataProtection DDF file description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. -ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 13aead751f..2ce66aad6c 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -1,7 +1,6 @@ --- title: EnterpriseDesktopAppManagement CSP description: The EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications. -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 07/11/2017 # EnterpriseDesktopAppManagement CSP - The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. Application installations can take some time to complete, hence they're done asynchronously. When the Exec command is completed, the client can send a generic alert to the management server with a status, whether it's a failure or success. For a SyncML example, see [Alert example](#alert-example). diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index 329d5cb253..0803a2e9ab 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -1,7 +1,6 @@ --- title: EnterpriseDesktopAppManagement DDF description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider. -ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # EnterpriseDesktopAppManagement DDF - This topic shows the OMA DM device description framework (DDF) for the **EnterpriseDesktopAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 097a08b4f8..c570ad096b 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -1,7 +1,6 @@ --- title: EnterpriseDesktopAppManagement XSD description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # EnterpriseDesktopAppManagement XSD - This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. ```xml diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 709013b0bd..629ea55cb3 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -1,7 +1,6 @@ --- title: EnterpriseModernAppManagement CSP description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. -ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 4ffad48863..9e25733411 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -1,7 +1,6 @@ --- title: EnterpriseModernAppManagement DDF description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP). -ms.assetid: ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index 53de7e899e..dc9995f5ef 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -1,7 +1,6 @@ --- title: EnterpriseModernAppManagement XSD description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters. -ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # EnterpriseModernAppManagement XSD - Here is the XSD for the application parameters. ```xml diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md index f3e01980bb..30cebf3d9e 100644 --- a/windows/client-management/mdm/esim-enterprise-management.md +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -1,10 +1,7 @@ --- title: eSIM Enterprise Management description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows. -keywords: eSIM enterprise management ms.prod: w10 -ms.mktglfcycl: -ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.author: dansimp diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 1649e9b5ca..e6d041a4a2 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -1,7 +1,6 @@ --- title: eUICCs DDF file description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP). -ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096 ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 03/02/2018 # eUICCs DDF file - This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 6dc5301d1b..1bbe746b59 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -1,7 +1,6 @@ --- title: Federated authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using federated authentication policy. -ms.assetid: 049ECA6E-1AF5-4CB2-8F1C-A5F22D722DAA ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 79a75c3f90..cdfe98e0d3 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -1,14 +1,10 @@ --- title: New policies for Windows 10 (Windows 10) description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components. -ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D ms.reviewer: manager: dansimp ms.author: dansimp -keywords: ["MDM", "Group Policy", "GP"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.date: 09/15/2021 diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 120ac4d165..4b065d5ae5 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -2,7 +2,6 @@ title: Use Quick Assist to help users description: How IT Pros can use Quick Assist to help users ms.prod: w10 -ms.sitesec: library ms.topic: article author: aczechowski ms.localizationpriority: medium diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 777b9fa6ec..d8b8b2c1b8 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -2,7 +2,6 @@ title: Configure system failure and recovery options in Windows description: Learn how to configure the actions that Windows takes when a system error occurs and what the recovery options are. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md index 48678bf786..07b7e3a9ca 100644 --- a/windows/client-management/troubleshoot-event-id-41-restart.md +++ b/windows/client-management/troubleshoot-event-id-41-restart.md @@ -11,7 +11,6 @@ ms.custom: - CSSTroubleshooting audience: ITPro ms.localizationpriority: medium -keywords: event id 41, reboot, restart, stop error, bug check code manager: kaushika ms.collection: highpri --- diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index 3437793da8..0871f37f71 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -2,8 +2,6 @@ title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer, ms.prod: w10 -ms.mktglfcycl: -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md index 3f28ccd47b..3e9561ed60 100644 --- a/windows/client-management/troubleshoot-networking.md +++ b/windows/client-management/troubleshoot-networking.md @@ -4,7 +4,6 @@ ms.reviewer: manager: dansimp description: Learn about the topics that are available to help you troubleshoot common problems related to Windows networking. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md index a22426c30a..e26d6a5173 100644 --- a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md +++ b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md @@ -11,7 +11,6 @@ ms.custom: - CSSTroubleshooting audience: ITPro ms.localizationpriority: medium -keywords: manager: kaushika --- diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md index 56573160e6..a04d75d606 100644 --- a/windows/client-management/troubleshoot-tcpip-connectivity.md +++ b/windows/client-management/troubleshoot-tcpip-connectivity.md @@ -2,7 +2,6 @@ title: Troubleshoot TCP/IP connectivity description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index aed2257b4d..18eff7c2dd 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -2,7 +2,6 @@ title: Collect data using Network Monitor description: Learn how to run Network Monitor to collect data for troubleshooting TCP/IP connectivity. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md index 938136edad..6a732b7a1d 100644 --- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md +++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md @@ -2,7 +2,6 @@ title: Troubleshoot port exhaustion issues description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index ed7f973fef..0ed8972088 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -2,7 +2,6 @@ title: Troubleshoot Remote Procedure Call (RPC) errors description: Learn how to troubleshoot Remote Procedure Call (RPC) errors when connecting to Windows Management Instrumentation (WMI), SQL Server, or during a remote connection. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md index 1ffd3f1dc2..e449140d95 100644 --- a/windows/client-management/troubleshoot-tcpip.md +++ b/windows/client-management/troubleshoot-tcpip.md @@ -2,7 +2,6 @@ title: Advanced troubleshooting for TCP/IP issues description: Learn how to troubleshoot common problems in a TCP/IP network environment, for example by collecting data using Network monitor. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md index 9d9283a355..c2ae601920 100644 --- a/windows/client-management/troubleshoot-windows-startup.md +++ b/windows/client-management/troubleshoot-windows-startup.md @@ -2,7 +2,6 @@ title: Advanced troubleshooting for Windows start-up issues description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes. ms.prod: w10 -ms.sitesec: library ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md index 2c423bfbc7..021f22ec21 100644 --- a/windows/client-management/windows-10-support-solutions.md +++ b/windows/client-management/windows-10-support-solutions.md @@ -4,8 +4,6 @@ description: Learn where to find information about troubleshooting Windows 10 is ms.reviewer: kaushika manager: dansimp ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library ms.author: kaushika author: kaushika-msft ms.localizationpriority: medium diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md index 5db8c1238b..16ef254939 100644 --- a/windows/client-management/windows-libraries.md +++ b/windows/client-management/windows-libraries.md @@ -1,5 +1,4 @@ --- -ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2 ms.reviewer: manager: dansimp title: Windows Libraries @@ -12,6 +11,7 @@ author: dansimp description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures. ms.date: 09/15/2021 --- + # Windows libraries > Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md index 52a2fb766d..1a2edc21c4 100644 --- a/windows/client-management/windows-version-search.md +++ b/windows/client-management/windows-version-search.md @@ -1,10 +1,7 @@ --- title: What version of Windows am I running? description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel. -keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: dansimp ms.author: dansimp ms.date: 04/30/2018 From 24c4a1509cd9df85b6b0782f87c40966250a4e65 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Mon, 16 May 2022 17:59:07 +0530 Subject: [PATCH 136/540] changes in metadata --- .../allow-a-shared-books-folder-shortdesc.md | 1 - .../allow-address-bar-drop-down-shortdesc.md | 1 - .../includes/allow-adobe-flash-shortdesc.md | 1 - ...learing-browsing-data-on-exit-shortdesc.md | 1 - ...ion-updates-for-books-library-shortdesc.md | 1 - .../includes/allow-cortana-shortdesc.md | 1 - .../allow-developer-tools-shortdesc.md | 1 - ...ended-telemetry-for-books-tab-shortdesc.md | 1 - .../includes/allow-extensions-shortdesc.md | 22 ++++++++--------- .../allow-fullscreen-mode-shortdesc.md | 1 - .../allow-inprivate-browsing-shortdesc.md | 22 ++++++++--------- ...-microsoft-compatibility-list-shortdesc.md | 22 ++++++++--------- .../includes/allow-prelaunch-shortdesc.md | 22 ++++++++--------- .../includes/allow-printing-shortdesc.md | 22 ++++++++--------- .../allow-saving-history-shortdesc.md | 1 - ...w-search-engine-customization-shortdesc.md | 1 - ...low-sideloading-of-extensions-shortdesc.md | 1 - .../allow-tab-preloading-shortdesc.md | 22 ++++++++--------- ...w-web-content-on-new-tab-page-shortdesc.md | 22 ++++++++--------- ...ndows-app-to-share-data-users-shortdesc.md | 22 ++++++++--------- .../always-show-books-library-shortdesc.md | 22 ++++++++--------- ...ure-additional-search-engines-shortdesc.md | 1 - ...be-flash-click-to-run-setting-shortdesc.md | 22 ++++++++--------- .../includes/configure-autofill-shortdesc.md | 22 ++++++++--------- ...-telemetry-for-m365-analytics-shortdesc.md | 1 - .../includes/configure-cookies-shortdesc.md | 22 ++++++++--------- .../configure-do-not-track-shortdesc.md | 1 - ...ure-enterprise-mode-site-list-shortdesc.md | 22 ++++++++--------- .../configure-favorites-bar-shortdesc.md | 22 ++++++++--------- .../includes/configure-favorites-shortdesc.md | 22 ++++++++--------- .../configure-home-button-shortdesc.md | 22 ++++++++--------- .../configure-kiosk-mode-shortdesc.md | 1 - ...iosk-reset-after-idle-timeout-shortdesc.md | 22 ++++++++--------- ...gure-open-microsoft-edge-with-shortdesc.md | 1 - .../configure-password-manager-shortdesc.md | 22 ++++++++--------- .../configure-pop-up-blocker-shortdesc.md | 24 +++++++++---------- ...ch-suggestions-in-address-bar-shortdesc.md | 22 ++++++++--------- .../configure-start-pages-shortdesc.md | 1 - ...-windows-defender-smartscreen-shortdesc.md | 1 - ...sable-lockdown-of-start-pages-shortdesc.md | 1 - .../do-not-sync-browser-settings-shortdesc.md | 22 ++++++++--------- .../includes/do-not-sync-shortdesc.md | 22 ++++++++--------- ...s-in-sync-between-ie-and-edge-shortdesc.md | 22 ++++++++--------- ...soft-browser-extension-policy-shortdesc.md | 1 - ...nt-access-to-about-flags-page-shortdesc.md | 1 - ...ws-defender-prompts-for-files-shortdesc.md | 22 ++++++++--------- ...ws-defender-prompts-for-sites-shortdesc.md | 22 ++++++++--------- ...t-certificate-error-overrides-shortdesc.md | 22 ++++++++--------- .../prevent-changes-to-favorites-shortdesc.md | 22 ++++++++--------- ...from-gathering-live-tile-info-shortdesc.md | 22 ++++++++--------- ...irst-run-webpage-from-opening-shortdesc.md | 22 ++++++++--------- ...rning-off-required-extensions-shortdesc.md | 1 - ...rs-to-turn-on-browser-syncing-shortdesc.md | 22 ++++++++--------- ...calhost-ip-address-for-webrtc-shortdesc.md | 1 - .../includes/provision-favorites-shortdesc.md | 1 - .../search-provider-discovery-shortdesc.md | 22 ++++++++--------- ...send-all-intranet-sites-to-ie-shortdesc.md | 22 ++++++++--------- .../set-default-search-engine-shortdesc.md | 22 ++++++++--------- .../includes/set-home-button-url-shortdesc.md | 22 ++++++++--------- .../includes/set-new-tab-url-shortdesc.md | 22 ++++++++--------- ...sage-when-opening-sites-in-ie-shortdesc.md | 21 ++++++++-------- .../includes/unlock-home-button-shortdesc.md | 22 ++++++++--------- 62 files changed, 408 insertions(+), 432 deletions(-) diff --git a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md index 9b1d7821f3..57b5523dd9 100644 --- a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md +++ b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md index 116864a49f..031d179b36 100644 --- a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md +++ b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-adobe-flash-shortdesc.md b/windows/client-management/includes/allow-adobe-flash-shortdesc.md index dca6cf6233..45365c58bd 100644 --- a/windows/client-management/includes/allow-adobe-flash-shortdesc.md +++ b/windows/client-management/includes/allow-adobe-flash-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md index af3d4fefef..82ccb5f2ed 100644 --- a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md +++ b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md index 40a927c882..f8b89a8e2e 100644 --- a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md +++ b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-cortana-shortdesc.md b/windows/client-management/includes/allow-cortana-shortdesc.md index fbfa0f13b0..234b73f7d2 100644 --- a/windows/client-management/includes/allow-cortana-shortdesc.md +++ b/windows/client-management/includes/allow-cortana-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-developer-tools-shortdesc.md b/windows/client-management/includes/allow-developer-tools-shortdesc.md index 9d134d4a38..41176ffb3b 100644 --- a/windows/client-management/includes/allow-developer-tools-shortdesc.md +++ b/windows/client-management/includes/allow-developer-tools-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md index 6fa1849707..3c9d3f6b42 100644 --- a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md +++ b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-extensions-shortdesc.md b/windows/client-management/includes/allow-extensions-shortdesc.md index ca5e422178..8276b06760 100644 --- a/windows/client-management/includes/allow-extensions-shortdesc.md +++ b/windows/client-management/includes/allow-extensions-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions. diff --git a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md index 06b4e1eb02..8c616dedff 100644 --- a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md +++ b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md index 4e15608ff7..1340e13406 100644 --- a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md +++ b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing. diff --git a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md index 46d2b5f57e..35a86bfd85 100644 --- a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md +++ b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat. diff --git a/windows/client-management/includes/allow-prelaunch-shortdesc.md b/windows/client-management/includes/allow-prelaunch-shortdesc.md index fcaf11e3ef..a8437f2035 100644 --- a/windows/client-management/includes/allow-prelaunch-shortdesc.md +++ b/windows/client-management/includes/allow-prelaunch-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching. diff --git a/windows/client-management/includes/allow-printing-shortdesc.md b/windows/client-management/includes/allow-printing-shortdesc.md index f03766176c..288599efdd 100644 --- a/windows/client-management/includes/allow-printing-shortdesc.md +++ b/windows/client-management/includes/allow-printing-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. diff --git a/windows/client-management/includes/allow-saving-history-shortdesc.md b/windows/client-management/includes/allow-saving-history-shortdesc.md index 822a8f9b81..8f5084cda1 100644 --- a/windows/client-management/includes/allow-saving-history-shortdesc.md +++ b/windows/client-management/includes/allow-saving-history-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md index 1ecba430cb..d7acad8b8d 100644 --- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md +++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md index 985741be58..5774f8089e 100644 --- a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md +++ b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/allow-tab-preloading-shortdesc.md b/windows/client-management/includes/allow-tab-preloading-shortdesc.md index 783d8517ed..ec10c36e78 100644 --- a/windows/client-management/includes/allow-tab-preloading-shortdesc.md +++ b/windows/client-management/includes/allow-tab-preloading-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. diff --git a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md index eb2a40f269..5d9a75ed5a 100644 --- a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md +++ b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 11/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. +--- +author: dansimp +ms.author: dansimp +ms.date: 11/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. diff --git a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md index 51e769d22c..2c63762356 100644 --- a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md +++ b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder. diff --git a/windows/client-management/includes/always-show-books-library-shortdesc.md b/windows/client-management/includes/always-show-books-library-shortdesc.md index 264f64a898..a9e0bdb003 100644 --- a/windows/client-management/includes/always-show-books-library-shortdesc.md +++ b/windows/client-management/includes/always-show-books-library-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region. diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md index cd9e9d9751..2560751600 100644 --- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md +++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md index 0f73c32d5f..d409c6374c 100644 --- a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md +++ b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically. diff --git a/windows/client-management/includes/configure-autofill-shortdesc.md b/windows/client-management/includes/configure-autofill-shortdesc.md index 94441080d8..74af7970c6 100644 --- a/windows/client-management/includes/configure-autofill-shortdesc.md +++ b/windows/client-management/includes/configure-autofill-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. diff --git a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md index 90eddc5182..935810a840 100644 --- a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md +++ b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-cookies-shortdesc.md b/windows/client-management/includes/configure-cookies-shortdesc.md index 93152d2e3d..eeb223000b 100644 --- a/windows/client-management/includes/configure-cookies-shortdesc.md +++ b/windows/client-management/includes/configure-cookies-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. diff --git a/windows/client-management/includes/configure-do-not-track-shortdesc.md b/windows/client-management/includes/configure-do-not-track-shortdesc.md index c5253680b3..d69135a7e9 100644 --- a/windows/client-management/includes/configure-do-not-track-shortdesc.md +++ b/windows/client-management/includes/configure-do-not-track-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md index d13febee60..f98aa94435 100644 --- a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md +++ b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. diff --git a/windows/client-management/includes/configure-favorites-bar-shortdesc.md b/windows/client-management/includes/configure-favorites-bar-shortdesc.md index 8f16c20242..661818a582 100644 --- a/windows/client-management/includes/configure-favorites-bar-shortdesc.md +++ b/windows/client-management/includes/configure-favorites-bar-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages. diff --git a/windows/client-management/includes/configure-favorites-shortdesc.md b/windows/client-management/includes/configure-favorites-shortdesc.md index 9317df97f3..34e0cded8f 100644 --- a/windows/client-management/includes/configure-favorites-shortdesc.md +++ b/windows/client-management/includes/configure-favorites-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. diff --git a/windows/client-management/includes/configure-home-button-shortdesc.md b/windows/client-management/includes/configure-home-button-shortdesc.md index c02a0dcee9..17d1b68784 100644 --- a/windows/client-management/includes/configure-home-button-shortdesc.md +++ b/windows/client-management/includes/configure-home-button-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md index 8397ff7c18..b16c3d18e4 100644 --- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md +++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md index 3a7657e544..767c933e7c 100644 --- a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md +++ b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data. diff --git a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md index 97d9c264c0..26dc5e0d88 100644 --- a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md +++ b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-password-manager-shortdesc.md b/windows/client-management/includes/configure-password-manager-shortdesc.md index 0d3bd9b655..f0b41c5b0f 100644 --- a/windows/client-management/includes/configure-password-manager-shortdesc.md +++ b/windows/client-management/includes/configure-password-manager-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. diff --git a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md index d15347179d..a34c788e1e 100644 --- a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md +++ b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md @@ -1,12 +1,12 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy. - +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy. + diff --git a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md index 2bdf42c6d3..71b3e06d0d 100644 --- a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md +++ b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions. diff --git a/windows/client-management/includes/configure-start-pages-shortdesc.md b/windows/client-management/includes/configure-start-pages-shortdesc.md index e8c18a3d8b..76e4a07003 100644 --- a/windows/client-management/includes/configure-start-pages-shortdesc.md +++ b/windows/client-management/includes/configure-start-pages-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md index 8eeb1e44a5..1682bc2ca2 100644 --- a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md +++ b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md index 37156ee3a7..12bcdd34b8 100644 --- a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md +++ b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md index f0cb07d514..b269a7f3e3 100644 --- a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md +++ b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option. diff --git a/windows/client-management/includes/do-not-sync-shortdesc.md b/windows/client-management/includes/do-not-sync-shortdesc.md index f61cc11548..2fe09c0260 100644 --- a/windows/client-management/includes/do-not-sync-shortdesc.md +++ b/windows/client-management/includes/do-not-sync-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. diff --git a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md index 3bd062d263..0b377e56b6 100644 --- a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md +++ b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. diff --git a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md index 05fce92a47..2b26624e8c 100644 --- a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md +++ b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 04/23/2020 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md index f4acce9ce0..d5f609cfa6 100644 --- a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md +++ b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md index 3676adbc89..f6b222fde2 100644 --- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md +++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s). +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s). diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md index 05bae5dac6..d04429bef8 100644 --- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md +++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site. diff --git a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md index 675180c666..c73e676517 100644 --- a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md +++ b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings. diff --git a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md index 33db87a522..b635ee64e8 100644 --- a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md +++ b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. diff --git a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md index 30d9a48e8d..bba9ec1ad5 100644 --- a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md +++ b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience. diff --git a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md index 9ed6170971..c156c94126 100644 --- a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md +++ b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch. diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md index b7331dd725..4209d79579 100644 --- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md +++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md index e624de62e6..037c535aa8 100644 --- a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md +++ b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. diff --git a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md index b7b66d315b..fe0bc3c307 100644 --- a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md +++ b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md index 2ddbc5c6d7..6f47ca66c4 100644 --- a/windows/client-management/includes/provision-favorites-shortdesc.md +++ b/windows/client-management/includes/provision-favorites-shortdesc.md @@ -3,7 +3,6 @@ author: dansimp ms.author: dansimp ms.date: 10/02/2018 ms.reviewer: -audience: itpro manager: dansimp ms.prod: edge ms.topic: include diff --git a/windows/client-management/includes/search-provider-discovery-shortdesc.md b/windows/client-management/includes/search-provider-discovery-shortdesc.md index 8f54c4b93a..8524933996 100644 --- a/windows/client-management/includes/search-provider-discovery-shortdesc.md +++ b/windows/client-management/includes/search-provider-discovery-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. diff --git a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md index 787f96dd9b..3b17cd7e5f 100644 --- a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md +++ b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. diff --git a/windows/client-management/includes/set-default-search-engine-shortdesc.md b/windows/client-management/includes/set-default-search-engine-shortdesc.md index 39b408d1b4..958dd67138 100644 --- a/windows/client-management/includes/set-default-search-engine-shortdesc.md +++ b/windows/client-management/includes/set-default-search-engine-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes. diff --git a/windows/client-management/includes/set-home-button-url-shortdesc.md b/windows/client-management/includes/set-home-button-url-shortdesc.md index 863cfdf84a..67e62738a6 100644 --- a/windows/client-management/includes/set-home-button-url-shortdesc.md +++ b/windows/client-management/includes/set-home-button-url-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button. diff --git a/windows/client-management/includes/set-new-tab-url-shortdesc.md b/windows/client-management/includes/set-new-tab-url-shortdesc.md index 5062d322e4..a909cbbdc7 100644 --- a/windows/client-management/includes/set-new-tab-url-shortdesc.md +++ b/windows/client-management/includes/set-new-tab-url-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. diff --git a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md index 1dc59094fd..5fda91f3db 100644 --- a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md +++ b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md @@ -1,10 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- -Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both. diff --git a/windows/client-management/includes/unlock-home-button-shortdesc.md b/windows/client-management/includes/unlock-home-button-shortdesc.md index 0dd37009b6..722998c5bf 100644 --- a/windows/client-management/includes/unlock-home-button-shortdesc.md +++ b/windows/client-management/includes/unlock-home-button-shortdesc.md @@ -1,11 +1,11 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. From 91f0fdd802db976644739d245e749f598fe4c22a Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Mon, 16 May 2022 18:08:15 +0530 Subject: [PATCH 137/540] minor change --- .../includes/allow-tab-preloading-shortdesc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/includes/allow-tab-preloading-shortdesc.md b/windows/client-management/includes/allow-tab-preloading-shortdesc.md index ec10c36e78..5008070f5b 100644 --- a/windows/client-management/includes/allow-tab-preloading-shortdesc.md +++ b/windows/client-management/includes/allow-tab-preloading-shortdesc.md @@ -8,4 +8,4 @@ ms.prod: edge ms.topic: include --- -Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. +Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign-in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. From 272182017acb474a2756bb8ec9cf939044d4970a Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 16 May 2022 17:26:41 -0400 Subject: [PATCH 138/540] delete office 2010 links --- ...v-deploying-microsoft-office-2010-wth-appv.md | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index cf9b704fd3..6dfd2e2b1c 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -77,17 +77,6 @@ The following table provides a full list of supported integration points for Off |OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders|| ## Additional resources - -### Office 2013 App-V Packages Additional Resources - -* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/kb/2772509) - -### Office 2010 App-V Packages - -* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399) -* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619) -* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069) - ### Connection Groups * [Managing Connection Groups](appv-managing-connection-groups.md) @@ -95,7 +84,4 @@ The following table provides a full list of supported integration points for Off ### Dynamic Configuration -* [About App-V Dynamic Configuration](appv-dynamic-configuration.md) - - - +* [About App-V Dynamic Configuration](appv-dynamic-configuration.md) \ No newline at end of file From 196914ae694f4ac1c97ebec11a75111c086a9765 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 17 May 2022 11:08:59 -0400 Subject: [PATCH 139/540] update blog link --- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index 6dfd2e2b1c..dc54cfce66 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -76,11 +76,10 @@ The following table provides a full list of supported integration points for Off |Active X Controls:
    - Groove.SiteClient
    - PortalConnect.PersonalSite
    - SharePoint.openDocuments
    - SharePoint.ExportDatabase
    - SharePoint.SpreadSheetLauncher
    - SharePoint.StssyncHander
    - SharePoint.DragUploadCtl
    - SharePoint.DragDownloadCtl
    - Sharpoint.OpenXMLDocuments
    - Sharepoint.ClipboardCtl
    - WinProj.Activator
    - Name.NameCtrl
    - STSUPld.CopyCtl
    - CommunicatorMeetingJoinAx.JoinManager
    - LISTNET.Listnet
    - OneDrive Pro Browser Helper|Active X Control.

    For more information about ActiveX controls, see the [ActiveX Control API Reference]().|| |OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders|| -## Additional resources ### Connection Groups * [Managing Connection Groups](appv-managing-connection-groups.md) -* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/) +* [Connection groups on the App-V team blog](/archive/blogs/appv/) ### Dynamic Configuration From 2b869f83bad5dfdedb960df34765cdb80f2281e9 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 17 May 2022 11:13:46 -0400 Subject: [PATCH 140/540] update blog link --- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index dc54cfce66..457c0cd25e 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -79,7 +79,7 @@ The following table provides a full list of supported integration points for Off ### Connection Groups * [Managing Connection Groups](appv-managing-connection-groups.md) -* [Connection groups on the App-V team blog](/archive/blogs/appv/) +* [Connection groups on the App-V team blog](/archive/blogs/appv) ### Dynamic Configuration From d14e7e130eddf59c1d2bcbf50d98344907e576b6 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 17 May 2022 11:28:00 -0400 Subject: [PATCH 141/540] delete blog link --- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index 457c0cd25e..d767f2dfc4 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -79,7 +79,6 @@ The following table provides a full list of supported integration points for Off ### Connection Groups * [Managing Connection Groups](appv-managing-connection-groups.md) -* [Connection groups on the App-V team blog](/archive/blogs/appv) ### Dynamic Configuration From eebc90dba5c1cc75d0fd14db060654f9fd17972a Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 00:42:01 +0530 Subject: [PATCH 142/540] improved articles content standards --- .../policy-csp-windowsconnectionmanager.md | 21 ++-- ...olicy-csp-windowsdefendersecuritycenter.md | 109 +++++++++++------- .../mdm/policy-csp-windowsinkworkspace.md | 7 +- .../mdm/policy-csp-windowslogon.md | 13 ++- .../mdm/policy-csp-windowspowershell.md | 18 +-- .../mdm/policy-csp-windowssandbox.md | 15 ++- .../mdm/policy-csp-wirelessdisplay.md | 14 +++ ...microsoft-defender-smartscreen-overview.md | 11 +- 8 files changed, 135 insertions(+), 73 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index dd72a9ae8b..91ec87c881 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - WindowsConnectionManager - -
    @@ -34,6 +32,7 @@ manager: dansimp **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -60,23 +59,25 @@ This policy setting prevents computers from connecting to both a domain-based ne If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances: -Automatic connection attempts +Automatic connection attempts: + - When the computer is already connected to a domain-based network, all automatic connection attempts to non-domain networks are blocked. - When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked. -Manual connection attempts -- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed. -- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked. +Manual connection attempts: + +- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing network connection is disconnected and the manual connection is allowed. +- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing Ethernet connection is maintained and the manual connection attempt is blocked. If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -89,6 +90,8 @@ ADMX Info:
    - +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index f7a519d956..d183826d60 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -14,10 +14,10 @@ manager: dansimp # Policy CSP - WindowsDefenderSecurityCenter -
    + ## WindowsDefenderSecurityCenter policies
    @@ -89,13 +89,13 @@ manager: dansimp
    -
    **WindowsDefenderSecurityCenter/CompanyName** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -120,10 +120,12 @@ manager: dansimp The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options. -Value type is string. Supported operations are Add, Get, Replace and Delete. +- Supported value type is string. +- Supported operations are Add, Get, Replace and Delete. + ADMX Info: - GP Friendly name: *Specify contact company name* - GP name: *EnterpriseCustomization_CompanyName* @@ -140,6 +142,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -188,6 +191,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableAppBrowserUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -212,7 +216,8 @@ Valid values: Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -238,6 +243,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableClearTpmButton** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -262,14 +268,9 @@ The following list shows the supported values: Disable the Clear TPM button in Windows Security. -Enabled: -The Clear TPM button will be unavailable for use. - -Disabled: -The Clear TPM button will be available for use on supported systems. - -Not configured: -Same as Disabled. +- Enabled: The Clear TPM button will be unavailable for use. +- Disabled: The Clear TPM button will be available for use on supported systems. +- Not configured: Same as Disabled. Supported values: @@ -302,6 +303,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -350,6 +352,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -377,7 +380,8 @@ Use this policy if you want Windows Defender Security Center to only display not > [!NOTE] > If Suppress notification is enabled then users won't see critical or non-critical messages. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -403,6 +407,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableFamilyUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -427,7 +432,8 @@ The following list shows the supported values: Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -453,6 +459,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableHealthUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -477,7 +484,8 @@ The following list shows the supported values: Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -503,6 +511,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNetworkUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -527,7 +536,8 @@ The following list shows the supported values: Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -553,6 +563,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNotifications** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -577,7 +588,8 @@ The following list shows the supported values: Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -603,6 +615,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -627,14 +640,9 @@ The following list shows the supported values: Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. -Enabled: -Users won't be shown a recommendation to update their TPM Firmware. - -Disabled: -Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware. - -Not configured: -Same as Disabled. +- Enabled: Users won't be shown a recommendation to update their TPM Firmware. +- Disabled: Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware. +- Not configured: Same as Disabled. Supported values: @@ -667,6 +675,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableVirusUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -691,7 +700,8 @@ ADMX Info: Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -717,6 +727,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -741,7 +752,8 @@ The following list shows the supported values: Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area. -Value type is integer. Supported operations are Add, Get, Replace and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace and Delete. @@ -767,6 +779,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/Email** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -789,9 +802,10 @@ The following list shows the supported values: -The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. +The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. -Value type is string. Supported operations are Add, Get, Replace and Delete. +- Supported value type is string. +- Supported operations are Add, Get, Replace and Delete. @@ -811,6 +825,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/EnableCustomizedToasts** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -835,7 +850,8 @@ ADMX Info: Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -861,6 +877,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/EnableInAppCustomization** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -885,7 +902,8 @@ The following list shows the supported values: Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +- Support value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -911,6 +929,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -959,6 +978,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideSecureBoot** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1007,6 +1027,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1055,6 +1076,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1081,14 +1103,9 @@ This policy setting hides the Windows Security notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect. -Enabled: -Windows Security notification area control will be hidden. - -Disabled: -Windows Security notification area control will be shown. - -Not configured: -Same as Disabled. +- Enabled: Windows Security notification area control will be hidden. +- Disabled: Windows Security notification area control will be shown. +- Not configured: Same as Disabled. Supported values: @@ -1121,6 +1138,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/Phone** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1143,9 +1161,10 @@ ADMX Info: -The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. +The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. -Value type is string. Supported operations are Add, Get, Replace, and Delete. +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -1165,6 +1184,7 @@ ADMX Info: **WindowsDefenderSecurityCenter/URL** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1189,7 +1209,8 @@ ADMX Info: The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options. -Value type is string. Supported operations are Add, Get, Replace, and Delete. +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -1205,3 +1226,7 @@ ADMX Info:
    + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 6daf010d04..6558defef0 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - WindowsInkWorkspace -
    @@ -29,13 +28,13 @@ manager: dansimp
    • -
    **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -84,6 +83,7 @@ The following list shows the supported values: **WindowsInkWorkspace/AllowWindowsInkWorkspace** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -131,3 +131,6 @@ Value type is int. The following list shows the supported values: +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 4998d7eaf9..efe4736360 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - WindowsLogon - -
    @@ -52,13 +50,13 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -
    **WindowsLogon/AllowAutomaticRestartSignOn** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -120,6 +118,7 @@ ADMX Info: **WindowsLogon/ConfigAutomaticRestartSignOn** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -181,6 +180,7 @@ ADMX Info: **WindowsLogon/DisableLockScreenAppNotifications** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -227,6 +227,7 @@ ADMX Info: **WindowsLogon/DontDisplayNetworkSelectionUI** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -298,6 +299,7 @@ ADMX Info: **WindowsLogon/EnableFirstLogonAnimation** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -359,6 +361,7 @@ Supported values: **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -405,6 +408,7 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -457,3 +461,6 @@ To validate on Desktop, do the following steps: +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 13e24a3f5d..72dea8d591 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - WindowsPowerShell - -
    @@ -34,6 +32,7 @@ manager: dansimp **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -57,19 +56,18 @@ manager: dansimp -This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, -Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation. +This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation. If you disable this policy setting, logging of PowerShell script input is disabled. -If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script -starts or stops. Enabling Invocation Logging generates a high volume of event logs. +If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. -Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. +> [!NOTE] +> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -86,6 +84,8 @@ ADMX Info:
    - +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 02edfd6f6e..624cc3bf00 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -39,7 +39,6 @@ ms.date: 10/14/2020 -
    @@ -48,6 +47,7 @@ ms.date: 10/14/2020 Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -118,6 +118,7 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -142,7 +143,7 @@ Available in the latest Windows 10 insider preview build. This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox. -If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled. +If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled). If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file. @@ -185,6 +186,7 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -250,6 +252,7 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -272,7 +275,7 @@ Available in the latest Windows 10 insider preview build. -This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. +This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. If this policy isn't configured, end-users get the default behavior (printer sharing disabled). @@ -316,6 +319,7 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -385,6 +389,7 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -448,3 +453,7 @@ The following are the supported values:
    + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index ac5e6d69fd..dcd3751ad4 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -56,6 +56,7 @@ manager: dansimp **WirelessDisplay/AllowMdnsAdvertisement** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -96,6 +97,7 @@ The following list shows the supported values: **WirelessDisplay/AllowMdnsDiscovery** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -136,6 +138,7 @@ The following list shows the supported values: **WirelessDisplay/AllowMovementDetectionOnInfrastructure** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -183,6 +186,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPC** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -223,6 +227,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -263,6 +268,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPC** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -315,6 +321,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPCOverInfrastructure** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -355,6 +362,7 @@ The following list shows the supported values: **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -395,6 +403,7 @@ The following list shows the supported values: **WirelessDisplay/RequirePinForPairing** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -444,3 +453,8 @@ The following list shows the supported values: +CSP Article: + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 8b9946ec0d..b8315b0805 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -26,7 +26,7 @@ Microsoft Defender SmartScreen protects against phishing or malware websites and **Microsoft Defender SmartScreen determines whether a site is potentially malicious by:** -- Analyzing visited webpages looking for indications of suspicious behavior. If Microsoft Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution. +- Analyzing visited webpages and looking for indications of suspicious behavior. If Microsoft Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution. - Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious. @@ -40,11 +40,11 @@ Microsoft Defender SmartScreen protects against phishing or malware websites and Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially engineered attack. The primary benefits are: -- **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) +- **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more information about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) - **Reputation-based URL and app protection.** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user. -- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) attempts to download and run. +- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) that attempts to download and run. - **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files. @@ -57,7 +57,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites ## Submit files to Microsoft Defender SmartScreen for review -If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more info, see [Submit files for analysis](../intelligence/submission-guide.md). +If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more information, see [Submit files for analysis](../intelligence/submission-guide.md). When submitting Microsoft Defender SmartScreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu. @@ -66,7 +66,7 @@ When submitting Microsoft Defender SmartScreen products, make sure to select **M ## Viewing Microsoft Defender SmartScreen anti-phishing events > [!NOTE] -> No SmartScreen events will be logged when using Microsoft Edge version 77 or later. +> No SmartScreen events will be logged when using Microsoft Edge version 77 or later. When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](/previous-versions/windows/internet-explorer/ie-developer/compatibility/dd565657(v=vs.85)). @@ -93,3 +93,4 @@ wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) +- [Configuration service provider reference](configuration-service-provider-reference.md) From 142a42091d8cf2914c377ed8e69036a568d03e0a Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 00:46:02 +0530 Subject: [PATCH 143/540] updated the warning --- windows/client-management/mdm/remotewipe-csp.md | 1 - .../microsoft-defender-smartscreen-overview.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 1ff78fcccf..71dc0a0ee7 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -14,7 +14,6 @@ ms.date: 08/13/2018 # RemoteWipe CSP - The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen. The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server. diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index b8315b0805..cbfdb726e5 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -93,4 +93,4 @@ wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) -- [Configuration service provider reference](configuration-service-provider-reference.md) +- [Configuration service provider reference](configuration-service-provider-reference) From 5729f205dace9b399877ddab8fd71ce4027725c3 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 00:57:04 +0530 Subject: [PATCH 144/540] updated the warning message --- .../microsoft-defender-smartscreen-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index cbfdb726e5..9ee78613b9 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -93,4 +93,4 @@ wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) -- [Configuration service provider reference](configuration-service-provider-reference) +- [Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file From cf33a8f347b929bf67e33691dd74feb0837f9eac Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 12:30:37 +0530 Subject: [PATCH 145/540] updated the warning --- .../microsoft-defender-smartscreen-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 9ee78613b9..8f1a4ae578 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -93,4 +93,4 @@ wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) -- [Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +- [Configuration service provider reference](../../../client-management/mdm/configuration-service-provider-reference.md#configuration-service-provider-reference) \ No newline at end of file From b85e065aee826b92d15b63dd5fa3189319577c2b Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 12:40:42 +0530 Subject: [PATCH 146/540] Update microsoft-defender-smartscreen-overview.md --- .../microsoft-defender-smartscreen-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 8f1a4ae578..e8290ad47b 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -93,4 +93,4 @@ wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) -- [Configuration service provider reference](../../../client-management/mdm/configuration-service-provider-reference.md#configuration-service-provider-reference) \ No newline at end of file +- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference.md#configuration-service-provider-reference) \ No newline at end of file From 22c0de6f7bb7fb5c2065c111dcded0607e9c8453 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Wed, 18 May 2022 19:54:39 +0530 Subject: [PATCH 147/540] changes to metedata --- windows/client-management/mdm/get-inventory.md | 1 - windows/client-management/mdm/get-localized-product-details.md | 1 - windows/client-management/mdm/get-offline-license.md | 1 - windows/client-management/mdm/get-product-details.md | 1 - windows/client-management/mdm/get-product-package.md | 1 - windows/client-management/mdm/get-product-packages.md | 1 - windows/client-management/mdm/get-seat.md | 1 - windows/client-management/mdm/get-seats-assigned-to-a-user.md | 1 - windows/client-management/mdm/get-seats.md | 1 - windows/client-management/mdm/healthattestation-csp.md | 1 - windows/client-management/mdm/healthattestation-ddf.md | 1 - windows/client-management/mdm/index.md | 1 - .../mdm/management-tool-for-windows-store-for-business.md | 1 - .../client-management/mdm/mdm-enrollment-of-windows-devices.md | 1 - windows/client-management/mdm/mobile-device-enrollment.md | 1 - windows/client-management/mdm/nap-csp.md | 1 - windows/client-management/mdm/napdef-csp.md | 1 - windows/client-management/mdm/networkqospolicy-ddf.md | 1 - .../mdm/new-in-windows-mdm-enrollment-management.md | 1 - windows/client-management/mdm/nodecache-csp.md | 1 - windows/client-management/mdm/nodecache-ddf-file.md | 1 - windows/client-management/mdm/office-ddf.md | 1 - windows/client-management/mdm/oma-dm-protocol-support.md | 1 - .../mdm/on-premise-authentication-device-enrollment.md | 1 - windows/client-management/mdm/passportforwork-csp.md | 1 - windows/client-management/mdm/passportforwork-ddf.md | 1 - .../mdm/policy-configuration-service-provider.md | 1 - 27 files changed, 27 deletions(-) diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index 1528b38039..c4613e5251 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -4,7 +4,6 @@ description: The Get Inventory operation retrieves information from the Microsof MS-HAID: - 'p\_phdevicemgmt.get\_seatblock' - 'p\_phDeviceMgmt.get\_inventory' -ms.assetid: C5485722-FC49-4358-A097-74169B204E74 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 42e72419df..1b91dfb6f8 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -1,7 +1,6 @@ --- title: Get localized product details description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business. -ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index b75fe48a08..24ff7dd8f5 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -1,7 +1,6 @@ --- title: Get offline license description: The Get offline license operation retrieves the offline license information of a product from the Microsoft Store for Business. -ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 091c5884ce..2b5f901e1d 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -1,7 +1,6 @@ --- title: Get product details description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application. -ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 42061b81b9..aaeb5a3b5e 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -1,7 +1,6 @@ --- title: Get product package description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business. -ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 3cb5f24efe..3eb39cbd7c 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -1,7 +1,6 @@ --- title: Get product packages description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business. -ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index b8b6aa4fa6..d0aec2af0b 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -1,7 +1,6 @@ --- title: Get seat description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business. -ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 5f70d09f93..a657aa4026 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -1,7 +1,6 @@ --- title: Get seats assigned to a user description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business. -ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index 8872ddf1ec..2dc6f0a475 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -1,7 +1,6 @@ --- title: Get seats description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business. -ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 4933026bdc..a2bea9cc23 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -1,7 +1,6 @@ --- title: Device HealthAttestation CSP description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions. -ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 6272e91bf1..65cf48aeb7 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -1,7 +1,6 @@ --- title: HealthAttestation DDF description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider. -ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 7fe9cd95eb..b1e913721b 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -4,7 +4,6 @@ description: Windows 10 and Windows 11 provides an enterprise-level solution to MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' -ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index d210a1ee7e..c472c83092 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -4,7 +4,6 @@ description: The Microsoft Store for Business has a new web service designed for MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool' - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business' -ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 632623eed5..1480b99049 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -4,7 +4,6 @@ description: Learn about mobile device management (MDM) enrollment of Windows 10 MS-HAID: - 'p\_phdevicemgmt.enrollment\_ui' - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index 7a55677360..b02ed00f8b 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -1,7 +1,6 @@ --- title: Mobile device enrollment description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise. -ms.assetid: 08C8B3DB-3263-414B-A368-F47B94F47A11 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index c29289fd2b..30a9bd5f9a 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -1,7 +1,6 @@ --- title: NAP CSP description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections. -ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index 075e0f6619..b96f2ba5b9 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -1,7 +1,6 @@ --- title: NAPDEF CSP description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs). -ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 379f5051ca..0ba34a7805 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -1,7 +1,6 @@ --- title: NetworkQoSPolicy DDF description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 90157cf9e6..d689d8794d 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -4,7 +4,6 @@ description: Discover what's new and breaking changes in Windows 10 and Windows MS-HAID: - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview' - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management' -ms.assetid: 9C42064F-091C-4901-BC73-9ABE79EE4224 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index 039ac5d742..59bf53dfa1 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -1,7 +1,6 @@ --- title: NodeCache CSP description: Use the NodeCache configuration service provider (CSP) to synchronize, monitor, and manage the client cache. -ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index a344d5d843..e62ba59a21 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -1,7 +1,6 @@ --- title: NodeCache DDF file description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP). -ms.assetid: d7605098-12aa-4423-89ae-59624fa31236 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index dedda7070e..05bf3efc0f 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -1,7 +1,6 @@ --- title: Office DDF description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index 04d615adff..0a6a1332c0 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -1,7 +1,6 @@ --- title: OMA DM protocol support description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index 97f5528a43..4d789fb346 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -1,7 +1,6 @@ --- title: On-premises authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy. -ms.assetid: 626AC8B4-7575-4C41-8D59-185D607E3A47 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 21cc92b117..961343eb26 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -1,7 +1,6 @@ --- title: PassportForWork CSP description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). -ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index c8bf22bdf1..0b43dbee05 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -1,7 +1,6 @@ --- title: PassportForWork DDF description: View the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 2c89a44f21..023ece8e40 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1,7 +1,6 @@ --- title: Policy CSP description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11. -ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F ms.reviewer: manager: dansimp ms.author: dansimp From e212d751548c243e90eaac74451b5b9235efeb3e Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Wed, 18 May 2022 20:37:18 +0530 Subject: [PATCH 148/540] changes to metadata --- windows/client-management/mdm/policy-ddf-file.md | 1 - windows/client-management/mdm/policymanager-csp.md | 1 - windows/client-management/mdm/provisioning-csp.md | 2 -- windows/client-management/mdm/proxy-csp.md | 1 - windows/client-management/mdm/push-notification-windows-mdm.md | 1 - windows/client-management/mdm/pxlogical-csp.md | 1 - windows/client-management/mdm/reboot-csp.md | 1 - windows/client-management/mdm/reboot-ddf-file.md | 1 - windows/client-management/mdm/reclaim-seat-from-user.md | 1 - .../register-your-free-azure-active-directory-subscription.md | 1 - windows/client-management/mdm/remotefind-csp.md | 1 - windows/client-management/mdm/remotefind-ddf-file.md | 1 - windows/client-management/mdm/remotering-csp.md | 1 - windows/client-management/mdm/remotering-ddf-file.md | 1 - windows/client-management/mdm/remotewipe-csp.md | 1 - windows/client-management/mdm/remotewipe-ddf-file.md | 1 - windows/client-management/mdm/reporting-csp.md | 1 - windows/client-management/mdm/reporting-ddf-file.md | 1 - .../mdm/rest-api-reference-windows-store-for-business.md | 1 - windows/client-management/mdm/rootcacertificates-csp.md | 1 - windows/client-management/mdm/rootcacertificates-ddf-file.md | 1 - windows/client-management/mdm/secureassessment-csp.md | 1 - windows/client-management/mdm/secureassessment-ddf-file.md | 1 - windows/client-management/mdm/securitypolicy-csp.md | 1 - .../client-management/mdm/server-requirements-windows-mdm.md | 1 - windows/client-management/mdm/sharedpc-csp.md | 1 - windows/client-management/mdm/sharedpc-ddf-file.md | 1 - windows/client-management/mdm/storage-csp.md | 1 - windows/client-management/mdm/storage-ddf-file.md | 1 - .../mdm/structure-of-oma-dm-provisioning-files.md | 1 - windows/client-management/mdm/supl-csp.md | 1 - windows/client-management/mdm/supl-ddf-file.md | 1 - windows/client-management/mdm/surfacehub-csp.md | 1 - windows/client-management/mdm/surfacehub-ddf-file.md | 1 - windows/client-management/mdm/unifiedwritefilter-csp.md | 1 - windows/client-management/mdm/unifiedwritefilter-ddf.md | 1 - windows/client-management/mdm/update-csp.md | 1 - windows/client-management/mdm/update-ddf-file.md | 1 - .../using-powershell-scripting-with-the-wmi-bridge-provider.md | 1 - windows/client-management/mdm/vpn-csp.md | 1 - windows/client-management/mdm/vpn-ddf-file.md | 1 - windows/client-management/mdm/vpnv2-csp.md | 1 - windows/client-management/mdm/vpnv2-ddf-file.md | 1 - windows/client-management/mdm/vpnv2-profile-xsd.md | 1 - windows/client-management/mdm/w4-application-csp.md | 1 - windows/client-management/mdm/w7-application-csp.md | 1 - windows/client-management/mdm/wifi-csp.md | 1 - windows/client-management/mdm/wifi-ddf-file.md | 1 - windows/client-management/mdm/win32appinventory-csp.md | 1 - windows/client-management/mdm/win32appinventory-ddf-file.md | 1 - .../client-management/mdm/windows-mdm-enterprise-settings.md | 1 - .../mdm/windowsadvancedthreatprotection-csp.md | 1 - .../mdm/windowsadvancedthreatprotection-ddf.md | 1 - windows/client-management/mdm/windowsautopilot-csp.md | 1 - windows/client-management/mdm/windowslicensing-csp.md | 1 - windows/client-management/mdm/windowslicensing-ddf-file.md | 1 - .../client-management/mdm/wmi-providers-supported-in-windows.md | 1 - 57 files changed, 58 deletions(-) diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 4294786148..bffc844378 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -1,7 +1,6 @@ --- title: Policy DDF file description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider. -ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index ecef629054..39674a5d28 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -1,7 +1,6 @@ --- title: PolicyManager CSP description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP. -ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 6e19fc3072..91e5ac7b19 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -1,7 +1,6 @@ --- title: Provisioning CSP description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. -ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE ms.reviewer: manager: dansimp ms.author: dansimp @@ -14,7 +13,6 @@ ms.date: 06/26/2017 # Provisioning CSP - The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. > [!NOTE] diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 33a8847c7f..7ad3c65682 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -1,7 +1,6 @@ --- title: PROXY CSP description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections. -ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 43c7d7baf5..5c41f9aa36 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -4,7 +4,6 @@ description: The DMClient CSP supports the ability to configure push-initiated d MS-HAID: - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management' - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm' -ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index cc8752d76b..a1895d84c5 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -1,7 +1,6 @@ --- title: PXLOGICAL configuration service provider description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques. -ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 95d4d915de..b52bb80cca 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -1,7 +1,6 @@ --- title: Reboot CSP description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings. -ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index aa6d711c71..a99a4cfc4d 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -1,7 +1,6 @@ --- title: Reboot DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 89bfa7164d..c5f35430d4 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -1,7 +1,6 @@ --- title: Reclaim seat from user description: The Reclaim seat from user operation returns reclaimed seats for a user in the Microsoft Store for Business. -ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index 0d32ea3135..a51ff42cae 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -1,7 +1,6 @@ --- title: Register your free Azure Active Directory subscription description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD. -ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 51ce1f0fd5..dec689ae00 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -1,7 +1,6 @@ --- title: RemoteFind CSP description: The RemoteFind configuration service provider retrieves the location information for a particular device. -ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index e6b61e9477..5c103ed441 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -1,7 +1,6 @@ --- title: RemoteFind DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 548923b5fe..0e0012bb4b 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -1,7 +1,6 @@ --- title: RemoteRing CSP description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device. -ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index 763d8b6a90..509dd8edc7 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -1,7 +1,6 @@ --- title: RemoteRing DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteRing configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.assetid: 6815267F-212B-4370-8B72-A457E8000F7B ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 1ff78fcccf..2138f28f53 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -1,7 +1,6 @@ --- title: RemoteWipe CSP description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device. -ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index b423d893d9..18769d65c7 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -1,7 +1,6 @@ --- title: RemoteWipe DDF file description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider. -ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 3167a33adc..70b19c930c 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -1,7 +1,6 @@ --- title: Reporting CSP description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. -ms.assetid: 148441A6-D9E1-43D8-ADEE-FB62E85A39F7 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index d5d716e6bb..5393f33827 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -1,7 +1,6 @@ --- title: Reporting DDF file description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider. -ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index db7f1cc835..ef51421942 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -4,7 +4,6 @@ description: Learn how the REST API reference for Microsoft Store for Business i MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' -ms.assetid: 8C48A879-525A-471F-B0FD-506E743A7D2F ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 3b298a1606..973b2dc1c2 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -1,7 +1,6 @@ --- title: RootCATrustedCertificates CSP description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates. -ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 78f3e0b69e..acf09d46a0 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -1,7 +1,6 @@ --- title: RootCATrustedCertificates DDF file description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP). -ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index bdc2932777..6a5a559fdb 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -1,7 +1,6 @@ --- title: SecureAssessment CSP description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser. -ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index 76fa3dcb8b..93079384e1 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -1,7 +1,6 @@ --- title: SecureAssessment DDF file description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML -ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 5664077e3e..9a73f45ba5 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -1,7 +1,6 @@ --- title: SecurityPolicy CSP description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS. -ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index 76c6a97981..f0cade5d43 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -4,7 +4,6 @@ description: Learn about the general server requirements for using OMA DM to man MS-HAID: - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm' - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm' -ms.assetid: 5b90b631-62a6-4949-b53a-01275fd304b2 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 7f8d360143..ab53584baa 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -1,7 +1,6 @@ --- title: SharedPC CSP description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage. -ms.assetid: 31273166-1A1E-4F96-B176-CB42ECB80957 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index 362f24ac59..cc9075b25e 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -1,7 +1,6 @@ --- title: SharedPC DDF file description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP). -ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index 65bbfb02c9..d9df5b94c6 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -1,7 +1,6 @@ --- title: Storage CSP description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings. -ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 83acf0f5a6..c5870a9cb4 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -1,7 +1,6 @@ --- title: Storage DDF file description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP). -ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 5c0940030d..15ee879130 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -1,7 +1,6 @@ --- title: Structure of OMA DM provisioning files description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body. -ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 61cb297fdf..7efdff3ed4 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -1,7 +1,6 @@ --- title: SUPL CSP description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client. -ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index dec54b3f0a..5d250c07da 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -1,7 +1,6 @@ --- title: SUPL DDF file description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider. -ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 1e276239dd..5e8e60c714 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -1,7 +1,6 @@ --- title: SurfaceHub CSP description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. -ms.assetid: 36FBBC32-AD6A-41F1-86BF-B384891AA693 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index 70ed2fa2a4..1a8a825bde 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -1,7 +1,6 @@ --- title: SurfaceHub DDF file description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. -ms.assetid: D34DA1C2-09A2-4BA3-BE99-AC483C278436 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 1904740772..afc9eddd8d 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -1,7 +1,6 @@ --- title: UnifiedWriteFilter CSP description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media. -ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index f91c0ba659..51a25e686a 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -1,7 +1,6 @@ --- title: UnifiedWriteFilter DDF File description: UnifiedWriteFilter DDF File -ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index c728cdb027..b8505eb687 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -1,7 +1,6 @@ --- title: Update CSP description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates. -ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index efba4330c5..3daad32697 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -1,7 +1,6 @@ --- title: Update DDF file description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP). -ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index 7dee32b407..6d66ae073b 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -1,7 +1,6 @@ --- title: Using PowerShell scripting with the WMI Bridge Provider description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider. -ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 4e2ae5fec4..e26ae9c716 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -1,7 +1,6 @@ --- title: VPN CSP description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device. -ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index ba5b9526f2..a59443bf05 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -1,7 +1,6 @@ --- title: VPN DDF file description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP). -ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 07dbd492dc..8f685802c5 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -1,7 +1,6 @@ --- title: VPNv2 CSP description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device. -ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2 ms.reviewer: pesmith manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 7ac4734a65..072648238a 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -1,7 +1,6 @@ --- title: VPNv2 DDF file description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider. -ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94 ms.reviewer: pesmith manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index d318a8734b..59996de200 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -1,7 +1,6 @@ --- title: ProfileXML XSD description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. -ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index fca8b3674b..032a13a12c 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -1,7 +1,6 @@ --- title: w4 APPLICATION CSP description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS). -ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 139c2e3cfd..a3147f4436 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -1,7 +1,6 @@ --- title: w7 APPLICATION CSP description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. -ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index c88fc017ab..d84c520dcb 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -1,7 +1,6 @@ --- title: WiFi CSP description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device. -ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index c64fc0e3c2..e0535d41b2 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -1,7 +1,6 @@ --- title: WiFi DDF file description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP). -ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index a537048478..1e24be3a6b 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -1,7 +1,6 @@ --- title: Win32AppInventory CSP description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device. -ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index a70763abb9..d7b403f521 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -1,7 +1,6 @@ --- title: Win32AppInventory DDF file description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP). -ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index d9ef683424..6ae938bf13 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -4,7 +4,6 @@ description: The DM client manages the interaction between a device and a server MS-HAID: - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management' - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings' -ms.assetid: 92711D65-3022-4789-924B-602BE3187E23 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 2d7afd2ff5..046fe59768 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -1,7 +1,6 @@ --- title: WindowsAdvancedThreatProtection CSP description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. -ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index 93b378c6f0..7c16bf80a6 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -1,7 +1,6 @@ --- title: WindowsAdvancedThreatProtection DDF file description: Learn how the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP). -ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md index b50c42c129..7b0a05dfbf 100644 --- a/windows/client-management/mdm/windowsautopilot-csp.md +++ b/windows/client-management/mdm/windowsautopilot-csp.md @@ -1,7 +1,6 @@ --- title: WindowsAutoPilot CSP description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot. -ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6 ms.reviewer: manager: dansimp ms.author: v-nsatapathy diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 0789764ab1..ad82680538 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -1,7 +1,6 @@ --- title: WindowsLicensing CSP description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios. -ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index 5286cedaa2..1d6bbd5bd3 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -1,7 +1,6 @@ --- title: WindowsLicensing DDF file description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP). -ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index c968865ad0..c185fbbae1 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -4,7 +4,6 @@ description: Manage settings and applications on devices that subscribe to the M MS-HAID: - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A ms.reviewer: manager: dansimp ms.author: dansimp From 1f75129a35c1273dcd97d9b653948218e1b41508 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 18 May 2022 21:18:50 +0530 Subject: [PATCH 149/540] improving the content format and conistency --- .../mdm/policy-csp-userrights.md | 68 ++++++++++++++++--- ...olicy-csp-virtualizationbasedtechnology.md | 20 +++--- .../mdm/policy-csp-windowsinkworkspace.md | 2 +- .../mdm/policy-csp-wirelessdisplay.md | 4 +- .../mdm/windowsautopilot-csp.md | 9 ++- ...microsoft-defender-smartscreen-overview.md | 12 ++-- 6 files changed, 87 insertions(+), 28 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 3d13322718..1f0d50d501 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - UserRights -
    User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab). @@ -77,7 +76,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s > [!NOTE] > `` is the entity encoding of 0xF000. -For example, the following syntax grants user rights to Authenticated Users and Replicator user groups: +For example, the following syntax grants user rights to Authenticated Users and Replicator user groups.: ```xml @@ -197,6 +196,7 @@ For example, the following syntax grants user rights to a specific user or group **UserRights/AccessCredentialManagerAsTrustedCaller** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -236,6 +236,7 @@ GP Info: **UserRights/AccessFromNetwork** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -259,6 +260,7 @@ GP Info: This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services isn't affected by this user right. + > [!NOTE] > Remote Desktop Services was called Terminal Services in previous versions of Windows Server. @@ -277,6 +279,7 @@ GP Info: **UserRights/ActAsPartOfTheOperatingSystem** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -300,6 +303,7 @@ GP Info: This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. + > [!CAUTION] > Assigning this user right can be a security risk. Assign this user right to trusted users only. @@ -318,6 +322,7 @@ GP Info: **UserRights/AllowLocalLogOn** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -341,6 +346,7 @@ GP Info: This user right determines which users can sign in to the computer. + > [!NOTE] > Modifying this setting might affect compatibility with clients, services, and applications. For compatibility information about this setting, see [Allow log on locally](https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. @@ -359,6 +365,7 @@ GP Info: **UserRights/BackupFilesAndDirectories** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -382,6 +389,7 @@ GP Info: This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Read. + > [!CAUTION] > Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, assign this user right to trusted users only. @@ -400,6 +408,7 @@ GP Info: **UserRights/ChangeSystemTime** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -423,8 +432,9 @@ GP Info: This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. + > [!CAUTION] -> Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy. +> Configuring user rights replaces existing users or groups previously assigned to those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy. > > Not including the Local Service account will result in failure with the following error: > @@ -447,6 +457,7 @@ GP Info: **UserRights/CreateGlobalObjects** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -470,6 +481,7 @@ GP Info: This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. + > [!CAUTION] > Assigning this user right can be a security risk. Assign this user right to trusted users only. @@ -488,6 +500,7 @@ GP Info: **UserRights/CreatePageFile** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -527,6 +540,7 @@ GP Info: **UserRights/CreatePermanentSharedObjects** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -566,6 +580,7 @@ GP Info: **UserRights/CreateSymbolicLinks** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -589,8 +604,10 @@ GP Info: This user right determines if the user can create a symbolic link from the computer they're signed in to. + > [!CAUTION] > This privilege should be given to trusted users only. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. + > [!NOTE] > This setting can be used in conjunction with a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. @@ -609,6 +626,7 @@ GP Info: **UserRights/CreateToken** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -632,6 +650,7 @@ GP Info: This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System. + > [!CAUTION] > Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system. @@ -650,6 +669,7 @@ GP Info: **UserRights/DebugPrograms** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -673,6 +693,7 @@ GP Info: This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. + > [!CAUTION] > Assigning this user right can be a security risk. Assign this user right to trusted users only. @@ -691,6 +712,7 @@ GP Info: **UserRights/DenyAccessFromNetwork** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -713,7 +735,7 @@ GP Info: -This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. +This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access to this computer from the network policy setting if a user account is subject to both policies. @@ -730,6 +752,7 @@ GP Info: **UserRights/DenyLocalLogOn** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -772,6 +795,7 @@ GP Info: **UserRights/DenyRemoteDesktopServicesLogOn** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -811,6 +835,7 @@ GP Info: **UserRights/EnableDelegation** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -834,6 +859,7 @@ GP Info: This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set. + > [!CAUTION] > Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. @@ -852,6 +878,7 @@ GP Info: **UserRights/GenerateSecurityAudits** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -891,6 +918,7 @@ GP Info: **UserRights/ImpersonateClient** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -914,14 +942,19 @@ GP Info: Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. + > [!CAUTION] > Assigning this user right can be a security risk. Assign this user right to trusted users only. + > [!NOTE] > By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. -1) The access token that is being impersonated is for this user. -2) The user, in this sign-in session, created the access token by signing in to the network with explicit credentials. -3) The requested level is less than Impersonate, such as Anonymous or Identify. + +1. The access token that is being impersonated is for this user. +1. The user, in this sign-in session, created the access token by signing in to the network with explicit credentials. +1. The requested level is less than Impersonate, such as Anonymous or Identify. + Because of these factors, users don't usually need this user right. + > [!WARNING] > If you enable this setting, programs that previously had the Impersonate privilege might lose it, and they might not run. @@ -940,6 +973,7 @@ GP Info: **UserRights/IncreaseSchedulingPriority** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -984,6 +1018,7 @@ GP Info: **UserRights/LoadUnloadDeviceDrivers** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1007,6 +1042,7 @@ GP Info: This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users. + > [!CAUTION] > Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system. @@ -1025,6 +1061,7 @@ GP Info: **UserRights/LockMemory** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1064,6 +1101,7 @@ GP Info: **UserRights/ManageAuditingAndSecurityLog** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1103,6 +1141,7 @@ GP Info: **UserRights/ManageVolume** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1125,7 +1164,7 @@ GP Info: -This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. +This user right determines which users and groups can run maintenance tasks on a volume, such as remote de-fragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. @@ -1142,6 +1181,7 @@ GP Info: **UserRights/ModifyFirmwareEnvironment** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1165,6 +1205,7 @@ GP Info: This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should be modified only by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows. + > [!NOTE] > This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. @@ -1183,6 +1224,7 @@ GP Info: **UserRights/ModifyObjectLabel** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1222,6 +1264,7 @@ GP Info: **UserRights/ProfileSingleProcess** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1261,6 +1304,7 @@ GP Info: **UserRights/RemoteShutdown** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1300,6 +1344,7 @@ GP Info: **UserRights/RestoreFilesAndDirectories** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1323,6 +1368,7 @@ GP Info: This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and it determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Write. + > [!CAUTION] > Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, assign this user right to trusted users only. @@ -1341,6 +1387,7 @@ GP Info: **UserRights/TakeOwnership** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1364,6 +1411,7 @@ GP Info: This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. + > [!CAUTION] > Assigning this user right can be a security risk. Since owners of objects have full control of them, assign this user right to trusted users only. @@ -1378,3 +1426,7 @@ GP Info:
    + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index 2ca5d714a9..d2b0d47276 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -28,13 +28,13 @@ manager: dansimp -
    **VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -57,7 +57,7 @@ manager: dansimp -Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). +Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). >[!NOTE] >After the policy is pushed, a system reboot will be required to change the state of HVCI. @@ -66,9 +66,9 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity The following are the supported values: -- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock -- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock -- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock +- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock. +- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock. +- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock. @@ -84,6 +84,7 @@ The following are the supported values: **VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -106,7 +107,7 @@ The following are the supported values: -Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). +Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). >[!NOTE] >After the policy is pushed, a system reboot will be required to change the state of HVCI. @@ -116,8 +117,8 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity The following are the supported values: -- 0: (Disabled) Do not require UEFI Memory Attributes Table -- 1: (Enabled) Require UEFI Memory Attributes Table +- 0: (Disabled) Do not require UEFI Memory Attributes Table. +- 1: (Enabled) Require UEFI Memory Attributes Table. @@ -131,3 +132,6 @@ The following are the supported values: +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 6558defef0..593806d14f 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -119,7 +119,7 @@ ADMX Info: -Value type is int. The following list shows the supported values: +Supported value type is int. The following list shows the supported values: - 0 - access to ink workspace is disabled. The feature is turned off. - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index dcd3751ad4..c93eeb7247 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -295,7 +295,7 @@ Allow or disallow turning off the projection to a PC. If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. -Value type is integer. +Supported value type is integer. @@ -430,7 +430,7 @@ Allow or disallow requirement for a PIN for pairing. If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. -Value type is integer. +Supported value type is integer. diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md index 1f1f11f0bd..b5198ea0d5 100644 --- a/windows/client-management/mdm/windowsautopilot-csp.md +++ b/windows/client-management/mdm/windowsautopilot-csp.md @@ -25,17 +25,20 @@ The table below shows the applicability of Windows: |Education|No|Yes| > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The WindowsAutopilot CSP exposes Windows Autopilot related device information. The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot. **./Vendor/MSFT/WindowsAutopilot** -Root node. Supported operation is Get. +Root node for the WindowsAutopilot configuration service provider. +Supported operation is Get. **HardwareMismatchRemediationData** -Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot. +Interior node for the HardwareMismatchRemediationData configuration service provider. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot. + +Supported operation is Get. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index e8290ad47b..a15177d7df 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -40,17 +40,17 @@ Microsoft Defender SmartScreen protects against phishing or malware websites and Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially engineered attack. The primary benefits are: -- **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more information about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) +- **Anti-phishing and anti-malware support:** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more information about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) -- **Reputation-based URL and app protection.** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user. +- **Reputation-based URL and app protection:** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user. -- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) that attempts to download and run. +- **Operating system integration:** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) that attempts to download and run. -- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files. +- **Improved heuristics and diagnostic data:** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files. -- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md). +- **Management through Group Policy and Microsoft Intune:** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md). -- **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus). +- **Blocking URLs associated with potentially unwanted applications:** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus). > [!IMPORTANT] > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares. From be8b218f92806ac3065ab3b58e23fccf5b81260a Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 19 May 2022 18:10:38 +0530 Subject: [PATCH 150/540] Update cortana-at-work-crm.md --- windows/configuration/cortana-at-work/cortana-at-work-crm.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md index 805a227811..e82f329a86 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md @@ -2,8 +2,6 @@ title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz From 8b796d72bc221ab2c693a7463249d98ed2f21ee0 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Thu, 19 May 2022 18:31:42 +0530 Subject: [PATCH 151/540] improved the consistency in the article --- .../mdm/policy-csp-update.md | 355 ++++++++++++------ 1 file changed, 234 insertions(+), 121 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index fbc41ad17a..cacd3bcfdf 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -241,6 +241,7 @@ ms.collection: highpri **Update/ActiveHoursEnd** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -263,10 +264,10 @@ ms.collection: highpri -Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. there's a 12-hour maximum from start time. +Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time. > [!NOTE] -> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. +> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. @@ -290,6 +291,7 @@ ADMX Info: **Update/ActiveHoursMaxRange** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -336,6 +338,7 @@ ADMX Info: **Update/ActiveHoursStart** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -361,7 +364,7 @@ ADMX Info: Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time. > [!NOTE] -> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. +> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. @@ -385,6 +388,7 @@ ADMX Info: **Update/AllowAutoUpdate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -426,18 +430,16 @@ ADMX Info: The following list shows the supported values: -- 0 - Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. +- 0 - Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these options, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. - 1 - Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence). - 2 (default) - Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. Automatic restarting when a device isn't being used is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence). - 3 - Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. - 4 - Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only. - 5 - Turn off automatic updates. - > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you won't get security updates as well. - @@ -447,6 +449,7 @@ The following list shows the supported values: **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -469,7 +472,7 @@ The following list shows the supported values: -Option to download updates automatically over metered connections (off by default). Value type is integer. +Option to download updates automatically over metered connections (off by default). The supported value type is integer. A significant number of devices primarily use cellular data and don't have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. @@ -499,6 +502,7 @@ The following list shows the supported values: **Update/AllowMUUpdateService** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -556,6 +560,7 @@ $MUSM.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d") **Update/AllowNonMicrosoftSignedUpdate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -582,7 +587,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b Supported operations are Get and Replace. -This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). This policy allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft, when the update is found on an intranet Microsoft update service location. @@ -600,6 +605,7 @@ The following list shows the supported values: **Update/AllowUpdateService** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -624,7 +630,7 @@ The following list shows the supported values: Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. -Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store +Even when Windows Update is configured to receive updates from an intranet update service. It will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store. Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. @@ -655,6 +661,7 @@ The following list shows the supported values: **Update/AutoRestartDeadlinePeriodInDays** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -679,9 +686,9 @@ The following list shows the supported values: For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled. -The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. +The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks. -Value type is integer. Default is seven days. +Supported value type is integer. Default is seven days. Supported values range: 2-30. @@ -692,7 +699,8 @@ If you enable this policy, a restart will automatically occur the specified numb If you disable or don't configure this policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect: -1. No autorestart with signed-in users for scheduled automatic updates installations. + +1. No autorestart with signed-in users for the scheduled automatic updates installations. 2. Always automatically restart at scheduled time. @@ -713,6 +721,7 @@ ADMX Info: **Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -737,9 +746,9 @@ ADMX Info: For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled. -The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. +The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks. -Value type is integer. Default is 7 days. +Supported value type is integer. Default is 7 days. Supported values range: 2-30. @@ -750,7 +759,8 @@ If you enable this policy, a restart will automatically occur the specified numb If you disable or don't configure this policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations. + +1. No autorestart with logged on users for the scheduled automatic updates installations. 2. Always automatically restart at scheduled time. @@ -771,6 +781,7 @@ ADMX Info: **Update/AutoRestartNotificationSchedule** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -819,6 +830,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). **Update/AutoRestartRequiredNotificationDismissal** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -868,6 +880,7 @@ The following list shows the supported values: **Update/AutomaticMaintenanceWakeUp** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -898,6 +911,7 @@ This policy setting allows you to configure if Automatic Maintenance should make If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary. If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. + ADMX Info: @@ -926,6 +940,7 @@ Supported values: **Update/BranchReadinessLevel** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -966,7 +981,7 @@ The following list shows the supported values: - 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) - 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) - 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) -- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted). +- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted) - 32 {0x20} - General Availability Channel. Device gets feature updates from General Availability Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the General Availability Channel and General Availability Channel (Targeted) into a single General Availability Channel with a value of 16) @@ -978,6 +993,7 @@ The following list shows the supported values: **Update/ConfigureDeadlineForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1030,6 +1046,7 @@ Default value is 7. **Update/ConfigureDeadlineForQualityUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1082,6 +1099,7 @@ Default value is 7. **Update/ConfigureDeadlineGracePeriod** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1104,7 +1122,7 @@ Default value is 7. -When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used. +When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used. @@ -1117,7 +1135,7 @@ ADMX Info: -Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update. +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required quality update. Default value is 2. @@ -1135,6 +1153,7 @@ Default value is 2. **Update/ConfigureDeadlineGracePeriodForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1158,7 +1177,7 @@ Default value is 2. -When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used. +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used. @@ -1171,7 +1190,7 @@ ADMX Info: -Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update. +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required feature update. Default value is 2. @@ -1189,6 +1208,7 @@ Default value is 2. **Update/ConfigureDeadlineNoAutoReboot** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1245,6 +1265,7 @@ Supported values: **Update/ConfigureFeatureUpdateUninstallPeriod** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1267,7 +1288,11 @@ Supported values: -Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. +Enable IT admin to configure feature update uninstall period. + +Values range 2 - 60 days. + +Default is 10 days. @@ -1278,6 +1303,7 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6 **Update/DeferFeatureUpdatesPeriodInDays** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1326,6 +1352,7 @@ ADMX Info: **Update/DeferQualityUpdatesPeriodInDays** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1370,6 +1397,7 @@ ADMX Info: **Update/DeferUpdatePeriod** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1395,7 +1423,6 @@ ADMX Info: > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. - Allows IT Admins to specify update delays for up to four weeks. Supported values are 0-4, which refers to the number of weeks to defer updates. @@ -1448,6 +1475,7 @@ ADMX Info: **Update/DeferUpgradePeriod** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1473,7 +1501,6 @@ ADMX Info: > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. - Allows IT Admins to specify other upgrade delays for up to eight months. Supported values are 0-8, which refers to the number of months to defer upgrades. @@ -1498,6 +1525,7 @@ ADMX Info: **Update/DetectionFrequency** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1540,6 +1568,7 @@ ADMX Info: **Update/DisableDualScan** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1562,13 +1591,14 @@ ADMX Info: -Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. +Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607). This setting is the same as the Group Policy in **Windows Components** > **Windows Update**: "Do not allow update deferral policies to cause scans against Windows Update." -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -1594,6 +1624,7 @@ The following list shows the supported values: **Update/DisableWUfBSafeguards** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1629,7 +1660,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this > > The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update. > -> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you're bypassing the protection given by Microsoft pertaining to known issues. +> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues. @@ -1655,6 +1686,7 @@ The following list shows the supported values: **Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1693,8 +1725,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) - Enforce certificate pinning -- 1 - Don't enforce certificate pinning +- 0 (default) - Enforce certificate pinning. +- 1 - Don't enforce certificate pinning. @@ -1705,6 +1737,7 @@ The following list shows the supported values: **Update/EngagedRestartDeadline** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1729,23 +1762,25 @@ The following list shows the supported values: For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Autorestart to Engaged restart (pending user schedule) to be executed automatically, within the specified period. -The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. +The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks. > [!NOTE] > If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period. -Value type is integer. Default is 14. +Supporting value type is integer. + +Default is 14. Supported value range: 2 - 30. -If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling). +If no deadline is specified or deadline is set to 0, the restart won't be automatically executed, and will remain Engaged restart (for example, pending user scheduling). If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -1765,6 +1800,7 @@ ADMX Info: **Update/EngagedRestartDeadlineForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1789,7 +1825,9 @@ ADMX Info: For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be executed automatically, within the specified period. -Value type is integer. Default is 14. +Supported value type is integer. + +Default is 14. Supported value range: 2-30. @@ -1798,9 +1836,9 @@ If no deadline is specified or deadline is set to 0, the restart won't be automa If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -1820,6 +1858,7 @@ ADMX Info: **Update/EngagedRestartSnoozeSchedule** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1844,16 +1883,18 @@ ADMX Info: For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days. -Value type is integer. Default is three days. +Supported value type is integer. + +Default is three days. Supported value range: 1-3. If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -1873,6 +1914,7 @@ ADMX Info: **Update/EngagedRestartSnoozeScheduleForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1897,16 +1939,18 @@ ADMX Info: For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days. -Value type is integer. Default is three days. +Supported value type is integer. + +Default is three days. Supported value range: 1-3. If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -1926,6 +1970,7 @@ ADMX Info: **Update/EngagedRestartTransitionSchedule** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1950,16 +1995,18 @@ ADMX Info: For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Value type is integer. Default value is 7 days. +Supported value type is integer. + +Default value is 7 days. Supported value range: 2 - 30. If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -1979,6 +2026,7 @@ ADMX Info: **Update/EngagedRestartTransitionScheduleForFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2003,16 +2051,18 @@ ADMX Info: For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Value type is integer. Default value is seven days. +Supported value type is integer. + +Default value is seven days. Supported value range: 2-30. If you disable or don't configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: -1. No autorestart with logged on users for scheduled automatic updates installations -2. Always automatically restart at scheduled time -3. Specify deadline before autorestart for update installation +1. No autorestart with logged on users for scheduled automatic updates installations. +2. Always automatically restart at scheduled time. +3. Specify deadline before autorestart for update installation. @@ -2032,6 +2082,7 @@ ADMX Info: **Update/ExcludeWUDriversInQualityUpdate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2081,6 +2132,7 @@ The following list shows the supported values: **Update/FillEmptyContentUrls** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2103,10 +2155,10 @@ The following list shows the supported values: -Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). +Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] -> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server. +> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server. @@ -2133,6 +2185,7 @@ The following list shows the supported values: **Update/IgnoreMOAppDownloadLimit** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2186,6 +2239,7 @@ To validate this policy: **Update/IgnoreMOUpdateDownloadLimit** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2239,6 +2293,7 @@ To validate this policy: **Update/ManagePreviewBuilds** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2261,7 +2316,9 @@ To validate this policy: -Used to manage Windows 10 Insider Preview builds. Value type is integer. +Used to manage Windows 10 Insider Preview builds. + +Supported value type is integer. @@ -2276,9 +2333,9 @@ ADMX Info: The following list shows the supported values: -- 0 - Disable Preview builds -- 1 - Disable Preview builds once the next release is public -- 2 - Enable Preview builds +- 0 - Disable Preview builds. +- 1 - Disable Preview builds once the next release is public. +- 2 - Enable Preview builds. @@ -2289,6 +2346,7 @@ The following list shows the supported values: **Update/PauseDeferrals** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2314,10 +2372,8 @@ The following list shows the supported values: > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. - Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks. - If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -2345,6 +2401,7 @@ The following list shows the supported values: **Update/PauseFeatureUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2368,7 +2425,7 @@ The following list shows the supported values: -Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you're running Windows 10, version 1703 or later. +Allows IT Admins to pause feature updates for up to 35 days. We recommend that you use the *Update/PauseFeatureUpdatesStartTime* policy, if you're running Windows 10, version 1703 or later. @@ -2395,6 +2452,7 @@ The following list shows the supported values: **Update/PauseFeatureUpdatesStartTime** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2419,7 +2477,8 @@ The following list shows the supported values: Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. -Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. +- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). +- Supported operations are Add, Get, Delete, and Replace. @@ -2439,6 +2498,7 @@ ADMX Info: **Update/PauseQualityUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2488,6 +2548,7 @@ The following list shows the supported values: **Update/PauseQualityUpdatesStartTime** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2512,7 +2573,8 @@ The following list shows the supported values: Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. -Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. +- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). +- Supported operations are Add, Get, Delete, and Replace. @@ -2543,6 +2605,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/ProductVersion** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2580,7 +2643,7 @@ ADMX Info: -Value type is a string containing a Windows product, for example, "Windows 11" or "11" or "Windows 10". +Supported value type is a string containing a Windows product. For example, "Windows 11" or "11" or "Windows 10". @@ -2593,7 +2656,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro 1. The applicable Windows license was purchased through volume licensing, or -2. That you're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms). +2. You're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
    @@ -2601,6 +2664,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro **Update/RequireDeferUpgrade** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2626,7 +2690,6 @@ By using this Windows Update for Business policy to upgrade devices to a new pro > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. - Allows the IT admin to set a device to General Availability Channel train. @@ -2652,6 +2715,7 @@ The following list shows the supported values: **Update/RequireUpdateApproval** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2677,7 +2741,6 @@ The following list shows the supported values: > [!NOTE] > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. - Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved. Supported operations are Get and Replace. @@ -2698,6 +2761,7 @@ The following list shows the supported values: **Update/ScheduleImminentRestartWarning** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2746,6 +2810,7 @@ Supported values are 15, 30, or 60 (minutes). **Update/ScheduleRestartWarning** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2769,8 +2834,7 @@ Supported values are 15, 30, or 60 (minutes). > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education - +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Allows the IT Admin to specify the period for autorestart warning reminder notifications. @@ -2798,6 +2862,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). **Update/ScheduledInstallDay** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2822,7 +2887,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). Enables the IT admin to schedule the day of the update installation. -The data type is an integer. +Supported data type is an integer. Supported operations are Add, Delete, Get, and Replace. @@ -2857,6 +2922,7 @@ The following list shows the supported values: **Update/ScheduledInstallEveryWeek** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2879,11 +2945,14 @@ The following list shows the supported values: -Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values: -
      -
    • 0 - no update in the schedule
      • -
    • 1 - update is scheduled every week
      • -
    +Enables the IT admin to schedule the update installation on every week. + +Supported Value type is integer. + +Supported values: +- 0 - no update in the schedule. +- 1 - update is scheduled every week. + @@ -2903,6 +2972,7 @@ ADMX Info: **Update/ScheduledInstallFirstWeek** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2925,11 +2995,14 @@ ADMX Info: -Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values: -
      -
    • 0 - no update in the schedule
      • -
    • 1 - update is scheduled every first week of the month
      • -
    +Enables the IT admin to schedule the update installation on the first week of the month. + +Supported value type is integer. + +Supported values: +- 0 - no update in the schedule. +- 1 - update is scheduled every first week of the month. + @@ -2949,6 +3022,7 @@ ADMX Info: **Update/ScheduledInstallFourthWeek** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -2971,11 +3045,14 @@ ADMX Info: -Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values: -
      -
    • 0 - no update in the schedule
      • -
    • 1 - update is scheduled every fourth week of the month
      • -
    +Enables the IT admin to schedule the update installation on the fourth week of the month. + +Supported value type is integer. + +Supported values: +- 0 - no update in the schedule. +- 1 - update is scheduled every fourth week of the month. + @@ -2995,6 +3072,7 @@ ADMX Info: **Update/ScheduledInstallSecondWeek** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3017,11 +3095,15 @@ ADMX Info: -Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values: -
      -
    • 0 - no update in the schedule
      • -
    • 1 - update is scheduled every second week of the month
      • -
    +Enables the IT admin to schedule the update installation on the second week of the month. + +Supported vlue type is integer. + +Supported values: + +- 0 - no update in the schedule. +- 1 - update is scheduled every second week of the month. + @@ -3041,6 +3123,7 @@ ADMX Info: **Update/ScheduledInstallThirdWeek** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3063,11 +3146,14 @@ ADMX Info: -Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values: -
      -
    • 0 - no update in the schedule
      • -
    • 1 - update is scheduled every third week of the month
      • -
    +Enables the IT admin to schedule the update installation on the third week of the month. + +Supported value type is integer. + +Supported values: +- 0 - no update in the schedule. +- 1 - update is scheduled every third week of the month. + @@ -3087,6 +3173,7 @@ ADMX Info: **Update/ScheduledInstallTime** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3110,12 +3197,11 @@ ADMX Info: > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education - +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Enables the IT admin to schedule the time of the update installation. -The data type is an integer. +The supported data type is an integer. Supported operations are Add, Delete, Get, and Replace. @@ -3141,6 +3227,7 @@ ADMX Info: **Update/SetAutoRestartNotificationDisable** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3190,6 +3277,7 @@ The following list shows the supported values: **Update/SetDisablePauseUXAccess** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3214,7 +3302,11 @@ The following list shows the supported values: This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature. -Value type is integer. Default is 0. Supported values 0, 1. +Supported value type is integer. + +Default is 0. + +Supported values 0, 1. @@ -3231,6 +3323,7 @@ ADMX Info: **Update/SetDisableUXWUAccess** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3255,7 +3348,11 @@ ADMX Info: This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. -Value type is integer. Default is 0. Supported values 0, 1. +Supported value type is integer. + +Default is 0. + +Supported values 0, 1. @@ -3272,6 +3369,7 @@ ADMX Info: **Update/SetEDURestart** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3296,7 +3394,7 @@ ADMX Info: For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. -When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart. +When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period, after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart. @@ -3322,6 +3420,7 @@ The following list shows the supported values: **Update/SetPolicyDrivenUpdateSourceForDriver** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3352,7 +3451,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOther >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3366,8 +3465,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Driver from Windows Update -- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download, and deploy Driver from Windows Update. +- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS). @@ -3378,6 +3477,7 @@ The following list shows the supported values: **Update/SetPolicyDrivenUpdateSourceForFeature** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3408,7 +3508,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOther >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3422,8 +3522,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Feature from Windows Update -- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download, and deploy Feature from Windows Update. +- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS). @@ -3434,6 +3534,7 @@ The following list shows the supported values: **Update/SetPolicyDrivenUpdateSourceForOther** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3464,7 +3565,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForDriver >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3478,8 +3579,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Other from Windows Update -- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download, and deploy Other from Windows Update. +- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS). @@ -3490,6 +3591,7 @@ The following list shows the supported values: **Update/SetPolicyDrivenUpdateSourceForQuality** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3520,7 +3622,7 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOther >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. @@ -3534,8 +3636,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Quality from Windows Update -- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download, and deploy Quality from Windows Update. +- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS). @@ -3546,6 +3648,7 @@ The following list shows the supported values: **Update/SetProxyBehaviorForUpdateDetection** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3587,6 +3690,7 @@ The following list shows the supported values: - 0 (default) - Allow system proxy only for HTTP scans. - 1 - Allow user proxy to be used as a fallback if detection using system proxy fails. + > [!NOTE] > Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure. @@ -3599,6 +3703,7 @@ The following list shows the supported values: **Update/TargetReleaseVersion** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3622,6 +3727,7 @@ The following list shows the supported values: Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](/windows/release-health/release-information/). + ADMX Info: @@ -3633,7 +3739,7 @@ ADMX Info: -Value type is a string containing Windows 10 version number. For example, 1809, 1903. +Supported value type is a string containing Windows 10 version number. For example, 1809, 1903. @@ -3649,6 +3755,7 @@ Value type is a string containing Windows 10 version number. For example, 1809, **Update/UpdateNotificationLevel** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3675,9 +3782,9 @@ Display options for update notifications. This policy allows you to define what Options: -- 0 (default) - Use the default Windows Update notifications -- 1 - Turn off all notifications, excluding restart warnings -- 2 - Turn off all notifications, including restart warnings +- 0 (default) - Use the default Windows Update notifications. +- 1 - Turn off all notifications, excluding restart warnings. +- 2 - Turn off all notifications, including restart warnings. > [!IMPORTANT] > If you choose not to get update notifications and also define other Group policies so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. @@ -3708,6 +3815,7 @@ ADMX Info: **Update/UpdateServiceUrl** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3782,6 +3890,7 @@ Example **Update/UpdateServiceUrlAlternate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -3808,9 +3917,9 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. -To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. +To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. -Value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. +Supported value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. > [!NOTE] > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. @@ -3831,3 +3940,7 @@ ADMX Info:
    + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file From f675f2af66798cfa4ea44347d4739a5443dec97c Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 19 May 2022 20:08:22 +0530 Subject: [PATCH 152/540] changes to metadata --- .../configuration/changes-to-start-policies-in-windows-10.md | 4 ---- windows/configuration/configure-windows-10-taskbar.md | 4 +--- .../cortana-at-work/cortana-at-work-feedback.md | 2 -- .../configuration/cortana-at-work/cortana-at-work-o365.md | 2 -- .../cortana-at-work/cortana-at-work-overview.md | 2 -- .../cortana-at-work/cortana-at-work-policy-settings.md | 2 -- .../configuration/cortana-at-work/cortana-at-work-powerbi.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-1.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-2.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-3.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-4.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-5.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-6.md | 2 -- .../cortana-at-work/cortana-at-work-scenario-7.md | 2 -- .../cortana-at-work/cortana-at-work-testing-scenarios.md | 2 -- .../cortana-at-work/cortana-at-work-voice-commands.md | 2 -- .../cortana-at-work/set-up-and-test-cortana-in-windows-10.md | 2 -- windows/configuration/cortana-at-work/test-scenario-1.md | 2 -- windows/configuration/cortana-at-work/test-scenario-2.md | 2 -- windows/configuration/cortana-at-work/test-scenario-3.md | 2 -- windows/configuration/cortana-at-work/test-scenario-4.md | 2 -- windows/configuration/cortana-at-work/test-scenario-5.md | 2 -- windows/configuration/cortana-at-work/test-scenario-6.md | 2 -- .../testing-scenarios-using-cortana-in-business-org.md | 2 -- windows/configuration/customize-and-export-start-layout.md | 4 ---- .../configuration/customize-start-menu-layout-windows-11.md | 4 ---- windows/configuration/customize-taskbar-windows-11.md | 4 ---- ...stomize-windows-10-start-screens-by-using-group-policy.md | 4 ---- ...ows-10-start-screens-by-using-mobile-device-management.md | 4 ---- ...0-start-screens-by-using-provisioning-packages-and-icd.md | 4 ---- windows/configuration/guidelines-for-assigned-access-app.md | 3 --- .../includes/multi-app-kiosk-support-windows11.md | 1 - windows/configuration/kiosk-additional-reference.md | 4 ---- windows/configuration/kiosk-mdm-bridge.md | 4 ---- windows/configuration/kiosk-methods.md | 3 --- windows/configuration/kiosk-policies.md | 5 ----- windows/configuration/kiosk-prepare.md | 4 ---- windows/configuration/kiosk-shelllauncher.md | 4 ---- windows/configuration/kiosk-single-app.md | 4 ---- windows/configuration/kiosk-troubleshoot.md | 5 ----- windows/configuration/kiosk-validate.md | 4 ---- windows/configuration/kiosk-xml.md | 5 ----- windows/configuration/lock-down-windows-10-applocker.md | 5 ----- windows/configuration/lockdown-features-windows-10.md | 5 ----- windows/configuration/manage-tips-and-suggestions.md | 4 ---- windows/configuration/manage-wifi-sense-in-enterprise.md | 5 ----- windows/configuration/provisioning-apn.md | 3 --- .../how-it-pros-can-use-configuration-service-providers.md | 3 --- .../provision-pcs-for-initial-deployment.md | 4 ---- .../provision-pcs-with-apps-and-certificates.md | 3 --- .../provisioning-packages/provision-pcs-with-apps.md | 3 --- .../provisioning-packages/provisioning-apply-package.md | 2 -- .../provisioning-packages/provisioning-command-line.md | 2 -- .../provisioning-packages/provisioning-create-package.md | 2 -- .../provisioning-packages/provisioning-how-it-works.md | 2 -- .../provisioning-packages/provisioning-install-icd.md | 2 -- .../provisioning-packages/provisioning-multivariant.md | 2 -- .../provisioning-packages/provisioning-packages.md | 3 --- .../provisioning-packages/provisioning-powershell.md | 2 -- .../provisioning-script-to-install-app.md | 2 -- .../provisioning-packages/provisioning-uninstall-package.md | 2 -- windows/configuration/set-up-shared-or-guest-pc.md | 3 --- windows/configuration/setup-digital-signage.md | 4 ---- windows/configuration/start-layout-troubleshoot.md | 2 -- windows/configuration/start-layout-xml-desktop.md | 3 --- windows/configuration/start-secondary-tiles.md | 3 --- .../stop-employees-from-using-microsoft-store.md | 4 ---- .../configuration/supported-csp-start-menu-layout-windows.md | 4 ---- windows/configuration/supported-csp-taskbar-windows.md | 4 ---- .../uev-administering-uev-with-windows-powershell-and-wmi.md | 4 ---- windows/configuration/ue-v/uev-administering-uev.md | 4 ---- .../ue-v/uev-application-template-schema-reference.md | 4 ---- .../ue-v/uev-changing-the-frequency-of-scheduled-tasks.md | 4 ---- .../ue-v/uev-configuring-uev-with-group-policy-objects.md | 4 ---- ...nfiguring-uev-with-system-center-configuration-manager.md | 4 ---- windows/configuration/ue-v/uev-deploy-required-features.md | 3 --- .../ue-v/uev-deploy-uev-for-custom-applications.md | 3 --- windows/configuration/ue-v/uev-for-windows.md | 3 --- windows/configuration/ue-v/uev-getting-started.md | 3 --- .../ue-v/uev-manage-administrative-backup-and-restore.md | 4 ---- windows/configuration/ue-v/uev-manage-configurations.md | 4 ---- ...gs-location-templates-using-windows-powershell-and-wmi.md | 4 ---- ...uev-agent-and-packages-with-windows-powershell-and-wmi.md | 4 ---- .../configuration/ue-v/uev-migrating-settings-packages.md | 4 ---- windows/configuration/ue-v/uev-prepare-for-deployment.md | 3 --- windows/configuration/ue-v/uev-release-notes-1607.md | 3 --- windows/configuration/ue-v/uev-security-considerations.md | 4 ---- windows/configuration/ue-v/uev-sync-methods.md | 3 --- windows/configuration/ue-v/uev-sync-trigger-events.md | 3 --- .../ue-v/uev-synchronizing-microsoft-office-with-uev.md | 4 ---- windows/configuration/ue-v/uev-technical-reference.md | 4 ---- windows/configuration/ue-v/uev-troubleshooting.md | 4 ---- .../ue-v/uev-upgrade-uev-from-previous-releases.md | 3 --- ...using-uev-with-application-virtualization-applications.md | 3 --- .../configuration/ue-v/uev-whats-new-in-uev-for-windows.md | 3 --- ...ev-working-with-custom-templates-and-the-uev-generator.md | 3 --- windows/configuration/wcd/wcd-accountmanagement.md | 2 -- windows/configuration/wcd/wcd-accounts.md | 2 -- windows/configuration/wcd/wcd-admxingestion.md | 2 -- windows/configuration/wcd/wcd-assignedaccess.md | 2 -- windows/configuration/wcd/wcd-browser.md | 2 -- windows/configuration/wcd/wcd-cellcore.md | 2 -- windows/configuration/wcd/wcd-cellular.md | 2 -- windows/configuration/wcd/wcd-certificates.md | 2 -- windows/configuration/wcd/wcd-changes.md | 2 -- windows/configuration/wcd/wcd-cleanpc.md | 2 -- windows/configuration/wcd/wcd-connections.md | 2 -- windows/configuration/wcd/wcd-connectivityprofiles.md | 2 -- windows/configuration/wcd/wcd-countryandregion.md | 2 -- windows/configuration/wcd/wcd-desktopbackgroundandcolors.md | 2 -- windows/configuration/wcd/wcd-developersetup.md | 2 -- windows/configuration/wcd/wcd-deviceformfactor.md | 2 -- windows/configuration/wcd/wcd-devicemanagement.md | 2 -- windows/configuration/wcd/wcd-deviceupdatecenter.md | 2 -- windows/configuration/wcd/wcd-dmclient.md | 2 -- windows/configuration/wcd/wcd-editionupgrade.md | 2 -- windows/configuration/wcd/wcd-firewallconfiguration.md | 2 -- windows/configuration/wcd/wcd-firstexperience.md | 2 -- windows/configuration/wcd/wcd-folders.md | 2 -- windows/configuration/wcd/wcd-hotspot.md | 2 -- windows/configuration/wcd/wcd-kioskbrowser.md | 2 -- windows/configuration/wcd/wcd-licensing.md | 2 -- windows/configuration/wcd/wcd-location.md | 2 -- windows/configuration/wcd/wcd-maps.md | 2 -- windows/configuration/wcd/wcd-networkproxy.md | 2 -- windows/configuration/wcd/wcd-networkqospolicy.md | 2 -- windows/configuration/wcd/wcd-oobe.md | 2 -- windows/configuration/wcd/wcd-personalization.md | 2 -- windows/configuration/wcd/wcd-policies.md | 2 -- windows/configuration/wcd/wcd-privacy.md | 2 -- windows/configuration/wcd/wcd-provisioningcommands.md | 2 -- windows/configuration/wcd/wcd-sharedpc.md | 2 -- windows/configuration/wcd/wcd-smisettings.md | 2 -- windows/configuration/wcd/wcd-start.md | 2 -- windows/configuration/wcd/wcd-startupapp.md | 2 -- windows/configuration/wcd/wcd-startupbackgroundtasks.md | 2 -- windows/configuration/wcd/wcd-storaged3inmodernstandby.md | 2 -- windows/configuration/wcd/wcd-surfacehubmanagement.md | 2 -- windows/configuration/wcd/wcd-tabletmode.md | 2 -- windows/configuration/wcd/wcd-takeatest.md | 2 -- windows/configuration/wcd/wcd-time.md | 2 -- windows/configuration/wcd/wcd-unifiedwritefilter.md | 2 -- windows/configuration/wcd/wcd-universalappinstall.md | 2 -- windows/configuration/wcd/wcd-universalappuninstall.md | 2 -- windows/configuration/wcd/wcd-usberrorsoemoverride.md | 2 -- windows/configuration/wcd/wcd-weakcharger.md | 2 -- windows/configuration/wcd/wcd-windowshelloforbusiness.md | 2 -- windows/configuration/wcd/wcd-windowsteamsettings.md | 2 -- windows/configuration/wcd/wcd-wlan.md | 2 -- windows/configuration/wcd/wcd-workplace.md | 2 -- windows/configuration/wcd/wcd.md | 2 -- windows/configuration/windows-10-accessibility-for-ITPros.md | 2 -- .../windows-10-start-layout-options-and-policies.md | 4 ---- windows/configuration/windows-spotlight.md | 4 ---- 154 files changed, 1 insertion(+), 420 deletions(-) diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index 756137de7c..aa66136bfb 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -1,13 +1,9 @@ --- title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10) description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience. -ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F ms.reviewer: manager: dougeby -keywords: ["group policy", "start menu", "start screen"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md index 500f5c624f..bf089eb4ba 100644 --- a/windows/configuration/configure-windows-10-taskbar.md +++ b/windows/configuration/configure-windows-10-taskbar.md @@ -1,10 +1,7 @@ --- title: Configure Windows 10 taskbar (Windows 10) description: Administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. -keywords: ["taskbar layout","pin apps"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article @@ -14,6 +11,7 @@ ms.reviewer: manager: dougeby ms.collection: highpri --- + # Configure Windows 10 taskbar Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md index 6d940ecc14..a342f659be 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md @@ -2,8 +2,6 @@ title: Send feedback about Cortana at work back to Microsoft description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index d949c55ed5..2ce5a41ee8 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -2,8 +2,6 @@ title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md index 2b72551c54..88b9b1e042 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md index 2eb0ba6a03..97966260a0 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md @@ -2,8 +2,6 @@ title: Configure Cortana with Group Policy and MDM settings (Windows) description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md index a54d958f6e..fd81d85f3a 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md @@ -2,8 +2,6 @@ title: Set up and test Cortana for Power BI in your organization (Windows) description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md index de0f3315ae..f19d6c310d 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md @@ -2,8 +2,6 @@ title: Sign into Azure AD, enable the wake word, and try a voice query description: A test scenario walking you through signing in and managing the notebook. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md index b9c64414bc..4c019223d3 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md @@ -2,8 +2,6 @@ title: Perform a quick search with Cortana at work (Windows) description: This is a test scenario about how to perform a quick search with Cortana at work. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md index 68ba398dbf..f6d46feb8f 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md @@ -2,8 +2,6 @@ title: Set a reminder for a location with Cortana at work (Windows) description: A test scenario about how to set a location-based reminder using Cortana at work. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md index 6c6a391833..6a45297397 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md @@ -2,8 +2,6 @@ title: Use Cortana at work to find your upcoming meetings (Windows) description: A test scenario on how to use Cortana at work to find your upcoming meetings. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md index 63f5f07436..5085f7608d 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md @@ -2,8 +2,6 @@ title: Use Cortana to send email to a co-worker (Windows) description: A test scenario about how to use Cortana at work to send email to a co-worker. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md index c4647b52d8..b05c1179dc 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md @@ -2,8 +2,6 @@ title: Review a reminder suggested by Cortana (Windows) description: A test scenario on how to use Cortana with the Suggested reminders feature. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md index 6a7ab71a9a..ed2e51d53c 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md @@ -2,8 +2,6 @@ title: Help protect data with Cortana and WIP (Windows) description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP). ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md index cf0cd10b10..55023907da 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md @@ -2,8 +2,6 @@ title: Cortana at work testing scenarios description: Suggested testing scenarios that you can use to test Cortana in your organization. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md index 10a3e5644b..fb38e50ec2 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md @@ -2,8 +2,6 @@ title: Set up and test custom voice commands in Cortana for your organization (Windows) description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md index b922d049e4..5af920f5f7 100644 --- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md +++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md index 729352fb95..d11ddd9fbf 100644 --- a/windows/configuration/cortana-at-work/test-scenario-1.md +++ b/windows/configuration/cortana-at-work/test-scenario-1.md @@ -2,8 +2,6 @@ title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md index 86c279c752..f9128ac53e 100644 --- a/windows/configuration/cortana-at-work/test-scenario-2.md +++ b/windows/configuration/cortana-at-work/test-scenario-2.md @@ -2,8 +2,6 @@ title: Test scenario 2 - Perform a quick search with Cortana at work description: A test scenario about how to perform a quick search with Cortana at work. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md index f1706c3579..0bef2a7ad9 100644 --- a/windows/configuration/cortana-at-work/test-scenario-3.md +++ b/windows/configuration/cortana-at-work/test-scenario-3.md @@ -2,8 +2,6 @@ title: Test scenario 3 - Set a reminder for a specific location using Cortana at work description: A test scenario about how to set up, review, and edit a reminder based on a location. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md index 635172f826..45d2df199c 100644 --- a/windows/configuration/cortana-at-work/test-scenario-4.md +++ b/windows/configuration/cortana-at-work/test-scenario-4.md @@ -2,8 +2,6 @@ title: Use Cortana to find your upcoming meetings at work (Windows) description: A test scenario about how to use Cortana at work to find your upcoming meetings. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md index 7770f46dfd..4a890aca59 100644 --- a/windows/configuration/cortana-at-work/test-scenario-5.md +++ b/windows/configuration/cortana-at-work/test-scenario-5.md @@ -2,8 +2,6 @@ title: Use Cortana to send an email to co-worker (Windows) description: A test scenario on how to use Cortana at work to send email to a co-worker. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md index e9b09188c2..eea07d4bbe 100644 --- a/windows/configuration/cortana-at-work/test-scenario-6.md +++ b/windows/configuration/cortana-at-work/test-scenario-6.md @@ -2,8 +2,6 @@ title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email description: A test scenario about how to use Cortana with the Suggested reminders feature. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md index 57153a781a..b62794ff0f 100644 --- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md +++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md @@ -2,8 +2,6 @@ title: Testing scenarios using Cortana in your business or organization description: A list of suggested testing scenarios that you can use to test Cortana in your organization. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index c979753ccb..5f13879817 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -1,13 +1,9 @@ --- title: Customize and export Start layout (Windows 10) description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout. -ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236 ms.reviewer: manager: dougeby -keywords: ["start screen"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index f21e9bf9dc..069e047309 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -1,14 +1,10 @@ --- title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices. -ms.assetid: manager: dougeby ms.author: aaroncz ms.reviewer: ericpapa ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile author: aczechowski ms.localizationpriority: medium ms.collection: highpri diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md index 8679cc641f..51335436d5 100644 --- a/windows/configuration/customize-taskbar-windows-11.md +++ b/windows/configuration/customize-taskbar-windows-11.md @@ -1,14 +1,10 @@ --- title: Configure and customize Windows 11 taskbar | Microsoft Docs description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded. -ms.assetid: manager: dougeby ms.author: aaroncz ms.reviewer: chataylo ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile author: aczechowski ms.localizationpriority: medium ms.collection: highpri diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 434d699db3..15c1cc2cad 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -1,13 +1,9 @@ --- title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10) description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain. -ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545 ms.reviewer: manager: dougeby -keywords: ["Start layout", "start menu", "layout", "group policy"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md index a06b4c2919..fb50dc5a39 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md @@ -1,13 +1,9 @@ --- title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices. -ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4 ms.reviewer: manager: dougeby -keywords: ["start screen", "start menu"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.topic: article ms.author: aaroncz diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md index 110d43b999..0a2038ce7d 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md @@ -1,13 +1,9 @@ --- title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10) description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users. -ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC ms.reviewer: manager: dougeby -keywords: ["Start layout", "start menu"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index 7ec5869bf1..ce8ad34838 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -1,10 +1,7 @@ --- title: Guidelines for choosing an app for assigned access (Windows 10/11) description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience. -keywords: ["kiosk", "lockdown", "assigned access"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md index e3b0982b66..efe346ced6 100644 --- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md +++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md @@ -3,7 +3,6 @@ author: aczechowski ms.author: aaroncz ms.date: 09/21/2021 ms.reviewer: -audience: itpro manager: dougeby ms.prod: w10 ms.topic: include diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index cd38222026..fda7a6c1da 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -1,14 +1,10 @@ --- title: More kiosk methods and reference information (Windows 10/11) description: Find more information for configuring, validating, and troubleshooting kiosk configuration. -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: reference diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md index 7c0a77b39e..509e5e3983 100644 --- a/windows/configuration/kiosk-mdm-bridge.md +++ b/windows/configuration/kiosk-mdm-bridge.md @@ -1,14 +1,10 @@ --- title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11) description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index ea9c57c785..c444568fe9 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -5,9 +5,6 @@ manager: dougeby ms.author: aaroncz description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: aczechowski ms.topic: article diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md index 6524e3e543..219db257fb 100644 --- a/windows/configuration/kiosk-policies.md +++ b/windows/configuration/kiosk-policies.md @@ -1,14 +1,9 @@ --- title: Policies enforced on kiosk devices (Windows 10/11) description: Learn about the policies enforced on a device when you configure it as a kiosk. -ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 ms.reviewer: sybruckm manager: dougeby -keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: edu, security author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 45dec9443a..2712131087 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -1,14 +1,10 @@ --- title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes. -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 3cd7d04a31..075be3e488 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -1,14 +1,10 @@ --- title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11) description: Shell Launcher lets you change the default shell that launches when a user signs in to a device. -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 179c44499b..7c13c2715e 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -1,14 +1,10 @@ --- title: Set up a single-app kiosk on Windows 10/11 description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education). -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md index cb60660c38..091872a845 100644 --- a/windows/configuration/kiosk-troubleshoot.md +++ b/windows/configuration/kiosk-troubleshoot.md @@ -1,14 +1,9 @@ --- title: Troubleshoot kiosk mode issues (Windows 10/11) description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues. -ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 ms.reviewer: sybruckm manager: dougeby -keywords: ["lockdown", "app restrictions"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: edu, security author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md index 934dd1ed77..dfc4d3e91d 100644 --- a/windows/configuration/kiosk-validate.md +++ b/windows/configuration/kiosk-validate.md @@ -1,14 +1,10 @@ --- title: Validate kiosk configuration (Windows 10/11) description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education. -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index f6ddb6a2d4..a5f84dcc40 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -1,14 +1,9 @@ --- title: Assigned Access configuration kiosk XML reference (Windows 10/11) description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11. -ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 ms.reviewer: sybruckm manager: dougeby -keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: edu, security author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md index 4fcd915dd1..4552e63e33 100644 --- a/windows/configuration/lock-down-windows-10-applocker.md +++ b/windows/configuration/lock-down-windows-10-applocker.md @@ -1,14 +1,9 @@ --- title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10) description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. -ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 ms.reviewer: sybruckm manager: dougeby -keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: edu, security author: aczechowski ms.localizationpriority: medium ms.date: 07/30/2018 diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index 36bf667cc7..caeb98056f 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -1,14 +1,9 @@ --- title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10) description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. -ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14 ms.reviewer: manager: dougeby -keywords: lockdown, embedded ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md index 2dcf1d588b..6eb41bde06 100644 --- a/windows/configuration/manage-tips-and-suggestions.md +++ b/windows/configuration/manage-tips-and-suggestions.md @@ -1,11 +1,7 @@ --- title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10) description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees. -keywords: ["device management"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md index 8149182469..1bd58d5c1e 100644 --- a/windows/configuration/manage-wifi-sense-in-enterprise.md +++ b/windows/configuration/manage-wifi-sense-in-enterprise.md @@ -1,15 +1,10 @@ --- title: Manage Wi-Fi Sense in your company (Windows 10) description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. -ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271 ms.reviewer: manager: dougeby ms.author: aaroncz -keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile author: aczechowski ms.localizationpriority: medium ms.topic: article diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md index ffe4a55f6d..a168bce8f6 100644 --- a/windows/configuration/provisioning-apn.md +++ b/windows/configuration/provisioning-apn.md @@ -1,12 +1,9 @@ --- title: Configure cellular settings for tablets and PCs (Windows 10) description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. -ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC ms.reviewer: manager: dougeby ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index 9147bc6b90..3e0279e5e5 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -1,12 +1,9 @@ --- title: Configuration service providers for IT pros (Windows 10/11) description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. -ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6 ms.reviewer: gkomatsu manager: dougeby ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index 1305b2bb87..cec5065059 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -1,13 +1,9 @@ --- title: Provision PCs with common settings (Windows 10/11) description: Create a provisioning package to apply common settings to a PC running Windows 10. -ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E ms.reviewer: gkomatsu manager: dougeby -keywords: ["runtime provisioning", "provisioning package"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index faad3522bb..9d403656ad 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -1,10 +1,7 @@ --- title: Provision PCs with apps and certificates (Windows 10) description: Create a provisioning package to apply settings to a PC running Windows 10. -keywords: ["runtime provisioning", "provisioning package"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index f1b8691117..86ba895398 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -1,10 +1,7 @@ --- title: Provision PCs with apps (Windows 10/11) description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. -keywords: ["runtime provisioning", "provisioning package"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md index 230570bfa8..5235511317 100644 --- a/windows/configuration/provisioning-packages/provisioning-apply-package.md +++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md @@ -2,8 +2,6 @@ title: Apply a provisioning package (Windows 10/11) description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime"). ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md index 95e51c1316..fbe7aecde9 100644 --- a/windows/configuration/provisioning-packages/provisioning-command-line.md +++ b/windows/configuration/provisioning-packages/provisioning-command-line.md @@ -2,8 +2,6 @@ title: Windows Configuration Designer command-line interface (Windows 10/11) description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index f926e57f98..2852698705 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -2,8 +2,6 @@ title: Create a provisioning package (Windows 10/11) description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index cc1fff48d3..737cb64b16 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -2,8 +2,6 @@ title: How provisioning works in Windows 10/11 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index 1df2136104..59419bb6b2 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -2,8 +2,6 @@ title: Install Windows Configuration Designer (Windows 10/11) description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index 0987e3f720..65b4475739 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -2,8 +2,6 @@ title: Create a provisioning package with multivariant settings (Windows 10/11) description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.topic: article ms.localizationpriority: medium diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index da386db801..b762a1d124 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -1,12 +1,9 @@ --- title: Provisioning packages overview on Windows 10/11 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do. -ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC ms.reviewer: gkomatsu manager: dougeby ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md index 3b6e0300dc..0698178c23 100644 --- a/windows/configuration/provisioning-packages/provisioning-powershell.md +++ b/windows/configuration/provisioning-packages/provisioning-powershell.md @@ -2,8 +2,6 @@ title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11) description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md index 0f1b11b953..e768666071 100644 --- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md +++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md @@ -2,8 +2,6 @@ title: Use a script to install a desktop app in provisioning packages (Windows 10/11) description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md index 1a6f2d6af3..04665c5f6e 100644 --- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md +++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md @@ -2,8 +2,6 @@ title: Uninstall a provisioning package - reverted settings (Windows 10/11) description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 92a57a02af..6a37fbd0d3 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -1,10 +1,7 @@ --- title: Set up a shared or guest PC with Windows 10/11 description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios. -keywords: ["shared pc mode"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md index 921c556ecf..dff1da75a5 100644 --- a/windows/configuration/setup-digital-signage.md +++ b/windows/configuration/setup-digital-signage.md @@ -1,14 +1,10 @@ --- title: Set up digital signs on Windows 10/11 description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education). -ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: sybruckm manager: dougeby ms.author: aaroncz -keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.date: 09/20/2021 diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index 4b0658894b..793a35d714 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -2,8 +2,6 @@ title: Troubleshoot Start menu errors description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library ms.author: aaroncz author: aczechowski ms.localizationpriority: medium diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index a0d7a0b65a..ffcdeef194 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -1,10 +1,7 @@ --- title: Start layout XML for desktop editions of Windows 10 (Windows 10) description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions. -keywords: ["start screen"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md index 5699938be7..20c333fb2d 100644 --- a/windows/configuration/start-secondary-tiles.md +++ b/windows/configuration/start-secondary-tiles.md @@ -2,9 +2,6 @@ title: Add image for secondary Microsoft Edge tiles (Windows 10) description: Add app tiles on Windows 10 that's a secondary tile. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: aczechowski ms.author: aaroncz diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md index 40fc295016..ed2728abc4 100644 --- a/windows/configuration/stop-employees-from-using-microsoft-store.md +++ b/windows/configuration/stop-employees-from-using-microsoft-store.md @@ -1,13 +1,9 @@ --- title: Configure access to Microsoft Store (Windows 10) description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization. -ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97 ms.reviewer: manager: dougeby ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: store, mobile author: aczechowski ms.author: aaroncz ms.topic: conceptual diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md index 30c40db968..30ef22ea5a 100644 --- a/windows/configuration/supported-csp-start-menu-layout-windows.md +++ b/windows/configuration/supported-csp-start-menu-layout-windows.md @@ -1,14 +1,10 @@ --- title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu. -ms.assetid: manager: dougeby ms.author: aaroncz ms.reviewer: ericpapa ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile author: aczechowski ms.localizationpriority: medium --- diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md index 0891f70e8c..40ada8b099 100644 --- a/windows/configuration/supported-csp-taskbar-windows.md +++ b/windows/configuration/supported-csp-taskbar-windows.md @@ -1,14 +1,10 @@ --- title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar. -ms.assetid: manager: dougeby ms.author: aaroncz ms.reviewer: chataylo ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile author: aczechowski ms.localizationpriority: medium --- diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md index 5c0961785e..4f970289fa 100644 --- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md @@ -2,9 +2,6 @@ title: Administering UE-V with Windows PowerShell and WMI description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Administering UE-V with Windows PowerShell and WMI **Applies to** diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md index f2456dee1a..7bf2b82260 100644 --- a/windows/configuration/ue-v/uev-administering-uev.md +++ b/windows/configuration/ue-v/uev-administering-uev.md @@ -2,9 +2,6 @@ title: Administering UE-V description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Administering UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 50a4533c63..833c85f56a 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -2,9 +2,6 @@ title: Application Template Schema Reference for UE-V description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Application Template Schema Reference for UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index 7b1980ded7..61ca2b8c88 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -2,9 +2,6 @@ title: Changing the Frequency of UE-V Scheduled Tasks description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Changing the Frequency of UE-V Scheduled Tasks **Applies to** diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index 8aa4719d90..249336440f 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -2,9 +2,6 @@ title: Configuring UE-V with Group Policy Objects description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Configuring UE-V with Group Policy Objects **Applies to** diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index fa9dda05ab..b8e6955c3d 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -2,9 +2,6 @@ title: Configuring UE-V with Microsoft Endpoint Configuration Manager description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Configuring UE-V with Microsoft Endpoint Manager **Applies to** diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md index 1b6513b56d..22cfb858c0 100644 --- a/windows/configuration/ue-v/uev-deploy-required-features.md +++ b/windows/configuration/ue-v/uev-deploy-required-features.md @@ -2,9 +2,6 @@ title: Deploy required UE-V features description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md index 21f2749843..fad99aed73 100644 --- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md +++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md @@ -2,9 +2,6 @@ title: Use UE-V with custom applications description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md index 9074ddc234..75fab30ab1 100644 --- a/windows/configuration/ue-v/uev-for-windows.md +++ b/windows/configuration/ue-v/uev-for-windows.md @@ -2,9 +2,6 @@ title: User Experience Virtualization for Windows 10, version 1607 description: Overview of User Experience Virtualization for Windows 10, version 1607 author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 05/02/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md index 2bb02af5e6..39bbfe1418 100644 --- a/windows/configuration/ue-v/uev-getting-started.md +++ b/windows/configuration/ue-v/uev-getting-started.md @@ -2,9 +2,6 @@ title: Get Started with UE-V description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 03/08/2018 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index 9ed8904dec..1aa6e9f43e 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -2,9 +2,6 @@ title: Manage Administrative Backup and Restore in UE-V description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Manage Administrative Backup and Restore in UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md index 4533fb9eb7..a8f2d63d6f 100644 --- a/windows/configuration/ue-v/uev-manage-configurations.md +++ b/windows/configuration/ue-v/uev-manage-configurations.md @@ -2,9 +2,6 @@ title: Manage Configurations for UE-V description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Manage Configurations for UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index b36faf10c5..ba5bebadea 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -2,9 +2,6 @@ title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Managing UE-V Settings Location Templates Using Windows PowerShell and WMI **Applies to** diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md index d111d768eb..ab70b3209a 100644 --- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md @@ -2,9 +2,6 @@ title: Manage UE-V Service and Packages with Windows PowerShell and WMI description: Managing the UE-V service and packages with Windows PowerShell and WMI author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Managing the UE-V service and packages with Windows PowerShell and WMI **Applies to** diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md index 026b5fd10f..eaa34a41eb 100644 --- a/windows/configuration/ue-v/uev-migrating-settings-packages.md +++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md @@ -2,9 +2,6 @@ title: Migrating UE-V settings packages description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Migrating UE-V settings packages **Applies to** diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index b2b109d6b6..38b78b9d47 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -2,9 +2,6 @@ title: Prepare a UE-V Deployment description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index fdc838991d..67badc0dbf 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -2,9 +2,6 @@ title: User Experience Virtualization (UE-V) Release Notes description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md index d692ba9f46..b7dc73d2d0 100644 --- a/windows/configuration/ue-v/uev-security-considerations.md +++ b/windows/configuration/ue-v/uev-security-considerations.md @@ -2,9 +2,6 @@ title: Security Considerations for UE-V description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Security Considerations for UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md index 6eea46080c..31ae2008ce 100644 --- a/windows/configuration/ue-v/uev-sync-methods.md +++ b/windows/configuration/ue-v/uev-sync-methods.md @@ -2,9 +2,6 @@ title: Sync Methods for UE-V description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md index 414b095f83..a396907df5 100644 --- a/windows/configuration/ue-v/uev-sync-trigger-events.md +++ b/windows/configuration/ue-v/uev-sync-trigger-events.md @@ -2,9 +2,6 @@ title: Sync Trigger Events for UE-V description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md index ea4f3d49bd..c2a81519f1 100644 --- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md +++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md @@ -2,9 +2,6 @@ title: Synchronizing Microsoft Office with UE-V description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Synchronizing Office with UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md index cac53df19c..f5a9059d3e 100644 --- a/windows/configuration/ue-v/uev-technical-reference.md +++ b/windows/configuration/ue-v/uev-technical-reference.md @@ -2,9 +2,6 @@ title: Technical Reference for UE-V description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V). author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Technical Reference for UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md index a940df7833..3bf804b17d 100644 --- a/windows/configuration/ue-v/uev-troubleshooting.md +++ b/windows/configuration/ue-v/uev-troubleshooting.md @@ -2,9 +2,6 @@ title: Troubleshooting UE-V description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: @@ -13,7 +10,6 @@ ms.author: aaroncz ms.topic: article --- - # Troubleshooting UE-V **Applies to** diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md index 7cae468ca9..226fe3c440 100644 --- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md +++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md @@ -2,9 +2,6 @@ title: Upgrade to UE-V for Windows 10 description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md index fb8d02a2a7..59e4e1d213 100644 --- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md +++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md @@ -2,9 +2,6 @@ title: Using UE-V with Application Virtualization applications description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V). author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md index 3240b7bcfa..89fb778fef 100644 --- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md +++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md @@ -2,9 +2,6 @@ title: What's New in UE-V for Windows 10, version 1607 description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md index bbbe078c55..d0f06bd548 100644 --- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md +++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md @@ -2,9 +2,6 @@ title: Working with Custom UE-V Templates and the UE-V Template Generator description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator. author: aczechowski -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 ms.reviewer: diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md index ac4bac4e80..98aa47fcb1 100644 --- a/windows/configuration/wcd/wcd-accountmanagement.md +++ b/windows/configuration/wcd/wcd-accountmanagement.md @@ -2,8 +2,6 @@ title: AccountManagement (Windows 10) description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index 25d47941a7..94e31def8a 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -2,8 +2,6 @@ title: Accounts (Windows 10) description: This section describes the account settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index ae172dc1c5..80e83844b0 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -2,8 +2,6 @@ title: ADMXIngestion (Windows 10) description: This section describes the ADMXIngestion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index 68825227e9..f7c184e359 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -2,8 +2,6 @@ title: AssignedAccess (Windows 10) description: This section describes the AssignedAccess setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index 5df5b2dfcd..5ebc1cccde 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -2,8 +2,6 @@ title: Browser (Windows 10) description: This section describes the Browser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index 6c94aa8796..502a0b3ade 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -2,8 +2,6 @@ title: CellCore (Windows 10) description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index f2ba57eae2..d0a091f53f 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 668d0bb304..a83e01ed1d 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -2,8 +2,6 @@ title: Certificates (Windows 10) description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md index d196972424..7fae1e2c06 100644 --- a/windows/configuration/wcd/wcd-changes.md +++ b/windows/configuration/wcd/wcd-changes.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index 090081972f..fdcbf1dd2a 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -2,8 +2,6 @@ title: CleanPC (Windows 10) description: This section describes the CleanPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index e71332a303..24465ae5a5 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -2,8 +2,6 @@ title: Connections (Windows 10) description: This section describes the Connections settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 4f9bd01b6e..307aab14ca 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -2,8 +2,6 @@ title: ConnectivityProfiles (Windows 10) description: This section describes the ConnectivityProfile settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index e09bfedbeb..2d326165c7 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -2,8 +2,6 @@ title: CountryAndRegion (Windows 10) description: This section describes the CountryAndRegion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index e8ea46b7dc..dccfa2bfd8 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -2,8 +2,6 @@ title: DesktopBackgroundAndColors (Windows 10) description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index 6d1c176a3d..62715da105 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -2,8 +2,6 @@ title: DeveloperSetup (Windows 10) description: This section describes the DeveloperSetup settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index 8a4fe3064e..6a101c9fd1 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -2,8 +2,6 @@ title: DeviceFormFactor (Windows 10) description: This section describes the DeviceFormFactor setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index 32484edbd9..a5bb59742b 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -2,8 +2,6 @@ title: DeviceManagement (Windows 10) description: This section describes the DeviceManagement setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md index 440ed6459b..83bb19007c 100644 --- a/windows/configuration/wcd/wcd-deviceupdatecenter.md +++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md @@ -2,8 +2,6 @@ title: DeviceUpdateCenter (Windows 10) description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index ed596c0b34..1154e1643c 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -2,8 +2,6 @@ title: DMClient (Windows 10) description: This section describes the DMClient setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index 9c2e199008..114234aa5d 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -2,8 +2,6 @@ title: EditionUpgrade (Windows 10) description: This section describes the EditionUpgrade settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index 574f4d2a0d..a31d1cddcb 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -2,8 +2,6 @@ title: FirewallConfiguration (Windows 10) description: This section describes the FirewallConfiguration setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index a830d6925b..025c70a9b5 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -2,8 +2,6 @@ title: FirstExperience (Windows 10) description: This section describes the FirstExperience settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index 1008dd3172..e45a67e31a 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -2,8 +2,6 @@ title: Folders (Windows 10) description: This section describes the Folders settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md index cf3eb21000..db0317ff32 100644 --- a/windows/configuration/wcd/wcd-hotspot.md +++ b/windows/configuration/wcd/wcd-hotspot.md @@ -2,8 +2,6 @@ title: HotSpot (Windows 10) description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index 9e653528de..0f38069d39 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -2,8 +2,6 @@ title: KioskBrowser (Windows 10) description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 8342ca38d7..5e1385d91a 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -2,8 +2,6 @@ title: Licensing (Windows 10) description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md index 3e0a47a230..65d0cf04b9 100644 --- a/windows/configuration/wcd/wcd-location.md +++ b/windows/configuration/wcd/wcd-location.md @@ -2,8 +2,6 @@ title: Location (Windows 10) description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index cdb5ff8a79..fa05e3ac5d 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -2,8 +2,6 @@ title: Maps (Windows 10) description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index e16622e753..20e53f7d72 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -2,8 +2,6 @@ title: NetworkProxy (Windows 10) description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 24179089bf..46d1804745 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -2,8 +2,6 @@ title: NetworkQoSPolicy (Windows 10) description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 7ab4e1b5f7..f885d27c0e 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 6bfb8c53ab..ecd6a488c9 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -2,8 +2,6 @@ title: Personalization (Windows 10) description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index c894bdc784..fddfc8e061 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md index ff0d8ba5c4..827c8bad55 100644 --- a/windows/configuration/wcd/wcd-privacy.md +++ b/windows/configuration/wcd/wcd-privacy.md @@ -2,8 +2,6 @@ title: Privacy (Windows 10) description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 353d7fc8d7..fe6ca80426 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -2,8 +2,6 @@ title: ProvisioningCommands (Windows 10) description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index e92b9ff5e9..f3035e6415 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -2,8 +2,6 @@ title: SharedPC (Windows 10) description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index 18f8ce37ce..c3e15932b1 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -2,8 +2,6 @@ title: SMISettings (Windows 10) description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index c06113474f..04bbf138fd 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -2,8 +2,6 @@ title: Start (Windows 10) description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 97b161c250..ad8220553a 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -2,8 +2,6 @@ title: StartupApp (Windows 10) description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 4e26559f04..dba45f6c55 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -2,8 +2,6 @@ title: StartupBackgroundTasks (Windows 10) description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md index 4ef3ca8adf..83269cd2b6 100644 --- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md +++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md @@ -2,8 +2,6 @@ title: StorageD3InModernStandby (Windows 10) description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index 227a05ff2f..4d3996dcfd 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -2,8 +2,6 @@ title: SurfaceHubManagement (Windows 10) description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index 7365638aa4..7c8c7a37e3 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -2,8 +2,6 @@ title: TabletMode (Windows 10) description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 0fc360651c..b4843fdb7b 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -2,8 +2,6 @@ title: TakeATest (Windows 10) description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md index 19dc4a9203..c2a766d169 100644 --- a/windows/configuration/wcd/wcd-time.md +++ b/windows/configuration/wcd/wcd-time.md @@ -2,8 +2,6 @@ title: Time (Windows 10) description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index 7a54c8d4a2..8c8c8648db 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -2,8 +2,6 @@ title: UnifiedWriteFilter (Windows 10) description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 3eec0e5b18..f62e4299e3 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -2,8 +2,6 @@ title: UniversalAppInstall (Windows 10) description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 38594be3eb..690bfc3ea4 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -2,8 +2,6 @@ title: UniversalAppUninstall (Windows 10) description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 946006edef..1c9909507e 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -2,8 +2,6 @@ title: UsbErrorsOEMOverride (Windows 10) description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index 057f4eb2ea..676df2efed 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -2,8 +2,6 @@ title: WeakCharger (Windows 10) description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md index 9549606c41..f42e48ac49 100644 --- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md +++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md @@ -2,8 +2,6 @@ title: WindowsHelloForBusiness (Windows 10) description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index 37390601a1..51e2f55a43 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -2,8 +2,6 @@ title: WindowsTeamSettings (Windows 10) description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 810a9d27b4..2709497450 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -4,8 +4,6 @@ ms.reviewer: manager: dougeby description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index a61acc7311..ee8d4e0bc6 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -2,8 +2,6 @@ title: Workplace (Windows 10) description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index a0de3514c7..6fb2f329ca 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -2,8 +2,6 @@ title: Windows Configuration Designer provisioning settings (Windows 10) description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: medium ms.author: aaroncz diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md index 2bbae9dfc2..3f9a6310d2 100644 --- a/windows/configuration/windows-10-accessibility-for-ITPros.md +++ b/windows/configuration/windows-10-accessibility-for-ITPros.md @@ -3,8 +3,6 @@ title: Windows 10 accessibility information for IT Pros (Windows 10) description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them keywords: accessibility, settings, vision, hearing, physical, cognition, assistive ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library ms.author: aaroncz author: aczechowski ms.localizationpriority: medium diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 917fc0e4f1..4965185168 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -1,13 +1,9 @@ --- title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10) | Microsoft Docs description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more. -ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A ms.reviewer: manager: dougeby -keywords: ["start screen", "start menu"] ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index 962bb26a07..88baf2f9e0 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -1,13 +1,9 @@ --- title: Configure Windows Spotlight on the lock screen (Windows 10) description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen. -ms.assetid: 1AEA51FA-A647-4665-AD78-2F3FB27AD46A ms.reviewer: manager: dougeby -keywords: ["lockscreen"] ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library author: aczechowski ms.author: aaroncz ms.topic: article From 2b4cdddfb5c988f502c78e19a14b3d60952b0cc8 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 19 May 2022 14:59:39 -0400 Subject: [PATCH 153/540] remove cab links --- windows/application-management/manage-windows-mixed-reality.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 98fff77da2..3130ff5ea7 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -31,7 +31,6 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 1. Download the FOD .cab file: - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab) - - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab) - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab) - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) From a6d0b722f0f8968aacd8e95bef298528f9d244b4 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 19 May 2022 16:31:00 -0400 Subject: [PATCH 154/540] update m365 link --- windows/deployment/deploy-m365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index d5c45465ba..fc8de8fd2c 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -50,7 +50,7 @@ You can check out the Microsoft 365 deployment advisor and other resources for f >[!NOTE] >If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected. -1. [Obtain a free M365 trial](/office365/admin/try-or-buy-microsoft-365). +1. [Try Microsoft 365 for free](/microsoft-365/try). 2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide). 3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview). From f487cd6be02f41334f3d4ca90966325bf6b16fc8 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 19 May 2022 17:01:14 -0400 Subject: [PATCH 155/540] change client policy link --- windows/deployment/do/mcc-enterprise.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index 2622d23564..1eec9bd4bc 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -25,11 +25,11 @@ ms.topic: article > [!IMPORTANT] > Microsoft Connected Cache is currently a private preview feature. During this phase we invite customers to take part in early access for testing purposes. This phase does not include formal support, and should not be used for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). -Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying a [client policy](/mem/intune/configuration/delivery-optimization-settings.md#local-server-caching) using your management tool, such as Intune. +Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying a client policy using your management tool, such as Intune. MCC is a hybrid (a mix of on-prem and cloud resources) SaaS solution built as an Azure IoT Edge module; it's a Docker compatible Linux container that is deployed to your Windows devices. IoT Edge for Linux on Windows (EFLOW) was chosen because it's a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. -Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container, deployment, and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs the following important functionsto manage MCC on your edge device: +Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container, deployment, and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs the following important functions to manage MCC on your edge device: 1. Installs and updates MCC on your edge device. 2. Maintains Azure IoT Edge security standards on your edge device. From 3b03a15683c71231aea5ab77b0715df86e0b2190 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 19 May 2022 17:26:23 -0400 Subject: [PATCH 156/540] update free azure link --- windows/deployment/do/mcc-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index 1eec9bd4bc..8316d27ab3 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -62,7 +62,7 @@ If an MCC node is unavailable, the client will pull content from CDN to ensure u ## Enterprise requirements for MCC -1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management.md) and IoT Hub resource – both are free services. +1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure.microsoft.com/free) and IoT Hub resource – both are free services. Your Azure subscription ID is first used to provision MCC services, and enable access to the preview. The MCC server requirement for an Azure subscription will cost you nothing. If you do not have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/). From 1726db6298ef763e49ebd04db5e22f2f00634b32 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Fri, 20 May 2022 10:16:56 +0530 Subject: [PATCH 157/540] CSP Improvement Updates :part 7 The updates here are made to improve the Acrolinx score and to fix format and grammatical errors as per Task: 5864419. Thanks! --- ...icy-csp-admx-linklayertopologydiscovery.md | 6 +- .../policy-csp-admx-locationprovideradm.md | 28 +- .../mdm/policy-csp-admx-logon.md | 11 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 19 +- .../mdm/policy-csp-admx-mmc.md | 5 +- .../mdm/policy-csp-admx-mmcsnapins.md | 1039 +++++++++-------- .../policy-csp-admx-mobilepcmobilitycenter.md | 15 +- ...y-csp-admx-mobilepcpresentationsettings.md | 14 +- .../mdm/policy-csp-admx-msapolicy.md | 9 +- .../mdm/policy-csp-admx-msched.md | 9 +- .../mdm/policy-csp-admx-msdt.md | 5 +- .../mdm/policy-csp-admx-msi.md | 9 +- .../mdm/policy-csp-admx-msifilerecovery.md | 8 +- .../mdm/policy-csp-admx-nca.md | 5 +- .../mdm/policy-csp-admx-ncsi.md | 15 +- .../mdm/policy-csp-admx-netlogon.md | 25 +- .../mdm/policy-csp-admx-networkconnections.md | 9 +- .../mdm/policy-csp-admx-offlinefiles.md | 35 +- .../mdm/policy-csp-admx-pca.md | 27 +- .../mdm/policy-csp-admx-peertopeercaching.md | 45 +- .../mdm/policy-csp-admx-pentraining.md | 13 +- .../policy-csp-admx-performancediagnostics.md | 17 +- .../mdm/policy-csp-admx-power.md | 66 +- ...licy-csp-admx-powershellexecutionpolicy.md | 13 +- .../mdm/policy-csp-admx-previousversions.md | 92 +- .../mdm/policy-csp-admx-printing.md | 13 +- .../mdm/policy-csp-admx-printing2.md | 15 +- .../mdm/policy-csp-admx-programs.md | 9 +- .../mdm/policy-csp-admx-pushtoinstall.md | 15 +- .../mdm/policy-csp-admx-radar.md | 28 +- 30 files changed, 836 insertions(+), 783 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index 841a1b47a1..7cddcc7cb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_LinkLayerTopologyDiscovery -description: Policy CSP - ADMX_LinkLayerTopologyDiscovery +description: Learn about Policy CSP - ADMX_LinkLayerTopologyDiscovery. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_LinkLayerTopologyDiscovery + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -137,3 +138,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index 9b40c8b242..e842530d5b 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_LocationProviderAdm -description: Policy CSP - ADMX_LocationProviderAdm +description: Learn about Policy CSP - ADMX_LocationProviderAdm. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,9 +13,16 @@ manager: dansimp --- # Policy CSP - ADMX_LocationProviderAdm -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. +> [!WARNING] +> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -58,17 +65,11 @@ manager: dansimp This policy setting turns off the Windows Location Provider feature for this computer. -- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. +- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature. -- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature. +- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -82,7 +83,10 @@ ADMX Info:
    > [!NOTE] -> These policies are currently only available as part of a Windows Insider release. +> These policies are currently only available as a part of Windows Insider release. +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 2f68cebffb..00056b7db9 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Logon -description: Policy CSP - ADMX_Logon +description: Learn about Policy CSP - ADMX_Logon. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Logon + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -102,7 +103,7 @@ manager: dansimp -This policy prevents the user from showing account details (email address or user name) on the sign-in screen. +This policy prevents the user from showing account details (email address or user name) on the sign-in screen. If you enable this policy setting, the user can't choose to show account details on the sign-in screen. @@ -110,7 +111,6 @@ If you disable or don't configure this policy setting, the user may choose to sh - ADMX Info: - GP Friendly name: *Block user from showing account details on sign-in* @@ -710,7 +710,7 @@ ADMX Info: This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user sign in). By default, on client computers, Group Policy processing isn't synchronous; client computers typically don't wait for the network to be fully initialized at startup and sign in. Existing users are signed in using cached credentials, which results in shorter sign-in times. Group Policy is applied in the background after the network becomes available. -Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two sign-ins to be detected. +Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script may take up to two sign-ins to be detected. If a user with a roaming profile, home directory, or user object logon script signs in to a computer, computers always wait for the network to be initialized before signing in the user. If a user has never signed in to this computer before, computers always wait for the network to be initialized. @@ -847,3 +847,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index c2d83759c2..15219dd17a 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MicrosoftDefenderAntivirus -description: Policy CSP - ADMX_MicrosoftDefenderAntivirus +description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -434,14 +434,9 @@ ADMX Info: Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off. -Disabled (Default): -Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance. +If you disable or don't configure this policy setting, Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance. It is disabled by default. -Enabled: -Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios. - -Not configured: -Same as Disabled. +If you enable this policy setting, Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios. @@ -485,8 +480,8 @@ ADMX Info: This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device. -Enabled – The Block at First Sight setting is turned on. -Disabled – The Block at First Sight setting is turned off. +If you enable this feature, the Block at First Sight setting is turned on. +If you disable this feature, the Block at First Sight setting is turned off. This feature requires these Policy settings to be set as follows: @@ -497,7 +492,6 @@ This feature requires these Policy settings to be set as follows: - ADMX Info: - GP Friendly name: *Configure the 'Block at First Sight' feature* @@ -4708,3 +4702,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 33f6ed7399..2702409921 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MMC -description: Policy CSP - ADMX_MMC +description: Learn about Policy CSP - ADMX_MMC. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -323,3 +323,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 1514a912be..8ff8e4f1fc 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MMCSnapins -description: Policy CSP - ADMX_MMCSnapins +description: Learn about Policy CSP - ADMX_MMCSnapins. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -373,7 +373,7 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. @@ -427,7 +427,7 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. @@ -482,15 +482,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -537,15 +537,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -592,15 +592,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -645,17 +645,17 @@ ADMX Info: This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -702,13 +702,13 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -757,15 +757,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -812,15 +812,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -867,15 +867,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -922,15 +922,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -977,15 +977,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1031,15 +1031,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1085,15 +1085,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1139,15 +1139,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1193,15 +1193,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1247,15 +1247,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1301,15 +1301,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1355,15 +1355,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1409,15 +1409,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1463,15 +1463,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1517,15 +1517,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1571,15 +1571,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1625,15 +1625,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1679,15 +1679,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1733,15 +1733,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1787,15 +1787,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1841,15 +1841,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1895,15 +1895,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -1950,15 +1950,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2004,15 +2004,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2058,15 +2058,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2112,15 +2112,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2166,15 +2166,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2220,15 +2220,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2274,15 +2274,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2328,15 +2328,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2380,19 +2380,19 @@ ADMX Info: This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. -If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins. +If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab isn't displayed in those snap-ins. -If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. +If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. - If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. -To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible. +To explicitly permit use of the Group Policy tab, enable this setting. If this setting isn't configured (or disabled), the Group Policy tab is inaccessible. - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. -To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. +To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting isn't configured (or enabled), the Group Policy tab is accessible. -When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. +When the Group Policy tab is inaccessible, it doesn't appear in the site, domain, or organizational unit property sheets. @@ -2438,15 +2438,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2492,15 +2492,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2546,15 +2546,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2600,15 +2600,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2654,15 +2654,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2708,15 +2708,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2762,15 +2762,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2816,15 +2816,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2870,15 +2870,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2924,15 +2924,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -2978,15 +2978,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3032,15 +3032,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3086,15 +3086,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3140,15 +3140,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3194,15 +3194,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3248,15 +3248,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3302,15 +3302,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3356,15 +3356,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3410,15 +3410,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3464,15 +3464,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3518,15 +3518,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3572,15 +3572,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3626,15 +3626,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3680,15 +3680,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3734,15 +3734,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3788,15 +3788,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3842,15 +3842,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3896,15 +3896,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -3950,15 +3950,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4004,15 +4004,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4058,15 +4058,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4112,15 +4112,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4166,15 +4166,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4220,15 +4220,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4274,15 +4274,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4328,15 +4328,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4382,15 +4382,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4436,15 +4436,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4490,15 +4490,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4544,15 +4544,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4598,15 +4598,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4652,15 +4652,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4706,15 +4706,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4760,15 +4760,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4814,15 +4814,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4868,15 +4868,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4922,15 +4922,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -4976,15 +4976,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5030,15 +5030,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5084,15 +5084,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5138,15 +5138,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5192,15 +5192,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5246,15 +5246,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5300,15 +5300,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5354,15 +5354,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5408,15 +5408,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5462,15 +5462,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5516,15 +5516,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5570,15 +5570,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5624,15 +5624,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5678,15 +5678,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5732,15 +5732,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5786,15 +5786,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5840,15 +5840,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5894,15 +5894,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -5948,15 +5948,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6002,15 +6002,15 @@ This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. -When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. +When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -6027,3 +6027,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 1b428b1884..34f7bcbfc2 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MobilePCMobilityCenter -description: Policy CSP - ADMX_MobilePCMobilityCenter +description: Learn about Policy CSP - ADMX_MobilePCMobilityCenter. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,11 +65,11 @@ manager: dansimp This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. - If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. -If you do not configure this policy setting, Windows Mobility Center is on by default. +If you don't configure this policy setting, Windows Mobility Center is on by default. @@ -111,12 +111,12 @@ ADMX Info: -This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. +This policy setting turns off Windows Mobility Center. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. - If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. -If you do not configure this policy setting, Windows Mobility Center is on by default. +If you don't configure this policy setting, Windows Mobility Center is on by default. @@ -133,3 +133,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index f9fe20c69c..c9cd0dfc84 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MobilePCPresentationSettings -description: Policy CSP - ADMX_MobilePCPresentationSettings +description: Learn about Policy CSP - ADMX_MobilePCPresentationSettings. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -67,9 +67,9 @@ manager: dansimp This policy setting turns off Windows presentation settings. -- If you enable this policy setting, Windows presentation settings cannot be invoked. +If you enable this policy setting, Windows presentation settings can't be invoked. -- If you disable this policy setting, Windows presentation settings can be invoked. +If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. @@ -120,14 +120,15 @@ ADMX Info: This policy setting turns off Windows presentation settings. -- If you enable this policy setting, Windows presentation settings cannot be invoked. +If you enable this policy setting, Windows presentation settings can't be invoked. -- If you disable this policy setting, Windows presentation settings can be invoked. +If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. > [!NOTE] > Users will be able to customize their system settings for presentations in Windows Mobility Center. + If you do not configure this policy setting, Windows presentation settings can be invoked. @@ -145,3 +146,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 21ecaf3e29..28951a0ef8 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MSAPolicy -description: Policy CSP - ADMX_MSAPolicy +description: Learn about Policy CSP - ADMX_MSAPolicy. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -60,7 +60,7 @@ manager: dansimp -This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. +This policy setting controls whether users can provide Microsoft accounts for authentication, applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. This functionality applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires. @@ -82,7 +82,8 @@ ADMX Info:
    - - +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 4bcef7a8d0..3a580b4655 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_msched -description: Policy CSP - ADMX_msched +description: Learn about Policy CSP - ADMX_msched. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_msched + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -133,8 +134,8 @@ ADMX Info:
    - - - +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 74fa908dc8..618c6a4ae9 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MSDT -description: Policy CSP - ADMX_MSDT +description: Learn about Policy CSP - ADMX_MSDT. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -212,3 +212,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index acdf31ff93..a0cd0f78dc 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MSI -description: Policy CSP - ADMX_MSI +description: Learn about Policy CSP - ADMX_MSI. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -185,7 +185,7 @@ If you enable this policy setting, all users are permitted to install programs f This policy setting doesn't affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context. -If you disable or don't configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. +If you disable or don't configure this policy setting, users can install programs from removable media by default, only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. Also, see the "Prevent removable media source for any install" policy setting. @@ -1309,7 +1309,8 @@ ADMX Info:
    + +## Related topics - - \ No newline at end of file +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index 2d23267cbd..2c849e4760 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_MsiFileRecovery -description: Policy CSP - ADMX_MsiFileRecovery +description: Learn about Policy CSP - ADMX_MsiFileRecovery. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -94,4 +94,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 4a0b0ee3ae..e9ade41d39 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -431,7 +431,8 @@ ADMX Info:
    - - +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 2560340dd7..1c77cc3924 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_NCSI -description: Policy CSP - ADMX_NCSI +description: Learn about Policy CSP - ADMX_NCSI. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_NCSI + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -78,11 +79,10 @@ manager: dansimp -This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. +This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. - ADMX Info: - GP Friendly name: *Specify corporate DNS probe host address* @@ -162,7 +162,7 @@ ADMX Info: -This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. +This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of the prefixes indicates corporate connectivity. @@ -249,7 +249,7 @@ ADMX Info: -This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. +This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (that is, whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. @@ -291,7 +291,7 @@ ADMX Info: -This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. +This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it's currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. @@ -352,3 +352,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 4527aa2946..69d1b2b128 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Netlogon -description: Policy CSP - ADMX_Netlogon +description: Learn about Policy CSP - ADMX_Netlogon. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Netlogon + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -228,7 +229,6 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6 - ADMX Info: - GP Friendly name: *Return domain controller address type* @@ -268,13 +268,13 @@ ADMX Info: -This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the AllowSingleLabelDnsDomain policy setting is enabled. +This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the `AllowSingleLabelDnsDomain` policy setting is enabled. -By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled. +By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the `AllowSingleLabelDnsDomain` policy setting is enabled. -If you enable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails. +If you enable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails. -If you disable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest. +If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest. @@ -372,11 +372,11 @@ ADMX Info: This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain name. -By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name. +By default, the behavior specified in the `AllowDnsSuffixSearch` is used. If the `AllowDnsSuffixSearch` policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name. If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. -If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers won't the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. +If you disable this policy setting, computers to which this setting is applied will use the `AllowDnsSuffixSearch` policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. The computers won't use the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -1065,7 +1065,7 @@ ADMX Info: This policy setting specifies the extra time for the computer to wait for the domain controller’s (DC) response when logging on to the network. -To specify the expected dial-up delay at sign in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute). +To specify the expected dial-up delay at sign-in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute). If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration. @@ -1163,7 +1163,7 @@ ADMX Info: -This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. +This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. @@ -1466,7 +1466,7 @@ ADMX Info: This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) couldn't be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. -The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0. +The default value for this setting is 45 seconds. The maximum value for this setting is seven days (7*24*60*60). The minimum value for this setting is 0. > [!WARNING] > If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available. @@ -1955,3 +1955,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 5da60f709b..fb57335deb 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_NetworkConnections -description: Policy CSP - ADMX_NetworkConnections +description: Learn about Policy CSP - ADMX_NetworkConnections. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -1446,7 +1446,7 @@ If you enable this setting, ICS can't be enabled or configured by administrators If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. -By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS. +By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS. > [!NOTE] > Internet Connection Sharing is only available when two or more network connections are present. @@ -1567,5 +1567,8 @@ ADMX Info:
    + - \ No newline at end of file +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 6a461fb657..f07a5e91bc 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_OfflineFiles -description: Policy CSP - ADMX_OfflineFiles +description: Learn about Policy CSP - ADMX_OfflineFiles. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_OfflineFiles + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -247,7 +248,7 @@ This policy setting lists network files and folders that are always available fo If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. -If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). +If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy. @@ -298,7 +299,7 @@ This policy setting lists network files and folders that are always available fo If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. -If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). +If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use). If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy. @@ -458,7 +459,6 @@ This setting also disables the "When a network connection is lost" option on the If you enable this setting, you can use the "Action" box to specify how computers in the group respond. - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. - - "Never go offline" indicates that network files aren't available while the server is inaccessible. If you disable this setting or select the "Work offline" option, users can work offline if disconnected. @@ -518,8 +518,7 @@ This setting also disables the "When a network connection is lost" option on the If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. - +- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. - "Never go offline" indicates that network files aren't available while the server is inaccessible. If you disable this setting or select the "Work offline" option, users can work offline if disconnected. @@ -694,7 +693,7 @@ If you don't configure this policy setting, encryption of the Offline Files cach > [!NOTE] > By default, this cache is protected on NTFS partitions by ACLs. -This setting is applied at user sign in. If this setting is changed after user sign in, then user sign out and sign in is required for this setting to take effect. +This setting is applied at user sign-in. If this setting is changed after user sign-in, then user sign-out and sign-in is required for this setting to take effect. @@ -737,7 +736,7 @@ ADMX Info: This policy setting determines which events the Offline Files feature records in the event log. -Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record. +Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels. @@ -794,16 +793,13 @@ ADMX Info: This policy setting determines which events the Offline Files feature records in the event log. -Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record. +Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels. -- "0" records an error when the offline storage cache is corrupted. - +- "0" records an error when the offline storage cache is corrupted. - "1" also records an event when the server hosting the offline file is disconnected from the network. - - "2" also records events when the local computer is connected and disconnected from the network. - - "3" also records an event when the server hosting the offline file is reconnected to the network. > [!NOTE] @@ -897,7 +893,7 @@ ADMX Info: Lists types of files that can't be used offline. -This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline." +This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline." This setting is designed to protect files that can't be separated, such as database components. @@ -1743,7 +1739,7 @@ ADMX Info: This policy setting allows you to turn on economical application of administratively assigned Offline Files. -If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign in. Files and folders that are already available offline are skipped and are synchronized later. +If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign-in. Files and folders that are already available offline are skipped and are synchronized later. If you disable this policy setting, all administratively assigned folders are synchronized at logon. @@ -2293,7 +2289,7 @@ This policy setting determines whether offline files are fully synchronized when This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it. -If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. +If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current. @@ -2350,11 +2346,11 @@ This policy setting determines whether offline files are fully synchronized when This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it. -If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. +If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current. -If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option. +If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default. However, users can change this option. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. @@ -2615,3 +2611,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 940b2bc510..42ba7c4f46 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_pca -description: Policy CSP - ADMX_pca +description: Learn about Policy CSP - ADMX_pca. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -81,10 +81,11 @@ manager: dansimp This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. -- If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. -- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers. +If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. -If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. +If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers. + +If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. > [!NOTE] > This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. @@ -130,7 +131,7 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -176,7 +177,7 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -217,7 +218,7 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -259,7 +260,8 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. + To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -302,7 +304,8 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. + To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -345,7 +348,8 @@ ADMX Info: -This setting exists only for backward compatibility, and is not valid for this version of Windows. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. + To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -364,3 +368,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index d6a2ec5b2f..34ba4b459a 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_PeerToPeerCaching -description: Policy CSP - ADMX_PeerToPeerCaching +description: Learn about Policy CSP - ADMX_PeerToPeerCaching. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_PeerToPeerCaching + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -89,9 +90,7 @@ This policy setting specifies whether BranchCache is enabled on client computers - Set BranchCache Hosted Cache mode - Configure Hosted Cache Servers -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled: With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied. @@ -144,9 +143,7 @@ This policy setting specifies whether BranchCache distributed cache mode is enab In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled: With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied. @@ -199,9 +196,7 @@ This policy setting specifies whether BranchCache hosted cache mode is enabled o When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled: With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied. @@ -272,9 +267,7 @@ This policy setting can only be applied to client computers that are running at If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting, and client computers don't perform hosted cache server discovery. - Enabled: With this selection, the policy setting is applied to client computers, which perform automatically hosted cache server discovery and which are configured as hosted cache mode clients. @@ -324,13 +317,11 @@ This policy setting specifies whether client computers are configured to use hos If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. -This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode." +This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode". If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting. - Enabled: With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers." @@ -382,9 +373,7 @@ ADMX Info: This policy setting is used only when you've deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache latency settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the latency setting that you use on individual client computers. - Enabled: With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -440,9 +429,7 @@ If you enable this policy setting, you can configure the percentage of total dis If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache client computer cache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache setting that you use on individual client computers. - Enabled: With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -501,9 +488,7 @@ If you enable this policy setting, you can configure the age for segments in the If you disable or don't configure this policy setting, the age is set to 28 days. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, BranchCache client computer cache age settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache age setting that you use on individual client computers. - Enabled: With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied. @@ -559,9 +544,7 @@ If you enable this policy setting, all clients use the version of BranchCache th If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system. -Policy configuration - -Select one of the following options: +For policy configuration, select one of the following options: - Not Configured: With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that is included with their operating system. - Enabled: With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify. @@ -591,3 +574,7 @@ ADMX Info: + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index e3c4ae75b9..4c76a42a3e 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_PenTraining -description: Policy CSP - ADMX_PenTraining +description: Learn about Policy CSP - ADMX_PenTraining. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,9 +65,9 @@ manager: dansimp Turns off Tablet PC Pen Training. -- If you enable this policy setting, users cannot open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. -- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. +- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. @@ -111,9 +111,9 @@ ADMX Info: Turns off Tablet PC Pen Training. -- If you enable this policy setting, users cannot open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. -- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. +- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. @@ -131,3 +131,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 639a44a171..9cc9e2323e 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_PerformanceDiagnostics -description: Policy CSP - ADMX_PerformanceDiagnostics +description: Learn about Policy CSP - ADMX_PerformanceDiagnostics. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_PerformanceDiagnostics + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -71,7 +72,7 @@ manager: dansimp This policy setting determines the execution level for Windows Boot Performance Diagnostics. -If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. +If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS. @@ -79,7 +80,8 @@ If you don't configure this policy setting, the DPS will enable Windows Boot Per This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. -No system restart or service restart is required for this policy to take effect: changes take effect immediately. +>[!Note] +>No system restart or service restart is required for this policy to take effect; changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -125,7 +127,7 @@ ADMX Info: Determines the execution level for Windows Standby/Resume Performance Diagnostics. -If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. +If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. @@ -179,7 +181,7 @@ ADMX Info: This policy setting determines the execution level for Windows Shutdown Performance Diagnostics. -If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. +If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS. @@ -233,7 +235,7 @@ ADMX Info: Determines the execution level for Windows Standby/Resume Performance Diagnostics. -If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. +If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. @@ -263,3 +265,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 31a6511577..86b4d9bd92 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Power -description: Policy CSP - ADMX_Power +description: Learn about Policy CSP - ADMX_Power. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Power + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -136,9 +137,9 @@ This policy setting allows you to control the network connectivity state in stan If you enable this policy setting, network connectivity will be maintained in standby. -If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. +If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. -If you do not configure this policy setting, users control this setting. +If you don't configure this policy setting, users control this setting. @@ -184,7 +185,7 @@ This policy setting allows you to turn on the ability for applications and servi If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -234,7 +235,7 @@ If you enable this policy setting, select one of the following actions: - Hibernate - Shut down -If you disable this policy or do not configure this policy setting, users control this setting. +If you disable this policy or don't configure this policy setting, users control this setting. @@ -280,7 +281,7 @@ This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. -If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. +If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. @@ -326,7 +327,7 @@ This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. -If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. +If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. @@ -372,7 +373,7 @@ This policy setting allows you to manage automatic sleep with open network files If you enable this policy setting, the computer automatically sleeps when network files are open. -If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. +If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open. @@ -418,7 +419,7 @@ This policy setting allows you to manage automatic sleep with open network files If you enable this policy setting, the computer automatically sleeps when network files are open. -If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. +If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open. @@ -460,11 +461,11 @@ ADMX Info: -This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool. +This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using `powercfg`, the power configuration command line tool. If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active. -If you disable or do not configure this policy setting, users can see and change this setting. +If you disable or don't configure this policy setting, users can see and change this setting. @@ -515,7 +516,7 @@ If you enable this policy setting, select one of the following actions: - Hibernate - Shut down -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -566,7 +567,7 @@ If you enable this policy setting, select one of the following actions: - Hibernate - Shut down -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -614,7 +615,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t To set the action that is triggered, see the "Critical Battery Notification Action" policy setting. -If you disable this policy setting or do not configure it, users control this setting. +If you disable this policy setting or don't configure it, users control this setting. @@ -664,7 +665,7 @@ To configure the low battery notification level, see the "Low Battery Notificati The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action". -If you disable or do not configure this policy setting, users can control this setting. +If you disable or don't configure this policy setting, users can control this setting. @@ -712,7 +713,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t To set the action that is triggered, see the "Low Battery Notification Action" policy setting. -If you disable this policy setting or do not configure it, users control this setting. +If you disable this policy setting or don't configure it, users control this setting. @@ -758,9 +759,9 @@ This policy setting allows you to control the network connectivity state in stan If you enable this policy setting, network connectivity will be maintained in standby. -If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. +If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. -If you do not configure this policy setting, users control this setting. +If you don't configure this policy setting, users control this setting. @@ -806,7 +807,7 @@ This policy setting allows you to turn on the ability for applications and servi If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -856,7 +857,7 @@ If you enable this policy setting, select one of the following actions: - Hibernate - Shut down -If you disable this policy or do not configure this policy setting, users control this setting. +If you disable this policy or don't configure this policy setting, users control this setting. @@ -902,7 +903,7 @@ This policy setting specifies the period of inactivity before Windows turns off If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. -If you disable or do not configure this policy setting, users can see and change this setting. +If you disable or don't configure this policy setting, users can see and change this setting. @@ -948,7 +949,7 @@ This policy setting specifies the period of inactivity before Windows turns off If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. -If you disable or do not configure this policy setting, users can see and change this setting. +If you disable or don't configure this policy setting, users can see and change this setting. @@ -992,7 +993,7 @@ ADMX Info: This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. -This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. +This setting doesn't affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior. @@ -1000,7 +1001,7 @@ This setting is only applicable when Windows shutdown is initiated by software p If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed. -If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state. +If you disable or don't configure this policy setting, the computer system safely shuts down to a fully powered-off state. @@ -1048,7 +1049,7 @@ If you enable this policy setting, desktop background slideshow is enabled. If you disable this policy setting, the desktop background slideshow is disabled. -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -1096,7 +1097,7 @@ If you enable this policy setting, desktop background slideshow is enabled. If you disable this policy setting, the desktop background slideshow is disabled. -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -1142,7 +1143,7 @@ This policy setting specifies the active power plan from a list of default Windo If you enable this policy setting, specify a power plan from the Active Power Plan list. -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -1186,9 +1187,9 @@ ADMX Info: This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state. -If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state. +If you enable this policy setting, the client computer is locked and prompted for a password when it's resumed from a suspend or hibernate state. -If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation. +If you disable or don't configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation. @@ -1234,7 +1235,7 @@ This policy setting allows you to turn off Power Throttling. If you enable this policy setting, Power Throttling will be turned off. -If you disable or do not configure this policy setting, users control this setting. +If you disable or don't configure this policy setting, users control this setting. @@ -1280,7 +1281,7 @@ This policy setting specifies the percentage of battery capacity remaining that If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification. -If you disable or do not configure this policy setting, users can see and change this setting. +If you disable or don't configure this policy setting, users can see and change this setting. @@ -1299,3 +1300,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 0f0b567c4d..34ae8db19f 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_PowerShellExecutionPolicy -description: Policy CSP - ADMX_PowerShellExecutionPolicy +description: Learn about Policy CSP - ADMX_PowerShellExecutionPolicy. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_PowerShellExecutionPolicy + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -72,7 +73,7 @@ manager: dansimp This policy setting allows you to turn on logging for Windows PowerShell modules. -If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True. +If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell login Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting isn't configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False. @@ -126,7 +127,7 @@ This policy setting lets you configure the script execution policy, controlling If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The "Allow only signed scripts" policy setting allows scripts to execute only if they're signed by a trusted publisher. -The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run. +The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run. And, the scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. @@ -251,4 +252,8 @@ ADMX Info: - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index 690fb95593..aa6509eeeb 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - ADMX_PreviousVersions -
    - - ## ADMX_PreviousVersions policies > [!TIP] @@ -26,6 +23,10 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
    + + +
    ADMX_PreviousVersions/DisableLocalPage_1 @@ -84,13 +85,10 @@ manager: dansimp This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. - -- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. +- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. @@ -134,13 +132,10 @@ ADMX Info: This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. - -- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. +- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. @@ -184,13 +179,10 @@ ADMX Info: This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. - -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -234,13 +226,10 @@ ADMX Info: This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. - -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -285,11 +274,9 @@ ADMX Info: This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. - -- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. - -If you do not configure this policy setting, it is disabled by default. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. +- If you don't configure this policy setting, it's disabled by default. @@ -333,11 +320,9 @@ ADMX Info: This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. - -- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. - -If you do not configure this policy setting, it is disabled by default. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. +- If you don't configure this policy setting, it's disabled by default. @@ -381,13 +366,10 @@ ADMX Info: This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. - -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -431,13 +413,10 @@ ADMX Info: This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. - -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. - -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - -- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -452,3 +431,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 0ea4840878..869b0f1663 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Printing -description: Policy CSP - ADMX_Printing +description: Learn about Policy CSP - ADMX_Printing. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Printing + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -249,7 +250,8 @@ If you enable this policy setting, you replace the "Get help with printing" defa If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder. > [!NOTE] -> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.") +> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. +> To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders." Also, see the "Activate Internet printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers. @@ -303,10 +305,8 @@ If you disable this policy setting, the client computer will only search the loc This policy setting isn't configured by default, and the behavior depends on the version of Windows that you're using. - - ADMX Info: - GP Friendly name: *Extend Point and Print connection to search Windows Update* @@ -1418,5 +1418,8 @@ ADMX Info:
    + - \ No newline at end of file +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 87ff13e471..a7e0cdbfe7 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Printing2 -description: Policy CSP - ADMX_Printing2 +description: Learn about Policy CSP - ADMX_Printing2. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Printing2 + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -186,7 +187,7 @@ ADMX Info: -Determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest. +This policy setting determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest. The Windows pruning service prunes printer objects from Active Directory when the computer that published them doesn't respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains can't republish printers in Active Directory automatically, by default, the system never prunes their printer objects. @@ -409,10 +410,8 @@ If you enable this policy setting, the contact events are recorded in the event If you disable or don't configure this policy setting, the contact events aren't recorded in the event log. -Note: This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged. - > [!NOTE] -> This setting is used only on domain controllers. +> This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged. This setting is used only on domain controllers. @@ -525,4 +524,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index c1089d79fe..129d6e7fe7 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Programs -description: Policy CSP - ADMX_Programs +description: Learn about Policy CSP - ADMX_Programs. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -13,6 +13,7 @@ manager: dansimp --- # Policy CSP - ADMX_Programs + >[!TIP] > These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -82,7 +83,7 @@ This setting removes the Set Program Access and Defaults page from the Programs The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations. -If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users. +If this setting is disabled or not configured, the "Set Program Access and Defaults" button is available to all users. This setting doesn't prevent users from using other tools and methods to change program access or defaults. @@ -90,7 +91,6 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta - ADMX Info: - GP Friendly name: *Hide "Set Program Access and Computer Defaults" page* @@ -400,3 +400,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index 5339356365..d24d8ded60 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_PushToInstall -description: Policy CSP - ADMX_PushToInstall +description: Learn about Policy CSP - ADMX_PushToInstall. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -14,11 +14,6 @@ manager: dansimp # Policy CSP - ADMX_PushToInstall -
    - - -## ADMX_PushToInstall policies - > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -26,6 +21,11 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
    + + +## ADMX_PushToInstall policies +
    ADMX_PushToInstall/DisablePushToInstall @@ -77,3 +77,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index 80e2f293b0..b9b78697d6 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Radar -description: Policy CSP - ADMX_Radar +description: Learn about Policy CSP - ADMX_Radar. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -14,11 +14,6 @@ manager: dansimp # Policy CSP - ADMX_Radar -
    - - -## ADMX_Radar policies - > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > @@ -26,6 +21,11 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
    + + +## ADMX_Radar policies +
    ADMX_Radar/WdiScenarioExecutionPolicy @@ -63,14 +63,19 @@ manager: dansimp This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution. -- If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. +If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. -These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. +These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. +If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. + +No system restart or service restart is required for this policy to take effect; changes take effect immediately. + +>[!Note] +> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -88,3 +93,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) \ No newline at end of file From ed9e2bf19968c706d3a7a72ef6f278b11fd05aeb Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Tue, 24 May 2022 12:53:47 +0530 Subject: [PATCH 158/540] updated the articles with consistency --- .../mdm/policy-csp-timelanguagesettings.md | 9 +++++++-- .../mdm/policy-csp-troubleshooting.md | 8 +++++--- windows/client-management/mdm/policy-csp-update.md | 2 +- windows/client-management/mdm/policy-csp-userrights.md | 2 +- .../mdm/policy-csp-virtualizationbasedtechnology.md | 2 +- .../mdm/policy-csp-windowsautopilot.md | 3 +++ .../mdm/policy-csp-windowsconnectionmanager.md | 2 +- .../mdm/policy-csp-windowsdefendersecuritycenter.md | 2 +- .../mdm/policy-csp-windowsinkworkspace.md | 2 +- .../client-management/mdm/policy-csp-windowslogon.md | 2 +- .../mdm/policy-csp-windowspowershell.md | 2 +- .../client-management/mdm/policy-csp-windowssandbox.md | 2 +- .../mdm/policy-csp-wirelessdisplay.md | 3 +-- windows/client-management/mdm/remotefind-csp.md | 10 ---------- windows/client-management/mdm/sharedpc-csp.md | 10 ---------- windows/client-management/mdm/surfacehub-csp.md | 6 +++++- 16 files changed, 30 insertions(+), 37 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 09a8420d64..28373bae1f 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - TimeLanguageSettings - -
    @@ -43,6 +41,7 @@ manager: dansimp **TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -97,6 +96,7 @@ ADMX Info: **TimeLanguageSettings/ConfigureTimeZone** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -141,6 +141,7 @@ Specifies the time zone to be applied to the device. This policy name is the sta **TimeLanguageSettings/MachineUILanguageOverwrite** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -195,6 +196,7 @@ ADMX Info: **TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -237,3 +239,6 @@ If you disable or don't configure this policy setting, there's no language featu +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index b19352d765..7fad3a3c23 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -12,8 +12,6 @@ ms.date: 09/27/2019 # Policy CSP - Troubleshooting - -
    @@ -32,6 +30,7 @@ ms.date: 09/27/2019 **Troubleshooting/AllowRecommendations** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -54,7 +53,7 @@ ms.date: 09/27/2019 -This policy setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments. +This policy setting allows IT admins to configure, how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments. @@ -98,3 +97,6 @@ By default, this policy isn't configured and the SKU based defaults are used for +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index a48897a174..0e6bf5c815 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3944,4 +3944,4 @@ ADMX Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 1f0d50d501..f7264c42e4 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1429,4 +1429,4 @@ GP Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index d2b0d47276..71c0a56d17 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -134,4 +134,4 @@ The following are the supported values: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index 1dc3fde74d..d02eab1cc4 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -72,3 +72,6 @@ This policy enables Windows Autopilot to be kept up-to-date during the out-of-bo
    + +## Related topics +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 91ec87c881..f8b007b698 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -94,4 +94,4 @@ ADMX Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index d183826d60..ea0fa39bc2 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -1229,4 +1229,4 @@ ADMX Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 593806d14f..bbab1ffef5 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -133,4 +133,4 @@ Supported value type is int. The following list shows the supported values: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index efe4736360..f340a2832a 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -463,4 +463,4 @@ To validate on Desktop, do the following steps: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 72dea8d591..da73125db1 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -88,4 +88,4 @@ ADMX Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 624cc3bf00..77e23b76a7 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -456,4 +456,4 @@ The following are the supported values: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index c93eeb7247..d1d466bb7d 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -456,5 +456,4 @@ The following list shows the supported values: CSP Article: ## Related topics - -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 83a95ac493..6bffbb6aae 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -189,13 +189,3 @@ Supported operation is Get. ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - - diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index c3018f398a..201b4ac1ba 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -230,13 +230,3 @@ The default in the SharedPC provisioning package is 1024. ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - - diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 5b8229bb45..3828794610 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -548,4 +548,8 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle Primary key for authenticating with the workspace. - The data type is string. -- Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string. \ No newline at end of file +- Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string. + +## Related topics + +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file From a52fc2b76311df78c4818d30432df535cb1ecb7d Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Tue, 24 May 2022 16:01:58 +0530 Subject: [PATCH 159/540] improved the article with consistency --- .../mdm/policy-csp-taskmanager.md | 17 +++--- .../mdm/policy-csp-taskscheduler.md | 6 +- .../mdm/policy-csp-textinput.md | 61 ++++++++++++------- 3 files changed, 53 insertions(+), 31 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 1cae440c6c..43727998b5 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - TaskManager -
    @@ -26,13 +25,13 @@ manager: dansimp
    -
    **TaskManager/AllowEndTask** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -57,9 +56,11 @@ manager: dansimp This setting determines whether non-administrators can use Task Manager to end tasks. -Value type is integer. Supported values: +Supported value type is integer. + +Supported values: - 0 - Disabled. EndTask functionality is blocked in TaskManager. -- 1 - Enabled (default). Users can perform EndTask in TaskManager. +- 1 - Enabled (default). Users can perform EndTask in TaskManager. @@ -70,13 +71,15 @@ Value type is integer. Supported values: **Validation procedure:** -When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager -When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager +- When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager. +- When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager.
    - +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 983bd29762..ad0bcd8537 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - TaskScheduler - -
    @@ -34,6 +32,7 @@ manager: dansimp **TaskScheduler/EnableXboxGameSaveTask** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -64,3 +63,6 @@ This setting determines whether the specific task is enabled (1) or disabled (0) +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index f65160e893..d17558e856 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - TextInput - -
    @@ -137,6 +135,7 @@ Placeholder only. Do not use in production environment. **TextInput/AllowIMELogging** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -162,8 +161,7 @@ Placeholder only. Do not use in production environment. > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - -Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. +Allows the user to turn on and off the logging for incorrect conversion, and saving auto-tuning result to a file and history-based predictive input. Most restricted value is 0. @@ -171,8 +169,8 @@ Most restricted value is 0. The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed. +- 1 (default) – Allowed. @@ -183,6 +181,7 @@ The following list shows the supported values: **TextInput/AllowIMENetworkAccess** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -227,6 +226,7 @@ The following list shows the supported values: **TextInput/AllowInputPanel** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -252,7 +252,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most restricted value is 0. @@ -273,6 +272,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseIMESurrogatePairCharacters** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -298,10 +298,8 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the Japanese IME surrogate pair characters. - Most restricted value is 0. @@ -320,6 +318,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseIVSCharacters** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -345,7 +344,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted value is 0. @@ -366,6 +364,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseNonPublishingStandardGlyph** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -391,7 +390,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the Japanese non-publishing standard glyph. Most restricted value is 0. @@ -412,6 +410,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseUserDictionary** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -437,7 +436,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the Japanese user dictionary. Most restricted value is 0. @@ -458,6 +456,7 @@ The following list shows the supported values: **TextInput/AllowKeyboardTextSuggestions** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -524,6 +523,7 @@ This policy has been deprecated. **TextInput/AllowLanguageFeaturesUninstall** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -549,8 +549,7 @@ This policy has been deprecated. > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - -Allows the uninstall of language features, such as spell checkers, on a device. +Allows the uninstall of language features, such as spell checkers on a device. Most restricted value is 0. @@ -578,6 +577,7 @@ The following list shows the supported values: **TextInput/AllowLinguisticDataCollection** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -623,6 +623,7 @@ This setting supports a range of values between 0 and 1. **TextInput/AllowTextInputSuggestionUpdate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -668,6 +669,7 @@ The following list shows the supported values: **TextInput/ConfigureJapaneseIMEVersion** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -713,6 +715,7 @@ The following list shows the supported values: **TextInput/ConfigureSimplifiedChineseIMEVersion** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -758,6 +761,7 @@ The following list shows the supported values: **TextInput/ConfigureTraditionalChineseIMEVersion** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -783,6 +787,7 @@ The following list shows the supported values: > [!NOTE] > - This policy is enforced only in Windows 10 for desktop. > - This policy requires reboot to take effect. + Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop. @@ -802,6 +807,7 @@ The following list shows the supported values: **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -848,6 +854,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -873,7 +880,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the users to restrict character code range of conversion by setting the character filter. @@ -892,6 +898,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -917,7 +924,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the users to restrict character code range of conversion by setting the character filter. @@ -936,6 +942,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptShiftJIS** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -961,7 +968,6 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. - Allows the users to restrict character code range of conversion by setting the character filter. @@ -980,6 +986,7 @@ The following list shows the supported values: **TextInput/ForceTouchKeyboardDockedState** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1021,6 +1028,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardDictationButtonAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1062,6 +1070,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardEmojiButtonAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1103,6 +1112,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardFullModeAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1131,7 +1141,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke The following list shows the supported values: -- 0 (default) - The OS determines when it's most appropriate to be available. +- 0 (default) - The OS determines, when it's most appropriate to be available. - 1 - Full keyboard is always available. - 2 - Full keyboard is always disabled. @@ -1144,6 +1154,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardHandwritingModeAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1172,7 +1183,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this The following list shows the supported values: -- 0 (default) - The OS determines when it's most appropriate to be available. +- 0 (default) - The OS determines, when it's most appropriate to be available. - 1 - Handwriting input panel is always available. - 2 - Handwriting input panel is always disabled. @@ -1185,6 +1196,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardNarrowModeAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1213,7 +1225,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch The following list shows the supported values: -- 0 (default) - The OS determines when it's most appropriate to be available. +- 0 (default) - The OS determines, when it's most appropriate to be available. - 1 - Narrow keyboard is always available. - 2 - Narrow keyboard is always disabled. @@ -1226,6 +1238,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardSplitModeAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1254,7 +1267,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k The following list shows the supported values: -- 0 (default) - The OS determines when it's most appropriate to be available. +- 0 (default) - The OS determines, when it's most appropriate to be available. - 1 - Split keyboard is always available. - 2 - Split keyboard is always disabled. @@ -1267,6 +1280,7 @@ The following list shows the supported values: **TextInput/TouchKeyboardWideModeAvailability** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1295,7 +1309,7 @@ Specifies whether the wide keyboard mode is enabled or disabled for the touch ke The following list shows the supported values: -- 0 (default) - The OS determines when it's most appropriate to be available. +- 0 (default) - The OS determines, when it's most appropriate to be available. - 1 - Wide keyboard is always available. - 2 - Wide keyboard is always disabled. @@ -1305,3 +1319,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 29acc05d38f211ab9f1cc22e7440243fcad099d8 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Tue, 24 May 2022 18:34:27 +0530 Subject: [PATCH 160/540] Updated the links and improved the consistency --- .../mdm/policy-csp-system.md | 113 +++++++++++------- .../mdm/policy-csp-systemservices.md | 35 ++++-- 2 files changed, 97 insertions(+), 51 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index a2830db2e2..87f6bf2f71 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - System - -
    @@ -118,6 +116,7 @@ manager: dansimp **System/AllowBuildPreview** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -171,6 +170,7 @@ The following list shows the supported values: **System/AllowCommercialDataPipeline** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -192,12 +192,12 @@ The following list shows the supported values: -This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). +This policy setting configures an Azure Active Directory joined device, so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering). To enable this behavior, you must complete two steps: - 1. Enable this policy setting - 2. Join an Azure Active Directory account to the device + 1. Enable this policy setting. + 2. Join an Azure Active Directory account to the device. Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above. @@ -244,11 +244,11 @@ This policy setting, in combination with the Allow Telemetry and Configure the C To enable this behavior, you must complete three steps: - 1. Enable this policy setting - 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above - 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace + 1. Enable this policy setting. + 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above. + 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace. -This setting has no effect on devices unless they're properly enrolled in Desktop Analytics. +This setting has no effect on devices, unless they're properly enrolled in Desktop Analytics. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. @@ -268,6 +268,7 @@ The following list shows the supported values: **System/AllowDeviceNameInDiagnosticData** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -289,7 +290,7 @@ The following list shows the supported values: -This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data. +This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data. @@ -322,6 +323,7 @@ The following list shows the supported values: **System/AllowEmbeddedMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -363,6 +365,7 @@ The following list shows the supported values: **System/AllowExperimentation** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -389,7 +392,6 @@ The following list shows the supported values: This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. - Most restricted value is 0. @@ -409,6 +411,7 @@ The following list shows the supported values: **System/AllowFontProviders** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -451,8 +454,8 @@ ADMX Info: The following list shows the supported values: -- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available. -- 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them. +- 0 - false - No traffic to fs.microsoft.com, and only locally installed fonts are available. +- 1 - true (default) - There may be network traffic to fs.microsoft.com, and downloadable fonts are available to apps that support them. @@ -469,6 +472,7 @@ To verify if System/AllowFontProviders is set to true: **System/AllowLocation** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -492,7 +496,6 @@ To verify if System/AllowFontProviders is set to true: Specifies whether to allow app access to the Location service. - Most restricted value is 0. While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. @@ -531,7 +534,7 @@ This policy setting configures an Azure Active Directory joined device so that M For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data). -This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. +This setting has no effect on devices, unless they're properly enrolled in Microsoft Managed Desktop. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. @@ -546,6 +549,7 @@ If you disable this policy setting, devices may not appear in Microsoft Managed **System/AllowStorageCard** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -575,7 +579,7 @@ Most restricted value is 0. The following list shows the supported values: -- 0 – SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. +- 0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. - 1 (default) – Allow a storage card. @@ -587,6 +591,7 @@ The following list shows the supported values: **System/AllowTelemetry** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -618,7 +623,6 @@ The following list shows the supported values for Windows 8.1: - 1 – Allowed, except for Secondary Data Requests. - 2 (default) – Allowed. - In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft. The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets): @@ -657,6 +661,7 @@ ADMX Info: **System/AllowUpdateComplianceProcessing** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -683,9 +688,9 @@ This policy setting, in combination with the Allow Telemetry and Configure the C To enable this behavior, you must complete three steps: - 1. Enable this policy setting - 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above - 3. Set the Configure the Commercial ID setting for your Update Compliance workspace + 1. Enable this policy setting. + 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above. + 3. Set the Configure the Commercial ID setting for your Update Compliance workspace. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. @@ -716,6 +721,7 @@ The following list shows the supported values: **System/AllowUserToResetPhone** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -765,9 +771,9 @@ This policy setting configures an Azure Active Directory joined device so that M To enable this behavior, you must complete three steps: - 1. Enable this policy setting - 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above - 3. Join an Azure Active Directory account to the device + 1. Enable this policy setting. + 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above. + 3. Join an Azure Active Directory account to the device. When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. @@ -788,6 +794,7 @@ The following list shows the supported values: **System/BootStartDriverInitialization** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -815,19 +822,19 @@ This policy setting allows you to specify which boot-start drivers are initializ - Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver. - Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver. -If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize the next time the computer is started. +If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize next time the computer is started. -If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. +If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown, or Bad, but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -845,6 +852,7 @@ ADMX Info: **System/ConfigureMicrosoft365UploadEndpoint** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -872,7 +880,7 @@ If your organization is participating in the program and has been instructed to The value for this setting will be provided by Microsoft as part of the onboarding process for the program. -Value type is string. +Supported value type is string. ADMX Info: @@ -900,6 +908,7 @@ ADMX Info: **System/ConfigureTelemetryOptInChangeNotification** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -922,8 +931,9 @@ ADMX Info: This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings.  -If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing. -If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings. + +- If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing. +- If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings. @@ -948,6 +958,7 @@ The following list shows the supported values: **System/ConfigureTelemetryOptInSettingsUx** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1001,6 +1012,7 @@ The following list shows the supported values: **System/DisableDeviceDelete** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1023,8 +1035,9 @@ The following list shows the supported values: This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page. -If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device. -If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device. + +- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device. +- If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device. @@ -1053,6 +1066,7 @@ ADMX Info: **System/DisableDiagnosticDataViewer** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1075,8 +1089,9 @@ ADMX Info: This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. -If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. -If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page. + +- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. +- If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page. @@ -1105,6 +1120,7 @@ ADMX Info: **System/DisableEnterpriseAuthProxy** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1126,7 +1142,7 @@ ADMX Info: -This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. +This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy, to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy, to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. @@ -1146,6 +1162,7 @@ ADMX Info: **System/DisableOneDriveFileSync** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1209,6 +1226,7 @@ To validate on Desktop, do the following steps: **System/DisableSystemRestore** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1236,19 +1254,19 @@ This policy setting allows you to turn off System Restore. System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume. -If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled. +If you enable this policy setting, System Restore is turned off, then System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled. -If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection. +If you disable or don't configure this policy setting, users can perform System Restore, and configure System Restore settings through System Protection. Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -1266,6 +1284,7 @@ ADMX Info: **System/FeedbackHubAlwaysSaveDiagnosticsLocally** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1305,6 +1324,7 @@ The following list shows the supported values: **System/LimitDiagnosticLogCollection** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1326,7 +1346,7 @@ The following list shows the supported values: -This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection. +This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection. If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data. @@ -1354,6 +1374,7 @@ The following list shows the supported values: **System/LimitDumpCollection** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1375,7 +1396,7 @@ The following list shows the supported values: -This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. +This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. @@ -1404,6 +1425,7 @@ The following list shows the supported values: **System/LimitEnhancedDiagnosticDataWindowsAnalytics** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1438,9 +1460,8 @@ To enable this behavior, you must complete two steps: > [!NOTE] > **Enhanced** is no longer an option for Windows Holographic, version 21H1. - - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full) + - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full). - When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics. Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft. @@ -1465,6 +1486,7 @@ ADMX Info: **System/TelemetryProxy** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1508,6 +1530,7 @@ ADMX Info: **System/TurnOffFileHistory** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1560,3 +1583,7 @@ The following list shows the supported values:
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index c979583ff0..a3235c28c1 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - SystemServices - -
    @@ -49,6 +47,7 @@ manager: dansimp **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -71,7 +70,9 @@ manager: dansimp -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -88,6 +89,7 @@ GP Info: **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -110,7 +112,9 @@ GP Info: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -127,6 +131,7 @@ GP Info: **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -149,7 +154,9 @@ GP Info: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -166,6 +173,7 @@ GP Info: **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -188,7 +196,9 @@ GP Info: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -205,6 +215,7 @@ GP Info: **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -227,7 +238,9 @@ GP Info: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -244,6 +257,7 @@ GP Info: **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -266,7 +280,9 @@ GP Info: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). + +Default: Manual. @@ -281,3 +297,6 @@ GP Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 202c66fd03f993178a60b2a666c7162f0ea9db1c Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Tue, 24 May 2022 23:42:41 +0530 Subject: [PATCH 161/540] sheshachary-5859198-3 Improved the consistency in the article. --- .../client-management/mdm/policy-csp-start.md | 88 ++++++++++++------ .../mdm/policy-csp-storage.md | 93 ++++++++++++------- 2 files changed, 116 insertions(+), 65 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index f760f05bc0..29365fd57b 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Start -
    @@ -119,13 +118,13 @@ manager: dansimp
    -
    **Start/AllowPinnedFolderDocuments** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -156,7 +155,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -167,6 +166,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderDownloads** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -197,7 +197,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -208,6 +208,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderFileExplorer** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -238,7 +239,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -249,6 +250,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderHomeGroup** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -279,7 +281,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -290,6 +292,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderMusic** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -320,7 +323,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -331,6 +334,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderNetwork** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -361,7 +365,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -372,6 +376,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPersonalFolder** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -402,7 +407,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -413,6 +418,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPictures** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -443,7 +449,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -454,6 +460,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderSettings** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -484,7 +491,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -495,6 +502,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderVideos** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -525,7 +533,7 @@ The following list shows the supported values: - 0 – The shortcut is hidden and disables the setting in the Settings app. - 1 – The shortcut is visible and disables the setting in the Settings app. -- 65535 (default) - there's no enforced configuration and the setting can be changed by the user. +- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user. @@ -597,6 +605,7 @@ This string policy will take a JSON file (expected name LayoutModification.json) **Start/DisableContextMenus** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -652,6 +661,7 @@ The following list shows the supported values: **Start/ForceStartSize** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -678,7 +688,6 @@ The following list shows the supported values: Forces the start screen size. - If there's policy configuration conflict, the latest configuration request is applied to the device. @@ -698,6 +707,7 @@ The following list shows the supported values: **Start/HideAppList** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -729,10 +739,9 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. - To validate on Desktop, do the following steps: -- 1 - Enable policy and restart explorer.exe +- 1 - Enable policy and restart explorer.exe. - 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle isn't grayed out. - 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out. - 2c - If set to '3': Verify that there's no way of opening the all apps list from Start, and that the Settings toggle is grayed out. @@ -755,6 +764,7 @@ The following list shows the supported values: **Start/HideChangeAccountSettings** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -802,6 +812,7 @@ To validate on Desktop, do the following steps: **Start/HideFrequentlyUsedApps** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -844,8 +855,8 @@ To validate on Desktop, do the following steps: 1. Enable "Show most used apps" in the Settings app. 2. Use some apps to get them into the most used group in Start. 3. Enable policy. -4. Restart explorer.exe -5. Check that "Show most used apps" Settings toggle is grayed out. +4. Restart explorer.exe. +5. Check that "Show most used apps" Settings toggle is grayed out. 6. Check that most used apps don't appear in Start. @@ -857,6 +868,7 @@ To validate on Desktop, do the following steps: **Start/HideHibernate** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -881,7 +893,6 @@ To validate on Desktop, do the following steps: Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. - > [!NOTE] > This policy can only be verified on laptops as "Hibernate" doesn't appear on regular PC's. @@ -908,6 +919,7 @@ To validate on Laptop, do the following steps: **Start/HideLock** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -955,6 +967,7 @@ To validate on Desktop, do the following steps: **Start/HidePeopleBar** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -979,7 +992,7 @@ To validate on Desktop, do the following steps: Enabling this policy removes the people icon from the taskbar and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. -Value type is integer. +Supported value type is integer. @@ -1005,6 +1018,7 @@ The following list shows the supported values: **Start/HidePowerButton** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1055,6 +1069,7 @@ To validate on Desktop, do the following steps: **Start/HideRecentJumplists** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1098,7 +1113,7 @@ To validate on Desktop, do the following steps: 3. Right click the pinned photos app and verify that a jump list of recently opened items pops up. 4. Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists. 5. Enable policy. -6. Restart explorer.exe +6. Restart explorer.exe. 7. Check that Settings toggle is grayed out. 8. Repeat Step 2. 9. Right Click pinned photos app and verify that there's no jump list of recent items. @@ -1112,6 +1127,7 @@ To validate on Desktop, do the following steps: **Start/HideRecentlyAddedApps** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1162,7 +1178,7 @@ To validate on Desktop, do the following steps: 1. Enable "Show recently added apps" in the Settings app. 2. Check if there are recently added apps in Start (if not, install some). 3. Enable policy. -4. Restart explorer.exe +4. Restart explorer.exe. 5. Check that "Show recently added apps" Settings toggle is grayed out. 6. Check that recently added apps don't appear in Start. @@ -1175,6 +1191,7 @@ To validate on Desktop, do the following steps: **Start/HideRestart** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1222,6 +1239,7 @@ To validate on Desktop, do the following steps: **Start/HideShutDown** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1269,6 +1287,7 @@ To validate on Desktop, do the following steps: **Start/HideSignOut** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1316,6 +1335,7 @@ To validate on Desktop, do the following steps: **Start/HideSleep** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1363,6 +1383,7 @@ To validate on Desktop, do the following steps: **Start/HideSwitchAccount** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1410,6 +1431,7 @@ To validate on Desktop, do the following steps: **Start/HideUserTile** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1461,6 +1483,7 @@ To validate on Desktop, do the following steps: **Start/ImportEdgeAssets** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1497,16 +1520,16 @@ Here's more SKU support information: This policy imports Edge assets (for example, .png/.jpg files) for secondary tiles into its local app data path, which allows the StartLayout policy to pin Edge secondary tiles as weblink that ties to the image asset files. > [!IMPORTANT] -> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy. +> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy, whenever there are Edge secondary tiles to be pinned from StartLayout policy. -The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles). +The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles). To validate on Desktop, do the following steps: 1. Set policy with an XML for Edge assets. -2. Set StartLayout policy to anything so that it would trigger the Edge assets import. +2. Set StartLayout policy to anything so that would trigger the Edge assets import. 3. Sign out/in. 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. @@ -1519,6 +1542,7 @@ To validate on Desktop, do the following steps: **Start/NoPinningToTaskbar** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1541,7 +1565,7 @@ To validate on Desktop, do the following steps: -Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. +Allows IT Admins to configure the taskbar by disabling, pinning, and unpinning apps on the taskbar. @@ -1565,7 +1589,6 @@ To validate on Desktop, do the following steps:
    - **Start/ShowOrHideMostUsedApps** @@ -1622,9 +1645,9 @@ To validate on Desktop, do the following steps: The following list shows the supported values: -- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings -- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings -- Not set - User can use Settings to hide or show Most Used Apps in Start Menu +- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings. +- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings. +- Not set - User can use Settings to hide or show Most Used Apps in Start Menu. On clean install, the user setting defaults to "hide". @@ -1638,6 +1661,7 @@ On clean install, the user setting defaults to "hide". **Start/StartLayout** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -1672,7 +1696,7 @@ Here's more SKU support information: |Windows 10, version 1607 and later |Enterprise, Education, Business | |Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation | -Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy +Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy. For more information on how to customize the Start layout, see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar). @@ -1689,3 +1713,7 @@ ADMX Info:
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 383f6aedfb..58c9fa7e57 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Storage -
    @@ -65,13 +64,13 @@ manager: dansimp
    -
    **Storage/AllowDiskHealthModelUpdates** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -96,7 +95,7 @@ manager: dansimp Allows disk health model updates. -Value type is integer. +Supported value type is integer. @@ -122,6 +121,7 @@ The following list shows the supported values: **Storage/AllowStorageSenseGlobal** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -131,7 +131,8 @@ The following list shows the supported values: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -146,7 +147,7 @@ Note: Versions prior to version 1903 don't support group policy. -Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy. +Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space, and it is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy. If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy). @@ -179,6 +180,7 @@ ADMX Info: **Storage/AllowStorageSenseTemporaryFilesCleanup** +Versions prior to version 1903 don't support group policy. |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -188,7 +190,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -239,6 +242,7 @@ ADMX Info: **Storage/ConfigStorageSenseCloudContentDehydrationThreshold** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -248,7 +252,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -299,6 +304,7 @@ ADMX Info: **Storage/ConfigStorageSenseDownloadsCleanupThreshold** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -308,7 +314,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -359,6 +366,7 @@ ADMX Info: **Storage/ConfigStorageSenseGlobalCadence** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -368,7 +376,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -425,6 +434,7 @@ ADMX Info: **Storage/ConfigStorageSenseRecycleBinCleanupThreshold** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -434,7 +444,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to version 1903 don't support group policy. +> [!NOTE] +> Versions prior to version 1903 don't support group policy.
    @@ -485,6 +496,7 @@ ADMX Info: **Storage/EnhancedStorageDevices** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -509,17 +521,17 @@ ADMX Info: This policy setting configures whether or not Windows will activate an Enhanced Storage device. -If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices. +If you enable this policy setting, Windows won't activate un-activated Enhanced Storage devices. -If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices. +If you disable or don't configure this policy setting, Windows will activate un-activated Enhanced Storage devices. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -537,6 +549,7 @@ ADMX Info: **Storage/RemovableDiskDenyWriteAccess** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -564,7 +577,7 @@ If you enable this policy setting, write access is denied to this removable stor > [!Note] > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." -Supported values: +Supported values for this policy are: - 0 - Disable - 1 - Enable @@ -597,6 +610,7 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin **Storage/WPDDevicesDenyReadAccessPerDevice** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -621,16 +635,16 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android: -- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth -- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth -- Mass Storage Class (MSC) over USB +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth. +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth. +- Mass Storage Class (MSC) over USB. To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46). If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android. >[!NOTE] -> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, for example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. Supported values for this policy are: - Not configured @@ -659,6 +673,7 @@ ADMX Info: **Storage/WPDDevicesDenyReadAccessPerUser** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -683,16 +698,16 @@ ADMX Info: This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android: -- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth -- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth -- Mass Storage Class (MSC) over USB +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth. +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth. +- Mass Storage Class (MSC) over USB. To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46). If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android. >[!NOTE] -> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. Supported values for this policy are: - Not configured @@ -721,6 +736,7 @@ ADMX Info: **Storage/WPDDevicesDenyWriteAccessPerDevice** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -745,16 +761,16 @@ ADMX Info: This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android: -- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth -- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth -- Mass Storage Class (MSC) over USB +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth. +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth. +- Mass Storage Class (MSC) over USB. To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46). If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android. >[!NOTE] -> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. Supported values for this policy are: - Not configured @@ -783,6 +799,7 @@ ADMX Info: **Storage/WPDDevicesDenyWriteAccessPerUser** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -807,16 +824,16 @@ ADMX Info: This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android: -- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth -- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth -- Mass Storage Class (MSC) over USB +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth. +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth. +- Mass Storage Class (MSC) over USB. To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46). If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android. >[!NOTE] -> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. Supported values for this policy are: - Not configured @@ -846,6 +863,7 @@ ADMX Info: **StorageHealthMonitor/DisableStorageHealthMonitor** +The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -855,7 +873,8 @@ ADMX Info: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Note: Versions prior to 21H2 will not support this policy +> [!NOTE] +> Versions prior to 21H2 will not support this policy
    @@ -872,15 +891,15 @@ Note: Versions prior to 21H2 will not support this policy Allows disable of Storage Health Monitor. -Value type is integer. +Supported value type is integer. The following list shows the supported values: -- 0 - Storage Health Monitor is Enabled -- 1 - Storage Health Monitor is Disabled +- 0 - Storage Health Monitor is Enabled. +- 1 - Storage Health Monitor is Disabled. @@ -889,3 +908,7 @@ The following list shows the supported values: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 9a10606eb20ecb217b72cc849abbbdaa6382512d Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Tue, 24 May 2022 21:43:16 -0700 Subject: [PATCH 162/540] Update wufb-wsus.md Adding an outline of the "Check online for updates" behavior. --- windows/deployment/update/wufb-wsus.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index e90960de49..6df97965dc 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -57,6 +57,8 @@ To help you better understand the scan source policy, see the default scan behav > [!TIP] > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. +Note - If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who click "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. + ## Configure the scan sources The policy can be configured using the following two methods: From 7698f320544be38fdf0469425e2ce5bd063bcbbe Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Wed, 25 May 2022 10:41:20 +0530 Subject: [PATCH 163/540] Updated-6020449 Bulk metadata update. --- windows/security/apps.md | 3 --- windows/security/cloud.md | 5 ----- windows/security/cryptography-certificate-mgmt.md | 2 -- windows/security/encryption-data-protection.md | 4 +--- windows/security/hardware.md | 3 --- windows/security/identity.md | 3 --- windows/security/operating-system.md | 3 --- windows/security/security-foundations.md | 3 --- .../threat-protection/block-untrusted-fonts-in-enterprise.md | 5 ----- windows/security/threat-protection/fips-140-validation.md | 1 - .../threat-protection/get-support-for-security-baselines.md | 3 --- windows/security/threat-protection/index.md | 5 ----- .../security/threat-protection/mbsa-removal-and-guidance.md | 2 -- .../threat-protection/msft-security-dev-lifecycle.md | 1 - ...e-mitigation-options-for-app-related-security-policies.md | 4 ---- .../overview-of-threat-mitigations-in-windows-10.md | 3 --- ...-by-controlling-the-health-of-windows-10-based-devices.md | 5 ----- ...dows-event-forwarding-to-assist-in-intrusion-detection.md | 4 ---- .../create-an-outbound-program-or-service-rule.md | 5 ----- .../windows-firewall/create-inbound-rules-to-support-rpc.md | 5 ----- .../create-windows-firewall-rules-in-intune.md | 5 ----- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 5 ----- ...ing-a-windows-firewall-with-advanced-security-strategy.md | 5 ----- .../determining-the-trusted-state-of-your-devices.md | 5 ----- .../windows-firewall/documenting-the-zones.md | 5 ----- .../domain-isolation-policy-design-example.md | 5 ----- .../windows-firewall/domain-isolation-policy-design.md | 5 ----- .../windows-firewall/enable-predefined-inbound-rules.md | 5 ----- .../windows-firewall/enable-predefined-outbound-rules.md | 5 ----- .../windows-firewall/encryption-zone-gpos.md | 5 ----- .../threat-protection/windows-firewall/encryption-zone.md | 5 ----- ...indows-firewall-with-advanced-security-design-examples.md | 5 ----- .../windows-firewall/exempt-icmp-from-authentication.md | 5 ----- .../threat-protection/windows-firewall/exemption-list.md | 5 ----- .../windows-firewall/filter-origin-documentation.md | 2 -- .../threat-protection/windows-firewall/firewall-gpos.md | 5 ----- .../windows-firewall/firewall-policy-design-example.md | 5 ----- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 -- ...ing-information-about-your-active-directory-deployment.md | 5 ----- ...-information-about-your-current-network-infrastructure.md | 5 ----- .../gathering-information-about-your-devices.md | 5 ----- .../windows-firewall/gathering-other-relevant-information.md | 5 ----- .../windows-firewall/gathering-the-information-you-need.md | 5 ----- .../windows-firewall/gpo-domiso-boundary.md | 5 ----- .../windows-firewall/gpo-domiso-encryption.md | 5 ----- .../windows-firewall/gpo-domiso-firewall.md | 5 ----- .../windows-firewall/gpo-domiso-isolateddomain-clients.md | 5 ----- .../windows-firewall/gpo-domiso-isolateddomain-servers.md | 5 ----- ...ndows-firewall-with-advanced-security-deployment-goals.md | 5 ----- ...ur-windows-firewall-with-advanced-security-design-plan.md | 5 ----- .../windows-firewall/isolated-domain-gpos.md | 5 ----- .../threat-protection/windows-firewall/isolated-domain.md | 5 ----- .../windows-firewall/isolating-apps-on-your-network.md | 4 ---- .../windows-firewall/link-the-gpo-to-the-domain.md | 5 ----- ...ls-to-a-windows-firewall-with-advanced-security-design.md | 5 ----- ...ers-to-apply-to-a-different-zone-or-version-of-windows.md | 5 ----- ...roup-policy-management-console-to-ip-security-policies.md | 5 ----- ...ent-console-to-windows-firewall-with-advanced-security.md | 5 ----- ...he-group-policy-management-console-to-windows-firewall.md | 5 ----- .../open-windows-firewall-with-advanced-security.md | 5 ----- .../planning-certificate-based-authentication.md | 5 ----- .../windows-firewall/planning-domain-isolation-zones.md | 5 ----- .../windows-firewall/planning-gpo-deployment.md | 5 ----- ...nning-group-policy-deployment-for-your-isolation-zones.md | 5 ----- .../planning-isolation-groups-for-the-zones.md | 5 ----- .../windows-firewall/planning-network-access-groups.md | 5 ----- .../windows-firewall/planning-server-isolation-zones.md | 5 ----- .../planning-settings-for-a-basic-firewall-policy.md | 5 ----- .../threat-protection/windows-firewall/planning-the-gpos.md | 5 ----- ...ning-to-deploy-windows-firewall-with-advanced-security.md | 5 ----- ...ng-your-windows-firewall-with-advanced-security-design.md | 5 ----- .../windows-firewall/procedures-used-in-this-guide.md | 5 ----- .../protect-devices-from-unwanted-network-traffic.md | 5 ----- .../threat-protection/windows-firewall/quarantine.md | 5 ----- ...-encryption-when-accessing-sensitive-network-resources.md | 5 ----- .../restrict-access-to-only-specified-users-or-devices.md | 5 ----- .../restrict-access-to-only-trusted-devices.md | 5 ----- .../restrict-server-access-to-members-of-a-group-only.md | 5 ----- .../securing-end-to-end-ipsec-connections-by-using-ikev2.md | 4 ---- .../windows-firewall/server-isolation-gpos.md | 5 ----- .../server-isolation-policy-design-example.md | 5 ----- .../windows-firewall/server-isolation-policy-design.md | 5 ----- .../windows-firewall/troubleshooting-uwp-firewall.md | 2 -- ...urn-on-windows-firewall-and-configure-default-behavior.md | 5 ----- ...windows-firewall-with-advanced-security-design-process.md | 4 ---- .../verify-that-network-traffic-is-authenticated.md | 5 ----- ...vanced-security-administration-with-windows-powershell.md | 4 ---- ...ndows-firewall-with-advanced-security-deployment-guide.md | 5 ----- .../windows-firewall-with-advanced-security-design-guide.md | 5 ----- .../windows-firewall-with-advanced-security.md | 4 ---- .../threat-protection/windows-platform-common-criteria.md | 1 - .../windows-sandbox/windows-sandbox-architecture.md | 1 - .../windows-sandbox-configure-using-wsb-file.md | 1 - .../windows-sandbox/windows-sandbox-overview.md | 1 - .../get-support-for-security-baselines.md | 3 --- .../security-compliance-toolkit-10.md | 3 --- .../windows-security-baselines.md | 3 --- windows/security/trusted-boot.md | 4 +--- windows/security/zero-trust-windows-device-health.md | 3 --- 99 files changed, 2 insertions(+), 423 deletions(-) diff --git a/windows/security/apps.md b/windows/security/apps.md index e376d06d98..a2cd365e1b 100644 --- a/windows/security/apps.md +++ b/windows/security/apps.md @@ -4,9 +4,6 @@ description: Get an overview of application security in Windows 10 and Windows 1 ms.reviewer: manager: dansimp ms.author: dansimp -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/cloud.md b/windows/security/cloud.md index 7bccc2aa84..980e361561 100644 --- a/windows/security/cloud.md +++ b/windows/security/cloud.md @@ -5,15 +5,10 @@ ms.reviewer: author: denisebmsft ms.author: deniseb manager: dansimp -audience: ITPro ms.topic: conceptual ms.date: 09/20/2021 ms.localizationpriority: medium ms.custom: -f1.keywords: NOCSH -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security search.appverid: MET150 ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md index 7c781c1bdf..c4062d7e7c 100644 --- a/windows/security/cryptography-certificate-mgmt.md +++ b/windows/security/cryptography-certificate-mgmt.md @@ -5,7 +5,6 @@ search.appverid: MET150 author: denisebmsft ms.author: deniseb manager: dansimp -audience: ITPro ms.topic: conceptual ms.date: 09/07/2021 ms.prod: m365-security @@ -14,7 +13,6 @@ ms.localizationpriority: medium ms.collection: ms.custom: ms.reviewer: skhadeer, raverma -f1.keywords: NOCSH --- # Cryptography and Certificate Management diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md index 359afde71f..782617bafe 100644 --- a/windows/security/encryption-data-protection.md +++ b/windows/security/encryption-data-protection.md @@ -5,7 +5,6 @@ search.appverid: MET150 author: denisebmsft ms.author: deniseb manager: dansimp -audience: ITPro ms.topic: conceptual ms.date: 09/08/2021 ms.prod: m365-security @@ -13,8 +12,7 @@ ms.technology: windows-sec ms.localizationpriority: medium ms.collection: ms.custom: -ms.reviewer: deepakm, rafals -f1.keywords: NOCSH +ms.reviewer: deepakm, rafals --- # Encryption and data protection in Windows client diff --git a/windows/security/hardware.md b/windows/security/hardware.md index 435dd886c2..ffeb576881 100644 --- a/windows/security/hardware.md +++ b/windows/security/hardware.md @@ -4,9 +4,6 @@ description: Get an overview of hardware security in Windows 11 and Windows 10 ms.reviewer: manager: dansimp ms.author: dansimp -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/identity.md b/windows/security/identity.md index bf6a97473a..797f089f86 100644 --- a/windows/security/identity.md +++ b/windows/security/identity.md @@ -4,9 +4,6 @@ description: Get an overview of identity security in Windows 11 and Windows 10 ms.reviewer: manager: dansimp ms.author: dansimp -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md index 310538cbee..305b40e22f 100644 --- a/windows/security/operating-system.md +++ b/windows/security/operating-system.md @@ -5,9 +5,6 @@ ms.reviewer: ms.topic: article manager: dansimp ms.author: deniseb -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: denisebmsft ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md index 0d118520fc..1dc5324f16 100644 --- a/windows/security/security-foundations.md +++ b/windows/security/security-foundations.md @@ -5,9 +5,6 @@ ms.reviewer: ms.topic: article manager: dansimp ms.author: deniseb -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: denisebmsft ms.collection: M365-security-compliance ms.prod: m365-security diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index 7057f8c90f..564c7cdfe4 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -1,14 +1,9 @@ --- title: Block untrusted fonts in an enterprise (Windows 10) description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature. -ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4 ms.reviewer: manager: dansimp -keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts ms.prod: m365-security -ms.mktglfcycl: deploy -ms.pagetype: security -ms.sitesec: library author: dansimp ms.author: dansimp ms.date: 08/14/2017 diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 778a829c8b..68328931ed 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -2,7 +2,6 @@ title: Federal Information Processing Standard (FIPS) 140 Validation description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 5d606c7889..2159488c70 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -1,14 +1,11 @@ --- title: Get support description: Frequently asked question about how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization. -keywords: virtualization, security, malware ms.prod: m365-security -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp author: dulcemontemayor manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index c76ead4afc..02f00be3f6 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -1,17 +1,12 @@ --- title: Windows threat protection description: Describes the security capabilities in Windows client focused on threat protection -keywords: threat protection, Microsoft Defender Antivirus, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection search.product: eADQiWindows 10XVcnh ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.author: dansimp author: dansimp ms.localizationpriority: medium manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.technology: windows-sec diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 406ee97c59..c8fafe64a7 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -1,9 +1,7 @@ --- title: Guide to removing Microsoft Baseline Security Analyzer (MBSA) description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions. -keywords: MBSA, security, removal ms.prod: m365-security -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp author: dansimp diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md index df8eacefc1..9be071fa44 100644 --- a/windows/security/threat-protection/msft-security-dev-lifecycle.md +++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md @@ -2,7 +2,6 @@ title: Microsoft Security Development Lifecycle description: Download the Microsoft Security Development Lifecycle white paper which covers a security assurance process focused on software development. ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index 33712bcefa..681a9ae413 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -3,11 +3,7 @@ manager: dansimp ms.author: dansimp title: Override Process Mitigation Options (Windows 10) description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies. -keywords: Process Mitigation Options, Mitigation Options, Group Policy Mitigation Options ms.prod: m365-security -ms.mktglfcycl: deploy -ms.pagetype: security -ms.sitesec: library author: dulcemontemayor ms.localizationpriority: medium ms.technology: windows-sec diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 9d7d8ad4bc..436d94ab00 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -2,9 +2,6 @@ title: Mitigate threats by using Windows 10 security features (Windows 10) description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.reviewer: diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 087bf0dbc9..ed70e30816 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -1,15 +1,10 @@ --- title: Control the health of Windows 10-based devices (Windows 10) description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices. -ms.assetid: 45DB1C41-C35D-43C9-A274-3AD5F31FE873 ms.reviewer: manager: dansimp ms.author: dansimp -keywords: security, BYOD, malware, device health attestation, mobile ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security, devices author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 9376277ddf..411b14fcba 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -1,14 +1,10 @@ --- title: Use Windows Event Forwarding to help with intrusion detection (Windows 10) description: Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. -ms.assetid: 733263E5-7FD1-45D2-914A-184B9E3E6A3F ms.reviewer: manager: dansimp ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index 15141a8aff..ec94f13e2b 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -1,17 +1,12 @@ --- title: Create an Outbound Program or Service Rule (Windows) description: Use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. -ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index 9539084377..6e4429688b 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -1,17 +1,12 @@ --- title: Create Inbound Rules to Support RPC (Windows) description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security. -ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 33d369d823..502b0b5b91 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -1,17 +1,12 @@ --- title: Create Windows Firewall rules in Intune (Windows) description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune. -ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 6d9896ef84..1b2931e18d 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -1,17 +1,12 @@ --- title: Create WMI Filters for the GPO (Windows) description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows. -ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index bb72548e1a..7e365c2fbf 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -1,17 +1,12 @@ --- title: Designing a Windows Defender Firewall Strategy (Windows) description: Answer the question in this article to design an effective Windows Defender Firewall with Advanced Security Strategy. -ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index be0ce97138..34d586e1c1 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -1,17 +1,12 @@ --- title: Determining the Trusted State of Your Devices (Windows) description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security. -ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index 6b8adafa56..4b52443989 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -1,17 +1,12 @@ --- title: Documenting the Zones (Windows) description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security. -ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index ec6e6a670b..d3e12bfc41 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -1,17 +1,12 @@ --- title: Domain Isolation Policy Design Example (Windows) description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security. -ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index 0f112cdfa7..ac3e4beadc 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -1,17 +1,12 @@ --- title: Domain Isolation Policy Design (Windows) description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain. -ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index cd420e5088..c17b29ef65 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -1,17 +1,12 @@ --- title: Enable Predefined Inbound Rules (Windows) description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions. -ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index 0102f9ee3a..782c3d49fc 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -1,17 +1,12 @@ --- title: Enable Predefined Outbound Rules (Windows) description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security. -ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index 6d909df105..dfb2391789 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -1,17 +1,12 @@ --- title: Encryption Zone GPOs (Windows) description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security. -ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index fe2e9815a6..8a6dd9db87 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -1,17 +1,12 @@ --- title: Encryption Zone (Windows) description: Learn how to create an encryption zone to contain devices that host very sensitive data and require that the sensitive network traffic be encrypted. -ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 0a1c8c3094..9cd638e39c 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -1,17 +1,12 @@ --- title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows) description: Evaluating Windows Defender Firewall with Advanced Security Design Examples -ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index 686d6ff871..dee6778a40 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -1,17 +1,12 @@ --- title: Exempt ICMP from Authentication (Windows) description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security. -ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index c060789ce3..a150d214f5 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -1,17 +1,12 @@ --- title: Exemption List (Windows) description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions. -ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md index ca7cb954eb..ad4e1359c3 100644 --- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md +++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md @@ -4,8 +4,6 @@ description: Filter origin documentation audit log improvements ms.reviewer: ms.author: v-bshilpa ms.prod: m365-security -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: normal author: Benny-54 manager: dansimp diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index c6815864d5..9cac69201b 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -1,17 +1,12 @@ --- title: Firewall GPOs (Windows) description: In this example, a Group Policy Object is linked to the domain container because the domain controllers are not part of the isolated domain. -ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index e130a76c47..6152948655 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -1,17 +1,12 @@ --- title: Basic Firewall Policy Design Example (Windows) description: This example features a fictitious company and illustrates firewall policy design for Windows Defender Firewall with Advanced Security. -ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 562716bc3b..db56dcc84e 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -4,8 +4,6 @@ description: Firewall settings lost on upgrade ms.reviewer: ms.author: v-bshilpa ms.prod: m365-security -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: Benny-54 manager: dansimp diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 32c6dd328f..fe4d111ad1 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -1,17 +1,12 @@ --- title: Gathering Information about Your Active Directory Deployment (Windows) description: Learn about gathering Active Directory information, including domain layout, organizational unit architecture, and site topology, for your firewall deployment. -ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 792686a4b3..0c7ab93228 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -1,17 +1,12 @@ --- title: Gathering Info about Your Network Infrastructure (Windows) description: Learn how to gather info about your network infrastructure so that you can effectively plan for Windows Defender Firewall with Advanced Security deployment. -ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 0e57c0e9a9..6d7e499d9c 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -1,17 +1,12 @@ --- title: Gathering Information about Your Devices (Windows) description: Learn what information to gather about the devices in your enterprise to plan your Windows Defender Firewall with Advanced Security deployment. -ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 579ef8f647..fe22f964b8 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -1,17 +1,12 @@ --- title: Gathering Other Relevant Information (Windows) description: Learn about additional information you may need to gather to deploy Windows Defender Firewall with Advanced Security policies in your organization. -ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index 8482a7cd65..0599090184 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -1,17 +1,12 @@ --- title: Gathering the Information You Need (Windows) description: Collect and analyze information about your network, directory services, and devices to prepare for Windows Defender Firewall with Advanced Security deployment. -ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index afa8e8f5cc..adfb2e0acb 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -1,17 +1,12 @@ --- title: GPO\_DOMISO\_Boundary (Windows) description: This example GPO supports devices that are not part of the isolated domain to access specific servers that must be available to those untrusted devices. -ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index d1ca928d07..bc83b6e60d 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -1,18 +1,13 @@ --- title: GPO\_DOMISO\_Encryption\_WS2008 (Windows) description: This example GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests. -ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446 ms.reviewer: ms.author: dansimp author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium ms.date: 09/08/2021 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index 662dd03f50..6cd30ab0e7 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -1,17 +1,12 @@ --- title: GPO\_DOMISO\_Firewall (Windows) description: Learn about the settings and rules in this example GPO, which is authored by using the Group Policy editing tools. -ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index bed380f50e..ce23a063fa 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -1,17 +1,12 @@ --- title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows) description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. -ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index 84d2f5ce16..3e29726a15 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -1,17 +1,12 @@ --- title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows) description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. -ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index 6746a2c01c..5684e64a1e 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -1,17 +1,12 @@ --- title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows) description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals -ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index 9f16389687..19be53c930 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -1,17 +1,12 @@ --- title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows) description: Implementing Your Windows Defender Firewall with Advanced Security Design Plan -ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index ccaefb1de6..afdbbb4444 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -1,17 +1,12 @@ --- title: Isolated Domain GPOs (Windows) description: Learn about GPOs for isolated domains in this example configuration of Windows Defender Firewall with Advanced Security. -ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index af0a3cd985..336af76b07 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -1,17 +1,12 @@ --- title: Isolated Domain (Windows) description: Learn about the isolated domain, which is the primary zone for trusted devices, which use connection security and firewall rules to control communication. -ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index 642c968859..94c2d1efc2 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -2,13 +2,9 @@ title: Isolating Microsoft Store Apps on Your Network (Windows) description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index 472e264155..27ca0787a6 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -1,17 +1,12 @@ --- title: Link the GPO to the Domain (Windows) description: Learn how to link a GPO to the Active Directory container for the target devices, after you configure it in Windows Defender Firewall with Advanced Security. -ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 4d847f7055..e14954cb74 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -1,17 +1,12 @@ --- title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows) description: Mapping your implementation goals to a Windows Firewall with Advanced Security design -ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index e2e209ff07..20c89d309f 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -1,17 +1,12 @@ --- title: Modify GPO Filters (Windows) description: Learn how to modify GPO filters to apply to a different zone or version of windows in Windows Defender Firewall with Advanced Security. -ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 7b4d920b83..27d55010fe 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -1,17 +1,12 @@ --- title: Open the Group Policy Management Console to IP Security Policies (Windows) description: Learn how to open the Group Policy Management Console to IP Security Policies to configure GPOs for earlier versions of the Windows operating system. -ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index d55f5793ea..6b414fd0e1 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -1,17 +1,12 @@ --- title: Group Policy Management of Windows Firewall with Advanced Security (Windows) description: Group Policy Management of Windows Firewall with Advanced Security -ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index 77e7c364b3..7c1ef5c3ab 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -1,17 +1,12 @@ --- title: Group Policy Management of Windows Defender Firewall (Windows) description: Group Policy Management of Windows Defender Firewall with Advanced Security -ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index c46ba8f97f..31a3fba50f 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -1,17 +1,12 @@ --- title: Open Windows Defender Firewall with Advanced Security (Windows) description: Learn how to open the Windows Defender Firewall with Advanced Security console. You must be a member of the Administrators group. -ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index c5d10098c9..e0e0de7084 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -1,17 +1,12 @@ --- title: Planning Certificate-based Authentication (Windows) description: Learn how a device unable to join an Active Directory domain can still participate in an isolated domain by using certificate-based authentication. -ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index a5c690294e..8732491e55 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -1,17 +1,12 @@ --- title: Planning Domain Isolation Zones (Windows) description: Learn how to use information you have gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security. -ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index 81d3ffeabe..fcdef1ec8f 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -1,17 +1,12 @@ --- title: Planning GPO Deployment (Windows) description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory. -ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index 3002cef090..46f1ec18cd 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -1,17 +1,12 @@ --- title: Planning Group Policy Deployment for Your Isolation Zones (Windows) description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment. -ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 6cf3ebe60c..703b785517 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -1,17 +1,12 @@ --- title: Planning Isolation Groups for the Zones (Windows) description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs. -ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index 9a897f0089..115c4bc0b4 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -1,17 +1,12 @@ --- title: Planning Network Access Groups (Windows) description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security. -ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index 9e87ee9790..7c7ab8b78d 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -1,17 +1,12 @@ --- title: Planning Server Isolation Zones (Windows) description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security. -ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index ed55752803..5aed4df804 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -1,17 +1,12 @@ --- title: Planning Settings for a Basic Firewall Policy (Windows) description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices. -ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index 74e85fa1a0..054cd6b4c9 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -1,17 +1,12 @@ --- title: Planning the GPOs (Windows) description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout. -ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index d651e8e71b..1bb9e49550 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -1,17 +1,12 @@ --- title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows) description: Use the design information in this article to plan for the deployment of Windows Defender Firewall with Advanced Security in your organization. -ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index 66140941f1..c88257ead5 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -1,17 +1,12 @@ --- title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows) description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment. -ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index e45fb6c5e6..8c98be2b77 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -1,17 +1,12 @@ --- title: Procedures Used in This Guide (Windows) description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide. -ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 40645e4078..ba994c905e 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -1,17 +1,12 @@ --- title: Protect devices from unwanted network traffic (Windows) description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy. -ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md index 83309d4b1b..42338ede59 100644 --- a/windows/security/threat-protection/windows-firewall/quarantine.md +++ b/windows/security/threat-protection/windows-firewall/quarantine.md @@ -4,14 +4,9 @@ description: Quarantine behavior is explained in detail. ms.author: v-bshilpa author: Benny-54 manager: dansimp -ms.assetid: ms.reviewer: ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: normal -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index 5ae57cd35b..23025f1e50 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -1,17 +1,12 @@ --- title: Require Encryption When Accessing Sensitive Network Resources (Windows) description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted. -ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 4e8ca4f98b..b91f299c18 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -1,17 +1,12 @@ --- title: Restrict Access to Only Specified Users or Devices (Windows) description: Restrict access to devices and users that are members of domain groups authorized to access that device using Windows Defender Firewall with Advanced Security. -ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 287942862c..cc78b7ceb7 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -1,17 +1,12 @@ --- title: Restrict access to only trusted devices (Windows) description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices. -ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index 35882149d3..d405ae9ad9 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -1,17 +1,12 @@ --- title: Restrict Server Access to Members of a Group Only (Windows) description: Create a firewall rule to access isolated servers running Windows Server 2008 or later and restrict server access to members of a group. -ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 70ebf3fd75..e43a977d74 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -2,13 +2,9 @@ title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows) description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index 9ec9d59a12..9f249ae1c5 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -1,17 +1,12 @@ --- title: Server Isolation GPOs (Windows) description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security. -ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index 59eb498be0..f5b9e6802b 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -1,17 +1,12 @@ --- title: Server Isolation Policy Design Example (Windows) description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company. -ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 92ff6b97db..c9a669692f 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -1,17 +1,12 @@ --- title: Server Isolation Policy Design (Windows) description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group. -ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md index 3e3a5b108f..2337344ccf 100644 --- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md +++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md @@ -4,8 +4,6 @@ description: Troubleshooting UWP App Connectivity Issues in Windows Firewall ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index 0ae4b4f8dd..64a55b790e 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -1,17 +1,12 @@ --- title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows) description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior -ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index d6dbf5fd5a..dd58d0c8d0 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -2,13 +2,9 @@ title: Understand WFAS Deployment (Windows) description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index 7ae486d08d..0c11ed522b 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -1,17 +1,12 @@ --- title: Verify That Network Traffic Is Authenticated (Windows) description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication. -ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index b00b59d00e..c89e65cba2 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -2,13 +2,9 @@ title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows) description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index dfcf6cfc99..fbb11692e8 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -1,17 +1,12 @@ --- title: Windows Defender Firewall with Advanced Security deployment overview (Windows) description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network. -ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index 38545a3d40..623503499e 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -1,17 +1,12 @@ --- title: Windows Defender Firewall with Advanced Security design guide (Windows) description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise. -ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51 ms.reviewer: ms.author: dansimp ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index 989c1be1a1..966c5e4a6a 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -2,14 +2,10 @@ title: Windows Defender Firewall with Advanced Security (Windows) description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features. ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 281436db6f..d9ecdb1fb0 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -2,7 +2,6 @@ title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md index 31d3aba69a..be77c53fd5 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md @@ -2,7 +2,6 @@ title: Windows Sandbox architecture description: Windows Sandbox architecture ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index cd5f7a2082..94adc3d7c8 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -2,7 +2,6 @@ title: Windows Sandbox configuration description: Windows Sandbox configuration ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 29b2f22f62..ec43ba1f84 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -2,7 +2,6 @@ title: Windows Sandbox description: Windows Sandbox overview ms.prod: m365-security -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index c3cc25f375..52c3d0d811 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -1,14 +1,11 @@ --- title: Get support for security baselines description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related topics. -keywords: virtualization, security, malware ms.prod: m365-security -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/14/2022 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index eec2742b4c..3fd0c07c67 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -1,14 +1,11 @@ --- title: Microsoft Security Compliance Toolkit 1.0 Guide description: This article describes how to use Security Compliance Toolkit 1.0 in your organization -keywords: virtualization, security, malware ms.prod: m365-security -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/14/2022 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 6d4c993655..18cb5242f6 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -1,14 +1,11 @@ --- title: Security baselines guide description: Learn how to use security baselines in your organization. -keywords: virtualization, security, malware ms.prod: m365-security -ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp author: dansimp manager: dansimp -audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/26/2022 diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md index 6792a8df14..a0e24a1035 100644 --- a/windows/security/trusted-boot.md +++ b/windows/security/trusted-boot.md @@ -5,7 +5,6 @@ search.appverid: MET150 author: denisebmsft ms.author: deniseb manager: dansimp -audience: ITPro ms.topic: conceptual ms.date: 09/21/2021 ms.prod: m365-security @@ -13,8 +12,7 @@ ms.technology: windows-sec ms.localizationpriority: medium ms.collection: ms.custom: -ms.reviewer: jsuther -f1.keywords: NOCSH +ms.reviewer: jsuther --- # Secure Boot and Trusted Boot diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 8b9b5e1d73..6953ab042b 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -5,9 +5,6 @@ ms.reviewer: ms.topic: article manager: dansimp ms.author: dansimp -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security author: dansimp ms.collection: M365-security-compliance ms.custom: intro-overview From 0f73fa70a7f26603567e55625f4e9d12a7ec9171 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 25 May 2022 14:01:27 +0500 Subject: [PATCH 164/540] Update deployment-service-overview.md --- windows/deployment/update/deployment-service-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 7459c71de0..2d8c81fbbc 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -162,7 +162,7 @@ Following is an example of setting the policy using Microsoft Endpoint Manager: 8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: - **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing** + **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\System\\AllowWUfBCloudProcessing** ## Best practices Follow these suggestions for the best results with the service. From efef3ac28684794739a27427bc0f792d4cecf4ce Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 25 May 2022 17:37:03 +0530 Subject: [PATCH 165/540] Improved the consistency in the articles. --- .../mdm/policy-csp-remoteprocedurecall.md | 25 +++++++++-------- .../mdm/policy-csp-remoteshell.md | 16 ++++++----- .../mdm/policy-csp-restrictedgroups.md | 12 +++++--- .../mdm/policy-csp-search.md | 28 ++++++++++--------- .../mdm/policy-csp-security.md | 28 +++++++++---------- .../mdm/policy-csp-servicecontrolmanager.md | 11 ++++---- .../mdm/policy-csp-settings.md | 16 ++++++----- .../mdm/policy-csp-speech.md | 5 ++-- 8 files changed, 78 insertions(+), 63 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index c2235cdbb4..46c9d3befd 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - RemoteProcedureCall -
    @@ -30,11 +29,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -64,15 +63,16 @@ manager: dansimp -This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. +This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. -If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service. +If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service. -If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service. +If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service. -Note: This policy won't be applied until the system is rebooted. +> [!NOTE] +> This policy won't be applied until the system is rebooted. @@ -114,13 +114,13 @@ ADMX Info: -This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. +This policy setting controls, how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. -This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. +This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. -If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. +If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client, and the value of "None" used for Server SKUs that support this policy setting. If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting. @@ -128,7 +128,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict - "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them. -- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. +- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. > [!NOTE] > This policy setting won't be applied until the system is rebooted. @@ -148,3 +148,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 25abffed2e..e77f45c306 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - RemoteShell -
    @@ -45,11 +44,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -127,7 +126,7 @@ ADMX Info: This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system. -The value can be any number from 1 to 100. +The value can be any number from 1 to 100. If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit. @@ -173,7 +172,7 @@ ADMX Info: -This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted. +This policy setting configures the maximum time in milliseconds, and remote shell will stay open without any user activity until it is automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values. @@ -273,7 +272,7 @@ This policy setting configures the maximum number of processes a remote shell is If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes. -If you disable or do not configure this policy setting, the limit is five processes per shell. +If you disable or do not configure this policy setting, the limit is five processes per shell. @@ -315,7 +314,7 @@ ADMX Info: -This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system. +This policy setting configures the maximum number of concurrent shells and any user can remotely open on the same system. Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of shells. @@ -380,3 +379,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 4c77b145dc..7c72312d5d 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -15,7 +15,7 @@ manager: dansimp # Policy CSP - RestrictedGroups > [!IMPORTANT] -> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. +> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy, to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
    @@ -60,7 +60,7 @@ manager: dansimp This security setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. When a Restricted Groups policy is enforced, any current member of a restricted group that is not on the Members list is removed, except for the built-in administrator in the built-in Administrators group. Any user on the Members list who is not currently a member of the restricted group is added. An empty Members list means that the restricted group has no members. The membership configuration is based on SIDS, therefore renaming these built-in groups does not affect retention of this special membership. -For example, you can create a Restricted Groups policy to allow only specified users, Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group and all other members will be removed. +For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed. > [!CAUTION] > Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error: @@ -69,7 +69,7 @@ For example, you can create a Restricted Groups policy to allow only specified u > |----------|----------|----------|----------| > | 0x55b (Hex)
    1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h | -Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group and should be used with caution. +Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group, and should be used with caution. ```xml @@ -152,7 +152,7 @@ The following table describes how this policy setting behaves in different Windo | ------------------ | --------------- | |Windows 10, version 1803 | Added this policy setting.
    XML accepts group and member only by name.
    Supports configuring the administrators group using the group name.
    Expects member name to be in the account name format. | | Windows 10, version 1809
    Windows 10, version 1903
    Windows 10, version 1909 | Supports configuring any local group.
    `` accepts only name.
    `` accepts a name or an SID.
    This is useful when you want to ensure a certain local group always has a well-known SID as member. | -| Windows 10, version 2004 | Behaves as described in this topic.
    Accepts name or SID for group and members and translates as appropriate. | +| Windows 10, version 2004 | Behaves as described in this topic.
    Accepts name or SID for group and members and translates as appropriate.| @@ -160,3 +160,7 @@ The following table describes how this policy setting behaves in different Windo
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 68fdb085a9..c87b81714c 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -99,7 +99,7 @@ manager: dansimp -Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. +Allow Search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. @@ -252,9 +252,9 @@ The following list shows the supported values: Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. -When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. +When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes file path and date modified. -When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device. +When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps, if there are many WIP-protected media files on the device. Most restricted value is 0. @@ -359,7 +359,6 @@ This policy controls whether search highlights are shown in the search box or in - If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home. - If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home. - ADMX Info: @@ -371,11 +370,13 @@ ADMX Info: The following list shows the supported values in Windows 10: -- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home. + +- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home. - Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home. The following list shows the supported values in Windows 11: + - Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home. - Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home. @@ -424,7 +425,6 @@ This policy has been deprecated. Allows the use of diacritics. - Most restricted value is 0. @@ -473,7 +473,7 @@ The following list shows the supported values: -Allow Windows indexer. Value type is integer. +Allow Windows indexer. Supported value type is integer. @@ -508,7 +508,6 @@ Allow Windows indexer. Value type is integer. Specifies whether to always use automatic language detection when indexing content and properties. - Most restricted value is 0. @@ -712,9 +711,9 @@ Don't search the web or display web results in Search, or show search highlights This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home. -- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. +- If you enable this policy setting, queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. -- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. +- If you disable this policy setting, queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. @@ -728,8 +727,8 @@ ADMX Info: The following list shows the supported values: -- 0 - Not allowed. Queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. -- 1 (default) - Allowed. Queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. +- 0 - Not allowed. Queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. +- 1 (default) - Allowed. Queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. @@ -764,7 +763,7 @@ The following list shows the supported values: Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. -Enable this policy if computers in your environment have limited hard drive space. +Enable this policy, if computers in your environment have limited hard drive space. When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. @@ -839,3 +838,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index dcf870fbf8..b3b590d8c6 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Security -
    @@ -53,7 +52,6 @@ manager: dansimp -
    @@ -185,7 +183,7 @@ The following list shows the supported values: -Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. +Admin access is required. The prompt will appear on first admin logon after a reboot, when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. @@ -200,7 +198,7 @@ ADMX Info: The following list shows the supported values: - 0 (default) – Won't force recovery from a non-ready TPM state. -- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. +- 1 – Will prompt to clear the TPM, if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. @@ -242,9 +240,9 @@ Configures the use of passwords for Windows features. The following list shows the supported values: -- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features) -- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features) -- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords") +- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features). +- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features). +- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords"). @@ -324,9 +322,10 @@ The following list shows the supported values: This policy controls the Admin Authentication requirement in RecoveryEnvironment. Supported values: -- 0 - Default: Keep using default(current) behavior -- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment -- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment + +- 0 - Default: Keep using default(current) behavior. +- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment. +- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment. @@ -393,7 +392,6 @@ If the MDM policy is set to "NoRequireAuthentication" (2) Allows enterprise to turn on internal storage encryption. - Most restricted value is 1. > [!IMPORTANT] @@ -477,8 +475,7 @@ The following list shows the supported values: -Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. - +Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS), when a device boots or reboots. Setting this policy to 1 (Required): @@ -488,7 +485,6 @@ Setting this policy to 1 (Required): > [!NOTE] > We recommend that this policy is set to Required after MDM enrollment. - Most restricted value is 1. @@ -504,3 +500,7 @@ The following list shows the supported values: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index 118dd3a3a7..43f21004aa 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -12,8 +12,6 @@ ms.date: 09/27/2019 # Policy CSP - ServiceControlManager - -
    @@ -25,7 +23,6 @@ ms.date: 09/27/2019 -
    @@ -67,11 +64,11 @@ If you disable or do not configure this policy setting, the stricter security se > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -96,3 +93,7 @@ Supported values:
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 1b0e0f8bc4..a303582fb5 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -64,7 +64,6 @@ manager: dansimp -
    @@ -249,7 +248,7 @@ This policy disables edit device name option on Settings. -Describes what values are supported in by this policy and meaning of each value, default value. +Describes what values are supported in/by this policy and meaning of each value, and default value. @@ -611,7 +610,7 @@ The following list shows the supported values: -Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. +Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. @@ -664,21 +663,21 @@ The following list shows the supported values: Allows IT Admins to either: -- Prevent specific pages in the System Settings app from being visible or accessible +- Prevent specific pages in the System Settings app from being visible or accessible. OR -- To do so for all pages except the pages you enter +- To do so for all pages except the pages you enter. The mode will be specified by the policy string beginning with either the string `showonly:` or `hide:`. Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. -For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). +For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). The following example shows a policy that allows access only to the **about** and **bluetooth** pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: `showonly:about;bluetooth` -If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list. +If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable, if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list. The format of the PageVisibilityList value is as follows: @@ -721,3 +720,6 @@ To validate on Desktop, use the following steps: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index fe81410adf..3725e9be8d 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Speech -
    @@ -26,7 +25,6 @@ manager: dansimp -
    @@ -79,3 +77,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 21305bd4887a1484c2fd854638c99de4e1e39b32 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Wed, 25 May 2022 15:12:05 -0400 Subject: [PATCH 166/540] windows deployment --- windows/deployment/update/windows-as-a-service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index a53cf59f90..7d845a4b3e 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -74,7 +74,7 @@ Learn more about Windows as a service and its value to your organization. [What's new in Windows 10 deployment](../deploy-whats-new.md) -[How Microsoft IT deploys Windows 10](https://channel9.msdn.com/events/Ignite/2015/BRK3303) +[Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios) ## Plan From 2312627655c07f961b862f70e7a543de1184a850 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Wed, 25 May 2022 15:19:41 -0400 Subject: [PATCH 167/540] update scan failure --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index 3442f06f82..1bc8934e2e 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -198,7 +198,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
    Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures).
    If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
    `http://windowsupdate.microsoft.com`
    `https://*.windowsupdate.microsoft.com`
    `https://update.microsoft.com`
    `https://*.update.microsoft.com`
    `https://windowsupdate.com`
    `https://*.windowsupdate.com`
    `https://download.windowsupdate.com`
    `https://*.download.windowsupdate.com`
    `https://download.microsoft.com`
    `https://*.download.windowsupdate.com`
    `https://wustat.windows.com`
    `https://*.wustat.windows.com`
    `https://ntservicepack.microsoft.com` | +| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
    Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures).
    If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
    `http://windowsupdate.microsoft.com`
    `https://*.windowsupdate.microsoft.com`
    `https://update.microsoft.com`
    `https://*.update.microsoft.com`
    `https://windowsupdate.com`
    `https://*.windowsupdate.com`
    `https://download.windowsupdate.com`
    `https://*.download.windowsupdate.com`
    `https://download.microsoft.com`
    `https://*.download.windowsupdate.com`
    `https://wustat.windows.com`
    `https://*.wustat.windows.com`
    `https://ntservicepack.microsoft.com` | ## 0x80240022 From 0851e01b91e37d509115bc5cc73794b5004bd957 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Wed, 25 May 2022 15:43:40 -0400 Subject: [PATCH 168/540] fix path variable --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 76ea88816f..eab18099b1 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -241,7 +241,7 @@ When you run Disk Cleanup and enable the option to Clean up system files, you ca To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then click **Yes** to confirm the elevation prompt. Screenshots and other steps to open an elevated command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). -Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/all/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). +Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a directory in your PATH variable. These directories are automatically searched. Type **echo %PATH%** to see the directories in your PATH variable. If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. From c51041b06b7d7f0baee15f3c046519363747e5e7 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Wed, 25 May 2022 14:29:25 -0700 Subject: [PATCH 169/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 0771489578..b26beb9800 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -40,7 +40,7 @@ RemoteWipe --------Status ``` **doWipe** -Specifies that a remote wipe of the device should be performed. The return status code indicates whether the device accepted the Exec command. +Specifies that a remote wipe of the device should be performed. A remote wipe is the equivalent of running "Reset this PC > Remove everything" from the Settings app. The return status code indicates whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -56,9 +56,9 @@ Supported operation is Exec. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. **doWipeProtected** -Added in Windows 10, version 1703. Exec on this node performs a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. +Added in Windows 10, version 1703. Exec on this node performs a remote wipe on the device and fully clean the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. -The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it’s done. +The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it’s done. Because doWipeProtected will keep trying to reset the device until it's done, use doWipeProtected in lost/stolen device scenarios. Supported operation is Exec. From 5a71d6aeb4c32bfde1c02c30a8e21d40f6b6c40e Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Wed, 25 May 2022 18:35:08 -0400 Subject: [PATCH 170/540] update attack surface --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- windows/whats-new/whats-new-windows-10-version-1709.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 40a615660a..08e73d4d56 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -202,7 +202,7 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti - For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset). -[Windows Hello](/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). +Windows Hello for Business now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). - Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 905d4ff2dd..8d96b994b4 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -95,7 +95,7 @@ Windows Defender Application Guard hardens a favorite attacker entry-point by is ### Windows Defender Exploit Guard -Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include [Exploit protection](/microsoft-365/security/defender-endpoint/enable-exploit-protection), [Attack surface reduction protection](/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction), [Controlled folder access](/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access), and [Network protection](/microsoft-365/security/defender-endpoint/enable-network-protection). +Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include [Exploit protection](/microsoft-365/security/defender-endpoint/enable-exploit-protection), [Attack surface reduction protection](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide), [Controlled folder access](/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access), and [Network protection](/microsoft-365/security/defender-endpoint/enable-network-protection). ### Windows Defender Device Guard From 9bdc2cd3d09c9c5fd6c7819dfdd36dd5b4180fc9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 26 May 2022 11:34:38 +0500 Subject: [PATCH 171/540] Update network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md --- ...security-restrict-ntlm-ntlm-authentication-in-this-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index ccaba0be7d..5b35621c9b 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -86,7 +86,7 @@ None. Changes to this policy become effective without a restart when saved local ### Group Policy -Setting and deploying this policy using Group Policy takes precedence over the setting on the local device. If the Group Policy is set to **Not Configured**, local settings will apply. +Setting and deploying this policy using Group Policy takes precedence over the setting on the local device. If the Group Policy is set to **Not Configured**, local settings will apply. The policy is applicable to domain controllers only. ### Auditing From ec0b114dd77c289f51e8ec2feedf34e7340f32fc Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Thu, 26 May 2022 14:33:21 +0530 Subject: [PATCH 172/540] Improved consistency in the article --- .../mdm/policy-csp-remotemanagement.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index a0059027d9..5a376d16f6 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - RemoteManagement - -
    @@ -70,11 +68,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -579,7 +577,7 @@ ADMX Info: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins. -If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer. +If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer. If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely. @@ -677,9 +675,9 @@ ADMX Info: -This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. +This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity. -If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host. +If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host. If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer. @@ -798,3 +796,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 91750419b7dc1ee4fbbb1987dfb3d8b7863d1902 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Fri, 27 May 2022 02:13:19 +0530 Subject: [PATCH 173/540] Updated-6020449 Articles updated to pass Acrolinx check. --- ...ining-the-trusted-state-of-your-devices.md | 38 +++++++++---------- .../windows-firewall/encryption-zone-gpos.md | 2 +- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index 34d586e1c1..cdbb54af14 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -20,7 +20,7 @@ ms.technology: windows-sec - Windows 11 - Windows Server 2016 and above -After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status. +After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security can't exceed the level of security set by the least secure client that achieves trusted status. >**Note:**  In this context, the term *trust* has nothing to do with an Active Directory trust relationship between domains. The trusted state of your devices just indicates the level of risk that you believe the device brings to the network. Trusted devices bring little risk whereas untrusted devices can potentially bring great risk. @@ -41,9 +41,9 @@ The remainder of this section defines these states and how to determine which de ### Trusted state -Classifying a device as trusted means that the device's security risks are managed, but it does not imply that it is perfectly secure or invulnerable. The responsibility for this managed state falls to the IT and security administrators, in addition to the users who are responsible for the configuration of the device. A trusted device that is poorly managed will likely become a point of weakness for the network. +Classifying a device as trusted means that the device's security risks are managed, but it doesn't imply that it's perfectly secure or invulnerable. The responsibility for this managed state falls to the IT and security administrators, in addition to the users who are responsible for the configuration of the device. A trusted device that is poorly managed will likely become a point of weakness for the network. -When a device is considered trusted, other trusted devices can reasonably assume that the device will not initiate a malicious act. For example, trusted devices can expect that other trusted devices will not run a virus that attacks them, because all trusted devices are required to use mechanisms (such as antivirus software) to mitigate the threat of viruses. +When a device is considered trusted, other trusted devices can reasonably assume that the device won't initiate a malicious act. For example, trusted devices can expect that other trusted devices won't run a virus that attacks them, because all trusted devices are required to use mechanisms (such as antivirus software) to mitigate the threat of viruses. Spend some time defining the goals and technology requirements that your organization considers appropriate as the minimum configuration for a device to obtain trusted status. @@ -63,49 +63,49 @@ A possible list of technology requirements might include the following: - **Password requirements.** Trusted clients must use strong passwords. -It is important to understand that the trusted state is not constant; it is a transient state that is subject to changing security standards and compliance with those standards. New threats and new defenses emerge constantly. For this reason, the organization's management systems must continually check the trusted devices to ensure ongoing compliance. Additionally, the management systems must be able to issue updates or configuration changes if they are required to help maintain the trusted status. +It's important to understand that the trusted state isn't constant; it's a transient state that is subject to changing security standards and compliance with those standards. New threats and new defenses emerge constantly. For this reason, the organization's management systems must continually check the trusted devices to ensure ongoing compliance. Additionally, the management systems must be able to issue updates or configuration changes if they're required to help maintain the trusted status. -A device that continues to meet all these security requirements can be considered trusted. However it is possible that most devices that were identified in the discovery process discussed earlier do not meet these requirements. Therefore, you must identify which devices can be trusted and which ones cannot. To help with this process, you use the intermediate *trustworthy* state. The remainder of this section discusses the different states and their implications. +A device that continues to meet all these security requirements can be considered trusted. However it's possible that most devices that were identified in the discovery process discussed earlier don't meet these requirements. Therefore, you must identify which devices can be trusted and which ones can't. To help with this process, you use the intermediate *trustworthy* state. The remainder of this section discusses the different states and their implications. ### Trustworthy state -It is useful to identify as soon as possible those devices in your current infrastructure that can achieve a trusted state. A *trustworthy state* can be assigned to indicate that the current device can physically achieve the trusted state with required software and configuration changes. +It's useful to identify as soon as possible those devices in your current infrastructure that can achieve a trusted state. A *trustworthy state* can be assigned to indicate that the current device can physically achieve the trusted state with required software and configuration changes. For each device that is assigned a trustworthy status, make an accompanying configuration note that states what is required to enable the device to achieve trusted status. This information is especially important to both the project design team (to estimate the costs of adding the device to the solution) and the support staff (to enable them to apply the required configuration). Generally, trustworthy devices fall into one of the following two groups: -- **Configuration required.** The current hardware, operating system, and software enable the device to achieve a trustworthy state. However, additional configuration changes are required. For example, if the organization requires a secure file system before a device can be considered trusted, a device that uses a FAT32-formatted hard disk does not meet this requirement. +- **Configuration required.** The current hardware, operating system, and software enable the device to achieve a trustworthy state. However, additional configuration changes are required. For example, if the organization requires a secure file system before a device can be considered trusted, a device that uses a FAT32-formatted hard disk doesn't meet this requirement. - **Upgrade required.** These devices require upgrades before they can be considered trusted. The following list provides some examples of the type of upgrade these devices might require: - - **Operating system upgrade required.** If the device's current operating system cannot support the security needs of the organization, an upgrade would be required before the device could achieve a trusted state. + - **Operating system upgrade required.** If the device's current operating system can't support the security needs of the organization, an upgrade would be required before the device could achieve a trusted state. - - **Software required.** A device that is missing a required security application, such as an antivirus scanner or a management client, cannot be considered trusted until these applications are installed and active. + - **Software required.** A device that is missing a required security application, such as an antivirus scanner or a management client, can't be considered trusted until these applications are installed and active. - **Hardware upgrade required.** In some cases, a device might require a specific hardware upgrade before it can achieve trusted status. This type of device usually needs an operating system upgrade or additional software that forces the required hardware upgrade. For example, security software might require additional hard disk space on the device. - - **Device replacement required.** This category is reserved for devices that cannot support the security requirements of the solution because their hardware cannot support the minimum acceptable configuration. For example, a device that cannot run a secure operating system because it has an old processor (such as a 100-megahertz \[MHz\] x86-based device). + - **Device replacement required.** This category is reserved for devices that can't support the security requirements of the solution because their hardware can't support the minimum acceptable configuration. For example, a device that can't run a secure operating system because it has an old processor (such as a 100-megahertz \[MHz\] x86-based device). Use these groups to assign costs for implementing the solution on the devices that require upgrades. ### Known, untrusted state -During the process of categorizing an organization's devices, you will identify some devices that cannot achieve trusted status for specific well-understood and well-defined reasons. These reasons might include the following types: +During the process of categorizing an organization's devices, you'll identify some devices that can't achieve trusted status for specific well-understood and well-defined reasons. These reasons might include the following types: -- **Financial.** The funding is not available to upgrade the hardware or software for this device. +- **Financial.** The funding isn't available to upgrade the hardware or software for this device. -- **Political.** The device must remain in an untrusted state because of a political or business situation that does not enable it to comply with the stated minimum security requirements of the organization. It is highly recommended that you contact the business owner or independent software vendor (ISV) for the device to discuss the added value of server and domain isolation. +- **Political.** The device must remain in an untrusted state because of a political or business situation that doesn't enable it to comply with the stated minimum security requirements of the organization. It's highly recommended that you contact the business owner or independent software vendor (ISV) for the device to discuss the added value of server and domain isolation. - **Functional.** The device must run a nonsecure operating system or must operate in a nonsecure manner to perform its role. For example, the device might be required to run an older operating system because a specific line of business application will only work on that operating system. There can be multiple functional reasons for a device to remain in the known untrusted state. The following list includes several examples of functional reasons that can lead to a classification of this state: -- **Devices that run unsupported versions of Windows.** This includes Windows XP, Windows Millennium Edition, Windows 98, Windows 95, or Windows NT. Devices that run these versions of the Windows operating system cannot be classified as trustworthy because these operating systems do not support the required security infrastructure. For example, although Windows NT does support a basic security infrastructure, it does not support “deny” ACLs on local resources, any way to ensure the confidentiality and integrity of network communications, smart cards for strong authentication, or centralized management of device configurations (although limited central management of user configurations is supported). +- **Devices that run unsupported versions of Windows.** This includes Windows XP, Windows Millennium Edition, Windows 98, Windows 95, or Windows NT. Devices that run these versions of the Windows operating system can't be classified as trustworthy because these operating systems don't support the required security infrastructure. For example, although Windows NT does support a basic security infrastructure, it doesn't support “deny” ACLs on local resources, any way to ensure the confidentiality and integrity of network communications, smart cards for strong authentication, or centralized management of device configurations (although limited central management of user configurations is supported). -- **Stand-alone devices.** Devices running any version of Windows that are configured as stand-alone devices or as members of a workgroup usually cannot achieve a trustworthy state. Although these devices fully support the minimum required basic security infrastructure, the required security management capabilities are unlikely to be available when the device is not a part of a trusted domain. +- **Stand-alone devices.** Devices running any version of Windows that are configured as stand-alone devices or as members of a workgroup usually can't achieve a trustworthy state. Although these devices fully support the minimum required basic security infrastructure, the required security management capabilities are unlikely to be available when the device isn't a part of a trusted domain. -- **Devices in an untrusted domain.** A device that is a member of a domain that is not trusted by an organization's IT department cannot be classified as trusted. An untrusted domain is a domain that cannot provide the required security capabilities to its members. Although the operating systems of devices that are members of this untrusted domain might fully support the minimum required basic security infrastructure, the required security management capabilities cannot be fully guaranteed when devices are not in a trusted domain. +- **Devices in an untrusted domain.** A device that is a member of a domain that isn't trusted by an organization's IT department can't be classified as trusted. An untrusted domain is a domain that can't provide the required security capabilities to its members. Although the operating systems of devices that are members of this untrusted domain might fully support the minimum required basic security infrastructure, the required security management capabilities can't be fully guaranteed when devices aren't in a trusted domain. ### Unknown, untrusted state @@ -124,20 +124,20 @@ The final step in this part of the process is to record the approximate cost of - What is the projected cost or impact of making the proposed changes to enable the device to achieve a trusted state? -By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular device or group of devices into the scope of the project. It is important to remember that the state of a device is transitive, and that by performing the listed remedial actions you can change the state of a device from untrusted to trusted. After you decide whether to place a device in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) discusses. +By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular device or group of devices into the scope of the project. It's important to remember that the state of a device is transitive, and that by performing the listed remedial actions you can change the state of a device from untrusted to trusted. After you decide whether to place a device in a trusted state, you're ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) discusses. The following table is an example of a data sheet that you could use to help capture the current state of a device and what would be required for the device to achieve a trusted state. | Device name | Hardware reqs met | Software reqs met | Configuration required | Details | Projected cost | | - | - | - | - | - | - | -| CLIENT001 | No| No| Upgrade hardware and software.| Current operating system is Windows XP. Old hardware is not compatible with newer versions of Windows.| $??| +| CLIENT001 | No| No| Upgrade hardware and software.| Current operating system is Windows XP. Old hardware isn't compatible with newer versions of Windows.| $??| | SERVER001 | Yes| No| Join trusted domain and upgrade from Windows Server 2003 to Windows Server 2012.| No antivirus software present.| $??| In the previous table, the device CLIENT001 is currently "known, untrusted" because its hardware must be upgraded. However, it could be considered trustworthy if the required upgrades are possible. However, if many devices require the same upgrades, the overall cost of the solution would be much higher. The device SERVER001 is "trustworthy" because it meets the hardware requirements but its operating system must be upgraded. It also requires antivirus software. The projected cost is the amount of effort that is required to upgrade the operating system and install antivirus software, along with their purchase costs. -With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section. +With the other information that you've gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section. The costs identified in this section only capture the projected cost of the device upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan. diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index dfb2391789..f246825b19 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -22,6 +22,6 @@ ms.technology: windows-sec Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section. -The GPO is only for server versions of Windows. Client devices are not expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows. +The GPO is only for server versions of Windows. Client devices aren't expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows. - [GPO\_DOMISO\_Encryption](gpo-domiso-encryption.md) From 7354093948a73f41a74bd66c63403cc0a8441558 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 26 May 2022 15:31:50 -0700 Subject: [PATCH 174/540] Update network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md --- ...-security-restrict-ntlm-ntlm-authentication-in-this-domain.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 5b35621c9b..0c1396e74f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 ms.technology: windows-sec --- From afa7f95d1972a9e4934a66f06e1bc01d77614bcf Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Fri, 27 May 2022 14:42:36 -0700 Subject: [PATCH 175/540] Update windows/deployment/update/wufb-wsus.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/wufb-wsus.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 6df97965dc..a93c10f142 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -57,7 +57,8 @@ To help you better understand the scan source policy, see the default scan behav > [!TIP] > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. -Note - If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who click "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. +> [!NOTE] +> If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. ## Configure the scan sources From 0c2b0bc5fdf4aebcb5860cd202def33ecf676a90 Mon Sep 17 00:00:00 2001 From: Michael Morten Sonne <49366751+michaelmsonne@users.noreply.github.com> Date: Sun, 29 May 2022 15:25:41 +0200 Subject: [PATCH 176/540] Update bitlocker-overview-and-requirements-faq.yml Add Windows 11 --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index 2b8382dfa8..df962a8ff5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -23,6 +23,7 @@ title: BitLocker Overview and Requirements FAQ summary: | **Applies to** - Windows 10 + - Windows 11 sections: From 0dfd31ea4be36b1ce71afa70eec8609cbd018f09 Mon Sep 17 00:00:00 2001 From: Michael Morten Sonne <49366751+michaelmsonne@users.noreply.github.com> Date: Sun, 29 May 2022 15:28:41 +0200 Subject: [PATCH 177/540] Update bitlocker-overview.md Change titel --- .../information-protection/bitlocker/bitlocker-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index a5d4bf4e49..41c1be27f1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -1,5 +1,5 @@ --- -title: BitLocker (Windows 10) +title: BitLocker description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features. ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2 ms.author: dansimp @@ -102,4 +102,4 @@ When installing the BitLocker optional component on a server you will also need | [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 11, Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. | | [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. | | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| -| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core | \ No newline at end of file +| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core | From 91c9cad165c61a12e18e6d1e759d6cc285bafd09 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Mon, 30 May 2022 18:18:12 +0530 Subject: [PATCH 178/540] improved the consistency in articles --- .../client-management/mdm/policy-csp-power.md | 24 ++++++----- .../mdm/policy-csp-printers.md | 43 +++++++++++-------- .../mdm/policy-csp-privacy.md | 42 ++++++------------ .../mdm/policy-csp-remoteassistance.md | 33 ++++++++------ .../mdm/policy-csp-remotedesktop.md | 8 +++- .../mdm/policy-csp-remotedesktopservices.md | 22 +++++----- 6 files changed, 88 insertions(+), 84 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 30eb1c679f..5976b7128d 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -93,11 +93,11 @@ manager: dansimp > [!TIP] -> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -341,7 +341,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat If you disable or don't configure this policy setting, users control this setting. -If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -500,7 +500,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat If you disable or don't configure this policy setting, users control this setting. -If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -548,11 +548,10 @@ If you enable this policy setting, you must provide a value, in seconds, indicat If you disable or don't configure this policy setting, users control this setting. -If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. - ADMX Info: - GP Friendly name: *Specify the system hibernate timeout (plugged in)* @@ -1103,7 +1102,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat If you disable or don't configure this policy setting, users control this setting. -If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. @@ -1163,8 +1162,8 @@ ADMX Info: The following are the supported values for Hybrid sleep (on battery): -- 0 - no hibernation file for sleep (default) -- 1 - hybrid sleep +- 0 - no hibernation file for sleep (default). +- 1 - hybrid sleep. @@ -1221,8 +1220,8 @@ ADMX Info: The following are the supported values for Hybrid sleep (plugged in): -- 0 - no hibernation file for sleep (default) -- 1 - hybrid sleep +- 0 - no hibernation file for sleep (default). +- 1 - hybrid sleep. @@ -1353,3 +1352,6 @@ Default value for unattended sleep timeout (plugged in): +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 48b7f7722b..5ca2bba194 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -15,7 +15,6 @@ manager: dansimp # Policy CSP - Printers -
    @@ -46,11 +45,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -105,7 +104,8 @@ manager: dansimp This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. + This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled. The format of this setting is `/[,/]` @@ -176,7 +176,8 @@ ADMX Info: This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. + This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled. The format of this setting is `/[,/]` @@ -244,7 +245,8 @@ ADMX Info: This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. + This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. The default value of the policy will be Unconfigured. @@ -253,7 +255,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. - @@ -320,7 +321,8 @@ ADMX Info: This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. + This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. The default value of the policy will be Unconfigured. @@ -329,7 +331,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. - @@ -382,9 +383,9 @@ If you don't configure this policy setting: - Windows Vista client computers can point and print to any server. -- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. +- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print. -- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. +- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated. - Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. @@ -392,9 +393,9 @@ If you disable this policy setting: - Windows Vista client computers can create a printer connection to any server using Point and Print. -- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. +- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print. -- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. +- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated. - Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. @@ -465,9 +466,9 @@ If you don't configure this policy setting: - Windows Vista client computers can point and print to any server. -- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. +- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print. -- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. +- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated. - Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. @@ -475,9 +476,9 @@ If you disable this policy setting: - Windows Vista client computers can create a printer connection to any server using Point and Print. -- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. +- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print. -- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. +- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated. - Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. @@ -524,11 +525,12 @@ ADMX Info: Determines whether the computer's shared printers can be published in Active Directory. -If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. +If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' on the Sharing tab, to publish shared printers in Active Directory. If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available. -Note: This setting takes priority over the setting "Automatically publish new printers in the Active Directory". +> [!NOTE] +> This setting takes priority over the setting "Automatically publish new printers in the Active Directory". @@ -545,3 +547,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 0bcba72d88..9be580547c 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -15,7 +15,6 @@ manager: dansimp # Policy CSP - Privacy -
    @@ -328,7 +327,6 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con > [!NOTE] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. - Most restricted value is 0. @@ -419,7 +417,7 @@ The following list shows the supported values: -Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users. +Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation, and talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users. Most restricted value is 0. @@ -523,7 +521,8 @@ The following list shows the supported values: Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users. -Value type is integer. +Supported value type is integer. + - 0 (default) - Allow the "choose privacy settings for your device" screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade. - 1 - Do not allow the "choose privacy settings for your device" screen when a new user logs in or an existing user logs in for the first time after an upgrade. @@ -591,7 +590,7 @@ ADMX Info: The following list shows the supported values: -- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled. (not published to the cloud). +- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled (not published to the cloud). - 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph. @@ -627,7 +626,6 @@ The following list shows the supported values: Specifies whether Windows apps can access account information. - Most restricted value is 2. @@ -809,7 +807,7 @@ ADMX Info: Specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background. -Value type is integer. +Supported value type is integer. @@ -864,7 +862,7 @@ The following list shows the supported values: List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. -Value type is chr. +Supported value type is chr. @@ -914,7 +912,7 @@ ADMX Info: List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. -Value type is chr. +Supported value type is chr. @@ -965,7 +963,7 @@ ADMX Info: List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. -Value type is chr. +Supported value type is chr. @@ -1012,7 +1010,6 @@ ADMX Info: Specifies whether Windows apps can access the calendar. - Most restricted value is 2. @@ -1191,7 +1188,6 @@ ADMX Info: Specifies whether Windows apps can access call history. - Most restricted value is 2. @@ -1370,7 +1366,6 @@ ADMX Info: Specifies whether Windows apps can access the camera. - Most restricted value is 2. @@ -1549,7 +1544,6 @@ ADMX Info: Specifies whether Windows apps can access contacts. - Most restricted value is 2. @@ -1728,7 +1722,6 @@ ADMX Info: Specifies whether Windows apps can access email. - Most restricted value is 2. @@ -2039,7 +2032,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use Specifies whether Windows apps can access location. - Most restricted value is 2. @@ -2218,7 +2210,6 @@ ADMX Info: Specifies whether Windows apps can read or send messages (text or MMS). - Most restricted value is 2. @@ -2397,7 +2388,6 @@ ADMX Info: Specifies whether Windows apps can access the microphone. - Most restricted value is 2. @@ -2576,7 +2566,6 @@ ADMX Info: Specifies whether Windows apps can access motion data. - Most restricted value is 2. @@ -2755,7 +2744,6 @@ ADMX Info: Specifies whether Windows apps can access notifications. - Most restricted value is 2. @@ -2934,7 +2922,6 @@ ADMX Info: Specifies whether Windows apps can make phone calls. - Most restricted value is 2. @@ -3113,7 +3100,6 @@ ADMX Info: Specifies whether Windows apps have access to control radios. - Most restricted value is 2. @@ -3460,7 +3446,6 @@ ADMX Info: Specifies whether Windows apps can access trusted devices. - Most restricted value is 2. @@ -3739,7 +3724,6 @@ The following list shows the supported values: Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. - Most restricted value is 2. @@ -3918,8 +3902,8 @@ ADMX Info: Specifies whether Windows apps can run in the background. - Most restricted value is 2. + > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. @@ -4013,7 +3997,7 @@ ADMX Info: -List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability, to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -4099,7 +4083,6 @@ ADMX Info: Specifies whether Windows apps can sync with devices. - Most restricted value is 2. @@ -4276,7 +4259,7 @@ ADMX Info: -Allows It Admins to enable publishing of user activities to the activity feed. +Allows IT Admins to enable publishing of user activities to the activity feed. @@ -4340,3 +4323,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 64c53af12c..a643911555 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -71,9 +71,9 @@ manager: dansimp This policy setting lets you customize warning messages. -The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before users share control of their computers. +The "Display warning message before sharing control" policy setting allows you to specify a custom message, to display before users share control of their computers. -The "Display warning message before connecting" policy setting allows you to specify a custom message to display before users allow a connection to their computers. +The "Display warning message before connecting" policy setting allows you to specify a custom message, to display before users allow a connection to their computers. If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice. @@ -181,7 +181,7 @@ If you enable this policy setting, you have two ways to allow helpers to provide The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open. -The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported. +The "Select the method for sending email invitations" setting specifies which email standard to use, to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista, since SMAPI is the only method supported. If you enable this policy setting, you should also enable appropriate firewall exceptions to allow Remote Assistance communications. @@ -246,23 +246,24 @@ If you enable this policy setting, you should also enable firewall exceptions to Windows Vista and later Enable the Remote Assistance exception for the domain profile. The exception must contain: -Port 135:TCP -%WINDIR%\System32\msra.exe -%WINDIR%\System32\raserver.exe + +- Port 135:TCP +- %WINDIR%\System32\msra.exe +- %WINDIR%\System32\raserver.exe Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) -Port 135:TCP -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe -%WINDIR%\System32\Sessmgr.exe +- Port 135:TCP +- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe +- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe +- %WINDIR%\System32\Sessmgr.exe For computers running Windows Server 2003 with Service Pack 1 (SP1) -Port 135:TCP -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe -Allow Remote Desktop Exception +- Port 135:TCP +- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe +- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe +- Allow Remote Desktop Exception @@ -278,3 +279,7 @@ ADMX Info:
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md index 7d2559655b..b8e8e886b2 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktop.md +++ b/windows/client-management/mdm/policy-csp-remotedesktop.md @@ -59,7 +59,7 @@ manager: dansimp -This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to silently subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`. +This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`. @@ -93,7 +93,7 @@ This policy allows administrators to enable automatic subscription for the Micro -This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs. +This policy allows the user to load the DPAPI cred key from their user profile, and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs. @@ -111,3 +111,7 @@ The following list shows the supported values: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 6519b2d40c..f2a69c330a 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - RemoteDesktopServices - -
    @@ -43,11 +41,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -85,7 +83,8 @@ If you disable this policy setting, users can't connect remotely to the target c If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed. -Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. +> [!NOTE] +> You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. @@ -129,7 +128,7 @@ ADMX Info: -Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption. +Specifies whether it require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption. If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: @@ -141,9 +140,8 @@ If you enable this policy setting, all communications between clients and RD Ses If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy. -Important - -FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. +> [!IMPORTANT] +> FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level, when communications between clients and RD Session Host servers requires the highest level of encryption. @@ -343,7 +341,8 @@ If the status is set to Disabled, Remote Desktop Services always requests securi If the status is set to Not Configured, unsecured communication is allowed. -Note: The RPC interface is used for administering and configuring Remote Desktop Services. +> [!NOTE] +> The RPC interface is used for administering and configuring Remote Desktop Services. @@ -360,3 +359,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From eec403e9b2f2159d624ca7077cfe37cea7d7c0bb Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Mon, 30 May 2022 22:58:07 +0530 Subject: [PATCH 179/540] Improved consistency in the articles. --- .../mdm/policy-csp-networkisolation.md | 14 +++++------ .../mdm/policy-csp-networklistmanager.md | 5 ++-- .../mdm/policy-csp-newsandinterests.md | 11 ++++---- .../mdm/policy-csp-notifications.md | 25 +++++++++++-------- 4 files changed, 29 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 9dbb409924..f21422be16 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - NetworkIsolation - -
    @@ -48,7 +46,6 @@ manager: dansimp -
    @@ -174,7 +171,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -Integer value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. +Integer value that tells the client to accept the configured list and not to use heuristics to attempt and find other subnets. @@ -257,11 +254,10 @@ ADMX Info: -This list is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". +This is a list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". > [!NOTE] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client. -  Here are the steps to create canonical domain names: @@ -399,4 +395,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 1e7e152515..d91a064670 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - NetworkListManager -
    @@ -29,7 +28,6 @@ manager: dansimp -
    @@ -107,3 +105,6 @@ This policy setting provides the string that is to be used to name a network. Th +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index cb70df917f..eb9d40ab0b 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - NewsAndInterests - -
    @@ -26,8 +24,6 @@ manager: dansimp NewsAndInterests/AllowNewsAndInterests - -
    @@ -65,7 +61,7 @@ This policy specifies whether to allow the entire widgets experience, including The following are the supported values: -- 1 - Default - Allowed +- 1 - Default - Allowed. - 0 - Not allowed. @@ -82,5 +78,8 @@ ADMX Info:
    + - \ No newline at end of file +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 20823757ce..87c64b5d13 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Notifications - -
    @@ -71,7 +69,7 @@ If you enable this policy setting, applications and system features won't be abl If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application. -If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in and applications will be allowed to use periodic (polling) notifications. +If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in, and applications will be allowed to use periodic (polling) notifications. No reboots or service restarts are required for this policy setting to take effect. @@ -93,9 +91,9 @@ This setting supports a range of values between 0 and 1. Validation: -1. Enable policy -2. Reboot machine -3. Ensure that you can't receive a notification from Facebook app while FB app isn't running +1. Enable policy. +2. Reboot machine. +3. Ensure that you can't receive a notification from Facebook app while FB app isn't running. @@ -130,7 +128,7 @@ Validation: Boolean value that turns off notification mirroring. -For each user signed in to the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. +For each user signed in to the device, if you enable this policy (set value to 1), the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. No reboot or service restart is required for this policy to take effect. @@ -203,9 +201,9 @@ This setting supports a range of values between 0 and 1. Validation: -1. Enable policy -2. Reboot machine -3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile) +1. Enable policy. +2. Reboot machine. +3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile). @@ -265,7 +263,8 @@ This policy setting determines which Windows Notification Service endpoint will If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com. -Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings. +> [!NOTE] +> Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings. @@ -285,3 +284,7 @@ If the policy isn't specified, we'll default our connection to client.wns.window + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From d126554c164d44e91db293f6ac9bee47e769deaf Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Tue, 31 May 2022 12:07:57 +0530 Subject: [PATCH 180/540] Windows improper acronyms-batch01 Task 6027362: This PR contains updates for the following acronyms: --- education/windows/test-windows10s-for-edu.md | 2 +- .../manage-private-store-settings.md | 7 +++-- .../working-with-line-of-business-apps.md | 2 +- .../mdm/device-update-management.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- .../mdm/policy-csp-accounts.md | 10 +++---- .../mdm/policy-csp-mixedreality.md | 2 +- windows/client-management/quick-assist.md | 4 +-- .../windows-version-search.md | 2 +- .../do/waas-delivery-optimization.md | 30 +++++++++---------- .../update/how-windows-update-works.md | 4 +-- .../update/windows-update-error-reference.md | 4 +-- .../update/windows-update-overview.md | 4 +-- windows/deployment/upgrade/log-files.md | 2 +- .../upgrade/resolution-procedures.md | 4 +-- windows/deployment/upgrade/setupdiag.md | 2 +- .../upgrade/windows-10-edition-upgrades.md | 18 +++++------ .../upgrade/windows-10-upgrade-paths.md | 2 +- .../demonstrate-deployment-on-vm.md | 26 ++++++++-------- ...ndows-diagnostic-events-and-fields-1703.md | 6 ++-- ...ndows-diagnostic-events-and-fields-1709.md | 4 +-- ...ndows-diagnostic-events-and-fields-1803.md | 10 +++---- ...ndows-diagnostic-events-and-fields-1809.md | 14 ++++----- ...ndows-diagnostic-events-and-fields-1903.md | 16 +++++----- ...ata-windows-analytics-events-and-fields.md | 2 +- ...windows-11-diagnostic-events-and-fields.md | 14 ++++----- ...-diagnostic-data-events-and-fields-2004.md | 4 +-- windows/whats-new/ltsc/index.md | 4 +-- 28 files changed, 103 insertions(+), 100 deletions(-) diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index 87443100ce..70532ccda4 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -111,7 +111,7 @@ Back up all your data before installing Windows 10 in S mode. Only personal file Windows 10 in S mode doesn't support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts: - Local administrator -- Microsoft Account (MSA) administrator +- Microsoft account administrator - Azure Active Directory administrator > [!WARNING] diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md index 5ec635a24d..c6c6e4564c 100644 --- a/store-for-business/manage-private-store-settings.md +++ b/store-for-business/manage-private-store-settings.md @@ -50,10 +50,11 @@ You can create collections of apps within your private store. Collections allow You can add a collection to your private store from the private store, or from the details page for an app. **From private store** + 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click your private store.
    - ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png) + ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png) 3. Click **Add a Collection**.
    ![Image showing Add a Collection.](images/msfb-add-collection.png) @@ -65,6 +66,7 @@ You can add a collection to your private store from the private store, or from t > New collections require at least one app, or they will not be created. **From app details page** + 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then click **Products & services**. 3. Under **Apps & software**, choose an app you want to include in a new collection. @@ -84,12 +86,13 @@ If you've already added a Collection to your private store, you can easily add a 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click your private store.
    - ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png) + ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png) 3. Click the ellipses next to the collection name, and click **Edit collection**. 4. Add or remove products from the collection, and then click **Done**. You can also add an app to a collection from the app details page. + 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then click **Products & services**. 3. Under **Apps & software**, choose an app you want to include in a new collection. diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md index 42eda0b990..9478fd004c 100644 --- a/store-for-business/working-with-line-of-business-apps.md +++ b/store-for-business/working-with-line-of-business-apps.md @@ -45,7 +45,7 @@ You'll need to set up: - LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store. The process and timing look like this: -![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for MSFB admin, LOB publisher, and Developer.](images/lob-workflow.png) +![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for Microsoft Store for Business admin, LOB publisher, and Developer.](images/lob-workflow.png) ## Add an LOB publisher (Admin) Admins need to invite developer or ISVs to become an LOB publisher. diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 22f1b88991..c484b9a326 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -861,7 +861,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici |DeferFeatureUpdates|REG_DWORD|1: defer feature updates

    Other value or absent: don’t defer feature updates| |DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates| |PauseFeatureUpdates|REG_DWORD|1: pause feature updates

    Other value or absent: don’t pause feature updates| -|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers

    Other value or absent: offer WU drivers| +|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude Windows Update drivers

    Other value or absent: offer Windows Update drivers| Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices. diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 80655c5989..9756cc26f6 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -496,7 +496,7 @@ The status error mapping is listed below. |--- |--- | |0|Success| |1|Failure: invalid PFN| -|2|Failure: invalid or expired device authentication with MSA| +|2|Failure: invalid or expired device authentication with Microsoft account| |3|Failure: WNS client registration failed due to an invalid or revoked PFN| |4|Failure: no Channel URI assigned| |5|Failure: Channel URI has expired| diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 6f8a2bbec0..555034cd53 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -64,12 +64,12 @@ manager: dansimp -Specifies whether user is allowed to add non-MSA email accounts. +Specifies whether user is allowed to add email accounts other than Microsoft account. Most restricted value is 0. > [!NOTE] -> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. +> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. @@ -109,7 +109,7 @@ The following list shows the supported values: -Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. +Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services. Most restricted value is 0. @@ -154,10 +154,10 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. > [!NOTE] -> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). +> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). > [!NOTE] -> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. +> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 02d6f53ac3..420f8eb0b1 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi > [!NOTE] > > - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. -> - Auto-logon is only supported for MSA and AAD users. +> - Auto-logon is only supported for Microsoft account and AAD users.
    diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 9591465cfc..76b4294d2f 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -25,7 +25,7 @@ All that's required to use Quick Assist is suitable network and internet connect ### Authentication -The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported. +The helper can authenticate when they sign in by using a Microsoft account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported. ### Network considerations @@ -36,7 +36,7 @@ Both the helper and sharer must be able to reach these endpoints over port 443: | Domain/Name | Description | |--|--| | `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application | -| `*.login.microsoftonline.com` | Required for logging in to the application (MSA) | +| `*.login.microsoftonline.com` | Required for logging in to the application (Microsoft account) | | `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist | | `*.aria.microsoft.com` | Used for accessibility features within the app | | `*.api.support.microsoft.com` | API access for Quick Assist | diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md index 52a2fb766d..da6a705ba5 100644 --- a/windows/client-management/windows-version-search.md +++ b/windows/client-management/windows-version-search.md @@ -15,7 +15,7 @@ ms.topic: troubleshooting # What version of Windows am I running? -To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. +To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (GA Channel) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. ## System Properties Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md index 25a9c49bfe..9e46d92c6b 100644 --- a/windows/deployment/do/waas-delivery-optimization.md +++ b/windows/deployment/do/waas-delivery-optimization.md @@ -41,9 +41,9 @@ The following table lists the minimum Windows 10 version that supports Delivery | Device type | Minimum Windows version |------------------|---------------| -| Computers running Windows 10 | Win 10 1511 | +| Computers running Windows 10 | Windows 10 1511 | | Computers running Server Core installations of Windows Server | Windows Server 2019 | -| Windows IoT devices | Win 10 1803 | +| Windows IoT devices | Windows 10 1803 | ### Types of download content supported by Delivery Optimization @@ -51,19 +51,19 @@ The following table lists the minimum Windows 10 version that supports Delivery | Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC) |------------------|---------------|----------------|----------|----------------| -| Windows Update (feature updates quality updates, language packs, drivers) | Win 10 1511, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Windows 10 Store files | Win 10 1511, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Windows 10 Store for Business files | Win 10 1511, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Windows Defender definition updates | Win 10 1511, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Intune Win32 apps| Win 10 1709, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Microsoft 365 Apps and updates | Win 10 1709, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Edge Browser Updates | Win 10 1809, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Configuration Manager Express updates| Win 10 1709 + Configuration Manager version Win 10 1711, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Dynamic updates| Win 10 1903, Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| MDM Agent | Win 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Xbox Game Pass (PC) | Win 10 1809, Win 11 | :heavy_check_mark: | | :heavy_check_mark: | -| Windows Package Manager| Win 10 1809, Win 11 | :heavy_check_mark: | | | -| MSIX | Win 10 2004, Win 11 | :heavy_check_mark: | | | +| Windows Update (feature updates quality updates, language packs, drivers) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Windows 10 Store files | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Windows 10 Store for Business files | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Edge Browser Updates | Windows 10 1809, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version Windows 10 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Dynamic updates| Windows 10 1903, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| MDM Agent | Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Xbox Game Pass (PC) | Windows 10 1809, Windows 11 | :heavy_check_mark: | | :heavy_check_mark: | +| Windows Package Manager| Windows 10 1809, Windows 11 | :heavy_check_mark: | | | +| MSIX | Windows 10 2004, Windows 11 | :heavy_check_mark: | | | #### Windows Server diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index f666a097be..5b943421e5 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -99,7 +99,7 @@ For Windows Update (WU) scans URLs that are used for update detection ([MS-WUSP] > [!Note] > For intranet WSUS update service URLs, we provide an option via Windows Update policy to select the proxy behavior. -For WU URLs that _aren't_ used for update detection, such as for download or reporting: +For Windows Update URLs that _aren't_ used for update detection, such as for download or reporting: - User proxy is attempted. - If WUA fails to reach the service due to a certain proxy, service, or authentication error code, then the system proxy is attempted. @@ -116,7 +116,7 @@ For WU URLs that _aren't_ used for update detection, such as for download or rep |Service|ServiceId| |-------|---------| -|Unspecified / Default|WU, MU, or WSUS
    00000000-0000-0000-0000-000000000000 | +|Unspecified / Default|Windows Update, Microsoft Update, or WSUS
    00000000-0000-0000-0000-000000000000 | |Windows Update|9482F4B4-E343-43B6-B170-9A65BC822C77| |Microsoft Update|7971f918-a847-4430-9279-4a52d1efe18d| |Store|855E8A7C-ECB4-4CA3-B045-1DFA50104289| diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index ccd0fe2dc5..dec2eca8c6 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -45,8 +45,8 @@ This section lists the error codes for Microsoft Windows Update. | 0x80243002 | `WU_E_INSTALLATION_RESULTS_INVALID_DATA` | The results of download and installation could not be read from the registry due to an invalid data format. | | 0x80243003 | `WU_E_INSTALLATION_RESULTS_NOT_FOUND` | The results of download and installation are not available; the operation may have failed to start. | | 0x80243004 | `WU_E_TRAYICON_FAILURE` | A failure occurred when trying to create an icon in the taskbar notification area. | -| 0x80243FFD | `WU_E_NON_UI_MODE` | Unable to show UI when in non-UI mode; WU client UI modules may not be installed. | -| 0x80243FFE | `WU_E_WUCLTUI_UNSUPPORTED_VERSION` | Unsupported version of WU client UI exported functions. | +| 0x80243FFD | `WU_E_NON_UI_MODE` | Unable to show UI when in non-UI mode; Windows Update client UI modules may not be installed. | +| 0x80243FFE | `WU_E_WUCLTUI_UNSUPPORTED_VERSION` | Unsupported version of Windows Update client UI exported functions. | | 0x80243FFF | `WU_E_AUCLIENT_UNEXPECTED` | There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code. | | 0x8024043D | `WU_E_SERVICEPROP_NOTAVAIL` | The requested service property is not available. | diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index cd20de0565..ca12e829de 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -47,8 +47,8 @@ To understand the changes to the Windows Update architecture that UUP introduces > >Store apps aren't installed by USO, today they are separate. -- **WU Client/ UpdateAgent** - The component running on your PC. It's essentially a DLL that is downloaded to the device when an update is applicable. It surfaces the APIs needed to perform an update, including those needed to generate a list of payloads to download, as well as starts stage and commit operations. It provides a unified interface that abstracts away the underlying update technologies from the caller. -- **WU Arbiter handle**- Code that is included in the UpdateAgent binary. The arbiter gathers information about the device, and uses the CompDB(s) to output an action list. It is responsible for determining the final "composition state" of your device, and which payloads (like ESDs or packages) are needed to get your device up to date. +- **Windows Update Client/ UpdateAgent** - The component running on your PC. It's essentially a DLL that is downloaded to the device when an update is applicable. It surfaces the APIs needed to perform an update, including those needed to generate a list of payloads to download, as well as starts stage and commit operations. It provides a unified interface that abstracts away the underlying update technologies from the caller. +- **Windows Update Arbiter handle**- Code that is included in the UpdateAgent binary. The arbiter gathers information about the device, and uses the CompDB(s) to output an action list. It is responsible for determining the final "composition state" of your device, and which payloads (like ESDs or packages) are needed to get your device up to date. - **Deployment Arbiter**- A deployment manager that calls different installers. For example, CBS. Additional components include the following- diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index daf7fb1e1a..88fe7b97db 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -42,7 +42,7 @@ The following table describes some log files and how to use them for troubleshoo |setupact.log|Post-upgrade (after OOBE):
    Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.| |setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.| |miglog.xml|Post-upgrade (after OOBE):
    Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.| -|BlueBox.log|Down-Level:
    Windows\Logs\Mosetup|Contains information communication between setup.exe and Windows Update.|Use during WSUS and WU down-level failures or for 0xC1900107.| +|BlueBox.log|Down-Level:
    Windows\Logs\Mosetup|Contains information communication between setup.exe and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.| |Supplemental rollback logs:
    Setupmem.dmp
    setupapi.dev.log
    Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.
    Setupapi: Device install issues - 0x30018
    Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.| ## Log entry structure diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index d2bec5e3f1..aa86279555 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -189,5 +189,5 @@ Also see the following sequential list of modern setup (mosetup) error codes wit - [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) - [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro) - [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) -- [Win 7 to Win 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020)) -- [Win 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3) +- [Windows 7 to Windows 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020)) +- [Windows 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 505f23ab18..96000210d8 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -298,7 +298,7 @@ Each rule name and its associated unique rule identifier are listed with a descr 39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. 40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 - - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. + - Matches DPX expander failures in the down-level phase of update from Windows Update. Will output the package name, function, expression and error code. 41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. 42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 959bb7e649..17a7749691 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -57,15 +57,15 @@ X = unsupported
    | **Home > Pro for Workstations** | ![not supported.](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | | **Home > Pro Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | | **Home > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | -| **Pro > Pro for Workstations** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (MSfB) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | -| **Pro > Pro Education** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | -| **Pro > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | -| **Pro > Enterprise** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (1703 - PC)
    (1709 - MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | -| **Pro for Workstations > Pro Education** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | -| **Pro for Workstations > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | -| **Pro for Workstations > Enterprise** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (1703 - PC)
    (1709 - MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | -| **Pro Education > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | -| **Enterprise > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | +| **Pro > Pro for Workstations** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (Microsoft Store for Business) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | +| **Pro > Pro Education** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (Microsoft Store for Business) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | +| **Pro > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (Microsoft Store for Business) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | +| **Pro > Enterprise** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (1703 - PC)
    (1709 - Microsoft Store for Business) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | +| **Pro for Workstations > Pro Education** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (Microsoft Store for Business) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | +| **Pro for Workstations > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (Microsoft Store for Business) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | +| **Pro for Workstations > Enterprise** | ![supported, no reboot.](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png)
    (1703 - PC)
    (1709 - Microsoft Store for Business) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | +| **Pro Education > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (Microsoft Store for Business) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | +| **Enterprise > Education** | ![supported, reboot required.](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png)
    (Microsoft Store for Business) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) | > [!NOTE] > - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md) diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 46541e996a..eb5de29561 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -30,7 +30,7 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi - **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options. - You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`. + You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 GA Channel product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`. - **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index f0e2079b1c..b942f83a14 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -396,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s ## Register your VM -Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than MSfB. +Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than Microsoft Store for Business. ### Autopilot registration using Intune @@ -430,7 +430,7 @@ Optional: see the following video for an overview of the process. > [!video https://www.youtube.com/embed/IpLIZU_j7Z0] -First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one. +First, you need a Microsoft Store for Business account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one. Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) with your test account, select **Sign in** on the upper-right-corner of the main page. @@ -445,16 +445,16 @@ Select the **Add devices** link to upload your CSV file. A message appears that ## Create and assign a Windows Autopilot deployment profile > [!IMPORTANT] -> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only *pick one for the purposes of this lab*: +> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or Microsoft Store for Business. Both processes are shown here, but only *pick one for the purposes of this lab*: Pick one: - [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) -- [Create profiles using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) +- [Create profiles using Microsoft Store for Business](#create-a-windows-autopilot-deployment-profile-using-msfb) ### Create a Windows Autopilot deployment profile using Intune > [!NOTE] -> Even if you registered your device in MSfB, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list. +> Even if you registered your device in Microsoft Store for Business, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list. ![Devices.](images/enroll4.png) @@ -533,13 +533,13 @@ Select **OK**, and then select **Create**. If you already created and assigned a profile via Intune with the steps immediately above, then skip this section. -A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below. +A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in Microsoft Store for Business. These steps are also summarized below. First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab. Select **Manage** from the top menu, then select **Devices** from the left navigation tree. -![MSfB manage.](images/msfb-manage.png) +![Microsoft Store for Business manage.](images/msfb-manage.png) Select the **Windows Autopilot Deployment Program** link in the **Devices** tile. @@ -548,17 +548,17 @@ To CREATE the profile: Select your device from the **Devices** list: > [!div class="mx-imgBorder"] -> ![MSfB create step 1.](images/msfb-create1.png) +> ![Microsoft Store for Business create step 1.](images/msfb-create1.png) On the Autopilot deployment dropdown menu, select **Create new profile**: > [!div class="mx-imgBorder"] -> ![MSfB create step 2.](images/msfb-create2.png) +> ![Microsoft Store for Business create step 2.](images/msfb-create2.png) Name the profile, choose your desired settings, and then select **Create**: > [!div class="mx-imgBorder"] -> ![MSfB create step 3.](images/msfb-create3.png) +> ![Microsoft Store for Business create step 3.](images/msfb-create3.png) The new profile is added to the Autopilot deployment list. @@ -567,12 +567,12 @@ To ASSIGN the profile: To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown: > [!div class="mx-imgBorder"] -> ![MSfB assign step 1.](images/msfb-assign1.png) +> ![Microsoft Store for Business assign step 1.](images/msfb-assign1.png) To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column: > [!div class="mx-imgBorder"] -> ![MSfB assign step 2.](images/msfb-assign2.png) +> ![Microsoft Store for Business assign step 2.](images/msfb-assign2.png) > [!IMPORTANT] > The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. @@ -609,7 +609,7 @@ Windows Autopilot takes over to automatically join your device into Azure AD and ## Remove devices from Autopilot -To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it. Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below. +To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or Microsoft Store for Business, and then reset it. Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below. ### Delete (deregister) Autopilot device diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index fe5f9e9510..c6ded941c3 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1584,9 +1584,9 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -4281,7 +4281,7 @@ The following fields are available: - **DeviceModel** What is the device model. - **DeviceOEM** What OEM does this device belong to. - **DownloadPriority** The priority of the download activity. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. +- **DownloadScenarioId** A unique ID for a given download used to tie together Windows Update and DO events. - **DriverPingBack** Contains information about the previous driver and system state. - **Edition** Indicates the edition of Windows being used. - **EventInstanceID** A globally unique identifier for event instance. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index f20bf940f2..8df5ccd434 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -1681,9 +1681,9 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update(WU) updates to other devices on the same network. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index fc82f5a509..14bed98da4 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1829,9 +1829,9 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -6126,7 +6126,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **HostOSBuildNumber** The build number of the previous operating system. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. @@ -8188,7 +8188,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. - **MitigationScenario** The update scenario in which the mitigation was executed. @@ -8210,7 +8210,7 @@ This event sends data specific to the FixupEditionId mitigation used for OS upda The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **EditionIdUpdated** Determine whether EditionId was changed. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index e660f2df49..406fa55f82 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -2574,9 +2574,9 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -4236,7 +4236,7 @@ The following fields are available: - **FlightId** The ID of the Windows Insider build the device received. - **InstallDate** The date the driver was installed. - **InstallFlags** The driver installation flags. -- **OptionalData** Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.) +- **OptionalData** Metadata specific to Windows Update (WU) associated with the driver (flight IDs, recovery IDs, etc.) - **RebootRequired** Indicates whether a reboot is required after the installation. - **RollbackPossible** Indicates whether this driver can be rolled back. - **WuTargetedHardwareId** Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update. @@ -7554,7 +7554,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **HostOSBuildNumber** The build number of the previous operating system. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. @@ -9816,7 +9816,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique GUID that identifies each instances of setuphost.exe. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. - **MitigationScenario** The update scenario in which the mitigation was executed. @@ -9838,7 +9838,7 @@ This event sends data specific to the FixupEditionId mitigation used for OS upda The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **EditionIdUpdated** Determine whether EditionId was changed. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. @@ -9861,7 +9861,7 @@ This event sends data specific to the FixupWimmountSysPath mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **ImagePathDefault** Default path to wimmount.sys driver defined in the system registry. - **ImagePathFixedup** Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 2dd8d27ae5..fc4d236e62 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -2775,10 +2775,10 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WULCUVersion** Version of the LCU Installed on the machine. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -4337,7 +4337,7 @@ The following fields are available: - **FlightId** The ID of the Windows Insider build the device received. - **InstallDate** The date the driver was installed. - **InstallFlags** The driver installation flags. -- **OptionalData** Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.) +- **OptionalData** Metadata specific to Windows Update (WU) associated with the driver (flight IDs, recovery IDs, etc.) - **RebootRequired** Indicates whether a reboot is required after the installation. - **RollbackPossible** Indicates whether this driver can be rolled back. - **WuTargetedHardwareId** Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update. @@ -7722,7 +7722,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **HostOSBuildNumber** The build number of the previous operating system. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. @@ -9395,7 +9395,7 @@ The following fields are available: - **updaterCmdLine** The command line requested by the updater. - **updaterId** The ID of the updater that requested the work. -- **wuDeviceid** WU device ID. +- **wuDeviceid** Windows Update device ID. ### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkNonSystem @@ -9840,7 +9840,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. - **MitigationScenario** The update scenario in which the mitigation was executed. @@ -9862,7 +9862,7 @@ This event sends data specific to the FixupEditionId mitigation used for OS upda The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **EditionIdUpdated** Determine whether EditionId was changed. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. @@ -9885,7 +9885,7 @@ This event sends data specific to the FixupWimmountSysPath mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **ImagePathDefault** Default path to wimmount.sys driver defined in the system registry. - **ImagePathFixedup** Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation. diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index c867fe681a..766e8b0870 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -119,7 +119,7 @@ Collects Office metadata through UTC to compare with equivalent data collected t Applicable to all Win32 applications. Helps us understand the status of the update process of the office suite (Success or failure with error details). - **build:** App version -- **channel:** Is this part of SAC or SAC-T? +- **channel:** Is this part of GA Channel or SAC-T? - **errorCode:** What error occurred during the upgrade process? - **errorMessage:** what was the error message during the upgrade process? - **status:** Was the upgrade successful or not? diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 084f8f8a9e..49191ee0d4 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -2292,10 +2292,10 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WULCUVersion** Version of the LCU Installed on the machine. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -6022,7 +6022,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **HostOSBuildNumber** The build number of the previous operating system. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. @@ -6789,7 +6789,7 @@ The following fields are available: - **freeDiskSpaceInMB** Amount of free disk space. - **interactive** Informs if this action is caused due to user interaction. - **priority** The CPU and IO priority this action is being performed on. -- **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.). +- **provider** The provider that is being invoked to perform this action (Windows Update , Legacy UO Provider etc.). - **update** Update related metadata including UpdateId. - **uptimeMinutes** Duration USO for up for in the current boot session. - **wilActivity** Wil Activity related information. @@ -6988,7 +6988,7 @@ The following fields are available: - **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. - **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). - **DeferredUpdates** UpdateIds which are currently being deferred until a later time. -- **DriverExclusionPolicy** Indicates if policy for not including drivers with WU updates is enabled. +- **DriverExclusionPolicy** Indicates if policy for not including drivers with Windows Update (WU) updates is enabled. - **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan. - **EventInstanceID** A globally unique identifier for event instance. - **ExcludedUpdateClasses** Update classifications being excluded via policy. @@ -8139,7 +8139,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **InstanceId** Unique GUID that identifies each instances of setuphost.exe. - **MitigationScenario** The update scenario in which the mitigation was executed. @@ -8161,7 +8161,7 @@ This event sends data specific to the FixupWimmountSysPath mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FlightId** Unique identifier for each flight. - **ImagePathDefault** Default path to wimmount.sys driver defined in the system registry. - **ImagePathFixedup** Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation. diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index b37678708d..d075c45196 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -2305,10 +2305,10 @@ The following fields are available: - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). - **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. - **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network. - **WULCUVersion** Version of the LCU Installed on the machine. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index dfb0df5731..97a11a13e3 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -30,9 +30,9 @@ This topic provides links to articles with information about what's new in each ## The Long-Term Servicing Channel (LTSC) -The following table summarizes equivalent feature update versions of Windows 10 LTSC and General Availability Channel (SAC) releases. +The following table summarizes equivalent feature update versions of Windows 10 LTSC and General Availability Channel (GA Channel) releases. -| LTSC release | Equivalent SAC release | Availability date | +| LTSC release | Equivalent GA Channel release | Availability date | | --- | --- | --- | | Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 | | Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | From 01c7efbac729e25dc3587b4706f02805ddbbb81b Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Tue, 31 May 2022 19:44:11 +0530 Subject: [PATCH 181/540] improved the consistency in the articles --- ...policy-csp-localpoliciessecurityoptions.md | 294 ++++++++++-------- .../mdm/policy-csp-localusersandgroups.md | 17 +- .../mdm/policy-csp-lockdown.md | 7 +- .../client-management/mdm/policy-csp-maps.md | 6 +- .../mdm/policy-csp-memorydump.md | 6 +- .../mdm/policy-csp-messaging.md | 6 +- .../mdm/policy-csp-mixedreality.md | 48 +-- .../mdm/policy-csp-mssecurityguide.md | 9 +- .../mdm/policy-csp-msslegacy.md | 9 +- .../mdm/policy-csp-multitasking.md | 8 +- 10 files changed, 235 insertions(+), 175 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index affd8a51ea..e3be8229a3 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -201,13 +201,15 @@ manager: dansimp This policy setting prevents users from adding new Microsoft accounts on this computer. -If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. +If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer. Switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users cannot add or log on with Microsoft accounts" option, existing Microsoft account users won't be able to sign in to Windows. Selecting this option might make it impossible for an existing administrator on this computer to sign in and manage the system. If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -255,7 +257,9 @@ The following list shows the supported values: This setting allows the administrator to enable the local Administrator account. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -302,7 +306,9 @@ The following list shows the supported values: This setting allows the administrator to enable the guest Administrator account. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -352,16 +358,19 @@ Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to sign in at the computer's keyboard. -Default: Enabled. +Default: Enabled > [!WARNING] > Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can sign in by using a user account that doesn't have a password. This is especially important for portable computers. -If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services. +> +> If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services. -This setting doesn't affect sign ins that use domain accounts. -It's possible for applications that use remote interactive sign ins to bypass this setting. +This setting doesn't affect sign in that use domain accounts. +It's possible for applications that use remote interactive sign in to bypass this setting. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -372,8 +381,8 @@ GP Info: Valid values: -- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console -- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard +- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. +- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard. @@ -410,9 +419,11 @@ Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. -Default: Administrator. +Default: Administrator -Value type is string. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -455,9 +466,11 @@ Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. -Default: Guest. +Default: Guest -Value type is string. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -496,10 +509,11 @@ GP Info: -Devices: Allow undock without having to sign in. +Devices: Allow undock without having to sign in This security setting determines whether a portable computer can be undocked without having to sign in. If this policy is enabled, sign in isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must sign in and have the Remove computer from docking station privilege to undock the computer. -Default: Enabled. + +Default: Enabled > [!CAUTION] > Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. @@ -545,8 +559,8 @@ Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: -- Administrators -- Administrators and Interactive Users +- Administrators. +- Administrators and Interactive Users. Default: This policy isn't defined, and only Administrators have this ability. @@ -591,7 +605,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. -Default on servers: Enabled. +Default on servers: Enabled Default on workstations: Disabled >[!NOTE] @@ -679,10 +693,11 @@ GP Info: -Interactive Logon: Display user information when the session is locked +Interactive Logon: Display user information when the session is locked - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -693,9 +708,9 @@ GP Info: Valid values: -- 1 - User display name, domain and user names -- 2 - User display name only -- 3 - Don't display user information +- 1 - User display name, domain and user names. +- 2 - User display name only. +- 3 - Don't display user information. @@ -731,13 +746,16 @@ Valid values: Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. + If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. -Default: Disabled. +Default: Disabled -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -748,8 +766,8 @@ GP Info: Valid values: -- 0 - disabled (username will be shown) -- 1 - enabled (username won't be shown) +- 0 - disabled (username will be shown). +- 1 - enabled (username won't be shown). @@ -790,9 +808,11 @@ If this policy is enabled, the username won't be shown. If this policy is disabled, the username will be shown. -Default: Disabled. +Default: Disabled -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -803,8 +823,8 @@ GP Info: Valid values: -- 0 - disabled (username will be shown) -- 1 - enabled (username won't be shown) +- 0 - disabled (username will be shown). +- 1 - enabled (username won't be shown). @@ -845,10 +865,12 @@ If this policy is enabled on a computer, a user isn't required to press CTRL+ALT If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. -Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. -Default on stand-alone computers: Enabled. +Default on domain-computers: Enabled: At least Windows 8 / Disabled: Windows 7 or earlier. +Default on stand-alone computers: Enabled -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -859,8 +881,8 @@ GP Info: Valid values: -- 0 - disabled -- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in) +- 0 - disabled. +- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in). @@ -893,13 +915,15 @@ Valid values: -Interactive logon: Machine inactivity limit. +Interactive logon: Machine inactivity limit Windows notices inactivity of a sign-in session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. -Default: not enforced. +Default: Not enforced -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -946,11 +970,13 @@ Interactive logon: Message text for users attempting to sign in This security setting specifies a text message that is displayed to users when they sign in. -This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. +This text is often used for legal reasons. For example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. -Default: No message. +Default: No message -Value type is string. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -993,9 +1019,11 @@ Interactive logon: Message title for users attempting to sign in This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to sign in. -Default: No message. +Default: No message -Value type is string. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is string. +- Supported operations are Add, Get, Replace, and Delete. @@ -1040,16 +1068,16 @@ This security setting determines what happens when the smart card for a logged-o The options are: - No Action - Lock Workstation - Force Logoff - Disconnect if a Remote Desktop Services session +- No Action +- Lock Workstation +- Force Logoff +- Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session. If you click Force Logoff in the Properties dialog box for this policy, the user is automatically signed off when the smart card is removed. -If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation. +If you click Disconnect on a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation. > [!NOTE] > Remote Desktop Services was called Terminal Services in previous versions of Windows Server. @@ -1096,14 +1124,14 @@ GP Info: Microsoft network client: Digitally sign communications (always) -This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. +This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. -Default: Disabled. +Default: Disabled > [!Note] -> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: > - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. > - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. > - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. @@ -1152,11 +1180,11 @@ Microsoft network client: Digitally sign communications (if server agrees) This security setting determines whether the SMB client attempts to negotiate SMB packet signing. -The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server. +The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server. If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing. -Default: Enabled. +Default: Enabled > [!Note] > All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: @@ -1212,7 +1240,7 @@ If this security setting is enabled, the Server Message Block (SMB) redirector i Sending unencrypted passwords is a security risk. -Default: Disabled. +Default: Disabled @@ -1315,9 +1343,9 @@ Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB server component. -The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted. +The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted. -If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server. +If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client, unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server. Default: Disabled for member servers. Enabled for domain controllers. @@ -1373,7 +1401,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. -The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it. +The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it. If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing. @@ -1438,8 +1466,8 @@ This security option allows more restrictions to be placed on anonymous connecti Enabled: Don't allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. Disabled: No extra restrictions. Rely on default permissions. -Default on workstations: Enabled. -Default on server: Enabled. +Default on workstations: Enabled +Default on server: Enabled > [!IMPORTANT] > This policy has no impact on domain controllers. @@ -1487,7 +1515,7 @@ This security setting determines whether anonymous enumeration of SAM accounts a Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This feature is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. -Default: Disabled. +Default: Disabled @@ -1530,9 +1558,9 @@ Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: -Network access: Named pipes that can be accessed anonymously -Network access: Shares that can be accessed anonymously -Default: Enabled. +- Network access: Named pipes that can be accessed anonymously. +- Network access: Shares that can be accessed anonymously. +- Default: Enabled. @@ -1631,8 +1659,8 @@ GP Info: Valid values: -- 0 - Disabled -- 1 - Enabled (Allow Local System to use computer identity for NTLM.) +- 0 - Disabled. +- 1 - Enabled (Allow Local System to use computer identity for NTLM). @@ -1669,8 +1697,9 @@ Network security: Allow PKU2U authentication requests to this computer to use on This policy will be turned off by default on domain joined machines. This disablement would prevent online identities from authenticating to the domain joined machine. - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -1681,8 +1710,8 @@ GP Info: Valid values: -- 0 - disabled -- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.) +- 0 - disabled. +- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities). @@ -1719,9 +1748,8 @@ Network security: Don't store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database, the passwords can be compromised if the security database is attacked. - -Default on Windows Vista and above: Enabled -Default on Windows XP: Disabled. +- Default on Windows Vista and above: Enabled +- Default on Windows XP: Disabled @@ -1762,27 +1790,27 @@ GP Info: Network security LAN Manager authentication level -This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: +This security setting determines which challenge/response authentication protocol is used for network logon. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: -Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication. +- Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication. -Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. +- Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. -Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. +- Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. -Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. +- Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. -Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication). +- Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication). -Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). +- Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). -Default: +- Default: -windows XP: send LM and NTLM responses +- windows XP: send LM and NTLM responses. -Windows Server 2003: Send NTLM response only +- Windows Server 2003: Send NTLM response only. -Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only +Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only. @@ -1828,11 +1856,11 @@ This security setting allows a client device to require the negotiation of 128-b - Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated. - Require 128-bit encryption: The connection will fail if strong encryption (128-bit) isn't negotiated. -Default: +- Default: -Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. +- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. -Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. +- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. @@ -1875,14 +1903,15 @@ Network security: Minimum session security for NTLM SSP based (including secure This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: -Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated. -Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated. +- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated. -Default: +- Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated. -Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. +- Default: -Windows 7 and Windows Server 2008 R2: Require 128-bit encryption +- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. + +- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. @@ -1923,13 +1952,13 @@ GP Info: Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication -This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured. +This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication, if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured. If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication. If you don't configure this policy setting, no exceptions will be applied. -The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character. +The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions, the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character. @@ -2168,10 +2197,12 @@ When this policy is enabled, the Shut Down command is available on the Windows l When this policy is disabled, the option to shut down the computer doesn't appear on the Windows logon screen. In this case, users must be able to sign in to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. -Default on workstations: Enabled. -Default on servers: Disabled. +- Default on workstations: Enabled. +- Default on servers: Disabled. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2182,8 +2213,8 @@ GP Info: Valid values: -- 0 - disabled -- 1 - enabled (allow system to be shut down without having to sign in) +- 0 - disabled. +- 1 - enabled (allow system to be shut down without having to sign in). @@ -2224,7 +2255,7 @@ Virtual memory support uses a system pagefile to swap pages of memory to disk wh When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. -Default: Disabled. +Default: Disabled @@ -2273,7 +2304,9 @@ Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2284,8 +2317,8 @@ GP Info: Valid values: -- 0 - disabled -- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop) +- 0 - disabled. +- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop). @@ -2340,7 +2373,9 @@ The options are: - 5 - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2380,9 +2415,12 @@ GP Info: User Account Control: Behavior of the elevation prompt for standard users + This policy setting controls the behavior of the elevation prompt for standard users. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2394,9 +2432,9 @@ GP Info: The following list shows the supported values: -- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. +- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user, may choose this setting to reduce help desk calls. - 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. -- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. +- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. @@ -2435,9 +2473,9 @@ This policy setting controls the behavior of application installation detection The options are: -Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. +- Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. -Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. +- Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. @@ -2478,13 +2516,15 @@ GP Info: User Account Control: Only elevate executable files that are signed and validated -This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. +This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run, by adding certificates to the Trusted Publishers certificate store on local computers. The options are: - 0 - Disabled: (Default) Doesn't enforce PKI certification path validation before a given executable file is permitted to run. - 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2525,7 +2565,7 @@ GP Info: User Account Control: Only elevate UIAccess applications that are installed in secure locations -This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations: +This policy setting controls, whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations: - .\Program Files\, including subfolders - .\Windows\system32\ @@ -2538,7 +2578,9 @@ The options are: - 0 - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system. - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2587,10 +2629,11 @@ The options are: > [!NOTE] > If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced. -- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. +- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately, to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2637,7 +2680,9 @@ The options are: - 0 - Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used. - 1 - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2727,7 +2772,9 @@ User Account Control: Virtualize file and registry write failures to per-user lo This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. +This policy supports the following: +- Supported value type is integer. +- Supported operations are Add, Get, Replace, and Delete. @@ -2746,5 +2793,8 @@ The following list shows the supported values:
    - + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index fb1249a953..92bc370601 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -25,7 +25,6 @@ manager: dansimp -
    @@ -41,7 +40,6 @@ manager: dansimp |Enterprise|Yes|Yes| |Education|Yes|Yes| -
    @@ -86,7 +84,7 @@ where: > [!NOTE] > When specifying member names of the user accounts, you must use following format – AzureAD\userUPN. For example, "AzureAD\user1@contoso.com" or "AzureAD\user2@contoso.co.uk". For adding Azure AD groups, you need to specify the Azure AD Group SID. Azure AD group names are not supported with this policy. -for more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea). +For more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea). See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles. @@ -94,7 +92,7 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura > - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](/graph/api/resources/group?view=graph-rest-1.0&preserve-view=true#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. > - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct. > - `` is not valid for the R (Restrict) action and will be ignored if present. -> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present. +> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that, if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present. @@ -120,7 +118,7 @@ The following example updates the built-in administrators group with AAD account Example 2: Replace / Restrict the built-in administrators group with an AAD user account. > [!NOTE] -> When using ‘R’ replace option to configure the built-in ‘Administrators’ group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. +> When using ‘R’ replace option to configure the built-in ‘Administrators’ group. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. Example: ```xml @@ -132,6 +130,7 @@ Example:     ``` + Example 3: Update action for adding and removing group members on a hybrid joined machine. The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. @@ -147,7 +146,6 @@ The following example shows how you can update a local group (**Administrators** ``` - @@ -157,7 +155,7 @@ The following example shows how you can update a local group (**Administrators** > [!NOTE] > -> When AAD group SID’s are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device: +> When AAD group SID’s are added to local groups, AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device: > > - Administrators > - Users @@ -296,5 +294,8 @@ To troubleshoot Name/SID lookup APIs:     ``` - + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 90a9dc1bf5..5575589005 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - LockDown -
    @@ -26,7 +25,6 @@ manager: dansimp -
    @@ -57,7 +55,7 @@ manager: dansimp Allows the user to invoke any system user interface by swiping in from any screen edge using touch. -The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. +The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied, and then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange, that will also be disabled. @@ -80,3 +78,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index c2cb4d83fd..e1747fd006 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Maps - -
    @@ -30,7 +28,6 @@ manager: dansimp -
    @@ -128,3 +125,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md index eea0f98401..eba2e08420 100644 --- a/windows/client-management/mdm/policy-csp-memorydump.md +++ b/windows/client-management/mdm/policy-csp-memorydump.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - MemoryDump - -
    @@ -30,7 +28,6 @@ manager: dansimp -
    @@ -115,3 +112,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 7c01fe7a99..1f7f7a0a90 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Messaging - -
    @@ -27,7 +25,6 @@ manager: dansimp -
    @@ -80,3 +77,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 02d6f53ac3..f973cffd3c 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -68,12 +68,12 @@ Steps to use this policy correctly: 1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays 1. The value can be between min / max allowed. 1. Enroll HoloLens devices and verify both configurations get applied to the device. -1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. +1. Let Azure AD user 1 sign-in, when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. 1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. 1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted. > [!NOTE] -> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments. +> Until step 4 is performed for a Azure AD, user will experience failure behavior mentioned similar to “disconnected” environments.
    @@ -90,14 +90,14 @@ Steps to use this policy correctly: |HoloLens 2|Yes| -This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in. +This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in. When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon. The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser` -String value +Supported value is String. - User with the same email address will have autologon enabled. @@ -105,7 +105,7 @@ On a device where this policy is configured, the user specified in the policy wi > [!NOTE] > -> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. + - Some events such as major OS updates may require the specified user to logon to the device again, to resume auto-logon behavior. > - Auto-logon is only supported for MSA and AAD users. @@ -121,7 +121,7 @@ On a device where this policy is configured, the user specified in the policy wi -This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. +This policy setting controls, for how many days Azure AD group membership cache is allowed to be used for the Assigned Access configurations, targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. @@ -129,7 +129,7 @@ This policy setting controls for how many days Azure AD group membership cache i -- Integer value +Supported value is Integer. Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days). @@ -169,7 +169,7 @@ This policy setting controls if pressing the brightness button changes the brigh -- Boolean value +Supported values is Boolean. The following list shows the supported values: @@ -204,7 +204,7 @@ The following list shows the supported values: -This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:). +This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:). @@ -212,7 +212,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that -- Integer value +Supported value is Integer. - 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system. - 1 Force off - Moving platform is disabled and can't be changed by user. @@ -246,7 +246,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that -This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens. +This policy setting controls, when and if diagnostic logs can be collected using specific button combination on HoloLens. @@ -254,13 +254,13 @@ This policy setting controls when and if diagnostic logs can be collected using -- Integer value +Supporting value is Integer. The following list shows the supported values: -- 0 - Disabled -- 1 - Enabled for device owners -- 2 - Enabled for all (Default) +- 0 - Disabled. +- 1 - Enabled for device owners. +- 2 - Enabled for all (Default). @@ -298,12 +298,12 @@ This policy configures behavior of HUP to determine, which algorithm to use for -- Boolean value +Supporting value is Boolean. The following list shows the supported values: -- 0 - Feature – Default feature based / SLAM-based tracker (Default) -- 1 - Constellation – LR constellation based tracker +- 0 - Feature – Default feature based / SLAM-based tracker (Default). +- 1 - Constellation – LR constellation based tracker. @@ -341,7 +341,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not -- Boolean value +Supporting value is Boolean. The following list shows the supported values: @@ -384,7 +384,7 @@ This policy setting controls if pressing the volume button changes the volume or -- Boolean value +Supporting value is Boolean. The following list shows the supported values: @@ -419,7 +419,7 @@ The following list shows the supported values: -This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before. +This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in, if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in, if no other user has logged in on the device before. @@ -427,7 +427,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis -- Boolean value +Supported value is Boolean. The following list shows the supported values: @@ -439,3 +439,7 @@ The following list shows the supported values:
    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 812c96e877..f7c6879eaa 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -15,7 +15,6 @@ manager: dansimp # Policy CSP - MSSecurityGuide -
    @@ -43,11 +42,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -287,6 +286,8 @@ ADMX Info:
    - +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index 6f71a563e4..737cfa3e12 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - MSSLegacy -
    @@ -36,11 +35,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -201,6 +200,8 @@ ADMX Info:
    - +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index 1bd998b15e..ff8adf1d47 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -25,7 +25,6 @@ manager: dansimp -
    @@ -66,11 +65,11 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled, > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -96,3 +95,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 991ec8c7b737ad74baf6aad1c32e4fe2a57846c6 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 31 May 2022 08:25:28 -0700 Subject: [PATCH 182/540] edits --- .../update/update-compliance-v2-configuration-manual.md | 1 + .../update/update-compliance-v2-configuration-mem.md | 1 + .../update/update-compliance-v2-configuration-script.md | 1 + windows/deployment/update/update-compliance-v2-enable.md | 2 +- windows/deployment/update/update-compliance-v2-overview.md | 2 +- .../update/update-compliance-v2-prerequisites.md | 2 +- .../update/update-compliance-v2-schema-ucclient.md | 2 +- .../update-compliance-v2-schema-ucclientupdatestatus.md | 2 +- .../update/update-compliance-v2-schema-ucdevicealert.md | 2 +- .../update-compliance-v2-schema-ucserviceupdatestatus.md | 2 +- .../update/update-compliance-v2-schema-ucupdatealert.md | 2 +- windows/deployment/update/update-compliance-v2-schema.md | 2 +- windows/deployment/update/update-compliance-v2-use.md | 2 +- windows/deployment/update/update-status-admin-center.md | 7 +++++-- 14 files changed, 18 insertions(+), 12 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index c305ca5636..198d2b4064 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -13,6 +13,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article +ms.date: 05/31/2022 --- # Manually Configuring Devices for Update Compliance (preview) diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 30da7d5a9d..c18fb472ee 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -13,6 +13,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article +ms.date: 05/31/2022 --- # Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 07305526c7..437951d30e 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -13,6 +13,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article +ms.date: 05/31/2022 --- # Configuring devices through the Update Compliance (preview) Configuration Script diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index f14f6d2bc0..784f3f16cd 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -date: 05/07/2022 +ms.date: 05/31/2022 --- # Enable Update Compliance diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index b819ec3085..f5baf581ed 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 05/07/2022 +ms.date: 05/31/2022 --- # Update Compliance overview diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index f774a20c8c..5779606a96 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -date: 05/07/2022 +ms.date: 05/31/2022 --- # Update Compliance prerequisites diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md index d6f422c3de..8464daf8cc 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # UCClient diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index 225dab4ad3..8152246ded 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # UCClientUpdateStatus diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index 0573b183dd..1e7e135ef3 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # UCDeviceAlert diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index ad821324d5..dd20ce0322 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # UCServiceUpdateStatus diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index ddca56923d..c59bff8d14 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # UCUpdateAlert diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index 26dc6e98ab..c6e014b7bb 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -date: 05/07/2022 +ms.date: 05/31/2022 --- # Update Compliance version 2 schema diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index 6ad9a5f5c9..7087294293 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -date: 05/07/2022 +ms.date: 05/31/2022 --- # Use Update Compliance (preview) diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 89f50b019f..609ffaf308 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -46,8 +46,8 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos ## Get started -1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in. -1. Expand **Health**, then select **Software Updates**. +1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in. +1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu. 1. In the **Software Updates** page, select the **Windows** tab. 1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance: @@ -56,6 +56,9 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos 1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**. 1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts. +> [!Tip] +> If you don't see an entry for Software updates (Preview) in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates). + ## The Windows tab The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. The Update Compliance data that populates these charts refreshes every 24 hours. For more information, see [Update Compliance data latency](update-compliance-v2-use.md#update-compliance-data-latency). From 08b0fdea57843f54c6f04d3047c55651154db4e8 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 31 May 2022 08:40:02 -0700 Subject: [PATCH 183/540] edits --- .../update/update-compliance-v2-enable.md | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index 784f3f16cd..c912b15042 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -47,8 +47,7 @@ Update Compliance uses an [Azure Log Analytics workspaces](/azure/azure-monitor/ - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspace, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions). -> [!Note] -> The `CommercialID` for the Log Analytics workspace is no longer required when configuring your clients. + ### Add the Update Compliance solution to the Log Analytics workspace @@ -57,7 +56,7 @@ Update Compliance is offered as an Azure Marketplace application that's linked t 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page. 1. Select **Get it now**. 1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/[support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure. -1. Sign into the Azure portal to finish creating the Update Compliance solution. +1. Sign into the [Azure portal](https://portal.azure.com) to finish creating the Update Compliance solution. 1. Select the following settings: - **Subscription**: The Azure subscription to use. - **Resource group**: Select or [create a resource group](/azure/azure-resource-manager/management/manage-resource-groups-portal) for the Update Compliance solution. @@ -68,6 +67,22 @@ Update Compliance is offered as an Azure Marketplace application that's linked t > [!Note] > You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported. +### Get the Commercial ID for the Update Compliance solution + +The **Commercial ID** directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance. + +1. If needed, sign into the [Azure portal](https://portal.azure.com). +1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input. +1. Select **Log Analytics workspaces**. +1. Select the Log Analytics workspace that you added the Update Compliance solution to. +1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(<Log Analytics workspace name>)** to go to the summary page for the solution. +1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(<Log Analytics workspace name>)** summary page. +1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance. + + > [!Warning] + > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and so can result in data loss. + + ## Next steps Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods: From 93ca4045a0270658f4f05abda27b7e488c03d376 Mon Sep 17 00:00:00 2001 From: Harman Thind <63820404+hathin@users.noreply.github.com> Date: Tue, 31 May 2022 08:52:31 -0700 Subject: [PATCH 184/540] Update check name Windows 10 update rings to Update rings for Windows 10 or later --- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 8dff734be5..eeb5801be0 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -38,7 +38,7 @@ This setting must be turned on to avoid a "lack of permissions" error when we in | ----- | ----- | | Not ready | Allow access to unlicensed admins should be turned on. Without this setting enabled, errors can occur when we try to access your Azure AD organization for service. You can safely enable this setting without worrying about security implications. The scope of access is defined by the roles assigned to users, including our operations staff.

    For more information, see [Unlicensed admins](/mem/intune/fundamentals/unlicensed-admins). | -### Windows 10 update rings +### Update rings for Windows 10 or later Your "Windows 10 update ring" policy in Intune must not target any Windows Autopatch devices. From 6b921fcebdd66d577717d10392f442e5de9abc69 Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Tue, 31 May 2022 09:14:40 -0700 Subject: [PATCH 185/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index b26beb9800..9e7ad1053b 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -40,14 +40,14 @@ RemoteWipe --------Status ``` **doWipe** -Specifies that a remote wipe of the device should be performed. A remote wipe is the equivalent of running "Reset this PC > Remove everything" from the Settings app. The return status code indicates whether the device accepted the Exec command. +Specifies that a remote reset of the device should be started. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the reset will not automatically be retried. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. Supported operation is Exec. **doWipePersistProvisionedData** -Specifies that provisioning data should be backed up to a persistent location, and then a remote wipe of the device should be performed. +Specifies that provisioning data should be backed up to a persistent location, and then a remote doWipe reset of the device should be started. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -56,14 +56,14 @@ Supported operation is Exec. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. **doWipeProtected** -Added in Windows 10, version 1703. Exec on this node performs a remote wipe on the device and fully clean the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. +Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it’s done. Because doWipeProtected will keep trying to reset the device until it's done, use doWipeProtected in lost/stolen device scenarios. Supported operation is Exec. **doWipePersistUserData** -Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. The return status code shows whether the device accepted the Exec command. +Added in Windows 10, version 1709. Exec on this node will perform a doWipe remote reset on the device, and persist user accounts and data. The return status code shows whether the device accepted the Exec command. **AutomaticRedeployment** Added in Windows 10, version 1809. Node for the Autopilot Reset operation. From 65fd817caa8451859fb44fdf8a6e728a6666d5bb Mon Sep 17 00:00:00 2001 From: themar-msft <33436507+themar-msft@users.noreply.github.com> Date: Tue, 31 May 2022 09:18:02 -0700 Subject: [PATCH 186/540] Update remotewipe-csp.md --- windows/client-management/mdm/remotewipe-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 9e7ad1053b..b76855bf76 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -24,7 +24,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen. +The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server. ``` From 4ebbc99e10eeaf827c4065f42ee46534607b6a2b Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 31 May 2022 14:04:17 -0400 Subject: [PATCH 187/540] fix url --- windows/application-management/manage-windows-mixed-reality.md | 3 --- windows/whats-new/whats-new-windows-10-version-1709.md | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 0afbea2c57..122ffdd4f1 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -31,10 +31,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 1. Download the FOD .cab file: - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab) -<<<<<<< HEAD -======= - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) ->>>>>>> 3d7341c0aad45eb7cd15ad2d4d63d4e40ca3012b - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab) - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab) - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 8d96b994b4..9df52a84b2 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -95,7 +95,7 @@ Windows Defender Application Guard hardens a favorite attacker entry-point by is ### Windows Defender Exploit Guard -Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include [Exploit protection](/microsoft-365/security/defender-endpoint/enable-exploit-protection), [Attack surface reduction protection](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide), [Controlled folder access](/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access), and [Network protection](/microsoft-365/security/defender-endpoint/enable-network-protection). +Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include [Exploit protection](/microsoft-365/security/defender-endpoint/enable-exploit-protection), [Attack surface reduction protection](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction), [Controlled folder access](/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access), and [Network protection](/microsoft-365/security/defender-endpoint/enable-network-protection). ### Windows Defender Device Guard From bdb42cc6f4b7aa8d6da6f759133e9604e9b96ad7 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 31 May 2022 15:07:12 -0400 Subject: [PATCH 188/540] add reviewed changes --- windows/deployment/deploy-m365.md | 2 +- windows/deployment/do/mcc-enterprise.md | 4 ++-- windows/deployment/do/mcc-isp.md | 2 +- .../update/olympia/olympia-enrollment-guidelines.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index fc8de8fd2c..fefe88f605 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -50,7 +50,7 @@ You can check out the Microsoft 365 deployment advisor and other resources for f >[!NOTE] >If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected. -1. [Try Microsoft 365 for free](/microsoft-365/try). +1. [Explore Microsoft 365](https://www.microsoft.com/microsoft-365/business/). 2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide). 3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview). diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index 8316d27ab3..01d1a0bc3a 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -25,7 +25,7 @@ ms.topic: article > [!IMPORTANT] > Microsoft Connected Cache is currently a private preview feature. During this phase we invite customers to take part in early access for testing purposes. This phase does not include formal support, and should not be used for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). -Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying a client policy using your management tool, such as Intune. +Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying a client policy using your management tool, such as [Intune](/mem/intune/). MCC is a hybrid (a mix of on-prem and cloud resources) SaaS solution built as an Azure IoT Edge module; it's a Docker compatible Linux container that is deployed to your Windows devices. IoT Edge for Linux on Windows (EFLOW) was chosen because it's a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. @@ -62,7 +62,7 @@ If an MCC node is unavailable, the client will pull content from CDN to ensure u ## Enterprise requirements for MCC -1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure.microsoft.com/free) and IoT Hub resource – both are free services. +1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services. Your Azure subscription ID is first used to provision MCC services, and enable access to the preview. The MCC server requirement for an Azure subscription will cost you nothing. If you do not have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/). diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md index 458c5af1b4..1e1933c2aa 100644 --- a/windows/deployment/do/mcc-isp.md +++ b/windows/deployment/do/mcc-isp.md @@ -627,7 +627,7 @@ You can use hardware that will natively run Ubuntu 20.04 LTS, or you can run an 1. Download the ISO. You can use either Ubuntu Desktop or Ubuntu Server. - [Download Ubuntu Desktop](https://ubuntu.com/download/desktop) - - [Download Ubuntu Server](https://mirror.cs.jmu.edu/pub/ubuntu-iso/20.04.2/ubuntu-20.04.2-live-server-amd64.iso) + - [Download Ubuntu Server](https://ubuntu.com/download/server) 1. Start the **New Virtual Machine Wizard** in Hyper-V. diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 5879a8ce30..213c9ef506 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -55,7 +55,7 @@ Choose one of the following two enrollment options: ### Set up an Azure Active Directory-REGISTERED Windows client device -This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure Active Directory device management FAQ](/azure/active-directory/devices/faq) for additional information. +This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure Active Directory device management FAQ](/azure/active-directory/devices/faq#azure-ad-register-faq) for additional information. 1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). From fceb36370f957b86c7d16be71121c04365456b37 Mon Sep 17 00:00:00 2001 From: lizgt2000 <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 31 May 2022 16:07:32 -0400 Subject: [PATCH 189/540] azure ad register --- .../deployment/update/olympia/olympia-enrollment-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 213c9ef506..f5d2a204e4 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -55,7 +55,7 @@ Choose one of the following two enrollment options: ### Set up an Azure Active Directory-REGISTERED Windows client device -This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure Active Directory device management FAQ](/azure/active-directory/devices/faq#azure-ad-register-faq) for additional information. +This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure AD register FAQ](/azure/active-directory/devices/faq#azure-ad-register-faq) for additional information. 1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). From 0098b0c2567f636b3a3808a1e6e3d9504b7c5a27 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 12:46:33 +0530 Subject: [PATCH 190/540] Update policy-csp-admx-remoteassistance.md --- .../mdm/policy-csp-admx-remoteassistance.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 46d52c8807..5433779640 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_RemoteAssistance -description: Policy CSP - ADMX_RemoteAssistance +description: Learn about Policy CSP - ADMX_RemoteAssistance. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -70,7 +70,7 @@ If you enable this policy setting, only computers running this version (or later If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer. -If you don't configure this policy setting, users can configure the setting in System Properties in the Control Panel. +If you don't configure this policy setting, users can configure this setting in System Properties in the Control Panel. @@ -152,4 +152,8 @@ ADMX Info:

    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 53f28734d68d725d55a12d7a0c02051496d4fd68 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:11:48 +0530 Subject: [PATCH 191/540] Update policy-csp-admx-removablestorage.md --- .../mdm/policy-csp-admx-removablestorage.md | 74 ++++++++++--------- 1 file changed, 39 insertions(+), 35 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 2c559d99c8..a823f286cf 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_RemovableStorage -description: Policy CSP - ADMX_RemovableStorage +description: Learn about Policy CSP - ADMX_RemovableStorage. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -158,7 +158,7 @@ This policy setting configures the amount of time (in seconds) that the operatin If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. -If you disable or do not configure this setting, the operating system does not force a reboot. +If you disable or don't configure this setting, the operating system does not force a reboot. > [!NOTE] > If no reboot is forced, the access right does not take effect until the operating system is restarted. @@ -208,7 +208,7 @@ This policy setting configures the amount of time (in seconds) that the operatin If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. -If you disable or do not configure this setting, the operating system does not force a reboot +If you disable or don't configure this setting, the operating system does not force a reboot > [!NOTE] > If no reboot is forced, the access right does not take effect until the operating system is restarted. @@ -258,7 +258,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl If you enable this policy setting, execute access is denied to this removable storage class. -If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -305,7 +305,7 @@ This policy setting denies read access to the CD and DVD removable storage class If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -351,7 +351,7 @@ This policy setting denies read access to the CD and DVD removable storage class If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -398,7 +398,7 @@ This policy setting denies write access to the CD and DVD removable storage clas If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -445,7 +445,7 @@ This policy setting denies write access to the CD and DVD removable storage clas If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -492,7 +492,7 @@ This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is denied to these removable storage classes. -If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. +If you disable or don't configure this policy setting, read access is allowed to these removable storage classes. @@ -539,7 +539,7 @@ This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is denied to these removable storage classes. -If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. +If you disable or don't configure this policy setting, read access is allowed to these removable storage classes. @@ -586,7 +586,7 @@ This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is denied to these removable storage classes. -If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. +If you disable or don't configure this policy setting, write access is allowed to these removable storage classes. @@ -632,7 +632,7 @@ This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is denied to these removable storage classes. -If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. +If you disable or don't configure this policy setting, write access is allowed to these removable storage classes. @@ -678,7 +678,7 @@ This policy setting denies execute access to the Floppy Drives removable storage If you enable this policy setting, execute access is denied to this removable storage class. -If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -724,7 +724,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -770,7 +770,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -816,7 +816,7 @@ This policy setting denies write access to the Floppy Drives removable storage c If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -861,7 +861,7 @@ This policy setting denies write access to the Floppy Drives removable storage c If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -907,7 +907,7 @@ This policy setting denies execute access to removable disks. If you enable this policy setting, execute access is denied to this removable storage class. -If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -952,7 +952,7 @@ This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -998,7 +998,7 @@ This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1043,7 +1043,7 @@ This policy setting denies write access to removable disks. If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!NOTE] > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." @@ -1094,7 +1094,7 @@ This policy setting takes precedence over any individual removable storage polic If you enable this policy setting, no access is allowed to any removable storage class. -If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. +If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes. @@ -1142,7 +1142,7 @@ This policy setting takes precedence over any individual removable storage polic If you enable this policy setting, no access is allowed to any removable storage class. -If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. +If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes. @@ -1188,7 +1188,7 @@ This policy setting grants normal users direct access to removable storage devic If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions. -If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions. +If you disable or don't configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions. @@ -1234,7 +1234,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl If you enable this policy setting, execute access is denied to this removable storage class. -If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. +If you disable or don't configure this policy setting, execute access is allowed to this removable storage class. @@ -1280,7 +1280,7 @@ This policy setting denies read access to the Tape Drive removable storage class If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1325,7 +1325,7 @@ This policy setting denies read access to the Tape Drive removable storage class If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1371,7 +1371,7 @@ This policy setting denies write access to the Tape Drive removable storage clas If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1416,7 +1416,7 @@ This policy setting denies write access to the Tape Drive removable storage clas If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1462,7 +1462,7 @@ This policy setting denies read access to removable disks, which may include med If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1508,7 +1508,7 @@ This policy setting denies read access to removable disks, which may include med If you enable this policy setting, read access is denied to this removable storage class. -If you disable or do not configure this policy setting, read access is allowed to this removable storage class. +If you disable or don't configure this policy setting, read access is allowed to this removable storage class. @@ -1553,7 +1553,7 @@ This policy setting denies write access to removable disks, which may include me If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1595,11 +1595,11 @@ ADMX Info: -This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. +This policy setting denies write access to removable disks that may include media players, cellular phones, auxiliary displays, and CE devices. If you enable this policy setting, write access is denied to this removable storage class. -If you disable or do not configure this policy setting, write access is allowed to this removable storage class. +If you disable or don't configure this policy setting, write access is allowed to this removable storage class. @@ -1616,4 +1616,8 @@ ADMX Info: - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From f4a1c5b9a35e2fedf66f85045e863bc240dadc99 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:22:04 +0530 Subject: [PATCH 192/540] Update policy-csp-admx-rpc.md --- .../mdm/policy-csp-admx-rpc.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 4298af2621..5215c95259 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_RPC -description: Policy CSP - ADMX_RPC +description: Learn about Policy CSP - ADMX_RPC. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -80,7 +80,7 @@ If you don't configure this policy setting, it remains disabled. It will only g If you enable this policy setting, the RPC runtime will generate extended error information. -You must select an error response type in the drop-down box. +You must select an error response type from the folowing options in the drop-down box: - "Off" disables all extended error information for all processes. RPC only generates an error code. - "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field. @@ -94,7 +94,7 @@ You must select an error response type in the drop-down box. > > The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely. > -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -147,11 +147,10 @@ If you don't configure this policy setting, it remains disabled and will generat If you enable this policy setting, then: - "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation. - - "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -210,7 +209,7 @@ If you don't configure this policy setting, it will remain disabled. The idle c If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds. > [!NOTE] -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -259,22 +258,18 @@ If you disable this policy setting, the RPC runtime defaults to "Auto2" level. If you don't configure this policy setting, the RPC defaults to "Auto2" level. -If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information. +If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following: - "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations. - - "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. - - "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. - - "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity. - - "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem. > [!NOTE] > To retrieve the RPC state information from a system that maintains it, you must use a debugging tool. > -> This policy setting will not be applied until the system is rebooted. +> This policy setting won't be applied until the system is rebooted. @@ -292,3 +287,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 4d6813093925a58fb419ee06a3105a79258669c6 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:39:17 +0530 Subject: [PATCH 193/540] Update policy-csp-admx-scripts.md --- .../mdm/policy-csp-admx-scripts.md | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 430c0d6f48..06fc58ebc7 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Scripts -description: Policy CSP - ADMX_Scripts +description: Learn about Policy CSP - ADMX_Scripts. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -149,7 +149,7 @@ If you enable this setting, then, in the Seconds box, you can type a number from This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop. -An excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. +An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. If you disable or don't configure this setting, the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This value is the default value. @@ -204,19 +204,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i GPO B and GPO C include the following computer startup scripts: -GPO B: B.cmd, B.ps1 -GPO C: C.cmd, C.ps1 +- GPO B: B.cmd, B.ps1 +- GPO C: C.cmd, C.ps1 Assume also that there are two computers, DesktopIT and DesktopSales. For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT: -Within GPO B: B.ps1, B.cmd -Within GPO C: C.ps1, C.cmd +- Within GPO B: B.ps1, B.cmd +- Within GPO C: C.ps1, C.cmd For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales: -Within GPO B: B.cmd, B.ps1 -Within GPO C: C.cmd, C.ps1 +- Within GPO B: B.cmd, B.ps1 +- Within GPO C: C.cmd, C.ps1 > [!NOTE] > This policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO: @@ -675,19 +675,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i GPO B and GPO C include the following user logon scripts: -GPO B: B.cmd, B.ps1 -GPO C: C.cmd, C.ps1 +- GPO B: B.cmd, B.ps1 +- GPO C: C.cmd, C.ps1 Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: -Within GPO B: B.ps1, B.cmd -Within GPO C: C.ps1, C.cmd +- Within GPO B: B.ps1, B.cmd +- Within GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara: -Within GPO B: B.cmd, B.ps1 -Within GPO C: C.cmd, C.ps1 +- Within GPO B: B.cmd, B.ps1 +- Within GPO C: C.cmd, C.ps1 > [!NOTE] > This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO: @@ -714,3 +714,7 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) + From 01ff66068dc5733f28abe04f1e8acdf45c594b3b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:43:49 +0530 Subject: [PATCH 194/540] Update policy-csp-admx-sdiageng.md --- .../mdm/policy-csp-admx-sdiageng.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 17ca6fbf33..7d9082639e 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_sdiageng -description: Policy CSP - ADMX_sdiageng +description: Learn about Policy CSP - ADMX_sdiageng. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -69,7 +69,7 @@ manager: dansimp This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" -If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. +If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service. @@ -116,11 +116,11 @@ ADMX Info: This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers. -If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. +If you enable or don't configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel. ->[!Note] +>[!NOTE] >This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. @@ -168,7 +168,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. -If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages. +If you disable or don't configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages. @@ -186,4 +186,6 @@ ADMX Info: +## Related topics +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 412b25f89b52c02d342b58433605d8833accf750 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:47:29 +0530 Subject: [PATCH 195/540] Update policy-csp-admx-sdiagschd.md --- .../mdm/policy-csp-admx-sdiagschd.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index 6f371c240a..1b35263fab 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_sdiagschd -description: Policy CSP - ADMX_sdiagschd +description: Learn about Policy CSP - ADMX_sdiagschd. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -64,12 +64,12 @@ manager: dansimp This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems. -- If you enable this policy setting, you must choose an execution level. +If you enable this policy setting, you must choose an execution level from the following: -If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. -If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. +- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. +- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. -- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. +If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console. @@ -89,3 +89,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From c00e4288bf74b5cf02e6abaff7fad6f5c40ac129 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:57:06 +0530 Subject: [PATCH 196/540] Update policy-csp-admx-securitycenter.md --- .../client-management/mdm/policy-csp-admx-securitycenter.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 5be970f2f5..887005fcd0 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Securitycenter -description: Policy CSP - ADMX_Securitycenter +description: Learn about Policy CSP - ADMX_Securitycenter. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -90,3 +90,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 86643ffa8187db32755a662be051122bbdf76a52 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:05:05 +0530 Subject: [PATCH 197/540] Update policy-csp-admx-sensors.md --- .../mdm/policy-csp-admx-sensors.md | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index a3aa6e151f..2849e15624 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Sensors -description: Policy CSP - ADMX_Sensors +description: Learn about Policy CSP - ADMX_Sensors. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -75,9 +75,9 @@ manager: dansimp This policy setting turns off scripting for the location feature. -If you enable this policy setting, scripts for the location feature will not run. +If you enable this policy setting, scripts for the location feature won't run. -If you disable or do not configure this policy setting, all location scripts will run. +If you disable or don't configure this policy setting, all location scripts will run. @@ -124,7 +124,7 @@ This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. -If you disable or do not configure this policy setting, all location scripts will run. +If you disable or don't configure this policy setting, all location scripts will run. @@ -171,7 +171,7 @@ This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. -If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature. +If you disable or don't configure this policy setting, all programs on this computer won't be prevented from using location information from the location feature. @@ -216,9 +216,9 @@ ADMX Info: This policy setting turns off the sensor feature for this computer. -If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. +If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature. -If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature. +If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature. @@ -263,9 +263,9 @@ ADMX Info: This policy setting turns off the sensor feature for this computer. -If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. +If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature. -If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature. +If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature. @@ -283,4 +283,8 @@ ADMX Info: - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 17c3abdb939429a8a8b40ab7984d99c6065c5fa8 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:08:40 +0530 Subject: [PATCH 198/540] Update policy-csp-admx-servermanager.md --- .../mdm/policy-csp-admx-servermanager.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 76207bded4..a14eb4488d 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_ServerManager -description: Policy CSP - ADMX_ServerManager +description: Learn about Policy CSP - ADMX_ServerManager. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -71,11 +71,11 @@ manager: dansimp -This policy setting allows you to turn off the automatic display of Server Manager at a sign in. +This policy setting allows you to turn off the automatic display of Server Manager at sign in. -- If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server. +If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server. -- If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server. +If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server. If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in. @@ -177,9 +177,9 @@ ADMX Info: This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2. -- If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server. +If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server. -- If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. +If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. If you don't configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. However, if an administrator selects the "Do not show this window at logon" option, the window isn't displayed on subsequent logons. @@ -247,3 +247,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From e77c91de7d963b2ece3e53468f4af448a3887cbe Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:11:23 +0530 Subject: [PATCH 199/540] Update policy-csp-admx-servicing.md --- windows/client-management/mdm/policy-csp-admx-servicing.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index f891376217..e4d18d9a66 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Servicing -description: Policy CSP - ADMX_Servicing +description: Learn about Policy CSP - ADMX_Servicing. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -82,3 +82,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 7940d563e9c72a9efb75ae78b881a95233b2fa84 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:17:28 +0530 Subject: [PATCH 200/540] Update policy-csp-admx-settingsync.md --- .../mdm/policy-csp-admx-settingsync.md | 37 ++++++++++--------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index cbb3b966d6..c7355a160c 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_SettingSync -description: Policy CSP - ADMX_SettingSync +description: Learn about Policy CSP - ADMX_SettingSync. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -85,11 +85,11 @@ manager: dansimp -Prevent the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings. +This policy setting prevents the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "AppSync" group won't be synced. -Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn app syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user. @@ -134,11 +134,11 @@ ADMX Info: -Prevent the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings. +This policy seting prevents the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "app settings" group won't be synced. -Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn app settings syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user. @@ -183,11 +183,11 @@ ADMX Info: -Prevent the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings. +This policy seting prevents the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "passwords" group won't be synced. -Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn passwords syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user. @@ -232,11 +232,11 @@ ADMX Info: -Prevent the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings. +This policy setting prevents the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "desktop personalization" group won't be synced. -Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn desktop personalization syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user. @@ -281,11 +281,11 @@ ADMX Info: -Prevent the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings. +This policy setting prevents the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "personalize" group won't be synced. -Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn personalize syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user. @@ -330,11 +330,11 @@ ADMX Info: -Prevent syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings. +This policy setting prevents syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings. If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC. -Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, "sync your settings" is on by default and configurable by the user. @@ -379,7 +379,7 @@ ADMX Info: -Prevent the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings. +This policy setting prevents the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "Start layout" group won't be synced. @@ -428,7 +428,7 @@ ADMX Info: -Prevent syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings. +This policy setting prevents syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings. If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection. @@ -475,11 +475,11 @@ ADMX Info: -Prevent the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings. +This policy setting prevents the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings. If you enable this policy setting, the "Other Windows settings" group won't be synced. -Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled. +Use the option "Allow users to turn other Windows settings syncing on" so that syncing it is turned off by default but not disabled. If you don't set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user. @@ -500,3 +500,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From fe1caf393dea77fdce7b5c6f0c0efaa2b87bda0a Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:19:47 +0530 Subject: [PATCH 201/540] Update policy-csp-admx-sharedfolders.md --- .../mdm/policy-csp-admx-sharedfolders.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 934216e1eb..c48eab98b9 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_SharedFolders -description: Policy CSP - ADMX_SharedFolders +description: Learn about Policy CSP - ADMX_SharedFolders. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,7 +65,7 @@ manager: dansimp This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). -If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . +If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. @@ -116,9 +116,9 @@ ADMX Info: This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). -If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. +If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. -If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. +If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. > [!NOTE] > The default is to allow shared folders to be published when this setting is not configured. @@ -141,3 +141,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 649a0a28aaadb1794bde56e13c859983997df27f Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:21:10 +0530 Subject: [PATCH 202/540] Update policy-csp-admx-sharing.md --- windows/client-management/mdm/policy-csp-admx-sharing.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 893de2b78c..9a02cd3b35 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Sharing -description: Policy CSP - ADMX_Sharing +description: Learn about Policy CSP - ADMX_Sharing. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -83,3 +83,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 3d951ed05de3f03d8fa0379623a8f0e13c3206d1 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:26:13 +0530 Subject: [PATCH 203/540] Update policy-csp-admx-shellcommandpromptregedittools.md --- ...csp-admx-shellcommandpromptregedittools.md | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index c0a99683df..e226b26906 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_ShellCommandPromptRegEditTools -description: Policy CSP - ADMX_ShellCommandPromptRegEditTools +description: Learn about Policy CSP - ADMX_ShellCommandPromptRegEditTools. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -71,13 +71,13 @@ manager: dansimp -This policy setting prevents users from running the interactive command prompt, Cmd.exe. +This policy setting prevents users from running the interactive command prompt `Cmd.exe`. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. -- If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. . +If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. . -- If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally. +If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally. > [!NOTE] > Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. @@ -125,11 +125,11 @@ ADMX Info: -This policy setting disables the Windows registry editor Regedit.exe. +This policy setting disables the Windows registry editor `Regedit.exe`. -- If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action. +If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action. -- If you disable this policy setting or don't configure it, users can run Regedit.exe normally. +If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally. To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting. @@ -176,11 +176,11 @@ ADMX Info: This policy setting limits the Windows programs that users have permission to run on the computer. -- If you enable this policy setting, users can only run programs that you add to the list of allowed applications. +If you enable this policy setting, users can only run programs that you add to the list of allowed applications. -- If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process. +If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process. -It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. +It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. @@ -229,15 +229,15 @@ ADMX Info: This policy setting prevents Windows from running the programs you specify in this policy setting. -- If you enable this policy setting, users can't run programs that you add to the list of disallowed applications. +If you enable this policy setting, users can't run programs that you add to the list of disallowed applications. -- If you disable this policy setting or don't configure it, users can run any programs. +If you disable this policy setting or don't configure it, users can run any programs. This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. -To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe). +To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe). @@ -255,3 +255,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 4733222c4a23f16943fa2600d58cd8297be8d805 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:35:16 +0530 Subject: [PATCH 204/540] Update policy-csp-admx-smartcard.md --- .../mdm/policy-csp-admx-smartcard.md | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index e694a787d9..6c6fae1e34 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Smartcard -description: Policy CSP - ADMX_Smartcard +description: Learn about Policy CSP - ADMX_Smartcard. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -108,7 +108,7 @@ manager: dansimp This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for signing in. -In versions of Windows prior to Windows Vista, smart card certificates that are used for a sign in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. +In versions of Windows, prior to Windows Vista, smart card certificates that are used for a sign-in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. If you enable this policy setting, certificates with the following attributes can also be used to sign in on with a smart card: @@ -161,7 +161,7 @@ ADMX Info: This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI). -In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature. +In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature. If you enable this policy setting, the integrated unblock feature will be available. @@ -255,9 +255,9 @@ ADMX Info: -This policy setting permits those certificates to be displayed for a sign in which are either expired or not yet valid. +This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid. -Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. +Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine. If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired. @@ -351,7 +351,11 @@ ADMX Info: -This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting, then root certificate cleanup will occur according to the option selected. If you disable or don't configure this setting then root certificate cleanup will occur on a sign out. +This policy setting allows you to manage the cleanup behavior of root certificates. + +If you enable this policy setting, then root certificate cleanup will occur according to the option selected. + +If you disable or don't configure this setting then root certificate cleanup will occur on a sign out. @@ -399,7 +403,7 @@ This policy setting allows you to manage the root certificate propagation that o If you enable or don't configure this policy setting then root certificate propagation will occur when you insert your smart card. > [!NOTE] -> For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card. +> For this policy setting to work this policy setting must also be enabled: "Turn on certificate propagation from smart card". If you disable this policy setting, then root certificates won't be propagated from the smart card. @@ -494,7 +498,7 @@ ADMX Info: -This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign in to a domain. +This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign-in to a domain. If you enable this policy setting, ECC certificates on a smart card can be used to sign in to a domain. @@ -503,6 +507,7 @@ If you disable or don't configure this policy setting, ECC certificates on a sma > [!NOTE] > This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. > If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network. + @@ -551,7 +556,7 @@ During the certificate renewal period, a user can have multiple valid logon cert If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. > [!NOTE] -> This setting will be applied after the following policy: "Allow time invalid certificates" +> This setting will be applied after this policy: "Allow time invalid certificates" If you enable or don't configure this policy setting, filtering will take place. @@ -598,9 +603,9 @@ ADMX Info: -This policy setting allows you to manage the reading of all certificates from the smart card for a sign in. +This policy setting allows you to manage the reading of all certificates from the smart card for a sign-in. -During a sign in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior. +During a sign-in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior. If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP. @@ -652,7 +657,7 @@ This policy setting allows you to manage the displayed message when a smart card If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. > [!NOTE] -> The following policy setting must be enabled: Allow Integrated Unblock screen to be displayed at the time of logon. +> The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon". If you disable or don't configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled. @@ -699,7 +704,7 @@ ADMX Info: This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in. -By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. +By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enable this policy setting or don't configure this setting, then the subject name will be reversed. @@ -846,7 +851,7 @@ ADMX Info: -This policy setting lets you determine whether an optional field will be displayed during a sign in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users. +This policy setting lets you determine whether an optional field will be displayed during a sign-in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users. If you enable this policy setting, then an optional field that allows a user to enter their user name or user name and domain will be displayed. @@ -870,3 +875,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 4160f80490c8a2809f40750ec8a9d01115f88eab Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:41:12 +0530 Subject: [PATCH 205/540] Update policy-csp-admx-snmp.md --- .../mdm/policy-csp-admx-snmp.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 93807f7856..0767b4c97c 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Snmp -description: Policy CSP - ADMX_Snmp +description: Learn about Policy CSP - ADMX_Snmp. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -75,13 +75,13 @@ A valid community is a community recognized by the SNMP service, while a communi If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community. -If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead. +If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control. > [!NOTE] > - It is good practice to use a cryptic community name. -> - This policy setting has no effect if the SNMP agent is not installed on the client computer. +> - This policy setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration". @@ -134,12 +134,12 @@ The manager is located on the host computer on the network. The manager's role i If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. -If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead. +If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead. Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control. > [!NOTE] -> This policy setting has no effect if the SNMP agent is not installed on the client computer. +> This policy setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name". @@ -192,10 +192,10 @@ This policy setting allows you to configure the name of the hosts that receive t If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community. -If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead. +If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead. > [!NOTE] -> This setting has no effect if the SNMP agent is not installed on the client computer. +> This setting has no effect if the SNMP agent isn't installed on the client computer. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name". @@ -217,3 +217,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From b24e60c5ce0dd49448cbc9a38c96a2528bf4202d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:43:20 +0530 Subject: [PATCH 206/540] Update policy-csp-admx-soundrec.md --- .../mdm/policy-csp-admx-soundrec.md | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 32c6742cfd..77dcf00f34 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_SoundRec -description: Policy CSP - ADMX_SoundRec +description: Learn about Policy CSP - ADMX_SoundRec. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,11 +65,13 @@ manager: dansimp -This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. +This policy specifies whether Sound Recorder can run. -If you enable this policy setting, Sound Recorder will not run. +Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -If you disable or do not configure this policy setting, Sound Recorder can be run. +If you enable this policy setting, Sound Recorder won't run. + +If you disable or don't configure this policy setting, Sound Recorder can run. @@ -112,11 +114,13 @@ ADMX Info: -This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. +This policy specifies whether Sound Recorder can run. -If you enable this policy setting, Sound Recorder will not run. +Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -If you disable or do not configure this policy setting, Sound Recorder can be run. +If you enable this policy setting, Sound Recorder won't run. + +If you disable or don't configure this policy setting, Sound Recorder can be run. @@ -133,3 +137,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From b25072a15d5ccd4691f5ccf3b7adf8e26873b10f Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:45:04 +0530 Subject: [PATCH 207/540] Update policy-csp-admx-srmfci.md --- windows/client-management/mdm/policy-csp-admx-srmfci.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index 62e38da1e0..125aec535d 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_srmfci -description: Policy CSP - ADMX_srmfci +description: Learn about Policy CSP - ADMX_srmfci. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,7 +65,7 @@ manager: dansimp -This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types. +This group policy setting should be set on Windows clients to enable access-denied assistance for all file types. @@ -132,3 +132,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From c9eafea76188b5100e862b55d9081e18d1d1ba0c Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:53:48 +0530 Subject: [PATCH 208/540] Improved consistency in the articles --- .../mdm/policy-csp-kerberos.md | 24 ++++++++++--------- .../mdm/policy-csp-kioskbrowser.md | 10 ++++---- .../mdm/policy-csp-lanmanworkstation.md | 14 +++++------ .../mdm/policy-csp-licensing.md | 10 ++++---- 4 files changed, 31 insertions(+), 27 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 2a8bcb33cc..21732fed2a 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Kerberos -
    @@ -54,7 +53,6 @@ manager: dansimp > > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -
    @@ -140,8 +138,8 @@ This policy allows retrieving the cloud Kerberos ticket during the sign in. Valid values: -0 (default) - Disabled. -1 - Enabled. +0 (default) - Disabled +1 - Enabled @@ -184,7 +182,7 @@ ADMX Info: -This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. +This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring, using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains that support claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition. @@ -285,9 +283,10 @@ ADMX Info: -This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller. +This policy setting controls whether a computer requires that Kerberos message exchanges being armored when communicating with a domain controller. -Warning: When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. +> [!WARNING] +> When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. @@ -341,7 +340,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. -If you disable or don't configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server. +If you disable or don't configure this policy setting, the Kerberos client requires only the KDC certificate that contains the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server. @@ -393,7 +392,7 @@ If you enable this policy setting, the Kerberos client or server uses the config If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. > [!NOTE] -> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes. +> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8, the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes. @@ -436,9 +435,9 @@ ADMX Info: -Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal. +Adds a list of domains that an Azure Active Directory joined device can attempt to contact, when it can't resolve a UPN to a principal. -Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures. +Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures, when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures. @@ -455,3 +454,6 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index fa153b1641..e5a08afafe 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - KioskBrowser - - These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). @@ -297,7 +295,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back). -Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. +Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. @@ -308,4 +306,8 @@ The value is an int 1-1440 that specifies the number of minutes the session is i
    - \ No newline at end of file + + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 68b91836e3..40e82cbc5d 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - LanmanWorkstation - -
    @@ -27,7 +25,6 @@ manager: dansimp -
    @@ -57,13 +54,13 @@ manager: dansimp -This policy setting determines if the SMB client will allow insecure guest sign ins to an SMB server. +This policy setting determines, if the SMB client will allow insecure guest sign in to an SMB server. -If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign ins. +If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign in. -If you disable this policy setting, the SMB client will reject insecure guest sign ins. +If you disable this policy setting, the SMB client will reject insecure guest sign in. -Insecure guest sign ins are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign ins are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest sign ins by default. Since insecure guest sign ins are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign ins are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign ins and configuring file servers to require authenticated access. +Insecure guest sign in are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign in are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication, and don't use insecure guest sign in by default. Since insecure guest sign in are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign in are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign in and configuring file servers to require authenticated access. @@ -83,3 +80,6 @@ This setting supports a range of values between 0 and 1. +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index dbd6e80e65..80e2f0bd5a 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Licensing - -
    @@ -30,7 +28,6 @@ manager: dansimp -
    @@ -123,8 +120,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Disabled. -- 1 – Enabled. +- 0 (default) – Disabled +- 1 – Enabled @@ -133,3 +130,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 641908b349513df7e70727aa6ba18e5b477e6882 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:55:09 +0530 Subject: [PATCH 209/540] Update policy-csp-admx-startmenu.md --- .../mdm/policy-csp-admx-startmenu.md | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 408f2231a6..78b189b308 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_StartMenu -description: Policy CSP - ADMX_StartMenu +description: Learn about Policy CSP - ADMX_StartMenu. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -306,7 +306,7 @@ ADMX Info: -Clear history of recently opened documents on exit. +This policy setting clears history of recently opened documents on exit. If you enable this setting, the system deletes shortcuts to recently used document files when the user signs out. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user signs out. @@ -503,7 +503,7 @@ ADMX Info: -This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view. +This policy setting prevents the user from searching apps, files and settings (and the web if enabled) when the user searches from the Apps view. This policy setting is only applied when the Apps view is set as the default view for Start. @@ -756,7 +756,7 @@ ADMX Info: -Disables personalized menus. +This policy seting disables personalized menus. Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that haven't been used recently. Users can display the hidden items by clicking an arrow to extend the menu. @@ -958,7 +958,7 @@ ADMX Info: -Hides pop-up text on the Start menu and in the notification area. +This policy setting hides pop-up text on the Start menu and in the notification area. When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object. @@ -1104,7 +1104,7 @@ ADMX Info: -Removes items in the All Users profile from the Programs menu on the Start menu. +This policy setting removes items in the All Users profile from the Programs menu on the Start menu. By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu. @@ -1151,7 +1151,7 @@ ADMX Info: -Prevents users from adding the Favorites menu to the Start menu or classic Start menu. +This policy setting prevents users from adding the Favorites menu to the Start menu or classic Start menu. If you enable this setting, the Display Favorites item doesn't appear in the Advanced Start menu options box. @@ -1556,7 +1556,7 @@ ADMX Info: -Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu. +This policy setting removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu. The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents. @@ -3526,3 +3526,8 @@ ADMX Info: + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 5f3e7faf9b0ce630049a95536878de236134efe2 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:58:11 +0530 Subject: [PATCH 210/540] Update policy-csp-admx-systemrestore.md --- .../mdm/policy-csp-admx-systemrestore.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index ee521b2113..3349d83359 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_SystemRestore -description: Policy CSP - ADMX_SystemRestore +description: Learn about Policy CSP - ADMX_SystemRestore. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -61,9 +61,7 @@ manager: dansimp -Allows you to disable System Restore configuration through System Protection. - -This policy setting allows you to turn off System Restore configuration through System Protection. +This policy setting allows you to disable System Restore configuration through System Protection. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting. @@ -91,3 +89,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 9f969d1037d4d34857640bfd5288eca112a0543f Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:59:55 +0530 Subject: [PATCH 211/540] Update policy-csp-admx-tabletshell.md --- .../mdm/policy-csp-admx-tabletshell.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index d4d449e3cb..2517de0c90 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_TabletShell -description: Policy CSP - ADMX_TabletShell +description: Learn about Policy CSP - ADMX_TabletShell. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -65,7 +65,7 @@ manager: dansimp -Prevents start of InkBall game. +This policy setting prevents start of InkBall game. If you enable this policy, the InkBall game won't run. @@ -113,9 +113,9 @@ ADMX Info: -Prevents printing to Journal Note Writer. +This policy setting prevents printing to Journal Note Writer. -If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail. +If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail. If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -138,3 +138,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 2e4a32cb792c3b3e035c6b6e9404aa53d05256a9 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:03:42 +0530 Subject: [PATCH 212/540] Update policy-csp-admx-taskbar.md --- .../client-management/mdm/policy-csp-admx-taskbar.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 5e6e510daf..259cfc544c 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Taskbar -description: Policy CSP - ADMX_Taskbar +description: Learn about Policy CSP - ADMX_Taskbar. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -133,7 +133,8 @@ If this setting is enabled, Notifications and Action Center isn't displayed in t If you disable or don't configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar. -A reboot is required for this policy setting to take effect. +>[!NOTE] +> A reboot is required for this policy setting to take effect. @@ -183,7 +184,8 @@ Enable this policy setting if a specific app or system component that uses ballo If you disable or don’t configure this policy setting, all notifications will appear as toast notifications. -A reboot is required for this policy setting to take effect. +>[!NOTE] +> A reboot is required for this policy setting to take effect. @@ -1142,3 +1144,7 @@ ADMX Info: + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From f7acdd33eaac71d9207567046344270611bd9b12 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:08:24 +0530 Subject: [PATCH 213/540] Update policy-csp-admx-tcpip.md --- .../mdm/policy-csp-admx-tcpip.md | 41 ++++++++----------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index f94465f1a3..227131133b 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_tcpip -description: Policy CSP - ADMX_tcpip +description: Learn about Policy CSP - ADMX_tcpip. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -196,11 +196,9 @@ If you disable or do not configure this policy setting, the local host setting i If you enable this policy setting, you can configure 6to4 with one of the following settings: -Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available. - -Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. - -Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available. +- Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available. +- Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. +- Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available. @@ -248,11 +246,9 @@ If you disable or do not configure this policy setting, the local host settings If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings: -Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options. - -Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options. - -Policy Disabled State: No IP-HTTPS interfaces are present on the host. +- Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options. +- Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectiv-ity options. +- Policy Disabled State: No IP-HTTPS interfaces are present on the host. @@ -392,11 +388,9 @@ If you disable or do not configure this policy setting, the local host setting i If you enable this policy setting, you can configure ISATAP with one of the following settings: -Policy Default State: No ISATAP interfaces are present on the host. - -Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address. - -Policy Disabled State: No ISATAP interfaces are present on the host. +- Policy Default State: No ISATAP interfaces are present on the host. +- Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address. +- Policy Disabled State: No ISATAP interfaces are present on the host. @@ -633,13 +627,10 @@ If you disable or do not configure this policy setting, the local host settings If you enable this policy setting, you can configure Teredo with one of the following settings: -Default: The default state is "Client." - -Disabled: No Teredo interfaces are present on the host. - -Client: The Teredo interface is present only when the host is not on a network that includes a domain controller. - -Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller. +- Default: The default state is "Client." +- Disabled: No Teredo interfaces are present on the host. +- Client: The Teredo interface is present only when the host is not on a network that includes a domain controller. +- Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller. @@ -705,3 +696,7 @@ ADMX Info: > + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 50ea4b45870f99e3bb65bf05bfa5fa1d74dcad5b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:12:38 +0530 Subject: [PATCH 214/540] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 448f4d16bd..b6e3a215af 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_TerminalServer -description: Policy CSP - ADMX_TerminalServer +description: Learn about Policy CSP - ADMX_TerminalServer. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -557,7 +557,7 @@ ADMX Info: This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. -This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file). +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file). If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. @@ -3329,9 +3329,7 @@ This policy setting allows you to specify whether the client will establish a co - If you enable this policy setting, you must specify one of the following settings: - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server. - - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. - - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. - If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. @@ -4706,7 +4704,9 @@ ADMX Info: This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer. + If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. + If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. @@ -4931,3 +4931,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From c03e051f23943cd9cb3cbba902d751b2cee79791 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:14:10 +0530 Subject: [PATCH 215/540] Update policy-csp-admx-thumbnails.md --- .../client-management/mdm/policy-csp-admx-thumbnails.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index c420b7243d..4cbe4a167f 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Thumbnails -description: Policy CSP - ADMX_Thumbnails +description: Learn about Policy CSP - ADMX_Thumbnails. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -163,7 +163,7 @@ ADMX Info: -Turns off the caching of thumbnails in hidden thumbs.db files. +This policy setting turns off the caching of thumbnails in hidden thumbs.db files. This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files. @@ -187,3 +187,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From d011529448a2587562733015a7b015a27cac3842 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:18:08 +0530 Subject: [PATCH 216/540] Update policy-csp-admx-touchinput.md --- .../mdm/policy-csp-admx-touchinput.md | 42 ++++++++++++------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 4876258cb8..477fec0b8c 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_TouchInput -description: Policy CSP - ADMX_TouchInput +description: Learn about Policy CSP - ADMX_TouchInput. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -71,12 +71,16 @@ manager: dansimp -Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. +This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. +If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out. +If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. + +If you don't configure this setting, touch input is on by default. + +>[!NOTE] +> Changes to this setting won't take effect until the user signs out. @@ -116,12 +120,16 @@ ADMX Info: -Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. +This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. +If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out. +If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. + +If you don't configure this setting, touch input is on by default. + +>[!NOTE] +>Changes to this setting won't take effect until the user signs out. @@ -164,11 +172,11 @@ ADMX Info: -Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. +This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -- If you enable this setting, the user won't be able to pan windows by touch. +If you enable this setting, the user won't be able to pan windows by touch. -- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. +If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. > [!NOTE] > Changes to this setting won't take effect until the user logs off. @@ -212,11 +220,11 @@ ADMX Info: -Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. +This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -- If you enable this setting, the user won't be able to pan windows by touch. +If you enable this setting, the user won't be able to pan windows by touch. -- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. +If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. > [!NOTE] > Changes to this setting won't take effect until the user logs off. @@ -237,3 +245,7 @@ ADMX Info: + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 8de20450e3c37af8561057f2d9fb3a995682663e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:21:01 +0530 Subject: [PATCH 217/540] Update policy-csp-admx-tpm.md --- windows/client-management/mdm/policy-csp-admx-tpm.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index bee67da425..43c639b31f 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_TPM -description: Policy CSP - ADMX_TPM +description: Learn about Policy CSP - ADMX_TPM. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -565,3 +565,7 @@ ADMX Info: + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 8e2eab7ac86206456efefefc400beeeee924dc55 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:30:01 +0530 Subject: [PATCH 218/540] Update policy-csp-admx-userexperiencevirtualization.md --- ...y-csp-admx-userexperiencevirtualization.md | 326 +++++++++--------- 1 file changed, 165 insertions(+), 161 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 05651ad55f..1b4c199855 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_UserExperienceVirtualization -description: Policy CSP - ADMX_UserExperienceVirtualization +description: Learn about Policy CSP - ADMX_UserExperienceVirtualization. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -445,7 +445,7 @@ If you enable this policy setting, the Calculator user settings continue to sync If you disable this policy setting, Calculator user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -501,7 +501,7 @@ With notifications enabled, UE-V users receive a message when the settings sync If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -554,7 +554,7 @@ If you enable this policy setting, the UE-V rollback state is copied to the sett If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. -If you do not configure this policy, no UE-V rollback state is copied to the settings storage location. +If you don't configure this policy, no UE-V rollback state is copied to the settings storage location. @@ -599,9 +599,9 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. -If you disable this policy setting, the Company Settings Center does not display an IT Contact link. +If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -647,9 +647,9 @@ This policy setting specifies the URL for the Contact IT link in the Company Set If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. -If you disable this policy setting, the Company Settings Center does not display an IT Contact link. +If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -695,20 +695,20 @@ This policy setting defines whether the User Experience Virtualization (UE-V) Ag By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. -If you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps. +If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps. If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. > [!NOTE] -> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows. +> If the user connects their Microsoft account for their computer then the UE-V Agent won't synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows. ADMX Info: -- GP Friendly name: *Do not synchronize Windows Apps* +- GP Friendly name: *don't synchronize Windows Apps* - GP name: *DisableWin8Sync* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -751,7 +751,7 @@ If you enable this policy setting, only the selected Windows settings synchroniz If you disable this policy setting, all Windows Settings are excluded from the settings synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -844,7 +844,7 @@ If you enable this policy setting, Finance user settings continue to sync. If you disable this policy setting, Finance user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -892,7 +892,7 @@ With this setting enabled, the notification appears the first time that the UE-V With this setting disabled, no notification appears. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -941,7 +941,7 @@ If you enable this policy setting, Games user settings continue to sync. If you disable this policy setting, Games user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -992,7 +992,7 @@ If you enable this policy setting, the Internet Explorer 8 user settings continu If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1041,7 +1041,7 @@ If you enable this policy setting, the Internet Explorer 9 user settings continu If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1091,7 +1091,7 @@ If you enable this policy setting, the Internet Explorer 10 user settings contin If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1140,7 +1140,7 @@ If you enable this policy setting, the Internet Explorer 11 user settings contin If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1190,7 +1190,7 @@ If you enable this policy setting, the user settings which are common between th If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1238,7 +1238,7 @@ If you enable this policy setting, Maps user settings continue to sync. If you disable this policy setting, Maps user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1281,11 +1281,11 @@ ADMX Info: -This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. +This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size. If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. -If you disable or do not configure this policy setting, no event is written to the event log to report settings package size. +If you disable or don't configure this policy setting, no event is written to the event log to report settings package size. @@ -1334,7 +1334,7 @@ If you enable this policy setting, Microsoft Access 2010 user settings continue If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1383,7 +1383,7 @@ If you enable this policy setting, the user settings which are common between th If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1432,7 +1432,7 @@ If you enable this policy setting, Microsoft Excel 2010 user settings continue t If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1481,7 +1481,7 @@ If you enable this policy setting, Microsoft InfoPath 2010 user settings continu If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1531,7 +1531,7 @@ If you enable this policy setting, Microsoft Lync 2010 user settings continue to If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1580,7 +1580,7 @@ If you enable this policy setting, Microsoft OneNote 2010 user settings continue If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1628,7 +1628,7 @@ If you enable this policy setting, Microsoft Outlook 2010 user settings continue If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1677,7 +1677,7 @@ If you enable this policy setting, Microsoft PowerPoint 2010 user settings conti If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1727,7 +1727,7 @@ If you enable this policy setting, Microsoft Project 2010 user settings continue If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1776,7 +1776,7 @@ If you enable this policy setting, Microsoft Publisher 2010 user settings contin If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1826,7 +1826,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2010 user setti If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1875,7 +1875,7 @@ If you enable this policy setting, Microsoft SharePoint Workspace 2010 user sett If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1925,7 +1925,7 @@ If you enable this policy setting, Microsoft Visio 2010 user settings continue t If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -1974,7 +1974,7 @@ If you enable this policy setting, Microsoft Word 2010 user settings continue to If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2023,7 +2023,7 @@ If you enable this policy setting, Microsoft Access 2013 user settings continue If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2069,9 +2069,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Access 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2120,7 +2120,7 @@ If you enable this policy setting, the user settings which are common between th If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2164,13 +2164,14 @@ ADMX Info: This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications. + Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. -If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up. +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2221,7 +2222,7 @@ If you enable this policy setting, Microsoft Excel 2013 user settings continue t If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2267,9 +2268,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Excel 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2318,7 +2319,7 @@ If you enable this policy setting, Microsoft InfoPath 2013 user settings continu If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2365,9 +2366,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2417,7 +2418,7 @@ If you enable this policy setting, Microsoft Lync 2013 user settings continue to If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2464,9 +2465,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Lync 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2516,7 +2517,7 @@ If you enable this policy setting, OneDrive for Business 2013 user settings cont If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2566,7 +2567,7 @@ If you enable this policy setting, Microsoft OneNote 2013 user settings continue If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2614,9 +2615,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft OneNote 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2666,7 +2667,7 @@ If you enable this policy setting, Microsoft Outlook 2013 user settings continue If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2713,9 +2714,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Outlook 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2765,7 +2766,7 @@ If you enable this policy setting, Microsoft PowerPoint 2013 user settings conti If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2813,9 +2814,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2865,7 +2866,7 @@ If you enable this policy setting, Microsoft Project 2013 user settings continue If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2912,9 +2913,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Project 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -2963,7 +2964,7 @@ If you enable this policy setting, Microsoft Publisher 2013 user settings contin If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3011,9 +3012,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Publisher 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3063,7 +3064,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2013 user setti If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3111,9 +3112,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3163,7 +3164,7 @@ If you enable this policy setting, Microsoft Office 2013 Upload Center user sett If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3212,7 +3213,7 @@ If you enable this policy setting, Microsoft Visio 2013 user settings continue t If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3260,9 +3261,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Visio 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3312,7 +3313,7 @@ If you enable this policy setting, Microsoft Word 2013 user settings continue to If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3359,9 +3360,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Word 2013 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3410,7 +3411,7 @@ If you enable this policy setting, Microsoft Access 2016 user settings continue If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3457,9 +3458,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Access 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3509,7 +3510,7 @@ If you enable this policy setting, the user settings which are common between th If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3558,9 +3559,9 @@ Microsoft Office Suite 2016 has user settings which are common between applicati If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. -If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up. +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3610,7 +3611,7 @@ If you enable this policy setting, Microsoft Excel 2016 user settings continue t If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3658,9 +3659,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Excel 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3710,7 +3711,7 @@ If you enable this policy setting, Microsoft Lync 2016 user settings continue to If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3758,9 +3759,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Lync 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3810,7 +3811,7 @@ If you enable this policy setting, OneDrive for Business 2016 user settings cont If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3860,7 +3861,7 @@ If you enable this policy setting, Microsoft OneNote 2016 user settings continue If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3907,9 +3908,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft OneNote 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -3959,7 +3960,7 @@ If you enable this policy setting, Microsoft Outlook 2016 user settings continue If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4006,9 +4007,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Outlook 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4058,7 +4059,7 @@ If you enable this policy setting, Microsoft PowerPoint 2016 user settings conti If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4105,9 +4106,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4157,7 +4158,7 @@ If you enable this policy setting, Microsoft Project 2016 user settings continue If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4205,9 +4206,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Project 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4256,7 +4257,7 @@ If you enable this policy setting, Microsoft Publisher 2016 user settings contin If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4304,9 +4305,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Publisher 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4356,7 +4357,7 @@ If you enable this policy setting, Microsoft Office 2016 Upload Center user sett If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4406,7 +4407,7 @@ If you enable this policy setting, Microsoft Visio 2016 user settings continue t If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4453,9 +4454,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Visio 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4505,7 +4506,7 @@ If you enable this policy setting, Microsoft Word 2016 user settings continue to If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4552,9 +4553,9 @@ This policy setting configures the backup of certain user settings for Microsoft If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. -If you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up. +If you disable this policy setting, certain user settings of Microsoft Word 2016 won't be backed up. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4604,7 +4605,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2013 user setting If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4654,7 +4655,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2016 user setting If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4704,7 +4705,7 @@ If you enable this policy setting, user settings which are common between the Mi If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4754,7 +4755,7 @@ If you enable this policy setting, user settings which are common between the Mi If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4804,7 +4805,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4854,7 +4855,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4904,7 +4905,7 @@ If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user setti If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -4953,7 +4954,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5003,7 +5004,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5053,7 +5054,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settin If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5103,7 +5104,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settin If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5153,7 +5154,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settin If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5203,7 +5204,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settin If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5253,7 +5254,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user set If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5303,7 +5304,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user set If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5353,7 +5354,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2013 user settin If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5403,7 +5404,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2016 user settin If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5453,7 +5454,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2013 user sett If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5503,7 +5504,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2016 user sett If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5552,7 +5553,7 @@ If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5602,7 +5603,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5651,7 +5652,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5701,7 +5702,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2013 user settings If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5751,7 +5752,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2016 user settings If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5801,7 +5802,7 @@ If you enable this policy setting, Music user settings continue to sync. If you disable this policy setting, Music user settings are excluded from the synchronizing settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5850,7 +5851,7 @@ If you enable this policy setting, News user settings continue to sync. If you disable this policy setting, News user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5900,7 +5901,7 @@ If you enable this policy setting, the Notepad user settings continue to synchro If you disable this policy setting, Notepad user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5950,7 +5951,7 @@ If you enable this policy setting, Reader user settings continue to sync. If you disable this policy setting, Reader user settings are excluded from the synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -5999,7 +6000,7 @@ This policy setting configures the number of milliseconds that the computer wait If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. -If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used. +If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used. @@ -6047,7 +6048,7 @@ This policy setting configures where the settings package files that contain use If you enable this policy setting, the user settings are stored in the specified location. -If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. +If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. @@ -6099,9 +6100,9 @@ If you specify a UNC path and leave the option to replace the default Microsoft If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. -If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates. +If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6151,7 +6152,7 @@ If you enable this policy setting, Sports user settings continue to sync. If you disable this policy setting, Sports user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6239,13 +6240,13 @@ ADMX Info: -This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection. +This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent doesn't synchronize settings over a metered connection. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection. -With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection. +With this setting disabled, the UE-V Agent doesn't synchronize settings over a metered connection. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -6289,13 +6290,13 @@ ADMX Info: -This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming. +This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent doesn't synchronize settings over a metered connection that is roaming. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. -With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming. +With this setting disabled, the UE-V Agent won't synchronize settings over a metered connection that is roaming. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -6345,7 +6346,7 @@ If you enable this policy setting, the sync provider pings the settings storage If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages. -If you do not configure this policy, any defined values will be deleted. +If you don't configure this policy, any defined values will be deleted. @@ -6394,7 +6395,7 @@ With this setting enabled, the settings of all Windows apps not expressly disabl With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -6444,7 +6445,7 @@ If you enable this policy setting, Travel user settings continue to sync. If you disable this policy setting, Travel user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6489,9 +6490,9 @@ ADMX Info: This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. -With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. +With this setting disabled, the tray icon doesn't appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. -If you do not configure this policy setting, any defined values are deleted. +If you don't configure this policy setting, any defined values are deleted. @@ -6540,7 +6541,7 @@ If you enable this policy setting, Video user settings continue to sync. If you disable this policy setting, Video user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6590,7 +6591,7 @@ If you enable this policy setting, Weather user settings continue to sync. If you disable this policy setting, Weather user settings are excluded from synchronization. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6640,7 +6641,7 @@ If you enable this policy setting, the WordPad user settings continue to synchro If you disable this policy setting, WordPad user settings are excluded from the synchronization settings. -If you do not configure this policy setting, any defined values will be deleted. +If you don't configure this policy setting, any defined values will be deleted. @@ -6658,3 +6659,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 31eb5fd3eee62404e6fd671341ce8307d1ef255e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:32:52 +0530 Subject: [PATCH 219/540] Update policy-csp-admx-userprofiles.md --- .../client-management/mdm/policy-csp-admx-userprofiles.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 61082a5684..799a90014c 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_UserProfiles -description: Policy CSP - ADMX_UserProfiles +description: Learn about Policy CSP - ADMX_UserProfiles. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -443,7 +443,6 @@ This setting prevents users from managing the ability to allow apps to access th If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options: - "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS. - - "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources. If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting. @@ -463,3 +462,7 @@ ADMX Info:
    + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From e56aa1414462dce8ab69cdb807e849d7b72231d4 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:36:30 +0530 Subject: [PATCH 220/540] Update policy-csp-admx-w32time.md --- windows/client-management/mdm/policy-csp-admx-w32time.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index fd75025cff..7324ca3459 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_W32Time -description: Policy CSP - ADMX_W32Time +description: Learn about Policy CSP - ADMX_W32Time. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -332,3 +332,6 @@ ADMX Info: +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From 7b9214d008a5e132f467ba1da3cf737606107aec Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:38:54 +0530 Subject: [PATCH 221/540] Update policy-csp-admx-wcm.md --- windows/client-management/mdm/policy-csp-admx-wcm.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 56d18c37ee..eeeacfe4ca 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_WCM -description: Policy CSP - ADMX_WCM +description: Learn about Policy CSP - ADMX_WCM. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -121,9 +121,9 @@ If this policy setting is disabled, Windows will disconnect a computer from a ne When soft disconnect is enabled: -- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted. +- Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted. - Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection. -- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network. +- Network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network. This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks. @@ -196,3 +196,7 @@ ADMX Info: + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From c8022450a3b127c34fbd86819987815ea6a165cd Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:41:23 +0530 Subject: [PATCH 222/540] Update policy-csp-admx-wdi.md --- .../mdm/policy-csp-admx-wdi.md | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index 6e8175c253..a5b1ce11d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_WDI -description: Policy CSP - ADMX_WDI +description: Learn about Policy CSP - ADMX_WDI. ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -66,12 +66,15 @@ manager: dansimp This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. -- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached. -- If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. -No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting will only take effect when the Diagnostic Policy Service is in the running state. -When the service is stopped or disabled, diagnostic scenario data won't be deleted. -The DPS can be configured with the Services snap-in to the Microsoft Management Console. + +If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached. + +If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. + +>[!NOTE] +> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted. +> +> The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -115,11 +118,12 @@ ADMX Info: This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios. -- If you enable this policy setting, you must select an execution level from the drop-down menu. +If you enable this policy setting, you must select an execution level from the drop-down menu. -If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available. +- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. +- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available. -- If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. +If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. @@ -136,4 +140,8 @@ ADMX Info:
    - \ No newline at end of file + + +## Related topics + +[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From df21c4d0e621cf607f4b54f239e1343493c0527b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:48:59 +0530 Subject: [PATCH 223/540] Update policy-csp-admx-securitycenter.md --- .../client-management/mdm/policy-csp-admx-securitycenter.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 887005fcd0..b1e9ac8b26 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Securitycenter -description: Learn about Policy CSP - ADMX_Securitycenter. +description: Policy CSP - ADMX_Securitycenter ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -89,7 +89,3 @@ ADMX Info: - -## Related topics - -[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From bcb36fdde804ed1141b435f6e1e2ead9278e3fea Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:51:49 +0530 Subject: [PATCH 224/540] Update policy-csp-admx-securitycenter.md --- windows/client-management/mdm/policy-csp-admx-securitycenter.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index b1e9ac8b26..5be970f2f5 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -89,3 +89,4 @@ ADMX Info: + From 5cb5c399c4080f147bdcd158c65634608c09f44a Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:52:45 +0530 Subject: [PATCH 225/540] Update policy-csp-admx-servicing.md --- windows/client-management/mdm/policy-csp-admx-servicing.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index e4d18d9a66..1a026b80e4 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -1,6 +1,6 @@ --- title: Policy CSP - ADMX_Servicing -description: Learn about Policy CSP - ADMX_Servicing. +description: Policy CSP - ADMX_Servicing ms.author: dansimp ms.localizationpriority: medium ms.topic: article @@ -82,6 +82,4 @@ ADMX Info: -## Related topics -[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) From aa9600fdfd4a11832b548740f4c550175c550910 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:55:02 +0530 Subject: [PATCH 226/540] Update policy-csp-admx-servicing.md --- windows/client-management/mdm/policy-csp-admx-servicing.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 1a026b80e4..4c52a92ab7 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -81,5 +81,3 @@ ADMX Info: - - From 2b8268e833947d4f2a3ee9accd4a4100e578fce1 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:56:55 +0530 Subject: [PATCH 227/540] Update policy-csp-admx-servicing.md --- windows/client-management/mdm/policy-csp-admx-servicing.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 4c52a92ab7..f891376217 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -81,3 +81,4 @@ ADMX Info: + From b04e525ca003275ec47086fd3d5c22c050ae575b Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Wed, 1 Jun 2022 22:37:23 +0530 Subject: [PATCH 228/540] improved consistency in articles --- .../mdm/policy-csp-internetexplorer.md | 179 +++++++++++------- 1 file changed, 106 insertions(+), 73 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 9da7bde9cf..6486569b11 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -13,8 +13,6 @@ manager: dansimp # Policy CSP - InternetExplorer - -
    @@ -803,11 +801,11 @@ manager: dansimp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -841,9 +839,12 @@ manager: dansimp This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website. -If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. +If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). -If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. +> [!NOTE] +> This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. + +If you disable or do not configure this policy setting, the user can configure their list of search providers, unless another policy setting restricts such configuration. @@ -887,7 +888,7 @@ ADMX Info: -This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly. +This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites, so that ActiveX controls can run properly. If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions. @@ -941,11 +942,11 @@ This list can be used with the 'Deny all add-ons unless specifically allowed in If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information: -Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. +- Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. -Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. +- Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied, enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. -If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. +If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will determine, whether add-ons not in this list are assumed to be denied. @@ -992,7 +993,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". -If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. +If you disable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. @@ -1038,7 +1039,7 @@ ADMX Info: -This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks. +This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned, when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks. If you enable this policy setting, the certificate address mismatch warning always appears. @@ -1188,7 +1189,7 @@ ADMX Info: -This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services. +This policy setting allows Internet Explorer to provide enhanced suggestions, as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services. If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users cannot change the Suggestions setting on the Settings charm. @@ -1249,7 +1250,7 @@ Supported values: -This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu. +This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode, using the Tools menu. If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports. @@ -1344,7 +1345,7 @@ ADMX Info: -This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. +This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below, when TLS 1.0 or greater fails. We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack. @@ -1442,7 +1443,7 @@ ADMX Info: -This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone. +This policy setting controls, how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone. If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. @@ -1492,7 +1493,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1500,9 +1501,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1546,7 +1549,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone, consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1554,9 +1557,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1600,7 +1605,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1608,9 +1613,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1654,7 +1661,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1662,9 +1669,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1708,7 +1717,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1716,9 +1725,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1762,7 +1773,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1770,9 +1781,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1816,7 +1829,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1824,9 +1837,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -1979,13 +1994,19 @@ ADMX Info: This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. -Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) +Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: +1. Intranet zone +1. Trusted Sites zone +1. Internet zone +1. Restricted Sites zone -If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information: +Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) -Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. +If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information: -Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. +- Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. + +- Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments. @@ -2111,7 +2132,7 @@ ADMX Info: -This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft to suggest sites that the user might want to visit. +This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft, to suggest sites that the user might want to visit. If you enable this policy setting, the user is not prompted to enable Suggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions. @@ -2161,7 +2182,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2169,9 +2190,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -2215,7 +2238,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2223,9 +2246,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -2269,7 +2294,7 @@ ADMX Info: -This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. +This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2277,9 +2302,11 @@ If you disable this template policy setting, no security level is configured. If you do not configure this template policy setting, no security level is configured. -Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. +> [!NOTE] +> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent. -Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!NOTE] +> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. @@ -2373,7 +2400,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs. +This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software, and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs. If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers. @@ -2427,21 +2454,21 @@ Enables you to configure up to three versions of Microsoft Edge to open a redire If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur: - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: - 1 = Microsoft Edge Stable - 2 = Microsoft Edge Beta version 77 or later - 3 = Microsoft Edge Dev version 77 or later - 4 = Microsoft Edge Canary version 77 or later + - 1 = Microsoft Edge Stable + - 2 = Microsoft Edge Beta version 77 or later + - 3 = Microsoft Edge Dev version 77 or later + - 4 = Microsoft Edge Canary version 77 or later - If you disable or do not configure this policy, Microsoft Edge Stable channel is used. This is the default behavior. If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur: - If you enable this policy, you can configure redirected sites to open in up to three of the following channels where: - 0 = Microsoft Edge version 45 or earlier - 1 = Microsoft Edge Stable - 2 = Microsoft Edge Beta version 77 or later - 3 = Microsoft Edge Dev version 77 or later - 4 = Microsoft Edge Canary version 77 or later + - 0 = Microsoft Edge version 45 or earlier + - 1 = Microsoft Edge Stable + - 2 = Microsoft Edge Beta version 77 or later + - 3 = Microsoft Edge Dev version 77 or later + - 4 = Microsoft Edge Canary version 77 or later - If you disable or do not configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior. @@ -2694,7 +2721,7 @@ ADMX Info: Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. -This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. +This policy setting determines, whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain, but the MIME sniff indicates that the file is really an executable file, then Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files. @@ -2746,7 +2773,7 @@ ADMX Info: This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading. > [!Caution] -> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. +> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download, breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML. @@ -3008,7 +3035,10 @@ Supported values: -This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history. +This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, do the following: + +1. From the Menu bar, on the Tools menu, click Internet Options. +1. Click the General tab, and then click Settings under Browsing history. If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history. @@ -3260,7 +3290,8 @@ If you enable this policy setting, the browser negotiates or does not negotiate If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. -Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. +> [!NOTE] +> SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. @@ -3363,7 +3394,7 @@ Supported values: -This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. +This policy setting prevents Internet Explorer from running the First Run wizard, the first time a user starts the browser after installing Internet Explorer or Windows. If you enable this policy setting, you must make one of the following choices: - Skip the First Run wizard, and go directly to the user's home page. @@ -3371,7 +3402,7 @@ If you enable this policy setting, you must make one of the following choices: Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen. -If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. +If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard, the first time the browser is started after installation. @@ -3746,13 +3777,14 @@ ADMX Info: -This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows. +This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility), when running in Enhanced Protected Mode on 64-bit versions of Windows. -Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used. +> [!IMPORTANT] +> Some ActiveX controls and toolbars may not be available when 64-bit processes are used. -If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. +If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows. -If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. +If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default. @@ -3900,7 +3932,8 @@ If you enable this policy setting, you can specify which default home pages shou If you disable or do not configure this policy setting, the user can add secondary home pages. -Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages. +> [!NOTE] +> If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages. @@ -3993,7 +4026,7 @@ ADMX Info: Prevents Internet Explorer from checking whether a new version of the browser is available. -If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available. +If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifies users if a new version is available. If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available. From 3364f37b690dc842f52bc355667d119ead0e0fcf Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 1 Jun 2022 10:16:00 -0700 Subject: [PATCH 229/540] edits --- .../update-compliance-v2-configuration-mem.md | 2 +- ...date-compliance-v2-configuration-script.md | 68 +++++++++---------- .../update/update-compliance-v2-enable.md | 4 +- .../update/update-compliance-v2-overview.md | 2 +- .../update-compliance-v2-prerequisites.md | 4 +- ...mpliance-v2-schema-ucclientupdatestatus.md | 2 +- ...date-compliance-v2-schema-ucdevicealert.md | 2 +- ...pliance-v2-schema-ucserviceupdatestatus.md | 2 +- .../update/update-compliance-v2-schema.md | 2 +- .../update/update-compliance-v2-use.md | 4 +- .../update/update-status-admin-center.md | 6 +- 11 files changed, 49 insertions(+), 49 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index c18fb472ee..d4d29befd8 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -13,7 +13,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 437951d30e..8a5fdb9d6e 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -13,7 +13,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Configuring devices through the Update Compliance (preview) Configuration Script @@ -47,11 +47,43 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`): 1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`. -2. Set `commercialIDValue` to your Commercial ID. +2. Set `commercialIDValue` to your [Commercial ID](update-compliance-v2-enable.md#bkmk_id) for the Update Compliance solution. 3. Run the script. 4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`. 5. If there are issues, gather the logs and provide them to Microsoft Support. +## Verify device configuration + +In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps: + +1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer). + 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + 1. Under **View diagnostic data**, select **On** for the following option: + + - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)** + - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)** + +1. Select **Open Diagnostic Data Viewer**. + - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. + - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed. + +1. Check for software updates on the client device. + - Windows 11: + 1. Go to **Start**, select **Settings** > **Windows Update**. + 1. Select **Check for updates** then wait for the update check to complete. + - Windows 10: + 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**. + 1. Select **Check for updates** then wait for the update check to complete. + +1. Run the **Diagnostic Data Viewer**. + 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**. +1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items: + - The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-get-started.md#get-your-commercialid) of your Log Analytics workspace for Update Compliance. + - The **MSP** field value under **protocol** should be either `16` or `18`. + - If you need to send this data to Microsoft Support, select **Export data**. + + :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png"::: ## Script errors @@ -101,35 +133,3 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 94 | Unexpected exception in EnableAllowUCProcessing| | 99 | Device isn't Windows 10.| -## Verify device configuration - -In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps: - -1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer). - 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. - 1. Under **View diagnostic data**, select **On** for the following option: - - - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)** - - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)** - -1. Select **Open Diagnostic Data Viewer**. - - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. - - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed. - -1. Check for software updates on the client device. - - Windows 11: - 1. Go to **Start**, select **Settings** > **Windows Update**. - 1. Select **Check for updates** then wait for the update check to complete. - - Windows 10: - 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**. - 1. Select **Check for updates** then wait for the update check to complete. - -1. Run the **Diagnostic Data Viewer**. - 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. - 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**. -1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items: - - The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-get-started.md#get-your-commercialid) of your Log Analytics workspace for Update Compliance. - - The **MSP** field value under **protocol** should be either `16` or `18`. - - If you need to send this data to Microsoft Support, select **Export data**. - - :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png"::: diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md index c912b15042..c0e8aaf7c2 100644 --- a/windows/deployment/update/update-compliance-v2-enable.md +++ b/windows/deployment/update/update-compliance-v2-enable.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Enable Update Compliance @@ -80,7 +80,7 @@ The **Commercial ID** directs your clients to the Update Compliance solution in 1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance. > [!Warning] - > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and so can result in data loss. + > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and so can result in data loss. ## Next steps diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md index f5baf581ed..0c1ca76ea6 100644 --- a/windows/deployment/update/update-compliance-v2-overview.md +++ b/windows/deployment/update/update-compliance-v2-overview.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Update Compliance overview diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 5779606a96..479ec599b6 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Update Compliance prerequisites @@ -24,7 +24,7 @@ ms.date: 05/31/2022 ## Update Compliance prerequisites -Before you begin the process to add Update Compliance to your Azure subscription, ensure you can meet the prerequisites. +Before you begin the process to add Update Compliance to your Azure subscription, ensure you meet the prerequisites. ### Azure and Azure Active Directory diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index 8152246ded..610725c4c6 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # UCClientUpdateStatus diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index 1e7e135ef3..0468cb06c2 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # UCDeviceAlert diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index dd20ce0322..305b5f8fc4 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # UCServiceUpdateStatus diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index c6e014b7bb..e458cb4c3f 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Update Compliance version 2 schema diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md index 7087294293..be6131ccea 100644 --- a/windows/deployment/update/update-compliance-v2-use.md +++ b/windows/deployment/update/update-compliance-v2-use.md @@ -11,7 +11,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 05/31/2022 +ms.date: 06/06/2022 --- # Use Update Compliance (preview) @@ -64,4 +64,4 @@ Update Compliance is built on the Log Analytics platform that is integrated into See below for a few articles related to Log Analytics: - Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches). - Review the documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards) to develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/). -- [Gain an overview of Log Analytics' alerts](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. +- [Gain an overview of alerts for Log Analytics](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md index 609ffaf308..9f70932186 100644 --- a/windows/deployment/update/update-status-admin-center.md +++ b/windows/deployment/update/update-status-admin-center.md @@ -36,8 +36,8 @@ The **Software updates** page has following tabs to assist you in monitoring upd ## Prerequisites - [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution -- An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com) **???** - - To configure settings for the **Software Updates** page: [Windows Update Deployment Administrator role](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator) +- An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com) + - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles) - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) ## Limitations @@ -57,7 +57,7 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos 1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts. > [!Tip] -> If you don't see an entry for Software updates (Preview) in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates). +> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates). ## The Windows tab From 143becda53793249ef7d4b6d12748c97d928ed69 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Thu, 2 Jun 2022 02:49:41 +0530 Subject: [PATCH 230/540] Updated-6020456 Bulk metadata update. --- windows/privacy/Microsoft-DiagnosticDataViewer.md | 5 ----- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 5 ----- .../basic-level-windows-diagnostic-events-and-fields-1709.md | 5 ----- .../basic-level-windows-diagnostic-events-and-fields-1803.md | 5 ----- .../basic-level-windows-diagnostic-events-and-fields-1809.md | 5 ----- .../basic-level-windows-diagnostic-events-and-fields-1903.md | 5 ----- .../privacy/changes-to-windows-diagnostic-data-collection.md | 5 ----- ...configure-windows-diagnostic-data-in-your-organization.md | 5 ----- windows/privacy/diagnostic-data-viewer-overview.md | 5 ----- ...ed-diagnostic-data-windows-analytics-events-and-fields.md | 5 ----- .../privacy/essential-services-and-connected-experiences.md | 4 ---- ...ting-system-components-to-microsoft-services-using-MDM.md | 5 ----- ...dows-operating-system-components-to-microsoft-services.md | 5 ----- windows/privacy/manage-windows-11-endpoints.md | 4 ---- windows/privacy/manage-windows-1809-endpoints.md | 4 ---- windows/privacy/manage-windows-1903-endpoints.md | 4 ---- windows/privacy/manage-windows-1909-endpoints.md | 4 ---- windows/privacy/manage-windows-2004-endpoints.md | 4 ---- windows/privacy/manage-windows-20H2-endpoints.md | 4 ---- windows/privacy/manage-windows-21H1-endpoints.md | 4 ---- windows/privacy/manage-windows-21h2-endpoints.md | 4 ---- .../required-windows-11-diagnostic-events-and-fields.md | 5 ----- ...equired-windows-diagnostic-data-events-and-fields-2004.md | 5 ----- windows/privacy/windows-10-and-privacy-compliance.md | 5 ----- .../privacy/windows-11-endpoints-non-enterprise-editions.md | 4 ---- windows/privacy/windows-diagnostic-data-1703.md | 4 ---- windows/privacy/windows-diagnostic-data.md | 4 ---- .../windows-endpoints-1809-non-enterprise-editions.md | 4 ---- .../windows-endpoints-1903-non-enterprise-editions.md | 4 ---- .../windows-endpoints-1909-non-enterprise-editions.md | 4 ---- .../windows-endpoints-2004-non-enterprise-editions.md | 4 ---- .../windows-endpoints-20H2-non-enterprise-editions.md | 4 ---- .../windows-endpoints-21H1-non-enterprise-editions.md | 4 ---- 33 files changed, 147 deletions(-) diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md index cfe5cdf277..11c9aade1b 100644 --- a/windows/privacy/Microsoft-DiagnosticDataViewer.md +++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md @@ -1,13 +1,8 @@ --- title: Diagnostic Data Viewer for PowerShell Overview (Windows 10) description: Use this article to use the Diagnostic Data Viewer for PowerShell to review the diagnostic data sent to Microsoft by your device. -keywords: privacy ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index fe5f9e9510..3d181c27eb 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1,11 +1,7 @@ --- description: Learn more about the Windows 10, version 1703 diagnostic data gathered at the basic level. title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic @@ -13,7 +9,6 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article ms.date: 11/29/2021 -audience: ITPro ms.reviewer: ms.technology: privacy --- diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index f20bf940f2..918065c558 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -1,18 +1,13 @@ --- description: Learn more about the Windows 10, version 1709 diagnostic data gathered at the basic level. title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -audience: ITPro ms.date: ms.reviewer: ms.technology: privacy diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index fc82f5a509..b36a64a684 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1,18 +1,13 @@ --- description: Learn more about the Windows 10, version 1803 diagnostic data gathered at the basic level. title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -audience: ITPro ms.date: ms.reviewer: ms.technology: privacy diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index e660f2df49..194391b10e 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -1,18 +1,13 @@ --- description: Learn more about the Windows 10, version 1809 diagnostic data gathered at the basic level. title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -audience: ITPro ms.date: ms.reviewer: ms.technology: privacy diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 2dd8d27ae5..ac7f307052 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -1,18 +1,13 @@ --- description: Learn more about the Windows 10, version 1903 diagnostic data gathered at the basic level. title: Windows 10, version 1909 and Windows 10, version 1903 required diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -audience: ITPro ms.date: ms.technology: privacy --- diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 50f081e04a..f93f6ca33f 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -1,13 +1,8 @@ --- title: Changes to Windows diagnostic data collection description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11. -keywords: privacy, diagnostic data ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro ms.author: siosulli author: dansimp manager: dansimp diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 5c614eaed1..044e511543 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -1,13 +1,8 @@ --- description: Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. title: Configure Windows diagnostic data in your organization (Windows 10 and Windows 11) -keywords: privacy ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index adf1997249..15f28b8b12 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -1,13 +1,8 @@ --- title: Diagnostic Data Viewer Overview (Windows 10 and Windows 11) description: Use this article to use the Diagnostic Data Viewer application to review the diagnostic data sent to Microsoft by your device. -keywords: privacy ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index c867fe681a..a61c2b2289 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -1,13 +1,8 @@ --- title: Enhanced diagnostic data required by Windows Analytics (Windows 10) description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics -keywords: privacy, diagnostic data ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md index 00b49e112b..b57e4a9afe 100644 --- a/windows/privacy/essential-services-and-connected-experiences.md +++ b/windows/privacy/essential-services-and-connected-experiences.md @@ -1,12 +1,8 @@ --- title: Essential services and connected experiences for Windows description: Explains what the essential services and connected experiences are for Windows -keywords: privacy, manage connections to Microsoft ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: siosulli ms.author: dansimp manager: dansimp diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index f12658e2d0..5ea20ae20f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -1,13 +1,8 @@ --- title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. -ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9 -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: RyanHechtMSFT ms.author: dansimp manager: dansimp diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 2d941eb5ee..333b283d76 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1,14 +1,9 @@ --- title: Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections. -ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9 ms.reviewer: -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: tomlayson ms.author: tomlayson manager: riche diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 1370d95086..09197e019e 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 11 Enterprise description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11. -keywords: privacy, manage connections to Microsoft, Windows 11 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index f6b2a11c6d..356582f1fb 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10, version 1809 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 41d1c6b46b..61e79267c1 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1903 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: linque1 ms.author: obezeajo manager: dansimp diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md index b5dfff14b9..cd62abd039 100644 --- a/windows/privacy/manage-windows-1909-endpoints.md +++ b/windows/privacy/manage-windows-1909-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1909 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909. -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: obezeajo diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md index 2b302dbf62..789e6e2e56 100644 --- a/windows/privacy/manage-windows-2004-endpoints.md +++ b/windows/privacy/manage-windows-2004-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 2004 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004. -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: linque1 ms.author: siosulli manager: dansimp diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index 9d1ec6d001..17e22dfe6b 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 20H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2. -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index bd760cb5c0..4ed0760f70 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 21H1 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1. -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index d8c926a1fc..ebc451df17 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -1,12 +1,8 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 21H2 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2. -keywords: privacy, manage connections to Microsoft, Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 084f8f8a9e..ce56078106 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -1,11 +1,7 @@ --- description: Learn more about the Windows 11 diagnostic data gathered at the basic level. title: Required Windows 11 diagnostic events and fields -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic @@ -14,7 +10,6 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -audience: ITPro ms.date: 11/29/2021 ms.technology: privacy --- diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index b37678708d..d8f4cfa026 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -1,11 +1,7 @@ --- description: Learn more about the required Windows 10 diagnostic data gathered. title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10) -keywords: privacy, telemetry ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic @@ -14,7 +10,6 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -audience: ITPro ms.date: ms.technology: privacy --- diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 0e97842d03..926ed21786 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -1,13 +1,8 @@ --- title: Windows Privacy Compliance Guide description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows. -keywords: privacy, GDPR, compliance ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: high -audience: ITPro author: brianlic-msft ms.author: brianlic manager: dansimp diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md index 6f9cf021c9..aead5ff2db 100644 --- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md +++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 11 connection endpoints for non-Enterprise editions description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 8e0e2a5a2a..9fd9cb82de 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -1,12 +1,8 @@ --- title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10) description: Use this article to learn about the types of data that is collected the Full diagnostic data level. -keywords: privacy,Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index 88faf6a75d..f229d28d4c 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10) description: Use this article to learn about the types of optional diagnostic data that is collected. -keywords: privacy,Windows 10 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index ff4d97cb72..10b56f84f0 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 1809, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: dansimp ms.author: dansimp manager: dansimp diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index a383c259cf..271c07b9f0 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 1903, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: mikeedgar ms.author: obezeajo manager: dansimp diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 3520abedd7..c73380a6e3 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 1909, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: obezeajo diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md index d756be9937..4ad52fe27d 100644 --- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 2004, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: linque1 ms.author: obezeajo manager: dansimp diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md index 63ddea60f9..8f1aa365d5 100644 --- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md index 609bb9e605..8f75ee377c 100644 --- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md @@ -1,12 +1,8 @@ --- title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1. -keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library ms.localizationpriority: high -audience: ITPro author: gental-giant ms.author: v-hakima manager: dansimp From 1122507a7e3d451540902ecd8575abdf7461fcf4 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:55:57 -0700 Subject: [PATCH 231/540] Update windows-11-se-overview.md line 77 changed from |Pearson TestNav |1.10.2.0 |Win32|Pearson| to |Pearson TestNav |1.10.2.0 |Store |Pearson| --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index c32223b772..e22acdf422 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -74,7 +74,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run |NextUp Talker |1.0.49 |Win32 |NextUp Technologies| |NonVisual Desktop Access |2021.3.1 |Win32 |NV Access| |NWEA Secure Testing Browser |5.4.300.0 |Win32 |NWEA| -|Pearson TestNav |1.10.2.0 |Win32 |Pearson| +|Pearson TestNav |1.10.2.0 |Store |Pearson| |Questar Secure Browser |4.8.3.376 |Win32 |Questar| |ReadAndWriteForWindows |12.0.60.0 |Win32 |Texthelp Ltd.| |Remote Help |3.8.0.12 |Win32 |Microsoft| From 3515ad41c53b3b3851c47a88046d65b194161d36 Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Thu, 2 Jun 2022 03:29:55 +0530 Subject: [PATCH 232/540] Updated-6038484 Bulk metadata update. --- windows/whats-new/contribute-to-a-topic.md | 3 --- windows/whats-new/get-started-with-1709.md | 3 --- windows/whats-new/ltsc/index.md | 4 ---- windows/whats-new/ltsc/whats-new-windows-10-2015.md | 4 ---- windows/whats-new/ltsc/whats-new-windows-10-2016.md | 4 ---- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 3 --- windows/whats-new/ltsc/whats-new-windows-10-2021.md | 3 --- .../whats-new/whats-new-windows-10-version-1507-and-1511.md | 3 --- windows/whats-new/whats-new-windows-10-version-1607.md | 3 --- windows/whats-new/whats-new-windows-10-version-1703.md | 4 ---- windows/whats-new/whats-new-windows-10-version-1709.md | 3 --- windows/whats-new/whats-new-windows-10-version-1803.md | 3 --- windows/whats-new/whats-new-windows-10-version-1809.md | 3 --- windows/whats-new/whats-new-windows-10-version-1903.md | 4 ---- windows/whats-new/whats-new-windows-10-version-1909.md | 4 ---- windows/whats-new/whats-new-windows-10-version-2004.md | 4 ---- windows/whats-new/whats-new-windows-10-version-20H2.md | 4 ---- windows/whats-new/whats-new-windows-10-version-21H1.md | 4 ---- windows/whats-new/whats-new-windows-10-version-21H2.md | 3 --- windows/whats-new/windows-10-insider-preview.md | 2 -- windows/whats-new/windows-11-overview.md | 4 ---- windows/whats-new/windows-11-plan.md | 3 --- windows/whats-new/windows-11-prepare.md | 3 --- windows/whats-new/windows-11-requirements.md | 4 ---- 24 files changed, 82 deletions(-) diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md index b99b7a48ad..77dfd79528 100644 --- a/windows/whats-new/contribute-to-a-topic.md +++ b/windows/whats-new/contribute-to-a-topic.md @@ -1,10 +1,7 @@ --- title: Edit an existing topic using the Edit link description: Instructions about how to edit an existing topic by using the Edit link on docs.microsoft.com. -keywords: contribute, edit a topic ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library ms.date: 10/13/2017 ms.reviewer: manager: dansimp diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md index c2522f3e4c..4384b7e11e 100644 --- a/windows/whats-new/get-started-with-1709.md +++ b/windows/whats-new/get-started-with-1709.md @@ -1,10 +1,7 @@ --- title: Get started with Windows 10, version 1709 description: Learn about features, review requirements, and plan your deployment of Windows 10, version 1709, including IT Pro content, release information, and history. -keywords: ["get started", "windows 10", "fall creators update", "1709"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: dansimp ms.author: dansimp ms.date: 10/16/2017 diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index dfb0df5731..04888d2873 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -1,11 +1,7 @@ --- title: Windows 10 Enterprise LTSC description: New and updated IT Pro content about new features in Windows 10, LTSC (also known as Windows 10 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 LTSC", "Windows 10 LTSB"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index c1c29d8f63..9bec3fd8c7 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -4,11 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2015"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.localizationpriority: low ms.topic: article diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 354488f563..7ee18df927 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -4,11 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2016"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.localizationpriority: low ms.topic: article diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 40a615660a..747857cdd1 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -4,10 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2019 (also known as Windows 10 Enterprise 2019 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2019"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: low ms.topic: article diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index 1e10461eea..ccde2ab561 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -4,10 +4,7 @@ ms.reviewer: manager: dougeby ms.author: aaroncz description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2021. -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2021"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.localizationpriority: low ms.topic: article diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index e7ad13d805..3b820e3b76 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -1,11 +1,8 @@ --- title: What's new in Windows 10, versions 1507 and 1511 (Windows 10) description: What's new in Windows 10 for Windows 10 (versions 1507 and 1511). -ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6 ms.reviewer: ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski manager: dougeby ms.author: aaroncz diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 509b7d10a0..33d826641f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -1,10 +1,7 @@ --- title: What's new in Windows 10, version 1607 (Windows 10) description: What's new in Windows 10 for Windows 10 (version 1607). -keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: high ms.reviewer: author: aczechowski diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index a62e914365..7b22f584f5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -1,12 +1,8 @@ --- title: What's new in Windows 10, version 1703 description: New and updated features in Windows 10, version 1703 (also known as the Creators Updated). -keywords: ["What's new in Windows 10", "Windows 10", "creators update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: high -ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617 ms.reviewer: author: aczechowski manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 905d4ff2dd..4470bbd82a 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -1,10 +1,7 @@ --- title: What's new in Windows 10, version 1709 description: New and updated features in Windows 10, version 1709 (also known as the Fall Creators Update). -keywords: ["What's new in Windows 10", "Windows 10", "Fall Creators Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.reviewer: author: aczechowski manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index f2f4dc5964..c9df6c099a 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -1,10 +1,7 @@ --- title: What's new in Windows 10, version 1803 description: New and updated features in Windows 10, version 1803 (also known as the Windows 10 April 2018 Update). -keywords: ["What's new in Windows 10", "Windows 10", "April 2018 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.reviewer: author: aczechowski manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 9ce31284cc..fc59be8136 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -2,10 +2,7 @@ title: What's new in Windows 10, version 1809 ms.reviewer: description: Learn about features for Windows 10, version 1809, including features and fixes included in previous cumulative updates to Windows 10, version 1803. -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski manager: dougeby ms.author: aaroncz diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 35ed9f16c3..94bd3f7f89 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -1,11 +1,7 @@ --- title: What's new in Windows 10, version 1903 description: New and updated features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update). -keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index 3b33b31e96..d78a5d5369 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -1,11 +1,7 @@ --- title: What's new in Windows 10, version 1909 description: New and updated features in Windows 10, version 1909 (also known as the Windows 10 November 2019 Update). -keywords: ["What's new in Windows 10", "Windows 10", "November 2019 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 726580724f..453aa06e93 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -1,11 +1,7 @@ --- title: What's new in Windows 10, version 2004 description: New and updated features in Windows 10, version 2004 (also known as the Windows 10 May 2020 Update). -keywords: ["What's new in Windows 10", "Windows 10", "May 2020 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index 436dc92f0d..b3f400dbeb 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -1,11 +1,7 @@ --- title: What's new in Windows 10, version 20H2 description: New and updated features in Windows 10, version 20H2 (also known as the Windows 10 October 2020 Update). -keywords: ["What's new in Windows 10", "Windows 10", "October 2020 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md index 2fdba9bd26..f598d1913b 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H1.md +++ b/windows/whats-new/whats-new-windows-10-version-21H1.md @@ -1,11 +1,7 @@ --- title: What's new in Windows 10, version 21H1 description: New and updated features in Windows 10, version 21H1 (also known as the Windows 10 May 2021 Update). -keywords: ["What's new in Windows 10", "Windows 10", "May 2021 Update"] ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md index d536eb04eb..da72022d30 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H2.md +++ b/windows/whats-new/whats-new-windows-10-version-21H2.md @@ -3,9 +3,6 @@ title: What's new in Windows 10, version 21H2 for IT pros description: Learn more about what's new in Windows 10 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more. manager: dougeby ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile ms.author: aaroncz author: aczechowski ms.localizationpriority: medium diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 2e6f2191f7..61a499904f 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -2,8 +2,6 @@ title: Documentation for Windows 10 Insider Preview (Windows 10) description: Preliminary documentation for some Windows 10 features in Insider Preview. ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library author: dansimp ms.date: 04/14/2017 ms.reviewer: diff --git a/windows/whats-new/windows-11-overview.md b/windows/whats-new/windows-11-overview.md index 623e6caba5..ec5cd6f23f 100644 --- a/windows/whats-new/windows-11-overview.md +++ b/windows/whats-new/windows-11-overview.md @@ -3,14 +3,10 @@ title: Windows 11 overview for administrators description: Learn more about Windows 11. Read about the features IT professionals and administrators should know about Windows 11, including security, using apps, using Android apps, the new desktop, and deploying and servicing PCs. ms.reviewer: manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: medium -audience: itpro ms.topic: article ms.collection: highpri ms.custom: intro-overview diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index 91a6d66855..7f67c4a774 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -1,10 +1,7 @@ --- title: Plan for Windows 11 description: Windows 11 deployment planning, IT Pro content. -keywords: ["get started", "windows 11", "plan"] ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 262bf50024..532493e1e3 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -1,10 +1,7 @@ --- title: Prepare for Windows 11 description: Prepare your infrastructure and tools to deploy Windows 11, IT Pro content. -keywords: ["get started", "windows 11"] ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library author: aczechowski ms.author: aaroncz manager: dougeby diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 8384e85778..b2aef79c6d 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -2,14 +2,10 @@ title: Windows 11 requirements description: Hardware requirements to deploy Windows 11 manager: dougeby -ms.audience: itpro author: aczechowski ms.author: aaroncz ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library ms.localizationpriority: medium -audience: itpro ms.topic: article ms.custom: seo-marvel-apr2020 ms.collection: highpri From 530b7ce6408250d9f7172fa372481ffc73aee88a Mon Sep 17 00:00:00 2001 From: Jitin Mathew Date: Thu, 2 Jun 2022 03:50:54 +0530 Subject: [PATCH 233/540] Updated-6020456 Articles updated to resolve Acrolinx error. --- .../basic-level-windows-diagnostic-events-and-fields-1903.md | 2 +- .../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index ac7f307052..8a1cc7a9fd 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -75,7 +75,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit -This event returns information about the Commit operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.. +This event returns information about the Commit operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index f93f6ca33f..5a0e4d4c26 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -59,7 +59,7 @@ A final set of changes includes two new policies that can help you fine-tune dia - The **Limit dump collection** policy is a new policy that can be used to limit the types of [crash dumps](/windows/win32/dxtecharts/crash-dump-analysis) that can be sent back to Microsoft. If this policy is enabled, Windows Error Reporting will send only kernel mini dumps and user mode triage dumps. - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Dump Collection** - MDM policy: System/LimitDumpCollection -- The **Limit diagnostic log collection** policy is another new policy that limits the number of diagnostic logs that are sent back to Microsoft. If this policy is enabled, diagnostic logs are not sent back to Microsoft. +- The **Limit diagnostic log collection** policy is another new policy that limits the number of diagnostic logs that are sent back to Microsoft. If this policy is enabled, diagnostic logs aren't sent back to Microsoft. - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection** - MDM policy: System/LimitDiagnosticLogCollection From d3443a50894b48ebd8f75a041e6ac67a0106bbf7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 1 Jun 2022 16:38:28 -0700 Subject: [PATCH 234/540] update screenshot, edits --- ...37063317-admin-center-software-updates.png | Bin 180898 -> 296631 bytes .../update-compliance-v2-prerequisites.md | 7 +++++-- .../update-compliance-v2-schema-ucclient.md | 2 +- ...date-compliance-v2-schema-ucupdatealert.md | 2 +- .../update/update-compliance-v2-schema.md | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/media/37063317-admin-center-software-updates.png b/windows/deployment/update/media/37063317-admin-center-software-updates.png index 1a4ea20ff5ef85adf39d5e7d5096c94aa4e229c1..978ef1b476f8d98cc8c3338e0f7077be757936b1 100644 GIT binary patch literal 296631 zcmaI6XIxW3_wTDBpdcVhHxQAobWnOCH6Tb+DN08aloonPKtOs4AXO2RjtGeKmMAUK z1!>YDK}~^ z&e3I_J9qKzCAzbbFcEXWS##do6rypiauBe7*17mn{h|7~bJYmO6MNdT{$)>HOYd{% zm^=SH=hN>n-#B-UTBN6?{y4y93r_z=NPCRnIwy2HCU)qgT-2UM37b<;`uyU>Wg3G^ z47b%U*2LJI)5|Z-y4s`eHE56DDJ0IdN-MQ0Vo_K#b5w{&(2JLT<4%8f`4p>~%iU+2 zpIBGDtRH;ruX!(}J0RO~&_`Q3v;U@kFLadZNh*J&%;N>naj^PW?Ny5#FS!$uJzmdR z=D2{qCHw?9XKwJIUMSjVUEre^a^sOvebKhw$Dr;m0NR;%*F*mKtdDV?%(49YUB?3# zcwp_E#UCdbWy20=BhK1Pnddu#kP!a}Etjs{V!TO50ue|cZRqdn3uv$Vp?pPBw zQ19YKYEf2e3T!+RmjmY-G_pcU;g_2lx!TFfg&tB<#o$Avj(*vro|@FcrEqb5&?6F9 z5TB2|n}+xq&UKWf6BiknJFGf&tV~#OT-i_P2>7LbDOL2&{<@{@YG3wkD;-t1ZB{p7 zV4^~~^1En%-+69c+l;{A{L}E7*3KYPm-{)=5)ZUjNwG_An~Qio@aOzMlLsWb+MMm~ zBG9VyyuixbTbH!-2ed_|daI&CQ5iLcR&9zIy>%1SA;0p)S7_(rdnL-23k>^)C;6t-i#~0fpH7Xkt^qQ>r4yS^tCa<_zV5)$r z^Q1i)NME=5M@`Vxk<4m5$m!W|Q}-r2B}Au33w_^kqfd8N;K3Y%!BljXk^T)SoV;Pe z(buY67YJ|+N1uX@=kq-T$Zdzqf%1I0>`sPqFElXeEOngMi&ZCrQomdE&1uNe&9fN! zua2a`UMe-H)q;N#=dmiUn`+s!sr$Tp*bUp;M|kJn<~i_g)ff&6RZ{V1nNYflD`?1m zr7IAA3eiw%Y`9)YnNo};pJU>kxAK7?Of3uWJ5R@zh=?e0|8#$mB3huK6O4F&?T zeb@0EUkX5hGQ~hK@BK3!un}OcnB)b2yCQpRtYV}z7^JqW+?}W?@1&|scP0Dzi!@NE zC0l7zCw8jB2H{kEmsqusB||zEVGKS+ihC z>s_2#3DDkD)R~G;Cc;t)ikSrycP`@fX?YO~@~-Cjoo^nG2Tgg1rFU}oM0a-OwM>EY zfSIWq#;Z=KfR*Y~1Lj`mlKOphI&4tlTcL5r{rr`$^sxTZtZeE#Z>qLVMe@G7MW#=oL%YeeOBvi*^v26bwDjCk#kcUCPyQjAyK zq&kaOL9gN$L_q9Uq^seu5gVu9i5&8%OU>eJ8RxW2Rnc=}5JFmnI+ z=H3d(+N{Zln{zv#FqumwJ=v8SL?CK@ObV`e1iC)yd&@WcT0OM3gm-f}Vx9@2QP|vW z%>q&5+{f~Tp6+KYr+|f(Dv>$FU@&M3td~Aw7+~FVPW6ggxOY98wD~zC97@D!B&3a0 zf($wB&nW@Y@`wf$uJ36wjkpXPrp?^c7LjN2N>zrG8|RE&`cNaxn{LKZ@+TlyMzpYDWx;ZdFY??H=7l#$*%F{$1_ye4+T z9~OvqQ6yWKIlcHJOUJsA1(}o#9G1a3T7nHjwiI)p2hbo=QKgVjOT_9}CN2wgm5i?* znLv;aNQA(S6hfCzlLe8be$gT&R5W!Fd@I`)Ulqe8D|y-xTlUg5?*jO(k&sa+cS;&q zbSx?+Et({VF91P!TFBKE4TKc}NnlvYW&-;MVilrh36`|oFsEAv0(}GTR`=K+0MU2L z6nOY;@jmD81InsC1$3V3b91u%^0epwbOM~J7CVi|6Yc_E1Q z8k9}Nxu~2cv0S1+-k!WKMz!{yh;yd*Gp=v1DSVp%L0o4Ve=X`J99AWf;{!epk?$?7 zaf~y(R|a;xLkV&)jA`e-58b*L?>jj3+b`SPslt}_`up#%YL)SI2B4GblDvtIzkRI> z`7FEKcL__sdWT;x_XIBBCv7E7k2ZI)(R|)c5Yt_eq~Rdhj2&Bh^)F7>bgjVX2ZQwF zgd7$HIskCQmY!%CiK328lz*nLlEA9(StrLWO%(O+kta;CN#m??Hjn12Fi2uQK4Gp; z^Fgq3hS!!Ob5izhXh_ zETUGD@J}LhG>3yV*qSG=svosg{WQ+IlUWyYD8v)mm<(w0%K@JPNBY7gb1&9IeZOos zH=Y1ua$ADypDiN1u>*A{CfR=ZBkByV<~*4hx&mD*~AHvWdHN1j?!+4*Ll*8FHkS^f~X& z`M;doh@p4XyS#J>VT{YefxlY!a-MLDU>tg1b8qL){aJqF*X|W^e_u$-ODdkiz39l; z4LS+z6|Xk}o_|$oR0|!PC(pf&2$1IVW?TXT|o zi|F@dgVQFp6<1*1Ct`!LMZ0V8bRxsxvpnq3tX?{qH$KVtt@xkUk8EwC+waf)rS;8v zWm`bVzqH?uyQ&hpRRy=;NOlXDFW}#tIKFw;kXzFRyMcn}DD9lbgfM&NP>#NZ~5JagoJ8ug6=BwsgO=12u z8O_TUp?pGBv4iH_gQ^;)^DpPki=n?kJ^r)iOxUa=@g4w<_Px+Nd@9PWIHLuWLYSDN zGOOaV!Oc+mDNkr^b%+(>Cv>NBxz5L}8oHC3s6eEhd4OdTBU2{t&$t z<5Gy|qy7D0lSFC|olIv&VyZh}hUXl*^2LshBYr|IXg4O6_=by`%jA~Lmim`1OITK~ zaHPkiB9p{k$%5yNa|a}Rm3Y=in+?Do%Yn{+sbQv6?O!yC*xk0=d2GJHv` zbXzoNmqwX{r0WRFTxYlO4;}}cbVVn>OM9N>0&ks0BVG!EPlSpj!Kz8Cv;YTN$Z2W^ zaAF_Bu#dSdIHYI06UxscVfj*UL;)cm)fmzxvxb<`*|*vliq>1n6rgNgIj!T|e7llz z?=DI*$|(&WeG-FGB`FgQs21^)T}hg?hJdz@zo{7c_ncmDgDP7k(!Kay*G`y-U4ovA<27pFHvKLe9rECY$nSwBHFuFKVD0j0YHs)90! z!mz=NHv0M^WUpx?(Lw~3ivwf3fasL^jS}IxH}*Ex!6~mdEzGNuLguvL-|_$uf)Ey3 z9Y{WQPJ`ZS#g1cxzb81F*iI1hD2v1p-JAkDE8e!~U;dE3#&1FrERdIvf@ghQH?Rch z1B`+dj}Y4a{%R?ZeyY>@1CNeFqNA0H;PlNprd;zv-_KxTpuI}S>G9~JE!|LC-2D06 zO@FW`)kCHg)V_z+^t6%lODM_mpO7#Oee&|4rT=skZ7Y6dGzWqbad%x#zH)kgkoLpc z(uyu)R6h&n6&mV6nIj-)(}LdRq3c{U7$~tWHG-XN<+{<`SzVeK=4UXg)R$lFofKV9 zNFXV7l6Q#ZpJpB*ulHARXTI6txss?*cslcL^c~|zfVboq9FMkJ8;c(0?)W`N*rx9_ z9n_EsIr#oT?p1wB+3|sBe#YvMT&;Z{dt*+e><1rjc9WY5FzZ7R!DiK?RbQ{rIW0-$ zLK;GYD#BJq$;*F$_;FozY@LzO(=k>OdJrxWG&Wf)ps4R6N z=;X2q)w|^;%0GFmsnanj3=xTYz+=TS7_kxFP>w-=AoL~&j6yus1er}a9aofJqX;jV zDGUYkoD_=rjMvi`x7JTrCuJ+&AerW|7UUr0j%OJ)P!ziEKT-n9lNlc?XL}Bd9Mt(9 zEr4x4TJSxbCnkgZiu)XDb4!-Xhi+EjhFU-6p2E0)Mi1^bxAFulF=HlVS7{SYk0TRC z7kwvQ0}1SDV+h)zzdBpQSiI9k=4?6H)qciM(D-q}p@xRcW9Vy# z3eJzvZL3&qiNC_TO{ep<1S*G@w{a37n6r%Y^N?epBK_-q%Z81b)y5swug@H%mWL4e zu&R@xNI#T1`MXWp_>j zxtt8zf}*NB(=R&-Mio&>g?`s)r~~cSLe(f%#tYM3pvix`Ke z=@!&B945E7PU!(~srz=20qgCQSK7*(TY-Z&HVd*@*hn{GP!wgHKE z;=O7?E}Vp(0!1@{3a1?KcM$k#GS9J_Zm6V!xqsykI^FFz#sw8v^Gb zPtdWb%Ptz5jAA79(q!fjF6CISPHg56m0J4;Pyn?M4&uMu=>>w9`8)z!0m_KcUHb zaNc-Uq~@@3#80op$2NO5`=&yWTGO$PIi={Q2J6qzgNV$M zp%NxkaLR5hIBAt)ZaF{biA^DWy2ZsQyKKcNoxdV$B<~lB6#ue)DWSYZ_3H;>Ggn8j zjpyL0){w7^%>o%sld1KHoq4oMWdikW3<||I-`v{%t8>6temL?%I*CkS=v6}Abj!)e={)*^Z1R#naWYYyQe7=SGJug*hic(Yf(kM6Mnyu|>nI_&ijqCWR- z%@)p7B$>RIb?Pt`duYqa91-{lBOC}lnD;fByQ@l~hy>c+JgAD^#HMuqBrRgO@qsoT z=oV9(&{Y|ISRcIZ1>a?Ekx0Qgl&G@th$l*|k0_rNLH?ym7F43!M-8ftAPQ!ND0dzE z7KZ|p5FYv#Ts{{-yWc8@RJ}1jy!d3EkedPeyykrLWuWngrjpm9z~-I$ToDDto@3v{ z-JA1r?|1vY5Cej~Oa%pJW+Y1;y7Y!T0_+n*4=Zj`oAMe{?rm17CmY=WOP+QsXN*jMX+VF{gvNc|jBxfOJ-7 z7$bZAOl&9b$;koqEb%;&C8&L=2Y$AhfF|QR&;SypV?e~^mPSbEfr=nCnxqcU+;JMl zILYiiqI&0pn0CG6ZsvKL9$X7+N+z&Z3 z8)}6F8s#agWZ-gKc-unB4(;_TR#@Kn2$-6E-Udp}7h63_4$pdwEj~25#!IhmyhFaT zhdT=L+FA8aUc^(x(B>!2(C1P5S>s2sN)uWeq~OZe5$KB--sM=H3-`HhmmMJ^Bf_=CE8LCU04}Q^vEO&0_ zszn~?VLb|sd`I(YQkoW!wsnW%6Nd-KLtZ^tc$oK(yl6-L56xt+oyg+7m!@e`C6{P` zTaO5!HrEmJES;&vyYX?B?pxu0C#dXNAgip@H(5&t&~mO>}!Bhzb2%xWeW2vj^_|`!ybSi;tc1d-+QhN?*Qdyd_&XP@NjWMi_+j z-HgSn@$92YYf58?N*HZik#aY7qK+d+Qw`o zf8`Xy!ze2{@D9fnhV!AH6ZFw^z!6Ujdr?EIpHS~`7-|il`MhDR-8Lio^t-iNpWGC( zhWiD3iS
    K-24#|utP;jTv^JyNoP!B2Z`IZKg7W%0$c?Wo zdF712NvA}*!(k%Aw|!4g>OtN=Z>z(YsPXl_nkF20o|Z$K8%1HHBS4!GrvN`l5otiM zNDUfSuUYQkoalbKZ4T!ts=C1^&I0c@8BasJaY{#=pBwXBe-@t3dIe6N$1Zix*D$|l ze}{tY%||rYZgAaHwkfcWDXpqDy^5W#VTKClGVuL&lV`d%bT#El9(a6|e}q$maV2M6 zG$iCILHnr{!agCY1;qq0!@Dfp;(NO0`22*BW=5Dd_EO~&m%B>uaSwp`eYIghnPXh) zQ&Rdr+fmG;W^ySA-+2d>Njx(qb771FkA#@yZ^%qbP|vxce6*pp z+g(LaI8Rb}L8JT>P`)~=c7OkcBt72}CnvR?bOh zEw-SS2HLI#hU{{9hr3)3GmK1-A3%Wkk!1Hf*<+qm{cyn>yjy?%^g`gzPf74%-e%b;p zKz>f)icqW>Hf1$893$Nu?o;c` z^-iXPR7SBue&oszvCHVXno@1cm$cRrr&uGZIqF32SR>k)m?K+#>}+qv$R!kv#`g(F z+i?j94@DT_S0FC=IZ&%|FPFD@bCC))>A_=8H$8-;OeP< z*Z{OgD`5AiiW&FE=w1`-E8?Y-cPj-bML9|dQSDBx6iupcYxEJvOk@ncdT&q^J(D(H znV_BXnQE!X(M^h#y>B(_+;rMV?OJIP8z|&EKqG@d$URWO11TP z4lgsZ6?tl*q@f~k_Y6Z=%EWaV%{F+zzBy23=)ga%QuHHq+Dq}ZHJf00v>00NV zn`PJ0j*Ytmq3`&hP6ERMm9Dk_{yo`aC7|M!m2ieVn}|hXq`+s8nQYK@{`2fxuKRjvU4;GB2%)dI5ebMYvdgg!ndcGZ~ElhT*)BGHKFjkwo)jQyA* zTW8+a&H0K`hh_~vPZpgq6-MUlN%!WQn{VmbmS2F2-;uMnR@^u(u6bWs}-F4;?w#mFDU8l;udBynfvxXW^a>L4 zk*87~7UqS}fwt1R*pY zH#lw8GB10uJ%sdReO+XAWE)soy3)weK4+*p8O~J}IxPPu zW4u-(`%4=mDzWEzA+VS56_PVx!Sz9j>?z-vDwjH4Thwi z21)jX1U89xj>V2hgE|w}Efk-2jtLdu^;snn0FtlyDn$dRn3Ymi^FVQ{uB)6&`^gse zOC$ULKg_hJrrh_glHotdlw&9NlnhGnYu$V_q&Q#TWR({s&?Qt{{-Lo}Rq&*mTIAU1 zBiQ{SDIKGpgQ`A@OQ9{Efvnhg05i1Sc>OmBJkg2wOOXV;7 z&i3>eXF!1vYau~f-H!FPttKX2ts6NS@THP*o+Uw4;L3kgNZAIuMM{L zG51;l2|YX-z)<*us67#+UF}z4%{ZNo>K|uWUatMcQQHJoI)zsoN+DXIZxT4_e3zDZ zB+SM0p((9><5-CspnIXau@s~vC+v8qsvf;t#e>yd*9CB{-BhkEfCB2uYAS}3;=x+* zVsKLTBO?zLo`BH4FW2jy*<2g;5l=WAkYgV9lC7N61xU2E5p9QL$O-Q!9U&-7HYSpj!9$buL+icuo zoO-Rw$x8ge1)VheOo2W4jn`ii?g5~x28X{dNF*HHV8p<>WGdb79~KpZ3+%QO6T*=a zR8#y~eD!9NK|*gS2eS9~7aT4rgMg8ls?F^OCP5D$fbBY<*)h1L@O2ErsN6p3_6)x# zG9%A7CdpbY*17qMbiHlC^Bh#VVfP~D@`#Da)lH8pkHI!O%qQJ{Q|w#jK&Ds;M>fz9 z+AIMOd{z!x&lEsqo^AAHOR$d2>6e3T2!;y`hjkQnJi5wBwczqadp~>?+TE1r4a&XL z%CdSa?{LGZF6GTn;#;J?`o>i3&4b+^n#5q^xZoF@X6@k7;)iE1YM_^HlfJ>J zFrXSdw*l|zJHrL}L!Rf1E;u%;PJDWN)tCFM49Feq2I+c2QwfIRBqCB|xWNu5ED&nV z3j^@WZk;5^S?y%*Dc#=nk+nwggf73wF)jBBu*oELIaH<^%Vww~;$EVoM1IE;C;8lS z;(P153EJ>0n%r)3545dRa{DySZYh{zN)vtM*JIdFOi;$+f+Ab_6^HG8X)7Ng(gfu+ zKz^C|oF4km>Ga3D7$S#fD~9Ta$U6XKWI~}8;$*I+Go<9&4!u_gE8FeZPX+1hqrRqr zmdG6FdV>dlo`m;8u4)g}ZQ4)GPzt)}+g3eJ zK($_ym-@!7kaig=X=;LQ(w;{U|<$u)zIRZq3H zVXcLTaG${8&E@@kUkX=eHIM&~S3=RH1y}7C&SY3M6^iY5(~K0Tc3KOnQ7!uKQG?03t6%zAoKcnh24v>NN?SfB;H@ z$Xpwaf$sRM!s&emnoelisQ?e|?qi^&bHm8TSnmGS0=mx?$w;Vggy*`x`WrFJK zz&Tjrz5fEFmS9OgR>(?neq<;&_2?v%TS4qp%G;8woFdEW{m|@UX0_p?K5|}P!9$Ei zJb96a{PB1Hu=k~WH*+|8c-{m4;P%oK?jI&4MDlcmhAp-5@0b{QFp-vy8&4J$&4SNV z;>$>Em!pw68)VuBuFO&V$K~Opvb32uOgqt6sm*oa`6tMQ(7E(pnv=(-roTg_S5_kE z+kY;-StbKV&W8ij4BvW!E)!YA!m-+7eXpC|)BC0w9ON(!3-1lEd{*(72}C@(2ugF* zEV`z}X_g);`idHnAl?1RTFu|ifL4!$=u-_c=G%h47@<5+s=^d#b}wFv^7&>!rI=1s zlP9`%GC$hI@J_m_g9;x$J=}kDxby+?^$An-%fg$#3Q_MvoRPcnKd?;AuXV!uUz%e+ zsX0Es=;hYh_rq;0$v1Gj)9^$Fp;UR9%u*?`NlPz@Jog@ZZJf!lgNBNLR+wTt{-Bq* zYeka}>8(%t#d_%-@qVwmSk(5QW8_gC%bjV?w@)sGF34d93*_H+80Ya^iK03N=zCoF z$pjxg+l1aID*uzSvUR8Mf)NWU6+guW^|K1JkXD zxPKOZ$u3#sz1~)MixClI`NMS#zI?wcf`RTf8`H&;Pj}Sp`Cd2K-p>&U$Fhm(T+OVF zyRMvblYb%l_vK6d-l<_F5mjHAGj2p`oOgN>o>S#jc2)iw4(O7lXVmm2yz|N45@Y$h z@bHA9)AK1n)7vIb^XLQF^wm;FCKEa1zhH#ytd+#DABmuW>%ptm1jEcueRPoPiWCoJ)onaQ#S|#_GcF_BluE6#Nh|G^{WpypC(Gux}EwPK9 z{zeP3rbCx6eEsnzTN1oa%0KuJ60UgR$`#|@#U>VmYfOc&unuDUQdEy+mSJlB7_7lsTM z>CZ@;_!+C;?}^L-hbb>qOY5GTkFT|ucA{DVDZV}vJ+a`p_hj`@hpS{JSMFz`l92@N zsun+F)zk}%zsDsK*msk?{Ly(rGfYJ<7^W1@_iZnv;(s9YXDU^+la0ul=BTG=C!Imd zE&SWhvH#zaovmDlqTN#Ju(N#S#rKVmStNa0B7HX4thV^pcGGEkb=cGB%a>BYTw59Y z43W$wcOw~>L+Vs5wETyZ{qw^eHClX*qrJ|Q_T%@}fno(|^K;7S!u6X9K--g*h` z@*zYLuYA#9Jz{Zq^onnt-%*5B27*bIDQ9cE6Dx9IC*;c&U8CFXt&Q)Z!p%T?jn}>mzgY7`;_ouC;9>RBmqtMT?`gtyqfyMs8&45{@Ks6|7)$jF|>J?<=Uvq zvi3O3BPsvf@;2H1lWExkM>8RUamR4<)72E9xPWbC<6UTF1-=>@VQ9s02)%SGex>#u zjg+KPsNv|%@~Hk2sn8vsOI=qR=xi&{*V(z9J2b+0lCGz#FZ*VuzLw4#qF2clY<8%N z?zk0$5`41X72dh(-}udAB$T`A!Dpb_(lcWC@Eoy%3y`e7G=qBsBCnLb(GZ*T6^Nvy z9`wEWJ!pMZ;jp&&B0HhO)YMHWCUwZWPN4Q?=>mV?`-%*A03cwC4~?}{yJ-~|^Q|Ak zTFW|x&ml?PY2CSPI5s4rP<)$wk=F2NAG6hI5~u$Zve+wcE0V0Z6br!jgu~MKi8)W; zjm>}?yujQwW;ydgRX!JFYM9b~ZQM<8E#n%Vrg3Yd>AzQR|3|0LnVMN$mWPTlyN7*P z(yi7VyM@pQjg|}{vWvMjMp9*2=$1=!AWc=8_?D0NZpLhRGI0E{gwURY8@#_>U;&x< zOAxRaeTnzl@f$SOy2LS)eW}hZk9A9jySdLnhB{^nUxMQn+C1g>;7+U|ISmIizlby?_!VPFkjv=J&Vjw?9+R8kfz{YB;y+)0dzDb10@3FJsK@6 ztM`1?8*HudaI)|78A6+$xN%rC=%`W>2VAbPy}e{2=8!w?Ulw#@>w0hL?+n`TFicYfwA+Tt{*C1Q|58K?`FBmm6R7A>1vxQdNBr%4C~|n3XH% zNE9|CEN`^S$NDUB_F)(&-8JeV_*NL%M;&_cEwc`0J`X6#{k#}p{Bxdq_)_)g2Yj%k z**jcaRNUp++rFxLV4)%L(gw${`8vlPhHEgGoz!h7kzd9Z`9C@_NMzU##N&M3pN@PF zHmqtSlvnG1_1ZH}Pv}QhN1WmF%M_RSN&3_}XAId$XYquNg>yOJqG8VK-RLFL zCq7>A4A|6{*SR&k-TWBYU)8`LKj{In^QUAML&khfe*X=qRBAAqO)58e`xjN-k(wil zmYr&Z@a!8*JEnv*%A%|7z8?OcQH1LXP8xdV+&tzN9$Lj|(mJ_sFSM&PNHHDS&D}Aw zucEMYy^gep|f9 z^4lO^2B|A}+{yJkA*WtFcu@49KIc=-H6(nPHejh5O@Ql82?Hq#7m>J2Fa!AsHdQWed!@GyyhF70qUe7nNX;=TjWyD3mGE?J3DnZ_Q4F%fddy{wc?zkV1 zu`6y&KKd=u#HPd$rskIO>3XM7U`MRJJ?LQ_?3eLzH*LS~t%C4Cjd85+t#TPzU-ak3 z!oyTf_RLX_T7-HAOqvNO!WE1-Umv=M`Zubn$Yc9>r4NoZ5ASuY)?n=hzy1~QI^4?cRr2mMQ+%C)S^eM!ThET)hU{ce#>wI8X$(%* zt-I!${Jt0T=dBz~9nOIlCQBoVGC# zV4(Egz>IogORnVAdkcu!os76$4_i(od~RZo^bYw}@^XVHrSQ`5$Xr-o$o`{scVk_J!d~UaJ$u!i&A)P6 zxA*g;%rKE}z3Kk+izdYve0_ziI}9Tt;?3gKnfHobuBfk9Juj^f z>=^-DZ-pAXW8-U)Hu4<*BFYn&r4i#&#h>iKl`uT3Upip5?MU%ZbwRYXQFQw-{EAu5 zn(5ZqeqkTCf-?1^Nd>o@V!a>fI4W$C%1)HM2-RdhJ0jDhI^tc%YIN73K= z0cUv?YS9^@sQhR|kICjBIjG1_@A!#`qpd9720d8wa&e$*yO|h0E1L0yPZPnTClT8w z7&wLd#7FzlRHzE`so>XZlZ}j@Zk@v|?n$=PMae=Tl=YWy=2SA4SCMpdJsBukaFbH# ztm$P%c&Z0mETG(4aQ}FE3wW9SU}d)D`@!c(*IFr0NoW(VV`UmgB#xT3q%R*k)Gr*5cb95Kr3IIU;K>0g5*;`0tJT(``B=(*)z!D?bZ z`u}45Kbx=*ly--TrR(MkOjK&HY6~$uoasq(cHzA(*i~(4wSUX>wwTN9XoF_Wb#0NU zChaM~)E={n|3pFMGts8!?3&&1=i_qLezmAS8MxcAx0K2(;-mXHPHE=Uq}T4}9V5pE z8U(r~p8VL=m=xLK@qqpDep|C##7?7S_wMO$g3r!1G2ablcFAfYOWGS`cpB5jEuj+znn@0%;49Ma!LUuJ}AWmaTv=LMy|c-h6)GxAa|KvP*7A zH6kp0Q&Y_v68=fU zN27qnw>!R*{}D7c{COsM$4=$SgByc!E{2qvIlGjWWUCfcsrB)14{jD#qxRLCUBmiw z86rVshoPKCpUG47(yA?`!>Q~j`<+rcw56bsuYA*8cJNM;zfjnXP&`eJ*PMS!itJ#I z&G^_a!Q#2v{=dv_@Bi{3755j}3Yi!Jz97DbjwB6X0f&AjDLwy}0m!&Rdl>cDG8!Mn zV%c&Uy<^4v86PYx!6V}| zui%5R+mJ}=f^htV4gC2CiJB6ttg=!~Q`{1Gk~M`YZ6%pH%Vg*IYm zZtzyZ?BOJPFt5+0+-JX+wHTfV#x<@tfV+w^LujO04|xu!sdfP0AE%0TRc(7C`7a2* z{fqPqpLiSCz`+aO`y?l5Pb3-m3`zI#BY}!bdz#gM23s6S@?ZLG^ZpN$(gg~xpy*8!!A_~g=(S= zS~8>-mhh;^cSfpDs?-s;WqGqyb}e07@L{^X)o6AYrM0GdpkHb71x9Jo4PW884;A^W z8NNXHVaJRBov^@G8>Jj<9HsnbvC^(>gmLFwVyn-+g79G^Js?h^VUFR$PJ}Ja;kb6xO>5h(#A*H6H0uU4H`VK!f=#eelG?VFpkl_arQ&%Q z&=$F%A#UK~7;Wvx0-Oz=fr{L>HSb!Ss7~j8y3;KcLZWf488ACKC;=r|)_}sOsxTn) z)NaiYX2Ab*`*~69aN~j{@1|SBoO-v%4cF$s;;Q7eP~!|m+t3~8*4^XKZ!5w#913{- z(DV)9t2O>$wkG8L03KJgZK%IQ{a+tP*H&Ejr0d{nz#5oEpZH*Lr%+p;!|~m~8NEDn zJp&n!h>!krH>_vf(di7HSIiZqf4or?{cpJJL$L2#sHSSL0^=dj*aHL_e|BZIO+l=T zvC17c7OOi`F`B!n^IHD{!^6d-Vm5!}CgmheM_Hc4?k9=Dl8NVb=GKPJuUyP%J>fc3 zK2mI*vhq>UJCLyxy5b{Ts2Z6;lCqD6Cw1TxwSD%W{-R4Ps5V;qtyZb09O7wsRfZM5 z8PbBaI=_TS-5@jD(q8o56Ca-M?w^+&3?iwpxJiEX=>tf3Zk2Z_kAuEWNY zaEb2mHO*Mms7Q%ZMIUm{TFq8*MPA%$bj`2+l4W7nVp#bQ1PTWH7E z#Fq{qD*UvKSRxTWR6Vuq?N8e?WxU6Ajyftrwe=cyeQst3@dod-%1J6xZykKm51VVOmooiknkYg6q&@nQtEP+hHpH-V#uPdbo>fToF^N!TGr z0L)#Z3-I`RBW|M)SI1cO7>6ZI%y%X#P|R|ES$J+{_J`3B|I*kt9iW>xuPkljqEEvL zl1Q?KYRBm25B*G@3^acgzHL^jVEh|S^y)PI_Pfigx(}bZmB{Q>dr3aqs-w!DOTQ@D zyl0T(jWeptQK>ty)*%Ts;y5!Gemz2dA#u6>Buv1r=P9knE8;(Z?*}(Lc(I^T$P8LL zm*cnJBhqJsN-0FGV8`pu7$xG)#0v0D^lHF5Y zZC%>?72$7}VHIu8`C=w#-S*9NC0Tf|c^SQ6V94;~+~&iDk*eINM}|ii$fS1BrbGN( zfC+6K8W?IdW4^avURC-@-Xr&e0^r^Jtl&g}{;D_XdY-8Cx&RC9=Wnn7p9>mC6(-NgCzekTe|a-=@q&#)6ZKR%T2%LQC#}Aa5j~#K(-g#he})Dsh=mk zQElJwlG7MGWG7yLICJHAr&Y*LCwnQ&s$I5Onz*Z+%G9V2xnEAm=TC-%tti$2_!RYvHL`@JOd>=pt#Ej>M?Z_dE~?DZ?aR*hSpvKk_!{xC zP4421@t((0$fQRoU#0iUX&UB6_UGL2x!pF;;141Nwy)1;KUx3ji=y03Qd(7nZ_Tz5 z=cC^lfgWKmqD-}2qHxXzsc0rE*hL_4Z4I0F--W4wGun(*$?%~!?Nz%~Rnw;V2y_h* z{^-cP$X@XP=jV>S28_%c@L~Sjq;;dAuV>e0pOBza039oe)t6bgrJ!eD`1^d?`zKb) zXTFV_Sqg!#JK(Ot!Zl zI^IK2um-r^3EOI!2(zgD#59T`muc*6gCdk}{s|x2u2Trv$D*2eb=9^N;l$a!mJd6g zDzVPDBTgn-PGhfAiSo5r`h!^w(W2_LCWv(K2TJnz`Hi1$6V^#!8-LnL(#p_Ym&ZxJ zb&4xb^lpR7YF*)2Xv+5iJB1JmKF=a|BJIL z3}><-8#H?{CQW+FsUCJ>ZlCPoLfbxG3*|@b=J=l{*``Y@XiSB6QNv)i^TN8i>U$Z&9%KQM9aqdDs57g;2t zP744paV@Wk2WS+q%nt_E%vNJ9ld`%dA=Tm^ z%Y9K!?^RN+EvjUGL7*7 z%~#iMebm?3sZRkdA1gz7y7;b%eq!zi2Hl zH}YcP_+Z7uG;e9?FgJ3$J|~t};gqd@%7^1DfR`*Z zBz$<=j$VQ$rE@I)FZRCrtvE8m-Z4hr6&5;@x0xK6c zSdI*`-%mv@;od*@ciS}qx7@o^HO*+ux=kN=o(y^M$3O51n>~pC*_HggZC1$DKBSu- z&Et0?f2|-!tZNz3=JQ*B)?t{H*EYPgvTu*Oa=k>Qa_R%6`Sb_A%1&HhR!fT!kIL%= zxN6gWVbia=1%In*k3>{ak&#Yc^(aA&&h>r3KMHqbiL|REFaqcoK;rbK23P+F_UBXc zGZQ@ZxFcH*c?JuXGXj6{Zx9P$DlmL$QYxvaS99+X_K>yjis_#B7Sz+Z@6DfC{xDfI ziFYMw@D9?w)tiTmpchxj$?m*+b+PUxY|+N}=Q>sn zaJYJ%8W7@W;`+D+t3Ho0vTO~F%6|=7e<(==V=9j&#*Dn|EcY(~!cv$+Ti2x1+}FxH zUD~DnbYHHP$>$+yv^Hrn1x25~Q(_}|>NJ-}y4sF;Fd=qL&aLDtlXhA~<#nj3AWo}3 zoGD3b=vYO)G2-*WzEnl{@>l1p!$@YEo(oxsN0Jivl{;1Kh;jY(xz8dn_L@%^vdMk4 zka}MTgrxz-qHhkag;YgXEc{MW7OrFjibKndobZQlrs1ADv_+36`=iGDYOT!)nY7&r@8?Y~Tq2s!YR z@^xSK&^7v6ZhUE8GX~9ar{3amHHQVM!5tmy-*V)mGCZK8lGPteA4_QyuUtO>I}_pP zaf|E@DEjtAiP53;8ZGU5h_?ezlHde+W#>CWtmP zG!zIZiMWmq(>?tdh^mhI0#Q=4L4hhA*UsbM92%oFN3V6PJ*VYLPhUuRBHlY}w(XPA zwUWip@N)5RBV1vM5$?f)IJjeT*xPdi<_W@csWbt`xitiMjrD)}xij2c3xijVZL` zoeH?z_4fbtv$eh;#T#N>%`nCc0|$oCcq>HbxXH07Wv$JrZ<$ zb@IDQ73dHhbzU-m(6VVk(z(PRwnWzxSZ1=T{+43 z@57SgsOUXAFbre7m?sZOKj*HlbY}l7Y2ru!VV~nfNtx}I=&b(&c?L7-_`!Gas{=z* z%~!&G#-ws}7}Hb{XEQFTzzuVQ+Y>!={+4d>_{N9%+mri0aVJi4o)f8XDL^6>yKP;#VN7zvb5(Y>V~4~x4$Bajd)Fd-FlUq4{&cR zC#K$ipC|ITaCOgxjQ$3$enlANABSR7irZfcnJP1#i3emXy z`YBK4`EoMQvAq@rG;3#9oGi4LcG~YQmcHh+Uh3rL(NiOo6+7JL zpVl(0GHZmUE;w8fro^$QW8N+Hbq#)&P_#(nAm=hZW{{|yvje+y(!Nqh3hcs7{QcP7 zXKx=?3MNM0ChFgn)}Q4gy5wtTaaqB)=KGn|pImJT&k-&rV5hMJ2M1iumjg(?8(L^w zv?R{HAM>^ghHP>V=6(}UFuexof3hp7xK2gWv`b=FvlNxo#2+Mqt6UgCh&!uweFM3@ z{?R7FTb|UFbMb(cdI#IC^-U|QqgW0QW}G=t2g2%VHQ{K|hhGy7c=G-qDH{)!vg_aXrz;0~-hE;`>W_`zXp-MaKoQe}F5IU5K=BI%Ddu5~B<|9odbO*^E-o=PX#Jj{ ztmVG0e(M;dfi!PdS{xdWJYOTA@;W`Le^|+f)5_v@$G{`oZrN4u`kD3mOL>V}nI39% zjeBT(XutTKi>ud5p8xi7MCpDx5z6rO4-K9_%{(vSPQREwg4P zLltvBC{0g9{;H)z73&)d%gOl}9_RqB=da2LVxc5^l?%U7TGG2&-wl>ovvU^D%g;@g zPZn>!U4zWTMuS(+mvHJ9U4h=~)$%)M#R^*O@J&C$R7X)tL;Du-jO4mmC}W-~__W5w zX^_`M8@~&S-fzps2mNO6Co`b_Pd*ZsTzw!Vn$YghbP%~;_Zy8*^62sH&9uqNSkptW z$ihK1Q%}oycnHlUCa%ai(S@)yE;q(6g5X?#{`{uO{R7M$AWU${)qL=`MO2ve9tZ82 zZlY&6GZYq>E`c58Qi}J`cwubUu%tTsA$9+i)oS$W_KjnwV_6FoW`tp+DQD9$oJY?St$;IDAGJ-x(fpjP2rlx8NGk%&80Qybyn$YTw2w@!EyO zeF=hl{Zo<3d35tAU-CEoU4lCfIrw4M#B{gRqr020uKj#rKcZ|SPuRK555*T9v@!v$ z#(Ncq?U$#5P3AL8=hC_?ox=)u*sYNJ;LB4KsOuDsNX>4C1q8q5M9|F64N&%flG2LNJ)-zSf( zsjl8avY)h&@zeZ_+=9eIy#7{{ImQv?%HX2F0VGo}zF)L*R(Kfn;M>Y;-~ii~cn6s-7xPRX&Np^b}Hh)=^MW2+E@Gtl&UAg-4dNnD}VheAQywu`EzHNw^ zOi1nO6JlwDV)gd~0e6<9RleR*y@!IwP0>os-iCtKq%~(9lh(UUZ`OhyFnJcoDktw7 zqIS)Xtv3q;1FLlWWKKjL#p_r+UvDn&{f+h1g6kS{GVO;EaUGw05Ag8zr-?E1|F4#38$*?8so+B64e*=B&BY@;goUqBs8A zl!jE_U$Q*-XfmwF*T(>Wwx{NL}f0<4`?`Ir;eKyVP zX!b9-mo&lr&OziaT2KMs)-W^nQ{Oa$v6h$+$mm;U#BSFk-Yjuj-m^eW6O+s@#u@}U zewzd<9wKA9j^+J?IVC)I)AFq!{|KxJ|IzTG_&BQ@#mBz1YJO)8dajV_tDR2u^J&wZ z8gXccd{*G`C&E-ROG!|n5;Q zF~;^thuN6*l3gE<|7ev|nkOZEXWmRj>W8PR(e0yN7Skn-XntM-Fdfs>lc8tugm{mA zbGMWrh}l;}SR1gP_xkR9_KbID0|2^c{k?cwo!ZwG!qy-8@ws=$(EfU~0DEvXcD{$S zDu9Wy8iU-01NfQsl3fggocv55s?$z%e8)vj$V-1LeuO)likQ3!#%7DQRBop3^iYXc z@4ZlXHb|`bC-yv$&%RduS+}Cz8nB?c3vT{TtRsfPI%~4u3r62+K-u9e8_{1|0s5J= z;(~t-H?7p;BK~0OZ^w0L|Y}r#BZt$2N}}pC|QUN3Wt3yD{8hCP9#8B|)b? zo+`@G#8KFz0iTG@qYKo1xbpv`LBY)~efdNQw+GBWe+xz#a~%ibE1F~&Hy4!?iVOYa-|6?peK)Z7 z95lZOT{_Q8S*Iy|a3ZHJepcg4n#A2{NIPe0Y%7z14z#*=LEjaFOtQX;~kM}u2W*JJI8#Ptn3mwUZYkVtR6bpzpM^QX6$L#o(e=0U12T^J1M^dO`JMh*5xqFmn0Y#&C;_S|ibD8|0c zKm!TvTO2ozxK*im-J?6-g6i-%q8Vu2*fNse@(?*=%g&J6r>-5)X{y$vtE_%6$cfH% z0Z#WzJ3JlNed$#cyH>`z>!hdcYbNd&{Z9QCmk8PNP2442SNjuxpEFD0O`xQ-oZV?` zkvUX_wp5{QxGqeR3WprM5!qA}s6Lf{9v4kjqJEiGvDT&4wyGpK8A6HwBE*b%vr1Tl zK3*#PMUTHu-^w-TD$@v+@dU6_j_eonD_{+j~ zQ}B(RSSd~o`@L!-5m@iIKH74cRN_Wo-=B@PLY5K#;C@T$&vx%!3vr;Q;oY>S=B z%4ALp&YY+XXSQOMs2;qsq%ofnjpDdjt~x zD;|4AmWYRfXpwTOO5dR%$TN~A^e?u*S3dJ>X8TMzT&>)Rn4InNLc;%`aXZ!88J#4{ z<4Yf>2_L`fys)g-`^w{CR7NPS4c zPEn1@pq?zAKujqkp<(IL-F|CYV?27oO~#kzzE2C+BZlBT40q~~K8=x}56`&WL)t%A zxga%O%D)UJse0guZD_Urpgyv>`*Bw8Wj>JHtXwrW)V@&fNA{0_AF^EL>jwWe53mbus3k6=g2npcPlg zFG?6Fh3?`Ww{ z2+l^CH%)wU^j{Mv57Aa}9>Tk&jC1MN%DX;N!kv2Me7&8JsW(|1EgnNmt&e{@8x}b%A z7+1Fk+lg5=%r_ARH~CL-WZ1~}m>N!Zdy42va<dt#eIOeg}yxU;RN6 zjI1lj#?aMPWQ5C(OtG)B*|=>^3}K0z;%|mcL#{HUT+k?-NlDm=_2{0*l6m(ag+dhz zy>zlv2G}b4q^esh%>;0XrOmpS5pU=K4ZAx(YYM-MTdl#FYuOcl^_qSu6MylE zTnY?$$_n^+W9sXF|Kx+ga$l{YNTPHikbXG*Cii+vyt{{=?b)xl2q860N5dMtP00JL z9VMEo_1s36zI4ie#H5mE|4BHJPaWFRb`eLm%MSQ{v&WZ8VfbNYR8Pat1VY2GiaE&Y zHWi!%v)J(6OAHWJIyanGQ*n*2L+Zt{Qx5NDItdY$ zM3{f90`-TTJ7|CP!W;v~d5xReG#cBz z!gpDONqW;MSt_b~d|Tg=Tnb5!GUI)9RVDQ+nWwB?;w_wX;QOHl=uNY_jFTuXSPzz^ z)rwd$#A&~N%G%xF>DyZ8Vy}Di5!D-EkLt1e2e(6o#&@I2!ol!V2(Q;rj@5tCm(*|t) zMJ(n`)nCp?LM{2t0P6toolR?1aUvzkh>DtQ^e;#C-KTmPO@*xb@uDVMwsC&U=-vUA zacedH9PySX$&&=tESd^dqA>$*TMWDEyl`Gs)Ce5$247?>;Rm)o;m>_Ft6j{S;hU;5 z&P`$246&rJos&6_+Ff`1^^PN_=#}Dwc+JO(7-jR9%@u1=yRxjA^6zfm|Ia?ie>vfL z^r-HcXG+-u3k-I$hDAoRP*+3D#zxW682vD1=g0HFE*M{9+E;N75yBoqflbx_>T#tlkYhn;+ZwO;8BUBjgB78`;xrBZ;bQ6sZux{_i;U z_qZ9St?*)G%6vU!w@GMzKHlff6id!8C`6xZE#o6MzJ|u61&SG78}0YN+#b%Tgo0`; z^ru=WqB+CEgpKPVz_28>n6H0L!!hf-9#-tC6cA{@c?qX*p<0U}|bt`9aFaQcst1CK3p!E11e#pP<0y2~*j|af~ z+83c&VXmma%arg@D!T^10W1g4RR%;dhZ}dyw0TpgUUxu~+Uj|U0@DIa<(U>30aEY3}S>~9SN^4uitn}!YYh+iV z$t6)xl#TN2BQo|M7!8%`^^8!4wnBmQH}blyuer(B>ciR7Fs7)%$B-jdLUm6e0D0ARviEGS(LTW*6si}tW0N~Gb zBUFpn)`(mGrP9L!utIOgVt!nKbrz8|14r$D?|hZblzjr;K@IY&U8U)+LqMETOZ0a=3o~7AUVxT8HITgkBGaIO4MB8 zdTzm)tyOD^>nBqjq>9|=y$y|f!lT6_BJ1X8FPcXqTxTB5YYti4>PHMKYhKUh0-=`x z_H*&%k3HENA6(BZViW|kc@{pqniGz1!+UF3a~)U>4Ccq;6|Q7Sa$T+)hK3cxy5#EPJj-^4`B$j33e%wZTC8VUCeRN zqO!W?MN6{#DKkZkTJsmu%tp!w$8-1khbw05zSHmAadNesK~Z2vY^cx?lJUYkjv5b+ z$kdCF<^JeeU6)l=N}jxthr$_&5_MTELBL|B=qA`}d%eZ!upipt2Y{UsrQ6bS#efaQ z)P4Eae4i|I>k?h;eyR+iRMF@;^S?EC8QshqyXAiQ* z%#&NrbLp$3`83%n3Cl@UI%6Tz#y|m^)`y#^9(LRXczAW&A3$EcXBpU3=-+m^*%Wt zzYudnq+hPph9EO^7vPTNt&W9FDo6+YlKu60ppKr>kCanC<)QI+wrV^CNLHAQl*g|0 zX$_AYU@3H38SYYscy zLrCDnNG-D0QtKL!pL+_8#h@xt?v9PRtX&N#lcbVD%Kv zcBHE(+gU}_YjeKRP^M4>8+6F`yPbcps(F!6-8FU0mEpU^lT`@EdrOl% zJa4#`nT@~Yi!QCtBU;4ytHpb5&Xm_n3aqK4jBc6!YyNgsQ?;`e6UnolacX8w)O8(% zBN9;?c9bM6%wNx`{GH*!!VhVLN0T{t?@vThO@~RUDyPnYEBCC%lNWr{%_9!8HgVBr z3v;O}1DhG83*(ectD2}NZLsP&gkTPl*KNk@S&|qS5~G7x#7MiU53}e$Lf5_BP1c-%J-J@ zUsE&2A=*B`@xBJn<<>USxKj6a+K01e-q+q^^Za-wBAfhFE{l~(nOm|TADaESJe$=1 z4egS!s9;o*bo+lLNocg6t%}7duj5j(T(v+O^rY3BL@=}JuZbK-;fJ$cV>Q;2k%)ye zJC_p6Xxh+szH~V&j?ZA#{;SYBWo&klhhx}C`(QF3WL%LotFlsm9z|hVdb`fATInzJ zngxkr3Slb7V5L06n616(3lg{LTy<3PFF(Q(yO@>yQ)qwD{~68nP})3tRlGd zY+>;BiTlE73#!8^dL?dw_H%#)=RKbYm*@INs)`F5&+ESYZ%W4+e&k2#G7M8;oB`M7 zz8kaVmDM7_uA;%2w|l9x-c4#|_eiGLZGdZaOW0;+JvyahBelQZYMXX%zh&b0G~2d&146rSce%+T^p>QeR5(~U5uAQj{ZUBs>1jnL%!Y* zRa-Xx=ofdpBvif~n-wEt^2k|6-0mZJs;|2N0lDOZn`xe^THY#Az&8*bAdu2UybUC(~?o#xuMY@uw0UWaDP*poexYXjf~RL<`1U zRnfQTsrCUc5BwX+Bewx-&g9TGEOC2KjHAyBH3@Ga!TA-1#gpna=FOGg3uWD#(GLtH zOqi$Q3VpTOFW){L5j%cWn_PuKIK3YnK@g63G{56y< zp9e^wuDYS1h6;V&u!3|ZAUalhGNH1`Vk9lM!npI6E@IbvlzOx8WU@<*5QzAXY2oPS z^Ei@?2ky-=T;Fph#D7Fblh}c*1ioJHqAc3F;{Td}OTMLpwv{m($GNwZ0kSAs9T^#U zd6Mbaxfv~q8*ZT0o2x};?MLph=uPY{>=}^u5JbD2!pYM;c60EV_Wt-A6}n3~Mif8KZkkD(_p^D;}e+6FfxZ(uV+oREJ7*!Fd}GJ5ei2J5(gC zMc6Ug30aW<9^l-1^XU96KYOe5#^!#17HmauIE()!mY{#l(kNod-B;4;Qpgu4Q|pH1 zY|rjDxn%NitxM%MSgAKYA7)pJkubPhzggY}r|-!OgQbpdS*L^?`d;zh{z=)@=1>3b;SArShL-Ps(J=;f+g> z5GeZIeF1Fw)5|z(GokN!4VTqR+U=|hI70Wm0&ZsKS<=5Aa?vRsDZ4{6&azDu0F*!WE)tA8kK9#b9PWM-~s}MmlZko%mNc~1pCPSRH zoFKes5o5nv1C0H3o$~O%T+RAlxtauooqKR&ba6fqSL9I9>KjVX`#6A9tGgp+P4j$Bko?ZV z1@vn4oZ;YpS4H?V$)$o#NAAbA4)}6?^-qp%8T?i`6Psf@iYCqPe6IdHrC6J4XWQCi zKSCO8Gt>C2I-@~l#yH>6`jdH37;1J zaa|XX?ASID*Fju#$=|qDb9V#^nfw|C?nMSX>`GdLY81F|&X!blA1)cFT&^2DYj}&J ziJMPGgiI%fHkL;onhkrhYifv-6XBQZBLRUJD(uznMBnTVXC!Jii~LI30DoJpa-g7p zSb74Aocn=F$9_@^JV{V3JU|=Hefn;7h+N5;q z;@vcZWPdq0W$@iE$$^}?wY}A{dW;h%!sVb^RDU{9jLIeRNO!4VV6HZ}KSB{~b9m61 zomaZmU&FXm|1$VI*z=(9rgA&6X+?5`TTZnf1~7^^2jdZ_3~lY|1zKhLKT5T0z@+hU zf9zbyVnM-t?}{DJa+i5I`@?WW%cT~+r=Mz?Z(rASEA(4Na3(mfl-#dv;=Y6aUI`%&IloXRq) zWBhO5NK~X?GIXeJ5zTOLk<8n23;|l6?n-bSN3+gAoPAd}(%~{BRoueCV z9TW>MClZx&fUK<)CUSY^LkxjmHczT=gK&u zn&C0F9~1l)7mV%{+%AghClc1BArz(d`W8T@a&Be_f3`r)GwKF+CJMtbdfu8ELHap1 z2s1Fo+FmBW5xZ|gXl!oktE-x^ETaT~C(c^h*0yTx;=AniH(MA)iFJ&9KbKF{*Zf9h z-0FIJFz;_Q1;O&KQi0xMAnfP$aGtVgUUb4P>bTA?1~whs3Pp(>D^Oh}GdfLbV6M1? z>_bOrA&>4an!`tv4y1p2N%%W$V+f0_&(n zx~%lMru~!=$Q&Q`dK;HtfORZpSLP%(m~6{N*5?OSWa++U{wIrC!~TXU_TqJ;C6U}J za#W5}uoR6^;7a^SQk_3epcb-Lm&KkSZOD;zZaf%FQ{r`k*X6bL@I zgLNycl;*eK_5BcBYKR{eWSFZZE8QmH|KM!h=c-8ku{;mI0VP&uE;tipMsO~e`m->a z(|f7dk7v5#rc;wMrI4ngycn%2|Ia8ktC1Us8=OJp0cco~%dP7BI3HspU29*6{bp!R zaIGuR;%*}%ATyRU4(xZ>d6o5x|7X37D6KJ=peepu?V61Ft7{_`v{tpc_DrcMeMbmp zqj6j>umoU7TrjzH2`)`D*oT@N#f_dDEkuOx*L(njeMdA!_iufC&ZH_i=KzC>E$?z) zb1OX4c{%V05^%7jdAhxQLphWaNy~YTpb59)Z}t24-;QekM8*)Jrd)|YpxIH_3>*j5 z#l6|m3XNE$4SCY7JOwInl4(3do=gA-)eA-dMh8lM*M5(^$97%)0j%V6R&J>S>BG|G zRw52#dxe4OCy7O=>w9Jm*Y9rLm8t>lg@#UYyLq+2&Svqoq_v>W(0lM*{HzGCve|TN z6Yr$IZ3OE3n~+;Q*ts#-8It_>F;oBRPp#yi=!J}r)<2{lJlH*VCSY1vhu_7-KrCn>CLO7)BP*onJ85Hn)+83RS^hh zZgc5_(ko9W9-w9aiq}fjc8?i_g0^$lia%)*I~HY!S@|^?&+6CK$AgX`u1Ln0u(Vg5 z$2Q`KcYy7k(XVKP3&+xU3rGIxqbP+@taBFasEERG6z|+bbAB9VRk}3l!t+7L{D@cH z9_1A&QvFvbcLW7}WOWsWz@fDMJ>N)^Z*l2~v#enb&bjq6HZ41=OOqyFT1$)SHHqE% zGm+u1IOhK(WfQ=eV|krIVkI;It4~yazN^7AO^?XoMi2hBA^@p$1xPsVUW*coX8&g>LUqgJ>*~G)-J@X9dMW+ zu5wEW)3y+Gtn2N#+^oV!=}KjIQ}y5`3Zc6v9ol*ipR+f{72FA#Y%@`y9Wj z^9;51!bo9749~Y^lT6{vm2SuvtJqz6G5{hN%G%Eksx3A`HKPn$#9=F!AW{;2p*%2~ zsn^%%4AJ53b^A95$BU~Ew+BCL7WbleVa2OvCn)Di9#D9a;p&-?@kHphqAR-yIgMwECVIWoEk0AHmro?L1uSigM7?<%E`gDcW ztrIy;0B@#tOgNe@9iY-~YdDXDI99JsV2PX)6_}*PNf0?*t=F@1^Z=1Y|FKpMKxH!r z$CbG~9}z520%XVGB-_PYn~&672Ced;BrN_1M<^)a)35hmrqE3e>_RDk(WA9%;|iuF zcY653WJCx{5vKGuYu}74uU=tF*(tifUo0uKvkkeLTH5BcL^8NRK?o@M$%wIKIx~*SJeHjD!jo%*)=&^cTOMdnFsDaHnBzaWh|=eJ@`|x~=`(X7>dm z^N23gF&Xm5N9%bM2EHN9&v+N(6+aBYF)jJwk?%{7TDio?p7(bKHo6QIix3H??lgSg zVEV)Rq{d4?NBX(0(3_W`hlWl?lisFYr@!B54^S2DTfbA8`=*7NS%@)pt@C741DGYr z1@dBApcgy3r?Ne?r_o3iuK$^}%J59BNaE}4%b19i<3_RI3~j%u#qhIFg^nXItUz=Y zQ)B9{i8^X~I8nqj+35E(?3h>j59+8ec%OzO&?gQqYVu86*5dXs z`-V;bS%HB21Z~iB`$;B8%b&G@v`durj@W_0{^sX(^R?a*BsVg&W%bYb3fYs*vC9tO zJTV)syn*6cp|o_=aU*W<4g*bLG|szKHCGgDf}J^0Ch{`khFO)BPM%&J^%&o_M+OD) z8b20(nR$l*x4;RM6+q-!Tm;Of^d-j8HREm7+d(#;m?N=F6r{R)ORdmRxp40a8?Bwc`)$P@1oHmQYQGaR& zHGqja)`S+L%6c^}=0%LG=Gy~reZ(PVNshpITHRr<)r}|yE<#TeZ@TBZH%K7RYW&-FZmKHJ@9cj2XT##OV_N5$y8+>S$< zncJ;^AL<8vq+f4yIu+-)n@U9_I|Gg=H7VjLZaZweWDW2^*OtL(1Gz>S zux3otTzeYK2IqpWvEw*5++G@nckd+wZ3~`CV~7jC{ZJ_&qg222!oTe=p&Ig{*%Bi?RwEI}dqr=f+=fLhEhh|)`gl6NqI`2$otFa3dWtt90o~o@%Z3 zQ2LK05wiWv#t0KZxVGdhv;sj@mmT%nx+|~3%Ra)=7#vnD#Yl3(^rwAy^T2di_3jU2 zLDx;DKWQ$_VT`vL%z3y4AObVY_EpG;xOg8B-B@O?)o)GIKx5k4^$W5Iw#cYe+4{_B z-kQj(R-}D1Oc>}7mL5+e+3DEilOT=});037){3#sNAN*aUSpf}g9e6CBPz%(N{XSA_mCbIryh*z_!Ua%Ti;u-fnhNHGR6d-_orVt668> zSRi1$@i{^WW8aglFfOr+W$@%2P^<(fYQ!)?-GBWQCsoWMqO4iT1VLW_d~Quz??S7g zo1(ujzZHj>fla|jF@qNd25LfKQ!l>xuxv2c_Whrl6 zQJ2-A8mBe)c)JAOL_pl0GoIUYUQGh1dzI$PbAog&#?L?xNr4Z{${>V2VP2fKLuBG_&1(=|Bbg2ujQ zU3N1Cv=wdN*!ra-%6dwsQK1q)+j@%(I{{V{e}4en(w8x&x0n93w<<#23k2|y5z+In)DGRBe z#XcGNPnVXd+b1aKZzml=y+IhL-HeuWoDDS$msVFX$d@&EZON?gz~;S#WIY+XR}d2^ zRi5(0WTvHoj*x~^Oqt34>V1$$3$01pGC}p)(=krKi7WS%Ucx~39RY7) z^79OHO=mO;Qq4{>qf6&uxXF2lYj{@H3rRHdIv*x$uAMi_RYk5>VU5y~s-~3Khnz~7 zCN(7ZKoU9CCHWdj>_aA}HKaND&D(x2_2K$J0;^#>9W=i(N=C=Sh$LYMeXNeG%F~6i z`344HSWbttU)0#UN(MB>9+MP-*5RaY8WVWBHag@HDkbNl9Qu ze8SUXHoRV5wY**<$uM1_7FWl(1%Yg$09V$YL8~@?1Al~Puktn4fRVB&Oqy02gY%n2 zlY?=umx{PJD~6brj-pW|A{nl?6%=fz+solc@ZyFup)ovuC|Bm^B=Zuo1B=kR?+>mhKzNF;X>k|2-gSZ)=WhCw=c8|w)8dLCJkY~#Ovbus>;LLSe@}xKQpGZo6 ztdE7`ByA|@>h-7g(c|=Mv7lux`sjtKIzRI6|M9R(;vN*xLKU)nV7q3^r(iB>aumCzEj8H!m+`aY(fJZDGUqb^9r`qN;;zW6+1 zBAT$zh5MPkpAjZ|G?&8-N!p8DP(ZwxI|?sh@+6L8`Zc^g9O2_BDv`%XyFV(b!C~_{kgl^sRK{N1_T?nr7Rf0(pTA7_dYZofpfph0-sh-zK&`v+ zHLVUfg&+NemQdH8pPGzP`MMOnF0UbT1K^f99X^?J}+Gs?i zbHrc*k|P9!Dcy*YN_UU$k{Ufi7z4&=9-iZP{{P?e?tXW_xsUICUFY{aKc|`2#v)8t zYx;>0hbQuoHuzRt$bmpjD6RX&4?C$mvqhAG1U7;2)onpa)~}i*5)04GtzS4qSIs-o z==qm1FMvO=S~uCpx~G@l#!rrsvON94loaxa%-o0YN_gztT*I4*K2|QqnuE)t0N=S1 z(@|k3IG8Y{&>lrxvIm&bj}Ni^J?E4zyJRrbFF`Z3Rem1(++e1$NYK^l_*`heG?wBN zs37hBBH%1c#>&nQCCyS|#+3M(iK}XBVQt;Y8qT02OHXxm-1?#FOI8?BHHplBr0uEA zlg*{A+7lJm2v4Iyct~j}{j0)AiIU&_34*}ZjgrE3yV;5_C%NEq$-Pm3G4l&^2&ZN` z$lc4ah;XUByrx9YOac_c=y$St7GtF`Y4weAt*OH+Poow!978~N(??> zy1o6{{~uQ$!goywFRDFh_L^D~YJMWt9U|5gmTNG`!8W9+F8;Gk(M>f>`~8j)+s~A5|JUugLy$} z_=|5I5_=}AZ0+Bkbn@~`2ooH)?)hQ8WM1;qX<||ItwF#35EjdA&7YL{wp`B-t8Jx> zTxMOllDC%?&^-xQkS@dK3uHB`BUQ3#y|1Ug7UkG)>~u(2bn^{tblBNhqiJ`-qEl= zcL8pnG#}nIVR!e>Hjo=A38UPWRWBg^)Xm_I+BxXJ-+EpzEw(QKUf6FuKTaQ11p)rL z@bF=RaT%9OjaDiNvY=E=0MF2oo`$=rV@b`1om)cUcJ-`*dW~Rid?F@ar>3)LF81# zxZr!g`r-5`aY@{KZT&mf13g~fJ5@}qRay0@H;`p;*qq1&Rq|FCd`fNKJ(EB1`6cmT zgK}4UG#hNDm=8kLe9?EY`^ZPH^y&D~Um2|8?DBkEArh&)o1VWzx+u_Rq{b_}YktX{ zb5Wu+ZOd#mX>}GuxUSFIqq=kJ>cZ$8kH%U^ZKhnpzcql~?|QI5$)DThlom`3;y+tr zDreFD&kww`L-GF-4K9_}Qcb5ovpBsx)prz`nMWzP9W8?|gDaX(rZpMzVS==a=i5sg z$^32!z$*9h7n%#RQ|;8yP!Unt_FMuUb(WzNTY)ATa<_#@h^`xj*}PcraqTHRNIbc9 zu18r|3tP&u*Ed|2->{CbVvexo%j#fr)m+Kx<`i8VB1#2o6{2kx<)pPst4X+zvW04C zuP%wrF2h*uE)m2zSW=DSP?e2AvVHaEi`lR4p^Hyfa$@f>$wBTvfrz{t$QN>^_h41y zgUPGa1b5gb+!7&wM05TXvom7PIi+wSIMotH$5P? znj=+=XmxF~VtIY$;h0~CYjOyJ_$N9=M-fqv>#v<9lGwwP$36SfMoL)Yj80VQ-;3P5 zuSmjS_FdlJEC=3O4=dJ~pXWjmgYDU~(QQ1l>JutEf7)n!LxfGe2}-H%mqgdOO^jkJ z-KbSyLg12pvqV>kaG&9 zcx(u&?2}go%sts11Cv7!&)QY{`*VpVOw?i*2PP`l$Epj?nuZnLLgL}`wH@}nXt}j( zyBSRDU7gF?->}f-(cAYO0&5PD7);*9dcy6^SnaMH@@W0jzN%>tg6-y9)_S~4J6b}P?I`S3 zn6`5)PD78^sStsR%HWx?=$f_lZ9I<4Off~c-PAJk8vo?=tjg!g*HC%O?&^I50C2g? z2^C*6aX7wy$BznsAgU`HEH=0NQrk|g?z(g8@88x}2J27s=jk0kFzPJz&Lf-z-XW(0 ztnnU(iWfew9~}k<*dCi&}p~pwQ~0E*j%nlgKRn0 zANy>66h$l!_{$0KBfKe^zx5|+3}%j{JokS2da^K5y=0CMHUW{dHdO{3DZE~!u-RpyA3#0$m3%s?Q+LOx<>R1ikME1T8jn6AWqW994lRhYI4o2|tWEhyik?qz3y8#? z*VL}e5}F!JVs)&|IjQVk@X%b%uMm7zfd)&%P?@M62b5(`1(o^apmJeFOB$CkO5qpy z^|x&=(pm}maIQg5(DImQcqefHy=h59!lJmTo1hJrB>(rF<1pYAG}xgtmTZXapv55j z9%--|jn-Aa#(bx^4=aq>@l(52lg?|*cX2skBxL2!wD$$QFJcV6q?yWY#dbtfV7Y9~ zC8!HY7I$UM@2x3(s-h?B{KYSI&WuugDWzNOjLH77OfU|d6>+DV1T`M@=bMfcGdyEM_>VK!yKH4rrFO`AD=?qiR~ZFn7s!V;+v!ZY*>aKD>5skCx@^{6E6R6`+HoZOs)wkcLvHb@UCqye-{4`~Gy00_vU8-8^Fkq)3=TpUGVE zz_Fw1E*L0m1%C!?x#l4;PMKaU~G$5qa9u>U4BW57jq;)z4mn zLg|I&O_)7x5~Q)OqnM_Jd!9n7cu4%(L8`cFIrwmq?IOB*I#iMVI1$K492i#d-8EeRxrQcz{#u`c-h2_r*Y0X%mWOmVU&aUT#i?rb52vXM zNr%MlA{df8YNdnJ(dy@@H4VVkbBidYO(4}~@@{JGT9+=H`KK38Ic^WC8dL+C8rXoI7&)z?44Wvn}{8yvEO)SjCSvtwx^|1z<8Oobj? zciDtnabG=Od&NH$JmQARLcl0s2AgzLxBb6vxBWca?0G+tCatIM``l{4x%obco{j~X z5lcl5iH=jp0n9W6rcKe2c@HPwUJ<+8Q_JHq8Z*oczULt(6+N)9dEM2w;)_YHcoINF zfv;T`A=lXnVG)s~B*v0EqL z7xgyQ4(ZX?NonE0co@UU{3=!ky-4ebAe-23tdtyv2EKO z6lL4k=8)X!J$zw>4YQq&o}|$K23JF?#r|JpwPj+z-22&_ym^@$rwj7ElYczgsG{le zskHdtd;Gj0&9s>cx)n;Mj6;48hk%ThAWxYBMV zYtU-#)yPEWwRLDD?V(=ms(ij7wiAfjtGTfWxMx)GGP78f1yGLE`p+%oNlek7yyIvxxF1Zf^L1v2#C}UF-t$=e#V-5zV>yWL z4yMu{WPEz`w^VL32V}S}tmA&3ZP#u73<40UeG0LZx`YNiWw}c}ii?b)*X%U)FVBkv z{Tt2yW9Wwb887zZ`M6#Q&hgo%*_ATxlgXD!Vz7$R`eqnNk}6Yg@%VR3gkF>qG9>Ej zg-2{xjy1Y@1BM(iy=$ot`OKI2%jQ0)SMO8NVfXN!;qQ)g96s)gFemf9i0?sPCRf6y z_kyQ}k?OaVjgyzZCwS+m47NPx9hQ}=H9oP-T(Vs zggzxHg#U&mq9goSc^?a)v^d7CHxikH)6h0h; ze&PBBpX38sC+cjgQ83)Cz|15?8SRp$R-l#N-u?KkgEWOEnD7b-rD9(nZ?NcdAL)Em?%63k)d%Aikwt?aWVgXK7Z z^|!03ONKw!`F+moK9V**ZFm^3n?yh0_s=|oCb&aP#CLLs;?3oCbaIkVn|f)^`n~QCiYJ7?6c%?jM_$S zZgpNXBzT#fqK62v4~`d#L+`mkr!Y^dUnRXW`y9E%n_Q0gPf*)C3jH6AR}!gSC)>9s z0;-~{;{by;Tw65(&-NCZklbuR5^;<)0mV%ByNws zTB;cVb_`!zL^M5qrSp4$RgISV4bvCjIv2n{**L27P5FXp_vloD;lxgHT)dhwgNn*) zz0n6vUNblAGK=`%XZ#jr$S+2+4W9l4y^n{0u($r02s?Wc{7lNn&Rpw839)Q-dR}=->@p=9*0t@+jwdHsX_rx5j971@G0iywF7? z324_1QbU8@apkEEagjvTq<&LscH@0OY;_SZSy|Kq6n1ucm20btP4fc!E6qNGxZR5+ z0^*;)SSRPT7W6vOcC59^Qeix54!R78seCsAmDTVB1hcrrrMcF6eVa&xUFKG0e!lKk z9CS@8Wa)GW*z-LwwtLmc-6yWAn9J2A$Srk3$P3$seY^vEh{wl`iM72ZJLmsR%?bEd ztDpum(S5~n0<~u9|MfM^o6XVn^d-ntW)P6i1Z%uIr}@tEft$a0_(j_BT4%wM)IM{- zlM`g+6>qTl1?&TQ27C}5x@Zj zVbrk;QL!gDAvBR$$aR)2dPbShZvQ3;+-lBt%9zoT>S?L_mS}d=H3rwdtp8ADP%FzV0AkdZC@!T~Aw@oYXE&VEuX<)#Tux z()l+RPRhoQc^tV#d%`{HS`AH?|F$q@*!;PHPG~Sy{5^C>wt0?=?Dr_JCr*EgD(j8S ziy37KMM`$r#s#==R`03S%+$PrrMghGQn&kK4HB|EYV1#)uCmdoV)sBto6k&akqr%A zb=ye!M+heu2W#qK@xFvoO{@Q^*g~uShgZ{beT}`$@cmP4*=VO2s0Pp9&5=Rw=A^5; z-;2bbHwP3VCWc@rjWtVgGhb-}v}We}t26a)isdMK6V{rQQzI>K{z!@r04KUN?490SfqIW}K8ea8357W5e84mztT%|YXLtgqM=jzX8TBzmNl zBZJ0`i}+K8Eq;z8!d#>Zt7CMwitC>R9L{2%)vijwJsMlIx-5e_YP)7|UC`Km&y`H% z*QgSOAkCHBA*P=Q(o%5KAyf;8UYoj91!$a5#!_E-Aj-n!KMGX+{h&}yC#`!bV?_e@ zNRf)8W}DyXB;B?IoYuQ}?**Rir8%30L%kMQ>^0KZ1ynM)v^!(KJE6F%4c-R9QVGa6 ztTzE4XXWef_j0=Fw%J9SZAIE<0@tRvm_~Zc&;{%BL!#5{@A+pZ9CwmZTM zG0`s{I&!~o4NSR8(E7J3??N81zr(+kgXR>}8U)vN&9b;rC+A6?b=4*UzdYgf@#yz^ zlG5bNOf(dt$8PGcCHHxrw?kv?n)iQt9GZ{V$J%2yVbS#0*@!ZY%8mn zf(^>NV5eG-(XAlOtL^`$v${NDk3z@?=6G63KQhy3!S#SETzJ4KKEv-SVoXc?K4X(D zvqqA{(IBjeCPQl7`qkb>pE0)XxF6=xtUJW7+9tGK*Vtt$qjd75 zG1MivaM!PYg(u1>}D~9B$e%t;j;MWwEbSxuR!pD(sCo z1>Za0pJUt8J<`PvfcHuy$Sj&P5<%~BfREX2DsH*jAw6x)Ny=@RDDP@Q*tZR-UG8kenGP*Z_ zQ2MdS_DesONDRbJD2Wq1%+ucDnoTEe=z!Lzy3{YlJ!s zdKd+RKYQbVUmrDHVX8whNLBq{N!9{?5H|H1W}qf~`mLXZJ=v_Cs`Q-mXu-;_sP+!-m;PQ1;fgGb#fK^2B!w}~$z88m zi)IIY@9(6N_fW;1qUTdu&1bZ@$;%s;hb@0TqV0Dt&t+#eKePfUrz!L~`~0JbR$XE? zw?HSIz_;P=5fdfxug#Wi;HMxz~1zb`HByx(=ZZJhVbtMlf`iD@cw7O|(4MxJ0@ z#K`IYkODVP?Jg8z{_j5l+JX@H|4lwl7&&RfheaD^b$xMqKqUy8=jj4HYQ)+>?ztpWJdC!ep^TUBEY-EB)loJdJGEcwk@ z0+k+vD7S9Cmu1msN`6V|$K-wcNrji4NtCvdKm-n{>|BgIOsL8EXi1VkU_Kx5P28>y z^j_=xvvR#@BX=qPRE)H3`t!t;y|p37$Kldi=g(?uBsBpcw&pWm37$7ccRtPBz%*_# z*wxUZcbnqw>sF+_4CKEuBg0%xK+>7c`pU^uF;gJ@ozGx)mx zLGX5P)LUnU;!^2PRK-i5K|8oZs>M}uM3&{9E8gZ|QJ^gl@p6Gc8DZ0=s7%jq8f!O- z-K73QgUrnso9u)k4jC)@zWkA%8fz_I-YwA+8kDh+c}z#w9D}P6DaSMuF zrv_)IhCg}|Tw9C)79|kT(~Sn;%kx(ViMpzNp0?to5?s`oC)V>=}+g(7TdIAS&#EfV|(<-=;0yj`63{t%*- zUH{#jwHVk;wS_oje7Yy+kg7jst);ohlxQz~alyERt)45Lili!Ne~L38$1gG)Y!X)I zj8hIi7gk)CU^-IJ8`x#A{u_t&;FSezG5p!8`DKHQ(rV@1&!=O|pl4DIuz?8Pml~-c zOmPGgHev~8yF))#zV3_b2&{P^zev{Ub zlw%8l!Iwm8|JBT<^oRsGoYL3f>%OF!k2}|#9bN1!ZA@oq4ME2F_SCaayO58!^@gna zh{gK;8r*1?8Lo1ik&Lcx%#`D<`xRxg6%9jv#5}lckb!YIL~MPz3Vc}vo-~9l)6yS^ z$V7!2)?P65pCWKx0zKb^H4@LJKX1B8zg^!`)L4OC%bPWeWCmF_ zEmDHN^)}`6e$l5OHlVw)H@Uxb!^$m|PsOpzz-?H0aDA+Y;+Zaw>YzELOx>ZqB>!YG zr*v>yNI8}Oy42{>ddFavrzZ_FrJ=l$-%9R7Z{=(e{DbI*Io4}5| zsS5>|PpwRtj>1z30AuOOaOg38h`(omr4-+Jf(~psZqzhc!y&@U`Q~^gQGLL`9VH8fR4F7wwwa)_oFZkga z#JITi0_3`+1Gp2cWXun8)zva9F-?-jt}hSs$rNUjz_x{5ZX%Y2my$miuFOy4ekAPu zo6D=K=^>Q|@w!vQ*w?^IL#hM}SJ>Po`Qclgbin>>ipQ&x ztHDA;vzbM+7H!LuD5Av`O>-&o`#(fpe-4K?A|7F5d-`4@hnv-hR+$^L1KaI1 z-4)i`Q>f+xsWjbpY7NB)^$$;7UU)Zhdu<-~ogeS5`z>nL&Pm7IhmG$wD!VSn zgH8`}74rN0YA(;v^&#f`AkBN7y{q_o! zG2?)J?1|nBJQ(*K>=AW+I|8Ai->#hW7b|H#p{f(I-XG_g;g3{HMM%EZ=Tv`?irThF zi**W9#;zaM9exdhB51*C(C&W!J0|eM`K-MSMGiZwWe<(yK`7Uu6#aIIz+-o(q0jOtx^nBw+0!#H z_|E|{J_zzAk6XUZx~_I9mG3veQ{vJy)rGkB0b+CZN;gbFx4VcoS2^+ZgBL!uz_@aZ zY)P;wmd7pQ`za5T`v~7@xQ=OKUg=yh=E8Gw6_U!ka->zOWxq1$x7+0>21l937RFdDcE@oeW9b1U1p$`HCK7tOakvh5VN_D zdrN(F`@0!6@oXG)5L!Nb~%m7p#AO_UtE&m)A=#nO_(mlAbJH+uUFdR5m`=gEsxJf zyIeqrf@CKClD)CMt?pL6ksRwN^Ad_S1SW`INQob+qqhA!q}<}W{(m_t?0<){>pTFV zJUdlKYuU2O1U5nX);}&{^?;e~LiKzHfZbkZRRUg+pN2+!6ZVm0;B*<8=hJbn$7I!< z#Dsau{r3jT~`%ZFY!{P3+vr42Sl^IJ8c3<0%tcpgnMqdReu5frX0MsI!J-%NQD&u!?h~sG9L{6IMd-d%1SlT(x(sX z&X==?e$-Teb~x4hw;civY<{>w#Fb^@`7cPe)oY~%T}F)!ZQEllrY@*D9;2Yw_A#0J z8So(n$t2uj$-{X^f~j!BL4tRKt1KYRQ?<&!1Tt!XFCKDUQLI;`nP2`BHR0vQ96|;6 z1xE-xq!I^>*_va=hLn-x>z;7J2*P58BEKGOb&pW~k-~nt5x78y4Y)8lUJn77A9VqB zMikMB^*Z@Y3;4HxafL_+N8_Ww&^B1l$3^Ac2;{n=ev zhr0CWX?kyc{Ds6rxtsA1y?n2%nS%>yL5Fok5sbSCBPCK|Xd=@SX&Bi8-;}#1z49*i zcj1Wo>v-I;btE%2F}KI*fd{4D_Zwp+*1PigzyiyRH_fP2HaY#J#4YlleWC zO)#L0r$bo7kc2{LfsJ6jptT5lFL=FLwfp=8Cw)#R(4x+8Yb-dI>7T<2Uo5!L-C1px ziy*c(o8`Hy0H-*m7b=&~uER^pOUuaSz#PiI6pSTOM%ZUoX)U<5@z|w{j2W^*r(S+i zd|Ve4wvZX?ydq)-qfq@T>R)mK`ffk>c%M?Ni3w|m>wI#S`YCGe$^A|zddw4u*RC$; zJwbpzp&;Vou(IsHHnuCa^q56!!I>Zar76S-71fUy5$lpF%_p2Dks0reOEq`Z+c;dn z9QGe<9(34w6R#S81*u1*5I6jq_~NJFwlsB_vjL#IYs8Da$yNz@SJj5!Fv+*)4NGYA z*Wv&e=9t3aslNwii0Zyfh;q`pC(Gf1l2Y*F;{5vhFS2GU`qN&;^vA$*gVtbyZt?TY zrKw7&Xs#ngFLS}@XEUg8UBJ~}v&NW&HNVEos^hh^=+htSk!ry6OKA|7e>+d1Fe{F77t}y9u2a;HY`0OBRCG}3alv~PuqABhIgdX{d?bk0 z=lQ){jQ0)3UjKwDEe{*Nltml*mya8UgOxA6C8XKiJ0gftepVXa8bp%9DOLvi5RVh> z7+mqS86y()NnKo+Vjf&aZY3sIib|3R(|9Zo-`%^wgYfO!LRO)3zqn6J@sH-t)ZSrS z!{9RO^8^#PhQk}#oG;QBR>#9y8Op{WCfqmp*&|?}_bkU1l4>}1=H7|_8o>`EdWNf5&hfEUfn~&l zT*=|G zdInepAS$ADIdNV=aM>`z{(9I6eO8o%tTB$A`a_-<=;d&gMYUzgdX;So5GrV-L7nfu zuRw|bv`)f7%%ysz!eYQbVh|GmqCk7qDtA)3y>51;Czm+SS>6!IRyD6fS}RiXbjZ5~ zY`x`|M+NK}a`Mq|JV~deOu?ad4yzUh6+ zL978mpH7lGZ=T6A4uT2a%mq9s?5s%awh?;++q+(1(GPvl4^l&mU^H1QN$TnoZIP;b zPB4Q4$m{orzz-Tf?)_Zzqym+?GLzLnK@EOnaf?&@nINdZ9zA$E%8g+#CWX5q_mkV zxS92OM^8&=pRYCxhN)Z)oi3yHPE!VU>o+;GD`t`MUe74!d}5?~bzxz`4ay;*v%3gW zvPkyjt?&F0cN!BLAni9V2EDqE-2z-27LJGbyk$ae zJifnyU@khl)N~MQhO+U<+o8}i&UE2iOw9`1{Sc3X zo`{^EX6L-&9)Yb3!Aq!J}6qrADwR&nv`H)2-o>t&P)8DREjJrAQiW75Pt@twCeU z#>Q&oot3naW7(a|#&h$}RGxnM@^Ja+@Kg#r<34oyexM24cxFnSNde^8ENV{h8=U;> zb=+*^{2rx&&a8}_QQ35wpF*9?-KLT{GY!yG#IDo+c9-sWXYV05WqQu(Hc;JB<;Oy% zE%PQ@#p~t~Ccr#h;}LVs{rKT1fgFRkiXB4Y~QpLw;T{pwh)zwZ|#H2%1>@i^Fb0z8G3c%xhEp)-}%d-s{bo zkt(R`VJNC4U+AD9Z>m-()TZ}|L` zOLe82o5qyy<)W3Xc<#tG)r_yJc`K?Xp0{;m*&ipx z`bcM+8Y2qzc^^5B1rM1D2K@j6T>bM_;#mL}h6bZn(tYC4_-q*K=6+IIERJ8zYt1vW zB3g(JR)8m4o7v`@&5!80imXUORUIs`KaC(cDcP3^Em~NmmP4{c+l1WKCr>t3fpn`| z1+#n0D%`F< zaj~9>KQ>00rNo$niP-vKou4RPxj*i7#5s?u_&bfNABKljsO^g#@t!r5r+|Myk`PK$ zNlYMViy#Kl#9Rxy!hq%$Q$$_wqni$TiuWif4qlJh8ApFTbFR55YX6Jt;&9=H!K-P#5av+M=t5AD4E0jcvfNfDER&5A^q`Ur@<%R z^YujoYDG6)@7PZH3@2y=#JZ3J&-xNMR=v>mZ#cfeD?U#chrRf ziEWGPfsg(Q?V7zbSse6Zd9AL{7|Qs|?nB42q2ku$Q%Rh^!zBO9WjBAZjv-~H8>O$` zH%-JT{?vv(P?tuSMBEPv_4E@7?MXUePG-kJ?pd81M$S%MbxYrK{I@-=F09G zq>0~Y?ylZmx3ww~@<#M0DCOg!RMfHK1KaI zk!m4;d8|Mq?&M40mVhJAT~aQ;Oi++&sm#_cBU{#Mszw(3m8fQ!qE*@Jrzc6j)&1wL zsxgwxs=kM&>H%WyKQ6QtjDP>-$Nn*zEKsV9SxS~+;q()KN^1jwigw9dil`3pX#T5n z(R8c(xxW0*Y$u*8BX2&NP}X%io6VY{pn!};BI?7ca<=8;wbswCyJ{!Byx*&^yLP6U|NsbLi>W|*oaENzv_qCUwv%2bq34(Q{wZJyWH7qn`iH+t-E%4 zWb{Dz&-XcsxG<_QD3*W*WYG_D)#yqAx3)OL8g}-Kw-lCP_e-hYPGlqhMH^hYvWR|_ zJY{C3pRmzSb)U%jkwjSfZBNCgJK`_kbbc_h(R(n0?7;eRGn7ej4jj&3+C?s3_Gypf z^tC5UCQGJX(|K*I?fSLYEkbQP%~n!#U=C&&R^KqEP+KlOz5U@dA*zf9ctZN-&401! zno7Ys<1nVA?$F|R&kyVWK$?p)D@UzQ^qe&3r*^@veJi*%tZ7T*G^@~CF(CH*V+EUY zMI+yE@fG)*aJ4y_572Pr;B;q*#m=BJZN#u9{`9N&C8J67&*3)?f1If1hc0XaV!?;j zcFOBP=|PQET}!r@{DXWU=xLD?8f#myOMlb%V2vPu`_in1%AD z&)abX`@%^+r_7y?KeYeb*~`>c$k?xuUfp@T9Nz@(e6(LbjOBb2Z%P}$OF5*@BbT81 zR_#RC?Yo-KV4Jq@%xhulARI^1GlQ9KRt^}PBS_`^i(zlqEjON$+teI+x8vBXk6Dh! z^pr;xxzuDwb7>w;2)(Ea(Jv`oOHgOev+kckbVd8uy6<1)rm?$?iVm93rF8+n+Lu;4 zq;PUxJso>F4U;UU}Cab{dhpQMnLZBG==DX9NvGygl29+ zF|gYeS*b{fbpLFvdk*=K9kAcTd1uF+dfiu+FS_M0vm4a06g)MQpaBwj&IKJG`jB$^)8cF`tfY>U+rjr-wZ0LPj${g$_w8^Qa4_2h0#8gGQEVK@9t7k zR;jaDUYS`={V6qQFJ;K_eBm=9Q1B^Pkg2NGclzDdkEOI#!wgNA)?oe(vt2Pzv2xnD zd#KX8UtKA&kU)yu7menJ{3m|6PkomX_js!K8wY$=oH!VL9}|=_b{SXJ?Mq~x8Q#+e z6rIUBRL%Bq8~l3zq)-WGRWGfi=KCYC8WZa6|6Y+I+_JUg~x)Q~WtvqyGCgVa#>yo`Of}V7OL}P)|7@ z9#wCqNWnLD$g=F)WB74PH85}Q-#k`gU)?izBtV}Dfgc$B!gsnk_j3tM?tE!5?YmR? zbwfADvzldkr{BI@R?WqKKHu_yT?p#k0EgX*iBnvk@;;w2lW4E$Pw^G^Fe5PmdgR9_ z&&J(14$C4%a#>lMRRhmFxU!U`z;Wuo!&E`8Ob{`H*IhC$?&l}v#D~{^2*^~mu()(+ z7cn&CxKAL*qiGJR_nYWj6b23OOG_$EXq@_Xa;M%&FV|vX+6zBR`Q@%FtKiZSZw#G_tFxDCC-H z8RZ~~>^#6Ou85_#WDJ3oPQL~aK*A@97k(`#VjEB+3S)!MJABd0Bh4ABDlCNCj88qQ zI`&AeK1FT(xcL2Qh&ld8X)>~vkvLIKoIE~JSQ%Db_FOb6_)l4Tos_3`S^BO>$sZMM2_S=I+zM`9b3JO6AN$?N~fz25t`wq( z&k^IxC!s|tS0p#%T^j=;%>Ic#>J&`$eIjm9%md#)-H~JoFsK(ev>18nvDqxtYrV+6 zs5&ar(bO7{Qc{SORn1utl-YJb+O1VeYQ6m>ErZikcbPKNYLS)r1Fbt$n97bGuH3FV zcBwkY&|Ke05=`OCdK_l;ee|38rlH%5KhI>wg*u%t3~;YLRj$sqxHr5T@^tO1gdv^g zOaup=QY?Sr(X4sQVmSdLVbfWN08^i^u}^Z|P9HUhjLlF6`lN(@AEV^f`XSQ-mOopC zdF*Rd-ac;Z%}p;-&1COILrPuAM))O5K+b^{l)@G7zh0 z4%g}v!hn52s`WPo@>b)=^3ouu&!kY2`PI>2{t zA~BDnzA5Zd9a6qsM?YAzETqt7ufbv+8Lm6vw5Gm5pfyPyFZyfAl5n=I@M#Yg|m2$bIf2n6dai zSyv%vpYph1c)!?7bEhz?hV0%Q3W-Y2I;SS^`{O}}$oD5G{TziPNkL_VwBt}iOwpLa zdQ!Tsec?!hGpfY5l)Q)cXx40Ijo)*t&&92AvVAfvHM&+1>x+vQW%(x~?S8R8FHkJP zp(?buiiwHy%9EMU&&4KB!>@$Ob<}G8dH3)s&(mghiS%>p!20lv zHRJ7vY54bnTrp8;Sv_|gLSgHim8n9a`Ed7kCtRr zvc&lSx8c8|c7eNLrfhrVw2MtEmmUkRSr5P29pd-ru^aH8k4&SdQY`8tnw2#oT?{II zazYLmbirXg&W)dugXa{Y7!L((v3zj-_?mIOP@J}vVOc<SOkjQsxRLwk;o62_D;5?g+^J3kftpv1d9ksnSdC*3d0a8p9?!0)*vGdbO zQ-nJWUpE-R=xh+Tz`fPTa_K#P%}h~b$tlb;!rgYWol~&#V0c|>l$(2)>>Rq2&`4+_JJ{dJTjYmR$>4To z#;(#;zLN|#=&Hh~hhZ0Miq(UH&9e_!f`^(@Ln>Fn<7N?Z->XHc+xt}-sqNe`eh^i# z6!AAgjLws3y>I`y9alj`rB9*LGiXb`q(;D+Xc60XF-GNYhLRM5r!Fz`^~|Vq%zr7l zqC3Yod-5tG#9o!;FvAz29+G@G zmbRrxuOJTR2bTe>@#nxF8YpK=3>mF0`t|DJ;v-5d-CcB=00HQRh*#aDhXnDa2W_a{28 zIi427QIZc(%IZuZGPT0HjXTsuLS-sFpID%&kA7!dhMa|RGt`K@S9~QL_l@`LR{I%X z4Hv!{>;x6nX+O>7*vCAxOM4UQW-NSTyK~cMlP#1y7NZ@V`LV&k&5oQ2zRUM9{Qa~z z#mkAUrO_4G2=d=VxQeA!3xD}pM#+>{+92FTVJYo-@xR2^(-f0vQMt1Qt{<3nacrOg zL`v&sbfo5kHs!GbvRvE6?q~MDKr4@qNFw2krQGCt{ZZ}^Zw80MO%1mFW>e8 ztYVAL)~@#;-En{AR~IAHnF29fC1;Hc=M!w1eM#aMz34>4Y**ChyEsERO}a1~xR*Y{ zuEu8eLHX3%b@>H9Pnf&bZ=@t?7lDuJgyg-t&~E8PUT1zOeu^gSXY0ENYQhJ)aAryw zvz~b2#;%%${hY3MA4h20I=OK9xy-XWGnK!DYI@HFt?BMjZ*_Xw9!tiP?@B-8LBD(p zoowePUfTfUR(uPWz~9DS)ppp7!*qQ9AQi-3z{Rq;1C3mfRDMxlAiv4- zwYJpc6TfNgWBYK*3*VY5yThxsXIRUdecg1C1^$^VDh>%*M_(bvR$~1_t7mI;!8i4c ze}6k#7V$+V)$6PE5>Ge+e1?IK5*_B<*^`Xp!;|2_P-Vx`v#!nleXWhRa=4e&9}jo$ zcE@I?L;nv`U*Xq;8~>@I7?c9ilA}uyL}DP4V>C!JM7m>iDoFPzB_&38H%bqX?(P~e zYK$0g{O(?N_x&fH=ksp9TNR-_FYCLp)}nCITi10pYg6q<-)P-|b$`#Frhoqc%+XOz z&Q(hS1dOB+ot(~S^dCpF%sTMb@yPg2ngm-kSWMezYpYDgj0x)S65|1|PJEFITju1VT>OF4D|S1XPEekzzBrE5)ZQ!^*>GI6GnprO z?EWfki+=PvjIX?YRrbTl&ic{9KzVWWndz#piNQPK*Zun3rBaBAqtEa83@a$IFNdS_TP@hZ+|KX|Ei@r`lX9ZxpXFht^) z_Yz4y5`es`ms_^SOvK-ub|vOpH>lhk#@ZsADV1AK=y=*^dkHLP;oFkWC4;BqeJ_?u z(lW-e2?G)YKhOHPb-+EHr^`wxgSm${xQE|^Hnw#01f#=u9ZU$=*E^o|r=fQ_H$Q~j zXiA_L_76ivGMIp1&+M9z$gGISgUOifjm|a1+y>cdg|UQ&x;jWlm^F3ZkBd>Wi08+; z+v0-n_C^}rbv|BPiNl{6JHN8^-MrP~sa__OU+DqR_xknK&0cBK4Gk;gT;&F(Bt=qd z5oYd6>_T1iJhROu-VZ$aE|TF%vqPB0vSB0#!h$cI{67a__c2aTHwi;y!rA=uSHwz; zyPA*M$f3at9*@GL6{XfkM-+(QmRt{qRhSZoI#~a1Fuzh^i9G{$33M6u`iaDYzaM{~ z51Aoa2H_sp<1}`i{lO`WcM?8wd@%?0txZ;QX1C;BmQ%Gi>*`}BiN7-t$z1;!aN3v+ zZOZn#%dGN(fvuM`IVlOuY6_ohz}~Sbgo#isQK{;uPPuQ5R!mj66nY8P9x3ONS>?QE zQp&5mKnlIJ9A_lJ)Viq&opJ01^5C~lw$f$%#KM`#`twY-Yr_pZO3Gl%iOHi5(L@oP z^I~!n#qtEct|zcZ_ZQC+-*v&UHX^eOC>S~4b?V?AtW--j-jdp7#u{mJhldtxtm)OA z7B%4j(wj!oWKu)pu@buDP3klk)#wUW{p%aSv?=C0FCt+*e_f^EFqWm$Pg16e8RTn2 zcz*Dne?0i{pKEBn${Pv#2S^Io48NhL;@mEhFM)p1%^5!0ETuHlnU&@5_Qs)wn3vew z6L0vzV;%{&`j$%nH|!G6V*Jzk?$B+D((y#5WNSyQZ~p$KeX(eY74SIUk0}j_>JfiR z8){S5^1$7|ouTf{j7;m(i3T3CI`K37!T2PB2~w#d!NIOXR>E-~D)&UTy-Hj+38XnG z_|NgV@G4y_z;cz1e)SzG$9&H)@=jf=*wY_H;&IMv$3<1`6ork1-4`&&xR+sJM z(L$yq`&{N7HqxFw08~z-+svw*M`FWy0C)w|oo@;ETY0>kXaIy0c)?@jDs7jwOy8`! z9FC8VN|V0^ww2K$3cruxhT#m^VKT;^b_%%Bg-RH>*xlMju#qg3tR8)cryApK*IjUr zh)wgF725UuU|H-(@%uXH$D|vD+aJ%p1IFgA(jQZsH1P%szq4#PWXo0$#l}&%t~-qn zX}wl`0oA&u9KhUaT5BZoB)3L?^y5X?Z-H3duX#T89BqD};Vc;A9;iAv?NaIZZ$}!8 zibj8guw5!PvHZFJ_g6M91M&VPOs7lWo{>}&V^PCReWn8!LmZ$N{znW?E1G&fzaXCp zDP7izdi{n|YECkvC|@Fa_2i9nZez{#y*FOymVQI8NHv}F@65kxjTpe9knfdA^Nos( zJd5Ub7{5cdyx$wI%) zN0TY$c-tW-h7G5a?r2Esz^!A!?W;%EIn&eZ{;m4s!@}n;nW5g~2><&Hn(lbIM5LIY zAY$P(hSs!8fdkr7HJsPt9LSVaSnaiH7eOuo6NK6NdAs2K|FOtUj%d1Q1NH2jSc85N zk>dg{Ugob(%*g?c?totck0Bg68|pG_YoU1w<+;SqStR~dc)q!QJ_qNDG5GrHQx5;Y zlMUii4+mly*GU2G5O+?sM}bgPi4koCN8z~gCt+BB;^lDn|9KfB4Xzvlv;>HS1XhHl zC<$tYMt%vU9n%Tk#w!-C(m`_|FEmfI)h!i2gJ}@(Eh^6h=hEjbcV}qp1SZ|F_zm@B zd$zq0xH7yR$K@;D$R;>=ps@*(vh5v)&-Np&9@n0I$()2o>;6CB5st%Lat<4<}mk9Dnr?kUm8h zph6C!D`oJxxOi>dckn64X}a{Sc?V)|RNyw*_e6FKty**b!6!YAp?K0@s(?L!9M$j= z=|&WJ#DAVG=rp)X{sq#a9@R$!>>X}4!7ZJZ+eXw*x(Ajb{iS!7b64LWLh~ zJoL#s-$%_zNYS%2bmRkfnI9DdoFg3dkttx_(o?5-vycKgaJyfX{aFf9{H187M;uHm zEf-c8?_wwLgKT~?9eg9ZhG%bRm}b7{1dvN;u{v@@8AVS+v%T|0G4pOS*l+jFF0n&! z%@3!6C+$h8+x(wOVjq2+VOers<)nip3@Qc zMzsuD^6^NR+lu=zxh_3yU$_+V+9uv+Tuw`Ehx4yZQKTrecPZm|)!w7Qyo&i?kInJR zCQ(rHZhf|lOKiC0y_kDuV7=muXbyg5W)2nP$ZIdyfYtRLWf}^7j1jEs6+L}t=RR-@ z?K;SUBv(C(Lj0Pk(~g6IZNTYe06|>*KXx&9Bq*g@ouTo3kGmY+;~vrYbuVgdaag=(qMMRgW1-1=Y}5tomrURi-OR?&^1i9O_EjG5&u~wu#OF8D z^bB*Y`LH~4i6huvukp@(Dba>MtGL%CO9_)r?smkIpNwd>T)R`Kf*e{T{IP-=-JXy_ z7%=Xzb<-WEg2N=jE1$f`}{A^ZF^?BV#L4O5H_FMx);JsON8V zZ>+D%C(XLWnNp$g)2Y%O3pT0`_|+RZfBZ=IS^=y-x_Eo%)dN8)cTXhZk8ux3(UigN z7Vmdjnt;at5x>R#J~|^n)C@48r7OrI_WRuzIeykK53!<8&WQMyaK~rAimavMpZ{3r zyO@n67LJq77}+(YA)K>g{V8%ju-zf@1_A#->?aR+)XK{)slqNt%NJ=B-ch#+Y^VmE zwib-bAedpQ4;#BgQw1~YS*XI92F-qtzBA5juw}OUWh>uV#QFNA+ zOLPfp-@Q>P9V*C-7r~Y~BwpK(lhiQg|?vp1fNuyz+{ zY<}j9dwc7Q)e#&jQmY6_pl)Dx1B%j-#n|;r>>XsUgvy}uC^%sxS=0~=A``gxG!q~<^ zO7vG~yqOyCmziY>oT+)*cM_gBsf2^WGBJX0w=M?Mxb`Z+0vG)4r;e*}Of}J7<)o#7 z;y3Ppw3#Qb$ZsdDHxpb7Vsh3}K^MBiK06{X{KYF1q?BLr>S%%i!*h*0f?J<4OF`o1 z<}aq=-uQnS@Eok0Q^S9C1#%w7$Zx!O5vyvXX6r)Sz@T3wNHs7qbFM~NkE5Tua@%U~eFYcw@@ z!+H4M(ZYsIfgVQ+PbqB6%s9YLdS|o4?L%2puotM`VMjK)5;yKw`HpzbQzaAxXCyIK zb~NuNvGv|cW7k#bRnjM@7vcGw^*0!k7)l}SOb3q$h^gBHtKI0b(to;Oiqaei+{aBX zw+5L+lt!Hd74ZJ`b~h+GaE(K02$gvzA9`$rc^{2**6#@K453`Kf1SG4bv%V;+}8i-<1qTOhha@wE706Rj`u-jjK zy5x>ic>|Hl(&U(|*J2Xf7Pe*feG0g3qK@jyjoCK7S!zua(!l(Cd)0@RV7rm|+;T(v zh9&G1c7#(my(3VYE@$*NoP$tkgv4=>JCvGKdt2+)jD*r5T zmL_|Z0^)HfljgA&M)BVEnQRQ@cPT>POBFFRASoe{vrsyK{m@&1>-ch+AzA)G<=t-| zYOCB0VjwKHWhe1$;LYEJzA(+rd6vcmDUKwm_giAWvmsQ*5(jf}b%w%pyE-3vgo)Ug zk`)ziQ@?JE`4b7Kj0x=H=Lzib1+8^hguRXHaqX(`I0U$G?tMS@rU@T5AJV{KiL&J? z*XqNivU)dWKumsjD37L6&1nqo($_%b2(_iaaaAVZPQ%O=g~u_tU)`;iX0;K}bj9_rksn+Cd(Us-9BsC}EmEhR;*j^+x@D-=J_DpfehdG9gFpb z>!143ZnS*KVi!eJnS#<9@2-D_EDE`2~93Or#h2SND~mwF(k zL){^b%V~$&IPjvNDIL)4%D79iH^+c%{($u|nM()yCZqX)pV`AB|FfFWtUrzWa_P}Y z!lf5(!n0z%&{1l%oAk?T6qDEa%;QdsC}oB~x1jUG*@kI;kL}B+uI-MtUdlV{<52KD zEyqP*5+XZVccu|ZshXR?Tx3$NRJq=k-;vxyWx8TbWHC?+b{s;GEG)h?Y}!OY_Hs7H zgw#Kos}t-DH3Ndk9mHiYja2`<`*gqR^t-xu(Uce3NwCL#k|^72yy(oB-}M~3`Lynb zK|6NH2-)bSYZx||PYl$5+I>iHy}cD@Cm4&rHm-gNpH8Y-WE@u91lRwN&1$o>aLeH+p^bznVneBgk zja_jpC53ijj#_gFxVQq(@gbep=4;pGM|W3WqN6Kirnu>oQ+A6sZu8e3g}u+oQtMZJ zdPA$lh(!)qEk;w;<5(XJu>f zjRdnKIh;i-e0IV)hu_UIJ;NYKrQ^FM?lx^iqo zopH6Wasm^7gr$Img~C3xSg_OLF_492n}Y6(B@U(c`TSI{rLWIkahLOnqBG}#MQrG$Jga(N zZhR;!Sts~2{pz&5f9)JAut1*2GfSX|n2()W5|AjB|>EHDbdivA0rvdvZLZ*76$n`K#i;uO5)z z;Q4qx-pSmWMnEYd+C8c79fXp=hfQaHR`^VuIuG2}(e5m(<1wu35g^oBTPjcI&VkU! z;WC*WVu}mz6XoR6id({Kh7>d8n7IveN3}!`*-ga6g~GZaF9fjcEp@hF`Z&X9S4wxD z%i8(=_PBX84e`jP(zBY_ACtMtU#;J6x;XfZDcTNwcRH&0lPn$V*zL4F;V~p~=E6?Z z@I*H4Qd^K^ELi7F!%)He_sICidQhrux@Nrh2U~ltC=Qc@DxPpJyB|+8y&fJH;VNdN z{*f^HRRW!8NyvDiUM?8rzvz)f1-HU(_%f}_MgHNPnpf;;rwwnqeS~Sl$}AOdn>d88 z?7bsY%`q#-rgOB5U(r*>@64(6OkylNyzS+qx|*cV#0pY^I_1g=gE5Ed`8K1n>JDH7 z?`^1jIRDT~{TS_x20RY`YRP(ZHGZnc-+W?mq1e z-_}C0U}Q=!yKy`t_X3VjobO251#vUcVd}Kho|~>lSeT!FWY;*IvQ*-P2^|miml*dy zMhG8~_M!*p(&d@WCXELs=8$^}>O)%p?P{G?w_g2#l<%`1*If#W)qu#Zm zJNDRPeKE$An_87DY&~4U=topDIlI+#^8H70z9-`lDemEP@+tj}CQ*tYJij%o$KgpArPkT+x)si=H=M~om|@EfS57^#mKGDiJ@7U~<#+US1` z!BLh=@^a4Zm+0iN5hlWCPWHMrFx3#d=^?i#>faE2pXW5Nxy}Bt+pP(`vv;;XPTib_ zaW_=C7j2wDBPksvLiSo!@=*r~5QAP<#|66bo)SkUvP*Qsb)|n+Wud~k(PPwttK_vO zWpZH&(T$w9%IMN`pHQlBA`*mg6qoL7BXe=Uo_=@}AiVwanYSQ4f*! zm5Qg@0S&Tu=l;l#saBa;ewBm2I2Duu)?af_QBoU|jAb=C{p9y@=%p z#5l}4{F|OYlbZz71nA_tMZ-a2OhV1(LM8iTYKCcPv;mb+g^}Nl>A?S+@&~`;cov zY*?v94(XnJ`4|gK%L?mNZsVUW$BY4B8W&)%EFx*AW0;q6|*2Ec5~e>&@|3 zQaOz#a@T^h@I=qz^8PPly>zSloDQ;zurrdsewQlgI}p_BE;WzSbfyH})Qg^)ixl?Ri}Jeuu}=UVh8>$19U3Lk_N zsH#9N%N5)RWgQljFtMV;HpVgWyzaU5+k$Kk{{i+N{2mN5%cYFOBJ($dUa1`e<=)D4 zzM}Cyd)|PpYNw~f{sWKR<$3QUDTVTJ*Zmg$&Tcp|D5Y6`iu?*c?m`+hq(O8v) zKx6a0G&Mx8C(kqb<)Dull$HDu8bwNAJQ^u9Ii5`(6(o>!zR%v?I#MhV6=^u>NKU~$ z`9OZ%D+Y4Hc?qoRMicqx-u%vBX|=W*@5B*;{FZeJr#hNB|AvOQ`t5Mo#sALEO6wUE zx77fuU1b$uaA#~M9&-(e;MC4t>QRt#Ft?jE+zMTP(Xdhh#_kB$P9@D;Vv&>HK_Zy@h4CSY5L%qNtI`KT? z65Q~NGg_z95$!Dt4a(u@pRWp`tH=+V{O3Zn4VqDC?7&rqp}eiU5m36RG%zaUFlRO0 z(nnhc$tlxIyx=kP*Vu5+ z>8|ui2XsCknE$Go`_*vv7^8i+*o+yBr}lk&+hS9p8Xo&2hi^Gfnz2PS50s!s)e{k8 zFj+TrW~xyx@Zuhr68z~i>@kVCCsk+om=f{#ms9O9z2golYQxNegUF?9KH#$7ZOB!l z_91wdi93U>`lWZ|oX)jDHC}6-X^bP0WBJ<+2G^ZADU`?R+>OE3XcYLI4g*Hj9$kpO zdzsvmXdwAUA-^rF$NSAwDXxA4*MsV$NU6Cs?-*J=|KBa+6e>>1R}n67CofL1<8!eM zX(f9GX5*whwRadPTjrZ`=Id`6T8j;N2J;!}_n{~yjhJ%UY<(d)kp@rGl*s&LvU`Wo zIK$mCHD$8^L_c6%&LMY0eR!!VV{wxUy`(c|K%HtQM7n-H`veEqCC<~y8-!p!R|0yw zbRTXT#CVP+WW4&NqYT^@Jll+)X)33d7;xKFaQ?n+&9o~uhpK&!i}IzYI^)TakoVyr zq^Jo#Y=?+V14QND#(mjoBzwQ)1KsB{cHeKk%TUmATx>>&L}hr0^uwPY)KB)#_8ug% z_BVY!TOx6q*v(%Lo_F{g_w+DI>B?2jIq6y(^<=M2{K~eGx~;&{DVG@&-PG*3EFWRY z+Mp{<5ugHkp*s&>5CQ`=$yGX|ZQLeZr$(H!k%iL|+3wFLH!*Ke;IY;zDye@Rh#A+# zS~QLOxNm3U67ijn|9gs;F-0MR#%0Q8BS;55{>O7HWj<6kRpE5mf6rRE8lHWL71qj}7|wf3#w-D1Ud zhN$sTbm}f-?ed`QFGWJ%@zkYxstfc*+bRJq#QRJu{cc5cEMJ9uc6;G&OuU^HN7lrA zVRsU6s)%B{F+ZZSTJK~n@3tIFnM+iMo>aQ*0P)tcn6`K$C-R9N7YZF{={ zNXt)Zvl*})>MDeNa=v8YzhA%n*tTu9=TM(>`TF2oyy$?Zh{Z2i7}v`}u$ynYl~ofX zXtumZndrce@h*qh{I-lbI93DY>>adG!#&pdwvT6O3sQGRG_GPDLiXOiv^j8jycIfB z*1|Muotk9rew7}77wmDm+-2_UC%6xZ+u>f`(l^3N-~If4TI@dhAC1cT8(pXY%m@Zz z-)>A${IPn?2y>*Uk{!!ZG0j#ROxJK;W7t6LF*U#V)D(?qlNPw_|Z^{LfW7&t+}^pW@zD z&6dCQpJmlMv2DK?|<2L zxwi~3TS?FbS#+fn0O`UgzK&L;6-uWH(YJD&ocuf4(C>owzUvjsFwRh8Zr@C|sH-SX zOq`52$kr|WOfYOML288;Cim!fA%c=c-$dubO=;a*h_9E6Yp@&of*zrnD+~4dv}3gU z6hhrnpL>sqt|ntT;>87=4WaM!^mZaXIs{RaU5$ejct%5~1N~p|qOBI-Y9o}Vzhu`d zYUEIP88?+nT1IZLl=r8Xk`0}9$K#;>AQ1@ zg7e6Q9>^qHtbU3?SLFHpofv(H{991w9=nuDHTHbzng8{)Xy2$L<4-WuRe~+MD_0H z^8))fl962%LHuRn1}apCoS-HhxvMK*4v?j_X;e0NXS$KYb7gebvf z<)Y9CV~<3jK1R|2Ne#`o6DAVG(jJhSvYOtPc0lhECTJ^R9fcrSyXf&p@}>yymij^6Or;9+L)K<*gnXMI z^HFz%yOq8I1$)?^%T0sv6+-}$%lp&bec!3X2GBI^R%Wr;WcVGgT%$l@Vjk7rqT8gd zCD&)()>?QO)e1a=SW#gDLDB3Gl=bvR4VXcd* z+GwP;&(X07B%sA46xBSA@cdI-^b{X-tan)-ogf(zS;-PyO+*)_G{bX^JbqWgw?{FU zfNNH7{DZW%KAU|6ySd%N5%>Vh4&#fAb>zwXS>T)R%AjsB?Fw2oW zJC1+COnrP!!W^Rdo-{h# zK5-yY^yU8$%WbI!j85Q_52=X`AjP)lg^^g6gf13O>NGjK;+6WUs;UF*t!mX(99TNz zW32z9Yx8;d*%kT4zmF!h*nUifEz3F8JM}0#0bFD&kG1K3_>yl^j=s>+{HRne`9yK< z_Jfl4e=qM(ukEYpB>^>?rv&)v-R+?kFYX4#gIMj`36SonBD?XQdt!9Cc2sJ+qoeS4 zDix4U`dL2o)qwR!k=LU`TU4(>eQn ztl1SOcq9G(FZ=XTKJL5#@Yx4Hy)R&i-ZE;@VUAXfAZVfK0-48t?WLY{I^RqPL>+Ki zBXF;Fc|Mui;b=l{yx|e};4URZz%Yfg=#BXc#4LshpPCO)jWnpN1@%m{Q8@27r1j!n zZyRk1@%#dT-_*QIG3hej~{EZ0;!dF!$TqDTpWmpK;Ud;CL9kG>_dekyFRrREs zbLQiD+3C;U(a7Hps7#ZqNM5J2%BSp{R(+JgJ33{TpdVKtRelTxEE z*MZ8idUN)Z4aPLykA)zYtlUz(%yNLf8B@cECb!;U|H|hO|JCQS^(sxrJ97gL<>DV! z1|t#{MxDS=bhZh!xWw3(X7aU>@qRS5$pgeA_F-W0b=@|Vy1PEU$Pt$`(r{7B5W`i4 zkhz%rzFrx<({VZ)^dqc92vG@HxE9&I8EM9(cpaXL92+Dc_^t1v1RGXz!xRV$gs6K< zatn3_EMB-Kw^pC$1s;!GkGs;r-dbuU3wc_uiHQ=Cw0eVhQ4GQ(*}k!|g`dkmP}*vc z8MXNY;;r{M@pYM@{(9^U)cE0e2oX=KXjhI(8G7)z#X=AJct-=fOfdvUdlt|d9}Ujd zY#pgK!G&DSPyP+shD~`^BFi=vmRHx8ZNgf!5;8W~MtA@Ce4Q48uHus@WmOZmJ(Cmi zScEMWR8Afi3@5B6tYh4Bn`@*#!8x~ePzdYH`XyiHQse{MmTqYPTm-eQUeK)lZqGC1 zW!U|A*~P!VQX8r9)1X{Al|8|iGQNJ_=QA%g+kcA$li|M0y@L&sgfKyGHj$X!D|Si+ zRBiUbNHsYJy(=WoUQxi1FGm7v%=PFH&0{b<`z&Z?={GLwa6!d;f!zRz4wev+Az)n7&z%gqx zPB)pmSd3Xa4KGGNM$mD3emucotaVYH7s}&0lN|11AWAKVYOK6QJ-uuA-MdBMxk7i= zPB#%XusjGf{||HVP%FhCyjT4QM#&t$78ZMY2s+M)Cmzhi5Zu>@N^t$u4>skBk`K*z zOv#+PQ%M??kRy^R$))*ytQ+h&!w|9-!J8)%^Jr-ka8Mp=kiFVK(n#9x!k8?bz53YM z?==VfpKUhH?#8qSy0-W2*X=MJow;v1T!E%(OH#t@Ec-!J*yN-Bz-*Z)M}m>qLa zrY0QEK!iEsqkp{U^^wLZFn6QlaceUFQ?=|k5%<)1+bJhON8Q9tO}nIim5ic& z*!Th|=)N*;b$V9bGKm+g6ee&|#$=TY;q#HhYsJl7%=5ClF14WRq*E3r4y;>v2Anak zr`@UA!kt0>&T+iPQTYM^WMGQo%yZw&#mz!Ypd?g!lnI3oOaD=(`FAjQF|=J5pF-{t z7cEPMC*PQQ%x9f^cpD|RYqsu^Y~R2|dR)$rs`81)hE!nd|&J+14dgw%tgz?ACrdE8Sm*7*TwE`<}PHV}z}0UW8pg`MlQ$m(xR% zAznmq&vj@mF-~dh=9r+PT|5O~cBex_?Pnrg3wA^`J!zXO&mYU~=iX7M<6rtvWZ0$@ z^DfQx@8(aVq!E!u$LDo=_3bcltM_@F)9A}~TuAy^?K_?7cDP{ZKM(z=i5su@k}N0R zH!jGkhvq|&fZ#k?pQA(0pB2+XJ4^F%+EO7=9Wvxb(QB%Shi1Vt6NRLsBj0V4c?GuO zk1PwN^1i;ZZ(d`JT=K(Xc94I2AZ|`4b~QuImP8;ag?=-go*(RN$V#>BT^_{{LK9=@ z8j*_Q_3QYsa0)-qA6=H#*jmx^jb~>nN7S#ayYAw2Qpm*E=@)594|Vx1SPJXPy|;S~ znHK+mjj=#_6_Kay^a;CRejscoEJhL{R!6VxyZyXlx~XoO_WWjS2M(ONDE+&Wv&&KbD?! zs>)5*+!YhMTPgi;JN@*_MXa4GK|~WQ;V?YieUXIq?mWih5RGvuZSXlCnt;YhX*!ih8pvX zYE^%6+yAtY5cbS&r-fL(+s;y$`>mbiyh%g;IiBwQeWaAp~Sy}6UqFmV*l6}m}18(%m z{8m&}5quWs_%v=uYC2W);WgTYtGkTGbi10 ~T>OLPDn||Jlg~@7aUQiW9 zFX4wdK95Zatj}yFe@f?%y9M~3i#3Xcn;GYhspYn)x5k8B^}vLGz!Le*X3GNi?#Brl_U%j{w%U&9h6N8s!dCcC? zLcET3vFLK`K2Of%YJ{o>XoJHh@z16xh%Un@!-TjE5J=~-@^Aq<418i&)>2}>F*epR zlF?)IG-X~oU~t9ocaJ8OGpOU}#50)a6G=*{j9tvawHwnWZn4fTe`dg@uVNKFii&h8)1q2`zv{p7k^XDx>TEE_G?z*)HAAO zy3b$>B*|l6nott2Mcn}5AA{56q~@ozfOT!&+`Y1ctLqh25Y_dVzrI?*ubudINqU~8 zyI?}&9T*wnt=yT-7YJ-Tnad2_o9w$`f-<$Av3ymdS`gOPW&d;HgXfR-y5-4WbXi># zk)h7kMwRmUgR}-TCt+8GQtA7kx>0#81=^k59v=l)VCUN{l$CKnK}|wQew7kzoJ&v5 z!ykioKlp=Ku2d z^{?FY5-A+fgy754H65Lpo72b&3Ev#5NduuWA@_SsTK_klojaAh49CB*v-qS5SvK?3@FRb12RNJo178}{Yy z2<2ZZVnbK4X^^LZm>cd->b$)sdFYG9jS|)8|FK8Z-rFN!$t9W&x%6DLt&ZyAhy?Wn zQrzK|GO7Kep=EN^wFLfs5%*@DERi8TxG$d(%8BO#2*|2>3Q+S=a5Xq33ROLs; z7n5~t`4J-Cm=IMP4}N`bRmt5%z!mu;xUNfMw=MZnkYuZf{KJkN!NB&B>1*)Uczk$>!NMDW0;ald{(2}=Rew0Np1_0CR&@N~w9GPgab^`(=$&)=< z0+Uh|&AvZg@fjSc( zKvLOM<3E?5p$%3ueT0OpW;m$Msgig;tL2n_i&oKtSCU12W*6KuqoNx9B$e^I)FGIk zG43Tr?5r^q&l=FGOtr#E@K4~`Nn=^w5}JEVXZVlO(3idzmfZo*=7~ONtC!Ma*{|-P z7J&TSV2)70yNt1)gJSH`sSMOMq?X0`ylBHie9+gK|XX*^(=hp%|1l@R<@!s&sRjpNd%iPWoVyV0=6lC1!nJ`Syk zBTs%}n8_o8dBD}QkY+ulKhh=_A8DiTW{=v&;4?@AhgW9Fm0LIZ*BGx<;be`bHT7px zLgCRdO}yul(MklvClc(#JT95Bnhd|_%^DX% zw`L_}B{5MYjgfK90Sm9U>%;8^%7YyN4_R+`?6My&cuMWg$hd5#K;?aIn!M`JqpJ4! z186WQnj)ZZIk%R^;_dH#J*x!w#Ug?CO~CbYNfK+&{bV$BGa>1{o|#<5W0H+lNm)5V zvkaZcD`W%Zr^t=(J6&}}xs+QYABUM32>Jq<-pWgJ!7;yKpJ5peF)}k?Cf0!6CY8k( z)!cA$-H&6lLSdS>CtPnECBs+>x$NR2O=(k$5)_MmKL=QwmRj{`^8yYep{I`hF#X~@ zWF)p69+oQ;zag+!4kkr-uT2VVBy_F9)MKc0jSL~XF{MJWg2u~?QJyF9a*$rOFB)R3 zimb zZYENb0&ZvO_DP&MM2G;k(%Q^?&+UFHP4zF-kZk<$GT53Q`CeIqbBRe;CR1< z$NL&&Da`1u32xbL3zaXYZ8AHca`^uip8g#T=0_yhP6q6!HjSieQw#k6jlIv*oJu@! ztO6Pm&PsBm9(|Pz}_;NB+jtp_9+swAgUGt-EBt^&T1$U{7yc%`%fry1@a(z$J z4)33EX*uf;q!8aypMP)lP zDvQajtKvYYb0#j(Y1%i2DXqkn0mY$kj6EGTnJ5^gXu01>r{W{N7q;lWhBfRE%ZSl- ze zrX+)%_Kyn-@jCp@hz)=J090qy2JD*fSX@w?SMLMeHL6{rtO3jWJDIUvvP5IYtZ#eX zzF7(7cfD6!p0LBcZ)0ZW%9I=m_f*@#;f7iR$F=9i_EIdTpu^S+>(r&*0!wjxu>o9Q z;_x09!GN6CV5`Sw%l%Q52%qwt(ll>R#bnzFIpgEE$-urt>6v0> z1M-A}053H~J+*kr+5c%-)|p4l{UkO4U;#37c4bzh;=d-PdGV680zg-N!(n^u%sS;k zkKucR1fR+|x4FAX-;l_h=H)(MndIGVX`Xr+>D4Zj%&pzQz*^eDq0o;B+5`9}nzB!^sA1$b79T zrmtfk>%G4#Zh8xBZ(FcSDR5^&FimUX=6h@Y(CC#rBpS-Jk$W*Vuh#R=z3z|io`|FC zg&r^TaEIts#w$1We@KXNDO^|4f1A&CZa(NxqvQ8H*@dNY)V@d^`)Rg?T0bmJQzh$M zu-LVv=>;aokFW0mnDV@2Z{t*$b_%ZzuPOFY0F7Op*$nay;I;%3Do}1}jWiCFhNZn{ zZjvT1%o*>N{qTH_g~arh+SD*t>~*O~?&`cQ`qtPQUl5pD{C+g^K7LLsN>Y*W{-aaSMW5T> z=02*36%x34$n&(9;PAGJjO(S>C^r~VPd9l;@4?MTQ3~rJnVovzj_|`N-PsxvrOY*w|8m zNz=JO^wD*vVEC<2A#>s}4r=`8m6{c5J>Skb1v%5-7CwI7lOv?PpYPJYtI+F*1%>cH+VO*bsKPxoAB$Ap&@G+J`E=HlVIh9wkSUcBDCq@Vt6n z)TGCLgQO3;GV~C;*~*33%reiI$zhGhB@`-VCrf1y4)|>~QMq_eklt`v?h{FA4)l6i z^zjiN(dx@=Y|~pym)BQP)~m*4PV~o9{%KLFKhA<5<{)jCdP~?Tc3&P@y0BPsB=yUJa*@60*PFGQS6Poi*Qd@k(wBR1Kh?4R4~0FaFEraI)`tc3^#g zXfZ~VC9C=^EP1Bv@Aca4aQWw9UnIiX9MdV^(|sv&2>SvHP+#GGRJzHf5Yx zc<;keI!?Rs(sLzeFV&QPfg1;r$LTJTFIZzoKD*dgdn~pa6GU&~y#6uM<=Lw=UJNua z`DC~1Cvl%AKkR*bA_rMPXVTl5$FI7!ny3pjH=>Gi0~nBAAnJ0MA_la}KNEZ*t2gdQ zIpwq6Vwh9xo%cR}iMRs?)DU{^c;k1kV6k6Nx(6`sI(1_K)@0q++ueosjW>}N3CtNI z!IfxT(H4JYAEprQSl!SURqS~Swui7@2(Gw1Bhfdfp0efiTV@7L4=2l`2ryqfE^hll zC)zZ@U)n78k}mj;4viUq_7&X`drg5q3lB&Zt0w-#pGo1OKW^Ol{3So~o0^7`IK|{X zBP_7EdUc`>S z>Za3BSGPTStS#LgLM+AricUk%TddsA8GQ;AKZTS zd_?B*#LnSkL%!o+X#LjMtPg{+_iY_9GwE8+sM3k<Z3`)U3Q$FK0lPjtx;%Goc`uiWnaqab7j3c?! z+zAm@k?MjUTzD>si~(J7yY}*KBJH60{YXH@Q~>>Ae^)pMjL9!4PR)ZKz+$0Hgu`dl zNz19Q*r=5PL3y_F76Sj5UpB7&PsU>{N=a9}=z|5Ly|Co`Z^8_6TR5U~{3)7uU!!_> z-H({~tWWd{#JoGDi$OsiaMC!MG=ANcoxSSgMS~VaW8C$q`#Ce$(&CE59D1c0rJj*1 zoh~S<+tHo;jG);WXA|Yj1`C)`3<_!F+g_uXJyzL}d?{+0s*(Jm)Xbwqc$EtuuvTY} zM*J>w9T1He@Al!5|^F!(Y+4YZaQ9g^*6lw3#lG{T)8_o4iZfpBlj!B$z6FlN;zJ=LEs=Ta zQ*hL0*SH53{F~na+kLUxoZD3cW>p!GoTUboV*$(i=_Y$@E>yyE#VvQ|$yoN4803S? z_5VgADwwU86ft|g7*o?!t~dKXCu4Hdn98sJEFm85VPp?Fq28$O${Dvi->N-*z3$fM zQnOIMUS{+wRznqm$l94(X?q`je$RSf&S|W~RNi>bc{FouAuQ~CUt#1`tkeC|Jwv*Z zzuHE2=1qL(=TZjS$;)pP?q>KiO$Uw~GJaX~VXU4`tUc!NEr6Ir$F4m(UmO(@x1Y?l z`CUQHsOYZ{cu7USLWmzfE=lx+VU%Hz)q>L}LMnvc$} zJt-xtTs%?}Lv#}>0H&=m_Ej-hlbF-iAYH(MsNLRg?+H**^Z1LROc$n|AsN3bKUojJ zSc8At$RHL}$6acscY648e;*fBRe_e4mi(_kg`N#UU`-Jwa%HyfWh^mj9~!^U>AI_{ z0CGwBrw2K#ce%~;Pd*%{!PW-EoHd#Ze>gm#Jskf_lKx$C3h99{=k8ogoI)LzD5de4 z+~l_w#!KDb>LS!^_cT6~`h5gb8m?@K^ymC@(s35o0PsgrXgugfZ58%+L+x$ zsx#1+qmDIq8-_9*+3J4mneYuBJmRi2o$gi1Ab77tYqXFAivMGu|7rYC=kwDLOXX1Y zPpqr)*Z`xGN{@)X*xe#e(KhN9C5r9FOVTPhtf$xw5(i zU}9cJlpAuy?8Ep;Qt8rGytgsyOD@vUhynRmp6gDx3uf^XnP^wz3$oq|9d$brsUKr) zWN9{Ac*=_X@2xV6RnNthjUq8t{`5t;fl{`+w1V795=dH59u=rWO3% ziK0t>Foa0itb|=lHmWmD3x)LW=JE7j8Ll2|icke>&W#3at4h4lh=2@}_7pC${CuFN zH_^kRC{$USB`S*{d`Bp#r7~GP=-TaKFUs423Zf2dWE4iP@{l~SDBYVlgIk~0Z!W0V zZCBxq?c%@`F@@i}jZ1Hmy$gQp`ym;&HvE|nu|53C`(D>4S=2o{2}R51Y?#Ek@9s1n zG?qwYV&eH(N%YA?*z(iSYtI}|+U&_67%6e0lT>`KDQMM+SX-1x zlucEEzO8O0CuuQcU#s8JBGyzPpAak&sjd(Sc+5H}M8znK*m2TW#;ljiaPVcFJ{BhN zi;2j8Mn!Q3!DNjYt1u3UZ795EtyCXI;z3OqgtUnS$}`GAn{T({d(h`JGh&RWs@WIX zrNU~l-M2XRvA+$tQa@_>wQ1eU)Kpa4ypxlN1g`I@U0b5}UO!YHzWd$|021THL%n{% z8ZW0(WHzwM)+qCE17!l0{O!qWChvmpES9NiPUJa8V0ySyW4@M?=9Ru+Pn6r?Z#-Vm z%Fm708m=y>MVtMy0PTAC>0|Fo%_h{$#8!*eF#=Y8UyPt4H`Rx>qiLk zuGy4y)$>QMwYBRT(k(=aTMe#}@JXGZyR)dmY$0DdQXaS8b;{~ ztbC@Os#dRxY)6x^@YN%L1Wl{OjZ%|<7do)k(WV_$$HWE0h2vArV`01zE4d-;YFZod zj&MJ#H8buMavbGgm%~bKq=|tn30);EeY9d~9EJ2uAQ{?u28UMpY?Y`hdO~yQcDY1c zw4SW5<-Q9{6+NhZA{H=X3jwnaBgvnBdlIIVi@4dNcRepwLXS0sesEodnmS zsA^As`R)(9Bmu6p7#^cX4?}|}vts188YoL(Jo!>FDWt4JzFpUXm@u~Rwyo}mtA@yOQ=xWz=0d2Cb-tj(>IW37Y zcMBkJQCl=>(Hm8hFsa=?=h!q`2+g zwd0)%l}fzO$W;xGwms>lW>j!`40D^8jq#VI6NQTy$3DJvzZI3p7@n<}*zuMv%C=^j z*LtgsCx*{%r-_JSa)r2&FeNXdU@jpnC(??(VP#kT#J8h34=f(|o0yzM33RMKyKT)B~x+_txlycD^fo)C@;ETfKAz7z;A;1(G8I zFGhA|HG{ul;vRkyaiJv%W9_Y9QN%pjHw*jhb!qUj10(Vz_Fa?$@;iyD-y+>ZN}}}= zVz~N2@R##4r_}8TklyKSH^S|ohy5bOFaD8VMF1Aj-Z_6GL=i2~-3f+vwzLLtC`IEE zWpD5IexTa(9Ki9TM$b^co7B0q^N;WH7()w$PI6m1mdXOtuowYuLo@5g0tCvoJYxn2=Zw!PBk zRVT%#8j>jG8T5YU(SUaHQ=rAU!0w#W_U`pwh9LiSo{@zrj$8U`OwiD_KG%|X<**-N zWcXIGdPn>UE$WINHlQMSTZxd4eGIxt*ZAHUJK?NVaTLn<(4`c?Ha#<+0Mln3!dgdK zH;nWCW4W$9obeQ3(iDDlP4u<89Fv-vKlP=1*H4-Cg%<8qOVX(JI26A&+Cp1YO$23_ zH)N*xwvp=D1?iN};!l}l^atvm&-|GMembP6Zf8Esco`VOO287_eOEv|96XMD-r3C? zqGisj>QG2No?@gRr(sfH4fVnUORX_UJuf*~3|%s{C`x8E4%2Bz-Ph;S@{hz`#YFAv zc3mHSUl4i*xGaSE0-~^OQMSRy4Z`IcR~W`Rd$IFR-(Rv0JPw%rvlMxsY%=4&+QME@ z_+6{}p)baCIcYKQ`ZHHI8MJUIjcnLFb(Xrde)6=O-C|eHL(~g`nK+7e`Rl*8e8p>< zLf~fZQ7{epU5qiP%Rsp8w)8pE6=KdPmG}ME9dC$kDnk1mYT1E6o{Mn>W4!0r?<0vC zO<8~a1~ncon8>V$^;L?!c843>z#Fq%OW|`*tu^)#;Pl5TqTcFp)%{54b|<{rDYtV{0wJ%Non34Oj5ra~8@`VtxA*i*CucO|~Nu+5)V>rrM# zM(K<#9^JZQf;$G^h`Im9?N&oYvy7bw3w5R5{81n<=it7@Q?99CVuc6SEpNIU!U#U% zj4=ae+*JSl3#~0KD$sai(5?m1>L*I&?E99MBp$28#wEnInXLKF{#3F_S)4Ced+1hf z;3MD$C@67BFY}3IiHRJ?=S-r762SnC3JNd9U(9}tdID}fb*u>D{JNP=6}Sq^q=jY!fsp1*qEBMHo*)~33vGcdCRb+R&PZX z`rZMlAZJttW_O{u-@(wBT|)zceE*)cEzd(8qzy491f-}>K;J0X;3s(M@WUgGg94gi zJ=D@Vmrj;iF9EZ-ZD(T-q|KUoDiz2mNzjiHDuy;=rWdtJ@-EgAOdt6kK;G3QpO&%Q zHu1S;>GUOs-J4{K;R=Lt^Vf!0Q2a=mGlnxrW9eTpo%`kg4&_XBr$zGXL`3&hHFp@N zaCo${%0P;4q_4QRC0PX}NcX|%bHF#yU$fGC_S?Rh1cp96CX=;z{~=DH2jTLJ=4`#YyyLZ;Cvfi)t#okF9uvv@HPw8K?qw)yjt`n&3pQk5Pxo259BH& z?mDQy&}b@1SHFv5SW{SB?`^~EzY2w)R`DsBkQ=Rr&P{k~$h3<}(3PLANNqt)s986d#s>76x3 zO(Nub1?p;7`t=2^>*vwyCxNPnmD_`MZp0KG8TtbE{~*;s$H$uvtg3X$x{yA8)nDgX zPRjbX%)3xJnj)DQrH!;Xg>Cx>b}|2z>}Qi;`Fxl3c&l$v}7UEO> z&GbeG7^I@R(74W@t-(*Pr7^4}XpU6pkAO+Un^q|ph?sGqidWS|I_CSTw{;)8Q&u8K z3z33=ytn&=3v1V*^OoqC^>cv8AL~TurTq^w0hWRl;~W?_iTYwCTCEX`1kOiAz)DZu zqi1>uuaLkW8cp59!{bWY&BKF(J_5`mR{kJ)w#tcO3+JCO&bgu(eUILRXa{+;ZYYsA zEc5NRBOlVfjEs!Hnt!ax|3vq{w!4jYEATra^KU)|@$G%U-|9g_kQoRT?dnn^3|41n ziv2S25cUK!BOaIqe#Kf>6-db)E4005Df;`(LT`hd>YK>=Per#jYcM2@=rA97-G-dh zB}|@|u%oSQm0TR~4E~>gk5UJCPQXj}U*Y;cOZqRW+XpfrF2w;M7tL<52w*>Hq&%|36r!xm%o=1wlBszydfE+SfptlikX32;?WU={4D<4oShX=G1Q~CYx9@6(#TV`-&|O(#>lO)6G|kATQzRX-jE^ zrOy^6#Vr-_A#Y$h^GlLI37;w2H?oKFKhz`V@Zp6I7z~z97M^cbPxTp)ATjQvVnZKQ z##}WX6B>nm^{U;Tt7blSTuur16Y4&LdrIun3!Et)o?S((xyQwqvDKGFE?TzcI0-St zn@`%l{#4{yFR|#k??3uMXd*#b>FIQHO8lmAphcPiCo|uoW+I{1(eSkaH?wksYA<_& zV;|mcIb7x<{_&3GyPzYlPdY*u$eaREOg@+4$;GRk`6Gh)nK@IQMv{ zn;1oyB<{TRH4)BK`_Wf-Y|mBK?gJ#(1lk?}6a^lQ=R-TESpe?U$LXho(3F8gxxT%% z^Hd0D3h<`a_~GYWAn~ySPFR^T>;3l^uvFLT_GmcOo9PCqtYmJYIcGJEvB0!#YrU6Q zY|ESmN*@vM%V}A6&!F{9iPAD_5fN-QZzo2~bPZ-3{>$(7T-ax^&JXRVgf zp1o6e1=e5h$VblMi-}iR-cFDde>#H0NYr(A$`DT zT?--O(c>o~I|u=?IvP6h`*$5=khWPg8b;cPi5CX;yCq$FcVQmz?@MCV{R)V1n>FXy z_=~=-s)%-9ly3G=-FeNJV+fmKNHY!O1C*BE`OtOr;@bS^rzYPZt81Z^Q&o{?_$z1O ztF4KPmi)E9VfS9}C;HV-YdO#3ZrPq7`4;T8TXw5E1D^@xD8A&6vQlPJ?d@&-j~sKw z1i(u9T|*u{g>(@eXZjx606V{%r+GwDfD^+=Klms6q?qZ(!}5Ix_8K)Zx;`cP^-+@+}D~>H`V_hg{m%>H*Wg^MI{hWyU4Mhg!!OgKF_d37Y8@YG< zZeljO3)COi)y$N) z`ikEppBcG@$x*nWiju6CaCwA|Dj{{_cF=moR@i|3u*Bx2uhHqjQ2zF9Lp~lJ6h*rl z**?48wLHlLyEQ5E>=oN_eVOIgm`X9~*3#&~AK(42F@4^d$3d>dU>8%u>Y&1tjU1XM zzniS#&m3M-vc!rPO-0tMXe0~1iEl8lVN_!9A4F-ZhWJ%!uW=mgT<68(&g#T#t8OiH zYEzp!fHQms?+8&h5B|>>V<3AN+*bap4v+l?wB1H~THAWPDY}guB_H)?*7ZGwd2zpL;W2TP>#i8EAYuF)U5cW*#NNF6ta4vk zgthmk@y6FoYr>TFw%MT7`s&(TQrnZn@3tWZ>B^l);(;ya+w7t%B^9#{D<8ql4x31a zP9wwMy7kS9jS0i6`-;uFLID z`Oy#IDPZ4qp1V9#g*F9dG@Uokv+3iavtu09M9fh^WDHOi<|@&vQk&C9_LrU6NnN?M zpFTFv-11(%#hGRX6}kJxPk$-o_CM>1(!CR#?!tTdMcF6XJXwyQeX^dyS5$&PXWGL( zmj2v)?UY)(FGW#D_y)T%;k(~~)9^j>C|beN1_euac5Y%VfnRSiOUAY0s7|=wchMuq zPWj?bA{DX48_PQnJw4b~Aur9awupMc|5d_Ih%;XfbX%X}@aD4*4cGJY)B^g_Ez`fA zP|$vw6Kx2aU-CvWFqR_@%UEmn zhZQqy2OE%0|G=}r%im5}@hlq3XqoDlvn3bs!oX99?K|Ja6Y7erpURrwuyYG|yARW5 zUNKP{y_4jYa(>^#Df7boyJmA^)av6CP72$m-+eMc*SKCr|Tw|2?ri zWGSVsQzwDOzhccNYQMq5nG0iDZmOW>Isvy>g;2S$xMv8q#(kPl0@h)#n2^7O4W-dO&Qt+ zh7JX0N^CTIym07=N#n+RYSOO{=Bqn!@$2K#kvph47yptp->@g2AG9TBXZa-Evgo?k zz}eQ_J5E=Rm*YO_DwpDEJBB)mztvXzSjw6 zJb#knuq@c3?}1IA>-;eE?+ycEX2u2d!t~b8t zI_{8(P>6*>AQwY(LiIeh`7K3*fNM}4O#dMLa&qn5i-*f@USZh!L6B#iAe$#FVt?SU zgjmDS#00#UxL)hsPw?-1KGJUQ4a$iFu%B7}oNLWz&E<{?GAsRyOgcqNED#6Fr0wj< zM@%Hme3~NETS1m!M1xH|xOI*kA4#MYEsr5hSW=ygbcR?=oT9&w?vbv`t6fw@5qz5D z*Px{_2zRO{FGV38>5_^1L=U2mGet#5%)2V-ts{wGc>{zx0pT&5m(4;U9iC&-QB@mDH1pz4Kp`9Xgp0m@|)QrIc31_RwQxEdI zWbhhPuyELtC-a1bLd%;%A~PPU)6??mFDY@$Cy^^*0XY%kgSQ6%B6*qP+3Z+td8f+} zts^|x*yh?w$)hRa&CTL8zO5of3%co7K#(9vWv%e!*1VAAHjw$0CMxyCw|8A#M8+;C zAXqC5TaZY~qh#^L#Gid&d{#v0;4ji%+C+^W6dm6C70XC0w9Lm?u!W-hrkn}s;bkzv z?u+)6za3ib6)^?|bi07sH;NKkTIW_Lq#P#~8G%o`; zJ$E=&9juvm!kHQ!FL{i0exCoPUF7#q40*U;{UMPfEvN#=N~vl&aA{{(-z5}U+ICp zkiZX9-(AqmH|E`P&aA~~MC5HKP@>!-M-BXxB;X*+*>Da6s3mgMWG6QKSITX+I^R<!9)Bpz9rAf7lc(T3ruo(^kAs1?d-9)3?I*aEPA z7mp{LI(Ai(d+G5$N35ysB7VP#QRUApa92;`N&5iVfX9 z>YM2Y>4$DsDJgF+ROF7&W~rDAO0PG^BOx@i&is6#3=jOF*x{XOGpPBf)5(3bZrWa1 zj;{Mk>!)*{2YL@Fxln3hNPAFjW~b}*kub;0y(fc-{^D|!Uk&+xj1Ew80rZE_2sAI6Ht#XYJ{A4~(B*xnJe7Of#Is%f#XGq3 zt4qyC`@S0Z`)!NTr2I62(xWUEBo$G=JJg5ycXVvobN_BbE)klnCn$qfUjIiQ2w*e+ z1uZen)B)CD7CC*%$ia@Lt6I`AnD3oNuiNy4LY;ZH*pNvr8IcQ4q&-qNla6E^b8gyL zPE6_7u*_VWg_!{BfiWwtr7pKIMc>7&{j%h$gcyIOhzqIw9%i15RM;NV-ZyH!K9B-% z#Vg4;VyNdK@Mf{;fld2@LvgA8+eTXw3Z>s}Q+{24?=%TwO@@ON?#RhdzDvy&a{5p~ z*=rCE)9LI@)`?2i=G)ojX=cXfdNnkTBGj|+8x+WAw7IA+VC zb;(_{3PhR;5wn0BpvC=zQe;7+E%njt*;2222Q& z*}}@JK!j3}mOM$vC)2iRvcl76{)PjqzZEL>Hi-@=6$&lhnGhOl1I;^iHGcy4UIJ;C zI&NKTAzhX$InlMbstQag?wannZ@zOIWFjfS#^}zochD_AXh+bAxZ{S8OI@W%(hHBp zd5Z#qe8m*2*n=*vQ!KO>S)79&h4Ynd8_h;alkXwA9_pMfG+R-)fj&V=3>Lec8xopX-T!=bQNMM@n9;awQL~|&euB=Ng4yA zUl?8QNQ#_4OC`On%|L?TO8KZM!|jPWLh14)lVZ42pq!w=?kPM~QY3bhN`eVwf6%@+ z=a8~fO$U9~Ch?9Oy~_;AH&$9}EQOByHOK$#6TF5K3oijks6lCIX`Gm}=7nL$V%pEE z9f(6s-s^KJR-mkVUkWlM zH|jpLhYM?h8zjH17*`Fv0q~y{`k^)Bo&5 zWX9x|*zxl@(tE3UonqtjF;U>|PcOv}!t1A=kf$stg6kF=z=!;|?gHrE*TR5v0kCyD z?=)f;RK2${pC^AAHIjICH$63S&ir9pl4$D>gPE^0@=2}NXpUMpBKN5cM$RCyXpMcq zcc#m_%Lcr=9KZoam8ok;Mb&Q4FDP4u&gS~v%NIurZwPJ0SL=v4;1$JA%Ak8#G{}fh z6^TdJ5bt(_^rq}W6uhrIyVY5!%6E)1W4WjwM*vnzq~SMR6R5#oTIaYX7deiV66{H# z9SWudqd=u4yA3e}3pq=(q7RcKsag$3yfi$(q$kBmAp+K6%PO!KwEi*4ee;g54St+@ z{ORO3x4lZfHUoR{)#|~D!|yKQPI!7orDp++Cv5@UI%k;?d<2`o)77HkBj`pg&M=-? zmVVJE_thShInR(3PC`yb@L5U+x>4z}!&MkO$Zv-z^d zyMv<^h9=88H5{{}lrIR6Ozl|=Gle^z8z{b_2|j)txO;e?RqE1kL&?irj}XY*mT$lf zOY9SsVJPrrPGpO^-L{O2T99Ud#~>W;8V7?u=kXvecDuyw57hewpQj#{Xn2Z*(`TNQ zY_~*FH*6>QHov}eW+U=6WS@jW?l-^Q#S5;ji?eLThG`#0p>>I8KYS3oKh2ZN-fPI2 zAuS-WgGy(A;cmJ{yW_O%+TT_(N^bqtFM5>RBh}4n+S*r`n#?UuB~UKr;Y`O+#?kak zE=9+M{RRB`E`ru`xxY2^&y>9K2Gt&(!9l?~e3zY$PbY4#Nyi_7&x;oK*|5+%dlnTK z0L@4-e1`e59oxI-{Rs8H1NKsNsXC5J(q%I|s69U!L<`_VjO+x*43Y6zCIWUZD>;OK zDFp8Bj;DY++UOA9gAGzR7*}@h2Yjk)xx=UwpDOqtVs~b+1{Et2LDWdzpWV84B8txZ zf$wZGG$)o;@etR)L?9UT!NeS09+`!&1@42h9IE$>!@Xp#0}~-fSq5?6pYU1h%K$dv zwnL513#iNV^M#dIT$?T=Zr+|?$PH@z%j}X{ z?`pw2p7HZ7r7I5-z}E(Z5_?&{t}hHU`;89Chk{02gPHOD(eVN_WCi!&UL?j<4{swi zYL5Z(?z5UF;zd#sy|6pBy7cp%WCLF_R43;?#g%oOtKSxE>OibSMpq2xwRAEuOuriL zAUPE5)zmSnccM6Y?M9`4HKI{PX*-;BkS&6{7QLAio}^?pT5OH&B5Pzy|q78Sjd* z*RJSqRIRgT$StybTT#^82*-kOo_mv62bvf1S3#@T!J0qZoPUFn|EqpP>ni1o&p4;P zV#rK-_nIhhCXeRurwMNwDHrt}Ef-B^fL5GjxAxeFM>pWR&uW#ZlPhOjpr-$3LE zGgq;v_ako5_{`D|HWNs6j9;yE&1uE%p6Zs{oRD0xB2yZYMaE^>sC1!l@WY_;-2^D`M}Vzbh}-& ztjzh2^8Ac^t{S%#+ja|qGx6kS2|wjsFsAsSosZOFK^vw{{~84`-5E-Txz?+LZS;l8FE^axx#nO;>y&W>q&=p0`bFz>@({N;HV9^gV3wXF9J$_>*8w1b&{L5Y8MjO?yo_;zhy21?Rn-xzJ)Y3)mzO`r~7 zjUQ_P9QR!A^U|vZA-J~c=Scy5mr#Xzuivj{hwZ(*%XahUC5+Ww*ARq5N<)q(uPEUN zS~Z^u4o|g@P{bj#PI*sm+-hzMlC6t1{BcC@=5R~sTXdh zqI5sh1~Sy8LfcIdUB>zYf+W0A-3_bn9!nj7)#is5H|Ni`Tj7hoIE;y7H!xpO;zs-D zeT#)-eol-jR`mG6YVrSTw58~hi_!ty(->iO2e}AnOy?N+@M`glGd_SMqEBac=#A)H zclc4;k8;O6;jPsmRl1Hiw;w}Yi!-;_e;Oj(l_U2mijG%y;3=k^e(6p!f>CX{JIyq! zLOq6oQlrCh&VK$zdlADDcw-{?`|G>*;((TbRcYR0Dx@z3+9gCyf>}tzY<0MXc!~kN z1%4Xi#o)8vw<=k=xq~{f9~Ex*Xyhm+pO4(HJkB|@?xvWutzipJ6c4XyOGs*bF~BP*s( zOm1@&SGd+f*nYVxcdBYw-Zc{vQ-r&znerHWbU!wNKo?ftk%xxxD6t_K~L~|P%iP&G&67xAX%CH>fyy(vA zj2p_xi5}!_igM9pji7XFr#=)igh~8;OHYBBL;rPxUMVP{?vdpi(&@*8iu(#jj4gb< zy$p+S&MD#uyxaM%0YiRidvtE8R$Do$k*d*+L}Hh8+FZQF_~=^GTvp|*y;=I)3txRe zg-kLI;JUMKqy&4HO0kj_G9lL}#$7{T-b+@8&9(AZ?zfJno?8VT5lou`1egpsF&~T< zrlu>~tJk4CO6vhC_5wWz7yo;YScqE~s*Ztknf+okMoQeB8J1y5GUI%c@If_=VY#S} zVQx)#u=OR)QJ0l#{cUO3zB%isStXeZ-w<^_nLPFfB{2FP(>u03g6#{Kahfoa-AbDgaP&@82w}^|NKQ^LY%^<=2=Q9&`bb*B0j* z5=K~k7||%@A;7WSxC81WXF{T5qGP?7-OI@<-NY%TR>Y=4Rtlh6YS1Y90$@^#&!o3# zJfj?Q!&cQT9W|p=jRj&YG%)v&q)}ZVUj0RAs#Og5SRQnIwMdj3v zuu9)5McoK~U2_p+Wu34Vvk8$dAp@n@zxA7m_8l4vgL&FIs*UctN>EID6SD^_2KAR+ z&;RwbT`1p4TSV2&DKTnEekGsGaQ#mE^Ff6$qeTkb4?j!O(RzN$3xj{+oE4i4jNe^Qoce5;|m^;V@n_`~$vL#vWFN1~83b9_)o!ei? zIumDZ*mZ6o>*8p1#88|cQZ6i5Nx5=94mZ&t8iX5s^&YYjd;r7hn(e-T`^^S>eTVOg zhNZ0r+qrJB#a|pv-wN1nl2#&|>mKU$ikaFfyypTR!rx)fg1-k;NY-JU|0s6;{fLda zQY}5t)-9oJn->cdjY44caC3zz;&drvbRL7v81vM1?$$UicZRT{>$$yu_5K|po9b1t^f zW2_G5VwISeQ8-U3LdBbMGFin)!$WBKvIAvwaP9yZc$%47!~j4r3+g2z5Wl<>yvAnT zrnEy;w6PSG>bDo@=!)Y8aOIRUWaiWRQn4uyRDQv-YA2}_F4oR6-Z*RIS5Y9Lw5|#S z@}pT7gMK*ZzNK8ao*7YI6+s5kW^=M~VZcQP$b8c@dFQ$4Z-beIx;ilMFs^W4+z;mt ze_umhjG0G-=FV#vQQV4N2Yiut?lWdqO?{bnE7ItVUV$95hFk+NNAM{qijpNR+gFx~ zOi+O~z&YZAT+o(XFrNwF1=^?Z6eo(dUDRB%6|wrV_M%B>KQKf`pPG`_4U4+35?WfF zF_&z*9x7?(Vdgo0j5PX<#8ySGJkW;oeoja|9CZLi$H;bIY@IVF`emr-`XftmvVo7z6KK zJXbWB3V(q!aG*l&otgbU{5`Q8Ornr}Io)IjuxFDWA7?Wf_G$aJzk88&egJff8%yX zwcFZ^-EP~PlnVYDTC##>X3T8xsq9AG$UufUvxXlp*bW|M?61*xf~nuPm;C@m|lkln5IRYE2 z#c6Q>0Ijgv)SGCHIHlGydC$OdFx!W4K2Pm(>KTmZ(G5&-vO2T_++8@lW5@O5X{`6` zrtCaK;jGsSVjqvPCmu>|ukFT>0ezM{Spelp@9(SlX7&$z053MB9_*-Hsu#b(i1W$10Nq0IZEC%WWU4UF7|gbP+}NAy3Tv__*V?L-^kI`F3JLiwAgphi@39NZlCV*L2VeZ%pJ2xI z$fVr!aHd++ZriBA8tzV<2cxLO-^Zo^6?+oSeRk6z-^eR)bG1v{?o@baC_L8!aCp#b zo3ja6SRC|=HXDdM){(XI=V#Tr_vVkCBpJ@<Z z=eTk}d1$qO)xAoTT`lb9#ms$UVDF?ZIwz@Kd@%fwH0>9a;G$K*i>;z@-|fG5qpQnQ zWYt(tnc92l=VLC8aUCmGk!~^xUJk@Os9zawJ2o;$?UGb?l60pT-#rMX14p}lWYv2&80v`Lv0JL$|1v4=al-${_D4R6IdRza>D*ip@7z%| zhn9>P^0lEr;*2Au!qxB_=;+^Z3pr7j0fgP6%E63X{<4^YFqJd4c5ys)gG?!iIz;KXMrOBdT}=9KJem%%|0{ZTohCT0 z1Nlrnh@;X%+;~W~81Nr?2nz#KT+-c4nz=nmF-ZcBj&BS1RpdVd$3gEO>GOtJ2u75z z3;@%@^uBhpX|1z8#AF4Kz6(5}h$5dQGilC>gFU?#%Mct9exyjw(Ri59zuUw31!v*x zdTZm$q`rkIC>--q!?^RPt(wyMB*tjmr$KexY}9_t2rTBer-yx?zII_$i1L`W+AS`v zjyJ~@e%=I#e@54hSCx4%CoaUqygFyckqc`+PDLuDX9T4`!V7B)_E?e3GiAPitFj&j z0o0QAmc13%h86Vw&6s6m-U}=(<;5be-qlmygiMy9H~|La?C4iWMmC1eaj{?7iRj{LeY}y`S%g`-L&` z8wn$sYt6ale4hEtm3hL4LxQ3VZ8g*|iZFCRP%OQa){MUh?{m?Z?O#P3KyO>V5VbiN z7=d!V0&%gjy|@KuHm{!f0C6WUfKpy0NsdFaBun{uqkOB+9nq<63O`kPcH9v+-h6M3 zdV78Xs=!K&Cn?S7RgD5=PH~urNF;XB0Q161LP=+CT!ON8sXSgUb>))|ur9N3!T|7h z_nNqRG-q&X~B&kvxVTMA&74=;pc|0WJ{8i7{r9{X(m%o&|Rz5}9WiBLZ zQ78JA920=#5*^3=>n%X57Wxp*iUsU7hd4D>i6^Ybu(VIYybC>DtuK&KBmKX74XmPs zPy73QcwUu&(cG1`%1-1aKjU#~xLVub2fULCedIm#K=NE}_8o#e-ONF%*3H@TaMU)N zQ+`}V89p7P<2+)Kr|@w1z`x_hklTpTCQ{f)W5%eQJVw%7pu`R@Oo>>x{H zX|PSAjDMQFw>J4bnh+k6XtyLTbyydxAQX-r*1AfF+yLH$_$@F!UEX*ZDf==!i5`Y} zL!i1A4%kwCN*gcW7A`_e?tN**B;_ZHASR9AH=WH*CP51*GHPrOy#)bf+C5&?7y}Anbm-n?cpijETzg*Olx5f5Y`YoywFyB zZ#6D_(RPCNH%NlCy@nmic&N}>b89Ky0SW>}V{;zVqU-^dxvDH5)FNmf!}@Gk32@`z zyRDRzTM2a(=N~(#rX2T$1AfcG4hn+(B4u-}6(VodLva#rSH?_*7%V{-eQP{l!W0vq zFZ=ksR%S>YCQ@Q%)(suIG&Nro_wE>X33v|-SIlg*(l3GX1yz!FYb1B!hc_sFyRSV; zsO1N*oYZDIFD;mVly9NU6TJ4swqKo^Hk`>lQDHNyB+9lRYtUuJB7cl0CSg!pG01Z9 ztHoimkViH>AHal8hu(6q|3a}KD~g%f5-7!R-1^NiXIm{N3#1JXhJWd!E`5^h;M236 zP##vUsdq-+x;%US302CPIdXMmEsIU3Kcca>3zsO&m<1o`qYOZ3N`b2CSTx~(WAAsf4}fT{zjp_X)#R6xZbj84viJPe3~)D(-=hnA z9l5|`3)eZRQylOSQW*w56&dzsqCL(Y-pbNI3+l5jq-tkIyrE+KiHL;#0jNpz07zY# zaO+QY#Y=H?8UKkZJjNKjKbP-rd>;K7$bP90rnoPxCq20s~PB#h=V?SaK}_bx}iJM0ebI_UVs zc*F=SWC^=3Llk_B@%i+H1W9^9S|dL6+6aTiKOPyuMfHE z_kDBAxJuY=dQXb@(~`l*im>@a!s*H7)(~G^7PF@34jn5w8DeGuGw36vI7fHEKnnOR?_<%O|dNGlTFy0 z4sG#ZD)fHj8}up?Nh?FvIh-tP?$h`sHp6u5?XB+`l;hHxq|cXZLd%vQA|a=R4m;RD zZr1Kk2CQU6R$(>i4NQeji+YmlQ+z_RBuG5sI%TkVP+bndewiyMJrVykqBr1_feuBY z%5cI_a&)9I2@BD&Hs~R$c%K~s5iK`lw=^$qmVuh6y8;xk%{l!67wTGlKH^o6T3$yi zr~qy?g6b!TGNC-2JgV`e=mO{&utG$e{dkQQa17#MM&7(R*4Jcr2l24cp01Et5o#-- zzOmE_TM-FoI)v^;UYLgzJV!2Df3vl67GfOz5@rG6)HeLA&^14hI5_c@kIf~+F6UYB*4B^ z_!kE8i#B>6Qo0ywHom&TaS0z=H6e{qrOMOndr$Ka~1}pR8fMl_fqNO_v z2@6->k+p<3vz~_O0Emf5;f))1#18VEGs**hQ~`I!hYCvj0_FH{In@F{ zM^ao;Dyt8O@rl5BhE|9ADs>ZpLtiTYxMIqcq1?z=)ez9c^GoP;R&ws^ODt(74jBX3@vd1QISEbFIA>$6IJ z@|pFuK8z{yh_Y0sg`T|}x=>_0q-G7pjp}BNI~$0D)fdW>w$>#~!w|GHGA@OV(VOW^ z@(TSt*Hp(ocbbap+EX#q`mXx5O5}$jj5oH{R2of505T|w$LCPP$|pE!Vkzrccv}l= zCq=|V6xAv zTV;#zzq9K9*_wmJkg%W^kgHlGulyOmti>mY{cq(4BJlxok7otEv=jOnhu$-Fo#(-( zxOjb;rw$_yf{KqHIVuknJ+?N!{8~;C3+9}tua@6$5w`R+Lp zH_lYPe}jy&rE+M>oMqpPZwVcPn?{6zFkZrd4~INRzg&RXlPuSx#1BoZsZ z{7X;Au*m)&w(;b{zl5zRDc4W_qdm<2QhS7>V*ir|{Lhab1n=IQCsR&l-o+lP1_WJZ zja+7-+q@T>1*Djsg|oQ{&{xhNt6rX zwfWNe$JB^rqXqxBmAz^Z3H*`pP|fp8E09@0rIc)jw|^_e%-x>3WEW86D7cHiPeuaq58m4|{+%y*>v_4lug+bgep$8HRA z7O;4xf0WnbrdAiTc4L7g)Nyq-M{NPzbymOUx+OrQ@6Kz+rM(4uF4vZ4dG%^H^{)BL z-^PlY@8#f1)(9s^NRwhmf>;ri=QjN*U`*peS@=4kton*6U$O+dL^H@sg=LR*w~MzB z?*l~-AH-O$QJ-64u%OcW%lg=Xhq$5W)QgR7*=cl+;trEkc5}HM6wrgjD>DeQ{J1_g z-D{@15Sw6;icE=J2~j;>w7*6F@wXSit9a$yLC@c?a(@75l)S6}1QXFSJ5wln{RSL~ z5-7<^mnd~N5#^Oyn*8M_s9eMeM9MupVD^X6EVms;!EX3ERKUP3RB=GSulcvmd>EOpF!wf^^Rl}s8M;VF)ib9SpQZ?iBi@JO_Lbxl_+C6WCov6H*aq; zL5uq+{Vhu`jc)-^A=DHz?|7T}4oePye4EU6UlNR+KDk}br6D^n8mZv>xzlIIO|DPU zsNEp2UmVyZ3DKvI%FMkY8%SdUEnFXKeC_&$T13{hybX3A(QS)%*9!EdXH3^+cIvG@ z4+^On-`g`{<;6YWok=X5j5SAl?_lUF1lBN%%&f__6E#G*D@pz;2Isb63-jh#pDMlI zGV8X}2@WF@7jwDVP_>B-yr5jNvjt`^D)H8vZj8m#yjiKxe8~ z+0m8$>H!>~6nBoo5GqvQu5*#vrhGDL2JzE*=iP?9*~Q%+G?-@GoAYXjeSI79%*rN6tM}AgG@NYpGDjk2M_I2SJw>^p zg3%aQaqTQ%A=FSZz(%f=Tem>PpPX;REcsmfN{PD#3NpE5-&hv<*E3V3#?NP{iox z27%Wx=*&$SUXG&-j7_~d`4L%X^pcXDBYTJ&G9 zsFTHEGXk3%oO6tcZR6*i)1H%(W7F2b&%o9B9!imcFAZ);_k)V2z(-bBg#*e1(;YQC zb&cA#=DQK+?)g{RxA@k>TLRYGY+{@kpKnK=3%j-7aE?6?pIxV{ZN`C9$4;c?MiEZ- z^}>>8RC4~*)=JO@RJ~Gj)9m5X9#MxcUk-B_kF7tp^KNCw_AzrO!-+5=Rzrnd z@0r$VhW}(CrEYRel(hAzKYFD^Z>wF=98lGMW-942)Jn8c`gP-BFKaS0=a^%sXqMe*%jOmyJ8~$%Ah(59dn1QV-yirpR#Q zR)@d&k{~u+`T0YRR7%o=-e|QF1JYk2I0H44{NZl61R>!$dC_S}2rV0~g46vd1b`vd zoV0jqXI4$oT0bc%ALdZP4RDHUP)M`zl?54aL-VsvyzTiC3yPTR7bkoKlAA^bLX^GW z0${JsIxbWhv#>4?VlId49;+2Y26!$5Q8_St+vaRixTkUU?$j$;+}>C=V#-6ZHjtSj z8-E@)fsB=ouS6YMH0`D&N4KxeETN8dn)~~iPip+1%ln()CQNW|3t11aJ6Y;y;UffI zAIA!Lfm)46l%8HnJjt6!k5(30jYSK1<%u)SxGFJIjo=%fH|NJVrtNP?Z?m-v&OdLS|>FMs(O<=su5F6S5c-a%HYRFij0a)w)?(BQD9 z#kt*6=(#fYwRh-0=TqP(?sV{n*PY(tdODn)KPKcfDSs{*(6VVNy&+06ma5Q^q7;02 zffpi0)Zo;4=%|-fmEZqmQaJpbn=v~#)ax?>Fsfid2=ag`?MI{ndQ|PH!)X)J6zdI? z?~;z)#512$gGz*fr(Zq*FT0AN$48ARS-Hi5nk!RAiVQ|aM1tY7FfPANUVrvXF81_t zW?{kQkSzt+<{C`u@<`;;+5$AzZ#u8aZ2Rr0g=~q?G1 zEM(~@NhQQ~j(yGQxS+pYT$qHKS*lJOok4)Q|tlJo^HE==kx|) zb@ZaI_5@z<(0K0hSd*ZoLihdoW^eY}O#HG9Pj}j4dA#x@7-!%biv5FQp6%eCc37eR zFHKKLBA^ol)+(UXNgyPqM+~{m+2#YQXr=y5ZnO(q1GMllH88>h>z)QwG<4fJT*0J6d~!vh#(tG zT#ltjVq>!%2gIF$=qXhNScUe zZ_I4}+8H>yp_ql(KSqwDhQBjlt3|Wjfn`LNz=zK7AFOpe zCe-OGk;OkxOv9}(NTj>#b_t^;R;SPlV$6sV-T(HWRXm+w(o#q&Dvjv-Q;JzDLZkwN zx#w!EL+p$Zp(f}#fIGPBPiP;Vx=U4xc}^v3G#}J5^&)Z6f*9qhpQ>N5u0>A9&&Bms znMICMoj7swfM$PFotE$JWYd#&tzg(KJ@^lq?X*E-#?&a#t2C&_A~UXs~l+K zq*o><8CZyKa`RBm2b+dwi*Y1nXFr)kxc042wnsW8v_K5ywxyXfy}+$|{=$QSgN0kv z$kD9i`#{eq5tSLYf!X2_yv0zX^vKIKpU1r_{U}vOug$Cz%FCeGAaPmDxT0YHbTlSo z6OMacneONz7znrn}};IGvMQ9uRod547+$E*g}OY*K38vCN} zR8qi4&0PRiX$o(k=L_$)zL=nAP3^TaJ3zGIj*;)oKef#+MbxN~+sj7+j%5))s_0M1 zXa8`^B>(s|B8z>;^%h~;^?4)kDOUHFA+qp(%G8%U+4xL5!{gWCG#qhXkUV5bP|ed) zFUUdw#p4T+`Jp!iOzl&~d&3>L+Q^j7!2j{l)}FH7^#|t89zDRjjj>{ z_H_5|%E-k==pWb!eMB_)Fap*svUfmqTCgFP!9`_FD6X5W#zU4rKGKnKmJiKW??tjT zCXVq_i)!d5Ig0X+B`-0=My^09y%{>O{;YnqeaMbja0a`zXcF0NrL1Fg9c$ml>KBd3 zK9E)&i@j(ej(6?Lhn%uYs$2@J?kH8-UZuH6yJkGw3giBxzgK0Ay@6g-fUK#CWG<&q zTopJK>7<=-8aQ1u*RcWc4sPn9SKSg#@VCK*;EoJ@*{r+tKMg-KBDXd=A+?#)qHN^x zkd*&>m8bOfuYI1)0+^y7>4yj#7j|J6Lc~d*Pn9-!xK827YG*<&+8%tBAwZk&L`C1} z>nhvp$ehM03_V+$Gb*o5WN`4JKi?k zHomzE99xW8+5!IK)23#F>riy+fe}%|Rt^Ck7-C6`VG7pyu)Z0LdDRzIf z0?x*ObK1GkeHWE;@j*$$Y_pcnN!%KIG)>Vov<|Q8#;h35oAGc!ccC1TCG^>*3frhc zh_M1QsVF2>m?(EL%zU6PzRvaHq(VZ0PghjAZRo8_2rjw;#^ zMXEyh5J;eI?Tf_{&iSYZf$$gVJg9c}=eEuPKX*&^X2E2~?r-~ShhkE=|Bco3ljb3a zzt;fm87Br-5Y7)PE#I6x5WCzYx|mIFi?9!tMfa|X@^@u@{(-$x*Y`o~V_nlgvi+

    $)qeUP+fbb+FuGML%kJ_Yxjp^82Kt5sy#$bq#`G@oGPKd3aIc58l~FjHDmeO5yjp zlf^++-wSuw7X&i283r^)qH0bMyS#zZ=ij98 z)OSmdcHZr(t<_iC?D-4b7UvxtUE31OHtYwJ$~Vy@?d@D!bauDd*BVPnuf+>IHZPyE zZ^pmo`f+rhKW1AmH){-K7m+KcX@L)1cRFf)DO=<;MrTQu+uqCKkI5CaU{%M{g(j2y;Mi`;LWInj5h3hr>%@rO^G_a^)#3ta zpV!A2ZC^_;hU{|x_%{X^r`n$~RFJlYe3s6|{@9g%42Jk%X)zvg?s{$BYcb^aEZqTq zoe^#0*wN_EO{~AUctFh|5sYsV;B?Qg{AHyK2ZDgjlp!c^qV&cuRh+TT{4+|%^|!}h z0XFIu)KRtd?=TmvLwC`Db*NLn)w`(aNUoO@(^OrZp-_z7hx$gz`Ji)ZMR*6(Ssw zJY`Fh`Z{OK&r)qj@Z!|xWhGHZdCAelslr;7j$d6#0b`?faQEPLmCmdUZ1)8gx6AdC zlXXXFEj}QM6~Ar&c8f9n{-S%=vmP;F$Y0+9K-bF{_QZ$z(Z4Tf<38e8IRAe0ZSPDJ zh6aHlC(ugi+?R<>b6hQU90dP`tiF8P^9&0SxD;Oso}8!pb^eSDbV{4pV|g@Wa=je3 zh)k5cW{&C!&>ir44l8szJ^3y*5LUQv}-NX{)>-H-A{DFKw!P2APduqLz7CjL~ZQVGhe@tdVms3kox?EnT=vGr_H0zt~RK z=nnM0c_dHme?O^QZyeL$@w~tb2Zo_i>{?PGRpLwjZzw43%4e*Me`RTCm=^7ScdcJNS6GKyBEIB`1ZW4*ms@-{43%|} z41db2ij0hOsLqp`mV43AL{e_jghNzF9eG-Ruk}~9%o~)OezNJAvQmZ!UTusJdG=lG z$kKLM+hci7)P|XV-bdxK*GnlgjLV4Eiy;tQf?kHVz28@YF+_!`Ss`2Fg=X6cPrspW zACHbVk|f;-I(f7-uG7}4T zGOoI;K{x`?6HlrH=bYUt%8tmsyWZHWnmFM}guk9M6aP8jq=;h^_>N+~bw`KNclvqD z@xm3Cp&XQ>@pNx=@ikC5$xmdD)cF5l>NGGlxz2m3_AEBt4a0*naZbT%@Kh_eqIix%&9IqRp62+W(G6@)&2^hA6W79XwVbx}?;gcu`M#kJ*nBu?YPNPH zD`Yj>ZhpA@c~%c*SByO%o=^y$<`xou=}1TcXNDhRU0Pjh<3?d2J{JKPn4i%hNzzBI zD^t9?uIXKxYQN>b&#ARBdF66d?euzX`H%AjSJoJzbpV^u**&^bJm{KufzpiTu*Twx za093v@WxnuLvsZp|G$X>(pm)H@5?9lkBoZXioYB6z*JA}_0Fz=-;KG}y57o~_Kb73 zelQUXA(5{xSJrDfATbJDi#_Nf;G|;X-Q38*5c>LlD?uHC7)LvRv`Pw%`JCc<^+nY5af1SNmA^KOYjQi zbVE27`TG)#0k6>ng(1Pz# zjMLbSRzeSZstcAQ3z7pLd(Q{byk(SI6~tBq#g`W3!1xD*ldCv9pt&?LXEL@nMKppX zS|D3w9jdhXi12dt;-DhP@pNi=9>{4iOHi~_;qCw9i4j}Sp1zXM!JA*cXtesX#w{TF z5k_|Q3;xenEnKF6rdeIu-mm3VNx(f+Zp z6_-=e6Wgvg+FhL?HLdf$$-c^^vUj<0;rj%{b}93mjm_kmhk^R~u47Wy^s~W`Jf+Kc zU>((rdr1yZon(Gp!=9y}e~~C+wumnmvAP*J5=y>(WnPMgZIoKRpeZ-{z?tDk9&{PG zqgJMM`2B&q>#y*lrA%+#Qoe2D6K(yV=bEjNB_$Q-x*BVcV}oq)_Llv~lmE?KMWKww z)g@#G;|7QC-u4$aF6a)Yb_}rX zYTjjebEfv)cvU6R#ToI`ROpy3U=17H&(imM*aa8DOZ%}PR7Ky1Bm{B4hPPr~8W^9l z_bst(wen--k)E&3)Zo``Uq0DTetJ02xCvTmnvdOBmki(H#YZ}TCEnBEbzGYfsAPD) zr1m}2KIsb9^u!^3=QN#&+xhha`t~>Dx08O>dPJT1ngu2Qm690mop!)(Mb864MVD8C?t})3n*XULa*yXibaKw~O1yA9YpzOXSgH zV<&G}_$US6si1uSP6~M2a2Z{;K1TSfdNJsmIb`RZyq@2KGfm&KIrO7M{}){;VZv8K z9b$Q&EflWQsh@5tuh`_fv8CZFRPO^6;xE>6?7>*h=Iof0Vr=q5@ zQd)7(qDWnX#Z(`a;;7mzh%}QGC z*g3qn-X7e-0%Ilu0h_q`qO@MzK-m5@F7^Q z?tqGK+i*!FC#H}Xbdqc7J;>twS~CySpV0J;ZNYBW7iOK^nlrvM?lNGv(k_?=_J44- z0B}98ZHbNgAVAz>^Csx$`dAifbFr|}b z|1MMN?*yuE|1ao+#NbI9ff7>I?CN6lys8WNLi`V2QkhAr9|LojNnvUQu9ien(~p~7 z@Ki*v-?8~%AfBxeOz__`+I;l-p^6M%^lT;v95%x#(a|^f_EHZTidN;{ z=cpe98jorRh%a-65^rrL|F!b4SS$3s%Dy*wYL{d^R#mB7n=e5}cR`uhR5>+%MdLywix^xbg^pDzo(m>mxT_P#e8 znm~?GhnDrm2vm3rfLVjBmzHX zEpO{2x5*qBlN!jgJ`#+VC?QQ@BYCmkEwp{`bb5L`wv?=-$4C46P1N9xAHD3xn~c5A_m%%Ed5vaM)NbJzu;_23o3Qcd zbtL@6d=S8wW>_CjQQC5<5NJB#om;rzfS~qm5Qv*CgmOsoCwdL*5$@frYji}}DX+7~ zhZDC3sN47g#f7ItlEteSfADO884jF%WEc`B_{G(y)7}}*iWDU%G1&~DRR7!x&pfMF z@weuIUj?|n<%CEx8VA8SGx_?H_?NrhnNz|c<8Ze*e}8}}%KPl5Zz1{DbaJA&Q6Tb^lj?Z)R3$U7O}E=t>c@(fglh&X=a4SXXommo zxCneDyNuUK)t814cg65q)`VbHqMWh6h-PweVAZp=)rCRrFF>fZpn73ZfWf5nMJ>19Q91Fc;SGqm#PNOh;v93z#f=n8^c}Mk3%CW-(VGrxH&sUz@@XXEs#0Lf6=Jrj2M?U_+sDe?`45VIZ|13V z$u(E5E+L9&kaZ94NO)~2KQfm(&Y-vUK7;E^09Wk7rH%}bA{ID& z9$5oeWVmD{P=YRSu~Eq~F??%jgi{uv!$cy+xLMfUnH8e!Z`y!1nigE1Q-aW*0z^V4 z0HQoxSM`GTUQ*_-Q5f$YD*dOGqBBns{}MFILG_P%HhTCLd#|l>J^{h7MNuykCddZY$iO>muNrXH6&)zekqk^7 ze*!$$>v8FV4-5mH*n+(bw!#8mX+;bQ0j-X`8*8p4>iX)96PrCiN6ijO&pfwn#mF z4BWm{4)Tn(^lnoTuW)rdr$uB9n0nns?5c@>uHpD``kbT}exW=*_3T{IpA&brKe?_c zc5GOs`N*lSQ5f;K8#BJseam2N-3vfv2R1-!Mi%Y@W@a{Y#~6H%ohX-@6CJYE>@0Pu zDg-vR2PG}%SK`@Ck6!P~H?$*L3?Y~Fu`W9p{C0=Whg$UvX!*7mZ~et0_cTZRFosi^ zWJUQIOFaxF&DiS3se$v-^~w@_gHGkr44pknKVpFKL6`9{+n? z*}Gpuc3l)^=jEOH@)@Cm*#Sh6ui3h2g6`hj@6~cUypp^o;B2{INn$e!O%0>`;CZ91 z^^vJ@1Dc{u7#OE?u|5P8RXF>gIP_Z5gNth-MBkl@nD6EJlv*PdsX0-r)N}BpLn=Q` z#~USHM_Hj_cNJxM*-IUgETumUJtrPZ$Q94N?9JKto-U@>@$AmZIV$6R_t=b#`+j5P zz>|;ma2jpOP1kttZEh!0`vCIOKa}-tMz}meG=jTj+|3kXOHvfwoL8SZVtd;X(l z8P(xpg^%R}S;rPFw!e5toDRL4^nQa+f3ZEESgbIozDO`NMz}J4JbC`rlg$@;&dr^! zVLiu_*5k0M;Z@2Y7(dB>IhNVx2rb~fM^DV?4dt78n!6vK@%*zuf-0u2ADuQxc;vJ_ zZ2EJ3sqeg?Za$T}Ulq5Z&xod#y}O1LTA1w7Es=1-Dk>q$r89Or>@pc6uQg}5m)KAg zIEUcgtITtFPC}nK5)1K)>fcV>0ZE3j)P=1Thx`&p;1ja#8uPQoGl0-~Ii(+?1+vN=W*!t{11)KvNb9AK@?q zmoG0WuK>+kpIVJ4H2?)0^2A)QJD;-oQs$I+lZ8H6k~Y1tS%nNnu-%uSYobyUeYvu< z-*GTvC=h&E3uV^~DsqA@iV$-9)9{@0EylPt^~%RnjYAKIPV-j%YNF{I^SH8%EfZ*9 z`$zDpf!?aR*fc=kOnrcOs=)S{H99z~vLRYXVBTr3$=2FZ^`A76x+^8Q8z%mx4z>Ka z*l|mq>5)onc-8`5wXwAPMG71gWJVjo`tH}MogBk(W}ryc9df+*RO?5r^#g%Q<2=FX zDzaAsWo}vi7$CNYsnIhn$;rh7#=l@Zm|NG_jB(}=&U!j7V3tn3trN2691^;c_o`9I(9oW+iwKI&=^N(@!pUlqdV}I2V0b_=qEaBd>wT%VKdkSu zzDC*NXQyHhb4O0NwY1B+*^@-()_;|cxl|2nO&(W*%G+XYl$u`x!? znQx4WjAH|p>Jx2P@~1$n1O<2$+u{ueWVM{vr(qaS^~E{uobWq?`~?V-XHt}HU`_wY zq@c{U;$Z%SnPOhD*Dtf#siA@+RKX}iNCc4&h-!wffJhkAeyz-}LBX^3g7*V#Pt*Gr zE@1n^GR_HH#96RHyX8p{$}GrRnAcd~zk3AODlndh*#l2)(Hkn!iS}VCtb6g-8fOYC zTuO`l^HV1>8BtECT0OCBC)2lHQLEmpsw$Zc_`13=*v+@W%=!1`^VihzIu|w$(rr)l z$OKwP&Gx=+ju=sam>SeAE}9=T_D$+z#0p0YG0j{mxQOf~Q_)i~Tc(Dx`LmB6GswoA zs~ZQ}wZ>WCY2$db-UyeIw(hFLwnwT%W*t&23?UJ7*1|mNw6pKf$yi?W=hU~vUr3cS zrNw94_VS9&;!wfyq`IuZR#0Cf;)>b|V?6dV;MN?IJv4R8j%~o3392;gtJ!za&16n( zu*NEb&F3HOW?n@vfp zs2JlKC;C|B^Jy?fD~W5*#}O@ZH_C1~cqnOAZSjQA~!ci~Fq{Nw%WfG5Z& zzpqGSTxl@7?8T|t8SW=2A-6l`6cKZ}LY34IGR;DZ?JiJ?5Cj(=>JGCtTc-`Ptc7$G zPr-_TlB69*2YE4=Z}gQG zl{A`+q*>xR=z%Ae2TmL{t*ASLMQGEc&vKDdQifPgoveD%+imv&x0<)gTH@`&#j~Un zONg32N@h$Eaf8g12pw2sWf;CZB z1&cLFqeMO1{snC>=*G)CJe~N+2|qIrY@p!j>??|amQa!LVqhBBnur>KN?%@8+rkM? zNL9J-sR~a}CM01Tb|Vt*7QuDe%!=zzSmaMljH{>;4c1RL^hiubgT3`5l&-*xo%w@5 zPe1K#OSyGEFpuIi zqfF}+*nlRF%1lsV0;kp7?7X}zcQ)mVbEAZ4%N?UB{{^{9aPxS3#W?*>UL`|bh4!(X znYwv&7@h8v-H72Mae;1b)r-G_V_rVi^^W|*vYG`dt`ei45PGybe{WIGy4?4VL)=yH zxM5RalhitWH#DS7V&;y;opVDB4!A3~`r*XVtQ(<@M%khDDxKy%qUEPZiT8b{POnp< zgxZ?QmoI=*%^1CpQL;t5DhQ;c^d+WgR$zJBV{vCy!e&-q;Ot*LBvMf`*qKGr6ig3d zKHr=BNpLT8WheTOy%B%h@hi2*}qa1mztGpQO!D$pCSI*LcT zEnVr?nE`%=9F=p5(t5vD4Jl`)^&vFelshSaQRR8npGh^_DPS*$)Uv*4ZBhCz=P#u! zW#qC?C_eeM7krbznQ`bA@cUus$EAH)_?oU->^X+u{@fI-Q%XFP*(Q#jKpv&xZBeXm zBde-##nPIh)gV$uUlAZ(51QnJjh60z$A<+yA_V2kmfS{^~b+3e-Gl)9VPigu|Mg+Q0ZH#T7S)mPQgp%f`@|}>2?f0|u zv+g5;9YT~uHQXQ`nKSd|eJb9+1zvjdq&^&=y z)_cC#5Z}X)ts8fZ@Osr7@ekM_9)%^z=(ydjcyx2W$Y6}TjwYig5LVIw`foWhSMiKr z#IMxT-xrC$=ey-*;Cte_`JI-9R&;zwNDj|tt@+4-o5Frx2JUY#HMB!u_f%}<~vg>l@+umNur~l~JWCGV0_#e5Na41i8 z={mf1{I-J%vGP;CjXZ_c#P1XkX?|`fB03Xs0=0*x?t*tX)4xrg+U__{j!yPuQjVV( zG~CT#!bD9S-3etUZvs4zSn6j50#YA(q1;X7a-uv2$F2$swuf4it*u{ZnpRS(i*R70 zGe&6E9|(Z-GkO~mXPp~m&N!3?gW)5}Wh2M%bEb2p`dRv`pn|F9ef8TJCKGg!3eoI{ z?3KZi1he&3ynl=qwJ^1-lHx*Y$kGnkex`lVkXW!WME-g`;n&pevB203E4=oU7$R9! z;W6V?#}res?@%~wf#EQ4VmqT}F50C+*ZF?)|G~@}eAnM5+kNI0UF2+f?w_)Ej33+> z62A{}2nY-AB}N8GhtkBV=wAlYe7JR)=WX}*`2_+eOkjPbgL zxA=em^=D%LWptL`mB@^b;a{V(cV3ey6&X9&|1iSj|5rQ4UpA-u*PEkXxc?*N3A!ps z`{XOP1MU1rzwUkBUJ5FiekJ#wgMD4J>- zY#y#(if+`I(+y`%DdaqJ4}s&ZWVHUImUj~J8q42PsS&>kX zU>#m^faH;NX+UWp3Y{;$cc_GyKPF!{dG>ZLVuja8A56`1!acsR?>gKlWjc~H@45JY z`waT_L;sQ-O*sEBap534=3=x200E(z_6!B_V5+03=Drjj{ZBc^&1MWFvCj&_--N1K zloB5^cvNl#H=>eKxm!-qVLwZFG&QA_;*z9tuWIOR^Jhl4+zE*e4j}Q%owt{*|MV;Vv#Vl_%{YV~7HoX_Cgg#qi-l9$%)=?o|#Bo0aG9%VO9a>D>d?Gf=;bgg+Ml?NN`$$b@ zc)EVa)j1($wui~7MNHvVa|ea;HOe3gfT}u(Y(_wF0bZARl<$JAOV9ofbMF<^RJ*PX zzls7%2bB&=l}>Swdv78lQbO;YL8j@#}|B_4a79b3S!Ne5y}^s(crsR^-b0uY+Yu_Yx69 z42y?v2S2l+KsJ9po?jNCgllhpXHS>kKeA0${$Fp(a?FA}6)gK$ zxv>2Ega+Uif&nY?zp09^z1mus*hi#+J=Xc}*aU#R_Gevz_T@iJ|9^e({UNpe-DSY> zYzjw;48`40-^-^|h@4|0tFW8r#a|$+-ZS~LJ^px%|GClUqh0`L_B3MkD))vfspwcJ zOQyleAcq4|#XOiu1J)m@Mb&IVHUK~*8sJavkN!u083@JkrB&0TNWRF>wYbvYH9A2N zqyw6o-jwFgVF*w0y>yjs?J_MRV-Oc`u9u(x&C@;DL?>S)+s_-4wp7MG{T!(oY5bj? zzUK>fKC2pduZBYTok||0*7J{ltoZlm|NbZrp%J&E3M1`c0?)Tp|AwXjfEg^&s+0>R zUm3n}b~ROVCV>oP+6T$p@qm2npEYZW{=eV}mhFFNLRzAV!~AM4_iSHCr)ta6?`TGt zDk`&pz7)_zhLYwhC~>qHmxluYa+gP=%>N5w_RYtPoHKd{fk~FBol$?}KQD7Rk`%vw zjrX&+WhZNHB2#83+vrz|FrvK9_2yz{qa6@^8sX_GXEkBAXEWl9|8qz3f4?I{hI_cc zj@0do4D0Z*cW}@;361|XsQGBygabq5+?+)XH9UiSQ$FG=VD| zk04RHl~>M*lBGPQU@#a7dtk2hP9t0l+ES}87~xLQk*9~kyHxt6$- zr#-bOv%ly6y#GOweio{P7~6f5C{tx|^%m&@PIhP085UzR{&qG+Z;*iZ4>|82{G(BTu%HN7L&Rr#n7 zFCf&M;bmC%Y@pxGiSSM@Pp(Pf-kIUOT&xwi{G?!wR$&Fq9v4o~Y@VXak{m*-)v(`L*PeT?MzCO?>oFp+F#Vv9wX{EVmjLYivR?A9OjZ}-dC@$5!!dA(N*=2>s8g6p6uQ&bq`l9neGW0T0rK!orJLp*}wun%_xrtQlM z4xT!8M^W)=&dvX*bLx+Mb5>_fwJ)ePWm8(5ms!NyO z3O0pb0%xWh(78~)WkoD|`ixNZ6G-BW?w07bO|ArR4Vz&^41OP=L4>NxO znHquxKGO`s?0{o7!^16}{F$1D7N)Q;nW1vyV-}X{m0Nm3$?G=(2i+kct9eZ&k=<7` zZikjM;(<>jyt^$Iy^zRyJLUv_72?Jpg>PqA)kKX=5#KVN+i*wHB=dmMnCumP6w2{_ zg##R0fvNn5>+^i=O}nx*yuO0Vx@sXND-UO&rU3k4Z-_p+uJhW+@x?86+qBH2i#`7c zepxk!ZVHhSw|t~T@5Xy?0at5|gl0rmx5@0j7VX8;aT!lgI`j!cFo(T0R`RbQYmigA zvW!$rcP+69ORw-pvos3Z7oPp06tB?MSaE9OBk(!1h;$DBx4tD>S7zw~FQ^EnV7d`4 zOk|7Z+6o2g;xwA*GC!Dj1T~+w;JP0fEM3O>UPK=*S{J6aFKh8NGF@@OC7gFkSPo7n zAm)jT$!5A#Duk4jr_$`S&e_Zw@D}NNOmo>lDrhD9%Y&L z2)e(eo;)W_O)ol#8@5hcU z=rkXC!RD0An|i7Ow&cT25zbKxj^GDVg+L=aZC6{GfsIfdu> zX#6j-W>;)PwN{#S*M|zV_p^10R_B%h*SN5obhu5))hxc#y~;b2cx!UXFnRfg0jYdS zC|_Bt6M^K^2wv12SxKipsdC{@aD7VILHOQ+U!K@Qpx4DBX3#JOY_nOB2_>b%uQdck zf(M$uQ2N+cOY(Il)JC<7X1s^b?2T#7O1>vBAK7F4dW{c?WrDsn7oWY)^XjVIPV_s) z+fL*hzqockIjYMsDuZ-=!IkvIVScF2LsS~Km6f~&vMN=G?0q!3ce5h#zJ*9klNS=@ ziOl>DNcplm+e0bg<~hk%n`OV3}NFz&hF=X}tJil{hJQnCtCf?j-V&nampfAag> z>lsBx_n6o(*G z(ldUW0_6{A_R=_;tSO^#)Th8#b|R*Xi-#8eG=NqJ5XFXZD$j=O0}vC{5(pnYj#|ab zVNx?_w!JdCi7sz%ZdM!80pWBk|HMlj9Bzgql4$>ppIGsxBv+X=9Xw@I#^+vY!3*Gg z5!02uX#mTo>-<91Q?rmlsWVlMG@-atl9b@NoZVacU)y^~x^u2Lk!_jw2HO_ywvm44 z8AyP?m*#)?vJ7yX724+DH%hgW`=&(H*D=R^TEo!MO^-N(Y?E&<))n^6py+dOfZ!D7LKfMlgjt zfSR9mthb!9ZhVI0ik`CMH26K4HGSCd#7_XPYw3ykaCK9_SYp_OQ>NYZsn15a*8?_< zMJSAG(!R?fQd?^8NAcDvVHkOPIbE3g(&`}#{b5z=i=$VI=quK7#4T6k;oA)+3`vO6 zp#JfMVV;CRtRr`%CEGVGWL5WGan?ub$~I$p+$c6~uswEXfR3gy2uy%Sv=q!km<0kR z{P_~8S(I`6`?%Zf{CiFWBtJ}p>iOBJ;^q^MPOZF`GaKPL!Sp#-*Y}hpuPHbUPVUh8 z>>4YjAJV5@UtmC9D(P}yU&{FmJf*gM%?`F_@X1wg) zFVd?09MMhP@U!aCv+MX6K`UT_KbN-Ie9CP9yd-B3G7+?^bT}s7fW|o*mqv zxrEK8$93D>@D@ux&<7&r&u_fD!qXjksc@^`jp$z=B;bIE9bYfaz8AgO(Wdb{-_xxQ zz`8Ufa@)sh7rZ4pzYbM6KRK!DjT95kj@^iVN!t~C=+@Dnm1+UN>cDhcV z6~yPQzk)qaR9$-piZ^Be#BXN$Z{#D>rSD|{ahg4?o(e&kmX~kJ_CPu*_ z%T=Q#>GN+B14h3MWi>6wuU~Y`5(Q{3|DMS*kGY|P zF)njj_%EbUPR6mfotL7`=O6LLO%iZ(TH_2`FRye~&)kFYy7Z+tFMz03lZ!0Df#H;v zLMkSR=ZzBH!ocw-4!3VHj5WE|`8q6sn(Q~_AIy5a$~;M|{x|^HV_eakyM+K&Wci?@ zu?MJ&geGLqdR9mTP&f`ky^ROD0)j*c(}V67(Y<&at}OhQN!uaKl>KAJ2RLQ|*wwK4 zh^t_XM&@mUi$$zZsD2=a(qzAB1N{zNu-Jj`s`sq9pYTS3#^HpmE#^L_UlYA}=NCl&UWNRmez<{48`e(n1)@awF@-(8io}iMV&D!ksS!uu z+}J$b=mz89TAGOBa-KRuEL0AB(aVu8oWNN*CiZWWyhm$g;Hbr8m17&SY2I8|5mY}X(hPvzyqF^Q9hoG=qm z`{oVBxI8b$sif`k3(Q04!C#kI&t%|1d##ddGNQ79REncHn&?+4OZD}`O#Wd`x^>ze z4y>yX$u23$KB-hrY2UN`t{w$ey7>DpJTU)+NJ{3BS8k_klD?^PH|$9>p=SF24$*qLzqXP^?bh>B&mo5TES%Ws^SRfCl_ zIb_>r*qtC>M7-Ph%+A-UiD+GP8Hsj{9R^_STrypI-XP#~FG$Wkr(n%f9me=_S^?GT zMwtN;I%zuV%A{=@LYq?G|dxV|?$K=ET=C;WqL*%;(KBH=&cfYB~P7ME1v_mko zi|B08oyhu!2r05s_fyd&-Tk=IPHA>0rj?}rw~8Y>wLbsr=n~iB{b0tJ++J}zHjzvH zimy|VysvXT6TFr!deD!aF^Q*kxgxma!kP)V#W`OJJnKmbggj|~C=_GbELFRb@Y`uq z{tyu&lBXcJWO6zvD!l%A?)%8-P`3lM^M1%#60JE{$_I!~&nK8LV7M zbYenszS>{;J?Jo5zTr2#>2qO-!J2J+kbik+*>^`kDa-Fs3g>+22UqHVg>mc8cFuCY zp+`X{vPxQ*EHN~NQrZjJBv#spVVql07Mg2crObD@2kkbM*>8zr9v-wF&7?~BJ|s*R z#A=c}_oq<7atp-O$}fWaP71U)6n)jPthu$&V)G$S!hdU&8I-~R(y)3Uzc8Vegnrr| z26J#7WGi0pw}|fn>NOFCBg-?^iDkQLSlC1S zIuqo6o!f>rK*b9u=;$bc@GMHW+VWo*1GVyzipjuEnNqSyZ;Y=XaKp(d9YCvO4|Ct1|taVh`2Qx~3)S?%@ zCfRjjbUnJ?6CICvV1wBqs-C!@2+Y1OS)OMN)D4~vuFseZknk6q9UV8JCVXbD4_TXU zKde}21WUg5Tsm8o*A(7$!*i7y)-4UXp zDnW$gHjb~j`3qklEXYuP7Js$HVU2>?wcm`@V%z{Rj>?EIaB>TfmX9L9cb+*@KOKY0 zLscvD2}&cA2>WNcf@%GFBWxFOj1S4qmX8dH^tGC!?go<@O;{h=w( z+n|?(!#A##7CpPjz7*vQx3y2?0QV?mPdueRf;40}J_CNC!oXe_Q=T?eYO|9Q_&2V2 zg$Qj~%Be;!`{Z>o)beRHjZa(^W2|Lq6VfCQptao^>9+l*RT4QoIbZyMv--Xi;Li19 z+z$J(T)$1(rSe&&i)4TFr}x1{w%0rgSCza=jgN)-kP4Py7#aufQJVb)&H(f2Wym~^ z0Qe{$0yU6&K+^*RU-k+;eXp|PPtCi^J^0@NxA~es=_me(XDb8mTOJ@e{U~omoLFwo z=E#5X3axkXTv1h?AMsQVLi@@%^aSn+;CPzkQHjk;m5-Kvi~AL!m1Rax7j#+Ge4erL z>Q@s$gScQP%mhXbcU;}M?zuzZ%mwPA!4tZH&ou9X$@8~0-@09*Yd-+4m1s?lAa(vl znb}54gYfnFI#Z3!Dm@->tHp^`>UD|77du0l zxNZj$s>q9}@W@+4A*c@^u!z)0V`tW4A55~I@cnlHeiZ>c2cdplNk85U8)G-68l z0x@5nf~p?)Fm zDA#0WoGVxH#N-zJSV{8y)_m~8)y8>W{Cl%BUPkgF7YD{~Ldrfx(MV&AG|h_(Vx=4p z+&B>r!ApGVFsOWrMUsM%D9S7}P7q=_*H%v}qNorDl(!PV@3_NkUTDpMUTf(*a+X^% z41EmF2Ev`t&m;?PcycaLOh3 znhg55yqBZOf_xgNT!_>P2A3arnymOxey%L0DhZYxzaHyv;=%9)oLouDGB3wj zGlm)L!AO83KcaG=aH{vUWT|56_g<<*B6?{H~i@BeSnEd?NSHH~yOw zs6tvkXe*&}sCyp8+*|VTTSe}{eO`w+V{@oAm1_mvRAc$z$DQn+gh?CIz9Mvq56h*I zG?KoaE6NP516Mo3t!rArUWSl zAe*o#=_HUdA#hs?cXIAtSx5T>?{Ns*!fSj^#OLC-TzH`@_^K)S{59vX}*V_j;rZOz{P}O2ue^P6e?8spa*0pZCq@(?^ zN~s(&^SbeH;qujdIClH-HzdgSQYj$l7+>k;`bPMmy069_{8+rU-mv77WXcrg=eAMh z(jAi)UQ%0RIzKh6TW?F!8TcpRl9!Yk^+E}+1PnPfUw`LFeDDsmc>V02Sj0O%?Nfa>I9PmE09M zE9g2sJY?1@l{54R7LP?FMl5+g-oT5~m(n!LGkgw-)q6dTG4$w&UUPqqV8kWc1mnR7Wk3)devoLHf8;)|Z^ za7hDOCG9?vO?D`M#CppHpM3IPc#=@!+B!hX=^={G-n{o-jncO$z`PKfKO!J-{Iqp3 z@00i@wbf{#cE+S11cXIJ89}iK=No~_t}VIivC*zxr>^!pLO0js!WKX8H)EQ*!Z&7~ zfe-FC{!V_>dupBvugZtlV3BzN@|>xPmrWu&tprZo!^Z5fZ!q*WTEQAy1Xt5fUtF#d zU1J$65{;YG9IpL(YOYnZfnw0M8xR9^v^s|@=X`_f%xEs#{*^+zTezv@DFMBT2o%7E z#_~yVg+VA@k+P8x2%70(r>A@h+sM<|D(m+Y9~RdoQY)Lc6>Nmo;&f-F!TV??d07J94ORux~u-snYuOD1WT1he*qWI%K!O5Y-Ibw->WC7dsUP z@?)}t53N0VJ??Ck; zd)};^xGS2}8_;#wVUmmG1QjaN%?!f5pRD)Rsr0?v$^2Bu(@tz-|+ z8zw^H&FPiLq`GMPBEpH~JYkJY^XwB=!tY?*e&%g!Wqe8k+S!E!Tx~$<&G!M8 zyu9X%k9V52OIU{->=)Nep&gTg<@5!RECJD9CTo4LRjhHC*{TG0R&PabM)_vDHfu zceH%qw4!pM=HA7WAt|FEC=h0X4j8$523Gve&v^wJCQXRD{JC4ZdBuP%zsxSYdQoUq zxYamX*jPIw_XI$0&3nJljv~7S{N{h*xqycJoZetNr?JgPtsA^s%Lk?FGF5MKG-h5m z)&0;Exl>-%bgbYja$KV2te+xLJjn`lXuZCO=VV_U0{C>6;jd3XN}Gf-7x9eUl5sE?$K{&(zEFOeKLrY5-ApwW9*vBeMKES|6c2) zvi~JSB4SJ1_wtBk1HIrnJX1O3o-tB|Ed7_{x7U+@0oW8#t}$pXjnV_6wc%uf9|kWY zm~V!57k0nw%-u0+b`*uv2aB;_*~Wt)bn!Lsc5_?>gC~w=V~|eH1hrI2=niFpLFIPm zfKWhwVxxv#2%Cs`tj9}e@b~N14lRp9;iE1GOVgfF8;dXsMU%EC?)3f-c)AXsZyS3v z9|YEMVpzu+7K7GhlqB}`#hPky!k9g?i{f1R@8)x2j0>^>V?9yl25To^%wFI{B2qyJ zgpZ>W$EY#G{}>oRBOY|KL{sMo_M%(K__ZjoS0=x4;q)xK&ih%xmY9x{1Bej%<>l@AO%K zYNa^My6-J=_9lMXw*!?e{+rKH)S7!hm&fXY;M!+He!mvsj0I_o&3x#*w{N&WN3@Q9 z8&o(L^{J(n({!F&uhO|AsUFcmWWcI1;g`g>;5+3bW@7)#$vJjNKK1PFk-j#xJ(k`p zg+~%=z*XVRpO$cptNY)NK*&V9k#QFB>XO4pm$;#wdt7ku{;3 zs509snZR7FY5tgT?Zt^!mN9jI-&cFZBx{>5R=B7B?7w&;>chhsR`cWgMCMw1=oG>B zQ2(mVzlMG!GM^N!r2@m#`;Zj-2)rP+ovI;sq*z2*Tt-n4eHf4N6?u6gGg4nJnll`- zi}3MrVjcUaO*v^F1=kkg@sq5EqQ!JE!UK^TDO~_2u6b zF;mM%&;REAvQ^E|M}UvK+izZ9pc^L&Pa1V2%Q* z1FwCKh-pCYB<7>&5q$FWkUs#sK_+Dm3^EqgVOUxf9J50YybS+}iK-QfwV|0qxpE!5O>Tj_RdfHKX!Pik~ZQwT*po&BZ88ADPrhJWpCJ7_JA@l zy)dq;#!a!@?`w@q}KfruVxaTUy}@v8A$$}kV!Ap^_3(&l(s zJg;HTJt{(di(!Q|CgZtYHT8edaB`rOiAKJ4%JQJP@jtj*uHQy8wiNJzZqfrk%*mxl zwe9ski-_NTz6R7ip4$sWY^xiS!}V^uYsT!6>xZMA*9E$`Oy-TNoj2-?m3kx|%?`sAQr z>04)SaX^%_oKUaQ1)zkGxm~T-#}N4ZHees~rju1oFW%v4Ry?*mlecGcn2w+<7>i~r zSV-B+SO{UQ(%cF{j2CcOfmf3=IRqfJPW~^cOB?C2bOBXSLpf1Z11?4c{es(>>lK%{MrW}` zZgUvi|la0UTu5 zid3(4G;vdX&JpQxF?2djC&87^NR9cDBFYzsPF+)!wbaAUOw_vS20uq< z4{>Yk0P;w2uSL$JI9-gqbtKCn+2Dm=fSARxA?CTZ)4}-2WP??KouVb$^a!iAeC5S8 z>V7`#mg8s^{+d#}q9a3s0MMws5McCQ(hprw)%2~!&XCA)ak;wY{=3~VRT1o)`}osI ze3wO_3)zXb;9#8&Qb^8V4)Ku$C5i+FT$*L zXX5*(io)e6zvn8aI|&^TF;cW@4ewqZ|Aig}sOA%xVAPF7MXSNKocWg$vHgy4i9s)r zp8lXBX&TzQ+|Y5O_w+`J68N!tp+3YyoX(~P{1|ps^UiXUvdiP<+_PN$J;CtEPPfB? zWfR333?t{<^Kmof_Jg4ELHWxX%BI<2-2#8^rH+?#(Y9^0_LEy=8DPekkvH2D-z+AK zynh-hA{)ds2E-xya!aRj4wA(~;y?DaEG8N<0i3}MS?3_NWBLXZRI~ z+3f(^2_;d}@}jpn#`4cm0)X?0w`yo5tAmBp+}zV_9o8;^&`#9c+g+PdpvPPD50~nl zW*OPgR@F})55~_JP9p51G-)G^FC15NFzMZgWQQ?MI6#)eAp9&pQ%9K#33yh*Ty`&s z`pBySDMoUh)LBtED=KH+$TpuD$XkT5+YGwtm>*1@ZRUjlnKH;O<#umgr7KR10CIag z7qF=c7Ux-lo=R+s6;BX*ut zz8;(3^6@;~15b^3OYe z&ieFUgb(7;!lUQu&$rf_W0KeVZ_mfs#RB%`gyl{jO^mc>#g4cHKAQNMTQdFEovboLXsBw8$_w)r-K=%C_2-K!9)q zQnNqt#u4igOf6y4>^UrH?KPI%eD^86J|H$1coJs>NU%zX4qFPy?zbr_||7pDfUCtOYIm7)g&`$8*`zC_|-Xa~W3`>SdM2-;Z;X!dhX7il@< z34$OD=PHXJ$Xzm^#{ZBeR0^w-aZm#*1e*C_p6VW^Y>fy%S9>Kco!+j`x*JVwAjs}T z(9kVg_Y!x;mDopu6O87kdczQ|nf^ie?S3_J>1n?;?T7LAP8YZ^VHpBE70a(wGS&GN zxEA5V&K?Mg1<Y0olMvG9k!Bg4a{MohZZQTPbtZ?>E=B|5Gl& zunHbgXk47j8o*T-b`$k!`aO)J=J^t9c49c5-uqtzeM?K2AJNeKkCZtpfXQsKaYhU{e})TSiL`hQdY zG)x3kXrT6Fi<-z5dZ3r@Z!5|kf628%3d(}QjS@?kL2>)~k^pC9JPQ9y?WA9Q&mv!n z$cWCt-@y&wXk1`I3?mHWU6OTuJFwZG>;Rf1!k3g8_R268YHCT{j}~z+2~To@ zq>}A+F&Qc^w>`vM&*-(4ZPT|LvM^KmdoMvn*rTw_^u(R)U0ou{X_)SQm2sPa3@reTbTRM1& zz0td`+wy^^ zrtF~t>9}q@m#WY;qOTJ(@jBU=;b~+<-DG23cgkuAYC7(#N?wZ6yqk^GZCU;`IJQl| z;dXq)YIW+*Z}8Gvm(+qy7MFz3Cg{(ArI-*(r-@R2V8-`2!WBXf67k--OA+TMW6h6Dw;o zn|%Oq`j5BO&3PmH0bG1koWA`Fb6U3NB%uP*g%99{~_+-B^#q0Cqs`UlQR>F)vr&(hm(5~Z$EkP3e z8#0(akD#Luy*#ZOQ+D7brB-DwT+j`E^{n2B zHcOMA(}`OFmAo$x&8pSWsQrex6Q;smWqG(NR`czx$QEPgh+x~7Wg#uVS=QVStZ zQQ}pK5EboFR@(qGW`NPNLnb)^G?KR$s%m9g9-BE7O0nD1OzLbAsHT1pJKRVU>9H6} zE^xStb+!gnf2OU#ni@bW1zmvlYWmws`d@<~q zPs8>HaP#kUynxu8SyVgcm(J6-nUSVh%2UKJga-Y^Z=1JrL?Xl~6Qp%EQ#%n6RqHRU zc9ku%tESMC>lUquq5Y3RK)=1Db_V5lx6&&ia-Kw5Zt9=!XEm+;VzjY1 z66Kh;D%u+He(oT+AM+p4f*`~LrEY3gz4p~*L_ag|`<|bk7{E}^6^C$&0y@WZ=OTIC zu2@dZ$E{~!7ikhQTeZGvv9sFQMkl*Uu-EF+cCpjExy}!emc)HAn-(XBuxK95y)xmo z{v?pqcP6D&-aCJwux7I#mahQ%4)5D0GcBR@sSVY^O{^l*?U+7Z#OE}hi6b2Qp-NyjRn~ils*Wd(TnX{HajzbR z^#86AL&rWqG$W=n+}3O4E#{8T(8oS@X?7R1?xk%9<9~x?|KgbF(g$j)hYa|m)5u9i z57MOdi)9$8I^fv&9-7I}K+5^Bp4Z9((A?y0d{&HmhVX zyH-1za{!Y1eS=B{I0+E<6-qfPxlDKcP33%*W3npQ^$sNXQUWR!(RE>P*lW=>6w0VF zbd`)v<;=tG@MJw=ZfI?I$3z{C>eULA*bjAgT``L9bI10ugo!sTzppYx-FHeKJ`Oy| z@p*(pe@-uqI_&#pP_Y{cM?1{?Lv}ygpI&pHXbnejI=K1~E3N-My4Ice!6T78Q+$e}fP+HmHPl^JXA+8y;omRLGpu!>pmK!U-UTUrtS)7Q#ASO~ioR1&q5!!Rs0@Km4dH?i zbF`=}Ea8njYediHB`+Y#Uq7?a(PYwlI~R<7V*z(NKf@v%Gz#S-24&*1DYdKCoWmKrOs#Y zHuDAUgRUJF8W9VTW#d*FYi@n zrTU`wd_484;;^G$lOt9F0Rt)W(4_4W8}(`7sL52^*neG0Nd)ECzH&?Qx{Ig-u{<~~ z|8tOkjL?F+^t50*v2>J~T=n{bB-8(AS_u(huC-`{=B@O?AXv34W>3Q=uW1^q?_hw9 zl_q+@rS);H(0f0zdkcw2<>qq+E*8iAcDmK(kJ-nc-fem?h9V*8FZpCoW5=yFRb9); z2?Ze(~eE*4gnhc>wP>3cZkz{-A>b& zaoGaYh|99wc&rY5L%x>_Ajl?AjC@B86)VlR;Fisf)}K23;szFVvGA&PN%`BtQ1q8Y41=m)9Lht%T15Vq!th;zW*x#W1K5 zs0sj{)oZW&6AG+~ssntNtOpusBZlOgV~FHNBDgbVH2I;@j5H(amxrO)$*zX*yY02v zsir%KtLfFU>*%)obW@J_J(_pCwty9ejH!PKQnoU zg;pu!3loBf?0C!k4du&?rkD3>b*=+QWnC}bSl0)-B+ByLJ-+;W4iEt&$!7vlI#;Hm zbnv66h8+D1JY4-X@^ta&WGePtB91oS`GFr-lRa?Ox+1LQ#)!si;**bs6@6HqvDodobgG~`;q)2)v*RXP z_r2OOu>lmWJ5&ZQsYRP}1H^Fo4>w`oyzK^#&khH8jANL= z%RR61OCb&QjwZpymTaR1iynII0T(%cx2onp@bTp$LZ}SOh{yxhINJ|5`FZ{Py>0cx z^lkvA%m_%$1;5*yQO21T$>m4SUrZmTtVPzq`%5lX=?QoW!0+;@EdWri36BJk1I}0- zB12(0S(wvTJt1Np9rKG`a@WI{x#3!$o6p%kH@}u51i&T(JH@o&Iw{Vt`j$T0&|Mh~ z86Nx9SS^`5af@I4zI)GEGQc895JJ~}qKdm8)8a9%R{|B(4k3=0II_tM9w#@uM*>Z$ zxU|l-qww)vHgQ9t^ky~ZLg|`_B%8Mt18(6QrheFtFuFdJDYe8w>z*Ku`wurCr!5>^ zmlnUf0ng*sV2E9JEvn!dr2vho?lL~1eIIMwv@At05S8*~NN$8EEI zdKe%aL|a70K$xEb$`*noJ}>I$RUIv(1!9ALHnIVu3dlwPA`h?_W7@|6e6{O(c+B;D zDlIi&^@Fe_oJlFmhnGb;Jye0L*kZlFE>-x#v@j&mT`~Me>cED*bnGRJ!{g zXz*TqElqv7$9p{^)D;r7)f2@yb(g*o`3zsoX?+tYwNxvQ7XIu6`;pEF$#5E@_FOW8Z$Cy`S*;{n!8PUTeSM z#VjV)+;d&`d7bBRe2$)GE|iaLV}9e)qGDQxSAB24F4UPj;osb-dmA*;PhSdcC&>S| zLyUBQUfZ#EBwD7?P~vA|h(3+(1ms<1H3nex{8nx8+QY-+M>)d(m8fh(ax5Ri=E;SE zEX9w}>PN}dCmBuELDot*x)W#CncYCt9Kxh`L9sDG63MP~>T$H}R%9)~8u}(K%;r_t zWFmfCH#5-Xv{IFh+n*)3YpJtu3LH`rd59q|Ob*W;Y;PgLZGWMP+vzkU77@z-8Hse& zwOrbgxec)bba%B2LCDe8Z0CdJpR^XM(-!HPDAJOCEJfi%?B5-O=LDL@D)a8M#SVuZ zn_ssDgdDeqjyG3#pKwU3&k%QDs(X@WLpSfvh6Fq=jkJn8o5KP60QrK~mEhlAN5y0) z8lDiTrXk9^{%XQgz;?pHV+hgMJ&BU_-F+@S5alur(>sOI#y$A#W!RDn1_wBr1}vUko}n!E$6CD!6(Uc0W2{uh>n zBvEdR5subX)M8I&P?jEJmf+DuGX12p6zzH=PWV^HlcsR%0ZIH$k3BFI|>KGR=y#>B~i$I<|4-G7u{4+aoJYLN@opp3W$k7FE4ZWD3_`Gn6sa7L4n zEan8>W6TrO#0PTrZB(`a`%sB|dqnMJGO7Ifx(ab+4)hP?%^Rn!*RcTtM}QjzOx%2? zpO6jZ#5U5#wVfT8TYcoCkHA@~ZER$4zfoRaEpsEToDBINULejSxulTAzgdFxvIL?_ z@gA%eyqfC-v~h{7O+b;EO#VisLe{`LOYMpN*#!acYT@d|G9M`c7st&_gC!4n3EPuw zW(L)Qk%!QpET6tIH)An+^q6AW)ZX4KChMU;-GF{T8U)+q)ADXxjxfefFeRh33V9(w zbnhW_2cpFyGc)7qXnu9 zlVKo($y?%odRbsAJmYp>&sIU&Y6CE&n*Zrb1?W*3r#Sz)7{f{aIk^4jFc7Hd|NkD| z+uImf0}(NY0!mKcBfbB}uQB}L|CVk_|B%pzfxPzK(HL)RabZPjqGMSX$lVOJ z8Jn$i9H{tJJ*jA%ecoK(C5NV`5@6Jer#khZcpBI<>GZ2%LVZ!AT+|Ke#JsmB(<1*3 z>`9i3)0QB3Fn~SYYnsS1mhD(nz zFwZ9$jM>Gj=FTqCrO-Qy68PmsWcQ&}1@)7g63@BLgdAGBT1OzFp0<~Fbn`w3<*gp6 zEj3zBppE`+R%+=>E%qo1-!r&S~92V=5n0?)eKUuQ~eU2V677Q{)i6p19n?=DGl~a4`l!!EtsxfZC@EDVM?I99oWvd z>xgsDCS0sbC{>#{jur&AZ}3(zgAk3pM+bC$;=y@Osy; z1_t9vnYP)_;^H103<~K`xkl%wx7X*YTGi&F8pS>|#f_INMc0F8fYZM1unRipa?l*;1{d78P6&V(h9tkaZM=j>vW{0?>>ax~(?OAd>GM z8FR-wGe36ZgXFY9R{-g7j}=H0gz5n7I|?~JkHvMWXjhT&@w&~K65yy6IRm%{9!zhi zq$n-AUf@DUR@X#lYFsUVvA)Kl7y+D-dA_mMSz0SXcRgifT`9QGDfG-2p4G6+9Jt35 zznrHuhr(CVj~jE^xhhm$h0eMC+m2ec`P$s6Cw@JflE`6xG6+h_xt{_uK!7V41bkg_6Ec8K9q&&cErEFK9dpRXZ z4y3~sm=RuMy5(fd?u?x+zy)u|B(%z8jxN%SK;#d6%_`nnt0I*vWBbN-Lk}jeVlgD{ zK-;cmDc3jX(#rt+W)vz1rK?{JG=VvHWJt8B7B5gUX+;()WRK~=5Ql52F=jmU>1<)l zi)fH*WZB3Ww*`A;<6~hYAa}q@Z!DO-2U3V`y%-CT#RfWCnPsCJDni*!;3gN|^sHT_ za?yVkTc%2;wm^VjtB`tN2Coa-8Q=J5zwgKi>>oyAIwbj2v0#n)2e zk`pv9UGoRH6Bim4!JglQ7z(Zx7aoHz?Lyt@uGj#!R_z#~c)?Y-Vf08ht`S}VP;lyj ziB7PY#-|fgb#IQ5BNf#=RoA0|o+>k*Jrt1at+agP@Ao6pyf^iZCmcXf3d-(xu&=^n zZmg<;{}!SA{bx5id|vMe8^Z1$`DE7S>xNyx7CPyX=BnqS2ms#k5!X8~Nid>v`Pu4( zgWc{I`3$KJ`5u&sLziDg9wmN=KPYhUPA#=C7sEHe{vqK0#*QIGlU8Ez1U>vq{?|6t z(2yZ)ycCuK*MX|x-Nu>e!2P#xMMw%6LH){?nGNh{h{gt!fB~y-<8XSgvPu;Thw|!IABzEc!N`nSvHhL=uhX`z4mKsbq1LL{)4E7+08gb-*HCCf zTp5p?)01sPdr1XmKB)It1f)*i7bGjqY5&5MgR%o-w+qIrxSGfWxo?rCSY!NeIEM22 z;Fvvhgj{*5+lm9(RQw62x1#YQKV!z0KtO)&(nMTOObUl|X;zojn#$>SRrBElOBq>a z{o9jmAbKrXIv+ClDH*IEt(o^?L}-x0?2Fm0imZH$OHJYWgYvEmG1ETQle#{=UITk( z{YXxVR}(5ZyYCta`jI2IxVoo|mP$~gxF}0i;$vjRzpb8w4?vdt7Us*@A3>qJ7RHj! zq>*6*eR0btZ8;`wL1*A&>yMdl&xi4mPvs8$2&D*CnBMGapOZ~?Qbn)S1%1JPAFsEvs5$mub@Af3)2 zJ&t@1h+JeUSG;Tt|DtS6q;_3e{io!h*G@q_qkMkc*t3hNY@Y2RTNlgyh%#=gf2-nm zd4af4!Y^fXsb(2uwZPG?K;Sb`pxf~l$*+Oq!GHt1w*z~_8!8>P&kO8F;bmo%u?J(y zXC9UQUy)~TE-uY9m+|hdh(#>!`RU476lb;h{xddFg<~afG3;k-k$YXpNd{`#Y{wQYyMyl#z$jG>r zDaj2=bgs_sgFkiz0pg-Ec|&eLb~B(wXUBO@wRggkL;VA3^2c6K&dT%!$F>U{d^xWM zKt}+7qDh6t1cBWzX~wg#5_?iIuT(8yPwj9rhq?>r&Ph}rg)1uwBkhWNn)k_BJ;(zu zB@SG;KqKS*L`1xO?#d_Z%EvRxM+p{!SQ7V4Cp>3!@^I%lzBiulA z0`bmNw9BW?%sQpL3bUJ6%yr$76&8TsVNjIrU#rmb2~g77PRhRg%a+L5S+5*^BbVmA z!jJE1d^`oj6^&^ntn8J43JY^?iZ`Qsp7j(r{hW!%1b3y}fM0n>b@l9Vm z5AM)J4CAt7Pc>oC)%NF)D-L11Ky?N;0~$nF7|PBjJgt}tHb4t@BgGAW|N8+Rr@wFO z8OF(oJ4{19OZMx`CeF*;OVSv`S_Z!KZlRxZpK?fQo)bT>aSDyg!;k~;zbc>P6B`i{X5kf) z-F`*>YMw#qR&N@`PRn3YzsBRAILcR2t7c9Z@nf;9^yc9nV58`zbd8nyms<1Gt<#hp zv=+W=Vw}Y5X8tsQ&~FtZWEJ1n=OjwNcINH*$`+&XWgyz&3G0(#5<98%owlf*9u+ma zM`(lAY`Ow8aE75~vP~}>48;_v@O~rBVe@nApm76s#SEe>UoawD{j{Har(x0F7fck`s=*O&m7Qp5R&EpCR+PDc+T zRT#4>ZnGc8O|Yyu8Q#r4-Y*4Bj?zg?9FdE78LmzLVxx{)@<^e5I{8FC0!`n$WS|B5 zP+n;1gM8{o%+tH5$LAMAK6$-PCt|OS(b1!yEaDmIa!&&|?-|c=zPPcvT*Lsvlv%d0 zdF0?Ui8tS&mpNxCzUexaFaE^G^hh(@41vt+JvI>$IrE|P>E>b6y%odOU5F^C84H!R zl~UT@t$WShkEmjHAY&g&d@Ysv+{Ti4AY;X$(`$I$IXuc`O{H_Ln@ncU9veyonOcskHmV$bgu`7HRoQE z$&*WSL{V*-N=^O>EiPJz6Le8Fw2oCDy7i$?!_r&6$)tRKRatmGVK%wcSkola1Re!T zX#Y0{U^=4SEk`ZxVOB`AH`Mg8P@olSis7`gvMNdVpOZesoW z-mQ2m9J9!pLxatmOf`o(WXJ9btpM}2au0`e^6eAYbda+R)5sLlY6D0m0jFf z4@H`_ML$0K;YaH^aNbk)!R#z9;}jjoo}HdM!pC-&<=_pDjfU^%*Fy;b>DNCkO0YHc zi+9f6E%;6G{aR{pHQFHPT1kCsvy^+FG#_s%h0+I4LO8TxuOlKyHo5!O_d+^@Yhrk5 zW4NWIyLfui4-&A1t=XS$GcobPgA_*joR1)~*b(7mSut_3Hl9d%K`J415YjYH6je9A zIZ{@kb2C6{rcYjYr*E$Ka=zNAcQ3)7N_y8GG+mc1`U-A8wF4sm*MzFfm2<=FaINVy zo_@jfj&5u1$AO=8l^WmiXV1+9@0;(a9M~DRR5BdE!A^ViZ~W78rZD-3uRYXtewD z#pz)TC?oi7a_#4_Xptro9eyNy1mvRM@8Wj2R==WgI&ITkpH^3Y+epft5D%odBjUI< z5{pb0AfkvcC~(OCm=pl;v-20+&}5Vn!>i*9KU44;6<^*n6xdas6LMw0L{Ivee?nVz z$w_S6InZ=VHdy;pC1Ehw^3=BFqKnc`uJ}87L(5+VI{DN>xydw37dbR7zWpLN6yZ@^ zKV}0A^)8=YZ&aUU_*x1hm+#rmwl7jVW%E3KB%kC%xL{CEJ$p0YwtRTS>Au0`X5vnB zY37SGzt=U7-8B^=$e0>wk?!``Pdym&C}c-M$hiLrJuDNwuLPKHc{cP8Ak+viENuk0 zsjT^oA)Ki$y<6YcvloAMi_QWd--BVA{W^>;YIo9S9J+``#(8g=7}FYA;X{NA1L2pSD9JKlf^sdD-WbxjM^$-`3e5Zx7dv+uVhr#~gXO2kZg znaD(uSDadH$)2}bzznCzwcc{)pM^&6lp(ijjK^1ZTYny zC@Gz6VC|8aZF}ye zuAc+M`Q|{xEqM zB0`~i6QOmq;Ur)=(c@;)^Xz z4Kh26%{VnjNUIhsyx@w*SizL`rAY#Z4D9ePjS(reqQtLi4A_qc0iAtxS6X;A35V)I z{USIZOQf*Vw_-9!$4Kz3)x}X}%3%eWKRh9w_HCY1R(FTkw9Q z%0T09Q{40w+F-Q&?i}@Vy__`4R=S`q)P3V~>jhItFd|v`_fA*W1P?b%0&J%b?Q%Zf-Q5 zT{)F8GBy01@^!OtaZ_lfg<_XYSbWP94Dj8DSA!{nME1ox0SW_!LP^X#mnGvmktBDQ z_zbsq)1GJi%)P=lcN`bDzZ!}TEX3;=z__7ID~}HYgTI0v;^j_9bmB;7wo961a8ck< zyd@lNSDmmV?8v3HrXyF71V6+Rz;sMW+%GyV^-Ow8-?x9`y`bdmtf{FvgpD1}xlp`Q zTfC3-7*rq692&TCS3F1OJG zC;9V{hdn~;Mk55YmW0md^-F9c&HEWp5A&pO?|i!6D@2vl3!$UMPVk*j%PVS4Zop#T zY~{>NtUYORQ1{e?DJc{QbYp}B?cck;Yhlg6%I_%nc=)!h1t^BK*|$37gh3zFtl!-lF>x8HGzM zjix4oNTJgOZyJ)+Pu#avr{1=|kesnDUvO`i3p(U{J??GZ?L?JUKJcn_W^Hr_a8kQ9 znUtPP*%# z*(uf8pf+95nP1Q+-!A}Qu)ncF=xpc-B6_%^pjOBMi_zg>5YU$uT#M-=MFyRla(2q> zh&MkX>F=sLKq1evkvLkDVSpgLLCpX^%aa9Rh6F%Ro^W+=a_#@e1)Qx^E|g}9zjTgy z<88^PmmjDU9&v6t{v?6Rgn=(!t@fvCOu@akmDyr_xwsQcLg?G2k`J+eLYK;(W)kne z^*v{1DGFnX%MCDg$}=y;rQaIQ{mxtTzU`I4{CCRgjX zx;{+X`vi|H*~K*A2b2cuT!_wj%~v~&pOIt^ozr|(Y5mfr0Q8M+FlTq}-ZZI7@M3bU z*>-XqTs|JG+qJgk7i&@WB_l}{dg3bj>s}T1{z!Hl5Ux_@mTzbXHHj2@bWmszrL-3T zC?M?h9C^j6?l5AJyB6!sPcDtfk{uSb4Lj1)FP=PbRhD5_$0l)b#y5&#Gh*uVt;7}z z72@HA)et`_y~P$Wyt8|M0<)(m>AlJABUCtCx@ZJdEtvH0rV z0!8U;f=@M#1lZa5N91~e6Wmiq<#i;tXkt4rMS72^osd(=9AK*uiCfDlanI_fe z_uo7&U0<=;^m>Y*^7d%eo&n5(`wbS4BZXbis~|K#z+!eCo$eMXU*tHnKbL|1%&y#A z=Y!8jjAWL6ZoMwun2+#C6sbFtNO^suMJW!66FTF%q~xXM#gjXzr+OVFf^M_8_@I1u z#TTQ>=(beGsCO*$uwAbB8=Z6l@+$F`^dv_-w$+v1b>FsMhGE39qcTc^|Xrfn* z29WCKy<>S=r@!o-$;n0|8V;7%h$1^A@I*r1M<|%ubsZ0}bv=sr!q5%Z=Ui0+tC(10 zJezB7cb?P_lM1tYLyViDS4JQsj1tB4zgJ|l<87J2nYf#s%i#}O#6$$WNKLW7qaq;6 ztI0C=8@ZO6l>TF+FKHy6Aje++MxNYIDXF(Ek+(j8&J<*7v8eZy# zKdz%Mqh4s(MBN3Tgm8s-(;e2LRXO)^d)&5$SUIqhVEL8S257_eDC?0yo_szoWu7s+d|9@CU|2%Ge9Y@T@R`!I9=9!-x)-FM^&Y- zO*((gxcP!2I*R0R<7$xeIB)h69hq<<1SfULI-##qx zKKB0Jg75!!+-GvkQ}|1ZB1-g)=+R-+0L^kT(4g2f)PmmTM&4JC4^NhqB+JfkN=7O? zl^D;wTo=Gy5s+>$knp|3Z3lmD(Fu{Q!Sl1v)WA7Oe>>sQfEmKVMI#O+t<Q`XZ{!Z`AVm_2KTZueAFn z`}pSjWY9?P%+g>M2huBgFW04ui>+@&ZVGyzu5YR)@=Gd8DS zZPD!dDRq@Cs#t^5jA+CWo3r@Ji*Zff#X6Ufbh`^la_%6(GVBy^(ND|VA+ZbMbw5H|)ye?}An4qZ8TyM$K{tmPh4<4t z$pvSkqJ_RQa<`A}243~ZNTFK&)RyJ!bS0lLEpR-4F<^NTT>5ItqwP)$q26U&KaGCt z`T^rviknE9_cFb$rddc0vAW5;bmAvI1yvbhkS>BJPh~ zJn?A&(7G1duA{I4Rs6*$SLRNSzyjPIfENqWr!j_+A7VVclQYK|Yzzq%Fj6=WTnkdC zs-#0#v@QuB*Mo7l%M-xqU#VhKLKR^<9!go?i_UaI)f$WipjN~JeElQ$0Kgyp7F~LR zxDV;ikW84>RwM3-Psp*N=u?{drpIX6*7mO^`c|OdOmxKLl};ne!13J(Ri&16L!YO! z@dx3Wv2?Xd?V|Y!b>G7|mL) z7v;dXWf3qt6TSQlV{)Mx*&^-8!U6h8RR|}%n+_1fGmB0ifavaG4 zD<~P!5UKyRklfM)M8WNsAKw74C%m9VPuk6++koxbsDUTt((*C`^@O30$Z=yg#NIEt zo2eQn5|&7z;?5Qg$Y0zDYM_feq6x9(jq8%@;)T=|RhJTf^TP9gkB|!&u!`b4eGog8 z_dF7IMBlW_On)WabL6`<1;m5o9{wTylQat7Q29%ettV%c`xWg;#R%7r^?V;$I!&hR7@=pc2Ts@PvuuiUv<+1|Zr&qiS-kBx6tJ^TPZ_qD zLNBlX+^_}iZKyalnz2KtzYW@CO6bE+grc(K;>P4~(%RQReblL9zD{}Hq?<+@M~`40 z^a_Nrbk2xQSZ<Y z$Qmjeg^uo3M%u!Ai@WQH6d9VF-kuK7CG&b2;RVoy8EYv5ey*y@~rN^ ztW?|7W;C6c3)`>=X_@D3SVR}OrF2$^!pjtv%=dc`%L?9{HJvk&SI!1IdR5V~O{HNRyZpgpDKLi4pG)D!lHFN#LQCj8 zhWA4mi!7^k;_IH$1c4rES*SZ45Tww7ZIqa2<8Kl&%%`maRdoitWfihs_MlQqW02G7 zbdda;zi-Wd1ag9>q5w&{V@PO!#6)GmbPW3z-_eNORd!tB2y;zZRdJr}Y%&DGoGw0Z z1DZ+W4Nvk`Swv9MhE%L+^)sg0sof~Zf7_QGshpv-qBoBdvO8f_NU!>>l8q?-PgNQN zmZ6&yD5eU`I(uratJ}M&G=T7;Q<u+^u=O3ZcME@X%to{)-3Vrama@64u#kHj0-vk(eKNQ9pK-4Wjbff%p zo&BAA%8UDd?Z*bfM0-#~?gl@UJqCu4^o#R$FCwq)vexSgx%C#oWhWMn>^~-T%__&N zWirL`>cCO?M^;-q)0eTOJfa5hm5vqx`tYIhQmqD3r= z8mp!+!qpmZj^*WFZ)s-H?ZuZ?RuY=XZ^zzt=bQ)@>K>3FKM?T-aUT2G79dMVKq`uaD*gsURbFw!HP{zotCzx`CT%-^!zpbNFv7<0J>P z=+z*2r8}9%x=h08*yS{(7Dn&G8AsoN5ES^d-36BAJ<5{>S{boH_*wxodN9kET~5oI zqFP{IfJ6{lqb6f&K^qU_`-wO*&G>FKMklR$uP^F@@Qam?_;v{YZf;Jsr>dRO9nN44 z2o8M`P~6mG8W87uC_MBFe!os&(u+%2E*(y0B|$j-gA+!MVoZlR#P9=AJiTR<5H_3% zS~WFcw!U}7k3x)Nl}5Jeq4#5`W>3rD$Aut=Emvc9ggKDSyB)^hzF*EFt6H#@DvOib z&5QDcT$ILn;f>qBy56+oWm4K#Z=3POkMnqq!Tghrk7hBK$p}))zNC&PMV@nYxP`Km zm_bGP?GojXk*ALhxU|Uov@ckcmc9~7bNXvlzdA*0&-P2QvB{JQryF%8m>75N^0&!% znRMBzD5EpT8^aUNMV6Uri*V(uB}t3^z9D*zJl^PZ01TeCJ(<1W^F@ohmG^6hs0c&Bp8g&EDS5hNngGzR!i)=Cfk&P3m*M3aS z2`Us53setMRza#q26CofB_D-Cft%4mRQ+ZlPsT|DDC$i5&wD9QR?d8O5TQyW>M64a z-Z%*koYsaqlByS*uZz8(Zl-u(?O$H(B{<#kml(-3MJ{Q7?D4wp(yv|)FHZ9twMhTc zRCq1CZGgQ91I=k|R=-nCrgwJ&^;2@`&|%4lRT8X9)+)?M4#V5;KUfU1h*QRat#4hT z(~WG?eAJVuGz#PM&d9}@#QhMX@Vou%$xTV4h@W3Z1ZU!kCUlZX-{Cap-hffZ(-|&l zq6obJQ8OMO@F>j8F!k4FNJfNbrDV|rA$2o~vN#Bx)tu$2-oCiudN9sN_GEF)UFS-P zeghW%g|Ahup=ZsFoBgsjK3v9Uh#u&~l4$3FW0GX^dSVhvkJzh6Le{({Y-cF`ygznY zvb$quC<95@(F9u0^vc7TP6#HECF3=k2A8iJulDS1Mwuf`uDuRb^lolwjJHM%mu19j z39>ccb}+As+g*@RdoO{%qdirRBvp5AP=Y1U8z;E|L(`fpg{*8c+DUmxuVrROk(E;p z@BM<_LmULRylzj}hx5D7Ga97vx;cl}_|X)Z)Hto2y&q|nk_F9JYtkfH=!yEE zezfob{eF6V`!+q5O-f-&K!uCR%oPs|hn#@mYyws21)NmO!>UC&?nEw}7Al046&o7s z{3}6jz-+HwkI-xY5!5m^uP2M04agX*#ihKXV@M@?gugBba`lW~z35wouGOX3AV5dJ ze>Qmg{@3c_iKm>hE34Q2fIfqr*Hwn6`p7Jk2F%+Tbmny

    		• &gZy(beD_M$`2uZN)l89fiH&4J;|42_TTSPhoauaTYr>qs={N z*6k-p?ZN6!xG?uT0Ls73EDoP8m7lNEhP` zUh{shkYPJ>;vwekA@U6P>3sQaQ+j>6!*zE8B;B~HNQ4c~eizYbefs3}I?Joww^QFw zYswhgYcWWSPqD|d$;v;X0&EEOt@LQuj?Fd2J?soW6Ro8RTHW8*8;+WfkPG~)!SrV3 zv`OOX(4O)ifnmT zl1Mhro7KjNRysEmP2P6llweTM3D?EzgzHjlCS)_+=b7(KAIp>hPLGNmkWT6de{7Z~ ztewFg&F5V4f);>cy#e%mI8-rm!b=@x7-~Z%~b+@@uIm?q3u%C2-@#**M6-sPOkPfc^4}?%n zTvd7ot~zfzDg|~{e0-s}7(1pXyAT`%&KHA+Alg&nOllTR7jm6I7klfG(nP&_$Ws%P zYM8^Q`Z1x?8>MFoZM*K8OW9Y3t#Q`0`uv?qO^sx%@#ffx@Qsz;WSX|xWj(mQ{mP)Z zzSH5axXz0qg5!=Ic+U>5f|pa?ZEwWho=WXjtj8+Li*ycM>O{Dw*d`@$6Imc7?8pD+ z?wPi7yEyewzhROq6;xMi)BnXve|=TW-qCvCjlr1ePR^i|6m;c#LGkb@nx9Dq;nmMG z{e~g%E(YdHO%Cm|t}dToptEH>!8Ll=w)1Sc^$C018z7|%P_({;uY}jc$P+VyWqTf$ zlCneBJRS8<0|^7nIF+5r=p|jm7u=6|<74T;=YBpBq5NQK1i*KHaAl521XOy7^F zHunolx>;V8M~T{1;Zy)oo)c0e@w3n6Ru1P~#uG3X8^E{9ls#~(67xOmAZg1z2cSZnBBI%Xc{HswsNYOR1>Yk3UP$E!YKPR%w&LmBnRuyhmDtNsIG4dIkIt2 zh@Ir+1^LTRjcPu6U(5ta3nuV;N((!iT|QAzY5OR3GUsk%zS5552!-`H&2p2UMQ7kD z^f;y5G7vMX93T;CPTH_hzz}f#tosV#OLA@ME~|7ZQH~=}l^4IlHjA|Fl2UJQn(s%b zU7TX)K#kbHxb0aSb2dN#yqJ^2EUP)KQe5eVrWS|MFi6Th#+*$uYW)3Vr(Ho^9j~_6 z?M*|vFL7&J@JFAjJ;>#Q1UcWj%2h$&?1B62k|uTb)OJMgr78BmT~DCoR$91x_F!=$ zJNQ8Ta9P-XSvOukq|D^&VyV&eeUZ^FMWt|ZJdP$5gPm?Iai5Pfhla>;g@K0BsXCS! z$2XP765sF^c@7UWz43f+`&g)?e(=QWO@B0GaE617sStE>%b=Jj>tHI4lQKtW3tivr zBcV&s%z7-gSH?D31>dsFViVTn{6|_Btrzv*ix`viC1P#dXR;jBbRk@JUPR`3;i<-f zQe{msPb5$^FX6*JWfmhx>q<+rcRo+6Z1)0aa;uQ1(8ra=Qh4kQCyrAZfh{xaq#L*~ zy}ILWIIWe|B?{xxn&YeE1X6YQI^Luwa!7e44g^UDON7nVP3}sndhDd~O$hiH9d4O} z4D)flhsL6ytZoG%(a=UUskA6l?i^9cRH|2k`x)ClfeUf+oTx9at_a-3tjBX#(^SU3 zWo6flb$oCfue)4>`?e4HoW6!s^?JVC7GwwrD&$%8y6}W2| z>KOr24gS_!b_bgEN6SG=*V=d>5XJq?+07EpXDk>>ZcUK<5?j8Y`uU3|k3S25Wn z|Ja5k-x0Fb$ciYtZzEiF-&T?tRq5J8 zF6=IupQPug204dT=A6~NGjZ$Ju`}BP*PY=SzXg~g^l{G@y#!EU~sVmX`9!P#lL zCdkf<*Wx6c>#iA|u=t(N+seh7#Y9Ms*I`v zl6kMm6h-V9WYHocf94&`A&z^Fw2er2%vLj|zN~6|+}v|rngWL8BWoP1eZhB646cu5 z8{{WE56+A?4jETMdV+W8PqXDyi$>(zdgBdSL4X;4j5exyEKk*8ZHz2I>_)4;{Iqzg zWEqmedAtUkI`YH)Zm9%z3hX~f4YB@oUpW&v{0S1+=msT-?ODd&qCqeL%{{lv&z@fv zXOk&9<>K8p1M?w{WK34{K`}GFZ26?{JQ*rz8(^Cp zWi=Svh%vzk8PD0I18aH;0}^|TWI`wASjwDEB|zceK!-jW7sbCiS3cBISiKOWl9#dg zrTIx|IXQBXfFhfXRhy>url}T#u|FY__rNFM)k|Vq3fl)h&A6fZa)G?L?ynnJnIz{_{nC#-4#X6`k#}z3;^@SE*qYbo(2u(mm zpiipg%fy1z=nx{_yf!X%iZ*jWGz6q1g6e!bubgYI&#=W;^oWTi`~K+bB~3HmIMd>n zv-@3Vjjm7GYt~e}2PRfOb0CJy4nm2(&olD!}cOn=4j(V5Hi;^`3oo&Uf6*z(F zBuXL|0_?RvUqU|gsOULVhQHEX9N!oj?MrX_@gY~C+DTEEL`EqMifF2*0snl-&A+Va zy5PSWC5(0xt5uoruQT7el754sC~C)7Wml>$?Ar1~_Pfh)^~dvJ)n5%1c4J^tMPIT- zfnzq2+vWhy-ltR6dIp|0IB6cYQoQ@t1!GfMK@lw_+3{#_Z?n(?Rw*hLSa-%gu)%h-R#4iPE=d2Vu)BL>oaZ(mbD9GGr zzU`p{?D~VJpC;QmR{hiO#Zqf6n{Ncj;8vC)6)Az=zc`;T^7?I24A}5Sqpl2hd6LP8MXhJ<7Hk z*-}ZiM4@z!dD{t?YFF|$Z#WuACTu*2e5Vb~m`X}_Nvcm1_6ZTqsG&E#{@lx)m zNW;!@QKjYN#cKxJag4q){EnNclf&5r=MiSN<(k-98bvdVL6K#i>+`GXyi&@sRWcn4 z&JwFvio(k_ZkKsY`G*w-H9{f5dBW=aZ0FflNY);W zPk6ba$fE|Eh2dzB0r7TsF^tspP_aS8kP>-VJT;>QL);7deQB{|`%RQf zIUxHy#V+OutclUCVjrfO${$~l?rmCskuv|?<&-v=g7FcNs3y-*zgD;b)MaKgYW>NG zBM>sDc_hpg5iRO`QtUzKYQT?otYrU6l;`He{rk~|*-veIV^^_v`6m8_TJEd1l5++p zYz<U{1}^8R^-@KFxkVz`&aqPOnxGZ?hG8{nG4JVuwaJiOf(=Xrupgz$bOOlaYRA{x z`Wc(b2VL7a`^_0)Wf$2-r}geypRP=_8sdu&_Iu3>ysWwGYLPz$!Rt7m+}Z2oJNFkB z0)#ozzig>=;&3?6^$jn!4TD7l8z^pA_nXaXBdxS5xUD*J!~3Hd66^F`Cs!P%Uo$k^ zZ7&$Qdn!4kD;0Ns>e8*0@v54$o=I4t}ol{LtH;i3BmbpwIsVCpmzhr1$;VWzZw z)**S^uH!dosE@8R_w!R-!?Trn@-quiL)cE}!k%4|sx!*K!q>^7f22u@Rpt=(We0u} zwZVT-4ZD4%+BBViSr@tZbFl-w57FYu-mZ4(>otR%@optsCyPY24IfhWH8fD;6|49@ z={lh#`bX;#*Syo5{od&_qjRL8|yZv_& zYNqVdWiOf}d29UmVoe>jDHJ1)g>CLXs0*B8Zp*{|U(CJbUzF_{Hu@+ks30haG%6hq z-DS|jfHX)m)X?1_iXccx&Cnj2sS!+FOz3*>-+#mKoApWko z?(;g&<2>Sr%j;CFo)`VwL!_-=aJnB9-r7Z{lzo;;qRz%sG=fujb)e?s6Fl~$S)Vuk z-7m?&ig|^E2%Aik)(aor?Dp_at0=~t7EKR+hPXa|Zl2U0%XhJ{Lt;n%RMfo90aNv( zOMXI-ri*6>7986N#vG%w3E+kGwuJP#{5%v)IKcji3kxPq)SF)S8_}1l3f5T<-R zk@NI~F@L|lH{*jfqZ#xVuI?<=cNJwkPc!)u>(q2D@w#tNFKHJwacwOK;(&nce!Xxd z5B|C_E@}%-(k;!PiQMgD{*kK>)mg^8?y1Oj&Z)-DhUpL=VJcCUiZSaJUOg4jEBtN} zox(l=29kZXCOnS){@xqx3{!o5PG0J%HZPhJ#|~^nBVL*uXNNdWaN}?zV@vJ)Qid(g z-+GV@xQ*FHJ^XdubuaAbc7O8{I*&*svv%HNeK($Ax;*1pmtgES5J?!UCe+*Tn1ecC zsx17=f72zmO;f*V=bn;whk8^>Fc*-N9-BiK z$?!l*DOHSoC`!~Y8EoD$usrzbiBT3{tktc;MM|NubHJxEUxp$7k;@2nIBnMQtv`JM zyzMa0?ZhXCG4G2;qFj_ko&@+TKN`E@+CRUBI#4mCl&?JT|B&dd~$`+WHaOtP=0A3GT+bhZ#>c10$?B{G7T?&L-$Oc+sw7M?Kj?+a+F%wmHz5m1$i;ZWGxGz;=lJpob{AMmqU_8Iw#poc&`z)RU>|BJN3sb9#;6>SLcN1{l7Z{=A(b8{uC9w01`gB8{1+e-1 zJ!#YUF~7-&_IFJ%lgA~{tZmnM$4ofBkp@5$xO`!fpmjz~kXun42P_GWEt z(2lQqr6#;h4;Xb*a{6Rg5k#H~TDBW{A*3q8wpD=w|0`moN=57DM+ zb{ck*k>$#bB*b&)j5j?<;WOu?`rZp3CWOA(h|T>=|Ay-LEvl2FL!sY!)czl=90@Gi zete@gVI|O{Ki@e>zxvF;O#8{4_~MBY*Kjn2X=m3X(?BT0p2qdD^M{m-2cRy8*LfF} zOB3+9XQu{EG>6n#{+VVf0-@7Wjc(K+^r~rrVFOiV(&p{4$&X6m%%P^7Adflz=w7B% zZ47NJ*oFQld;$KUyJYNirqWZmd^*waXk(y~!0n8Lqga7uA>>qh={zV=*Sh#Sx;n#B zy@hAu&xqXDn9=}T0p23xJqO&eKD#xBR>uG~Tp`v9XPLa#tkbfO(IQN7MKx!IA6+FR z=5iNO8(K>Tx{ao%*Yv57R72*Y%s`q(Z4lc2)?6!eOFDU56v!)x5g*fny5`x4v8-8gQit%$awFpUnl>N_5$x+g zfgV^pwgityxOtU3w%?qt&ffLK?3r7oF0IIHEtjo$EqPqx?0&%CwPbFTcQ zpY&yl7jr#w-+w=+LIxA*Sj;4Yg-j;~FuVB8CVTLhXZa+54N%TrC_5h$#Bt>%m)4&O zY4YO}J6P*;Y)-xAoFjW6*8ZQRSfVfxeXQ7%40sSWDyC@;$o3HzH9fdK>J4bqwd`xw zZagrbZrYTL7X-ZBdRg%%uH~4$A{5gNA8Zph1(3-pr-qX%3*Q|xEGIx19=)KD{i~rk zCb!qv*_A9-tB;{_dk@(Q4;y-E6Ly%itw-+Am#8RCqO4NuNAVqUV~+ z{KWT{a883g&{Fe`zfwxFdlTN}PLgU>PB5MW7HG(0tt25FwWxEawq0B&2T$bHPKVrX zuY+N5pg(n;yI)vXY-3p~Qx z_8a-cNm~G@?Kt2>y&))_6t#Qb9EW^)%rtBPB;Z>ARt%@%aZ~%KAc^&mYorbiR77SR z8}N?QvD|xe=<}-E}%(q)`9GjDQm_fNV6?++Z( zxUe>zxS1idxN~Sl^u#`!suNk~_K3%lQtHL5`gyZHm8PCM^l%Fu+EjHHBWhU3<5Flh z$jy|V{n&4q=fV-<+t3;I{D;GJVti}dk z@uM)`YcB6cml5D3Ri*F{t=#RM@$Ch9GKiH*lP~2cQnq*d?d7rD-sKO9o2i!*4b0d6 z*zhhqwRVDKwT^Nv?zJ@9s0$ZXoLuuAH$6H^jI$|zr~V|SaT`>EPe zjfYav=Mr=ID+&M7_&Rd~CP4}r{;eq}Vy#1GwY|$;A;XTaw3U*D7Q?tRe8=vt@)D;O zWZVxV(uoTQw8~%FuBDxqwma zRfZo8X4E3aK};Bz;-We^kQ2cadK4|l)o>2#5nT|rof$1&kEm1?T&Ym!zK+4Twnj-C zbfvurxICx!G{JI+LP$JyE=M~B7bs&4jBq@dc{ov~^9c#Yf1bUK7cy-CL!4=qRSwn77f^iWTaFeU6$ zPG>O7MeXBD^2Z$=?@{fF5ipt&QgwyH=;cQO(M$u1sPBv&y1+HX$Hz||Gjrel>8Ui_AJfG}YqcV7PA0*%3>rvpVxTYx;58yryf8^j5!P zu6BraZ_9;Ox#$K}Tk8p=n5?%mYL_nZWyg}M|3nEPemepo#2HzqGw*p8(s8@_u1bITeXVMv|Lg;j`6Dr{QRI#|5FjF&`2n#zcV; zzUnh~{p{)#BbR&qQ1qr8&6T;n>+T1$%zy?nc;=)T&{8ygL8(W!-|guCndCA1<0b41 zd&iFvZKJ|H+K&uC!%Hmbi$^WxkKfTRPRS*H9cFm%mwUJHKHyGsF~s#u>oWE%!}zbN zQasB($@|xb^Eg)x1ZxR{@A1?ZZo55IVdp_@jl__J-fF{+WBW6v|A#w<-OP6=0@gfeE5OACvfn1X{E;zjpiyBn8cJtaW zx>9L@prSR_U@xHjiw_DmE<#2>gfWG!uRs{IVlfVzWGxB82w{HYmwQmr2F(Ju~&T-&%LG31|x_cQ1i*cjux6 zs_$6%OI%fCGNAlj|4=UOkl@(HVYV%9V7e}nKT|c6cya%K5Cb~&a6)c;=(u%d9zzg2 zlGoZvlUgaje?i6Ug50s-j<tJ zgTR-q%SUwzLQ2A`!96vgL@I22!`L4h5!d%la z9;e?tPmL;3aN_1OCNQaNQd~|6;!U#Qg z&N{L|NtFr@K37p@s(m*lGMBrwm{$;oicAlfJFnLbxc0#sIjvhj-*QaJ-y{UVVCMOwc)31pkC6)ko=Z;$uf)+3Ozqr*FRH&b3I2g*mYT*Nu1D zGrT|R;*}}ruFt7G?N>|G6orEh{7XT19N*+FvC;aOc*L1ulw;G;pC=8H_W$yu+k!&P z1~uR@FJfmD_TER;yA}Oru#ee*G^)65*{Fn z-lT}f9EQJS)yT#wn#rV1LAM<*l?;f6ST(C?bbVg>Ju6H07f}}3*aSg^p!n~{?eIH;ICSiV)P>S z`B5H$X8O(Q@F+q5_nA>rw>b=TZ?_P+P6e-vE$FfrJD>y)H<)&4gkHZb%v3ql<$94D z*`^;O`8a}B2Evcbj=9i6TEwKp9vcCysRGF%n?3uDxlj5c&;bApH$#^l1q4c7Cb0}i z4H^nV0P@29x=~XF>*tWPFXw{%R}voXuQ#?UyU=$g6iPGhjy*pEK$o6Ow_b1?DU25L z8;f{GU5Bo~Mo&vVvpc7)q;TJJXmyYLkl`0umYrtR9Gm(OuSI$L2`8~Yn9p$OEn|QB z%z-kwOOGE(f0m^;Q@*}X;qR8OzNq1Pmslsp0I7;>fBNvKLxLu_A@LX8h_s7;Xo=t2 zaY=uqDNQ#;{=##gmP#Nu4RRxo)*vG4A!RDMVtf0D|Fki@ve+(sZ$|WK|6sWJC#ZG+ zw*AO;!bf!{g{&xRvJ~IY#;81U4hh;~J)6O78&wG5OuMc2TrUi$Wu!H_OP~mIrT-mX zqrrw>rO%`_8>-*3>)I&i@EI6^q~uVaZmjRZ8z$tjQg_bC{#_6r-kNx}?#K zSL<&_x7JA~NB?Dl33J`$27~I;w*L6>ezv%+3L>GqDVmq={@z;id7+Yl1xapM;a}f3 z`^l2H3vaXzC~Fq6GeoMQ;xy2j@j}Dc&l6@zp%d8gh|8}ux}*KgL}LcTDiP47;Iko4 z+>hz~zV?x^nZNibf~d9J{094fxw$gJ!^@?8DYI)?tZDMZLNo$~DNeo%UK45t3?!%y zORHM1nnkI1mDby=l~O3~fyS%_{2+~%`;nTk)Q~dtaH&UoxLAodSNQkRWiAULZ=8dj zcL2bJC=4y#Y@O#`R@*fcyzQ#=70aAO-Dzg(BlTqEXq=)BJV?_18fW;e9^c|di1vOK@$^(* zd>4C!lq7ZYc@VbBj{tzkYH@5@%0tfXL-QWLt#)qQXrLE7ti8r1JbSLP>cm0*O=^?n zy2GzQeZ8_^Z#hbrVce@gzfAuokPR4d4e2pdrvfU`T4(IJ7^`cNk9ub1Kqs5PW^ioVUuz3f~wt*FB6UER3_odC*77*sHa=9(=yRD4TSky;80* z^&zXt6m)7IgbTolDv4YWG^`8`GccP>#xXd~l^HefX?GW6HX((Ar zp?Gf^7Oy#H?mNVE2b-3)D6LAW3S(6B=ESAeH=&#u$1vEkt2hsp*|kld^yMk~q(6g9 z(DmnTmB@$}0T1hhI9pC(XChxpL1JuGmUfudF0Lggo5;vWZ(WRs@n_TFwZ3iA8S7OqZ^nRUEuP3M3Zk>({%abn7ut1MHBsSX(AyyuoT!KW}Ql&s_yo#5Q*35vD z$}wt=v{|2>*KN6bKQ*{6Xw}c`mA$ykO!~*?-njnDJM* z8;ZwJZtzKGfBg4J?nfL76+GcFyJr25l>M9+Q zK|?MNrF{-Tf~%h$HIJKEnxxmZD{J_UeTH}S^4sgTkDvxqxI)vc6`l5#&`(hR$bZ|j z;B%cbIkV-r)~u$)*(JTvRUnJz99V8s+?!yPwzdRJyA zTqPcSYH&=n7MF0(LiE*`8KA%pdl5yZL>QIjEB$JUA~Fj^`r&qLEW}OE6qeQH7oUIJ ze9`JqItf2x=SJ4D^8s-;BC|55cjxR~W#L$U=({2Z21qzDA7!1?w#kzt>(_Nw86r7r zd2?GUN8kVaPHLTeyh$r{20k9wC2aJ%F$nJm`#Ad|E?^OSg#G({>0I}0`qG1p&brDz zSP9tAFaBM1VfYa+&Q^0V>On?YEfnw`TREh)T?~dT?)}q~zLNxGP+jR13=lwW@wEWW zNQLjhW*6|TU%sQTJ_3g_8Rl*|I1UdT)`&)DopW?#WHrI&rp`GQS)l_I#BM1S`Q{*n z#I8zL-x%k?qw2~}8M#iRy+{E0J(L;<8($S&Ys!BDu7%WNntoSNtsQ-snM!ZXP*oyJ z3jnJiF0+oJ&_NQ+TC?2cg(-rmt`ggI=V3=K0I7Psk}}FjKuHARmQKPMshAurHs)Gt z3Q)R(W>&dA-|OU%nn3#uL2I1(NzsX269Y=`(;Zt3H;J>iAu9F(rP)hpJp}F=_zD<+ zO=O6VPV20)6;5kw+hQA%UQO7LFS|M>Oz|e^;}89qmAd0A6G9Cy<+KUR$~QdSvclxM z5=8qrT-*A?GhVu7wSl_I>vZI&n%XHblxPj!F8kNAK_&|4yIl8 z+lM)W4|8dO2)JvIb?`ZDw?x!3M|I>ny|U}}l)#{iIPvj|UfJ@nqoaRj%mQG>v`&2P zg&ksImaCiWjV?HireF(=j-_JD(DG7{NL`W3fun|mN4Hk(nXyrN=Eynf%WZDNAb-S$ zU5sFES$tA%R2z&8tVW+4_Q`o4+x_a z`dyiU98+6QE_Gfz6qXX8QBL|I0|r>4_Ob6XUkPR#9Wrj$+Z*QVBT1M0S~7qiYdvt` z-ki#^+DFG;Xw6z48bZ1pga)Xka&yv6);~K*r(gU$EE~9boDkq`!Ry@4+0(S@J$-6L z>^;PE9L5^0ze6uCb-i+K}6um>_pQ3|J>)_KWLu?26Ni*IwkZ>tj}D5+*&!AjdZ< zQ=VOXlNWy7)zJ1bRSA5%&OtMdCs5V>OI2JSkeRnDpkO1rj?p<6g?rdENrCt3c7|zd zob9b!1=~$E1Im^R(|)c`_3mdjt znsYPI-H5sGTItm6-gFz6I)&|)s?80xd&_M)vvw(Dr#|uG9qU4Jv-tz{vH!vyzP^e1 z2uQ}+An8f6x|Q9Jm=4K|sC9vy!F326Zj&hI%o&4Sk%pZwy{lz3P}7=3$Tkh-W)5?9 z8;*6rsAC#y+5JpGZJ|J*W-rp#Ywgh1TXl5PdN?twi%y-)?VG^Eqdx>*UVqmFL7~R5 zQqSK;tVbc=ONE$)|Lv*ddt-uld2p6Zz^!aqS?dL#LU<;;%tBre_var>)m^j6o4y2c z$rkI;aYf>M#o7g_aKj|Y>@45TQ*_9nM`v>Rj2{f;b;JBh|4Sz>K@p#J<_AK z>|xSXd^`DlYA~0}1{9j)!!OW-te8=_a@D7{1LW850m&ke3dg(+uGwGiC~@|a`sr+Oj}|Y?Jz!VzB*HoSG>N2UL>4S!*(x=S-F&oS+PYP7C*-Qns;zn zVaROP7~eF*Y=0Ac8Nr{YkBOS<$=q~WO0u(vrFoJJUN47{3rwbfpgB?H(F(dQY(55k z)!hn^tgHs|&613>vW~B$O%GS$a8^L%>{UER#JNr~0+&c&@|EiFjemtcL1bYd zNV*4ymKK#)=jwlWqy*3KQ=E**i`7vRs;)11l-{u`mIq|@QZ<>sWm<-qwr9zzc}qxu zv?kLl8YUJu(Z1fNX~5d^bV=VjuQI2fqmWDQfsAVUzam6nWmB!|IpmAk`O6CzRZKe; zzc0QN{eXB#g^u7&Lt*Lv`$vJY4Fq~5o&5h+LHYl!@H5(EVk9bU>dAaiS1dO+>voNc zjFh|3|H@dMO90EPe@jgXJK%E5#$gm-NN;nC9@Ufo8r~6zbpBU*8k~7Ofd0=m=+C#` z`3&zr;#MRVw~u?v^a1m~O12+CL&T7sqi+4KIU@8$zPICCulD=}{(ank-CGGLgD(L> zjD6lqT6{;D#@c1Q9f|uUM@cEiDdA;+EVOE{vItB&0Zmm#B76(?3&mk){HYrct;($3uKkylg+v5=&fB(w)OV#1lC%s56R%*D3x1RLiZ&R1haO#F*70fg-5?Rmi zuUh$MQ{aOEW*Q#5R?g6rzcj^On#rvTe|Xr+{hGLHEXvyIX4*X#Myoy)h$QigyVGJXl3T(WwoZXAVtsKQ9D9_@x}V|QjZWUyjSzV?@9`g&c~ zklkL0MzZy1eNus(VH0j-ww4fb?Ok@XZ=SnIG@L@-{plf?N+cZ^Y?QO6vid7~n8Pxd z8?8WouXLMgW`GkvKo8aN`$)z8L*N6BZByX9S3eK%jesYx@#u5eCxKNfZ`PGPc5?&q z=a<;INrcaTBER_YlB_oOjwG#YPPuyHAB5eVLiIP+7mnvXTMCP5XhI$y!xUBr>*~q&vWd&+wAVHz* zAhobB6va5!x(TCF%;QvGu!Bs_t*cl+cT-O)0=8tG$Sh?J`ONG`3Zfz`7J$!D*qN#I z&qVN{e}Vt{1I}72I*WdJmh~Kfd&c27bSbe~S-VNGbTq%d*?P6~X*K#8%Avg*IR?F2 zi(tZ7^!&WoActb%-Z910W$6P+EKVzK6Yf2&r`j{0&$aAj{ZtqX;Gp3C?JbF#{XJc8 z%DOe7`XFwF)Xo0#Jq1qm>AjwGguX+S>d5{{-c_WxC}H?(fiqCJ*=x7D?V`5DGKXIZ z5&JB?ZSmE|#^WYa>T=h49gahqF0m46amoq#+f$i<-f68Z#)38!VCXJUzo@-fO5?}n z3?2-P?7Df(?~d@6F~hm6iY>ckR5GO4zNfw*Uf8s)6(KeOThzB4cFij6uk_g>RTrNg zTXcO%ruNZxJIa51-{;-2gv_DkAClT)ym-2Y@o7@za2ScieLiz`gND~ga7V*#_}Ven z`S8LFqGqawwij`66$)%^3SI;(ex+Z4B-zr(Jze?0646fmvHF4n9oeQyu})8 zZ`^Y47!lHTgltR__)?d0M1xJ#4Cgt}lO>egwsu#5X9hc9YVtU~Z=j>lTa$Vzg;S2@ z&e!hPT$6*<&g_?!&98b<#=j;aJ2_x@1;24>Ypvg`4_Ry&AG1Nm>_L?oagW~QJAt4e zye-Gkh% zN%74DNRx%h_SGg5U6KFfxR?4WEi3xul9`%gj+!I@a1MHRa?%c z=JkIo?hzN17tv}QZG~*rxN97gA-fc5xn>is`DSw@h86kkrd}%PM}_B!zEdxI`R2tQ z>y$l-C54u}3t1HAZedSZe+oEZlx2Yc=?rFW?K2Y(to4WD@N|p30Y(-?WC@D@Xt18d znKQPoJ}S?yCTN#rD5*XKgy=BYDK`%N`O2%9!_a0$I^$u}l%M*HCa35`224N^vVSyR zvR82i4LZC(vjWubr%4BlF0FH0Z~sX3z!F9`2r$L<1!S3cvp%Rt^Aiopai0L-li-ue zN2XW-1`4U$R1IkU?!6)NRrlhyRJ7zOLAu~s=|zTZ((wDqh}rWMi$0G5ogQTUf-rzu zU0GNZi1i}Z_++UN4Grl&Qvv^ox4&Kj#T%J~g}Epk=}>(hv1DY9xf}WpxPnb;ZEr6q z^>c1^Y{-##vLZ0!BEmsi$<_0t^nUa#{o;4zXx;dg)7(V2>uv6yDU!4M6R^Y(u&2-8gMQuFl2A;TFV&vl)PDm4rT$~+q_^Y+)SzzUNZG48_VL)mLsbwUvBDKz$Kjp^*`auq&AYVK~~SK8i?j>dHaYd0ceolZ@+==9#JP+Sx6vnc5BOh`_@Gc zp8?!xsh9xDOr%lMqeAXMZw=nY~$)nY2#+|GQ{&_!;0 zR;k7OxcJiqYepj~hg;Edcvc2Ybh~P;T8WvALR@O`1LQ9GW~A%TV|kZ zTr@K)4}DKF+H?>{4ut<(Ea*1@WI*>p5luS~*{h>^yU|E71HMU6_3(Kda!cucnt?1y z9FGq1?r?1Xd;*MRKAZlE09Owr1>5R;k@GJny!O~D)j8{=*Gzgwc!0A?5HP*P1fF5K z6OCGT*eo9A_E2MxlM?~#L{vr(qFI@F;>^$zJWXb(hSm!OA{2arLG`U}Wlz4=wO)*9 zj3|;$RTAReIKez)s5{FA^N>3W{~mwDlW%_t%ooA}4||X=qL#wn`$~Vc0OV0=$z=Vq zZe$5ygv0=PNO>g&mKb^n5G2@qUR2{pF{d-zC_knY;3J=J6tLhGX|fc0&Cw$r>dN5o zyr*R^upJqPX8|(r4G&V@XCJ^U9kpZ0Sw&62fBi z*lM=1;Hq;p?*BY;;5BZ28v6DwLmUIKJL|F<5(c^rNZqiRbX(Gz*t^q(o-140j=%4g zmu9SJdMXq2b3!p^)lL^Y>Q4O*bb$~3K1fL(61s1$I&9WuEdlw0Wyfk5eQOzJdNZfbJK!Q?&szt*TOKr%kFx@gk-r+^LHWz981lZBt6hM9rTzr+ zegwIn&v4B@eb7z7+__D1xncBk?;K&$)vIlMC9}_6XG~fCfMNN4BKS6zP{`u8MQe;( z1lVo~@qOyP3(7cAjB;vXY&sCjAyl2=KbZ@~5^Z_CJAQ6CSRoUfsMGk=rSLl``84pP z7sv#(f9vL>a$(aiEs^N88s^^+1&}=tbFyRT`2T&hKuXAWOUx=e0gH(vI}^=1pFI1=`Ff=A{2bM5ct+ zZC`RxL~f30$WY{->62C^OXJ@*Ba(9~)*N2TOoZ{QCg)E0IgT7! z+Yw;P0-wqs8O2DX)3`~7X(R#+Ko66tY{Nk=!Z!^CM*8{duFkz~cB#sehyJSYkCXGt z8ibl26dOEWOYe<%@B}H1th_x6+|!_&YBsLCgDEpk%A3jaJ>9)s1zJ$0Kk;SVNWxNP!Mmj3Q>l$+_|1Mt{^h~dqn>VH zVx5yr0-rk3Eu?MP{O<#Z4?vU$gRX$?nZcW7hJj7MLwrK4i^xRpM(_s;Y}9NsC5uvv z7%t$})LbYLuJMy@2W_ZNz~$55sp<15sf!04%E@6<{-uODsR3;66oGy8Ujnnb1!l|= z>woMYmJY`!fQhj1wtYK1)zy}Y7Zj1iT+^st_WTOGl~lhwfH5RDjn^7v|irQ&HVGA3o;IWc)^tSY3R?(wKa0-FZ+hGizQnjkCq~u7i&HOc7 z%US(oz^Vs%#j;$P!#0_o$FXP$LT*C-@4H{o+T+B)2p$sYN|SGto)ISa`D#2nbJK|plN;O@u_W`oB15Hjl zkchu#JZg#mIh^rzo(U*43#6N*GWl%qoDNk*8TsYxm$ERP-#AvQ1Tzs#-FRMHvwTKv ze5cMBttk!2oLtiv!+6NnkXvR7;uzjxkvG)3YkMB1oB|AC!@K2xO>Mo`zOg9Joe=ky z3Ppu9PZGFM%geSQ>^e^=res(r=oQg-=+h$&(W$}q7-?<=jW}rt68oiVm}W7!to_fp zChF?CnhfS;OHZz`m$f#Vh#0A^&au(!D}es=eMDZ^Q#`};@QuslU`676JQY*_qsgV) zI+DL?1gVZjcDj;DMi3>eJ_a!UWwiy~_xO|guO&sT9`*ST>P-9Ri z%0<_G@Ets~?i`Y^mUV7Vy0LBam5;@_T_q6BZ{B`WyuQ(ddkY1{sE>JUIt|;u1RmLM zmuGRYML$|>l!o~hnCkMGs|tJxg)Sw9(2d2*gMgHV(n{m)OgMJTRW{U>;uh^g9e`HE zcRQL9e_CG+;>B$#s+9I+O3PN(pr=Tp?qN{?0Ro!=mj+&%X@uiSZ1dT%bJv*{51R$m7YcyVR*R<$+gxnu`cQSNxy-)t~tnj#QsxGVP4* zWD*%0_fbHti%}fd+Rp7rDkr<~`a4fOvK2D*R3)5Zf5wad_LzN~vhFj3u6t3qrb981 zS&$kmG<&KOzaPr3o$>y;UCl{asC>7UTNpZS^L+U8j%qq=No}(6U14^l-Av@SGTKr! z(ed2Ai;|c%yCU8r6Tq5s#&V+Uz#um>#Eeo5Q!uaHq#wQ}r_#0nm?A60Hic^&`spTv zaRqu`)RjdjjZXKZppzA_lkTNN;iD72o#u1g{NdR32Zkug2LS=+Zzz;$AGf@wfpeE! zzUdL)HWS}J*w2$-uJWrOUrBLd*J?Ntn!ZeL`h}(OT8ci&3Ak!H!Q=;MLdhbnKm*1Z zxo_T({?u2q^>Q_oGXr}-T1GgWWfh~*{4wO>p;x{Y{eRpfR41Qf8H8kQKqCN`-fnF# zDR_f(`8qIug3aC6ey<83Ms&A@4wNEH2-bmqTH?u&>Cxw z5g2ZrYmH=ZnQv;`Lzz5ccp#3emVAH34Hj9GGjw<$UPtr9 z!1bYGJ4yHGQyR;^Y)0#Y*Z7oM^>BU#lU3jmgEs=3EgjUe?Q1!y5i8pDgmTZ(RgF>Q zD(Mjppc*nR$?FeAWBd^D>)-cJa$2r#t4NJy?){nNL%)Rrv3@}c0k6zda~RpPn}*0% z6S&hu@{1FbMeN58yf7so`lUhR+knBPf(bDDw;7Wx+HQ6FfY@pgJOCfg z^!Us?VQ$1YM)EM+*4q^dbZ`n|(9^$(&6x3xoq`zl&S}RXKmf~-FK2M}Ce5^F>zQI+J z`3U+WV%~}r`QhFC{FTr4Pbc7ZS1?3C{6M>AbrAE*h^Jzr{Gw}au?*9Q+9Ui~!Z7^v z(P+cvy-49bo%%+La_cFU5>EV&fV^g^hN`1K1=))n=gMF7a2)Je+?_8D$Uh_BaOK_Q z1YgWFnDKzn7iEm>`QKf8)YU`V|MVeA!oZf)T1rdG4WHbAUkJ+I+j{!MAWAIVoAi# zh|(v^F(gG^ghB>suqo`H^&~HB4))xY&(xJt+q^@O|7tmgc~ho;@Q)W$a5FCyPL@GK=ef)nw9Ufl5K5|#zGjP+7?CC*f>n&%c;maGgIKTTVseJg=mj~_|1r+u*_W^kM zo_-B>%X72YXmMCwxy2^Hhg9s2t?kUS^T(Rcd^kTvOLKgJs3XmDE9k#`kIRB3a!ndr zXWhj+L`9mv9wRSDiGEf@0)E*+KZ=aG4;=dgW+OA1X@hYF=d={6pPg5K3mv~`b{o5> zn~h})bAQH)c&mMy?tdnuBw|5cb);SK@Nl}E!?Ag6r8(SJ*q>4?)zG(M*<48y$Z7I3 zxNCSamm7z_qfr0YFM0My7oSS=eGWqzGD741b`Ph?0<=!UI#j^DuENP;DtkRDG%bye z#%0rK6~||+cjKmRqe}am!#Bsh$0NsPWl0&iAB{-+^e44tZQg(F4~aZ?VKAf?ihW*< ziy1UmdAzA2^G`efTG9hBZJ>msh?wpCYXT$5^1SW{`t1ld@_0P(KggtSDZ{IIMHIaF zJRHxnC~!{FkzP5$iPO->k0|AYZ~RI*K{>oe^wyN>nt_oVVJJ`52tPut%h?wYp6aLt z`(~5YWjrN#3qp`CcI7=S1MAeSGts#8JUm%UPwx;M3E3!ac+^4TCHz3_!iwhEIh)^_ zV+uEnof#rZF4rqgJH-Jy;~-BnnEiPBiP47`qu@3BHp>Os`s3=yKq^tF&ShF)n1LKw z?dPq-N&O_hJxb5*3B<#*%kipHyc7{1$yo#SKpSG13(P7v(iut2RljpHo7Ro9o9Rg; zZT@b&`H7i+tG?RepJmnqwgG+Xmo97b=6|}ov{Lu-%AHINxSmS;w*l8=upRio?GZO63aX6-bgR3at_sz*LebAWpsH*1U z5m^?x56H%2@k7o=^!%fQz)(pjpCszYSa%#1#n%qrpv$lvj+;IAp=??UJi2cj!!o6B&X(a)pkF0bNbtfgf8{v7-4uFML#?g zb34fC&PKQ#t7;pq58ov;D<^C}W!ECW6t4Th&2U-EYM%aO)oK`>NgrS{kN9JG6ie9h zlIBYw)FxKp`8W42f%5RYay+5w5)zLKYszkuaH-2R58=}w*m#Xsh_xK8W=r!|>Ywhf z6I5yOB8i0xet)v`b{x1p_cER5eRIFHwYX$^M+0tgX;HZ?EKOVEnr0-O_fG1T=Miz# zZ=*(D+Wul+qSCtCc*&!`4*=gY#Fy*OzqFyqGp^+r`f;5KtB3X{SCC1ay=fgefyxZ{ zpBDK$a}t;cSdB%xZr>g@0Gik^yn0514oNl2UW4#ig9z9EzI#jGph|$Uf$yU#!5lkO z+m_)#Y1(tYf9H~Z_U4@X!7Lc?FWS<4>&D@^iU2!ZgsYcWAD(-sGqboZoR&sv-TT=L zAYBwMBNth9*M$Y*-z~>%a43-VvjT4BYB351p~k!rb!zb3NxP6MzxsS#2?t*8nIL@n zimyl5o$8E+T8suS+F|}+g5`I{?YY+z8i#}j->oTi8qOrdulJHy^L2Jw{@R%Jq~*(o zv;h>mH(lyb5`2P@nrX*gV(yKT*a7Xyg0sn}Li)xp=$!s$6LpK*^9u$q& z!RK^cyxj~dSLs-<7HTGv(p)j9u~$fzcvQGl^Ng^(QYuDzCnzu69onT3j%?sYWN}Uy zDJW&9ig{!d7ZaCT_P1v##O`3ZF7HRCxZbi*mb$0SSwn$Ulj?5710Q`V!vN7|bEn(K zJZ_UpG-6l+C9w-|&1yzKTUA+}RHUYu#35~f^QFDf&Yp@!sC%Xe`?Eg zcdBfqb4w+Wz3bm|pp>ZNxvRfAQe4RmPd4UACg{IcI0^J62t3I*oXSNEh;14@=!j!e zcf8o`_^y%nqx546I;*{-`qA1h>oyT zj?F()RY73Hel7I?L@dL=WIBT{j`i#R-Q7Jq?@3@lh-2CT_^+efMC`HtDexedt-xv? zlYX~r;XB{$Y-wsAVCie`9>KNTlNwM}l!b{sufEw|`S8}mpWLGZGHONUl#}w&1gUUT z96JxfHoz6|vI)&0;v5^n{O-C{EG6LxEBiESQRW-toHhM``;8x?O9|9yJ z?%#{&UTVf`-q+V4yuUC{LMT@Wp%sh2G5qr{<@rooOsf-7wAAP3Z+Y$68H08*B&fZa zzXBgJ7hh0G&7Q=N{ezzQRl=QwD#vd8Kbwf%0==0wqe=xjt=n_T&F0#yn z0u&fG*1w55|I{b54DNOb#3Q^`H$Muk+fKGnEMHSg0nDg*DByxY(D&paU=WdRyxf!M zd3gz8ZA<@o@LZy6J^#RTG$?RP=cWqWXFs`Jt&n^J2Ngg_n~r~O9_B6PY>-Y%A-*Ii zWe4N#V|91(-85(bC!wEi?4lXn#CZgEBU+lWB%fIGt7=XD!j!r#!8warfRtusRpDE6 zsOD1rTi-u={tAX2!phm)Hz;yFcis?>IEq#ISKP@-bq39PLrHHs$jh-SoSW_Gwrd<2 z4=%@S=TPC>ff6SHA#U}*yM+H`WDq<9vJeu%rrQaIkL`6vz`u!V@y4--3!kvppZ5Dj zHMt}_)|x=ANrzL$a$=g3ZT-B%5}zbJT-c&# z#T0uoWzjI7q>c#pZVy_45nH*qtX)#RJd4}8dH%Yu-YYJxVQ(^(vANz1s)|Zl%wW!r zZNL*d6I=wy*}o5)8bX98Q3(9F&+Lgok&9HE>XkeIKTQ=37`?Cm0{oT#+cW&zJep~M zzX)o~U68pxI!}dSQx9H?BN=tiW!1u4PxSfC^GoI?|icmr_G0(pv!O1PBPBS49Qs5=wwjq!X&N(1~=Z zfzT5mBE3d>hx>ZgbI)F9@ADVj=YGqR4{!3$Imeu1j`1sWkFD5XcpGgCCboqrd7&*kkmx=_vowUMq27U5S7RrTqi_D^~>-aLM-Qsx)w4go50dZ2?q^} zpy(E~`o!+mCWs-qGg3-h;4i;3sc1R%VP3hbdX=DiDBq{%$Hms!SJ64flLRPWdOaQxV?v&N&{CYL$`=rXGze5b!sn=XkehX?yRn zhlzBV{c|zZi5||K9fX(pD~Cjh_4(Wm&6x7#y%3}M++3|zD?Cgkk}qBnrEDR>wwS!2 zJ@g~y#6m!KI1jyVT|S&xL)AB*-%wJD>Sw`pB#<>WZl)Gho3 zR9N+lnhKr*wA1>z26?gHfET%!{}EVx;fs&A{MyVvgsp%1Ng(K;6R+^}ytvmU0Jgpq zMJXHC7$#M-qTNduYJ&ju0=WRF0w6?gy*kZopHP_fF2%~3HP3wMQ)t#a8lz-%WRRmq zNTt){74D|wR2aVwWfEA8mfPNy2NGHwz>&iOEeykSrxSF(jKaB|h=m0As@29+gG+RZG{nG1vI@TDKk~~Uwj%za=f;{~4?R!6b zb=xu!@)stoQ`LKu+E_t*oKzD5nLE#&`Eq*3tcex;-F#S%PC(frXB|YDTPclThr&%k z^pW2`+}Cw`7?Xu3-rd1_y#T7W{xPmBN+Z_wgx5Fa1Vb6(p8CHrG1ia)&mqV;zIVlis{gLUF7xh!{ z>8*ly;m^NP$L0fVl7V-CK_87K&muv5*1H#ixK-;w#;bN4)i)p#G$dx%^bb zT^wkdsHEhPze3Z5YABIPUmfUJnZ3 zDT)wBw7*9bC~E!Nh?+j&p9)u|NF4qJrQ>sLG{2FvpjIGa($s)6hSrD2iB?O*)4dKg zj8E1mmf={&3mJ{oqovcM^y~|kB!FYP;y)fJhU5&(%#ZnZe~o{^?EZDHyY~N$DF7(b zzaJ0*&yW!Q0R*`T#hGs71)65XE{aFuPID^P^bS+kVv2;RO~6-Y*`T3HvyE zGP!Tj72u28w>6{=DU-TA`>v9_a-Vt;sfU&G6`b}(1+0BoGE6*aOjDjMiNO+&VLZe@ zjlC7=?$iCAPy1dG=Z%9W&SftCQGd@TmrXBVpz?@~UF`xf-26C3=9Y<44~|x>ge3HZ zike%ub-*P{-gV8mOWeOv*LE+359d6mi>Rv<%GE4X=aL+q=U6Vv_OCmQlsLID`4?y& z6vdm`Ken#rP3+dj1HcWH&P){E4f?S7EZ08{x8v(D88#vw)mMjiQ64Fh1&wth`2lML zM$z>Bh3!;Me|{w&*`e*(44_0f&yj}!Maek_RcG;ACa;MPbJTWXPp?`9xjXmf@aNwZ zopzgE#C1UkX8Xr?{G7r9s%16ya;2{t6T@lGs*AQCGCISd4XgC}t_%3_H00?%QRHW0 z^gQ-ihn?!*!Bmc&;9t-hPsxWRf>pW>gT1pT5%OrX#c`-sMV7A3S&eeBNY|VTaFnM) z66&bn=ur_QevfUP=Dku5rAjE>p&w31rI(Ea>SN2BI1@3cIO{NQ(@s`jjFpK1G9g^f zVl13DmQ%BW@8SERt*7hi` zpC(Cu`FVD?8E|D%yA-(-P&HlQ;ojr9OI)_YF-8)@p+O?setUMC;-_N>Vn z12U#bzSDXdKGAd`k;h|0-=8iTd%K>-mJtlzVBO5ZJH%z1!dez{8q-FPQ$G7U4Ph`x zY0j1eOb{k-op#}HNoLQmZUk+&Q+iDLL&5kod~nDmn$GPI23WIWiVtlwV7)g8$VO7% zcHho&q8oGT-d1>k#@;De)3%YN8tXfeb5OqJ7l zGt76{l6 zcd0(9m0p78u4*-<_4cS+?P8i1mzKbmKl8my1O>;7lo1RN!nlTH{kAJTYWneUGz%TdT;+ZLEO-~jOTC?ED+NG2_$q$Be`LPuv*N<$Z3B7 z%`jPc%+=NH;dy_VgL6I8V(;^hPkr1NQ)iJ5D5g@!+EnkY{ia4|1^4W^4t={-Gp*4# zo;ByyaI}r4~QRaLmv;VmQ!*!CpK(q8|(I)L3GWlV)eM z_F%5S91q!3wrPFHrSWTsY2->e<6pBM&@gbhkrzEN3HX zkq!6NawMRXK#0MOxsYyd6|5Fx?nTHMH%vR(x{%JLP7O_g zvsO$Yr$2E!jzeEh2Bv9>&VoVe2TeVcNPFdLEoIOiSyg{VDD|A_z0onTsLT6;#63(U zWiaD*P}3Ztq$`ei*sF}Hle(y2ZEg3|p>)Gj=+;Nv#lr4$G`n+T7m$&7P?& zzImH%w+N_l+E34C<_Eqbyv~J9F(sZtT13fh6~;(05BlS~c7+wMr7GMXR5flhSuZoR z&XA#liJ*s(0g(euA9@ox38gfoSVvT_vzbb+8jHZmL6pv(GVZmc!ahgOFUt{AeasXK zX@A2TWksA?_r2IfDrR1{j`oucq38emdboG>7%-E>StW^s>1oQPOnbg5Q^x3-N-v`n zIhN;tv08w7bBqvrC@^>6&}-l;fNjaLP)?=h$4NsYUWN8a7K*5_`fS@h9H6i zu}0lyi4k2v!bP4~EmQ)(Wk8La9L+H|bS@C_uAH52*; zY0uJBjv&NJI%~H|=Q%+rbL&rE1aEbPKT9S0?O-%n*_x)Z`Ug`^<-RCR`S;{HFet)F z_49q7{l~UuO$KtKPAG#5t3e(S!4Lm6y;G2ay8H4a=t#EKQg>Qa5J9~nOPew_2c0RB zxwnd*i5(q;^sBSSO5Zen6||^tv=El4hR{HP(_3yajGKev2L+HR2J`pfT`!k_s}yeq zdvSHXEVLe21{|}Wd9WNL;t*6Dyy7%W>PBXR2xCHBoGanz8B%G&)>!?#%`@rU1%qDk9mSu#nTV?I*lUUdK%0kY@6fnn`r0QD;^VV2MsufP~ zE2X-|K`y0(AMusY{JZgyP~}RNQKd#86s?RXARd?Fh%{CYU#j3 zUkuH@d^dFOv048ct4^~c1Gnf8=G|)yScoif!|bJu#-MLvT5RRi^x)nmOaQ-~X*Z(p zCM}K}O>!nG!;rI@(##WOI6=qM%d<&p>A0ugYfJVquPH*Xd0UM&Q^|bm^iHY-BE%0@ zjY+6bCPTs;+#MJXN4M~ds2-kK9 zo;?%^2;MC1WG%$KJ{0V3z7z4tX+w>5nN_VPrAzh1{-OfAFa6@20e>`LxWf0`DUn}7 zL6RwmdfK$6dL#~Z8_xHfX^TqN}N*rkk{4t~w%U?K1=A#Cu&XscbE3fh= zf5I;+ia#Ds!ZtQCT22TCvsB4)m5Q2z&h(DyW@BKb5sLz`zfxgN%+%)Nf&;Ogm-ktV zg#%^XeTDqj5(jYmF0_iA^~6(J-HEWM6Z|N~#SUvWu`?6aUc0D@M;{><2&jayQDk;1 zjI8RBqDZ&>XBZj2Vc1h`o47^jN{Hvzj}o?Q(%(0p@2jjWzRfsasV#N3ygxZE292;Z zPVGtqA8ro7x)O#w&Z)L6rw{9k2XJvmj7%Oy+m>-VkIx$_N75Zi)83M6(h`#9$X;o| z4#xsGrTsFT(97Q|0wyPPmUKifUP?*&+f_0l|=r9F?p#( z3@-k=qxJa|2UH=GYAEGo1uYyerq}q_oGz^X`bAFvi|g#3HTDKS(+65v46FsNcBv^+ z;FY(D@uKI5?W1L#hY8k?qU78guMBiLoyTvk-t{UILq5S$j0xUB?_gl7 zT^3242>}Y4+1=N5k9lgQ({uOR%@=kd2_mA_51&|S$sp#yf& zTq+*rvk&u@wKz4I?%Oe9=sfaQA+7J6oV_9h%S}P-jWIdI56TjocpWF#e3wRP=i|AE z&#KAy;s%RPCJ)Uyl9HkH-Z$A_6W9xOvULiZ*udfJUc*&C{MN~d0!PQG_1M}Y$)2tO>l0BJ zu8>pm*3@e6bbX=z4u+I9Iez^kPNVuL?C5h&ao_RYbhWf^fs8oQI@w;6ST6$z7W*g6 ztnkp{FnipD6@94h_H1faQj?}r=P9UDaA+DMNKH8;ld+n}xwTHSwOrxuiQ&(1Ky9tf zAKaMgVLIH;jBK%OOx>{5{pE{Twlt>KP1`#*jjPUEPj#xldMHD2OdR;Vx9y|XCzzcY z{;nxZ+yjeh=eLMKCY&MeaXd6H?mf9C1>*^Id@2Y< zgpx*COK6`6)jA|G*^fMS=S!91OOx*h%#&}i#b|*(=!}#;{wgOQ6_P6IJ~j0gadw4vDgZrZFqHUTcN?M2SijQ)R%nv@Dym)SZ z@lnD6+OAiJ)$A_VUNW(h{DZN>qjk@j5W zEb_U-#xL){Uc&Sr25T!#Oy*Dm%)T3zx>3v=gQ_Yo4Bi9cXeoE9YHoDuth;gpTFkH$ z0BSyXTcYK$Xqb-doB?|Yn={(+n*dB&457zfs30`Mc)+Jxk=e;tqH9k3hswnVEy`8G zZa)mfUSeCrIFW!r@i*)4BU^l({OEH>VOk7`WCkFXl>;V4{i)7P8$Xbe!aN+d_eQBoU?bV<=^;bHrhRZ z4o|>;?PH5aslQnWxIaTuS+Y)PgXqEUEbRGhl0J7qkh#Qd|*Gp*A+ggG2K zgzM06@?(uk^I*+oI<)3F+3>t`DZRx*R(H3sj_v1nM9z{0j4xEs2K9g;)M@JpZ2G&r z8$&3RRa35Lg(bj1#s9p#VK2Ad!cKb3xCZJJgEG80g2d1NC_|t4J%pt}WD7y|ykH z#bd?=o(Ua%O3s$&u!oPUJ>jTGfB*h{q-RxQQyJg_oK*7$aTxw$QOH#!;g(=>k27U; z+>G6fuSU}&J7KP4qLSs`tlQ6V0C)~`DRSB8)2Yx|r`K&+ljqEyvcDu93;y)qwEg-s zRe(WXW2d9({ea+(5WH#4l2ub8>Z32Y@%CcszNpj|@#>oube`S&F6#Gr50i$)-xYDh zpcW99CBMGDTx`8L=L6X0J$&qOC|KYm%W!VeP-b(PomrZ`^b98KSP^EwmSqtTp{*{- zL~1zk9mlYZ+C(P`?>2Ksge6Lsi1|4VX)b#fIAn;uVYTQgdrFua+-(;fVZNQP?f?>r zGq2+|(beD!&&Dd|FjMWat-A%$=5igfMy~DSqmy~OZ6)8RfyvgQ&zD{+k!(`jT9Ujh zM|=$IA=v?38tgc0RVyJ#CNC>pmQmsAst7Vav}o>7J&*;zz2#WAuh@m@{@RQ1!CILK z3EH$zYLe?S@RtBuA5~eLB3GB~(XCJ;>nM}|=;{Da&B-`g)?5^iDGRmxCD%~3aamP*fuhKFOl~PK z7r9iCLg}@Cik(edw*A>yRUS90&N%Uki~QFe+AjGjG=X_UQ;=2b>F6NH;?8N;C2NeIomo)Eg~(|BdVll!5hyG%i|h*e?Vlq}H-bITwg$Qe$OH2nkU*)L|6QCRRZBHz43WXp-U1Q`;zPHuN+X8mj?B#P) zbo~&j*@Fq&1VFGfFi0gQo22GVScY zewqKVUSm>|wK(CGkHfA}yv*S=QzPpxdxutDtrZ3ZZpuNn5tk_}2KMe65oa!~{yH+o zS#%HD{&X%>DWI(Xk$j~9kf_DZke~0y9U4>^B_to~(2I-|taWJ(f)6g2SEjM_%#4^n zr%IYD*rSt>c$rW`odqH+IcO{OrnW)wzT#-WYJ@j-%-^55OXVvOt>Ww}*qxIsF`c6m zZ0;n_TaNP89w{tunDTI(+>ue2*>r5Ece>hbbIEwuB=f0NsPti6mqTdF=lOl^;GJ|p zzOqadQOinR4_PI(i!Y{pBs$gW<_!&kxubcMxNN>As_gnSLeD0FDE%!FyxA{Fw(4f6 z|6h7XR-w-X6L-?UPS-iH0Nj)<`h_72y4}jNyUa$iiaj;sGYQ(p z$(o^fOE^&LzSk~>uArAeW`-&yfT!uIS|3|!8BdzTBFYB}NLqtfNxO69GiZ;IUr?!Q z)s@%NDFQxtj!H%It4ZH496S8Ars3`j31pe}b6|@?iPIR%MBSBC;SOwH>P%YfZ_eh5 z74+V+O7WUh-67L{d%Mh%PdQVYCOcCOUdVumy;(?syR_X^dc88o^?Y-D)=ff^5c-Ew zLJ9nC&6TsgeceQ#ow7vNIUNSUW$<$w!d)LKBIVvUkB~dw{xxKM*>+LVF`r)J?k#qW z)DO!;95cS8+Dn~G?w0@)s6TI|i_nKK%P`)S`gP}}{*ggTQeL5$dU6n#_U%snsOJ>? zC-b_Zx2kSgf;v>9^=&A)R$l4$NcEw>q0RR`9Tqn^Pi+bIKcA&InOk6X$kL~H-Ngb1 zg-x&^$orG<+cvngNKcZ#zS2XRRl36eZAP%njSMIn3tPL{K(O=dULpTCywcg*Xoqil zdBOF8wG@kKaCY@{|0hhRrAh-NQuHy?32(pn`JX$xJpr7#V)<5Ex_feWt5&{iFjPMk z)o8Pd0a=CqNtF}ZLzVI4s)be(tsCZIbBGt2jQeSpn;JYO^JaHiMGtxv(B!egGg*D`j1YITz`CJfMd4%_7ufms7|q1|FvO}MNHJUg3vxF0%&HRscz1Wf zi;xMusblN~Cs*=uuM*~T(wTRi04!npyY$H&mbP+!R4N2XViZI$`7Aw7@%kBRQ0f3L;dOMBD+hYIIHxB2;1S*T_O}>ER z^fB{|F}{~(JF>K&Je%J*t`#{pkEu&u#~$>N2h64-)AG(f%|<7Ga3=>wAY#|t=WaQ+ zo=aRjC|Fs=F$dgeoZ)j^Hu<=1!yNjIba-L3|NLVHVgC5^VAv$w+S8xe4C{DTOkbwi zDUf9tP*VB(|F?n9k@vD{X_G}@I2>{)6!uwubFA6@eYYnMcA<v*d@o~qDpJpN7^0yzi{DATT0%mly59(#Zm1|PI^gEb7 z{;fs7ImCP}Z+5<08W<^zlhWq@$bppw+}|H#m8fEp_&s@k>sONTAi!@~(1*U0vB<2b zM56_<+hty3@i>=f?L{I3lRVJJ=JZecP^ceK?jG4BT2;Bq`QP{)K=^CsVLd=!m5}%r zZcj^LvW9L5H$FT4Q&nc~QcA#}?zm3*Zh$I~LDT+KepRK`qUFY_kp+clk3B6IJrSqg z;h}B8#|Cb27e=OV260(m7CXT!o@mVbI|i&;GkEMkyv&f1NXlUp!yz84~a(P^cbvpNDjropJCq%shZiHyo^O8~oaJ z{&wvmt>%5q{nrDczml*_vUM{;C&Yd7w+A#{Khj7)jA{HXo+>g2Y1q>WFzU$Ne7|5{ za@2w^zg9q*K7?}yrsRERT{UqLNVYNbDYM#oxg+o@>R*$@Z~-6ye0-P3Va_-f zBL0=}>$4xDh5Q}0+kDM+jC>dr)1&}?S*kE|-|j{hH+NJw^{AUnlH-)IB`8jvCp>up z!QTPkyO0!}3YBmU3iySxV#1i(2EaJL>~5>Z|OTSo;b_Dpw#V=|3Un!%N+40ufUcg?O=-hW_})N`E65^3P6#4 z9pbnAPHuM}fyEg;u?Fk(V0t@u90iGL$}>GX&&jAUm$v!Fm1L zd9d-w+r7=2L>xg8ap;bcVqTlI@Wr=F2Ibdvcj4RGWKJR$VS(2uPlxB z1}Xpx&!72$&HNk3j48=0C3N(L4>Y1<6gXQ}PlTsK{I72S^4$Y8fmce;&|=64mFv6B1^t$Z zVmz|J69#xbQDk|pmJgq?zA3tF?x^cb#e#i#t4$u72)6i1%UvwbH`0i(Cn+8LibM*o ze}Mn$_GM#y$U3NhzD|Geqj+pnqci0bhpFG?`XissZL(?bN7H5R^JbI#y;FWgWWwUk_hhI-~7(++!nMN@Bvo;R>ty0CqUzwnufgH#IOl-mpd zxT2a)4sdRut@J2Pxd3pyN(t2bRb$}$kz}#hxo1k533w87r^`+gSYbX&VShAs?0(v z-nK?r91{(_r9upt_l9Z;CLqreZ|aFj8=kaZb)H^ZA#h|22H%eqk;T&J+YWiaB>#a@ zJnjHgXMA9H=3NbySSIFW{1zNLVBsZg(%67I#K{*FUVn6#-_yNkN3EoE<>2w;*BbzG z4}eT|t8jQKS@MKxS%O#F-*VB!R2kVcV0n(oBkN7IdSDRM^ z4Z=06beVgFN(^@{LTY}vei*$l?LS+Z=+=gObN>Ezb9`eW&+V$3un;DnYsN?21XiCt zjcBw;$jmCzkDkbVH|X16Bde`r3n?GL{Ac>K0hGp1t-bm^cp8sw6J2^Yy;h5N?I|o^ zy~SQXZzl@ExTlX^^>Wdt*EQDc_tXC(Kbv~jclQVPg!Rqz(IfL)4dKGL#7L!pEMR7icT|gZzpOkE`d&*>(5M_Yi%zgLno#yG4^+@)p+It?! zicYsnMimEtEg-}agmRT@GV`qY)c6D-ggsA{-fR)I3f|;9jjQw|cSFMp4yg91pFNH! z01K2*ka3@_KbPCS{PXvjHyh6GOPIen{LcMs4AaN+s0XtR;?$`6=}J> z**)l(XO+fIo^G7>$#E)3YHqSH*0Mr(@m?$1>~DC9ADLMfhd`4>wQ;$zxET@P7T5Fh zGO#+4fU)A^`rBmerbJY-%at>X6FtMkJ}99NA)Uc+k=)Su!0fR5?m?gPMo3{)HOwHo zLS6d)`AK}&bH{GY=k_Zx2786R<`Nd46#&9hr@(p3_OBIV<{!VZG}>lD&Z%=5Hv?Tx zM`YiUH}J>OmqkbR?JmTabqELg+=`8QZnUgyGP*ewtpHVG?k>2UYu1w2>@gX*k9#vh zS^c^YtCV_tDQ%Vob5thGIfKq)YQGzMyED5ry15i79aP-7>e2z~wA{L@E#QsUR59yt zW;zk=cA{u4Z5{IE35|)PRRz*3J5?_GOl1mI!FX1mE+N%ZlYojgE2{UP^9P12)hw1L zI^4fI3CZBgm8wY|vzhJzv~V=^uloZw9oK4I>8#Wq!S?RazVx0|j(sYdZUa#CU%t~6 zQGs)jkdE{>R&jBHuIXVBtp5b}&3zLD41CyC0p0&kteu=Q)L7}2cdL66xPA~wbM@>BhiwjTc9lxOeDIN5Wlv!gNW3VBOBxoZl*RD`zO?eZ*j z;khfhWzt*vqW(jHW%HIt#u`~K-Q7feF8)sK{eu#o5t>3jt+deZpaeWZh)1w~*ga-# zm33F<{6xFv^|bf6dA&f(i>asq!Mj(}^UEIMbED|vhCOvL5N+$w+N_?$%vDFl_m%|Auy6HTfX)MV7vzc%pE|03xc10 zsYz|Nb?Y9QbNwB@O$b>YtUTIA+X3l*CfAp=kO!~CzluztExvm25aIQa4Te$e6b^PrpY z3p1-gDnvR^%;Rf#l_R+i@dM;_I!_L_cNg`sN4k@)J-iZ`U-J8l0F?eV8|*0+5P)n~ zV*O~S^Hx}cW7cmq|MF0)@jx6oKLfqo5_idLGiKp<`Lf>Ar!U5B!#c zH2I+NBkO0#ryrU%XD5vQ4mDbVOG{EHqOKR%rM zY9vfkxSdDkC}mGm2~vySe*)(kweA*gUa8`d(E2D%XPd);2Pg(5d0O%6sQsKOyg`xboYuim*tMSkJ-}eK6 z0SH(`QftdSLHd zo{eEcn}JHiea-sXI6oxZqHRg-bc)Wgv?P)h#ILD_24(eSDW-Y8d62e~Rlg;NIeafL2xvD>su`&c6UcUA;R7C4=#Km5RO;ati?Se{H zR=4H_mYr8s7a2!by{pXGydj}}DqG7warhI9w_Mzx9tx_1e?pc1XGPIV(wt;j$03;hW${+09OP z75cH}b2L}%0$BC761|Fqb6urr>ubdIaW^54=T#_h@wS$SYsr)!)vSUNCA5`8umisX zN^6t1Pskd|bFVUsZ2(*e--h$o-phqOj$ld54JEw3#=oQuy^4@Xd7RU6ri8A|UcFKI zj+IJVnS!sDJw|nT%kREulj5CayQhZz{EcbJAdt6fN+m~RWx1}YCcbnSf)H6Y$ZuK_ zDnHHOT=@(71W+3K^kw)Prx@}>@ZggL@aWrRW#s2XzT%yUrS!IO6d%92IO_^1Gp zUIq}Vn1ziL6?NpMqqksW97tzb{sfgfbxozWI1N*_EbuOPT|1^W4qEMW^Pk+1@^ioy z;-0Q~vWLYL@2Du#8|`gxVD3|cS7PT6jiONU+{=+WjK*NGQRF-sNC~=CIn3Lwx<^In ztoy#?#^4P+O70iO%Ac~T;4!_WtkGg$2))Ri8cmzo6ll(v6m9UkmDiNk6}MlAT#)4{ zbjgRpyF9Hz>ne-de#K}A`nCB{%W=96d)4t)C=*x!y%mP8@!VrsHW;{j5Pu5ZlJ_X; zMp&Qf1h5%eXyAMBK6>Lq82}Da@gV?H*8&vdpB%sJfAjQ_Ad;}g{SU&+Eqh>3Iec+R zmf}v=mM3OnGO!EIcB4~k4B$G{(d)(Q7{#0Ra!jOySiRfi5#QOkG*ojd*M=SGQriST zy_qw=d8R59G=i>eMW7XBmQSpWPSt#JIj}^LzOCKeN|P0XU8N`0SF#M~9WZg?obz$I zB!JLMngRlBtE&61-1lpM;Gyc5@1Q5qK;~`-r#ocZgEtfaMa0`F_6vRiq=|a?VV0&w%%*_F-vE@G)mUI}KupgRM~brS(H;fc#jBw)tk&$-tUafornVw2|J!YCDjh5iQEch= zcH3XsKgi=&fq#*QFNfdw=ZX{B9OnmQHfdLK*4t>y8Qo=m-MtbDij^P8W>>TD`c(Uv zJ@Pw-B2^Hpel%(tB-oyJu+sZuz=tc)SDC_)3!XjPsLEegXk05bD{ zviN_mHPw5-1i9;5tYmi{c1;fNC`WgK36q-Z1MG2?8RqhAxf*#Bc<-i0Gjw^d8bT&s zqLebzu}RMxz09^~Ra++yIEE=sNV)PFE|ln+`bcXUDek3k%AVa*h%Ej08q~S0Zy=Mk zb$rQjkm0VUXqIAR0o|_BNTY2!+(``c==Xx`-y%cL?xgxC^Z4!IHcgrwh5k%AuT*iIuUd8gL;kxwwR4Vv1wmXa+=?11lNeAvJZ{Lt31h z&!;Zs03n7^|NeU~1dsw=c)%q^#J?LQbm${K%Wle1h%f&b7T?a=jZ(Po;8YTh2S7Bu zqR5wrdyc8OoW3E}q zGFU?|!zu1TMDA<(cq{G3U(B+FDux z_5uFD;&1x*RZh_hvF}b+x+cuQ@E++qdKbz&!ztzQG$#F)(p-CVS2)>%J07J{;%Y5W zQ?97D-~Ytalim>ct+>U7n6Xg2k0|oF2S4I>U|o5V1pY@5eo`@i+xgS|W(9i*;v{!c z5H5ay(X((|hg+{!;!`5iGgC2@a1_|uvb}pQs;>tHnrRw_ba#Yz?iiFMUgqw{?PcU0 zb|>pkarcwaX{;cn-2WIB6nO2{&oJ}3`ou}8ttq*w!}+vY9R^{Cx}Bn*TkYI@^i}g6 znk7@FJv&x>^F8wJR(v3Y+h^d``LE#rkbmz=6C5p0{Qw*rdEEh~ZX}WPH9@t4EfxgM zO)eInqS_K(W(SXwtM*i5a}bFlgH>FxB-M_UmAznJ(`O-GeJ{==5(New?yV?nYN0!p z+$U?gk`$T`Tq-zFBz#a;{MX>%qx?u42S>+BH@NW~>zi9c>!afXj?1bd3HdndzML;V zF|{4@hh6!N^2*@6hgWAaZ=*SR3y`XYbzG zW&k=>1nKrhD_Ls?6?;lq&_mJ=aggeN{U0mxYi(Pmqk{u`qSBhOy<`6Eg}dPuiCjF{ zHhn2^>!h(5(F`NJp0P3N>Cn9u?Wp!K0^x|Wn2j?Q8i}s})>Ol~(>D7x?XGx!q^Ji~ zXx-}v?rw_SeU#1L(C8=v)af?6#`ox>!ND0DZPdu{+VxW$&~L3aoRle@J>~B0ywp07 zsrH~a>1IdYcnd9RX!KS3HCR=3wXwgyzX)?Nrn+P_8Q=H&-7a*~)kaQ`zAQ<0><_4! z2EY&0UDwyvC~`{{HPd!n1#j#A+jidawwJ9pJCMPy`Y3rS!OrokoAHiB(v5m20-nov zy9zrFgD;NXN2-YJ zHCP^)<)kOAoDM&~DibGrTb%J)eUvei5LXsX#-q{6;XA7Qs>LhG&OAei%HWPhJu@@< zUGwxR48yhXuE$s(PXT`e$C6U#YyR@++=R(Zf0v8sg9*)?Ll<*_$Al-cNmeupA{vA7 zCScxW)f$VMvivE+v`x~e9fKg8%SoWN3(V)N_N((}z%_VF%yh^BD_@}PP0ao;?A2*y(e=T36G26J6AH8xffh$j#wvnn}lh65}!AJeKH z@2%eqpI$S{RHLY`sr~S?8st*)mNMfFY0;Q^vOPL1wO zCQ{xi0+|Bl242>S7dqRex4tv42W@j0@21tgUJ-d#Ca{Jx>*m7)jTh}*VB0Gf_Jys8 zA!|H5DhEA zhtB&P?cGs=j&q@@S4XZ!s>O(}L(5%nv?^F2Nh{RI0mR0mS521S%F-_Y6_&{YiBos5n zMXPR{t}aShk%+G09>4&#{rK!{UDDTJSvDmjeYTJ8DPT%;S!BTMRxA6zKzveCHOB9qO~(tmddP^@E}kzeZ6z{~XXf{2?$#cgswJxz`q-DK zc{h-;334`kBgL52{zUs8&-smy|CO;EFg^TI8&{d23Ky^)Pi^H(J>LZ?T^OI;bl#~+ zyJB9o$Jkt->U9!UmS?*BYmdc7nn^vp-o0FDWn_5xgP+Hpb<%lpvG*x2DxiHtPrs+k zgTXRh^o`%U=e|6EZI?+egpl6Y(VH`x;I?!#SIbx_Yh*aUnmOR$-RYXGE%9hK-EFaY z{kGER$l4T?IiOOeJDql`RX7zNTIBLE$b2{u9_nrW>|O_zf76ek@Roj_s1wUYJWYCl z(_(~dkIY25D31(_YBq`2aI!QN3>+Y6+gii9`ZxiPfp-_LwvY#y&kvO90WCT?rh4Rf z`&=;f746!@kOCDEB#%#(&*)vJmlVeEu0@Z}y*cj*j}v@Lt$!!H2h&}rjoVlabI(DD zF)^W$_t6RO>b&!iXDH_=g>mH%f)-2OImyDrgb}B#WsI00YS05c+ae%5A zIy`scGe_%K8Vp>@*cUb%?CybI+T5#-_B1L$v(ZA(^6ztEL-PaOHO)vBv5Kjd^kM9)fi9CbZGKm~8tV>LzQ? zj!mR~W}xE1SBpl(@{fC^rfkjkRO-JSLy11sleHa>qvf0LG)Ok}N>6>y8BiOb6en%Z zfiy$V;KLUlA)?0?B@4H1I(`()Dl2)K!cwYF+e7>w$(zeYY>=Hc-SpQ?9Uljl|EFm# z5jzP|GV`gwe~TVps`+dtmTT6Ar_!DBagQT>pHv}8Z95T*x_NHIk% z1fJT|s8~(&Z`lZ~4t%t-9kd3Ckg^QsH9}phui&E^lJy~9KYz?6=7B#d)HxgmfYk`=Gj_8V^ehJd_X?{1I7Nhx?y0OIl zh&)DJ-MxNe=a8&z0bK#4R|o!>Tv83@Zz8|!rA#)8(pR?nU6Wc&-m zSTvh$18cG1kYnU>c9kdx%*?XNA2n`o<_K|+l{i%Ob#Q2*O2R75<429m97tmN#_WdH z%uartQL?*Fd_7qt6ZVX?{Tp*)>v@M7I`O=fNffi~ss*rV+df80>+jB=-OGU76`D5|8=n-(`0uLxjd^q}$PB0_^KE1;uiW zTQ!6BrM=Rp{D=(T(Ll@NWO_$t$){A2dSeq%-^?-hNQT*uGkQm9%J{*oqCq3OKiyFc z%ahKRaZ)|W3WH>&+>x_iAxdjIL%2#c=0GdSrXzg6dhQV*O=RH-n(Iwo3sRnZ%UNVxqVAE=xq5GXwCkb#$17l+ z1@N<|ZvN3rTe&*@*Sb(@!!FvaNd5oA-g^eZxo>UbXP@j;MD$J&Ezu=}G3-Q(Xh9Oa z4AG)R8*Q+ocTu8-i7pXkl+oFGH+pBH2g4X`m@&M!opa7}_J01~{vY4>Yh<{8_pIM4 z*SglVhEpDQT8cD!CKi+j)Zx5+JFRt?uJFp2iXM;F^{g|*M%w?`2(9=Oiw?XWn=0>Kmg9F-w!{)X3vlZAsUz$ZrA(^7Xk=JTCQ(8o!*4Q6gpdbOD9rK!-;64^@@&7z#S9d4GW)d{Z|I>>vfzhr zf&x;Qg7JOKYLFVuaeA`OR{cJqyF{+?4E3e(`e&G1IdPA)(c+mq$zO{r{XEdA`SO)t zTS|}|G1A?O1X)YpjFynw&GsxSH!(KBG{Tl`pE2VcfrxF--7m^6TyrO)Z2& z*g_3lj0-c=d*3922|wTt^Qi7QKDYx}H*|7h7qQULj3g6DebaI}nA!T>>8%q*i!R1t z)#EtLc?7E|P9Q}ryCqpeZQgtn@hhtE6t-dzn|~?rQdY!T+3Qnn_E-=kLF!Fp)tiir zyG7UCasfU#r$O#LC-=^7ooBddGOXHGXBTZ82fswuGR~^sM;`11`zA&w^3wb4t`x8V zS2X1ox^fxWm!_JJ$1ygEOkbLM=jwUE>bYDqo{m| zo5gd@t->JuOBQL@JQMFh52Tx(2~-wG0_u@nH% zWRC&k=g1oU9BHea!NExc-k!*Dl=1Ct`vd6NwCXXTz)F1$Rss|*u_ zM^{;PsaMoU?cPMiJl`R;vHP26lN=89i4J-%3rpI+);L$I+GM>|J3pzKs5x60rBH1k zPG;pecfUf2pn@DhC=mW~(P zCwAJ=IFORH96VJDcT{ZzCuZML3f50)vg5cL2h6TweU~=$y0R z*L*N52fv%D%-4yqy79>@WO`FW+Yk>qZ*=~cCX3CS9I1^u0&_bL`8xIwwdq2*Q+01* z;jcjvY-&O!vX&)}9{AgcrsSNYzD!kP-JDslMt@az`!XE-W9CytPa2DwX>U5mX-KBA zPc63Hct0e|!sn3`K{TcQKrcn`j)$)7aT_tgrMqh!VD25Hlo;tx5)Iy*BpIaM@7%Vg zTV5k1ahNRz-^VY~HJ9{hT!fCe<_yLURw_WGwyI9?+&=5&i!mZ-lo>WWxjnilr zzErhb3{|XC)CI-;VL@U$X>FAI=%nU8QEK?Y3E1<4@o@#@U+l+)F%2HgmUzVr4!7RW zZ<#bwbv}TI8Vv{5GoyYE*b;irw_?tFi&r+|KA~aZ&XK1BCcIIUVWwpx-!JT2ojcKJ z0c!B6lz(wcWn(sps&EF3O&0mr?mh`ow=V*Y6iYodn#HKR5@{1>M~_#>n+?S~jg@@U zEwcMn6H?fkF87RTtAxqq(n^(!lQL-6iG*XD!N#ofZtdKt5Ucb@#2b^`>PI!9D}~}a zY{wcJnfbZ3tnn$avp04gRYnQW1tWmrt%}W=Om$;}H<}xR`Jt0lJ73DGli!S<_E zCTODHacl9hJR4Dh7+0uXK?QUjb(PsIFHYr29scK)E|TjV7q+=tazmOYGfKyclg#$0 zal@mHfJ!$l4(9;UHt6*n!L!)euF`L_=@=^_YsW`&X!L7t7?ByZQ=6I$7JKI~c|Ivq zym*wK>9*+Zi$h@z?0qwMwu*PoBv6$b=d}arTNUd%KK36?{JRW}TMOYc$Na)7i!S8f zImDK`KAD5?FsokmTq|bXNqs%%N~a8)i@8SWWLu}(ZXeky@3ECcHg7bgs>wQ+z<5%gFTTx1=e@a~xX?t~ z83*8)hR=Db-Fh|H%zk%q%bWY$JH4fMR?R}+qY)jRN;PJ}n@rhkOY2Phm~)j`B+(h9 z5+9*sI24oc4JH^un}W$Q^AL@dSV*Z@@0U>%(*oV z*~jd8^}uv|V;QGRd)$dGT<&bn8of-0vwBE_xE8Itjq8KwZq**hS94p^xefzYG6J6@ zoSt2oOWV5Dy#@qZUZnu%o|DoCp2nuHL1y)n%BBr%Q01})nT9dY9CW(RUaM-`bQY4C z3Emm#Jr_D?sm8$SKcDC~A}SpmPkg7XSm+f2VFJ%2;}av$M6%^Ik5_ZgyMR0WrXjgA zwsgBqjt)c~VNa1L{ZqE^4SKaa5T!OvupJ1<#4ZyrkCj|2_vj`?? z8mibQl5%r<<-7w*GJV%knAR|OxuQzSgk)aZZay;9tl^1JC2RoT@cte{VspG{K zu$6A1MvXJI&})vPv|Iu+V1KVN&jlU?Pje2Lc?cGbvO zsL}p+KS|HsqvT!nIa8>K;=zCy2cca-k`&O;_jUViZe71HRBd#m7=s5t&|0avTO1nd zqsGe;h25yJgv-a46H{qGo=5v5LrXRpH=93 zz|qANM|UL97~2F#JkE{@^gi70bgA&}gkNS4IX004`QfD|#f~GSm+D@IB9_`2d>L*{yTuSXbI~wGa9Y!`7Otbmv1c8Di+y zPFTr;dL-Ck?8n%2SZ=z>>!TBL7KT1Bq!^CfRXJfXMrxV7ZhGqvHMSWjS8^^9c95^^ z&H9uGvcN|7N;+>|KV{5x9;Eb3uaQKy^PiD+&yD66@U}zitFbJyFC2>*-Vmi-F`Pz-mf>ARD@KuiLD;ti>n^YKpOZy9O_sELl>_~?3i8D z_A%>HOfq&7I_t(Tlw|Po$*$Ym(Os#hZ=y8LXTBUSF_;-TPFFFH#t zoT(Mt71gMB`_CD%m`E@g9e($N&QwJSwH}z>qHpBcw0((Pr~X<}f=H9FnJ&=C5X{sx zGBIhJos|jfO^j|n*tGVye=Lcz%yaCY)Y@q=1!%OGl1jxZE;;C=PtuC&Tc39&iIaO$ zDfiPpWz!i=%P>|H#HiE#O#Uu?j?3X?4Ku;B)gJFGv>E+qT*}aByLoRI2L0#5N4p4= z9FW_=MJLbq3i(P9I~+(~t&(bG@7}K2JqIo*7ikWzH`fC{A29Vl^00qv^^2rk+B&_O zRE>e9`qhEXNHRX4QH89MhpC@s?3#;EW` zSK@1SV+rx$gfzcn>T8qllbs#rlJS@TCO3b87Gr%roYz=F)7^t zoawDTG-C+e5S@_1RIjVUo|q)WD$}v3mF}XiK<_~Y0BzUAc@^}+e0%~UcxPv3D$fl) zGC~#oj@&7$zXNL^E6J<ICQdKnxt628212P)*ug_sUM zw_Fd&-71u1BV?sJuBMYx-Y#axq*ZX!LCxSkuDZndD3EkEfIHq|aW(=H&(tTF{iW%z z?`TbRWm+U|x<#z)z7UPg@s&#HQE+-#SJwevrzUI26dIf~t!YR4@5RP2f?Lm#R-Vv! z=?PnpRIME#4+(h7vKTO^$?6%=)P(4oeT$#n*hW|BcEwiXC7r9)?O*byl~2ALzj)Ji zELk09VxY!h{ASAJ(ZbfY4&-d7r22RXy@;gZ)2KpU^hXXCx_|BB&2%XRAC;jDRS4Kg zRVOjdtpv01;8TE_fHeKj!Eqrd)W4o=Cbs%BgJ%dLFGj2!0t1FuHlywAaBxT}>bJoC3A9lPHs*yb8t}l-09s+p=#ys|JB=vKn48*Ia(wU)iN;JYq8+QLz=Ixn< zaofxYHfV1!e5O6Xt1W%5rE-B{Fgbjd43y$TD4QHkepEJ1)k)=_XXZblH2EQ%FpN16 zR#hn`I1AI=H!UnYtBpMHjhw6e|7dFuen~c8exs4UoT*?3jBS*^%$cm0Vcuz~xv-FD z3n(BheX((v=u5#Ix>)X%IX6O%v_B;$Czrc@&i|MR(r%oLo+zYVI(;tG>*OXdF@NW! zg|JdtCFo-h)~O}Gx|cepda3TkQMJe9L>AJKMZU^1mcx<5>2x+-;-Xwp;bl$!$QF&+ zYyfuNYEH7G63&WuBbuvaPT1U5JYxAKF=HMl>)sN>c)$&EIz$||U##hawg;jd_1HjB z;**QUjsa&W#GO@L<+->x&`8($AuZ8oBLzB?*YD8VA_sAFlnt_LFo7M190PTRBiqjP zZ>7*0D{2r%L#&rFSJ5Rx#I|hGk5q<<3#`)zE0;w{a zdk*(#p>&U|G_uW)^U~W(IkU7zM~$85q)IL;3rD^z+1bhS9d3JDJ2Dhq+xMl%(&}Fc zp)zU(8SN4w`;HHla9kml`&{u^3ty5RCDsoX04r&ocbvATr0E-^g1UE^ywqs@U*IAKaJNcoti2KGx~ZQ z>)G?Z+^Rb0{mkUf%_Tff!SY$w))DXDSsdR%DWZNl8p&^$PoH5d+E#nnZMs`9T9Uw% zFH)8600^*N06lrZ)S~y)*D<1Ce6Jil!sb@KxMQ~Q{Ru{TbM595>n!J|1Ma*0a`c{w zKp-byr$$-iaI_jn&c^k90FYiQPaYoaJ{cn;fIjH-?4d!u2OJokQ`tf4S7eW*GgBi) zWOcuYHDr7#8PmyRLl!nq%IMhHNA*>`NiX3{D+hAfIb9#!f(|GIYx^w zlh*c{DrI9a+H+__N3Q2;JJqr4O-PX~qtKO$^a^D|UR|5P-X`sN&En#Ieeqtz@7i;0 z8n5AP1Cf0yZi?PnSI1~O9qa~&w0(Vj@n_Ex+=u_l9l3KI_4^=CG@CjH^gd+$VZLEd zuOc(AmV$)xpsAYFq(OmGSvBugTV-gQ6OVeLdq%#*&gAf{g~ykdkDE(#OU6b4h5yw} z$qyAfR-Vt5b|mvlI5USftP%_)A|zSH7S?rWKr!hw+P;I?Ff|#PYP5rFQHxxBMW{0L zsTIdGdVbv8ar5Og-FQ;JbF{_7hXsN(6V47r)o*Ai+wYHjsG1zQg5;~W;IHPPLALPN zsqPnPUF0;@cNL+9nCzYHs@yF+AD;WzYdi`&pBkT1nwl+&c{ZpWFxOliT3?l)VJI~6 zlA|+n{cgH^blLi(q`f`1>WyDpI!mSH?ITLp_eKeMPB@YPp6zch1uXF!pt`l7-Qo1< z<+1d$F9omd2X^{ee?U?wx>r5&wsts5nCy$R^krz)Yz)64IU5vixLvojbGGEdjP^dP z(f?XHG%KOaqD@ZDJHSZJBF|oikhT$CqxUvqUNG)U*LD(i8E0G9@p~Dz!SG13KyV^; z!BNSmWOJyT=BrqzaIvzz`lP}A2CE=uxWCRZRgd+>ek&45J4V_XA1zHcZxxyOvWzBc zdg!ZtotVw3%Msd_C^6s`h_{X2ssS2&v@|Ov+#u8%nng8%prgeb|L<1dPoB|_wD(}Q zF8~^4V0kn5W^Q429nTHjkSfJN0O`taHB79AFiL zsOF<8n>Nh{P+<@2*%E>HTPmB7K#!`bYhwa4RQc74eoc~Yk&Vwk=ADpIm~=KagU>Ty6>W&Mj};;j`Cf3th4TW}xoh&RF?H?A|t0c5#5 zn-Nm-l;{QW zUVDxpitDY~gn_uWrBI1Ra-aJKcfdlbITeFKWapH!y`4QpS-XpGylwwr-V45(@{Fc} z5~99rpVc7Ga`i(geT5ZM`?vOp**D@C@jk_)ORiUIxvJIEx!z;RVyDQy{pce87HO&@ z&c2mr4R7jabdI#;a}Mj({a%(%8jhAs&VN8oBK?q_&L*NYqZHbo3c6l|WvYD%wIv@c znc3h)SPJyn+wke=Lh1{(o>UFdAc^*|eHIqe6$F}UuM$At$lG-t|=y57? zv4Jo3woa7L|Gq^pvs}r(C*1Rs2QHNA=p~QKz33;aHAm#y*#M9YD0N1aX2FFLAB8WU zE|gVv=^!E*JfpT7L=$c?ysyOhyp>vAv$Pq!kEWtS9r&=%c`94=4=a~u>Jw)evo=oS zT@OC&=)M$A*>HS=t-OUwzC{}9vo!xal03y}l90!3cFCHRVZ08Bbk?%mGjdZ zBMet0FZr~2%{%}*DK7}HZ-DKmAfA$^@bPCk>c{yX3hn><`Tvji^YZ3j=%h~pg4_SC zgk_bOx{kn7kzL-z-gkp<#82Hz=cgtn3}iBI+Zi{>meuLRP9-_o+TJ)VDJfa%1E2b% z?BlRUO$&-#@o{6*(~KSVeOxGKdwVjm9zJ2cQ82q+pH3KIk$2N{lDJIz%xZ^op~}tA z=SjjLmv?+Jz0?8UEz)dcd}{jB=zqGQj&}vigFN)^Vp{WFt+KN<&Sr}@xH6|0AFS53 z24*i`qgFIr7-x<5cBgET0GXpty71FXFN^iWxQ`c`3GBACgD+H3ZPUF=3!fS z>mOW{+6-=+P54E!qn<*oqrT7CsVix>1GEr1Hd7}9Bh zx$k+xc+H8h%UT1^f4}ecwA?o1{RJ7P8%@OB21%FY4s&71r}F9Tf?LW%6jJl%2OB8L zhWE?sGX^t&P_+J z`NL#OS(K|#V7>hxK{cC}#}B)nGWGeG6{*SCnI?-b(p$~v?TdX-k+J%6u~l3axl-?6qEpoJ%^*r#kB<fU|Iy}^O-}X)U@{JBu$JFjZL;LNVl~~Y_ zCiv(j=y=+4C(S17rnlVd(kZh5KU-`EjTX6O?df`kf|1jGFcDKJX+J4Q+-s+7uT1*E zV99;4UDkrMFRkM}4BF5Y6B+0XzDa|L5^3g7vsX>%Q~Qf|&(SIJa*McX63uOD*;h^s zwcHqzzktnE+37wph^8-P6mK~{DsvpkQG)PMcA)@~Z71Bc5ac&=hIU!vf?($NvC(85P3L;PJjS;hW2HcRpBN>rWDQ8~N!8hAAb3C>u zX8^4(ngN;tI&#)%nm(P-Ol5$4j6joiJvpy+MRxDiGD>5XIj`XXClLqU`{PQsTvx&r zr(7toN?=qWgh8hWSfYzI{>)f{it6^cQf}>wNo{H z)&brckpKMm_5S#@GeeCL#K@J(GjG{uzHT0S0&pCC!vH$HNSVQ}%{$0B%%U%r!eiP` zu?~+8kY^R@#<{UdbmO4gQ)QG#raqhbAHuYQZYs#m=Ij7oKX_$#+EI~p)Gmxod#pf% ztc$9E(uG$m%b~30+^4yvW2sNu`!Fr{46y1jX(c(2g=cLru4@e+=ijyI14Lg?VI!K+ zQcfyW=`gN-UN>%KZ`!fidNAEQDP9vD(JA}MW75D|;`z@s?SBBd8`=VZ69^V-6XukP z6?GJSJ6+eY%P!JA0yP%XMmnR}V~g9#+ZvZQv>2Y963it39RO?wB`1q%cjtbzhWW2O<6fctyF zam9ME(Hn|i@Vvefa@AsVn$#|wuV?1>D9^*){nwRFPaa64F?7ZXQb+|#vL51OSQ_VXH;|7>k)@^??qb(FPtbLcA z8E}4jx}gD#Z~-15;{A)E-?lWKlGCk`=PmyIkayJSq8X$hqTbVKha)N+A@1bNrHsmj zSw3$?lSTDJ-#^>%R$`3^gD5bgz!n=cDB-qR&UJvt+kGYxWsB|QgOjVwL+&ET!U>G> zs|_RVRK7_|X=;ZtEBMEyyMR6127UY?zsc&-eemgVPVCjUTL2L(esAymCm%2RQxCl}R8PDy*X!f>xFm~;g5O~D8C82lmFj3)) z+dY@OL-~WgZ`?lY{Y=lAzG$6b1`XN#h|5Vtzam)dA)fumN>9GZ9Oz%9j646lzi4d1 zcf0F`GMO^P`W;@%E^<)Z9bPKlTPQZypc@coMAY?z&6JiiE77c2`SX+VgX=+WmpdYs zo`W#!xK#ObT%04}aI;m`qK3A60TC6!z5atTs{hbxV<@xL-4N+u@XSVv29z>Q(JAIp zb(9D{yT|GnmaP;}v<)hswo(EJS+1)+!;;nv2+>dcm5}z(7wf?^nm1NpoB1h$I1eBR z+kijmBmv%)HChyEF2>%a!LD-328=K))oDb>vAtw8!Wi#cUcDUK5Kkdk+!@TTh#Cuf zDnHkqcbdhZ_vdRcQzT`v#gxr2drXY-lWvGj#@-114&IIMXCe zEeWA%?R2_b{axEWGHbAGChf3_#^d8giqh2QPJ%9RH$!eJvX&{ZFg{(B-#_!#Sk;D4 z;pBYON1L1(HIoX-@p6==Sq~h2=76Z61&gcQZ~FRc-{n{6{6_dlS^CNssiUZ2Y^T*a z*heJi)Trs@x(<7q8d&Gj^!)&tg}8xyh2Q=Y?8%wvoPp7^du%ro>c$!TfSJOphJBf~ z+}d?l73t~0@;d%cQm&4`d_)RV8|OzS5XYNQQ+y&*V-+rB{p@`?u3|qe%{8i{lMFp` zb?2+N8{ALB-+!Ran?HrVOm}~=lcCV}(*f7=ngte&05_R)Hs`?*28=Bz|MS;jE^o&6 zNg_URa5GbPa{ZHmBdcio#gqY+RvYQ$tnI|OV)Lw~!JPBXxxK?(?}+YLJa$;X=I&8} z+$O-yZi!Y2GWUpMJm|U)%4`5V;{x zrQM8O^GE+X`2HNcrS3J}ioz^gFIAWTvl=kYWMV~BVx3YuOjG~&=+4_@A37bCf)A&; z9E%tlP`YneUkJB+*LS#|#4^>Yd-*+(+K48iW{2?eWC?|~V(}FL`L11=nW+WrFKccH zN{=D8jyZmQ-D9wDELBUPRtUT>aQZ6NWyxzLYJ1^u^0g%N6eYg)eDJd?{2&lYM$j9_ z>(8wbWkmn91Fc(fahkB9O1A_K5lhrZ5m5887mm0m9Wm&9<~C+zdh!X{60o-AfeIKQ zKJjmqKgE|`VEqDSu?RE*rHY3gjlNcNhF5!;E^VZzo~L24)3;jq3?fHwtryoiD2|*R zADRH1hAiUH_O$W8jlPHb-yq8ukv^gCbi(ZP!qm#NLR{+t&uws(pG_521*egi(?R8dzUr^bp-4WG|l75sOaoKfgsV9!KpqW)bF$jFb?Z7ilpB?T2w8mI4Hr zH~bbs#RwrTy|yuDMoIni?pn1>;qZkgO_2*JEM_i^Cw^(jeXNFvchh;nAw7+&pWq9A z^pr1pFdM1Wlz?pCDDcvJU$yK?rGyUg;vnl{8u2q@ZYe})7w-8ky0NVF(Z{x=V4sf2 z(jD`i`we#Tr|bT^jJU+B5<&q%F+$Ee99Ruvh- zIm+Ngi#eito@?iiKTX@83hTM+@#4CQNNRKX(?(KB-(y`l3f5^|%)8;AutfYg=m) z4-6he8;A~tFA~Px%zi&6`DQgxmXVkXiyWR9HNhAn2`{JN;z#^uXBq$AL98PE^X$Nc zJ0UcrXIZJ=LV+&}H#BEVx!H-+>Od`JU1dMuedgePlUCF4wXUd?zf4!wOI^~1jL%pkFkpw-~7S<+_T|E3x zlgk*zzF6{#L>Ifl+fPnkli^jmQ=CBr>#)k2TkNMc9vxOerm!*5e7t>Iw zHF^7gjUT&IasB72$iHE@+Yl#m-?)Q}?4z0i>);x`)@zZin?a&I&{fU}a43RT*OE(P zg+#3x6e_)=a{ZHplc3!(DKRgrhGG0k5+8hYTlg!V&4UY;LrgfFm!^F*qoxF46gXnm zhOFk2P3}9YS`hd=O(5LJoY%|nP>#N_#Y)ckRF0vgyY8f^sRoSv7_~5FBW)_OMRV;n z47a!)OgQ!FBt4K9vD$d^`=5W|g8xjN?zsA-X{#A)2g4oCj5MxkgqVx&Ev|0SW{88= zlxVA7>6F4glNQe9&Gtznoj?7`3eC?K6`sp>IdQJ4a5qiuN}<=%zHQE>35Sa0 zN6o9;4~ZJNuEOJ&d>OPi!*f1StsW+O-jh%#_zk1qb4eKgtHkJ7QUQu50NpPd9msEQ z9dQt56ACt=Yq$7?iRRlom7dnmsC}wH;73>dWcg{N8;H-)O#iyTk1IX^P+7Et$u()z6xK#-YzUyY!^IZadk;M@$mH~RY_rmk$t$%&|emyfYc$^YU zL|0EQrEJ>|s@=7Xtf|?s^vMts5?Xp>w>p-*;g-)vPz?aHd(`?gg&|z^0}Np$%umKWzSOb${jxp%Or1Rfiav zoTOK$lCqeuy-N|)8AAaK-Ldrfrn5X?D1WPq{GVmTBQ=h~WQ;{L*SmA~OPc6a@2G2fy&~$*4?aC8=aA$~FhC0q6 zh2%{M9C2y}a4l8l-DQcPk0|6%!1kvdlG^}je_PKVRo^4)-b+7~xi-p^Vr)_P$u*KR zCQnMt^x66X9g^Po6ZrL}|6S~r{+;z|bOY{5ea3w!_L0yUHR+c6_X^U4-w0$Pjpm7b zTF6Y0=Q=S2@pQ&3`lKo2VPh9-4!rSL&c{LOT~Bvo-PwMBP+EJ_RIaRFp{%3tMQ<)g z#}+VYkLdAKh&ng_eWU=-SBjD&3J!3uQO1ZNAn7)MW8FBo*eryvZ^TtNJrk?J zA=F0SF~FTmVa-2hO8*OoPGF&DWW0Wx^+sqXfE+-$Rbs0yF%q~+U1t=-^~&}bPI9Wg z1_2r=NBz6Jaqj5ecAOKVz^diY2W8{FI#mVsvJ??BCp{C7kA4S(QrX}wNYRH466ZDL z+m0g~rKa%IB-}%E#3~6&6PBq6h}PvhF4R9t;?Arc&u7hX-17B3%&4e(zwGt|+(%@k zqKuCPph#O9UiETdsNzAD*8E16?~qd?uB+TFQoN(}upU#aDEML z)6DQ+j^c*cr!QV^0?iFK4uW$Ro$5Dv8vvdDb}o^&fp>1)PP4Vr6`t6|J?8ch##8~P zf5s2d9dvHr-EBInLHn}|P%jVP*4r9pUkg`}!;i0J`48jM)6-#SS!9N^X>2|2{6#Ws z_5!G210xP_-5eVf8D31$Yyldw0fV1L38iamN=YRoh$ z`rG`kkf~U-?$jXj0F9|Gd;694n`7N`pUL(1>vTe=7^R$&?w78f*S9HHb5mq)1#d`#hH z6BAa?y+oE8fOW%I6ktuZQuFT=7Ws3*eKgc{M zCE^o{0pU7m9LI~aTW`2ohP$#Z;Bz@h{IU-s#qFm`Dg5wa76b2&&fNsrE!XPb^ip5K z#R?<<{O!6#)hzbU1h&RRvaWPK{&A&%)^3%CAu)R8OgWC-@nTb+#K$6L5qyc9a7ylI z-yX9Cs`%qs`?3%dbsM-JGV@*A&FtG#l|wQQl9nDf0(h?s#<(5;bsXkvU5+p7_Nv}b zCvKTP;P+kyo*fAOHv#X4*u3=p0UmlcsxE5Y+bHRDNk>D`7ouwO(b*rm&`V)WOHAu;1+d0kOr+=SaJ)2UjqfZ%>wxk(N%Ct71+S*!FF& zASA+5liGi6zn2pSbeoWuAZ<&=jrNTJ2~<^znZI<$XKWO`Pz8X(g&y0{NW{3fpkOaz z}yWJIG;J)a+F$3sVFj)+T6~g^xSfe%$o;3jv^Xp0k{vYkJa=P%kTtUCQ=9Vzv z&US8OJ%GFYyE?cu{68BY9k&^ynbaww>C`#ty~V(yTGRP%^Df;XxpU9j6(Kl=_7$KR zKv6*EGSBbxBRedxH|X?zb|Aua%EWU`gQl<4u)0sU{s&hv(9uHl7*$$ph`trIwcVJp zfm7faU$TP2v^#d$ViCDQTQ5?)IyxKczXy^5XltCR3@X+_iq`Vp?X_Nf^9ul}#<^g- zM+XIdO_Z?Yh6k5ESn(=rsWUH8b_N6Tg5M~CH8o#x@gHdr^vaoX5r%qRSHbA*4JrW z{JxEI#<{X;NLlqIy(4GyfZcw!5iXx%HVx9v` zU98vG3hp4J-(uUyM9A0aJVc8{M@3VBzRV$&M5Lrxylt5KvgK=trZ(KSi%a$6-3!_N zzbJl@dtO3kdgQzmWDS^FP73a8xmOaeRt8U{a{DW?Sd%rp_v)fXJzADlGNwYww7syn zPK~-|fgb?@TI3dYqEb_NQk7~Jphlu^fiS@cWrHjNHu%lBPFxlpj^szVyc@@v$T}hK zB$}wQ(s=?6$?FQ&EyLtSp?yvJTA%=lj=Ga zb*_^P8{K3;eFNAauM+;2%7y^&m#E+emghYh^b7^$1=j(zui=I+&{IhTJE=nwy!;fw z&|5AJtk)=xz?mnQ-PU`pFmC|F!(4)gJ$&reR48MM>$GLw>|=l*WKm~b9;SD!xS`P^ zW;(5UL_}Z6pJ$`rhFr%3|<#Cl7yWibwp)>{5>!X18X4$uc`(PN`Xf49-;2F$d zE?$FTfpU6Pakx$}X_-lbj6t{x=nsb>#w6E=J0fU;T-JfE09A;zq91_>T>M`vV}XWi zUu9Ywu!mw|gl#m%U_TlYD`%3edIpJ_fphYlCzIMUcNB zd*~3LDd5-@&9s#Dm{E!m=-=WTxcZ2(oEDu7#Su$*WAL?xg3|h}ujb2M7j+fwH-J&( z@C98Uko$^`6{$F^N4c7YiDR<%x%XkFoA|hZGt0{^e=1FE=L(Zns{LVR1;)6|*rGXH zLk9GfkC{=#{2Or9Kndw!YH^)7@+6U);bpI8Y!7UQ?&Uscx0%BK)6J`FdhP!}Peh{MF zo)Dwou^uVisd;x60<6DzLOdLcYs(e3v@WDVXg0=m3`OiCH6-JT%GKU^HxcFYNTvV0ctD(GoQ zu$XedeE2fI{H(Pp(1h{s)K8Nqs1g~ilOTLF>o3pJfC0Z(tyOI=a@cn`p)PE017d*R zs5QSkB8PHnQ{mp%PNpK^GKMoB?7K%)+im zatMX-W4%+^*}Kay7#z&h@`o2Fj|M)qN_2}CHJUf);?={_Y<7IU?LpOKqq;u}?WU=W-a+tV?c{_-Ht-$G zeVTlLG96zjkU5;FyR9Ak9FY4L_S&8Xcov`}kNx%Ux9~rB)4%@bpVs^T6czt(l$ZqC z$w}(GLW#ZlGMUKw`uel&uCA`~X(KZ;j$MPjwXHG%71HD+uqK`>#;4=x#JEWqP_4VM z*_^7Lj^?9|fRQVz$2~DJ-ZWBEQ|rkUCLR0k%d-0&Rw0qdJ9EU}WVlM2n!rhX*Q}aK z@e%unX-EMD8LpW6>gsAv`qMnOwM8Q8V?~vcpCVJ7hF{k@DMt|Bkt2VeF6XVj#l6VU zr7Y*op6J`>5);?IF+7K#N^q}TgR98Z{FlT1Sas{J6XO!Sr;pkB@uMfj za)cr1*TnXi1fVT1ljNch)cdFHVn;BgbLP$>QzJj=l2}aE`|49lyJAsm4rFR-*2a#8&W{ZU4sL*uo!N z>|%{39F-g1phYuOF5AB9N;OKJv?sk^cj!8lw_?=+>}V;-cx?SmurRj_8}5)&;Z5IgCjAi z@Ii2y*yCC(Q10(oe0`DPz8^J6W${79JDMANg)7swqd*W}rNP!0uMDrX=sMBlma@9z z@#Bi4FMN~Is%RU*ug2;eCO&@fxTAn#G(zE`NDICRa#`LXObe)}Z+*~Yf~#rarTOAy z#`D31CurNL6`z1Q9R?Q^-AdFc7yD^~`@J6dIGF$c1`IN&oZ8C&AWj-N&$x860SiyO za!QP9gq@$8+wL)s1<5pcVv#_ZFpKDBx9?98L3OvC?YUMht>3^q(R<5nCS{u_W@RWP zEk()-uhkKT?kSQkbC9W|_7B;mfHvY3X5cH3!LR(5#GQ<~y5kGCqp1viYzjZ~3W#_j zW3?%<$@py1X3G~`n)-yFJ?>naQa4J>C0{E`lLd3TVZZM|yYCZb4{#`pOP+5QD#ff9 zk2r;$G)*PuwF}858lOi08Uj6lYBq`8DgiRU$_zoqE}b$ zIVqdJ-Xj31S7ihZU#M%UTArot3woNXiNVuAruhhy&dHG&wx7zE%GRMU{-pUzIKid; zS8Wc72%o$L+pse~;_=$b$h9MZZ4m4k9?@-3LX<=?~SKR^GZ52aaOweGNhgConwuUbCfHLr1f)xjqj{=JMMyv# z=^>Dme%W6N;|Mj;;LCK^8OF?19(0lKl(TH?_lwl%YD#zd?`E>Lc><6d z%_zsR+I4dTG+ttQm&~!bN*k?kjdK9+quz3L=kUPRZ)zs~POt;k}+_ zg8^`fn#+Rx@E7i|bN{0WJ!mJL-tVI3XA4xUXGGD?wyDs?K ze*vj{P;>C%u)%V;y>S zg8P%92{6%U_nCs?v;n8}_mU;oVuSix6gC_JNm;e~JPxdn~kvpra1*Ws$R2LZdAhqbl-C>zBCR8(T0WijH7Eq(!wte7|^t;P$H6s=h zQTcY_t9jsyp=}ztf4!X|OI0TcI4>{(vFv?8FQ|VfT5L9#J#<(@YJqm3=sE{Xw1X#8 zEX#MdE?d~`HS3(~_q+$^r(*ChiK0_))R1MrX5@0VrA0q7%a9$?Mh zIg%58NVW zqxV}Fe~fKBXmeszCx?lIMAY72o{wf`Iai z{HU(`#*@abJ5Mq7EEZQb&4m+zl0QgEWNh?{d(Ki)h zOyoOqIjR&gj2DV>gb{Uxlu7x{d1BZ4K5VR*r%*Mdh{E{sK!yG*_f77|dLUA){7Hp0 z*}}08bC5rRi>xyxIska&Y3^Q8ly?X52}_bC-^5i0<2wVQA_^cmVfb}bnfc{|-jArl zzd{wUk(p|kU`QBcnV7O@%w_FN&bbSmSu;b**;LeARLK;E>wKrqh6h10H$rc!3~65g z+~(U2ZlYdAQPOR6?Ohu8q04*eY>zOoHrA!0$IFQFfy%7MeYX!ne3xC1rcz~7AEZiQ z&LC3MDzgYs{L|t2{~C} z!pK&3Stk3)GWKY(7qVqvGug6}!C1mH24nZV=A83>f6n{;`TPUl+xPoRKU6ZVUa#wV zUXSPf@p$Gll0z@6^X^8J&U-|B6&LB3s97od7SPs-fhHerRW_V#j;PL-SV3hID^x7N ztV14^j$X+zM0+w(Q3&f93)opP?XU;F@c;7>5Sz2Lwyw9%w!Z(~ssY}RLo<;5_U)Aw z`KAeL%2xn(p3C?+r(g$-fU1XU$!p>N#Bc81QlvdK8@6zgG$9b<)7;W{p_JVne#{r`~)V;Xd zvX%{Iv0mNi9&dbPD-H{W?n488y&ww7i?plOQ*KWMNa0@<`}s^;^u^m^SUNzCROiGt zkKh=YTA=}J$v-NbznH~)c*3brS_)63jLU>9IAb0_Wo{nLO9XK0#sZGFGha7_H6u*j zPbPT;4BORZ$}ruSPqqqewN;lV(3BPgsWkmAxio>uw|@1cRaRw6#*+h(V;Ia;jG-br z!c!4`@Wz#gCCsSV&0}L&@1jJrQu|lZdy)R|=m>C`79Y!X?%J&?#68}P642oEbSRbj z18{NPCJ|-koR!>b=sI5hcIrG{H({RG$@ zS0Fj`es3)L%{N}So5M<=gW)Pp{f|=N+mE&7SzElGi(+m5Q?cYZ2Mm|IP`in_AF`D| zm{wltA*GA2+!th!qG9WZKBG(LIaHz+T4v?9nP`FhdVLE($#Z&wwx3CXOQk?2vAz`> z)2YHg;z$NMPJO00I!075tk~zaV+O#PN8E;u-DAP5?L?B1aWTh8UO%s%KA$7{aTb; zc%zY*i)5bzaR7l#7 zp{4c!#mNs6bWY>T!G=)w-y4F1xXm?d&tK-SuF{d;emmOGR#&+#&=U=~L_jr>v9!nt z-zYZvG=Ql}^CY*!ydh^ZddmYwoYfRy~p~o3FVQdy~R)_1!%&A*9 z5to?r&&?nG3R6DOd=eQf$rBJ(-J~zH+Y*a3P(FAHMJ^t%NgCN{DY`J0r4+?Me_rP6 z&1PRbL@uUA2=2it>Tys7mvMon70miwNSCvXnm{^D0|jWdL@NAQxLX})tqEXD<8hd( zH&^kyQg5I&&^L?alvv-c5BEP_X;6r&!svny)Z?j}_ygNR$Dr9`SkMIUo$f>&PGGVF zfaGkk7?f(Ai!?~zc2J39e6wBTmiQlu<&ZTh&fEDMDh%Z}`(aVz`9Ti@ZKT4shBRuw zBSI#%4{HUxOk9DiY%|O(e8!#$X2xUxh7AY7?`Qy!7r>v)`10cs4(uddU|wB^sqA~J zVw7|D$icFnOgXJyG=AGNVKXT=A)*jjMWJPxh8;arZyZrPJ78rbi%BsuJYARAa8&;l zFq11H>*-2SXw)3pHy5;BgdqrsqRUnl&?RtD-DEiqcwwS7xTza?B z#NcDo-&y!WTkT>@Z;Vf4FheQGHL;^iDJ!gV#S_CD8PY~!FAuN`?Uqzzmy1eVT+4%1Sl6dm# zG6-xgzRjGuxg8HHoOO1Ku58~ogipm#a0tVUr|Js1pgmU$FMWhfzf1CU?H;FqVY&fd zhkgnYrNBLy6TIVd*n4p7KhAk@_XG`^yqTh^>Yx`vFYq+zHzuJDGJ0vUeUTB*T5rD0r;uS_0{@Nv;sS)~FinjH60%BNkPoDjFLEBX74!Jppe9wpT z_zb$5P5S4%N)-ytfuSkXa_m1I9V!{YJA=o_Hk8R)fF}8x_a{~y|GI-XsWvB3)Re$* zQ6^V0=7M&Z>3@;%0N)TYU(s!Xs;;iC+St5)>M6WaB)nF=ZZ6c%LN|K2A_zWk!+%wL zfVa@9G7E3BrnZ)gy?a^nSp<27B1Ca!wxqET&Y`|OBk6nqpGf?dCa3~_K=Gan86Si1 z-FCVn!2Y(AJWKYiWc5}|z09W*m)m^l|NMgN6J{toz5ttcL!VAu&&qKCn7L2I>AE?(Y`L-+#gIVv0_X{SWYWE(B@*&$%9+^>0?_ zYucE?>q`7{r7&E6k2e9N?-CD~Ik;?c#l0Jw_)sYZn!&(ESHQ!qxw_L!v z^h0mry|NEAU)LZZj&@$+^N9HbZr4&6djpzMZCyWGnk{>0e(Z0!iTYjfKAL~CNyg|_ zBqDbtcPS}V#SKw-QwgI}*S>x)e8$;k7LYPFnLUuevtAubFuAqtXm?scxv`vgeO>O(!Z>#t)b0mVaWmvZnz=Dc|!BvPv>W!lLdh2R;WY2+wF5xw_jU`ac9Cucm1Lx zw8bG(6x%tY-P0jr_}y%&+kDyijUh;lXD?UJqqzgj^`nsLEs*HZUu*d_Z)C)(((tR;9h*q(VYAo ze%U-r38aw(m5r|pfx}U$sN6aLssMMQ`gob0PI#*aa0q;I9LV>rY5B2ie>S^#%E6Vk z5AOVpoycbA%^SdP-h%@l$HldN$KId5B~#4pQT#Sv`<{SykO17oe5aPdfaa07$^=iN z_0pzUEl+FcEu+yOndCEHvsr@*tq8`omNUI?`n|(N_|(LSnP2n514-&`>jz-t{GZlA z=qoC~AKZBDi{TepvvT`r-hh1)mCu-uPQ(IHX^Yw=jDJxk_L~V`(2HG&v>0RgY{*kx zZeSp}+*PwQV;{yX=~7|+(E7`_OSa~~PP7Ho1Ofv+{+sZohyl+!@CAhAzQ+R2;+>J^f7*}%!xFidoQ(ZIvQV^QdUTzxU08#agx z3LQ?kgq!{K`g6|#X!Sc|eb==+n#}=D@tVqX4U%^<6^rX6ItCUml|Dkt&&9Tx_nCsu zN?yR+pTyEtdhz~nje9_RSRcvVK>>D(xpt0HFiG8eckSTfK{Jzb z1ps(xO(HPBeOaiNB6$&`H@9b2ca?w)(kR1UG8wK(_@;MZw>hSi>aPmw zo;Fa2Q)-i2GL`UBd=f(1#}mO!vnOZJvp?_dOy2oNb>wTsa}JCeq0v0nBEmGDL+S;4@&IKb zhmoF$H{b!S!`WM(DFX{}l7m^;DO#CVzF}wQnH?cA<}go;PfR01e8PO)$JQS(SXryv zX;q_YR*KTAvBXk8#zm>pTIXFg^O)A=L26UDej3i$#lqpuWoi(g`{E_;tSQ__m50l& z=OS;|zhG|g(=#3i#jDMi5=^8~qY|iKW^F& zl{32_oRKOpl~g%vH```1k!eHA5Zd+foalOKMC%a4#r{Gx48P-Y#XF-i;xs{=N0AmyoCoOUVkFi8C>`6g0gxPMwS3umZx}OoLR!7y&CE+0J zyrE^R#3m>m2xc=P@Tejn$%if&z$g`1hkONIb`ARnjT2)3KXg@~;JE#>Ms18-YI zwvD(O&v`$$ftY6rHUKtfm~NdzifA7{hqWs5)%@T3YtxM{hHg1?R9%@mE8y+hx2kZ> zlXUf%TMgT-5`i->MoXT|s8W%;RX}i^#@SJUJ*us0Nl7=U~|+?yo&bBtw) zx19*3Esa1f7yi{Pptcg~fP&vRXZ_}^A3_EP6cGn*8J7xb$;glh5Ev1jp>~+R%d&OS zulK?koE}}5-vm2oT6hfI*`gY(c~!swkyCyuU_{PcR1!-l!zQPwAIQ1HIX4BL-YIM6 z^-BAiB6TSthX}b*(OrcS9|BIqAlNLqWn{$hDS$VF{iC?9Um0{*f#V?3gEO1}bp5n= z3DGu!;B!PzA|TEy*7qwO89~?t#mV|Sy8K=Bo8KSozy^fvFbag=(rVaN8@FpP%qSH0 zfS%wkZ7k0>l5Bk_Glzvu}1XXNo5?8*^ok_Q^pi zs`bQg-c*xsZ{B2$SC~5wcbMEd@Gyr#5?VXHoN7GZcui0^vK7LHF`!;mp=Kgzqo89U zq^30y-9m8T90kV%pRVv&jup>9Xyc2*RwZXdoHaewO>Xn%+(FIj_N_ zH#iDks)-E`D$wF9_VZ#aUQ*Ut^q#(nFa_?+Hbx3YKI&Ld=ic)ywWB)vS-YrkpDt)+ zR0Lx85&D|0r0qaJ)U|$yRDQfNT|{-R1mL2aps}dpn`*!&Y;ahoveIwMah4{Q2+!sV zVk{E5qfaTDIb zDK8wq^qz}iifI)}7aE63L!~;9h!^SCR-jG3HY%8>QDJ~w4dc~wdA8llsT)HlUUhyY zN-$lNaCUQY|Hm@nYz+!(3^i;+^Se@=*Ha02h)hgO4i+QO0*JyLTmYZv0m|wT2Qmz9 zNT3S*R14+`mmv0}vu!`)PQpT$x%FGaq(heG=nJ0KeY9Nygb0gU6$bKl7;amZFiDKY zil^-`^Qx^m%XIWbtVxDctG=M8oe|XttPyfr13oWe&_Jvq!l`)2xm^N*!>%KTKZ?cV zkJYh{S$YKi@`#-ck}=pXNeI$Nokts|0|0SQQ^NCwI=*9Zxs9w?i6URV|NU;Zsrwpn z*u+_1DBTOS5I2VzKyN}hM9=~uFP_du%MiSFnSX-Kv$Qk*67BIINeBz%HijdiX6^IO zrkG1TXL?v<%qF0~$DBN((%j3v%o@2h+B)lu*svC~0HSW=w%|cl7+=}Z*7V^6e@aa1 zC5TSTML3}!1Sl}C*ILM=h|CI~ag4%Yaq1RrxS}gP5?v^{Y3J4=5nWEtN2OAo?Yetb z0S6u;%@|a4M9^hTAJT#Vj1n~zeT_Z~;A)a9g0?+T>Fygo^IeGoXw-z%-5AN1C@!UE zPi6l=Q(T7L-VxvrdI|rfE7~O(zF1>cEB*}PE~x`-3iQi|gdLKESg`dl#$&4XF!!HewnxGJ~VCKgx7 z4d9CR^c8E#6Z5#)ZjLWd7{h~fy4-+?0X}bt!pfIyG4H4sp3uk8DO3gvfdP1CpU=wH z08j0em6hE-wEx-u{hgc2JDmni0-!Ko{~dPM7BZBVmRE6ho|d=yI1INdUpO=!7dHFp%n_f))RNxB>zNtB>Wq@ zX^(KmY4w1JcB7{&pWN7jugT~aG%LYiRS-0>W9F7(G9^W52AW);#ihw)&yfGU-fyo- zUl1Rs#kt!RlLHW4;ehwNju@>dG#rGMFbzccV)@7H7g*czeKe(`r!`WeCfl16&3Llf z&Gzelc;Cf1)mm+IdfhHTE-oz1?8%xfAWnk>#jye&=(q+`9$3;)?DQ>f9eZ{5% zC6;0G6bOMKWi1zI=-PQk+j?Jb{v4)dYe9R=%1ZZe$>^iRSrmdnl~)TY(U3!H!9L|N zA@TNar9t77suhhz7ox7}vhLy|hs^5&s7R+mKGd{8jiC4Rsn>YKHl21c_=g zX^r>M7KcsvHkvmjQ2D?>mLL%=Z+cF3Z@l{o(6H_M9kFtDF&NS1ZDby_b>f=vywNmo< z<<4A&yycXh@K{oABQsXC$d~^g3&U(Hi@ePf+1|@5Lk~5AUW5va_yswt^0obLN`JD; zT6U-RVoy9cuY;d;~28B(^)aHxRFlv?Ca8X_F z0?}2&mOjoXMrN8*Fqp-opd5m%WsEyS6Qb4faG24r^~OwjLz$hY9>j2SNK{Y*^ z4OiIJe6F<-yC#v8>2YEMhMM>!V9{4FO0P%)>?tKJxi zjbsazs7UFN)mg+FF*|7eqc8_?qnK;!OP3BBb!`%|<=+MheDbwEo4TdOS+m{Ak zUdA)4#nayjaGz_C{}82sA&h#v5^MbRCDYoCLnvfYY@)p5=aM<>?Edw6MJAJ0y-VtT z%eL^U8N8z<+(pwn)x~U^^f>%8U#jTNlz1_VTa|Ir@LYLwn7oTE%k+551+rp*o*&*P zz_*rEmZ9k+Gse8y&#x{wCYXU9+PlHEDS}hl;fvfuVU?nHD|BABH*Pm&uKN%0`Poka z5YJpGeRwJ#9pO_nWw7QL|B=oAON#$LBjJEO#u(6e>Vhmqz?S!YY>cbFIxa(3Sj|#6zI1GC?A7r1@AgAO zLm*kH(LYaYM~sy%(!Exg*QmGKaH{)ReX^sYV=2fdd$mwn%f!IIFmsF3(&y;1mb_am zI!wCb5_*^~@){0Ac;hN({mAZoky{;PX%m=xouucXZwp zQvUpJC|Jc}9VLFY`8umP0axrbz@!!s5n8pvlL*6MGPAQ`rELB50MnEMn&{leXcx}H zFI22eTwFZm%oZu#u|U>%k4i^b<#w@SIg5OS|MRS%CY@>iMmR&aFShKCOKkP)`3+owEq3q>(+o^mOxnl=qP7b%`sIjHvYWKRT z1)7Gs&ySH0_qKs=k&nEv6cqunOx|u;_czMeqWS|Zg^JrB;|gnMTQfh*guT`#4%b@TYp|7E5$@6xKlkIBsyN!=+-Sc>s%iw1b?gwfDMsg4`dl>hi0pwmYv)kg)9>ePij=yoxgpS9Ws{1apCA)9L`(oK#(R(PXyc{)OzN+e#5?raUpfZTqCdTHY+V{ z3`Yyn3$|(0bL&Cu;cq~E&Xn}#lEluGX;I5YDQb86=#a9HQFI3V+CQnT&mKQj`L~E5 z?aK-^bCL=ku7cau=~7?+x{S&NvdZCLp-Hm?2nn>fbH@%~Z>3Z z&Cs6<7K`zJEfzJ&P)5yca3SL-aADa|y^vI(p6V?3m%sI`s$(>{L1@eq|IWTI?F)+J^Nf)YpZtxTehkKiYOX(Yfs1#q_3q%EH6WpG*{3_}} z0;y`kWOxq{Qrdi*oI$DL2^VpQ^ULmbvKtBJNsVxXEYoMddAukHMOT9cq`Po*(f_H9ks>3yDvSTE4g)9e(xCJ@} zs^Vfg8%LnY0HZY=-fLdFfMo*rAKj|YS+j)jN|s_ZdfQll*>GwP=J^3jN%;JH=j=yx z(6s))}`$g=IAod-O)|*6mv0kBfq{!%@MB_-sKlHHh$tl!qG{AV_92@DowX`n6 ztjY42yDq5Ky{^Zu$)W_-c4o=xDKB*;VvdzXf{>oPe9J*peJ&y1IkeVu#M(EwznZ4^3k^#UTB{WM z*m+kR^LRiw=H=$&(mV5I=)01s*pg8jea+EeIfD^GBPyQp_W1HiDJLGJZyWuCjawf* z=F9%x#S>LP+3F(xq!sh!IcoLea1&!vG`CEsg)Wtjr1mSa6z!lV0KWHUhNAsR8a8hT z!=S=aZoE@VILl1)<`GI@!+dqLRIpvMm^{B|4QJ3oZq$m56;I_T;zP$I0W;<1Cjd2m0 zWRT3be%+m#hg9?AQ4k!aDHCG$Tl>S^RtbNWvCUE{ap4^l{COi%arY^RRU8MVA~nBt zfWsgwg0h;^qB*66drlKlQ`O9|K5KG&o5caVT`OIQHmTe3hUU_rS#KxRSX~VF9sL8tO2ewrk9^b8-@iB~d(y9mV zI;UEBkGM4Wztxj#=2-mZC~dcUJGIg}&-AE)%vOgBuW9S zEQSpOg)mJZiY7dUEd==N83D@yob8M>G&?Qr=08qdk2;TMWg;J&4fHJRUgM&tlW|^D zpgE^d6mEbGM>ncW!JYx5ll(~cJ& z1^6egEzDCFOXXfL&nsR;v`UrAer6_z`j`9+&-o2(=iG$!&lqL2(w5nx0)ZuzpV%-g zAgu}64DUoHqx2dUrFL3uqS!9!(|gqM!s$qq&}&gj{MKP%zTeq(&+|d?vE1#Wt+} z{k`&)hW+FtTdDG^8>Fa98#C7&EP$3bkI;e(bI{N`TeGLTwQ+jKzpU>Q7N%8r z0sRII9{H$NTXjq$08dt}iSj1lTN~#D7DJFT58d{y zA4sV0QrX+Q)<}&yu*3q$+}Aqt#=1O~PsOI5%yw*F{aMC9 zXX|$(o@1Qw$^6r|Qq*5ZO}JV%HCW>*ED*|$`r4$dc`E;eR(rKku=jJhK%2&F<@N&L zLM!%K8LC{YDQ4YxFJ%I?vK-e~d+*gY5H>EwtnYn`ygq{?@+v&;ZLFJ%5P<`O4{nC-cn17mv zF>(R})Do-u<4Z%PRt!iyB2N*q1G)fe4U0l|cI4|t zTH>a2=O#4DF#DomB(0A!IjDgvlEforPV6%y{5sZxy3A?Q7 zM+lMjuJc^IUjw?lLDl#+mZc5O@?h^~-)!PW2(O{bhV`=@Be#kdJFO^;DOyce_fnML zZV+@7(SoT11ZowoQGZfKLMe@^5}J!8eQd`!T8wd9)EBH!F9)g%slJ%0Yr# zJNbc-#jNR`Oz!Qm(UoR+j`?g^=7*LM z{AqwMXE_sadm?x0uQZy!^>_TE5zlkfdtx?pL3l@>y~`F_#WJ&MJ@O=tySomF@t_eh+eLc1(l#@yXD%0t z-krj3tIAL+)Y3sH^aaR;o^wl!@ZA4ccOPzM(Ts8CK}!8W%ZyU~ zQEg?^0Cs1CN^?}d;WJ%YG~8E^F)zG-ze?6?Q27ns=ie*+KP*LJw^1qb^zq+kxWs7Pav4`N`TJw{&H$K&50^iA6PQXK0SM z{k}@#DsN&C?x6?0nMvcpnR}WT84PcIbLgaQMUc^p@a9;Tm0&Q=eysV&FT^}V!VQ?m zL8>Y=`v}8TL7bn!sBFMoUVjt!Bg+Y(Mcts-5x*9UBY$&)G1gsBQ$^iN|BJ;i~-+^9b@t zk0@+ZPkkJ?wuo`rylrat2)_praRG7s-$1h z)%%+-?oc+wqMRcUt2t?n8nt;y=Pu6b4JqOA+Pue3Z`g<-!NwVY`TEQKvpVlXBdn(;hkgmdew7OYdB)=5`gYDlRn5idQ6J9mL$2>B=k^ zQk~`lQ9Ny)A0`hUIqkpT-I~ia>$!J{EOH@^*$c70YmC6dZ~P?u6^o#HIpQEXv4$@rk=54R2P zl>5+Pgs}d{pKIaxp^aY!dwg)LMa|vu?8j~65Zejk&pE|MM4KZKSYY$sgxyfFSVc

    qX_EOX zt|qp>qRKuMxb9~V+Odxv8ej754i6}LY7*_Pp?4^;#Bb(4?g;(^uH5M|%ZP)F1piC? zpN7U+zu(!H6WxI)4Xb?hK?l@i6Mw4p?Ts}%`p_Qm5-G0QZ$6~*OK=p1$*oZf*y>WF z9;gGY!S4?aladv-yL79obx-%CWbFB4TJf7-Jrv{rq z*aq8Q{eURy3U(QyHEd(@nw>JQ;;px=CAVQuA*UecfeS@x*c_<`^$%Au?-9$GR(k+B zml1Oh3CO1q->5UTHrCd@HiyjoLLhgCeIs6Ss#2n1UvlM>Z8Ck0UqN@DKSXZO!z8#2 zNZyZ<)0KIY+x5A7F0`qGi2Layr3AY*YAfbfn&4VQv%c`|Jnn)jM5RXvhVdH9=Iw{M zFG?UoM>o2y4kb4tyw?v+V!R)QvH4kFVr!ov^$6k(Ln(B~GeY4$QM@s$2nuAC1--=& z!d<_y&!>pei;SskFbG9bXqvmHUB|v$cqqOTJSRXuuZsg~R8&i8PK*mF%ruf-of`U7-oT{E#5B+#{YhjvUU*#TF{hU>p4EKhO{>Qj~7cBlX#qEmrjqTbpOmByQ_~*jJW3N z?6O&oB^WO(bgz7_%DSz2F)}$!cG_b6nfDP=zQE$l!Tnc!=QbMxu(+=beQB+G903wc zGfFE=d6Az|n*@P#FK|bB4)<&+=9N1a7*TuinHfa?ecjLVQw@@lKXAoMdBncGjr&G# zm|D%p%s2ShAC)Psd&}iqv-!D}W}fe>AMY@_l1&^{N#T*hG+Zu)}e0X_vo3^WG z7ArHlETzkByLwfT&~x&U||=5a>2KM|RjX*E56i1PtgFu(oPD`X#3 z!89po`|8qI3G^=G*Gi9zp?8v<&6p*S*%rUHW6Uj;zveA^+3svA9bIL3+0bCu_N}IR zLnYxm*~`8sZCz{C(>b8YerugGP3cX?kA%Moy_QTP5+P1v9T8|PUGk;7JOnBr>lx#- zZuYBPBvY)75oi1vTv!8Rf7pTSej}(HYKyh)I86{SR{$=2TKG8bR1;6*L?(Yi3h-{p zUWswfWl5eL)K^%oD9Jf36d2;L9Q;s8;2axek>=g)-65d35C9Fxo4% zq=id;NvS3+Exv-2dn(w1NLl~2KsxafHUmW%#%blIV6-BUOq~HhwKE`JU`%jt_&2(} z#H(Y~eO9KbK|D=!pAQDHa!7Jetv;>cy^{^wH8b>3?G`Ps!uyAVcJn&d(p?UyF!3fh{)MP?0hFIlelv~OA5 z-JgN82Xz-bRN1m7NOD=}72OB5@4Z(t9~E$g_iP5vbhWTw*|QP%&>$KGw3(KmybH+b z_XoPO11f2z%~j)9J8d0`a@SNJY~1KukT|mB!~2Xd-C}pNHY>;&F?qRfz<(YuOY|2(&(9VbMW$UkbhrRp=vkC$D z={zz@q#-_t{NOt+fIzMA{AYPOhE^B6s+Gx84W;Zye2hO7{GkmOEmCjQPlph_)Q4$5 zi6r5AXV<2S{V_TR2kDUT>a%_{K1YgL*x6`}+2w`l=c@k-p0F*UiU*~yaCqe=S?gGi z^53OiTw~w4_lx4Qei;O}AMb}Ui!?Wtw4axzOwkCYqug@Bp1G8ul#08RXoA}};LpZ4 zBFqvNG9(9clwHiL6hkXlL5cuh{56>>lwPW3?@!k5g+TYg`L4Q1_ZG5jxI5f_ZPr7P z50RZVOmQnCs`CUCcaWc24g@T>cKhhItss{+y;rdzsC$-dLF+Af0hZX( z)@YD7W5qm6qNF|>tOg#X=9tU2Cc_KOh?|KLQ%KOh2))km*vXP#!MM%hDA-xN{O<5a zH=DkuK9SU&MPZ%o`+YBhol%)6fucvHMH99&bFH7`Dv@uIdoRoA^bmyi9sEiO_Zmtb z#{T-O+@2hIk6CPgc*|rhYPEOy%Bq9Eg8}w}(|pw0GnIIbvCz*G7oOTVE$G;>M@6zf zggp@tUofcezUzwHd@=j=Wjm^ytDBJY$*MNoY(FXi#^m(U{(_bj9od;Uvf4`K-*mRy z?|AztYUn4nKBz%o!GYCvc$uw zr+1P^XQaB%=yQs}+~^iQzO#u}GPbWAQc2NiJ>XGj<{KS3P!ip_`Y<^g_ZUkau^S2y zPj7Fsu%TUznGdL`TfI#WSNtlUdM0A%io3(Sf8$y3{mv2T3m~Iyh88e?&IrSyiv`J zVD~kw_zgm`@aVL~S0ukhrm$R$yc3`8>FzD}Hi=y#@Z8bkb^QlEI*Q81z5+#L-WsJ0 z(-M)?oT{FEuieUD4djTX*0wSQW7+xwlz>$I`3H*0c}Tv3C*A7i&uCfom+i`aA+7NAd5&N@c7+v5Xojyy$#+4YsTo?-7| zYBawBLw94e+{&}(QtakEWs+dFOkh;F3n;`b%y4<2%HWs)9~u_Fdn;iivDXt1Hr+&oY($g5n$=ofYfYIua>!X=UFU|2|S1 zSUaNXMC#LSjr6M%?{RQiO+#76!baGRV~G8ePh#6*Do5$=j*P9AP8x^ZFwGx(`@N_{ zi_gNT(n@(KU+*hiy&>}h9%t2Qra8Lmnkc@@w5_xf6o;dX?0o9=5^CjqkCU(I`}Cm{ zP_IrpYgOO#^|1H1yt4KbtnAQd=aV0t70)Z?WjEY)N(scxfY+{-aBai>Zo*dS6Ng-r zG2CIQj$Kcde}PZTo)p>+u2nkS*|>A{XL<{^c-3k$PH0+lROn>QIa(L-M99Ko6sPB2 z&O2x1=&bd>{##g0t{?gs?eo-CfBN);l1ag-bu#w(AJ&QTs__$yNiOfg<8b%(r3{4+ z3GNL$7q#lT{tkMxEumVkjwcXrtAZquUjEY^Qt2qZbGU?cp`)Aa4{!Ki%X<2>K=A9u z1!^B-f2@p29w%YA`M6QKyHQ;DoCNFUedTtQtFO0o4j#N;#@XJ_M5U2n38VM=_&p@@ z*@+V`IsJ@k+>Xx&;uq#NcHw+uzpp(f?A55J2zA-Y&)x^u5mL=GZHnI3Lo22axOaynFW0B(<52{&A~+#nMF4*tsq;|a9;e+xGHp*3s6S1J@S ztXK>v6UyAdMj@)Ny4kfGKcWjLs*qzEZK3fmA+n(ESXe_MM_;5_3 ziqe!R*1`C+Pcj?1IuWQC0N0v{4a{TuMLh6RtT;Jw4Ce)veKx8hW1H~RKW`%ArQ}(O z^XT+HDDQW_cz*Y|e+g%`{5ZCZAB+2PzBa6`ZyGoHg^;muy%n9xWjC;9VZ;6D();r0 z1&Ks)vxU6?<_6l34)ZSKG0lKMUSJ;yXwW(N3iV%G#xf zu35%yk*-R4eRYGo33K> zmk)|IiDoJe|9UEZvJ|@Q?!y`4s^^|wbXpiY_vw*-N{-}#7ZR+68Z7x`Ky$NH+RKce zx3?-wsISo8w`t0+J?Z3^=%1p`dT(bG@P`mh0tm)`S?~Jz|9UQLel*<>WFSAcxP`d| z(dLN{J2vkaE}46-J^qU6IUDhikjw!m0&lmInqJ#T$IMd?;rGjh_b$>oBltEiruDbJ zqf5G*$TzeJjvTc)I(DV7FXmVL;A%Tz9sFm~UB9ARHCl1?;UZGBAqWu*vy4%!1NS+@ z{o3Tm&YQbUZpjeQZ|zM!z#DWkK8Mndtr=pQZucGjuo$Ld2nIxCqmF$>wVQS>6i?GN z1(Eo+bOYF(j~`Fj!I7qb`#ce-d>mWx+XNXnQ8%hz}9Rp1{rRM?3@9333u|U7RqhMGQBPkMGA& z_9}B<*$O@C+*OVL8Q2~fBhRow@)q&tw^gWkmV<_EEO@;gZdg!=^!y_l^U%NrH$Oj9 zW9<9%kE4Gtt_-jPI{s$s#cI!@$$}3Dd_k13B|_v?uZwV3e9S(o7LPKXf9u|p7i2U; zQn*O>Tu8s%`<b6c->30u0l?~~D ziYyRD-=xS0x{t*Pus3bG7EavzQmlT%Y~1{xQZ%N!joBQ25Lk~;ww@8$1oKZr+p z*<>}cj4MfH61P?Mlg=8NKDuwoaZu#N-7(+8u{cZqHOc5xwoUGe%_?p=^q1nGN>h2I zlXlaU)#?prJpa&m-7}p!f%Y>Mel~5Nu;07kBmOrU@8{lv(fL|i6AbWtX0B@#xEP!i59hC%x~Fmd)QG zSZOguRG&3!yRc-WBtDVsuwY`xZoX$sf^=Qo+AQE>@Bb`4nw^nhGB_X}4(FJvdB035 zv|}gVx&v-`;be<-OG@V9+Oo)Gv{7zp&davD*D7ht&nrTRHcT51ebTrr|L>9LyJAMy zOf|5@O(zecKGfv}G|*0NhK5x?eL{4uWNb4()9{9@!%(|^g|GR1527V=KWVeI*G~Gw zo9RNyD-Fk8Kw0H~cpwV>M6=GTd>dJqX0x(P8tJZAX0pI4_cc%i4iEjO3C8Mj@t<9J zCy0fAw|yNLYpN5j$Mh#@Ulh82Vm7>Dm*DwMhscEgnCuwQWmr_>vQq_sMy2|%k_}w-w+N2c+naDPv&V7hXx!92+2(%r$o0w3leHJR>AzPP^P5Q_La%j=cNVN(uw%23{?$dmj? z$BC<=?>`sk?4&K$-LtT7*JD;dN^_tasB?H#P|Q=!?i&ka-UUPDpAnA^y91K7G>F9f zxRXEQP9FFl^3f|GPji9#%#!f5tAFTIEk9x@agqFaZR!wHJ&mru_J~@PetfJ^j9hx{ zzOc+!|5MFITqA(OxBEr1HGsmnso>v1Fvc}RN|`1qYDj1u!I=)8@rRC>%fBqzfS3z-fchu3RJqtu=4!=!-R4IoN$z9~w@V9p7`OQ1kK@>b zFK-q0WN0pxJA(tS{iC$AZO>U7ac|`e3+Fp^b^POz*n2Dyi1aSbpl@LPc?uaKa-a*MXrkF%QCFoVz*I%9Ps7)3(qf}(_`l|gXWdK~u4J6c2`;LyV7QHXQFWjLGrtDZcb zpv?#0MW;RPZ|y<$jdqe^3bOXyG|(V_T=lzYr902sU*CA zlwZ{m^73EZ$i>8F7xC-YDrtf`zvjJfY+1`=f9&*fT@ZvgiF~|7xvw=lwRoSSD*ZkY~8;a%k$x|WLZWgMB&wxQ>M6f zGuvd=C5#S4ryhAZ)e8Ozq({VF_!ApXYk8Y}k~rl_e@1{Yx>xVhL*o@6cE_pv_jLZo zq1d%LN>O=)IDVf68dilwJnkXBKry5BLJ$~3Jo9IGtJ{X*=AhVv^)A{^%7zb zIjPF?`$gQ%pBe~<(dAI{zXzVSWIn-w74@DY7=O3!vW)EZ_Wy3ZTx4plA9rEtW&(8` zWuGl#tDnBMpg1LZEXyi_CGdZ(gUFwAt&uE&n~3Ni6nFI*&^S zPaPQ+@!u$W3K`3mzZZ%x(=CHH`~=^9>1NV@ zrSLy_h|#ebHZH6ljC(ma2#INV=eqN~Uf*l9NWXmbgZ%^6qms!F)A!VnkF`PIMy`cLHqyy)N!r)VkS1#X4{z@o*W|Xu|L$!^u~4KJh0u{EMOu(fsM0$~kt$t~7T5{` z0YW5HsY)->dshiWP(gYJA@mkP3nT>Y!*-wZKj)tR+k4;eDj$+(J+o%b%$oWBfcGsF zcbL~vCph&3JniWBWwUTAH0vOT6zU#0a=O;h<|vnSkg?@dC*lRPJje0>t1$T6R1L02 z&RBdgSzsW~KdMP)t4eS-)<|*FOm8E~eLwB+Ih{GJ*gJJNi)=FAyt-Gic_xWvCVsR$ zr$MN;|2ud1`=#@~>2wh|cF&JkPQGVlCyvX=k6X;z`OY!e;UW>_kv$QbQ8Rez;WJlv z_RUgy>uN&?&_{#Jv-vL)0H7l?zmuk+#T2&Et*6o0pQhnkU*U!D1(iNXdR{5(cGd|# z9o>{W*_9-A%n@FZo^BfvKc7@=o(bdKN?j7p1>fWU-yD>AA=a1_vD8NK!e;Em0IDWc zL<{y*d<%kYfD^x;Iv>UyhPFS;C9$q}G_X$B&zxFIv<(zCp%mPun7d-ji|Xn|7#MQK z-)XkT&iOq1Gj+GeULwWEwrxs6P0#M@~Pu z`=5>X_ge*KfX07tp!SkPitP_2HMGh`e@>?XffT2{*z#aV&6yC9gD5xC+!NwSyhZ$6 zW<7pJED$pqL09?Hk)^T&Loia6jT%zNc}?%;moF?|UxIX^JZqx7hdZP0WsB|#DFI^6 zF6S+?=hOs1SJ->1yx;^tmOjoEkN1ER z&!(exgLWJBvV;dh*C`@}ecsg&`q~SC+IftB zjc4Bi^pN{kblrhwvBPsk8m()ZWW7OP=Tu4nlA%Cy%nIoKTlQEcK9Z-(4t*;f3=MRO z@n594;S&)oAv-;OuN|NCB9;OerWA>Ko%eRvfC5~MF8%$zfmohX$|aXH9D2k+MwKa4x$qPP`gt=H)E6z*tmD-HbRjZ z5lP{Dj_3sBpjjq!Z|(XOMd~V9>Hs1~6-@;H*47S(kGS2uzbCrx8iS30yR_fQ`rkS; zWIkO8&Cc%t>HsnGVo1yHjD(L=whAA3#f^1{T8Zzz3vi1qcreGQ)SK;1`-2+i-Qyo_ z4mN3L$xHy_Y+Fwao?6^nCulPwH0J!ZB)5ehachw8-f`29B+#iQ;!_uiU+Pl!>{fzR zDV_zByJtK}2|{3?cz=tTU)~u0S=zF2LjZ6(V2Q)U~Ljs7yxzNEzWM75|*fxIISOU}9w!XgpWER1*|KfaXmc?_)=YKKd z)6@W4Ip}*VK%N3RA1{UDenpVylrz$V^e2gu-`;NWJ_8t~5x^K~ve(e1T$m#nKnD%7 z5vK3L=yiV!WH6SHUu9gr>O9Pmy=%b(baXAUcXuU$b?1KE54A!v%2+^|z~V~H=>kzw zsRHh!ZxQ}lmJ*G3yqr_2hix?5_oBzZ?!CGxBE#&nK-HZ#w&{G9@(|<3Ch^MuM`KYx zaM%9wyps{bIXAU;oXfNozYPFc(orax9Oi9Fh5nUS%qIJA{NNlTgn|4RAK9PsJ9Pgi zk~$Z4QgC;8%JNib8j7De$D>9v3uPhxe8uxh^40Mt1)+#b=z7wss$BIzuIkh|CpPx& z`DOp2&;HE0_LTJL5k_(LobejVx8SqM;(R_=2&WVNlFV;vdxM6*(i-T!{7{}wd#*l3 zM#VXPu3fWdYq9ae%S^Q)l5Lz^FS5{%~~i6t(l6)9(`Qq!=N0`iM^4{g%xinE+Db5TG+( z9$E*?`qmW&)w8OLFv(q9xk(ip%I9L_F$o|dY{fq8s|48k0*U7U$}Qlz0Qw>S7ydNh zGMJ7%XBy}dRUo2{08oP?n#o6#?zY{0Ahr!3(e!jXwSTWqTCkON6=3_{@_l!syjGq8 zi@+ZMO2I$Uz1=;J9sfF?klXD~_^+r0<+%ckftY+(rn^eV0jS1n35g2PB@0@!>;})L z@O=sYwD?Kp%g!gz2Z7~oK#XE5K?mHE!gU4Eut{Q6YR!`Jbs4u*wEPY~pRpZUJ|EN` zmsFJ56@Ih~wD9^ZKK0%?`EcGB%T%l?Clu?qHF-Bykg&TDBNzdGKHDl;+b_T~*?daa z2oqK!rap*`IkolI%|0FUAZM{XGFiK7{2hSS*k%CyjC$Zi2xjpWPU!=B$9F#Rb}Pxz z<3mXmXJX&~w97lIXeYP`eFoShGz59gZrDVaa2N5hjNb#BJHlutRaJ&1wL(jRj+DE=_lr}a-CHR5o+d==xd^bcQCyqWlQ zqcc^OPM(gMCDKw_=3-QJDnnu?wM`1um1{9Q?$J;4JVC5WP8;W={Ly&az^pEOs zFE1@`=8f%{!iiHnD@MDshhnEKY_l2*ne0Bq%4x*BKy8Wm+^mF6>m1*{~SHxRj*9{TB8V!yVZS*lYDJ++s60@HuQ{m;^hTsUsTQjp5wzu zMov1z#VYozm`jS`L9vN30?pj0&QD)bKhb^p`b$mv`-4H)-lvPV#{tut@E2Jqv4(e9>Ti5LzSQE7- z?Yk%qdn)wnLZ70PEbi@@Y@K_Zrh4MDd#IN9u5 z3MH%+eh395D+0n|c5A!5{`$_m*A?{o70O?DW_$!i{E{mC{`72<6p+X?Qnwuw2OyWv zW`njLVFBt3IB2tm(POBn*eKuXf|8&Vec0!5I>xXD_#acE;^X6Vns$$?SA$|di_2DP z&ZVndBYS(NNU=m9eU-hM4{|S-)Fx(ZZ=j;&V3fqItCo+I=w^CHUzOIhZ1(Q*-jLaS z9I{HybRvLrA+46ft+$-F=^SRYDzdu?a@MeAf1R}%f!v_HJ#laV_=NRlkr15e0_6`M zP%z|}`&4w&NozEN z_w4<(XbSe$>5YcSHgPGu*&L^sR|uzCt9s5*$CO%Iup+)1-7M-cq`n3etVg zE*3dHm=*Op*!p;Yiho<6w~l1OO7;Dm_GC^kFU2*;{M!4r{*FgfmBfKC&_D9+z;E zcuqZtb095VN_4Wk(n+?5@V_hA_2$EBTNK#@k~dOd_z`oln~Q3w6=Zu`E7;!a%fo)KXd)9}m9QC%^ipqO+l?yX@Xe+BCfme`2XR*0 zK^8b{lWPUHApAMw=M$2Fv_rsnPMtr8bW@(}nt3-HCeiNdQri)4)my2B$lzo@l*Ghk z&ey5I$%KI;d)kE7-W4@bBwpkyTdif#R^6mW6Ic5;BDcWcEqFa2KOwH?|7LSf?~-%q4ajO7a?&S3BoF4xgvVTvoXq5@xoD+9IBHLIXzBF3nhaD zW;wR?s88$*Y5RO&^&nlwU8{1K3FoOgzY-JW{Rh$STBGN@H8Zc7QZiE1**EBd1R&;v z=ezTWXt@|*iw&OpJS^hdlSCyb75OX+oVlt48`WxdyN&A9g*3f>3|NcwgR zMz*R;pU`pEG1>;EOdDwDJys3KZd;0$WIw5PL{;<34a`y2LB> zM&IG=r$B=9v~Y^O(N8#_J^qU|QNnBsGC)uiwg4ZF7hfa+4H*X%zSS`rmmUTPjwzoY z?Y0-WB`H#JOw{R{I28~~^4z3ZK(ZoL%C}^;4Fv5SSKg0jKhCk#wq@I_ZD??PrH;D4 zwjn)t95*|_@#XCi2$LcL+&uzpMWA+G44hl)p>ay=&K^M6)&T!uw@ryuG zHill11;)>sTWfjH3y{!-?9FOQIaFxCmH6Si_cg<5ar!4oetE5}2$UEPSHB?Ak%k0l zNOS=h=K@4m%q2Eh{w56p=upkUu(hP+ZJr$O9pGLJ*4NV4JwWdR?jo!;`YWg1+YnIl z0jms7_x7RDQAMXrMGx(ddqive&HI|XG9fWzkDyP#U@%GoSPv-K$+ z&nDATPRqmPyOcIe8xx+R_5_By%LDX6MzIgp4<~Hw@-B7dJqKl}9j|7!rugO7v$N(| zEVfuA1nH@qM4!NWzlyEN?J93;Fb-M|x7V^SEd{=ib1}Ed6;=iJYTuhs=1@Rbq+}|` z7u~JndX{e;z=~CzLM^yBp&V$sb2IKtG5qkbUX&s%5mt+8+uCnr>? zidHVKbr`<>m00AlmZCCsm(x|l>X{|Qe}su&v%b6E7l6SkK^65F=a@OFDjtkm*YYn9 z6XQ#x(Mj*$K9H<6UEd?h^#`T+yR9tOjrJlXhz3qBVZUP@68?0s|4XwT+-`41V!Q8rc7A39X2@?+LEB zYSGDA_n_9syabWX&Bs645GOIj5)R73k-Rt=I{&$;~s)t-3{^ z|%8ynFbsIOws&kG5J;Vh^ zQXiDockJA5lsh0X@UxGtk9w8#b0@>RJHLN$a9rVF1Fx(#B?oyw@U3tsFP1Eyy|H5a z<6S%Lh)$9g{#{z3KNBD-HP1BMTYxsqmx^1&>NIB?kn2P9$K=bbs{4g#aCI#8j99+* z@|X3kD&6{RDVw2=V~FTCR{eD%irq>>_9r8B74R_x=}I1v*}|Cps9pW}pzu!|!*jV2 zzc1L~G@A8MU-B&-@96=iH%ePwM9sSF=z$5|ZU}1{icPqp_X<(7ONL^M4&I$V72ExA zf3ghWBjaZ?Gl{iMIQqSTMO2J+EiG{9JqwnE3l_XhH* zxNw&ssecr6sFgr6xGD6;j4-=(N{%v3dOB?M?Cq<0h+5Oq1kG^+D$(M_<)@*=xK$z! z6xW`;?h}O@D8v0|>EISMYrCqSoAf~OhtiP;j9z2{B8^M!VD`dMa z4U)pa`DjspxlC>Y3`21C_2IU^r?-DyN96u5=SOx3< ztcEdiD_ypR9)spdN5Q=-MeT8pt+KKanI z&VsF-yYB4zvp-Gn{(6up^vrZw{MdZ(kC~UPa2L6%V+cy=%pFBEiOFv!&3E5Dw%*X_ zZz0I6&T)T}IB6{%?T-o-RFtC<9t-IzH#{4?b(p_BMqm!nrUG?yqrOGDbwMG0ZejHs zlQHpeuh^=@OGskb2|@*4pja$!+K}=QgudM9q)h(UYqt59tB!Hjp@Ug7L&>l%v3alNclIf?l|GI4FVrpy!SO^N4hTt1H^Mo1~r_V)zyNG0SWBndsbbJx%Q_HUT>X}$LA>L0hJH1|F zvvIJUHxH|nnRg~_-aad_Cf97unr^cq1m+}x4LituLqwf|iUJ_BuD@Qs9uB@KQJ@5< zp@6i)Bw5@^94D@gDiJK!Y&2^G_$1XC#+6e=-;tH4s~tQ1SRb< zK^(`ZPGT#P2m=`nt~8@;7eX-M1`qzM^}(dH=Y4ElC#+pc3LeFjVQV64joqYmt;-8- zX*~F%RZaZw(8mbScF^*fv$Ea?Z(k8s;~LmssmyLR>7r)}wf`~pv#%_n|B2kPkCQHm zQ12qzNQ(%vy%iB>-q~1)VJH;vGjx?gNZ0fYiNfS_ z)1W&hU^Morg>Ti{qtOG)z0j3jv~6;A!Ce0QvQS&d{)&G(yf`KxY+N)GTQagOwj-@P z{nA-tw`@MO1PTXn`sQIis2vWBkI82<)Mu7IRN@~bX#`byhlx|3<-0GwOb|w|6uE0t zh1|xq-TT|h7jOKvKnYjLg};K!dGWkkE!K(P1~rMK0xN#0i%MUC&5K&6J2uMYi*lCY z9i3?dDjAIpO6#6WT2Nd5kPclDuGUc*`aHE*Io=whky6f#68zExov$w-`Uc(QXN$HL ziCZwVbS0#aKDI3pemv!* z+1ydoW@C#i_{_w$QWRfNg%dMlCzu&Hrkdn!d|Pp77tb3Fu`Ltb)u0ee$e_9p9u4gH z-HU$A2Dp^m0Vlhsz|n3m*tMWk&93Q5&iVL-Eq~T3WX9v|HFb~$^#Lq5Q{(+AVOJ1_ zAye2wD`Z%v#6mcofSJ)^;({w1SpmA`A;x%BDQ)*zW%kzwGuhCI91})3(os0CjU&e3 z-4(J%2Z+#?;z`!-{lnN?6iI2q6TEu zm1E{RW-86z*ZRmo`jgRH$_p*>U?aWTRSQsvifBf7R9_`37Vc$ z5v~{rZo4fk2)8YWmvYI>4>4xwl5Xlwll5_ql4NqX+9x?+w29dzrH}*b6?1QG%6 z(VW7E^P>pf^mb!nMxMYjE~I3*H;;tu#}RIxxc}v@bLz*jEHz^!RuI-6j!`?z@6On* zQ}GY=oE}LXSuQe@6L;)6T_+86c!XgRh>9o$JZ<(|?HT*y{x>IZ1i~xaRlu8y*%e#I(kUgdjMNbh(-*JvCP**XxHMByRG^y)K~;xHNcR;3q7IkkixywV zC;Qh0<=87^8A6}+#SD$O#ux0EyiXM9I-A8YutEdIwJH#Vqtg}?d^e_>bE^;;&{JLY zXe3Fi?9~;rn(z+XqJ@h9<1rI*6SK(?V@uXf5X+;-Nli=;MnF$rSl$TeA*vSo>;X$*c}3_a3(u*a9zoo*tnWvlzFaK+EFFDLk)u9jd|9|Jh9+T`6ZgBr2MU(4Gn zBBtwCv*td1((SSV>=SrpFzMuGo8J&VAtVwXvHkn5=WSKkzx)*14tMRo^&g!a_C2&0 zSKe$s*rail<)Pln+9U&0{+;)TNCA#1${&zkbOZy++{C~CWvMnnmem zf31VgdkfhpzFGn?h&8ZJE^@BgzeT#G9NAIPSq9Llm;E3zevxw#@w>_-qty`o4s+`} z@KC;zsO(&V)``qGG{o_@-=$XS-{SWJYK1$J zq42Wzw8V;9|MckE-eH{GZ(vi3$?y)P^Kv%+_%1WObLQ8}xk6ol!hCYaR$<2g6Kw_caKI2hn6j29VM7xeZ8D;1@KCI*}HVztQ)vA0ts#blj)Zl7i5O2T5w{QDw68nN5)+oO7!C6|2fnyyxmIg0Nb28XaLg%jsu|l*ZC+icp^ znfo#>dN{-gtM^s`q#qG%B&^n_SZh_vdj8{nEUT$?3!lK@{aSlf!^aZC9&g%dHww3d z-f@bRi>|fngI2_5wY^(^jM>z96;_}(3P)3pih4yif>yCYzxQ+yYc5R+$Y!0`9{MPLj9p}Jzzz*tFCjl|J^Dc*9GcV_q#nYAVTq3;GxsUDpx2POg=>_6>sm_lFmSTx?kd8| z7$W^=49ri{>PGNAUK?~=!GLYdA`VJdKALK(3ZXl@?k#1b^zaW3uAme66PR2_B28Ec z#DwN-6TEjQO4ymY!z4&pPW8l+9@G>UPQd=f)~0PsE|EPS3?ix_qsx8@wO5G*YU>Nb zh{jt!LNxH;Cu1(zjK>*Pia6h7-Z>}ou)GyH`aPvq#@L{7--KPB`Ioj#5Y{1Kjrt_O zMX1F>K5U2|LJ+_}Z^bEiRcGxK<5n{0*ioJ>mW& zr2j*#Gw#>QPxK_oMCL_??VjG2G)ow&^`8ovilD%|f?{jg{vl47{^GCQE*@>iCf->l*)(?)B+~33`*Y=fd*J~o=4>Qz@MS`vGjdDRN&<4W zUR+1PYP<=RqJj0_B*Y?G5P%r~zHEx>!Kt(ZT?Eb0l25JqLsHPA zMCGOYGFhYzmCUZy>A{Q11-xBPmB}u5)@rc^|4k7KVhIYlUiSfMyoNGQupfKUQyj>O z@hYNpHBPD6GdCUb>Ylou;EM|k3lU?`_&EK(t9wjHi&AvlN2amA!%%cT#`8SW7f$kX5iUWlHoOYOff)%$rgk~K>#lmLlRACx zgmSRG_YT^}(AM|c^D3Mp@NKvwjHna4ZXxbuY&oy$Hcag2&&bM|qsd#}B(Q?fuR>T$ zC7j^4AgBbd`2iON)&`Tz99(89*z-9a0zqi*X>2oUtgS-6Fuoj}F;i z1pS~iS@RMFT>6$>2EpDq?2>&j({2c=r^w&@fUH(&@Z*3<1Y}wnWIGJHLY7lM1SOZO zx1oeL&pCZmM3_@;l!n}jSS{^2qV$m&q$?8HWqRkoAhQ3=8F~h*oBq_{pA9FBjj6CC zd=?+B``Y0dtGm#cb-#lzOmtORxc)6_Qd8){9Aj;YeJa)@0qg>XkoHNHeee5y!NU#o ztaiD$-a1q&rR$4p_S+G3p|)*kQX*clJl$YM#Y;2xAxTy<#jURhL(%nKfJQhwM~r1w z?H+WbtV$(sA%Rmeu6x5p$xb&UM4;m?tlDs4<2@vn5(n!o3d9}A40|Zs3ZxH$tSI2Y zI`I}2(Gk88R_Q&GAJ3+Dq;;VVwll5d(hk4Nk%j$7#YBy$yDWnoQAWJ{$xG+YR{((|eO1Gv+Aiywt6>>1N_)bGCnBS7J1#EDk zQ~*cA*}0B1)uMc^V7aS7%us*95qu3jEIOZjZ`P=J#^8BcEC)*qgCeR3A|e7w{che0 zIuP701>muj-s+bv)N~k%6O2>@s$ECUi(l!+1mXR*6L>#G@ zv})ti?3nwTiB;ko!EeC}cIth)GpR4g4OqjfwEO#?RRA46q++qa6j$Kv-5 zK=sRqE?y9R%B00Mkj2s}cU7iV`ydd>Z`cln>NvZ<*CB zI#iblRnd=_hIhg8OmnO9Yzz6-V{hKgCHSqAL7nfU7udPJbsC2BnN8SJ3eqPmjwfsl zSG==9rgi@Ck_nK$WRo$tG}zP2`}d1z1}FH8trEoyG%rCrJ~zjtFuE{{7MMQAoQj+G zi$&~1FF{rorSwB2qOsNf?`n05#ojM#*a{y(U4AJJt`M-+3+*K>Mqu=q{18@!JuUR5 zubgg+vz$IOZ%iwvd|PoQ!Euv(6jJdy57Bdw!{63t7c0(UL)uT%BqpYzP53EEXe{Kr z?bybccdR_CzA%$Bi8p)0LzykESEp@*bJmzw#TPiFho3T!5ZqW+me1cr7}i9#4l7@l zIax<>jLhmpokU)6n0d)&X01E18p1YeLpn6-HkrwL|y&f=N3{d$hK?>$iZcZXg!6%dFm78Mbu3qWTtV%$>cU+L2(uOFaD031TO zBaG+YbKFX2Wl+c z1C{kzfSKt2m(_+f%HI!-Jxx<~vTmdfIlvT+C%M7d!E*=Q9i_h?;_b|he?P(6o(*0* zoM_Tqc{gUvKyF)L^GjYONUz^Y{B-aeaPKraW!Vttm$FFQ#?4g3Y|w%PwyMSIBB3cN zEi4-t@%oJ*{3%iW_wr0I|DOc|v-)8d$F`BH+SPn^DqhZ)o>(v>2zz)NbtZFpFE0u3P--hxhmE& zax{P-Y3-~XoHSdMKYbZ2ZbJx7{#wv#0n^Y_C5K-8XQk<1@g|0@so`aZZJbu(Gues7 zbyTcDmKi_<7TuI%`W=a(<7Ls!v}ekd8VDXy+xk^RsH_ zXu*hO&lJ*%4W&pPg|qhow~itDQcVlD?h)ewja9o;^t>#02gEfDlj$~gyjc8X#rN$TF>Fe6 znI`m>f-E(J#&A)XtM94Gsio6sd(PzOuOodg=IxhKvWF-<+g(LV$FBjU1HmB?t2(+3 zS;KYnA^iYH6R(MuiXC~Hsj_j8`Jp_5ucDe7>prZt#r1S>!5B-Yh4 zaGoU(Q(6&DpI&(WNN#9}v5u8}Ndrn;^C~Rnl-55TA>6>;j+33u+RrRcVNjI{V9=E) zF!;VP>CVtE6oLy`$J`|(XLKB;u1{&!#_uT4nAiC2KraOG(A*}(r$xGChh>*S=JIr^ zaH^1bhdr=?wXYA&53M@Vu>Y6#oc74*15a0ut;mupetzla!7m+v)$Yb_V1NEvDanQr z=Ife$Dff8V;?_^pyB&eZ|x7U)a69e&@6^r6|Cco$j~!b&6q@*&^I^a_ITO)4LrInb$M{7$Ys6DC9= z4Q(@K7&}i;@8*|WQ9OL8B&*e0p+a(rh{I|lpj_xe=T-A+i%CRahplV%JpNHm``M8{ z16*Ql?%Kk1E%woxA6Ua;eMS33=et%X(0L4RkU#c+cOR4G@U=YwQ)aGzb6x#iCDwD= zcMn7^iNEgLFhKf1V9fbJz$$oauVV`Cs-S#o^1A=|{rM@wa>x7*R8Rq7ux4aQm#H#Z7f z5o0kQb=d^g(Dz`A7GX+HUthu7f!C|Vc2yA)qa7u=7#`mxEB;ZqS~vgmLS4BqJ69SV zWhpPo>EMz6&)00h<7ZE*$f1y0ieud|$7yW$-nge_m(!?mXCO?BBDwfr=IJSB>sDQ| zEyiUV`vgZKxAVC3trD>uBJM6Y@zR_54SpS3p6s!zhV(n`3e%RxynE~J$`yh>SW%iNxtR<*rbOtjw+z3%viHzF zR1sAf5{LBB3zdVGeGZI9$P=`I`^C9a&y9!B&`Um2bQND+aBiaQD!6}$ottgIeK8Q* z3s=el2b#uu7t#by8A33V>fy-F9a~@eFlo5?!doztTa#-yV*laNl+ZAT`(@_}=N!Qw zLNJ8@xz{MnB!@2JU>3vNwGHL3j~F-+Z$2y(tD&DZ9+$Z4%(2>hr}9a%SCd;OXeN7z zBD~8?$zRqBLLanm=ZGOq_@eLI$-b^bZW}**5&Y6`^CoeEUhXP{kaVaBmat5KoemD; zS+lcMFw7aZNj7<>e6_4UY}4IWYET>pGrC_*C{HCa@o$@P;@qr)5ACOiP*Wx835)(4 zA+&k!HDbvM!3_M;i_?WsKwwF_IpB~vS1eiFk=;J}bk@#|oEA$sj5Jq0z(;Pfx3TC| zIf=H*FZ_FD>SE0-s%L&$v^d~4c4vM0-J0W=i;M+>SuJCd5Gf;LFHAjlnzy1MnLB|7 zas;LdR*A9lB&|_Ic_cPpPFOZMVhi+uLD4`bMRzP%dY_$N-?iVD+>(o*wd+e5J>0s1 z@z}tlE+l~lYt7GFXve*^-p(HCH=E;!Vwfo$a8jIN5fsQzc(NNHR0Sd{BP@Cnti?5Q z)`7x&gmw|vq+8-NgH+Sl&fe4N=l*iO$BlA|@w;NXWuqavDBFy9(Dg_)a&>Qy57Exw zttry_v^nyIhPw<9cJ@6Z_A;GEBODb&Jv~Qsl$aazyvwK6%2h|AF^*DXtRXD>E%Mo3 z9Yc246AFG@O12@CjFz=zM^#vuM|Fu9SB>9f-iR+tLQT5we$Rg-E#dbjYmR`s*|xj^ z)gX#aOQ|EHn{3CxKE(kUs`V^y_S;mREloc0B7>H8Nwr$j7IOOV0c4|+;GFMoy>uu% z_-4x83&m$qOio{_&}bvY8I91}IsJi9aeT$`3Hiv}oeiG5x3@GtW)i&eE4rXjA23NL zTkcAj#{5YQRC^DJQ&^*cHBL}$7DeL3G3VU=olJc_axhpxUb`7Eru;YGX~5sEBqN@*XgNsDUQrKslmYX+n&wU zi$a>WIi|u>uy2+aD{lyhm=;$|QpzhItTZZ*l;0lf{qk~GDxMFY$IPCsJW=sUu`PUP6IF`M=DEa4N>brZ zNS)b)5}Pp*87&VuR4SN)a_`&+D$I!g&4k5LgtLL*s1BQ{Y0IokmRQFE4k%1dE(YhL zjq{zq>*KV_GwER7A3PJB*hd_t*0Sh2cw6e_W3SMc2;LWVT3z(BUoq?QXjg&o5CQLq+p~76l#9IWx)zD?1rPRMGh7qHeeau{~KW^h?XF_X^ z);HGX9{yvHv!9B(@-wiXd9Ii}E*YoE$oTV{-@uCG*DEv@>|w|xD}jLeNItoU<&Z~JVw}3HuDA-qRodF^k#X! z2)f^V!_J<5Cq==FtM(J67o_V`58s()s+H+6&8M2@)MYZg?kw$r2bv@G&D-WBtV2&m zb0>R>b}x&?A%01k+oTF?{&~C2Pi~h)|J)FBCtlt5xv9u4silSFMgZ&G^kteBXc z(0e`~pOBFed|Yl~faibiORO4MSM(4MYc)2)L#elrvo;BJB9)u`7KQ?a>-+XvZJkb! zQ8AlSjb1$*N8VEgGKbUG7x&s{o!Qxv+@8f7lA==c-q53mpwZ(tz2#iek+0oy7q5OT z8Eaj4RjvA~9llYukSVsRzhqevrD<&x^N4NoYw6}wvXN7H| zFL4;EbK|j}ICXvNW4I2~&rteVLu~sjlXrlAj6<@WOMK7m=n}VyXL;+z!ZG8V(uqn% ze2EtxTr+Lr@69Sy=Fm|pc-$u89XOWcK3DsMQdk@QO^oT%8%hygfe2nc8n`7kLyzW1 zN9&+d?L2&8a9i!bx>SNdyA%F4kXwL4#AV-|`*h}?MUK4)RHu3b-haHtRR0F~tW!ek zlKfvEv7bHn{IPY8o~yMqn$JDZB!nF7(@exCfpvCltM?zBeV=YTPwl#}8@IW`^F9@e zzJ+(2Zah*={V8^%x8mN(SN+r!IIot)t`W2l8Fkz2xv=Jg z=&!mj=Y8PbjRz7PpQaBIM3O)3AC*X0M;}`GU)&7;*_wx+k`ZUSl z^^P~`71B2n3RwP=*ga5>nWgbD8+v$cM$(kWSZTIy zo`#wF2l!;OmDOfjeh=3@#rny>cWFX%H<)eCXTOhyeW(;seS?WHsn-bFY7OFj=l=dj zvLknKfBYu{PuVutZ~6zd+y(;9at{ki5#u#&(X(XvZ)uD;gylruQh3l@6_2wFZT+Pruo`jOT*tk(e=p-PC70o zJSzd_0pjEWPpRKm<3$LEQIh!tH@BZyPACP4n^I~&^jzUr4IBf04IKiO-@ zxR{}IacL4a=D-K8sUlE@S^uCLBHMGnlI0YP{BWs~{_UIZg?0I_5a^Zf@1MozG0fUnRKB3wImQq8KY+!qt51cxqWxU5U-^XV^pnCl-KRCB8M8Sh6jsZwXS<0 zU4){Qbm$k6-HLqX@b-8|i%GQfZsx-{RKclR<#aXJPY1;|w5qDyR*~w!{k(_bRdue$ z!qi;hONXAlf@+dvYSy2Hi}$Q&K7epkRY23>Op45nUO~2$x~I#o3-KsnDK;I}+`@7+ z;ww;9Q~bL=_U{7MSAUzt1?1%k9*}BjPaJK(;F_hzWr;8Z$*T2m6O$^Hedx!I zN7(x_`tsGRnL@w|v&sr4MsFU8wxDp7DzT<;cvgzp~$?Y@qAE z_))*^u!GjWo<8izHLgo&kig{TMC)KVp9>zDp(dYSuH$D8jB2qrQ17cVp3{r332$0xqz z7s2+lNSVlzkKk|d{!fxNjLLPp+^y?uQG}k zif!Mcw-|VhOrN>P?9S5Q)J?@$L>b(iavT3$w*>5+UJ%G*kd~?iZcg%FQZm6tG|DZs z<`1!$Wozr$`f^kM?JnbZOXBrgnZoqw48Qxc_*bzFcOy1`R_*qB`!6l6cz%K1_&F&> zk7g0OeS4P3$ltuqH6FT4E>pYDL7sTCwd#cDBq&I_ulXp&eN9P#6;#0E(z23spKU%d@DGLvAp9kd?nPTZy0hk znCG|oaOs}r_9JSKwk9L2R5eljSG%-(r?6@tdU2HIyQC9Kc{4%E{voIL@y@Y2ZC1^l zhXu8m3J-qth{SZ%XkYQsH|wnM%>Ma)gv?(F9f3>^nr^B=u8i$xVLp|oo&4mXEesvk zp1W+8f0*ov;DoMY{>&ZE8@miw(fFTzHH==ED8D?Gf+}VW@!REYYV({8y~)KQb8!zL zcURWoudQSJPUjHK(=Q+Gc2*j+f}LpQi2_%?v&bBLg*st3KPA%F;AS4`pp%SGnb6F_ z%xKmiA+zRNpX@?IZawp19{m`|a5gJ;_iE;eTksMp0k;to8vU>%gu0m%O6GGb4Pk8& zz#eC|W60lrIQD4!FY)j0Gpy)P41aJcpKbbBWK7>_vWo|eRZvjotYw||am@Jt!`^!b zHQ9FEqXHrd2oD{kL_q|lgEWDlND=A16MFA0)F4ed2uM+S7myAi^iJqSr1#K!Zy|&e z-|zjtZ_e|)Gv}W(znL?0{%3OEx!Ae(-fOMBcB`uZk@&G2oyYtm80rMH5?I|Dq%*Ep zx%3<7=nAwnHlo0*KpU{SV@cIl{q18$Kt%l`FjqZ(`o0<_LhvlpPRaCd(l@5k6R^d2hc*h^R7p!ODKHtyX)(%y`45=8T!znTij;boeSEL&fk-FF^B$# zzJuZj^?A>I$D`SS`=UG5E1;oVRVt7N)DurC6m#(W5I?1b7} zEAl+4Pp;@R3(c|OHS>=6=>Fnx)j@56zefXfvZ zIy^u<{+{>^wP+*CKqw3fuD$rgOvDqkeeW%WUIv)G*!Y ziOIsV1;GG#wYQG*F7Wi}6b<)RSb=SA`{4N~=*w}Zxx=K6m+DUA2v=_Rle-Yi{xlrD zhIOkJx+Y&PMSUl1i{X?=mJEOFcSXeY=UmG_aCCXxFMNL<%oL-L_cPSm68sxzL*+Ar zLjjnJA77IE$dk0gEgCuALz6LgjEt}5?;<;CX3lWfQ<;M6 zkb7luA<2iI4=>tk1y=eAhI_Eo-W=_*vBjO@DSO;hZa1$Zd!g4Xz67@3`qK~+Jx$RV znj5tLaWepof4D9#Rkufq&pWL$9i>;^N_XQn+-9oO`YATrUHkTAb=ndsO6Rq4&5e)a zeL1FS%I^Sjd(={M_Znq$d^l#R&HCW>s__zQSY&l~y8QG*)0HL{e$NBcUg*->-812< z-C|$8|U#`^6#bx-(h|0ka?vjz&qnG@4e5QGIzn8=7Ko(+?Yu=Vg+~)@yeG+ zHQ9hX3i?iya_T7w!0aI+DNjlXoYL5$&QG#-J)TNDv<=u=5CnCJD|`>(<7}p( zwbLkH&N1`-q~QpR_5a38%wl*%YleY<@lPJ~$KZ|(=9qw2CkOmL;aKiP&SiMg=mD{K z>q&uCVo!UG^p^BshqH&6U%*|ETzNCYfT0gSN$gIm3AwZDiKw?cnpPWG-oI>I@nUdj z+z3rsxbR=CH1~hEc!!}&V{=mB3xfJ#vNyMasO_T7u}#9PnqxmY!CHE?0zlwIGwvDz zpuLJv-+7THW&FYsc9$J`w8h7@oKKb69XTQzUicNHB-V%xIGdY}A6ZV`^rZ@QSLi8m zY>H+8-_xv&`ZyE1aLeFubuN`M3#2Kvr%&N`1UfYAVhQCd85LcRnZ#43ASg?*7$RkI zqkm)it^e%=Bzg!i^zdF*u)IKdH#3Pr|D=c~s-1RpY%-)X7WE`X1igFJKh+YG8!OJR zgzA~9SYB3?cU-{RG=ShBgZ8hMCqkW^Zp2py0R}PWoE6=iyQcd<=cUegw&Ct%5zAF# zf3HX8receJt1nSEzdMg70ESq(>g|&*l$qLWPVibP#K69*(=`Y2Q`=P5H-Mb!YV2f# zioeK2V%rATe3UB$5SE+ipJTQ|m(LSvRd^aIPtGkX4hNZ>5V2*FO2&=AhO&4cJV*5T z$W`69&{e(Grbl9$G#RT*6?FX4UKjB;OFKQct<8U_>7i)^#jfrzx}wWMsKeVo)#A=Y z6FVJFh<9Pp-v#I$_>-qLDaF-_VxS3F$XfytKMSmYLj+iExN}hUjy{&%kMi5{Vefa! zdDMe>pW9d-%h}fDfX%xIj$zF;toq>rQ$mbdlR5Q1vRqDg zAif1Oea^Kw2u&)&Tb-#xjvf+ase63!x_e2-=SbS}8%RYgdiuh573Zht>LXw4;Yy)n z)b5va0_1FAkIQ`XmV|tY$32MOZsuQvUsaA9E16m!P^F*K%Wu8G=PKQKXH?eNEsmyq zQ!oVIb+muiJs+h}E*5f^!b`k_+GaHS2-x0~vKL(J*%8caYaM<=$AWU>@op}C*c4Bh zJnw5rAQ&(c&Chj*HO_(-7jkQ#syKPiH{Wi)8P|7_MQ3(A$>%S*nS4h@1jK9>Js^tx znqVNVM@SYcc1q_0C1#t8_9+u1!1F*UiNf~0&M2~ck1Cs|L-qV!U(B-H3eI2tCg@GP z3z(mCT!md|4yJhDoAkBH5}$rBcX_mIF!fR#O=IbMDWZGC!%lYljgD9P5%Jx%ly=BI zw*px*YT0ejdWOoerCB$+=x1i(TD^ckb0c=hk}Fi zT=xYu$=+_Htb@1(2)G;be#+qKL4hyL1@T{A|xlR{RxEF%7v)6pb#JV;#s5|ko# zeb*H<(iEm}ApVypfN5(fYOYKe2XFWqbhXOIl{IyHAFzo$4l*T{x#`kOJBsEzt}el> zEH7DpuW6c|+&5y~~XZ_|k%Cw^JqV>h-&Ju5uW|0>hWny7re}&z&6uQpaU_ z#IBbOQn=UOrX8;iEbDk()noGaZfT19@-wS+0i41#B!3g~%nx>oWaG}>e=CaWqAiZ) z@bsHFz1l4E5?V)<7~e>dpQKiZ-4QvoAhBx{Ge5IAwh+{3-J9Bh$IN@9PCRqL-x8iKQ5ZX71$B`23{sxZD5_K`UM_ zeVFI6cQ0l=Cky%2KsUf~+Y}j5yvIbm5M7?(L^rED%Tr|kAm(P6_!u<@$kKK)vJ^m+ z%{g?dgaQJF`x3_Z-QOtccmf&x%|jrIsxw!Afp0h1F*VbO=WVfwg*Kpn0>3*nMvVJ#i3OR)3Sp014t0JN4qZuir&T$t;`UyI=df|YS3(&A{8$t_ zYH&7I_D=m{G)e@EVH8H|C$K#fz*u(x?RlE6v8Cy{Lc!)VM0cRc1Kjzf=vJ%HlQwgD zRLbWcMr8Sd&d z|8yp%^qT2CcKv0cVnCqYhzL3(gBJGB^s^M^-Ta39c;h1e(~=OGe2U)ys0Wd$F_PV# zG>8?Eg|n}unCq*;e_iV9MK{{0N*{z=YBbf{y)sm6Jpk=Qd|99S1rgU5Y~lpoPwL{d zQ|e*B5MN&^2@hCFc|I6WfjXFW)oCWbtKcA1cF3s!X3Hn$ZSHT1Py>zzE~RyAXP zrg;8WwuM2plK-W7k+!w_TUq#jM$Yy3U()|drT+INA3pm(q%HgZU&iSFi$O4ri-_0a zFR@{;n^GxQY<%E5H@5LA;pF5=^VE7?6Iokj;0CdCzsC!8K5VVM#y3oe{41Td15wg`CtK2J>Qa=+OmK3aN!!UXwU=kv zb*tb`! z&qzEf@IDmry6-_L#YWyws5MI|j=fO$mFmu}F|UkG&F{O0ip&9p0zm);zG#8vvrWC? zsQhjKiI*=Mxewup%4LVQw`j4#exc2K-&2BDn$XhKRj-pp$;B-#^V8YqM7olykQp0P z!IRc2;{kW`>`z*Owi@c0xDzc;V$0+L!lh{m{sVrCA84=zNkK044@X8ykj=%VzSGH+Ngr2A zD3h!D)%|tVoh7p2_~5tU6^t02#D@UK+-2$?FiO$)_Y+A)>w@(;gCt(Q6|j89Y9CaJ za`VH>NR*Ln)`imIzb$q!3Vjh6OKG1LNLhuknGjZzEae6=zDgWaHX>b-k<7PyimgU1 zQUpkGcJ5PMEee`~3~*8wvO2qp#9Yze{!z@gy7sZRaT`pBh~k@*#cX!;S{{#m3JF|z%$6Kdco5kZf4JL| zj=_icS}y5*Pk)a)U5Z_1H?jojFTSh1B4ICiDA)CD;2o$y@9=X(S8g6G57@Xe%slh> zIb-}oxfRZ*MPvtr@h;ab9MgtGqf1K!a4x1p2w~@wwoi^71NIWkPH_V?TSHHJsjE!; z0?aMWVxEy$n^Ap%(2H&;$=_$*W_z3En>g|-GfY@m+&6K$S8V3^xrE|#&WVFiIIgrv zvKgI=`26|v9F1Co3CCgHI4yJh?y43;3>|h#BZNzFSq$!EM10u07`;z)YMT@;+=CEL3(EX?3-V}(^bh;nLx^EL$Iihr zA~%K9;FsgG+{Pwsx^oSqzkUS{_`B0g`c*tC(|ea)LI2rC&4aWrCjH1t&^#tg&ZJm; zTQ5@1t2YLK@w-ZwWUL}&NVL?u%2N$a+z%nU!oW(s*Z%K^i?htmbK;l60<#Zjya??U zvb$LZDvf6!h>}E{>@=&rQ}lR#oqbRJYr2BP`41pJgyhRvCAfG*`6>Qwc+60O595dM zhtDr_=ru5YZ{xs7SY8k7dG01#2qM;|QTwewFtl_IC?SwKb({E=OUGS7vXB+XYskU* z82QY;2a$7&5r<{Vl}(gk67$I1KU#V6WI9iXtPYkJ9}aw|qY~P-rxWT^){NcSd`3!# zF^99t-9FIOvosnWdWQ>hx;jOV(-vu^e8+AtxSR z_X&X~NaY$I6*q1hs&>4g=RSTJZuW2Ot&Lx zQr)*6Q-Cu^eS@^bKa?F4^U_Rg07NLRlog$&VW@qBf8bUsk#fi@p&5JA8CGOc6~~rN z9UXimEn@rb+PnrTFR>f7eRU~opW;6HPW!lr40c$?3_HINN7M>VB9?Iqv#ZbLw!Z%g zxVWH6;r0?J7!rO^&JK!<;uztMAdnv$bI69}fp>n4xELHd#2W}Rrv30);fw!mxt=_K zDQ9jjMXgB*<((QdMrWUnPVms!CtSdP_t~e2t-ftK>#!_gRKfRxWSlPq>qC_%;8;w!tm~MAK*|jsuhurNK$}GRlUcM(5 z!LD2MzqKPzFaE4M7YoT#x!uh5oQ(lB zu`cuJ#f4y_?bRcRr88$wBtKoK_VP4FdqyDttI%@&J=R_rlk?3!m~q^3%TjAy(5}rH z4-mDE=@122ZQJDlG_0;Us0iN#Sa2oDG3)%qn#e0)L)3Q>eo7upB|JO*j{+G(`_f%n zY*~_1q~8niB{KKNX_#vHL}oeEHP5vlT10jU&x@f%o!02U5W{mAGC`@cz4R_zmZRDU zQDnK2jpy)QYe3x8#*(0+VZ%sbS5$sWh_t+UE)-}og$kl7|ouhX!J(;c9PCfW{TI z*ZW$)v~E=ReWsaxCXsJll38PnNusW@(M!i2>2h%(@2RgRTC)S*dY$yr#W4>>1Jb8V z(kQd@?BNe%n<6pr?<*!m{5QeBuFN$G?g=_F-7NYDp})L8`gKzGh2!yWNiGc*U$iQ# zW+I`Co{-E+t@7`9Sa8la?dQ`N#qG${-(#&&Qr|_Cti?LlYKX{;?fU3hTk}JMaB4cpOp#7e}7FuCPE}N za8|zDO`$is3lU}I3}Fll6V3j?bUU!?got0!`cg^2dX3fJ6RN9^>|aT6y0yQ|5x>Gi zip|`T{osKerD6Zn$Azj$C|4Qzq^g`Dm6KN2PEPh-xQkB*ION_d+}dW^qI(~0;2Yo4 z%zjcIRlM2(M%HpCUgo1b)|#;?ce9}Ot}f8 zjC5WOB<~jAzRZ+?EJ)M&9IbfTPc&|6m=3*a#Sg*eEr|Syfp7v2bJ7NKOlYm@GA~sy((*=MRfH-G=f`!WCnF5AI3-{+*XlCYq_q3-6q?+C&%)H8E<|7Xlg6tZ z7pOsishx&n-BMMjLf`>DnROo4{lV|blQG4fD6LkLI16c>Dc`}C-b zto*6%S;r+t>A50fykafh_MVt)LL?%}x0Ny=Msw;AcCAS5C+utHbF`!vL`Ed~u)O&e zC{XO2stI5~tv08Kfq?>UH(P>hx|DPK4D;wYHm4JsLQ{ibO+P!C8IDdB`v;_jZ@V?R zHBFK;)G%%VyU_^J|B==_d}h|fZR6bMV&|FR&CkaQqs0FlsVWfUQ-&tlP`oA=t zne^s0{aRE|-`?>%%Ssk*&Aeme?Q@^%vmNh|rS1J2Ju>CJqZ74@z6ZD?XykH;=eVJ;{clSn4Nw75vq>T88!1pu3C9 zvAI^GpDnp2tOhk?$>Y@%=efR5hb-lV+H>SsmA*ej z3OX;RbsiGuU1f|~*OdHC^)@!>M(_*&j{dR_}*VWk=|A^;T_B<5x zHJ_wIxliD2aT2w$Q9BJX(7B9`!EV5@jE7VcX=^I4p+@NT>WZrvkx|fmjJ~voL!z60 zV4$d6f2ehcv)sr_%Km0d|UuDVTv&(lM9g`@yHhBM~w$YlUcYOM3!Ap z&VvW+g-k92tkOpVp-`e4ut!#{J8waaV#h6bDY~o-hr8aE0iAn(55rL6ue}l(-9&PW z${k9RW`D@YB@dUYQj^8_WAb85GN*_-m`>8HE>&5jDN02}`AT8~2Jk4(L;y^-NypA( zk~8{vBRZj}j?F}+^wmzov7AB1_92+QZyyO-fp2CMIOmlzOxgvB_GFTfLb;&O^8PX3}Nw8xLlI?^*legz;ID*bznD_ zkbXe=T`kQc_t#JMPx=3jHDZ+1o*lmvP3HzlKPHuA+ShDV@r?SUh&Xkf zd8P2y6VTJEaXX(tw!Y8C2=iGWVlUCMei`9@x|;}E0n6kJ ze5KZ?wDV_lwtO+-XF{Tvy{AWX8iHTar5GnMGnq^=o%>TuArc_U%pb?ei=a@Z28)%6 z3EIl~ipK>{QZ3I-&P%wA9JFW+4UXRos*-3Kc+qphmPyS}q)2sk(Qz#v_BQsfM#<)Q z3Evy#lQ1?x0@D8>-q)x^n|=DAzFz}Nj|T5q_=`i6ea5O+q5Uh>4hgAvcr8!rVz(689i%IoKgNu>ZS%LRcab3?>Z@=@RQ+z&Sd&` znyUK0WDs6Sl<_ryorW;Em{KGdhq_-9BLZcqmzF*>dR6RFrtucIxwWAAc_uPzltAQ? zL3t37<2uqF%T>>?uqf_yO_7WUj2xB#wZE&gDO8;&DjW&46k_e;i;k-GblAQXTKP(F zluh7E?b&T)bDn~9f*Gp*^Z6zkjZ8GJ@RrS zuseO9=6j`e)X_N-ioW3#U6K?S54sLzh;DRj!dq_&jdgi7>{!;;cS_XFcK8z>+O0Hd z`$kuEE(sJ0LT$aCcbhuD8m)5vUAffW8Qc6bB)`cvcdtlW2+MmfkTUIK@!;gnLD|2X zHJ?=2*)OS5tJV|uy&sTC-v-J^ODFRU5`!+vTX1AQYL_8^dN_Ko5A5J0?jyNx|i^^Bt)ene_hcL5UmCP z>H#L}Y)ZMVJ8_;XLqq+R{2TTGHght454o2&j@o_Lcy_MHSt2DMeCU&2 zz!=b+l0pCCb(+ZoX$Phl5hGxR{~5EV!y_6#0{E`h@t{e&3Vd}#3T%`r_{l}u!2ggw z&26jQbG@{7dJl4cpgik`NyX6gr$RtIJ&WJ2Eo^fP?lk}CE~M!^9P%JR&B=Jv^_2qy zuLF&=@jXnv`z-li=vLgmJwkQ;I&yT;gJLm^WpR?dqXv3$O`S4S!`S5JDE(wMa6iQtm^_;9Zm{5V0 zQ$cO1e)VusySadx3-PN!#JOhYG~4d{^sgvI{n-GGsiB_v0TABZ_kVjGSXRk(<&TPT z?1gQw9@~+)BUN4lyFP=_5$`R*CLUUB1@f~1d$P;U8f$};(O)sL_I#uKH{7D9tTElsl!g6suJ0l&PetqL*?~XEyRuG0Nl6Y2s(HsWP@ru6G>~*P9su zar^K3F!}krEst%FeAD%$%UTpWUEL=c1~i{$nf{|Wf#cOv&NeJOy5Iwa-IWrE0OW{) z2zX_*wp+!s|L&L?Ni0Vdv% zud@2N)PJCZk&6b?<5ye=1eBBAQ0?~Tv>V*F26Xj0;Y0AAjT<&nwW+ccDg0Rx4dr+e z03&}fIAVyoW4~kK-irpbq?Q~1@qUD;+@ zkO+9`dlC1LdX8;pVm@jx3G6&c!(wU!M{n6UzS~_BaC1|HAA|0Q7Il^gs$ulapYb|5 zo?6x)1u?R-_-d+JZMWEBtIjiGy{d`_wDp>)sGGAvux1Vn>0EnPQWj?eVq`h2YKi|c|OwZ{WG(DZykuz*%wo#>m%}D_#ruNZ5(qd>#U%FK) zH^t?myWmfKadtl9C9v~qw4kYr9POgF;2cvgc)iTF<@-S8p zix(}HoEm3ip5qT}YD>S!Ud4B8$(-9XS&JF_? zr5%U4up9rTd#>vbbD%S@T|W(ZmLpx;jtQtCd-KWfcHTmRdh+HseTMdj4f&oMIY+RH z`lVLl)F;oEAI;>>R8k6ZeL44I(d>qpNEpkuP-XXlU(ENBLoR2DMJcqzGqspY;J#8X z`VelaBIm+)C=H?gBTfUzY=}}Q)uS1pt-0vujX zO3FlJZ|!$F`jT72nvP#{PA(PATrC0wKEwMpTfvv&u7Kf~g9W|jLMv3A`Z-jx)_;R> zp56cENx1kB+F=J>+=>%~?g^Vn_4t(!+il<@L&Uf43>Rk_2(8WERA}N#ADU%&QD{mj zS^~PP?F$jvcI2Tu{w%&brW5p=D_1xZwck$Fmrmw>`$maOE>YcZ(Doh3{}(~pTV_EO zA-Cfyp^p!SPhWFXxX>PNdr(;{dC&Wg*l*d{x7UkL&q4KNdEysUTEFymaY)q9q^Snx7NZ z{o9nS|MVLn4rY2Yi30hwLj{-|kbEdLc0dd!PK>Y-6~0=x*B#}Nr!9yZzg(+V%AknQ za>yp^Tq^#FJ=bSz+&kD;>7{2}ROwR|fJQ%_ZYd3J<1oEx6aTVL;OCqMTn{Z8pt!}N zm=o;}IGN$Cfw`?GYOOY%a!DF?FP-53QLQX=T>zaQ{Sb9!nB80oSI8_TMy8}k9>tq2 zuRScsp)#@NfA`hj^VzJD-(T0PD+2x`ni_S2nC;92`{Mp26qsSNXPnob8}ppwzSf}Lh{USC${K7U<5JgVig^A!$>3r>@zMEmm9oo}a=+FujWDUvCFw7PfG z|M;mJygG5|Fw}7HH5Vb5#tC$eB|8gTt6`XFY%toBCgJMV8n>h@6#%U_&5ux-u#`ft zsFgIPBw#X8BUP|}c{Qf;FlVM*DlHSFU)7!eiO!I@Gy32cOLe8aG zzoMen%nD)IP1qOTQN)sDjM{$*7%2aQb~_l$?=-o&m|v6ej;(y2hsDh>fZ0e z54-X`MXg`YZd&`~!h#XwLap||gW3CMKqu1KlDmdEe^pY;_^XK2=T)kA5jrYf*Q$ew z{zc7ZFDIW&_+QXbCA-Co>@k_ZX|?#Rxlq1tC>omJD85&_$%rc4(x7kzCjFoiJ-7N# zolahk#k6fLDu&5rI&|H#xEs&PQmvr1d=d~`7~6$4u$0G!yq*(_0F6ka>r15O=gS8n z@vskxXa>#Qk0L{NNyU^>`ZgZ=3t#*NDHOW%z2C7w*fY@Zr`G;w&Gg#mwC6tAa9X54 znh)9fz{L5(fdi%Q`JLPlT)SPaH7)uAXQT^ZZW~vQ-u$=0wwc{bK0@_M6hOj@eJ+gQ zXZV7AEy#dRoL2N`{O+giEmq0{pav4dgf&0D_KEba+xyL@iLQPit^6D}?za~O`zkPF z{k$>Wg@(jN)VJxD$qb3C?PbbIIHVfQjDye_l&KbNwXm({P=ZBo%F+9%{P~=+4J2XsLpF*heg@PHDc%;c{4=pV6{9+)5_C-0@hSQSzF| zykfiT=Hl@6BKlYyqjCPOhy60=4XG(f`xq54FK2Mn}B2l^NfPjf9XnS)TCc>hDb;~NB-{0|8PaJ(kanC&{+DlvP zGo>zW(hIhxT=r%*fD`vu*ii{Hl}n|5%+Cu+{Qg6Im!&2yTrPezI;J|(gCYEF9vG|W z#)UoOq3+mlzCLFmn5$34osn?cbUy+sqMMQTo4f|<_$&^*?xF*b)xwwbN;IaWrR6B4HA_1^_WR==$?mv6-7gdhj*xp8 z+auy6upupjdWiHQFc7+_v}Z8?$BMM_q!PeQ!h;bE^c~iI2>t< zM#z~pouY$QS{JqM_EjncO}3>@OW=x9665(3hoBU?Nyhy`iYDjuS5#yflJ|kvi#x-> z^iKyJ-6Lz2rZTuCN$ek(>q~ytKMMV^8@wl$*TwuUCRlCCW{E`DTk+N&c|G2HI33WB zFN{2>#-!Q9bsSoiIHps>=8v`2_bwe(F2AEWG&qQuIW=w^QDC((b^Z7S3753RplS8_ z0D8>sCqw03OL#;Hx572lQ|by12|a$p;9bAdUdRX?f}6MMQ~OYwiW03H6ttTjd#oMz zL@Yjo3x!2YT^A1yoybf7JISY14Rq%pQA0lrDo^b#$f z_0MH8IR%3Uso z4?Nh-yQ6%Jxmd!x!JvqQ32^0Y+uCL6@zSrAE@r85%neY0i0|;Hk5qb`x$n_if4M?) zPOGwOiRYbc5Hfz|7}RjLA9*xdFsqoS0G9LJfM-l3MRXQ=iMp;AAq8b_YS`&4S9!|1 z4JK^&@i^PAFC7R&c>X6EFqwO5tOFxa{_VrF1g^cu#287p^g`m}qO$t}BfFPC0^Nee zT#!g$jwQY9weFmAB$DA9?74m95u?ohx&n^jvMt#X-N<9`Ga5#RmzgDyUfY@hS^2W? za3`kAJUcg#Z#>VArQ}Q*}qzRpV!9oY(%SyP>nzex~J=6hL>F0 z%{(%)d$H!dtfkIwM^OSHm*cFeH=J<%WMbUd0KjAgs{E>m0Q!R}($<`{+6#rmXw2sA z7y^u8vb~*sImQ3oo-JlXL7%q-p{hL`f!TZK(L3gad;6p|4q7n;n?MqByyTpiRnmR# zBJ~0yrFrV;Rxnoain$;o+?J&J>KlN#U-PB%cs`MxWlIUYR zzgC@FHibw$k*!my#<|{oP5-7O3o&5ilwu4C12{X&+Et`c`b)fHC0CS)tRtxt zlhS`;*Z2zYn$+z{boqv3Eh;PQtBo8eR{mfDqnHr*WjN1LDM{P^>yk=hE)+V_mmU#}V0K*D~oJ^zLHflSj#oIb`hr?L9)FXa&qBiBB8B_U%K2O|ekv68FrbmwnDs)lNQ zkn6aKlbSz?x1Z6|7{H=Jyf(|MfhJTN%p9N4xw>_3BHL zVcpCePm8n`Fm4p(NQOV*uJrmJ*m@UprSg%LZ!DBgldMD{l0bKR_uPaE!+=-&OnnXME=W{y+GCFumX3M#Nt!U|tvFx-C8D6ZK!?mD&F-oSpw~yyai?8V%RK zU9q_Tc0Snuc2)m-y#BxQ=YM8B+3j2Q+iJz8WAMh$&&0IKwr^B)+!u&yWQFJ4zv|59 zV3z5XY1Qf)ywr0%zG33o)-rS#5Aq9{>Jr~izTj9-Fbyv7i$8HLxqgDwu$`+DU1-r4 zY`)UgXtrVR5U{xoX_3_2%^kb75*=cHQdkqmsTT=q7^zs;un#r0^^KLz<^PAYo3)#n zASof#+Dv&+XL?8T%Vq!8CHB`y3fMPx-?>k_vqvawc9Bn(#BH^&DsCC8py5pkA!@Ie zuNW8CR=#7r46p_vMXBWWgT-%|EYv~c*lG&$MSd}hk=iB=*%izX-2Mm$tc>kWSKpMR zLKOAeVHb_L{>-=6tJKCig`iZ&$O^_B<#(w~RL37ApKmj5vMv4A&Qlz7Q|85X=Te@c zH^X^fo2mt*?GMGaYs8l6mZ-}w6E2GgX|lc5J2cCb)&WVKZfm8OmT2S0)_laL6enttd@J10*}Q4$6edE3L)F2M2Cjx4~`=D4GZ z?rX%{@>)d2i4?~&IW%cG$zW}s-NgccQA39D#>B~F^=qM&2_N0qJmu5~iG?X;U#XA* zbEZBFeu$LIFwS1Sk5POzFl32ub`teF;X^NEcR~@Wj_;jigLAJA^7M_`j!qjC`#wa- zeUtE1Iy9`3bNX4@uP(pVoEo}%KGl_9yu4aZK~A7&JR^J`mn52(l@e#|wBTau(Z^Rw zuN+!RW_jWU)|Fo+s(Vo-8RwWqV0s8QeD3)T#ILL{b^dxPe0fM zTH4*J=Gf}*2}>nHj_AaK2x{LUr~vyM6t&vP`S@w(K$gDKa(IO?<^d134);4XNmAGW z7|^D<9=ImC#d_t0ZJt3eQ1#o7R!`2{4CzyXkg^&p`wq+h6U>oiERv5klq4BRlDiJu zDr>1XU_cbYBgK$L=UkYT(rux_PE!w~a%uGJ!tBYCq$c^&L9da$#fYtA)IVI{g!g4W zQj%xs)l=?QPD7>H%FHIJzMHBV`u&^gbDu*c#zL&mL&_}}S^yEoH1E3&yFZroiIPW3 zrFSJc_Y=JklQ#F>jAxTMn!sF*+`!7|Vi)764%^Rq_+U}tVkL89G5!}CETqW@N~o5j ziodn3deVOik8{4{rZ%mOopip8&F$5Lw5(4}W5jd)9mApUdEBz>?nfjpbe)o%bFn9H zWe=PBbQzGYI}IRdpI0 zbu_cj`dR+c(U-bn_}aGVAqFUJQDY&6u5Doq!qji=o+9Gr32umXgIjhi8H(PFIk1tW zM@YW|kO+N+kzeU0I+{~kNH2jCTi*;r37A0i$u?Y$PkJ|{+)l=(rV3-9{gy~L0QpA6 zwo)ed)>P!NlMg)yR;3ob;FLmqf2dxC^KtgiO&UG_cTLkD-`yFY@POnZe_Zvc_hy{+ zn(`=oU5C}X47f2oXfF+H#3G&tQ?>Z_fSoqLEg^FbjgM&s&!0LbEUsR+ajPeH-xmqaYH$mfpL4aR_%94?Yc7lK{}*PFEcbq<&$9HRVzC!I79v6Ph= zZZ@FeVk|!Ew&0`{>!3s+m;^jf1cYyf!22eUydAtq*5=vsqh3*(P`dKMvR$4HcfHwS zM0{z_R=t$Qi%=7lb6c7ULfY=EoY)gKD!E>Z8#O zi+ulhBL9ksP7bEWs_8LGXU12o@60B;t#-ZB_-gobX0uyYk<2pmJ$6JfAzE--2ZAVFtEcHgMqDXW)WZMSW!7v+w)Ey0jARx8}|AOeEr*9 z&`NM_O!weRjH1ZiU*6_cNq%>p7$k<|PIE$qZ++(_qqk4D`t~~_=AuYw=SMjLm5IjJ z(g%|Pr{`mV15(2T4`RQQwM#`ZF@Dt^tMu%Ql*=AvGAATIKX%A|_`D;0Q?9;=(o}x@ z^KNKP)UH1v{N_V*IWVY~sGEx8!}fx@ajI@b9Mf9UPsn6EC+$SIhe0?X?k%%D+g)VR ziImQoslIYVD_1gWmLTR0ksxOa4Rc{sRfK|Uw?S~BYCho{@$$zeb~ToY zb*rW{JrzxSQ%#D5E=FfrRBWVNfVuTE>!XHh zY7rVX^y2LsXy%>&iX#_Cnc@G6gl7KOSjH~^b%T%CVTMFF5J9BC&$bo3Vab27w)MDb zv$~ZddAHn~Uoi9kt^-GH&EVw?y@M{c^3pEjQ=*QuVa*z)jNqg`daG1kyo5KK%ZYW9 z9jtcaCZ8Y5uT)1!#4(blNC4sys%u(j!sI?3yeET&RTGi%6U1H)%9Cs><>k#0MF#29 z{&(S9TPcB)7nB$!%yK0>la=CU7%&IHhbsg>DKOCSUH0aqeC;=0Vb?;h~MaZ%rCSZy!s_B7q1!H zWrzQvItbI;H*iUOc_{A;%7t{VeGhYsgQ>rM?_5OLIBMy&7~iGjAtCFta@9#4+ht>l z@!41W*Ey1*kBNPK;aZjZKkul34R-zqhX1oGxOcMyLyD7pv>X2guf=sBG6yqxPquz$ z+8Av6{fHxFVKM+Jn{W)^;JCU@)LQ;Nz||f#**6VFsQ(e5!q$HZXnL&vStH3wXsQ?jO8X2_oXIc3c*yu8IMK;&yNF=vVm;ko%h{X z*>xEIdfA#s58ocg9$&$u4-s)}0UheQoO)p#3KE6Rzn1T$OOi4TRGyRg$DGLQtT$Ix zVNEE>ifi@r^UnH`;25lfI3rcF9}50>np~%%c}qE%_QX`NJLku&(~2-BHb0SEt*zGz zUuDGlk&e=@&^;tC;rkoT5$|}dddeXwCOQ1z*Rxl3&9eH)vvDQoA;+?w^<>azCE&Fr zXb$SmHhgm&OFH$O0VIC?ya_#PyR}$_Ti$dMQP#+Jc5#9Dt=3uuf(N=31ydP%Vl9c? zx}mN|?{V~2G4BS*Q49@p6{L#XwRlwcoWzYAKCvXd2)G_>O;qah6JCrVJ zd%OTqH2?{Tj|doLr945Fswqif^sAY;-%@io0O8<8FPWQK^8t%_r`vO()2PE2{c#3C zi?wcxcSU=5ZP4mFaVE@i@YC_J#R3ko(A96TK;%QM;yYlX`zur6W?D6T@6s%fkYDh` zAmTu_KJ3cf3qaxrSZ`>GG5e|d;#TBFXEG9nv0}5N+D(yped?<8wujv`7B1F68U0es zF#MgH(qiEN{P5p42E7NvoI;c%lFQSqK2rCkDIFmE$f?#qQwxR8cO3Lv^I(vC`mYeb z1`Cruu~xX!h)$Sw0*kTBRDkvoW+lTk4mihj=`P^n(cS0m@rI-ITir3?UGAo%9`9-M zr@N3maDT5N6G^gJ=vO*%s_)*Jq?q9l>7dM8Mnd>hPAG$-JXpitbQ zxD_Z++={z91Snn{f_tIG-Jw`^PR6e zQsnaq?@jC!@v1fmIZxH{D}mj&6PqH9hQy2W z5F&-wOKPr~B%-g0=AR#(ZHC$E-%e)Qe{Z|b^v2nIlGGULds}K zH!wTlo-=zzC;W}ZrZ5lDI4ry9(3q`qietnbFtMSvKo0)A(@zw4;y;GfIAq_jT(_xB zXXpLe=jn0^#|H&r3VTo>#|0xWp3@m=iXP7cIN{5eFJYT9R*6@Sf-Ok%r~0pSreX2^ zY=TdM2#7am4(xF`v3EBb2(I?LwD5H(zb|*Pl`=A-K->+99D@9@DmyPT9l)n;r?a=j z17e1AVf)`tX`eGg2f8BIU`L@ivu5<6Cwj2m5hIfa<)?#CH@1=X&|>U~5Ff)XzYf1A zN$SqfI~?U{sN4=x>oNRsPy(C+Ri)7xzGcBS+i_;N8H7|pAc2Wtoq0eZ;i+>^Wolm; zBQ+^QFuV1>I(2^5;~SX_urps`cALOX*<mf7<)n68@DUiKpiB zYsTXS#n!gSdf>~#N0NVmgD0c8T@*#$;_zd1moc}^SVF%uu@ZH1u&@RNO1sSKdnBe8 zfg%`YQ#g?fX8trjB+jR#;rW!X2R;7*X|TIDT6Kg#>{toERx^0miQ^27Z#PPqw-l3S zxYwoD5nzE z6-Yr%zR

    uW^#6HDFunlGLB6yT-^DGbe!|k#;zLzTf=GSJ+9uMAakxRN9h=csZr* zoE8#?>294i>R_eprh+H0uc=^mkQ4%xT}U#JKW;TdVR}Oa*pvLuoZRre;6MU8D_2EC zYzM9HPz0>jJLTc)?rO%8v4S2p(|C_;=&e;{JsxX@f)!+kOlHe|iVm z=*kf=`gQQWxb`(mzQ;u*O`A59F5XgRZ=765i5#g&MA%w5-ktxh;(PXdfI#wk;h^54 zfS<%K&x;vL$I-xqn)9EUyjNRRhZ(cEgPhNi*A&v8;TJ`wJ4T^GW+8-V?sG7IZiA ze?7?$6)Rs|4q0(N_-3IkP^k3#$C^EW!z1z!H0c{5KJ4-hh7eGguD(96%!Zf_+J$M~ zWmO|=QhnI6Tx*WDPwp6-1zv2#@PX7rKc=G{h`uTsgak{iJ=i+nq%b9+`knoR+Qdor zhmkn6KaUZ7tlm7L3adLjY-e~!|E^W$d%Q$uC|0ehRCHPb^-7lasqRMfy!TER{hKN_ z-3$E=5+*q>`{im;C{pt{C_geW$rO^$b}qUaOD1I`gkaV?!|s9L(oJ)>|QOrOi zKh}h=#zG}D*c9s#d9`sAefP`gjMVJm55$zhQDzv_x$IJxv*;}p1I1Wz%6;qr|Nl5g z51*iU_mNdZo=LSFmPg)L*aVDo-^u=O1~80FPL~oaA5zaMUdY)$?`$D5gswGjK|;3A z{zXZH---^+6E&Y#f=rLgUw-Z=&|KSXwECXO@!r{@ejC#r6grYX_ieO(C3Tt|y6z#Yfw(-| z9+RGqjnDNjo@e=n`P?5zrO=fC=k?gN$pH)QR0~V zd&V>IQ4Ib?06GAz0rR> zIrCoHsf4ihr05lH{eor|#T;^a@fe>#lug|ZULj>hA`X!ZY#p1+sn;Qr&&T4GnANuXFu>u zBtFK0m-91|n6-EAsy=leFF;KmZcg+_!{S|lztY#e|JF!1OxIdWSi?QtwRdX?CLT2*LpIu}E9WC4sU{Z>Z3TIw#FJ0qsuS?fGtQq+~f!ExuV((jBefkbL^Y$rZvU(QGCAF0@nmFOvLAW3*d*#G>I+J#DIK$iwL(IndU6r+)GHk{pbm!f zOv9-O;jxE1!O?^7EMM9Pu5prZX0LNWFN_&P#U5iXux5jG>RI!=)mW|7S0kWqiQY2~ zq4NpA3#RNnuicdP!L^7O#ZxZ5siV$azbgfLPtf>~MLtBjQ%V9HGgoeK|7mFt;V83W zv7@$Lv>nSKKC$Nr29d?x+u)10kXN92Qassn5mx~ssx1Gj|FE(_glyeO96F&<0zFgVrm9Y}jMFvfzwJt`>)}%1Ck^J3#DLfunQ+DP&OxFuF#* zzVib=CJ+&|+<1;hDr85o{&45KEcncp9n~=~(7JEB&95=}g~8P5?Z-0~fMbuc!`gUg}?Tp zK|}%O)4R(qXW_+t=DT@lk5B|_&-~Ar-nBHUS|&d{wvdXIh331AImi8=lstjEHeySP zN&P#rjO&E4nweD$qlp@uk`@*ZhEzVJLNx%mjj8FwIz82JJf#o2>v*5;{n_{C`Q2qL z{S|BRcj4K^?<_Ol!7Df1PO=|FrQO(&V%Jp{kF;2+5`T0WtP6zcluf8)#E?d8vVkm! zs@A=_zhC0Xq^TT3d9O$4vk$%1=;Ss>F=&pY`>`ppqx0?VNj~m`{k@B`e9hwf==69+ zFCxmFKG0h?IXiS4R(;XuJhd>=t!?Nj34OHsMT1%pN#m4vtJ>>GBaqTxH4uSsxR;-`PT%%pzLK`)%3Vu%|noQBKz+T`JvSR7_xm3bF=)H`em`HC+oP$ zbE38%<$@7N;yh0g3Q1NQ8U6S@=)2ttg`EMXBcy@{+^swJxvb)Koxtkn0$=Pxmxi1& zXQos5#>>=c4x9vj%)#BG%kwi%hi!4wXIfSv!Z%88%p=Z0FZ9Q!r)Yp0{;-y>qdPll zG`x~K@nnf{b-tO)6@(ja7X^_Fyzf1;DVx342kL}LF>wvR>JCAlsb8kMs?~P97H=R+ z9U(t41YeYCRR-C$#hTviZb}Eli0zA$dJR8szH!F{_idR9B9^In;qwX8Hs&+XJr#zV zo(bR3JPck`_l>I$7yHiwb4khW@DY#G4l{h0HXaUhMZ;IOy@wCahDd$BBzIj!Z$77+ z5{?JIF<+NYffH3QX{CEF72mmmV}B}jSMUf&=5{F#ZSRxdZ`;tbe&x;%0I!_=B^|ZL zUovodx9@Tq^HUFjr>=iH)Gw|ys4w)|$IQOlK-(Y`n&JL#vFs_^waGqYq3ik6XKnDL zjem5XvJjfh_{rf)wch;~oLiB54i2x7q<3r}5@9goQdAbE*7mYE=KNFLdV;1?!iEvk zWQXp{OAG<*CXjCx{>_`$-EUqb=;XOd=0!=bA?LiZ@xBlB4#qRCOIC5x5_n-f?#dzt z5qRek=`@GAQx|RV_`TnR8|cxt&22loOZ>DhAKT$v7bekf@*j; z&V7cnWGCO0>dOUJxG4?m2>dOwCqbWh#iXhrQmea~*jNw~ zDz!IkN#9{3Ydh3;fUJ!X(kH8L-Pk0D0g@w#f8}+2zRLUj*qFaJkkA6P`kS5M)^Pe$ zaQ2*Q{)Wu6&=mPwfy9_|FQ)koW zFUM`jbAT#-PZ6W<^*3tYXmvHs^S_H?w%^Etr!WrPAJsq;=BZyeG?)H`o+u6QXZ zjqV723#-;rHsp{Z0_HtUg3VevOrL|K_rqdo_IB&ussYV1LPe=;38SkLh+f)bta*WY z-i0Xi?Gcobr};|*pq)gg4W z-9?rwf#7}cu>j)7=?>_;D1@Sq5p+k44*EI?2{~}@o3QH%{Hfe+z$0AzSke92OXZ!` z)>O=9=%f|>Rv-BvB#zfnPk4Av6==# z-%*Ghby_2FySVRIF4&gyUX}gjjn9-GBK1uareYI|w~qgw(Epp}`1d;swywu`;bW!f zcAOgUe!4wzJ3XC%|IW~kFMK!Q4UYe8_TTjuzY%N}!I8$k8FY-jGxe$Yspz)N?C<;Urc?|mi$|{ZbP1f z=jcAJA<>Uw!d*kFQu_9lCq+e&#jP29gg9#S-I14*ks168j(9#G&y^;7F6`m3uAY9V zS@JeN>ibF2*ucMT3w|}$R{Bn!3-M!g*H4C=6kr(&?1U>@j8Ocdqd)wyC70qYMTG*)EpXdKbw%C46jBLBdG-hiD^C>Kx@SdI1eY9K#~q@SuvFx{>t_ULE__%)>!WSeu&HmJ6WXbol<3}2@=nK(}!j&_&BVV z0jrpc8@Z+`dd&9k4{JUtd@wd6yUY4XlJfYb$PdiB8+E;0ePlrDGi~ev3rpG7VP(>K zQ@ywy_Hf#r&qu%A;dd?4v}nEVw9&$QLf_Tj))^{~cekSWqYJgk=z*H_JgTmG@(l-M z3Eb?-c|Pk6sa|Bw0W1eU9}`DHDhs+LKo4b(x+!OTc~C z;rut-q)sW=cF;zo?kYBolgDt+|>Gj;3AeT?OT$yGm+yy5L zlVW+mUCxW!u5AiG3dFW+%<$Ry*9Ma)hI65L(lJ-hB<~r(s25Je@jwDtd?TW1rP$D? zqTe^dC`P7Am67^HKJ&Y8fymH**81nb3qF=#{USp{bf7&CWI35#oT2k2xL)~a3hRQ8 zoVn((jW|XT_CU(UhTlMz6r-QlJQ(MfOZZOw{tNCAA@?O`YZra2Vbys9EqnNsrJ((h zlbq0hK`q~|Bp~I|%#O&!YHeit3D`Z29L?QTG3+Z*NH%?OhR8Y4)aju=853?LAM)YT zs~qo6PENktr3b!a;hg5a{=o7{=<-7Ua|cIlEoaFeLq&Ns$#XK+oNA4_e35IqFo0~~ zh%?o$|1o-BcL;@F=uZs(w@sT~Wv%wdkf6XA+eV5ka2{dem6I!#4w>t+&-&FGNgw!Z z)cme6B3!*&psFjZl9BW5xD+#v4gS*KV@uTsvQ|WOV6lw{EM2$o5Zd5H{J}YUAfX7h z!~K9e5Ykj*dt`U`S5WG{=Dp;TxUJ8VIjP_!@46=(XIbk}Ku}qthE#z*!r9+Ln6>%L zlK)L%`1N)OSwy-+Gs){Nbb)MSTg)&Vn(f2^yuUq1wBn_5IcHfv(eBnZUU0@JbCx-+ zv^)jfAdkbwDV4ArsP81gKT_TQ0?l^wxmo6Oq+HhD&xU;yOBp}aCtC?gCc3Db&c!nv zcYB&ov%IGbHZeGng^{|NGvuS=!upLbGCs9!C$DX52#duWQ9=o@G#dME5an!W{?bv0mq})KczoQun~dS2ASAOQD0tbM{y75`iF`4; z0InN8Yf>r4NujDS$w%J*x@UsQ^e(h5kcUqER6~EbtBaf4&f}$j`9P6ESEz!yCS3$1 z1rSk$xOgGh7TJ{C6=|hT2d>nI23X=6@6|3>-x!d3b&EFd?YGUCYD`1z2l8TA24v~| z@pPGA&K*e?e0-sR87*+=@rWoyK}sJ85b5lr3ZAF5At{+ohbNWY&OCp-!4O`T8|}|U zmlB`+_YAIX-10PT98Y%2ruoeIwL0MB7li?~!Xc*7!q0g?E-A#`KLT=N(vtx}>Ro>5 z7lTr}7aKZA_N=u+*H=oyuiwnh*Wobgn}ZyQRi`rD ztNgD!>Mf-=NuDtNl(U_Ap;1jSZ4G%FkfIa}UrnGXxAAVXR` zEYv~RazKQQ$pdywnu#ofi$%LapYefbDm&H?F*?_ zk7ci`&JZkr#Ai9pKoTpPJ!cG<=**k5!ljLcvV3-KQ&(Mi8*SYduCJHRdW@WQ1L#c# z#)NoJ4--CD*f7y4JaSl2d?rgP4+Cs!+5H~19TzxsTz7haeoMzd5-suJ`)V18imKjA z;O7(4O#?W&#U%d+y9)JbVJ9l`_C0<<;1p6Y?9fREWNDgS_u3ug^1AbO&d5amp5l;4 zkV~2f_k!8!(t)j476cQ9jmKP{2M1&hp`@qjceT?wrn4ndeV zdxdfIrx&?isuxbpI>Y9j*?Q{*b-3MGXTJZ31WhCl@{Gy4F^#Z0&YW9vX#F=>#LU6; zY6<`>SNR46WC|`&MdOht(7%vandswz)eqB1?`?Q5ogDtPMe@|S0ZqG7yW>bPNmW;7 zq|c+D%Hq@!V=|LhlhU#>;8$pWxJ9nytl2^Q9W5QEP73u|E=|?n@A1@!yRF8*1TsGD zJ#>F1Dr6K({OiGi^@<#|v$W_n%R*sVRj1eRn)%g!KFjsWWXTl%rzuT#_IZ!XYEBF$ z#84^xSu}mk{j=nncbyM$;VW7iqrS`S=PctQhc+INBzu8Kx=&o7V=k2{J;6_{!=-%j zWERQVNJ;5lC*PC0#P=E-apPD~jXeJ*>xG0Z{nfyJF10z7Py{p(i5M9_CQ~qR6V4kb zc7-e&UnY}ZnO#)>{hAI*st?U|Z}X`1>x>O$ycPhsDFLv1WXNM#snl~+rlEVSf@tEW zBXJ%;1K70r`-LW}zDp#2wM1ksxk|DKNbBR4aHWrqYTe$+q+N+>;@QDDa^Z7Vz@flg zHfa6v47FNeg->%9%$Vd{Ju$J(wNMGQ?-|6@+8Xwx|27dWtaG2+TKLGc+^UFWE5U$m z%v82RP>iT0QoqfHLPdKf{v3|#>=H>g;y2lX(1OUhl$h5-0^(t|X~Tq`wru>R?O}#< zqFVQMp$x^3R~hyl@?)yblwzr&a-CKCebo)sTE*za=da(|?$s6SRPOUwnq8-wNhgKM z%@*OmiD07h6Gd}7Z}~HGWARU@aHJtXjjlJ!u1!zpL!2noP>oJZt>=BrFwUAGBUSd; zA-|fIM4E~5GbzIcfMCS->pG z8iFhYNf&NhQsOaVTr7z{1N}DDwK@oD6h=L=!pkc52NDi+S{AszLC!~`8PBT#pJ?|3 zrPk8_4Q&pyWcAGH&I`i9@&*_|g|V?DDkG4>Q^^tljwn*Of_T5+c)^4rw-<+bi?&wu zZwDf+Uo_G&MIkrcjQA?9NZu{grx6Sq-;HzCc+-tf;=ajb+Eh|23`yqnO4;}wNdLcJ zQl|sr?MWu0JRD&Z#X*V|-~qvv@4wm+kteuYUXom=<*h}PPfu$P zP_~v*0VoBW`Bd-L4+{6o_O$rRE}BE@TBgtUF|LOufpeKRHV+5<86)*u;Pam^mzTfg z4$tgUN=rq6EWbKK z^C_1rk1esw5X3z+`e?^2*JkO$nnh)&0RXnLSkk4Xg9L>Q6kT83F(#xh;MWrQedhPn z%}E@yfLH0I+6FjW5^3Y&=ci0Z>BD?+an%cG3JY2ANSR0q9Je2&-jg2|28~|%RbkpZRw4d6@wv+J-%UPldhne0FfS;4@Ha zFWxqf9z3^aqAj_=;{`ZQs^Rl$NWfRP*r>AZ$sdb40^d0`A}T6vu8h!FuQ#roa{a;q z*l}i)^e|#hEd$o_Qky!}bMryXdTMh;0ky@X3Isz6;XV{~?|;g9Ys<7GRawe>kv;RUf*Z-) zoztnG;p&$QnPaBY04vaN!Qe3+S7#x>`bvMIhFp0%R^AIimfsmC56dX!ypD>EKVJ?j z8LAh$LHIuUa<0tza4NL@`>O?x$h@Ye6b=J0jmqgk2=!0FGy@(-7e{I`(Ly89Vl;}l zd{qTe$Cfp{BlGH^+;QxM<#9?DN~kSnYLQOLV8-Z}7(TXmrB0r`c+!Y%?pF!*1wnD- z`c8ri@Z^g^C@`wLltceQwrh5fk2+6nH|s4OS5|*eW^3zvPCBIDL>8Xus`Jek5c*tY z4&eV{@sPOCdbB5&-B}Pdt?&b`9sX?L;n0vT&k{jkz7DNfeiRn>ekze=&HKz@a@`S) zVLYrag`2r-rVxil0by$lSGYx`c|jbO*nWqced3Wb#{pHGOIsju)~tF^P;?@Zn?+DvQWncIY<_ zlfeuUJL%1pFRO+&T^fUlTyTcfB;^v3Tk|p@`KFvbH61${dg&%c^Ns4trtSo9$``Wo zG#lE~rTNNXRj|Tnl$us0tuG}PCG@5$d)R39)<;edpk6eduifJtIvFR!Cvv@6FP6S~ zXNLd9b35rZOpv!gYux8{g!$x+OBXa$bR>u+6ONeD#Omhc4Xsj1(Wq$+8V{8u^KdA| z@c}D{@;p=2)Gr8UsIloU%3v93DB5Egh2N}CB4F!^tZDb0YGds&e zTzx;?DyF;Tj=t%GHFwhI6zs*X6Y#NJ({vt}6|Jhe9(Kw-!CQq3wG9W%J!Dq^B1|d7 zx3#oVz{$A5GXs#L^zm|R&5(0^P53(#UJn+ZtIs4nIJFuL?27d zfw3a2BoPxzjHO_@7q5Fg*9w%4mh8k*wjdvGDb!(tada9@9J-MJWhIo=S-G@HN7!{` zxtLOVTdnI#D^t!>ljMT{@%Q*GG_FUQ@=S$Kny%%s^2yQT1JWY}Gm&jEI1?0okIHZV z{UDntpvIZxPk4yZVAI)>@?aP7+M868Agu;A;N@re3H{ltVM^9sA@lZ1KW zO7@{$fU5FkbC^}tAxht8ihqW$uPyzb(d!7r{ufutiU1i(f{ky){_#Rz>|ytP9yk2w zll=jh5C*TH{d2n}%A@yv_NGjf|4)3*f3l<80)S!0gcfZ7Ty+&zcJ#i#K`Q^tL}~T) zC~dHDYR89v#N7X19@^&(ka6){t_nS>7)?Nx$X3CV&Gv z<8V?V`@c?{`}^lR(A?-nuNxP?zYVf^Q!w|O14|#F0d{piAHAW+qkRt_63Mngiq^?w zj%*h{qQZZ^oz#3lIMzK;@5i5+zZ^{|N}zeiEyF^WDxLAc43!P<=OpFx+YUH|2AX>q+IYi@-Hy2gg3p4ykcr zgr#}oaScKLgjha%7Mw0CA*ylFL{!9QuQqPUE`rUNa14ZzkFjs?EL7UhY2J=sO#tY- z*wm}82F8EN&Qwtq`X)(vgE>0|=Q{tnxwF#%K-0^wM&zvrS>e#HG!nXGkoPZi{KBVW zK4>)NX03#li66R$hde5_XvjRHww#svjd>aoav}TiqGynVBGUy={>a%`Y_^qeY4*Z5`kBs;kVSu5?;7NC;dz8 zVD7yL;pnLUSWtyb$=$Z`E}2Rb+UdIs$=!@Zt5I4kDJfP@<3f>w$=nzzR?R40;v{*h zZwk5_(yr^nwAUs36T`GvY8?I?hFt!~?OF0HQM-E1(0TxH0*>Hqp;^K;WgavfrY$LB zOdGxD+Sl?_dlL>t1)ItBlQktxasRIsOGuXA z@9By|0gj`Uec1j(E2be8PvhA4DhpN)B@`uH=C>!LEG@0Ajh7(b=OMo%sQqd=F7AD~ zk0N7a6 z*N2|!dl8pjoeh6%Dgm=Q#WO?m>gEz(xmU>yjK9DhIJ&T?;k#MGgyH904<%Jgu7oZ5 zL##t2*Qwt7Ut;7*fE}mGd6`meUOpW3Os3kbBhVoL=c*yKr2nAwtwW%KMzYn^KO$U^ zY?pJ1$FPy$vU?x@I>TJN=x#hjM+S_ZtR4W-fBTX|m%PVKkR?@uCKcszU$hMi&6KmS z!wGYLNMxSpAQE6L1o~t-$_@EEggP_Ll(MTs`7Io_*VaEwTQ@6<;8rW+3pUwH0N5OV zUV}PmcezlBOV`PeCoAJqUlWSWN~`e1VXqn*hL^s=9?j;{UjI=x9@R zw>@g)WXRh|7>)aX$q?6-(n|=*$9ZyJbc+$DU|9$Q*sRNe@hAwXK$+jy1SVT~njiy6LGG1e~hl~JnyEAlL2L1e${~152?abV5_35eGIUKeR9U{ zSU8emiC(rY=3<2@1$9I-G(Q)~IMH#c;H&JEmMZ<8Lv^cCsm?g+lL3f#lN`tGRn(#! z;krnVZJB0ndx0fCFiN+e%*7`4OEx>-p_J^}TTXLuopV780##6pREI4l%5tz?Zj8tE zuTwZzdY0eoJ{kb#c)68Wqbiox9p)N+o_4J|pkA!>41M*M|F~#-X^@-e%K17n0#%@EG2K zA_*1xy!(O(3yO>G+|&G6{RejDh{*3VFC@lj=CbCCw6{VZzemo4tT7lsMHHQFhwRP7i78{FN3Epbxcq~<7|rH z9&+_oOQ~#&mA5#}H(1$M+Mge9(^aGmw2B0%#oaoO6ovAKh0-$8UylkzOC4x0R6u`P z%MUX9L!hmgQHQm_@$rZ>k|UeAeJAzCRBz6d3D2ZdPrK2+MTkOMA!4UhIeGDcHLVzZ zF6*BWIAIgN$|F@|Ux(0!{o4>D)3HyoIpKxxy!_f(lM8jDgU4%T&{{C!tg3p)xFaeH z>)rl#$GkClCrO-oxgI0=Ac0z+1j1ezNf4VhoWwJ+a&Muz<}dZ52-B9{U0UEH5Vb9_ z(G=4AmYO72*gkL9=*E0(HySME9R-!Va%Ev0jUp#Gafl0pAa(Zku3Xi!hw)he^PpDf z#4Wj1PVNDN_=i+?V?6T+;6>Asws`lK{f6&jGI(+F7b~PcuVf=Agl-iB78B)l#aTz# zJt>lO3uxf+?&Pvh$dW81y_x@_iM2>uaO6?0OG1h$&D5kaZfX%Br@N5_Bg6CM26Onv z3#a>~f_{)P@7EC`Gri83Bze=y1Yp#qMV4C(BD2Bl@qXWz!aKtX^lu?&gcknUkUXnw zO6=9hOXqw0U9~s#?E2-jNzWe#pwbo4_Zi;30lasI3FkLAgh?K++%y&fOJYUTnmq4> zwOFI%o@rV{ezNxT=qdtM>>>Xk#vht`1^vypV*WZ+KAGIMxt*DT4cvYZGY?4M!he@uwI+)D6v>gb_FDvS&00ho^j0upYi3 z1}sVbmhckj=+b88n)9g6-Yv|4&HIm)rhfeTm!u|93h&ni>z{8a(com2G9q@c_p#TM zG)q)$@rBbjk^o9Is?iSvng(==&dbq7(IuWT*dAF$L!Yv(N>{Z`Mw~#}&UkdClPa0& zzAEOmUxGCmOS;502L*lHNKqD6V=L=ieK@LAaf`d6QW^FoBxE%A*POPsa1u41Y>keU zRpm<^KM^!W(nqUk`j(e^333$~VtbA?jL7@FhA(BD;miBBrNzg3kUO=NOMgflTV(n3@z8`g-w4`R(Rr5%k zqj)mu8vd@2Ql~MkjzP;5l}Ton- zIUHxb&WW<_DD+dt0<6sqktxFqHQG3``8^|RVJF8TacT^me79(cW;2A}NH-2Uw~Up0DMoUJ$7 z?dtv-Zo2Aw)SCz;9gCWG*A+FPE^q&-@8|Uzf9g1ds0hk(!xLS2)ZQm+ULEzD!wjpTGHPHtRIcvfG`_ynYC@H z@pIp5wFK%JE&wGZg7Gb^!sSN93iqXUQxfqQDS=c|3oUY1SI_GquVvJ@VxpYB3|Z{= zjECvU?yda1LnLV%PnO%aBTl{03pIa@d>|cL>MhYy-0J5xD^M$3MbiXHeAJWxTCEhG z8ep4N1H=r;7H>7=zcdBrVF~0&qUS=_!(%Zs>&*AlRo!h1NLB~J z9UFp&Id9d_kZLg;3=^f*r1}#fcDwPvyQVSE7MWvmZT7oz>b!*u$Mt@s)p>n39Yj}1 zN4yq1-=((3P+RaLGhFFa;?myhwA1? zX#HS{;Xe4=q>Dd>o@!OmAJvDXd!IidCbPdCcRmHOkvroz-WDCMHDVbFKyeka7s8mU z5bW*E!Og9CHNNS?Q4;cHVXL3i1nVi7jRv!DT4+p4bokt787Ni*dgOixg2HsJwe!PCUCd-E)ogy4MUp6Sfv=^BJcj1b)z@eylpJLCe zd7)^@#ruHYpx^jX9CUniWvy4qZq}q62)UKH7czsHB`u01FB~q94{E9((C#iF4t*nT zB`q35WN7+LcHOmm5$q0|FRpGeKE9{sE%387>cR*i^LVBu2un1iJP1Da(=bg$kuTi< zz@x`e%Xrmp`L!?qYSf>t3UB4?ntQR9$%g(eZ%y$2GiV~+NS>0B;5i0k(^?5|$Lns1r1DeWQuZ?grv4XC3F2 zPhRBB*quvA%+LKcWZx}WuFN|gQ?1>DOV#l2Q%7+cXgN?G@Odqy81^Klv0U#Guh>tQ zf3zN@4a1U`Vl9ZPm<<`CXeH4$a%+M45Eo@R6Up_U6!TIelW0Ow>?>+HZ%v^!_D^Lg z>(4}0w69N8E~!k%oIr5@UaO+)FyO!fm4w!x5hT5aJ@}H$k*On;Do&mcz$2ZZjg{X? z>@H%>rJFPNAt0JK;&*~I*Ie&RrH-|qnRgq&SKFC*VZkG0n>RVxhE~(C@no&_nD5i? zYtQyhm=HRhfU2r5?h$qG#3c*BX(WgjiHN&;EOZK-XQWK2K&_)hZ$e$L;zzg==*6hNYRedB@0Hp?vhdu@ftlLks)jf!uSeMvf^jXfq+P*}UV#XEO?ng0G!-!*90})s@7nNb;~TAq(6WhS}Cz zR9A9d@_cO7?1_akaKdOK$;6X+C`~D?tI&S<-k;wKTZ#FAXu)Kbd#bw&CGzX0WVC?e zJc=VH-7Mmt#|iCEvSaVA-5d0{ptN!l)oC?H=TQmrRBE%`Vzv%FswiyTXv#uCx1hC1 z+Og;XW(PZ|4ETi1M|j zOWfwCH4FG1As47er~hzWGL`9=QMySy{mz`EndA8St3wGrbHZ+>4A*tZP;v?M*qzdu zjya6Utx{XPh011L#|*9YBZX+?>E)nyR!@Ai@7d}aWz(; zrmj%b=S0in&iCC@f{D~{_MXZ3g(PCbJO_s z2VL_H*kCF8Rv%4&uy$78$e3lW_tO)J(c$4B4+88Z2wT3R<*P)D+!!(Zfb+;$o>p>{n@CrP^^I>(J<&F<)O}9t4?_L{*3M$mxTsM6#vfRwW$rlfcCklB{_4^Hqu=%mCoGhsplEK*ri4ND1Go*b{%#^Mv-wWwLuc zi!Zenf)%sKk(3x?d}b|j+{Oj0-r6G8y0Ef=yt3*ZW&9Lu}}7o!=HGP$4~l` z4Ke+$csgJjDjhA{>9Jd!Qj|$Vn~v};McYsg_{?x z;N4aqQu_QMh>^44{hRnu!SP7a zsE1D*flKnUtLG92T{?gX((V36rDTv$#nsjatmyLefGc=DZgX~tiA*i0OzfpG%fpKv z2)(hW=(}5+HV4;NHgp=?-jC)K?adOz2w@QTfK4<;OP{C(*#GP+Hioo4?w~m?rWKWS zjyBpqH}pKwba8Rpo}tg4St||uhFwEb)+-TzRC9;HF@-#RcgPOXF7{pNdtJ)wEjZ>k z#A6Uc+w(?k+l?Y)SEDT0#!DUE1~g`JzgNlXGy1hc*Slby4zC8kra5Y6^0~DgPrvfx zcsyP_bPU@*V-(UL(8f86nJf{r*7{GrI)W0gH7gT-?e<&a`u9r)PZYfO_0E(~r`6ii z_oSUZ&+S{l!mdxk8g`gli;%7mJ|x-dCct307XU)>oIWkC8R(-ZW|v+*n?>XO2K&+u zKlQRrvBSbyQDP0oK|fkB6v((e--wv(_5?jrjxKcN)Ejd}3x8uh^+#|e&QU%t=*3i# zx4fm#@@DtD-ep4XPlE};?z&fh89iM+qzXNKvu)hlkQQ#V^C3WC5y5TRfH7Z_pvLWC zZTdOj?UR1S1i?0MuY4rzU;FCwY)`iN#e6Bvd4v)BSRvHP4ZE;jHZTEJ@KrVvlB&7_ zb?0vS47y+io2x2*4jph`opv)m*3L(!j*e^@I;ywMbl>p!ZyHOL{fuh7`F4}}p zS|cq@Pi|}3AJ#ge8Y{t3$fW-9RLS;`xo-rh0cU}2NY3F?gk5iy3oor!9Vc`w1W=pi&2DV?XGwUpKQdCtK{OlYa z5|0sy&dO@hX}PfLSS?#>{IJicRpCSC%r8(4t5~|eaiEIb%~Td?xp|Y}v8wBZ#*3xE z!Meh&+-QwcL&sdrG1QxafuPcQw0aHTQeumlZn7dvW=;Jmo#lsNZ#c)1=WwY-TD$dG z@NznPLFX8jHL^YshbH3kftIR(yvM4j^kx^XT8gmV2(fv8m?ZDM=|dps@PTAONYJIF z^k9TwLLf&Cvl0{`j$sf!l;!h0AbaN~`-y&1_=q8qWd*-7`qQDNGbqA5BqNx_!TVJw z0kx{#=tI?~g=AYc`dgbdh=a*d{gDSe)0JT<vt8mEq>j}H1DeH*u4#_*!#LX}6YG#b#M6=RU7sTdy5KUAV{Z_NS8>1O1H$&ozfix z%%IZk3@NEJLw7UM4N?Lk-9rzIz`($}o@0M{^!>b#WB&(hU3p&Tuef^5!M9|ZVl4oF zlN0zPpQ9ngsOY6uh-nm8?eUK`;hY*zhAYRdj&t;ebWf%*gy=yb4*6qx?&IOjxma7M z(Oj(i4oJ@mH9RM>_PfHeay532yu#Z?>-Zp_ulls!79E%O>~q;vOvD5yB+rAYu8z32P6S_H|pio6@0y^3PWvS^RYUh?C!L4oJ=jovG8O8j!#})7Q1#h>Qjt zK<=qaU?lWA9{ZVsDmuY`t`(}@VHzxr43GLR{Sg*qj%I#OAJ~p`c^;N_{CwGI6)zoo zcj4s6l5|n;Q>K2B*^i+{u2)p$t=kfyl<4m%+`p`Q)T1sLAk>0eTpjiB2f~BPmyDK6 z+7QCe`t!$c3_I4&aF0*?$t}LZzh-Pu9;r|s2e@N;%zEyo;Mhvvv!UH?#aA@a2yW4b zoLzcY&+$n5);lu3JJF0&jzB+&Uu?Nu$Ph#hB*P%db1X4TkBn&{%kJm<&Ot8)*pH8+ zcY{8isEgnADK0(4Idbad23#{a9aenz45S7BAdxuR#`(82z0|dG=QK=(VBoH6IVDhn zq4>ICxK(+YFB{?KLaO@KQ|e^(>`=W$qwqzCdqWRk=j;=C_m((T@LXxy1IG2-4)XQ7 zl;xLOFYRa>%sCE%ur?1vm?`JlsS3H$<983*iP8~4p)~81gc7Ys%N0jSlW{t0$IEww zAkuQwWr3b#n_g$jnbWS8CqKEj4Lx4c``P9RC zZ_y9Pi7JO0;cYKm(I+$b5$cw6F(0i%l)o)*@@k#A^)27aaC=SUaq4Z z*9szlnF+1M(@rx~Fw(6r*f@Q~V2Bm`EUSk= zkRh&)IH>VhnJe>}H&rU1CY%AngHhMM4chdf>j@hfSu8;Wikvo%H7EA1cKSUkxk^3Bk9~9q&+0#wBW1F^6 zXY$~3ggA`9+0UaVcspw$Qg6no^Mi2CukvpwHou(}wjXUbI*A-MiMJ`@N;Z24t1z)= zm3aaDSxZOs_0ygbr^~q_XNiIq;#sCuQ?8Gg)bY5JH%ER`c-pDS*@Y|X2^aWySsx4ebM-q?tvI-dF5fi$kt*yURFI_-%&{&zi7Yp|ULh#?`@OR2~k zq=oI-Hz1+cS+Py6ajl+VwWx-7Y980*5;sc(v}UAF%=1}i-`pLOLO&dp+>v;QrN8${ zAT0c8BOb(%X8}AUd9<3AHRkPlP4%GgFc{-F!xU9=-kZPFBg}IX2VI){Ib!6tJt4RK zrAoS4{Lkdtmjy`$F*jvH%@rGLA+DcFGQ4QK7K)zF6ap?z-I$6&t*RB&D}P!1!L6rrB><&Q^?&-ui+m#>mh;~9YLli zco{bvf|VC-XGbLg^c`Iq*HpaHC$|8g-?sJgz%X!whQhwsYcmBIh7%X#xB6pj>@(d^ zWpA{k(9gOfBf}G_ZndE$!=rQ&W;{5_!I58$vik~r!6QB`b+lX7y(op+Dtxp$LPQZj?ep?&dA zCA!741U7Z*S_(Z0(`r=4La)Gf@ugF6ka^wLkVWr`we8@PWmsQ!=LeMbyPF4BA{}m( zkMd(n_*^>}8}~=0bEqG!!tf6|E!ZG;@u)uMdFv;^p+ELR%BijHzS&zYR>%ul>Xk4aWE3`+M#go+YbsM+cZ>U#WQk)JDlk?EQR?l&WEr9DR)VS&f`Y2ceCP| zi45Yl=z|El9EQI+?o6vyqX*-3Zo+*SiynX5JNK_kFExjsDGfxGmbtda;Mw{v=llN5 z6+r7jh)kv_=HPB3M8~5iLA|TxqO%8g4A1os+dnWjpLMmxOND#X;_cLrh^+MoyDfS0 znmc;Sj)2NHCY}=EsO>VZPsBxWtF2olsIUdg%|yx>f6DhzR`dpwV(VN${^ z+IVO6vtCGXq{zM!x{(yPY5S*^MS2W)p8A-p?|n6lt{SR2`Z(BIS8|Lw8SAPY#Z@j% zjal@zo4wvT<+(cUu=`Lj;#L0 z_F07-c=!-E2Q$}wFXDnJC4?2uGfz5RGRyw3{k5#t3JJ^Sm*=b~Cm@6}1 zKX?vaf}7Um^|Ekg-CmLtdUPrtoCRKw-~J**hKIP(HP*ADf1AI@bfQw!M+SJ=Xt@8f zxBKor=;t`C?8PJUgtx*t{!QN-4o>$8(m1=W$U(&t#)F%#;B)lc(rf*Sjg+!^}A5cggl4*A-jF+yF02#EWbgJh|{bjAm zFK8q>RTO7-bS-|^SvBqYye#KcHC{PF`dC8t&xfqbU?TCy$g2^_7Y2|bUA%P*gh0p( zzzAsE<7a6PyGn}HMhi_92pZ%tYP~Ves6ZbK_$p~nKV{^aFM7^zDO9m*7GUCtx!hDn`pXqz74xzf$=w~FeHg&IqWC7&p6LH_{ZONL+dyoCFW-I zs^)M0o~klWN{!ubj*ptK7$7^N%q&>3Z zJwB5o=k*EVgwGpwo%*VT#*>_5}7q26!y6c+xR>luD66uZ>(s8ex_9AI{{k& z8h*FtPtPu=UYB~9c>q7WG3q7F#C$=I4ZfM!o?C|3;6UYVjiG#DQz+eoLX7$7u&AF+ z*X4FuLE~9FzB@Lu(4mRtkecvBAG!PDh?~~CyF+9vMq875FWg47AI%6H2sD1^ISQ`; z^ka71XugPiau^o!E}WtEPKt>?BhW&y5t;$#Vb{L|5Qn_N{%ng075vk|>52?j#{LKW zGr2o1>Pf!1cut?eHEp?71^D`LmYB*qE5y}Rlyzk6cpm>kfc%Xlq^mK5xn0S$ab^o1 z!e|r$V4(9JW9fDx#`UG)mY|*2T1Q`YXbO=d)eBBH-L_+nO`j3K`N6dCQtai+yr2gS zSLm792|fN!E~RM^?x_-?bJLuqkF^J7g_ZBGby{oDl8FgK(^o$+5XkvTzz=?JhTo8R zSJ*jKjsxfczvGFKi1{C#Hp23T9B5F|8`?G}M*7PWm2J?OT)on;1pdbsAb%N3zv=C5 zRXL`$-{;nOhep_`2QTRSsZY1i!@m2b;0*(>;VX%Q<}F=J3*wm`GW*e?Qlq8~0p!SHF`75j)o z9dR)K#N}cqR=@rI{hvfm;o6vYzgo!^xb}KoU63--tkRWk$E;gxr<0=}LH9A@DS?;( zAx;3zk>s-i=-qQ-8aTjuSSa>FxZ}$AAJDhfn7USGT}J%0-bLnPD6Bu&jQR(>>we&r zAPv+;5Q>XV=WB7~k&=ec`zO;zSrJJ;@hrFzw;fLX2!J@`Z34Z~p4?3L009J(fz1R* zGK>0B5Pa~u`Sjon zpSLZA%MHdPbzX>Wq2^Cl?T+9n3K3@@IUA&mzd2&|Y0(+4Kl2uiZbipLz6w9&r|O=t zvlvhN5lQPA)^Kc`86mNG_K`P zx;T>#3zR8tW#(*W|5}#EMpLfh&&4R2o`w3@Z6`V}bGEwiX~klW8t=&f{d#Mu0<{H- z$%5i~+tJ=KS~ks5wGj7T zJAEbKN@6kM+rs1X+hFKjm!$v^Yj@%6+Ew`*RJDm?!NzVFyRy`X+$gHt`Vp%lo^tS;+?tK94hn`bU_0(!Z)P^Mu* zC0rqk_=-dGN2guLUZ~)oE~uoZ+Zvs3dQ%+dY%|7$wsrZ|upZ{Dh~HN|`_ony7_Yqn zPe~#VOTRpty%Z&CQd2d}@FB@y+vtouF0}$`CA^RWG#VvOfn~e&ot-WF(GuuPaEykj zm@(z5nOK!6d7aJ*?fTJUC!6ChLbU~aezoWGexEf)iBbVIIRUq4dBB&^Oz``SU$wt% zQo{aNz4LsS3NLZw#K){ro($*&l|Is9s7RHN1f-W?{~v5a{w=9i@$9CH(9ALqr8rN*T6iVGmz|!W+(bK5|yvx%1co^R+_f!4suc%5?ATX{Z-3J^_EwGJix7V zWER$f#i?qh7K?ez`b4#gm13noh}2;8*Kz7D>)TWC=CojHCxEbmK)I>(>xkQbX1>4c zZ=;nVUvw8`*bwsr^8|4mfHF;*5}hYHrR{fp7Co%Y4-QZK&9>9f&t?$${7?dZ>=zgP zQeCG7bnd`q;8g6MG}Weu{7>}xDzCCvI@*N;#$CT}>GwW`Iss*6FX-W|mPquiVsB^3 z7!<3wxJA0o?C))`Jnx|1P<%}E%=_(BHSzS!6R4W5T=CMEl7mQ!ZwPD_esGa3**Su! z+QCr~XBzDButZB6_d66(>hNHYKx?|b8Q(^Fn)B;krN%-H{Wqy<&qAg$urDbcfWs#JfSv) zUW0UMkgs*ABj3S6%1nGL=mjDsZVD+wo>0S=itC3trE}Dy#%nEEQrUe>$r1_j2KF*i zb$MuRorHHPBrqZHDs!^$%TPp2px#=PgkF5tBM)vi_zSr`tYK$keQvL7eSU)Tr~unX zCy-qs)nH_4y{2bwZ;_r>KH~Ax$K3o>#k>M*fwxK+Hi4k%%JHBQXjC3dW9Vd>mesKP zPBC?Egk%tbyN&`$1SxgMA?UPG&MVJB%9(fO(1mcV8sYj58LiBs@uW#Cj_#S7Ls8@7 zRfn8w-IL{6#F+QPQzJ!3Z|?apYaSD$I90f~@0aZJ6*8lekxPaIlJB#IS_HpKh#e z6KcA$Jxq1hq1t)n$4|L8m_T~);`ZKptR&*X!>TRzYkJ8glXrI$c?kL-f4HLP(&X)D z(W9qC(7C>M0;Rq7i&d;=2DQV$VTJs>N4xlgu`F_+2T^Z%(|H)5%`iyvSiyYxluW8g1{3WwTuVR0@voQ^SmfHW=0Z02jjO{fH=^ukPHmi2P0&(ViVH+vE?H`+alGYvCoc|nVM)BP z&eLhQCrvtu?5Knbtuw_4yVpJF?c*;KGj zZDMdJw|0tc&tp2(0SmiNOKRiL+PKFhtMvW8kyq-s7gBoLbb|o8H-zJ@$}~I4SR4w$ zy;E2+rjkj*&g-qX(0nb=Ab%KtP@~w_o3Uesa)qd7CLC(%##f{oZD#+ih_RU9OtJQk zl-MJO<=BKlw|R*! zSIM<*9H_}N6{xSAQ2{SjxRA*zrD`@(iSesfiwDH&n(#ggXCC1fmYE^fx^tIb{8pTs z%A1B2omx0=<~j5`h{G4_9ew+v`J`Qp>v%=l*$XlVu4MyGm3?7-P4%~6={bAKaIiP7 zLE;4wA~yWO)?15_qV{`)&D}_`=kwb;;i#VAi(~I=h;xZs`2FBO}9O_^sAn8wQP8$9FM({ zl`apNb8Vc;nWkCc=+2T!bfW!~E7WSjY%(lDiW@@hjB3(hFXul~#+5BV^CAd6<%^jiLvF1L;5& z$ttl)aua=)brIy6#pJgQ#fs2?WUV^16n1ED-fPaH@X9~X%ec8!mgTK>7Nw{KR3(638sp*`$lyE^uiewYz#Z7T0*OtOPY>{z0L$)1*Lt_raxZs(2TH#7`S2;NV{PA+XXxKZjWUn@T#lZ*h(9PSDI$db@OoT; zjTFpySjjISA2$?WE9*~L%t*AKZ!GwtP+FYHE$0WCDiAgsS=-vd ze2L0ha}opdA?3tgckb6Zvg(xl7P4}T8nx!1llWt;LQ}^(3pVr_MXYIi>fpy#PTVu9 zjC4^&j+oyAB6)N|Yz`R$!lAQ{gZamAd#89eP9Y9E38Hq^TJG6tImO`N+JzU=hC#Vz zT2P{mnAd}+99+eEo8q7o9%SLMhf;m#tm=jv3_AUOZL6nE;c%BlT)4;o^|tU)GcLB697!vPl~zMIuD_u!mouS1raE zj=%1qs_WA4&Yd~cr2B^POHrnz0{v8wk4Le0sMdk79#7pMYg>*|tX|&hs-861eFtNX zQ1j0x=r&Aao`|h=I8`_~klM*$<=7ON+gmO*@;mYwd|Hr+by#GCkVQ~_p`4>)a-u$P zP?BR^%h4?6&P#6!?^MsSK5G}Xi=69msM3YJXe2G?Aekp8FjCQoEv839*mlYb%XN67 zTHC`WHV>uDnd&}*w9Tv3S0iV(;yvzyLGB+s_Kp-E3l{#yCh!2Z6VeVw7%p@=e;{!&kcb@dbe=QZMD; zJLv~!+x%2AYv|udVCD0BMs_kd2%M2&0l0Lj0iT(o@z$@if&-I`%U= ziy~u|wOoR1-Ur2u@gyOXSmae%sJ2Xh|5e2Bj|qkR7j`TW#Jq;1+t62i1{u6s!1Tt- zPv_rNSfiF)LYVpI$5L0oIBdCcH>O0Q`f1Z%#RRhdvac_TBbzB9?Tfy&J=n=Yy@CkN zP*Z6W5Ci+L))J-y;*N7DN2m<3szfsri-sB_#HbME&DomKd-h2xfShNTfPPYA5?W&H zK{L^J+7~mF_aZxhgsR5Co#o6l`q_oi^taFyr<)=a*QRW_;D!#}@iX}QchRf{`Fg`| zMwCD|u`dLWME2U7U8iHi(NR|b4X%0I3VpVH4Cr|>cZ5%tr2l?2O?W7&r2h!dG!(;r zY%>Lrr}>DT@PjH~nQ}tqS!G`Wil084!1?Eh%&$!zN)MiME6JLs;$IX%ceG_*zSKRX zw71k{Q!-(SXR%dfqK$eL`};G%=bCF)TO_jyd0S!(cg%ObaFJEhrnTSsrZxPEye<8mSY|R5v>z{io#6YGw60Zpf1= z7MN5N5KFoTfG4>SX4twIAe>m7GP`n77y@KZCT6a^gI8yd|K(lioJ>V5cu{sFmFGb1%pEoun1ez9)no-*Ul*C{otm8bCcAihMhxMt-@nThtjZ#{g*@i$)8Cs=BJEeavR&vd2FI~4aX?@ zj4C(>`EMTng9s)6k4kyC?{BdF|4BXa|MibPSKZJe#fp7Xk9kc(wzbwYN zbLnPQks+%8tP1yjYp+ezmeMxo--3jd`?HR$Da*%bmf9zwabn4x4+Q;S#HyN~5k($M zUQBunf-^mefhWbGiL?wUIo!;O)Em8t&dND&-RcHOP2|lIm>vp{O;ebRg0^nP2nxpA zHTcK{vwlLqT=4Us@QIDe%kP40qD39J)9+DYAYMeB-y}vQu`cJ(NNsqY{%yF%&sU56H+C3Zz_rap$ROLWSoh zL|lJ8ZOUWXM|mUwWfCTSNY;i;nV)E6H&42Ze~n9PSjIC$E=nxgqeqf`9nQ|%=VgR= z21^ zS5wPdYoRX1)S9fB-sb89%0q^c-RPGa;R9LuYMQoJ$H$%d7{A@7f&A?)m$@=z!NOZY zGRya4YuIhl6VY)|C3k4xbB-atVQHzqj`bBmfPWkzyV|IU*w8#^;fNz=V@ipd7L=D7 zAP4tURZZlcy9|e=n9ys|;Pl7~o|h|C`i9d58?$r)4ZpSqxPY1>+73B&eQIjmYRAy&Ky3wW z&*Y5DPE;8=PFri4Su$KY*oZm={@d#B|9;M$@~J=kum$Ka#vu8($)~WhrAv!sr*e~V5m0}s+dD*)Zo%9jJ!~z^&PGf*-&9yu}(@* z7rTqR#4#*`KPI#FC>OklBn~I;{63jIt}w{T@UgJm-D=(a(+^HYrOVIL&WT(MrhG9k zMnTenEJ``Q(5HCjkyi_1qpKZm#G(}ynpQ`6-aN`WChSfM7|sE}VP`7S=1a3_tPDm} ziK$ya1LX=6hnkmQdzF}lvR+TKI}ZlGhp1WhGVc%avr{M_4nOY5aGh9*J7hSxOiPZh zD%LS>093^<2kEsd%{*wXH(w9Z15>bhWiQpdaawvcnSdQk*u^RPHPQdx)mJrw_D$;p zKEC!JzH`gew>|xmQ0Ogjwr-_g@An@RhzDEy!5R^9$QS4=Cvg*#r5p;OTax=}pnhNT zm}%(&G3!i(B1siMq(VC^MDX#x^Db!*L$x9_%6(0q63ZIM?D?Tu6q&zB7i))TrA;jt zHMwWLODaKFWg#kZmY$OJI1Cr3ElJFHlv_sjBjO0FRWm2gz87y_zz!#b6?DP*AeL#y z1*AiASB-N2+UqeGVBJNslLsI`2ERUwZHRR7B@q2pO`NOh^4K4*r0~P#BRI%Oc)#PF zErm}4tgUiK-QV4B?%Rt*aHr3#eGh)zRVRJJx;Qr*o-iiybg2nDA3>{O#>VL^izp4S z;`X;aH7`L_aG{w6&^@s-+^Nas+Ne&}t4>o|#Iph2I|WmjEwlN{X_bk6(kjmBOR{BjD$E1Ksw4?g z1^|l%QfSKh+~`W_vI@cbNK$B~o?Ic0TZ`jO;`9$Qk9Y2%fT}cxzMgjlo2+gt0dWTj zr`jwDF><|TF><5)4+SqsZ?gWkUL266Df8?&FTrn_nlnG*ijjR>-SK8hl894RA}m2& zT-$Yy{QT9b+pVgl@L5hPTmVg_`Gw}Tp%+1UBQ}8Y1%}xNvTpHE0a9Qe2jXr0h_}Vt z)vI+MkI8P8v^qA6tmF>~bBcg4C4?=3T&0T0H^X?MB)Rn=hVRX?lR{#9yznCQ_N7{S z^qi!EIrh{gX$P+7i6uc6l_Ze01>pGoHNDARE+KsV%Oz5mS&3?(09%#TR_fv=_Tn-9 zA#Olu-mR7RbGootPnT;0hVooCZ%jiS?>b`H+Z73@x^c~9A>D18Wh;RBMnT|VW z0t5Qi#yzzC=TRVohh2fM{uxTZdBbSRhLNO&;^Mo1MxB$?=HVq+HC>cQArng9?zeX= zf~!q%>x>Myyn$Rx>+?C94X25bU3zi%LB`6%GB@2M4CY9`Wmz9_^4uQkLg?vP_-xUh zCOPY@-ce8cuInrY182kf^M5Cl9n10*w|9>g8Bcst!g0e3$)}0+m}FULn7;(q{*hWV zJYlgN5xwJzWWMd7D80w6`wTdctNrb)t!0Op!OytRN~2^XKr`oDPByivvB^gz)pc{Kv2L?Rtg%c6o1l2wWkA%2tp3wFjdK<*1gpo(`jhDbhceAU%> z(o^63Q_B-HK4XA3eJ%{}I}vfzfqK&`hKd=4KDvNfHP1{l+3Lq1;u+tLSOHwzb7F%p zX(xu;-_i>GTYETIsVV|fL{|W(ql>+Nx|%=*dUVXu-zpWj?A&FbVrz9V1#w45piAp}YRQ##ad$ZD)!mzbUXtIJoh@$F2veK&yHfCH-Eoysi@w4uU-35D zRE4{$@No3`TI5#G_??xTWb2ck{wE;MBMLCq)=}KYVOP`+rXk(?!3-50C9Y-PhYw_q z(YvgPL-O>~4nl&@L4~sQ9h}!cN!US<7fH2V9QCmYo=hpF9a0#o?frdg*3YGs&1Z`N z?mrFeIxv#@abq1&Sng@}2=K3<%J^<4i8)3r{Z!SP5$`qjQjA zF3G#(up<7(;`wY<^-kIqcVAS%2;cDfKf{RhV2@o1f9zw+gWlhDJII;Sm$G39JU->M zvXc0eZ4xBtZ|iODvL%&TcZ2+DhvfYlAWvb-CGybKi8`c}jh%qAA5HL$!F(u9O$7VZ z>L{4O1mDP&CVP_kb$FZch@s_fR`b_)H$96kdrVai68 zx%I@HOTanl%hR{(hg;qz4&)-5+K?tOlkC}7k}=QC^3xV@@^ zK{2-}4|uxouu^;r@L_8Xu(d?uZs_!keOTcydYFlp;sw>Esej7G2b<eKltbu`*kj zuWKhYKNh@iLA}o;j|7RpKjXQ6e{w*XFNhzmR?4VAgnw~yu{!@&oN{(w*qTsb2z z7qfa`O&S}Y(PZcw#F7;Y@Tk&yQh?PbrEXeh1NlL7mc~xsI9a6BP#?Bq?i7qll8&{l zbt?JftcF%vd7Gp?tH-`O!FQjwp;*gN;d#Yb^XZB3Z#O)3X`E_eh9ZVpW?RRt8=Wt* zRq9y<`O2WH^Om(}Ic)dfwYiO-Wl!67RviQRi1?lSj|BCC5!^;USH832ul-C9%Ecx> zQ%3eRc8JU$`w2k0>MB@!(1l+j$4%D+$G&lpJ5+wpP|XD*$!s>-FSH z_YJ}Av}@PKvo9%?k_Z4wZiP+{%@$hG)BF1*B|9*G47IyH_Z;56qAlQ-AUXWAMH$7h z9dx6{rSB!;(!TcQ+@TyT@|{~6$4@@|C3d7ddXZ}e&8gzynJvdPkP)>?cLp4-v-I>yqk9WRVolXl7%ObB>kQb$!P-Kz#H~JgRTY zZnOs~D9-P_>68K9oQv3#Vj1;0b%x+alaKX09g~PJ!`aZf{rKkRh!L-pFspFGZo~>N z4?k58alSaxo(^9jP^W%&r0_Xh{CFF8_BCLWv=zNI-47??)6rO&!!=^U=8vXpc)QJu zZ%bDb%h|A4P-Pjtp%Q@@Zq^6z>))O5!$&3UzplLJYZ`F(Pj(RLVuR1O1LrOi zVdK~Y^|o7W2Y`0P8<4sO7Hysubv^DCLbg4?V-~M_9o^R3<;I;NAj^~!h;P6AzR9`- z{9~&Z#{*dLN&fXtw3zTjs&gw*b-v0hdp<6!W($rdWp*27F&KHfdQmn z_G%U1m2lJ<|4~d!$k(BsoxWNhnG@KtB8~DROTOPOoTt z5}t_zm7axHIpa8J+iUTOfM;6U{U_(5VZWh)`p^fw(pZ|kdCxnGyoa*JhVf5{P@R(+ z$T0ZX$F!D*2HT9BDQmw4Tlk;g9^pD3WwfQ6^$~~DMzPUD)R9k>yQA~5c@00K1y~UAL`!GSMkO{L;&=-A zMm`r*$y4ox^>uPAQNNIZvgoc>V`uv)y>=~=#{QW_^ z{POuI?k7fn?JWj_^hLeeHKx*Kj}l zX*6)huT;(axa#r0|Ea53oz169m2!Sn;LX#MSS-jF(EE~WFE!3UyKuE+>6*v?M9f$y z{G;8$G0mW3j3!n&5UXo*`KO@_%r{LY9&&iJ{)ldiSdL{cc9=_-sbCB+d?= z)r%qGSVCRF{UFIW4!sd(ok^&~)%Oaw&J^|TPjcZa%|mXa0|3Yk z!YIs4b9*Tmqm^HK(?B5$zV4?6Ddt9epDbLt56&-aL{?TAzPVB?_cA=IYgm)HA^Q!U zloMGktynX$qjc15i|X+#So_kj_{N6dg`RQXXOY*n#Jm!L!ax~Ce&{j=g5Zf9e|3?# zIM+tFio#`ey_@=-jp`U2=6+^R6X$!MyZmSzEAtqbJ~YWOwoFCx{(XdLd9V{gWZRvd z&cyS1d=4S!5xZpZIy|cY=9%qFR<5n~@vdpmy-EM%<f1rg_nS>}-mXn$z=DYXb>B zLoKO>6pl12=vatL-=A;Mu;wwV-IIE~&LlnKFjrIP-M4H%Ig>cbb8VszXPzi{OB|mw zi|nlPep{8ZRgqrOf_NMaGsjz8T(Q1*^v7x%0ovX(j`978VH^#6f&dTun{`o8crUBi znU?FROylYralJ!si$T9b&Pcwl|NQ*R=%XL23wB4({Zy2~+z~B&K6)!o{CJzlorTkp+M}2;0k~MY|1fuh>57}%QAS0eSLR*wyjIFHfvvSZG_93U zAFl~JOYcdaRx*3@(SqDMgn7DIQ%pnO%*(t=T(g_Geo~m>!<6wJ|Lt@i=CGpYzi8Vv zM0Ca5te-0YEt`WC2y4ykhi9JSB$1tSW>RE$Ns1Ny9&3cFjUo6!K@5*GkhBn^2J@56 zSp7zGQ5WET!UEZjTLH1Q3LA0J|x$U}eeiCH7*>5+h(dMhZ*(d+`==6>LezV~J z2zj#+v>c&5+M^qUFED+r%?S+;I!uiVpbsDcbITkg9j)Rad*KFv%fX)&KO{1)IZYVm zC}=m@t=6#c4NKZtqpawJk3?Sj>d(waYjK=p7JJ&(!GG_*Wr{S0gDlVs(f?!po$xob z0SHc6T^KAYV)%-8Kw?U(&mLfpyK%m2Lxq_!a0biok4~e$(t#s@D3i`N;q)JjT$=9E z2)lOPx66)u&<+;OcqU6Sv#c-r)|c|Iz3#sgJ6`$25BPw?84Hs@V4I~plZVneEP_>u zF(Kx?1N1CdHc0~$ywG1}uBX$PHj~xWPFGVEG{dBtz8Kl$xn*@jCCFE1#gS#=&RZ^W zGo;Vw%8yl{ztXWz4jxILu{?%fh}@tVzAkA(bo!WFZz<3RirA{{c9)hv_8LCuUW-TG znO8sVP9Op-vf||ihP+nO;`w;iBJp+2?Z+$=FQ;4O=od|!$R{_jqx6_2-mIWKm*0LP zLCf8OJRM)P6;LkUD_k!B8*MvvIL-f%J+)#me{9jJl+;3ECbs5SSxrQ2*j5yZ^V>dF z;PX}&E+}elw%ZR6aJgpBx|+=9^XwR()mi*@pcXQV>Z)JdPeppM7pN~Vm}Jsz>#iX; z3es1$g#19>ywj2izD59n;meKeK|<89;Q!qC=)WNsCD-T_u#Z)GE$N%O$AG$8EZ7g+ zLrB}~#t-$|$24LKXO@4ayL68Qp_zx%h4F`}B*7xdAcY!jB$^hR9Y4H{Z=7r+?a?KYsY=KGWd?cy%Od>$7l? z9^b%Ee_e^vQ5#zcg!){)y6#4V1k7=x5vm8z)2tvM<8GMZw`ay^v9uSPxjv=Pq46H{ z=Gha`Rst=7vYGLlC{T*x{u?Q#_gS1T3W#9&H_2qmXqRFM$|;yX2Ld_a+El)I_GJx` zk-h(V^G`0hlL9;dkrDgs)ja9J(U9MHmh^J!B+uKRD>DKeGpnV^lO5YllXpGFk%*@hEB>+oS*kuf^m^9^87oz3<4ZQ$X-P5^77_kfXDgea4C-Zy!u=b8A^xiiQV zLr3d5INVzQiE#f%DXfe2l%AynLcYbvaTSgCiX#7WYb zNnCTDC9|QgpA&0n z>E-mm5k}U^pVM}y^<~fd>zMp&-87fvNFv|Enzf}}`pJm}Hnrn+eWtx#Xgk%19XMg~ zObH%iPTXu56|;3Z4Rpg4`^JL~W*oUY8%&D2$_AT$FZsar$&6-sW060O65Y^M-@sfx z2&r5SAk!%$xn7HMU2PqLei%6*xOz`ehawns;p0fDo#numYSl7Z0hYgd3hfjgN=#b- z(0TsPnj6YD%wYDA5y^_?(^$D96)61OEP+mOi18i-KdD5BD~te{0*vdA!@BSl?Nv zKW*I6C@;RfT~oJw=5~>0I5CgM?`bAw6x=bL6AZwaGi;t#ED1Exd;%V-?JD9EP{s=M zcP;i^WImKr2_#^WO)l!s3S!J1uKys{;<1Qf%CnDJDT-NIyvm-fy>@PMU@w zPZfs=3x32`3R24-6cAM3VFgQTl2YAYvvte7W0Bb5>AXi^JT-)yWxQP=@S&C3F%tGj zPxIKsPbr7lazG+O2rl1H(H{NqSAwy?ZFz{^mfWBsp(gW8dbNBxX&*r9`n3LwNe)1W zN1RvJTVWbZ#xZx`WoT=twYaD-zkmwrCCN~!EL<$cxLSTgif!UIRNu z8KqtX^y&;B?DWpDWyW+rs2usDIqLgtQ0l`L zXu55%j)1F|mua9s@8@wU|Mp>3ZlA>_z;3g+Ui@b{46qVEY^Pz2^uYO&M!r;D2LJcg z$Qt&5^Jsa)Llq*{POhn$+To)^1$uSNG<9`L=3BhOUY7^p7uE2Bqw7SaGJ#SZUVMmX zCj37e*oRrFY=S4Sf^^j$cbf%IMM>yI`!8e>YCdHotm82{TS3 zkJ1I1*wRRe^6n4L4xj5#Nz3bwSj+_%g}u5KODt-hqMXV|F@}Lqt(<3_^6#`gv$kG{ z7pD!0InB$#W&IyE$2$xQxJ*h@#e)wg^qbaGx$z+2!bIXgppjku&+rW8iwqK zhO-gofT1)jNfY|MzBih=!d=1%CK`~eq7|Ra%%oa-M?gy<td|K>#_1p(Ol8wV3GG{j%e>^dE!qdTOO*K8NWuVo^ueLc9@1Ws;4;>B*J@Rpu%Dx znw;;T4k2~`(hE)vboGQb;8D~G!+;E`D-iqlI1E%66OwSJS}p~f6+e6Ybjm^I2=@fA zVkx>q7GiK~rVcZhKO5~uHFUDFX)84H0WlP9z(r;z?*YbW3!ag6&mn{O@0<+ z>HsoA1WIDpwJY+X@}xl~g*y$!8dxq5c5lGYyNVf?vX4F$0=)6QCH50mbSu2dixUSr zMmVNW9hzY1r)tHQ)A8SV7y${p=L2`G(8KPc;wIHVZ`Ucx+9?1-g+ow!xC$dY#!0}V_=&1V`z-lbt6mX6 zE>mG5BbL=_hXRH@3Ln$pVz#ieYaz zW2DXcvsME%;efwCM4^@_L3=SNzqAF zFkkhP&~m`2ebp{PM}Ak+`<})Buu3#U4@%JG7fy*6FYO1*s+RJJ;KxhR9&5;;U!<78 z3GDSEdadRXqxQ{i!k>suS<~gp8#sw|{$74|&r+fyjNw*gw{zI-o&$uJ))&*C*dw?@ z+zp2EWv2moa6x+;YfA057JDx!BL$gnCinl0@-tTwA zvj4%=cwzBI;?L956mZU5IhZHPNPbKXaP4l3vq+2oTLX0#TieaS)WwpFUzmBHk!R@Z z3qX?rBq79}Q8K2+M)HTUjVF}UWcTNPQ0zW!;YxjykqgdgmEw;e{l1c&uMLwh?d2Vk z`+FFg6Jo;7)ODt+>uGYQnnd|-Vqd{yZpK)U+!khTO`CD62?im>jc=0zEKtsx&gRn( z?re+?W{wDbxx&1;njXKhBZH8BM=!YMP`&%>(D=Z}x?9N0H>MGoA{pr<(eiKr{wmVE zrPzt{?B(>S#~xdmaomX3XIqnpinQa#tM7jb)@tND@k>xyIr_~!{Ovq{H%`O#J-I8X zwg0*0@b_84+-=IBoSqctmzU@N$G^!kp-#qM88-^dte{MWc<978d%f1>E?8Mj5T)xs zm*MR{@$NqVDI{sCV525W_ghG}Cx~a@tC`rxuRkwN^L^%6QXy8~v>DfDzpeGYy!2^! z37qoXN7lcp?9VezLae%8{eb|uI5HEl160IH*A>xy%pNWC)Ee?z;~a_6yQqm8h7<*T zp^_?w)KI&X%PGl#bV{x9ogAu>y@eS5FO%v|@^Xs`0u$Fw(w`1I8z7r}v~l`$GH;S> zx7b@tpsCJY+eE50o58OUD2J$j7$=@oqkMTCA=SrXJ>5w$H3mTCoAV$Nm>5#?hu@iK z_sRh#zanffF6$kb$RUtjKX zDF<{GWsL)iztmfbv;CF(HXe?d`b+f+@J;(J4VKh={7DbuUU+${iS4gs_d^L~65+VK z5sJzD5^BZ4u*HMk{8A9luo_SWkZ>jyQe;ps^==OMp3;%(h+5L4$$nu5r~>B6B*N#7 zM7}G(=sc@BvPIh?-0tD)d&WrSAe1u6dlhD>=bV$pR@ocxPh@|kw0<=M;MwePOwfb> zNum7{n|Ub!08o#*p=Z($Mxa3vRN}ppZfr3!x`_tNa@4+4jW!ZxjfW(l3J2ns9_qc9 z*b?>U>olWv1r*9jT^=$3HgxtH&WNy+d!Z!8U?|7UY(eGgCyt&=tnGx83pAY~s9=hR zn);IRPohAusoMAABQ*xpbaX%O6cDi#Xyev2i(+^UAmw^|WEm^+=l!cdg`!0I1O(qb zo(Lf8FDOvY?;)iW0Y*$)Id~e$_;*GkpAgHm!lV?+N<`4moJ3U!v*I_c^Z+b#eEQkE4+t=zoar$ zvDFV|D9wa^?~FnL(BJV%&{k85sBiNV*oIw4Qo+F{0FA7z`QmrvW1d{`CG;!tvN0l3 z@^2V0)5Y`&+UmE5PQ{&8x{vUx3jFo7T8yDg zR4l6nO&7x>yY3o3vM*ucNWD`O`p3O5ES0MxjBpmg9A##hNENlxD74pbK>!Nu;|J81 ztWfLjF``QcO7%zWiH^r|Zg=Um+laW!B-iD&^=dBoLS^-s``MX^rAZiVhdlkhFcgy0 ze73&GhHD@);}&O9vUOnM{3FtjIV$+jR<&d00-{~`+?4a9 zVGN`v2x4M}LtcHR1P3o$Lvp*C^uQk+h*ayEc&q6tm>w}OY(qNpL}^Zs#dHx06FHZg zN4V`EPM}~=^>VMe3|DWyIcd%LDKlMwe)5EVtk$|#f?{jBv10j)1SF)Drv2znwI!!! zfR;zSox>qjUsIWGK$-n&!o)LO#I^>^x608hAF~&co&HR)-0mTNM7MbDK!J=?zXVwa zGupi{&2BzLQ1l+qkSs!wju&};vONK1 zdaS2vRf=<^bo%0x3DPOjnH7ButOLA9Q?8YVQalwV=G+F=gqQMHYF;FG3D&4IMy&$z zMMDG3K3<7K7U{OE({U+=q;XLeX>S$ciD4y^jItg_%Qa>j4$ku4sqB5x6gMx#T_Zkw9y7Cl z(sN4m)BRy<9j+p$Vcg`r>3bDH1+GY#*zHixQI3z+NTiescRzV>18Qqx0t62H!GF2+ z(^zW{CEFr;7vZpyp&vluzRvyaV#b$v0$Ir#!sTIozUk?~FlG(?2pHXR;mY$~UG~_! zc1HCA-f6l!hrI&@b_^Unv7bZ_`xq-NyB|DEffS>rqM}7>XS{)ppZA}o#Eosx8mdaw zIv&9ZU!0O9&vRcGvGP>JdHFppiV9#)25@^V`kQ@#3rFx$H7EXK7UYL{9C{!%y5@G> z>@k*V&d;do;f6^9;v_D7LsdbYK<&Vz2S1Cp&CmP3kR{a#ylSF4STM5 zH_?G(Lxh{Vd6A}m`4IBGYuQ!OA)$4(mAVcf@g!;8esp+mm9P+PP+=eh3I1uu zD||yN0OJ3@cH;kz{~WN#o$ZsR^mD=SbzScmbZMXXomQps%&8IWRbh%}sN2ci7K>;L zl=Lm+Zoh26$@6l#Ro-&NoiRkK=3i+g7O#Z(m}{+0M{?09($zm~YrUd?o5Pza7~

    xPjURyL_&6Gt!NEbpc>lI;@FhrX^C6}VcABlT7>l_E-? zE8YUmk{xjKN%aL3$yW{KbNr6W)CM@S#vgi&p=R|DG>P)Y@Bo2OV%1HcY;q>Z^7Nf} zi{6+ra*Vb4sf}IB6K1?_jw0pVu4Vm%W6W>TpNv0so({IduBmP2^L$#?s$eiU(*PKU zCQ67{2nRunS5n1Qi%wTARta3b={Oy`GIg=rcWbyEae3*pGzPebUMAQubeXuPuDCbe zXE2HA+QARzNL^;q7*)0~^uMdhf9<3>(>Hn4qg*KFJ{`sZ%jQ+ksOeBrUUthyuV(s7 zEGPW%>4xu}d;CzjS0>Ph*Ow#VaR?_hOY=py2VRxu1@v%gRh4_;n9%8>TIbL?N{p>8 zDr2l^(^hh%{-B8+Lf^7BS|0T z!W7T0!f2hxA`*U3+q}tc2#7Mpxz2;W>JP>mKY6hpRk7-kEibCfFwyl8g;cMjBTg5q$3a8?aN$ zc;2x-$-y1^aFS0*bddfmv-1Cv*!gQ+SU)R;$Y2IlVyHA9hco-?9O6OSN=LjGD1R~rh)iKav%C!wow^|2s4HRPED z<4+Q7hVM)*{{nw{@Zw5%|N6*OoTvKw-;m4MUWl_Z3h*?B+8BT1l;Z-Sp4&H~*zWyt ztMsYs`uod$0IxIo8z#7REi<IR@npg|I1pfVGCOCwNIlV$DT!=({ zQOid{dPF>w5ChZ7=}3r>g3EIR>TT>k>~HXx)yHGEj~goPnCsQ5{S$Nv&Z;68^zgrp zQfMhGw83`HoX;KK<`h*>HjOHKt2N3Loly9*RZiH=@_U$CDK`@6e(x|=5dAgA|9Vk$ z%~kz@$ffc-qllpu%w|GJ0&-Kox0e>#9!&}q%8b}>DafL=8c8^_xG zqL-QQ?k#MyV_y%Mk?_t~Qge2Of_$Cv_2w46Ll~qm;oZu%h5z_g{d2xwze-2@1`f_4 zpUfeA96&ab<_$Xz`2HNy-`>=yY<6}H{T(^RiZwkfP-eS;C49V5wrbl!MapL-41NyS ze;;iXvQgGqWT)cz;Xfgfsj@9wI^OHnssU)nnvVEY>}+i9i(OHd#LAl1e8n{Bs-+k< zmy<}D!3zp+cK$Y7VB&z(ILx_YGSfvyp3J$l~=+J$CYc`@jEs>%f`) z2<`Zi+amff|Ko!o6a%A8+$YcVw_!j`CX|77O1Ea>gU2L44NJ%o22MEgm09RU5DvM&0H)z79p=GnGFxy_t zQReqN`+l}L_)YTUxQA$WgL`0BK>`hcyf`dQY+NeM{ElJn1d;*%hJas|tK-g9>61R0lPGbe1^(-I%ldH<%6wak3tfB(+6L+m)IFj*C8nvAeG{Q?(OZ(o45sa z|Lur7JG*?P)L#Sow|5RExf(y}eTK8-@@DN%^=_}~v9Z_*{~R9PJ>PCzXs57xk|gMO zz;2S@4a@hEmD7D+4(H-D?pASeamoI==Z8b`dZ|0wWzLUex9PnfsfY<~vYXk}88^6P z-Qf|Wb6}t&lx%o+;G1NPb%s&Q>2$q&$%!{ga&e;M9#l$7Ca-rp#p9ynWyJ|VfY2U= zy=8ubVAxIAFfn>^6$!pSbD#(v9U6SBVAwL&?iEVQy8b2Jc44w}j?-2n3T;$)F^Flf z&edLZIaug0VtBPoUQ9|~pKcj23te_I?(-&gadH}5fMfkqIHUiKTpo(g)kQmI9z@=j zOSw&x7rIPxgX|4E#(Wg=SgZ~)mT<{hJy?fop)}0^J&hF5AvC{R1d;Qatt!1fKiWK* z-yayN-1a>-q)PE_CG3Dbqp)V38J7Zimz?L#SJ_@D)ZIE_ z-PB}R5TKXkqkC#H(>=bGjuHT5hqi4Sajy2KmS~OT1U_^B6mR6Sa`Qe_#KRV-TPF+h zPu60N)o?xlbiQGn`fJbpyQLMRxExVSfA?DcZL_xv?Rcxi6GUKPrS`CTtwJB(ENT!W z=9`(oCt{RS@tHfa+MFV`gnS=*nE@CKIq35k7#NC`RysPG&#@|D9{YXS?vutR#t1hZ z&0Jvos`k1cIx0VyWIxrClf&QJ+f$jG^F~UTm@s;HA_h~XWK~THz*MZd*pu$;>uW19 z>~P45&pT7|uRV;gMvt(@iy%7!;9i@>PC_W-zt-LFmqU}P1pp-X6#=j&HtXpp*|^7} zV)MFKWw41tDnW;hzyK^<@h7eKJ&IqW&BSwKk89h9S@pzp88sVIQv(QUijZ@vmoL_i z#YT=SCGVTTn`%5}>0Hea^RfKuVR6qK6IO_Z=Se5wh5hQy7G!e3J9>Yp^I>cH3fip1AM>=GBKUygKrl1Rve9Rr6x3n2l4OH86L*Ll7~^Wn*Ld z<5T$Sw*&|w4z{2afVMNH6JMR{ZLE?>4fa$Sm4mAu2fIwGlVwZ*+C)e$c+uQMk0$Gj#$D0D%IC!P>Dg zp9pA;3iLh#m%#>Lk7~Y;04z_iFE#<-DPDpn^}J3o3$!YIVq;^OqtMPRt>1*eykVgj z*!bC{`*Ri}X<#vsKDv1J{ml?MU|QM;ZvNpB{quENwGYgz;(CGF`tA{{*x3drJPbVe z*!|Oy@78nZOc?FkRSR+e4W*QxnVB1ky2CXgY7Z5xL(O;`tdHXG&A6l?Ge!UsZl|#= z#1g%K>G;EktN9xH-0$D}4z312RB;7{(&iX?{2GQt0LCBk67!X7hcgNNgYuPbU^ZTu zhTJAW6kKzL+s?OM-6P82fNoiuS;f`fB#46h{`2+xf1G>z{aYY_lou8yEP#3oL~f9 zr$YRq0Y9nLg`AgJPBMLzv=(PR;5H8Wc*`l91(MNo=vrfdJ$#HRkb<^4x7sK){ z=LMAj0R3=h)|X&@NW$0h{m@IsD7S zTE!jksA)#>)Cd?Dq`y6jVyqeXeUBsIa}8g-K_kuhcMD0My8kUTsCJ-ruGzpv&$|G` zN~0_-_21BoSZUx_kGQhE&UdFy@M5Dq@RQl_DjL;!%*SxKP3nTYQRl?Olyn%Iummxh z%ek4o`lhvAPHmIl{%}-n;qdM7C2*WxK;Zf%nSE8p@E&xu2rltb?S;-211;fRhZSzO5;f3V}&|&l7xcLOAjrMW9zb8dgY`$Ln73p}jmNrbjYDX!k=D zfu+CXri&a;hYT6Eul|ZUYbF43eBC;HgQn)6PnTYhaph9vH4rr`1_X}I=uvv z13*zaqWCNkFpx%2d45wIuMas(42Fd_W(9RQYmVs0TmS9r4f$ni zVoq0DDUdMX$S)k^48PG-$Iv~5uj=(`x{UnTy)ayNPin*&DowULtQR&*ZEv7IM0`K- zR`!f%PWh*O`Qxh7^D^$u!cqC(Kepef%t=D_Gf7#$!I_6nf9{7v4*v?8QuosUBNW8J z&(8IEe^G`sjjOV{caM(RNgm|$+wmwuWvW85ru)k-LsG$5HFL6dMvD z9{#dEZFzr7;{CCJe!Vio-}l=za-&G4S-TXQj+FYF3|Eh5w$*EPzncBaO#U&qbMtWo zXT7?|-4$FeK3kz5Q41C#2~J%S&i*?Zf1;v6;_w6UMMvg<8c zHqo~l&$omC_HZ0Obq?c}8%0bngFfIzUm6&w3s5AyfR z?B}X^@6MBioDEL*melLr%KMlY7%%{Ns&RfU1VyjY7Su*J!}$^2MhT${m<%2_O`6W&6Cjc@a=;>QWySWY;7s?A?AE`YjA{V@&eFsl+!IwVR`B$KMqZ`{zDf9EJxVd` z2w$t{Gb%;^I^$rCqq*?t@uQ7o7n}yNNwiZ=oq=b?_1|q5q+fjW#JFTPmKy8LM@fYg zi--DNc$|*f^(OLajnp?-B_zHDKJq2G5a<}q18?GIMt|443n1N~B+?7wEF7KZzZNqI z0LP83S^v8F?Zu&FUWBeDBI)?uxxdWunsq;wh}-wO=cl_19lL4x6^*CM34@5EE2?bJ z(HcTw_~_WnAMEZQ={fBiPxP{7`wIcOeHJ7(uHoTGMrFQq%+cuk!fSiJS(&CIM5FV# zzjNaV;O;>vw2N>yHZ6oTdW$t6mMNy)AeL{;`0D?bVg1{X<~F+$RI&H04QE|qW*hQw zS9)R%;T4uu;6@x8PEAy|defI`36WiodQYs_vF=$lm8EPAHYSQ-Vq%^pxG(Y-^mqP< zlE?3`taS48u7q%SO{-hXBo!1RF zDy)ZV%9-t#!>o^H%V78*^SUk8u{(BLeR8Z;>(Di63%JkxUK^yMrzb?wevR}-gU3L_ zLsk4FCn{@a!tmq5w*aiy3+*tD`JAj`lRk22WD^-E2e%x6C~EAw!7 z0qNgCE5qoDtF*MB=Jz*fsCPdruT*`Cj?Q`Cw=i$Az#MhG#h*Yeg~Gay(ES)B%~TtZ z#=8dxPZVq-a$7*CmMd%7CGJ5M0o$ywdgI=LS2HqHYMgUP7`MqkA;rQY&u?#nujg@! zJbE>%B}d}UB$xPOx_WzlvvNks2UVJoVAVjD;(bI$FCDI6txWq*!}a@Bs;qK3UR7nk z6?>QXeqPa0Gay&*?tkHB6T=zb9M`$hAy39{bC7<9?B0W}qbBVDO;^8@NS>CL7gPTm zhN`ryDH?RF;lhsW7SXMpW*qkU#_fiXNJ7FuN})SAci5hQ)EwtA6gB??q#QSu%*P6S z=rTKE^;kPO6&$B z!oooK0fefsFH>mUiT}M@#3q|j*jOh)bwTz9|7fdE%IU}?7N|yBNJ2Gv9Y~fpj#M)M z+1X`2$fgbi6?wF~St-=MgFYC$3m?UD128v!DPLT2I6R`!oQkh5F; zsU!fYG`wVwgFKuLI*;YlZJpYgT=XI1*Hz^k8x|W=n)qeDA(+aXl=a% zh`V{Lev)EPuYVjI^pO)Yr1rkXN-?gwsbyLjyJZ1=>Mi7M#Bq#4a6xm26-o0;#sJ4q z`eQQys8YV4b>5ox0lVP0^G)bbvA*PGrYxz41qpcnKksE+AP{p)OBo5hMnBFip*1<; zCx;puH7cRUy9-ZIyE5OcVbr3cq5#>>AQS%jQjrdnD5j^Y%h(*ZUaad;lg-Z5%G2vfmKxd2Yb?%Rh6Wi^2H z{>-?&l4+&jf|ZF$rk?Zv<~iK;t=lJ9HZ;~G4+S?4#sh|UC3=876ya+FP<3%ZTnvB$Iuw-iRE;SICX+;=KxU6>fLBBA~BbD+> z=K3*2Fe!+(SKX(Nc0N?=L)vSG^{UW7m{c z`qPobbTs!@hZgXoZM{KeHTQ+6@D9+$cr%%biH>fiW?b00v~-!cKpY=Roe;^tzD&Vy z7c~ynyE`9LpIbp=(f~s}Z`RG!Y%I5e{oQ}t5&N&2(zhXCoQ=d!HY>4b0o~uD+@tzN zyHloARL_p9i_r9VLrJ$8N_~8Jf^ah+CbcdXh~VhA+!XS}I@*MNlov%-r6+Uk*8l;A zo0mEdd&B)%NoE6@2&}_HJ}o;Ju41nie?3{Qbrb;D@_U>VcRyk0?ueDbnx+BhS;zG; z)=DUMj<-}N_6?&u?$5CLd#;=T_l8~sAu~N%meu`LF9t;Oxi5}@VniM`O@n3wItsB} zdzo3UaoWs<{Fiy8r_Zed4vBYj;SI3$*mYW24`n*SZ(u^*$MOoero4qpeb3kv28hY3 zwpLcM&}Y0+h~rPa`;1Y~5ZiXLB+;0#(Ja#e@ljo=PJPFc)1J7?pv(K zKJUuS$FkQrE+rY*+w1F&Sb>u{!nG3GI|fUCM#N(=DE>=^5fp=0QzQd+dWYo~=FkXo zu3lN`&X4D|1w|u(?Opw}ZVqY;pt(|Lxi7@omDTUBRSj|j2A6VywFgx=GhUT>^5#X1 zH6y%g632OV_-S8P)6cvb$g<=^+^8fArpgtRvAufUIa*s=1IeJKC13RDp^BFj(^KUS zy^yD-7LXd^#(cexGoEMJ;)i?MUZ+c|6D1g2+}tIW=T187+Nz^4O|W8Bp{SDu0v6eq z#D|&z)FNB&Kw{FWr5tg7yZ|(l2ER&3>KHJ>&n|TnqSExd5vnY**dS%@nuY)sGzmCB zkMnr^8bv|x8#iw3Ow2X`UCQxgdq{!KZf6U@0#I=?1iuLPcH@&SxO7VZUYj?PJIjbH zd$k4sXtN7dI_afhe-zo1uKlQ>%Uo3qxr5OjMio+fe(-9uYssN=;iEo~tNSg-zC3Ba z^8>9neqXL@=kb|H;D-+cqY(Ba0nam@SEfd@K+Z6)=G3_s59qeF0bM^fq6~h9jzdsQ zYfaPtW>)pfc_}d+u!8!h1&^pQ^1HguUp*|jEA;o0Z0_?*Ig7Gm-l{aihlkar&kUpE z>%elvPXYPTbv6s%Ezr?~=G=<#H;rA+Mp+kik6Nl0pjdVD-%rbf5}|DGB3_Pl1LBTY zk%q4vmC!c{N&72Rxa!-Zd3;Jr4dP~Ixn=`j>f#T8N`Y#OoAZeE;1y`iDT9zZky30% zb4v>b*osCPV+#JKMnQ=+OjHqe`>;ND-MR=kO;rowLY(eLEE^NmL_YOyIc_mo8f7M+ zR-r1f7enE_cS#?AN32(*(ARG<1r*?9;Q`kc|CQ?fqdxsaC5ac*PB$TyGQSmz+nqKQ zR8#`NC#Yj;iwSt}gBTza!gg-}0dqUIWYN4313Bu)vAS-Tbq9Gd5iB964UmF&J6!iu z&GQm>IT^g6lb6G0^bP?GU4Wn?oZjK}D%p5FK>5F!{8?*67L{UNSS^hhD>ar)*vl(w zsJTlP@Hr_dERsR`b#L6z$y|UcAmCS<$+Knc)l9>S>iwf1HjY`QP(doKJCx-`f-c1@ z3oB=Gm-T>b7pLKwL*3E3O29iuf%@gPj=ZI>w2fCjiV9vM5Z<{mmapMUC@+$MRQs^8 z4L&M3J688YfQ$(5^gD>POgD)hz-cSWjkg4ksWOt2T}&)YRM|2#Al>}52+;n@wW<0M z%GwVJn{az|iIkmmmF1kI`$&Ww{n(H0J6Zqu(}=w^ytJ^i-(hW{+?*uYW&XM&`zEmL zPrSSukbcbTb=cEdQ4+)8W}88QpGx#n?98g?1r}6q?CjOu4J-fVh2>rqAn(R4>pTn7 z+f?dPeTL=y(PjPFG%y#BC9w^5W+m45XHg>Wf{0RWfij)`;B3=9zTHI>8i80Sn@+94 zUb-5G%U~L_WK3^9G4bK8vm-odps}((hwkinblBDv#k6}V+I0k}&6_<5{?v3DY1l#M zKFlaQBKBldYHV#ZM|s42q!ON>r>fy?zULp`YsY@L2E_)u{JOjA1qS*Eo~&>BE41@|Zw??N+(5=g18tk{1_^9Fw<$ zJ^AcN?bKBx$<7}$V7RTc5460;#E}(E@kCTv zkO%KH8YacDTm$?>++KZR)^>(E#!-=&mWBEeQ002LKVY89yihGk*7Scs3Q8U~bmK5@^s7|Te`%z~r>HczCp7^2jO1okA=N!@p6`m;1 zW1VtQ54y~d#7AR`2b#q;Xws0X_G* z%su=WcBSGBCwt4i?&domoa-ydraGiBt2;@!F}p?Fh>>DS(;lS!B2Z$~x6TOxf&^Md zM(Nl@ttF`M=kfMS{Uk^00VD&FDhi|sYWm86?}2Ovo02Mhg6%>(9WAXmO38K)nUS9t zx>CVZ6d)rl9W!0~8D(6CyI0BBp%|WbSS55mK_Dpysf2merlWv`Z;_$#{BW5uc+?+e zMr^}gO;nszJn3YJ7}vM2I8}?;e${lWnp32{Lqo%Lm2cXH!LGu(!`eV%`fw$s3VC)X z4zyXsaW1?(yyC+^<9l|UE=WI;QH(3UXDA%z&Owa31J?Kt7!XR#>S5_umB3=|u~^@$19qcYAzUf@2|?Y2{_!WtXb3qfUPy%x9M`Hll{VPJXou-4Wm!a&(C7uFI$ zpk_TQG)@xDc6YBYNM7{xc4}&xs!gG1F}qIUA_kito0dPDPE9UO)k+UgBm&BlJjBIp z82w8S^h@baL|%LyBXiOA>3OYpB!t*?PSc7T#AXw9gvz=?8!!~z;iEvXLtzCF(7alT zSsSg>;C9p*tO*CsTKf;5Z|jzkT&_|YNCAgyJxa0P%*V9|DQ_Fu7bsa#&;X==F_1o* zXsADEB5{T@7roWYTmbn2*LH%S&PrFWqqQuT<+ZFx5OT{tls_^A;-k4KN7gs~EbrIc z>=Zv+%ftWSK6U2_JBq>`DG>DNC3{O)AG>ds%uA10``ZL8Cq&Sh$#B+l%P2g>C4~J3 zkF-;G)1@qnIYRYji=;`-9XHv;1)(-vIqqccT7~K{i#PbsKe@+pF`k04>3D~RF#_>sUF7e!EvNDBSs9X{X5r?}HErx|><&Iz7XZ!@#Pm%P*3M^J6P2hK3$9gh1G9X z3md0%0W_g^ST#ve$m7PI4HU>jg@HeLPC#y1OUH~9Bqcb2_Go@LkQ{W#nFR7n`qNGj z%XT3Dc3Ej&{fPrY8uP=-?w)}GJ}d%qqq>8iA<~M9k!+3*dyCH&!uT@DptUfoe7#29 zSn^zo$%2i5jo5M^9!bV&kbJNP?b+Gi%ttmJt>-=3?6Qq$1PiehsDVGabxV}zOytD- z-e%*zT%w|a!dKuh6v=kNiS`8j%7JYl146z9oOX-X(m+-t7ukvILUto%?Z|>ZrsR2P z9U_i%duM=`X^eX@&d~nQ!1Xi2L269$2s9Fkh~#$+eKDp4UWf@$1ydY79V^rsacMlB zx%hNuHB&c9%J)bq?Bm4?w{QI~b_xr8-@d=>5%M21Fl|y3bDHB*Pxh~tky7Mjj`yaU--{6_?u$S)gh=6t) zTl`E{dp;&2AS|FQ;9|2V!~>Y4+NZTJ^hd_3GC z=iI3B7&boca@>egMcn-(OsW}7H;)7$>W$-vBEi9(LLSX;_&h@hFJ|x;I!lym4mLhHes+v@ z6dmtx7ojr;J3vinA)i&#ij7)Z*czSZDSKWkU{Uqd$r#&$)|iFe4jM4as4XZ3 zjlxke$7rCTiZ$z4SBpvOnYPrWyZ%FWZ5&fz#%J5o%JuhN4sy- zeKwjj{67LPmU;Svxo&!Le5)Ra>>nxA4S3gsL9`jQFylmW+gX& z;Wc+iSb}_C<13egg4Ujz#c3g%*(;zxKn=BmGiGjA_mr|%(t*s@565xcOV{T)=xTvK z2Etyu<9e?5@84H2K0iVf=x$HdsG5)1a={YxT<^UA-4LurOJU@$uC8WeJ>9)3OF#RQ zyi*nOaSAhQwPT8Ey3@H(ve7wtcgKDDlRUwk@V@LhtNFgSXycDZ0r~?QX^2wO9!9U} zI_>YZ234Vu*r3s<>aQM>A-`pKfec}+?aib@a455-o^YZD&1`H?%q$E(+WeiCNVjqP z!(nw>T=BehG;zwR_NU`3AZ*LnTDXAgp_HtnL}I6_u^+%@nYUS!is0>gVI@b_u!3u+ zSU#W|(Xcg;aJ}JkJ*ei)qmbJu$}?7OWWa|H*_F$hGrC$aqj_o!yu8GqlSevDdiliK zm0%vIBPtjJqo`*5DRG-X?4r2a0R=XN8jrjmlTH%Y(;sW$%Lx~K04x_uXZ_#ljR-#uhuX`Pn}QL))^2k};CiQ#3+mcz3> z!Nu9CZdlE-Kb~8rmxi6?Vn_1QGi6|)-+?*9RGZ+SSEU8yI&{CO#dn`JzMcz+qo64| zqYF4+22!lvsDPaU_4dU*+VV^7D7zkJ2qlTsBm;|U9UFA|$i<47X#oM$$ z(T`4E*oW8LOWGvUQei(-tY2(eSLpwx7eYbKyOb}L2qV;Vs~MB(ba zl!H{sEW87HRjEK#!AHysr4ySN&wahdv=|8c{QjeZ8!S&AcWy5#M}dWeo% z1h?5cHH2yF!0KH_BUL+l^)lT5r=E;lvuXRQ15a+!}xx#C`NC)p8`-eam*{U4;{dObSbJ zB3`So?6NyOKQZfl6soir3k75w`;y(uz90DIoV7 z?eUyZP>6(W_1!s~V!SOt-*PB3KETXs=!DCIyA*?Zqm$*2GU1}AtAq^JOPJ%h4)aZ2 z-LFw(w~Vk>_BuDnW@ct~c6W#F6?XOFa$Qj~F{v2XVZ}H$uDC{~Z9#_-VC+6Nxzoet zx@R=)zFp6}@E!L9@TM!tX->shSzqeVMlGCyo#V1|1;0@v3gNO@KCa?v?9Qd^*K0sm z_FOw~v8^5?g}%)W(h+~&4DPLAUGa_W`p`o$rF-!iZTC{(Fh?cei0bB@J0?*tb#<@c zQjsz*Lkmt^`v&;!76XxOyxyoQ4y%Jr%lf#J1E8>*J?qrN#eh*|U4Qth++zxx5(OH< zI<+hDD;?pPGocEji+-=jPAupG9$=gG>5z+Hzr1CCuJeDj_gzsnsBQoSd`I-oJA8#AT;LW#$|^*V=n8-vM~P>8WC9&)!5v z_MNVdJXA!8Bf^nU+&;TQYK&X!QMW4}?eL5aEtrWCJ&!xNa8y!EMO9a#+#Ku=))p!L zdVDn;@^-00dD?dl`d#(ezc!lr2W6q7;~71K2c6SF@HyB@ z`q)#S9#?<-DM_ex=8EK9bJ^mUd@rw}#ia6`BO%>gH->EeE;Q(=sIJb6Y9hG5^k<(z zQ;MIx9!o7C*VkOlU`xJFQz!F$xvy@pMe}@M+ft(TIO25R<)(u5x7eoP(6d>~@_wTqN4+Z6km>g=z|)~ZZI3I27luizrXksyWZ<3f=yUtXA76Tdeke5&|FtqgivPC=ZlsW!H$zQC3=x5>Y8gGzY2NSLC&(>=@0Djhsig_89O})lYqk`UORSb z7cMM84TdxxKGV|Dy2n{C?HxcGFAqWhd7- zXgBI+S*RoBZF^S~R?BgyJoo7@35TbkLSdiKy$B<4?+?L zJIE^)>B zY4f{a_R+(ZJ?JpxaBSMx;lAJSW4|Bo=FJ{6Rug&AYTi%pAK;fF4j(hP=!rKxSXmI) zZJv@*d8<{T=dSwWoEXOaN7qk##Co8p5=(+h!c0?$cE8RG2qP2W*);gJTK*q=YN29g zstYkSMCplagiSPG=DOJm_`kZ$tMYZlf`VkX*!Dm>mj0Ql-nF8RYhv>vgJBkPeY6w4 znf$6DJk@bcHwJI)?ajP8a~5$&diTRdL5IiQ%xgCGhMh0_gJg?hs8-E#sQ~y(8gOZe;t*jO;Is>UvbyTM3tF^_oNj1n za%HJYX|J4C)qSgID|j5XGn1kl?~!yz&?Hq2u0(9uxH}4`jMY_6PUBOZE;KeZHR)*1 zMm6w}0rXj@`G6eR_Ln(;?Bv}j4f>rLQDVAh=}*e7SAj4r>7w+Bu-EZLwmx@%?-Ty^ ztE|U3#hXWK{nn^UrBikcDyMD8f`I?0Z#bNJ%}jd3S$?J=r$6eJXFTjOQte?t$OB(3YX9_YBh;>1d$TjQ*?yVKt)`pxR?1&z-&64=zd3+LVD%_Y6QC0-$_ zi3JwUhK|W2_I4}6uQal8%;y;(iM)hDVkq!u5)lF;dE{RpMv-IqwKx%dvTK0iB?D&5X}#iJ~HOb>@^HLzS$01xM;UMvUAC%fq*p zd%xrvq&Cri^pvh`p1MjDRT-Mt4MWH38_6{ zKe)Zz$^50vP?c9dxdxJs^WBrVR6i)1)Ry~IG*ayi*EDV$S|VyQlR9QxfeXBwn2s>+ z_2wS^@Gjh0J0_oXe&B7g!X;T>^x;6dJ39>vhhR(G>_yl zxgrbhVzVV*zR&lTYR-UV~`uW4O1OsGA2-OcKREz~fEurh%xgrGj-+NnBt;ly1vf z8qFyY5H8KpoTyOROatn&`T^?wTT$#jFB}ASyLC5OOoIB?Vr*3NdB8~dIK>dNo z_+;~_reYe3##6%70Y6StzCOp_*iuC}#z7<##~e7|$o?H+LwM(#GCAO=L`^Hp>!f+% zs$;s|taS_Mc6?vE(r()(?@UyoJ({>gp&n&DqEG%q|G3NWhu09ZjTBbyQ8}^RTDL(R zl=0k|6g8w}fi@&{EI5CQY=gWqR%!KdN0@c?rut<%pMpR2bEXE$h+V{FcnA$y!Zt1B zlAKmyhye~iWgpe z~wpox`IN^gTADxZ$GJNq#xG?)AA25}NSxynBJMkip2pI|iOp z*X_Rxo*lNIbz`Lbp?051rmZ_gVE9GBLEOR8LwomHE`K)i5b?4WFHPz|K8n8{Kv;W( z=5-ain^AU)`*fSCW^OYxcdQk5bfnmICy_gtDRH!PnjwgVADh)44?@osS_=p3>>;XK ztp>`Bhp@hy@$F1m8zw4J_4RhAS^G3d&Mnmzu$^e(dJ>(-4BC9#T^62J??uPHERpi| z50a}dw7`f_cs4K`hsDU6t))ys{cazBEoEEymMINH_g`$?qy4tPxU)rC(04fVr0nA! zod&^%?u?T5Q|rx3ZJ~Mw4zZjMM#`O_ryd_@s>})uahX|-;0qg0zG^u+?f`_HbP7Lb zkO4Tk{Is{vy??RWVT#P3;Qedae#{2}Z3yI5u*JfBK-=3_J9Q-U$531i>jOMfcu$VL zEFx6tcYSb6=9JZBEEphs^(#Qf<@Z3x(2^?SI(gJhCk`p?9IM;J76zC7E*fJSp8XiC z`Z~uWVmyU&W|!R`n*|zEgRiAjW{Rb`PY!M{8yi(7mku;PxgK>JoOPoIpWfjOZf=d` zSu)y{u9&}kXE{4=ww99PhdiTXr&G%Z@V~B9`g@YkphqXS*YLL_Q93OBG^|tkoOR@e zp&`vi>dq?vVF^Mgy^1F~rV0S9^_8y&jMNX96c23GKWIT%C)8$YAm_wt#uo{f{e-PC zA83{pxAm8Bq)+T#z@_zwmOGp3j$X6rVP3wT7`TBEG#2Jit(p!NX!IgfccHi7aqAK6 z=zbl7w7%nxTgy>=wLc2s{sWkJRNG;=qGK~~r2p2Uyub+h_AVd+seDP>h&u?J)ShBN(>0h1Fj>B$%pUkH z>eh2h;)j0cy39@spi zmv}*|?RClcIN0P$T&^#qO{6{HQ~zaW@>Q}<#Z9wp3vpV4dJfLl_{Ca=2^y6ztq?+~i`~1t3*1K*pfQzeiWQ>)o8V`^n+O zLK!FuxnT-o#)_yMk!3o!~?ED@@?su5+ z@TEN%$_-g`U~@GD8O`2UO(h*g^Ea#YzMHnWbps{imcVM$K*(LRiW5`ov+oHEem3UjHf*%9x91A{zWstThFs8LwW2Ug>}Q^{dvgW5+6hPQOc4 zP=Q7LdiXWj#-hhLhfL@tvjc#WA9;QG&Mr(K-@%~pW5C5k5rAX4;2VM~8Yc__aEg}L z&{{+sL7rnLaeECs*$9E5)-Ld*#-(??A@Y3c+4nbXTy99UQr@1Yz*}!c3*-eIhE#hL zLh_^)Ts2zSS-cvZXxUlCBN>5tsmH~iOm6`w8VUELTVr<#)$ z-Ob`Z?*XQ1F*6_BY(X4lp0`?AyB-MJN;2;zmbzOYvvHIOP)GTr^hSf7H~3K=ITQ<~ z%1dnkk0^F|okc_}<>t6w*QWrLVSqe6>>`f&_u^lLnJC$vKv^k_nt8_gxh~FSJJJ}m zE3Hwt9cz9F^o@J-O?jc&&S>Gx*LUZW!;KsK(PtLOx~SVu8y3}9Ej@Z$vjf&Q&!sgA z{t)5(=30}aGmat6P!B{pDB|gnTkkj1-Oy~go4Zr_-4-c}uQN%Pz5Ca4TZ(vm$hreQ zFe>?gS<@q4-7nTp9v$mQZXq_Pm6n7SyrgftD555n4Zb8VSHvM=*GN82y$UwKTRW=L z_etJ!gX;^;%V_l_XtWx{XHlpmP(*Rg38Q~uQy&Hdn&)^!Ftqdbl);lUHwM5*3*DP> z1S>IXnHO6?wE)klE+^i(BaduIkz|ED>+J27bCY!xj9bWSr zohU^+X2D#=gF;d!rM6>0&ybXJQucbxHpuxufHb@Iz>nNhCr{b~ebr+)&_EFVf2BZ8 zbCfCdjuZ&VR<*<(C+_UkMRakajQ6(>?QUnQGIqbq$hQ~Wliwb3F6p3WcrL$@Bm=Vi zhpxol;32lKAr8jkP-9oqoFc&cD;E0mtdQf4p1T+yIp5|ZOW(1LV%FP*{wsZhZUY4q z1ZgL??xBOx=C)z&nQ*cM(Vq{tY)HcomtiS=olWMxGaX44R`LW7P~G_>lgxy)O4UtJ zvx29O2SY!=dVr(3eBMMb*xG|?T}ge+RT|NFZ6L6ls174C)>E8A3GK7wF>r^ltN$Tc zyA(0wp^{zi`Bi&xkR(Q}uYRGA)$%F_ysW>wX}OfTFs=OJ#0q|d>c8ai6PZ~F@+KNz zl4OV-o67euC9%M?5I58aF{gw)aW^T&V+=Kx@HKG|)`6tbSd-K|XLw46aE3ywEewfD(sRoAw z)w~RyZ~yPzBbD}Nx@C#oN@&33<~dlvgc{zbxxU>xF+^>>gQ@z_hGc!dTaNoRwj&*> zE$DSsTpm-Kn9@a8>ALcV1K;^{SSbRDj1*kkqtS=uYaH{%Ccm=#z*OJAeF0aD~8l`zhL8o0cL$jzed-UgfUs58rh;E-S{m$H~M>`8`c)I+xfyi_9H%2F>kO zxI_mvQ&Rz<)xuE+bQ;q}DNNR%cb>DLwQ?W1^kPL68n=cZ+GNu*7a;s51D3iDp2&Mq za;J5ESC(PO2nr1 zb%~l_#$RBsb?$j}Te~O4`sMUsEi0N2Q3A(zBJ@)gdS%a07RT`8XQhV(f}hvDpJbJT z?xtav-hnH`-a`38ul4IBUbXjXkZcVhFDB*ThMFUBcVYr`q2iVe!+H7{Zo#2#QV*9c zP}Tx7t)$W5b&Cw88jE65NPXiCrk*KfBv6Y0dhNyV+LVyT;=mQO#oH|@d5$H_otI}_ z4UV6mN2~HgaG?Wt(6lyW(C5tEjdwDfk*3Rovc&@0jRjiDK7E80AepHE)lWua03hAq zg#017jc1n7$*vtN&GkKhdZsFD2mM7+e8rZK{n5WDt6WW)N4F!nWH)X#&%NO8ic+EN zu}^M;MNY<{xO+?l*$H&MtFah_>~Y05p^kW1b*nNh-FLFtCvY$6T7Q|b5P^YWX*YVf zscyjR#naSnfBmQ5`D;HnKC4Rjm%v%*Foz`UnOU> zV5s#=_XEE_^X`kiR#Kk=Og^W+hq})i6j{ z2QPaq@5#(Tff+`~Dn>VvjhK|tbg{LyL}8w>l-{@Vd6~#vS{}TV?fLoJvvylQ^G$8; z4J1=Q=VcysS+@|cFb!K;n0Z5E6ZKD?KUJN0P?{E29iceRPS==kv;K4T-{d3W&!@z% z*ij!e(L;WYM!nxJ8zmq|U1|)gR1<7h{3CaeAvUct&;GCnSixo;%LjI|PDY|a7i(ok zE`H>})kN$foL+Vp3SNHB>i|k<==!Zy$D=vORz8s1c-GYUUyC^z%PrqcN3Z=kP#|97 zBg!1&dTa67;RIXd5b{r zn@g2>_hJVy19{sD%x@R`0ayqHH#Afr+$XmS4t&yz>snM~XC zD~=ybllANB&^d-wM__r>LWlG8-cH6}6$g;2RXhRFv&jn_bxu93=N^7Z+}n40wJ zLD@N!edA=6qNjt&Q+lQRr;wqB))%4GJ>xE>!@RXyqZZ+(w(woU#8az-(_E{HF6&4~?q@VVUWEA4c#&V)D0PN^nivys8f{h-+GwRZp)|!&Gs;c3 z(BGgvGQuwP4tK3O3L&0bnL#MyOErU=WBD89q3-EbsPpy-@VMT^gI?os;tp?mJ^mr% z5r4bS!W*up#+D!Eu`2bYYT0-ps81=M!rTvXZ{1ncy$cca3W&BS@7rDJyQR8{f;ofl zl>HYSfm)~nNU>-&wrYhjHx9M_l*z-r*Er0nlYM9>PL2AN*|TuLwk-^+6ga>AtKb+b z>O9H|)HKOF>S3dTchg-EAfVIZv=aL;_8|wyk*5}z=FCyI*v>0llf>jZw6UM2R>gbI zKR+Pb8+TUnvurovl}SmQUP*@`kB+wXT%n(nNwG8shjSju6Ib-6m2Mz z8XOE%w-V`q#6}0((hkexqf_w&1Ox6qiYdc0N)dEahJw%M720x{l~$$4o0Q;vGSzQPgaGUe_$HZ@~y9Aq(c6+L2IgGq2M4u~8@FVO34eB?s46I=NC z4Khk?WkzR5?fRe+8EtBel{Ybr#diYRyvj@1Q`k0`{A^Jnq-&ywW(#4ZdzGlTARs;; ztIsRhOKex`FWp=AsDOvCM}LK~ew+3=%|b+-d5eAs>veo0(5O?Jx91sQfN`Y84c&pn zrQ$Fw`*wVT<9Z9);VsXcmM4^UJe@bSDGC{fb6X8uj0bF?0nnLyy(0T1#(hfsOMR-+ zK3uaOtks0ej`yrs^(mP|KB6o%XtrdQ$JM(+G$-$#V?USKr9|tF)}vD2HJ0r@E*U-J zj6mCcOx_ZM8>X%>QoV0m+{IaQz#IST{s^Y@~3xjt-^{Q>0q5LS+a4L|i-{f*5 z*Lac~a!9f(`bHHMB&@aHKfKq7sH4pIgPX%hyK!1MZNkNR?b~x{``$_708?WD)Kg=$ zf$ahSV{@idjo51a#>OusT$wpdc}i*UbgzDV1QZ7H_8 zS4Sg78c}JTBTmusJQXdCI+i;J6n7~dNnB|CkYv z*O>`eSSb;)b#f;+L&oIg@y+iv$%KT#`YBK1kF)MpYNbitcdV2jZ(jZlu|C#|dJeN@ z(Zcj#3;D1>LHI1=M%_-WCf7lj=zw<;`nTl^V*rN zU6Q@tk++s+41?b@`0w`%{n6SAo(Whr$KJJkkDF;(avyBNz`Jxj%kn$3bTr~0ozl6U z%JR=kJ|@LUUUYoO|2MGq&oKD;^T|IS(0>M192KXg7(9QCI9@6%E88Q)cVsBnFy#O9 zORo(7zyI7n<>G%{{rE7~-_htlgR9s7o~Hkd?c@E2r1{U_$A5F^{|pAb`x_Sj&)7b; uf6$r#4F130^Z!2Nzf<%-Ig{;g=<1NM*|jn6NBCb4q?6r~d~Nuw9t| diff --git a/windows/deployment/update/media/37063317-update-compliance-overview.png b/windows/deployment/update/media/37063317-update-compliance-overview.png deleted file mode 100644 index 3280b3b6c7faaa20dd62a53b2935005515b863a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 436660 zcmeFZcT|&U`!0$oIv~P~D2RwyK|z|KNY}A2C{+Zcgd!yZ0@9@=iX)Dqp!60%flvcT z3q2sxA=D6hP&!Ef34{`ooG0J6_gUXCzw^ggXRUqqZ>^oRTw)||-uEf@ecjh}-On3C zeeEMWCwVwHIF9K2aqB(@2k&7Hjsuim4uW^$XH?w4U;Di8YyZwsh�i{&4_yL+=I$ z$Ct>%yLMdQ-`r3CF!$!*5DjDh*$4eB@PdPbm8Em*#)D_pbfkKb1%Io_Oi} zCV2Y_RB2St4X$-hN6QGFX;}5AjAdrfh3ZRp-`r=d=HvNekA57bnfcM3@735b-gYCq z=StrES?0RkL3|rDvXw_8LD2?&R+;L+1y+*8Bec z9tX$ui#JO4zQ@54%iGTRk9Qwjy#PjH&&#m=!<9X6u`hb_|L2REL|CT4(;r5Ns-b*I zLoTx&u`Uy;x8kk5-f-^UkM#e?FwDMp*cbDMscD=OF6C1q#Oa!SW?LIBFqr%hUkDu& zeu;gHw!|z=27NB`p4W%H8>Ec7D*BNH@~rEsA?$_mpReoYYL}z9bh|gix3;i0@LUhm z;0!lQjHI-5cYv9nG_AWw!|XlIIkR|G?)ELK+^{1ec`o=o+_6hiBFgS%FPjDi29WYH z(W!_VW>DW)$b+g=Dqgn?v=}juG#P`!=WA-~)|Pw}JtoJ6jjy2;!@f6#sos=%dGN?k z-T6D$Zb}G6ado8X^o~^fhR3n|t4xDyez(Lt>6@$zLi%S}l)L15PPeEMR3*Y**`PXQ zYII?#0jRtOxj%IG49atCD37R~N7R9%M~@D!%q8PXTYZz%x4A9`Z^W8?e*W>}$4?tt z%pAwg`rgbp0u*PnB5O)*c!|$K?+wZrrboELu4VrvjX8CU!_P+>mCLFVgP0=gkd5OZ z@i8;8muyd6dwQKTgdS)WLlk%#yu(l3*kA58rZf-z&!GfA@0vUqc6dRA)AbA@#Ik?e zoXpTmR#LS$>Qit&S`aQ%-6rgnYlE!^4>rrY@6zSyGm1YZgA^xKC6*`aI)(Qx*ctTi z;)i$FI%Q94?8w(RJ$dkCV+lVn9T{ozx>J^LIXmU^hY!DM(8q6;yWmF?&v{^3%$j=W zm)~X8wR9k`uBR=WSyEC`_tgBzy=v6C#qY0At1r5Y5KA1x?@TD)*U@={OXzpBcsf!S zgbAq+nPM8<)i1n;E_oWU=cz8$^Tc1VJ|{=0sq+5$vf!u=XX%d&e=U+d?~! z%u^<$88gOpsv*?}c`KXwthKjYMhg;A1_(W(xVSTJJivueh-6P)ZSojcADL%w9?Tyg zvQRZE^_`={m8G_i=W#XH7vDs{@0s~77LbByy)*5yk0+{qRpGmpRQG28tyR13B$b=V z${v0#GuPUU|(cwU|f zBW;OaR5P$eb4U7^B|9lCbuXgkA z*Wo~D5YfAZgGUeQer{;J7dK2Tc)}iBtyj4>L^zl{d1--p1Bd?pnN`C2OtgXXmZ*Qs zCA+CjA_Bu2y1=8pI`xvKE|o0VDy@%rwK|7oW-Sib_=Z^(Vwnduc82YFczJzVVhX`f zEopuEvhyRnr`&l!Toi27>=duJNs6w8?07-gSokC;ZIR=G|2%K%;OOWK*3;X_$N_&H zqH|N&Mn_v)F%g2kSjNZQXJQ7;`s*(#@AA~uKJD=J!Ds^zsSMtUz&s*%pG;JnY)%Sf zA=Ugu!D zfTeb+t3vbHYI+@75K;EfmB6%(SM(k)a|?PAXiYQ*_itoq_(8+XXm^*|vvWoK4mUUV z2vyOsu?wT!le#pR8?CRgF?cRk!=N=nw3H=&_Pf-@i{j3maowX8ZpqZb0{btCsy++p zIB4Ph$B%RJO!DVyr@M*sLM`tSO9$&if?$`Fy-!I@qhb#QWW>Cb#)vGx5m?nHb|#%BeGHcH<8thW%W^wD%==lkmwr2MOB;!mfF z?jf`#xx}u6s^lt`nUyuNl1P2r87J+VSiVwNg|e)l@B5K@UcJ*aAO)f^>ks!B%=ri+ z6B=td`vZi{Y~NFVUuqrC)y&gP@=XKnTXd1|okg75HslSbKd%^SgG8`IurfvYErm@g z9~4=e+vBOtLPM(`UrEUR7wt}^n5v!yRX8!Wp!-AFZU zhI_pZzs9=lN6rs=tEJqj6h@ErNrhFV+t`gb(R32u1x4Mc-@lsKEVlog_GRT5`JM5& z4Q>*<(0E9!w^TrU_zh>+i00zrq8}n4$0#GLuzJS@c1iouqtBx1Hopoyt$Wn0jQbF- zB5dW=ei3IlYuk~mb8ZV(Btl**3*5*fmpEB>7Yln#Di0(s9-i*~bd#O`Hmbh|*6l1w zS%W$Lp6pRSw9tAQUu<`?Jb>yH6l|0b(A?T=-a6d9G%~G9f2PpRmkRDe7`{2-Px4DVOi+R z%nPuEZ}M+$9Tp5uKTUvUC-2bkWx2)_x9?RRT>%OgFE(qk5~&N(L-Ai!R#M44-f-oy z#u!IqCCMM#qJNvN=N%0Pwv%lU0_z^3EWM-GZ!jg_aNc=!Pw*Eo;$V+?hgs=1EdB{g z?ZY~Cm+XIVuZiY1=Ce|_`Ix!8N!}Lvc0fUUBE;+y=VuBBNyxhQ7gwehV?7!|oACmv zr0%L)o@wy3=wrmWgtgulNukvHL+H|IVV)9L&*_T*9`IKE`RbKfo<+Uhb$Y9qY+t3P z!EhsKTYe>Zv1^^{A~AtNUv1)FL=B8`lD2}zl|G5 ztd7yqgUq}C9xS;Vq<0oBL5*B~gwMA-t>}a&uAB7bLhFgZJd5(Yr6F`a$ewD()d?YA{3sT%OCBgw zD!`|zH}AhsQp8u?69QYQTiAOI!YyiS9oR0FPK=Q?#_h_3WlYUS)~7rCR>}h59M#Zp z9rn&OO&76ooH191Gdkr|j|xth?g=@ifanad-m)}g~!G2*pM8VBZoUp;)sD%y&A=s{>R+SPo_0P z+=}GwBtMY6{_3)UHr`OfWUOi z2q{HO;1ps-!)Ub1I~#Im$&XTgQjNxKQe-_LJnc2p_M3*ATV#TPmTyaCsI}`*fisJ7 zF}`fzuaD>P6>gSlmp13q2FlzgRG}fhWsVQI;wDQ+)I74^vp+1cv z;wep^HsSLdJM&r_ZRaB;&zxxxo|c9{jHAW%2EX!a`LtA89Dl~#p0A^M8*N*{jOlc# zB7HOJTsO!UrCzglkBBJ^3VXG?T5i#;1k&BAUmoHgE$=0U5GGtik47PRJ*P0lbr5cc zXZw}YYmFT;Q-jwob8&I0*n4eB1%+)V|7N=FarD%a_(R@1!=*6HXX4wT*J3iOLA7%x zG~Ue}W#|4|H{G#NkVf0f)j@_Fh_`7O>$DG@ncykyw)xUw=d*5!GyJ|epiB%#zZQcJ z=hr4;MU~;TqZsU<)O8I-MZCL_t)5p2 zRTU;pMaDplq5yl+xJ#KAhQQ283&@n|NV>&sCoF#g_Prk*P zEo}=~7w-@1E=ijC3#?g~1W!yh2wr(jj-n}N<7e>sX|WZ0MB z<-r-{u}mukPrI#fh2v_l*o4I=|LDe@2`Q%69CEEjs4!L$M$kPhMb$7N=v@7|L;?KH{Myg;X%riD9)YD znvsZDMQ9|cdThEY2oZa0Uj`^LPl!*A97wEJW`(F-SC$obZaC0B8A5>G)zR^6*@3w% zC`t1?8+tmC=j%H0Z2Gz#!NHM_z7&Odwu%@kG3QTdp}Bi?mQs*Qo>l|8Js>|3qyHANIuRF z6Ce))tWKSDIW!(5{`uL}eT<13n|LYPu~Uao2SbQ0w{@lXQ161Sq6K+R$ern#LDp(! zoDs4)l^3*JhiMpH?cQxF2!S0HP|tEFF0aR?iVYRw{dIJ3A3CKmlPK>VHBjfH&8c%s z{j-v=Hpk|-9<@jL?tV?t`uushuK-c!jIsD26s;f!YV!5ooBVz1TI-14C7aTGm zmRs2yP9GyOmwBraC?&20cQ6TdQF6NBa;cpA4NQ)w9XM)(diACw>WZyQLKwf86GrfR zWP5G!)C)QVXCt5=);_F2U5zg|@VB|Su9Mg?u6O_W8Ln?7w#-!oZb(jq5Rg0T(FSV;CiLvV2NxxR2nvYi<7Nv5r8vK^UDw|9 z8->@u9}!Wy79xXEqOlkr?;$h&WzNP&MBv(~H^z@AatABz>pk8+J5+ylY;a)7M9Q0M z?BPmXLXL{8R_6My(VQery zcLSU55Lc^tUJDfmkN(B*gzwUzQC;9knv6ZfBm*f~ROQpS>YAbn7K6lL$5lP=Wp~%O@@OPz7Wsz6Z2*DlU!k+(%i!hhiRH z=ea!_KlY+U;=FNqkWuK1&X*%`PRW55b%Es*)qfUg1ko;y1ojxuZ#DfDW7(c0dt9}^n%iqPd`+= zX8tO-!VbS!rp{ww1Y1pq)iWDRSdo?V>6nU}hxjF%v+=)Dn++3u*EF=r6&+LcA(QjT z{k9gum4G5x|Niy%New66!ZX3j10@YF`NxYcq?sP=h{|t%4&9-Rc__kg*o|@To;(B# zUhQ}tK>^%U;?j&sjh|b&yXX(F{8y0lI}wAoT%mfMd;u5pO$3puxAQ{iv?T%-3uzhK z9{TynqC+0JxY@dkPJEpx^!FKXv}5dS1paJp=i%WgQ5*1RVc=7awR5_Q|Dgo%(Oexh z!WyXw6|#EziK@?Me10n?-nt(Ynkn)s_c0#+J6`Wjsr*hEgGPA>c{b0!-Cj4Im$hPU zP4gF>r09LfDN=Hi&3U?S^Oap_q)4iF1muBdf}60Xqc+m3<1+4qGe8TYWzNx%nDd|% zkqTfFbT0Vnau9hE1i9Ao?Iw*4yOXM-%s@4o4T!vMVXs&cgHBVqDFZ`>_!W*0QXjck z7nwuaKJ+ldxpSTzJ0!il#;7w5YygQh$QwiJs^PSK&vjGU*nq>Bx?@OEnb3RNa!k=a%m6_^)raC%30w z^7}MxXyCIqwG{oAPl>8OTPsg7Jh6;Q)D6qh0tu(uI@tN`L?Rr~MPwdN_WC;?7Q-KX z>}l(&onJxL8#4$p_pix!^!$swDG%6F^cc{QMZI0-r3x;Cj4GFK<$WdM4a3S02M+ke z9XA%JE;@K*m#_ux!{>M=<(U;N^O{@{Ds#)fC*wTNTSZ&MNSQvn=$;@bW?Hb-BJ8zz zOxT$aXk)4?y7swH@!`i}V@1_lKCNR2$W zGST7C!|bdqm6enePL|K&vZ7z;e6FU6v3kb?R)!TTg2V?-jA1+ohs0`amPn3AeV0#Y zj_XHlEo9t=TW;mN!>O&PYcRSF(D7oWb$UNK@n*h#$*i4tqiWvRDB=&t8h@qpR08b6BH zj#mu6LMtvd>%8WRPA6z^v|C5GPO&g#M?Qp^#=2(jl@Q0P>-uYmd#zE%GM4DB;{Z0T z)P)P*5;^O2tK{2_U%uw`Y?;|oJ=>`N__Fle_)hOj{>K|jnxxmN(c;~LwFkdjYDeOuu^ zvBaw*Dnm*Ka8LDSR+F+y^Kh}naTGO!v z8_fKo(^389TB=NQuwZ`ABUT0|0Pe9FnDJTimsOLN47=OG9(pV`jM?eGpMBgUj$AQQo7sER@rX^}X zp||u_>Rig%#f83%yZY8{hst1plmlQW#owxs{45K4=dN*aId6Tvc23KRCqr*N%&y&(iB#W72;&oRlK8ph+SpXS z!V~}W{!xh^Db5jTpqdzwz7)LX{0^z`eazyuPQgP!Ir>HM{>LH)KVE{q(mD2&9o`?bH4v`*v~Zx%yFd-z~s)F5RH9*h% zh4IiBo5V51bgm9ixJU)1$WNgR2MS3e$WQI&HXVeHY#Rgv55`(GW65 zqwD~_8NdNXC9~Bk?R%t-;OY}bqa6CsGx4ddyBHdJyQbtpU7)X``w!$+DVz~VsnDc5 z*x_I(#b0bt$KUkZx^yT@V=5Epp2^g2J;Lg6x~n0W<~9EDl={wl0jUrYK0g~!K(0$= zW?mO3627GaK%u&a=1*5RcG0MTQWPU+_&tj2k-gSH5nHi%Wgi+%07MuhX8K8*1xoMz z>^#yx6*99%l*K-gA=R+c0?WB=wl(^El`Qz@4FO z*mse#v6-JgUjsNylTI%E9kVp$R6*G!vUha5Tw&=e~0T391{NKLw3A5TqY0r-? z55(Vvy_34G`lBOad&tzrYVN>qBbVo?6Q+e$xquA$BR4mfO&-klF`t!SQ%A zp@0CrGpx1QPU;nV)Hn{YQfJlL#-@+B+{S}|8%PT874|* z0d-5oKD_1I{$#8oH35+FYR>5;xj@Ma<8BFFu7de)m_XMX7#U;^28e{iFOrts*(w#B zBt0>l9XT1a0-cxjPDm$t_h=B{KAzF&8~16ELh~N>PnGs z(obLIT~caoGwX~W8|zl)sFypbj1xWMffGt?KZQcjX%yTCGBr#E@$Bl@7Skw0!F5g- z+xTPI%?-yN61X{}QJK`&yox?l3FPK-F7JZct8PgE4rdB@~v^j|hBNX}@4w3xpWIAF&eN@T>E= zt*!4WvM;{{`c=nHin9f@GNjG6reH2s!M5WGkP}@-N@P>yWu$vNa+5S2Pyc;+9qY-W z$VwZ1elFqv^?Fd+iEkb09iBaH<2(%qYVT-cXL*ksfT!CadkZiQwkF}BB@SOix5%>B z73Aa$fuTdW#%V((lFj!Ym%>7HE_^)_j#=5cJ(|k+o&L0Mz%*g|r z`oYU8H5Gw2G#aJ?&CQEFckb)T)f!RF;D^(x&(4_{7LH9A8J)a3+6jGv#(2ZlzA$zAhWa46TP++PUMV6cUU!S0S_S;P8UWH)p^!^$%S6ZSR?(Oc z#)k6n4N|g_TiNUPH(nkjP5yR1<o-1)`UBK?pSC&JjSgm$L4R2Su8d{Fyw`3Mi8D9^;JG zcV95rpCF2nm`0n<(=90s+h=ig)2$JX@kb!cFzdRqU2JC^P6ueu@fv`yRnd-_Rq+P) zlWIZ|rY1Pq>uLMN_?+)5g_+^q$x4=KX(>`48_G^z1z@taV~?F4bM@d| z39VG#>IzGa1vqlKYTjDyFMK@reJH3Q{ob=skQeQ*(7vO;@beSy8KZ`8j0ecy$a{rc z0m?@DzWoQU-K0S>D;K&{x({BNlGE@i%nPVG@PIwQNWgv`}G9ipK2%Sg;+;|kr8ZYiUN;K{#! zJ5SX;CO2B{nr*a6T-iJ!uPayPJkbO(vR&x4+o2QHMw+;|fqwywIa2mACnRx=tjQd| zLGY_Ot#pOxNXrHqlBvp8GGwOviCB+)YxIcFoO=I|DsxvJL9)KnGh6Vu>!^KHrI0oFL3F81ttQSDA%lB%NiJln~1 z@@c1ZpmRqjTmA+Dj?-w+vZx(F94S`1>v6khNReO_4J$5}fap=ZlcnT<@)6y1g*4T8 zll*)vbj~rK2;dNb!rC%v4F22E{$!X z&Y>eOmrl28<<5)i-v_w_`QZ}#rzcV+vi1q`{M!^6WZVvq1I7dh0`h%ietmtQXQrm8dwUj@>`|eWT|CZhcK%L8 z+5Yd;M-{JBJQAs9Mjfv#J$rt048Rotu~38c_3C_>IV*5r)Ow;*-IM!2h8X^1Il~>>&KX36L!mUB-v`F4e8~%awx^`p1nFcXM;|yTFB0 z0&>&a<5IPnO&7Qn)aOt6Ru;TeWuh~Zl(jH_q}eG^3ZXT}#Duch?l&>?h9^PQjWg5o z^`8rCeDV1}Cjx5W2M@X2L_%D5@5YUf<%oIB!zY=pANRTLuDCLDeBR}p%mlDiMyVMT_Z5lAcU482Tns{VNX&cbW4 zdVl79zqO{ip~}$RpRHoRawA(i)Oa8Y^JJu7lj&ajr3iOznisY--UVlTRn^|z>|{By z>g+0RQoVajIt8W4+hraE>+-ck1J8u%84yIjxRPw@0%Mt*Sk}n=P5;i{oHW?JovA6? zSFc`==$r@CTsg+vuBsFF`F40&i|TxJkMW$k$ZwumI~yx2n2mR7pmGs|S6=t*jB||l z^`2CirSFi62vze)m>8DX(G0{(^MUax-fgoefY^|b?w=oGVjiavl-)-&(Uuj%V?A@%B%CVg3QTv_u>ad0z{kOX5PcBv zE;=cfJ9vAI#RjfUzQ#?;e_z0CgW$(2&!b0`Z4hXHG1dOAf$#Zxa7~R1ho>^j{a37; zTi~F~X6wc-lLd*8ziSBKOAvbO-;9Zk&DtcUvCSze_L;`|D!1$07qTp1Dc|4i5t})l zW5uJmp59jh-a5aP$*gwS+H}lh@PII>KkJ?l^ta!>^X~mbgN;x-XU;01WAaGVteb#= z{d{i>GoV#iX9{TO>P`r)SMMj!&}9kEJ-xF+iu`^Rj^ZHA#tbypFa* zD!a7ziX57Gr!dzT|9Ct7Xu9LxXXN0J6pq@%b%77&IQ${_&(BAJJK6hsemBhFf7L}3 z|Lu({cEL;5F?UG7c~CQ02vvhUafdi{_3~@&rWoMa7d`&5)fOKoa3%0>-ciY--T53IpsRP)To)M~pQB*PjAw_@37_Pf2Je zr}(Db_S$UV%t!5Yc0@dX{wDA`evzpmU&ZH}8C<@6IdC@CjC|{PD99Vp#ZQ4U0`qq| z4UBLDuY{}@6zg@O#c?+O7^|m`O!DHmy7Gbn&*2w!9f*jE4sE}x{e`_7D@mh=IeXfU zlsE!Fz$%2`t~Ci;KI1BXY?##F-@m?Gvyul8EudMFA^(`I=ez974i(uH8E9_blC~)8 zZQ|D|0FkEX*1q$XF8u+dnJcEBuLq0)FD!ibr?#V$ldAom#|CuK!z>-awzf7yUEOzi zrszEO*s)jo9{&ya+-~`UB!?I4>pod1lq8^L-HoPhUGpO+fFkmfynV~#t<~>r_v-pL z0fS5O@ObKd4|WOa<9Y3+34da_SK}ho0B6zj>m@p9E?U0vKxGeaus_@9Y72eghPfi)hT`{p;7C2hzy7 zGSKRU9xc{jfqCgVpp{gOK~~jCQgTaz(<#cg@7&3=#JH=@r+BXq7-)@90sgxG>{%ti zGL8nsOdSDWhMn~@!?;6(_So#e^9STAv~xN;JJVd>pHw6h)_`{D60(6eTOt&twY(R} zW(&kXFe;}5HZON;>lvuuTJ=wF0S*VaN;KY|))-Ai`L9f}SCC(&i<%z~b!0C;oip zyU=?U_|fiZF}E^4fBx*%?Mfq$uwBc@3r|O#vlqV}mK|jK2QLF)jphXg`EQ8=|M-rJ zW_D3rY`?!|d|8=7wyX!(MFe43irr>f2yMguT~hF0h|TXpBqS zhqLe+r|zVY0khoux4(b?o+M`%%AQ^Tg`~i;j+QVOD#9{d4E~YXu6vp!0Qp2<)h6E* z9sH7s@gTZm)PFs7svtf6Oi&8h%Dv(I^y!mdFN?l{^}w8)YS)-t82*wW z`gCOoWIH5+xoz>~(JN~N!x!6r5Y-&|>afrfh6wj=iLnAA9>r1V4d=bMD@J$jgi#~H z&F4S}`L^8C(b2zxWfe}hMvgUwnI9^hoC7xe6zI_tCmv%eKiEj^b@PM#m*+JOaj6Tv z7Q9uAGDs@~GX3yAD)4HsO$Mzi*IRLlKP)~}=0Mk<78G<$f z8#)9%wgC62Bw_Bs%N;isi1r?kwfA1!dUM=XNRchNrSrAgH)YNLOl6JEV%rEH$nH z&pJ7d3zYBQxJtM6`a^ZZ<+y)!I>}BfNoxLu0JNaNQkn2<6?K`YE~m=;$QxLICQQjbZM;Uy3seWwvy@$zo>?en<}$~A>A&1{nxWCvL8YfVgKmhi$Q|R zPF1k}h&zZ)L)|99{aY$$;;*cFeYL(_G+v~r7CGFsd3$i6GJh%G&o{K@BbHbi;W}=h zeT+3`B#L30d|_5uqp!kzRhmo&7vCALJ47$3)}5682ei7R7As@kP$q7Bl&gzGOePF& zBcGYdq>BxTGFKCxz4YDrF`jjH@CHl-#LlEo71)=BhlqHhoi4dDJ?J*x~4PW;!Ren7M~^=HTe~9l+np@07F> z%VQ@7>wyp1p)0s+w=4J%Hf`>mMiuC|-)_P3e$W{W`xyS)h~t8Sh4I#bI{w7U(a0Bc~Ra0baP#uTo683O&55 zRgsnh!j{!t!K}$z6vOGa=YoYatZ-#M~qG9@3E35gM}eMP(sG*3O8aQz-uZiF}me> zcyd6-`l%lEylHJTuI%K~-AdO?odc^UR<@V?b|0G-Zth*o>18Hw`t z&*#P>!+4FYu)KxVJ{m0;`|fiD!@a zZj>5KrfOI!69);CG$$6{X$3=hd3n&X23_VY?dh&pc5H~@qAH`FTo4y$Hw|0Qc6LL< zfS0v`)uL;!Np0d6N;yUs-m_k=nVW$6(8-sROep!0%1S~yCWGG2a>9ioBVdiggC<8< zK_|afaM7om9)#V^Nn;0x%&;S3h2o8kKv~Qa*W4`N0|c~z(1~BuU8|uPz?W?DK1tE{ zXS2}QKvE%SE(A_z(4#q&&=={vv1FnexSmr|5-~E(+NB!Qt#v4LqT^}GQ(WR`q`)Y?KxK z0_a%e({!Y+AYjwT!Xhd41iexd2u-j&0T{gFw>nk^e!I5C&7Z3u=IF5W&)MN9=HT#af4~;L$nb80}kI}TV=x%It_B|91y2kyZBFRNzKxuPLJK) z4EU)>5<(7vPxg2pIXJRNnFfMeUZk_o@#1R8gNm+svetdS@=wVY!&=)j0&I;P)Fp{m ziUI4V7qab$FErNnp2H2;XS6N==URWKtN}iuRSe_$C#whXh~lgldL7ugdHy z+ybW>4{gvu{}#aME_3gc$&OcbZMW&v`TXxH^9$$&40*8&R=3rEtUE#Fo^OF8ZDTH( z)elt2?o^DqSgDMn%V2Ru<9!B`zJiO9XrXH{bGI*>&QnjOE%7|ng0JU9IG!%IDYX=A zQ+47`HY5Bs&7N*Su5kp+x`~8;I(bdl^&1(SKQ}-ckcgwt>)GO{uUftr00)$<+}^8xZv$&mB9+x6XrNF6Gbe zu+2DUU%nnLZ>#~GG`Eq=$#(r;f-jAv?j{KiIWq^S21%OcvU zC!yG^p6&;ba&Exi(@Ok0Lb&{nQTMK!9lB35{LbI}4l;oX4W zd9KKOuP<#PRlMs$=;`Vj+&My`xFOmvsz~cTyGoz=94^xjD7u2Rs;1NaKvk(xPcY?T zI|YMMB%+J^t9}21#AMhth51PxTfu7CuoFleWKSsOh>48WG*34dHCts?ge1~j&0S4f z)r#vcq@GaLmoh_}KI->R0(~UV4A$1qX|lzRM&cBG9q1p(ff!#TF4>F z_dy%}(I(=`qzAuPXIt58Jt z1ZfBKML))xD3Q_vP-aK(-N32LpPFDby!0z+q}&Y40ZlNjKYv7$xA&&~OO~GEi+qh5rL40_~*K| zF@dbo_&FRhqoCjlEH7F+Rr>I$%_rs!cu{W)o~M`-A2i7Gj5DOal0AJz-dC3;YNV~r z$Y|eYlYyWMy}{k_YYhG~TTg#|Sjc%jLB6A_tM`92`iw{)*}D`jsY!&CG#qhr9Vsd` zqX5X%(P={|x0y&Y6a3mFI{^F&MF2i$e)GWkwsi01kgR`+V1B zQ!99(*yW)kWzZOkehk{rwAsQw;HKwezx`N@Yh#u`(I5-WbZi0hGeUVns@L zw1kv~#zf-Z{pR2V7H74^XfAfu)NBf~5WJK>#MKpy1rQ(MVLiaCEqN45(K9UP-bw?k z=D&!qU~mqG?_|}y^Z)Qel06;UFC13zn6v_ow;`#G-?_N?_=ceVL^lc50${dmNmaLA zvS{@XIxgsdMIg4S0{r7=*Rezi-OK*|eUbh)SrTfma)xpXhYXeG| z7^nA;p|Qr7hc+fURt78dEV-1qD_RrR2$eeaXzRMW;AoBF)_|+h+67yFuOKlP(5A4o zf>d1udiM~B4l!|YLDqX``fjUE+7;W{U}V1dt`VpgZSD;)&zqmzy^%Db#mp-y`mG+Y zw$-ykV{DgXvsg&xbSqSGMB8t<0OEr0UpKSqTb`IC1(1j3*@v3|rgi?^W#Q;6y;+?m z7S-$aA#3dtv|SAbfWQ+wji7uX+fkFitFFKuD|RjY9iaPF-s3!5Qq=3|+Xm?M0k^G- z190q+^AX=WrziHCr4$`HXEkwLZwc9ZV4qFAjpr*M2;>p0lMCOAD685-bsx0>SU}33 z?ev94p3d`a5vDzhzVhqH<@>;LG%!{QBlUht$vjos6K^>n%h&?FjS)8R?PeLNR9*9{ zRC#WBSc=iuKaM&9uwKN&bH~5}&4q1)QwE29@$>=C1S?-~#nZth-lV zXhr5~=O+c!dxX8Vu?UP@v54unD| z05wC8aVZEAmGuo^UXSv*pXCI&o{mnR^!^@3} zVY04f@@>Qr5bS%+Y@`WY!Vq!;y~1s5sT=dzx9_%)n)jtDw)PM$fz1Ifng+f*k>E@i zkGgFXT>suc4t<4ilV9sI*rh=h(ZBSfEtPAC2O^VaEda?3%;2cp0qZaGz9lN`$OdZ4 z0AK!O!tSJUlf+wRVOvI|mJ0Rhw)?26JUF{{Ur_dF;C3sRA=Z^lyfqLd4uBW+TnZTK}}%a{-{l{_Wqnm z|B*L`T9$sBzg%YLTO)=z;$}0kydF?f)|ZpR%n6 zb##jVs+r$ZkNpl%>TnH|lbWRDCL~Uc7jL8{9h-`eoQ#|HTPqh>QP6$=Ewo9RDj> zcjMX0=0&Yf_wV0N(fr4a=<9<+CiIDKOn|EUkN>>Bn6p&7chhn_zZ?2r2v+}%3@QJ8 ztTX>F?ljkH{KtCQIL*y?T6-hvUqbPL@&B}Fpl}+$ ztXb|qc3*F_+$ZHAZhWEk>?_{ny!aYW^6^;T!H}_*T4r@(=6Nr1&$ui|>RK?Q_mjbQ zV=c~&`(VBOkJ=vSfpe5bWa#BvUuqOJg1%cyF4-95!8BmSm9zr5n~{mLB;-Bfj~vvfTu}$iVE?4qc7ECdz&T z7n-%>5>m~V^xoFvrT)ol1w~)~FP6?bobC31`<)cU-CCu^-Cw$JYsk=O=T`>6ZXHBu zVncnnGUOYFW_6t~!B_K$?3Yb0%*-%s>8=yrC299zvfllmp(PeF>wPbogqWq*(@H>xc(_7GNLhbtpU(lEV*h z{r>yNb>{$%j zPA1p99{IAIWc1Uw?u2Mgg33B)e-2Zy=KsB}G%rn=bXV9PtuR+8jU*|}%7hVv9L_VH zOb~P~2L(vig|7pIG;5nIN5*Ch>W4?~snR$(O}@`+!MEMbQJ%Uv{3T$cboC;(1%{tC zxi}c4k|~KPT~7o(E+~{5jazZHlv1hvdAifs|M7g4MK6ofePa9g;-;_q{j1ROpzN7m z=)njA8~|zjk+#Wxc=BYu?#n{BxU-}9(EKAt>erFw221_eo=fbeNT$=1&LQ8b`)|?% zXV^O&q(^s6to4YUgMs-^NPxDMx}%VnX#oxN7udD)Py;?a#Gug-s{p#a#E=2Qp8@b8 zbo|@U^K^<;c}hs@0GVoH!z|;>fegLu=^bh()=7a}>^+_yJ(1lXX)28FJKOFjQz^-E z%)=Er163%f1xftR^yoRH@Z5oPF7MGYKPI$?sT#-OMdWDxcD>{o`%+7jwSW*v1X5J9 z#zXxu_&g_(f(|}t`r_lBc?W#HmKh@EmAX#w)NA!{Z$@$%uB#TjC5`T>u2svrb}o2> zygYV-2wRf{5%z@}S^BIZ3NnMnnAtM)=9Jm3~G`T6bMKBg)E~l$CjC`~n)0wxqMrN}7kr3twJAG0wHbuB3TVfcP-Buvri2oTW z-(35ZdAezAgOY>+GVsx=*osz|RjAzwXzdJTu9igsM%sML&$j|CvIfc@b%*ymdZt%y zT!Y`IqD5Rvii&fH$N(^jOKZ4)NYlDswetJkhIMd>${TB>oQ*Tkm_yE5T=cV zB2#6Vle; z4EoF;w)fV_UZirZ8EjZ(TW%-my8Dzl_%1MmMV^@a`|}e%7Wc6wu9syLOQ8JmPs*&_ z_WR2lNJz{~nRS+TM+(}S0re!uq1TNs2W{gRQLDJjNUXSdMugJJOd&egxdU}uK3`f} z{1qYRd-Lkv$|K)adZ)=%(Z*m{5=yCWZO~L%(x#v@-51mKcf$-RB*?yWxa;()DH{VW zp#!aks*Toey|~!!_R9A}m)|pspDz>sA}E9X*~=;`m{jS4y8+*U*n}q2XlA%=MK3wx z?_~(7WFy+jBZME8{ojVPb*!Q`^2H>z$s(wtuR>-%z)@%TXUk;{vSZajLo2aYEqflF zLWd`g>;jQzAreDigJ6li|M|(8Hq@Jr&I`j)TTUee$sq%09CCB2Iq}zR%~EXh@$VY} zE(@Y>I7TmHGpa_+|KktA-)p4I#=wYn zr4%^0gvY*6#QTiIbFgsF{o#U&itrPqbx&bahbyR1UB~5C1<>n zP0f#1@r4FLyglGt;pyTw=%I{kPksV>e(kjV(9A?y)hg;be}bTm+E< zpNm97U)Gkngy6csz5S?6aO%xqYwAM+STk<^0Ne0lBwo)Z&0E%)T5w}OOCyX zFu$SFT7uh)T)HE7;5mr(_I2&MhI6WqyG_bif5!l-5OLy-Xrvh1=O*pV83+XZ_79xq zkb1?$GOkC=P*^Sd_wiBw2a9#ZFv)V#uclz3N578Rsyr93HyeIu^%or=96Ym1gM)@c06^63geKPC@e2i1y=#yNJr+}z49hTi zoNvv&q48Z_M_)zGEIe;9dbgj`G^d8VqraQz;v3R~#`*z*RS-i(QW}?BfJ8behHL9@2 z9XkMx&1G>Xp?b=nM%93WU>6+(4Kp}Z@=Z(*A5l=MU_(ARkEsJemnC0KCP+SQxW_O1 z4qSwl#fV6spRDJ~bwo|x-GhUgy14f%z#9)@EYs)xCs7?kI(yW*!gkR52WRz|Pe7l~ zY;?Uxfsd(yzn!&pg-h-v$0o_=lgGInNM`hGbECgkb>vxh3aO2&*1kP0tG-Nu^$P~O zk{MO5hIJr4SAZFBQ zr-ilC-yRSXqcQdGa;t5xZSPcC1gMs$c{U@98z+FB*rW8CC+EFP5n}ryOmgZapP~0n zxIcR-Q<-P z8gdw*?xNM!Ryk!?iA_Zt6n}&Fb~F2flk_A+$?8J%la37y@=n-io~;v82`ghWSp)ln zCQC~qlf`mKpB|AZ1T+NbmDtE1Uc~^-$p`6S;*eTVp})MUuj8#)k6A_U%Bo?0G}6_g zP?r2%q8+3uy~=g-I~$-ApPGa?^!Toca;yY=R#&cTcIBc1(a6c*!qbMn^Po}8*FP(# z&Hqf`jh_c5iUvXBh^u1>UhUV&G;}lM$K69B?~nRTY#mf^_M=;7x~|t1L-$=smY$aU zFUI2uqCc+8<5YV0r$=j4RC-TjjSO$JXOA}$`$xBm^DV|y9>1)f&qf3YG4D0-0Yq{f zs#VtU4dTv$uiqU2!i+r+&s2!ZD=o-u*j3H3yB7oCNauPXin z|090#VBwA#{3_AChVzgU@0`q_%glpKHQ-uPm|v~6?z6p_q!0f{IU3NsJH-0Z*_@!G zsy#B6%6S$rW6nA7Ywf49wQcru>UN%Q-bD_s^O$*3FQVK6)D?N%HR<-=hCz z90#PKg{KUeG(aWd+i508&nM>>J}^$YNLUIzQwpi=-kb|j)1|nrjrcq*f+VgQih7at zAWgrj8yf6G2)COyUt6XvaLi`Iiyr9~H3(N2<}iG&+Zaw_$!RmHS?-Oth-w`cpvQD%y1 zanAkwNSC64v^bO0F)haiURJ^Hr;8%dB&|Q!%2A)f?W9STaSlNNWkqq^1s>X`%DKLx zfz4V{XCzJ-)}GHs)o=HtT);PLi1F`K?bS-G!(0Y~j{G$}`|};fK_VSVFJUea(6CSt z8S*#!z+w&dmPcm5_@$HTKa1XTv#1U!yXFJK&S+D>?qn@QLEYux5?EP#YHNOUIXJtB zbtzg;79pv+VMbV+wp%3l?LLV`?78syzsy{%WJcWH+lU(?L!DDn+oRJ|TG?+}YqY;q z*A;!4dwN_5gCwuZm(&v4DyVl{dZ%Z^|Evai>K&RLB@-f`A#wdVg=x$5fu2E{FEwg* zG7NvJh(!@W=5Q+vPKnmNb#uR$zC%^~KQ8sOp?YWC8ol$GGC?SNGxoC7iAlBXb$HD9 z_DBy5qshGeCGE%5pcF3G{{~|njld?Hsyay=2=u|sH*b}GGGM+ZnWOp>!(R1sr0UddtP1q2g1`7a$s*4pZ(HmZT zJ>X#{O&CEk{-wOb=xCC+`19xnZPH4C&llg*iH>e+pU%}8&nJ}SeablQ4Fgo9X?&M6 z5m_~$g89lOOjdrjFv|2L)Yp0?2OGf=oR%NK2b!1JZL_~LS3Qnf*P)V)gR3qnMv2s@ zf5*rul@GPZj||=Gt+kjr5P0Zl{0;+ghI8`Xn^<_7nd0d+C+Znw0-l0_A*dbroc}gv zE&}9dBA0VP?7~y1eC2#1Az`T;oSm{6W>*ps9A+qmqgQUg-&vp1cpr=B&>#9QM<)C+QO?Y!%bApKY{5zn|$2E76v0AKLxdXAwbv*;Q!jUcK6zbah z&>@`pIfu;b>@C=2gLSJyb5YMD6Kt8CQ|8T+Q&-9|NFcCWPcPLgGReEs(3L~L3I;B%8Uq@d1S56F_X_C zGYk{<0Tg&;YI=1INO&p8PX%^}j^t~-_|8w(@`9mxT)oEto7>(b@5h2_J%!$vtpHD% z(_c9suHa-!Gbojbm79QOYa7nsi@h6xuPq<9i+;yH04e=FHc}peBLb>}CkSwLQ zqhU|zcYM`|N2jVesf9=J(Kw;{5?CRJJo_&AazTj0gAUivL6)wN3G&+`Uh^n~@A~cN zKFY@XJ|t?n33QoZTh$aFVM+2Bme5#+!LA4tbi%fattmmW4ma|Gh+n;wZ6qA3iOM`{ z-fk-js1*@IhH9t4&lVhBz*_<=g&NSJl*KoLd z-@zlEe{yTOrj7dQRIJ^S^`r9MrAuHLgV(7ou;cKXDPY}j8TLEVc!gL&(O#iNhxuPe z(IU(Al2=1<)2_lx{PJU4=B~*z5umjH%#?SG_hkHAAgcVi-FHJc(mfqWGVGy!07e-# z=`WelysnWmXu{E4YmkpJeZ?C8jm^K;Yiq8Q6gBrp?FaEu-u75`ZrZ@FMdmo*m(i>y z1z1$)*;mSFmlz<5D8ob6OOZ8bO`btd2icPKr| zy2K>K9A||8A^k}D9LwAr39)n$+h#e_r=ykZonor2LKG{4a47Y!;=&7zieo*bR;hbn8n(^U2JCTV>DwjO?3}YURfq3q^N2qQ;j$o^5*1JW(%Z zul-zq9KAK)6UMx`!(X@O^EQBaC|{)eXS#qUAAFX3>q7;fALhrG(X!X2u3*5Ip!aF?vYsNy2jK^bqtSB;YHy6-sO-3T zJ6ut`9m2Ln3^e+@a)oM1c%o{7t8WdHyvbhuP<}cA5FI1CAsh$p33+^Y;XhElHaq^|T)0D_ z=$U!r$M@QR3hvLK9qvisPH%<9%xKc?)XS?@BS7~pCx4_L{w!Ef(pi67P`D-EH%ipi=-PV{2p)W4~G^RpOtUHIe_x-z3cPsSF zECZ3cixoJ@n?*&3S-NO=4ZEn%vq7y*fE5I|Z8tH!;dgWppw$Cy*#Pc&%Ym z0nE!nsQ#TfKlC0ofX6)DG)P<_wi;hd<%zEEG;&MPeN1h+GVn#-?L38FKb`VrV#d|R zNa(7=gFl6G2;UqjOn)+22C5#E?d74_=+KqKn)*-zmBK;W@H7@4Xmd`Mtp3ebgOMlJ z%Yr=?%FN_cOkhrfg5@M<>w$(peJOvFZ#I`D*1ZhL*)nbnIGh&~NlnjSL0XHV7;!V` zBqyB@rx$*2$Qb~S$FIBNuLuUwNn@jpx_)6n);A~0nJ7$|p)(-&gLh#+fYN`bN6(vyU>6AzH#>7%GbvuZpS~HHCpSzlxk~Rm3{UUd~*L08ACW`$yUV{ zx#T+?c?7l$l3rsUN6_ARXX6Zv>8|kDYt9IHgsD>DlLQLFaOM2d zCUPm{zkWrA@bH=NK;_fGnwtSByLs#J=wtunG1LV}?H~X;%?9rh>TIlau=%jlD)Z>P zAU(o}96F3XD$cYM5`Hv#-&9GBq{J7@XCY(lX)o@3pWNEnczty>7t-?AZR06#W0|jt z8J*g8`|5;j*WiT4ft&U(&3C_!Sr1ItPC<`D;tl$wx>d~YlW&cS7B|^HAQZ|aGM@e{ z@@TGZ;-^F9z^PWBj5WA%Tf{=g??~brZ&N~*KpeeQVM#7cBcoFoTkow~q}Ny3*4+DF zM&PJd!}scpb#Tj|=(tqzg)CfE8X2Q@I{?#pnkxK@B zXF+9dE$_$B-dX4^=KJi}Np8qJ-q+ZD6We5c6dcAS*wgUj;V#5sb1%@nYR5sr+TtsC zvk56GI!iW|Sb+{$_;fU<%%j^Mh>e>#_dV;3kaiVJwDt3%W@q{)c@i#BZ%UIc6K1g< z74yKWRgr!ZKY?rha#kXtNNvMqE|C$8>driRpEwXPjsHPar2DhLB_&Oz?!6hLk;pwp zic%i%!;g<>qlG!s7+w{SR7!EOp#cwV3>W@HKJn^-$Akh(t5=hKi9V(!#8iTOE2YZ&LZDsjFU%r0-uLjE|1~sYQD)laB^@pF{t5# z3iNQl9S0IK?lpM=x9I=XX{~%{23C@43wQudBeiG0#qsUzbK#c$HsA>9w|_Lh_cm_F zRPM1nv99X~8H1W;g!NCcEN;(~X*0#0`r06{4XN_(8C}86p5HE)tN%==qF07^c#5sS@@Z-XxDdKdO1D*V)y+rVXc!o^x(b zb0Qt7N*uP$Jg-W^{N4YGahoG<|8D$PMzNEsdD8Hm>PV$q&9p4Ht0)~Kh>BW%8Hj7~ zH}ZRT?-dL1g<6!A%+M;n1aiBX|5kwqdCrqNTdqN--EZg*($$7bgS0@pORje>pkv`H znbYmS@LjozHK~j0EU~`09#W@$yIEDd08)JdeqB1J<=&L=RCbeAc4-ynYSyPTnlBSE zegrG6SU)!4ycPVu^I(YKR`>sr#M#TOKP!-%i(?v{EgU15q3MHm!G7^n`ngUhqNx>y zw$q(k|G0OIgw!~1$LB7kP5v*+#xXIcJndlxUJE@-6r#4ARY;zDF;8rYZu|v7qwdMXs)gu1k}HQCWC)jC`-(*Hb5nd018ZqOYm~Gd;fUvK>;C2jYBkDWQJ-n+ zM`U!UQ|ZCgkDIaC4oS3f=U1c2ResSwiUcPwy1&O9isnT6X&sMkpbLK!-e=9JSr$cn z(qogZduU~yEUi%{+*N?GO(y($b97?2z2~0ypdNA0_08wMp9}f!0B@<~y_W{>{i{Ac zhx#zZChhg}d3wFy?Td;RyzV8FDfWD=@>-OWzmqiyC;djs`0BJ8mr}vldd+734EXO+ ztsf*~L0n4Eej>w1GD*>UN^`7=;)4_wifuMm_6V|)m{8dGyiT9|mI=f`#7HjdrQe*t zgD8QzFka`*of9l;st-nr_MOn+8!lOWHE6(%okG$K1hf*I5+CV(2$Ce6O{;XW@a}0i z@3~q2d;GpG>AODdgQJE2J;-grkfZe$!c9YxR@f?X(E1WgV+F%In-(^g^x7!d4HJ65 zzb!J-`p!GVhbS54dYrvG=}opOy3WI=Z<NNG0fK&C>Syl3<-d z`-}5Ttsl|GxQzir{PbLSkIJQ)DACakxhB`%-s#*Gl(JaujJj}tvEadI0`I5!pj0kQdb5})uQy{qX7jZnTu7A>5Rs*VM7Jg|q)k61P8pfn` zz+aLa8QqQB8~*su6s?evx#M4RloA!D%LW>BP#xp5yUtxN4+e~F5Gk7!Q`C~sGkad( zQh%4UtYfRxubZ`6a{U?NgDN<;5Y@ruT&zkRj!HF|D!r2}M6rh0fd^gp=gBpcFwr9(3v z&rFw@{CRGZ5jyP-@cn%OPmCXr-&=!&7UI7fsMJ1$pdg!@$`;MleSL2`nv`CBj>>F1 zF{-ZJmU_>gKq&PpGDzffS^AW>`FFuWU~Q`R*~Yc~H^7HX>gPxZ!=78n;yd!G5u@tI z|N1DNc5vl>(uv2O>S1hwfpcTUA|iu4vdNB_#IJi3PmE}f^CNHk;@A?euzgj94CAC8A@erd}7GOqWU>%Ya0=vzKATr3cjr*>`HCX|z}eHqk)NZ2t->f(i5i{vAUJ?-z6LI|pYPao3VqtUb7yF;!$U!x`zA3Wt2(UkE& ze5yWRZtnlaA$fCpufm|Ey8-!?8rsUU4>MqLyl(OWIsaU9ilG&`&oa6rv2ZuWGP4MC zqh01S4SCdA&He^zVV%5>sVa!xJz9kTtRL_pn3}5hD=y72563`HR5p5$CkSBC(pm=$ zeUkbX4+qHqliTfaRp8F84kgv`&wAtk7?Ms6nrm{e;Lg>J1aT`IhtOxd@JCuX;Dpg~ z_YnJhPOV#|e5`{elC7GTFTA^{Ks)S%jRUH@No@ao3uFFU^szjac1Zg|bl5^O63~wn zzv(fa&j=h1!Huq#sHdu>OE1ePkMx8AtML|@W1bI!TiZ6OJ!(u~_D$*hJB;4%^<8<; zM)h5>J*IU79EayLW;JQ|2t8dEQ_9c+l)}O9AH6cM4L8x=K|JGF;vTj@wA|wlRMX@f z7)z+j8PEM@dnOFALHyuv(6mb}5)G2WF^%QN;d2)*T{<&t{r)4I@=8>`@c;%6Bg2~X zE>1WQDhyJGaEAAHMt_ePIp4@KGl3f7Of&roGOwh=EM@#(JLe6Cg!5uxSK#Icg3e2pm$&I3HzRIO zW&Y+l_wQ(o6>Yt^6Gh96yr)q*&wP_@CUyPYP$s>n;noj5(tHFeCV(qhmz6GU%RPjF z+*A+_NjIt=O@Lg7Lo9s{Ho^m&r9IsTj{vI7jhm}xMgHl>XSC}`Ax{wQNweYam859Y z0ueMbwf;w`829k&F}`~BCT%5NDEU-|8{b%y8B>gJu^}7dq=YwrJ%&_!us1(6or*8N z1^(&LAc1mn=JGQcuTWF542V32*W}LJ3aNF@Rxy8UUftzq{H6bacJL!m5A?y$;!bhn zs#3Gc=Q>P5VlwOpb$SFrSsjTMG$8weV8!By2?D~S`t(L|vFKv*2(;!C?sb;u9v%q9 zi8!6=C=V$4_8YA+z_2*qCUjW8O1i4CZh&Xe*AE*Q&$Ve=)qD}906;|wn-LZ4_5Ia9 z1AulJmtHVPvH^8oWpV2j3n73seOR99l=doNKi;LeHs4b(wa~a8S*aqrDmB!r7o8{E zWv{|$jbvJ5bW6C`?E2Z?`)ZiSc*2K0rkA~iAZGL*zQQ!$V%O21k0)jm3q&Y!V@p0L z;VT!;mU@?is@{G$UOmpfQ_$T6!l;NEwdc^h$|ChrCtsJb69yhoC+=lofID}|1=4Ab zH!bmI{?PTKujLUoF?v(ayp$dx=0|RLUR!Wx6^av{u+QL2=d-B`mKG2+v28G>+1neyQq~0Ie6FXOBmiiT}|j z%$a9!PH}u+BL~y$+}y_xUse6Y?nhjf3@8RCj)AMOCq~6Mfv0bI?`4MC8YDqsn|6pIwQl<0+V0qr(*kH3W^MOH_mX&O$S2N2>3wJ4GIR;RiIZ(AOfqTh=yz zv^cmS{&|Z(vI(PxP5G<89UN&z14ZU_E~FbGG=?>$1`jv+pwPD>ePg5Bv|7Iut3A-k z?|aGMc8zBSRj}d%iwCIe6)i-hnBgO~e>o$d&f}j~BBOR0YYG3wbiNvmi@upo<_$MD zzd=!fZ(KG{v6K8P;HNhj`dGC{ho|6E^{iZY+BCU?UAbv;*>V2#zPAd?4y9D%r$=Z@ z(zYf}R|kavz8jL*D1{3`ljVvV$8^~!tAR>x^Jb$_Ky_1b>c?F(fP`x20W;Z9^jBzy zc9wywwj!TaEH*?+4ih`^GbI|V~esT(_E-p;&Cm6&)LCs?8Iq5P=cR_vuVDZ$c{?CR=#Kbo!-w0 zGLet{OSIbln$(caXMK1jc9cEvt+nzrz^QS^T)}drNPg;9$!b}aV~@G6tC0yIc&(9N zO7`J#!x7&bgF;c&r|kc93BT;+WOPBtj9`KaZ7Heyuk)e@m>j)!A` zS&b9l{5wV3KL6Cvjy5UVgzMUi&`%mM>AkN|OW$`Ey1E@R@uHPsR|igqRSw?276-bQ zg{1WLV1v@4HD8Na>;=m^|1)i=t93g+n=F|uNdk0mSYHPEx$Rnya2Y`i~2MzJ9 zHg|Nx$s8(M-Z9$-&#AUW-~-C)KQBh=(+EetB)v%X>H}PiOC&U9oThKaoo`R$?|&-N z6^fJ|R0;?D%4+Oja_4u=&f!6_@4d2O?@G%UcYTicSP zvmy?_%6Jon6TN&R9uA5ogZK7m2DQd|Hzm&jw8tL)5I8mpiwNX8ba@dkW1Ho(d+ui_!wx~&TBjOyyV%j}_{ZE5}LZzJ;ZUk;HyIC81&u%NwnC)M56 zqv%7IvGV)?%`0nnhuJJO0=U2QpM0M#gJ*yDiA#*!Nx(dw<9O^jUbY?5zF6FO4Fy^U z0B$Gkc8RMR-~@u^>(S0df;yf(N%+6R3z?2OIhwt3Ga6p+O|{m#CeK)B%t%Faawx+* z$n&OuTl`$7rfcp2shOct^BV!sxd*z#w(EfV4r{N2nw$m%)BqmCeJIuP(6=#F?*}du zYK)0OMVqVL=~k>P&v+X0Sx0N^b)Fr_GH(UO2{JPodm(rjt2{nDr^bztl<{xW*YXyF z1=#P|G`mOn<>38e9#%dW@F9Sb4#pQkWl2<9dG(?Gpg1 zMXfbck@zSQq<-xOYRmw?BP+wH1jcPHIe3=a0#nrgeOiQlfPx%bMxh)<*o(n?C1<5esJ?ZBATN>Iw_yZlQfQ^4kPmu$laU_2+T z#~Sys|Z()qRvk|jI9n8zb;e2fBQ&GXsQM1?UOjVli>**BWKyB1-?#E5BgHU#8~LTQ zpi_ZP6=iero`49B{w4>TXI2JJ)UmY_oZtvzpF662HBhRqM@Ll=u4z2ZSPz5C!c6q8 zUJ!mR)JCyKA8$evKTAI;hh#7&762JF{M^l+=iMmUtFjNNX>#r}F9G-curNtqSiXzj z{yCp^p8AbMwZCe#NwBgFrQLOpkIQBc8y!{tUYe;v6MGU=HH3|-)O*+Y%_$x+9oYiL*^9QagUMxJjc7_fr+3qkK9f>dmA{Yii!P>n@|;tSZ7cg3QP9kK$b z$8x%{v?Pe>2e*|`gW>@JzCMU40oW-buXwGl@Yi%;x!srA-Zxy6B?AmDd|U^MjPBd} zDIc>cVJB0jDB#6={OM&I?az#b=J~Ju|I6gyk+;m_0#uRi?ZRxp!$IvbS4{OVFTEtW zcuX{_kS?1j4^Rozz%N0YYK#&`KQ9e=({3z}_Ej7;Ns|xZ%Xw<>+PS{^6FY#s{(!cL zluW&HX|XmUl+XVZR1dnYLw>ZbIM%n;X5OsF%tMOc><^eYXjwr>@XR4=b$`4r5o;VS zm9Qg%LI{=0Lty+PleB9t0fl2uJ(GGRUxSIHZ>#2n*=*gXfiDf3Y?X9tX(HcX@qpl~-W&1^0;MDwsiIr)yG4cJuX2o%hG;S+jJqbiLP&?0LH~WK z_wfkg);xOpv|3iN8B2%VXaF7lr-$D~3#}-O9a|SIISvB;RXeV@x!$i|8_>;N-epBRy0@^F-={cc6gMzGbus z%4z+~v`?yB_dX#MRyy}dq&T;J=?Nj&(k&JLp~+lBOIxoW2(9^G?(YxC`jHBBDAPf; z(C)4y&elI{wcsVZRM+yHJ+}bL+>!#_GQzInnV=JUvjtHzx(*DA*^=u$S1`wys0r%# zJZzn3zkgW$h!TQKd~hMRKhteK(P6|ks3khU-ArhSj$BilW|<#$Bb4~4AMFs25;Z4} zHuGLiqWSFuq(k18A0mkm@rz-&WQWiYW1SN#DU&N}+2uj*;8#O9&8zst?V6oL+B3&& z8gGwJUCBvJzo2e0V+<*$;=iB&c0IzSF>YdwZ>%0RI&^F6`}YZYd-m%u5eK{3Xb0|! z!>Ll9))1R6Neg*S;;FR^0_;gIm;`;fWofbL~Mf7~c{^nn(Ed8d$%OX1Y2 z{K)^4*Ky2*#+kjHPRtgg@w)#i$3HvBv>xu7Lxg%C;E5JqD{(2-Qngd`t@dDypI+*& z{&SBVku6J+0%v(*~_a4cs-h*Bo0Fdr;D=jtlDE_8C~HT+w1)%k&3W%JK^U zCHPMQTEFKF%>llH96m|67Aq@1)i`Y30BubbI3SRl_&oMFM3n*`2x1V1vi>RO+Ia>3 zDA_@Kg_eK+N+k7mv+Ch79iqVy9+{zr0F?^sR?Z(E&kQQ%tfc1uzGi1Y_ohpj@hd~3GX=9l1sm^$1)V_|a@atV>o*C6* z|4;Afb+lp_U+Vp~QJ$7q&+`lIs{$VdcWiml`II7H4)~|P^4wug(GVs1_qD)~iE1r2 zeDr~3kQXsKv+71*%4T42>wo^t(?|%=L|I{Y!v1tpUy8kMOm}x6+?^K2P>VTTs-PLT zd(JXLhMEv*1{^(h^Azem?Z8a=B)kliecveB%MhExM^qB(2EiR9u&3_r-NEKE*Ic>Y znrInJ^6+cwVwTnb##Qs%ndMjcJ!*DD+BrbwlX({+=M;KbdS9m<<^Gt{!it5pc?Drz z+nPRPUim^&ER91WSURD`tAVxM@ct8aUqFpuyl)`ZnNY$vBA@1i|I%5memf zEIJ%aaaERmP{lOTE1Chz`w6ExBB)$=J*h(m3RTh--hnPr3)5SIGv@b_Fo7+$<+z32 z+Cu9T+S3B8JKv-~va#HcJeWA;yZFt2c&B@0j!XB|Xwu=DGxg=Y_2bG~7z+Wppj1Vm z>CryvfByKG_O%?8+?dAvdtG$s=TC(j(L8^k`mO&dB!jZ~jOCZnpZ1-BZeu2(lq@Cv zk1|qRC27-ETl*kc#LyI1_%`TxTxpH>cebrI0lRQhm8;ooBRYsil#G$@bLN}+mxDsct#CLGdogE)K_!r=41jlOU(J=314^>d)!R$Ea!djV`*hsl4_N~BR=8vm<;U{--A5wLgy}6^3)0>QR z@iGRw4Pmorv#yoX5DrjT+KvN6NqSV~xmHR`6t5;^{u4vA>^fhZd$zZ*wutqk(cicw zO)Pt+@gUdNX3fip5Z*c&OYWUzRZ+vzHzU}X0t&NZAb7~}{@zGUA^ydWKAP;_*;jZ* z^h47vw9>9!gMKf&D@qRzQybUaNJ)jhzT&8J^z#;SCCqi41Zu*` z^j@P`1Zp=TQ>v$E(pA{D+Y4oLsKjdu7ol7?8V6Tu%y~a?ns?Z$J6MOq z92%tD;CZqDjZ%@m`y10W!N?yT{O(y@%7X*p01ikFBo;!~r*)$REa$%e8rYCqs3mpq z-x=&B`JXMI&5s36v!Ol*FdN0Su}OP7))Wn8B46!bXqLlm#D*wKsrtN-OkcVfYNq>J zH=&$buL3P?b%@4ZnrFPd2Re%cpPD>dIHcwNz>VqKN(OOFe~vRg+r28I z=#gggYGJW_TgBKeX+Y4>x^LznxWTp7c$}0!J}`Zd!KsQ0KmF*sFu8$ru@17*e^0-e zzQ`uMOnojd!vX{sgvK!&yj}?HXnryZLXPlI)6?qE=TWTa#!$OdS3_g)Tpa$}dbMwB zS)K9u-8{zr*H}1lb>64#Gy5#{t$O4YXX_I`<~v?>KLqe9fiTEh{DHRxpfrpZIr zXCb|lU)ZFFr#l@Rb&qUYBN|o9>vH}EBey)b8{XxLeIeZHuZeA2S#l@bypz~Lg9MZD zB?1HlE_RWzk3!V?85TlVpp@c}Ph z>IJ<=N7fn1%aoPDE6vMJ@UUNrzvwX_|$*1Ft1o)0E5S z3PJA!r>xBBB3VWWtdRdw@HI9OkSu3JDphKWjA>}4io_ly{9pwG2N`ZtfJ?bE-gL^%Qa7sF_+Q8Mp? z5pme_>Hz+C`biu7U16mk{&~jG9B`#TRQ*NeT}B}LjS3q@jv=evxa}>zlrhCE%eJ|o z=T|nGX{{+y-@dK14sAV}!tej{@6>5%Q$s&>aBFL;e@k*oX^3j!K>ao#y)`_1425Iu zp4$9$5nJuw^i$A|ig>6@4f(?g{9IfLz7gAhvVDK56y~kVwyG!ck#{m0wn=m< z<+#hCrKr+SF8b4i@$zC1mvxFtMf@rqjBlQ*p!~-~UhR!CIgT%q^;-6Mr+d@^VM`_3 zI)R@XS($M{83@r`ODq2i-yyjRIWs;P42>P9wzWu8DKasa4B5X;=ssyd8oBRg5{iktCz2b~V8ZrM;qGT^^zSfIw)H2HW!~M&&pJwecMe>( zv|9f?x#wj=W;LVW2G8@Jp4>84R1GZn)rlEDtKX{4eE9DHQ;mB&DUfQ=aZZ-KJuGw{ z_O9GFkFW9c_q!Ky+iXqN$m0VPF@#8GkyB}mAym>ca+mW>n3~MC=x)*Z#aVwR;8;_|(rprfV z-N=bgs*>~q5^zDMI^9;+{<7S?c=_$~59o#mOh(v^_jDVZNPv-qBWf+?uZrUqPpQ6~ z;-L8YuH~f4!1?_@&{>hbP=TxxMJuSf=j_C*Vi`cbGE)}}cM3t)3ZnIhgs4BwUGG~` zOXe)kp`gL$xQ9~Niop7NH&CSgL#M?zfN45Dj9aqMS5=X%1ds z_2y-M_A1w^7WAhgfA?_(6cIB^vFR;QmBF_9fI~TsmCYsz3Qq9O)6FYB5a%4LAcGQSxzzi zTxSPVo>M)=N|m!orpkSlk zlybkMcR8qZ4OIsOTAAoF!&cN!i(l!XKUnMlSl3&srX1c!hfS2--=Fq1_(tu`_YZT3 zUI=KugqNZhjh>hBO~{$Q%r@ivZJua9;|Nn_4b5(NQ#Sf6bza7Zzu6~BNAwr?uIbii zJjBZOs}4bbxcBPSL%fv9)mt^l$I&O*O6b=uy4|V2f^`B_JaZaaiWSC1@-JtDhmR=E zN$VktN4)b5**==tG?m{S_31imK#RSGIXoxlyzXNRK9hRwqBnV*Iu`_a-q_T4R``{- zi1aZQVy~H0Yf# z8TPkgB;`ESl5P(a;y0!YqYPi$w3;|(o(Kx@X_>B$g=(P6<)1U$2PV33U1dTiLs9zMujd zq!6aEhz&gci)_bOcL!0dFaDfx5kLGWL;UjrjL$Q_g#HSV`bI(jJ-_&*ctsn|0I5Xm z>5Edzg_}E4t^)rbZ*LveWdHt+6Cx_Nq6nz;Ez%$=9V3(wkd%-%kd*Eiqbwv81f)fJ zlaA2?5s>a2FnX}jW5j^%x#oR;kNf+H<99s&JiqH7L9Tem8Luw&V2v2QuFb*%Oy_j^|HsGtY>D^+KgrNeTlHAXs2UN-GVL1%%>sT z5pm~25c_0$_%zDyuHy)r5)|)D@k2r62tzZoW97m<*j8ZHFDJg9BB{wgC;Btc76Lua zIF!9}2SnGuU%xjVF6C>I{i^Bdxu!nPI<@tx9zVQGzxz2h?LX1@iY{zG56bTK+h~>T z<{6e1MGwdT;RsA>m#otx5luKHaB`9~$o}ccD*4qcxe@OAD|cd+5mh))=HdaG7~Yvo8U1#|Fljg}JWmLwo)1)`i!H@ykH|_3G!Kv8sp-EZ zsh>*NY|yP|cFfRLa=Sks$}(M*=h^h)Dl2yPShUOTD{c@Du6_BVJ|$x{>Z#Wu2HQ|i zDCl^PHxwD%BD{+>sZw)p;C=^Qt=+89V!UI_v6Wzl@4?TEv~Pj0nrCIm?$w%XHCpW@ zZ)G1Sa*o%&i#4`!hO; z%hob;Q%?eoj_9CsBvW7}6zGPV4wZSb5qt|rlTqVZI5`xXw zSu<{{9-JHB9Ci5jGWdVLY+up|f6v!A!8;(3fkrRL5bOTotc0ifV{3du2Fba?mm|bv z$`*XwWiqQm*;X(qL9Ov`^}s)$1KzA|wtGRuYO{~eM=w=&Q(liv#c1q^ej0|0|NaSj z!+J6L-G|NnJ6 z@)-2hm2`6}W9|e9Pb;lzL8{|%6*Z{rU63H~yPtpnD%T_PH%%(-Fsu>f^VUC5rvlA{ zXUKI9BB<+0xEVTTsp)Ls^$~oV`oIYE*xdhmfZ{^-6QF4P@xt6(OSlU;G&>FDNhpe*;F@epi=yoAV`?gv96u`OK$u>9Jxx{oc$~=4*d_K=eO9 zV8~o5dI@NZb+`+>fvacYG;@Y_>h!65>tEwv;2^)d?aDzR`3pe&JyNwiq)hZOzt%Z` zZmjszffA)53vd2?m84gIRVt5=oU|wBP@UuSA)z6PPb?0%uKr%u`Pcvc0Ka4cO(Zf2 zh(AzB?*fa;_1ArG|MR~8LO@^b|0}7!|0UgCMKL@)oB-4qURtsNx<{!4?UHt#2AG=@l+*wF=>A_Y-1}eKZs^$ea0sA8R`vTf71eJRbYD1=7Qbn%07;Z)c)S^A;3eL;DYB{4(nMKfxb zY)?y4&tCFnHT4<_N68n_!Tik45uD#Qbsud@S{(VuJdiy7YA$*mTIM1){BjbZ!->WR zGaOpTxO9&~zU0jg-9&;f1zUEEcwX6jq%fT@Tok%>f_7u`Y)GtL!^(+{y;z*d<91`E zsZ}_UiH$#CJ40ucxFLfHiVX%g<;P9iR`2>>^m~cp=?E4)p7YE2-q3Mpb-HHU zOQ-ISBLh)9^h@hb|Kh2E3b_qiM8ui4wl)DlLCsH}+PIS>4mqmYD}<(bfYmh33~F_MOT4dsS%5(L+ARDf7~|&~fWHU!dm+_$XV~&fxG~&DVP*W! z^aje2Cg-RFnlSUP-csJ2lcTQ5c7zoUkpp@4V^Xhob%G-E(@prr{ypr+1eVoFViC&K zb9@J`ZH+j1U+1-%L*H=-(oM(+SR0Uh;{Zgt=J3a~uCxujsgWArls+A+P~!q`3qNVZ zwXygUl7c&Ua2AKfsVA14s$5U&tue|MjSl1>1IE7YEiAy#kU);2+FRPww7vx6$d$qTWw=fFI`%33K)jHrc#yA2f{a6 z;KgF>M=E5W_CHtiC$eCk+pcWV*xECB8Up^amw@5|+ba*XWS7ddOtp$XJ^U&k&)^Y1 zf_31leYSp;)W_o1=+K}RgLpI!ln=Pws>uK3sqdE?ca}K%?{@Xqet}(cIawN5#S??j z3$3iygTnBwRagNXZJ<^6;awKb8g$?=Jz@On)$*c{XYVf~E`8z%l#R`au<+l z$stSVEu%7*7q)xvDf&E%j6i8!h|~muu?jl$cpTqf#}@2(Fw*LCd-vQPif~G+v)j?C z3_u2H^upD~War$s**Th^(Q%;Q%T_g=!&v?U(0G5T@Ovr+jmF}Ekevs3;YpA%-YlzpOMWbu>4`1i`N;B^&40R@3>y@n!h#ac}*-#=iDaljy zeM8BI^}aU!YKPZ}uy~A#FY{ z+3FuKh3&O@6T&}ZBmeaI6K@yob^2;_W_9smrJ`^;wjfU~wFu)q(v}Wl)8RP- z5mU!LI0`EQnPq;XB&a|by%-O79*j16N>v?b`*PSaMLaM1cAG6Iw(bwkoNFF3I<>R| zcAmFmptS+>RIqbyuW$G8Xz(B~<9%6SVXdjx-47cyXon_MROYtDDmUv5f z^zJ~F)8pIkx&CF4Aq%lU5ksX=fH7^A+zDX-OaV6lDZ7oA7|v{guK62r@*60hXBWlqmYmho zzoxJS(T*NsZ*sg^yK8*$7wGN})+I;*LFpNaFV)z-)|x4*2nG2{FQFW3IncXBU|(7T zm`wDukomt(VfQ{D86xEP9x5K||8o8b#w+sNxiR;!kjzM#Upo|f9mGks0i^fmS=>hF zqsI{VV+i){OtuiXWh}nk{*{|5g&j*CWy;r2@gA%q96BMVbAcl-54jpkr;2kQ{SQ9{ z>u^u^pQyw}1JZ=%%=)#c_>Xsjyd)DYzWND9J8Cn`E3b2gqEh#xra$m)@03HUTR_EYc0} z9P6H5VMW?7^EVF7+scj*yMcGBslfw9l4b#?Kw!wbgZNV_Vemx2uB{pKQ3E zs8Cy7gg(+&(zzd2ZY=o)uh@_Gm}ohonPa1t;XXlJ{>*k43-OuJpueOLrE(1oax3F- zx+7e{@*{7DMW!iUXX~SOxhh$d*~MA@%jR&UeFC~y>A}p^*2e!7k|_Pnl4QjWF}r5$ zZXzpawi>gOy{8kNh1o=iUW*!BLq!dZm|uvixzlofTA?z!@0!!nnj}@dwOgH7Irvh` z7>5RX9aPJOdyy9RowXE|At3!w!H@@EXF~7e!%8$mEy=938j{|BppMZx_+**xcTK(0A~690e9_>A_*c-|OU(@4Cz-=yG<*vGGD8Z@7_v)-_~oIlt_jebB`!X`%C4US zXzDp*Nk#EX>!%#L&eOm9`eC-*+tNLY2)THAU-n^h>WE~ZV}a10e=57XyGKSw8razE z{Cat@Nxf)i{emyK)6o5yx_WHFyFkOH-w0WhXSv>R^YL%3$Zu8fA3eb+l>VRCGhhBc zCPxvX2mil^nEV;*{THvy0{TWTN3+Yf@NY9jui-b~4SDgGjm0Phu!8?X-GrOp)&MwjhRy{jKSg_qP0!I0 zleP90737A55X*_D=^GOu$K+M%Eyk<)hXn?G{r3hlGMj>ZBM8k*ZOm46Yn+|fOuAkQL7-==-Z2@KE9tB&R5^T;^8aeoM!;BQr>7*8Y}_Ve z(2#F`*~Bq_)sWSj{wN$$`YBj1GRlXwxC){r6uhIu%3GhV-g4y;^DmvFiF=gi&)6Bd zW(($a*K1Ky@Mk<^R;np=>hc96tEzl@S)8Y8cJ!Wy;Mp&#%bIe@87*{SKRb3{D=|f0 zKGFM*Uw$2v>A!iNj7=ygI{vb=`CWjwOiU~vfjZ)-dLpfJN3(O5oM-n3eLlz2lzTqU z<&{O~sP~U(6bX*_2IhvZIYh=pc>t<{P3{&Qm*J!YBhcdeQ9Ja^cgw~p4Tg!i+RfO6 z7eI5h@A}U#dKV5^05MX zoKi>h_)HwKaE{&sg%V~0k~IcEg-HquoABQSk=ew4yEeYo04|EGTQB+pRE1C5Q@KhB zx(+B_UyZwud*WzLM&Icg9HeY`8An&wmFn2FsV8{==AfGw&~II@!he`I-y?+Q+$)q% zl%U1(H)&qFLs+VwYSM_D>A1M8RAcOaR5xrBauEZlnjV#5W14L=*+09Nl^)UM>% z2~RKSq1jxrfsg-jWX1C|;W^Q}yt5i?rE4c<>_!qzVfAMyLbw3{^x4oS`moqU>yld@ zP?H~^;rx;s!Oc!8;&;JBo=ba05GccQpp?|7tY7cW`3eBv4RKQk)HVgh|E8+Aj;4j! zk3$BzG~5m6sQ|jVEhwP*usj4&@a|#yW9*rk>B^+OLU0(8j^ejHpb7m{)dC_|82fNd6i<08U#ebX&j7}~C{#{lM zV@^YSGdZFG4?R)wLk11qZavYH(&{GB{yOXk#DfyilTOdE2DAu>d*%pWz{`%`<3h?D zuVKfEM{DlB*gFQ+ju*fe1wtsz_C6&!o*^B(*x=mhu-ReCN z>$0JZ1mf{7))7^kI*jm|^ngn})``{9&>rnaoMvHN>WtELH#T2o2bO%mpL}RdgK}3F zgW3t6DPeFK&wVy;(4vLiB2yo8J)d6^yHyt+3I zR*y4-2Qxq!C^WD$F?WB{(eK&vtKA!#(SO37ots?puvP9MM3HOb<{|V}a;jqjhEFA7k)jSKYKhrj|IdU3cyKk2fIAV_f zwKqQ%*U)WAwd8#ICYtc{C!eN{j!&RRwJQQ`#!BG4=)ZcmHyy5o$Br6(Sm{lB$-E78 zREMsv+K2x3egH+9}2yDhhY{Q=rDg=+O5zVkMkWn_BV7CH8Zq3 z<@QQ$w0i&Wh0AtQ2hy*wpIm%0aH5MiDMoa>RQ!fO+z_*q=hwk|f3 z#)Jq&n6B4LQa96$8(C9Tju;5(24)ZGwb3k;)-k1Pohbsx_aqjXOStbcO1O@VBo z7DlH^%5}%wBAuR}<;%qNZMfSX@o_d4DFzeNq%0xPKy&Tfjtmy)%WjhzCt%2I;QvLx z7T-@S351}v_(zKkBJbmtabS2$m~` zHi!GinV%C^jIRLRTIsHT+}?9fI^Du)Bz5A0IrzcBiIsbDuAKLWppB^#_9xx42k^Jz z0j+F+lA`$P2QblF-YC}mvTSuHCytgD{#xdBiy|a%Q{L64Mx(9U#NG`WD)#ZpvSPLY z6EVBq!EqGvqtkX^QHlf;JA2XKi*|?3p_eYM^OK&@>{80_Uv@(+kz;*^W%p^KiGgWx z@gMA7MimtBr+ceO*(v7tekn|^_o>wamM!M?Kdd7?HAEi(*|ZXguG3-})JQolhSNWr z&zE@Yh0#60%nGbMQk(-cinBl7XP>H#C+lsuSN}L~n+JXFn5G;?h&RNGK_b9bdQx)3X*F#BQ0GpJ_Fyn4$&t)e)l_O4L&#eX zG(zf6h8%=nnX0fW5#tmF{JIA-;Cc=YkIb$_?ScGENbW4SWCXbdE&w`h)Hp4prv2&C zeuiJ2sxk@+Y5-;fP@VXTl~=%QvH{89IM^_mB~bXB23>Ja@h108TqDp^y!q3Q8NeU@ z*QKtk24z*bi(_)|qg~sg%>lDEg3mcgI$}p(WQ^xR6bc2*ndQKpw2#v=fd|x6N>ZAu z0S0vGxvqU(&X}x`374BB`L;%iu3C*AAxK*Bl7Z?Ub^EuigwDD4rb-wgnv(2CRsoYd zGyC)Wk*FM*2N2^jguPZ@ui=a1g2jdc7X$Iypran#6dZ!6H=cdPNE(F1K5o0fG*ayB z1UKnxz-xaIHw9WTc?N!%t)ea&ICgFHu&={aD@R60dnc{j=8-Te6e!f$RSD(cMm6dPNkIyr?w8rAo#Ukdqzwx)ZNU(FJDwUdhhF;wStO|*JTE2#u1 zVq9g|@;ksAL$kR6kjn2%+Q49D@M02)AMBGT4yl1(T;h@uQH_1XSsV{(Kx%N@IR=4& z8&w6kTjdxIBbU4J9f0B{PS?IAggo_8l(oSG%5LPhu+#?U4XY=FZX4Gc@K|~-QxsXk zty&d{kJi@wA;BY1(+7N&PS{)g&a>rh8@;JK%o79&CqolJ$x!iPE1*=T~|cBhN26cO|yf?e+6{WcL zQ)Iz;I+zjVjj3vn@t&FTWg+0Ctyh(NQ!Qq!mmpu|G-?P-?3Dnw3yWCQO>f`{n;n_y z=>5!KPMI!COhTsjYydi3etZX|v(;n*?eI?`!xeW1n#~61j|*B!KI3FnLHLIOzVfTK zKm36Btgv-kgfP8v=7K9W)Us}6>l#@q1!g^sZ1`dVyo{}IgA>d9$P`n&!10`b8TW4v4RG8 zV^^E%U4{{vd&bniwA9qz@akkN7+#akvShV0Z~4BUlz)j214IW|K(^n9hVI3~;4U*O z@^Dh+c!db$$kcA54)0&Qh)5q9G0b21aqNnKzU8dZUGCzka{_pSjrB?fE9^x8!Ugeh zD%#A$qkMmTG8<@%Sx?qBmofkM5tynktj8b4=kLNpp#Z&M#cAf4>Jy9n8`KalG8aI{3s?}@h$JhsEb*Y0PfE$^({ud=_e4~i@at#g6{y_A5ggtQf z3?vgIzU1f@MF-pevPIO)%J-aI9d`BL)Y61v7F^m{U4QjYSFX4KQU7zk^}ZWJ*4*lj zEhk4V^lrZmqRsT(Y9ufb3OC_@7VsXQjO5c~vf%`!1Mb_HXtIRF zaui*}j@N^l%kGku?%^r>@2K;?fLWR{*KGK==5o&IOLG&f749+5QF6LM2d_MUwN|Q` zY;sO*kGYX;Dd$@Uyhg$ScV86RIAn(-Qw*(+YlNeG42^Ug;i* zq-4}hA|B;%q~HDFOi6aNy~Np)wUDNUhI?Sh0=hEuZ2TSa^0HC?gIPZ&iB#ksm}%CV z)Uzw?>~HVUE+d=>BBnZIAv%JrPUcqs@~}{Z+}W|seADGu?AdGs zC=V`rR$i^Gs<@%+g-kr%r;kyio}Nu!fGdS-2ej3rcNA=CBv)OI5MB z#*KVZwR4K6u2X^t({k~j5`}E}`2l14SeBQJOgH8q@%dRD4B#+lzteIBN~IebL8eFU z=Sw~^REa>EM#zqez)-|N3xvOd(Amn8?{!R?gi8x(2&F4qA{vfZRI_+PK zaygH;WHvk3JbuQQm$eodwoaeK!!7>k!gLG`vAR&d-I*z4!`g>Cs(-T7x}H9#R;2Jn zdb#7}O8Pwa#8R<<(fZdKOnOi;^(p?iC`02hl&8%1c>5kqBkab{! zBJF)}sXgULA3K!?po=zOR~IX1RO6Am+&lo%deNah&>E|diwm^gl!t3qbB?3DQr|#M zlB>5S=8MT07HNNDQ~ z1Y{=AW8G=LMug(^GYx4@>p>OB^hAS_@(GRiqJ|NEsn)x^Ar{vf7xUfhms67DFG+`U z6p=rF^5t5Wc(N+3){wQ?{LrW06B4Ie=^c(Ld_2Q^ndRYi{)~I~?uiq&-0Nz#m~={s zhwtO7oDN*U)m4mdozCSx7M zY%xdI-a1U~Cb)hv$*e)_M-9UH_>yB6rddCVw|J_E33;ie=+OtMt#MyZc)bXPq$VlfL~<|!X@)76 z)G(d3R$WV5?83HGILc(w5aa0cum`GgqmaYrs?!p)$+9PQ)w9W!8s__FgLRS*W?$Dx;ALVJvw#Z%T@NC<(tRBxht;I zC6#-B*rk*Q#BLtBy-Vg6fNz)=<4Yy0U6 z1;>nzjA<(hYzaBpi^dI4DOAtWi8g+h@dV)B>ldA86@k;*!~+Z~W&cdIwh+jV1mw>~ zC*c9$xjLE8`MAV0kY7@ATTTri5gT&27`V=PiiJ_RY0q59^$N)LaDmPBIq54`b)ipG z!8mB{XpTo3Qt&!VbKs7^cG+6SX=amTDKw;Cm(Hi)2w}%h$T;8UwE(eo8X27wW@%&Do$Als~Em`)c!NV1`_iX%>CHi%(#AN~s5& z0Iqq0lic(SY|!jbf$FAmXD(52J+kprz$v`i0>~sWE_k5uPV;IJ06ZYf^2f-2#d;C0 z%Bs^9X7-0#-saNGuWU$}!AF*#{FN`{`5j0EmhG7fCZ%yImErnji@OSDd?U9{R!RAi5521AU$mSM&!11Y z`aF$d`N!%LsTThR1c-JhEs~OAm+v;OLD}FWM8sy4u_hJJT<`8q!)p|Jem9zwKKq*cv4m#c zRpLixl&hP>1nY>w?*#|}bTlcdNW6aMhva1pOK@@+=LIsTr=Jp?cND{`&E4Y=$o{;T&wV;#ac(11n-HD@%vGQ|eV2~9n~YQ{^dL2>N#z)e=E6uiEX1p4eMe8+qN!;7n-UKeo6-7@%!wC z(3gMIbo~sd-ZIU<69Y4tnpA{H-aD#cnpM0>!Oy0(YFZ~@Diz%H$gWXR*L@#xLY{kE6yxrB!+&|EvCqUc$>X++`*VqdIUaAwJ;Qz8$X{f5w_Ru;VUHi;* zb)Rbf1%9@-E@)58tX^vCCkOy*dru@NaR=5A2XqX3pZw+9W1C3ma4^eywOeIwzMb?a zO%P_Zs0eW5)fFij!3=?J!pY%&uV(7Bk#tAN5>9C?R3QtsbplsG94NJ|$a%mWhlMJVXJOBgIFizp*h{ zUI_%Zoa6;O{~o|*GV8o--BEWQns#}yx`DC}#SYob(K!^lB#xI6#087MMJe^$>NDbqd zu!{lj0~ss5!CEPV1|-FgakLO|EWSd)9l&^VPs}UbvY17l%vFbM@2z~Z764Gd|+*lFvYjkQkr-cnJQDmydy#g7B886BISx!TWaT#6_NxAD;jf|VBaxQ`z z3Dy^d9RrL%+TxU>)w${Jjp^R*mX%`?P0K zyzQz0tO_I&6q_wTcomlT9?d$3lJ92&2=!poB24U~ z!O4>Tagz!_ZK>g!5F{`=nKHs(0lG42z#E z_NN`~JDX!OrBGiFhjP;;0T{@C^Dnb&?#%k_$+-3EhHu>5BYCzhT4&*f`f7k()cOLK zVHj;%ZH|*X8`JZmr7`h|-sP6}=kiJ^J5-kmI!1V;Vu}+kn@`Z&p6{jn_+;{{;8t$F z)edax+P6fenW_(J01yq>ot7no^NpZy;g<*?*IhC8*a@6%zIDAOVHcBUMu0e1p$lU) zA!GHNl9LU1ktRfuLhZLs{mIOQJOIE4K<(JIYqJxoK^%V36FZYw83h=plloAJnPbzlW1BFpEUeHBU<& zIXmmj7J88&_LLOO`V~&&x3yE{C!HzpNW~nN7;kh2+XS-RU{*pQwsKvx2#Z&1G{YR0#~AomtIGO1+$KRfcJ z$){u}{CSx0;r`F5BhFJ&12dB$Ea*ER9qS|}ZyZ5Z>KXw68$?C7S@kn4?3|8D>GixD z85=7ry$ToUY3z=9vE5o$v2yhe{@RV%30Czvp?$9mbP~E$9`u| z0M-|$+lk1|Tw**f_*JQEvCQqKa)9+!5U2~AzulV&0IRW3h}~HN(gxY9kze-`-|F4r zfJrYBKio@kw1!0qe!kS8wto0CFeWzLr2b8Y93sOOHEd?d%D8bPcnM>~&*bJjVb}7l z_qFIoqmNyr9qXD)H!R@!93V<I(3T5l zHhj0d%M{pl-VeJH_ScGpX!pE1Os<<(+ZrnrJ;@4t{^I#wJ94WKWi*cME3B8Z<{h+KyG@$yBOYtz*?=nfVMkSEJUm_~~3gI%WNBJK6R~Zq?e%uI=-!A(}rFG|5>^j4h z{oFh`jZ5mt))}X@3Rp^kWl{6e>$E2!H8kN6FV*<_e1BND1*x9;d(z>Z%{$NE>8D3Z zAv@-&S)7!PyIi*B%T7xv4w3c7CJ7N=f*ON4&Ef93(v5!4K>53&G@WRhrMPsnY6-Wc zqaTLZr8Y^%qm4WjV9mhl;bLQA{L@GAUAauG2}jT4>GPa^bj`R34QTTjjgrm5+Fn8a z+jUQ^8z-t57L)WY3pyr_F zI>%jTL!NGl99fF?9=B_dGZ)nR0TZIiVNnfE(~K&(SmAX#aShnEvvd=P%7fP!@6AaU z-F=88bG#+hc*+i^A@eZdY;d6oyk4)fvz77r! zgzaoy3CBH@4pNZMOFAoE4Db?N#{BJgk!~-VDAEozm`OCbU&x=X7t%%L?3j4|x(wLF zBL%Rf7JDF4zV%~(L9znwN{Z?8T@JG~(v;(#I!3NfqTUNNA{EUzu=?f)=~iOhO-t(C zjynN6KL|9z>k{nHRlF9fH22;$HNesUjaI}wem&w;X!++@1^(1|Ch!i@X{$XRis|&k zO222^E~f~lTRO0Nufgg=8_dBNVZ>b8e+`m&CeDyo%=A1(xdiqi*-J*r#do0Xul_=^ z@3(e-Xb!-Q-`bhN2HmTQSZ(u1)rhcZNScvW5glvgl;f*dSBP6+#lgYEc}!qi6#=3CI27me#q6O!bW1@>mys$G^ zm*qM7;JEBqDW&O4l@Yq>uJsk)Xy3e_q|}^L#FM;a<&x1SrN;snuX^`8NK9umq6N_yn>P9!aNXK&geUXg+vdE23>=vun&u(>V8>^#BGeJoMV z$2;>Qy_6j-dCa7YtYgTNT)?Yv_RJ}(9CHygsZ+xL2ZMGP^$%ELw7|gX4&SH{*6`Lj z;~7u+0KXXL;E90hCPi4l(^2}9$zZ_Ps!F?c9b)`?4mOEQ!!1C992I4a#=&(XrnViW z6imReHo7@L8*)g0$zngIBXvBeuYMdZNcYoELHB}LC#BMLnJ>c5=3J*>1Tr-H=8z{T zZmxE#aM}#&`Nqq_y1#c>5hSHTN(>0Tg+Dc~dzMgNURl?FoHBr=0S8ZAZk*WRtjk~K zsjJ&D#TeCx%bGak@xGTxFobR&i2Xt=RWkBDdx~nI)}$Xz1&(V)h5{!p_$ItJ*C$=* zV{(9aBl#dgnT3o|v4N_D6X2?Ub8+;$DqWS_{26bVWybW;?6-Z0)td)brn8x)VtWrC ze()^@%sm6O7?$kgH}VTnv#!EQq^v&=9D9CcihG~%qtO+*ig^H-m+ki5m@VSV@Yf+* z#PRlejK!>euV?+1dAt>IUPdr8ql>H~!xAPJ2ZTgHCFEd;lZIAO(ZJ#P_-W()SLsRC zf!#+9&Zz1tqCf89>*5H2!t@w+u8n-GQsyS?jlGj_!Cl72>ZwGaR1C=EM=?IJTwe(w zLudcdB0WLtmdVNJIR(2`Vn_&n&FR3=dSIWGH=)Zj;$U6P2R?@b)HAy_bB(L=@%}+f zE$jZ;37lD)a!&DxM`Z#FemSjH1 zx%Uor&ws{+EIt)JT3Y+$G)jDJTDOCHsT0zuh|C{m;gL0>FUL*x6q%K6gdlgJ*Ex%> zI-*5ee#ThCFgty?GZlh#?AWCe=<6c1bwW!F!U%NE$1-2gv~M&eT>x|3^4#)d^FF%a zu;Qhw_Vki4>}0@ZW_Q#B{U!G-kMU6XLq(oErmpy{sjZ$GGfU!1MWHcZz3R zvN|bym6eLy71vceai-Q)=_8ncwRLz746W&#^N{pJ$WrD(-JY*&So4~w2H)(WHe11D z8;;(`_M>{yy@Zi6kH`4paaFh^LW!g>&(i3*%TCzrQ5P>pdzwugUvyqOC<6{A6%3+@ z=DO7gGxUh8a>C+n=EHX;r?yIkB`YM-eNW9)u~x3>3zjRXJq0Yo|gJ?Pel1Gz8f>w_LKG z9uz}eCts`UVN z`T^zsKCbd{J*EwvVVwQuVwwWoPk6`)k5-b*M(bd)wiA90{OS3N^5Ahh4eF$WwT%r>hYX+*K#v z@H)IDzAX72ir5m&Uw+^1FXaIx)f;lF)eXC>Y0gaNPSoAtIpGdYRN0#0E;4E$wu0?o&Kd2(-KTYe4j8@! zk2sqc@%luD-A@tJT#rNu7AeOWNTp8&6NZif$s>4&mlpd;UPuLpX2Z4blzq_KZI}7(T^Oq*DUcjlg9G`iky8X9 zBk?IQ2>!a&i1$xrZ_F6zGn-pW+coUcV;%kY#hAxO7nstnzvt!=;kLAdijRXuL`UIv z3g5kxzy-C}8lmI$(@@rwjO=}l=xGV}8U;%QHFC0?b5?RWwZbw9ZB7 zBMk~^Pf|#QzZwM8G1F=zGmsrHluIqd40l3y721A`_i;uRIF1UsXqhzvF{5~DTIi1d z;>Llvf0wvj@IdsqTqilKGXKUV^y57%T@@AnZ$1$4+P;lGEc11xK9+k#_q7U9 z@q1cK0N()jwyPCb*Mi(`9h{uC1B^yqF1@L^OTtIZnbBvP#O=L~PNKG5lxJF$n}4h1 zubeq|1~IMbP$)^S)d?s0!(+PZ=!^Wc@SLif9MhzK&*yvbs-de`x_?Tar=BcpKAN*R z1H1Prv+EC^sM8Wwn8BPPz$rP>XlZmi1BGyHYi6T*SP4iAQ~Hwyl6YOrQNx~wcxu|H_l&oj2}@Vz4B?A#Reo@{ajUZkV+^(g6ocIte}iZtHrN>)VOxZr8I)Xo&fnR zYznNQa)2+})2`nqQ1ANA&JGk+nx(Tk(4ui^)w_iT6SUj;HjX-s2BN6{`PoV+~8{WO1Mx1O9UnY3okev2?4oHiSh?D4+(7xt$i238?caF{E?tC*m4gsX>P=tJx0&mQQ zggC~VxK+~xjKjXjgw>aYIBF@JlWeUx4G-3R8v0YxBhW?ovYemIE?}Lbom7s$+0>s7 zpRf}geTZ7Eq{^pn?W_-KMMPP1n%r}zsWAa?O@o=QFB~;!NymW?LapIO*ALw=wstwk zVX|=3BjNWfKGD;pRzbMYokW|bq5H&etw~gh?6?T_%nB_l{JC$U&4&}i>^s%k*2)yH zh&vAWj1UafU!k6I7ok9QEN?-%9f%X@8hF}*=DIC=PwP3YM`9~#^TN+Q0g5G_A5;^3 z3Ovqf3;SQ21v&V<1C;7K-gwQ!4L-nfey*!0$S2;ECmq2|s-c82MWa?()OVR{O&CM= zQpYp=HAS>OYsDI_K-7prkMUb}cDhO^5QMD(@xKG~gro0|^O(Vkd|59{&YNgfyHqx} z?=*auZzTxAaE`tst`9Q^jS5 zZs?=rX;_6ZzqP{G3(bi|$j@;MhhP^g7O4y08_Gs2qQ7}y1o&VOlvest;jkSBQquJ4 z1(|0<^i<20_zOpMt!;v`f~%%|f{RRxMMrh;IKSz`js|YZeWHChkYxZwTp3N>_WPEa zuhio%^i_XC7u^qurJ*uc^7aAjn{3O@(9khpUwuLs+SP(xt*XfWFs^xWw5%w*L+u{v z8PNxx0BJeT&>rL9(r0hccV6khF5$+7xPrN@`dVa_i(QMFr(&bNO#br-#8UVgVW@)s zZG6Gb;GW1-gVZ*?no)QAYNeW~`l)55jOpX?Ggewhg=+3rA1*+R6mZwgb3dS%H@$)h zOZh)q-2u~TR3d0UFX!bXXMEzPPdpR~3X%q+3}RO=0)Dj+p7W3Lph}^tYFgT&xRY=~ zp}1Sd$nxDn10mlmb(LAB;Fv0V1o-g9aBN3wu6T>JF{^pd8q-1}C>3_?!20y3iDJR+9W zH^)PWy{T~f);HQNT2TGQI?aR&Y!ggdreOEU5NopT@YZ9S}uyrEqb#(y^3^@oaU zo2G;BAfg2k!6tM2&PzV5Eg(7Oo(;uvfQ`2VU=_M*(s5$}G2M1zbi}u@Ky*S##-4GH zAF;^P!@wsT`XiI)VU$%}w=+{34~sC$xb#ZAPJyKw)1nyZodaM14_>Rdv=yu96D=~y zP$QaneXvsVslmHgo;QcFH#0LG8G+m(qt`>p$4yU%gTX)_g2y{QI&_qg^3^Z8PjyG% z%oGy9gO}h54pr!yGkkiVV?P+9B$FXaR1|EgH#Y5dbL?`$qpp8(H9~6fDGFRn6U7sr zI6lu7ts`AF6Zpy?$UBrO{c-+itB1uIACP1&f&O8#XYm$0TDa@pcW8yRAm&A3x&)-(I;z+%FKXu>kwD{8N7nBF1Fe7jCp(gOLxclyB3u-L7CpABsRgC%o z>pz>lvoi_lPmNEJa02?)^#W4aTH(3vf;hJ z_|1_V>I-4$pvpkMn%Jst@SyAKyIl$%&M?fsuk2Hf3=Vo^6QhjWkUxF-oEieI3fcOk z&wH_~It4J7LeOaIG)Mf25${)p({8PoB^fV14bJ(<$u#)W4D(t++XYvw^?j>r9xeugN;vxi3{9jIx-G-fgi(#k zqCKZ(`d3aI&QpZ^C`SM}tP)!0lCD01ALAn;&Q#e?8lW?LGjvub^fiLBW8OmFyo6yt zRi8>615`5B3CBiZoTqtybuL(9_qLEN-ow;8@bSTbN9 zA?gI=mgyifX^s#F&sIFmRKtobJyW(RYy%V^qPHDS6V84&dB)kFfu(0to2bp554zk2OO zAB%(`)37}e(>Z&-ha-ZV*XLY1g5C90Lw-!v$Qc#>AF|#%tf?(*^9BSJu!4X}^N0vi zRiuV$K?UiAUPVB92O&TJ#exD#mEL=AiPV4!2x=lFv;YASLJKX17DB$2bLO3y@0x!# z>?=Ea?X{kA-@hkZgHr4|zItR?q;fK=h(iM`Es1aVxID}@^_c94j!oJp*Z4qT=WOYS zFI0&|WI~m7l~$nZ!_I{Sr}a?15{j4KlSO!sW((u`(uE63B_pgMgg=nKemlLxRTknU zg5wR#On!(Ox;iO0SI%RyG}v$9ljM^U_s97lnA1=RArEd=SzMz_Q#tlSAEwnA473#c z1W~8w9-dSq+cZ_`W0vl3+gNWDbeP>3@tE~)avRbjWP(Oj!id*cY3ot7TqK^N?>16B z6vq$A${7*xr>M{?#I42tzgdaOMwZBV*^nP*?YCBCMbzFuc-(2(= zx!|dtuILtbbo%?*!nipJ#dO{q0y(mMzUe?R;}73B-1aQy?S+ z9-~Z&LbxloiP81$!i;@P_B9PJpS&BI3sJ{}H+B*I!bWUG$P`1K`12;dVr=g^2#b&W z@Bukz=(~~m86=p->B5MsGdLUbHqJQIy^!N^L6W{$KkG9@4tK5>&=tM+v+{qT6+H6x zP5rgc!IjP<<8fYF2N*ARjCzOT;Rk+@0pG<^lIW5$h2A zc(>bVcV-y7?oO(aHv-CBJGbuekRj#7`;1kDSL70*sdNU>R$pOZr?Jyv@cRxFTYn>_ z?k!et|k(zdTUc~N?kd$3C9-iq*_*lJSc8}gU z@uEFlyK?45Lng-^w$B_l4#vq(M!6UiuBu3Sd=LNgrPj2(ZFtYVjCQ3AtJXI3&uma4 z-_p+8u5nr13dS#clIL(+;L*riQb*vwORKV+!8g!~w4g*hFbAzbU?P+>RpCoOJGg}qX9=ylJri_5;*l8adY*>A<~3b^Pdn9_e*j<3en48_ ztq+^d@M_maPN|sL0{y?C;Y}2d2sF#f@Zg+KxXoAyRcfV5mtW6+!l(o@Ot1~BXl(3^ z3$*Q%}lpF-Sk&=(Up^SrJ1V1j@V-(?qalklZ+%R4gdx`_a zk>X4Vew@YZjFLP*W%J5o)P{%kh+@OpRUUV?gE=kTu5pvIoisCx>&?PP{`4SF|8;L4 z3j93Kd@e6p(F@TSIh1%Bo(a(kE$v_1Z;aS+AU-(eKrr#>5<6lR%^(O-RfHBS8mevT zzejZw<98~K)`A-Ig8T6{M0|~j(sz;tZl5ZNOV4x;cvYclk&nFU;ah&@NiWAodY8`D z3TrGb@U-L@x;%N#?G%?df?r?jRBu7;>PHqD&YqwoS^7dT;(C))4TpW9afm1)IpEv9N=FhWwPaiM&-${ zRY7c`tgo118iDEAWYvmd-^A_ zFFQ>4M9ZcU6(1I)^zbOlhmRjiAzu7{uE>83nii}U4Bv-d2(1Cx@$K_q*_c(&=RD+* zFJDJc{V(R9_*ZH9IX$+=R!r&k8y^GRdUYca^Gg~fvRcYX62DrLGbDaBw&{9&ER753 zFAs=)2DU@Z=o;&eBpJgH!_dZttlcqD=SDcLI;auuW!LCck5~_Ghn~pK>>dAqHk|D* z+XVgk2xl-r398u(l_ajBJbHK9zD>Prf@OX96Sg|Ze9YN)Lg^t{EXCK-CWZOEsd`h| z+IRDD#qh}Xq4+)p~%pD_UUc6Z?H@F29p9|SLtr+y5=jI98 zm0Qu!&W$=YwiNe2n2Ez=uGL*Vi)2&`H*MEF&2!JUdBJn6B=fN6$$ANpdoB$$xVf#h zd-xN|0JbQvSL`;k;8BXi+C=V#kenq;%*++`3Z;7c(Se#y#@zGu8`zM;Jh$PZFtzQ)kL-#ZT33XB5B&GDIiFQaMTU zwlQL)-uTzM0gJ;AMRG#Q6A}_8ZJ0?@1=&_j(H&}}v+a|?@0XLxR{#DpX*XpOME&Ki9`-@cMt-odW zq3sq>XY<;jmH=!P@}%M8@%nO$rkIx}I<#Xi%6X?cIrcH@scgTW4xJaa{J! z5AS5sKCQWi&5oD2RbR|CEMlU`eXva#_Wp@IlIdZAea>SOVxCx{8w7mk3@-!{SU&&Q z?G17JdJ#E0mU}i#ckl?2&@ogCOd%k!_C`OI$#Z&|UMpD&C<@{E&Y(qTZn zP@ZGl&)SbXJ8g-5ZJLqpm^m)i^_ zvE&?f5pqq9LBudk6Y2;JAH!gta1cY`56AxhA=ESRlV278uRY0yWD?oAPYf7aB%7pl z+T^tB!rD84eK6Hq&Ic<%)H)@B;^oVns?&|){JY|?xeC^vppnVCPZW&G62IX&nr_Xm zdd=lRdb1Q9cYm>tjqy;Cb6)#CL}Tu-MgHW8EnB2a_rqHo&dJi1OfTcDzXVEB8Zc}W z_l>%psCJR9m8v%x{s+I(TIMU}(;Mt_27MoF*JAi6Ct$^<)?p!zi4u$(d3IF>3 z*8Os@N2;Vv{husSA=YO2>h#?BlvvoW)J(a3UdbUH+dvEBbgduTulqvI@fqOlwDA$q7yhzjSps1Z*8o8o4PO#{W zL-^>c^|osGwEuG;<1794EfbD;7yHJ5){(l5u|*BV+rrDMt(73SpRpd81WtjAzBL`x z-vtqbw%LgaXhF!SO&uxio3*`TfN$l7l-IBELkA*UR>nF4KqnX&&q1`aVH$aTXsUrjOr|T8QNP^P9o}3VXp_r>gK=3JEZ8Z-nsU-5fakA@WMZ zLG8e_Jdu@;WfGXnTc_Rs1i*1S{KLDs2EV`D^Ldstu4=r~W*c{omk9rfKH@1}F~iIW z!&qE?ucm#yZl|HnfGXJu57IY`VM&r6YXq%U+f?iChwiP2Fu{tC_Umt=LO^l7iBHMM zxkE|M_QyoJqiv|Wpp;8;p>&PsMPJqVdi+=8NeG9ku1!%Kg*e}hi5g4*dqgYjcP zjXCxj3)=G*El=Lyp3{%8cWYDF77yH=f~0~O*B%i?uA`NM5m3H}R47kvVdO2$`fGZy z(e{A*IJ9Yh>Fqn|;hGfO_R_6C`e|S83_Z`9icXVIyrdA>xzs==J)rx?)cc;?NCk(C zdlF}@2jh0uN;39>X9RUmQcQ^iYKIDp+j1NTdGkxj^e}srpu_z-Uuhi8}4ze3O5wRIt~FbTyefcW726CtHnnu zc8;6x8~p$#pAs_9jU&`;rx6``2UP_bUevsP{oo#uYECru6IuNvYZ9gSuVEoLV(08@ z--;Xl<)N7!s$d?|!0*c?{A*V|Z5FSbFuMtYk#9CYx|SkkQ<(+%OrliU{ft+$p&vD3 z(CXFg+}co~hMmf(u7|GeppdQ$nKaMuTzMO=5TYS%6v&;9Dmlmz7x+@RFIXc zU2(-5gmnRK9~YSiaEp^a%acq%Dv}snCx3t5 z?%n>rjoBXB9^J+Tq-r=r2W-^i523AsDa3c)ZCTR!z2l9F-{`$O-dZ} zQ++2bOoMT*W5!*ZuZ-`Uf@c@4nFV$%quH~@aPX#3F)?#b^VyEzKhtJbNEY{3N7%3I zs7Vz&HIID}@afQvjuPgp9KUdW#)DAeGymh#{ulci5jn99w>R@R-)b>CiN#R#%T8ua zZJXMi+B!B-S!Eo#Zf=*7ze+pr#dQoMx<_faCU;^tJB_`IE6!b|=jZP#lOkYchp zw**7j<^t6`YCI!El_%!%d+M(1CL>`Kq@>c)aA|x|`?a**s~|+s^%iFW*umycKU~jo z&*T_w^<&rrncoF^fhj6OJ)llP?vq@~t(9=e-Dzc)eLTTk#KP~OU8v9;K8p$PX#^F| z65khU+M41&nv$%coRrLZj5ve6*dQrQg>uqmlnp8L2&-b$@>jkrS^Bj~=KACK%m+a) z265@Oxi#o#ztT=Se-HBd_0|uyY2`8N*KWPhTM(?v!0>Tw%nZbDX03rlU)X0OtEEAu ziuHGp^vE~WI7|-@u504D$d0w>ONi`j6~XMvlaVP^;xl(6wZEX8v$al@7mr>Z`(`4 zG!D0iCVH5LN~-#T!OTduRSSgM#I9HGxyHwu8f`Z{9a7j%)n#KuDWPn_D5(>V(AQJW z*}t)1NuFv_4w~y=f*&#*KPzYWrz>o5Remb&dcc9~pfKtoRL>jYeap(Mq@g&AW-I*l zoX&hvLVr2?kEsrjJau@P>U{HKVz?wL+@1Ehy<8pZiXA4kk&JI#>mzo37(pJET^uDT z-m^3eI8OpUQpvv>d-Z?O7iXj-W~RUoGVH-?fYNTS*X^v1HJ;AXjY>DUMl` z6Su+&&o$o9^zEu?)Vldm<3-c$tGbzkzcSQ+6@}*yIrsjI%i-_!mT>@`x`BD(c|Ox7 z{}k|Y?9*S4^hVeCgJUM~BtGW~{|}4ux7!pG7;)V{fowTzndxx#Q;?TMhrUpqY3#IsjO@bT22M=(3iEG|MRyw8W)JrY}?=jL{km zDqjvo?72^7m8+%xQT5Fc=G=`Bv;}I`YNFY_0A(EMq3XwKR`GbNgcuK)hd$^})$agX z3=M^uaCWU(V9`^qgSQ^kI94ca%^l=d9WdlF*L?tLD`5}I#lRPNoa@QxZN4LXoF0i6 zUFVC|%Y*lnJoR?RVb{&2rFXl4Z;yd<&V*~M0it}geZ7t57yMu!(UCX>IOuLvEGP@jnN0L zywCIE{;;g=kgAC&7HP{%ffNf?r6P@d&i5g{)OuZpdVZw04)?CxxReJj=$A*ZZ0UKP zGe5i-J7q?Q0hTN>K3GqYvC-Z*A5M&{YcEbjSn`exdovZR8_~iL8zgE0sto`*EHokf zjErk}n8$kQ9*cd!I_~vG7sUr0b5rZ%PWFF2EFXfZ*O}|SD3(>8D`T*U^merDtPv2X zlgype!nR}v+k`pI3?t)()%~k2O}Gva4WNoulHT>6DftP?y&!j>5_Y(PZ%QhH9GX_S_e$&EC&oYT6BE2Z0-uTzzNJ{(97aS z)i$Iht=hhti%546et6Uegc=$ekyqA*WEZz#!+XPP=&iTXt+%~8NRbE+akKhec|7go ze6u^vYtxy z>|^70klC9vaqCSJD+qOa?T@9VbxDcJ_Kam7D!pZnrD&Vz#q7AN$ zCbFHj)IvisuB>1NAVYTBpZLr|veZ8)R*AG79^J`2LYr%Kpmix9LEZT|>ZjbR^7LzP zt1bmuQOK)TzP$bC=Scgw3|AvCp5YSZTx@^B zb=K%WAtM%CP!d$iNb;osB@2G9O z=KS=eOD|bmxXj?oQHxg3cAH?Tq=>!?dU6ll!tx=>c=MMZw9JrR;TWYmUf)t|^4=sC zGc&*0GrNuj>K{cC!q%Zz&woJ&1lYjr-uFRd-tfW=JIBkR}i^Y(Bc(yJIz{veOBCOD3-R z`H?hg!;~}nqoO5pDhvh8ps5m+99&pQ73B*CRF|chYua z{kq&HD`MyZFkbCk4zTX(A^Jo6Y&XyWkIh`S$dbAN+e2g3-Qr0vRBhtD^Ktd`~3 z!=wRbFeG#iq%#aJuJh(iX-**2joIs!%WTZa?j|<;%Si!Ib>F-1K{V<-LnW;Ol~+Gq zNs000I99n8#V-#D59A|0oA5bVB6bA4F*JxJd-*n;nz2*J9rBlaFC$S_TJ*Y7m)|PY zygo`;@&S-5@3d8;7x(e|X_3qFa-;D{SXhslau{sBxHb}=j*8gO}r9fj} z+I5>e8k1R&8Nh{2_%NaIh(W?1>V&aq-2%gZkWMx_K2IpE0w2E{@jzaq9HpPBdH`w1>mC z=SL^%Wv{E_Xw#bxn3i@lfB-J7n+8B zF<+KD9-kE=n2K(|l z2(M2;RAsR-IEXyCDoQ!`=h+`Z0JE*28l2KR9X97E;xmI=hYv#5%BYA$iC=9|N+S=w6Ig($!qBQQ_PwC0#`>Op?-%ed!Et)+Y(>Le zer>Ctf)iPOXU)0vV&l9%)s{1ws9X}^{uHJlM8jAiM=zXIg=|yHg~eYK(7k)8lr`VD zNVV2O0hLz7!W6FOLK!Lr|Lw1wR~X{QNZHI)wn|)bzAX>86ay9O!%MDr20qPaC(Q=G z1@Koq9e*E4@1>JHlmAF<*8fTGDj6LfhFC0NwJ(-x7~16`W7%l?yRo{4cQwXkmwI*~ zT6<94Z(gztApR2|ZfWP&vWcq#zd!qDCffQA9}RoDX*6h5pah<6B{_5Ok<(3Nv6-~u zQcd8?8u(b^;^{nv<| z{k@k?<{UbeTRjbMZixYA_19@T9gX%0xZ^_Y@Pv!Dt8)5$Dq)}1$z^z~M|6B$#=_EQ zQ*gX{d_LD~b6R7rAp48Dv&P8Qf_Q;yKpRkuwBr^f&CI}z8=OuCy)ka_&pc{_wN2gb z(5Lg+N>PV_spoWW-@f1sGyU88<3iO))Z?flk0sRmqf({T{oW`ADGyvQ2-xd~t{F0j zs;>G4_kmUvQo2^lLE-5{W!gnq&sBgOSDq|JNmamOaBPAm)-w%USDLt!r9=XJIgV<6(uv4$B55jTPxnj;zf#UAo3cO%|iX@piuonibUj98U zC89TO5H!qUwmMW>=WO-&ns?Mv#GqP(E+rxG9NQ+>Sdxs$Js;&L^X@k(z4D`9?yNz9 zH1kL`Fk+tikHDdRT#S>qte^Epxn*7wXT*55$%Ur!v+M6ZTDQAbihaE=t}54m;eu+v zOfz2Xvt#dtoQ{z${YR~O z@RbqrNye~2*`r1PA6aD%p=^J-%Kj1#teFHAPOCRxwwKaAxRL*r1BOPnL zzWt&YhqB32OMRjfRj0+CB02--r#=glv7SaG_$gD(1ENI2ZRd>B7|!%Kp_b4uKD>n| zEt9=@MbWBDfhgVTiO*m)>#=@Sx(dj0S-Bj%vbThVDKK1A?b#b8Iypk{R$4IOJvR2mgFI71Knd^8%rj`Wiz{KZbRYt`T(}IKNvSlMjAoIEP^37#L`O zAKuk4mW2Xud1l8Acs%B2hzP^EV-=>+wl|HYLde6#)(~X$@8vnq=K+8W>?s}^+T@!F zdG#g0YN)5hSKU^m_5j$VMC&hk5xj0@gEXNR^1heqUeEj9y2C2}@#Dvh00iRIu2%>`ULF}Jvu;%wUCnGJO#yy2+kfncOJB!Q%jbXRLrX#{EsSGF zS(`ZhLAL8^+3?OaFLCdF;-Wte$X1<8SO_&nqQDZ4*f z(;Od_C^!mlF+P3R*gw87TYGkPeb=emo@k`2amao5aJ2q_=F^qHy*hD96)}Ril3XC` z+730ZT|Q|V*7%jkY907UIy@*Z+^SYZJ38{9c7=ebF;(D_W_VE-o%2lf%x4MFW-8H; z>Nj~*E9wT}6tuNa(^FhIv?a9BWNrKppa-muuQYp2wfA0dyamvONaTk5-AB9^hN6Pp zlZG;fOAUUScQ~%d6%{_ov9dXnEN*JpZ!k$UY2CN`F%ApOK)r=D<=QoC=QA&{{lljgl zw8s@Vdug?8O&sB{sjbz?q!;;g?Vu563aV))Y2P(Bkd*1q^$avr&$|Fb08kp$PsS4h z@#cA|H5e@f6eVJ}SswuQr#-&V+DGzT)f9OWyeaSA57P(&)9a?Ic|@ z=c7>b1%WNKKjIwzb0Pq(_kZn-brAt?&82OX`Y(_>f@Qs+k%>S&3g}73LIXP7x#{X1 z<39Csj{jD>?nANzt%$o5K8QJwS2Dx#OFsf&4gAn)CImZVzXb)nSk62rQ2uW9iIr#2 znvzpRXz8B=ua_(vrG+U2(NX4Swi{((0ei>ZlGoMVu6=)k8)^2E_!Un=5@5EWfmchG zzLaHP_qxYJ+=BkK8M1A&1(o7S$;@wy;*C9SG|Y1ts^wU$MOMz?44i&-6-n$v2@tMRG+- zCA3JZTTD(4j4Pb4c&cw)kIQb?IMUgmFvG{1^2TYhu7kF8tYu$9nZF z7mumZC~PQ`2{#9@1u5p2Q1FPLnzvGZ9E=C!VWlkFI92P3byt<09NN;4q1L5xaVgA} za`048w%>MI2nm~-NwI_+l|Rv9y)#LB&-rKFf$|JLgj=JAT&ju@DrT%YblV0dzqXVMJ!< za|aglkD*Fe6SSD_eT^&N*Mn3Ch7uKUn}|8jUOf6vX~-f0D;BWM45&$}c1q!kKQ3Pg zqfY3hh;6NPdf@yQDoB&EY=joQRHyM`@_bQk{C6~{#X?sG${2C=2r?m+e~$4B&&pTY zkHPN_@(NtXDluwi)0!nngHcp^yH08c>H*RAW05Vl(^cPdST{OuC#0iUT_-2Iy5!Jo z<%*yCI86Uo6w|y1Ty9M_fT?YLKQP)AW<%lQMgovUwkT9xG)rX5b_zMzO4buU?^ z>G;O^g^%ym&g}H)>5e*}s(d)ktbQE3u@Q7#{ zEM$G-(}b@$2I)uxw#1cVnbZm8togLn{Uc|3ZVo2b{e`*AdwJeJ|Dg0AYt<33y7!5z zBF3$c9Fbi6s@Ahr`}P{s3ZdNR&+(1TvAs(k^o!75n7;9ELX|DB0T zfyw?c^oihIA36rm@>`BSM)47*h{L#rATtgh9{LhCoiuD*R9twpZGj&WL>ED3YB8A@ zbeb^$Iy|59Gkw4f)3>nbf(uqzU3;jfc33+NUrD}`$nuO)-F}=fdl*J(bi#@uMg9sy z%L^0r6uUk0t~`AAW|Z#J8vFJX{72aQRrbPSL7Q&lXMp}}Oowe66wpT2;c^zcz+b-Sx&=!yhhpc}1XWT^e+e*jK8s732 zL{}R1H!~Zy;3J|w6}OU$TN@d46rXJR!)n3*>S<1~iW z)bSueD+U6&nqoFIkMhfOc--4b`}lQIMuSW6W90}2J*;CZ!A>c^&{NG0aq`H{NG8fo z?UpU+CcJ@;0rmM^vBx8BoZ^?JQ~JW28`dCC=|at0N# zfIAE`e+~;}gm9ndQ2yO6eZBbm!z}+VO{Ob9O>G9>cLmY$OF_Z!(5fpZtl>YQuZnf~ zb-x9v>pgn(u0K`VznojbJe~B7nj!Bs@bYAaafOpkcXzVVD#5zlsVYUvHV+t<%Wm)a z>f#Sr-rn-+x(zDlcL|yBzPu|haBBjq5;+RN<#NxqIT_+)dHI9MP)4; zwaUfZT$?05esOthtM$6SWuDh`9CSYf`>gwgLDbg|Pj-TMvhhar9Dhgcz-(ot%Cx93 zW^J%-PZOt>7iL+a)uoM5sp5I5T1K~*%HAB`x;A$>oSGAwOGm3l-p~F87&DVa+z+gK zSeKDA)GD0sp>Ajy%+|6O6#6)ncgDFVQFgPBiPKq%3U64pEbVr9rBS7cNqfq0`5$4l=IiXXX;(xm! zHHwr?k{A4G&yVr7LG|eNnw`|qP3g+jH7fgM)EkDq&0p_fvcanl+R4lCEH_feKk>|0 zTz4Ucy+R*_tuSfG&NQ#VZyC2vf|B@u_)*cWN()C2z{(7U72O;tH@%_TYx>rd4n%A8 zbHXE&~>keYP-zb3pcI%TqY3fxibCRpyNDY{JKxTIUY$I+jehlj^*$x9P?@X zxBO7U?+lp^oFwkzf?vnS8do}JF&T4$vqN3=$tqr~YPZ`XI&#P+$u(py>NlR;nW)h3>&yTVYZQ-Nr+2(b=O$~7@vlJ3bkC{GJt-9611J~#q zWgG@_80>nzw*MUY$Y~t{d3BbVef|{--28GBOMfWki{3<&xZ7Yci)7f&ob&`DtaYMM zY5Kz1zuwuSns=zbE4(r<;fz`WL3WF|;WK!y1jFQWaQ|e}wLU-hlp3=oV+$~!((dOn zcFk(hZM-rhKkG3Fz5(QX|O$+8`O;mcy|dUHjidbE?pij4FW$J6lj z0U3ryMp=7yO|B!qScwx#JN+FFXDe$#qT>r<(GOGYv^po0-ZE?28;$hZ`>sc|Mz1ufu(GyfEfYM63(FaAFIe-?xMcIK<} zH+AUXIuhO2k2B0>)9 zdD-FOS8J$Ia|{QYq3`j0ricPZQn3#D+^KXqx8n4sHX*-)Kdqae{K&?XiYb$)6j$uC zs_9nqV?%dP`%43Zd3RuR#U?=&&6E+}xbQQ*+!n8W%Ws4aL)|jf&244*nzKHBjD0$s zSQV57TcLyF4M%D5|Xw;^#T9};?C{mI34+S6^4TK+lV)1+K z$sQJ zZvlle$xp``PK4?v++tvO^&gWbm$~8W+V|djihWGnh12CP<;`=$yA^~(_T!uWzB^HJ zIf7+J&!*}AT;`L=sqw2v{>YBc_0&vOU8~q}oh_zL{2s6NpqVwyx%c88a&Pd_dXlv( zO!f@LKz^gB2BJ&R+ZCEEGXGQ$uoxl?UB_B0>9<8uG7mu{G^7tMi0IOyYFQ4tbkr@tJ?xv^Ur$l+W7d< zSdiYj2(8dS>-rS2MzXaO!vH9eOkXjI6p0e8(GeofpG=mo=-o?ISQ%5b0f`CdZX1aN zEawJ#STU1pfoSL_7=*r}vZA!*)Nk-lEar;~8G95Ie|@+U`>X7k6l7{cXIq zbYQuD+ukU(t>mK5WMVqiWU~3Ldo@B{c^?55V z0z)KL0zqFBu3_r;hWs@MI%-F2`<4 zHu?-XIe#@`N7Q$wfq3>&vY2qQn_$@XB;xex)6JN1l&sq*eQF2#0Sy6PZ{J(a`(V!g z7+}>vi>^basJK|EV4#DxT@kVyNihcc@rF1k+j;r$d>Jn+m&5}xGsA8+^zqUadH3O@ zvZ1NzgSt)$m}CdFmL3i3sxh2P3Ja_>Z|e7mM$B0@`5sbZUe8d_`m>PK9Yot*)*I%} z1MmDy6^}ny+?nlJv##O$HR{11OfRm*tHm2llMt~`*qMo2S zvQ{B^1{d|`71g;E=+ect?OLp9&N%@sFHt)$NebF>AHir3(iq4o72mW=tM1S{u5+rF zVcX4585dF-?UGMA{Yama>Z5iHaXdcuxAl=^x?st?IPihIQ(1@9Q1ys7MBs#nMU(%2 z|J5rBD`scfh(lpPQ^jz#y{Fk4hxdYQbA~oC55w1}&-c`NVG}Luxrj9#Xn6@L*F7nm{acOkReCbL zGW>F0*(m?<+pa}w2floSsO3{EY?+WH#s*}rAM(SlxlE*{+ejqvf?#TGWXihc?qtEs z`JGY|=uCsmq~`IJ{iI?0TAX@mh$lL=1-6v|y82;(6EsEax!Vu_9gV2??`Xth4EIXF z`00yrJ7x3tn$C6sl#U?Fe||TI9%TKI zI#dVZqBGU!Q%VanHeMv&Tg(W7H+EUSZ{3V{RK0rnH*55vDVTP{kS8oBX6X31z!-?L z(oN!wN?KT5%_ZsZY2}@uZXuA2dIGEB3E~6Yp<uTd@- z4dP#S>2cN$X#rbLN?b4yO)5?M2>>1WilTH86ziwT@mMH}1Om&5FHicI@~Y7nrte0+ z^G6=Z6BVZBt|=Wp&a$W~!g02QTgi-r$zYfKtIXRcve>PY#Y_W%=h>hCk>1dZN$T=f zEuG2iUt}&Uy})tC>9yIlF89B**XW^Jp#d*BuOxrCp-bF{Vr1+)IaqW<7JXv<1QPSe zLd8pkuct58^;m-+grPe@`jQHWnPfQ}hKn`Z=z!D^uDPT$yhV$p$Ah`KAP7AK2B03J zcP!t*BSoAo5&Y}h?i;tX!zFdwC_H&L>poG)P$(5y9Jk#WRha1)uU|yLJwQ^VNOIoFavUlx}L> z$fgVf(c|y!7uA9$Fiwjh;=d|l_46~xW)8Qu>E)dw0YO^yKGwH&*!)h9TD3H#J=w1) zLRRSS>YXiR&)3c#HLj_rhc>iP#r7Zm>v(^s2zboN~s7doRVJAjW>Uy&*n3>}~w!Rd)Z<#9V~z_tIi% z^UhW}Y=g}e7wR(Pk35^Nbn1g^kRR{yfU>1yKxW11Kj%YeQOR>zS|eXX^^p!)7%ttd zvS}U!k5JMAVGJaNliatb=y5@EEZW;L&!r2EMXR{_P+(w`41;&!dkK9*o%3bK{Ogtl zwa$45C|SqDQr>0GAfD3!5Dm)J>C3Oen;gIb;=n}x1S;urU}SMkl`aC@x(YzyEYCi_ z@)yR<^W9*@1LcmFH1Aws|88Sh*qZfaYUIQ3)dJ@jQf55xH(>KE+R}s32EaUn4sIYl z=>>9929`$GLI`JmdBA(6Rw&CEZuemmptho`^+|cIKYE(i_`plz493i@Sv@V+ugf=r zUV46Z>`M%kr}Rw54C3|>;QIYLKkr}9dw#Jbeg@4_2DRl`(Uv@2`r?zucNNqz>&em% z9C~`U_j2Y3dl)?F3w=ta_g&$yA&JcCrm?1=J8TTVmz)s-Jl1XZE0F`inGCcC$ofwE z)k-7t&W4j-_3E2pScF%~b$x_!Qu)=d3ecmgZR2|lBw$R7V6xb+0{5V#w%9x#3!aP! znWKEU!z8t(>esE1IliD%3=zK)Qc{W~|H+p4m1`hGDCuUs6xt|iJNoeaamNC=AHD?e zOGNy-U$6c!+2a?gH+?>R0qs;_qBcb>{i{w8xiw9k*ciA(rmgx+g$1LFjz}8J6uy!g z*}z`dznn^@KgK^vv2P8lw(4AgJz!a+xsR!+V5*#{dnaDjARDg~n#_`~Ofes`Zt69! zkNnrEEm^%PY{79qpO6XN6lQ;h&d5@O#Dgn+D|vTosZ-abyTrx-Q&_)1kz-*i;3~g3S|Rp6Jpm+pdd*w&*j)QN$Y}3`^zdH~ zpQ@B;$$&c8K}%pd9k%>@DI2c{e*1_s^m`2uT|^-@`Lxah>s3(rKl3+^8xW4k+*%tr z=AXb>%9XcFop7=0ITH|=dhGk7bGx^xuFYBC8!Cu}GHwAUak;+IM46~}sO|Ms8 z1F@i^v!Zf0d-j4IhWxT}^1dZ7YkGYwC_R37g@xg`q$L>oM!20Q%yw6EYduH-Ovy?K zql9~X|5Y6!>q?clcmL)maPTqQ7DSCF+fC=vq_HT3{G!_B$M63hTqg&nI(xNcZ&Xs; z3&{Q7zHR7MtgM*p*{;XSeOh^9acJPhLElj0{$YQO?DVY=&{zD&;-q-Dq6VR4_B2Z_8LhRnc}y>WzO+xcLX@! z)-PZ$vanW>xiBsF*)T-&Wyt7CKH^~>#CLu1zt`pVD=2WiIC65*eZ$~s1!!dH{$p)D zvqP4dR0P+#)c8R{|Fik$&b(aO3HC)>y6uv%=%MZ+a36E>F5L zWb@4N>!7?Dx3(2Lhbhu2ysHDA}oFqxQNdS1@-9;EVRw$DAqcr1H}tdgXl z%8}1mZs&NoR<^+@Qg05898UW6C`vr>eeTQHi_MZRWLodHw}s0?C9S8y=PggK4t|XF zo8$&x@l4C>N37R)Z~fjoR(M~})EOzFFN^hB+PeX3cK)f(+Y_2cXZbuAKmNaMvvFyk z7LP;q-a$bj3yOMt4f-xVkZDa@D?h@A=^(6+DLW^6$`59hM36tv`vH%vO8AUU&60<} zPbT~xZnJ3f`=7hYC~lScr?lA;n#(+eoBQ@A?zJI+@ZD}{=>%IdeKBdNYJ;_Q@}itE zC~4wuD>T4{wS3;Rv}wrGcZS9uOGf&Hoa2sH*puw$1Yx)5rh;V->z0>k<8v2xa&5~y zUx(w@UG;iXs=l9g&5kuG)i(%!t-M`zM1wIRK0p z;WsU6T!y|g+8Z3uec#sIm-^!4W!!z7sjY0p7uF4=$GzY~>8oOcWyW@lyTVK7$J}aW z6yapCBwuuiF#FhE)4cF(0JtU}XI{F*`(Z0rA1)}%`+NAKC7=BA2n1Op`mv+cp_3uk z?3X93s%mqRSAKi4*f)nwx|QR$Vjh`-P5kd&0<*{T^Hp*aGa0U}`zQ1Shr0+S+<`Kh zR)z0hcF3F{SA;M6oNWS?lHC)IyCN5u%L2jp4vwRj_uqXpOatG5;a;!b+Xd$CUd?-A zz+3{>A(R^91J2!o7h?%Q>|PpF?ny5!i^S7u8(aJFxv)3K*lU5&fd>qd$u;zl2fwc)uKb6)rJdN z^&UOS;6CwbAd6k{+e_x3(Ux}#DS z>5-{wsa7gT|BW!3dGTPTM^qo6r5ZdhG%WvceuX(B^%nj7%U7xCzA7R*O_UaeW%BcA zE7dM}m!IPk2VJ_X7~oX0BVf@bS%idL3vi{l$`jWl?@cI;dc1o7DaMc_K6Ugx6n`{N z(RU@X(U{sCZjuKVIS~NHt&Ha4)(1|?}n>D_u@%G>4ST}$C`&R)!Pa>c0zcZ(gKx0U{@?RyO`yGq!SFq|I zhc?RWhk_!tme?GBbceBjU!}zR3p4A1+)=Sk^HI-^w-_XPJF4m4mdvY8-q$ww+Nqn5t z%t6lVCY;yzqqr`R=WAZoR*|YAvWWyL)zz9^GRuI^?H3 zZ-tA`5#Qn+Q&w#b?2)Bsp|r%q((U(R@Y2q*_Jw_oS0m1`Yc ze*tvtrd}7uuKGMm33@$+eQWW_GBP$^&T|lddAa;ukshOmI79;A!7;^+ZaB=})eqs>sY=h%my=~^}#*GoaU6F!~ z>B4c}IAE928#HKOsKjr>{Kj%G%HwrS4;DR+j2_bn^ni4cT#!;oEU3l*`dEtc`%$?v zaz}n)e-}b%y#$Xcf>#(^Ml^;CSNernUsn=f$Fn29f7sNTjuD4DF>I0aGuf0HvWL1YT^^@cEramgl zjIE$o9#s?}&jGYh!(yXx2rsUdXZE-5KF{fk!l zRpF>!VuasZM<@MN@IXjX6qs?sQg2ox`3b0$dW*afvNwb}0~S00PMr&M(SHg#AhIwQ zK|??CxBC-~&{y>>x&R}Gl()&RVb5~6KHseRLe}&((f;OPIMxMs;*}y!GZ) zfEnP|TtP5j)Ls<{y?4KjyecWD?-S!F^LKO*PE{SGjMUxh z*_Y}09xQhu=%FM6JK@D5lJ>*QGA8d@nFVWBmpye$wND62+xx!4YCJ49Sp0sz86+I> zXq&yeogB41T5vulnExF!)Bb!6x668cTT{dCIxudk-eHI@@gaYajT^j22v?41+JQk9hir|0eq@$vEJZf<-xyvHAMcMG1WT5kYF&WJWE zNtt%AWpHow3LZdKCRL1pT#B-?evbdZVlE`epnuMI+>%?bGl*v#$=WM}PK{V;>HP7U z=lXj_Y0RF&l-OM{@H?Jye$+G5iIJ5*EE6aBkMtc`ZcRVvN7@E`ZRD(tX>^Evj+DO) zAIrKfd0p4^2sE4GTZQH^4sQlrMxZyAS^dKsm`6l8UxeWi&wntc8CcP0vhc<^Rg0`o1YMGy` zguJdt*ut_2=r|<)xO(oyaRq{*$Z0;GznCYtND#tbuRaHI+3(lr#Dbw~NxZh+G3eGQ zl}eZctkjio3pUcu_1qrn?4=g$NK<;XTwnksndO*7LqntA)3Wd9)#3oRb7MLldBERf zHMK;;4*ljj8&L-#;p^*b^F!NYQ9IsWMhOH6YHZ1FCwNYKQ^Iw?$HNY}|0Efueds%a+xxZo0@A*GXZotO<@&My3jYbgZ9xMT-~=L5KC*2ODU_kCip)=6ZZq=p z6AugwoSvP<+^}$DnfS}4W&SAJ=NRdHcMv!`sK#+&4#Q`s#;Kue&&G`*Pkb+4SDa+_ z721dIrpj8CO+tSSo$2K-UJ0?Gp`o3V6V|r$9_~_4l%Dz|!nL9|?(&Zt6~S;gyPCR= zLe6h^^9#s73Aj3zSCnM1>})No9UbiH^#Zl+@wqS)!@XxQ&UUBYcIWSaQ#I5`P!jRb zAOTRaKgUP}|5eZrKlp^ic@-_zb6c@fpoDJzL{THX*6yc(WJrmZ!G zx61Sj3CBKGWofQ85M%4#Pz%l%;$Nn??>>pmo%Maw(AK8Ns%po3|B;fihm1^`x>C~E z>v7%Fe6B;CX*@@e^0Ce)1aDj47t0CZgXCy`KcWXYyVPC4&58&xx40d9-bmsE!`yyP zRjxbw!X$puSmjG$N?2<5;8F-*?y>ev>*g@h<$!EcIWttz7PLt%pZ)ov&h0scdi_9| z^iyEq*?58e`qCXDB)_Eqb=4blWMt%AQH#C!Cu4^Y=KGaniWXsUe+S?|681TW7CLj|@>V{It>Noi>%ogY7X&LEklenT6ps1w-t??;5R9&yhrfk__(0yX~z z_b0x)FGTXCb}u*b^%@gYcb3}!{qfbzSU0J+5>eC$kg1z%jLr_ ztPRT)Y4gpXS{opIY;aaDxC1g&%$i8lS2rBG*RQ;&znZK3+6eDMj@AFtvtf&lP0YBk zjZRD)h>GJAn?$pwyh=#gc2nneVx`8=c}}@%bTY!Y;l0XH*sdY5+g-#)4quW{K&|I> zOUvk7DB27^MM$pa4U>b#(Y}5=|57Qj zsWg9K^_!vDVpBx!0%uL`*>DjG>{Wyj(zC>oC|Kk{(jSEQ*imtVjX9Hz%5ZL;({W|z zye=D9O_%%3R6HRFIb?DKM~!{NfjvB^qwZSiyOFG4i(|J#&n=Z!`wDt7K~7Tp1q7c- zIk>rjDv9(w780TRMm#W(`I%b8fhlk$$-R@&_3z}&y?UVA0tMv{m|=Kt5Ms1KzMaP zJY(_h86`rNV{>CDbza1VIjvCBd;(nCuj22Z7uI}Y7_w^Un;0*-JecSa9aG%0_>#h? z6vvwLH>LWLqS>es|3xTlG8(8{utdNeYxDYQO`Yhd+8DVhVM^ss1bM7 zIkTGehH>x$RF^uL-ZgImVJ`!tqM|g!Ay*J@V6V0g(|D8JS!~16R8{NwoVbx*frY^v zf`^ANq3Xr=!JYdxy3&bdXcS{|DNf9#h=&CWMi$@vJKKJmNb{F}2p;4X=W#X<86m!q zFnv0@`577-8eisBAeY(G*(G6$2=Uz|Hs6|6s2gPZz>XyR=^U=aVzSsY+v>Awj@0|r zr`tHL8%Vm(-d*GA<>il?kG;uzl2S79j{EDAS^nuInt4~sQQ2UR`$O)>=9jGGf?_yk zdcnT?%i|RF`L6MCC{)2)Aw46Qrmj?kLBQ& z6Hm4R`JPb2&ob91eE$wC|2u`^>lyaqv5~V6wnUUsrrR*A8I;LlWp%hIKkL$}zR9x5 z3frL%6yGY?WxX1NcH*<(h1@C`!BZlRRk^B0^Z$EVxsX*e%l^5)u(!9T2Olcx$+V<0 zJ{~Kb+f}d5uM_6vdwqS9^|lqp8rc8oVF1VOw%4T_ZiY94zbrw7 zi@U<9TIY$v&et7xVcmNg1Jl1vQRHZz_cfC4{wBRfS@J$;jaoW#YlG1De0)o+51sgS zE)Ezr1n=Ef(k|?G4&Ar5w#X5hw!8Y49GfH$tB4VpLWy?R904^9i2A-Z}-JT!wor!*z6{2R$FdZ$Tp# zz(=Bzq$_1u+uk;fr|=~FOnNo7$L6kz*yMB^ib7nYif}o3TM}!_s$`Z{1bs^F9Nx9hj^nIDHo)<|=4j#hC zKHC>X$EY^cp&{eu=a;Q}dOKwI7yg*ZDoDaU3m)G@U3W%N>0|W*H4=%V>#L0 zrRU@Et??q+INqTWr+xMr7)}0Y%*kneFRMaAhK1+8zG3Qhz5OYf%ZBQCuC-pr{}n!#R#6BL z`+&|s)V%uy*iiIXW1W!ve6z4fuCY2Xf#FEvjs}#oaaNY&@a6YV!=3dJq|R(iKm`C* zWpDpQj#hg^LdOgG+sdHt%FdwY7isCf!RZ5*y=S=bJaym824j}5BR)h{zRNVn^o7y| z(eTz28txee43Arm_Gu|8VUuQ~>wxAL?jjdZ|F9z?p>+i% zR$VneBnmYR6~FM^pHDiyZYB-)d)`p+o6eONhyX zC~2xfi3~vZineEJEqbdUA|lSsZwvamiM|D7h)sqR!p{YiFEf+{X@$zXr+8Zy`?;?g z@JJbUHB`rGGOtd29yL|cava@{l^q)vuwFeugK^CS>R({$jSK}s3?Fgnnu!&ZG~y&U zxPY-zq0QMm4m2!k>KBgk;R`tTEfnALX+7QZ*ud-tf?CI!{wVK>jYGgotUVlguzwO38VOt_hZU#4}83Oxh3Wo zn$zTfVjQna{I7hMH05y1XhY7g#ZV_)e#AK4%hL&2@3O0)$91#x2fTD%U*Wfmf@ctG zbQN*1Zk1)!-0^sBF#c8OZlE{sAn=LOI|iV6;%QF*3{|X$A}th<6^GqK_nf57Y(Sm` z?Qd84HEIvxE>C9Fm*jnx8^qEHokmoHLcXqmPuib#BA@kF7q#EAkEF69>-#?2uh8^u z0ilS??zGYxJ4!tI$>^+pqe%qp{l9PgoHh{$qixLE$f$^ji1ZTvo-1XmX0WBHX;6n> zZ#779+pm}yOBCu^BAQrYEGo?*?0xOE;z{AE+DK7f&-V>XIgPt*x|gH5M(y-Xlby>V zJXY&aMc;D#*E5|8j|2VRdmfABcuyz+G;Ej`n|)DK{RVV1d9AP^WD21}9Qzf!OhJ#B z9Pt62=ef5yJAy-xXe~k)TqAyZp!?(82X%|#BU0O6ojJ^~6KC9;Nsk%<{^+8(xG2z! z;28PIZ?x;L>U^FB;FhG_<_W?kHEyhb}J+2_I>Skt*-9K7e`8`}tsI)r( z`2yCLK(PjFFYUJy=m^8Fii}l`vwGu96-ZIyk;PIuImV~JZh?r|?2f&Bf7x!)3m&YR z$MwFNZP6^}b{q&-PLnLZ;B`1T@E383^SGR-Wm-Z6=zg*?oCcaL!Q{gSp4K0(l$LZ~B5o|O?!oQ+$;w5p>e z`?aFF2F?mLoXE?*wH+pMsE(BdA`mJRF)jjG!Gi_A*2~1u&&qG&j*YO&aq@laz5F&y z=K_dVKTBC`?LN!w|9XOP6#95eu}S4(<$WMB*C zEYl7vGFamW(fK}4*W-P%-~rY~z@cBNjEyzJ=9qyW4Hyt&33%-ZU{Qz}#eG{nr&^6_ z98pnS(Hm6t*4NP;x_-Q?cPl^E<&7|?1`<6{yLrF&x!r|zxqb4z zv#ZR)*492BMQpN8_`l6W8!5#Nh3RPeegFR5=%w>>H3%JzJL`pb!%^o4P$j?T zg3mSO82V^tvC{K+QJr{PEty9aH=K^A6hAOQ-iCY+z4%RYz-iqJR3kl)!}!YMWfAun zx_HLUX#{Z~;NslYIifAkv_$e&@equoii~36`k$l?_ifPH+aeboS3mK|lO@pWRHZW#$&=2R#2dw}$NI{{-w3 zVo;=ZA)TgQ-Dee?EE6cU-{gTLg8?KGqY0UAWG5{4O(syd?uSugR<^u~#0E!~JCMDT zw^oBwg>Mi(*dFOV3wE<^N@PX^%+h}1l}0kxx-_?ay%bVRiy7dDTCoi@AB52Z;ja6t zN!xKSK`W%U2dIzLhZ3w;KrAf%EPM~>u60)@lw62QPush=^d3~S7@$Rp(cDsylPe7? z`^^I51~9m0N9INB1jV_Z=kEhF=QSPVB335TB}gzTN4{`>0Z!t5b=3^s2~^C zTta!*Q;pqDRw?<0DzX`FXJ==wZWC1|?GB#v+X`J>$oKET>migwrvNAxMh9CfcJnl_ zIMN`I$XG%DE}cOL@>@(egy(3n)<4epEbM&-$+7u#b&xeJxE;sj^mal+Q?s*c`SkbJ zfwqG)%coDcfqi4O@2MqtwH$?sd22rN%cHWkTMTjPpf=I&;2X;@#;O9{CNo=9ZSAfP z)e8zbg41~Sg;Tg`AKjrz+#yhbCfXkIQx(6oi?L3ZCc(K@yV2)*N27=5EVTl~(e=7V z)M+Yt-(}=*3hDIpuEvUtJy}VeHmT~Ym-QfzrvKcUBP0%_5%b3vAN6-w2^!PlzaLA# zDyTvcr09M?ETmA+5;BEqtPH3bfZj1u0#I^OHtU2<*}k8}h)e_=1XvAXc7BIH$|v^_NH5E#8pg8kcp7H1!D zL{YZwk8c4)!yW8wZy#*@&VTgYYkxM$QL8I>C68}Lxb9q02rsIp7!v>~F3H7H7!g1P zrF!*HpKO{~lDi{+oIEGZ)zj-Jrkgh#Sx(;`25S5=#g1xaM7KbdBIg$(&w~YdoGelQiW8fFuNh)sy2SLD zs7b>j4abkLg2Z8eUVPevNKwU%?y6`W3FE&nz9TTfW*hvVoJ3I{t9Yu=muI>@TC$CJ z`fGG4^&xHZ`at(|M?tVLo>g4Z1blVf>nmT^lb6J6XrSy23j3%=9yJ&XTGAfG-xPyV zz)H8Ztspi`2mmwbHIeTi<~ToG9Ys|L=+cOL^Sc<3sxdsFV4e^o^73jgp$wox-`Gx} zeJeL@_8Gs}2hZ&9sCli$_y{@c=Uh{K`8{a*c#LPIZoinJBV0{u%|}a%M}+=P^Vdan zMnQqKMG4`rf`TD6Lq)}Lc+}bGVHq!PF9Ty^3hkgMJkGb6ysLfrNVRe zFPLHmp$ki)zLe-s#GZXxJK$P&DivY@=Ciezc2({_P z@^XFEy=aY2uE`0q?f1%0%|?r#%UG&%;r6+;!ak7o?lLl@g~YI}ismz5{7{w{MwEU0ilNDN}{@Df-ngY2?YKCEB@uLUP$(D$2#1zjFCP zlT%`Mc@=(Ir#xF&CIiTzz`{y?#9{y-0~>@Y@Bw9QQ>c=U zm)VxuHaChx`{xN(?g@yg9Ejg5D!|Fi$Tx~n(jrvUh$^)Jh-f%Mfx4rbp;ZaN6qV@f z|G$^%dOLgS$6}hX1Jz-{4*%Cu2G7{i(9D#H3P3Pp4crzG7H|-b)j1Jy2J3&EtAMhu zXaD-jj-uD2x=-WPgp=)7=)Ig;F?SMv2_3So z^;l!}=Q8RatZF4wYMLFQu^@H=*o*J-85iyLFEwQ{Ip4`bKlYqoUPiVk zeuW`;pnt;XiVg#~fL$7GN$&FwK=9)@xANQh3vDXRi}7;8>x#>b;VUJDkoed_&WsiV zL`-x6fh$vKLZn8AD;^}gj|g3TGFZ77xP0KlqeGUi@H=hmANxB(=XuDf2McSRA+j%Y4G6!EvqJ-1WLr@v<`EQ+GPpG zh^;NG$12YXYbae{fkK?|-YQfB*wPDwy~rV275n~ih2M$g7@u3G2KWU8i` zGUPwVp%{RFs2CnIujW_`DM=XAbA-48M&4|u?!1f#{c~b`RKSUA*+cSfgW7cpp=)Ss z_!sD4nvUofVJCoEM-?lpZ<0AFYRmS$s>u9@DjUv0`}*3_Wn{vY!CHksf2Nb26ouEk zM0F>kad;`@Q>Pn{kp3A~~9G_i1)z9e}y}wZGf}4Wz5G zFK+-yyStgx>wC#8f;uu}xdiUG&FY7>@LSpuuUq?=NIOVB>*K?!aLdJt2;bAv&_<(E zFPJ!p3M$I9#N-v9Nq04NNrcRg|I(%Dz&MbM8rSu= zB|m#(IC9_NTo_dx8(3NP4Rp|hHr=X- z=vaG8J3E$)JT}NYQ^6TJ;V_Y}hP%e5$yi@oyw?6RA~Wy&#NhBqPw*rwwj9=f_X3)% zk3lh=#_Ts!fBl*AKJ62xj=$QS{j@9uOd#3uOMp~mxL2LvK+EE$@FD`$85S0HYx=ih z!~HUl$NU*mh3R&kr`|&o)7>7E3GX+9YD9H87eeBR(0WWnE-uK7M>J7kYYXgckQttA zx@@Bz)5I0U!N3T=!SRU%T3MlW^4_*chpWuYmBlpd69@7`>S1?q$C=O)eUIJHR#x;4 z%@#1}Bf1SVb&4T+7yVV6 zqO5ZQXwXfzg6Xxdkq4F%Oac=Nh5>5QjiQU{zuNX55CuDLq)k0EgJk^fV&KZP=PlL)Pf18lqcd7n^Zvhb9pgI7p1_eT-Ajll5&l}ZO{AXa> zqXxXl(j#%gda~iyQqOfs(5g=wlF-?xA=sEdf%z{#-X}pIV76sxEy_Aleq&>- zsW9<2s)acgG}WLVe}p-W8Gn>(Q_A@Kjnl4@^AW~SM+@h^^ex89N@CyFU||a|2=;)zXkE|l3#Sua z_)TirKJUq|*{(0yZd+lET&{YA{W6`T% zyvcDc!8s>kTiWSUA^JG;$AUH4_?r;kM%43vm5jVzMw^m9>GUrYc=9TX5qlV0`y)pol*GaEDO zSk94`I&oYZ8_%(AvcFJk#1TDT1=>^yPhL!47`;_C^8W0rOQsY#jC9X=CJ0P_Ea&Ta zJvlW`AUji8M)_mEy)&)%bz!9sw5+iU&dB$RAp zLSYOm>b^oSoEyaId%5oAbTA>wG>{aRX2l}KJ<#9(!|@JMW!w53EN!b)5=^i#-^l&RAA51pB zSLMNat5Opz$I~O?f&T{TF+0;S-&-r4z64JXvA+Cu&oK&q<`$yBnlwB6EkE^YZhM)2O_H3M5M#4{eADm+?HT^xWmJ$h|FtA^Z% zTng+x?JF29FHw_rmBQs?&#y9sJ{0yc3LEDPK!e5Nfdjp7LBZ#H(-n+@V^h3eWiU=1 z8Xb*p^WQOf563gt)ZRxWR-ahBMIW4#lamVu%O535vfNF1BP$oUmb;jQYJTNu5?BgYcj z#tOe5(H%JE8#O9Fy{$NbPn4cA1K>A?v&@&hd^Ojp z*3*pnb%K`rj(@^&@4bxUAi2f&H-(vW-mQllFitWkPb4uunHtg%$IrRB$4?i`0Mw%L zRskJ>&vHhEP;?2ne3m%O{qXYI8~iBlkusDr%x+e^xjY_!xsf3J$?@AkIa&x8+We-= zn}Da_b^J%HCk=(3-hBrQr3vlp9C0h=__k8!bX^M<(DZoBw8b-C0c3lH>^q1Yw* z!%-5Vb7wGKFn6)LdVAVhFKXv(Z@!2^${oDjUfOepSs>c%JcQF=yTOHCBb%E$ONG!a zH9FH_f5+7*O6*|v%(M$Qe?m~vBa`air>VaOvk^xs5qjPaIWg_+*3&Jotf>hJWMss? z5na#9mkz_2P@ypBc(Sp4XK5r7y8<_`X%UL()Re^E!2xkMEuzO6xg_bS^(}t=oIuaB zfy93ae`E@|91e@>N6oAYf1Tk2+9b&wjEcqvgotn5=8UX) zT_Y_HqTk$vN12-=Skh~*^+2_`ITn&0mY$D(mfCT1UzGK_vu)5(;{AGa+1rgm0-5W8 zlH=T|%*MbBKTOv-BMCH`JbMUoV|ZpJs>eidGr!LFz4wh9&hL=y>VpDn z8*d|HBTI?83rsiNz96&-;`v9Jol9hv7e5Iv@;Am&-_!S1r4*Dkh(q)-%^%`8=Ha7f zX=Z>PcIV)!uQFwyG_U7k&Dc%i%#qbY@!uNM} zLp7IM$K>yZ$LyyBU20a95@sX6OsrYE5!7XXG5abxfqx$TR`l+1*JLmlVHib;r#8wo zu)Ph=O5I!v&v|9)@@N(n`SH;tqUt=m7)i5n zzVgn!Mkfcw7v@`Hipd`YLHE|o`WJ&k*3O?Uw|fUWleHt7t+|S#r!zU z@WYc@3Wj3%=L(4goZcG8khJqVdin+ZcqF#x0%-@ywj8=ohmEm*ovZ0dW#`;CMiS_U zC7%}`Ztuy^=d{xwny0$dH(^Bmexras*594}O7<R7#UFODNUV0isSJh@S3U94ejbDEk3@mJp{(r z_@f0JNu$qk`zF+=j^e)ye0qpKN^QOq4+_|EhNSBhwlL|w9Fhj>qfB&`C$oNUL zTEsLCL}O^-BG2q}>de9wBCVWgrKFe{c1|asBP;Jq-QuDSgT%1OI(0PkLc3Ubq12+I zm(VS{n|el{-~hQZW9NHZNlR=5u=H>CC#0LCd!gU;DL8!x0?46lc?)U&Pg-g?qwRaEzT`gCGYpr5ZiZXu9_`tw+^v$Z*;n9;8`y?c%AlxKi zZeuue*^eec`V;&J_1U6nfG+=Z)cYe7-u$tP9EF*C;9)7Z@Uu<|@*1A=528oE zOb=Otxu`M>N9}!4YR(P&$B>%_u`6-Q4!)2J$=jG?8Cpp@qO+LmB|>aLJvdrneJNpm zNoR&sfzfQlwmiq0?8?$EI+1;Uxw>M;&GnUq_7Gt#uff4sc#jW!A0Dfgi$aN<#H|F@R&Y_D^4mix{1}7rB0ef|EA!_OG{jObH=8iX;~y92nq(@%}2EFzD{V0AEwhT}`#a z-G=e%k1`I%r7gqphz{vgny(~TRyA$&56&E{iQh55Hjz(kY^8fNoZfu;=b8B;k4K~5 zuRLr7cPi4t`>q0RQClVnD~tp(W>ulMZp&{!|7nJ+l?7m2SLA@_t}06-|30iKN0L8k zQJdfY^}MSHgmPibcFZwhr>+X9Z93lfXezC>=Y3S3X%|!UdS7OnCxbH>7tg#jb~|pL zzsVTw?f(Xns-lBd7g)=^gZwQN*NVo_FW_-ja17eD-j31Ljy8K#^F}=ScKdl}TMqBm zK$OCZy{T#(Zdkn*=*F=Y$b09)e`Si0HQPi>EsSAgEDp6d!!(H!i|}0c2K-twqpuN%csk-khM=en^UsobfDg2M_3|C!;F?LR0%5 zm8JQb$te_^6q0osWs6SodzirYRvr915aYQ2qojA-QX?u`z|ur(T6K^eXJqEuVWehD zv?reDAIMSF6aj=qE#~2&W$=iym#D}a+1AlgQH^81?TiiLS?$%~VIU(rlK4goE)sP2 z*8Af(->nKN#{WnAt11@pUtl-g-6=i>b6}B+B|rg_rNGQ<&4F?(6d9|eRG zX)2#Ggu-5cT($0e95RP>D=GZQzVGXtoi#Dq`!*E4i6me`-D)XNL+XOOi7Mf-=o9|$s zTT=a0qV}GvZqEd+*0&3h$>c@{JA2ux8g6!nj0m4r1cD1VVb@Q~On#XW^l_53q%&ace zqit2kbWtHh?k3C5fd}Za%IbQZtFxGhs$tog-W1x+Vf*m4>*FgcZsLt?*hotSo1%RY zE3TbKH2Yji903xZ?nzC=@ms>GNC;}oU%rg?j!NW&wip&?ILo4LF@B9d#f6ktY0h)fB%h&@EI$LNxoa@rb?u&m3Xi}GH4!VVrh}vakIUvl`^WJSw+8vbKZcKzwr@9e9KJlMQmU0z6)h{NA2cg%zbdt3CG1IaDs5dayoV@ zyWaLw_T&mJaEraI%ct!#K6|!%#bv*iH3qk;BTEeC%)VTnupm9&^J#h6L6^vjQp|S; z3|VwvjUd+T>PR=# zAgcD?2QJxHPMG{5BXZkrxJ$E8B%H|;jgOskFlkL$xfO=)XN6lb*4()C+Rlr_vgu;y z$k}9%%rA(zoy(&(js6s!cft`)q@aKseJ>PLx?MzX7X-@^K6%X%$)>gz?|S|0tq)Bk z)?Anoa-=`$&eMO5GEyQT-CYN`*)|SR`j>;Q!oP6Qpf=T|!%KEX>X-j{h|1j{x;r-b z-gy;T%0m*x+s;FcK?~V!6e#u)#%4gsu`$2BW(^$W0ZoQr&G}9-;h9vVS?lqI&bq!G z;y_lM0I7!9*Zz)|u7TVRYx?REF?+1u7s?K0&SQOurMMh-;Zu~NjD>5O4%GIa(9s|-07>nk#GdNdh}Ucf-~>7bNp;6%)FnNm)st1 zHb7>%4FACY^m8jVr1?>dO1co?WO8tAe3cc(c7SA|DR0`Y<4-ssE~GEpKZ z9^HyMTMjpncek;L$pUc3yPt$VAyrVaH(jmg_MJTrRTy^sP~312jwA{J3qBycf1mBZ zxHcE2ywMg*<$>%`mNRxRaWLv>EHE*N{IF&MjQ8|7j@3aRb<)16fQXJp?T)&MNqh!Y zq37R#(QHBNCF+{LHAeuQ1Lx+Z$q_!o(;{O|VjKURPW>oi+sduvWY2|un?qUmF0e?f z8=&3Mll(s29F6(;b2W+1vK=ek=|QnxKOz;9{IS9oiA9W`Z!ny_fMVuB9bUJ-iOje zHqQfX0`QkCNGo~how)Q5YZtzMwlJ=8E+Pa1>A?~ao8RalZYQm=WEeJ1=Gq>&yot^G zVn7FP<38szHlj~^M;P=yjY1~I8-YhQK}ackymgg=rl8neV?G!|rMJd8uIvv@vX3ae zdZ4k$pd&vS7MkG6jloiA$u0a9JG4*5=xBJ>-FXfIJg7upAtFUe+HPG>KqT6hB_Ub(zTf*Cb)I;4f7{Vgsy{K54YWGko@dIm$jHetNWJeV zSF}&7++HZFfVn(3-%CEx8!z_pry3HQO#lYy;he0K5bF!|Uf;{ zjsaHLxgImEX0t7|yf4~GOFJ4ZEvXZ3Q>diTJj(eqf0F}!-6cHjIw?a3X4UyHsk zm@0LavB3Fq{A^;mAniZviL&`i<)>cH{%SwJ>IR`l)E4$rol}_Xs~b#|bjgc-$SoAZ zGUA8t&r59AClX4Gh=1n9Qq!(q1*z-xwZ9NERE?@BDSdUvFriP4FIpT4co2_E2_tU4 zUd!&wz<5`3$=CEj@99@*b*Z{)SQ9(8Ou4MIbkZs|i8z=SHo}=^+@*)vDyFFAUmjdU z_*iRAGiDUfg|b4s0K$F2 z+RKDE%WVCTdZ6Cm93Cz>Rj~9Z*JwaXLSA4Y`RK=K) z6af!b=9o6FBHAOs{osF!(@ zqhUKvow?~ThFoKlTY9lM>poey?i%s%ax>xRKD6Sy>&(TQ)GnoNL6Yv??)JPb-PY5j zDwr)@fI=>`zg5KM5S4SsVeQ8(sGEHA3~>)VzBA8xuxJGa$TkCmGD9CM7A;7}+OoVw z9>foG6H2O{z{})SS)~Aza19{eZ?&#OGq!IOoZv?6E>=79CNgQ8qGgE}KHUhubj}aF zbG_W71XMIKhANWTjTg3BcC{bp$=PjjX#W3}3FDhj0d&ajlmGXPcyr!L$;lLvyyItO5f^s$%0>R^Z8MLZK&`gE|Dv2;t66!a& zH7d0K<2nAXD?aAer8PQIN`~YBGzaOD#!rZPC6>?^{~U77tjMbGH6&%WvIEdxzXHej zO0TG|qC`YPASZo(0`c7+IO{}6;`--{W&iRYK_;$r@o+r!_{E{+nZ(>-tH6faut1=O zot5Q_@C@vyuUAHb4&1v?UV6wL|7#KN=$#!#;N_Y1Ey~aP^lLSIF(*fSze9}>8BdhC zz%Q|Ri6Y`TmAk_|)taoK<4ko-d+uUuil!NmlYk9Bsrs>yH!+V~JX+r9>R<80hn%si zj+u$mSyhRExT-UmQtO0K+uaScVx1vN0`K5}O=JlXHf5&785QyZ*shbKt^^TdT6m>tZp|Szn+wo-{5#yJaH_fyWc9Mx~ zs30Hy`**zD#>zCa9X|7ZW$yk#&Yt12r?+SQc0k#DwVdNPljq&>w{Kidw}p6OiLCi3 zoSeY}NBMHT-B!JHPx&X?B%-c{x`TjN`>+|TK~(?>c6dqp&Tt5O)g-QTO?$d9rSV}3phLIIf!V^mLNTO zOT{rYCMs}LzjE{Y*Zc>q%5er-*q_?miSMtD7-tNDY%;mYzWNPNg#ekS_=orW(r+V` z4NT>@#aq}wmmwbEFEv#xfl+z*rNgz7FnO}^ItICXKLE!82^WHh&3IOvmWrysv)-R6 zd`N9`g|2w?k&cYlU6P24o(1T&a~B$fd^3yMOpL@)a%H|6lOG+sA+y-_tRH3h^fJM} zYvIY63ro(ME>k9MY!xuB^;Bm`8>K`Zir4y2@=f}B+hvxGu|TDXsOo1|RV%a!Jq-h|i&)6>y=_nj6`qpd zZO@F{xr9mex{LCJwl}rSsh0CWiB}zMmcG7%46GV4vv2hq%5a4qWbc{5(Jd-aGufjBl(ziW_W81zcz1=4S?Cu;Ivn)qh-%7a`4mj61`7IP$+8bV)DT0Xz5*9ys?xd zObD3d^OrA$I)SWT_pMdcG=*}QcvE z_XB;eOq3k?mXiwKZGNrZ)Obm65vgFC)pF#Pmh<*a1?Yn;sHgK-%)ur-=W$g-$Vx36 z5z#puUKKzpe$cTIT>V$B;{DJ4N@Jj-g3~`JR%h7qdmvYEURyJ{YXl$~5ZII~X=$e> z@F>Rml{rWsD6=&A7*r690icm=AOHKmER|Dp40D75J13bP1ux&ig*Va^z5<3N$i5CugnDSc`)$ zGo5CZCck#WJfR*cq)H-?-i3dxk;M2Gzlau8A;wV@)?9XbS9Bty(Gz$cu!;Bq5i9Q2 zj-5-h5rwc^S~ZB|a6PDJGYu=Hp+_TTDv{ww|LYZ6{-KzDE*WTm5b|XS-rpQVsFwI* zL+$o70+J;SHsht5F`Z}M0}4_(kVS!+4<#kK*`#7R6>l0IE#7M1IKSSFy6XRrt+R}( zvisJ)#6~2g8>G8Y0cq(*T1ur`xmVc~gik1kmVYQ9W{B0aT;CC1 zw>srxmDkk~$swKG0Vf;vG)r6h=Q4>z!`tILfC31#lVED!eE;SiS;Y9E)>i+mX={{ z_p>p@)1`yCAE7QSyW<6FFCChEwm4$n!#%JSji7l9KN)ZzPZy z!e2mc)jJ;mqpDtl$PO<0ww4Crr;&U@=adQPda6k`6mp{W{<13BK4U^Azx?EV&czVn z$LK@amgd9TZn1_O3*dkM7$CDgURkl{I0X^qpMRazV|_Be3TOKxl%a8P{vKK4B0BsS^lsY7t~l6hGr?M$(zT$s2i!516;P9n(H zYeBNK_?+Ct)Oy$LY!d|I(lhbtGLT~Zfn}iR`1m=IC(l!Ml(~r?T?=y+Hzn#9|9tAm zyU^xby3F!PM_pHn-g{J_;Y=gaUD)S@_eO2gyt9Gm#ahd16u;#MsIu(+3 z_?i8!0dn-XtvG%pH}Dj%-5E0~0~0S%L>n(E*!3O%+wXDlkDKtw$ni1)K9-ICigSWX zp~kS^`KQiIAJ*4Ft+0I<-*XG}F#%hKUqiZNVrUujf9a0nKT+_ngc#Z1o#{AGRk{3eS}Ed%2nY(U z_+RITdZ0a4QRWcnUmk9~u%_R9tor72MgP!Hcbe#ZZ@8v4&P)!sV6{E#K_Mw0E(_$4 zNJe`sqX_@hJ2qC0-{UG0RsYy}MvN^x2SJ`P!`i^=bx*6cr+a<2(w>$_d|6D4qs`P= zGET2zNEDikp|V`*Y%er@USZ+{C=* zq8zw2Csf+wIroP0yPUh*S2^^jx6VF4 zcyy9D$E1*Twz~%&2wyqMqk+<@NA`;Hx1FQqfVcN<*Ze$s=G(U(%PLU<%vDOogg|w` zWCv8)Cl9H*0%Anem%QqmpBsTEG_r2_cJz(c_Eo+DYBtQc#mkjwn(*rGzH59lQ}}3YU#i~$gOF8n&i9GgBu?T5Fj%H>swXF<++h=f1uhkcI`beI52D~ej7Xe zy;4zwB;y<59SIArJz6iz=-nTu8p1Gw1Xc0t62CX6pLNU`6v36C8>lZr=lgStBc5NP zSMwMzitPeGA=X+TREeac^4ZkS&g>J2>g7kIoJZvF7FG7tR>naE%WeCUR;R&}0yv^Z zvpjhD1q9$qxz!4A&=HJHlpkaHZQuEJYMWR<^WWHS!vhc=f>YR3=>)0r z6&tk$MDKcji=IM zuH9t?(4nLFf0lApb`A576M)D+*E(}iSFa{WKB>E$35%z>h(MfX`Vgf${(v4kMaTuE zqhl`o@#a&ji$$F?c=ZJAkfr(&_1HZ+wra+v{*#m8+L^^xCx$>WiVhx#jkq{9o*zRp zY3;#EZDF;gqOKtA2nzZb)-8ah`r~w};9l0}sW~I#A+L7bg1BLwoZM~C?kg_tNCvW8 zsv?y(qd8y~mXPTDvyUzMb|Giy0@#shk{a`F@f<+q6B6OFdWXR(x|=xWHU!MVPp)Kc zuTHdDkw|?LS+MA(z7k#Je&uE~eKo!dwrU1G|Jg#b7Xk}Ydybaadsc+g;KP{xDi zE1J8P&f%YQHWhNv64giLgSrFT^SND&fqR^N=WDaO4+!9IhB`KA8~n{bhe9Rkt&w`; zc^yA#O8%)~&fa~1-@Vu|EgrcooCPIga64jiA)TF5(p`SE@3Y^tzT+_&1fLP2^+zf4 zq-D%h3cB+?TK8=X64)z?Kn@77;M)Nm*sk)=rH)|^891BlXg6!3G=(+@--qgL+K6KY z)q?#V7aiEp<3@$^g3dXr;&kQ$Tal_*cGfiC6|vT#SiW@rw*h-XGqaC~zXrcrsHQSG z?6<4iI;=Hdxu2E>Ztw)172eGedKsB8mItLv{h+JM&z5*;K)zKvX*@1bcC z+iCF(jp;vL_#W|z=v;)=-=BJLu9Yp$m+x*JQ~-E~PVEL6PJ6k{rj^aTv0IpbD`W~N z&>tQz_j|Qa==t`jEOQc$)S2$N0&-80YCBTR{oR%*4!LwT%Q#aBFw}lJN8|-754>7? z(%Esvb@;}b?F34)Rs51I$8Fs-=c&Hji%fO?&2q0SoNu_ZWkO@m6H9cWMn}2aJ?jU( zYMl3Z%|{5lmQ)eHe^0JUaO%M;E$umv7^D>zF6l=`Hh3Ze(Idz~*J*TH5O&|}F|Tm# zdF6aCr@MrHaeevr>>CM+ddEI{Sax6ws&}LN4m?P2yn5;U+o;9W06FBDO@^>2>v1EW z;NI*pQI9uR&(OmTDYyk9Tkf{)3C?5O#}+|0@{w5?)Av~9xaYjRibMuZ%rok?8JzgI%12hq)o>FjUjk!60p)d%0BzHC0rde)!BENM~FP0e<_F5 zc5socf4ftZ(JNwwo*3*H4ecE+eQ(MrXoP~<^w7WyyZsM0p48e!k{T_SL#Iv>^f1u^ zc!EesNcs8s+dE%f-}I&>SOTlg7;Q*c>u+OhQB*xLGVjyx*dOB#2OAA_@u3BJf3BGg z?zaUCUiR7ih_uvc^CV$ddZDG^0YlBC)U%hR9ds zAS}bmcUmpghk~_@w?bEhp789{?iU>{2BNS{&pLWEiv8|3KO^fu7IXDeprTT|xa1iQ zBDh1!j){Ltxo3OhpTY8Ca~EHpSat-4t)E3l(AbM_4jKp*(OC3*sviU9#KKrl(IXK@ zj;73@6pWiQ-%{omg&@+-t4j8DqHfHMUV8K>b&F4s2}H z2UA&Z7C~z%>_gmjzA`RCZwMAu2~|(Dn2+!!-H=@lcqwdcO{)q$jC!Dy4I|uyO z#Bkmk&)|6z@Q?$gEyrXct89Fxc+SyMOH0dWh0k^KSd|>@=GMzH%0-jnUy6lovf^_9 zwA9_4m`>C&0o_;8?#^VgJxcjn?ab^YD!I?|^ox}5nTz-)$MA4@-1335GXWRit%QY8 zc|QPb!G=Rx2biRjEwR~SnnZ7QEAE^z?0QK*TjxD6LHolIDiY$H-deR< zNV6)&exo17dYMttv;$FB&1x^>{ThMxyodggDo^`qk~4WDG*YuK`><`<{_O@f(c8Nl z1pa16S+?Rm!e5x;$=E7ur>PzFB#CM^;}33AEV5G)mz696M*2|tbH6Dc+c27I&}~o& z7&i}@7A7Yo6p}9rEt<{(!vOk50ry}wtX)(FSst~1<(n8V4vX+NzLl-0J^gBx}=x|3z zWG{dWTzy66Bb<5&Zw6gbvEgQa+m*)6`%ns(8qOaihOeAgoJX?ptyz1haj6dyeuuN& z05e0i6o>hp0EF|l?*7T$%^nrbljW?Bt_inaB@s;EUa~qW-9Xl6ng)2v16~`;+ z4I5wuaKxY6hnlfvLEUs<0wS&9#2j5x5>-I_(q~xI z^`J2BgRlB8PFIU*l*J}j+=Ca}(%)}W28IS+8Bjs1H(-e6wY9heiKUQ5u|NBd8#E%W zv^5sP@in1x+6e2%F(U1>*uqa*(RUe-5`wSPll`s@=-L-%%gVO5(5|2 zN&)QXaN~4)RFAnFz;Z^HoxF6YHmQ!yM&LfraCp2MkkV?tN9uDFz ziWJ)y;U@kkHVzA2xR`;zlyD&WoWkUfl>AMI0OZNpdV@)ie%^^5!EA)0pmG3+87gjc zcCvFCW_4i#W>y?Bx$A9YawyY^ROZ$g_L}_SAB)i3`8TMni)6*p8@`sGTOr~m92=xZ z6FpRAFs>v{m(cq?rUy_*qVT!ki2u4;OE|wB z470$vzeD_GBofqquAH%DZqDVhNdPy^&2w}QJdHw+IuZ4mnv$6AgDD2Kjomp^@}0~b zyDdtuU-og|Z7Iz72y|rNhKc|x+0f2@R666dcR4jLk1HiCr&6ttSN+3En@QJ&>Zpu! zwJY5#G|5u53Wr0QdVW<85j1xuv?xhA0u)(A{mtSVRjx;n$WQa0;s*E{;vdoZJN^%|lQs$!l89Cjz`m9BLuKSOnNJrK|;L zeL$v9C@?4NGn}uI9K@Y1z0yCnPVBaPTfeo$49DgCCKrl||V3P%2 zn+peIX7?IjeUkxkn}FMKubet?lNQDx-vFj6yLw4?E5>V=+a5cY1A1j`G=_aJ_EXE%ZD?^tO48$b-}PTb|lzF|?+!2+2(S zla)!1%~UHe;jaVjZv`NA-W2N_MHpLKM>rTuhjo`wedg%91vJIhw)>Lz<69?Z*9Oqk)YO9Nmz|wmJ+?|0oJY;F#HwIP@=|%t%5M6}7poF)nd}E= z_H9NqxQ?N+`222^^R@TXxLk#EnwptgdB`)k;AAwqgT@P9H z)fjQgQ<^a)!DTVv(Y% zIvUD=9`ixZeBrLhadlJzQ>IF`zO@~GL9?oQxTmP|u(}kq(n1HKi3>}9FGj%JTj%y% zwlQN6Lhn^=-ypd^ZvI|TqU_k-L z%*+`~d~tUQoI-&rgsmZI!i{0=u4v(9TRZ+CW=eg#rlR3*28$%7gE>VEp9JuvrjYko ztG&N72t)~eQi9`#&0OgztCTUFJ8e{PqIY=5q!u8pJv?a=etv$89dS51w6j@SE{5Q! zU1rb+5Y-9uPmobiR&uw}dVw`!tjzwPdB26y`6aS%jrBa~-QCCd7pRa4HPyvTS{WP) z_0|JQZtjXT;cb<$Fu5bcULD)=8t#@|kK9Mt=knLE{-MiE>yRK~$o z6h%hbv~{nRjx_*gYEq^FUvX345tA!%OWW?v4{B|WnJ0-1UNIrC^S8bmK#YbeW-#yG z=2$qsr_TCAHQN=>gKmILTCbxm7?vNacZrKtKqJ+G98%1^zKQ@t5f(^gaJ$ry9+ zBRws`pHJgLHMO>&>!QGI4c-!(yVf)vCgyQq<3F!0^A>P1TN8Q>xN47PInAw<9cYnv zrMnMi4>-76_zo~}-dx`-lz>0&l$3hu<=sxrm zq~X3;EXCxn9;pm_5Cgmk9)d1JErU=KJL9^}PCpP(K!BGEjV>$W6xjAdk^F9{f6Q0j z5eYr>B3xKp+<5(Q$1onT9hU9yXqyCv&=ko35NB# z(eMQ*4?``4P@b-_ID%59rK?rDnIAh?qqz6pS$xfJ;{~4O^yCuxd z&U!#goN42yk)NKa=`|9jo@f(!czQD37Ce{2EvnNNj*Y}4CFF?H002}GO7E3BN5*%A zl5!6lC1s2FWu}mSlw3Xf3qvz`^_iK@6kytwo85LFj<17`F+-7;THFq3(6Hl1!>T9? zEwW1QM5dIO3+E2{5;Su66ef-`$ev3{;2YS3G>{~AV+7vlcUj*?1Wy9Uogz^o5$dD- z5W>DN7Nl94g64}+QnT=FcdK|vb>A06kHV7ACjLkDxX|c&jjk0-G&Vc+W#!r;8MU%K zGxIQ!s8o|;tB>?%;Z`VD7L!Ne$l}v(wYZv(b>3c=g0Wq)7r)LsU;t`QjxAYSu}Y?@ zS4Nm>Gm4Ba`RYK=QZi~zJ=*o-Nns|>Hm_p3sZT;i`JUq}Y?^38dm#3fxuK_~{W?r@ zxJ5m44tMUVv@a)u1@($0x%*`q)rw)OsHjkLn0k= zMEKfM^T4Hs25U*Nv!9A19QFjV9-8bqw^sV|Bhr=*#ad=33^DT>L8;P4gTml_vxs26 zqod=>+AovGd}Y~WIQL5q=b<}LqV%3Q0tHNI8W54Ye(CaJFsQ^-G9K}>lqn!!6LG4& zc{zqagufu^&-nTCXNwuJ7Xj9$hKY!|!)epej&seH>JAFo?RWpt^Y~57M}B>GhYdh( z7YFUs4sG0mlunw%g>c~l7{8d7mTDf~E+$FJNQH&7^qRc6_a)}bp!#9I5a2|_(K(fS zv5cu|n$MB?A{@C9j-3pXUv^r&QZg+?c>}wZn$s#OczJ8r7Ce`;{1x;xShNYbBnR>n zg5(DZ628d}#5+f;b&7RZStU%$50v!Ki|YN9(mQ7D^brxwp4{sET*C`jIAt_uL( zUTn}1{8*j-=lMD{VZEozGpA)!3sg0gXL~2-kQ(26-zq(l0RX zh{0;Y5wy&*-*^Ifcx#ZjoDzyHIy_2O`@ms^#c$_PA?-xus(R^`$mUQ5WQ^^y2hTO#a6v zFnX^C%kAg8aV<5AhhQ;JKNs9OopP$~+o&tLl9$*TNL6A$I3#^#jiI*!0qwS!jiyp)Q=FB+HH ztWuJ*xMI3!&G$Ps)ME|s?d2544ZCpeYRA9QRb4JT!{tcAQ3Xxn6vdUFRF!HTly-CJ z6!_$2WJ(&049~P8MYexQ4j_J%A)bl~y$9Wh9%pzvB0%uJ+YwCdncr@1NW-@>#tb6J zW>5d^MOZAcJ&w8okR7PUB3}OR%7Nc`wo@M#zy~$x06R8|basxuSCnTs zVQ43JxOjLySG_d6jAY_+tNc`c3LI+Kq9Hd=DB-34r294`yGYJmCn<#&v=3Z?QX!7` zt@kW!N>-UeXj@F2Z`>os&HxS`j#X0|HAyHD%qTn~D)gK-y1xkl)WOWA%Eir{Vr>mq zJ1hEoqJw^JY&>|hql+pxy5ic5^2kybB^xQ31x@F> z+Fho*B^pXguFd?Ha(wc}FF~SZ3~#n_FPg*V_~!mtZr&w3%&n-Ah9y&$p*Rce)Q=zL z{*~c3y^ge6M*;JX6@9eNZG;B={7K~Xu_j#Og7l;qwmYx)#Y?WC(^FI*)12+LL-T+C zi7hF@OG^lwMD%aM|D%G?vnk%O0+i4AXsu?iofk9Ki~I^R#wHn^|FkF7{ zIQSj-AG^91mDtKG@mHR{y&-nE24uSRk+wS=C^9PK*%)dCSQh$dZEf9QImiJeTkJED zFsJZ6z|vwXpra4@zDE%0t-RRc4BTCAO#7uiv~ii(coRHc>EO z(iNld^Z92O@r?^uAWa`G6Kv+5XJhMzX7pv??=QnW`09DbS8E0 zug_GMCdUenNOT)yU)8eHFsma+tDkX)!#Nm))3mqHSe)GVL7k-i$R0&;wcS`G*g&c1c_Quhw0`d*R#Wgc{$SOBWLMuR z4^TqRF;im*=hMcZkVq?9Cm>t zlBVj|{n)!qo4y&>-_Rm_H3R*Gbdm((tQZa)tBWrqEFGn3uCJ0uZyocF;6O|GwE7Yb ziffWtj(}J4tLKXCfOPX1jHrK;Jk^gZf35c)6~EB^ku|Z9O{9CwOPQ#?6Wy5b-G|uU zo2j~jF+RsIk)b{Cx}2)xy6x!eJ{~(BKaQ_6^pk4lkds&L6}`spTw0<8T`8Qwld&UU zTc-ZE=toY1_Qfb9Mu4JU?MPbl^0c?jQCavGAPNuAs{VCpO{{PHVv}ytPTua96)+cK z`V6?pZ)p%}Gsrg;)_d9YxGiRc>+R>*#;}{*jxd@}epK^wP5evGW57T?X810I#CkA z#UN~86rbD5UCqMzybWZA5rmJ>psRZ} zQP>Gi6+&CxiR*}?6U%>Mjx+|0_Y0G7&%M;Hg98?rFYbU9$x&{{Vo?C55&PkG8!W|f zw(-1t0WE9<7#~qGyeFl!1X2T1C%o!ZsppVl=>)UX%ChWNJf;c}(ewt|tgjkA*6try zAiy;#4LRlJ2PYlC^pHDee5(cAv0mYgAt)?=9t zfX~G4F^^c18KGR16uY}bPh8p92!(eSo*Q`wFd#f7;?uzQjG_Ha89<=W)>F@&{l?Um ze#tnG0nZJS^h3IzPGpFgGN+rwOD!$JQp2Wbr!7vVI&oACjCMFE53@Ki+h}=d&1K*; zgY2F2ELa=ewY;pt#tI*qWEFM%+e(n^1hbSw%9H$rNevJC9^iCa(HYXT!4zRjERY%T zWZxtQS)WFl#l_J#F>ft1Fp&GbXZu_U@@9BfDU2)&S&Nx`=hfh zs-mOA-{`#i0kBOCG$eo?)a*+8ivY+CqB?f>{08WE$Hr^6jsF%oy-BZ=HeYqSvuAON zYtZn+w}rqGpHrnD#o+fj7g&A3&a0h|S(x@5Ff|n;K=Y*NgRPt{mWcvv*^}#TI$LUK-yqsW5bA! zj?NO|fP{>OiuPu}c?)Bh9xC56+O^E}6ih3{=C96(7ke?!t6f4uT5?g7a;}vgLHg9$ zTrC2m=}<=t#>BZvP!+~Q(U8E6?3laCj+}6Pt(z1UJ8j8lPQ_@=cUTUGpuKZ`Pi4+( zDw?#^nxT}lA1U{}^RrXMjQ2Av^DcEMRf~6?S|tn^z-g6Uz#(>>(n>$>wctgM07!lK z9XGj|Z#Jic`6SyIhCfP&o zR3H38NAl)wh8ADw3j@=~U<`q1kszen?(399v#QY35?1kE&DU%@dt{(=@R0aw5z>(3 zEUJjn9VpyvQp_d4=4m#8`Kwvu=BfYEgd6M_!}2#x>E=~53ZwDL^p=8>VMccd7|iv94Q z7si;!ZI&Zuo@9Lw?CC!3raLsaG`($MnS9^p2uXDNSV2=lnzMl^aq`>f7Fn_+RgLlu zrOU{A`#?`+CXKKW&(W5}HWMjz8?XBE$L#63g znuTOo!xE(Q#VRO|f zKv8FL%L`jCRg3dK5<0Y;T?0*irAHK^g3-=G*>N@Vve(i!5&C_^qhjCqI*+@fDQC`9 zS?QYRDa;MGpGXVkzj;SmaSav6EVq$Yhb!p=j1FiJ^_W*$-(-n3R(@Y54`q6KksP4H zJevArTBc($UeIIhR|G|chnB+7wpQ6_=oIbihOj3$@gp^TMlp3A^{&57DV0)0>?7_l z*m-a=!$R2M?1Sjj~g0I~OB|-~gH1AaBc5~W{Uo4=BMwM-(D zSbCtSysRCQe8&iO=03^v@JoGjwAN<^=xBB?45sf})0n22MCCD=Udr4Y%Cbgk zmO2RXsc32#QqjoxF?|R)9g)fz&=P5E^(oe0-gc6NqF9ifjCq_Zic&c&MtL@o5wh%! z8gGa#(r1k|TN-#OcIz2bNMAM+y6pe(F}w3@E&&$W%y3kNm<0A%|3Y%inM`RSZKT;; zM)AtVup%@-PiR}Z(B@D}Trw=#_~+#k5{f7@v4lxTxWDJt;#(xnY13b3w42In(fg1B zKe@!limCOLABrqk(Z5lV1)s(bs$q+15I#8D8V)R_6jy^nu$qm7m&%aVwV=0`4V4en z@%|RInlY^C_)&<5Yzcl$GoPd<@?$?*X0nXQ&&5Uf`1(wa^jx?`}XIdGkku`w<^Kb`qt8Sq*W{YX9; zsW~e~kU1oe?v3`ZU-|cLiihz5@jtrC*(tZIA=6+jDNr0&o@RcgnayUCpRa?ced5(L zV-CfAwRE@sY-w5j+UL!jTidWjbko9rE%JMl* z-LVyIdrkV-wJ~RUN{dTHJu@;|2*e1WdDB~JZ7vZe| zCJf@(6`%Gwgvv}Fw|nI3FVtj_B(Gh3sPgVkGi?eL7A9TZ*SLOS$LoRPFKU9ozki5U z2A9b8y6gctEeV%9S95cVX+(uLnf>p+`j%r;1%v3AJH%8W#ik+@?SCb1^#6o5hZPDc z#U6QY%`{2>`C_it>Ea~6C!%T@OmmX{4mu<$daaVkf0K1BJN#`q|MjoG$mw#;X@$7e zBl}gv&j(D2V`q~#nC8XBv!1`>eJ{X*S+~X`+3qbNP((NCS?wEiRG$o6w@lc}NW$Qz z5fBDnZ=I-!T&C!g*dsjnpl;d~9PtdT#qCv1|L9}ZdArZ7Y9B_g(C;zWC$`t=GjHY6 zp{%e5b;5bhUgPm2R(@yJhSxEWmSM6N0X=ujoO6uncNAKsAFPefr`lGfv|I|%UU2ph zd3+kc>6% zDa-oGce>d3ss!oijlUI*TxvS|RH<%-M0{UJ)fQ1wJa3f#VV3oPm&f-OAp%B!M8aOg z(XPY&19D5dHJO|3g*TxBM;U5usXcvaZEaoO2(|r#q>kr&+n8cJG`gG7wvp0Uulpig z(qBKj2(QO;KRuiq7p7E{DrjmZ1ga@J1ipB5>@@|A%#)nGI8yC zszDvM>kj>m1GC|;t?*_>PYg)M{d*={0}&B+>EO~(?Yia8pmffNb{{lf4(z!R?d*xe z&L7F!XFDV~@Ab5*e;X{P^zFR}l!AmF{X+6w1j?CAr9)aDhYlv0^NA%^Mc1ZBxZ z%=3HW4YFH5Ha4~Ytfpr=TJ{WGY_haoJl99=PlS}5cPy#KK9K0EsbqR{cO4jOTGXjd zdS!!obtNQn%ZM=spa_<;YHQzvc`ImeHl;SNUZ=EZ<0jl1-B~~P33fA5RuyR@V)a=_ zLc7HN%**0r{LrxrYY@fwH7Ef1DTsoU>ahChcgMe1HT(_Pis?-uAt~yKWYcA|)FOtp z#1m&~Dm{jMub~XpXNPv|cHa~3{~iotb=E5VqIm6yU6adSR=9VA?iY%)9~_E1Vcb{u z2+h_%;0%_tt)JRNk4I`8gwA3NVwTiZS0(-9VTrx}ztZ5pmkvfv3qR4DDh??T#tJS? zEV25zjV^>sLk13Rm13@Q?LijVQQFt7H?~+HyidASN`OS3cwvFSjn5(A;};UPq3;=`D7POeSUU4rShbo;PnHM2MzZK_%x4|g;jM_WSv95jiupTmolsr-**;o2=9#gdNix}R2bdpm#kXY#@4A= z_;u%)t%f>c>iDvuk&Sd)9Td=9g$`zl z9i#uozp1AwY#BUrLH@%i{`a{P3>f6o3Ou9ql%J01sfhnKHcsB$(vBej*K&7xlEiqf z(HQW4bo7$C=EfBl?1z|$-vdJ+j+ig-U_}a2#U|)x##S*iw-1h?ohB3}r_%=4I1*e- zh+d2mtBvL|D151O>h_&+entrXTH#`fUtuq`dOv65jZd@|2sl^*qGx*5 zj;HbLc)b8}R`D93&UynS*w)?|S6KI9HAor^4GnQw{nDA4ogJY6Rtf{?wb!*Mw$DX^ z$p&y73meHvFCPhd@qNtoxI1{P1XjlWLjj5-cGJLQt-C@RZm3}<&fO)u|V}GXUVHL zjc1x)C`*$SAry>)hRzGyfZ3D-8g5ewwSnB~yrA?3X>O{Urom+Zc-%1G+e7M~#$!U| zA_8VFH$nU1&t8#))+Sr)R^`5lQ z>B1l}k0bft^^9Nrz!uHJ1HXr{v9Z)tYNxO(L$EkPi79DmvFl|`$H~d@=I-WTWzQ~; z6R*>^##WV@FvL?EgV7d4bO+_CqxlAFd&A{;xK@lP%vjSOcZ|cRAs9}~0HoLvuc)zg z#t2hqs*UDg4a>P)I zJ~yI|hCD-QPtLlt1xvs>@29MR&(*1`Pe}+L`Its( z3Kt2E*JNgcO*fkHU_=BX1YbXX{ExCgwnXBOev;k~RGjzJTa)=-EkA(-oK8RhqTp*t zjhMxR@Pw6BVM$%b%#1jP-ERYd;w+N`OQT4VcrQdlX@-Ib>HHHq(s5oSMOwW6mp zlX2a*3!TJ8Sdf^Cw|S|~3;h{(|He}w2p@BJtxr8-J)GLOa@0i--lDdd;{QivPFxJZ zS4c~ZX9c_JLCY~}1|tPirKhAG15giXX;~lY!ft!Xo$O5CqUb3&&FFrKxD1aTe;JeA zH*q}k+G;C`fC5{P!`XYAe=&R_bX~eHCYlyL{zzeM*Et1kEQ(X|5)%b4<=<_wL4nWX z0RxoSn4!n7JVh;Y6sdjcdu7LNWv;gCTl0SI*;nayX+Ww?PTC?sN2d`96SZ2PgA3WqVcELVX<8`Vm-~Q#WT&7D~$B?wcPQveFgszEAK_ygqND@(T`T&HNi1p`mcfxsRf*0&Of19B}7m zHtXeY2{{-UBKq5qDVA+cQTM+bK!D((cJsV$OX&Vbo}wlEifvCE&BV+Nvui5|I>v4J#`<+O7a{dOfAHdMzx!@&F2S%l%yw>WWqyyFY_P z+!o$e2iBDDO8HEFG@o9#I3Z||^zr_+IM!GE)Q0V-IKFaRZD_Q#<@)`N$&_{q_%TRL z=fC3FLw$eUJU8lTS^tf5tN+!)7i_2@J8`JHuOLf=wzB*aIw=3!?@d$b=op*!C9wO% zW&s%dy(LM9nbkp~89C3K^?Zv|cl<%rul;w{k3_Y}kn88OTH|ZRYd?Tg^BWuNEQCQ} zQ_jN2GbJXT0Pue^Vw0chLu>E)S9?F4iBdfLuk)O>4*m3*J(`L_rdQ|GV&698%VNtL z>o50v(HoIA-$Vv-3rLKIHZD&Sd0AZC5gd&-@g*X11vQs8t(y z(Rithj0Ezrw6wIgXPce}V^MM7QajRQSGS$;)fx#^S;ZIMxQW~m5~f{ha;W7m$x}h0 z%TdX74%(|@VqeD{HKGG>1!GZpN7ozEi(UiL|}K`1ONtS8J_+OUS#gcU^q zxbn9v6!``9@HxrmGrcdFXh?nb`75K}>A0FwI z)wZ5=st%|sfqWZGVtZq3iNZ*R?#>cpog<_IK>e}qD`xhV&a`@CclqmLeSy(~t9k?c zndJGZo9<%{+1bV>A)(w;@RXUe7m`sJQlg(FynMDS+qriC&#C~1;>>VX^v6mxLs%`e z-~eYF@TR9N2Z4R};P&=j5S7{uRl}DAxr`&1YX7Ra+?m#Pue{ zjz!lkU|T6OY+yj#hl*;J$H#WArmH>-Z9F;rty5Eab_Mm+g zwnjL6~}%G_HR>EIy#v|Kzo*fsOGz# zAJMU}mva{o!1s8&aMv+;$tLHAH2vSt`52OuZ}#(vAUz(i*uVc{hC3XTOT#0euIJw# z8ZgeBu{_?Xh&Xd}>sLHt!VmW)ZROFnSN1-nMWrP4 z)ra=goKzBwyc{uC3`1=6QNB)(MuKMtYOq7ODGNLSVq?v|=~>c|^Yb3ys;9X)<#2a% zrv>Axr?U96>ZP&ERFUmx5r>YC;JH}-*)AelRiHifb6(Bbq}Mwvoj#s+RrQ*@MJy|J z>vVeG@^bU@fdrGR5`xTkCWEy6l?ov_00z%j^Zt7AFDt964!@r(9RKiG-#?H2`kCPX zBns=f#h$zCd#rX!nDhb|6e8rpUgv~U?|5R;C4PN+6q+vbaJGZmk-a1*aap=lnpRIS zs?w>dhh39EwW-PbMP`+Zy3SXJehuA4u*1zw^e*VzH#UcsB%!xL`uZtAL{7`~j$Pp11dHizhUV&kH5llm03 zih>EQ7bm4QTs2t-Jk|ksy}`-%V8;41PmNQc&x#Zxcw2F;@(T#EIS_)Eo<2TpX)zge zCl~P~XVoslJ2nt>f$!M}Zb?nG02@;(vfF2`M4qOHYLZ}KVQu^LQ4k9`GwClbeDc|Q zhD+&=SP|G45#*n>5hO!n`MbEXXR^O@2r)fvKB%p01P1=sA8mCh#-`%_=b~%|pA&;T zNBUQ{ms%o{%H)-hkVebw?D@%8VuBC^#tkE(p92VvBAj>Bw2HSfBuXI z>Jo`?YX>cQz^|hh8jb)2-P!6$4`Wfq)L&3}0oXWR7&4er?I)ZHUX3@NZ7--!WK@ixEcO@#=CDncko|fNTM$!8jpgrSLZvb3ar~n&u*oLqT}y;f3vaZ5B=TmvQJ(f>!sOR>OYOl74sBngzfrbyzmlxv zkyrYYMq|Gm`&ob>F`VNh`&8R-a++k>7)!3kScC>rpLY`LFF@3hPW;daY%pVacXK{? zU|$?ezPdQBq=en1ngdbYh&RzlA84Qjn434Lhc@zCgDMOp#Fo3|*N ze#COoVw7_u)os{IioKSm_Y)2o>*9SMqp^*@S*bZHn>gkbP-eW86G-@W+|#zYeKug} z-C}gzN24VIR+pgw_%5+xHTcaUEqTS{&iq|v(AqW)kn&EqgckombERfHV&HYcvEt+7#=lE=lXmtO!?{jnC; zul@bQ&MFn^ayet*Jc|5+vdAeG+>uF-3A6{UZNtg;NE{S?P*Pov|UEXtnZtl)z1qERz$h%iQqdQHJLu6LZyU|urV*rgO{3_qM>hUuf0D9;fe1icvuslx^ z@P<}Et*#H@e-WNl?bHCc%tcT7g8s}uGRczu|K&YZW$F6V`Ic1Ns=)v{fuAImF=)1K z5L!nDM=!se-H0|8PXB~i8cW=VEQNVu8m?Qnc~>bowJBT6R35iV*3?6<8c^RQb!5hY zdwXKIIKF5WNDXKu{x6ec2PBwd*3DdB?zsVkTs+={1NbimcP5Bf#UAC)32dZ3AY7Ns zsOkpwTabNmZDzF7aGXd*fJM_BNbPVU*c^a(Of*%LbeS=5A3J{(3lJrqA2PA618d!# zfcyt54;nY;@&5@n-M&Jr+H5U3fW47|@6gIeKnaxSoO8!xH%;$)w191~yF2mp1%pE* zgmU8oFD5OOc8;;7taL8sX*R^`1J=lON?OWRT13ZIDY9E$w4mleo`nlponmgDX%!$8 z;gxs4<~K)w4R9TD2)^Q%qm|<)#@mHyr1}aXTc1t3VU{_UXU<6jh}F=*Nh-%*-eN zK8H8n&dtV_lEa+}C^6n`jhm$HH;ddA3+&JSiu)(_Y^u2Ok4690^CZZPj!1as!fWMD zIny%Z$Ofx92~)!XT)%Q!r&RhR%`UFs=v%rIt;LSoENhTqn7pjirviSoe^055P}ME4 z*<>7hpsh}eH<>{Q%Z~sX;%itx9bJM{l{(pOZ+pDZuA}%`g*O=b2hACHL49s<#gh0a zl{dLw>geBzfGj3qqx&EmQ(-e#vDUfi2zp25>~Sy+1>k5J7hwPcEu+1^e;jIBG%eIu z5pq8W%IOa2ZjgZ4mXfAA_|+iA6F34v8?IwyyI7d}>GcRmxT(2uP~c;~_^Q-TJEnsi z1^VS<)6ydBmmr;&8n(cUd6kq+82pY9%!hSy7@M3N`id0>M9Sh70$!dUO}bNe_%GKC zH~{@bth*?ZjJfgWyN+N_Ajy*I4T#it= zz-~^c+*nUS5qCPGN-uD$iIJ7NfTmNv|$1}p*7^Mf5Ee#&cYcmX>%t2 z7X`F$21WF*nGM#T}E0rtmVsS!;H5-o@c_xnQS7=5f2N8r)hdO|ND$hsy|-%(#Gxa zm4rq+LilCh4wl!N8BiM@nO40_3@I#3wn@$E5R+N{f-dNB625$FXLdXvTr}GjbA2h~ z5_uTob_R zK*!62N__y})7jmxLn#fD5-0suuCegx2g#X*-`At8G`kVK%Kpt4{8w$d!lw7NY8U(; z&zTwllD5joK;Owdihk(7Q}biN?02A}($-0gNuY{_v-v_Tp%$BWOt)xAXx=d?`sYgE*oKKZ#UvGue{X}w;>k4=<;dJQ!k>y<>=A{n!duw`Q)v@U!AOrP) zzd1wd9w@}$fiwg!^)y4cn_L{!Pu4OCNR)ZqfvWF?yi^VV)*z=F@1J&1Ko$PIr6tV{ zXZQG+8OzjdUu3P(S)m@q%WFmwAVKK$orp}EuW|DU(|G&uDoz6(ynk=-)pFF8&~nvk zoS2kpQI?ha27kWO2i%}l5PWs9j-2Z3AP}bVcE4n|P%M(w8d^an{KHjmwL)vwDx?ax z)U8V9|99DeLIW^Ao1eC7+0rW|tO4g#owH!G;FO?#G~Y15=bM!}WKZgzSx>9gCv&iK z!HkSvL5P!6Q^Qe|PBfYue;XPqW^hZ4kO?^>0mAhnf2XFT(}2EO_J^s08H3NA3%zik zo87ttx`I{L`d>>ux#XL7Ch$=bvkA5?<*9M?cBr3leOdKJ=2-+=NDU3{mFf@S4SmoR z-!@7DADH{XaHHm?pPnJzn;6S&GyQSQy0@oyNI7Q>;4O;H zB|J-kU$1BfGN!c&=&%2;|86bVeE4EtWu4(-&2m0IT+{VqVOTb46Ua4&HCMVc;C`U{ zt&9&2syKOgd_hy%Z+4TatSQ2J>yX*2y`|3vTD~H@M*Y#xZsdTKFJ{36dEnc&XgJH+LCqCo0Qf-=7;GM)L5CFeSLF@;;HX}M z)8@AILasOidSg@5pyr8_t83?L;Q^u&!z{ZQ+>3DDo=5!W=y{uE5Mbf|07EU-V#2`D z)QwY2s@F!$wuRNtc6YAaR9B7?%xCPZl#m~v!DbNzX`>BjCV#TdUO(8{A+S(4GLc0y z6@V2OU+j@3SbO`eMo?mE6astG_jZ#AUU%pnU{>J5EwAWrsIBSM2W-(PQ&4is*CRzl zMs_!S!82D77)wk%zq^Vn&#eQ*G7o}9>1W%#nDCKt{el2);ny$u|Dtzgl&L;WwXmS^)?~nNq@9)wyK@J6McdOCW$VH6Xmv+o{f0Q zxY=%GewRA0ZH`rM4=5}wtR0aVs;UoLtw!ZN`P9Bu=h&nx2^03)=cJqsUfG+Rv#&kl0_VW3-I1= zdY5%smZcQFU37o4Tp^|4)_w^{?{!77&acnK=U7RuP622z`5DxwPoJcMtSW^VO*C=>clxqJ4fN5Ze^dFa4N>%eE@Op%p+R|*x+YTOWS*~wP;bPu{NA*WK zh*cPMBaG0@Y$v?)q4~0bcu~0oBU`mTtsdell{!xbAZ1N}$#`{^6=>2w?^zZMD8d7O zl^|?(3TjUVpz_dPgD=}sU5@;4Wm%u+8Y5Tx6+bw5at_%dVW1f`277-Sh+H2}A^1Js zNQ$trnSE{zx>r@hskzm`6+9<=a#&= zQ?L5`FO2I!z7q*R~3YWfHXDW>w1z79zcs{ji9R{k?oVnN?`07%v( z_W{qq3l-@2u+II}#Caup1Zo9fo~NUyv$26-nGJA|=eD_lm6`Rbn-{@AmjgJvx<~*< zSPd*>(sJ6?O?j3zvz+}06Gj^by~$Pc zsN0uAIcuoJF+1~IKkN#-4qhE{9ctBymz@7N=yFN$e3=Vl6C z)j@+jCB8y`VLP9J*M<(a-8xg!c0^cYH^9hdrf~G9SHT2!{!r=zvf3$8^eeptZ{+FY zQ6CF&SuZ}9*Y55j`;WwOy@;htCl{CZ{j8tatp+ge`5bO0>ibS6KAi&^2)0y54Sx+OPmbeOeX3JgdBPE(imFqU-5q2-Ww$ zY96nHGC&ZaPyrRO=$7x%IIojEzj$9kJGlky0}&CC^X+umODyc!vL*7zoPTF;18h{3 z$;H!8fJfxN?(Bv$uT^Pus*C-1{LJO{4x)msfi^MF6IdmM3h?V}09t#mYaAzdTNe#3 zKJTp!!<6x$t{GB^FYwi(;|lLomL!(2bL{3c%)wSd48|s4xD$7>jtu7i#Le0)sb6qS zXa8o7F*h1~4zPgl3;n+$ZXprR7-{$wfFWYO#F>XN80L63X`K30qF2IP*d z*gn@|y%My%@B%4i!4Iq~LLLVcJT0xJd^4c-u$n1Ag|heCI1BSV@4AF z7JtdrfBTLFq5ua5QcD|BgaIHKOr{c8VQT=o)Y29(hAChbAy4{O<#VXfLa!z0DQU9i zeyVX|5hUpkQmeX?hvv-)>#Z0@bmB4$};w7oL(u z`X5s1Dh@7GTl5zfu#PUt)>Ot#m%x^r!7E0gH)ER~j6I7`nE)&wPQrU;pIU6pY5aeI zmV|Q=Ov~KAe*4xnIf+?cU%#2;)qFWpSN=~Wb_HLlXXp<~ed2CaHMgXiicsx!jr5hb z`%r6n@}Yq4&WfXPf#T3c4f`DKIgi#NFr|}B!WTDmrxzd>l5Nshe8tv|4@tPX&{p*2 zN8|@6#8@}JONe4pwf4HRwD{uw%3-gm^-Xkbp8B!q$wys;`x7->z{LLJJ8r|ICfGNA zyD;Si+h=&1bynBD1n)p=?dVm!`;HujT0CyIy_2e0U0r|cPpN@bENvDJ0K(!T#zS^O zB&gg0xh0Cl!ruAo+m1>|UZun3tiXv*Ci@4QjRI`*)2cM`D!0Li&z8}JlbgMvI#EGK zW6}4Byzkgcul|q~B+Evu`dCEDtL#SmDzgaqnd(@l%48gjs5TwPVgZn*wLwNuEWllC`OLcU-q0JWsjXsnV9@iZ9775yZqZ00~3ZEzG~f zn2Vx$JzCkVwfW75x6uAsNXLHi2k#1pzLm+Via%AW^d75t2qQ-blKM(%!0DHf@T
      F_Md)Kq3(|7*I+4hK-YUTrrTHEQF-=Xm7EdOOh$&V9qPbmum za^oWsQn4~W8bQ?j1Rw*Y9srDHl4}Hp;fr-rrbad+r=`IjBv=@TrMj4N{}XU}bMQO? z&b^ZbbROB-9K9jU_6wzUNx(uteO!Ig|MMSbd50f7I~6Dsyd5ie+Jgt|`*%iWEV?Tv z-X?1Ne2T(wemC!mUggN@cej?4IH zQBh7#PU2wY40fY)BUo5?N;+EHK}WXtu5(>-YptI}-><~t`9{rS#>G6$fpRm_dY?m) z^3KG!Zw)&y#*Hj2qSoL$az1N@)VW@CW3$LIh! z%9P`NzZ3u%3hFJcYnzS!c=~C66v-rs25hm-6l(nLbBU_=V2hSc%DY1}$ZizUzm3!w_b@AYkP-(z!O z#%6Z`O%!JZ?3JXH^3M(K9hk3IU}XO5|6Sy16a9s^b{iBbDA)ej`@Is93GQYTPV4sM zTslkjwJ?2WZwPO@EBRh}zlyC*u~tg9pFC5OI&dhy;;=RN)E+)F-l;{nZ#}wsdV7VL zCYK(UUh|~=M2iU+{I^-&7c?DeU=!>q`Z6tlo@Y1jxpbPU^>;mslucfPN zOqsRVfDi#B(0_;|4`?Kmr%bZAY&zx!CQyMgQy8fW^TU@MNc1A~`Tz>dfQvjMf26~P zj}9kgBO4}`h=58maGG`rUV6yg6!x z6t!q~ct12LeR7E75irqt?~RM~xAu-E-<(3piy22Un;I5qzm}P~lAOELz6Th~mskGa zocJD3PEX;kDr>q#`o6+WI5<)1B-N^R^odzz^24@?0RkEtVA&Tst^bV{-!MEjAv)aS z7(#0cB_AEK#ctvynr6ua%p!Flkh>k_D?*lxgG;!+Zi7y}EnNRzR={Xc&cKY7k%c|WnK4c7 znUE0a8_vxg=x>os?9bHe$I*AnZM zD@_AB_c+-~xXFtS|8&%oJ|L`p)2ZCj)`>C;Om*Gf_HrKXDpEvc)t`j_bt!kOh1wLwX7IKm{%8^)E2XqsM#u-sw!(B`>4 zFy85r1~||qg4vQ#bljI>8ps1b5ux9$t02DNR)r2Y<)!681^|si@!tmW6{V;x8Hayg zVj;VJKzNuzykx>)Q*WAuUByitC=3_>eVZ{} z4Df<*zk={(gVdak-D_$T6J;!aa8Lo0H%6x~c;`nL3r1dL83}BAY;Q6$)%~4X=t)d= zEWePTCD^)eAqd~9G7TrdXr~xim1fodcdQxfqs27 zBc_EIK69Q6CXdG!O5eI8RQ~)KRy*)9mwfm+?30Z9j5dZM*NXTA2xQkKBi$H~1cFt_ zWe<)#Aoi?Lz4|d8)2L#%e(=9jXGYJ0Y&9zY4(S%hLv?}ve^=~~@I~PbQ?@AdA_Jdg z5Jtu4pLGA-^Tjs?wr+qgfnRFyPFp4L_FZcwu<$_jsJ6})xv!FUe-w0AtR(U0-MorK z55bVPI;J?@y-M8M)g){Y#}_GkbD8$cQ_Tie5#>ALYu{_p{Rg)&*z4xa=lxj3_zz(J zTAa7Qo?6)@X!VM#4=Hb(91tQpgaT%dMmBgVKdkqn08anh*#6=Pb-NCX5JTl2qnQh< zGJf1|8g#h{?%cQfA3A|i#f5Mip^&jJ&<)&Q4{V1T1AM9d&v!kqUWo|O5}-L{7Q8b_ z4Gn37FWW~V2CE;u`$B10?Erx*BZ7Sb+YE+5Zy#fsgZ!bHz9 zh=eX{b`5worP|&Nva;BoC@Vk*wen%fm;Pk|0q|?8N4JWt#!Dvk%Q1~zf|7_U# z(`=j$$`VZbZ}`==ZmfC3R5pMFO`}fCjwS5E^AB)1{k3wuj9ULSRr!HVg9Ho#w^IB? zljkR~S=x@BfGrXs01nojqRo+&9>X%n`lAH%mEdMDLwJI&lfWQKlfO`ScNo-NePPE8 zY+j~Ub>nl{=_>F1X{Qsq09|;3M|PB?%2)NnpyB_g31uCzpeP0 z8Vg;JHswdPG!yWj7w}?cmz^#laJOQ&yjL+A81r(;@m|o@-pJZOo&=CR`k(Fq(Z+v1 zToVgGSRx%gkZUT>2NaK243)BCybNz8H#>;l5?TM(!d`dvFxMS|8%}S#MeJ9k(-;v( z*4&81NTYgs2e?%S^QfJz7x=N#e|!UdH<@hzc-&5mZir_)a%_N(es>*I2M1yNw_SgJ z0Ogv(L{ughLl+=M`d8WZ5enEG7dpf*A$Ho8H9C1?^jw8Rjr3E0y>c&bS`Nj20uEve z%F?e8Mdu|O3VR*mYD=f2b&sr~MO6w@;Z@~Yy*%L|MvI0d3&~QrU0`ifQv*;Fgv{B7q5+VB*DN+{3;5_4D$G7fFT@Cyd!lE+lGCO!Tb&mCFt+FQ1To(i~|ge z_e$g#@>ueT)Zj5LuwBi(dBXm#{F1 zxs5*Hn&DRazC{K6ZXpNey2tuDg<`TW>bUE3MC!PcU8O-}T$9w%l!C6lF|njX$x_Y}@!+iFN?Xed4C9M79G zj}X2xtY02QA|L`;Kc2$KN#S@#2?_)ah&ci;#wKVc&s9U}z==Ib&;RK$^UcQP2x*SKh(n?g$330>_!lG+FRe*B#-vr9`! zIYgIBlos_R;LR!lWt0b#>JGp->k z{LsfwVs5UQ!^Tz{hFT$_m(9y%f7D~wJp+=fs|EJ+w4HJ!_a0~ zta2|Oz*l%CL)SWhL%|_U2}eE@>ydKQRd>q(4_1Az5xsqW!Y4r@txr4F6s$W-9Wlo zEpOntaUt*7Dx;GU447e7W8<4s^8mEpX3z`N?p##|(ndNkel)+BTDDQXm6;hb6CjA` zM?%-Pp(U{qLi?=2Ib_9frLRvTt#^W*+?;z=K3fj=#F{FXCaEqk`Iw^vX6y1}T&%CF zcUVDL)q%5uW_?vQi=z57AN8{zXDv8)C*6c~v?#WQ-oudujky^0sr{qjf>@;#`*Azy zj}k-L=~`pN6504JsFF8n z^pwoU1#vh%_E2q#6j;%W-mLvT4wO>n1XSC9CB{j*wVCdmS-qSW1fY7b$ct*{17EG&{by=T!77RzW9lwdZ6x8JZmOfjcMntXHy9!~)HH*n zrhxerb+T&*06&3u@j@53TQ=YPwNXG_Bm*>$={25)#oer+}TzpFG!cGrXV~TK@b+4<7aP}-gfauXlzybdgqEwj571tfT}S(3x$1#$isM7%Uk% ziIJ(9xpQYg)u@;v@%G+G{EuSmlOh6BgYGKuV~(GgX3kCp3~6yej(k37&(I6`09$;_ z??%3|keV&oL57+Sx`L!-PiPH3ZJ|prvgNp|9T`Y1?tT$ zKX}h8UBCxTq{U4&1W;qB)9?ZFI8We2bR3Fbyfq~7#Sm;qD}wC(P`h&U`-=$jx-7E)P_9b%4C zFY#-9XJs!o%#n|0)yJrE8YSAQD|?ilR4#K4bsM^`5rQ8D_dl_M(ro{_ypt@lqY^C_ z$I~&A$(y$%zjm*)9+d#f~nQHA4YXhzgvuYT>v zE;mD3kZjq~qE_)iZ&-BeFF*H}OSz(`MS%SL5>atoI_CsBkY7IKg7wG*X=G_nRpUu?l#plr^fb!Qj-CU zv(P>U|K%?R0Mp_5{i%b2Lj~4J$`=BI#&i~!76;tfY`6!=OhZ zz@vI>mK}ne#)NKUC$nl=cu?$U$Mk3Fm+SYeA!b^wzad8fi z)jZo=iVn8|nLIvSd>J8e%W&D+*bM?=i)Tp%nStF#bds)?Out}zkq)b6XMoe;Bg}Ez z&mT*7Qy*8}lLAI*`Ni37F4{F6)#}(0D&|LM_@-qCLVYWWuO{|Auc9FoWE{0Kn20kj zCa6L?(-ZpsS&}@L=$vdv+tCx3|C+<8)JV5%WH<4X%(8$4$#X{m%tV{aMLFz#j=tm< z-M0MJ=C09iVhos=m;wA8I^7xQl!hs{h` z4w}i+on*)i?$K3R(VMk)d!nb8e#};OJ8DsgiNNV{6Vu*q<=D6|fb%>K)mZZni7T`N zlNisPwgF)wVSgnrjnHm=m)3`zLsESgWIcckz`uHc#FCtW;ltSA!QWp@hql4qH_Y&4 zq2y?jMB<-ZI8O(`mRCP5Y|aM`l7COw)Y&+`0rWuCf{{{r>~rC<@$ZB&@H|ifH4+)q z9bqge%7PO0im#Y#s2V;>7+`7eeoVR~kYhYVssAJuvv=K6I*=c-2_83Ht<6wY_y-TVWn^IMjA-+OlpmMTYDsp7q*Lb{`= z@SFt}!%sf14lws=V`0bIvx8R=NEpniSNnn;XE#nm8-9K)ZCVTh{cS96gbaSlcZigF zY|>7ddT?d9o9_G;f+Il05{@>U-~I-M255)*v9RZ13!R`+(iIxxx^)esmPfv*s5K#nzgyDWjsK zl+a}70c?=)oM*cYEK9nAZxMW`c3jSOQ{`x9YIj(22N&AX*s?@GmduIq`bq`Q3@L+RF!ZNS zQ_h=@FjiCLY*~PPrMMDUi$`?8pc?*U*mj-E4Gf0B&)&hk=t+n%m!kVlNvsV)>N}uS z)dJS=pbIsj@EV|!JaoyFec_HX%M4HddUryjp5JVB7U0bc-Sc0O{48^%sUE=WLb2?S z6;RS4J_M7cX!~9x+l4fwi6E3W`U6Hy4>B{$K8Ca*HV8^^2Bv?gU55Z0vN6IZBFh9% zTFWRWK}R@bYKCX6_gXxkNAMm&x<`cT92zDA=)@FM@R55!dXanze;9-PHC7d=gu4;oeRu`H5kP-2AL zh^u!T>e;k*M~0u@ri%E?Bj||-JCi}|!59E>$ikzA`z5?71%NR+OeH0WM@SB^P&bP+` z+!}v-{CQ!q0kt0qkwnX}r?3)@(jpObZOSpWY84xG^v;?}t)f6G;O@smw3mQlQ@f4!cl+8z64F0+Q1ZKU*q)8Cx^o z31yPgG3(&SN?xh0k_Ej6YohH49<~|T&9aX?S)O7S?MnuZWn)~tmtl?KH<2EfUct3glJIf(S=ELm z{=4;jiSRF2)7yd;J+7M%C~WIrqG&!N=H)mWT%DNk`Tk-V%88Dr+Qy zSUw<^U&>2KssGg1U%82!+;Kc~-qXmgTb18#-@bE>>Hlji(^=BOy%Mu#OXly=6w>u(8kS`89*SYHI#d zCr@*)NJ@oWL|%mR0va;dfM_-Z+L%LnqS~g7g3_YJB8eiGw)#xVXT$@(+C8cD6^bQMA1W)AXVhcz= z6#G87c)H!QGeb7HfP(C;Uc*UMDPO>_R>dX|6rGQ5?NR(6cxr9#Y6U}`W8Bx*$@s~9 zRCnvggTVs9xSXy8Hs*IV=54BgNO*xoG3iItxEDv1m%G9Du`NjPD8(2D=^rNpq3Ri>3w9d+p5cR{Psi%WH^ zS`pTuRrp$ZSxLU{QloUEz_%il+w}XLu=~^3-c^KHwNFkLn>6Yb>K{aIgF-?Ofbdxc z4;{J+r<^4ak-u#=U1_M2akh69yuQ8|s`}S7p+f}c3w&KLw5s%j{&3{mP*3Z9WPX?H zMsMPwhl90fz|Jqxg8?q3UY;_-ZRjK&@HV&Vh3iQgl#_D`Oy(ePC4R*fVXSuONH2RO ze@E^A-8@J-S%B0|`h@@9_F;X9goQVwIr29jX|ARh>h3j4&kqNkgq2augufjGn&^&h zW#2hTE9N~o2wqDw-S22^gc_YCIX53WTr}}oe)~-S`9kqxgO1?CN^J^GX|aj8%{WTx z24#+xa6@FkCHL!W5?1PUC}VU5n|sMZ{DrNFS1xLLt$YJVk9ukg{V-%qM;gUtLX-(7 zf*I%HpZjBm!0mHPA4jpX@_VcA!8S}UCM^#6!hclFb@Ri#C_CP!C+FFIs*11#jg#{0`em|D-aL&LmxkL z)Shx3daClZ>?l}$$_(TI4i&EVs7drZ<)S`4_wRNW)rN! z4dsyS&=5gyw?eerpAOwN%EF@T=`vN4a=m(SUES2r<((0o&@qO!$_36TP-*+X{% z?lMCaR8fp0Y`=5#Iy$JyyZ~}yBj%5vkBjcGREIE1z(5x-uYqY1tz@91+Oh#q=`#`~?k> zAv*q!AsC9{G30ifxBRUbn}=_^n8fES2Z+!&_%9IgJDS32d2kTd>{@EUOl$SkIQ353 z%@KKG+oMyiuKS68WqR{*uTN#(O;Db;+kOEdHAQ{P1A^={H;1GA9^rn;ao*7oZ9S+4`%~K8`-tVaL++T^I^i#15Xo2xr&PeOo)?eu27pE_r7`mg~=_g<4Vj(!; zC>nX4)Jv`D%x8Z0r~E~m_CR0wp=UBGg0H;8w5E4tLs&@2oyi7Z*J%X1FS z5j#(-8SmvNBKIN10K77EWDS|e@$#=*{0mPxuA2r7TVLOy%>?7%nTv5zty6{9T%!`7 z`Q!WIgzvV}MxEx9l=;S?{X>DAk}-wo-QZ6I2YP9Y){^zh+n8Ght%6D zbFrrrA4?ysCz=zZ6-Pf@lRBxSMM?WqZfxI_X*&1Z*Cz{MjK}Cr4?Iq8eA}@+pS`P= zQy%puXVqQ6JKF&YZowgMWQQS{P}vEbwv`#{V3F#i8_*Wp7R-U5TD+8ImyM{Zev#H(mQTK?Ztq3!NXtTl;5qfnpIU(^q{H{L*rM zJR>b8@#}rx4QzgfC~~9Mo14eMY2Vvn?K*@qcMZbLESB#>J-G_7yv#@ZxP;Zw^oBI6 z?Esq&QRJy#X14;Btnqy49Ea06lTGR6$x^+^?zK~G>XC|hT$?=8~MLR_U) zifF!$>67z4{a9v1Lh&q*{qkE$1N=}RI6v7ROI`apu)}ve5qgV&TXiuzPOx)4cZ=Cm zh#H+Purf)w)ko>-Ww%KLpDJz4A1X4kx=h`I&BxNE&Jey29shpeF7^#8jxZtyYeWccaEvrdU)JsC3!iNl-z*uk#c$E zH$;>&)Xf)20`~8c3_?Xc-#%xNB{rR99xfwu?TrKjgMv7^D9ICYzq0}O+`X?dsE1S= zeM&s|;>2p`<~}Gk({DRX-GZDi)lq=y2L=E9E$Ja4pH22D9^hGrKq$EMF}KDC>u&oU zhuA0;3~}l+?4G0VYU9+TWrY+~k?Jtn1Us7ffQ|?z=7J2+%PX_jTE7H=&v%=((^Y&! zdFy=7RXdF8E}H|b1`XA3adBSUAP!0Pp()Gn%R|`?16v5@c=@niv<1{}Zp6QFo@xu^ z8$_8utxe6$7@$c>dzy~(mWIxBA8tioP&D%9@tgu`5iGWVFQ8}SB`7{1*eCmhiO|Q} zZEIgTB%pKI{8BI1n)Lk{?{~v@>c6DILm$^#TD8VPZu;IQJhKMzNcDm<_O3-Jlf&E7 zgTRZf>Z-Tq+9YBrseF`;UBfGIFRP~uL2!S$Ty3hl`&+htqe8;M`*TI+st&g8c_ye1 zj0G#`#QtnF`e;{f8~RXVg7n)8Gxff&aY&H|z3rQzuY9%SzFwU3k~gkk;&X=Pw(F0G z)Qsjdnc~4NJeZgjXV%$8DN~2$>bFBSG_gRohLpM1Vfm-dg+@U7SJ(5n*1l|Jasg=6 zvDhO3^|AA7@u;CV6T})$4FTo~`CnzKLM#g}` zpZzNKOf4vKm7hK|1`M}=ZFyYeU5LU;CJ`U@jGvayf}x2|`?EL0Vyy$i7fVcVYwy-$ zA8wCxDN(ve=bu75o#_M#yj)9|Edzuy%wb#+Qf_o>Mm69B={p+fztt{FqF<%#7kqg4 zNGj?Z8Xx}-78Z6uV7rQ`ls$VEqjtHlJHDQ?d>*sBxk1Yy{WofE-OFviCgtjTNOptg3%Ld^$tW79J4^ADF4L>ZwUhR4oNLNsLi2rYN^QH|l;cs6`X=J2K}fm+ij1 ze|l)PVR}B3?KAFEdAvSx*ZB%U=#1u3munzzE+~IcJ`3np#MGj3{p^RP)J^A!=?Q;*LiyNVgKpi1J9^9 z><3?wdyadrrj5~1ZRVslxMVOJ2H zK^HORgsSFNIG>PucLWP#jx~?tlglZq=8He}FdFrM{z4t%br+D4ZInN)Y(YdB)xtu< z6B`lhBBTit##J-6H+g{)(T7Pd~L_8MK5pobjn@c2d%=^c{2S@U7tse7MGEG)=O78hNe`jBHlDnM9eIdmBR9h^z%T_WYIpfmV3F=5c+iJCE{ZMvRn7;S>Lcs2TSUvIh>(%E<@hJ0MLHv3KTXvs}Qs9p;EScUa zChnD7{A?0#`Vr7|6i_FLkv+yII1a~k*3FdyWDxrcE{|w{rW`V91*>PVn|UqjrN&g{ z@?=S6Ztwjr88L@YE%?5%H~e-kwodMYl9t{AWN%z+moqzX^O0KS&U*Ni` zqJ@|BKhAR9Rh~rub<h&^HO6v1cZ|a;Q}2Dy`Iuo;=d# z@ach^R$bl9tTRvg?GWfDOffrFIVlzCq(bD;V1ks4MGd+03^`DYFFU9Zz1}s020J3k zgN*Et_pK1S_qDqw8W=|oUyIKO9XsB|V#DwC+x{94V%~Z&ZK9)ac$ye6Zmc(O`PGZdc z^JzM|^NUm4kD7d3^Awdwh8VYoie2SkYa8=tw7Q!k`;xX;1I?}P!ycb7{RE^7c9pgl zS{gGi-|{3pFV;zTP16^~d>O$GM4F2uqX0s^Z8WvXLl@D!pD2OW=`PA92B8K^UWEso zqeqX<05D2WpKv{h4uB61V9gqQmkaH54zs>JH__NkRRi|ntUgx+`Lg%%d1(T!1XDE! zyG;hLoh!DLbuRN(#r)XQmp!IyDwh63L*$`Zt$^v4eS=7&5t;>s*|ze8c@@ zEfew4@7}CGCV6n)B@pl{Z0sG|Bb8%EYE8v>C1j-@&!)stJd2X~Qkcwc=nJl0^GcBv z`KCl|y7$`Q;FE3(8K;PG+hMo)v^MMjdk#_f>{;2V=F=FhuX@Gw26+`}p+TT=4PLT* zQ^K7Kp8gtkXIn|$4I*y*GczSJAk8SO76$1-swMwHdkCDVj`c#f?_pQfc`t5ek*ury z;?z#Wgpr)n1Zv93&>TWJ=UH8yt5AFt($_mYlq7n^AhfpdR`@Aw$}$T)i(M{>SI?Vj zi7vYZH85hK=p!Y=KrdLanMY#GAtnp8W{&p@RnmeA8L2G+-ag;lkf(=bNwtPIIF;xX zg-MyEJjfQO)e+qJerL+*N&x>bGf1+z0%AqTp*wGP-C~(JdhnG5@6wli7rQ9TPu=oH z@&(l-TxBDH3g%!^TzmKhj2!055Zx{pKU?9u>IRSda=W_IN#?OOSd<~0@h73WMmj`v zu{v|4-j4O_>>sO&tn#+B%~2+2wFqB)yuY)+WmEXpBg#UDDQXcnv^fK z-2XUK>$G8*l~wr`-VFwy4jQ<%;NO++MZoIumewavxiVe)qqJ%c(&>fH0T_QO@u@_c#)4_6C)xsPZ>0@@krC_kU9O<%Yf z>^*2GCZ~-)E&Zx2Oc*iWYBqQap$pe(j7WrVTsf)olOzn25bIb5Dn^s_B*yP#*>YMt zUUx8izFKL|!Z@=~g*9F@%|Ln@2rwgh4&I=SwF+Kq1h#y9rJkq=3Ber3p+iB&;O+6c z<@p35AY~S396l^u!03b#wNcc3*vrDT-o2FP)WI&|O%AM&Qi15KYrO+g?*&PBETZ@2 zsnlceP0;5m9}Ustd>zU5aCInJLkAEHEpNUBg23)jO@zl(a&QyH747xhb1VWE!fpAq z%$_0g7$v2!w(VD3=X$6QI}Hy8Isb7(GSslhEV$blT2UC3m688&0dy(2f8XeQUWy1g zkW1^I1uv@t^npd#guOhE(<3pLH!T_>q#D~q@IPaA;y&n^;TvoS^5 zmK~{l7h_e6L_87RjN*E!xoRj^m%)Oc=1?ir2wBxvc(e!JkD2JG8RTg$U;&|8=8#mx zBE==+{U-?DN$BI9GK0AYryJ5P2A*!i2D)$wurE^>qu&fho_=Be)}zooXjzSI-*qz? z+~(Eq?}cg4Z~8r>Wrz71rZ5j&e34R4+4<9dHFAw^1RF&?B^sR8R7@fYnv(ze5 zUumrX@H$h>0ZzgKE-|SYHEe>roAcBZV!$~KamgLQOV)YbFargySt?m*C=7=|)V7yL z5z_Hxw_m;`swnxVU4A4f$$i^l@Sts$Z9lU5uxF`aBl3aWX;}fyYDre4SyFpz><66s zI88{>b1P<;4IYnMbG6mRJ#R)sN%*cK;P`y8U^BX%C+yD-6 z2D8%j9e9>Y3O+qae5j__PsxapbM=e`zFQU61A|I>0`V|%mSb%048Ao+-k9c zW**qeax9!ivE7A5U+9Ns-t=MRjJXuYgVFqd~jfET4#WNO8%g4QAm_>~=m!&wh|O@;L~pM6_wf052-b zIdBx5b6@3&H7k1<5gT9W_M%K{ap3S7Uc#G10|G!fyt`WN5e;>AK5WTtaBXm1Ct zO)8HF;vPLjHb#?<$BYnu@#JmbitNt>9IceNI6Ryg)|@}|Y<%3|3v|Tk$K6#n9;9rt z&N&BZOf5aNpL;neQWT*IBpW4s6WKij0F%{lu4Vo~904PA$%e9ri!;R&;c=1hwLR}t z_FR4-U)op3+;e_b2jIv+c%)Rr!KPp;z}Wc1 z6!0UJLVo1RU|PC-GEyFdh2~qK8JO&0Wr>{U>5Qd${JPC@o3t2c9ty9XCo^gpuOxUq z;S~e!50JS-*IOaasI28(iMpw)+Y8ZZ_YgCrEThj}!a%_Sm3ufS@K^2<=d5EwvCbjX z`q;OSD$DRGH;q7;(F_vpntdR6^0^|p8YhsWIHq`GU^c)EvaflfmUR(I(PM9L45A_K zxr|QPG$$Lpd`sG2vmy>Fm~*zv(imb&6I_3HBb4;34K8G={+IE8iE~*+#j`~yD1GGGP~Arjo@wUWEGQ2N@%r?L!S)+kNxa_zWa$D4xTBg=6#7y zgvif+?jq~T=3!~};yZ>@?7axbfmh!XtW!NwL<={59x`8gn;b8h@J_W5dI64FMQQ8I z{mUu)eT%(;J=V6!oKPZ0mB$D1>+yS5QOxJxn`PtcTh9*{MonCO>M!L9$O9DG?pjzs zcY1ugC7m2p`M9Z@3T#)>kDc|VUj_}C*yqlRBj*}qEC&S5`G0AlZ^R|Jl2Vv!otv`U zXt-+87|a~t?0E1Q+BHKe9xADD1O`kNg7U@#BO(GKBCwm9nwB> z5qSgh46khsMb4}=g=OSz&$kzM3Gi&SWgsab=*u~GDvg=1Q&G-@nIR;m3IoKcR!nuS z%+mXK%X?wSbq*3C0TFDG8Ds5Q37e3Ef(rpTiR(rp2uI%Xe)w)*#L;c6`!oOomeFjC zFb6xhiDwA-Q&3gVS-soWmlucFkHbZNA-vK_hYH$>cizHpV6m<5F2^ITZXdes{Ow7% zFHzsoO)vH{0jij^8=^+npMNb&d`@h2NeCp+e%O}k;6L1Y!YLfWJTm?;t{q}PP!DfU z_)%!`$CDu(90I1AP}pss%-R>0=BmJDRtvknRAXu zjX{Clk;{m$ko!HGG2x}>Fcx+9ZLyYd4xVHGtn?V|E-FU;%UWU5S@>Ir4R|ck?!)79 z@mp~uJj1yFuv>}z#Y$VgNm|08^s-3QtIGHLISK2yu%uv*edbMKC3jo6&z+IhSZ5kc zixPW^YnSr=>g6c43iVA6<$8h>B%y(zN=qIc#$;btfu&O?hQek7*p!L~#W}+JVmpw; zTViWFE26-3FVsLzzQc22`WgD;5J>PooAyD{m8dlPtCRhd`oS%}V9`3OQoF%Kz%$`p z!n{V(jotguK6=yRq?Zl@*eCMxl!?y(Sl`M}5_b98o>tM_{i{jxMnAw6XzLln8z^+o zlE^}HDfbfu6zq?Sw=8vHFO3?W0(Mn^TWo(`|BN#wA&vxY`NeyxO#Nt^^O86yz+9>6 zY7#DW>E-LdlbLFh<@k`<^f4Hi$FmQj!b-K{Bdwe_=r;&NfDagwpG5BJEcufZ}T8TpXc$p@!&i%ns!O}F4*E>2M3P`EHRJ>Cv<&q&*e*qhJAi{B!_uJd1Rl>F#@C@_ae0ht4&lpfuoD z6r`hADOtwFs}nF;I)mnTK=-g#g72g4f%p~j1%nW;<|C=OjszU5?jp9IN zG-BLiVbOG#l)UoxBVTBH;dx^pEf^hm22}3W>kYvvVeEH~w(kx<&e$lgzlNF+RAA%G zAa7uQm91Pch6eLQgg^3!o3UecKprn31U{Q2?;>929u4MvG#i4$ct!ybFT;#p_llNR zIA(}y39e+%CoO~f>yE~i(^ga-vE0Nh>cBJasjrjUmqfE{o-$(oMf}*6HYufQ)~8 zLA`=h<(>t5$tIN2+B^QvX7!`d6&i%Ys66Xd6QJ;;)hW@U#kdC4od<~QVNeD<2@tn1 z`1tq;7*;{e4YVe&$ADzf-*J*+ExlYF0ybw%5Q>qtB15KnED6UdzQqvd8(u9)3ZeJd zZH5_|IG};XlkD%6do~K&KOMugW0;F4V|Mdzq)=hLU)Q<>s zoUy2)*X!ew0FaSw)dyGxL{Hf{4RkC94Z?V2P#9M%aqlyL`gGglUf!jG-Wn911Prta zQ~hXDpG3|}{a&79m7U``I!N}Onm}}9Nu9ewpNkyH^iuGO#Q>;G9FOTb#CshAf7Iw) zN}%qfjtHN56D}yIcD#xe_mu&VFSA`8H{}h0lGUPJ_unf`MWs=1>J=XW%gNV^kon~V zfMIvY9w`jg!+T!8f3;Df6)RrHvqg{Kq7p+3Ftw7pOORncu*3bHuO{d**S9g%hjy z*XYMXyoZItu#*5740i1EFL@m(&3d_*_(qi6DS<{$LO{QX|4a!$HFrUNT3lXW0vxx7d8p>ddZOg2~mdxIyQT$&aA$c_n>(sIMRQ%tc542eS-;d zx>FqN-L9V{Ee9C6mlhzpX>fm~Qk){Xj@#bL7qTh7Cr`U|Ptt?FHQEB{Jl&fB>m-nJ*r{+z#O_?p+)C_78P%78)JiB~2DDXB@XJG&%#I z%IABJjOr=YPae*quQtz|m$h<2r6{5M^W$_SRJ{KkQPelqa6~OMfIMzb5%k{Aniy#v zN9&#&Kq^?v`N?t6|9iJ9)FUEi-hqeYoc4&>{DKPs7;}dE8Oo70hRL0w8RhH^TBHMx z>?d>oR_+68T*h6kLQE#in_zFa?)N~|(XprreUksiK;rUhHvI|nc{3W&xqqxg2-bk= z{W1V#EjzxQAOLbu4tvAOptO>d&f_%frJgEJsjrQVjlVGW1Z|#d&NM;|m z6Q~Hw(=Pl2fe_$n#G2;DwXy965H_JdA@C54X4hf~-4)zYYLR%#-`l%tEZb~_9Rvqv ze1Iu=z%!)7lfV|x$%um=aVn6a6@@0=?#D+EGfFem3HvuE1>dFiM5Gw^($WQmlL-dt zWLV)`^L!K-?EVP`_yUmD zm;fZ}--F~w|9f~oX1H0YI9kzb-NVMVG~(rr)!_YwhwN9Mj_D#|Wt+o-22w@D#gR0{ zUa~=N;TMvNM5xZ#lzJF&V&3YN1IkMl=^g-(=I7KA+w|M`4PQIkfHJ0m2~6bMFATVq zSME1@pxo{6K(6tJ@sEBbI@78MGQC~dxe2t}ciL`vP>44G02K<`fo1D{TMiUY6Zg|L z*VVc3ibF|SzY=W#eeB7d|c%YSNe5}i-19p}(IF5uI!e<|aW?(Wap5{&e?rjyGclgm$#Vl;F&hEZ{X zddXZ4iA=cO#&Cd~pXuHro>oqI4vVP7mcmEsYZ>(hqO|CSXJczyetjESsB!Vd)D+`A zl!Ge})5v~DW&f}+uSlhexAz;Mx3?i&6mGUAVoijyL|Vx#g6t=Hs@QIT`gvRS&H>PD z>*c*OEH>euWcN>BJo9tv;+|cd5TEmVXy6xj`Z@KkbLaP;Aeu(q!0BWY9OZX?#G62f)o(qO_vloHt^$EHXy^(Ny^EV9OZRD*q=NF=mS@0H1 zF-82Ub=sOusd)o}eaFu=&ZvbK&Pv6EcSvWt+VHWSdID75khYzA#)I2vX#F z)mW-$nMU8W<_1#u8T814X>s5o;fb7Py|i;F5zStYjQ3AXO-)hIil7Mc3;0}B)PbC(_Yd?VyQwq{r4!%`1cQFrIa{DCDk1ZW z7^)}Hq7k?^|IYrZm(?OYFAtUUybV8Hkvk;UcBoZwl`7W8UpJ|AOZx>14hFmkxxpF z#|KaX9P~Jx*gMNZ93ce0FZHXxt1KMdel0BtnG`6qM# z(zrS8V&D_Q=R5L|a#>yzno~~}jy1bGh)fNxa6R%vCu#d%lbk#f+e%%^Zh5LU;Y7#c zA}H5b$hVz&{7020cXx{{5yu%14d&Ika(>B?_6i}V_r(81$ZbXCIL0LugHHUGSrPsF zmh^IVr%-XO5gfgG{HqTiK1`RNs_-HL&{ovq(|V%^`%PxuRl&u9=QK}%qO`Rox3Llm zKcJzcUVBeSWL%uTG5|6-%z8vSWHVaVgp%c3MEjpgRH#4!AZ%^jwQ(&0up?->5^4#O zhA;BakM2r^0@Q$$_WDJk7u;o!8Kv*lam(5Eo4H`_&@1NWxz-6^Fb%It-Hd0@?f^g)h6Mt0%lEwOaE~29&~cc81H%0<8Mt8@h2?N@~9?yCEn)Tly$yS+S0;)gRj_g=_m+LODH7o_XM~vu( zf7ntpe1BvfcP}cDDnDqyN4`4D{W#tRF9`IQP30LZ5rY3sR-b>8^;fonqVBR&dcU#I zgfd&KWOfd<*QPUU2CjE#5ttiFc|R&@c_Pk+!$xh$cCD;Qn zE2^v3tBvTM8`#orxP4=o)II6+s*g>M#3RVqeY6yHPEQiKOkdBBv1 zm3pxhA^-@5f9`R_Tx|^FUZhnEtKp&0;!N+~`W7LhSUqnI`snO`Do(V-kS}k^Pl#B~ zD14D5vu@zMH=W@Y;^01!P36`%?EW_W&_W6savR*+j7K%hhP_nM4sJN;9P){4fbHIt z>FLPTI@^}6uBSu(?0Zw7Bo3hN-;w!_ntt)?U92#CwwMj} z@=REp&Lj+H+P5I+JBfva1PBCQU)eSvh5n>wnfZG=CZ7Inj2k-CDjf?I1sozi| z?nJ<3F4h!!`z%KW$#Ln4dE8n}b7sCfy%ht|b#?Rr11bKaF8Ub|Os^%Ud zZ}yk${6~TU<$Q+RlY<9egm2%XCrn4s+kjHqEX$-x8`~)UV~BTB60tVn4V8Me zNr{Z-@wueM>ppK#O4CQR5W}Q z=kr*oWT>;VR>f|qT=aef8hKrBzNq82qS%xZc5ygj8P$J4_~Ps3_1dr?3_}<$^R@Q{ zdyFaJi{-D9GfHfvylxn#rfRT5(Cz{N@Rm3BjXdS!@Cvny#}-PJdjb9PM{8OIMMa2a zbERi$=L0<0S$n%Le1D{VY)l6A8B3m0AGs&_eZ#DQ_jDX0IrF=-L(ksdeDIR|pL{?i zl5MBO=Zh4K+d2!#)tj{mGYjP-WM2g6{J+{3E8!SDJ`mk`-s5wxswtFUo0bkQNiOnmrq?VLHN zWvZmW`nT8|DsThyXzXprT6fqge2{LwAai`du{j?e%IZ+5#U5TW*X^QB-&bm@Ocq#p z^4nif8Vv;RplPWSft#ku@md~;7Rr7%K$#H*MS5a##erK#7zy5qY-+eXJTk_?LcjLRV{iGIYQ-Ml;iT2< z%f+3)e=s@_l|@`=bQA~5+a|Vw3U6r5?lQo2J3wUtU@H84Jr3QDe@D0Q=WKgYIcu0< zb3B&27f-nG^Jditv*13JM+vY%RckAz(3+lCQhf3U;0h(aIunkYC=AlKZv_1SyC!{= znRuDsj7O6`Zfb}+SMv7sEzt1*_OL)`-->PGeRRCHa4Sq{_l|obc<+OkBo#9=bD=M_ z)lv)45ds(TOb#f{x}#T)RGj=&tUxI2UA-Qo4WReaqb@NpgUjvU`yx1$w6T^fZm4FBnV;YWw7}cfXopQ@l zetr%Yva5a~-7D1ePKNY~mI_oTE%G-KKgl>+kHWOr=cKO!J0yV%_TYRM%)8Ezzst2F zp&mBYO5}!fHAk9$8xI&6=i5rF=cK^dnahFwDyud?jSnv(P)q@@t(|HIZXlX~XE{$n zbt$qU%2I83afMO{4g3zk#Yy^?TnvtshUJZ_tOw zo#9kYlXb#N2TA`prJ|32&<$_gqUevZ3}ylmL9}9@3*B#?HS;N1q`%r`8(m)ADG3MM z7f9~v2}3MIi7k7~Y$6reA!0Q0W=+||`B23l^j^?YeuF}yUb!F;Y>Wl7oe!4Q7X-qd z_Zae+z1=iz-+ylbNzOmCm(S4qW5DBaVgPYZ*?8DGf|ObydueR6ECl|P@ScmlP}97+ zamN<{5Rp3bJouL6S;OUD>Y(Aa>LoAapc@A;EelEB^$R&_sYh@s zJg`$ybjx63IeJRc>aDW9ohf!seYjnZPmVQjx#=mE@6+Db&isPTC-OZNIvc`)v2S%C|64H>;Q>^ zv5?T^KE&BR!fH16=dCr2D*@z{*qMC)!)hix^lI14%{1$RY?z-Uv1F(%%M~|)&WEAO zX2fJ28khuv4UT_09b~@ytK;d+fZ1fLe>+)_0J;ynK>)^AKYjo z&;|60`l0-=nW(h^Y(AwJD2+lw*Pqqh-1O2ek3``PTP=7?^vF`~PtyXGo>ZGL3|5?Q z%ZnAfZyNC|RW&-}w+~hAg#GvL;=nr$FQutf1Libp7 zLu{MF#AG$8x_DT+ad@y`4!IdWCW0duD#{bV=(;TlAhs1u15hJBCN3vta~|?Fm5G)x zB0S|?A_`fg?{{Sx@q{cB`w^G6<`12FB4hqGj5;zKa$62JWC(Bhjo|*!W9|R67`?%b zo8C!1-s}D1ov}s7p&SY2FbPNq1V6hAWib9Q*uOmM z_e&{(@xorC{QmVnKL-DWQl$EaMEyQo&z}7EC!OBkwfWCm{`p<0;~z%L zZ_)AhBk${9$?>00`SZIx>OTzIe?JM39Z&y?fdBn0(U%ziFfIP`VUh&@_ZMUNe=qhQ z#Qc9N_78si|7FFWV!4rPfTKzczrDQ;^p6vhltcr%Oi!q=rU0>pciQ|=&b6Zg@ww&bDyK-nw|*ULF>fuIl-i_zC^mg#Yaqt;*iHyhIvV zjlB{sluBSby0}o*;eY#foV+D?6kC%a3u=1Ae);oLUcSqY?k~l7KSrTEe}avQQH&Y* z9I1;UM~n~pKd}s}$V?)aGx{u5Utf-f{QDMU|N9n@Prxl$JiK%Xx~lZZeqW8Tip;=D z;IYnz;ZI)s9}~d(-&gaBWFVuX_y-`YdVA|Fi~NZ^^dC{j>(NLGS`q#wO2hvqN(?@f zC@e+(E)d^8R}EcB6lY$n#likvAN2pdKH+q1?Qlq6Y@iuaCAVi2^P~bQA29%;M7OVcK-289_whBEGnE~}A!$sSi-)}J z2Ho#CMPP5>mF-6i0Jg&B2bGVK@bVArF^C~Vaq_=2P|R^asl@Nmi}P13RtVkI#m2?G z%7y-O9>)_%Yo=yjkP*}}%Nz}Y{I$@4NBtGPQUtYM&$mXX6Mpk?wl~dVkX?F)l&aFd z$p3E+4+o61-!DYC+EaXX=J3!4g(E3}15eUukb_Tj?nZQ5hspwWn=>9vCXFb>e(msGG(xy4 zh%`d=96F6yvdlYUO)>_$(5ZjDA3#v(p8>;8v=8ffWbBe!elnV(FH%Uk)3OoCv&~Eb zB+{-`Wq3KQ!6E6TqqUpX@@*0_p9mxxSDool9JX%N^I7(?y0i+ixHyO)T%|in4>L3P zT*<%LH{8JJ7Kf{tey5~EcGbEed`$LD+1sSc*h835%m{GJo-cE1_v{hj7Dc6D^pqt% zhJK2B+NTR)1b^_4J-CtPiGsab^IoI7QDeNHlQC)*x>MJ*7w+-CS4M#&x98fS!Vh*W zm^tTBp5|!7qrr$ANqz9Gj=N!XXqzPzH} zq%d|TU=r0&@L;vq2q#qc@nmmCWh_-aG-G17lYRf2<^|!4OcI~Mh@W=?=u&V*>%Z_On2FDQ`o56I?z4b-`;m~0E;mfa7y~n;gM%0jX^&43Bw=8y zV$`aF`E^qy>ylm&#yUVkH!lqD8uME;ge``Wi4%`#=mrI3!PK&4>2~)b{`1!KTPd0K z&m`iLC^5gIgHSU4=g7wQMLg*n4wt_&9kyk#dVwn$G}^H6`FgNzYxX?jgP<>F<4(rV z&v1gea?aG5>Zj$~sVF7v@MCa>+Uz$qL_SZPdG&m8s%P8qQF+`vqNHFK4^q5h_kU70 zHQ}#X>Ab6u;(pER%B?I)yIU($lzZGjm!#mx@pCeYa6nW{BkQJM4VHRV651KOi|Q3( z@?qiK$8A`2mMU>P6KgWjWGQg$p{7GY5zyI?_90nH(S-^xC@86np#c6Sxs^t7K+V6l z7OSlTJ$}9FN73%6i;$#2ZpG}s@QFM%w_A+ecxu{LKxkQ~i*foGg)Hz9xx-duwTK)vQ`Oc{H zHN~Q#GHP+w>=?268`HHzJsH;3bV9Sj3`;e=Tggg`)}CK)JX#)_^p8)XeJ+9rBpzK6sS7XrQafe*@yAlct&(4)vyh_1$tl@&#(-gEe~6e~;`@pp z@(3O{*EbB2s58>L(e{LDrur#VN1YU%?%PxMS#c>wgL?&2sooKxwT``Ncf&?Ve7)B> z7Bk#6R?dT$$`@K`p9nM*KeKH771lpp-I;$<=R7RKTZ$wbR61kbCsHp;M9<(M)$fc$v4&q8;Rlvub}mOCh^Dc7l0#F=|2^mcd_=ms z*Gz`Ulbv0^^>u^5mO4_2=%+A4H(O*km;wd#m9%_S8h+bheALtTO!~Mr2C^N5T>>y) z`jIlfu|0l1QR`ad_3h#SJ**oVwXl)8Z!(nZL?;ibXytMpeaS0wpSSAzG4Cg?c8L|% z+BRFG#}==B{u4)a#+HNcDpq8tnVp9y*TUS6j_wm-*vz?)A(KJPKCwnkqubi2tIU*> z#hnT){UI?Utwa8=rGM4J8d@7CzOLmIppbOLW=hxt>sv@iYD?fDNVtU2v!D^p~-9I4n&iD-XzTc zy1YghvlKh{C1;jKd2DBTX1O=o}Qe>^c74}?Lp;FsKPMmk?5DerwUw;90 zuv9JJ6VMN36gqdidZPB3^CHwKTEji*y?W{J|9fOJ|MQ!=nQHtP|tTe2t+7n$x!MwtIrbSPqz?-5!m zSn}X!usvJYfA3k~d)_mHGOw5~ui;K>0MSCur#F7kPH-%uDAhzm_fuK;eags<6oGdJ z=dMWB8-GsXB>m+fU)GIHKp~bq_a{;HBY4>}dC$*kV;~{AfPa0sdPWE=KEKVH&G*8G zMCWrHZQ{VtophbcURZ*P7BYX5nJ_~as=A9eV0Gfq&b>&ME4p1g&=1^HwIv*Cs`I&7 zk15G{2I4&BaZaQDmhzT`EY@OE`Evu1HH?RlW3y;vZpjZaMj14k|R8p{&NVx_)lfYjx`A*v;%dr9&xBVsBN8DA~*_O9{&mQMvR*iHtWtO5iym^;SF0qa7%^Lh@o-zo>rYG61czs1?x zsIkkn6(g5CC_f}np%mWe%2o4VZWCd`ocZTm^)CFj@e@Zn`so*Lo)T3$@`(FW5gkYg zIThwGSUm9lkhwdCYt ztHbKAE{aqM{B;`s!5w)@0AHAqh+B~OaR%8b%-Wx0h<>w9aJxZp+140zq79I|@vmX; z)(oVnLMyP1UuqvmpP`@nNkSaJSR0FT30Pj5Y5vO1IICDDxX<;*S)&sdRDS9$;@RUl zST1lYR}rNv{|XNx4fj(qOsq0qdX+2#&jI1nk9?n(Wlc-oN6cz%EqXDz6CLX)X#XU0 z#9l)QJ9h4iJz);nER!N;jloJPO4nA*Wyw6Tfst9x9M1Re`_@c)-SsApjhu^=C=;*w z!nUgQO{(E%?2Q3-Qo=8jfGENQM_LmF| z8HaJ{-(;=NtIIe{Ub!6*c{bAsvX;j3xoIS+Y;?iEMvWVMY?UCgmf+nU!H)E z-_L}LMZw#l#;AE=qN0L9#hf>e90#0YNX0)$yTVO0N=g4)JOke|zlF8KB_w7XuAv{v zPtg?Z+mp05*$^VnIdhq|d*EEW2#$lm$zgUVczY zJpWo+D_~?I2I}7|58BX3k7#kl*&tS}HCkF9JX*vgB8kEK8Wvy+^kT*d%)m(~Kq}~$ zX=+^fl6^?cT1O{QjLOWs$c>k~w$xANpc~nQQcepl{Fq*0b@Rfv%YB6RapTVMMUYAu zxl~2c=4y70lU39OpMJOb03v}#qX0*KW4Xg4)#00}#Z^ju#^?H3&NpFI zqcoUdxvY~ATl5HsZV;be%9Z$e7?-PPqK75+CHTF3;@g3>8nSVd`et%(J4n6;DQUWK zNURL-!xw9tA7j?n0T(EXT))J+BT)qYX#S>M_4Cv3hGw1l3p?lX%{w$_6R(Z5k%Lg_ zPxFzXolX9GWUd0C^>+h^s<*3HQs#UJq;$v`{+lB6QoO!fA;=TT>tV&yBdDi?g0jB&@IPFhk8zb7EUmw)3vHoCT0`sL z4ft4>zfQQW^=Tj}hA5+D!|wq^PBo#gf)F2B5S{f(MPzaDk*P|*KK0X+5?K~`>{wAl zQ8zlPoA95jP9jf2*{92fB#kaDI#?Rq*oB-iYn~FEoqxSn*d{uyO1^Kl8Upv>4s-baJvx zBAg(WSk4u|A(%_Yf7g$k@om>pQ<~SG-`3dTV7p^`T>Gih@_xDysI2QbE=A@ac-%!95t}cnhY;k5w5!@8m5{aNo%oamy`P;? z%`cqZ)mm#9jAz91Bz{BFX&odWdhTZm%N8=`*FLoxb>dU%cS*XFRoaHGMkv54Z55V1 z+1}jWsS>_3(`d~Q0-|s;gjp>y{Pbjy_3kZ}hM0D-KxuAB3%3u+j*?#*NwxT6i}sOH zBSWt=UDbs} zw<)TQMBguKDp_+OWEjObHsg4!J@--mhl=?7MUol`JzbC}5L_{vHGR_f!EcRE*vwDu zl!@|YohMXv2^LUo1$fOOX8mg6JlWQt$Wx)#G{Nz{ACVEn1?!VMb(?1P4JFF?n96ck zbDnHa%WJy3IFS@Hku%g+;#X7g21wxtNy++TJMb_*_dWTg^+7U{avEl(+Im&$gbPY0 z=Ql_3Ym=fmftDAdodwSqr<|FHf-R*Qzfy0We;CBcun3smxG|Y#**xCX$nqxoj^n<@ zPXQ@P(0-2L>!CxzC@cu#E}Xb(3G0Ztj}Fd?e>FErftq5M6gjLB4t819)4NFZyUYI))v9d!K z!##%7ZnRfRX3+ikg6cC~nEt2d+pE?{{MA_2Q)o(4pqPq-5h`9?R*x+Xms*RVn)aDOhjMP@Z6`BWBH}5?|!IKs4?4c++f&RxS zM;ElL{8;_kF36Mz&N%jV&-_VdOEwfHl;Uu679SMr}=DO(DhAlTGL3WKaBt;tJ<(n~U^|EO(Vh6bL$6p3uiX!trPu#%?zFk0{ z5L;xF)b4y>w-8DE)-nlZ!#IpL(0~ZIRgqRwAsP5e4Scei5-B9*na(3zWx^6lTWB=W zXG*mExwugrMUuN$`@ViDbf)pG`^Be}PgnUM3fZGMoauG zGfU!|29u7|7;O^p&$C1l5cX!~o*9s!iT3SlM)zOx0P^7C>x$OC{?s*L;K;(IuINjg zWEKL@1yKog=Y8MD`bSLV1JB9J(ubDpd1Q~$0QsHs)Hffm3j+??urU+2Uw@-!G3%tc z2g!^+YF)U$!oicy+)U1-`IGB#xdJ+jD=0j95^1gV9x7CU(q(dTY;tmP7gyKzfdR~t z60xl2SUB3OoaF9FYh{D`mXP;P$4tR;lqmcGp+ASY@WdpYwrii1_aZ_Q;5mxh0E&O!|+JL~M8*1ID5wh`jNF3^?EXQ!?K7?Yza!yoM%d@uBU!ih8Iuw3V=?m^xZc4CTh(3_ZhVgbyNYH25#d%dfn_1BhGx;-<% zLD{r(*Bzx>XMT2|n5Yjq3|fU;q?@>^tooE(h3t5jYdE(QZCfsrJ%y*Qspj{vs!vI{ z`9JU6=abzu=gcc=B-H07O5WjBzG9NtFc|3y38csUy0d6Ul)~ydbDD68<9?u65ANg* zkI`Yx?sxiXnGkdUF-jbmTiN1eI>=|%>n62b=rw}yJbxuML`i%ovHBpOE2cl$5MmHa z@%3UiNLXu*iYNZw;^0QG;e_+o0_E$Nm)%V2R_PFymuU-<&D#_4%8?x%id@Sj~={&?Ul|J6c zWZhaesI!U%DS14hV$kx<7BXeZeU-Kl4q37gkFiV169vvc8YH;(w@XQEWS-HG`IJzP zZJMYb`JsNa#hk*perR@Sb6Y^OgST=Xr*hAz$hrX`diMJllWg(&O#CQ z3~z?qIk%w-$iwS(4;{sIw*ggS9ksUk>muQ;;ab)bXSvBsOZ&YC5~sZz1)~j|OM*^k zB7>hx*LE8?QzkZ3tl#hKK3*B8Vux>z_22V%yZX#Bj+8nBhcV$BE}h1}t?s!8RJ)f| z9}4a~9P(gfNjQnyY}ki4?azHL)#>W0O1Kh!EBI;Vq26GZ(-J)IQRcQlUj$)Y@SF*{ zH@v$x??2D6*=qE%On#jC(Q66X|H2h>I$w4_;|uC}w=xXU;`MhD5cIIRj8@H-GHz8d zVs*ycsQWy&hQsSD5PtT2TmJ*tZGHDtg5UP-_U&fpkLl`C zJ?R12GtbR7fwCVC2IHZ8F+7F;q%uUU7v9;z{}@;0hw4G zh}%uDC=C^9GSZ)k^u?28F(}eXeKPUVZ3Ups2R}QC)$puD-jH>z&U)J=unynEwr>Zf z)+?*;4>O^i?$RBGD7|<^+6naAnV{zoDVt*@k+uwbqGR6<2R?}gQ%+w}u3C|bS*W`z zT^5#psSDhfKRHxBA+G)*z;Va(QyKqOwFNj{Aa9-A2T4FXFig;261Ld;m*kK)f%$36 zNWW!cWsU4L#e3eYqD!?OZj&M@cIPXH9{3|8=PY#MS{Oh;ZzZb-!!`C?stIcdjnZUG z12KQfY3;Mn_XM=FjePGXjIpOegj0(ui`>@?Rt@7Kox!W1*s3@5thQ@Bdn3lq+GSo; z_MRd4Q4E8^%u00lC^|SCwt2YXDOHnnEnfu3EUT5(mXbAn5Rn}DLTcf``L~+|3KuMg z3^f)c;YQ%;z>;{@2C&xN%+xc3!R<|=N@rJ}fm=ylZY;V@Bn4(##H4_mDw1zDXFu!~ zQ=Bcd?1+He7=sY<@k)C0*DUTKm_@LoatWQ)t7PHqf`QNyV*Yypg%Z-J#|yEmxDVa_ z@z-qr zY7%RZ3+6&k#Jg5;aqPTqkw?r^mP;k$U#WL5%n0uD>KwuEUNoO@Ax-pyODEunKFStH z`Sfl_+nkoB>B>nb7*c(nNeVQ(L>1>!c*VdU$^Ds07L3Y3T8q-67<Rhx3|1SP%DOSf zWi9$7G({c4ER9|<@m#_yEvdewu$)0*}v@<3OWjXkmeqDC%rmlXum zX_#G^Z1;w{Xm9D=H)cGSjvhVPrFvD)oa}4z_Fts%5)qYtYo@6wn|1YfvmvU25b3Tn z9pi_94$bfP<%%}T0h$r|28fnBUM^(JZYFr zC%D$b%7@or_VXuQHZAUep{Q?J4*wrtZy6R>w``3PBv`PZ!6m`nrGY@O;O~DgkhuHGIMK53g#a<0c+AY6axVH?GE#5Q!cp8oi&9 z-8QU0bf&G0Qm=)`VCNubIgY09RY^T{_LW@fVcw zb>VB|9xt3PIZ!k;adYx6vn?_gF5^(&-j)X?{7>mMbf_PVI09>c-PWUSAhm{we z^xz}9xQ8cim%S_PHC6(nDA&Q#P-_raWBt%$Agg>521&K2cUT^6Egy&Ajv1&}s)=(j=T#rMaW@+eG4- zUE}U>$FI5r?^=+%636(J_4Hu>3iPeoS*V!`T zWU3`*og(^l&F{;1aL^Wzbcc2DV_34}@1RD#G858$Jnd~V#N$=A4$`j*mcTl?cD()i z&Or2soHTy}fxYGf@dziZhxSlrTptVbso$8f{^UO%{O8^FqRQ3eI1+<|NmC7QyF$vvk zWbo@dI`&K1Yz*v8M{TMg2w&I$*G9{}@{$ry^@vL{A{IKNYW(A>(;>Dh(@$)amFO_1 zwKnW0#nG=>$%v%~V)6t>i6e~S^tO?Q{hh#O2m$|ISjyMW1GQdfhDSu8^jYeM1k0Qt zDO#HmpzMw!>Ys6&XhP4jk%+w|XYax2zV0llvXxy8RYtul^crx2k-_(G7t-cJ$-=fcx97ddy%abyBrt0r*q#BM_mfu7!J@VtDa+KavHygh&8)xE( zC&>&w?kQaygdAhr!O48pig>-Zbljd(A^((Eg&L{gEA z3DT~&My?N;$*T(_X?f}OUSIy~@R|ibqh!> z#zn6Q43zyue&5{{Y?CUqfS=jSKMSN;De}lu>!JCZ$c_W`9E#H|{N$uQ;M*bdp)TF0 z#7CEJ1P?RbWcFt(wb_f%70GBvu0}|DW!0B79BKbKj=1=?Qv=M}B6K*<1pjvBOfai( zYD#fpHC}LSj(<`2%Apb?P>aGOY?;QoIYR{bPi-~GF>f3{sC?X=@ur0ISGx&pUC3Clrj@ornFJH`$Ql^D7I*+bhv%00KPa;-xJDO#=4gs=7tb}a zQcfYfKlU8Kz zdfIue0X910#}RitJRTSiW>lB~Clk8kwi+{2allpN7*&w%Va`gTf_hw@Qxg$#Q-hdC zAM3((zc9~Gt(1Bl*VAQ|h9DGj6;z!!`fQ@+@AZC6>UaWnDQaTE4RL{#X2kk4x%=UK#i#*vFq54jeW6w}Ge+QsIo-HTzb-xh)E zHO?#)_V3m?1%f*hzeUKY2ySSz zO~DT-#T$iVUfHW}?`fa9Gno`0JyNV8`*d1B8|X{QJgEHRw+OLM{QuSN5HVo&Ox*Lv zHRF)f7KYz3l)Z5ZTC{K@^%8_D>AV$uUZ_X<*2nOKL01%Mj&>$y<)%d!$-78RivB0A z*5WmvcBhka%~H!5tVS>R2kk8NHAcT&8ngX@OOIaD^is;cV&YzZj^Wwy0#Uu#M+E0y z6|p)oy{y-bl_2(agMp*Jw4?oa3Ir-@cT(+7R{g1N5YVyz zWxEhk0rHLm<3@RRwY1vP{L;e z@MvQ=ALf%Dbf(w;p7(4V1)zn?pNlA{et+-=KK`^8GDy6uz?s&PC2co?vZzP=HWu}5 zUa;;mkO7n;{Fn*eJ%fIjFhA1j1_xn|3aciVhfdd}>W`<(G+UVV0n{LvO#co)i%)#Z zWGuAX>%Ji*9*+MH5Nji@%h#NDp!VeVJ==cYF%5|oQQ`)Iqhfsq$t{* z{NS9HJsq89KUZI;Xvr>vv2MnfD?<_!K3~X5nXA`Wxk^;Te@7+HXQ|OMerWU(eXFu6 zx7tLMx-JKrsc6VV@ZCpu28cri6s}QA4=Q^0O7ggrZGj_5hHVTcC-JX6mh%J42-y+5 zN*P=TC+!t^3r(c1n=j#`O!$s37VE0u+&NXmI7Xg>+G>hmmGdXmY=rRGzkKj`wLB58 z7UrD*VsECCC||i}IfN`Z5;nVUas{}2Tq~t}YE|MF(L59_Os)ZY=L4S+15Vl3CPl%I zO^{GJc5<}6EM%`D%IIeD%T78O74HpQV}P?*NW*BgiPm+82l-Lwt{KlCdIniK&_>jF zxz_|1DKf;w^ddPk?0H9|MN8{eY6^_y0(kQzN<;V^340nofMY1`0PtOP#xvP{8-viJ ziM$7`)Gb!8sA>f?%Y<6do z=$B>C%V5GwrZF(#^hA@CdY`iK8gO&n;rx%GH-$(QyD+AJjN2U^FVSqBNuocQ8 zkflRjqTbh#_BiCCUxnylSwzzh_UjlV3qE|GtDZ{}?G*HxBh6Pq&y6xh!;%D46Z9C! zOl1R=L{hZDHKse`K5tI?B*_rE0)-k@*l%U;p&=m*MJqb((E?GRydKEJ-H2kZrUmKW zMZVl^rY&gMrqW=2o|H8Fh9fdgAs5rbtIw1jJN|H0lS7Ynx9kkXLRV2Yb*?o`t4q-g z2XeXo=1G@P&9y{lK4m>+8MVZvPXZk8&mI|i=^Q!91_%FixHDpmA1zOP&eF1mP3j6t z4)HR~YdNl1g5Gk3$_`q1PSJX%6o--KT0Ld?mP5hBE4tQo6+ zDj|vZ2qy%Ly))8Q4EMBA<#*9MsgY|l*`)uQY*aHvEoHoIDn6HbD)6RlF(~8LgCt9p*xX zzKe>PH1TJ^iAP3x`SkiuI3FAC68ay(`21oyeU%UDM&CRYM@|deKpWk=DIN6iNO-$f zSK=Fm48AZ!k(t;9o4@^_>do^bI4%5wo}wt|nl6Ff&4{U5_xp9GB*~E4Wv-#|mq8I_ zp(9%l!xU*6dGPzZl`vYfw=3wBe|Wt9)_4YVKj|$lSN@3&C=Y&173(`6$o2l(|M^3f zrAL9VOxeVKHPEL~GCx#dMWN&@?h-zdep-ss;5=j@BIqH6{o#U3D-(CnXv8lJ?`4ZR zAU^h!GCsT80j4J>f;!u&%-FIU&akRa{$()b3af)7M(Cb5HRCMoPN7Oa)$G;0sGWH% z-VKIH=0T{?_RvRD>MB1-!Sis0A&n4-W2gLRBXRQEk<|me)9%$wE6UlYsx~~;o#ON& z2js8!@n7z<9}uNKu@Xxm7uUYS_QFro(&I=_?2c8m5l|&FbO{l{vDN%O9P5$kzp)fyo*LcT zrjlgXI|yyF)zn;b!>8RHmwY=wA3&TH2_B>ucls&a<&Un76o zbnp;Jv0*!-bkZt^x9Bvf$X!4W-sIRZ(;$7~d1GBqt|NJ^@(Qt6^)Rnt90FG}EF}E_ zq%qI_c->5(+6DL@1B2u=BAZ>#2t~-*= zQ_1JRXoM_;R{=XArL!}TO#wtt-RZfX=wo_%5`~g-{AG(inC#hacKgA=qY`psEeTP< z|Km+*@%y7kIFV489}K38h#zHMVM*>}dw!}F8I1!8mNy+Oe`e}L(!~xM4b4LZ2xeY^ z2c{O*hf0m5B7#B@xXhs$*(QI%xw-nH)u%$;r@h+IJ&l-Cv(!q#b>8 zHrBGL%*O~gOiV2-`ruSO0==T zesYx-UNFSO!5cM>jbX~m8%-3H?F<&b%^|glQPwMZAc-xfq>x1d>Afbms>|BddW zgg+S@M&}VlIan=jb?K34qJmsl+%x2i^1c31JXei=7EuCe#shy3jx4q57b@C~FvgGU%1VrTN0;A!?^}rXfo=%HuH3t%<|T3l{V!BJot> zNX%MU92onzsdq51{dg@Uli3Bpi$T{W-WDPPWv=re)k}dv-h&b(t|eeJ`JA8%}J~Wf+}-0<-8Yv(lS*8KKk#UU~%X z{dV>1jZeC9-fl5yYL5>jRCxW~&i7uu`a0mgx!!DQ49=|D#NjmIt!{V{9F0BQzV?YQ zrYq1a`sH1{1+BlI=Ty54Qf~CY0^7qqN%8c^NJsCWmwsYp$lu-T|ClxH11l?QEsAI) zb&^GcrjDZGFGfa2*}{MJb(@op_~a5&kNAro0F65n6lT2_ytq9xPTSMR#veGU4g~ZPTu6paY@IOZ^p zBz|jl%{jff;nY=AU3iK(y;4g!`YK!S+9G@HN`-Io@d6COl;w8v_qkn>tsCFTR%dOM)EKT&}kgqz2sdxI^+yLBOiHX>j)rR zgipi@&4hzYk2x}i@jbh*e^&w8L6Idnns9P{ew_`aU#$P|J}8jcS%yW)EKso4CHNrE zFp;|_{c1`{=Nu|x=+(;TrqN2(x1GZwx;qh<=0&eF;!AC+t8-=uhn_n7qE{YTzy2ZH zwv9P}Siq=e;2yuC*Uo*XO0~^${`Hl>uum)1+KWAIpWMw*PDDm4^$*A{G|x|Ol|ws0 ziD$I~PMKrjmyS2$SF`(1+{`h;Mss%_?_!CtqqC~n53*fBW-J;t>QQ`+fDmzUH}kMBD|S+UPceqSOh0RSqzG0fgpd>40ecORs5IJ=dc^sOc8ifB0(9c4<~o<^KUjUL0L!qlPMcZ z0lvC!O$)ZkwPSws5>l8RU41QZTPci9cKwCXm4^5HLLSg*5Xxd#Q!i(x5u{^$mb>TP zo-?jPFGH@}D@CW;9Z0@cX3V2i`H3nK&f=OFsmpnV-Y2V0LE({bzW!5yH#{fB@(5WS zN7jpt!4Qt#_2_&$a9D}kSa8;hAeuk+=DY{jM1V^mD{S-k3s9gbqX$xwCpY9XEgNij*gw>75`(kqE&29^Uh>*l0 ziSrcr4S8}IoJlICh&94M#$vg8GAS{*+n(z0+by_B6mN}Q5|{&2rsYg@q=a$? zGd6h@w&(S67`pBK*swhbrRn*};-`ehV`1rQZ{@?MAM14apGq*+F}b+Z(T+!7GQneK zR_?F-CfnnD$QQ$YzaGZ>&5xf^i~bb$&L%!d*F0rr4@|!?zy;kpNS>S9%gZl>K+11X zUR?^Om@vKQ4;!mznDdLCf59(fp0b4qwo&Mj+Q){~sET>$DhH)qfnb=aJX`X4^@?^2 zOMxftwPtjW%-R#jB5t~fTD>SQ4;Q|9cF&JwdzH8{N&yQ?QT#0n(@c1cp22Lxv)Mo` zk<)tgbY}~}+*D4{>U1Y<;!b2NB)<8DP;d}iRNzf*Ok8G#d8+<(IaRgyD`ooRi6c`s zu0Zl9-^n3{!D(#)wYuHeEAb|GGo?2!2%w0-m1P0{@JA6z_-aUQ^LOI65bK4RAG(ZI zYw%)7{OaA!YJTu&R=nhYlS1V&e)nq$1{jM3Tb^T`f66e$F`>bG->M7_?+ZerxPbCi zk>c0CE|T%z0DIRHk1XsD$7KDhv6zaN?=F}<@p`R2bBR_9*$f4B0w_+Fd7FCuwD_IQ z3|8@Vkqo^B!+-1q?;X&Dyl&u|1qq~#!nmObi^+)QIqxuA<_&Mq{gSipEpJlIo8DDG zprOF5n5riT99EB(LmdtHNcm%mx&QTv!m1pqDEUysS{oXpSV+DpEkX^?U4G0;)F0x#CEBsVR0Pidc^i%8)? zYiJ}QY@bJ%hpLciNMUD^)?T1IBbaEUqq(h4(>or#c#fuYemJLFOy+~ds!+-H47cBnrK-_5SsqDDS$%&tZkBl0 z-V%wS<<6ba_%Dt{&mMWN9^9UcAj4;5hAmr1I++Xgt7XIc@htPsnZ4KnGp-kT6S~Tj zL$p30%2CO1$;>83!RTm@G{BFp|I-x-qp7`i$B*OHMpTnhMi7w66gfDhD&}Kqt^t{G zYfXq*RUD5V&K~eve>$x(tY$duwg-prTj#YSEEzGS&E@o`rMhx=n)1-e{wj-X?9M@dvM2}qI>s=Z#FGGZPb@HP+J0TcGU7Ff^lxmM?{a8stHG3 zwMBkOD^B|P^-VSD$lu=74qmrQD+M75?Jqt7KOl3h4`Nwmu%acKZ9S`o-smD!9RvYd ztcMWk5we2zmw6Zw+If8pb6z$No*ln0OSukylym3cuN#{K(!E+Erx~9Hq$JI;cI8PT$oEKOA zs8v9r*`luTyjoAw0mtdXJq zGtf-7@uU_4l@Crz2|c5C8q?sE^F)1i-k>c7gxc=}lg)j0`#j{$w*R-6Gei<)Tl@xe z@41#!J|ZRguv5?#C343*C|JXHmr5HY>Bz%z@te}~W!zna;08}I&sgvS!5lIfB{+Qt zq|A1g!w%}a;9|Q&NvrZpzoV8~5ShG?Vy-V?H5~G4t{G0D%j>q+q zT)cuY6L{3OG17HtbcmNcJxY#GNovEqZOl;G=kv%=Qj=EGtg1x}qtcW*P8b z%ydtf>D%jE$-Vk4*v)eo8h!e*0@VM!a)nG0Kjgolnod@)^Y+`>$9JuYXvRXAzh>2JjmF)ubIMwJZYE~A6}>y zCb1HT{^?5TtRW#1gfufHRz5j_2niez_|--LiKkphM+^19rKV9x7S908zt#$QwIIVe zRzAgWczfhH47Sg6&k<@ILYc4P0z;CQu_bU)$5Gk|H@Ab0dK<}-JN>1*p6l|}j@BZt zJu$ItdbszcX1x=NuF4FRE?y8*!lYB=pQqYdLQ?@BEJg2u_@<8+hqb1Tw^P|`(RX^> z;oe8_JD=lNdH%MlK&U|=Y_t#^avXe4E9$?>^APSm=bb?mHxG|8 zAiW^|gs{Q9$EYLy`B%dxq<9xokT~>GPg7IVM58*!Nd3R6Tz?P#>m?bVJH6`Li_ZQJ zI{YPzjN4b}zv*t{xzd;&`z`SRh8$5NShU||^#k2K!3O^SVs8JNgRNkv{5Rof?wjeE zz-BJ@GB?y4N*Icj`d4ME#p>*kFY2KmKlCSxM0SV|n9XHVHunE2{`_dpj<3buXqKDn zCqb{SfQ5`>RU8sVibS2gN%MHZ*97l6^v;$2-Nw+y$jSP8;?mL*gh$>4&nSXr5YI^3 z2Q=jsi~9<}7q#YZ#EgKnbP`rmdW0J&-0i>NOfHonpZVv55iErymGs^J{oDWf`+vW~ zX4cm5{d>}Xf8l?;qtkD$h5BEQLJp{Qw|gYO>C!g;wBKAO1D&&r@MNr;{%-^Ldu=3N*P`05Gg6xaN~GH#*0r@Gxxh)1eN11QyBv5s zCja-*8%1D4oyi*e;j(<)1-6GGe9ak3@)J+Wzd&}wbb+?*m3tSea2fHRF0KB0d#a4% z_KJXT1w#()+w4Joef$n-dIO%ycgo)llZ0&Y_kX%P$QG`v_NyZK`8DeKKKc3i2c!YX zD!ne~_4e4H&+VaY(ZUKs)YqT!+;AAj--KUD|I?jL6vRG;+`aY9$n8((yOihq(C7Cb z(Mc#}d>Fdk@B=@R7u?xGDX94tk#(1efIR-=e8umZ4O(LvZCAOcLjdTOPC$uf=-QsJ1&y&=hI&omJIBrzCPqZ z8W4mc)`2zr7Js!@N=h$_TBwGa^@>5?RTMt|jM;(lrAw(g(C7)F;ROdqO#ofEmEq*~{V3!D+e1?&FrHxg9%Qv)&{sjnEwB6{!0C$gvN?2N0R=d`|t zB7Ge&@iivMw(#iAuVsHhiOGk`6ouL<^8Fn?GCAw8o*RSx)^{rp44_%N8(JT|Jo@o^ z&QHY9B^ykRPgc}%ab(3My^=QZjJVa@>4S?SO%%|8yK4^gixC?Xb0MT%+`gg$7Xzw#Q=l# z>lZ1Ff<`Rq7R&l7U-|PG+rgD`&t?Tu@6Rvm2vWbqKMBjehKFBTI(xT8lS+G6NX@;b zn5}hE2@sw6HF)@=CyAx%YJ-vZh9;+7_dZ$)ehgCwK5F4QL!D-1Y|fdI@0IiUhF>u4 za?L5*_ekH#GSe}3FdF&mUIq0`i#*``@0NDFrnny|;{Br9?tX)W6bLPsB`^RH7&EZ6 zr0a@0pLhAs03xBI11A1DMBnbhJLJ);yjji?#htn~+dp3tKgq>JH4ZVzpFx61dSKM1-?FJBppw5lNPMkUv2Z}1(H zVSESD?|#pj=WWNiJ}3rog;KZe^v8RVk-W27eV^k*IwUBZYFC@^)=NB<%ta602burR zdSXr;(6k(cPWSa+<8ga^Zg~!?amC$mZEw3@>`J?DW*cPnA4N@!HEZLt1VpxE&Kx=kTfo`VI#ZE=2D?^ad6+V z=mfyB|9%Nr&Ue0l@yKmBWK-fICrzW})fT*E>fK$azDKZbW&d{fc-g$0nc(5iD(az3|?_HAar7YRrVVxFMW zl&ms?waN@9E1h)x^qC0PC!oY9(H$%MZq5Unl!|{dUvs^d6i9xpDl% zJ894sT)*a}9S1G|uvpx3-UkkjI+`mMb8^V|{r`|9m*wU_& z(8=#v@G3YVZFCG=s@_z%8lC}LdDgoaUu%3Az4=RGhOXn$BN}Y@FG`+}?$c3aDy_0Z zJ_MbapnW*tLz9Dz4+gQDlyGYe>uW(8yrB+79K++q56+S0Q~CaZ08xhYJW`GaQZfuc`doOQppF{<5Rm+#U;;P?toRLk(b0?GBykRpyK zi2DA3XDZQiKjH=qe0y(@TK`5iV=j&rD|CKg*B65=ba^4CFel;N^EVLaDE`S?$9K+r zIc@aeb(_xfKmf-6qLmJDupiJ9!n8KxFSmvCHqy2Y$L?L7x!d zDV^zW956F}_5(^RDlOe6=I#Z4E1A>dowmRyUq=2XqjaZZM!gP3fh>*drLqNo7LOjo z>tjAb5|^{^%8ua8v@>t4*}B@})x_j`Xh&Q|j0fIhp#T5}c)I0#PY>4TbQ~3^iwGX% z0T)(P`HqUK7>HMxZ&!niTph<=*D#`H_2PJm?E%~9jIr~~&Gn+jhwH-LG{X3O5)nO> z{j1@FMo%d{x(6=8S~Qnj!%C7`+%uqdAyf?B-@e+C4%!BOOHe%^kX~iSkkSYRZ;MUl#WU71jLWl}CyO)kFU+ATQVw z`3GYpI~@IYz7DLRB>mZ?>nJS~i6OHL0%$uCE zzbyYVY&vrPB4oe1{tMLsY+9CpBk@jWrk@sB&V99`xRbqu$nFlc=hK>Jx&Q(7q%of6 z+u=Z4Hv z2=x>amqVUH(*NZt!1Qbw6Rb zGpNZKvyt^&Z22}ieN7Zww zPJ(1E@s_2B1fpe`k=H}y;45WNrJIiH5PYI--y5AgXtfz_kmDu~=PBqaZLv@45wnTy z{I0FJmrkX*0~NV z#wnkQt;^4$*8{uw_1+g9yvwDJ+RB~pu$p?32auV|L$6H~0gN`8KbhDy(`*AjwSn_I zM1kzzkYMQ@28z3srS|;_#0UF&)ZJ4)TRWPXr>P`R(+3%hPP{9oi!L=Qgx_Sgrb=v0 zj2lwa)}DX&jdPUZ*DD>GkuWAO;0I@9zNa~tMVdpce&A`HsZm%Sb_C|nnimf)digRy zjHk3Rc?U~nn)oHltiZbD!7d`vklEt%0iKO183+|F*T!wfqv^}JRAs~r>ecN;kmDy% zvdg16;f{n4JsubK${$)Z?#ZiOK+TRM{z0kZ3M8QIucuxE@yNvm4<&3qU(@ci3|EVDF6WN74nPo{ zq}T3+9kCop=?-XtgoN|9GE2au*U?|?mzCF6R`(n=Gn&LybMDi%4Y4_OW)FONy0p== zU3!(&>ytkee>g$7u4jRv^G_t=q7ZGOAh)V1k7ghr?3Jlcc>=BweXmIzCZYE5o5v zrI*{t3ku->wPEm2tb6toKN0(0AmP6=&-ZkAkTAv#Nkk7mw=#DsPHW~K^8tkj5`W*l z_)fvhRHKEoQFZ0`*AvzN%v%f}>N8h`6G%dwZN~^xKb~XUf^&+;ViD% zvF}C6t74HB-gsoY%7H9Dy3k-LTyGyLSjkly8ARw}4$=8<4iv)?dfX@?_X>tty2e-a zP7q5W3MX+(r{{ejrxK$y1K9CWe!h!|K@1x`zfoKPXEGSbVZ(*Qq6qAl;Kv5Mh3_12 zg=KN1NarbQiyKLr(&5dru+)fE<-p9jOT^5ubLJUYCC9|QSrAeT+2ZI+BO`+zBO?qb zL7~8nVt8cYfv%xE&_c-{A|4(Po|;u4OCLK7%1)-GwU0uBk#Zfc8kRofX07MCJ6q(r zT^J&?V}17SS4x5`6lzuQc@_yH)M||%epc$@Ccw-o$p1JWM^`R040QnQrUptgeXr6B z&m{7GJ|$pDPAk&!xV=oU%oX?Zo{4O84}@}G`vdxhaW6GAB5yjOCo=r;i%52ryXZUN zhu+~Doz5!iuezO{U)=57@P-9tO#^1b4(Of@KFg-_#vQi)PjG_%Y~(Egu2{`4K->)z zh#JyD+2Q@6UDAe_zoA#uZ`;JTrlhvWSJ(lzgR!2_9B50d2i^NJ;O>ycf`6A4@j841 zCtTxl%Bj5&aWoU}1W!fiEl!(` z9Q)}pl_4=zb4Y~WeUp7&0 zQ0*W%fQVk+Z~TWy_IO*^#nyK+VlXI=Frc}x7+hF;lcI` z^b0-7N3`Ab?z$#0!s!f@seLz_srCbiE@{35uRVoz(bkv$D_BO$1Vj#m zarlIs4voB7`l7VdE%YL6$XC=RQG?yKv`1(5t`Q*p+(fbIN}OVGL(w^B9yT zmTy~ny+*@f%KWt2%}#KCW4;C-tArxzX;1dIYL+;3ngTclYrQj}yk83(MwRfy{1cs} znW0R&n?m>BlpC3YOUw@?GmS^%g-R3)bHCi<&a?*=>lHORMeJEi*vzm@nnVCSv3s-2vL(Lt;5(EgQOnuv{h*1U)Om;m} zMny}yn~SbUI#qb|C!L=2*r_WEC?q9Z`CsnD?obVQPrL75#e;9%&ZH95{*3l|!AEb_ zy`#7oXr{@1hQw@+?yMuD@p@*h?n_0&53!B0jVhuq_d|mNMo*PK{Q?#wa+*v;bdp{5 zQ5*~lF;~-A^gaC=G2R5`DWxaiRO4X1V!CUyGT z$jbyyS}j~At%O4_75B1B`U1YlSq>4Bl<{wmx^m75fk#}{aU%wO?(gTQ#{UN{Mc=mj zHUb^ZlsC0QiWSxh4an0k`rxh3po~YY{ehV^(F0qeO;m1coB%6#9nR2ZGqRo$AV~xp zLlAKiWFR>i-?-1js2P4Dw~Jx@McRP23riCcTMhSdr_EPGVB8riQ7Q9A)D544DBzzU zLb#KLvW<2JF{Z*fbKC*xlQt<%JyUoTcQyeu6Igp{?v4i!!DS zF3KNOCjip^1y)#h#*erbTTGb}pIhI%$PgIq#&{PSnv=;q;Yz8M%V49IAj3T>o%6%J zmdX2)!%3v6m4?tJj4M>hT4OO-(7Th$=X75m^)$(s2m_VNQneE}bd+iQezwt&I_-B0 z?9a4N^iq(sSgubtJBijAKc_XFZH`tI^;w>I*VyVs;fKvL9E;fPO{~2YBIV}WBfS!_ zZE3;kwns#rtPjN_+U&2^R3OA>-jClcUY!ZB=nWv56zerLP7q^Hq<4|dME(rV;+I22 z_sWd%ZJTjfh!ZeXt)wRw7Y!%fc#4Km}Y%A-6PB^JNM03_1BM(#?_u-HG+q)seBz%3HDGbXz^#S&= zEyLsP;zC^3j(|r!{~%hB>D$zwIW$4C9M_8qC(o+2X2c@2WEq_KZofN2eq*NDgXb`?Xmpfs`( z*ZHEWIl-u0rK*yjV3{P#?beT0HgC&X-0Le~KJh;g{H1~^0-dgAFgen>JT;cv<24OL zycj`COY4D%AC4Xi`#pLsu0%wko(G6)M*q(zGiC`514t5VXAFbhs^`sy5{UFpbQGFH zC!Qa3v2E1$N727Ct7L?82qAggmwO|>QDrN+n4v%BV&n>+YT2T2Hko-5I84^GXQw;xX z${A^A0Cy~A9VhNoE;vK5(+cdCBbIS~W^>n*;6n?1=77#(L{gPa;-0wuDQ-HhYSHJ? zno}ko13Bg2EJqv!SUxDqU|fEJr+H~ngw%>^t^U+0F%6mu}v*7+Qy$4SZwCxfu*%ye%NNgklWp)eb>vCK2S8| zh2xogGN-B3K^u(T@CoN_unape&r!XklFLFqTIOJWC}W{k%nw1>d%1mrD^@M2MVQI| z3dCnp8o`=f9m-R$$>kLkFE%zu0%UPn(x!4*(-)T9k_k!nA=*%go|}@jRwbqboN)x7 z+p(ff2$^lJneC6wNjkH-B$R3IPt!t+jdY~Oq^Knv_q5Sgkq`&=w_v8%{%A-Sb-&q~ zy!g61S8NG*J2|+cTZE>%!^z8GS{SFfqum?KbD8~6k{c6GfH4_=`VL5vw|xC~qSfz# zWyY_f*|`$ZvwyrOTmR#2r8P2{&j=}%UGhLM0zqJ}?Xh?EIq^X(_gS63b4t)n61^7AIA#`n`7;Hj3X3uS64X+Fs)KNQ+l z5f2Y(aEzB)U{B{k!$B#5P_Q-EAsHO|40#2+B8UwMpv&!nKawZ|lu!f}t!FuXtI8x9 zRdSwfkhLz|k-+9t2FF;mP3Sb!Phh(q0CGvagroOfizc^*L`SD;tdDk`RIG7tZdrgo zwJx6nG)0QmVZyLE<|QWE?)vO*G^?G~c|y9ag-72UhlrnRKulvPr%`(|H53ORDwXBC z{l{1Y3pEwpocV`^@(p_0_r()c<(VYPe*RIxG9A3b#-g6jYzi$~->u3AFLJN%1if%@ z_7XM^pWpG;%h2e3SlX-KPfIG1&PhD`Gb(_s1FoU1DES2gw~R)z$^?9hdd%pJ7JMUz zUeghH{tEVhdGsWoK>4+FCEW`VPFgz53lWrD8mW-PAVvP`5$7#?Ui*vcf`NJ+$*9ovrzV~^ ze);sE%8OKT-o5uK(tUu~w;YSF3K-GV$m{4r_mTl~+t_nr67{jxsrg|+9JW6m*tF@{#_;j8SwGWjDqUCO@l z-5QGi_uFrSi_{gA#6!CsF7#}h85O@x+w8vYP&rTI!Ck5tWRjv6-Qe&m*O7QF*4uMZ z36y-O(b@$IU;WN2m&h>A^~9?#Xqk(-2&}C0Z}SqtC)mMzmU5G|@#gE#Sv@;g1?_2a z`O3*jY(bJsZ8UKkMzW?k#KjYLl!amCH&355c_qL4N~^p*yws61Ojc2T)u(?df;ut? zr;WYc0w>n&;-7A+7`;S__PC_?1z49voEy(9I1IQ3=iG9 z(2aRGk|mWf=6lBz-&9M13}0JLI&BjotZB>TxzsGH?{N9&Za7-oiC|`P4M+xk7 z8l*8wKcL&~XE&>J1&2tzJ?ledi=l_nYjP8V%Pa=ge471o2ke?MkVt!aTL`XZH+^0O zTjnBWof!xS5_A>d3Cq6uSjwV9sCl9sKu;si@BKkX^CLHRf7w#jIp5$Q3{@l{VH+b> zv68R=d!de*CeV6$bUYGfp=(#*PWcm+K2&0f*LHp9<|rj3JG(PvNb|HWCE;vfwu4J& zGT(*AX&+7S=(t!}*?+pSI5J=UjjWZ+=RxG*p>F~nSAy>$Gz>}-jlwS9be zG>IJ)_;FR%o1_D}Br9YHt}My^$om3iN1-~83i2Dp9i%$@)mClOiT&pNR#nK_laJs; zDp<+ibLm?5w<%q*dR1>&I`0SIhu3=V%lHRQoCuAdygnMAz%5kD;urk7UpO%Y-d#)Q9B3ZW zqwr>Fu2Mu_jk^M_rrKpHk&Sni)<$z#% zZ!^h|bMtH(nEjY-5jZGJk+|9LUd@iO>LN`u#`ksIciCZRM>Zr`E=80hgf7tL!rer2 zAR%a8~8LomQe^3dUIn9&j(QJgE-?2G!N%ATzHeojjxG7fnOJoM$M7 zP!s&}4N2ow!8uFJ0p%Y2s<=LEx597SRSeYuw$!{;Yri-9%@{#qP9X7Yq}5O>AJ1&p zUl^4(Oz21Y6RwGf+$$RQRc&&7Xhg-U?~VDrQ<}0$avq4SELZHX`kDCrrL13H_A?1~ z6G7vYF_FadAyBk#&Wc2Th9GhBu8#I|8@n5D^C(=?*O)4A{HQBb1%3-L zsq3+3ffwDPOh4>|aVzZd`cg7eYkIJT_Vhk|k;<>UOxhvE}7Bxw*Ur~6_ zN!JETzHY)xlND*kyOgygFSb1EfRt4EUbszci6~@iEKD9Cm7BnG;Bk$5Q^BKXJf7V< zoJI|hPM4{o{%SbtZI02EKs^i&)Y!XWF{noY_>~ei@5?{0NI$ut$y6ld9(hwvCQK&L z2LRJ9<-G-4lu_6584^-hO+oucA5goIFj11>KqJ{ndH1941(Hko@uOhdF4Ng{7vnsA|k*FV5mFJ-~&PooPRVRjhd}@Nd@G}VQ%Aqy_ zP>whFqLVo~*CV>`cDaBFn*6N3z&L^rA0lO8KJblVTEl1POc+A%&E>w=*R54n&9`4r z-0I8c$;pp*D{we2joZyqeLS!Jp%$7#mqU!Fc(1(MCaUtp5mr>|uuuC|e}+RsC7wLy z15tP^KD4pY8|o>SdPjDL`K&@3R+{-(_SMT;LvKfXd3(3`A?LnDP!Jy>?Jk%xDYb@1J&RC+Z~TzD_3K{-41G++*~d zFtX}BzpgKB7C5I+@DXHx!kR%bqX&s0>-D{^&hr+U)BrmL3UkHbdjbd`N z3Peg9G~L6DZEoTQr-5j}^YGW%3KT)$ho3~(wqgB6ekm#1ovShem2v?`h+}!RMuvGD z2ri?I@gY?!QbZZY#}+Tq0HZHBSD+bDE4?J3vv_PjOU&2<7kgZCmLNHXr%hEhk?H-S z@Ts~~>ZFB_HOGg4P+b?Qqpv`Tu23s7`D(@ico)!yN4l*t=-PZbIH#ku+U zPZL`((AM$a`R&rqqDjcUPsaI{%Fh+)&qkf$PL5!1soJ#k^g_rra9UB))9a{3j$etM z0ccKkuNyJ3+0pmd$wIfXH!rEA&ceqafLL^b{;W3Nd8|a-WU0eg-7>XE7aOQQiAvs5 zUlLCeE@YQhD5QnRLpx80v-xGpl1ds@{b(-Rcg?aTF7kPU0$i21af`8k38J7CILqsM z;tNcVoebwQsGkzETfsBsta#C#J1AC(-Dykpg-FZ5NEkOtbmqB4GKYptR}uFCH6%k@u8Yuak{URts& zGlapk!vU9J7ZF5~01{r*#81-1qycs|r?E0aI>(>G#mD6pAq-8@z@DaZ< zB_G{(A%YZsV=f}HpHh2&!^BQ;8?DK@qa945aZUT8ek`{{zh{PJHHBz2TGf7K`Cf0e zXE?-`XEA6I&9K-BI(+Xj;w~cpxM?>XytQuccU!08&bLxFTs&=ghP^*n5z&1>#Qb4E z<432{ELe-D9`}u=9F1NEz2HOp>x;X(DZp;`Lq3O*-8BuP!YpTFS^QD!jeot@zV+d~ zvmmwflD;MrnOs@v#{3vr#|coqDV7W~2{H8p_E!T3&U_bo0}KpP3sd2{u=p45q{$!V ziS86k|7sc4>n+UI!E8BlLOfkp17s*g4F5AK+t`ZNwZyl!EB=K%pe}nq&rz0~0~Yv< z70^kK_gAJ3VVu)?MNnX01d8{dSoT|$m8%ZV=h`bVu+VrW#5z<6~R#)JJZc2gV`n$QQfU3AaQX)QBl#a*NT5K_#^P| zm3oSQ?oz$yQ|de%px}wn*imoeS30=w&B_yyL?!uk!k(*GU@*BJFXe7+`geRR>;Gvc zWIUN-n0Za3uPo2Y+>FPp@=5(^Y?#|-sJvA!snVcLt_3kDEpZi;d#u*Ub9gs^2rKlA z=jWgog8zJvy(Ni`|N3ele}Fw|RJ#~Yc!xNtZrbY={F%-5y2uW$)9op2`ao1@IkUoE zvipxeVs|P~>kFOZ2yv2hXSG{73ZC@s|EVPY7yHO(TGJ$;Rcj$Z;UYz-{ef8fOg9iJ zdbFMMZN&r6np51s*{!B4I3dhQgNtzzWpmDC!OnNEb#KJM1U@WdYvXJ{Ax$o04b`vW zR}7tiZXPj~!)!0SsX24^nwRRV)7NY3(lj2lm0wz&TAHUFKhQm!3cR=f9z#;+Du{=3 zK_qeV+M^2z7ZYvS4?j4yGv}b}w-M zR~pNYtD4Iwqox)%hb`rH+_W)2qcwDAjTv2;Xgc1N>;~pppA@+Aj~sfMuF679>CjE> z{<=el#PT)D#tj#bnXLC5Z^mX$i4Fq$tw;$uG)Eqi=|^g>Sj>JU4(r7ApCl@@^HtRv zO16=(0^z~g~{d? zZj|ZRm?*;6;AW)|cocv2EPqcFZuBN+LZAToTlAB5{n_|0rPf^W57I9>W!7d^h3|Ee zIy|?iWs~Sb_B94I`u8gG^56k>0$%_PkokW%XF;K+raA-Qwc%e}_!1~28@+oq=X}~y zOV+9#<(4BqVFv0Z+*HTQisQxHa$dQr6ekv0hCBg0-TO>If&NKuOwRQ?V3w}N~RqFW*-r!fFcQbP`gDJhD_P@m26HYhTIr_(>)INP!WmE+;% z%7N7N#lPf!!idR(S~p}qzvUNAv$)GN)v33&;`hLcJw-Ab+P`DJd}suC1L=}0yS2I9 zTmQ*qdeU76hNV&yX@hc;A~aFWI{u2-Sw(!6ud;4wQWmf*5rd3ON53MIAJsExK76=l zj8}K7k5SI{a7s&;h8o@gkh0$mpoIag~}sJ2Wh z=zOL8Z%AKG|LH_KQxvyz@^#@1df|oDC^{e|oFNSuEQ8?x>*`4MQ|=T}$H){`UCZ&! zraF2d&fQg&GC4+^AO2cluWOZG)J5K*vl|IDcz{ecVAH}feecpOZ9)T1I)2XUXSE!PRXgY+?{{6*S3SL$X zEQW!Hch2DPdtI+`m-;g`{2B?$c`D1mx}5t38IMT^FJuPBum-lS-%g{PwEpBy3NE;W zKQ^+T{N&kauC@xviBBW8H-ma7LmnYh%2h#ZB0{cbT`{0ZCkLl_vWJmWJpwu|ZmJw}8sv{qt0n z-D+vogMGjCOr@y6!6HEM5J|<}7s&pq*8?Fo<{myZ>ksfb>~2f+yV% z3^UHPB5NljXXWu}3q$VY{f@Cf;$$&XpdxE!0fwEh;y@I;oMsLcUUEJs9rB^ntfkVZ zcc3P{g~{xhTgpiu915_?ZP29h{f&9U;itIWMkP#?eS9D^$UeEqC4OIwd_xlT%H0Qc z3t4^NdNKE%0zz6(dr+9`)w)R1`06^VM) z-;Hd_=Cq;1-#`&PyQe3Lubg#yy%4#kQQjSy7gcF=>shM9fX;`p@f*@2O>Z7xoouGW z*;0&6O^4<72hoe$zWZU#w@VRK(+IxI;fUbylPCEcd537o;EeJgwYc>~R0gBD9{r{^ zPQ4<3MWNClob#n-@uT!eOoY*-xgtG>Zy*|%B2)UYuGM-#i9$p|LdnL4-4}_E%T%Q5 zXroZ81t!L8l%-{+`%l#6`wfPw75 z%+Ss&fI`X|qgjdf!pyujkRDi?IuOD}`+TBaFHNUs1svAQU2T<)y?uRAKJzy_YaX}f z_@S7`QD4obcIz3?UHFTxgA~Y?vTcb+##H*?d0C!r-6>-4!O63?uK+0Tbm`<*t_2Nz ze;hIM6ibi$8uUNJ$AVzX+W4_e9H-WuCKN zmNP(vrz$!Bq)wXED!C`wHB7d?I!a#&zL!YgWQM;7kko_ zSt*gd+H!Rj13+$sXP0;Du!bx@Dm5L+SC^}BkTtuUkZWOo$7rX?7p9?-(Ngg}c`pwi zS}Ov92J{T{`KlOkrjsQ4`D!<5{C#x8V3PQ04tdD5%YX3sJC7VJ6fN#DjQdbG^f|X8 zD3L}q_aWOiBUh6^BmO+6eJPE==Yn0I#3X|s8()%k1el?P(oDVL_Yk1NRkF2Ev%{KF zFQpz^5-XHtn$?c377%bwsXjQl(*_(5kpv8pVp59hscUpq6l$Zk%gwNHRiej z;sP!DSql=Spx&Xdu-2-Xh4~RgYP=63?Y-93Yuig z@fH`L9KRNGc_^|y=Ogx4AX}8ZPjefiSojfETT$S`Jh`*`>Dhg~^7odDt(C5(>;TaD zlBo|GIqC|vsb>z&=kfAVyDoNVKNI+e)Fm2X_)pc-kMGZ31pkP9*dkAzwGLKs6<`I{ ziA#aonu^?)Twr3=6{{a)8#K0O6wLp9?Y*L?)8lVuMn{TZjB?znJ!{FKsh%T!qRsu_ z@*Mt3j~!(_%vi}m75s1%K}4`CInm@4zRwPYM5;MuuQuUv%!$Cm%q%j|by^HqFNx`t zySEO}X zw3XL-<>%Exs|h?dZAC1-nwEOW``L@B$)xNgUzB4#T03XpQie2D$I%PWBF);IyvE-B z+*Q)?z^Q5KgZJg`)cAwWJeNEMtKv|>irzQ?G_rDWVGF|OG?-%-+2 z5<1>cPKN1}7R(-hw0-(KIKb7%R;bk_m!TSQWxBj;y!lD>?y34K84Qa-KhfTWoz4=V z7?))zE5yHK3B~AiUy}>eUSQA0fdfkRu0VQ>i7OR@x7s{HyJ=viBUJcm)sQTF6~UZP z`240g+?}F#|7K3C^u_M3`*&0pm48lDWyvC6F02Z)WRH9C5Y~Pt+rfsCoS)NBTxQ0r7kZT4e7T>@ZwweFs1w6u z!%|Vlcg6HIz}zyIk&ejbKBluG>- z7Ok}}vkthiQ-%6U2v8_R=@Ss>Ed)dKr#El5?f4{=>Wdp*C$oiYQf;#sAnXThhH0xR zHLER_C0h_$zw-t3HfNqc?>*A-U4VR{&8OH)egAdTiSj?f6fJ|U>!Say>4wl=5+VIgYEWi!rgChZsjuQo@IYlMgPFTB()^`Yi<{z|rYP9)_P zVm8nH__|rowYN8qW9gq5%bdrWCA4_UJ{}JJ=J*W=tk>r#&(5_pXdRvU^hP3K`gD!^ zP0DFIi5MCSkFTNYx|LQ+nwNN8m+m{q0(y-^!TB+EN|7xC|Mi6c_4(`GB={F_ji2ca zq1zoLy$Csew6U%5saI9#R+U)?p)YuWWR$7YSi2uCAHQt8QG(_Y-1g=^87hemGI-}g ziD8grXc4N+b9p@#`#mJ&8v`5~bTLPllqZCM7X?-!>^467_^DqY4ZtxE!FOhcU{rKz3M5&OiE~ErQ zbJ@m^`6B|E69<7k)3>SP;x%h<`FjgB7LD#F8N2Ow8$Dr-zK^^BZ9~@_nO~kmYzhJw zMIa}84hM)ac!5wpj|GSgRJuTT<*i?;9(Xmcn>u*%g%EeTt}fYdCthdP@tdK!whC?i*rh*M=LEIiZkeqw zsRi%1w3=GtuKfC75<{cY76Jx^VD#2N93?e1LWMzF{0`tS2;2hDBw%VFVO&l&oA0or z%j53|FZ`EV>;Lm6z}5)p`}fuuLFjo(10V&yta6Fby7&s|@DxM3nM&yb3;)ARrMDWs zbo1&#KOQDoQS|iKa8a3ua(atD`u;kC`Ai8)%PUeVQYqAL;ilIpMWUpng)!uCMsa&do7CmC)h>WZ8u8R85PxEj%Qa0hSxMe(lUQ6o>l0~G90QaMge zzzYp6FOwcEHAp?)L6!66h+93*U_Lsm_O|=nJ3c*tXz@@!P*MGH{x6vFU&}M3_%Ao^ zRV?a-PB=Ub1Y0I1OJKZTocs?mvWV8h7B}r*Wt3BjEnB8IqPNQ=hKfr`)udXP9Rs#5 z4d0}+Ls1Bsqj9KYGnI2BcbA(utY?ZtvL&M4^YXq)Vb%|9X!vNq(oE$^JYW4XkL@hDcu0Ufj#-Khlky`W8roW*mI-M5tpw*$)>)Wg zKcBcv?2qp`@(XPz^1QG;zI$VD<8=odNKYka&82a{>^_;$@}%vWJQ9yC&=b1fH8G)l z$*NRutNnqRdh-r?FyG={aYI5#IDij)t^eLD05${O_}2$%S?@-fuRH$6{;4_pV7y7I zRY*%)In#p&n3@MyaVwyd(|99JAkpKTy?D3yDNC$Dgow+51SW%aht+N#mV>(jK%5|n zxR(TRrVRNeu{sV&z}Bw%;)0>})k8`N6E^R2isZp;*+jdKms*Jix}>C}$HNVqLOO2< z(4uj@D+tj83e=NC|Hpm?-n+^>@L%EefBk}g{sxcs@0E2mPiHm0B9+@)Lo=5=uO*#r z9CPuIqX<3b;+P;5Ue{rqC#8@3rjZIch8faZyb9cHyIvKGz@bv=@b#HrTFL>wBCTdQ zDGn~K)8n1%&HX*)r%zg!oSkj|g!g~{f2}8_-4Wf`t89Oc5Yd1FMertYuvFI7CH*6@ zPqm*oO`FGcRv66r9}|Um3Q$V|77G4&0^Iqy)EH1ubVvs0?9-QS7C{XqcCfc9kuurc-tEVOxDJMK@@kpf5%GBWauhNnj_03+J{>Y*a1NZl5xzMRH2c5r~X|t{} z>01r(noc>r2Vt30Fa#(Ply?1YKL5fLz<_8Ri8&5!L3fEX){8S>f^%QJ$q1a%)qdbHY%31bcYf;~bm_4JBi-qh{~UJZSF=cKG?Fc~HOYLriE9P?Q z4##dAe;?y4^xlXs*!5Cb)vP9sUMK z7+y{JjAR|1-IAf^9%bEQ(EHh?OPX}Q)lIdy_X$(WxQ-umrr%MO@i~e(`w=3@5Cmak z8l5^d)VWsKGf+h-P6J_BJDPDw4lf|OfMd~p${?U>g^GLRq=rY*M6!c1^o7Ue>@nY= zz2a+URAsvzY9YA6fxvp_@k^^+9eEzqp`X$17QbB<27xTo&_P0|zyX0VBz`Y-vWCpMaAk--u#L?klZ3!<9Ar`a%Skm_`w#;Wlt>%vW%LmF zcJE!38T@0Tc)-0HTc*=ie>RTA?Kwmug?7MfHQj-k|GErPrF8SckFci)j)2 z=1G=*$r-imWa^2s%6Q0d*;M|uM3RHrt?kWx1@^_?q6Y;Ol=u^_)2P3XBeM-CBuS^y&H3DifBB} z@31VFSWqBwh7{0}Y%1Py26Tc~AjrT48;!YG5odhNEIjfDIFiY681rk`D%UFyZ^)x` zhT`X8GE$w7s9>~bf}uxp$guN%9`xqnK>f7M5c?|KswHh*i=?sI0e`u_OlqA2)ZXyc zamBLnaWiaOR(^wVa`-j6BdlPDchm+$5Ejc=$~&Jaw!QBzY3=>dMUjvs?g3g@m z;9(kAdOP>-v9esfa48zegZi0!W7pXozr_`Saw(Gi9=Vbc1ygoR98z55c6_4xq`;Xv zC9#9f6?s(IEFLEP^V;*c%wzeX^lQ~I!_zY zS`DfhLKw+xr@Bm#iD&q?k{R+WT%N|a6gHJxadeKe#fezBn_=o}XepyJ(9@_~c24xM zz)J7h#IWmS{~v9w0{E0p;q?}E$IjH<7UY8DbdaqBs`w%Qa*Fv(=`Xqb9q5wbM>;`} z$C42G_Gdc-_bHOkR}=rnh?UAV@fxjfqD8 zF1p8PMlLpCIElI&hnb0_vrq=Tn>B=i3XNxIzS-ZyU?05ssiFi4+IbtXdX4+nP6*L# z>CRcIUZ7#OWeq{F0clfExhZ|(&p^98?dL+VS#M2X{g)M59@(~vxg(~S&(Vf97V zI7BB*`UkVV5UW+!3fJ+DoCer9T-qDHRvb<5t%GaN717vGHT5-BPcz!sZ+JyqCwZxG6 zCHY9o!fZ)l2%RZioRW=dE&qOzf3kX^(rWm2ey92ywKk(4KYtFM{58bO1+9;>aaI?_ z0Vc2^Rn&6Slyak~`gA}_PV_=9G9B6~H>=Uzu9SkX&am30Vz+`Y?35O=<5QEtQ<`)2 zG}1fUfMw&%AnSU(-OdJ&K}SuFWw(5#G2$~I2q`kvO=ME7Y~K}f-R2iPSry|8o3&h= zM}Qv85(wBSVUo_3ui=5#{}yo+8dhKoCXL+s6kP1y{Fy4W(MOek!}Xg3((%qE37!!? zUD0AxAFHCM&YNc7ik4abVy0*iOvsXGSkh5qRg{6Dwo1^;PTTR~1!UH{NpFl0;z5psGR12qlMy}Ma)bzIhU!GG4_L@y|T|pwYxl|=_P~#GG%VN zO9hCFx@Ko{p@luE>|YQx$XkOE@msRJ(rp?&*U*>*kHedJb;jZrK4P{}KLnm+ur!YgYy#BI2C`e@uhLtIc9dYmN zH;e3cI10sv5p}KR!ABaj1nn*!v1Wqyw|{H~VfI|;aqhd_z%fmNGU7hfz#`huitY&3 z(=jDUNWE{L!Fu5DC${T#TgZ03XLjUl3-^mdTz4_%^IqINN~C1N9@}8GrtbG!7FFQj z`{X-~kjFyStNbiX#N{4f#{=5tB#Mt^3wsKqTU9O;+N62l&c@%LErsWkjlvSc_fYhcQ5zj$K8`mvrAew7xY>hMW{G8%zA&Oke#=qO zR@JC^$q#f-7Jca14p+N7?;D7O7*n@m!g&X6!f92H_THF8)(E!WTsIf>w>b#q||^%Kw*L9K>D5@IA|@_O4<<9?rO;}!Sa zez9me_vg92pF{pIzT~JIR`VvQ1a|=uzLweK2-eeu?>q@DXG@8Phlj;6VPC4(5L80P z?P21Hp3b2Z;#%{b)Z|J;;F2GZIDIO!aKOPwJv(&SK0ItO zV*f1>eO(54kot<(KK@Zn?LCg*uV-$Q&C@&?!w{fp?yks(3 ze+WRhzvz(KGq`mhm}o86Xvglz&w7TN$hDfTFmK8F*_9>`n3!@qc3_-Dq-;E~Q${Ia zT*q@ou-84`ma7c?cw?~Hy&$~j;5t9cl$DmKACJdcKJ(gsjj2mW2r3$dwz+25${eVp z5L9I}gTM%kXf6%eO$-oYp_!h2I_k(pM?kMkA{T*mgw*rPU%}u{WT%j5RA>kO&@UDf zn5NX7aqpJCM>&^9aZY)<(OO(hMg5p-dgV6lJ~5HrtPJl$b_j>dFR~8h)OoL-X11x*U6r_a!5KkF52} z@WnoYIQm7)s;cs7LM%>}YkQ3KxuvfLmo_hC$mg3)V47#;3O-1qb=sfMupYC*QQFQ7 zjp0-tt)SMckgqwjDwWlBvp&>#Qkd*t^*p!NN-dCDb^$l-`J0|&CbSm67O#2S0{mp6 z!+alfr*6Vgl_u{MlCa!^P!%F?cUiNqbq1-s*{*9FrLBl9`w+yL!-cPF*d&z4dy%`^ zt5Q;`Iz&BM6}PuP;|st+Xiea6tOf)Ffu@5R`KghJ zzGD=d+VOB!%(u*ijg`ph+~!ew=*FDwPWMla_~J1SuEx4aApaJdJm?M z_|amWa;>E@zt5eT8o}xLxu~=>5>VkIp!yL-;1-Pjm0e{^KCi5DiVd-BOL(EE%DQL< z%ltXySq$4nJDY^D!_&a2sfpr%@a^n(~x^+MUF>LOyTwxB3s!@+=ND@gtTO6O!+wU4BrT z-TrL!&|+s+`Q>$Dt-v5%r+V?B5*(SAB|Ir>|9s1De=pSdyQd>;n8%*ndp*SY152A+ z-x_X}g$Ja9a(-onaJ25KmdQtR5?wV_1(|o{?1kcz%DoNB*hSPzywX?fy2nfWaur%_4dbZeUJEO6xmfF;_5hpV;-rwP+gW~%+%7mmLL7Hqha zr3h}H^bR`x(-<=ENmoE2TB9gVRClKZBN53ka1os=y__S@psm820U8cMY@~Ypvr3Ua z*jWz`?}NBetP^G1JtKT0>t|c0F0v8lcyRYQQ_^*so?1~wa{^~}lA`a3wU@S_vUPg_ z9nJu8P!{st^PBlXC{wS;dJHQBE-BY2P4L}gT^WWtA1({~P5JNEudaK~tm3}|GI*Fa zkI`wB$YyzUQOo_UFGEt^!?{C_nmq5YHm8vI&7!N^V*{=UijLRfyK}u@_Z))ui-MkI zAcKWek4>(M?d{7QK_!zEON+epX)?nllU#o>js-HSY@1KMU45UmGLQs!R!KE}Zn0E; zZI*;P**AxmXX}Td;0+H8n4u%h&*H;BPR8+sA?hu7E5I-& zh-g;O@U;9sBI!K&lCiAjE6$KvXi^!Vrau*+PPt_yYd&s6Yya2gZ~-<)k@DMK8{|-z zJ)mixg5w$mlj29c#5px9V$}^|Iz^*BfUy#%8=>)}Oz{n(6%MRytV?toDqIqLY3-9a zTTY;XcCN`_@c7EY*c+tm~v}Ba`Y)%IbLvKcC*1upv0(b zXb3ARqBCgq2>AV5TCdp!+1JLdfr!4r8M%mzdsaKEQZ0&%0!31P=6vS-}@jiJHGij>z zo~gIJa}JxQz*lb`KL@Zm<4eu8@H4=({+>&}+t=^&nbnA3%^|8_EqF$O|kr1CZnKNcm`4_$2%nl7^H$`M}jThz{s$|81P@Spv z=eK$ply-?4iRQ&Fst`I^MOn>3*jl+aPgj@yhwxE-S8FXSzSuLuR-c!?&)(A)KT0#K zO}Z>1ED|LBwE~(G-0r)6*Q5i8UKQU~ayg+R%gH3eJ!j4GJ^K;)wN{a($+9u5mnK11 zHDl`&CI&~X1wPArH{+k`+{$CmxgZXMJDe1D40gcj^i98zCbs^hLHMC&2dT}=Frzqe z!fi@$iY>o2vqUox&{eV74(I;8o*HcUP8MCzN|0Ps6IZwHd#t+&4Tez3u;iJ#6GhRK ziVC9>4&NnqGt8*%A${CoZ)`Cm-=^?_gBJ*-?_S@kBI3hgSiczK`+#_rsymBiX9gE) zsm_R%v9+JXcYd&peda%_i2#`lm*A+NKPmAj^$lFN8A}Q%klDvCzuVk;cTst>p6-on z378YKEq2>NV(%LYrN>p{Wr{dajMarZ^y(#pr|NRxX8ue^l(W_953=)lo$y_G7cia_ z#oK`^2u*y1c?EO~4C6#h3{b==;^;ca`{hR}WIlMy%Ow9A6H#df8{BeH+j_w`r@TuY z?|`+9lGwb=2NAW)lvImmB)Wrxsuc}9?7s&i1hubZ4a%_X)SLD#eKeKxoefkA@GwMKB2H z%LiKZFkU0+3B3|Vk0Hpvpq0Ry#c&Zl2v~A_)W4k!WJ}N9;26Po)8}6=*)NM^%XU~G z+K*d#gWmfw*v!0Hex`*{qjStXp}Pzp6G$bWuxU>^HZjS9babn6aADx~T`yq0(t1b3F| zX$J?Jx8i(O3k;Z4$>RQ(W8UWMRHQfsb5YE}IpZU(3Lec-}4rW5@knH=5@kNn- zbS-4E7g;y?RW=e5N6aQ|iwdu;aCha!AFHy;pbO|;l4XVpI(Goya&My#hb|Fu-s24} zj;E&1fVWpTS8F_OYNG)S>Fm~1#Ri^$x511`gm(q(7Gg8Zcsn{(<_F65UEw9V@5A!``w$?#wVQew)K@cDUEL%d zx2}6xQXen4BtMWGdscVw@r;!nN+_r1v<1i%ziZNB=7o$xDhfsv1lJI+52#|TwnEXd zo>(Ee6KM)Vm*@O#8t(doBncM739-(`(ccDT2mKmyozu>9JwZh$pduZ@M|G9~OE1fo z$r{fdf>NCZqhQNt zFqlDST8lAi@OlRs`Q|tbypgBwL|LG`{*>!rvGvkiV#!h$b`;*^{IV&Ve?+0!=Xufx zA@=T;MpH1Ww#kbH?ST6!qRLQ_qwyMD=NK@sy*S<^^03bjZ=GLU)V7QDsuoR(2T!ge z2&CU)$zEAJGt1zD_tr;NpE{JCsJ6uV5+LjDNiwR zW0m+Vgn4k#cprb8s(VJq^|R;LzUP7Tb~Ki?*iluw-vC_X9)&72%j8S!l*4m-hM zJo1xM_`UbZPvIlDPwA!M@a;81=~pYVz}!)p1hu;2Us(#^^nsUR*B&6>_0+M=^6X@F z9ltWnU}wjQ5xEVghd=@(#?N7CTwM2FExrG^elgTQ)Xs}^#)%4aoOTRd)y;K()~NGF zxR!rsY<-Q8%sOV|(`9VE7V+h*UCdZTpMIyPG$pLw)&D+Vp4Wl@u2fEc``1V1Un%97 zW*HlU?dpysf}anX2j&vLG~JK}A7sp*mQp-vu@U169=+O8lrkCJMBZHe(CL?snU|hPab(-G1KoXs)AL|avs+0#P0h` z;Ek!IwAekV9tA*V>tUf&U}Ab8SU7sQKfl_R(}sbbDr}7{b{j}B>MTR-h~`F+f!3;Q zUw#N>*D@gLt%fTfjOJyOGt-e1KBxLuxEF`{&u4nss2806F!~Yz^x?}%k(?{Yn&&j8 z=D*#bQ>B%ThMCL|^2=C`5_WW~M54}Fg)dewp{7UWv|rYGf*WG4a&o%47Ba+Ed!B0j zv3ur3h_-w2;+Z2rfZoexFkI9hJs{S{keK}GUdXN%28!s)X;bFrCT}F6XaB!O4n7S* zFhxb8oq&aVpjtvG95PW&F!HPb*YM=N&T1bLoGl9CKqDJREFVqp+bM*eEB7EoW&w(M zlb_6L6GlDTM~zM#aH`ae5zwh~tIRphqo*Jw?0K0B?xd@jmvb2fwav3R(#i9NN#(;4 zg?%C6i%n=?5h4_osfDth&Tfo$=l4{E^b?~Uq?^HUKTR6`c!At82-1)>3jp zWd}?!j#n`gCWUO`wolqLk(eob{e?7``ZP^Lqabl40%(R!F<1e4K;N}*JJX60IDHbC zta&tf4C?(#WJ0pe2Rd9z3#~XnH=DwVNWrYjsBrHOFo$%OJS`zI17Lc6Ms1+zh$f?h zxuTP&vx~xKi0p8Cq?}9}uU9fE_o<=QsyU=_D%DTtGailp^FBOHM{X|PVb#(0#D62` zPWHA5WiXkEGO%{$f;?|%5nWe#wUkuj^FjWW{LoL{33QH*AGA8W1^z}~AGet%cyCew z4eYfQcv%vSV97|;aBX(5T5^UVy#1denGL?zM)OV9>@+4BUjU#IwN%n9q0-{wTmyi? zEx@Ug%3~JzX`m=A`@#n>PK94mS=l9cUEgV$oMYLqE(P>og_m2$h|eAG);$^y?^|i< zm?!ScC^yO8O4WG}QUKRCZdn7E-&Hc>^Yj1a!HeXJ<(Fy|I`AEj)k=S@WIxg;?2M!Z z%HlJur-J>8FD^E622L?QMZr7gcUjDtpYiZIjLPg(7tHy+Ur~pYHySXe1rfN_pFRM} z(TbhqktKKQ+UyF^sY3UJ6c*KM^Y7a2QV*5Tla)UKx6Mj@v5<~3!Z!BZsN|L7eC`DaQg6}cVrP1^fTytl^Lk4aIi5V<1a4MIR+w_>DVa%h zxQzIx**b|wmmvL_`Ktj!J1##~4y##g3R$qGo+f7hplN&trDIQnqpmw5M336E+!_8h zrnJbs;>t88HY>!OjBDkXqW=&XwQA=F`tmkLXqk8Gd0-17FfH`Z$HSbD=$XViVNVif z5)a?MPnDo&N88oqPzc94zp1ONglU+vmCbb4TyLhMP-E~4{mTzkoEe?GG(<9z*RK!E zjn{YkKIJ|NC{E(uJo2JCUkQjE)wi)4FMg3D+Xy7Ur>rs^)hlhLPtnXxMMsc#5!IGp zO^&08t?)I7gOtpfK7H&tyM4f_eavj;H#K-KFc3LF3vZx;W%}EgwC1OO8J;EW%3O2I zxAVtH{M5yIBol7}Q&cDuFf;%@Rpgq0c)3GeE;?WlJdh1&=IvV-&DkK0lqS}RYi;3@9i!`bF&gvj-`d*)ehCNqVX2L|h)MnFY&O zIFoj>SnbRk=JkVx_#z(n)OuOs17G$W9IjQoyR@HiR^4GLv*Al7h1e#IalF67kx?pX zfCVECcFGUy)!cZ4z6T zLM<-rrf!!f)<_J|KoWyG8U{v?Qjtua;XtUpqvPi)t)@ZVF+Ct?BQ|?XIXE;dp7-TX zX9xn;r>bi+)z|i>%N@AWp(~YAkR^gW6JS&aV3ZVrXSW+MfZsp&bI8@h?=lL63fRE8 zV-%aMl;lf%o_aKM`6?E;%ntuM6sDQKuh{r&-)iW1+dLYEc?sMFPDnCzIQ& zcMUmd2{&Qux7MPciTv(Pm&RNNY~jexZZ1+p$68k^R0sz}5jdKvTKqg^fzp?|>2XGw zNHRj~>s>7A#pB#6c)|3^)4qx(a9H%xC?o;_M{24wwE><9*(()OG`fSd* zuQif_0jzI*SuW8X2M${Mm1Lr|UhG6XQnH8vjj}=gg)Gj-|6^ z$|X6XuXS~=xWA56Nc6f6cHE$e9EjMw!;U_N_UZ`HvOaJ#=AY-?&7-^XTevvVd|63L z{vLBG0nvqE!vn;#(6NchMpfboz*Mkvs%4ccLMmD# zYxDBo?fC8PN%#@gsJYGOv>MinMiH|3o3Xkirn^DOqksQC*c?KkFL%GjZb_UY(=S!S zMLJ260CCu%oMZJ|0AqTEX>fB9Kn|ZnkES?<42MdB0Vc^CwJyI^`t`Q`)^)k*HCi*v zEc=-4NjL+isv%?5Mxf4;RBili(Ag%@tn`ygf)ug@6$*dN?ru(=cU$5xkqVeZSGn|a zfTy0b!x`mW^lYW63j-nFS*-oxGWyYL@ZX|6S)rh52dc}d>^&fGxy$8spUPP)>2p}K zMb%c4^_w&^p4sX4^r)~gTx;qB%52V@8OW@?)*v%kFLiCDH*@&bKxyDp8G!{Ov=e=I ze-5czx6Q|X$2O4fgkjgglR%Q0Tdnb=x!lSv%$@$5KQe{&tR2-NL^HFc$l?L6@JwYv zvP{$#JyLor0%Va+t-%7P^Mo8r0AB!9s~;X}i$0X$qA`B+qNzZ88T>f%P=V{ZRzAhWX zd|zR_BvI)@-wnd4%PEI9B7ZhDQ9Mt(yyLf1S9nagMcN+eTBm{1+zfN4s}Fi*Egtrl z?0Po({ttH>JD;u~)YOjdt647DH`obkxz(TJm}$-gq8Km#?32|dHG_WX=MJAUwx@Cu zL}}{Ee!&^{xsb)08C}AR*PariRV7m6*Q#LA-c)*eN6&XUGz0f0wPy!C8MRfz+L zjB;EZIYkZ*wuuPOyqz|>q9PU7*h8W2Xe0uYT%W@fV3JF{@xj!73O?FPj`=!G?%b<} zadU*=L9P!0rJC^+fHyGBmwM0%m#)4iec1o- zw&8(EW{FH&7ggld**|4`x=A`{;_Q@yvH7=Mvm4v(5n^#NBSKMJL^_PQ`e51yEi@`8 zawsup-y?XJ8@Iu`{!E4@PwYaGdpz@GcZKx8oB3;a=+-1vD)%OGj%&gqO;yA3^iNzK zy9}KbQc2{c6^&VzQ?*cJ!}TAyrYH;Lx;X9V4eAzZ-wiC3Z)wp0kNorfIRz~(d_X_| z5NyEdbKtUC#O(UWX|;%ijg3v4JSJ9g9tey;$lcG4rd7u?!2y8PlDg$0i>R_(ZDxht zrOnYqqSnCLnh?MN7cIFeOz&p><4-fdbbW}CxrH8h_`?zR>sL51mid#zO4#K2jfu3y zd{d=>JrDu*MQNIQ0^^a_s!C_>P4NOeEaGPHHZ{iTJ`W?8#V6nBnw@1EvX1U|Tr$(| zX@ck!_ogWc=780=TdR|9q!e;o{}GjafeZjv-|P};mm9Oh87}!Rj7D+L0B~4f`z z;9AUqYx&07^nIEJ?DpKZg^X37G$PrpE+zKK{pf)KNWtr z&lmg>n#zfuFf-M^#lf=S&eacDNWCLnABymaHcRm#cOX}-dufc>f)Ss_L+A0H?i(4e$GY@Dr-Rlc}8M0(bLzL zdKS7fW#OO}vWG)`BaU$%AUov8QYonuG$)P(_&aQ%``cwtZc!wWv(=wUC^1TW3m8Km zVta!N!q`A>x^f5}{%6kP=Nl=bd?vnaoOyQ>v$Gjj{)N##p|ODv7H6DmXBBmbWFM**q)-Ii0N96k4#Z zJi}2?^}1~uT)5N1wd*M{#)$UcxY?PB7aiWxoAwRil_}su(*pfIR)Z9DL}8mfbW5Sg zKgYo5^pU)eu&oC)1GcSBAymSd+;~n($V9(hB))opniJKVnfh{c;RbHDMl@_~BWkdt zzy0Ajs+zV$b+t|X3V!W8n{Bo9_4suqzk^J}N+WGGB=DwPN&%L zSpL-@wr*| zSwJ`C&Uj2WcTd4$OLlZlWt`t&ummfY7yMCQv5}wvzG&+8H>YP!_@I!M?w@#A28f6& zH7yf8&qsBeFKIntol#t03QbI@w@gFQgs4$mAoA}F;hOGb;{z|Iwq||I*2r)TD>U(N zrA)R3bK%CZ0+tMa*@%cmmN z4A*x_=VE!o%DgWm^L5^oAY88aSW+MlQI4+1#uSowU=QBHLCAGt8n?IZY$Z)})H3&W<3=KN;8J3BIh_WWBxy#VA4%f|Y^QytQe;yP%c4YWthkYVd@2%MkS87rp10bK%^#QNWk7ThaCeb$b(evuH z<)f$9TzJccf&m+J{Qi$+R9tWbl)*sl&IXtaP#n5K8H zxAMRJ3b?KHqQuV6p&|x0kPCDqj>o0Lyg*E%n8aA6wDetlqL?Yv5Cm{%Dt+;r<|-?9 zXnRyFtj(Y~9-9obP+XKpNRQRl@i$6rdXp_q4bp7%yYUJxryo;iq?|}TbIbQG>8&i$ zyNgMQSzyY!-k<3{JU#99hakFNY(qvxM;qEOfgq)&XBzy0s9OXkTdu50F%N|r zO#DT`$jm<-&s*4?liO~MF3_eSf*$6;=q5W(iec@^8m>v<8QIKlW zxEqn9h}`2Ta5A>QVaA*;li#-Vq;+@uUHUQgX5#*0#qY}rK@+=t)fcN4sA>^}am8je z?20>M&yE>=qk%sdwYVZ;FS*r7t#Kb7;av6-XcW1~AgRbnB1o1vF#NB10c_GD?&|`8 zLk8)qChD8HYI|jlvLmi2{8JeCCmAa;;7u<8?(M-*vP}U-wcoyQKqBDy z%Ac(40C2w)zk?}Nd%In#(v8-Cofi9Bp2|?n=RX0t?iq}-Qjb70wQBXs&G3#ohB#dzBpr8jiJ)go#)vJr3g!Z4pb$!DRX>Dyp{M2d-Z82|P0=C(Zz_qL{m{Xpd4 z(`w}gDb%-!lZ`NH)FS8PQCkqHA2oFO-s9$NMy<~S+C;&?w%kbPxj|WGgOpqozx&*& zvh(^giPo2q;OZ9SqXl%V10>0%FSo=Z2-GHz`3MoJAG-eZSzU3ZPBOKJhW~r_BMG&r zTz_4{y)O=E#Ce9ar*a zhmyupos~T0k2@pa6Pjh8thAKwx$?A#=vfBP$c`|z`_r#1enU$flt+FOSyVc%y)6fy zk3!Af(kr(671y)yk(8+ZJxudc{@cUIVhou*$G&h?^}2RNAM2-M#Ej4R+oj`ksus>82l?bc132!?DLt5?S>BUl zIp0&BUar^^OE!qeG#y52>MJkdiMKT3sN^RAd z`Gn1c5EDPh{%!{|Ad0h6XqaRpb8A8R9!FfW|-HrCIjxJP_f5D2y`nKVuqizK2NvA z22V6-mbuMo`BBiWq{m0Gqy=aO&o*Zg-iweQnHnl?pmRyAu6fo;f8$$JTJRz2cWp20 zB0-+|IqOL6d2GF+RcX~}`OKf|(t>XPE?$9kT4?@XciBefpx~dwLgRqdvEyko^5Ro@ zkq6FEtMXL0-=_H2Bbm0NQ>#sS0rNd0v}pByuTHq|)$&Q$=Kn5QmlutWEITy=Hkq2$lRW;OD@)`MYTV`S$60KL47JR~A6b5DmorgqksD-lc$BL#jbrlnRzkE$(YNn9r#H^Z2*KwqmL zmuaik;TszdLlon*&#pVK`CuYl;Wgkm={|5n_EA@~*8v>=00m7V779F-BP}5j43A%< zSP*)km@5|aAzvD@Tu>BpmC;NA@o5s!YGYMp|A8#g4W0o??B!m*i6`unq9`@2=@CGF zYFB{ZgngTHQ04lSHRGyKv4S<0BAv!w#8$dxhRbE0JDCTFo};j)P{6m>r%$u7orS$K z`AXg6NHQ3fif!hK#+6#_Xc?!~Z&m(rhR&*=k*^pUCvseg-DXNF5me=g8li9#+2?PNvqn9V3K+2Cv~wjYgW{!4U=x3s#Ftm; z&a+n`9sLwc$OgMYzjg&wtRtief_W{kjcEnm9Dy(%j&9|*FHERHJa4r0KcjSBL~fpJ zV=bL(0uX&eU0Y^P2Sali|6lcMB*$Pp8}Sg$CJcp9CuAC zN@&5{A4POj!yN9sb6SoVpMuk=A_8_if!oo1u47pmVfmSG`r&=Qp%Rs zYQ??8JdlPIg!`;e>}&y`p?b^9i+&%skGkL=r2opUpKTIbkVUxtgyGHLaICV)>9KO5wVc@(Y&7@RETnVa;j$!uR zJNDTodS&)qJ9BdY6tD@BV8d|`qQ-6m&Q?!l;1mJRFCbev<=NT~=p@NT3);hew6raT&jO@8UfK%8PyTDH7phAr65 zN_k3o1uLhZkXIZTv#9*W<5z>d~)PA+Ey01a=Yz z?VY5cuTCdVnJ9;vxozhp_)84=mOe~pX=f2;Zg!a|Z|Y4K+EBNrl|_RBF>^fTI?8ee z{^nwfxr>I^2xUw;gJvIm_^g=s9=9oQ$+2qHp#zm#X45Ej?P9*(Q%qRTNHj9U0pCFP z&^rVuxJzmuQi{&0pr8&c&7;fz#9m5H_o}sT(oItQVy;}>KQ?PhKcD0(G7y2oqel|( z)rqa(dNRCSKP%NGrI^s`x4Zp(;;{nhl-%A&*0m+o5CH6&pJWMm6XQoSdPz$q5r6CL zE^?JuD#0z>SoH*h;C25gAm~<&?mh7KLJ$G`>8?Ha_Jjz_`6d)?PkMlL1+vWB?Bvw^@$(K0R7*_HfNFPLLTHL+gh#KZE@%Di1GmX5^{* z#6=&g8{@702#hr1x^O2{K|8X{M*!1GWCM^=YNxb*W+O7L-So2JldOK?;wTj)`pczS zX*>tZ;f%*md~F&ll`_h6(X+#GIl`o?Kf%y4=JKKiliD1%*7%qTJ_~GTldf~OCW%_B zcbj0qUdT`8Q{<5kzW84|h6nGRrD@8Yx2t%+eV$him+|oUEJ)7>fE%E^)V4 z(O7IlOJ3}M{cFthVYNKvOKrvr#Uq|$8(P7yOZ=YmEhJWpl^Od%_t%_lDLC$9a^9k2K+8W32~xf&74_isk(IGBu(|1mA$PLAo2}5x=a5^k|N) zjhtkNzkJv~DJSb2eE+Vm5S!(SVyF2mGzRVIGtWTehVtc5L;=5T@+>)1Ne01RcL2In z;9dFL7-nwl)H3Xf z2gRTdo~Kfk=zG^496(9-lI*778uZPNH`BKE}E zz;fv72jgq!+L|4DXSKm=zum}a=5P|eIdQ2?CSEBMFr*$mQ&}d=;E(Zk{FbbEneXd| zm0h@3MItD4_Ehg)<<2aZ{^z#+m((XE6;;8{MSxK)2WFE&&?l#-irwBGz>cW$hB;<2 zFXIM?NDmHoE%uJqVGQba+hW1>+3r|lqq}y41M^%xKoJi*RzZgopC#2xlG-%YKW`8! z1xa3YqwuM5<|44|PnwJ+4+p{R7-jM0c|SVR>W*Um3*7ZJua>GFMT)6Q7KO-Qjg2WI zV~~NKe+jtFv>FDfbdd_e$BJ5KzPS-nG22R5tI`bGO>Jxw7Ke>_ZP$8HWKQY~7!&n% ztFUbYE<#$^*Q;UiHplQL^QzZ^_q)E!O`+a7*++^d!Nk^z7s4?H;(|%}?6&FIC*{t& zS0Z_l@-Q((LDpB`i<93T{%gv9%k?LOZMVXCky^5)5YIpprmx)lDp>iN}+pB{Bvrv%?q`sdXse2PpM2v zQiZnWy{0_`k-*|c#a_Ohxjb2NDHHG-%tkAcZ}zyLbB%b@jb68q@Mi8V+`+QCJtJt> ztbfkIoj|~tAAnQcSN{2{dg5{_5i*>!t6g=pCdKP*BNjR=W(O2)Ff(esF1?`?=pb4*jFbpIsvEh-}5 zai#s%>AB5X{pEVTr6Ndh<&o5GvU6!+o-@JO46L8Wa7h=??B3w z)pmpF%ED6-du?K1%1~Qs=J%^LkDuOM5w4oh6l>TAw4fpJW9~iY%9rj@A3MgUXLN%_ zbQ=)1{)9lQ%(ci!%M94y^7S|q2r`d-d|~s=d;4r zU1b#h!hktz=@GIhbK9Ecy;N`fgUy;uP3&vT0=Q8)0W*|{!IcckJ56yM2jlM%R9YfOCT)pDZLB@lnE!^Pu(Pzk6#tg;YwgXiOm#%_{1dj@x z>0-^k`Y^GiC>1Q2#QRw1iTFF!-{dL&kMhUuikjtK4;S}3wiu9GxHcE z>wG^FBDKd@w9<7V_vZeIV5aM(z}lv?crHNPXO_idYq_;IeQWdRx*kIHxFLok6I*Ha87x3+!E-^TAT~yU-h;D><=rCAJ1_)E*?RFIh#fJ#X!8S>BA2hfq7=S zXc7J}{deYo*zU7n&!WU@ToZ*MaR*Pl_9;Guv8lht$Gd$8>xC$QgDPkkC5yGUi8%Y= zw0AM<()`YYK?A!6o}k0Dw&oU!=3Ov=9on~de2U1xPMsu4NeHr{tp{{c?oIlvOOLJB$!!{kS z?FCh5DIA8JAXl|*)YLSbgla?KaN^1vk2MgEWHVKWfr~uu>X=QHb-Pp7J71E1r?BLc|=)j-i zVs@KMn+xwPKVHvD+H@rA5X&pePyGc7KHEs+$8#umw^sRDS)sGdytyY9^6o@RMHzIK zr9^99Su}xoX1YR|2~8@Rvujr&XF>w`=Uoid?N`D99e9epH(B z-1mBs3uO^Fi}hpR^bV!ltn7c{%8$$BRNPMJeF}+@#cW`Wlb604Q2OimRTH z5iS}_I_`u2*ai15MXubA`AMI0_u=Q9`xPbjd5bmkY=T1Xbvm*(nkNgAi{+BU*x&gO zCW&4eSlC&1OD$E5zF*}xz5qprVbS_m%oqpK*_LeMS>=>#B9pdMW2NuG@<%~WOe)=! z^a$)XRa()@o}e&8)g}alF{WDOvD2{F9JIM~E(^-yqLLp!<6C{e%rQAg{y^&myr8NL z4^e@CL%_e52JhuEAwsPcnjW{);coz%G86!cM!bHNx3(5UAr@vPGQ()Jozb}|76VYF zdnrlB600jb31?wPv^`aR|KE`QXOD$wk59qNpo$$wUYMF8%w%;{Pj}RhEl~>nL&ALe zN_wjuTR6|&u@Rz1s@;EB?Id)D4z{{3scFsV$7%_&T@dZ?W5s4xE$)f0UOdQAh=j6!!}sD5tk1o`1Mf+-{1vkFJzUMOZsCX6h5dFTjdW`#Z{NO9vozaBUw ze!*xTE)1hj{2Idk9X1mKjH|1Bz~5-G_T74=8xbIc_ebK4MvToDK-{V+Y*uFCmfWnd zWX0CijarVz#S#z9jY)g|BQ`p0C><_b8*^Hii^@LFHY>n3KBFdf!6;GX0T%Dw-Fud+v^}mIn9?=7EI3q1GcH+_}pNO6$FslGTupnB;GFPbE_-AJ@-i~Yrn5TO80 zI7HJ-&()%u9sQi32jGB?N)hOAmPx|>V#o2lyLPzr zJamBhp7^!??;ZXiH*v^dr!NV8iWkd(OzuV4#En%K{R?jQn=4y0NlJ_&E)fNtJjrGV zEW=wLm86R|yD_H@ql!ldd^uNH&@#ny-G~{BAd6t{-Y*7t-X_!v9J^qgdhOoyO8UukLhNN8&%JIFkp-FdeUOigX|B}8 z3>VM-Jc;5;_Hn}53oUdJJNeq2dlzNH?aNYJ(dNCvtj8zQ_S6!XR08L%OL*a} z=zz5vNZR!mXwFZMH+T0gD;4Y|L1+3ox4wOU|WF1T)(#$5JxKjQi^q-6XyR=wA&N6K(Q(9>+N|7M==r5+T0vMy7D-u-aL}sZ1YtCz()g0I6&yz@B~{ zj#S-LWRe3oja9vlZvlbW2p5HtK0!yEM?@#CD9t%UtT2RRa(Cn zdD9;Ov7YT;*7lh6Y{eyFWErokzORYiCJul)E?bWke7-usXQ70 zow&1asm6V~pwyewdn2!ZtZTg~y;=>JtNXJRuDQp#{?2%FzRmL={>%FRvZvZjwHQJK zg)A^bVW`8?VQD=*rfn5BJ58-~E}gt)DjtWuJA3vn#a>yMhkub1)-(t)lXVQ!K=L(G zj73-A;CDPm%{n!hB;{VOr_cVI6Kp&4Lg;JpEE^lqk5i*RuZ_nC?P`JY zs*??HB#GY}?7(_AcGt{7P_?pKSoh&d8K#-G0~+8A9uZnVm0i8;oB)I zXURF=vi7xQM?KYsMhe}Z5f(ezfG1Z+#C7a%h7}Dqq2%V|Ag(+W#ASLrk}dK!E|c5E z5Re-}cUY;Xfk3-^rRYtJ&+=XtJ7EWq!=Paz`+~`oc|P8A=;8pWXImL6qW*0d{EeQR zT(s?6I3+tTV9tP1qZ!7wIo-|b@AtXd+mb$eT36`qM78HBaYGT@u_f==>PHZiz3Axq zDb9Yyo|F)>U{$%9$I@?Drze5jfX~8G&T=e0642ndS%)V`iesydfRx67wQ{P|xv>v_ z(MyuRz1^gPnr{AUZX$*Q@C4B$XJe{mF%M&ah6+N9*{XpbVe#u-MC$OI60EowJ75=R znc^~GAsi++8#syv%4gtJ*qAp%w2It5zpM+cBFbSa)+-UZ>cJ`T?``Oh)9wPO)w{D8?1d9RD|1*^H7uqj2%Q!b7v)(YgPLU*D%j#rk2e1Lb$xHQJ;(74k;QP$ie2q} z9`#&FH@k%%UHQc>>i93@f1R~>Asi9|PDb+MZ5&A2t|-%Zl|&#etnb(U zcpcz^4)@gL7TL~><~IgZ`WexQ8UTIKan5R?o1SQKm=n)UA7Kw{;3$yl6lktvBsgbZ_VO@u zi?pN z$uL{aVJIS?C>xXG?k?khuYrCYd9$(RjE(%AJXl!fP~gWb;@3 zF4dh%g#RC%no&f+lj%1~d1GETgagns^+Y#cc33u2fOw+#4V37inO+$bVbNo|?>=Rq&4O;5 zEA$vZUk7UMj55sR()^!XRDDj4k^z?}QAbzZ`}EBIX_;nMy18PymbdyA@ni;8wT1H6V&bwT=Kc;(_xzo6jndkH{o zy=0f*k4`}>hv}c($-ZPt2UlYNjiVAgWk^*Td7Y`npM~0iMyw#Ody??Wf8HR_n0kIa z!7aOJ&TC->Vy1wboa))89)$KhEgfFP!P1Sh(;B2^11Ftz&8%7 z@;K@8ypMIJ@>>jj-aGq$9hdg?r zHpamJ2lVxVvo{G4q$12V7742v`_6d!S*&%`A!ky%j=c-}YT*zAx7vz0h#nDUM_rny zvPl(jdMUoV-rq6{S-?;uvhlu1FU8Ql@^cL)yvBZnq8_uxAqVl@@ND9o?6hyENNCMk zgyHSbN&I{gZ2q0hads6&t6n6%d6z>9WUahYLgkE&gn&lG5<>8ae&o=YYafdeWMW-_ z)4O5nGL4JXZTk-mP0_CYAbi~<*#5goiJlc{bU2LpQhhj=jOE_?axBZuwNMMcbQ5h8 z$PFMAt=ZdaTp5`JSm-F!6QLK;b)i-ae>G#TM!@HL159)0hYLeOK1T@^ zOrW_*v`8jty7(JGYkPbD{JaXxl^GB4ON0-W(Mdtf*Dd3)A1PlKq2r$v3-%|B) zj3sybnU(1&am~AHv}H5ySoJMeA6P3zMN&<1-1qL|jWP{o1N))Y%(&+zz0p$i{~<|V6?CFU4<%yewfZjN-j=oIZu6&FxFTwHw$WnsM zrm7h~0TjlfP!6u=s{h?!V^rq-+!MB-FhVRSZJ#Y?4>w6Ro1Ic*w;*L!L_{L!1l)MXcIKm?$V)Q)$K6(it#{^8fR1|Z+pxg3f z)HTvlJ4gn+oU>=Q&92=Tln#a)^m%U?E-`i@P znk&2^r@;|=xR7<5P6XHw;H(HJiFPoN(Zo`UcaZ0&)WGHP@8RGGC_d44z4pq0MT?A} z2ffbiKiTK#xW zGk?FK7R7=!GB%b(dJ8{294rXWd7G0jSqcb8L?>MNzZ_!-xiCil+URmwE#W z2HzCogikD0cpqoA>4A92)^@nA%u^Z5I{Rl(bX(EhNO0~{Iwr0nZLX92Qz%! zFO5XJnE!PSRUgV5W!td*xD|>CyHdt>uOi zj#Ua(=Quv}HYJ$H`Sr2;Nm#t+5$)P(NfBdg4sqh(tfHBIo~4J6q(bl z-YG~3sm7S4cUHs2rLR@C)?!DxjZz%Rq(-Pcq2q<{vXOP*xmp7ss(C$$m^dj+0bn1G z{Pfz_we5;>Z^H$I4FZ`twVI*gH7)%%Dj35@b~_JBW64O__l=*!#yq}F4d?b zj{qVKQ$x72pkB-~{_fnBH&~-vo9H`NRyb?SF9LbIq&?%og|C~iy!txB*Pu2`iG;Pn ztIk~27tbbe?&S7Wp*GLHI-`h3lTW~bNiHdzD8b1cKBZ&G1X3ZI-Q3sLR-4nLU}0^gG{s;83sH>F%JRp#j8G5m-4m#DR>fLV*-= zYI?e3EL2p{ADl~Z=Y{DXk3=o-BbbpKTY+w~(NKB;v|VcD*HvhgN0km!8hTE6Q)}8z z4Ab?2L?_ukdK+H~>LK)NuE@IeKmskOe3FOOJ@aw~UZ1O46dm)>Beuv`f;6Pfv@_ zPu8*=$}pm~lZr^c`deWqNxi9X@o5KC<1RJ`n)NfigFs}gMeI14yn6N(rZ6*wThAKf z<7k-jK;iG=C)s*C7P{de7xR0>&)@RWH{OdPGj}^RtJFt}`55;;{NChEM6lEu@!b*o zKAte$=;CE!`C-%PpnN0tb`0B~{{*yrRr2ALM%rkNfoL$o^XxbX{IXy97LB&vQ*iSq zN~Hvv+GaTlYcD%^q%G$n?dENG^nIyD%l-ah-efg}3%Qp@TitN;VkA%K0U3KLBL;8G z=rT;4B)IAUzh+GAE+YAW>&#)@MeE$|^)RqxOFM+C#)b9B$AZ77cugN$t+;d)) z@n6O(>ND*L@tU2rbK(BNH>S9&ft2u6AtI-x^AXTrmYswev-})AFk5^>^>=KIsSg`2`DBFnUZYL75N@_P|fu~M9$9OkLot*Mo*!WMEx3KQe_ z;`714<}TLtpUCtm#t+7E5x+Ha?J5PC{#r73pt`ouHmh3>-pTkh#x)C-i=wx2;0F~} zF`IC)L%+oRnL(^F=ctb+viMb6C?g_GO8(zfuIKhbfo@XqdtxF)tzxLjYRP`5ANJwl zAzVEixPI#um6Qw&4Z-5!;n_Pm1vNBq5E2q9R3zKnm`qGfN$cqm*Ecl8rKOcc^@=9q zaKS7+z;GHR)FUY!g<%B~vnyhYkZ5$6{TzhAL_S0{P-+uF7ytEY2d z8=D|XDQM®G>b${2?*`=>lzjL z5OCVY8RFWA8B+5g;-r_+_CA^EMD!H;N&2gf8yfn*D^6(dHoWud_GZFu}R%MwXn6 z5;Cg(>tL?Ui$t3=P*>GKduZ%c#LZRTrPQUeUtT3XnFp`42XD0?cc!xYCkBdpsGnl) zf-g|FV%-Vme{OO9(a_}o`76^>?9e*V4zy4$uHp4!XZGosw4*=VVv1DgTNUPdLJ2Xj zvPtNF)#IvpRiB ze4w|YO40$^kMh?{MMS;<@9T87(a0kS7D?9#+6^&eQPiiURr@gdQ_*U&?cH`2m;U5P^PN>mh^A@m~G zYDR_s?-M6=!YKOR!l)Fh{9xH+991#Kjf-9+qx@iN)t_tFo1euO@FHW9;2btL%gP(U z*Fl{{!c)MAD`EWAHLHjZjk&JR9?i*QWP zWMXaRRfJ$&GtWS!ITWy+5r>z1_MN+#k;M|eI(l^+SSMy4?+{6W31F$Z%1{2^QVsm? zrQ-hU*F*9dXqrsSxf{pN;ShM{Hl27?NZWS|ajg_h_BsDRAH=p|PUHzUK*f!Rd@s@G zK^v*KZ;Z!)a7aj?zU@XslY^5}3N8 z@`^%H;e|X7!?e_La-)>lqJv5~z%{7LNDH^dkTG%>Q7JW%Wo@lS->4kAt@U8YCf{ts z(TGjl_7iy6XAJl28zBCB+R;~d|IebbhZi8sn}@xHuso>}`oH{%m_omqHc4=eN{u8%hGNL8X#zbJHb7;LvVL@cXt~!xCDpb?(Po3-QC?8+y*(5wbuTA!MWyw zp0~TJ>XGWYH2Y9l$~roMQ6MS*kulFwpm1n>s8N7OV_@D2j^LpX?L}|8-elGFN=vkM zk#>B;z@8fuA}S<>Jt>4R9iu;cyM?29NKkUjw$v~!mXl03!3w2d7C{W_LwmLcdPr~$ z`2wVMl{Mxnjmjvu%a4RP8g_5T&v*?3ihI!?--aSh#UNOx-{fT$Rj%*cL!Ehh58+&i z-@kBc{`)IpZH&wy{=GCpimpFK6`(Dvzc^163s1QVeyHSy+4ArbME?Sl%&K6&ie4oB zd6KM`^NEoUpC2hc3%w>G6b!AV;={h@BaPo+_e2f@6Os7$%%Bu!g*ud$gk4ka#3qrh#V1DZj698PhG z30vx{GOPTXIDFVS3Qvo1#Ipp*je^}qQ zT^a(DDC)TIvkxtKeko*kp>H+MVg)7slc?00x0%FqL5FbvMkiqm*Fk9ZPcCr7!>`y_2zGXM4sPz=o*sw>%Vkl$g_jraz5RV+ zZf@Mv)Kv48`V#j7&!N;YvvzL6n*-^=JmfM^8Uv@)ZL*#Z0!0xwlj&T9VM#PApPB2u z&6rlTFx6xVmx70$$+Ya%9wvxYS4exQ75;pblW#v3`u_E>E9HG-_0oJ^k(Lf6X6%4? zp3q!h_8Jou&sXYAlv|>x7)v3;$^Qapb8C7EHOguon9zV~TAHkw6Q${YW>4dTA%zhB zqgMoAIPiUhe=yQoN>O#!6Ko*tOkfVvx^0(^J*m2q%Hhr5k#2T;Wi{tHxs7d%5AiA? zQfa9imRb&bAv7#_KB#_Wx5igH z#61xiXeB~^5Sm<#^o^V8)LNhkD7O6O-=oIgN~Q_@(Py{N*iq%m!}FhP;P`oON=t2#tE?@{rhiX>CBhlrz{><- zNjH{GVYL{qF$f=ej^SOolu{$GHH#Fi`7+g?s@`yZ{O{&O8T@y1a?#G{ublk#-1H`M;^4)&=f6WJ#C>xa#)4lEN9WcS;QwIsVD%c}jm zNg2kEDo`RSR!MqfAG~C;QU(h){!H?hSKB%rUD(GbtCPFYLo*g44nw z&ql~%DD|%*8(Qy6w=)^J5vq;6RL)CVI!L7Cdp(T2_NK|s3iAB&+=y71d$(%Ik!-#4 zC6NBGF;Z1kgehJuDz9HD%3XZ2a>bAbIzfdry?q{3Sig!%X~Jpqi2gTM2pjYL|0z_$ z3T4v5)k+870sKMOz=^?j&e`emW8TM?(WcQO(R3fRnwb*B6IZ+?e0P;c6nJh93EiKQuF>Y5EA#?ZFP2SU#(isdoX+AW+Ma+NpJP<%5R&n^ zyrB>dCWKd>5FSm&J|OZ|wCAIJt{DItaNs&rVp6`0ZP!g@cc#^rmpkz=uwx>-n#Z6V zf+5>#A=9|R1JU=$sZK}QjAzndSPdS11^yhZczE0nt3Av1yZ|V$i^UI^U z^N=wMir5-1s5IQzz!M9WlODVp2gZ)8cJtmd1M1Wl3DOB!3AcUwX|mcX=L-2rY}(Xx zJ&|P6*7Dlvn@X$}eDmrB?b-<BJi5b1sJ8NJGxi{N;RO zlg@Nb;&dAFo!x}8a#O1T=5V6x9d=P>Gh3lua@8;<`B$qsqiuwSmAszMcPJOd17bBE zDH)lzZ%L~kj@{e6reV#EhkK`iba=S$#VN%9X1ZG5|LURn=nUu)HI&E4YlKOCQ1trI z)EmIUvJ7hSLS~7Nq>U4Q>I3)0HwZy-$nNjzUyFOfP@yfdP2;qB8xNg~-luxSVLa<(L#8=3w5(9x& zw`wpJw?J=fZSZ>qrAH9SPGuvA2{cu80$bTd3EdBaYcq_7v#9&5Do0#MG~ApxF5trm z{;S5JdvEY(_*05y-}i?$X8<5zz>Pg%Grn`A#T(q)U0~yGHR8VZ>tq+``}oQ1T{56| zag+Eq{HG^k!V#^$<+{`NeHPOY2Kkdc3IbrhbEhP)4+aRpnLX#zMNaSsx5+K%m0{%M zKF5~E8VNh#V8)Ej+;{J}AsdO|h_>1Wgd`1*A9bPA7OGdCQj-CVNMOdzX0)AUmUCL0 z4QNH>FOM(Kn27U|p~J2kpV1I-tI!0EV#eP2ho9J`V)J!%Ovzr=r=3kKtW>!+d^Wj0 zLagaoAml8`Pnd7s;QeDO%2sFUWn$y%HbGfFuc2U~>_gzy!vxNTlIM|6r-RCS=j#4x zd2D6Yt4rMuU8IO=`R9c=la&G;p%fMOv<-$Oiuk-5rFnGDa=lje{~aj@B%rwPGBy0i zn!QMW@GuhLcygIOn!g2yan&9}6bnw&HFR8jJi6s#Wd&5=32c>CJRTOc95lYx>3kW5 zZV7>JR+rx+FUX$u>B~ksqv~)momt+!Pka1K%?|=zfeA%AvxB5zU`=BlX`!q){(9z7 zBpX3Rf}c010Ke@a!P@FALA})~%!JFy*5&lBB#~7UeTG6&bo@1_Hg7QQswxG@bVTL5 z4;&G^lj75f;s&;(69!NIc&Ln_@og%*^|H}yqk+hxcR8gNObs3a&8?PoT>Ao-K?nrr zM}bpJqy<^XImf(Fi7wKw=_O_phCPF$SJqns(muPaWFOStw0%5X1}n6h5++xs2eqCu zYWEHfsC?DPVPCi;S7ls}-|3Cy1@zh<*W~Np>ENIE^^}v)AsV(g9?3Y89Mp#)F3cti zsFwF}=N6&oMn?fsFX(FDD|Z6HnZm1>`x?VeDD%4Xe73y}0?-@9y@)WB_4KD->hj?< znoF^Ro`z#^KU&OA2D`|3dy#+e;S2=rwmC2Uw0g}9!AaV#?dHwl2E!%c61)ic&|B5U zz{P(O$X&qJ+h0IW02q>b_P|_tbNE=%%CWVPcQC1uwvmnP2zx7k!jMYk60@dol4nAb zD64w2>4P8ybFapw$$Nj)d-Sx2E;*QggGs;b?g#njA-M5l zNGGJj-~>aglOU};(|B4$&J_yt{7}y7t+L&qdg54$A^isP2bto)X0cb_#gEa zRyqpM+CA^9x)MD+>ixh_VW+CzIbD)Bk2Zc7pA_jWDb$mm-n~yOS%UjXxil`(W2sI^ zesf$!LsbB2%Vu>z$MdxrZA(jK03geGd3(_Y{G;^7yIsug>8E`$eg0{0|8Tc&cqEEy z<2-C|YyJ(e|31NOK$9BZ@fTHfHQN3`h;jZiIcoODMuy0F9rsLxd!Lz$jBsFwDUYdr z)`+9some}d-TKI>kf*(~E0F zS-0VI^o*P*suYmCr%9Tf~!?(xRHN{P4%z||Yd@;XoAYGXpHDZx^^aok4xowji7 z1F|A>CJx~mCy2ilYG(eA>sZG54;I%dRA{oP1z6q0MCIXQ;II3z>9DamH_ zu%|T|PR~$ArZRr6lJS%pPN}LAYHKu?-;^1y)I$jZ`$SmDoScfHk-wVG@FjZUu-DZx z+Ng3oBN3=t!{cE@f=e|j{|-k#I~D93&i$?JS+j}ly%J@p4xYw2uiqRtY_{tos^3#o zR80?LUec@a25pGc2bn10Z4V8%W>$3=j%7t^2ZO!&772{a zAmBqt?9XZhOxk!@Z^_P<8ZbScJZ7$pf`k9Sk*%WH7(-bbwUgY~rta|aSl$W= zkCUug#7D+@1!O?O-w_~~HNdvP-Zku89oi7Fp5g#l5=|-e|f0W6t%04i?v)#{=kA!aQ(WuPb1lVVrAF(CrzNldf&V24JRn`9uidVK5b^QAw3+^z zhI?p$6w5^=3;LX(kAFoWA%ewxE0`Pj#jCp)nVxNiDK|G;%0oH&+1A!jb`TurwG*@L z@k96^PLB4bZw>0Pm0#LRPg*vz1$`8#H~jz|R}-sB36Zaaw3^{&dIS+eDpn46D=sy` z2ERodOc9}M{JSo`h=i56Ol}@y$`1~I0!wZR2cvnvjs8H%ymvyP-!)2s>5VN}nY+2t z{uMN@(HU#>9*PV5`nt27!q}C3R_YOX!q+@_W<0HMZp#LAkwiyptM!{rg4MFM%dd?N z(bXNb%q2rAT2swbNFrMcNDAcm$9SFCwlt*ZI1(4&m+us0@;)WVB*PJpT!>aNvCr4{ zY-E<6QkrfY!r3U44Mdj;{mX7x_WZ}EQIp3YUGA%G?!5er2z9rE>C|o0e&RHpvv>B% ztwXCXmAgQk0tdg#hbIJ%OmE4j*Y}qPUvpnyT=zzL_%ra^LgXWp;916uU|jZDHt^$% zLYu3N39nRqT{L^=Dg9g(Fc`Hri}ew(cWhuc8+a5iS73PlY`3+zj=34_h2<8puR1-2 zUN-@VqQO?{|JbWcSU8W;d-5-8%?p1%g^7g(zCUHJqLtO1DqbQMMvQ{T(POi}R{L-@TU zH+5vjG<*SxSNq7sc0lw;!-bPQD2SQ^#HB_dR&Qs9(HUMb#?d;~vgnT@|89pd9-q-a z+^=HIDf{dvI;J`t61(3>KH`TFphG#sA7~EQF?as;7~dbELwH%!u}(OrdDiUh&(&Uhb5|6s z_Q}FmDVIv!u4t)uH<7VnOHWnX-Ql|>p9i-7+u_~I>uR$o9*Te~FMTH_B@gyC9%@Oh z!Uf)OV4GS=^1iHi@Q_QXcGJnyA(O$K^|)(tfky5h>5Thf{07((Gvln6?1bo){sfJw_o_bMMkIan_u5-yrrBp~Imej@ke}EZ|C@{&BQh@e|*ONQO z;#gGJl|}h4=YqOS|6g`dtkG<^kpEtz*W&rPsiCP~k%;CLqw{$YW383!yZWhvlgm$_ zQ4Dnk6kx3d_UY;AXyys^s#F#P;@zGuC2O=^jYc2thdkOZUv9g9g9RfPbg2>7q61lT z7M!(ahdlQr7xZCL66XgWJk4Xf@^{a8w6!X^%=fpDtX~;A^`9g6kBSipL0zM2zub1J z6)OR{_PT614X14qp!%d+j|kiOi-g83Q6=2usw1}-d9`jshm4xjdu#=^iSaPIZQoq$ zugS>7ZGA1y;L3Qnj)9GO9}Kv^o)(kFPj=X``4qX8x9&!}<`$zBrk|>i#W*^WGAljt zBMhz9`%fQ2WuFs90!!oiHnv)&t)U|x(B@yuCM}pvo~yJ| zs_{3f-BSRS@AMwjg=`;X@}0*3TbxV zx9hqea2EEtCwm)afIp#&z&lz!+aQ0Oe0w(-zMf1#LgaQm|629CaJP2@?r0U^{dE%v z=Gw_s#ev&{_-$8LMP*EuXSkC3mSOHTd5=6x5K+KR1gV0DCOQe)a?|C>4!`|(-LOP3 zhCUSYw)ah2*!jAZIpCIarQ;?6vMjny?dl$3#l19}VdAK_rCE?qZF>_891M4pEm_KY zyx%Al_E($!$&dPU!ZDWGB)<$hYx;9{eu~}UR=w6alPAR0CgNTV;wi1_TVU!?Fi!j`y17p8Lh7A3g`BXzFeOhFjTMK zv+ye5W=1~{J6NW~Ywwld@m5J(uFLO}lG!$TiEixTtNm4xyVV5fXtRjoq~$2;$MgY& zLN)XBY%Gfvs;!lamhuH+t>?NZB4GRL+44g~?HI`!lT=-K2CNuHH8xr^#s5T*iMT&q8l?@*sAF;S0Yp)Y+{MG?kG~gN3d<#z03?$brNoK}YA?)K09|En`a+pLR(S^HalY(yff ztMlWnj@`1FcU7$T`KnUukIw6{-Qyr-fjR1=-F9A?;H)xD0lL8r= z`*E`9F5xVaB7opPW1bj2(u zZw%HUqGS9Tb8nWpQ6{8F%O9Y-aH7Mgr~XsdEoS(-HrDw98OmI^lZ3eYmGFBUOp6EM zD^)Vm(<(7rM}nuH(;;SvN`jfbRANR@ykQN!J>Msh?PV4OyG z#}=h;OBXrPXQPT2=&lSxbTF1IqpNG_Ftt#PR)fh|O4{(rK^0jgpRZ$OJ*|VV9FMeP zPF-2nP5lgBeZqs1_4o-T5%(8=EpFkK;Gu}$<+;%x>z`ElU^QJ zUza1;BWigqBQ(b}EsQJ;&3L)9XUf|fG*?H4z%GH(=<~!^Ns-Fmwc}~CIdE%{l3$tc z=@=}j>T}ECOYv0%u`G>x7M}z-r*70?pdoG4rN>2x|P1 z7Hb2{LnyASi{a#M*UBb?5EJ@csfZ_gBn-8f|6znI+2mWTPH zht#nn$LP;x9Fv*S_9IN>9E=SWXIjr4C^gWguk??>n-kK05gwo&7dBpO-x@j{upGD# zmrekCKBjZE1D79;K2o2ZDTN^c8)fS#D>X$i=gMpP_mI4!^{M~wC{sseK>r)oZtn=J zVi|H+t>U%~#g<>K{e{FMO_&j3qRbAXsij10RRVUA`bj8663*ke@ydvg`Y}@YL(5@| zEs`2;w!jVnEA!!p~ct(@P2)^E9d%mzSD!HnO*D$H&@)^t7xD z!6mxDeF_?|&Eg%xhsn*Z5e|VsSbtAL$RbSvdmH{+i)8CAVHkLthpjDry(V3yPFpYn zCVltdpji8lzlGmDH7_qdJw5%<(2!qR8ZJ1LZ*Oh+X*O8rF<1creAn04zy259SCrd- zu#WtV-75XG*&F`$8aNP9BDJ$cB;4J4Ed?;^WP{0UaxHu$ z33)f(FI=wE0I~TVTR3NAUmC;4J3wSuj;!r$b)?N7b$-gOe?BQOG?aAOW_syE|7G{N zAs|8lGb6eBuEA{DQw!&@ULd9gNLEfykUB0j#V8X*4V1YJe2Lr%c6{MvT(*3R){X0-*anyW}ny70shHuSJ6wKun`~M1$Ja@W$ z2{&d^`+*GvzVw(21F%DcpX#jAr+0{bBMESWCZhV_$@WdQ_b%?#8~7l?c2?F39JC@+ zI3WWyk5m=XO4nc$yX365`9ep?&$Eau-m$EYXdI$PKvwI9W4s%XWg{z_hFO&>nL%}n zP6<}>S%6-qCr&~Z%4L+W)A_3VtZokroiFKGc?CDKeXW5b`jS56>t^NJt!SI?9x4_T z+M3P-p`Y>?i=*n){X@?(uiJ@nR^NFlc*Nv0*?E>ANk`gjsfp%~wem2GR63X*JKIl1 zxZ5XkN4TFo7&n%F|GX!wLWPd6+PzD0Miz4YN%}8UhKfDI{qgf6l&WVC#9%gMbH8S3 z-iNP;NaML!%_;`IU#HI5N1@^W0tZP}p^XysTxIBxxLAtteAkfJuNJ}9<6|?@s)^w* zM!Dv4Z`u)<8`@!yT{wA4guaOImmzw%TjFbyL9*%*eQAcgJ|3JLSy&NIyQ2Di?ds_X zU6jmiWlLO6B&If;5H`4a`#zuHk0M2V$#%*f$akWaqzpU4|49wsN>Ns6tSpyg)nKtR zy|cafH;UOu^<~QS}pIK|Jk8a%=gGNkNYk1Z& zm^6uG44+rKq|lhZj;;}g0IMRf(T(%T_4l=US|2*KOi zN(B*x)qwJ^$6N@7_v3J%LEe4$^I2SZKjUo^;Vl@5naI)dLZm=er^mHb_}BCjpj(-- zaM`%~68;~9F@4=^n%_iyLzB%0w!LdYvSwOu@=xcps&e~xd0l|VHKxrZSy=;fGRjQo zCv{_e4OmRFt&`%F$a)UmEG;R1L+qQv#)e7i5us-*CM`x;FYUxdmz;mHW$zsB^*I-1 zY9nWt?w;@vKLc=MKP8WJb=41^(w4TT!CtN3*REpyJ%g$4$U^u3ok4{Luon|-ZdR)@ zI2miXy!ZToKF~>$q^c;%Q%jmmGCEZ55-n(85C6F`SoY(|n6jqs!u0zq0FHShBgVt2 zaCbU{=BdJ0lDa;&&Pf}3Jhk0O4L1cORJK^ z?-DmE-j*wzP@bPG9%c2Sj$;-vq(;#K_YP+Dg=-ss4~{*cFXVT+_GSXpMv|J0SZ(Q| z{T33Q7jp9iH2vT+NmHDRA)GS2G)ChcHa{@MC;x;j+vqDlcVRMJ{)pHiM>{FrUH(h_ zTO&c3%Jz(lr673Li%znvc0}IAzFwE<*&7Oj@9%FN$9U#6BO_EX)QqM`om~pJnl?0~ zbxBfPH!pbBabi6dYo8zq+k<4d<&37daX&}X+Ov6*h}xa`wWJMXJBf7Yf6qUCQlN3j z_Zglfh+x-U^;3!o*(p2j^d!B}{+dv`f`))Kc1%_ycx@R5Y#rwTrg{`FiiK_3i)c#mYHnXRC1U z_Mb$9+x_diCL;=1gZ}eMW^y!-AqM3&CA;VNCD+rUOjzw~xzb}-MwI5|eMlS@N;aw9 z=CtrF{}kx-tKGNH%ClCJCB*30(|y{SAesAGS_ z>PDEw!xS#^n8XDD^0aQiqcPeX}^&VVS5*FW$Rt-R!AWGI*THq#ocE4Y(!=D zN`hT}4aZ>sN2JW&{z6b!1uLXDCGF@*`h#YK z$g^}uG{Zoj7gjC*|4h}!h@5b|-#%8>I1+i*ZhRr7i||vjd%$5_>-sGY%5$rpneJ6V z!b1U_o^0S_t<5dAQ@iX;-V24DpkPt0Z{kT4q2G4d8`$SK#Mb$AOL7 zjoXpGm6`MNiS)kM{B9~rU1@qYH>6~;Hu4>N)klPRNz3mVTl>nV}`fM;nP)MAP)DZOU@q!37*kY z*^u7AWae%RC||uFJ8vx6B@A3&BU!SGd4QXCbxrXX?Vza-a zp|sFrpNm1|6s4(~CLm$eS>uShTB%ZVR7h7gI22JPQBZ&iua%UjHT$qXOX`^FiM+VB z^lqRao~tW;TpDRcE*;}zVg`pbwT{+j)U85`89N+4z&at{*9$Z{+qF1foTIT_YJ96) z^T-v)pR>h$I47pV#)b1{VrabQ4Izt^oscCAPh6OE`6C$qJ}vFq&Au6$UnCpkr&Q#;x zk-YF%BQF!0nQ+ms?(Oc`6Vs4wzcfTY$VoKOETzg^B-Zg3ZNHeTw+rI2<{G*(whC-e zvBLPIa+IRPwunER9-K;B4Ijd}<%O+L5#7aA)(Pn1$l@mh_@+wTDe6ByY?K*a^SIE< zuvY=kFucDwp=an}BN9^7luK)fKYEiP%^?VghehrjxO_6(AKfi<%k#GtY{7ANQRQ>n z2}8?bV8DibBYnNK_?gs7)_wQw+c(K`V>QCw)e(Z_X&;otZD5y!^7C{)zy->5AwHi<72hN~{g`34HDz_YAp7vFNC#oU&B-Yhxal?2w_?&m`A$@9SY z7S-!iVLq`?Q&6ZSp2Mq&v6)Pu<&FzRA{Da%B;RudeQ@WFo~hZ7_)2g=1m3j!@c(U^ z{PWL<$4TG!kaRqx3`u2Dd`UJvGYBWsU6w--$*Mi&NA|ouisOOs!HUb?Tx})yo>&My zHVR-6SG3Sz<3+AA>k2HsWNBUnFN*A5 zX%@yXSw-@so<#3Q0c2_P6Dz*tVOuT!Axy3~>I7Ai!Qm*JV3N$R6M5U)-w;{811*?M z#;>i5)2WFSb#opW~hqP?yuz`LWalR+fq;+-DH8YDGidQVn*rft%zmOi=rTdw|R7D5mp>9 zSQ-`l6QiiJcM?-X$dLMUhc-du@NTj6g%371tl>(X0gTSTkYuMtbOl4o3mhFRh`dO1i3e?&n67zSy_@vINVt-V2+&TIS92MJ0w_ ze_-rD_#iv@5U%jHj3xx!MwA|<6DUJ=0?@c=qi&v%k(rGWCQ4twWm?F*>l^xHVg{o9 z_7T9+F`(ZU_%+5)NkxVrZnZl=!V=+hvoE$e5$-Q^lqjdge=(+*yXAt!OC>uxc zbVd^B9b0G%HbkIZ&9{fS1AcDY<+aS6`%V3vokISU^1cFRvWc8tjrPd}lF=7bbxrYxCKbNFR)UgVz%l|UxH=qa_LNCwkiX>H@H~V> z^t4U5=JxLmV6y9>csvE}$T9x4iZ84ogJaQ6;kB+<2b;uGhCx*j3D<$wz7NjnLWT8T zCHcAy`W?7(x4CtHUMu7b4-k7hy9R!-X7^addhSBF7dzT(N_5$`p#!G9zX9F$8$Jd% z_BxRc>_{EImzw7XkJu(_-$dQ$+R&dr|5%p0Hj8hXEx&|rzV%J+FDtNFZq(6e+Txg_ zAdI+Xq9RNq(*YZC@CKpZliTsT-nS|C4wCrTjSDm72I4l|dO&jgzJgo~okAi^;tMWV z8k3(@8rSEo`jsZXEI&lpmo-OxR4vGCXPj$_fFnrkS zg&L9g>Ujb7>6tuV=le9eFOU3LyqjcdDX-eXOP)Lp;98t&u`2G2J#7hiQ0|`EWL6G| zw`Trcgca+;1}3lNv(%IoU5r-N z7V2hxH9H?0{jt;9gbD_7EQl$=mjJg2%uw1euyM`goBrtqUOm=KuK-FS2IqBw`HAhB z4d*94x~yP{JTVgITdXmiPQ2N+dC`IU{v~x3|HC;5QgTq9KO1%|df?SSZbPVc1IEoJ z`~bp@(sYFyO--(W2Y)|_TEaLr*f&;#YJYN$WJ5}kZgKe`x-!Op^|wGx08WX!GsJxT z16loFYS)-7#DT^!nNrOkI+GMnlX~%n2FzfDS7g3s$SN7LOVNL^X zIS_5AF_OrDXpO-Py_KGCDR<#=tj0xMxEUeCHu^o^8h&P#52)3Nv^@yYPK2|5^-znw zJjNS~Y71jq4`8$yV38)o_nU}fFq~bpFX#D9rkcR_FrGFt8T6>k(`JoNQWW}bGy-}A zZ0pzmdI!we8dF-8-~j_I5oOW{JP#whc_zCTaly|-cs)H|3DK_Fy|{f5ZSh8l=*2Js zjjJ9#17w2E1Y zgwqnj_eY*+s+~`4s+pxRf_5PW@Qcml>$JqY(BF|#E^Z{%&rW!TA_T;}<3#?uS?w&MQVZCV+4Rk)E zop5kcLDXjXUL~T@YHhvK>-D5DZ}d`(@(b}Mw_TR(1C8HEs0kSsY{WWHW&M*BCKwC&f^+U3|wj z`(_d=>3G5w8ZmZF)fz`#IK&2SU8(--3U<>s%<8xg;v>&grb zP@mNG8Xf5>H;06E0R-1KQt4GxWez?GoOKW!pf=b=L&kGeZeSjNWM*oe=RrCmCfK{qpyePsO=1n%P0+B0Ju zTFr5T!YOU(^^+9C9O71aehUbtzO1Slisq*?rSADLiK_ip_f^Z6%kM@8lJTK8_UIez zM)Lwa;#=~*@@;dG2{Wafs2#b%`V7aKH9y{L6x^0vSw+rJF3NkWh~oY(`*t zW~ER~nZk*>#skPN{%q7b`4@i#2ErkYGdizOJ`%yUp`nd0dN4A4*6V1)TD|ck*{OSA zdQBxbS{ud;)J+X`86E7Vpu?EOAWMLQatWUNmAh;Fye4<`Y8Jnh=7w@(Rw-iGs2)Y# zpZ{DQAS`d+m8|hQ%<|V*d<`5fGjdubNPk953gtw}5vp&b=HZlAj~>CKCaUFs|)bTMX%lb0c;g8HZ|S3KVKcOQU!SZ6`YJ= z+}0dm@$m5-4l~^Tfcxjc@8Ku`bXy#uZEbBwShK-HEG*}1qdLpMZZJuGdso*+N1K&; zi#wOPBxYy1G*0C4->f~i61xe0>Z#s3v}TyU0-sH;#XmU0+!6<7{;3m!=~h?)eCKTT zxm)@C2)5&RUtX+AR=1}6du>zDRD+#+?pD_vJR2=}wQ`8Dby=f%2<;dz-(irCD3VTw zH2RV8`2wK->++%nzZ*q1)u;y~khE`Tk3qy>LS`d(gWnR`FzNQ&BV66qna zUC_MB9vz|n>>`C-p7aLx8lEPLZ16h{hUj?tf;o=8t*pb7}M~k>%hF7uqW&Mee zN@HO2_jdwt4_Ogy^6;t*5{X{j8*ZfM6(6j_vazC-xm z_8v|SG?9S}+TrhQasCg7K@vBWBc8Qs8XER-e0koH$^CQZxu6#W`^DNx6nW~?Up8$< zCvN79+Yn4@+C5k7b`#D#&(%$}(gYd;6OL6~<$mDq2XL=lqAWx3{SCLBjHuS+!iZz) zT92{o<43TMU+D}BJP?gqs>jR1Q_g5Cg$q?yw)Iu*GIh_$7>uT8ymiAc8RCbPP z1$PzEqI4U7`bXSU-0}V%oL=GR!(rN=pVR-#BGkP`=&F0w@mnQUaP@g6oX%6FzqO`B zC>{^87LYK^1$7_M#hVGqE>Z&_Qa2z5QqtRl*z7UA4(-!XkOWZnM^~I)CN}Zk*839b z(>A(!2T#el^s))Ri61$^s#>)z}J zV!G)cGmdeg1*wd}g1IEs?(Z(4VA;Q~TLQ?|EALbKn{5e&xqftBreRg<=j!iBvIgc- zkLW3+CrHmfF2ym|c!I>QEbbB-_>-vN8JNk{7Bj--?RIFLSu>x0pMFZYbNq&Mo90hA z=!$ZB)IzJ1*4c`27~CEq!>};8kZMPAZ73(~{k>NBvdi4+_ANTSgZVK-$NameLCNXL zO^p+y;n$I7Tl%aEw|J(bj3~G}RD`H(nb5v&=uaYD$rK%jnE4McDN7iw^Wo|10jTJ? zIoLHH%7R&FUS0up?1qYBHPHm?Ag(Aur$yph!5Vp)QhP$>H@=!E5YhL<=1%7d{jNmC ziMOPaAb((AkJ|~C^us(a&79jmg#4WTSS@q`q=*zH2O)P?4UUsn3WY!eIa39n)WAsc zp}x{=Z8Wq+7OVtljpj?5DX115S>dz2>!G2vmM4n4HzHs93M5@*yDp{qX$(&DMLh@{ z`!;1t=u#PxS8-$dO6^N3ruhpIbx40Z;`56efsxKUqH4?l^&^Sy8*?Y9)_*-P z2#{$ejv7c?flhLdxX#|M6M&ww$lrSoqu)M6k1be$IFzS}K- ze0tbBxOXK_He=_Q2<#5u8LC0YdQ9MNCur8AosVtO+T2**-rhj-^5ygcchiII-aT?{ zfZ$0X{HX@1L&bM7VCMQ?bGo<`KXOY<-P-UTxNnAxQbSK?8hZe1z&07&CcL#}*Y!ur z1RvTM$!!6ZZ1flR$03l$1zh%~f`F@9UhqhbLL3#iym@*!iH7B_$8@rc{W$>JNbIBx zSLyOF==YW8YC+B++0W}E}pm#6>hs?kC(}+Tr%KzcI zg*YbIk>@GFnLZPf=JpkY?93cc60>a;r{GZT^gpB+`z)N@{EDG*pt-Y42rSrr&$?@YX_BhNQU9YJ}H+RNztzYMCsJC3Ie4! z=xQA$#$~q|tx&O~k;uPlnr}JU!S~x5FK9>(i%4jp@4j>;gE#d2SO6r8KLU4a7l~n$ zPiT=W@62l6t@BylK=H8M_!|Kf3$jNNnEQ518D6&ZKV8ed>gR$_5UHa?n&=0~l!cs# zVv38rF)4h@mE;K4Tus8{6O%6tID{c9I&qKAW+43pt60ERphKf0A7y34lI-M@Ux;lh z^!A2ZluwwkQvdNSQeC)hcTiy3}NX7N@>f!N$+6(NJUOzD;Cr7KLVVFw@ zmH)oLcap)O8>i~K+?Ub$Ge?}beK8D|jL&ZOR@-3{Gck3T&XdHf<7rfawPy555ABU$ z_SSK<7!epabUjg2K#kvdGEcV-K8v~My)#{kI=8;9PuJ!=nu47#9siHAw~C5-f8W0m z1e6q{Tab|MPDx2=kd*H36i~W5q`RfNd+6@&?jZ;MAKc%)e@D;3!y#+Q8s}YiU9Zbl z@s|$L9Mt4NmC;!&htt6-r?m+No_qp()B+~|HF>4C-I&+jga|7xm|sPXBQskN_UM5- zgxb!_nYC6Mu3CInuX}9c2HA5Pg<^sm_6EbcTbucqdnLy`F$;}rpmkp4K;=%#-Zk2< z4^VMN*A&a9a!dNFyG9TG=KS{nPI2w)Ob*PtURnjJ69FOO0`*23ZM&Jhlo0p^&-k9iYn-!?Kgk zm*9_byhtrH=kHSMq{<&dP*7eTRqX}27oERB?C-d^a35_>B9F(32NE3gy~Ark9zUO3 zJ9z)-(@)n!>W0e!Ej&0&C}r0NpH6Qka-X{Z7n8V~NNUU7pE@Xdx?_O~i|R!3LL3O9 ztG`tDMS>PZdeI8Vu%y&%^qA;okNLiAFrK!C@Z&@4kWZ$C%;>Nhqat^!P^!rF@kZ3Ouw@qV#@<*989T zZdFzrP9N~IQnTWv%c3({{oAMtemFhj4K0+3w#_3lE!VZGnITU6+4rmAJm4oN?u5^l z`8D2ZfNN163~&*&Mow0LU7r2a$*=U6EDwYC;FgG+JC)%5gtgC;5(+aBfkkwqqQ+r# z6xMMwd#JA~2ZKB9RPv|2A5Yr`g^eAtndf)Be^BKDftZRxGga}cL!L@ekMOUieF|S~ z#JwEMS<%_}UG9T?*?ZonrWYU+2n2Q`RY;7E`#t2iLlN_WGpc2U<$&1@2K|e1N9Lwc zagNm!qH34sEpAc8Hn1IqjdArU`KYs4$VP)KEeSk4DyTG*GMQtR&c_@^%l{}v-T%~H zkR4HTAzQ0-;-fggq09{vMQ>qu5`L-n5Kfmf!@!FC~mIsLIa z)#dUx3GAOhNjAj+wd*iAxzmUn*r0lLV~GTU6!0+v!k&YQEpFFq2M3^k-YekTe94XR z;8V4+q}16Rn03F9fH|VoO(Yn40u2Jyy?Q2~o~6pTxqRpHean3AYnI@r4t|!(@(Z_ulE^dM}87G;CYR(A@=alh_aF&fk|^ ze_gCNT3ZVKoxtB#A_TK(t-al@8|H8nhl!zSqm$(T)jvw}=yBo1TJ4FL*MztK84Q1Q z80Nf^mSvFrtUIp2`*5KqQughIMnO}K-!*r9p}MdNlGFI&U??Tcw<5!rPCXc_9|!u{ zM(Boe5RkT<)}D&Dj6GuqpANrJ(^DQ45ETmytb?V080C8@L*&yw zR`Ed&_H-bT`*+|Jx%c+F7X%mP*cAu+nUW3``UZN2B{!5X52!}BjO0*3Xfp65d=YA;LXU#(b*(_df)V#_G?rgz^?TvrI(^C{e&s+h69KdhqQgOhlmM@*UN#Uj>PGeT## zlJ?E>dmmwq5fQnj;rLetZf{{q)CKv^UgnS*W<&@wdIOqAhW=g z(7xMr?4e7{$#;;ql^A$4-1{S-`?2#^!blj}?O977dJT{Nf#3eeQ%Ufk`|ZIDTRdZ>RH-!RQ#45# z=I0O>+HfhL;-Bp4EsJx|5S!lh0#exw0qR?i&Z}ZgwXkx(kz=ZK2Rlm3VcSAGVD5u* zxzkH-2?9`vJABX70Rb*DAiUQ*2yHNN_Qsbc;^@^4@QIx?X7mI<>@7CIYkS_ol7~Dr z!%D@@8cC-X7;Mef0q`nX9SH2sa8kH9F+Gpv!pifb>cEizkZ6%-dw((YP8Xj$as`n_mF?7A{iK53mt<>$Y>RE*gGu0h|IpT~zX24Hx~h}b_o(O? z=0@?e_1|4WP!k!ByJjY88TLnW^j#j7QDZmd`FpoVp!0sq84lFDAuAe>h)%lWVJ`;c z3Mf)n!aUMNCRJ0s`8n7SsG$CRTi@W=-(-8q%4@YHk;VE$GMlCE+wzugY7DsCeX*BR z9iX7`(jt$f_EGnd24NSUiR_LY#v0xqWw9 zUg&$8xhRhN`};Pw4M=_SEH;OWWO{`NO7~TiADB&uYPnsrbU1F9BN`|o;P+c&8A<+* zhu(ytrLW~zH`|$Ef0Mu`Lu2D+oB)pA5?C>Yj=ooo46DqwqaBwt(c@V$0v;eF zEO2-Gcx$7D#CHGRLD_(w-*|Hhgzey9kbb5<8v|NMfLGvgOWu0lIY>3p5G1V`vgW*D zGdcafRe?`Mj{Dmvv2?pnh~xT0Z&TuO_8uandsL@S6*qPK^OA(=q__B^b;1v@kQ(o# z;LgflxCXQ`zHtfbaI!)D6&8yds9bK-R+$@H8Fz>X7|;!&p3E#wRyXlhMXa&VF9LJ| z1=c!{Eb3Jz9Q}oS2>KeID8DR|f%M5JLT-dg{&ZHx=m*U-& zWb2CG#hh(R7hh&jHEeCp@8-C0DiFvI?xg0PMpD!~a&X1Onj^501lZrVrGyHdT8Nko zMK1f<-?(h@e@=d9kCRpbj33rauW>g65(9@r*TS=a}`(Cv&%=$|`jGSGLd4jvs z-`lb`u_wQl7T(%J5lyn+mUUrS71@%PnB8fesA;$o&=l}Fc9(-Wd3DR^!MUJXUuq#U zed-5VrewDx7V($pv!4?Y$>Yw3=xeQi(!o9;eCF53CI!%!f_vAmhupZ(#a|L$GNcG2 zjqxY?dhOvc3`qJy$d^EYM7Yu&Dg3U(_9DW*;asPNpbwbZSj-h2!v;PYu4 zO;@elHu2!Y7MatIicLz}yI`O5MsiBo zybZCPVFaE}i3dP-`Kja44yr5@r8j>xjpjP-+tO^w(y`6)y(2*M{AF~*F3&Bz`Qg-$h0Y{3$=0jROjb zvww)N6e6U4+@d-=9GD}*4=6R1b{}1tD%A+H3NgDm66!kr!a=?nY{f=eNokrNMFlaL ztlT&w>Rg? z^*-Uy=$1L;(0wqOOk?sHdR_%>6klVN#ptpTb3PVVW&b!*LkMlt_)zp|WRrkj4QCWM~{ zK`AciTK)Yq?ycFn#4UFay1dXnKf;9|HYu9^MtWn-1eWqc8m`J8wDd0;&subd+fDnNs*VEpPmFq- zbMzI+8dH;c&t(sY$lz14< zwOZCA)U7?83nNc2>wP$tRs}1oOE1&g{dwq=%gelsw%ntdkq`McsV^^3U7AQUGS&|b zo2^)F;YGaD%%)xh6w!OO^hxw=KZ1!LkzY;lQ_YQDn7~*M-$6M~HNu=Wv%%i5(Qtdq z<^5I(|8j@(#&x@=bDTw*D;?As1zRLcLhr$W^vpTi0dpK2{^9QNL82%CND?`|v03}a zvh2pnlP+n7^e!_xgzt}JV}h7IMubna9B%fEtU|-KJ@l<-|F8V6zwTzYd|q4~k=o{HG=BVot@~Pz4Lb ztg~Wb-uqQKr9=)k>2!KlWpBOa2jQmuPf*n+dvIXU@VH}#i~ciI$v6H)GOoW`Ml-JF z7pQM!8*74Jg`K^j_macQyjR+Tl-}g4D0-JlY7w z!_(WzNEtO&U>{H)^9)u;>)kNhAhv3_$QwYd?~~8D9XynG+eyLZR!#{6d<%%s`(<3< zXelP+wb|gQ{-yJ?*jAAvh~Lv3#7X|+TYO4NK+E%8xq{ckjqNsMKV~)M_jZ$NL>Z_6 z*07My*sokiXF>Mid^3ERGa)`ag`?_BSd&-90}R{9caBr0-BcD@bT*fbO4Ft|;}lsH z<=tpTw~>1z;3BB=njfO{y${os)tANixl`7Z=k#G4s?0!B^d6w+ISsOJUk;EFIJk9- zzvWH?`WWn<*u@T{k@=++0;EQVsC&1O2@~^zUZaLgj!pfk<_kQjKXwjbzG@I4s4R^Ab6*-P0_Y@Cy2k2pTkqwkVN||In$bqHzzSaZ;mW;+R@@BaaeBv4c4_w zhPK|ii3)OO*2vWuCPx<`&k9`dl;~Ux0}q z1G*YUhaDvVhafbBeeSmARc+#x&U_(~FcJ}%i`i5xFHGy^jp7fFEYBT?F$KKY7m>3t zpawdc0-mi+SudGFo-F;?O}(;}mwT5o%goM%rF#8C|ItZ=`7)nvu4~X2bt2!Av*CVa z`@9)I7j=bYNJ`2a5j)*qD*}GXI9EPh+J2GV4iYttI1&D>wZ+U6N*d+U1IusUAqb^|+za$CvH$K(6yJFn_?H)tF;| zT&|cO9=+Z`!c$#?>0mHCGNQ6#4mdma(1@^qG-NAtju0$MR7U(arDT(T$poWvcQTZU z-vX)N8EB3AqKo=b4#g1vQF{N)tHxRl-9@)6N8S1r9Q}=C zDwDWfddR9=|KhWn*P1DNjl{d;bu=8}~KetL!@WG?rHT-P4QdGCtyd}uIa4G#CR^ww;kV%QJE^Wi)Umo>* z+wb25+xHRK|47i3(~OY)(gOpB7>Md<(HKt%{ke_s-}a(9DseadctM2c;n9#|E)W(+ z@sT6V!uVr^-#f?bqDaeTy3K$Kr9FX=-B8KGA zBmYm|HDjtr#!K(5a5Q2_YWG%pPQ5A(pL7Z~Ve#aIFKo1ZcBhnD}yiP`2ukEp`w zb>H6QTNpR(9IKVia*@1FT5ptxo)S3`jKrjm_)OwVgyVats3M%wsh{vaG3-=do*0&H z1`hD|<%iqN1%QtNKu*+ID$vmiRRV&>M!=XXz=(nhk5{$y%tJ=&SYVd=HPPTWY{A!) zw>0pT`Q2ph!DW8!K-;P4kl<@;SASTzppmn;=35-!A;Kfp421uv06Bk>{$<;Xh_E4u zzxhC_$ahOY@XQ8%7d4Oy*BLo13-k9tiHPJt|Ep+5GMhuF6mU_qF^B6(Pk0y>QS2&EQ_fwng%6e&YuC z1JpM>8kybb^;)qo9|Jb!YdH6)V>_f^UkwXJ;;m>cz+k}0X+m4wLg^Ji3Q+2DECB{~ z#^|-Rj+4%g7r&c$7p2kO0R8;_k|2P>^?`%?CmGTl$$#STiFN1y9ZL}rr%&%>KlJ#K z5x9vnLd8h1yM==LeQ=v4vk>@HB# zrgHOVgUOu6SwlG_O*a;NYIWkp;)8ZDsOayAvd^fHCo<7${Ms0$U|e6AOc?#zdgc>@ zY_|7L6%0BuVET$~xa_oa>lR4=PK+0RT?y*S5;4F9hA^ZDO^(;$0nt?b@D)1ZP$8Y!xs=!C z#TzlLkRuumG%CUf!`B)&0C8^`-X}^+0op%iy|KUCK^IeArUx8MI~<*j5IJsP226wU zARWsUW?6W}6IqHu*oDnmQgw<}2^IAtCrf`NvOxczD+J>IEhReiI)*|6Z2`&$rk&@k z)x{W}DvDyxkSyVJsHWkW67~15!l)8yKZ9AJ8%y%y&>l3{c18W7Uf=y&#iL^UVafMJxa^sN_$&*&|63^9|N9IZ zzW4F(>s6TULcCsf3d%9>(S?*(G5mtd>#l*{4+AQ%MLTlqs1iCdOYtg|h{ddesiIRa ze2t7SmPWof<^dn-oiaQ)uWx23_YJnxn)KMv9$+q10Y18lBY)qt? z?8r5_d9q^CZ?bA`d25>59U8pUU`V|*TVb4b{3pt7RQ3S>I51ZN*Wx7Xj^iYanJCO< zA$IU_QJZjadA-y-dqzs8$SKvV_foFZ^8G)zMHKn}7$?d+z&aOE1GM*Y7Xx-wAC;kb zYI|6!6w3O!{tRc#N{h3aD4|R0GC3rs#_;dPuVN~y1gE*+esz3e#YvW&F>V$s#k(f# zs-1kQXkiB6V6}pTv)gR4|Femi(WC71cg9)L^BYc6Po4dV$?|NE>PQe%qe}cLt>E4f zm<(ci@ca*JgIkLhCYm$0aqGVi5PW^a?*m9l`L$>%^)*-62_qb$YEu)joIC8*RW71GwiK z3od}*qa@%s?yjPx64q5-YF@q_OO!#hcDgFRscT#VWBTapYpdgThAeg_hvbq5iP)^3 zW_pCrP-aQ{`u_*{zpJSFQ93Xva?pw+B266jUGCu!)*H2*r98BE3YJMiqHa=r&RFmK zq!Lo^Aw{ht^Z6=t^j&(P`#{l?T3H=&j;VUIOJ)wu9J9K03;krpc9u&Jbv{Kp>fZ-a zWfH4q=sLGCKs=6^mlNf{5NwgC^ck?isrCCoHH@dvtcXaIri?0B2zQsSAR08)0X&^P zHfgx9b$kQA2w(qpW1&jyr=8QDr@gKLRD|g|1_yJLU_zjDZkb`XA@i+x<-x^%x!7p?Fyw-)7x>+`JWqknBn45Xp!=?vUT^ zsA>de)Iq_o$;#6zreP(FKKj!YcQToQQ8cka20E>BH*e+a#-84IsK}6EDQ$a z!;*xK8vwklUE!Gh8<5!JN}qAqzmY>+Rd?;x8-K;Plk=k#BLzmksp8Q8o`DyZibcvgig)7%+J89S4?McosAeS}$4?x6rv6N{cX4Dgr1sA5mIa6&_2VpsURD}RP7ZsQ zWl|-Luuz;Ryh#1}dU~!Tbb9oILG!tKxaB)PJBdC-fH#$KPKAJC7YTxm$*W6e=AsM! z5yCvs0TERcg7;g5_YylMYs=IIp-lZAXh?I^I!vp0;z4a^*yhGLB^BL@%9ERvXmcLG>>Cmrw747~Asn z8X}$X>#pn2lp{(GhzGK$ce@;=oa!q&YyY0$q5%T<>&nd^+#2{Fx=|gCidZ$O2#rlg z_@byK4Sv@a^t6*OQ(@lqi9|_vgFzO+ZiWk|&OjL#`0QP>exN!%w8P#_x;TMK@1B)$ zj#ZW8fB}qFQyTRrA3gkw1(M(XQ}sip-ZwjFKda<&W2z8msr3UZtQ-pgYk_k*w!}p3kK2-Ip(HvVzZM{nX+g{}MRz5PmAYsd7}M1mLhX7=~=$8Q-AI=XdqXpovoZ zA7d&LiDQ0^814_Rw4%h2c@~scXaZ1*dOlHjypL<>`0xoNaZYQ@_zWgSy_xHz0yF1E z-T&Fl>;NWI?9|ug8yypvpqDGeno)n_&DGunOoW7DLcX~EL8Tf&Bh?JkN4bz{7^c8P ze!S7ESx6f1wTt%CGNhhXg{Qh?uSUF4x-TBx`|_f8->v+neM6udu~Hx&+ugFWmZn|j zp~A(Cq_KZ6@8sRH96Huv=}rHZ+VVw6MIy$n zG9psz(jtAqWJiLP-pYa7l}7yamfzu_@#c&=TCL@GXCc)N;#*JXA@8Ev4(Dp54 z2)Pta%h}YMyCM&K@*~54DXkW2OETMuR`i~om1qj;eAO`#8P`+Th~hJRQwHy{A$gg# z?WdAYAlV)I-YL-MIKgjP%~lAd^b=@)&3v3tl)i;Z)RiNe2+j`V_~&(B?xIO{E5KT;l? z8q?7~qxm&31Z+&gYzwdpRBNIv>HHY=imV+>%GwmFE6;tlA9Ju^s)z_~t-ghI+1dX( zw0y=Aj_pCzFLcNA$EE11HNTH^xBvx4nU^?Jci&RpbiX2z(d0D+ZJ>}xC8vPFgsrWI z910rdTxnBA9Ze^e`a0VQ#t|w{yHPDj0d1oLBgo;5K6-&Y?QEVV$ zRp`!)8YLBDsfc$IBiRZ`bZnX5i$F6+oc1M<*S5HJw6I2vm=vT%1huM09bgc<2^pCS zaW3@?kybk@-n64M_272{(QmpAKF~xbV?RaO*#IlB(Kx<_QOYH3XttF=DLCZO&@kq~)&A`iKg$I0VoiEF)72 zQvKX`ggw$YeRt73N%gQJ6M2g1Kj1y+ufz3rBH!7nhe zPucMG^a%dFUEHZK0F9UPzxP6k-3jXtW*WoyfzUoFW9-J{pT~oFn@RjIjNr>vn+6fL zv_Sz{aglZVx5&*pcW-PToHl25ob+#Y%R5w?N#O;&8~N0Sp!%M#Kg=BVrPd*}myB|3 zVxKp)S!n!Hm*c=-NKOF9W1WnSFu0{FHf5x_3}^Jdx)u3$I(wRjNTP#74KFgRI{ zG69Xu?MR$ehdf!qB7Z8pL%!LLnnm02{EO1IjY`80jJ3w&is^)H5rA3V*%a;~p9R^+ ze>_v|7_wG-9`|a2m!f03ZE65bY5%esPtHa*?MUcSSLe-JZCThr$cW#ahHtwms)Kn)L4FT;uCL{^Vkv za()~ggyWIm683kcqfy9H_*hDSEO4{x8BVlg+V_>?!l$Qx=1;l~EX*(}vl&MxfTLkf zcm`F|=!A5f4fNg6#uulL&#`PQW{cba+6@nQOI1{ev@&kgIE(Z26?&?(Ey#Y%1I~Z+ zML0DbK+xgG<@ST=NxD}c%Y^>F^)=uJ;sN1g7kE9o@2L|F-o@3*yK4UU=w7P*&NH=->Gb{nv*qeL zyz{1Hu{0cB2$$LxZo#YwZQ`xV_=5#Cq^(ge&XmX%p+mG{pYv&OJ?rQ!z+22=z4q`& zht?HzS80be-VWbkkQ?mcdS(KnduYCuSkzAe*}(pLf#>3zm0W$pTh^b~riF_-D0uZZ zNr8Wi2Umkv7)JYYUJiKA^!^2g z+cG5xYZ9Gk+d_4fo=_^RU~Q!}n`(clf1+ixx-D4jSLF54L}qtIrjPjIMw^D@%ftPq zuOJ_CE}`muwMQIi+$-BVM=lV8Nlkg|P^nFUN0&t@>8EZP@JVbSS);i@(X*K7v z0|RRTOL?N6tnonLGFBW07e7$^KB9ffkjF-opzkGW&arZ(48^HjksX*PTb}tTw5hc* z=w+(S!h&Gs9!;10_FbU(4izNDU~un- z@ByT<_KvxA%K5!nJpM_9G>z5hXQGxIcVYQj`Q#@oBtZ_K=I|dFR9+d#`NE23TRAA` z=1K-jv`Jri9qjVheD$id;UbI!iQAmhq6BAU$+nnzj?EW+CzG!XHA;0q3=2GC0Y6a~ z?+W+{IAP}o-5jnG?s#L@ZL7J2)O(z8$fHZk)Y+XI4#N&nD9I?kZn@De91SQoe%JPapbJ`D|C~WD=f$qE=-liA zyXPSOFC=bKmP9}lV|Xaj8Q{I@kDY1Sjei_&`gz;Y(dpv=WWL2NgGMW~ziatF2U^05 zx^{3?2mA2U{{Ga2Gng8YCocsNRq~I;*b2!?-b(x9#r~~URr%%R?cP-3JWZdHZE~r> z6vsXjCM2s&DGqW{N<@Cmxaby8{^B8$rChkp{m6Mi=P=*-U)-zQ2Lwy910_!bO1HtT zsScXaRiQkyG-*k#gG$|yO8mBXHcyNU#7Ji+A(n0IpT21DM?IdNXTMjR85h0zkdAx0 z=A4yi+hg{o2Sj7T#;QfnkG;>CtpfF!T=yj)%CUwK)r<|ooneCsqJ=+siZ9|4u;6C{ z^apX74zH=%d#!qVM+G{YgUUCq^NYcZVA)rIHuvBbO^$2jgwn#{2 ziTZA>|4oX`S@%A=j)IBp-fX(4dY({|3UZu6)dM%R03reJw|B?dB=6z9=NUlcsU4Y~ zZqJj#gtp#<^6^XcYOEWd4VT?DueeKc|q7rZ2#B{2=M5Yh{XHlIp(ti{8~O~OEem#_6k z@}eXydb3EQp<8^6DUSJvQiV{foeW1-D9eHYs2DE9x-bcobJaRxlbdhazcvSW!Y{=> zpxj6KlB1SAsQ0Sl6e#|k%;&U6*mhFv)9SniZ%r=Fuwx-4A9e4cUh4C=z;@oLx zAz%-?;G2)KAe{q23+Wkj%3w5_&n0t19vcLd`f%3%7|(piI$r|Qo{&DL*M7IowM$hT>5KRyj=A3aLNN{#VO;0wVDt<^>UA+IHg)b`7G6@g70 zmH9dC48I8bPZ%W7#hwfO2|bA8M7dYq)XS zX0$mx?6z33FSR$Vt!i=Au3xXCszji}jF0v(f#`iRhW*{8ZpgUto91kU&+3i+_xxyl zaec;37zheNF6Qb@d)ac^y8nt|sT(12z?1HRX)(q31Gs(8nZqAhEiQ0x@jEM4`cDn1 zo%#DU$D}P-QqwCg1@ou|X`AQ_;`mkRPXxQ&S4o7PA4_M^Q@Ia_|Eg%2z2v3ijjTHc zc976{0Fa7hO7nZ_H=0#F8B~BLsz^u!Ky9UgmSU_oK7@`~kihL8oPCZ(+-taq~{lVZZ1BBHoDFo>77Lhkv_P zO?U^oO_d`4!Cfm2S+v_(wY&I7(`-x+^mWYx)>_g@qa!50m!wpdjhA$~I(8+1iUv%! zp?=PlKptf1D-6$jttTWNylQi%Dqr#*N`QEBwb*@)wYdPhiq5+H?PxG$YMR)O!YfGF zt>gTpOQ&xQLBDxackl?U5t#3W^7pLPISoOqNJmtVt2y#p`m^C&MB*W(YMncm$u zDjok`@dnm&>VnFeW2TxPvB1_;JLF;R`ro&T&t?!GIV2~cXf^rJysmpZL>Evy@Oylx zLrfZFdnn)Y1anE51wS!dm67~z>W4fDondW5C%3Qc85|LhsREYvbY7!@C{TDy&yOA= zEi;*&H}m^t*Y8T38<}>qikh~C?qfW+>VeC~bWgeR$?Z$y z_#x|pA=qASYAr(*(~zw;ea%1v8C~i{7gz1b9#_f*wDWcb&XSxDep1c1;%Ql{K=Y_Z zelX+S4dIHl0Bn1KfDQ$?&47UJXev`}OO0u72B_Y+3)T7BlICiU*sk0qp6%n; zTlrl^P#*_8`z@^36Hv`Tj%hgXw|yJYi!uV z!p%B&!!&PA49@U9ra0C=eJcOnb6RWJtR0O@HMt%&~|4oI34z# ze6C^IQdmzFg`UY6BY?R=g3(C}{3GYQxg}HanQMf2>Brdau5K}oYeoG>5lQcIYc&GE z&lgTBvY?Br^#oaS)16rt+jeZN)cO8admQ!py@%V(kG_R&P?YhE=Ew8kPJqTNe04Hn7 zL0;T|o8C}CgDf@OegG7m%2Bh|sM4sd=KANzT>8#>B>i29rp}OO|Klhc$`JPH=5}FX z4HMcfjcb=%>bTYA)RRvgl8?Gw6>zS@$ZD zPp1CP_e1sbMg-+;{(?u(&Igj3fjO@7qs#3|D*?jNIS6O=R4D5TRKcR=7 z!l0I&4^98ye%u8`6KH(*up$^9lw()Q7LT)1^{e0Z1)tQy#e2QTjG$I=Q_csVASJgz zzQ88_|HrrcSO5J*mj7CE5sc0YT{cS$?rWjhDy(ScdX`>G`84IQp34mY8G>IaZUd=pAwkW zTPxwr5Q4wuAD8~po+0y0c;2SvTN@=n%8&aty|GalaeI61G2K?Ji5su!2^59pLh7*H zgrh`_>qqdB<$sd@Clk{6cvAR*e>MLnSctIM&kS9EdzIPqA%nZHyL?PQDX40?3~vNN zFSh}EOlY!NOv9VnT?w7$`EDUQDKY9}ndqvsQ%A0+@vUn=d=A#`vqbx={X`Rh=&cgr z=uZYTlbM{|m497oLvEy%_|0d-YHchngn+)2Hs1I3WAm=XvEGwk%F5|{?}HXj9V_Ol zrb4G)Kbmjjd3du*HL&AejfnlkdqdM7TZa94HKOb8Tj^Mps>Xg}?V8&wlgo{!K##mQ zHO1XWuqzH7`~WLBs*FMQyMzI+W{>%f9rzAc!USb)`ti-gIBhZxg&XaP3Xg&}&O?lrtkEGAmiy zjnhcj)#{vSu%;#qOm?^u-OZb@)|3-{^p1&AAH}Z1_V29oQA-F^>d84Q0ZqYLT$-~g zo_@!`&99&_LXNjg2&cL8of^9i`GBc)8L9QcZf*-dX?JVcHC|x=*J_KunMcw)*Ave#sSIe-`09Wcc2^Cf)eP4br)?Ou@|&=*zb@&m>ntDKk>ytO0^ zjKXj9)t0j`YTJDdVJws`o28W&pq7wjLrjg(x)o; zxQp2Oo3^#8PT7*XEpcL)XJB6nDuBY9wMHsq<-QS|XFp(~W_Rxer|pvSzV*KK$~-9~ zEm}JzI3_>W71E~2x&MTkz;;Tue{OVpa-vetOY#nHpN|t1<01tfT*yY0a2%dsd{`a{ zU?(eXqAU~d(Kt!7=|jLjwpa%&KNb&I%Zr@WT&QVdG8u7c(uw_dDMdFP1_>GeB=`s> zLC?ciNTXC1?nVTTu3*pBG#>tHfE;XW-Ah>9OO?Vf3_&6l{Ty@!m0 zgbHUE_Ox;>aE*r(7IO}w7< zd4H)0G5s9z3{q*D_!0cw)$wk=l$g4s<5--byK#O)E$M=u-SgvgDF-^E_p(r~AJ9sP z_%y3dG5fOr*n$1`QCxu7r!{+}_wiWuJko)1Rg9KH?AI)>!7MPgbu>Bs(E~hgEb+do zU=p9Vvy?%Rj%NS)eaIzQXM7veu*ya zY53X=<58wf5Gkeg_4vccnm;)i>?LzlBLiH>YDy^3NDmn$dwNziBGbD>$pPJH84fi0 z`r&snsaU&Txo9t7;e*Mh=a_h{kHvqcKQ=ujo^@eXLS3Rvnz5BiB84QUw>!J?wLNhB`4%pu4o=^Z{yg6K=L0X~eC%cUM$Mo&v$tAP}i zg<%BofBRa-o{oQ{0sA?r1}kllY>l)9Uez^vb#&i*Grx~WB**)mnXCIJ@7XdDU`T=O zl!nh&-Z_uZN|mo+{X;$0JO3j>qt@DJ@gMkr!O>h|#<>bXMdv&1u04sGdo6yK?;vQ8 z8V__h*D0()sllZ-#HQ++ar>*Yjrq0Q!(St#upRKGbM-9hw68}_R(xR=jBs!dBK#+d zcDX*Mq&4cMbsOl9&}|Adm8d<)`wR)7kjUTf-&h2d%*nWK?1xW0Hw)lW_K+qyd9woW zsW7j}uCvc6=(GA}MhBjeK@T~SMVD#Cd4sZ@y`%5Pw~{_kU79_Cl(*H!a4^5e`Jbxx zeAs+izjg7TWM#b8i=-WlwJ)w<5Cc<>&r9mn)64aO6InAv-%%tGkZ-j@{k*dGcet)RH)=WGEoHzCg2-)Mu9lB+(2Fwjg+^C$#Ui$okF5{r8C4!oB~78Y{Y zh=Vyj9dT0cJf*0ek^&i@{Tq8kMA&IC8=T%jl|nj_)k#W44IgBOI|g_-iC9D|VA69{>3KhZFc|WHqEC)q~(7D2&t7+6^W8}aP_D8E|&5&{-_QT=J&0tORP}6 zpn}PMv?V7&T8J&G6L+0xS-3ul$9XkEU{TSP07@f!be;H2hUn0qXgJAOsligO^mRQ= zS~mL0@)tZ3tPRH=)arxJP`B^esg%T0Ivne@Xuke5&~3`BMIV|R8%|^>3wu8L71~?| z8i*HnX2!TZ3WW<3tr%18wwC)*+XL{SO~eUdLCU?JUk$-u45!b4`_$noMZ)5jz-M?@ zm9g_VfS??x=Nf(jP}G4#ArUmfX@EauYlT}h$dJDgNbvX|Sgb%M)4$++L=8y^6oI6v ziR94tY8or&(d(w@WG6YHW^Z1Cpoa)|La-=MLW~~SQ0HlYfvP4TFJ;0)Su21R$+6=Y z+5GB?3q~}xeQcU{F>0|iJq`PFy zX);1h$HEu5wddOdY0ZkdXl;&WP5xr1kxMkN=^M$Zb52I$8#J819VeE> zgAd9zOy;kwSl?B}*zCu_TA2_+KXE5)*mZe8Yg@a0mHYACJSXy*RbnVAwnTKd#OyEY59N*TD(y zZh_!#!QFzpI|O%kcZUFtyK4i%p>YfDuEE_Q`02UkUi+NqTyO!GKV#IW`l{;v&Zo_P zxTopad#Zk6^Z+~y9kcy&I)4!TO}LvY z!`3+gd|FCQOr&X|*Y`t$1+7qaw4#z1f%#AgCiaE5^dURDUjg`zg7Si7nFUek)XV?C zwWB7F4ou0863&8q+dB&pi+wIMBq_L)nJlQO$=z6Ycw^ikGDcH;(koeRG9%8wUdf3Y zl}k6$on1fJyNH*9Kn0N__Lc-f@wgV_!G2)-}84Su=$KERj}nJ-AZ!?&$IuKNoi8KLWu|CX}( zRc9z`Qg$e9$56Bj=n`;_42>=LL`B}9zkpGv&iIXjPo_4=22I`kr)EaVf{YY|ti8ps z2xxpxdt3b8tdo;j$TC>GzTGpTAifRiS`F7#j7s@-gy!4#mqU>O*%mdyF5-E@uSE|o z?@A2L)mTWncIONAV5<{Pyl0uYo-}Imv$+lK3LzpN{6?<1#8xK~Dv86M$9v@??Z0u1 zYgGil3yWk^=h2dy0#xF)_gjhYznR;~4S2bH6CS1)WX|Mp(d>HpF2{&|R58*wLs3%X zPAqD&t+H_#F{l;b3IU!|b(7CeuYf=y4*$jvy_D&5!iyrOjeH)jwuevPCam+1wMPT^ zh@~F9&pug=JqkB-R|bYoq023b^M2bWL6lNKf?nT~9!rR9IJ=R^{{2oE!*yAadkDXh z=IDGV6Urnnp7kY}<;;KI?3TUoO=*1zv*7Jyx7wAFGvJcaa{rrLR`@w0j;ZRyhUZQg ziA1lX#ZT}$@0HaY5`MRY>0+o6Qp!g{zENy0ZX6V@Th$6C_y`t8@0aXUh0Snp`E!f< z;IXetfk{b6lgv+lNm*?uoAbsofY`0kd#1B&j~bSY3w&!rIT43>xQBb?URs^E9Bfb1 zqM*^LF+$FepHm9$utHV3Dsl(EF}L#}#px`@-EdAJ*^;CmSyIhz{wHej%|aymuf!P+ zg2`i#SJsE&f51+r(>7t3^0|WeMq-z7k+ykaVx6rwB52VV>0s)BR#Z8YgC}N1itw;uH}>)xoZ;xz?buV}V@+cIp@qzH z|M+$@jM!!V7enL{k@Fv9I5(XJC;bB4DslJ&HQ&XLj2W~L*uSPqf&BM@if>um7%dnD zy)JbN)9?{dHi!usLH%VW7o-y`Psx;EtioTVb6a3_zxTO1T?4M>?tQa|0|x`Yz2Ehx zSx2&GvDn0uda%_~4xQzVQtwvncBkdi=Qq8eUxr{_QrC}noVfBglhV)=K_Q0G6L5v( zEw!u+hlDvo3|B~z$TLd1w5JTWhXVba+<3NH4*z4tl^UWKM+!T!{F0{+{nd0|7C@Eb zJ43>=++;0Q@%-2JjKFrbivIS&KWMs`g9H5*;Ox1Jw9zzni;3QTO$7_;05i$>88HIw zU0(_u!>5iOS(iwcn=Hv;QBpTer_~rX4ROUR`~s7_A?h;HnCZ5T*SYI(fFRr$dd7~z zyw?E!MLe*bT5q+JnO;jpDrg-}Ic(DY8P8_Q+hh;=Bl0B%wcaoXN}2%sbZ{X|F5R3sM>JpEy8uwC zEq&F_(i6YmkG40#4I-geB+V>oS0j#ym#+7#0i^#YaRl!fB6sHY7uW8)vN>Bu_X0aZ zO`w)8WWx(OO)7kv$wX4jCc+i_iG zFqoO*89rRBG7FV|ThwP*TuJpN&qgk*jq$Y1}N zPute7ZV{Pqx;>E3=JP-SkF&Qr?m)(q3dJW=E0VLbV?I5N8-D*`b5jVwAxxEcL!qd8 zNhFvxCi`bzQdy!=NQ+0dEa^WoR+tpl^mTBNHstqtFMg~W@YHJ)j2Mil=>@|C250>2 z&knaT^fUO)H3Z=~z- zZ-;|f+*(zjS%qt<#V@R?$Q;QBQKlNXqUiPJ#2TPK{}CK?-0GqaPdASEtG69A9SykM zdLn|@?Yt{_Dwgg}Iy{fsMF341C1xG{>`|(&pfsZyv%%ANuM)U7xkUI?{ zu;9VWV?WdPc!9znlyPsYevP$)C_Zj<=6-ZbG5-&Dd#R>0DUYJ_+K^**LMIXK2!=~K48fd`HYcu`Qe8BviF7Kvj!&-kzUWy8;imgD zg|^2TTyDy;pRX%C-B)!W>JvGD>{yGg{U=2EB}CFpo3fcz$Df%^9OhM-Vv~Ve7%NEE?uV^m zY~0zGLK20E>6)u-Mj#UqIWLVW%Jh#sk{`WF+qVQg4mhz8T#7bT)JAk0jHK0c=bXXz zK)D}#0&-><-VHxWtwHcT0t;K*8svjLN)nmXOrscS!`Rs>04sH)duW zK@?K)+hG3WGRTJu4C0N5jYZl!sN{R3O4?XK54UmWs1!!mj|dtkeju68h+elwGGNO( zBDL!Xk&)qNgW|8cT)#pQwsUdC`M&bmu89a0FjiZ8OiCjI*ynb!U0JF~1w?1p&{Zok za;SvX-zb#ZWNA~^t@{7?T0Ic?8*C)O`3arg!YHw=OWg7#1{a}Qjh*FR%JXeh#5Wx* zb-Q2l2Q{^u-aX)TA=%-iboTF)eK--JKS3}$e{qP}fr|Z=%m4~!E&A*@l;QF7LH1_w zrT`>;qvj2~YQ}qtc}ZFzN2KQsAQ)ibv`o-} z7!{v`{_KwzPFLi%C;?JIom$_qR17+w`7$d|LZchUmu*tSpoE)PVznr~eB`fs>=K&p zSp`SR@!1pCaGWG|GLAhFk9r|Sh`8se6e9g)=euirP7v+zVS#j$fRrcB<{V7iLTYXXS&a&Ik>&k9xl}X zMv&^MMdExO`goNeWewG4nsZM-RH#PwNfT(VzfX-`VVE%m)WS`S8U;lpp<*wswyL&N zT8+C+h`ERSXI=CxOaqZeTcSWp2X7=cIlkycTzMzV9Gm~j)d9Gr&Pg0V)J;BGIx^5@ z$LftLmpgFE449Md&DJ}?ehIK22#EH0l)fxha2O|i^Nf4Pm|9rC2D6<-c8B8rF&&jn zW7;{IDFU0nycfBWfH|W(@KE9!X$W@nXnOc1@3F0B;FT?!0KL2h0v#V>Goy$&xQ#R` z_J$(cItnQ;Dx&QBp~PdNHG;`J*dG`1dFxVLN5+{mHkgbrR!=rZ6*R0Nb}%o@9o8Dt zfUmB5Rn?|_?JK7pXS)ES>mYf6Z$o}sct3g?{Yor!az0pus2r(&x)_)vl^ ztEAE!kngX1pl)!1xK3@$P`tOar=5;gb5O|#{?V5$wgU;ei#w-nrqjSU_Q_lxWDdKS z#gY@}RM;b%IwjwW=#(RnlYPNsoh9|cYqI#y3dqjb!P<;LW35;qdB<7N6 zyj<;}E;lZ75vzqw_ME#JFW|Zj@;?iKD>16l)2I98dd4%0RLKu}5Q=Dvs1d+EO7{U6} zGw&aCOVW zHJH9*RU|WVBSC#CV`#cu-{JV(w~`t1tn+o6?y_vz8o{4a==8^!qQt{rcsKiBM`(I^ z7!C{Q`16#AQB|AbTI1@+23DWRrCe!pA(Z1P1=c({xf``TKx)Xt&F!mI=9X`Pce~yw z_NO@T;5@Ye{HM$EHa_rD`c7D}oQ;hSbwf2H2tQrT-6eI+Q;QxI!d*IIJ> z=1WWwoH1oE4I^Ze$t8w)e3%gf(>onLFD1sMtcK0k34UYW@MA`bcxJuOBIAYq}%t!tkk9upqGQ4kR6*8Ni^2aZ|;E&!E2HDgnL8DOA z1TP2JX+!}%r;7XcW_~148+Xu*@(TRX#_DlkQ*U1(s zYZe*={!Qu?2VGkxcLd-MYWs`9?)%FcDzuVZ6S`Ml8B)M@cWj?d*-Y}{&mIcY&HKov zGU!E2kh)RXxSjc-G<0T4A>SVlW{1$O`rHk+J<5qUzUs(-5H-J3?h$HFIMctiXR@^iQ&-c zhuv?#jKnsml|k6FX!3A-UIpIGVNPV70#cZf%i_NaWiCop@cA`sY8dT2$aFdUtVIQ` ztbdc~@AXUj6vwA?gu#-PVRa}mw29{%01||KI3ojKDLF~?MAJO}1XL5o?V%%Sy5rS3 zsl0(WmiZ}$wZZ$dYMH#b6noohH&(|MrW}=kvwPT8)FoJ%D{$#^`g1_K7gi>Kt5hWuFwC4VTErp$>#OVyT|zNGo3!ZdL0PY&1g0`8I+h5M zGD?EPp3u}81H%~8ne#}4?64(M0QKGVHQQ_(*hV7Hbq1-0mRG)< zqJMvMZ1vk5;JG^7ooV(y?HQV!nWo5ilE++Mp&~qB=-;BxUhnTR$RGYVl_(auvC9vLdao;2 z=dt657+&}N(&sOpL^KeiHXRBtisW1+szay+Du#Bt}6&2gUg4*3q|6FWz zaC=-3xu366e#k2-TJ(HU)}Hx{)><+TFu;d`M*4~9?fK;#6shkYc`-MTOg^e3{f9Q$M1?t7=t-o5PQ)yq1?*4IYghHnu|@7y;)7JtPlmTVaVUkm*|MAn`S8|_BItRi{65Ef5^2`d2X5wu6xQ3_s+%OP#T4~9)0mm zb@GMkTFrw|Z`r)62F4D!ovq=7e}#f`evMCEPKR$iKR2j@b;|{gN@;_Ea*sar$H0;T8*92uNv*#w zp#ck`zL~Q?vB@b^2=`4A$C}z$2IPZmp-R3Y-4^Sf0#11TS`URWg&qL*T4E@#XT>j- zFR5{uoiCiQ@%BBupksD&&Qn!Q-tN}4gJ*uMMX*USmGvK#fbJbhUeXCSJs;AEx`=O| z$Plu+*c_RE;zacb(;`=_U+c7Vin_aPfTs1`h;=n!C=4F?R+j3;hz#j)ktTDvv>Qee z&s&vdJNa)hzWFs{>?{bdJgJLezo91$(ucjcf{%OceBCGC&U32OE>_5mQ#y(X5qfpQESCPpI=H&*^Aw z-P5W0ZsXSu>q|b{SB|jDpC##wB}VcupS$ITs}SQ40;D(05Jc1d=9j+^>z4t1j0RxM zJ}IO(8`Bbfq=$a4GL7y21l$SjVm~wjSag-5IhT;?2BAARgx4>9e#m97H&#HER}yw7 z3LZk~@0$zUZ54jyPvJ6ZC*k)D7qoRVPR?HRG(!zUxIwa*07H;GvtDOR`u1~i* znYM8T)2Ua|Y%z2V42UnUtbF0*#BQ=#0_bwr)z>FM;V}d)Q?0D5IB$!C*WHPTkjlgg ze~!F2=fNz7TUD%zHJN`t^TxC8+HiIv)s13e7@cv{3$w8J6F!6-|DRD}}`E-DZFLhCS`1hXQ1w+vOxBmG=1`HSXVVIE5Y=ycmD)yLWjLrGWuQ zwUriVIDUkdM`3NU5&b2lH>|a$!;Mk!kxde7hwXjRwIJoV;$&m^?w?`pId9j4SRNc~ ztq`7Fbc&QhhJ)nh%Vgz`n}Pf58EYnK!#1r?o#h4O%*2&?;S`R5l&K77GRfLOS<CYP9S)XVvKuwODB(duSlx1M$ZSw4k8ej$pw?(wf%eho8V@+<~0 z+qmM>)t^(cuieoc#&XS@uNDQcr<3@kJE;7;G+h!igJMe6&_0e`D zB4HQF5$>eoB~mLEo9tIFS{sWQDc1{x{pVg59F!kp{^6@dYBiN{;?}0gXLe+N5zeY0SD}=x6aagut=-Um>Zci z6eYf#z5!oR*;;6CJe84R^ZN*Li8+kbeL`$8p79?}k#-bHh`GtkxN;aQ0{la+gNd)InJ`X7 z{_l`&PBZ*qcT%a)=5YV+&7&ex8YKoUM`a*YTR;6PYjd42#Et?|^AukA=MH-sikn{n z?nM6Yl%IZu^Cv8hLJ`cDM=Ubm^*5U7)(3Q9(2z+lw~3-)3D0q{`k+C<+(q>%7S?rH zYWINa#2VceNidq+Sr?Dn`>vemI~gRrcs{i*9vK}^*DL3eRk@Vsmzr_w@62|YI&EzU zHR5ojYV^wafi!^|z-$BqgwgBUO^*?#`_-ed{N@9cIi(^FM1yEZ9Yt-!UfG>@e&)8J z^;t_liQ1?)TIMz!g({};(wdF=GLse^RjPprZ5<@hV6poC?;bRQs_Zo|7%;~B9D34F zFrhCZ4m*I9<`_dCcdtBP?M?-$X8zPB(p|tgrmarFV<9&3_AwVM6z?~2mC&C|9uX8> zwS?hQTH&N+gos#Z|J;f}0YkH~rfpd(72f7kUA6o`M?%m8u>Uj$&|~#RvR-=;yHw)( z_f(1s76EJMH&k+GwlXuL%io)S&ggo)$^O{Mml9l^{spcq4V*zuUCk6?mI9*z<>d&bLP+ z)f%4KdowX(`9`3OL)3ZK@Q+cm^wZN=N$H(TGo(1tb`H{y1RT>G`}{zoxleuvjDWI; z28A!wzqbGIVF#Jj3!=)xbfXqV45BlGb|KPqDk6~s;{T zFL4rrEapz(ljl_MOh`P2iw9%yX_SIm@3`2RflGJ_9*s|RDGKpa`AOLdg68?3lqJkB z+;DCo*<|H8taRY6rEYW2#YJzkkB2>C;IYWqFm-XjyC9V;(e~QHN<2?StJO|Nrzw}p z_Wn`5=`26c`z~nu!yM06pc2kEL*UJpUjZ<&%q^o8aIafuaF6lw%BKoM*rdB(ZKj9aU8}iiVo<7Qg=g>nlilLk#YQ@%IcU84 zRN1!}44l_7l-ChTo~@||z{rR^w9K;FokIjt-d!Qa=~|3^!H%MYL%8AzzOO&)!TQe> z8+m2yaswDzrW~e>`jPt!^ToreowzD(JIjonwdUj2ah~=&F#hwZT&NbXrjBnoI1nKe%d%aUX zR_l@y6~@I`FRBk_Duj!f(dEt5UOv3~loMVJG(s_{ZdmWz8;fbb2&Iy+5(VV}+2Yhg z$Wo*_x0xteSQC0!zId-6I^J}F7#vUJZT&DwG8C-%7$g{jEbQva@iRGjUsR^B4g)epCqUD1R3%2n27UfZd{6`YTQLNcpPd;QO3iWFuYIny7ue=AL-F5i!`_N@ zU8J2Sjkr%1?BC29&4;Kw5KM0}ruGLL0dLwXlmi*_4a;cteB%1kgzN{0qH>glcu0&# zrGhKt{eEXny5mKznDXM+g0_0$<~H3mU^x_sqeP=;9Z>F*)YI#Ak>`(MQMddJF!#_} zkTEykMXW%=VT%G=1Jx3;ECDh?t#l%|C+VbDi#J77xOH_@>Xm9qy2y^s&Z1jge%E(% ziv63LBrOhGLr=Gd*J}>lJKzSO^OzD64jElM*q)&3PURZ<&0hKG*TH^Q8u*7TzB=-f z&%Ei!7wf)>x)IT|XO6IYaNmzUM^r^%sINI>)(}$NBA)TdtyG+epW!@Y^x&Oe`AQ$3 zX4c?GT`FOQ_dq`r!}k(NUO0B8p2Qj@+$7v9Uv)Nq!_?TF+tk?`u|!Uyxv~;BUs;)! ztqd%d#9V(ud@B_XO?+hxm9BJS?6oW7#GAAYR6e6=^vbE0f(JQRBz`#n9!(E;v0`%k zznc}}s8AvQK=Z1DYk*MCx8*Z_urF zO-Y&dC{^eZmc-IB9l!sey_IlT7cvyAL0suVbU)0jc{{$8gU`vIh z{>2NCdwW*yeNTCJcKUetYcpTf1>0_}HrY4_ae!kLU8yPk)!ABBDunbD&$5tIg>tvn zJiP8+*ypxOf*h9fVd1}-_{@%U(})xrhoD7|yn1ZIhuShE{6s$@*$#yvZ!+ zF^w%OBIf7ScvwWn`-g@kQPk?73l~Dc5Uh2O4=z4F{!If$YCP14J=bU3w4$%8JqImu zp2Zn#S_&lNN1_ zz>RwP^L1n7W9laZx)4Oj=UzvQ-4bWm`H72%f(}X3T zM}}6BRuH|1GowZ%B`U(}EMwC9mUnc)n7|q?A-n)KHR_*5r^v|Be;?@vs%Lc-v*NTf z%7SMOluMOon25ufdOWjMB3*vqot0jDQsG@{Qu;(X1tiQg)@~VH5M*Bo-rnNzVugB; zFhp;?I&}$ZWUGq!7?OtET3;Z|*9CB0#{Y8m%W|s=q-P`pjW#emOhHG7FdR>;+GV_P zc7DE6PhT>LzaXFBOCD1BXC^be`CRO*)y2=P3a7dSx!?3q{kVc71x)Ue;r;v%7KQyrz)_9`VGz;LKPfXUKqJf*{R1 z{t{nk+(AZ*bf?LPSf&PCPidCSR`v`E(P@mKn2B<2#SMo1k^wI8Am3j^sQJ7N#vsW6 z9f=B_eF?3B$5R@xGRZX6ek(VSFx7wfSi745c#|(+=Is1^%CPuoG`Crpcf; zlwrRTZyp6L%5?Lb>GB-fV3U2h;YUEmZN-RyFVTFk#hlmlj!7Yo$e+>>>5O(G;=y*{ zwUQibSTM(CP})-UrmL@1uPOw)Y8|b&vFqvU??akDUTlatJ2$M)3TtVlvr(dF45249 zDtlL?>+B@m_#X$bmiEx5Rm(+KmCuMBGe@fzN8EZU5x|sWB}lp%mTVz`V|kd&F*7cO^W;Uh#oWm-9enaih&Rcbc3*Bq6o|i)}gVMg0JFQ5aG%@4DH3NLH z!8wvj&Vq7_il%n<%NG9w{{M{?BX|r(A}aB3fwUpsyDLm!*i*C+&P6P{9@ruQ53}9V zcqggBLFt?Ep)FD_X{=8z6sz?QA#T9vS|VF%d|zdO!4aD)`=lBDZX_Me{V^%a@*H9a z*8q)axe6N(vnqwH!@ISeE|&|Om{}^S*$_(Wk)=;vCo&^ z&+9?w++}x&aT_`X^|OX4Df;wvN{yT6ENF9^j^6^_+%{Jm{nr(at2!^Xx)Z=L?ROAF znPQ$KSUDi^yHn<{oc;vvkM(}MZGF(HVkA|lfu8C8)EJ1fN8bhm9<~ls1sgP~k?a1B z18dq+tgTA*5*oK3I1GK%ni^LvqM~aA)C4k6vBD0kZia8wX>B&MnP10?!ER7@+K}?} zQ1>Xlh}gOm9EK5Ab$oTm?g9*4hTtvU)8YRTXmu9%3(*@eJj2Q^B#>57r&d% zeupsCB$bje7J*v9=e~dY+S#qnl{k*?*TJFwd@K8TD$6MJDX=q(K2Ca0hvS&~E zs^@i6Yw0557!McC0DD&lxNDyq;>1&7S~WqPf&o9wI|Jef`@6R!S=f4CCeZ zy!r&rP$umpz`Bp5y}EEC({!;kCXZIW7+hEHS2o>*`nvrBRa@UD8MF8%2!Pz}OgYco zosP0>4ZvI_UFB#4ec`$8VAa=mOT-NpQH=(vi{YQ*)6|=ZU`lge?$LKYvQoo0;746a z0-N#1TK(O9#3%;vDa)sii5s?Q>F)5IL)yRwk}mh9od5d2s4Q)6SVXN*?lYZkIOJDz z6P>Bja>FtbA|HhT-|lDlm*Y>agca(f+F|$+d^`Ouc@ZGC+VNsN(KF)wrWny5Inz%VI00yI|A_{ppsEIA}~f0admoK_?9mmTFu`AOmD38b&$q*BY1*y+>VLXy>y zqf6v*yR9BOFU4&6%wDKNU4I}@yS=p9-B8K<5^UNx*6JK(0y@DJSo3MhlBQcuu-6+h z97!?hUq}Z=p=d00Ek|~QQ|c+vY3vD$_A^7gFe`mGgPLKx{?MgY7SoW2$44VjN-b!} ze$wN@g@}j5FRn&P&^i=mQY^BOh|W~R4VkZ?s+pnZm<*bD&ZdN#6%WD&lk<)9x%YNu zR2NGa8sUeT*%w}3f(R7iz6^GY#LUcSohIu7zn6!rn;X#>9L7Cka<(*zO1OZrKFLAj zFU*E^I*lsNBLo@5iL>j!$1|fCmFf9aqQh)#H@$}&`4xCeZ2;zs69NV%o7N^@jFTUg zOQuPh-vMgBSTaI~JJ40U-$zHhVh^hz!PULg)1+p+XK~!DO&Ey*A_5XDM??wSr~kyU z-h#}02s5H%Yt)5t2j!OrvlgoSe*`K*`hSURYX^L?*=6ub}Ypf0?kwfkD!|^fSu21MeJ2O>W&#~FDpKrM+7g0q* z2EaWcpE~~;{@5ID?YRkq@ce$R8yMnp-uS*%9zjdnJu8p141uRoxI#2^JF>*VAqc-i zhC#x1RyYq6vW{2>%^(>5XW z)2)ky`mqpnoZ8Rrczh~rnZXDbs+*xUl)gSdJ7qFPMr6%eJrOlEEOH8pr1bPiDH1Q} zi7c)(UCe)yTp}VOC6KqvUz=Mouu?qgfS`)4TD^BGLwFCx%BeS?UAjtia{v5kaewTNp5w{ z7I~qGl^{VA_@z*X zGfR&>ohEgM!_iUb#kJZ}e^h_|9gWrEejRPF4HT+OlQ6CzK~!Ela!+c$4+4K(fUp_U zS84=>4At+02Q_wKXGNn0C*w-E#hMz8b!jtm#7b!SM~YamF~@CT_hCK6AL z6Mk6vp;+YMq(WUjFJ~62$SH8z!D7W?>mT5?YSAG#{P1JqYnXJxN=V6EM6cL;JZ|R@ zQ~yKE(`oi3^$RTdxAFc+%}$Q)IUBs8$(7hhtbLc?Z3{rzJW#y)%qYCTXWch9!S0~* zjl<-Lg=aNu|q1dR^{afKQ%~zKFmsd{htOhxq=iB6#;|uZqxk9VvG}2Cf&aJ68 zMyR#td1uxMgzTTss`1j@d>SihvmT`kLeZfZi)?u$9$2S`azj<16tnBI1oW6-CxtQy zhzYj4;dKfVOLj?`)0%D&VsS{puX@x!sxuBHn>G^F$GG2Pba;I6jkgOVLSsc7{obyR1%QjzP|z5QsBOTMdZty% z(|#?`{oRynEW~TL3=R-}-itLOWSY?X>FW>KHPvEv(>!{PG1EQIB|{PskL=~VDvQI? z0w&;J+;LOak(cjT@q=A??;*Xra#VIN%l*&8z<)Bd87t%7I}X+DmJ-*NcdeP@N<9wJ z$ha?AbxxDwoikOKI$RTm)0TETf9=L1|6d!lo?Ghm%cSGwvh_;(>W2?ImjsGAjAV1g^wQDOSU`~ z8CsOeDjJEm23{{)OeU15t9+&Pv1ST|!3)mdsepYP7_b{xP;v3s<>lp`nHgn!<$V1P zcjp*La!=t#4q?UgiyVzF(S%W zi1uRz=Fdpj%sm2!`h5;;2OFJd#TOm>3f~|tav&B=*?7r{RO%Jcd_lKfU1ks@b`FJF zUPRwy%TGAa_oqr4ek+--(c4sGenSENp()M9rPW~TxD=sODfziDSg@5eIs9A0{)TR5 zf9bI06TYYb?MGb=(qT8s`Mzm|frPDe&nK`bC1_g``)?gb7fr`g_`K}w`cEwm`}RMz zxTBMkvS5Xtio3kjr3CF&4m(`Ynox8AxqnZ}%J9y+JQ-D!qWJW(F}yQkkEGDy9}rd> zW{7(7>-D{KzP~0ZlHU#wH#tfKs_oE2KUcmzFPhC_tQefK5gP@9NLKuxygR(mS68f~ zRn*NI@!omwqi1g+SDIqBqtKkW>yy_arKMx&t@n-TdVDm$AE^E-4hfnD%BF7#bmPxv z5YN^&zKcvtUVN>O1n^T#_XUFPSZe_*AudO;PeM%7^C-kE$RTiyV&R5l?y;`3zFe9_ z!ICKbqFGVP=*y^a`$j?U=`pnM`hP;6N7Y6Y#7As}#+S1oULFLlqKDZXZOVs!%U*N) ztl*PQ9v5UR&YS(TTzXV)@yFYk!*_4_81Td?ziue90{?1M%TieD1avIOs47 z;RP2I(L;VzA2V;$##?O{@zujo?zWys`WUn?fRaa-qh*b-fcV#-%VrWO?>Xh=)*boA z=A^}^9=ca&K`09kJ29<7_D(7HS?I?3%UG@#zOn9{IuCTJN%$cl6TZh2BrbIX6#B6v zZWU@`*_R(LcgE>HS};rR4t;BbDEMhiWWE+GM2Dd=r@4`!pzfXOpE#JsPjSw3SdjkX zc4WSM1d6d>U-RTN^;XO<;8td+I&0=`xdX0+Yf7omlLr#{*^BYScdM>ZcO*iLKvUS+ zzydoU@uOKjg6x~Wa5cY1hGYh*x$R&Y=yabrFKW2nS`&-lkR(qy%fO*eu$*h?eV+Ei zsZ=R~xgQa;rQq_XlH92YKlKcQqD9ENi5dfVH1}ud>q8Lhv|6T~kwP2nGY?ClP3c9~Kt7 z;6aO#k&(outn#x#a-S)#5xsWoM>h&Y`ie^8=b~p#9D_vDDURZ}#D_Gt@7P-4nwnT| zmO#?fX=xa-g?{v!9zj<7nN@>)_TAHg%^ogCBfKV+Mz{&uT|h?b=*@&-9wIqOS-M#h z*~$moz0>AD3ecp@JOa5cFSUh6gG&R=xWPt%E9;F@E|39nO0&J8`#eJTmhQQkrUQp| zTp9mXVpqK8?lM0d8|xd_SDz`5)?cn)<~44K3P7&$K5(3GC2wYNUP5^kS_vv%|JASW z99gt_Ov=$aTwo5MVRzLUbeP5kz0W*5uWbb=6MG(rFQFY^ym!Tq$U8(0E&3)9Df*~t z0Dg}r(;rlYcR0Oek>C)C2A&<^I%mf|Kk$xWyd(=5=wpO%b)knnrY5c0`HDM`1b^F* z(~B4kakb%E!a->n(;b?tnjXA_bItjM8RLC|^*S{v+`fwPuzIh0U{(FeUxey{&;@{v zzs%PmRC?wP?o&ar9BWeqAxJP(T^j`*?yRt*D|#{x6xZ?&XVvd2@s^68LSA_9HXV;P z^*B}SLGk(Bl+cPr6EdJF_oLKeLfw)Y&UVFW?IhF_V(fI-QkS+_`EzrY`66-gqiRj5cjnP0PN1(w4X zP9I!2IC@B#Arh4bhCwo2NDT2gXe;-|j()E&R>P;OICCib;*v{=`_58R*Vr@yh@aup z@QMW}7jRKpZre{=oznGu)xk*Tz*&$-sx+z-mY^)zaws{aj+qRRm4t>b_Xb%y>o6fr zX#&6+2|spAVuv&HZ5t)__q3bAM>;WEKJ%dx??r4@;kx>e3iG9z_L#ip^HNAT2m4rpF$=wkN;6 z7Cgq@t|x6J1|D8JY>0M0&r8+&Nf2%GVBf~UB77g$q1xUgKJMOgeJyH1jYhyqM9lqY zKt3UOW3kFM$PZNNW*(d$l{76cdD>JO!n)8K@ebvQ4gRoc54(iH=Iva^ttm0%e@$Zp+BR`mZ0BXsW*RdR z<_HIwu$gV8H&r`zTyNNO61+@skkBZR!(C6!&2}Qn4pS)!yg0-HetIr5!xis}Mx->i z$UX`0a=q)Dhixw~N*ZUrUsImTE^%#!mNk}zpb(`!wtWAH@UWi!Xk>i?H|B>xC7qQu zZ23j+h)}n12=L$JXX>-=vcSH%%FOuqRBsP}iSJiLVb{-VI=u1k8(UJDnk?j#|7d=n z(K~4o2%{FE#q)*bv>f1(fsD&()EQ3Y8giMjpb|r{Cr=!ffbNb^;G_>o8xAg=x;rA0lLQ@+wEA)X*a{ z4P_r;y5qRrnPrcAm-=RdX&69MYJ!vEHC?GiJt>VsckwfoPlX%wB+5$53Ocx6LI8`I&FV*6wRTKSST!74ub%X2ZeR8Wi#_`hZjj>CV&DZ1f zmeg7(o3SNn)>*gNBNf>(u(FDi3%psrn=YPMwV@kvM;os6?NYulOPK+PxEKJbb8C%uI-Aa2KxcVHgq5R?zP&0=+VM*U7o5}6mlOS{D?ToJVH zAx%^2#`=0hzLWO*=+`!fBuuzTXY*@PJ;4OBigji;2LfSBSJdLDmOfbV?za)Vv8LAq zR5|i;#%!&J(1H$j>g*BWSCq9@=SW4`n%)pc8;+V8@?QauuQ}UmKf?4hnNM!Nob_`sFRdEYQFdf*0BUv__zDs}z#Doo3YXZph2_d5xK`%hT~zP{?N z4=Tf|049uvn6~>{<^eM6azkKZjbz``ZX`EJSe53kBR4OKW(kx2GtGx@s-0fG8N|7# z*>vQ(S4Gj)y;4AR^skW9L?=9~9yk&y0c?^ei+LxhDvxVXLLNE)VnPgl!qxVLBlar9m%RyI^`FPGg;4`Da2nsQ8zC;X8TT>+fr?MZ$HM z?71?NLM6sS{IWL3g6R+!5jU%gjm!-GpPuRaOq?qbI%W`M#**>K)T0BjtvMt#;37Bn~^% zJH&mh5u$8IFx8uAyP$XRf~->0v>s{d@b%0Bc3_dyh#VQk$24R8nOQs%Ee3KdLeP-{A^(i{P<8PT9||lBaqH=HVE0zaJK^$ zcAVQj-To}q`sG8!i|0jGL%ZkOINb+?Eo0UAzLHPldw!gt&cq9IcYg$jXc_QJ49K-( zeV37hX>jdB61VTqNe;LhTFw#tOZB5rkFTBA7vCV=6RSwmp|5;Ba|96>>)S1eyOp#z-;t^F2CH*bh9BB;jS-oAqNRJe@T6yfnfC^)9LMM zKPbv^DIt}`od~D78~ASux4GxG{8vZSN*q?y{QHyCjrbY-Sy{3EE?712uM52H6unHB zTM79LI>c@lLbfXl)&Ir%V^XBJA0^&Sx4=!xg2TU(Hq&r37GG$Qi&0CM&p^haXgyY_ z+J4Rkiyth5ku|{nA&~3rS?LZCLLuTNgF{$vbAd|`dgpF;Kabu7`G98=446g?SHS}o zYJe2n{6exoyw?}<`9o9jJaJXDuibxeFq9Bl_N~LDRxO_^o4r3LG$wkB8*?3_hCm(_ zs2~Vg1zV+X)ahjTF1K*gy^32isDKdiC$ zd{xg#y*{1j%WTq~7r|u;#$jMD&QI}4e0kK!Bx%d9`)NVo|n1m77@`{9kPA6!?z2KLY8OaM2~R4MBlEx>9sTSkREa9 zHdS0Zz)Sc0u}fNt!u~ZSU%Z>H^IRr|`| z7=~1pUGITFH!TX>hXt%5A-)x*pqAKIQm>9H01QXi-o3RvbHk@Prji54HQMF+ z^%zeaPJ+9H;O;KLg1bAx-Q9x(f;$9vhXf1m5D4z> z+GryUG;*8d-S_N$?iu6ze&1U^RrAHH1vPC< zA`2AEay&JLuUd?118J8S@(I9{SF>|giPGd?{|(?XwV6Sgfei_8 zBZy^2FyWE!Y?5iT$S_6yYfO!0gc|F7rbd z6%HA1v1TBqR}9qjhA55)Q@G|7L5j+AqmGxquGC`kuw}w1sM!urKsqD!^o(xgR?*%u zScr<{!_rNj$#O-k$tLnNCWqzg82RHuxdPd@M4V<#V_eE}9m?rA z47q|gNLI6frEDLirMnKNOCTPlKEn%@664-5M;Dh5;G2`lVtGQf3Jv*F8NxpaDG@^| z>Pcc+b+6}>6<@qHrEHG2D}nQ6kQM%=eG9r-{rh|)ko{&15XzJa z1sdP?omb2lw~%r^Eg~Jd6S;pnXVgqaZ%}b=lusy5uV>#UHIp0Lt>W#KzpL6}P!%%a zzhdytu}oDC$OK3uXHkuoSd0Y=U%uzLOI`>w-2bK)b{Rh%Yz409@=fwvJ*=1>jt~Gn zfkT7t=tc~UwCfLze8=`ihG|?@g%W<`wsN4aK57mD(-i{N)0!$lPY)C&Kk8B7rZa^` z>y{25SG`7RisU=Jm#Zcot&e#aOag3DJe0;f_FbH-ZSf5)b*4e%HPeM&px>`=W%2Vq zBr;w5YqkdLeH<)eqsw7m-*02^d-9&3GV3e)HcDA|2tM3%;yWdtE`-Xm%hxW(bxskd zqja_c6|AvZaE#J)+6~;0eK((+oa9~iy_6qYs55o(zCKE3_r5y#R?~4$w|~6&gBOB1 zA67H_pa+Izne0M9X}c?JUhGm;8v78}0ew!2a2*+fi1^fYP1$?TWCd4^Jp~Q1O_i7;}2e}mWNCM+rD&+ zzwNWvjo2&xz+}|Lsku5W_V7)UVeKjdZj8ocDRV}eonfNSt=N_ksYc0Nl;Fx z10X!Bw!~-sPz$i^c#tea;MFJi;Udw!y{AAlhfpmB&DRTpv#WrS-&|YPmT{=SI9Jts zT8|4;sL~5M8CGK2^=!%b7VvbGSW)X*!InE>nPC-)3-(A!k>$J5AYo2>V#}|!wn<_W z`Sf@+SA}e0VZp=8n+K_!cRSzt6w0LEGE{{ua9^q*^uH@z{+;qUsW(NPdX||~ zZ60SNkR@QURGD%&arg*cY)`Ix;5joAf+?L%iA|mnxg0zt^Sr?6o3jZ`L2Hy2zJ@XP zcgA2`zkB7tH>*_4E)F+1mgVU4ENP3h6vnu3PbNqSbJR&$OY6vG?t3X*DriCBm``tg z7#90!z-T`987`YN!k`K%volP7Tf>u$3vW39jGBqAFX|mbfS$CT=F-e=j^>Bu6Z?v} zZ4JiGI?`cABohr4qhXsH_UslPVT;|7nw?Nn@i~UEV&7P@>v>~lU%vSWPHd(sE4o0~ zuKSeTscXc+RKWuw>*U=^_u@MDHrdL>o@|v7eJpz$s^jiE|HYqhhR?;4O{b$pR-@X* zKW*%C66d~BzB zeUqaV7f&ndx0g?sX`Ng8uGK}pqRx!IjQ)2Og7-1*{oBLMdh<`=$@~QqeV-rIjf5Ie zFDxI%7aj+NZ0`U#wiV`N)@L=hM+G?-3kTh`!dJrWuDK9M$x_qv<6EimkJA<nM zRVx|29m-NXvVaE8TW;GWZzS%smAT6KMly!1ABdSG(%^nsTbp0$>bLVlyUlT)Fx(C> zsftfwjP#vdOD<@h+aVqsi_(k1bl56SE5Wq|m=Q8nLEtiQ9ep)iOFc_tcJT=z#AkFJ ze}AyUR1{q$x=`;$7-P^L`t{1TFbBPN%rLn2T<^oJ5apXN*GjIIkam8Mv4tbvmV-GZ z{Ud|FeiLlY!z}SzgWI>pC6{NAov@;AdqRltA~Rrca_C2d<}%r%EyfdQ=<*;}(7={x zf(-0Y`RGqd@rKaks?h0RM&z!N1~t3SbU&cKV?97BE{UYv++xF|ujbZdpsAG873=6h zlUa~vWWh3yd#dvuOVp_;S7TjeYNBMpxf?C}$G&NBl%B641eeRMhPoV5)oG{f4>RR- zLqErm9$s@AJy6et;G|@cxxl4F?hg<;UTcS;F62RNedaC%sdBD7vJut`;m#{58hBaemnmA-DYo zgh|2C%}oL@SEXE`!T7QRrnDU!i9iv%VoCQ^EU&el_b z9Gu4|mq3<33$y)_4J0MJ0!WbjvQIO>*QoxJCRfS>NnbLa0{O>GW@ef^S%ge}Z(&n0 zzWhwzmi?>C!O%Z!T;nN_anNp)*9B^?%~C9H&Kh;H$dJ_ayZk^=M99M3GRZNYE7C_d z{@$}k^oxrL1y8xoPp#?Q(D`w$vav$vj?E!Io>xOwTS3P2hVvKA08573TXl}kHUwd! zDf$VUb)gZ#*?bx#aw_;PbM+SgMC$rlHd)(aio1j(^>#R zH5`%%Arej;-U2*7C`;r)5W)3i8AhKNV2K3EY?Es&)!s(R?{V96>*V$Bls%!?}nyG+qxsM3^?Oc zAbup~_aN>otE8UvIAUm>{x;JQEDP;u2)Z9ZB?5vuLj#3^Udo z@~35dz*RnU+jv+KXYd4g3FK96cC^%^)@1ije%Rs;n77?GUrQ4J348v?I^|pFU2KOb zACSES`w8DXCI@k4`%N@_sVfJ{uX39+RK#U+Rd3%KTXm363Gut)aGzx6*Ti!3aZJhC zP7h%-3z>#|KG^1QRLa<&#Ov~6fnbtCbmHMa#&yAPwnQ6qRZvp}H=DRtnMCbsF#3i! zK`#1`aIxvNt)s}jy)#%jjq^LB>y`o%C_-?_)rTauWN^FZxp3PPB>Js+4x`h;Ntu46(jvJ`%DE5ul}hg7K0ywvwz|k9ypg zWFUN&27pFRAEzF~39KRw3QA1!YJR*PWR7>ks6v>j&_pNZcmG^cQnJz_5>3FlgDYAGi(! zF7yy7hTgJb7*>ZQcD3P>m-q4Co0=DkR$#3` z8X`qf_f=~S0iA@5pP$g|`o67l{`OEen!Gm8Jc*N}6Ku)hQR zf8AHbGBM(Z%(##>I$Wn}0D?7hgcLDuZf^dUK*`9-ea^}vR#8<|Zgsa?SX$~C7=Vuz zFu|{@L?;mtad+oBU2BhmFzfLAhY)Ji7__VC7ntiU#CEwYJKnCieJX`guY$Ln|4I4~ z=9OzEZ$_cNIFH$3PnGgnlKi?lt%G$1;eOlh%)Iu8a&f!_dG49-v85mp0LMEoo~S8h4(gXhK$U9Ck`Y!c)uAk(FY zIQFDy9s0EflND0itHe!{8p5$OVk+Vo(Ef-LpW38jRSeXd@Y@E*KX+Cr+{?6n zj=LtTJv{JwSM>4j>oATypLh58IIcZvvXyIEmLb8LpE%5ZSmh|vZ5A7#y0MI>9qCF` z6tN-0)SUdD{G9*%4H?(8wqf)#d_u?xl0vAOdQAF(&}OXsokA6092uWD0H@Cs=f{z{T3u7&ylFcvA2%!ahdEBDvr#2>y`k`O-0l^ zo*cnmuw)y0IZve1dVagPo{!ScjszgiIQLh%nt;lPZ2+&K+~uX%h|Vy_Csw(R`M8?8 zRFhL)bXWr3YD$=JW1U(ab7VG3`p4y)nkkC^&B2>uQj zA@<2|Fot*gqFa%*`MU2pZ{LMNuu)`W$x8aW4}A8|qUXXxbH(n|5;e>H(=dzWdJzEp zB9F^)=j~&YYUyeNzYf5>X>Tue;GKlY<5TD4WBb|pU9%A0t*vQkxy-hz*hRJBs~$G% zp2hYkb1#ySzB)>&I_kbIAfAaeNtPdO`VoO8LsiHE*L{}hthnASf+OGrdE9(lD%5wYmlU0y#}lA0~+Y^_nQ!KLqM~@a{4n9 zh5>34*0y;5x3*|Pi+Dk@>F5(nrh%?mxxS?z^mK0@_kD=k4MUe3y2aZ43(&fCVKnRCQ2ftvRA!>!+i;k%E3C*X$AxodOO zv@!U?rZ#>zah#dd=&)l%N${jvFOxstsbNG(csJC7ek(NX=f0a0$v1vX(#I6CEQHm~ z#WHLnn|GAH&-M@HJ|syOLPH7ZKI;@E&mO`(Ez{gZfC^34V{D7kH$8>hi(OYsuHU!W z3X$b_vxeqV15W#I{61PfwGn2_C>0k0Er#2}?)fM@D*G#W>FWfK-hW5ttxlxy@5x4v z-rS?yeQdd_o#Evd4snmg^^cVm$2l-wE1^VAKU7yzWPTnxIa=xeS#ekj_7z6)P|nAa zYgeR3R`;IwD_-SJyCeEK&p9X2;>4_}t*y-qnTWiaH3p-+PFtVZQeKpx%Jk+NSy|bU zFHun=KfNx^V|1#MGCx_qYG(dKX>^s5zqu*oKya5KP@b#zE z`wwh>rQgiw`e?R4gZEuJ{8X1>Dd%^-4Ji%0#;0~p8QSLFKTt5}itgoQHzdrM26I|1 zX%>3X6#Tj$@`_oQhXW#-&hS!eSOd!x(M#yIzkVEBY&AAifYeo0qBnOLvyAuf^W~w| z$ERXv@8me@Be1$NNCnE8X#sN1zeV$#x=dZCQ0r&-=W_U+DPE@xzPbcjnpW>TJjB#L zo!O2w+1VebQ;(Wj20g~zj@WuV3?jG%sBZTmSqVvG!9)zbO9t|BO0^i^(TrWIkQ_9< z+h1mWrUc;*35W7;^5#SWpdW3b!0EgJ!(JO;USUIxf!Dx>&m8NADkMdjX9mgDvi-i1 zL#_75x-|OXmSc(r^a}K**hO(UnGL52&7*G%$2&*wRG+_@4@LX&s`mRLSArGpGTJtP zwDT@CqhpJBsw_1%wZ8>wM!+i*UP|dg&z@@t+H5~gb>CTNL?;Xa3=JReip<+iubgz( zQwOl+sCiS1wqS9 zl0ps}yE-CAzb>U!1~%XAoFNKp=H69l{s=mx2lCx=0+bb`g-CF%MNe^-G%t~ZL(|03ZS5!kD z*RzwRs49u(+eeK7?6}aOQ5%f4Qc`#iRmpfa8MOYUWwyyjb<%nzN$f)z8t6jb@{^%h z*46gXy(Pk2un{`Pq(e%lnTIF8On~CxMzHzUFy1>erx}lafY7K>Nt1v(Q-^0oV$uom ztS*UPQIb?eto`89t@Tvn#pEJa6DB?m)uY>>(b>atZhScIO5rve1Dyu`2XQr>LLvYw zZrjrug{=V|msl{WE9zI3Uj{`Aia&|+|kHEm8%*VfM<2PRowb7ZzA<HZ%v4d5RWJJ%hK z1oM7-E8J<9e^#x3sq;ARRUcmot!GIjgJO2vw;Rt7h0{-WX5~22h~t@2 z)2F{&QBRRW%o25Xw}~Oq!&yGUP!`UO)1!Qj*s6kR_7z>(fakA0_@ilTrkYZnpAfX` zTTsuFrZQ!-s5%j=%yUI_R|g5`{UpC3_XK0)j!To)oAIL1yT1i@ECwFTePCHBC>4A5 z%Ky+rZm=6O--d+q#4g1d|7*4;#5<##0&j>}Hkt7#BjF@jh9oP{kUQ*GC^>@1oM0Ek zX-xSy~{7DZdS@E##Kp|2Xoin5Rml3K2>V)`=NMVeGFFtO?6l@gmrL#y1VdZwe6}pN8jXt>(1a&ioO_6Iy zeXT{+a&CJM|MiM(8?H&^65wM0LQ+H*^ZPPF0Ac3j*!Dcs5(*wTGUY~mVe%w_1O zz*nOV#oX>z1B1)0Ohb+|c|ZGJO3I|>YOud7LWGne|9eta(G}j*t7vg0kz+Uc+CW#q zi>9P;Li*ca>g+h1^e3=$u(_7zgFC}w%Il_hzfF^yp9A#|E55_N#00t3=HhurjUI{f z{J^%gd$U2Zht4U(RCCL6e3(KBa)v2saxWXRgEs%&H~B@vOpK^G00O~Tx%=lgOop>4 zsn}}>$*dnhjFxb?m?&=uLpnK~xPGcUN5)NsGA?my2CMzx4EXBZ2Bjktu=U1Gmnj#h z)aDbNFYOi1)5KBPYXp@qv$?rivTvhKwth{0HeI#&q5YKo>Scy$g#TkOf4U~wdBys? z(ytkwcrGS_)qyr*BeL{Hy?*y4I0GnrqKEdG4UB4aF{tgDm7RKaQ&Ma?{v0Ez$ZO>t z>7A}bF^}o5g!TR`#(parR=b%&oJ0_X^V{Z{atYVcQ8k{BoD6e#imAC0ii$+WuZ}N6 zZaL&+-w9S8eJAEb?6fX)JGz$MQQtdkz&pevgDk)kk~ z+fhp@YY{y-;)k$Z)X~dgIVba3uenOjQrsOU!KCO+UgrxUgeK>zh%H81aPaBMbi$Gp>f^myWJ+~E{9da9eS+_CaHtJpe76NReZCtSnoHqmw zwT?wbi56Z-VI?REl6=;FD`_)U)lsm?EsVJNE8|z?mu_&bIHr~{{T2d>^^8{1RpJ!M zSqL2qC5SQZR308JK4y`HA*~5Qke*Rj7Ej1>xlB{a7u#jC1k=)y=^iDb#o+W6Ss^Kj;jbT@lt8(vE`jo_Zt!!gPl7 zc|}q`r{jEvesz6l-xL8@oUMp1qvNGWVJ! zsjBW)G1387PltAlAB5@4tJbC4{2uvo+)WQBU^|%gGK4dtau3>pl=jPgsTeyjY`dgmyn zaj2)G3pHY<;*np-6SeUj9SmQ#cV&bxKbPqAn;54<{Qt*B7XrvqvwG8J~dC zaK$a?%Q!IldLX)3pL2h1pMZkagx|c~&hiOcD{udLz*0@T-dZl$V6+@!@UtMbIs}E_ zc4)D|GUkVzpCXQS5MC*>BrL^>ZeV4RnP+M^g6fmqH84_O0Yz}Mc2&BBc_>PEwB7BJ z$}^mk6x^gZS^P`nP@AGT#%ZpVfSk;TQfQwv(4hzAd6cXF_sg5$);tTWHpM0xGoMw9 zEf*Gpc`f1>A0?#4tH0enrdKfrPid{iD9-d<^HvYtwaIqaYa31yxn~brYe?+)5F^Rq z3bdeFmwUEKLl_9H^cQ1!A*3NOau&DaglMV0qq>>-1i8;|3Q`h_mE!A8B}(#bw#Pc6 zhulcJ0#z#;KT}Mb@pRyo8Dea6G1+FKKf9$)lqRA-tY=34 zJiE>J8DaPw@JPOQJn!>589y{IRzkj`mvuE9yp}-)$J`hEfpgLVNa)C3RNGO_uRRp^ zq<2e6q%f^%w0g{X4kAQ*zEG_@K7sJs7wLfnJ} zj--3g+IskoXr-)m_k^Hz=RtgRXQV?5_X}^R0DEZ(35k{B?Pfk{lr?+>Z`}sKBn|wCfv|+s7@$v$0{< zJx^FqwZqW}y{Iz6#L2lcI}}GH$&7M2po>202A3A!`WKh%m5*Lmsq4m&)SVgiL9&hM zjfaLH^L6nw*LF^Bj<<}hcP3L`%cdGHgLHd8*{1WO(-&Mq1K8L&(|s1!wAvbdiJ{k2 z{kPi{&jDKC;l|aRhqU%P6kbrHtFFYQEahI5aX1SBRSsm+InCoVT(~ z2YhcUXUP4nOj|3BT*=(6wWF8IoBNq@G1m<+-g(X|TG9ky{r!Mpu}=JKZ@t4=XU9Rn zok0e`4QBNsiLFdDJ+;>Clt*sa{cZJ`Z?K#Hm;`Ql9*`0#*N+qP$xtHSzY~9fV+1++ z%D~(Fb5(bt+x}#a1MA!6upE&Uz$-l1BQVel&^l0pU``UhV=`N%i*>C{f&`6Rn(llU~3kYu5 zmpXoOhvxEY!y;c?t#h2EPJ1dxSkYUZwAfLr)MbTddflCN@0I3;g+rB(BwMd@^?2Oj zXpG@*37KpgW9f%NyIEsvf=-h|GqGx9UCcIaMeLUA-FXPAYg@v3ItkS#y#^e98E z>cd0Z&M_bAV7Q;SU2Y!Y^cS3nbv9C$r=ehw6g|edfuUz>OK$5p#&7*PltjMwMkC=P zb&AX%nlAleV6xTV>ve8=&+Vtyhx~Yw^6}M`)7=fm>DWejIH!=CxBcSG*f%@iAbP-4 zH~cpzqL?mhRn~z){T6s&7vRh&f!fnm%cP90Mk&K)~JW_g)QR4GS#Ch-eZ+ zR@f~a*Q|T(Q(D=59p+Z4D%6QdbM0a28CU7=b|0tI@1GpS@qRXu7{ z)&YHPeR50d0=oi$6A-)A6Kw!MP|;)br(|M2(gDbYTY0yg@~3{tA|{U)=i5Wj_lw!h zcRT?&U&>WuhO-U~uPxZVf9GtNjk3ZymZxzgsFJ&ex%KtnT6c(Ec2=%_^atJPp5Nb~ zSU>G6diiGIZ=SCcL?J(8J=I?}a*XFF6mRrnTkM=!?t^c`pL+uv_IKQ-4bd1)0a@ST zL*p}_Q&Nj2rJg^iP1*T+(I{t2qU6YT6#N!7-MW$ed5HlipuZmTv*me0zpoUEqTVMO z$x>+b4L644L{_5)@9UB4E z==;YTh!ea46pw3VU|zlf9A6#2_FDODR|mX8r)NZ7y2hs}N;bcY8JUh+$2uI?y-Z9a zcE+bo2PKz5T)TAmMRWOiQ9VZc>@b-)=s{6Idv&B$m1$+ro3z(I%c_Ew8*J^>b5DN(G${nPYv zlV9o96CXsKHh(enu(CG5Y7ibn3Mw9GRAGvf#}Th5VRd1AvS%eS!~%s{w)0uOd$d~o zrLEems+g!TF8ypl{(iIA{4?vdKC4$Df83i$MyX3{&6M;s!<5f@ttVhYjD0rvAbRTV zWu?4VFfs`c6F$^5X9P`w((jRgEao>w%q=$z5Svx2^*)=))+!=j^3e|o*H55SF4g;ik*R(^2DB;oYiKn`SfRac4BAY^ZJb~(s3y1kRO|-O+sAv*e9l>s+8-o7u{twE-;e~An z^PKD~hyCWYvT|K;93riI=ry@~v@+WU1q(;H`ut9i!iz~9qj(hMp2OQh#21(g}`%bzulyyK#e8pY- zKtPR~gfsm>&9ipEF@SVrQ+Bp5J*_WR(`CtPB!cyXYri@=FmL?vwzH@NgUGHq23mQd zi}kg3j}&wZV~!F%x;u?`;ewey6hf zPPTj(v3fL5(WtDqoOIZ)n}7tNvrIXI^UA<`+=eXJ6QR2U&`3nPlOhRq%9*&>d-zKJ z*jH9QU!aduXyli;Ddd|O!N{WVw7`4hr7MalC9nkbuAgZ%@3}$cNKAdYB*MR zr;iAp4ue!)ej2h?R7}^|0_|i|(YK@6&+=2lpI`l<0Q z>+4b_el;`bpq82;C!34=&t~T7+Z?V@vSM>%gfa%PD#;$&3`!MTsH}J2wOEmFA?KyN zN3W46gk+~iB-|hvOGVbN7tEV11U`W8idbzh8Rg#+^C*+}bKkb?$=(xiN$MUdK5$Zo z3S&nfM^#_T&9=^B(XFZc!echrM{!ZL$isa%{_p|k z&8;-p-gz>oR0+{ei;WdEc0H3ebUNMl>rK*wKr>7}H3Uvn_&$0lcI#=RAStOZS%g`3 z%aP{T@M^VF&WO?}x*V|Uq4)8D(4o%k>r+KQgI*y-;*)FR07AXv-CwueaqLIm9}xUTQttJ+F_H7&egJ+Psm?-PqCobEje>sbtwM>3!ze$! zh%cX{OqCeOm{ToLzl{Mq2I2p-om}WKBWE~gKOO>htuQ}s8W`f+DG|@SWrQtUO)<2_ zaRj{?i!ch#;54STHom$LBc;sBe1NWEUD+|Fo_QOhM!v}DL|+@=(u$k41MTf@C%Cg| zFaPxu;%wH&7R9d3V1Z+|$lK?OeMRYK?l4u=UgjycGG>DwxI>2mKCioch!3_-@AW`s z7hXNyPdvk0F80=eX_Ng)4@##4j9j2=XjHry`cg*GG&^U|&OOI+W0H;9dkQ+LN&aAr zGUsmk=cz`^ofn7Ley|H>1c%c8N7p{%LxO&|aY06T)$y_oFWM%T$(=IA7R#_@n*Fdh zkTseb8547J%8**%I>{WxdUke3F4Jmno3bw){>YB8|J;|haV$fOBjO+K{mUjj*nB%;|+7JU8TTU>iHa`m{A#F@KWvLa_6 z$I&s-t(!lQRZcVc<@7$w^SZpzr8Kq~k~}JaKOdzDDVJ(*5?FV%AiSpi#Q5P7GjwQP zd}p?U!ulZRC%sS;Hguj_FTu}CrGPnn(GR+tbs6f(ib17?%V`(7ZF-b#toiCtrlB{~ zt}Y^D`}%QLlh1k4SGp}J*LLp%-nU@GWYC*(_IbBWb&$l!S;n>^=OmW=WF1#uv)3`v ztxldh8#n7*0XAR$ds($q` ztan|SJGcEdfgOIR_p}JBRBX5V)G7xW%-uwIfTlcfQC9u9vk4_>6Ho=C=-^TMCZtY4 zi`kAU%;eYjeBRLvZuXMS(i2jDF|zk)1v13#qDKrr0}KZJSn7gizZ@}%crqp2+Jtzi z>qE6i)m8-f-Xl#d^%O-Hm@m9ajv{QS2=uGqCe!QOTcPg;HcC969=tElqonvwR%Q%! z>$xmn?`I0z0uV59zVi@1Y#~Pq0#IJ!2B(hUt`EZ*`tFDUEw>EL+menWSk63q-tOB4uwu$RLNB(# zdzqZ}lc2wRMTpSjiVQW&i|cx%5{yHOe6XTFOkZuf9ck1DfGZdtOharw-a*5K;S}2+ zZu=~sQzh={hA!vdkaU{*i=oJ+M!C6g0(HS;V-4btlBrCNIecGpGxLo-qEw8w34E1A z^FS-_Fh8dJ_Q2{D#97(}sc^&&;7!A9t1hekFOJ93S?iS+H{|(h{g9|qVCajIQ>pVm z<$!taV2(tX`JHb-egE;p33RIe>C>mKZc#O_yYo-wq+KBJfM9k_-0j)E zeUDF(B_8Lv6tiIHqF|0Vc2VVJ&ISI#-6($H`iM{P>fx^p#0#4!c=wD<0p*DM|@!X0I9oBxLCy!Frs#{G>H(W7z`Vxo!;A@zO>H+0Dc0kam&!XE)bOP&b8mI0v zGIFXTm%IV`s-a4LR>U`LvuI4woB$)s#bVb0Xk@>Py)jv=%CozZ^c63}d+^-1UCz|J z$65^7K!OYGCO|W zigZ}cEOMWPdIA0AGHc(&qZ4$EZsT(#C=C8#ABW4WS~v0CEC2)LG6D>(p8nF(7ce)) z5k-0oR>D1`?D`9H?tDPGe-AIO*S=v=eBtt))&$ygy!Q`FN<@vi?g(^7cvk-D0cBecQ)_ z>QOPu`K_YZLf6bpcq*&91+WDQ+XM=XQ1%yAyN1xv$aq77f(QGYSgsyn?#;EnnCGvl zF|Q|8!hT#lOqG?W;Bms!hxcLKCa0j#g-*PJ9EQB7>^2)#!k^OI(@de?9do7KxuSG$WM zSG)M<$s(xXhH4PXgV3BdzJT=-Bi zLbtYS81;x|tfm#1(MaHZZ2ol8^ zSpnmG;dy!}+*Z`r=c~?{-(g)cm4mE&PqG%dil^7RFVy$!kR%kl4vLc>e_8LNniUGe z$A{V_MMFvFGa$>MK?f3Nf>I98|KkP^s_}m*0Myl zvB0gBlEhsWP|NtaOYOt&b_bRxBDtOyXGO{jyMX{ESC8Vh1ktd9Iqf~ zD~}ð-F^S?yoWp5z8r!CrN95dVM^W3S_nnBax?`8VFHekz^job|p80TodBvv8|8 zxWl@xK;my7hw0Urp`pC%%d1eV7RqfWhJ={y^poevA!ZbtTHFFDg_4M^uCh}AXC|F< zZXmf?d`iE=Q4=1SPRs2^lc!!sndDvA#9Ig*>8pmBqJFY>JXri+UBkEBbY5E@1clNI z2R*yceOqJ}S`SBTAbh~Bq1ozh@v3(UzQBY_rLKt*HE5Od0%E}yUnd8Eg9WY z%XF;jk3I;@dGUjIune=Wu`sf4x>vYY+@_3Z#1t&@vYI$fJaTpdMCsBp4KpNKI+Gkw z-(uJsb^Oe74WN^a=}+hAI=Qm|&YRe}lVpWXZ*c;zJmB0 zJ$!;tS1X|>QpN$kRS_uB4tre&#aI_(;MKp#^`q!baszu-F1_6>zG{=(g$q^1<$pr} z4RH01P(<${W6|Kh1TtODbl*k$3JnzZn{J#GYE;*VVWuc)^1(k~Hmgu8iIo1~)*sAw ztt674&Aklrm+Ku@Lgfc7kJYB2d z*$~o5d=mV-tjutQm^fN?Fuc=Ha-ryo0{J2;<*k9WzSJqVSq@^TokL!mE{+zi6LD`q zTP{kvLMtQ6$%jdm-WX*&rB?6ml1+3<#$^p3Sat|BXIl78k|NM&sT+sgTi}c4(tL6V zL^UmSHjS==fTP59@XS$BMMh}>EUT-IEZ_UtAV_~Nwwr)3D8re)V^WCurH^kF1R=#& zKHU79QyvdjF*Hs)1Z4G7eqDzJ`^PDsT!z5g<#&;Tmids}hO7ISp+5QD|1c?XXn3p} z+-V@z6i9O{6flx+4Gu`NUv00sO3t1`waJ|;*wwU)u`Dubu`oqpd7}o@+_FQt-xM&o z=OXxGm2W`%$LRg;iEE1S+QZeS(Yb@H-H{9FU=Lms84c?nmh5s4x;qynI#W4AHL;hp zbV$orQ6?kXh^H&1bDI*rtEsl7JjwhLHh#6QDu346(np<7=4rJ6v5H5~sK|BqL4-@{ zy(438taX_%(D(dX=>yme@+Uwu%2ltFIe)rpomsmb4S2D2>u_A1nS|+*ju71GojHW7 zX|g}huAP057!DO1sjnp@_{haJRd`y>*7J!K@tJvIbrp`z?5o7Dv8l?`nWBt#`A#Yof)M!qc}TXXQm1t#%6K$Gb_dw8kSm-wvfXWT|2Erlow^gS7 zpU*auec6PBbr5MH*_jSVAc9OMP!I z@xGJ8Q`eY_sqN(?XN5rA?MA~jsleG&;oJ{`^}dy#><+&`Ki|YI(R?6Se?If>FoLT~ z;_~*8(p6X$Im!YL#p6g-E)R_c;3Cq{AQv+@XggPeXxdzLUSoiJ0{{}fjc0V#7N2NM zgX&us7d$p`BtI@w$yluGQq-+LrhXu?av4wv3#`WflsbJEq9<;HH(PO`k^av}{Of~G zC?)XkT=@~&UtDk<{I(RhhRKoTK}2rhK$l~AD+uCwDw@s^`QaVA71c4iLk3;7t;x0t zyrW%c3xF*zliCD7-uZ@J=o8HMsf`c(ghJ?7Z<18^tgkFWu@Zm(spn926d1egJZS_# z2$HJFTlA3w@0ele zpFqMEdQR~C`Su$f3W4ENZ=ygJdhiC?emJP+HaBHj2z5dx!Zu$X`6r5mtTo3;D@Ffn z@c#Uzh6&+L`t!KIr#j*pGiLlCOi7k$HZZ?0{AH@i4O11DTNb$5I0+UtRR{1u-(B<{ zgo+unE2~rnune)SSl_$43~Ao3#^pWFzskzoL&uwV(+&HwT;g0u*LYa5x_ONxES$dB zK_$et$*gmVh4b2iIiC&p2a{R4n($PkvJjX@?773?Iq~iR3hC(K_*r?m|n(o zI|29wEz0zNJd%1c(U&PhCJ13SdV@~%zjGh{nPxW0X=#Z3{QQN*{~~z{jgCeo@#sDUSdQzhPn9{$UW{mul*&Oe&1xcnaw zf`2Nr{1b%zkB|7|y0jFysi~=*6gcs!@A(5kKA_WIImwq>FF#YJEmbK(D%Yrrlp^(0 zt9~4YP+&ayY!9F|G8k?Cy{9@?W!+yy;=hBph6S}m1b8rlpddJOX$1vI2u)0UdOB_F z+nm4BR=V}J8+r>a1rY~h-e;>Q~_j`jlEX|mVrDDyv&XvzKB#!^$Lw-U0jSTM51Q@ zM?MJQEo28m9{95hmD~PL7&Zn7aV{+UN{1g|ll^LsX{_LT1oVh-B$LTuuZx$vmSP<= zGAUK*aPnG;xI%mviMlB!wSl`Pf6{!^xfni6yvS2Z#Q)}FP$SwUVIU(Ru?%?`vlrs= ze~=j(6g+Bezo+1l&mmc9kfx1<)AJ$}6taDQKaefRpLA#=p24{o4WoZ>Zr9sxq%Xhx zkEXo%9U=}8p!aSHTn3k2xv$tu2j-5}+I^f)G=Kg2Wvl&Xv0#vqD68Y-+H3*7ez{&9 zJ|>#*obQhuKpyM2#wlcUyMrL3`{!*=em9f-S3kFw6pK_g@2>&QwJ$KhzXKwUla~*R zeEvspOP&8wmLT`V4wn!Roe&bi5QTZ^$EQaK6U7cd*ohdDlJehM(KuTcnXhu=$6;Ix!pXiQ6; zHyZxu*Y%GQ^5Aq{`=?TJKO(*U#UC4gTOhP1D=IutU2vhTS9H-tGoOA zCGI}IOodAI|Nq{)Zqa|P$$~&2Alw&il7A>GqKpsc%OE8t5^Gear>A#2O|+8WX!f@d z|B;krlE1pjL7wT~G&*g%zX?(CRNrR+YRW4j;4xu#cGV6I>;Q?{z-E85f3oc`mG2-k zQduH_=L-M$i)hy!^1sU{2q?r8@sz2 z8W^%_ zqvC1oPpPEt@OI%!4lOdlQyO=;$FP%tEJ@qnsHMplH}YBM;y-Q&=N?oNR+_=*q( zne?BIsHo2w1${*ZV>a6pqUE&4pm64v&%Qe01BI-!px0NH$raLr`FiH7`VuB+3fHiw zxx>IB0c|I%DDGUt94!fyb-;?`+v}Q4r2>NEjArA7&zJ|(QyS@A%`?J#rW2aVfiIq) z6l@DMtp7#TJBG&@cJ0D#Y&(r@+jiPCX>2x)ZQFKZH@0n~vF&8yWHP~?zR&yYZ-4i% z`^OyfXRf){TIV_;hb{*9Ooo+k({gz1^QZma>YDmh4{`N)l}(dxPXbJg3H%t3n+u!i zV<>G@fYa*voE4iR^IbbN+1+}ss1Wz{)qB@mJ`)Z2_lQfgMF0W!doe)4LwU1wlg)dD z@R~dM7%#KCn4=RmuJ2meh4b%8IMSC;%Rb}wz_k~q0bF6^ksd!0&u9}K?T$eNEmPS0;E@mA8+(ZyM_Kyn|I|{*kX8`5JhJ~ShcnWg zoXcY!QVki_3$`Qv(4dxZq}?KFz?mB-)kYoRS53^M*tAqF-Y~$L>wER@;r!X{>xsi@O~F#wGX|0$Kap@gT~Y3B>=v%PkGKjxzVJt% zl|{2Cxb2~F&X6EJnbT54pRhycD|p|QHr4CuKOhfE6ZcieZ^!TOE!l7$7 zy2@*J2yUg!z^0q;B0>XY)?K=k`S&on>(wza)Oq1vW~ulPF*p$MbmJIz2{N= zc`)D)ve3OLW`+B=4*%P+#Qc#fENX0cn!z&-cdk>E$CWbmOV~ylZtQCQ3DVWzjp)D9 z8VeW1i*OI}m{z)Yo^gkIWrD!i*qQ&Prd2pq_$R+=dk-Sy;}94oJ8?|Gl*_JMp<-cx zp_fEu@%$H~Vzc3C=mWA}(u zsb+KQ@hZJ*h2+X5#gZyh6#mrtrjf9n3w@-SKn~pq?(5RTM?*t=LOFa{xTX*RA_hL# z>5G7oPg9h~P;@=Q=+feUZxS_Ma4*3|FIp=)PORu*L;Sd<5{ityQ(Z>yQQKR-*u_T9 zTGRUuHqIL4@MCJGQgDF*+*TgjUZb6$^PZOt5gKEvwXt6Be8-~T+} z{(Zk`IlWn}s57m)xnK}mH4t%-8rl!8rx$PG{tZe5#kM3mh1!6J7+@QupTE8y{(9u2 zh^V5luOYiH1#b{hM&~;jwgS+CptnSL3 zH55N=G1`xPQ$uQJ!i=U<$TV9PN}ofvQw#%yNo@qd z40J}r>6byfEQlVLG3X$;YN-9qF~aMo9%`eBj_S6mcWGEV(f0HBS0=%5|DX&olenE) z-{6%iv_);0;b13H6MV0yz$kPnV>gO@-pl;4&L;bx5hr|<{hz%s*f$SpFp~o8>x*9x z_X53$&q!LAXc%xvj8`XyA1|0}7?2J&7&xJ)qzw{Pz0YRD-0%AR&A{U>uR9}rB|PX^ zxL%n0>zLJ00b?4E*|D?xl*k{Xe|>FP<$sI8k76VoR{H;d_9*-zf&gj5zS&~9zYL=E z3Y&436zb&l>y)oAIY%51bDxkj(NLaFw~ah4sQg6}UPio;Ug!}vODhMQpI&pvuB6Ef zC%q*fAHi|eVsJ*__OJs3si%b}?`YKQxghQa2MP(jk8WUzYw)^zOp_1_1~ES8e1+YT zT%Fq8$Y|Cc>saagvqlixIV#O_P2zkiJPY@KFe=G2>=O-bVNrO*9$XB@c&uA|99`$W zYmF}Oe{UQXG(Ccn6a*d3&?+oXY+wNg(Q_|`>G4PKKkDxPS$y#KVMza8_y7Di@FqFe z`GW9QL;&~*7xyOyK||TpLEfYV{MQ&Db)Y_n6iuZ#!I4=W3@Wn!BsYJU2FIDIxqO*z zKNg)_hW{@jMP3kAj6!faLisyJJe|Pa&1DP>mM*x2dRd(Ua#eT>@q;)LcE1fEZ#FU^ zpOk?bD|9>DRx<7~(LD=zU=3kAceY2$ckB|RB2hL&-BSeg@7P(seJVGC)5HyG9`K&) zYG#j>{mPYqzEBgir+!(G*pMGuR%5eU1n2645TRbK)iAq+EMJiDq~^`04~0NWAukv3 zAQu4!fKTl@%%LHmgPXJ40ru#>O6-oGRVGY?i}Du%x&Dm25SrswR6_@}TeU#Hx1 z9xmegFprIVo{`PyL&~P~y{mN!yX;NTJCnD;k+I2w@(bh4s0^F)Nw+701u%ZuGc*?q zZ%lLT;#(Fo$|%zEuH^lxUo}!4_{F~`%VD27$kh2xn|7`#0An@7P8n+7injO#8AF#? z{=Y1WeJ|vs$0_396W_W`WN&Z0&leA|{TMg!gYK;lolGRP;ZTQ{=iOjY&$2td5C=(m z(mrPug!Cq-2<63 z*)pEFSXE)%Zd!837b+lI@z!}|v81AMOX4Vd8ouOM)5=O+N zzw{5@ls4#+>mlWIBZ<)yN9>Uy1&3>*7aaXF0nK-YP((t5OnDH`ce}0rla}p~ zwCzgu;crs)J{GbW#avcSPgg>dnV^h~2w#Qk9?a4M6RlUO36luRVZ5V5$)V)z=m~Jp zRj+_9 z@jVUmO}lw3t47V9-DzBxb2lmZJTigd|2<;=`;y`}Vi*v4rHrHwd>W}xRVSqsL^&P* z>Eej=Xsa2FUV}6+Z{isemlSm4>nAb^&S&x}G>LbV!S_3cnGON;%}30?rpky_MKg== z)V}Q-rPuEMykg&)@^P;Mrw_dCa{c5_z2c8u$r}GzhXTuOa-~^^GNPdF-oTTvEvX5|Rf5`|0jU=7SCw5LE2_ z(ADL(g>chaw*T%+ddB-U%s5-~TxXTYuXM<2bNfwh+M^veootJ6)Pjr~^h{QhF&p53)tGQS23GYigftUmDKs!9 z;v{r>QTtyl+9ca~-3$qFh>gj($;s!jY;i(Nq-YShBOzkd_@F-CVPBq6Mo2)YbS7m5 ztqGo(0OhQhr}sNH+hR+=BzQuh=YB9iU#Wo6-N?QRgs#?4d{`J(ne>( z6B8)MOP09Q%bLk@FqqHFeWGdpe@I#n>!zGv``tvUr86Fj5eS^{04bWqnjJLlQAw`1P7Jvf5 z%+TkICp5`j*6#>okIUqCtks^lgp>Z0DcS9bQQ0oiQ*86UaH0Qw>amb;%0}z=(K!21 z4RE!0_)yMECndrYaA2Y%Hd#?WAF9M_YaF0H+qUeQg}+&1z|_zR=8?G$I8VYcmEyo) zp-+^UTp3X)c-)Z+>pQUW^h%`SMdPb-OLR(bQMx`6OVYj#IUds%$7iYz;5y~ZF8Pogf7)@LGi`gG2YOyI}mtj84tdgA2iHST8Iks(ySsbS4rgu|(MG;WWexRYDN=1Y|t>-k>#d)$P5E+TC`G>|7Ry zTML5u%hdTDLF{7adv1&}J8i#y3al{rp+&V*Ylk~$ueTKvVW1J;jmiXzVsEAy0VI|J@%EJ5N;R{}JX-x3UARz>^c{j{<^JwE!~Sq9nVukZ6M z?jet>k|fWKK06K7Gfb<0^;3sg-8jM6EoUZ;h~<_jZQB zht%8MR_$Q*R_H)U@?DEVe_8SO%<<*mhWG&0?`t`%Wjun^@BVPvqcBNn8tx09x9nyH zhjX2qhjz19c-x%xqhKP|uVorbT6_V}x19ML{8rMm8y40-j=D&a_~|L47=XMe$HWbZ zTTWm~&5Tha6zoF^rLhM#i?!5D>sRnbQKdUHPI93?`<|P17HY&1-U> zE6idKrH}MVUk`%Zyd6`w3@!xNYu=zaFgvTUB-3f7$#{nIO=qq&_z=4%e zV6RRS8GBmuNv+XT=Wxccl(%#a@Ju%fPFe5VwJ)!Z=F#Hn{Y|jvl9@aC|EP^v>%OsQ zg$rn*#X+;YqN9|8tG?|c-ZKa}?Blsy^C?@Ty~5UbB+({(X{kHMhe+UvX++qIWs>0Z zySpg-4|cA(A}9TT*Q>9P=oKP^vknS%GlQv4=S^dv?iMRO-7TU|J^3VtHjTSD%#LQ; z(g*FRJ3TKLXF$avK>*A+ECN_66a_xrK$G1}7q~B{P(S2p&7q~!)iS0fR8L;Oi|?$Y z*-~Ge0?6$V{|_iqQhO!{;SV%OX%?yI3RonrKY0xAam9E-G*}tT12;pm$FEiJU=G25 zo&+gyEJKJ3WY{C|j~A-T5u+RfngtF0{?(Stuz)wNH}QT02al#Po{Ip>2H5_ND##0~ zPiN6cMFtUltIl4$+^QuBWi0yi>d5!SBlv%Dl!H5(uic1X7c@T8?S`S1L}UC_%;ZC; zZu`sI_tfM&?oY{vP!DAlmFq(g<~Q#Vv%`wk zP{jLL{kx1?FytN+#LJ*v$P*HT+P#4uu2sW}uUm6}{R0oQ<_x9B z`SBqCmV?RWCyUzX`@MsSJ>LFZaQ=)lq>w!ZZZ^D2H?|6#AWzsV!_ZUn2Ue!VH=U~t z3BnG1KPuV-atIWczTYOt{p4B|ya{u0hJciI2wx3Ixk z(Zm#Aa%US!VLpsHEpmx|FFz02{8uXPn8wLAHqdf zgX`UM|IpytUU_|Oh(b>%1n}>%Z;XM4QlOVB6wah>)M&@JX~@sLgr_$-4jiM2%&)8) zY@f4)b;F6ktIX-nU?!&#qqXKNd!J*>$~z}+zVKqXT)Atv1jmuL-EdYTATfgKQfUdt zYtJiGQm1ylwsrcKL3~H;kZL=hXpb7sRGPXP%bibC-4V4l)cqe7vI_tn$SiY@`~*HR zV@b)xq8(JOs@{Y1P@`E;uF+*al9!zvbT(O_- zc#EIn+BA58p{UL-w!G|cqB|A3QCbE z1{{=7QH&dI8vKvy7)ioAlUr`D~MEbA5{o4M`Uz&*G8o zyjki^)3Qh#v>7&B18_{S-crQ(Y3Hpb$pN63&e?l4u$+ zBLi{z3cL<-h8(ISo-7s?11Dv|6Y-pu-A+O~4FTk)!O*lL4qLuS_yRCZdRGo5N!;Ed z1Kr}NNX1m_*$?#IB&W_&)`(SL2(!-d9TtyM7MKJ0iImlZL5AB1Z1w<(`)a{~#2Y?d zo2h8`Z_~S&sm5rqiXEr_fvizr6eE%zgkc;<`__MIc9K+s4Z)(g^2eLn6dX;=`CS>t z;he)G>o#Lp z57SORvXm~<3KAR19xxC8;u6Wla^V`Pu zIJo;Sq=Tsj=@IH_^veqq@&;dI2+6Cz>QO4qcz1xRfQI3C-qv{YNsKT>u??G-6R?SU zt`@VsS>pwI?rdb`-Mx94RZ*)O_SlyGzaV8eF?aFf>Hnh!Q(!veAc_N1O?xrpO^X6! ziz*6mA~I{!bSS>%XQq#&m{PFpCpqw`zo<4)UmR#3i435)8(k^l@K?p3EhYpBYr8s1 z>rJJ5XEu6Dzlb2R!SfvAP;Mc22IKgW3~WoW)cTLczf`9S&J)SP52Y4LHKG{GPMN#= z=!$TDA2Hly-b_u$E|5xrCow!U!&TIN=Q8gpqocKJ=l{8^48=!9Q7qcm;RwcoWY>qi zUXfm(_oZLEeJFhOI3SbstzkL_p>#zd8?CC{qD!QV4nhAvrCO{9H+qUFrpD%yVbSZE zJSDe}Fm%lfvQ%QeTkO~N1Lf_J5lCC)#qhY5SS>q0f2F;(`A?hMvzKd&Ny3%qfmh7) z+s|*|qc-SUwF}{IaB1)D&Q5IZU4>s!28o2A5tqVt71bqL-6OVBQh{=($C7=M@cXP6 z6>vqVM<8nly|+15q%4x)THe#Oi?-JuJ}WEzzK#Cy^CqK0k=}VC71?qCl3m?YdsE=% z<{cdH7xE)PD+#T$z#RJQ>x^J)r*s@jUD6z?QQ*R{|8(~jE3o!sW-#O1DbH3;xc{iJ?gWB-?a?_V zMD63O$A(qem$Y_}^SvY^@?SdV*+ImCjvtWI&_)VH35MYZ-@H5axi4Ox`*lRvN<#M1 z;8Y`Q?&W_5c(Y%GAo(c%5pF6x#`7N1ACGjE-hv;E0>8uB7O- zjUa=#OqjDkG*A1q zDhgiy^!GmkL~0y3f5VD&>C0-I$;;-teAPZ(1nq6kA}QCj&9w}mE~@rj^virP8+gAm z`vNv^;i@OuU@Er+m_J;n&u1OOU=$%P+&X==?ypby5(f@LH@_>JHz_y>N*D0Nqh{O= zQXQKYUn&b*vJvR>n#}?;OH7*4=JF5n3I5jSzZ8aY9agg4}lVS#Mr0H1>D;-9}Fi%ed^Av|G z^PkbtGnkG5n%?)P822|s%x(n+(F_dbJa$I+>j0}?5Ap3E*}NfxMONu-7G&Nqopf%w zjPD4`A7dXS)Q8ga5X-iMwJp>~zHU3Ub(;0wRN(BQpi2RX>+w8vIFZz+7b;%UIKgbd zY)dl1sFS^zc1umS786U*Gt-U7M_(bE-&|U&1_-iTdPd+d-#@jnfl2n0`;)78<5r{BndDgReC+DwIEWubedM_|@Bw%lj8)`=PNLjHp&KR-_KNa~n)8U&! zG;SMYqe)f$QutC|Y+_cPEOO>oEo9z!hYk9MwB2duY02vJH;|hJ>zpB$C*kVMs%@>6{%)Q#?J~MmRd(f#DZ=!L1UFh%F-X8))M(~ zXO5;N?`aO!6}J)a1koa9I>-RpN&g8qaeff|6K={~ry>H?42v6u=Mr}3rTt)RTu90+ zzzF;NKl%Q^1$M6CicgBh1%UBm5Gtg#dm>NcHz+(fqYX;kLgZP)y$j zOV2>bs(x8TcW{#eatlfxh_GGniF)rZ|H&EIG#Wfy1g++PQ%=_NU3@EwOF&CSKz|iD z3Z{|H|cytQ{+Fk@w{Sr6PYTO*`xV)(d5Y%z4m0nc zk7Q5F&5w8CW`&qjd|uAeOm=Mjh{&RZXW?aQLqJwCRS;U(8>-Fgy zz@Ouzf{RTC?>BDEhyPP?upz*kQFu2-LHv z(`qP_zFXSj&JKhvr)J}ixPX;bL-Juz7yOL*Ei8^=h&Hg=RRGKnfLY>c(edvNS$NHz z$cNuZ(bsZ}{35F&>Pl`LNB7p>pv1Yph;&LPjbN}^R@B76%tgL5GvI2&SNB+0%jV9& zU9BGo#FR05WoTbq%>vA60}Exho`+|fr_ZTf)TkLz=H`2&i_;gS@YN}c(%-`wjgE0O zJ->VGsusc?0X8CXHDHbBuq<^t=akyJ7-djqOqO6QJ#b=z+(tZsPrz)v%G?{S$NG@Z z~ttXQCn{9|a@rVZq zxXk+f0)UypnRPe$zsFtaXwZyOWIA;lC1@dx%Qmm@0uqm-(ELr%GaPo?!+o`d>HJPP zuR2r-_FV7)WzaWf&I&#C8-W7*Gnri9SUZi6cu>b4;EaTOH_BgBS7`xD5PRabt1JHyuSUr4uXH{gr;*k{H?~I4Ui&SIx?M+S-NMj>3?vUS&Qv{ z2z>5o;erm)qnwR~(UpP&qXzz%V60|>!AO;@{HT*!9LHgQzT zgGhx6PtL1*T?p$OA3QmKt%$zI7zG&wf$4xpOxmHFAQU>)!zY~+{kBgvwASxCeUO$O zT%emUC6S43uX~jgL6*9W7QjZIOs+R`X-h%)!`6*XnfHZWyEin;$2#J>N$AA-(chUg z3i@`#UVpkC9dOuy^W`3OjmF^3D1@baQOmUn&1|(2186tlQ+*Ih5e%oGq62}B4UiEJF+#lL9qK*s;}OfvZD+0D3;jnCzc z7K(HN+ojEgxTG?)QYQRz@4WX>|FTq^L?p6ZynkFqN&jj}KRq>+TfuXEDgDHp{d}%d zk;=?%w>{7TIqy061x_Tg7uZ+!O$qs^-FVT{H*YXpOOr5UU4DOj|6TBAZ6TLShG ztkQphJ6;RkP7B`QecI}M+$>U&a7QBQed8KNztT6Gp`&hLwJ0!oeo%@gyk1UDc}f|i zeC2)9C>~RcT&S91nw*+#ka1h6QYBnl{8JEC2x-7lxu)&7tbLo3LTy%KsiO=>M;WUf zV`*f}3!Dk6(Yp!wx;DjR6ss#aNPC(gz<`qgzroLqBmPb1M|um#p{qTCMasdo*^o3v z05nS@H`K3;@uzqip1K?izWE%ulm|iCt*-Hs+QtKBH$}l}2KZ{Z4%Yxs51C?&Rqv?u z4FRsQ@)2Xa_!?m$OjmFsYEC-nbp)c~-bG;*rl|B<2_nj9tgd9}S5AT`KX{qc9Eu~xTj?5V`NRszQ2X2LunfHlat7~P#S*d--z863lwtrj|qQ}Ag5$&5NYiby< z`#1I0Mg4azdS7X>A4w{j2NIw8hLD+QM651w7+kyfR$hrzpEmTvTroAg_XnGxGZMm? zg$0Vkf6G4FJ<61w9)w|c$Nnrh=*Gfd9q^ko<^ACo+;!K2y(Br}Et3tE1VJir>n_f|*f+yZvME((5)rI)lf+P4klt9(RJ! z4Xva;V~{V-8MlJ+iCf1$i*B}T4Lh)uuA@N7F>vbQNSnh%rIE+Qk_-gGV&F$X!P z6|F8Lq{-;pI^7X_BDSyEME5f)dC17^cXT&x^RHFw{gsi|=}A6-2hW!(4Fg}(K$ByG z4-$q9nr3pvLlOEWmC}Vm-2+lK^%6I}3GUj&w|e?Jvhn83QgOBq3ZdfQ1iZ#ZqxpOh zbC&f84p?mI@9w@(xZ9^E_`zu63qug-TD7I*&Cx3#e zFVeMko~zc~c0`5<8%n>5<>m;n&ij0N*X4!vsJVR>)z@Mq&4AuUeO<$jI{pY0v-O!> z2O>_QzGk303ppR~+ESL@1{^Vd%Xp~t6;>DSO?^P|y;#`RZ6nBQ%Q$1vUFCY;pIMy! zXhaczPmdz$`A9`AGwU1RC{;R2LdSE7i-_18zcGKYQT%YgppJgx0a9yXTF)%TOokXgb(MK;dEwSH0*0yY6K=QBu?JDRStJvafFgSnCu0VGbqo z-Jjg$X#%2YN|Eqx-Mwh`?)`y~&bvOW%0)n}ivDg_2L>^DyWNT9{r&iho32FN{gWsX z$;Gfi54?%=Ey&`q_iQKi((9QrhiaoK>p}>{z`5bLW@rMF*DPY7p`~Yd%w~PP{M!Df(Q+|RBo=2X>qd^!)<^HzBbAoS3#HEC#{HHuiv?Ak z+4|+-m;|_U-cvY@-AIR|@EtBwC}!L5!?)|X{?)9VMO!QV?s#fE=6@?z+GXx#n$ku3 zLY>R8@Vn=W^6g&GM5(>V~|QgxV*VVmu27MbR&_y7a!#u%iI z>W6cD(%Z>Z@&~S?J+tm<*Vk8$cVhFI8r_bJuYqv8XLt(LM(buHdo!C7i~*6*Tevct z?Y)VgG~BXLI)S&L&Hx_YJ~&&$<5@=4f5 zoaHkp*_W)pR!D{G^39d>gxNw;P!X}JH0uha%?vV|f1{By%L^&>9koq3 zG}jAJ`%vB4Ez($^y9(mIFi+PqyL^Wx3oa`+Cz7i_>0&J7p>~r}+g~p!9c5NBv~;oJ zy%F2r4Oc@S^g0HZgdaZs9h$BmMA@0|Z`n;x*KsQ%WQ?-msOa|`MZ4jzt>zHk(5 zqobbFSNkyEMoAc!k z*F09iq&*aX$#yV}M|AC~OPNsnx7UWn*-E5+y%8I4XzlrTSU#f-uNfWX$avbqCnRxj zG3vyn)!OMYi$r0rpIe||GwJ^xTr3={`9h}rJLo!Lv2xOx}%;Du=kmx)Lw0u#D(AU7JUnyVHuZ_&6MV{KN_f#n6YeV{!qN(Ao+S0 z10ANCKo_$(fk^>U7j$Jg8ke{v`=hiw`<2>|P$m6t;Jf4&2KTrP$J>Rx_kN24_477_ z1V3)B6vMj}*^&LoaGHZY3dYCn2&#ZtAOiBn9C$tIPwb{-)`KRiiI5wjB8#g&)7?sp z>6@a&8BaBgxoYM1VrtYza}k(3zASg*P47oM5<5bwb3_8kZ)3AVDri10(Yf2eMtsVC zL$>Et9=^egNXU$cD4*!_+1H@MaB}b4;O2Njc?)Vns~;K81=f)V%ugHj^p)?gH;!gx zI#VWJch&wBp$*}0xMbHQf{rV}-dw!wdro#Az}ptuerBzTrM}a*t*KH2P8TUBfAS#i1a@#Z$?HS zdhlKK=h$#>?oTC|lT4;W{%Z)m^KCBfsMPF-Kv`(ksj_d=jD4fjC;VfM;0dEtG z#ikjbyXCQgSBi1juY@jV3&Ux#iTlaMahC$Vv4U4C)$n3tOqp5v2@!1Dh0WIA*aL<^9=eX7J)F89FN*?djS~8_ZL(Lr?LL2{0#7jmUc!j9; z4^m7T&L(hPU!oPTTzdwl3?dXR%(*j)AAD2|=Ax}+a?%eFtjP9M;Y8i?F>TR&r zNwO?PhN`gjDjaJ6Gfma07_7kITd&uzbiGQoOuyD;^E)+< z(vn`THzz7|8=g0u53I>I8@P(d)*Wj%{hX$uss*Xe`TKT7Hu97x5#02>RZh;^mcMJH zP(QR$W+wYst~rW_V=X_{0-SR6dt>9dUQbxZONi2n`s#id9ScLGrXT(Z*Q_m8vU(>&OGXgx^0_kOT(2XBrj1x%OmT-CL&+rn{v*4EOP+LlQ*wU@@kPl+_9Y&##_-VEHud`IQO~(Yda9H$Z#;g~f)Y^|a;mgy$FY zvN`9$SqkCuJKVV=#!_rQZncv`CF$rTo$?zux=@(1Oy2#2F46s$i=adJMZ>3TZ^D!m zZ{!Qr#h86Us&o2m)4(Ce8Y8~tE$jtA{9!t`FP@+V)#ua!wuan|8d^KNWfWARU=|2+ zppzk|aPCSB9;=ck^Ty!SGP;P-R7@z|m58J;9Vu4?Ne0=mc-dq#R_V9FREL?#;P^N- z{ptgr)nAK|sL@RJB$n2-%V$bP+JDgX>HEj0QOIotj8w+or@TlkzSeK0Rn5)S7yVoT zg$s|_6t+`%u9qc5>-Ez5w~!@l(mQdK+E4Qs!gjv>CsY%AR7TpKlwE~cYmIkxn%zm4XQAe zgmJic2#!FWt7|&&qEZpCau(z7FEA(+?p7N5t&_0>Iag6oaNBK>JP|Gh^|Y(BK8Ei4 zi_&_j(dl6Px7By@eMDi3f^L(!Iq3QRx+AsfNEK+Pn2Xt&M9`~-BCA*bmd%ERBqA_) zgFSECM=&(YA*{`^OaTGiqaWiyAp;IVa7>4iT zD@{b4$qE!MEX0tHrty}=%mrqWYWw`~z6ce<^G<>)HxQ(7`@3@XnV0ucRO6$mXKy2fhZ&3^sGKll8%c9afaSa5?t|m>1 z4H~oDJH}rGDK&S68TIc`wARdtq&uQ@vB6PvyMn8b58F>y+Lb5v?*%Bt_9+oFEbs1C zeH-7YNe?}+%u(WXW!Ag9S6siUSzCq^;E6GBoKK41W5n9@NsW;w;bb3Rs1KF~U8mS* zfAMi8>x%p%)G7JWSDa4jm0RDAO`0^RQXJt`n^is?ejXSxe&0K6O?3`Jbzg!)tj{KDg!6%o37l9SV6`9QeSI9s^{%BGfJoOO zb+QCkoG#L5ky}Mh&vxViT(B*@r42qZ77C@x__!O6Z0QdO1zYw~Mz9)ioo>bj7xax-&Sdfso|4bV%?{V`IH6%Ti1o3Gcfm%y?s|op!$gQ2L-o|ki1TTBjW4xzFtM;m z)1&sF@Il9w^txpTPk5NHd&8kl@)KP%Q$=&CxA8<9Nxe8iK!kD>;rv9gRbd}ifkx70A^`FUM z^otMFX$(2jD^ZV?Rtp_5en9KzM%W+ndcETn3@u$}wqW%L;40ZJxZMvNc?=k7013!f z9#IVZSAOvZYD|jO6eyv1)cgo3J{E-XvkIejo0dPD8N)hRkCVQJuyf8oSCXHf$L9!J z$#2vA$jiQlyROD zXcUSjt~MGGDGBwo+^MJ9ln6cl$Sf^uER~MxC~4_uj;WA17Cu~p+}5)kuLkqE?#RHSFioF1x08>N7OU=;TQyA~ zKjDMIe8p4aoQM&y{JtJO^Nk1IqD{nAohoh`EHjkqqD$R7fzV2TTg^dHSw{!Bt9_pS z`&07w-g~B2zwUlQXDk1D^qV_L9D^gp(J?tcJBBfZm*yfa&W~ovkyu?V0Dml$kqWTn zY-9Y>GWQpO#Qs1M!%a!elGtcx-Q#!7j5=3wMuN(&$^V`a$<% zaA7*_?^{G)GrnrD>yw3M*OxT;dO{I?LA3jAX_ZCWWp*Zt$O&VK5g`p9eRpd9iWfrv z2s;6r8yB+Fda#ajaXaW2Gf~2>F5z_>S7i}^N?P5XeRQbqx*=qY$WA4r(*g}V&Kz`! zjzIt#+BaEQRv@c5$N0H_z%{av2ChDrr+;5jDa3#|Vf!YW-UYX5i^rud1=Z!?_liF& zlkP#(w1b5f?NBxG%n(eEbFGh-Ck^pQLmd+0=2$Zdqi3*|VAg;+Um|sE2ReOOLin55 zh!Okym&&tG(QJcuj2FRt9&0B%M<_s6+JI^f^AAn$wx~6q2$dl)SGGzThJ3Vmu%FI} zf61hdI*;%^*rTLqpUWxnYZ2YIA*?M`ntu88AAfw^THRQ7$1|V$+~}9kU9S5IB5XqV zkR3*j>kJty$6J44ioLWCf0?THJJPG}zSoPf*7Y+zK_|;y(YWE}c;`m%_Q(JDdn4 zUex+lVI&0X{;B0%^=HS+>}n&$8$^fvn+YC~*<7rgkuBdM?&{?4U%69LYf7M0FcG2x zoT2ePrCjq&>z$C(qo8(6{SGFPng^Y4gx3>C{zSIL5W=4ct-mJ5U0xrLQ6k#|PX+={ zeVa}Y-mm7jLZNBF(8eqVT>*YmB!1PyhtHDfoSglnEyDCNE@fH`(tU7P-?ie1Z^X7P z(vyiQoc~mnzG%R>Ovt2`fXv1|G1BearbwC!CnLf5QL({;_f7s1$0+haiNy<5IxX{5 zLLCiT+bKkdS?$iRze#`rmv#rU0oTML1WzP_!Q0WINMD3;2wScgn=QPQ7ODzIE-Mbu zsWtoOx`V>z{8sQLGkVei3Au}X`Ud>qje#x!(CY7pTG!R)yOP{cINR3q`v^XqfOm8c z&&mmSaKC4nuMk9Rx7(_u%WWOFk_)9mQ7ilQxq0dG*&`JCrNK2ehCTmctu}&+_@`z0 zd!!T?Q36yLOQl@WTYVJ<9$?CePx#&T%rhul#~atE;1c2&@VkAbqX2amM*hE7YAST6 ztKFVV3cW3TBGk7oGEX0pV50SvJF7aA1YA!#nAGuE+da5#DTdlO8@qLcU~fP;^)J|B zxDnn^EI6@NE4hL|Hc<~lL(Xu#YsHR<-z z9WZkXfAY#HMfRKw&E+@!<|Vj~M~+<&{hX7hf-NLaapS>xNBoSp|LcdsD^r_44v2UM z-*NFHQmyINhSx}e!H!vJR9FHbn;EBua8Jm7duUft!&9=$`}EI1tc&LJhl8HRF`3CiuZG^P-z z{S?O!-HhXn$e~+05hEpSsq{GK&|(<)5;t~AA~Z|KZ8g)FnIzp&A00-4_TG|B%`Zt& znbSVA#lhpW^%t>X8_+SE6de31qzvr8N$3iXan-3>+>9EcQnSyUFPNBlH%GCPUQWdS ztxiT#C>c88H+p0|r?kT}x(FbaCD3^TV(6REEusXJU8uf{JVr;>HY6yevjPvDM_KMU?z|W^O9o+)GiDJag?jfo~UN5f5J7x-iHO%T|aoIXx9=7 zVrQvGOEDbYz+{?;E%pi23H>DB;Lj5OO06$8vVw);Lt{LbT5i91uV5LZoZjpp(xP|u zrRs-`8x6NoV?YkUhd(CQRh$PyiLtDOiL7#V2lLYAPFK9Z1E=+drbm?$dwiF&7OBG-k!0yBQzIS6eV8rhh7YzticlojCNOgXq-D~;keSzvM zP4UA;qJ`-HB!b@UY7#`d|j1qFJRG~`BLlCX9Kk9nq>lE_)zMpzAzP)J( zhj(f(_LBydo#0)-3sFv%4|}R^yODO1e)EiM!R4-ehU~lZ+l3rt(4gll)5LUbR$pmR zf@A!iZmyigi0hn_eb*=pSX*8F3jAc`QWp$)B!b=5&_HUu6x4-vKGtb_xi-646<`$9 zGmICPFJH=Cg&^XNx5#r4l&HnZrO<3hfmEyVsonJ|kDWH%=ph0yl`TLr)N80!%tsCR z_La?M+-;@Z6<>s4Am%{rSus1riLKvWp8j=UF-s5B&+5FRvC{3!XV5|&jXwqpHiKcx z+S3ZBs;>>k(Q4=VB`TvsIE;+6%jTRnzi+1MFowlgrXy2IAc7z&{FKW+@5xYn>Z@h% zJ2E3Oa4FyhG(~U~d3~GVOV8q>WB(OU&@S#F=%@e6(q(-BJ$%K%P(0FK()R|s6*}d> zZZ&Z{Gmmqbz}<_>%XqD;UhgF8nKoe5(AaLItVXF>t;GhT@wGk@aO#XXVSt`Dm^aYF z-kG)M+ z`65+GIoqGZ0TG6WBK27j1z1sP zOcGFphR+ohQE85t+g_Z##6K~Te^2?Q&3r6$6{t1SzZlC#K1nY^Wb2c8Yy={5yL})2 z!$c#Yiu@)>d{~7q^7X!MID7zav~wYqZP`bmuSqUve>#dRG|kj~bgOB6Z&)|vuJ$yj zzrccU&1hFYo6_@;zYG%$VL#-7Kiq>a|GvqM@K-{-Ka|*M|QvD-$$FK1T&}?ZRpJ3-Y=ohqk&89 zm)TR$avRPj9X3D$M%QInsz;I&TCkUwMf6AXnzORn?ed#?1>}hHxr>1V%lf;u@{{_` zx6!6k0j#0T2U#M-b@*}pUSXtnx}N)W5w)x3GVJxD`z+}pu@A%(Q;`Z$V%c~kp~uk> zD8({fD0QJ2FpZJLCU%+KD-nIfs^hEd;tEA8(ZJ1LXQ<_>7DinrmHLMQ)JTd2%jaFN ztIqi|J;I)lMT)b?J-zN>aAE~dxqL0A?qTJ_T~93GSIIU%mi^^|4(r)fu$>)Z^zUDx)|>Whvonls?PQ6^9#vI$Zu2bVd5S_y?GCFn z28Zv4KZ3Ac!$i5g-{~BoaR8E3TsO;G$GS~NDHk%;XeZs!v>t_0LN<(z7z|oI9sY4W zQ6YV%FVs=5-hfr3;5EgYrIguT$_7gYBpk3q71JIZ?dE#S#f8;dF&_xey&iv&RQTyE zNN`+2^Az`Fc}yk-GPKUN?WP zDLF4S@_haW${gD-E`>VdUhv_1=!#6>;_;2B_wh%7e)OMWJLnVP7QJGF$uuLQ%_s9w zCKzzv`DBW)vB6&39LS@zG*P3Iq1I)pfcyh!yr4(%(|_}G-9EGVm8a%(|26LllYo#r zBqQ9eHDKETa}dL@%{Re`NyzKoum&3FiN$)e;n3lBL>W}u_<8cDDFJ51JgHZDv-Z75 zl?D=*VW*YH+T6t_K#NlkQ;d8aUuY9ET8sh&?^lHZF~EFsB+Ick0j9%2^Y}6L3!JQqVc6xZk)Dv37%e9D!QA?^4nV zOD$3;?CNI5aaCMPaIe?j^b+Aqf8G@#H!gUsNfq~1VvVhOrI)wLD^Z5{vM7Ls$ZR3r zQ`auL@=Vxf^K>XMg!S!S(k=y3^nJH{{L2iRee6`~vW|;cycX2vv z(}7s(YoUgMW-p7_meW)AioB*u?e(YFr}d|wMrGgmEoFq-UmPdO5+^b653RwqmpC>pZV zRK1O4##I!<9(4I5G$p=tK=$uQ0Uc&E_Z^=DtI9x581Cw&3Mq-~UFz0aFDr696AdZG z`s#r41pXbF&g8kR&6D*l`J?i9eKxCxjRzw6+AS9v8El-RBb0M%@}nk%anL7TMMMua zu3IP}Y*bd`{b~-_p@HiiJ;;6FnD&hyq<~rNlDDCs*iew3T*%@)EJN9yaJ8x9Ie_K+Y@?(XX10k(~7niJZI(py+B`Ton#U+g-ys{Ruac=ck&z^71x(tlid>|uec+xpEizPP559E#50*A3U~ zeI|WCC&ttLdN5iHlvjw6D9_Gnj$~C%&3Qf*dmk3&a*MMh__YIf+6Hg``SL>T25N_)M_iLB}NNn)kuRuFz=&!_iY$ZH_-aq&{ za(YSU3}&K_Eq2py22}IAE5PILFiovszHGVt>ri1ob{$92%k0G-R?b2*Xo8Wrp1xr~ zt$Im&>3~-RE_u4ym1sw#S|Ml&c4_|!C32Cee#|I(eOwoJAFc2rx-dV#x_+C7$^ z@zQSlQ!R@y=vUBRqOFZO+*fnXS6g3pNNO+z5|J%<`{pO4q)^3qx zC=9s_xE@cJUCq+9HyyF4Np}gqJK5+tjkML`2Uf~r)(AcL-tkhE{8{m67BN? zC^e2uS1;9HlZ4rQEz?;uUsVF0_Yz}uo}#X(+&;mLml%FRCon``q+6OWtVtl7TC z)m`Fgv0JJLZ4UXA9x|P!2&Iwwl0K08ou8p%^bgvjHKH9L%T+4`D&*Bh?Vu~rWFMWg zM-Te$PF1&kmVfQ+Z$I!X#`OgM10h-hE3~WhYW~T66 zr&w1`b0_Oms?xKh+;q`1FH!pp^aAHwEE`8f`kb`y@muhN8cq{k*V0e-uGp)?M3!rs4fQ8>$V78kq&Ka8I6BBN+|`H0dW zm$9=bd67DFH~+})KxZ7tHAkSa+U0J9v-@6Ltv``@Pd5pD`7pB37Pa6ieKXR{S|uer zNds5K28T6IV%IhOo zNumWv?J^6A{S`34+Csmyzx%-=nJ zBNc$;e}fa|%zjCh%{tvRSKoYkm3d&+Cu$|J#b8Fq5l_iQa?y6nV=ciMq-@}Iu$gqx zBK{~n0V(qjevh6`$p=eNgP~?O1aqi)+S?ml=Iny+BeTqhgpE8su>!Ac8H4_o&EHxs zQNfz7sKq}=7n==%&3WzS!fTJvvuaja>gYeQEn9S!vl{3hUma2@>6$Nnwe(NzJ1CL? zfPI8P?gzA0+R+!`T`8Uu;1BuoK{2a7J;0hw$(3 zV^{l3ayibasX6`2xvaa93{itWs&&zOqFPV7&z3;qXWN5&=#~5y;IqEM1+mj7P0D+Y zGDjoR0Rgirl&3c)PqW#4ZtNz+fKIDBc(g)Sc0OLcVBglQGC%!_ZdZu9ID{Q>sk{RnQ;xTFPG zB!WbL*^C&Z0Q%ZU1>qKIjc+8X;T$Eu*EmConI*c!_xy!dl!WtP9&_LW5)XBy{94IM zy&@A6B69LLmQzHR&(h1Yn5qlQc`QQ{-u@$usY?xRiL$ghX_Q;bAAHh1I(;mbq>a3d zVpjcujeNS+zanJNo zV}MJG^$hp>D8-#Kl#?PC($?NUqON5_U z)3uKW!bjGvu13>KmxV4z3@JEnN7yrpN7#;gpWpc$2|^AnF*DZxod{B;vwnCcQ(@O1 zQL9!{UiHZ@tS8m_OU0>?432!retHoPAlJ;ME>isb_CE5~+$$#Jst;d$_(Qoq1<5wG zZyggd8+$o_);1Slg%=%H^2-k3syjXS2C%V>#iY4fSu4l1y4^_`)0ZB0ed;?p3sD_K z&}0*O`a&OH&eRPu|n4uX^5P4l)n?=MH(#c(u#80G3*yG(hPNlYwu zxc6e?gI2@jNt?&csXEOp7BdSu(5qVZlKUk5X@eaTAf`s1@uGh212FZTYih0CdXvD% z6cgPX)2=bQ$mJ{eaiVYB?yIQRVcgcQaLaun0YcI~lu46LPl`0q19A;F8lgrNIhb@e zu`uYK(wEoc<^${|E^8gqr{uhvcp=O&P8&na+B#G0hO*)I)C9EYzXDZbWqzF4SCSij z@({{-&nE$=?TT^cB1JV!QkQnu=8$Wm*BFzK{o#PkEKN9zp?V)yRoG0)Pc=XbefT2U|!t(-QOV~{n-g%ZH10o(>~4p{3#;l?LS$sea+91pq5O+RSE`{ zf38whesm;XR>I%U$V=z~daj%JAD@g?h#BUy3HeIdUXEO4E!gvD8|#J7H})$;l!A{{#|G{=Fh4nzQ^Vm*6)+gN=5 zrcLe!%(nbofur*A?oegQECyQKcf-u4TY zhlWwa^X$NsSMhItM>Tu$X3)v{_cy625#5K5JItM-305u4222-$XslFnM>|0qG`+ml z=m(%q&j%9)BUpQy9kHEh^AmwL7FE@Z2Ya<*hBV1QQwu9|FoPQ~99?Gs<}!|UoaVRu zQD*U$wGWRP+5b=O{5V?`pdm&r*6hgazp}P}DsWOoaqK;MIQw)50Kyud7ag>2wjb{F z=u2hJ^6^MLQeFvFjx6+HZhbW*N1u&`LAnJqydxXP_^305qY6Yn$&O5ZMs-se~s3LBY6DSPC~?_+4}!evBMZP=Z)-=w3pVv%L6@q@~ZbZi&zNgs04un*m) zdjG|iicg70F+o8;owwuLdg)A(Wx1U%VjO7S62%ZP3^{iVY@Kdnr@b-E#Tj~K*9uQ_ z*oqDoh7moNF}Ne-$z#M7+noyf&40~#e;CK@tRD7$_2brafww9;4=8_dotw~V9uj!T z5X7W!^?9z_j$RkbcAiuGJ;jlG{A)JM5x#v^2yEvK#UiK5?nAfAGFHmZEAs6nzxOJU z-cqqAMv~qD3ZO{q8HX;kT;fM1OKT2A7d41c`q9iGmXin^LX zJW2(#{7?TE`#O{oUk$lKxcaLN(6Jeo2N;~lBWsD25|=+YbMhs$yuHU0*fF5wXN6~kiPnYB#}C19?5XqIY0A;k1hzl=t zu4&^elOHEyuh8t|Ry&M5%&gA{QqnV&s7P_6NLViA}Fdz5@f`ryN-$ zKjj=Q1S1TBP^H3B)1%Zj)I{I#oUuT_HuIS<3KJ7I31S%SOE-Sj>q$bDPhrAmQ@BL$ z$|u?l`zM<})n)ib=?P>~IxnyR?Si?Qr;e&G_I*U%pZY zklLBw++@cU>PzWW9TCu1BQajsqi**RXQsUZi*j60jQAliDI!IAaW%uohedPP4gWj% z$^5b;RDV9R)2ThNKhNo)sP=f;dhEg(zCUBq^0c{Sx8WGGWuP=xx`BU)l!qtmTv@y= z1X9;u^(P*EO3f2Ug);wk!`w5A8R*aGNi1YE_o-+9tP>c{8fHHHr83LJ`C@9pjV92m zhK`k0@1TZvu-;vU7{6FFdF`-?LNf?*8s1LQDS-O0hdyHY{T=_VkH?AL$YRM4d`$Wy z(YBqn4g?S%_kM*7`_Z{**t1<6AypR&Le{+`Z|R^TSsZW%tLDyr<(bQuWY@hzLDpp| zj?ovg`L`u<)9)bgj;NoJC{OT7#f3m~MKu^-b&{G#Ws!y@?hhzeu(~EoE5n0zh|Ma7G|nU_3BViP^^+Zvmtu=d=J5XM`Gj@ zLM5-S9+m&)Q<4#{|A$X)(o+l^W=C;09HH2GNWLmq`Tzp~L~N$e4*wE@&!C}!7NUm2 zBoPf+u9Njq4CgEahwC@f_6y4KGVbw^bR(1*OhURpAwo@$Jt<)+@~syb!28$B!u;W< zCbEZgz9Y=^GtJV4hY2+E0coDo>^ntngea;q>(V=p@UeS@wpUMmecAE{fI8&3nJC&l z9mw@rT*6t<;CG}PaiJI~^=%jGbLzz2#ooVUx;UiGnCMxL5f;oo6J7=Jq&1P; z-RQ#%gBw+bNG-R_A0S-HZAWHY{BdUmx~L5 zPi?X3zv+AL@e`YrGA;goxtrjoN<^}l|6nkvJNZ3NyaJhLp6~nZkxO25Vt0sqVD`R^JdTgND@F^^{VAs-F;zFCUPJ(n^!0&d*T&i?1YC`^T!+(|(>l8@_Sd8+ zT7gdtI)4+of89rt2)Gf+8hn2=R?BbJwS1^4iFzGG)qgXfy?Xl#0AT5@RxIU)N#U4xRBlj)sC z)aqu=9*Bk2*Nn)7>$AzIfyY6(V3*?6XnH7!m^R0y)y3j$KADjh zHFS$KP?LdO`ciakO9nWPSALbtLcp8*r$dH)t^*JC3rFtdk8(AyWxgH*G<_H0V{G+D zq2_ZAT*D=4oOCp*@)G68tshk1u`{A3%?CtgzNQf7{MxT#$|R!Go)G_$HG4d@1B0`7 zp!0VL!_T7v5uZ>pen->&nd)pFYb;Y{C9`9MA(HZt|1%gvrPruUU z2xAT8ZQ9|A3~I@IaM1=N>V-B1)&Ti_MCSF%KW6u^FG(?I`guQyVB3kZ5f~ewU>O^e zEKMRby%X!p&`dpx|B3Xz&ic+kqjbQ%Okc<%@f#0#IjhASw?Fajns;MI&vfNV0wywo zd#fm9s?m{G$tw*mgqr^y@0lDQ#z{V;J7=xwdF3hf6Q^FX4&`wwJ?c$t1^?y%nUI%u z0X-TtOl833Qir{TN*H6i<{@!&Y3Gl0IaX(MU&VUc2M;^I8?+Iv3j3HuiZ-xq2ae7U zDzZYF)$ix68{af-)gn9;i-y_=)sgRX6)u`~@9Z3^Y|@@ndAvNhSi<%W`aEPLx~C#-Zw zHs>1G@3~~@#UhNAbg$XzyXfF) z2&*!er4s5we1skYo-Sr@Q8I?v*o*ZUhsdZ3PJATCnW@cs~ z@If*sJ$m3Fv#K&FD{D*3V)zH&^_xDoy%91Hx+NsL3BG_?no{3$OFvhQyNK8fB3egu zao*d#`MgIoO-N2dC9rF)&4)k~Ap3mwLZ#W1@p;ID*OC8u6P|pU0FroSWQ!4)b8QHb z+E{D7kESG*e=AR5s^0|+zsAFNBU{By3yF()b8%Ee>VoAO9wlOd$go{R<3Q2&Dfl3o zA=^bCLu)s3wt&j%>x;B6Ut-+0$5u}_NBpO{CQIa8PB#=p{I8SMcIf~0lmFo;|6T#k z>EqW=FQ0>$lnWgtE=20Ny%i&3pjJvtTP#nETSjR3!|aH1yj=Tnw#(;PEpPe~N2&Lf zv?5||6uNy73(_?*C_~9>=TZGPQgYt$+v))Bebio@?lEg}@}-5h8AlQDt94Q$L`q6p ztWl=u&+)`+y8;)t_D6V0_7HPn{Cp{rlX}9r=<3W*MBZpW1C9T&w12%4!}(Xz?~htA zV9{M`ppL_D(ucgBryN15N2`@Zrm(_2r4;=@EUp>dulDOh`7u!0G8{g+{;gT0#X;gD zMI-!smALc$nthGT(Y6wvi&2H?#qyAW9hyUg>m5ysUdw^JYr>fM{E zj>Do5Dw2sKx?hLqwxy+|$8;FIy}c_#X-xi*4}pQ8(SVl4pMJIc0zLl`b=f|D5_qxFq!*oj0dr%1yS)u^3uyl34HT`}JNWRkW{)h|{ zTu_vR!OJi21yEC1lM5@%!oRTOQ-~wYs%|e**^Uc09=-qQwek?|Kr&ATJQ>_mll!62wq9m2^PWzfZ zq_tJxV4)2^CMIU^*RL{M_5sPL@-~oFizccR9}h(u6Zbh4#NTU-MvOU37BvQ@{^V#ssctb zp^{3FoE7U}5otDN+4adDwHaHRZx1pM$AAd8Z=BWDRROO<^3=4nlOd+U=X^+2RTbFK zAeArV@jM#o{wU}P-}u6po16Rk?|(V+yT-=G>xWDfR>9DO#^e7;l|DGiWBqe~PhX}5 z>Qo!HasQ|L%KqQ(i&KrPEHj~%WR8zSLV@BH&qHM8T>;~>eL)^TWIn%2BCX`NbLB3< z(I*|k|AQ#6AH{U3^pSz_HK)+ue)GEmQ)RLRG%Jq?w;By}tNc4t_|O*tF#~ymmC_@V zVW!tzFp5XSx9T5o$;>|J>Sn3EhEMSdPD#OivX~A-!NwsZ>|??${r2rl0qIC!JpF%p z&_6daI>+W;e%`5mI*1TI_?uL-JRzd8q8TV16aP_}ggkt38{*HU-0mgyw?__#Z4^A4 zf<*6LC5i(F$12+)p-`72R7Q;KzWmCUk*vn(N1l@A-6izl4uB+&sFGywq%!H~BJ0m# zl!u2To2IWRXeL)Iy2bG7$1QDbZ3O~u->+Ko|})tIYC;ypy`s z0yc^hxF z!HbH&>M-9e3r8%{bl|Yj8%5tDul3r|%lxc`$w^(_urf2FadC0AIut!*a1K93T+)fbmnum5l&iA~X0$O5%k6To(FI(o~>w!Gw7-xWv9!R0i`Z3s>o zby@}%fR0ByF2>u?v*8Uimu=M>7*(><-hE$O@x=w)`XGe#!&D|LtfGUM%^m|bmW*Qcp;b?{mp-Wu9Cv_BR zB^tTEQ^G?M_|mc&Md@r~&noiHVy@izB0tupK3B~sX>l8Uit7ED2y(YX$MptUM+`ng z48ouU>=YvXQW)F>BUpI}#d28v?M0heeHxO_nG@{I)N*8yIzW~7^l%h(|NUio`ND;> zhfJkTbx~#I2nxMXr!Qe~adE5n32lLR&=|@)T*=pUuOc5%uuCK!e6t0Ap;(ASX68yi z2l@YX1UNnUmyK+M6=Oy%1%waaxzs5P5>aL)lIU{Cp(T-OHafB@(0bD~D#IJot2uk3 zaecJK^dv;hdmRALn5?>A`=q@)P(>ZLdRMfQY9V%M zZ{-*bKff+O17sK-Hvnd?7#x36186+fNt0zdpRuQ3?JEp({P;iCKNuDDZ$}z+ADoY^+Va^wz^W^DBwRbCf-^Ch_Gl9*y zZZB9o47iLP;eICmoz8U6mO_$(+W|K^_ylC?Wi>D|w$<|P=>(zJo4AR(|J^JlrZgS8_w7W;#TSq?|H37^m~t# z+7p%^uhW)2Z5PK{H^yDx5O4gBb9TD1vX~{P4S4c=+v5jdgeXRc=nCcTK>W|!7lwU1s@8@SW_NcYlNwtjL_sT$SRIo&0d9W-Ev`iId z6}48T9poK@DBM)Uz4qmV6?$@0+r`5i2vUi1jpF{t~7C4Da|840Z%9Vj3NA^iym8G_cc#F z48(s6nG9jr^fv4M@-@ct%c?|nn>gBRUx5@d1mS@p*gMdqI(?b;nI1pZZocQ()U;NKZa}yZChaG%_&OiBji0^t#aw4j#*4$Vwf0_aqf`9Vtn|<8_6ukIyq1!OCSo zry@0)V+2ldUz!D$P40M9@L>+B@2ZJfuMcY?*V&qv(8YFBX9|q@C0HDu^=le6OQ0sYX%b}XxRg2UV zv)>iMRiov?BkW9+|t(fPf{L;|CCCw!1|Hv*j<7URmS5Jg#(7cD%{Zu}6 zTi@Q^LU^dM4x;sTPI?3z9|9?flqp|l-R=VLkIBYJgi4|+>`N`MXt$IhxBZ%RHa2ux zc$pwvpA&$fqaeHcEv~TDg`Z%wR+e1p_ut8W$G9M5J&xhP2<|0Q-X`_p|NCboPvX<$dZ z0}=Gt0=gzFNgmWH?1{97ttLc~=UQue!+KOJynPpYeB zr(NAcT+gZa(Q}{LBC2%FwFU#j=XXh40~lVDW!`jOU6n*$SuESxB(wYx{=Jmd~2l^)KUCUg46IOY-k|SK>C>mEljFgWZ37 zU){U8Gg#dro4MuLAFa>|{K`hWV%%dykH)m36 zs8oU1?59&j20n$;c0J)Z*1J_qp)9L5hZT=bQ{nG^f62_u?4Q~dfllnaKf@O2v)-RD z2@3FQw4cSh*oSVXp}fyXOY2F}c}{+{Y7DwZdT4TgXHQEqu@$e zAXYk6*;CEnLTq2*ppa+%i;zdwx2^5Xd_Q!d61i|5<}XpJyFKWg5(eo6He5p^(lO!9 zy;y@=!PgKoQDt)e*m*Uw_qM;2)kLnPmCy%T9aZx zwOf6AAC0;ZO2!9_*P6wN;O@TK(#M#2@Uc)hOKL%^KxByh?Ke2*tF`_vDo7=*pYi%; zK*7JQv61sx&a1cASoXCS25WM=e$$WpK*G9pGq~Q!Kn0KW4YWSk+g7ihKG-KN^Q3ce z{P^xAB53bdA-}=+&}4}C<%E=+di7^*0Gv)TpPp&Nu8X2~DlsuyL9)68E+QwagJ!ym z>iN{I91<^pJGaJihE0^*cr@J)P2+!x*%hDf)*`;Jd*-rz7Kzqv&!39B}(BK{|`WpZBxu*SW9WmiMn_`2k z#P1a>L-Lwc{MwaT-J9XkhEM!R6b{wuWr~)8qLB<=?wjnWd;@j|smRc4tRz4CgSA1NTSp$l(WXmbccnU$h9crB~t$ug_9g(nfTzxy^PENX=Rjb1)Ujd7*gw`J77J+EWbFT>9q=y518MzUV%5(rJ;>agsK?*H*sx5)JQ! z+Db|@a{K0Z=}%!r#|x}~s0ttpq#9l9xZ?8Nz-et4AT$)ey#La`<=snx*g?swXoC&| zK^^boz{Fv#+?EPlQ+JsRy5zz){Phj!N6eC_H#qX*l{zb84HMQ{|Kvj&#_7=UivLU# zn3s35?pL3E;KE%b!C@4Fi^ksol0Z9xBF~qvdw--%m>8%SMB=r8|&kt|2 z5Z@_Hz|k6?%?yD1X{&S7l_oE#YP3*XdSfi&ICm$a*0-Yz6ou}akQa{D&_a7!;O_)s zWPb?|fN5oGvfZ8H+N0(~aN#p4Fg``VJa3B^2Km0uPy+B*s<>^$ZiaE&E<(JenF#(i zoVZ9T*3i*!-EzWmqe{vQ(}#)pMcr#j&dRQ3KtG*2-<&&c*ocG zQ|(QchjI|fX%Y|6%-eK11>uH*!C zbc#`~Ib^w%twkf^4BFh|1?fHz{bG>V(;#eYY~?1ZYbr}Fi4;QVth+iJ7Cj`f5@RC)VPCx^S45UB- z=9bHiF=$u*w96ocy4&hjP@}SIf!I2}#u9;B1LO5qJL|Sn%Yo@b#$ftG

      x^Jq{CDHF1$dRCi&Eaf{#>(yKs*0R)|`2#N3U^15md zy*!J}BrV?PI@r9Mho-zS>vgm?EK_Y!o(w6&S~ zS_uJaNvhQnxqHMhf`Rl1MAGA-{Yor?yqNk6Cvb(8m$TGP6?;NL{@ABiZRI z#*ee8uP*jTyFP$zdPaxC^IL>ib9guRd6dLVyU#H8NeeG_oc=U>bVsBAcX<-7D~k88 zv({=)2YzXHBd~_Z@cBq8)+sN&T1URPF%6Pw`n-F(-7DKY_$#0f<+9-}EJ3VmSY`5? z$NpPUc+0_E6rC!(%#HaoAgDiCeR=IuDSeC-#Z&+X;O9^IFM+e;`BXGCM_`c}L(A9y z;u-yy%{{-`gln~?qj2;^puOaVIj=?ZM$ZFr$j%ud^D-cQIrtZ-T4f*VnC*G^kd%9q zDILtLSeNHPiFM3XzUKq!MNI;M0TFcYkucDn-x0uzJ2b-RgVsjuKu$$>Fv8>T|aBT%edPS5b!- zD8xd7e+IC68&OmZ94!Z)Z2LVt+HH%q`l$vdEi2PAF5=9*B}Lz%;_4@Z%ZekKMJ1hd zCN~tUM1f`1u2`LY);ZmK%k4=wfl)n4Bj zU80S#R5rj=Uv8JI5{`BifPP3SmH~%=92%7R!JFAK22ucOu{QPgS5J)f2{q@{7M`dY0dj7Pp|72k2c)QPqXh=U_=h3Z;Z%uPRc|uOMOs*)wX+m8seI>=#}MTa*K~! zzuESAW4O-EOuQSw;D^EeskS=YUX+N=rKGkr@tQn^#TxXeupjc#lWeRK>gK)`X!1xx zY)C*fh&yb2=)HMVJ=(CpO4sRFrL2`sRbtz5th#6J!^9n|cO`awS(v0^aJhc}WgThy zgpCHUB~Ii>5no(#=og;Jr(BiK)ywoE7vA1Wx_e3MX+909AlaTGV%+PebDjUpD}b|# zyReUq+%vBuQzVYw@3ou696|$YWHQ_$hv0(PUrC5PtPXe5#44VMS@XG9e=?xi1FP+2 zd-e!CnGU%$K`*c8&S zM9XUOo|sIRy&nTi^{kIOr{65yr$HYFq+EqMEsddw!MVOYnY>Cj;Ae;-YP@K3kx9{K6{sQII~Z%WWe}KY{J%SK`~Ijx*AZ z?g%shGB%%;YNdANL)&tUkU zdwi*XGBP!1l^aHm&Aa{G(HkYjtm*SrHTS>bV=*{t7n)+^1ik`|C6^w%$iLsB>`BTe2w*!wvko2$|qV)bk1dXNh);#%% z-SEDV=jS~_-Jlbz?|XTP-Zceh@}C4QQvw-3FelAQg+)NktN4T%!sj6|POjvA4k7BJ{svo@xq}ojK;7tAIx#70DIeaVbt|vx>~*W|qS3LyCIl7P8)37VU2pyR;qv zd}~U(V5GmYc@YokGUH8(G27mUG)Fa)Z1NLM_jf1_zgN#Ub>PB-`kZVwu}NSXiMFnz zorbi8y?nI1+Y`k=XMcxn{h0OFYft?9(j?-v9><~z4{qHgvB@ui3itHaO$+D|%P&k` z6%u#<;PCnjt2?)e-pH3AdH-1yFQS#cGqZ~QJcMG|r3ESPy1iS4;tkO`B%cyD9CyLz z@6g8Zto1uxsK`W<6$almc280AHKcy4X2{W`rixhZ<=+J^w&3~g!Nc!au6Stvjb3bx znH6z1lPcfi4tFL#cmx-2kSwnL4*fMmZlOdItQTfyn7OH;zl-v~mB&(|?3uKs5Y|P1 zF<`l-D7`O#xH~I0#yKJsgS3uf3X!F_KbN#wdJyd@#!+CRk)Sk_l{Vl!j*;Hqs$i1p6wF z`(o_bqKm|YEH_Lr944{2 zUV1)T`_C=cFT8tvZ~rOI-a6LNr@({z%JRnhPon>Hl9Q=~G4pXlLz zL8>SEcp(@E-nE&614DfgJLOoue%N_;-wDBMg!$A>iU1xm9(UN|GV09N`rrz(6RU?0 z<5hEm37=06Zq7m{5q@{eel@)V`EUN1x{Li!&y>!2+a*-^A7NEe{zh^LVKdw~>4kmH zZv+>K9#eSAC~H3wxxa>V?8qi*b*;hLI*GC*#i~f^&MJGZ!NJ;Q^P=U(0EhBDu9Ts@ z>42{n)?CcP*UIEx0b+-8Hzo-Oc*wH8q}(6i$555*!4V){lZnqO!tsF?a4FLN0U6hI+hm z4oG{{vDe*LLFgmwP?||=!rm-Pe{zYNsSo0>_NZcu)nw|jJz%3I>`b3F;eoX7V%L~k zZT7A?s&=B0j;55c|?xuc41e1={z2EniF@VRJE8-c8jrEeIdVuj_p? zdND_9ore<~9C!VFRC2#1d(Y?%JD=U{xm0|nHDb_)J1C{Rs5hSqKGRTwMG!oL9&a`lFWH`ZIsfZ{b>Mw2NZa|CKEg z0PTgcSJSnc=QTVwNQWL+re97^;-)83Y7dJ%*CT{Lse$-@?os^5+3fS=Hpo$MOL)L5 z^sgED{na4N+jisA`J`zpCeH1*v2Xp0TnSKWKsZUznc2(1^p+HY(cye4%&-QN{qYQ5 z`r}iXo)V|07ZB$%*4KNHi~D)1_VI|_W-9dT#pmvoRWGcAo-x4)gypbhmzTFDuK5&M zxys*Ca#UPwsb2aspq$fobqokO$#Hb{YX+FaPd$;aPD9mePXJbVjE3O3-c#71ow4=z zaVrXupnqWRQFm@$xOIH0}9OQ!4V$?Xm9SgLe0_@V0MLBGSbMvvbuyRxjLQxry z1Ya7bf~d?2eFTL((a=DO!>g{xK8pk%(#Z^A5s|3g%o-IHLcpan?RBXys_u_N%&;F_ zL2K&+kLy~})^41_f>6Wp0>cQF$sKQtYfWtyF!(mJ-&vsRrP0Gk#8gptUD!waV-7zn zt%U~-5!dddGid&>{ZDtE1m{*C>8T>+-}`(Q0k~ihkS90E_Z|vvdVOF;FejO+z&_un z{0-CBXOpdS4bMVlI=x@3_2hn}iF1X*X>cuFIIk#^)e% z3Ey29!r1FvA)6pjN?MB%GHwV?;spm?SO_Rvp}5^)nddqFta3JmChT|IE5I!^n;?4e zv-jWt$^^HgESqZz zZcvk4@44ufZIAS|PEPh{K%_TQA64@J;;fo$LY0sL)J|G{IBMlGoS2?`POd#8bz+&OFI%JjjYo+h;nHfbvF?zdhVj|!Sxr_S(!8%y9{d>@8 zs?E2#Mqty&h4&WfIo^_t1&?bpZ^e2dO%{iowE&O;$%O5{O|Z`!IGr%TEV|9a>u>KN zxBxUB@iV8ozElW`PrDCA%Cf?{hO@PClKEb`S1;DO_ZvFc1pa_WN`O)C7dYVR?Td}B z_fmWws`{`uNdfJ&JPAsN>UyrOnFo+py~4=JweK`+baQ>z4eaWfYim+Fy>E@YUMx(P zMw*}5Y?c}j06XpOkQamp|G&(#M@r6uay^qd9M)w^mmt1BcI0|KTw;Gi-zNxS1L5;F zAa3a9+0Mc=NK7iS=g3p|H9dcRd*DL#ehLWCEbv%znvbF)3Us`Q(I57J&VnD8o|!8R z+7w%fzPiTy(`^9k!Ov{9rWR%|G@2n-ZwyNuZ%38@Ah2v%n>@W`p4#DQwf>A$qkR3_ zS%JJ%3sursT(_@=QkNiCF#p)_3a1mvJ(hfU#QlvH`ry2`$K_pj)U>a} z#ciotF&g3^4u-J`Hge*d9ic0}yanuD+9osm*2pmtErp zBW|I^&{Z*Of@Ay|&ma1re>tH;gt;y|!|KyE`0Oba(uI0h0Gz=;SK5J)2=DO`>O{uQ zc3tZK`Q<-qaI4HS~eLi!=M>T zaeH4q{yKHoCn-4h}ILo+N-1^VMj-70zuyhE?~D`#qV3P ziR65u(+Js&Y3_Eex;tHoN)_xkhCVGTrx*-hZ8;c;L5mxs) zC%HyM4r1y{;X@?hnDpl5FL<*-Y{jB;!{?Fv>&Fvkb;(L7wJIQ-@}AoDMyL&b1IK3l zLMjlSlS}j6OL5#QB0NffZ3^ROmFKoBBitn@JEq4-_$$@SnWuUY3?2hpQGm&V!?a(J z^rupp;lWl6fhO|sw6h?#A7W@p%5H7zxJXAtXZ6Fo&e#3{^;;QfVLw8eh0$t_40i~R zjrqUe+~wi2%vMCw1fjw?a8i0Z`nyg zgb9-4IUM31=*wKVz_P_&8qVvZlkhcW!wugoOr(vskrJlHabv)*2uE_Bk?9aZlJNlx zoAGs-WxDz0dec+d0&JP_-P5idn-`6{aaiNL)!mvQe%Z)dGB*M+3zdXB)6JD3D z+Z%ne1TLfVwvPya5ddnsKjQw%98?O|p7ezMd*F!$1v!KNTt+_Z{@pWF$A(kd?fu>g zl#p@o>>KnA5}Vc1CtOZiTY;J>W3ydBpZDp%7O(CQN}UQ{Uqgh?m@|ZM=IDpITj_p} zUHAAtJZKHgeg^`ICaXleN1pmfm=#ucVs(}pzXVBKnRnMXBcz9gZ;c-v0-0&oC*1bV zucBI|s02txfK8fpqVk8}%0uN^6;g2U;T9H6bU2g zhY-Vw*v}sSv#($uc&f$0ZeP&;DF6P|QQ94UyVOp7Ge}OMR7+|CBS( zN)kOI?X;u8ZpNIp5@sQmBW$gjnu6K9%E(zT=BHSMVYNYV6>>(nTLdVFWojr*d{WVqJtG3`pyj;lm6vMlV)YCSN$0~c>Ls#P-O{n3csIEvGEB&^H z{pd#7s7MUHL;Y|iyUfI$sP~&jMUls!XxRS@RufngK}Z;WwXF_0N2^U^TP-MQeH=Aw z(R4J*665e!)(OwgS&=k#@`=!Yd_X(Y4RRkh?Wgut!)LSXC`qI$a+{PH0;}d39>@nTAu8#yL^HsVlX>a=owz{@mz?bSjyzJws*M4a6UNZ`Hkxx>+!!8~YLxLh27=*i&!L{Q{;)z2Wljyumhg zhKTGYJ>_Day(`>XIz2U=W1^#!BqgEIF);o#XnfSbZd2qH6;V!>>bK*d7AVobD^;6F zY+{*(oTO2aefqaggP!F2X^>`@B1!#mdk&COMgJLf*L{Gc(>>1m2|y=$f%$1N#)f8| z#WTtxAi_Jpd4mdAdF-6+lle0o$!m@N|H!|G+P96fR2M%-k7o-0k(UQr0H5cZ^`mF+ zWY@=^iUjW0EeXvpfFCoJ-4M_!qt-F-6fTKPTiJV|g;s~<5!c_H@V3f=rKt!3c!GB& zVJ57MMqqT`(&!kKM92MfLnwSSR4PxPiwxA=ir8#s%!y_kTinRBm3jk0E(LewqDl=y zUUByha!g{OcR9$loKGMouk=HC#>XVW_c2;XZ8xC{zlnqGULTfdLIY^XxKq>W&x$;e zc5uB-1;wzs0&vXjQc5FK#{996zQW_?5*my>heMzMT3x(_-$0U}`XlM*afeeq(W((& zM%N1OjhSxP*`Rt^4Fu|w1w(`;dM5rsN}P24K3s)u2s9rz;RYD@?8R~lEmog*)P!EN zWl9b2TmF}W&F4xn6-E0#c{iYJjFkl9j!*Q=%Gu&uCWpT%*fL>Ju<{GVFMJuU z2H8^^5zgwE(J#?F0C^KIO>}s9boLSVx124>`7&JqG|B^lf}n)osL}tZn2jlfDGge{ zUKEc$Xf_@TX`}tmHV%w#4531hrb&GNhZFI4cSm0a0X^a3UM8n%bmH?91~_YTgA#aZ zW*G>I1qWZ3tmZQEdv2IXi=Teu5BqoIzo-e8i5WfBL5JNs1e0MCexcd~;o zxk+ULE~}y64WHdRYkndK2L(*zV@REwsu;L6%}rJBc96rY87b{38{F4$n~iFF8tfY^ z5wAyBg;k79CCO4UdF$p5n71woEdHTC;c#T%^lMcNF>h9XbR7(@7>3x|N8g?@qZaB( z)txte@+j&-=B9whv6D$G`Y1<0O|(*NZ9%$H0w{3ro3s zux^K-(Mq%^5g(G1k^Jdf`~*BNtel)d-@n80xg3WAE|?F7hFNDBK)=91({hO^Fqp_+ zi%}R-Fm1iTi39-i{d9uSRV&pwEHnG}SAeR5ERFFWGl@z&pv`lSM+@7?_XEwmvTl3s znIqnBT<%-ZIf9KHa5Fn8YIo|96=^7}j@h3uf4i>?(y}l3tYm-taHE9=mW=p@u91J* zYXDg~=H2v`)f*d4`-%Q5eoVVBS>lS)LX(3YXFDc!| z*>qJ`ur484;<$V{9Rc`a74v7vcP2yGev%+cNtc*+pV2IjE|jN4#}7+pL^YFapK0No zuyL4Jc6yBfu;|J~Q&0V>F0S^6(%2n4N$47?D9TI_h1({xv1B6b>;v*5$Hj+=VLX0c~8yHvyQ%u%pmxCEcVa20`kA66CK7>z*l>AWi&Kpry`$ zBk72;ea%d$zArEQvLRch6q>@4$@c5Eels$lRCw4lEYVm&K;twV$2`oKRE9Ea#T|UG zW_hDx`c(ZWhIs@VD-4PO>yAP4(vYD#kRPR`J%j2yTA9%2CFa)BKmD>2VB-`4?t?5s zr4|<(p)c7oanwZyZF~{5!0CqpKsSs}3OZO9dJsBZE@%?V^+F^7lo3#V166)t#Vyf9 zy%UVF&7ZF{o_N37RrsNrq%S#XN<8@D74pSYkAQ5ytjVEl9F29%%g1nGP)Pq&W?n$Pjs!aH1! zbx@KU2#rfBICEuINlEhgCkZw=jreY{=S8A66!yR7oMH(>f#6x9Rjgf`xNN$VD^}4m zf3G5dT;Z3M`LO0)WcwJvq`PJv^~{yRD!CwsH$YqsZ14_Rm?cb2m@Y;`2G6!FmHt(UeIFFr1`+TgfQ z3W>WYAop_rtmf?{@fjWyIcCKo!zfqM=knh9f{twaK(IeUBAANZ=ncozQ&5ye7`6(7 zY;;ttJ1~Z`Eo@8zR%pZO{FzET9gGjnQJx($Nn@^KR_@^r_(te zO9(3wtH~32_zu(~9dV@oiC_Kbr^=EGp^yh6KeM3ZEIe;$)Ix}`&syYCF0{zr3~!JJ z={MRREe*bJ0Y&1rFRg&WzA&fQnPPvxF&N6#fL{#7=xU5dz~fck(V(TlSmXmL*BeM5 zM@nNZoq^%vVW6)m^8z(06O5aMxHEFM!}Q}%u;AxwCc^6=bjRzgszMm{J|6pcCPuuS_M5(q)t{#|6Dmh!u$AaLXp5&?A{h_pmkLUu z7&qFF3n}mf&N}(@J) zK@rT@3X+WcCr-dvwKAXaD;4kv;!#dwIM!0v8&Haz57&E#?syU)DIq ziQ&bxg3*5Y*oJO(ppl=c96KsLe?5m2vRTHO9_5w8J*@^m^{+?;3}rTK%;mTnG0(S7q#Lx z+VkqTmgfW7;j&MVaT^nj)K{R@d455 zS_;O+mH$_@>Z$;-<$@LW)t<%ekm|EoWWrzXgByM#o|*Mn(}J zLJ*}w+(?>stI0I5f{ieJm2E7SpoHWmXxrLoDf2_q&})BkTwoRFQ8oEBWvsU1i@Igk z$S?jC=-Uu0E3>Cjk>o6dXL3YV+gWqBWP~3G0==g)-fS3uz1%XwZ{TKTMu5?UE%Ur?hHI* zYg1Y=@eE&BASoRODEP+O{y*dNX zbPhS5=-u0divD)8N%j)NDy3PJmVCEyzE^L_K+Y_*Bh@p(W{c30X?wYMLrYA6UEX`j z!RELtFw;Y%PykPpg%^jRc`NKev-SyXFzwSpy9@lOlsBSlrWiRo{q5fcj4G>PBC3jnGB3{Sx_SLmb zZ`RX8xwJEESc!q{?5ZDEM0}Xvk!k+c>1T4VJHRM$}|Wx6@%gyXZ5A|kL39GKWOw|1EGuiqz*_T0~F z;$4`!>%aKQch=>SBc?Y(_Q;J~U@fsUk$v)K2$y}dO^jeXcj9Rr|F|L)WcIDj24k~% z5S+s`JlGj-d5}*CN6a@$%5>cQeziHWN{zkyn}sxbqgT#~W8O)B72LAXK?mHLO^{ii zaV}lB0fZ_QNCwvZNoWoboJzlVGb3j;vRsz3Jit!Wzwt~u(*(vt*Awl0{P`%cX7Sha zF85E`~w-1!Z8zh(gv}a z^*ZXEaX|0~r(FK%Rqooyantw`?K?NQh8Qg~s1F_S$gCCv*w7`NpY9@p6J@rj zmmZF2&E5o4;x4#rVr+QDbd1_c-j3+D0$A8^HOvweVCs{t$}+j|$Ni~wVf*X@)t@KY z`%fvDQl3neU^uA|)LIg{iAanV#bv%>Np*l(aj4o~HGIl!jvM2$g?&NiR`~aS4M?t) z{;_WV=YCkf&uv7uLf3Rz8Jp)XVEcfz$#zD3TGcd@`fDPQQAr60X{1T`4UDB(_%WCo z)xp;^ZhA2eK9g)y7D!NU#kq8habh60GFJeZS7TATFAYKpTWN5^x-y^a1mvvAB zDLMh`rWFI$L6ezXt}=b||0B={|wFBJ-FnhSs3MOw-ZFeha60*osH z&Y`$(2>H-d6A3{#G~G_$`0>ih%fc+#DO?6jZ0P0UKg5WaQ9?!~T0bE)D&un5@OD=S zV`Tojg%3Qk*XRG)sQ+4)p*q*)$3~HV8GKqn22InVnx<00tQ4gcC4TlITQ-BzkfUWA zY8lI8zjqf(t1{A)ZSFZ_lgV~rz+tUqiWN3Do=p$ib(b<2vvks>z>D%frBob6{m5op{P-^44a+7r8l7o=?05 z5hT##g4FgkXmit$1PXq|*8awEgvzSvfg9g*&sXiNm#t9mw`ma(Zz<{vq$MmC|$`QuNoO@R3;*58mT*;FNco`{vj@ zb7Fq!PPLq-C%pKuKJ?Lixo7hPCy+OHeoT88G z?$C1&E#1Ft0fcc+_1(Gl3Y&fZNOO;|dW3F{hlE;e8GTF|gMd<39`SWh$WmfYwaMCN zo|NzQ+n9|f6Q-f%Mo5*01=(3_y1DpY>90y-9ft-C$WYyHSa5A)BS)wAjLrm&spyan zp~>>eB9TGuG+3LT?D7TfcD}sFeyc;%lnPw1Ec!Q(aimb_ILo`Sm)_`Dzr6=q#hoaR1C4%UK4DoS>>#=v=$u?b1O z+t&!Fk)WWv$T@1KCE`A61xJ>u41;>f21C%PnE*!-Ph!vG=<2 zD}?{K^`~c3%E(Kx2GUY2l)wq~?RjRic+JVGRkhjg&pe#PVRbW@oqo$)%hc|^YF45C zrcWOX(*x^a@8jvxHO<9wrWR=F4@0zM1`PGT`jG=faU#(muUT2#(zv*5*DUT zdDX}M1)kw_JR>BE^6KAXfj@Kv=>M7t{P}~sxAp~38e%fH747wg4eT`aO4iPDQ*PPb z(a2ZI?_l1xFX#~6SFylIB2*`>TUtwejUpJyc<^P=eN5lp01sHUYVK%1R12G2ww>gX z87RS}SDOdXwZ1BUJQ#R~HQAIxN7^1TLeu>dyg4*7Y=>(NZ0=)_gk4I5KbfyDW&U~+ zqf)d7N6?cmf!29$&3{%NfDF=j8{UJBS_hca1|p2u+ZWrQCeJ%&My5qY=)aG&BbFEw z17>4m^I!dN0Cxi18-a%S4PcQLGcX`FXm#^XPbb91#f2UJ`{~gr8P~OzyF&@WYvV!5aRYX*Nbmq8A^1|HL(0=`wvjYb=)X*dUX-J2vKb;q-+ zx-n(>8#o6AS)xio=UPl?Uq8AtwW>W|$2ZuJ3vh$=;4t-elBY;Fhd$fjf-7iuyAsV; z3`SaBlH>bBV3WpL(cFERP{0n=4`A^@-ix$}8#0Xp5e=W^qT08TwQ4x-W`mf9en_2n zE-oy4y>EE7M#))B002CfXw%iX-*H^-mlKk|QbfW_c60){KDCe?{J@dH+x_HUy!5AJ zixc`iUi?S@>vIK`t}vL$=mw=`H-$uO`q(48=qdIGsPRGs$P}f2FFpzunk>%unJM*| z`uDsS=l&E?_F)FxHV)KXA47?iIJk25!x;&Db5%zxo7A?N<<%J>kil0ErP^~!<9(_y zcKN-9oR1(gb5OZ2qC7mZ7~%zoV6yW`*lSzHq-?-lH_GVx-qyLh=NFmw%wF}Lsul^@ z0xcW^U3XsCt2BgrNWV7Dnxi>8G3rBgtW0b#UOGrI9cf}5?L9o#6MUB*OcGbEK{WSpL_KEuY)yqJdl4sBZO>JpH|%WQA>R0b4tv0J2z_RW%iR z)5*R49_#ngs1n;@&z$6{ax&})Uw#Uz1PyHiPxZT9M0tRtst%REle)7@da)tPxZvJ= zuA}9#F)qV3vAGn7MBxhpYe;ub^xxToX1{Y*4Trz<4`9s#uAsM4HuhdF+^6*t#nZO( zO^aFlK7D+o`FY-^slT>S))k@|nSMnkm-f`BxqeeU6SB7{w_LVUSTt}A<_F2p;qt9( z^X%39lENH1#d1B<^RtlNucsfHRmfJR!6rQv5J9F#(Cg|iK`w>+e8A(Q*8@87Vm{EROzyV*}MG4|KZt z{Orm@5q^y7>>dNsTGrytg3T{%RqF&o?hFO%v)(T9sY;-wn zwiU>?^IuatM-h5!wf6;x7Hm93HQGB1Q2CDmX?;Uxl&P=eI^b*1_qhu$1R}9 zAR-KYNtd#J4zq2tm$FA?U&%I4T3?eh|A$C976b&@+w<$K=hqc0>eFT#Mzo#u(YG5b zTiv+3J&RWKL^j@}E1W38Ggbn z&z3)*w2NI4c|Pr(H8U`p4rK#{eos)oo}hA>uw_$K`fLmD16ouN)KK2(5J_LXK6Cri zm8#hh8O_tPWxKvpiUZ$UPF2~5l|wI_)8=AOCOpFXug09N)(}@X46lsXjSRl+u}?)C zTE8{k{3DY{J2S&SYZ9k_!vcDbboIP)LoQ`*-QZdF3{Yvb(DRg)Mlft@7N%1`|{PLh% zIq2)?^`PRGJ+=G%u=aFC0_)UzeD!d(YVn&SVeu}&TlI1e1kWL>_iQTrTJi0!Y~)#g zP41Ef-br4jay&{u_U)uy-nd{QE}r9|Ydu`Wv7IDp;PYav*T?y}-Mgm~0nHw@0lxIN z9>tKWEZABq1MbKvXItX2x8k?6heE*rm7bIY&{D6KQ=VaJ&IT(Des?e?v*_3*Cuz>@ z`f^y>zE&{6ztMXnWcWIR>Yg`i6?WERJ+my94>IkpdVGR**-uZ$-)>QE-d67_;t%RI z9SoPgZl3BVG$w6X8T>ZXJIx?*lif5>pPeXbs-&v9LQzOddBd2uB~r8AgUq+#hNt_o z9;Q^SpdtHuu)BQ;gI#QBX8;@+k{5)-hs4S%E-b2-t}h$uB=?Q-8A>i0H7t9TxSY(s zR$;6x&QIb#owR4qSZ^zdUkG>r+xyW>?DHnZ+^%857ftx8`HxCd3ib<61AS@Th*GOu zav8UkJ1!r4JS7#r2qDlmQ|sxvJM1<+Z!TjZ==%4c^;A0eVkxbi4y(40l|yh`J&g)d zT>0F391W^gj}0$B;JA*AlH5mxdE7@PI4>(t36j165rL12uiCNeb~9toz6ht^=V^g> znoG@RKvd%9bW~*766S8Gw3n$NdErd8es@@&tL1ZvIV_X$R9^Rnt)#fv!TrUhwa-A< z`B0M0tZ1>G)~3avn^O(g;)gXKlX4!e#*5c%2k%H-%Y4JPPT>}B)A%EqSFfI43`RO& z;#Z|o+l6a=or>-W9h^`6o*NubYA_kBPS>-i=#|6RmGZs5a{qh2`lo8x5ws`qgz#du z8N`PSkuK;Y2{!(qL}_#uaWLi_cmp|G#_AOhCH|dYlh=hA`@9k^I0*#wf4GA7Af@&Z zO4+MR`;CX}f|dmR;@uQXmI6;BDQ&pi)1(j(k%VU2Sp;jY*Lr^aSYB0~ER6T@Kck?KgWbx5YE znQx=J5tYlzN=m4mz_fAjg=XDKcu(PyGjtL)(Hvg?qOGD;3fA;)((OP{*^N>0h|lCV zE<>}+MA5wcb!pm?n_>{TL|E2f7Owj$rz#O;GX@a<&->GTrRdbeOsXEj^=ZuW`B3 z>fGUdleP$rJ}3_Fsim~ePxo<`jr8n4OkPptn=ZlG!WG&pGmbDwNAdVAwec6vE<0Br zy7uIe;qll@>V!Djd+5^ZNi7XrpN>qTi>T?Hjod|Ugcv%p+Qy*hjbgp3=j9{Swu2?l zKECtfqSrv4(>7`xiO|V zzGH&;-P5!5q1|R<3BCu}^kQ#-aOD1mGLOjlYT*ccd-J`n41bsL8AbUa0!Invm)e;e z$(CFEJNaT@1NGD=lm|zMl@ig!&@xVmyL*#x9kU^eu}5xvg-eoOy_q3r|4`a4q{X2j zBSsDgW$3inP5)pbssN5oDq^o1cu9W8R~cdbcNOW9-T& zIrs!nYWq{W$+p2O=zVTSn!`WWiCCr3U;Hv7mH3O3`cK1SMh!`_|CjU+zTmc;&6Tf+ z)m4BKGic#51Iv>Bp;~Hv5+!X9DMWwQD%7Zw*9**~bQ9Kq4WbRRJ-1T5gUpc`$M)&E z{FnXxEsk~OZWuLYuTJ}cbLYKXhB4rqB7Zo-iL5I6I#c7=GqNkUVOJR~-3@f5P*rBU zDfQi<>*@m%Ohh|>U{X>!`4ZqICV%~TCJ;~>lDqkdzCU3*_7_2l0Y;*&0j&0EVIK4E zElCylyGAnn`1h@i1@b4GC!hUw6t~c*>jEZIsAFC15A3z*8v=m%GLHj+k>gp+l*w4r zDCvqHnPne|O>?4+%)YU-*N2$hF!lx`-0k;CeKrwJZP~-_97@{z=~fV!-D?+#t1p?X$Rk*%5rutqj^#7UJG%=S-(^92ud(i4lUJapoPq z8R?JztFM7saumAmYS*2^hTRRWt!~Uaf?_pa-bdCjc3Qu{ZpR+1i-iQ4l)u`G*8W4o zh{SWW0SoqF4eew6^{veg4_;R(LSvh0Gf8U;SKw{hu|rrq(%(dER`W4k^5(IXI=fZT zk%u*`xjsm>QeEx=(6A$7sUi@KU10R@4D3l|DSF+mq}gISrXZ-kX$y5GLI~Q^S*xN!jI3E>Qqs zf4BRkKa0jSDzdiFGZIxrh$_9eD{^(BByS<*k!$~jhuC52b8$>YZhw-3?dGh{Q zNH)GYwSBfL{gQQTL0f%V0Yeqb;JH=%o4VK!C3zG)3%7Dw3Cii(mw*%S3u(Dn{lu?T zGixMG3i9F)0+GSX8^d!{MA2Z!dXDxnrL~vhRRnKDRhDLWt2iXgF(+F0CRE?#;PES$ z!RL}(w*9D+l#3C?Grt6|=-Q)5thB8jW0Kp+WYYN}8to>B?aPsvY+pg2p#{W3(DiXw zKp^GEgrK0|F@G!dmO0}GRA3EVlfzT{J(Ph&))1P@^L9-;%Z$!NlNAZKnRF)>VCuc| z(XbS_@U{6Wr)wdq4mUs9@CPLl=yOj!Qc-j2ZFC7E)Wg3~mF%mj-w~@TH*5`uy3HWz zFWyny@b}P(-O$R|CGuri$X=xsBE}zdK&^eN;ah9e=N>w)jZO`JGSb=eJ%19paiwi< z!UP;7ZQ*EH(Yg<7{~=H2nzUv5M>ITOcgsP_U|xLKgm%Q2VvFZ z+0#HeVN264ZjptIYkYm9A0*@#mCZa8-7vN{L1w$(*yMFAHrhqcF7hxBm$O0j6g=fh zAJG*hastYWS?@e*SSms33oM)c-@2fvA;330CP^qnO`?kx#?mW%unYq*}GiW1gxa5ea8m;nMEM#A_KcoO!BPg4I&swezYpI+X zk!vA;a@TChetNe2RCoA(d|06g|1AWF+@}m9am$GD5(0ii=Q^sQjNaHm82N~W% z4U>C2KRdtLLvb)V2n#O@Pk0Vj?8Z%%c44QlI(1-UK$Lt8H4M%;e&-SZRbGQ09n+KC zTv~Z@FN4x4bvv5QLyZ52Ir+c7WCNKdH~gx`V0AO&E>BwiCp^bY`)LGY5%&vG9%kDi zENnE=Qs^oX-cQq5d`dbk+VM^YY}oPE_BuqUKh}i(PZb`rSt?1UJRf zAfq>Qk7UmMz%Qj1-G`TqUYrhsKhNNXIXh_zzQ)VQf3XZeUa9HjMpL3&Ziky5fkg^< zqKEYrRxqVme>V!0& z7xomaW|rQIo`b{E6uOiNPn8oxNz1RHjt=ae2{ZZ?=F#rA#TJyNf(jPojgGl61WXH& zG6JTpPB2S{pDLIzmVIp{TJ!7b%DS2v>eUs$=*NE1m*;B4|J)KsBjlN&r~OGDDuLa02`!)YO zf!+k&tSwO6rd9caQwLb|a7aOE(rljbWM{i%lMlzoe$=soRG}Lq>UJ)atcoQmJ-Uu4 zu_>}$Ro3-UpfV#ld%!i03)D2D@03^6Px!k3V^&wt7>gAPA_+QQc$*mtoM2#0g&+65 z`pp{0=2vUFTl@A8k7ZBYrGs!I!qFlky9{7YEI6CoigNcKiT(QuBVfPDBZCGR$~W_f z>`V0Omw8v7lPK(Z$tJZn)1^gKDu_g54>3Q-oKH$3t2E} zbrt5{&!;RXI?G+9;JIDG-Z>cJVF>REUX!fQ$j z^)!h0rWtUI)P)18yF34XYX{d;_ZWI(TyR;%PAmc_ZhMY{ONi3G5*X76cj21aDa#DQ z!!~143Ck*CzVaD@X?TFY8?|%+9oCC)7}F z#3+-hGZcXrW5V)cqj1x_blpP7Ek$k*2q`^Bi?j?|z$M8ru%4KbF!B{x;4j7|7JX%d zkGbr*7GL9ul1)5-^qaQM+fF4n8nYEQr&3};sj?KtR{*tcm=3V2Rd5zmWcp3%YLa($ zW()K+zW`!rVd~OvGP}#+xiSk58?BRFhITzKo@_;`vrUizdNj3v*G7FIL&;ItsK%g0 z*x_n$*P301MjD;JY-pzq1is&vIV5J*z)g-_dUQL4D!65bLjw1q(SEWStXMxM#FKo3 zK7y8OfAV8UwaWShE>(yZO466W>Nc$8JFBKv5frhz;k-iET%|Tys0TFFNyPrF?;^TeJYj9mN>UYBO90FifN`m3I&?CCUdE0!9aqHtXvMv$!2R|JNUystk z%L!Fj&}El6#dml;6#V7(-aYByDgH1~!rSj01pi+r#Xo1pFs~)2ct!?@13C6PUzA_! zRQtiGi_H?O!VQp{Yv5xY?nR|sW6g6qT**mi9X9avXg-p+7|f)sV?}*%oY&+Ai?iGy z>HNSpOs~q*z}~ePO}TO5aO}Q<7`dqKOMNo|Isv~;ALa=yRJqa!?I@uk7iOEu_F1@13GS=K$zf5rl`nv=83)IA)g+5UiPK>hheTL`^o4g zb09}GGra5E?651ZWLW^Q-5DHOG4QE@w!7-h(W(iTm(8W(dhRiFrvEXeONt_T8vRy* zyNagggASCaf~3s4jiX~6F2FGE&Au%RK?8RA6w!PrnKv~-B~;ncoyep<3>uU0SXuhD zp!L=Ua^uDe>|pi~;_A3tl>NOQ-pcy|4&S%dG%Mkgng|giKTd4hiHo*s7kGLoNV8@e zix9-8HgV4^a0yd;VFjOP$=2&EsF5A1l*EK}s5PkENbaX4$;6}XY%4Mh%r=tJx8zJ| z@00EDeoTxRVs>cr(t<9^>o5 zt!kExfyf=)V{IoeX2Bz}mj@gyC0f642UM8*afDI#g~c4OX|rVrgaSwz)%?IYMY@Px z&yk79?qndnTTP6+!bM=-Zb3JaS|?cy0kRjQgw5yU9QOE-iqBB!a{qLS9cPns)(cx>vHUAt`e)b;Mo z^Wk40;mJcow3~I|89H4FkH)!#Cc?y-H+ISqv1g#M%Xau_r3%TY=$k$e+V#&@9?yQv zvFOf3+Lol-CU!nddqFSAd+ND>Zo}W#L({XNE_TPEaNSM?Yi+x5r(k=_T=6m$Z*xy} z@3n+j?|g$3mug?)1?ztR+V3EOzVuF| z7Z-Mmv;j!)spqzQ8(XBug z-T7bJHC0oxZ@6c+pOxfnOOZ3vJP z%ujnT69p&w<11hr{lB|hE7D}vhZ-6*+OKqW6*?D2quiSg8gi(0SoelsnK8M|49)`G zfG!~xr;Xs3_7P|TC|EuX$~4tEW4#`3rSb*Xr*Pp~*TQW3BKN4?WQXV3-@6foY!A#W z;#)IQGN2N*;^p?AN@d9OD78elW|*PGd3-i$Cb@D+?HXiG%Y7M1>uTHaA#9=%mPBNR z0)5C?bHP+5pQu;$)O8O)#@wHw!B*`r7n7Dx9rHsyb4W&?CUROL!0)squb*Y}i@Nr? z#4bpa*)~oN6x2eaw)A8uW{{?US~Tdc2`S^ii-xq4zQ6QZ}e%BJKNPi z-V-7uk#ryh>y6{Ojj9&%LrXCMXjkRbr+z5o*F(zilP@c=T#Jt_ox0Jp+oN+0#`5}~ zjP)u{)^K8k8G{Vt0bYk9bKllp&*Z$H6`jcATH4YxV&XHi@LW&c7_0R;+tyRAo+iq%QNkCaiUrZaZg5r1S9kmvo>Q5zFZ z{LJZy2+jK$>Z=m#fWNcWu@lsHlELMn_dN>^-o}*<0#Q{KE68dF?-A>FnJ%8FbB+?- z;+YujqU#CvB7`{e`EfLJF6yr681Obo4m4W9Q|rzm+ZEsm&A@3 z0A8Pc=X@fcCl%KZsqG$OrECjxx_H?VPtVVT0^#Kp#09?^@C*s7`WhVGA8|sV+w?E# z@2Ns?4bO;mkOge0Xk%%_H>~D`BJ>bv5uNi^VqY_~t+iRWHqA~V3&`$ye+pwbnmGDQ z@yw-S7_B`P-R4}`Vt81_k0pVtamyb`-7!#^V>HH;#(CIPV&IBMGJ~J+6$(x6#bajm zRBJBtkQUA-4(DAa$EHbz7atQ}KNT&{$L6TX?ckAuaW8r2pW`!Z?QpZK3&X0&|A(!w zjH_zf`WB=?knRxaMjE6$ly1qbbO=aycS(15Nq3iYw}gZ=o371k=3(BX1d+Z=g!;pTZyarc`VzyAh%Fk7q{RE*ndD~FF<_E=`zM=4x zPD#!df!T*B96AO?Y6nGlBScsZToaN;G~-Pg(9S;5P}(h`G+9pEmm6Q+eDj4eu5yc6 zSCcoqZBW2AOr4&XF|S%!xEah$T}$2*sp2*f78g>rBrkbeZc*>=POiDAYti|})aCU8 zDuMxo@HB&xK)GS)rxp(<(mRbCNk>npkhTS=eIjpF!K)~lmhj7&mT3Ex5@6}xm(A`N$1DbDb4%CN%o4$RxUR5%_J~3 z@=s`9)E)dgGh-^+{0Q^c8NohtWEeSI`&jdAWU1-of~L}WK+EKGv3rfm#(;@ugz(9) z>))8~f4{4?>iz#_d;eg?MfafpfsX&@&s5)_{eRPle+L&Z;lE}6}XW~?+1%>nnWXpch;9TR~6ZD2W@u?2Ry7jVq=>mVJ zA~lnS`lolM>d!M_MJlSdiH$XlLpKw>dwW99f}=BI8r$@u^WDff?1(xZO%O7vgc2HS z+Cuzd)M18f-+b4BIskMo1f!p%>QhJ)A^iYbqCiIbXIWF|^jN*6!BmHrPNyW?jj5)f z^pBQEWL1+bmkq);w=21|VWjAbe=o}4--&;&dG^;@^GS4g+!<<);Gy(een4-fv7L** zJR+=={?P+im%_s}D~ENt`UNATt&W}p1&D-_;i*HqgrK8Umj^1$!RP)GSTk$T$8@$+ zvU^%Spc(4wU}ZbxC(w2PHL)D$DiiloujzPUHN-of!q(`2p2CFbUvG#Bu|%aAHVl_b z{NpTXn-^4PEtTQki;3)QhEG(sREp{B14_a{b z-nT~M-#-N)u$KH&( z)A>w03^UDEYCq2l@}jr>-TV!o zA{KTvXqS8uItatwfOW${%2sTkXqUA^X3F}ZXPfY%&lBZ+7SDyQTBVj~InJ5$!|S69 z0jjxLa{YF>cgA^ch4fUZ&Z*e5Y6jVEA))3?Ocm^%${U!p#273{1MjF_+tRtPl z0(12i-G1;6ms}PfFU9{}twema8iowUO4apWodq>*JF`pjx8o_@xh`+-PTKIIz0h|8EUl2CLB8smA5t@4KUWDp2$&f=qSi)e~22? z__T1CvKmG$)Wiq)mZ~#^f^&@}!@~v#loatMZ(N&kfxqI>Os(zX|LxBeb&l8Z{*x;y zqUny_hZ|Sy1pyEfhs%+nEmk9IVw&CG2haU*E$O50X!K`rqv>j$jp!?}vcwUZ1Z zy@IbU>Do!Xk3EeX9r(Wf2er0?f)B*lg`-lcgF$9XM;w@Fi=)+;QfP!e7(%xqM;8l` zND8S!_!YXG@0Kdbx_;#Dn=U>cl98bCvS_f=S>CY+q3!ugpzvY37ft<3l^)$&QzgK92mxMuFqZhu(aWh~W?SS975?O1c41DvhY?RVSehNq7XmHI4adh*j?@|BePiR^z>16wwc}omPh*bVAg90 zBE_RJY?#b(8K{+e+MU;ExcrVk4&F>SOV2w$KHRlBH@Do)$pQNYyw(~WI`eB|=0Kg@ z{OCL9pqS&u*d5*t?w_v=>`IA$#uD?cO`jM2%_|eZiV0HLUQbec6IX=vnZ3or-|bb_UFr;Rll;i4{Fqw2TY8udd75i6-{ z2>C#pB;)Cn^qqtfE4+z{;V}w061Y3$Ni?M%6Nh&XZB0X{qQZ8BF$aMT?Up1$cp+TG zjT>`}fo-M?486#zrmr^^Wn%-_ZMI*|R;Z#v&`EH1uIPSN%aj)D7STMmkoh9oVeDuY zwvc&Y-+;)o)h}rFX}I9B+Mh+oX7YYMMLM!rF&;hb-kTbG2e+o87c&~)`3h*){we`% zkBMfZ+D;_p#r5*|gH9;LvNW>dcKc=C!i4@eoORD9f0^5p`2v4lufYLyN^MHMJA-QS z1bpgNrS`NGJj}uOjI$2>qWoy>mzL6ZfF6wYSZUel$RC|o_uIY=cJv=w;Re5gBkZ?efipR)mFBAgG`L}h$^XfUEC$M z$~|cCW-sp*?ydL{g!hX&oLt|#33?(bk>hofJ{2Z{OeSy8sgsIfHTEEM`zbYoQ?64@ zBA*JpI@A)?3J0QIXuEbsj0*@XKg;>}jA(=&Q}jycQt%YovtwL7`aUSa`M(pp>b8Gj z2Z9ke6t_YjbL+au%n=ln{0fcw8YBsi2VSo4mzxP?bb2)bGFaK#_12}j;c&3(r~L3S zs(zyTD%6hSQqa~a;q;7Dqw&j7Ger}U#6sov9d@2Ac0p{n#SdpLaxF#DXU_vezs zxXAp?UQv=49oVA5I6iJ1Z{&{3#5l~>n_N*D@x7y2A=fe2mW(EGHcD0K<9bbWuwEQu z-4pr_g`2_6GgIxB(q}0SMT%n9y2R=H4jK&Mm(NZ2Z|Ti$*PvPoX}lWgw4{in6N>V? zukW%xViJ@_nV1xA*vrYC>USu?dCgcL#SKJu)!7b&_JxT{zYkejri)2~J)8(Eq|tcE z&e5di6;GlpUW)B$76c{tUZyZA1W1Hak2D=n!l%o}WdgB=r4Q`0&C`aI+BU z12jtw{KboOxuF{=8b+&e6LE1_E$(JI5;oHLXqoZAXfNAKtNvqVGBh(P%jEX)-rFE_ z4z(Da+xn_IGDL>`PG#-iVUTwI9Plf^g~>0`9<+rKDAa z-}Im3s^BuhPjI^H@7m8+!*_DgI16n$gKFi3|a>`4w zQI+G1t)S-*PPPdHgsib2#hO3hh*YL(XAX20pqhkvI@#*d-lIfb?C02PGm*wIR7>FV zBYsuMO4!3h zS_T2<$n*C(Dzo-cf-3d+R!-#LdefcJ2@t+n`%i`RuN;!>A83S4*QJ$pnaKeMKQ%o% zigTm@6BuAJRVeZ7urxvGM_clu6eHT(cWyyxjqwmF8lnEk5Zz+6pV*i#r4^#9%eQUn zsF;QoDl-lI3>tK-Sm^r0Fp+j)ah6%6-3KrsV2=;($-t4hu@uf*<@dUVvLI*_eLql zArBXkPHXlZXPf)W`%HUBW?o z>xZZxn(sA-<(P3E1hW-y;_K8p*D{_>Wep7Pa2>5KvFQ}qBtgY1S%}h#gT)CFvH6ia1~s@COM4GW6G2Ghx3HhQJNCf6(b@4of=N@w!D$Z%yv*}0!-17};lyW^m73cK)Ue|QpQjEY`$uB7C*x`xgE zv3|v?uBFS#(Xqkj6NY0!70JBT=x!K9$N)b1K2gZ}OEjI=JN2Em`@Fpv%>DA93&(kb zOkXmaqf@HG@w6oyOE8q$PniCszBq;OV7>vjdy~_@ZMb<-o-!pn1@szouM9PTk=k9! zSZYUZXQ#saQ^Ugx<$a0lJ`!1WcE-%7nQaej-F znUW^llttcx3ftRb?3>143>X6p^m7Hx%_e?`IbB8!uTf&gk&dzH6P!2pUw-)v&MIs( zWz}Lh$iiYqs>c`eRKPE*!OLAIIv_7uS2;cVW#DAIhB3l!xTmG?by@IAG9lNb&^XXv z-e`f%ItqVWzllmeX*JdBm(Q&?L(ImQONC~)uJ9yQBXX_XiG~oNq)tr_#v0)S5Up{4>)4A%DLf`lbf)74E$s-I4&?uSrV%YSL;k zMY6lrn}j#y1R8Aon7e}{86v`ml{Zh>dr)#YyC2#y9Kh0B6 zV0+{y2Z^8{;2D-1y~2aX;{*JA#4PcQ<%a!ntw*^t6g!M9Nn-?Rv%R>ba~=ugk`KQW z(n6eADn9S+$)XWGas@@E1OU{=$7D`Jv!%804puKbhWt)urPFV2&%8`NsU-%NC=(+~yexu|Srr zct%Dn``Hp&$w>?1<)QZn#}NY}M2rUXIP^n!@g(`}VTkocGn9cl(k=V^iKZ$BJUG-} zl)u7KOBXANK>p?(8RxBV9Hq-tCnK&(`-u1rT&!FplY>?hhlmfxJ~bewY9_8 ztr*-->AG~ITo+Yn_-$+h7g4N+0lQS`O!vje{&L)U`QUK|%Rt{_9=29(wZWM=@b*xDWt5O%7 zWg>IeyyFNv=-kB)?dr%PG-ZEInXOs=5bxG?OyyyZOP*w6V#T}nCOomoe1;DOUgxRC z4)^g#?TZcp9#G1c(Jv1J<2qF+xwIJMj~Tx{%&id4y`C%LmxId*c>>rKO>xv;s- znDW{6HSg{o9l?>1QY?|BaN`6V=n1{!&V`XeODu z!#lE~23`<{WSh23dH&u*!Ti9K0|3M$DRg4mq0W_RNGbDC=m%mbKBmzP8*8-B?nI1`;>w5gD*Bbuk*I0_Zjs{ z^IeV$zFC_4nG78ZIQJi|9qe&&3S8A6{ya~-RDM3s!*kk^TAJYq1HR)@k11)bEvb*gnhJT^V&|ihMo*y-B{-sLy-*@_-@r~KI+Cj zvE%PCOXHxeO$ps%<}15nb;@Z}lcJO@bE!+PsTZngkx7%=F~Z53mPk6hVvicjI1BywzR#L!apomEkQZ(osOzo*#XO0&3b zxk0lG)miam^6fqO>d>3gkL)fWsBY;Wm8BIvpx<2u8 zpbqA~@>_gd(f6}1iU64{N>bv4iOP1we7nJKVDA5xBM3&qFdp+d)jGtV9xgC&P~d?U zu4fzF&jHne0MHmVql+$o2nfCX^J|GO=nT*EqJ^-!BMS=)**G|`g~<6GdFnG8|qZ%Wf=ocW6NM zYl)a96!#U+b3(vv@ZwO)}5L$`{j+!t61^3%pQ@BYJG9a1pD7&Mk7;31+;qXLXKFJ;gZ& zg;rVoBk~OE5*{~WyqF;sVx8e6g04jB4C*f#QHqNJGRenwJyI$omD^a##bTGC^dghP z6N_lJg1JFC<{>@>weRq)GzNCpiQhTsZ9Pbo`1&C=HUA1qPMhO*fL&_+Dsw-KJ?vHX)>FM%di}# zM7=ld!UTJhH)|v=CEZ5yvZ4F_1@at}XQp!yQH9UzW^94ZG=ZO633ey~j33H<1whbg zYcNii!k}tzArVa^Y07!Z<+6EgyM$jv>4ehDH)Gj~9J^&o+LaJj0d!J6-#ZT4B3WLg zB7R}9A@l=i{C#B=iBhHhfCSVL;IzLa*0%tpb5?|q|3G_5EnW!4(WO#r2Dcp=(QMi4 z<&C!f5lk0;2`>%ognEV?f4?R5Ejg*d+){}94QQL$yhLBRcEEPEnwU9_FV|uRWfKB+ zn$;WCZc?Bkj6KT>3cFThj0Y}gs)6VCjj`)q>(N<_P=@QAGqaP+P$I{wD3h|MU#;N& z>VjaCwW3F*k{()0`T>XG^7t(!FfE}n0JXE#v4iBSlkd?pXg!NqbnDT*f}@7r^9%IJ zCAhei1SY-47jHPW+iGiHOdbNtVizATKtA}85(%YQ2G>#s7G5W*P@+9L1 zD8FAWM|hbe(Q+kBo$$Tf;PG@}fflmQSEO10TyXK1E-(u|TspfkWtL!ZK(xMmPO2X$N z!E!+|>uz1sAZ%i)p4?j4>727tFS^V01@Xq=lV@O0AZqB1y08Jt8)u7ObPeQub|_9N z(2UN{gpT=H+Ol{`)L%a!L*(mN0r1Ms=z5s=j_WJd-bI?s)w$ii3R1$s_Lo!F*tR!6 z@;Y6}H-TiJ{6npBymxqEWdG60tcLh_aM;q%{R_t{F2~Y*6b5X!c89WGxfto_Lg5Js%xYAM+IWJ{$kd71^eKr+

      xxtc?k zTv-w8DOl|XFv->N6SGpsBQahnQ|!3(9|!>A(Z~Nm$o93i&p^eLIATt$czZnmD^Bjw z^hPb)^I-NN*uLbOk*JR_#%9FX3nkIk%f%C_Y3S`ZG-PGo(khfMJv)n+3x)0ndM*J0 zh4&u;McJnLeY>~84Y)VrQ^ICvwBfn$i8{d&B=S(mcGJx?;uAtN>CwB*>wf!Mk9FB? z2pA52bW)gN63q=~QoME;>wfS>s%Nx`h$?iOc>Q*Or{gTr)?-Weq%|cuIsXUUZR}&R zr0_obSmL{AbK#apRSX7?q&=bpn^N^}X4C=BzK?r1bU)e0Gdt=0rdArQpJSJl&nh=7 z8*Tt&pOu?c;Mqa$FeO%V$}v>b*t0eDvT-t}6T(Bhb_Zx*GX?!?RUL4?9{8`-daW)O z>ok8&4$bl_-iPi-duBD-gg&;f=A=S1l)gdzn}X@9G@XU7VPK;&0zBLK&4qOJrgBXv zeKKJACSc)q!SAdBT2)ju}2qq(Ose-7dWdQox+BLa>Zot7zbM*8H% zYNO}B1xNBE`U*@R-S_wDg;6gGYTn0;Q>(#E&K$sHX*A+>&m=G;E|{gM2?e6!iglgE zZ6>d@)?qppymwry(BZ@!l-LubV@n^twyFE#F>R{6wBCkGeGmmZ5spJ|_2sYVQ=2#g zRwMU}SELG5S|YzOL^{^K0eY>k*5Y7yJ3l)FhJWb@F0fat;?UbI zJgFka+$5PB$s9;d<(`v-?cLvSp!5v@$Wz}*hp5P-ep7(B!hfH|7rfz+Ba`T*csy1A zx?^vf;W+M|a30Xgw*xgmd zw;v73V-0g2$?k+kX|K+9jX$BNr#wN{J9A0D92dJ^R7HtB>IQkkJ8HvMgFj_j|}e zve4~@ID634!Rx-wt?AF^TLGb<;P46coM#vQFoUslk!2F?Ssx|1D)+@?kuUjH3xqgq z`eHb@Xma@TKN1{RUh0>&v;Bgi@qv%5o(BwY z3+xN{MS;gx-8XN|NRDP|8C#t9={gQ`LB{zMy4vPvG1-hx>h_vuEV+9~8S5`NKX#E)MR^HO)gfMhy6QrqvtP&6bI@rZqxP zN;e46J+8^K`UjJAIg^MtPLcNy85tRov(0|V7&s^hmKyU9uUCEZ910Wu7$XT2SNhR6 z7=t|5Y$~_yxAmc#=e?&SqL?fL2Te47_fEtP+|&(--ENsAR%`CEHt1aAn&ou(FIN>4 z?PdbJmj2CzH~D5B25%76|MxMdP?e0Ijm6&rcF=eRbvY`GNnwV`oc68Wzx+*0J|@k% z#K6Otv=!vTv~`MbeU@`c4wyY8|JUr%e(@3J ze(N@Axlc1-^~@b52)*xM1_qA^P2uuyT>Ka1=BG({f0W;f0Ne1sdd{_~y59Bbl8 z_2*$YENHFE4arA*M2z@jI}(3+2LBIcaqST>(Ds4tH#5;r{Y3HV6^weBMncwK>g-%027=(u%FAJZUk8SGSMO_-IthO}c#gZdrsUX`;OkD-0Z2aSvp&}4xJ zwv1$4N=Otl?k|I+%fi?aoRRfbQL&-hh+m`Dt$UFK?qEPn6B`NtuJ=nM1i#hx(ZE)s zM*Z#6c08Dk{nraF1BP>*1v9JHJflYc7qL2meEy|Iq{o_MsU2nn+9TP;{DEdmk#q=F zHiwwqxKh|yxI84WqO=k0e$wWwW5tg*4@)C#ybz z6W{p-fxi^PJBcT^SIs-SiJ3&W_Uiz?2&MxJ%r3c@@-*Q^(hHvqryd_2-8c1iKB}Kw z5%(R8t)-08tY!WeJEb8@<<=Mu%>BD)|F0*^xNjl7xR4>y%g!aPHr_QhtR$I=VIB z`EzpCoJ)nRsHv#_S#0HViBgP>9aOf>D2z{(x9mELNT?_Z7r<{yD6b_>(jT+`Qn!(%zEjj$DNz3)8}Z~H_> ziQ8bMQCf_LCfbc&+nVqxUeB&u!m$uWq!f{`0sDk^*!tJFjiQTHn1AG;7?Yhk>aUL7 zaQ3Z+&0nUVYKI6xh3zq>Mz@gHD?LgD?x^t-w6>I(LZ<|sh|UL*UE}6a^c*K!slxMA zbMINeE0M2gQAI3wP(!OdHs%|d?_Zu?U`0nF($83t{ts!l zmZC}b9PtM8RKFExW?2L7-LDFHl}StzIRwHZ@1kuGi!t(-gdQ0Eo?FxonJoLv25;zXWx z^k66Cd|9+ohq9+P|4CCKa+rS_Ic%k;nm-07l_=evi<1C_H@ie{85+J&gU?}wsNbIR zBL*G&?EDQ~N#^G+`xm{3U@lnii*8bEX`sC}wQXFV^d}+w!`7kq))d5%RBYBuo zB%S?r$B^QPR6M6N@=h;Wa0boMSFWf9R3-w6) z=MVvlP~-QH0e$I2xd#-H!u!I&o8!46R@SgC;fT<0YxohoJo`o&dq_tWyC$7#ujd&Q z%Yy}HomD3a@D5Kl`=bI;oJF`7Z3jS>U%rt00Fvr=T>_Al{Chokii+uPbhOYA4?0?) z^ZMA~^kV`;uAFGKs45|&mb@@dV{UBrk6hhz>i~T?g@dJ>pvoH~zBKl$qK;CZ`;MV= zMNc7?$kOTPVuH*-X#3R>f>_n_e&VGA1p?XEeCW=v3$i4`y40E_DJQnqCtM2&fJEr0KPdRo?_+O;-pSa(v>^Iu+9Pv!Hxh9!w z4qF`YN_^pc<#}xc`}MV!huBYOquo_vRKD*=bBOv~$IDGO1$#2N;IJo7U(U$ zOTmw9`a3RQ=)2KY`Tk<%w?SSE>CdTZEMG(KRmbjyy0op;VN|A3<~hqA=76@JKXPBu zZz8xT``*OQMj5}3Ha=VALMqt~+c%gbh-dHLc?n1NOh9^N_DotoC%4p5l8!R}CY_&z z^oJX;O&|Bz9bY_9W{wD$#Gye%ym+0!FNooc*Nz06XiVQx2iWw-XZ09Pn^Ck(oiqOD z(N2W_=Tnb3QHQ00h8|LGe?s=@G-egnP^jK|`F$#zHyR6KKF3ScrJ|(;RaFVoOr*0O zoar%YeS21@KoA)z%%hB3`^^Ph-&;wP;l0~oj$j9AFADS^RN3{pGm6!l^mJ^s!U%x2 z5f6s<lrwl>5s7K}XMK`5E#oTi&@oIBW$b(NiIhirIZ`NtnyBs64A5Y?pm?^7$OLP!C+xaz@TqFUVm!{S>->Lxw`yc_U(a1-MG_R_V=0S10$L!uBao- z`kjx6uXe@HDBd&jGDc@p9IKj+%k5-?@ODTxdJ5Qn+uVUFF3q)`HBERF91);!VO!c3 zKl*0`drkxgjjL8K)fzcAqO0-2aHQ7Hb_7-F>)=6f!p5}B+5`b7s4W#Mi$Cu*{HYud zK4i1W{WJXAd(ZI5g&Nm++iR(h4Ubr`P&)~uK>hI+lc)(`)(>c^dfW2D1zB|EdU?!p z#_Y9Ma#W>1{_7td@TJ4bVCK_CQ^HXkJ-A2+zzYQ|GZ&FDPA1iBYd z31Fp(S`SP6bTl~!f-`wX<_GhRQOwTk#efSuC3pB>&wu8#|7_U5uI^Doyh@JK3r-&1 zcv+F+PT^}ZG^z3eMiXX&XYQ$2t!7?0N++f9$~AfgHA)7w#U9}>!_V~hxt(h8ootfB zVG?qyJ?}k^BIBHm`80kVuoA&^2E)v)bXBLf$?9V2Mrd*4gEGoqd4J5-x*7(DA*Xt9 zJ+Bqe4%Hi7n>r9+YQ+uG+nsgdG@qAysJ3Aui4$kD9hM5{hN4RGJ^3@l62}Yd|D(|7`AeF<;~EB&?yt#Nat!;SpovEpW)E#90UA4 zQ7<3dSQ@;+D7D$R1hv#3)>8iSs($ltyJ5GnF*)GWSNU=z^zwJ*4c$aZ)BVDWyCt<7 z5SihfBJpJVlM+zhgIcKvF+Lx?YjQSlSndaQ6~;nk@KzeQ10O64nYQG9s+q|qoKdgJ z;3MdPQ5esb*rPbxperStFn97(ETbDW2@%Yy(B&+zp783Fe%VnAL(G3XTEtle(_ zqT)lTT2Q95Nfa&pK4HWC5gu63b6o6CJr1MiSv1yZZ?teh{7RP*XvQOI7?2XGB^hS) z4WeE`oc6i2__IE3w$)AXr3*QrzaH>pjLI4Z%|B2ZuYW3A2)EBWe_d*?mQcpcAb;a! z5K8z<{kL%=%GawjiO~~1LHFaVo~t5skC*?7AOs*~n%u#_C?EowHPr<>z!ejsZt0D; zTh2hsFU+rKtyXvdQPIsGyd(>nWFa>`x-*%jEoLfFpq)sjy)N3y^Hj?c#R*&B1zdGz zMVEY+By)oB-=-W=KFM?z@)zwED=M$&3Q0w)@8quH&rMa6^14V|5?Z)lwmcd{;#nsx zf8$r@o7^o~U~i9FJ^{3`FZ0#hS6i-tQ2|ylID}g)>)npxRl%y_tS|%!vC0US&5(Qt z4fbCj)YOg@+dWFq=OEEJAhanjVg4+@Gy=E@TwJ4Pt9_&1t(#h?Ub!DQ&pyo#DykDx zErTogH5l-Zoy=rXN>xdFTZwu(as?AFuL!8uwxs$h;xE*c$zShXEZ8gup`SqQ&T3AI zMShncxUNmI>qBeb2t2+?jKi(kjnW>O-;5SqIW3ydaZz*%79R?3a+i0jdC#SW>7GL2 zt-L?j&f6C@xV-t9N9A5QA4wsB_zR;7&^ysFD3FpQ4gK?mRV7FUx{BPrCg77%>o2t_ zLp1H)jFuH);1&D(8hKn~BLwNH2be2xQYsN~F<8R;)ZR$Tx<^2!mG3ui2FEEX2=C*v zUVoWs+}p)PQe7BY?D)oWWOg*A(et6Ms`ScA`9rg$_??Ag!BeM{%Oz+h=qR@cqmOJg z_;uLy9@i)#o(`&X%5oD(M0KBE;XZ>>NzoqeKeIc+e{!3VoXYi(u7DDU7}j;^Q-VoU zz_vIrrrXHw-mMb(OdMr1oqJFoj*-V^@!6IXdiQRH?#8mg&s&rG8$c5$(o*PN!!8=b z?Jg5+aq3I*bkEkA8wSeLLbtcQciO+?We)?cckC+fhizmxXRsgOZO8>`NwnHLUd%tW z>A7L7c4xpVC`{Juo0=_+V$#suDd%|beL2~nwE1F?k+Ykzw6z2#r|^4AFS`NweiPQD zy(mfTFrE^JU0!W&VY7XU7HE+%`)&XM8v=0*=?Pw?}J;tvU_4LOPt* z5e`853fSW<(x1ckKGu10bU+>v+f?ZKAn1wXd_T`Xqt`k?W)&Z!%O_bD3Zo)F^BoZt zj$Kciy>6MUD~Uq4UinQAu`#O&b zif7Q=oy~{2)eZ+u{>-J{ny>|aR;YccZV}!!DKFic|1divn&5iGeLzYH{fFhc_xn0?&W#xEtC-lxnCw_GWz1K5m(QdCYhBDys0xNyT^j& zcSw3hkg0m-c@<$KfPpfhL7+?^-+_tp9-Y*A2&-T6&Dg^Fc-Q(_^me*+>m&27l3IFt5IX203}i~4;=RcoMNW&!V2`_0pUA|^;0+EOpMBrx09 z8#LBwxB!OC9D9>{oWi7XI>khBk&BH77cSi_UF=R1*uiiKRUjNPB=m8E23!)#BRV5? z_>ql}qTsBADv)*>V{psMT=KkW!Cljh>(eCI)f+VPxNa?{QC8)p|PKrCT@tp^H;Pp{GnE{ruF+8iuV2Sa@DdRxG#)}08U#XIpXpp} z8FN%5?EXHlEXSY}omw%4#X=qCp#4#wIcJQJdtVI9^aTI6ho*?diN%ZY(X+QMw~a^- zMbOU2bI2i@tU#p66CX`)QKRLdJ1*9J_Ksp5U146R`enb?S$6trBd&@)Wc^~Kr z+P{>1{Z?PXa=lQX(toZ3oqO3`5x=p)=axJ>Pn7Fc&p`P-(Juo7P}Sw9O;vlI!&}Ul zPP(dYoQJB4<|=Z1C7W@baaGC%s#oB@i7?Qjlos0OX0QG(Gh7;b7mg!)ll(oU79TKG z8p++g1dT7m2pKUXaLqNAl$5xvS7t2dC`MQ29;f0n(g?+2z2I;0iV|9F4f_ad5v(TU ztrsnFTOq@lFdlyYOctE1TW>~rkHlVQp!$>p%HhVxzIc`wj3Gw6-(J!=YkiLVwPB;yArDXKiZ(DIPhXV^vy5LPPd4Z5+ z6#1|B*h3UJNcz$iTWU9nc*E>N$?P;6F4;|E=|`dORdlm2axQXjSQzR_8EzOCDz|oz zJB?;fy9p*&^y0}$Ro#>3>C{UDif#3Z$x4LGpRkMk`w5DPgiBtiV0HC;D(gSG2Sf(x zXjcBvYcWW(4CrM-3OFlRS;FF}R473||; zK3yR<5c+x<3%1&7i2kkfad51o{4ntnM8?W_k^4d>t^}A6U?L^;wEzPuMO<7BKE!!8z^y80g|I z%fq0vAx#njQ(LXnNiy$L;aTW!ZIT~;K6>w3cknAj4t{&={PshQq$cla)(pXj!!7@R zkdWPf6ZPzg;(P*J*f7Bimxv;63ci6;?A4TJu{ex6YH%{8h`e7J5*R`#Mg(q7!UvzA zMGEtt*GJ7r^MK_iALlZI48@O0uLWnBudz?s0x}K7dnYVjbGgPtX)~nDF){i3j+nIC zvpHVLZK#M;_EvJVniYYIF6#_3xh?Ec>_1#E*02#1Es1}78mQ|YUt5E-qQ;1B z0;X9(FIUF$&ES`&nSm76W}=0*becdq-((MV_n%twz#tve5lR+ zyP6`>zSLZo6qhj`ALg9ZfPO{qc1#A4Pkr@Q`Fq=vO>ofR4>iklWZfQHkbX@tiI4M? zd5Q&MJvY08kGwY00aW0sFj_^d*i(t8^0Rw_e|`dTDB$JP6ks%~qKw%`PmR;9P< zy5pw$=~gSCO%5v}(z zFPmUFoP>kkW%-(waF=VytxKR_^%#k7L5wx?6Q{S1YBW^Oh|=G`2F!Ld|cgdSb!`1o7iSVp)XU>iCw(Q}f}tMz}%x zZ4!C0ELz~ry-0R3$A^P5FK4$XktY#4rj@7rj6qC=@vWDitv8IIvEjL7M>CO7y!}A(XI`-jKTt5PL_-FyMb#BF+%? zv{-z~@ZI8k?mD#Df7VDcOL9T+KK^cV$8wrPwYAc-Utw+NiDnB(m&K=Rca5D6h7*SK znp{)OsU*L--6_5yF8B)U>UK11#T3cfwHZjs$dj^HGCtRDOOJ6qoIS@m_wQB&K)q-Y zeGyALLiijeU9k>x=CWB(x~<0le{v~9h~3<_u%gC?gV#-o#5_HaEIU)+}+(h zxJz&e!QH(U=iFCy>;0rP;Lo0GuQ~eY{p*i`jrsYeT!e1WmK;_CK%8~Tb4u#|_)*k{ z!x7O7XKmMw`cvM!?ypatQ&%7Vb7K)yV<>O;kT-ZdvsER$balm*NC{=6YR? zR;~XEi*W{0cV)g&Jas0miuqR8?6}#5UzdziabtF9iMddoUS~Qcx%_-^utMOT_ceB@ zveIGT(s(zL9xw;Tlr8S8zhFn@`;Fz|Jeqrz(k8~Zq*IEIkM)myL@uZWTFz_Q)uc62 zP3F__`x>S-Ma;x8^~y)Ivs30cSdE{|*_C|jAN^?T-Y#}1jmc586NMVKLzqGBtxe3Y zEVnNF{p+cjDXk8q>Ta~QSA%zw$W=nw1DbNK^D_N3#xY<4)j+nEez}|8x`ksg27^P%{gDiwb(MR#+8dI5 z&(DJ0V}=gIvKgvSPHZL+6uNWj%QnVwilG+>PH^`j?UMa6Ic%o^@ndj^*sex>^H6Em5$X zPqvRdSsYYuQ1L#|4)ULD2*|91hl;R-sVq}G=Y?vryi?PYh8)a{2y@B{47nD_`f3uH zlgM5uj~_sguD&zc$#2KX0+$K6zmFdxE(yN_$PVl+<_}%3?YL+|(cK{P=X;w|1ALVl{^Dk5kDhKLJ8O8KW1LMHbd=^ju%0MV2 z@?k*H#LpnW-E6D|jRDN(gAN@m6PmTAc(3>tw6=;G*e)-WpxMdvbIOxCQ#2nfE-;AW zS>!*Q6^D`1fKrF-5e4XUz9*5T;=7b;mlzWB>K)9MTQa*oGbb@w$;PjXHg-&OF-aY= zz_;z?sceDwUaqBt@bs=uzW3P{{Y)ciQrj*qVhAHZ#KU!O&u(33!m8_>Q(J7rCO(T_ zw+_1vr_8ND>Ul=Ii8 zk3S&{o%)6iDZazoo?3qWEJNwD-6-3=ZqA7E=hr_pZm+nNUWbSgt4$vw6a+r`-6>QZ z2k({cFfojs&?`Y2js96{7GpMKBqX+bV6*b!6;Ghglz{3Pvc&bcQK2v?9*n@`=bN&e zQNI6~GzjNz0G#@>s{SHr*ry}tcR)$ed}(;MDMnftpMWs8Xf4Nbm9Cbo94_Z401zVD zKQ6V}>MiNRL7&!;X0qGmD+tY8bM`E?W*-5dCQpFdQYB!UwjRtt7swJPOC>r?Tj2GwSOKcc| z^w4@%0p}&T?YKT0=xMg-khPtLUs?{mXL+}rZouB8f5|bYCa?ZFO{&Bu?`&wqvmg-| zSLW(rTb*rUxMwMe-y|RGXzqVL%awvd!G%J`7hIW24XNSwm@;ne%8mj0SjJo zrEYwanQ~$Yu;@eQWTde5ZmP9JD5?p3gpbN=ox+Y+`V_kseCLqxAAZg~}Q}na&*|8{2TkU+hZ^!=X{g>$QJLahmALR7lT{ z6;2h(*}p)G+O$tI@_DNAJl_^Sj2uB< zx(6bar285EKd9YQ$F?&R-l|~OjvO3^B#dtl>AQ~6d!`TfFNk1}Ot6n->a=H%7uY}o z<3F>semnC8FP{;8KM&QpBrWiqX1=$c6aeT_U>x%m1C0R5M7RPs3t&CW!V2J(DlIr= zfu~V7|4d0u%QXkVpeA%~yurRI!SfYtF6epQk#d~ow2PMrfuW&ldI2y32K@yDgigDI z@axy)Ka#&=mSM)B<-euPV;~f_7q7l&E27TRfqN-U5h8-|)$H+p5*izqkgkEfYxqzd6pFImJz60<8|FOM_*&i_B2*n*5~n zki2!6I&-$+F{fV~VR2L$jDreMcBhbcZrB_r;D@6V%*(3T69Gw`F|vO`wnlT^;Vyd9);^GJQvO6`LC?+wAO_(Ny>ue*(pk2|zb zW>Z9CS^S>R@bEway!|h+|H4T~PYypL2&LASvzJag&zhap9i(pN{Yn|V|K!ddIu)6# zrdT9~fMn1dgjLvRm&F6^U1mCD`d0!@_mVK&C&C})E~Z_Y5$ZJS4b9UgSu`CpQHd>G z#gU=HHpV5d3A7i>3LD|!e|Q3uT_bTf3{z&Y;O0XuRqmizJB&g{_#2_%a#W#9Se$kN zsQep3bvS~8TRe{BMr+-fb)EXkLYL>2R9$iljx`y$)dNGm$>qerr<0KXoPtmH5v=af z@X-hY{Ce)GhHQr;9_k`w^LGyftM3EaP(jUh&k!QJKsxhaJvljfm|@@llUBR%sZxif zhOH#Pe4U>DMUWbr+`4rAIvo-a>aK|gK8ued+CFr^RNOrbSbU94v?0gw@xlz3yNLLE zfe;rn9t(l(d5dEC?`Dj~EOo59bsaBVXhb|<5Nx@^tmvND@V)@{TlOnQPn0fa{NFvC zEpp?J_Hr4nA2dCPO51>2p^;Z+k}X z79H5vmkkXF@oI*gJ9+?d1RfxAzPFXv{HVbdm%rgib?@}@*Wi5R>}eW^Gu7~XsHwl# zT;AgW!a~F&f#9Z-A^L-d&VsVmD8-svXna1GkQ4Ib1Et_|k}?TY(b=1h0Nw-gRAML; z1J>nji!yq)rlx~xc7Z-Ux4EU|9sx9}Mg(^n<$aDqsQ|MBSkB$3Uyxk2d63|qi-gR1 zLbMw>j48aFOKXc96f|D?qN0?oyM-8J}0gy908rvPO#cdW^nK53fJkA zvET5yFU9N0*p8joPsKUj{=r4>@vGZg$P&b#U2fu$pu~Kh+)mfye(HX{(7wFDp?l{$ z0egn%DBRD=7OaOiM!%R-tq;cLBldY6par|-cX7u4po@-)J)P*^U^ z&VK)m-Eo7cI&($#AkQPi(W`mpJyY}0w^7!n{^TA2r}q76Opl8`aaieW+RgOK;CB|9 z-)`6(_&*LA46%}K8Vehs9U9NqG#wPZ3BXDae(?;~8tM?QK9P1h`4cXGA~*y?RQNj0GUagc2`m zA`$nXT5{jrZn-a4f`IbNfcw^pXVnJQ&bL7)A}aJViH+muA&F|RJICA?qi|D+dEuO^Jlgn73)een!(52=qMd1kg%J$$-LX~pQV zzl>krck|Nd&dYj!KIWlpj#FqDe&Ja(N=ScI6Cu#$nZ1so>%9ME-}B< z5DTPOY_^1Y50yn%VDTU%jNW{yN{T0Km)JyhS`VoC+uAN2GBvL{`BFooy8c6gYvDS6 zeaM?sq`*N%cRl>|^kv#t=XMZU5if(AtYb$})Z6f-X`gADsOFL)?^`ZW!LR5^U%W^H z9jDmGyFu=aTuJ0_M7bA+{rE(XM>;+R3>x$I(>Ym`g*Ncw{+$ApBM$N-PqVLAURN?i z-hIthI3Nj`aIWwH70J9Z&%!#o0nLMC5N01UFBX|l#!5Gz6iUQ9RULoADyA-2V6jB@|Iv8pX2 zWGT!p&zGKQ?uyt3Zrpl-t{Tc`td`vT=O5DOd(0c(@V%5r)*(;z+n8#?N}jnAx3_7o zaa$o`FG1O;g|7n0Hoxy-0%S*Z3^&yu{PHIc^RRU!eYykhY9hDqzW87L{QMA`KSc5q zPfx+;M<=H?(3`e2Cykr_CxkDUX^;g-cmMyK^J>^%Dp?(Oddd|(;X5Kc9@gZY z!z_6-zQy+J!imPP#KC1K1NP?fo zquqa;@%>|hNiY|%Yu>H&Su&TR#~JMUkXAZ#j)4IMAJLhyQ0!ib4Ou^|*JT*xBspfH zx1y5%eI&i@3pe{+iaVwpJ%CTpr4x$kB2hV+fgg1O;;*@gb~50(6D)94xY4C4vt^ps z;7KZtw#(VI$#?w7PZ-Yorr!Vk!Ew4SuAMeE`sC^?x_fRAOg?efp@S;%h+l8_(MN`- z^@Cn=U~g_R7DvlbT7BRrutJb2iQ%$4w99Q%Qd3#j#XzW$4(hZM-Ru1_VRJhMVcj!W z6ZO)Z?9i)(OejKsl_ke!jOFCO*IrVP2e@Ie{K0a`-t zJjMR7&U$mf=4{+YIg4Qq;Mg`%qFrLI4T2gkh;@VTp|lY-$~ApXA&DYdG<&v_&={Ht zMZ6v$@)$(sgYOHkfv@J2Kb-lZlPjULd2mC@^(of%aUZYm+bA}x`cJmM$gzXZ4l_5# z1P2~U%h%Tn(vUJ6lRQIqgOPDz8%AD5eSN&T&q%X5@ep)`kf5Th%nhT^^BVlY2cv1Ou(jT`S{iYe0rz1ddL*U3kiD51OLQ2Tm~s> zbKxHd`v=x2#?tFJsB1o~P8@=#3eoy@EmON{mk;*i(@RHdIMiJ>l$6Am^^6Oztwer3 zN^UgPEYzSV3hRGi`|J}3sJD?v{#r%5A*vFTPvBjQJ;rCE&DTqi0qrl$_bsXddGjNZ zi}vIpAU#gx^2k^sydQQK*PCqhDK5G`WYTx+aF8AiL&bU}4XWO&6jn#-!an(Ja;WVP z5esKR-2;*{yizyws~7<=H$f53hgGD@U>oKIjW8$O4mX>28I$u~fj_>;GQBPCgnA*Q zsF?+K?hG3K5dBy)IeRXu*=ED)BPikg%|Fgrm)WbAsab6yE#_^TW{#*;)aL`2{Cd#0 zlLP+xl@_0ps#rx{ZdU}DXQZ7!^LWjK1!H@hWrm1P6l=_GLYAr;Pf_FNEHl%EPB**< zS5+{_-IGuLC=T5C7bHevr9|l-cE>XWFU!lh`L{t?l`LlPfzP#{XuYF%KHW%P!Pz+w z1T**H_KbAH53vn{E3f=M+D$t>iZW-FQvduoXb*YH8_l0w^_k`8a&E1`0`T4o2zCkS z@aUR5-D$nn_j4q*p0$qgUw0uz+ZhnPKL)gip0pdojZWTR*P3zT8FbLG^*i;Q#pPeB z1N_q?a8MmWCvYlpMy&xkwuAnf|8@3}{v1f?xwCc-020#3BvTUe|M2U$mGs-?JN~v| zD4clq3BTB?PzyJSPdRSMAV@tppD}}b`(M;Vu$E#ba-zZ^5U|5|W-WtemTSyPJQ#>k zRJyeNrf9T<^_gF>Sv^QA)n*V}yht+k-`DwS-XX!S(i_azkCREscv=s2Zhg-54Fk-Q8Ik zo{SN-jiu-t0)zhSan*js{+sbDrt)ghSjyS`=}89ZxlP>`(na1;j-EA<*K^8uPJj%< zJDN;(&F`!<5F&)xlDRA>c9`fOZdn1j3_TUio$N|rRT_L7i^y_%HXe4g@=%uqs2lXA zOF#4bw8v6xGP;~OT^sn~MH^K0))$so?=Kf_Vb`U95}QMd$Ru^Tag)1Nky_D^USVxo zHq{?`fBv;~KXd3;hJsbF#lw>}x*G>7T;nw(8M;T*boJp6^!r)bsqre24`P9Wtp~nT zSfXev(aw3+OT}3oaAU>ekMEw)F^;^${3DIGr;q~JU!%xjV_kRKYWF`ddQF={nppEQ zP{REn6N4t|HJ*I6%ls3uU(OH&T7%7)i`lt`(w)Q~3ko-zwOROVln2kjaH$@7iFTM9w*`UlzK1(?Cwv?{P z|GbSxNoad6R|#5pP#TsyCyDB_z3m2F#v)Kz5?1DAaKHn_IeO>Z(qQ{(IVNdD1i+(~ zbVi?a|MB79bQd}?+(;-g(p+tW5B8u%gX%9V-qGZ4g^`fXBJwuG<+)Ceq9;-MPKDxY z&uMZ)2%kk&vlZ1+U&`N!eG=phGf_ka_oGN@PTeF=V@P`GsxW*%laX(wNwUg3y}+du zPLWdiMVB|4-ch2v<%R9Ih0=C`@`2-4?$9r1wBWY%Fg_+Pe*h~dDxqS7V0_J>oH<6u(#B5lVP@rrX}215fuWg& zfSBYtoA+?Qpr(xj_c0?rHzDi^{%OAHWQ~0UvVNy>Hn1n-QUc&T@z(+jgD{{Y72#`%lP2y*3YhHHuq4eeeTi|w+C*}w&Z6zL zSv|FzuZ3X_SgTIp11(&|Lj_+$Cu5QbJ5+#A+lj8j<2QKN>pAb8_PW{kWTT}<0d!0Q zr{MT@>Ul@VM;H;K?a(*GsWjBK;*86y)8pU`XLr1k-O^MlAwbz5O^Tk$*lR9*1YJCp zN7Cae%k?}c>gK1OH}vawe%DkL&A@#qXhaFO47)_52D~aQiU+3ROKOv+AB3S4N09it zZhLRl08_uiqu*%N>v#;!1O$`sI7RvXx8#Auji@6@GEc#`6DAw0>70Cik5&r`I209L zS1&aMn!;>5v0p1P=1?%(f6zhpK`Kb(=`sSuB=jO!q1 z`iQ!Xm$rPm{|i6O8;S@+Syvu-@&rNLS-iyloY=Y`H=IBoUp32G_70WR#ZSa8t_LIB zwi=hbXsR2p1-rwN&hicWpIlX`PAE7Ye9q#K^%5(C=6~U)J_U8jkGKX&6zhvya(L5I zsFlieotALpRNkg)izFM*{rt>-6C3!U${E(J4=@|BTGKV|BRpz+p7Q)8;Ypw%y+4H> zJit3?dd4Uhgxgcnxg2?k;sU|(cg$mbn(d9fH8Vl4KTLe=eH2U16uhY6ZcU6dY`<}lgkL@8>6=!5C9 zzJqQU zr02a=#RN(7LDI9W{-py*u$s@uuo^X&uJ%Uu0I!fy`G?DZ%4-?)oex&GCi|_o9xs=v z_vUdFhdPVwq1T>)Z#JvU_F|l-IinGmn#0jNY-g_>#)-V{)uY z^@&D9tw0O%%3#U7`6QV9&g3`recf!nmfA*a^%H3Stn<|^?OKlPBb@ zO#Q+{Ypkj0X~p)XP6PWv&DTISdhkn{d6&dMea~CIm6mEOP%S~L0Ofkdv9ADfQFDH~ zS=^2fpLw(0Ira9qR`fVq6eXm_sCPFLQ^_RThfv-9NQmYfFMQpFO0p^2?BEO*FHv{juqS@P$l?9&tqjg! zY1ye&cNofGf~1fcxJkWqC!Qbzt$G+mR(Ti?0<-B7e3rtsBwZ%y_BpN`{t{7^?345U zURX(25b>qfd;XI~*l^yKN;wNDND%t}*zXecqM{ zy<~5?X78{bfAbsHYb*W6csbn7X42(KmD3u&9U(O>_Bu}tsfFKyJUwoY+^T0F8kq2Q zrlKRZiRYZCG&l6fSRrextI|5C@kh=UMV=gEi3 z$IY{_T=W}7cV_yG?6Av*Jhhz-yYaWNXC~!1g$k#Uhow85O#|5<1K2(>GXw=6rT!N5 zR3+j-u)#=>v{LV43~oYoRpCO!g_PvZUM-#djG&JEx9Dq#T)03r`qjKiWYwG}b0M#} ziS67eCo*VdQM7=iP&t+6{Q81aOh3X;TC2g(8*X<7$qE3VUb%v=xwZADeF5l_Xk+4r{wX(}1dbSO)`(?D&zw>)tOMMz!>lKYQ5|0~_m!kp`wC|^_=cYC>Jlu3bymaD&tc-WPqC z>em|ei{F<7k!sKvRaWs^_sVDk6!v4f-@vO9@UDT!@HR*wwBaBMmHvACD`l6#S1y}Q zRhwxPcZi%zJ#X~MT+~);q`}Ab;GJ_nGc8@8ZEuZvBzX!UWkqZ@<7V?)`#&Kn1SJ>= zHR7VOC6NrlmdEjSH{iwvS;zLzo2H44*e!*&6HZq`r{ECb$xQk0#Hnu^)uP4^ygC&S`c;XT^FHQ5r;q zn0s_R_J-SLmi*|wGfv6IBYizU&eZWP1ODFL6^(u7+#XU?J>kRbm=cP&Xm0(wS@E~}lPg=rQwd+s(8H1yNrNq!K!TR?U?5UAh z>a>;IRu_M%PPqH}8n3MO&|Z4}-A&D+w7>3&bYSBok<;<$c_Ah2s}$}#*I>3|2Wzn8 z4W@Q(sDTd~HiP6Kyf2rey30*)nf%M6-_{5Tx)Me_mXR82cC3L?ZHmJ(G%A#43&@}8 z^+QOE)Ln8{NA8@t;gGV@T8vUi6+ptrX9RY>tEqhoZ-n_tk%gS$`S$ksb6VFv3v zV?-n-*p`fX^{>sV-n@B}1jal@Eg_ee&SlRd7t_5@R_&lDu)Lo}#I~|!Z1`zf5aB}4 z&CCe6zU;t5FyY+UDoE*+m$IfmX1B3|R>z=iv|3w`vXEQfE=u^L3ilXSMi6APX_D)J z*5VQiK1g7AN6laBub0<5BY=gH_9^cISEG-rdjkp45~mri?}mTrx}4KTpB)U;Wd@ea z7;Lz(U1LWLM|S^6s;H4Gi4>Vtt{m%UUDxc5A`RmLEzlLHF|m7LZ_P za{m^lWQn5Lk5Px&dPFtLLdDR42()k{%B5VqANSPHRfJ@f86J^?q1KaA_Jhjh`?eXc zH-w~RU!3?d}6>3hiQEU`}H1ib|a`aY=q2w zc$=Gf^788F;dBMV2X=-);#8Cff5?B*{lKHP`TQr}%b;3pS0TZG|H5@LBFk2#VDMzl zx|5AyXGrb_c7(yA)w+ zSqsJ1Q;c;<)#fA{82)xICeTVt%&sWF4{4fZ<71gCDIahWW@SNW3i^;n7fS>s);Wr# za(b(r)y#-t)WAKSW&VW>QFpU+kTnh8Uv~H*-t>@ywY23pCyzW@r zM9EfJ4tlI&i^YNP*}TB-_V6Q7T=6)U-9)Grm^fEsbJx>LP9{8tF{W!LQO45vz)5+Qdq@_rRElf|8cZ*JpyLN|1GaVlJ(E1> z^&%?s&hcfW$FGP3X|@u1T^gT(czM{jqR2{MMMY}2>oj)h8(jKjjoIZAQtr|&NHmq} z_$ND_Wn~G}TbCPs4Bq<-XVgLEZrFs`g?KHl@b@4X)s1>`+o?-A7 z#r7^_Fa2N0q2GAJMX}(}=bw}P1aBI-A&1;34KRhH+YAcmsqXSw0SxFMiZ#* zWUr9*l(}tEqxdf^Fp9ZhSG-(}RvyJuSUpgJU6n1}evhw$<5Zy+bgSHSQc>Sm`q<|u zLQ^mfs@^0bkxgF&zd7myh0mH^N;VBa+MtO}?|bVG&UU_n+S6H8NAkcX`YiIF6t=z7 z27isLbaW~b(b1b1A>c2Z(S`*e~ii;7Zw+BpaxZ|MGhf%s#sSymPM=!{1;0%9rzJ$_ zr->%5JV0^8J-;7h@^+33Qg&@%BKn!`A0GP{_lfCvVL86w=+5918s)niJz}TE1&_MUG&}*O)0!qx*~Rsg1`F!Jg|NYigHe02t6cDEN69J=?M2FW z>H+-0U8I;Vq;6tU%^e|N0%Qr-X=4Tf$YH7B3)#hl?7y|UY^K_R4)WG6Z=8dlq5(@| zR*~U=BX9(|XGo z6;8{Q8s|k)Q!ie?sVjXkSUM#DT0`gvR0#nFGezX4@NlYzwKm@q1pGCaGl zTupO&1GDe|>S~=gJT>yUhzQu+P-Exb%>ad>7d6%sg1#$rJYdrUA8-j!8}O z^2T9I6dGbq)<2_t7!+&pOfU=iVBYxPX&+h;V&1>SaKg}0G|_$ZCuE7&6YRDZr>+ni zwfW~HK2itOzAxH4ect!^I7qAGSdotb7jA zO8~5nqNu~WvZK3=_=T#8)x~OBxLk_Khc@>ZV7rWKHYdbqDY`y z`x~6lAR&1BnGo_9^9Lw6B_;zlu4P$JO8X@gD}FLPh>jP-72p4jJ+TtP z+Z#27%JwT=9YV{k3{oFampH^1m|js{Zly=P?gCp=O)8O^lj3@0Y9oeEI%NxW^X>%N zo!WW_Z&j#-FTvohTG2pxZ%ZHv1DxN{P*2O9GGyuaSDTrBG_;jM=$!ORP<78Jx2lS|n%(erVmwXmdU?bVNfej+dHH24u`ByA>;^a= zr5I&aHw@{}&i#miQDoss=T@T;cFCfI)P;cRy}LQ9&Sh_HJSNBXG?q$iUU_~TQfM6s z55on95-&B|Qn$dPr*>4~=4%d8{CQRw#^4ZPJaPb-?P|h0If!ux9^t(kuxgG-D!#mVr8%ZIp2o9Pz* z6!7cQmPRxoXJ^F$U$B<1m^`l!Q!D{`on>+B{7XmI;6kqZP$%w)>#5{g!H3z_Y7DSN_3BERm(cbYO+DY_d@)EU!wYlqwPEmN@0#spOLIYA zx#J3ch-duc0`KR)R76$k>9BG!fn_?Asf5*k9aNhr6; zAV}PS^2z6R(mxIu{}=6-w6Fkf}Dr6lA3}8u6HINxUs7u z6E%g8CLs7f&al92rG_@5`CUoBUc{5ti{Og?b8GJ1vGWgQ+5 z5=Jq}s-5F%Lu*hSfA6#u7-K;iLPpQb4 zC_ll+WP3B>5!+9<`GSL8yv&{0Rk2dUVcH@3r5+k>QOlB+^y)$x93yLi#RS;P>JNO0 zN}-wP5Q*i9u^*2;qZiDIV!PyJPGqh5nJlwBW&rZ!Q7->(Z+cwdj|zS4rHT&iETu;N zn_7$$33|cLFPBtcc)Se)7bLKC9$XQ3Hml!0d2P$hFj~jM6(_Jj|M)z1MnSaVuq&vV zwzOnH#%exi+I4+&^=*up?)Dhj^rohK)T&{gQ*QG#I~4&?05>Ydu{}iNqe3~UOAh{6WF2n_RmM!-T2R4QfkDm^2!3td97Mq6f7;_x< zR+rc!QpuCt2QP_=ikO9_wCJCeUz3+lPtR*jjw9`wXF0fx3}vN7B=3_GtW>S^8Y)lX zd>Q?+6@R0zJ;Sa=8+dRlqQ99^zGyoLAfWPW2PQ6l2EHx~rIeXHiR|820RD#= zg_})?0gAliRyP#IFS~pd-*20GK2`9r$DNhcScOm|{4A@Gv!v6_Il8aQ(sJZ%w)BbbSzX;g zE*Ayc36nmZce_pk@jLP#N}SQ%^*iSH|J=&WFkQRys*I-BF_3~G=?nzJtzEw-5o8z{ z386IUwM|gPFuB=&40_yNVXNCy@R?LvoyUkS?XL1_+&>S(Kxu`-n-omuq#1a$?jZ{M zyT6p`Kb%OXT`wsczqiyft>NhGXKJ)0(euP{x?gPDa(NjI1h<4H$1z;$6~1Wf?qGU+ zLXx@!LB2L)^X^nIclV)|pbZK3$FBMDXz(}Jxgs_WeBd}CxKgh^E^4$(@L7Gn`s|PK zUDTVvcSD0b5}zl$Y({|NrmO((bEYNE?-&R2cjc~TCVvH*P zXc{PoO)#j-J56K<&+5-^;7rcuV4kr|BbpT0jwfnUm|qIcn13#Pu&vmT{(&ErQRYI5 z`S-p(_ONXXU!EbF3Giq+7*q_;;D)5NBjm4_=_keu=04^i4}dM%7fiOwp~sPh4Hy4`&}@e zxA=X-=aLQ!@zgZG=K{Rb9K8eicUlb>%pZtbL45~C#q@$QlQ%c~)1$mM78~Y&1>72j zx2w)#3P6C{*?Yr1P&Y!k@=@qUwTv*W{vc9*qOp1gudO^!Zf{QPSF5w;k*DrlvQ`ja z9h!pK@c=}8Zv$w?+|8m}+yaS|$0xq##MtHTPHDSLG%{P5$8v%28s~(&S46E;;E%gj0{xpE1-bE?e_}ol!K01w7Q} zz`Ko^zu3Ord_oe_*9HdD{Y>b?d}2FdhsNfr)I1z1oEV{QNaB$fDoP^R$aKx9T_pAt z?!4_GEh|*6!jtjn*^|8z&D)Xvh%3jt2kY@<^Y1!zG{*XD z7*0z$0EuIai;us!+?6FGC-0e=xyJ}|;7y}`m`N-^j%xgt!P_nN71+238q zu{qHLW&uK|u!#$8no|X!QOF+(KJ=*tCu0_%le}mB9Sarw)wGy7dp!fMYf<%|@{+OX#p3@5^VZZ?94>XLY?dEy^p)*s zMDHor*v?~)^)I7!-Kzjl3|p5$@#^4VSh6RF3>k>>Sl-8 zxyngTZyuFlK0+#e8^wzay~boBrOWEW@f<{$L9o$yG1L+c<;i+IxrJ0#NodRW?^no5 z{ohy?kQ(M;31e=uAYu}Ygm8Gdekc2V{MR4)Y#D_rYnly`Vdf9qaNVi7FU5c!%ZkY4 zF;!Ce*az3dy+rH1o;9;q5PCH<_dAD5DMBFRSJur8K0W`Qaa^80goQF@geJLPw?wyP1DE9^*w_%V&&b^QHP(~jnt3XFQzuahu>JM{knDa;D&@Y9 zIf7;*I)4KzO}+;<>sQjv8gyA*HQ_%F?w}7GN!3`#HYU|sL0k7WD zN5Q+27Yl;_1i{>}0jGPy2f_QKay$w;elg)v*RAspD64p7X|#!tn~Dc~t^r+FlK#>b zT`K)S#GlD<;o@iZ?@#WO*Dx`k;Or%t?dNa4uUOafjB8%r^;+@sx|_!l8F&?cGQ(8CS;_AXqxj)Jtb>uAw;mLFmQit) z4ck|JbA!UINlLFsXdZm%uKIsNf{q}|&lTS~{m56N2Jrw+c3Y`7mYo8M~Ik9p=W zxnokoSMv$^{SZH4zSdCNcVHdkWw) z(GaMIzc6Q?pVMtY1OAdvm-4J>HID8FR+Z8}LcwJ%pKAtgD{7YS9;4tCC403FhGK?* z>DUIV5I1iZ9miK%%&KcivtG;WZ0_TqA%<4IylXv|!^o)Z=7^XNA;eqchRUm$1i{EX zD4uIQ1=6Umnw?`Xey*9KM#|W`c&(t^5Z2Q058jDZQkYT*eYjQZ_g9aiWYbyw1y{w| zWl)cv&3(d>Q%cJHN>(ddG2cg<2Hb^sI3f<6w`QgZ_-}rWJ~0%$XtwrwCZ04KJ>3T1(CzmWMwCnk}g64$g`PjsE87nTh`F`)eNb|Do%x z!s6PxF5%z=3-0a^oZt?HyE_C3!QEYhySux)Yp~$%?(QxHT{-W0zwZBky4S_7o4VP1 ztu^?q>cU`r+Lez%N+>_qqyQ*q)Hadw{V`3Pj6{FH= zI*-mZVgcpqj3C$v5JVt>NFr8sNo4L$=MhoP+*SJ^TEd+pOi)ZB1I#Q=<>7s4n0o09 z?7aNj2>L-t!m~=BOQLw0lyh%Y9Y(w|P`!VY&=Y`X@c8ZQ<8NBHIj^n)7lr zaA<;T&z^HfpPFM9?pvaz`R~d^yp^WXPn`~gLzzQK^V&5ZYZz{gFv=?SrjQ(7I zoSo?7L+3$x3S?u?#(En{HQ_?CkR@aTcVr` zkpzB;ScsBLM^T8y!MROu5~6n27+u({5Ys!cG-vGy{@M=G9UZQ){HtHK+cI1g%u+bK zPfaR4V}ihwJNTGvz0egLzIkh}<0QJ8HSq?kV@l||*XNz49qW0m9#(2?C1-Z;Mgw84 z&z>C;=oIn)QY2zoS5YenIy|_&s1j2@@iv_;(R2Nj*-9b z3`jr0;P>%&i?m=7kd2grq-e3%s&pWCub!C6a|#O;#zj zl7cuU!Gm9%cRE>wFRvFPVc$A{9DkXa)T{M!L*|lBq_h8W#wC0$*R-Lj&!0^5kGaL# z?zH}@R8+EC z%}%RZ@SPDqq@qVPHS;W})Elgq(TOC13c7FkkRS>jvi*$XrxJX3X9u)L)w$7!!EuSV zj&pUz>R)h}{UF}W5O+5ExNFp|wx2a1DIcNpAt~CS`*fe))cU`=JINKs76H}J_o9Vx z*&$wLl+S-@ULWVZl&UHQJ#gLi20hsc+N)I#S4#M1>41Pub7Z&y3w(ZO)b@u9c{5f_ zqGYl3q;bGHI<1PrhO$q(CrPAw;@6}h(4gUW^-*?ZtC^TYsFLV$?GAhpsa(%nYP{%j zSw4G{;kZ}^w}aZ@?TKTfIEZ4ANriS152e|$3Qn+k*z{~_5lO{K=+OAjEAl-{Dz&aS zuxpcu$N55ZeWmHi`R&8@`Q$!<9YhIa=Sr^|sU54B^14oLmYufa6x75a?9_PcqJQ@I z1-Ux^=3=P|QD=qIV5H(%Y~0Z2(mR5B)j^4;XtJ=jccBRP<^ByE#7)^$6T zlxi0;0z9Z(T_Q;gez9Y-nSq6HZx6qu!!UOl^u#J#i6=2SS*=1-O;`CKRGDrT_B+9j z&f@$vB#$b}HD6k|R_sW#-%a?#X-s8$9?N1y1#5R0B#wDG4o5J!h4Zf*$-fpOi2~Zt zyqm8^`>#gAp4C4Mgc19~{|->k3lL5b+5LBX8fTE@6zcuO0VZlQo@hiS&DF4vBZ@kU z?0x<0?^yK^#WM=O9bj{^oMiWkW>8}TE#Ol%*OU3mqek~3I>Wjfm~Q;TqP4)M$k|so z*{I&EVZtX80H0zHdgH3|P)s%S_pKbgqm2ffv_-~%4^(Rs(kk3F=v5Kc{%>%rL*qdo zXl?pnUTQW284PTS^JVz_m755<>6pS(RrRjKe6O5mWOJv>uxf2_pMEzR^f!>X(sd49 z{o3p)P3Xwnr@0d+1F73y!;ru1VnSU_6E)94U~N*srRAs7*3SQjXOh$50sLYu60>*p zuToZ}6uOG*(Vx#KSK_@{C#%#UmoA$EC^$}7ASP9X_98?>qW~B-5^AF8F=oTC|JaM@U%*8`=;^VV99Z1i3)l=`F$%#(V zl;-?$R&!4+L`9d&-p9#4YUQGDWh!OFiJEmSgN#~pDv%V571uQQcx=8PmXRITv2YBu z?9Th-%pD*k#7y4H<^uN5AlXK$tgdoPQ_@}WZE3Gg*sP=3meyXTa z5G~TlX9$(5FFS-`f>Rh9=~r*h@TJzWqJm8)_>H9_N#Lx_9}n#+3~+WAh0;kq_jnw3 zZ*w>*@gw;a#wWy<5?rw$KIRm5liaxrzrRFCUAk7+?I>PFMr6SWZ8N_no&)ce(Wg>l zuCTS8&*JoqqS@uf0quzVcwzBEBr_fhQlC8w*@1`KMo;g-`%2lb5}uUv&+8tKqR3qH zt-4mL2?F0XyBx5TP3V!q3h2|=#Xt;+IRSj=w)lsPdO}9QFEm1DDowSub`tInI<&=n zrZY=IZOgl{j+UUY>u`Gz?P1oFh_kzjQ^Cf?zfx>^#(?V9GS##=K*zwVZQA(JK= zDEx6lS<`JONrg?}V5KMZ?sB~b2aURi=UAJ|&taNXFduY8JfE4&v?fzqGx)og%4tgi zo7Eyup61$U%QV$7_vM|$(zw{AO7&^;FS|a#UXk$q6Ysd@h|UThBRrlsz@xI`R)(Rz zHB<+K7)nEd_l?6!6k)p~^QSY{&{Bt5y4(vhhCYTM6}85%dEOBx_rj7y4eR>m(h0VL zUh3<8-Mh8>$+|Px_cR&WY>Rj;g8Q{D-2x!d&_3zXbHzNgNH?D$0o3!@tl~)(A{ayh z9+h+7sN3s!Dw=cRLWY7z7DognMv#Y*Bt;2&!OrxUox~-Prt1kFswKvY8^=IE9pKr1I`GQI( zu}R+3I@+cEj}s~QOS6QPtj=pczj?PyqZMB>kg0%aF?Z?d_UR`5a{snKq`i6XlF&}? zVx4jQP)ux_{uo#&Z5F2j_o8ch#&)lXk9Mv3LBJIRO3Ll$iY3~RCE<56=Bva#FA|RH zQS3;i%)4!*7Bi8U;-j)9wp?d(Mb*4`FW8j-oa>;UuG3|H37Qy4_IuD%ZNS^eM@2zF zQMBuQRUyqQu27+Gxw9LvSbj|+CIv0`3noopJ;CL8D3zq9qx)l*C*uM#TCDV}@>DuO zz#w@e9KM$vLVI)0F(FeE!60-yis40}k=?alt!be@}XYceZJ#nNe~%T%{KV~4?} zjvP8Npl5Ff!)I$&vF~bn3QY6#WN!`A?iy?FlQK#LO&qp8S(A_7C0vV>{otHrc3N zk|cBU0IU=8uaw$y>|-MpdCFBImoMf)KOAi_f3dK`Od?Q zi2dURO2|FF;3q&F4m4?~HYNy&laG;8>IFSg%R445P@t*;bg>+};ck{eiiB|<&{&=J z;W-c28)VZDl^oM023}l}zZHnPOku*4s(u@kc81;b1>Yq{hq{J1)CM^@aUH!Lj5k#5 zmRQA8MY5E4e3wZ_Up11c^W|h9P2o{VOV0BCdfKVAJw#UPHDuj7 z^tjS!e`)>oz>?1U<=)5Mf26`JzHX(O69#bAC=p1l_?vvyX==$Ln6oI4AjFwoOmM0R z;=Gpn51WKGRdTgXA{u9Z>+LcXk>u*K*oKW2-f&D+x}nd&5v~aIT@u7^_?ZoW_LXjv zR@Z_I?j?P66zK$s9UsObS1sZ+v&la92qTm3-1!%WgV9rrMd<6+Jg>0FP-luNsP=-( zK+JLdNp7m!mFP9}1MURM#?&;W_J^bsJ;=`R7v#g)@)^73PDbqULI;U-Pt}-9;cFYI zK^^7nd1e~ZI>8tftR3cgla4n&3VxBfN(o$QDzEMXXKOg9R_o8Lnc+LwTB?;{ji(%k zoLKtM2*3XtfV`cM$5Oz5mI`*Ocs4R$Gi~mxyoc>m&Vk+4<#Wo^JoLc;E$%#~QQ~<# zkw9you%<8|fd_+b#dW6{u`A_!@feF(hrj_{q&g*eqsOk#2i|8YprAJaZMoFc$KhK; zeQb!D9#2Evc&(15{w`(Ihy|P60H2iHl+;oia=n}cV}-ksu#fgJ!5!UthZ~y7WY$2N z(SR%9Xa7el$K_kd=JBD5qDhh52V`4hHhgL)e_wcgFsXj%rd%Da>nK}Hg{H(ik)R!`ET=NrI3dKZRhI9huYeu z{Eip{jUv=%?)|X%>+Q}$tfd4;UE8`&-Vy^OviD zi{*t(yla9kMoxhDdbdk8e)iWQKKBmzMwKrsMmeKX-h0KwizKmAH_lXt_?tYk>EGfY zW(J(vnIbxi_`{8qut|Hw$c@%oQj5l>ktM&pY`V2FKeQ#Two)f2KWKmGkpDf<|6O^9 z@bOR~At7O{_KmB(MsMU5%QYB&AZ?i5GUCpg5|k$I?fh7o@4w#l-SaeYjO#wlHP0rh z`;PRt5Eoj;xfm|!pmY?)Jq)2C{aS*i)yktP14%`blamwE(0o=@R1ArV64TO3!?zWm z%wA!$_yZR4LaSOv{P=^;ooez=3nPqmc-G?Sd?f`H$`P7hVq<|54oG4>Z4Khab8{b? z=Nj*h=;8AN)FA@rc;rKUz?YzH-Dn}#c8^WV=wpE~RWYK`PQ;BiFYOB}E%I+FO(g|m z<8l#s#A0H|ez|S^yeM>~cz0$9<>so2ZH^BX`opLcin$qFRhum|R7^)B)mi;*TAkCv zNI8$G-0&U`L}Ms9))6C^m?h?#nyKyp$Q||)ZJ6fEwb+xlBz)el?lJ;o^T9(sC|oD& zui-Q;4u@6vIkXv(k@2U`;lr~I3Fpf$*iqtHanbSC){4*e`v`>5VHj+DiWULC;H4XE zfV-3{?IqGys}u4D57N|Olk9*yHO3Rs2B>vNBzn+cLvEyw_q;D-QSVzR(`xdy*tT2w zAr#VvO!ftK8zuIpp4h)!l-SwBEYvYr5$$Vvj!&j4sJlHeL!md06IF}8!GY}T%wS?U&5X%6_7pnuxP1HejpH^K`N*eRto>L>^ZAOZvGFR9 z>UK?qj%HWXiM|WMxwv;kCz4rcEQcIG)M$U@KIPfxmdUkWLnecTOgx<))~LF4awi2{ z>~_&=|MD>V@YV3yT;TbQp4zBN`xh5hDCj`_&pLYk{R0eSK@G<-vn+}Yg(u}qf2f9d zKh28N9LqPdkl0=K*Brd%`F7*hPoo60l7Dd#Y#&G{BNaBNXzKEN^K-)Q%s+XT5{1D7~5C zNtM4pRWm=``;6L>vS=ZRou5vNT$FBVlrC0}X6v`BA>O$z(l3e|hlh>u*w0jn+*Mgp z`zj+}$C64YSvE7o!W!uH2x^ctx6P}^xSyOXeBSiDPsJyH2YvvV5W&^YqZ$;=t}p;98cewMAY89b?KP=1{lgvmD-z3IcFGa zmH5|1{^w^BixM6g1*NlRM);9L(2c&u$q^tlNHJxsI0U_d+`3gVJ0&TkP+~_b6@gE@ zl;h^by5HEaw}tw27PFx^h@$VaRyDOMC|a&mC{bj7_Wki<-5%Ue zt1=1VbEzu|A7eQy!ef``>jS~Qs`JX0B8nrO|B4o~3kDyr%&k6wk};-E9|Y@gPi57VkM z3jl`cZQX)WvfDOx)6lw?P-ZuZs=dLb)0m~;4|-h+DqXsleV7V8mM@zxo(x1V9_@>Y zAi0=9mOEY3vA>B|{9DN7+AFje6$;skOx6|6Lgf>p2+UpY@{(&r_BR4hQdX4U>iPdN z1z1a^yF7{N{(Sgpyl`8LH9_=Kx_AOj1{7}-G}VoH3kDO=`%beiTPoUal~MgWt$6!; z;8Zp?Et=*(XX{PO%tG0%R&vZ{i*77X90{le|}lQ+L_Sr&*X7QEIk7#6nV?P{C+r56=``g8cJe3nwDq3FBQUt7oP4e z2_}4UkH?ASp_e+tiSMm*5&Iz|wT$>$_BqRwO(Q%bYPcZa8Im(jL{j8GgI9A?&3`h>X~%(bkr;`|R}5VfEM~XX#Y; zy&%W;Fv1cG4ej9}E!DaLoy%kf3Q}gtS#4)M0CFqrU}RX7;z0*?*s6D^5gB-#=v8%Y zKUQreO01&&m5b`=$jF*MO_{?Y^6P=DfnqJGzsPS}MRV;#!`9 zU$`zoJkgYtPdyIdt3l%5(6e>26B}Ka=_{mqahD$|gSeI$twhsG#BP!Yol>CZ6G zyVC4LGsqQ3u5ssniPH1eaMQH9`&c4axUnF1KmVeE%Ghao5?QM|0Igt0;vSD7Ol;Fgt#C2_Vp z_+4blXM5Qnw|cWBl+DLF!DGPL(wK4btA%-(8ol-(u!L1`7n4_nYppxstOQTd)O^L? z{eTNTEe>K8&xwikR}j3Ym3kX;1f>g!a0;UoHfcTEmWZ$Mwn*v2WvaXg^3qGVIq63U z@kfa5mGNW@6uN^%KGt#K*i#h#-$nVB=c>bts@c>I_z4CV;$acwrR67`D*(Rbuqz23 z+Y6`XJRHO7Rfc^BR?8=f_#$>X1J@W%^e1b8m8u7&%+RbB^-A67JMHGg8C*m6(FX#} z&L13RT>Lm^jIJS$5>jM( z;l3*i_4I1@-W6-AGyLdp)X^8}f{*+sFeX(g)6kPcSoxZHdVCx`A!?U7Rm~%G7Jk7G z|I=7@KTyC<4hzGM=xFVsQfG3&r@(7b;Qt@V7~Vtz+<-D6J*?OHRZl`U3zga>YO<{4 zyddmo{{Tr2Sda9|KpP+TQx_)RDXMx35^`cK2-X-*mfJvZi08?u1*=QP1J(q!YJ0-V zcp1neA;}pWLy%tc^8;hf!BJS(!8kR_{+?j^O^>OGu$!dw5O*T*qHn?12N~TRiRPwl zY>Qn;^kVp1-(l7hr2KUITLn?PQ41Bj*c!SD~my(O23D6hy{WraCaJJbm-pZxTX$L$*CsIH^Ix zhLq!-xza+}2&JC z3Nhk2|yHd;Vh`b5rFniL`3e zQ{EVN^#g2d$2Sn&yDc# z3C_0JTJ+UyfbwOsVRb8y@NM_0tJfIk8WDFSs1b5Q86w3o(f4>! z4@;K@J7I*cCMWo2?4%M#Hj*|USK~JSf?WGeBw|017jHT=KoK?7Sjg$F0FTS)s;h{5 zwZKlqn9X~9I0Oj{|xyIU;6xU@_7F} zV0qp~y!nfCX(Pqrq@J5{hhI3u$57Xh2;hNb<&fKu^>Tmm=d_YiH^1=|C7T%-+0OSe6&%8ZGrV^c{e@ zRQ@*yDq%_iA;f^YHD(q~VlD)q3Lq9%f~1NY)aTRWtxJbiM1q`HH+pCu_H5yEhRms) z3Kr#4Rg4Pl`<_=M)hniRIMg_{&oH#ocnv-tpD4#Nf_j}tzJR5ME`77&eNSkrznHpY zYOJRSt0GdNmD&lWKtZO810PAE4^K!yf9^UPjKs5NYI;JEB1a49_se@h2^$7?L%aV6 z!_AV*h)9Bf7meALnDjF>U!@k$sbP23fP_XmzVs6b?yGfLMQUB#6GJ@N4X@3&hrCLn zQN}%AZAe0cc;~T~Axsp6gb(}P6CHFX4%jQT1PdX3YLLu_4&ib@A~6u(+owNEGi*^& zgWNlT`I3YN@Txf;qm+$57 z)c1PXDs5Z`vv-1aE=n%`twbHmWMY5>P?rDQjL5pEaC_Z_dv|tPuSAdDBW7<_0+XpJ zOQ!Gz%Lj%){XrkHEbQLV>6APf1FX_*+S~b9sgOyCyDP8xN>&@Zz@0ZtsZiw#e+~=c zrGxR&zB;jTVq$P)l`5*;)WpW+#8(K&yO*O+KV9ykUCd!e&!$?|ZtI3;v^$Y+M~3$| zTL3|^Bj(Bj^qM(ss%#;I10sd@p-mJI^y7hjv9J-cllvHGI?s@8n zs%~}DY+ZDkj^c&!4jI8rOrUT>J9Tz64V9X4nVb$myK$0(ObsUnGL!M`f42b&et_6r~UPw`5yTI609K`0T(7Ao^*? z6RYnV2-jn@j;NA1`s+{+$LCA%Z>5d7JwAEHp24~!=lLYxtgXw$Q zUDvCfOhTp5a?D+22H~HR9i^b*b35cWI;eA%i*95NZ-B zr1AGwF>-7a|1HvhmZCuiDRBGUG~&TT@HHBm6#E?13RzP>+76=#0=C+MWOv;SSA>j} zW!P&pR&?KBsR;2rNKUblC4rwOs92eLZU$n?=w{qs8cLf3#w>NQBn+pFe{@ zX>0B zSGk?)7>}JD;uN4Slegplf56xSyZXo=nC6J4H1hqH{rmXbhOLDj9wr8DuJx_lk-$8b z&oifRVFKzL&w@ew#1Ryfy%&*p8Uc7?gIIGkj43J<%Ph*lDb!-_Y^`~995wM;YtT{W z=@x4Z)ys?6Pic*uV(~j+3ipD#rlz3s@~`*=1d6Tp#?Rt}v4Y6x=z%^TKr9ZMjf6wc zhJFS)Er;4`5I+kPh>J^)iDpp=#p{KxOtsP<4r7GI;s1*$x%~%GN)B=AW@KtB+}?Pt zY9b%2j>8s3=ek6qaZE0@b%VSk{hnM9iB1Z^t$kpHPZ z)XZ{c|V(`{1+rkH^bnsrPll*>4;poTpDrZmp>@$nTg@*i_cTmL>=ts9zlJ zeIFl;1h{-1KWiW(ft~39jk{lsrkHfBc5+pSY<}Q7D zSUva!orAIR_J>XrK1+5#bH3G9vcz^DZNlVU{&vl2qFSgR^cAB_dq(N1!md+^V2@dC zk}^KvGWuhFEd?dNDHvf+J6U8RvsMh^`Zri@vf}i7V%pi=RVV@EfRf{MAr2|M`zjh*E{e4Y$ z1G7t2(YiBfk7##Rr1TFCn687qT4Ml%51N!QxLW1ljaRHh=T{(w`ZOj3@U^$xh#-YV zv`!LfC{G{DVD$P_A)kEAyzzGqv&dAXU#XH{@O#^+W?$)}splDGrS>yVd{{R5M>X>w z4zbh`-DaDG@85i&bHF9wv?I+vTySkZZs^IeUIexq==|!m#6}eg;_ibP{A+Y9>>H5ptLsl#p^)()I!K4l#hn?5Ui@B^+N;4-N z_Pb1-;DzzgF`B^LTALI6;Y6m0sVOx$IQX7fqSP;rO;5D@lli`2BJYv}cEW$|ct}Z$ zducqB(r%5%F3T8vh)~;~N9WsKfuJ}jYf;1Z6r80DB~-+fhn{w4!Ka7FB`-<{jKW8{ zq>cP^rWnF5{QPcsz)ZQ*RIZUo$}Xnd1>9h2JI2&`IuY}V9F+kvGcwvBgZNVbt?B+6 z_`DRj*&z}!=L!2r6G8YdkWy}*QbJhr-R`>vN}RTB4leWSBk@TU0pdZF7)TVruL7LI24QTy~<=rOdd5R1|}^r z5?dZKjmi7~ZNh%EWaVFv4q7VMf4$IAC>mG_y*48tkVUsc)KJdC%;S&`&e{u8sYx#3 z#FCVq;w$S-{8=>fjC1s|yKJfuKwka2#TlJrp^`f{^+pR;Z$J7-##mVYCxZXN>BA>e zsNls2pg7QC>6Vj$pQbTX-RUJ1UgOB>W-T*7WG@Q z7>T!kN@ID4`g1cvt{#8XQ*dkv#@92a1ygM#=GwTHGDyLJScdN=>)Q*pJe2P($g|vO zq-@{$-?{VA(F?lS7T<6~$Q{(jv~CC}-4O>(tEW@C`(f7Us*G;syH** zMSU-IWbi0PkOuoNv5ejo@YYrYzI?z>LoO;^8$GnOdv+l3w`uGy$mT4(0#m33pQV=r zJ`*AR&aqJ=YiZzd=c2tulw1$sB2^TG++lnJ?<+i2Z_d^KKCtF(niu7F8TP&4t7!Ne zZa&K|O|EefIrNx<3w`KKTQi3a@BT2FzWw{?OctyzJ@%OahgQc(RaA2ssh^$AhGye* z|6>L7s6cGW0}>;XPeT&3dqC*XgE zFbB|OL_uAT6im%QShJ6udKN&@$8;qZU>UoA|847WR1BxF=yq3b-Moqcht$ar5AFKga zFeX$aWSLi(cNsjgIWQcJCNxbHFGf8c5=LR*Yxm5#TdFpm2fJLBUd)NX{;|)m`s^d3S{JAlLr{J$O*Wm>uKho2!Sy(vgRxdSbc?~u&)6}sZN zh2-~7*X`T$m(ICjGSdy6z<-Kn@EaDaC>TK)8T{CvCUak+ITYm|IqdQbhY=XaI=5BC zQWN^$xlnY2WroTK#E~&+`J5{PqSfUQG%M3-6!5Y(E|^ZJ-grnfn7pXw6nd@VOqwQV z>S{b#Edm2VRMU~2#Zwi?Ep`0|q>%hh0-9{M)Yn+4#1Q}d`6H;KgCB*@MM?z+8bKNk z1;0OC433XS!)3P&F`wrY@93bkMa8 zE-4%vA+6SLL!u-Ubq!;Q{@>+Fn(uXjwaC%u<<5Cwi=Ze`=RXm#iOtwmo#0ir2TD08 zB8ExsIrQc0dT${ZOLR*R2%k`{J={{0v9>81qoHHVYn~i<;{S@0JLVRPuFJ>AS5^d3 zLrINn@q)7qbjzI!lJ=30xS8>}6Ra;*P^H=FAYvu}!yoX48yz7Km^hAX8!5<%S`Ot> z9yADSzDub?2BUI(l~L{;HlY+_W1}?GkE{`O*me;k?rsU-2H`xmDTQYgD->E4b|iELiEQEawTPD z#VQ@HZ#EnF*4EahQ#pRTvj1Ek#`vHbG_dMgX3p}^>G3#sUIay^0gL+vur765c5Vnz zW&9oyDpXrb*PyEFPJPzCR6@MB>H3wcCBPUP2*6b@6lfav! z|IZ+`p9sPqiCO0-IZZz&;=2cRBI2w3X2jW<))va=(NClMeo3d9{ckf={MQT#x${Pe zf)Qx_{Nijq*Fk`s82HT?*Cp!v`&p#z)k9FaUNq-jLjjrjkQn5ELydzwXmqq1&{OLe zBKH~sCq3^;p7b0QC_>oRG)lWDan`Dktr4neF%a`9Dut;EjqY1LqC&61 zlZ=dMegT+{fWIm$rD5PBKt|gOaI336h?##Nzwfff`f#<~SAhcMe7^GQ>dF?>>yQHo zMYXpV1VsYV6`HJEl7fYXS}3J4Es%h=4^bEf#n5xzG>_TaLaNFfKMT3n92Bs#ah1l`1-T z=mZKlVoi4PBjYA53$L_yiB1f|H9H?}3QZ{=Labf2=b4R_$>9T|L{!+98w{-e@H=pw z_UTH*L}f0)b7wK708p!^oIqcmx_IPo+R_y)lKc z5I>7ijs1(18)U}MU9mh5Z+&@V^FE^k=!#TYFYj9^&3u@Y#iroZDM^ibH-6r9rl&Ve z)KKu9_gzqu91jwd2doo9})?x>N@l~zgqPi2Bii+x+-Xi_2?Y>Damq-Tgw z_piLMnENG{lQ0$zo?|A1yBjilTW>)?91BOg#j$xqS{+&w8hDK3E<;picN8tz#~|ZJ zKQ#pc+Nl2VWw4LEW_4Hi;>8wF|6O!%0PpHV;md?9-Tt|UR>Nxfs{-PSw45F%cKnS> z6UFt5Zo~UetQ9$U_ia=PhQf{BCxNKk4Go`GYteKxEA#6thnDnf$9!$;_4ep51x;!` z83KlJDJ{~V-5%3y-8syD$@NYk;wPBFvT?Z#=ihuHD?PS-igFo&8yh!F)vog;eL>yh znHog0{R)%uVT8gS-r-1aEdF-Yjcn|ng?IS)M26pVG@lCE=XgUnp6W}caf~IP&xUJr zvZL$`b~G1>@wCOwBQ_msTtn6f+aT_|y$)o3xFplt<3DEipADXl?*Z*^Pab=kHkg6p z^$0@bQVDX76a627{Qio*xx$_jM)#bm(2ka=8N)Yb3xIrs^?5{6W%~{=6duJ^j)Pe! z)(sIw8_V!b&`Q&U^D)(*B6l$XTx+q$ETh3QLqI7<>`gD580eep`h=LcaNLMu zPb4&iIkJC%ACL7j9t%9a2<>{)Sw3YG#$iH0KI8AK@t-1eE)oI)G-jSdJ}rI1XMY*aaN|rVtBbnSqMBRtAbOm)K}{u2u6DM$0fO zVC%OAhCyPPg_9pv5J;nuo+h$JN?pB^`TP;ha>{^rjh zMVS)Sa?F(`tMI@1i)xvQP^nU3f{UW!SA!ck9ZULs!LzkEC?%Ux6z2h*zn#$bbMD<#o3VQuO;m;(9DDZ!etQyB-v!p%64utJ03q2<^+|B~kKodx_#awF)4?;33A(Kel0fH3mv z>H#piG}OrqzL?F{QlB&_DJbbwF;h|`V*TR||9QxRGP*D*JjX|Sz**jLiUTo<*M(rXDdjX_7($?GO?otKZ|4oy-O&t`X8rm z_M{%vw*9}euvz+u)bSh#O|w%|n7cSKR7fG(-Wu z%lXVd8ue;kG9|{27tzQL&igtK_?Q+)GAdt=x>0UiVo?p*Q1!EswxEaK?xV{4p9bztO%%8W3NSmy9pi=qI@C&kydH8f8^ z%ZHa5SFcaJ!4JOiYYt8HYe8XV$J0e}3zw;NcL6D^{qWsX+Py|=py+7!^L+fHLGO@J ztzdN&BB~SX7(727s^X$?L4)kZmFFa3VU*}j#>6GA7(q7W`BZo4(j+nf?bDWv7Pti!w*=JFsH!lCZ$j==E@LaV4kAmQVfM&J53wET$iX=1* z4T81vKCQkz&4s*sH8c=OBmdmcKc|8isPW=ThH|1xc zdS(E(vrqBTR_As6Rd_TNw;Hd%sxowLwM~KIXNZA=6(NAwY!o#yDwJF{e*?JW@w*AcD+# zB3QEx=0AD$!S`UK3m}u#woZgqmhZj(WZ#8KVa?vKz7b2zrl2MJJS}zg|AguxS-h0+ z=xCU_MTX;`>PiY9?1ZknVTe9%+hlq`?YOGMXPpo(6A#cN_3F@@qA?l&hrsvWKS8MJ zMdU^1`n1oR4CFgMpf9rdi-cw`QmmV7*n}IqSvgz(}vNiXp{)i9RU*b4y;7u3f z%kj^>zck!U$eS3_18ezsX!cF=x-pR3J@J0m?KI56YI9Q|A8oRL$>=4pt*9-p=dZ z*42U%|1an*#q1evE8wADYtI9DcVow}A%Q3m4c;&W7Sy*l$hN++0K01+e4;E~ltvUT-4_m@mU;QUb1 z_qX2`NBkc2;3nZfg{a{=jFdI8m89jbP7`3Ie2Bo$e%gl?69XWyYWxUnJ~MO4Q7~TP z`-TqpgA(2;{Uf$M9s@9u{cxUPl04;&!Z2PRHlu)>pYHLDA9cL{?1#_T&9%7GB?j!> ze8!NRu7}a@HAIbtYIeh9hMuDE8@L-a%PIoE4?5;NK`kxZC_=t42pFWTxl-j8r&CN? z^{NPt4Oa*PZbv~-L(pGjwc}4 zYw1PF{DI|>m57v@1qbsd?YHXtJqTnK3O&)|xPjA2xb_u{ZEF(>Dpj49qIfGwF)pWL zN;#blzion(e7VHB5uHf&LW`dEhxzH6viV31i1g2suRTBxPUMiK@f-?%x&-OG8+7k zbEc6|6wEdO)TG)Wp7lbfO)kGBfU%xCEIY6?=mf$h!n(AXnNn?rJqkc(tW>VKN~nZ* z4p_PtpI$iW3*J&6B!GZ!^u5pYg5@cui^w)vas>gR?hn-h^aa%cXI?ABK1wd#(i%$)xUi4UU*q{?0Z!_z2Vt)t@AM$ zR>^j=fKqBcCxL%=q0!DvVW(Z^T)V5G3SOz~$<#&i3&3;Xa9_3hfF5!2w3BD%BW~7K zwVFOXo$qJ1k(jl^yQ9bbqT7#1+Sn+F(?ycrp2JXfpq#wRG5(eKl9_RqiU6VB!}26X z=*d0iOf9(oZUfb5eBBpy{p`S6_f=ei8n|AyENq~VRcAjrMq1~pE;l2Y-InWnJ|B9q z1q{l*Yy@>oY^+~kAY@>0@a|HrQAlKD;-RLd=5}TChVX2W>^=aDm6bImC51_Iiw2nt zx}m97@NIt8eiGOQ_;l|#tG-XTxoM*cfu&?UDzw;Uy)hiKN#*`pZJdimcO8d3KDRfo zu23cOS%t}K>@_qwMuKzLlUSFC1*b+Hbd0$ubdmF+RRlEy_-v8^z(ICjZXBAM$_h{o zMMAzdIp)XFCX+HM=r3h#pl_<#lQV`L7z|c+zz%|F@(jQqZYNDP4gaYz5_(X zT7z;bN;kSqXw8>%67L+}?H{_+5o!G`B2p6@J?XkUgKyl_7QhWx+~dh>TefG%`RK zX%8eh!Oi=PR%qo6a0uu;DWB4)iuYG$D>Wj1+5pG=Uu^wjc%5Oly$?4|V>GrK+ib&z zjja{iwv$GUZQHin*tWf5~;gXe5~vLpalkR*>k0*k(TeEULMXRXA$0t<)x z1hOT#H+&n)QNZJ7#u6T+?=Lh6`-w#i215B-)iM9)9Yl>b$XyR8>{Iu-0Xv#Jd zj9rT}ihO2&C^#vzPy~6k$GvqrmmN3=c94MnuRv;UYs<6S8N6}~L!*dynVPwfb)b!B zbHnh+jZNUj1>}P?aw@+PVZ5Qs4ELOYw3ppIE<&0f* zbKhsvHZGZ!5Nw{uIWhz2oL`HOrdxMF0`>ksLE6jJmAk>~{4~mEWM#3p zNZq%vZ`-$RhgW?9kNog1naYx1MibKRQQYrRwP2J-k`(sM8#O(ny#0f++YmK!b&v=1 zyPfuR;t5)H)}0`cCXIC3RkF8GjAIq=(WS8(62$9UF+0cy7$<4b=rgReO3d_s89f6~UG@@L zIBfQe0oqbB;pPG>ej)#8y#8 z>W#*AWJ89kVD?@yvNn#MJFX7#p6Z>*62t8Q9vLR5i7OF{Vy_&zYn(NLx$O^pQ;7rK zAI|&;P#6cqo#nCK!-tfL^{XrDe^pXX9{CGdXgaMxj*Ks4szL=9ogW-RB1y9|%lFRw zMe*LIKQRsC!Wu@?2noaFxG!fhGS=2%_cE8NSW8q1eWJ-4k5Kf^6XAOSRUOOYyOkFC zLNc^7N&vZdkSM8gN&*?-M_grzSAxF-G;)hS3G197Im9GD4YXe498*52l0KX~d(;%tapDbDTgI%hjtS zK38(6y$r!+)Phn3hISU7LJ=AbE#q~p{SWk6-KE}UVyBd0LMwMkO$PypQd2sh(+nb1^u+cXdG>f$O`RaLZ!B*<6>5{P>@sruzo{&OP{-59?=JR z%24=hNY{bea0{0o>d5^;ls`TZYjgVoL@DnZ2wXa!BjA6g@Tz|A1A`h`!@Rnjp~H^ z9rhvIfk58n*)J4)2{!S%`3xrWV+l7yKdLH@(%s@zk$%GX%yRrKeZ7^2Xb$#k3#Nfn zP;=sj76z7+lLPvFKXiFQK389j2J;-R=ev(6#ollNC=g{9MR|e1R?i~NKT>Nibd8vi zZO;to9FM6|Ss7lxXN z1qo+znV8p5s2A^d;i|0uIg!zM%1Vb-`d&t|czqdI61H^K>Zi!=whhjy(TH ze`PUwHuEH(>szT(9fiavr>jV^#oH>)vPcqhc~W;?o8iTXk6WdR9N(t zdg35BREFPcn1e&DaFmiVq9dP38tuBdaXa4OYIUvz#8Ou2H7ZRIwW~us%W8jHAi5{x zxs?A^Y)W?R+@D=B3r$wwVB&ZH{os_%Kb%P8hwS}`)l*bOL%}Zc_{ck+y|C)DcSIy$ z8C>PDJZ!b}lN2=PnHtGXG=Q1y#VA)ljJ|enf;|#f*-@QJYwtim9R@*Y9nOCtm9D6D ztqMLLf;W-Y7|W0=$?#3mXXSv;Oj!0d!T07IbK!e&mv1_3?fyW`wF+Oj!hTFRtVw7T zU1_B7dmY*I*llD{j7jmmh36#wjB(Lupwor%Ws7~V9~0Qg_$q_m2{&@vNJXuekRCBv zAzt<(uJHf!tI&Lx#{6128>7bOK|uH6+2Fq8BP>Gtgd|gYUu-2`$6-rFc(D8R@ufJ% zxY~n&c+VfUS2-shO{xG%J2X0Ru)Ajk%fs2SJGDTOxn~6ZwT&k?rl3$-KSlMY|52UG z*JlZLxZ03ISQ<8qrOy(pAqD_NIij9(-i*zQ)?!4XrJg*lM254GOX1L9-sQzTj9JUz z;anHD5&;Bff65kj8D51RRz3abH^qH}iFLthOHUIefp#Q;*Y@ho!2M5{HxI@6PnRfp z7^nQC&N#n+>{&wt{qA{fQ*Rs|P zMgDG4GkIvojbA1j53NC;C35t>+k3q73#b=~PdZtsB4c4eGZ{~hL5KNpY6c_X_5S_) zxv{bF%JFY3MZ)wAn=%J&(1)sanxHAs=_Z!~@0Ra}n=qXHhuA>3|AcHv=0+_2;#Nt$ce5kZq|e}Y5v_QFC|b<-PN8C)w1T|X4H0ahVh z2(Q(=UHyT3+gTA%Ay`#00Zg4cn9|MNcK%>Uo_%GP_H1H)5wr~O;wKb=*0>n)bJZ(+)3)jrn|NOQ_6ao0@5`CT~5oHIEkST z6s_?Zw4>Y3NdNBcjB}^~UlaM(Y`($bMsGwR>SOKc+}+}|oe@}-88_h7O;cQmE(~7P zOVF7Dv}G&vVhBz~PCUDm5kdDOTZOz%W>S)F!GtbzE{009eSfhmV!reKS1QENiM1PD ze+4)$d>2H;Hy%HRu?iISw(#^trdmZW%h&RX^hr{&?~@d-WB!%~KOP6uR&9O}yGRcET7V zHW>UqbJ&6#&m8@9yqpW#i1Yo%FuB*PAM4QAjv%clN~DVMz@m}>-urizTzIap`FUO) z#V5Wa3+W2$fTH1IB1EoW;;w@M#EWBisaEf2zr_6gsBqgN_ z{tr!$YeW6NcezXC2t|KiX(Y9D)boe-`0Xs95Huow&RFUB_L$^xt#Y;*oB_+58Ko#c z-RWrUXY95I*9|u>lV8*qV*Ao+EbAP`)hH!itAFf>zt|~%4z=+ENrzDqvzTuF5&PC$X9YFWfpaq{lcpH?wExY}=$oA} zAjeD&CTd%W;WKx%gw=yw$=r^lr9ynw%tR>SG@(!rlx=r1a@7S*6 z4mM#ZGI*{bcjcNFsZwFz?RKEQY< zm5rP<+%NgraEf5MI)Yb(AQKJe;jK2u`DxzQnv{l#AlgM-k-1M`eY;NFlcaX=wKtN? zl{?XBW+0eorcKSH1RC*m|9Z8vXX^0I2)lwDsMT&tH6sM#!8wamX>^_TD&iIaFSW| zHxFPMc6IJNcj;Z0I*gAPgHIv`kcb(t;5`=CCJDbv7`=K42mo13gH*;|HD4}wY@3&g z?d;`mR`k)@RCc*S=&z~Qyib36 zStu$$BIwGCLVIQQA=%_E;lwq9S~2(c?~@%0lU=DJPvdml9Ja$$a`J-$%m~DB;Q)$yzxR=J(nl%f^pHRW`!!9^ZrfUs7*p9KW}l$^lrJ zCs=HNu)RD)urN}eVir!Tbelcd2tHPhtj7<7qETwB{;iuZ-nO#>$mQUdjCRUD3Y{E;=rC5NKgjA|nDAUrk^5T;l~+cE2Y$E&T5TtCW_Jkv(iT-su=REf)O_em@z_xmae*bOMxk#bE9qV{O%)WzQw zZBF6ja=KeF-lPpRe4Bo;#wHm{Ydj)Xfyq*p#E2*sbm67#*KP@7sJquc>$$d%eua`R z(4w9#HY}Cq&y~4DaU$00su;Y4U)alh9zjrNjE>EIe%MU%+1vE7i-=sR%w2S*zn-RG zs&ipYPupRjG6=m}JS&2*2Za3mZRHaSs+T7ci;3fD6~C9lqjQJtufIxj+igDt;Z>Iy zN4YE82Oox#|4MYKdlE`iPfm!9L%I{w?rD2>5h6s*t^WKKbbwD_NU6Snc%W}M`embk z{+9c(4$7v5-+C)>mz*YUm>6j2Qq2w*P`TAXS0+D<04z~YZZ#1$CbXuyg_blbb@kqA zF|K&tm+HY!upad+hj^Gg7~Ud74GRdE51EV*Hs2uyQ9 zfBXxhBS9CcswK2uYY}~Y*5at!r(;r7crlNjp?moyZ;utgccOxyIqErWO;orEpL^21 z`I!NCJeEAw=-v)R1`-oBp|6v8gpz+xX?k)Z>23AMUUKobX8AOIgiJwY+A-qErppj2 zlFT(QOMK4!Q>QbtaBpzfA&()?zU5+=o|&LYBrxn=bxChq!lNLcft9TmT`=~%AB0J~ zSUHa7zINUx64L%;=24jEH8FLOLVHXBnWn-RIFU?*qBMw#-fHfhO+R}n4_*=AnIv&? z4ANob3X${pPHv-@9~_&#I|lXak}6$&wzcSf4+ozuhCG|1>ckzG(U!>WF7&kaY>(!b2rGv5ZCV~gLfFqhz~^y5#7RM( zs;t=}hLmRz1nK2U%Kl66WIXaS0qw9X6On(*s<07=tBmwh$u`@VM85Z`0@=Tj(K=W@ z00B7=d*aTPzA^?GyZIr=2O-(Rp)wDK1E}O1?M3l_(qNUaz)l{2wAx{*&dg5N&?T{d z_sAGBQ9v2GKXqTIi+A>lvW^?i2ZWg~n2;<%Fa#R^1OMjc3Ub=WRBLL8Q7%VBd%+mT3IxES*=#4FBF_m^e$y%v} zn(g>>Z-33+xoMbwo0XT`GhC}h$6b>bUTdXaKE5SYTBsx_AE+&~>Fp_w!KCT2I@Tz^ zJn|dlywjgMJ;G-7!K<7n3}RRC;@U-kp$KS8&f{3Ox z4}7IRHX<#ofcqv1A@|bgOxbD?V#GLmS@Rt$+WDuhoOr?;kPlZh_YX+YCM$5CL*}ZA zj3VOAwO>V|iy4jrxz*C5(zZHEI@LI?I3uX0dfFjMj*> z=n7$?+x~^(4Np3}jUSa+6s&~?iMo6=$jQ+}ZMfFYr7C3Xw{Av7O5P0Kaw`0|+2RRQ~AUv_ugLyd!s)qeA>$Mls}K6Ln0)3c|=N!%~)SW$p>PETq2A-A85I z!?2)QDo;TjLt%QZIZ3}+)sfk~CoG&(Pebx%Q0E~q=1G}dSIEo-I5N?K3ifK0f3~1p zDLoZwN)n54tVB&qMZx!lHz~ReCq-e+5cv%=3|?DPX{ZLcE_M^GJy}t}j(N@#&LDUy z3=$zFONNU01*+7OhROxT>coCb`g}Am3^t?A{9#sDCpWHjl$NC_f6ruYW_2g6d=fuK zO%$vN>G`pmam|j}tN?$87~8EQEmcBo5=V0?whDDZ-6}!9&THXao`3YZ+@$y?j%gcn zLa1?y@zFo-Hs({WZa@Cp55)J;B1eX$yZQf5)*%v)(|Yq?oN8yXUxcx?x@8=@rV-s3 zm<*Xj#o7#pipmdzhK{cP|Ad&Bn3;RZsxYIq=0Up(h*??DKhnkS?mXq?^*A1KszM@Y zt#8dlx{g*6UC30Mk*x{U{UhJb&$KKyN@!g@<^>|orhhV!iQ%eoZ;x5>7ljKwc*7(8 zHFEJ@A{?{e$ITF;Js+lbOl?s;kK6#p&5KbWM1aI!kXT$ZR3toa3OO{cD_#V=-|k49 zyIlFrS!-36y_SfMWvv%dPY+-NJM*A)@j*0LZi;<5_3O%R*o65>>p9^Ydvrty53pJe9d2?q?=z%^7~yf&@a-w{7Z93Mj#iQd!JK5q6J*+FTQh zh-v2gYR`5ShO0h5H?6Rou2m031FYn`tQ~Pm6|LNapYzw|-4l(kYN$!Hb)jFJVL`$X zU?FMTREyt3Ard00E^A5Y&cskgrQyfC*!GEkl<=}xD?@o4&A&yZRp}4tPW%`Df z(4Ziv!hMK_QYAVH2KyUOo8wbE?r%<-SeYKH(CvG>HyfP@Eeye8EGOlc#|7W`qd{H- z!;>EEcFdkNupzXmGG)Zsa;55QSA(#?!1onQdMbqWnN^xHfqF8Aa=54@h|UHEowfis zUO+rG;?(m?gQHX985aMED!nQ$WmRYF4i_I1^Dhy`5L~W|_+X;fyuGspim2D#43oWu zf49MN7qe>3l@OoxiBsgGkjB>XZ}`w3k|A+2Ms9}T{+4Ztu5uq2SZtsG^KzhRRj~Vm zk5(>$=VEK3XXfagV1m_qe<%G4R>*HwYEY*$B`czRjP?UYc~r{mSi${Y<1jT+2-iBM z5#YmNMg%4O1%*!g(qaC&00xw33yp~NrbJN;LGFFAH3}yAyQL;zz~}CEGqAGuyuC)k zTK)C(S1l7&&3K9d2ys<%y0Qk7GqF1dE2DzBPv*3M@W{IUMz4?(7cz=Xhx=7v$HJ1s z{L?MLV2H{|~XzTEL{m z1A?VM6`cJ{=sXZcsTE-rc4dt>@Q|$ZFoZ ztqQ(`(T<++2AS9TtK1rs4zje=qsVb}mE7C7w;1~&YbuE})`KK^JqQT6#rQta`WLBN zCN~XXSKX}?xkEWx!cRBymG{%^hLgKOd_zs&mGH5j*Ya06hmEe>4>v+WJzU=(FQzNI zCca9m;YQ{AN5%e_;E%H*A3ibpzB1F@;c;(!GEc8mHt2&y;a*7r?2q+f(Vv+FFL2!X z!a9R`CrIRZ4DWrz^^*cyOQ^UcS9}-r&%ck6SYP{T{3j->T=)j?UTPYkOI zIUK%uI`^JA1e!DfR1I081`7awH}0pUw)inR9$i)e(b`tK#HI!hAylO2$Mgu+s#wMa z?4O}2q;-M}0)}DvGRb|$qtKILJg*6(28*`q*oQ7=?q*z@M4d*@SG3lhzd_o(dlM6$ z;i>kdA=2%-4RVpsMPhrAoSl1d|Iuv6e7^n*6yKBoB4A$rnkU5|3gL`xcQ!ch5-h|iVyV9f{@KqoGE<}DJ@c% zz6;m85)@_}K6&39OZ}NJ>6r*R!gxHmwPn=~r&nn#eA3jCgh3J`w}g+^qG(IeTixHL zi=9SO&)RKRbB*NTy~rg7)CcR)#)JL*dV-GqxA3fjdmHZ9uhB2WV&EuwETR1gmD88c zo%bi|Crr*O4gHrIc=kH7k`i5MpSy&ycI8<`Vt+M5TMBr7_9)n)ny*tdFUrlBt<;*= z%P>Ew?NYR2D^BIdQ^w!ed*1n3Q%-ZT7#f4zZ-;r%18t^RwK4qr9_UbFMHnTMu+no0 z&&gD6MewNAmg`ms5%t6o+PD#MKS+Q`OCoh~KPNrF3swhiM&E1LL(Rm|mDW=WE)AakeM8Lcx z7R6m?`M$%Ll$MAmd8H>du*wVJ^V>^Qa3^pP*v?Mopc z`5-|YEv#l6(Nx0OWS)c9?sD{cMIG!S8dCi!cvJAQ7)WmP66h%p;MBjwe8 zzB_~K*T3fAF)Fdm->K8!5nw-^tgxy(J&@`Pc3rC^DNRuLwVx|=kp9~Z3M5wcs`?CW zirsQfK8{h^FG26wkp3-)(!w>3E>W@`c6~w1>9vrpn5?a-@1#lLa(mEyF&O>d!=pD2 z$U4N>JAMtC3oK|jAeQJNQrh7ZKg+T@e-a8(@&y)-wlxnjLw%u4Mbl63d$0Hw$)XEt_c zieAM7{#*CdeZ)o`KAgepX_1?7jkXSTAr1It$x(`$uc+zeVr!L(%q{?4wFAN|kX4Qm z?CkeaNlD39-A+D`sKM>%%;5b<1-(uiovXb=v&dH&xk}sCiSfL{^x%_YTdevSOt)T` zf)%1mPeKIcF_A3k;&oq<%X_PJwXXG$V7)}&C<3^wMu@sO2mbPh%YI4!G)!`kFbk=; zG^w8$yw_(Llio%XG#Ic4|6Zqo!SwAZ{a!<5LJ|bvt#$^LKmhyu1*Ux~JR|G3dZ#?8 zXKvklS47~l>O_qosofTB7cBRKHo08rr)#2T4)F{cqdKdA!werI+w@hUc}@Xf2j!UqUuWDt@THbNRq9M4 z9^#JcUBrBS;8QBh4HMTRKk3ZpXNi+ zz`$ZW@G?ihynVzy0fN&=!L&a=VU%xRgjjEs_n5v``?u*QbK4?0gEl|SGY04vMYfH# zNB-QHVCK%I3!X@e)M1Z*Ea^#pneq%=AVSzUsw^&iJ*ey#@;vUqmv@3O5G5q*%0GVu zgTN92KSn5C^SqdV)ieqN11R}z=^99B{3xDtVsejR&YS+Cw?T36+P>8=h&eNl3>waP zheX2l=iXpqpZ^q1$%)y0XK(j3_&LABTYjb~o2 z<}e#8To#JB63c6Uvv;y3d4vA>l2gTRoZFCibpa3k#Sdwxt52lpG)!tqyXTxerg&oo zr@?W-V-Q&<%cj@uc}h)ifchTt%P_=AVkq1XPhFpOe3KIoz483>Kf^#$cT3URwRqoK zgFypSzD?dDkNMW!E_Lt3dEjl{c*lO;^V-wW`L`p{Ay8pTqmg1xj(;~)invlu`wzn4 z_Ah&Kcew8GiBCg$Iv!L7C*gt;x5dq!nk$oDXbC7rgJD_Lj$irKxDvNANe;Xj}ID2AC;enTLwHZu=s-wAd`j!N7~t&!2Nrnjw=n-eLY!p? zh8n?Y8bkr@A~$F+h@C>G_tFW!)pa`%_(^qinGHKAx;eBb*H71=L;3ELi_;&^n^dtlwrj4+vL2Fvf;2j%z%cG;Jm zwIk*0zij2ee8Gv!hg*gZF2Jb8b1?ZohQQpSZp^*|FTWnE3jIX6i8T`dX~FwKkHxKh z)ab8Yjke~H`5{?iv3xsly~1dpXsNgkDd1pbPFI8|61W|&T3M*tik+@&a4NCa#>8ln zqG$C+bx{K-1NbI$+F2&P4gx(AK|U+j_floBIs09AE%Bd1OtTH{*$YxJUx~3xVRBH0 z@HzKvAWNX zQ#{v~5e9yvg!2x18|f|jUt3|GjwxlR!~ySa*&29l>3=^_a+uyGDsfzX?Ny9-yXiIf z$dZ3N9bZTp*SkT5;kLC{A&a=M^u)3~998~a2Z2Rydx;-W!hg^e#Sg=yKXtGbpyosr zgibMJYK4r!$Hk;3s^*wi!;No`iy8SdI(}!T%sY9bdoR1fR|GqUXqy@7R9cg{9+3v7 zw(XEL4Z)+0uVAD{CuEkFX6G7 zEtxnatw^HX8u<07L?ft|vir+!dU($pf0G}lW)I1Rg&3iAhFG)XTIr$b$huEB?#HY1 z+neso)^ta{l$3=L(v;#)Um&H^A4)nwT{MEHR%1pFX4%e-8VkMVGnF!RP|^>dL2Fui zCOrBt`2PqBHww+~naOZ}00){sg47EXkk`_IL=`AI6to~1~*#5J=8F6QM z#E%cyfl_j$f4<&^5>ZCu1iK8FxFQ5BAP5FhTKwveK$sVy4icXGyP~jM4w}@-;iCxT z1Cl_zHduY9waeS*?PC#9eqwuHs1=QAk7*|C6e69N-gR4|q@}mt#H2x@X zA5MN;sPZb|yYY)yG|}z4l0QD|#i>r9wbs)cvX*^}i2p#Upto&GY768`Ry*GFHEy8M z)BfW&`bq`e1&kKvmtwViEJsX4auI4_!B_rw(1FgnLpQ~-p3gGB{nk3mP`#y6O1OYs z2q)+Xp9$D$56~}&(z0>FgzUUuC)B*xp#z4Rb5mIuRhxR5Y^<4-2to`dPvqV<(n{G~ zL^)l~`f!{vthWp|Nh1jF*g5bP@A0jJ`|cNn@->^cg^R>*V>4qB8g9}tTk*+?o^~|O zIBe0gE(K?Ab?G4RUq45qjoH<^IrJD2nsE0#{6% zo8s2Z7hehP9a!{?>^mmQAAIh&vBx%pj*vGeT5G^_6PriOU zNG7VxVzPxwqxx!cD zUO~EQ*!atWljAMeZJ|Jn4t>bXKj<`a{{ZuU zP!6Da5Epm&Gdsmszxv_YK1Q;et#Dw^`wwgt{rn;DftE(>R~! zKkbnh7`pm5(_BjS@8C0QrC;HTtCbMboyM`IGC}j6TT28R1+)?{K|P&NKUB$D>TYfq zDq&dxt~%N;9Ozhpf%vV|`-mrSTFhuMm^mlQH#4%_TBy`SQTieAv;4jjp~dMcX4_r- zQ}38qhs@9O^r#s9^!b0AzU#w=x`Y6af%(reV+}sr(bHZrA?&mABg`ffPAzQmTVLMV zsA+7;#>>(t&+KBgWENxANBsYD*!)++ywNJ#f1~%#nkJ~AQ$!`i4jtqD9%Hx{WhRIa z9B`OWr}ejd(}#qtOGnQ_Q}{geT7_H%#A?u#dD72C^;`Y{cD;$GjJYOo>AS{yTCzOq z&D42r43~~9V#}}uUeXiJWV%WknBXu}E-G-CC`B5WqUm!}nj>w>eh9kg3JxyT7PE3w zZrfQJ3E@VEKNA^4#pAi&IDeNZDE`*8UG2RrA-(8IfRyDKf}ztWNAkE!VFZZO(M9mf zz|JA((jt`4%f8|}IOUsM(9tL?OGkg|WYku)h9*7CXOT08Ya@(a{@efI>Hn+7WfZKx zpT7rUNqousuD6CJub;fV=6BBRZf!F;13{2~aFLP2D7H<`PZsoI-HI371z|0`w~bJw z6{p2|^_n(RsDT<$C^`W}3IAK3be}uV=p-ogXW?gwB_8?GxUj|e^3iO-K}!9Kp-+U_ zSp>6Y6*cQu#`ga+7YDJo6`>d8`a zCJcL5!ZwoNfP9b*l*TCDm#7-2GMVEqD9GU7e-nlZD{vbr>{Vq0LYOczJ>V2?6bIeB z(>52r&lF5+zIHG5Fge`!5DDG|Xmf*@n35QDdj}lO99Is`6!Kj)$wVRWNo)?8ykhfx ztR!MQ*w+}C+SPrFZtzS6c@4F`naRI6s?ozp|CW3`t$O7iZ;{0KDdTRgXH)h=U|O*( z=WCWH*&sH3y(AU7 zFiJv$E9S{rf*b;9TK)oTY*OAgG*MA8q#q(Vsx{WoHCHIV@%a~yD8wQHr3CXvEkYMt zAqCb0Hdi$urzMg91yLDZzN6=iSA_%=ksA$tF?((WEbB0vF3;#|>DiI*hw|VZL?5(6 zK;-5oq(mJOz%zU6$<-%T(Swq&Tu=_q{Riu;-`x?w_hovXwb>R(4+I|LsXjD||2#CZ z3S_9b@N8yUFf`2C<7n)nLavtJvHkU(Qc1Qd?)IiXVYtqtALViEv&RFyy)KG2srcwM0y|$|D;I^2P=qilJJLb4kTD(`RyFb-e z5r%En{Y8f7*O5xGvPS#kk6|G-wc;DgfK+yN2S}$sEYe6n`>ckelMj`?rKG`IXmTaQ z9h38+akrt2b}uP1`<9ZJn?V!1R(>fa%q)d0fA{9jJ-!P7-kh8M_CesrNC@A8m5fhy zgpi4q?!nK$C$$?C8p=M9BT9I)K}=hozNI8OcCh0j<5w;FnZA4y?gy$^ zT1sx+X_HByx2OL2sPYPckzzrw>%_y_nHw@LeKkH^vv*qfdP$nK77)D6#r+!` zF@G+pkz0}!7?MLBvS zx*1iW#xad~{~Zf(A%24L8X=BdeaMI5fn+_fdq)a$6cZmHwaE(L0nb#IgPnl?4_o6J zhuZHd9^W5IQM}K@Lmvj*Qx?Oxs{(qnsjF$bDrNo3$tZq7VpOdWJZ_~JrR@pkA#6+4 zN#vcG;9pA52Jd3!fzbA36#{)KczC z7;_S|&a&P*m>w$VZ6B~E`KdK+q*!r!s)#$>^pQRS=WTwOHTIeDTm1#$uF<@q5UcWn z-g(<2`oeQy&2{Q{1`PCc<4=2Yk=6;Pxz%a(s!m1rd zvvMZ>5p{5OodHfl<=X@y1h%CZ!W{(mOowV{xzUi*&chkRe z^w|^=kLtNRmF4g1N3(%H;(fGi;q~Xt$OwDDU~KDsh^Xcljn4W6EI-mFRWh zI0zP&d=NoW1{#X@#F!S2jzkuglTp6&qpyWG!+`BHlA$?hL=TqE@1Q=!@z%aU(*me9 zsd}BD2@M3R^k%p+he1hnuS;EJOF(LLmI!JC;Z>_T4glrNsDo_W>n&?p<)Tt*UrqiplDSou;wux?IPNEl9 z(yUEDnDMjU#|W^gd?Trfcr$H+`5>Pidg2L*Xdew2chDKaIJB|>`CYjWiD8U>Pp_fg z0R{!%39s65pq{(+nbfK-q<*ZxYIDBPy3)^T4xfMW#EBwQK(Tb?N0x#2m!Bg&pPdt@ z+pIIiy5G1;^jmjAj$S8sTTWg(QEs!TfOp09kzxTgfJBS)4n(Sd14yu{mWL&6)+o!E zhN#1 zYsLxB7G{i>(Y(F%YTz`aoSIoyh6vvYR#`;=)b!{{H$6kdW% zo2hUGzc*xlq;>UX7j%PGP3EZT_;{~H_UAGS>Uq`9s;oG7TTFXJ|HGYWeN#WONgkNq zV6tpuME=MnA5XTJ0y|KZpT>rCiB|TXhKlJ}p``>adi_uMFEo8Q@vrE#*plgfql1ct z&y?_dZwJ_``x11vIFS_2(BpZetKy)pucQ4RO%cQtp1Y2v>;5;P$W4L=Dqh2ncY;cG z2PTsRGxD|3--S}S00_YMz#>T?wKkY@WgoNi?~EA!R;)Nf zKTSJWwHjQXK)z)c){$V-nKq*K^pkG7mCmm#<TWPG})RB2Im1=#RJKP)w%4GuB$uxiZ6%bzb$ywYHzl=H+4eU9r3v{F!gAH&2L{HVRovYI_L@aef}r>;c$b%NjbUX=2k za3B@YZ}S~5u;e*|+3MA{ei*2u3cq`3NjWBCBf}wCc=G}l6i7D+$ z%N6i0uTY7^d954{e2p%MiK&jQY&^fpl}x&O{rPyJO_%Sl#gQj7jc!H?NsThcgbpWt zCl_%*9>_3*O8hu#qBfH%aZ$-)CFc?am6DNj2=N>rDKhXK2l)J?V-mnKPx;ME#f~#J z)48H+^ zGoXyu`|>_GPL{vmEE)WOni;#{2HBNE-guu(Jfjg9`FRH>dzJ`#+{~a-X2AvEnREne zpAyK=%G0Ceofjp2#51X`1w%-`kUsLisNeYOl7*sVmPw9-=di=D|CRkPRR5o~aB{k{ zzw{s2@@YXD>VX8(zcYT7hVb40Vp>YXKONgTx^)oJS?YM1OY&WHM`@LPEaJPwk^liP zTGyW`fuCTqx|yO#rgk#SR=vi4#8DK_mAajIa9jNH;?3cqu3jtX`6S){(nrH}6F)qWIKNSV1mGMM+t8;)tvGEP zILXy<@BZ=D#G={!_m-T0dDe}sRAgH~8gCzp==}?u{Y<%qBc4NGMPk&-Z;H@KZ%>d> zSmrbU_4>PSA_SBA>CEJKF<}$3Jhfy>`)XKE>=dZ_9u~tdTPDo&G9I?dks9NI9K(ZI z@PVzy_avVM32u;L z-u3^+d23$IuB%;Nw^azz^K&73fDH3eUJdKVw_D{T&#fGhC>e9>yXNJOy8K609H{BEL`wceZ)y=hz5&*3STOCgJ5u^^)&= zGS!fg4x5d6(Ba7NtX&$(KqMD?>;syMl%ik~QdyCJYLWl*#8lFTa=YQp@o+K8|C0(c zZ2*RTCe&nPJ6jc+O@un2ie+mmPduT8F%2Er$KLXN()(sU1S^625l;7FQpbIQN>hPt zCaFo_MWlRZ0X@}>f53NthEa%>$ zX{*TANF#@ucWY~KWEf#!;5IM+F~cF==iwrDpEbnlkIOrvwK$TbSJc|mMJWqt9az(~ z@DLb0Ves+UT_3!{tJCC4FgzY1QsVs1LyM!9 zdRC5?oLjS<}OjTEYik;`Bu(;XNwa}|U%H2ibx`#vSJ=4uQ zkJJj&#nz}#LSz2UahKpo*4~3pNI@)a3*pdn5fQ^VNu#+X zTiEHeP-Z2U<->lq6$0|2xGGm6ITZLX98Tgp98GDK8mzT8`}`<*)<<3#puQ&0wcc<# zy|&%=?r;jb%96UB-8u-#QO8S%-_x4i$TT>?5=5Ber6ODxc(5%rb>XqPJ#PFw?R@Lj z{E*KgEQK$(HZcyWR=4+kQtxIhrozOBz9%^n{#n4x5I^|KYoCtZ(&BPx(&BaZbZZ-R zy}h0I`Kq>8C$0WuTpdQTZJbAk8o9}bp`&RCh%9$xr||9~?xhu?Kft%)^J*@gYEVzaS;S`8cGHgGRs{A7_tXzPdT-43tC$$-ONS_Z)jocNvJjf`VU_fF5S`~bi@5RekCwqBg?!P#CTbpPl!*6R;$13XTlPCJ>bCq$;YzDwkg*S$pgMG0W19lfwsIzm25VE$~X z1RwOYDi(2{8qSpV0pJVU*q7}M%)I*vOhy8xJpcZ^QjDyg&$HHwdd$Mlq~Ginb=})q zHhYc`A**-V@MG?Z03ps8>b>J${`IrM$_jad#mO76``c1U8$h#4w@>+1A98fm{*?3o zoExA&J9dY;^_L5m4wZ%fhXUd*3yPDe{me-R!5ALeDIZo~k5?r7Pj;Y{%Ft20x{1m> zll10A7;nyIFubrRY2d@vf}AfNgrIKcU%3j=tMNK~@X&^De8oLpVc)2F2**zFkPs_Z z`sJT|5YQ^aODsa+l8$?ZQO6M9wu-(Rw6ueP#=s&$dNaoqYD^w*Pe=ri2YynuFsuh; z6g&zvS)owE8B?_lZw4sFqCbLIfM#%kB z@WQbRcUq4lHzL^qv;Ay;GM-FV&``bb@mk$<8jCVs}Lsy)A&spONO8+ziG=(rN+}d$o$^PMB=0BU5tW*uIV~G??>q z&F3Gt`+v5A{;!H7|*A_<(Rt#LDrYpENOvqVEhu-+mvf2Eu<8(Eku*?EKxFgC1 zJ_Ic~GNEx+;7<+iD2^WHAy(6y)3Dj>Fu|gX$CpSuaT22@^%fNIB>Yro?c)mLW$rAaZAHuo&1woH-j2dpu0M|o zQ}oD-QRv71Y?r!oa?|t46=`g5sxXSOTh}ODendr2tgDc#NuMM5#xbaF!Lght{rxL6 zH5MBp!*i#J>aqyk3}P&2z=#Kb{?1`^w(TBQX|&#R@F{3$v&|SDF8hvbT}LIn|!E@_ZvDwLoUeEnb{irt{0Lnao+y-c(qEf933R*wyWV3FEq>~} ztuOX<{pi6e#c$Y~#R~E)W?jzGPXDhg{$o-XFU7W=#u)o###A3G_Lk`1UH`;%dt+3R z-+oE++mg=x|LI}-AI9yp#=1S+W#hv&IVbdy2JJ^XBKK`z94>Yax0V|UfGNlF#ii+ z{KfH|jfEF>=!kf1Rw3PyfAPY&I$g@64~|@Knum| zXj$N1ZUN8lnVZ!ZJ#fy%90S~q| z-r=(!iECc8kjIGjDcbe`{jhWp>@PeLB1odq`w?H?PH<}e8H>w;ioW8?k9Vz^>*vl& zJwKQkj84hJ?gs)YCTKb>-fr$G3C7%`_OrHlxV$nUssyihoTn2AZeCe_f042599}y! zb%?>*)&9fIe{ekh`{IoM02{$y8x*wI`CT|vO|<~qSxm(<~jl}^8-#FM>of)DDvpevW{Uk1{(qek4Et< z5sE3pS}M5D`NMd+2k$k%)m=}@j;99SCeTzK!D^C*Vao$ zxePG|0WW-TTrxJ9V6f>fC|@SKT^aI9G_IDBE-@@RV9w<~C1Pm=fk} z2i0Eb8#>N%ZET@#yN*Kz-<_J+)e6>2>pay`3pvY61$hnam~@r;g9adTiGf$!e) z@#LVrvxCpDVq?@*U!XV#>A;}YQzHppJq_fkC-g`?_PHFuXZKm)5F*+nHvV_j)QK|p z{NtwTUJh1HEiv{JVg5gTxD$l>Mx~{%s&D4kMs!R9b+;HtBli8UGsILj%!)`#Y@IwB z-|lXM1C_+IY@a(=jvlk_)vk*bY%dTKw+{SPbM7mztoG65?zxg)Jxx-SUzw6~)%{ve zu>vcucZuD%!!iaof94(+RZ)5-F{{h67dZOh^B|>sf0VBv>3?%9_I)9B>`xK0wNrsZ zEJ(*2dwVR5Nzk9UbQK1bU%3M=GW5M=sFld+=P@L>;HthOo}TC~e|!f`#@??8YMa>v z!b68SN_|IZ#vzEGQnl-?8ar(ejNvw5F|HcZ^D<15oW`lN*6zF3`My8FC#SHxJ?vS9 z=;s9bsjAtAI=`;oFJdQw3B-R*lZ}CwK5XfsCcox>9$YJW#()b8o4Xe`LZGg z!famG58c>I%qk1+h&`$X5}UOK-7}_n_@0HGSI*)E(L`lDE<=`7pjB%Y2SfXvSj-g( zKPqSWbVl4!+teg2&xosgw&4B~5%*W!VBoo}!|m5(yiYFAL(fO9ZwaK`#H!ivJzw3> z@!%-!P%4-w@C%;v73soY9_lhKyt=$7nyYu_4Gtyj2V~#M5Lg4~^OZkyf4%rn==F7- z6I{3o9!Ba!GUM+d{2=UHvu7GFK0~mUB7%5(I=P%xHRpy<+;^}4auwUR^@Jf&*6d(M zB&^`5w(B|KhH1P;q)l*I(YZ2THFXw+WR8+oTNBWG_{g7;$ZRIEJciX&I4yqTYuEuQ zFHB`%lh_Sm$inu9&=7OU^R+q%X9JTnE_1RS>UD34R*b}f4D{;~u-sb*FotY8a3_G} zZa`AuYE2za3Jl72924L{v&$rqIAf*|BBv+D7V}zp2uvi*jx4y7L0eP0sZ0+44Wns- z^qKsVGfKZ;sd9#@Q`nnT`z+fv$OYf7WL~^@^9#?dZ_>sPAF<%|8-i>%yybj`cg*Q$ zDSXH3U#w6ha=lu=I$*b*O0NzOm3!mrrl20*%93D9o*diPrU)tnE%zP-241U3e++l> z_YfsB6RCPT)~Il|92sxJbNW7R+>h%H9E!=_Gd4HU)G(+i`+CcCU*>20~TTs_-Z2$TZ=kbDjq$cuPF%Kz+ z)6sq1RTfg;-(}%S5~@PZ5fx9yyX44U>Wkw;W+EDB^4jdF9X!nA8a2FRDY(R(;J|ej*%)GI_K(>>nImX!7D)n}KtXKENgG07s_~}+XPv85fyZ2io6s3nv zI_R9@SD&x-y%&XxkV<-PO`_sdOL`aE{r*fw`U@AN>ypzlV2!fmTf^zWuU8j;z%k2a zoHMdFynFskl`Euvk8Qca&VK&~TkCb?e_(52rw7=png}bQND%KsQVEn}V|&AwU!5Zz zpN=lPP?}0R)!~#PO<%d`E7v{SoSP;q@xe7$sK<`IW>bz9i|9n3St}_&u!d86vjJbV zdUWP*O*T!`+1f5>#>;zjOV4$QlVt*z!pB4+ZPGi)xlq(nCf(mmVPNO2=!FKNTjCh3 z1Hcjp1Vnrs^dil-96Gs^cCOU>8_!*R&$?t!ec|Og(L_l)xwCXjxc7$Evi3n37Eg(y zCQC#XeQPO0GysQQ{==_8L9}&3U2K=4)v=y2#ETVk_hppcmZ1mD5o>79@A$U)Ko-8p zJEM!su0VoP%wi0KxUVhxkgII_`2zt+2-7L=CN%jz5Dt`^3Nm^~dPD+t!?yc;qTR%N ze-nIS>J^XURbbvXTPqSXu#_`-8TsV%Yzui{Q_Zc3@Q#edcqDnU!qoSrVl2 zv_aPb;hL@prtspA@duYzF2UmCjHyJ7kG-cky@}Pp1NpGeV+R*>cQ_??j4fVeOf!Pj z(2w1%Mn=y!huoj%XO5mx3S&3+el^Tc*7UdA)%6%-)VEaGY`;YtE}@nPHo|2CZ^8XJ zyiwo_&r@lq5b-nRjeeak5Gy*1_aWgXjNs=Zd}RwV^*G#FMX|O4PjiT5wYzzD&yn=Q zh({5bd94LiORXk_DfgRK<6pavOW*w*|1Nkq8`YnZnWwsuY7eZJID_YZdu7bA=MKBj zo4g=P99pFm47!;Ju&S|PKXJ3dL-8pn!yD*&Y)GS9&9uaeu_~u3z z>C#aGmb+>4YtRnor+Vxu=g7kv4bxPvOly!n@~4I*e}E(Tn=#54vgJvB9?aa2;3b!c zwpAEEwOErVS+85t9N*< zx*mv&i`(6!DU@m^l`7hJvMFZ0`R=|EH0Wf^xZcn@Xw+fm z@nL=+{2V`&e`|1ZL*WS+y@yw|B%A$yko!rYoF0oSTJ>o@gP7PqvC@B)fBf^RY+c`d z{9~B0D3s*eugD+|f3&{;oPK_uWYbqg_y-9W2 zMZN~Xc4z)SS1%U{E4B@91#^wouAKQ_=laLD>@55L(FgpW=aR;2k%cPzi*j5K zq*DLc$or8jg#VX`{O6afU;a&fl0f=@iuk$C=KjW7ojCT&qs{hEFp>LbGr!;ZyHs;Z)7d^TpfqFyrN#_{r&J_`bzrN~;3<=_S#p zJVBz7tgbWj#wINEc5S~qi@oOc{nPDf!*#Mm-oMLzbv(cQ7uEi?!W4zu;J^o0cd<|s z*?SY!sE41fPSmarH`vTITEC`*9?9olpD?Xst7-C{{L)Q&k*@sewkiqw{J6@O6E~5F z^wu`)MRMu&<7TeOFII(8jX>K?<{E;PHtmNZQn_KayrQL_Y#^qkKG>TJn8r z5AOHeVd=^34_6R_VIA2IW{TZW;&|CGOZlbFT;K1GD6lexR>E*nZEFUW=mq z-?S76{wIsAuRc>_fG4>G910Y4n#O_Z>eU4|G2J0T^&`Ws@SDV5J=2gsQ5N;~KG~hc zx6{yA8wlEWS34d~!9K-Ly;9P^m-Kxf&IUGY6|Ebg*3%V-{zd;C@aP==_iqV>RP!tP z6AuRtXKhC|4NLgj4_Zr8;j1Y7tQ{# z8zi&(mm`MPt9%^Zxx^Fg7(T*u>xp^;>^e!`ym_9NzawulM5TcAM!La^RfaWo34%2+{0oyk7#q zwBWs|Q^i>ObC;PX54O>=b?)x(B`T2*|JU{vvcLPM;B}0YH29g~qlYngJbPI-X3K7^ zB5so}X-S_E_(%tz%VZw=6k9^#@d#ddqH;|$U-3oQvKJowJpXCj94bJT%**AS$L-gw zdG0Wkh8y7U-txe=U1C_@gDEmgQH=7c6-F@ru78g86?-D6PT& zEfNBb+5U)nJw3hR($ZC|19MdG(D9dO)4whMHV8Z1Rl7p}Sw?1N&%%OvXqWFE?O-|| z9|A8cBV&2SC{~GgCz62VcWyFrsgnzlZE9ljOf8p~w2UKA*zI^W`;oxwvKJzy(LXrU zvo7((8Ub;Cpl-#2=dX|8y7cF$hghEBH1jxJY)3t}Ju|;(8uND#XpAa+v&%nq`ae9* zf$G2RAd`$u!15e5uVqrH5;0vgmKA?P+rHHu{$YBznaTYadIFxsF|r<1KO=bv%=T#t zpF?hu1tmTJ{y>tRS4(>IjJC3Do1L!>Xw;wx9L|-Zq2x+QFZFJ4a>1EB2XG$+&gSM} z@me3bW+$ix5evFp!pNn46@Gc{n85AH`Pk`z=6UR`As@zv*!lT&x{P=%+60k0f4W1; z=9WYL>NvwnI?8?lEvkn%9*@cJCMPF9fBEvM-fn0Gi!*;DQTOR@Dj1Vaw;>wvEwPC7s4*ngesg02Pxy3aaO$0%>+(f4 zy!r6-6O*S_PB^kF7stEY65o@Afh_QLOwJGl zP%U|f(dFVvr)+GAg{;$eU0sU%cmfmCZ!RHr(JwtGt*tk)^ln^tsYRc*E$f>6a&*KB zdV9pM+?6?<-#)u>O*2O-5^-}*n5a{_1|j53;rmcyAy%XXa^o9v7WB#PUzlcqciut*r)6CgdfR>CRCNl6P_XYK#`#-3Aen5Ckp5@uD%r%8nQrx12wZ10SW--G`S zGRI#8I>XPH!T^KL>@yXHvKz#E<2#amTbG8Wyy@8yPYEBjUz@hF;{Q(N{tOr8fJG{e z`FYdh)oJY9oDG1xAGb2ZtYz66$ZFb?9jQ_M*t?nmCu32sy%uYdVP*TkuOW0w5B4__ z0oe~&e__8v`!g5>0l{28m^n~i1Ujo@i+ikySntuOij8adTpl%Od7RAMEOHTId>-SxF z_=h?5F34K}X1r`q2T`=G7F<5?s^lU(Dv&Wt2opnMdW`LpuJrGxFOH_2xJ}zsy9_@f zmG)j-gDX2V*H8@V3D57w{xK~+vi!%0i;Q3v9juwULZEg?a`&~*Ez+pRfvJ?=q}`&I z9KI*yz#OE`mm^93zU4wbsFn-{M&pPb+NSwaP5JFFB$g_OdfphBN6dVatoSoafQ*HC zlRP|Nwd;xsi~jpV`hCp6_b9cw)(sr`-E0R!OCAo==WX7o(CG>jJol~%xy{7-oa?q4TAylw zMeCQG+!I)%uZ+`H#^$BN2BW;fzz^9EsXUy&#>136vAKD33)oN(Jff_q`j+_N$S0;X z>z`mv_d>Ju(K0s!1LBNEz@##9t)OrAZPMqG3Z{9E_p$Bf&Q4JE8Z#Ys%}J?`5TXaI z-YDMTk-@>SLW?GE=QygHv89l1B^_W0{SB9H)OhU4lTMXQWtm$-g&c#CB%B=ixZ9DS zPHYBH9zUoDmr9#dK}TLk9-pE}kXbpI?V;*sLArME#=>wf+q`~Z)B*aEMnqh^UBDZe z(@yR++PN_e%rgUN@<74d+Jcy6S!x-y_q312+}Ebw9q7y*WJlrGF<;QTAmqKPg40TO z2y_SpS&eV)`%b;RupVbY6O6v5@Y_GL3~H2_du~H7TwKaE++qI*v(hmz&Z^oSaXYuFM1s zQE6D1P#;=mOFHEGNeP&Dm*OX^kA;0jwd&mG`fNo+H?8JlVS;l|rX__sGnm9rhc`73 zy7VPHpkEm*(b(|@nxF}J`jn*AF(%&YJmak+w57BMZX535vsmC|ud(WDvuidxfaClT zWMOQr!&{24@LlDYOpvt4;}UX#<1VY5Y?vjbCS{5p?uacORl0-dniY$y_?Ws7W(f49}J-XiU6 z_OQ+Z)w7YJzbvrlH&@W7=y?7kVWErXF?@Ha!6=N|xXQ%4ketDr;{!2+FTgto8mfM9 z$dWbF1pemQph3GL z&|-pla;Ip>>1YhnHa6cFQ0W4FHe>O2Z>VN|d6n?4xtebXV>LM>#2EfD7G6WrxdV+D z;B)rNMaO4}io@^`BE+CDL74^Ew{v$kr|||*OI!PSgm7Cez{QVv)&aib8#3Qks6e*u zwYHt%lX}Pq0+?OHeP^4@mqQdoKp?{DnNf@Oq*UNCz1%4z?Z9?#F#cyQ!DXfP8sNGz z#8+`pT=LqU85HvMl;O1<=|_f*A}y(%8q{$IQbz45;jz>PD7CWF1@dd+XmNdJ@oi}y z6pFws$HTh_vIEgejRCPPuLQ#Kvdchs8%@-NA4%IJ1vMg_+h_MKO{wX2z(I#iznrx} z@oHqXm_=A0>~v?Q&}p>@kxp|#+|N(7{03EF7|#xu@a>l#%v-y#ANBI#GWFf-BiROJ+6Bp8_Tjg*Ao&RU z;j=teU$T2mjp5t;Ks$8Y$j+=Oc?S`i0$+oAG1_%5rs}HB5lCO z9Nx!i)%y~=sL#w=QoDow#vU#cg$nx3hH*s$9YH8Y$^DsYU(l!b5)+6{w->q&x57!s z_X0P=5PM3ImU~8xo>pO{B8UJh$uhQhAl)NJ*&%~t;#a#zQi%x zMfGS`aaXCknh_p>ah4lzCwy_=xPcENEVTW%CQBCXu2NCl{QjKY_bIm@b;NO=?XVl<{z2>Eq*Ki`Y>}U5< z(sSGc;}K*y>K>V;4))Qzom2d70wRiz33aL&F$7+ugLQpwi$2$Ss z&^`P-tv0pMo%oAcS4RL@s<-0cOAqxrIuX`N==2~AcK&_obiCP*1d7a*xp9F8FSkEy zIs(goVYUo_2NaifOu^mn6rV68k*Rh0?<|rejr{g{EVXohJjdbSVj;wgiF%IdB@@?b zUT9_wwIy9z88O~k%Z*HMA(DXbDlA~rBR#|MrwGZyqR70__iEmzNh`I9jZI zjBxm=H7YFpZBz2Zm)5XzY1VX@%gs}@-s{l8vHR}YM%AN$w6b8H=Szx-V4Y?>mJE2= zJk@U}*&3?aN43tUrr)bfD(@l%xHH5l(0KVHQr5C%ok6~86rX6hSq9#GunseCOswQ- z5i}0Jy0FL=wM_dwUIY&#k2`S-|22{o)qWd?u$IJevA%VCrY3VU1MqFrRH)KvAU@|K zyspnGDEJ9HXCtBq&o%69A%1A^`ykBtNWOH4Ple*Zxx%pgw|#x|As&2hfqNN>E5q|v zqI-Kzv5oH$)w;dwbKzJ0z2DVlP9ZsD_-ff$XR$)DiF0X3&HVE@q-PruF(Lg3^RbH# zm8jTtT2E+7k^%9kQ=>Pj-PH2i?Z-S{I&P~J!X%>vZFULTZbr=#?mS_)>*;7-@aY^( z=PEK^Li_G5?G1{2*0u@%LFEX5eusl3H*nkVs`fe#C#UvXxMk)ez5s3q+OCCN3*{^d zQ*|T00@YG^um}iO5ejPNUat(5k%tcN@rkinE&?M0D(%KA_3+2OwgYwpKK(SU3!5i2 zsfl2B0nsZ)Nd&&PnN?yVQ~Mdjh^?KsAqyYn*M2D-b7?9b-%m7lIEbN7ziZoI_DId= z1vCKg!U^GekD%I2_&AT@SS!U-*Ei=1H8@0Okr$5fb1`3-z=&We`nXO$>LkrC5Ir(n z|CAtGlzB@i7n-N>(^zh-O7z$#RNlMkXi(}rcy}XhB)dhd(HrbdV!uO|t2Y+L28GP| zC0mpV!!<0)*o51a9#1?gLj6s*e-W=&E_p7uby!*BcU%eX^8v+-CY%>^7Q$he zE8hH1@BX>gep~K#jqW3NrTDh==X=6kemo*11Iri^Vt931Y6&SUTLa??L$gbU+E2#6 z8~JK9N{Ifp3o8ai(R7S*V(p!-v7F{^d<-oiN3+b7E~{#pPNeOvk1Bf$P4GA`%Vu99 zYV9vcpXifW*#uoCwdq6vhBxeYT(%n#^%BaRj)_lrWdxs@IowL~?dWl3yG0isI2TlO z(p?lez4sNq@acg`xmU^kpEY=dD~(5Ut={Rxj1t0wT{8)BFRy>j9R^}%nx{9;(7+uF z62@u>PBu{w?ou@`-p@PmW~4`vrwCwL#%}28?Rt=L>mWV?aq}bj=k~g^MUWGwSK8wG z_FB?Y@5`;yXV5Jgwci{j_3}UDDF`>4^3mOQp|fDj)FBzFVZO_@bY+!fd#q$=(UZm{ zl7X-D2mZQgt!w+SS%6wp5YMw9WHUlb2YJ)3mG0YRX=DLa>U3*2YS z_%fqX!ym=0J8EhaeCyI^hZGLWg^{DrDflR(N?ns6)ZXzWNRoHLITgB*#$%?4^|6nd z#roqRfis+#hHv$4pOQKEQ*{!b#E=W9PhvzWhr~Ot?d=82te~e&d_)ZU_OQ8nVD`-* zKb?rXXGl~C#Dpm|Wu}1DZcaGdg)`qgb25hPpCFI^&LADkW#8hV?RDbP89y zoRkL7tKP1F-Tihr4Y)y?>CIZ6&vYc1jhApA^1Xzl3cJFBeNuc0a~pr(qN|%z4AzX< z8^GNH^xv(7ro1`H;B^TrxFg|{Kv))hd0}*l*l%{+JRs#&mf%X^G%*i2j$#B#W#FfW zp6;RA+6H)Nv4C}17ie?pyNidD$`)kvqXh8zYIkajap-2Gp2N-yS%=KuHsenb;Hm@k0WJi>2~t{r{H4N1hmC-&!BqwqT;jLdw*idZtF2PJ4SLEeeU7o$k697{L}s_ zlMNW)qTX&AYwbX#1h!>@gVXSJ2zHh&@Pvb84_+K3qJfJ00`({7$zl(~y2bPSZ%kkj zV+h=4p10!0kMl*jjPp@M%?l+#jKSvQki5bWG^%~#5TF<{9KV^D2!`0KvY~Qi9-qa0 zHbqcM=zW}7#V*dE_%l=_FVPF}Wm;ONU!??bvRyX0inY`9}ZBaUySEqKjW*y$$hiUCSdUfipVs|3`=-;#;Gn&kkgs=YCnET;e z&%d;3l0f=0x+~eFnK#EAS6&x9YKayZ&O(2ft%)_jy2IwnwIjUN4G;7yv^7P55X0t$ zY02NOi$V#e%S{&X({99U!GxP&93?vZ>yBuu@>!jp2pe7*IBqu{3-m+Mgl&C@u=}L8 zd&kMArGV>z9C%e?7v_vWWU3q7vgei^7Rjph>HL6PMDE&wi5QC2LZv|%q`k#rYY}G} z-;Vn!vhD@O`ow`Z+V_C``t&ebWWhF%uC3f)$X-mqYQ@@8?am(sJnKHUxjnt)4m5AK zZ;~(in9gSglk{ylkNAB0T5W(hv79aH_el0Y+#|;4?mdNX?%}1?9&9A7VFb2z2Pv=f z$Qqu;6*oMJqAeGnTOTo7aNNE{)y?Sq^af&BGmAxoI=?{M+cpFc!^tEW)McYf7NsDorBhbxYqPPel?wOnP&;hOdi=6$YsCHsBCf71uf zZ|-?ElgE!=`u|&7u{!XIhU1$<4o+;vnghtG7qDoOt~(KtbvMt3ZcNuA<^fh4!Y;eB zCixB%h3`(GgO9!gv>3S=R1=@Pv+%(5DyUJkdnSj*XVo|_Il!XV%73PdfK*dB)^WR& z@8sSY8s?{QVfTG-z2Bv=*p4w8GOC)ks(gKAbQ2JZF|Sw*I@`XQ}%Z$EjHo%v2go%o}hzT~>*jHit&8k60D=|Jry;`)Nk-o6M7ei0^^u>j}5@d$t3pcvSG-r7=pPN+xus%omIneI`Cu zx60-?Flxc;X}!-xc!E*Ny9BX)S^*$QG=(!Z_K*YRQwzhlz`@cN>?66yA8xk!&*lwF z?Z7j9Nu(JoXZT$fg$K9<2J%RKc^xhq%#E}CL(Y{&V8P45e!C0hT99+oV`|J+ZaTN6 zx(_Y({sl6vv%^pitaPTb2Rh`G- z#L-$8d*{tZqWuo>|*V+-%YNrhMz6k$!f~24f)a@>UWvbK-tX@t_>1% z{DAo+37bCLJ%D1C^^HD_LmGYy9O&1v1{lbh2tD?XdPg}PCT{UnHsMrnU%+b%nh9w? z#eNBn%}=~DhNP6HSK?5tjp7e9>b1%idVywm@NZ&!yz#^LCocAF_s?G3QvwP9=Kchl zUsULeJWYz)#4C2pa|4w0RdG-#x>|&R;oZFAr903~fI8)RzU3Y-4u1wdUzp?}!Ho$n zR{x+}5v_U%&8$M~IalrlkjCH+zN&-rIZnai%%v}8&#F0gHFZZ>RS3Y;LLCwUCXB3hOrmEUSC+7~vLP4-Tv zw7iSnyTiL)5v(MnHsNDTFU*$xb>9(E>dIr2F)GXLOktCWSUh63wA<4)CW~=_()&9x zrfsh8Aj07@eJM^5PWwHvFpWX(A9J`~aeEFCMx{BRo$6T7ZpBUzq6Qn$@djna!g4l} z9_b#fVgqJssO*_8J(1I(lky_j9x91o9r*ErGLop{dfpM!4_o4L@2Vuu0r?HN^eIL? z_|bG`yZ6Jm)-xd+>4Ell>=xktA(;reD_Npr{XlTXZJ;w# z_Qd0sCAaoc2x0%|{n`D!4gffM8Pivz;eyV@+V56%!J^PE_5kR_)w|fmHXQMItS61i zE2%b~=&c#U{A_2#y(iRPvojiorqpW9)F(2i_!$VHv=gi~xuv99F*k5e7c-w?;Z*#o+l|u_) zG}h5mkmm6+)&RGtMd1TX%Uv@Y%robrucS55Gb1h51Fl6CN*Z}3(Nr3ZUZ=DcbKoYw zP=y6F4~Nfa#|7`EcaagXZV$JIT+p_(YQzZU>0j#0$YAR@w)@PTMqBbvnf*W3xnU_Zxf>a(&Anf^Tfrh1N zFB5&_kEljy%bnL$d0#FG0;ap;bZw_%m|CFxvdiUJ*H z8G@TIGEt281#4Ebbz+cP&tXr9l4?~BY#6`C&VB>X5MWF*a=48?NMu<8lCRlU*1E9t zS8iZKvrLj3+E9c1IDGeXtlxYc&oHJ1QHT0TtIyDaBzNZPo}g>rrQZ~L|3o`t4f{XTe_H&aL#EP7qTBH+XJam4)aW12k?y-VVI`wbEE{E}E7 z*Y8t%M_}FY)$;0?&%rYD>Gr(A_m5PbYj$?F2okCccLb&H6_;U+7x2Z|kozBd{B(bQ zZ&RJE0Ol%_A4g!dbF08|XgK6nixSo)mpS_u@+ba^jV(P$`s1Q|^d1n@jN{5iU_D|_ z*%Yv`HHbm)ToiZ;v6P%HGNVSe^j`VV+sdYq@?^E;&)~;meD2{;(L43zL4EeiDr+{E zBdQ|jgNT`=RwC&6x@zMHB{WQ_3zG1wMrlPPlx9Y23bETUd4g4dV_4lQi_KFQ9J9rx zh`8taFeUFzDMsZX-EC#t+flm{c6)sKd2}^u-e5dEu)32;M6Wv1AHYOq9b`E~wQnpy zR%KeIEsLbzb{c`5@;-uDHgs=_-#~}(GuVh6!QNFy?O)ZN)aK8ZScWKkflssQ7e8hB ziEAiDwcu=LjmE4soA8RRZjTz3Enbki>7%s62Zc?q>LG@0IwkJgOEYnI^7I3c9i~cx zP;kpj5H{D|3NoiG!UnH)&dl8OQwJ%hfB;hyb1xk;zfWeJW3Z;61eb=iT5XV~#x=-~ z#KL=q@@IrwWHP>M<58CgBEO+C#59Ngq^9To+R%2qSy1`ZS~^F%Q9^(GfMOuXa?jOB ziOSz4B!-n@VcUWUYuIIRKUzA27wg~w7Qq%fv)?(Jn?ru%Z|s1x-F<$(2;Ym0bgj;r zi(VG@+dCTc=$oJ+#LaWsa29Yio;M4*GdiCnK3Z-DZ!#k!)2zOl%;x@_xjN=p|F&uM zxC3krZDjqqdoXw!ZS^7T(Zt4kH|NRPaKcbws=I)n3{=4#Jv*S?g&k;lNhoSzJyjzV z+BI_clyI(#R=5m#x!QV6)ne^H$0J?fTFFXSrs-b)_NOwud92l4$dyv>U%m)4j>Xjd2d~Mchx_m=zrEzlE z+*%XXS*~Pc5jJA554%_E3omrCr92+=z?zumd2fE=Q$2KRm@s}~=ppLR_(`Lwfoo{e zhx_i0A1JI!yQWIqzTGg%EpOt@tz^@HJa|VPT*(xB=zf2*Q5}YrLX86L0{qk*(kQOv zA}!3-8{)TAF-XaEZpQkwv{4+A>bKvzaOy1Zz_>n{RcbMK6=;d@w<{DI9()r%yg)6p zP=vL{9-FO5QU1j@Z~C2<`1WHy*j%MEh#6+b_Jr!iF|B zSRKokM`+k6?PW)R{fZk#x?dfLBCXb^4+uHK)?+^S_^zcmyus0AO?xT0IiJ2bc8zRj z(UG|*AGDXn%HGFKkg{sG?a*on)eqCZA3^-zkDz#VPJR2Yr@?tlbWF`Vi_QBiR{f7d zi}QAxzv0j4nvWFwaJz?bWd=28GV%LEFXFO2{?hi;k zekAERyGO!(>=JgP(fUrPBb7j#9~_i72<1~Elo4CgGgFrL36n<0vrc{;DW#4U78r=s z_EcjrME3PrCaCj;q7Hu$C1`=uR9e^X#!5tpYt8-h#}+1ntt=yI)jjl1yV>@o3;C|4 zltG_TXn|FltLDpixiyNVuIx)ohMLLNtGE}BtGyGl&ogQQyfbgOV|*B_RA!teR62ti zb((N7iYg3Cm1}y^(+4C)6bydjW{GAtCC+67eb+N}uY1|pv(-~0`A)@5$_k8#C(pAa zg}gk9RnacV^MWdVXEe;Gp(cF5yNik=?@fvX4=zgD&Qk|w_!$7?PKVp2u}0FCIqXIj zAsyjTFL{L-`jjNEWVSlQ=ZbscSY!1Gx?1~$?4>z1Xeq>GjR0V==+_-?ZtMr zw#yKlQra8zLRea1V;3^~!H@G0t4pLyA!4_JfQ{|yOTFO!yB3hB)89veJ(c=6U>%*$ zF$2lwJ^{fdRu%aTvEY5!tO>>Q*&JtH^tl##iaiCa2k`8vn_bF#$vHLXlDM2sHn*~5 zO(j=eANAXvCks{jrcr04AD33$sa?n9h&oRV zPeX)M;S~z!d5ebCoB-&107jTSdpISMy%UJV;$fP8zj-fk9n84R?--GWL_t|xjAbk? zJRm#-d?Wh&R=sR7^hzP$f~93AFk>$hg$ufn$ zJTNIl>o$)D`5g&P)6)AfxG$v!f)MGW=&aXGNnMN`QA2AtRG@tyRukHWj z8oxaM^dA3hCjQ%$oC*O#S6GLFm1ahrwY=tu29{2Xh*b{ zarB8;i9su*rK?{NaeDdDUvXKoPS|BoiO}G5Te#xUf)+1R(Gn_NPray%7VQ|-do_de zxh?WzV0n7(c~d4MHZ%QXG9&S>^2Fg1%I>6#4gYZJL&dRx0Hr5_Zksx>_gV@i#4cn{ z^@rrKhm`i{`TBM9$zn^w0!s{TH-8%ab8Iwm(W~O={R~}JwKBi48rqB5p&Iwv@1bDe zKb%tj)RL35#swK*ScGU%V;CFV18KRTPM&3v<(UD3{KV5Zti9HZ8YII z>j)wF1Lp^$D9crETC)Lg?s=(%qvBK!YiI0aq|YKH;^w78gesoLY0i<5(QjHzMZaRb zD?=dkDIC@>jEQNglUKc7S_V{rbr84sb}Bd8%4o>B?W=PP=v0tM5VPwdzCUvp6!aSKAleHYEZr~eVd!g=fZwdS(J7ZM2OEv*%duu9`I+q{OI zJ;)>8_WIov`K=U;w{(TJ8v{ZcPeEU7{@X*iP(UF*F;I6yQItdHu|dIL&znNc7nS&j8D2R^*6$O3nU(axgf8`fS z(G_J#kZuR49NpG={HlJli*FGn#EjkAQd0ib8L&$+=jBe)udelCrTV|f=bzil00ybe zn}@0@*vT1hQ?tpF@QFcFA6b`da|R0{Z3fc}43IY8vw-);BENr{BDC7oX`ln?`%8sc zi0xU{YsVVMlM>a7mAN*&cCC+i!3s1#K4e%b7CIBfzt6#K6W8cnP*_+pS>3BgOh4!( zmx||=cDmE)GT{PM!1UaH1j?h4^ockVY?HOxcLMCE8VDlF=i=HYn+M>tUa zSiXMzc`Y8@#pY-jPW5b|!NV$<l zr**GLjqj9EP*FgH)io_SikslK@+!eob3SUT`B%^dad{Sdz!^4W$!}{l8BH`ZgHDTH zRa@zi-Z+p27>gS4EeWYNRQQbB8kvld;5eB{Y{f>I;6KSUz?oP2igcmUno$z2?4AMW zsb{Tru{k_8`OoElX;c-7(*`h1r~E3S=p3-xip@O8?eD+TiqPjsRP4SP1l|)MJvaZX zt`0oykkl=?20nvf_55Wxn%c_y!)0ir5(871$*Um!8ztOvHIZoj0pjqIxZc>^i9d>~ z8EQ+*w6c&qPgDI1q&d02lGrA^V%)mB)TVN{v|5wN;X*Da&h05Bq#EsX^tP#j6>I`QQ5{Gci+Y9Z-?z)o7DXi%Tbr7H8m1u>|5d4`%^5Sgz@oT zeJ4KvlGErRPG>|ff|o@z{peD9Kc2AwEe$J%b-L?qyub`j|K=*4Rf_a|LJ|7Zw2!gl zm1J(*#x%QIr`5W$1gW}(XoWy(0KuLW9K+MghH$}XkbG41aiuX5YA z(QmZgZ5%^`e32?YI-;{WbZ^_%cAT4xmNJzrGAm6Bmdv=@^L?I+&~FM(SJROd zbLDZ)8%I!lELABn|3y_Y;G@B8WCav};&ek3hmDlS9VzEQ466;(_eES5pyby=lbCCQ zlONs8ZgqL#RaEUZMVFG7DZCeBz)OS$i8D6ljp3pZ2-;_I6XXi|+w{)VYwKGLyqVyd zsnY*a$gVMYj&yK-l}SwdvbZ!0_5<|Ji-`y$LNIk72GZA5*z+8diwg!OolWn54c(if zd8$`dBgRAo+p6qA#!U~Pgr>sF3fhhr-?=qn!c2{eas#VuL!a3v73%(=ijJlI%IHTj zRVBwD=x-bbRA(lAQgsd7HeU)O)2>bq1fMY$l{&&^qYT(9Ptsn!PmLLG>gh34Nv~wl z??F(o8`pSk2j39gZ>CW#EEEWc+c!8NcqJ5S1Uv=PD9hn5{<=K`I?x=b=?TTNf*K(g zN}~H3PKNtfC^`{{2RL%3r9Z8BQ=Bb}ql-}rGQLSzGb^K(|@u2oup?B^g$mRH{9JZ+!^_b~K5i0}Dp-UY-p7q4>{I3UolvqU|uDeU=cB zbpR0(p)m5%eKrfyK}|QUZ2;%6x8j<~0}OM$DgK zyH`vCb^{7@E36^CAoEh9Gl}xkou=L(N7L$h!LW$;yi%JH%1oQHGb0cDU1^FB!Pnnp z?~NhM9mjMN%?v7o^2#M)KshDQQsw3^)OI)@m}{jgU8qsX;$6w-+li%eqSOzX1E5b6kTf5+M5m(Ma@{D_NHj;h)%86UbSnFAXbc+rLEdq zNNlwdu_Xw}bEdt%zw5g0=X*b|=b!tZJAZg-geK>C9LMK#yw_3ILW$sx+fFzZS@nih zHZXA(37$K#eHzDoG5*B(>l$;#*|dl!l>v<9ALQ&ohT>};=rs9L{B+k|e_Gb74`{=M z=39KVIF|C&%FfZMh$O2!h&okKz|{iP)Oz@Wy)vU_O2T zm<2@rM)=zXQbyBlGQVNvJ9E~9*J-f*yG%kh*6&h%@gwei0534DLg-;AFN9{Rdb>X; z7}gB=Al$cm_vZ6^Y{~BIc}bs;c!PQeoj6{0tD3O$ z*POq&x$KomnM)kWNc|f%ZsQLIr;(z>No$Bfeq`zQui7x}h{qp6WYu)NrgviDwPs*t z-!_z#KTsv$;Tt`Ry|%h(tc9N%VI1v-BKizc;zeO2KaCJ-AdN@S?VoNG0&IX(l^DM} zHdarRRF4X+C0(m~M|F;i4~WS5(8oges9i=`b4+0Pl{8S5>YM&Zyg;KLQ}3Drr(lqCBwgu9m93@< zKq|QoE;)c`7bX%_lb_*#@PSYWojB*jCT3%|o0F=qb4L82b?NK9^|F}lk*^JWn2c9v zqCwwI?hqzK-{ib%A;|B@+>&$G>q+DFpOq4vS`K<_LrT%{ha_DdX$(tR*aF$T*_+#* zt?Z`6SdUY3IrP&;5(>Z`upA|G|DFL+lZmkv|@qw|RL4?E33pZlB6+v_r6>@q5M`SMCw&^sWzhtf#R5!I`vGUy6d zTwz53M^vQ4YZ&@KjkQ6}Lvdl{z(SgQ2`};?~w<@$t13b9Px>>1Tq5eO2F0jhTS^6zZa-bH* zcnZ3~{zVU>FNpGcKbZ>WVxrES2M4V6y(ZNwJd|JkGvgcm&0z$Py1OCSU20%GR2{$w zbXqH;Wpco7U*WD=0MIzapijVvcA8iF9bu$&v> z>+!j#wFx@W@Fq7VJ#$;};u1OYdbBxKC%bIyj{%pHIqo%+bcF%0u)_^ zk7mAZ#fR`s721Qm7yF7lYP7b}@)mrts!E>&8`C!{BwWTkow~ z%r?M_IgrCsS4E48Mb2P8_mtevw4ObA>;QibKd`H+C><%?8oVhvct(iEt}_mn;#hEZHn3=fd%A@!6Y z%#v+_S+=u`kDSa!*Z`h;y;jm3hU|z{=ybKd4^7)~1SY2sE$>ia*b@wNBg31SkIWp9(cG-Wpz@QZddO6q7qxpG!rG8P^ ztmx+CmOs+D5Y$^@Qg35i2z8!Y-}hfU?BDln@$uh`Ix+M)h`m~~^lmyVhf#qd(2qAn zS5e6Aiglh<{!W9aoRY(}xcB?zu^m6xGaeLLR9CqXJHBH4Oa=yn9_N?ySd@GuQ@Vcm zxJ`Q<+nFr1-HIg4Ez~)l{l0K7_-$;Zj{-l)L0!UEMlTr$4XMm)Ui@?t`E5=hADQ z+?`a|yv&!kPMjDb;kM%qykpuuPe%I(Y%4a|X@_0Cnz(uLYx3>o9)+9P`b6vBSgavv z$}$3O{iEL^>Vk*Y_oX)xxqSY6-nDyffa}5JPy*Lq_aP}KD^OIA^VHh=p=l5KOLn)u zH1+P634eE3$*wi2bVR_(a?1St^^k0TvtgCti_}DVx{L3xc!l`G^p&8KzUrxa_QnUV zbQ^nV+r9CO4ElYim8=V@F)u_R7MDb|`??;tiEHXL7!9oh@kfV4tDb)KTw*(!X&qPfSta-_52 z;9hYL1P=oyilBM^y2(?>!IxKj2Ia5MTz2&_e;weu*{dUzPfmiD zJn3}t=G7ud zlBr)f)h>E6aPb(6n0wn(TPdH(K%a&w@2zugO`>+aJ3aGE2v=qw!axt8_*0x9b-W@S zO!cD}xw0Sg#l%Eyll%@)7dI;T&4C!eiLv+GLAGPvsue)+Y2?~LAK=28jwFFS`E0qP0J zramqqdTt)08_m|Q(!3xWMoo2biqyo(#ghK!FT#$CJ>ZfQXMI^yuZAl3MWb3z<#XGO zd7(^#vyo`yZSWyeCHY=o`HVCjPUDEXXdh zTiM$9f+lONMAf+SA`vkakr$PYmCPmfFL9^Ux#_~|PN&cSWe zz1O9RKQNvEck`{S4gU1YOA2j2@nd-TEmu*bI9N!e97_(Q7`-1{dI@w8X~9EXTVNX z1So7SaiUwkxsjD_yrW-ilJ~4!J+Kg-SV3~aE#R$Zu$A6Bl3w1GvXWOh6q}%n}az`lqVLZg2%Wn8d-h0 zh0w$X9BWI!+)bWFP1bl+?2r4Vo~bz(8!-$Fm_>&=k~DLr`;jKcVa?B};J(~AS!U}m ztq;tv;*KV#`(-wPv<3BZJe5g%BNB%G=(PyFJim1C6p||jSQC{pTEvf&=&=my|%x$k_rnzss?a<-LJKPM5Jc}(^51Qf#k+Zs)p^2(|em@ zD~_Mg*e|{2DhuNWkNWpv)3o@|xn5K$73sUnd#ld7qQ- zrz#A?_4Ll+hCLSb@(dyKJB<$nK4Vl;tH+MLJ-f0NJ_wkj4(&8sCL{{zpV(CPtcb%I zWhtqX9wtrBN6=LYvD;>gFHmH!vC|+o3AUGDQSXLD(xm&24Y{hyseD$ZdMjvVxcYLC z7Wf=-{}G%MUm@_hvCG(gd9G}(VZVc^-2GgoUtKuCr25+4$fAUX*sJbY#f0TS;YLqr z1AFq$yl@kxD!I(^9caz4$8atFjvX|#d;5an=V17WOQQ)~f6Dpxx|-KQ9_inXKMN{< zxRHeovD%3-B;Pe`>uubAOChIsPC%Zv^Bd-}_+bfvPGLv#1^&C;W#64*(zu@~)m`m4 zbG|#)^oq&F=u_KjKyU)%p8Qkv;djmCh#)lmNU<5y95}*sI16v!ze|yYD2IHQz^jpg z1tV@afgV3fjGwl~o*3P+uefeBFg0v0t5F=5((zkj#_Y|rNit|@GI)Neb%aJb9UIO+m}o`=!#1BW{`qnW~~X*CEg)`Job_$ zSxlyl-p_rsW(>w<%Y4=`i`7)gKA7GHQ|1!(!RzKr`}i;c1qcSgXSy!{2DU2?Z{}dj zOr8{mT}?HZW&Dc&jxW)=+?>QJn^r<4WZ!rb(JkqmWr=-}u);zfm0qU@gt>Y2A_f^2aM|Kv;wGMd{C!FjX zE6dhBt}-7!QKLpC0wl2A$JD&AhwdeHD6dR!n-#wVt%N$fWaQWLk&{&k9LogRqb`Q; z_=W2pE)Eq#x8<47yH;FHF(}MVzI&slQM0x@XSiUF%cM@haBD%>6JNw`G8@A6@i`!I ze@JGuLq~84n$07#va?#SKlYgE4i^WQCjHhnFnv=pfj>*V3FCyL3`bWg&b;M%TCMc}i{9o9geHa&al@#Nu_=vzlumZBIhSA5GKCKM9&0ZKT&@3~wXcHgi$;p>5y6i#UA&ILt zM%8ODf&*>Q4?ANXn0wzFX8w_GyzI(p4=PzwIYWK6ZSTL+?E`+|_iRAPe=I;iiWE~e zw{rk@FX$zZ@FR5`a!J>sjA*goU^57UFfWg4HZA3HINl(8#jvuw0_ zQ%=Er1wuaHfasdXt{e66UjMRdz;e`N|7y0%T?;7dl9mWd)p<=Xw^tvOC@79^~)xm+Xs>$pN(_bDKd#0M|zUfwa zQsr_5Efif&wBAYPfH)67JFMm6Jbskq`j&x>tI09z4^{gKqcYDpXAnto)27^-qK!6p zd;6#CYWBoKt~J@~#Ug5I{uu4g0`UQa8V!V7opz>LTHt)}3qv%>?H2 z)<#g(4)3CB<+DZGL-*zbWtjhBMQ=C5ruJ3E{|pU3G zV9&)kEmrHb2KZ)=PgrPtvjZ=)T|+(*N7>RIH)(uzBf~|2mLBPzixJioQ^IY~_ShK(P7S?V>T+n?s%$Io4GuW3_|e69zN?=~xSv+MdKu4)k|t}}sXP)~>6 zc?`IwD&3mqRUq|ZBCYLQYR1h?VM^{_+9X7RoLsQk_xg>wXg4%pX%8@*2jiL@Hh6ib zxus(_JB5oIdHU>?#oSrTp_l;zj(Sxyt#r;6X35r|xMJI|zoLW=nj&Go4+__NZ_88! zQ-FPh|IXfj^=LgQ*GRQ}2yA}rQ#{_DW)_&f_=7^EoZ)JyFg8*OqKS)xT2%y%t6GqN z*SE_M=VueQ4)*!`Ott-STmu`iJkWgnTDd7#Ns_oR5UT1k6@mUhm~IXt4;e zy37+f#lBX~#E%pO4g?=3vhO?FexwS#pchGyhR3qeV^vxi>=vs6=lQ5(O>HkBf_p6; z;`;2yN_PIoTq~l(7~HeI0u7b19gBnvv~KI>_U3e3gM^W;sC}=dXrk3($%M)7qV8~! zxdGBi-|Nft5sB93k(#c!wYC1OiTsJ~WQpgHKTCb48nbRr+Q)OXjPl_5LEjvJjXkh< zTa6SA0?nC018$5uy21)H2D&lSF42kFgIXKEP}ea9cl4@!Nzg}n(-1$juR2sGxI5bN z{ev^ihlx0EHDk8?8DvOay6>YXLeC&zhd~BCnDwl3b@{p-O$I81c0zPud34$pJQ~}q2SgJ~{F8*bxI{m2H<|@8|Mc8-& zvFDRB6l7-XJ6{_FEwYll)fFDaif?7O`VP%`hMDYqpWh_=oipCF+D#+=&(eTi4#Wz2 zzn3CC(guDO#P3sV67Zg4ok6BJ4PCpw@%MC9>iI2kiPVIOI+n+CofBbxx# zG8-cfuY=5Y#vANP@6eJEl8E@Ohxb~DTWem_z7=U$P5)?w&(H1b&4qTjoZn{67@dn@ zaOLG6=@#9rlFyISPd!e`d~okY3$Y?>x6yLY4yJkZ%tz#O7eJbcxd+Woch$lKo-GpH z;U+oJxS_%fHAPDH-kD3lv9e4sIq!O^0MzCCi8DC4$>YcPrvMe*AZBMo>-H_SJ%1nt zW0`eWk$(kSt!Nxv6gKU8>SkVg5b7vkl|yC>YAbe!c{jO|!yl^MVE!scGbL?_wyIpI z*7@l}z|0}kYP5nriD;f-5#B*xjfp~)J^i_5g6#Y9AVhpKOPi+Or^X!z#N)%G!rV1a zCjf)`u5*RCKRJBJ2#gGOm{Ivqy{ToAFw)bez1tIZ)dHb)fAd9{)ntw3t4OHM9c)P> zi397lu(D(Wjpt$$*cZ(ZDzX?w22_)!uO*;^0Epu!CJK2$L#ovErD7Yd<>d^pC+hlR z-F?K^8`UGYoS})27aE(^Lx7K?5pi=q=2KO^?Vd1A%xM8P{M2!#gzYa|q}qi>f&wGxSN{9=W!KPIC4 z)!y!lcVRQ>ZeX4l4<$81_ne1WVXiH;T00mDz!s35!?jI-s28NohSk0YPOSR?S^{Xc z6Xr=Y7ujEra)jA2IZ7}0>%*v__y-{jyb22D^k0q*V=&F)X(NzhAN6{nFZ| z!k`$XwJl#rzoMF2~A=;BCfn70M|M<&yuCJG4V|k(R%!jpK2~(5yN0PiU z7x7`$s_N#K@=a=^Wv704FV;QPaAx@y3Y_E&xD1}Q0f^?rhN;zyI6Yv`JP{=9g2jaW zbUAAKXJFA0-qb}PdUK-e1d&Z(-A|KE{Mo$ii>fLFEu&*C=o2p7u{W(@-+RCYqurH1j0@wHJSf_(=Qj0z+6lZ)w7g>T4a@I^8w$4{_x zQ>{!@FAb>OJ_K;m*)zSMmL_1K9@H(U*unb5+^tSclM~q*j>{x%#ZzmdjD$gb)akHq3t?KHJzDw&3?G1 z_lun3k|(rnF67f9i znWUSM1wu~pNq6+|&j~!{k9!q&KA|AXKaXA&oF;brDD=HJwt@5Uv7mKVEO$N)uZXSz zkQht7!;#PFK^w@Ur%v(m0@{f*j`hfrTHI-te5XabBZ)vZ2>KOJ0uSgn$)+57gq02& z-k}c|#xy@9l}JtnP0`ycQ2ONgK)IDo!%c9tRxdN~Ysvh@@Z}uzl=r6=ZRx7sTgdOC9Sz{1z{lSh*S5@e2 z3wktPq&u39}9>(c_}HGMu(mwn%(seVv(R_Iid zf&CakraC)}ympYjPh4FtxvO!fOo@my=p6y}LC@NfFSvbw=Z}Q!{;;G0gc=-b9nk^i zunk_MOaE8;@21djQb{XdGFom|UG-7BWy}kV>EqQqvy(otT-8QwpJd$|h3bCZ0QHPW z96L%to13Bzgwa7E0Jf}gv^0u*tO!xDhMWZmXzW^^1CV<%-b1La;gFW!aQ?rWVEE2*yx4sx(@)B$nTRP7 zidld!+Uv-&)LxNMt;rz=dp3~;3CUVIM*U--!G?*Pmzgl-+t$r2viqLG2O@sGWqaLu zw1}ON@oG^c)a?oR40hK!igi^7s9lll9_hcl5_BT304ff6T>H>%QDX!+qzr)sIXAhC`;M8`-!_1eKmW8J9w@rV`IhqSz+Wcy{e!MQT2+H~- zjz6$(qZwta6{zaK0MY?y>O&-5WJ6K7G5pje*ptA6dqArc;07H9nsJ$?;aVCWO+Brp zLTkDK-bNqpl}xjV9w7g|a#~EkHC{@$i#|+zPG0j>@==sha&O#fH08J=^^gW)00nXx z@VV-gWhx&OAGsDF4WLytQ5|Yx2-MrOACGS}_uB#k)F%gRS*8KcLO}3HlepGxS?|>$ z4MbD%qPd^mAty}5K8~+Ih+1n_>p8z!{r7u#R`{3PR%9lrhkYkKJi!THB?a9Wepvmr z2%N_+-1Lx^O~LvGO{zW~ypji`fS|}!H$%V#w=*a_2<9XL#%(@5RBW2>uENAzLp(s_ zP)4L`Qx@!M6F2o@aU%rb2wYS=^k-NZ`8r4XxWgo%{r&v$@lum~77&ZN}|KE2$J zRN8&?M2(Ib0f|7o7L9>!mDoY;UXI$LU-qXI)cXEL(%+?pzt40 zN4Eafn%js1>XH)F^Cn|J8ACuwe;*lho@-27La5cdO*J0+ueEA#rsewT;M5l9o>Rb6RhAm8;qflMTG^aE{KM9|+e5qP)3T{nM; zcYj_mE6Ad#uqloRjn*R>wS={Q=)S@^sl8a1DbpIBV%i0i~sY@v#_N!Z+{ zMxTHHPGIxmzLJK9>uID4xv#|o0~iIVT4SuYE++x*`8KFwHJqB&FxhxQZl}I6ZTA(H z;U5>4PHExyE%|vqJ&+RD(p!+15F$78l3M4zoDE8Y>Vlrv80ie!FO!z6Z<2dyxQ5oJ zpXLFFZ}NtLpfCV6zbH=~vJQ3eNuwB*j!tcU>R{@?7lT3^rf-t!NMnnP{@X`V0r)#t zS<|QeB$vizbQszq3qYKHP7b1MMJGJn&Dl?Ik7*J2dXdDl67dGxw2unpZv=i&i+jY3dy(P&t5 zr8_kU2o83cn$q4go;imr9IoxY$nH!zutz}=Q>8k9D}2}a??nQ*o;H8{Qbi~+=oH-d zV|kXYUuLDOU)5!d`JKF#4FsUjR0J}0>dFZZBlUqGI)i?45dfr4&2ODa7{dffpdhm%h_pgN5kD4^61YbwSP~TsOzQjmO;rRe($;4sX_b8 zG6b>z0C8@|sZCT07BKm}np|ANAUk34PrnyQ@6W>DAY?(w!nvF% zKI6=qCId|9WuYQkrPI$yq4`POY6}8>oX>r-p6|)ECLp&a*OuSV$v!%p?ou^0gko}KPElh$ zU^|fMEdOUfQNpL4W?gY%WujW!8C?uyUI@BR0>-_{QgR@c@t+qz81~nFm(Xi;xk8fi z!wJ8CNv#I%>c*wUt#mFDFb0#vWo7zZjsVH6L#pXP8KPVBdH^vpjyk%x1vj31Ytm?y z)0im6)vvH(pM39WYi>6s>A3yRj(IztQKWN3lZu<7;^Rb`c5L4{ygivaLW6GyT z(@dPejoZ0kReqg@fQ0P?^~%5AVpoTFGfm5A6dWZ8B-82!2G#@M-_mdE zuNzRy0KH&DkJQ}R-#4#v@BpM$bO{<^lKsrG7}!NCDr=%?pbQWOuni<`?tI6t!EHa> zHUYq#9sG!4G3)R+QR03RJwX!KRx}<4h0;VJDhKHYda>qg68D|aC1_3g62L=$E+XC| zalqcOKV4&-?83PL;ImrWf$p3)x!hw4?NH;`_h6ljC{6 zR+`|hr@u^?*OJ@QsgEZhrku#8(lCv)zFVn`Vg&RR8a9kcLk~>x)dDMt!;fZ)%qD5d z-+K2E6zIndN}iba%J1X@(P@^Mir1L=O&)49`aVLNLEd27@RLM|Oc(&T(vx@ComKjsrT8waO;JZt8Ivpp!Xs9@7MC zVmp`dI8o#;?T3}MH4`&)F2Dxyf=bNX9u}=k+tjHZIuAPmu{FF9!hjmcd}PuBFz5w$ zP5)1WF|axxv)vM@!$)a~!m+I)9y{q(s+{G_K`ayxuKMz7_oGk;Fz8U8qZ;hh*A-EV z0Nan5RzyDYT7$}<>{UvWo0DP3)HNm#MTP-!gitJog!ZW(+ClG+dwlHwx(B~pJr$6K zcvm>=p2bo9T&H68RI<%OlSK~6jl1Bj1re(8#p~hjq|E|Wh0QaEie+r(9D_f+vj&8_j34h-T zyP(Z9m7u04ormQ@G|8b4AuBB`^p?x3t}_OWJ2!_a+8|CAf*VTe87`m1)sLlH6n?Pq zGh=_S&D7r-u=L^-v9^6!%LFZzF;J)hbX&d_Z6vyI^sG<7a?eJ<;Fx(mxkqRcn&%^& zYzEn3_g;||+V3v$e`?jz%d4@;f$<9e()G`}c+E7_^h%B;BXIyp3V$+`+xLRc&S(4N zPL1n3mEPXsTo&a*>kx_4!lnAwCnn&H>BT^XposmKMPWGx zca30Ku~*IW-dhN5r{5|YKH41OuoC^MFer^Zq*_cc^ON!1_K)J_-IZ(0@}y%S1nQmv z`6vwbMWguEm-#JK-*m~xG3fZsPF`I?q1uPr=k%tqsyzM?P2f_RVQR#5m^94e3TK{y zd7B~&E5U44d)O2g5fcWQ1x5*R_HD0zy~Q5{{LhihjR!;I88yr_?i#-fdN*XP@8(=Q z$AoqpL$`jQYo&^!N62bQ>DUxQB9pvaMxYnkIr&NBB+}y9n0|xrS_3O<1A2<@ed`J2 zb^n)XwZ$R+XOlk9GYceLbT=(XNvcI@)K`{#(v@JKh+iqtp!?AUWuH1G#Svh)-1(k& zJR8zhw__g#LdsI_CFa1sN-MF;Vj9-hd zPQnvg*M@IiI+Ne)+*|172ZNf$a@6|eXTpg?>)baZ!cKF_s`*Ubz5fB8t#Bi7eCRrk zvVWhK@_9BUe7p$~uc9qn(1`^Z8udAB#dq~NH{T*S_Jgv>$~;{boF>3wW0yo171Z1^J33=Nd=njfWh4CC`J?H^Q->^52qYt_K zr{7_A}+bmu^0QoT5uRJB8km51y;={Yibk_*%YW?l3KC zmm)$>4CoUVcIpljc6MkJtI||H*v`NmbUjucC%xTQKE6tF?3F$x3anxO^9Xji{eRGi z9V$7DWWRVKHnDVF2vr+JKPxck2?KWwz*g7|FWh^$!M7{GB8x)gm&r}=U|oC6&az$Bvafdbe!^;%@P)Gpt7b7QCkNviQGhTRl*ERf;J%uu3;64v zb3)GcHaj%XpU%D;a8m1C*AN%o>)7wK+5e-IkhHnLBUmz~DUY?0OD_J5UJ&6A+LsD@ z*Irx&z8N!xX9dW+-Kn2hMmmGRyWmc?&v<% zel!H_`0e6anbv&Ympitds3Q4@wyFlnn5)OYxk{annKF z@qX@+Q~`>d5O@UPLn_GmU?Wi`Ni%z^T|&@i&9D8fML?QPvxvQ*vH zaynf(!TtrL&v%n*c`YkaZs|+AyhDDCI*3<1ueQ zMXY)S8i<~;r=Ksu)5H%USHyyp?g!NEb^vav$?L3lohzv7tbcpLwHR{c7f=2Ry9kak zT+Y2vSo|tUBrrCUw95~@dueiT)QGAUd75kB87G0wWVmES8{*!56`W3oo zAgttB9>E?xu)I)({_7$G)V*vO?~?+qm(6V=m^E2*8ykSye10*ltH=B(4=P9^cceXq^3o;Z#S#b5@<7og-YQ zI!>!kpRC=!GNbZRGvd<*!f`ixyl_HX7wNUfALZEZz7OfE4Uw55W@dKo^sh^<>S9GG zecbUf2ewxA3ox^@aZ~kX4q$da*FQRMRh`B_}UShQFG;ny`Sz#djN`Sc9zZQ@4Mt8w(vd0jw?R_+MAG z@9n8qJ6)AWalRyoQ+$hnVL`iIvF4M2t@r>yexlP`s7)9TO_q9y&}6*3Wujyj`(0Z; zKQtBdT1zEIev#*Y8I~r?3=#N4Rlts*>k*nJrZ(44m~8F>m{tRsR{=opX$Ltrit;73pZpkMv_L zx^5}wL<*i~5q~Vd%8_gQM#f>il!E(o|HeZjGJdGGo_g!E3HOc*L0(0>zq0rgT+48o zKjf8TRU$4Yrc33??fdB4r%Tn#&Db+eQ*y5pjC0D4xep(+Z~+Zc1JrK@pfzP{>6UfN zy371);M59M@}wTl*fv!~QNn0Wa*xe6Bb0q@vjoN)gnQhLSwkGBOVJNsq+P_fwyNHe)-vtBNji61Onx}$lwar?iwHjL&)A91JAa`bk{a*FXlcI?#o#`& z%N^oS5BMHu9>p<;&)S`~3JTO|SY^){o`H%5j)I-i#YQO>Pmp#G)~LxySJRfQtb=}B zog!OKDZ`=oey!VS;h#;+*+x;XXFN^cfP5m}&l?V#R0YM26loiI4XD{mzh)|Ri7~*G z-ktH&^#t7hk07hPb(eQ-S@()} z=!}cs;fBg=vNSO$QOk1x``~dvEC1Kt)4KGT3nn_qJoA0-i}ybmf@-*$-9q&SEa)#5 z=?!H=bbU>cJ?mZem5VVK{#6~W*@v3uC-UcDkbL|R^1}M+Oaj*e=Ve?=7uAX_5KNN~ z2A$$^_AZG%-?-<9za`&S3>Rt?@%@+8JLTLZj$eTwD7>D3oduggms0c>MR!DI$P``$ z9#OLfEP1b5q@AAE#{`%)I0m$YMuz4aSyJ0#)b~5D7d@6{X-2wCEWBn?D>AR> zAj2LE7ssw2)O^z#NR=48S0Kc?-|=2eOqweWUi56ulGGUceTtqgCA6FbW!Exf%MI_} zE!I7ly@2bNZeP0sRdFb*?w+0Tsaf>VItgX;H~W_-{CeAO==VPb^5>%uZ4o-p)1HC* z2UMEGhKGx6-5lEml-u^;F9p(eKFl(eEbKJ6h8lo?RBK*=nL-D59?rD&dczB(pyJfe zs&9q$hS|~wHNbrKhddd}-cKs*y0M@G@Df`O1Z7I>75GI`; z{4q;!Fa(6m!e_&S+Q%Jw512&dSeM@?WO(K?mw5XXxeDl)-}drNw9}I15kC!j6-YtN zm1|k2b7XuoKsoNlfC`f|oq}O)D1%TUhdPT!mb^`eO!vNRg-?UNG%tdMPRiDHjMg1J z5-75&xYcBOT#!ZI$5pV%n~hWt`Sy7He912#c)NkdBZ?-U-Tr0Q^&o8rwAi|=u1a5; zw#vU3p{v|NPWc>Et2!WXo z8bEq%xje0M9n`>ZsuvquVQ+FU#}caZn!=Wt*qr?MlcJWemWBdmX;nIF8#nZ-V{l&t z$-jyiGFR3N)eTJS9IDj`f`R!w4M1eANk2`_oG35iKL4eaaH0Y%slGf^|6%;`c4{)P z|AavH49uk;!tyVuby&83W!xF=xq%xkFdn(}Rv@u3!YaFp{iZ=u)Q5`6T%NFV9t}%? zg&R6|hD8iL))X&l-I}e#S|{hhcK7aFh~sMzf(e1*$(RC2oXaBqw63{j-)1Uhkgg7KMdrJ6-TctbEQ-?c6w4%!uH)p>e=w|f zikK(AD3EtZprzY}UzN^m4PkT!;`}fT0oDJN%JiJ?$ocP_RAHrMi#6_UV4@5I09nN- z=ePh1)msO{_b9$pS;kW8j^a~d`YxIW;W$m}fpoZV_ZrVxnm(bD~vd*QV3e1r3%u4YP=df~vm z2Wcz0819KBQX)^t;TiE2;&s-#c4v`dY@yb5UIp)x+r48&N6p!MvChZZqUjH+bSm;x z7{VXdvIDywS@Oq7|E8h@nOn!Nf7c9rjIOWk;>SNi6ipPK2kOJ*g;S!Y*Q^gjEOhcw zH|kNs4)}U!#r;KxZ!5x??_@dAS+2T_C&Pj&;2fWffPg;vl5jN~&x{E;rxepYwCYlK zXBKH`9&1-3pD#BfFMe<#TB$r{2zQZAB#1UZ${)Q8cv#_UBRsLEd~PRz8iYiCwIj1H zy^s}qZW}c0HmN@BI?+!~8b94MFMZC9bGC8eS*7`k+`~)4H5OBc79BH`%Ec5eG+hLB z>y%~f>Aw?@`zAt<0X+ESr!cwyV7{cb;z2FhZrJ?SSsJD{J@oC@X;k;7)5>1{xA z{?@CA&r_@?6=4xhEK?<4A}T@1dWu~ErpTC6dobE*ae4pt3!Xu+$>!n1ZVXBTA78v4 ze)CPvBT=e64X?YUIc4@}h6Vh2|6T>>agCkvGt4^e6Ks`M-_k>gz0l6(;pdbvpXCB9 zCf_R4Ya`q*)~D-4m7`z&+-5?mO$E_x{j#YX841&sc z>JVjEG0u2zp{x-mER9NM*SLuDZ`Yjr3N4hQY2n77}`;uS+KC1M64Zq8w#C*yl!hw{~6h=|6;Dd~SqnHi@dXMrM9F$sF zjW~EbZ-Is#YUz~+1x$!fTkg0-wj^LN%l=!~H+&OSA7rvO=^q9382>`1=(x{jS^gKA z_*p3CN{%Xu(clGHrO@KFVjOGak)QuYkb&Z+#wg$ z48J+-e?3VjefIx~Kgt~ikY}b%-Me5ksSylBm>IYO0vKw?`@29KJ#OI8?hxsOY+4wy zn}0fQIUfzSS@ks)6?fH&)qD8y; zQ3x8T!Tk#=A-s=EwC?y3P~It>F5r4x>dNEYRn-O{4;(cIlU#l&QGAHptv)oJDti?E z7dOM*3B`3lk`I5Sya0poHv*&e=h3qJ8ob8MFEdWalgq1Ir!w+50+fJ2|4j>Nk4Map zKH40KrVmaDwt2Dg!sf-LkpGqG`N2VbNgG1fGy#hjXyv=6o8b%K1jz$r-dlhV!Of7@ z`rcKW-#B^odcR6=(IB9P7Ypio=Muy7^d9#d_hVh)U?zTAOqbx_Tji^lVZ9m=liH);h{5dU<8Hr@0Tk1|2s(U*H4rfyf9N7)Wu7)Kca5B$?W}q>Q1r` ze%JWr232sCRSuv@yYIC?nMsp$@(l+RciA`tc+Fzs4!Up{M_STz8ZNJ;xe)-lM+TXL zBVQcwyO~}UT`CK5nk7hbk%(g+QYHK zRGo_NGj7Q~lbprE+<|%AoPJ8@aA*(w%douze&B>AdsPeAe7Da|+e>ACV!Nt75GV&w zU}VuPU%_aA{GG;XyFTgBf)pD{5s(gnfP$ce&_f9&l(C=!f&$W2 zdJQcJ5JEsjM0yE<1Of~qHGo1w34yc1%sk^fbG`59^WpG;DAJ(9avJUyQV}G$IvElp3~7b<@TMg3b3VJG@sixKqcP(<|I`{oGJs*mOrP{N}s8~<1*a!y>% zT3A#YP+s_`xls~`;KPbku6zayyFn>xP*>7=G+@Md-8 z)+4g~5MIC_r2K)MJhzqU1;@x|Xc-GA?Xz9NVNIlK-`}BFqe>u9 zhKzF3P(ObuJC$}^ijrO8sY`Y2$+tElqP)q!OE<+Z6DBS`TIhjy+F^g-YZhB;h>XRaaA7OnlfN1x8Df>7IAJtS#WZ}L0zD{3 zSG{&6Fe^KitNZxnG_mMjlbO@!mx2Vl?Y$+Q+2W{xV*f#-DAhNibdFXqb_|5Qng|Y} zA0M?mX9C1=9Ec|lPjZc9@%MZxnh1CZ1U3+hG{#D1h#%UU?BeiC{n%&?U`mqBtZzs>(BPP&z8Jtye$!h zWOJ9;MUvq>ojPW#qr5%>z-SQKF+Zkm^b-Bl5JW3F^}d0@PMHQk3h9sz+haRlC_&G&xCeM->)7w-Um5VOD6I6P)5Y_l5X2U%<1P869JQ z_}FU4jZm)k;Z%Qb<%cE7WCAH^M*;{8u^`=mgVdv$gF6mrFZ*;X^pFsXfY$M#*68&8 zrno|bn7K9I4(R=VXl`Im>_+|m%V)FM_b|uW4+%Y zf;g{tGCl*Sh|GW{wEbypJ`&dSEgY9LHz2t30e%9P_QW$uCTdWaq0Cv$56?q+ON%@w z+KnlIINC1DQs;-3xchmL0Aq9%rrMgSsIPvb#ckB8S9a`I%%!Zg)qHk!7QJc+K3Fs% zNQ9HjJB}75Z)R&pHJ8_GEI+1T(ihc^q>sV|U6{SB>TU5uFFU3b+f8Fw2|Wr8{+u*o zYI&P(+nJ1P*k;b~G0ZLqYekJ#^oqiN+NR_S_7uBd!FgYRu81$^fvvSR2fBSW5%?6t z@qw=<$+;6Nj9>$fE)Ql_VwS9rVkfBjv#MCOjVF4H73RJa)!@@C$@#gO%rfg>UDQ;g zkic{W`nB?{h!0c#W8MX)aa(wGy!u85l6rB{)j=w?t^QLz7q}S;GDCrm;EXJymYF{N zK2`wZ*Ud%0fShJpJZPPr*WTEaW<&xFN|kbP(9k>F7}unDXf3jyG-6+~5pvO5|KA}O z$<62?t|ip!orYoDxjlHhY=QCS0u2oZNifVYkbm9D`&?e5H?)S$n#esKaX2IKq%Fjy zzd%h1Hl~RvGD%PL#{_-@#D@xv7GNIR#UAemNTo=MU> z^kA!FX9HL2%_e;xWcXvW4sUZoo^xs*OI-S3j8F4-CDli~NASG!jtucEQ!d$?B=6R% znT#JAb^^SvkbFoChl>dUkxW*SW!Mh}-Y5)7Z8eabYkgIJfz-zL5dx&^(IUwhWo(`- zh7x(}&CHtlQnr982Ox8b=*~7Eb+oJ8CYvzgGOUUZv}hmq#8gjc(u05jL17O$vZb|> z=#%W78rOSAs*zG?-Nlds03c@)WBM4>V#WoD8_lTEX9K}U;}yR%Dct@1@=!wPbuUS-6|+17m&qD#Y| zjFk0lTN(5r2(;qbTmbAyv}9077f9AT8B%kJ5tA+$3tny6S!&79J)M)FVc`dImakTO zU<09*)G2axDZbWDXRFr4CHWz0%mwEy%&Z8}D#`nH+j+Rw37_ig{nN+18C$6-e6~MCU|6az|F0%?R+?OwLV zoP{sCWgclG53B^7gye`AHj>BuH2hmbb_PtOiXbW(CAz{TtHl24_@p9Y@HOB z;knd)hvKlgVSmNeX_dB`2IsUSyt7HeZjq^~d=&!3fkr*khpe2&#D-I`Odan+z|S{P zt%7Afo+TNX`OacTzBK#Dt%+^fm<<0MRq;BB3njSF*qp$Ayl&)?OJup0-A-i7z-bBS-jDO{%?zDm}QiCJKnyt30+>l%bq&?neuf z56{qK=B-h;KoVKlbz&zvE(p?9UoVoJHl95HwXv}2bmdKmPB1w{dWZe>K>J60Q_wlL zV6kkz^U!y}Ex0=kaWMpPsn(#2X>{%GuC4~VT%MYvBD$je(*8(Xi_PW9CkA^^jw-ajyW_Y>ejRO( zkW~Q@Har7NQwYjssPf?74xq&drictSh}rTxms92T_KJe!r3*`gy?z!R*Pa8__7W9e zJ8uh)#z9xD?Fq4T+(EfDjcS+bnaOJnsR>hxnQC2F{PAJXaBWYCT}4eXfvUEMXl_8l zHf&Py$v1nMis-yscKH}%a5E=~$p~4K#|C|Jkoc^tzE4|oD%W|UQ=#!r356xMx3+gA z8K~!v>V>T!trDn<2_pTrk7{=c#T_(glNLWB8&->~1l+EAM(;4@mTmaXxFN?h ziPhBSK@ERPw=^{WlwrF8I7AnSs_bbWmhv(q@l=6iw~4WwuXSIv`kwSa_G$E$-ZRef zI)!GOfmD@7w2L_}rV?H3=W+%eCVnWWa+UA<5`w}=288{DWdSJdKb zD|Lo;zbj;K;nfmw_wc=de_$svo+w27BqRU}K$w?~RF=;(T{4^nw%~*3UhS7T_>H$| z-Mqp)YB$Oh7-5DrEA+x6v{O#oz}787`yIcU0)hh9&|2ScV#{0V&3V(vU2VBZCxg$u zF{leIdamS3e}|v}Nk`Nm7)12j0YmwKogw5M^3JTe;yc5KKNPlI%Dr3vv;tM$Q7

    		6J7y`jB^kR#R^zW%87p^C>NTj>LsM7;d8C$#FouVN#Bpz74R5mAU<%PyEC#svt5T zB;i2lK0aQ#B|5c(N8PV(vYR(`7X7u+esl%+0L}pu>I_xjsi6KR-U?aMlVhPdj1{H0 zJq9ZUF-``gBAstfQc3OB`NB65Jmk1-w%bK`goD?>G7ZQg$C|a_ro`R5-*Ifq?PsY z$I07F2+8P5Uj8Jc7z#=?4T15y{as&)`+B{o8t_W`1eE&gPIp7pjx8-k;)xqGj*VY` zRTAv4q(3?p<(md#)Q<}|{EIO0xgS(ul-|2r?*1sz4pM5Z0s1a9>jofN-feKVTZAJih`@5cCI}O~ddQkKZyEv2l`o{Q*-GtwLgGKZwx--I z4daWmtgX-~z7XT#aYeH*YG7P*?`Z=`KMkZqrdMmFUR&(_k3T@q+k7)WCF8g%6R6_N zkN%dDpW=DaG%Y(N$nx_WPIu(&f^kvUCQ4kjx4jhWv5XNk5wc^kReBV?^&}U#c|K=W zC}p*yy~uN@6su2d1Uy2?$(yXbGl5bz7C3Zw|MBc$HC8GX$cdGVVS-=Cko7x&O5ZH z3yycPM8+QjIdazezzF%edVIivo7---K^|yX#-Cc=IQ?BwkR6y=hvjX@cvnkoOJvbH zX*`{_dO9_Uu z#1DF;3*6s%;8kKbpufEh=ZD{+%f891kP#Gt%0iwApPBq z2Gwx;i5tP^um)0uohSuy-=2KQT=nb)W)^?l@Cca8(L|+PesVZ3!ixGYH;xK=Kk_MH zoOVuMd`v7bOA{M!9p-eTO-zWuRFrr4YsP}mU%rB^n!oFXWAm&1gxZYvJPnKtgjoV( zz*k&`DyonwC)(gw{fVY8(=t+*33-#G5PsW+fT5 z9n*(phnR`SeN+UNz7^k(qBA9Jy9T=R?v>eJUh!r?ueA46RDh-cG7;VDsBzcaE_Kp` z!&3Ylez4-eghesXq4-r~T?QV;pw9dZ5gDx1*_?`k+32s<5nVdVZkaCq*$SuyTMvAR z_YB|Uy%Pd|BK-k$Mns2nP8+oNv-BtPP~9*TGLog$WLnVuL{R-Z)%7zeDb zDyl}bvBIzG(GGEUzuB6=8#jFPZ`D-$Ax(2*EDw}vLUGRX6mdJAO5tmVoIJx285{&&N|!Qwjfc{`95oek#h135i!&D(K&hR`{u+p_@? zeCab(VuL>--e26=q}h@|i}#)@mD+2m1dZSCcvDpv19Y^TB+=oHV`J~r=~cx2WeXHz91)%2fpW+zb(MO@}Ug> zp4miPk;(WH`-MQ6F0raSn@DmiA+Y4%P^noZtn#_G%%W6;y|--krldQyF}yLQHKm}i zvU1U>ii;a|ICxS0-NPOJ>`USkh-VKP$C(e(X*4^{mF9AL9E`Cl_nI?W7expP_%>bH z7?app*7CjBu5B{t_^alH^gDbzaxN38MQYPa(<)qJ$jo^iUjd9wgBZ8>#M(8qrf*kt zh^Dmq%=YEaL-AgL7QswMTp;S+Hu^b39KdfS53dQJ73O$F;}mt|q^ekR(k#el~ zb^OhKz+Pck$N+RBg%TXq>^WBE8xV-vdl?~!A9CVpZ zjs%DzSlvh@&FP~Nyec^0dd)M*r;LNefT-j8uTDchsp_S!fNwJ{55+$KX{f7?xn;Hw z*vW0xC~Ja3k4=&-DAp{H@q>iJLo(($12CeiW`|7=&U zoG{;xuj z@f$#Qiz#O;E%^fDSUY+Hbv^*{a$`^Ei;MWi@5y-m@b=S&;cJ8GmP2p&7HH%2mZW3P zy`1H4{@|jaqo0IPvXA|QePA~;EX!PoY6n$&_@>Qrjc)@NlmWQpt>>JzwPQ~XhhCDm z{SiM=R;^4+Cz;j*E4PFbIDh1oeh2zIxvCfeKOk@Tk=UT=2NNqZRoCNOC#^z^K#5S+ z`-7&)ugZW~p+xoS0*eW>O`^l7PS6&)VYhP`fv`@=PHyq>cHQO%=a4wzn{0N!x)twx z?r2?Ou8LX0S)VOOEvtsl0BB>b27}l#nG)G1BVHI$3uMzeEvZ;AjP|7e% z>;k{21(nyjF!i|anC+M=PZyU50tmcTl{S8T^($=$;>G0!1t9oZO4_?Dg6AN5C^#r- znLzht2Xf8wWV5-ot70$tK2ecM_3QvZxGOUCPV>L_eQjJHxhySGx%bD_lpBU2ZLa+w zh=R@8-;#o_ZGqisSfdv2wIp~GxgY{~nRf&&NYPMYwp!itbhUD`KU(U5%#0E$1u9=Pod# z`_lN156+_ljR~g6^_NEKYH-20OVOzmxoy-UdBTh{8q)Mp9Aj0OJct_Ge4PW)5y3rR zVAHy9F!0LCnB{)wR|%9&got8v2d@K+Ka+8y%T+L`R0{ zT0*6o(Uc-$3)_@_zN(WD6vqCeTA}P(cXYsS-EM|DQ09Y~l8|$+cQEFzdgK|G1XSV9 zyp24S&Vf2{n)xN7$kNe_>e;8~Cng;W=m^$!wq6Np+k!t!%vQ14zC8807!44hDWEvU zO|!+i^sU|}6jP4-r{V86o?T3ouH%C>p}!>*MXaA=n1R~C*P0PE&hK!u6MKJ|R5B** ze~~b2zN+%yZt>>}yN0)dZhR=iE*-B5l;#^LeLc5e2Qf)(@Jm^&(nc+wx4u-QU~W01yLJj5tx`2$ND} zapbJ5n{&LiM|7ORy6kYT+H$`%-%j8T2I;@@9b?dC`kxj%fwO_YVrTWDhzwHFEmxqK zjLy&AhgZLTkO542fr6mX2p_BVsh4!ME|njsV&J_SpJ5?Ah_=7hEVXoKEzd+|8NRRgN^GGn2gXQ%KJ7cE|4=b#WD##rM^8d^FecKK68 zQg?y-RV5EJ${c#+Y%#iude`zSsIm1pQdw~ZF}EiQDFE41b#1#&XR)^<5E`ig*`(nS`Wk%;K!xT&i^DK*mMZ6GY%~` zO{>?gy>a5X#$KHDN&n^5zv3|3B&5}RKMw8#UP?)Sb9_)3cgpHg^IchKQpqEAX({2eQ7=<;->56!Kl(j~k{;;+@I;uo> zSG=+_=-qn9AyGXOz-A*$>8s^~0`qkdtV)}WfW6>(W3{o>LEWO%>!CIX;kf?vnBLP1Wb-|Z zTu3GuxaMA2E?u+ydrYliYWHVCXJ6pCg3bK9EBw2y3Eq`A{DS~gTcnnoNt--e-lgZ+ z_yB}OAQ!U$yUHtymAs)mNIv zB>0+{Ac52WxY6cH@?B_t-}7|zFe=&#W3)lg(~!S$%U|uHs00k=zqS- z72HkX;)m!<;Qu}^bGJ+wVt3cRC!PXIq}Bu6jrtgC-5XXrx5@v!UDUo*Iom&us!>zp z9KXW8iW9r~F<@dW=_pWhx+QWk`_aZRH4^*_kx^E9y)=0EkAo(E;)6s5Z-qJ-{airW zFZy?F+W1&{@_(JR=FgBuUY^wvZ~$v_N5EZj*_ zJd}L=<gtzXl)q{}DF+v5(Jp{w=Zke?dk5Z>Rq_blfL@QA_^u!vF4Ly0p$>1ak)l zcV2LeXd_|VYjWe~-7&<_-9y(9&*8m( zf1KBSU$5YqwOA}*4aXeAcklhF%{S%Ga(FltI4CG6cnb2;swgP9+9)V!nb?@Xca-M$ z<$zD9PO5T}C>0}AyTBLdW)hzyP*AF)aqkQfOjATAz*kMTm`Z2`K)3uOfv35s3(UBdkQ z)>vEV(+4ML#+;Clkai<`x?I>|N=C+FMn;R!wilCZjBNOSee}tEyifeEKMDUx*6ob;G;>0M#pFMy zi*C!16Ama7_KUQv@3y^B)VFyLLLR62AYX)T((d`rxNeBl?ws@4)+dXps+>W$DBov( zFAtX5wG&yj3$Fx*vc&YGsD&U`D#il7cTH379W74HR&%+{I_;idzn}m2?D!k*zga7| zK4CN)(ec!;T4##FdQsQzd{aXu>aBsmZE!>Ad7SUWE^RN~`#mPaGkxCi!T(0glxVG4 zyX!L!zp$Dy-Wj7)y*%WcXmMdl5%p=I5_Oh;CF)%qy=o8K`CP46Ke5ov zZ%>@pd+WBZ!|YQYwAOSBU=*7Dc@|t*#HgmmX#2 zrsAR?6Sj)%3-3e4dlh*>g-8Ft3Qh7ma1$HD!X6tTqPy453Gnvx$N16O)MA&HlvnHQu%e}RjEKC4?$(|3s*=T0McT)B}pCvl+MysOx zeuPnP^x)0e_PHoxBvXK4d!#ukjZyLC&GO?z(UpuCwidfyn?{TGiH!KFi|3`V&n<{e zx8*f(eB+|1=Le4#ThHa*2)A9%TTN8@`SoXtv|4^tZIUOtx!w1T6ZXLI`LW%dA>_6( zTCQ!bzQJ$5;{P#2PzFJKk}J$tNdeXz^GTvsj@I-0Jb#&Sr~A zN)uu9CeJ42sF=YUvJ`-#(1j@;q*X=lEtJF$r3*;$#NkEX|F8NB5eY5Ni&59}ka64? zD!CF6_Px`Hq7p5;@^C|5+K}Ydo*~-3_JW~eQB(rC%eaXw>b6-DZN&${mvg;89>yC| zU6$HzHcBf!2ktO%O)hAx(ib@_!zmge0&Od<{80wJnI4DBV`CaXr-X zINd0DcoUK&>~T6^_oZ+k3*InDAa=I{E8fry#pL>w#v40P@ZrNgtlaqad^eUN{g0JW zmguKL_7$Mk3RLoX;*K|yz<$nw%11d;SOrGC_@^U6oB3aQqd2`_?_6ZC_ZuFjO1_-V z0EK0HpkXneUyW0jDe9x;_mf_#Orv@uFPcJrm(v6!7Ukx9w~8g;eI2tGjbFverGC_V zN@lJ>wZG9|13wp)!M$Jq|BsE=1{Z>hs$g9#e%ao=eUA=W$k{>V~QGeP@ThX?EI% zAp_~!j7Xn1NN!q!sxFNYOYNdc8w}@8cftGIgs&q;R^>sXI#mV%cR)$r5{3moB_0?v z>^5GwK2g2DzheB9${h!ESF^vR$KySeT+L~9iHPG-RJ%`kp}UB@dc~6VC0Nq`{Io#P zQ-1^A>{MjwZ16_2Cco{ZhtgC3+(B168Vmngc5kMX$!exdY3tPi{+qhU z8E(FxgQ=`(uNC5?5e&J=(M}j_bNCxQ^S7`{cM~TvWuD?3?ci?kxVoRbm_t zSB%?gRgBZxk9c$hV_M_9lP3-bI<3Om?{62PVR>@V1H)UZBRBAET zAv0`jrn_74}ihQ=(3nQXKT@T@kDV%nSL&;0(XrS}YNo*P1)>HCpJ&~mZ zjPwzDW67o`YceASoXnRUS9+V~jk@p-zYg!y{$5V6OKTr&8Aj}C{T641m#kW^|Bf}F zf$m1n4nnA}rpl2yOH4IBNM212Ki^*@xeRDgwT@du1y>fmR&r5&7>bPA`u0O1mN3(R z(1w##cN;0TLy;5rkT>3RR3c_0h>02*r=(J>KT*`$%xaL=XqfoUt(GH0nzbgs!(%5- z*Q3EwOnL%g|1qv|<3ey>$^*yh96Gi?U0Rg7RZFkh4KuR+X5GT>I2)~A@^W+RB793S!RcEqTcj*rh2g6rxUh88^0raIW6J39&USJ8)idx@ZMCM zfa1&c(ba=yC&!zbtAS$d@k4lr62htYUc%-+6Ahx5cU#X#%9if-^chN^G;GDy+41n! zrE#F9>9=pd6AYl7a?NO%Z7cLU^bo}TX?$5511Vn+-(LYW_|GBS=cplzb0q@9Tzay= zO8v&+oXjljL5s$lwxr(2+Py?MCs(m}WS&*C1vHSzS{i*A19a<@>%q!~bxPftipAHT z)A?_?a(O|YDm8N2fF_-LzIT&QrrWBPDcq@&WM)1FDzF6iC$VRVN*iAuXgcmqy=`Z= z^x{%_WoGc4q*)~grq5p?O=4C0g-OYx*C**hblE=L9E8?;qIJZ#P#GsFZHOhYpXGO} zfJs2H(RNEH3A35^W@b?@PkgxVh&|n8Y0~AvQpaJ|%MJFvJ7KbfcbFaulJnkaE94yF zhUcaN!&`AMk#%DvL+F<9-H<=@Vz{k1IG;d@4Dj@ljFbQ-zoF7>`Oq-;U3Zwo~(TbMys^+C~vUf`Da|d`eRb#iL{!R4@CP(;cdCIPa3LoFh4cf4|t` zlH_qlT6}a*!Q-trO{-k|+8Tdavo%To^J{iXZd#2uaOfx2v1 zj%HVgdmTFfhV1yz16Ph7N)uAYpvV(^=Y_3Iae1`J68%bK0@)^YVF{|n)R}(mb9=t` zP@qV<2+{Ql^r*Ai#&1`89e=5(TJ$;ZibzGH`{9N9w`2~(wllkbtkM3tJFn%ofqlGZ z-L6d1^Hlhd#KxLcZ!>6l{$g`w?}gCAt)i&u%D-8{PV;z?lDeaiX{QB%QD3n!7qg$<3s=i6+2O{ zn%YQ67)m3yO3@>WVQ!Zo4xnKD8>fA>o1<2{0*m+_)k5dD{aNgld-ji$yf(&LL*%Go zmB6H9-X6_TA3ZE9cjmEbL!`3_o)eG@%ex-Tu5$edF{tPH<~uO%2nqC@Q;khUUl;aNRo7XqU3`N6m0FTd6A1+C#MTI$(A$Z5WO6P z4X5!HsC0*pY+oEs%K5z}V|%m}wsqd}FvrTm1F!W)QkNF$=iAd=2ruN)bf37JZwF9= zsuAOPt%JxvR%^8sY&uQZOWkr8`wBUYI1q;)2msj{p|-P^>Cf8!px~LTrqW66r!+_PsTU%2$K_ylxce0G^UL5^g|1M01z(1c#RL- z6*xN<6ZvsWc6#mXds5R&0L>WOoh-Vb!!Lfb(Bwdz!s`?IlkJPF4WeD*7scwV>2Ru0 zQ27g<7wmdn1uYk+n}Zv{B}AH_ivgBOdHgRS*J#MA!AMFz0F<(s_X^0>-*c=${;_Mj zDQqFYRz?!@b`+IgVG&@cPmbhJBXhchh(e+PlsVAY9VQe6E4F<+bYpmJ#@(ul9?OTV zxqeL&iK@Js8t`xCo4buwF$HgRqakUkxH4SyA0al>N!NA^u1CtZdtO|~W#YxYY=D~g zN7LS#{eGM(FB#x2)_%q%=#zXRoQJmlGCeva%czB5M7vz^^19@XV?9FHGf`3x>IHicOF5aZFrPc&;QHi8@+pxfjzTT|Nm4JHm-3J25rJ^D0^t`G*s19&5r zU>^pS_$++&7dMrBDLQ{oH74eB>rC>~X0oLo$JFceL$0)Kjv&bGeifkaXnKWdxCUU=5(^&NDP`Xj{_)M)CxzcGhz*zV58qHBfMZjiGG&r=;BV1e{@On6nC%zJSnc!8(JidyG_zUq> z3r@W(b${_9W~=kq;GShp8U#Wv2XD|Yz1QDY`D`7KPn-ApD{Jh5O3tChc<>C2v+cpl zL-;uzKDL%0K)@$jK2d%nWzQ7-nae_D^^;v+0^xMfJ(f)`Oi>=psKc0N(AoGG*Iwe1 z3e&_VQww^_^St&4&EF=oYP-77D4)!?EuWzy^J~pUfClVwwwa_+{dLzz`bDCxRqsDy zk9YA-i@%piMLfNC>kXMzoMEj>`WFmjX#W9jN0XSrrI_BCeb`#-0`6>uCuQI2s(5O+ z!bg)!KWGd6Fyhm3+1lQjs2o>c$TW|9CMwH|64@Gl4NypHoV#hi{#BY=@a+Az(Vb0>R9#eTD1lQjC?YP zq}$GzUYZ-S`>^%LJM7r2ouyA|r^ zh1*T!_y}b!ySV?l>+(EKGC^y|Xy)f34v1}Jg_vB|BB-5pJKl5xJf zD73Zz$w={7b@Rneu?rVaTX2L#T0MAYrmu&r?W`iwmpatiw>{kMd(w>8t{=yC?_Kt-cGKO`MgAL3=5~mW5Q`8ijvT&5}3iBL8uClHN!$*K*}ZryXZ{#a`|d`|X?^-IeS zPbD?v)nR<$Ckn+RcEM7}@~Gqv#k8wjBvnq=Mkv6jTEJJl-A(RMjh4OeM!O_KsWA6v zNngpUeEGNvmDCfWr5Lye)jry^%hZphH#?S$*v|FG&;olr68n#mf&RN9l4lNO74B#q3TNmiTfBH#%+(>(MDHB^GZ}<+we248SORCLl=W6va$fQ*w2y@hAjA9T=vT401DnS;H@~^`7+7H^c z_wt@Bsuyi8%TUJ}4oE$a3N7V_3`fh;hJhA7` z)U!EW@d<*$8{>IxwEFe4{g<|jkEmYaz3ob?k6nP?BZbvc_<*@8g@51%N>fVbuQnb` z{RH32kNxPWLD6gE^@xve1h2*fj_I+UcPGhbSlNw~ZUPGUE)r1yh$01_59c|(XE}Hl z#VI%9Frv$k+39|_DVh(TyFC?oATn(t27F`9QoBO zW=~aXu`as{s3T6Az2~A3eRk>nX!0%ct;J#$23?qvb266ury(yp_0kiJGn9RLm_k`v za#4@f%9#PRELuX9dGUHb06leKHf>>>gGpZLcFF9sl>pM}GfCmH)0gC0W_S{%bW9#; z!~m-EYyC)msPsGh21&@_r+h&ZIbH_0TyO22W;yBL$YqeRm6u{9i~RUTphYW>Pkfw5^F%xs;5>x|++p(U$h1pWLS9I*iP; zrGCHeF{81^X^LZAjV4qZRF}zttP%FMuF#6yPGQ!_o6KCLdMUMG8tOh@b$nu)DQt_{ z4nUkaOnpLbZY*&kNhw-_1BfvL`qy&aAG=>~P01&Ul0YTG`Y$OF1T4LEyIjU|rzD(? z8*eNY3nTY{9xbQY=Kc*-tSmtTM@0<)m#PVDm5^fVTaO-pDkI5$s&WE2v?`oV6X8Rk~7$k{H)hiR{>&0SR4@K1z9ES~Sc1*jj zPim~^IC=c$>#f+WU}XtBRx|zS&1c5&%MRl;_KpvLcy(SKv??GZg04dpOeSVqc2={C z`OZwl>mm-1lCM7^q13puOQz;x)Q0oxZ}|)AuijStb2Nta)~jAL9QN5CQ@J%=hEw@w zXr98_dy__bBP$k!5IfO=2J=QeKU|*%uZZ|wYHDjXnO8gA+_mV7Y1TNWaGTF6(+r}X zxt_gddm5QL>xJ-K#xt`tPJdf>J6(FyTm{_c2 zORyz)=6pziumSA^pIS%|Z9`+J%uw3f&!^*vNim5vNz|u9ZCRrCbB6KlkCeUkucGca z-gLCCrvQB(B|4~s78T>1xdRvqP>>~% z$%uu{xIg-UPaa|A+I#Qq2!p%1i9S#YI)~%rq&B+DMj?RN$n)!$uj5RG?k$5Mf%?QR z5}s!oG*`3S=HZrQksJ6lf*V}o;iZ^lk<0&2omSiT05r=f4u0RYrkPSH+N$qk<*0av zYwhQ8OWXLULw_0j(pz;kK?^vQwUtsz177m7d2&E04L1PikVeHO#T5?$o7Em?rh853 zaPwcMFD7W;EcNEf;F|p6yU#!t-`$)kHXeygxen7{5xfE+p5}nKF}a{j9|@w#_eZM? zrNHYveydFm@eNsWF=S^)N#BTprt(Ypm(|y$8Nge>kxrwz!pNdomK%J@I@J>H@_fJW zX7*VY);>o?gue^LvYQ5$ox{bqO6c7Lx$7TjwNDtnD%9Jf@t$z$ERi*B+FOF(3lK=z z2Gc!|ft$m38XzY%B&E^S(aNEIiE6==gQ;|914X3NNjv^Tluh~Hb|c3S0bp$hkIGn7 zB+Wrsm8fBR*R4reqsGz66%3eW)7v*TryKq-jP4*T0#G+5dO1-OZ=u6k&nJaU`jEB@ zHM(g6c%w~{P@&78q`@S1p>4WEhy7*DQD*dVudAbiK-hYZQVjaj=R46H_WyS7&f7Rg zh*#4aFN9->>Uxa2L-G6ygJ6Ws3FX5Xq8~-JnjD@vE#N_UBKOzfC;)CgKR8+Mg{W5Q@_Y_@6<}HicLP6$)kwCg|&I$l5-ej=a0s8HVe~^ zB>=kF?%f~KJtu83ZTZ!DLD#*5=dwN96<>;?>MWX&6yTVW@DS?p9xQjTgYe$cM>NM$F;``ttHe?wUwA9|`|~su zX!toLOTvr2BXMRkSNQ*UPsa<}ZJjjftq`PL&ifKaekjY4J>arWz+!nv1MsQ@0I6e9 zHHo?%l|j(0%0JLhGY=X<4<5MO=!kO)}0sERtzdjqkrHa~)Q^9GQ= zP|@yibQq3r)}zJb!!8d&;Y-hu20E+1JQJRx8xe)S;0_7UP=bcf_l2|IEUtLuE0iJ1m`K zis)!GX|#Ryt9z&C6hIB9`KL4<@HE_pdwu+GA}>ba%QCCGb(egbW?4RvOR24^?}!D@ z0_t}~%f3Q7z7ID{jXhRS1CfmL{YuX)mNF-7c}n=^J=SIGefj=y6t$l~qrQ25DvQ}? zmq*PlR&yJJ|J1c^g3qM+!-5Ya+6nd{XEHkwkgpP6x6zyYo3ih9RrM+X^K<0gb=rrr zi+r~2E`7em+Gl4MhFca8ZN;z%nAmU&J>Y<-1fU@CCvhiw+?=&47e0{6z3PeHOqS=D zSm6%a%x7bUXqKYq(NjGs#6DGVcGHBJ2@2gYxE88vlt|%Jtdk$RTfGK&ki&ghspJ zp`;?lU;Ess>4s-(IE^X(pZmQFo+>IL>e~zN((Kparjck*HkHOG{D{|@==}no z?6r1Bn*qMl3=QMI9EDsnT|iEmZhoEaCTIA{ng21=(EY%J(8ACveXCAr+Ts~OgkcNM zBGz{K5~?lnqWc^6)GRaTGy=``i>L>)QK5cfSaeo|;;QBJI;Xgb)Yso*ELyE$b6pfq zoCKVjLd#V?9UchG#MIS84ClEmK-kmIRw;w+pYhLGmpg}|bOK!ILR9V#@W$zuVp0-f zpT4~1`hxn)xnfm1{hY6hUM;zTi2oEL;QY0MPHFA!mjFUk`ryfz?{r=RbIjrC@6=Th zdeB6>wmR5>uSI&)># z!b#;Zg5EnZ+9*xN{c#Q8nPEb29xTWKY`F?l@|CgD&@5QD%+RXrjE|MB=lW#56@#VG zb}_eW?ExJmi9<(kmEbE5w$)GC?G@C``6?5=U(+#=RJo!?J@HPn#u!59Pu_snXd7Zf zc@6PZWs?FR4zwFG-S z4VW0Rto)r$odyOQQIt%`GNWQr2@3_F$2EN9wVThs!hl!#w!^E%cP9$!eby!aT3e@@ z@CM5k?63;0`!H=nk}6w#GJfTMKBbnmm=34yN2BjAtt)P?%Z7#GW@cA|Q@J}UgQ`vv zSpK>+2Jv#!_aoS0bMI%=HxZ1z4?zq?g|S1;9m( zzUQ)CzvF?^xKH__H%ee7;+~m8p3Ydz;?!=Whw)l!7Z5sJ1U{de&WvQ#7<4{qEPcLG zUt>0UG;|q4a;GJ6e@x9Tl zbE6STEsx(_j%04Apv&IC&yqk@zP_5g%3(*8bk{?+DAGun{m**Q>Dd8`R)vE_rCKnC)Y*C<65jex85^ei!=(LPzR20eP$c&Dj!6tFCW@xHcxM{Z)uN>LXYtz z`Aq?+50;?*b&gLhSbRiDcrLNht6$vYiiEL}glhtpN(zT>oAc3>f+fsd|Mmi@MZ;oD zm@SjQo!->DSqw}8=1*zdYLk~Q{ZBBMMmu&UWVVJfN+oApr>zYS=j$i(yc#)L(Y@RU z6GhVWr)Q2m4w=7bcSmAlQzm`lqwO=oyPoZ|%3gCY58kfXBq(DsU80~*rmLe8gIdwT z)i*CK9cms=NQTWwwYtqY@7e6Tn0v!4}IAJJ)$m|mQ(sdd)0ub&--*C$0JFyC0u z2Ct(5qAbO7_Uibp%l@>F{ul?!s2thsWOYJ^{Q-~p3Q9d5`a3`Dt<=(RB-$C_s(}(X z8IRqnm$w}5y_YU}=~t>&;jBi&+r6Fs-l)Y18F7KHZr1s*Oey>Tu%F*+>9)ui@t;w+EIHDV;@zxV) zp>_3dL2mwhC%KxJ$CFUgsYgL}6k{)UH`jLJZ9TUbd55(jZf!=)xDQVZe$2zMH zZYbxam|MGETzJFRmeR;K>uR8R;YvdFuBa&&yW-uG>sH(Ck&HbkJGL~R^^^vuiKB=f zXZPJ3P;tx|!s6rO?{CC=P(DAK<)ddldE@5ph%0)Wt}W~jc@aFY`a~MPcQmllq6T)L z0>|aCBSntemfDfUE01UA-Q@o+!Bxman8|Ea&fXon-~wO7um}OYi1pzCVGPVxMN(@q z&?H&6NaXb+^}TxH-DdHtri(s5M^~f`cy<0pc=GIvum>}-nSLx*^b_pfKfwHaM9B0? z)64HoSxjwi3x?(nQIzUe8mS)wCa#t)I66TXbZ1L9TDyagCfwr#*xo_(K-7 z0h+2}b*@bQ$CL?GWRTWGiIE(+$gLbeT&5kF(Wj>fH-2wZ0gf%;=W2dxmAr8SF_uf9 zVL?8a{>7-6N|IsijCSsyKj~fY!0O{Fp1l&?z)% zX}1OyPkhu3f1m0<=0z_AGGYe}XNqV;)JvJ`EnzWlzxbYM)bqRsE4lgQFg4b9SPZK;XtJCCKIyek0;t%a(R-<~(8jN8-C z311K0hgwbhi08EclCn_uJT#G-B{*Q2E5v1{OgB%`?cvw-OUX$T%&NQfJ$l&$o!|+d z5IzwJ|8~=1Enl7~d4RLDXayPq!8*2tO}tjuLq|-h6HQ89%MG`BqcS->N?yl`BJIZo zW~R?gVPB)Eg_!qegd~s18ZF`reMi;XNYUR$o)B^WIdP&TtkY|<4>(86jFK}~>b1Av zIAT4|ms|HYQ=pCXm5rpb@Jcs7{IR)!A2l;RHlF1|3eO%&p`Jcjl|~OKueQ-HvSIjf zh}S?Z8}!7kN{{rdDhT0JW+xkDU|02-ltpc5TeuVKibKj=c4S1pRAW**gK0I}V>8<% zfgpYhYO)s}^aSxb?+{+x5GKl2-2z-$B?0p#t6py4Bs36~Pzs7Q?Ct=Mma5i64zE>E zm#h>IMHoP~Sl#y?K-fSf=3j179}T}>pp#tR&oysi!E`UK5hkFbSgmb96}*D!XU@%b zKa5_@a6VHW_dK~2+WXGc!WxDc49RH307UsSAXx!3A*thywmZty3bPpPNZ_py_Etzs zeNX2^8bw&grOt;A>fwP*taA3rMZW@Hp)$>gfEQ#Kg`JLZz#}7BZo$qK=95CM2gxmV zeF-d$z40^H7OdJWAj>v=UC)cV4-K|+xsv{dsNml%F8jm&+Ud!K@Nl71s_YKw1084@A)|X@Eh!&vbmk*t17WOCP}zB@Bd^_QyLug@#mX^C;Nsu2AzQu zMRxj05sjvR(D;+R;~zVTv1A?oa*4__jnZF z$U1d?d4>#>nPOvAYCwfQyiHVqCCYDj+P?aTcEQ#ZZ+M$sS)9|@-rMY9AcZCAjGtzi z5&DJY?COWZNxJxo$Z9+JL85|PgH><)GCs|bFt2pMK~#ny@>zn>+L_d(EQivP7?K>UO2SVcm8$ z_uhR<_4-ahGti>%%avX>aHr>iMzn+xm(^H{QWo@$N!dGxh~rxZ`Nj z`$NsgC3k@=pG`u?GjdM(>a{-w0QTZESP{S3oKcvl{=#&xg0Np}mAkUtb39a&J*G;^ zw_DB$@_y_lINi@zh!gR0_4!d1G%9L8M%!pyN;y zhz`RL@wpIkZ`}vcHsB!31axoS`DJix&ez>cm3P&k?spN0d9z1S@Y-8kOXP%A>G#JK z7`M3k2M*+CLYTkm?oPHg*4Zt84l&8XT9Q=F*|ft@br$h-Cb%l4CJSH>YLo?=&PMe{ zBPbv;MyzO;Z|#yHOqBn8Bx5hvu8*^U-<7_j(2IMGe;0wRg4)$A;Di}wNCau%rI(Q6 z<90_=qO;(x=}Tq3_F8H;Yn+#(s5<1)pF{7JbA?+tUF>i4e<==i4)_2>Rk)g>$Dm>X zbH@GgR?CKcfch|cwa?yB%%X!Ls$IF{17i3YGmy$yI*QX|3h3vF&u&Rx*$;W2Uh+5bd;u;wm|Lr;B1oFH$UvhbLc=8<18n%e4{eEv}cii~1xigx5tHY_n z0_omr`Je_k=q=0p+));hEDbAr3Yk%w)fxBum4_pk_yOD#;rPnm=CO6Ijur>^qjkr5 z%<(Svrq%s=^PV(jFoPkGUI#0z(eCwR{C{H|fj}64NASnDBYY{9{+8)MT}IFm2@zcS z%9?r@9p9R2`TW9e_YVgkfwsR>j3G1joQpD}`CJ^p0ftlPO za+-7N-+!9%y<2yO>WvHfzPleLqh6vCJcN2mUU&6dTKUgo>(ezER7j?aX!CwUkv7}GWE7V=9JdF=T;&%+nmzx#KTlIq!4LcjZe%r>k)+h%V9C(7=;Yl9&5T8~~? zem;dDVzg<&ME7_ZVL+q^M(BDl2WU(Do*#cL0?fEniP2Mhtiz(#w8r`d$7RkQ#9UuN z>>o<03*C8F^s$o*hw@weYn3E-{btMh^Swp55gIWl00Gcr94S%7iF^lwT)lQr#t$HU ze7ox(r0fp>Bw0b0t0Sb~$BoS_K)h$sR*b_x8hrk``#v(AeYjR+|CP+>)H&%y$O8mPf)B@PP zG-;t%P#8A3jb6+Ws5>`#tOK(pZr)UT6F2H`2oKkGsb$k~;aVP!xxisFIa#Dglj{*9 zEQ53Zsv&D;BZsE95Rm#*kuEy@PY8vj$L6zG#K|IFumZ^k-f1LNq%_?3vcy}Xu>weg z&NLY6f#}$S+A|fWlS;&YQ~E@nU|KG2d5#7?>>V|TMyKne@l3t-xQ+&ROy8Q4Vv9rNtJrr+Glw$P78)Xg&gVe~k^#C2|QX7mVqX3JEJIS{c9GRvKI$;2c6Xelx4k8KhBTF;>&bVK{7)7PdJgzxK=x=9YYvri97%XzaAuV$N&NYs}qWcFEH z!kg>ks20hK1a}pYDH;MA;TSBft1?N9DZoW8k!8Yt$p*qxDTAjU!W;Ydz@_IO`4!xH@Q%xvv?r2~(dl1Y1Hv z`(H(A{wNKibq}|%N8KL~ovco4TyI#g+i-pLom#|Enl1Us&n=cT1O44y%hy{5+=1P$ zy{b?RslwI6zd1!s-ubeh=v73J6gjw2I^J9usvITo%jFpuzWO4^hCD5%lkd%&E-w=RHJhxa}Cx z8!D`nE4gI82arByS??@?wh;Qvy$yH7rVX$%X6YsDdO#MPkm8^N@F-I-wOFnu`xb{ZFwv^x$0#Tezh3*AM1`UT<@N0QD!Fn za@hbk;7hqxrZBL0l>w?vLjS>G?QJp9 zQ6ObL<+w=z!r+CJkSogw*!WLBzb`M2jOkqVdn^Z@A7OpE(GNrg^LfD|DkO_p12x$6 zLhZcvdvGY9J+OeMa)OzYviWI^Eteic3Ur#CN;ctH_!4C?nD6p%g6};q zju;r^d@7%KW|ryJ%34mBy~TYwq>k)4emNmasS6_oACBM z{<(LshAT6|{f)#yW*Bzr4Bw(^Ob54~+XJcWP#_7Wh{y|9tucPP{eaP1`=#)1%Wa*B z%X&u4a!mZMj6R&o<0fGHi?hx1!V+BWcbqNJ5J{egbKu2ghHrZp?(y{=`L@jfO7MzX z`R_KL4&uH3ICh2NOa+8)VU1C-zC(cbf0ng=q;P@JFdP#U;cVN(X-bQ|%m4H=%=+Ks zGwV^FHMxIVdqwFbihFFN{<2-7aWPuAVDP6(2QlHlkj41f+nDV7RS#?(IjvcWKep`+ttW5@@8g6c>~Jbq|JYz0YvmY2UyJCp zcx#4G5GC?n6F0oaazk0o&;`QNnv>4T?QAZ4Q-Cen>YvW8Ua1$W+v>LOlZio*D(g=^ zdBLRft!fL#s{I5%oUYD&H*O!`xobkut^vN%Lf{x6{=1aE{?3uiW6*3mOtUvJ0WH(-7-1c=VG>Sa)mPq} zp#)XS_Dxy;i6C(l!U+qc@1nG8qm%hgGKr+h6!xVzMHC> zUe8+RIaMHj-s*x>D`rt-xDMgaX|SIAn?Vn@UW6H@h1evm&e!jYCV2@JM_A#JVyP}p z`kz$lwnMH2+~*q#KgLP|0z9zKN{e0Zev)fnQXKi=ws_%4DQs|P9YRF(6rP*e?%5xm z*NeXJ*T=sF>8yIO7M2fA7AnoOke~WSQrP0XMcFre^t}i8B;#$&F|c(;dhRt&koaw( zP}XYe!$EPXCHFhUB+>Sn51rTezy@*7)i4Pyc+n<@t?AXKy_R;5*F*?~rGd59M6vIJ1QepylQ-a)+}cF3W@o zD_E#!?@xO^Q8MHkVn+qNw4kOnUId8HjnS|c4-K%g!T{_gf~E&WY_RAfJiOw8ZAQ)e zUJAfwQ~$M?`$uugm9}h^KMz!*>Y3FCL~L}SV%(vfB$6obth*cBV&o_UfMWx>A-G_3 z8g(U)#8TXUA8Hi?`+D7UF^En<#6avdaUCyNfR!-mq_|3nnL@r=Ljx;?jj(BpOxevt zr&rC_ZQXMHM9kL4e7*^6H}sxbu473CC0)GN zWET&c)^@2*0pa8hEFm&xM(=6ER`6Fi2a+>UNialoJt+bZ>VGK+6`OubKAVjVmPA4d zmstxKzxJ%=Q`P>0z$l50iUsbfu^;X4@yg|yiDoCJ3t{~nt9Jx|01|Vu-UDp(Y>p&o zuffru5LI|04{O+R+{ForR*BG~-s=j@RO-e90wRCV3(SwDk|8*#>R_p3=ZVS=&vL@> z1#{vN**Am%#QGegnW869HjF1Z^ z!0<#dys)F`KVEMp>6eIa02`M&Q6ebF$-h1i&odk=n2q9{JU$WTz=Av$ogw$FWU*b6 z>yXK>6S60^nFeXeeEPoaqblD>ka|uo*4FIfw4=mSVid<2H?=m6ElyVzgAXj9C}vFP zg$*=iE_@lz?Wh!Gj8|@ZF7`(@so*)%l})emvYEYer7M9jzFFNB*&FVbW>=AGq0ZZ= zizPy#&s0f0wzEq>miuHQ?yYskKQpeq%h;@{Ab82#R?SE8#mDG};cjJVO%Lh~}9!IC^izrtG{=m2sVu|QZ7xGs&~ z-8b)RLy>PqhchCbjv=zTM8j?E5>gm`QLzjZfxEH>zCbFE4K967iKn3W^UW@7>|FCJ zU}K??N+PeT2Pv9*P9u$;{0kM+dqP)qCYq{^rknFceQx)p(1L#PWPZ1JMlC3v5$35T z4UB|U)1=QdrX0EGWarB{UNv2s{YYi?BOz!Z)a^Oa$vy=%+7CA0#3U=_^{oLiC0%Iy4>HpT6_FaU3CK_y3@(vr?xp7 z=%7#wmO*x6rah@PsqjBqv3NQ7=kFs>wm!qT4PNJ3>u$CW0k&{z(0l9-dRlmnk5}W&@oQk#)cz0n4$S#VyA@xZ zPIm|VcLrYNaOu|N4HKZG02$f~vXu_6tBQ9T9Qv$Iz&=GnjGA|pd9nLKnFVqE zg9pymDpIe(xdhOFECH~#^)5wfDbFCb+PDHL)aqfPQ>T0*0EUw41N1;1c| zh|>}zAcp@^&cQ@>C(Ky;?}xGD(HC2P7i})fG%W>cf?UWGWXs{lKPt_f;h}lY3+tb_ z%Cq4`hyF9iiloXl*E+QbH^w5h42-1smLX{#?ReJ9b zdPjOW5_*#W(gGqyB7|N-o1J&QbH3xuyXNn#HEaA6SZW~8v!8q4`?{|}fFilOaI<0a zTS0xQl&jMIRmh0-x$ba8aY1IK5@53;VOI`Zr&g&Q=_srkZqE!Z?Yl$S=$}sk)uAMog6#`iVfYlNw=lgI=bx2$4_PR&IP=> zxN~9^wSvNtav#Lb>z-6#!x+lC8&6gzO4p@YQ6KY^JWsuO8u_o5MlvECgE?ImX#CjB zOfuTqtBvMT{sqB@%~JN5+|!b=;b(D7LupxYH+~rJn^=pH)~e4p4deQ8=Um)FNBehk zPGF2%T258Lnb``dj6&0*N0LF29Yp_RM()x(X7a!T{6#9Qx&wv$2id zJWMJ1I}YuVM1!@r-4VYuj$7PuGn_orE<%k0H#?*>kW0I2G|5LMV-wRYdbW~(dhWge zOf1vYc&_APM}hngWg1_JcaB%>kY+gE2z^v<&IvLV5wgqYuC%)vcXcE1 zCr(EaEp7i$?!#?ul=mPFM*01ZuelBxQtN_B2@i8x*-XHpyLanuVuR-+V-2K@)#}k)LUZwmP2a&&Y)Q2>LVdL z+8vkIy}O*Fmh++L3H2&sra+D){w8h0zgDRQ95eOh*I~LkT;4z!<9uzy?2MXsfmV<- zo^2L!da)hK_*2u);GO3-KuY#1=__p8jOt3}S0Tz1CERGLCw+yD3`910MptOs?|DSS z;KCk0NO)Y8@0l1Z>< zISNsItu5YA>7PAG-%9yHlWHp&XgrT+crTL|8Ueb&YTbFH@cdit;2RD^pR?hx6H@xr z8E!h4Jq&6X4HcB=pfo+bA#27^`nSTodew645++dtLZ(AQ+m5QclM;wT! zyfC|?#Vsr)ec*0oemhLFK&3CL?Ofx~DV5R6<7U*1Z`4nl?S|{R{-blQYe_RpTJ&UP6MHS6SiFl}LH$rRV z1$i{(c(e{5?Grxr-rNw_{yBPK?C8hBz-CReNhf^Dgl|`RYWp~*o96QNUxs$05LxWr zM+nrqW!M-%H+iqVhI^Ut=DcDFWFdn8U=_dose#0&Y&JdU2Vv@n-AF~OLC;M9tmNf? z7$UlsLu|ZzhwHR#h>Avp4|T9RyxejKIVpJ%3i*WcJxTjHuzbSr9k}|6WjucX zVXJ97;EXrGW`@=7Ufx6d9%V`W6?ZI|%|9HvMv8a)-FvlPH1tnuyS=R1#lSqovb;a0 zO>J(C!5U ztMh-fTNdDU6;sKxt2o6_dWKA;jQkt**)OZW?=q--XhN1Mu%T)+-& zska7&?a{hm7&1#ElW5xX!A^?CL6_-WNH@ns-)j23ktjlPqU+2h^vFD9YdzqB0zA&3 z-Zu83X1+)2pb7jN7%r+dbJ3;HTjsmx!ghzO>@ru%xk zg?gqE?B{)DX;H;*{M!(AQ}#av1nXo+?wmXfst@1thq)(>S)^jRP$3kA0_N>V#!KHG z_uQVT2@5<9Gvl#ciX8Sod?#-fKv+7EBF zQa=+KwS7)8CRi5=(B>LD-ghGfqjw3Geu$p?x;0ZZvzg84>WUBbrHXFJhwENc`0+^< zR}PvqILajAmt7Qat-2vD)F~z&3aAKRs?|2UaSAO;woZMZ`$|KQ)z_Szw|LLfD&L!p zDDFS1mL{?B$gsL++Kx0DK%V9h(-qSo_?p}|J_6Z6aq-^WEH^{F9?hk1YXb%&(=SO4 z&FBp0|4=E01*zeK4E$_(a(CKNjOBktgBAuP9k|qz$tGm^6zr$%~oaQtC zz0)OhE(9_Hn=floh6;-lQSASk(IH?v3wCO9#ccBXzZ)?MjY>N$!$$nddSsa?LyB)p zzL|2=&!bUp3~S?IOOui%q!xEeC8oK0Q>pW$%Vo>(Ig0?f3N~ArDx*AlVW3AHrF^`z z3?uBNsH1-LHnD$s9y}Pde9oVnH!Z)q5)E7Q`(r9p<{C8`-!60*?w?CJu(fy{9&oT) z;>Ov4xDT1efBy>XyoXh!g_lHt0;1MpQ!=AJMw&Mg%zdo;r`0lcsiXalmvzQ!^!P2w zhdJeTZc~ii>!K3Su=<{zx8YrLi$nW)8-l=0e1F2g;g{@emYB1YCe->}`1!ea^!%!{ zR&A-~p=|wO=oUTPRi|A0g?uDUQDC^=`Efy`oZp;SE!5TC=JDOdPQdItn$Tc+5O&9t^!4C`FqQWD((K)grXZ5HD#qi&SM8+-pP(9F%D&OBOB%VpLo|dQ`!d$!6 ztz2(!gtR!{kh%)lWnK&EI{^zHNvdZ^rc2&KD{No#c71$wNx+dLSYGTCo9bAoNG8Mu z?CoG;1Rkp~41ugJu&QaX_Hv}Z;oq!f)B+4klx6+L-;8-QGb?Dt14@mh$UXp9ssJ6_ zmC>>GreFPwmA-C39f+N4qDONDM$VVXzhc)fNhBt_JQ3#*N_J>-tRT1y@Vgz! z)tN2xBC|reQ)u4D^%{OzC>brJ{&L|~RNsOuAz3`^B#z?2%a;~$b05_SB|ZmMR` zLJ!f%i)R=YE$|$TvuDI5Z65)tr)I_#@>y7${EZnH&yx&B*j_BZ@ zHtQ3DX0~=dBASR}@87n;OJDG=Tosk=?yjn_pA%bcvzc|MZj99~Lyj;ZdbHyC z&DY0}bj~37>6Is{R|rWygEIo_a=(rvA@jEJyvNdwU$e*8lSFOm;Mz3Lj&3f!^77z* zQVIs`?t~FrG@!NADgR#V&gd!XA8wZDUaDUk4=uik(W~~;G1bEl;gcT3(*;Bn?7|gl z0go_Fy~gJ_-;?iE7G!HKkDEQVwM49z;Yjd=vSg+LNIs!Gb=wP^5#t#B=(zgh%hiTE zTx72Yq$La5^kQ6A;L49vIH;NF-gzD`t?}*5d@fq|K0MqtZ8bYrO_7papSm@#Z<0onc=$02THVvE zJ+?M-;FYeVYc)B80b9E$nvn2@sq=;EB|dcBmHyPq2qtp=w`;t1x-@6%-X3K4mE)X~ zhPrRio|Sc49~{g$%xGtYDkpIFfdjbp%vK%zhk*U4gN_^xCT|(R*pFtQxv7^$(Kk6Q zvHf=W68^l}vHR>)<Wck5I@uWk_MEWyZx z>(yh$YHgJBlqikh{06`xp@+H|U&~x!N~*B~O7CnnBj4`jw6y?4^{AMd4!Y@X0bZ`h zS0qf(lJ^W}N<6Qx9tK|enP74-QkRvcWdU<>ycMAE&O=?U%`_-F6(wohruZp8cEW>T zhR4vTb9TxGly`{Z21bY^5`W86U%;VED#O#@rO)QI>GKlVlY=3D(G_a=U2p8{lulM< z@-b{MkO?YItPJTD)4cSH%AM;wp;pURD?Mt$%cK;m#&mYV|S zGFNi@FfDAQ2KCO`n&3p};v)M{3&JR2m8m?%u)DtpeA&KIrCBVrHSm? zlRsV8DKa4fOc$r)Gk5A;soT9mEiOgoNS)P0(hN_Y5?$AIP*|de9u;7FF0mz1`BG5 z*a9!e`PGqX9Ue-r2VUv-#`m21h^x<#yq5KUbUlm{cJAmY~q#91AT zzDLISsww$o*GMi~6Kx!8LQ%v>TZ$?HNL>g%O;E&`l=$UDisiP8^H1e%o5gTq+EW-~ zRuZbPO#0Q&X9<^b=DfER08=B+tYCuc zpJ1*_K5xPuLVZ0jJcH#HkGrxKQN9J8Q|Ijxzfc&P`ephXwT^LQezYl>)|`QrMAG_M zqgOj!3slm^Lh)sn2nC$CT)#%DPd_>Um>BX5^uxV6Ci{EhsT&v<3d66>kEf>mGhGtO z=4Rs+wMx!@e-j$oT5)HQ?*SfvMk_3rv#dn?$xA#@c!_LhSihzHa6CeX8P<12-}01s zEQeCvihncqxNUU=U47(xDv~7e=Hra_*VV_oba;j=?Dp+uR&>zv)XNO)$#6;zLwNd9L&l zzD8zsiO+UTjk1RHhHZhj%?xo93~%E55E%Fh`gHgp-2RfF>&Gj5Qf4=taoRJkTAH6d^2L|lJ}*6SM;TGp9FRS^#`n{yInkM;OZn!zYcF5v zyNkO@0ETOWSAk~4-T2JfZjUS6XKr-mtDQ>?PoLh7#d&evSy!|yssKJ$t_w<(9HJa5 z%(eo4^Ah!!GNs8w&{LJ4BIx#8;LT{BW;d_}Edv%}E)I~tTG~-qA#FeF@lbcfoqUWK zul5k4qa9Gbc6pap$EQ7x`m!gAXbUi5lwhyd>xhvOp{Zea6|?7cZF7m>ih252tCpSMq_wR(E+Y0fosFTp-2=-*x}xdw>2XJwz~kxQhhABg5W7= z-o9*zJMO<5oo?P?v$`?$VE<@`V`l%>jE)wd9#~dxbW+Nn&XNA;y9(-wx(p00M1^4t zFtiz=(UE)HLkBIrqNm;5;Vmc947AZh%S7cLwrWLn={0G2R8kj;U)`-JG4)Mc6^$1Z zh+3at>gT;yowmj$*ZqZeF9y5{PH{w_&EiK_@#@Cn&r@H-B#!#M;}HV+mq^> zHJ6|4yK8qwbLvhw#@*xec0*j%B`lG#S(?g}AEW_evEc64fNU~)LRVqeeRy1g^K>Kp zvlMkc1CDJ@6sEU7blZ_^9H3g<%?Hz);IEPa-)A(M3GQ-mwKu1M?(kaQL9##*s2mJ+brH zB@1{lQUhC*9~$>PmH{H;eQ4jp!%Ou04rttcGx&9Uk6k|s*pEGh_6l89q{w`-fZ3?; zR|5Nc|Hr(3^R1Yyk7BNCt+dT<=a&i0_Y(PVY$ZXvWc9n<5WvfZ+Xfoz=c3Zi<$St$b?h!a07*ZJi&FU-oH$I)ls4=3Do(> zY8}i1hD((pA%>k{7`Q^h(@&S8bC5PaYWZfVO1y!GA+E0}I<`;eo;NweGWHrcP>zK* zOjmhUD|?U!j6d#NR(}E6IO$Ej|6zWW-0B&Pb6c!I@Rb{dVGJK1TfDL}_8rapFp$#r z7|`t4!H(*pN5)%Td3sNv8ML0YbWG3a;+nDR#gM&d;?@wwwsXiWw(}Cmx>wL};HpaU zX$suRzTWl~Eua1Ak^gFWrSDLZxM~O~ZGJp#7yBMDdW4sS0NqiMzkOzhidl;ImEp+= zWgo(3hoH)quGRKNN!MwChZ?z7VKlWKLBCoKjV<1c)f7oR9rv2qEiO-u`*zEEmnOiq znXH-7R&`*8Y=Cwk2gpNhPO^~eklRF`6%>vPp>S z-nY78p_E`cG93i4nrCTXpduApYctUUXi4Lztl^w9b#|XXW3&!q#x!dhSG^vDAA(;g z_y!$@)1-C4^FD#$Ll(Q~nsuo^e^EAI&*m!wt!ZVk*$0%h}wphZc}k zzl~l>;?VbQ{A!b!|0|cQeo2TMylFSE6U_y@UX2!g!6YC6cm6eY-xIr6bY9p6d`^Fk zWCe{Cs5<=Gk+ZZ6el6P(=%D!Bd3jH&3hbuw23`Ikr#Y(@YDxuO8z(Mhg*FN0Z>NRkS{rp!Xtqz9ek3Fx7>WwMd+uNZy zQ*fsbe*FzrdH1o(&Tzq0UZ{` zK48@NR$V^gNM*iMOFjHHH><1lWIQ-mJv(;qQ(S!Fpa^&}=8J&@_F&*wpvsfhcJ$;X zn@R~8lQ`Ix;ctIUzZm2>0@F3~k<0*yKiE4ReSpc4()Ta?4RBXre|KLYiq4A>e2S@# z^Og31E9+7Rf}l8P9{y>9-3-E5C5j3uf0UzhwGNYZ3f zda6$U#6ddhTpg;7GYeJ%U@Wx{3v)JaD2fu)@cTHE-!rSX+F4KJ-ctnKfd6qldg{T+ z+}r%&y)%(?^-+EAVu)QS-=m>*ZQ9qRx*J7T{2W@etLmD`z-PH77k)b~_`{vvlJ9NG z31vphxP1i&lPb`YmkohJ51heu|+eU>b!3=3tEby$_Jp7GR1`l-E=B?3cGjN-6Uc0VsPD>APlG}ADNfRKgdDwRP zNFC!6%#r<%<^7+o_Ob4##fxdR!yLfQ=lwYtOJ!bfw;a zti062JK}#nQ}$)88hfy1_yD({|4R?Seh-ugc^SL6s{2E03Ww|}zy#$%I?L**K#xm7 zBzk*dZQ!gm-K=%L{(m0LY<3ozPW+F&rcYcM>v6@%H%&khu=TZo6LL<-pWz6{9P;F2 zgR%F%$Ly{P^{_LQqV8G2#O)*$wR-8_ZNo{d*VaBOF}hWcHQ3^Gvj;d z&;Hm<{{Cj~`TOR+39R3d$s9gGZ_X6oavj`?zDr$@2G26Vz|PQ8I^B{c>IClcoTmY` zW*Z`2P(3PX=Biq|$pq0ah(h-Wr*J43i06QTUp-ut=k}~9Vl>n{B?K|F z!|=xw@b}xTCEflNSIUTZf8Tv<3QSO-Z~A%T?1XLzR}D3|qIuIT?oLTgdV=wCRWUw4Un*2=XtV#>%p5skrehwX!BMY)IVafAGzE zp>4bI1Yex-@!C_K?RS0$MB(K_lplCLo0Ndla2{~<9xKvh!vzj_aYCAW&l>mEk;>SE z4V>_OEcE6-KjdFu$VuaTL@$(VJ!v>XU`Q*~GwlW)4|G2S#f3wH|az@%1v&K|fAgiws#H75m zm`=~)IVbAZ8^ZSci}umK+zqknm0~fA4X(3Oo{HXE#%L`sleH}C{hnBsJp=J!m!Dp>1Fk0jK~EX8;`r%l_0uBLk%+|x%$Q#2%&gA0kF>q$$7^;GSmVQ` zTj8v}JLAfkq9OB1g-+_h`i%AxlbaJ}p{wY_j%97X0kUf~6bTd0%MODhf#MdvRpq4o z_f`DkHI_|YjWyrv!uuwx1r;hrvOc4yB{BW-IF>%6%jv4=o2JDEq_|rBv^4kG`TMiI zqMxcefwt$oz^%q{b%>r?!lPog#al0uMbaYaH-`s+WRIpB5{Mq|yXQLj~Cyr@mfx@+7 z!MUj~kl^~BLePDcRNWW+z@;15!aWl#v74#8$zv?x$_QdG*nwr6`W(1XNN+HoNXUB} za9N{NUogQ5Sb$KO-ad`_W8B$yzuR6?-54^CRj-4WEwTZ>(QuseS?jy)od5=y|eHe_yA}a0eKK!yWfBfE_~mhr<9p8-k@QPgFrR1et}?{dFqC9P)wnM>wCYx6>nA2Yvn`%$K6yh zS0%=qqQI3nJ8-n{`B~?6o;BH^#cF2TNGIMh>duM(sKWwHr@${V?sM;7AM~Fu|MNqg zh?FM_)n$_f-Y^5V?+i}eipRkb6s>^L)k+LOgi|Ur&Om{+XZa!UI9eB~N|p9Ao@?D3 zQ(m7Sowrd_i@~i1#vlF_wMLKsp!obiYfUCt{c!{1xo`f<} z1t^GcF5zIe$(LSVUmMMV)3|{(yU%o>k^j7?yU7(DFU5K{KU!%zYa3_8b=U-ga%NtN zTwVh0dMvJ81@x-DtiRX(AFr{vxElP9mHQxi13ZcQOr$b0GB~_L)OG!Hu5yA3&bqB= z%NgVf`~;ZvBlk^1%6K7Jg5O{kQv@Fqby*n?oyIY98s}=>d{U-FbLf;6zM1Mkv#>@& zW?I37SKrw0%=P#L(`Etoj`iKUj((sIbpAcX=eZOqjI#&Fvi$KI{rycW$A2DC=I@|h zE!U%bH3QJV!=(pQODMS~aKDB#Qf7mS1@D~jUl4@rJIvI*Ajsn}Y`6#b>Cj<>OD0&; zaOYaQZ%s~1A)ndRpWw14LcpN?S<3`q$65f|qBAJXz-FmwAX!iue9Z+!K-$PkP_*FP zSKpPmZ%pSwG*GQDgBIxsFtP;%xnXIf2q3e5#2L*2b1(2H#R4D=KG}XE<@Dp-^Aw>M zLbg+x`E!{vSKiZ$*LiV2K~4NhTy!O4l;R|~e&_A6&)=W!k5|)Ra1&U4Pmh47UU?y} z07N?jq^m#+ySD)8R1sXZWk8snK-_sx&7a?VypjR}besjbI}s-b8=5j}%z)Sk%Jy7f zkDI9tev)pf-s ze&F__1?`d#w#RRxNbL45)T_=PFI4Y3_VxeonPB0ze1QU3*gwzNA76}p9e4Pz9Y9#m zyZ`=n|9`~TAM&C9T^avhN=y6yQ1ILT%O3^z?41$0zr67M-nyX*vf!$o{+PK3pa^oX zTPP+ABmoDr7(nd9p%(wQKeu6WfDA5!j-;JX4i2ZhZ-ga*i@EfXIt^)`_e9|je`HaM{R62k{q@Mrk|p9zozQUX#dMW)PJA_dB-`nQ@zOpw0e?(U`HF6I9TNIK(|4;wwzo#9lYu#aC|JWBzN-gkM%>7qB zfC)#d-_3YrubFMU_ttoQ3Ji3OM*LH;lI|Y%Av&*Y=01R281DjmiI2xu?fWv`f(ynLr0690lT0qOE!Jbo1aBfC8( z%r@M9D{ZsG?HP*DR9YLme*|d4tHS%36Z`kq4pDr@m05T8QNs)z2nk9-I1EssBAGj_!WIRZC)**>34JukuDtn6^o* zvBf7Pj5FBEZ^tn?P5^_#mf=x9blbvTA@vomAuCj95YuOEFC1Sa7ZH;6oxtGz*qo4tsL~Y~uRNwCJtt&VEP}I6RS{OCw zJ1S@SEH>Rimo#}msyzNWC!?-PYia5ex7tB=VQ&k~{?ySd5P8zz>DjsaMMC}QvHdqe zPrn^%N)g$qi=R|_=Jj=kuc*IrVfpBy%_JgJ)fwy9%5O+z*RcWjA-t@U^=bEr)g;<* zatb*?`4O6v{DNs|)%_VZuYygRE-h(>Zy4J8mF)=Aa%L;ZlkiNT&{0WbBP@Z@+U#Fg zfn?kN`Q&>IG5Kr1o_$Ek%dxNTqxX$D=se7QBmBNP)6@Kvqn*G<}sa)i2_(_E0*&?D>7mpK3yP|H-S8T|dQE<8w=`8h;P#b%y z`;Ft_OxpMux)HnV>zzoU5l5EX6IKbbVFg!T=IlcDXK1Z<8Y7aE6Yix<)ahM_UJ8Tq z0qPcYWM-`!jU*>j31nWll{4e(nK#TtIdr%37Y&b$3ix;CS%D=> zbRARgYc-1DrC9-&nDfojxh16|F!bb~yLV#16NzMG2UiL4*1!K&FxBY|PwWayQ9Mfk z>c$IRhHiyrGa>viFPdR79<)k`ot%%>v?cIx&8A7Po|qWQZ*={g*m2g)`?i-+B9^Z$ zCxAEv{$wJ`01-K>a!d7G`KQ;{tN+{SWUmhL->Q?ZefX|qlCG^l#b?R+0Hv*x#l1ai zgQV2f-TT(yw3G`D-_AQf6=6NqmZ04n176p94USn-@4~{?jfVzvN)t$wP{!T=@ z>s#aW&cL}xTYw;;7|k$;iw|-J1Z)tcI9+KL`g1rzXJt5}fb2bXWuvXso_5twZVp@Q z74>d?!sER99)w#n;0Zf+GOYu1Hu%{I>2Sr0=-tUVJ6P6&Qt6hyr1_Ci+4bNI)3+cK zlzS?^JTAo1_#K$od0|Za=5$J{_k60gE8GsyY3m5HyT=1C(VFAE6MuYzkkKd;f|{8Iqs zaxKA0?MD^UqHpRw?ri|#9{&48GId3A3Sid2=Qii*BLlI zi%zE}lB$9ebu4gSEIbDOI%Y7dijzZ3KY;gh!O;K*YzazBpC6h1`d(dtB}Jc_#Ik9N)w~$ z$`tU+v~ibo_FDBznpQR+lZi6xxV{~bt%^gZu!&hNo3oUsuSrAY`e7>T9mggLFo+?)JY)oubp?3*RFSCF-5WqpPA}bufR2Bvl{}=-lQ&4 zDg>)89WQoFZ5|W9lfs#OsrP(_oS{C)}^4L;Me$W2fWQx8EQEVoON ziNsZz*NMI!KC48R9Htx8angstnj@*}El{;&0ee;;b%+7S#dWi>>J@-VJc0qE(fN`j z>jev+Lq=pd8!)YeW=Y|jy#HO;H_k^#Ss0|&JDr~_*qCU!*^i;c^bFl1`?(fxFho4r zd*RJ&W@$39`DTf>KdEu_eDu8SlUTaMV>ug=>p{!pZ3)>jWbrO8p&RqS8NKVb$G@5Z zc8RAaz$E!gp9qsR!iRci#5j zQvhd;HMu*8y7oC0VGD_nazYOCoY!tW_*_5lrEEQ3nDqop*E!1y2+>GXnY5qF zGdN_x`33GvmHH}P#` znbn(hv6A7o4byQvM}zHFsga~vo=Z|8-q;r%znfl6?s=Oof%6?M0O<`dviaWN6x0l6 zx6`B+gYhqhGNgHe2uVL9i*XAFu%&7L zG>XhBHLBzb?;uacJx?20dEq~ptmu=8KY%mvCmi@`Q{M6buvBAAfqzY=Opuna^*B2K z7v47mEC)M<53oXw-BO^rfIPNqf1e5rh5CViA;3yS;2#B77Qxj-p8mBFM!|w}nYQ1( zjZ6daiDmf|P$pd%$Z^9#(5x?#wQyL*Lm<8)HpsDlKoQ)AlP?1`3-I(XJ?aGTtCZKB ztk~-i*iagOXu?Eo06ewO+UQ035j6v^k)a-bIi)r-EXzBZ2jph;4%yG25{w<9eVv!r zq160dZwt%sIsG_tQcRZ!Ht+ka$oQmnp^wkIh7?ur>iI-){qEdB@sQ4AifG!UAD*wf zL8%}v=0HBKUKuosXUjp4ROS%>r0{&j8G3$7ue3;ZLL<;wM{GxF-L!hqxb(V^#xVtK zM=$j2u}`^;PZbEss3A6!r3oM&OtfAOFlu7}UZq@RzNwR$SrJP713)Xpha9vEx*!D; z^Am(F_0Kr8aRIlG&)?gIoqRE${8E^UwJ(@73tl9Y=vA!`?`&*kbvd6-RkELnUkm2) z`L;F-*F#g5nTWWUtk^b}hAc4(wjK-*Egf2PHWyp#@kzg)omZq(WoSMP%t6cs$7X*G z?>)LEEt=p-H|z&2d#ueXUY`4$pZ#lyrLIv!YQWOq0`~PcIuh@t{u0;vD$DCV?>o6A ze^1Son2iOZQ^u+Iv7wb4j-mvxMwLZ>J{gmijeeVN3xJH}fu%(bnd{?Av;ZlI6?a`{ zB_O`-*z{cb33r}yLR9?jZMGpsNiS9~g^j(-_o}cA==In6%k-*4*dD*{q`r)dF`21L zr0y!#Duvts`mR-?>-5klKLSJ+f8AIodIz5n9=F@4y9OR|KFB-$plZ`=z{hnn81@^0 zi$A+>AS|y(f|$k%xYMQo?8h6BPTzVyk(V3jyR#By$E_VAE5gRn?2oAXtvm#Ev)Tv5 zU$z--6=>87yA3OhhzYbkygPEqeJ!Q~hZFUL#paB+l0?P~R`7II+5%$nKGW^FMR)%s z{?~<&RxbTItsC9A*hXI-UfJ5Q61{4rF8Rn=i0&S_vQUP8{o;3VKD1Rw31^OGls1;SICXh5njP$N3IJ!c z89vY#q}JHYXhXfb_Zrl>4IUzi2wzDu{w8 zVkKGB=5Se+Hd_Lz>5|uOK2STk{4O2sRb zt>mqg%oI@jYSdDK&c41>H*tSVqt!Hl|(-PdgFhBSAPcclrAh0PKH?UZ2z)=Fx2YyoWxl zt&?alL3VmL0Pc+Tx6UJ1^mx3ei|?WCDA~7P^QFZ!s3Xn*hKyiAGta)Qz7OjYC41-& zgdaHej$pnQr}K-PI!q>3d66P^Wetjia!J@C&y!HQTdlHa=M9WAjq&fYOn(ep&55W4*uy5 z<{`O@TA9KuiCjOiK83XaVfg;E2icMBQN&S+_QV_N41yEifva@a7h3LOK&HCnx`zXZ zH?KRfBW4ba(oj&%quxv94gr&~H`!-tO3~0p$Trvo^DVln>KVlg+S4 z)dp@`KEK;4>`1u$E*=o>>MgHO_XJ$z|pqX^xO95x47Q_AaG;uhXB-lJyaP#*y+8V-vYuKzkuT4D_M#|%YHl#8^=+%s70M~iAhry zuMPtBMqwrfUEWp(0TK3T1_TupbW-M68PspE`$HmpKm_-`m`4U7z8`qkhrrMz?&1vN z2U6HRvZcR}}^ zx}F>C^e8B-^G?u&c~7!n3gDG$rP&%*y)D}4l~X0pwx4fKf=lS;Kc|Lz^4c}NeWWoX zO-8pB$*&cl^e*YqYpqDD5(L3i!YhO5TicVIY=>m@Qmhw}9{0YWdP>RO>&|ypn)W81 zr~7pZ+eY$A9<=-d8DcsnFeu|Xkw+wrphlX2-_Fr{0qb#HYb5sZiSMCuv8t4lD52~U zyU(zQy!S(2pW{rREH}w|MeyE^*asJBAMB6IgLKt6uXOVc-#oE1=8NLu)L%f6+rQ97!TRcA#biwc}i10=pAONis-xUe4r!s~zRZW!M4{@_a z7CM=EDvQe-)Z3@MMNi+)T&k{E;c7-T89w@s6v|0GW&TjZv2tcDfP$(p+31_AEzxvX zi^o#b9k{2wBr?~#B;hyGjt9KXg*VP&$7?x+I~`YRm&bcGcRXi?$K5f5@q;O~zv^PC zYL`?vX+d|Kz!FMUYzo3;9KWA0-u3K>>43cb$fx;We}2m=f!kPX33py%$wsLIC)zffA3EemaG;=yS!9uo zmyO(7I^5oz9yvYw(S%`jnD?>Pcd(jy{w`#u#(ufZP=U2cUeXkq*<&x3HCMja@Dij^ zXaIjPyS61S0(QRzZ@cN-O8sacn%*#st~_gZ%k^t3m-MYCT4J_!JL`5W(yT9=PACEL zzETuXx7+5py4z{3>`YWMkD&GVc%Ae~Za)<;(7okmk80(*Qo8{Hyqj|62a`26)7;Gq z>KMCD+Uw9M=V#{U&BxO_hjrs;Te2Gti|Dc4Vjf8$ENPM4bt-F2%O@Na*)HeN>w(-S z&L(eWOidy;w`dgylWWIY84;I6?zBtDg)Ut=TY> z6)o~s70w|1?8cZZi_WIudJ9%8Wcxu$l*7Q~@4_-x@#x1SbR#B&1Py1q_}|)Vcn5nj z;d-?7*fT0sR02wP_T#;c6L0J|0FY35OA~984$wm_7?rz5ckI<`uigvYYtYQAs$FjP z2ylG6{X-hm0J+{AyIYb_7cjm{S#NYluSlF%a2IUM)P6D$c2ELTM&zTt`u?{ z>g~T=wUHdOT*7cPpMzshp7S!qTAu*rr3_N-*}-YMoJK40SUmc2QbKxWfC-zOv=9hm zR7@3lFJLoa2)CM<0sPoT0nRFY;PavH7SYzfHT_UCPb1Q8%d>?ZjlJ1}%6)xUYlo^w zktP6kb)lVrn8Rfly^rcqtB~C^E0AVsWl*1pz5Bi0^uJL0ccO6CpsT()sOw+8oH$%n zoP@~;Z%R*u9!=OR=Vk6)Aw$CgfV5bBL{<9i_Be=q%p8`!kgx)YW7dhn*Y9u=SpyZv z$nWpfM%^udq@)I#xFBHdeCI9h%xtAL0#dD!F6SU<8y40DiXi=7FIxsa;A3&Gfh1_` zNMTjStjW`fO!U}LUHhtZnsTc`KeqZOwN z3D28=rrQP|mV7hD3M+I616C3mDIX6taKD2#=Ua-&Ty>j0DwFT5m^{0iaSVz*Hs&QT zWm5arjV5J~5Lv^)Gc2UtONofqmxik4OTB>96yyucS~79C5oU}SQvmpiGW@RxMncIY zy*ppgGTxN*_RSOHQ0?li*DzBhjAK~!1N3FnT8Hk^xuyBWiY-74Az1EDVY8ZV{sO;< zucNo0YlMz?W3-9I-1Z7-UROlfv`c;Qtj?DK38bVTswq`U;Ms;Z@cgIR111wgt1qVj zB?P%QctZU9Iw2X&U9GnHP?daaQ-0uScE%o=#yyJkYMv74Utt<1lq!3qYt*sH3erQ?xrE@?yP3CEc%YMLbUQeW41n`UD9CO~f^EUxr_ zPTJP@_zhMSRt+ImttL*|`daURkF;B`O_;YX$1MZVCuVX1NClag){_Z0$%rVLL5bB_ zU&0+>t7o3mn|i@t&q*RI;HE)@GQ#$=BcX&27vXmv(v5?l#R##;T!aESk=$J;lR*88sgPxL0kY#rtr4C;Uxv zbXWUiD?_w_DeY@vF5NHAd0u4TWIh%;)pZzjxMw;iX5XfH)Ia0BxA&!)FP};qA3eXXA*jVRSf~y2co#0S=8iwge{tnorvQuWbvr)mGS|VHvZ9IF`Ev)gzQv0| z?ynWs;mT5b&FeR#8w*`8@bA<6sJNDsiWN7qUKz&!n)Fum*~+}*+cp#Tx7D@w@e_m1 zcUbvr?7g z;*(CcflK1Mt(PlW4JIA_rzL%U#m``|`Ufm|l`Os(ym8T?z2p!cCku{AkumCTM;2vQ zG6PkeF;zX`+neD^Nk4xenEx$H*1J~a<%!juJLN&gqeW(jOfu;bbQK1lb9drc_MZ_3 z>1bn>Yx?IXCAQrIlzRPnqWgkMA;d6idO?8^#tJTiCh~>v*}e|2YW-k4-~3%~x$8G* z$>C3)PS?CaTD;o!kp<+xJiuIouZMi0S;UcuaNItR?H|CGmNybGdEjrdlf!ZRQ=}Ql zc6BYflmkNmX#@=vnfrP$`6Gu8_Zh|T7M&JKp5QeAj}rjxrG-svsvCVAco=pVuI#U0 zJhpI_*~brg7EIOb26XfHf$btTCM@9C1qX8haw(R(^amokJR~PM?#mNWieOR>{m^Jv zHcXK+$lj)=v~;pLY^dj!U>&ck&+r*j+MH`*1F5+k<<_R)K(D4FXEmK$1czI;`xd_~ z8iOYTS1VKLP}9QJ5MsR*r8k8;Vb+tB9MF$|z*uw^xCoek@M%|EuxP7z)n6kHKr+^2 z3-rd-U3nPLu(O!>9>-~ot<>Wo8&(F>IKI{{B`9H9(auS}T5V-|=qvk@SM@1qP&Pp! zH}1niNY+n;aa5^0JjSdTXjw^A(m-?;^MjBa=XCWKH~N8tgAS`Je4HC|17TR$_omfH z4A;!Uq2*=t83c^|rn8S6+DgkFJD>jLRKL^}W{z!G++6W9b+7%{3d0sEzcvupq7ufh zdg1>#fxr;?`nW1jqhi4T$1_YQ&VKnFv}ey^v$5pvx{wY(;&P8lpul%N8|c0Wah-0wI+vISVwk57R8IAvN_K$0 z4)?Gzp2(qfkwe#V@juIMpg7diud}jmN~NJ^sK2#Vg}x3ssIxk*#Cmu8zk!zMD$aYC zSN)#-B5OCJjOrTdVlg+C+q8*RTk zTYqWw5k0c@KcXi?=58M{=6^u#l^Hj|>zv--YGTk?6zTW*npQE(X4xNa1O!9*=XZEt zihV(O$d-D86^;xQE4w6sGwl-m1gwy%K?&*rgOU!v-Tf4hWa%Ou0sdu4e70cX@(A#me~spZuJdxe1yslp1c`Q`8q@y#fFm;oFdEnY z65)RMe{lDfVNtg2`Zu7YQX&!(Vt@jINaui{2vSP7NXO8f(ioJ0baxEhHH0+M49$Q@ zcMdQxyeDft|7Wdxt@p$K$=YKIF5b)?VF?*rAg1V`C=L4u+!JY z6$t*^eC*xW;m{8`zwqui2Z6EwLQ=Wst;_Zrd}b1n|}~Hb~d`MtujaM#~X$3{w|gGOm?~ZLAg1+ zQlGrL*JEJeXcR)v686}Q_sctK^4J{j?Wzf*i2?e7J>ruqg3)^%IvP!49IaQoqS9#> zZGngO8%O3&uO{k!zCX>@`^MQ&Wtb82*|6m3%SAU5ff^{UxxfI~Vg=_U01HULT$ z^j!ccX*3ZDC8yf#5?37W_l58pqI=Q(@h{iCTKBXB$ivAJk3BlLDD?(CGZ?VVZ{7iS z^k-l;R}QT-4O+st#KN-m{Q3CH?w*8e+kp{JC4r4b%AUIcu0d>4oqe5?-5-Ile93Zo z0!K{&A579UoR8PJ@|GU++X!*`3HKk&^0ZD{)+|xgMGwI~*+Wr{;2zK}Ds+a?KZ4G9 zGgm?KvfC6Viglgzgy^~|Yrl(B+aV&7ISE$fFV0MzWDY=$@@D#kgI&sGh;|68-CB@W zNW_}*hw%i}P3vvi@;^38B0*RQ@Yu6(0)wj5io}7wbRE26U6-3^J(AL4N<>e)Gzs9I z0hhO)@TAFt&3m4swv!Gb-;b7YT=^$WIUw;d(V7pM`iItDa*1)v@|x&NV4`I_UJXGg z-J1vSESksQpMv39njDmUTkJSjREbwAd~bd<=UpxeSJI4>sjBp}LAdEe^Xt9m%-3l^ zgeDJ*f-VJctee}+T^aeU=c8TimSowL35Grgi6J`gnyCaiu{8#c?}su)cqwbJPx!vX znLzCbz8dwtSqZZ6N8$-j=c&Q6ntrotUS_bv&N8e-#A-s6{17>4lzN&vdb;Uw(H3U=PGb8F%hr zp0g2l!;%N@C2;bi~uES zp79W)Z!-z)fbn3YE}!-6Q!p{A6de@*_azw#2`ncV^57w97FRq%;R_@0x612>;ns)Z6Cuy|wXb9(B_?>;5X#ax$ zkf`Ybmncu1msL2ShAky%^bi;Amr!MqZ(#tJOUhH|^ze)Nu3oIC%EF3#rjB^N=SO5k z@CcY5B%z1c>5r2lAg*f>v!jYckJiHXvmOuefN>#$zqiv02fZJtNihA&wZKVIqE6h{a zv$h~@uGApYjJ^_M-1Yk{v6du?L4TSf_f2pY>{a>J`N2k^j3`E)hFk3~rt;$i!K0#T z8Rt>1;&RFl<|6_)-KWG%WT$A_&~h);H*d^H(Jd^Bv+ez^{k>(dknCn@%h~~|o4GJ` z!xjLJ;gwHRveP)MroYXmaYDY(&NW94xlyew!s%4lhaK2g)AQCoQJ`KpxY=`t%OWS!LLqqZMi zXI3BsnTk+7lRF^dBW$chUGciVP6rYg5*56+y&6lx$=M%w#dkJV*SqfjNVrG4=ITer zxpHi%>`&{nLVhZo!lGUYWuwh&wx~!w#2eLzdnc>pU!<4exuFQO7*Z3D(hc&IhBGXj$aMiv@aqqJSryoKMItX+#CB;pEM16qlxwjI&%8tZq zBH)mNk;KU4$S3A-_-X>2&~=+1c=+W&CxxBY5^?1EhY-T7&50y%g%I#A?S}~Tn42W6 zmHAV+eQdU}(l~VfF+ie_@^Hu+qo-7c2eHchkmx2*Fg)2xNSgGbOQ5-JdwzwK9G65D z`o3wBw&(oUf>#-lcQ~GS zo%GYF%Jd141CySF(+G01E0gP<9u;Lb*+5t~R;a2}prM^A`P0k#%jFiy8(pHH9K7D| z#e$NgdrPxI=cKTcOQS9*^3`qBEFHZF_O`{zRYcjvnf0+;s0W4RRvxqs%C-quFn`2l^E*7xcy z+icL7-`SyR2<~{!1n{K72jkf!gGgdP$gONbr8%gt$)?3A)jU(Eu`izc8XDh>bl#rL zul_cyxvLr$^zx84>sxf1)7wC!snCIgEPK)~0~6IW=`ib1APZD;E}MKvnaB4P zK5=R6S#noUiH2(2wZ>|y$h)D{#rLxwuqQ#;EVUOWaa$Esf;wUpiiQ?CW+O6WV+zh6 zEpoDl+u%^f_wlxkc%hGDAA`7OZd>|sKg8Z0RxKM_($zm9r*^Y(_S{|~s=u{}UpPrj zb6mdn+y=Q_8n@eFXU+8;A?IG1x1`rAo$}-p6~}EX0Qzw_7|&zBV{*fVuK_vzeF-DJ z$ohGzVl@IZ_6p#O97zyPFblYM!58v^)%%tRNHk{6@-00A?Z~kg4mT*aBt1OOV(Lc} zfZORB+h5SjLz}!P8$$LIZPcIYJ8e%5xail(VCCoGya$KB^s@|e6|Vd0M`eC<^_tgjs7kaoa@o&MP^c;zs~boHgbY2ikuU>|GKm|z;^w; z@okCkKpfe(GssC02yW}SOns+5*pCv4cr-4jV3P@U!b8(g1t!H6DX*^ zsr8$!aY6bL@CR!>IXj=cCHLefZ8Q$R&+{yX-wwewCj;9exaNAb9 zhZth%Kn)Q5utcvTd)67cX%BkQs?VQSqECnNQbx%)q#jl69nHOw4jFT8Dh*mHxwg!# zgRcyz1ne~uuke`<$rm$hA2;-nWkw+~&Xq4bf ztGGvRUs$aTJ$3N>ORCtXoZ(tFwttR}8a$_W{pCu{IM{ypyUoL`oZ>$&D!&q*1cKaC(#0z2^HDzeB{CSj*3EE!J0>kDThTTs5IeEcOCrdj@gzXIex2j79XDFE%XH zPPbP;3w6VSd2$|2^cE*fd+#Ecl%X4_VlrOGJm9nYr`m|hHj%-q`L?^s)xX5sYXRd@Mf!xejx96_!p&P!OEdLoDPvj`CFT! z2%ifEE9;g;O9q+?`ay;IqxHX_i8k=LZd`fmomDj#2&CmeRqozXe<`(woKPjgA%E`^ z6?EjZN1tAQObWTkE9irtnJ~}@ehRoaTTMNu{`Xa6bPw8&SV?nQy7;0J!xfOP=pFeQ zQQ7^Vsh2sXj(DV}xSD2JC6;}pSmRVZTq^sMicdRfdnai{-j8b{3uXNQ%hq=?j?Q+{ zJ;b~H6fv*q-FG7Q_ohLUTQwG2s%k4F!0oe}@1PNE;d>N*-bx6?Q!rlGD|{uR61=+# z`eCe&yW4jyy_-B9R_rC98q7P&1O7DzZ#`6=T zGyO7h(njBR3a|DA01=tzeUaF3!bYnCkuWIk$A(Wj*lc8{O^a0$($E_1Ycc+~!{Z_J zD?Dt7PBOOdC`e>zb#9(+MMmU#Z$Xo#BsbyC7f%Eo{yH*zlfow$`ZV(eo)4QD@R&9g z@)r5zGg#_x*i+N@Gp1s7peM3D*cer;yU}ojn4BgGz3R0Xjf40!7lC|Gsjl1P&;Iiw z%V@I?-5n;-x#BTMdbco5ptV$%-VP6aDPj3KF?GXoSm=1$>`Ekz0$@_SWc>Cj9^;I- zwq)B^iS?%r=xo#K3bZ3-Rvt9N$p$)hzi&>I)QIkM*#{fuUx9!F;(`7>7n-&@bS0d| zd3WmC1nt82h8xq#&Cu@kC}dj(Fha6k_l2uQ67p1cpb7iD%I#j?rR$4d-we2Hf0GdaA%db)PFnyW9q!gLI| zq$cpDgVN+rmkTr?WMZa5xO7RsFyuUuhg}a};!q8yUAWEdJ^Ek9T$kaOR#0NC#PmPZ z1#-t6v2w{+#G4dL4lDhUAbPApcY{h|^V(Eu!E$Oha%#W;asKn`enD26J$Wa$BySeb zcnTGw9vFpE$P2WZ6aZnghxuG&s6z6PnrqV03)9jyb1JB%Bj zF9j6lGZNxxPSCYQBCq&;iq0feo#fNx+xJXTM6UaynoSll*HiT5yf7=Is@cKbzwTf^KR~wfA9-DS`5&)vVrQg&DZ!NY&e^L?TZ<|Vw z0W{QSn&nv+d~W3hbXKA{60Yt5>EoWdlqELrPc#3B728nI>&$qpMu`RoZj!S7H!-2UTk}v1$YM=u5k5|lwl6rCiJVn>LbLV5nF?et+f@V0Gq$R za2;Dy36HFi$#!9rdBqv3(5~I^>C55h8ei*^*3<%(Pt zXOT{}Y?e2pFYwC;8V!k26^nhcej4WX!f9Hi>U$tRk7t_=@g$W8QDIXKeHYVSgZ;QH zCFc423?uQ-+k3(?6)VpluNRicf-$qvpFv3BgEGn>nsiwoCZmucGYyQwoi(xFWI($G zu6O9oV$hjdy{)r5Th>lf*=b14!rCfAOyth0SjDks9wG9bUeY>S;X>1y1X zmEQ3c1>$xAEz=`mVK0H5;71qC0-$e1`S4BlocPBn@U2G+Ro5_}3>g+ZejS7ak*q9} z?73*>e5Wy9FVD6=>Lypso_m^Ra1k23J-DOWFz&U4(rdA42SiGHH_=)TRMhm{E*C`3O+|%Aq?gNVmJ)jYp3ia^x(gG)qCLHFJ`C?umDo^O~f^ z0k68hS4Vc#wO_DLH)}mz`5w9{`6vU!Onl^IYl#xRpod=hvhLLuVE@~$RQGLMI};hM zl*kW_23bXGUKq=owG2mX?;bugdh%<7b=xq&+^SM4tCi?I2lBNaK+Rnkm3eAc0gwp; zj7Yn35>=_ac3$t6`C7Zo^L=W_!b3SO&|*KnVRr3${=%gqd`(IqGJP}_+H!+qj^7f& ze!Rr#-QCFp0(a6oaph3|qBqp^GJkI2PN@KfcuImU4~Y(`MjtsUY@2}SmYK>uN%naN z2d*Y)WT!&xmmWW9v&u6G=(A_$2^;{4@?`W7vn8VhE{I(@&Eefc{P7ee3F7h8ewG*e zdSupbUf;P8`0f@1^kck=FPh-jt!weJ6e(=|@I(WhetyM6#An8B&@C)12#My<)%tCt z_yVF-N5 zZl3^;j7s2w)zmEKK4?P&u}IPo0TD|gY>62-;c<0=j_C<7j{~Mlm?ipmd%5x9y))-i z+juU+dW#p)4`1(j6SDke6m!ixDXcBB_Xqi|Q5d|frK_P6yUAQQdftQem1WcO^ zpM)VAz-He0-6S0Mrs)z<&b`RN;Wl%uwwzF?8r(saq!RT^8~A1Qp=;Zy2M!&@^U<((6wOIW^x6wvQg}9f6xFzH zA3CBW)fu`|O?L~$mnI=LZ&SzB$DW^)2T47(??>nVjd~T)QkK&lJFie5dAmC9LKnqk19YvQyOe^7DiHIMc4)%-aI4-3zS+ zpCDo3K4@sU95qA_#-{H%{2CX!&@oxIJe=7zjePm8(s0LVV;3+|%Y!E*CLd<=VV*-Z z`QapCi=(F9X;ALiUf_aJjaxlhS1woZzyR~Z-~FgA(0~=vFH4qGB4sMYowmC?wwxG0 z_wURemN42KZG@uwMV=4(ax`?l3`{f0mW@gBv7w!T@DQ~i%gugyy!Vi|N_^vqNp`D7B(N4=F}E7un2H>7)Z;e%?6TuTkS zB~g=|)M#?gl1|icquZ@~-G=HuWcGZu$Nb5Y=AXA3E;DjhskcrnCt2Woe{OBmPkm3V?_Qf~tBtGVNiuh-6wC-f(}$i8GY;n6|? zCPx19-f)&VcdVh9&%#%{Q{uISR!P>oA$$7;F@<9&|6T9%%JrA_zg+C!3ahp3%DAT1 zTF|&A?h>$ZXg0nT&Y3L62_!IF=}wVsGF5ClKV^Q5W+qs-r$>|$v#HdE6#Q*+{>?aD zUatBfOOED=KjMYaA-!~|*5Ng1ESV3Gk^@`Cm#`l_hTe8quk@J>iVyOSoEkg#SapG2 z+<$7Q?cb@ri6~Y@GaJS;Lad8)8r)TdoG`CojGahXAnPsK6#7}SC1^hh)`7bF!p`6S z_9klsw$;YT%wq)ly0?Mym+b}1`FnVj-#-7mB1E1{$NX=UqE_8jc-ep#dfWDFKX`Y% zYz8@9Mi&;|`JExtTNpaGqFmK1`4-bzc?f}O+rFJ~2AD;;6Cj2T>v=&sY`c`~(pzXu z~IslPvVF?L{!EUsvTQj5k9*k8xlXg5re&XSCGh#4~RA!0XdnD-X*}3d(_YFfT zb}9}W2s`#|1Vczr$E!-0XIR z+tqj@)VLHrvM6&EQL?+NQ`bqE3?a4#emSnm^`YYu36D!V=|cA#AsVy__D&xHPfGMM zgDwdM@6Rc2atWt?W8{co;J?pj^)xD1E)uj=`T)vPZb;f^Xv}att4FzLNt?@Kt?MY* zv}vp!&-$pDoA^M0BSx=L!|sq_xHUTVrHp;J07jjdko4S5Ueem65pnwHo7(M(v{W^$ z6n>YK{G%KeEzkXq*aO6jP2yfl^s^{=vc;`F8RzZ(+GA0kzsmU^o`BJJ7li?xY5jA{kD0pYlLHjer^oaW zq$>3b=IAlboWe05GtuTg`%~H^+OsKB=I@2AALnvAzfq}+(TKgmYZQLbD=7#fEZrc( zF0FzN*@eq<<%v0ROHD(H|{m(@eAti#NsOvTFIG#0z@ckxV zA&U>6^@s)#yh|U_2JZ~aa@jmqd&mnd6XaByA}MZ7n-&i6`-n; zaum8|e1-8E$#t=DJ6pc0yG;uj5FAC)~WM#%7vTVfDS&QM9 zOVp<3ot{URhd(fZ6YvTQ)dC_PK7v(Mcicee?25)@PPC%}C?33AS0%)|?J9l8-Bkmf zZ}6kL_#?@G9waO#%15l)6qR9hN7Bz=^IixrF|u;}^NWx|{3+lZmP%NPmRviBSGuHO zKVJ>eVv*6CeRk5E*uqeL;eA?|+VHAkETLe?s4fCG?UB zr1H-sOldcqjzFtjq9kd55DCI*0ic?efv|bxj`d5w+q|Nao>9-yEXAL&@-m!TPb2?B&by)K3ArcmR+np zuV5??+pn!7Chj6+ya`(@1v=t*ew*U4Vr6Ojm40&+Zbs+!*#2^4L!v&JR>e@W8r3O6 z71HE1j!WHHzvO!R7nauSr|Gf$>lZf+8iE^eG#J0U{Ui0IA8GvTGxmRex(DpD4CY!q z|8)WfOb+z*U1R$m0sPGmAP<)TIO}cG6jJx~DNrLMqJfh9`^k9ZXVVTb%o(rI{%e~0 zU+?fHWFJXd>KJ(N{U!hj~T-02aJzQ@oB+IO?GOTWEVPBSf}8FYn1FmDx7g`OLB zg;FRgDyW3K&G)H$9J^GD#?3q~X~=PC-o4PcG93mdaup*!ujd0o#hrDl_o|&89HM}Mbt)VSt1NJ5#)*;iAFmRZqcS$wcc|NfZ6F%4d~{_#e@ z54Nu+Y5(VQIuHK$FaKX3qw6#2pN|&YHpD-l!NOX=F#v+Ke?Dw|OL_nK3>H@H!b$fh zBshF!L%`~>4#E-ok2aoX{H*qx!@oIC8X%=nts3yVqKIX|t<9V8-{;ro zil@ZdyCOc4_voANGR;Z%k<9Gg;Q|JwN1`4_5!Sj5-QayZc1qy+kY{Vq6AOXsG`haO zR#pN}bF2>rqwVSCwXNPE0v4xO7XYd7xzc6_O_y>s4%VkaAe(<1&QOwwRp^{49r}`m zO0-1m$|_5f1b%T*G1pZEtd#MKDffD{8YhKPwAzX9pOgV6N6XHw0LW?-eNqF_a-R%v z8vjN5P{p&wNtv=JBt^vPTRbaq@sa1ysr`r|W(*s$TUe%0$?f|P`;2TpX=X!OGB~I} z7tAQN65x~ljeHpj7DN{McT}V!82|mD#jWmU8(6Bc>wciog^SlZ`&<64?qc8q)cGej z@SE8{r5ZD#zsq#>T<;;UqJIPQ%Q?qeRF`bZISNtiniahOjbhyDcXqJ$UTR_r4{KqH zUesL$EY`-5J3z5l1%`<8-bWYD-jD1`fm9}Ee3}e|;l&C4%o zeF>Ug_gY;AP+ukhwy4r4#=q3dVnV{NFnv4zre)6Cv<^Qc-omsS_*B}11Fcc@m%=r{ zvvr4Ym;p4Ebndq73>8iW?B53ii%UB?7)Gyk>GWc92ROxApQsNCx`Zu0{HjKqCixL6O|M~3zQN%ijuOxu|e z{`DtN_*OHD`hfcS3C&9*0zN4(0C1XWa4D%P>3dh=z1aKQvepaX3TC^{&JNE4^?XCr z%04_f!vr(_CiHc;Uzm2KF;buxPmnKU5-8lc-hL^;Cvs;)B7!g%yD7^hPFitY?`j@lq!1!@JJbrghLYE zb&_KCZcH`0RRHUZ=9_R@V^%A?9PEY~Qjxz!g}~a ztyZ_$D!#5nLJp>r&sU_+2yKrem-k0>e5K;2eCA)U=Y)Pl@!($eaKVKB%=r1IJCH{Aqf@nm$i%ygzIO|WN z_q7wX@GiT`HF@U~>c8!Cq;9q$(kqP*O&qjy2X2A<4mt;jK;SLPAAr>j{;Iaz^1CMX zIyJ1(2ZtxnnXPn&QLLkSCrkOjaw1B$1aDd;y=Kq4O7l4_M6o6tFo6FYNNxxTmVV`C zGbA3*vo0Omx_*uP0(V#Ai_;SMw>#;)a)7rhKMsWzEpJG>5l3y$)+rZEN? zXwt3N2GovBWX9_)F|5xaSuEJ}BCbQTHX~X2cgw>JES5Tn2cguX?d|PCKdJb-#^`5i zX1s2UEX6P=gLWJq|5mS*@9vnnwN<@ksUJ)6C=39*C*+CERvtQomA<^P>07lpk3$b49da7yN>Y#3rj(iGlFV=huBju04){6g#W(Oty0@l$dRLxnFGnc`C1N?n z^s36m4X7G#0~ur7=L*aaqt3WB@tbgZ?l&UJSrIglOZFT1O)PT_aE|MMFx0#cQe_si z3-|e5nv#<80VKCz^@*E{d(I%9e*hT)mV&d9hSK5FgCTW|2gSM#a&NWUr@=waM*rn4 zRF79GW5_)EMJFow)|}emFh_m`bNE*ATqatetdFcJrN7b;P0|DG$%2UGf#exF4^Ev% zGtx!r*jdg8Y`4y{44tW$BW02vpzyQ)T=-hR)x+Z*+Id?p z7j^tMd#9wyL=O#&u~U+`@{k*A<4=z)XwKb!Q6}??rfkOWI5r9urTooSpC{8r|Dxqemd?E}yb3PHc-IRK1d?yT^43o&cvR)S{9Q4KI0_i|A$CsR7uL{V^3lcK z1s33&rx)o+q2R5!LBy2kg%m9gt2=kk$X;da+}j4qv{;Kqw{%}c;V!}Lkj$j>2A zTT_Oe>(sl#m+1IyWoyclNyxUa4} zLa(fQya&>2_xh18Rjwj_lRhb17nfAHalNP|YT9zn=(664BOI42AGSvL3%Iad|F{BU zJj(W7B(!6EPl$eSX8-oT7q5`p!w;>tH<#ErS7gbpVv(cmw`U&O6nt#(%fA!9_|OmU za|z(D$V5Gf0^QCjFaO-}k}904>$|B85I-7E6elZQ5EMY}SURnP+g3bkh*9b4+|rj2 zUS)~Y1APW-(sh1on0+#{lZCRAO0ZLo>hN^6CCgN~DJj_oD*z+`TimPbn`PR=6X5(d zI{f+jL$i(>z@o*@O@RH4dOXo&vXJu+u;@&AUHS=+7pn4)H}W=Sw^DECw!S3Z1fJtx z3?Hs_UM94g<0YJ6O*<~hDR9)PoOS{+H&5cL8nLm+-=TioAlF?DtqYgdm1=&?CT z;8lMT?xLjC3Cuf|r3CR25uRs<*EW=FrSvvMy4~odxZLzDIzb0e`}=*MowOLfczqqE zD0l)eL~TVkM5ip)BA7->kTckAZNBtkj@lxzHBj%ioU8b0zR& zJ>xA?h6XS6&+iwG0mm5sCv~~G@i_oHHNCir;J7hOd;7v@vTG#U!Bn&CQ{CU*7;UZQ zqaSBUrB+iPDDbZKgBf-7LM2yAK+?lVjUwYzgK0PzeokMBnhs(lfk+ej>aQ)V56{Y#MQXaQ613y#4pSR5pVuJ9~opi7o&ZNh?-BKq74`utO7~R(T~4S z%y_j2TN{E~2(!;X3RK}<(fiDtGb_}%`cjrl3BUhbill5!CS&uJo>rCncv5r($Zj^D zu8hArsrDGO_UPWroC&uMzBY-MUaqYkz1R1q*=p2nw3Rs5hPrheEPu$c(p1LPm&~;} z+A=7hwwbP!(c7KZRY(ze#%no#;M3f-Irp0|M1pY8Sk$iV=K5Si>{RY@)yZYONELLg z7U{V}T%l94ch@z=}N3$mn@nBkI5QEY1rjKXit`p^Q)cV3i>hoUb}i56Mq)C%!g}9WHaLj&@HejQ zi-$A0Ta83HT2AB}hFQ9gMB+t*{qn+rMp}l4_V8{EU?|6ekkJRZMdm~1V^FPiG4r7` z3GCu~WbdJYOEmw!q{!+rUQeEP#>|YEEG~X*7&O^=(O!MN`LT445&wqT4-{z#p4K-eC6vN>1AvzULViLoR}hd;8Q03ODo1^^ZZt_>FU>XFz=6CVo`|e`?Pt0 zgC)fdqjqbX-UX}K1YM>ha#H}T2@l@+YYsjVU6&45E`BxUt_ns3+5kzizqc3hspDIs z@tS9&vR3wS>9H2E@ut1g(9mS8zNd9@9GCG1&)H@8)Cv)~emEni&sD`x5>GbMOPKri z26wkV{(olX0L6JP*s>b;A)w50)OU$3%&`;{PiO_qB6zGOU$hWvlDHoe!7|Rkn$dT< zkBl=<;C4yz+*|xek%6|D)u7;U8FEVo*#CUyIRHyItY`GTc#lUyXH@)oe`ePw?&B0G z#FO*t;xPP@6%w{@etZM~J_%=tvkBDLGM8Jgit@T@Y?L>%JFRZcb+wi1^2Sr>gS}AT z3@>|u?+5?{_Vnxf@a|@+V}?*?4g)%|l%EU>fj})$sXWNS=`1J~h?wIdn(?-&G-g_d z!o_}aHeZa)+6<+o=W7XjO;Hl_g^o_s7EN_e3cS!H zYKf^F$qkNN;m2x>mbrt10nYL3s7xC;jg7+XWInH;sqi(&3k%}RL)GpMm+;A7b3!K; zpEbOXbJt_0jsKeD(Dg1=uNkNu`?tY=H#?`R_#=~>Q#sFF=Y8P>i? z)rUFhZVF8}mCT5P9PaxYE-Zo92(_cjjFkiVDLl%kL7}mG zKMpUSR|yuAMNc`(BT(jc$gKQCyHEyCT5?V=mLr}h8DPHLKP9lL7CpFibtc`|RFd#c zoQ?RWd5aYib7|j~z)}Tv+&w9x4MzPD?`5OeDbqf!6(=`5)}5}zF7Uy@dKeVs3b3;V zJDXp4+z$S7q3Bug&0RGVgQiLsdkO)T*imrJPF65D&q>n?SvD6i4JbmN&dtq)z%SWv zo!VV3H3&KGMQ8?vDOHcG@(N`0{L%r-CRXd}b$|z;;AOjq(q5zPVkvd2^f!3&<(~@s z9t%DZ2ve%Ss|I=O@*t)=vM;Sl_NPeQk=G_vX8rDMP=v;UYrF3qC)`Tx#+oY~&jtVL zASBx}km%rK<`Sn-!F+tzW!|mp=2NQvR2#7w0kbuAHWSOY7galRzdeQ5j?4p(Yl_T= z*RL#FaU4d}m3VGnfsOr-Ni7ye&(m~GssSF?ywv!ktP00<2K?b8FGpJX7->Up-4poL zNn+#G{DVV{cJKP;_HTF$`gz*wT9sxr3l$~BQT+3s?Vb!e6(+~rs=DJ*xF(lEqu(vp zq$PjXJLH7-{X7z|pKN$P&za-NcfRyGB^(8$@k%P_^Vcn1GtSxMSFgjXTA=+4@{mgKtD z^J%vx{2X=ek=^2R`a!!_h5kGEM;>{HGR=z}b|OQDuNR=oHNFVw^w(ggMy)c>_&!?) zM;kWx+Y@XG>)v29PjXJ*V366l(yX>eVs5J)m<_WP`L7=I!-*yRk$n}~Pa}*)Re$W2 zVhu^;{5wE`3$JR|he>RUY;X~%?oL;YUYHeC7Ub#m*4k(HVj!~{#{RsMu<-{Cj@uRm z&UG6W6UERr+W`@gI|+=by2IjC7_0_^OZP*`QoL?{=g+{O%_}FOWhM1#Th!c>hL$=G--au@dpe4lujM!urZ3GR9KZ&W?~+HZNZm`oaW5^Y zDtyG&EVd9;hFCS>v!a1F_KrPJ`cx&PaJ z(&Rbn7F8R=NvO=xO#xBz0lN=6p|s-wfx5UN2(#7$5H<%$BLKmTSV4-bODfGrSu%*c2i~MsWVZ6C6m0(zE`Q~Z=7LnUTh7QXS?$y&dKN7K zv!PM)yCs?xD-<(uZnUnWLZ&+H^anbD*%!%dlM)Ms2XUR)Zca#+@5Tn zD_UBO^!6EfP_?7XtFi6*BT6s%<5{^e^IP51XR6J|4SG{x<^akaMNgM;3csV;zn(vA zT!)u@txF{66CLZpQ03^Cj0_1^9n4I4c#vp*qB!vMuNCFb>H`sm!GG^^*zTY-cmb(rySED&rJ-|ie_&F-YI+4iv%+6Os3-7Y3OkPlLq%Do4 z?ZakjjM3FljOy!eRGdtjTZ}(c0d%!vlp8Q@<9c+o;2x+6U1yk970C-su1q2y%&i32 z(Bld;f=L+pT6bk*3TrROr{go*YA|bHF}WW*nwcC_m*lUd6)Lw449o*bqHMu1lw-g^ z&oepO%?(vccM^IcrArDdGCMj6P0=t=xr|>0FlM(}5`Sb9P1$xPKlNe|2vZJ= z3W^TO=T(6*EdWbby!ZZ}4(=F(?9;p|pUVp-wf@|d6;$66gh2V9TFQLOl&0#N<# zNg3OT4p@Y+3!q?wN>MEGK(-Hyp37HW&1KlUp&sqDLJ+mim#N+`Bt8Wi2mL2Y0&cyO z$zA=3i%k*z3Q06=lJw9iu>G8L&zoYLVyI5CG?_rt*hsnZvFX$fx!{|mi!lA{%-cT z>3E%k>2Ijn`l=0#ws1z<*Kbifl3yU~qyU-^AWqoD8-Lb755`L2d#$ODjor^@hfCGF zX}-f_`IlmBER~8%jw{wx%A~onyS}e~l_O4ySR(rqjtf1{I;aqsjLgQ15AP0XL@V3M z`@#A16zD8?(XrRY-`X<6<^K3l#Vz!w27uGjMhd@6_*jKkL|<(^XMqUk$jnvEn%I8l z-&0Ql>McXmabXyY@&|?XOj3#nMG6|LYhPTEdIwSUtf%hWJ;51nK1e`z(FlhUgi69O(;vhd1N2r84mEsy5|fpI5~EqXygO z-^s%27~RUJlZ=?EwlQFIlYcAAsZFPGT_aeC_n2<%nDNNF@)`zz%|ZDY{LONebOx18YME&+Yp=pxMv zzh&CEVexu}aJ5qeWB$MHlz8guQ!#A%c|?|LAGRI70k_H@(Lw2S zOcqV!T~B0x5|QZ*09-kt_~yQXzbV+MbE(EAOHOSdp2LZz@;~7FPzL|)5tUc!C%1M6 zmIn)Ed0_#7tmJByfngP?R^Cv*>C~Yb_xx$SDCjs!|Ij}CDPVV}p~RAg+n5Jf)e@W4 zZn&HaUG`Jll^#-nXx9~3U5+Y3dahfB0$e^A9El)&C%~vUiD8lqlAW#Hmy4*7xO6{I zxbkKmqPf2=bOn0Ou)(ZRc|g=sXU?OUAGe|h>RrYRD0@+*y!rTKgq6)=&#+zM-8ktJ^`#Syw{K1fYty7$oazb(cYA3(Q%bqD^G6Vu46(-2l6sqgkY>&PA>>V6c> zlds$-%}5*r*hEtoX2W`S~->2sSSPvZCHT&|G>Xd1}%ILzlt_in*Zg+Jyrh2KW+(EYMimoxRElE|Ed z*8;)A6uYnQbNtKrn-gZDNDtbEJ>WRC9)79S;{jygKRa%fI!WBddbdnHzy{a zf?3XNrE6|Z_m5T$t@vo6&&|~>8hC`$O22nZ1+N(ui#46w-a_-49K~I)oslP;6;`^c z2iI7C$8CiCPfmRf!#CkCDW&~0u&X-d6S`9!R=Q&|-z2syg1mEv5PY zj4DcA%yDM~R>I6CuK*u0dVdMd$5MX5g;t!ZHLvJTgo`uF#XW^iS92pHCE1Gp*-LN( z)BL$gaiO!LKu_`!d278f@7TTE^nyY7>4?fFMBjC~v@U4NsDe(UW&QQ6WTF9XQV>LZ zxt95W)41eo>{A0AjcXadYz%8dV}Lgh`e*6RI5Xe9{8W*%^0EWzg@U>5n#d>io|eG* zuvdphN>o9!u15n=8Y!v-M1LN%0=1m^xy7u2+i{FKi0eG> zy+mW*c%hYF>{|ARnYuUzcHHc++{3O}9->yI17b~pSWu{ql>-Os!pzKUydZ{Iph)#8 z`goHQ>4{G6E0*vNTHyr{?}%h!mjv|SeNn=vHODmKl4H_g47@eh!J3ZdqtlY7GD(lW z-0e=)S4b9vwm}j?awgG)aQ=_#Z zCi_3N`fD6dSzxH!U-4=k6Nd|R)?^H5Pry*5A^!lT-bBzl*Wj{z6hFFhD1E2lAXjZ@ zAf7u{Q_WrVTiRNW36LN0V2i0!mO7!K6U9w{i2L>)yT(U9+g99SRbWxb0_dQZ27jd1 zuLiIxl1#7m(GHq*b5op-Y+phOS}Y{AWM+-uK?m^SnFf#o?WwTexM-TL1Nn?{!_L zL?{zrvkBIHn`M?GmM=BXBnm-@e6E~tlza);M1wSmFlnX&blQAx4P+fET6?{y5|;|2 zUE>%acu4YKyYNJ5!~0H53f`UL8+Yk;{@dNS1MbFTPM1H|Hzf|qoX1v4hQS92|4PIC z8r)s%z_ctz6hyYB`4K2eRbN6kvXxyV?G4km@V+bf`2qXB(z3#mgEO%J3z$-Ruz-&O zFVwF38mA@97c!H!;3XV%cCrpqw!KU%f`|pFiyE^HD|+vk>PX0~>%!f148T_Bn@st+9lr zT#@s4bq?NWRG!u0pAhEj8DPUjW-TC4IrJ#qAnhf-aU!2BPnwbFjvPLsZ~r(?y@2<2 zwe=d8Ah74`R&hl>1ykXl5~a9t><70t&anzr;K#?1=_lxcvN#K!{DxEbFYk4+q~792 zi9gOCE#N~_#~FD#r&J78`9Wg`q2LjWL5&uUL-2*5XK^)=uXp|+&4@8hA=iY!$8Qxo zVtDi3l^Xpu9xEmdYChoY=Q{hbTmqHY;F)N@++zrh0Q;-J$L3im`6>q@K2Kc)4X~Ve zBjvYEAvC;+0i8T(AY9Qi2d(OgNo!6z5H029>pdkzt1IJQaieodWwtIc8?T#oo}~d> zESg0+ChUnVuCqDh;C7q*VvsA1pST0(DE331uUV)&LLez3JKXiL@mo!D(T|@1y=(cQ zE^O)CY3Q}ftXi1{yOR$<^GYEYK7bQOp3sm}csQ=amLhkIz$+I7Jv?^`2%bC4?3XLj z$Vj~pFgH6`dqmFd6q_YvuP(BLt&tE6UmWZv8>g@I`jJKa=aJ_CZZc}b8c6{~*16}I zyLP2_fc1E-A`*C0h@TyUqI36xQ8qH$uynGeMN;gQ=YCz9Tvet0;x?aP@If1E2OukwPAT#K@K4CG6AJx}lh3J5txiDGBjhgti55vBA=qCQ)z9%`poBS zP{pa@`pToYKw6Mt?4=DB$H2g7NbMu^o)DH=*cFhAlfa%|*LZu5#P60K2oHV(9B6~^ z$c2)#v!M;Ak^Ja|sH_`zAHO?=8&)Ybp6%YOxs&6Yqmg;OQP$scY~XRAPWII`N2Rg; z4fZLWA-#!-C)a~DfKu2vN1GFLFOjlHGp?2917Lp% zw>bh91O-O`D78RFaTpOLiS?i56|cmCinj~AfX|9j(z|7=DD?|N$vE`}SD3XY`@ms! z`KehupFQyRwK)Ia1R@7>u?nkeoi{5iM;vP!*1Rm2T&DwDqHJ}EKu0tAr7x&2jC;C| z=W%ZL(^CJ@QY2r@v-c8j^`W5rxl|bUWBwEX8WUkD(R7lpo$@h7%`Ec%Ch=<}Qj->Q z`G@9BxPdDqfA5^35@FK-O2#ZvPi+h;t2aTEbQeM)dKk@V_%rElz5Sqs)35NrYQIUC zSV+25NCMi?vtYm|a8FF%0#8@@^Wb`S1e3_5+#kj-ORFV6aB0sM4r}mG-C2eltdV;a zd8paHI^Y+J^nj3Sc9O}b<}fUoni_qlQnS0{M`XaH7^~0~eUM*J@TtBxkuM&+$D}{& z;D7QI&&iiCC$}Q%w1~rbdcF)SwHhvXVpqSD^{`M9<2nS0f)nGhXC6Pylr2=6QWR48 zdi|qxt1QSkehLs7xNJ@+f|0PXZyq3(tbWaWYB)bdm3}yJw3y0C+eeS~J1Zvg@F9Nu zT(vD~xc6u~`>0O02*;@7;*2TytRLwMxy6z)1j;8O;ftBE>drHuUyy#!MT*afF`!sfa5Dxoj1?;{GXRwpa@lzIJ9B~Ryz|)_a4D?06Tmh<{hzb&5F8`fp9VA=9bmuH z10kXlWpB>>lsuH#eXMDQ%quCBs4Yomcm=<4kJb2>PvNTLkR_6}TBY(@&LnVc!jV`w ze%5xXny$?3f)3{!2GF9!e3N>tYm+^EF>k@MOw-QEaoG+GTdR)^Rq(>b2Y5!l_9eM5EL(Gk>|w8EYqY^E`!a99zkK{3;A{q+S0 zjMu5dfLQ5d&;fM5TXlp(AfLc1hsC1Uxnm%#$JGHOSZmjrDt-j!ny~mvAEJHK=}45P zvzC6gew|AcE%bP>d~-$dJxc2brfI@u{fbs)TAJqFA#AEa{L9gj6gAR_^1R)!DCR`0 z8&K~lnAlEd<95naB#jl7`2gS=mz1vGw#Jdw&x&xAca2a7_;78+?kl8lwIx;Gi{7?n zqx!d@UB}X4$4PA&?hN~A-aR>~>v^$*uz-&vqbu*) z-TU}&%+{lNmGOUY!XLHd@)?Ts>t2JZnFV)XfH&d4z9fSGB6v%}4LU4Acm^&QEmuD~ zv=!`Wp#R2L-&Xw#6aE|k?A9NHjWauVs{+_3Wa8gx&$O5S1>%0x`hyebfJwtp-bnsX z8btVQZ>@A#N+hG~9k1*E`rqTdF#n6>esr(K`J|Le&|8aDBaiXN>#zvD8prX!uLd5T zME7PyTjPJi+u#Qkzxl6U^Y5RDhxh*z4*h?F{!Y6IicBUazvQ8$x_%c#h$%5_|?_*Z?^WY?*!jKTDipy zi6YeD^g>_VQMfz1Md@m5lNIlv&KW+l_4jt@uWv{r12a!vW||l^Su&aVrz!M8ytW!E z)h^ekX502g%GzM-+6$!rL+r5KgM$?^#f!#|QhMc2$U3^Oiu}*t-Q9HS(B|p9-nx*h zZmIDX97_qxQG%VFof1r-lKWSNf>3H<=5G{y;YGi{m4O@WKfea$%dhKVj>Sra3^B;T zfO7}6yK9X;7meOL&N8eTiF@y@W~C`&U8lruV2r%HBi6u35!ZA$ z8L~+kHo5jrk&u8$n3xn%uj8;;ZLl~n9?2US0wPC{2N^oe@9awv1cSl8J~;p4E$)y$ z{hvwC>rexdIXMZ8s9Zh&5$9r zIIv`sji3*(1_EbqZ|@Dd|GZEDkW~Xb7In3p%lWWFre4)+yb*dsnvx~8i z=YGz{M1{PiS`l5qjr*~xneyErwR8zgbq{YBPJ`Jl;D_0$h09@%Cfzc*kxV!rYc8YT z&S22?sV7;ueIEm=EpG3sLj9hF*F=;ZKvSjA1W5Zhs8E3r^X!CX(8$)Me^FdPnkGC2&q=Pq zqXw+rG2-10*g@b%$-B6MKsiMOiIw6qpR3yid5%Nn7TjJPAC;)YIY5#7X#?0};ksNV z`PjQh0$aHE)}Hrlqg^KmkTV8vf5&$hmvHkDkiPV4C|jA6@DEG)>u;3u0CHAP(UBYr zJsJu>?1)J1T363M%WfYBmLr+UXoE;`pGzKYb1%Noil37$Z13(yUfo;i4hXrwSk!bL zDN^GkKkm5HgX)HHa)M!1>?QmeQadZ1_OH||pws8=7sR;{c^-Mb#ZB;tjtW~t?)O8N zWhp$Nd*4!2t87I*$}~CaiYo5GdmTXS&E?$jZVy1&tdUQgm}^}20JdHFibGF;6IXEn z&J#q%IP^S|!(TRp?$iJ@QrdB)�lW)C06yaHLaJE4S1QL61NF+I+wotl01>UVl}C z*I`H2H_8I+g;d$aRlMfj-rm#32#v02c9yF*$xAW6iAf-|oe-D&`k6L7YpOL@1K~b_}n{Gay8%ygxpu8@@1`DP+w**9{od7aY{%PtwB)^ zh;CRtX6uE=+7e7rJP3SV-5=dfyF2>DU|@=x2rc}b=6gdTA8_W8%Hq^?xJeaYO2#1A zRj+!p-r3dXMwtKxay1f(Q-6}<;Hs8C%;=Cf#*nUEa1 zU%_*Su9~5uSVFtg18&0mG3rL%b2?2MGmU7rD%xXx!Y82z$vT*|Hpl%E8f^O6&F8m6 zsV2*pX{X_v`m`9W$vQEmyZ!oi+T8fDAMlfv!SxrU+FbJ(``4@YLslbqz3~RU-IEmd zPfw|%1*h;w=Y=bu?RxCXczajuhR<$ZoNq^7U~OHLYlzN-P|QOcGYykh0=r{4(X<;Q z>j*G5k3FD7cBe@ODTte)kVUWq6tdH5+R(>xK$Bl-tZ${}sYzi(kv%4z0rk1e;%Pxb5Og)a71$o z@o>HJ>*Gp%gm*Voau)$FIwy;6ltm{{$1t21%P? z?>|vW7P0Vc(~%X#jW-R&|0zreJU}ghEwQU%1OW)+9%0i|cpzXA$>=(}o%tS}HWW@riv#vtbFSY$7=zo_i1Qww*mCZj%G?;>$rJ|Gmy1 z&)X{M#2oh;XPvE(A-9-shgT9x6RS=JSH{Qr9umDWeC{#(&(7zwK0T{F_0oH*O!Zva z)8j5l3|~PQuRZl3kA1OcuO&FygL~qh>vzRIVb7F{-A02DXELit-_n+7J>JX z4%Ac=k^w0k3~)Re9azz^`j}G6)A$;kCS==t(9RcThv~pa)ulnj%g^y|-?Cwt z&?xUU2a`9&z(b-|stGZpuD?GvFR52^LO}9x5Vq5JXro0d{d%4kuF>E<&LtcBG@g*^ zKC9mG7Y-2ImUX#2Fo}1g;17$;Be3DVjn3Buf&k$x!&fqvikk7ICdL2^2g>b-2rw0W z*##?l^yLmqWsoP|KW}Sr-!1}Ooa6fNlkrjyFuQpx4J0bYB;=k?L`0d?*N3w%S8H4b zgZ3#%yFb$9VSZ11S)48>C#Mr-+`>PUq916n6z(TT$vw#Sr2w8!DuaAKY}(7|>I|JF zFxNh0tv3FvRe5FDeKZ|Gj!A7msqn_%?T>vlb$JxXkTw_c$@8f7$7rN~n-l_bd`7U* zj|Ts+&i#ktoq*p-UB&r2tOOQcD{He+TgE4s=5_3)RN2 ze66yZWCjTNv$RE^q?wQusS|McBh#x>u{gYjaNKUbv?oSU$^nuhMPH3EDn-5uzRU4} z)t6S#b9jq#AXDC;)CS}FM5jCsAVI(P5!+SQ#zEYIRh|dIvO7+){Bdlh%SQ2CZ9HoN zo6}EbM~@l3g@|<68Xyk)+D_sHptzqniU`a+&}eO6 z?=f;h?F%sWPcDQ!*2(n5X-~cbhh{^i3>nv%ru@~vp{1U%nkZGxoJ7K){dfmqx zykKi9_Fy0j4BS3VHF%9~G2G#|6>-WRDVJmbxV$PD*l0JHRy;MV)RT*41umnRWvLJ$ zoX9Pw(eoe=_@g&F8uxPq+_)Ecaqog9vC0|{3V8|5du0Ovyv=H);MV|!irtp*D%U9h z-Iu1u%Z7^IFkEyY!Hgji%#`Czu;`|X;3D(_`}|CU7njqrf?%;v(?9C@7uF7&g<&G4 z=cKJyQodEvVY6*mYrlglW9U5f_m!#o$(ePls!$7g#WZPLwLNCg<}4T!sGdZJYu*H) zYgr&ir1?rDFAw%SUIW{tXv&-7iCZ8F<(Ft|HfjXAigzZ z<$j*iC7tLq z`tt}nn#X)V1ze%`1_XHhWffK$@|j)g8`5B^@T8WO%~pInMwmp3=JmdIRkM=>cW>h# zQ^@GOFZbKg7*{oLHYRm{D4x zk%Js4pE;@{LV(VY)C6din7`{)0--^JkN`*zgn@-*ccqQ4$x(`^tKsvaWG5N|3ZDYG=`HUyCJ30c$`DM2B zYBFAYy6id|KIq|v+N@Ii?g5fyxqv;v`6YX^QyO3`$UDCW4u)|^>bGk-lpv)-9D5cr zT&OS2XRSs1?qP4-P82}c2gJ=c!$G192z3AIyf&c@1Q2xM=f{3e|MnG{y)q5dDt2A> z>~eRo4xKyWFC8eW+ou`@uo()|>oz2p@S4jI=uiAxCkauum;7mM-cD4Of0H5yr5)x~ z(7)=Exs&H6BQ9$^JHEK-0cV*zv*%$>`Q(qs=LeQ2jeA2bgEoV?17`(FUw@mo>{e?A z+#SmIzTsfS-K+D0Q|93E8rbyQRzD0=z;^G&tL(kL>x5gQa zeur|8lwF$hI6CPd9r9^@ff+2Dgl-i&pKX4vfyXkGsP)Ioh>-mzMGK2@nW2fs-yamE zaF?8o^M$y3ww8bv<8$9Hj23AMPq7O+tw`kiI{WRdKQ$qYpHUpLWUqQpPRi{bxdyNQ z+b?yS^raO!`*|%mxkqwoPo{PBwPD&@G?BO73a_Zg3(xbXQ-wcsU7-6FlxdR^Cts={!b&CHZ-)hRnFLBDWj zCxVKBq;n^q}#|7eO_s!GTp?S9|&d z!J>G}UZmZqJ&Yy-MmhR?GR(CPW%6g#=nO-GdG~Ru&TACdAJpzgF5cj(_DD+k3qJ)=21U2$xpeRQi2;e*}Rq4-Jq@0K8v-qVwf1(KzhEEoKO#Gm-5U0o(2z0ikrNA+8O zUz#We^9Ju(>iF9A+UZeVBAqb(MQS>5`+!mn{$kT8Pb~yugu0O#-h~mnY6{Ebz9jOY^Rt2WIY5>Q`|sF^wqE+2<9xentVM`X~7QGaV$7^#(Nux zyVIqdKv>?F`kmj2s%amjyv*@lxIZjCPEXo~K6-1=Wqd@KkS$I15b?Mn*I(2mq-vUf z1JpZ=pd9i}2ZMy%>N*UhHCMYV%SGW>2{fVi(-&f3u!Emg8(QEc7(7kzd3-F3lyVyS zon>Z%gg)XLhaq}E?%E+llEXlRGa&eG)Qy;YS)c(}>ep`SD80BhA^961tnDxZ?6s~W zA5FO(Rg;aze$#ej@2*nOR;d$41DNWlTOlJZkhU?E$+c1;=u}e0d^bC-Djl%6u{bI@ zT)EHLQQ1qGD)3Vv-JB9pd2c*D50ZZta3hg#bG6*Yir2;FD3QOQEJ(sw&~>r6{=n00 zZM(@7dF~Ryc%(r3Zn_6+6f3y1)I1}4$hOVXzt?z`?nmNJUo3yd>KMZxKKrof2X3!8 zrgtOOChM8z3A~n)eKb!B6RNzqmz{Pzj#Z$idv+%#eG(_GUHw^!hZye@ueNKQ zu?*`)$7E5-f)LentXJdl>G2pO#qd67lGDR2{U*;$y}d?D@nEe`*X8RYQh_;^v&5T1 zP0O=|6^W;lBJm=7$~!WvbhAF(NPksQL08*Jdi>LR4i;sqD9&~tPN#EyI-b(BV`l3bb{2ft480~4 z!*q9M^o{X5|JtX#SiC`1o-)Orj8zy2HVcUhMiPThLxa4GIg&=5OWf&5HTUb`15#3u zE5Pj2bN&`banO1T2uxgo$AC(w9H>N1&-Tjz!XXRN4w?6sIm3a3+0b#RkKNYR7Wj93 z+|E#k3rEYn7rzm2dNrym_=nyWzaKocbP-q2S{sd zEm7iF*hjN6w^60HYr24wRF#9}zuU5#EtMtSnzY)IzGh=Ju}m+oR)PL*EKZr!th$tUoFCO)B&$Zp=40s}!l@LMd~Zgak9*9?5hRoyC3ureF6fFmo1QlqIia zB6m-DH&b?QHrEbm7$G-H9b;pLPG}z-YznfKtFa61`qNUiAx8Iuyxk04!?70G8WWIQ z+F8}h)xodGEwkS0kYPipT(jr!@}vMN1U!-Un@R#*{^`o|B7n)9`eFKDzZM?eBj(-x z>)3WebX~+A>J$mr%>;Zem(RI(U6@sSC^hiV^z7W8Z^5-;r4|V0Jt55^khxq6I7eB} z!wriR;Nn))lO%|!?~4~h%1we8t#CHY!VVC}oS~d5HdN@QLQ?_W>cuj;L4^ZMj)*0u%1F2vC(Vh~7<+X|PO=00{~z;O8-e z`DQI>9r#TjURg$=aBd*n-6}yhEp@1wm6FV3Pk?PFetl5ma&{_|YY$FLCGaTKd-qHI z;e=HdsGXvdM7@wAD_x+7GudAqJVy*P`S@s;o4?6n6Gm+Vfj<`_6P>>>us^g3_PepqjeZ~7>7IH*e5kAZ^4Erd4DGW~eC~iX zLP$yfb#1}EhrVm=Ef?+DJHy+x22`jKj|A#pR`E~}IgRrP-a7@8he=5S5F9SGHd>VG zeX;~whLCzq9qq*A;nN*L zwI@19{OzGsv7A99ybHtc4|q>?k~x+{urr!P9lu?yG7dtBGStgX9l;I6{Z*;1&u@X3 zb=#X(sMzpY6DIbdPv(b{3^XcPQC&UxS`er~_z=%l;rzV|#1~ekG{RxJejg{4gNPJX z^z-M4A0Af@7wPof%HGS|%TDWUzT7|AC|cK3kJ?{DHPP^@78-asrrxEf4RwajtYJNK z+A|SVwg)#b5i&6p6&YHcL(8~;6O+B)F3JUn&*@gOlX}Kq@(!t~i1f_5BHOOO(RBhT zD89os7Rj@!2HVYZmXQ1BOeA_#Ue3A$d}nfqT2n2^H`}U}KCznQ6mhrLjkMxOA1!Ih z5!b@W`m*Ltj^gi!{C%5pRpTY8B>bCm?RHJ2LEBC%eKsd%=cz+wZz=cc8((LmMjyUi zn)mxi4wWnu(Hn%cL`wN|$G>G+>V@JnNf%BXa?`EU+X)rBg@HpyD_MMOxRPGLNGE3Fs6Dk71;pIV4p+oivRQtV$CKtLj*g7Y_-T3XDm`SlA zGxL)NuE&tGsN=)Bf=S80VVJ}PLVOZ_Dwis!Gl*9&LRm*ZBf zbMfx8MA)#NPSHPON9jR;Ws?Cq-%Om94KVDGjbV*Z%Tf914C;xJpgW-bt^z?;Jy$dV zKxmZ$78x~9^=s7{&rhvtAd@a_TVQw70h&04+d7hrpCq|n4(z);q?>X_!`Zo z*;k)>t%|o5WkPU)+g<>FofvTG;^$o60aia;zs?mF_6t-}{{%FNB%W z068K%4Gm2xh|KF_hYg-f+4IWppPdb9nt8xBv+O~t#9vK zyU$BOkF>8bnq+;O_0?lWu%Hn2DqG(0M?cCQ^kgw$u%EcJ8rL3fiwO0=E`*6Qg4o*S z6VOq2gCVG*ir}{QI$!Q&Eyvqr&g5(QVzun+?s_&ptRk@7LKK)$$Da&s_NhOUsdAfs z4HQcpz@n)NL(k{F`U9hadCAxn{ygd~hk?XB_Bb{Wol}f?outce*O{X%&ULAsmDjR6 z(XNS2yKE^OSNM|<)HA_2MTwzSb*ZP=s-cQrdB;&p!_7Kp7!Bk!q;BLjkHRWd;P88& z03iR2rvm2&| zE!1@f;ju-P5m+x*d9*FH@w~6#`6pD5c3Gl@`B-^?$C=z@=&}Ri-bEB6@|<0Of@b)c zQ5`IygVd^l#~L|RuaRHT2g)^PXhi^_8-Yn$g_yW^HgE=t)faN{k=$ME<`nnlR(gHQ zqu(S)G^0?f{Z~uSVfX0>+ft9kD5mXul9-EXrL~^j)(X3d$}ah1MyU`OPgqQ07@HDG zoZdng!FOL9l#c|`lE3QQtohT1os~3?hBn;}f-_AiCyQNU#t+MrJsG#dp?1zu52Kon z#F^Pdf4-D#^1Linb0ek~fW5C3$BRuXa+A<=5A516cwysB=hnyuVvHlo6)8X*?^?Jy z?J?EA-nS{d+Z)Geyz9Ti?2MZFtxO}%Y}YU&1&ZYsDz}Q{)&1xqEvdd_!6k8PbC|RW zhlf7TLatV3!rhX?n*KknB@E0|4UXdY6n&G^FfxgHvGJ-`?Ch&kg&EnyJuzeck(^W4n_M3xx4PV)KmGXE!=LW!G*Iha zd1WZgl1sbfqL156sB!zY+2?;?C@Exs;*SOLwz05ZwxIQ|!E8tHutoQ5?KvAE_3kN$ z2@Iu0XHT;@^QhE&0Hrb5A*}h54Hr{DkzG}x#o2)hAnwFcqKzU0`M%D1?Sn)M#bpif zWZbBuI2#GB0e;`l`!(}56sM-A6`yJ0n}i+>4)|aD!n^G;|LZF7F!+?KHC6mxaxdkl zgF=-?GpHb{>JN~*%mQH7FS`e&;6bVsHU=>$?=H^}3#C#FZ4T!~5h|ie!9cZCuL(MR z#SmDB@m*~FVxuq$*dF1AM?>aTC8Hsh&1>uhF(on+E|@}rAV8#p~K%G4Mbg_uHTAV>N*aMDAZ+6QnlJKo0m7Y{3Em1hg@B;$&E?~>iYvl~3rV(*}m*NPdvH@5qe-eH5LJWCW zmPHRvypFayBBd^5nvMcxu)lj1u0M;IhEjKDYD`~?WHG#iP(G3kIZt6p zg`A~1qYo-?(VW+)6@1tfhdZdlwcGuN`Qf@Y5>X~>8hq%?r0h3GnyFd{t-XL#(}!wB zZ#8XasyX(~5oRf$wVh% ztjBtoYOCcB(8}<&PsSryxXvS$gvp-Jw3tt_SX$Ic z;{!1@&=9euhCbw+o>{e8ev_T;y_A>bWG$VhP4iRGarL{x`IeQ%#4h<0jr3@M)Hr*I zJFb2_>CwtIU^ua!a@+l_i?85y9R-!dpU?@=p{=tNe`zBr#GW6^9x*Lk)j8=GC{xE# zbW)^DtNorOe)f(aUs5f@O_G^tJ|+<+x4e%mn{8nW%=uxn5y>m) zuKc!0`O}O`D@SvgnBCK)vZ48^vfcBh`%BrIql|Av+@8esN&d0and}@#k@P;JhKe(w z&zxS08G2}IP}Q+7l`%%DeYu>HL>0Lcs_UiQ<>S<&P?zwYh}-!K?5m-V)cUgQZfm*F zROw*@r;_-SBCLlJ$Mj)@Bn;iXy#(vA;+)!#czqJpMQ@el(I~+91ir>s$1J*LX2>N(b zrodr{7vteV1@Z)*si*MTZ{|FJr&%j2D9u;R&zdbu6osw> zJ60xUL{h-htmi2K0p#1Y1)Nwg?-8o_=V0ELuJ|z4s`H+RzO#&_-@i8 ziQ)|TY##{0dg@uJt5U9fpG?W$ECnX;SqUERz=7R`BhRAsaZX9 zpIrWiJiiEB^I16MC9CcWf9~}0FcY&-Fzys*pE5MJSU=tr|3dGGe>T#%GZi|7D5RcL zc%h2_xo-hV0jHm=e9PaN%s(glMi2l&#M7Q}%?D{%ug%8yKgjJ}pw1rUma}VL2GSaj ztQuyx&=n4wmSC^ndoe0EG;zr(Gi~7X+X3S@#!|Bt;ySxk;2NYB`1M#dFzl4|RrmNj z$j2--UE;z-#1-fD0kcJmOqGZau7*u{^EwWK=@zpW|bO-m*gTlH+}P!vqQV_o$P zU_2K127$_w@A5$t%$5K7{BOkjMrkpc; z5?`~BfSWqT($p|ruq7zWF zmfM@?I;@sp%|I0Ij@ewC6s2;0dH5Q()-KN}hcZ;|KJY5!blN`pL^))+Y$52gkanzf zb0rPUz`fBeo*KF3)F&70?@+K5B{vbX&ExZ9U|Z%Nbyu$#vWo zJwH@I67;o4?#{)}B`ImXqtJ0wyX=;=2j_V~;|{Tm`LMZib}kgAx&)4g(Wg)&Js8wqVovAI!Emz)o**nwl2#A4Q@X6U;zv6)d ze6fIsidt0&OEG}lcM)oqU4X&UNur(G@|D==s{Lk!&%ZPsUQdURUU&$@4vbQ@*7Y#$iy75u=396}&e$qqseaS6rET zLp|?W9m#dv6Y7F;3cNw(tD&RsIYxkw8**K${bCqa5_CPsvUlQ=lGdC4+S%(ji8@io zdh9I`;42rAb8f z@$^EzslRD`g(DN+f`xV~TH0^4JCi3&dRX!PqX#r`8WBjmqjt^=-k9v0y66jStn+dO zJVg8?UR;1KK9GBqR)*6mMV0w0!=%^JZt8`4(Ng#z5qI2+gJ^c;loy`Zl(1YVb~@zY z;(4*}p93iLN$gL_SgJ+~gS|JK<)&0Z9QsPqrz)AN zu$y8mPo{j0U-_U%KZq4amcO`*=+cC+X7a!`M&vP;OO~4DO$O_lb}QxGmIg-!V9mhJ zARX$RjuPBW_?=9>~#AlV0Ub(x`ZC6aUO5i%{Pxd@Gs1uKU+jr(f*$ z@RzolXNMP;!qV2bjUzz@Eq9FkWQFxpeVrKRqaT-Oi-XNay{&KJ@0{;ousL#rTRG2sCo*zy z&GJ&s?qXE^)w9bRIu73L8clP?uYxxY?*U7x{Hu22-mm%4;&ii0C)$MuHBTADPn)f+ z`pQ*zc=JWEf~fmX3Ni8*bv$sZ zOvT~}kGgt`iun+vmqnud?F)yop?HnF(eQ1+i*SU+zfU7Cr%r94+L~@+nL)11EP}sA zc|%DnR$7IM#aCeB6Zf>6Iny?1qT-eExe0h}Jkw?J)RYaT|7agkzE5MZW0YU^H2jh3 zvT$W0JBa^~{r%`kSXrdc@cRo6EDM401k#Et>&>;dS0`TbM}46z(%DoswuhHT@^vmm zJy>XS;QnMtWO@Oa%X)Y?(<1G-^&20-DOviFMZ~n6#;j7ZGmY9#VW)iyRf_qge=?Ae zEs{&?BVLhEU9b8y{;oWlE`)d{TK5P)Ma1>+R5CYGw50sWmc{by{BQ-qA0wg!e#Oh& z!~|j0w#;8~uoL)tWa@CGuq-o_Et%OM{7HV{WdAEs-01XC509}ZsNZiD#=MTDZeSM_ z6MjtXBhCOS;BfMG+sjfcWWEX~{FzmzPJ= zSj{L_FF?YaBKaOJM+`T#JppNJ89=na!B!~#tuH^&`vy7dqN9gk?bnCcJbfWnJ=Eb{ z3epM%7yWhFE1~O~a%^6y0uH~Pl4!n!wt7>ff8p?;mtOS*yP~UCZB4 z8`AVn7jaDF!HYX21$6@D=otNn9pc zN_?J*DUxn?XV6V=y(C`8N{cFsN%@|J3CT{TB8^=ly(>y6;nzfPxb=LbB6+Pb$86S3 z;kH2?iTKIXm3aLfnYisQc}UjEO@0Yqi2Rtv)n$Bxqq92tHL{MB#u^23^Oa(B<|K(p z=D{?8%luWxD42`y5-!M;UU67F9>F+bJ{2*BqB)qjnWBGaZgsQBH!QAGkFqHFyVgJd zq_hH7bc~u^$Et#uC``($ohe0^%^x7$vG>J$R0iQxrqsN#vbAs~+$6V%vi3NAqtTx8 z_0|5rgizI4pHMcb#!(-%$zJ6*^Ws7#ZZlIug^hfNqjXIp=_(LiAUx+xVpQ5zwrq_h z^R#ur^Z}7}m~Hfo2rZc(Qm!RMCq}a+8I19xfy$(21DLrQ`4-RP_IQU4AIpQwGzO4s zj>OTH1HwK4yv*CreVYyVU3uL2El)mZ#rbO1OHHCbjoZI&0`e;2wq^z~r_Lu`Hd>UB zCs+jN7gBDXA2nTwk_M7Il?=SaTn$%G@=NbF#Ge7G%yNu>vWA&PXjjkA@k*OS55wte z73pOf?%wxw1of2}2VT_YFDjEu`CJV6$;VgTt`a zJTK##SlT1m$c&+klWwkqDvzu`l^TiE;-}mfmRVtJzYTb*NY}su+*C)u28vBc67*12 z&62YLx~ctmuEh1SpS@v9eo7%h(!W%aual97Qj0OxRoRu%iY8xM>rWB05f6SaflS)< zC*`QEu!AQ}Wwdqgw)do7_E)c&b0astr-nJM^qNWh za=Orc^3A}SZZ?dTE#%&@zASx>i->$OGd%Y(JSJ0r&?s3W2)XTgIV?Q+`c66a8yn#r zkQ()MKdbg=dh#cMT}!Qqo~#+f^s!2Dae;PCkJ>r09cjgEwHN>DQhv8s&TXs(;|ur7eQtn&wHz#>xms`1wYh$||-4tX?NrtJTt0e#$6QP;SOPD_k* z-WCH$7|V-n@{%L3>8Pj~k~7IcY%A@=t`s!>qkUIJ}q5pkcL zZPig16DVf5`rFkg@J7}fbzW*p_C!ee4OQu1(JPPK2R1~CpVj@c`gn}<)Fa)trYu%e25lV+mN0rV54m_Wr85s#kTNnq^X zJy&d$!jqu~HpF#yV8d z4p_KU=v!7B=F1V>i|AHUrXPqR45bwZphQYE@H0#_N#M{I!rjyk3)QlWsr{t%M_V)8 zm&DwJwrjnj2{*O)3A&||gQceF7j0IvaV%*>L% z6;!L;zr0&n*-pbZ)sc(lpnU)G_x5*kZ%qze>&v@zncZ$+*l_scbDE7JZr^IVsmrFv z58YvUD|!O9&53g*LzOAqZZv}4@0#?87gj>=K6xt(266HcADE11Q<9nI5(Q*c5gcG= z!wGuulAv3wr4=M&H8vr4SydH4*t^xKDC+z-Iov$C=^ZHodblz1{>X)0BsRz|u!EA% z>Ipx*zewEsDCUBTg!BEh-D;z#LnI@}G9W~853nQpUmjTn6?l*Yb6~#5&i}-EnV`3l zRg3KhuM5)oL*$PK@;Vz>vm)nR5M4e&wp}Z1oZ6^q=#b;=O2it#Dc%L5Y#>K2BMoYd zHGl`Kijt3Q);F!_qNns)j@GHU(_IhY&)7I-7&1B3u7UP*3Q))Hymk{q`qu3=YjQD% zuoc0S*BqhcD6NUNkseo)vX6nGF6mL{=If^A!{XmA8_6Qft%dV@novO-_WmDPLw|)2 zeT-wXpY!bb^%?tZ&*H;x!w;Y=FQ31zQ^mQqMqBR6#2lE<`#meonCLM9aR5N@$FJz) zNQjmG)GEyBVE8IneHf!>+F^6VBoul;$zJlX3AZ6#f*C@es}})w!7{5eK2U+zIxh{U z3QWLIxPFrf4L`v7thsy$0?XL=k2bFm!3(ue=lIpqL6b#=(IuY?tl6(>`c&;Rb%q2LRN-iQCQ>oCSdF?+jEahYU?!NPzu0*XXZ1_a_UFnjEZu z*2@yI^W^$exQ8q0n;`)=$WzSke-{1IUQ%g+ff^4zo0^*Sae3H>csG&Ww48vKdhI0o z+CDf%?Jm1_-{-thY&Sfgt#I}mx;XJCz^8l2=Ynv+fafXy0mg3etfovg-xmLincWJE z(?gV0hG%54$ly8M8@MlAHCvH|*D!|@HxGiQ2+3|;otQN@*~0fa0x;A!B~(9x`D)HS z99;qciW85nFjcq)b*B+Kt(n8Zv3maS2_YdIPY-TN%`HyhPoyWP0o%(!H^w@~ScFV4;}d9udE&fs>Mmv~ z?UN?alu(tK%cPL&T4f~YkPs=n*1B-yP2d>nPF=0q*x3KIbGF+8wbyf#hysJgPjT@f ziw;)Lmrpsnx(F}_F3bxvA@-1aJ-nER0gkZj!NZ9>h#B|!Py89KmrKpvO0C+o_0#QMXF^P z?<|&`t}UK|5fF`=vln3r`esVl6T+zFh5NE=08gO)+9gVTZ7%3 z(QV8W-ip8l6sPY21~>BY0uJebeHa#jiF&!_{vYPvGAzorTLZR11rZUD78FoYK)OUg zlvL@K5^0fcB_#yu21V(TZbnMFo1sIbJBNX9jqiTny|+I5`|aUl}-yB=)N8qtheL$C@Tt$Sej zNbIk=Zp!DCL#yt2lGsJ3rpEjFYB?Ib1Y!Mt4bYB@6!QgM+oJ$55sLY^2U;fjL*H~> zmIaXWJ_mue7vsY0zw)~bl3HIv(amnVtinN2-UfOu^kA`oeKp{s9}5ClS+SDCTl1aV zKu^k=>DkHIlLv1ekO=2iOh^p(_JXD$%lS*!@6~K$l$E6mX3*9od}oH#iUa_WqC2%R zbZmVCmlvxj&I6fZbExgOKx@ShJfxEq=|+D2rmF`aDt9JMcTa#QlUC7ubV zH9`4*vJI)8gzj1@?f`A!$7)_|`C>lJ41Ree=@S{-qHXn3YAH|?17Pib1ilz~WQt8j3kvNR zyVoVVwzRawZA=$k@RFl$;rM4mq&6q@kF_5zcg@u9-=FE9!U86%qpk5wevGZktMe;u zs`-+r$k=EH+e(Rv)%e?*-Z(uedff87gQ_`|2QpC`nXJN`@v>h!)St%9OZW`hOhqN? zP~m(VuSmyG)E#%oUS(iQq-=o~$=jJlLa90Zds~nuEYS@Y>BXX(SWOo*TFk&w`b?G+ zZc`$UZJ+D)v+jakCoIw8BTF1@0LMlY)E-UB8#G@VCE~JG@KKZI?5{E>k&i)w|!fFEeLvXPwrm(zKc`9(A20W10D2ey!22 z?!cO&4%g4Wua#t7;zBn;33LF zB~r=Np}a5Y^-jQ{#}pkGo$ufp_T_48A8s$)0@4#(r-}F^@CqM;iDxp1`8FWx z`)$dEvQS#7m+ozVP)5R_lq7HxzrvAu+)EUtgf+m>#3xMJ_2Ct1SpUJ`rxh47mkytW zO8ZF=rJ(dW|9@>>Iv5>H@ypMl!X+`edVrxTWML-gu;k9RkQ!TnsL;i)udvnTpNMvX znr-mAvsf`Ywf;G&+~f9j(uf>w&Cb9*6PPN$&Z04dlZy0UF^muTA`#T$jZ0P!enf4t zO6j(=rC^VdY>X>u@>DZZbcv^^*Dn~#yZh8ehKJ*%*n^AR0CaKG8K-HN6mU;Cb2Pnh z6JzOx$%5GL2=8HQRj>JSk!^y(v33RbJ{EQm=#j&;aTd9Z83uE;Ljl`u>M&E679SjR ztfHOh+?T;L`teri6<bzh1v*)SH*NJW}26iOWgOJz1yoy!ttz)15&KgGbw0@EM$| zjPh>#vaZp5PuLCHS@h_nxoQOFZR74*5gCn48}K^6LR?gnP1yg?@9om|ZKa}`^2HFQ zte-f&*1G?Mqir92c{I7R97y@zgh8snK#Q+(=xolepN|wP2 zcScK}s@0sAx6D!9@RiPd#KpkX!RpvUf9qcZb%i?fMhkstnUheuhXn!;A2#j*If>n* z2GKJgzjxd05a(rLCQ8d}V))H$2%fhK-Bx4{TbNzW11T^a^c}6HP%*8$5gJ6x2x`R2 zX6AAH&79bSKFQ_7Tu}k1;e={R8|stc|%BoV6mGsVZ_?M+m5e52WT# z9(`Kux1-!|F)%4hmb~6*{a+jYD&;7pc)fN9CTrgP&s0#aAfCw5kXR@c`Su&S1y%gD3--331(n2zvTr-g!+a2S z6z{|PpQ!sfg-MtUUhS>-zeTs4s`&U8!3tSkbA4`O)3i8vsOus8 zLkNVEzNC$mc>X9YicH=++RFc?$CVz-?K`%YM=`%Dxk42r1y1z&rB=4h2{Z{sosPHH zSSoLVY!sa@l?3Um6pc}6efW}{i~e{u8J$M;S1H@OVJz>4JFAYi?hc!ONHtHm9nwY` zq{oA+!ul#vMpA#9KbZRdjLneqVPN0EhUYJ;qgX;|h7Bkpp_OV=M zME5gDy|pR)H7S$Mec%~j7N_N?xSe^p8Wn`WpEk{hY2!IHuhhtR9ADd5@n-BXtZ^V{ z$%$sno0TM-@a#I_eO-61kl3b$r6}u|p>*$AdG!UB%3s2iR1*^U(?e#%P8&G^=20S; zCg+*>#D9-0>pV2Tpj1rm18kj8ut@joWHZQgkp_#49%E!q!;_01+UakAUInH?@!L{M zC(F}L+F#x5lJFeGxyn{(X7qa)O#q!g6XP(pnZx__ku2hq&0~d*grUW2%^5Q#?e=tLyAj(@W?C`^-&`&Hx9xGx zzjTZ4-0znxDp%YHpacZmu>vot0GcdOi?x_RWpJI947n|*q<6N~7+mf`Sha=js(kxY z%1cWOl@}9GR;$Rtw-PEVdT=5uPV`j)%5WG=iZw%8cx%Tck+{1kzo@6RVWM}jceY0AanqGE}(L&gP+}US`6B_AP$inA!ifhd!nI4x>N-@Cj%H-0vwclxt2DMxb%7x@x%|7!af>L1K#$hQ!G2N*95$ zJ_1;CFeR+9;5kpvztF8 zqaUBu2*TDsqcb~bOZiU&*H^)t<~Iz?7V)U;Ic*@L`9Qq=Y}woYms#|iAcXW=xk>jv zL6h|LMuqMGJ)7$_=iO7y#6Vww#EieYtQnp`lqk|rdiX!XuvbYjpJacftgNgV(hbZ= zEvR*43o6y$2NwC`kbT!)iq6Agsiw==kCC3mxXEVXNNH&i)PBvgETLN0Nweg{=f#u})dEHmklV)g*(-UH$nVn|78 zQFyb+q5S{6*`(3_5;sPUklmoQ8RSXk>NoThN-vz+@6~gsB-_66xzR7GWvpE$gzj~u z^^+M%IAiE=eqsYQcgZlMTg-H3D8+_s&}`u8XO`wwrji#rU# z)pPnJMy$}UKG_soeJ)^frq`me+3DxOld+yBJ`Bxmu=xM?>pc?;SgrDGxJzr=XpSg9 zq5FdTir*==nsTz~VmI5sW;i!urmf0%hl4QZ&rcL%KMci%>ncXd%56;C5bMfvJ8knR`yK3J`U0%kT6L@5=|R|MnUGDKjbl;QZteTHixEmjKE zmZEP4bUn&zJS2IL?e4+xljef~ODm_Np0gxJx{{!3^;xixYDL&KxC95i<+tFT5kNsQ zkgdrG4pmQfNICV9#o75zos=jNF+(Ve!a#(_Hz+7~jNY+_p}RL#E)sg5PZ}h{m#e9X zBUU&dh-2hL2s*0myVpE@KE1l(1VzmoFjj2_*$2pto+nF2?-#72=4f>Y4 zfdt>_$8(jgI*T02R55-7ja8IUjlKk>Px4GJwz>Gg81ikyiJ70azm{85GB=uy2s#D^ zAJO4Pv8Y!|`(3|FldWY&3&ZvwahC@DgMxwt&#jwcroey&A50v}{TqjI5v9vQrYaSI zOZ9tPi7ms%-!Yvegh5pbRS{! zMNbtjX%6-VWd2<54JIuW`u{Gx_MP?B>eU#X&NyCXjM$ls94Chc$e-y0J@F059yz^l z%+Y{s!WH#_B=SmTu7ln8Qzqnw%hX4n)}@pChleqs>dx0#xUd3PmZ5u9M`cx&0jO_p zww!2j)h!4tRbp{csTZ5F)q$Z&BU2{Wm$qVTj9vLoOa`*p*494NEm&c;7p2|ONP~cR z-?w+<{I+e|z3MJU{iT*~*2V>+w`YQ$e|F|2Ihw*cokCsMOR7fdr&X@+JKGwmeTkSs ze-F3pn|WdeXrlsh_C$V+uhg%Pv{1-(+7sis6f^%8`Nc!2G6%H4vp_&ZVex;+ePSNT z`@10NojtW6F_3*Bh2Bnz9wJJxatnPpNIXa;Iwrg^wZ1}-m5{$!z8&NGECt*mTE=&u zC@s7gTYNq8!94U)@s(DF@e&sq9)5Nn_iw%gv?0^9lJ9+de8A~R2J|(k;roNUOpotO z<6O~Td2<)F=xy1!(w=G;tc8*6ScNo|XV6?F{IvM`v5(94uV5zaYK@UXb7oj^;g3F$ zO3im@W*JG|S;Hm06H14^@uCvOzJsCv)0(C277iWyC`$nQ#X-!06$ADATsnANQ|5vy zhIv3@jA!R?nN?~u7lqu`PiE=4Ilvr-Mg2heLkgqmTRR5S1NJ&_*%%;gq~M@R#6b-O zbQ0$JYi)w2X}-}GozXa$LzoWtoU5H!L^fv8W8oez+S_QRgXcw5BM@=JU_va)^$O&c z_jMLA<`Gj1J_GF5Kmj&T6J3NsRo2>^Z8zC-d49CNk*u4GZ9ClhV>M18w2B%B1s0Ebg}-elKu{meF8Qibd@e*-&v^^R#a~%Z z*I#@NCSgW>X~6((NL-_nz5}96p=5&=kLOy#X|*ctce`Bg#~pSzQZ)zH`55fKmz!(X zs`?6t$V+knY1lMJOI^3{V|0R`DMwX#lCYy;L?ZYyt1nGezD1>ut1v|>OMC}RYCuj= zT;`67XesHJM@P(nNz8q7n&wb?OhoarFP(gaePp;)Rm5&xvAZ(o z&srVEpqLr60W)&4i-Wlq533{@HQY?wbCrZB1z!dfnjt&fN+GnU6-?1#x+=GQLm%f& zH#D@jTab0_+;ck?;I&_WTRD8|YM1s-fW0<4EjHA7bQ_DL{M4UvR@K$3V?592Z^7VxO>{q4ik(bfJ zONC0ATAG{lofe1Z=Yf*R?s8~t)LZ`HqA!2%%~B=5fd|Db61ejGms@w!uaFN}MEHAm zL7q+n**N=W8|6B1T5TRFe)%|e+@-C!Xg$&Gw(6!nMt|nStXCxRZHH5H2raG2Cx<`Q z!26t}to)t6@IhJ!8aw$KKAwgG+K(3+uC5ri3^KdMFW%R+j9Zv=)D z7)6Y`%GH(WqnVf~Ll_JCXIVJzcM1~NgW(^qWWM`}I97X6TSEG3;A)}A1=FGs>zKZD z12}_T4uKL=Q*vwMZG)CDrN|b_9=R5U^xH+8S(g@G*K~het#q)$SRSVI*n;)OvSC6Y zC{)QGsLU&iR(Dt*6dNH2&ZR{%sWM?&#fc7C`svRx))JO>Zj~ktF8IFd-)mD}pO%cmnw3S>HiL+#OzE&lT`NWg2}-LvMLzr5;9_oZ#|PacXD?xELZsmL77 zWD{VTRRBN{J6X_U+`LwG^6rRzOWDNHqzTXq=4`bp28`3KVlc%+K8>f9*$!PFvu9j9 zHk$?qJ)^#m;RSi7kQNp+#VKi)d?o}|^&P$wwJNo2IO7AfGs7`b;2G*jF|c}Ux1!#; z7ohm#k4TdAFw84k)a11l;!;(7HDZ$e^_ZP^BuF4jK;c3(ebr9o73bt!YXnBQRc8$BMN4L=R`HS`1ad~Tw zV&*`|9ZOx5;(#Amn!O|>*SfN#{uGOea)WlC zlCeh4AkT}mQa{_|;wO+L<{;wv@n-cH{igWO!k6t4iWm(P8&GbLBZjZd16^@;!YrFg zVit{$pyC>P({-$Tryc}RDH-e?AAVOfiB6V_9FG(G-_Q5dRf77cZ$(PA34P4*fW0`M zd{v;ZRWrsBz9l1(7}{n*8Jg!`nT(6^n4bG!@6){c`S9CL%D;fjQ zPY%f$(+Y)%(F~=NJI&}LY>I+xUEcdy$f z5m~kqO~lc?q@eHy8IEikgOQI73Ma6`YK70H&Hm&7WiecCjJtaEIcaee z{qfj!{caF|0_F-MJ&R!2cJoY3VPHT@KwJ6)?1ZvXJpKFX`mS_{C6kN1a8%%jQMJ%&*U8 zeuOYNyur{cZWi=Nc6}yP?TukpS1QwCUb8an9C2~q%R(By_JbjDsQE%c07Eh`k%t=G z%|RS(dZ<$08#4oF@;_g1qi8y=`nw2^fLB9%V?wC*;KbE-yXxmc>4iCQ z3X8-tOg7m$&gOV!)^&pd!a56_cO&^f>&p>1U*%!KIH(Id3qOOJia{op^D>ud9N4F* zB3$F`wRa+n6*DD4xP-tRh65{@H1>nqVmPJ1B8VAO1|kVtm7AJ^Z_Rz~6vb%eLNw%7 zs7sMc)N*!lo-3Jn2^0QqEejl}2H*hlatOc92i$04leN%?(+dkm5Bs1%53%^+#+(X3 zJV-u8O;w|I`8nDJ9jkRRp7}uC^6Ey(gBte~n$5Oo&?7Qv1+s@#KG-BR0h)oZpX7?4M*CveE`d6T4tj=|)&cq74B`Ew?GPLJn zI^&HCdq4+pK%Uu|Z{)t)x9mx$AW7BIKU87E3vjS z+XDb?PB2c;A+&No5t@9+d;|aVujoa_TuF$8E7kw=>B7Ie)eCb?vqhF->f~aPyNV&r zdELDFZ%V9ta$PSi$anTyd&H)O0EIMs_{4Bc_Egdxl<-@(GNp6Zf@E98D#Muym@1x% zO666yl$0Qo+S*u_22xv&BXa= z!xzLvvqJ`UwunU1pV5XdZ4C_#?UeRAET{y|COyhkajnTXgTA2gt23O@-~}khR_F7* zHWNE_*dxVS7sHtuoab7#=%ulT#uKV%E*WPKEnllda}lu~YbnuG?~OYdyc&2qXdwP; zr^E9cNVhEg8cn`jtyTJzg|W8Y($X?&L1)#l9wstqIt|*oDQeJ{xaf3{7~DiMmI05jDFxcawJ8D z45XdN7?rZV2Ol~2t8*xmCl-}Wx?k=}m7`K6tPny;DvTb_>`hpXJ5+VcQuv7d!|UbM zrz|b~j_GycTyeqhr6LY|a$!F3xv6>TAx)eJ#@m79lI#0*6hv zEAN}}v6RhT>o;Mc2@u+-zG(kz>PhKhMy3KQ{@<_Qy{*NTfm|22$KI(viBwvtpNekQ z_O~YRNL?sevv&$wq-9Ut>J+9zW8plIY@xYMOq{8;b%&9$4!B@lAQ7xe68rw|SCe!l zpDB8Ay6%mD;poB}4dwYF3va9(W8V`q0lK;ov6qCTq<&=P`}9hn8RkN0VW(Owlgj$t*?&0e_!tVwp*VxzKm$iMLS@vw;g%d zudVjJM$IuRSfJ01hj3{rX zy1&03{N#$j%f`J%2Q=Qe+&yNd4!vCjEFZ6azQv@m)s7P?0$| z;Vqn;s+UnXEdDy%X~Fgmht?p9cz$kf&e&-1U>A8^1KK!IoJ%rcVPR=nf4&*b=6&yM z%mcd*&_+XP#oCWCJK7hZ9Whj5K~-+M@>t)zSH^=6^1; z-!ECptsbg$FVOAF)Y=Q3+6M>BJ;sDve|?Cu-tQ|u8i(Ms@f}StS9_Sg z#7wW;iGS|T_Qo~0tnVhdRe>BGJZDc}B;$yFLHs%)VR{jn#jh^=qoXa>8^Xt0o}Qj* zT3c69(;j=m4`giv7mY}hF6~zyY^~3?gqx@H$o{z;>c4Tqt~}s;R^te?lOYh`yLN50 z_A+bbdoZNBdGFh%UI_LBZQFx6dy5X#FNkNLAnGY6bgZJJ^!EaqX!!kZoat~%PP?^6 zq~Gnl*8fqSh`CnVWNdDkyyY*=IiAL1AycsDMLxoqmv_OPDA~ zI>r-NdMyXjmVS*+bKg%lHL1{JbrZEJjp3a?e?FgP-}B;L(nJGsvqAkz2LyyGlsumz zGW17xXPf1k8WGM17W<7+Y?~V=o2{L1w6z_d2s@vQ+2u1F*nE*_MqaPW06J&()jwk< z=asqvxKVw#13vA5<%NO4FHjR}nR#b|PdA=#!`Q()Pc9}QkvTpB*DwVSGRzF0FGp&q zj7@B38E(hA#V;ppk zcKr_?T3WJc*-tr;Y>!u)k+CcziIqWScD~(pore7mI?$5xNCiJgZR8oMa2IEN_n9cG95OPX9 z4WP_piF3(JpKUtTeUrV7}_oOmfEAi$CXeBSfy>Q zdzu0Vee(Oxs~Qdn5NHo;EixIrV$l}o%RLd7ESRV{cXI?huY#9}w{SI!9JYv=>T7cm zHA}gj->o_YgU(+@{P?C*_wCKxC6Z~|N2aaH+OF>;DAB@MDhKpR*;*d0xus`VEB9%} zqtPrZW!ul=-n87cXS@4kJokpKZpSkdg8yS}%-V)hx~9>*a%nFboc$4%fZ$l z3lE7^)6scH?&HlBNtn6BaPQtzGUF?}74F!QP{m`%a+}qj#S`-E9@L~~lpqtUfH3q5 zpCsKeL%r+`t(L=qfvTC~=ImXYOKO(^Mfw3OfvzeEJfH7{H{IKl{H$F(y}hRgkmhy6 zhKV0eRlF|6E^WlCcvQ?$r1wB!DrYfh!mTkmQZo>4Q{Ut#dg`QNd&DLcV&@ky3i zQ3lN`vu}7BWQw`zA=m;Zn_Hc~y1!uMRBlT8e0-ysrIL5X_hc_EOBM~Q@r#Q>Sd5h} zO%wB(9=B{w|H?{%{v}G9N|zrbhLf*dg(M{<6)b4k){^{LGWKTZ|NQKKf3%rcmt!~g zgu-PtvViYJ*nN)duQgvXhK7G#V!XqH{m%T->9w%}ED&k0H6{LYVm6*l~kjP)i(}Ja&;hh;EqV_`uX{Nvt1zt%M1y75oEQx zdG$rRfGP@5|9LK@FqqQbylMH@hIcsgd&AEX(O*&{6Cf!CgBn41505+-Bo{d&!}BWo zVynh0Bv%6i10QXDyVt*@cHYa2$A0}Ljk*}k?b~8I1MNWc(-&X#XI=Fv=oC`l8Hi7# zaoJ)nnVeJB>L0KO!V|Km8q~7F{V`#M2bP_nuet*jB;dAd(=G4LzMiMBn+%WC{;@gX ziV3$Du8`kpogqy*J=1B+WSH_t_(#f(dP+jQJi)f+!>zJ6s2dAH_$2^;&t+W7pfa?!$Ksw>~so+tfO$RBPgtVv0+ z)^#Hyx^9eWJOgLBqm8c9K$a%so{Zj*>0JM6^XnYCYWt+z$b3qRSP$Tzt1PB%|R zD)RXKt%HM%)N-i1rYAau7|#x}3Y-W$fBt;&dg*wX6+Jr#N9Oq`@rhzHhfUiCTN0p# zd4n4Q4L2(u5N?&L`0})CZ`B6Jhkn>u8dM%d+(=DMo~p7lyv4(#vfCe7Iw3F1E55n} zOxJ(NAO|nr$(5S+hI`WF;~OLjjma8BqC+_i(`b_TY2JyhtsBYV+cYRh~PG^4|-AfE+R6F>n6&rI_3la-MgrluU7UZ5^vQlx*To? zySS$X#P7QWwb=H!X*~pqLW2rAnx}B6U3}G>g3Bi+(fXh~ttCD@oVH{t*{IiGa%7y? zYQE)Lx&7#Tf)iy7w?&}SkDy4!I$}r(4NuSk8aWa{l;An8W{$xAHDTEpzYofYuU8%B zr?gKTuYLaf`Au0|9JzF*#lxcGjNkR*_T*V?9Gv=t5xpxHuhdZ3jr)R{YdY2XN!W50VRGE`_3Y8$&`36s(q_Bz_PN5gN{wLS7$A#^)>2Zw!2%XCstp-3T^ z)_zD9K7L<#g2oec+z$J^5cA%zJL%01V35Ii=JC$t;L%pQqxa(`+Xh?elI`lKs(1BZ za%$_!^_9|6kvCMnja^G|T0>Qa+yh1>C5lKlVvX0Q6P%76NN$|0A}ugM<`x%MaZ<|; z*rvqqD$^DxyP)or;fdeWSoW(?#{B_)OGy!bm8`}*O26y8jI$fTcW>PiReDAA&g9w7 zfiFGXjNg!os$%qCx7r!+_i-b(^D!|oC^A*94*V%+w`~SBeVph=eVUpc^Zs3IR(t%P zMWggV{GQJhidyh#V>2DPx4qbZ88h))cPmK1UEB3QoLT&@IEVQ`-|Li2Q|8(}z*|@` zRzIoYO?-587f47*c%1jYEms^aW^Mpu7PAFq|4M^?pGy6a>9qsUQ>tws)@DKijs4bY z#hMW4>Wa#;s(d?DGT~Zb3c%18An)B_W;U3_6peqsNN+#=P?dnK7IcH{VX=7sBGA@* zjk+Ac1&{re3jo%mFkX`%^!MMvPtvNT35t)`>+tfN_RIxNj<#+95pmH5M-9RUq(E1i znwv$et?yT#96KEW;P-~|&%^Zh|37nyqA_(j+PB0=@bc{R$y=^f?PX{+euB9*w-1m; z61$;yh{67s8RaP_j8-VB^yoKka0>~!XaAHOVrQ~rb7Y%6+6Kp;ib3=wK}ka+pgA=0 zyIIM&-|xbd{r+s(v=HrIha=4w;bUnP7 zmzS5n2EUhpo2)@u%;g^8(y^v#c0VL$CW?Ri zBCICP9Hfe7xphOVMMo{P8x+`_A${m^JtTqhxpPf3mcxR^zX1XD`D4!+wAY6pEisl1(PSb0neL{fU>KdyLvN-e5l zN{*K}n4$HlUqf41PJmUC2=8 z20(<3$@R{gH*XYzWIgMIk0#HKt_QLGvU0W1=u@uvU}>iZMtN|%l%;q_%B-+bWL=2P z9yYevm{%`6V$!O-p{lC7DOB$=tPYThhB@FHnCf^ukps&Et3fdfwUmpfeOZv6Ou>t+ z&MTSl22UDFOqD$M*mS~5K2>Sd=LUV%eo|$2Mx0>8h&hrZZ&^+_860Aqy4R-tXIBD9 zdCy>03``m4MD!366YFix(!Y+i4It;U#s+RgS35g=Xe<&Du6jgt*Y`qiQdA&iI#EbO}WiN6#t%;_1ZXvAuy67Ip1I1J-a6-_UO@tocABXm*T8@p6o-+THotHsI?9lwkBi$G=3EkDTZa_tt`bU7>)2M$K%(UK@myg?P4xBrOLZfi&wt0+R1-JqtXHpX>9tx~uJ*(O%7z3O_Q zF`7#SRZVb0LZHfu(1%8rGv8@&7${rK&4vLVA_eHw(*?CV1C@9LD%WmpYi?hxeph&7 ze}-o+Onz=fKQuu*2*M+q+kDtRqgYAA6mj*S-1u|$AV@?Qqjr2~ zrM?~QO|U_a=rt6gO+xr@UCkE@Fd$2JvWc=r@(PjzSuDPYC)}hr?S7e64CoGX`9*Aj z!g)vT0NE|EB50KOZBg6Z38_hX`&_i*lqP7FvU55*I>y;8gVKXJV;{GtFJp2P965iN z2_@u}nH%M9(=J1$IvxV9kWjwui05ndr>Hl1oaRVQQi6P$ANQKGa&r?aYgnF_6*|yA+Fi;WvE0DY?cl|- zXm>2o6}IUe#~J`6V{gL6r+8#*G+Bz+LEW8)Mce+Ew+(O}>*c;D)sHHyS7}%)u}vs{ zt_wZ*hqz~>u$pXMu~NL*)YP;Igr&@c@@QVG6b(5XaG@wzw26m`I$U_8erB#@{EgHB zoSO={R=U+Ht5ZIdOsq_Io>tAx~9FDrE=Z1%eGg2#o*W=;(Aun=)SBxsuU0RtE=FouPXMYXEG8q0xG| zcM^r&Tpb{g#K>zM16b5_oPn%>vAoSZJ&VY_B6H31#eUxvS9#?8G}nCPo>p1=%TP2_ zBXa-@-Y$7&npp*q5YIAy9##FZ{ZU^1Cg!{y-`wo!>Dhz;#DrMRmzpc?Z?Hh1)e?e( zpXE`w5B-==kChu&AwibE52Wq@JHYD@5G500osoZq5UzO8LS){Ef<^Z~DG)OOS+UkLjGS#z3^o zDp)TZ<#_VX&B)5-3apwq;-#%wnliCcuA$aCgIh1^k`b|J+$=HaYr>zy8+CI#fU(0_ zfg1a)-Ok{3ICWZV>W}l>$aSd(=TvV0eX=Jll1q&^`U2CL3`UW^!*ge|Sybp(9|MNl zdtxnnkt-nY6{4t>Xg_^1&h>C%AF>t8VS~tYT0v2TN7V5 z7%&@2ql`~`gH(0W;4fbL*q;k+IJ5D>i!-YvtYC>?LPhAszgj9U!)xc7DD>Xn-zser znW@aG@n#`;DBs}n?#e{2lN|;p|t8Cl;=qx9t1= z(sa^haT=5PRpbyyN@`YyGvuKCOTT`&jlb`e<=2!EQBth7-N#m4um`2m4CUNMmHVhQ z{T-8M4w|FIBBpEoqTWqrX_@7#^m*Ed!_CVM2t5lb|CjAC&8{9i7gpUSMNG%a30vJz zGCO?4M3jLT(5S6VT6JegOG_)qx$^8G-bckAFEeCu^ZXsxp?fP1)uTESk0c~oT`is8 zqt%rKowlvZPwKaBQqK5=GwOT2b^?Qp2*TC|ldM%1n;j>7;b(LYdq$RjmDrOsNHpWD!!kOxJ7CCWo!j5++*p39Y|u zRt;UqV}?=L`f(T3z1={5@(gePOM6L42OSjr>4T&F1;@5OR$76$fcm4cSlcGS6^EZhTt1X z4C6khWGwaN5x|x7g+Y=gC%j@!qE$3(nlCpx__MA3*GLiL?<_v!+Gh>?KBB2H$dBQ~ zc)c?Ih2ItEw$A8wZXVa8(&gO6U%|IjsvL`Kk@F@<@?=LwUo(M)uSD!k>b+(Pv=QnR zwzxva`?mz3bpctR-ujVMXR`ypt!bp56HVO2>T*H90xkY)K{z+{-}c|6oQTL)?=G>> zF8p@6kF>t}D)n%A#**tbk(tp-f%+dm_^Px;&gC?)1qbKJdY775CG2Vx8~0ywJ36j# zu0C&Bc?@OPd(-YS#2WUWmkGE`hi>kj5GvOzopZ;f>0^A@Ty%aoo_BB5Dt=9PrMkjq z&D(55kJBBs3pnDht6fB5_IxH%M2E)6(K31Z{-rdVB`%)SLEaIzauNvK;Aw}Swg!p4 z=!0QQyI0I8H#vJ)or1+SEd!Q=@=8?;c0XCYaB6C8&+cuw_z$O#0)Or$b>a2zXZJyz>~$jmox&#vL5ta|3#o}ez*_=i!16UU zRj)fqT&3XU2b`O5C~axs7ZO3_qpPc;*)~mo?pw-$|J`}!1IZ1(S!02tE)SJ_d$t(W z7@elB&;1!sB2}_^tk*x`WF{!k-qTbz>om<&D&urZT0za`pi zVBokff9@f{wbhW%W0A+9o|(C%0VKHy7K_&LZuc|f&7I)H<8L{f9Qmp9po+qq5$npw zDINUhMF}^dR!$a1hk2WLH_XVc+&EnK!21SM5vo(pkbW7bF9P~A_tdwP%Lk9*(K8)t zS^ld0OSXD_Ho`08RTATCcT*EG95V=NR@T?CRegtrJeLBn*LTY%&tz#;WzgJaK2yi2 zoFz6R%I&M@WYvNnA z+RiJ>30-gy%C$Niy-^o!gR{;ZX79pZ@v4T$TcA0-(Nfg+?JlOBbZ1U|G_xwv92w!` zL+N~VFOZ6rQS+Z}AlgBE=rF-)HJC8lqI`i4V?&ftQVy98xkcs1h3T0YHoH}g{-t;^ z&fzd||ErWl-q4VGxWh-!Ky-49dZTKzPsKg@_C0|@CQ*$t{&(PHvig}|Px&pDeRzn#g|8FxTey}!vA=d|izujv$s5zgh+ zRtO^sPwq5zqBBRhWZ5zW*zt`5Qn$HlvIQO8J4_63Ga=u7hYE4RQi7UKbbF|P z+Wn=L%wC!HkonA>rN;$c7xRFr$}PuCPFZPk){gg$-`q}w3SV_UR9eirY}qXm8!8vk zKQ7*HXBaRqUTM4RG3#z0->1MSC@f3`y|9N;D?Hh1E+YwyK{G#$0XjLA zn5CUaJ;Ci?IQUNpLVr+W-N40*7xzKR<#in{_luux(eMmTP>7Q{=-S-Vt;Z&5+kMFu ziwjdS%#bX-#lIy%!^fxAZkdzx+$K}0|4cmaof~1lz^S6JFE|sxp|3a%ZRzxJNoZuM z6xcFfp%h4SB$YiUuczBl141pq$Aj7#gU@}0A_O9RQRdaZ;?xmqjMC%%`l;c|VTIQ{~HHW?+hQ~3Bi68w)E z%*@+6l&S&)=E0HD%ChBdYMNHOeLMu}%)1iPJ4JepSGM`~D%H*|=LiI9!qdv75F!T! z!2WSYu0i{Er~U!S>2Ld@vxKxjPyi%J3-N#tV*>&Y0wAFqke_n_HNpd69_<}RDts}p zb;JtMay|`R1oE8fL*r4$B{TXgcGHU&Yntgxf@?qB8s0FadgDt zt!ag;CibYs_1Q%Sa1-mVEt3c$4_5RPFVYwBbjQN0zJ%IclgPKlxlTmX;_6X~29s5o zZdu7leMxh>(qxbYBX32x$M^$re0bUQFim`(T8_hWO&uK( zD0(On0Umf(Q)y^-* zyl{MQ83YvgE)C~^i4>;Spr_3} zw+Kayyy^ZG192hQB#?>Rqw8|Bb8|`Zsj}=3Os?w8T2vp9=Altv;N3Gyp7)y(h&?WF zQMeA6Fu(Khuwj0Wt*q>oh?8RS+^R!{=kjh39@c8I<51m5o8J>JS~_vse&)Q>A2|d~ zEKEO?DuStId3fy;bYU=u7zq)vtT5VosKpcgD6pEIA2zr`?bbXF6n* zr+=|%R!n!*ckbL%H&e+1v5S4>8S~Rp>n+EVY_?T;xK<7U{*Ka zG_=I=MWUB-iyk{KTVgU_&*p}e)!_oHNG(SaEyo36z(_4`?Jl(TrnVYTp%G#Lj;Urp z+Y-uNvs_-@XOH{kU{x#(#koOLTGjlGAeROz#(Rbx4A?D7}jQ&40_N24)?AHk@J9f*MJrmgV)Y{+mewIS1KaVVY~R zAM&kU$i#ne-w);)%Hi15YyAAm{DNd}zcaOFY(lK3`%niDyAfB50{4F%Wd|h3l<$56 z&P{q}TErLh@vfepZe^*!friR+!NAqBc}k2xMt)LJ$@%Q|2MXAf!ma`UzOo)W%zVg* zY%0Js*(=s0KN92PPzgQUxd!ihkeI(r&O21C9?&Bb{q1uL)sL$llUkZD9DY%H*4sQl zvxwiy{hF|qpY5-M<|7!`#^L-@{fL@|`C`POrs2Zr>5aukzT%g4G1198MvaGbE;&at zxyA!&k-L0PWvrKIa*6O(-w>YRH_rWkcsk2~rrY=J{}c%Y=@4m9P*OT11PLh>VT=xu zaFld|gmg#=g0$2Ij4laj1Sw^7*XZtiuF3s>_6pu@-#F_!j?Z~}V+U8xr5~-8u zb4czKnTU$SM(8mgYoOfhuvDN)0a%`j=>EU&? z?YY?I+Q3JorhkCDBc?Qv#$t|SIB_RIGj5#oFDTvGnHC$o=ZqFTv9%mvyYea&Se4N8 zxmxlNaf`Df+)tinxmM}82}gY@=G(_F$w=QRoWlIw>k8v-e_OtI^vUpvDILM`Y zMivdGvIIh4xl_suCoH-i`lj#E1QhI6{U=#Wvgws!hqbkLnEcE42o0gEjFB|fpKo*& z$a_wGcz7Z5rzMX0_ZD^sX&-c{X)iuM?tLHh*Kg`lILtp}xZ^obmZ<-*2Ftu&Zlkcs z*+syQUq`_H==|*?yz7pJ z&O*CMr(t7&p(#y+cXxNU03A}xHVI2V@Is;x7c3KI&vnMGwztevn@;|d>jekn34(|E zpX!7!j8=Q|gh2s$rnerXoG^HPTsF5{ zh_k1baL-=Dyfn5G^W449@bvoBLVgDMl4G6ssKxh9CZr@{P4&`3Xk#3-o_=BR;hCmy zC>-S=K_6bIU+jE2E6nAJzj05gM{TP`l}6U-Hnm7<@RBO=0{W!u-TA(!shMehncaH) z11wIB;oG+fN@GN(FY@Z6a(}MMZQ(=~WDkc(0c2`xq}qve}!2R@@;4HU$e-oYY{i>Dt;Lf;PQbeDUW}LXV88P8N=a+w$N36=zPfNi%TtbQHr+K+Amk3jlzkfybLK~Pp9^YY&bU0g62`sAUtEubkh|248 zY%}zjmE&_F&7!N?acX#x)c~2T-x4(TJF>MeQuO{W|1Bho->;;^BtA|cRs=_u%cEs% zHVr3c;S5p+J=saYcZM)}7YC`dFbLwZ6^xRNO0>$o?)h5=8HP#w<2==PU$c^ZamL-eeKaB4+7UzfAg{7li0zU+f=-EK1tz@s2tW(#y@Y#9lolu zhsvqKpK3BVMTM?@88hd*5|I*?bnMxSS3LQ3(v=`^VX5ljli0$(-N1!A^o}35z>*bi zfNS7E!Ra4vi}Oo*lxQ^K$48|fJ;Bt9#jdAiRN!{HZ=V0(?c~{W{U-ts4i@LaZQJoz zYyFv&FCg|IB`KJt;O!>X#E#%k$=%eMD2g8{XSG9-^X0WT3a)mat4NG9U)$ncCMMlU zRy~;Cv-iLGPTcV87sGEzPi5`h7Yks`Moj{w$SbP4czL9iTJji3$C$3;ME()eC4G}Z z_5A;T6Qlla3CWKk7bc&LS0>WBP51z@I%TQ8#5dLs$T9Ty}%$lr8f%d+Hs% zy(7Ga)`~`jYqiQQ(f^qgyn`|X%gQ3X?zN4=GU>Zw%(scYOMZ8RwM6=_wtD#4UhGVW z2@Oa^I_*HFa)^q4KX3Y;4d2ky-fa;#cPsf*qxdLzBb;SyPb=p%k8)I5E!~Td!>E7k zB~IwuwcQ4AtKR>+Rjxo>@M8GTqo9&2AC{ydtEUwg%(8*Qk|u3QmA`iKr{dV-*7RKM z|Hb$dqH7C4@OhjQssGT@@Moz~?lxW`FKm$-Wt;-3g*@k$6SL1w^r5jdjka~VgrRJ# zC-NUmH^X%m%o%zIY|7}CbkPc6{h$D^vQzBE!{XY|A8|Ci*`u2q(@3qku*-w?O? zYTPx4yL$sw1%J83z4SuZLE1~rv-%aTTsPM!et51me+6G9tu`@!Uq$ZL9L{{__Z)&7 zUxS=T8~qwJE3mcQ8u+*xMGa5x@OT%7?BQb#PZe@HRh}Q>XqGyc?LSx$hGctzCxuP$ z^#7g|Z&r+91rxs|c`y?YAn*Z}MYT6?ZhDh5H)dkMgQs-kJ3>4 zD(wHB*87F57y5@*v>^x4s|_~f;-og!sk+u4uK6}>?hh_ng--o->Ddy zhhnlu%%4VjWp@~Jp%ap;0Xn@N&JVBG;dJWHJIJKQ}FQf z@a%j4dsJ~+C95+A=Pn+Un|c-G!(3PN3gwb~$lcMXCl(uP4S;Cdt?`4EPHcz4Ptuab zN))b$>Y)qr(?AK;XNxSEH_fL<>T87kE^u5mqWxN~p-K|1E^ZjDu=ul5QBc*G{?44a zf8*#5fgNvKlNL^4z4XdpklMFG)(NIsem_X8rz(!pq}%#+Wp_e+8Ib~hgXb6+^}mx_ z`&|6`x8%1^bulu6K>?b@GZBK8cIDq?4>ax&`yW1!thlQxqK zh|K(^v=$GFRhsWijT)T1J<9>!3 zTs247g*NiRnfYUH&G*Q#ds;Z6__|?7cv5Z*GbdeZD9;AInsqCO%O3-|?9Cpc8x>yP zCymHUk}8hAK5dCW6`p8M_7d! zT3*Tc!Y#PqQ03B$S1S~Sh%*se{!6hsL)GZVoXO#HNR8z4=GzEeB3DA=C?_b{f;wNN z04F2=jE&a$_YwFg;**X!Ym<4SNhXvzsUyFV-%c_3TQmG;Lne5%t_a#ol+HpTz6SSO zpo+Sp4jKBO2J5nDj$J$e`gF z)6Z+yRRQoxF$)NgBSMMb^rW)=r#%&xc6rs+nQtr9>T4&=hBf^UTkNQOUM|cEHE@ac=1XmLz`pu)G@wa zE%=4vv(HIz#s2D(;BWkQnqW!4d&Hc-({Ma-M-bwrM0c80<20#%Nk7;hW5+ogxST)f zQbuifn(B;dvl9O4eJ)*B!}Dg_%=8yaw3IWw|BykEm z=Jx-BR_5uom(5dCQSmk>CBA(jHatiNN9%K)GaVrV@-ml7`|fU#~a+M|M44spQ*4nN)aGEQ9lX8c1XlUBsYpac*K2!Ql?a4X$C4aALi zGwwMI8scd|Z_BXlJS&tekg~EiulyeBs18H+p9Q>3iy9hFV3Y|E*V6B6UCJ=}^9FUu zvYUBBvl{2E(buwDh3cy(l8jixzr0^-$D%oq1O0pPzv8TWG`RNIQ%;K+ye<8H1g9Su zk^eUBA5$rq792pc@3?t>J9IPqamQd!=7oBh_2MV?>yC_#^mP%NH71sO_5u?cF&UYE z?%`Fo`*{MMPM>1m&r}mRX3at`Jo4!G2fVMb^Eg-|qJk()OctuAe4|~udEH7TL`5it z>4XFoFWI(B$OT?mAahn93*YTv`1bLQ;pq=|6_;BsbfGhdERqo>C1-3|lb zYAm9$sM0J;z!JY$R6ThLFF9cyAuqAz+?AjzzoU=ubu97VUpWAa>5p@IV@`go<;vx% z#Mj($SN3y~O&zE+FM~~x51NvSYC9kNK5%y|q$PjleoxMu>Rp(xX_u^kOOwYlZ5Z>N zj^4cirLLQO(A1^Vz4#+`<-_PZ?aZ`kF*8(sU(YPixyMb9=FHj2?tj9wvkOjwy#WQ~ z6T5G=UX)weUS=zlMBSe)Zpp1p|1=J_%)J_Tb zdG+uv%k_2j4*yqQ?`jk1uIb?DY;PJ;kEm6PSb58h0*`cci#FZ*01(!vG0D zqDpb)qtyQ{6n2rCygrXlVw4i3&CpG?l3Kpty6>GrJI?dQ%WhYw#=*$6Kk4)BWG}fT_pnckC7W<-N#Cd**%3dUByI~X z*$Rc9AGHD=NCYkE@)4&d`SlM>s-8z}9pWhwN6GonN}6vHsC)K!juJhVq|hUqWvjxa z%EV=6HkD*XhszYN@{yH9=~#|4FtO*0-PXa+oF+~9*uS#3I9#QW^RVSlcdOxaYHEN< zK71p{Z?1KCn+KD)XA!cWJGe63Hx8b>oDL!}Q8^dOyWIz+A9#S~uuuMzPn108G#_!V zTu5qsh!(XQ;ADOV~rC%=isW|a23{fW`|YLcQ99`LaCFxl4kzFhl_vLPh;e&VS z7E2(&Xe!(NR$y0AGKonp@A^(q+)JIEqXJT5Gfi=nAN$Rvkm5vvVoNX6%FBaQZv>W% zdMWYyxsPuOW#ufZpepPC>)t=HNcpmCa^qntGD(jt4cSTed%Jc=GPAY@d8^RhBf`&A ziJ5tcQ~F(!P%tqfR=PJiHaz(8*sfW_hn|=3bJ$vj#?XK4$c)vj`3E@Wi1yEg3xmVh z7qR1&7wmrZV~oorB+)L{hVM??6!Lq1QT#%0p=ucf_i;qN-!+Xo)lQkpy%@Y29_4zJ zo@S!)7mTY0*SJg7 zrYD#p6%4NqF_I$iA^Yz#bbv7LGi=>@=$BQ>TtRCE)8ids9~&bQ73m#5T^}m3h3-cm zb?Jw`VK}1^6_jcJA`cZMs&%i1eQjNCN=3>-V)L{DIA2IFFK@zI0y5j1-`4)md!w#0 z$>z|C{Hz~Zjr*#m<2l8q7~_JDA%0P6u)*EFa9{m3mjW4fAa)N}kx{C+$4`@)t&0m93-RL7$8vH&!#-9#tlja|-ict! zm`f(D41*7|7I1z`UEJCGWE%XdLEr2*Wa?~+CsLuzKt=IiG+lUp?JC=4BDukCp|6$h zP7cYgwa+t19!q5FEJ=DY_Lj~>(yeND(3Xa-=%HcEZQUZ6(BQ|WoYQ&xZBz+-v2cv# z(F%Tm#8T={CnNMDlzm$Ij-=+~m@;Aolz$l-6+JvSU!+qJd>?U-^~w-V;A^o=SgA!U2eJigXpt1Yfc-*xjE4IoBxU2%8@;OY2O81q+B ztWp%-5Dcy?khd0qn8E~uqj|qrTc?DclyW7xr%jpuX0bKx9?R279inU6`p#&jjMKcB zUNKF*X>x^^e|oQi34+vFmxyw}bWEd0C3r%r4^6D6lNW3QZrt9)*ZZMA`0Uo1mKqll zLAh!Iks08iXHwNi4H-C^Pv6lS@;_mJ(D&TVKI@g9WG0pj1D`hJMXr1kX>O7#7icm( z*Da6S8tnOBr6I-HaVu5fE0#;W&q@G@(SQRCvgTD>Gt>z{N1Wcae@iQAK~R^v*34

    Z_xKrV}MOnal`9^weJxgK1@#FK`FfW;NN6oLbZ;LJ) zdu^l#-l6o-;fBKiO3)%+%mOk9Xi?l?JZ4S~mwW!=DM=H9L-l=~y zv!V-;@tv_mI;vMRiG@ZUt{M7i=ddNiOO4)x=9pq`lh?<|GRm9F2RA@(&BXUXDsrN0 z9z^(90&>;;QhbU!SumA)qy!~18?cNkFry1I6TL`p(Eh*{Vvd+Hu&*>rb73Ip+j zX<(5)&)OaNCZ!zxW8N6qjZUX0b6eRYnPk!{Ox#Ex0cBW_Q0e*Yibc>njBSGEeO36R5A2=Zuin;ZH z__=0zw_}N=*W$jj!p-#gwHL*>M$rutO(+!y!cEkuBh{Ez4v*a|w%gL3^xNrK;u`suhD=DWG*JmHDeFh%X>y%aFjVv+o3$C- zqQ7ya-qnpt4OzO)Rs^>^{k*h%M*Jq>ndP9CfRA}~(sp{!sKx$6QngEcilO>3mIVkE z_MQTfO|2B^*#a*wQJcYQuEAk=z;4u$L9+%$47#c7nI3jGF&XwEV#jYA{z|hF%jNXwE0XrBmwm?$tNFH9{m;+GO(#G;G=EUb`g?Q0 zmg$;O!bfyTgE7bE-401Vz#Y}rax-Gk+???LEPt!0<);7Vm>P;?LWWX=5Lf%#2kfuc z^idq@h?6;~AC*a;S-kST@!-r04F=a~oD8X;c0Ym{lyWG9jEz{3xQX>r{%8iVb}aJg zMjw-7IV@R+{HE8s?s0u+7<>R-ALr1lQ3v}8b8UetdhMCku2|+B6VE zzEjX5s^maKXpF^GYu-OQm6x^&OQS5(FUIWj=P;p4l@oE8(Ze>Dm@dfweDlG%?hev&tc*Km4@J_*%B z{EnsC6v_ZKT9$~e>M>${^wGDZ4A$R_py8MT6`SKn)7mQRA`@b;{NeP3dScSAy?&y4 zb+w*!K>TIJHP$Cj^S@tygQVQsrF$uKwZBxRypZ<2hl_E`^w}CkwGBOSz{9Vioj~(9 zl}cMa4lfYj5YbrU{{oqZZ-hz;YHT32(mG$xnEWLs&1PMFlx{+W;`^HT^6qhv1}7(X zp3a03wXWW7{ETl(&;8HBVTX9y{ryJXUOcWJ?xsnwF7W}6a2KF|HcFx!4s)%Uc%&)0GUN_MsZoCbddCbEy z$l=#gvD5yu!ex8Zp?H`Wg^Hzd<&`05HhZu=4ZH4UoUYL^(aGRx_8_FlT<4I*HCjn+ zEGdZua_Vw}T2q=oMD$N=IDv90hj+>z@ zlz3x_lll!*2cHK827IZ1HoS~ePjFwqqMG+UIk9j)j-=ES3uVt6Hq_q9YUGSdL*5ZK zQIXMD80*VUekNMOLel#a+5WI-;U}sy4<*8kEe&TL&Y~Dok$RzM4#RSCO+$kI;Z}9b zqdX`}p14x886UiDXXa+T>boWnp?3btjkkaLv6hPWqD=^kB>Ib1AAXgI5daF@qT;(A zIJpruo_IXPl$&fKg%(_wv8wf4tlks#WV+6DvY%fV4KoTb;z`+z1`6UHb~!CZ7)M>R4w9np}q44^5gL_EdI5skwRc$eTbV(E*Q^P68GNL{Pg|)j^`quw^u_~ zuk$bA*+d1LP}bhVmN0kw*XLd0C?PC<%}HyOcw?&F7~3zzo=1MU?p+3-}TLD z1p<$wAH6VGO*+b4zE%E0IUt+c_{t!Q_=^w&I5PXsJ-gakJ{p*1x_JDf)rpA#QpKhv;&gqkhI5sLsI6p9fr7vqS}Usd1?6+ibvLeP)I7n|yAMlK3=Qc+S$S}wF4pT&VYz=p&7r(^Nh-Gk71!+}6g7%IIMe|Feu z3ZDurljPOdA7wvF>4o|)llc!6SvP!hE;&9nPLw#)&u#h1fz(iT%Z-U4Gkngj4Cph`&)~SAU`yrm2Q;b_nzBe>t0@$WIvW^iEuv%6cjHa=gJy~Qu0ePFV^MEkK@!9Kd zc=~+`Ya80mEuQ7XOlu9u=87`vXwQz^WeA5#A=1`^4Q_YNh%^Y=!R(}}y?E;no89qN$*U3T3) zPn4^;;YkrV0>~dL;mBsocp|ExdR$q$KwS*4e4JPbuSltWAp3IXC&g0z97%KEw1Kon zEV55dX{dx7{^36dzs>AHqsf$K0YQrprO}EpN0+sbXnNpIbPS*PH}!zrN-D&^w3ej# z!tR-=oTW5P*wuax41wRiz-(VYB(EEeUbJbOeg5f~-|}`S$2Os^wGH?f@V;1J zbXqTnrCN=mbK}HB&|VdDhT@tTIs~x}IA{{xm55jAon-npSoQnBX>$QfjIlTw<}Ny} zd4=~A6=Dee^j&QBB=kPJQ%Q|XHMgeN0hg5P`4YmwhWhOse8}0ay+@(-p5TD2AF`fQ z8oohyzAw`Va(sb{;0dN`&ka4h&TC6^2aQ=i_T#+TqqWQfCcB z+@P#q7}gVhOMjF1%j}T!gUb0=yp@JHH%c9H>6q-|9x}?kb`T2QILOKSd4)5rBp^WMdR}mPKh~5w|h5<5pwaNNM_4nyE zianrTWk!#8_w=;oMYC)J*qtyp_#B396?k*w0=1=1~&6uyG`x+N_u zs~Uht$ZyZ@#UDIn@UeMiK_BW>Ut6)l{pB9E@;BHim;e>966i(AEQ|1*Xx^5B9zMTw ze_#LiilWFD_`l<0Aa;WQR-?q)mdS|c;2qufkGqt+%cU8H1-w+>5f6Q%3Xz*+*?#xZ zm;Mh1HwU{(Y56}hv!bAaTh@PZ?2HqIh7ixztVeTk&MLjq?$Hh*_$;JePC!k)HWVg@ z9Kb*D18RTaW3Ll?j5P-s2mt4V3Ii=m^SPu>_1sllAFm<;jIJB0J~r$?X+2lk&0Upz z#RI%H(5g3+fSzi11SE{Fti_FfKHINfX2uXi)N>`nzEc@Ki+1+$!%L|Gv?rjyQ2<)I zg$Sps&te^AE@ zg2;q)=C(14=m_SAYXEPrQL~(NhqD9MkC|z;nBmCRsS|aRgk2OP+!veM3na zQR6H{w*p=Sll|b5zXuCGrE1;hs}8bJ1C~|Tu_BexB)X5lGWlqBD6shpg*hd;I;zprLmqWXWh*cJev2(^u~Sy^iP_hH<0=s;@5A%MwqPI5F;WjE!0RsS~?dpEr~cKw4zA zT&oHE7yyC*pg-f+AQkp)N?K723Rjm{#H6H|?li_fCyT2yYMr*9Qdw%|l z{{XC+PJX)MgJ;%a^H8GgMDH{@}E>&R{G!+D7_?2@BGl;P}iUG#P8yB!*=6IYm`RyK~EAIlZCTqBQ*pI@u*DBfANvl3f9)wz`! zIuCd)?}|^eh@@mce82-rug+Ou+E2XbeG2@kVLF&X%`*j*1hu?brGLuwQRdn=bO!k; z{+2e{H|Vw7aE_l^jk4vo2K*Pw!=%F(w9d_kHOcJ16J_f2stpL$mZwp8$?IOSwU;XQ z@Z(UCHLWP0>g!p*02>%ZjJ*Lb zxotL15b7R(!K#Ts8RVC=iV z^GFeThmHr2oT3u=@LoBt4XF|q4PfGx{cO<1CV|cmwbyR~J#G$zZsN;A7ksGpXYXcF z`-Z7~nX!6L;ArrlL2(qTLvoOxqB3M0TkB!ma=^`}yO!G_t5IkUIHDb5a3Gki4zzwm zfi#8uu_}~#4A^0PIDv9AV$_r_w~9O-GTYZ41rGYx9{-}K4P0-(q-Vk!V({F*NsOs= z!4P(DtoWd-rGtZAGmN)qB`1n^XeR;doa9V8~#?7;}LCHqStRs?vI-`aKJVPY5Uya09B~`(aC41W>XFVt(3; zd_y4JFq2k%j7PW8Ok9Si!*g%^0a8CLp)5Pv=K;1=*q7#mguKrRzf)#2i6hfAZli9w z7;AkA&il3F39HQ>0nh5tupO$~V zu_1LxrMbVzz|qwEcG#dSt;B{-sk`gLysB`9Q?d{o%ErzBr2pB=Lp^=$^`IO)$q4>q zq+*yB36Ia*z&(@vmv_3X-|7g^p=r7Yv-`aJz4J_IZPlGL$~VxE6hl!9q9Gd{+py@w zS)HAomM0#EKTv@_QfHhxBDa}U41rQInwbu^|w9q@e2 zUHzr@aU)Yhin05c9w|9}rm0YP{f7$AvUSh2KTY@uyAVsvS&i%Jb%UUK#eJr%9bfBR zO71(e#Y&IdGzhJF8)y9MbZ~Fgt}4IoBmxPB&8#7`L-nUAD91wv+dfR?$2=FxF`n){>w|*tVBuc`#Aeia*bg;&44T#2s{J77G*ol zhYEywU0;9GGw|%W45i?JW2ftRdHA`CGk9;`umOco&AOZyPiwWE%TxWSOFJNqr`@VQ zE2`VdO+BZY@_wpabk*G_g~+DcnEXK{e7T2ne)iQ|g9wZQ%z?g%$5t;lM}Ut}*TeLE zM_MEd!C4q(nQFUVRW8s{uix87#_Kg8S@&uE?=Yev$IGzdWbFIJ#u)!;>&OYIDhDIu zYlHPASVm7W%ahInpPbb{6&$rLTahSB&3O>DOJ8{&>J)mt3i%|_?28+{pIo~^a2 zCMf!0|3N^GS-RVs0xI#pmk*yw8s0_N_n>{vIDKj0v!eUMY#RBG~ATpnRMiyA9 z-lg!Lu|PeDUG;k=8I%eRW$KToPr3pqqLKq_Ayt*$<_*KeQuUPnbEL%4F{t8xCnOM$ zbjyUTU}+DG;m4brTp>#%8^1~_K9wyP`6Vu6YmRf` zbX=%4<$ff(wn}=qpK)TGi4@;?!NlW|*UPP9YNe=0TN$0|LJvTP^Lu@g3V@ls>cl|e zM`^s_A4E8Zv6VJZ=?4J&BniOP3JBRwg)1<84S@I*VNg-Lut5vps`PEW@*qb*k(yOA zoscRvnFXHueFo~^n)fXu};QsyDdIwgFg@p3mz=Z{+cVO{9Q!{1+Rf5Ixd z*k>__wdUrQ5&+_T^fw2g^y*c@IBSDW8YpP~(z5H|k7?N=R{O?$GG8>C~Wd(hkL% z2pZbv5ega-!WyRfais;?e8!HG_@B-UBQAZfzWHFMilCVb8V{YtNgUJ;4hD@1*le4Y zpe`I9}f)A`Z@9haA=jT)k*GU;k5}eE=T?3$k+VayQQ1+1Nw5V^+Z&T91`0 z5@O*H%4*$3mFqLJQ!*(UGU^4mGSEc+OoU5MZR$*a(3(<|9-$-|qU(kYrIKeuYY3+^ zB^b6;Vx&)=u}weWOzrqN;5qfXxl-^|Mdvx+YXLjw7DRXnc)Rrol~nBr`0|toMZ^u& zdVtP0v1raNcIWHrkQu??8Tyl^{Bo_+7^$oZNt30uRGwRWd4oZg(bt&pP66xDxCdIt zqQB7KKqZe7ghTLg!vZFVu!2QbV>{o!#^X(VaS89AzkggLo-Inh<;+(k&UG`YaLo7I zMAJ${D>&JwS9)TFB+*BX{Iv2m*ob{WNKq)K^+UIM?e7q<5|Xq}+2J-^2w@9P9>3C# z7}b6@0>O|pkEg!IMF!8)~-eOwv4*#?#+0o0ykH6G&Fi_Lz z8%tXaXPSY&aC_872z$&0_hwLBobAqpLtpoJ67XHSnk*%cS(kUXO#855jY6!)>J)Ku z(LKpgQqaOLYtCy!bX10pyuecDkA+K^_t0rh(&x%c)O~;17Xa6w7<-JHJbqSYMZr7k z4+T2~RdkkJp^rQ0Gwkcfmd1J1$9ger~5U}DxpPM zkENa$>6P3Z7#I-Qs@r?lI37Z5i_sB1yXD5e9>`PPfF|ZkuYV;~wUi~nfYsiW?zxA3 z*q0y~j4pAD!A-3qOsPA9>nC*kTbIFvVz@Y<6`gFDF_k|&`~({RdiTxfXmNfHbPe@2 z{(i{)FmRT|j{DH?N9HOVxf{JYlpjW&C!D-YSR78)w02@qB7t8>hf~P&@HWXj4s&NX z)7o6@sA--iq&F37?IB#oNVV6-sTN(4_8wu&huT&`! z<6@OfL{ImkOST?$6+E=pYTUwGdbg=wg(G`wgncQb$*iL5VhnLab%ASZt8&~{0Z_vh#HBs4 zF934Ze|_DG_HQMU9XgrX_O_|mvPgPO$XX+66W|}@(cJpQCTE1X#%ll(IrBx=R_-h> zFVvbCLJJJF9M4C-jv3kZrAq7~4tQ#h-@0KaZmG9mSn(ofD>u2lZhhA^< z#%!fP7dkS`JmS~kVGw-KV$-&mo0?x)EJocPNfXic7CA7+COQ$wi)l|&Ec(5dO&H?i z<3B}=nNykz6&UhxsJX07(E%f>Mt!`M(1wE*SK95T@(S~Ql3vB`J+OtvrMD=!lzCL5X_|Td&&G8DmD#=voF?bd zqnZZX94o=ak@uh~VbYqFMdxe_(Q~BrFsBe+?l!3IA(K;w@$YWQkJB#n&WS#Y@7atU z<2+Bijxmd09 z25V#Fl);M^csdoZPkh$XAs5>52-{a0nJ<-)Wy@*Kn{XPT$3A%!X?hEGmmPIw1-Y@xr!%(fCjOQF?L7fcn9>%k? z%i~APR=>KMiSnh4f(}PZ09$+arU3%Q#7>6<438A18q=~z8HwPf_M6$PBVsR4xqTu@qTNDw6XrPx_GXMzZpo+s~?Uu)k5aM{60P5}*7 zh}cH?-wyzv^pC0X0bg^Y<{Yddu_Uknb8W#-FLYmEhK-&tqpc6V%IUGP<}5P)IPgZ9 zhnwme>K{T1*gE2?ba@SJmoLWF%UWJG=O)~3s=|`*3Pl}I zrgrqO!+pG3%A{Yx{V7 zara3b(Qek6Z~}`Y5!f3PflKd+2POuumDgI$^YFQ=U*lAyC7*KAdv4zVD^FPX()Hty z+aqINirqH!+`+DOS&KXbu*oIjud*8D=u0MTwy(vDa5I*8ug2FEdQDE_a#LAAMC)|< z++BN@z&rk_n{Re;FGQ7xY9tyc1fgJz$^NcSzT`(QR=qrvRWGS*&ij^cvRdw6>+Uz^ zBXoZhmvTpQ$R^Jm;c>gy|2Xuc9JZ#qPR4?%3LLr#V_h48UGI7OG~a;Y?ADqKL;J+R z(`dsFDlZc(pIgsYeqr=uVMW}p$k*(PbZ)lvn+k`IoGrP1C!+G z_VWp+;mH?gE9Mv~ra_X>U6YO}-?Fig|0OtNWb~wH+K|UH;S$!p!9nqZHRxWMO2@#r z-T5;%?y5u6(u+q&1lVQ+defYc#uO29qckDaz`RC3|5qLyuHg{eDJaw|#-Un4V?6qf+$VdCyM(0jlsx`HY$BKzIOVw~ zO3-}rhCYm|i{aqds6jo_n$w64*87O&_!EEed9K#hrbL*PI{L99Uc}nRbPMZXAPejA zlm&`8$|o#j&?=#xlZH^60Z@h0&t(pK00F9=yRcAgM_4LbQ+MP}B?RX;QfZ1>W6r_SNPuY%c`fzVmA(xoX;U8rA*d@c=#J*@!FD#gv)LL?|_PDz6LD*j4n z?#{~ks0iQCL0W~it{dtaZy#L+td?REq`{lHxLL_Uj#6B*42YEv%KvjOC+v{Rtq_^r z?#EV3l-SqfY}~LHcaVdYTMRh@(*ZkGhTWRoEo@w-*PlMfQlJ4$#RO2cMF3G{y(}R) zfej&&6jJg1*4YumGXRo*CkONRKbDKe#W&C0U(45=dw)O>!vI`C;rDNFj3Nc4hiVqY zEx5pf%fFohRwQ0nwc#U1>eYM3F1r0iqLC$$bSvjXdq5pcEY%vD`!8R*w`Vy37DZ6*5H-p8lUzLh8-i+_Rg+~iq;*^z=8{eNz z*c;!nK?Uk^6F^P8bbixJ=W<*+jh>(asc;XQpjXw^ZxbCAsq`jS1j@s#ifl&f8_wtO zsc&*Weyk=Two`G~eR%}7Zq$&XTfg~#fNW?7ME`JJ2?d~*`5=ZbouNH}V2s9mQm75< z66YK<5j$BBI=0-yXh$$Xx8^>DIH8w&c%}D;I8%J@Y-6%I1?`NRDsX}KIgt20K)m*9ba)z8Z(E=>hQLX?abQ>b3}W4`@R{1yUat1 ztZ=QTOYGaF9`?Y?wd*xX*a!9Q;F`7}_AkDT1v!%yV|0{f7C);09${R$I^@~NVmo-F z$*g{+`LB@au%7mRo6nNsz!lEad1v?jD{W+c32(4lwovll6V1Zu*twv)EgL2snP8`2 z=da%O({KVS&~2KhP15%@ZZjKrpHN`J4D5YMqW98t-&-)JA1U^hz_i=;d%N5F{C%D2 z5!83-#55$Q{-cF70RVag)APWYU%9C=02+#VbHL^|fvKP5z|tKlqh}RfAoVYB7j|)# zW;*2`Q{Ew|9KuoiG~!*n^}MDqQ-2igDRCx!rdGJs=D;JTbTzw-`m=|wf1%9(J2IkU zF5_wtp*J4BQQ%oOM&y+)CK{6#_3M>*Bw#b$b(xN5L}-J<9TC|)TN#X|&OWzvA^K4w zf>q@w-}j;>31((^GB`7y3$ztpril7{>iHPzc(XY-aUZVA52@u>0fJYSXKYE9Ce{c4w?UKddQG{KgIv&oOsJFeVDcINBvFo}t zi64qv`^9b2aB8dq>z*b@-L=(UPVtSgwJ-Z{5yP|CVt*(SHL(*+dlot|p@%uFTz1;5 zaa}Lz0IpQ{l0YP$uGFbd)LXFsaaZQY&is}f=t@y~J_&*IDXi%ls$b=1OdeaL&h+&e z(<{lhwsgVT?>@oUMV>DnF`nFXXo$?u50_~@e1Ob~-p7dqsQk-KPJ1@(Df$Wxs#P$bL)8 z<0osR?0ArM;7F!NypV(bp_pjOppFG>xZcGy?CWP(3{nc$W$D-84&W+8qNyklDR(nV zokDs}&gZl1Sf>-fibRITVGT`fRQln|%aI`c1b2G9>vyl$@7Fn_%?t`XD4|aj!Wk_* zLP(zduhfcq?;vpX_18&8FcNFISQ3v;2!I9GGk+$bTW!>&kp2il4dbL9jLFdD7E3MSv8_3THf0;K;Uc4e0@5FOS@ z|9jxofGq#VtS+5j?!@11b_8%L-pd-x$xKNz=Z08sK`Oy`|2h(buMiK?r41FeU*;b^ z@^}k>A#M#5UM|0pAwCc<+Oi3B&ypCtwft88=FH9pF*JWWnrcxMo(u=0*zZeV=2fF$ zDbP}W-~$Ym2XA^xb;>S`rlD#jV;OxX?uY(|Szjb)kk8LP9Q<+9a&c`OwpZToiXd`*suMiPZ zBp1U|LOE81nY9rF+?HX7SCBQ}8FhNS5m=(~Lbe!|918BrwG0Xj;=A2AttJ~FK-s<; zu(c&lGd*o5M2RR#+;o!XpRo7t4t;-ivK4NFu<`Yj(|-T|csk3lsMfX(iz0#u2ug#r zL2f`wx|Ob>Vd(B|1XNN|x5`Og_#V{vn;(1pvGrJMp0)12&x>@W z|B^y0S<7RtV~{zX88`! z7;(hk0Z3naZ$o>eQ3_gWJcr#1OZuL#B zSNZ2u<#2^kUdkU^1^zShG%L*%>!#T*ebe?}XJ_}Yx`x6!Ftx84nkB^vBvY%dB|>Tz zzzA3usfuYc8Md~L+}+MLST7=}cnZ-Tcw>G_x=&*g%sf^XT1dRi7GV;j9y&9xl0r^G?~MBSN4 z;jnZb^XFcgJ;aXd*G5uG_n$TPYF!1}^dF>mw=vU|={(0B7eIkon${ndtngL;VA>2= z5KVWr6NcHj)E)6{uYuCuE~lZp9J0!Tb`%2MU7q5t)XcVii+5J-jGCO^3+~KRyDBH7 z=lJi3j3IriHHCLJancK5>dK{zCYe#m{|0l)T4|Eiq^T ztnYE`w*@@;KG6O5C!G0a9REklF-3dhR(P?6Z56_TlKL8sj2b>vdGJtZkW?%gS+m!KhH^qLsW+E{60{QY;YDaU*}#Ot3;4Qz|4ij}s!1eqa$ zOOsP>zYOjF8KM6n0@%RL4-@Hz0SnWJESGgqfqR*F5TeY1tD>%(`VtC^`a=k+Y~(-`p)ri3)egBewoq0tP^t@YDKNL&Ioh+ z*W^9?7Me&@5l-o>hEe^W-VYg#M>hd6L>j1Vc$;={POGrL0#l88XDlqDi~3TUY+Q!4 zxvH}qhLU!iog$WC*(G%|xAf_=&tEasJ8-31Cg@2Eh(s--;sQ23OBLjYk=Fn1K~8kg zOT*(5Klkb!Gu`}_;I$6@x3R8>0UtNd(nN~Sqw39P$5MZ$IK&slGzpK0Otp~d=WVusj z9C&SA#dce`Ncc04!? z^DRUXQMDqrO-JH36=@HReMv#QlAok-A9Jo2F}dKI z%r7s>A+(%bqPtA{YN#q^P@jrZn1TA2HJ)uew~5@ zyZHa4)Lj1xzMTp|!nD-WkcDNw(D<9NG1w6bZz@XrOk%__gQSv*u!ngvIsDr&K~?rE z+Y+G?%}NTxmKKZAV$zhm7>53i_)d{eq(r+yt)ItF*i5*+q^iFkCDz)eqb=qb+x8jY z+%h7(E9!-Z#y)uJaChPwryj=qT+G5q7s8V?zPE_UM)6Mp>J`mjc8DT)VLo;bAH^qsM5ZBl2z_Oaib#+4A#iKo zCL2D24K?P)(zoj)9~#>_98het^TB%YG(BOGRUa7sdk9Z`Pb)w#aXzQ+Nk=QunDhI& zn^lm71_L8B{QiW_K3?|g_qAUqT{plxyna&gUjpjF!eqQ9$UxVz-d@3jhoG^v94Y+zcl?X4uw~ z6<{spK|K`zX7Mf=^3-M$Hi=#wCq?VOF3@~^6f|5I1YR%|E=m1dotMJGf8zj8tbe?e zUy!6NMvkKUeNtHFIn72*)Kg9Y-KXV>k&^jCJG@X_Cx%f355>xcEfeJXHrjw>1<-8?1JZFt`sJ&? z*4sUcF2rwk4nLn^W|X7Ds|TdRAKOl3yzk^Qd$4d)l!wz3eGK4Wy;)qR0)U;> zE8VYQS7b$brzZ;+wk37rO?*w=;xvqoY)MP6246xF;Bl{VzETxwjc2)R^QzYziM8mZ z%w7J|;#+_Bck$daGCmn6l7(-%)W8&HHS82Jaokhpduj!@6o%#>PaIEHkKk>6Z|qUs z?L)F);vuPD*4R0IDtA(DtHaa+Z|q?wjn?jzR@KHj>drfKjBJR7vkAp?a9JUCnF&fA zc*2UqX;JjzoSd8?1XS2&s`p*MqXj$4iyY}^)P!QmP2Rx($cpd!`nOj{%%*E3-fFh<>i1))X_6Zb(^R%+auKT z4`G(X-2($1d&@mTU=HzMb5d2khA6%yG(?x?Kd^=IZ}oC3SPjkwmWZQp#uJpW>y-^U zj$q6D(|XxWd5B_SG-L>f?^fHsaxjp_SZY}``i4H(P8Jjq_xn8lT;fZgv;;-bZp>=@ zuFojCN7G&b7*KZ8aB%5`C`8%2W0F0#?_O*#g6T+0r(WavI}?A0rEJFpEoe-;ItEUf z{@vQPZ<#WmEajUzwW;StOyXE-LjfEk&tkRqX+b;HL`-Jx-|>wGNs-#3IF6g(NFQ_) zAt9lmEtZ9uYn1IBPmI6FhllkMQUxy+?Byt%`p2IV{)DVxJGtRhTg$0y4G=th=d6<% zQ4sRlS8%duXeEWOnywQKe1;{Z>VrOpISs zeCr)bYiha||7$;s3fxufe50XR@5a(}w$3E5*GX5Z$(+PxO?1=uD>LqZF<3o=8HBr* zS1|SL0BmB1;U!=(tK(ugo-bU{($PWiZs@9fMA;j7ajdJS2nSGae(@)pMOVyD|a@kCLKte_Mmt|{LD8(QGP&Oivs3Ljv8%h zd@@s97g0c9=YPIX7A{in(F>-K5_)D_M&xl(3=?eT&Gwt24h@%01$As6PXWKB9qjQi zK8Y)n2c`Ig^Yw@{;oZ5F+k69Z#nlSmdl;Hu0r@Eks8LhFl#t7sQp5RneYv7QaG>KR z$w0n`e29>7Cg}6Zm3V_oFaq>%u5EAe(bd-vkC{He*2}lrt;K~`_LW?01-f}USrNn+ z3infR3XD7X{=qb=ed1i)HC38LUVlnCz+bLFNDqaRkAB+FS}~!aRghPU7bKT9ic^9; z^^L_W>VF-WYsJ;|LxO_B`or7T555hr&{e*H8D=D1L3XVIrx`uuIKFB1O)dWo*>x0D z>^?UJ+m6qC|MBTrt@rG%PuqTce(gR5@eO`Ut#Eo<=q7MaOASJ9D{q{O#C3~0UKl*i zEqbHsv~NB9az{R6A#%UEHd1!CkJ+`!;6EMj*_47t``YEQe+Qt@)z-!NYJrcIbnJt2~8tM)B?=iT^ZhqBNzZXMoHHjW~j~hVfhJ=W76t zZTo;jPH`KCQC5s;O@2)G4gOj2ow>DVp#^}T$rDuj#0g&&V!>CU3Qjl zBkgY3v~TUG2DxuknD!h)J1iA9Wy>29-fxZ5*uZ1 zO;yPXDd0;HqfRsmlrs&XfgeOK=L_%9R!t;MDVF|7j`tt1Yg7HOGh-v#BC zc#kGpcV}~mHH;Ghv$ORA4l6oms$_NBp8vmQ&(b_t9u)y`(vOW)tXvn9 z?*iZO&#mM93uQvc`d$se(m2r74){P+$<~49CTl5we)`I{yJ^6%iF>G4(z+7)vdB@e z3}STAv%Tfvz7Or}6@I=7S@gIQ+vJx^H@0{}?@URwZ2GxI4pFpXQgvTXyGofQy^LkS za2%=c8ya1JsUEIWk`3enp0lz_DfEY4*MR9W0aD&7!~(NeDVLY*o zR^QM|ZqTb74GOzFyb(q!Yw=5s@O=uiLJ2EyGV+x+E_lFqb{UTBeSCaAM$HOYuwZx_ z>ERdfY)enKrvrgIRC^OoWH4+a{E}^~%D;c3ek-u%QmaBpvh0NnCvGr9_7hQSel#p- zjgSN7Na*z~L^TO|<{Vy+*(L0>uC%uho}&8)KSqmqNXK*wS@Oc+4Xbj3Wgcwo>fI_+ z2120c)ktIfh-~v!S(jKVNDAe&Mzv)C5e$J@aMr%jpWZ<^kpIjKwcb=(?@s=H5JPu; zrBvn+G9e!3HSCqS$#bRJQ((8G6TS=Sf9ew(pIsFd&UHXIdb|9W32({I4z_ya{Ko^r zPJSoNpLyKU*Ue6E_y~-R2lJV##UFf@h40Wxy{-f*%ED$p)I4h$=?YjF4aXnrS0Pet z6`6O61KmbVB~P@O0eoL)RJCGoP$^$@87M8uf6#`juljQnp`HhJLW(FdEd&jLq>~dV zeg<+Ju&HYW{jV>p*B$APs*{@iF10;sy{4V97 zJv3ec{XT^JM(1Ha0zEMucN@(C^RpE1iof66-TqK@a=K%y4YjSd8ccj%Hd$)6!#Y`l z^1`8mErES&T8dYmdnVKFv%XFq2Sd`PgB4cG%P@&}6XmVyJnG6CUq{qT??gK&-$Mla zj8BeG_M<9Xk2b>Q0lwQwQ)6>r>PbE3L|7JFIUR+mqJi@o#d%a+&|u>aZQq9odzM1j z>TK@^7{+iMOh+%uqUT78)G-1rEg<1)1^K=qYZFxie`MK-3^!JLkRuKKX!i8P8hR7y zTh(Ok#_1kKt;`h}L&A0YIB14CVDBTvT3tG@Ez+>oCnT#v1hNwKyR<(Pci@;{zO#zP zB4?{9__|M6D;@_4RLBetoM-_&@Cuy|7ZZ-pQ#S65epm&l4W5P_N%y0G@@W++t1FFbk)N$-EF_8Zd|t_ z1L=+`mZ%w_{;{>VP`jURzjuV2<~L{ZDLWnX^NDN3x)&b4u=xL`Yx|@rBcB4K(-7LhekNw2& z3`F1z-VGRnX{D|)8UD(h5~B9#7W@dylUh>vLv%@aKlZ|l!TLjSD0&8>Q#D~Bsf$VU zJOhvy4+7W6hK7W8JDP_P{u0Sn^$LHCrj;1qb9oJUHlm54yVnlxlhs)3e9WQD4=8ik}iwrGkw z6+3()`TvXhA`g$AtRE4=B-_K}UFzJ#lex9}BwLkOC zb>1vdtvZr4Y_6Sn>PT!xCA$gK-Sz?yGKo?&E);R6OL`JtUxAUR%9)J!L?e$34A+9> zp8es@C%=$HvMEqJb z%{?*RnboZ0#Cy-cVAOM%ZKRbWn^|(AXl*a#B7#wzkGP~1zGg9s_G+g1fwaiklO2ODIXjN>;eij1g_^tUs564?-35mO+u%tuoV!ej$dcVy(;Heb{D zoYfG1C?Iecy#-c;Iv;KTVKNG_+)Ur2#HN)jH^JqaqH)r*s5 zYgCH_$&g;~TM!&tFB?1zn1Y>)Z}Q{EUIB|onLt?0>3?-$6`<#BbPW`+(8M7s4zciuF#J*$`rh5dNPBIhhE#UvSV&@-8TeI>II`_(OXvw3h{UeR)Clv z=a@ac8B4B!Rk`ndSRbQ&=mfV%4};Iv`av;p!g$)wV>?c4JF6pS)s%@@3s|Xqw&E{{ zK>73L!}h)Oh8T8=2U*Zkw{na1;#>h$p{>`&s>)lFhG?T2Lr#yWiA!|z7=7)Q(|p?` zH7jkgxhbZj2=ITnA!DVAjeDK^>aF~6Hn3}@_jcv`%}k!W%JQPHANMoOS>|n?mx$NH zUwa$?24~S_xVO|55;h!{KudiABzAk0s@HfD@Q*KB zA1VGIIk3YlgY*1!iF@#s?3fNIYmo;O+H367L41%BQz@Vc5%^?fO7`Z*E*b3|@ z|J3`^_>W9oZi{ska6^nep9j#)N|6`%j;Z%y?2fN5{A=d0WK9$PX@`Y0L>DxX145;0 z^R*J&Qt{<8v2TP_{*3KbYH;YsyYLrdz_N8Y@nBcqIVJawBD5OuYM#KY6?782EJ#xd zC-oH>YW4qx6DvWj{w`f|trlreRgF*hQPR{{8At1#OR54{q zhP>Wi3C*`pj(Z<+_HMk~eDSqS?09n&hN4y=(P9JLbAy{soAc$1%S+nf0c@EJD%YpkFtf`{f+s>PN5VTSRnit22_?!~D2c+Qab z=DEpV-_+ER#Bm1eOMG9bZ09H4)zCsdJE3 zMY$OB!>#_PC))l5C{!(Ls zxV&WSWPtjTqNd3A{1B$Z2vDw_YO74@Roua~;er%Pwl=1EYzqm#d=K$0yGjpK;^>3M zVxBaLynWCzuHTjQ4;M&m^e+x7rhwxZZSr;|L(VD{bPk2URLZ=MV13z8$t&oCvr3Cs z{ltL2YdJgfScDLOwBskQfhR z8|Xg8NO&P@B5B>!QLmsB$e2!g*PP`a% z^z%Q%V|QypPmagby54|Ze_QH`Gad9=8_c%CRi<3B*=^4930A;4@7P~!*}gV*{l~4r zXMet_#z#TUPRh`;_e0E&{uNqwUeR2KaNZ;QQ_2iPL3X+SyLbp({$?UN18zs@4rVqj zy`0UnCRm7n1Lo414>+B`kQX@*H>KlC05no;B8?$rT8IjN+s}WXU+i%9^;ykYKTdtA zmE5BSyNblm9)PJ5x)Tw!#TZPt8~R*fndh&Q#~=M)8GMwHBm8r(Q#qJn*c|6SY|&J_ zFz-zaC$T;E<4Rx(ePcVNsko!mGtsBv>y^JYo;X^6fD}@U7=3+Uy%>4yKC{^q0$Yrngj|HNKzm5y>U^!0I_im(M zfwntS$Bcqn84>CXM86)a7F$sPdK?JA2QP6itJp4$h=SOX!iP^ zWZYYo%EqUFALIXG7ObvZeGv={cGcLb!}75q10?%*J|vW@+$GcI zRF<%n_x+-G1j>5LYS^vOV82-M5L8D2G$B>)`^YGqMO>;d0WS%3;sMc>Msx^ppg5>v zROKGmY{x$@(x^_#xFuU@{%zFM@6`JpE@my#uj9?{Pl;e|jcT~s#~|cf{YhgI!qJ85Zx}4!uT=O z-44FX2XAY#U9ayQtR;gnuqMW1)6m`0vH6{xc%si9trVy5dso>v_(ti1*43hSDtAo2 zwKF;`iQDL$LJqh<6J|Xa0`KeoJ_-i}`Xo!%OW+ zJ@_$yG9qvDd~0>1NP|^1evOk+0>$aode%Q)q`M)pk1Z?nyCWlAvyM($y@8vz8EW3R zE>uZnwCN*Q6+xkqsi;PErA3)6$8tl-;CFQ0_}ZcJ5I~OerVaiM?H|UlQ?^wA6^Zbr z8lfNC9C?`WtzS7h@nG-jXevb{)YvAqX2_M6PrJQ6&QHUD(SaXqPzieYj5gPmxbHi7 z{ERdeGx`}+nZaT9nVgAX1WWQ6bptMBFbF8cYyg>xPvl>oe$Jv+ZR$msozN zWD}vONY&*@xY1Qc7V0yn6OO20S}NY<$Y)w=pMvLdyJD*q8`ei4EL*mbxB|7UG=>0z=x}q0{}WeFM6l+aYx>nz0#0|CNz1g1)J*LXHQDlMoOrw&1YhCk;cow zWaZMI0inHu@t*A~qiGTJ+S9;1z+(F71NTtm^8D+M75|~} z$KE_kf48t;^nf=PUfgd3EvqeOdCHXkQ3yW&rP;}*vIxW-AO>m9^E3AaV|C&zbW)L* z{Zs$HSlD{4aAx(Sl8S_4RBN{DhDS7P;9Is!{9=NLB|e|;daf-yR(}`MFkZ=t@lLKj z`4JuM@!V;c)%Zykh38#Gjp`?lqYOrmaQ2lR?sVO%$BL-!&Sy+f6|Y$_N(WVoCF{SB z_3MAHZ!yq@o1be5syW?cg$Nz+s@o$G6S}`7;`6N$4{iVQjWj${`&T!5NNnF&^Um0{ zrQL7eTHlf>hhIK4Ufn1(UD9MJz`}jdn!b84^elv|m3cI#uugYEQ*D5b3_7aaHDT1< zU4XL;&nD;*$HG*xo$dJjAN~-)+AQNV9Qw4u#+q7lM&UV+9=?*Q@|E-=*n7qTd87up zSu9w#{8L%6QemwJGGBoF_xHE{=XokXmk^(XBqUBYz#pj^p9C>AYt+I$%_Qjo6g=g| z+RsoHx-PA$%Cd~jhnGfEc1=nDwFg?XU5VACVLi6;4eg zfBgE{N44IYz3!t8(x9OqepbfDpD7mmx5C|?NrsV1;Iw{atwl*q_yDB@J=Ia|#6Rre zSe70LYDsE_gb`?Ht?2K%&PbRrPHL6ZuH_Zlb{~20<};6=QwexBeI_e~RYmPOxLWrd zn9LTr2>g-G_#u3yOAjg-GXzL(Y-s)KAMwN+z=&g8{O#xdEw#?NjcJ)1f_-9-ru|bA zFE4L+etDp?>GDdq(2!di?Ba!`JiBRgM1Pr=i~Rnb9}(;O>F|6-@Rn_CFs|~uFtzIj zpOzc;vad|_CH|nWRU1N(RUh!;jhx|ulk2=*GCPMrOzh{&VPmm~yF-e-po&=pdyfJ2 z&ZUB2jZPvtZi!2{(1O4t<2W4wWDkfvE9 z;+*l!8Vu`1`c9pVp1~eW;pO*q3b|gF>zO|MyMp`G?wsiiCbtpPH{bLvFmU(Va?tJ( zgl;s0!3sU@o|~-}D8$@OvjsV!DfXxhmv(k1nA{+o9F0qUCP&L1?fLk zPvC9YxcZNUwUy8Bf;ZBeTTp{7fhI?-rvi)>FUHLifpIY$5UdjfIW;kX_%Zd>V;g&F z+7*uu?~g_C{glB$yYiZR0+^^3*-oa_(K2}mzYejo*C*k<}I`n=>Sb6Km`+?L2 zAz8GYGaSs`oq2;qYYW%?zC5;5dATgMamZP`hNZ~F#Om18FVCLcy0wIxot^EpIl<27 zx%WjvQnEHV70skDYbP`Qeq4n!GOK85?l|go4Sf0ORZI zk5bi>eP~z93NjYgb8ji;_FeTJ$?;~IyEZy`YwQX#A8pK;R;}yPwuhBz$EILVm&DKY z(k2tT5v1-F@5~aZi>1WBoNPAv^_TEKzcHFdWd&WZT`;%ZelCI$K;xt&kA*$Bnf$_< zx&=F5HrooBvRpn_HsBFY+g^0grGAd{3t)HKMLbHnBtF*3{!YSAZt%b3L1ng9<8oC# zy07(itKMajTVFv}koJ3XCFM)YqQ|!OOt-)%S{C012Yge@n$8-~;Q3!0PWzXSmSJZZ zBp-AY3(uGjo~FL>|0++Nb3G_%A41XSo&rA+#jwYV>ZqihAe+>2^SfLcpQC6msx)r6 z|8_jekF0`>D>~~{6}|te!pbw{eaJppcp5+-^&q!|IB@uFQ8voRH=Akj?M0UnqGOHd zu@bx*sC$>g74CX(*s8Q}&-FLn7sCj>6@k3VOWpM1ujdVcj?_$dPgXJiTyWnnbF)8x zkVMLEKGo?(j>)>{8i?4%K8n;k!smN_&pc&6@hF``K-OcOD|+tA??K*fb(K!V_Ug3r z+clQS({ZY3K9V43!gi)>tms`vv*{#eoXWAcKNjk%WeO)pa@RWXRSJChv7DabAR|*Z z8-6V`rqy&c;<>Lgy-zzIJ!f4n7H3a)@l7i{`Iecx_JxMvM?rv|CN76-MB35ndAF5s zZYMUML$g=tlNm*^`Uf#1`y3}#@ffgsCRtTE9dB=8hb(i+sV_LA-`qy0F1pU0n{P1` z!>fB2^Us|6eRR6z%O}fv`diZXKbRP;Ahct7=&nwh`pl?$)u-MV`rrLz;xQ=hhOIq8 zTUNU#%Xmx8CWNY425Apgj>3l3w*yV=G@6IzUJHP1se)B(%Lqtm8&oA$Qbz`{==x_ZtQ~!oAiq!X_X@c!0 zUv~AA9!B$(pBwva*@W(?&Jip^$iO8-^UN6Ji|Zd#l3I{Ds6K->|5ABbL`9X{emx1# z)rP*{F06+y-L@W=UHa`upk0_p?jdN=AkmLvWp66i=eK3wZ}0gf%F{C>Lz&)TP960k zAZc`}Wfe1-jodf#=EuJ^N!c=X^IhKQ!x#TvI5d6ob1>e4Gf{alA>Xq{74)WIw>rP1 zVrU&Y|L`o*sLHjWj=QZ8bY^aQ)Rgt?-0XrXuflLp%qAqWIV%=^q{ZD=5ZoKLbtisI zc8QJeMAj-oqszEKCTPp)ES=e>@n=pPv^?MZQ?Z|q31hQ)wOb`sOwjF#5s^EH{K)81 zZ+@8qv&OMoHalIG*p2S*B+y-=s|Z81;FLa*(X}TOXn(Gh=-(Af^wzKwSoZLJ_X@2! zThS$OXw);}nKa@i;OiLBT2OgmrmKEQ;d-Yllg9t;K*p+g8hDMA67I&iBxcE-cwTLu zFrf```X5>&S2n8#oIDH|hndgsGBOYfUWf}f;F>hZ2(~lf`G3@i33?^ds;$#?TQt4G zTz!Lg6t^X9V~A$Z50ro)@_a@XWok z(O19=L$MBNkzB+W=3PCWK)XV%$Z960XdO>j{E)nF(n|HF`jRn5%Sp&Y-)%OlUu$3W z*D2KF`J-|vyTpRz$=|0h<2ai0)O!=aC0{&B3j6vJN}E4rgyilc-ETMF+P}33fwAj* z?tb^kO@8ye{J=4TujNpy2(~ovCZI+2oNwoa?W8?SCVO(R+_imwn$co7u4LjEPsyK8{dqoiXBK8=t07@q6KA57ZiD`{hwoV9J?lpU2@E?CR8wc{FigO zyIW)1kk;?k0vn;XQ99~`1@{v2b&@jK@S$}0#ek9PsvDP$&?s#6h*uhm)F88fC%=hN zpL`j@c{k?x)j$+-Q+Vskn%M1>*|2`#7w*uiekBf=GCEZ{R zjniipX{??YQg~cg#w)RJB_%JOm2-qV50~igYC@wP`VMaG)~UEJMmYJFO96! zg;~j7D+Nbjed+Grr{Sirh}46;I52r?j=eSXLiIMp$S*lvvL%RgKzK5xy5|=fUHPg| z>Xf3wgOr`|h`HYt%mZ$zcgGZ*p=_otwS6A(G7%bYOh!EjIk(Mj!$+)9+@V!%Y2yB9 z)VF42)kofL(8SKF<9{W?iCLgSP0Gy8JHLyFQ5BNDdE(!uQ4eSZv)tHpk-9dUQ~>Sm zc)j%FaFV-}R-9{{RkA~XUUanllqwIH=|>voBO;Ra{kxccdo(Y82yH|L3q3XRJAFfI zu7LfvH?sec~zq`RBBh_q^^$tH0`@0E;19z`k!L4!lx@CC_q5=Fs$e43Cp4+ECVtE0FrD{tyY&C!v0SUe)t1A{3m~caQku zUJArPcwzs^C%%rCTpas8efN`3lQ7YfPp6YGYK);Q$xdZusC679XwUQaD9a<1qLSF1NO+UfKKb*cz;F4kxoC}Yr~ zF|y6P)~N?Y@6@jzBdl0^WZ2HnCHkDlUoNa<1^0O7ZI~r-Loy`6?B41s< z-aqL0FO%*hK}Y!CDFzyBs7=%w2LrljQQie08pGXJG{mH-Kxi_LzCt4>?J>I6vkof69n2bB z-sH38j0ay=G5I9lnk(MBISAoSYs94$zyj>SYa5v+3ZC|Fq@*=@Xsq#0W*8l7^M9j-WV8+lCt7B~59M!8 zPFYpj{PMJE9p8so7dcIuX&fx5v-yIZEwie^GNu&8(w+I+$3`M|8Rfx!votP3BFqf8 z7t-R;_=Moqi(P#L-1g_50^1yM=NU^9xhVu*Yyo2*d?_7_27OS`cVUO|M%W#1qT%0~ zZ}ShP4B$I`+Q0f|K%O+4A;;=71ig_B+!v70h=@u!mfm=6MZ?L0tV)3r4Jy`cetw=~ zwS#K8`fhXA9XtW*kK{aMg1cZj`I+*8| z^^fj}H>cj#Y2*6jwlHTj2J?qzPWjJRW}WQ)t9W|>?m{o4vxqTX&-;-^pT1ORH^c55 zWX>iN@v+Cnd&1pMN4|+Xb@CEvelT#9B4{!Il^0R*31!JXh|r19u{v zi=$hDFuFq@J^P}PE90by&>t>eURJ5JP{zW>jyv2K>pI#(Ezg{9^CJwb_1fP`pZ8o{ zo-gM_b;ts`m5pKpdyaGuXvc8S*O1@bWEXgcKb00D11mTFWi0_l^{u_Zxy*92T-&Etx2@FWv>PwO<_?f%5jZYeTsu(3&Fk4=6CY^GfHIV2Zk@ZISkwf}N ze2XpF^-Nh(#BliTx(~guzAbP-7%~#b0j1fmlkI3K^y1CT(OxN}JUr&7ih}+=F&do2 zcuOZIq6QdEdwgR3geRf5Z|?Xj)!vkK^NIBk?IR1{`S--#sX(usrFxo?kV*X$0fS7E zHI9$pNsKh64+i+ZZ@0UJ{xk`HomnUxx-)yYi-!}Q;P73MsWUu+RQagHyB@I80FMtD+CZ&*e%28;>G#dSIh5dWv2PSswtzv$gip4{Oq@o?SCocx?` zb;~2Pj76*6Q=dMXrz&kV5sE}PsTVSe(&fwU5|d55Di@>1(B9`0!%b}eXJ)H^TbEV^ zo0T`s1sWj}UV(*>nDGyIiIJ33vK4vqUr;!D%RzWEiD0gfKR793Os`&-t$Jqor%9DM zp3vZUFJfy7K?<)b(Snao^Eoetjltzok6!eBg}bI#ZaMl0@=vY}OB_C`)_IEvob*x0mdp=}s38#G)l>1^rhDeJjCY2NGQHTEVEemoCmfPD96 zyp4O0)&;!kn~rDMdJFZ!@n;Dlo@{l{Imwg~b^N>JTh#32Fu zS3ERFUd4R|W@3!OJoTltQ{*R-MZ!gh!D|lvzH=p7r>XNVRdn<&N={L2y>ku1p24ea zl_4{+qb*}4K9_m2h401bo8fd7YX~}Y?JTZLx+RRl|HU4}%@{g~Od9>V)`R=Kq@45| zd(%`rnS$QxfE)a*w%%MZnR|<$&uJ;da<<+b5pjKD>}mCzn$PE?)Urn=CHwqv{6kM? z^-L^4<)m;o`W?m_a(EvxSIj&i^AR+>@bJ9Y?U0LhadD}fbo*J-K}AjtMsrG?pH{m3 zQu#GfpD35YJ7j|xMuF8_m7{IvjhkOEnk**BNoGZmzG&#-i|Lt!0nvfr%~VN;ly{~Q z)Jo_0DwV-3`Qq&+SPY%7$NCcroc(A_>m~Y@PMHGKws_D#c?KNH5>MV;j1Ssn{Eyyi z=3`o%_;JS%cCC{QET1wSox(AVu&t{}Pa)bK*Aq|U8)dmY9K6JIhgsh7kenlc#U znKZbQ^M%tn+L&{!MqwP*M^SrQ?juXUg>qM4uPyGH`Pq(Np+yOrt^1x$Tc05|rnQJJ zt0pQfp;nf2$Gd|{t6p`?r{0ATng6vEM`5TaW^%KLez4N(c#)~V?yG^cq??^Y`3M{5 zslnCd6IgVtRwDqyie^?W-72uhHS_X6You0(X^%!{BGi{9o>9+e^(NEiP=$15q6zEa z3ZpG^$jM9YKc`}rZjR?nS~t^$PYTaDxED) zr65mAP9{Mt{HK5S_Ri|hErR+kBImS2f>T){Q!p?iZ)A% z3y=5;P7Y~%LtUxvy(%ivgpCJ7B7sjYnRCtVS(GvjT=G$A{Ye3+CH-)a>V%AH(L=`V zot-iEsRqVX-p6*HHeYi%HkY#r$jGdwKA8p2RQ{q;ZCZyFeX$t&oVTf*E#`^Es?s`r zHAutrA79Z+%W2K-Pql+%x>Z)=+~d+wPvT2|JE$Jbd|*P9ZA@TFponz1U;EfadmpFX7+iI>MDk}O^_0WAJugBZCLna6VNB+E6 zt72&@#=h+?VQ_G8YVp{5yy5pRS|d-f@@5*nk|O}ubBN$kT$M1dMuC!HSK`jJy=Y_g zd~A1opR1Kc>EY$^as2vdQBMq=bng)qRRWLj*q5KIw$Dt*26x$c8+bZ{D~}Yri{1Ol zkv3|p`JhsF98&IG8u+@|&rm|Dyk4jDZ^Av4Jd6(unfNTOBp!EzUe z&|8!2Q@pEh6|OWHw#h&5=~%Ryg+{CO9gvx`VtF=X$PA{Vi1>@FSyUmdDf7 zFb9fp=>n5wceFa2ucuTRl9EXHe9u0?86Y5%`!%_5cWOAsOv+_dsRmQ)GUGi21 z6L+!}{M&DP#}vX?3?D3oev)}~>(=$b8wpXh0rPey zDiXv6!>&g>LLK)fmDYu+a+6%V4C&?FFgevxoVpqLLDvS1*jdj3v%uo>D(r}Xdn)1J zsV+JApC5^y70MLyJ*(_Z;gbFK{kyHK*fYh9%3Kd(eUI!PFbL`s@#SeSsPrc}X@dpl z-UOeKtAc{(Iz1jYR#KKxgL@gcmlw~(#N{WAudgo4Z6-N%WHT_*p_6$Z0XMGWhil{a zZ{Pl=W(1>WGG(C18Ip-1R4oO5k8k(^k9g-O>cs?YNcmoSRiMm{-xhAGJm(CQpNfiJ z=-MVWhqB4hQ2!QKTA`-H5qQ%>b-I6;n(>Xjn-au+6_0y}TGW3tfI4aJ^To2TnWerIo_8qXsscz5uZNx`{MZ@La?x~*e_>X((@Hl z&B`^rks3ioJT}t?-3+n`FMDpn=yJ6xHx(D;Rm&%4NEf?Sky%u9)~%jbWIr-{m-zZl zO{z!VHqY6R9%PA{Bp*v+JnBt-PEGG0MWgaE?)JFuSr1z6PB`vp$Qu`2twVKSf~munHFdzFi}>In%NP}y(j_E;uggp9rMYv}fz1Zg|pfZ|oBOUeQ< zrW4;K!Or$qZ~J7T)2U;wOqx$l8Nz|i-%rL10z8@HyCai}ednCtr3FK~Zrs+}A3e@v zk7`rfURE3epbo9`YHu0K8;~f-Wq2O({hBDt0ZC6sWm{`&X9tx(J(d4KOyT+7@L;wR zSf-pzNqR6L4)uDoG7yFLZH#)Gedl954DwT029R2zdrOa^WI;GrSR~}T9S`D|r#D&H zJ*qY9DWNluhL_f3y`Q*vFC6pzFV9>Z_q}Ad-RgwsW_-Sz94Qn7y%2)OYD#(X=L%#m zEuQB{MJ0gDg}w&S8W+@T zqn}WHTg8cabo_tpy=Od|Z680ZrFv;E)mF!a79FVFnzgITrbVf(wRcI;*y`$3GgfT1 zYp);CtCKL6Lxt0!;tqblin9_MlVe&6+zZ|N|Ki2#Sm zH-`+5mkmo^Xf3rjtzuDDtTHScEkkh6$d=5|lh?ePN{EJ>A?v79Zo%oQUkE6z>7me* z30j-Rj~s&SsMhB%pPG8t_M;vkgw~Tc>9o8lcsh8_&O1ID}Rg`rcKyjodz$6)O3iHTohwZ7QBUgSLI{0V} zMMm~PxuL_*3Gt|`Q3!9Da&_#v{a0?V`;K5FHQ1xS@nShvCD9HI+b@vUed~hiW9YO``5?6f=8$X#ZKDEGWDJZuKsAB??TyV-k{->sy8zHA>lQOtBPT*i+Y@KsMxX1+;@HsvyAB2BR=>r9Y;;%`1tO{ zfn8JG;4Yy8GXcTg3x^LIWgN}8WNQ$*b`;vD7^26HyPmg}aobT#f41u>2a=sPR`v@< zefQ}o2rX+>MY$#Zm3A{IwpH|EMM`S8>*}le-3U(g@qegF{Y=vbZHcEpJ#Rg+5fGJ6 z#8`SDhUCn;;2zwJKNXp=r*8Lxdetf6j#<~`y(3;vcswjF7m#aC#+fnVVrP_JEqJ~; zw)&Bo^(L6yh&XjDg!hzEqRoc+_|L^E9jCxXyFBLEL|#Q=L!@ZEjP>DWC*FRP6`xo4 zB7=f&y#L-?^3D~H65W%AV}XIwQLv;nq2t#q>r?4hdxqIU*Jlifsa+mD!;3pFxXG4S zteg5YoYuSeSBp`o3S9(!ap; zYik!3;F&KGF)zPS3c4<#IC1e8N6scpwM4e@1n*sdcEQC7jMWF@GBFPfxzw=uVc+-> z=;Dbk@I(jbM&w+Ht9Y)%SwYV6(Fk)%(=61+?H77Py?XWoNJPd#9;Y4jRe zlBIo?Qz2d_7CNb5S}K_T_Irjh##~9prvq*7AN(p}U>$vMJ%+q_w1)}hVu{g)2A zR7KzGm3UH)>qpY|S8~7#-8?qghBJ6{5!U3;DH+8PdAgE?h8DQ@FM1pTUFwR*FBG?K zSea>kcsh@j*sa0m-U&a0Is~oO-(EM2E)9*a>82|RRylOVf}*hPB`b+fLPCF?*dq>{ zRdL|a)u`q2fFQ1+`d_TtZ~uCW@gIWiw{I~_-m>(ENd5nLt={}a-2Tt^wr>3Y-`k2N z7Jo^o8UW*6Tv-@G$o<78l4iel(f?j5-l;9oUzEpiM^az5-TJh~dSA=bc5K*L`pF+* zY#Z?;dEbPyRskBIk+k*K&lCS5>ppsA1*2k=Aa2J0>C-0(zfON_`J-D3YB=?k9f!k` z_5tE$e{%7Qvz`}{9e;*!(-{Y~-^^MIx8%(I?rqEWw^?RxtwV%i4VzcNqv)fo&LnFw9L{P`ME{(a*Ij0+&S&Zwa z2RWA)n>5LP3NXbH79_R~UH(5G=SJoQ=!$&2kACV@IFT8O1RbVB<)3914Ms1UK+FNR zqWUo&WmjTnJqST}t2ExvJka%D2=t@87?VIz-I&nrWAyq<8?BwMApN($1|&D@?<8X;e@rS;~91 z=&_lF;MlQ0F7KpnEy+%_equa4-QBPpo0-W=xKs&zaD`@N>Dv22F9T>}QsmJc%0S`z zFwsi=#gWstKfkh6dQRO{s8!Fp`C>Y~VddIzxdVOm*7HsXc=-3V#ST5%yk8tqmT3~2 zcg4j;rTU!#?q=7U`RSy2&TE$2$5>fwnr?h=O#!2X_^o*xhEZ-QV7Nfj=x9@eVPWj5 z79%T{bSzk524eNou}s8g0LsgqxW(21_yX-s7tm%K#e;gYy%Q;E3oPiU)BnCT__`0| zJ%Eu-Qf17D3u05YmO!M7vsU8l<|XJFReu^6nd*Rj=`Pqm9wx(gs1s+C*B=;Lq)lrv z;>}?ZOotB>Om99&B@O~sqAhrTDG_*C2tu)-z;l|&3IokvYmW-u*6g?4Y*ifMfN#9y zklGSNL~N8QtVDOE$P#eX{e<*`d;tUO}p z6{-{MbyAW@Y|789BDv)r6V-)eWQ@Ri7wq|y|96BhD&U>(ttSkYM|L!7=KW zR~XJ(tLosjpO{W%t;nDglTFm`>a|?xWJ2{nPcgw3OQ}&&Ql#k<2MN{a##}}EfHllD zwknY3Ge0up2jAN!PJf#O`XT{Cc##UEe3d5Pou}VRfrRMPfCH@Ul(#Wz)Ln9Tz zt)R47OPza!@}Mj{@DZDM3ZDSuLXp%@hj-e4e0k-jcXQ`DuH_wZt%TSGo??APV{DZu zw_mDMNPY0WTIV$^!7rWb<{n-48%&`h4s~s9JCh1)SyBQ6Qut|#!~i+?&%Z^?(Avos zK1c}0K;`KgK8;KD;hq4eqVxgWxR7B1FPNVaJ0qMxTT1->09%FD8AI#U8W(&*lrp!+ z!GqGm-hKy5DKdU$7B9uL66f_?@WnCF(Z|8PERDNz|1%1mAZ8&%-JHKvWl!f#G}kwA z2Wo-($>&FHcUyS0CYq@!1im~DGb^sW4;xMUK_+!iLJi9-FD?7@=LHHh_^zN}=uljh zLyrt~jXI%~6GUhBvLJS!Jbzx)BkG)Bl!^@RFmIp1iF{k&gO>Q&C7WYjAD-(*@Hu(< zv>k3K0&kTF!dn&c)hm8}%Lxi&=5M_}|IZ5g)zgD{d9Y5@Wmxe(ZAHalY(D{{y=c}r z54w`-U%YzN0h<5BvgTd=1zeE;u-L{!;J`6RNAy00s-N zlDDR}iRseh1-B6k{}Pb5r2(dHTrjD#4oxGE9y#-;1g++7L~^W3a1i@ftDa$HH(`qp z)ze)m>m4wq;EkjO^f@`NueJwpls(7WWv6tulPfSQ{gJyp@_re&jLqS> za(c7-@+yEOYVcW!W#y7pXC%T4?`7RYNqd96Mc_oYP2=Nlni|hbq`APt(CLEb5CJsy z-`Czh>+&9v{mFUtP#ou}6INAnumu-H(eIejMra2l$X zobrav+nWk-muYo5pT#8Y)aw^iC*O;a>C~2F*D8w!pZMXb;CBsUwG%pswhZlSpK7@~ z5=0R(9&|l$G73+~(N`kQ3zs!*qLIF!rB2fB1Kh`g@g0MHqdyW>Y)zGRRWAVj4uxh(iWRG_#V=Vkb}csK3da{JSpHQZo2W>nja z(amHOzoS%*^426H`{h!?2g2^WLq-Q-rBPV*(9!m}`z!4TJw>te@=vvU_jiwqClPd0 zltne}n)fsh{Mm@kp!mpRmiu{#o$-Jjl0arjle~Z0^~q5(nC%k(x_G3dDy*LBBx&tW3hED{9`l&`5y`RytZN=ey7 zHBjzMlY3NThpUt%{OIw_DB}{-2Ph8$fBwabu0<}ux9$awSoVOT(7|!y-zbmKy8F(! z4}3Fj))VBEOz9*uIJiHQt8OCy3`EV-Qz=6Ywa`p-Nd|Ak$r;C-*rw)zDPPP$HP zyM{C000)O=f&vMb-_takIxv+(Ea1-9K&V`^a_@ybn`w{VG-}gw;-ajT5${bjvwcmw z1>(SB?ja#&}dtWKiD}F(X)lxNp~$Lcsm~0blUw zImUNo*v9O?%aMU$mFJ&BR7>w;4TiBKc(}4n*0-jjkex;Q{w_IS zw;Su8XMWI~dhH97y7QBte2M0d{Zr2x!^!R7Bo|F9ZRobO7zYZNr4uHYpr+0z?!Gz% z)cQdGtsKL7EK2RNUb-Sb4F*aI9gD=0(1Ejw;^I*%Yqy`nrFlUiO3Hmugj;Xn!K5r! zzd0>psLt)b>nUj2Sm$;^&P2$POTB(vrb%kmNK&%Qv_`1S4@?1Vw+cUlk=s*p$0&(yJ)}l4_gZ=nK9~(^Pb}kA^54|%EknLa0Vm1gNWG*g?om&(AwYo! z79G+ivH?}bziJrO0W>hllL2E;O+=eH+fP;B-_y@gKS7w{er4ufKgi_laL6KYC0{R* z;J0y=N;;oZLR9N%Sc$m_R`};bm~ZC^oe%f1-GPIp1}%&EjG%Zhx~962ytFgoQWh^< zT6c4AxLV_LlSBcJ;*%R7l*c9#I`DN;98$zQ1~tJflGI5>xUA*%I9*(0F6h}>ZsJMB(k3VCXDzyEv5O8se96cyO~5$zW$?oq zTDDy~K!I(yJX+7+5r}!kEkVqAm0lFVDIFWico+$TZx)-(R>Y^m+@?y?8alnh6GYiv zQUmg`#4Hsbecz9pgKrNzWVAn@2$H19)VosA=7HnAEfT*iqW|n_ zr#MAQOsu7?m(360_l{K?aei!gME8?)8?SC-l61yR+|O1MU@;niCjticpns8Jp|jbP zQ}27`3;quFgKqsF9lMx{R9~iB_fId5*Jv4)S@MBnEFoM>$OZgdf}@4F#oni|!>%rk z{1IGQNQtu}ri~y9D=CvSm6ZjZqGtVNx8I!fvP+Sf{mWhB={q)VMMqTDo$v(yFYcy} zy$*%?xvpKg!?D6f1&-~;R)ICA$VV<4gKkT|M)UMACKxkJ<@ThlzZL%Ze3-p|Dl2sK z#E&19o?n;=Lj3)!AX`&AqYUgxrnTb2b7;pi4y;1d(}u;ghhe?7D?^W-dp)o(#&Ex4 zrf?H)Q;*1wNmdO@g+XnWZd~f$l97T(B{6O#c#K8KB?@EAhTQk?F@yRdVg!q zW9_t8pE;*`rqiTgptK3R3?)Hq*DzSojOXQ@6ZW4F*M14-|GB{-m|s#?i3nyUm(^;4 zNxyIFGbjN|UMACDX!dDgud&_t}PAareCPfS7=^e>7?~W%!=`)fKKX_L}`}=vNFG3y6y9@ zo>UFat0viZbuvQVCBqdw#^b{D`)@Lumo@&>WKTs~|9H-HU{u&hMD|m`lEPDUnGh+t zc=5tT$!Dm57wfa~b?W8yn|TDYf_njXt=W2-i!DpgET?oMxf6G{$sGrXTMOF-ErC7h zWBmOdUL4U6ybfe@Xi!~RQODmzMkWAsoDS1(e$dpao|Lj_qTrM@qp zDq#SDlw;YnlefQtl;r9En#=XihBNcJ z_$*Gf+?oO014`P`x%NIIngaJ(&(T=FG0|LU{ple4A8BX&I`z`z?Ocd?J&aK*n@Is{ z+eEJwkO9(vEB%^PqURVPlJG!uuv6KgDj33Qv6WFhZ z;>M+-^%*%qo6YBhD@F!@MxyfZw<81+cG8~J3v_?gZ89lX!^=Zm7r8i2^MT(RbMemG z?{*0~Zv@oMs!r2POR0wC*4P`fjoX#Wc9wh&!A_{3gGEM2SKI>VNGgGjr4U47RSxGE z#Kw?Th7)r;;$-k`V5|R|rE+lbD`&um1J%g~8lP1>o~_$P2-H0Y`y?Gbj)zYo+rg0m zPa|KK#ACc>gdl`u+X3*}Y)2(Ywa?b9^f5t!g_EPfpk>azOIZN-1%E57{MH`bctMVy z{?V~VCfA;>sJfXxY3~8}d+lqlE#cfPIw>;o^4<&Sl1EX@J9#rl4-%_H{mfXSRq(K| z(kS~Pl_!%b8ORcYhKQY1NWnA%b?u^NG98(rdhOn6^6j8_C2To5E&;=V(!x;yPw2trwN+OGXPn1` zrR>%E$9H6feN2_szOt`>3}Z_c>0W6jquTfbl_Sq7KQ2`Y9RydtFwnhMxoe}?%Dhi| z{Y|bNmsY%(XxL#DzAF3uD^V(Yf1eUNCt}mmEC8xxzYm)c4*mx3dzMu8cdP#7mbwS3 zoC`cr8N7f5Qg+B}z%r1AhLSEv-TC*rgRi@xzm`4U$;0L@nKjI;LED4)17{tV`ih6` zu-oYFO53%^$bEtb|Fe7XA|{&c@xlTG-$ixrUi+-iFLL$2y{+``;bu?u6FV&wCwpM* z0^z2%{p5{&jtBq+iD)H=$dHOmN~LX9;*HIbA12#74eQtW_!*v&a3zAwRp3B2c%Pj; z_56!;t3j9&2wrl2UXFkP7nxbRV)9@eXbQW~b8>N<$of4$Z7!>kArb%nSsnf)Kd|Ft z-`gGS&wwBiY&CN6$>w}>pugSNh`0Xb>kq+c@39l_j<9dV+06yC^@+^;r_Q*9c=j3E zzM$UW(Q5LeB$Qe-v;%F3wza2bl*O2pT4ddU!8h|eb5r_wHJ<*3090;ymDPs_MLylc zm#eE!hHG3BS!}8C2NX&O1yTyZW#dh0#2;lj77Z?4OGfu{N*?-42Lxmscsu&o}xc(Irr%0h<+rc0J%Fc6Zt z0-R#(9HApwwzlM=H)&8351Z}27Fzkn=_+a0ia2aKi>~&xVGodZ=#H`vG`IwI8|NBl z{Tk;7CbjNqyFXI%0ULOgSfU2P$a29hRXGYzb$n9EJZ-GL@yx?#*pB~r&}=6MOJ$2c zp~9vCUYxeFox?G7SaGuskiFW?JL{l)nPDftV6ZxNZc7g+(#}v19rZ}36wWIucPJ1R zW5(V3v?sb!YOfPvUtUs3I-5_@jKgvQH9BPcgh54YK0K>wpzJl^8x4O9X<4%YAJc{q zaMe;&D%;o-_lcxlqSI0+nnzhp@gK=R5rGo@?E%=*`*_$)Z*S`Fr@_9M=_Uu4(Hx3i zst-5{=+6$8dSksZi%hB#z5g;M>?|FTHw_-O6P+EYgxJLPNv5w*vJ2b0=edqnc+RACc`_y3m>=IcE zHrB6upqO>**lyT*EPLDtPdEQG`NoNVO1RYZ5v^#2juR2er7xQm zJDE!LlCR(A*G-y~{L3V4L_qg1@uO$Ow4and!>Lt?`C{t*pA*Z;!wE)-R$_^@&NJkC z)fFoqy&d!H152{LEAHGLZ5mEo(xgWFRNZsMWl^k3cl`oBKvlAVQH|+?H&0P_GPv0L zZ_ES8OFjIIXev3U*iENNG(|SWyRUfT_Zw{Xk=cwV>UF$N*-8veS)O;I><~=4Gn;Ov zEyuG9jEcw2v?0{ca#a6*9a$u=>k_7cXtDksNI?nJ7*v|#-jP|u(KKIe1m{!wnD0a~>`o6dOT5Xk`$dZTqCKu2jM)F6 z&z#Lj5h>?19HE9Dp3aU^PB?a6zP&G7&2FT6#dd6@2FOF*;KVWCnZ4$~rISA&lW1QyxT1 z-@|+`zWaoYwHznX$H{96x*S4s^!Q$ctXfiwcE5dB=e0hvIgbZgCqtp7*dSkb_UIoR zcYpvTo$}1(2ANHzQ~UUnG+7U2geqVGZF1j{K_gjEnpiqfa6h}thM-VBIu(HWMjp-V zVdT8m@kpQOb(Hj|mD)s!*VILfG!4*6C|F#rYGeSCDm7JG71-Vm= z`6Wm7jOS_1zS_3On-dRfXGpCe;0;rFcy~!N_{s1 z{=ve>(EVu;yB#~?z0mr=*viiA!1Pl{-s+GZsB0gv-z2g}5+@|ffX5x6z7B1AFk(Bq zo}!>#N8awyUskmLysK?)2xw>^=}xBAO&SPh*ITY{$RG8jEmZ~*WDfF$nil{bWxb=( zYNlPr%~fjzG?{8>?}k2+TZz9>p*MJc5w{HUv9cbPEDCUa89-GJ7U83P#{-R%Wj);e zf8*pBLKdT->Y5=3azp(Iz)lDgg)nSRS@*{h1HaXR3=DFIKH*Fzx7Ma4W)OPQUmeDPa8@=kC7m-$3ai&~%!M=W7A5JtH;TJZ(-wqB*lswvol ztp^PV-rnxtKMQmnZXCK@PKo?-zw$}Hpk&Fg_xI{0#dGKJ3D_L6U{hMY8%5WbBh(t` z?z|?N0;eH+44~v&8QGMtfKcbC+qY9=i5dPzmVopzh%AS-m;qnh=ondyLt#@%(5y7I zK1~;*m;(K&BlQ7CSy*CZC!SeoCWr{$detlvUu1Y~$xp>E7$^hpzdbE3MjiLf*qHNd z`1|F{_7Q29PR0M+ssDa4hj+`n4tu=RQMmXekEf=F?CYKOd7VH$?IvoIrW|N$8Av%j zT;(72j#J50Gw#YG|5$k-Tl$k@z51MrkG3V8^1!J#Gi%9HQd{pY70d4cr)K{1nYJHw zo}F4n^WR*I3Dr}+02ZuUQ1U5v^Sg4mQ&FI&rBxuU+@ zOyqXzpB37s;Nf0iY;1pN#R{il6Hpv*Tz_)!Z7A-|yu`~UMMDUN?@^?g#}c^ZpY}36 zF)qG$L9Eww9(~;LcS;X>%gd)8e!`7uWl&FD0bWI0azdAWgO3|!NK`{P04TScA5h+vrer?%mtZ>fQmI9pyeIbZKuT7z?m80y{8CnCcfl zyoS8)^d4GMOg@km_xIPTXy)@0SS(10?r09A<=k$I)vtT&bJFOjQ*noml4XrSV~ z5C`1@F%g5iN6v^ij&$>Fd}V=?O7`0t;bhxY13fJ;GXzkg5Id(DmJu5);~od}gug5@ z6TwzjVq#)^j{W|o(4V=P%p78?Dk}IVPMbe61rd5c^#Za-1QV3VH)@X5fEoMRIvg^ zul~KH0|}M9_UVB-y%Z2OD8MCCoJbwl+Wvj#gWmRr`>k?sewHIgVgbsnsjmLI*rMt? zivQG^GyEOKB8gCY2HLc1ZfDJ(gu)tjD!pbjS%y(v;Fj&}ZqI;1GO;<3CmLcn^R%~b zKYsk!wafz@Ip*GYU*5Ob66HE90+b+?O27RNfBo?fRQK%?)7k{k!*|eDq99sy#K_pz zHYY&R`@`;b3lEm^k}K!o+Rr>CtL6Z}*OGL$!2pAVCVy&j#_{H2ZC1#zGf1{wqV-_;4f-hWz-RBngikXd^DXG)Oa zW0evoGpzWElG)6H{EL}dqA(C!d+%&G!6}2rwtHn5%|Yiu?Yr||{l@yWMttY2+qDwK z;?JfB>q1&D2n$cHan>-jjoSqx1VGXHAl~dW(^h0vaom3DQkgq7KgyE*8UWRx886fZ zv3h|1Nq{t~kacS3`#Ww?6}pu1_eNQx4@M=4D4ed0a^f;A@TT zJGU&y1BvJB*V|?EvmPIM6Y)lxqZ(ggCJYAoJ|BH@OBS@6Q6~TIB^6DG8J16zy0kH? zlVba2hoX_U`ud4NBGjo&_xC6#ru$B~Rhj`lT1~=j#Fzi-&KFP|fO3!>>OY<>V{^j; zW=Bi4@TKec_jhJ}!q18)aMw~lx+K!8a3yzIHq(K#s?AtRX z(<_+7q?tf+m!af}fI;5>W#71I|2z2h>)xz}b^@`?|Gp;wuiCius$*uGDUbRiTg&Iw zW|Gk_+_ZK?w}^4(7Ww77n*nzS|8uHAztQRJy-&D*;MM`vA_WytH|HEs*J6Zg&;%2h6+eI*)CpA?$a0GQx^1MorxgT}Gj{jF+ z!@qY2s5e2`s|Bbo4f$$}(K4EROb!_2+;oI4Dw;F12I!lj9NiCwAYeew1_!E|T%8nQ zJ5Y6?q)Cf}T0Lb>S>5Gjc%q3htD(Dp*WkM2{$8bH-^Dj?-c-Qex=u7(pnd9|n$5^r(*e@DxF^M_tpF*x16hFJM2(Oj$ z7#~ILpq{mzG(m|t-SBzxqpO-Au(C0|NGIQudBcEC8jk&IUDasSxA$7 zZ5mcVU77G`=WGpF7!WkjU9@sg?usnx5HTuFa_b5JGNs#lRLs5x5H#8i6!fj*fAXyZ zy`4RF{j60GUyaKk3Y00Fj>>L3QYOu=$hOz1?9e6;?VZgT*9;&o-HfirNK--Xz5!#- z$56K1UFFK2*xU76Kf`BUx{pCzH%g%Jl3HXdXi;iva)8}Hq{)vOQ-;~m1QoR7|C|*+ ze{pPHe5}2$gCA<9dorwUqFy91bbpoVU-}R)oZ~v|rC;lAF^u*OXDQItCKBo%H3`Z( zjc9}Ua1QNAov_!zbc*qtKiCpK=_!cj?F&K%T=Y51$0}?Dw!!BG za#VW)Bq{&*HTjRskb|{)nL5cR;n;iQ7jd+Hgfid|DuO`z9St-#F~C$4FV<#Tvx%$IU>7`jPDE?p(%J0adj);{6;~D_@`I%sXRX)u70j-= zMdyBE0XdI{%CiJ%N8Vdj1k~S7m%EfG<1X@`=m7#S5XpbyI2TE7fcfwOaybZvWjZVP zctq+oB|_FR5ujdI8hn>xXGKkcX-6TYd5tF+lrq%R`iNT4@?WRTsUojFYOE4_Jd0_3 zAPnthP#33+RFqS_=ltXIi>XRlBsZm$JbxcLE zMt^z5Mv$ADN2$;{k5^fs#{eE5?E?^i6dAYJS3G{|XT%;_6Sc31(xg4o74-p^Q3&wM zQ@}CyONZ|~5C;sYNrj-EmdwCTj-K#neguHv)Y_HaPsRObhyjC{%Tdali3=gt9*~E% zA@z^IbEMWF6A9o9kp^l2x-GBWXR4$TD#>53!5(4LRFp;XBR; zc`%nWEDsSC!Ch&t8YA&tR2)V9UIG0In5qo%&7^by!@4+T#}t_QPai*k_jbm|fTMwr zb|t^4prTBF3DF41!UCDOiE$ZY3dWKo2I1ks&I+hOmx zmF`;lFL`eVeb=5JsVNdMLmBREP5CP13j_PP7j=x2qtK?=`pW@+h4@?R_o67oY@RPrN}ot;vZy~Kzw_?3TaXVV#z78E01m@r zwTFoBX|qk&vh6^lm;&3&&AK%cE{=&kYsKkYc`JAi$b&0>WQDdQ5AI^M#N*4F_vAk* z_brJUm!_sk!ifzY@ugG+kEl4P(8uBZn+A({f}+{8vhs?fSS`R(37%BUb4k(YKnK@Y z(4@Dvfx$5j7)6ro0?13g_DDbT*}aXbQGiNAdh4o2SYL}3Pz~o|`4Wc`a!@b+PNEOx zY8lrrEEKu9v>!QqIK^&ZYAz{C`^Rq&Ixn>y^$90n)7{=&kfYKBdf9_LfFS>V$aJE& zB&BVD1{@Gm2TN;utlEtWc%{=Q>gR3;PEM*;SyC48iLrcInn2o~11frcm(^t@|3!0m z-fhrI{Cr-i^mNa%$-e{0&0={OJwPe&6c9>+E;!p2UR&0J=BaLlT(F;^zC9>0m1dVh z2k!?Ble{N16J@874xk4#{el_+8{7$p8yVpaz_-&mXwd(Ur^R6n;9pc054 z#bv9-E?s$muHI;*aSIxjXNs7wnk6R`(PnW3zt+L-3UYA~^FS>O)u4gM)998{s@?cY z)^$j|Jt2av7?>nBjh=K5!qyhex?b<~-eTJxtwpB^_EDA>7CT%@om_Cn@G@WZR*b!p z0SRdC?Soi-@Hf1ABp#?bV4Qv6T@t}!$%6qs<4XGPZ)^P0%IT;}I!67qmM6!vp}3}; zAlMgJY|=vU3|@Tr`5pQ9+vVF~^a+PadmW?NpsR)NI^ji8IWdc#-+2OmLUZD%SHUt_ zGctsHlz2L)#eb<>pm*ep!sG~oGQuNOUT@jt$KOkth&~R^(4TQ*AMsl^dS6CxYCeg% zSm`|Twl0$pNZV|WOjDS8UTJVEOcwx4kL9>Ioh58C!Uc{So|j9Oa;agC8xQPJ0?{W? zUciu#L{->KAQV>WEFd0P;;6%!t|Q}Ffrm4YZ^Y3B#np~|H&GrFV*X9f-zEZ&3}pN$ zDn$!vSl46iY8?BpIDPRF+Tblbaj3!ui*i%QAY`d_&vY0^FDdw_1E|7HNp?(D2h`ce zPnC*YG16WbD6#3T2N4g151}op%iA@6@#n4|=SfXJlO702TQ$V6!nLvHqEbycLRG0R zV3zfp#)1Pran@TN?$Nh@x*}8<9fs0;2?R!51F}6Es{hNY%!2Vv~ ztSNOVU8zCmUWGlQUSwIOgNM^tSz8~&c(mIENcs+fg^WQ16>E$BKT4{WL&N!Z>%C^C zKZlD|);vR7thcd&cLtH6Ief zh8hnLx{Kar=O;(0wGR(Hlzh{qYp!zQ^d-hxwbtIT{3T#13BjZa_l{gTez4SKuvD}r zt&RP52_nG-(gO<{mc!nFBfiu26YkF;s5%5TmEr37jLWLS3*Z3-;1Cmgf&V^GUjYfQ zX!!n42h(Si3%=W2ATRVYpkrc5^4@U}3Ja9^F^gc9D)8BybQ;?^0&2T>aVty6Y|gP3 zye~y&cP&hAB9Ih=qv%EegswfO4KV|WR)Nzg<>Mw7+9#gJzFR6Po1ANPr5E-CO)5oz zJs?9eQ<1N)k4R1W?IJVCX#sfwrkWJj=DL*DHd3!$p-gtn**&8f4N`UXVn=ScumvAB zPZTlHUl=UoISXA|>2kDV-&W=W*2!XHOlX^J2}em3kBS(Gsn$6eS7PFmua_YPNq$Po z>OR{hTcTa-J9i%?yyK$Aj0Wn7vmYlxSns$WDHy_zAmNq73VyqCdLeewJYsqEA z(uSygzU$^_o(|VMZs{(IC&~^8^igU#>MUAC+sa*fsh-zQP#Nr7Wl%PD*L%Sngt~osQ}?ySexfCDH2g{WrI+o1 zE7OmkF=ZSh&*=FbO9x0l)UF3;JjNB9U}xKfV{HY30jn-qX6X{xIoFrB+*Nf9=sqO= z2Q?DP3@cF?^3{~dco$dI*VldOl7mgEMj4`T;@(9}v9r0kJzi8u+>H$uRt;=Z37SCs z^h$-X^ysN8kcsBq(f2rwjtFr#*XIdMg9Vmjww1?*&s@B4VLzE+=&R~5=XE-5<){v7 z@xrb27$^+r55rBStH1OuB7l@Z`>u#J(KfCfm>j2`2l6tl!hEVpiJ!E=F*Y_yywLUQ zLnis{kZ=m2qrj)&vm6Jo3r&jiU{{dlVsF+h5SGPtFD;4r(?SrI{-E&jo&G$InvQr; zhlIjfok;sJT@fW3#aybc9@0nc%d?_MaW19xcfSX2#3)iWjt|eDd*w6{nDY2u zrNaa_h`LyusO>@V&$vw3pH|A3p7Z-?6V(RngYFWR!PKSN^%YzR;FAu?(Qaq(Y@||- z4d6qzvALSG&b!M&*jP8kwP3o@Evo z;|H6^OEnJb7Ar<0bQapWDtzW=z(t-#7Fo)uH7KO`wKD7}w7{HHAib2; z;gd>dfsEOSo4w`MEj}Tk87mKsmFBK16&2SCyFXY|Jib%ESlQ8e?I^7K8?2AvsnS`! z>$D#^cuy?s(PXBoa#f6f9*wpMoJKV`u*2FcjQcE&@&OA30u+hEXMVc}Aq>Y*??7_oj?q@$q`p_pz_Y! zGcj(2TBK(ukgec>Dk$y^`}dSdOOHcGnKgbDO%x&akBeEzWJ)+sGDZFxt2}*@PPGG8 z2@Ok+xuu}3ABV|`ghu#L0IR)R^0WX|DT_op(4D;Vqoy&LLVP+B)YH1gx;!b4Bh`f_`EbncMXO+X{O!BnG4}lx zKeD5~L#BQwv!A&R7$Lpr(q%lDD~v~dcNr*%F$d8(BEYuFp|WRFb!=RUfmS4rks8jG z?Eeql#6KykK-VdB;^n*3|syq)f0f|)jLhEu$cjHK~F5NCo39x z{n7JLEZv?%cKMc^CujuR`!js;#m|8#Cw8Cf+UIJbE#A_<1Z3}JKztU$RLh`#iw;_U;wyf^0O%H5nd%#<^OEESBafW1iSK(vG8mV?ylY{5u$9 zM!?PGhT5p@gM9!5O2k`niBZRVF)Vu&BcOsOk5<`Joa?7H33jWQs_O%jpS*72#h`tx z8)omJ;Ltb(pkLq{vEPRLoz3Og4!HZEXN`AJ$IPJdOC*hBT13E;p%BG(?s_j1nA5ma z>ji{cp0z6j6=9|0W zc~H~F5-p_K4d30pg!P`M-czYMmaP^M3&|x2ANnK4+^?E^$?)HlQ}Bg$huoH8$boU3 zHj^c;u@8LZ>|mZF2(^)>`z_L_!G=(DM20T%BHp)I7l^s6EV-0Nha3#uemEg+t~qe`jX(~#w4O90%x*rk=9@go z3M~Lceg{{$2P$^V^=Y@W;QIpC-K`=WftI_ z3Fd)lrE~YkVdORPtGW#TeZK|6?RlcrbY6;kY$Ndxk(-Cl?sgy2<0VPVns+pVDXOchJ!u8pe#Y#!dvKhyy`RLc{Wc z;64>o3u^UP<`X10c?-OTn9KMmQ;~CK9rJY;-e;gQvKtaEYZvH-xq$6zN%W*MkRWKM zN|~hlEjS^@g*|DKYT(om4&-^p`>9#fVD_d14-?YsZe1U| zD=(CO=*X#PmA$PoIUcr@nZt(BA}3TG{CN%2&gnzkZuf@`s!LKyYl?HO_P-XcSa6f=WP>g8pr7g^XV48D@x(SZs355K+iO#(PuNTMuoM zTdR%Yb8i0F^^%Y`nmzw#A`wsO8Ow-2ll$Cm-R`W`D;1x%afAB+2wsx$*`On+^WGr1 z6~0^1lJhwC?K()*-2Ssvzc5Wadrogx1w@U&o#yVbuf|!L)QtO$1WLdw-*HHqaz9&D zg-?bahTYk;?mDx#P*m2MKIU&bFxLlQ1{MOM!4>da+=11YQ8>}UYl2QC;NHo8A8z>% zy(}Yk1xu*kIl$0HZnVEw57+L9guK;kDg$~u8}-J_LpDiikim{aeuIzW+Ry!INPgt9 zGoSb|9Vk)|a)DqyB~3p0?P@SYg><=|=Q=N15p%zL+ET@=C@%Hg+n6&dZt<4EOR<}0 zPsiXF5)wvUthZfy5Z*!cziHQfKUZ&LVb-U0zXlN5R4ZCKz^%fz;*F)R zj#l*~O=Tkz0++bhln&_xwl`00v$dB3NkP4o3`KaX zoD7r*JV4nZ`J@+FZOikI6Z zJ<nO%EJkFjS{ z5lp7PNo_(duQx50&xo8p0XG^?J}Vad@-{zGD6w4t!+l-M|4UD6ja_)_`FJh$#3SEw z_9q%_eTO*Y0)#Y!RF3n9kt{AZeTa`e^68Lm>)R$>|D4o_h{4y|L{mx2vk79S!wLSK ze{s4NhPHxU4FTX!({&>Cd|%pV0B5Tlv4y9rrx*CQa7?u*_rMn{fAxh-ZDaPFgM8>f zftqVrs6Q*C$*3Vc=iU1;)NAr%FcttrPJ`&0+iGeZP#PQ<^}N1<*>4}jn_u!?7^tW{ zX;SZ%s|c`WNKhf~jn)Oi)C-?J-LVB~kIKLnpZcF~g*$s1TE2f(f2v(QP;md&<_f_f z=<$ADibuk1x8FdKvA7s%1=OL_z~kM{RfZ7*)i|O%O+gDdTY%nSKVb!vAqJ3BS(TL_ zF|@~Q&;A48mt`SW(Vc#nyfU_e-+7$s?LN^QHXMBC|6%XFqMG`mwqH~P5fK|8QWXRN z>AkB+Zz{b@?;yP=q996FdRMAQub~G7=^d#7f>a?u=mA3Dtl&Go^Z(x4b9=av;Q+Gt z+HAGewWXn_gB&S_xGWol|_l_VcU7uUn>95?69?NKetyl7&bG3q{MnYdb?>u8X# zQ6CBFPA{$OqMhhJpW7WvBv9W1+w0I0Nv(o&2jC1N7klXAJ(drOV*Q@i64plT6L*2s z=pER}za< zj%B%NtFP_a<9eVzs%G`Etwn$Q_$J>lC$voji_Lbswr@BVpoL7zYjW$&%FKGT&ONuT zVbaltJ+wXAfFV62oo}zW4F4=d0cS$Kr-pSA8vm$2(TePMw2Drnz5cX1k+2 zvjl7gUjY9bLy{zln1qy^zh!sa1Stzr18T1nVPmLjJM^SX(~CZVF15qID7mWl=$@g- zgs8MZ@)1F^iA0G1ThO_Cp6K8sD}cKAy@`N#ff%vd&PPbY02@ z@2=&2CEvfNcST*ZcYVtn@rC7Sd!hfXf#mSZ24{YcCMF*9_r0cTJm0J9La+YLe`*y50Bp%eOr$(a2S6im2 zlp1dZt3u_vzQ497%WVAnleBMO)1GI=GC?o_554P-=dgeGLom7m9M*SO`p-7_#591D zMG~%nv-jkSb^YTh2t&V(DxjcqJF;5Syj_?iqKj$!^rCh-xq7E9M!kEfe@6nw_TuYX zAjcKI{RD6IxotRAYRa@y?Xd)s=I9@zKL8Tox&SWyiM=4;U*G0A-W!owT)i)&(rgVx z1gdW~*R%>OeuXZ%{-V&yO{92Hv9FeKkVe7?FR)f;0|omHQQ^i2t8aL=>E7Cm!K}Yq zP-X4fkD86T<2Cz5kfldIRHkIT!hS&5#bw-}`|c`H*V*j7)%67X-a7lQ)%|eb7{uFq zeKz*Tm#XPuDa}@W4UNudW4+Qh-}s$5YX4@ITlpwmO4;`W0^sNs6Yr8O=89k$B`+(yT+Hjx2!bOScB!dX1YEvL~9 zD??1)4ScRSz!&4HxYWHY7BBTo3DX;rK>x7UCql#eoyfanGLmw|Ho@AYE8N)Lp z%FvCh>ep$RL9H@U9Okq+JLAvW%+Ek@NZK+MsK_s=o+>iba4VmL*==a!_evc;v9~Gith@+nq&8a`uPVP| zoBn%f*qnmQ(Q@cK(=0ibH=37JHBjIHVF$OjiuaKZ12@sa z#g;fLs)nU8gayDv;K?Y6HG@jGZ~=37ydUsI%R9jSz-#G{0oaHxW`E}lKh9Y8Klj(8)3HdwZZX?Zwi0&lvbPY)5~@;m_2I(ZjNMVYFWx;bwJxbt9g+-Je$P zU@tKf0z4w;INM>tLS}jY{A&vNIUrlI&1N)FWLBx?XL5>rmo1w|_mHt9q9B z)+=Wv-fDBU)-CTEtw^VZfts2e9h97m9^$-?T|S`$`;6Le_Efi{@q!p}`G)W&boiU` zG_Qx=kJoC4H`-HrMS(0<46z1jna=|?9&qeoJwSM2sgCa6jS{`F+v4tjzlz3FaA+#L zaa!GIgcE=|xp07F5!}LMS5>$hZ2O{(8#j4J@H82)S!0BrZih^}tfUPCuF382yvc~j zh-2lO(m>*1%$*YwIn!$FqlKrR`bhp)vOO1e_O1vB+rR62g;tKID`NZQWP6IUSeK5e z?HBW<&*ES@>(LYZpKsl!wk%;%g(6Lay1xdesLqU-EINdrlxR`-se>pbHE|!3t)^7J z#8%}DFl9Ty@0TP*rZNk>sB5Cu`7Wm{otW;tb!1~x9eWstk?RqZFw*iu*X)j zWM3G+7hVU!)zy48ivk)?lk#GblWj@ zR)=Dx2`~0p&sdEcTgXFc=BW*5jErwQGMW;V>)$am-?t~*tgQkDY+GO~bhTY*&*c=Q z_BfGr$E}T*IP+CS(H>QI-79`Ne(!GXWY)ekm9BYV1a?pNf8sFrMNGDTQGn zRyT1#6r*2h^Jh1;5rB>G0-kD0y!@GkX|+x9w&hAB9mxU6+`8B{!v(n;_rBnzSVs@T z$x!1dtH2$AN8RFgaTb6lwsJ!8UsVo4%}Mg4nAkz#K$k^hWN7?E=cCCjByUokX-UwB zG`{_cdzy~LS^i@^#7l7{#Rc5I-VIZ>rHt<7^*8cQ`}U-8|1lj>fprN1JcK? zMcvaiXz(U6P*$jTxzgtcp=KI!J9(v_*Ea0xWchnrU4?;oywZ^)19Ff=Qa3hN0>}*U z43I=>s@JJ{m^9;uO0fbh4*4!86E1H3@tg@fOt{+LMFu*+S*&zAS@W{a3$9217coxw zjrH{61%gB6Pq!W}#;|Dsr4S(zj!$F%o}dM&d+y9su9llEvGe0jdL;1MG9YWWeP`19 z-xT0U_X(x#H)$7o>f0!{P|1Rpv6r_1Ka5{C_qa}d#+45<){||#nw{iakxX>d-rhbj zbwol=o`6?pg*Vxf5J>^IK*Lcx3a|W5I_bJ|1fX{3fOG-x(n_F9>5ucZPQ?}CQJ-KB z*kX|<=7CB)`jYju@!pL>>K~X5guQ`AN5%Epr*aI^CIS=s10@%qf{Lx1U(ff23|jTU z{hBDLFF^LvX`KOK_ruh!$Xg-3ti)XRKGt#>7be!KaZ1wTaYcF+&{+9nOak~G&jq?4 zC2>;P<^I3q{(Kq8cST`@OL28eJIZv{O8!R7kD`8aXg$}D=k)Af?dti_d5GeU`_+i( zEG@88E_;`hG9>o>$ptoz+)6-s(E#mvfs`!dI(_WfDOQ~wP(S!YSv`;U*gk#QrVB5c z^ihsue<F-g=0C5)^z%Wchp(eN8aqATWcmU{9BM{ziAA#xn-!F@6 zAZtu$WGtB;Y52b9n%g!$g?UpkwKE^58l&P|ZO?+7f%r@deD~n2Etb>E*K8;?a$RPp zr9Bs7aT-*2b_2?#{WHATNUK06#o;#)X*n3&)(22nT1nsEWAkZO$l}1ePGNsd@VsG% z{+Nk^~GJh1P zk7~P1s1hFv-l^+_5Ba=N)JqRRd7%z-XR8w2wlh2ML&O z!$990#y6ThK=@OuXSIS7R|dp4)p{ZWSYvJxz}c(dH|s&5Z-Zw}APjo49nzaF*i+qx zr>WI~Vpa*^WY&0z2{%xzRa6D-h#?ZVp;Dr*hYDZ9`|fS|Zd7ep9<1x_EJR7OOgMS$ zb>2+kUGTg8$d3yzj+Lihbv{_=kumv#2fpd*CT>J{wdv&+7qFJrf$fMDUHoHXhXbwo zW(1HE$6=(sO_Bv{+56IP85B(?JEVAVLs4yI@yZi$a=KLB!&Oma88OrL(&Ob%8?%iDYH3P|+xi2T!Q0<}?jP(G|1WPMhG2@_IjBRcmKG3=dRF)BRQv3*08z}h>A@m{ zcZhsk|Mrl_&MZtRY7&5^7DEBJ;S7g9V+Iuiyn0zL3ML;ZfI7xA!GJ0BfU>J3qy(!l zusz~2yk7&(K@|DS>=}1J|0&?gG3)28nTmnWO-TqsM`TV&9irJLJd#ds9$R0c@^kSU{wMoEHoJt~(v6;Eq;^a!Y@P%;@d2|#M zOA=DnT|hgnGFL-XJYHa+esv0${t8}V?pnOtxqDdrGD~jSWoSQtz7TtFg?5x+7nEsJ z+&sbQ3ZLEYM{KW{Cw%+`-KRWRMVyXvBJg;{`)3~#RmOn$l|2UZ>H)b`V6`g^@6Yg>Oi(y<|zy+`afWa&^ zB7j-gAK(PyH7-h;{#^P1OriIQ$>~2L5&%6u9@NL4%|ce_*j{D^H3laJ>`w1;ch&># z$*+FM$pON7aUn{IkNPtM2TW+F`H<;+AX}u>R-V{}o219EEUB0KNRCMEN%lfw~F|!)Fdq(*eFIYOmgX-Yr0z z>0UAMPqIMftTYME9sNr9pk!eYn`Cn7`>yY0^Na%NEW8vI*q)45vCWst?Z?$_zc@uW z?=H2cI0>wjmpmTDAK!rr*hAnQXrqmCZc4H{XaQ!UPBLM4ra=I{{m<9i$Nz(fHW63v za?IGQstRgq%zL*A#bUCmAI>f%+=)l~YL!;4%U2MQdso8U*WA;td9U*#Lf378yn_X` zmxyUkF6?>YYvZ|blW7)skA?6f~5N^HYGEv<5pcpiDj;&L8pMn=9*Z;3&`H1x*CirTgOk^~orh(q?3n)B)Hp zW_%pQb8;tKe0tdeo!+qSE}Xg z@CF^L{>1x$2o&QmQ>O(Ms~m7P$g*`DDZUwPH(HZq%%A}(V+Scne9iwsYJeg{$(xOk;K{k)9Pqgr@utsMAO{Pj;&$@8NNNtw zSXa2~!?B@d3D4TovRfKm|u zro1fQa=}ko^QCd;Q~rfUkr-o&tNr%vC!`#AqQw#}D>uf6V+r17U$mXpX+TN~2f)ul zb|Gi(nHVgU_T$&>0kh~!1pcPI1CYaT27+kgK%vb`PrjaeVis+ZH_Sk0h9`xPbelZa z?u+_jPV9ZOz*&>nnNe}Qb9GBs1JfW8PTE|)zZP+|C+$7=muIp&$zs5144R$dYg+)_ z6NxN0VZOUdO4yTpnb*}KL%jOF@gGt%%Tr@=w$@66wt2x4eXwlAsUw{0|xWAypkw{uG~n%w*X0g3HF z7~WH>OyHt7go_KZ7n(flHYn`x#1flua38%t zRI~z@cuJ3T?-vh#3e+#@dG!jnHq?OHOQ138!5uZ18vSmX95fK{XmKw7!ATJ`v$mf!w_BeO zybWJON;xf zy^IYnu3qW92D4K|H*o@jhSi#a1!wKu@S}QR)WBkEidCht$i`Rd-WjOzLS0g7dG#;c z?%Ft1&1du?J{n)0-oroYfd9F`R>Arl>cKu;`i|HcPgtQA=R~Mm)x6Gm+=d?oh725D zAV~U^fnQ+6&KHljb?F^m%`aDe}W0 zsy9&TsCfbcg(v@K7(JiJb9#gJsz|zM;MmG#r62z{ign`_i0UHqX<`EAr4kpDZHP2m z035!jvx0+ohf_~`T=U|Zws(Ay`?os9MLOWqX%o`hMT|Rq}@#%=*=aR@XI)@RY6xnt_ah&o%oh}@aRNM~u!w;-mXW8v)qzp%I< z5Q9u=6DCK4E)q`Bm>-FmZl)~i1(65Ui-vS7AQ%~Mf?#aH2V?K@z<+{q0rwSqe?9c_ zamcuhbx7iw6A|g|z>NHH`{YR&%8PrxShb}n<0@;+6#~Ysw&#cz_5}XGF(gAJb2 zB626UkjiDDX-qZ7*1f|Ic6XfqW;?^{3j~2({KiXGpO9!8PYK}$%x5-ns=9^wsj4~c z$|LtgvI!yr#v zX$iAYasvD#LS_*0=I!@)i8cAFQFk{hQ+Q`jMm!PLsP5Q}lc~Rv*mO||H&F3@@?{R! z6gh6?@0Ium5s92_t;y5Co?pWBAL(Lnm`!*^Y5|`jot$G(-qIGnxcNB_&JZ8dkvUUH zY30hVQ$x+=Fr$+D@F`roQgU;u0RQpvb7o~b*lX%?_5+L85n_;zamUHi5xL!g>XbTT zzkR$911t$9KJ5+zx=!7>ts~1qtl#b7ZuuS~7A!E(gn^Lg-^X73XJ8kNgoD{tCc$x4-~+RgHKS>P?16?ub{*NjJnL@Z}kF9JP1|A z)&{Gm(C{RscLF1Mg?1B*V_L>RF3y_QVv(_ZH6>?NEw!ag(035=FmZ116IbvHCb)*{ z=hk*tM%)e0nfWZ&d7Ie$`cE7JCc#!EZx%`=COK48;x}Nw4(&&rei-`;f#Vt{ooY{eDVn20tN=UfdGno7Zx!Z1cRp*c@t1gU@%8LlMq@aG`_m>;Dp*GBq}# zn5b(M$eWbjk;$@Nz} zB2h=JsBNZ~^Hw#bdR)C0`qSn7CGl1BGwAAeSiP)zeNlY`UIPKqY$McXaOKxWNsB}3 zV;o1QtDLwhO$-`}8xfK*tK&56>cEh@l~;qohGg|^ty5PlwA=aRP;J&You-`D)Ct+Z zk5IJvy8mA6tjr}z*>(Y%6c{7~8#|yR@_~&9F z2r`oa*8q5lw52J{!Ut<{Z3IW-R`_1J@@`!-j$ypS5;nOJ#UXwMdh0>|=ke71dps8; z7=F@A-mvA@sF`G&R-tnG5=uD9A@OhnMz+0i@SwP*J~Op^MGhp6J->+c5iUj{R^n0} z5h%|SwQ00an~`Y4RNo?-x6Qu`c{qT@nG^4WdD&Cl+Of5MePQ`$5#szR(1w2tE+Q6$ z5+UNshG0lK_5UYSh0a6ugwZ50yyxD_($dbc(T=5wmPao9+BIEll@8^`HhKt$gR7X~ z_(~HFeasq+f1*oc>rHn$4H%<4OWdzXshMjI^^SH!T3v;-mA#k%t+dG)BAS=8^RBkmwKYXwS3r_cI>o355hI=x?oRkZDc zzZ<)K9>vl1=bMq}UpvcTUs|!P{LF_+(m^xj%QY1Z3NfQUPbw7IrptAVxK#>tW|HQo zBt6nvV^u2*gf6QOxq&c={xV0pqtJOA^C~;YQAAxfG$RgfMOWQgA#Rm&bF!AlgWvYO z!FXs=>%lLh6m8gMk^}yCVLco8Ueb(~)Hn#Vzz5DiAuWeWOg+?>chV46b*ldtU(%vl@nA$}5oI-|!%XCdcP>1bUC0Pi>B@eS&DGDIUs`r+@K38p)8%d~*MDG}$-T zJ@})Tpa(8vq0D-mD(abql-;xaoCwm2CnNKN?+je5M=jeuz>>fadgu0J&0|fqkdE%; z%imV$-Z)+?TA_70d$gt?QS4_-Ttn6^&~D-f^JCBb9w1h$s$Z&HB^*@(*2u+QaAZ`h zIrSdotP?uq^qx8kY~i?SU8o-CNeOcTU978GtNpmZ3b^xco^+=D3(E&b zq;fsEmVaFIm=7GqnK~kal$-o*&t7PN!7t<0yuLByK(+axu|ofm`oYza^?Zb~fxAy} zT;9mz!AgiWj01C^6Dsn>8gCH@~*@k(_cUzO22GuPGOe^!6D*LZT)Q1F+m zhM|CG#~Ap~T9Kx=D5z1?l6~+A-Oqy1R0X%@Dk6REbU)30G1&O_I6ooCbX4Wo8F1BR z#||xO>G)g$rbz0U?}Bsj0D}@lQt3I11{f8Uerf9yl`|~vHh8O?OgNT&37<^Q^n>d2 zdgQHB*Y`befUo2_m7Ka^7o?PV`0F=7P_q4dy}1gX&s)AEY{)oIjL6Rz!Jo_NJo`o| zK*(l(^NVnXtb zYZA`kr=v1d%M+8Qm0+suyJR?lXSBr=={p<#pe`Cnb{W2&Q@tLUIz@RquI{ZpS*7vL z$V*Y01xZ0GS;F_$%Jv%hS?UFMQ zO@6zp0u9J00oeZ5osG=ty738zsj6JZYUIW!)Cs;?;bEx+q^KU5o-puseEjbje*G7r z%uj>O7c(sXs40%f|6Qy`{Jyy@o1$fg{h)E{CPaVd&^tJn;pgTIHOpBNm~}-9<+?Rt zuBe0IjdBkJTBx0Bp?g-PzCSOm007pd`hccnO$=QpQ> z+4lIo?#Hb~mk6Q}wqL8jud(xuUH|5p>VB3|j5D1bD>9yS&0# zRkc;Md@z2Gk=K6n94@$R2e@suWvhTUg@@u4TFAD=DE{9Nd}u)tJTTmh-)Vg z4OgxPyRBZ&cB*H}!C{qEl| z7A(YMWqW$etstnU+^E`Ng=gl|@y5oq6v7!%*`g6yfT}{+q0}e{-Wo>YH<$okci#Kw z2@$)0i{6p7?em|HZ|aY{!y=1Pz+CBilyfFAu7({Oy$QPQJq$S`O=!HIx8Sr?`#Ws0 zT;Dr%Gn{^QV>>Oqr)Hnu$d{qI!>|_rI&;8+idIqR9jeI&K9x+Sf%d2v&sWPzsC4_0 zo6_%+zl=~WO+)%JI# zlL2e!+TjnDT$IMXbE zarne+=M`3W&43T*%aBfw;p0LD=eJ|PG@!ASLqX#~6pd^q-W67xQuL8ia@(kwar}Lp z^s%D+Wcc2c$WoRtzj3yyn0FAl*xNU=PzF2aG3f z!0zO`8+zqaWVm3~H);yWh3uqhm*EXJY#+2}LI^YEDBz*-`%96Zl2u?j5ey0Pt_)m1 zr|P7}=)+o%ft=OxGpS?Mz7glT1^i!&*u$MlD+|=;w1!9dep|>{^+YZ6nbud=#^n7y z@Jm*?54oSa&edAvcO=LSFy8CeG}pbpOO5LMhf%$`6VbTJY&4slu$&^`-?7`6 zYdyY1M|7Ar&s>!i!6{d5FYAsT4;hhxJZ2QPe@>2g$u<@livR72xx3Q$gTQz9Ez}na zEKuNxq^nt7IjQGV>6GB`RXVdG2@S2S04`Y7gB8A7X+4AIG*6^T5$ zZ&0yMTrPFxeo*v#(zGGpTUM3rzZ7Ul0~~%&tiH>N`n+R#<0J5_fX zC(IVAca!vCOAR;SBdw4sJ-EG@M}P>t+N=DS1pjwpzQWNDGRL?+=s)}XN;XeCCN3?L z3r3b_M&0JHAF_U2>PeH5w%J%Z+0JfIpsjuNWKi>kUc`$k@0Lppp&I9Zf-rLXHW&+V zd*#oX6sl)IlZ%G4SwAuJUAF;A4$yrj79fDWa|;S;ogP`IpP-=(J#Kh1rLdExIR3X3 zj5RXXo#=vo8QySGx*|;V+(P?GV%ZDHb)A&`dMzd?16!KWqE_E&-?}%aSH>7DcSKT* zWT~{hdR~u_YL$`KGuT%{#@p6xRMCc~wkVY1lS9!2i9~dk2 zuc}Tpv+1{lWKv!t%(GeYFAjZcUM5#Xqld|%ufK*Z8n1p)@qY#;N&(7HHYoQz;?u{d zmn}nVQ_raayQpQ%6m)upX4=hk$n2`jk*AMdtou4?#T99Ba0KJVvcBB=X1D#0Sn5vR zEifX)7ibq)&!2jbMVy3s^(;_pNF22->;NLZ?K=;EI$H|m@a?n*UIG)yepLgmzuwg# zL&~-DKH1E@{}V0N;ggyCPyZU;^aO)L^W4Jt%04RmCNE?n71^zZA-9G(mPPJAeW_*C zPi|BOLCJjb_GhXOb-tk|N0;$=Lq?XPb@^m0j}!l>F3~gV52U3&$QK`WpbfvxdOv6( z+r;dG-wVI`gcGH~02!_62aDuF+2sZz@G3J~<%XK#OoI=&F?)mW)EiaLvFDHb@*c)| zZ9QHa<}xTNQ?bR1I5tYvj1em;{LafPHj~6S;pmfqpnPs5htT?MMqf((ixL$~P8yeL zqRL(~zoFlNkL%muxw{gy@g$WZ$=i(<|tDg0i)AWJg_`| zWQqhNu{A|RwPTJSM%khnG=K!1Iz$*k5_7fMLPybK6dyU9U+|h@N8kA=)Znmo=5g?`_hx_mIPZ-yHqko<0B@V7~%B2KH63nfD%h|8Ny zNqlnU{^HzQ^Al|rVxe`^GTB|_mc*;=r{HPcaDDwbuWPJkZhx{lkUhh9E#Gx~2BUCv zl|nNr2VfXn{qxjb)u~Whe|k$@1_jf1)#caHaG8vs==@fsE9f534PenD9=C|dji#UGUWB7oZs*6J9D>{N5EU>D2>3cSb0i;o)J6^+et}$I4$#r33e6KG@8ACvHKO z`%>~qmh!wdA6w&)N#)+#W{&R{=y4qkt{oe&9yZpD?2R%b+5wkwNizYaq;de8RNw58A0&gOmgTTUlc6%{{cK#moiHf9WBn6`y~c{RsL7DuZ~A3d*5 zL|=Y(AgEB8&d)3R%4=SnnU;Lx!S_a^%Oy3J9r`UU=Y7Az5Gp8|6{q>Uw@QdAfXNe< zULkiRn7i=jM7y1DUdMh87WP&9!UMwk%CKp3C@xApk>@E~*?J)PA;3w*0((bSu~B}% zvMWuSt6_6rH~GgzLisCQQGdh77I?C%q5^r#1}BRyJn;;zI}vO8G&BcOUxA5K6wUbl zu;(S8`1(Yr<+$tx+qzB^2aj02Y^TqnQ2452JGHB~t$AMXx`3m+P|*Z+Oy1DaV#Y>1On?^HxCHSG2y$^qTcdd6!V zjkBaUiI6(kx+E!NXwDq8E-upUoZwmJ_1chO0eg3)!y76$C%&0OWimMNo&jS;*pvXq zlg$x>MZ?8Wr%d7t6qBpt<>aZnlhn$cj(7d=LH@;P=kesd_d-l^*AjruRB0Q?eSe14 zDQ?gIN)tvEn!t@WYq4Aa!sBPL_B;Pea`F$wUWL%6rR5ZhtvNIwE#tGy-TiSR4uBI% zDSrR1Z8e16{|S(hq4f3e;A-xMtp*l-bA(M;fN6%pVEb1Uho4m|)^5*EC$geCK^vgT z2nLap)jWnA>j485`9H$=o;6dYAg0NH1sHH56Q=Ns;1}sf`BcWdiB{GS0^ej)%D~Nd zk+Zi0bw$WyLz=_&?y3Id-**p-T16>PQHjr_J{psyXthg)zs|6$BuD8`3$4JUBs5>v zQ#9%nH0J8>uemC;e!w>*(*q6cDsoqlg7y}m*U`bWefJ$})d8R)UCi*=&4x7kzH0O( zvwn!Z=kMu0HfY?qm5!w#U-LM^NsEr4`xoo5_ zT*}rlo|J(m+MXdhp@Cp^kT0%1X5WwjL#&PWYJ)Cbqo)tP?7|P{cfT{(d?gq3KjiTN zetz$=cZ>IghI|XMHx=BF3@oR$B{z$DL9EY=Dos#N+!v9RJ$zBvMO~C_rZAqvPtD0* zEQ7h_VD+tT*Fcps(4;63$@NbEavpYyqxOmCS%=$INRZ&`X8Gd5rw2O4p$Mr9NG?|n9eOy;iUUAHTC<#G~}W@J_}pq2Ei_7iPF~lOEiFQUYHeQX{ZUU zFp;K~@~^pmHDJpWdgS->IW@m$DqfD59KG9)DnWg6d7RjI3{vel<3{JWm(cKd)7B3? zISEF&Qoa5HzIzPpm)upP&er*<4_EVEftK+;r@>TG9Q(sGCV4c(W& zHpXxhzX*Lz;USud_oAMZDm1YKiP7=ai(kbwx(^N-f01i%vVFQobs6-R&DjA4EI~zK zdQwWR-%pJkDu9pF4j9Q&8xDtic8;h_lyF33zvWzsubtc{0Z@R=(V$f}4Hj|rWd{|t zc+ed~uFlB)bHn~vimw_Rrdg=_65kNj2apac{l&KUk2Wx-u6=^zYvgp;#_c+Y=czJn zVTO_69(1$z90YNUp*ij;*;&#tvH!BDE=~R!O$6mO;%<0x_0C6k%k8wS?YB{uL(gWf z#w=d{c;v>K(+OIEIyzL6#s$hf`>S0B(Y*vWI`kYPpdtK!Uk2`V0Y7Lbb;4(qOOs?L zoExiU=Q@}cLvC%;v~=kchc&XYo-K%8mbNpoI~b|+pvgC?kF3Bar>jHR1>0;-dr9Xx z-MKG6y;W6ZFv+$y9Q=c_&7g9d%c1Ld!|p!Zu1UAvO;3-ZI#8+KS#?S&VayU2c>nuP zPl6UUb~74N=%x!m#S!BtMn=fBIAjP}f{t;3>UGJ=ssmPMw3|UZHcoWu^}2O15@8-C zu67I+c!Kmhxk47Oa+68EYj*(tRnf8L`oTQuz{;@)+q5NRMPi;qgmk*wT7F&^X#bkK z5&|@fo?`(Wr?V!BfOEb|esSR;HRWU77sWN1A@m46>$Hu+py=r!^OMf|RZ@ALy2YNa$7h`t6)kkj&rLV<#Z&l+YRrfQcu0*9ty9??e-K`C<5AMMlNc6p zq^AJ`-ah7ehsXXU=M+)r zW33Karv5<9ef(W)WY90**a9T8eCsynThTL9?gpo!B>MHO_RUUE$>O>FTw$OSz0veR z!*b^P)He~gHs`dp3fXLjoM*$^mBX%M9u!NV*aBOh#gSuI6h~D~$NSNo4w=!Mk;_Xt ziuJbu&OZZrt=bk=P^~LX-%pe^HfHCMHTi2ca5p28j(ps$HaLv3y-}97zav*Aof#OM z@J{1S>9gLEpf%k=r?FmYc7~}s)w*4-FW9;3+%>X`rKYWmomr8?3{;yWClMz8tFk@^ zN!GnSJ8HE>>I{;wSt@207A1@_*XI#6RN?z2e(MQftw7GX3HHUF@#89cxZsA+*gq{^ zM7K}?LYQ)pa%Gb0@VR~3(9~a{J9UREW+petjove=9Zw0B*HPYm?N)dD(u|ZT&ySHb zb(qx}yT{cYmzDT9Qs<&V-m~L8yTlsg6DRMw-1ZYEn9gX8NtN15qjAcaSSOkN*9mr? zc4SEWdF%|Vb!1ijREcfL@yov#%edIc)Cy*0n(?Tq-0fjT|lN zsj7Mq{}K{WQ5@X;=hlR5w#bVNxV zCki-B@UXwUHoiQVhsG=$0NWwW(Q00X`}}=qK=_Sk*YAk5Gw2pM3Di&c0h3w2^c2Wj zAs@UH5~UpLVjsVJ)p1D0t(U1dx}7L#U%jj&;5em%j%qKO5nFplV^vhVVl|>KDh7(l< z61Y8$wT|^M?0mfA`6Y0cgyhWK%>+^wgC=o`H06aNt+2AC7H5P-#qnMg;)#vob-Hf z?MfTXam*Wb3OhBmsJOx){enaY>fe8JqUa09oWxZxkrwiqu@Vz>;mwnc%iCFE*QU6D z>Up5gYB`HNBlA;hVC_zH0~DJ&Wg^Hy?I~lK!q9{M z80?&3Q~scvI1kQ&eSrc&)1aCKO{U z0}3|=4|T^yaj!7JdHJYBUC3Bf++sfr)$O7FJ9c59LQ(7Ek-`rmEfnQwBC;}oBmyfe zsiRE)7x|>WK0oxg^XKn~hzMj0DzNyAk*?dK$MJsZ7mh7xDk!!<9{hkuC9W)_k%d+V znVY`GFgj&Mc$q4XIqQ%fX^~P??t3zUXZ(mxowEpsGv*%cZ-65uek0H3Z)oTww5mXn zPJ@n`Lq#Faz5EaI<@}7l7Jr0FXT_`-x_)xsoYrGeIRqtx)B4@$#tVub(x+SRRgwi1 zv76pe+s4+#B-q&=bEOUvX z_PL(~mptal7QGmc#3+&1Meh_{m;9}VA*U^2#K*>cz56E226-DwZt&djw+Qb)W5`D) z(A}ch>r#}xFNn94TVvED?%NTqw~Bj4J2#!`7Nt(5g3?Nz?PD`%aj`Pgqs`W+TQ(GT!s!lLqstMa~YjoXclswl>nPUlMSl5M#P91qo;HSgID3S7h3X|y89#UXc7Ps ziuvBm<$d{b>ny&1q62KJIgR>7j1cCHew$6=Gus^qp)sGGPprK{^8?zq!_cICzb~vbH9}|n59fAgKzYE@)VmiP#fdT zsyaI3&9KICzqA=$a^@Pg#nB0~jO0d~;niEEvb=S|vTw+YI?FB}#tP>EhpWEZ?XU*7?R ze{IK@tOpx1-)Vumz{1=qJHE+$=p;#t)Ik8^*BuJfR$~ZSy6x#<-9QWx;uU<7VRl7#eq$h`!%}-oY+DAZ?%6+bf(<$4 zeX;?gk&?d#AJ}e2?n4=%v?mN-pM2Lz zvBCLKF!7UE7PH;7t!eeqsl&wg&w$RRhW3rjUYqcaDswVqYPMj9l#55tKzKVhbziG> zaJartZJXdZM66_&)N{`#5~D&oV%)^8*9-GLKDfIzwWYsp987{{iVvSffM%?+(&Hj| zy?>{|SvN(M{?Za1x@m@+n9`Ci=!sySV<*fP?q0@M6kv;bzpivLelag51!%ad{{?_xG2!TULH`%IiG-Cr*E^oq9Z{ zajb&Pc~)`u`rP@L@LUq$dnd~R>iaET!i**J4PeE_6F*(c!Zb*azx0G#mgX6ruf4Ss?59SnY&vp(33Ys826 z%FTcTE_V72Zr^vP0(6e|<@)IO+CbsM@z#6tcNdI$GhJ*@LhK!WQ0-#f`)9o=dGDQT zdX(-un0GHKih0j`H)X0i!kNFNh`*>Lsd)iL?)00S6c(HVWe z*pkqni@|>mGBW_o(C!Q!UTYS|Pu#L~2GaS!)?%CwYk{c<8z8^6QCxqZe}pR8K0b5p z&d*yb68-!na^DPVS(6xG8AT5qmC{N;p1&`s^FvclF6va~_JHKX0pPuSJ)`>Ln81g= z&Gj1aucoScQ?2?^P>!N-z$qpQz&hqq3G?)*rippvyj*CX(vb-acWk~c-ORYVyX=g^ zSGLM?l=m~QN0Rw(onm+9-jnZWFA<9>RGwOgrVLHpXmcrOi}Eowkb_W}Ftz=?FC7ow zfUz<42?_S}C0riKlp5IC;X)b3+TA|i;iVtlE$IP&Y-VKcr3vk|=-l{PnL)ZY_@{KXKohi_eiOmru3Focu;!EUDe zZH}R(rzfu=+Pud94rT4vUqjlKxd>OF_tIh04LZnG>d$H8^rTkHKg-PGU%X{F^ovj2 zcjD~`ACD6GIQi?kcwx~AuU)K@SNk4y@zNX{Xblt^+Qu}`~F1)q!px7DW$tpq@+ZpyH&b-6A%GOK@bU1 zKtj5^W76F*V04WhFt&Zqp6B!Y^8Ewc@SL6d-0$nY?$>o+%199mzJxxjlDR6)BmQ)< zo>l)lo@Oz3ru#Zv|Ms=hY!A)H>GT@DG878tS=pZOY2S&txJaSx%R=rKk9b|n|iiWrVPDV!DM7BE%-{h2F=S*n))83uBK#7CN97~IsM-z`T($A@5}k8O!Z z*gWJ3n|xbefj8j&BLOBw6MwveBnfZ|QSz&UME-8gmP^`PAG@T89Ks<|j3b&>%CCbQ zM3UG#569J*za|inj75`6dmj|SH2f1*K*&A{3`W8ckrm749uY_VaVx6uLwA;@<+CBn$Q}vZCU!~$R{iKmUI?m@KWMVbBNRJyjQg{iaL7YtXKMVtE*nM=D`?K`%Blg!xfxd!@G+s z;V-P%??E{AY&l~A)*Zfx@oEku#j~#@G3>VF{53k+^5&zY)j>g>zz+0425Kd71xQ;( z4PP%|r9PHRjQUX{LO$z{|EeSIr1=IDkjpVr6=kcmh)}qCH5&v+k#EF-+yCka?Nb26tOQ_jCA2N}#$hk7Hzq?*kGm880f?2S;cX1O z^~=5)k9@ah3GSvv1Bj)SDY^oIrky7!k9-J*@7UtJ5p@X^=-tiln{U`))Pn%tK}#Y7 z4`1x0o>};u=FD%e{B#lC0wi&sSB+3y4$oR@yndbJm#|eUi4=Mw~3gehNqsh=6-t# zUN8=w)gT-spes{JZ6tm+VQohq1$`hN{Wv*x<<4jse4PT?@^H=upV+$>dy>>7hf`+1 zb8)PxyLYm{ePU}d$9$!%N~PRnV>fs3#-1fa(~y__`;vKY4=Cf`*G0zZKP5{x>+<|v zH()M9V|Oh*{MFcsg0s!ogWH72&cg$!5M~idinhS!zo7WLFy|?T=6`6MJx+$)a*eCE zZsd;VfZ7-_(VZaq+yb1Ny%2c0_XnojAbA03&AUS;w1Y|{ec~r_600!Gd)YoeldG=v zwp*Ri*n^f!LG=;R0!Qtk9&{8-8D=o(~`^{d($0VO5b*z7#JgX1iU5ZW&$6JI# zxtk}K{0a;l)@&^vjU2t;iDdZQ9xJ{=AAML?G?@wgQR500zCorS^uX;6hwxb*n*{QP zECR@OYUc@(;_6aiXV#!xPdPcE{*#06h{nK z*>&~rL#ZgVei{%J@|Pu~cpMxrgepbkeW?8~@mm=}l7M?Fh8936NmDp`#PNv$Wxo{0 z?Xy4C4}=IXGpcP4=-bUt*n3d=0#r@0xOUn}e;|C5K6kwSx#c5pG03fjc?cbMk2N!V zIbe4AFRbNW;8hDRPb|II%hArU+2Et=?TgmWOI7+jS*Vkll~&O;?gO=8wdc?=%g+M} zm;`9ytHNs?66?ZMB5T0e-#+wyLC zBGIoCd$CbdPJF4tcy{vl^R?`%>~I1X4ES;nS~oOc6)-*;4635+t`f=5q6<1(30wi~ z^D$*~Z3|vDM3S>GvxC?mJL3@M$rGMfTWhBOuSO?3_Rp+Fb(7B~<9(!LXa8yEy?^M> zxX@I~Ilanm*EbX*0V4wyVdKJ4VjL9wp0K=yQLT@mblIY0?w$K?60iqYne0-5_EQ!N z-#Rqw!4u(v2+Plot*?w(7N!P9$TJ}`D`maJZNkKJL)C-&R2v&H!=0Zx?i~DcOR`%l zIUs!z%A#P#L+q&Ps);|K&(Aw6YoTev82^LdKrif{N7s71VWqFY7Pb04)#vWc6c_DI zGdq0OC@t!S;{^b`)cUT5*Spy)Q(;)-(8f(5jmrHYBGYR$**0FPuhqgU%>R=XJ)APG*AS|M)XVkS|ysoMu=sr?VPG6OF&rK&i-m7w8!(}AXI;w}q2tl~yZ zc11IX3-t+2h0$KGhY}N)jXTeXY3=$-Z_C7kp`c0PhVSOS0aJK- zn0iS>%h?9N%!v*ZIQDBi&T)M`HK!WK_|V6iF+5%UEsse}VYQLq8(RJ^Fre!?>I8u# zAnpeqkp9|P^8!D_iBWvi08nwg1rOFhOt$FC@U*^ zI3Jq87E>>{8Z$2@d)404dkC-#_96nv<4Ln!6!!anDk3L!WV9`gkYA1{>#Ghtda0yi z%pK|nhe(3`yxTV@6#?( z@uu!wd>P1coBd9IA>`z{aq;dj;Te(RC%G&E$BlC^qhDx;A79(H?3IPW+9%2j8Lk!b zBw<@%S{*nzTU^$r3MYB6!r#UNkgZ;{PbQA-pFnq`V1||`eR$Z7KG%A>oR}*mvA7_(sMJ#aF;y6lPKw@`@Si-dC~vR+53WlAxYZ+c?%q~ zSA9S}h#%|sI_t|AzUFM;wEB2Eb&dc$zf@YXN!@5+&o zQ`1EWm8mBMclCW_md41?CR%E2i%O!_uI_2D_`{_wI$dY55T#cSBT3 zYKVT4Tuqqt##n3^t*CQjXx$gj#0CK2axaU{-Bvq1SWljB z{8^+CK+Dzyyjyc`qYzm#*=2BB9fz@d{-el?{en|ciKRr>sy|EeYQy)>^}&MM!aQ0m zn7YNAoq$*V*=t^U><{`ft{+X6y;0+Dzx`6^rOZzAbEdJnO&4GR`58P%BLPuBBQUd~ z0j6KF9Mgz*V@j(WtDO^{_23?4@~=J5MFi68*|TTD0H3O`Sv0T;8IqA)saP|3DAa$D zv`pJ95n`UW=rIK0VWcVZ0*Gr?ENUzvv6pWIwQQB!{^}o6R;>Aej=^YX+E2}%z(zc5C z>K8lsR6yumt{?Apcwc=cMVf=8ytxq^y6p{}+`Ch2SGyWD~xSKh&HoFIJ zMYtvwCcSYFrtQH^E4tGj-%UuZ=qZ`RjURljSLdKpXkJh^({LqbbLB2);r%4hTRwPB z@ZupL7}#Of1zOf4_3P#|nBUGsPM#bCwnVp8!)(5?TIsj5Cd1sOo%$ot%>kl`y>}Um z`#(fHid#JQUmMr@H?Mq<92#X&8Fdicg0LGu64?pt!rQd(nB>`5Cit$x;bQ%HP!nF{ z>ezA$*>&;@HUS))FE#ns9IF+pI9)yVJ9`B)TIhcC=co))OItnq*&DDqKvm`6pTzo1 zM#k#+a?GGK2j3hAUmVatN+2~HqQ9aR$#i}Q8w-4#DWb%Px5UwlrApTxHd>@bQ*!RG zLN&OuzO604s?c^0>I}QSSqRk?j%03Aj3TZ}dzKdxNftOx1KFCz@!B4q?sUGo-9M`~ zUh8r-aLq+p;)DA(7#h=3FDS#E;7w7Nfecu2j|?8^Ijwu0c8IQrrlBoue0hH9A9=3cDE(kbB_MbQ0*FD5tB$*)@Lc+=S>J18E(_eRV@Q|X%dIu z`$i8n->4yZX8C!S;eRQ_x~ceEK!_3gT};o*_ufV)PoaN%WhQ!2**E2JUk*39sZt#d zHUCx53VdT(Nw`%fU_F98aelirYa6A_H=k}Em^CXT*RuxR$pIuNa7s87WSiQWJ z`co6FB3XY{-yCNMSor3yNW%PmdL9Pi2s1|&MU@)23N}h?yAkX)Qa&bNli&SNPx#~O zTv^I=NF}~$ZrnmE;lASi-4${wau-_^x08pwtpZyv8tp=Njvy%UO5(5pV_r-`F_M#L zd530iNUqviJUKZy_^|@>bwp<0;X&97#vZ~U@k6eGlT~S|8|5q=$;VN|QoEKB{ZBd9 z)c)?U^~sRM1`ValX~xU$J$;tknbw6~?V;3}YFFc3^Ll*yizvHb>8_CUN&pV}QgZvf zji%SQygKN?g)594 z9)q;9#l>hvh`o$5x+mhaSHVOI>G=CIDq!e?Q_Be3TVISGzynFKIV`N%prCDsNXn-P zv7L6CuyflEv4p(9Fuet|x7K8~qYu#_rVb-cPnj;i_e+#g*KI1u*uJ}n?KC^tDh69b zet8C+RGh86g}t||KU0+bm1!i`WIxe-wDmmQI zd7u;sAY5aTQ3vMn>XDa+8(n4Q!-U7`8Zqb0p7$>A%OtzVu zW{JV8NAVq;3|!4>x||^Ufq)n3+&@8nPhFd=v(ypmKB)qCvK}lEE-u~4%{u9n_3w{+FfXX@TdDPO0QK#)j zA#9ZC7<4_)>oA=8o95H2u6mmDx8)Yfd$Yv_)sn1VX{~1Nk_>!KuBs-&H{j9N0b4(U zysc2Y*5|vzfWF~n;(mFv_?{Zk#_FBu z8RGnFy3#`oX;{W*iS~+oS}P#xF_6_rx_wX8*R)pqcf@V)%SYeN+~V6(j`#k^Y~&Ug z^iS!T=3NMJ{BfOBFHxcZoM+m>mJ}gE?$bF;^oVX6lYKGWZ(B?+2X=?)DC*m@4%2toHtFCpL^-X8v@|^8EZBBiRh094vSFo+L{ipAoJK!b zGW+=E;mJr!VFwLUvpxc7*Iq4O>%YNT?{O_7V{ecGY;+Qj&B2&O32iW@U?n}4bB-Pq1> zp-irC!2c2NTfrl)$G)Hc3Cf3(R!T^~?15J?tj!XDN{@$7i@=E;+T%IKIoLPvEp1)` zBe2QlkWByeXu7uTMxXd}I$CIlV;LwMU(e4l8n53&vVF1Q@iW)E)H4Z?Ht9$Xc7at| z@JieXZY(U9<%@>U1Kd!SX2?}LhCj}aOD)#N*5JVXwQpKxFm%hCSFj$!Uj5S7_F(1Q zN3M|$65KLy;A*HVfAXpB!f*8-_y5Y>lE0ghE5ssR4?C(3&>bny+<2lc4cb4f-#qkN zNvR%@Hg!xovvR*v&mFKa4%tAmfWE!am75OWHKL(;U)BaFk{8EL>PzxRZAkbmozEq8 zX2)g7ras`5$u6`kw9b}vU}V8xsv^=!wG`$m@t2ddR+Bx`A05$a!oy5WDAmVc78fsxc7C0^bh+~HuGG^HH5;U<~*=S=c#Gw zpC+8#kDUezwT0jJa5fJ=b$4#wT#igt-RC(&zJ;0AP{0=o$ zrWn5TaWZO{ec1U=50V`u>O7@R5G_~{$-XzYNE|3A^9bKehyfq}pZm$Xk<9tsBy1t; zzExQ&sQ`s*Gxxe&SL5Padwi{{kwUNcinOPg*6v-JxdYBBlW+h`y3dDl82!O!D(*IO zh;^6>TpCDh$IBBk5zf%EE(81`-ZTY;WoKv_$3756lv+k(Q796z6f&FTIfKc1hElkF z1+VgC{b)+)yE~!cx;y_SIY;PzJYofgp;jO3I+#6iSUksr8(uYa15WeJe1JR(*p&^L zgI95Y|b$vK=Ke7wQkn)u}+UQXgBb9Iu& zFoX8UaXtQH9S@Cba=AsqPkr<`GnJ1TPi#57G{#=}=^DL=neU&q~YX=_XH)c3oe|+q5jAa<*!_td=fFv0RqZ^~T>4cCSr9Phuq5*7?M^ z^KN3AeG;lm3=zGLU1Ivyv3h?|Ny}M+c-owDddeCF(*I@>7h}H!l}Ly$NY$BzX3Gkn z;x0WM`V0+{)B(4@{!M~JeqV+mkw;fGb1+gCuHy?dJ|W*#S*b;?>Vs}iih3`i8=rDnRf(ip6Lv(c-lH0p%*BN&7OefC=32}`Y{Ath$ElM}d;3oo*b7O(t!A~!Htxg- z5{iiAe>w`R;WFU0EYo-gNG35EB`p$!Lx9Ed?ipbq68HQ}!5<^Xq}zD=g}IYA$=Vai zC?=9vkuYjU=Y>w5XU9!DY0>&oB~48sFrTh5y`dOsdmEt8mvBoE`}KzXLu}_rrr4V^ zalwpQg8t%4KhN`O>&WCPC7m`mFDG7iT^N-l{Hb2mr=K)dvLLs9*VyHZwxhNvpy_)2 zLw-d{ui=sI(2CQr4$0t1ny>1?a1aA$y{!P`>3?PhT-$8AjU+mvf?nt0A&EqOMteH{xqC=RpnMt3l+5>_L7ysDi3E^EBWc%Boh zl~t(;-rwhBKkoLYP3%l#_6C|OI`OMlHARRW3SuS_lG_Sp@=P842bnh9OD2Lt0@==q zMc_Fl>5`eXsek1E1e-TUSxT#s6*5GjAzbe=gcR7NGBzu8{;W;=*bvwj&kAs>W$Viy zH^-S4tRLzOtGMG3M|a9c({ljsm^<61+8JWAN-{%VLW$$gwns;24)MIgOHHdlzbRIO zYkobW-C3@T{PZh@$2m!Cgi6kz{Mcgk$us=lA;N)^`NQ7sb6meiGh_@Mn=j#(E%R-I zDFOnmK~Qe2=V-}$a(F9KLJx>M)eb;6I^tD_Fy3E1gBDE^=6feW!ANa1qufHk6EJa$ zBf0FcV$%=t?oB|LBz8SRz}t&~SfcDC;9d3)J4sRgjDFIs7W<7{;h=o`1enc@`&Qa* zy0s}N-WAvJrYjDj>n$?7>2&QKOyLD_%<{I0W?xVlY0fY z3dvaaHxLbEf>rl-eLeiJHHSbQAbi+o`}$kDMX18>SXbgvEhG}3_ptK!C-0CAQuV5?*i@H=8p1vtcV4Nu#d*B` zDPTwP8;}k1K1rfK+1;ZPKv&cmAHOB^~|+%T>9n^_bC%kmmEMLE#qadV$eN zn`cH9A2~C1b{FYY3-(_yGud6jRv|+sE^O>jYOQ7~|@zkT`JvynUQp&C^%X zkE7U*+SY4gc9{mNU@bkoyBO_fu`x)PKitMHW4rJpw7G0ULQ+);s7xDt*PQd||8X&c zVFcEbzSa&zGBUlcSyP=O^w#z=ijFKJT>oeUC~%u{jv+clFh52q%?3@U><}DJQX)YWVnm%^i8_w3v}p74SXy-0nQK zS`A}q+{`kony`FF-=}t8#IUo2oqyw+ea{~_cUj>(lGyMYH7HW^rj_H?S8B{7iL&ps z0!J7U0e5R^VuisJ0-9hTG%;7ihtI-BAhi#-I)vA<(#+B_dJOMv3xU5t1$rsK%l!Eb z(R=9c)*GRYK)_7Wggv?LAR`xvCEicGMV)lq@xywZ6YxnA0S7p{0_r>&OS=xhAXo2t z&k_qv+*AXt>?huj?JCoMr_Wn^Tu7@2&UZ!5*E{ULoAaADWft`>Fb7k+kBgAtw|%|y z8Fdu`!9}B#fcKJj1p`LHSmSj(UbYasoGdU{J_TlSntua^EkP%Z= z&A#WpONd?cwHevXWrmgjks}qmqLl;HZMmI&(A7yN3pjRyW$kj;s~H&Ga_xoPqgX?T zvT;iZj=k95UF7hI%%C%|P4_5#hZpC<{a2_W(!RMYy~NzmJ#Y>l+ZK`jJL9#ekdjWz z)4)`orI(WLhev*CBgc9T1#gQlTp4_2ti8#be*S}Jt8qCn%@loeaU1x8w+IME$<6v5 z_}=FAubO8Mn^v0O(I^%OV)`Fo1(QL{n7U2VRds17pl$4ZJ6yJ$W(t1`-KlRFCPK?F zDYO{Z3VUux8wua&BuI37(+>TlW#GB&bt1TmSG_xu4s1eo-^5a0&y<>P=b-@na_#wD z6qZi=URcsb^TUS^pD9H?_3vJr@)F!&l_7d1u);J%gn{SbbPIE8xJfRv_uG{+-3ui@ zejcajlgOBWynVQ?C<^s>2X5LrEwqb7F4i@{d1g7oj*RM&+vE%r2*k8NetR}2Dmw}a zg>Y8F=U`Kj$q0$4aKOzK@soH}W+nj_(80GKom0k3o<2o+oB?1)G2=~au$VHr3m@s; ztY0Z_&|>=lNy{Z*Br3X{y=oWrMTvo0ICbh>mrV|haXg4cJYlyR$j-PPUIhO^-t&(xxVLL5cn8*&>Ou3=LUdv{C4-mp)FCSwGj7ffSbN%#x-6Zs^qI_gh zILD^?i3T-j@Ha6t5Nnf4t|NIXWcWd+F!fYP`2Jengml)^8B+lwSHU1te%VBbXO~Y@bnEZiqT(*AEXbz$Q zAxGpV))w(*mu0*$`F z2-e!shK*GRa=2&c#DEmmwU(Ul$+Q$)Bm~cL>270S?T3*JA)rY}WlNBLZ4VA=!HvM~ zTfEPb8LTOKvsu6buA!kIX*guVM@5n`<=`G0campP3w#9$1_L^;aPI+IYM%qfYDYlX zhgF`ML^^?1e&{`tI@o|d9m6nm8prZ%G8^k66PeQh zb6KYh_R{6eOY3_2zC$Gxv18tg;dj%3RqUC;#NnW*k)WK4Lwrmy-1>6gcBC)Xu)|f2 zgX-|4X&dzT63j?bbBrQvR3E~~b}%tj$#}`P5euHl^OukUCg<)LhsuLtKWUKSAB9IE zkT3Vjj2uQXe@8D_V~axrty#IN9O{Tc$mYe;Y(jfywk_Iw0sY4zE`6d#;|(2P1Ru(f z7&XqVq#4DGjS`NOU-qnIw)esm)gs@vZ6EK5!rn_g&BO_ld z(^&Xhj6z0aFn5`}q6kJFu3zMa1ot(l#ia6Oilv*sZw>1Xa`d&vL>9lMq zapf94ex_#q5cU|E%u&%q$*vRJIq49JqZKlT%kZrDGOv<#7OX4Ez{yc|_pTU2`DlzO4gG^fRezVn= z?8B~##gU^sbhE*4KM$K@JebXGtOZD<%sJ|h!~6;l9=&yKtzcRF5b*XqmRkKUxB2hH zDc9FpA0+rWeY8RkI`JkasEA%N*%nVueM=<&R%-NWk3MKQKN=XS7FvO3PTH#n&%8N5V=V`$nbIQn9k@D541ideiFq#BlsFa<-&m1FHHM|Chqx8Y z>`gYlWpg;DB$qaK9=YsK744T0;L|q9BM-bp=Yc@ew$upMMB3^?mVhZeVb7lX*T>!D z>>M0{1|M3~EQ8U&4(jeRi>0>jFi702F^_D+@Fq6)QgeMNm9E-hHS7xBj>@mDiEyOo zmIq!Xa&)L|w1z|XP52J^xf{yDinA^LDCeaW8Z2 zVbWS2D2Gr2hbAJCpe}==>4w6-;2vZuFZ3fE4i`s-;H8i{|Ncmwv_?EHcB%B- zo_f4;?A?)!hM^b8D7dprY+M=y>@GxKi`OC7mB8&JH%RT61yIO8f|_7!bt>zM_p(VS`Tq^Q97i)q&hS`URguZR_+Wi%blx149&)sb!1At+<(IR z0VCD39SJ6{gG%9`OUAhCD9BDEBq8`FjMTr9#H z-i((21fzl3QKRGJ#iC#{SCY3|16o>6K=LG%sO8W#*pVa;E_TcV}r2M zgzd_2LMN@Bo7}>XmhucO7HNgB(dkH*;HShxQe!EG793(9UVxUE2Uju+)^tqoDC8xe zcpdNEv^Zvk)S;OygHP~6vb&KzzQ^sMn1}3hj*j@=&(VYKu?pb$6D0eG^G!6Z*h~0p zx}SnQ;Xl3!sm7d$#eRoyQiT7Xh|Fc1^h>|k;HI0mXRP37;OkMsu6>x<+QqEJv~i>m zbKGp^!}+*Msl)xFV#&{l0?qII-0i0?EnO(#t+!kIU4VC3%Np7qj_^wU4gt4sbzfTNVSjeKj zuFmaXnb1G4t0?oCbFEzb`v%z;E&GpZL?M$$Ei9gaQ8of^9nRZiQRcW# z|2Qg^fn)a@%6LUMkSqh7RNhKao7J?SF6Fsl&nK4spt-o8Dgm>sCJ^HO<~oALa*8;Z zl`SX@Fswbs#SdmLZy(pCERm(X1KQdxu-o|eHL#OdW4QLibkh6DgA!Wcvopv>$}HP; zEP{9KwS_NwOzT16H`3uWuEkL}{qptD$6Q&DFb1`0aeMt-KVMy6Z(EMxEC^y%UZ^t3 z=|#xqbRn$InMyY!1QsTQzf3Ro;pwwyivZr?*_P4lAl9uYB4LkMFD1YokXZH)Hw)ag z_w0_7kapU-vQ3w^f7yiK=CQL62`-ao7F4{s2vSb23WNq0w;_mW_`eYxwd*?Wb{vpj znX=N6g?FS`GvfXgXt_$_%*DAq#7f3ldL#;W-_5qQvU70^0@IGo23W!@f)Tg3GMi>d z_TpbR`F;oQjMMahMIi(kPYlH%z>fWF39^|-UM&Lh&9wf9$Wu*W|6?mTi=l-XAcS4} zIRyE!=Y)VI&`3w-P}BvE$(MA!{e=VBS149@1)UZZ__)(wjdC9N3_*W;{uz)q0sMqFdx}DM%Qti;r{EYbrmSoC!5AEN`g17?DRs>P!7R)9LH}SZuPmK`LFF}bI+tcDe+rNGQdjS* z2gt0b`H180s5y)qIlqnk?N~THE(+mgVg^xVz&flqv3CczQwWZts21Pf-Wb#2p)i#fFYZ4H04zW z8o)H2hF!1p)SWCZ=hzRf)-u|U2qaF;AU3~OQ_UjIe@6BnNPhiw39xfcw=z)YWSsu( zg1A&R&*I4;u`Kz(CeuaW(MG>>2Cy8kIEz)cpKhou5zrwJ^%?MoEN3uC%~Nxy<|sGF z8yY(7WwC&|+#vN&?ZFthW%7mp;qT`akp1bUJveeM0e(usq50PZS$DXw-Q_2%sHMUy zyStH`J95%(C*ca$27g$ndC$pzJ~Lm_>@D@iwH+2;n0D0fiXplJO#-rF!Qx0PuyCGX z+p0fPW?JAE;@?$5Bh&3`&;j-NvMZthaH%>I-i*6F7Z$R>T~YWrI|c(59@k@dts9Xa7?>)WIWSmC;_w9ETS943_cJ7&=N-OD|&5a0gabU`{%)ra}oBs z+tfj)NVMs}wN?x28pI|aE~(awe5hHJ^e1ohuztU!R7y@wrE139Zv|L2C^3X)DzBHZ zeYf<8xDnYKg~4fq(7uHM%WGcAwh3|uqe>oXDS~t^lgZ=A7wWv%0$X0OVBL*gT7~-w z)|T#_coWrz@CHYVUCPGz4YvzBUOI>H?WkD-w(bRHJL*v{ zitZLZ9@_=h+>q7Q&VC+@(}V-WBi><&PyO--r%SO z=8MX-&W<3annBROB_L1#q1nsVe1 zuqI$A71)4u?+PmV8a(|A|&+;{5vy;}H@b*_AH@Np<3sOMps zeP9KDl1_HWkrdNY<*o-5-a_tv9*CpU&PdcI5ZpE5j$Z^Ecz4B*7f>JFXi3!9!&vc& zJx&Bj9Eg=pX&j(N)mxTK-hHKCzoy*`6a&_7ZGv@0#+AW0x-$C7eV@_7Z-FCfq3_VA zdH8VsMt+8CD!_u;cg_vR58){)lDTjTMX<{%{slLyu}sH|-U%-Oa2#WKALT<_zbA1x zuPgFKGB22{>>%=Ri-2ExVc`Q~?L)OQKBh5#t+rT)A%xTep z^3L(K@&v1c_C8`O18V_onDM2qDK2X=A;=e+WL&UGWP~dzoTYb#Pc+Q5BeHKW zTqoBoayR4v&c`M3fd>Gr*h`>1#)Q7;|E(Ok!+Y%3eijd8cq%RSye>5nJ8K_*4dr5A z3p)PM(HjRiwPdfz?lwe)=4oDaWiurC&Ar%nNlM+bE$4T+GimhsF0MOJG2htNr+P8) z#X}qK0^q(73%|C{r6So)Ygp7I?ny{opH>+NjO z@g1O#Ntqm#?5-V<2ShFr52SMA!Rg?I>|N++`|W8A+6cFDZ9eUV)5n;aD0204Jb7xf z@m#ejzrfxvDPeF{@)7bed?+PwOQvFM=g?kT$fDe9ooGl~;9*ppB(%dx>ZB+6{K;br zV*Up!4mR{j-Y?Ujyf{ zK%nCU13Ej+yNQ%&OC>>(UlaZgF*gDLsb|(TUUyWn&U9JKc3Yo}HJsp;f`b^g;0~oLn9<1*@{{0cTs> zEP%IQ*QSZ98C86c<5w??;$;tknXwj>lY6jiKf;wqXUn37swXOQ<=~1*k0_cvK;dT< zqw<*Nl-`%#YB`_t1ui_Hh8qpA_{oN-_6W`)#2$yP+=cg28_P=Z;?22G$l0W*hSODr z_3MgPoxzl9LOjwApH;y$gg%mL7umD!gcxii5c4qB-r?{BXe z`r?kkcidfpRIS_#eh*s5E`Q3AfcsKoYqa2*{um+9Dx{+Gcj=~J) zWok#?Fi5X_{N#4N?WmQ_PddDP7ajqO3k~fYwPZvRMZu$Th=KpCPw+WdLH2uT-LG2t z-sC$ku^exHBij=BGD^{xS2+quQ0i-45&tLMQ%Y9<_uOsNRc*1udN6b-zB`bGx)=WC zvAK#H@xF-~67~LVUf*3^b0hOZgZsCSTQ|RQY@9Q1>W}K?InQ&DduJ7RszTZY99jW0 z*eR5&+_6qI=i&+Fnct7JY!6v7$a$i<6RoXxY3;yL`DJ36&x>|+(Fb6>eY9dDDlu0P zSRm{1r&aE~YI&pwc+_fU7+CTfGR7f%Oh9#QovI1^#D*96i)0=)n30IsG3MF=V*#I9 z)5ph=KBd-Ej^ASO>kP)v5iuEP&vCMfc4_Q{Pl`#eELu=1RCw53W!Xp z_A4GWzpw$9OHpOE#~U47?LEQqCyq?FO^aM8VG&ZueAj9>B2IIbT*JDhi?XdgGoc<`Naa7$Wp3;b;7e9@eo2F% z8BzDJ&~#qHaBv=dFMd78dw3Fdysu~e-A>mkpYxSKOf@_3UYidR-5oeb_%*(8BDO2| zRTawjipp`;2-p=L;-&tJpP^SGvrhcsD)YB@#14y*$_?`CTy|S~_BZ~^$o`jLa2NA> z+a-qe7-ppMofB&Et1l*kt48@jsfY;PTk4}8m#o*IH z{oZ$<^ha;{&m!B8rT-$Ev=hGW&*YP) zgLTgH6UM-;KX4j@LgV;F!VDi&u*zUh_o06^UEnrZA%EqnjSA_VRV#aMN=K=AS8;vl z)ewkqki3mTQh8hSEL5$fzEYtZ-4=bV1cpwj*AP`toFl+U-X!mc28^0B*fL>~xlm?l z>?DY|pC|DV0>YBZ{_L5Cj^xRUXRq_3&VU=xNesD?>eE#RSxYSNd_4`Uu z7va+}zDDh?gA1{C5qFFZ#Dk47aGmYyIk5`TE0=20V!uMMu#0AGqj?1@$$#@{nY{28 zR2{E*ljt(C(x%rl;Bwy4{wPxl+k?CWT-#ZZz}1k4^zt&aIOBCLhSBS|`PEXVSnCy6 z?{hy?2)3A|NL@ozxxTQ!ZxlENMc~5;c5jd$>KD85T^1iy%)bnI`pk5qWK?g+S>$-X zj@_Igmhj4DpL(47uW7;tAAq<@hU1ea0mFfp*hKjffUV*VgZ=!>LsRZNe*EWzcdXTt zWv?dbM!7byl$pP-RR8guPv#NI;BEE-69B5+=vc*yZyrF7jg3#*w{MTI+s@a3p)${9 z(RTvC5p84T)qkCeJ0<^}#dN&b{xC+z@YX{_N^)8ASf-oVvG)G4Z@G=8!Fc{yCe--i zH-&Tlx9G;+UoNh*;Us@&$WYuCv*B#(h(!{2wE9Ei#&^v#<8!D&yT2D0RfpL-VtX`i z6oQ*LEMzwo`YZ*Jl3CvI8QJ8S7hI-6?MH+1_TA|_4VG;$A6_(b8eEdol6$(7 z1}-&tcv{aAZ-kwVCIhz7mzwo4{8-bME@0I#;on)%=ii&rCZdj&ZwG#;RpgaQgM>Qg zm4m&)h}gNuMT$rfDahi6x1809epoUBwrk0r0mM7g@c&dv-2YWc@+8}X zU{ZtVA$)5+LJ?`n|9+2G{(T`|XSTl&>)xYg=ue90za2gsuhzUC4ggC}mGRvLpUabu zu&Bg-@PH6#7-~SD2H)zC*!`yfKD<}t{!6$@qA`rxy!X4fphRcJ}3uzo*aYkoTqn1GBZ-+z2>ykAwmcrNY8TY%2=0VWg5?TV8j zq7qeU%b*ump}k)}6JvwTK#FD+s{F_sc4RHQ< zM|kVp;+V%t#0x-9nidS{ab2YZ1qd}@`7*wOPwDS8@usbKh{yC0EwMGMUg8EVEs+lBOTGBRY3;e)#MkZNJVC#>WiaY%Ac=P?J?WL=DVl^ z+%TKv8F>0%G8`)Rl+seoN~C(CiykUO)IEpDAbJnZP(p=N3^I%i9X8nO&JAqMnc2RN z{B3P4zqND+6_QXlM)kH*cpmXhV#m+~kgB^(@#gX`Or3hl9jXE1`#b}!?HQN-P$S)u z)n}Gjau%W27}Y{-`;En30T~hIn!x9MV$?e3{?A@0nZI{g^s;a2ebcF&Y6+{~NoU0x zc!pE1PK&H2WDXIps7%AGe3}8oZfPms!R$=xLR^f>fk}znGua3Gx9)-9a|4pS3YEq5 zCZm&`uWy<^pTXY0tXv;2_-ras@E0mpSq1J;2flAZ!ntF@=+9pRe%G}kpH=3l&dy>qD`^Ll|ZUejmNzX!@}P-W5I zip}o#-Er<^abrai7(BuLJRZ~Mm^hzy5Brg zawv<0V1E*jq-IM3hEmdxgF0&-$r*rKj*d(7#IY9+^ZOyu$>7VclKJ}oTub*N1;#FZ zYfl&KcdXw2HRZ4|?Bv1LqW{OAi;%LI;6R1f;kB4m0!q&N51ThtMl5!iS9 zfR$4K=*{n)Kl-GD9*YpJzXA=2ciFWoBmNAxyJimi)1NIiI1ifq#*yPr3q27 zI+wP_$hEgU%k1GS_bh(p{vlg`iQHlnBh*Hd18=G4>?5@Oh{bFq=10F)1`$xe@JnL3_$QNQ`6VYd8Ew9%`anlf~*Y4>-EWkz8qOn9#BXB){OloQR z?Ccb@>ufmt|FXcNGbRO}YmOY{N;f$f2kpAxB^_Ssw}5Z!*nDmNw@3P0*nJx&g09V6h-mY%OK?a|4#By()rI?*s)N4kJ^D5S3g5Iq{Iz_YRJ>*`T@B^1={j+pY-YbRZYB_{aQqRF8gOB{A1=e%qyR`#!-+0amOdu235m~hT`qu z?Bv*nim0Do8OJ)#Nq}U|T?L6YcJ`xwCUy1NA(PWpM{l^BsLcQ_d*zk<#(vd5I zJeOKrKT@T0`r*KB!*%v*_CIfXb%`;_VgP*his0R#nxfKy-Aa5#m%VvKze?qJjubk- z(A-af>k6Zk1W%kJ--@~mvm{B(@TeU}zw8JikM)yE6t*h(KvynvzVqrBEvz|`t6C9hU!oB%HPatG)`d1iI)=N!vg z@+7h^yaV@V-tCxTmWBk0HD@0jDn=jZZl2Re}! zY0<0_U=qhhKEs_~tOV#76fsNOV&DQZJjixLk=5GpRn zo~A-=VaCu4@6`r%b&d(zwH&Ks5{Ctf$X%af8-R||j88v-_-zuC!7R*OOChbUzUIrpkr_}OE0KRJ^((auwavn-82h-v|Nv=84$u&+LeqnPLGI3R`M$q7u90b;h+CrFp?QI%C-i9NrES0q?^rDQ6&@~a|rg*tnDlnY}lRs z6nx}F!>id~pe=ft)Olt7?T`>5=#bBE2$(~j-lU|7vz+q^4mm`bcD7skfJOw1Jmyc)WQ?j@_OE!IHAPJ!;kVgzZxv7pv?_u< z5AL6DiKC0a=WaNBi#DWfK)aj@7zS zWE9V4x<<$Q)X7hc+CrZuv5cgM>n_#j-LmYWkEqvF*Gi9Hq-vIbq=wZ&Am2bYNgMQf zSczvWy@Nv)(1Ew8Ix*=F_*Q~)NFKcg(-UC8hU)Or0p{DauNZ6uTSN-=0OPnQbyZoZ z2&Re&O1h|lrWn3ukB8C9RFT^qElJMc_=XUw$r`qrBgqOCwL%x?ele)B%IK9On&cRo z4gcgFGN)Xmzi?@-drRjrqA7eH+F$PfSoBGh&DYuKRHluRQ7B%Cl#3yVOf$onY^;(^I~- z*zy8QedrB5K8u%Zk@h}xVAEiSLlq-Npp=awM*V-C|NRNMT&!8g3E3G# zsU4ljrTG+Gh;~a&>PAxT=j)jLt+As*gVE=U6My^%n?;wR&L2C9`stiuw^sF^c1Ggd z-=~dVe=`ANd+lu3g`CAJH>_jpI13@6TI_civ{8`L*+V`%<3JTjl)-jheGFlA-D8>?4Ns&zqZmw>TcA7dM<2tZdF7+}JE} zdy;upFD&AR?EhN0YwH$w5g!TNXmuzHU%0l& zstzORfP4?q5PD-t4tq8bG4O|pkVo9;Q0HoIF;l_!8w2oMb7z$iTV2(fX|0wCYV53F zwA2J+o=G1wYg^)6;^{sx-kddBVXb9!TAo?E?#<+xyB;&y%Y65ZBZ+eF-Rp3@9nGTL z=VP%1Rk95panjdpIj`V^k^2hQ=g#vkCN@TTVFwq}>f{h-V-Iwwd`oc~TR2Jz?u=#3 z)7-Xz0awYlMzjv)-xDTtU8NWI*{@|u9y5@G8tz8XaL?qa@s)KRG?5!N28Ndmqppow zY0J4kxgmq_rt3iRC}+tWlMJ4QS@*I;RWhlieYO3xL2lphBgEM$K$h56@MLzr%gJD` ze+@8|tKh!RPyUXz5+ki!s%tFAUNT8oZ{Oh2sTYIjwv`v;G055bt!$Qrpr(EHj^33U z?J6*vdyYOylkpMt^wc)FS;TYU6!$lM3|qLoi7!s9HONJFbSo$&_CjKdI@e$77Ab$! za`QJjHlkiy!tX+vbRS-r;cLU+u_8-EEN}o-J#uQcpZ(7KoEB^jx!+=mDNAByi0MyH)6B z8E%WIz48!r9g`GEvogyz43d}$+{kWkwNVla4pwksVg+T3ng~t5U85+!>;?KsC%a{4#$Zg!yd-5wUx^RzB3k?WIN(!B!M4uuWoWqq&LD#`PC^wzY39P0{gQ z`Sq@_;1iOZ2A>Zro0&ah=>SKBvsy9MzPmC8t2;Y$Pqqv_^OnolMX*~P;S_vqC_%jj z1J18E#fGD>aa3dMBk47j2%vbTcR7DofOerP{}B^i{Iww02QUSsj5zG=#xDFEV&F0QgRs*020|OX{1!Pd z{XoW#tYxvdYE=pp`l~kd=w;47ui7u$SBpDja4^86d$GD%3k;tA4n`wL{p++-wx;Z@ zGbi3b5~|euQFe6OQo-b@8*=JE%g5;+N_p_{tb1+VQ|Ze3UsKkDTf^K!L-#ob-5<#= z5-E;8-un8!LNh}lt-_RvPvRMs6w~q1tjH`C()T49Wa~WV&~!Q( zSfo#2k@UcLl$l_iqm564;mO$ku@$YF9JXZA(xGn}`*DdqjwW6|v6JfPrAnPBNI=H;C(F|Nc<^Cxu zq#4HHrIvw|vH8na7`E#JFm`KDRqid8r}sXnE51KSc8yjWB97`sTv^dJyg_l&tDSfx z^~=y^9?_EhLl&OpkV?;O@tw>9?o?ms8_gz_qOZQntLT)3%cHOBput;xG?1j!p?T-y z`uT!`mWWUCQ~IY01}MIpwJb>Dw^$dmxGQ;2Zrs=;sq^RT?Czb0R(?HAomVJ$VcJ^* zRBlf}eUVz(FYnry%?;LD*AJKT)ReA{O6QC0Mr~8>TbzECFoEY_Zvhi#q^agBo^CC< zV`(6KnSVgBxzuTC)aYt;Xt9qWllM6yN#7s4%WaIEaIHqV)#kJ4T>QMxUGEiflXy-J ze_R+<@7;nCb#?xhRrLTI;sTH8ifZ%MW6qhU3aSRLeqLFbHtU~m0FZ4$Yh^QDW_p^= z^61z_JsQHjyeTzTFFZAq09sh-6tHErZ7RyH8=1N%zJ~KUxyUfP%LHA~SOckn;85YQgHs-whQ1k2Uz*DbV`#fu#;X9{Z)bE~NuNXENXaebIjJVlF z0M2;cEy+x(H|d)(&?O=cbIx1S{(?={t$GLHuCWM-8}2Lce!~Ok`Fo(T{Eh#hWZb_| z@=UZX*a0<->iW(w;Y`0sLmqUBD6SO0S_hz|)pB{Rsek%|6Ov3PK-f%DE&SHC)&IgvdR z;^uXV*v>QQH#;6GLVtbTYkM{E_z*1->%7Z8hNa%DsFx54q{7{T-?Qx?DrmpSUF{Zw8L~`(D$JWHmK9b65djQR~l8@iO0`%q%P6p{Lt{-c(V=4ZQ)fuJNX}|zW zyD%{u4@#E>g)n|JLMz%o!FIAG_4+?Xe5N{dd^(R4h!QLvd)=(g#X0mbhMDcyIb-^=+V+z zZMs#J=-AzxgK%*5WP{5$mk3#7BuK}K8dns`GIZKRj9%9iRYAw^H#JP%<=oe&7so4% z9+8Dv78I64AxTU+UWXGbG;dNxp#^C2y|-RkxP1?6GeCtuJ6{LXU9oXE;N85|jk1pz z`iad#^(sl7kB0$9wXBFD5e8_HEct3x#)$aYPy0M-j-@gqX#OuB&+K15#@TWdaG7~m zm^8@J+zNya6O`bjX>(vS=Ia`54In#@uBE+FL--a9TU@pa*f_-=jUr90uZT4Gybp76 z^~jNS60C-K1hrA@NNb5orCK01RrfW z=;SlKPAvR9`*=8TL@j`w?Kp5^-~y~zd~r3CxXeXfQHLHmdX=68N@NkmEdUrN=HLCV4rWLYQ2abF z=Z~{g^spfn{<*xapy44sI)M_yOyH)O&#tLIZeh7e^?~bewEI4%Kzy$}_L|H*;(nG* ziT`b+;w~NI?;y;8nx;`eKwt9^4m46 zh2F0W<;Vgh&s2oZ`>?}-Elp>&UskHDm-$8o%EO#n;gC=XJa2d)==ZsH$WvNi?92%< z`^5qekp}Sf@zT6{6CmbMbsOlu4UIOQYiK>$(lKoj<7Y*nmT32>kZ>eRYWl^!=gBtx zhF@Xx+54U=uKBdKn6-QXy>)Gg6C=Hg7I$i&=3+92v5AShmPC3Z{aZ<(qv(0)@x(O$ zsi(kqP-|-X5XZNdd{(c+*)*@wvSK~TGN*y2jV5(T{^E0m5gVQF`ZRm`Gl!}xZLxku zuUHeWfCQHSE#{J9#cLRAl5y;NqSia$$BdndjGBi=?g?LD`UQ<`7J&4ny#qV2lEBg& zO{SO=@kcj~$3FMZWROAf3HD4S{*`C9O=;@z=~HEN8P-XJ_--Wje=4|L5VU&psA6f zAXOlt8D55ZH!@<2djTVY@UaIQqX@1pHok)_P-H~JN524|L=|y)r<6}GpZKL=mAVD- z%F!ck8}HNz17`-E0j-gl_X4Se08F&J--vIt&m}m1O*^WN?giSwLR6keyCSmK85g|G zf%|07w|q;w#rSi{Vnawdmv3WN`O;i*sOT~I+O1;_ydx9q zU#hl^fDoWa66OJyH#tF4ZAp>tdW;v7kKMyG@hNv4j%10om#}7hn|WI7zXrqkTb`MO zG4jGwsewn}tZA5t9vur@CNfa(XYd6zgc41k7a%M7CyI;@QUwIrWOBPN9XrSymI4{X z@s+dLH3U1dOypsHe%H}Op!fGws4Q5fE!>E!;XEchi2&lTdbbK{@jnFJzq1cu(2Hm~ zW0AH4c9zCX!l_JIHs3j1gT!~Xuh>~G$~e+bwz>a{UtSS3#8%wb#>&KB#=&vQkDk$R z96f6rfYCy^xNTf5li$;cjRBE|b>!O(O2P5fS7nvZLJEQ>mud@uB<*Fs!X+q7ctE5e zIor+B%z4*C*ok$V)Mk-PleK@nrq_Dm+Q>C=Y?U$N*`&k?dio&2AcN4j9&SdBU(|@{ zrBGYbj^ukzty;0KLsS2)gs(tHFsoqt>F}mCbbexmVak2Lo9$y$(6xZ~w0e*&h~(if zih-hpDZ4n*d{X5g5b>`@YuM9WE;BejZhiA5drOuuf}kbwuXygCJ0Vn5%mf(?99chmRT&g}%J8$A#Dt%K`7f6a zIJp6mDkZTaBb)2}MW!01u{wrD&#Ev&1(BfJ33v^y8wD^rV?)#5CCkzn7PXgPaGPm_ z>b6rfpJ6M$Fb2mvyr4$Ji5`C+=;PwAKKCdPXb8Uf@yjm#^>&5Pxp(c#Rc7htZ@r#5 zz#z(kb4n%f#vEwf2wy3x(mRB-ZaQy*=~bP|=&m|jYF5UEmV7TuD2i0$;_dyugdEg1 z1T~+CiD>@SgI2&S3A68?o1N+E7JffzjMQ`E51C?qj!v9H@TX2s`EYKyjlk#g~Om*jE!D zn>-ABIkm}#NC+&R|MiX7k7MK}Kdi|POXz8GdQ+txf1tLM=*N)!Ge^w3(})p5y^viG zPTC1FNsE11Ou755i~1bbLU=+Sm$#m4txjL3?I(;oYn+0z(taV6#Ui#46Y*ui>>`JM z{hu_jacNTgBR=;%JmF0oTA@h4-RDwf_nmVo57a*V(L!}esy)~E#eUbA z7UQJ8jfzHQ=>8Z`r~b>HuR0Fd)qi^DNLtUNdS_m{Trj3**o7p9KYJbtIEK`*$dm-n zo_x#2=T^|+Y~mf>i=I9e>DS(@V*Ot%BvfwbgaRGbUuUlN%DkZ6M~7EA+4r3uJ`|u9 z9qsrblM{vKI1gMutjYhx<*@q&a;jH-(eW-uib&$vivS=A3KRIVV|JN$`k#@Jh?lo@ zt?uWCcts4;4x*J!YLx)Be^DR&ZC`QWdZA3{+i9T`m9n$<%nN?YdPWsI%k`H;_l)*U zdI0Rz)T7JKMF&q6#1=RGmBBh>0HYEH`U=_`sI5ED#aTvSCn zHva*;Y-XJ?k(Y3B4y_-*i&dFP zu*pNKOn?L(F+4C>WX+wW0KK9qAWD`m+`ucSN6N~otur31iGTKua=_?~0hB&4_0`MX zy3ZL1Y)pL;TcJJu#~(71GB2L1f_d8k*N`vC8d)KSA`w<>;#)PLkVlfn7Sy#m_vc1) z5N|hh!Be!B)R#_=%W>0 zIOZ4vYp>ipV>o0RY zcWO-AMeHWKbX?6_SCI^ zhv0GlTghQ0SvCZUe{Uo>hf+!BIV%>D8V%zF7LE3>T$Pd%(2d*byJvW-Y?+e3t!p`z-3D>2_SQ!d>3dn)ESVH}9ZZ z=Ho!U8}g!pTseWoS~g6F?MtmoU4Xl9n-@U!mpjM~XF_NO2*|nY&y6plZ*=O=XK!;^-aq!Scv05`7=#u!pYW;SN z8WB{GN@IU+dTT%2=)#@p&)YyJJN{oE`Qm+nv^w6OkX@W$QGh1jkEFBR_f-a5^h(Nd zV06Ax3)#o@S2}7K?pozV%;spZBlmW>PW*LyJiaU1;($^LCmDJ>9}7;^ zHEKyO`Dl((N_tHQb=(znGcH982e$U6fHvX%DTD!K6PuU!9*2`4-!7OM-CH5e? zG52h;z0aNwFu?SIO4_aCf$3?pqhpclcw9H(l)tQ;+w(sn#A4DS4fJZ>BOvSRpxFd_ zA!ur|CeKfjFr`Dj5gJ5Z)6RRE1tBu2)F1w}Ur^eB1rV3#ntV9GE|^Ag!7$|_f1}?y zN$+qF*`nw=Doio)BsTO((}JtHzVBpf_V{KNKN=cM#LCFW+SMCyV)(`dOBiT^(cC)@ zlVTA75{-*K8W-~MGgz_(QuctepHbLlgRqwZi=(4>Nk~YtUeA74&R1my4WhdBsVlzN zSO(ho&sgp09_?Z44}yUg|4GpGfb*jJMG@$W?Gh*pN+;myU%y7CC5>pk#G~y~z@xoc z&X>>=Jn{KW`z>D^RX(h>O?Und$k6}pm+|r3ge#oC817k%`oRlal9j!8_}umjh@udNCaNgz+Q|>d z4+@%mizErH@7iqj;$X4Y3pt7)eoAru%gM=O`(GYE_O066<|n9poGZg zf_4nob>1B*cNk%@z?MV)r^)_)`Gp79r>xSk)$rf^4aQsBw&oZ#eXZ`*u32T+5O}y+ z({U)Jr?7d!+F4t#t)39C8Xl4U0}S8i&JA?!{hos%-LI_A8S`xIW!QaJ%6cSUIRwSA z>qw86o0;vUjF)>I!z@D0&rS}v!aO$EFF+H0HW&ln?h`$4KO&+^;k`uCkkgmKED=H$n<@-zFVw0?eUL=Ts__y? z^gOnje1XCS`rjC5o6arHCREj`=iL-^@#hERB7b(fN5X)+OH!|9D5JSSfWjmThJT!* zs0mkQLdKayF9SX<{mOw8Rr4ZSGx;ecdEJ=p1Oq|J{>BoJdaf*`(fx1m0us80`5IEm_cb!?7?BM^at`)>1+hbKFn3pJSHc&w8PrF#ebT1D%4)A8xT)+Sf9B@(!u^AX2x?S19; z^Gt5L@KNVfz&yCA-E47swCixZ?$TcUBbBo$AY6JMkd%y^cgk`$6hceGsqAXBQ1n_) zXa(xIOxilp`%|nr=>rm@)obNli%n;z_nCXyX42N`mp&vswkoH^^gQ+G1d?&7Bedj* zcTi)L_pwRq2WR%*F3^=A#i<^fufkq=rGgSubTNe$S~=N?8P3|ToIXQLrfFED2NjC- zbd?Dnd?BI;iR%w=jHDbXkVOkQJK;gPO=-+0Dp#~kTCHPTc??UmtCh((wAti8G??Z^ z^|And37Zx4vAVoMv360uu7iw=;CbB+qZx+J4UBOv012l!FaR+slmul)EfiHv$8FXh zD=4d|@W{Q#8*8oI{Q7{$yf+3@Tq_wSx}hmgPt4=fc&Ylwl!qCZnRh?}a@QYej$wdH zr2|L=Gt-@K`m7+rUu^zJ_fVkq{CRIYp-!n+cwhJF*~F695s*GvM2b{((eEUgj3MkK61g3YpbzlCQZ$)%J zbRA7~d9t=}+F4R7`$GPSo|SCyuXB!ZtF1C9S3EqqvgVDnLn=u*YbHezmq~@&lo~Pf zc(wTKcL~!o-$QQa)yIN$CQ{5m-+2NsKymm1*;|qj@^~HvQN7^X%=DR3=giq%aglsQ zI`~(6G9^#%f#r-0;aFqgg&3^ST#>q z0)W&Aujj^FBnnt4{x9ymZNOyEZKH?X>;ezRd(}h73+1<*wSC)b+*`~biQflAOcaY# zAJ#s~glj4C`wQuJNJI=z);Lq8t{kQxo(mLUgWp2B&sn5oD5Xpg$^9TV@g{4|%M z6bQsJ@0=w*fI~(HwbGwTccyWf1n9!X%?7h%Zdt%@GwW*hik?4_U!&b^qbv75b^j4m zYPv;Iy$~gv1p-TN6fL8KkI?Ino@a;TLQOjq7AYJ+=-O%ON&>|(@Y5(nAUrf_i&AFs zY4O^I2ai2(_w=AQ8@zfsXD-%HseLZgBHru|P_|zqAXYCY%SK9FN zgrK~cS{#rf%T%R0W00$uJo7WM*-_v1dAn!-VyVBZCv6U32JceRRO(%23Lb5S0ZN(S z(rVmQ^wq27pRnhY_A@>WR-j%>-kNVcog0M2UB4!s+v+}M`O476fn(^Sw^yEWc6oOa zuMTWOP7M{+5@Oa7l|7gNXf@U(zVnilkarv01xMH*A5c&(f88jS>Q(Jo?O@$>l)!u( zfk%{O7P4d=l5N@%HP~(A(&&o|&gGXDq5Z{Bojm30@}apMj9o+Lx3}pX_v4-7Woul* zlP!s^k+LuX-OUd#750X6_4TYr3YkO5I0qB68q3YPoZ?o2e1~#$f=MGRDcPiL4aM`h z@0E^i-BL`E&LRk<(YOTUojCi`oPZ@1mUd+qGZGK@o;q@toH=!BR7Fkx-LtUvGL5ZE z9-oK_PFBu3uaZf+OvP-aopXOJj>tJ!#@cdewMQ-F<;(H!QMx=zFjDTo4U1xA)Y8kb zrI#EkdB(U_{U6_Ur}AikTe%Z*xg$Eqa{JNRA2O}db=UjeeD!R(rd8=$hCNz?$=LG| z>!_-Z{E>oer*UrOLQO7sOQ!B&xsdEmvEE8WTY*MNn$h;-gW14z5JIOSK_rx^(SQB? zGn7^JA!oL1tiAT*tGL&s|5W+TW`NMe#ujd~xe}aUa!w1T?m98)R;(KC zVh=O7;j5@l5gN){#NrC95qD*rgJrF6I=WiF8A9r?lEvy7d9;%^w9>mgcd*BZ>p3%)ngrKhAiWb$JHs0E-?i@A31 z)h15FqtIq6##euzem2l|1l432L8H>&S_#Kk<&(!9&1JvVIAg`=ir-0>H5)5`b>|&V zh)FRTd?YPJ3$|?J!h)&WSqnM0{Nt&5ufVmjo1!<}hgw6+2W&E( z@&=W2BfJ0`4DxXsLai$G<`^wPXOdcU3^l6z@tLm^;9TdZ0RpPvWL-QZ7Ks6;>koOw zYKO&zIa~C?d^rB{@tcMw4-ZXjvF_hjFye_U0%=tUhY>vK8DJdc;K-8*jTn#{QEFiu z9G@H8|5G|a60DU=+xc!h(`CBBnHxXgceg07jwSr*F$hd;IZJOfTpAg}qBRJAmi&D% zs|?EHxFiSAERb8|c3Zt|HJKX;wrZ1Bg%ofzFsd}g&Kg$|5r14yj~Oj-NwbWKit4uS zcF=wdA}lAXdT|U8%#{VyN1^h#WGa+j7#c ze|Y&tzsy*oCb7b0W9%LkzgLvQ@;(=%MQnYUVfMM)c;ly2JxJiLVRhnDKkZF6LIHQ$#6g5nf zD%FZo4uBS9p&kQGH^%ie)VthrfL^QA@a@U3Aw|F>WVdnzNU1W10XRY7FoyA455HPU z22A?9@DEh{`amPnOn>L`;oveI(Ve^UNqmtywly*aIS+D5DB9l73vD&u!eU4FH89~8 zD_HTP-LB!BgOpV*3U3#KDGNJuteo_iKArFeAn%C(j=)bx5YU1F0oMJ&I;{#PA5Ks# zCn5=ne@*h6ZFtTN;?C(RqcD!Wwy(6qI+zp!hjQb@1DS#k6BvrIq5C=>=uvtXUKIaT zI4%Kc6jlb+VOz3#`FpWYmm`}ro_@Jgo*WR9oj^cYA2_WtzUy``Q!P+e3llvPKrb!G zL@)MgLz=@vF3(R+s#6hq)<`I38dinH+_-E*h6#kpVd{HR~nU+$wG-e8Ub6RCH^3uF7jY0J6AXByYgFgmO`HP{E;~Kif_iS^DeRpu{UGQT-{u^~Omd7Ev# z#xDACURoSWWMZCPl+!Tb$ivdi=8Cp4<7XMpeXVYLB){G0SMHq~ks!ek%L94raQHpJ zY|oa?-$U$xA(7u7onq3|zg?+|H?TMSi%j%4M^W?Ji_-mX{_hPE{J-XSe`AdQn}3`H zMwKG>JG+5ZZEj4wnC|$E*D_xJYhe91-w+}2cNyz9mY@6fyBy?2tP8^VtETw>e*Ayf z@Bgpaf2PYLrYa#-g=5tytN-!c|Mg#^Y8lt~1O%sfJm)zmQYuxJK4(eX*REn$dPPaj zdUsTvgDv|SlK^OO`S-X8yka5c{6#shd6~DROfVrTVU-P!+F77vVmbTT{dNX8Nw!L& zSTAR^75&KUl5FLxu{wAcUYt*mt;sA>O4yVMK%oPT@Zg&BrvCY`>i zIu+AVj`7qQNVxOy;Jd}viR{YjC=0vE4Md#BT6pt}R}bL5TNsd{9Wb5X6gi*N>Zo5B zQWP23r*f7&Io@n=u&)ZqY9o#B0%tPdmj)=MBb0yYE><0w&7gh~%UJX8=4!9M3mzcc zAU%Ueb+fg5Y?dTC9vhPZBO!`%f1sF_wQbjM$^@9!)y_&P z%zG%^097a!wSkFzFq|Coso{hLD6xFJ&8pt5wNDpF151eEG|>OtmykBwJ>mGHJ5uoT z36D=bc&2WxOsz7{>TaO@LdkDMPs*bD`u7R$a?bXu4rEu=S_C@b(?rakSxBe+ZkP2s zG@)83!etZb{3`I2s%kT4kvVUb;b!Z}VNRh|t$Ntzunb_zdpKm#{W|TOFPYyi4luD< zBy^|5s{*BQNAula0o?% z#D8ZCnj_9(v9se#nTZ+5Y8T^rk{dNJWvl z;MtsnGRddhZIO+Mh%3?-`u&a_*H}QAV$gY3pR=qZA1BL&Qo08^v@9%1lETA&>}P97 zUWW9UfP2?M=Gp0D20`shtlVSU_4RD51A#gKn=owcbx}s6Tw8@jUzG6X7riiny3Arn zwDV}^!PdMP=yI${eePH9TvX8u^bAY^N9N$lfx=*&1c4Q*I28z`E2|glu4upTTbSVh z$*z+6?OC%Gi=O=SgS-vbNcup-!?eo# zsb|!{2i|77>+gSAaPB<=5C#(y@`I;`qAQFK9TNFnic|VmE?c2L%TH32^4m`4ULEgA z=8d0#TMHMMwFHxHPe4jK&r`=G!U@^}=bN|YzL+!~zuCvx1bnj<3#$digMDK_LP9s> zpir+?z4+^r_0FN7LI5EJN!|66o}X^5KPXXK>037$By;KRx}DS?Z^U+S*2+z90wVe5 zQ_r?~{<~A>uguq7H;yI(+=zQc1$S3p$Pv_*$ zMSr((9bQL(3UWx4OGi^C!oPFrSpadzpp`JpdVHNkOUXiFKU*f~yLF%JXT@|TjlC~o zSh`*7;oN(px*kQk4jtL$&XC|qm(8c!&GX?DZUqqN^X-RGo*ugP?@oZ!V*l^9&7gHu3N^5k7n(_+9g-n#95@d zY1f}@%L=Y!MPrFhyFho=;%p#Yl;YWbgVWU#Ajgu4CDXCthjM)V#qEV2$=8U-s-6MX zmRPyy=n#+vm!fr!DKu!%XHrO6E*$tk`&1hNo#w!5`C!v^ZlG{N?zEm?AwuWA{HaDX zM#y>f3oo}hNJk{;9s_z=nb>?aKW8d_+d`TCKiZD>PW*ktR}Tptv8RH8S9S@wCra3UUFQ>Aj8Sr4vc{CP=qd^60VuL zDMiZ+7_Et>h|kaT2EW#x2p%b}3@*x5ujUu@oJ(fZa{}2D{m7Cg^r*paI5Z`!e91{&|d`y_y%Z@K2RAy`W3r|;tn&8Z% zyhZdqoun=v-82yq!4%0{U9W%irt%sIG9U}J7_dhoQ%L=Cvgox*9j{i(l-!nV@OIGtG35Le=%OiUC&SKJUDh6QPcOj=Rz6eb9RRV}DF+OkIyQ6ak|Ks*L)rZ0t@mOmap0osK3L0X|V z%WGIkN*3hPDxr1zx33NZMTmZXG*G^kjCOdM%mheL5L!5EkLX|XhyuaB5;`viw#%Mx&*1-A(y*5_>8?XJUyG)$K%Wc#NMi-L zG1+~WRtvn21uTuX?(63oPp3@61l0*dLWXh_`7w0&v-QLT&6lQ(_I!XI0fhVU#Qay$ ziMqh~*09)JD!zoiA*G~)>wHOl-I+`0wr8L~9j*8jt3XfTiMLgsd4LEZV;^krsfDd~ zpIaKNIDNl5I92(y>BJ|&NAc7EGF~2g_6p0~{;${vpU#c1f|scnUCqjF`<9caVy%WE zzm0ABuGa(3At6>Fq;Q!vvtUWRym=3605KJl3X@_Srnuobpn+Q{Bx9V?cUZ|zGCV?o zBEu^Euts7%z7&m~`4<2Z2fr?x9^}i)C#cvl_>dDFj&^*Mr#_pI2~eHF-~3 zVcSBcY4aDUHO`AEj=firIMOpuXPa;F-gIlZCX7@0<2^%I%u-J>e$e+nFno3cy0_f8 zAkOAkG<99Lut+XdNX>%&dWB)*r9?hx617+NfO4H{Z}iHRJ~7311yjg0OefvRC-af? zWvOk?&{f`ysQk#+x}$acWiqQ<&!`v`=iz;6JSZ&*WRcDTEDAF3Ns{S^x}WVHN;z1n zl!+~St&QEo0s!~jRhg$d^*G&MP5=qLOt~OJ|EqhB>=nuF#!5d`XgF@oO0Z z(*sz}2KRk6*rr@8R~NEN)`xvqh}FI0a^#QjufJD#iq zx6ZDh;WVh1gGv`mL_tBKn>SIAj4_PQYH-*}3qJ_aaJDU5GyhzfIjV%q@sW8-@58*x z*?WP~Ad;k-H zk8`|a&f12EU<>QJqWQ(}EmLEa$Z)T1m_LM3zmF$9gtQAvB5b}S$?ZAMB%kFgE7Use zG$p!|C4Rhjv>zmOxJ{a6RuH$u!zUHpVj?)}e=CDzdH${c0`ZiOL2>n-cJ)#cBopvC zHwA<`k*)5Fx*CviYFD;3F97svF2EpcezlF5&^+<{t!6}wh;j23H%t+Kwnd*#76$hR zK$oYcAl(O~)+g{bR}6eYM;Yz94O5jec*iR3GrbWLm4b4sSWT6iKV2TGPBjJ=+K^_H|~vZ*sM)>V**? z?JZ+$oKf*PN37+VQb#8kss473qI6qm{yHx5Ytr?bF=h9jMYG0HB(9$l`vm| zk#JlvDeF2H^QfOGDw08}JyEYWqM*1=+2Vyh+#OEs^=rUk8_;2^d*F2}Nef9i>>}B9 zh665-H?*GLm!h`!XJX$Z8h0xJ!IqL?Me|OQ6uv}2-WUA`}1bnyr zxgfs`d``0wlAr%zyuz?0^aO{`e82TWAA3?&1VCYVL>16;$keFAVwdbJ;Td0oe68FH zcTM`(W&3VgK-YLbr{xExq&_ZQ-&4sVt{(J@4BglE1GIiG(@~rKmsh|UB~@H~WPN&U z!nffX!>+?&O}6qVfw}J4+vUqvj6w~269o=fd0d2!M_2zn@hr>8jKRZSLqk21^+Rip zes0q*lh@-xokwfFqT_^}pXotY|0nT<<;<`cP`?fWT4((-0BnBlKpt>i`uFt$GsGew zT`43FleJDt?wJ^^wFz~zcVQ58%1Irk3>wwme7-r5QA4;g@jOYR`$>m`PbsR7iBZ=g z9%%7clCYbPgvO60-HJFlX_%Q8=VCd{!ID?0k~8njXV{%flO`dQa{`pAh5Vd{ z%zGA+?eIGyJ~gxhu0ZUu!3;{PE=7BU=4TsDo(~d*ob#Ee{M^h@L!aeiGs8s8OQz`< zU(TOOW;mGh-1Puh;O>PAsmHWex#N%PZVR)4*(eEeYZ4E2X8jERO30}Gt(>i-pH*o> z&cTl%Q@VhK{fBlClRm?rsJ=H(&9+UMl`C_5mDis~)u+=4Ke*dSjp`=sZVsJKG8G}0 z77D|kss(a`?far95BaB@qCsz*rtLZ!6s%|QQdivV4sHAIQv4i{5-QkxADOvOP|^^I zWNN#1T_aq59I+$0`*`dqTZoLj6gY(>CD1(c=3kLlU0fZKK3ga~+GFmtl zYQ%JWa)5F2^n88Nhg(P;i%+Y! zFDZ^B8c+&77IHaLQV%^Ajm>AxVd=^vamasPN3VS4tY6%Rg!t)+w662Wh?2HzFWC3o zU_-@)AM7g|3cX8FdE?$0)3J4iPiIP6r$V~=ZqOy-(pcW5J#a;wFRE&lLiO;6s~6>e zZ^0DR+CH`$Fs|NFgz#DPj%ppaO0Y(A7OVVFut$#jbmzY|a2j~mMWmP$ywXN9%1WS@ zt|#!I=P-cEwjF6{&zxIdXjhnJDv5|=zt$I<6}(jPbY^UD-BC>UDvMFvG&ScHaKOatKG6PD>F5x)FyS8rK`*dr_!8JbD0W) z*kqX#WvLA!<&ZfbhO-DXD3qq8CgO;ohB+Z30xED`_jR3Y|2ey$ z_j5nrePWUjmXjSJ_vcM>*x2bE=w&1qR`;cySr|Xn6LXtc@V!rx8G2U*I{mdc%H=&TumpmQIv|{Lb%B?f^2gXiR`Kyh}hCe6^hEyvVkWicKa<58- zYmk1GXWkcd4`Xh1>838X=;2S_UKHm0-2+XMiWg_i6)U<#hQ3X+Wf0iQG{f>K)6b?bS}$k?p-$G$lRcxVWHfE*>85 z@RPsqJLk4PDK}TwlAdu*<_{prFb&Hy0x`Egf{RcppkN(5 zVjwfDLGVoD3 zZV8m0S)Wh#)UXy87tQ4+=nrxexmfzi2I5RZ=n%0Apog|1lBoUG8-0?I5wWM_tn>XM z2aKj4E#2!nW`3zfPoBi}fm!wYT+po}jyPB}*F}yHCI-5S5;h~IItqiTr&Mk@I9GJ_ z;rw}FVmObwu ziC7TSJV?a#S4U`XuMWx7#%27<42H(ds5G+RTrYx|{^Oc13;S|Px#KcVj>-zte@w<$ zgj06ELM;aGxHf#V^ir?+nNU)fg9VL;k}pkRysy2JbpP6;`(Ko+s^6<*I)?Un?v(-E zzjDsFySuLl*>`_?PDWpP7k6APOB509u8)7&HHmkv4QC@l$S>B5edUtNGXwPo<2TnO z%V;+SmALxL#O>Cyw#L|-ReKy&WvFkTpFT>g74-(Pp18oWJR<4~`&f{STy{M-w=Gxs z$3}`#CGl5IkflDt@2+Efrgfm5jsIzzE0nxh#~QDobHB;BZNbMlFizQ}8A z@kGY0Jl)is{Rfq|A3dN21Q%fQ9d@PF(VFYerwQxK#+XL> zHkwa$j{{{D{(B|59r%v#2&m(>-g>W8I2^VfWwrQmx53qq55xdz@ExdoV{rMn9LAP# zIUn=W_j~%exwzN+(I!+MX3z6!+O+9fVOl#TL1mrxUmq`a-&C(%=nDUl97g=(!^5wwldVSBXr-p&HXe~>^TM4JroV?s=&-Z0p^+QSLU5x9QQ3Z$j z&qsznGom}~9ub5N-5*T)p_TqtGywBxAB5DT+G(Lo*KUaW9bp|z25JJH%MyAvZS8jG zgEYq|tGT2P>ZA`KYNNirxrS38h;1wJ;DLSV9%9cGM2;l}qGsQ%^XsF?Q~?doajK?2 z++Oh`V5Mm1vov<@zN?JZmd)Pdr+h%W?XPRRCR4VYzkFBoP!q4&^Z)_v_VwiXXdnF;bWgpv;XvsWa0u}I$z#91!D!OCY%+%`L^kR|%B z5+360Ap&)uWvp0OTy&^Gl*Hc6DJRY(Kg3hCXxM8fq1D|ky%Hr>)cX6iVLgXram}jk zo0b9PtA&j2k02ggx(mi;sP4=z_oxHJaew}N*QxcQZO^0!Q}>s}W3A!|Hx}+D@^unp ziQ=dOvRD%!*Q8;MLY{jz-;rmmtEb<}$alb)_b%b~;rBJBoJbTRjP^J_&2ir0=%-Ja zB4`+gT%B?i@9FW1ZT>L-;~2kv=2z`pQ~tUvRWdfF1aY_Nj(J(Q$zO6LJv*~#TsVXR(wz(- zFstb*R#RcNmsZ;|oVsYp;;>R^k;23VlOdIz<_D}Vlj>Ap=il`jp)Zl*;1_4FgJGqZ z3~B5fVa4h3yx`Bn8-hLK+p6Cz%@AoU`9f_ScZQgMfj!jYl@Nb@VnA2Bn)A#gLJMT; zryjTGVx0f-W<(XpSXfk?T7eW`OIf(6^k<0wO2ZS5t813*H_k|6ASPxCm>=kj3 zsA=12Y97#sVX@;(1CM(;g@TO-J|l)nA{)^Rf;P*>`wI}@Yxab*-+H4|bMZ`}t4kc! z4=r`xA#L@cKG=18B$={ocGliLzbgwvXz5YnVQ#e+H%Kg{i#GJ!bqAw?r0it#{k^#= zffy-G!!Q6ETz!o=8Q{*zhz)0|(uYGWGSod*)Oi}%S;eTPsA|mg* zy4}wB>oL>KJ)=O9$XjLHk^We=whM7imFo21SlUkW`R4a=G3d#NIs*_kVbTPPXTcN7he0Vd$P>wGBU>_Z3!( zBSg2r==zSTrRr7ilrUH48t+9I{AE10FuAXIaSlXD8n~lFraZ68c)*P0zZcL0ook(h zVL$GnAdYYYQBT_QulEUaiZ>?+$t~|=*d{E;!WzB(dE@*l(yJAt4&&UXRbCcyI%Pl| zOY`7YP(7ktVaui<$20J-T{(WItGwBb}w6_UZ^KYYH5! zgEr|zwWMf;_PvOK)}y4zh&CgDzMGO`@j*k4@az3ibhikS(08G%m%rju0VT%<)PY8F zqUb3Ah#3nkgRhxi;Lvf+V&pBp>&y0e%c!c-rf>V9v z4RDoqq&VSRN9ZeZ?T{uA3A6|1{17U7AhLsmh;_zMM(*H#-1P=e^GfKCM=0F*2csq7 z$3+DNx6}&b)vL!hzh|ueQn2}($C}ljD!ZVoTdeTso&Wst|73A4_`PRrr98=&rY}Jq z7KjDKKAHZM{30YqdMG$97`|Y!{D?#QX~$e_aV@uyi0b+T=$U1X>{IUo+d5oxO+rm% z4e3iIuPs?Rlk+%CH2%eOt#;R*5PyVHqe;B?RCK=`|IDZ5AXXk~KqPQ^bH21%kiWXQ z3VL|kOEoA-ekW3oGi0E{Z?CGC4E^e7jVpH$pNLp`+KGtv z&ow`f%Q@}ej>}i0|NShr)dEFe6F)48NLw)@QQtm)Lag5IMZne??=!jwknLs(sbRIf z4UkDjwS7+H;&%hzrli-eUw^dwY4uso?-`}90mj+!(vQX@I2D!QC^BUZVA&=EF8;2? z1(I<~YpdWPOBv)K=}r!2X4F(TuzQ`wPF&cGM4i(pXh*NzpgBrfU6DU4fAhfS0l}^& zP!`w$dVuJCYi_S??sBx=3S3siKr|O)05oWkqoNNWVA!!@9v^3yPOQEnZ=YSMzK5eM zPL!I)-b+$;2+OJ#IR>kpZzU%Y2n1x)Twx?Gg#NMJ115{8Dfw8w#A1}e1>!M%^nFk; zY0{I!Bna0*&D9Yx{xHrX2wN*BsOq6(xR}Al*fFHLsXhja@;Qjh7Rf}?%eOaxAP&-; znvwCuIswHniR3hy&fbuYEKZiE)JJitnAm~M7Q8Ay&ucQcLBvoa^jt=bPh4=y1E7ldsxK#FtPQ}s+AZxQab61H4NWwYIbFp6-guQSNOA9g{}H^iGp-=o zU7Qn$fd{ZPo#r;LPH(o&ZTiY&G{b#w?!GXMY}=GFFP9)*Pq-F%)+f6IKAI+kyxu&4 z)Al2!Ct?P>cPZZC(y{8Hcv8$)pvuDY`rVm56HB*@97!{|I?~e8nxB{V4-1!z7q_T; zUqda=)Kbziwi$9}KcJI_XxiG=1JKI4rE+4PD}ID?TiNO(^^k62Lj(~QF<-yX#{_B# z1Ock5+l4>6)v*bXM5?~RGcz;!K$w~O&~C@(58m6<)@d;f(=Ezfje;s-as;%>k#-B- zK1e2!xopyV_0bdxq*prIyFg$~ke*VOo-qm^FrDVuN_d&Uc$4Jr%%pg=M&dBsf>VX3#3EmexJk<>gvyP0U9j3WSPiVyDWyq$KuimObR ze4qm9!*(<0jygHq_gGqJ`}OmhbsJMb);yM9s`6aE(PHY!AU?FVy!T12rE<#xTH1{V zf}vUNEJE4mW1X6oeDTNy2t?C_^_P8)lomx;@|-KOR?U?^3<7}O(T%HfC+iyj0rlFZ zI;QHL$({EY|A~NK9Wacf6Yzn~IbQHRKEr$;18D;&;k!93nm6v96x~5U4q&K50wD4cnqRK{q@I$-kKB#+`&~oh=yN!tO{X^h?iGvAKsGK zT+)#mvwGm8&xVvV-;(J1vhES*HPuYCQA3M?btl@@*wPv?^)XaFqG`gh|i? zp0fnjSrEj0eW8pv)BvYx8d8p!2Vj^CX>PIQ2@cRZns)O^Giq4Q$RjNgM=PLoY`*V zW)ad;j^R1G6K>7d>LykLp$7jNQfRHM?h+Ww-#0g z(o*#UM=kB`yD?7th~OQ9J7$_ik=svA*e_jgDe3_9m7pAKPgQW28xYXV>$b&lp7^Dw zf$Dm3kj3)sZbC>uE6W*Ux4sgzC0c=U8r=Xk`+y0^UcSR1AzDF;{>`|)zL1I2yBIxr z(w;rZd!(Wj4l3J?^PTo9ZlJODECg*rO}%dhd_+xuShmPzn@PAQlHaT@@y-OhVh}UM zWFiGMZ`gOY2gK`^4VK3fpB!dmo>;}lF>1|`TLnRkM)_`#wwN^jCIKDPSryFisSO`w24ds=`nXscu6AGxsC%|As-NXr ziUunApY~!$E%jbGU>bUP+{DT9q)ZHLSt1w#-DV{^84<%d3dSKr%b(ym2;RIEdt?@o5lsbHrO6lBR3Gg4c`lOc!78{+Da@ z2(LFoE%mdSz;jie*M@B`%3YjXQCmj2WU4?MRLjujf4zej7fypI9Rz)x510sE{M3r*itPb+na!+rh~aJ$&k^jaH_hsBpLNWShMG{ltK)m!wBL>4Q%K?rsl= z4jyYC4EO)`ket#VKDpi6Y+fEfQ%_%#@=)5KCk)VU7SNDtMuqZEThLts43M5)<)2|{ z4Gxr)LLB$=)2);sS2bR4-B2E*p6_Y^nkJD=&t8Hy@gHNX2?ov3st#LzwqAJ>D2FrwbYKSniCx*6(VWiKLuf;~xrNeh{c@0UMS9}B zJ3z|aQ69epTWbc2cQBm*bt(0diuUlaK*QJoq$X`HgeBkEJr zc0N!1m>mcv$tVczDF?5E05<+|oqF0N{7-tFbiu+`&}KrXu11V+O$uH7&zj={*2(FC z2DmH!1r1HXN3z2Qj2fyTn>HQN(@SAHkyG)L-R%pHHh>&*WbLH?mBGHW1Kk9oLyz+=*&SP369V_8!0Z5T|JXw{Z0um-n^sG@O+ySKc`y}r#AfN;dMkmX(O;7)gx}I8ZQO(5F5L~1sU$##`Gh|3 z<<$w?6VccJlsH2<>(^CX>WKL8o)1Zs75Mh`@bhiEKQLF%xq@D)i~kAoPs2D~4x;~6 z3##xs_@@+7K_Pk5&lmTdWd0PDzWCd}=a>Ka Date: Thu, 2 Jun 2022 22:54:49 -0700 Subject: [PATCH 274/540] tweaks --- .../update/includes/update-compliance-endpoints.md | 2 +- .../update/update-compliance-v2-prerequisites.md | 14 ++++++++------ ...compliance-v2-schema-ucclientreadinessstatus.md | 8 +++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/deployment/update/includes/update-compliance-endpoints.md b/windows/deployment/update/includes/update-compliance-endpoints.md index 4afa53fdad..864f4d38dd 100644 --- a/windows/deployment/update/includes/update-compliance-endpoints.md +++ b/windows/deployment/update/includes/update-compliance-endpoints.md @@ -16,7 +16,7 @@ Devices must be able to contact the following endpoints in order to authenticate | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most [WaaSUpdateStatus](../update-compliance-schema-waasupdatestatus.md) information for Update Compliance. | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Update Compliance. | | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. | | `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. | | `https://adl.windows.com` | Required for Windows Update functionality. | diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md index 59192e7e3f..c4aa6213d1 100644 --- a/windows/deployment/update/update-compliance-v2-prerequisites.md +++ b/windows/deployment/update/update-compliance-v2-prerequisites.md @@ -69,17 +69,19 @@ For more information about what's included in different diagnostic levels, see [ > [!NOTE] > Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription. -## Log Analytics prerequisites - -### Permissions - -- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role. -- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role. +## Microsoft 365 admin center permissions (optional) When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also recommended: - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles) - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles) +## Log Analytics prerequisites + +### Log Analytics permissions + +- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role. +- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role. + ### Log Analytics regions diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md index 8fe1c6f8f8..2a5a165f38 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md @@ -36,14 +36,12 @@ UCClientReadinessStatus is an individual device's record about its readiness for | **TargetOSName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 11` | The name of the operating system being targeted to the device for this readiness record.| | **TargetOSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `21H2` | The operating system version being targeted to the device for this readiness record.| | **TargetOSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22000.1` | The full operating system build number that's being targeted to the device for this readiness record.| -| **ReadinessStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or -unknown. This status is determined by Windows Update.| +| **ReadinessStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows Update.| | **ReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by the Windows Update applicability. | | **ReadinessScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed and the assessment was sent.| | **ReadinessExpiryTime**| [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the readiness assessment will expire.| -| **SetupReadinessStatus**| [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or -unknown. This status is determined by Windows setup.| -| **SetupReadinessReason** | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. | +| **SetupReadinessStatus**| [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows setup.| +| **SetupReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. | | **SetupReadinessTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed by setup and the assessment was sent.| | **SetupReadinessExpiryTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the setup readiness assessment will expire.| | **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 10:26:03.478039` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace.| From 3b2aec6f320ae439fac15ca353f9fcae966d16e8 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 2 Jun 2022 22:59:19 -0700 Subject: [PATCH 275/540] tweaks --- .../update/update-compliance-v2-schema-ucclient.md | 5 ----- .../update-compliance-v2-schema-ucclientreadinessstatus.md | 5 ----- .../update-compliance-v2-schema-ucclientupdatestatus.md | 5 ----- .../update/update-compliance-v2-schema-ucdevicealert.md | 5 ----- .../update-compliance-v2-schema-ucserviceupdatestatus.md | 5 ----- .../update/update-compliance-v2-schema-ucupdatealert.md | 5 ----- windows/deployment/update/update-compliance-v2-schema.md | 5 ----- 7 files changed, 35 deletions(-) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md index e4e0d9ab25..70e9b938c4 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md @@ -60,8 +60,3 @@ UCClient acts as an individual device's record. It contains data such as the cur | **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. | | **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. | | **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for quality updates, possible values are Paused, NotPaused, NotConfigured. | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md index 2a5a165f38..45a6a8eae7 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md @@ -45,8 +45,3 @@ UCClientReadinessStatus is an individual device's record about its readiness for | **SetupReadinessTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed by setup and the assessment was sent.| | **SetupReadinessExpiryTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the setup readiness assessment will expire.| | **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 10:26:03.478039` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace.| - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md index e0c0f9a53a..0fc27a857d 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md @@ -52,8 +52,3 @@ Update Event that combines the latest client-based data with the latest service- | **UpdateInstalledTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when event transitioned to UpdateInstalled, else empty. | | **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update | | **UpdateSource** | [string](/azure/kusto/query/scalar-data-types/string) | `UUP` | The source of the update such as UUP, MUv6, Media | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md index 81b75d59b6..71696884f7 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md @@ -51,8 +51,3 @@ These alerts are activated as a result of an issue that is device-specific. It i | **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. | | **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | | **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an upgrade (feature update), security (quality update), non-security (quality update) | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md index b441270455..e2fb645ed5 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md @@ -39,8 +39,3 @@ Update Event that comes directly from the service-side. The event has only servi | **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `ServiceUpdateEvent` | The EntityType | | **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | | **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update) | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md index 1b331db46a..1520b8656b 100644 --- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md +++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md @@ -54,8 +54,3 @@ Alert for both client and service updates. Contains information that needs atten | **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. | | **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update) | | **URL** | [string](/azure/kusto/query/scalar-data-types/string) | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index cba93e4669..8be45c6607 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -38,8 +38,3 @@ The table below summarizes the different tables that are part of the Update Comp | [**UCDeviceAlert**](update-compliance-v2-schema-ucdevicealert.md)| Service and device record | These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from such as a ServiceDeviceAlert or ClientDeviceAlert. For example, an EndOfService alert is a ClientDeviceAlert, since a build that's no longer being serviced is a client-wide state. Meanwhile, DeviceRegistrationIssues in Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. | | [**UCServiceUpdateStatus**](update-compliance-v2-schema-ucserviceupdatestatus.md) | Service record | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. | | [**UCUpdateAlert**](update-compliance-v2-schema-ucupdatealert.md) | Service and device records | Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment, if relevant. Certain fields may be blank depending on the UpdateAlert's AlertType field. For example, ServiceUpdateAlert won't necessarily contain client-side statuses and may be blank. | - -## Next steps - -- [Update Compliance overview](update-compliance-v2-overview.md) -- [Use Update Compliance](update-compliance-v2-use.md) From e71a8e98051e1bd391d2acb2d047485acd2e9e3e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 2 Jun 2022 23:01:07 -0700 Subject: [PATCH 276/540] tweaks --- windows/deployment/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 4fb0fb20df..f8d2c242dc 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -205,7 +205,7 @@ href: update/update-compliance-v2-use.md - name: Software updates in the Microsoft admin center (preview) href: update/update-status-admin-center.md - - name: Schema reference (preview) + - name: Update Compliance schema reference (preview) items: - name: Update Compliance schema reference href: update/update-compliance-v2-schema.md From 0da200139786c3c46ca7c9094148ae7b6332fbba Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:36:54 +0530 Subject: [PATCH 277/540] improved consistency in the articles --- .../mdm/policy-csp-internetexplorer.md | 145 ++++++++++-------- 1 file changed, 77 insertions(+), 68 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 90b966d970..1f621319a6 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -12035,13 +12035,13 @@ ADMX Info: -This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. +This policy setting allows you to manage restrictions on script-initiated pop-up windows, and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. -If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone, as dictated by the Scripted Windows Security Restrictions feature control setting for the process. -If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. +If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone<> as dictated by the Scripted Windows Security Restrictions feature control setting for the process. @@ -12085,7 +12085,7 @@ ADMX Info: -This policy setting determines whether a page can control embedded WebBrowser controls via script. +This policy setting determines, whether a page can control embedded WebBrowser controls via script. If you enable this policy setting, script access to the WebBrowser control is allowed. @@ -12135,7 +12135,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -12185,7 +12185,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -12193,7 +12193,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -12237,7 +12238,7 @@ ADMX Info: -This policy setting allows you to manage whether script is allowed to update the status bar within the zone. +This policy setting allows you to manage, whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar. @@ -12285,7 +12286,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -12335,7 +12336,7 @@ ADMX Info: -This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. +This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer. If you selected Enable in the drop-down box, VBScript can run without user intervention. @@ -12387,13 +12388,13 @@ ADMX Info: -This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. +This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. -If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. +If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. @@ -12437,7 +12438,7 @@ ADMX Info: -This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. +This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. @@ -12487,7 +12488,7 @@ ADMX Info: -This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. +This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. @@ -12537,7 +12538,7 @@ ADMX Info: -This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. +This policy controls, whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections. @@ -12585,15 +12586,15 @@ ADMX Info: -This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. +This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. +In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting. @@ -12637,15 +12638,15 @@ ADMX Info: -This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. +This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window. -If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. +If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting. -If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. -In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. +In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog. -In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. +In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog. @@ -12739,13 +12740,13 @@ ADMX Info: -This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. +This policy setting controls, whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. -If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent. +If you do not configure this policy setting, the user can choose whether path information is sent, when he or she is uploading a file via an HTML form. By default, path information is sent. @@ -12847,7 +12848,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -12897,7 +12898,7 @@ ADMX Info: -This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. +This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. @@ -12951,7 +12952,7 @@ This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. -Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol. +Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol. Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. @@ -13005,9 +13006,9 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. +If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains. @@ -13055,7 +13056,7 @@ ADMX Info: -This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. +This policy setting allows you to manage, whether ActiveX controls and plug-ins can be run on pages from the specified zone. If you enable this policy setting, controls and plug-ins can run without user intervention. @@ -13107,9 +13108,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. +If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components. If you disable this policy setting, Internet Explorer will not execute signed managed components. @@ -13157,7 +13158,7 @@ ADMX Info: -This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. +This policy setting allows you to manage, whether an ActiveX control marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention. @@ -13209,7 +13210,7 @@ ADMX Info: -This policy setting allows you to manage whether applets are exposed to scripts within the zone. +This policy setting allows you to manage, whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts can access applets automatically without user intervention. @@ -13261,7 +13262,7 @@ ADMX Info: -This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). +This policy setting controls, whether or not the "Open File - Security Warning" message appears, when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. @@ -13361,7 +13362,7 @@ ADMX Info: -This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. +This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. @@ -13411,13 +13412,13 @@ ADMX Info: -Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. +Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts pop-up windows, and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. -If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. +If you enable this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes. -If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows. +If you disable this policy setting, scripts can continue to create pop-up windows and windows that obfuscate other windows. -If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. +If you do not configure this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes. @@ -13463,7 +13464,10 @@ ADMX Info: This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website. -If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. +If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. + +> [!NOTE] +> This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, the user can configure his or her list of search providers. @@ -13560,7 +13564,7 @@ ADMX Info: -This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting and you must include at least one site in the Enterprise Mode Site List. +This setting lets you decide, whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting, and you must include at least one site in the Enterprise Mode Site List. If you enable this setting, it automatically opens all sites not included in the Enterprise Mode Site List in Microsoft Edge. @@ -13679,7 +13683,7 @@ ADMX Info: -This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -13729,7 +13733,7 @@ ADMX Info: -This policy setting manages whether users will be automatically prompted for ActiveX control installations. +This policy setting manages, whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -13779,7 +13783,7 @@ ADMX Info: -This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. +This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. @@ -13827,7 +13831,7 @@ ADMX Info: -This policy setting allows you to manage whether pages of the zone may download HTML fonts. +This policy setting allows you to manage, whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -13877,11 +13881,11 @@ ADMX Info: -This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. +This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. -If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. +If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. -If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. @@ -13927,9 +13931,9 @@ ADMX Info: -This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. -If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. +If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. @@ -13977,7 +13981,7 @@ ADMX Info: -This policy setting allows you to manage whether the user can run scriptlets. +This policy setting allows you to manage, whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -14027,7 +14031,7 @@ ADMX Info: -This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. +This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content. If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content. @@ -14035,7 +14039,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content. -Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!NOTE] +> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content. @@ -14079,7 +14084,7 @@ ADMX Info: -This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. +This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -14129,13 +14134,13 @@ ADMX Info: -This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. +This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. -If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. +If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. -If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. +If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings. @@ -14237,7 +14242,7 @@ If you enable this policy setting, you can choose options from the drop-down box Low Safety enables applets to perform all operations. -Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O. +Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. @@ -14287,13 +14292,13 @@ ADMX Info: -This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. +This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains. -If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. +If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, users cannot open windows and frames to access applications from different domains. -If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains. +If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains. @@ -14309,3 +14314,7 @@ ADMX Info:

    + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 7d6a6767d1bdcca0f06d428f4fee4330d24d32c2 Mon Sep 17 00:00:00 2001 From: Shesh <56231259+sheshachary@users.noreply.github.com> Date: Fri, 3 Jun 2022 17:43:47 +0530 Subject: [PATCH 278/540] improved consistency in the article --- .../mdm/policy-csp-education.md | 11 +-- .../mdm/policy-csp-enterprisecloudprint.md | 26 +++--- .../mdm/policy-csp-errorreporting.md | 16 ++-- .../mdm/policy-csp-eventlogservice.md | 17 ++-- .../mdm/policy-csp-experience.md | 82 +++++++++---------- .../mdm/policy-csp-exploitguard.md | 9 +- .../client-management/mdm/policy-csp-feeds.md | 7 +- .../mdm/policy-csp-fileexplorer.md | 9 +- .../client-management/mdm/policy-csp-games.md | 10 ++- .../mdm/policy-csp-handwriting.md | 11 +-- .../mdm/policy-csp-humanpresence.md | 18 ++-- 11 files changed, 109 insertions(+), 107 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index f6a9f6207d..edab7bcabf 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Education -
    @@ -35,7 +34,6 @@ manager: dansimp -
    @@ -52,7 +50,6 @@ manager: dansimp |Enterprise|Yes|Yes| |Education|Yes|Yes| -
    @@ -66,7 +63,7 @@ manager: dansimp -This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality. +This policy setting allows you to control, whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality. ADMX Info: @@ -99,7 +96,6 @@ The following list shows the supported values: |Enterprise|Yes|Yes| |Education|Yes|Yes| -
    @@ -186,7 +182,6 @@ The following list shows the supported values: |Enterprise|Yes|Yes| |Education|Yes|Yes| -
    @@ -209,6 +204,8 @@ The policy value is expected to be a `````` separated list of printer na
    - +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 92d148da45..df2804c31e 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - EnterpriseCloudPrint - -
    @@ -42,7 +40,6 @@ manager: dansimp -
    @@ -72,11 +69,11 @@ manager: dansimp -Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. +Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. -The datatype is a string. +Supported datatype is string. -The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://azuretenant.contoso.com/adfs```. @@ -112,7 +109,7 @@ The default value is an empty string. Otherwise, the value should contain the UR Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. -The datatype is a string. +Supported datatype is string. The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". @@ -150,7 +147,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. -The datatype is a string. +Supported datatype is string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". @@ -188,9 +185,9 @@ The default value is an empty string. Otherwise, the value should contain a URL. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. -The datatype is a string. +Supported datatype is string. -The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://cloudprinterdiscovery.contoso.com```. @@ -226,7 +223,7 @@ The default value is an empty string. Otherwise, the value should contain the UR Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. -The datatype is an integer. +Supported datatype is integer. @@ -262,9 +259,9 @@ The datatype is an integer. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. -The datatype is a string. +Supported datatype is string. -The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". +The default value is an empty string. Otherwise, the value should contain a URL. For example, ```http://MopriaDiscoveryService/CloudPrint```. @@ -273,3 +270,6 @@ The default value is an empty string. Otherwise, the value should contain a URL. +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 4e936900f9..720f5cae3c 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -15,11 +15,11 @@ manager: dansimp # Policy CSP - ErrorReporting > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -44,7 +44,6 @@ manager: dansimp -
    @@ -84,7 +83,7 @@ If you enable this policy setting, you can add specific event types to a list by - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any extra data requested by Microsoft. -- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any extra data requested by Microsoft. +- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent, to send any extra data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically. @@ -131,7 +130,7 @@ ADMX Info: -This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. +This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization, when software unexpectedly stops working or fails. If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel. @@ -178,7 +177,7 @@ ADMX Info: -This policy setting controls whether users are shown an error dialog box that lets them report an error. +This policy setting controls, whether users are shown an error dialog box that lets them report an error. If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error. @@ -229,7 +228,7 @@ ADMX Info: -This policy setting controls whether extra data in support of error reports can be sent to Microsoft automatically. +This policy setting controls, whether extra data in support of error reports can be sent to Microsoft automatically. If you enable this policy setting, any extra data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. @@ -298,3 +297,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index f5ee67d449..1616de5ece 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - EventLogService - -
    @@ -36,7 +34,6 @@ manager: dansimp -
    @@ -66,13 +63,14 @@ manager: dansimp -This policy setting controls Event Log behavior when the log file reaches its maximum size. +This policy setting controls Event Log behavior, when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost. If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events. -Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +> [!NOTE] +> Old events may or may not be retained according to the "Backup log automatically when full" policy setting. @@ -119,7 +117,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments. -If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes. @@ -166,7 +164,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments. -If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes. @@ -213,7 +211,7 @@ This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments. -If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes. @@ -231,3 +229,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 1b295a8323..b25dbf8552 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Experience - -
    @@ -99,7 +97,6 @@ manager: dansimp -
    @@ -131,7 +128,7 @@ manager: dansimp Allows history of clipboard items to be stored in memory. -Value type is integer. Supported values: +Supported value type is integer. Supported values are: - 0 - Not allowed - 1 - Allowed (default) @@ -207,8 +204,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -252,8 +249,8 @@ Most restricted value is 0. The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -291,7 +288,7 @@ This policy turns on Find My Device. When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. -When Find My Device is off, the device and its location aren't registered and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device. +When Find My Device is off, the device and its location aren't registered, and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device. @@ -305,8 +302,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -345,15 +342,14 @@ Specifies whether to allow the user to delete the workplace account using the wo > [!NOTE] > The MDM server can always remotely delete the account. - Most restricted value is 0. The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -531,7 +527,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value. > [!NOTE] -> This setting doesn't control Cortana cutomized experiences because there are separate policies to configure it. +> This setting doesn't control Cortana customized experiences because there are separate policies to configure it. Most restricted value is 0. @@ -547,8 +543,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -585,7 +581,6 @@ The following list shows the supported values: > [!NOTE] > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. - Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. @@ -638,7 +633,6 @@ The following list shows the supported values: > [!NOTE] > Prior to Windows 10, version 1803, this policy had User scope. - This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. Most restricted value is 0. @@ -655,8 +649,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 – Allowed. +- 0 – Not allowed +- 1 – Allowed @@ -693,8 +687,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. - -Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. +Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features, and other related features will be turned off. You should enable this policy setting, if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. Most restricted value is 0. @@ -710,8 +703,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -762,8 +755,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -815,8 +808,8 @@ ADMX Info: The following list shows the supported values: -- 0 - Not allowed. -- 1 - Allowed. +- 0 - Not allowed +- 1 - Allowed @@ -851,7 +844,7 @@ The following list shows the supported values: -This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. +This policy setting lets you turn off the Windows spotlight, and Windows welcome experience feature. The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. Most restricted value is 0. @@ -868,8 +861,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed +- 1 (default) – Allowed @@ -917,8 +910,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Disabled. -- 1 (default) – Enabled. +- 0 – Disabled +- 1 (default) – Enabled @@ -954,7 +947,7 @@ This policy setting allows you to configure the Chat icon on the taskbar. -The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not enabled. +The values for this policy are 0, 1, 2, and 3. This policy defaults to 0, if not enabled. - 0 - Not Configured: The Chat icon will be configured according to the defaults for your Windows edition. - 1 - Show: The Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings. @@ -997,10 +990,9 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not > [!NOTE] -> This policy is only available for Windows 10 Enterprise and Windows 10 Education. +> This policy is only available for Windows 10 Enterprise, and Windows 10 Education. - -Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. +Allows IT admins to specify, whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. @@ -1066,8 +1058,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Disabled. -- 1 – Enabled. +- 0 (default) – Disabled +- 1 – Enabled @@ -1174,7 +1166,6 @@ Supported values: - 0 (default) - Allowed/turned on. The "browser" group synchronizes automatically between users' devices and lets users make changes. - 2 - Prevented/turned off. The "browser" group doesn't use the _Sync your Settings_ option. - _**Sync the browser settings automatically**_ Set both **DoNotSyncBrowserSettings** and **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on). @@ -1273,7 +1264,7 @@ _**Prevent syncing of browser settings and let users turn on syncing**_ Validation procedure: 1. Select **More > Settings**. -1. See if the setting is enabled or disabled based on your selection. +1. See, if the setting is enabled or disabled based on your selection. @@ -1314,7 +1305,7 @@ If you enable this policy setting, the lock option is shown in the User Tile men If you disable this policy setting, the lock option is never shown in the User Tile menu. -If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel. +If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose, if they want to show the lock in the user tile menu from the Power Options control panel. @@ -1340,5 +1331,8 @@ Supported values:
    - + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 993a0fc5d6..80582e1ec2 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - ExploitGuard - -
    @@ -27,7 +25,6 @@ manager: dansimp -
    @@ -102,4 +99,8 @@ Here is an example:
    - \ No newline at end of file + + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md index cb123a910c..f8a8f5eea5 100644 --- a/windows/client-management/mdm/policy-csp-feeds.md +++ b/windows/client-management/mdm/policy-csp-feeds.md @@ -14,7 +14,6 @@ manager: dansimp # Policy CSP - Feeds -
    @@ -26,7 +25,6 @@ manager: dansimp -
    @@ -56,7 +54,7 @@ manager: dansimp -This policy setting specifies whether news and interests is allowed on the device. +This policy setting specifies, whether news and interests is allowed on the device. The values for this policy are 1 and 0. This policy defaults to 1. @@ -78,3 +76,6 @@ ADMX Info: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 035ce7ada8..b46e93af9c 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -15,11 +15,11 @@ manager: dansimp # Policy CSP - FileExplorer > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
    @@ -48,7 +48,6 @@ manager: dansimp -
    @@ -353,3 +352,7 @@ ADMX Info: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index b0f6f9b900..e6fde52f63 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Games - -
    @@ -27,7 +25,6 @@ manager: dansimp -
    @@ -57,7 +54,9 @@ manager: dansimp -Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. +Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. + +Supported value type is integer. @@ -73,3 +72,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 4c1d020a80..8602af165b 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - Handwriting - -
    @@ -27,7 +25,6 @@ manager: dansimp -
    @@ -61,9 +58,9 @@ This policy allows an enterprise to configure the default mode for the handwriti The handwriting panel has two modes - floats near the text box, or docked to the bottom of the screen. The default configuration is the one floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. -In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction. +In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel, to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction. -The docked mode is especially useful in Kiosk mode where you don't expect the end-user to drag the flying-in panel out of the way. +The docked mode is especially useful in Kiosk mode, where you don't expect the end-user to drag the flying-in panel out of the way. @@ -86,3 +83,7 @@ The following list shows the supported values: + +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index 7bd974a38c..8b672ccbbf 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - HumanPresence - -
    @@ -33,7 +31,6 @@ manager: dansimp -
    @@ -63,7 +60,7 @@ manager: dansimp -This policy specifies whether the device can lock when a human presence sensor detects a human. +This policy specifies, whether the device can lock when a human presence sensor detects a human. @@ -80,7 +77,7 @@ The following list shows the supported values: - 2 = ForcedOff - 1 = ForcedOn - 0 = DefaultToUserChoice -- Defaults to 0. +- Defaults to 0 @@ -113,7 +110,7 @@ The following list shows the supported values: -This policy specifies whether the device can lock when a human presence sensor detects a human. +This policy specifies, whether the device can lock when a human presence sensor detects a human. @@ -130,7 +127,7 @@ The following list shows the supported values: - 2 = ForcedOff - 1 = ForcedOn - 0 = DefaultToUserChoice -- Defaults to 0. +- Defaults to 0 @@ -163,7 +160,7 @@ The following list shows the supported values: -This policy specifies at what distance the sensor wakes up when it sees a human in seconds. +This policy specifies, at what distance the sensor wakes up when it sees a human in seconds. @@ -175,7 +172,7 @@ ADMX Info: -Integer value that specifies whether the device can lock when a human presence sensor detects a human. +Integer value that specifies, whether the device can lock when a human presence sensor detects a human. The following list shows the supported values: @@ -191,3 +188,6 @@ The following list shows the supported values: +## Related topics + +[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file From 53b778e3207e728ac87ceb0aa77352c78e9b7b2f Mon Sep 17 00:00:00 2001 From: Anthony Swierkosz Date: Fri, 3 Jun 2022 12:34:22 -0400 Subject: [PATCH 279/540] Standardize article links and replace `console` with `cmd` Co-authored-by: Aaron Czechowski --- .../credential-guard/credential-guard-manage.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index d6b5d99572..b63bf80703 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -45,7 +45,7 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will 1. In the **Credential Guard Configuration** box, select **Enabled with UEFI lock**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**. -1. In the **Secure Launch Configuration** box, choose **Not Configured**, **Enabled** or **Disabled**. See [System Guard Secure Launch and SMM protection](../../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) for more details. +1. In the **Secure Launch Configuration** box, choose **Not Configured**, **Enabled** or **Disabled**. For more information, see [System Guard Secure Launch and SMM protection](../../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). :::image type="content" source="images/credguard-gp.png" alt-text="Windows Defender Credential Guard Group Policy setting."::: @@ -65,7 +65,7 @@ To enforce processing of the group policy, you can run `gpupdate /force`. > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock. > [!TIP] -> You can also configure Credential Guard by using an account protection profile in endpoint security. See [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings). +> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings). ### Enable Windows Defender Credential Guard by using the registry @@ -99,13 +99,13 @@ You can do this by using either the Control Panel or the Deployment Image Servic 1. Add the Hyper-V Hypervisor by running the following command: - ```console + ```cmd dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all ``` 1. Add the Isolated User Mode feature by running the following command: - ```console + ```cmd dism /image: /Enable-Feature /FeatureName:IsolatedUserMode ``` @@ -142,7 +142,7 @@ You can do this by using either the Control Panel or the Deployment Image Servic You can also enable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md). -```console +```cmd DG_Readiness_Tool.ps1 -Enable -AutoReboot ``` @@ -167,7 +167,7 @@ You can view System Information to check that Windows Defender Credential Guard You can also check that Windows Defender Credential Guard is running by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md). -```console +```cmd DG_Readiness_Tool_v3.6.ps1 -Ready ``` @@ -237,7 +237,7 @@ To disable Windows Defender Credential Guard, you can use the following set of p 1. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: - ```console + ```cmd mountvol X: /s copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader @@ -257,7 +257,7 @@ To disable Windows Defender Credential Guard, you can use the following set of p > [!NOTE] > The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: > - > ```console + > ```cmd > bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS > bcdedit /set vsmlaunchtype off > ``` From febbd1d898c049d55687b26468ff54fa3c818290 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 3 Jun 2022 09:34:31 -0700 Subject: [PATCH 280/540] Updated supported versions, servicing profile clarification. --- .../deploy/windows-autopatch-register-devices.md | 8 ++++---- ...windows-autopatch-microsoft-365-apps-enterprise.md | 11 ++++++++--- .../operate/windows-autopatch-update-management.md | 2 +- .../overview/windows-autopatch-faq.yml | 4 ++-- .../prepare/windows-autopatch-prerequisites.md | 2 ++ 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index bc01a30400..7dbed8bc97 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -51,11 +51,11 @@ Azure AD groups synced up from: To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites: -- Windows 10/11 64-bit Enterprise edition 1809+. -- Either hybrid or Azure AD joined (personal devices aren't supported). +- [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) +- Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - Microsoft Endpoint Manager-Intune or Microsoft Endpoint Manager-Configuration Manager Co-management. - - Microsoft Endpoint Manager-Configuration Manager Co-management workloads swung over to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads: - Windows updates policies - Device configuration - Office Click-to-run diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 658420e146..2175c45a94 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -57,9 +57,12 @@ Updates are required by your system admin are blocked by one or more apps. Offic Alternatively, users can select **Update now** to apply the updates. The user is then prompted to close all open Office programs. After the updates are applied, the message disappears. -If the deadline arrives and the updates still aren't applied, users see a dialog box that warns them that they have 15 minutes before the updates are applied. +When the deadline arrives and the updates still aren't applied, users will: -This warning gives users 15 minutes to save and close any work. When the countdown reaches 00∶00, any open Office programs are closed, and the updates are applied. +1. See a dialog box that warns them that they have 15 minutes before the updates are applied. +1. Have 15 minutes to save and close any work. + +When the countdown reaches 00∶00, any open Office programs are closed, and the updates are applied. ### Office client app configuration @@ -99,7 +102,9 @@ Window Autopatch deploys mobile device management (MDM) policies to configure Mi ## Microsoft 365 Apps servicing profiles -A service profile takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the above requirements regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. +A service profile takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. + +However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [update type](windows-autopatch-update-management.md#update-types), see the Device eligibility section of each respective update type. ## Incidents and outages diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md index a157492b2c..ac151e3512 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md @@ -48,7 +48,7 @@ When a device is enrolled into the Windows Autopatch service, the device is assi | Ring | Default device count | Description | ----- | ----- | ----- | | Test | zero | Windows Autopatch doesn't automatically add devices to this ring. You must manually add devices to the Test ring. The recommended number of devices in this ring, based upon your environment size, is as follows:
    • 0–500 devices: minimum one device
    • 500–5000 devices: minimum five devices
    • 5000+ devices: min 50 devices
    Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. | -| First | 1% | The First ring is the first group of production users to receive a change.

    This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all customers. For example, we can generate a statistically significant signal saying that critical errors are trending up in a specific release for all customers but can't be confident that it's doing so in your environment.

    Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this ring might experience outages if there are scenarios that weren't covered during testing in the Test ring. | +| First | 1% | The First ring is the first group of production users to receive a change.

    This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all customers. For example, we can generate a statistically significant signal saying that critical errors are trending up in a specific release for all customers but can't be confident that it's doing so in your environment.

    Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this ring might experience outages if there are scenarios that weren't covered during testing in the Test ring.| | Fast | 9% | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.

    The goal with this ring is to cross the 500-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.

    | | Broad | 90% | The Broad ring is the last group of users to receive changes. Since it contains most of the devices enrolled in Windows Autopatch, it favors stability over speed in deployment.| diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 31785f6f55..2c496594e3 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -18,7 +18,7 @@ sections: questions: - question: What Windows versions are supported? answer: | - Windows Autopatch works with all [supported versions of Windows 10 and Windows 11 Enterprise edition](/windows/release-health/supported-versions-windows-client). + Windows Autopatch works with all [supported versions of Windows 10 and Windows 11](/windows/release-health/supported-versions-windows-client) Enterprise and Professional editions. - question: What is the difference between Windows Update for Business and Windows Autopatch? answer: | Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3. @@ -38,7 +38,7 @@ sections: questions: - question: What are the prerequisites for Windows Autopatch? answer: | - - [Supported Windows 10/11 Enterprise edition versions](/windows/release-health/supported-versions-windows-client) + - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index c8b35d5a1c..3d918f7629 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -35,7 +35,9 @@ Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. The fol The following Windows 64-bit editions are required for Windows Autopatch: +- Windows 10/11 Pro - Windows 10/11 Enterprise +- Windows 10/11 Pro for Workstations ## Co-management requirements From 640fb45bebc876cc79d8a451fc68c361d27591c7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 3 Jun 2022 10:22:28 -0700 Subject: [PATCH 281/540] edits --- windows/deployment/update/update-compliance-v2-schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md index 8be45c6607..4a8db43f15 100644 --- a/windows/deployment/update/update-compliance-v2-schema.md +++ b/windows/deployment/update/update-compliance-v2-schema.md @@ -35,6 +35,6 @@ The table below summarizes the different tables that are part of the Update Comp | [**UCClient**](update-compliance-v2-schema-ucclient.md) | Device record | UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the operating system edition, and active hours (quantitative). | |[**UCClientReadinessStatus**](update-compliance-v2-schema-ucclientreadinessstatus.md) | Device record | UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 hardware requirements the device doesn't meet.| | [**UCClientUpdateStatus**](update-compliance-v2-schema-ucclientupdatestatus.md) | Device record | Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. | -| [**UCDeviceAlert**](update-compliance-v2-schema-ucdevicealert.md)| Service and device record | These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from such as a ServiceDeviceAlert or ClientDeviceAlert. For example, an EndOfService alert is a ClientDeviceAlert, since a build that's no longer being serviced is a client-wide state. Meanwhile, DeviceRegistrationIssues in Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered. | +| [**UCDeviceAlert**](update-compliance-v2-schema-ucdevicealert.md)| Service and device record | These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from such as a ServiceDeviceAlert or ClientDeviceAlert. | | [**UCServiceUpdateStatus**](update-compliance-v2-schema-ucserviceupdatestatus.md) | Service record | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. | | [**UCUpdateAlert**](update-compliance-v2-schema-ucupdatealert.md) | Service and device records | Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment, if relevant. Certain fields may be blank depending on the UpdateAlert's AlertType field. For example, ServiceUpdateAlert won't necessarily contain client-side statuses and may be blank. | From 034d93fa36948ff6902ce8efcf1c1bff3d140743 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 3 Jun 2022 21:47:57 -0700 Subject: [PATCH 282/540] fix MicrosoftDocs/windows-itpro-docs#10572 --- ...-in-your-organization-modern-management.md | 124 +++--- .../change-history-for-mdm-documentation.md | 8 +- windows/client-management/mdm/index.md | 11 +- windows/whats-new/TOC.yml | 20 - windows/whats-new/get-started-with-1709.md | 51 --- windows/whats-new/images/bulk-token.PNG | Bin 2817 -> 0 bytes windows/whats-new/images/wdatp.png | Bin 128568 -> 0 bytes windows/whats-new/index.yml | 59 ++- .../ltsc/whats-new-windows-10-2015.md | 9 +- .../ltsc/whats-new-windows-10-2019.md | 400 ++++++++---------- ...ts-new-windows-10-version-1507-and-1511.md | 6 +- .../whats-new-windows-10-version-1607.md | 6 +- .../whats-new-windows-10-version-1703.md | 10 +- .../whats-new-windows-10-version-1709.md | 6 +- .../whats-new-windows-10-version-1803.md | 6 +- .../whats-new-windows-10-version-1809.md | 6 +- .../whats-new-windows-10-version-1903.md | 7 +- .../whats-new-windows-10-version-1909.md | 7 +- .../whats-new-windows-10-version-2004.md | 7 +- 19 files changed, 288 insertions(+), 455 deletions(-) delete mode 100644 windows/whats-new/get-started-with-1709.md delete mode 100644 windows/whats-new/images/bulk-token.PNG delete mode 100644 windows/whats-new/images/wdatp.png diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index c7a4891409..dc5a1ff7d3 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -1,140 +1,136 @@ --- title: Manage Windows 10 in your organization - transitioning to modern management -description: This topic offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. -keywords: ["MDM", "device management", "group policy", "Azure Active Directory"] +description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices -author: dansimp ms.localizationpriority: medium -ms.date: 04/26/2018 +ms.date: 06/03/2022 +author: aczechowski +ms.author: aaroncz ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article +manager: dougeby +ms.topic: overview --- # Manage Windows 10 in your organization - transitioning to modern management Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization. -Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist. +Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist. -Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster. +Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster. This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance. > [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA] - >[!NOTE] - >The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal) +> [!NOTE] +> The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal) -This topic offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. The topic covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle: +This article offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. It covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle: -- [Deployment and Provisioning](#deployment-and-provisioning) +- [Deployment and Provisioning](#deployment-and-provisioning) -- [Identity and Authentication](#identity-and-authentication) +- [Identity and Authentication](#identity-and-authentication) -- [Configuration](#settings-and-configuration) +- [Configuration](#settings-and-configuration) -- [Updating and Servicing](#updating-and-servicing) +- [Updating and Servicing](#updating-and-servicing) ## Reviewing the management options with Windows 10 Windows 10 offers a range of management options, as shown in the following diagram: -The path to modern IT +:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png"::: -As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business. +As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business. -## Deployment and Provisioning +## Deployment and provisioning -With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can: +With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can: +- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/). -- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/). +- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](../configuration/provisioning-packages/provisioning-packages.md). -- Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages). +- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction). -- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction). +You have multiple options for [upgrading to Windows 10](../deployment/windows-10-deployment-scenarios.md). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today. -You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7. +## Identity and authentication -## Identity and Authentication - -You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them. +You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them. You can envision user and device management as falling into these two categories: -- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices: +- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices: - - For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
    Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources. + - For corporate devices, they can set up corporate access with [Azure AD join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud. - - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device. + Azure AD join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources. -- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises. - With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides: + - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device. - - Single sign-on to cloud and on-premises resources from everywhere +- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises. - - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-overview) + With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that's [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides: - - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device + - Single sign-on to cloud and on-premises resources from everywhere - - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) + - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-enable) - - Windows Hello + - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device - Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/configmgr/core/understand/introduction) client or Group Policy. + - [Windows Hello for Business](../security/identity-protection/hello-for-business/hello-identity-verification.md) + + - Windows Hello + + Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/mem/configmgr/core/understand/introduction) client or group policy. For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](/azure/active-directory/devices/overview). As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD. -![Decision tree for device authentication options.](images/windows-10-management-cyod-byod-flow.png) +:::image type="content" source="images/windows-10-management-cyod-byod-flow.png" alt-text="Diagram of decision tree for device authentication options." lightbox="images/windows-10-management-cyod-byod-flow.png"::: -## Settings and Configuration +## Settings and configuration -Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.  +Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer. -**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go. +**MDM**: MDM gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, group policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using group policy that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go. -**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices: +**Group policy** and **Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer's 1,500 configurable group policy settings. If so, group policy and Configuration Manager continue to be excellent management choices: -- Group Policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add Group Policy settings with each new version of Windows. +- Group policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add group policy settings with each new version of Windows. -- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment. +- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment. +## Updating and servicing -## Updating and Servicing +With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple - often automatic - patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios). -With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple – often automatic – patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios). - -MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules. +MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules. ## Next steps There are various steps you can take to begin the process of modernizing device management in your organization: -**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://github.com/WindowsDeviceManagement/MMAT) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies. +**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Endpoint Manager](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune. **Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs. **Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario. -**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md) +**Take incremental steps.** Moving towards modern device management doesn't have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this "managed diversity," users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. The CSP policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) allows MDM policies to take precedence over group policy when both group policy and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your group policy environment. For more information, including the list of MDM policies with equivalent group policies, see [Policies supported by group policy](./mdm/policy-configuration-service-provider.md). +**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. For more information, see the following articles: -**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details: +- [Co-management for Windows devices](/mem/configmgr/comanage/overview) +- [Prepare Windows devices for co-management](/mem/configmgr/comanage/how-to-prepare-Win10) +- [Switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads) +- [Co-management dashboard in Configuration Manager](/mem/configmgr/comanage/how-to-monitor) -- [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview) -- [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare) -- [Switch Configuration Manager workloads to Intune](/configmgr/core/clients/manage/co-management-switch-workloads) -- [Co-management dashboard in Configuration Manager](/configmgr/core/clients/manage/co-management-dashboard) +## Related articles -## Related topics - -- [What is Intune?](/mem/intune/fundamentals/what-is-intune) -- [Windows 10 Policy CSP](./mdm/policy-configuration-service-provider.md) -- [Windows 10 Configuration service Providers](./mdm/configuration-service-provider-reference.md) +- [What is Intune?](/mem/intune/fundamentals/what-is-intune) +- [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md) +- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index a7686a8495..5eb147ea0c 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -1,13 +1,13 @@ --- title: Change history for MDM documentation description: This article lists new and updated articles for Mobile Device Management. +author: aczechowski +ms.author: aaroncz ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: dougeby ms.topic: article ms.prod: w10 ms.technology: windows -author: dansimp ms.localizationpriority: medium ms.date: 10/19/2020 --- @@ -174,7 +174,6 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article | Description| |--- | ---| -|[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).| |[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.| ## August 2018 @@ -227,7 +226,6 @@ This article lists new and updated articles for the Mobile Device Management (MD |[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
  • Settings/AllowVirtualGPU
  • Settings/SaveFilesToHost| |[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
  • ProxySettingsPerUser| |[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.| -|[MDM Migration Analysis Tool (MMAT)](https://github.com/WindowsDeviceManagement/MMAT)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.| |[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.| |[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Bluetooth/AllowPromptedProximalConnections
  • KioskBrowser/EnableEndSessionButton
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers| diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 5b722b5046..5bd11c744d 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -4,12 +4,13 @@ description: Windows 10 and Windows 11 provide an enterprise-level solution to m MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' -ms.author: dansimp ms.topic: overview ms.prod: w10 ms.technology: windows -author: dansimp +author: aczechowski +ms.author: aaroncz ms.collection: highpri +ms.date: 06/03/2022 --- # Mobile device management @@ -47,12 +48,6 @@ For more information about the MDM policies defined in the MDM security baseline For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all). - - -## Learn about migrating to MDM - -When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://github.com/WindowsDeviceManagement/MMAT) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy setting in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf). - ## Learn about device enrollment - [Mobile device enrollment](mobile-device-enrollment.md) diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 9e25d09647..dc42004f13 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -20,23 +20,3 @@ href: whats-new-windows-10-version-21H1.md - name: What's new in Windows 10, version 20H2 href: whats-new-windows-10-version-20H2.md - - name: What's new in Windows 10, version 2004 - href: whats-new-windows-10-version-2004.md - - name: What's new in Windows 10, version 1909 - href: whats-new-windows-10-version-1909.md - - name: What's new in Windows 10, version 1903 - href: whats-new-windows-10-version-1903.md -- name: Previous versions - items: - - name: What's new in Windows 10, version 1809 - href: whats-new-windows-10-version-1809.md - - name: What's new in Windows 10, version 1803 - href: whats-new-windows-10-version-1803.md - - name: What's new in Windows 10, version 1709 - href: whats-new-windows-10-version-1709.md - - name: What's new in Windows 10, version 1703 - href: whats-new-windows-10-version-1703.md - - name: What's new in Windows 10, version 1607 - href: whats-new-windows-10-version-1607.md - - name: What's new in Windows 10, versions 1507 and 1511 - href: whats-new-windows-10-version-1507-and-1511.md \ No newline at end of file diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md deleted file mode 100644 index c2522f3e4c..0000000000 --- a/windows/whats-new/get-started-with-1709.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Get started with Windows 10, version 1709 -description: Learn about features, review requirements, and plan your deployment of Windows 10, version 1709, including IT Pro content, release information, and history. -keywords: ["get started", "windows 10", "fall creators update", "1709"] -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.date: 10/16/2017 -ms.reviewer: -manager: dansimp -ms.localizationpriority: high -ms.topic: article ---- - -# Get started with Windows 10, version 1709 - -**Applies to** - -- Windows 10 - -> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -Welcome to Windows 10, version 1709, also known as the Fall Creators Update. Use the following information to learn about new features, review system requirements, and plan your deployment of the latest version of Windows 10. - -## Specification and systems requirements - -Before you install any version of Windows 10, make sure you visit the [Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications) page. This page contains the minimum systems requirements and important notes to install Windows 10, as well as feature deprecation information and additional requirements to use certain features. - -## What's new in Windows 10, version 1709 IT Pro content - -Take a look at the [What's new in Windows 10, version 1709 IT Pro content](whats-new-windows-10-version-1709.md), for the latest updates in content. Use this topic to easily navigate the documentation for the new features in Windows 10, version 1709. - -## Windows 10 release information and update history - -To view availability dates and servicing options for each version and update of Windows, including version 1709, visit the [Windows 10 release information](https://technet.microsoft.com/windows/mt679505.aspx) page. For further details on each update, go to the [Windows 10 update history](https://support.microsoft.com/help/4018124/windows-10-update-history) page. - -## Windows 10 Roadmap - -If you'd like to gain some insight into preview, or in-development features, visit the [Windows 10 Roadmap](https://www.microsoft.com/WindowsForBusiness/windows-roadmap) page. You'll be able to filter by feature state and product category, to make this information easier to navigate. - -## Top support solutions for Windows 10 - -Having problems with your latest deployment of Windows 10, version 1709? Check out the [Top support solutions for Windows 10](/windows/client-management/windows-10-support-solutions) topic, where we've collected the top Microsoft Support solutions for the most common issues experienced when using Windows 10 in an enterprise or IT pro environment. - -> Want even more information? Visit the [Windows 10 lifecycle page](https://www.microsoft.com/itpro/windows-10) on the [Windows IT Pro Center](https://itpro.windows.com). - -Ready to get started with Windows 10, version 1709? -> [!div class="nextstepaction"] -> [Deploy and Update Windows 10](/windows/deployment) diff --git a/windows/whats-new/images/bulk-token.PNG b/windows/whats-new/images/bulk-token.PNG deleted file mode 100644 index b0d2221824fce91474f241e4e7cacb5ef1f75f84..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2817 zcma);S0EdV7RO^$lV}jNXN+p>t%_=6tEyc|sS%Z0sXh8pU#Ye+LXFzxGpf}_Nv+yM zC^cdfF&Z>x?N!l_y6*FRxew=e&hOzoob&XLx4vx(0Skcv006|?%*Yl1VA4ICF9X@m z7|^zre%6?RZA}dT9|uKN&xG{>!V&=h5L4KX-OrslD8LLA3;=MD|65G2of>tYeE!SIQ1#-{bmukB@Z){x+>5Q@ zJDRq~NAog8j;K4JZA-@@#_WdC0l6jOOUI?oFtb6qYk z+}`TFLFRWvmMfz59AjYx*ElbSUFDDa!V==W#CA@9;Gt0#^2BJ>)?<{7wuLIq8GZSl znK0)u9RRwDPUS#2L%PKd>J_BRc#BI7{oIU1!~S-kaVb=qtD*kPA)WF?`t998a9J_S zOX@yoZt>DdmVQp}4E(Omu+(q0jd!qmnVFxbtvAD~t~V998r^zV3AM$+(j&EvkK)%>!Trva?VD)q$vp=q+H8ibQG!k0phtLgp7lq3es$G` zkys{HTSDZDgeBetTfujz(tH}Gay%vOcHfcTz~k?P>n6KUZdO&U@yf~2TG(ORfHhv= zS#}}Lb9^X>C2!QnM*5(u@mX{LcOw3sT-Wd?_iS;YC%w=Ti3tt5L7~?t`AWX?)0Y^N zJj(rf>!9UbC+!KVjif+u4$k!y$Z$25y4j`H=VdVE=tv}vfVPw{!?Ylo0?yo>tZO$H z_HEWO*&iWakH!qGx<{zT#oLZKG#`dSgk)~D7uBXxMWQ%e#T43iXvDC&h+1}TR!4fNKQOFcG{(PLZW8+(hU=&@Sl8KJRN@!hvI?G+Zb1ii*j|@jxD48^ z6em2D;L#vNq=`t)spYp+Jy|PCa(l#^?05jfjN2cpB^gH|I*?Z*d1f}fUfRLx=0j%4 zAM3FV1!#^jUR5CiK!sy~3S&smxUr4mC2fb1r{f>Ga0}S9gw!d} zLZ*GOfgf53^6)!GIn90OX6mzVG-D=RPPJ1gnyK@#0CV| zt*Fy4*N)H~`=p%^w&y9N+4Q8Xku|B>gSb~!E1o%}V!ppYH&nUx9SkIv#FP)TZO1_6 zO)s)97d#+vH~p%^*iVcbJ}TyMy`tmR$jRAP3e3={3Rsf)wQ!|GV=Hpq_S#T%y8;Ig zZ9~~A?H77`PmL%)gr8NI?TMg!JZpXRw~-r{YcW}?3Tm= zMg#p?K3t6&wbH<8sVMB!0THz~)CeoY%TXznG}b7;grEUmiXf-l%78{m!} zroR+J7-l;o(nQDu+ABwZDZT*+DDw=Pp=8`>zv;i3=c) z?3RqCA~Wy!cL&5`oy5KhvBaU$fKIi}T_#Wm7-LR}l7IL$2X~<)i;RpSJmx!`7B3S2 zo{tpj5%a|oJGAkHHX7z|Y7?oie6Qu%_|aAJd(EbM-VHdbJCdsP7t^IWw`~;obxr&6 zf{BjKxrVPnEET4GG(Qj*81V}AmGf{_3dV%7N-1xIs)X4W9_We3rG%1N zM*fOQw~Nuh_&&gcG-xvc;JAE${RPLhjfZwDcVw1-T=_RgyF5~5>y5W|jlI9B;urQr z7tT)I*4NZu{$WaCwD$7UR;myB`>^bNuvT0D=J7L6#>H8z*mY2z%Ry`;>Rcv~NPf#h zx6exC^?>b1w408^H{MkBg?I{tjKy#865+j^p>L(VdkSYPn{<=tAXh^C_l0){1_ z{Lw1S_7hdVQ^i|;6q8cAx;1aKEzKF!8;^Ut&5n7YN%H+4IGtCLB;Axko{zf@$G?l{ zJZPE6rLhzO4`xiN^Ey17SROYHomNW~2s64cqRtA;*7b+FE!#kTVqW$0e`^V`X(WR{Gs_ z-aC8?7ou4Fzib(G@@f1~weVwU?Ys+0ruZx8S<7fc`6=FUm-|szEOX9|! zm*{tmP;h#gPSEPyuVG|8N+H2dsJ=f?{rI+g?{Q7uh2ve zkjMY(xcE$e%9@;gav$nz6TkD@m8rVK_czcb$lSM(GNmLP7KgW{7)i0nVrf*gmt9Vk zrfi6>S2I3r$Hjm8$3FX!+@%p;wpsj`zcnuLq$LmBWo8|)!?i|_33=7=Gz&AF{Gq21 zRKVNxI>7}xikHvk%}pMRnC1ygZo~`HDW5ckAoTMWu-04@$c#R;j-7wxE$GZx-LuXf z!|Kle|8U5#ixokYek?AhB^!2@{_5B!k+HCKW^Uax0_IL{_u^!O04hCau@zu$eB0=w Ifm`f<0FaYEwg3PC diff --git a/windows/whats-new/images/wdatp.png b/windows/whats-new/images/wdatp.png deleted file mode 100644 index 79410f493f277040d4c979c55a0c2d67bf579009..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128568 zcmce;XIN8P*DlP~t!@jl73s|aBE6$@6_gIrJE2Mk=~6;O1O=rFNEf6gkN{Fc6G5tg zln^Na5g|YbNC_nnI4cRB=X%~B=f`(_=XhCIu(IZ;_qfNHa~b_eN0s&*>p2=48d`NV z6@40-GuAXTC%gYS4SXj^(M*_z<|>W4%00uUSu2AQ})XkOd`HLl~mRDY_ znwu~B@1nMb?o({fg?v9gxZ5(x8t>rZmp(qoweiMja7964c=7Sm*0GJx8Q^_`hGJ)s0$$zf8FSiN&=gJ}a2g84^s@_VB zoTOZa))VMdt2apr6EmFOyy)nb`sb8`aZlAQZGH`mq)i(TkTf#ND4q!76atx+WQy<& zNAiRgP$c@w8Re3(phb6r{G8vjb{fGXHMLC8GAiC0XK+;F@bG#PcYDHRrBc?;bbLOd z(bxZreA<|hzzF_z^G1;K;@{-Yy)&aK@XVzKyI3)Hv{e#zu<%T4Ng$6H$lkMuR=*5|+ekE>A~C zGrOYv1RV-4y3wZf$`2nMJWW5`LhA1+toA5eBCk%PfAuNlp<3w*sxP;g2073YA^U|A zLXjWJU(hOxJ9gW@L&BkVb6fLOa*+jUMuiQv`>YpLx3;4%HT#E}9<6t}kQQqcvze0| zqRIu3Q_x#JE~FT7jDIZXOHk)%4mV|$>&J^!~LvX3y-C3R^X9 z=kc;u0W~$LfIy0>Tr+n;XO8XW!3d?xLol-FLY&6mXdX~B8jvaY4NqgX_Eefd5l z=M~j}29Z<)Ce#eQ+Ujjf$eHrj&^_9I8%*R;zQhCh$^Kf=t7Kzw%`?5Y5X*`u)@bh;JPkqbetRBQ3N%rV+rwpgL{>5U=8f&YXHEd0EWg+bl;|MnpGFq#OOY%8~(F2sb97(a(vmv2jb;(-jU6_2HS_ znY==!w-V%5|1EM^+-nqh``VI`EJ?x%YTjM#dG6I(K3h>b^s4j~U*zBcderm_%z+DO z&Mcg=z(U-p;UOlw9YE9Fl;Uv~T`vjo+08_(iSCk3Yofe~+gkxuY)B!(8dRjzP^98} z4u5j0WV`On7U}5R;!GpaKe)q>+2Q7e*sy*526bzSE%^Rzq9kL|TQE*2@pWkMTTlU-qW9nN{CYg1cI<+f{9?2=IN5|sQrh!%Wc`9>d=N7w(2tH~+%Q(lfvPUnDgNq61L9P+EE-gNJ zahV7y%Z-HxTVMJ#{bpihko8|%3cdN)ve@+oOD}QYxljhJc(eiH%oXVmDad2o*cyh2 zlWPP`=;AwXRJrGatsc!LVjT*r>kJBiWE$TZs&VwY@7eSPm4fa?ZaV4wmTOD7hXN%> z%@QS1@xe7=57Oafzi*9{ZT+mWw6aVUP>*>RHG$OOlkaJ#pkZjmA9Jc$Tu{~O5!HUs zDa8wwWS6c15SkOR_cmvGq&PXE$l+m;bG6gEqK7;Rgy2WI&77nCTztb$B0I~zT$|92 ztCfH1C6)}%$BUe-6ZGNwgyQTmPYS>ubN6Iy&SK( z9s7!sIlI5}ep1R~LIHHNygNO~#2_m8Wf=h>+|GR7n)bM?a`RJzURqu_?ZOT7dDlg? zqYB4{zJvuPtZOg7weJQY`ur4eUn#3tpjV+5*7SSe+3McTjR{}*>yfHApZuG)5Mrf1 zqoz2l#4oXu@RrS z6CPfn#neM#A2y-y=BSqam0vX_k>^%jg8EkaZG2h3JwbR2tI^2~$wg-u<9Z7%+_GR+ zxl_(?RQtWi46QXLMJN!78az#(FR+ zc6O*jc80B@EE$^$hj*u0CjTDV(5k^{1KBH;vWjH2EohM~Up zrwIrfg7J^kieGAf$qk8q`HgB&PTynf6$F`HZGYsRgMKwT>=njT1w384^S-|Qr^j@2 zzXnjlLBdjk0q_9K;lQ)gQQF|9;kT1U3Dxpw{II}Uq@P{)+pm)Na4TV}k5@r^XFa0i zX6X3jS?kJeo%cTHtK*6&QM&u%n2T`p33U&3Ent^x+K0A3N9n|?Y%Q$YS_NC@aPxIJ zE^cgu@@0`MVdvsqzo=>$1%~;&XZ3gUsPxnxirVFpI~h!Pq{b@EErAikAc>*zj=~n| z6MNI|AKr)>SpD>k7ka)kj60N)$_00i)An+ELaK=1@VLIN!K|LaQP3xI%yM5KPQNt~ zBaeVvS{bd5;rXCeBYV?8xcd3R!+u zeO$bHv|^2dJI}I3g@rur-Y~xh&&yQQztwP)xrsIE3JYq(6%n>}AM1)X2xE;BDf{r7Kf>edVO~b_Nm{yCR^pHwIF%5yY3XYEE5)*5PVO0tUc+rw&$K)yx(m+x zhm}eqO%m@p)-EnT$ptguHrFmVV_Lb4(dxdTc`)tYI1YQrf5=5d)6Q#DjT7QanVi=+ODJD|4{OodTw9y2Z}rkN9w= z)cIxT=0ig7Y}VJw!-o$EQx+eBSIa$dIGH`{a z3#pMLXOg@BPL~JBCP=+p$+wbH(@fj;!bY6Ne9;6od#@d%e%v`ecZZM7)^tIXbzOtEd(X z^efkJ74*bBa_}^i_sornu=k)3-Yl?5W}^`!#fH66sw@BHx<*kxZYoNQv4qu0Nij~P z06V>cUYb=~k-=JE6dc9V?okK3K=-Z~H!z4QmwJ$z23qDEMLNYVqdqKj+&5A0 z?LjwliHtN|cVocQ1!NE3Rjaf!VG+iJdROvm{)rp*$)+_qniy~W(3!ILz@ew>mL-Y3}k9O&_mb2A4&BAoJIk8FgX*=K{iy?>vPFa zQ?8XeaD!{=Lp0;_V`*urw?tmX_fe|H`fM_#54>9bQ$B6A9;)K=KtNfWRz(ZEcDtFC zT}BS=7T5QU*60*6@48?^mzXM4PPb23a2PARqmeW%BUZK_7ObVT7N_(WMJC}Xz=%7bWVPD6TmF27F51BpUTzrrr#5=KY zLQ2xrb>ubg6?ShksFexo7w*K--xJ(aoZLFbNf(wRVNe1>3Z2W_kl$8Nnpa^_9&&uACOoN;W+K6HKwPxtDj8wkTe$OR^%`xs5a5y`-!);l_OICL? zrW^&2KjeR}9ImH6B;!gu&t^*^@M59Qd?>`>)8D^cE|cw>ka)nZJX7x-7b;^L`=ByO z%Rn{a5@v_q4F%)v`UZ^;BB-XZ>g%*@>d>aiCtf49Ia&v8TAA;x=+(5a^eFmCUFeY{ zbbD<2k59?>_QG~UN*vSb=8jx7v+jn8aF zjh4&~Q)u_*2sI(%bgAuC72c1+mc%-0tvnXilxu#E#z zrH@s3m5W-|r@WheKTr7V#+=$CZm$i-y6Lia%^L@Wnffy^E=HT22;Lwh_MElC1Obti zFCw(wlj%kJ-ndt2O>zL`KD-`f=MjYonmBm5nLI|x2^;xc!?Wa7nbUrTrg4_#hSb^_ zCVhQ1t;jNbMEZKE59ygUT3>HEW4)9-6%<^#KW(~;ZXcSP*g$67Eb!0w34^LtB@9ylJq?7;s>3IJ1WL5Nn zi?w%Luud!hRF^dSrrX2yvRPvm7c^t+aM%V~D>J?K@;CCCLN4&hUsv~WGvw9HoCt9T zn8HV{cLJ(LJViOX2YWz)b$dN~IQy#QcYDOLtfC$58(L*uaOHg_u{sK!y{c(QEnJ=D zcLoc+AU<$LqE^qH&7omQsei?`I^YJblapx`EqPMtJwma`ym~`qQbEPiaD|J`z%xtF z{vHX!k+d<;6enZ-n>SU@5H{M{OapDz_2X3Oj@sB!1AVz!)YeUL^f+SZ^_TjF=vp4} z)qRes`B%DKc8Y80HYCh&Z9C3%EZ5@ghuGT#LtGF^)n4t3s=QyH@D09M49T^6ulvPl z;vosO$-DKjj>sU5k(EQZ!4D_%Ey**cJ(+4|Y8MrMJVv_~b!=6j@#lyqJ()~HJ4zPt!O`Gk#-n}_o#nMK@B84? zAS(=Ukv;8jm5!;TqrJMTtQZSYV%{2)-Z?~Eaxdm z_3~%*>w^a3%cxVt5!eP#Afqn~>0@a1b2$ERHx#_2k!yK25=OVSXyn`FeJaW!{ben; zNIq9+rRC;p484*x`SCPok4 zDoLRIoS{ivOT`_KZdjf^Fj~?zKUhQr6HM^De&XD2iy0R0z0hfkJ0gVM{%SaRooDI~ zsm<)WD`{D2u++iSzBIPfH}&zEk5xq2nTMGU_ugMTt(siBKb)diBW1L_5#-sEjSZz~ zPw0EIIH+Wu4{ZKrFhC$%)#)_*hlTTELMBVshE(piByQbIT8{WC#D z4(yyk{ocLD!TN^#?-JpZU#eS9TuQn#^-J=T9w3D)!%;_figH_m%zfsaTe?O;W%9Zp z>t&O0?HX5f<+XAbxiY4U7l0m>Z`Iz@GyL#?c;CZROqGW-Ly^YPkZtWcK_ulZMAfJ}d@v!r45dL>U%WgX-ULldWMZ*WXT%~Uie_-37 z=&^r1abU)&Qr<>cX#QwD58d?FJR(dO5#)=}V!Jlj_oK_SoYs`@? zNSi*dIctl%-(Hw+xzuVkI}*i)b+&c!oFD;{pIpw}J#V~>bP{_#YZSNg(dZpr7=m9f zCzIMCiYgrEgTdf*Ofj6C0 z34Jq>S3FGIF{*LG0?D=0#_&vGVb(tC%=q2SYTg~Z~ZCbBA_}n8<@8cI% z>93eVOZV825_;I>n)k;lxq!B#0}IJ;#fbnbSjg5f-8~puz_EF)zV68rab6@C+R2VuWU}Sq{(xdNqyxTCzNLz{Bsm{ z#6-#?DQ1(1ItDR(RC`g*6vHT3NwJ8&y$DQjlWpJxFWitJHd-t!{geqxR#KzHcW3zV zC+w}|PMTD%*vXj@BQx$M_qbsV_ z+ejH?NGS-*aH*bRiN{>Waa3m4I|@wC2>rPn=uFj@gcO`6Aw{-zfr0+`Mv>!j6h)El zB)6h7l&`3NVP*g8r~jutAQdXOP(NpO+}=~Jo(Ue$At_gPQ;&T_xw@)J4FT%M{>PS+ z{s47*>eEXL8_|{eub>|}oryo%`9+z>R+W_}z@n1dzRoKO4Fyvl7*LU16Fb)iDTUz; z9VJJf!~wSysD=gUPwwQVatrZ^jFJSf&gzj)QL564nC2TuAI&;^)tHD8)V4A(_{jQt= zhx;y*BgJ=b*)^8g>UlpjveViB9b#Ge{sRz&x5IW6G)+e_lf|{o;0b?SlnhggU4S}4 zo_iyt^Kr#GQ$4UH27?Yym9kG1EUj|r&Cx4NfNx2TD7VSn5@j}?oDS=nUq7;z1AaEN zO*)yZQ2kC0AskHtHx2r29T}w`wvwCAPs|ig-5mxjgT$38*Y+K7)&;M%a^n?GMA%{o zqqbeW4XYOfuvyzf72Rz64-V%<&alUC+H{?*nbu3+zVj?O)#Uj^)7-BYbzY{wPz>`y z$W7OyvI}-6BW&-RI5+|=Y1fgH3P=6g&$nwwm@~>QJBhKoBKr=TT8I+iZyS-3=5=Ln z7)JnE?y|zuIVt91lN96+uw?uv(qO=!xdwdn%$}KF9l^<}(-;ptA#T53$n#C85b=^O_r|{kT ze&I~8W+o_Omx)Y@pV6J9T3|@JbRb1Oz1mre=~p!#ugUhK$W@MIW@9~Oqv_4q$;T7h zqzKp0D%Bmu5Wk|A*Imjc2#Fkjb0?By25(y=$%8}b4Fd4!C-gaSeF zE^0^%5dsM{1RRP<=Ooh|Q8#K}I{{jHTh{K|5SQyyO|sgvzK0F}U60_bRT@b0i7#}V zM>;y1>*vVFyBU>QfGmtN0@y$KO*YLHzz_CU(>WjZ_HOz2^=^H}FfD}>8-m}5!8u#} ztsmms)@PGkc-*dDIlLQi^?M5>p_g3iKK(_F?oMFv5!YueFZ#}B5{O$&b9(g+MTNZi zXrr>j6LkUL8V$M`aa};G(TZ-^zRAE4JOt`ApOx`U(wISU1m#ouT(qV7nU?%WO3?XP z)qpLXS+$#8G0P|Va4=4JPl^ritP%kWS7HVLeTEY1RTez6!IgG-;k`;+|jEXeFeQYF{@6yQ7}J zog|*mn#6Xwk%srwah@|u??ZAGmUrdP+_&`zTjD-CBBS@^N9$xppOxsEgZ2};kz0Az znw0YkTzKw@0Uo0Mz{kSY=H{+~@ZR~UN+n<$)zx$bg=Fik#=(q&XIIY~45SIVjD6i< z9b64Mby=n#A8b*M-X{1Rt-XSzt{fI5_17+yl?ac*5ypj~sU!Z+fu(2^-;_|MXFq{3 z7+T=i_C@0rnSIJ$O@eR9JR&fug}<=NyL+pQG?n-G&shNc{uy_eTlW3&jy3q^D{o~lmzLYV)C3u_e=z7IF4I5XT<{ry%2Tzd z3c3LH5qlW_O@H>0`NNb=KeWM1_cZXoSOmE`RXw19d52j`#of%n?;?OE1yNsmjI`}r zf9ZOHkom~&TEef@h-;IgpGt$f`3gKj^Sc5_Osg$dOYci369C8{=O?g*#b3&Svto7g z*!x|+DSpv$xCZ)WRm38^tzu$(8<)t@Y#;6xV_XGjTTSF|wf_;g_ED9v+gI$K#!-)$ z5c^@in_YLMq5-^v$eQ~eGvdP5IH$6vJvnXQg1v05XZ0Rv@RU9n4FmCRUB7=q=wKkM zYk&Rg^kH?In~i80z)zObn~M!venWPAOm~C_yu&78KXLHNgXC z`X^Rr@4J5NTKk6kW1rZ9QM60bV2?_5Q_{g&12?9&L@mizO(yZ&+PIzcfd!dvWNA{j zWnM{)Weh7W`njHRHz@_8peUAaNo7~ z_yXF1pF4qT@pMkrp85SE*@koU=`Z2y0bJ*ndWA6RJ9ZEJ^X4pb8|fxYR)B2y^)zdB z`bpWm_sxCtmT$p`+pT{3feQZ48tnz8qZK80=6#BBqC+8*yAJUa+XWZ>K1yZV?^h^f z(lUyR)q78f}?$=M!-?ngFS^2^a(CNn>!{{rgipmJEG+7 ztt`pn>=BVU#I3>P)=%X;^F1i1@JDy}p7@+wOEvtZz1LJg7w|@;VsVvLu67P{Fswew zKjXL0hNx8l2UpCgjNR*togrBbH#?hJIyAx!1QwmPw~OVYFwOoMY~BwD2R^R0OxeOqv)?FQ02zx?9ymZ8#4KMxf)`jQO}=UlcnKN#`jvybb0g6^!itWIOYUk3<{_BMG_lI9|AD0 zQVxP@?M-L%Y4&C#Aa?(zKz+Q`8&rYsj)w0;9X+8#=L12DyI-Qt$i?w^u#uAacVB}< z#2#frD+_&u6*EV`vE1VWFxm0p8kRU8S6=piV*4L}g~@plzw*x=;Xv02G6M>IC)P!t zsw4nFnmRLAOG{_1kY!q$!43ru+L+pW47ClHUQ<(i_){LCgL=EpkYK>ax~u|o<0{F8 zkqgQ9)M}4G7lqnh;slu*MSSL&=LD#c%h{^Vg(LYptNcy!mM#RwR%MQ$h0C-rxKGo59~1!+;Ht~CDJ0y2_H{G4(6rYLWE!RT z^KiC%oBbqx2MEBNM9S`=nVwY%0G)RMIwRmh+TAGz!psU(9wQX;o&ZA9nOl%N{LEwqY&v7QL$Q?{xrW=A~(cG_(F289sZCMUlf ziObH#m}Fk{lwAl+=?n|!hNRvpMi^KubyUh3#hkuxODRMR@=lq7 zCkO5sgi6^3uD$Z8De$ZHuj44j{qoD^wJYij5T`5iJ9?4XL6Q_PwUiS}swC}v#wi0*DBS&7Bj6=40Te0iy zgKiOB?wWH-Cc6rrTnTQ zXlXqyLLH&1EZKOs2Yz4B>Xj2y$M~uGcjn=bIyQXUfBxF%0t9m1+}rTKD!v%D5BAL=;u5+g8jZQw&uOb*;Vigk(J}FvpM&e z{+4PZ$5+O%c&Q&dOm9wgY4UGWhuS6r+o=+{6ga#_;Uu5hHX^s%aDa#7HgC$-G+OB= zrWrOc)2^>PujgSH8F~D)iaV-zZc;iatWay4-lQ_ahvQ82Z0rarKI&$)$IB0SjU)01 zC+t>D+%==_RgoudXcJiVUSTqFr%RQii<8VRq!fofjLGp!m_zs#HZ-v|{Ohugo17W0 zAA{VNw9p@AlF`o4`)!6G_U_IIj*l?RZvg(!8j~9h_4^dUc}GoZ5H@lE*D06FUI+pM zA%z#&_JR@O+{z?`D((2Kk#{AHm@{q}MLOKPHq;od*X0=97BNDC5S{=~_-p5`q+g(` z0j9QiFyJ8l>xYKbDDm>fJgrQSY^f8HDDJ8xKZ4f+2!r_i9eOO2HcED<(rA88@z5b> z-<{J!c4WsrrxD$)-Y3ulYI=7e+E;_TskHlpI$C5e$iVtH;lt5DZH(aHO|lNmVDc8n zT4!A>J@H~Ot6nE-;Zb!mf58-3^sRKq6u4XQpE7=J&k!8@`)bmx)9T|n>{beIpA&I9J#Wxu@N;AxhQCjgTeR7JO&h2tJD6Dcnd*4TFkxDPOsK*%9#>Av#1O2-Rj zF9k~v&bvAA8fDG`>-X=@EHTl2hs@ppKoaO)`(u2`?UQH_m400jC(Q@nOnKeMG;t=X z2j@5)93X85PMN8E?g?az)!q&U>7kbh)z}=x$d#pg%d-g++gUnh%?o~OS=PE2^e+Rr@m(q))U7-CLBnR#JAlfTlSjN!53B)- zZc6()M(COcwF#1~jj+;Jl)^*Tf|tL&sI#go6Le(wu?!21!}`tzLddK50i6WUUP7Ug zCgE+B4dNeA9pnRuK!`(ulxPnl4=O(2U;t;@tq`F5C;HnG8)J*y7@qts;izM^;q7*OSv#m|X6!2!9)ck)xm zo)O2+ym#@169z`>U)I`%UsYyerNj=JH(enUVzqd@0niv>3M(6&Nja9M?%z0fLAH(_ z&Y%7C{9Nf}S}OwuUVvTkA$ArxcqQuV3`UAV{^O@BB1Ue%))h@k4>4YozUJ}etmsuh zQkt(mUnx_9f?3HyrzXRc*Lp+$-cIrL24b=DZne+UWO)fEBytU?_KO2B@Z7X;&dl7H zJ&dt{7U^YSnB~)8u$Tk)3A(<6Y`k5Dd3k>s;Qmo?d#q9V_G_9EM|b)8;N7txme{3A zqw_^&=C>_?^eENBehh+Je|S2$;-3SN!nB@=)+aS`dE6!+sQ3{d z!URcpY?1QwDG-RG_OM}x~E?N(w_N?Z}2j>BXpHj6f#M%o~ zaQQt2`XkdS0BrHdV*a^hprbw&yqg+C9;k?WE@i>>$4jlAAo0T(+@x!>i$H;Wm+Xl6 z-X}1MC9)^Ef6Y5L=;FC*&++dHGEYD?0FjZ->$Lz_b9tcQG7uvyCb~ogPhcch)MYHh zytA%&%U;t7nbYsP$6Dwrpg6Q=YT$te$~iF5rJoQ1B!4#EC8|A=wRDfH2KM=<_nY#F zxwC2dcqjRN*0rZMWy6Z`;w)HG!uJGZ$V-2I2WW@A^8^3H)VElR+T1d?$=YJw@JHMM z^6JR$+z-%UOCT{GOF>pu5X!Y!M&=7{`-kDC4Axss8uAYXw-EgO*;`|um!^x?i;(4& zBU0}coBJ0O6d3IH-z#M%`ybuJ%|xf)8BjUGPk{xMPZn zZuSi(dyEum*Ur83c;5CtI5^l&$;8;W7rXf-Y;}2gco_w=S3;xFu!e>p^R7F3v9YnK zzHVM#by;kWTT@dRJupbAZC_vCkIOim(-Rf4wMD60J)f#e5C{`d=4z{j%{@Z{gAcvE z8d6eHrBziv!*P=n6Ht%ITJ@xD{A6)X4rfhmZD;BZfiQjuuBxf4v*;WeA1@sk7~qqe zetIh69&oER2M5RU(o$tJquW?n^r?~czU)<;yHv^!%ZNQP$AY{tGaZGM(TsHRU0uTA zUK?HW1U}c_-|y<~o;7SAr)px7CMzd5zqxnQ!}6oLlT)#@=ah5l-!&h7u>&rw)VD^k zoC}n}qbSbd@`=aL(o%Im=p=3g8dg+P^rjBKvSMg&|G~4B6riy6P1!8A6b{$%_xG># zcK=>s`*}Y@OGrovFfP8p%8M)$jba&fkSTg2Y%_DFV`0qQ#brpDPQk%!dSXJBZ?l{j zst9NgEiP8IMg&@J25oO`InT6!&El`g#-*mFnp#Yciz1u>VQW1xuBGR;gPWm%U6qw1 znykIbSc9+w*)Kj)Rw|$#)U)X~0|D0==IQBa3%US$OjHc7T6CfVs7sr>72!XDqKM?dgb#T8~UwS=l6L zlz@Oh&EtO7$vq!>1SvzxO%PpFT-;SRPId3iae1{P;6hd^gmPpe2tOPfO>a&mGt zE+aSlnq%N~z=B;kMvQP+mY%k@Hjp#g?vpm6&Ow8`Ie|!A((VOHe4?lU%!7e-cz@4^ zgoHHCHzOVU82e1SKCYG6h`!r8jQ2Fq(@U%-PXuVbo~CZeJ+=fK$@90nyLKRI9(+&*xC-MtsG#2Ftg9PujIb`>-rg>QU8h&BND(m6 z(ReSA%~5RN_7k|xW2&C)MOPOWb#uj>knE=%AFkD6LVo0gtR|vy9O#BS(KAOy+L?CY zp-p3B#z3f=@i%<14_nN8nPeSb=P@Zwj=sXe2Q@V{8+)O^?@G6c>1ofi#(+_T>@_S8 zJK4NCQqiNMrYA6l_R&#TT_sXA&(&C^F~D=~gOL3Fi-76ty*~h^cdv^c7^fU&{1|(@ z>G`95X?xPk1PpElEN^!&9gRZ)4yg_!5m`7g(YPAg#e9UW@lz}}s|v8j_b9FPl-Kl* zOiembK*ZL#q0R4`0J)cukx^h%2f!HHZO^Q?a}VR2z2`a$WZc|bUF~+?AAo2OWYY%y%-U8v6`lAH~6WHF_o#T!x1QHjAMxX&{ z>=1;lE$;rdtfz`P2wjI6AS|_Ib9ZqPW}Cv~Zsn814Jszw0Pr!%yzJrRln$Exy$*nR zsPXai(Tv*CQa;9*o5sI%Y6&udc4HRf3vjFS1{C{C2JS{HtT^GXTPso6Z0L zjOZ$Pn6=i_pen@!n#?UMIN~wDgZwynHMO;4CnhKDyVTwD*ty=ST8OF!HCua(SMdaZ zf#eXh4FQ2bg7vXptwOOzH4n!l6W49s4y58%dA$Vz-%eCHz9xqY*>ER@$HvCq8chRu zNnWp9$fC9c0N>AKf2rsB9T3z*kI1q4$(`CL+Ker(tc;G8TNs&`IGv4s{IUHd9d3W- zs0E*E)fk}doC^S9sz%ptf<}gE=A7S6ffb!HL(A5%=0YJKAOiJiSh=n~wg>QtFTUBf zJ?gDc#?d_J@XNO1;V)h#^`I$QHfd8h$nHx3putLxzn`CJi~A!0lCS*aonBiE;xX=M zS?^>^>O3*#T)_%rV8g&+us(6Lho4e3K6%e{Vnb+teRE8Yu)5eYqw{{^}DX+r?FJNPagae^d zOsr*A!8fBK6mxX}{MDcQb0A&9dM9k7v>?xsHpEg&u`V+dO>QY`qt%2>eE& z(Y*Z;EFKTulqNE3C>|Yb8u(-xG87r~uYONfQ1U9;e;t*b{sLPHjh~yORo!7IcP}q1 zGxYE%cT}7Na6*%(0<*mi0JtDT+%_vH?Yh%(1+1x*vg-(_BGvv~xh_#9N&s=>!m{~LHvVW*^_VZ7GgU6k3-$;oNLrna_r?6PMq zz%LeHDM>K5IhZIt&*{Qa=zIDZUVvYu`l_2eP#Cfi6RYq9C=Pouz>fmFF2@gzjivg5 zFI%{Gnegt1Drz?V;>~$_eS0U<6RDmgWjNE|>$I}>ic8h6c{g>?8gbi2kX~vC%xj&C z&4o-?S&1@hS!8q2KIV0swj-On`wEqseti`ecM+&2u;ykfpa7PP!L8iPIJqwK7@q|s zh1S$aF`n)`BcIH-UO!puVF0Ac^R^#lrAQo=ml=UTh>3}bH_FbrgT)IA3kB%go>L{A zoe#++f&4sakBKXjNA$Y#i2<#&w6v+YT)~Ui$V}`0pmwITS*NL)nM?YJq<7c|AV*&_ zxg@a1bI@{r06yq29#D1viwXd@Z;Vm{0s>s;I%8Ak*Eipep-^U@2f_Q>E&yw++%fWN znR^GNnvK!cA?2Llts(DN$|2dR2Vck&w`VMg%sO8-gPSKR zY?W8ANTjT$|6>p+*Kxlz5r2;DCwYC&D)Lfv=rovGE z{7{RJnFFeY)a~1oQRvcD|In+s-Pp~-G9PzW*Iw5geO?{xG9ftmxuc8V?*Q4Zr+`ki zYxs_^wY)qwQgnSkj?Uwf5*XKmg;fxCuu6ISVjZH|T>;6}HN#x?Bm=c`{`I z=rb!Dxx7ldf4>Tlzm4xh9zYvnhl&TPGIFUXbM*W7l9-s7w`=Xu&YqrQj%ikmA@KnI zmRmN6&&xGJdQv(J2FlXiau zFmxb01$X#^*VtHD1@kG^s5#Z(0KOHyC6SyrG#x_z>8p8n3X803bz+j&jalw2!&SB|}2tAL>KMf8R+Pa%KL{Wz~N_>HnAWX#XDs zzp6fSuyC7!^y=1X_T+2oZ;^1fn197+50k0jUeUzSV+0t8^xR6pZg(+eh(IaBA z{I1Ul1^ksPbhY^1mn%=Mytg}4;}*1w@^Zgu(?l!g^?vuzcJqXm&tJ)$`MdE6f93z} z+)Y#I-+FcljDGq=&7*mV5$D{xR%TybuWbSeMK)fDXn{D(GYXBTI;fAvW9M=?b9|rf zDqbnP9=1+8?5-*^PNN)2{FHQj!q9xc-zufIum~to;3|*C2MiP^RLH+!C7*htsm>C6 z+|~kHa6QjY`GJk&@rgd6x;Z$9cKpfkXR;C5LQu-h&*rJckfwSH{s~^x6~Z+Qvl0EC z?@Do%sp1&*#k1-xM>FCw7=%K>ObB~}5bM_c#@5N@B1VXheB0`qM^5 zC*}D4`}xCl$kE($a1OTSJ>?w^8sp=$pWl2ykRLeh_}1T%BF+vD1rJaZNh(7BJlgH! zLY^c$Xb1^+?sP=CFy-cFJd?^Ls4tjdKcD_4L4VO6=n)h;uwVcUoedELC6goh6w zn&K#@YAg7@QP?YuGfQ7pwLpd2kUh{J#1OuWHBcr0-vOb&e`6nYY319@VgJnX#(W=f zd@!sCafn4M*M;Hg%&k}{%W2ly0}P}V^?-6!TdYx&zlquedMkxI&IdR2)b-1)NA{M3 zSnNmXm-9BMBFql`5drOQ#Gl5k&ILKB%u-h!ayEqHppOK1vB&3UrH@bJ-tE(pF*w}r zQaUi@I{Iy&qQL`T^4@-|Sotlg@f~ePMacrZcVzFYq+gdWw;X@9!Olm#Vo-KYUPLf7-<7(C;8F-sv11 zY%bEgb@?wr@~t+?_J8Emm>+%)j-}ZSSqs%AXCpu5QK`oV*uPzd%M`H9S)Z|&}o`}c+Q}gD4+--%!%+~cxR(4iH zrwW5MnRwQj1;P*QfJI_-dDoy*4mhy#pzM=3^D4|KPZ@8@`;{1JM zz`25qQZh27k8TyHTp!BUpe$XlAWIEdAu+w&M}_8z+$56HL37w#-b@1OF`weUY24bf z$^2K&mkUyce$ROR;OPso&Y8ouT+&^o-H%+0JIfS^CdjOUTSos!vlun!h?X3|v(pm*4YtfCAsVGhA3f!29V$Sb5 z?vtM9tX}4Fj$xD_JI^=&p}ty>`PT>Po5MoM{f`~rB#J#;53eti)-;(C$OtGVxV3J( zO*DtpJ#Vvt^-&S5mRX82Z7~f5r1;g74D`bzhuvXch<2}YOl~ns&TF~&_~@Tp56{e@ zhOpkVz)oh!zSq%$7Xhnu;Hy3y7`DYB6Zb*)@FzX^aCHzjr*!mP$qV3%7#u}Ho6=(m zoul(+IQ8)#%tuv_>`|YIUJh3Ctx*d`QT-W`%K0ExX<Rrg0}(@XZ<7xhph4lQP8AD+xQ=Zdogzhu+hAhY)sc2fD9?F59kSJ!RxO6#i%Imu5GN>GK<-+L{jY7|$usqX8HTtOer9RoPgZj^Tzh#Zc z2VZGE4U19TT>*b12EZNg_<*!>t(!NqMGcfSRGrsrvI%=h&Z+0A~8_ zZ8(xjR1n%cSfx4L1 zM^-UxPl;3&wvn9MUF!juvPuxPv`2|$ckVx08oj(rJ zro;ZQU1?m8;5mNrVfA&UwP@7{hl*@#pcMSn^+Sbd(QTy5ULk2=|W1|@6va9 zXEW`7m0So54Q*yggL)3HTEgmP6Bdgl&iUpSY)#j2+rawMKmY8SInnzZ1Yr-Eh0Ikx z8%nvG565=i1vdd5D$?o~^hQxhe_p5{TofT6g-e+MpZvkS7_d@BgoM(_-V1@zf;%*{ z==bb9cs~b^ZS2p_)hR@33Rq(guqgB;cKS=cb(FxL+3R_ZoxTO-&@&@acF%#d%+Yi= zLnD$>K}^d1D7iXn`QPn8rfj4I1E{ZJT#d5fh8|owuSCC1k|hhaKTGo4HruO@_x-pM zjwZH{r(=n8h5{eKKL$$m=+Q280$zvpOb9huS8ljX$|vb8#^cz2T3xg=Wh-KK&O{Yu zhI2~ibV~9hlGBzqgJsvLYsuugLVM9%cq5<`N}Z%;Qs!ux`h}^Nem4qmd!D$Yol)0|Glwc+k`AxCQKJW{WG)X@LAa8ohEV9pbr)gAjD?z1MroKnHDAC8&`bLz0ncCTg(!`{jUY_#G=A4y0r{p_6t{dHI zDYCV)c=0ApbpgMPK>gcv_;~4*q)bd4S)cN2rJuw5;Y){^vZ8&yu9feBlDuU4DsuVq z==0pL1HA_4k1|AYx0D9l;avsUa{Yvi=K2V`k zcs}knU!ocThZ1-zs0he%Gn~Dn98Gi}Z|8+I&rX@Lo4|j@Z90+X&>InGa??nx#XaB_ zKOS6(O4l>Fedf#=)iyWwn{SnG=oT2>g*tmU~anh zN-?k3Pu=E+MV19|cBIv(8D&e{O+YWgVp0a8zPVJE5DCt;Mg*`z8w6#_)>uTU5Hbb{lgtN3dR+&%dUN9xKz`=qjn4wE*$R?aZ?Q>VgmEgo4M%D_4Nwi z&0byN_sv5$&HOjJLS%cMGB6(vxvsOKU*@a&{ftuLRX0VGs!5g248H)SUICT3Hz$U? zM*MRBYJK zi&m{IF6`19-EV+|06EmijtcYG zuqXIV+GiVfh8#Hyzz=I)(m%^F#6?*Jm4=<2<+$qeFCA(Zx2l?&D2KrX_qUMB(9873 z+A+yW=c$XQi{?6XjQv*k?ywV^fiTGFv3s>mEbDD|V%GU4RDxpjCU?lo)RE8`hF)gj z%a@DNO+Ct3%%j^T@g%whyRE^BsPE|lu;on=Txgq{7b(|~`(Ih*BTbPBXNaT)a@~l7 z#Oj1z*IrW_f%Lh+8WUh$&fp^7i zRGCvPC0p%1ENPHM8kMD`3EOm&W(VwBV%jF($|hpI_;Kmv8^7Vcai*hE03%R+es5wM z%b1gwm)FRuN2p+q7QbsIyK47YM_=Q-OPP=`*;>l|_NeKNX?OjnX4j_O2MQ^2HK=E` z@;`B4$lkP6eMh?O&6qe;zbI}j3d~{8uF1wtGoXW7**e`0BQoA|`#m?YP{{wrOooSt z3-npti-8t5vB~M^$fDhL+KCizJ2IyIkY>-GJv)kfWfS-S4I&uGS&vB*3*1?{^SM0J z%N2h`3?MEM@&y(IkUzfW)pM+slKk_yPz_%0LUVWbPl8g`i2~Wg}@m$V(w=GVP6aL_w`=*0uahyFy=XdQ5Sg2{GU^hMro%IlZ4J$E^d(KA zxQqN98GJf~=9)oF#zUD)ZOh!PVJD4$09V6p+SL?X7e8w33Au%GAe0%$*L1sI>cqE~ zY2;g5TTg}CQh?FkX-6vXHnN~qx|gLArF=@Jy+sqWAvfesewa-1b5t@9RLO{fU|p#X zX3EkM7`p4wvhU`Xlp-^K!G0suZ~$(O=6Akerp-{FZ+_jM0ZLe5*>-d@gLrrvsfl3W z)z8YoVI*wm!EW{4C~G??I}M%LfFBz{x_5tz5cmNf@4qlx(rYEsC_MCKs|k2dbL1KN z=U0gD-}Q#hSJ#H|6YHWTUmSp2uny*jj}hn zto+ry19!v-D1H5OajGvRaNfgJ!gT%~wu_Cykt# zjke6F(@ReBoyoq@7V^z3-ZgWjjXatBwrzZ2U1a0(hj(06nO!zLXJ=*tYXTe2SyGmW zdpkM%bV3C|2?wxj&i=Myey^FW6aD=Gw-R86YvtfelR}}s?B5@sL)^Z+ewx2dE!e?? z$w|6RGeiI0Qdy`VU+fQ(U*y%e%4r{F*{Uhox~@e^Q>I8{$CW^xzGM)C^@rsr zFsk@s-DkSb*Z%v*|H`wzV5O|kuriexNreBO>)Kk@tJj7HT=keJ6B6^k1nlC?9qH+a z^Ss-SAl&IX*x&aopL-q*%X1Fn0SgRo`RD7t)}KGK$V&k|GiBO7b6&~|04TuehdcE1 zUIF{k$j?HfM@%9-MIKx^0ip?nkrk6HKitG5j2sTZ>TsX$J_4->ls-ox2@0m25i)kf5h>QyBT*(TN0)NI||-KA9wwSlxuJE8<;Y+o^beS3?$SJ*vYiyx^_+~)%&MuZzT6v5bm%glx` ziJK9e_>n-2hpq<)MLX6v?zAKmUJEKhj7K~q973}Aj&y8i9OlpZ zayg@q)6+;Vj#7h0Q7y~oF%PxH59FALvD4#7^8}vO{6N3zrB;*!5LE9jpQdmQ%@naxVV@T@x>vpmQShQ-m|CI*eFy`5r`fV zluAgeOvEP<$(k+ScXQ(57h0+u%Jav>0WC~A2iJecngrYfX05tiD@%{>V7JnsxK73I z;a`4E{bk$mlcSNpPJkGQR?g6oc26`h_wysfLz4mA4w=f85Q_H{z*0K^vX5+h!W=P! zIDBW@9VC4nu)WRAFTfJPC*DMlJue8W_a<#WcfD_LTcQOq{&Ha-U-mKDno5OQ>ws=4 zIg~!kH|WlO6Dj{d8Gw<%x;CTcL<%c)3cs^_nrO%s#)QSoCh7v%{QkNa?-kAaMu}X@ zv}ZS~tXN$-6_#Zz8IyG{o}pumdZ~s`#BmG`va6Y?DB|03Ve=Rg{nT z`l(8)tBiNXhi%p#Yboiy=>B%1kq&}cm+!5uudGnq&nQJYgBTHv&!7cA1s5i`640KP zkastA`!CK9HnP0^!Bb1x#9e8e`uv=E%e>OiQOPI~xNDm%8BDFM!S(oFzcdml0R72x zwzb%UQ6Zyptx)}3mVW*WT+P3mR|=oY7k@y^Wq?PO0~JOX2Ud>6+q^u;bru&Fmz}3P z#Jq_2zdiel$CzM#{tT6BvzvK%oBMD%rxYcw7AHpN+MIstbL6a= zwWXyZFpPeColZk_-E1AOfntvu_s)nU7DDxS`)>`J*Wb*FW84#!TgTim2B7HfWZeX^ zRP`JkR_4LBW(?YWeeu5Z@=qa9?oP|I-@tcOh~Pllpy|3M{@RdvJ+_pxm&dsc^47by zYw8kLGQtzT`~W4mP`fPclT@DPaYHvjFq4O)fGti?F*rDwv_8HrS96}-gb%0~QsEh= z7@o?jP-?fYla&weQ;6TJoJFH z=dJG#T)%{U1}6qIg!h&FYiVat&&wImk4&R^a3QUN_z&)#nkyf6yr*kTv3WLRmlYknHkaecajXHpdLh?8qh&aX zko#dUltLebY0O`Bi+h2o*NDhQz4iw#C$hV-Y z08O->?TC3^&}k^P1f7>C?zUwx3Ji2qPDfhnkBES{1C!*;NWkB4i6@Z10Zr~wFg=W* zGdS<#u9cEG6k%2L@W0Oo8TI4+&*nJS2OtF4*p?$Qx@o}{Y|!>PDEau-dg{q%=Y2w&~ox{hh8%x|yq0 z>6LhEBTQ{iSImO|v3%}YP2Z*wnLe-f5rMZVKgM0za{MSW0ir_NSz1A3j!39Y0wF=M zY(8Q(R#YWc^HA7lOV%XD%vTX@TzF`9y@Ue;46p>g1VrB&~F zAsc~MXu}Y{y!0t>VoAk4tc+3tj)q{@c*YJLZ9dL$WBkr!*#a9OzR`@r%XFS?x5S+p zGF-neNHFf%&7eqDJkuemk1Z9{@rJG|c%vkep}^T{Y~5J#C%X)d{3%ck1Iz84U_isC z8fBN=-c_oHVP!wOK?bvfCElN*~+h*QPI>52UX2s54oUtaST`bo2eUzC`dSkvIF% zGxd+Cb3KV=>e)JoJlu#7Q+Qnozc)8rYar=0A1%E0iBydyNFwJSE*99k!1v%N=Rz;c z9t%rK=Ej=%_7~P_3D`XM%u}AL_FB*ZUwF9IkLd4Ii;t02tg5cYlBKE&ase6V=N-|M zS}C^^F4%BE#mUCD^Zpm|YyH+Xci~3J#1Vp>k+Bd4Y-4VvAx|$&=W>m0^O(5!Ty~`p ze$J7&-Xz<*xL9=fONeB3u}CjVph3PCKEtoB`)Ix6aro&kA@>udy>!4cvxeaAaqz;0 ztRF$z&SZZ`-senQy=+c3Dd(+hRpmEPC{cef{Xx^VaR&4T&TS*OvE*_*Of}38RqGPV zDDd*BddJ4B_icG_1%d_A{1_w}873bfXrQg4>tC8XCXTRfh-58+?;b`(tUG>-av`>HE%;&I*5hrsw58Ev4DLbDZ0MZUl^YNGH{eA^_kxZCa<$^n9MDv&f9 zDC*BUa=v!Vscm5sQVu`|eE0cW$v4&l(JurO^9NFXu|ua$%N0W}Fd zNL`C3j`_yRaI|DKI1hXsC98koh3KRUEgB|ycRCG;FuC&W*u`Xvdq8iZCgxLG=51YW zvlGHVF*h9)mx~HBtB!CavXRx@h+!IZc*_AQQoyL)>k&0XvcfsNDZM z#nvltE?gkYTxztw_&D%FqFOG@$rS6^YhxVVPVC0~{2u!L{7qP%0KJK-0_BX(_?ih{ zn?C>R<`8C9|CO>^zwnao-`Jk|u zl!p`6$EfqgY6-kWx=@X6VFZF7w4749``3OIsO;6^ivE-lD%V&n zmn|^?iX4?5>`zA|f=vR(WrnMbs)=kbv!-Z*1FMH&z7BD2s9I1AOr~|lY1N9B^FDw<3t`MX31MMwn*!`VL>5g(|KNdN@?gB` zq#Yq>*+NrLfOBjqLVEE-|Ed`j*Boh$rSahX;!4JZ9FlHV$OicJCYi#201AY%hMaw=cmwM~hFD zz~A!{IMbT^AN+2YnP^#+^cas;J7LPN0yU1Ll>}JO#7Jz1*D11BE(=+ZQ8J?CqF;nHy z@GFo5ivnc^tj~HgN)Z}XlRl6Z@kvRm!MeboK&n)EA~om3@0}4fQ=Cm+LY&%1i_oPt zlcc%}ZOeasj5WQmaHb*!j7kyc$!Rv1^zQm7sEE|c2O8mH>jX5u)oBB(`70XD0g2;2 z#n)PUcFl8`U&+?VX(a0RSnGpN_rU*|6)=ElMUC8+dtzU{d?B@6Jzh;({x!J_h^Vpf zXgG5OgFnpmfdJ-9dPZ1>oL(-slhx30W}~flK%PxWWp5;D2`8ltjF5&+P*|&n5zI+S zm`E3b9UE{mwq-n8HZfM1`3dZ#5?N+dC|38}(Sd_TY0x}rH-8Qx49kwL%j3qct??fY zv40_9kg-I9rmC)SfCaXWNem>Q7BXB7rYK?#%}E6Dh~!rrf*lU_Mk`GT!eB)mt(>7B zJK`_9I`J-$Yo~iN_+q+oM7YTX_3f4mTpN{L@OEzoT0ULfzs06+gDal{!=V5kB$D?- z$Lr1~4_f;MK*ml@S+`Uv+Tryzt#Df>zb#9FKSS<=FBHzP7HL((WkdcUy4}F&*Rv%c z;~Q9z14F3$gJEbk3L@X){<8oEr|(~Egf;Yjrq^@~Rs6wVa^MCZwEU(G2Sv&LulM<0`rzi^4;L=!eIU2Ul3_U6_A{ z7dYIR^(9MBLpQG*rKmTLEL1tRRGS7jj6U{AkAO*`kj?9w{?K*%;$vx-8iIQE|P?(8!MIt~l{T;eJ@{)l3_&c=b(Mu{tg&{pbmf(fp-dUw%d%gYQ5uI z<|yI?oasw}N$dOb$WXQ%ZrlE+v?yQB|3-=TQHv_o~g!fiF!yVugj_aGi=LKNib$Zy~+5bQvt^jC+*zJ#Nig)>9w=PKv z2QaglOuQp|W$F|}+c4$H9f{YMlug?{Q8g|Vdy%2YNWfC-4u z7z-HRgsm8HUMq@(CMQ@$&C60fIK0D1Z6$ly!9%YSWTW~$jD|-1$&U|cn1{-CLKn{V z!Gi~1h;_fnpW!bi_P~1N=oE_d+yfyzS2#o#3H0lXLkt=6U?a0}s36-sF0#BE5naK@9a{U~sB3}N8I=7ATSLCreLtu#|I zNmKI1Ejbc`Kot%gkRaSZup?s1s1)voN|cK-RTjhun}wiR{QLJ>CV6cOE79)$?u(_k z1zbrrbajxBR=qZ0IgD`Arn^QclZC-sye}ZYEfBK&Dubnln74wBTq*HT`!8Q^ z?~Z&vF4#B)ZEhHA#Y4+@=BJ&No~HLc=&Zua5aY0EAOeJc_BW14F zh|b@sl8GBtg!2}Gem~+m!D~i_4Q2&o(+i+g1N8wW%{p$mYYs}n9sK7^T$~UOhqhGa z`}1=Vvuhw*jdKY@i7=Ke>piy*k2DFvTLck9@&GeJ^+*Y5cHpY6*?GUe76rCN-ulX9 z+@{+`SQA1g>~F#B-FxYdi6cGTKG*qBTov2^v8iibxB+)%aD4;I)nAyaTbLtrSNDP^ z(WxIexi-`k=t%%=o*5jOnxJb5xh@YcXd7o!uR}ct9=)J6R>wwQYl2%Dw9!p*&YG4$ zHb8%SK3wl?n8yK*rbvr>0a@a6YA|E6J}E3uQ%&#sCPRN2Nnfqx#IPTrwE-DnPQhbkszdeIUdQWU zmm+?W4ep29(DP1u)tr5!1pP-?vk|Rbf5VdBEV+##gG5H<)1(P_-VK`k5Wi)3(obLY znmddYAZMG4-dxf~F8yN3|2ZgQ5GL4Yl3TbG@h7ZIg$FvBol{d;f%707-f+Xr0-}-8 zXrL?X^iEZ;%NpQxnlg`et~NYX1DO`p_io$s$ZluYEGm7hDdNb%f-4x0gvSMqo9W9< z!RF(zZohQf?BMhXQnusC&u(=B#yD0M6(4F;yQ;~0;>6OLESUN*#G1WPhbUw7smX;x zU_kplJHrtC&ZFLrbxG6ENZhadPXp^W9ds?cVn7Y zVRxNE@5gqRlCrm(ZqQJGDOA-pG55M}0lLsI@mnUs` z`Bpi9BrGoyx;;h|8olMn-%^5fNFe=bc0bBoa|)ni*3mUr)l~|xDs#ZP*W?SDhvvM^ zA+N&$Wz}8cI(J~w$n^3#tIo(CPa@IbHmh}B*uY+6FzBH%maTaBk|pWgCL7W^_N^5# z4@I}Ru*5W)gwbQyE}9KiBYJ< zy;q*PVkGj^zZDCl&yGe5W?$3jA}KZ%LI3y{7t=@uCtPn(0%e%D9_48+HUMH*K-E~k zy=f(OY>>4pNc|))GnDFIC+)f6>Ylrp^``EXzj1a+3!+&`$%nTRBPYVAl+A~ zf!mk9UJ@AHPUBNjd;j$~&p*O0#^{#lDzg$j?MX>8*#;H=;`-_4iIQNM z^hhBwF}k+pZm(C9J{8Wtcay+tEQwmYnh+P)06449g)N^c$e9~`5NVmauW+p4b{wIO z)$?ps!GgE+z-zY4Z+Hi_nE~167Q7Q%G4}RZ4sFX?Ck>jJwPI;?+>acBucw0EJf}~e zPK_+`aIP>ENE>og$lG@zu!@~tVJoLK9CMd?<)(@3OExj5QT5q_62>=c1Kv^Vv@M(V zAGdE&6phtBmZv0?{TQR|rA<=^G6>6OYIB+IExoX+Lg(!(>zuDmzist@vO3kfN3G85 zaO@=$&L2Teh5ZBJVm7=>L%|E}bDoixMS~l4KGAsf&=jmvyOAHBSd|mB$b79o6L=uF zr;tj^Z{74H_P9eC$NL9=D-M7NITWV2WI3;@?IAf!4!Dkd-T8MXScVF2=RXyO+4Vb)NA0-y?wU&sVdn!>0_N;khArT>W{B4nU1g0 z*KM|dc`#_?(PQ`c(JXeMCJbU+E4L>lu+wx^;>9FtSZ{8&(=@5cb5-ki; zL`XW0g->$6SUW#CDDF0~-?x_Y*ZZqSHs5!Ro_O|X{7&qlkn7I#gO%zxc;@Ox*D5k? z-X$a`2qY-*Cf?nZesK4YBlCRDD+qxn0d@Vhj=2XpbQa(E+avOa|%cN*Y8w z!dgWHrC*nAg04*eMD62l@K9qyd+OE7%I}SC zvB1Nl$lR*EKKOm@U0@4T9a>;Wdvlk|>*{~A0G1jK1iLxU>Y;W!+cMUfFp1QTb85*l z`Mfe4m@|~nB0g^5N0MevDWJY;_#RU}+oVqt{k~w_E7p)!5q(UrD0S~`iQumvLpZ2= zVe~0YPB{d&!j{n>P+CW|%k(Sb3z1!C9G~z-@V))<;XrKNO=seD)h_3`F*_u^CnhIP zXv|XM6^*nf?rwHc`AY-ss(q6W?k>}3T=IVS08=@x z?Yfgs_7aC08=nmXXtewpCE1q2(UgObC2(jm3m^IP;2AH*vq*9fA8p?OWAwq@u>wYq zqYoGBUC_GrmoBg2q=#%5oAVEHE_W6s6Mjyp@e2~J@T)XTZ-^Plv1 za9DOesh%-AEuFGz5JS^4PhRLqy9r}pRC@XQ?9rL)Bllt)vJW2H3!zlziS}FMfH-1% ze-u(l>m;FLJffS-M12q01Xf|%LL{I{`L}{RYCnbRHk#bsW!HquI(hk=_(>d7%_f1F znb}2Mvf`pCBk5<>z5+BoRdTtEE^d;By4PNS;XIEkT7^UziJ zJ=!{kD6-U-=9e?kV-2r#6cDv{%Pq$^t-JC=}{Lh{$=ox#%Xs}Gu4xaLq4qBtV0tL zGi~^!ybNy|Ek8NPwiGenNET!?>IBH%Ru1v4J%B|O58uTXIubMB$PYs|Hl@%bL8$lP)``4K^z&Ls(aVc`5ECY^=wsyL9RGZiG zO+5HBu9xY5>+55=61N|n76Lb-$W95b)Ke3>g`PEP=S&l!T=nFX*HvWDo+F}OP|07j zE%GpNCYEk&Y;aJ^9*~fcKD7r7@rIX~HtXr6@2C$3UBY-ywe+*{OcM~SvI14_#wlQ>3z?9+g{&i$0(G%F!mYc5KYq4p#Iyi)>Lv)dzXilAA8fMrpU{Ox5~K$NxlWo&7N!ZL>J%; z7hLv0!GT9qU6z!rHh;>^_|epho(iJMmC3DQd7Oj0HGLouQ}+tu_OlPU>hzQPXM?5( z3G7o>(n+1LK-i>Ll58qNi3oaBEJWMMGV7O*&AFXA%(<5|nFS=!% zBe%fX9qI(aqBjFz3#~;A-X$knVICcNeMR$D+<7f1*|}uG$e=EQR64oY>Q3-TOoP`d zZAtf8Bz4jV3kjGd(@atR2VA~PJ)VnoD$3ct8$BLIwO*|{M|y0JS$1BRc%$>?@>a%P zxSJQ&PTN~1EJxZ*D!`pKY0kZdGF2DLjL1GY4-*wLR^yEmRQ7`}zTA#S?(3SAj?$a} zTE7^BI~CiS-G0G_w};^K$wyQBCtP;kpz-}tRVq=eK}?GUpwl-qm-gq^{p2pUACk{n zcqbM>P|SKN#fTm)GXnyA0sGkcRr`a)1sv!?4nxoW`8RG2$N{Em@bFXyKvfu zS9|U7NW7jVw&BOUKy)>$ql^ZS zX{!3fOAA@V^FmMmEWB!da0Q#ADZVZ}u+g@Q zF%Nm%7A=2b@LE9b{7g6+-C_Nq-*)$um-y1cDGtnChgT9coIipr>9ln1y}hFR9ETNmSK1!{&m?8lJ)q^cM>z} zyVcz1rz3BjGYz|bTKuTw6D`|i|4w0tCXe6NrQplpYhMe$u|1iTe{EW6tM?1DfMGr0 zUQgN0y}OJsCwe2q$@-u0zGFU|RYL+$<}PJ?ea;n-^?9q1^zWFg0yRqW?d;$ndk{(5 za*^}0_>!4j%b!H!<;limFMEX{dl7BP2gBybtq>n>-%8Tw-k=^A4y{YtPz9PG2Xe0o zQrYHfgH){>4buDAbr&1Jlg`-%=?<*JHJTQl`alo2OjTc7xUg#qo!nu46qdKv_)h+( zOdHmMK+i;N>lLlXBZtC#gS87*wDy0g|M#zC^HcO;0!#-_j2~ z497j;%OWmto#)|=Q2hg_Dj1nG`rx&+8IAyS7+#}3#!~|+Hmso)yNY?`*JAG2D)?jS zuw;8fM!FIP1_p1y4d~PKCB;MdP2Du5fZoc;R*s^no2qmR%9*s~1JU%LGfuspuXj(- zqFnEr-g_!6`=XV3Se_lS{Z=$pvpxr%V#h&%7acU7K> z{Qf{bIC8(yG-2I=^HG4o_h0UG@tIF$+^)+i=Idx;(uAyjIS*M6L}uDxW4K>T3qtx0 zk|zSPRD!vhMGaKlB{+_K^+|e;vKD$VWR4p4lCt?T497H04Tz%M4SpT@Yq@m^tqD0A z643ncGe_pOaqv*LnuSxq+y=JAO4w0Z!#Qtaj%MJZ`rb#`Bk*uu&@~_ksix?%1ExI5 z351!oJ#?8UeM7^q*XBl1$DITG?hmk`P!m#tq#9P!QhOCfbuNG6Imf}8M@wJ5v;4V6 z?raLCM`!ieA^;6FD}Hkpo@^}0otDg#(E6vbm2C>|EAGE3EPH3Ad;b^pBR?Kv!~%(~ zAJC+lwvvllx!P26OKUgO*s)gh8=u411W4DxJycjLAW0uOSnwK;VW16yf$vq&KzpbV z5a)aQa`Ob5e=me!N7nXEDJUuLYw{TN;p7B})X$~Ts%H(ku7&Fx4N`Yr?BEjqhnZW+ z?E#AY?_&$Lx4TO?%z<;Q0_ap9im{kiJzGnDS1x*ZBEHYisa)?us@{bwKR+aA=;x z1p7Jyw)yI6m~Gih&uYf=JTbAcJtThJf-KK^5S%PUwAl9?5L$>8cAJ?+Ek+Ru*GovPgY`{qvf zYTC^RT5oRQ+ezIyt4b<@!ZVCOS*T1mx-8W6*bY|}I8{II_23vG;j!(moORa1FCEKY zfo8HzJ}B?Nw$$486b2s>J)EbR&hzB-@BuXFeZK=d$d8l4R9P$Xg+`&gbxgY#0p@{l z!+Uwv)udUrGMwtB8cyjurQI;)lQa;R>bx7es-NGBmCVxLwA`%Vs;OWPP96hiZcvYc-DJ%qDF7=-tRk6iF zH&Enr5u?biE+$(MRfWM9vc(QpkX&*!qo7{3ymB_}->qFS{r&drU zEW0>ht3!aBJ67Y^%!sdkC3NFh1udOZpT5ib-czF$YUh4-dKmc|Ki-u);_GH_zd!D_ z_@Y@4qx2n6^QZ)1nl2nVlkEka!i*{^Dq!FkF+V*hzA>!y{@nXfd}LB(B5%yme>CFZ z)TVA1)lcn#`UJ1}KsT^~BfTCDWwLO`Mri1o^Drw&?hjO43pxA#KVb(s&W>RF~a^bip7JhJ7pt?b+3(PWJ zPrF+a=O=WudA@Z2K4i1*G*Gl(fbgk362^2%lc(PN%DVRQlT}+zP?;8A_Pt5O=w+hK zCXw>(94tTGd+@2>A>Z_#ps2+0|d^DjAOw>>^2rghG#|2QNM)o5A^*Dg~Y ze#U3$)xqm9&ATUCi_crPre)#cfY27s2K-Q&WUj@I_H+A&TgFSSLVeOh9UEAv2p